Marcus Updateinfo to OVAL Converter 5.5 2026-04-15T05:16:55 Security update for opera (Important) openSUSE Leap 15.6 NonFree Opera was updated to fix the following issues: Update to 109.0.5097.45 * CHR-9416 Updating Chromium on desktop-stable-* branches * DNA-114737 [Search box] It's getting blurred when click on it, also lower corners are not rounded sometimes * DNA-115042 '+' button is not responsive when 30+ tabs opened * DNA-115326 Wrong fonts and padding after intake * DNA-115392 [Badges] Text displayed in red * DNA-115501 'Review your payment' native popup has wrong colors * DNA-115809 Enable #show-duplicate-indicator-on-link on all streams Update to 109.0.5097.38 * CHR-9695 Update Chromium on desktop-stable-123-5097 to 123.0.6312.87 * DNA-115156 [Login and Password suggestion] Suggestions are bolded and highlight doesn`t fill all area * DNA-115313 No video playback on skyshowtime.com * DNA-115639 [Version 109][Detached window] Missing functions names in light mode * DNA-115812 Enable #startpage-opening-animation on all streams * DNA-115836 Lucid mode visual issues on H264 videos - The update to chromium 109.0.5097.38 fixes following issues: CVE-2024-2883, CVE-2024-2885, CVE-2024-2886, CVE-2024-2887 Update to 109.0.5097.33 * CHR-9674 Update Chromium on desktop-stable-123-5097 to 123.0.6312.46 * DNA-115357 [Settings] Search toolbar has wrong position * DNA-115396 Bolded camera icon when camera access is allowed * DNA-115478 AI Prompts in text highlight popup not displayed properly * DNA-115563 Wallet selector not working * DNA-115601 Remove 'moving text' animation in the tab cycler * DNA-115645 Internal pages icons unreadable when highlight * DNA-115717 'Your extension was disabled because it is corrupted' message is displayed to user * DNA-115770 Promote 109 to stable - Complete Opera 109 changelog at: https://blogs.opera.com/desktop/changelog-for-109/ Important CVE-2024-2883 at SUSE CVE-2024-2883 at NVD CVE-2024-2885 at SUSE CVE-2024-2885 at NVD CVE-2024-2886 at SUSE CVE-2024-2886 at NVD CVE-2024-2887 at SUSE CVE-2024-2887 at NVD Security update for libhtp (Moderate) openSUSE Leap 15.6 This update for libhtp fixes the following issues: - CVE-2024-23837: excessive processing time of HTTP headers can lead to denial of service (boo#1220403) Moderate SUSE bug 1220403 CVE-2024-23837 at SUSE CVE-2024-23837 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: Chromium 125.0.6422.141 (boo#1225690) * CVE-2024-5493: Heap buffer overflow in WebRTC * CVE-2024-5494: Use after free in Dawn * CVE-2024-5495: Use after free in Dawn * CVE-2024-5496: Use after free in Media Session * CVE-2024-5497: Out of bounds memory access in Keyboard Inputs * CVE-2024-5498: Use after free in Presentation API * CVE-2024-5499: Out of bounds write in Streams API Important SUSE bug 1225690 CVE-2024-5493 at SUSE CVE-2024-5493 at NVD CVE-2024-5494 at SUSE CVE-2024-5494 at NVD CVE-2024-5495 at SUSE CVE-2024-5495 at NVD CVE-2024-5496 at SUSE CVE-2024-5496 at NVD CVE-2024-5497 at SUSE CVE-2024-5497 at NVD CVE-2024-5498 at SUSE CVE-2024-5498 at NVD CVE-2024-5499 at SUSE CVE-2024-5499 at NVD cpe:/o:opensuse:leap:15.6 Security update for opera (Important) openSUSE Leap 15.6 NonFree This update for opera fixes the following issues: Update to 110.0.5130.64 * CHR-9748 Update Chromium on desktop-stable-124-5130 to 124.0.6367.243 * DNA-116317 Create outline or shadow around emojis on tab strip * DNA-116320 Create animation for emoji disappearing from tab strip * DNA-116564 Assign custom emoji from emoji picker * DNA-116690 Make chrome://emoji-picker attachable by webdriver * DNA-116732 Introduce stat event for setting / unsetting emoji on a tab * DNA-116753 Emoji picker does not follow browser theme * DNA-116755 Record tab emojis added / removed * DNA-116777 Enable #tab-art on all streams Update to 110.0.5130.49 * CHR-9416 Updating Chromium on desktop-stable-* branches * DNA-116706 [gpu-crash] Crash at SkGpuShaderImageFilter:: onFilterImage(skif::Context const&) Update to 110.0.5130.39 * DNA-115603 [Rich Hints] Pass trigger source to the Rich Hint * DNA-116680 Import 0-day fix for CVE-2024-5274 Update to 110.0.5130.35 * CHR-9721 Update Chromium on desktop-stable-124-5130 to 124.0.6367.202 * DNA-114787 Crash at views::View::DoRemoveChildView(views:: View*, bool, bool, views::View*) * DNA-115640 Tab island is not properly displayed after drag&drop in light theme * DNA-116191 Fix link in RTV Euro CoS * DNA-116218 Crash at SkGpuShaderImageFilter::onFilterImage (skif::Context const&) * DNA-116241 Update affiliation link for media expert 'Continue On' * DNA-116256 Crash at TabHoverCardController::UpdateHoverCard (opera::TabDataView*, TabHoverCardController::UpdateType, bool) * DNA-116270 Show 'Suggestions' inside expanding Speed Dial field * DNA-116474 Implement the no dynamic hover approach * DNA-116493 Make sure that additional elements like (Sync your browser) etc. doesn’t shift content down on page * DNA-116515 Import 0-day fix from Chromium '[wasm-gc] Only normalize JSObject targets in SetOrCopyDataProperties' * DNA-116543 Twitter migrate to x.com * DNA-116552 Change max width of the banner * DNA-116569 Twitter in Panel loading for the first time opens two Tabs automatically * DNA-116587 Translate settings strings for every language The update to chromium 124.0.6367.202 fixes following issues: CVE-2024-4671 Update to 110.0.5130.23 * CHR-9706 Update Chromium on desktop-stable-124-5130 to 124.0.6367.62 * DNA-116450 Promote 110 to stable - Complete Opera 110 changelog at: https://blogs.opera.com/desktop/changelog-for-110/ - The update to chromium 124.0.6367.62 fixes following issues: CVE-2024-3832, CVE-2024-3833, CVE-2024-3914, CVE-2024-3834, CVE-2024-3837, CVE-2024-3838, CVE-2024-3839, CVE-2024-3840, CVE-2024-3841, CVE-2024-3843, CVE-2024-3844, CVE-2024-3845, CVE-2024-3846, CVE-2024-3847 - Update to 109.0.5097.80 * DNA-115738 Crash at extensions::ExtensionRegistry:: GetExtensionById(std::__Cr::basic_string const&, int) * DNA-115797 [Flow] Never ending loading while connecting to flow * DNA-116315 Chat GPT in Sidebar Panel doesn’t work - Update to 109.0.5097.59 * CHR-9416 Updating Chromium on desktop-stable-* branches * DNA-115810 Enable #drag-multiple-tabs on all streams Important CVE-2024-3832 at SUSE CVE-2024-3832 at NVD CVE-2024-3833 at SUSE CVE-2024-3833 at NVD CVE-2024-3834 at SUSE CVE-2024-3834 at NVD CVE-2024-3837 at SUSE CVE-2024-3837 at NVD CVE-2024-3838 at SUSE CVE-2024-3838 at NVD CVE-2024-3839 at SUSE CVE-2024-3839 at NVD CVE-2024-3840 at SUSE CVE-2024-3840 at NVD CVE-2024-3841 at SUSE CVE-2024-3841 at NVD CVE-2024-3843 at SUSE CVE-2024-3843 at NVD CVE-2024-3844 at SUSE CVE-2024-3844 at NVD CVE-2024-3845 at SUSE CVE-2024-3845 at NVD CVE-2024-3846 at SUSE CVE-2024-3846 at NVD CVE-2024-3847 at SUSE CVE-2024-3847 at NVD CVE-2024-3914 at SUSE CVE-2024-3914 at NVD CVE-2024-4671 at SUSE CVE-2024-4671 at NVD CVE-2024-5274 at SUSE CVE-2024-5274 at NVD Security update for nano (Important) openSUSE Leap 15.6 This update for nano fixes the following issues: - CVE-2024-5742: Avoid privilege escalations via symlink attacks on emergency save file (boo#1226099) Important SUSE bug 1226099 CVE-2024-5742 at SUSE CVE-2024-5742 at NVD cpe:/o:opensuse:leap:15.6 Security update for plasma5-workspace (Moderate) openSUSE Leap 15.6 plasma5-workspace was updated to fix the following issue: - Fixed ksmserver authentication (CVE-2024-36041, boo#1225774). - Fixed a regression introduced by the preceding change (kde#487912, boo#1226110): Moderate SUSE bug 1225774 SUSE bug 1226110 SUSE bug 487912 CVE-2024-36041 at SUSE CVE-2024-36041 at NVD cpe:/o:opensuse:leap:15.6 Security update for gdcm (Important) openSUSE Leap 15.6 This update for gdcm fixes the following issues: - CVE-2024-22373: Fixed out-of-bounds write vulnerability in JPEG2000Codec::DecodeByStreamsCommon (boo#1223398). Important SUSE bug 1223398 CVE-2024-22373 at SUSE CVE-2024-22373 at NVD cpe:/o:opensuse:leap:15.6 Security update for sngrep (Moderate) openSUSE Leap 15.6 This update for sngrep fixes the following issues: - CVE-2024-35434: heap buffer overflow in rtp_check_packet Moderate SUSE bug 1225638 CVE-2024-35434 at SUSE CVE-2024-35434 at NVD cpe:/o:opensuse:leap:15.6 Security update for keybase-client (Moderate) openSUSE Leap 15.6 This update for keybase-client fixes the following issues: Update to version 6.2.8 * Update client CA * Fix incomplete locking in config file handling. - Update the Image dependency to address CVE-2023-29408 / boo#1213928. This is done via the new update-image-tiff.patch. - Limit parallel test execution as that seems to cause failing builds on OBS that don't occur locally. - Integrate KBFS packages previously build via own source package * Upstream integrated these into the same source. * Also includes adding kbfs-related patches ensure-mount-dir-exists.patch and ensure-service-stop-unmounts-filesystem.patch. - Upgrade Go version used for compilation to 1.19. - Use Systemd unit file from upstream source. Moderate SUSE bug 1213928 CVE-2023-29408 at SUSE CVE-2023-29408 at NVD cpe:/o:opensuse:leap:15.6 Security update for obs-service-download_url (Moderate) openSUSE Leap 15.6 This update for obs-service-download_url fixes the following issues: Update to version 0.2.1: * CVE-2024-22033: fixed argument parsing option injection (boo#1227203) Moderate SUSE bug 1227203 CVE-2024-22033 at SUSE CVE-2024-22033 at NVD cpe:/o:opensuse:leap:15.6 Security update for Botan (Moderate) openSUSE Leap 15.6 This update for Botan fixes the following issues: Update to 2.19.5: * Fix multiple Denial of service attacks due to X.509 cert processing: * CVE-2024-34702 - boo#1227238 * CVE-2024-34703 - boo#1227607 * CVE-2024-39312 - boo#1227608 * Fix a crash in OCB * Fix a test failure in compression with certain versions of zlib * Fix some iterator debugging errors in TLS CBC decryption. * Avoid a miscompilation in ARIA when using XCode 14 Moderate SUSE bug 1227238 SUSE bug 1227607 SUSE bug 1227608 CVE-2024-34702 at SUSE CVE-2024-34702 at NVD CVE-2024-34703 at SUSE CVE-2024-34703 at NVD CVE-2024-39312 at SUSE CVE-2024-39312 at NVD cpe:/o:opensuse:leap:15.6 Security update for znc (Critical) openSUSE Leap 15.6 This update for znc fixes the following issues: Update to 1.9.1 (boo#1227393, CVE-2024-39844) * This is a security release to fix CVE-2024-39844: remote code execution vulnerability in modtcl. To mitigate this for existing installations, simply unload the modtcl module for every user, if it's loaded. Note that only users with admin rights can load modtcl at all. * Improve tooltips in webadmin. Critical SUSE bug 1227393 CVE-2024-39844 at SUSE CVE-2024-39844 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: Chromium 126.0.6478.126 (boo#1226504, boo#1226205, boo#1226933) * CVE-2024-6290: Use after free in Dawn * CVE-2024-6291: Use after free in Swiftshader * CVE-2024-6292: Use after free in Dawn * CVE-2024-6293: Use after free in Dawn * CVE-2024-6100: Type Confusion in V8 * CVE-2024-6101: Inappropriate implementation in WebAssembly * CVE-2024-6102: Out of bounds memory access in Dawn * CVE-2024-6103: Use after free in Dawn * CVE-2024-5830: Type Confusion in V8 * CVE-2024-5831: Use after free in Dawn * CVE-2024-5832: Use after free in Dawn * CVE-2024-5833: Type Confusion in V8 * CVE-2024-5834: Inappropriate implementation in Dawn * CVE-2024-5835: Heap buffer overflow in Tab Groups * CVE-2024-5836: Inappropriate Implementation in DevTools * CVE-2024-5837: Type Confusion in V8 * CVE-2024-5838: Type Confusion in V8 * CVE-2024-5839: Inappropriate Implementation in Memory Allocator * CVE-2024-5840: Policy Bypass in CORS * CVE-2024-5841: Use after free in V8 * CVE-2024-5842: Use after free in Browser UI * CVE-2024-5843: Inappropriate implementation in Downloads * CVE-2024-5844: Heap buffer overflow in Tab Strip * CVE-2024-5845: Use after free in Audio * CVE-2024-5846: Use after free in PDFium * CVE-2024-5847: Use after free in PDFium - Amend fix_building_widevinecdm_with_chromium.patch to allow Widevine on ARM64 (boo#1226170) Important SUSE bug 1226170 SUSE bug 1226205 SUSE bug 1226504 SUSE bug 1226933 CVE-2024-5830 at SUSE CVE-2024-5830 at NVD CVE-2024-5831 at SUSE CVE-2024-5831 at NVD CVE-2024-5832 at SUSE CVE-2024-5832 at NVD CVE-2024-5833 at SUSE CVE-2024-5833 at NVD CVE-2024-5834 at SUSE CVE-2024-5834 at NVD CVE-2024-5835 at SUSE CVE-2024-5835 at NVD CVE-2024-5836 at SUSE CVE-2024-5836 at NVD CVE-2024-5837 at SUSE CVE-2024-5837 at NVD CVE-2024-5838 at SUSE CVE-2024-5838 at NVD CVE-2024-5839 at SUSE CVE-2024-5839 at NVD CVE-2024-5840 at SUSE CVE-2024-5840 at NVD CVE-2024-5841 at SUSE CVE-2024-5841 at NVD CVE-2024-5842 at SUSE CVE-2024-5842 at NVD CVE-2024-5843 at SUSE CVE-2024-5843 at NVD CVE-2024-5844 at SUSE CVE-2024-5844 at NVD CVE-2024-5845 at SUSE CVE-2024-5845 at NVD CVE-2024-5846 at SUSE CVE-2024-5846 at NVD CVE-2024-5847 at SUSE CVE-2024-5847 at NVD CVE-2024-6100 at SUSE CVE-2024-6100 at NVD CVE-2024-6101 at SUSE CVE-2024-6101 at NVD CVE-2024-6102 at SUSE CVE-2024-6102 at NVD CVE-2024-6103 at SUSE CVE-2024-6103 at NVD CVE-2024-6290 at SUSE CVE-2024-6290 at NVD CVE-2024-6291 at SUSE CVE-2024-6291 at NVD CVE-2024-6292 at SUSE CVE-2024-6292 at NVD CVE-2024-6293 at SUSE CVE-2024-6293 at NVD cpe:/o:opensuse:leap:15.6 Security update for cockpit (Moderate) openSUSE Leap 15.6 This update for cockpit fixes the following issues: - new version 320: * pam-ssh-add: Fix insecure killing of session ssh-agent (boo#1226040, CVE-2024-6126) - changes in older versions: * Storage: Btrfs snapshots * Podman: Add image pull action * Files: Bookmark support * webserver: System user changes * Metrics: Grafana setup now prefers Valkey - Invalid json against the storaged manifest boo#1227299 Moderate SUSE bug 1226040 SUSE bug 1227299 CVE-2024-6126 at SUSE CVE-2024-6126 at NVD cpe:/o:opensuse:leap:15.6 Security update for global (Important) openSUSE Leap 15.6 This update for global fixes the following issues: - CVE-2024-38448: htags may allow code execution via untrusted dbpath (boo#1226420) Important SUSE bug 1226420 CVE-2024-38448 at SUSE CVE-2024-38448 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: Chromium 126.0.6478.182 (boo#1227979): - CVE-2024-6772: Inappropriate implementation in V8 - CVE-2024-6773: Type Confusion in V8 - CVE-2024-6774: Use after free in Screen Capture - CVE-2024-6775: Use after free in Media Stream - CVE-2024-6776: Use after free in Audio - CVE-2024-6777: Use after free in Navigation - CVE-2024-6778: Race in DevTools - CVE-2024-6779: Out of bounds memory access in V8 Important SUSE bug 1227979 CVE-2024-6772 at SUSE CVE-2024-6772 at NVD CVE-2024-6773 at SUSE CVE-2024-6773 at NVD CVE-2024-6774 at SUSE CVE-2024-6774 at NVD CVE-2024-6775 at SUSE CVE-2024-6775 at NVD CVE-2024-6776 at SUSE CVE-2024-6776 at NVD CVE-2024-6777 at SUSE CVE-2024-6777 at NVD CVE-2024-6778 at SUSE CVE-2024-6778 at NVD CVE-2024-6779 at SUSE CVE-2024-6779 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-sentry-sdk (Moderate) openSUSE Leap 15.6 This update for python-sentry-sdk fixes the following issues: - CVE-2024-40647: Do not leak environment variables to child processes. (bsc#1228128) Moderate SUSE bug 1228128 CVE-2024-40647 at SUSE CVE-2024-40647 at NVD cpe:/o:opensuse:leap:15.6 Security update for caddy (Moderate) openSUSE Leap 15.6 This update for caddy fixes the following issues: - Update to version 2.8.4: * cmd: fix regression in auto-detect of Caddyfile (#6362) * Tag v2.8.3 was mistakenly made on the v2.8.2 commit and is skipped - Update to version 2.8.2: * cmd: fix auto-detetction of .caddyfile extension (#6356) * caddyhttp: properly sanitize requests for root path (#6360) * caddytls: Implement certmagic.RenewalInfoGetter * build(deps): bump golangci/golangci-lint-action from 5 to 6 (#6361) - Update to version 2.8.1: * caddyhttp: Fix merging consecutive `client_ip` or `remote_ip` matchers (#6350) * core: MkdirAll appDataDir in InstanceID with 0o700 (#6340) - Update to version 2.8.0: * acmeserver: Add `sign_with_root` for Caddyfile (#6345) * caddyfile: Reject global request matchers earlier (#6339) * core: Fix bug in AppIfConfigured (fix #6336) * fix a typo (#6333) * autohttps: Move log WARN to INFO, reduce confusion (#6185) * reverseproxy: Support HTTP/3 transport to backend (#6312) * context: AppIfConfigured returns error; consider not-yet-provisioned modules (#6292) * Fix lint error about deprecated method in smallstep/certificates/authority * go.mod: Upgrade dependencies * caddytls: fix permission requirement with AutomationPolicy (#6328) * caddytls: remove ClientHelloSNICtxKey (#6326) * caddyhttp: Trace individual middleware handlers (#6313) * templates: Add `pathEscape` template function and use it in file browser (#6278) * caddytls: set server name in context (#6324) * chore: downgrade minimum Go version in go.mod (#6318) * caddytest: normalize the JSON config (#6316) * caddyhttp: New experimental handler for intercepting responses (#6232) * httpcaddyfile: Set challenge ports when http_port or https_port are used * logging: Add support for additional logger filters other than hostname (#6082) * caddyhttp: Log 4xx as INFO; 5xx as ERROR (close #6106) * Second half of 6dce493 * caddyhttp: Alter log message when request is unhandled (close #5182) * chore: Bump Go version in CI (#6310) * go.mod: go 1.22.3 * Fix typos (#6311) * reverseproxy: Pointer to struct when loading modules; remove LazyCertPool (#6307) * tracing: add trace_id var (`http.vars.trace_id` placeholder) (#6308) * go.mod: CertMagic v0.21.0 * reverseproxy: Implement health_follow_redirects (#6302) * caddypki: Allow use of root CA without a key. Fixes #6290 (#6298) * go.mod: Upgrade to quic-go v0.43.1 * reverseproxy: HTTP transport: fix PROXY protocol initialization (#6301) * caddytls: Ability to drop connections (close #6294) * build(deps): bump golangci/golangci-lint-action from 4 to 5 (#6289) * httpcaddyfile: Fix expression matcher shortcut in snippets (#6288) * caddytls: Evict internal certs from cache based on issuer (#6266) * chore: add warn logs when using deprecated fields (#6276) * caddyhttp: Fix linter warning about deprecation * go.mod: Upgrade to quic-go v0.43.0 * fileserver: Set 'Vary: Accept-Encoding' header (see #5849) * events: Add debug log * reverseproxy: handle buffered data during hijack (#6274) * ci: remove `android` and `plan9` from cross-build workflow (#6268) * run `golangci-lint run --fix --fast` (#6270) * caddytls: Option to configure certificate lifetime (#6253) * replacer: Implement `file.*` global replacements (#5463) * caddyhttp: Address some Go 1.20 features (#6252) * Quell linter (false positive) * reverse_proxy: Add grace_period for SRV upstreams to Caddyfile (#6264) * doc: add `verifier` in `ClientAuthentication` caddyfile marshaler doc (#6263) * caddytls: Add Caddyfile support for on-demand permission module (close #6260) * reverseproxy: Remove long-deprecated buffering properties * reverseproxy: Reuse buffered request body even if partially drained * reverseproxy: Accept EOF when buffering * logging: Fix default access logger (#6251) * fileserver: Improve Vary handling (#5849) * cmd: Only validate config is proper JSON if config slice has data (#6250) * staticresp: Use the evaluated response body for sniffing JSON content-type (#6249) * encode: Slight fix for the previous commit * encode: Improve Etag handling (fix #5849) * httpcaddyfile: Skip automate loader if disable_certs is specified (fix #6148) * caddyfile: Populate regexp matcher names by default (#6145) * caddyhttp: record num. bytes read when response writer is hijacked (#6173) * caddyhttp: Support multiple logger names per host (#6088) * chore: fix some typos in comments (#6243) * encode: Configurable compression level for zstd (#6140) * caddytls: Remove shim code supporting deprecated lego-dns (#6231) * connection policy: add `local_ip` matcher (#6074) * reverseproxy: Wait for both ends of websocket to close (#6175) * caddytls: Upgrade ACMEz to v2; support ZeroSSL API; various fixes (#6229) * caddytls: Still provision permission module if ask is specified * fileserver: read etags from precomputed files (#6222) * fileserver: Escape # and ? in img src (fix #6237) * reverseproxy: Implement modular CA provider for TLS transport (#6065) * caddyhttp: Apply auto HTTPS redir to all interfaces (fix #6226) * cmd: Fix panic related to config filename (fix #5919) * cmd: Assume Caddyfile based on filename prefix and suffix (#5919) * admin: Make `Etag` a header, not a trailer (#6208) * caddyhttp: remove duplicate strings.Count in path matcher (fixes #6233) (#6234) * caddyconfig: Use empty struct instead of bool in map (close #6224) (#6227) * gitignore: Add rule for caddyfile.go (#6225) * chore: Fix broken links in README.md (#6223) * chore: Upgrade some dependencies (#6221) * caddyhttp: Add plaintext response to `file_server browse` (#6093) * admin: Use xxhash for etag (#6207) * modules: fix some typo in conments (#6206) * caddyhttp: Replace sensitive headers with REDACTED (close #5669) * caddyhttp: close quic connections when server closes (#6202) * reverseproxy: Use xxhash instead of fnv32 for LB (#6203) * caddyhttp: add http.request.local{,.host,.port} placeholder (#6182) * chore: upgrade deps (#6198) * chore: remove repetitive word (#6193) * Added a null check to avoid segfault on rewrite query ops (#6191) * rewrite: `uri query` replace operation (#6165) * logging: support `ms` duration format and add docs (#6187) * replacer: use RWMutex to protect static provider (#6184) * caddyhttp: Allow `header` replacement with empty string (#6163) * vars: Make nil values act as empty string instead of `'<nil>'` (#6174) * chore: Update quic-go to v0.42.0 (#6176) * caddyhttp: Accept XFF header values with ports, when parsing client IP (#6183) * reverseproxy: configurable active health_passes and health_fails (#6154) * reverseproxy: Configurable forward proxy URL (#6114) * caddyhttp: upgrade to cel v0.20.0 (#6161) * chore: Bump Chroma to v2.13.0, includes new Caddyfile lexer (#6169) * caddyhttp: suppress flushing if the response is being buffered (#6150) * chore: encode: use FlushError instead of Flush (#6168) * encode: write status immediately when status code is informational (#6164) * httpcaddyfile: Keep deprecated `skip_log` in directive order (#6153) * httpcaddyfile: Add `RegisterDirectiveOrder` function for plugin authors (#5865) * rewrite: Implement `uri query` operations (#6120) * fix struct names (#6151) * fileserver: Preserve query during canonicalization redirect (#6109) * logging: Implement `log_append` handler (#6066) * httpcaddyfile: Allow nameless regexp placeholder shorthand (#6113) * logging: Implement `append` encoder, allow flatter filters config (#6069) * ci: fix the integration test `TestLeafCertLoaders` (#6149) * vars: Allow overriding `http.auth.user.id` in replacer as a special case (#6108) * caddytls: clientauth: leaf verifier: make trusted leaf certs source pluggable (#6050) * cmd: Adjust config load logs/errors (#6032) * reverseproxy: SRV dynamic upstream failover (#5832) * ci: bump golangci/golangci-lint-action from 3 to 4 (#6141) * core: OnExit hooks (#6128) * cmd: fix the output of the `Usage` section (#6138) * caddytls: verifier: caddyfile: re-add Caddyfile support (#6127) * acmeserver: add policy field to define allow/deny rules (#5796) * reverseproxy: cookie should be Secure and SameSite=None when TLS (#6115) * caddytest: Rename adapt tests to `*.caddyfiletest` extension (#6119) * tests: uses testing.TB interface for helper to be able to use test server in benchmarks. (#6103) * caddyfile: Assert having a space after heredoc marker to simply check (#6117) * chore: Update Chroma to get the new Caddyfile lexer (#6118) * reverseproxy: use context.WithoutCancel (#6116) * caddyfile: Reject directives in the place of site addresses (#6104) * caddyhttp: Register post-shutdown callbacks (#5948) * caddyhttp: Only attempt to enable full duplex for HTTP/1.x (#6102) * caddyauth: Drop support for `scrypt` (#6091) * Revert 'caddyfile: Reject long heredoc markers (#6098)' (#6100) * caddyauth: Rename `basicauth` to `basic_auth` (#6092) * logging: Inline Caddyfile syntax for `ip_mask` filter (#6094) * caddyfile: Reject long heredoc markers (#6098) * chore: Rename CI jobs, run on M1 mac (#6089) * update comment * improved list * fix: add back text/* * fix: add more media types to the compressed by default list * acmeserver: support specifying the allowed challenge types (#5794) * matchers: Drop `forwarded` option from `remote_ip` matcher (#6085) * caddyhttp: Test cases for `%2F` and `%252F` (#6084) * bump to golang 1.22 (#6083) * fileserver: Browse can show symlink target if enabled (#5973) * core: Support NO_COLOR env var to disable log coloring (#6078) * build(deps): bump peter-evans/repository-dispatch from 2 to 3 (#6080) * Update comment in setcap helper script * caddytls: Make on-demand 'ask' permission modular (#6055) * core: Add `ctx.Slogger()` which returns an `slog` logger (#5945) * chore: Update quic-go to v0.41.0, bump Go minimum to 1.21 (#6043) * chore: enabling a few more linters (#5961) * caddyfile: Correctly close the heredoc when the closing marker appears immediately (#6062) * caddyfile: Switch to slices.Equal for better performance (#6061) * tls: modularize trusted CA providers (#5784) * logging: Automatic `wrap` default for `filter` encoder (#5980) * caddyhttp: Fix panic when request missing ClientIPVarKey (#6040) * caddyfile: Normalize & flatten all unmarshalers (#6037) * cmd: reverseproxy: log: use caddy logger (#6042) * matchers: `query` now ANDs multiple keys (#6054) * caddyfile: Add heredoc support to `fmt` command (#6056) * refactor: move automaxprocs init in caddycmd.Main() * caddyfile: Allow heredoc blank lines (#6051) * httpcaddyfile: Add optional status code argument to `handle_errors` directive (#5965) * httpcaddyfile: Rewrite `root` and `rewrite` parsing to allow omitting matcher (#5844) * fileserver: Implement caddyfile.Unmarshaler interface (#5850) * reverseproxy: Add `tls_curves` option to HTTP transport (#5851) * caddyhttp: Security enhancements for client IP parsing (#5805) * replacer: Fix escaped closing braces (#5995) * filesystem: Globally declared filesystems, `fs` directive (#5833) * ci/cd: use the build tag `nobadger` to exclude badgerdb (#6031) * httpcaddyfile: Fix redir <to> html (#6001) * httpcaddyfile: Support client auth verifiers (#6022) * tls: add reuse_private_keys (#6025) * reverseproxy: Only change Content-Length when full request is buffered (#5830) * Switch Solaris-derivatives away from listen_unix (#6021) * build(deps): bump actions/upload-artifact from 3 to 4 (#6013) * build(deps): bump actions/setup-go from 4 to 5 (#6012) * chore: check against errors of `io/fs` instead of `os` (#6011) * caddyhttp: support unix sockets in `caddy respond` command (#6010) * fileserver: Add total file size to directory listing (#6003) * httpcaddyfile: Fix cert file decoding to load multiple PEM in one file (#5997) * build(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#5994) * cmd: use automaxprocs for better perf in containers (#5711) * logging: Add `zap.Option` support (#5944) * httpcaddyfile: Sort skip_hosts for deterministic JSON (#5990) * metrics: Record request metrics on HTTP errors (#5979) * go.mod: Updated quic-go to v0.40.1 (#5983) * fileserver: Enable compression for command by default (#5855) * fileserver: New --precompressed flag (#5880) * caddyhttp: Add `uuid` to access logs when used (#5859) * proxyprotocol: use github.com/pires/go-proxyproto (#5915) * cmd: Preserve LastModified date when exporting storage (#5968) * core: Always make AppDataDir for InstanceID (#5976) * chore: cross-build for AIX (#5971) * caddytls: Sync distributed storage cleaning (#5940) * caddytls: Context to DecisionFunc (#5923) * tls: accept placeholders in string values of certificate loaders (#5963) * templates: Offically make templates extensible (#5939) * http2 uses new round-robin scheduler (#5946) * panic when reading from backend failed to propagate stream error (#5952) * chore: Bump otel to v1.21.0. (#5949) * httpredirectlistener: Only set read limit for when request is HTTP (#5917) * fileserver: Add .m4v for browse template icon * Revert 'caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)' (#5924) * go.mod: update quic-go version to v0.40.0 (#5922) * update quic-go to v0.39.3 (#5918) * chore: Fix usage pool comment (#5916) * test: acmeserver: add smoke test for the ACME server directory (#5914) * Upgrade acmeserver to github.com/go-chi/chi/v5 (#5913) * caddyhttp: Adjust `scheme` placeholder docs (#5910) * go.mod: Upgrade quic-go to v0.39.1 * go.mod: CVE-2023-45142 Update opentelemetry (#5908) * templates: Delete headers on `httpError` to reset to clean slate (#5905) * httpcaddyfile: Remove port from logger names (#5881) * core: Apply SO_REUSEPORT to UDP sockets (#5725) * caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848) * cmd: Add newline character to version string in CLI output (#5895) * core: quic listener will manage the underlying socket by itself (#5749) * templates: Clarify `include` args docs, add `.ClientIP` (#5898) * httpcaddyfile: Fix TLS automation policy merging with get_certificate (#5896) * cmd: upgrade: resolve symlink of the executable (#5891) * caddyfile: Fix variadic placeholder false positive when token contains `:` (#5883) - CVEs: * CVE-2024-22189 (boo#1222468) * CVE-2023-45142 - Update to version 2.7.6: * caddytls: Sync distributed storage cleaning (#5940) * caddytls: Context to DecisionFunc (#5923) * tls: accept placeholders in string values of certificate loaders (#5963) * templates: Offically make templates extensible (#5939) * http2 uses new round-robin scheduler (#5946) * panic when reading from backend failed to propagate stream error (#5952) * chore: Bump otel to v1.21.0. (#5949) * httpredirectlistener: Only set read limit for when request is HTTP (#5917) * fileserver: Add .m4v for browse template icon * Revert 'caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)' (#5924) * go.mod: update quic-go version to v0.40.0 (#5922) * update quic-go to v0.39.3 (#5918) * chore: Fix usage pool comment (#5916) * test: acmeserver: add smoke test for the ACME server directory (#5914) * Upgrade acmeserver to github.com/go-chi/chi/v5 (#5913) * caddyhttp: Adjust `scheme` placeholder docs (#5910) * go.mod: Upgrade quic-go to v0.39.1 * go.mod: CVE-2023-45142 Update opentelemetry (#5908) * templates: Delete headers on `httpError` to reset to clean slate (#5905) * httpcaddyfile: Remove port from logger names (#5881) * core: Apply SO_REUSEPORT to UDP sockets (#5725) * caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848) * cmd: Add newline character to version string in CLI output (#5895) * core: quic listener will manage the underlying socket by itself (#5749) * templates: Clarify `include` args docs, add `.ClientIP` (#5898) * httpcaddyfile: Fix TLS automation policy merging with get_certificate (#5896) * cmd: upgrade: resolve symlink of the executable (#5891) * caddyfile: Fix variadic placeholder false positive when token contains `:` (#5883) - Update to version 2.7.5: * admin: Respond with 4xx on non-existing config path (#5870) * ci: Force the Go version for govulncheck (#5879) * fileserver: Set canonical URL on browse template (#5867) * tls: Add X25519Kyber768Draft00 PQ 'curve' behind build tag (#5852) * reverseproxy: Add more debug logs (#5793) * reverseproxy: Fix `least_conn` policy regression (#5862) * reverseproxy: Add logging for dynamic A upstreams (#5857) * reverseproxy: Replace health header placeholders (#5861) * httpcaddyfile: Sort TLS SNI matcher for deterministic JSON output (#5860) * cmd: Fix exiting with custom status code, add `caddy -v` (#5874) * reverseproxy: fix parsing Caddyfile fails for unlimited request/response buffers (#5828) * reverseproxy: Fix retries on 'upstreams unavailable' error (#5841) * httpcaddyfile: Enable TLS for catch-all site if `tls` directive is specified (#5808) * encode: Add `application/wasm*` to the default content types (#5869) * fileserver: Add command shortcuts `-l` and `-a` (#5854) * go.mod: Upgrade dependencies incl. x/net/http * templates: Add dummy `RemoteAddr` to `httpInclude` request, proxy compatibility (#5845) * reverseproxy: Allow fallthrough for response handlers without routes (#5780) * fix: caddytest.AssertResponseCode error message (#5853) * build(deps): bump goreleaser/goreleaser-action from 4 to 5 (#5847) * build(deps): bump actions/checkout from 3 to 4 (#5846) * caddyhttp: Use LimitedReader for HTTPRedirectListener * fileserver: browse template SVG icons and UI tweaks (#5812) * reverseproxy: fix nil pointer dereference in AUpstreams.GetUpstreams (#5811) * httpcaddyfile: fix placeholder shorthands in named routes (#5791) * cmd: Prevent overwriting existing env vars with `--envfile` (#5803) * ci: Run govulncheck (#5790) * logging: query filter for array of strings (#5779) * logging: Clone array on log filters, prevent side-effects (#5786) * fileserver: Export BrowseTemplate * ci: ensure short-sha is exported correctly on all platforms (#5781) * caddyfile: Fix case where heredoc marker is empty after newline (#5769) * go.mod: Update quic-go to v0.38.0 (#5772) * chore: Appease gosec linter (#5777) * replacer: change timezone to UTC for 'time.now.http' placeholders (#5774) * caddyfile: Adjust error formatting (#5765) * update quic-go to v0.37.6 (#5767) * httpcaddyfile: Stricter errors for site and upstream address schemes (#5757) * caddyfile: Loosen heredoc parsing (#5761) * fileserver: docs: clarify the ability to produce JSON array with `browse` (#5751) * fix package typo (#5764) Moderate SUSE bug 1222468 CVE-2023-45142 at SUSE CVE-2023-45142 at NVD CVE-2024-22189 at SUSE CVE-2024-22189 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-nltk (Important) openSUSE Leap 15.6 This update for python-nltk fixes the following issues: - CVE-2024-39705: Fixed remote code execution through unsafe pickle usage (boo#1227174). Important SUSE bug 1227174 CVE-2024-39705 at SUSE CVE-2024-39705 at NVD cpe:/o:opensuse:leap:15.6 Security update for opera (Important) openSUSE Leap 15.6 NonFree This update for opera fixes the following issues: - Update to 112.0.5197.25 * CHR-9787 Update Chromium on desktop-stable-126-5197 to 126.0.6478.127 - The update to chromium 126.0.6478.127 fixes following issues: CVE-2024-6290, CVE-2024-6291, CVE-2024-6292, CVE-2024-6293 - Update to 112.0.5197.24 * CHR-9762 Update Chromium on desktop-stable-126-5197 to 126.0.6478.62 * DNA-117001 Crash at base::internal::check_is_test_impl (base::NotFatalUntil) * DNA-117050 [Settings][Sync] Synchronization options aren't visible * DNA-117076 [Player] Background of the icons has changed and the Tidal icon is now missing * DNA-117109 Browser freezes when trying to remove a tab * DNA-117181 Translations for O112 * DNA-117202 Crash at syncer::SyncServiceImpl::NotifyObservers() * DNA-117295 Remove emoji names field in picker * DNA-117347 Start page is not rendered on first switch to workspace after its creation * DNA-117431 Promote 112 to stable - Complete Opera 112 changelog at: https://blogs.opera.com/desktop/changelog-for-112 - The update to chromium >= 126.0.6478.54 fixes following issues: CVE-2024-5830, CVE-2024-5831, CVE-2024-5832, CVE-2024-5833, CVE-2024-5834, CVE-2024-5835, CVE-2024-5836, CVE-2024-5837, CVE-2024-5838, CVE-2024-5839, CVE-2024-5840, CVE-2024-5841, CVE-2024-5842, CVE-2024-5843, CVE-2024-5844, CVE-2024-5845, CVE-2024-5846, CVE-2024-5847 - Update to 111.0.5168.55 * DNA-116749 Unnecessary icons in the advanced sync settings * DNA-116961 Evaluate #vtvd-as-platform-sw-decoder in the field * DNA-117003 #vtvd-as-platform-sw-decoder is not registered in media unittests Update to 111.0.5168.43 * DNA-115228 Adblocker is blocking ads when turned off * DNA-116605 Crash at opera::BrowserContentsView:: NonClientHitTestPoint(gfx::Point const&) * DNA-116855 Cannot close tab island’s tab when popup was hovered * DNA-116885 Add chrome.cookies api permission to Rich Hints * DNA-116948 [Linux] Theme toggle in settings is not working Update to 111.0.5168.25 * CHR-9754 Update Chromium on desktop-stable-125-5168 to 125.0.6422.142 * DNA-116089 [Win/Lin] Fullscreen view has rounded corners * DNA-116208 The red dot on the Aria’s icon is misaligned * DNA-116693 X (twitter) logo is not available on opera:about page * DNA-116737 [Bookmarks] Bookmarks bar favicon have light theme color in new window * DNA-116769 Extension popup – pin icon is replaced * DNA-116850 Fix full package installer link * DNA-116852 Promote 111 to stable * DNA-116491 Site info popup is cut with dropdown opened * DNA-116661 [opera:settings] IPFS/IPNS Gateway box has the wrong design * DNA-116789 Translations for O111 * DNA-116813 [React emoji picker] Flag emojis are not load correctly * DNA-116893 Put 'Show emojis in tab tooltip' in Settings * DNA-116918 Translations for 'Show emojis in tab tooltip' - Complete Opera 111 changelog at: https://blogs.opera.com/desktop/changelog-for-111 - The update to chromium 125.0.6422.142 fixes following issues: CVE-2024-5493, CVE-2024-5494, CVE-2024-5495, CVE-2024-5496, CVE-2024-5497, CVE-2024-5498, CVE-2024-5499 Important CVE-2024-5493 at SUSE CVE-2024-5493 at NVD CVE-2024-5494 at SUSE CVE-2024-5494 at NVD CVE-2024-5495 at SUSE CVE-2024-5495 at NVD CVE-2024-5496 at SUSE CVE-2024-5496 at NVD CVE-2024-5497 at SUSE CVE-2024-5497 at NVD CVE-2024-5498 at SUSE CVE-2024-5498 at NVD CVE-2024-5499 at SUSE CVE-2024-5499 at NVD CVE-2024-5830 at SUSE CVE-2024-5830 at NVD CVE-2024-5831 at SUSE CVE-2024-5831 at NVD CVE-2024-5832 at SUSE CVE-2024-5832 at NVD CVE-2024-5833 at SUSE CVE-2024-5833 at NVD CVE-2024-5834 at SUSE CVE-2024-5834 at NVD CVE-2024-5835 at SUSE CVE-2024-5835 at NVD CVE-2024-5836 at SUSE CVE-2024-5836 at NVD CVE-2024-5837 at SUSE CVE-2024-5837 at NVD CVE-2024-5838 at SUSE CVE-2024-5838 at NVD CVE-2024-5839 at SUSE CVE-2024-5839 at NVD CVE-2024-5840 at SUSE CVE-2024-5840 at NVD CVE-2024-5841 at SUSE CVE-2024-5841 at NVD CVE-2024-5842 at SUSE CVE-2024-5842 at NVD CVE-2024-5843 at SUSE CVE-2024-5843 at NVD CVE-2024-5844 at SUSE CVE-2024-5844 at NVD CVE-2024-5845 at SUSE CVE-2024-5845 at NVD CVE-2024-5846 at SUSE CVE-2024-5846 at NVD CVE-2024-5847 at SUSE CVE-2024-5847 at NVD CVE-2024-6290 at SUSE CVE-2024-6290 at NVD CVE-2024-6291 at SUSE CVE-2024-6291 at NVD CVE-2024-6292 at SUSE CVE-2024-6292 at NVD CVE-2024-6293 at SUSE CVE-2024-6293 at NVD Security update for keybase-client (Moderate) openSUSE Leap 15.6 This update for keybase-client fixes the following issues: - Update the Image dependency to address CVE-2024-24792 (boo#1227167). Moderate SUSE bug 1227167 CVE-2024-24792 at SUSE CVE-2024-24792 at NVD cpe:/o:opensuse:leap:15.6 Security update for assimp (Moderate) openSUSE Leap 15.6 This update for assimp fixes the following issues: - CVE-2024-40724: Fixed heap-based buffer overflow in the PLY importer class (boo#1228142), Moderate SUSE bug 1218474 SUSE bug 1228142 CVE-2024-40724 at SUSE CVE-2024-40724 at NVD cpe:/o:opensuse:leap:15.6 Security update for gh (Moderate) openSUSE Leap 15.6 This update for gh fixes the following issues: Update to version 2.53.0: * CVE-2024-6104: gh: hashicorp/go-retryablehttp: url might write sensitive information to log file (boo#1227035) * Disable `TestGetTrustedRoot/successfully_verifies_TUF_root` test due to https://github.com/cli/cli/issues/8928 * Rename package directory and files * Rename package name to `update_branch` * Rename `gh pr update` to `gh pr update-branch` * Add test case for merge conflict error * Handle merge conflict error * Return error if PR is not mergeable * Replace literals with consts for `Mergeable` field values * Add separate type for `PullRequest.Mergeable` field * Remove unused flag * Print message on stdout instead of stderr * Raise error if editor is used in non-tty mode * Add tests for JSON field support on issue and pr view commands * docs: Update documentation for `gh repo create` to clarify owner * Ensure PR does not panic when stateReason is requested * Enable to use --web even though editor is enabled by config * Add editor hint message * Use prefer_editor_prompt config by `issue create` * Add prefer_editor_prompt config * Add `issue create --editor` * Update create.go * gh attestation trusted-root subcommand (#9206) * Fetch variable selected repo relationship when required * Add `createdAt` field to tests * Add `createdAt` field to `Variable` type * Add test for exporting as JSON * Add test for JSON output * Only populate selected repo information for JSON output * Add test to verify JSON exporter gets set * Add `--json` option support * Use `Variable` type defined in `shared` package * Add tests for JSON output * Move `Variable` type and `PopulateSelectedRepositoryInformation` func to shared * Fix query parameter name * Update tests to account for ref comparison step * Improve query variable names * Check if PR branch is already up-to-date * Add `ComparePullRequestBaseBranchWith` function * Run `go mod tidy` * Add test to verify `--repo` requires non-empty selector * Require non-empty selector when `--repo` override is used * Run `go mod tidy` * Register `update` command * Add tests for `pr update` command * Add `pr update` command * Add `UpdatePullRequestBranch` method * Upgrade `shurcooL/githubv4` Update to version 2.52.0: * Attestation Verification - Buffer Fix * Remove beta note from attestation top level command * Removed beta note from `gh at download`. * Removed beta note from `gh at verify`, clarified reusable workflows use case. * add `-a` flag to `gh run list` Moderate SUSE bug 1227035 CVE-2024-6104 at SUSE CVE-2024-6104 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-notebook (Moderate) openSUSE Leap 15.6 This update for python-notebook fixes the following issues: - Update to 5.7.11 * sanitizer fix CVE-2021-32798 (boo#1227583) - Update to 5.7.10 * no upstream changelog - Update to 5.7.9 * Update JQuery dependency to version 3.4.1 to fix security vulnerability (CVE-2019-11358) * Update from preact to React Moderate SUSE bug 1227583 CVE-2019-11358 at SUSE CVE-2019-11358 at NVD CVE-2021-32798 at SUSE CVE-2021-32798 at NVD cpe:/o:opensuse:leap:15.6 Security update for yt-dlp (Moderate) openSUSE Leap 15.6 This update for yt-dlp fixes the following issues: - Update to release 2024.08.01 * youtube: * Change default player clients to ios,tv * Fix n function name extraction for player 20dfca59 * Fix age-verification workaround - Update to release 2024.07.25 * youtube: Fix n function name extraction for player 3400486c - Update to release 2024.07.16 * Support auto-tty and no_color-tty for --color * youtube: Avoid poToken experiment player responses - Update to release 2024.07.09 * youtube: Remove broken n function extraction fallback - Update to release 2024.07.01: * Properly sanitize file-extension to prevent file system modification and RCE. Unsafe extensions are now blocked from being downloaded. [CVE-2024-38519 boo#1227305] Moderate SUSE bug 1227305 CVE-2024-38519 at SUSE CVE-2024-38519 at NVD cpe:/o:opensuse:leap:15.6 Security update for ksh (Moderate) openSUSE Leap 15.6 This update for ksh fixes the following issues: - fix segfault in variable substitution [boo#1129288] - fix untrusted environment execution [boo#1160796] [CVE-2019-14868] Moderate SUSE bug 1129288 SUSE bug 1160796 CVE-2019-14868 at SUSE CVE-2019-14868 at NVD cpe:/o:opensuse:leap:15.6 Security update for opera (Important) openSUSE Leap 15.6 NonFree This update for opera fixes the following issues: - Update to 112.0.5197.53 * CHR-9814 Update Chromium on desktop-stable-126-5197 to 126.0.6478.226 * DNA-116974 Site settings popup size not expanding causing display issues * DNA-117115 Tab islands are extending partially after Workspace change * DNA-117708 H.264 SW decoding only possible if HW decoding is possible * DNA-117792 Crash at content::RenderWidgetHostImpl:: ForwardMouseEventWithLatencyInfo(blink:: WebMouseEvent const&, ui::LatencyInfo const&) - The update to chromium >= 126.0.6478.182 fixes following issues: CVE-2024-6772, CVE-2024-6773, CVE-2024-6774, CVE-2024-6775, CVE-2024-6776, CVE-2024-6777, CVE-2024-6778, CVE-2024-6779 - Update to 112.0.5197.30 * CHR-9416 Updating Chromium on desktop-stable-* branches Important CVE-2024-6772 at SUSE CVE-2024-6772 at NVD CVE-2024-6773 at SUSE CVE-2024-6773 at NVD CVE-2024-6774 at SUSE CVE-2024-6774 at NVD CVE-2024-6775 at SUSE CVE-2024-6775 at NVD CVE-2024-6776 at SUSE CVE-2024-6776 at NVD CVE-2024-6777 at SUSE CVE-2024-6777 at NVD CVE-2024-6778 at SUSE CVE-2024-6778 at NVD CVE-2024-6779 at SUSE CVE-2024-6779 at NVD Security update for chromium, gn, rust-bindgen (Important) openSUSE Leap 15.6 This update for chromium, gn, rust-bindgen fixes the following issues: - Chromium 127.0.6533.119 (boo#1228941) * CVE-2024-7532: Out of bounds memory access in ANGLE * CVE-2024-7533: Use after free in Sharing * CVE-2024-7550: Type Confusion in V8 * CVE-2024-7534: Heap buffer overflow in Layout * CVE-2024-7535: Inappropriate implementation in V8 * CVE-2024-7536: Use after free in WebAudio - Chromium 127.0.6533.88 (boo#1228628, boo#1228940, boo#1228942) * CVE-2024-6988: Use after free in Downloads * CVE-2024-6989: Use after free in Loader * CVE-2024-6991: Use after free in Dawn * CVE-2024-6992: Out of bounds memory access in ANGLE * CVE-2024-6993: Inappropriate implementation in Canvas * CVE-2024-6994: Heap buffer overflow in Layout * CVE-2024-6995: Inappropriate implementation in Fullscreen * CVE-2024-6996: Race in Frames * CVE-2024-6997: Use after free in Tabs * CVE-2024-6998: Use after free in User Education * CVE-2024-6999: Inappropriate implementation in FedCM * CVE-2024-7000: Use after free in CSS. Reported by Anonymous * CVE-2024-7001: Inappropriate implementation in HTML * CVE-2024-7003: Inappropriate implementation in FedCM * CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing * CVE-2024-7005: Insufficient validation of untrusted input in Safe Browsing * CVE-2024-6990: Uninitialized Use in Dawn * CVE-2024-7255: Out of bounds read in WebTransport * CVE-2024-7256: Insufficient data validation in Dawn gh: - Update to version 0.20240730: * Rust: link_output, depend_output and runtime_outputs for dylibs * Add missing reference section to function_toolchain.cc * Do not cleanup args.gn imports located in the output directory. * Fix expectations in NinjaRustBinaryTargetWriterTest.SwiftModule * Do not add native dependencies to the library search path * Support linking frameworks and swiftmodules in Rust targets * [desc] Silence print() statements when outputing json * infra: Move CI/try builds to Ubuntu-22.04 * [MinGW] Fix mingw building issues * [gn] Fix 'link' in the //examples/simple_build/build/toolchain/BUILD.gn * [template] Fix 'rule alink_thin' in the //build/build_linux.ninja.template * Allow multiple --ide switches * [src] Add '#include <limits>' in the //src/base/files/file_enumerator_win.cc * Get updates to infra/recipes.py from upstream * Revert 'Teach gn to handle systems with > 64 processors' * [apple] Rename the code-signing properties of create_bundle * Fix a typo in 'gn help refs' output * Revert '[bundle] Use 'phony' builtin tool for create_bundle targets' * [bundle] Use 'phony' builtin tool for create_bundle targets * [ios] Simplify handling of assets catalog * [swift] List all outputs as deps of 'source_set' stamp file * [swift] Update `gn check ...` to consider the generated header * [swift] Set `restat = 1` to swift build rules * Fix build with gcc12 * [label_matches] Add new functions label_matches(), filter_labels_include() and filter_labels_exclude() * [swift] Remove problematic use of 'stamp' tool * Implement new --ninja-outputs-file option. * Add NinjaOutputsWriter class * Move InvokePython() function to its own source file. * zos: build with -DZOSLIB_OVERRIDE_CLIB to override creat * Enable C++ runtime assertions in debug mode. * Fix regression in MakeRelativePath() * fix: Fix Windows MakeRelativePath. * Add long path support for windows * Ensure read_file() files are considered by 'gn analyze' * apply 2to3 to for some Python scripts * Add rustflags to desc and help output * strings: support case insensitive check only in StartsWith/EndsWith * add .git-blame-ignore-revs * use std::{string,string_view}::{starts_with,ends_with} * apply clang-format to all C++ sources * add forward declaration in rust_values.h * Add `root_patterns` list to build configuration. * Use c++20 in GN build * update windows sdk to 2024-01-11 * update windows sdk * Add linux-riscv64. * Update OWNERS list. * remove unused function * Ignore build warning -Werror=redundant-move * Fix --as=buildfile `gn desc deps` output. * Update recipe engine to 9dea1246. * treewide: Fix spelling mistakes Added rust-bindgen: - Version 0.69.1 Important SUSE bug 1228628 SUSE bug 1228940 SUSE bug 1228941 SUSE bug 1228942 CVE-2024-6988 at SUSE CVE-2024-6988 at NVD CVE-2024-6989 at SUSE CVE-2024-6989 at NVD CVE-2024-6990 at SUSE CVE-2024-6990 at NVD CVE-2024-6991 at SUSE CVE-2024-6991 at NVD CVE-2024-6992 at SUSE CVE-2024-6992 at NVD CVE-2024-6993 at SUSE CVE-2024-6993 at NVD CVE-2024-6994 at SUSE CVE-2024-6994 at NVD CVE-2024-6995 at SUSE CVE-2024-6995 at NVD CVE-2024-6996 at SUSE CVE-2024-6996 at NVD CVE-2024-6997 at SUSE CVE-2024-6997 at NVD CVE-2024-6998 at SUSE CVE-2024-6998 at NVD CVE-2024-6999 at SUSE CVE-2024-6999 at NVD CVE-2024-7000 at SUSE CVE-2024-7000 at NVD CVE-2024-7001 at SUSE CVE-2024-7001 at NVD CVE-2024-7003 at SUSE CVE-2024-7003 at NVD CVE-2024-7004 at SUSE CVE-2024-7004 at NVD CVE-2024-7005 at SUSE CVE-2024-7005 at NVD CVE-2024-7255 at SUSE CVE-2024-7255 at NVD CVE-2024-7256 at SUSE CVE-2024-7256 at NVD CVE-2024-7532 at SUSE CVE-2024-7532 at NVD CVE-2024-7533 at SUSE CVE-2024-7533 at NVD CVE-2024-7534 at SUSE CVE-2024-7534 at NVD CVE-2024-7535 at SUSE CVE-2024-7535 at NVD CVE-2024-7536 at SUSE CVE-2024-7536 at NVD CVE-2024-7550 at SUSE CVE-2024-7550 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: - Chromium 128.0.6613.84 (boo#1229591) * CVE-2024-7964: Use after free in Passwords * CVE-2024-7965: Inappropriate implementation in V8 * CVE-2024-7966: Out of bounds memory access in Skia * CVE-2024-7967: Heap buffer overflow in Fonts * CVE-2024-7968: Use after free in Autofill * CVE-2024-7969: Type Confusion in V8 * CVE-2024-7971: Type confusion in V8 * CVE-2024-7972: Inappropriate implementation in V8 * CVE-2024-7973: Heap buffer overflow in PDFium * CVE-2024-7974: Insufficient data validation in V8 API * CVE-2024-7975: Inappropriate implementation in Permissions * CVE-2024-7976: Inappropriate implementation in FedCM * CVE-2024-7977: Insufficient data validation in Installer * CVE-2024-7978: Insufficient policy enforcement in Data Transfer * CVE-2024-7979: Insufficient data validation in Installer * CVE-2024-7980: Insufficient data validation in Installer * CVE-2024-7981: Inappropriate implementation in Views * CVE-2024-8033: Inappropriate implementation in WebApp Installs * CVE-2024-8034: Inappropriate implementation in Custom Tabs * CVE-2024-8035: Inappropriate implementation in Extensions * Various fixes from internal audits, fuzzing and other initiatives Important SUSE bug 1229426 SUSE bug 1229591 CVE-2024-7964 at SUSE CVE-2024-7964 at NVD CVE-2024-7965 at SUSE CVE-2024-7965 at NVD CVE-2024-7966 at SUSE CVE-2024-7966 at NVD CVE-2024-7967 at SUSE CVE-2024-7967 at NVD CVE-2024-7968 at SUSE CVE-2024-7968 at NVD CVE-2024-7969 at SUSE CVE-2024-7969 at NVD CVE-2024-7971 at SUSE CVE-2024-7971 at NVD CVE-2024-7972 at SUSE CVE-2024-7972 at NVD CVE-2024-7973 at SUSE CVE-2024-7973 at NVD CVE-2024-7974 at SUSE CVE-2024-7974 at NVD CVE-2024-7975 at SUSE CVE-2024-7975 at NVD CVE-2024-7976 at SUSE CVE-2024-7976 at NVD CVE-2024-7977 at SUSE CVE-2024-7977 at NVD CVE-2024-7978 at SUSE CVE-2024-7978 at NVD CVE-2024-7979 at SUSE CVE-2024-7979 at NVD CVE-2024-7980 at SUSE CVE-2024-7980 at NVD CVE-2024-7981 at SUSE CVE-2024-7981 at NVD CVE-2024-8033 at SUSE CVE-2024-8033 at NVD CVE-2024-8034 at SUSE CVE-2024-8034 at NVD CVE-2024-8035 at SUSE CVE-2024-8035 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: Chromium 128.0.6613.113 (boo#1229897) * CVE-2024-7969: Type Confusion in V8 * CVE-2024-8193: Heap buffer overflow in Skia * CVE-2024-8194: Type Confusion in V8 * CVE-2024-8198: Heap buffer overflow in Skia Important SUSE bug 1229897 CVE-2024-7969 at SUSE CVE-2024-7969 at NVD CVE-2024-8193 at SUSE CVE-2024-8193 at NVD CVE-2024-8194 at SUSE CVE-2024-8194 at NVD CVE-2024-8198 at SUSE CVE-2024-8198 at NVD cpe:/o:opensuse:leap:15.6 Security update for trivy (Moderate) openSUSE Leap 15.6 trivy was updated to fix the following issues: Update to version 0.54.1: * fix(flag): incorrect behavior for deprected flag `--clear-cache` [backport: release/v0.54] (#7285) * fix(java): Return error when trying to find a remote pom to avoid segfault [backport: release/v0.54] (#7283) * fix(plugin): do not call GitHub content API for releases and tags [backport: release/v0.54] (#7279) * release: v0.54.0 [main] (#7075) * docs: update ecosystem page reporting with plopsec.com app (#7262) * feat(vex): retrieve VEX attestations from OCI registries (#7249) * feat(sbom): add image labels into `SPDX` and `CycloneDX` reports (#7257) * refactor(flag): return error if both `--download-db-only` and `--download-java-db-only` are specified (#7259) * fix(nodejs): detect direct dependencies when using `latest` version for files `yarn.lock` + `package.json` (#7110) * chore: show VEX notice for OSS maintainers in CI environments (#7246) * feat(vuln): add `--pkg-relationships` (#7237) * docs: show VEX cli pages + update config file page for VEX flags (#7244) * fix(dotnet): show `nuget package dir not found` log only when checking `nuget` packages (#7194) * feat(vex): VEX Repository support (#7206) * fix(secret): skip regular strings contain secret patterns (#7182) * feat: share build-in rules (#7207) * fix(report): hide empty table when all secrets/license/misconfigs are ignored (#7171) * fix(cli): error on missing config file (#7154) * fix(secret): update length of `hugging-face-access-token` (#7216) * feat(sbom): add vulnerability support for SPDX formats (#7213) * fix(secret): trim excessively long lines (#7192) * chore(vex): update subcomponents for CVE-2023-42363/42364/42365/42366 (#7201) * fix(server): pass license categories to options (#7203) * feat(mariner): Add support for Azure Linux (#7186) * docs: updates config file (#7188) * refactor(fs): remove unused field for CompositeFS (#7195) * fix: add missing platform and type to spec (#7149) * feat(misconf): enabled China configuration for ACRs (#7156) * fix: close file when failed to open gzip (#7164) * docs: Fix PR documentation to use GitHub Discussions, not Issues (#7141) * docs(misconf): add info about limitations for terraform plan json (#7143) * chore: add VEX for Trivy images (#7140) * chore: add VEX document and generator for Trivy (#7128) * fix(misconf): do not evaluate TF when a load error occurs (#7109) * feat(cli): rename `--vuln-type` flag to `--pkg-types` flag (#7104) * refactor(secret): move warning about file size after `IsBinary` check (#7123) * feat: add openSUSE tumbleweed detection and scanning (#6965) * test: add missing advisory details for integration tests database (#7122) * fix: Add dependencyManagement exclusions to the child exclusions (#6969) * fix: ignore nodes when listing permission is not allowed (#7107) * fix(java): use `go-mvn-version` to remove `Package` duplicates (#7088) * refactor(secret): add warning about large files (#7085) * feat(nodejs): add license parser to pnpm analyser (#7036) * refactor(sbom): add sbom prefix + filepaths for decode log messages (#7074) * feat: add `log.FilePath()` function for logger (#7080) * chore: bump golangci-lint from v1.58 to v1.59 (#7077) * perf(debian): use `bytes.Index` in `emptyLineSplit` to cut allocation (#7065) * refactor: pass DB dir to trivy-db (#7057) * docs: navigate to the release highlights and summary (#7072) Update to version 0.53.0 (bsc#1227022, CVE-2024-6257): * release: v0.53.0 [main] (#6855) * feat(conda): add licenses support for `environment.yml` files (#6953) * fix(sbom): fix panic when scanning SBOM file without root component into SBOM format (#7051) * feat: add memory cache backend (#7048) * fix(sbom): use package UIDs for uniqueness (#7042) * feat(php): add installed.json file support (#4865) * docs: ✨ Updated ecosystem docs with reference to new community app (#7041) * fix: use embedded when command path not found (#7037) * refactor: use google/wire for cache (#7024) * fix(cli): show info message only when --scanners is available (#7032) * chore: enable float-compare rule from testifylint (#6967) * docs: Add sudo on commands, chmod before mv on install docs (#7009) * fix(plugin): respect `--insecure` (#7022) * feat(k8s)!: node-collector dynamic commands support (#6861) * fix(sbom): take pkg name from `purl` for maven pkgs (#7008) * feat!: add clean subcommand (#6993) * chore: use `!` for breaking changes (#6994) * feat(aws)!: Remove aws subcommand (#6995) * refactor: replace global cache directory with parameter passing (#6986) * fix(sbom): use `purl` for `bitnami` pkg names (#6982) * chore: bump Go toolchain version (#6984) * refactor: unify cache implementations (#6977) * docs: non-packaged and sbom clarifications (#6975) * BREAKING(aws): Deprecate `trivy aws` as subcmd in favour of a plugin (#6819) * docs: delete unknown URL (#6972) * refactor: use version-specific URLs for documentation references (#6966) * refactor: delete db mock (#6940) * refactor: add warning if severity not from vendor (or NVD or GH) is used (#6726) * feat: Add local ImageID to SARIF metadata (#6522) * fix(suse): Add SLES 15.6 and Leap 15.6 (#6964) * feat(java): add support for sbt projects using sbt-dependency-lock (#6882) * feat(java): add support for `maven-metadata.xml` files for remote snapshot repositories. (#6950) * fix(purl): add missed os types (#6955) * fix(cyclonedx): trim non-URL info for `advisory.url` (#6952) * fix(c): don't skip conan files from `file-patterns` and scan `.conan2` cache dir (#6949) * fix(image): parse `image.inspect.Created` field only for non-empty values (#6948) * fix(misconf): handle source prefix to ignore (#6945) * fix(misconf): fix parsing of engine links and frameworks (#6937) * feat(misconf): support of selectors for all providers for Rego (#6905) * fix(license): return license separation using separators `,`, `or`, etc. (#6916) * feat(misconf): add support for AWS::EC2::SecurityGroupIngress/Egress (#6755) * BREAKING(misconf): flatten recursive types (#6862) * test: bump docker API to 1.45 (#6914) * feat(sbom): migrate to `CycloneDX v1.6` (#6903) * feat(image): Set User-Agent header for Trivy container registry requests (#6868) * fix(debian): take installed files from the origin layer (#6849) * fix(nodejs): fix infinite loop when package link from `package-lock.json` file is broken (#6858) * feat(misconf): API Gateway V1 support for CloudFormation (#6874) * feat(plugin): add support for nested archives (#6845) * fix(sbom): don't overwrite `srcEpoch` when decoding SBOM files (#6866) * fix(secret): `Asymmetric Private Key` shouldn't start with space (#6867) * chore: auto label discussions (#5259) * docs: explain how VEX is applied (#6864) * fix(python): compare pkg names from `poetry.lock` and `pyproject.toml` in lowercase (#6852) * fix(nodejs): fix infinity loops for `pnpm` with cyclic imports (#6857) * feat(dart): use first version of constraint for dependencies using SDK version (#6239) * fix(misconf): parsing numbers without fraction as int (#6834) * fix(misconf): fix caching of modules in subdirectories (#6814) * feat(misconf): add metadata to Cloud schema (#6831) * test: replace embedded Git repository with dynamically created repository (#6824) Update to version 0.52.2: * test: bump docker API to 1.45 [backport: release/v0.52] (#6922) * fix(debian): take installed files from the origin layer [backport: release/v0.52] (#6892) Update to version 0.52.1: * release: v0.52.1 [release/v0.52] (#6877) * fix(nodejs): fix infinite loop when package link from `package-lock.json` file is broken [backport: release/v0.52] (#6888) * fix(sbom): don't overwrite `srcEpoch` when decoding SBOM files [backport: release/v0.52] (#6881) * fix(python): compare pkg names from `poetry.lock` and `pyproject.toml` in lowercase [backport: release/v0.52] (#6878) * docs: explain how VEX is applied (#6864) * fix(nodejs): fix infinity loops for `pnpm` with cyclic imports (#6857) Update to version 0.52.0 (bsc#1224781, CVE-2024-35192): * release: v0.52.0 [main] (#6809) * fix(plugin): initialize logger (#6836) * fix(cli): always output fatal errors to stderr (#6827) * fix: close testfile (#6830) * docs(julia): add scanner table (#6826) * feat(python): add license support for `requirement.txt` files (#6782) * docs: add more workarounds for out-of-disk (#6821) * chore: improve error message for image not found (#6822) * fix(sbom): fix panic for `convert` mode when scanning json file derived from sbom file (#6808) * fix: clean up golangci lint configuration (#6797) * fix(python): add package name and version validation for `requirements.txt` files. (#6804) * feat(vex): improve relationship support in CSAF VEX (#6735) * chore(alpine): add eol date for Alpine 3.20 (#6800) * docs(plugin): add missed `plugin` section (#6799) * fix: include packages unless it is not needed (#6765) * feat(misconf): support for VPC resources for inbound/outbound rules (#6779) * chore: replace interface{} with any (#6751) * fix: close settings.xml (#6768) * refactor(go): add priority for gobinary module versions from `ldflags` (#6745) * build: use main package instead of main.go (#6766) * feat(misconf): resolve tf module from OpenTofu compatible registry (#6743) * docs: add info on adding compliance checks (#6275) * docs: Add documentation for contributing additional checks to the trivy policies repo (#6234) * feat(nodejs): add v9 pnpm lock file support (#6617) * feat(vex): support non-root components for products in OpenVEX (#6728) * feat(python): add line number support for `requirement.txt` files (#6729) * chore: respect timeout value in .golangci.yaml (#6724) * fix: node-collector high and critical cves (#6707) * Merge pull request from GHSA-xcq4-m2r3-cmrj * chore: auto-bump golang patch versions (#6711) * fix(misconf): don't shift ignore rule related to code (#6708) * feat(plugin): specify plugin version (#6683) * chore: enforce golangci-lint version (#6700) * fix(go): include only `.version`|`.ver` (no prefixes) ldflags for `gobinaries` (#6705) * fix(go): add only non-empty root modules for `gobinaries` (#6710) * refactor: unify package addition and vulnerability scanning (#6579) * fix: Golang version parsing from binaries w/GOEXPERIMENT (#6696) * feat(misconf): Add support for deprecating a check (#6664) * feat: Add Julia language analyzer support (#5635) * feat(misconf): register builtin Rego funcs from trivy-checks (#6616) * fix(report): hide empty tables if all vulns has been filtered (#6352) * feat(report): Include licenses and secrets filtered by rego to ModifiedFindings (#6483) * feat: add support for plugin index (#6674) * docs: add support table for client server mode (#6498) * fix: close APKINDEX archive file (#6672) * fix(misconf): skip Rego errors with a nil location (#6666) * refactor: move artifact types under artifact package to avoid import cycles (#6652) * refactor(misconf): remove extrafs (#6656) * refactor: re-define module structs for serialization (#6655) * chore(misconf): Clean up iac logger (#6642) * feat(misconf): support symlinks inside of Helm archives (#6621) * feat(misconf): add Terraform 'removed' block to schema (#6640) * refactor: unify Library and Package structs (#6633) * fix: use of specified context to obtain cluster name (#6645) * perf(misconf): parse rego input once (#6615) * fix(misconf): skip Rego errors with a nil location (#6638) * docs: link warning to both timeout config options (#6620) * docs: fix usage of image-config-scanners (#6635) Update to version 0.51.1: * fix(fs): handle default skip dirs properly (#6628) * fix(misconf): load cached tf modules (#6607) * fix(misconf): do not use semver for parsing tf module versions (#6614) * refactor: move setting scanners when using compliance reports to flag parsing (#6619) * feat: introduce package UIDs for improved vulnerability mapping (#6583) * perf(misconf): Improve cause performance (#6586) * docs: trivy-k8s new experiance remove un-used section (#6608) * docs: remove mention of GitLab Gold because it doesn't exist anymore (#6609) * feat(misconf): Use updated terminology for misconfiguration checks (#6476) * docs: use `generic` link from `trivy-repo` (#6606) * docs: update trivy k8s with new experience (#6465) * feat: support `--skip-images` scanning flag (#6334) * BREAKING: add support for k8s `disable-node-collector` flag (#6311) * feat: add ubuntu 23.10 and 24.04 support (#6573) * docs(go): add stdlib (#6580) * feat(go): parse main mod version from build info settings (#6564) * feat: respect custom exit code from plugin (#6584) * docs: add asdf and mise installation method (#6063) * feat(vuln): Handle scanning conan v2.x lockfiles (#6357) * feat: add support `environment.yaml` files (#6569) * fix: close plugin.yaml (#6577) * fix: trivy k8s avoid deleting non-default node collector namespace (#6559) * BREAKING: support exclude `kinds/namespaces` and include `kinds/namespaces` (#6323) * feat(go): add main module (#6574) * feat: add relationships (#6563) * docs: mention `--show-suppressed` is available in table (#6571) * chore: fix sqlite to support loong64 (#6511) * fix(debian): sort dpkg info before parsing due to exclude directories (#6551) * docs: update info about config file (#6547) * docs: remove RELEASE_VERSION from trivy.repo (#6546) * fix(sbom): change error to warning for multiple OSes (#6541) * fix(vuln): skip empty versions (#6542) * feat(c): add license support for conan lock files (#6329) * fix(terraform): Attribute and fileset fixes (#6544) * refactor: change warning if no vulnerability details are found (#6230) * refactor(misconf): improve error handling in the Rego scanner (#6527) * feat(go): parse main module of go binary files (#6530) * refactor(misconf): simplify the retrieval of module annotations (#6528) * docs(nodejs): add info about supported versions of pnpm lock files (#6510) * feat(misconf): loading embedded checks as a fallback (#6502) * fix(misconf): Parse JSON k8s manifests properly (#6490) * refactor: remove parallel walk (#5180) * fix: close pom.xml (#6507) * fix(secret): convert severity for custom rules (#6500) * fix(java): update logic to detect `pom.xml` file snapshot artifacts from remote repositories (#6412) * fix: typo (#6283) * docs(k8s,image): fix command-line syntax issues (#6403) * fix(misconf): avoid panic if the scheme is not valid (#6496) * feat(image): goversion as stdlib (#6277) * fix: add color for error inside of log message (#6493) * docs: fix links to OPA docs (#6480) * refactor: replace zap with slog (#6466) * docs: update links to IaC schemas (#6477) * chore: bump Go to 1.22 (#6075) * refactor(terraform): sync funcs with Terraform (#6415) * feat(misconf): add helm-api-version and helm-kube-version flag (#6332) * fix(terraform): eval submodules (#6411) * refactor(terraform): remove unused options (#6446) * refactor(terraform): remove unused file (#6445) * fix(misconf): Escape template value correctly (#6292) * feat(misconf): add support for wildcard ignores (#6414) * fix(cloudformation): resolve `DedicatedMasterEnabled` parsing issue (#6439) * refactor(terraform): remove metrics collection (#6444) * feat(cloudformation): add support for logging and endpoint access for EKS (#6440) * fix(db): check schema version for image name only (#6410) * feat(misconf): Support private registries for misconf check bundle (#6327) * feat(cloudformation): inline ignore support for YAML templates (#6358) * feat(terraform): ignore resources by nested attributes (#6302) * perf(helm): load in-memory files (#6383) * feat(aws): apply filter options to result (#6367) * feat(aws): quiet flag support (#6331) * fix(misconf): clear location URI for SARIF (#6405) * test(cloudformation): add CF tests (#6315) * fix(cloudformation): infer type after resolving a function (#6406) * fix(sbom): fix error when parent of SPDX Relationships is not a package. (#6399) * docs: add info about support for package license detection in `fs`/`repo` modes (#6381) * fix(nodejs): add support for parsing `workspaces` from `package.json` as an object (#6231) * fix: use `0600` perms for tmp files for post analyzers (#6386) * fix(helm): scan the subcharts once (#6382) * docs(terraform): add file patterns for Terraform Plan (#6393) * fix(terraform): сhecking SSE encryption algorithm validity (#6341) * fix(java): parse modules from `pom.xml` files once (#6312) * fix(server): add Locations for `Packages` in client/server mode (#6366) * fix(sbom): add check for `CreationInfo` to nil when detecting SPDX created using Trivy (#6346) * fix(report): don't include empty strings in `.vulnerabilities[].identifiers[].url` when `gitlab.tpl` is used (#6348) * chore(ubuntu): Add Ubuntu 22.04 EOL date (#6371) * feat(java): add support licenses and graph for gradle lock files (#6140) * feat(vex): consider root component for relationships (#6313) * fix: increase the default buffer size for scanning dpkg status files by 2 times (#6298) * chore: updates wazero to v1.7.0 (#6301) * feat(sbom): Support license detection for SBOM scan (#6072) * refactor(sbom): use intermediate representation for SPDX (#6310) * docs(terraform): improve documentation for filtering by inline comments (#6284) * fix(terraform): fix policy document retrieval (#6276) * refactor(terraform): remove unused custom error (#6303) * refactor(sbom): add intermediate representation for BOM (#6240) * fix(amazon): check only major version of AL to find advisories (#6295) * fix(db): use schema version as tag only for `trivy-db` and `trivy-java-db` registries by default (#6219) * fix(nodejs): add name validation for package name from `package.json` (#6268) * docs: Added install instructions for FreeBSD (#6293) * feat(image): customer podman host or socket option (#6256) * feat(java): mark dependencies from `maven-invoker-plugin` integration tests pom.xml files as `Dev` (#6213) * fix(license): reorder logic of how python package licenses are acquired (#6220) * test(terraform): skip cached modules (#6281) * feat(secret): Support for detecting Hugging Face Access Tokens (#6236) * fix(cloudformation): support of all SSE algorithms for s3 (#6270) * feat(terraform): Terraform Plan snapshot scanning support (#6176) * fix: typo function name and comment optimization (#6200) * fix(java): don't ignore runtime scope for pom.xml files (#6223) * fix(license): add FilePath to results to allow for license path filtering via trivyignore file (#6215) * test(k8s): use test-db for k8s integration tests (#6222) * fix(terraform): fix root module search (#6160) * test(parser): squash test data for yarn (#6203) * fix(terraform): do not re-expand dynamic blocks (#6151) * docs: update ecosystem page reporting with db app (#6201) * fix: k8s summary separate infra and user finding results (#6120) * fix: add context to target finding on k8s table view (#6099) * fix: Printf format err (#6198) * refactor: better integration of the parser into Trivy (#6183) * feat(terraform): Add hyphen and non-ASCII support for domain names in credential extraction (#6108) * fix(vex): CSAF filtering should consider relationships (#5923) * refactor(report): Replacing `source_location` in `github` report when scanning an image (#5999) * feat(vuln): ignore vulnerabilities by PURL (#6178) * feat(java): add support for fetching packages from repos mentioned in pom.xml (#6171) * feat(k8s): rancher rke2 version support (#5988) * docs: update kbom distribution for scanning (#6019) * chore: update CODEOWNERS (#6173) * fix(swift): try to use branch to resolve version (#6168) * fix(terraform): ensure consistent path handling across OS (#6161) * fix(java): add only valid libs from `pom.properties` files from `jars` (#6164) * fix(sbom): skip executable file analysis if Rekor isn't a specified SBOM source (#6163) * docs(report): add remark about `path` to filter licenses using `.trivyignore.yaml` file (#6145) * docs: update template path for gitlab-ci tutorial (#6144) * feat(report): support for filtering licenses and secrets via rego policy files (#6004) * fix(cyclonedx): move root component from scanned cyclonedx file to output cyclonedx file (#6113) * docs: add SecObserve in CI/CD and reporting (#6139) * fix(alpine): exclude empty licenses for apk packages (#6130) * docs: add docs tutorial on custom policies with rego (#6104) * fix(nodejs): use project dir when searching for workspaces for Yarn.lock files (#6102) * feat(vuln): show suppressed vulnerabilities in table (#6084) * docs: rename governance to principles (#6107) * docs: add governance (#6090) * feat(java): add dependency location support for `gradle` files (#6083) * fix(misconf): get `user` from `Config.User` (#6070) Update to version 0.49.1: * fix: check unescaped `BomRef` when matching `PkgIdentifier` (#6025) * docs: Fix broken link to 'pronunciation' (#6057) * fix: fix cursor usage in Redis Clear function (#6056) * fix(nodejs): add local packages support for `pnpm-lock.yaml` files (#6034) * test: fix flaky `TestDockerEngine` (#6054) * fix(java): recursive check all nested depManagements with import scope for pom.xml files (#5982) * fix(cli): inconsistent behavior across CLI flags, environment variables, and config files (#5843) * feat(rust): Support workspace.members parsing for Cargo.toml analysis (#5285) * docs: add note about Bun (#6001) * fix(report): use `AWS_REGION` env for secrets in `asff` template (#6011) * fix: check returned error before deferring f.Close() (#6007) * feat(misconf): add support of buildkit instructions when building dockerfile from image config (#5990) * feat(vuln): enable `--vex` for all targets (#5992) * docs: update link to data sources (#6000) * feat(java): add support for line numbers for pom.xml files (#5991) * refactor(sbom): use new `metadata.tools` struct for CycloneDX (#5981) * docs: Update troubleshooting guide with image not found error (#5983) * style: update band logos (#5968) * docs: update cosign tutorial and commands, update kyverno policy (#5929) * docs: update command to scan go binary (#5969) * fix: handle non-parsable images names (#5965) * fix(amazon): save system files for pkgs containing `amzn` in src (#5951) * fix(alpine): Add EOL support for alpine 3.19. (#5938) * feat: allow end-users to adjust K8S client QPS and burst (#5910) * fix(nodejs): find licenses for packages with slash (#5836) * fix(sbom): use `group` field for pom.xml and nodejs files for CycloneDX reports (#5922) * fix: ignore no init containers (#5939) * docs: Fix documentation of ecosystem (#5940) * docs(misconf): multiple ignores in comment (#5926) * fix(secret): find aws secrets ending with a comma or dot (#5921) * docs: ✨ Updated ecosystem docs with reference to new community app (#5918) * fix(java): check if a version exists when determining GAV by file name for `jar` files (#5630) * feat(vex): add PURL matching for CSAF VEX (#5890) * fix(secret): `AWS Secret Access Key` must include only secrets with `aws` text. (#5901) * revert(report): don't escape new line characters for sarif format (#5897) * docs: improve filter by rego (#5402) * docs: add_scan2html_to_trivy_ecosystem (#5875) * fix(vm): update ext4-filesystem fix reading groupdescriptor in 32bit mode (#5888) * feat(vex): Add support for CSAF format (#5535) * feat(python): parse licenses from dist-info folder (#4724) * feat(nodejs): add yarn alias support (#5818) * refactor: propagate time through context values (#5858) * refactor: move PkgRef under PkgIdentifier (#5831) * fix(cyclonedx): fix unmarshal for licenses (#5828) * feat(vuln): include pkg identifier on detected vulnerabilities (#5439) Update to version 0.48.1: * fix(bitnami): use a different comparer for detecting vulnerabilities (#5633) * refactor(sbom): disable html escaping for CycloneDX (#5764) * refactor(purl): use `pub` from `package-url` (#5784) * docs(python): add note to using `pip freeze` for `compatible releases` (#5760) * fix(report): use OS information for OS packages purl in `github` template (#5783) * fix(report): fix error if miconfigs are empty (#5782) * refactor(vuln): don't remove VendorSeverity in JSON report (#5761) * fix(report): don't mark misconfig passed tests as failed in junit.tpl (#5767) * docs(k8s): replace --scanners config with --scanners misconfig in docs (#5746) * fix(report): update Gitlab template (#5721) * feat(secret): add support of GitHub fine-grained tokens (#5740) * fix(misconf): add an image misconf to result (#5731) * feat(secret): added support of Docker registry credentials (#5720) Update to version 0.48.0: * feat: filter k8s core components vuln results (#5713) * feat(vuln): remove duplicates in Fixed Version (#5596) * feat(report): output plugin (#4863) * docs: typo in modules.md (#5712) * feat: Add flag to configure node-collector image ref (#5710) * feat(misconf): Add `--misconfig-scanners` option (#5670) * chore: bump Go to 1.21 (#5662) * feat: Packagesprops support (#5605) * docs: update adopters discussion template (#5632) * docs: terraform tutorial links updated to point to correct loc (#5661) * fix(secret): add `sec` and space to secret prefix for `aws-secret-access-key` (#5647) * fix(nodejs): support protocols for dependency section in yarn.lock files (#5612) * fix(secret): exclude upper case before secret for `alibaba-access-key-id` (#5618) * docs: Update Arch Linux package URL in installation.md (#5619) * chore: add prefix to image errors (#5601) * docs(vuln): fix link anchor (#5606) * docs: Add Dagger integration section and cleanup Ecosystem CICD docs page (#5608) * fix: k8s friendly error messages kbom non cluster scans (#5594) * feat: set InstalledFiles for DEB and RPM packages (#5488) * fix(report): use time.Time for CreatedAt (#5598) * test: retry containerd initialization (#5597) * feat(misconf): Expose misconf engine debug logs with `--debug` option (#5550) * test: mock VM walker (#5589) * chore: bump node-collector v0.0.9 (#5591) * feat(misconf): Add support for `--cf-params` for CFT (#5507) * feat(flag): replace '--slow' with '--parallel' (#5572) * fix(report): add escaping for Sarif format (#5568) * chore: show a deprecation notice for `--scanners config` (#5587) * feat(report): Add CreatedAt to the JSON report. (#5542) (#5549) * test: mock RPM DB (#5567) * feat: add aliases to '--scanners' (#5558) * refactor: reintroduce output writer (#5564) * chore: not load plugins for auto-generating docs (#5569) * chore: sort supported AWS services (#5570) * fix: no schedule toleration (#5562) * fix(cli): set correct `scanners` for `k8s` target (#5561) * fix(sbom): add `FilesAnalyzed` and `PackageVerificationCode` fields for SPDX (#5533) * refactor(misconf): Update refactored dependencies (#5245) * feat(secret): add built-in rule for JWT tokens (#5480) * fix: trivy k8s parse ecr image with arn (#5537) * fix: fail k8s resource scanning (#5529) * refactor(misconf): don't remove Highlighted in json format (#5531) * docs(k8s): fix link in kubernetes.md (#5524) * docs(k8s): fix whitespace in list syntax (#5525) Update to version 0.47.0: * docs: add info that license scanning supports file-patterns flag (#5484) * docs: add Zora integration into Ecosystem session (#5490) * fix(sbom): Use UUID as BomRef for packages with empty purl (#5448) * fix: correct error mismatch causing race in fast walks (#5516) * docs: k8s vulnerability scanning (#5515) * docs: remove glad for java datasources (#5508) * chore: remove unused logger attribute in amazon detector (#5476) * fix: correct error mismatch causing race in fast walks (#5482) * fix(server): add licenses to `BlobInfo` message (#5382) * feat: scan vulns on k8s core component apps (#5418) * fix(java): fix infinite loop when `relativePath` field points to `pom.xml` being scanned (#5470) * fix(sbom): save digests for package/application when scanning SBOM files (#5432) * docs: fix the broken link (#5454) * docs: fix error when installing `PyYAML` for gh pages (#5462) * fix(java): download java-db once (#5442) * docs(misconf): Update `--tf-exclude-downloaded-modules` description (#5419) * feat(misconf): Support `--ignore-policy` in config scans (#5359) * docs(misconf): fix broken table for `Use container image` section (#5425) * feat(dart): add graph support (#5374) * refactor: define a new struct for scan targets (#5397) * fix(sbom): add missed `primaryURL` and `source severity` for CycloneDX (#5399) * fix: correct invalid MD5 hashes for rpms ending with one or more zero bytes (#5393) * docs: remove --scanners none (#5384) * docs: Update container_image.md #5182 (#5193) * feat(report): Add `InstalledFiles` field to Package (#4706) * feat(k8s): add support for vulnerability detection (#5268) * fix(python): override BOM in `requirements.txt` files (#5375) * docs: add kbom documentation (#5363) * test: use maximize build space for VM tests (#5362) * fix(report): add escaping quotes in misconfig Title for asff template (#5351) * fix: Report error when os.CreateTemp fails (to be consistent with other uses) (#5342) * fix: add config files to FS for post-analyzers (#5333) * fix: fix MIME warnings after updating to Go 1.20 (#5336) * build: fix a compile error with Go 1.21 (#5339) * feat: added `Metadata` into the k8s resource's scan report (#5322) * chore: update adopters template (#5330) * fix(sbom): use PURL or Group and Name in case of Java (#5154) * docs: add buildkite repository to ecosystem page (#5316) * chore: enable go-critic (#5302) * close java-db client (#5273) * fix(report): removes git::http from uri in sarif (#5244) * Improve the meaning of sentence (#5301) * add app nil check (#5274) * typo: in secret.md (#5281) * docs: add info about `github` format (#5265) * feat(dotnet): add license support for NuGet (#5217) * docs: correctly export variables (#5260) * chore: Add line numbers for lint output (#5247) * chore(cli): disable java-db flags in server mode (#5263) * feat(db): allow passing registry options (#5226) * refactor(purl): use TypeApk from purl (#5232) * chore: enable more linters (#5228) * Fix typo on ide.md (#5239) * refactor: use defined types (#5225) * fix(purl): skip local Go packages (#5190) * docs: update info about license scanning in Yarn projects (#5207) * fix link (#5203) * fix(purl): handle rust types (#5186) * chore: auto-close issues (#5177) * fix(k8s): kbom support addons labels (#5178) * test: validate SPDX with the JSON schema (#5124) * chore: bump trivy-kubernetes-latest (#5161) * docs: add 'Signature Verification' guide (#4731) * docs: add image-scanner-with-trivy for ecosystem (#5159) * fix(fs): assign the absolute path to be inspected to ROOTPATH when filesystem (#5158) * Update filtering.md (#5131) * chaging adopters discussion tempalte (#5091) * docs: add Bitnami (#5078) * feat(docker): add support for scanning Bitnami components (#5062) * feat: add support for .trivyignore.yaml (#5070) * fix(terraform): improve detection of terraform files (#4984) * feat: filter artifacts on --exclude-owned flag (#5059) * fix(sbom): cyclonedx advisory should omit `null` value (#5041) * build: maximize build space for build tests (#5072) * feat: improve kbom component name (#5058) * fix(pom): add licenses for pom artifacts (#5071) * chore: bump Go to `1.20` (#5067) * feat: PURL matching with qualifiers in OpenVEX (#5061) * feat(java): add graph support for pom.xml (#4902) * feat(swift): add vulns for cocoapods (#5037) * fix: support image pull secret for additional workloads (#5052) * fix: #5033 Superfluous double quote in html.tpl (#5036) * docs(repo): update trivy repo usage and example (#5049) * perf: Optimize Dockerfile for reduced layers and size (#5038) * feat: scan K8s Resources Kind with --all-namespaces (#5043) * fix: vulnerability typo (#5044) * docs: adding a terraform tutorial to the docs (#3708) * feat(report): add licenses to sarif format (#4866) * feat(misconf): show the resource name in the report (#4806) * chore: update alpine base images (#5015) * feat: add Package.resolved swift files support (#4932) * feat(nodejs): parse licenses in yarn projects (#4652) * fix: k8s private registries support (#5021) * bump github.com/testcontainers/testcontainers-go from 0.21.0 to 0.23.0 (#5018) * feat(vuln): support last_affected field from osv (#4944) * feat(server): add version endpoint (#4869) * feat: k8s private registries support (#4987) * fix(server): add indirect prop to package (#4974) * docs: add coverage (#4954) * feat(c): add location for lock file dependencies. (#4994) * docs: adding blog post on ec2 (#4813) * revert 32bit bins (#4977) Moderate SUSE bug 1224781 SUSE bug 1227022 CVE-2023-42363 at SUSE CVE-2023-42363 at NVD CVE-2024-35192 at SUSE CVE-2024-35192 at NVD CVE-2024-6257 at SUSE CVE-2024-6257 at NVD cpe:/o:opensuse:leap:15.6 Security update for rust-bindgen. (Moderate) openSUSE Leap 15.6 rust-bindgen was updated to fix the following issues: Update to version 0.70.1: * Revert 'Only trigger the publish workflow manually' * Fix `collapsible_match` clippy warning * Add `#[clippy::allow]` attribute to `const` layout tests * Fix creduce example * Fix creduce install link * Fix create-tag.yml Update to version 0.70.0: * Fix generation of extern 'C' blocks with llvm 18 * Update shlex dependency (RUSTSEC-2024-0006, boo#1229375) * Try to avoid repr(packed) for explicitly aligned types when not needed * Support Float16 * Fix alignment contribution from bitfields * Replace peeking_take_while by itertools * Add blocklist_var * Stabilize thiscall_abi * Allow older itertools * Add target mappings for riscv64imac and riscv32imafc. * Add a complex macro fallback API * Add option to use DST structs for flexible arrays * Add option to dynamically load variables * Add option in CLI to use rustified non-exhaustive enums * Remove which and lazy-static dependencies * Generate compile-time layout tests * Print bindgen-cli errors to stderr instead of stdout * Fix --formatter=prettyplease not working in bindgen-cli by adding prettyplease feature and enabling it by default for bindgen-cli * Fix --allowlist-item so anonymous enums are no longer ignored * Use clang_getFileLocation instead of clang_getSpellingLocation to fix clang-trun * Fix generated constants: f64::INFINITY, f64::NEG_ INFINITY,f64::NAN * Update tempfile and rustix due to GHSA-c827-hfw6-qwvm (boo#1229376) Moderate SUSE bug 1229375 SUSE bug 1229376 CVE-2024-43806 at SUSE CVE-2024-43806 at NVD cpe:/o:opensuse:leap:15.6 Security update for opera (Important) openSUSE Leap 15.6 NonFree This update for opera fixes the following issues: - Update to 113.0.5230.32 * DNA-118250 Backport fix for CVE-2024-7971 from Chrome to Opera 113 - Changes in 113.0.5230.31 * CHR-9819 Update Chromium on desktop-stable-127-5230 to 127.0.6533.120 * DNA-116113 Print window boxes have frames and text is not vertically centered * DNA-117467 Crash at static void views::Combobox:: PaintIconAndText(class gfx::Canvas*) * DNA-117557 Fix detected dangling ptr in WorkspacesTabCycler ControllerIndexInCycleOrderTest.IndexInCyclingOrder * DNA-117721 [Lin] When I drag a tab out of the tab strip and drop it, it is not possible to do so without creating a new window. * DNA-117854 Pinned tab takes whole tab strip * DNA-117857 [Sync][Lost password] After profile error can’t add passwords and sync can’t display synced passwords * DNA-118215 Promote 113 to stable - Complete Opera 113 changelog at: https://blogs.opera.com/desktop/changelog-for-113 Important CVE-2024-7971 at SUSE CVE-2024-7971 at NVD Security update for cacti, cacti-spine (Important) openSUSE Leap 15.6 This update for cacti, cacti-spine fixes the following issues: - cacti 1.2.27: * CVE-2024-34340: Authentication Bypass when using using older password hashes (boo#1224240) * CVE-2024-25641: RCE vulnerability when importing packages (boo#1224229) * CVE-2024-31459: RCE vulnerability when plugins include files (boo#1224238) * CVE-2024-31460: SQL Injection vulnerability when using tree rules through Automation API (boo#1224239) * CVE-2024-29894: XSS vulnerability when using JavaScript based messaging API (boo#1224231) * CVE-2024-31458: SQL Injection vulnerability when using form templates (boo#1224241) * CVE-2024-31444: XSS vulnerability when reading tree rules with Automation API (boo#1224236) * CVE-2024-31443: XSS vulnerability when managing data queries (boo#1224235) * CVE-2024-31445: SQL Injection vulnerability when retrieving graphs using Automation API (boo#1224237) * CVE-2024-27082: XSS vulnerability when managing trees (boo#1224230) * Improve PHP 8.3 support * When importing packages via command line, data source profile could not be selected * When changing password, returning to previous page does not always work * When using LDAP authentication the first time, warnings may appear in logs * When editing/viewing devices, add IPv6 info to hostname tooltip * Improve speed of polling when Boost is enabled * Improve support for Half-Hour time zones * When user session not found, device lists can be incorrectly returned * On import, legacy templates may generate warnings * Improve support for alternate locations of Ping * Improve PHP 8.1 support for Installer * Fix issues with number formatting * Improve PHP 8.1 support when SpikeKill is run first time * Improve PHP 8.1 support for SpikeKill * When using Chinese to search for graphics, garbled characters appear. * When importing templates, preview mode will not always load * When remote poller is installed, MySQL TimeZone DB checks are not performed * When Remote Poller installation completes, no finish button is shown * Unauthorized agents should be recorded into logs * Poller cache may not always update if hostname changes * When using CMD poller, Failure and Recovery dates may have incorrect values * Saving a Tree can cause the tree to become unpublished * Web Basic Authentication does not record user logins * When using Accent-based languages, translations may not work properly * Fix automation expressions for device rules * Improve PHP 8.1 Support during fresh install with boost * Add a device 'enabled/disabled' indicator next to the graphs * Notify the admin periodically when a remote data collector goes into heartbeat status * Add template for Aruba Clearpass * Add fliter/sort of Device Templates by Graph Templates - cacti-spine 1.2.27: * Restore AES Support Important SUSE bug 1224229 SUSE bug 1224230 SUSE bug 1224231 SUSE bug 1224235 SUSE bug 1224236 SUSE bug 1224237 SUSE bug 1224238 SUSE bug 1224239 SUSE bug 1224240 SUSE bug 1224241 CVE-2024-25641 at SUSE CVE-2024-25641 at NVD CVE-2024-27082 at SUSE CVE-2024-27082 at NVD CVE-2024-29894 at SUSE CVE-2024-29894 at NVD CVE-2024-31443 at SUSE CVE-2024-31443 at NVD CVE-2024-31444 at SUSE CVE-2024-31444 at NVD CVE-2024-31445 at SUSE CVE-2024-31445 at NVD CVE-2024-31458 at SUSE CVE-2024-31458 at NVD CVE-2024-31459 at SUSE CVE-2024-31459 at NVD CVE-2024-31460 at SUSE CVE-2024-31460 at NVD CVE-2024-34340 at SUSE CVE-2024-34340 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: Chromium 128.0.6613.119 (released 2024-09-02) (boo#1230108) * CVE-2024-8362: Use after free in WebAudio * CVE-2024-7970: Out of bounds write in V8 Important SUSE bug 1230108 CVE-2024-7970 at SUSE CVE-2024-7970 at NVD CVE-2024-8362 at SUSE CVE-2024-8362 at NVD cpe:/o:opensuse:leap:15.6 Security update for kanidm (Moderate) openSUSE Leap 15.6 This update for kanidm fixes the following issues: - kanidm version 1.3.3~git0.f075d13: * Release 1.3.3 * Mail substr index (#2981) Moderate SUSE bug 1191031 SUSE bug 1194119 SUSE bug 1196972 SUSE bug 1210356 CVE-2021-45710 at SUSE CVE-2021-45710 at NVD CVE-2022-24713 at SUSE CVE-2022-24713 at NVD CVE-2023-26964 at SUSE CVE-2023-26964 at NVD cpe:/o:opensuse:leap:15.6 Security update for ntpd-rs (Moderate) openSUSE Leap 15.6 This update for ntpd-rs fixes the following issues: - Introducing ntpd-rs version 1.2.3 Moderate CVE-2024-38528 at SUSE CVE-2024-38528 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: Chromium 128.0.6613.137 (released 2024-09-10) (boo#1230391) * CVE-2024-8636: Heap buffer overflow in Skia * CVE-2024-8637: Use after free in Media Router * CVE-2024-8638: Type Confusion in V8 * CVE-2024-8639: Use after free in Autofill Important SUSE bug 1230391 CVE-2024-8636 at SUSE CVE-2024-8636 at NVD CVE-2024-8637 at SUSE CVE-2024-8637 at NVD CVE-2024-8638 at SUSE CVE-2024-8638 at NVD CVE-2024-8639 at SUSE CVE-2024-8639 at NVD cpe:/o:opensuse:leap:15.6 Security update for htmldoc (Moderate) openSUSE Leap 15.6 This update for htmldoc fixes the following issues: - CVE-2024-45508: Fixed an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node [boo#1230022]. Moderate SUSE bug 1230022 CVE-2024-45508 at SUSE CVE-2024-45508 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: Chromium 129.0.6668.58 (stable released 2024-09-17) (boo#1230678) * CVE-2024-8904: Type Confusion in V8 * CVE-2024-8905: Inappropriate implementation in V8 * CVE-2024-8906: Incorrect security UI in Downloads * CVE-2024-8907: Insufficient data validation in Omnibox * CVE-2024-8908: Inappropriate implementation in Autofill * CVE-2024-8909: Inappropriate implementation in UI Important SUSE bug 1230678 CVE-2024-8904 at SUSE CVE-2024-8904 at NVD CVE-2024-8905 at SUSE CVE-2024-8905 at NVD CVE-2024-8906 at SUSE CVE-2024-8906 at NVD CVE-2024-8907 at SUSE CVE-2024-8907 at NVD CVE-2024-8908 at SUSE CVE-2024-8908 at NVD CVE-2024-8909 at SUSE CVE-2024-8909 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: Chromium 129.0.6668.70 (stable released 2024-09-24) (boo#1230964) * CVE-2024-9120: Use after free in Dawn * CVE-2024-9121: Inappropriate implementation in V8 * CVE-2024-9122: Type Confusion in V8 * CVE-2024-9123: Integer overflow in Skia - bump BR for nodejs to minimal 20.0 Important SUSE bug 1230964 CVE-2024-9120 at SUSE CVE-2024-9120 at NVD CVE-2024-9121 at SUSE CVE-2024-9121 at NVD CVE-2024-9122 at SUSE CVE-2024-9122 at NVD CVE-2024-9123 at SUSE CVE-2024-9123 at NVD cpe:/o:opensuse:leap:15.6 Security update for coredns (Moderate) openSUSE Leap 15.6 This update for coredns fixes the following issues: Update to version 1.11.3: * optimize the performance for high qps (#6767) * bump deps * Fix zone parser error handling (#6680) * Add alternate option to forward plugin (#6681) * fix: plugin/file: return error when parsing the file fails (#6699) * [fix:documentation] Clarify autopath README (#6750) * Fix outdated test (#6747) * Bump go version from 1.21.8 to 1.21.11 (#6755) * Generate zplugin.go correctly with third-party plugins (#6692) * dnstap: uses pointer receiver for small response writer (#6644) * chore: fix function name in comment (#6608) * [plugin/forward] Strip local zone from IPV6 nameservers (#6635) - fixes CVE-2023-30464 - fixes CVE-2023-28452 Update to upstream head (git commit #5a52707): * bump deps to address security issue CVE-2024-22189 * Return RcodeServerFailure when DNS64 has no next plugin (#6590) * add plusserver to adopters (#6565) * Change the log flags to be a variable that can be set prior to calling Run (#6546) * Enable Prometheus native histograms (#6524) * forward: respect context (#6483) * add client labels to k8s plugin metadata (#6475) * fix broken link in webpage (#6488) * Repo controlled Go version (#6526) * removed the mutex locks with atomic bool (#6525) Update to version 1.11.2: * rewrite: fix multi request concurrency issue in cname rewrite (#6407) * plugin/tls: respect the path specified by root plugin (#6138) * plugin/auto: warn when auto is unable to read elements of the directory tree (#6333) * fix: make the codeowners link relative (#6397) * plugin/etcd: the etcd client adds the DialKeepAliveTime parameter (#6351) * plugin/cache: key cache on Checking Disabled (CD) bit (#6354) * Use the correct root domain name in the proxy plugin's TestHealthX tests (#6395) * Add PITS Global Data Recovery Services as an adopter (#6304) * Handle UDP responses that overflow with TC bit with test case (#6277) * plugin/rewrite: add rcode as a rewrite option (#6204) - CVE-2024-0874: coredns: CD bit response is cached and served later - Update to version 1.11.1: * Revert “plugin/forward: Continue waiting after receiving malformed responses * plugin/dnstap: add support for “extra” field in payload * plugin/cache: fix keepttl parsing - Update to version 1.11.0: * Adds support for accepting DNS connections over QUIC (doq). * Adds CNAME target rewrites to the rewrite plugin. * Plus many bug fixes, and some security improvements. * This release introduces the following backward incompatible changes: + In the kubernetes plugin, we have dropped support for watching Endpoint and Endpointslice v1beta, since all supported K8s versions now use Endpointslice. + The bufsize plugin changed its default size limit value to 1232 + Some changes to forward plugin metrics. - Update to version 1.10.1: * Corrected architecture labels in multi-arch image manifest * A new plugin timeouts that allows configuration of server listener timeout durations * acl can drop queries as an action * template supports creating responses with extended DNS errors * New weighted policy in loadbalance * Option to serve original record TTLs from cache - Update to version 1.10.0: * core: add log listeners for k8s_event plugin (#5451) * core: log DoH HTTP server error logs in CoreDNS format (#5457) * core: warn when domain names are not in RFC1035 preferred syntax (#5414) * plugin/acl: add support for extended DNS errors (#5532) * plugin/bufsize: do not expand query UDP buffer size if already set to a smaller value (#5602) * plugin/cache: add cache disable option (#5540) * plugin/cache: add metadata for wildcard record responses (#5308) * plugin/cache: add option to adjust SERVFAIL response cache TTL (#5320) * plugin/cache: correct responses to Authenticated Data requests (#5191) * plugin/dnstap: add identity and version support for the dnstap plugin (#5555) * plugin/file: add metadata for wildcard record responses (#5308) * plugin/forward: enable multiple forward declarations (#5127) * plugin/forward: health_check needs to normalize a specified domain name (#5543) * plugin/forward: remove unused coredns_forward_sockets_open metric (#5431) * plugin/header: add support for query modification (#5556) * plugin/health: bypass proxy in self health check (#5401) * plugin/health: don't go lameduck when reloading (#5472) * plugin/k8s_external: add support for PTR requests (#5435) * plugin/k8s_external: resolve headless services (#5505) * plugin/kubernetes: make kubernetes client log in CoreDNS format (#5461) * plugin/ready: reset list of readiness plugins on startup (#5492) * plugin/rewrite: add PTR records to supported types (#5565) * plugin/rewrite: fix a crash in rewrite plugin when rule type is missing (#5459) * plugin/rewrite: fix out-of-index issue in rewrite plugin (#5462) * plugin/rewrite: support min and max TTL values (#5508) * plugin/trace : make zipkin HTTP reporter more configurable using Corefile (#5460) * plugin/trace: read trace context info from headers for DOH (#5439) * plugin/tsig: add new plugin TSIG for validating TSIG requests and signing responses (#4957) * core: update gopkg.in/yaml.v3 to fix CVE-2022-28948 * core: update golang.org/x/crypto to fix CVE-2022-27191 * plugin/acl: adding a check to parse out zone info * plugin/dnstap: support FQDN TCP endpoint * plugin/errors: add stacktrace option to log a stacktrace during panic recovery * plugin/template: return SERVFAIL for zone-match regex-no-match case Moderate CVE-2022-27191 at SUSE CVE-2022-27191 at NVD CVE-2022-28948 at SUSE CVE-2022-28948 at NVD CVE-2023-28452 at SUSE CVE-2023-28452 at NVD CVE-2023-30464 at SUSE CVE-2023-30464 at NVD CVE-2024-0874 at SUSE CVE-2024-0874 at NVD CVE-2024-22189 at SUSE CVE-2024-22189 at NVD cpe:/o:opensuse:leap:15.6 Security update for opera (Important) openSUSE Leap 15.6 NonFree This update for opera fixes the following issues: Opera was updated to 114.0.5282.21 * CHR-9843 Update Chromium on desktop-stable-128-5282 to 128.0.6613.138 * DNA-118381 Corrupted extension should be repaired automatically * DNA-118423 Crash on exit at opera::VideoPopoutDetachController ::OnTabStripModelChanged * DNA-118480 Crash when closing tab from island's tooltip with double-click on X button * DNA-118586 Translations for O114 * DNA-118605 [Beta 114] [WinLin] Saved bookmarks have hover effect on the bookmarks bar * DNA-118736 Crash at opera::SyncLoginHelper::GetMenuItemString after clicking 'O' menu * DNA-118822 Promote 114 to stable - Complete Opera 114 changelog at: https://blogs.opera.com/desktop/changelog-for-114 - The update to chromium 128.0.6613.138 fixes following issues: CVE-2024-8636, CVE-2024-8637, CVE-2024-8638, CVE-2024-8639 - Update to 113.0.5230.132 * DNA-117554 Checkboxes in Sidebar setup are not visible in light theme * DNA-117952 Crash at opera::component_based::ComponentTabBar:: ~ComponentTabBar * DNA-118311 When pinning a tab from a tab island, it pins 'separately' from other pinned tabs * DNA-118661 Crash at opera::component_based::ComponentTabGroup ::~ComponentTabGroup * DNA-118688 Crash when opening o-menu with logged in anonymous hidden account * DNA-118732 IsLoggedIn should return false for unset type * DNA-118736 Crash at opera::SyncLoginHelper::GetMenuItemString after clicking 'O' menu * DNA-118782 Enable calling Aria via API by clicking on masthead banner * DNA-118796 Crash at blink::DocumentRulePredicate:: Parse(blink::JSONObject*, blink::KURL const&, blink:: ExecutionContext*, blink::ExceptionState&, WTF::String*) - Update to 113.0.5230.86 * DNA-115191 BookmarkModelMerger::Merge() blocks UI thread on sync start * DNA-117744 Missing downloads in easy files window when image copied to clipboard * DNA-118016 Event of enabling/disabling extension - Changes in 113.0.5230.62 * DNA-118382 Crash at (anonymous namespace)::ProfileErrorCallback - Update to 113.0.5230.47 * DNA-115901 Crash when canceling drag and drop tab between windows * DNA-118200 Crash at opera::flow::FlowSessionImpl::GetPairingUrl * DNA-118271 Miniplayer shows only icons to stop, play next or previous song * DNA-118297 Crash at views::Widget::GetWindowBoundsInScreen * DNA-118300 [startpage] click on link with target = blank opens page without visible tab Important CVE-2024-8636 at SUSE CVE-2024-8636 at NVD CVE-2024-8637 at SUSE CVE-2024-8637 at NVD CVE-2024-8638 at SUSE CVE-2024-8638 at NVD CVE-2024-8639 at SUSE CVE-2024-8639 at NVD Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: Chromium 129.0.6668.89 (stable released 2024-09-24) (boo#1231232) * CVE-2024-7025: Integer overflow in Layout * CVE-2024-9369: Insufficient data validation in Mojo * CVE-2024-9370: Inappropriate implementation in V8 Important SUSE bug 1231232 CVE-2024-7025 at SUSE CVE-2024-7025 at NVD CVE-2024-9369 at SUSE CVE-2024-9369 at NVD CVE-2024-9370 at SUSE CVE-2024-9370 at NVD cpe:/o:opensuse:leap:15.6 Security update for roundcubemail (Moderate) openSUSE Leap 15.6 This update for roundcubemail fixes the following issues: Update to 1.6.8 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security vulnerabilities: * Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009] * Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008] * Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010] CHANGELOG * Managesieve: Protect special scripts in managesieve_kolab_master mode * Fix newmail_notifier notification focus in Chrome (#9467) * Fix fatal error when parsing some TNEF attachments (#9462) * Fix double scrollbar when composing a mail with many plain text lines (#7760) * Fix decoding mail parts with multiple base64-encoded text blocks (#9290) * Fix bug where some messages could get malformed in an import from a MBOX file (#9510) * Fix invalid line break characters in multi-line text in Sieve scripts (#9543) * Fix bug where 'with attachment' filter could fail on some fts engines (#9514) * Fix bug where an unhandled exception was caused by an invalid image attachment (#9475) * Fix bug where a long subject title could not be displayed in some cases (#9416) * Fix infinite loop when parsing malformed Sieve script (#9562) * Fix bug where imap_conn_option's 'socket' was ignored (#9566) * Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009] * Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008] * Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010] Moderate SUSE bug 1228900 SUSE bug 1228901 CVE-2024-42008 at SUSE CVE-2024-42008 at NVD CVE-2024-42009 at SUSE CVE-2024-42009 at NVD CVE-2024-42010 at SUSE CVE-2024-42010 at NVD cpe:/o:opensuse:leap:15.6 Security update for seamonkey (Important) openSUSE Leap 15.6 This update for seamonkey fixes the following issues: update to SeaMonkey 2.53.19: * Cancel button in SeaMonkey bookmarking star ui not working bug 1872623. * Remove OfflineAppCacheHelper.jsm copy from SeaMonkey and use the one in toolkit bug 1896292. * Remove obsolete registerFactoryLocation calls from cZ bug 1870930. * Remove needless implements='nsIDOMEventListener' and QI bug 1611010. * Replace use of nsIStandardURL::Init bug 1864355. * Switch SeaMonkey website from hg.mozilla.org to heptapod. bug 1870934. * Allow view-image to open a data: URI by setting a flag on the loadinfo bug 1877001. * Save-link-as feature should use the loading principal and context menu using nsIContentPolicy.TYPE_SAVE_AS_DOWNLOAD bug 1879726. * Use punycode in SeaMonkey JS bug 1864287. * Font lists in preferences are no longer grouped by font type, port asynchronous handling like Bug 1399206 bug 1437393. * SeaMonkey broken tab after undo closed tab with invalid protocol bug 1885748. * SeaMonkey session restore is missing the checkboxes in the Classic theme bug 1896174. * Implement about:credits on seamonkey-project.org website bug 1898467. * Fix for the 0.0.0.0 day vulnerability oligo summary. * Link in update notification does not open Browser bug 1888364. * Update ReadExtensionPrefs in Preferences.cpp bug 1890196. * Add about:seamonkey page to SeaMonkey bug 1897801. * SeaMonkey 2.53.19 uses the same backend as Firefox and contains the relevant Firefox 60.8 security fixes. * SeaMonkey 2.53.19 shares most parts of the mail and news code with Thunderbird. Please read the Thunderbird 60.8.0 release notes for specific security fixes in this release. * Additional important security fixes up to Current Firefox 115.14 and Thunderbird 115.14 ESR plus many enhancements have been backported. We will continue to enhance SeaMonkey security in subsequent 2.53.x beta and release versions as fast as we are able to. Important SUSE bug 1230257 cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: - Chromium 129.0.6668.100 (boo#1231420) * CVE-2024-9602: Type Confusion in V8 * CVE-2024-9603: Type Confusion in V8 Important SUSE bug 1231420 CVE-2024-9602 at SUSE CVE-2024-9602 at NVD CVE-2024-9603 at SUSE CVE-2024-9603 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: Chromium 130.0.6723.58 (boo#1231694) * CVE-2024-9954: Use after free in AI * CVE-2024-9955: Use after free in Web Authentication * CVE-2024-9956: Inappropriate implementation in Web Authentication * CVE-2024-9957: Use after free in UI * CVE-2024-9958: Inappropriate implementation in PictureInPicture * CVE-2024-9959: Use after free in DevTools * CVE-2024-9960: Use after free in Dawn * CVE-2024-9961: Use after free in Parcel Tracking * CVE-2024-9962: Inappropriate implementation in Permissions * CVE-2024-9963: Insufficient data validation in Downloads * CVE-2024-9964: Inappropriate implementation in Payments * CVE-2024-9965: Insufficient data validation in DevTools * CVE-2024-9966: Inappropriate implementation in Navigations Important SUSE bug 1231694 CVE-2024-9954 at SUSE CVE-2024-9954 at NVD CVE-2024-9955 at SUSE CVE-2024-9955 at NVD CVE-2024-9956 at SUSE CVE-2024-9956 at NVD CVE-2024-9957 at SUSE CVE-2024-9957 at NVD CVE-2024-9958 at SUSE CVE-2024-9958 at NVD CVE-2024-9959 at SUSE CVE-2024-9959 at NVD CVE-2024-9960 at SUSE CVE-2024-9960 at NVD CVE-2024-9961 at SUSE CVE-2024-9961 at NVD CVE-2024-9962 at SUSE CVE-2024-9962 at NVD CVE-2024-9963 at SUSE CVE-2024-9963 at NVD CVE-2024-9964 at SUSE CVE-2024-9964 at NVD CVE-2024-9965 at SUSE CVE-2024-9965 at NVD CVE-2024-9966 at SUSE CVE-2024-9966 at NVD cpe:/o:opensuse:leap:15.6 Security update for hostapd (Moderate) openSUSE Leap 15.6 This update for hostapd fixes the following issues: hostapd was updated to 2024-07-20 / v2.11 * Wi-Fi Easy Connect - add support for DPP release 3 - allow Configurator parameters to be provided during config exchange * HE/IEEE 802.11ax/Wi-Fi 6 - various fixes * EHT/IEEE 802.11be/Wi-Fi 7 - add preliminary support * SAE: add support for fetching the password from a RADIUS server * support OpenSSL 3.0 API changes * support background radar detection and CAC with some additional drivers * support RADIUS ACL/PSK check during 4-way handshake (wpa_psk_radius=3) * EAP-SIM/AKA: support IMSI privacy * improve 4-way handshake operations - use Secure=1 in message 3 during PTK rekeying * OCV: do not check Frequency Segment 1 Channel Number for 160 MHz cases to avoid interoperability issues * support new SAE AKM suites with variable length keys * support new AKM for 802.1X/EAP with SHA384 * extend PASN support for secure ranging * FT: Use SHA256 to derive PMKID for AKM 00-0F-AC:3 (FT-EAP) - this is based on additional details being added in the IEEE 802.11 standard - the new implementation is not backwards compatible * improved ACS to cover additional channel types/bandwidths * extended Multiple BSSID support * fix beacon protection with FT protocol (incorrect BIGTK was provided) * support unsynchronized service discovery (USD) * add preliminary support for RADIUS/TLS * add support for explicit SSID protection in 4-way handshake (a mitigation for CVE-2023-52424; disabled by default for now, can be enabled with ssid_protection=1) * fix SAE H2E rejected groups validation to avoid downgrade attacks * use stricter validation for some RADIUS messages * a large number of other fixes, cleanup, and extensions Moderate SUSE bug 1150934 CVE-2023-52424 at SUSE CVE-2023-52424 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: Chromium 130.0.6723.69 (boo#1232060) * CVE-2024-10229: Inappropriate implementation in Extensions * CVE-2024-10230: Type Confusion in V8 * CVE-2024-10231: Type Confusion in V8 Important SUSE bug 1232060 CVE-2024-10229 at SUSE CVE-2024-10229 at NVD CVE-2024-10230 at SUSE CVE-2024-10230 at NVD CVE-2024-10231 at SUSE CVE-2024-10231 at NVD cpe:/o:opensuse:leap:15.6 Security update for lxc (Moderate) openSUSE Leap 15.6 This update for lxc fixes the following issues: lxc was updated to 6.0.2: The LXC team is pleased to announce the release of LXC 6.0.2! This is the second bugfix release for LXC 6.0 which is supported until June 2029. As usual this bugfix releases focus on stability and hardening. * Some of the highlights for this release are: - Reduced log level on some common messages - Fix compilation error on aarch64 * Detailed changelog - Remove unused function - idmap: Lower logging level of newXidmap tools to INFO - Exit 0 when there's no error - doc: Fix definitions of get_config_path and set_config_path - README: Update security contact - fix possible clang compile error in AARCH Update to 6.0.1: The LXC team is pleased to announce the release of LXC 6.0.1! This is the first bugfix release for LXC 6.0 which is supported until June 2029. As usual this bugfix releases focus on stability and hardening. * Highlights - Fixed some build tooling issues - Fixed startup failures on system without IPv6 support - Updated AppArmor rules to avoid potential warnings Update to 6.0.0: The LXC team is pleased to announce the release of LXC 6.0 LTS! This is the result of two years of work since the LXC 5.0 release and is the sixth LTS release for the LXC project. This release will be supported until June 2029. * New multi-call binary? A new tools-multicall=true configuration option can be used to produce a single lxc binary which can then have all other lxc-XYZ commands be symlinked to. This allows for a massive disk space reduction, particularly useful for embedded platforms. * Add a set_timeout function to the library A new set_timeout function is available on the main lxc_container struct and allow for setting a global timeout for interactions with the LXC monitor. Prior to this, there was no timeout, leading to potential deadlocks as there's also no way to cancel an monitor request. As a result of adding this new symbol to the library, we have bumped the liblxc symbol version to 1.8.0. * LXC bridge now has IPV6 enabled The default lxcbr0 bridge now comes with IPv6 enabled by default, using an IPv6 ULA subnet. Support for uid/gid selection in lxc-usernsexec The lxc-usernsexec tool now has both -u and -g options to control what resulting UID and GID (respectively) the user wishes to use (defaulting to 0/0). * Improvements to lxc-checkconfig lxc-checkconfig now only shows the version if lxc-start is present (rather than failing). Additionally, it's seen a number of other cosmetic improvements as well as now listing the maximum number of allowed namespaces for every namespace type. * Support for squashfs OCI images The built-in oci container template can now handle squashfs compressed OCI images through the use of atomfs. * Switched from systemd's dbus to dbus-1 LXC now uses libdbus-1 for DBus interactions with systemd rather than using libsystemd. The reason for this change is that libdbus-1 is readily available for static builds. * Removed Upstart support Support for the Upstart init system has finally been removed from LXC. This shouldn't really affect anyone at this stage and allowed for cleaning up some logic and config files from our repository. Moderate SUSE bug 1204842 SUSE bug 1206779 CVE-2022-47952 at SUSE CVE-2022-47952 at NVD cpe:/o:opensuse:leap:15.6 Security update for Botan (Moderate) openSUSE Leap 15.6 This update for Botan fixes the following issues: - Fixed CVE-2024-50382, CVE-2024-50383 - various compiler-induced side channel in GHASH when certain LLVM/GCC versions are used to compile Botan. Moderate SUSE bug 1232296 SUSE bug 1232297 SUSE bug 1232300 SUSE bug 1232301 CVE-2024-50382 at SUSE CVE-2024-50382 at NVD CVE-2024-50383 at SUSE CVE-2024-50383 at NVD cpe:/o:opensuse:leap:15.6 Security update for xsd (Moderate) openSUSE Leap 15.6 This update for xsd fixes the following issues: - CVE-2024-50602: Fixed libexpat DoS via XML_ResumeParser in xsd (boo#1232580) Moderate SUSE bug 1232580 CVE-2024-50602 at SUSE CVE-2024-50602 at NVD cpe:/o:opensuse:leap:15.6 Security update for mosquitto (Important) openSUSE Leap 15.6 This update for mosquitto fixes the following issues: - Update to latest release to address the following security issues: * CVE-2024-3935 (boo#1232635) * CVE-2024-10525 (boo#1232636) Update to version 2.0.20 Broker: - Fix QoS 1 / QoS 2 publish incorrectly returning 'no subscribers'. - Don't allow invalid response topic values. - Fix some strict protocol compliance issues. Update to version 2.0.19 Security: * Fix mismatched subscribe/unsubscribe with normal/shared topics. * Fix crash on bridge using remapped topic being sent a crafted packet. Broker: * Fix assert failure when loading a persistence file that contains subscriptions with no client id. * Fix local bridges being incorrectly expired when persistent_client_expiration is in use. * Fix use of CLOCK_BOOTTIME for getting time. * Fix mismatched subscribe/unsubscribe with normal/shared topics. * Fix crash on bridge using remapped topic being sent a crafted packet. Client library: * Fix some error codes being converted to string as 'unknown'. * Clear SSL error state to avoid spurious error reporting. * Fix 'payload format invalid' not being allowed as a PUBREC reason code. * Don't allow SUBACK with missing reason codes. Update to 2.0.18 (boo#1214918, CVE-2023-28366, boo#1215865, CVE-2023-0809, boo#1215864, CVE-2023-3592): * Fix crash on subscribe under certain unlikely conditions. * Fix mosquitto_rr not honouring `-R`. Closes #2893. * Fix `max_queued_messages 0` stopping clients from receiving messages. * Fix `max_inflight_messages` not being set correctly. * Fix `mosquitto_passwd -U` backup file creation. * CVE-2023-28366: Fix memory leak in broker when clients send multiple QoS 2 messages with the same message ID, but then never respond to the PUBREC commands. * CVE-2023-0809: Fix excessive memory being allocated based on malicious initial packets that are not CONNECT packets. * CVE-2023-3592: Fix memory leak when clients send v5 CONNECT packets with a will message that contains invalid property types. * Broker will now reject Will messages that attempt to publish to $CONTROL/. * Broker now validates usernames provided in a TLS certificate or TLS-PSK identity are valid UTF-8. * Fix potential crash when loading invalid persistence file. * Library will no longer allow single level wildcard certificates, e.g. *.com * Fix $SYS messages being expired after 60 seconds and hence unchanged values disappearing. * Fix some retained topic memory not being cleared immediately after used. * Fix error handling related to the `bind_interface` option. * Fix std* files not being redirected when daemonising, when built with assertions removed. * Fix default settings incorrectly allowing TLS v1.1. * Use line buffered mode for stdout. * Fix bridges with non-matching cleansession/local_cleansession being expired on start after restoring from persistence * Fix connections being limited to 2048 on Windows. The limit is now 8192, where supported. * Broker will log warnings if sensitive files are world readable/writable, or if the owner/group is not the same as the user/group the broker is running as. In future versions the broker will refuse to open these files. * mosquitto_memcmp_const is now more constant time. * Only register with DLT if DLT logging is enabled. * Fix any possible case where a json string might be incorrectly loaded. This could have caused a crash if a textname or textdescription field of a role was not a string, when loading the dynsec config from file only. * Dynsec plugin will not allow duplicate clients/groups/roles when loading config from file, which matches the behaviour for when creating them. * Fix heap overflow when reading corrupt config with 'log_dest file'. * Use CLOCK_BOOTTIME when available, to keep track of time. This solves the problem of the client OS sleeping and the client hence not being able to calculate the actual time for keepalive purposes. * Fix default settings incorrectly allowing TLS v1.1. Closes * Fix high CPU use on slow TLS connect. * Fix incorrect topic-alias property value in mosquitto_sub json output. * Fix confusing message on TLS certificate verification. * mosquitto_passwd uses mkstemp() for backup files. * `mosquitto_ctrl dynsec init` will refuse to overwrite an existing file, without a race-condition. Update to 2.0.15: * Deleting the group configured as the anonymous group in the Dynamic Security plugin, would leave a dangling pointer that could lead to a single crash. This is considered a minor issue - only administrative users should have access to dynsec, the impact on availability is one-off, and there is no associated loss of data. It is now forbidden to delete the group configured as the anonymous group. * Fix memory leak when a plugin modifies the topic of a message in MOSQ_EVT_MESSAGE. * Fix bridge `restart_timeout` not being honoured. * Fix potential memory leaks if a plugin modifies the message in the MOSQ_EVT_MESSAGE event. * Fix unused flags in CONNECT command being forced to be 0, which is not required for MQTT v3.1. Closes #2522. * Improve documentation of `persistent_client_expiration` option. Closes #2404. * Add clients to session expiry check list when restarting and reloading from persistence. Closes #2546. * Fix bridges not sending failure notification messages to the local broker if the remote bridge connection fails. Closes #2467. Closes #1488. * Fix some PUBLISH messages not being counted in $SYS stats. Closes #2448. * Fix incorrect return code being sent in DISCONNECT when a client session is taken over. Closes #2607. * Fix confusing 'out of memory' error when a client is kicked in the dynamic security plugin. Closes #2525. * Fix confusing error message when dynamic security config file was a directory. Closes #2520. * Fix bridge queued messages not being persisted when local_cleansession is set to false and cleansession is set to true. Closes #2604. * Dynamic security: Fix modifyClient and modifyGroup commands to not modify the client/group if a new group/client being added is not valid. * Dynamic security: Fix the plugin being able to be loaded twice. Currently only a single plugin can interact with a unique $CONTROL topic. Using multiple instances of the plugin would produce duplicate entries in the config file. Closes #2601. Closes #2470. * Fix case where expired messages were causing queued messages not to be delivered. Closes #2609. * Fix websockets not passing on the X-Forwarded-For header. * Fix use of `MOSQ_OPT_TLS_ENGINE` being unable to be used due to the openssl ctx not being initialised until starting to connect. Closes #2537. * Fix incorrect use of SSL_connect. Closes #2594. * Don't set SIGPIPE to ignore, use MSG_NOSIGNAL instead. Closes #2564. * Add documentation of struct mosquitto_message to header. Closes #2561. * Fix documentation omission around mosquitto_reinitialise. Closes #2489. * Fix use of MOSQ_OPT_SSL_CTX when used in conjunction with MOSQ_OPT_SSL_CTX_DEFAULTS. Closes #2463. * Fix failure to close thread in some situations. Closes #2545. * Fix mosquitto_pub incorrectly reusing topic aliases when reconnecting. * Fix `-o` not working in `mosquitto_ctrl`, and typo in related documentation. Update to version 2.0.14: Broker: * Fix bridge not respecting receive-maximum when reconnecting with MQTT v5. Client library: * Fix mosquitto_topic_matches_sub2() not using the length parameters. * Fix incorrect subscribe_callback in mosquittopp.h. Update to version 2.0.13: Broker: * Fix `max_keepalive` option not being able to be set to 0. * Fix LWT messages not being delivered if `per_listener_settings` was set to true. * Various fixes around inflight quota management. * Fix problem parsing config files with Windows line endings. * Don't send retained messages when a shared subscription is made * Fix client id not showing in log on failed connections, where possible. * Fix broker sending duplicate CONNACK on failed MQTT v5 reauthentication. * Fix mosquitto_plugin.h not including mosquitto_broker.h. Client library: * Initialise sockpairR/W to invalid in `mosquitto_reinitialise()` to avoid closing invalid sockets in `mosquitto_destroy()` on error. Clients: - Fix date format in mosquitto_sub output. - Update to version 2.0.12 * Includes security fixes for CVE-2021-34434 (boo#1190048) and CVE-2020-13849 (boo#1190101) Security : * An MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service. This has been fixed. * Fix `max_keepalive` not applying to MQTT v3.1.1 and v3.1 connections. These clients are now rejected if their keepalive value exceeds max_keepalive. This option allows CVE-2020-13849, which is for the MQTT v3.1.1 protocol itself rather than an implementation, to be addressed. * Using certain listener related configuration options e.g. `cafile`, that apply to the default listener without defining any listener would cause a remotely accessible listener to be opened that was not confined to the local machine but did have anonymous access enabled, contrary to the documentation. This has been fixed. Closes #2283. * CVE-2021-34434: If a plugin had granted ACL subscription access to a durable/non-clean-session client, then removed that access,the client would keep its existing subscription. This has been fixed. * Incoming QoS 2 messages that had not completed the QoS flow were not being checked for ACL access when a clean session=False client was reconnecting. This has been fixed. Broker: * Fix possible out of bounds memory reads when reading a corrupt/crafted configuration file. Unless your configuration file is writable by untrusted users this is not a risk. * Fix `max_connections` option not being correctly counted. * Fix TLS certificates and TLS-PSK not being able to be configured at the same time. * Disable TLS v1.3 when using TLS-PSK, because it isn't correctly configured. * Fix `max_keepalive` not applying to MQTT v3.1.1 and v3.1 connections. These clients are now rejected if their keepalive value exceeds max_keepalive. * Fix broker not quiting if e.g. the `password_file` is specified as a directory. Closes #2241. * Fix listener mount_point not being removed on outgoing messages. * Strict protocol compliance fixes, plus test suite. * Fix $share subscriptions not being recovered for durable clients that reconnect. * Update plugin configuration documentation. Closes #2286. Client library: * If a client uses TLS-PSK then force the default cipher list to use 'PSK' ciphers only. This means that a client connecting to a broker configured with x509 certificates only will now fail. Prior to this, the client would connect successfully without# verifying certificates, because they were not configured. * Disable TLS v1.3 when using TLS-PSK, because it isn't correctly configured. * Threaded mode is deconfigured when the mosquitto_loop_start() thread ends, which allows mosquitto_loop_start() to be called again. * Fix MOSQ_OPT_SSL_CTX not being able to be set to NULL. * Fix reconnecting failing when MOSQ_OPT_TLS_USE_OS_CERTS was in use, but none of capath, cafile, psk, nor MOSQ_OPT_SSL_CTX were set, and MOSQ_OPT_SSL_CTX_WITH_DEFAULTS was set to the default value of true. Apps: * Fix `mosquitto_ctrl dynsec setDefaultACLAccess` command not working. Clients: * Document TLS certificate behaviour when using `-p 8883`. Build: * Fix installation using WITH_TLS=no. Closes #2281. * Fix builds with libressl 3.4.0. Closes #2198. * Remove some unnecessary code guards related to libressl. * Fix printf format build warning on MIPS. Closes #2271. Update to version 2.0.11: Security: * If a MQTT v5 client connects with a crafted CONNECT packet a memory leak will occur. This has been fixed. Broker: * Fix possible crash having just upgraded from 1.6 if `per_listener_settings true` is set, and a SIGHUP is sent to the broker before a client has reconnected to the broker. * Fix bridge not reconnectng if the first reconnection attempt fails. * Improve QoS 0 outgoing packet queueing. * Fix QoS 0 messages not being queued when `queue_qos0_messages` was enabled. Clients: * If sending mosquitto_sub output to a pipe, mosquitto_sub will now detect that the pipe has closed and disconnect. * Fix `mosquitto_pub -l` quitting if a message publication is attempted when the broker is temporarily unavailable. Important SUSE bug 1181400 SUSE bug 1190048 SUSE bug 1190101 SUSE bug 1214918 SUSE bug 1215864 SUSE bug 1215865 SUSE bug 1232635 SUSE bug 1232636 CVE-2020-13849 at SUSE CVE-2020-13849 at NVD CVE-2021-34434 at SUSE CVE-2021-34434 at NVD CVE-2023-0809 at SUSE CVE-2023-0809 at NVD CVE-2023-28366 at SUSE CVE-2023-28366 at NVD CVE-2023-3592 at SUSE CVE-2023-3592 at NVD CVE-2024-10525 at SUSE CVE-2024-10525 at NVD CVE-2024-3935 at SUSE CVE-2024-3935 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: Update to version 130.0.6723.91 (boo#1232566): - CVE-2024-10487: Out of bounds write in Dawn - CVE-2024-10488: Use after free in WebRTC Important SUSE bug 1232566 CVE-2024-10487 at SUSE CVE-2024-10487 at NVD CVE-2024-10488 at SUSE CVE-2024-10488 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-jupyterlab (Moderate) openSUSE Leap 15.6 This update for python-jupyterlab fixes the following issues: - Build the full pacakge with the javascript dependencies as a new source in vendor.tar.gz. - CVE-2024-43805: Fixed data access via malicious Markdown due to HTML injection leading to DOM clobbering (boo#1229914) Moderate SUSE bug 1229914 CVE-2024-43805 at SUSE CVE-2024-43805 at NVD cpe:/o:opensuse:leap:15.6 Security update for kmail-account-wizard (Moderate) openSUSE Leap 15.6 This update for kmail-account-wizard fixes the following issues: - CVE-2024-50624: Fixed that plaintext HTTP was used for URLs when retrieving configuration files (boo#1232454, kde#487882) Moderate SUSE bug 1232454 CVE-2024-50624 at SUSE CVE-2024-50624 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-mysql-connector-python (Important) openSUSE Leap 15.6 This update for python-mysql-connector-python fixes the following issues: - Update to 9.1.0 (boo#1231740, CVE-2024-21272) - WL#16452: Bundle all installable authentication plugins when building the C-extension - WL#16444: Drop build support for DEB packages - WL#16442: Upgrade gssapi version to 1.8.3 - WL#16411: Improve wheel metadata information for Classic and XDevAPI connectors - WL#16341: OpenID Connect (Oauth2 - JWT) Authentication Support - WL#16307: Remove Python 3.8 support - WL#16306: Add support for Python 3.13 - BUG#37055435: Connection fails during the TLS negotiation when specifying TLSv1.3 ciphers - BUG#37013057: mysql-connector-python Parameterized query SQL injection - BUG#36765200: python mysql connector 8.3.0 raise %-.100s:%u when input a wrong host - BUG#36577957: Update charset/collation description indicate this is 16 bits - 9.0.0: - WL#16350: Update dnspython version - WL#16318: Deprecate Cursors Prepared Raw and Named Tuple - WL#16284: Update the Python Protobuf version - WL#16283: Remove OpenTelemetry Bundled Installation - BUG#36664998: Packets out of order error is raised while changing user in aio - BUG#36611371: Update dnspython required versions to allow latest 2.6.1 - BUG#36570707: Collation set on connect using C-Extension is ignored - BUG#36476195: Incorrect escaping in pure Python mode if sql_mode includes NO_BACKSLASH_ESCAPES - BUG#36289767: MySQLCursorBufferedRaw does not skip conversion - 8.4.0 - WL#16203: GPL License Exception Update - WL#16173: Update allowed cipher and cipher-suite lists - WL#16164: Implement support for new vector data type - WL#16127: Remove the FIDO authentication mechanism - WL#16053: Support GSSAPI/Kerberos authentication on Windows using authentication_ldap_sasl_client plug-in for C-extension - BUG#36227964: Improve OpenTelemetry span coverage - BUG#36167880: Massive memory leak mysqlx native Protobuf adding to collection - 8.3.0 - WL#16015: Remove use of removed COM_ commands - WL#15985: Support GSSAPI/Kerberos authentication on Windows using authentication_ldap_sasl_client plug-in for Pure Python - WL#15983: Stop using mysql_ssl_set api - WL#15982: Remove use of mysql_shutdown - WL#15950: Support query parameters for prepared statements - WL#15942: Improve type hints and standardize byte type handling - WL#15836: Split mysql and mysqlx into different packages - WL#15523: Support Python DB API asynchronous execution - BUG#35912790: Binary strings are converted when using prepared statements - BUG#35832148: Fix Django timezone.utc deprecation warning - BUG#35710145: Bad MySQLCursor.statement and result when query text contains code comments - BUG#21390859: STATEMENTS GET OUT OF SYNCH WITH RESULT SETS Important SUSE bug 1231740 CVE-2024-21272 at SUSE CVE-2024-21272 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: Chromium 130.0.6723.116 (boo#1232843) - CVE-2024-10826: Use after free in Family Experiences - CVE-2024-10827: Use after free in Serial Important SUSE bug 1232843 CVE-2024-10826 at SUSE CVE-2024-10826 at NVD CVE-2024-10827 at SUSE CVE-2024-10827 at NVD cpe:/o:opensuse:leap:15.6 Security update for qbittorrent (Moderate) openSUSE Leap 15.6 This update for qbittorrent fixes the following issues: - Update to version 5.0.1 (fixes boo#1232731 CVE-2024-51774) Added features: * Add 'Simple pread/pwrite' disk IO type Bug fixes: * Don't ignore SSL errors (boo#1232731 CVE-2024-51774) * Don't try to apply Mark-of-the-Web to nonexistent files * Disable 'Move to trash' option by default * Disable the ability to create torrents with a piece size of 256MiB * Allow to choose Qt style * Always notify user about duplicate torrent * Correctly handle 'torrent finished after move' event * Correctly apply filename filter when `!qB` extension is enabled * Improve color scheme change detection * Fix button state for SSL certificate check Web UI: * Fix CSS that results in hidden torrent list in some browsers * Use proper text color to highlight items in all filter lists * Fix 'rename files' dialog cannot be opened more than once * Fix UI of Advanced Settings to show all settings * Free resources allocated by web session once it is destructed Search: * Import correct libraries Other changes: * Sync flag icons with upstream Moderate SUSE bug 1232731 CVE-2024-51774 at SUSE CVE-2024-51774 at NVD cpe:/o:opensuse:leap:15.6 Security update for virtualbox (Important) openSUSE Leap 15.6 This update for virtualbox fixes the following issues: Update to release 7.1.4: * NAT: Fixed DHCP problems with certain guests when domain is empty * VMSVGA: Improved flickering, black screen and other screen update issues with recent Linux kernels * Linux Guest Additions: Introduce initial support for kernel 6.12 * EFI: Added missing LsiLogic MPT SCSI driver again to fix booting from devices attached to this device if the EFI firmware is used (7.1.0 regression) * EFI: Restored broken network boot support (7.1.0 regression) * Adressed CVE-2024-21248 [boo#1231735], CVE-2024-21273 [boo#1231736], CVE-2024-21259 [boo#1231737], CVE-2024-21263 [boo#1231738] - Make the Extension Pack work with our compiler flags and RT_NOEXCEPT choices. [boo#1231225] Update to release 7.1: * The GUI now offers a selection between Basic and Experienced user level with reduced or full UI functionality. * VRDE: If user does not set up TLS with custom certificates, enable it with self-signed certificate, including issuing a new one before the old one expires * NAT: New engine with IPv6 support. * Linux host and guest: Added Wayland support for Clipboard sharing. - Changed license from Gpl-2.0 to Gpl-3.0 Version bump to VirtualBox 7.0.20 (released July 16 2024 by Oracle)) This is a maintenance release. The following items were fixed and/or added: - TPM: Fixed errors appearing the event viewer with Windows guests - macOS Hosts: Fixed passing USB devices to the VM (bug #21218) - Audio: Fixed recording with HDA emulation after newer Windows 10 / 11 guests got rebooted - USB: Fixed a deadlock in OHCI triggered when saving the current state of a VM or taking a snapshot (bug #22059) - Linux Guest and Host: Introduced initial support for OpenSuse 15.6 kernel - Linux Guest and Host: Introduced initial support for RHEL 9.5 kernel (bug #22099) - Guest Additions: Shared Clipboard: Fixed issue when extra new lines were pasted when copying text between Win and X11 (bug #21716) - UEFI Secure Boot: Add new Microsoft certificates to list for new VMs Important SUSE bug 1231225 SUSE bug 1231735 SUSE bug 1231736 SUSE bug 1231737 SUSE bug 1231738 CVE-2024-21248 at SUSE CVE-2024-21248 at NVD CVE-2024-21259 at SUSE CVE-2024-21259 at NVD CVE-2024-21263 at SUSE CVE-2024-21263 at NVD CVE-2024-21273 at SUSE CVE-2024-21273 at NVD cpe:/o:opensuse:leap:15.6 Optional update for python3-djangorestframework, python3-djangorestframework-simplejwt, python3-pytest-django (Moderate) openSUSE Leap 15.6 This update for python3-djangorestframework, python3-djangorestframework-simplejwt, python3-pytest-django fixes the following issues: This update ships: - python3-pytest-django: in version 3.9.0 - python3-djangorestframework: in version 3.11.2. - python3-djangorestframework-simplejwt: in version 4.6.0 Moderate SUSE bug 1177205 CVE-2020-25626 at SUSE CVE-2020-25626 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-PyPDF2 (Moderate) openSUSE Leap 15.6 This update for python-PyPDF2 fixes the following issues: - CVE-2022-24859: Fixed infinite loop vulnerability (boo#1198588) Moderate SUSE bug 1198588 CVE-2022-24859 at SUSE CVE-2022-24859 at NVD cpe:/o:opensuse:leap:15.6 Security update for cobbler (Critical) openSUSE Leap 15.6 This update for cobbler fixes the following issues: Update to 3.3.7 * Security: Fix issue that allowed anyone to connect to the API as admin (CVE-2024-47533, boo#1231332) * bind - Fix bug that prevents cname entries from being generated successfully * Fix build on RHEL9 based distributions (fence-agents-all split) * Fix for Windows systems * Docs: Add missing dependencies for source installation * Fix issue that prevented systems from being synced when the profile was edited Critical SUSE bug 1231332 CVE-2024-47533 at SUSE CVE-2024-47533 at NVD cpe:/o:opensuse:leap:15.6 Security update for icinga2 (Important) openSUSE Leap 15.6 This update for icinga2 fixes the following issues: Update to 2.13.10: - CVE-2024-49369: Fix TLS certificate validation bypass (bsc#1233310). Important SUSE bug 1233310 CVE-2024-49369 at SUSE CVE-2024-49369 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: Chromium 131.0.6778.69 (stable released 2024-11-12) (boo#1233311) * CVE-2024-11110: Inappropriate implementation in Blink. * CVE-2024-11111: Inappropriate implementation in Autofill. * CVE-2024-11112: Use after free in Media. * CVE-2024-11113: Use after free in Accessibility. * CVE-2024-11114: Inappropriate implementation in Views. * CVE-2024-11115: Insufficient policy enforcement in Navigation. * CVE-2024-11116: Inappropriate implementation in Paint. * CVE-2024-11117: Inappropriate implementation in FileSystem. Important SUSE bug 1233311 CVE-2024-11110 at SUSE CVE-2024-11110 at NVD CVE-2024-11111 at SUSE CVE-2024-11111 at NVD CVE-2024-11112 at SUSE CVE-2024-11112 at NVD CVE-2024-11113 at SUSE CVE-2024-11113 at NVD CVE-2024-11114 at SUSE CVE-2024-11114 at NVD CVE-2024-11115 at SUSE CVE-2024-11115 at NVD CVE-2024-11116 at SUSE CVE-2024-11116 at NVD CVE-2024-11117 at SUSE CVE-2024-11117 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: - Chromium 131.0.6778.85 (stable released 2024-11-19) (boo#1233534) * CVE-2024-11395: Type Confusion in V8 Important SUSE bug 1233534 CVE-2024-11395 at SUSE CVE-2024-11395 at NVD cpe:/o:opensuse:leap:15.6 Security update for iptraf-ng (Moderate) openSUSE Leap 15.6 This update for iptraf-ng fixes the following issues: - Update to release 1.2.2 * serv.c: validate loading/saving/entry of port ranges * limit interface name lengths to IFNAMSIZ [CVE-2024-52949] Moderate CVE-2024-52949 at SUSE CVE-2024-52949 at NVD cpe:/o:opensuse:leap:15.6 Security update for zabbix (Moderate) openSUSE Leap 15.6 This update for zabbix fixes the following issues: Zabbix was updated to 6.0.33: - this version fixes CVE-2024-36461 and CVE-2024-22114 - New Features and Improvements + ZBXNEXT-9000 Changed query table for ASM disk group metrics in Oracle Database plugin and Oracle by ODBC template Agent Templates + ZBXNEXT-9217 Added AWS Lambda by HTTP template Templates + ZBXNEXT-9293 Updated max supported MySQL version to 9.0 Proxy Server + ZBXNEXT-8657 Updated Zabbix health templates with new visualization Templates + ZBXNEXT-9143 Added index on auditlog recordsetid Server + ZBXNEXT-9081 Added Small Computer System Interface (SCSI) device type support to Zabbix agent 2 Smart plugin Agent + ZBXNEXT-6445 Added recovery expression for fuzzytime triggers in Linux and Windows templates, removed fuzzytime triggers from active agent templates Templates + ZBXNEXT-9201 Updated max supported MySQL version to 8.4 Proxy Server + ZBXNEXT-9225 Updated max supported TimescaleDB version to 2.15 Server + ZBXNEXT-9226 Updated max supported MariaDB version to 11.4 Proxy Server + ZBXNEXT-8868 Added discovery and template for Azure VM Scale Sets Templates - Bug Fixes + BX-24947 Fixed PHP runtime errors while processing frontend notifications Frontend + ZBX-24824 Improved loadable plugin connection broker Agent + ZBX-24583 Fixed inability to export/import web scenario with digest authentication API + ZBX-23905 Fixed double scroll in script dialogs Frontend + ZBX-18767 Fixed word breaks in flexible text input fields and trigger expressions Frontend + ZBX-24909 Fixed resolving of macro functions in the 'Item value' widget Frontend + ZBX-24859 Fixed JavaScript in S3 buckets discovery rule Templates + ZBX-24617 Fixed hardcoded region in AWS by HTTP template Templates + ZBX-24524 Fixed 'New values per second' statistic to include dependent items in calculation Proxy Server + ZBX-24821 Made 'execute_on' value being recorded in audit only for shell scripts Server + ZBX-23312 Fixed discovery edit form being saved incorrectly after dcheck update Frontend + ZBX-24773 Fixed duplicate item preprocessing in Kubernetes Kubelet by HTTP template Templates + ZBX-24514 Fixed standalone Zabbix server and Zabbix proxy not stopping when database is read-only Proxy Server + ZBX-23936 Fixed state and styling of readonly fields Frontend + ZBX-24520 Fixed an issue with incorrect translations used in several frontend places Frontend + ZBX-21815 Fixed issue with undefined offset for media type when it was deleted before saving the user Frontend + ZBX-24108 Fixed error in dashboard if Map widget contains map element that user doesn't have access to Frontend + ZBX-24569 Fixed old and added new items to Azure Virtual Machine template Templates + ZBX-24537 Fixed tags subfilter in Latest data kiosk mode Frontend + ZBX-24167 Fixed template linkage when item prototype collision is found Server + ZBX-23770 Improved monitoring user permissions documentation for Zabbix agent 2 Oracle plugin and Oracle by ODBC template Documentation + ZBX-24565 Removed redundant kernel header include, fixed musl compatibility issues (thanks to Alpine Linux maintainers for spotting this) + ZBX-24610 Fixed interface field appearance for discovered items without interface set Frontend + ZBX-24562 Fixed incorrect problem order in Problems by severity widget's hintbox Frontend + ZBX-23751 Fixed inability to pass an action filter condition without an 'operator' property, implying a default value of 'Equal' API + ZBX-21429 Prevented ability to disable all UI element access via role.update API API + ZBX-19271 Fixed inconsistent tag row rendering in different edit forms Frontend + ZBX-24539 Fixed incorrect threshold in trigger expression of Check Point Next Generation Firewall by SNMP template Templates + ZBX-24667 Fixed vm.memory.size[pused] item on Solaris Agent + ZBX-23781 Added storage volumes check in HPE iLO by HTTP template Templates + ZBX-24391 Fixed Zabbix agent to return net.tcp.socket.count result without error if IPv6 is disabled Agent + ZBX-24235 Fixed value misalignment in Item value widget Frontend + ZBX-24352 Fixed custom severity name usage in Geomap widget Frontend + ZBX-24665 Fixed potential problem with deprecated GCE Integrity feature Templates + ZBX-20993 Fixed Zabbix agent 2 MQTT plugin clientID to be generated by strict requirements Agent + ZBX-23426 Added dependent item with JavaScript preprocessing for edges SD-WAN in VMWare SD-WAN VeloCloud by HTTP template Templates + ZBX-24566 Fixed crash when expression macro is used in unsupported location Server + ZBX-24450 Fixed issue where graph could differ for data gathered from PostgreSQL and other databases Frontend + ZBX-24513 Fixed real-time export of rarely updated trends Server + ZBX-24163 Fixed submap addition in Map navigation tree widget to not append same submaps repeatedly Frontend + ZBX-23398 Fixed trigger expression constructor incorrectly showing '<' and '>' operators Frontend + ZBX-23584 Fixed error message being displayed when updating host after changing item status Frontend + ZBX-24635 Fixed datastore triggers in VMware templates Templates Update to 6.0.31: - New Features and Improvements + ZBXNEXT-9140 Added support for custom compartments in Oracle Cloud by HTTP templates Templates + ZBXNEXT-9034 Added Jira Data Center by JMX template Templates + ZBXNEXT-8682 Introduced a length limit of 512KB for item test values that server returns to Zabbix frontend Frontend Server + ZBXNEXT-8248 Added database filter macros to MySQL templates Templates + ZBXNEXT-6698 Removed absolute threshold and timeleft from OS template triggers of filesystem space Templates + ZBXNEXT-7930 Added user macro support for username and password fields in email media type Server + ZBXCTR-22 Refactored JavaScript filter functions for Kubernetes templates Templates + ZBXNEXT-9098 Added AWS ELB Network Load Balancer by HTTP template Templates + ZBXNEXT-6864 Replaced {HOST.CONN} with user macros in templates Templates + ZBXNEXT-9117 Updated max supported MariaDB version to 11.3 Proxy Server + ZBXNEXT-9026 Added Go compiler version to Zabbix agent 2 version output Agent + ZBXNEXT-8786 Changed 'odbc.discovery' keys to 'odbc.get' in MySQL by ODBC and Oracle by ODBC templates Templates + ZBXNEXT-8536 Added cbdhsvc service to macros in Windows agent templates Templates + ZBXNEXT-8861 Made changes and added more metrics to the FortiGate by SNMP template Templates + ZBXNEXT-8240 Added a new set of templates for integration with Oracle Cloud Infrastructure Templates - Bug Fixes + ZBX-24483 Improved memory usage in Zabbix server/proxy trappers and in proxy pollers when sending large configuration Proxy Server + ZBX-23073 Fixed URL widget resizing and dragging Frontend + ZBX-24574 Fixed HA node flipping between standby and active states Server + ZBX-24119 Fixed possible blocking of alert manager when it periodically pings database Server + ZBX-7998 Added VMware service username, password and URL check for empty values Proxy Server + ZBX-24402 Reduced main process connections to database during startup Proxy Server + ZBX-24369 Fixed filter behavior in monitoring pages after deleting filter parameters Frontend + ZBX-24484 Fixed Geomap widget console error when dragging map in widget edit mode Frontend + ZBX-23337 Improved supported version documentation for Oracle Database plugin and both templates Documentation + ZBX-24180 Fixed inability to import existing host or template when its dependent item prototype, which is used in trigger prototypes or graph prototypes, would have a different master item API + ZBX-20871 Fixed inability to use LLD macro functions in Prometheus pattern and labels used in item prototype preprocessing API + ZBX-24527 Fixed unnecessary loading text being displayed in hintbox preloader Frontend + ZBX-24362 Fixed wrong Zabbix agent 2 loadable plugin process handling catching all child process exits Agent + ZBX-24470 Fixed scale of VMware vmware.vm.memory.size.compressed key Proxy Server + ZBX-24415 Added triggers for datastores in VMware templates Templates + ZBX-18094 Fixed multiple pie graph issues related to calculation of item angles Frontend + ZBX-20766 Fixed confusing port binding error message Agent Proxy Server + ZBX-24481 Fixed inability to unset value map from existing item or item prototype by passing a version without valuemap parameter into configuration.import API + ZBX-24531 Fixed compile time data not being set for agent2 Agent + ZBX-24453 Implemented socket file cleanup when shutting down, added blocking of signals during important stages of startup Proxy Server + ZBX-24152 Fixed host form submission with Enter button if the form is opened in a popup and focus is in a flexible text area field Frontend + ZBX-23788 Added SNMP OID ifAlias in Network interfaces discovery Templates + ZBX-24482 Fixed the presence of the http_proxy field in the initial data Installation + ZBX-24210 Improved Zabbix agent 2 loadable plugin capacity code style Agent + ZBX-23951 Fixed issue of incorrect template matching when no UUID exists in export file API + ZBX-23953 Fixed CIDR network mask of VMware HV network interface Proxy Server + ZBX-24195 Fixed host IPMI username and password field max length Frontend + ZBX-24451 Added tags and changed a item in Proxmox template Templates + ZBX-23386 Fixed hintbox sizing to fit screen Frontend + ZBX-24024 Fixed OIDs for external sensors in APC UPC by SNMP templates Templates + ZBX-21751 Fixed node's loadavg item in Proxmox template Templates + ZBX-24315 Fixed linking template to host when some LLD macro paths already exist Server + ZBX-24172 Fixed Zabbix server issue with scheduled intervals on Feb 29th of leap year Server + ZBX-23407 Improved performance of retrieving last history values when primary keys are available API + ZBX-24246 Updated descriptions for family of MySQL and Oracle templates, changed macro in the trigger 'Tablespace utilization is too high' for family of Oracle templates Templates + ZBX-23988 Renamed Agent2 Go module + ZBX-24222 Fixed incorrect item OIDs in the FortiGate by SNMP template Templates + ZBX-24393 Updated README in Redis by Zabbix agent 2 template Templates + ZBX-24298 Allowed any JNDI service providers back in JMX monitoring Java gateway + ZBX-19990 Separated LLD filter macros in Apache Tomcat by JMX template Templates + ZBX-24364 Added preprocessing steps for LLD rules in RabbitMQ templates Templates + ZBX-24368 Improved PostgreSQL autovacuum's count query Templates + ZBX-24282 Fixed Zabbix proxy to report error for not supported items Proxy Server + ZBX-19507 Fixed vmware.eventlog item to recover after event keys are reset Server + ZBX-24241 Fixed Zabbix server issue with random order of host groups for a host during real-time export Server + ZBX-24275 Fixed item prototype JSONPath preprocessing, added missing volume health metric and triggers in HPE MSA templates Templates + ZBX-24316 Fixed username macro in GridGain by JMX template Templates + ZBX-23719 Updated plugin-support to add duplicate flag handling Agent + ZBX-22429 Fixed typo in Zabbix proxy automake file Installation + ZBX-24264 Fixed value cache being filled with values of newly added items with triggers Server + ZBX-24088 Fixed problem filtering in maps with nested maps Frontend + ZBX-24206 Fixed line breaks in JavaScript in Cloudflare template Templates + ZBX-24236 Fixed nested transaction error in LLD when connection is terminated Server + ZBX-24134 Added sensor discovery in VMware Hypervisor template Templates + ZBX-23918 Fixed item pattern select popup to display all available items Frontend + ZBX-24190 Fixed items being updated incorrectly when configuring graph Frontend + ZBX-24289 Fixed issue with interface assignment for items copied from host to host Frontend + ZBX-23032 Added triggers for cluster status in VMware templates Templates + ZBX-23948 Added support for TabularData data when parsing an MBean attribute Java gateway + ZBX-23742 Fixed tag filtering logic for tags with one name and different types of operators API + ZBX-24271 Added delay in JavaScript execution for Azure Cost Management by HTTP template Templates + ZBX-24208 Fixed Oracle, MySQL plugin connection cache blocking Agent + ZBX-24202 Fixed JavaScript in AWS S3 bucket by HTTP template Templates + ZBX-23478 Fixed issue when missing locale error would not be displayed for user under certain conditions Frontend + ZBX-24166 Fixed Zabbix not being able to restart due to RTC and sockets not being closed before stopping Agent Proxy Server + ZBX-23853 Fixed duplicate agent check timestamps when time shifts back due to system clock synchronization Agent Moderate SUSE bug 1229198 SUSE bug 1229204 CVE-2024-22114 at SUSE CVE-2024-22114 at NVD CVE-2024-36461 at SUSE CVE-2024-36461 at NVD cpe:/o:opensuse:leap:15.6 Security update for opera (Important) openSUSE Leap 15.6 NonFree This update for opera fixes the following issues: opera was updated to 115.0.5322.68: * CHR-9877 Update Chromium on desktop-stable-130-5322 to 130.0.6723.59 * DNA-118660 [Win][Lin] Crash at opera::TabTracker::UpdateOnDeactivate * DNA-118840 Crash at extensions::OperaTouchPrivateDeleteAllDevicesFunction::Run * DNA-119224 Onboarding Web Content window does not have focus * DNA-119586 Search Copy browser popup windows issues * DNA-119685 [Easy Files] Popup is greyed out and unresponsive with sidebar autohide * DNA-119687 French text is not fitting * DNA-119700 Translations for Opera 115 * DNA-119713 Crash at opera::content_filter:: URLLoaderThrottleFactory::Throttle::WillStartRequest * DNA-119736 [Linux] Address bar not clickable when dropdown is shown * DNA-119770 Back “Force dark theme on pages” to 'Easy setup' * DNA-119902 Promote 115 to stable - Complete Opera 115 changelog at: https://blogs.opera.com/desktop/changelog-for-115 - The update to chromium 130.0.6723.59 fixes following issues: CVE-2024-9954, CVE-2024-9955, CVE-2024-9956, CVE-2024-9957, CVE-2024-9958, CVE-2024-9959, CVE-2024-9960, CVE-2024-9961, CVE-2024-9962, CVE-2024-9963, CVE-2024-9964, CVE-2024-9965, CVE-2024-9966 - Update to 114.0.5282.222 * DNA-118660 [Win][Lin] Crash at opera::TabTracker::UpdateOnDeactivate * DNA-119224 Onboarding Web Content window does not have focus * DNA-119478 Uncaught exception on opera:settings * DNA-119673 [Miniplayer] Cursor does not change from grab when hovering over detach button * DNA-119685 [Easy Files] Popup is greyed out and unresponsive with sidebar autohide * DNA-119687 French text is not fitting - Update to 114.0.5282.185 * DNA-119423 The icon should react on updates in the runtime * DNA-119524 Disallow installing GX mods * DNA-119565 Spotify in sidebar should be green in both dark and light theme - Update to 114.0.5282.154 * DNA-118382 Crash at (anonymous namespace)::ProfileErrorCallback * DNA-119509 After a restart, the wallpaper for an inactive Classic theme is restored to the default one (Opera One) * DNA-119528 Crash at opera::VibesServiceImpl::InitService - Changes in 114.0.5282.144 * DNA-118341 [Sidebar] Context menu appears * DNA-118450 Crash at opera::component_based:: SplitScreenViewDelegate::UpdateViewWebContentses * DNA-118738 [Easy setup] When system mode is selected for classic theme, it will show light theme wallpaper even if system theme is dark * DNA-118987 [Address Bar] Page information icon from previous tab displayed after tabs drag & drop * DNA-119025 Crash after going back to tab with detached google meet * DNA-119128 Custom wallpaper settled for the first time doesn’t show in Themes preview * DNA-119337 [Easy setup] Restore Wallpapers section for Classic theme * DNA-119369 Crash at PrefValueMap::GetValue * DNA-119399 Re-enable deleting theme configurations * DNA-119400 Disable ‘delete’ option when there is only one classic theme configuration * DNA-119403 Deleting a wallpaper should remove that wallpaper from inactive configurations * DNA-119440 Easy-setup wallpaper cannot load * DNA-119448 Update translations * DNA-119482 When launching the browser for the first time, the existing Classic theme is overwritten instead of creating a new one when the user uses a custom wallpaper - Update to 114.0.5282.115 * DNA-117247 Menu button not vertically centered * DNA-117907 [DevTools] Dark theme selection not persisting * DNA-117946 Select value for bookmark and history in sidebar setup can’t be changed by mouse click * DNA-118105 [Color-theme] [Split screen] Bookmarks bars are displayed when split screen is turned on * DNA-118115 Crash at content::(anonymous namespace):: GetContextLost * DNA-118586 Translations for O114 * DNA-118661 Crash at opera::component_based:: ComponentTabGroup::~ComponentTabGroup * DNA-118747 Detach miniplayer using button in sidebar panel * DNA-118795 [Easy setup] The user theme name is displayed incorrectly * DNA-118951 Inactive checkboxes are invisible in the Sidebar Setup * DNA-118956 Miniplayer is closed after pressing Esc key * DNA-119048 Issue came back – Missing ‘System mode’ in easy setup edit mode menu * DNA-119087 The mouse cursor should change to a clenched fist 'grabbed' cursor, indicating that it is in the process of moving the mini player * DNA-119122 [Split Screen] Crash at opera:: component_based::ComponentTabBar::DidChangeTabs * DNA-119123 [Split Screen] Crash at opera::component_based:: ComponentTabBar::GetActiveTab * DNA-119182 Buttons in the theme tile preview become invisible when a user wallpaper is set * DNA-119191 Address bar dropdown list has wrong color * DNA-119192 [Background music] Music is only playing when clicking in web view * DNA-119234 Integrate translations for theme descriptions * DNA-119250 Crash when closing opera window with pinned tab(s) * DNA-119252 User wallpaper is not visible * DNA-119272 Crash at logging::NotReachedNoreturnError:: ~NotReachedNoreturnError * DNA-119293 Crash at Browser::CloseContents * DNA-119306 [Background music] Change music to the one chosen in DNA-119297 - Update to 114.0.5282.102 * DNA-118231 Crash at opera::VibesServiceImpl::OnVibeUninstalled * DNA-119119 Netinstaller shows eula-dialog during installation in silent mode - Changes in 114.0.5282.101 * CHR-9871 Update Chromium on desktop-stable-128-5282 to 128.0.6613.186 * DNA-118575 Crash at opera::SelfieViewController::~SelfieViewController * DNA-118592 Crash at views::View::~View() * DNA-118594 [browser tests] Crash at ui:: LayerAnimationSequence::Start(ui::LayerAnimationDelegate*) * DNA-119169 Crash at views::View::~View - Update to 114.0.5282.86 * CHR-9856 Update Chromium on desktop-stable-128-5282 to 128.0.6613.170 * DNA-116321 React emoji picker is not closing when clicking outside of sidebar setup * DNA-117552 [Mac] Spacing in context menus is too large * DNA-118482 Crash at opera::SidebarPlayerServiceItemView:: PostCloseControlPanelIfNotHovered() * DNA-118583 Crash at opera::ComponentTabStripController:: CloseTooltipOnMouseEvent * DNA-118863 Version field doesn’t filled in for Stable * DNA-118995 Crash at opera::PageContainerView:: UpdateDevToolsForContents Important CVE-2024-9954 at SUSE CVE-2024-9954 at NVD CVE-2024-9955 at SUSE CVE-2024-9955 at NVD CVE-2024-9956 at SUSE CVE-2024-9956 at NVD CVE-2024-9957 at SUSE CVE-2024-9957 at NVD CVE-2024-9958 at SUSE CVE-2024-9958 at NVD CVE-2024-9959 at SUSE CVE-2024-9959 at NVD CVE-2024-9960 at SUSE CVE-2024-9960 at NVD CVE-2024-9961 at SUSE CVE-2024-9961 at NVD CVE-2024-9962 at SUSE CVE-2024-9962 at NVD CVE-2024-9963 at SUSE CVE-2024-9963 at NVD CVE-2024-9964 at SUSE CVE-2024-9964 at NVD CVE-2024-9965 at SUSE CVE-2024-9965 at NVD CVE-2024-9966 at SUSE CVE-2024-9966 at NVD Security update for radare2 (Important) openSUSE Leap 15.6 This update for radare2 fixes the following issues: Update to version 5.9.8: - CVE-2024-29645: buffer overflow vulnerability allows an attacker to execute arbitrary code via the parse_die function (boo#1234065). - For more details, check full release notes: https://github.com/radareorg/radare2/releases/tag/5.9.8 https://github.com/radareorg/radare2/releases/tag/5.9.6 https://github.com/radareorg/radare2/releases/tag/5.9.4 https://github.com/radareorg/radare2/releases/tag/5.9.2 https://github.com/radareorg/radare2/releases/tag/5.9.0 https://github.com/radareorg/radare2/releases/tag/5.8.8 Important SUSE bug 1234065 CVE-2024-29645 at SUSE CVE-2024-29645 at NVD cpe:/o:opensuse:leap:15.6 Recommended update for minikube (Moderate) openSUSE Leap 15.6 This update for minikube fixes the following issues: - update to 1.34.0 (boo#1227017 boo#1227049 boo#1227005): For a more detailed changelog, including changes occurring in pre-release versions, see CHANGELOG.md. https://github.com/kubernetes/minikube/blob/master/CHANGELOG.md * Breaking Changes: - Bump minimum podman version to 4.9.0 #19457 - Disallow using Docker Desktop 4.34.0 #19576 * Features: - Bump default Kubernetes version to v1.31.0 #19435 - Add new driver for macOS: vfkit #19423 - Add Parallels driver support for darwin/arm64 #19373 - Add new volcano addon #18602 - Addons ingress-dns: Added support for all architectures #19198 - Support privileged ports on WSL #19370 - VM drivers with docker container-runtime now use docker-buildx for image building #19339 - Support running x86 QEMU on arm64 #19228 - Add -o json option for addon images command #19364 * Improvements: - add -d shorthand for --driver #19356 - add -c shorthand for --container-runtime #19217 - kvm2: Don't delete the 'default' libvirt network #18920 - Update MINIKUBE_HOME usage #18648 - CNI: Updated permissions to support network policies on kindnet #19360 - GPU: Set NVIDIA_DRIVER_CAPABILITIES to all when GPU is enabled #19345 - Improved error message when trying to use mount on system missing 9P #18995 - Improved error message when enabling KVM addons on non-KVM cluster #19195 - Added warning when loading image with wrong arch #19229 - profile list --output json handle empty config folder #16900 - Check connectivity outside minikube when connectivity issuse #18859 * Bugs: - Fix not creating API server tunnel for QEMU w/ builtin network #19191 - Fix waiting for user input on firewall unblock when --interactive=false #19531 - Fix network retry check when subnet already in use for podman #17779 - Fix empty tarball when generating image save #19312 - Fix missing permission for kong-serviceaccount #19002 * Version Upgrades: - Addon cloud-spanner: Update cloud-spanner-emulator/emulator image from 1.5.17 to 1.5.23 #19341 #19501 - Addon headlamp: Update headlamp-k8s/headlamp image from v0.23.2 to v0.25.0 #18992 #19152 #19349 - Addon kong: Update kong image from 3.6.1 to 3.7.1 #19046 #19124 - Addon kubevirt: Update bitnami/kubectl image from 1.30.0 to 1.31.0 #18929 #19087 #19313 #19479 - Addon ingress: Update ingress-nginx/controller image from v1.10.1 to v1.11.2 #19302 #19461 - Addon inspektor-gadget: Update inspektor-gadget image from v0.27.0 to v0.32.0 #18872 #18931 #19011 #19166 #19411 #19554 - Addon istio-provisioner: Update istio/operator image from 1.21.2 to 1.23.0 #18932 #19052 #19167 #19283 #19450 - Addon nvidia-device-plugin: Update nvidia/k8s-device-plugin image from v0.15.0 to v0.16.2 #19162 #19266 #19336 #19409 - Addon metrics-server: Update metrics-server/metrics-server image from v0.7.1 to v0.7.2 #19529 - Addon YAKD: bump marcnuri/yakd image from 0.0.4 to 0.0.5 #19145 - CNI: Update calico from v3.27.3 to v3.28.1 #18870 #19377 - CNI: Update cilium from v1.15.3 to v1.16.1 #18925 #19084 #19247 #19337 #19476 - CNI: Update kindnetd from v20240202-8f1494ea to v20240813-c6f155d6 #18933 #19252 #19265 #19307 #19378 #19446 - CNI: Update flannel from v0.25.1 to v0.25.6 #18966 #19008 #19085 #19297 #19522 - Kicbase: Update nerdctld from 0.6.0 to 0.6.1 #19282 - Kicbase: Bump ubuntu:jammy from 20240427 to 20240808 #19068 #19184 #19478 - Kicbase/ISO: Update buildkit from v0.13.1 to v0.15.2 #19024 #19116 #19264 #19355 #19452 - Kicbase/ISO: Update cni-plugins from v1.4.1 to v1.5.1 #19044 #19128 - Kicbase/ISO: Update containerd from v1.7.15 to v1.7.21 #18934 #19106 #19186 #19298 #19521 - Kicbase/ISO: Update cri-dockerd from v0.3.12 to v0.3.15 #19199 #19249 - Kicbase/ISO: Update crun from 1.14.4 to 1.16.1 #19112 #19389 #19443 - Kicbase/ISO: Update docker from 26.0.2 to 27.2.0 #18993 #19038 #19142 #19153 #19175 #19319 #19326 #19429 #19530 - Kicbase/ISO: Update nerdctl from 1.7.5 to 1.7.6 #18869 - Kicbase/ISO: Update runc from v1.1.12 to v1.1.13 #19104 - update to 1.33.1: * Bugs: - Fix DNSSEC validation failed errors #18830 - Fix too many open files errors #18832 - CNI cilium: Fix cilium pods failing to start-up #18846 - Addon ingress: Fix enable failing on arm64 machines using VM driver #18779 - Addon kubeflow: Fix some components missing arm64 images #18765 * Version Upgrades: - Addon cloud-spanner: Update cloud-spanner-emulator/emulator image from 1.5.15 to 1.5.17 #18773 #18811 - Addon headlamp: Update headlamp-k8s/headlamp image from v0.23.1 to v0.23.2 #18793 - Addon ingress: Update ingress-nginx/controller image from v1.10.0 to v1.10.1 #18756 - Addon istio-provisioner: Update istio/operator image from 1.21.1 to 1.21.2 #18757 - Addon kubevirt: Update bitnami/kubectl image from 1.29.3 to 1.30.0 #18711 #18771 - Addon nvidia-device-plugin: Update nvidia/k8s-device-plugin image from v0.14.5 to v0.15.0 #18703 - CNI cilium: Update from v1.15.1 to v1.15.3 #18846 - High Availability: Update kube-vip from 0.7.1 to v0.8.0 #18774 - Kicbase/ISO: Update docker from 26.0.1 to 26.0.2 #18706 - Kicbase: Bump ubuntu:jammy from 20240227 to 20240427 #18702 #18769 #18804 - update to 1.33.0: * Features: - Support multi-control plane - HA clusters --ha #17909 Tutorial - Add support for Kubernetes v1.30 #18669 - Support exposing clusterIP services via minikube service #17877 - Addon gvisor: Add arm64 support #18063 #18453 - New Addon: YAKD - Kubernetes Dashboard addon #17775 * Minor Improvements: - Add active kubecontext to minikube profile list output #17735 - CNI calico: support kubeadm.pod-network-cidr #18233 - CNI bridge: Ensure pod communications are allowed #16143 - Addon auto-pause: Remove memory leak & add configurable interval #17936 - image build: Add docker.io/library to image short names #16214 - cp: Create directory if not present #17715 - Move errors getting logs into log output itself #18007 - Add default sysctls to allow privileged ports with no capabilities #18421 - Include extended attributes in preload tarballs #17829 - Apply kubeadm.applyNodeLabels label to all nodes #16416 - Limit driver status check to 20s #17553 - Include journalctl logs if systemd service fails to start #17659 - Fix 'Failed to enable container runtime: sudo systemctl restart cri-docker' #17907 - Fix containerd redownloading existing images on start #17671 - Fix kvm2 not detecting containerd preload #17658 - Fix modifying Docker binfmt config #17830 - Fix auto-pause addon #17866 - Fix not using preload with overlayfs storage driver #18333 - Fix image repositories not allowing subdomains with numbers #17496 - Fix stopping cluster when using kvm2 with containerd #17967 - Fix starting more than one cluster on kvm2 arm64 #18241 - Fix starting kvm2 clusters using Linux on arm64 Mac #18239 - Fix displaying error when deleting non-existing cluster #17713 - Fix no-limit not being respected on restart #17598 - Fix not applying kubeadm.applyNodeLabels label to nodes added after inital start #16416 - Fix logs delimiter output #17734 * Bugs: - Fix unescaped local host regex #18617 - Fix regex on validateNetwork to support special characters #18158 * Version Upgrades: - Bump Kubernetes version default: v1.30.0 and latest: v1.30.0 #18669 - Addon headlamp: Update headlamp-k8s/headlamp image from v0.23.0 to 0.23.1 #18517 - Addon inspektor-gadget: Update inspektor-gadget image from v0.26.0 to v0.27.0 #18588 - Addon istio-provisioner: Update istio/operator image from 1.21.0 to 1.21.1 #18644 - Addon metrics-server: Update metrics-server/metrics-server image from v0.7.0 to v0.7.1 #18551 - CNI: Update calico from v3.27.0 to v3.27.3 #18206 - CNI: Update flannel from v0.24.4 to v0.25.1 #18641 - Kicbase/ISO: Update buildkit from v0.13.0 to v0.13.1 #18566 - Kicbase/ISO: Update containerd from v1.7.14 to v1.7.15 #18621 - Kicbase/ISO: Update cri-dockerd from v0.3.3 to v0.3.12 #18585 - Kicbase/ISO: Update crun from 1.14 to 1.14.4 #18610 - Kicbase/ISO: Update docker from 25.0.4 to 26.0.1 #18485 #18649 - Kicbase/ISO: Update nerdctl from 1.7.4 to 1.7.5 #18634 - Kicbase: Update nerdctld from 0.5.1 to 0.6.0 #18647 - update to 1.32.0: * rootless: support `--container-runtime=docker` #17520 * Install NVIDIA container toolkit during image build (offline support) * Fix no-limit option for config validation #17530 * NVIDIA GPU support with new `--gpus=nvidia` flag for docker driver #15927 #17314 #17488 * New `kubeflow` addon #17114 * New `local-path-provisioner` addon #15062 * Kicbase: Add `no-limit` option to `--cpus` & `--memory` flags #17491 * Hyper-V: Add memory validation for odd numbers #17325 * QEMU: Improve cpu type and IP detection #17217 * Mask http(s)_proxy password from startup output #17116 * `--delete-on-faliure` also recreates cluster for kubeadm failures #16890 * Addon auto-pause: Configure intervals using `--auto-pause- interval` #17070 * `--kubernetes-version` checks GitHub for version validation and improved error output for invalid versions #16865 * Bugs: * QEMU: Fix addons failing to enable #17402 * Fix downloading the wrong kubeadm images for k8s versions after minikube release #17373 * Fix enabling & disabling addons with non-existing cluster #17324 * Fix delete if container-runtime doesn't exist #17347 * Fix network not found not being detected on new Docker versions #17323 * Fix addon registry doesn't follow Minikube DNS domain name configuration (--dns-domain) #15585 * Version Upgrades: * Bump Kubernetes version default: v1.28.3 and latest: v1.28.3 * Addon cloud-spanner: Update cloud-spanner-emulator/emulator image from 1.5.9 to 1.5.11 #17225 #17259 * Addon headlamp: Update headlamp-k8s/headlamp image from v0.19.0 to v0.20.1 #17135 #17365 * Addon ingress: Update ingress-nginx/controller image from v1.8.1 to v1.9.3 #17223 #17297 #17348 #17421 * Addon inspektor-gadget: Update inspektor-gadget image from v0.19.0 to v0.21.0 #17176 #17340 * Addon istio-provisioner: Update istio/operator image from 1.12.2 to 1.19.3 #17383 #17436 * Addon kong: Update kong image from 3.2 to 3.4.2 #17485 * Addon registry: Update registry image from 2.8.1 to 2.8.3 #17382 #17467 * CNI: Update calico from v3.26.1 to v3.26.3 #17363 #17375 * CNI: Update flannel from v0.22.1 to v0.22.3 #17102 #17263 * CNI: Update kindnetd from v20230511-dc714da8 to v20230809-80a64d96 #17233 * Kicbase/ISO: Update buildkit from v0.11.6 to v0.12.2 #17194 * Kicbase/ISO: Update containerd from v1.7.3 to v1.7.7 #17243 #17466 * Kicbase/ISO: Update crictl from v1.21.0 to v1.28.0 #17240 * Kicbase/ISO: Update docker from 24.0.4 to 24.0.6 #17120 #17207 * Kicbase/ISO: Update nerdctl from 1.0.0 to 1.6.2 #17145 #17339 #17434 * Kicbase/ISO: Update runc from v1.1.7 to v1.1.9 #17250 * Kicbase: Bump ubuntu:jammy from 20230624 to 20231004 #17086 #17174 #17345 #17423 - update to 1.31.2: * docker-env Regression: * Create `~/.ssh` directory if missing #16934 * Fix adding guest to `~/.ssh/known_hosts` when not needed #17030 * Verify containerd storage separately from docker #16972 * cni: Fix regression in auto selection #16912 Moderate SUSE bug 1120850 SUSE bug 1227005 SUSE bug 1227017 SUSE bug 1227049 CVE-2024-3817 at SUSE CVE-2024-3817 at NVD CVE-2024-6104 at SUSE CVE-2024-6104 at NVD CVE-2024-6257 at SUSE CVE-2024-6257 at NVD cpe:/o:opensuse:leap:15.6 Security update for nanopb (Low) openSUSE Leap 15.6 This update for nanopb fixes the following issues: - CVE-2024-53984: Fix memory not released on error return (boo#1234088) Low SUSE bug 1234088 CVE-2024-53984 at SUSE CVE-2024-53984 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: Chromium 131.0.6778.108 (stable released 2024-12-04) (boo#1234118) - CVE-2024-12053: Type Confusion in V8 Important SUSE bug 1234118 CVE-2024-12053 at SUSE CVE-2024-12053 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 Chromium was updated to version 131.0.6778.139 (boo#1234361) * CVE-2024-12381: Type Confusion in V8 * CVE-2024-12382: Use after free in Translate * Various fixes from internal audits, fuzzing and other initiatives Important SUSE bug 1234361 CVE-2024-12381 at SUSE CVE-2024-12381 at NVD CVE-2024-12382 at SUSE CVE-2024-12382 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-python-sql (Moderate) openSUSE Leap 15.6 This update for python-python-sql fixes the following issues: - CVE-2024-9774: Fixed that unary operators does not escape non-Expression (boo#1234653). Moderate SUSE bug 1234653 CVE-2024-9774 at SUSE CVE-2024-9774 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-xhtml2pdf (Moderate) openSUSE Leap 15.6 This update for python-xhtml2pdf fixes the following issues: - CVE-2024-25885: Fixed denial of service through regular expression in utils.py:getColor() (boo#1231408) Moderate SUSE bug 1231408 CVE-2024-25885 at SUSE CVE-2024-25885 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This security update for Chromium to version 131.0.6778.204 (boo#1234704) fixes: * CVE-2024-12692: Type Confusion in V8 * CVE-2024-12693: Out of bounds memory access in V8 * CVE-2024-12694: Use after free in Compositing * CVE-2024-12695: Out of bounds write in V8 * Various fixes from internal audits, fuzzing and other initiatives Important CVE-2024-12692 at SUSE CVE-2024-12692 at NVD CVE-2024-12693 at SUSE CVE-2024-12693 at NVD CVE-2024-12694 at SUSE CVE-2024-12694 at NVD CVE-2024-12695 at SUSE CVE-2024-12695 at NVD cpe:/o:opensuse:leap:15.6 Security update for radare2 (Moderate) openSUSE Leap 15.6 This update for radare2 fixes the following issues: - CVE-2025-1864: Fix buffer overflow and potential code execution. (boo#1238451) - CVE-2025-1744: Fix heap-based buffer over-read or buffer overflow. (boo#1238075) Moderate SUSE bug 1238075 SUSE bug 1238451 CVE-2025-1744 at SUSE CVE-2025-1744 at NVD CVE-2025-1864 at SUSE CVE-2025-1864 at NVD cpe:/o:opensuse:leap:15.6 Security update for git-bug (Moderate) openSUSE Leap 15.6 This update for git-bug fixes the following issues: - Update embedded golang.org/x/crypto/ssh to v0.35.0 (boo#1239494, CVE-2025-22869). - Update to version 0.8.0+git.1733745604.d499b6e: * fix typos in docs (#1266) - Bump golang.org/x/crypto from v0.26.0 to v0.31.0 (fix for CVE-2024-45337, boo#1234565). - Update to version 0.8.0+git.1725552198.b0cc690: * build(deps): bump golang.org/x/term from 0.23.0 to 0.24.0 (#1261) * graphql: properly namespace Bug to make space for other entities (#1254) * refactor: rename github test repository: test-github-bridge (#1256) * build(deps-dev): bump the npm_and_yarn group across 1 directory with 4 updates (#1250) * core: make label a common type, in a similar fashion as for status (#1252) * chore: regenerate command completion and documentation (#1253) * feat: update references to the git-bug organization (#1249) * build(deps): bump github.com/vbauerster/mpb/v8 from 8.7.5 to 8.8.2 (#1248) * build(deps): bump golang.org/x/sys from 0.23.0 to 0.24.0 (#1242) * feat: add package to dev shell: delve (#1240) * build(deps): bump golang.org/x/crypto from 0.25.0 to 0.26.0 (#1239) * build(deps): bump golang.org/x/text from 0.16.0 to 0.17.0 (#1237) * DOC: it is 'new' not 'configure' command (also was missing \) * build(deps): bump golang.org/x/sys from 0.22.0 to 0.23.0 * build(deps): bump golang.org/x/oauth2 from 0.21.0 to 0.22.0 * build(deps): bump golang.org/x/sync from 0.7.0 to 0.8.0 * fix: correct path for reusable workflow: lifecycle * feat: merge go directive and toolchain specification * feat: improved lifecycle management with stale-bot * build(deps): bump github.com/vbauerster/mpb/v8 from 8.7.4 to 8.7.5 * revert: 'feat: increase operations per run for workflow: cron' * fix: run the presubmit pipeline for PRs * chore: remove refs to deprecated io/ioutil * fix: move codeql into an independent workflow * feat: bump node versions to 16.x, 18.x, and 20.x * feat: refactor pipelines into reusable workflows * build(deps): bump jsonwebtoken and @graphql-tools/prisma-loader * build(deps-dev): bump tough-cookie from 4.1.2 to 4.1.3 in /webui * build(deps): bump github.com/xanzy/go-gitlab from 0.106.0 to 0.107.0 * build(deps): bump graphql from 16.6.0 to 16.8.1 in /webui * build(deps-dev): bump undici from 5.11.0 to 5.28.4 in /webui * build(deps): bump @babel/traverse from 7.19.3 to 7.24.8 in /webui * build(deps): bump github.com/99designs/gqlgen from 0.17.36 to 0.17.49 * build(deps): bump github.com/dvsekhvalnov/jose2go from 1.5.0 to 1.6.0 * build(deps-dev): bump semver from 5.7.1 to 5.7.2 in /webui * build(deps-dev): bump word-wrap from 1.2.3 to 1.2.5 in /webui * build(deps-dev): bump express from 4.18.1 to 4.19.2 in /webui * build(deps-dev): bump ws from 7.5.9 to 7.5.10 in /webui * build(deps): bump golang.org/x/vuln from 1.1.2 to 1.1.3 * build(deps): bump github.com/go-git/go-git/v5 from 5.8.1 to 5.12.0 * build(deps-dev): bump undici from 5.11.0 to 5.26.3 in /webui * build(deps): bump github.com/vbauerster/mpb/v8 from 8.5.2 to 8.7.4 * build(deps): bump webpack from 5.74.0 to 5.76.1 in /webui * build(deps): bump github.com/go-git/go-billy/v5 from 5.4.1 to 5.5.0 * build(deps): bump ua-parser-js from 0.7.31 to 0.7.33 in /webui * build(deps): bump github.com/vektah/gqlparser/v2 from 2.5.15 to 2.5.16 * build(deps): bump google.golang.org/protobuf from 1.31.0 to 1.33.0 * build(deps): bump json5 from 1.0.1 to 1.0.2 in /webui * build(deps): bump loader-utils from 2.0.2 to 2.0.4 in /webui * build(deps): bump minimatch and recursive-readdir in /webui * fix: add write for prs: stale/issue-and-pr * feat: allow for manual execution of workflow: cron * feat: increase operations per run for workflow: cron * fix: add missing `with` property to //.github/workflows:cron.yml * feat: add workflow for triaging stale issues and prs * feat: add initial editorconfig configuration file * feat: add a common file for git-blame ignored revisions * feat: add a commit message template * feat: add initial nix development shell * feat: update action library versions * feat: add concurrency limits to all pipelines * fix: bump to go v1.22.5 * fix: correct typo: acceps => accepts * build(deps): bump github.com/fatih/color from 1.16.0 to 1.17.0 (#1183) * build(deps): bump github.com/gorilla/mux from 1.8.0 to 1.8.1 (#1181) * build(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.1 (#1179) * build(deps): bump golang.org/x/vuln from 1.0.0 to 1.1.2 (#1171) * build(deps): bump golang.org/x/crypto from 0.21.0 to 0.25.0 (#1175) * build(deps): bump github.com/hashicorp/golang-lru/v2 from 2.0.5 to 2.0.7 (#1113) * build(deps): bump golang.org/x/text from 0.14.0 to 0.16.0 (#1173) * build(deps): bump github.com/vektah/gqlparser/v2 from 2.5.8 to 2.5.15 (#1164) * build(deps): bump github.com/hashicorp/go-retryablehttp (#1162) * build(deps): bump golang.org/x/net from 0.14.0 to 0.23.0 (#1166) * build(deps): bump golang.org/x/oauth2 from 0.11.0 to 0.21.0 (#1165) * build(deps): bump github.com/xanzy/go-gitlab from 0.90.0 to 0.106.0 (#1167) * build(deps): bump golang.org/x/sys from 0.11.0 to 0.14.0 (#1132) - Try reading git-bug.remote config value before defaulting to 'origin' when no explicit REMOTE argument. - Update to version 0.8.0+git.1713935544.6d051a2: * Update README.md * chore: fix some struct names in comments - Update to version 0.8.0+git.1697403397.1212f75: * fix openpgp handling to sign/check * api/graphql: regenerate after gqlgen upgrade * build(deps): bump github.com/99designs/gqlgen from 0.17.20 to 0.17.36 * build(deps): bump github.com/99designs/gqlgen from 0.17.20 to 0.17.36 * update to golang-lru v2 * build(deps): bump github.com/hashicorp/golang-lru from 0.5.4 to 1.0.2 * build(deps): bump golang.org/x/oauth2 from 0.8.0 to 0.11.0 * build(deps): bump github.com/mattn/go-isatty from 0.0.17 to 0.0.19 * build(deps): bump golang.org/x/sync from 0.1.0 to 0.3.0 * build(deps): bump github.com/fatih/color from 1.13.0 to 1.15.0 * build(deps): bump golang.org/x/vuln * build(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0 * build(deps): bump github.com/cloudflare/circl from 1.3.1 to 1.3.3 * build(deps): bump golang.org/x/crypto from 0.5.0 to 0.12.0 * build(deps): bump github.com/vbauerster/mpb/v8 from 8.1.4 to 8.5.2 * codespell: no 'with' means using codespellrc, add more opt out * build(deps): bump golang.org/x/term from 0.8.0 to 0.11.0 * build(deps): bump golang.org/x/sys from 0.8.0 to 0.11.0 * build(deps): bump golang.org/x/text from 0.9.0 to 0.12.0 * build(deps): bump github.com/xanzy/go-gitlab from 0.79.1 to 0.90.0 * build(deps): bump github.com/stretchr/testify from 1.8.1 to 1.8.4 * build(deps): bump golang.org/x/oauth2 from 0.4.0 to 0.8.0 * execenv: fix some cache building progress bar artifact * build(deps): bump github.com/go-git/go-billy/v5 from 5.4.0 to 5.4.1 * util: better IsRunning(pid) * webui: also teardown cleanly on SIGTERM * build(deps): bump golang.org/x/net from 0.5.0 to 0.7.0 * tools: fix how security tools are setup and launched * repo: improve support for gitdir indirection * build(deps): bump github.com/xanzy/go-gitlab from 0.78.0 to 0.79.1 * add more ideas in the feature matrix * cache: faster indexing by caping Bleve batch count * doc: add a feature matrix * chore: updated error message when detectGitPath fails * test: resolve changes for PR #1004, add unit test, fix issue uncovered by unit test * Add github workflow for codespell * [DATALAD RUNCMD] Run codespell -w * rudimentary codespell configuration * [DATALAD RUNCMD] Fix one ambigous overrided * build(deps): bump golang.org/x/oauth2 from 0.3.0 to 0.4.0 * commands: add a helper to generate testing regex for CLI output * fix(#971): parse submodule .git files instead of erroring * docs(commands): try to make cleaned argument use more obvious * style: resolve PR comments * version: code cleanup, fix some edge cases * dirty should be bool * commands: different pattern to detect changed flags * style: clean up linter complaints * build(deps): bump github.com/xanzy/go-gitlab from 0.77.0 to 0.78.0 * fix(commands): replace missing import * fix(commands): create env.Env once for all Cobra commands * commands: remove compact style for 'bug', as the width adaptive default renderer cover that usage * command: adapt the output of the bug list to the terminal size * execenv: move terminal detection to Out, introduce the compagnion In * feat: use isatty to detect a Termios instead * feat: detect os.Stdin/os.Stdout mode * New approach to define the version * build(deps): bump github.com/dustin/go-humanize from 1.0.0 to 1.0.1 * repo: don't forget to close a file * repo: temporary use a fork of go-git due to https://github.com/go-git/go-git/pull/659 * Fixed version info be set when go install * added EventMentionedInCommit * add wipe sub-command that remove local bugs and identities * commands: add a nice terminal progress bar when building the cache * properly close files in edge cases in various places * repo: check error when closing a repo in tests * fix(commands): run tests in ./commands/... without ANSI color * build(deps): bump github.com/go-git/go-git/v5 from 5.5.1 to 5.5.2 * chore(TestCache): cleanup per PR review * build(deps): bump golang.org/x/crypto from 0.4.0 to 0.5.0 * build(deps): bump golang.org/x/text from 0.5.0 to 0.6.0 * refactor(TestCache): guarantee test caches are closed when tests finish * fix(TestCache): eliminate hanging Windows tests * style(TestCache): remove empty trailing line from function * test(cache): close second instance of RepoCache * ci: use Go 1.19.4 and setup-go@v3 * fix: resolve Go vulnerabilities * fix(972): use prerelease of GoKart with repaired panic * build(deps): bump github.com/go-git/go-billy/v5 from 5.3.1 to 5.4.0 * fix: keyrings must return keys with entities/identities * commands: share JSON creation * CI: remove lint security step as it's crashing * commands: don't double build the lamport clocks * build(deps): bump github.com/mattn/go-isatty from 0.0.16 to 0.0.17 * feat: upgrade go-git to v5.1.1 * commands: generic 'select' code, move bug completion in bugcmd * cache: simplify cache building events handling * commands: move bug specific input code into commands/bug/input * cache: tie the last printf in an event to make the core print free * cache: fix some bugs after refactor * github: cleanup test token when test is done * cache: generic withSnapshot, some cleanup * cache: tie up the refactor up to compiling * repository: return specific error on object not found, accept multiple namespace to push/pull * build(deps): bump github.com/99designs/keyring from 1.2.1 to 1.2.2 * repo: proper reduced interface for full-text indexing * doc/README: normalize verb tense and fix typo * build(deps): bump github.com/xanzy/go-gitlab from 0.76.0 to 0.77.0 * build(deps): bump golang.org/x/text from 0.4.0 to 0.5.0 * fix: remove repeated use of the same fmt.Errorf() calls * feat: wrap ErrMultipleConfigEntry to report duplicate key * feat: wrap ErrNoConfigEntry to report missing key * benchmark-action: make it work? * gha: add a workflow to continuously run benchmarks * build(deps): bump github.com/xanzy/go-gitlab from 0.74.0 to 0.76.0 * commands: reorg into different packages * release: don't build for darwin/386 as support has been removed in golang * GHA: add a release workflow to build and upload binaries * webui: pack into binary * gogit: fix incorrect loader handling * github: sanitize rate limit waiting time * go-git: concurrent loading of clocks * github: fix rate limiting * build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1 * core: bubble up the comment ID when created, or edited the first comment * build(deps): bump github.com/xanzy/go-gitlab from 0.73.1 to 0.74.0 * build(deps): bump golang.org/x/text from 0.3.7 to 0.4.0 Moderate SUSE bug 1234565 SUSE bug 1239494 CVE-2024-45337 at SUSE CVE-2024-45337 at NVD CVE-2025-22869 at SUSE CVE-2025-22869 at NVD cpe:/o:opensuse:leap:15.6 Security update for cadvisor (Moderate) openSUSE Leap 15.6 This update for cadvisor fixes the following issues: - update to 0.52.1: * Make resctrl optional/pluggable - update to 0.52.0: * bump containerd related deps: api v1.8.0; errdefs v1.0.0; ttrpc v1.2.6 * chore: Update Prometheus libraries * bump runc to v1.2.4 * Add Pressure Stall Information Metrics * Switch to opencontainers/cgroups repository (includes update from golang 1.22 to 1.24) * Bump to newer opencontainers/image-spec @ v1.1.1 - update to 0.49.2: * Cp fix test * Revert 'reduce_logs_for_kubelet_use_crio' - CVE-2025-22868: golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2 (boo#1239291) - Update to version 0.49.1: * build docker - add --provenance=false flag * Remove s390x support * Disable libipmctl in build * Ugrade base image to 1.22 and alpine 3.18 * fix type of C.malloc in cgo * Bump runc to v1.1.12 * Bump to bullseye * Remove section about canary image * Add note about WebUI auth * Remove mentions of accelerator from the docs * reduce_logs_for_kubelet_use_crio * upgrade actions/checkout and actions/setup-go and actions/upload-artifact * build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /cmd * add cadvisor and crio upstream changes * Avoid using container/podman in manager.go * container: skip checking for files in non-existent directories. * Adjust the log level of Initialize Plugins * add ignored device * fix: variable naming * build(deps): bump golang.org/x/net from 0.10.0 to 0.17.0 in /cmd * manager: require higher verbosity level for container info misses * Information should be logged on increased verbosity only * Running do mod tidy * Running go mod tidy * Running go mod tidy * container/libcontainer: Improve limits file parsing perf * container/libcontainer: Add limit parsing benchmark * build(deps): bump github.com/cyphar/filepath-securejoin in /cmd * build(deps): bump github.com/cyphar/filepath-securejoin * Set verbosity after flag definition * fix: error message typo * vendor: bump runc to 1.1.9 * Switch to use busybox from registry.k8s.io * Bump golang ci lint to v1.54.1 * Bump github.com/docker/docker in /cmd * Bump github.com/docker/docker * Bump github.com/docker/distribution in /cmd * Bump github.com/docker/distribution * Update genproto dependency to isolated submodule * remove the check for the existence of NFS files, which will cause unnecessary requests. * reduce inotify watch * fix performance degradation of NFS * fix: fix type issue * fix: fix cgo memory leak * ft: export memory kernel usage * sysinfo: Ignore 'hidden' sysfs device entries * Increasing required verbosity level * Patch to fix issue 2341 * podman support: Enable Podman support. * podman support: Create Podman handler. * podman support: Changes in Docker handler. * unit test: machine_swap_bytes * Add documentation for machine_swap_bytes metric * Add a machine_swap_bytes metric * fix: add space trimming for label allowlist * Upgrade to blang/semver/v4 v4.0.0 * docs(deploy/k8s): remote build for kustomize * Update dependencies * Change filepaths to detect online CPUs * Update actions/checkout to v3 * Fix flags typo * Updating location of kubernetes/pause image * Using t.TempDir() in tests * Unit test: MachineInfo Clone() method * Bugfix: MachineInfo Clone() - clone SwapCapacity * Optimize network metrics collection * Removing calls to deprecates io/ioutil package * Updating minimum Go version to 1.19 * Request the pid of another container if current pid is not longer valid * Restructure * Add CRI-O client timeout setting * Set containerd grpc.MaxCallRecvMsgSize to 16MB * Fix asset build * feat(logging): add verbosity to non-NUMA node warning * add nerdctl to ignoredDevices * nvm: Change the 'no NVM devices' log. * nvm: Fix typo. * Fix CVE-2022-27664 (#3248) * resctrl: Reduce size and mode files check (#3264) * readme: Update Creatone contributor info. (#3265) * Fix comment to refer to correct client * build: bump golang to 1.20 * ci: Update golang ci-lint to v1.51.2 * build: Update shebang to python3 * Revert 'dockerfile: Fix typo in go build tags.' * Decreasing verbosity level for 'Cannot read vendor id correctly, set empty' * dockerfile: Fix typo in go build tags. * deps: Move from cloud.google.com/go/compute -> cloud.google.com/go * use memory.min for reservation memory instead of high * Mark GOPATH as git safe.directory to fix CI build * switch to gomodule/redigo from garyburd/redigo * update go.mod/sum both in root and cmd/ * Drop accelerator metrics and nvidia integration * Add s390x support for docker image * typo in MachineInfo spec for SwapCapacity * add support for swap in machine/info Moderate SUSE bug 1222192 SUSE bug 1239291 CVE-2022-27664 at SUSE CVE-2022-27664 at NVD CVE-2025-22868 at SUSE CVE-2025-22868 at NVD cpe:/o:opensuse:leap:15.6 Security update for restic (Moderate) openSUSE Leap 15.6 This update for restic fixes the following issues: Update to 0.18.0 - Sec #5291: Mitigate attack on content-defined chunking algorithm - Fix #1843: Correctly restore long filepaths' timestamp on old Windows - Fix #2165: Ignore disappeared backup source files - Fix #5153: Include root tree when searching using find --tree - Fix #5169: Prevent Windows VSS event log 8194 warnings for backup with fs snapshot - Fix #5212: Fix duplicate data handling in prune --max-unused - Fix #5249: Fix creation of oversized index by repair index --read-all-packs - Fix #5259: Fix rare crash in command output - Chg #4938: Update dependencies and require Go 1.23 or newer - Chg #5162: Promote feature flags - Enh #1378: Add JSON support to check command - Enh #2511: Support generating shell completions to stdout - Enh #3697: Allow excluding online-only cloud files (e.g. OneDrive) - Enh #4179: Add sort option to ls command - Enh #4433: Change default sort order for find output - Enh #4521: Add support for Microsoft Blob Storage access tiers - Enh #4942: Add snapshot summary statistics to rewritten snapshots - Enh #4948: Format exit errors as JSON when requested - Enh #4983: Add SLSA provenance to GHCR container images - Enh #5054: Enable compression for ZIP archives in dump command - Enh #5081: Add retry mechanism for loading repository config - Enh #5089: Allow including/excluding extended file attributes during restore - Enh #5092: Show count of deleted files and directories during restore - Enh #5109: Make small pack size configurable for prune - Enh #5119: Add start and end timestamps to backup JSON output - Enh #5131: Add DragonFlyBSD support - Enh #5137: Make tag command print which snapshots were modified - Enh #5141: Provide clear error message if AZURE_ACCOUNT_NAME is not set - Enh #5173: Add experimental S3 cold storage support - Enh #5174: Add xattr support for NetBSD 10+ - Enh #5251: Improve retry handling for flaky rclone backends - Enh #52897: Make recover automatically rebuild index when needed Moderate cpe:/o:opensuse:leap:15.6 Security update for opera (Important) openSUSE Leap 15.6 NonFree This update for opera fixes the following issues: - Update to 117.0.5408.163 * DNA-120683 [Issue back] Sometimes onboarding is blank and useless * DNA-121682 Backport fix for CVE-2025-2783 to O132, O133, GX132 and Air132 - Changes in 117.0.5408.154 * DNA-121210 After enabling tab scrolling, the tab bar narrows on both the left and right sides * DNA-121560 Extension updates which requires manual confirmation do not work - Changes in 117.0.5408.142 * DNA-121314 Use the extra palette color to paint the frame * DNA-121321 Refactor ColorSet struct * DNA-121444 Crash at opera::VibesServiceImpl::VibesServiceImpl * DNA-121477 Add unit tests for ColorSet * DNA-121488 [ASAN] ColorSetTest.DefaultConstructor fails - Changes in 117.0.5408.93 * DNA-118548 After pressing Ctrl+F / Cmd+F on the Start Page (SP), the focus should be on the search bar * DNA-121183 Add 'transparent UI' parameter to Vibe logic * DNA-121184 Allow to specify extra palette for window background in Vibe logic * DNA-121232 Enable Slack, Discord and Bluesky flag on all streams * DNA-121237 Crash at opera::SidebarExpandViewEmbedder::Position * DNA-121322 [Opera Translate] [Redesign] Expired #translator flag * DNA-121385 Remove 'passkey' string - Update to 117.0.5408.53 * DNA-120848 Add 'x' button to close/dismiss translate popup * DNA-120849 Dismissing popup adds language to never translate from list * DNA-120951 Optimize MFSVE output handling * DNA-120972 Crash at TabDesktopMediaList::Refresh * CHR-9964 Update Chromium on desktop-stable-132-5408 to 132.0.6834.210 Changes in 117.0.5408.47 * CHR-9961 Update Chromium on desktop-stable-132-5408 to 132.0.6834.209 Important CVE-2025-2783 at SUSE CVE-2025-2783 at NVD Security update for assimp (Important) openSUSE Leap 15.6 This update for assimp fixes the following issues: - CVE-2024-48425: Fixed SEGV in Assimp:SplitLargeMeshesProcess_Triangle:UpdateNode (boo#1232324) - CVE-2024-48423: Fixed a arbitrary code execution via CallbackToLogRedirector() (boo#1232322) - CVE-2024-48424: Fixed a heap-buffer-overflow in OpenDDLParser:parseStructure() (boo#1232323) - CVE-2024-53425: Fixed a heap-based buffer overflow in SkipSpacesAndLineEnd() (boo#1233633) - CVE-2025-2592: Fixed a heap-based buffer overflow in Assimp::CSMImporter::InternReadFile() (boo#1239916) - CVE-2025-3015: Fixed out-of-bounds read caused by manipulation of the argument mIndices (boo#1240412) - CVE-2025-3016: Fixed a denial of service caused by manipulation of the argument mWidth/mHeight (boo#1240413) - CVE-2025-2591: Fixed a denial of service in code/AssetLib/MDL/MDLLoader.cpp (boo#1239920) - CVE-2025-2151: Fixed a stack-based buffer overflow in Assimp::GetNextLine() (boo#1239220) Important SUSE bug 1232322 SUSE bug 1232323 SUSE bug 1232324 SUSE bug 1233633 SUSE bug 1239220 SUSE bug 1239916 SUSE bug 1239920 SUSE bug 1240412 SUSE bug 1240413 CVE-2024-48423 at SUSE CVE-2024-48423 at NVD CVE-2024-48424 at SUSE CVE-2024-48424 at NVD CVE-2024-48425 at SUSE CVE-2024-48425 at NVD CVE-2024-53425 at SUSE CVE-2024-53425 at NVD CVE-2025-2151 at SUSE CVE-2025-2151 at NVD CVE-2025-2591 at SUSE CVE-2025-2591 at NVD CVE-2025-2592 at SUSE CVE-2025-2592 at NVD CVE-2025-3015 at SUSE CVE-2025-3015 at NVD CVE-2025-3016 at SUSE CVE-2025-3016 at NVD cpe:/o:opensuse:leap:15.6 Security update for go-containerregistry (Important) openSUSE Leap 15.6 This update for go-containerregistry fixes the following issues: - CVE-2025-22868: Fixed unexpected memory consumption during token parsing in golang.org/x/oauth2 (boo#1239277). Important SUSE bug 1239277 CVE-2025-22868 at SUSE CVE-2025-22868 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium, gn (Important) openSUSE Leap 15.6 This update for chromium, gn fixes the following issues: Changes in chromium: - Chromium 135.0.7049.52 (stable release 2025-04-01) (boo#1240555) * CVE-2025-3066: Use after free in Navigations * CVE-2025-3067: Inappropriate implementation in Custom Tabs * CVE-2025-3068: Inappropriate implementation in Intents * CVE-2025-3069: Inappropriate implementation in Extensions * CVE-2025-3070: Insufficient validation of untrusted input in Extensions * CVE-2025-3071: Inappropriate implementation in Navigations * CVE-2025-3072: Inappropriate implementation in Custom Tabs * CVE-2025-3073: Inappropriate implementation in Autofill * CVE-2025-3074: Inappropriate implementation in Downloads Changes in gn: - Update to version 0.20250306: * Remove deps from rust executable to module's pcm files * Update test for rust executable deps * Add toolchain for cxx modules in TestWithScope * Apply the latest clang-format * Update reference for {rustdeps} * Always generate a .toolchain file even if it is empty. * Pass --with-lg-page=16 when building jemalloc for arm64. * Remove obsolete debug checks. * Make default vs ide version on Windows as 2022 * Reland 'Adds a path_exists() function' * Revert 'Adds a path_exists() function' * Adds a path_exists() function * Revert 'Speed-up GN with custom OutputStream interface.' * Speed-up GN with custom OutputStream interface. * Add `exec_script_allowlist` to replace `exec_script_whitelist`. * Retry ReplaceFile in case of failure * Fix crash when NinjaBuildWriter::RunAndWriteFile fails * fix include for escape.h * fix exit code for gn gen failure * misc: Use html.escape instead of cgi.escape * Do not copy parent build_dependency_files_ in Scope constructors. * Improve error message for duplicated items * [rust-project] Always use forward slashes in sysroot paths * Update all_dependent_configs docs. * set 'no_stamp_files' by default * fix a typo * Stop using transitional LFS64 APIs * do not use tool prefix for phony rule * [rust] Add sysroot_src to rust-project.json * Implement and enable 'no_stamp_files' * Add Target::dependency_output_alias() * Add 'outputs' to generated_file documentation. * Update bug database link. * remove a trailing space after variable bindings * fix tool name in error * remove unused includes * Markdown optimization (follow-up) * Support link_output, depend_output in Rust linked tools. * Properly verify runtime_outputs in rust tool definitions. * BugFix: Syntax error in gen.py file * generated_file: add output to input deps of stamp * Markdown optimization: * Revert 'Rust: link_output, depend_output and runtime_outputs for dylibs' * hint using nogncheck on disallowed includes Important SUSE bug 1240555 CVE-2025-3066 at SUSE CVE-2025-3066 at NVD CVE-2025-3067 at SUSE CVE-2025-3067 at NVD CVE-2025-3068 at SUSE CVE-2025-3068 at NVD CVE-2025-3069 at SUSE CVE-2025-3069 at NVD CVE-2025-3070 at SUSE CVE-2025-3070 at NVD CVE-2025-3071 at SUSE CVE-2025-3071 at NVD CVE-2025-3072 at SUSE CVE-2025-3072 at NVD CVE-2025-3073 at SUSE CVE-2025-3073 at NVD CVE-2025-3074 at SUSE CVE-2025-3074 at NVD cpe:/o:opensuse:leap:15.6 Security update for doomsday (Important) openSUSE Leap 15.6 This update for doomsday fixes the following issues: - CVE-2025-2592: Use system assimp library to fix a heap-based buffer overflow (boo#1239917) Important SUSE bug 1239917 CVE-2025-2592 at SUSE CVE-2025-2592 at NVD cpe:/o:opensuse:leap:15.6 Security update for opera (Important) openSUSE Leap 15.6 NonFree This update for opera fixes the following issues: - Update to 116.0.5366.21 * CHR-9904 Update Chromium on desktop-stable-131-5366 to 131.0.6778.86 * DNA-119581 Crash at views::View::ConvertPointToTarget * DNA-119847 Missing Opera warning color and some margins in Settings * DNA-119853 Eula dialog is wrong displayed and can not run installation with system scale 125% * DNA-119883 Dark mode: side bar player icons have no background * DNA-120054 Double icon effect in adress bar * DNA-120117 [Player] Crash when trying to Inspect Element on player's web page in panel * DNA-120155 Crash on opera:extensions with color-themes flag disabled * DNA-120195 Scroll in Theme Gallery view changes to dark color in Dark Mode * DNA-120211 Crash at extensions:: TabsPrivateGetAllInWindowFunction::Run * DNA-120230 Start page button is blurry * DNA-120240 Dropdown display lacks expected overlay effect * DNA-120242 Translations for Opera 116 * DNA-120317 Crash at opera::BrowserWindowImpl:: SetBrowserUIVisible * DNA-120458 Crash at opera::BrowserWindowImpl:: AddWidgetToTracked * DNA-120512 Promote 116.0 to stable - Complete Opera 116 changelog at: https://blogs.opera.com/desktop/changelog-for-116 - The update to chromium 131.0.6778.86 fixes following issues: CVE-2024-11395 - Update to 115.0.5322.119 * CHR-9416 Updating Chromium on desktop-stable-* branches * DNA-120117 [Player] Crash when trying to Inspect Element on player's web page in panel * DNA-120211 Crash at extensions:: TabsPrivateGetAllInWindowFunction::Run - Update to 115.0.5322.109 * CHR-9416 Updating Chromium on desktop-stable-* branches * DNA-118730 Crash at opera::content_filter:: AdBlockerWhitelistHandler::SetSiteBlocked * DNA-119320 [Mac] Web view corners not rounded * DNA-119421 [Easy setup] Dropdown for theme editing do not close after opening other dropdowns * DNA-119519 Implement stop mechanism for video as wallpaper * DNA-119550 Collect common shader rendering code in Rich Wallpaper * DNA-119551 Convert Midsommar to new shader-based dynamic theme format * DNA-119552 Convert Aurora to new shader-based dynamic theme format * DNA-119553 Pass configuration data to shader-based dynamic themes * DNA-119554 Logic for pause / resume animations in rich wallpaper page * DNA-119645 Install theme from the server * DNA-119652 Show spinner while downloading & installing theme * DNA-119692 'start now' button not translated in hindi * DNA-119783 Toggles in Dark Mode unchecked state missed background color * DNA-119811 Show download icon on hover * DNA-119812 Implement downloading new theme by clicking download button * DNA-119813 Implement selecting new theme by clicking tile * DNA-119814 Implement canceling theme download API * DNA-119815 Implement canceling theme download UI * DNA-119816 Handle error callback from download/install * DNA-119817 Implement ability to see themes being downloaded when opening themes gallery * DNA-119834 Sometimes onboarding is blank and useless * DNA-119835 Crash at opera::VibesServiceImpl::OnVibeInstalled * DNA-119846 Animated wallpapers doesn't work in Classic theme * DNA-119848 Add tests for addonsPrivate.cancelInstallation and isThemeInstallationPending * DNA-119863 Create a configuration for preinstalled theme * DNA-119924 Relaunch button resets the toggle instead of relaunching browser * DNA-119979 Crash at opera::VibesDataReaderImpl:: LoadDefaultColorsForVibe * DNA-119983 DevTools reverts to Light Mode after restart * DNA-120018 Context menus not opening for some internal pages * DNA-120020 The light mode icon on the mixer page is nearly invisible * DNA-120210 Crash at base::internal::flat_tree::contains - Update to 115.0.5322.77 * CHR-9896 Update Chromium on desktop-stable-130-5322 to 130.0.6723.137 * DNA-119410 Crash at opera::WebPanelView::ClosePanel * DNA-119466 Unable to open easy setup page when color-theme flag is disabled * DNA-119955 [My Flow] downloading a file never ends Important CVE-2024-11395 at SUSE CVE-2024-11395 at NVD Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: - Chromium 135.0.7049.84 (stable release 2025-04-08) (boo#1240968) * CVE-2025-3066: Use after free in Site Isolation Important SUSE bug 1238826 SUSE bug 1239780 SUSE bug 1240968 CVE-2025-3066 at SUSE CVE-2025-3066 at NVD cpe:/o:opensuse:leap:15.6 Security update for perl-Data-Entropy (Moderate) openSUSE Leap 15.6 This update for perl-Data-Entropy fixes the following issues: Updated to 0.8.0 (0.008): see /usr/share/doc/packages/perl-Data-Entropy/Changes Version 0.008; 2025-03-27: * Use Crypt::URandom to seed the default algorithm with cryptographically secure random bytes instead of the builtin rand() function (boo#1240395, CVE-2025-1860). * This module has been marked as deprecated. * A security policy was added. * Remove use of Module::Build. * Updated maintainer information. Moderate SUSE bug 1240395 CVE-2025-1860 at SUSE CVE-2025-1860 at NVD cpe:/o:opensuse:leap:15.6 Security update for rubygem-rexml (Moderate) openSUSE Leap 15.6 rubygem-rexml was updated to 3.3.9: - fixes CVE-2024-49761, CVE-2024-43398, CVE-2024-41946, CVE-2024-41123, CVE-2024-39908, CVE-2024-35176 - bsc#1232440, bsc#1229673, bsc#1228799, bsc#1228794, bsc#1228072, bsc#1224390 Moderate SUSE bug 1224390 SUSE bug 1228072 SUSE bug 1228794 SUSE bug 1228799 SUSE bug 1229673 SUSE bug 1232440 CVE-2024-35176 at SUSE CVE-2024-35176 at NVD CVE-2024-39908 at SUSE CVE-2024-39908 at NVD CVE-2024-41123 at SUSE CVE-2024-41123 at NVD CVE-2024-41946 at SUSE CVE-2024-41946 at NVD CVE-2024-43398 at SUSE CVE-2024-43398 at NVD CVE-2024-49761 at SUSE CVE-2024-49761 at NVD cpe:/o:opensuse:leap:15.6 Security update for coredns (Moderate) openSUSE Leap 15.6 This update for coredns fixes the following issues: - Update to version 1.12.1: * core: Increase CNAME lookup limit from 7 to 10 (#7153) * plugin/kubernetes: Fix handling of pods having DeletionTimestamp set * plugin/kubernetes: Revert 'only create PTR records for endpoints with hostname defined' * plugin/forward: added option failfast_all_unhealthy_upstreams to return servfail if all upstreams are down * bump dependencies, fixing boo#1239294 and boo#1239728 - Update to version 1.12.0: * New multisocket plugin - allows CoreDNS to listen on multiple sockets * bump deps - Update to version 1.11.4: * forward plugin: new option next, to try alternate upstreams when receiving specified response codes upstreams on (functions like the external plugin alternate) * dnssec plugin: new option to load keys from AWS Secrets Manager * rewrite plugin: new option to revert EDNS0 option rewrites in responses - Update to version 1.11.3+git129.387f34d: * fix CVE-2024-51744 (bsc#1232991) build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (#6955) * core: set cache-control max-age as integer, not float (#6764) * Issue-6671: Fixed the order of plugins. (#6729) * `root`: explicit mark `dnssec` support (#6753) * feat: dnssec load keys from AWS Secrets Manager (#6618) * fuzzing: fix broken oss-fuzz build (#6880) * Replace k8s.io/utils/strings/slices by Go stdlib slices (#6863) * Update .go-version to 1.23.2 (#6920) * plugin/rewrite: Add 'revert' parameter for EDNS0 options (#6893) * Added OpenSSF Scorecard Badge (#6738) * fix(cwd): Restored backwards compatibility of Current Workdir (#6731) * fix: plugin/auto: call OnShutdown() for each zone at its own OnShutdown() (#6705) * feature: log queue and buffer memory size configuration (#6591) * plugin/bind: add zone for link-local IPv6 instead of skipping (#6547) * only create PTR records for endpoints with hostname defined (#6898) * fix: reverter should execute the reversion in reversed order (#6872) * plugin/etcd: fix etcd connection leakage when reload (#6646) * kubernetes: Add useragent (#6484) * Update build (#6836) * Update grpc library use (#6826) * Bump go version from 1.21.11 to 1.21.12 (#6800) * Upgrade antonmedv/expr to expr-lang/expr (#6814) * hosts: add hostsfile as label for coredns_hosts_entries (#6801) * fix TestCorefile1 panic for nil handling (#6802) Moderate SUSE bug 1239294 SUSE bug 1239728 CVE-2024-51744 at SUSE CVE-2024-51744 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issue: chromium 135.0.7049.95 (stable release 2025-04-15) (boo#1241288): * CVE-2025-3619: Heap buffer overflow in Codecs * CVE-2025-3620: Use after free in USB Important SUSE bug 1241288 CVE-2025-3619 at SUSE CVE-2025-3619 at NVD CVE-2025-3620 at SUSE CVE-2025-3620 at NVD cpe:/o:opensuse:leap:15.6 Security update for libjxl (Moderate) openSUSE Leap 15.6 This update for libjxl fixes the following issues: - Update to release 0.8.4 * Huffman lookup table size fix [CVE-2024-11403] * Check height limit in modular trees [CVE-2024-11498] Moderate SUSE bug 1233768 SUSE bug 1233785 CVE-2024-11403 at SUSE CVE-2024-11403 at NVD CVE-2024-11498 at SUSE CVE-2024-11498 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Django (Important) openSUSE Leap 15.6 This update for python-Django fixes the following issues: - CVE-2024-56374: Fixed a denial of service when performing IPv6 validation (boo#1235856). Important SUSE bug 1235856 CVE-2024-56374 at SUSE CVE-2024-56374 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: - Chromium 136.0.7103.48 (stable release 2025-04-29) (boo#1242153) * CVE-2025-4096: Heap buffer overflow in HTML. Reported by Anonymous on 2025-04-11 * CVE-2025-4050: Out of bounds memory access in DevTools. Reported by Anonymous on 2025-04-09 * CVE-2025-4051: Insufficient data validation in DevTools. Reported by Daniel Fr?jdendahl on 2025-03-1 * CVE-2025-4052: Inappropriate implementation in DevTools. Reported by vanillawebdev on 2025-03-10 - bump esbuild from 0.24.0 to 0.25.1 * Fix incorrect paths in inline source maps (#4070, #4075, #4105) * Fix invalid generated source maps (#4080, #4082, #4104, #4107) * Fix a regression with non-file source map paths (#4078) * Update Go from 1.23.5 to 1.23.7 (#4076, #4077) - Chromium 135.0.7049.114 (stable release 2025-04-22) * stability fixes Important SUSE bug 1242153 CVE-2025-4050 at SUSE CVE-2025-4050 at NVD CVE-2025-4051 at SUSE CVE-2025-4051 at NVD CVE-2025-4052 at SUSE CVE-2025-4052 at NVD CVE-2025-4096 at SUSE CVE-2025-4096 at NVD cpe:/o:opensuse:leap:15.6 Security update for mozjs102 (Moderate) openSUSE Leap 15.6 This update for mozjs102 fixes the following issue: - CVE-2024-56431: avoid negative shift in huffdec.c (bsc#1234837). Moderate SUSE bug 1234837 CVE-2024-56431 at SUSE CVE-2024-56431 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: Chromium 136.0.7103.92 (boo#1242717) * CVE-2025-4372: Use after free in WebAudio Important SUSE bug 1242717 CVE-2025-4372 at SUSE CVE-2025-4372 at NVD cpe:/o:opensuse:leap:15.6 Security update for proftpd (Important) openSUSE Leap 15.6 This update for proftpd fixes the following issues: Update to 1.3.8c: - CVE-2024-48651: supplemental group inheritance grants unintended access to GID 0 (boo#1233997) Important SUSE bug 1233997 CVE-2024-48651 at SUSE CVE-2024-48651 at NVD cpe:/o:opensuse:leap:15.6 Security update for kanidm (Moderate) openSUSE Leap 15.6 This update for kanidm fixes the following issues: - Update to version 1.6.2~git0.a20663ea8: * Release 1.6.2 * fix: clippy * maint: typo in log message * Set kid manually to prevent divergence * Order keys in application JWKS / Fix rotation bug * Fix toml issues with strings - Update to version 1.6.1~git0.2e4429eca: * Release 1.6.1 * Resolve reload of oauth2 on startup (#3604) - CVE-2025-3416: Fixed openssl use after free (boo#1242642) - Update to version 1.6.0~git0.d7ae0f336: * Release 1.6.0 * Avoid openssl for md4 * Fixes #3586, inverts the navbar button color (#3593) * Release 1.6.0-pre * chore: Release Notes (#3588) * Do not require instances to exist during optional config load (#3591) * Fix std::fmt::Display for some objects (#3587) * Drop fernet in favour of JWE (#3577) * docs: document how to configure oauth2 for opkssh (#3566) * Add kanidm_ssh_authorizedkeys_direct to client deb (#3585) * Bump the all group in /pykanidm with 2 updates (#3581) * Update dependencies, fix a bunch of clippy lints (#3576) * Support spaces in ssh key comments (#3575) * 20250402 3423 proxy protocol (#3542) * fix(web): Preserve SSH key content on form validation error (#3574) * Bump the all group in /pykanidm with 3 updates (#3572) * Bump the all group in /pykanidm with 2 updates (#3564) * Bump crossbeam-channel from 0.5.14 to 0.5.15 in the cargo group (#3560) * Improve token handling (#3553) * Bump tokio from 1.44.1 to 1.44.2 in the cargo group (#3549) * Update fs4 and improve klock handling (#3551) * Less footguns (#3552) * Unify unix config parser (#3533) * Bump openssl from 0.10.71 to 0.10.72 in the cargo group (#3544) * Bump the all group in /pykanidm with 8 updates (#3547) * implement notify-reload protocol (#3540) * Allow versioning of server configs (#3515) * 20250314 remove protected plugin (#3504) * Bump the all group with 10 updates (#3539) * Bump mozilla-actions/sccache-action from 0.0.8 to 0.0.9 in the all group (#3538) * Bump the all group in /pykanidm with 4 updates (#3537) * Add max_ber_size to freeipa sync (#3530) * Bump the all group in /pykanidm with 5 updates (#3524) * Update Concread * Update developer_ethics.md (#3520) * Update examples.md (#3519) * Make schema indexing a boolean instead of index types (#3517) * Add missing lld dependency and fix syntax typo (#3490) * Update shell.nix to work with stable nixpkgs (#3514) * Improve unixd tasks channel comments (#3510) * Update kanidm_ppa_automation reference to latest (#3512) * Add set-description to group tooling (#3511) * packaging: Add kanidmd deb package, update documentation (#3506) * Bump the all group in /pykanidm with 5 updates (#3508) * 20250313 unixd system cache (#3501) * Support rfc2307 memberUid in sync operations. (#3466) * Bump mozilla-actions/sccache-action from 0.0.7 to 0.0.8 in the all group (#3496) * Update Traefik config example to remove invalid label (#3500) * Add uid/gid allocation table (#3498) * 20250225 ldap testing in testkit (#3460) * Bump the all group in /pykanidm with 5 updates (#3494) * Bump ring from 0.17.10 to 0.17.13 in the cargo group (#3491) * Handle form-post as a response mode (#3467) * book: fix english (#3487) * Correct paths with Kanidm Tools Container (#3486) * 20250225 improve test performance (#3459) * Bump the all group in /pykanidm with 8 updates (#3484) * Use lld by default on linux (#3477) * 20250213 patch used wrong acp (#3432) * Android support (#3475) * Changed all CI/CD builds to locked (#3471) * Make it a bit clearer that providers are needed (#3468) * Fix incorrect credential generation in radius docs (#3465) * Add crypt formats for password import (#3458) * build: Create daemon image from scratch (#3452) * address webfinger doc feedbacks (#3446) * Bump the all group across 1 directory with 5 updates (#3453) * [htmx] Admin ui for groups and users management (#3019) * Fixes #3406: add configurable maximum queryable attributes for LDAP (#3431) * Accept invalid certs and fix token_cache_path (#3439) * Accept lowercase ldap pwd hashes (#3444) * TOTP label verification (#3419) * Rewrite WebFinger docs (#3443) * doc: fix formatting of URL table, remove Caddyfile instructions (#3442) * book: add OAuth2 Proxy example (#3434) * Exempt idm_admin and admin from denied names. (#3429) * Book fixes (#3433) * ci: uniform Docker builds (#3430) * 20240213 3413 domain displayname (#3425) * Correct path to kanidm config example in documentation. (#3424) * Support redirect uris with query parameters (#3422) * Update to 1.6.0-dev (#3418) * Remove white background from square logo. (#3417) * feat: Added webfinger implementation (#3410) * Bump the all group in /pykanidm with 7 updates (#3412) - Update to version 1.5.0~git2.21c2a1bd0: * fix: documentation fail (#3555) Moderate SUSE bug 1242642 CVE-2025-3416 at SUSE CVE-2025-3416 at NVD cpe:/o:opensuse:leap:15.6 Security update for git-lfs (Moderate) openSUSE Leap 15.6 This update for git-lfs fixes the following issues: Update to 3.6.1: (boo#1235876): This release introduces a security fix for all platforms, which has been assigned CVE-2024-53263. When requesting credentials from Git for a remote host, prior versions of Git LFS passed portions of the host's URL to the git-credential(1) command without checking for embedded line-ending control characters, and then sent any credentials received back from the Git credential helper to the remote host. By inserting URL-encoded control characters such as line feed (LF) or carriage return (CR) characters into the URL, an attacker might have been able to retrieve a user's Git credentials. Git LFS now prevents bare line feed (LF) characters from being included in the values sent to the git-credential(1) command, and also prevents bare carriage return (CR) characters from being included unless the credential.protectProtocol configuration option is set to a value equivalent to false. * Bugs - Reject bare line-ending control characters in Git credential requests (@chrisd8088) update to version 3.6.0: - https://github.com/git-lfs/git-lfs/releases/tag/v3.6.0 update to 3.5.1: * Build release assets with Go 1.21 #5668 (@bk2204) * script/packagecloud: instantiate distro map properly #5662 (@bk2204) * Install msgfmt on Windows in CI and release workflows #5666 (@chrisd8088) update to version 3.4.1: - https://github.com/git-lfs/git-lfs/releases/tag/v3.4.1 Moderate SUSE bug 1235876 CVE-2024-53263 at SUSE CVE-2024-53263 at NVD cpe:/o:opensuse:leap:15.6 Security update for cpp-httplib (Important) openSUSE Leap 15.6 This update for cpp-httplib fixes the following issues: - CVE-2025-46728: Unbounded Memory Allocation in Chunked/No-Length Requests (boo#1242777) Important SUSE bug 1242777 CVE-2025-46728 at SUSE CVE-2025-46728 at NVD cpe:/o:opensuse:leap:15.6 Security update for deepin-feature-enable (Moderate) openSUSE Leap 15.6 This update for deepin-feature-enable fixes the following: Clear package contents (since it cannot be deleted from the already published codestream) due to a packaging policy violation: See https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/AXUHM4Q4SMFZHEHZL6MEV4VOMO23QIZQ/ for more information. Moderate cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: Chromium 136.0.7103.113 (stable release 2025-05-14) (boo#1243205) * CVE-2025-4664: Insufficient policy enforcement in Loader * CVE-2025-4609: Incorrect handle provided in unspecified circumstances in Mojo Important SUSE bug 1243205 CVE-2025-4609 at SUSE CVE-2025-4609 at NVD CVE-2025-4664 at SUSE CVE-2025-4664 at NVD cpe:/o:opensuse:leap:15.6 Security update for neatvnc (Moderate) openSUSE Leap 15.6 This update for neatvnc fixes the following issues: - Update to 0.9.2: * This patch release adds missing bounds checks. Two buffer overflow vulnerabilities were reported by Frederik Reiter who also provided patches to fix them. There are potential security implications, but only authenticated clients would be able to exploit these vulnerabilities, if at all. Nevertheless, it is prudent to update as soon as possible. - Update to 0.9.1: * Fix a data type mismatch in the clipboard code that caused the build to fail for 32 bit architectures. - Update to 0.9.0: Highlights: * A v4l2m2m based H.264 encoder that works on Raspberry Pi 1 to 4, sponsored by Raspberry Pi Ltd. * Extended clipboard for UTF-8 text was implemented by Attila Fidan. * Listening on a pre-bound file descriptor, implemented by Attila Fidan. * The continuous updates extension was implemented by Philipp Zabel. * We now have simple bandwidth estimation and improved frame pacing. * Methods for rating pixel formats and modifiers have according to Neat VNC's preferences have been added. * The Qemu/VMWare LED state extensions have been implemented. * H.264 encoders will now encode the correct colour space into the elementary stream. Bug fixes: * Some memory leaks and reference counting errors have been eradicated. * A race between resizing events and framebuffer updates that would cause a buffer with the previous size to be sent after a resize event has been fixed. * Buffers with 24 bits per pixel will now result in 32 bpp being reported to the client because 24 bpp is not allowed by the protocol. Nvidia users should now be able to use a wider selection of clients as a result of this change. - boo#1228777 (CVE-2024-42458) Update to 0.8.1: * Add sanity check for chosen security type - Update to 0.8.0: Highlights: * The colour map pixel format as described in RFC 6143 has been implemented. Before, the client would just get disconnected if they requested it. Now they get a map that emulates RGB332. * Momentary interception of log messages. The user can now set a thread-local log hander and then set it back to the default. * Philip Zabel made the code more consistent with the style guide. Breaking Changes: * nvnc_client_get_hostname has been replaced with nvnc_client_get_address Bugfixes: * Apple's Diffie-Hellman authentication (security type 30) has been fixed. * A new client connection no longer causes a DNS lookup. - Update to 0.7.2: * Clients are now allowed to request more than 32 encodings (#108) * Zlib streams are now preserved when a client switches between encodings (#109) - Update to 0.7.1: * Apple's Diffie-Hellman authentication (security type 30) has been fixed. * A new client connection no longer causes a DNS lookup. - Update to 0.7.0: * Desktop resizing * Software pixel buffers with less than 32 bits per pixel are now supported * The server may now choose to open a websocket instead of a regular TCP socket * The RSA-AES and RSA-AES-256 security types have now been implemented * A Diffie-Hellman based security type frame Apple is also implemented, although not recommended * Murmurhash in the damage refinery has been replaced with xxHash, which performs much better in my tests so far * Users should now get proper feedback when authentication fails Moderate SUSE bug 1228777 CVE-2024-42458 at SUSE CVE-2024-42458 at NVD cpe:/o:opensuse:leap:15.6 Security update for afterburn (Moderate) openSUSE Leap 15.6 This update for afterburn fixes the following issues: - Update to version 5.8.2: * cargo: Afterburn release 5.8.2 * docs/release-notes: update for release 5.8.2 * cargo: update dependencies * cargo: Afterburn release 5.8.1 * cargo: Afterburn release 5.8.0 * docs/release-notes: update for release 5.8.0 * cargo: update dependencies * packit: add initial support - Update to version 5.7.0.git103.bae893c: * Sync repo templates * build(deps): bump crossbeam-channel from 0.5.13 to 0.5.15 * build(deps): bump tokio from 1.40.0 to 1.44.2 * build(deps): bump openssl from 0.10.71 to 0.10.72 fixes RUSTSEC-2025-0022 AKA CVE-2025-3416 * build(deps): bump zbus from 4.4.0 to 5.5.0 * mod.rs: Fix clippy lint errors * release-notes.md: add release notes for rust version update * Cargo.toml: bump MSRV to 1.84.1 * Fix clippy lint issues * Sync repo templates * build(deps): bump mockito from 1.6.1 to 1.7.0 * build(deps): bump serde_json from 1.0.139 to 1.0.140 * build(deps): bump tempfile from 3.17.1 to 3.19.1 * build(deps): bump clap from 4.5.31 to 4.5.35 * build(deps): bump reqwest from 0.12.12 to 0.12.15 * Update release notes. * proxmoxve: Add more context to log messages. * proxmoxve: Remove unneeded fields * proxmoxve: Add tests for static network configuration from cloud-init. * proxmoxve: Add support for static network configuration from cloud-init. * build(deps): bump mailparse from 0.15.0 to 0.16.1 * Sync repo templates * build(deps): bump ring from 0.17.8 to 0.17.13 * build(deps): bump anyhow from 1.0.95 to 1.0.96 * release notes: add notes for tempfile bump from 3.16.0 to 3.17.1 * build(deps): bump serde from 1.0.217 to 1.0.218 * build(deps): bump openssl from 0.10.70 to 0.10.71 * build(deps): bump tempfile from 3.16.0 to 3.17.1 * build(deps): bump serde_json from 1.0.138 to 1.0.139 * build(deps): bump clap from 4.5.27 to 4.5.31 * add makefile targets for fmt,lint and test * providers/openstack: ignore ec2 metadata if not present * build(deps): bump openssl from 0.10.66 to 0.10.70 * build(deps): bump serde_json from 1.0.137 to 1.0.138 * build(deps): bump tempfile from 3.14.0 to 3.16.0 * build(deps): bump openssl from 0.10.66 to 0.10.69 * build(deps): bump ipnetwork from 0.20.0 to 0.21.1 * build(deps): bump serde from 1.0.215 to 1.0.217 * build(deps): bump serde_json from 1.0.133 to 1.0.137 * build(deps): bump anyhow from 1.0.93 to 1.0.95 * build(deps): bump clap from 4.5.21 to 4.5.27 * build(deps): bump reqwest from 0.12.7 to 0.12.12 * Sync repo templates * build(deps): bump mockito from 1.5.0 to 1.6.1 * build(deps): bump serde_json from 1.0.128 to 1.0.133 * build(deps): bump clap from 4.5.17 to 4.5.21 * build(deps): bump tempfile from 3.12.0 to 3.14.0 * build(deps): bump anyhow from 1.0.89 to 1.0.93 * build(deps): bump serde from 1.0.210 to 1.0.215 * docs: add changelog entry * proxmox: use noop provider if no configdrive * add noop provider * release-notes: remove 'upcoming' - Update to version 5.7.0: * cargo: Afterburn release 5.7.0 * docs/release-notes: update for release 5.7.0 * cargo: update dependencies * dhcp: replace dbus_proxy with proxy, and zbus traits * build(deps): bump zbus from 3.15.2 to 4.4.0 * build(deps): bump tempfile from 3.10.1 to 3.12.0 * build(deps): bump serde from 1.0.205 to 1.0.210 * build(deps): bump serde_json from 1.0.121 to 1.0.127 * build(deps): bump reqwest from 0.12.5 to 0.12.7 * build(deps): bump uzers from 0.12.0 to 0.12.1 * build(deps): bump clap from 4.5.13 to 4.5.16 * build(deps): bump serde from 1.0.203 to 1.0.205 * build(deps): bump serde_json from 1.0.119 to 1.0.121 * build(deps): bump mockito from 1.4.0 to 1.5.0 * build(deps): bump openssh-keys from 0.6.3 to 0.6.4 * build(deps): bump clap from 4.5.8 to 4.5.13 * build(deps): bump openssl from 0.10.64 to 0.10.66 * providers/hetzner: private ipv4 addresses in attributes * openstack: Document the two platforms * build(deps): bump zerovec-derive from 0.10.2 to 0.10.3 * build(deps): bump zerovec from 0.10.2 to 0.10.4 * build(deps): bump nix from 0.27.1 to 0.29.0 * build(deps): bump clap from 4.5.7 to 4.5.8 * build(deps): bump serde_json from 1.0.117 to 1.0.119 * microsoft/azure: allow empty certificate chain in PKCS12 file * proxmoxve: implement proxmoxve provider * providers/hetzner: fix duplicate attribute prefix * build(deps): bump pnet_base from 0.34.0 to 0.35.0 * cargo: Afterburn release 5.6.0 * docs/release-notes: update for release 5.6.0 * cargo: update dependencies * build(deps): bump libflate from 1.4.0 to 2.1.0 * build(deps): bump base64 from 0.21.7 to 0.22.1 * build(deps): bump uzers from 0.11.3 to 0.12.0 * build(deps): bump pnet_datalink from 0.34.0 to 0.35.0 * build(deps): bump nix from 0.28.0 to 0.29.0 * lint: silence deadcode warnings * lint: address latest lint's from msrv update * workflows/rust: directly update toolchain to 1.75.0 * cargo: update msrv to 1.75 * Sync repo templates * build(deps): bump reqwest from 0.12.2 to 0.12.4 * build(deps): bump serde from 1.0.197 to 1.0.200 * build(deps): bump anyhow from 1.0.81 to 1.0.82 * build(deps): bump mailparse from 0.14.1 to 0.15.0 * build(deps): bump serde_json from 1.0.115 to 1.0.116 * Sync repo templates * providers: Add 'akamai' provider * build(deps): bump h2 from 0.3.24 to 0.3.26 * build(deps): bump anyhow from 1.0.79 to 1.0.81 * build(deps): bump serde_json from 1.0.113 to 1.0.115 * build(deps): bump reqwest from 0.11.24 to 0.12.2 * build(deps): bump serde_yaml from 0.9.32 to 0.9.34+deprecated * build(deps): bump mio from 0.8.10 to 0.8.11 * build(deps): bump mailparse from 0.14.0 to 0.14.1 * build(deps): bump openssl from 0.10.62 to 0.10.64 * build(deps): bump nix from 0.27.1 to 0.28.0 * build(deps): bump mockito from 1.2.0 to 1.4.0 * build(deps): bump tempfile from 3.9.0 to 3.10.1 * build(deps): bump serde_yaml from 0.9.31 to 0.9.32 * build(deps): bump serde from 1.0.195 to 1.0.197 * build(deps): bump h2 from 0.3.23 to 0.3.24 * build(deps): bump slog-term from 2.9.0 to 2.9.1 * build(deps): bump serde_yaml from 0.9.30 to 0.9.31 * build(deps): bump serde_json from 1.0.111 to 1.0.113 * build(deps): bump clap from 4.4.16 to 4.4.18 * build(deps): bump reqwest from 0.11.23 to 0.11.24 * Sync repo templates * cargo: Afterburn release 5.5.1 * docs/release-notes: update for release 5.5.1 * cargo: update dependencies * build(deps): bump anyhow from 1.0.75 to 1.0.78 * build(deps): bump serde_yaml from 0.9.27 to 0.9.29 * build(deps): bump reqwest from 0.11.22 to 0.11.23 * build(deps): bump serde_json from 1.0.108 to 1.0.109 * build(deps): bump openssl from 0.10.60 to 0.10.62 * build(deps): bump tempfile from 3.8.1 to 3.9.0 * build(deps): bump clap from 4.4.10 to 4.4.12 * build(deps): bump unsafe-libyaml from 0.2.9 to 0.2.10 * providers/vmware: add missing public functions for non-amd64 * build(deps): bump clap from 4.4.8 to 4.4.10 * cargo: Afterburn release 5.5.0 * build(deps): bump openssl from 0.10.59 to 0.10.60 * Sync repo templates * docs/release-notes: update for release 5.5.0 * cargo: update dependencies * ci: cancel previous build on PR update * build(deps): allow building with libsystemd 0.7.0 * providers/vmware: Process guestinfo.metadata netplan configuration * kubevirt: Run afterburn-hostname service * build(deps): bump reqwest from 0.11.20 to 0.11.22 * build(deps): bump tempfile from 3.8.0 to 3.8.1 * build(deps): bump clap from 4.4.6 to 4.4.7 * build(deps): bump serde_json from 1.0.107 to 1.0.108 * build(deps): bump serde_yaml from 0.9.25 to 0.9.27 * build(deps): bump rustix from 0.37.19 to 0.37.25 * build(deps): bump clap from 4.4.2 to 4.4.6 * build(deps): bump serde_json from 1.0.105 to 1.0.107 * build(deps): bump mockito from 1.1.0 to 1.2.0 * providers: add support for scaleway * Move away from deprecated `users` to `uzers` * Sync repo templates * providers/hetzner: add support for Hetzner Cloud * build(deps): bump clap from 4.4.1 to 4.4.2 * cargo: update MSRV to 1.71 * build(deps): bump clap from 4.3.19 to 4.4.1 * chore: Get rid of Clippy warnings * cargo: specify required features for nix dependency * build(deps): bump nix from 0.26.2 to 0.27.1 * build(deps): bump slog-async from 2.7.0 to 2.8.0 * build(deps): bump openssl from 0.10.56 to 0.10.57 * build(deps): bump reqwest from 0.11.18 to 0.11.20 * build(deps): bump serde from 1.0.185 to 1.0.188 * Sync repo templates * build(deps): bump tempfile from 3.7.1 to 3.8.0 * build(deps): bump serde from 1.0.183 to 1.0.185 * build(deps): bump anyhow from 1.0.72 to 1.0.75 * build(deps): bump serde_json from 1.0.104 to 1.0.105 * build(deps): bump openssl from 0.10.55 to 0.10.56 * build(deps): bump tempfile from 3.7.0 to 3.7.1 * build(deps): bump serde from 1.0.180 to 1.0.183 * Sync repo templates * build(deps): bump serde from 1.0.179 to 1.0.180 * build(deps): bump serde_json from 1.0.103 to 1.0.104 * build(deps): bump serde from 1.0.175 to 1.0.179 * build(deps): bump pnet_datalink from 0.33.0 to 0.34.0 * build(deps): bump serde from 1.0.171 to 1.0.175 * build(deps): bump clap from 4.3.14 to 4.3.19 * build(deps): bump pnet_base from 0.33.0 to 0.34.0 * build(deps): bump serde_yaml from 0.9.23 to 0.9.25 * build(deps): bump tempfile from 3.6.0 to 3.7.0 * build(deps): bump clap from 4.3.11 to 4.3.14 * build(deps): bump serde_yaml from 0.9.22 to 0.9.23 * build(deps): bump anyhow from 1.0.71 to 1.0.72 * build(deps): bump serde_json from 1.0.100 to 1.0.103 * Sync repo templates * build(deps): bump clap from 4.3.10 to 4.3.11 * build(deps): bump serde_json from 1.0.99 to 1.0.100 * build(deps): bump openssh-keys from 0.6.1 to 0.6.2 * build(deps): bump zbus from 3.13.1 to 3.14.1 * build(deps): bump clap from 4.3.8 to 4.3.10 * build(deps): bump serde from 1.0.164 to 1.0.165 * build(deps): bump serde_json from 1.0.96 to 1.0.99 * build(deps): bump clap from 4.3.3 to 4.3.8 * build(deps): bump serde_yaml from 0.9.21 to 0.9.22 * build(deps): bump openssl from 0.10.54 to 0.10.55 * build(deps): bump mockito from 1.0.2 to 1.1.0 * Sync repo templates * openstack: Add attribute OPENSTACK_INSTANCE_UUID * build(deps): bump serde from 1.0.163 to 1.0.164 * build(deps): bump clap from 4.3.2 to 4.3.3 * build(deps): bump tempfile from 3.5.0 to 3.6.0 * cargo: Afterburn release 5.4.3 * docs/release-notes: update for release 5.4.3 * cargo: update dependencies * cargo: allow openssl 0.10.46 * build(deps): bump openssl from 0.10.52 to 0.10.54 * build(deps): bump openssh-keys from 0.6.0 to 0.6.1 * build(deps): bump vmw_backdoor from 0.2.3 to 0.2.4 * ci: strip debug symbols * Sync repo templates * build-sys: Use new tier = 2 for cargo-vendor-filterer * build(deps): bump reqwest from 0.11.17 to 0.11.18 * cargo: Afterburn release 5.4.2 * docs/release-notes: update for release * docs/release-notes: note Azure SSH regression fix with new openssl * cargo: fix minimum version of openssl crate * build(deps): bump serde from 1.0.162 to 1.0.163 * build(deps): bump zbus from 3.12.0 to 3.13.1 * build(deps): bump serde from 1.0.160 to 1.0.162 * build(deps): bump anyhow from 1.0.70 to 1.0.71 * build(deps): bump openssl from 0.10.51 to 0.10.52 * build(deps): bump reqwest from 0.11.16 to 0.11.17 * build(deps): bump openssl from 0.10.50 to 0.10.51 * build(deps): bump enumflags2 from 0.7.5 to 0.7.7 * build(deps): bump openssl from 0.10.48 to 0.10.50 * build(deps): bump zbus from 3.11.1 to 3.12.0 * build(deps): bump serde_json from 1.0.95 to 1.0.96 * build(deps): bump h2 from 0.3.15 to 0.3.17 * build(deps): bump openssl from 0.10.47 to 0.10.48 * microsoft/crypto/mod: replace deprecated function `parse` with `parse2` * build(deps): bump serde from 1.0.159 to 1.0.160 * build(deps): bump serde_yaml from 0.9.19 to 0.9.21 * build(deps): bump tempfile from 3.4.0 to 3.5.0 * build(deps): bump serde from 1.0.158 to 1.0.159 * build(deps): bump mockito from 1.0.1 to 1.0.2 * Update mockito to 1.0.1 * build(deps): bump reqwest from 0.11.15 to 0.11.16 * build(deps): bump serde_json from 1.0.94 to 1.0.95 * cli: switch to clap derive * cli: add descriptive value names for option arguments in --help * build(deps): bump zbus from 3.11.0 to 3.11.1 * build(deps): bump openssl from 0.10.45 to 0.10.47 * build(deps): bump reqwest from 0.11.14 to 0.11.15 * build(deps): bump serde from 1.0.155 to 1.0.158 * build(deps): bump anyhow from 1.0.69 to 1.0.70 * cli: have clap require exactly one of --cmdline/--provider * providers/*: move endpoint mocking into retry::Client * retry/client: move URL parsing into helper function * providers/microsoft: import crate::retry * providers/microsoft: use stored client for all fetches * providers/packet: use stored client for boot checkin * build(deps): bump zbus from 3.10.0 to 3.11.0 * build(deps): bump serde from 1.0.152 to 1.0.155 * Sync repo templates * docs: Use upstream theme and update to 0.4.1 * build(deps): bump serde_json from 1.0.93 to 1.0.94 * build(deps): bump serde_yaml from 0.9.17 to 0.9.19 * build(deps): bump mockito from 0.32.3 to 0.32.4 * build(deps): bump tempfile from 3.3.0 to 3.4.0 * initrd: remember to write trailing newline to network kargs file * util: drop obsolete 'OEM' terminology * Update to clap 4 * build(deps): bump mockito from 0.31.1 to 0.32.3 * workflows: update clippy to 1.67 * Fix clippy lints * Inline variables into format strings * build(deps): bump zbus from 3.9.0 to 3.10.0 * build(deps): bump serde_json from 1.0.92 to 1.0.93 Moderate CVE-2025-3416 at SUSE CVE-2025-3416 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Django (Moderate) openSUSE Leap 15.6 This update for python-Django fixes the following issues: - CVE-2024-53907: Fixed a denial of service in django.utils.html.strip_tags() (boo#1234232) - CVE-2025-26699: Fixed a denial of service in django.utils.text.wrap() (boo#1239052) - CVE-2025-32873: Fixed a denial of service in strip_tags() (boo#1242210) Moderate SUSE bug 1234232 SUSE bug 1239052 SUSE bug 1242210 CVE-2024-53907 at SUSE CVE-2024-53907 at NVD CVE-2025-26699 at SUSE CVE-2025-26699 at NVD CVE-2025-32873 at SUSE CVE-2025-32873 at NVD cpe:/o:opensuse:leap:15.6 Security update for upx (Moderate) openSUSE Leap 15.6 upx was updated to release 5.0.0: - CVE-2025-2849: Fixed UPX p_lx_elf.cpp un_DT_INIT heap-based overflow (boo#1240236) Moderate SUSE bug 1240236 CVE-2025-2849 at SUSE CVE-2025-2849 at NVD cpe:/o:opensuse:leap:15.6 Security update for iptraf-ng (Moderate) openSUSE Leap 15.6 iptraf-ng was updated to release 1.2.2: * serv.c: validate loading/saving/entry of port ranges * limit interface name lengths to IFNAMSIZ [CVE-2024-52949] Moderate SUSE bug 1233683 CVE-2024-52949 at SUSE CVE-2024-52949 at NVD cpe:/o:opensuse:leap:15.6 Security update for glow (Moderate) openSUSE Leap 15.6 This update for glow fixes the following issues: - CVE-2025-22872: Fixed embedded golang.org/x/net/html package that incorrectly interpreted tags could have cause content to be placed wrong scope during DOM construction (boo#1241812). Moderate SUSE bug 1241812 CVE-2025-22872 at SUSE CVE-2025-22872 at NVD cpe:/o:opensuse:leap:15.6 Security update for opera (Important) openSUSE Leap 15.6 NonFree This update for opera fixes the following issues: Update to 119.0.5497.38: * DNA-122123 [Clear browsing data on exit] Options remain checked if previously selected after sync is enabled * DNA-122275 Add tooltip to 'On exit' part in settings * DNA-122370 [O119 only] Remove DumpWithoutCrashing related to DNA-121917 * DNA-122377 In-house translations for on-exit tooltip * DNA-122401 DumpWithoutCrashing at sql::(anonymous namespace):: RecordOpenDatabaseFailureReason(const class std:: __Cr::basic_string& const, sql::(anonymous namespace):: OpenDatabaseFailedReason) * DNA-122411 Backport fix for CVE-2025-4664 Changes in 119.0.5497.28: * DNA-122080 Crash when creating split screen from orphaned and pinned tab Update to 119.0.5497.29: * DNA-121093 Possibility to remove the only/last classic theme * DNA-121561 After reopening, easy setup doesn’t start from the top * DNA-122080 Crash when creating split screen from orphaned and pinned tab * DNA-122287 [Clear browsing data on exit] Missing translations for information tooltip * DNA-122323 Promote 119 to stable - Complete Opera 119 changelog at: https://blogs.opera.com/desktop/changelog-for-119 Update to 118.0.5461.83: * DNA-121994 Crash at base::ObserverList::RemoveObserver * DNA-122012 Crash at opera::ComponentTabCyclerView:: HighlightContents * DNA-122043 Converting different currencies into RUB, BYN, HRK, IDR doesn't work * DNA-122053 Text not visible when hovering over options in padlock popup Update to 118.0.5461.60: * DNA-121446 Crash at bookmarks::BookmarkModel::~BookmarkModel * DNA-121567 Sometimes autocomplete in dropdown eats some letters * DNA-121617 [Linux] No settings are displayed on the certificates page * DNA-121790 Crash at signin::IdentityManager:: GetPrimaryAccountInfo * DNA-121908 Installed extensions are located on the left side of the page. * DNA-121984 Not possible to change default cookie settings Update to 118.0.5461.41: * CHR-9973 Update Chromium on desktop-stable-133-5461 to 133.0.6943.143 * DNA-12079 won't activate the drop down menu buttons when clicked on * DNA-115136 Extract common components and styles * DNA-117250 Make split screen drop area flash on hover * DNA-117684 Crash at opera::component_based:: SplitScreenViewDelegate::OnDragUpdated * DNA-118000 Cache weather widget results * DNA-118306 Wallpaper dissappears on Start Page when opening DevTools * DNA-118397 Crash at opera::component_based::ComponentTab ContainerLayout::CalculateProposedLayout * DNA-118548 After pressing Ctrl+F / Cmd+F on the Start Page (SP), the focus should be on the search bar * DNA-119313 Visual bug after creating split screen and destroying tab island * DNA-119620 Crash at opera::component_based::ComponentTabBar ::OnTabGroupClosed * DNA-119724 Crash at TabStripModel::MoveWebContentsAt * DNA-119767 [Video conferencing popup] Tab with opera://video-conference-detached is unexpectedly restored after browser restart when video conf popup is open * DNA-119785 Icons are missing from opera://settings * DNA-119875 Crash at TabGroupModel::GetTabGroup * DNA-119881 [Web UI] Format TypeScript codebase and fix linting errors * DNA-119882 [Styleguide] Format TypeScript resources and fix linting errors * DNA-119927 No spacing maintained between the text and popup's border in opera://extensions * DNA-119943 [Toolbar Miniplayer][Detached miniplayer] Toolbar and detached miniplayer displayed at the same time * DNA-119962 Icons are less visible on opera://settings in Themes section * DNA-119975 [My Flow] Two entries are visible when sending a file * DNA-120009 Remove expired feature base:: kFeatureComponentBasedContextMenu * DNA-120191 [Dcheck] Crash at opera::vpnpro::VpnProUpdaterImpl ::GetComponentVersion * DNA-120326 Crash at TabStripModel::AddToNewGroup * DNA-120338 Show option to close tab in split screen on hover * DNA-120345 Playwright tests failed on dcheck build * DNA-120353 Enable noImplicitAny in TypeScript configuration * DNA-120406 [Settings] Wrong UA translations for sidebar shortcuts settings * DNA-120431 Allow moving split screen tabs to another workspace as a split screen * DNA-120483 DevTools settings display Chrome UI * DNA-120497 Encoding delay visible in WebRTC calls * DNA-120503 Software H.264 encoder not available if hardware acceleration is disabled completely * DNA-120516 Optimise code adding, removing and updating Vibes * DNA-120517 Do not use tab group in TabStripModel, maintain split group view from SplitScreenModel * DNA-120519 Implement session save / restore functionality for Split Screen * DNA-120523 [Toolbar miniplayer] When switching player services with pinned player Option to pin player to toolbar is available * DNA-120534 WebRtcH264BrowserTest.CanSetupH264VideoCall fail with PlatformSoftwareH264EncoderInGpu enabled * DNA-120542 [Toolbar Miniplayer] It is not possible to pin the Miniplayer to the toolbar in private window. * DNA-120547 [Toolbar miniplayer] Button to pin miniplayer to toolbar does not match design in light mode * DNA-120554 Add import bookmark from Arc browser * DNA-120567 [Toolbar miniplayer] Add hover effect to buttons in toolbar miniplayer * DNA-120569 Crash at opera::BrowserWindowImpl:: AddWidgetToTracked * DNA-120582 Bump major version to 118.0 * DNA-120585 'Error' button malfunction @ chrome://extensions errors page * DNA-120588 Layout of extensions-section is broken * DNA-120596 Discord icon is not visible in light mode * DNA-120602 Crash at opera::WorkspacesTest:: VerifyNextTabCyclingOrder * DNA-120610 Upgrade Midsommar from built-in to hosted theme * DNA-120611 Upgrade Aurora from built-in to hosted theme * DNA-120613 Crash when creating new tab from split screen with active infobar * DNA-120632 Crash at TabStripModel::IsTabPinned * DNA-120637 Refreshing the page in discord logs out user * DNA-120639 Remake Themes section in Easy setup React * DNA-120640 Remake Start Page section in Easy setup in React * DNA-120641 Remake AI Services section in Easy setup in React * DNA-120642 Remake Layout section in Easy setup in React * DNA-120648 Translations for Opera 117 * DNA-120649 Improve TypeScript tooling and code quality * DNA-120655 [Toolbar miniplayer][Detached miniplayer] Miniplayer remains visible after refreshing player panel * DNA-120656 [Linux] Crash at opera::MainMenu::RunMenu * DNA-120660 [Split screen] Content of active tab does not fit when creating split screen via context menu * DNA-120661 navigator.geolocation.getCurrentPosition() does not work in extension popup * DNA-120664 Multiple tests from parent: WebRtcH264BrowserTest fail on goth. * DNA-120666 WebRTC falls back from H.264 to VP8 on scaling attempt * DNA-120669 Disable BackgroundResourceFetch * DNA-120670 Workspaces mix up tabs and bookmarks are opened in the wrong workspaces. * DNA-120671 Crash at NavigationNotificationObserver:: TryFinalizeObserver * DNA-120672 Crash at views::BubbleDialogDelegate::SetAnchorView * DNA-120673 [Bookmarks] Open folder icon not visible in opera://bookmarks in dark mode * DNA-120677 Setup React-based internal page for Easy Files * DNA-120678 extensions-section should stick to left * DNA-120679 Create empty web-based popup for Easy Files * DNA-120681 Create web API for retrieving Easy Files items and metadata * DNA-120682 Create initial layout of Easy Files popup * DNA-120683 [Issue back] Sometimes onboarding is blank and useless * DNA-120684 Implement selecting one file * DNA-120685 Implement canceling the popup * DNA-120687 Implement opening system file chooser * DNA-120688 Allow selecting multiple files * DNA-120689 Implement selecting an image * DNA-120691 Wrong space between mini player and sidebar * DNA-120695 Remove initial_background_color from WebContents:: CreateParams * DNA-120699 Crash at PrefService::SetUserPrefValue * DNA-120718 [RateMe] Typo in Ukrainian translation of negative feedback popup * DNA-120720 Crash at opera::component_based:: SplitScreenPageView::GetDropAreaBoundsInScreen * DNA-120721 Crash at opera::VideoConferencePopoutService:: OnDataAvailable * DNA-120725 Parent menu's item is invisible when expanded * DNA-120739 [Task manager] Red background in Opera Task manager * DNA-120755 Rename Web UI dependencies base directory * DNA-120756 Crash at opera::SidebarExpandViewEmbedder:: OnResized * DNA-120760 Add possibility to hide device on synced tabs page * DNA-120770 Update Web UI dependencies * DNA-120791 Import from GX is not available * DNA-120796 Can not select checkbox dont-show-again on Start Page in Private Window * DNA-120802 Implement disconnector on hovering of Split Screen tabs * DNA-120803 Do not show disconnector on inactive Split Screen tabs below minimum width * DNA-120805 Move overlay widget out from FileSelectListenerProxy * DNA-120814 Create public feature flag #split-screen-disconnector * DNA-120815 Create feature flag #split-screen-toolbar * DNA-120816 Test profiles Main and High with #platform-software-h264-encoder-in-gpu * DNA-120818 Crash when creating split screen by drag&drop with active infobar * DNA-120819 Miniplayer disappears on desktop when reopening the player from sidebar * DNA-120820 The Google icon in the search box is pixelated * DNA-120823 Snippets are not handled properly * DNA-120847 Enable BackgroundLoader * DNA-120848 Add ‘x' button to close/dismiss translate popup * DNA-120849 Dismissing popup adds language to never translate from list * DNA-120860 [Web UI] Format CSS codebase and fix linting errors * DNA-120861 Tweak Stylelint rules for CSS files * DNA-120865 [Easy Files] Popup and overlay not adjusting to the page which requested the popup * DNA-120867 [Easy files] Overlay corners are not rounded * DNA-120873 Set two strings as translatable=false * DNA-120881 Update uninstall survey looks (first screen) * DNA-120882 Submit new uninstall survey values * DNA-120883 Create 'What features cause you trouble?' survey step * DNA-120884 Create 'Please tell us more about your reasons for uninstall' screen * DNA-120887 Update Discord icon * DNA-120889 The color picker cannot be selected and cannot be used to pick a custom color in Google applications. * DNA-120898 Split screen group lost after switching workspace and back * DNA-120921 'This tab was snoozed to save memory' appears for no reason * DNA-120926 [Start Page] Remove legacy Start Page resources * DNA-120944 Crash when dragging tab to tab island with split screen inside * DNA-120945 [Speed Dials] SDs background color issue when changing themes * DNA-120969 Crash at opera::continue_on::shopping:: ContinueShoppingBrowserTestBase::WaitUntilOffersAvailable * DNA-120971 WebUI is shown when no Easy Files items available * DNA-120972 Crash at TabDesktopMediaList::Refresh * DNA-120973 Use generated types for API * DNA-120975 Make opera://easy-files in tab work for development * DNA-120977 Turn on flag #split-screen-disconnector on developer * DNA-120978 Crash at opera::BrowserWindowImpl:: GetWebViewBoundsInScreen * DNA-120982 Increase size of the miniplayer * DNA-120983 Add progress bar to Miniplayer * DNA-120984 Replace ‘…' button with ‘pin to toolbar' button * DNA-120985 Add blur to Miniplayer background (album cover) * DNA-120987 Do not show album cover on the toolbar miniplayer * DNA-120988 Show artist and track name in miniplayer on the toolbar when not hovered * DNA-121002 Add possibility to use mediapipe::TextEmbedder * DNA-121017 Update TypeScript to version 5.7.3 * DNA-121021 The Easy Files popup gets hidden beneath the overlay after the Snapshot window in the sidebar app is closed or hidden * DNA-121025 Ensure type safety for API listener calls * DNA-121026 Disallow implicit 'any' type in Sidebar setup files * DNA-121027 Background color of the Easy Files popup does not match the mockup * DNA-121028 The wallpaper section should be hidden when the shader theme is set * DNA-121029 Remake Lucid Mode section in Easy setup in React * DNA-121030 Images appear in a small square in tiles, not filling the entire tile * DNA-121031 The Easy Files popup doesn't fill its entire width with tiles * DNA-121032 The 'Show all files' label should be in a different color and centered * DNA-121033 File path is displayed instead of the file name on the Easy Files popup * DNA-121035 For the sidebar, the tiles are currently displayed in just 1 row * DNA-121036 Rate the feature popup appears in the wrong place, and closes the Easy Files popup * DNA-121046 Display small thumbnail of the cover photo on the left * DNA-121049 Discord icon has additional ‘shadow' * DNA-121053 If the file is too large in width or height, it becomes distorted in the tile * DNA-121055 Button displaying the number of items selected has the wrong background color * DNA-121057 Create API definition generation script * DNA-121059 [Web Codecs] Software H.264 encoding broken if hardware encoding not available * DNA-121060 Crash at extensions::TabsRemoveFunction::RemoveTab * DNA-121061 Add emdd_main, emdd_main_ver column to history urls table * DNA-121070 CLONE – Update uninstall survey looks (first screen) * DNA-121094 Missing a frame around Easy setup window * DNA-121097 Crash at opera::easy_files::EasyFilesView:: SelectFiles * DNA-121122 Easy Files is not hidden/closed when lost focus with feeback popup visible * DNA-121123 Easy files is not closed when the user closes the snapshot window * DNA-121124 Release Metamorphic and Interstellar on beta/stable stream * DNA-121131 After closing the page by pressing the home button, the address remains in the address bar * DNA-121133 Crash at opera::VibesServiceImpl::OnVibeUpdated * DNA-121134 Enable #easier-files on developer stream * DNA-121135 When the slide transitions, the slide is not fully keyboard-navigable and requires mouse interaction to enable keyboard support. * DNA-121146 Unify handling global variables * DNA-121148 The maximum spacing between tiles should be 32px * DNA-121149 Enable opera_feature_pre_install_extension_with_ additional_config * DNA-121161 Disallow explicit 'any' type in Styleguide * DNA-121167 Show uninstall answers in random order * DNA-121183 Add ‘transparent UI' parameter to Vibe logic * DNA-121184 Allow to specify extra palette for window background in Vibe logic * DNA-121191 Split screen is not closed after browser restart * DNA-121193 Re-layout section header and tiles * DNA-121194 Refactor importing sidebar_setup dependencies * DNA-121195 Adjust some fonts on internal pages * DNA-121201 Convert Add Button into a Tile * DNA-121207 FedEx tracking fails to retrieve shipment information * DNA-121210 After enabling tab scrolling, the tab bar narrows on both the left and right sides * DNA-121211 MediaFoundationSoftwareVideoEncoder cannot be used with 854?480 frames * DNA-121215 Crash on exit when there is a split screen * DNA-121220 The shading beneath the tile in the popup needs to be more intense to improve visibility * DNA-121224 Incorrect spacing between the popup and the sidebar * DNA-121227 Change order of themes in theme gallery * DNA-121230 Update TypeScript configuration * DNA-121232 Enable Slack, Discord and Bluesky flag on all streams * DNA-121236 Crash at opera::easy_files::EasyFilesUIController:: OnClipboardItemReady * DNA-121237 Crash at opera::SidebarExpandViewEmbedder::Position * DNA-121238 Crash at opera::WebPageSidebarItemContentBase:: VisibilityChanged * DNA-121256 Update tests for fonts and colors after DNA-121195 * DNA-121260 Disable background music during Google Meet call * DNA-121268 Enable new uninstall survey on Developer stream * DNA-121286 Enable #split-screen-close-tab on all streams * DNA-121287 Enable #split-screen-disconnector on all streams * DNA-121288 Enable #easier-files on all streams * DNA-121290 Enable #miniplayer-redesign-2 on developer stream * DNA-121314 Use the extra palette color to paint the frame * DNA-121318 The artist and track name in the miniplayer on the toolbar are cut off. * DNA-121319 The track artist and track name in the miniplayer on the toolbar is not visible. * DNA-121320 When the miniplayer in the toolbar is hovered over, the miniplayer buttons (previous, play, stop, next) are not visible in light mode. * DNA-121321 Refactor ColorSet struct * DNA-121322 [Opera Translate] [Redesign] Expired #translator flag * DNA-121323 Only icon is visible when dragging Speed Dials * DNA-121328 operaaccount reacts tests not run on buildbot * DNA-121330 React operaaccount tests fail * DNA-121332 Skip react tests on buildbot * DNA-121333 Reenable react tests on buildbot * DNA-121336 opera://crashes cannot be reached * DNA-121338 Translations for Opera 118 * DNA-121340 Blank video track produced on MediaRecorder sample site with software H.264 enoder * DNA-121353 Promote 118.0 to beta * DNA-121355 [Win|Lin] Lack of close button in detached mini-player * DNA-121378 The Miniplayer's background in the toolbar is wrong. * DNA-121385 Remove 'passkey' string * DNA-121392 translator flag expired in 116.0 * DNA-121409 Crash in media::CdmAdapter::GetInterfaceVersion() * DNA-121413 [Toolbar miniplayer] Control buttons are not visible in private window * DNA-121414 The mouse cursor should take the form of a ‘hand' cursor, also indicating the pin to toolbar icon despite the text ‘pin to the toolbar' * DNA-121433 Extend operaBrowserPrivate to expose consent_flow. option.usage_personalized_content * DNA-121444 Crash at opera::VibesServiceImpl::VibesServiceImpl * DNA-121447 Playwright tests fail on debug builds * DNA-121456 Add to Opera modal does not fit on the screen * DNA-121459 The font is too large and the artist's name has wrong color * DNA-121460 The Miniplayer buttons (play, stop, next, previous) are too small * DNA-121462 The progress bar in Miniplayer is too thick * DNA-121470 [Toolbar miniplayer] Album cover not displayed in new browser window * DNA-121474 [Toolbar miniplayer] Song title and artist font does not match the design * DNA-121477 Add unit tests for ColorSet * DNA-121479 [Toolbar Miniplayer] Toolbar miniplayer does not move smoothly when expanding/collapsing extensions section * DNA-121484 [Toolbar miniplayer] Cover art have too rounded corner * DNA-121499 Feedback icon not visible on start page * DNA-121560 Extension updates which requires manual confirmation do not work * DNA-121566 Text in player toolbar shouldn't rotate * DNA-121578 Use product instead of flavor in desktop/infra_build.py * DNA-121582 Crash at extensions::TabsQueryFunction::Run * DNA-121620 Incorrect toggle button background color * DNA-121725 Add menu to Easy Files to give feedback or turn off feature * DNA-121769 The Miniplayer popup has overly sharp corners * DNA-121792 [Easy files] Three-dot menu button should be vertical * DNA-121817 [Toolbar miniplayer] Gap between address bar and miniplayer is too small * DNA-121818 [Toolbar miniplayer] Hover effect on buttons should be the same as hover effect on address bar icons * DNA-121819 Uninstaller – change default button * DNA-121820 Remove additional confirmation popup when uninstalling * DNA-121833 Promote 118 to stable * DNA-121836 Create separate section for Easy Files settings * DNA-121850 Enable #miniplayer-in-toolbar on all streams * DNA-121851 Enable #miniplayer-redesign-2 on all streams * DNA-121866 Inhouse translations for text in Easy Files context menu * DNA-121881 Crash at tabs::UnpinnedTabCollection::AddTabRecursive * DNA-121891 kEnableAdblockerTrackers switch doesnt work Complete Opera 118 changelog at: https://blogs.opera.com/desktop/changelog-for-118 Update to 117.0.5408.197: * DNA-120637 Refreshing the page in discord logs out user Important CVE-2025-4664 at SUSE CVE-2025-4664 at NVD Security update for kubo (Moderate) openSUSE Leap 15.6 This update for kubo fixes the following issues: kubo was updated to 0.35.0: * Opt-in HTTP Retrieval client * Dedicated Reprovider.Strategy for MFS * Experimental support for MFS as a FUSE mount point * Grid view in WebUI * Enhanced DAG-Shaping Controls * Datastore Metrics Now Opt-In * Improved performance of data onboarding * Optimized, dedicated queue for providing fresh CIDs * New Provider configuration options * Deprecated ipfs stats provider * New Bitswap configuration options * Bitswap.Libp2pEnabled * Bitswap.ServerEnabled * Internal.Bitswap.ProviderSearchMaxResults * New Routing configuration options * Routing.IgnoreProviders * Routing.DelegatedRouters * New Pebble database format config * New environment variables * Improved Log Output Setting * New Repo Lock Optional Wait * Updated golang.org/x/net to 0.39.0 (boo#1241776, CVE-2025-22872) - Build with -v flag Update to 0.34.1 - for details see https://github.com/ipfs/kubo/releases/tag/v0.34.1. Update to 0.34.0 - for details see https://github.com/ipfs/kubo/releases/tag/v0.34.0: * AutoTLS now enabled by default for nodes with 1 hour uptime * New WebUI features: CAR file import and QR code sharing * RPC and CLI command changes ~ ipfs config is now validating json fields ~ Deprecated the bitswap reprovide command ~ The stats reprovide command now shows additional stats ~ ipfs files cp now performs basic codec check * Bitswap improvements from Boxo * IPNS publishing TTL change ~ we’ve lowered the default IPNS Record TTL during publishing to 5 minutes * IPFS_LOG_LEVEL deprecated * Pebble datastore format update * Badger datastore update * Datastore Implementation Updates * Datastore Implementation Updates * Fix hanging pinset operations during reprovides * Important dependency updates Update to 0.33.1 - for details see https://github.com/ipfs/kubo/releases/tag/v0.33.1: * Bitswap improvements from Boxo * Improved IPNS interop Update to 0.33.0 - for details see https://github.com/ipfs/kubo/releases/tag/v0.33.0: * Shared TCP listeners: Kubo now supports sharing the same TCP port (4001 by default) by both raw TCP and WebSockets libp2p transports. * AutoTLS takes care of Secure WebSockets setup: It is no longer necessary to manually add /tcp/../ws listeners to Addresses.Swarm when AutoTLS.Enabled is set to true. Kubo will detect if /ws listener is missing and add one on the same port as pre-existing TCP (e.g. /tcp/4001), removing the need for any extra configuration. * Bitswap improvements from Boxo * Using default libp2p_rcmgr metrics: Bespoke rcmgr metrics were removed, Kubo now exposes only the default libp2p_rcmgr metrics from go-libp2p. * Flatfs does not sync on each write: New repositories initialized with flatfs in Datastore.Spec will have sync set to false. * ipfs add --to-files no longer works with --wrap * ipfs --api supports HTTPS RPC endpoints * New options for faster writes: WriteThrough, BlockKeyCacheSize, BatchMaxNodes, BatchMaxSize * MFS stability with large number of writes * New DoH resolvers for non-ICANN DNSLinks: .eth and .crypto * Reliability improvements to the WebRTC Direct listener * Fix: Escape Redirect URL for Directory * Commands Preserve Specified Hostname + Pubsub.Enabled * After install run ipfs daemon --migrate Moderate SUSE bug 1241776 CVE-2025-22872 at SUSE CVE-2025-22872 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: Update to version 137.0.7151.55 (stable release 2025-05-27) (boo#1243741) - CVE-2025-5063: Use after free in Compositing - CVE-2025-5280: Out of bounds write in V8 - CVE-2025-5064: Inappropriate implementation in Background Fetch API - CVE-2025-5065: Inappropriate implementation in FileSystemAccess API - CVE-2025-5066: Inappropriate implementation in Messages - CVE-2025-5281: Inappropriate implementation in BFCache - CVE-2025-5283: Use after free in libvpx - CVE-2025-5067: Inappropriate implementation in Tab Strip Important SUSE bug 1243741 CVE-2025-5063 at SUSE CVE-2025-5063 at NVD CVE-2025-5064 at SUSE CVE-2025-5064 at NVD CVE-2025-5065 at SUSE CVE-2025-5065 at NVD CVE-2025-5066 at SUSE CVE-2025-5066 at NVD CVE-2025-5067 at SUSE CVE-2025-5067 at NVD CVE-2025-5280 at SUSE CVE-2025-5280 at NVD CVE-2025-5281 at SUSE CVE-2025-5281 at NVD CVE-2025-5283 at SUSE CVE-2025-5283 at NVD cpe:/o:opensuse:leap:15.6 Security update for syslog-ng (Moderate) openSUSE Leap 15.6 This update for syslog-ng fixes the following issues: - CVE-2024-47619: Fixed inproper certificate validation. (bsc#1242845) Moderate SUSE bug 1242845 CVE-2024-47619 at SUSE CVE-2024-47619 at NVD cpe:/o:opensuse:leap:15.6 Security update for rclone (Moderate) openSUSE Leap 15.6 This update for rclone fixes the following issues: Update to version 1.69.3: * build: update github.com/ebitengine/purego to work around bug in go1.24.3 * build: reapply update github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 to fix CVE-2025-30204 Update to version 1.69.2: - Bug fixes - accounting: Fix percentDiff calculation -- (Anagh Kumar Baranwal) - build - Update github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 to fix CVE-2025-30204 (dependabot[bot]) - Update github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 to fix CVE-2025-30204 (dependabot[bot]) - Update golang.org/x/crypto to v0.35.0 to fix CVE-2025-22869 (Nick Craig-Wood) - Update golang.org/x/net from 0.36.0 to 0.38.0 to fix CVE-2025-22870 (dependabot[bot]) - Update golang.org/x/net to 0.36.0. to fix CVE-2025-22869 (dependabot[bot]) - Stop building with go < go1.23 as security updates forbade it (Nick Craig-Wood) - Fix docker plugin build (Anagh Kumar Baranwal) - cmd: Fix crash if rclone is invoked without any arguments (Janne Hellsten) - config: Read configuration passwords from stdin even when terminated with EOF (Samantha Bowen) - doc fixes (Andrew Kreimer, Danny Garside, eccoisle, Ed Craig-Wood, emyarod, jack, Jugal Kishore, Markus Gerstel, Michael Kebe, Nick Craig-Wood, simonmcnair, simwai, Zachary Vorhies) - fs: Fix corruption of SizeSuffix with 'B' suffix in config (eg --min-size) (Nick Craig-Wood) - lib/http: Fix race between Serve() and Shutdown() (Nick Craig-Wood) - object: Fix memory object out of bounds Seek (Nick Craig-Wood) - operations: Fix call fmt.Errorf with wrong err (alingse) - rc - Disable the metrics server when running rclone rc (hiddenmarten) - Fix debug/* commands not being available over unix sockets (Nick Craig-Wood) - serve nfs: Fix unlikely crash (Nick Craig-Wood) - stats: Fix the speed not getting updated after a pause in the processing (Anagh Kumar Baranwal) - sync - Fix cpu spinning when empty directory finding with leading slashes (Nick Craig-Wood) - Copy dir modtimes even when copyEmptySrcDirs is false (ll3006) - vfs - Fix directory cache serving stale data (Lorenz Brun) - Fix inefficient directory caching when directory reads are slow (huanghaojun) - Fix integration test failures (Nick Craig-Wood) - Drive - Metadata: fix error when setting copy-requires-writer-permission on a folder (Nick Craig-Wood) - Dropbox - Retry link without expiry (Dave Vasilevsky) - HTTP - Correct root if definitely pointing to a file (nielash) - Iclouddrive - Fix so created files are writable (Ben Alex) - Onedrive - Fix metadata ordering in permissions (Nick Craig-Wood) Update to version 1.69.1: * build: disable docker builds on PRs & add missing dockerfile changes * Added parallel docker builds and caching for go build in the container * docs: add FileLu as sponsors and tidy sponsor logos * vfs: fix the cache failing to upload symlinks when --links was specified * doc: add note on concurrency of rclone purge * s3: add latest Linode Object Storage endpoints * fix golangci-lint errors * bisync: fix listings missing concurrent modifications - fixes #8359 * lib/oauthutil: fix redirect URL mismatch errors - fixes #8351 * b2: fix 'fatal error: concurrent map writes' - fixes #8355 * serve nfs: update docs to note Windows is not supported - fixes #8352 * s3: add DigitalOcean regions SFO2, LON1, TOR1, BLR1 * onedrive: mark German (de) region as deprecated * s3: Added new storage class to magalu provider * vfs: close the change notify channel on Shutdown * docs: add OneDrive Impersonate instructions - fixes #5610 * docs: explain the stringArray flag parameter descriptor * iclouddrive: add notes on ADP and Missing PCS cookies - fixes #8310 * docs: fix typos found by codespell in docs and code comments * fs: fix confusing 'didn't find section in config file' error * vfs: fix race detected by race detector * docs: fix reference to serves3 setting disable_multipart_uploads which was renamed * docs: fix link to Rclone Serve S3 * serve s3: fix list objects encoding-type * doc: make man page well formed for whatis - fixes #7430 Update to version 1.69.0: https://rclone.org/changelog/#v1-69-0-2025-01-12 Rclone is using golang.org/x/net but was not affected to CVE-2024-45337 and CVE-2024-45338. * test_all: disable docker plugin tests * docs: fix typo * accounting: fix race stopping/starting the stats counter * docs: add github.com/icholy/gomajor to RELEASE for updating major versions * ftp: fix ls commands returning empty on 'Microsoft FTP Service' servers * s3: add docs on data integrity * webdav: make --webdav-auth-redirect to fix 401 unauthorized on redirect * rest: make auth preserving redirects an option * box: fix panic when decoding corrupted PEM from JWT file * size: make output compatible with -P * vfs: add remote name to vfs cache log messages - fixes #7952 * dropbox: fix return status when full to be fatal error * rc: add relative to vfs/queue-set-expiry * vfs: fix open files disappearing from directory listings * docker serve: parse all remaining mount and VFS options * smb: fix panic if stat fails * googlephotos: fix nil pointer crash on upload - fixes #8233 * iclouddrive: tweak docs * serve dlna: sort the directory entries by directories first then alphabetically by name * serve nfs: fix missing inode numbers which was messing up ls -laR * serve nfs: implement --nfs-cache-type symlink * azureblob,oracleobjectstorage,s3: quit multipart uploads if the context is cancelled * http: fix incorrect URLs with initial slash * build: update `github.com/shirou/gopsutil` to v4 * Replace Windows-specific NewLazyDLL with NewLazySystemDLL * lib/oauthutil: don't require token to exist for client credentials flow * fs/operations: make log messages consistent for mkdir/rmdir at INFO level * Add Francesco Frassinelli to contributors * smb: Add support for Kerberos authentication. * docs: smb: link to CloudSoda/go-smb2 fork * cloudinary: add cloudinary backend - fixes #7989 * operations: fix eventual consistency in TestParseSumFile test * Add TAKEI Yuya to contributors * docs: Remove Backblaze as a Platinum sponsor * docs: add RcloneView as silver sponsor * serve docker: fix incorrect GID assignment * serve s3: fix Last-Modified timestamp * Add ToM to contributors * Add Henry Lee to contributors * Add Louis Laureys to contributors * docs: filtering: mention feeding --files-from from standard input * docs: filtering: fix --include-from copypaste error * s3: rename glacier storage class to flexible retrieval * b2: add daysFromStartingToCancelingUnfinishedLargeFiles to backend lifecycle command * build: update golang.org/x/net to v0.33.0 to fix CVE-2024-45338 * azurefiles: fix missing x-ms-file-request-intent header * Add Thomas ten Cate to contributors * docs: Document --url and --unix-socket on the rc page * docs: link to the outstanding vfs symlinks issue * Add Yxxx to contributors * Add hayden.pan to contributors * docs: update pcloud doc to avoid puzzling token error when use remote rclone authorize * pikpak: add option to use original file links - fixes #8246 * rc/job: use mutex for adding listeners thread safety * docs: mention in serve tls options when value is path to file - fixes #8232 * build: update all dependencies * accounting: fix debug printing when debug wasn't set * Add Filipe Azevedo to contributors * fs: make --links flag global and add new --local-links and --vfs-links flag * vfs: add docs for -l/--links flag * nfsmount,serve nfs: introduce symlink support #2975 * mount2: introduce symlink support #2975 * mount: introduce symlink support #2975 * cmount: introduce symlink support #2975 * vfstest: make VFS test suite support symlinks * vfs: add symlink support to VFS * vfs: add ELOOP error * vfs: Add link permissions * vfs: Add VFS --links command line switch * vfs: add vfs.WriteFile to match os.WriteFile * fs: Move link suffix to fs * cmount: fix problems noticed by linter * mount2: Fix missing . and .. entries * sftp: fix nil check when using auth proxy * Add Martin Hassack to contributors * serve sftp: resolve CVE-2024-45337 * googlecloudstorage: typo fix in docs * onedrive: add support for OAuth client credential flow - fixes #6197 * lib/oauthutil: add support for OAuth client credential flow * lib/oauthutil: return error messages from the oauth process better * bin/test_backend_sizes.py fix compile flags and s3 reporting * test makefiles: add --flat flag for making directories with many entries * Add divinity76 to contributors * Add Ilias Ozgur Can Leonard to contributors * Add remygrandin to contributors * Add Michael R. Davis to contributors * cmd/mountlib: better snap mount error message * vfs: with --vfs-used-is-size value is calculated and then thrown away - fixes #8220 * serve sftp: fix loading of authorized keys file with comment on last line - fixes #8227 * oracleobjectstorage: make specifying compartmentid optional * plcoud: fix failing large file uploads - fixes #8147 * docs: add docker volume plugin troubleshooting steps * docs: fix missing `state` parameter in `/auth` link in instructions * build: fix build failure on ubuntu * docs: upgrade fontawesome to v6 * s3: fix multitenant multipart uploads with CEPH * Add David Seifert to contributors * Add vintagefuture to contributors * use better docs * googlecloudstorage: update docs on service account access tokens * test_all: POSIX head/tail invocations * icloud: Added note about app specific password not working * s3: fix download of compressed files from Cloudflare R2 - fixes #8137 * s3: fix testing tiers which don't exist except on AWS * Changelog updates from Version v1.68.2 * local: fix permission and ownership on symlinks with --links and --metadata * Revert 'Merge commit from fork' * Add Dimitrios Slamaris to contributors * Merge commit from fork * onedrive: fix integration tests after precision change * operations: fix TestRemoveExisting on crypt backends by shortening the file name * bisync: fix output capture restoring the wrong output for logrus * serve sftp: update github.com/pkg/sftp to v1.13.7 and fix deadlock in tests * build: fix comments after golangci-lint upgrade * build: update all dependencies * build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 * pikpak: fix fatal crash on startup with token that can't be refreshed * yandex: fix server side copying over existing object * sugarsync: fix server side copying over existing object * putio: fix server side copying over existing object * onedrive: fix server side copying over existing object * dropbox: fix server side copying over existing object * operations: add RemoveExisting to safely remove an existing file * gofile: fix server side copying over existing object * test_all: try to fix mailru rate limits in integration tests * Add shenpengfeng to contributors * Add Dimitar Ivanov to contributors * docs: fix function name in comment * sftp: allow inline ssh public certificate for sftp * serve s3: fix excess locking which was making serve s3 single threaded * lib/oauthutil: allow the browser opening function to be overridden * Add Moises Lima to contributors * lib/http: disable automatic authentication skipping for unix sockets * onedrive: fix Retry-After handling to look at 503 errors also * s3: Storj provider: fix server-side copy of files bigger than 5GB * s3: add Selectel as a provider * fs: fix Don't know how to set key 'chunkSize' on upload errors in tests * drive: implement rclone backend rescue to rescue orphaned files * Add tgfisher to contributors * Add Diego Monti to contributors * Add Randy Bush to contributors * Add Alexandre Hamez to contributors * Add Simon Bos to contributors * docs: mention that inline comments are not supported in a filter-file * s3: add Wasabi eu-south-1 region * docs: fix forward refs in step 9 of using your own client id * docs: fix Scaleway Glacier website URL * dlna: fix loggingResponseWriter disregarding log level * build: remove required property on boolean inputs * build: use inputs context in github workflow * s3: fix crash when using --s3-download-url after migration to SDKv2 * docs: update overview to show pcloud can set modtime * Add Andr? Tran to contributors * Add Matthias Gatto to contributors * Add lostb1t to contributors * Add Noam Ross to contributors * Add Benjamin Legrand to contributors * s3: add Outscale provider * Add ICloud Drive backend * drive: add support for markdown format * accounting: fix global error acounting * onedrive: fix time precision for OneDrive personal * Add RcloneView as a sponsor * Add Leandro Piccilli to contributors * cache: skip bisync tests * bisync: allow blank hashes on tests * box: fix server-side copying a file over existing dst - fixes #3511 * sync: add tests for copying/moving a file over itself * fs/cache: fix parent not getting pinned when remote is a file * gcs: add access token auth with --gcs-access-token * accounting: write the current bwlimit to the log on SIGUSR2 * accounting: fix wrong message on SIGUSR2 to enable/disable bwlimit * gphotos: implment --gphotos-proxy to allow download of full resolution media * googlephotos: remove noisy debugging statements * docs: add note to CONTRIBUTING that the overview needs editing in 2 places * test_all: add ignoretests parameter for skipping certain tests * build: replace 'golang.org/x/exp/slices' with 'slices' now go1.21 is required * Changelog updates from Version v1.68.1 * Makefile: Fail when doc recipes create dir named '$HOME' * Makefile: Prevent `doc` recipe from creating dir named '$HOME' * pikpak: fix cid/gcid calculations for fs.OverrideRemote * bisync: change exit code from 2 to 7 for critically aborted run * cmd: change exit code from 1 to 2 for syntax and usage errors * local: fix --copy-links on macOS when cloning * azureblob: add --azureblob-use-az to force the use of the Azure CLI for auth * azureblob: add --azureblob-disable-instance-discovery * s3: add initial --s3-directory-bucket to support AWS Directory Buckets * Add Lawrence Murray to contributors * backend/protondrive: improve performance of Proton Drive backend * ftp: implement --ftp-no-check-upload to allow upload to write only dirs * docs: document that fusermount3 may be needed when mounting/unmounting * Add rishi.sridhar to contributors * Add quiescens to contributors * docs/zoho: update options * zoho: make upload cutoff configurable * zoho: add support for private spaces * zoho: try to handle rate limits a bit better * zoho: print clear error message when missing oauth scope * zoho: switch to large file upload API for larger files, fix missing URL encoding of filenames for the upload API * zoho: use download server to accelerate downloads * opendrive: add about support to backend * pikpak: fix login issue where token retrieval fails * webdav: nextcloud: implement backoff and retry for 423 LOCKED errors * s3: fix rclone ignoring static credentials when env_auth=true * fs: fix setting stringArray config values from environment variables * rc: fix default value of --metrics-addr * fs: fix --dump filters not always appearing * docs: correct notes on docker manual build * Add ttionya to contributors * build: fix docker release build - fixes #8062 * docs: add section for improving performance for s3 * onedrive: fix spurious 'Couldn't decode error response: EOF' DEBUG * Add Divyam to contributors * serve docker: add missing vfs-read-chunk-streams option in docker volume driver Update to version 1.68.2: * s3: fix multitenant multipart uploads with CEPH * local: fix permission and ownership on symlinks with --links and --metadata CVE-2024-52522 boo#1233422 * bisync: fix output capture restoring the wrong output for logrus * build: fix comments after golangci-lint upgrade * build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 * pikpak: fix fatal crash on startup with token that can't be refreshed * serve s3: fix excess locking which was making serve s3 single threaded * onedrive: fix Retry-After handling to look at 503 errors also * s3: Storj provider: fix server-side copy of files bigger than 5GB * docs: mention that inline comments are not supported in a filter-file * docs: fix forward refs in step 9 of using your own client id * docs: fix Scaleway Glacier website URL * dlna: fix loggingResponseWriter disregarding log level * s3: fix crash when using --s3-download-url after migration to SDKv2 * docs: update overview to show pcloud can set modtime * Add RcloneView as a sponsor * accounting: fix wrong message on SIGUSR2 to enable/disable bwlimit * pikpak: fix cid/gcid calculations for fs.OverrideRemote * local: fix --copy-links on macOS when cloning - jwt updated to v4.5.1 which contains the fix for CVE-2024-51744 (boo#1232964). Update to version 1.68.1: * docs: document that fusermount3 may be needed when mounting/unmounting * pikpak: fix login issue where token retrieval fails * s3: fix rclone ignoring static credentials when env_auth=true * fs: fix setting stringArray config values from environment variables * rc: fix default value of --metrics-addr * fs: fix --dump filters not always appearing * docs: correct notes on docker manual build * build: fix docker release build - fixes #8062 * docs: add section for improving performance for s3 * onedrive: fix spurious 'Couldn't decode error response: EOF' DEBUG * serve docker: add missing vfs-read-chunk-streams option in docker volume driver Update to version 1.68.0: * gofile: fix failed downloads on newly uploaded objects * gofile: fix Move a file * test_all: mark linkbox fs/sync test TestSyncOverlapWithFilter as ignore * jottacloud: fix setting of metadata on server side move - fixes #7900 * docs: group the different options affecting lsjson output * fichier: fix server side move - fixes #7856 * fichier: Fix detection of Flood Detected error * rc: add vfs/queue-set-expiry to adjust expiry of items in the VFS queue * rc: add vfs/queue to show the status of the upload queue * vfs: keep a record of the file size in the writeback queue * build: fix gocritic change missed in merge * Add Oleg Kunitsyn to contributors * Add fsantagostinobietti to contributors * Add Mathieu Moreau to contributors * lib/sd-activation: wrap coreos/go-systemd * sftp: support listening on passed FDs * http: fix addr CLI arg help text * http: support listening on passed FDs * build: fix build after update * build: update logging statements to make json log work - fixes #6038 * build: update custom linting rule for log to suggest new non-format functions * fs: add non-format variants of log functions to avoid non-constant format string warnings * fs: add log Printf, Fatalf and Panicf * fs: refactor base log method name for improved consistency * fs: refactor log statements to use common helper * build: enable custom linting rules with ruleguard via gocritic * rcserver: implement prometheus metrics on a dedicated port - fixes #7940 * swift: add total/free space info in about command. * docs: filtering: added Byte unit for min/max-size parameters. * config encryption: set, remove and check to manage config file encryption #7859 * config: use --password-command to set config file password if supplied * config: factor --password-command code into its own function #7859 * Add yuval-cloudinary to contributors * Add nipil to contributors * documentation: add cheatsheet for configuration encryption * docs: more secure two-step signature and hash validation * serve nfs: unify the nfs library logging with rclone's logging better * serve nfs: fix incorrect user id and group id exported to NFS #7973 * zoho: fix inefficiencies uploading with new API to avoid throttling * Add crystalstall to contributors * docs: fix some function names in comments * lib/file: use builtin MkdirAll with go1.22 instead of our own custom version for windows * docs: document that paths using volume guids are supported * s3: fix accounting for mulpart transfers after migration to SDKv2 #4989 * yandex: implement custom user agent to help with upload speeds * operations: copy: generate stable partial suffix * docs: add missing sftp providers to README and main docs page - fixes #8038 * nfsmount: fix stale handle problem after converting options to new style * docs: mark flags.md as auto generated so contributors don't edit it * Add Pawel Palucha to contributors * Add John Oxley to contributors * Add Georg Welzel to contributors * Add P?ter Bozs? to contributors * Add Sam Harrison to contributors * s3: allow restoring from intelligent-tiering storage class * bisync: don't convert modtime precision in listings - fixes #8025 * build: rename Unknwon/goconfig to unknwon/goconfig * backend: pcloud: Implement OpenWriterAt feature * backend: pcloud: implement SetModTime - Fixes #7896 * filescom: don't make an extra fetch call on each item in a list response * local: fix incorrect conversion between integer types * local: fix incorrect conversion between integer types * docs: make tardigrade page auto redirect to storj page * docs: update backend config samples * config: fix size computation for allocation may overflow * lib: fix incorrect conversion between integer types * serve docker: fix incorrect conversion between integer types * local: fix incorrect conversion between integer types * s3: fix incorrect conversion between integer types * s3: fix potentially unsafe quoting issue * dropbox: fix potentially unsafe quoting issue * refactor: replace min/max helpers with built-in min/max * go.mod: update storj.io/uplink to latest release * docs: update ssh tunnel example * docs: update rclone authorize section * docs: fix command highlight * docs: fix alignment of some of the icons in the storage system dropdown * docs: mark filescom as supporting link sharing * build: enable gocritic linter * build: ignore remaining gocritic lint issues * build: fix gocritic lint issue unlambda * build: fix gocritic lint issue dupbranchbody * build: fix gocritic lint issue sloppylen * build: fix gocritic lint issue wrapperfunc * build: fix gocritic lint issue elseif * build: fix gocritic lint issue underef * build: fix gocritic lint issue valswap * build: fix gocritic lint issue assignop * build: fix gocritic lint issue unslice * dlna: document external subtitle feature * dlna: set more correct mime type * dlna: don't swallow video.{idx,sub} * dlna: add cds_test.go * dlna: also look at 'Subs' subdirectory * chore: add childish-sambino as filescom maintainer * Make filtering rules for help and listremotes more lenient * help: cleanup template syntax (consistent whitespace) * help: avoid empty additional help topics header * help: make help command output less distracting * docs: consistent newline of first line in command output * filescom: add Files.com backend * fstests: attempt to fix flaky serve s3 test * docs: move the link to global flags page to the main options header * docs: make command group options subsections of main options * docs: stop shouting the SEE ALSO header * docs: fix the rclone root command header levels * docs: make the see also section header consistent and listed in toc of command pages * local: --local-no-clone flag to disable cloning for server-side copies * local: support setting custom --metadata during server-side Copy * local: add server-side copy with xattrs on macOS (part-fix #1710) * docs: add automatic alias redirects for command pages * cmd/rc: add --unix-socket option * webdav: add --webdav-unix-socket-path to connect to a unix socket * serve nfs: implement on disk cache for file handles * serve nfs: factor caching to its own file * serve nfs: update github.com/willscott/go-nfs to latest * serve nfs: store billy FS in the Handler * serve nfs: mask unimplemented error from chmod * serve nfs: add tracing to filesystem calls * serve nfs: rename types and methods which should be internal * nfsmount: require --vfs-cache-mode writes or above in tests * nfsmount: allow tests to run on any unix where sudo mount/umount works * nfsmount: make the --sudo flag work for umount as well as mount * nfsmount: add tcp option to NFS mount options to fix mounting under Linux * build: install NFS client libraries to allow nfsmount tests to run * vfstest: fix crash if open failed * Implement Gofile backend - fixes #4632 * lib/encoder: add Exclamation mark encoding * chunkedreader: add --vfs-read-chunk-streams to parallel read chunks * accounting: fix race detected by the race detector * pool: Add ability to wait for a write to RW * pool: Make RW thread safe so can read and write at the same time * multipart: make pool buffer size public * Add Fornax to contributors * build: use go1.23 for the linter * build: fix govet lint errors with golangci-lint v1.60.1 * build: bisync: fix govet lint errors with golangci-lint v1.60.1 * build: fix staticcheck lint errors with golangci-lint v1.60.1 * build: fix gosimple lint errors with golangci-lint v1.60.1 * drive: fix copying Google Docs to a backend which only supports SHA1 * drive: update docs on creating admin service accounts * Add pixeldrain backend * docs: add comment how to reduce rclone binary size (#8000) * Make listremotes long output backwards compatible - fixes #7995 * test_backend_sizes.py calculates space in the binary each backend uses #7998 * listremotes: added options for filtering, ordering and json output * config: make getting config values more consistent * config: make listing of remotes more consistent * config: avoid remote with empty name from environment * help: global flags help command extended filtering * help: global flags help command now takes glob filter * filter: add options for glob to regexp without anchors and special path rules * docs: remove old genautocomplete command docs and add as alias from the newer completion command * docs: replace references to genautocomplete with the new name completion * serve s3: update to AWS SDKv2 by updating github.com/rclone/gofakes3 * s3: fix SSE-C after SDKv2 change * pikpak: update to using AWS SDK v2 #4989 * s3: fix Cloudflare R2 integration tests after SDKv2 update #4989 * s3: add --s3-sdk-log-mode to control SDK debugging * s3: fix GCS provider after SDKv2 update #4989 * s3: update to using AWS SDK v2 - fixes #4989 * fstest: implement method to skip ChunkedCopy tests * build: disable wasm/js build due to go bug * Add @dmcardle as gitannex maintainer * docs: s3: add section on using too much memory #7974 * docs: link the workaround for big directory syncs in the FAQ #7974 * Add David Seifert to contributors * Add Will Miles to contributors * Add Ernie Hershey to contributors * docs: rc: fix correct _path to _root in on the fly backend docs * fs/http: reload client certificates on expiry * docs: clarify hasher operation * docs: fix typo in batcher docs for dropbox and googlephotos * b2: update versions documentation - fixes #7878 * s3: document need to set force_path_style for buckets with invalid DNS names * ncdu: document that excludes are not shown - fixes #6087 * sftp: clarify the docs for key_pem - fixes #7921 * serve ftp: fix failed startup due to config changes * docs: add Route4Me as a sponsor * pikpak: correct file transfer progress for uploads by hash * fs: fix --use-json-log and -vv after config reorganization * Add Tobias Markus to contributors * ulozto: fix upload of > 2GB files on 32 bit platforms - fixes #7960 * lib/mmap: fix lint error on deprecated reflect.SliceHeader * lib/http: fix tests after go1.23 update * rc: fix tests after go1.23 upgrade * build: use go1.22 for the linter to fix excess memory usage * build: update all dependencies * build: update to go1.23rc1 and make go1.21 the minimum required version * Add AThePeanut4 to contributors * systemd: prevent unmount rc command from sending a STOPPING=1 sd-notify message * azureblob: allow anonymous access for public resources * Add Ke Wang to contributors * Add itsHenry to contributors * Add Tomasz Melcer to contributors * Add Paul Collins to contributors * Add Russ Bubley to contributors * serve s3: implement `--auth-proxy` * fs: Allow semicolons as well as spaces in --bwlimit timetable parsing - fixes #7595 * pikpak: optimize upload by pre-fetching gcid from API * rc: add option blocks parameter to options/get and options/info * chore(deps): update github.com/rclone/gofakes3 * fstest: fix compile after merge * local: fix encoding of root path fix #7824 Statements like rclone copy <somewhere> . will spontaneously miss if . expands to a path with a Full Width replacement character. This is due to the incorrect order in which relative paths and decoding were handled in the original implementation. * vfs: fix cache encoding with special characters - #7760 * docs: correct description of encoding None and add Raw. * lib/encoder: add EncodeRaw * pikpak: non-buffered hash calculation for local source files * b2: Include custom upload headers in large file info - fixes #7744 * chore(deps): update github.com/rclone/gofakes3 * fs/test: fix erratic test * fs: make sure we load the options defaults to start with * fs: fix the defaults overriding the actual config * rc: add options/info call to enumerate options * fs: convert main options to new config system * accounting: fix creating of global stats ignoring the config * filter: convert options to new style * filter: rename Opt to Options for consistency * rc: convert options to new style * lib/http: convert options to new style * log: convert options to new style * serve sftp: convert options to new style * serve nfs: convert options to new style * serve ftp: convert options to new style * serve dlna: convert options to new style * cmd/mountlib: convert mount options to new style * vfs: convert vfs options to new style * vfs: convert time.Duration option to fs.Duration * cmd/mountlib: convert time.Duration option to fs.Duration * configstruct: skip items with `config:'-'` * configstruct: allow parsing of []string encoded as JSON * configstruct: make nested config structs work * configstruct: fix parsing of invalid booleans in the config * fs: check the names and types of the options blocks are correct * fs: make Flagger and FlaggerNP interfaces public so we can test flags elsewhere * fs: add Options registry and rework rc to use it * fs: allow []string to work in Options * flags: factor AddFlagsFromOptions from cmd * fs: add Groups and FieldName to Option * fs: refactor fs.ConfigMap to take a prefix and Options rather than an fs.RegInfo * sftp: ignore errors when closing the connection pool * sftp: use uint32 for mtime * pikpak: optimize file move by removing unnecessary `readMetaData()` call * pikpak: fix error with `copyto` command * swift: add workarounds for bad listings in Ceph RGW * sftp: fix docs on connections not to refer to concurrency * docs: remove warp as silver sponsor * onedrive: fix nil pointer error when uploading small files * vfs: fix fatal error: sync: unlock of unlocked mutex in panics * Add Filipe Herculano to contributors * Add Thearas to contributors * pikpak: implement custom hash to replace wrong sha1 * pikpak: improves data consistency by ensuring async tasks complete * build(deps): bump docker/build-push-action from 5 to 6 * s3: fix incorrect region for Magalu provider * docs: recommend `no_check_bucket = true` for Alibaba - fixes #7889 * docs: tidy .gitignore for docs * docs: fix hugo warning: found no layout file for 'html' for kind 'term' * docs: remove slug and url from command pages since they are no longer needed * docs: fix hugo warning: found no layout file for 'html' for kind 'section' * serve dlna: fix panic: invalid argument to Int63n Update to version 1.67.0: * s3: fix 405 error on HEAD for delete marker with versionId * gitannex: make tests run more quietly - use go test -v for more info * jottacloud: set metadata on server side copy and move - fixes #7900 * qingstor: disable integration tests as test account suspended * operations: add operations.ReadFile to read the contents of a file into memory * fs: make ConfigFs take an fs.Info which makes it more useful * touch: fix using -R on certain backends * serve s3: fix XML of error message * fs/logger: make the tests deterministic * zoho: sleep for 60 seconds if rate limit error received * zoho: remove simple file names complication which is no longer needed * zoho: retry reading info if size wasn't returned * zoho: fix throttling problem when uploading files * zoho: use cursor listing for improved performance * operations: fix hashing problem in integration tests * Add Bill Fraser to contributors * Add Florian Klink to contributors * Add Michał Dzienisiewicz to contributors * build(deps): bump github.com/Azure/azure-sdk-for-go/sdk/azidentity * pikpak: implement configurable chunk size for multipart upload * docs: added info about --progress terminal width * pikpak: remove PublicLink from integration tests * onedrive: add --onedrive-hard-delete to permanently delete files * dropbox: add option to override root namespace * tree-wide: replace /bin/bash with /usr/bin/env bash * protondrive: don't auth with an empty access token * serve s3: fix in-memory metadata storing wrong modtime * vfs: fix renaming a directory * fstest: make RandomRemoteName shorter * googlephotos: remove unnecessary nil check * s3, googlecloudstorage, azureblob: fix encoding issue with dir path comparison * sync: don't test reading metadata if we can't write it * linkbox: ignore TestListDirSorted test until encoding is implemented * Add Tomasz Melcer to contributors * pikpak: improve upload reliability and resolve potential file conflicts * sftp: --sftp-connections to limit maximum number of connections * ulozto: fix panic in various integration tests * swift: fix integration tester with use_segments_container=false * drive: fix tests for backend query command * mailru: attempt to fix throttling by decreasing min sleep to 100ms * sync: fix expecting SFTP to have MkdirMetadata method: optional feature not implemented * operations: fix incorrect modtime on some multipart transfers * sync: fix tests on backends which can't have empty directories * cache: fix tests when testing for Object.SetMetadata * Add Charles Hamilton to contributors * Add Thomas Schneider to contributors * Add Bruno Fernandes to contributors * windows: make rclone work with SeBackupPrivilege and/or SeRestorePrivilege * cmd/gitannex: Update command docs * cmd/gitannex: Support synonyms of config values * S3: Ceph Backend use already exist changed to true (now tested) - fixes #7871 * s3: Add Magalu S3 Object Storage as provider * config: fix default value for description * b2: update URLs to new home * Add yumeiyin to contributors * serve dlna: make BrowseMetadata more compliant - fixes #7883 * Fix new lint issues reported by golangci-lint v1.59.0 * docs: fix some comments * build: update all dependencies * drive: debug when we are ignoring permissions #7853 * Add Dominik Joe Pantůček to contributors * docs: crypt: fix incorrect terminology * operations: rework rcat so that it doesn't call the --metadata-mapper twice * operations: ensure SrcFsType is set correctly when using --metadata-mapper * onedrive: allow setting permissions to fail if failok flag is set * Add Evan McBeth to contributors * docs: improve readability in faq * fs: fix panic when using --metadata-mapper on large google doc files * Add JT Olio to contributors * Add overallteach to contributors * go.mod: update storj.io/uplink to latest release * chore: fix function name in comment * build: update issue label notification machinery * operations: fix missing metadata for multipart transfers to local disk * local: implement Object.SetMetadata * fs: define the optional interface SetMetadata and implement it in wrapping backends * drive: allow setting metadata to fail if failok flag is set * cmd/gitannex: When tags do not match, run e2e tests anyway * build: Inject rclone version tag when testing * cmd/gitannex: Remove assumption in e2e test version check * .github/workflows: Install git-annex-remote-rclone on Linux and macOS * cmd/gitannex: Add TestEndToEndMigration tests * cmd/gitannex: Describe new rclonelayout config in help * cmd/gitannex: Drop chdir from e2e tests * cmd/gitannex: Repeat TestEndToEnd for all layout modes * cmd/gitannex: Refactor e2e tests, add layout compat tests * cmd/gitannex: Add support for different layouts * cmd/gitannex: Simplify messageParser's finalParameter() func * chunker: fix `finalizer already set` error * mailru: use --tpslimit 10 on bisync tests * bisync: ignore 'Implicitly create directory' messages on tests * quatrix: fix f.String() not including subpath * operations: fix lsjson --encrypted when using --crypt-XXX parameters * Add Sunny to contributors * Add Michael Terry to contributors * serve http: added content-length header when html directory is served * docs: minor formatting improvement * oauthutil: clear client secret if client ID is set * drive: fix description being overwritten on server side moves * bump golangci/golangci-lint-action from 4 to 6 * onedrive: add support for group permissions * onedrive: fix references to deprecated permissions properties * onedrive: skip writing permissions with 'owner' role * build: add issue label notification machinery * union: fix deleting dirs when all remotes can't have empty dirs * pikpak: improve getFile() usage * docs: exit code 9 requires --error-on-no-transfer * ulozto: Fix handling of root paths with leading / trailing slashes. * fstest: reduce precision of directory time checks on CI * sync: remove now superfluous copyEmptyDirectories function * sync: fix failed to update directory timestamp or metadata: directory not found * sync: fix directory modification times not being set * sync: don't need to sync directories if they haven't been modified * sync: fix creation of empty directories when --create-empty-src-dirs=false * sync: fix management of empty directories to make it more accurate * drive: be more explicit in debug when setting permissions fail * onedrive,drive: make errors setting permissions into no retry errors * docs: add Backblaze as a sponsor * storj: update bio on request * docs: note that newer linux kernel version is required for ARMv5 * build: migrate bucket storage for the project to new provider * Add hidewrong to contributors * swift: implement --swift-use-segments-container to allow >5G files on Blomp * random: update Password docs * build: add linting for different values of GOOS * build: fix linting issues reported by running golangci-lint with different GOOS * build: fix linting issues reported by golangci-lint on windows * log: fix lint issue SA1019: syscall.Syscall has been deprecated since Go 1.18: Use SyscallN instead. * build: run go mod tidy * backend http: Adding no-escape flag for option to not escape URL metacharacters in path names - fixes issue #7637 * bisync: avoid starting tests we don't have time to finish * bisync: skip test if config string contains a space * fs accounting: Add deleted files total size to status summary line - fixes issue #7190 * build: remove build constraint syntax for go 1.16 and older * build: remove separate go module cache step as its done by setup-go * Convert source files with crlf to lf * fix spelling * bisync: make session path even shorter on tests * build: make integration tests run better on macOS and Windows * docs: fix heading anchor * Add pawsey-kbuckley to contributors * Add Katia Esposito to contributors * lsjson: small docs change to clarify options * genautocomplete: remove Ubuntu-ism from docs and clarify non-root use * docs: fix macOS install from source link * ncdu: Do not quit on Esc * fix: test_all re-running too much stuff * Add Dave Nicolson to contributors * Add Butanediol to contributors * Add yudrywet to contributors * docs: Add left and right padding to prevent icon truncation * serve s3: fix Last-Modified header format * chore: fix function names in comment * onedrive: set all metadata permissions and return error summary * fs rc: fixes incorrect Content-Type in HTTP API - fixes #7726 * operations: fix move when dst is nil and fdst is case-insensitive * sync: fix case normalisation on s3 * operations: fix retries downloading too much data with certain backends * operations: add more assertions to ReOpen tests to check seek positions * Add static-moonlight to contributors * doc: add example how to run serve s3 * serve s3: adjust to move of Mikubill/gofakes3 to rclone/gofakes3 * Add guangwu to contributors * Add jakzoe to contributors * Add go mod and sum to gitattributes for consistent line endings * bisync: rename extended_char_paths test * chunker: fix case-insensitive comparison on local without metadata * chunker: fix NewFs when root points to composite multi-chunk file without metadata * bisync: more fixes for integration tests * bisync: fix endless loop if lockfile decoder errors * bisync: make tempDir path shorter * fix: close cpu profile * docs: fix typo in filtering.md * drive: set all metadata permissions and return error summary * crypt: fix max suggested length of filenames * bisync: fix io.PipeWriter not getting closed on tests * pikpak: fix a typo in a comment * docs: ensure empty line between text and a following heading * .github/workflows: Upgrade deprecated macos-11 to macos-latest * cmd/gitannex: Downgrade to protocol version 1 * cmd/gitannex: Replace e2e test script with Go test * docs: clarify option syntax * build: fix CVE-2023-45288 by upgrading golang.org/x/net * ulozto: remove use of github.com/pkg/errors * Add Pieter van Oostrum to contributors * docs: fix MANUAL formatting problems * backend koofr: remove trailing bracket - fixes #7600 * webdav: fix SetModTime erasing checksums on owncloud and nextcloud * bisync: use fstest.RandomRemote on tests * hdfs: fix f.String() not including subpath * local: disable unreliable test * docs: update warp sponsorship * copy: fix nil pointer dereference when corrupted on transfer with nil dst * Add Erisa A to contributors * Add yoelvini to contributors * Add Alexandre Lavigne to contributors * test info: improve cleanup of temp files - fixes #7209 * onedrive: fix --metadata-mapper called twice if writing permissions * b2: Add tests for new `cleanup` and `cleanup-hidden` backend commands. * rcserver: set `ModTime` for dirs and files served by `--rc-serve` * docs: Add R2 note about no_check_bucket * s3: add new AWS region il-central-1 Tel Aviv * bisync: more fixes for integration tests * s3: update Scaleway's configuration options - fixes #7507 * bisync: several fixes for integration tests * ulozto: make password config item be obscured * operations: fix very long file names when using copy with --partial * Add Warrentheo to contributors * Add Alex Garel to contributors * onedrive: fix typo * config: show more user friendly names of custom types in ui * config: add ending period on description option help text * docs: add an indication in case of recursive shortcuts in drive * ulozto: implement Mover and DirMover interfaces. * ulozto: revert the temporary file size limitations * ulozto: set Content-Length header if the file size is known. * local: fix and update -l docs * serve webdav: fix webdav with --baseurl under Windows * memory: fix incorrect list entries when rooted at subdirectory * memory: fix deadlock in operations.Purge * bisync: add to integration tests - fixes #7665 * memory: fix dst mutating src after server-side copy * mount,cmount,mount2: add --direct-io flag to force uncached access * vfs: fix download loop when file size shrunk * local: add --local-time-type to use mtime/atime/btime/ctime as the time * Add psychopatt to contributors * docs: remove email from authors * rc: fix stats groups being ignored in operations/check * drive: fix server side copy with metadata from my drive to shared drive * drive: stop sending notification emails when setting permissions * Add iotmaestro to contributors * Add Vitaly to contributors * Add hoyho to contributors * Add Lewis Hook to contributors * Add a new backend for uloz.to * cmd/gitannex: Add the gitannex subcommand * linkbox: fix list paging and optimized synchronization. * linkbox: fix working with names longer than 8-25 Unicode chars. * b2: Add new `cleanup` and `cleanup-hidden` backend commands. * s3: validate CopyCutoff size before copy * Improve error messages when objects have been corrupted on transfer - fixes #5268 * onedrive: fix 'unauthenticated: Unauthenticated' errors when downloading * lib/rest: Add Client.Do function to call http.Client.Do * lib/rest: add CheckRedirect function for redirect management * operations: Fix 'optional feature not implemented' error with a crypted sftp * Add Kyle Reynolds to contributors * Add YukiUnHappy to contributors * Add Gachoud Philippe to contributors * Add racerole to contributors * Add John-Paul Smith to contributors * onedrive: make server-side copy to work in more scenarios * docs: Proton Drive, correct typo * docs: drive: corrected relative path of scopes to absolute * docs: clarify `shell_type = none` and `ssh = ` behaviour * fs: improve JSON Unmarshalling for Duration * docs: remove repeated words * owncloud: add config owncloud_exclude_mounts which allows to exclude mounted folders when listing remote resources * drive: backend query command Update to version 1.66.0: * Directory modification times and metadata synced for supported backends * Many updates to bisync command options, operation and presentation * Description field added for all backends * amazonclouddrive: remove backend * build: Update to go1.22, go1.20 is minimum required * build: CVE-2024-24786 addressed via protobuf upgrade * check: Respect --no-unicode-normalization and --ignore-case-sync for --checkfile * cmd: Improved shell auto completion reduces size of the completion file and works faster * fs: Add more detailed logging for file includes/excludes * lsf: Add --time-format flag, make metadata appear for directories * lsjson: Make metadata appear for directories (Nick Craig-Wood) * rc: Add srcFs and dstFs to core/stats and core/transferred stats, * rc: Add operations/hashsum to the rc as rclone hashsum equivalent, * rc: Add config/paths to the rc as rclone config paths equivalent * sync: Optionally report list of synced paths to file * sync: Implement directory sync for mod times and metadata * sync: Don't set directory modtimes if already set * sync: Don't sync directory modtimes from backends which don't have directories * backend: Make backends which use oauth implement the Shutdown and shutdown the oauth properly * bisync: Handle unicode and case normalization consistently * bisync: Partial uploads known issue on local/ftp/sftp has been resolved (unless using --inplace) * bisync: Fixed handling of unicode normalization and case insensitivity, support for relevant flags * bisync: No longer fails to find the correct listing file when configs are overridden with backend-specific flags * nfsmount: Fix exit after external unmount, fix --volname being ignored * operations: Fix case-insensitive moves in operations.Move * operations: Fix TestCaseInsensitiveMoveFileDryRun on chunker integration tests * operations: Fix TestMkdirModTime test * operations: Fix TestSetDirModTime for backends with SetDirModTime but not Metadata * operations: Fix typo in log messages * serve restic: Fix error handling * serve webdav: Fix --baseurl without leading / * stats: Fix race between ResetCounters and stopAverageLoop called from time.AfterFunc * sync: --fix-case flag to rename case insensitive dest * sync: Use operations.DirMove instead of sync.MoveDir for --fix-case * systemd: Fix detection and switch to the coreos package everywhere rather than having 2 separate libraries * mount: Notice daemon dying much quicker * Numerous backend-specific updates detailed at https://rclone.org/changelog/#v1-66-0-2024-03-10 - Update to version 1.65.2: * Version v1.65.2 * azureblob: fix data corruption bug #7590 * build: add -race flag to integration tester test_all * docs: add bisync to index * build(deps): bump actions/cache from 3 to 4 * add missing backtick * docs: add rclone OS requirements * imagekit: updated overview - supported operations * imagekit: Updated docs and web content * docs: add warp.dev sponsorship to github home page * docs: add warp.dev as a sponsor * docs: update website footer * vfs: fix stale data when using --vfs-cache-mode full * build(deps): bump github.com/cloudflare/circl from 1.3.6 to 1.3.7 Update to version 1.65.1: * docs: Fix broken test_proxy.py link again * operations: fix files moved by rclone move not being counted as transfers * accounting: fix stats to show server side transfers * onedrive: fix 'unauthenticated: Unauthenticated' errors when uploading * Revert 'mount: fix macOS not noticing errors with --daemon' * s3: fix crash if no UploadId in multipart upload * serve s3: fix listing oddities * protondrive: fix CVE-2023-45286 / GHSA-xwh9-gc39-5298 * build: fix docker build on arm/v6 * build(deps): bump golang.org/x/crypto to fix ssh terrapin CVE-2023-48795 * oauthutil: avoid panic when `*token` and `*ts.token` are the same * ftp: fix multi-thread copy * googlephotos: fix nil pointer exception when batch failed * hasher: fix invalid memory address error when MaxAge == 0 * docs/librclone: the newer and recommended ucrt64 subsystem of msys2 can now be used for building on windows * docs: fix broken link in serve webdav * azure-files: fix storage base url * oracle object storage: fix object storage endpoint for custom endpoints * chunker,compress,crypt,hasher,union: fix rclone move a file over itself deleting the file * docs: fix broken link * dropbox: fix used space on dropbox team accounts * vfs: note that --vfs-refresh runs in the background #6830 * docs: update contributor email * build(deps): bump actions/setup-go from 4 to 5 * Doc change: Add the CreateBucket permission requirement for AWS S3 * nfsmount: compile for all unix oses, add --sudo and fix error/option handling * serve nfs: Mark as experimental * onedrive: fix error listing: unknown object type <nil> * docs: fix typo in docs.md * multipart copy create bucket if it doesn't exist. * smb: fix shares not listed by updating go-smb2 * mount: fix macOS not noticing errors with --daemon * install.sh: fix harmless error message on install Update to version 1.65.0: * onedrive: add --onedrive-delta flag to enable ListR * smb: fix modtime of multithread uploads by setting PartialUploads * smb: fix about size wrong by switching to github.com/cloudsoda/go-smb2/ fork * serve s3: fix overwrite of files with 0 length file * serve s3: fix error handling for listing non-existent prefix - fixes #7455 * test_all: make integration test for serve s3 * Add Abhinav Dhiman to contributors * Add 你知道未来吗 to contributors * imagekit: Added ImageKit backend * fs/fshttp: fix --contimeout being ignored * s3: ensure we can set upload cutoff that we use for Rclone provider * serve s3: document multipart copy doesn't work #7454 * b2: fix streaming chunked files an exact multiple of chunk size * fstest: factor chunked streaming tests from b2 and use in all backends * b2: fix server side chunked copy when file size was exactly --b2-copy-cutoff * fstest: factor chunked copy tests from b2 and use them in s3 and oos * operations: fix overwrite of destination when multi-thread transfer fails * random: stop using deprecated rand.Seed in go1.20 and later * random: speed up String function for generating larger blocks * hash: allow runtime configuration of supported hashes for testing * Add Alen Šiljak to contributors * http: enable methods used with WebDAV - fixes #7444 * s3: detect looping when using gcs and versions * dropbox: fix missing encoding for rclone purge again * test_all: limit the Zoho tests to just the backend * test_all: remove uptobox from integration tests * operations: use less memory when doing multithread uploads * operations: make Open() return an io.ReadSeekCloser #7350 * fs: add ChunkWriterDoesntSeek feature flag and set it for b2 * mockobject: fix SetUnknownSize method to obey parameter passed in * box: fix performance problem reading metadata for single files * gcs: fix 400 Bad request errors when using multi-thread copy * http: implement set backend command to update running backend * dropbox: fix missing encoding for rclone purge * Update Docs to show SMB remote supports modtime.md * docs: cleanup backend hashes sections * docs: replace mod-time with modtime * march: Fix excessive parallelism when using --no-traverse * Add Mina Galić to contributors * Makefile: use POSIX compatible install arguments * install.sh: Clean up temp files in install script * drive: fix integration tests by enabling metadata support from the context * fstests: make sure Metadata is enabled in the context for metadata tests * Refresh CONTRIBUTING.md * fs: implement --metadata-mapper to transform metatadata with a user supplied program * drive: fix error updating created time metadata on existing object * drive: add read/write metadata support * Add moongdal to contributors * Add viktor to contributors * Add karan to contributors * Add Oksana Zhykina to contributors * linkbox: pre-merge fixes * backend: add Linkbox backend * vfs: error out early if can't upload 0 length file * azurefiles: finish docs and implementation and add optional interfaces * Implement Azure Files backend * fs: fix a typo in a comment * quatrix: overwrite files on conflict during server-side move * quatrix: add partial upload support * serve s3: pre-merge tweaks * Add Saw-jan to contributors * serve s3: fixes before merge * Add Artur Neumann to contributors * serve s3: fix file name encoding using s3 serve with mc client * Add Mikubill to contributors * serve s3: let rclone act as an S3 compatible server * s3: add --s3-disable-multipart-uploads flag * bin/update_authors.py: add authors from Co-authored-by: lines too * size: dont show duplicate object count when less than 1k * lib/file: fix MkdirAll after go1.21.4 stdlib update * docs: factor large docs into separate .md files to make them easier to maintain. * Add Tayo-pasedaRJ to contributors * Add Adithya Kumar to contributors * Add wuxingzhong to contributors * hdfs: added support for list of namenodes in hdfs remote config * webdav: added an rclone vendor to work with rclone serve webdav * docs: show hashsum arguments as optional in usage string * docs: document how to build with version info and icon resources on windows * build: refactor version info and icon resource handling on windows * serve dnla: fix crash on graceful exit * operations: fix server side copies on partial upload backends after refactor * mount: disable mount for freebsd * build: update all dependencies * operations: fix invalid UTF-8 when truncating file names when not using --inplace * operations: refactor Copy into methods on an temporary object * operations: factor Copy into its own file * build(deps): bump google.golang.org/grpc from 1.56.2 to 1.56.3 * b2: fix multi-thread upload with copyto going to wrong name * fstests: add integration test for OpenChunkWriter uploading to the wrong name * b2: fix error handler to remove confusing DEBUG messages * s3: emit a debug message if anonymous credentials are in use * ncdu: fix crash when re-entering changed directory after rescan * fs: fix docs for Bits * fs: add IsSet convenience method to Bits * docs: remove third party logos from source tree * docs: update Storj image and link * Add alfish2000 to contributors * union: fix documentation * build: fix new lint errors with golangci-lint v1.55.0 * selfupdate: make sure we don't run tests if selfupdate is set * local: fix copying from Windows Volume Shadows * Changelog updates from Version 1.64.2 * selfupdate: fix 'invalid hashsum signature' error * build: add the serve docker tests to the integration tester * build: fix docker build running out of space * Add Ivan Yanitra to contributors * Add Keigo Imai to contributors * Add Gabriel Espinoza to contributors * azureblob: add support cold tier * drive: add a note that --drive-scope accepts comma-separated list of scopes * docs: change authors email for SimJoSt * Changelog updates from Version 1.64.1 * lib/http: export basic go strings functions * docs: update documentation for --fast-list adding info about ListR * mount: fix automount not detecting drive is ready * sftp: implement --sftp-copy-is-hardlink to server side copy as hardlink * serve sftp: return not supported error for not supported commands * b2: fix chunked streaming uploads * build: upgrade golang.org/x/net to v0.17.0 to fix HTTP/2 rapid reset * b2: fix server side copies greater than 4GB * cmd: Make --progress output logs in the same format as without * operations: fix error message on delete to have file name - fixes #7355 * operations: fix OpenOptions ignored in copy if operation was a multiThreadCopy * build: fix docker beta build running out of space * Add Volodymyr to contributors * operations: implement --partial-suffix to control extension of temporary file names * s3: fix no error being returned when creating a bucket we don't own * oracleobjectstorage: fix OpenOptions being ignored in uploadMultipart with chunkWriter * s3: fix OpenOptions being ignored in uploadMultipart with chunkWriter * drive: add --drive-show-all-gdocs to allow unexportable gdocs to be server side copied * Add Saleh Dindar to contributors * Add Beyond Meat to contributors * nfsmount: documentation for new NFS mount feature for macOS * nfsmount: New mount command to provide mount mechanism on macOS without FUSE * serve nfs: new `serve nfs` command * vfs: Add go-billy dependency and make sure vfs.Handle implements billy.File * vfs: [bugfix] Update dir modification time * vfs: [bugfix] Implement Name() method in WriteFileHandle and ReadFileHandle * vfs: add --vfs-refresh flag to read all the directories on start * operations: add operations/check to the rc API * operations: close file in TestUploadFile test so it can be deleted on Windows * googlephotos: implement batcher for uploads - fixes #6920 * dropbox: factor batcher into lib/batcher * fs: re-implement DumpMode with Bits * fs: create fs.Bits for easy creation of parameters from a bitset of choices * vfs: re-implement CacheMode with fs.Enum * fs: re-implement CutoffMode, LogLevel, TerminalColorMode with Enum * fs: create fs.Enum for easy creation of parameters from a list of choices * fs: fix option types printing incorrectly for backend flags * onedrive: implement ListR method which gives --fast-list support * onedrive: factor API types back into correct file * b2: reduce default --b2-upload-concurrency to 4 to reduce memory usage * b2: fix locking window when getting mutipart upload URL * pacer: fix b2 deadlock by defaulting max connections to unlimited * docs: add utime (time of file upload) to standard system metadata * jottacloud: add support for reading and writing metadata * s3: fix slice bounds out of range error when listing * Add rinsuki to contributors * drive: add support of SHA-1 and SHA-256 checksum * s3: add docs on how to add a new provider * s3: add Linode provider * s3: Factor providers list out and auto generate textual version * docs: fix backend doc generator to not output duplicate config names * Add Nikita Shoshin to contributors * rcserver: set `Last-Modified` header for files served by `--rc-serve` * docs: fix typos found by codespell in docs and code comments * onedrive: fix the configurator to allow /teams/ID in the config * build: add btesth target to output beta log in HTML for email pasting * lsjson: make sure we set the global metadata flag too * rc: always report an error as JSON * b2: fix multipart upload: corrupted on transfer: sizes differ XXX vs 0 * b2: implement --b2-lifecycle to control lifecycle when creating buckets * b2: implement 'rclone backend lifecycle' to read and set bucket lifecycles * b2: fix listing all buckets when not needed * azureblob: fix 'fatal error: concurrent map writes' * build(deps): bump docker/setup-qemu-action from 2 to 3 * box: add more logging for polling * box: filter more EventIDs when polling * build(deps): bump docker/setup-buildx-action from 2 to 3 * storj: update storj.io/uplink to v1.12.0 * docs: add notes on how to update the website between releases * docs: remove minio sponsor box for the moment * docs: update Storj partner link * Add Herby Gillot to contributors * Add Pat Patterson to contributors * docs: add MacPorts install info * build(deps): bump docker/metadata-action from 4 to 5 * build(deps): bump docker/login-action from 2 to 3 * build(deps): bump docker/build-push-action from 4 to 5 * fix overview of oracle object storage as it supports multithreaded * operations: ensure concurrency is no greater than the number of chunks - fixes #7299 * docs: fix minimum Go version and update to 1.18 Update to version 1.64.2: * selfupdate: fix 'invalid hashsum signature' error * build: fix docker build running out of space Update to version 1.64.1: * mount: fix automount not detecting drive is ready * serve sftp: return not supported error for not supported commands * b2: fix chunked streaming uploads * build: upgrade golang.org/x/net to v0.17.0 to fix HTTP/2 rapid reset * b2: fix server side copies greater than 4GB * cmd: Make --progress output logs in the same format as without * operations: fix error message on delete to have file name - fixes #7355 * operations: fix OpenOptions ignored in copy if operation was a multiThreadCopy * build: fix docker beta build running out of space * oracleobjectstorage: fix OpenOptions being ignored in uploadMultipart with chunkWriter * s3: fix OpenOptions being ignored in uploadMultipart with chunkWriter * vfs: [bugfix] Update dir modification time * operations: close file in TestUploadFile test so it can be deleted on Windows * b2: reduce default --b2-upload-concurrency to 4 to reduce memory usage * b2: fix locking window when getting mutipart upload URL * pacer: fix b2 deadlock by defaulting max connections to unlimited * s3: fix slice bounds out of range error when listing * docs: fix backend doc generator to not output duplicate config names * docs: fix typos found by codespell in docs and code comments * onedrive: fix the configurator to allow /teams/ID in the config * lsjson: make sure we set the global metadata flag too * b2: fix multipart upload: corrupted on transfer: sizes differ XXX vs 0 * azureblob: fix 'fatal error: concurrent map writes' * build(deps): bump docker/setup-qemu-action from 2 to 3 * build(deps): bump docker/setup-buildx-action from 2 to 3 * storj: update storj.io/uplink to v1.12.0 * docs: add notes on how to update the website between releases * docs: remove minio sponsor box for the moment * docs: update Storj partner link * docs: add MacPorts install info * build(deps): bump docker/metadata-action from 4 to 5 * build(deps): bump docker/login-action from 2 to 3 * build(deps): bump docker/build-push-action from 4 to 5 * fix overview of oracle object storage as it supports multithreaded * operations: ensure concurrency is no greater than the number of chunks - fixes #7299 - Update to version 1.64.0: * protondrive: make cached keys rclone style and not show with `rclone config redacted` * docs: document release signing and verification * docs: fix typo in rc docs - fixes #7287 * protondrive: complete docs with all references to Proton Drive * drive: add --drive-fast-list-bug-fix to control ListR bug workaround * s3: add rclone backend restore-status command * Add Drew Stinnett to contributors * Add David Pedersen to contributors * rc: Add operations/settier to API * protondrive: implement two-password mode (#7279) * vfs: Update parent directory modtimes on vfs actions * hdfs: fix retry 'replication in progress' errors when uploading * hdfs: fix uploading to the wrong object on Update with overriden remote name * test_all: remove filefabric from integration tests * Add Oksana and Volodymyr Kit to contributors * quatrix: add backend to support Quatrix * protondrive: fix signature verification logic by accounting for legacy signing scheme (#7278) * vfs: add --vfs-cache-min-free-space to control minimum free space on the disk containing the cache * rc: add core/du to measure local disk usage * Add lib/diskusage to measure used/free on disks * Add zjx20 to contributors * local: rmdir return an error if the path is not a dir * s3: implement backend set command to update running config * protondrive: improves 2fa and draft error messages (#7280) * zoho: remove Range requests workarounds to fix integration tests * fstests: fix PublicLink failing on storj * opendrive: fix List on a just deleted and remade directory * operations: fix TestCopyFileMaxTransfer test to not be quite so fussy * compress: fix ChangeNotify * azureblob: fix purging with directory markers * test_all: ignore Rmdirs test failure on b2 as it fails because of versions * Add @nielash as bisync maintainer * build(deps): bump actions/checkout from 3 to 4 * bisync: fix dryRun rc parameter being ignored * bisync: add rc parameters for new flags * compress: fix integration tests by adding missing OpenChunkWriter exclude * cache: fix integration tests by adding missing OpenChunkWriter exclude * cmd: refactor and use sysdnotify in more commands * box: add --box-impersonate to impersonate a user ID - fixes #7267 * union: add :writback to act as a simple cache * azureblob: fix creation of directory markers * fstest: fix sftp ssh integration tests * b2: fix ChunkWriter size return * s3: fix multpart streaming uploads of 0 length files * backends: change OpenChunkWriter interface to allow backend concurrency override * Add Alishan Ladhani to contributors * b2: fix rclone link when object path contains special characters * serve dlna: fix MIME type if backend can't identify it * docs: add Storj as a sponsor * Add Bj?rn Smith to contributors * jotta: added Telia Sky whitelabel (Norway) * docs: single character remote names in Windows * docs: sftp: add note regarding format of server_command * fshttp: fix --bind 0.0.0.0 allowing IPv6 and --bind ::0 allowing IPv4 * box: fix unhelpful decoding of error messages into decimal numbers * cmd/ncdu: fix add keybinding to rescan filesystem * box: add polling support * cmd/ncdu: add keybinding to rescan filesystem * docs: may not -> might not, to remove ambiguity * build: fix lint errors when re-enabling revive var-naming * build: fix lint errors when re-enabling revive exported & package-comments * build: re-enable revive linters * lib/multipart: fix accounting for multipart transfers * s3: fix purging of root directory with --s3-directory-markers - fixes #7247 * fstests: add backend integration test for purging root directory #7247 * s3: fix accounting for multpart uploads * oracleobjectstorage: fix accounting for multpart uploads * b2: fix accounting for multpart uploads * operations: fix terminology in multi-thread copy * operations: fix accounting for multi-thread transfers * operations: don't buffer when a backend implements OpenWriterAt * lib/pool: add DelayAccounting() to fix accounting when reading hashes * lib/pool: add SetAccounting to RW * oracleobjectstorage: implement OpenChunkWriter and multi-thread uploads #7056 * b2: implement OpenChunkWriter and multi-thread uploads #7056 * azureblob: implement OpenChunkWriter and multi-thread uploads #7056 * operations: document multi-thread copy and tweak defaults * operations: add abort on exit to multithread copy * operations: multipart: don't buffer transfers to local disk #7056 * s3: factor generic multipart upload into lib/multipart #7056 * fs: add context.Ctx to ChunkWriter methods * operations: fix and tidy multithread code * s3: fix retry logic, logging and error reporting for chunk upload * fs: introduces aliases for OpenWriterAtFn and OpenChunkWriterFn * pool: add page backed reader/writer for multi thread uploads * lib/readers: add NoSeeker to adapt io.Reader to io.ReadSeeker * serve ftp: fix race condition when using the auth proxy * docs: remove contributor's old email * serve ftp: update to goftp.io/server v2.0.1 - fixes #7237 * serve sftp: fix hash calculations with --vfs-cache-mode full * Add Roberto Ricci to contributors * vfs: make sure struct field is aligned for atomic access * vfs: use atomic types * lib: use atomic types * fs: use atomic types * cmount: use atomic types * smb: use atomic types * sftp: use atomic types * seafile: use atomic types * local: use atomic types * filefabric: use atomic types * box: use atomic types * union: use atomic types * sftp: fix --sftp-ssh looking for ssh agent - fixes #7235 * sftp: fix spurious warning when using --sftp-ssh * sync: fix lockup with --cutoff-mode=soft and --max-duration * ftp: fix 425 'TLS session of data connection not resumed' errors * rmdirs: remove directories concurrently controlled by --checkers * Add hideo aoyama to contributors * Add Jacob Hands to contributors * build: add snap installation * ci: change Winget Releaser job to `ubuntu-latest` * fs: Fix transferTime not being set in JSON logs * fs: Don't stop calculating average transfer speed until the operation is complete * sync: fix erroneous test in TestSyncOverlapWithFilter * Add Vitor Gomes to contributors * Add nielash to contributors * Add alexia to contributors * multithread: refactor multithread operation to use OpenChunkWriter if available #7056 * config: add 'multi-thread-chunk-size' flag #7056 * s3: refactor MultipartUpload to use OpenChunkWriter and ChunkWriter #7056 * features: add new interfaces OpenChunkWriter and ChunkWriter #7056 * bisync: typo corrections & other doc improvements * bisync: Add support for --create-empty-src-dirs - Fixes #6109 * bisync: Add experimental --resilient mode to allow recovery from self-correctable errors * bisync: Add new --ignore-listing-checksum flag to distinguish from --ignore-checksum * bisync: equality check before renaming (leave identical files alone) * bisync: apply filters correctly during deletes * bisync: enforce --check-access during --resync * bisync: dry runs no longer commit filter changes * gitignore: add .DS_Store and remove *.log * fichier: fix error code parsing * build: update to released go1.21 * Add antoinetran to contributors * Add James Braza to contributors * Add Masamune3210 to contributors * Add Nihaal Sangha to contributors * protondrive: update the information regarding the advance setting enable_caching (#7202) * docs: clarify --checksum documentation - Fixes #7145 * docs: add some more docs on making your own backend * docs: environment variable remote name only supports letters, digits, or underscores * docs: local: fix typo * lib/rest: remove unnecessary nil check * drive: fix typo in docs * oracleobjectstorage: Use rclone's rate limiter in mutipart transfers * accounting: show server side stats in own lines and not as bytes transferred * rclone test info: add --check-base32768 flag to check can store all base32768 characters * Add Raymond Berger to contributors * storj: performance improvement for large file uploads * docs: box client_id creation * docs: add missing comma to overview webdav footnote * build: update to go1.21rc4 * Add Julian Lepinski to contributors * docs: add minio as a sponsor * swift: fix HEADing 0-length objects when --swift-no-large-objects set * docs: update command docs to new style * docs: group the global flags and make them appear on command and flags pages * Add rclone completion powershell - basic implementation only * docs: fix rclone config edit docs * build: remove unused package cmd/serve/http/data * Add nielash to contributors * Add Zach to contributors * http: fix webdav OPTIONS response (#6433) * webdav: nextcloud: fix segment violation in low-level retry * sftp: support dynamic --sftp-path-override * ftp,sftp: add socks_proxy support for SOCKS5 proxies * http: CORS should not be send if not set (#6433) * docs: rclone backend restore * build: update dependencies * Add yuudi to contributors * rc: add execute-id for job-id * sftp: add --sftp-ssh to specify an external ssh binary to use * Add Niklas Hamb?chen to contributors * protondrive: fix a bug in parsing User metadata (#7174) * docs: dropbox: Explain that Teams needs 'Full Dropbox' * fichier: implement DirMove * docs: b2 versions names caveat * serve webdav: fix error: Expecting fs.Object or fs.Directory, got <nil> * docs: s3 versions names caveat * http servers: allow CORS to be set with --allow-origin flag - fixes #5078 * sftp: stop uploads re-using the same ssh connection to improve performance * vfs: keep virtual directory status accurate and reduce deadlock potential * vfs: Added cache cleaner for directories to reduce memory usage * Add Edwin Mackenzie-Owen to contributors * Add Tiago Boeing to contributors * Add gabriel-suela to contributors * Add Ricardo D'O. Albanus to contributors * smb: implement multi-threaded writes for copies to smb * docs: mega: update with solution when receiving killed on process * protondrive: fix download signature verification bug (#7169) * protondrive: fix bug in digests parsing (#7164) * protondrive: fix missing file sha1 and appstring issues (#7163) * Add Chun-Hung Tseng to Maintainer (#7162) * cmd: fix log message typo * chunker: Update documentation to mention issue with small files * fix: mount parsing for linux * Add Chun-Hung Tseng to contributors * protondrive: add protondrive backend - fixes #6072 * doc: Fix Leviia block * docs: mention Box as base32768 compatible * Add Leviia Object Storage on index.md * Add Object storage to Leviia on README.md * --max-transfer - add new exit code (10) * Changelog updates from Version v1.63.1 * build: add new sponsors page to docs * operations: fix overlapping check on case insensitive file systems * Add Benjamin to contributors * s3: add Leviia S3 Object Storage as provider * build: update to go1.21rc3 and make go1.19 the minimum required version * Add darix to contributors * box: fix reconnect failing with HTTP 400 Bad Request * webdav: nextcloud chunking: add more guidance for the user to check the config * operations: fix .rclonelink files not being converted back to symlinks * local: fix partial directory read for corrupted filesystem * smb: fix 'Statfs failed: bucket or container name is needed' when mounting * Add Vladislav Vorobev to contributors * docs: no need to disable 2FA for Mail.ru Cloud anymore * rclone config redacted: implement support mechanism for showing redacted config * docs: update the number of providers supported * Add Mahad to contributors * Add BakaWang to contributors * docs: drive: Fix step 4 in 'Making your own client_id' * s3: add synology to s3 provider list * docs: remove old donate page * docs: update contact page on website * webdav: nextcloud: fix must use /dav/files/USER endpoint not /webdav error * operations: fix deadlock when using lsd/ls with --progress - Fixes #7102 * dirtree: fix performance with large directories of directories and --fast-list * Add Fjodor42 to contributors * Add Dean Attali to contributors * Add Sawada Tsunayoshi to contributors * jottacloud: add Onlime provider * build: fix macos builds for versions < 12 * docs: dropbox get client id, clarify you need to click a button - Fix executable permission boo#1140423 Moderate SUSE bug 1140423 SUSE bug 1232964 SUSE bug 1233422 CVE-2023-45286 at SUSE CVE-2023-45286 at NVD CVE-2023-45288 at SUSE CVE-2023-45288 at NVD CVE-2023-48795 at SUSE CVE-2023-48795 at NVD CVE-2024-24786 at SUSE CVE-2024-24786 at NVD CVE-2024-45337 at SUSE CVE-2024-45337 at NVD CVE-2024-45338 at SUSE CVE-2024-45338 at NVD CVE-2024-51744 at SUSE CVE-2024-51744 at NVD CVE-2024-52522 at SUSE CVE-2024-52522 at NVD CVE-2025-22869 at SUSE CVE-2025-22869 at NVD CVE-2025-22870 at SUSE CVE-2025-22870 at NVD CVE-2025-30204 at SUSE CVE-2025-30204 at NVD cpe:/o:opensuse:leap:15.6 Security update for varnish (Important) openSUSE Leap 15.6 This update for varnish fixes the following issues: - Update to release 7.7.1 * VSV-16: Resolve request smuggling attack - Update to release 7.7.0 * The `linux` jail gained control of transparent huge pages settings. * An issue has been fixed which could cause a crash when varnishd receives an invalid Content-Range header from a backend. * Timestamping for HTTP/2 requests (when idle period begins) has been switched to be more in line with HTTP/1. * VSV-15: The client connection is now always closed when a malformed request is received. [CVE-2025-30346, boo#1239892] - Update to release 7.6.0 * The Varnish Delivery Processor (VDP) filter API has been generalized to also accommodate future use for backend request bodies. * VDPs with no vdp_bytes_f function are now supported if the vdp_init_f returns a value greater than zero to signify that the filter is not to be added to the chain. This is useful to support VDPs which only need to work on headers. * The epoll and kqueue waiters have been improved to correctly report WAITER_REMCLOSE, which increases the WAITER.*.remclose counter. * varnishtest now supports the shutdown command corresponding to the shutdown(2) standard C library call. * VSC counters for waiters have been added: * conns to count waits on idle connections * remclose to count idle connections closed by the peer * timeout to count idle connections which timed out in the waiter * action to count idle connections which resulted in a read * The port of a listen_endpoint given with the -a argument to varnishd can now also be a numerical port range like '80-89'. * The warning 'mlock() of VSM failed' message is now emitted when locking of shared memory segments (via mlock(2)) fails. * A bug has been fixed where string comparisons in VCL could fail with the nonsensical error message 'Comparison of different types: STRING '==' STRING'. * An issue has been addressed in the builtin.vcl where backend responses would fail if they contained a Content-Range header when no range was requested. * Additional SessError VSL events are now generated for various HTTP/2 protocol errors. * A new Linux jail has been added which is now the default on Linux. For now, it is almost identical to the Unix jail with one addition: * When the new Linux jail is used, the working directory not mounted on tmpfs partition. * A race condition with VCL temperature transitions has been addressed. * Internal management of probes has been reworked to address race conditions. * Backend tasks can now be instructed to queue if the backend has reached its max_connections. * The size of the buffer to hold panic messages is now tunable through the new panic_buffer parameter. * The Varnish Shared Memory (VSM) and Varnish Shared Counters (VSC) consumer implementation in libvarnishapi have been improved for stability and performance. * An issue has been fixed where Varnish Shared Log (VSL) queries (for example using ``varnishlog -q``) with numerical values would fail in unexpected ways due to truncation. * The ``ObjWaitExtend()`` Object API function gained a statep argument to optionally return the busy object state consistent with the current extension. A NULL value may be passed if the caller does not require it. * For backends using the ``.via`` attribute to connect through a proxy, the connect_timeout, ``first_byte_timeout`` and ``between_bytes_timeout`` attributes are now inherited from proxy unless explicitly given. * varnishd now creates a worker_tmpdir which can be used by VMODs for temporary files. The VMOD developer documentation has details. * The environment variable VARNISH_DEFAULT_N now provides the default 'varnish name' / 'workdir' as otherwise specified by the ``-n`` argument to varnishd and varnish* utilities except varnishtest. * A glitch with TTL comparisons has been fixed which could, for example, lead to unexpected behavior with purge.soft(). - Update to release 7.5.0 * Resolved CVE-2023-44487, CVE-2024-30156 [boo#1221942] * The default value of cli_limit has been increased from 48KB to 64KB. * A new ``pipe_task_deadline`` directive specifies the maximum duration of a pipe transaction. * All the timeout parameters that can be disabled accept the 'never' value. * Added parameters to control the HTTP/2 Rapid Reset attach. - update to 7.4.2 (boo#1216123, CVE-2023-44487): * The ``vcl_req_reset`` feature (controllable through the ``feature`` parameter, see `varnishd(1)`) has been added and enabled by default to terminate client side VCL processing early when the client is gone. *req_reset* events trigger a VCL failure and are reported to `vsl(7)` as ``Timestamp: Reset`` and accounted to ``main.req_reset`` in `vsc` as visible through ``varnishstat(1)``. In particular, this feature is used to reduce resource consumption of HTTP/2 'rapid reset' attacks (see below). Note that *req_reset* events may lead to client tasks for which no VCL is called ever. Presumably, this is thus the first time that valid `vcl(7)` client transactions may not contain any ``VCL_call`` records. * Added mitigation options and visibility for HTTP/2 'rapid reset' attacks Global rate limit controls have been added as parameters, which can be overridden per HTTP/2 session from VCL using the new vmod ``h2``: * The ``h2_rapid_reset`` parameter and ``h2.rapid_reset()`` function define a threshold duration for an ``RST_STREAM`` to be classified as 'rapid': If an ``RST_STREAM`` frame is parsed sooner than this duration after a ``HEADERS`` frame, it is accounted against the rate limit described below. * The ``h2_rapid_reset_limit`` parameter and ``h2.rapid_reset_limit()`` function define how many 'rapid' resets may be received during the time span defined by the ``h2_rapid_reset_period`` parameter / ``h2.rapid_reset_period()`` function before the HTTP/2 connection is forcibly closed with a ``GOAWAY`` and all ongoing VCL client tasks of the connection are aborted. The defaults are 100 and 60 seconds, corresponding to an allowance of 100 'rapid' resets per minute. * The ``h2.rapid_reset_budget()`` function can be used to query the number of currently allowed 'rapid' resets. * Sessions closed due to rapid reset rate limiting are reported as ``SessClose RAPID_RESET`` in `vsl(7)` and accounted to ``main.sc_rapid_reset`` in `vsc` as visible through ``varnishstat(1)``. * The ``cli_limit`` parameter default has been increased from 48KB to 64KB. * ``VSUB_closefrom()`` now falls back to the base implementation not only if ``close_range()`` was determined to be unusable at compile time, but also at run time. That is to say, even if ``close_range()`` is compiled in, the fallback to the naive implementation remains. Important SUSE bug 1216123 SUSE bug 1221942 SUSE bug 1239892 CVE-2013-4484 at SUSE CVE-2013-4484 at NVD CVE-2023-44487 at SUSE CVE-2023-44487 at NVD CVE-2024-30156 at SUSE CVE-2024-30156 at NVD CVE-2025-30346 at SUSE CVE-2025-30346 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: - Chromium 132.0.6834.83 (stable released 2024-01-14) (boo#1235892) * CVE-2025-0434: Out of bounds memory access in V8 * CVE-2025-0435: Inappropriate implementation in Navigation * CVE-2025-0436: Integer overflow in Skia * CVE-2025-0437: Out of bounds read in Metrics * CVE-2025-0438: Stack buffer overflow in Tracing * CVE-2025-0439: Race in Frames * CVE-2025-0440: Inappropriate implementation in Fullscreen * CVE-2025-0441: Inappropriate implementation in Fenced Frames * CVE-2025-0442: Inappropriate implementation in Payments * CVE-2025-0443: Insufficient data validation in Extensions * CVE-2025-0446: Inappropriate implementation in Extensions * CVE-2025-0447: Inappropriate implementation in Navigation * CVE-2025-0448: Inappropriate implementation in Compositing - update esbuild to 0.24.0 - drop old tarball - use upstream release tarball for 0.24.0 - add vendor tarball for golang.org/x/sys - add to keeplibs: third_party/libtess2 third_party/devtools-frontend/src/node_modules/fast-glob Important SUSE bug 1235892 CVE-2025-0434 at SUSE CVE-2025-0434 at NVD CVE-2025-0435 at SUSE CVE-2025-0435 at NVD CVE-2025-0436 at SUSE CVE-2025-0436 at NVD CVE-2025-0437 at SUSE CVE-2025-0437 at NVD CVE-2025-0438 at SUSE CVE-2025-0438 at NVD CVE-2025-0439 at SUSE CVE-2025-0439 at NVD CVE-2025-0440 at SUSE CVE-2025-0440 at NVD CVE-2025-0441 at SUSE CVE-2025-0441 at NVD CVE-2025-0442 at SUSE CVE-2025-0442 at NVD CVE-2025-0443 at SUSE CVE-2025-0443 at NVD CVE-2025-0446 at SUSE CVE-2025-0446 at NVD CVE-2025-0447 at SUSE CVE-2025-0447 at NVD CVE-2025-0448 at SUSE CVE-2025-0448 at NVD cpe:/o:opensuse:leap:15.6 Security update for libxmp (Moderate) openSUSE Leap 15.6 This update for libxmp fixes the following issues: - Update to release 4.6.3 * Fix crashes when xmp_set_position/xmp_set_row is used to set a negative position/row. * Fix hangs when xmp_prev_position is used on the first position of a sequence which is preceded by an S3M/IT skip marker. * Fix out-of-bounds reads when xmp_next_position is used at the end of a 256 position module. * Fix hangs when seeking to an end-of-module marker caused by these positions getting assigned a non-existent sequence. * Fix stack underflow in Pha Packer loader (CVE-2025-47256). * Fix broken conversion of ProRunner 2.0 pattern data. * xmp_set_tempo_factor no longer alters frame time calculation for xmp_get_frame_info. Frame time is now updated to account for the new time factor after calling xmp_scan_module. * Fix loading XMs with some types of harmless pattern truncation. * Fix Digital Tracker 2.03 position jump effect for 4 channel DTMs. * Fix pattern loop jump interactions with same row pattern jump/break: Scream Tracker 3.03b+; Impulse Tracker 1.00 to 1.06 IT; Impulse Tracker 2.00+ IT/S3M; Modplug Tracker 1.16 IT/XM/S3M; Imago Orpheus IMF/S3M; Liquid Tracker LIQ/S3M; Poly Tracker; Digital Tracker >=2.02 DTM/MOD; Digital Tracker 2.03 (partial); Digital Tracker 1.9 (partial); Octalyser. * Fix the pattern loop effect in Astroidea XMF loader. - Update to release 4.6.2 * Fix MED effect 1Fxy (delay and retrigger). The new implementation supports both delay and retrigger at the same time and repeats. * Fix MED effect FF3 (revert change from 4.6.1). The buggy version of this effect prior to OctaMED v5 is not currently supported. * Fix MED3 and MED4 time factor and tempos 1-10. * Fix MED4 effect 9xx (set speed). * Add support for MED3 and MED4 song files. * Handle IT modules with edit history but no MIDI configuration. - Update to release 4.6.1 * Add stereo sample loading support for IT, S3M, XM, MED, LIQ, and Digital Tracker (partial). * Add sample preamplification to filter mixers for high sample rates. * Add support for Ultra Tracker tempo commands. * Load Ultra Tracker comments instead of skipping them. * Implement support for Protracker instrument swapping. * Implement retrigger effects for MED, OctaMED, and Liquid Tracker where only one retrigger occurs. Liquid Tracker (new format) and Digital Symphony now allow retrigger values larger than 15. * Fix loop detection edge cases broken by S3M/IT marker scan bugs. * Add fix for IT break to module scan. * Fix restart position for >64k sample and Digital Tracker MODs. * Reset Invert Loop position when a new instrument is encountered. * MOD: make presence of invert loop override tracker ID guesses. * M.K. modules within Amiga limits which use EFx invert loop are now IDed as Protracker. * Support for loading Digital Tracker 2.03 DTMs (MOD patterns). * Support for loading Digital Tracker 1.9 DTMs (VERS/SV19). * Allow patterns up to 396 rows in Digital Home Studio DTMs. * Support for Digital Tracker 1.9 'MIDI note' transpose. * Simulate Digital Tracker effects bugs where possible. * A bunch of Liquid Tracker (.liq files) bug fixes * Fix out-of-bounds reads in His Master's Noise Mupp instruments. * Add compatibility for non-standard Pattern Loop implementations: Scream Tracker 3.01b; Scream Tracker 3.03b+; Impulse Tracker 1.00; Impulse Tracker 1.04 to 2.09; Modplug Tracker 1.16; Digital Tracker >=2.04; Digital Tracker 1.9; Octalyser; Imago Orpheus; Liquid Tracker; Poly Tracker. (MOD, FT2, and IT 2.10+ were already supported.) * S3M: Detect PlayerPRO, Velvet Studio and old MPT versions. Moderate CVE-2025-47256 at SUSE CVE-2025-47256 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 Chromium was updated to 137.0.7151.68 (stable release 2025-06-03) (boo#1244019) * CVE-2025-5419: Out of bounds read and write in V8 * CVE-2025-5068: Use after free in Blink - Google is aware that an exploit for CVE-2025-5419 exists in the wild. Important CVE-2025-5068 at SUSE CVE-2025-5068 at NVD CVE-2025-5419 at SUSE CVE-2025-5419 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Django (Moderate) openSUSE Leap 15.6 This update for python-Django fixes the following issues: - CVE-2025-48432: Fixed potential log injection via unescaped request path (boo#1244095). Moderate SUSE bug 1244095 CVE-2025-48432 at SUSE CVE-2025-48432 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: Chromium 137.0.7151.103 (boo#1244452) - CVE-2025-5958: Use after free in Media - CVE-2025-5959: Type Confusion in V8 Important SUSE bug 1244452 CVE-2025-5958 at SUSE CVE-2025-5958 at NVD CVE-2025-5959 at SUSE CVE-2025-5959 at NVD cpe:/o:opensuse:leap:15.6 Security update for atop (Low) openSUSE Leap 15.6 This update for atop fixes the following issues: - Update to 2.11.1: * Atop will not connect to the TCP port of 'atopgpud' daemon any more by default. The flag -k can be used explicitly when 'atopgpud' is active. Also the code to parse the received strings is improved to avoid future issues with heap corruption. * The flag -K has been implemented to connect to netatop/netatop-bpf. * Fix CVE-2025-31160 (boo#1240393) - Update to 2.11.0: * Cgroups (version 2) support. Show the hierarchical structure of cgroups and the related metrics with key/option 'G', and define the cgroup depth with the keys/options 2 till 7. Key/option 8 also shows the processes per cgroup level, except the kernel processes in the root cgroup. Key/option 9 shows the related processes per cgroup level including the kernel processes in the root cgroup. With key/option 'C' the output is sorted on CPU consumption (default), with key/option 'M' on memory consumption, and with key/option 'D' (requires root privileges) on disk utilization. Note: The collection of cgroup information per process is not supported any more. * Twin mode: live measurement with review option. In twin mode atop spawns into a lower level process that gathers the counters and writes them to a temporary raw file, and an upper level process that reads the counters from the temporary raw file and presents them to the user. The reading of the upper level process keeps in pace with the written samples of the lower level process for live measurements. However, when pressing the 'r' (reset to measurement begin), the 'b' (branch to time stamp), or the 'T' (previous sample), the upper level process implicitly pauses with the possibility to review previous samples. The 'z' (explicit pause) can also be used to pause the live measurement. When pressing the 'z' again (continue after pause) viewing of the live measurement will be continued. * Various corrections related to JSON output. * Improved gathering of current CPU frequency. * Support more than 500 CPUs. * The format of the raw file is incompatible with previous versions. Raw files from previous versions can be converted to the new layout with the atopconvert command. - Update to 2.10.0: * Additional memory statistics on system level: amount of available memory, amount of memory used for Transparant Huge Pages, amount of memory used by two categories of static huge pages (usually 2MiB and 1GiB), and the number of pages transferred to/from zswap. * Additional counters for the number of idle threads on system level and process level. * Refined view of memory bar graph, including free static huge pages. * Generic way to determine the container id or pod name for containerized processes. * Support for a BPF-based alternative[1] for the netatop kernel module to gather network statistics per process/thread. * Use the -z flag followed by a regex to prepend matching environment variables to the full command line that is shown per process (with key 'c'). * Various bugfixes (like memory leak when switching to bar graph mode) and minor improvements. * Bugfix: failing malloc while starting atopsar (unprivileged) for a live measurement. * The program atophide can be used to make an extraction from an input raw log to an output raw log, optionally specifying a begin time and/or an end time. The output raw log can be anonymized, i.e. the hostname will be replaced, command names of non-standard commands will be replaced, all command arguments will be wiped, logical volume names will be replaced and NFS mounted volume names will be replaced. * The format of the raw file is incompatible with previous versions. Raw files from previous versions can be converted to the new layout with the atopconvert command. - Update to 2.9.0: * Avoid compiler warning by limiting PSI average * Install cleanup function to avoid termination of parent process * add man for PAG steal * Oomkills event should not remain orange after boot values * Clarified atop man page * Closing bracket missing in synopsis * Add highlight concerning bar graph mode * Introduce bar graph mode Besides all detailed information that is supplied by atop on system and process level, a (character-based) bar graph can be shown about the utilization of the most critical system resources * Freeing ethlink should depend of ifdef * Added reset to indicate shadow file to be closed * fix atopacctd.c: failed to start atopacct.service * acctatop: reacquire acctfd to collect nprocexit for some bad cases * Calibrate nprocexit to avoid atop coredumps unexpectedly * json.c: fix avque counters output * Resolve compiler warnings from latest versions of GCC * Added versdate.h to make clean target * Revert 'Added versdate.h to make clean target' * Added versdate.h to make clean target * fix calculation for scan and steal * only call str.decode if nvml returned bytes * Add exit epoch to parseable output PRG (solves issue #242) * Minor correction in man page for NVCSW/NIVCSW * Context switches (voluntary and involuntary) on process level incorrect * Various modifications releated to (non)voluntary context switches * Add nvcsw and nivcsw for each process * ifprop.c: Fix possible memory leak * Code cleanup and prototype additions * Consistency check on number of threads (solves issue #232) * atop-rotate.service: use restart instead of try-restart * Add link to atophttpd Low SUSE bug 1240393 CVE-2025-31160 at SUSE CVE-2025-31160 at NVD cpe:/o:opensuse:leap:15.6 Security update for konsole (Important) openSUSE Leap 15.6 This update for konsole fixes the following issues: - CVE-2025-49091: Fixed potential remote code execution in a certain scenario with url open (boo#1244569) Important SUSE bug 1244569 CVE-2025-49091 at SUSE CVE-2025-49091 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 Chromium was updated to 137.0.7151.119 (stable release 2025-06-17) (boo#1244711): * CVE-2025-6191: Integer overflow in V8 * CVE-2025-6192: Use after free in Profiler Important CVE-2025-6191 at SUSE CVE-2025-6191 at NVD CVE-2025-6192 at SUSE CVE-2025-6192 at NVD cpe:/o:opensuse:leap:15.6 Security update for gh (Important) openSUSE Leap 15.6 This update for gh fixes the following issues: - Update to version 2.65.0: * Bump cli/go-gh for indirect security vulnerability * Panic mustParseTrackingRef if format is incorrect * Move trackingRef into pr create package * Make tryDetermineTrackingRef tests more respective of reality * Rework tryDetermineTrackingRef tests * Avoid pointer return from determineTrackingBranch * Doc determineTrackingBranch * Don't use pointer for determineTrackingBranch branchConfig * Panic if tracking ref can't be reconstructed * Document and rework pr create tracking branch lookup * Upgrade generated workflows * Fixed test for stdout in non-tty use case of repo fork * Fix test * Alternative: remove LocalBranch from BranchConfig * Set LocalBranch even if the git config fails * Add test for permissions check for security and analysis edits (#1) * print repo url to stdout * Update pkg/cmd/auth/login/login.go * Move mention of classic token to correct line * Separate type decrarations * Add mention of classic token in gh auth login docs * Update pkg/cmd/repo/create/create.go * docs(repo): make explicit which branch is used when creating a repo * fix(repo fork): add non-TTY output when fork is newly created * Move api call to editRun * Complete get -> list renaming * Better error testing for autolink TestListRun * Decode instead of unmarshal * Use 'list' instead of 'get' for autolink list type and method * Remove NewAutolinkClient * Break out autolink list json fields test * PR nits * Refactor autolink subcommands into their own packages * Whitespace * Refactor out early return in test code * Add testing for AutoLinkGetter * Refactor autolink list and test to use http interface for simpler testing * Apply PR comment changes * Introduce repo autolinks list commands * Remove release discussion posts and clean up related block in deployment yml * Extract logic into helper function * add pending status for workflow runs * Feat: Allow setting security_and_analysis settings in gh repo edit * Upgrade golang.org/x/net to v0.33.0 * Document SmartBaseRepoFunc * Document BaseRepoFunc * Update releasing.md * Document how to set gh-merge-base - Update to version 2.64.0: * add test for different SAN and SourceRepositoryURI values * add test for signerRepo and tenant * add some more fields to test that san, sanregex are set properly * Bump github.com/cpuguy83/go-md2man/v2 from 2.0.5 to 2.0.6 * update san and sanregex configuration for readability * reduce duplication when creating policy content * tweak output of build policy info * Name conditionals in PR finder * Support pr view for intra-org forks * Return err instead of silentError in merge queue check * linting pointed out this var is no longer used * Removed fun, but inaccessible ASCII header * further tweaks to the long description * Exit on pr merge with `-d` and merge queue * Addressed PR review feedback; expanded Long command help string, used ghrepo, clarified some abbreviations * Update pkg/cmd/attestation/inspect/inspect.go * Update gh auth commands to point to GitHub Docs * Reformat ext install long * Mention Windows quirk in ext install help text * Fix error mishandling in local ext install * Assert on err msg directly in ext install tests * Clarify hosts in ext install help text * Bump golang.org/x/crypto from 0.29.0 to 0.31.0 * Removed now redundant file * minor tweak to language * go mod tidy * Deleted no-longer-used code. * deleted now-invalid tests, added a tiny patina of new testing. * Tightened up docs, deleted dead code, improved printing * fix file name creation on windows * wording * hard code expected digest * fix download test * use bash shell with integration tests * simplify var creation * update integration test scripts * fix: list branches in square brackets in gh codespace * try nesting scripts * run all tests in a single script * windows for loop syntax * use replaceAll * update expected file path on windows * run integration tests with windows specific syntax * run all attestation cmd integration tests automatically * Bump actions/attest-build-provenance from 1.4.4 to 2.1.0 * Improve error handling in apt setup script * use different file name for attestation files on windows * test(gh run): assert branch names are enclosed in square brackets * docs: enhance help text and prompt for rename command * Revert 'Confirm auto-detected base branch' * Confirm auto-detected base branch * Merge changes from #10004 * Set gh-merge-base from `issue develop` * Open PR against gh-merge-base * Refactor extension executable error handling * fix: list branches in square brackets in gh run view (#10038) * docs: update description of command * style: reformat files * docs: update sentence case * use github owned oci image * docs: add mention of scopes help topic in `auth refresh` command help * docs: add mention of scopes help topic in `auth login` command help * docs: add help topic for auth scopes * docs: improve help for browse command * docs: improve docs for browse command as of #5352 * fix package reference * add gh attestation verify integration test for oci bundles * add integration test for bundle-from-oci option * update tests * update tests * move content of veriy policy options function into enforcement criteria * comment * try switch statement * remove duplicate err checking * get bundle issuer in another func * more logic updating to remove nesting * inverse logic for less nesting * remove unneeded nesting * wip, linting, getting tests to pass * wording * var naming * drop table view * order policy info so relevant info is printed next to each other * Update pkg/cmd/attestation/verification/policy.go * Update pkg/cmd/attestation/verification/policy.go * Update pkg/cmd/attestation/verification/policy.go * wip: added new printSummaryInspection * Improve error handling for missing executable * experiment with table output * Assert stderr is empty in manager_test.go * Update error message wording * Change: exit zero, still print warning to stderr * wording * Improve docs on installing extensions * Update language for missing extension executable * Update test comments about Windows behavior * wording * wording * wording * add newlines for additional policy info * Document requirements for local extensions * Warn when installing local ext with no executable * wording * formatting * print policy information before verifying * add initial policy info method * more wip poking around, now with table printing * wip, gh at inspect will check the signature on the bundle * wip: inspect now prints various bundle fields in a nice json - Update to version 2.63.2: * include alg with digest when fetching bundles from OCI * Error for mutually exclusive json and watch flags * Use safepaths for run download * Use consistent slice ordering in run download tests * Consolidate logic for isolating artifacts * Fix PR checkout panic when base repo is not in remotes * When renaming an existing remote in `gh repo fork`, log the change * Improve DNF version clarity in install steps * Fix formatting in client_test.go comments for linter * Expand logic and tests to handle edge cases * Refactor download testing, simpler file descends * Bump github.com/gabriel-vasile/mimetype from 1.4.6 to 1.4.7 * Improve test names so there is no repetition * Second attempt to address exploit - Update to version 2.63.0: * Add checkout test that uses ssh git remote url * Rename backwards compatible credentials pattern * Fix CredentialPattern doc typos * Remove TODOs * Fix typos and add tests for CredentialPatternFrom* functions * Add SSH remote todo * General cleanup and docs * Allow repo sync fetch to use insecure credentials pattern * Allow client fetch to use insecure credentials pattern * Allow client push to use insecure credential pattern * Allow client pull to use insecure credential pattern * Allow opt-in to insecure pattern * Support secure credential pattern * Refactor error handling for missing 'workflow' scope in createRelease * ScopesResponder wraps StatusScopesResponder * Refactor `workflow` scope checking * pr feedback * pr feedback * Update pkg/cmd/attestation/verify/attestation_integration_test.go * Apply suggestions from code review * Refactor command documentation to use heredoc * pr feedback * remove unused test file * undo change * add more testing testing fixtures * update test with new test bundle * naming * update test * update test * Fix README.md code block formatting * clean up * wrap sigstore and cert ext verification into a single function * Adding option to return `baseRefOid` in `pr view` * verify cert extensions function should return filtered result list * pr feedback * Update pkg/cmd/attestation/download/download.go * fix function param calls * Update pkg/cmd/attestation/verification/extensions.go * Formatting fix * Updated formatting to be more clear * Updated markdown syntax for a `note`. * Added a section on manual verification of the relases. * Handle missing 'workflow' scope in createRelease * Modify push prompt on repo create when bare * Doc push behaviour for bare repo create * Push --mirror on bare repo create * Add acceptance test for bare repo create * Doc isLocalRepo and git.Client IsLocalRepo differences * Use errWithExitCode interface in repo create isLocalRepo * Backfill repo creation failure tests * Support bare repo creation * use logger println method * simplify verifyCertExtensions * rename type * refactor fetch attestations funcs - Update to version 2.62.0 * CVE-2024-52308: remote code execution (RCE) when users connect to a malicious Codespace SSH server and use the gh codespace ssh or gh codespace logs commands (boo#1233387, GHSA-p2h2-3vg9-4p87) * Check extension for latest version when executed * Shorten extension release checking from 3s to 1s - includes changes from 2.61.0: * Enhance gh repo edit command to inform users about consequences of changing visibility and ensure users are intentional before making irreversible changes - Update to version 2.60.1: * Note token redaction in Acceptance test README * Refactor gpg-key delete to align with ssh-key delete * Add acceptance tests for org command * Adjust environment help for host and tokens (#9809) * Add SSH Key Acceptance test * Add Acceptance test for label command * Add acceptance test for gpg-key * Update go-internal to redact more token types in Acceptance tests * Address PR feedback * Clarify `gh` is available for GitHub Enterprise Cloud * Remove comment from gh auth logout * Add acceptance tests for auth-setup-git and formattedStringToEnv helper func * Use forked testscript for token redaction * Use new GitHub preview terms in working-with-us.md * Use new GitHub previews terminology in attestation * Test json flags for repo view and list * Clean up auth-login-logout acceptance test with native functionality * Add --token flag to `gh auth login` to accept a PAT as a flag * Setup acceptance testing for auth and tests for auth-token and auth-status * Update variable testscripts based on secret * Check extOwner for no value instead * Fix tests for invalid extension name * Refactor to remove code duplication * Linting: now that mockDataGenerator has an embedded mock, we ought to have pointer receivers in its funcs. * Minor tweaks, added backoff to getTrustDomain * added test for verifying we do 3 retries when fetching attestations. * Fix single quote not expanding vars * Added constant backoff retry to getAttestations. * Address @williammartin PR feedback * wip: added test that fails in the absence of a backoff. * add validation for local ext install * feat: add ArchivedAt field to Repository struct * Refactor `gh secret` testscript * Wrap true in '' in repo-fork-sync * Rename acceptance test directory from repos to repo * Remove unnecessary flags from repo-delete testscript * Replace LICENSE Makefile README.md acceptance api bin build cmd context docs git go.mod go.sum internal pkg script share test utils commands with * Wrap boolean strings in '' so it is clear they are strings * Remove unnecessary gh auth setup-git steps * Cleanup some inconsistencies and improve collapse some functionality * Add acceptance tests for repo deploy-key add/list/delete * Add acceptance tests for repo-fork and repo-sync * Add acceptance test for repo-set-default * Add acceptance test for repo-edit * Add acceptance tests for repo-list and repo-rename * Acceptance testing for repo-archive and repo-unarchive * Add acceptance test for repo-clone * Added acceptance test for repo-delete * Added test function for repos and repo-create test * Implement acceptance tests for search commands * Remove . from test case for TestTitleSurvey * Clean up Title Survey empty title message code * Add missing test to trigger acceptance tests * Add acceptance tests for `gh variable` * Minor polish / consistency * Fix typo in custom command doc * Refactor env2upper, env2lower; add docs * Update secret note about potential failure * Add testscripts for `gh secret`, helper cmds * Remove stdout assertion from release * Rename test files * Add acceptance tests for `release` commands * Implement basic API acceptance test * Remove unnecesary mkdir from download Acceptance test * Remove empty stdout checks * Adjust sleeps to echos in Acceptance workflows * Use regex assert for enable disable workflow Acceptance test * Watch for run to end for cancel Acceptance test * Include startedAt, completedAt in run steps data * Rewrite a sentence in CONTRIBUTING.md * Add filtered content output to docs * sleep 10s before checking for workflow run * Update run-rerun.txtar * Create cache-list-delete.txtar * Create run-view.txtar * Create run-rerun.txtar * Create run-download.txtar * Create run-delete.txtar * Remove IsTenancy and relevant tests from gists as they are unsupported * Remove unnecessary code branches * Add ghe.com to tests describing ghec data residency * Remove comment * auth: Removed redundant ghauth.IsTenancy(host) check * Use go-gh/auth package for IsEnterprise, IsTenancy, and NormalizeHostname * Upgrade go-gh version to 2.11.0 * Add test coverage to places where IsEnterprise incorrectly covers Tenancy * Fix issue creation with metadata regex * Create run-cancel.txtar * Create workflow-run.txtar * Create workflow-view.txtar * implement workflow enable/disable acceptance test * implement base workflow list acceptance test * Add comment to acceptance make target * Resolve PR feedback * Acceptance test issue command * Support GH_ACCEPTANCE_SCRIPT * Ensure Acceptance defer failures are debuggable * Add acceptance task to makefile * build(deps): bump github.com/gabriel-vasile/mimetype from 1.4.5 to 1.4.6 * Ensure pr create with metadata has assignment * Document sharedCmds func in acceptance tests * Correct testscript description in Acceptance readme * Add link to testscript pkg documentation * Add VSCode extension links to Acceptance README * Fix GH_HOST / GH_ACCEPTANCE_HOST misuse * Acceptance test PR list * Support skipping Acceptance test cleanup * Acceptance test PR creation with metadata * Suggest using legacy PAT for acceptance tests * Add host recommendation to Acceptance test docs * Don't append remaining text if more matches * Highlight matches in table and content * Split all newlines, and output no-color to non-TTY * Print filtered gists similar to code search * Show progress when filtering * Simplify description * Disallow use of --include-content without --filter * Improve help docs * Refactor filtering into existing `gist list` * Improve performance * Add `gist search` command * Fix api tests after function signature changes * Return nil instead of empty objects when err * Fix license list and view tests * Validate required env vars not-empty for Acceptance tests * Add go to test instructions in Acceptance README * Apply suggestions from code review * Error if acceptance tests are targeting github or cli orgs * Add codecoverage to Acceptance README * Isolate acceptance env vars * Add Writing Tests section to Acceptance README * Add Debug and Authoring sections to Acceptance README * Acceptance test PR comment * Acceptance test PR merge and rebase * Note syntax highlighting support for txtar files * Refactor acceptance test environment handling * Add initial acceptance test README * Use txtar extension for testscripts * Support targeting other hosts in acceptance tests * Use stdout2env in PR acceptance tests * Acceptance test PR checkout * Add pr view test script * Initial testscript introduction * While we're at it, let's ensure VerifyCertExtensions can't be tricked the same way. * Add examples for creating `.gitignore` files * Update help for license view * Refactor http error handling * implement `--web` flag for license view * Fix license view help doc, add LICENSE.md example * Update help and fix heredoc indentation * Add SPDX ID to license list output * Fix ExactArgs invocation * Add `Long` for license list indicating limitations * Update function names * Reverse repo/shared package name change * If provided with zero attestations to verify, the LiveSigstoreVerifier.Verify func should return an error. * Bump cli/oauth to 1.1.1 * Add test coverage for TitleSurvey change * Fix failing test for pr and issue create * Make the X in the error message red and print with io writer * Handle errors from parsing hostname in auth flow * Apply suggestions from code review * Refactor tests and add new tests * Move API calls to queries_repo.go * Allow user to override markdown wrap width via $GH_MDWIDTH from environment * Add handling of empty titles for Issues and PRs * Print the login URL even when opening a browser * Apply suggestions from code review * Update SECURITY.md * Fix typo and wordsmithing * fix typo * Remove trailing space from heading * Revise wording * Update docs to allow community submitted designs * Implement license view * Implement gitignore view * implement gitignore list * Update license table headings and tests * Fix ListLicenseTemplates doc * fix output capitalization * Cleanup rendering and tests * Remove json output option * Divide shared repo package and add queries tests * First pass at implementing `gh repo license list` * Emit a log message when extension installation falls back to a darwin-amd64 binary on an Apple Silicon macOS machine - Update to version 2.58.0: * build(deps): bump github.com/theupdateframework/go-tuf/v2 * Include `dnf5` commands * Add GPG key instructions to appropriate sections * Update docs language to remove possible confusion around 'where you log in' * Change conditional in promptForHostname to better reflect prompter changes * Shorten language on Authenticate with a GitHub host. * Update language on docstring for `gh auth login` * Change prompts for `gh auth login` to reflect change from GHE to Other * Sentence case 'Other' option in hostname prompt * build(deps): bump github.com/henvic/httpretty from 0.1.3 to 0.1.4 * Add documentation explaining how to use `hostname` for `gh auth login` * Replace 'GitHub Enterprise Server' with 'other' in `gh auth login` prompt * fix tenant-awareness for trusted-root command * Fix test * Update pkg/cmd/extension/manager.go * Update comment formatting * Use new HasActiveToken method in trustedroot.go * Add HasActiveToken method to AuthConfig interface * Add HasActiveToken to AuthConfig. * Improve error presentation * Improve the suggested command for creating an issue when an extension doesn't have a binary for your platform * Update pkg/cmd/attestation/trustedroot/trustedroot_test.go * build(deps): bump github.com/cpuguy83/go-md2man/v2 from 2.0.4 to 2.0.5 * enforce auth for tenancy * disable auth check for att trusted-root cmd * better error for att verify custom issuer mismatch * Enhance gh repo create docs, fix random cmd link Important SUSE bug 1233387 CVE-2024-52308 at SUSE CVE-2024-52308 at NVD cpe:/o:opensuse:leap:15.6 Security update for libetebase (Moderate) openSUSE Leap 15.6 This update for libetebase fixes the following issues: Update to version 0.5.8: * CVE-2025-3416: Fixed rust openssl: Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242638) * Deps: run cargo update. Moderate SUSE bug 1242638 CVE-2025-3416 at SUSE CVE-2025-3416 at NVD cpe:/o:opensuse:leap:15.6 Security update for xtrabackup (Moderate) openSUSE Leap 15.6 This update for xtrabackup fixes the following issues: - CVE-2025-5917: Fixed off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c (bsc#1244333). - CVE-2025-5916: Fixed integer overflow while reading warc files at archive_read_support_format_warc.c (bsc#1244383). - CVE-2025-5914: Fixed double free due to an integer overflow in the archive_read_format_rar_seek_data() function (bsc#1244389). Moderate SUSE bug 1244333 SUSE bug 1244383 SUSE bug 1244389 CVE-2025-5914 at SUSE CVE-2025-5914 at NVD CVE-2025-5916 at SUSE CVE-2025-5916 at NVD CVE-2025-5917 at SUSE CVE-2025-5917 at NVD cpe:/o:opensuse:leap:15.6 Security update for gstreamer-plugins-bad (Important) openSUSE Leap 15.6 This update for gstreamer-plugins-bad fixes the following issues: - CVE-2025-3887: Fixed possible RCE vulnerability via buffer overflow in H265 Codec Parsing (bsc#1242809). Important SUSE bug 1242809 CVE-2025-3887 at SUSE CVE-2025-3887 at NVD cpe:/o:opensuse:leap:15.6 Security update for roundcubemail (Important) openSUSE Leap 15.6 This update for roundcubemail fixes the following issues: Update to 1.6.11: This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security vulnerabilities: * Fix Post-Auth RCE via PHP Object Deserialization reported by firs0v. - CHANGELOG * Managesieve: Fix match-type selector (remove unsupported options) in delete header action (#9610) * Improve installer to fix confusion about disabling SMTP authentication (#9801) * Fix PHP warning in index.php (#9813) * OAuth: Fix/improve token refresh * Fix dark mode bug where wrong colors were used for blockquotes in HTML mail preview (#9820) * Fix HTML message preview if it contains floating tables (#9804) * Fix removing/expiring redis/memcache records when using a key prefix * Fix bug where a wrong SPECIAL-USE folder could have been detected, if there were more than one per-type (#9781) * Fix a default value and documentation of password_ldap_encodage option (#9658) * Remove mobile/floating Create button from the list in Settings > Folders (#9661) * Fix Delete and Empty buttons state while creating a folder (#9047) * Fix connecting to LDAP using ldapi:// URI (#8990) * Fix cursor position on 'below the quote' reply in HTML mode (#8700) * Fix bug where attachments with content type of application/vnd.ms-tnef were not parsed (#7119) Important cpe:/o:opensuse:leap:15.6 Security update for sslh (Important) openSUSE Leap 15.6 This update for sslh fixes the following issues: sslh was updated to 2.2.4: * Fix CVE-2025-46806 (boo#1243120) for 'Misaligned Memory Accesses in `is_openvpn_protocol()`' * Fix CVE-2025-46807 (boo#1243122) for 'File Descriptor Exhaustion in sslh-select and sslh-ev' * Fix potential parsing of undefined data in syslog probe (no CVE assigned) Update to 2.2.3: * Reverse older commit: version.h cannot be included without breaking the build (everything recompiles every time) and the release archive creation (which relies on git tags). Update to 2.2.2: * Fix potential vulnerability similar to CVE-2020-28935 Update to 2.2.1: * Fix compilation when libproxyprotocol is not present Update to 2.2.0: * Add a boolean setting 'is_unix' for listen and protocol entries. This will use the 'host' setting as a path name to a socket file, and connections (listening or connecting) will be performed on Unix socket instead of Internet sockets. * Support HAProxy's proxyprotocol on the backend server side. * Lots of documentation about a new, simpler way to perform transparent proxying. * New 'verbose' option that overrides all other verbose settings. Update to 2.1.3: * Landlock access fix Update to 2.1.2: * Fix inetd Update to 2.1.1: * Fix MacOS build error Update to 2.1.0: * Support for the Landlock LSM. After initial setup, sslh gives up all local file access rights. * Reintroduced --ssl as an alias to --tls. * Introduce autoconf to adapt to landlock presence. * Close connexion without error message if remote client forcefully closes connexion, for Windows. Update to 2.0.1: * New semver-compatible version number * New sslh-ev: this is functionaly equivalent to sslh-select (mono-process, only forks for specified protocols), but based on libev, which should make it scalable to large numbers of connections. * New log system: instead of –verbose with arbitrary levels, there are now several message classes. Each message class can be set to go to stderr, syslog, or both. Classes are documented in example.cfg. * UDP connections are now managed in a hash to avoid linear searches. The downside is that the number of UDP connections is a hard limit, configurable with the ‘udp_max_connections’, which defaults to 1024. Timeouts are managed with lists. * inetd merges stderr output to what is sent to the client, which is a security issue as it might give information to an attacker. When inetd is activated, stderr is forcibly closed. * New protocol-level option resolve_on_forward, requests that target names are resolved at each connection instead of at startup. Useful for dynamic DNS situations. Important SUSE bug 1243120 SUSE bug 1243122 CVE-2020-28935 at SUSE CVE-2020-28935 at NVD CVE-2025-46806 at SUSE CVE-2025-46806 at NVD CVE-2025-46807 at SUSE CVE-2025-46807 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium 138.0.7204.96 (stable released 2025-06-30) (boo#1245544) fixes the following issues: * cve-2025-6554: type confusion in v8 * CVE-2025-6555: Use after free in Animation * CVE-2025-6556: Insufficient policy enforcement in Loader * CVE-2025-6557: Insufficient data validation in DevTools Important SUSE bug 1245332 SUSE bug 1245544 CVE-2025-6554 at SUSE CVE-2025-6554 at NVD CVE-2025-6555 at SUSE CVE-2025-6555 at NVD CVE-2025-6556 at SUSE CVE-2025-6556 at NVD CVE-2025-6557 at SUSE CVE-2025-6557 at NVD cpe:/o:opensuse:leap:15.6 Security update for mosquitto (Moderate) openSUSE Leap 15.6 This update for mosquitto fixes the following issues: mosquitto was update to version 2.0.21: * Broker * Fix clients sending a RESERVED packet not being quickly disconnected. * Fix bind_interface producing an error when used with an interface that has an IPv6 link-local address and no other IPv6 addresses. * Fix mismatched wrapped/unwrapped memory alloc/free in properties. * Fix allow_anonymous false not being applied in local only mode. * Add retain_expiry_interval option to fix expired retained message not being removed from memory if they are not subscribed to. * Produce an error if invalid combinations of cafile/capath/certfile/keyfile are used. * Backport keepalive checking from develop to fix problems in current implementation. * Client library * Fix potential deadlock in mosquitto_sub if -W is used. * Apps * mosquitto_ctrl dynsec now also allows -i to specify a clientid as well as -c. This matches the documentation which states -i. - systemd service: Wait till the network got setup to avoid startup failure. - Update to version 2.0.19 (CVE-2024-3935 boo#1232635, CVE-2024-10525 boo#1232636): Moderate SUSE bug 1232635 SUSE bug 1232636 CVE-2024-10525 at SUSE CVE-2024-10525 at NVD CVE-2024-3935 at SUSE CVE-2024-3935 at NVD cpe:/o:opensuse:leap:15.6 Security update for qt6-webengine (Important) openSUSE Leap 15.6 This update for qt6-webengine fixes the following issues: - CVE-2024-40896: Fixed a XML external entity vulnerability related to libxml2 (boo#1234820) Important SUSE bug 1234820 CVE-2024-40896 at SUSE CVE-2024-40896 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Django (Moderate) openSUSE Leap 15.6 This update for python-Django fixes the following issues: - Add additional hardening regarding CVE-2025-48432 (boo#1244095) Moderate SUSE bug 1244095 CVE-2025-48432 at SUSE CVE-2025-48432 at NVD cpe:/o:opensuse:leap:15.6 Security update for spdlog (Moderate) openSUSE Leap 15.6 This update for spdlog fixes the following issues: - CVE-2025-6140: Fixed input manipulation that may lead to resource consumption (boo#1244696) Moderate SUSE bug 1244696 CVE-2025-6140 at SUSE CVE-2025-6140 at NVD cpe:/o:opensuse:leap:15.6 Security update for chmlib (Important) openSUSE Leap 15.6 This update for chmlib fixes the following issues: - CVE-2025-48172: Fixed integer overflow in _chm_decompress_block of chm_lib.c, that could lead to heap buffer overflow (boo#1245803). Important SUSE bug 1245803 CVE-2025-48172 at SUSE CVE-2025-48172 at NVD cpe:/o:opensuse:leap:15.6 Security update for cheat (Moderate) openSUSE Leap 15.6 This update for cheat fixes the following issues: - Update to 4.4.2: * Bump chroma to newest version * Remove plan9 support due to build failure * Upgrade to yaml.v3 - Update to 4.4.1: * Update dependencies * Make minor changes to appease revive (linter) Moderate SUSE bug 1234584 CVE-2024-45337 at SUSE CVE-2024-45337 at NVD cpe:/o:opensuse:leap:15.6 Security update for pdns-recursor (Important) openSUSE Leap 15.6 This update for pdns-recursor fixes the following issues: - update to 5.1.3: * Implement rfc6303 special zones (mostly v6 reverse mappings) * Distinguish OS imposed limits from app imposed limits, specifically on chains. - update to 5.1.2 (boo#1231292 CVE-2024-25590) https://doc.powerdns.com/recursor/changelog/5.1.html#change-5.1.2 - update to 5.1.1 https://doc.powerdns.com/recursor/changelog/5.1.html#change-5.1.1 https://doc.powerdns.com/recursor/changelog/5.0.html#change-5.0.8 - update to 5.0.5: * Do not count RRSIGs using unsupported algorithms toward RRSIGs limit * Correctly count NSEC3s considered when chasing the closest encloser. * Let NetmaskGroup parse dont-throttle-netmasks, allowing negations. * Fix types of two YAML settings (incoming.edns_padding_from, incoming.proxy_protocol_from) that should be sequences of subnets * Fix trace=fail regression and add regression test for it Important SUSE bug 1231292 CVE-2024-25590 at SUSE CVE-2024-25590 at NVD cpe:/o:opensuse:leap:15.6 Security update for opera (Important) openSUSE Leap 15.6 NonFree This update for opera fixes the following issues: - Update to 120.0.5543.61 * DNA-119134 Crash at views::ViewAXPlatformNodeDelegate:: FireNativeEvent * DNA-122014 [VPN Pro] Add VPN Pro section to chrome://opera-diagnostics * DNA-122222 [Split screen] Active tab refreshes instead of current tab * DNA-122251 [Easy Files] Transparent glitch appears with some file types in popup * DNA-122347 Background music resumes after toggling mic/camera in Google Meet * DNA-122569 Gmail video popup disappears and Meet disconnects when switching tabs or clicking redirect button * DNA-122601 Report client version in vpnpro diagnostics * DNA-122695 VPN section not available in opera settings on first run * DNA-122764 [Split screen] Popup arrow is pinned to easy setup button instead of the password manager * DNA-122849 The popup windows for 'Accounts saved for this website' and the credentials view are too wide * DNA-122853 Support multiple static wallpapers in a single theme * DNA-122883 [SD] Tile names are not visible in folder when a custom wallpaper is used * DNA-122959 Refactor tab automuting * DNA-123026 Crash when clicking manage passwords button in address bar when 'Sign in' credentials API popup is displayed * DNA-123031 [Opera Translate] Opera Translate popup does not open in split screen tabs * DNA-123038 Crash at -[OperaCrApplication validateMenuItem:] * DNA-123057 USB netinstaller is not starting * DNA-123086 Crash at BrowserLiveTabContext:: GetSplitScreenIdForTab * DNA-123089 [Opera Translate] 'How does it work?' link leads to incorrect page * DNA-123100 Translate popup is shown each time page is being autotranslated - Update to 120.0.5543.38 * CHR-10028 Update Chromium on desktop-stable-135-5543 to 135.0.7049.115 * DNA-112048 Spelling error in speed dial German translation * DNA-118890 Crash at opera::RegisterPathProvider * DNA-119134 Crash at views::ViewAXPlatformNodeDelegate:: FireNativeEvent * DNA-119349 [Split screen] Restoring tabs opens split screen tabs as tab island * DNA-120162 Crash at opera::MainMenu::FillOMenuHeader * DNA-120341 Crash at opera::oauth2::DeviceNameServiceImpl:: HasDeviceNameChanged * DNA-120753 Crash at opera::BrowserWindowCocoa::GetBounds * DNA-120799 Hide toolbar entries based on the available width and a prioritized list * DNA-120928 A red dot indicating a new message appears, even though no message has been received * DNA-120940 [Split Screen toolbar] Snapshot is not displayed correctly with Speed Dial page * DNA-120997 [Split screen toolbar] 'Ask Aria' should not be visible * DNA-120998 [Split Screen toolbar] Extensions container is displayed for both panels * DNA-121093 Possibility to remove the only/last classic theme * DNA-121111 [Tab Island Split Screen] Add context menu option to move out of tab island for split screen in tab island * DNA-122499 [Password Management] Save-password popup displays dark mode image in light mode * DNA-122500 [Password Management] Save-password popup image lacks shadow * DNA-122501 [Password Management] Incorrect styling for Password Manager link * DNA-121260 Disable background music during Google Meet call * DNA-121446 Crash at bookmarks::BookmarkModel::~BookmarkModel * DNA-121495 Can not focus folder on start page by keybard navigation * DNA-121554 [Split screen toolbar] Icons remain visible with dropdown opened until hovered again * DNA-121555 [Split screen toolbar] 'Add to Pinboard' feature remains in loading state and does not complete * DNA-121561 After reopening, easy setup doesn't start from the top * DNA-121564 Crash at views::View::SetPaintToLayer * DNA-121567 Sometimes autocomplete in dropdown eats some letters * DNA-121582 Crash at extensions::TabsQueryFunction::Run * DNA-121590 DevTools attempts to match Chrome's language setting * DNA-121591 DevTools displays Chrome's recording feature * DNA-121603 Disable some items in 'On Exit' tab when sync is enabled * DNA-121617 [Linux] No settings are displayed on the certificates page * DNA-121662 [Tab Island Split Screen] Closing split screen tab in collapsed tab island causes island to become invisible * DNA-121669 Search bar blends into background on opera://flags * DNA-121708 Support theme color abstraction and expose color values * DNA-121753 [Tab Island Split Screen] Add tab button is cut off after dragging split screen into tab island * DNA-121784 [Tab Island Split Screen] Dragging split screen on tab strip hides it under tab island * DNA-121786 SD tile colors are reversed in dark mode and light mode * DNA-121787 Allow H.264 levels up to 5.1/5.2 * DNA-121790 Crash at signin::IdentityManager:: GetPrimaryAccountInfo * DNA-121817 [Toolbar miniplayer] Gap between address bar and miniplayer is too small * DNA-121818 [Toolbar miniplayer] Hover effect on buttons should be the same as hover effect on address bar icons * DNA-121829 Wrap 'On Exit' tab into feature flag #clear-history-on-exit * DNA-121864 Crash at extensions::ExtensionUpdater:: OnBlocklistDownloadFinished * DNA-121866 Translations for text in Easy Files context menu * DNA-121869 Incorrect download origin in opera://downloads page when '@' redirection is used * DNA-121870 Change logic to display last 5 used emojis * DNA-121872 Custom site panel field in sidebar setup truncates URLs longer than 64 characters * DNA-121875 Bump major version to 120 * DNA-121881 Crash at tabs::UnpinnedTabCollection:: AddTabRecursive * DNA-121886 Update env variables for web UI * DNA-121888 Opera React Web UI (operaaccount) tests fail * DNA-121894 Crash at extensions:: ProxySwitcherPrivateEventRouter::OnBrowserRemoved * DNA-121896 Linux ARM fails to compile * DNA-121897 CHECK when creating split screen without #split-screen-toolbar * DNA-121899 Translations for Opera 119 * DNA-121901 [Split screen] Only one tab is displayed after returning to split screen from different tab * DNA-121908 Installed extensions are located on the left side of the page. * DNA-121928 Remove chromium 'Safety Check' option in settings * DNA-121937 Crash on saving split screen tabs to Pinboards * DNA-121945 [Clear browsing data on exit] [UI check] 'i' icon color incorrectly displayed * DNA-121946 [Clear browsing data on exit] Incorrect display of 'i' icons for unlogged users * DNA-121947 [Tab Island Split Screen][UI check] Split screen blends with background in light theme * DNA-121951 [Split screen toolbar] [UI check] VPN badge displayed on both panels instead of just the right tab * DNA-121973 Crash at extensions::(anonymous namespace):: ThumbnailFetcher::Fetch when opening pinboard popup in private window * DNA-121975 [Private window] Text in address bar dropdown is almost invisible * DNA-121982 [Split screen] Split screen groups become tab islands after browser restart * DNA-121984 Not possible to change default cookie settings * DNA-121985 [Tab Island Split Screen] Split screen background remains on tab strip after collapsing tab island * DNA-121988 Saving page as PDF leads to page crash * DNA-121990 The selection moves/'jumps' in dropdown to where the cursor is, even if doesn't move the mouse * DNA-121993 Crash when restoring session containing opera://flags * DNA-121994 Crash at base::ObserverList::RemoveObserver * DNA-121995 Crash at opera::HeartButtonControllerImpl::Update * DNA-121998 [VPN Pro][Settings] Location list for Express subscription in settings shows numbers instead of flags and location names * DNA-121999 [VPN Pro][VPN badge] For Express VPN locations different numbers are displayed as IP address * DNA-122001 [VPN Pro] If there are multiple locations for a country, selecting one causes all of them to be shown as active * DNA-122007 [Split screen toolbar] Toolbar icons not displayed on hover * DNA-122012 Crash at opera::ComponentTabCyclerView:: HighlightContents * DNA-122017 Skip Ad button not shown in PiP window for YouTube ads * DNA-122023 [Split screen] Address bar in both panels duplicates on click * DNA-122034 Gray out 'Create' button when limit of custom sites is reached * DNA-122042 Fix recently used locations for ExpressVPN provider * DNA-122043 Converting different currencies into RUB, BYN, HRK, IDR doesn't work * DNA-122045 BrowserNavigatorTest.Disposition_NewPopup_ ExtensionId fails * DNA-122053 Text not visible when hovering over options in padlock popup * DNA-122056 Crash at opera::component_based::ComponentTabBar:: ReorderChildren * DNA-122068 Detached split screen is incorrectly drawn * DNA-122070 Split screen dragged out of an island is re-attached in a wrong position * DNA-122072 [Split screen toolbar] Clicking on translate button has no effect * DNA-122080 Crash when creating split screen from orphaned and pinned tab * DNA-122083 Workspaces cannot be edited when there's a maximum number of them. * DNA-122101 Crash on switching workspaces if Opera runs with disable-animations-for-tests * DNA-122107 [Split screen toolbar] Crash when cancelling drop action with Esc when target drop view is visible * DNA-122119 'Close tabs' tab menu option does not close both tabs in inactive split screen group * DNA-122120 Split screen group is destroyed after moving group and another tab to a new window * DNA-122122 [Clear browsing data on exit] History not deleted on exit with custom sync settings * DNA-122123 [Clear browsing data on exit] Options remain checked if previously selected after sync is enabled * DNA-122129 [Tab Island Split Screen][UI Check] No hover effect on split screen tabs * DNA-122130 Chromium warning dialog in settings * DNA-122133 [Pinboards] Wrong tab added to Pinboards when attempting to add tab from context menu * DNA-122135 Incorrect translation of 'may' in German language * DNA-122137 Spelling error in speed dial German translation * DNA-122142 Add a comment line switch to simulate a browser update ready state * DNA-122144 Style components with environmental tokens * DNA-122146 [VPN Pro][Settings] If there are multiple locations for a country, selecting one causes all of them to be shown as active * DNA-122149 Free vpn location is broken * DNA-122154 Reconnect to vpn service after changing vpn pro subscriptions * DNA-122167 Crash at PrefService::GetBoolean * DNA-122171 'Show emojis in tab tooltip' setting visible after disabling feature flag * DNA-122177 [Split screen toolbar] Miniplayer is shown in both toolbars all the time * DNA-122178 Disable BrowserNavigatorTest.Disposition_ PictureInPicture_OpenFromWebApp * DNA-122179 BrowserNavigatorTest.ReloadLockedTab crashes (DCHECK) * DNA-122189 [Split screen] Web view does not show content from two tabs after restart * DNA-122190 [Miniplayer in toolbar] Mini-player in toolbar is only shown in split screen * DNA-122193 Crash at opera::component_based:: SplitScreenModelImpl::InsertSplitScreen * DNA-122201 [Meet][Player] After closing 'Present now' popup music from player starts playing * DNA-122203 Bookmark folders are no longer visible in 'O' menu * DNA-122204 [Miniplayer in toolbar] Mini-player stays visible on toolbar after being unpinned * DNA-122217 Failure to connect with Flow push notifications not working * DNA-122218 [Split screen toolbar] Not all available icons are visible on hover until address bar is clicked * DNA-122224 Use chromium's ui::ColorTransform in color mixer * DNA-122230 Missing flag icon in settings * DNA-122240 [Split screen toolbar] Display VPN badge for both split screen sites * DNA-122255 Typo in Easy Setup for RU * DNA-122260 [VPN] The VPN icon disappears after focusing the address bar * DNA-122275 Add tooltip to 'On exit' part in settings * DNA-122287 [Clear browsing data on exit] Missing translations for information tooltip * DNA-122290 Bookmarks are visible behind split screen * DNA-122360 VideoPictureInPictureWindowControllerBrowserTest. ControlsVisibility fails on Linux * DNA-122361 Shader has crashed * DNA-122363 Showing split screen as one tab in tab cycler no longer works after enabling #split-screen-in-tab-island * DNA-122365 Extra '&' symbol displaying in bookmarks subfolder names * DNA-122366 Fix tab island dragging scenarios after CHR-9995 * DNA-122367 Add Split Screen restrictions on auto-PiP * DNA-122372 Update dynamic themes list with viking * DNA-122377 Translations for on-exit tooltip * DNA-122395 [Clear browsing data on exit] Tooltip for 'on exit' does not match design * DNA-122401 DumpWithoutCrashing at sql::(anonymous namespace):: RecordOpenDatabaseFailureReason(const class std::__Cr:: basic_string& const, sql::(anonymous namespace):: OpenDatabaseFailedReason) * DNA-122405 [Yubikey] The 2-Step Verification popup does not appear and the user is unable to sign in * DNA-122407 [Split screen] Drop area is not shown when moving mouse to other side of split screen view * DNA-122409 [Clear browsing data on exit] Update the style for dark theme tooltips * DNA-122410 Google information in delete browsing data section * DNA-122411 Backport fix for CVE-2025-4664 * DNA-122431 Manifest v2 extensions are disabled after Opera restart * DNA-122444 Add accessibility title for password manager popup * DNA-122503 [Opera One] Enable token support without the flag * DNA-122504 Paypal entry in siteprefs.json is causing users to not be able to sign in * DNA-122512 [Password Management] Password is shown as a clear text by system accessibility * DNA-122513 [Password Management] Font size in password-manager page is bigger than in settings * DNA-122520 [VPN Pro] Download subscription after enabling #vpn-pro-v4-support flag * DNA-122522 Enable #split-screen-toolbar on all streams * DNA-122532 Promoto 120 to beta * DNA-122540 Translations for Opera 120 * DNA-122555 [Password Management] Password update prompt is shown as sliding toolbar (old style) * DNA-122558 '+' button shifts position after cancelled split screen * DNA-122561 [Password Management] Manage Passwords icon is not shown in address bar when in split screen mode * DNA-122562 [Password Management] Save password popup is incorrectly anchored in split screen mode * DNA-122576 Live background loaded on GPU process crash even if not visible * DNA-122628 [O120] Crash at performance_manager::mechanism:: PageDiscarder::DiscardPageNodes * DNA-122635 Backport 0-day fix for CVE-2025-5419 and chromium issue 420637585 * DNA-122659 startpage opening animation is not disabled * DNA-122665 Tab island tooltip has incorrect design * DNA-122715 Crash at media::ATAudioFormatReader::ChooseFormat * DNA-122723 'Accounts saved for this website' popup has a chrome design * DNA-122724 web page credentials popup has a chrome design * DNA-122730 Password popup design do not match the mockup * DNA-122734 Replace background of 'banner' on the VPN badge popup UI * DNA-122749 Crash in AddressBarControllerImpl:: OnActiveTabChanged() on non-developer channels * DNA-122765 Can't close the popup by clicking the password manager icon in the address bar * DNA-122772 Crash at ManagePasswordsUIController:: GetManagePasswordsButtonView * DNA-122774 Tab Island tabs dropdown not visible when 'Show tabs from the same domain in tab tooltip' is disabled * DNA-122778 Enable #password-management-popup on all streams * DNA-122780 [password-management-popup=off] Passwords badge not shown until user clicks in the address bar * DNA-122791 The button corners are not rounded enough * DNA-122795 Password popup header does not match the mockup * DNA-122826 Crash loop when trying to launch Opera with-feature:pinboard=off * DNA-122850 Missing tooltip over buttons on the 'web page credentials' popup * DNA-122851 Missing hover effect * DNA-122852 On the 'Accounts saved for this website' popup, the whole row should be clickable not only an arrow * DNA-122864 'Copy password' button should not be visible in save password popup * DNA-122984 Enable #translator on all streams for Opera One * DNA-123014 Promote 120 to stable - Complete Opera 120 changelog at: https://blogs.opera.com/desktop/changelog-for-120 - Update to 119.0.5497.131 * DNA-122535 Crash at opera::TabHoverCardTabArtContainerView:: OnTabArtButtonClicked * DNA-122854 Investigate backwards compatibility for multiple wallpaper themes * DNA-122012 Crash at opera::ComponentTabCyclerView:: HighlightContents - Update to 119.0.5497.110 * DNA-120753 Crash at opera::BrowserWindowCocoa::GetBounds * DNA-122607 Make labels in themes localizable * DNA-122715 Crash at media::ATAudioFormatReader::ChooseFormat * DNA-122734 Replace background of 'banner' on the VPN badge popup UI - Update to 119.0.5497.88 * DNA-122663 Close tab islands cannot be clicked if 'Show tabs from the same domain in tooltip' is disabled - Changes in 119.0.5497.70 * DNA-120753 Crash at opera::BrowserWindowCocoa::GetBounds * DNA-122106 Add error code and message to setError crashlog * DNA-122203 Bookmark folders are no longer visible in 'O' menu * DNA-122149 Free vpn location is broken * DNA-122230 Missing flag icon in settings - Update to 119.0.5497.56 * DNA-120753 Crash at opera::BrowserWindowCocoa::GetBounds * DNA-122361 Shader has crashed * DNA-122402 Enable #easy-setup-react on all streams * DNA-122409 [Clear browsing data on exit] Update the style for dark theme tooltips * DNA-122535 Crash at opera::TabHoverCardTabArtContainerView:: OnTabArtButtonClicked * DNA-122576 Live background loaded on GPU process crash even if not visible Important CVE-2025-4664 at SUSE CVE-2025-4664 at NVD CVE-2025-5419 at SUSE CVE-2025-5419 at NVD Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: - Chromium 138.0.7204.157 (boo#1246558): * CVE-2025-7656: Integer overflow in V8 * CVE-2025-6558: Incorrect validation of untrusted input in ANGLE and GPU * CVE-2025-7657: Use after free in WebRTC - Chromium 138.0.7204.100: * tweaks to the Google services settings page Important SUSE bug 1246558 CVE-2025-6558 at SUSE CVE-2025-6558 at NVD CVE-2025-7656 at SUSE CVE-2025-7656 at NVD CVE-2025-7657 at SUSE CVE-2025-7657 at NVD cpe:/o:opensuse:leap:15.6 Security update for python3-pycares (Moderate) openSUSE Leap 15.6 This update for python3-pycares fixes the following issues: - CVE-2025-48945: Fixed a use-after-free in the Channel object garbage collection (boo#1244691). Moderate SUSE bug 1244691 CVE-2025-48945 at SUSE CVE-2025-48945 at NVD cpe:/o:opensuse:leap:15.6 Security update for opera (Important) openSUSE Leap 15.6 NonFree This update for opera fixes the following issues: Update to 120.0.5543.93: * DNA-122968 Crash at PasswordBubbleViewBase::ShowBubble * DNA-122991 Add rate me button on opera://bookmarks page * DNA-123029 [Color themes] Wallpapers section visibility not updated correctly in Easy Setup * DNA-123123 Crash when trying to save file using window.showSaveFilePicker * DNA-123217 0-day fix for CVE-2025-6558 Important CVE-2025-6558 at SUSE CVE-2025-6558 at NVD Security update for chromium (Important) openSUSE Leap 15.6 This security update to chromium 138.0.7204.168 boo#1246902 * CVE-2025-8010: Type Confusion in V8 * CVE-2025-8011: Type Confusion in V8 * Various fixes from internal audits, fuzzing and other initiatives Important SUSE bug 1246902 CVE-2025-8010 at SUSE CVE-2025-8010 at NVD CVE-2025-8011 at SUSE CVE-2025-8011 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: Chromium 138.0.7204.183 (boo#1247365): - CVE-2025-8292: Use after free in Media Stream Important SUSE bug 1247365 CVE-2025-8292 at SUSE CVE-2025-8292 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 Chromium was updated to fix: - CVE-2025-54874 fix missing error check in openjpeg (bsc#1247661) Chromium 139.0.7258.66 (boo#1247664): * CVE-2025-8576: Use after free in Extensions * CVE-2025-8577: Inappropriate implementation in Picture In Picture * CVE-2025-8578: Use after free in Cast * CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome * CVE-2025-8580: Inappropriate implementation in Filesystems * CVE-2025-8581: Inappropriate implementation in Extensions * CVE-2025-8582: Insufficient validation of untrusted input in DOM * CVE-2025-8583: Inappropriate implementation in Permissions Important SUSE bug 1247661 SUSE bug 1247664 CVE-2025-54874 at SUSE CVE-2025-54874 at NVD CVE-2025-8576 at SUSE CVE-2025-8576 at NVD CVE-2025-8577 at SUSE CVE-2025-8577 at NVD CVE-2025-8578 at SUSE CVE-2025-8578 at NVD CVE-2025-8579 at SUSE CVE-2025-8579 at NVD CVE-2025-8580 at SUSE CVE-2025-8580 at NVD CVE-2025-8581 at SUSE CVE-2025-8581 at NVD CVE-2025-8582 at SUSE CVE-2025-8582 at NVD CVE-2025-8583 at SUSE CVE-2025-8583 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: Chromium 139.0.7258.127 (boo#1247981): * CVE-2025-8879: Heap buffer overflow in libaom * CVE-2025-8880: Race in V8 * CVE-2025-8901: Out of bounds write in ANGLE * CVE-2025-8881: Inappropriate implementation in File Picker * CVE-2025-8882: Use after free in Aura * Various fixes from internal audits, fuzzing and other initiatives Important SUSE bug 1247981 CVE-2025-8879 at SUSE CVE-2025-8879 at NVD CVE-2025-8880 at SUSE CVE-2025-8880 at NVD CVE-2025-8881 at SUSE CVE-2025-8881 at NVD CVE-2025-8882 at SUSE CVE-2025-8882 at NVD CVE-2025-8901 at SUSE CVE-2025-8901 at NVD cpe:/o:opensuse:leap:15.6 Security update for etcd (Important) openSUSE Leap 15.6 This update for etcd fixes the following issues: Update to version 3.5.12: * Bump golang.org/x/crypto to v0.17+ to address CVE-2023-48795 * test: fix TestHashKVWhenCompacting: ensure all goroutine finished * print error log when creating peer listener failed * mvcc: Printing etcd backend database related metrics inside scheduleCompaction function * dependency: update go version to 1.20.13 * commit bbolt transaction if there is any pending deleting operations * add tests to test tx delete consistency. * Don't flock snapshot files * Backport adding digest for etcd base image. * Add a unit tests and missing flags in etcd help. * Add missing flag in etcd help. * Backport testutils.ExecuteUntil to 3.5 branch * member replace e2e test * Check if be is nil to avoid panic when be is overriden with nil by recoverSnapshotBackend on line 517 * Don't redeclare err and snapshot variable, fixing validation of consistent index and closing database on defer * test: enable gofail in release e2e test. * [3.5] backport health check e2e tests. * tests: Extract e2e cluster setup to separate package - Update to version 3.5.11: * etcdserver: add linearizable_read check to readyz. * etcd: Update go version to 1.20.12 * server: disable redirects in peer communication * etcdserver: add metric counters for livez/readyz health checks. * etcdserver: add livez and ready http endpoints for etcd. * http health check bug fixes * server: Split metrics and health code * server: Cover V3 health with tests * server: Refactor health checks * server: Run health check tests in subtests * server: Rename test case expect fields * server: Use named struct initialization in healthcheck test * Backport server: Don't follow redirects when checking peer urls. * Backport embed: Add tracing integration test. * Backport server: Have tracingExporter own resources it initialises. * Backport server: Add sampling rate to distributed tracing. * upgrade github.com/stretchr/testify,google.golang.org/genproto/googleapis/api,google.golang.org/grpc to make it consistent * CVE-2023-47108: Backport go.opentelemetry.io/otel@v1.20.0 and go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.46.0 * github workflow: run arm64 tests on every push * etcd: upgrade go version from 1.20.10 to 1.20.11 * bump bbolt to 1.3.8 for etcd 3.5 * 3.5: upgrade gRPC-go to 1.58.3 * Backport corrupt check test fix 'etcd server shouldn't wait for the ready notification infinitely on startup' * etcdserver: add cluster id check for hashKVHandler * [release-3.5]: upgrade gRPC-go to v1.52.0 * backport #14125 to release-3.5: Update to grpc-1.47 (and fix the connection-string format) * Return to default write scheduler since golang.org/x/net@v0.11.0 started using round robin * Bump go to v1.20.10 Part of https://github.com/etcd-io/etcd/issues/16740 * bump golang.org/x/net to 0.17.0 Part of https://github.com/etcd-io/etcd/issues/16740 * etcd: upgrade go version to 1.20.9 * Remove obsolete http 1.0 version. * fix:Ensure that go version is only defined in one file for release-3.5 * Fix panic in etcd validate secure endpoints * dependency: bump golang to 1.20.8 * Backport redirect metrics data into file to reduce output. * test.sh: increase timeout for grpcproxy test * test: add v3 curl test to cover maintenance hash/hashkv REST API * api: fix duplicate gateway url issue * pkg: add a verification on the pagebytes which must be > 0 * tests: Backport deflake for TestWatchDelay * tests: Backport deflake for TestPageWriterRandom * Backport adding unit test for socket options. * Backport export reuse-port and reuse-address * Fix goword failure in rafthttp/transport.go. * Backport update to golang 1.20 minor release. * bump go version to 1.19.12 * Update workflows to use makefile recipes for unit, integration & e2e-release. * Backport Makefile recipes for common test commands. * pkg/flags: fix UniqueURLs'Set to remove duplicates in UniqueURLs'uss * Backport fix to e2e release version identifcation. * Backport #14368 to v3.5 * Follow up https://github.com/etcd-io/etcd/pull/16068#discussion_r1263667496 * etcdserver: backport check scheduledCompactKeyName and finishedCompactKeyName before writing hash to release-3.5. * Backport #13577 Disable auth gracefully without impacting existing watchers. * bump go version to 1.19.11 to fix CVE GO-2023-1878 * clientv3: create keepAliveCtxCloser goroutine only if ctx can be canceled * [3.5] etcdutl: fix db double closed * clientv3: remove v3.WithFirstKey() in Barrier.Wait() * update etcdctl flag description for snapshot restores * etcdutl: update description for --mark-compacted and --bump-revision flags in snapshot restore command * Adding optional revision bump and mark compacted to snapshot restore * Revert 'Merge pull request #16119 from natusameer/release-3.5' * Add e2e-arm64.yaml and tests-arm64.yaml to release-3.5 scheduled at 1.30 * Backport .github/workflows: Read .go-version as a step and not separate workflow. * Add first unit test for authApplierV3 * Early exit auth check on lease puts * remove stack log when etcdutl restore * etcdserver: fix corruption check when server has just been compacted * replace gobin with go install * [3.5] Backport updating go to latest patch release 1.19.10 * add compact hash check to help * Fix test of clientv3/naming * clientv3/naming/endpoints: fix endpoints prefix bug fixes bug with multiple endpoints with same prefix * grpcproxy: fix memberlist results not update when proxy node down - Update to version 3.5.9: * Move go version to dedicated .go-version file * tests: e2e and integration test for timetolive * etcdserver: protect lease timetilive with auth * Backport go update to latest patch release 1.19.9. * Backport centralising go version for actions workflows. * server: backport 15743, improved description of --initial-cluster-state flag - Update to version 3.5.8: * etcdserver: Guarantee order of requested progress notifications * etcdserver: verify field 'username' and 'revision' present when decoding a JWT token * set zap logging to wsproxy * security: remove password after authenticating the user * test: add an e2e test to reproduce https://nvd.nist.gov/vuln/detail/CVE-2021-28235 * bump golang to 1.19.8 * server/auth: disallow creating empty permission ranges * chore: enable strict mode for test CI * Fixes: #15266 All docker images of Architecture show amd64 * scripts: Add testing of etcd in local image in release workflow. * server: Fix defer function closure escape * tests: Test separate http port connection multiplexing * server: Add --listen-client-http-urls flag to allow running grpc server separate from http server * server: Pick one address that all grpc gateways connect to * server: Extract resolveUrl helper function * server: Separate client listener grouping from serving * refactor: Use proper variable names for urls * sever/auth: fix addUserWithNoOption of store_test * server/auth: fix auth panic bug when user changes password * Automated cherry-pick of #14860: Trigger release in current branch for github workflow case * server/embed: fix data race when start insecure grpc * server: Test watch restore * mvcc: update minRev when watcher stays synced * tests: Add v2 API to connection multiplexing test * tests: Add connection muiltiplexer testing * tests: Backport RunUtilCompletion * tests: Backport tls for etcdctl * tests: Extract e2e test utils * tests: Allow specifying http version in curl * tests: Refactor newClient args * tests: Refactor CURLPrefixArgs * Backport tls 1.3 support. * server: Switch back to random scheduler to improve resilience to watch starvation * test: Test etcd watch stream starvation under high read response load when sharing the same connection * tests: Allow configuring progress notify interval in e2e tests * Run go mod tidy * Updated go to 1.19.7. * Backport go_srcs_in_module changes and fix goword failures. * Formatted source code for go 1.19.6. * Bump to go 1.19.6 * Bump golang.org/x/net to v0.7.0 to address CVE GO-2023-1571. * test:enhance the test case TestV3WatchProgressOnMemberRestart * clientv3: correct the nextRev on receving progress notification response * etcdserver: add failpoints walBeforeSync and walAfterSync * Fix regression in timestamp resolution * upgrade cockroachdb/datadriven to v1.0.2 to remove archived dependencies * bump github.com/stretchr/testify to v1.8.1 * bump bbolt to v1.3.7 for release-3.5 * netutil: consistently format ipv6 addresses * docker: remove nsswitch.conf - Update to version 3.5.7: * etcdserver: return membership.ErrIDNotFound when the memberID not found * etcdserver: process the scenaro of the last WAL record being partially synced to disk * update nsswitch.conf for 3.5 * 3.5: remove the dependency on busybox * Remove dependency on gobin * resolve build error: parameter may not start with quote character ' * remove .travis.yml * format the source code and tidy the dependencies using go 1.17.13 * bump go version to 1.17.13 * deps: bump golang.org/x/net to v0.4.0 to address CVEs * security: use distroless base image to address critical Vulnerabilities * cidc: specify the correct branch name of release-3.5 in workflow for trivy nightly scan * Add trivy nightly scan for release-3.5 * clientv3: revert the client side change in 14547 * client/pkg/v3: fixes Solaris build of transport * etcdserver: fix nil pointer panic for readonly txn * Fix go fmt error * [3.5] Backport: non mutating requests pass through quotaKVServer when NOSPACE * etcdserver: intentionally set the memberID as 0 in corruption alarm - Update to version 3.5.6: * release: build with consistent paths * client/pkg/fileutil: add missing logger to {Create,Touch}DirAll * test: add test case to cover the CommonName based authentication * test: add certificate with root CommonName * clientv3: do not refresh token when using TLS CommonName based authentication * etcdserver: call the OnPreCommitUnsafe in unsafeCommit * add range flag for delete in etcdctl * server: add more context to panic message * fix:close conn * clientv3: fix the design & implementation of double barrier * test: added e2e test case for issue 14571: etcd doesn't load auth info when recovering from a snapshot * etcdserver: call refreshRangePermCache on Recover() in AuthStore. #14574 * server: add a unit test case for authStore.Reocver() with empty rangePermCache * Backport #14591 to 3.5. * client/v3: Add backoff before retry when watch stream returns unavailable * etcdserver: added more debug log for the purgeFile goroutine * netutil: make a `raw` URL comparison part of the urlsEqual function * Apply suggestions from code review * netutil: add url comparison without resolver to URLStringsEqual * tests/Dockerfile: Switch to ubuntu 22.04 base * Makefile: Additional logic fix * *: avoid closing a watch with ID 0 incorrectly * tests: a test case for watch with auth token expiration * *: handle auth invalid token and old revision errors in watch * server/etcdmain: add configurable cipher list to gRPC proxy listener * Replace github.com/form3tech-oss/jwt-go with https://github.com/golang-jwt/jwt/v4 - Update to version 3.5.5: * fix the flaky test fix_TestV3AuthRestartMember_20220913 for 3.5 * etcdctl: fix move-leader for multiple endpoints * testing: fix TestOpenWithMaxIndex cleanup * server,test: refresh cache on each NewAuthStore * server/etcdmain: add build support for Apple M1 * tests: Fix member id in CORRUPT alarm * server: Make corrtuption check optional and period configurable * server: Implement compaction hash checking * tests: Cover periodic check in tests * server: Refactor compaction checker * tests: Move CorruptBBolt to testutil * tests: Rename corruptHash to CorruptBBolt * tests: Unify TestCompactionHash and extend it to also Delete keys and Defrag * tests: Add tests for HashByRev HTTP API * tests: Add integration tests for compact hash * server: Cache compaction hash for HashByRev API * server: Extract hasher to separate interface * server: Remove duplicated compaction revision * server: Return revision range that hash was calcualted for * server: Store real rv range in hasher * server: Move adjusting revision to hasher * server: Pass revision as int * server: Calculate hash during compaction * server: Fix range in mock not returning same number of keys and values * server: Move reading KV index inside scheduleCompaction function * server: Return error from scheduleCompaction * server: Refactor hasher * server: Extract kvHash struct * server: Move unsafeHashByRev to new hash.go file * server: Extract unsafeHashByRev function * server: Test HashByRev values to make sure they don't change * server: Cover corruptionMonitor with tests * server: Extract corruption detection to dedicated struct * server: Extract triggerCorruptAlarm to function * move consistent_index forward when executing alarmList operation * fix the potential data loss for clusters with only one member * [backport 3.5] server: don't panic in readonly serializable txn * Backport of pull/14354 to 3.5.5 * Refactor the keepAliveListener and keepAliveConn * clientv3: close streams after use in lessor keepAliveOnce method * Change default sampling rate from 100% to 0% * Fix the failure in TestEndpointSwitchResolvesViolation * update all related dependencies * move setupTracing into a separate file config_tracing.go * etcdserver: bump OpenTelemetry to 1.0.1 * Change default sampling rate from 100% to 0% * server/auth: protect rangePermCache with a RW lock * Improve error message for incorrect values of ETCD_CLIENT_DEBUG * add e2e test cases to cover the maxConcurrentStreams * Add flag `--max-concurrent-streams` to set the max concurrent stream each client can open at a time * add the uint32Value data type * Client: fix check for WithPrefix op * client/v3: do not overwrite authTokenBundle on dial * restrict the max size of each WAL entry to the remaining size of the file * Add FileReader and FileBufReader utilities * Backport two lease related bug fixes to 3.5 * scripts: Detect staged files before building release * scripts: Avoid additional repo clone * Make DRY_RUN explicit * scripts: Add tests for release scripts * server/auth: enable tokenProvider if recoved store enables auth * Update golang.org/x/crypto to latest - Update to version 3.5.4: * Update conssitent_index when applying fails * Add unit test for canonical SRV records * Revert 'trim the suffix dot from the srv.Target for etcd-client DNS lookup' - add variable ETCD_OPTIONS to both service unit and configuration file this allows the user to easily add things like '--enable-v2=true' - Update to version 3.5.3: https://github.com/etcd-io/etcd/compare/v3.5.2...v3.5.3 * clientv3: disable mirror auth test with proxy * cv3/mirror: Fetch the most recent prefix revision * set backend to cindex before recovering the lessor in applySnapshot * support linearizable renew lease * clientv3: filter learners members during autosync * etcdserver: upgrade the golang.org/x/crypto dependency * fix the data inconsistency issue by adding a txPostLockHook into the backend * server: Save consistency index and term to backend even when they decrease * server: Add verification of whether lock was called within out outside of apply * go.mod: Upgrade to prometheus/client_golang v1.11.1 * server: Use default logging configuration instead of zap production one * Fix offline defrag * backport 3.5: #13676 load all leases from backend * server/storage/backend: restore original bolt db options after defrag * always print raft term in decimal when displaying member list in json * enhance health check endpoint to support serializable request * trim the suffix dot from the srv.Target for etcd-client DNS lookup - Drop ETCD_UNSUPPORTED_ARCH=arm64 from sysconfig as ARM64 is now officially supported - Update etcd.conf variables - Add the new etcdutl into separate subpackage - Update to version 3.5.2: * Update dep: require gopkg.in/yaml.v2 v2.2.8 -> v2.4.0 due to: CVE-2019-11254. * fix runlock bug * server: Require either cluster version v3.6 or --experimental-enable-lease-checkpoint-persist to persist lease remainingTTL * etcdserver,integration: Store remaining TTL on checkpoint * lease,integration: add checkpoint scheduling after leader change * set the backend again after recovering v3 backend from snapshot * *: implement a retry logic for auth old revision in the client * client/v3: refresh the token when ErrUserEmpty is received while retrying * server/etcdserver/api/etcdhttp: exclude the same alarm type activated by multiple peers * storage/backend: Add a gauge to indicate if defrag is active (backport from 3.6) - Update to version 3.5.1: * version: 3.5.1 * Dockerfile: bump debian bullseye-20210927 * client: Use first endpoint as http2 authority header * tests: Add grpc authority e2e tests * client: Add grpc authority header integration tests * tests: Allow configuring integration tests to use TCP * test: Use unique number for grpc port * tests: Cleanup member interface by exposing Bridge directly * tests: Make using bridge optional * tests: Rename grpcAddr to grpcURL to imply that it includes schema * tests: Remove bridge dependency on unix * Decouple prefixArgs from os.Env dependency * server: Ensure that adding and removing members handle storev2 and backend out of sync * Stop using tip golang version in CI * fix self-signed-cert-validity parameter cannot be specified in the config file * fix health endpoint not usable when authentication is enabled * workflows: remove ARM64 job for maintenance - Update to version 3.5.0: * See link below, diff is too big https://github.com/etcd-io/etcd/compare/v3.4.16...v3.5.0 - Added hardening to systemd service(s) (boo#1181400) - Change to sysuser-tools to create system user - Update to version 3.4.16: * Backport-3.4 exclude alarms from health check conditionally * etcdserver/mvcc: update trace.Step condition * Backport-3.4 etcdserver/util.go: reduce memory when logging range requests * .travis,Makefile,functional: Bump go 1.12 version to v1.12.17 * integration: Fix 'go test --tags cluster_proxy --timeout=30m -v ./integration/...' * pkg/tlsutil: Adjust cipher suites for go 1.12 * Fix pkg/tlsutil (test) to not fail on 386. * bill-of-materials.json: Update golang.org/x/sys * .travis,test: Turn race off in Travis for go version 1.15 * integration : fix TestTLSClientCipherSuitesMismatch in go1.13 * vendor: Run go mod vendor * go.mod,go.sum: Bump github.com/creack/pty that includes patch * go.mod,go.sum: Comply with go v1.15 * etcdserver,wal: Convert int to string using rune() * integration,raft,tests: Comply with go v1.15 gofmt * .travis.yml: Test with go v1.15.11 * pkpkg/testutil/leak.go: Allowlist created by testing.runTests.func1 * vendor: Run go mod vendor * go.sum, go.mod: Run go mod tidy with go 1.12 * go.mod: Pin go to 1.12 version * etcdserver: fix incorrect metrics generated when clients cancel watches * integration: relax leader timeout from 3s to 4s * etcdserver: when using --unsafe-no-fsync write data * server: Added config parameter experimental-warning-apply-duration * etcdserver: Fix PeerURL validation - update etcd.service: avoid args from commandline and environment as it leads to start failure (boo#1183703) - Update to version 3.4.15: * [Backport-3.4] etcdserver/api/etcdhttp: log successful etcd server side health check in debug level * etcdserver: Fix 64 KB websocket notification message limit * vendor: bump gorilla/websocket * pkg/fileutil: fix F_OFD_ constants - Update to version 3.4.14: * pkg/netutil: remove unused 'iptables' wrapper * tools/etcd-dump-metrics: validate exec cmd args * clientv3: get AuthToken automatically when clientConn is ready. * etcdserver: add ConfChangeAddLearnerNode to the list of config changes * integration: add flag WatchProgressNotifyInterval in integration test - Update to version 3.4.13: * pkg: file stat warning * Automated cherry pick of #12243 on release 3.4 * version: 3.4.12 * etcdserver: Avoid panics logging slow v2 requests in integration tests * version: 3.4.11 * Revert 'etcdserver/api/v3rpc: 'MemberList' never return non-empty ClientURLs' * *: fix backport of PR12216 * *: add experimental flag for watch notify interval * clientv3: remove excessive watch cancel logging * etcdserver: add OS level FD metrics * pkg/runtime: optimize FDUsage by removing sort * clientv3: log warning in case of error sending request * etcdserver/api/v3rpc: 'MemberList' never return non-empty ClientURLs - Update to version 3.4.10 [CVE-2020-15106][boo#1174951]: * Documentation: note on data encryption * etcdserver: change protobuf field type from int to int64 (#12000) * pkg: consider umask when use MkdirAll * etcdmain: let grpc proxy warn about insecure-skip-tls-verify * etcdmain: fix shadow error * pkg/fileutil: print desired file permission in error log * pkg: Fix dir permission check on Windows * auth: Customize simpleTokenTTL settings. * mvcc: chanLen 1024 is to biger,and it used more memory. 128 seems to be enough. Sometimes the consumption speed is more than the production speed. * auth: return incorrect result 'ErrUserNotFound' when client request without username or username was empty. * etcdmain: fix shadow error * doc: add TLS related warnings * etcdserver:FDUsage set ticker to 10 minute from 5 seconds. This ticker will check File Descriptor Requirements ,and count all fds in used. And recorded some logs when in used >= limit/5*4. Just recorded message. If fds was more than 10K,It's low performance due to FDUsage() works. So need to increase it. * clientv3: cancel watches proactively on client context cancellation * wal: check out of range slice in 'ReadAll', 'decoder' * etcdctl, etcdmain: warn about --insecure-skip-tls-verify options * Documentation: note on the policy of insecure by default * etcdserver: don't let InternalAuthenticateRequest have password * auth: a new error code for the case of password auth against no password user * Documentation: note on password strength * etcdmain: best effort detection of self pointing in tcp proxy * Discovery: do not allow passing negative cluster size * wal: fix panic when decoder not set * embed: fix compaction runtime err * pkg: check file stats * etcdserver, et al: add --unsafe-no-fsync flag * wal: add TestValidSnapshotEntriesAfterPurgeWal testcase * wal: fix crc mismatch crash bug * rafthttp: log snapshot download duration * rafthttp: improve snapshot send logging * *: make sure snapshot save downloads SHA256 checksum * etcdserver/api/snap: exclude orphaned defragmentation files in snapNames * etcdserver: continue releasing snap db in case of error * etcdserver,wal: fix inconsistencies in WAL and snapshot * cherry pick of #11564 (#11880) * mvcc: fix deadlock bug * auth: optimize lock scope for CheckPassword * auth: ensure RoleGrantPermission is compatible with older versions * etcdserver: print warn log when failed to apply request * auth: cleanup saveConsistentIndex in NewAuthStore * auth: print warning log when error is ErrAuthOldRevision * auth: add new metric 'etcd_debugging_auth_revision' * tools/etcd-dump-db: add auth decoder, optimize print format * *: fix auth revision corruption bug * etcdserver: watch stream got closed once one request is not permitted (#11708) * version: 3.4.7 * wal: add 'etcd_wal_writes_bytes_total' * pkg/ioutil: add 'FlushN' * test: auto detect branch when finding merge base * mvcc/kvstore:when the number key-value is greater than one million, compact take too long and blocks other requests * version: 3.4.6 * lease: fix memory leak in LeaseGrant when node is follower * version: 3.4.5 * words: whitelist 'racey' * Revert 'version: 3.4.5' * words: whitelist 'hasleader' * version: 3.4.5 * etcdserver/api/v3rpc: handle api version metadata, add metrics * clientv3: embed api version in metadata * etcdserver/api/etcdhttp: log server-side /health checks * proxy/grpcproxy: add return on error for metrics handler * etcdctl: fix member add command * etcdserver: fix quorum calculation when promoting a learner member * etcdserver: corruption check via http * mvcc/backend: check for nil boltOpenOptions * mvcc/backend: Delete orphaned db.tmp files before defrag * auth: correct logging level * e2e: test curl auth on onoption user * auth: fix NoPassWord check when add user * auth: fix user.Options nil pointer * mvcc/kvstore:fixcompactbug * mvcc: update to 'etcd_debugging_mvcc_total_put_size_in_bytes' * mvcc: add 'etcd_mvcc_put_size_in_bytes' to monitor the throughput of put request. * clientv3: fix retry/streamer error message * etcdserver: wait purge file loop during shutdown * integration: disable TestV3AuthOldRevConcurrent * etcdserver: remove auth validation loop * scripts/release: list GPG key only when tagging is needed Important SUSE bug 1174951 SUSE bug 1181400 SUSE bug 1183703 SUSE bug 1199031 CVE-2019-11254 at SUSE CVE-2019-11254 at NVD CVE-2020-15106 at SUSE CVE-2020-15106 at NVD CVE-2021-28235 at SUSE CVE-2021-28235 at NVD CVE-2023-47108 at SUSE CVE-2023-47108 at NVD CVE-2023-48795 at SUSE CVE-2023-48795 at NVD cpe:/o:opensuse:leap:15.6 Security update for dante (Moderate) openSUSE Leap 15.6 This update for dante fixes the following issues: - Update to version 1.4.4 * Fixed incorrect access control for some sockd.conf configurations involving socksmethod (boo#1234688, CVE-2024-54662). Moderate SUSE bug 1234688 CVE-2024-54662 at SUSE CVE-2024-54662 at NVD cpe:/o:opensuse:leap:15.6 Security update for trivy (Important) openSUSE Leap 15.6 This update for trivy fixes the following issues: - CVE-2025-53547: Fixed code execution in Helm Chart (boo#1246151) - Update to version 0.64.1: * release: v0.64.1 [release/v0.64] (#9122) * fix(misconf): skip rewriting expr if attr is nil [backport: release/v0.64] (#9127) * fix(cli): Add more non-sensitive flags to telemetry [backport: release/v0.64] (#9124) * fix(rootio): check full version to detect `root.io` packages [backport: release/v0.64] (#9120) * fix(alma): parse epochs from rpmqa file [backport: release/v0.64] (#9119) * release: v0.64.0 [main] (#8955) * docs(python): fix type with METADATA file name (#9090) * feat: reject unsupported artifact types in remote image retrieval (#9052) * chore(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 (#9088) * refactor(misconf): rewrite Rego module filtering using functional filters (#9061) * feat(terraform): add partial evaluation for policy templates (#8967) * feat(vuln): add Root.io support for container image scanning (#9073) * feat(sbom): add manufacturer field to CycloneDX tools metadata (#9019) * fix(cli): add some values to the telemetry call (#9056) * feat(ubuntu): add end of life date for Ubuntu 25.04 (#9077) * refactor: centralize HTTP transport configuration (#9058) * test: include integration tests in linting and fix all issues (#9060) * chore(deps): bump the common group across 1 directory with 26 updates (#9063) * feat(java): dereference all maven settings.xml env placeholders (#9024) * fix(misconf): reduce log noise on incompatible check (#9029) * fix(misconf): .Config.User always takes precedence over USER in .History (#9050) * chore(deps): update Docker to v28.2.2 and fix compatibility issues (#9037) * docs(misconf): simplify misconfiguration docs (#9030) * fix(misconf): move disabled checks filtering after analyzer scan (#9002) * docs: add PR review policy for maintainers (#9032) * fix(sbom): remove unnecessary OS detection check in SBOM decoding (#9034) * test: improve and extend tests for iac/adapters/arm (#9028) * chore: bump up Go version to 1.24.4 (#9031) * feat(cli): add version constraints to annoucements (#9023) * fix(misconf): correct Azure value-to-time conversion in AsTimeValue (#9015) * feat(ubuntu): add eol date for 20.04-ESM (#8981) * fix(report): don't panic when report contains vulns, but doesn't contain packages for `table` format (#8549) * fix(nodejs): correctly parse `packages` array of `bun.lock` file (#8998) * refactor: use strings.SplitSeq instead of strings.Split in for-loop (#8983) * docs: change --disable-metrics to --disable-telemetry in example (#8999) (#9003) * feat(misconf): add OpenTofu file extension support (#8747) * refactor(misconf): set Trivy version by default in Rego scanner (#9001) * docs: fix assets with versioning (#8996) * docs: add partners page (#8988) * chore(alpine): add EOL date for Alpine 3.22 (#8992) * fix: don't show corrupted trivy-db warning for first run (#8991) * Update installation.md (#8979) * feat(misconf): normalize CreatedBy for buildah and legacy docker builder (#8953) * chore(k8s): update comments with deprecated command format (#8964) * chore: fix errors and typos in docs (#8963) * fix: Add missing version check flags (#8951) * feat(redhat): Add EOL date for RHEL 10. (#8910) * fix: Correctly check for semver versions for trivy version check (#8948) * refactor(server): change custom advisory and vulnerability data types fr… (#8923) * ci(helm): bump Trivy version to 0.63.0 for Trivy Helm Chart 0.15.0 (#8946) * release: v0.63.0 [main] (#8809) * fix(misconf): use argument value in WithIncludeDeprecatedChecks (#8942) * chore(deps): Bump trivy-checks (#8934) * fix(julia): add `Relationship` field support (#8939) * feat(minimos): Add support for MinimOS (#8792) * feat(alpine): add maintainer field extraction for APK packages (#8930) * feat(echo): Add Echo Support (#8833) * fix(redhat): Also try to find buildinfo in root layer (layer 0) (#8924) * fix(wolfi): support new APK database location (#8937) * feat(k8s): get components from namespaced resources (#8918) * refactor(cloudformation): remove unused ScanFile method from Scanner (#8927) * refactor(terraform): remove result sorting from scanner (#8928) * feat(misconf): Add support for `Minimum Trivy Version` (#8880) * docs: improve skipping files documentation (#8749) * feat(cli): Add available version checking (#8553) * feat(nodejs): add a bun.lock analyzer (#8897) * feat: terraform parser option to set current working directory (#8909) * perf(secret): only match secrets of meaningful length, allow example strings to not be matched (#8602) * feat(misconf): export raw Terraform data to Rego (#8741) * refactor(terraform): simplify AllReferences method signature in Attribute (#8906) * fix: check post-analyzers for StaticPaths (#8904) * feat: add Bottlerocket OS package analyzer (#8653) * feat(license): improve work text licenses with custom classification (#8888) * chore(deps): bump github.com/containerd/containerd/v2 from 2.1.0 to 2.1.1 (#8901) * chore(deps): bump the common group across 1 directory with 9 updates (#8887) * refactor(license): simplify compound license scanning (#8896) * feat(license): Support compound licenses (licenses using SPDX operators) (#8816) * fix(k8s): use in-memory cache backend during misconfig scanning (#8873) * feat(nodejs): add bun.lock parser (#8851) * feat(license): improve work with custom classification of licenses from config file (#8861) * fix(cli): disable `--skip-dir` and `--skip-files` flags for `sbom` command (#8886) * fix: julia parser panicing (#8883) * refactor(db): change logic to detect wrong DB (#8864) * fix(cli): don't use allow values for `--compliance` flag (#8881) * docs(misconf): Reorganize misconfiguration scan pages (#8206) * fix(server): add missed Relationship field for `rpc` (#8872) * feat: add JSONC support for comments and trailing commas (#8862) * fix(vex): use `lo.IsNil` to check `VEX` from OCI artifact (#8858) * feat(go): support license scanning in both GOPATH and vendor (#8843) * fix(redhat): save contentSets for OS packages in fs/vm modes (#8820) * fix: filter all files when processing files installed from package managers (#8842) * feat(misconf): add misconfiguration location to junit template (#8793) * docs(vuln): remove OSV for Python from data sources (#8841) * chore: add an issue template for maintainers (#8838) * chore: enable staticcheck (#8815) * ci(helm): bump Trivy version to 0.62.1 for Trivy Helm Chart 0.14.1 (#8836) * feat(license): scan vendor directory for license for go.mod files (#8689) * docs(java): Update info about dev deps in gradle lock (#8830) * chore(deps): bump golang.org/x/sync from 0.13.0 to 0.14.0 in the common group (#8822) * fix(java): exclude dev dependencies in gradle lockfile (#8803) * fix: octalLiteral from go-critic (#8811) * fix(redhat): trim invalid suffix from content_sets in manifest parsing (#8818) * chore(deps): bump the common group across 1 directory with 10 updates (#8817) * fix: use-any from revive (#8810) * fix: more revive rules (#8814) * docs: change in java.md: fix the Trity -to-> Trivy typo (#8813) * fix(misconf): check if for-each is known when expanding dyn block (#8808) * ci(helm): bump Trivy version to 0.62.0 for Trivy Helm Chart 0.14.0 (#8802) - Update to version 0.62.1: * release: v0.62.1 [release/v0.62] (#8825) * chore(deps): bump the common group across 1 directory with 10 updates [backport: release/v0.62] (#8831) * fix(misconf): check if for-each is known when expanding dyn block [backport: release/v0.62] (#8826) * fix(redhat): trim invalid suffix from content_sets in manifest parsing [backport: release/v0.62] (#8824) * release: v0.62.0 [main] (#8669) * feat(nodejs): add root and workspace for `yarn` packages (#8535) * fix: unused-parameter rule from revive (#8794) * chore(deps): Update trivy-checks (#8798) * fix: early-return, indent-error-flow and superfluous-else rules from revive (#8796) * fix(k8s): remove using `last-applied-configuration` (#8791) * refactor(misconf): remove unused methods from providers (#8781) * refactor(misconf): remove unused methods from iac types (#8782) * fix(misconf): filter null nodes when parsing json manifest (#8785) * fix: testifylint last issues (#8768) * fix(misconf): perform operations on attribute safely (#8774) * refactor(ubuntu): update time handling for fixing time (#8780) * chore(deps): bump golangci-lint to v2.1.2 (#8766) * feat(image): save layers metadata into report (#8394) * feat(misconf): convert AWS managed policy to document (#8757) * chore(deps): bump the docker group across 1 directory with 3 updates (#8762) * ci(helm): bump Trivy version to 0.61.1 for Trivy Helm Chart 0.13.1 (#8753) * ci(helm): create a helm branch for patches from main (#8673) * fix(terraform): hcl object expressions to return references (#8271) * chore(terraform): option to pass in instanced logger (#8738) * ci: use `Skitionek/notify-microsoft-teams` instead of `aquasecurity` fork (#8740) * chore(terraform): remove os.OpenPath call from terraform file functions (#8737) * chore(deps): bump the common group across 1 directory with 23 updates (#8733) * feat(rust): add root and workspace relationships/package for `cargo` lock files (#8676) * refactor(misconf): remove module outputs from parser.EvaluateAll (#8587) * fix(misconf): populate context correctly for module instances (#8656) * fix(misconf): check if metadata is not nil (#8647) * refactor(misconf): switch to x/json (#8719) * fix(report): clean buffer after flushing (#8725) * ci: improve PR title validation workflow (#8720) * refactor(flag): improve flag system architecture and extensibility (#8718) * fix(terraform): `evaluateStep` to correctly set `EvalContext` for multiple instances of blocks (#8555) * refactor: migrate from `github.com/aquasecurity/jfather` to `github.com/go-json-experiment/json` (#8591) * feat(misconf): support auto_provisioning_defaults in google_container_cluster (#8705) * ci: use `github.event.pull_request.user.login` for release PR check workflow (#8702) * refactor: add hook interface for extended functionality (#8585) * fix(misconf): add missing variable as unknown (#8683) * docs: Update maintainer docs (#8674) * ci(vuln): reduce github action script injection attack risk (#8610) * fix(secret): ignore .dist-info directories during secret scanning (#8646) * fix(server): fix redis key when trying to delete blob (#8649) * chore(deps): bump the testcontainers group with 2 updates (#8650) * test: use `aquasecurity` repository for test images (#8677) * chore(deps): bump the aws group across 1 directory with 5 updates (#8652) * fix(k8s): skip passed misconfigs for the summary report (#8684) * fix(k8s): correct compare artifact versions (#8682) * chore: update Docker lib (#8681) * refactor(misconf): remove unused terraform attribute methods (#8657) * feat(misconf): add option to pass Rego scanner to IaC scanner (#8369) * chore: typo fix to replace `rego` with `repo` on the RepoFlagGroup options error output (#8643) * docs: Add info about helm charts release (#8640) * ci(helm): bump Trivy version to 0.61.0 for Trivy Helm Chart 0.13.0 (#8638) - Update to version 0.61.1: * release: v0.61.1 [release/v0.61] (#8704) * fix(k8s): skip passed misconfigs for the summary report [backport: release/v0.61] (#8748) * fix(k8s): correct compare artifact versions [backport: release/v0.61] (#8699) * test: use `aquasecurity` repository for test images [backport: release/v0.61] (#8698) * release: v0.61.0 [main] (#8507) * fix(misconf): Improve logging for unsupported checks (#8634) * feat(k8s): add support for controllers (#8614) * fix(debian): don't include empty licenses for `dpkgs` (#8623) * fix(misconf): Check values wholly prior to evalution (#8604) * chore(deps): Bump trivy-checks (#8619) * fix(k8s): show report for `--report all` (#8613) * chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 (#8597) * refactor: rename scanner to service (#8584) * fix(misconf): do not skip loading documents from subdirectories (#8526) * refactor(misconf): get a block or attribute without calling HasChild (#8586) * fix(misconf): identify the chart file exactly by name (#8590) * test: use table-driven tests in Helm scanner tests (#8592) * refactor(misconf): Simplify misconfig checks bundle parsing (#8533) * chore(deps): bump the common group across 1 directory with 10 updates (#8566) * fix(misconf): do not use cty.NilVal for non-nil values (#8567) * docs(cli): improve flag value display format (#8560) * fix(misconf): set default values for AWS::EKS::Cluster.ResourcesVpcConfig (#8548) * docs: remove slack (#8565) * fix: use `--file-patterns` flag for all post analyzers (#7365) * docs(python): Mention pip-compile (#8484) * feat(misconf): adapt aws_opensearch_domain (#8550) * feat(misconf): adapt AWS::EC2::VPC (#8534) * docs: fix a broken link (#8546) * fix(fs): check postAnalyzers for StaticPaths (#8543) * refactor(misconf): remove unused methods for ec2.Instance (#8536) * feat(misconf): adapt aws_default_security_group (#8538) * feat(fs): optimize scanning performance by direct file access for known paths (#8525) * feat(misconf): adapt AWS::DynamoDB::Table (#8529) * style: Fix MD syntax in self-hosting.md (#8523) * perf(misconf): retrieve check metadata from annotations once (#8478) * feat(misconf): Add support for aws_ami (#8499) * fix(misconf): skip Azure CreateUiDefinition (#8503) * refactor(misconf): use OPA v1 (#8518) * fix(misconf): add ephemeral block type to config schema (#8513) * perf(misconf): parse input for Rego once (#8483) * feat: replace TinyGo with standard Go for WebAssembly modules (#8496) * chore: replace deprecated tenv linter with usetesting (#8504) * fix(spdx): save text licenses into `otherLicenses` without normalize (#8502) * chore(deps): bump the common group across 1 directory with 13 updates (#8491) * chore: use go.mod for managing Go tools (#8493) * ci(helm): bump Trivy version to 0.60.0 for Trivy Helm Chart 0.12.0 (#8494) * release: v0.60.0 [main] (#8327) * fix(sbom): improve logic for binding direct dependency to parent component (#8489) * chore(deps): remove missed replace of `trivy-db` (#8492) * chore(deps): bump alpine from 3.21.0 to 3.21.3 in the docker group across 1 directory (#8490) * chore(deps): update Go to 1.24 and switch to go-version-file (#8388) * docs: add abbreviation list (#8453) * chore(terraform): assign *terraform.Module 'parent' field (#8444) * feat: add report summary table (#8177) * chore(deps): bump the github-actions group with 3 updates (#8473) * refactor(vex): improve SBOM reference handling with project standards (#8457) * ci: update GitHub Actions cache to v4 (#8475) * feat: add `--vuln-severity-source` flag (#8269) * fix(os): add mapping OS aliases (#8466) * chore(deps): bump the aws group across 1 directory with 7 updates (#8468) * chore(deps): Bump trivy-checks to v1.7.1 (#8467) * refactor(report): write tables after rendering all results (#8357) * docs: update VEX documentation index page (#8458) * fix(db): fix case when 2 trivy-db were copied at the same time (#8452) * feat(misconf): render causes for Terraform (#8360) * fix(misconf): fix incorrect k8s locations due to JSON to YAML conversion (#8073) * feat(cyclonedx): Add initial support for loading external VEX files from SBOM references (#8254) * chore(deps): update go-rustaudit location (#8450) * fix: update all documentation links (#8045) * chore(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 (#8443) * chore(deps): bump the common group with 6 updates (#8411) * fix(k8s): add missed option `PkgRelationships` (#8442) * fix(sbom): add SBOM file's filePath as Application FilePath if we can't detect its path (#8346) * feat(go): fix parsing main module version for go >= 1.24 (#8433) * refactor(misconf): make Rego scanner independent of config type (#7517) * fix(image): disable AVD-DS-0007 for history scanning (#8366) * fix(server): secrets inspectation for the config analyzer in client server mode (#8418) * chore: remove mockery (#8417) * test(server): replace mock driver with memory cache in server tests (#8416) * test: replace mock with memory cache and fix non-deterministic tests (#8410) * test: replace mock with memory cache in scanner tests (#8413) * test: use memory cache (#8403) * fix(spdx): init `pkgFilePaths` map for all formats (#8380) * chore(deps): bump the common group across 1 directory with 11 updates (#8381) * docs: correct Ruby documentation (#8402) * chore: bump `mockery` to update v2.52.2 version and rebuild mock files (#8390) * fix: don't use `scope` for `trivy registry login` command (#8393) * fix(go): merge nested flags into string for ldflags for Go binaries (#8368) * chore(terraform): export module path on terraform modules (#8374) * fix(terraform): apply parser options to submodule parsing (#8377) * docs: Fix typos in documentation (#8361) * docs: fix navigate links (#8336) * ci(helm): bump Trivy version to 0.59.1 for Trivy Helm Chart 0.11.1 (#8354) * ci(spdx): add `aqua-installer` step to fix `mage` error (#8353) * chore: remove debug prints (#8347) * fix(misconf): do not log scanners when misconfig scanning is disabled (#8345) * fix(report): remove html escaping for `shortDescription` and `fullDescription` fields for sarif reports (#8344) * chore(deps): bump Go to `v1.23.5` (#8341) * fix(python): add `poetry` v2 support (#8323) * chore(deps): bump the github-actions group across 1 directory with 4 updates (#8331) * fix(misconf): ecs include enhanced for container insights (#8326) * fix(sbom): preserve OS packages from multiple SBOMs (#8325) * ci(helm): bump Trivy version to 0.59.0 for Trivy Helm Chart 0.11.0 (#8311) Important SUSE bug 1232948 SUSE bug 1235265 SUSE bug 1246151 CVE-2024-45338 at SUSE CVE-2024-45338 at NVD CVE-2024-51744 at SUSE CVE-2024-51744 at NVD CVE-2025-53547 at SUSE CVE-2025-53547 at NVD cpe:/o:opensuse:leap:15.6 Security update for rpi-imager (Moderate) openSUSE Leap 15.6 This update for rpi-imager fixes the following issues: - Turned off dependency vendoring, to get security fixes for libarchive and others. Includes a fix for CVE-2025-5916 (boo#1244387) Moderate SUSE bug 1244387 CVE-2025-5916 at SUSE CVE-2025-5916 at NVD cpe:/o:opensuse:leap:15.6 Security update for velociraptor (Moderate) openSUSE Leap 15.6 This update for velociraptor fixes the following issues: - Use llvm17 for Leap - Update to version 0.7.0.4.git142.862ef23: * github: fix deprecated upload artifact again * Update npm packages Includes fixes for the following vulnerabilities: CVE-2023-45133 CVE-2023-46234 CVE-2024-55565 CVE-2024-45296 CVE-2023-44270 CVE-2024-47068 CVE-2024-23331 CVE-2024-31207 CVE-2024-45812 CVE-2024-45811 * Update go dependencies Includes fixes for the following vulnerabilities: CVE-2024-45338 CVE-2024-37298 CVE-2024-24786 CVE-2023-45683 (boo#1216310) CVE-2023-1732 * Update jwt to 4.5.1 Fixes CVE-2024-51744 (boo#1232944) * Update go-retryablehttp to 0.7.7 Fixes CVE-2024-6104 (boo#1227061) * Update go-oidc and go-jose Fixes CVE-2024-28180 (boo#1235168) * Update dompurify to 3.1.3 Fixes CVE-2024-47875 (boo#1231574) * Update package-lock.json * Update micromatch to 4.0.8 Partial fix for CVE-2024-4067 (boo#1224367) Partial fix for CVE-2024-4068 (boo#1224296) * Update axios to 1.7.9 Fixes CVE-2024-39338 (boo#1229424) * Update cross-spawn to 7.0.6 Fixes CVE-2024-21538 (boo#1233845) * Update elliptic to 6.6.1 Update contains fixes for: CVE-2024-48949 (boo#1231558) CVE-2024-48948 (boo#1231685) CVE-2024-42459 (boo#1232543) CVE-2024-42460 (boo#1232543) CVE-2024-42461 (boo#1232543) * Update follow-redirects to 1.15.6 Fixes CVE-2024-28849 (boo#1221456) * fix: gui/velociraptor/package.json to reduce vulnerabilities Fixes CVE-2022-25883 (boo#1212572) * and many more changes - Update node modules with security fixes. * Fixes CVE-2024-39338 (boo#1229424) * Remove CVE-2024-28849-follow-redirects-drop-proxy-authorization.patch as the update is included. - Obsolete old velociraptor-kafka-humio-gateway package - Update to version 0.6.7.5~git81.01be570: * libbpfgo: pull fix for double-free * logscale: add documentation for plugin * bpf: fix path to vmlinux.h * file_store/test_utils/server_config.go: update test certificate * Update bluemonday dependency. * vql/functions/hash: cache results on Linux * libbpfgo: update to velociraptor-branch-v0.4.8-libbpf-1.2.0 * logscale/backport: don't use networking.GetHttpTransport * vql/tools/logscale: add plugin to post events to LogScale ingestion endpoint * file_store/directory: add ability to report pending size * libbpfgo: update submodule to require libzstd for newer libelf * utils/time.js: fix handling of nanosecond-resolution timestamps * libbpfgo: switch to using regular static builds * Create a new 0.6.7-5 release (#2385) - Verify FILESYSTEM_WRITE permission on copy() function (#2384) (boo#1207936, CVE-2023-0242) - Also ensure client id is considered unsafe (boo#1207937, CVE-2023-0290) * github/workflows/linux: do apt-get update to refresh package lists - Tightening the security of the services a bit: - tmp files are now moved to /var/lib/velociraptor{,-client}/tmp from /tmp - run velociraptor server as user velociraptor instead of root we do not really need root permissions here - introduce /var/lib/velociraptor/filestore to make it easier to split out large file upload - change permissions for the data directory and subdirectories to /var/lib/velociraptor/ u=rwX,go= velociraptor:velociraptor /var/lib/velociraptor-client/ u=rwX,go= root:root - change permissions of config directory to: /etc/velociraptor/ u=rwX,g=rX,o= root:velociraptor /etc/velociraptor/server.config u=rw,g=r,o= root:velociraptor /etc/velociraptor/client.config u=rw,go= root:root Moderate SUSE bug 1207936 SUSE bug 1207937 SUSE bug 1212572 SUSE bug 1216310 SUSE bug 1221456 SUSE bug 1224296 SUSE bug 1224367 SUSE bug 1227061 SUSE bug 1229424 SUSE bug 1231558 SUSE bug 1231574 SUSE bug 1231685 SUSE bug 1232543 SUSE bug 1232944 SUSE bug 1233845 SUSE bug 1235168 CVE-2022-25883 at SUSE CVE-2022-25883 at NVD CVE-2023-0242 at SUSE CVE-2023-0242 at NVD CVE-2023-0290 at SUSE CVE-2023-0290 at NVD CVE-2023-1732 at SUSE CVE-2023-1732 at NVD CVE-2023-44270 at SUSE CVE-2023-44270 at NVD CVE-2023-45133 at SUSE CVE-2023-45133 at NVD CVE-2023-45683 at SUSE CVE-2023-45683 at NVD CVE-2023-46234 at SUSE CVE-2023-46234 at NVD CVE-2023-5950 at SUSE CVE-2023-5950 at NVD CVE-2024-21538 at SUSE CVE-2024-21538 at NVD CVE-2024-23331 at SUSE CVE-2024-23331 at NVD CVE-2024-24786 at SUSE CVE-2024-24786 at NVD CVE-2024-28180 at SUSE CVE-2024-28180 at NVD CVE-2024-28849 at SUSE CVE-2024-28849 at NVD CVE-2024-31207 at SUSE CVE-2024-31207 at NVD CVE-2024-37298 at SUSE CVE-2024-37298 at NVD CVE-2024-39338 at SUSE CVE-2024-39338 at NVD CVE-2024-4067 at SUSE CVE-2024-4067 at NVD CVE-2024-4068 at SUSE CVE-2024-4068 at NVD CVE-2024-42459 at SUSE CVE-2024-42459 at NVD CVE-2024-42460 at SUSE CVE-2024-42460 at NVD CVE-2024-42461 at SUSE CVE-2024-42461 at NVD CVE-2024-45296 at SUSE CVE-2024-45296 at NVD CVE-2024-45338 at SUSE CVE-2024-45338 at NVD CVE-2024-45811 at SUSE CVE-2024-45811 at NVD CVE-2024-45812 at SUSE CVE-2024-45812 at NVD CVE-2024-47068 at SUSE CVE-2024-47068 at NVD CVE-2024-47875 at SUSE CVE-2024-47875 at NVD CVE-2024-48948 at SUSE CVE-2024-48948 at NVD CVE-2024-48949 at SUSE CVE-2024-48949 at NVD CVE-2024-51744 at SUSE CVE-2024-51744 at NVD CVE-2024-55565 at SUSE CVE-2024-55565 at NVD CVE-2024-6104 at SUSE CVE-2024-6104 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: Chromium 139.0.7258.138 (boo#1248315): * CVE-2025-9132: Out of bounds write in V8 Important SUSE bug 1248315 CVE-2025-9132 at SUSE CVE-2025-9132 at NVD cpe:/o:opensuse:leap:15.6 Security update for go-sendxmpp (Moderate) openSUSE Leap 15.6 This update for go-sendxmpp fixes the following issues: - Update to 0.15.0: Added: * Add flag --verbose to show debug information. * Add flag --recipients to specify recipients by file. * Add flag --retry-connect to try after a waiting time if the connection fails. * Add flag --retry-connect-max to specify the amount of retry attempts. * Add flag --legacy-pgp for using XEP-0027 PGP encryption with Ox keys. * Add support for punycode domains. Changed: * Update gopenpgp library to v3. * Improve error detection for MUC joins. * Don't try to connect to other SRV record targets if error contains 'auth-failure'. * Remove support for old SSDP version (via go-xmpp v0.2.15). * Http-upload: Stop checking other disco items after finding upload component. * Increase default TLS version to 1.3. - CVE-2025-22872: Fixed golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction (boo#1241814) - Update to 0.14.1: * Use prettier date format for error messages. * Update XEP-0474 to version 0.4.0 (requires go-xmpp >= 0.2.10). Moderate SUSE bug 1241814 CVE-2025-22872 at SUSE CVE-2025-22872 at NVD cpe:/o:opensuse:leap:15.6 Security update for proftpd (Important) openSUSE Leap 15.6 This update for proftpd fixes the following issues: - CVE-2024-57392: Null pointer dereference vulnerability by sending a maliciously crafted message (boo#1236889). - CVE-2024-48651: Supplemental group inheritance grants unintended access to GID 0 (boo#1233997). Important SUSE bug 1233997 SUSE bug 1236889 CVE-2024-48651 at SUSE CVE-2024-48651 at NVD CVE-2024-57392 at SUSE CVE-2024-57392 at NVD cpe:/o:opensuse:leap:15.6 Security update for minikube (Important) openSUSE Leap 15.6 This update for minikube fixes the following issues: - Update to version 1.36.0: * Features - Support Kubernetes version v1.33.1 #20784 - New flag '-f' to allow passing a config file for addon configure command. #20255 - vfkit: bump to Preferred driver on macOs #20808 - vfkit: new network option '--network vment-shared' for vfkit driver #20501 * Bug Fixes: - fix bootpd check on macOS >= 15 #20400 - fix bug in parsing proxies with dashes #20648 - fix waiting for all pods having specified labels to be Ready #20315 - fix: incorrect finalImg affecting downloading kic form github assets #20316 - fix: reference missing files in schema (Closes #20752) #20761 - Improvements: - Additional checks for 9p support #20288 - vfkit: Graceful shutdown on stop #20504 - vfkit: More robust state management #20506 - vfkit vmnet: support running without sudoers configuration #20719 - Revert 'fix --wait's failure to work on coredns pods' #20313 * Languages: - Add Indonesian translation #20494 - Add more french translation #20361 - Add more Korean translations #20634 - Add more Chinese translations #20543#20543 - fixed minor typo in german translation #20546 - Version Updates: - Addon cloud-spanner: Update cloud-spanner-emulator/emulator image from 1.5.28 to 1.5.34 #20451 #20539 #20602#20623 #20670 #20704 #20795 - Addon headlamp: Update headlamp-k8s/headlamp image from v0.26.0 to v0.28.0 #20311 - Addon ingress: Update ingress-nginx/controller image from v1.11.3 to v1.12.2 #20789 - Addon inspektor-gadget: Update inspektor-gadget image from v0.36.0 to v0.40.0 #20325#20354#20512 #20736 - Addon kong: Update kong image from 3.8.0 to 3.9.0 #20151 #20384 #20728 - Addon kong: Update kong/kubernetes-ingress-controller image from 3.3.1 to 3.4.5 #20319#20446#20788 - Addon kubevirt: Update bitnami/kubectl image from 1.31.3 to 1.33.1 #20321#20349#20665#20731#20790 - Addon nvidia-device-plugin: Update nvidia/k8s-device-plugin image from v0.17.0 to v0.17.2 #20786#20534 - Addon registry: Update kube-registry-proxy image from 0.0.8 to 0.0.9 #20717 - Addon registry: Update registry image from 2.8.3 to 3.0.0 #20242 #20425 - Addon Volcano: Update volcano images from v1.10.0 to v1.11.2 #20318 #20616 #20697 - CNI: Update cilium from v1.17.0 to v3.30.0 #20419 #20390 #20584 #20734 #20317 #20383 #20535 #20637 #20787 - CNI: Update flannel from v0.26.2 to v0.26.7 #20385#20617 #20639 - CNI: Update kindnetd from v20241108-5c6d2daf to v20250512-df8de77b #20327#20427 #20797 - HA (multi-control plane): Update kube-vip from v0.8.10 to v0.9.1 #20638#20238#20598 #20699 - Kicbase: Bump ubuntu:jammy from 20240911.1 to 20250126 #20387 #20718 - Kicbase/ISO: Update buildroot from 2023.02.9 to 2025.2 #20720 - Kicbase/ISO: Update cni-plugins from v1.6.2 to v1.7.1 #20771 - Kicbase/ISO: Update cri-dockerd from v0.3.15 to v0.4.0 #20747 - Kicbase/ISO: Update docker from 27.4.0 to 28.0.4 #20436 #20523 #20591 - Kicbase/ISO: Update runc from v1.2.3 to v1.3.0#20433#20604 #20764 - update to 1.35.0 (boo#1234528, CVE-2024-45337): * Features: - Add support for AMD GPUs via --gpus=amd #19749 - publish & download kicbase image in github release assets #19464 - Support latest Kubernetes v1.32.0 #20091 - Adds support for kubeadm.k8s.io/v1beta4 available since k8s v1.31 #19790 * Improvements: - Merge nvidia-gpu-device-plugin and nvidia-device-plugin. #19545 - cilium: remove appArmorProfile for k8s<v1.30.0 #19888 - auto-pause: restart service after configuration #19900 - Revert 'Change MINIKUBE_HOME logic' #20045 - HA (multi-control plane): Update kube-vip from v0.8.6 to v0.8.7 #20053 - don't pollute minikube profile list with errors if exitcode is absent #19728 - unified minikube cluster status query #18998 - Vfkit driver: fix TestMachineType failing on macOS #19726 - No more arch restriction on nerdctld #19730 - remove helm-tiller addon #19636 - More robust MAC address matching #19750 - Add instructions to resolve docker context error #19197 * Bug fixes: - fix --wait's failure to work on coredns pods #19748 - Fix panic when no services in namespace with --all specified #19957 - fix timeout when stopping KVM machine with CRI-O container runtime #19758 - Fix long lines in lastStart.txt not outputting in log outputs #19740 - Fix wrongly detecting kicbase arch as incorrect #19664 * Breaking Changes: - skip building kvm2-arm64 till 19959 is resolved #20062 - remove arm64 kvm #19985 * Languages: - Add more Chinese translations #19490 - Add more Chinese translations #19508 - Fix chinnese translation on wrong line #19718 - Add more chinnese translations #19962 - Add more chinnese translations #19772 - Fix french translation #19978 - Improve french translation #19654 * - Version Updates: - Please see the full changelog - https://github.com/kubernetes/minikube/releases/tag/v0.35.0 Important SUSE bug 1234528 CVE-2024-45337 at SUSE CVE-2024-45337 at NVD cpe:/o:opensuse:leap:15.6 Security update for v2ray-core (Important) openSUSE Leap 15.6 This update for v2ray-core fixes the following issues: - Update version to 5.33.0 * bump github.com/quic-go/quic-go from 0.51.0 to 0.52.0(boo#1243946 and CVE-2025-297850) * Update other vendor source - Update version to 5.31.0 * Add Dns Proxy Response TTL Control * Fix call newError Base with a nil value error * Update vendor (boo#1235164) - Update version to 5.29.3 * Enable restricted mode load for http protocol client * Correctly implement QUIC sniffer when handling multiple initial packets * Fix unreleased cache buffer in QUIC sniffing * A temporary testing fix for the buffer corruption issue * QUIC Sniffer Restructure - Update version to 5.22.0 * Add packetEncoding for Hysteria * Add ECH Client Support * Add support for parsing some shadowsocks links * Add Mekya Transport * Fix bugs - Update version to 5.18.0 * Add timeout for http request roundtripper * Fix ss2022 auth reader size overflow * Add pie build mode to all binary builds * Support 'services' root config in cfgv4 * packet_encoding for config v4 * add MPTCP support * Add (Experimental) Meyka Building Blocks to request Transport * Add timeout for http request roundtripper * Hysteria2: Add Hysteria2 Protocol * Add AllowInsecureIfPinnedPeerCertificate option to tls security * Add tls certChainHash command * add support for socket activation * Add pprof flag for debugging * Fix bugs - Update version to 5.16.1 * Add Keep-Alive to removed headers - Update version to 5.15.1 * feat: RandomStrategy AliveOnly * Improve container image tags and timestamp * Add delay_auth_write to Socks5 Client Advanced Config * Add MaxMin TLS version support in TLS Setting * feat: RandomStrategy AliveOnly * Improve container image tags and timestamp * Fixed an encrypted traffic's malleable vulnerability that allow integrity corruption by an attacker with a privileged network position to silently drop segments of traffic from an encrypted traffic stream. * Update documents * Fix bugs - Update vendor, fix CVE-2024-22189 boo#1222488 - Update version to 5.12.1 * Shadowsocks2022 Client Support * Apply DomainStrategy to outbound target * Add DomainStrategy to JSONv5 outbound * Add sniffing for TUN * Add HTTPUpgrade transport * It is a reduced version of WebSocket Transport that can pass many reverse proxies and CDNs without running a WebSocket protocol stack * TUN Support * Add uTLS support for h2 transport * Fix bugs Important SUSE bug 1222488 SUSE bug 1235164 SUSE bug 1243946 CVE-2024-22189 at SUSE CVE-2024-22189 at NVD CVE-2025-297850 at SUSE CVE-2025-297850 at NVD cpe:/o:opensuse:leap:15.6 Security update for etcd (Important) openSUSE Leap 15.6 This update for etcd fixes the following issues: - Update to version 3.6.2: * Avoid lowering revision of watchers in the future after restore * Add verification to verify the watch response have a bigger revision than minRev * Disable progress notify validation until we can guarantee response * Skip sending progress notification for watch with starting revision in the future - See upgrade guide: https://etcd.io/docs/v3.6/upgrades/upgrade_3_6/ - Update to version 3.6.1: * etcd server: - Replaced the deprecated/removed UnaryServerInterceptor and StreamServerInterceptor in otelgrpc with NewServerHandler - Add protection on PromoteMember and UpdateRaftAttributes to prevent panicking - Fix the issue that --force-new-cluster can't remove all other members in a corner case - Fix mvcc: avoid double decrement of watcher gauge on close/cancel race - Add validation to ensure there is no empty v3discovery endpoint * etcdctl: - Fix command etcdctl endpoint health doesn't work when options are set via environment variables - Update to version 3.6.0: https://github.com/etcd-io/etcd/compare/v3.5.21...v3.6.0 * Dropped flags in v3.6.0: ETCD_ENABLE_V2 ETCD_PROXY ETCD_PROXY_DIAL_TIMEOUT ETCD_PROXY_FAILURE_WAIT ETCD_PROXY_READ_TIMEOUT ETCD_PROXY_REFRESH_INTERVAL ETCD_PROXY_WRITE_TIMEOUT - Update to version 3.5.21: * bump golang.org/x/net from v0.36.0 to v0.38.0 * bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 to address CVE-2025-30204 (boo#1240515) - Update to version 3.5.20: * Fix the issue that learner promotion command doesn't support json output * overwrite the member if already exist * add verification to check whether membership data is in sync between v2store and v3store * fix: grpcproxy can get stuck in and endless loop causing high cpu usage * perf(release3.5): use RLock in Demoted method for read-only access to expiry - Update to version 3.5.19: * Bump go toolchain to 1.23.7 * fix a compaction induce latency issue * Add learner id into log when being promoted or removed * add learner check to readyz * tools: add mixed read-write performance evaluation scripts - Update to version 3.5.18: * Ensure all goroutines created by StartEtcd to exit before closing the errc * mvcc: restore tombstone index if it's first revision * Bump go toolchain to 1.22.11 * Avoid deadlock in etcd.Close when stopping during bootstrapping * etcdutl/etcdutl: use datadir package to build wal/snapdir * Remove duplicated <-s.ReadyNotify() * Do not wait for ready notify if the server is stopping * Fix mixVersion test case: ensure a snapshot to be sent out * *: support custom content check offline in v2store * Print warning message for deprecated flags if set * fix runtime error: comparing uncomparable type * add tls min/max version to grpc proxy - Fixing a configuration data loss bug: Fillup really really wants that the template and the target file actually follow the sysconfig format. The current config and the current template do not fulfill this requirement. Move the current /etc/sysconfig/etcd to /etc/default/etcd and install a new sysconfig file which only adds the ETCD_OPTIONS option, which is actually used by the unit file. This also makes it a bit cleaner to move etcd to use --config-file in the long run. - Update etcd configuration file based on https://github.com/etcd-io/etcd/blob/v3.5.17/etcd.conf.yml.sample - Update to version 3.5.17: * fix(defrag): close temp file in case of error * Bump go toolchain to 1.22.9 * fix(defrag): handle defragdb failure * fix(defrag): handle no space left error * [3.5] Fix risk of a partial write txn being applied * [serverWatchStream] terminate recvLoop on sws.close() - Update to version 3.5.16: * Bump go toolchain to 1.22.7 * Introduce compaction sleep interval flag * Fix passing default grpc call options in Kubernetes client * Skip leadership check if the etcd instance is active processing heartbeats * Introduce Kubernetes KV interface to etcd client - Update to version 3.5.15: * Differentiate the warning message for rejected client and peer * connections * Suppress noisy basic auth token deletion log * Support multiple values for allowed client and peer TLS identities(#18015) * print error log when validation on conf change failed - Update to version 3.5.14: * etcdutl: Fix snapshot restore memory alloc issue * server: Implement WithMmapSize option for backend config * gRPC health server sets serving status to NOT_SERVING on defrag * server/mvcc: introduce compactBeforeSetFinishedCompact failpoint * Update the compaction log when bootstrap and update compact's signature * add experimental-snapshot-catchup-entries flag. * Fix retry requests when receiving ErrGPRCNotSupportedForLearner - Update to version 3.5.13: * Fix progress notification for watch that doesn't get any events * pkg/types: Support Unix sockets in NewURLS * added arguments to the grpc-proxy: dial-keepalive-time, dial-keepalive-timeout, permit-without-stream * server: fix comment to match function name * Make CGO_ENABLED configurable for etcd 3.5 * etcdserver: drain leaky goroutines before test completed Important SUSE bug 1240515 CVE-2025-30204 at SUSE CVE-2025-30204 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: Chromium 139.0.7258.154 (boo#1248769) * CVE-2025-9478: Use after free in ANGLE Important SUSE bug 1248769 CVE-2025-9478 at SUSE CVE-2025-9478 at NVD cpe:/o:opensuse:leap:15.6 Security update for qt6-connectivity (Moderate) openSUSE Leap 15.6 This update for qt6-connectivity fixes the following issues: - CVE-2025-23050: Fixed buffer over-read and division by zero (boo#1236237) Moderate SUSE bug 1236237 CVE-2025-23050 at SUSE CVE-2025-23050 at NVD cpe:/o:opensuse:leap:15.6 Security update for dcmtk (Moderate) openSUSE Leap 15.6 This update for dcmtk fixes the following issues: - CVE-2025-9732: Fixed a memory corruption in dcm2img (boo#1248995). Moderate SUSE bug 1248995 CVE-2025-9732 at SUSE CVE-2025-9732 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Django (Important) openSUSE Leap 15.6 This update for python-Django fixes the following issues: - CVE-2025-57833: Fixed potential SQL injection in FilteredRelation column aliases (boo#1248810). Important SUSE bug 1248810 CVE-2025-57833 at SUSE CVE-2025-57833 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium, gn (Important) openSUSE Leap 15.6 This update for chromium, gn fixes the following issues: - Chromium 140.0.7339.80 (boo#1249093): * new permission prompt for local network access * CVE-2025-9864: Use after free in V8 * CVE-2025-9865: Inappropriate implementation in Toolbar * CVE-2025-9866: Inappropriate implementation in Extensions * CVE-2025-9867: Inappropriate implementation in Downloads * Various fixes from internal audits, fuzzing and other initiatives Important SUSE bug 1249093 CVE-2025-9864 at SUSE CVE-2025-9864 at NVD CVE-2025-9865 at SUSE CVE-2025-9865 at NVD CVE-2025-9866 at SUSE CVE-2025-9866 at NVD CVE-2025-9867 at SUSE CVE-2025-9867 at NVD cpe:/o:opensuse:leap:15.6 Security update for 7zip (Moderate) openSUSE Leap 15.6 This update for 7zip fixes the following issues: - Update to 25.01 (boo#1249130) * The code for handling symbolic links has been changed to provide greater security when extracting files from archives * Command line switch -snld20 can be used to bypass default security checks when creating symbolic links. - includes changes from 25.00: * bzip2 compression speed was increased by 15-40%. * deflate (zip/gz) compression speed was increased by 1-3%. * improved support for zip, cpio and fat archives. * CVE-2025-53816 : 7-Zip could work incorrectly for some incorrect RAR archives (boo#1246706) * CVE-2025-53817 : 7-Zip could crash for some incorrect COM (Compound File) archives (boo#1246707) - Update to 24.09: * The default dictionary size values for LZMA/LZMA2 compression methods were increased * 7-Zip now can calculate the following hash checksums: SHA-512, SHA-384, SHA3-256 and MD5. * APM and HFS support was improved. * If an archive update operation uses a temporary archive folder and the archive is moved to the destination folder, 7-Zip shows the progress of moving the archive file, as this operation can take a long time if the archive is large. * The bug was fixed: 7-Zip File Manager didn't propagate Zone.Identifier stream for extracted files from nested archives (if there is open archive inside another open archive). * Some bugs were fixed. - update to 24.08: * No longer write extra zero bytes after the end of the archive, if a file included to archive cannot be compressed to a size smaller than original * Some optimizations for displaying file icons in 7-Zip File Manager and in 'Confirm File Replace' window. * Some bugs were fixed - Update to 24.07: * The bug was fixed: 7-Zip could crash for some incorrect ZSTD archives. - Update to 24.06: * The bug was fixed: 7-Zip could not unpack some ZSTD archives. - update to 24.05: * New switch -myv=.. to set decoder compatibility version for 7z archive creating * New switches -myfa and -myfd to allow or disallow the specified filter method for 7z archive creating * can use new RISCV filter for compression to 7z and xz archives * can ask user permission to unpack RAR archives that require large amount of memory * new switch -smemx{size}g : to set allowed memory usage limit for RAR archive unpacking. * -y switch disables user requests and messages. * -slmu switch : to show timestamps as UTC instead of LOCAL TIME * support .sha256 files that use backslash path separator '\' * can unpack ZSTD archives (.zst filename extension). * can unpack ZIP, SquashFS and RPM archives that use ZSTD compression method. * support fast hash algorithm XXH64 that is used in ZSTD. * can unpack RAR archives (that use larger than 4 GB dictionary) created by new WinRAR 7.00. * can unpack DMG archives that use XZ (ULMO/LZMA) compression method * can unpack NTFS images with cluster size larger than 64 KB. * can unpack MBR and GDP images with 4 KB sectors. * Speed optimizations for archive unpacking: rar, cab, wim, zip, gz. * Speed optimizations for hash caclulation: CRC-32, CRC-64, BLAKE2sp. * Fix multivolume creation in some cases * bug fixs Moderate SUSE bug 1246706 SUSE bug 1246707 SUSE bug 1249130 CVE-2025-53816 at SUSE CVE-2025-53816 at NVD CVE-2025-53817 at SUSE CVE-2025-53817 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: - Chromium 132.0.6834.110 (boo#1236306) * CVE-2025-0611: Object corruption in V8 * CVE-2025-0612: Out of bounds memory access in V8 Important SUSE bug 1236306 CVE-2025-0611 at SUSE CVE-2025-0611 at NVD CVE-2025-0612 at SUSE CVE-2025-0612 at NVD cpe:/o:opensuse:leap:15.6 Recommended update for openQA, openQA-devel-container, os-autoinst, perl-CryptX, perl-IPC-Run, perl-JSON-Validator, perl-MCP, perl-Mojolicious (Moderate) openSUSE Leap 15.6 This update for openQA, openQA-devel-container, os-autoinst, perl-CryptX, perl-IPC-Run, perl-JSON-Validator, perl-MCP, perl-Mojolicious fixes the following issues: Changes in openQA: - Update to version 5.1757005118.aac56dbc: * CI: Fix SLE_15_SP6_Backports repo lookup order * Add perl(MCP) dependency in preparation for AI support * build(deps-dev): bump @humanfs/node from 0.16.6 to 0.16.7 * Revert 'MCP: Add MCP support as an optional feature' * Fix typo on Contributing documentation * Add MCP support as an optional feature * Reword `can't write` to `Cannot write` as suggested by review comment * Ensure destination dir for asset downloads exists when cloning jobs * build(deps): bump ace-builds from 1.43.2 to 1.43.3 - Update to version 5.1756962167.74f0204f: * Dependency cron 2025-09-04 - Update to version 5.1756905114.bb4fa746: * Fix syntax error in nginx config * Mark unconfigured api route log as uncoverable statement * Increase test coverage for lib/OpenQA/WebAPI/Description.pm * parser: ktap: Don't write diagnostic data into $subtest_name * Extend tests for configuring subdomain to serve files * Avoid job terminated unexpectedly with signal handler in delete needles * Allow configuring subdomain for serving logs/assets more securely * Do not invoke Mojo::IOLoop->remove twice * Add support for Bearer token authentication * Worker::Engines::isotovideo: Simplify using more Mojo::File * Worker::Engines::isotovideo: Remove obsolete comment Changes in openQA-devel-container: - Update to version 5.1757005118.aac56dbcc: * Update to latest openQA version Changes in os-autoinst: - Update to version 5.1756894972.736fbfd: * baseclass: Fix missing error details on failed SSH connection attempts * baseclass: Extend error details on failed ssh attempts * consoles: Improve error reporting on unavailable VNC * backend::svirt: Extract methods for serial_console command * backend::svirt: Extract method for serial_grab command * backend::svirt: Combine and simplify save_snapshot commands * backend::svirt: Extract method 'vmname' * backend::svirt: Extract methods for is_shutdown cmd Changes in perl-JSON-Validator: - updated to 5.150.0 (5.15) see /usr/share/doc/packages/perl-JSON-Validator/Changes 5.15 2025-03-16T18:47:47 - Make JSON::Validator::Util::is_bool return true when passed perl v5.36+ builtin booleans #275 - Fix wrong resolving of responses component using $ref #277 - Fix array coercion for array parameters with a $ref schema #274 Changes in perl-IPC-Run: - updated to 20231003.0 see /usr/share/doc/packages/perl-IPC-Run/Changelog 20231003.0 Mon Oct 2 2023 Windows now matches other platforms in that a child calling exit(N) causes result() to return N and full_result() to return N << 8. On Windows, before this change, result() was returning N >> 8, and full_result() was returning N. Programs having workarounds for this may need to condition those workarounds on $IPC::Run::VERSION. - #157 - On Windows, avoid hang under IPCRUNDEBUG. - Refresh 'cpanfile' from Makefile.PL, to allow use on Windows. - #163 - Normalize shebangs to /usr/bin/perl - Fix or skip all tests recently seen to fail on Windows. - Include t/result.t in releases. - #168 - Make full_result() and result() Windows behavior match non-Windows. Changes in perl-CryptX: - updated to 0.87.0 (0.087) see /usr/share/doc/packages/perl-CryptX/Changes 0.087 2025-06-11 - bundled libtomcrypt update branch:develop (commit: d448df1 2025-05-06) - bundled libtommath update branch:develop (commit: 839ae9e 2025-06-11) - fix #120 Create SECURITY.md - fix #121 Failures on ARM after upgrading libtommath - security fix CVE-2025-40914 https://github.com/DCIT/perl-CryptX/security/advisories/GHSA-6fh3-7qjq-8v22 - updated to 0.86.0 (0.086) see /usr/share/doc/packages/perl-CryptX/Changes 0.086 2025-05-02 - fixe #118 Syncing with recent Math-BigInt - bundled libtomcrypt update branch:develop (commit:3905c289 2025-04-23) - updated to 0.85.0 (0.085) see /usr/share/doc/packages/perl-CryptX/Changes 0.085 2025-02-08 - fix #114 #113 #112 (improved detection of Apple+x86_64 / AESNI) - fix #115 Crypt::PRNG - fix typo and specify ChaCha20 is the default - updated to 0.84.0 (0.084) see /usr/share/doc/packages/perl-CryptX/Changes 0.084 2024-10-16 - libtommath: fix cpantesters crash on freebsd/i386 - updated ppport.h 0.083 2024-10-15 - fix #110 regression: 0.081 fails to parse PEMs that 0.080 parsed fine - bundled libtomcrypt update branch:develop (commit:cbb01b37 2024-10-14) 0.082 2024-10-07 - fix #111 libcryptx-perl: t/sshkey.t fails on some architectures - CHANGE: Crypt::Cipher::Blowfish max key size increased to 72 bytes - bundled libtomcrypt update branch:develop (commit:29af8922 2024-10-07) 0.081 2024-09-08 - fix #107 Drop -msse4.1 -maes for libtomcrypt - fix #105 Several functions in CryptX::AuthEnc deal weirdly with non-simple-string plaintext - fix #104 Add ethereum format signature - fix #103 Use standard __asm__ blocks instead of asm - fix #99 ltc: fix aesni flag handling - fix #87 Add possibility to use different hash algorithms in RSAES-OAEP - BIG CHANGE switch to PEM/SSH key loading via libtomcrypt - bundled libtomcrypt update branch:develop (commit:ce904c86 2024-09-02) Changes in perl-MCP: - initial package 0.40.0 (0.04) * created by cpanspec 1.84.01 Changes in perl-Mojolicious: - updated to 9.410.0 (9.41) see /usr/share/doc/packages/perl-Mojolicious/Changes 9.41 2025-07-03 - Added EXPERIMENTAL support for Server-Sent Events. - Added EXPERIMENTAL module Mojo::SSE. - Added EXPERIMENTAL sse attribute to Test::Mojo. - Added EXPERIMENTAL get_sse_ok, post_sse_ok, sse_finish_ok, sse_finished_ok, sse_ok, sse_id_is, sse_id_isnt, sse_text_is, sse_text_isnt, sse_text_like, sse_text_unlike, sse_type_is and sse_type_isnt methods to Test::Mojo. - Added EXPERIMENTAL is_sse and write_sse methods to Mojo::Content. - Added EXPERIMENTAL write_sse method to Mojolicious::Controller. - Added EXPERIMENTAL sse event to Mojo::Content. - Fixed a bug where query parameters could not be set to undef. (ether) - Fixed a bug where Host headers were not initialized correctly. (ether) - updated to 9.400.0 (9.40) see /usr/share/doc/packages/perl-Mojolicious/Changes 9.40 2025-05-12 - Added EXPERIMENTAL support for resumable file downloads. - Added EXPERIMENTAL download methods to Mojo::File and Mojo::UserAgent::Transactor. - updated to 9.390.0 (9.39) see /usr/share/doc/packages/perl-Mojolicious/Changes 9.39 2024-11-23 - Added EXPERIMENTAL support for encrypted session cookies. This feature is much more secure than signed cookies and can be enabled by installing CryptX and setting the encrypted attribute. $app->sessions->encrypted(1); - Added EXPERIMENTAL encrypted attribute to Mojolicious::Sessions. - Added EXPERIMENTAL encrypted_cookie and every_encrypted_cookie methods to Mojolicious::Controller. - Added EXPERIMENTAL decrypt_cookie, encrypt_cookie and generate_secret functions to Mojo::Util. - Fixed a bug in Mojo::Message::Request where message size limits were not always correctly applied. (Alexander Kuehne) - updated to 9.380.0 (9.38) see /usr/share/doc/packages/perl-Mojolicious/Changes 9.38 2024-08-17 - Added support for new core booleans in Perl 5.36+ to Mojo::JSON. (haarg) - Deprecated support for ''' package separators that have been deprecated in Perl. (Grinnz) - updated to 9.37 see /usr/share/doc/packages/perl-Mojolicious/Changes 9.37 2024-05-13 - Improved Mojo::Base include time with a new Mojo::BaseUtils module. (okurz) - updated to 9.36 see /usr/share/doc/packages/perl-Mojolicious/Changes 9.36 2024-03-06 - Updated Bootstrap from version 4 to 5. (sergiotarxz) - Improved Morbo to restart on deleted files. (hernan604) Moderate CVE-2025-40914 at SUSE CVE-2025-40914 at NVD cpe:/o:opensuse:leap:15.6 Security update for opera (Important) openSUSE Leap 15.6 NonFree This update for opera fixes the following issues: - Update to 121.0.5600.50 * DNA-123566 [Security] Backport fix for Chrome issue 440454442 to all branches * RNA-246 URL remains visible after tab is closed or new tab is opened on Speed Dial page - Update to 121.0.5600.38 * CHR-10080 Update Chromium on desktop-stable-137-5600 to 137.0.7151.122 * DNA-112270 'Delete suggestion' (x) button stays focused after suggestion is deleted * DNA-115865 [Google MEET] The detached window disappears after dragging the tab to another window or move to another workspace * DNA-116619 After exit the youtube fullscreen mode, a black side bar appears on the left side of the screen * DNA-118890 Crash at opera::RegisterPathProvider * DNA-119134 Crash at views::ViewAXPlatformNodeDelegate:: FireNativeEvent * DNA-119230 Timeout in VideoPictureInPictureWindowControllerBrowserTest.VolumeSlider * DNA-120162 Crash at opera::MainMenu::FillOMenuHeader * DNA-120459 [Split screen] Page content flickering when the width of the elements changes. * DNA-120753 Crash at opera::BrowserWindowCocoa::GetBounds * DNA-121103 [Tab Island Split Screen] Not possible to create tab island with already existing split screen * DNA-121264 [Light theme] Text and icons in popups hardly visible on hover * DNA-121406 [Intro] Update Messenger icon to new version * DNA-121824 [Dark Mode] Inactive toggles are not clearly visible in default color * DNA-121859 [Easy Files] Missing icons next to options in the menu * DNA-121884 Add missing video popout test * DNA-121970 Low WebRTC video quality with software Media Foundation encoder * DNA-122014 [VPN Pro] Add VPN Pro section to chrome://opera-diagnostics * DNA-122203 Bookmark folders are no longer visible in 'O' menu * DNA-122218 [Split screen toolbar] Not all available icons are visible on hover until address bar is clicked * DNA-122222 [Split screen] Active tab refreshes instead of current tab * DNA-122251 [Easy Files] Transparent glitch appears with some file types in popup * DNA-122283 Fields to fill in are not visible in light modes in opera://settings/ * DNA-122330 Missing shadow effect on Sidebar Setup panel * DNA-122331 Sidebar Setup does not start from the top after reopening * DNA-122347 Background music resumes after toggling mic/camera in Google Meet * DNA-122348 [Tab Island Split Screen] After dragging split screen into collapsed tab island, icon that shows that there are more tabs in island disapears * DNA-122360 VideoPictureInPictureWindowControllerBrowserTest. ControlsVisibility fails on Linux * DNA-122361 Shader has crashed * DNA-122444 Add accessibility title for password manager popup * DNA-122488 Crash at opera::component_based::ComponentTabView ::OnMouseDragged * DNA-122493 [WebRTC] Software H.264 encoder initialization failure with odd frame dimensions * DNA-122499 [Password Management] Save-password popup displays dark mode image in light mode * DNA-122500 [Password Management] Save-password popup image lacks shadow * DNA-122501 [Password Management] Incorrect styling for Password Manager link * DNA-122502 Use named export for React styles * DNA-122506 Update component pages manifests to version 3 * DNA-122512 [Password Management] Password is shown as a clear text by system accessibility * DNA-122513 [Password Management] Font size in password-manager page is bigger than in settings * DNA-122531 Bump major version to 121 * DNA-122540 Translations for Opera 120 * DNA-122555 [Password Management] Password update prompt is shown as sliding toolbar (old style) * DNA-122558 '+' button shifts position after cancelled split screen * DNA-122561 [Password Management] Manage Passwords icon is not shown in address bar when in split screen mode * DNA-122562 [Password Management] Save password popup is incorrectly anchored in split screen mode * DNA-122569 Gmail video popup disappears and Meet disconnects when switching tabs or clicking redirect button * DNA-122576 Live background loaded on GPU process crash even if not visible * DNA-122587 Auto-PiP not working due to inability to check URL for safety * DNA-122588 Change search box size and categories position on scroll * DNA-122589 Change structure of components and make sidebar sticky * DNA-122603 Private mode badge color should be inverted * DNA-122607 Make labels in themes localizable * DNA-122608 Test AutoPictureInPictureWithVideoPlaybackBrowser Test.DoesAutopip_TopFrameAndSubframeDomainsAllowed of type browser test failed on goth with status fail * DNA-122621 After closing PiP, player in the tab stops playing * DNA-122628 [O120] Crash at performance_manager::mechanism:: PageDiscarder::DiscardPageNodes * DNA-122629 Block auto-PiP if user closes PiP window * DNA-122632 Crash at opera::ThemesService::ThemeDataProvider:: GetResourceId * DNA-122635 Backport 0-day fix for CVE-2025-5419 and chromium issue 420637585 * DNA-122641 The 'Make Opera default browser' button doesn't automatically change in Easy Setup after make browser as a default * DNA-122659 startpage opening animation is not disabled * DNA-122665 Tab island tooltip has incorrect design * DNA-122673 'Save' button doesn't work in opera://settings/syncSetup to save created passphrase * DNA-122675 Opera unpins from taskbar after update * DNA-122688 Dragging tab island with split screen outside of tab strip crashes * DNA-122695 VPN section not available in opera settings on first run * DNA-122714 Crash at TabStripModel::SetSelectionFromModel * DNA-122715 Crash at media::ATAudioFormatReader::ChooseFormat * DNA-122723 'Accounts saved for this website' popup has a chrome design * DNA-122730 Password popup design do not match the mockup * DNA-122734 Replace background of 'banner' on the VPN badge popup UI * DNA-122745 The tooltip of the password manager icon has an incorrect label when hovering over it * DNA-122749 Crash in AddressBarControllerImpl:: OnActiveTabChanged() on non-developer channels * DNA-122764 [Split screen] Popup arrow is pinned to easy setup button instead of the password manager * DNA-122765 Can't close the popup by clicking the password manager icon in the address bar * DNA-122772 Crash at ManagePasswordsUIController:: GetManagePasswordsButtonView * DNA-122773 Crash at translate::ContentTranslateDriver:: ~ContentTranslateDriver * DNA-122774 Tab Island tabs dropdown not visible when 'Show tabs from the same domain in tab tooltip' is disabled * DNA-122778 Enable #password-management-popup on all streams * DNA-122780 [password-management-popup=off] Passwords badge not shown until user clicks in the address bar * DNA-122786 Allow manual re-sending of discarded crashes in opera://crashes/ page * DNA-122791 The button corners are not rounded enough * DNA-122795 Password popup header does not match the mockup * DNA-122797 Crash at TabStripModel::SetSelectionFromModel * DNA-122826 Crash loop when trying to launch Opera –with-feature:pinboard=off * DNA-122829 [Linux] Crash at settings::DefaultBrowserHandler:: HandleDefaultBrowserChange * DNA-122843 O-Menu becomes unresponsive when sidebar is set to auto-hide and then disabled * DNA-122848 Tests that WaitForBrowserToClose() time out * DNA-122849 The popup windows for 'Accounts saved for this website' and the credentials view are too wide * DNA-122850 Missing tooltip over buttons on the 'web page credentials' popup * DNA-122851 Missing hover effect * DNA-122852 On the 'Accounts saved for this website' popup, the whole row should be clickable not only an arrow * DNA-122853 Support multiple static wallpapers in a single theme * DNA-122854 Investigate backwards compatibility for multiple wallpaper themes * DNA-122862 Crash at opera::popup_protection:: PopupProtectionServiceImpl::CloseActivePopups * DNA-122864 'Copy password' button should not be visible in save password popup * DNA-122883 [SD] Tile names are not visible in folder when a custom wallpaper is used * DNA-122920 Checkboxes are invisible in Sidebar Setup * DNA-122928 Hide universal skip button when video is finished * DNA-122940 Installer crashes while trying to enter the options screen twice before feature overrides are downloaded * DNA-122955 Active emoji is not selected in tab tooltip * DNA-122957 [MediaRecorder] Software H.264 encoder initialization failure with odd frame dimensions * DNA-122959 Refactor tab automuting * DNA-122962 SessionRestoreTest.RestoredTabsHaveDelegate fails in GX * DNA-122967 Improper navigation button enabled status on split screen creation (non-start page case) * DNA-122968 Crash at PasswordBubbleViewBase::ShowBubble * DNA-122984 Enable #translator on all streams for Opera One * DNA-122991 Add rate me button on opera://bookmarks page * DNA-123026 Crash when clicking manage passwords button in address bar when 'Sign in' credentials API popup is displayed * DNA-123029 [Color themes] When an animated color theme is selected, a start page wallpaper can be chosen in Easy Setup * DNA-123031 [Opera Translate] Opera Translate popup does not open in split screen tabs * DNA-123038 Crash at -[OperaCrApplication validateMenuItem:] * DNA-123057 USB netinstaller is not starting * DNA-123063 Crash on closing the 1st tab from tooltip of a collapsed island * DNA-123064 Crash at opera::BrowserWindowSkin:: GetColorProviderForWebContents * DNA-123075 Hover effect for address bar icons should match address bar hover style * DNA-123083 Theme Preview UI bug – multiple static wallpapers in a single theme * DNA-123086 Crash at BrowserLiveTabContext:: GetSplitScreenIdForTab * DNA-123088 Crash at chrome::BrowserCommandController:: LoadingStateChanged * DNA-123089 [Opera Translate] 'How does it work?' link leads to incorrect page * DNA-123100 Translate popup is shown each time page is being autotranslated * DNA-123111 Chromium on Windows fails to compile * DNA-123119 Sidebar messanger carousel not working * DNA-123123 Crash when trying to save file using window.showSaveFilePicker * DNA-123124 Not possible to open feedback dialog on sidebar panels * DNA-123150 Crash at media:: MediaFoundationSoftwareVideoEncoder:: CopyInputSampleBufferFromGpu * DNA-123161 [Tab Tooltip] Improve mouse detection over Tab Island Handle * DNA-123175 'Show tab emoji' setting not visible in opera:settings * DNA-123176 Span next to 'Learn more' link not visible * DNA-123178 Transient 'zoom in' effect with software H.264 encoding * DNA-123188 [Tab Tooltip] Hovering over collapsed Tab Island shows Tab Tooltip for a tab instead of Tab Island * DNA-123190 [Tab Island] Clicking on a collapsed Tab Island activates tab from Tab Island * DNA-123208 Crash at PasswordBubbleViewBase::ShowBubble * DNA-123246 DCHECK on start when tutorials sidebar item is enabled * DNA-123266 Password popup not appearing in popup window * DNA-123274 The page at http://console.cloud.google.com/ crashes regardless of whether the user interacts with it or leaves it idle * DNA-123300 Installer fails to install for both current user and all users * DNA-123303 Promote 121 to beta * DNA-123308 Crash at views::DesktopWindowTreeHostWin:: PreHandleMSG * DNA-123316 Failing TestSearchInRecentlyClosed.testRecentlyClosed * DNA-123339 Linux ARM fails to compile * DNA-123418 Investigate GPU process memory usage * DNA-123424 Crash at opera::SidebarItemContentViewDockerView:: GetContentInsets * DNA-123440 RTCVideoEncoder tries to use SharedImage-backed frames with software encoder * DNA-123485 Add missing attribute to translation files for 'ca,ta,te' * DNA-123496 Plural form translation fix * RNA-195 Crash at opera::VideoPopoutDetachController:: OnTabStripModelChanged * RNA-204 Button visibility broken in Lucid Mode * RNA-225 Tabs don't change their positions correctly and the browser window doesn't refresh after minimizing and maximizing it * RNA-226 Player text and pics are dragable and highlightable * RNA-257 Blacklisted extension notification is not fully shown * RNA-332 Split screen group in tab island is destroyed after moving island to new window * RNA-360 Tab tooltip blocks address bar input after opening new tab * RNA-374 Crash at opera::ComponentTabBar:: CreateSplitScreenGroup * RNA-380 Crash at opera::PinboardControllerImpl::ShouldShow * RNA-481 Crash at opera::ComponentTabBar:: ReloadTabViewsForCurrentModel * RNA-503 Failure to close Opera via the 'X' button * DNA-123534 Promote 121 to stable - Complete Opera 121 changelog at: https://blogs.opera.com/desktop/changelog-for-121 - Update to 120.0.5543.201 * RNA-195 Crash at opera::VideoPopoutDetachController:: OnTabStripModelChanged * RNA-226 Player text and pics are dragable and highlightable * RNA-374 Crash at opera::ComponentTabBar:: CreateSplitScreenGroup * RNA-481 Crash at opera::ComponentTabBar:: ReloadTabViewsForCurrentModel - Update to 120.0.5543.161 * DNA-122773 Crash at translate::ContentTranslateDriver:: ~ContentTranslateDriver * DNA-123418 Investigate GPU process memory usage - Update to 120.0.5543.128 * DNA-123083 Theme Preview UI bug – multiple static wallpapers in a single theme * DNA-123208 Crash at PasswordBubbleViewBase::ShowBubble * DNA-123266 Password popup not appearing in popup window * DNA-123274 The page at http://console.cloud.google.com/ crashes regardless of whether the user interacts with it or leaves it idle Important CVE-2025-5419 at SUSE CVE-2025-5419 at NVD Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: - Chromium 140.0.7339.127 (boo#1249388) * CVE-2025-10200: Use after free in Serviceworker * CVE-2025-10201: Inappropriate implementation in Mojo Important SUSE bug 1249388 CVE-2025-10200 at SUSE CVE-2025-10200 at NVD CVE-2025-10201 at SUSE CVE-2025-10201 at NVD cpe:/o:opensuse:leap:15.6 Security update for openQA, openQA-devel-container, os-autoinst, perl-CryptX (Moderate) openSUSE Leap 15.6 This update for openQA, openQA-devel-container, os-autoinst, perl-CryptX fixes the following issues: Changes in openQA: - Update to version 5.1757135418.ec726f9c: * Dependency cron 2025-09-06 - Update to version 5.1757084700.fad3731d: * Ensure no untracked files in unit test run part 2 * Dependency cron 2025-09-05 * Add MCP support as an optional feature * Allow specifying a full domain via `file_security_policy` * Allow using a different subdomain via `file_security_policy` * t: Ensure no leftover files in git directory * ci: Ensure clean git status with Test::CheckGitStatus Changes in os-autoinst: - Update to version 5.1757071172.ffc94dc: * Add ping dependency to allow runtime IPv6 detection on workers * baseclass: Fix missing error details on failed SSH connection attempts * baseclass: Extend error details on failed ssh attempts * consoles: Improve error reporting on unavailable VNC * backend::svirt: Extract methods for serial_console command * backend::svirt: Extract method for serial_grab command * backend::svirt: Combine and simplify save_snapshot commands Changes in perl-CryptX: - adds missing references Changes in openQA-devel-container: - Update to version 5.1757320715.32d687ffe: * Update to latest openQA version Moderate SUSE bug 1244472 CVE-2025-40914 at SUSE CVE-2025-40914 at NVD cpe:/o:opensuse:leap:15.6 Security update for kubo (Moderate) openSUSE Leap 15.6 This update for kubo fixes the following issues: - CVE-2025-22872: Fixed golang.org/x/net/html issue where incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction (boo#1241776). Moderate SUSE bug 1241776 CVE-2025-22872 at SUSE CVE-2025-22872 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-11-openj9 (Important) openSUSE Leap 15.6 This update for java-11-openj9 fixes the following issues: Update to OpenJDK 11.0.28 with OpenJ9 0.53.0 virtual machine Including Oracle July 2025 CPU changes * CVE-2025-30749 (boo#1246595), CVE-2025-30754 (boo#1246598), CVE-2025-30761 (boo#1246580), CVE-2025-50059 (boo#1246575), CVE-2025-50106 (boo#1246584) * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.53/ Update to OpenJDK 11.0.27 with OpenJ9 0.51.0 virtual machine Including Oracle April 2025 CPU changes * CVE-2025-21587 (boo#1241274), CVE-2025-30691 (boo#1241275), CVE-2025-30698 (boo#1241276) * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.51/ Important SUSE bug 1235844 SUSE bug 1241274 SUSE bug 1241275 SUSE bug 1241276 SUSE bug 1246575 SUSE bug 1246580 SUSE bug 1246584 SUSE bug 1246595 SUSE bug 1246598 SUSE bug 1246806 CVE-2025-21587 at SUSE CVE-2025-21587 at NVD CVE-2025-30691 at SUSE CVE-2025-30691 at NVD CVE-2025-30698 at SUSE CVE-2025-30698 at NVD CVE-2025-30749 at SUSE CVE-2025-30749 at NVD CVE-2025-30754 at SUSE CVE-2025-30754 at NVD CVE-2025-30761 at SUSE CVE-2025-30761 at NVD CVE-2025-50059 at SUSE CVE-2025-50059 at NVD CVE-2025-50106 at SUSE CVE-2025-50106 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-17-openj9 (Important) openSUSE Leap 15.6 This update for java-17-openj9 fixes the following issues: Update to OpenJDK 17.0.16 with OpenJ9 0.53.0 virtual machine Including Oracle July 2025 CPU changes * CVE-2025-30749 (boo#1246595), CVE-2025-30754 (boo#1246598), CVE-2025-50059 (boo#1246575), CVE-2025-50106 (boo#1246584) * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.53/ Update to OpenJDK 17.0.15 with OpenJ9 0.51.0 virtual machine Including Oracle April 2025 CPU changes * CVE-2025-21587 (boo#1241274), CVE-2025-30691 (boo#1241275), CVE-2025-30698 (boo#1241276) * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.51/ Important SUSE bug 1235844 SUSE bug 1241274 SUSE bug 1241275 SUSE bug 1241276 SUSE bug 1246575 SUSE bug 1246584 SUSE bug 1246595 SUSE bug 1246598 SUSE bug 1246806 CVE-2025-21587 at SUSE CVE-2025-21587 at NVD CVE-2025-30691 at SUSE CVE-2025-30691 at NVD CVE-2025-30698 at SUSE CVE-2025-30698 at NVD CVE-2025-30749 at SUSE CVE-2025-30749 at NVD CVE-2025-30754 at SUSE CVE-2025-30754 at NVD CVE-2025-50059 at SUSE CVE-2025-50059 at NVD CVE-2025-50106 at SUSE CVE-2025-50106 at NVD cpe:/o:opensuse:leap:15.6 Security update for onefetch (Moderate) openSUSE Leap 15.6 This update for onefetch fixes the following issues: Update to 0.25.0: New Features: * add language support for Text #1579 * support repos 'without source code' #1580 Chores: * improve error handling #1560 Bug Fixes: * remove extra line break in 886d942 - This updates gix-path to 0.10.11 (boo#1230085) Update to 0.24.0: * add language support for Lean #1509 * add language support for Typst #1508 * add language support for Razor #1521 * more idiomatic way to fetch HEAD refs #1515 * more idiomatic way to fetch repository remote URL #1516 * update holyc language logo #1543 * update wiki powershell-snippet #1542 Update to 0.23.1: * Fix version in man page Update to 0.23.0: New Features: * add language support for OpenSCAD #1502 * add language support for Modelica #1262 * add language support for ATS #523 * add language support for CUDA #940 * add missing nerd fonts icons for some languages #1491 Chores: * add Italian translation of README #1435 * add Polish translation of README #1444 * add Czech translation of READEME #1439 * update russian README #1478 * add script to preview/validate Nerd Fonts #1492 * add Powershell snippet to run onefetch automatically #1453 Update to 2.22.0: New Features: * Add support for nerd font glyphs in languages info #1395 * [onefetch.dev] Add nerdfont iconts to the preview #1411 * Automate publishing crates to crates.io #1364 Bug Fixes: * Show future commit dates without panicking #1389 Chores: * Re-generate the man page with --no-info #1376 * Drop unused shebangs from repo test fixture scripts #1375 - boo#1230686 (CVE-2024-45405): Bump git-path to 0.10.11 Update to 2.21.0: * Add CLI option to force URL format to HTTP instead of SSH #1314 * Add CLI flag to hide token from repository URL #1319 * Make Lua logo more readable on dark terminal #1337 * Fix deadlock in Churn computation #1316 * Exclude bot commits from churn when --no-bots option is used #1335 * [onefetch.dev] switch to dark theme #1297 * RUSTSEC-2024-0320: remove yaml-rust dependency #1309 * Refactor --no-bots CLI option #1340 Update to 2.20.0: * This version marks the completion of the transition from git2 to gitoxide * Add svg language support #1266 * lang: Adding Oz programming language #1280 Update to 2.19.0: New Features: * exclude files from churn #1120 * add odin support #1064 * New language: Arduino #1176 * Right align authorship percentages #1207 * Add Agda to languages.yaml #1216 Bug Fixes: * add a test for negative dates and see how onefetch handles it #1100 Moderate SUSE bug 1230085 SUSE bug 1230686 CVE-2024-45405 at SUSE CVE-2024-45405 at NVD cpe:/o:opensuse:leap:15.6 Security update for perl-Cpanel-JSON-XS, perl-JSON-XS (Important) openSUSE Leap 15.6 This update for perl-Cpanel-JSON-XS, perl-JSON-XS fixes the following issues: Changes in perl-JSON-XS: - updated to 4.40.0 (4.04) * CVE-2025-40928: Fixed integer overflow in parsing (boo#1249330). Changes in perl-Cpanel-JSON-XS: - CVE-2025-40929: Fixed a integer overflow (boo#1249331). Important SUSE bug 1249330 SUSE bug 1249331 CVE-2025-40928 at SUSE CVE-2025-40928 at NVD CVE-2025-40929 at SUSE CVE-2025-40929 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 Chromium was update to version 132.0.6834.159 (boo#1236586): * CVE-2025-0762: Use after free in DevTools Important SUSE bug 1236586 CVE-2025-0762 at SUSE CVE-2025-0762 at NVD cpe:/o:opensuse:leap:15.6 Security update for yt-dlp (Moderate) openSUSE Leap 15.6 This update for yt-dlp fixes the following issues: - Update to release 2025.08.22 * cookies: Fix --cookies-from-browser with Firefox 142+ - Update to release 2025.08.20 * Warn against use of `-f mp4` * yt: Add es5 and es6 player JS variants * yt: Default to main player JS variant * yt: Extract title and description from initial data * yt: Handle required preroll waiting period - Update to release 2025.08.11 * yt: Add player params to mweb client * dash: Re-extract if using --load-info-json with --live-from-start - Update to release 2025.07.21 * Default behaviour changed from --mtime to --no-mtime * yt: Do not require PO Token for premium accounts * yt: Extract global nsig helper functions * yt: tab: Fix subscriptions feed extraction - Update to release 2025.06.30 * youtube: Fix premium formats extraction - Update to release 2025.06.25 * yt: Check any ios m3u8 formats prior to download * yt: Improve player context payloads - Update to release 2025.06.09 * adobepass: add Fubo MSO, fix Philo MSO authentication * yt: Add tv_simply player client * yt: Extract srt subtitles * yt: Rework nsig function name extraction - Update to release 2025.05.22 * yt: Add PO token support for subtitles * yt: Add web_embedded client for age-restricted videos * yt: Add a PO Token Provider Framework * yt: Extract media_type for all videos * yt: Fix --live-from-start support for premieres * yt: Fix geo-restriction error handling - Update to release 2025.04.30 [boo#1242186] * New option --preset-alias/-t has been added - Update to release 2025.03.31 * yt: add player_js_variant extractor-arg * yt/tab: Fix playlist continuation extraction - Update to release 2025.03.27 * youtube: Make signature and nsig extraction more robust - Update to release 2025.03.26 * youtube: fix signature and nsig extraction for player 4fcd6e4a - Update to release 2025.03.21 * Fix external downloader availability when using ``--ffmpeg-location`` * youtube: fix nsig and signature extraction for player 643afba4. - Update to release 2025.02.19 * NSIG workaround for tce player JS - Update to release 2025.01.26 * bilibili: Support space video list extraction without login * crunchyroll: Remove extractors * youtube: Download tv client Innertube config * youtube: Use different PO token for GVS and Player - Update to release 2025.01.15 * youtube: Do not use web_creator as a default client - Update to release 2025.01.12 * yt: fix DASH formats incorrectly skipped in some situations * yt: refactor cookie auth - Update to release 2024.12.23 * yt: add age-gate workaround for some embeddable videos - Update to release 2024.12.13 * yt: fix signature function extraction for 2f1832d2 * yt: prioritize original language over auto-dubbed audio - Update to release 2024.12.06 * yt: fix ``n`` sig extraction for player 3bb1f723 * yt: fix signature function extraction * yt: player client maintenance - Update to release 2024.12.03 * bilibili: Always try to extract HD formats * youtube: Adjust player clients for site changes - Update to release 2024.11.18 * cloudflarestream: Avoid extraction via videodelivery.net * youtube: remove broken OAuth support - Update to release 2024.11.04 * Prioritize AV1 * Remove Python <= 3.8 support * youtube: Adjust OAuth refresh token handling - Update to release 2024.10.22 * yt: Remove broken android_producer client * yt: Remove broken age-restriction workaround * yt: Support logging in with OAuth - Update to release 2024.10.07 * Fix cookie load error handling * youtube: Change default player clients to ios,mweb * patreon: Extract all m3u8 formats for locked posts - Update to release 2024.09.27 * Support excluding player_clients in extractor-arg * clip: Prioritize https formats - Update to release 2024.08.06 * youtube: Fix `n` function name extraction for player `b12cc44b` - Merge sh completion packages into main package - Add yt-dlp-youtube-dl subpackage - Update to release 2024.08.01 * youtube: * Change default player clients to ios,tv * Fix n function name extraction for player 20dfca59 * Fix age-verification workaround - Update to release 2024.07.25 * youtube: Fix n function name extraction for player 3400486c - Update to release 2024.07.16 * Support auto-tty and no_color-tty for --color * youtube: Avoid poToken experiment player responses - Update to release 2024.07.09 * youtube: Remove broken n function extraction fallback - Update to release 2024.07.01: * Properly sanitize file-extension to prevent file system modification and RCE. Unsafe extensions are now blocked from being downloaded. [CVE-2024-38519 boo#1227305] Moderate SUSE bug 1227305 SUSE bug 1242186 CVE-2024-38519 at SUSE CVE-2024-38519 at NVD cpe:/o:opensuse:leap:15.6 Security update for shadowsocks-v2ray-plugin (Moderate) openSUSE Leap 15.6 This update for shadowsocks-v2ray-plugin fixes the following issues: Update version to 5.37.0 * Update v2ray-core to 5.37.0 * Fixed CVE-2025-29785 in dependency ackhandler (bsc#1243954) Moderate SUSE bug 1243954 CVE-2025-297850 at SUSE CVE-2025-297850 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 Chromium was updated to 140.0.7339.185 (stable released 2025-09-17) boo#1249999 Security issues fixed: * CVE-2025-10585: Type Confusion in V8 * CVE-2025-10500: Use after free in Dawn * CVE-2025-10501: Use after free in WebRTC * CVE-2025-10502: Heap buffer overflow in ANGLE Important SUSE bug 1249999 CVE-2025-10500 at SUSE CVE-2025-10500 at NVD CVE-2025-10501 at SUSE CVE-2025-10501 at NVD CVE-2025-10502 at SUSE CVE-2025-10502 at NVD CVE-2025-10585 at SUSE CVE-2025-10585 at NVD cpe:/o:opensuse:leap:15.6 Security update for SDL2_sound (Important) openSUSE Leap 15.6 This update for SDL2_sound fixes the following issues: - Update to release 2.0.4: * Update bundled stb_vorbis to address CVE-2023-45676, CVE-2023-45677, CVE-2023-45679, CVE-2023-45680, CVE-2023-45681, CVE-2023-45682. - Update to release 2.0.2 * No further changes from the last snapshot 2.0.1+g60 Important SUSE bug 1216478 CVE-2023-45676 at SUSE CVE-2023-45676 at NVD CVE-2023-45677 at SUSE CVE-2023-45677 at NVD CVE-2023-45679 at SUSE CVE-2023-45679 at NVD CVE-2023-45680 at SUSE CVE-2023-45680 at NVD CVE-2023-45681 at SUSE CVE-2023-45681 at NVD CVE-2023-45682 at SUSE CVE-2023-45682 at NVD cpe:/o:opensuse:leap:15.6 Security update for tor (Moderate) openSUSE Leap 15.6 This update for tor fixes the following issues: - 0.4.8.18 * CVE-2025-4444: onion service descriptor resource consumption issue (boo#1250101) - 0.4.8.17 * Minor features and bugfixes * use quantum-resistant MLKEM-768 cipher - tor 0.4.8.16 * fix typo in a directory authority rule file * fix a sandbox issue for bandwidth authority and a conflux issue on the control port * client fix about relay flag usage - tor 0.4.8.14 * bugfix for onion service directory cache * test-network now unconditionally includes IPv6 * Regenerate fallback directories 2025-02-05 * Update the geoip files to 2025-02-05 * Fix a pointer free - tor 0.4.8.13 * Conflux related client circuit building performance bugfix * Fix minor memory leaks * Add STATUS TYPE=version handler for Pluggable Transport - tor 0.4.8.12 * Minor features and bugfixes * See https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.8/ReleaseNotes Moderate SUSE bug 1250101 CVE-2025-4444 at SUSE CVE-2025-4444 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: Chromium 140.0.7339.207 (boo#1250472) * CVE-2025-10890: Side-channel information leakage in V8 * CVE-2025-10891: Integer overflow in V8 * CVE-2025-10892: Integer overflow in V8 Important SUSE bug 1250472 CVE-2025-10890 at SUSE CVE-2025-10890 at NVD CVE-2025-10891 at SUSE CVE-2025-10891 at NVD CVE-2025-10892 at SUSE CVE-2025-10892 at NVD cpe:/o:opensuse:leap:15.6 Security update for assimp (Important) openSUSE Leap 15.6 This update for assimp fixes the following issues: - CVE-2024-45679: Fixed a heap-based buffer overflow (boo#1230679) Important SUSE bug 1230679 CVE-2024-45679 at SUSE CVE-2024-45679 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Django (Important) openSUSE Leap 15.6 This update for python-Django fixes the following issues: - CVE-2025-59681: Fixed a potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB (boo#1250485) - CVE-2025-59682: Fixed a potential partial directory-traversal via archive.extract() (boo#1250487) Important SUSE bug 1250485 SUSE bug 1250487 CVE-2025-59681 at SUSE CVE-2025-59681 at NVD CVE-2025-59682 at SUSE CVE-2025-59682 at NVD cpe:/o:opensuse:leap:15.6 Security update for afterburn (Important) openSUSE Leap 15.6 This update for afterburn fixes the following issues: - Update to version 5.9.0.git21.a73f509: * docs/release-notes: update for release 5.10.0 * cargo: update dependencies * microsoft/azure: Add XML attribute alias for serde-xml-rs Fedora compat * docs/release-notes: Add entry for Azure SharedConfig XML parsing fix * microsoft/azure: Fix SharedConfig parsing of XML attributes * microsoft/azure: Mock goalstate.SharedConfig output in tests * providers/azure: switch SSH key retrieval from certs endpoint to IMDS as azure stopped providing keys in the old one, fixes boo#1250471 * build(deps): bump the build group with 8 updates * build(deps): bump slab from 0.4.10 to 0.4.11 * build(deps): bump actions/checkout from 4 to 5 * upcloud: implement UpCloud provider * build(deps): bump the build group with 4 updates * Sync repo templates ⚙ - Update to version 5.9.0: * cargo: Afterburn release 5.9.0 * docs/release-notes: update for release 5.9.0 * cargo: update dependencies * Add TMT test structure and basic smoke test * build(deps): bump openssl from 0.10.72 to 0.10.73 * build(deps): bump reqwest from 0.12.15 to 0.12.18 * docs/release-notes: Update changelog entry * dracut: Return 255 in module-setup * oraclecloud: add release note and move base URL to constant * oraclecloud: implement oraclecloud provider * build(deps): bump nix from 0.29.0 to 0.30.1 * build(deps): bump zbus from 5.7.0 to 5.7.1 * build(deps): bump serde-xml-rs from 0.6.0 to 0.8.1 * build(deps): bump ipnetwork from 0.20.0 to 0.21.1 * build(deps): bump clap from 4.5.38 to 4.5.39 - Fix Requires in noarch package (boo#1244675) Important SUSE bug 1244675 SUSE bug 1250471 CVE-2025-5791 at SUSE CVE-2025-5791 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: - Chromium 141.0.7390.54 (stable released 2025-09-30) (boo#1250780) * CVE-2025-11205: Heap buffer overflow in WebGPU * CVE-2025-11206: Heap buffer overflow in Video * CVE-2025-11207: Side-channel information leakage in Storage * CVE-2025-11208: Inappropriate implementation in Media * CVE-2025-11209: Inappropriate implementation in Omnibox * CVE-2025-11210: Side-channel information leakage in Tab * CVE-2025-11211: Out of bounds read in Media * CVE-2025-11212: Inappropriate implementation in Media * CVE-2025-11213: Inappropriate implementation in Omnibox * CVE-2025-11215: Off by one error in V8 * CVE-2025-11216: Inappropriate implementation in Storage * CVE-2025-11219: Use after free in V8 * Various fixes from internal audits, fuzzing and other initiatives Important SUSE bug 1250780 CVE-2025-11205 at SUSE CVE-2025-11205 at NVD CVE-2025-11206 at SUSE CVE-2025-11206 at NVD CVE-2025-11207 at SUSE CVE-2025-11207 at NVD CVE-2025-11208 at SUSE CVE-2025-11208 at NVD CVE-2025-11209 at SUSE CVE-2025-11209 at NVD CVE-2025-11210 at SUSE CVE-2025-11210 at NVD CVE-2025-11211 at SUSE CVE-2025-11211 at NVD CVE-2025-11212 at SUSE CVE-2025-11212 at NVD CVE-2025-11213 at SUSE CVE-2025-11213 at NVD CVE-2025-11215 at SUSE CVE-2025-11215 at NVD CVE-2025-11216 at SUSE CVE-2025-11216 at NVD CVE-2025-11219 at SUSE CVE-2025-11219 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: Chromium 141.0.7390.65 (boo#1251334): * CVE-2025-11458: Heap buffer overflow in Sync * CVE-2025-11460: Use after free in Storage * CVE-2025-11211: Out of bounds read in WebCodecs Important SUSE bug 1251334 CVE-2025-11211 at SUSE CVE-2025-11211 at NVD CVE-2025-11458 at SUSE CVE-2025-11458 at NVD CVE-2025-11460 at SUSE CVE-2025-11460 at NVD cpe:/o:opensuse:leap:15.6 Security update for stb (Important) openSUSE Leap 15.6 This update for stb fixes the following issues: Addressing the follow security issues (boo#1216478): * CVE-2019-13217: heap buffer overflow in start_decoder() * CVE-2019-13218: stack buffer overflow in compute_codewords() * CVE-2019-13219: uninitialized memory in vorbis_decode_packet_rest() * CVE-2019-13220: out-of-range read in draw_line() * CVE-2019-13221: issue with large 1D codebooks in lookup1_values() * CVE-2019-13222: unchecked NULL returned by get_window() * CVE-2019-13223: division by zero in predict_point() Important SUSE bug 1216478 CVE-2019-13217 at SUSE CVE-2019-13217 at NVD CVE-2019-13218 at SUSE CVE-2019-13218 at NVD CVE-2019-13219 at SUSE CVE-2019-13219 at NVD CVE-2019-13220 at SUSE CVE-2019-13220 at NVD CVE-2019-13221 at SUSE CVE-2019-13221 at NVD CVE-2019-13222 at SUSE CVE-2019-13222 at NVD CVE-2019-13223 at SUSE CVE-2019-13223 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: - Chromium 141.0.7390.107: * CVE-2025-11756: Use after free in Safe Browsing (boo#1252013) Important SUSE bug 1252013 CVE-2025-11756 at SUSE CVE-2025-11756 at NVD cpe:/o:opensuse:leap:15.6 Security update for coredns (Moderate) openSUSE Leap 15.6 This update for coredns fixes the following issues: - CVE-2025-58063: Fixed Lease ID Confusion (bsc#1249389) - Update to version 1.12.4: * bump deps * fix(transfer): goroutine leak on axfr err (#7516) * plugin/etcd: fix import order for ttl test (#7515) * fix(grpc): check proxy list length in policies (#7512) * fix(https): propagate HTTP request context (#7491) * fix(plugin): guard nil lookups across plugins (#7494) * lint: add missing prealloc to backend lookup test (#7510) * fix(grpc): span leak on error attempt (#7487) * test(plugin): improve backend lookup coverage (#7496) * lint: enable prealloc (#7493) * lint: enable durationcheck (#7492) * Add Sophotech to adopters list (#7495) * plugin: Use %w to wrap user error (#7489) * fix(metrics): add timeouts to metrics HTTP server (#7469) * chore(ci): restrict token permissions (#7470) * chore(ci): pin workflow dependencies (#7471) * fix(forward): use netip package for parsing (#7472) * test(plugin): improve test coverage for pprof (#7473) * build(deps): bump github.com/go-viper/mapstructure/v2 (#7468) * plugin/file: fix label offset problem in ClosestEncloser (#7465) * feat(trace): migrate dd-trace-go v1 to v2 (#7466) * test(multisocket): deflake restart by using a fresh port and coordinated cleanup (#7438) * chore: update Go version to 1.24.6 (#7437) * plugin/header: Remove deprecated syntax (#7436) * plugin/loadbalance: support prefer option (#7433) * Improve caddy.GracefulServer conformance checks (#7416) - Update to version 1.12.3: * chore: Minor changes to `Dockerfile` (#7428) * Properly create hostname from IPv6 (#7431) * Bump deps * fix: handle cached connection closure in forward plugin (#7427) * plugin/test: fix TXT record comparison for multi-chunk vs multiple records * plugin/file: preserve case in SRV record names and targets per RFC 6763 * fix(auto/file): return REFUSED when no next plugin is available (#7381) * Port to AWS Go SDK v2 (#6588) * fix(cache): data race when refreshing cached messages (#7398) * fix(cache): data race when updating the TTL of cached messages (#7397) * chore: fix docs incompatibility (#7390) * plugin/rewrite: Add EDNS0 Unset Action (#7380) * add args: startup_timeout for kubernetes plugin (#7068) * [plugin/cache] create a copy of a response to ensure original data is never modified * Add support for fallthrough to the grpc plugin (#7359) * view: Add IPv6 example match (#7355) * chore: enable more rules from revive (#7352) * chore: enable early-return and superfluous-else from revive (#7129) * test(plugin): improve tests for auto (#7348) * fix(proxy): flaky dial tests (#7349) * test: add t.Helper() calls to test helper functions (#7351) * fix(kubernetes): multicluster DNS race condition (#7350) * lint: enable wastedassign linter (#7340) * test(plugin): add tests for any (#7341) * Actually invoke make release -f Makefile.release during test (#7338) * Keep golang to 1.24.2 due to build issues in 1.24.3 (#7337) * lint: enable protogetter linter (#7336) * lint: enable nolintlint linter (#7332) * fix: missing intrange lint fix (#7333) * perf(kubernetes): optimize AutoPath slice allocation (#7323) * lint: enable intrange linter (#7331) * feat(plugin/file): fallthrough (#7327) * lint: enable canonicalheader linter (#7330) * fix(proxy): avoid Dial hang after Transport stopped (#7321) * test(plugin): add tests for pkg/rand (#7320) * test(dnsserver): add unit tests for gRPC and QUIC servers (#7319) * fix: loop variable capture and linter (#7328) * lint: enable usetesting linter (#7322) * test: skip certain network-specific tests on non-Linux (#7318) * test(dnsserver): improve core/dnsserver test coverage (#7317) * fix(metrics): preserve request size from plugins (#7313) * fix: ensure DNS query name reset in plugin.NS error path (#7142) * feat: enable plugins via environment during build (#7310) * fix(plugin/bind): remove zone for link-local IPv4 (#7295) * test(request): improve coverage across package (#7307) * test(coremain): Add unit tests (#7308) * ci(test-e2e): add Go version setup to workflow (#7309) * kubernetes: add multicluster support (#7266) * chore: Add new maintainer thevilledev (#7298) * Update golangci-lint (#7294) * feat: limit concurrent DoQ streams and goroutines (#7296) * docs: add man page for multisocket plugin (#7297) * Prepare for the k8s api upgrade (#7293) * fix(rewrite): truncated upstream response (#7277) * fix(plugin/secondary): make transfer property mandatory (#7249) * plugin/bind: remove macOS bug mention in docs (#7250) * Remove `?bla=foo:443` for `POST` DoH (#7257) * Do not interrupt querying readiness probes for plugins (#6975) * Added `SetProxyOptions` function for `forward` plugin (#7229) Moderate SUSE bug 1249389 CVE-2025-58063 at SUSE CVE-2025-58063 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: - Chromium 141.0.7390.122: * CVE-2025-12036: Inappropriate implementation in V8 (boo#1252402) Important SUSE bug 1252402 CVE-2025-12036 at SUSE CVE-2025-12036 at NVD cpe:/o:opensuse:leap:15.6 Security update for exim (Moderate) openSUSE Leap 15.6 This update for exim fixes the following issues: - CVE-2025-53881: Fixed potential security issue with logfile rotation (boo#1246457). Moderate SUSE bug 1246457 CVE-2025-53881 at SUSE CVE-2025-53881 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Moderate) openSUSE Leap 15.6 This update for chromium fixes the following issues: - Chromium 142.0.7444.59 - Chromium 142.0.7444.52 Moderate cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: Security fixes (boo#1252881): * CVE-2025-12428: Type Confusion in V8 * CVE-2025-12429: Inappropriate implementation in V8 * CVE-2025-12430: Object lifecycle issue in Media * CVE-2025-12431: Inappropriate implementation in Extensions * CVE-2025-12432: Race in V8 * CVE-2025-12433: Inappropriate implementation in V8 * CVE-2025-12434: Race in Storage * CVE-2025-12435: Incorrect security UI in Omnibox * CVE-2025-12436: Policy bypass in Extensions * CVE-2025-12437: Use after free in PageInfo * CVE-2025-12438: Use after free in Ozone * CVE-2025-12439: Inappropriate implementation in App-Bound Encryption * CVE-2025-12440: Inappropriate implementation in Autofill * CVE-2025-12441: Out of bounds read in V8 * CVE-2025-12443: Out of bounds read in WebXR * CVE-2025-12444: Incorrect security UI in Fullscreen UI * CVE-2025-12445: Policy bypass in Extensions * CVE-2025-12446: Incorrect security UI in SplitView * CVE-2025-12447: Incorrect security UI in Omnibox Important SUSE bug 1252881 CVE-2025-12428 at SUSE CVE-2025-12428 at NVD CVE-2025-12429 at SUSE CVE-2025-12429 at NVD CVE-2025-12430 at SUSE CVE-2025-12430 at NVD CVE-2025-12431 at SUSE CVE-2025-12431 at NVD CVE-2025-12432 at SUSE CVE-2025-12432 at NVD CVE-2025-12433 at SUSE CVE-2025-12433 at NVD CVE-2025-12434 at SUSE CVE-2025-12434 at NVD CVE-2025-12435 at SUSE CVE-2025-12435 at NVD CVE-2025-12436 at SUSE CVE-2025-12436 at NVD CVE-2025-12437 at SUSE CVE-2025-12437 at NVD CVE-2025-12438 at SUSE CVE-2025-12438 at NVD CVE-2025-12439 at SUSE CVE-2025-12439 at NVD CVE-2025-12440 at SUSE CVE-2025-12440 at NVD CVE-2025-12441 at SUSE CVE-2025-12441 at NVD CVE-2025-12443 at SUSE CVE-2025-12443 at NVD CVE-2025-12444 at SUSE CVE-2025-12444 at NVD CVE-2025-12445 at SUSE CVE-2025-12445 at NVD CVE-2025-12446 at SUSE CVE-2025-12446 at NVD CVE-2025-12447 at SUSE CVE-2025-12447 at NVD cpe:/o:opensuse:leap:15.6 Security update for git-bug (Moderate) openSUSE Leap 15.6 This update for git-bug fixes the following issues: - Revendor to include golang.org/x/net/html v 0.45.0 to prevent possible DoS by various algorithms with quadratic complexity when parsing HTML documents (boo#1251463, CVE-2025-47911 and boo#1251664, CVE-2025-58190). - Update to version 0.10.1: - cli: ignore missing sections when removing configuration (ddb22a2f) - Update to version 0.10.0: - bridge: correct command used to create a new bridge (9942337b) - web: simplify header navigation (7e95b169) - webui: remark upgrade + gfm + syntax highlighting (6ee47b96) - BREAKING CHANGE: dev-infra: remove gokart (89b880bd) - Update to version 0.10.0 - bridge: correct command used to create a new bridge (9942337b) - web: simplify header navigation (7e95b169) - web: remark upgrade + gfm + syntax highlighting (6ee47b96) - Update to version 0.9.0: - completion: remove errata from string literal (aa102c91) - tui: improve readability of the help bar (23be684a) - Update to version 0.8.1+git.1746484874.96c7a111: * docs: update install, contrib, and usage documentation (#1222) * fix: resolve the remote URI using url.*.insteadOf (#1394) * build(deps): bump the go_modules group across 1 directory with 3 updates (#1376) * chore: gofmt simplify gitlab/export_test.go (#1392) * fix: checkout repo before setting up go environment (#1390) * feat: bump to go v1.24.2 (#1389) * chore: update golang.org/x/net (#1379) * fix: use -0700 when formatting time (#1388) * fix: use correct url for gitlab PATs (#1384) * refactor: remove depdendency on pnpm for auto-label action (#1383) * feat: add action: auto-label (#1380) * feat: remove lifecycle/frozen (#1377) * build(deps): bump the npm_and_yarn group across 1 directory with 12 updates (#1378) * feat: support new exclusion label: lifecycle/pinned (#1375) * fix: refactor how gitlab title changes are detected (#1370) * revert: 'Create Dependabot config file' (#1374) * refactor: rename //:git-bug.go to //:main.go (#1373) * build(deps): bump github.com/vektah/gqlparser/v2 from 2.5.16 to 2.5.25 (#1361) * fix: set GitLastTag to an empty string when git-describe errors (#1355) * chore: update go-git to v5@masterupdate_mods (#1284) * refactor: Directly swap two variables to optimize code (#1272) * Update README.md Matrix link to new room (#1275) - Update to version 0.8.0+git.1742269202.0ab94c9: * deps(crypto): bump golang.org/x/crypto from v0.26.0 to v0.31.0 (fix for CVE-2024-45337) (#1312) Moderate SUSE bug 1251463 SUSE bug 1251664 CVE-2025-47911 at SUSE CVE-2025-47911 at NVD CVE-2025-58190 at SUSE CVE-2025-58190 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Django (Important) openSUSE Leap 15.6 This update for python-Django fixes the following issues: - CVE-2025-64459: Fixed a potential SQL injection via `_connector` keyword argument in `QuerySet` and `Q` objects (boo#1252926). Important SUSE bug 1252926 CVE-2025-64459 at SUSE CVE-2025-64459 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: - Chromium 142.0.7444.134 (boo#1253089): * CVE-2025-12725: Out of bounds write in WebGPU * CVE-2025-12726: Inappropriate implementation in Views * CVE-2025-12727: Inappropriate implementation in V8 * CVE-2025-12728: Inappropriate implementation in Omnibox * CVE-2025-12729: Inappropriate implementation in Omnibox Important SUSE bug 1253089 CVE-2025-12725 at SUSE CVE-2025-12725 at NVD CVE-2025-12726 at SUSE CVE-2025-12726 at NVD CVE-2025-12727 at SUSE CVE-2025-12727 at NVD CVE-2025-12728 at SUSE CVE-2025-12728 at NVD CVE-2025-12729 at SUSE CVE-2025-12729 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-djangorestframework-simplejwt (Moderate) openSUSE Leap 15.6 This update for python-djangorestframework-simplejwt fixes the following issues: - CVE-2024-22513: Fixed information disclosure via inactive user (boo#1221568): Moderate SUSE bug 1221568 CVE-2024-22513 at SUSE CVE-2024-22513 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-pdfminer.six (Important) openSUSE Leap 15.6 This update for python-pdfminer.six fixes the following issues: - CVE-2025-64512: Fixed executing of arbitrary code from a malicious pickle file (bsc#1253228). Important SUSE bug 1253228 CVE-2025-64512 at SUSE CVE-2025-64512 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 Chromium was updated to 142.0.7444.162 (boo#1253267) to fix: * CVE-2025-13042: Inappropriate implementation in V8 Important SUSE bug 1253267 CVE-2025-13042 at SUSE CVE-2025-13042 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium 142.0.7444.175 (boo#1253698) fixes the following issues: * CVE-2025-13223: Type Confusion in V8 * CVE-2025-13224: Type Confusion in V8 Important SUSE bug 1253698 CVE-2025-13223 at SUSE CVE-2025-13223 at NVD CVE-2025-13224 at SUSE CVE-2025-13224 at NVD cpe:/o:opensuse:leap:15.6 Security update for libebml (Important) openSUSE Leap 15.6 This update for libebml fixes the following issues: - update to 1.4.5 (boo#1218432, CVE-2023-52339): * Fix invalid memory access (reading beyond allocated memory) due to missing integer overflow check. Important SUSE bug 1218432 CVE-2023-52339 at SUSE CVE-2023-52339 at NVD cpe:/o:opensuse:leap:15.6 Security update for tcpreplay (Important) openSUSE Leap 15.6 This update for tcpreplay fixes the following issues: - update to 4.5.2: * features added since 4.4.4 - fix/recalculate header checksum for ipv6-frag - IPv6 frag checksum support - AF_XDP socket support - tcpreplay -w (write into a pcap file) - tcpreaplay --fixhdrlen - --include and --exclude options - SLL2 support - Haiku support * security fixes reported for 4.4.4 fixed in 4.5.2 - CVE-2023-4256 / boo#1218249 - CVE-2023-43279 / boo#1221324 - CVE-2024-3024 / boo#1222131 (likely) - CVE-2024-22654 / boo#1243845 - CVE-2025-9157 / boo#1248322 - CVE-2025-9384 / boo#1248595 - CVE-2025-9385 / boo#1248596 - CVE-2025-9386 / boo#1248597 - CVE-2025-9649 / boo#1248964 - CVE-2025-51006 / boo#1250356 - security fix for CVE-2025-8746 / boo#1247919 Important SUSE bug 1218249 SUSE bug 1221324 SUSE bug 1222131 SUSE bug 1243845 SUSE bug 1247919 SUSE bug 1248322 SUSE bug 1248595 SUSE bug 1248596 SUSE bug 1248597 SUSE bug 1248964 SUSE bug 1250356 CVE-2023-4256 at SUSE CVE-2023-4256 at NVD CVE-2023-43279 at SUSE CVE-2023-43279 at NVD CVE-2024-22654 at SUSE CVE-2024-22654 at NVD CVE-2024-3024 at SUSE CVE-2024-3024 at NVD CVE-2025-51006 at SUSE CVE-2025-51006 at NVD CVE-2025-8746 at SUSE CVE-2025-8746 at NVD CVE-2025-9157 at SUSE CVE-2025-9157 at NVD CVE-2025-9384 at SUSE CVE-2025-9384 at NVD CVE-2025-9385 at SUSE CVE-2025-9385 at NVD CVE-2025-9386 at SUSE CVE-2025-9386 at NVD CVE-2025-9649 at SUSE CVE-2025-9649 at NVD cpe:/o:opensuse:leap:15.6 Security update for gitea-tea (Moderate) openSUSE Leap 15.6 This update for gitea-tea fixes the following issues: - update to 0.11.1: * 61d4e57 Fix Pr Create crash (#823) * 4f33146 add test for matching logins (#820) * 08b8398 Update README.md (#819) - CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially crafted input (boo#1251663) - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents (boo#1251471) - update to 0.11.0: * Fix yaml output single quote (#814) * generate man page (#811) * feat: add validation for object-format flag in repo create command (#741) * Fix release version (#815) * update gitea sdk to v0.22 (#813) * don't fallback login directly (#806) * Check duplicated login name in interact mode when creating new login (#803) * Fix bug when output json with special chars (#801) * add debug mode and update readme (#805) * update go.mod to retract the wrong tag v1.3.3 (#802) * revert completion scripts removal (#808) * Remove pagination from context (#807) * Continue auth when failed to open browser (#794) * Fix bug (#793) * Fix tea login add with ssh public key bug (#789) * Add temporary authentication via environment variables (#639) * Fix attachment size (#787) * deploy image when tagging (#792) * Add Zip URL for release list (#788) * Use bubbletea instead of survey for interacting with TUI (#786) * capitalize a few items * rm out of date comparison file * README: Document logging in to gitea (#790) * remove autocomplete command (#782) * chore(deps): update ghcr.io/devcontainers/features/git-lfs docker tag to v1.2.5 (#773) * replace arch package url (#783) * fix: Reenable -p and --limit switches (#778) - Update to 0.10.1+git.1757695903.cc20b52: - feat: add validation for object-format flag in repo create command (see gh#openSUSE/openSUSE-git#60) - Fix release version - update gitea sdk to v0.22 - don't fallback login directly - Check duplicated login name in interact mode when creating new login - Fix bug when output json with special chars - add debug mode and update readme - update go.mod to retract the wrong tag v1.3.3 - revert completion scripts removal - Remove pagination from context - Continue auth when failed to open browser - Fix bug - Fix tea login add with ssh public key bug - Add temporary authentication via environment variables - Fix attachment size - deploy image when tagging - Add Zip URL for release list - Use bubbletea instead of survey for interacting with TUI - capitalize a few items - rm out of date comparison file - README: Document logging in to gitea - remove autocomplete command - chore(deps): update ghcr.io/devcontainers/features/git-lfs docker tag to v1.2.5 - replace arch package url - fix: Reenable `-p` and `--limit` switches Moderate SUSE bug 1251471 SUSE bug 1251663 CVE-2025-47911 at SUSE CVE-2025-47911 at NVD CVE-2025-58190 at SUSE CVE-2025-58190 at NVD cpe:/o:opensuse:leap:15.6 Security update for cpp-httplib (Important) openSUSE Leap 15.6 This update for cpp-httplib fixes the following issues: - CVE-2025-53629: header can allocate memory arbitrarily in the server, potentially leading to its exhaustion (CVE-2025-53628, boo#1246471) - CVE-2025-53628: HTTP header smuggling due to insecure trailers merge (CVE-2025-53628, boo#1246468) - CVE-2025-52887: number of HTTP header fields not limited, which can lead to potential exhaustion of system memory (CVE-2025-52887, boo#1245414) - version update to 0.20.1 0.20.1 (CVE-2025-46728 [boo#1242777]) * Add AF_UNIX support on windows #2115 * Support zstd also via pkg-config #2121 * Fix #2113 * Fix 'Unbounded Memory Allocation in Chunked/No-Length Requests' 0.20.0 * server_certificate_verifier extended to reuse built-in verifier #2064 * Assertion failed when destroying httplib::Client * #2068 * Spaces incorrectly allowed in header field names #2096 * build(meson): copy MountTest.MultibytesPathName files #2098 * Remove SSLInit #2102 * Add zstd support #2088 * Question the behavior of method read_content_without_length #2109 * Crash when calling std::exit while server running or client requests in flight #2097 0.19.0 * Global timeout feature (same as '--max-time' curl option) #2034 * Fix check for URI length to prevent incorrect HTTP 414 errors 0.18.7 * Potential memory corruption in stream_line_reader #2028 - version update to 0.18.6 * Resolve #2033 * Port/Address re-use #2011 * Invalid Content-Length values should be rejected #2014 * Feature request: ability to check if the connection is still alive #2017 * Changed to use non-blocking socket in is_ssl_peer_could_be_closed (258992a) * Treat out-of-range last_pos as the end of the content #2009 * fix:set_file_content with range request return 416. #2010 * Fix HTTP Response Splitting Vulnerability (9c36aae) - Update to 0.18.3: * Bug fixes: - Regression: Client keep-alive subsequent requests very slow #1997 - 304 Not Modified response stalls until timeout #1998 - Update to 0.18.2: * Bug fixes: - Fix the problem that CreateFile2 in mmap::open fails to... #1973 - Default Accept-Encoding header for the client #1975 - SSLClientReconnection fails on Windows #1980 - delay in keep_alive due to sleep #1969 - missing query pararm in httplib::Client::send #1985 - Update to 0.18.1: * SSLClientServerTest.* tests fail with OpenSSL 3.2.1 (#1798) * Feat: add CPack support (#1950) * Keep alive is slowing down shutdown (#1959) * Allow empty header values (#1965) - update to 0.18.0: * httplib.h: support LibreSSL * Nice way to call 'handle_file_request' from user code * How to diagnose the infamous read error 4 * Made default server and client read/write timeout settings separately * Slow performance caused by get_remote_ip_and_port and get_local_ip_and_port * Provides a way to ignore host verify * add API support for verify certificate manually - update to 0.17.3: * Accessing Directory * constexpr error * Only match path params that span full path segment * Fix KeepAliveTest.SSLClientReconnectionPost problem - update to 0.17.2: * Fix incorrect handling of Expect: 100-continue * Peformance improvement by removing tolower function call - update to 0.17.1: * Header parser incorrectly accepts NUL and CR within header values * Fix problem with Abstract Namespace Unix Domain * Fix SIGINT problem in Docker image - update to 0.17.0: * Changed CPPHTTPLIB_KEEPALIVE_MAX_COUNT to 100 * Add Dockerfile for static file server * Breaking Change!: get_header_ methods on Request and Response now take * Add sleep in handle_EINTR * Added set_ipv6_v6only method * impossible to shut down the server safely * Performance: reserve body to avoid frequent reallocations and copies - update to 0.16.3: * Fixed set_connection_timeout() unexpected results * Fix KeepAliveTest.SSLClientReconnectionPost - update to 0.16.2: * threadsafe CLOEXEC on platforms that support it * BoringSSL compatibility fixes - update to 0.16.1: * detail::is_socket_alive() is not work for https connection * avoid memory leaks if linked with static openssl libs * Allow hex for ipv6 literal addr in redirect * Fix build on Windows with no WINAPI_PARTITION_APP support * test: fix GetRangeWithMaxLongLength on 32 bit machines * Require a minimum of TLS 1.2 - update to 0.16.0: * Use final keyword for devirtualization * FindBrotli cleanup and fixes * client can't open the encrypted private key * build(meson): generate new test PEMs * Fix range parser when parsing too many ranges * fix: increase default receive buffer to 16kb * Removed excess usage of std::move * Merge branch 'HerrCai0907-fix' * Highlight notes using markdown features * Added progress to POST, PUT, PATCH and DELETE requests * Tweak CI and fix macOS prefix * New function SSLServer::update_certs. Allows to update certificates while server is running * Change library name to cpp-httplib - update to 0.15.3: * Breaking change in handling requests with Range in v0.15.1 and v0.15.2 - update to 0.15.2: * Severe directory traversal vulnerability (dotdotslash) - Update to version 0.15.1: * Malicious requests for many overlapping byte ranges of large files risk OOM #1766 * Add missing #include for strcasecmp #1744 * ThreadPool: optional limit for jobs queue (#1741) * Fix #1628 (OpenSSL 1.1.1 End of Life on September 11, 2023) * Fix Windows std::max macro problem #1750 * Fix select() return code for fd >= 1024 (#1757) * Add a getter for a bearer token from a request (#1755) * Support move semantics for Response::set_content() (#1764) * Treat paths with embedded NUL bytes as invalid (#1765) * Fix usage of rand() is not seeded and depends on seeding by parent program #1747 * Fix check request range and fix response Content-Range. #1694 * Fix: Query parameter including query delimiter ('?') not being parsed properly (#1713) * Fix #1736 * Fix #1665 * Change some of status messages based on RFC 9110 (#1740) * Add StatusCode enum (#1739) * Fix #1738 * Fix #1685 * Fix #1724 * Add optional user defined header writer #1683 * Fix CPPHTTPLIB_ALLOW_LF_AS_LINE_TERMINATOR (#1634) * Avoid a -Warray-bounds false positive in GCC 13. (#1639) * Fix #1638 * Removed unnecessary CRLF at the end of multipart ranges data * Fix #1559 * Use memory mapped file for static file server (#1632) * Fix #1519 * Fix #1590 (#1630) * Fix #1619 * Fix #1624 * Compiler freezes on Debian 10 (buster) with GCC 8.3.0 #1613 * Don't overwrite the last redirected location (#1589) # This is a breaking change. * Fix #1607 * Add named path parameters parsing (Implements #1587) (#1608) * Result: allow default constructor (#1609) * Add support for zOS (#1581) * Provide a CMake option to disable C++ exceptions (#1580) * Load in-memory CA certificates (#1579) Important SUSE bug 1242777 SUSE bug 1245414 SUSE bug 1246468 SUSE bug 1246471 CVE-2025-46728 at SUSE CVE-2025-46728 at NVD CVE-2025-52887 at SUSE CVE-2025-52887 at NVD CVE-2025-53628 at SUSE CVE-2025-53628 at NVD CVE-2025-53629 at SUSE CVE-2025-53629 at NVD cpe:/o:opensuse:leap:15.6 Security update for act (Important) openSUSE Leap 15.6 This update for act fixes the following issues: - CVE-2025-47913: Prevent panic in embedded golang.org/x/crypto/ssh/agent client when receiving unexpected message types for key listing or signing requests (boo#1253608) Important SUSE bug 1253608 CVE-2025-47913 at SUSE CVE-2025-47913 at NVD cpe:/o:opensuse:leap:15.6 Security update for gitea-tea (Moderate) openSUSE Leap 15.6 This update for gitea-tea fixes the following issues: - Do not make config file group-readable. Moderate cpe:/o:opensuse:leap:15.6 Security update to chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: Chromium 143.0.7499.40 (boo#1254429): * CVE-2025-13630: Type Confusion in V8 * CVE-2025-13631: Inappropriate implementation in Google Updater * CVE-2025-13632: Inappropriate implementation in DevTools * CVE-2025-13633: Use after free in Digital Credentials * CVE-2025-13634: Inappropriate implementation in Downloads * CVE-2025-13720: Bad cast in Loader * CVE-2025-13721: Race in v8 * CVE-2025-13635: Inappropriate implementation in Downloads * CVE-2025-13636: Inappropriate implementation in Split View * CVE-2025-13637: Inappropriate implementation in Downloads * CVE-2025-13638: Use after free in Media Stream * CVE-2025-13639: Inappropriate implementation in WebRTC * CVE-2025-13640: Inappropriate implementation in Passwords Important SUSE bug 1254429 CVE-2025-13630 at SUSE CVE-2025-13630 at NVD CVE-2025-13631 at SUSE CVE-2025-13631 at NVD CVE-2025-13632 at SUSE CVE-2025-13632 at NVD CVE-2025-13633 at SUSE CVE-2025-13633 at NVD CVE-2025-13634 at SUSE CVE-2025-13634 at NVD CVE-2025-13635 at SUSE CVE-2025-13635 at NVD CVE-2025-13636 at SUSE CVE-2025-13636 at NVD CVE-2025-13637 at SUSE CVE-2025-13637 at NVD CVE-2025-13638 at SUSE CVE-2025-13638 at NVD CVE-2025-13639 at SUSE CVE-2025-13639 at NVD CVE-2025-13640 at SUSE CVE-2025-13640 at NVD CVE-2025-13720 at SUSE CVE-2025-13720 at NVD CVE-2025-13721 at SUSE CVE-2025-13721 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-mistralclient (Moderate) openSUSE Leap 15.6 This update for python-mistralclient fixes the following issues: - CVE-2021-4472: Fixed a local file inclusion which may result in disclosure of arbitrary files content (boo#1254289) Moderate SUSE bug 1254289 CVE-2021-4472 at SUSE CVE-2021-4472 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Django (Important) openSUSE Leap 15.6 This update for python-Django fixes the following issues: - CVE-2025-13372,CVE-2025-64460: Fixed Denial of Service in 'django.core.serializers.xml_serializer.getInnerText()' (bsc#1254437) Important SUSE bug 1254437 CVE-2025-13372 at SUSE CVE-2025-13372 at NVD CVE-2025-64460 at SUSE CVE-2025-64460 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: - Chromium 143.0.7499.109 (boo#1254776): * CVE-2025-14372: Use after free in Password Manager * CVE-2025-14373: Inappropriate implementation in Toolbar * third issue with an exploit is known to exist in the wild Important SUSE bug 1254776 CVE-2025-14372 at SUSE CVE-2025-14372 at NVD CVE-2025-14373 at SUSE CVE-2025-14373 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: - Chromium 143.0.7499.146 (boo#1255115): * CVE-2025-14765: Use after free in WebGPU * CVE-2025-14766: Out of bounds read and write in V8 - Chromium 143.0.7499.109 (boo#1254776): * CVE-2025-14372: Use after free in Password Manager * CVE-2025-14373: Inappropriate implementation in Toolbar * CVE-2025-14174: Out of bounds memory access in ANGLE Important SUSE bug 1254776 SUSE bug 1255115 CVE-2025-14174 at SUSE CVE-2025-14174 at NVD CVE-2025-14372 at SUSE CVE-2025-14372 at NVD CVE-2025-14373 at SUSE CVE-2025-14373 at NVD CVE-2025-14765 at SUSE CVE-2025-14765 at NVD CVE-2025-14766 at SUSE CVE-2025-14766 at NVD cpe:/o:opensuse:leap:15.6 Security update for trivy (Important) openSUSE Leap 15.6 This update for trivy fixes the following issues: Update to version 0.68.2: * fix(deps): bump alpine from `3.22.1` to `3.23.0` [backport: release/v0.68] (#9949) Update to version 0.68.1 (boo#1251363, CVE-2025-47911, boo#1251547, CVE-2025-58190, boo#1253512, CVE-2025-47913, boo#1253512, CVE-2025-47913, boo#1253786, CVE-2025-58181, boo#1253977, CVE-2025-47914): * fix: update cosing settings for GoReleaser after bumping cosing to v3 (#9863) * chore(deps): bump the testcontainers group with 2 updates (#9506) * feat(aws): Add support for dualstack ECR endpoints (#9862) * fix(vex): use a separate `visited` set for each DFS path (#9760) * docs: catch some missed docs -> guide (#9850) * refactor(misconf): parse azure_policy_enabled to addonprofile.azurepolicy.enabled (#9851) * chore(cli): Remove Trivy Cloud (#9847) * fix(misconf): ensure value used as ignore marker is non-null and known (#9835) * fix(misconf): map healthcheck start period flag to --start-period instead of --startPeriod (#9837) * chore(deps): bump the docker group with 3 updates (#9776) * chore(deps): bump golang.org/x/crypto from 0.41.0 to 0.45.0 (#9827) * chore(deps): bump the common group across 1 directory with 20 updates (#9840) * feat(image): add Sigstore bundle SBOM support (#9516) * chore(deps): bump the aws group with 7 updates (#9691) * test(k8s): update k8s integrtion test (#9725) * chore(deps): bump github.com/containerd/containerd from 1.7.28 to 1.7.29 (#9764) * feat(sbom): add support for SPDX attestations (#9829) * docs(misconf): Remove duplicate sections (#9819) * feat(misconf): Update Azure network schema for new checks (#9791) * feat(misconf): Update AppService schema (#9792) * fix(misconf): ensure boolean metadata values are correctly interpreted (#9770) * feat(misconf): support https_traffic_only_enabled in Az storage account (#9784) * docs: restructure docs for new hosting (#9799) * docs(server): fix info about scanning licenses on the client side. (#9805) * ci: remove unused preinstalled software/images for build tests to free up disk space. (#9814) * feat(report): add fingerprint generation for vulnerabilities (#9794) * chore: trigger the trivy-www workflow (#9737) * fix: update all documentation links (#9777) * feat(suse): Add new openSUSE, Micro and SLES releases end of life dates (#9788) * test(go): set `GOPATH` for tests (#9785) * feat(flag): add `--cacert` flag (#9781) * fix(misconf): handle unsupported experimental flags in Dockerfile (#9769) * test(go): refactor mod_test.go to use txtar format (#9775) * docs: Fix typos and linguistic errors in documentation / hacktoberfest (#9586) * chore(deps): bump github.com/opencontainers/selinux from 1.12.0 to 1.13.0 (#9778) * chore(deps): bump github.com/containerd/containerd/v2 from 2.1.4 to 2.1.5 (#9763) * fix(java): use `true` as default value for Repository Release|Snapshot Enabled in pom.xml and settings.xml files (#9751) * docs: add info that `SSL_CERT_FILE` works on `Unix systems other than macOS` only (#9772) * docs: change SecObserve URLs in documentatio (#9771) * feat(db): enable concurrent access to vulnerability database (#9750) * feat(misconf): add agentpools to azure container schema (#9714) * feat(report): switch ReportID from UUIDv4 to UUIDv7 (#9749) * feat(misconf): Update Azure Compute schema (#9675) * feat(misconf): Update azure storage schema (#9728) * feat(misconf): Update SecurityCenter schema (#9674) * feat(image): pass global context to docker/podman image save func (#9733) * chore(deps): bump the github-actions group with 4 updates (#9739) * fix(flag): remove viper.SetDefault to fix IsSet() for config-only flags (#9732) * feat(license): use separate SPDX ids to ignore SPDX expressions (#9087) * feat(dotnet): add dependency graph support for .deps.json files (#9726) * feat(misconf): Add support for configurable Rego error limit (#9657) * feat(misconf): Add RoleAssignments attribute (#9396) * feat(report): add image reference to report metadata (#9729) * fix(os): Add photon 5.0 in supported OS (#9724) * fix(license): handle SPDX WITH exceptions as single license in category detection (#9380) * refactor: add case-insensitive string set implementation (#9720) * feat: include registry and repository in artifact ID calculation (#9689) * feat(java): add support remote repositories from settings.xml files (#9708) * fix(sbom): don’t panic on SBOM format if scanned CycloneDX file has empty metadata (#9562) * docs: update vulnerability reporting guidelines in SECURITY.md (#9395) * docs: add info about `java-db` subdir (#9706) * fix(report): correct field order in SARIF license results (#9712) * test: improve golden file management in integration tests (#9699) * ci: get base_sha using base.ref (#9704) * refactor(misconf): mark AVDID fields as deprecated and use ID internally (#9576) * fix(nodejs): fix npmjs parser.pkgNameFromPath() panic issue (#9688) * fix: close all opened resources if an error occurs (#9665) * refactor(misconf): type-safe parser results in generic scanner (#9685) * feat(image): add RepoTags support for Docker archives (#9690) * chore(deps): bump github.com/quic-go/quic-go from 0.52.0 to 0.54.1 (#9694) * feat(misconf): Update Azure Container Schema (#9673) * ci: use merge commit for apidiff to avoid false positives (#9622) * feat(misconf): include map key in manifest snippet for diagnostics (#9681) * refactor(misconf): add ManifestFromYAML for unified manifest parsing (#9680) * test: update golden files for TestRepository* integration tests (#9684) * refactor(cli): Update the cloud config command (#9676) * fix(sbom): add `buildInfo` info as properties (#9683) * feat: add ReportID field to scan reports (#9670) * docs: add vulnerability database contribution guide (#9667) * feat(cli): Add trivy cloud suppport (#9637) * feat: add ArtifactID field to uniquely identify scan targets (#9663) * fix(nodejs): use the default ID format to match licenses in pnpm packages. (#9661) * feat(sbom): use SPDX license IDs list to validate SPDX IDs (#9569) * fix: use context for analyzers (#9538) * chore(deps): bump the docker group with 3 updates (#9545) * chore(deps): bump the aws group with 6 updates (#9547) * ci(helm): bump Trivy version to 0.67.2 for Trivy Helm Chart 0.19.1 (#9641) * test(helm): bump up Yamale dependency for Helm chart-testing-action (#9653) * fix: Trim the end-of-range suffix (#9618) * test(k8s): use a specific bundle for k8s misconfig scan (#9633) * fix: Use `fetch-level: 1` to check out trivy-repo in the release workflow (#9636) * refactor: move the aws config (#9617) * fix(license): don't normalize `unlicensed` licenses into `unlicense` (#9611) * fix: using SrcVersion instead of Version for echo detector (#9552) * feat(fs): change artifact type to repository when git info is detected (#9613) * fix: add `buildInfo` for `BlobInfo` in `rpc` package (#9608) * fix(vex): don't use reused BOM (#9604) * ci: use pull_request_target for apidiff workflow to support fork PRs (#9605) * fix: restore compatibility for google.protobuf.Value (#9559) * ci: add API diff workflow (#9600) * chore(deps): update to module-compatible docker-credential-gcr/v2 (#9591) * docs: improve documentation for scanning raw IaC configurations (#9571) * feat: allow ignoring findings by type in Rego (#9578) * docs: bump pygments from 2.18.0 to 2.19.2 (#9596) * refactor(misconf): add ID to scan.Rule (#9573) * fix(java): update order for resolving package fields from multiple demManagement (#9575) * chore(deps): bump the github-actions group across 1 directory with 9 updates (#9563) * chore(deps): bump the common group across 1 directory with 7 updates (#9590) * chore(deps): Switch to go-viper/mapstructure (#9579) * chore: add context to the cache interface (#9565) * ci(helm): bump Trivy version to 0.67.0 for Trivy Helm Chart 0.19.0 (#9554) * fix: validate backport branch name (#9548) Update to version 0.67.2 (boo#1250625, CVE-2025-11065, boo#1248897, CVE-2025-58058): * fix: Use `fetch-level: 1` to check out trivy-repo in the release workflow [backport: release/v0.67] (#9638) * fix: restore compatibility for google.protobuf.Value [backport: release/v0.67] (#9631) * fix: using SrcVersion instead of Version for echo detector [backport: release/v0.67] (#9629) * fix: add `buildInfo` for `BlobInfo` in `rpc` package [backport: release/v0.67] (#9615) * fix(vex): don't use reused BOM [backport: release/v0.67] (#9612) * release: v0.67.0 [main] (#9432) * fix(vex): don't suppress vulns for packages with infinity loop (#9465) * fix(aws): use `BuildableClient` insead of `xhttp.Client` (#9436) * refactor(misconf): replace github.com/liamg/memoryfs with internal mapfs and testing/fstest (#9282) * docs: clarify inline ignore limitations for resource-less checks (#9537) * fix(k8s): disable parallel traversal with fs cache for k8s images (#9534) * fix(misconf): handle tofu files in module detection (#9486) * feat(seal): add seal support (#9370) * docs: fix modules path and update code example (#9539) * fix: close file descriptors and pipes on error paths (#9536) * feat: add documentation URL for database lock errors (#9531) * fix(db): Dowload database when missing but metadata still exists (#9393) * feat(cloudformation): support default values and list results in Fn::FindInMap (#9515) * fix(misconf): unmark cty values before access (#9495) * feat(cli): change --list-all-pkgs default to true (#9510) * fix(nodejs): parse workspaces as objects for package-lock.json files (#9518) * refactor(fs): use underlyingPath to determine virtual files more reliably (#9302) * refactor: remove google/wire dependency and implement manual DI (#9509) * chore(deps): bump the aws group with 6 updates (#9481) * chore(deps): bump the common group across 1 directory with 24 updates (#9507) * fix(misconf): wrap legacy ENV values in quotes to preserve spaces (#9497) * docs: move info about `detection priority` into coverage section (#9469) * feat(sbom): added support for CoreOS (#9448) * fix(misconf): strip build metadata suffixes from image history (#9498) * feat(cyclonedx): preserve SBOM structure when scanning SBOM files with vulnerability updates (#9439) * docs: Fix typo in terraform docs (#9492) * feat(redhat): add os-release detection for RHEL-based images (#9458) * ci(deps): add 3-day cooldown period for Dependabot updates (#9475) * refactor: migrate from go-json-experiment to encoding/json/v2 (#9422) * fix(vuln): compare `nuget` package names in lower case (#9456) * chore: Update release flow to include chocolatey (#9460) * docs: document eol supportability (#9434) * docs(report): add nuanses about secret/license scanner in summary table (#9442) * ci: use environment variables in GitHub Actions for improved security (#9433) * chore: bump Go to 1.24.7 (#9435) * fix(nodejs): use snapshot string as `Package.ID` for pnpm packages (#9330) * ci(helm): bump Trivy version to 0.66.0 for Trivy Helm Chart 0.18.0 (#9425) - Fix version number shown for 'trivy -v' Update to version 0.66.0 (boo#1248937, CVE-2025-58058): * chore(deps): bump the aws group with 7 updates (#9419) * refactor(secret): clarify secret scanner messages (#9409) * fix(cyclonedx): handle multiple license types (#9378) * fix(repo): sanitize git repo URL before inserting into report metadata (#9391) * test: add HTTP basic authentication to git test server (#9407) * fix(sbom): add support for `file` component type of `CycloneDX` (#9372) * fix(misconf): ensure module source is known (#9404) * ci: migrate GitHub Actions from version tags to SHA pinning (#9405) * fix: create temp file under composite fs dir (#9387) * chore(deps): bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14 (#9403) * refactor: switch to stable azcontainerregistry SDK package (#9319) * chore(deps): bump the common group with 7 updates (#9382) * refactor(misconf): migrate from custom Azure JSON parser (#9222) * fix(repo): preserve RepoMetadata on FS cache hit (#9389) * refactor(misconf): use atomic.Int32 (#9385) * chore(deps): bump the aws group with 6 updates (#9383) * docs: Fix broken link to 'Built-in Checks' (#9375) * fix(plugin): don't remove plugins when updating index.yaml file (#9358) * fix: persistent flag option typo (#9374) * chore(deps): bump the common group across 1 directory with 26 updates (#9347) * fix(image): use standardized HTTP client for ECR authentication (#9322) * refactor: export `systemFileFiltering` Post Handler (#9359) * docs: update links to Semaphore pages (#9352) * fix(conda): memory leak by adding closure method for `package.json` file (#9349) * feat: add timeout handling for cache database operations (#9307) * fix(misconf): use correct field log_bucket instead of target_bucket in gcp bucket (#9296) * fix(misconf): ensure ignore rules respect subdirectory chart paths (#9324) * chore(deps): bump alpine from 3.21.4 to 3.22.1 (#9301) * feat(terraform): use .terraform cache for remote modules in plan scanning (#9277) * chore: fix some function names in comment (#9314) * chore(deps): bump the aws group with 7 updates (#9311) * docs: add explanation for how to use non-system certificates (#9081) * chore(deps): bump the github-actions group across 1 directory with 2 updates (#8962) * fix(misconf): preserve original paths of remote submodules from .terraform (#9294) * refactor(terraform): make Scan method of Terraform plan scanner private (#9272) * fix: suppress debug log for context cancellation errors (#9298) * feat(secret): implement streaming secret scanner with byte offset tracking (#9264) * fix(python): impove package name normalization (#9290) * feat(misconf): added audit config attribute (#9249) * refactor(misconf): decouple input fs and track extracted files with fs references (#9281) * test(misconf): remove BenchmarkCalculate using outdated check metadata (#9291) * refactor: simplify Detect function signature (#9280) * ci(helm): bump Trivy version to 0.65.0 for Trivy Helm Chart 0.17.0 (#9288) * fix(fs): avoid shadowing errors in file.glob (#9286) * test(misconf): move terraform scan tests to integration tests (#9271) * test(misconf): drop gcp iam test covered by another case (#9285) * chore(deps): bump to alpine from `3.21.3` to `3.21.4` (#9283) Update to version 0.65.0: * fix(cli): ensure correct command is picked by telemetry (#9260) * feat(flag): add schema validation for `--server` flag (#9270) * chore(deps): bump github.com/docker/docker from 28.3.2+incompatible to 28.3.3+incompatible (#9274) * ci: skip undefined labels in discussion triage action (#9175) * feat(repo): add git repository metadata to reports (#9252) * fix(license): handle WITH operator for `LaxSplitLicenses` (#9232) * chore: add modernize tool integration for code modernization (#9251) * fix(secret): add UTF-8 validation in secret scanner to prevent protobuf marshalling errors (#9253) * chore: implement process-safe temp file cleanup (#9241) * fix: prevent graceful shutdown message on normal exit (#9244) * fix(misconf): correctly parse empty port ranges in google_compute_firewall (#9237) * feat: add graceful shutdown with signal handling (#9242) * chore: update template URL for brew formula (#9221) * test: add end-to-end testing framework with image scan and proxy tests (#9231) * refactor(db): use `Getter` interface with `GetParams` for trivy-db sources (#9239) * ci: specify repository for `gh cache delete` in canary worklfow (#9240) * ci: remove invalid `--confirm` flag from `gh cache delete` command in canary builds (#9236) * fix(misconf): fix log bucket in schema (#9235) * chore(deps): bump the common group across 1 directory with 24 updates (#9228) * ci: move runner.os context from job-level env to step-level in canary workflow (#9233) * chore(deps): bump up Trivy-kubernetes to v0.9.1 (#9214) * feat(misconf): added logging and versioning to the gcp storage bucket (#9226) * fix(server): add HTTP transport setup to server mode (#9217) * chore: update the rpm download Update (#9202) * feat(alma): add AlmaLinux 10 support (#9207) * fix(nodejs): don't use prerelease logic for compare npm constraints (#9208) * fix(rootio): fix severity selection (#9181) * fix(sbom): merge in-graph and out-of-graph OS packages in scan results (#9194) * fix(cli): panic: attempt to get os.Args[1] when len(os.Args) < 2 (#9206) * fix(misconf): correctly adapt azure storage account (#9138) * feat(misconf): add private ip google access attribute to subnetwork (#9199) * feat(report): add CVSS vectors in sarif report (#9157) * fix(terraform): `for_each` on a map returns a resource for every key (#9156) * fix: supporting .egg-info/METADATA in python.Packaging analyzer (#9151) * chore: migrate protoc setup from Docker to buf CLI (#9184) * ci: delete cache after artifacts upload in canary workflow (#9177) * refactor: remove aws flag helper message (#9080) * ci: use gh pr view to get PR number for forked repositories in auto-ready workflow (#9183) * ci: add auto-ready-for-review workflow (#9179) * feat(image): add Docker context resolution (#9166) * ci: optimize golangci-lint performance with cache-based strategy (#9173) * feat: add HTTP request/response tracing support (#9125) * fix(aws): update amazon linux 2 EOL date (#9176) * chore: Update release workflow to trigger version updates (#9162) * chore(deps): bump helm.sh/helm/v3 from 3.18.3 to 3.18.4 (#9164) * fix: also check `filepath` when removing duplicate packages (#9142) * chore: add debug log to show image source location (#9163) * docs: add section on customizing default check data (#9114) * chore(deps): bump the common group across 1 directory with 9 updates (#9153) * docs: partners page content updates (#9149) * chore(license): add missed spdx exceptions: (#9147) * docs: trivy partners page updates (#9133) * fix: migrate from `*.list` to `*.md5sums` files for `dpkg` (#9131) * ci(helm): bump Trivy version to 0.64.1 for Trivy Helm Chart 0.16.1 (#9135) * feat(sbom): add SHA-512 hash support for CycloneDX SBOM (#9126) * fix(misconf): skip rewriting expr if attr is nil (#9113) * fix(license): add missed `GFDL-NIV-1.1` and `GFDL-NIV-1.2` into Trivy mapping (#9116) * fix(cli): Add more non-sensitive flags to telemetry (#9110) * fix(alma): parse epochs from rpmqa file (#9101) * fix(rootio): check full version to detect `root.io` packages (#9117) * chore: drop FreeBSD 32-bit support (#9102) * fix(sbom): use correct field for licenses in CycloneDX reports (#9057) * fix(secret): fix line numbers for multiple-line secrets (#9104) * feat(license): observe pkg types option in license scanner (#9091) * ci(helm): bump Trivy version to 0.64.0 for Trivy Helm Chart 0.16.0 (#9107) - Update to version 0.64.1 (boo#1243633, CVE-2025-47291, (boo#1246730, CVE-2025-46569): - Update to version 0.62.1 (boo#1239225, CVE-2025-22868, boo#1241724, CVE-2025-22872): - Update to version 0.61.1 (boo#1239385, CVE-2025-22869, boo#1240466, CVE-2025-30204): Important SUSE bug 1239225 SUSE bug 1239385 SUSE bug 1240466 SUSE bug 1241724 SUSE bug 1243633 SUSE bug 1246730 SUSE bug 1248897 SUSE bug 1248937 SUSE bug 1250625 SUSE bug 1251363 SUSE bug 1251547 SUSE bug 1253512 SUSE bug 1253786 SUSE bug 1253977 CVE-2025-11065 at SUSE CVE-2025-11065 at NVD CVE-2025-22868 at SUSE CVE-2025-22868 at NVD CVE-2025-22869 at SUSE CVE-2025-22869 at NVD CVE-2025-22872 at SUSE CVE-2025-22872 at NVD CVE-2025-30204 at SUSE CVE-2025-30204 at NVD CVE-2025-46569 at SUSE CVE-2025-46569 at NVD CVE-2025-47291 at SUSE CVE-2025-47291 at NVD CVE-2025-47911 at SUSE CVE-2025-47911 at NVD CVE-2025-47913 at SUSE CVE-2025-47913 at NVD CVE-2025-47914 at SUSE CVE-2025-47914 at NVD CVE-2025-53547 at SUSE CVE-2025-53547 at NVD CVE-2025-58058 at SUSE CVE-2025-58058 at NVD CVE-2025-58181 at SUSE CVE-2025-58181 at NVD CVE-2025-58190 at SUSE CVE-2025-58190 at NVD cpe:/o:opensuse:leap:15.6 Security update for flannel (Important) openSUSE Leap 15.6 This update for flannel fixes the following issues: - Update to version 0.27.4: * Removed PodSecurityPolicy manifest creation * Fix interface IP address detection in dual-stack mode * Fix: recreate VXLAN device (flannel.*) when external interface is deleted and re-added (#2247) * golangci-lint: fix iptables_test * firewall: add option to disable fully-random mode for MASQUERADE * Bump the tencent group with 2 updates * Bump github.com/coreos/go-systemd/v22 in the other-go-modules group * Bump golang.org/x/sys in the other-go-modules group * Bump the etcd group with 4 updates * Bump etcd version in tests * Stop using deprecated cache.NewIndexerInformer function * Bump k8s test version * Bump k8s deps to v0.31.11 * Bump the other-go-modules group with 2 updates * helm chart: add nodeSelector in the helm chart * Updated Alpine image * Added flag to enable blackhole route locally for Canal * Bump golang.org/x/sync in the other-go-modules group * make enqueueLeaseEvent context aware and prevent dangling goroutines when context is done - fixed a typo/build error * make retry interval exp backoff * cont_when_cache_not_ready configurable with fail by default * use semaphore as opposed to raw signal channel * Update pkg/subnet/kube/kube.go * Fix deadlock in startup for large clusters * enable setting resources in helm chart * capture close() err on subnet file save (#2248) * doc: document flag --iptables-forward-rules * Bump netlink to v1.3.1 * fix: clean-up rules when starting instead of shutting down * Bump k8s and sles test version * Add modprobe br_netfilter step in test workflows * test: don't run the workflows on 'push' events * Update to the latest flannel cni-plugins v1.7.1 * Move to go 1.23.6 - Update to version 0.26.6: * Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common * Bump the etcd group with 4 updates * Bump the tencent group with 2 updates * Organize dependabot PR's more clearly by using groups * Use peer's wireguard port, not our own * Bump to codeql v3 * Pin all GHA to a specific SHA commit * Bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 (fix CVE-2025-30204, boo#1240516) * Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common * Bump go.etcd.io/etcd/tests/v3 from 3.5.18 to 3.5.20 * add missing GH_TOKEN env var in release.yaml * Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc * Upload chart archive with the release files * make deps * refactor release.yaml to reduce use of potentially vulnerable GH Actions * Bump golang.org/x/net from 0.34.0 to 0.36.0 * enable setting CNI directory paths in helm chart * Added cni file configuration on the chart * Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc * Bump github.com/avast/retry-go/v4 from 4.6.0 to 4.6.1 - Update to version 0.26.4: * Moved to github container registry * Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc * Bump go.etcd.io/etcd/tests/v3 from 3.5.17 to 3.5.18 * fix: Fix high CPU usage when losing etcd connection and try to re-establish connection with exponential backoff * Bump github.com/containernetworking/plugins from 1.6.1 to 1.6.2 * Bump alpine from 20240923 to 20250108 in /images * Bump golang.org/x/net from 0.31.0 to 0.33.0 * Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc * Bump github.com/jonboulle/clockwork from 0.4.0 to 0.5.0 * feat: add bool to control CNI config installation using Helm * fix: add missing MY_NODE_NAME env in chart * Bump k8s deps to 0.29.12 * Don't panic upon shutdown when running in standalone mode * Bump golang.org/x/crypto from 0.29.0 to 0.31.0 * Bump alpine from 20240807 to 20240923 in /images * Bump github.com/containernetworking/plugins from 1.6.0 to 1.6.1 * Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc * Bump github.com/vishvananda/netns from 0.0.4 to 0.0.5 * Use the standard context library * Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common * Updated flannel cni image to 1.6.0 * Updated CNI plugins version on the README * Bump sigs.k8s.io/knftables from 0.0.17 to 0.0.18 * Bump github.com/golang-jwt/jwt/v4 from 4.4.2 to 4.5.1 * Bump github.com/Microsoft/hcsshim from 0.12.8 to 0.12.9 * Added check to not check br_filter in case of windows * Bumo golangci-lint to latest version * Bump to go 1.23 * Added checks for br_netfilter module * Try not to cleanup multiple peers behind same PublicIP * fix trivy check * check that the lease includes an IP address of the requested family before configuring the flannel interface * Fixed IPv6 chosen in case of public-ipv6 configured * add timeout to e2e test pipelines * Update k8s version ine2e tests to v1.29.8 * Update netlink to v1.3.0 * Fixed values file on flannel chart * Bump k8s.io/klog/v2 from 2.120.1 to 2.130.1 * Updated Flannel chart with Netpol containter and removed clustercidr * Fix bug in hostgw-windows * Fix bug in the logic polling the interface * Added node-public-ip annotation * Try several times to contact kube-api before failing * Fixed IPv6 0 initialization * wireguard backend: avoid error message if route already exists * Bump github.com/avast/retry-go/v4 from 4.5.1 to 4.6.0 * use wait.PollUntilContextTimeout instead of deprecated wait.Poll * troubleshooting.md: add `ethtool -K flannel.1 tx-checksum-ip-generic off` for NAT * Added configuration for pulic-ip through node annotation * extension/vxlan: remove arp commands from vxlan examples * Refactor TrafficManager windows files to clarify logs * Add persistent-mac option to v6 too * fix comparison with previous networks in SetupAndEnsureMasqRules * show content of stdout and stderr when running iptables-restore returns an error * Add extra check before contacting kube-api * remove unimplemented error in windows trafficmngr * remove --dirty flags in git describe * Added leaseAttr string method with logs on VxLan * remove multiClusterCidr related-code. * Implement nftables masquerading for flannel * fix: ipv6 iptables rules were created even when IPv6 was disabled * Add tolerations to the flannel chart * Added additional check for n.spec.podCIDRs * Remove net-tools since it's an old package that we are not using * fix iptables_windows.go * Clean-up Makefile and use docker buildx locally * Use manual test to ensure iptables-* binaries are present * Bump github.com/containerd/containerd from 1.6.23 to 1.6.26 * Bump github.com/joho/godotenv * SubnetManager should use the main context * Simplify TrafficManager interface * refactor iptables package to prepare for nftables-based implementation - flannel v0.26.4, includes `golang.org/x/net/http2` at v0.34.0, which fixes boo#1236522 (CVE-2023-45288) - Update to version 0.24.2: * Prepare for v0.24.2 release * Increase the time out for interface checking in windows * Prepare for v0.24.1 release * Provide support to select the interface in Windows * Improve the log from powershell * Wait all the jobs to finish before deploy the github-page * remove remaining references to mips64le * add multi-arch dockerfile * add missing riscv64 in docker manifest create step * prepare for v0.24.0 release * Bump golang.org/x/crypto from 0.15.0 to 0.17.0 * Add the VNI to the error message in Windows * chart: add possibility for defining image pull secrets in daemonset * Remove multiclustercidr logic from code * Update opentelemetry dependencies * Bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc * Add riscv64 arch in GH actions * vxlan vni should not be type uint16 * Quote wireguard psk in helm chart * add riscv64 support - Update to 0.14.0: * Add tencent cloud VPC network support * moving go modules to flannel-io/flannel and updating to go 1.16 * fix(windows): nil pointer panic * Preserve environment for extension backend * Fix flannel hang if lease expired * Documentation for the Flannel upgrade/downgrade procedure * Move from glog to klog * fix(host-gw): failed to restart if gateway hnsep existed * ipsec: use well known paths of charon daemon * upgrade client-go to 1.19.4 * move from juju/errors to pkg/errors * subnets: move forward the cursor to skip illegal subnet * Fix Expired URL to Deploying Flannel with kubeadm * Modify kube-flannel.yaml to use rbac.authorization.k8s.io/v1 * preserve AccessKey & AccessKeySecret environment on sudo fix some typo in doc. * iptables: handle errors that prevent rule deletes - Sync manifest with upstream (0.13.0 release). Includes the following changes: * Fix typo and invalid indent in kube-flannel.yml * Use stable os and arch label for node * set priorityClassName to system-node-critical * Add NET_RAW capability to support cri-o * Use multi-arch Docker images in the Kubernetes manifest - Set GO111MODULE=auto to build with go1.16+ * Default changed to GO111MODULE=on in go1.16 * Set temporarily until using upstream version with go.mod - update to 0.13.0: * Use multi-arch Docker images in the Kubernetes manifest * Accept existing XMRF policies and update them intead of raising errors * Add --no-sanity-check to iptables-wrapper-installer.sh for architectures other than amd64 * Use 'docker manifest' to publish multi-arch Docker images * Add NET_RAW capability to support cri-o * remove glide * switch to go modules * Add and implement iptables-wrapper-installer.sh from https://github.com/kubernetes-sigs/iptables-wrappers * documentation: set priorityClassName to system-node-critical * Added a hint for firewall rules * Disabling ipv6 accept_ra explicitely on the created interface * use alpine 3.12 everywhere * windows: replace old netsh (rakelkar/gonetsh) with powershell commands * fix CVE-2019-14697 * Bugfix: VtepMac would be empty when lease re-acquire for windows * Use stable os and arch label for node * doc(awsvpc): correct the required permissions - update to 0.12.0: * fix deleteLease * Use publicIP lookup iface if --public-ip indicated * kubernetes 1.16 cni error * Add cniVersion to general CNI plugin configuration. * Needs to clear NodeNetworkUnavailable flag on Kubernetes * Replaces gorillalabs go-powershell with bhendo/go-powershell * Make VXLAN device learning attribute configurable * change nodeSelector to nodeAffinity and schedule the pod to linux node * This PR adds the cni version to the cni-conf.yaml inside the kube-flannel-cfg configmap * EnableNonPersistent flag for Windows Overlay networks * snap package. * Update lease with DR Mac * main.go: add the 'net-config-path' flag * Deploy Flannel with unprivileged PSP * Enable local host to local pod connectivity in Windows VXLAN * Update hcsshim for HostRoute policy in Windows VXLAN Important SUSE bug 1218694 SUSE bug 1236522 SUSE bug 1240516 CVE-2019-14697 at SUSE CVE-2019-14697 at NVD CVE-2023-45288 at SUSE CVE-2023-45288 at NVD CVE-2025-30204 at SUSE CVE-2025-30204 at NVD cpe:/o:opensuse:leap:15.6 Security update for cheat (Important) openSUSE Leap 15.6 This update for cheat fixes the following issues: Security: * CVE-2025-47913: Fix client process termination (boo#1253593) * CVE-2025-58181: Fix potential unbounded memory consumption (boo#1253922) * CVE-2025-47914: Fix panic due to an out of bounds read (boo#1254051) * Replace golang.org/x/crypto=golang.org/x/crypto@v0.45.0 * Replace golang.org/x/net=golang.org/x/net@v0.47.0 * Replace golang.org/x/sys=golang.org/x/sys@v0.38.0 Packaging improvements: * Service go_modules replace dependencies with CVEs * Replace github.com/cloudflare/circl=github.com/cloudflare/circl@v1.6.1 Fix GO-2025-3754 GHSA-2x5j-vhc8-9cwm * Replace golang.org/x/net=golang.org/x/net@v0.36.0 Fixes GO-2025-3503 CVE-2025-22870 * Replace golang.org/x/crypto=golang.org/x/crypto@v0.35.0 Fixes GO-2023-2402 CVE-2023-48795 GHSA-45x7-px36-x8w8 Fixes GO-2025-3487 CVE-2025-22869 * Replace github.com/go-git/go-git/v5=github.com/go-git/go-git/v5@v5.13.0 Fixes GO-2025-3367 CVE-2025-21614 GHSA-r9px-m959-cxf4 Fixes GO-2025-3368 CVE-2025-21613 GHSA-v725-9546-7q7m * Service tar_scm set mode manual from disabled * Service tar_scm create archive from git so we can exclude vendor directory upstream committed to git. Committed vendor directory contents have build issues even after go mod tidy. * Service tar_scm exclude dir vendor * Service set_version set mode manual from disabled * Service set_version remove param basename not needed boo#1247629 (CVE-2025-21613): * Use go-git 5.13.0 via replace in _service Important SUSE bug 1247629 SUSE bug 1253593 SUSE bug 1253922 SUSE bug 1254051 CVE-2023-48795 at SUSE CVE-2023-48795 at NVD CVE-2025-21613 at SUSE CVE-2025-21613 at NVD CVE-2025-21614 at SUSE CVE-2025-21614 at NVD CVE-2025-22869 at SUSE CVE-2025-22869 at NVD CVE-2025-22870 at SUSE CVE-2025-22870 at NVD CVE-2025-47913 at SUSE CVE-2025-47913 at NVD CVE-2025-47914 at SUSE CVE-2025-47914 at NVD CVE-2025-58181 at SUSE CVE-2025-58181 at NVD cpe:/o:opensuse:leap:15.6 Security update for go-sendxmpp (Important) openSUSE Leap 15.6 This update for go-sendxmpp fixes the following issues: Update to 0.15.1: - Added * Add XEP-0359 Origin-ID to messages (requires go-xmpp >= v0.2.18). - Changed * HTTP upload: Ignore timeouts on disco IQs as some components do not reply. - Upgrades the embedded golang.org/x/net to 0.46.0 * Fixes: boo#1251461, CVE-2025-47911: various algorithms with quadratic complexity when parsing HTML documents * Fixes: boo#1251677, CVE-2025-58190: excessive memory consumption by 'html.ParseFragment' when processing specially crafted input Important SUSE bug 1251461 SUSE bug 1251677 CVE-2025-47911 at SUSE CVE-2025-47911 at NVD CVE-2025-58190 at SUSE CVE-2025-58190 at NVD cpe:/o:opensuse:leap:15.6 Security update for duc (Moderate) openSUSE Leap 15.6 This update for duc fixes the following issues: Update to 1.4.6: * new: added LICENCE to 'make release' target * fix: fixed logic error in buffer_get() (boo#1254566, CVE-2025-13654) * cha: updated tests Moderate SUSE bug 1254566 CVE-2025-13654 at SUSE CVE-2025-13654 at NVD cpe:/o:opensuse:leap:15.6 Security update for kubo (Moderate) openSUSE Leap 15.6 This update for kubo fixes the following issues: Update to 0.32.1: * https://github.com/ipfs/kubo/releases/tag/v0.32.1 * AutoTLS: Automatic Certificates for libp2p WebSockets via libp2p.direct * Dependency updates + ipfs-webui to v4.4.0 + boxo to v0.24.3 + go-libp2p to v0.37.0 + go-libp2p-kad-dht to v0.28.1 + go-libp2p-pubsub to v0.12.0 + p2p-forge/client to v0.0.2 - Update to 0.31.0 - for details see * https://github.com/ipfs/kubo/releases/tag/v0.31.0 * Experimental Pebble Datastore * New metrics * lowpower profile no longer breaks DHT announcements * go 1.23, boxo 0.24 and go-libp2p 0.36.5 - Update to 0.30.0 - for details see * https://github.com/ipfs/kubo/releases/tag/v0.30.0 * Improved P2P connectivity * Refactored Bitswap and dag-pb chunker * WebRTC-Direct Transport enabled by default * UnixFS 1.5: Mode and Modification Time Support * AutoNAT V2 Service Introduced Alongside V1 * Automated ipfs version check * Version Suffix Configuration * /unix/ socket support in Addresses.API * Cleaned Up ipfs daemon Startup Log * Commands Preserve Specified Hostname - Update to 0.29.0 - for details see * https://github.com/ipfs/kubo/releases/tag/v0.29.0 * Add search functionality for pin names * Customizing ipfs add defaults - drop upstream 10243.patch - drop upstream kubo-0.27.0-CVE-2024-22189.patch - Add kubo-0.27.0-CVE-2024-22189.patch to avoid quic-go memory exhaustion attack (boo#1222479, CVE-2024-22189) - Update to 0.27.0 - for details see * https://github.com/ipfs/kubo/releases/tag/v0.27.0 * Gateway: support for /api/v0 is deprecated * IPNS resolver cache's TTL can now be configured via Ipns.MaxCacheTTL * RPC client: deprecated DHT API, added Routing API * Deprecated DHT commands removed from /api/v0/dht * Repository migrations are now trustless - Let .service files wait for network-online.target (boo#1222194) - Update to 0.26.0 - for details see * https://github.com/ipfs/kubo/releases/tag/v0.26.0 * Removed several deprecated commands * Support optional pin names * jaeger trace exporter has been removed * fix quic-go memory exhaustion attack (boo#1235162, CVE-2023-49295) - Update to 0.25.0 - for details see * https://github.com/ipfs/kubo/releases/tag/v0.25.0 * WebUI: Updated Peers View * Kubo RPC API now supports optional HTTP Authorization. * MPLEX Removal * Graphsync Experiment Removal * Commands ipfs key sign and ipfs key verify - Add 10243.patch to fix FUSE mounts - Update to 0.24.0 - for details see * https://github.com/ipfs/kubo/releases/tag/v0.24.0 * Support for content blocking * Gateway: the root of the CARs are no longer meaningful * IPNS: improved publishing defaults * IPNS: record TTL is used for caching * Experimental Transport: WebRTC Direct Moderate SUSE bug 1222194 SUSE bug 1222479 SUSE bug 1235162 CVE-2023-49295 at SUSE CVE-2023-49295 at NVD CVE-2024-22189 at SUSE CVE-2024-22189 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-asteval (Moderate) openSUSE Leap 15.6 This update for python-asteval fixes the following issues: Update to 1.0.6: * drop testing and support for Python3.8, add Python 3.13, change document to reflect this. * implement safe_getattr and safe_format functions; fix bugs in UNSAFE_ATTRS and UNSAFE_ATTRS_DTYPES usage (boo#1236405, CVE-2025-24359) * make all procedure attributes private to curb access to AST nodes, which can be exploited * improvements to error messages, including use ast functions to construct better error messages * remove import of numpy.linalg, as documented * update doc description for security advisory Update to 1.0.5: * more work on handling errors, including fixing #133 and adding more comprehensive tests for #129 and #132 Update to 1.0.4: * fix error handling that might result in null exception Update to 1.0.3: * functions ('Procedures') defined within asteval have a ` _signature()` method, now use in repr * add support for deleting subscript * nested symbol tables now have a Group() function * update coverage config * cleanups of exception handling : errors must now have an exception * several related fixes to suppress repeated exceptions: see GH #132 and #129 * make non-boolean return values from comparison operators behave like Python - not immediately testing as bool - update to 1.0.2: * fix NameError handling in expression code * make exception messages more Python-like - update to 1.0.1: * security fixes, based on audit by Andrew Effenhauser, Ayman Hammad, and Daniel Crowley, IBM X-Force Security Research division * remove numpy modules polynomial, fft, linalg by default for security concerns * disallow string.format(), improve security of f-string evaluation - update to 1.0.0: * fix (again) nested list comprehension (Issues #127 and #126). * add more testing of multiple list comprehensions. * more complete support for Numpy 2, and removal of many Numpy symbols that have been long deprecated. * remove AST nodes deprecated in Python 3.8. * clean up build files and outdated tests. * fixes to codecov configuration. * update docs. - update to 0.9.33: * fixes for multiple list comprehensions (addressing #126) * add testing with optionally installed numpy_financial to CI * test existence of all numpy imports to better safeguard against missing functions (for safer numpy 2 transition) * update rendered doc to include PDF and zipped HTML - update to 0.9.32: * add deprecations message for numpy functions to be removed in numpy 2.0 * comparison operations use try/except for short-circuiting instead of checking for numpy arrays (addressing #123) * add Python 3.12 to testing * move repository from 'newville' to 'lmfit' organization * update doc theme, GitHub locations pointed to by docs, other doc tweaks. - Update to 0.9.31: * cleanup numpy imports to avoid deprecated functions, add financial functions from numpy_financial module, if installed. * prefer 'user_symbols' when initializing Interpreter, but still support 'usersyms' argument. Will deprecate and remove eventually. * add support of optional (off-by default) 'nested symbol table'. * update tests to run most tests with symbol tables of dict and nested group type. * general code and testing cleanup. * add config argument to Interpreter to more fully control which nodes are supported * add support for import and importfrom -- off by default * add support for with blocks * add support for f-strings * add support of set and dict comprehension * fix bug with 'int**int' not returning a float. - update to 0.9.29: * bug fixes - Update to 0.9.28 * add support for Python 3.11 * add support for multiple list comprehensions * improve performance of making the initial symbol table, and Interpreter creation, including better checking for index_tricks attributes - update to 0.9.27: * more cleanups - update to 0.9.26: * fix setup.py again - update to 0.9.25: * fixes import errors for Py3.6 and 3.7, setting version with importlib_metadata.version if available. * use setuptools_scm and importlib for version * treat all __dunder__ attributes of all objects as inherently unsafe. - Update to 0.9.22 * another important but small fix for Python 3.9 * Merge branch 'nested_interrupts_returns' - Drop hard numpy requirement, don't test on python36 - update to 0.9.18 * drop python2 * few fixes Moderate SUSE bug 1236405 CVE-2025-24359 at SUSE CVE-2025-24359 at NVD cpe:/o:opensuse:leap:15.6 Security update for dcmtk (Important) openSUSE Leap 15.6 This update for dcmtk fixes the following issues: Update to 3.6.9. See DOCS/CHANGES.368 for the full list of changes Security issues fixed: - CVE-2024-27628: Fixed buffer overflow via the EctEnhancedCT method (boo#1227235) - CVE-2024-34508: Fixed a segmentation fault via an invalid DIMSE message (boo#1223925) - CVE-2024-34509: Fixed segmentation fault via an invalid DIMSE message (boo#1223943) - CVE-2024-47796: Fixed out-of-bounds write due to improper array index validation in the nowindow functionality (boo#1235810) - CVE-2024-52333: Fixed out-of-bounds write due to improper array index validation in the determineMinMax functionality (boo#1235811) Important SUSE bug 1223925 SUSE bug 1223943 SUSE bug 1227235 SUSE bug 1235810 SUSE bug 1235811 CVE-2024-27628 at SUSE CVE-2024-27628 at NVD CVE-2024-34508 at SUSE CVE-2024-34508 at NVD CVE-2024-34509 at SUSE CVE-2024-34509 at NVD CVE-2024-47796 at SUSE CVE-2024-47796 at NVD CVE-2024-52333 at SUSE CVE-2024-52333 at NVD cpe:/o:opensuse:leap:15.6 Security update for trivy (Moderate) openSUSE Leap 15.6 This update for trivy fixes the following issues: Update to version 0.58.2 ( boo#1234512, CVE-2024-45337, boo#1235265, CVE-2024-45338): * fix(misconf): allow null values only for tf variables [backport: release/v0.58] (#8238) * fix(suse): SUSE - update OSType constants and references for compatility [backport: release/v0.58] (#8237) * fix: CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection via the URL field [backport: release/v0.58] (#8215) * fix(sbom): attach nested packages to Application [backport: release/v0.58] (#8168) * fix(python): skip dev group's deps for poetry [backport: release/v0.58] (#8158) * fix(sbom): use root package for `unknown` dependencies (if exists) [backport: release/v0.58] (#8156) * chore(deps): bump `golang.org/x/net` from `v0.32.0` to `v0.33.0` [backport: release/v0.58] (#8142) * chore(deps): bump `github.com/CycloneDX/cyclonedx-go` from `v0.9.1` to `v0.9.2` [backport: release/v0.58] (#8136) * fix(redhat): correct rewriting of recommendations for the same vulnerability [backport: release/v0.58] (#8135) * fix(oracle): add architectures support for advisories [backport: release/v0.58] (#8125) * fix(sbom): fix wrong overwriting of applications obtained from different sbom files but having same app type [backport: release/v0.58] (#8124) * chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 [backport: release/v0.58] (#8122) * fix: handle `BLOW_UNKNOWN` error to download DBs [backport: release/v0.58] (#8121) * fix(java): correctly overwrite version from depManagement if dependency uses `project.*` props [backport: release/v0.58] (#8119) * release: v0.58.0 [main] (#7874) * fix(misconf): wrap AWS EnvVar to iac types (#7407) * chore(deps): Upgrade trivy-checks (#8018) * refactor(misconf): Remove unused options (#7896) * docs: add terminology page to explain Trivy concepts (#7996) * feat: add `workspaceRelationship` (#7889) * refactor(sbom): simplify relationship generation (#7985) * docs: improve databases documentation (#7732) * refactor: remove support for custom Terraform checks (#7901) * docs: drop AWS account scanning (#7997) * fix(aws): change CPU and Memory type of ContainerDefinition to a string (#7995) * fix(cli): Handle empty ignore files more gracefully (#7962) * fix(misconf): load full Terraform module (#7925) * fix(misconf): properly resolve local Terraform cache (#7983) * refactor(k8s): add v prefix for Go packages (#7839) * test: replace Go checks with Rego (#7867) * feat(misconf): log causes of HCL file parsing errors (#7634) * chore(deps): bump the aws group across 1 directory with 7 updates (#7991) * chore(deps): bump github.com/moby/buildkit from 0.17.0 to 0.17.2 in the docker group across 1 directory (#7990) * chore(deps): update csaf module dependency from csaf-poc to gocsaf (#7992) * chore: downgrade the failed block expand message to debug (#7964) * fix(misconf): do not erase variable type for child modules (#7941) * feat(go): construct dependencies of `go.mod` main module in the parser (#7977) * feat(go): construct dependencies in the parser (#7973) * feat: add cvss v4 score and vector in scan response (#7968) * docs: add `overview` page for `others` (#7972) * fix(sbom): Fixes for Programming Language Vulnerabilities and SBOM Package Maintainer Details (#7871) * feat(suse): Align SUSE/OpenSUSE OS Identifiers (#7965) * chore(deps): bump the common group with 4 updates (#7949) * feat(oracle): add `flavors` support (#7858) * fix(misconf): Update trivy-checks default repo to `mirror.gcr.io` (#7953) * chore(deps): Bump up trivy-checks to v1.3.0 (#7959) * fix(k8s): check all results for vulnerabilities (#7946) * ci(helm): bump Trivy version to 0.57.1 for Trivy Helm Chart 0.9.0 (#7945) * feat(secret): Add built-in secrets rules for Private Packagist (#7826) * docs: Fix broken links (#7900) * docs: fix mistakes/typos (#7942) * feat: Update registry fallbacks (#7679) * fix(alpine): add `UID` for removed packages (#7887) * chore(deps): bump the aws group with 6 updates (#7902) * chore(deps): bump the common group with 6 updates (#7904) * fix(debian): infinite loop (#7928) * fix(redhat): don't return error if `root/buildinfo/content_manifests/` contains files that are not `contentSets` files (#7912) * docs: add note about temporary podman socket (#7921) * docs: combine trivy.dev into trivy docs (#7884) * test: change branch in spdx schema link to check in integration tests (#7935) * docs: add Headlamp to the Trivy Ecosystem page (#7916) * fix(report): handle `git@github.com` schema for misconfigs in `sarif` report (#7898) * chore(k8s): enhance k8s scan log (#6997) * fix(terraform): set null value as fallback for missing variables (#7669) * fix(misconf): handle null properties in CloudFormation templates (#7813) * fix(fs): add missing defered Cleanup() call to post analyzer fs (#7882) * chore(deps): bump the common group across 1 directory with 20 updates (#7876) * chore: bump containerd to v2.0.0 (#7875) * fix: Improve version comparisons when build identifiers are present (#7873) * feat(k8s): add default commands for unknown platform (#7863) * chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (#7868) * refactor(secret): optimize performance by moving ToLower operation outside loop (#7862) * test: save `containerd` image into archive and use in tests (#7816) * chore(deps): bump the github-actions group across 1 directory with 2 updates (#7854) * chore: bump golangci-lint to v1.61.0 (#7853) - Update to version 0.57.1: * release: v0.57.1 [release/v0.57] (#7943) * feat: Update registry fallbacks [backport: release/v0.57] (#7944) * fix(redhat): don't return error if `root/buildinfo/content_manifests/` contains files that are not `contentSets` files [backport: release/v0.57] (#7939) * test: change branch in spdx schema link to check in integration tests [backport: release/v0.57] (#7940) * release: v0.57.0 [main] (#7710) * chore: lint `errors.Join` (#7845) * feat(db): append errors (#7843) * docs(java): add info about supported scopes (#7842) * docs: add example of creating whitelist of checks (#7821) * chore(deps): Bump trivy-checks (#7819) * fix(go): Do not trim v prefix from versions in Go Mod Analyzer (#7733) * fix(k8s): skip resources without misconfigs (#7797) * fix(sbom): use `Annotation` instead of `AttributionTexts` for `SPDX` formats (#7811) * fix(cli): add config name to skip-policy-update alias (#7820) * fix(helm): properly handle multiple archived dependencies (#7782) * refactor(misconf): Deprecate `EXCEPTIONS` for misconfiguration scanning (#7776) * fix(k8s)!: support k8s multi container (#7444) * fix(k8s): support kubernetes v1.31 (#7810) * docs: add Windows install instructions (#7800) * ci(helm): auto public Helm chart after PR merged (#7526) * feat: add end of life date for Ubuntu 24.10 (#7787) * feat(report): update gitlab template to populate operating_system value (#7735) * feat(misconf): Show misconfig ID in output (#7762) * feat(misconf): export unresolvable field of IaC types to Rego (#7765) * refactor(k8s): scan config files as a folder (#7690) * fix(license): fix license normalization for Universal Permissive License (#7766) * fix: enable usestdlibvars linter (#7770) * fix(misconf): properly expand dynamic blocks (#7612) * feat(cyclonedx): add file checksums to `CycloneDX` reports (#7507) * fix(misconf): fix for Azure Storage Account network acls adaptation (#7602) * refactor(misconf): simplify k8s scanner (#7717) * feat(parser): ignore white space in pom.xml files (#7747) * test: use forked images (#7755) * fix(java): correctly inherit `version` and `scope` from upper/root `depManagement` and `dependencies` into parents (#7541) * fix(misconf): check if property is not nil before conversion (#7578) * fix(misconf): change default ACL of digitalocean_spaces_bucket to private (#7577) * feat(misconf): ssl_mode support for GCP SQL DB instance (#7564) * test: define constants for test images (#7739) * docs: add note about disabled DS016 check (#7724) * feat(misconf): public network support for Azure Storage Account (#7601) * feat(cli): rename `trivy auth` to `trivy registry` (#7727) * docs: apt-transport-https is a transitional package (#7678) * refactor(misconf): introduce generic scanner (#7515) * fix(cli): `clean --all` deletes only relevant dirs (#7704) * feat(cli): add `trivy auth` (#7664) * fix(sbom): add options for DBs in private registries (#7660) * docs(report): fix reporting doc format (#7671) * fix(repo): `git clone` output to Stderr (#7561) * fix(redhat): include arch in PURL qualifiers (#7654) * fix(report): Fix invalid URI in SARIF report (#7645) * docs(report): Improve SARIF reporting doc (#7655) * fix(db): fix javadb downloading error handling (#7642) * feat(cli): error out when ignore file cannot be found (#7624) - Update to version 0.56.2: * release: v0.56.2 [release/v0.56] (#7694) * fix(redhat): include arch in PURL qualifiers [backport: release/v0.56] (#7702) * fix(sbom): add options for DBs in private registries [backport: release/v0.56] (#7691) - Update to version 0.56.1: * release: v0.56.1 [release/v0.56] (#7648) * fix(db): fix javadb downloading error handling [backport: release/v0.56] (#7646) * release: v0.56.0 [main] (#7447) * fix(misconf): not to warn about missing selectors of libraries (#7638) * feat: support RPM archives (#7628) * fix(secret): change grafana token regex to find them without unquoted (#7627) * fix(misconf): Disable deprecated checks by default (#7632) * chore: add prefixes to log messages (#7625) * feat(misconf): Support `--skip-*` for all included modules (#7579) * feat: support multiple DB repositories for vulnerability and Java DB (#7605) * ci: don't use cache for `setup-go` (#7622) * test: use loaded image names (#7617) * feat(java): add empty versions if `pom.xml` dependency versions can't be detected (#7520) * feat(secret): enhance secret scanning for python binary files (#7223) * refactor: fix auth error handling (#7615) * ci: split `save` and `restore` cache actions (#7614) * fix(misconf): disable DS016 check for image history analyzer (#7540) * feat(suse): added SUSE Linux Enterprise Micro support (#7294) * feat(misconf): add ability to disable checks by ID (#7536) * fix(misconf): escape all special sequences (#7558) * test: use a local registry for remote scanning (#7607) * fix: allow access to '..' in mapfs (#7575) * fix(db): check `DownloadedAt` for `trivy-java-db` (#7592) * chore(deps): bump the common group across 1 directory with 20 updates (#7604) * ci: add `workflow_dispatch` trigger for test workflow. (#7606) * ci: cache test images for `integration`, `VM` and `module` tests (#7599) * chore(deps): remove broken replaces for opa and discovery (#7600) * docs(misconf): Add more info on how to use arbitrary JSON/YAML scan feat (#7458) * fix(misconf): Fixed scope for China Cloud (#7560) * perf(misconf): use port ranges instead of enumeration (#7549) * fix(sbom): export bom-ref when converting a package to a component (#7340) * refactor(misconf): pass options to Rego scanner as is (#7529) * fix(sbom): parse type `framework` as `library` when unmarshalling `CycloneDX` files (#7527) * chore(deps): bump go-ebs-file (#7513) * fix(misconf): Fix logging typo (#7473) * feat(misconf): Register checks only when needed (#7435) * refactor: split `.egg` and `packaging` analyzers (#7514) * fix(java): use `dependencyManagement` from root/child pom's for dependencies from parents (#7497) * chore(vex): add `CVE-2024-34155`, `CVE-2024-34156` and `CVE-2024-34158` in `trivy.openvex.json` (#7510) * chore(deps): bump alpine from 3.20.0 to 3.20.3 (#7508) * chore(vex): suppress openssl vulnerabilities (#7500) * revert(java): stop supporting of `test` scope for `pom.xml` files (#7488) * docs(db): add a manifest example (#7485) * feat(license): improve license normalization (#7131) * docs(oci): Add a note About the expected Media Type for the Trivy-DB OCI Artifact (#7449) * fix(report): fix error with unmarshal of `ExperimentalModifiedFindings` (#7463) * fix(report): change a receiver of MarshalJSON (#7483) * fix(oracle): Update EOL date for Oracle 7 (#7480) * chore(deps): bump the aws group with 6 updates (#7468) * chore(deps): bump the common group across 1 directory with 19 updates (#7436) * chore(helm): bump up Trivy Helm chart (#7441) * refactor(java): add error/statusCode for logs when we can't get pom.xml/maven-metadata.xml from remote repo (#7451) * fix(license): stop spliting a long license text (#7336) * release: v0.55.0 [main] (#7271) * feat(go): use `toolchain` as `stdlib` version for `go.mod` files (#7163) * fix(license): add license handling to JUnit template (#7409) * feat(java): add `test` scope support for `pom.xml` files (#7414) * chore(deps): Bump trivy-checks and pin OPA (#7427) * fix(helm): explicitly define `kind` and `apiVersion` of `volumeClaimTemplate` element (#7362) * feat(sbom): set User-Agent header on requests to Rekor (#7396) * test: add integration plugin tests (#7299) * fix(nodejs): check all `importers` to detect dev deps from pnpm-lock.yaml file (#7387) * fix: logger initialization before flags parsing (#7372) * fix(aws): handle ECR repositories in different regions (#6217) * fix(misconf): fix infer type for null value (#7424) * fix(secret): use `.eyJ` keyword for JWT secret (#7410) * fix(misconf): do not recreate filesystem map (#7416) * chore(deps): Bump trivy-checks (#7417) * fix(misconf): do not register Rego libs in checks registry (#7420) * fix(sbom): use `NOASSERTION` for licenses fields in SPDX formats (#7403) * feat(report): export modified findings in JSON (#7383) * feat(server): Make Trivy Server Multiplexer Exported (#7389) * chore: update CODEOWNERS (#7398) * fix(secret): use only line with secret for long secret lines (#7412) * chore: fix allow rule of ignoring test files to make it case insensitive (#7415) * feat(misconf): port and protocol support for EC2 networks (#7146) * fix(misconf): do not filter Terraform plan JSON by name (#7406) * feat(misconf): support for ignore by nested attributes (#7205) * fix(misconf): use module to log when metadata retrieval fails (#7405) * fix(report): escape `Message` field in `asff.tpl` template (#7401) * feat(misconf): Add support for using spec from on-disk bundle (#7179) * docs: add pkg flags to config file page (#7370) * feat(python): use minimum version for pip packages (#7348) * fix(misconf): support deprecating for Go checks (#7377) * fix(misconf): init frameworks before updating them (#7376) * feat(misconf): ignore duplicate checks (#7317) * refactor(misconf): use slog (#7295) * chore(deps): bump trivy-checks (#7350) * feat(server): add internal `--path-prefix` flag for client/server mode (#7321) * chore(deps): bump the aws group across 1 directory with 7 updates (#7358) * fix: safely check if the directory exists (#7353) * feat(misconf): variable support for Terraform Plan (#7228) * feat(misconf): scanning support for YAML and JSON (#7311) * fix(misconf): wrap Azure PortRange in iac types (#7357) * refactor(misconf): highlight only affected rows (#7310) * fix(misconf): change default TLS values for the Azure storage account (#7345) * chore(deps): bump the common group with 9 updates (#7333) * docs(misconf): Update callsites to use correct naming (#7335) * docs: update air-gapped docs (#7160) * refactor: replace ftypes.Gradle with packageurl.TypeGradle (#7323) * perf(misconf): optimize work with context (#6968) * docs: update links to packaging.python.org (#7318) * docs: update client/server docs for misconf and license scanning (#7277) * chore(deps): bump the common group across 1 directory with 7 updates (#7305) * feat(misconf): iterator argument support for dynamic blocks (#7236) * fix(misconf): do not set default value for default_cache_behavior (#7234) * feat(misconf): support for policy and bucket grants (#7284) * fix(misconf): load only submodule if it is specified in source (#7112) * perf(misconf): use json.Valid to check validity of JSON (#7308) * refactor(misconf): remove unused universal scanner (#7293) * perf(misconf): do not convert contents of a YAML file to string (#7292) * fix(terraform): add aws_region name to presets (#7184) * docs: add auto-generated config (#7261) * feat(vuln): Add `--detection-priority` flag for accuracy tuning (#7288) * refactor(misconf): remove file filtering from parsers (#7289) * fix(flag): incorrect behavior for deprected flag `--clear-cache` (#7281) * fix(java): Return error when trying to find a remote pom to avoid segfault (#7275) * fix(plugin): do not call GitHub content API for releases and tags (#7274) * feat(vm): support the Ext2/Ext3 filesystems (#6983) * feat(cli)!: delete deprecated SBOM flags (#7266) * feat(vm): Support direct filesystem (#7058) - Update to version 0.51.1 (boo#1227010, CVE-2024-3817): Moderate SUSE bug 1227010 SUSE bug 1234512 SUSE bug 1235265 CVE-2024-34155 at SUSE CVE-2024-34155 at NVD CVE-2024-34156 at SUSE CVE-2024-34156 at NVD CVE-2024-34158 at SUSE CVE-2024-34158 at NVD CVE-2024-3817 at SUSE CVE-2024-3817 at NVD CVE-2024-45337 at SUSE CVE-2024-45337 at NVD CVE-2024-45338 at SUSE CVE-2024-45338 at NVD CVE-2025-21613 at SUSE CVE-2025-21613 at NVD CVE-2025-21614 at SUSE CVE-2025-21614 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: - Chromium 133.0.6943.53 (stable released 2024-02-04) (boo#1236806) * CVE-2025-0444: Use after free in Skia * CVE-2025-0445: Use after free in V8 * CVE-2025-0451: Inappropriate implementation in Extensions API - Chromium 133.0.6943.35 (beta released 2025-01-29) Important SUSE bug 1236806 CVE-2025-0444 at SUSE CVE-2025-0444 at NVD CVE-2025-0445 at SUSE CVE-2025-0445 at NVD CVE-2025-0451 at SUSE CVE-2025-0451 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: Chromium 133.0.6943.98 (boo#1237121): - CVE-2025-0995: Use after free in V8 - CVE-2025-0996: Inappropriate implementation in Browser UI - CVE-2025-0997: Use after free in Navigation - CVE-2025-0998: Out of bounds memory access in V8 Important SUSE bug 1237121 CVE-2025-0995 at SUSE CVE-2025-0995 at NVD CVE-2025-0996 at SUSE CVE-2025-0996 at NVD CVE-2025-0997 at SUSE CVE-2025-0997 at NVD CVE-2025-0998 at SUSE CVE-2025-0998 at NVD cpe:/o:opensuse:leap:15.6 Security update for cpp-httplib (Moderate) openSUSE Leap 15.6 This update for cpp-httplib fixes the following issues: - CVE-2025-0825: Fix where cpp-httplib fails to filter CRLF characters when those are prefixed with a null byte (boo#1236790) Moderate SUSE bug 1236790 CVE-2025-0825 at SUSE CVE-2025-0825 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-11-openj9 (Important) openSUSE Leap 15.6 This update for java-11-openj9 fixes the following issues: - Update to OpenJDK 11.0.26 with OpenJ9 0.49.0 virtual machine - Including Oracle October 2024 and January 2025 CPU changes * CVE-2024-21208 (boo#1231702), CVE-2024-21210 (boo#1231711), CVE-2024-21217 (boo#1231716), CVE-2024-21235 (boo#1231719), CVE-2025-21502 (boo#1236278) * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.49/ - Update to OpenJDK 11.0.24 with OpenJ9 0.46.0 virtual machine - Including Oracle July 2024 CPU changes * CVE-2024-21131 (boo#1228046), CVE-2024-21138 (boo#1228047), CVE-2024-21140 (boo#1228048), CVE-2024-21144 (boo#1228050), CVE-2024-21147 (boo#1228052), CVE-2024-21145 (boo#1228051) * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.46/ - Update to OpenJDK 11.0.23 with OpenJ9 0.44.0 virtual machine - Including Oracle April 2024 CPU changes * CVE-2024-21012 (boo#1222987), CVE-2024-21094 (boo#1222986), CVE-2024-21011 (boo#1222979), CVE-2024-21085 (boo#1222984), CVE-2024-21068 (boo#1222983) - Including OpenJ9/OMR specific fix: * CVE-2024-3933 (boo#1225470) * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.44/ - Update to OpenJDK 11.0.22 with OpenJ9 0.43.0 virtual machine - Including Oracle January 2024 CPU changes * CVE-2024-20918 (boo#1218907), CVE-2024-20919 (boo#1218903), CVE-2024-20921 (boo#1218905), CVE-2024-20926 (boo#1218906), CVE-2024-20945 (boo#1218909), CVE-2024-20952 (boo#1218911) * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.43/ - Remove the possibility to put back removes JavaEE modules, since our Java stack does not need this hack any more - Update to OpenJDK 11.0.21 with OpenJ9 0.41.0 virtual machine - Including Oracle October 2023 CPU changes * CVE-2023-22081, boo#1216374 - Including Openj9 0.41.0 fixes of CVE-2023-5676, boo#1217214 * For other OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.41 - Update to OpenJDK 11.0.20.1 with OpenJ9 0.40.0 virtual machine * JDK-8313765: Invalid CEN header (invalid zip64 extra data field size) - Update to OpenJDK 11.0.20 with OpenJ9 0.40.0 virtual machine - Including Oracle April 2023 CPU changes * CVE-2023-22006 (boo#1213473), CVE-2023-22036 (boo#1213474), CVE-2023-22041 (boo#1213475), CVE-2023-22045 (boo#1213481), CVE-2023-22049 (boo#1213482), CVE-2023-25193 (boo#1207922) * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.40 - Update to OpenJDK 11.0.19 with OpenJ9 0.38.0 virtual machine - Including Oracle April 2023 CPU changes * CVE-2023-21930 (boo#1210628), CVE-2023-21937 (boo#1210631), CVE-2023-21938 (boo#1210632), CVE-2023-21939 (boo#1210634), CVE-2023-21954 (boo#1210635), CVE-2023-21967 (boo#1210636), CVE-2023-21968 (boo#1210637) * OpenJ9 specific vulnerability: CVE-2023-2597 (boo#1211615) * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.38 - Update to OpenJDK 11.0.18 with OpenJ9 0.36.1 virtual machine * Including Oracle January 2023 CPU changes + CVE-2023-21835, boo#1207246 + CVE-2023-21843, boo#1207248 * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.36 - Update to OpenJDK 11.0.17 with OpenJ9 0.35.0 virtual machine * Including Oracle October 2022 CPU changes CVE-2022-21618 (boo#1204468), CVE-2022-21619 (boo#1204473), CVE-2022-21626 (boo#1204471), CVE-2022-21624 (boo#1204475), CVE-2022-21628 (boo#1204472), CVE-2022-39399 (boo#1204480) * Fixes OpenJ9 vulnerability boo#1204703, CVE-2022-3676 * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.35 - Update to OpenJDK 11.0.16 with OpenJ9 0.33.0 virtual machine * Including Oracle July 2022 CPU changes CVE-2022-21540 (boo#1201694), CVE-2022-21541 (boo#1201692), CVE-2022-34169 (boo#1201684) * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.33 - Update to OpenJDK 11.0.15 with OpenJ9 0.32.0 virtual machine * Fixes boo#1198935, CVE-2021-41041: unverified methods can be invoked using MethodHandles * Including Oracle April 2022 CPU fixes CVE-2022-21426 (boo#1198672), CVE-2022-21434 (boo#1198674), CVE-2022-21443 (boo#1198675), CVE-2022-21476 (boo#1198671), CVE-2022-21496 (boo#1198673) * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.32 - Update to OpenJDK 11.0.14.1 with OpenJ9 0.30.1 virtual machine * including Oracle January 2022 CPU changes (boo#1194925, boo#1194926, boo#1194927, boo#1194928, boo#1194929, boo#1194930, boo#1194931, boo#1194932, boo#1194933, boo#1194934, boo#1194935, boo#1194937, boo#1194939, boo#1194940, boo#1194941) * OpenJ9 changes see https://www.eclipse.org/openj9/docs/version0.30.1 - Update to OpenJDK 11.0.13 with OpenJ9 0.29.0 virtual machine * including Oracle July 2021 and October 2021 CPU changes (boo#1188564, boo#1188565, boo#1188566, boo#1191901, boo#1191909, boo#1191910, boo#1191911, boo#1191912, boo#1191913, boo#1191903, boo#1191904, boo#1191914, boo#1191906) * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.29 - Update to OpenJDK 11.0.11 with OpenJ9 0.26.0 virtual machine * including Oracle April 2021 CPU changes (boo#1185055 and boo#1185056) * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.26 - Update to OpenJDK 11.0.10 with OpenJ9 0.24.0 virtual machine * including Oracle January 2021 CPU changes (boo#1181239) * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.24 Important SUSE bug 1181239 SUSE bug 1185055 SUSE bug 1185056 SUSE bug 1188564 SUSE bug 1188565 SUSE bug 1188566 SUSE bug 1191901 SUSE bug 1191903 SUSE bug 1191904 SUSE bug 1191906 SUSE bug 1191909 SUSE bug 1191910 SUSE bug 1191911 SUSE bug 1191912 SUSE bug 1191913 SUSE bug 1191914 SUSE bug 1194925 SUSE bug 1194926 SUSE bug 1194927 SUSE bug 1194928 SUSE bug 1194929 SUSE bug 1194930 SUSE bug 1194931 SUSE bug 1194932 SUSE bug 1194933 SUSE bug 1194934 SUSE bug 1194935 SUSE bug 1194937 SUSE bug 1194939 SUSE bug 1194940 SUSE bug 1194941 SUSE bug 1198671 SUSE bug 1198672 SUSE bug 1198673 SUSE bug 1198674 SUSE bug 1198675 SUSE bug 1198935 SUSE bug 1201684 SUSE bug 1201692 SUSE bug 1201694 SUSE bug 1204468 SUSE bug 1204471 SUSE bug 1204472 SUSE bug 1204473 SUSE bug 1204475 SUSE bug 1204480 SUSE bug 1204703 SUSE bug 1206549 SUSE bug 1207246 SUSE bug 1207248 SUSE bug 1207922 SUSE bug 1210628 SUSE bug 1210631 SUSE bug 1210632 SUSE bug 1210634 SUSE bug 1210635 SUSE bug 1210636 SUSE bug 1210637 SUSE bug 1211615 SUSE bug 1213470 SUSE bug 1213473 SUSE bug 1213474 SUSE bug 1213475 SUSE bug 1213481 SUSE bug 1213482 SUSE bug 1216374 SUSE bug 1217214 SUSE bug 1218903 SUSE bug 1218905 SUSE bug 1218906 SUSE bug 1218907 SUSE bug 1218909 SUSE bug 1218911 SUSE bug 1222979 SUSE bug 1222983 SUSE bug 1222984 SUSE bug 1222986 SUSE bug 1222987 SUSE bug 1225470 SUSE bug 1228046 SUSE bug 1228047 SUSE bug 1228048 SUSE bug 1228050 SUSE bug 1228051 SUSE bug 1228052 SUSE bug 1231702 SUSE bug 1231711 SUSE bug 1231716 SUSE bug 1231719 SUSE bug 1236278 SUSE bug 1236804 CVE-2020-14803 at SUSE CVE-2020-14803 at NVD CVE-2021-41041 at SUSE CVE-2021-41041 at NVD CVE-2022-21426 at SUSE CVE-2022-21426 at NVD CVE-2022-21434 at SUSE CVE-2022-21434 at NVD CVE-2022-21443 at SUSE CVE-2022-21443 at NVD CVE-2022-21476 at SUSE CVE-2022-21476 at NVD CVE-2022-21496 at SUSE CVE-2022-21496 at NVD CVE-2022-21540 at SUSE CVE-2022-21540 at NVD CVE-2022-21541 at SUSE CVE-2022-21541 at NVD CVE-2022-21618 at SUSE CVE-2022-21618 at NVD CVE-2022-21619 at SUSE CVE-2022-21619 at NVD CVE-2022-21624 at SUSE CVE-2022-21624 at NVD CVE-2022-21626 at SUSE CVE-2022-21626 at NVD CVE-2022-21628 at SUSE CVE-2022-21628 at NVD CVE-2022-34169 at SUSE CVE-2022-34169 at NVD CVE-2022-3676 at SUSE CVE-2022-3676 at NVD CVE-2022-39399 at SUSE CVE-2022-39399 at NVD CVE-2023-21835 at SUSE CVE-2023-21835 at NVD CVE-2023-21843 at SUSE CVE-2023-21843 at NVD CVE-2023-21930 at SUSE CVE-2023-21930 at NVD CVE-2023-21937 at SUSE CVE-2023-21937 at NVD CVE-2023-21938 at SUSE CVE-2023-21938 at NVD CVE-2023-21939 at SUSE CVE-2023-21939 at NVD CVE-2023-21954 at SUSE CVE-2023-21954 at NVD CVE-2023-21967 at SUSE CVE-2023-21967 at NVD CVE-2023-21968 at SUSE CVE-2023-21968 at NVD CVE-2023-22006 at SUSE CVE-2023-22006 at NVD CVE-2023-22036 at SUSE CVE-2023-22036 at NVD CVE-2023-22041 at SUSE CVE-2023-22041 at NVD CVE-2023-22045 at SUSE CVE-2023-22045 at NVD CVE-2023-22049 at SUSE CVE-2023-22049 at NVD CVE-2023-22081 at SUSE CVE-2023-22081 at NVD CVE-2023-25193 at SUSE CVE-2023-25193 at NVD CVE-2023-2597 at SUSE CVE-2023-2597 at NVD CVE-2023-5676 at SUSE CVE-2023-5676 at NVD CVE-2024-20918 at SUSE CVE-2024-20918 at NVD CVE-2024-20919 at SUSE CVE-2024-20919 at NVD CVE-2024-20921 at SUSE CVE-2024-20921 at NVD CVE-2024-20926 at SUSE CVE-2024-20926 at NVD CVE-2024-20945 at SUSE CVE-2024-20945 at NVD CVE-2024-20952 at SUSE CVE-2024-20952 at NVD CVE-2024-21011 at SUSE CVE-2024-21011 at NVD CVE-2024-21012 at SUSE CVE-2024-21012 at NVD CVE-2024-21068 at SUSE CVE-2024-21068 at NVD CVE-2024-21085 at SUSE CVE-2024-21085 at NVD CVE-2024-21094 at SUSE CVE-2024-21094 at NVD CVE-2024-21131 at SUSE CVE-2024-21131 at NVD CVE-2024-21138 at SUSE CVE-2024-21138 at NVD CVE-2024-21140 at SUSE CVE-2024-21140 at NVD CVE-2024-21144 at SUSE CVE-2024-21144 at NVD CVE-2024-21145 at SUSE CVE-2024-21145 at NVD CVE-2024-21147 at SUSE CVE-2024-21147 at NVD CVE-2024-21208 at SUSE CVE-2024-21208 at NVD CVE-2024-21210 at SUSE CVE-2024-21210 at NVD CVE-2024-21217 at SUSE CVE-2024-21217 at NVD CVE-2024-21235 at SUSE CVE-2024-21235 at NVD CVE-2024-3933 at SUSE CVE-2024-3933 at NVD CVE-2025-21502 at SUSE CVE-2025-21502 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-17-openj9 (Important) openSUSE Leap 15.6 This update for java-17-openj9 fixes the following issues: - Update to OpenJDK 17.0.14 with OpenJ9 0.49.0 virtual machine - Including Oracle October 2024 and January 2025 CPU changes * CVE-2024-21208 (boo#1231702), CVE-2024-21210 (boo#1231711), CVE-2024-21217 (boo#1231716), CVE-2024-21235 (boo#1231719), CVE-2025-21502 (boo#1236278) * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.49/ - Update to OpenJDK 17.0.12 with OpenJ9 0.46.0 virtual machine - Including Oracle July 2024 CPU changes * CVE-2024-21131 (boo#1228046), CVE-2024-21138 (boo#1228047), CVE-2024-21140 (boo#1228048), CVE-2024-21147 (boo#1228052), CVE-2024-21145 (boo#1228051) * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.46/ - Update to OpenJDK 17.0.11 with OpenJ9 0.44.0 virtual machine - Including Oracle April 2024 CPU changes * CVE-2024-21012 (boo#1222987), CVE-2024-21094 (boo#1222986), CVE-2024-21011 (boo#1222979), CVE-2024-21068 (boo#1222983) * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.44/ - Update to OpenJDK 17.0.10 with OpenJ9 0.43.0 virtual machine - Including Oracle January 2024 CPU changes * CVE-2024-20918 (boo#1218907), CVE-2024-20919 (boo#1218903), CVE-2024-20921 (boo#1218905), CVE-2024-20932 (boo#1218908), CVE-2024-20945 (boo#1218909), CVE-2024-20952 (boo#1218911) * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.43/ - Update to OpenJDK 17.0.9 with OpenJ9 0.41.0 virtual machine - Including Oracle October 2023 CPU changes * CVE-2023-22081, boo#1216374 * CVE-2023-22025, boo#1216339 - Including Openj9 0.41.0 fixes of CVE-2023-5676, boo#1217214 * For other OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.41 - Update to OpenJDK 17.0.8.1 with OpenJ9 0.40.0 virtual machine * JDK-8313765: Invalid CEN header (invalid zip64 extra data field size) - Update to OpenJDK 17.0.8 with OpenJ9 0.40.0 virtual machine - Including Oracle July 2023 CPU changes * CVE-2023-22006 (boo#1213473), CVE-2023-22036 (boo#1213474), CVE-2023-22041 (boo#1213475), CVE-2023-22044 (boo#1213479), CVE-2023-22045 (boo#1213481), CVE-2023-22049 (boo#1213482), CVE-2023-25193 (boo#1207922) * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.40 - Update to OpenJDK 17.0.7 with OpenJ9 0.38.0 virtual machine - Including Oracle April 2023 CPU changes * CVE-2023-21930 (boo#1210628), CVE-2023-21937 (boo#1210631), CVE-2023-21938 (boo#1210632), CVE-2023-21939 (boo#1210634), CVE-2023-21954 (boo#1210635), CVE-2023-21967 (boo#1210636), CVE-2023-21968 (boo#1210637) * OpenJ9 specific vulnerability: CVE-2023-2597 (boo#1211615) * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.38 - Update to OpenJDK 17.0.6 with OpenJ9 0.36.0 virtual machine * including Oracle January 2023 CPU changes + CVE-2023-21835, boo#1207246 + CVE-2023-21843, boo#1207248 * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.36 - Update to OpenJDK 17.0.5 with OpenJ9 0.35.0 virtual machine * Including Oracle October 2022 CPU changes CVE-2022-21618 (boo#1204468), CVE-2022-21619 (boo#1204473), CVE-2022-21626 (boo#1204471), CVE-2022-21624 (boo#1204475), CVE-2022-21628 (boo#1204472), CVE-2022-39399 (boo#1204480) * Fixes OpenJ9 vulnerability boo#1204703, CVE-2022-3676 * OpenJ9 changes, see https://www.eclipse.org/openj9/docs/version0.35 Important SUSE bug 1204468 SUSE bug 1204471 SUSE bug 1204472 SUSE bug 1204473 SUSE bug 1204475 SUSE bug 1204480 SUSE bug 1204703 SUSE bug 1206549 SUSE bug 1207246 SUSE bug 1207248 SUSE bug 1207922 SUSE bug 1210628 SUSE bug 1210631 SUSE bug 1210632 SUSE bug 1210634 SUSE bug 1210635 SUSE bug 1210636 SUSE bug 1210637 SUSE bug 1211615 SUSE bug 1213470 SUSE bug 1213473 SUSE bug 1213474 SUSE bug 1213475 SUSE bug 1213479 SUSE bug 1213481 SUSE bug 1213482 SUSE bug 1216339 SUSE bug 1216374 SUSE bug 1217214 SUSE bug 1218903 SUSE bug 1218905 SUSE bug 1218907 SUSE bug 1218908 SUSE bug 1218909 SUSE bug 1218911 SUSE bug 1222979 SUSE bug 1222983 SUSE bug 1222986 SUSE bug 1222987 SUSE bug 1228046 SUSE bug 1228047 SUSE bug 1228048 SUSE bug 1228051 SUSE bug 1228052 SUSE bug 1231702 SUSE bug 1231711 SUSE bug 1231716 SUSE bug 1231719 SUSE bug 1236278 SUSE bug 1236804 CVE-2022-21618 at SUSE CVE-2022-21618 at NVD CVE-2022-21619 at SUSE CVE-2022-21619 at NVD CVE-2022-21624 at SUSE CVE-2022-21624 at NVD CVE-2022-21626 at SUSE CVE-2022-21626 at NVD CVE-2022-21628 at SUSE CVE-2022-21628 at NVD CVE-2022-3676 at SUSE CVE-2022-3676 at NVD CVE-2022-39399 at SUSE CVE-2022-39399 at NVD CVE-2023-21835 at SUSE CVE-2023-21835 at NVD CVE-2023-21843 at SUSE CVE-2023-21843 at NVD CVE-2023-21930 at SUSE CVE-2023-21930 at NVD CVE-2023-21937 at SUSE CVE-2023-21937 at NVD CVE-2023-21938 at SUSE CVE-2023-21938 at NVD CVE-2023-21939 at SUSE CVE-2023-21939 at NVD CVE-2023-21954 at SUSE CVE-2023-21954 at NVD CVE-2023-21967 at SUSE CVE-2023-21967 at NVD CVE-2023-21968 at SUSE CVE-2023-21968 at NVD CVE-2023-22006 at SUSE CVE-2023-22006 at NVD CVE-2023-22025 at SUSE CVE-2023-22025 at NVD CVE-2023-22036 at SUSE CVE-2023-22036 at NVD CVE-2023-22041 at SUSE CVE-2023-22041 at NVD CVE-2023-22044 at SUSE CVE-2023-22044 at NVD CVE-2023-22045 at SUSE CVE-2023-22045 at NVD CVE-2023-22049 at SUSE CVE-2023-22049 at NVD CVE-2023-22081 at SUSE CVE-2023-22081 at NVD CVE-2023-25193 at SUSE CVE-2023-25193 at NVD CVE-2023-2597 at SUSE CVE-2023-2597 at NVD CVE-2023-5676 at SUSE CVE-2023-5676 at NVD CVE-2024-20918 at SUSE CVE-2024-20918 at NVD CVE-2024-20919 at SUSE CVE-2024-20919 at NVD CVE-2024-20921 at SUSE CVE-2024-20921 at NVD CVE-2024-20932 at SUSE CVE-2024-20932 at NVD CVE-2024-20945 at SUSE CVE-2024-20945 at NVD CVE-2024-20952 at SUSE CVE-2024-20952 at NVD CVE-2024-21011 at SUSE CVE-2024-21011 at NVD CVE-2024-21012 at SUSE CVE-2024-21012 at NVD CVE-2024-21068 at SUSE CVE-2024-21068 at NVD CVE-2024-21094 at SUSE CVE-2024-21094 at NVD CVE-2024-21131 at SUSE CVE-2024-21131 at NVD CVE-2024-21138 at SUSE CVE-2024-21138 at NVD CVE-2024-21140 at SUSE CVE-2024-21140 at NVD CVE-2024-21145 at SUSE CVE-2024-21145 at NVD CVE-2024-21147 at SUSE CVE-2024-21147 at NVD CVE-2024-21208 at SUSE CVE-2024-21208 at NVD CVE-2024-21210 at SUSE CVE-2024-21210 at NVD CVE-2024-21217 at SUSE CVE-2024-21217 at NVD CVE-2024-21235 at SUSE CVE-2024-21235 at NVD CVE-2025-21502 at SUSE CVE-2025-21502 at NVD cpe:/o:opensuse:leap:15.6 Security update for dcmtk (Important) openSUSE Leap 15.6 This update for dcmtk fixes the following issues: - CVE-2025-25472: Fixed a denial of service via a crafted DCM file (boo#1237369). - CVE-2025-25474: Fixed a denial of service via a crafted DICOM file (boo#1237365). - CVE-2025-25475: Fixed a buffer overflow via the component /dcmimgle/diinpxt.h (boo#1237355). Important SUSE bug 1237355 SUSE bug 1237365 SUSE bug 1237369 CVE-2025-25472 at SUSE CVE-2025-25472 at NVD CVE-2025-25474 at SUSE CVE-2025-25474 at NVD CVE-2025-25475 at SUSE CVE-2025-25475 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: Chromium 133.0.6943.126 (boo#1237343) - CVE-2025-0999: Heap buffer overflow in V8 - CVE-2025-1426: Heap buffer overflow in GPU - CVE-2025-1006: Use after free in Network Important SUSE bug 1237071 SUSE bug 1237343 CVE-2025-0999 at SUSE CVE-2025-0999 at NVD CVE-2025-1006 at SUSE CVE-2025-1006 at NVD CVE-2025-1426 at SUSE CVE-2025-1426 at NVD cpe:/o:opensuse:leap:15.6 Security update for radare2 (Moderate) openSUSE Leap 15.6 This update for radare2 fixes the following issues: - CVE-2025-1378: Fixed memory corruption (boo#1237250) https://github.com/radareorg/radare2/releases/tag/5.9.0 Update to version 5.8.8: For details, check full release notes * Faster analysis, type matching, binary parsing (2-4x) * Add assembler for riscv and disassemblers for PDP11, Alpha64 and armv7.v35 * Improved integration with r2frida remote filesystems * Cleaning debugger for windows (32 and 64) and macOS makes it more reliable and stable * Better build scripts for Windows (add asan and w32 profiles) * AES key wrap algorithm support in rahash2 * Print and convert ternary values back and forth - Update to 4.5.0 * Fix build of the onefied shared lib * Enable asm.jmpsub by default * Fix m68k analysis issues * Fix infinite loop bug related to anal.nopskip Moderate SUSE bug 1237250 CVE-2025-1378 at SUSE CVE-2025-1378 at NVD cpe:/o:opensuse:leap:15.6 Security update for crun (Moderate) openSUSE Leap 15.6 This update for crun fixes the following issues: Update to 1.20: * krun: fix CVE-2025-24965. The .krun_config.json file could be created outside of the container rootfs. (bsc#1237421) * cgroup: reverted the removal of tun/tap from the default allow list, this was done in crun-1.5. The tun/tap device is now added by default again. * CRIU: do not set network_lock unless explicitly specified. * status: disallow container names containing slashes in their name. * linux: Improved error message when failing to set the net.ipv4.ping_group_range sysctl. * scheduler: Ignore ENOSYS errors when resetting the CPU affinity mask. * linux: return a better error message when pidfd_open fails with EINVAL. * cgroup: display the absolute path to cgroup.controllers when a controller is unavailable. * exec: always call setsid. Now processes created through exec get the correct process group id. Update to 1.19.1: * linux: fix a hang if there are no reads from the tty. Use non blocking sockets to read and write from the tty so that the 'crun exec' process doesn't hang when the terminal is not consuming any data. * linux: remove the workaround needed to mount a cgroup on top of another cgroup mount. The workaround had the disadvantage to temporarily leak a mount on the host. The alternative that is currently used is to mount a temporary tmpfs between the twoo cgroup mounts. Update to 1.19: * wasm: add new handler wamr. * criu: allow passing network lock method to libcriu. * linux: honor exec cpu affinity mask. * build: fix build with musl libc. * crun: use mount API to self-clone. * cgroup, systemd: do not override devices on update. If the 'update' request has no device block configured, do not reset the previously configuration. * cgroup: handle case where cgroup v1 freezer is disabled. On systems without the freezer controller, containers were mistakenly reported as paused. * cgroup: do not stop process on exec. The cpu mask is configured on the systemd scope, the previous workaround to stop the container until the cgroup is fully configured is no longer needed. - Update to crun v1.18.2 Upstream changelog is available from <https://github.com/containers/crun/releases/tag/1.18.2> - Update to crun v1.18. Upstream changelog is available from <https://github.com/containers/crun/releases/tag/1.18> Update to 1.17: * Add --log-level option. It accepts error, warning and error. * Add debug logs for container creation. * Fix double-free in crun exec code that could lead to a crash. * Allow passing an ID to the journald log driver. * Report 'executable not found' errors after tty has been setup. * Do not treat EPIPE from hooks as an error. * Make sure DefaultDependencies is correctly set in the systemd scope. * Improve the error message when the container process is not found. * Improve error handling for the mnt namespace restoration. * Fix error handling for getpwuid_r, recvfrom and libcrun_kill_linux. * Fix handling of device paths with trailing slashes. - add url for keyring - enable leap by disabling wasmedge (not packaged for leap) Upstream release 1.16.1: - fix a regression introduced by 1.16 where using 'rshared' rootfs mount propagation and the rootfs itself is a mountpoint. - inherit user from original process on exec, if not overridden. Update to 1.16: - build: fix build for s390x. - linux: fix mount of special files with rro. Open the mount target with O_PATH to prevent open(2) failures with special files like FIFOs or UNIX sockets. - Fix sd-bus error handling for cpu quota and period props update. - container: use relative path for rootfs if possible. If the rootfs cannot be resolved and it is below the current working directory, only use its relative path. - wasmedge: access container environment variables for the WasmEdge configuration. - cgroup, systemd: use MemoryMax instead of MemoryLimit. Fixes a warning for using an old configuration name. - cgroup, systemd: improve checks for sd_bus_message_append errors New upstream release 1.15: * fix a mount point leak under /run/crun, add a retry mechanism to unmount the directory if the removal failed with EBUSY. * linux: cgroups: fix potential mount leak when /sys/fs/cgroup is already mounted, causing the posthooks to not run. * release: build s390x binaries using musl libc. * features: add support for potentiallyUnsafeConfigAnnotations. * handlers: add option to load wasi-nn plugin for wasmedge. * linux: fix 'harden chdir()' security measure. The previous check was not correct. * crun: add option --keep to the run command. When specified the container is not automatically deleted when it exits. New upstream release 1.14.4: - linux: fix mount of file with recursive flags. Do not assume it is a directory, but check the source type. - follow up for 1.14.2. Drop the version check for each command. - crun: drop check for OCI version. A recent bump in the OCI runtime specs caused crun to fail with every config file. Just drop the check since it doesn't add any value. - there was recently a security vulnerability (CVE-2024-21626) in runc that allowed a malicious user to chdir(2) to a /proc/*/fd entry that is outside the container rootfs. While crun is not affected directly, harden chdir by validating that we are still inside the container rootfs. - container: attempt to close all the files before execv(2). if we leak any fd, it prevents execv to gain access to files outside the container rootfs through /proc/self/fd/$fd. - fix a regression caused by 1.14 when installing the ebpf filter on a kernel older than 5.11. - cgroup, systemd: fix segfault if the resources block is not specified. Update to 1.14: * build: drop dependency on libgcrypt. Use blake3 to compute the cache key. * cpuset: don't clobber parent cgroup value when writing the cpuset value. * linux: force umask(0). It ensures that the mknodat syscall is not affected by the umask of the calling process, allowing file permissions to be set as specified in the OCI configuration. * ebpf: do not require MEMLOCK for eBPF programs. This requirement was relaxed in Linux 5.11. - update to 1.13: * src: use O_CLOEXEC for all open/openat calls * cgroup v1: use 'max' when pids limit < 0. * improve error message when idmap mount fails because the underlying file system has no support for it. * libcrun: fix compilation when building without libseccomp and libcap. * fix relative idmapped mount when using the custom annotation. - New upstream release 1.12: * add new WebAssembly handler: spin. * systemd: fallback to system bus if session bus is not available. * configure the cpu rt and cpuset controllers before joining them to avoid running temporarily the workload on the wrong cpus. * preconfigure the cpuset with required resources instead of using the parent's set. This prevents needless churn in the kernel as it tracks which CPUs have load balancing disabled. * try attr/<lsm>/* before the attr/* files. Writes to the attr/* files may fail if apparmor is not the first 'major' LSM in the list of loaded LSMs (e.g. lsm=apparmor,bpf vs lsm=bpf,apparmor). - New upstream release 1.11.2: * fix a regression caused by 1.11.1 where the process crashes if there are no CPU limits configured on cgroup v1. (boo#1217590) * fix error code check for the ptsname_r function. - update to 1.11.1: * force a remount operation with bind mounts from the host to correctly set all the mount flags. * cgroup: honor cpu burst. * systemd: set CPUQuota and CPUPeriod on the scope cgroup. * linux: append tmpfs mode if missing for mounts. This is the same behavior of runc. * cgroup: always use the user session for rootless. * support for Intel Resource Director Technology (RDT). * new mount option 'copy-symlink'. When provided for a mount, if the source is a symlink, then it is copied in the container instead of attempting a mount. * linux: open mounts before setgroups if in a userns. This solves a problem where a directory that was previously accessible to the user, become inaccessible after setgroups causing the bind mount to fail. - New upstream release 1.9.2: * cgroup: reset the inherited cpu affinity after moving to cgroup. Old kernels do that automatically, but new kernels remember the affinity that was set before the cgroup move, so we need to reset it in order to honor the cpuset configuration. - New upstream release 1.9.1: * utils: ignore ENOTSUP when chmod a symlink. It fixes a problem on Linux 6.6 that always refuses chmod on a symlink. * build: fix build on CentOS 7 * linux: add new fallback when mount fails with EBUSY, so that there is not an additional tmpfs mount if not needed. * utils: improve error message when a directory cannot be created as a component of the path is already existing as a non directory. - Only build with wasmedge on x86_64 & aarch64 - Add crun-wasm symlink for platform 'wasi/wasm' - Update to 1.9: * linux: support arbitrary idmapped mounts. * linux: add support for 'ridmap' mount option to support recursive idmapped mounts. * crun delete: call systemd's reset-failed. * linux: fix check for oom_score_adj. * features: Support mountExtensions. * linux: correctly handle unknown signal string when it doesn't start with a digit. * linux: do not attempt to join again already joined namespace. * wasmer: use latest wasix API. - Enable WasmEdge support to run Wasm compat containers. * linux: idmapped mounts expect the same configuration as mapping. It is a breaking change, but the behavior was aligned * cgroup: always delete the cgroup on errors. ? exec: fix double free when using --apparmor and Moderate SUSE bug 1217590 SUSE bug 1218894 SUSE bug 1237421 CVE-2024-21626 at SUSE CVE-2024-21626 at NVD CVE-2025-24965 at SUSE CVE-2025-24965 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Moderate) openSUSE Leap 15.6 This update for chromium fixes the following issues: Chromium 133.0.6943.141 (boo#1237699): This update includes 1 security fix. * Various fixes from internal audits, fuzzing and other initiatives - fix build with qt6 and enable qt6 also for 15.x Moderate SUSE bug 1237699 cpe:/o:opensuse:leap:15.6 Security update for trivy (Important) openSUSE Leap 15.6 This update for trivy fixes the following issues: Update to version 0.59.1: - CVE-2025-27144: Fixed Go JOSE's Parsing Vulnerable to Denial of Service (boo#1237618). Important SUSE bug 1237618 CVE-2025-27144 at SUSE CVE-2025-27144 at NVD cpe:/o:opensuse:leap:15.6 Security update for phpMyAdmin (Important) openSUSE Leap 15.6 This update for phpMyAdmin fixes the following issues: Update to version 5.2.2: - CVE-2025-24530: XSS in the 'Check Tables' feature (bsc#1236312). - CVE-2025-24529: XSS in the 'Insert' tab (bsc#1236311). - CVE-2024-2961: glibc/iconv: out-of-bounds writes when writing escape sequences (bsc#1222992). - CVE-2023-30536: slim/psr7: improper header validation (bsc#1238159). Important SUSE bug 1222992 SUSE bug 1236311 SUSE bug 1236312 SUSE bug 1238159 CVE-2023-30536 at SUSE CVE-2023-30536 at NVD CVE-2024-2961 at SUSE CVE-2024-2961 at NVD CVE-2025-24529 at SUSE CVE-2025-24529 at NVD CVE-2025-24530 at SUSE CVE-2025-24530 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 Chromium was updated to 134.0.6998.35 (stable release 2025-03-04) (boo#1238575): * CVE-2025-1914: Out of bounds read in V8 * CVE-2025-1915: Improper Limitation of a Pathname to a Restricted Directory in DevTools * CVE-2025-1916: Use after free in Profiles * CVE-2025-1917: Inappropriate Implementation in Browser UI * CVE-2025-1918: Out of bounds read in PDFium * CVE-2025-1919: Out of bounds read in Media * CVE-2025-1921: Inappropriate Implementation in Media Stream * CVE-2025-1922: Inappropriate Implementation in Selection * CVE-2025-1923: Inappropriate Implementation in Permission Prompts Important SUSE bug 1238575 CVE-2025-1914 at SUSE CVE-2025-1914 at NVD CVE-2025-1915 at SUSE CVE-2025-1915 at NVD CVE-2025-1916 at SUSE CVE-2025-1916 at NVD CVE-2025-1917 at SUSE CVE-2025-1917 at NVD CVE-2025-1918 at SUSE CVE-2025-1918 at NVD CVE-2025-1919 at SUSE CVE-2025-1919 at NVD CVE-2025-1921 at SUSE CVE-2025-1921 at NVD CVE-2025-1922 at SUSE CVE-2025-1922 at NVD CVE-2025-1923 at SUSE CVE-2025-1923 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: Chromium 134.0.6998.88 (stable released 2025-03-11) (boo#1239216) * CVE-2025-1920: Type Confusion in V8 * CVE-2025-2135: Type Confusion in V8 * CVE-2025-2136: Use after free in Inspector * CVE-2025-2137: Out of bounds read in V8 Important SUSE bug 1239216 CVE-2025-1920 at SUSE CVE-2025-1920 at NVD CVE-2025-2135 at SUSE CVE-2025-2135 at NVD CVE-2025-2136 at SUSE CVE-2025-2136 at NVD CVE-2025-2137 at SUSE CVE-2025-2137 at NVD cpe:/o:opensuse:leap:15.6 Security update for ark (Important) openSUSE Leap 15.6 This update for ark fixes the following issues: - CVE-2024-57966: Disable extraction to absolute path from an archive (boo#1236737) Important SUSE bug 1236737 CVE-2024-57966 at SUSE CVE-2024-57966 at NVD cpe:/o:opensuse:leap:15.6 Security update for restic (Moderate) openSUSE Leap 15.6 This update for restic fixes the following issues: - Fixed CVE-2025-22868: golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2 (boo#1239264) - Update to version 0.17.3 - Fix #4971: Fix unusable mount on macOS Sonoma - Fix #5003: Fix metadata errors during backup of removable disks on Windows - Fix #5101: Do not retry load/list operation if SFTP connection is broken - Fix #5107: Fix metadata error on Windows for backups using VSS - Enh #5096: Allow prune --dry-run without lock - Update to version 0.17.2 - Fix #4004: Support container-level SAS/SAT tokens for Azure backend - Fix #5047: Resolve potential error during concurrent cache cleanup - Fix #5050: Return error if tag fails to lock repository - Fix #5057: Exclude irregular files from backups - Fix #5063: Correctly backup extended metadata when using VSS on Windows - Update to version 0.17.1 - Fix #2004: Correctly handle volume names in backup command on Windows - Fix #4945: Include missing backup error text with --json - Fix #4953: Correctly handle long paths on older Windows versions - Fix #4957: Fix delayed cancellation of certain commands - Fix #4958: Don't ignore metadata-setting errors during restore - Fix #4969: Correctly restore timestamp for files with resource forks on macOS - Fix #4975: Prevent backup --stdin-from-command from panicking - Fix #4980: Skip extended attribute processing on unsupported Windows volumes - Fix #5004: Fix spurious 'A Required Privilege Is Not Held by the Client' error - Fix #5005: Fix rare failures to retry locking a repository - Fix #5018: Improve HTTP/2 support for REST backend - Chg #4953: Also back up files with incomplete metadata - Enh #4795: Display progress bar for restore --verify - Enh #4934: Automatically clear removed snapshots from cache - Enh #4944: Print JSON-formatted errors during restore --json - Enh #4959: Return exit code 12 for 'bad password' errors - Enh #4970: Make timeout for stuck requests customizable - Update to version 0.17.0 - Fix #3600: Handle unreadable xattrs in folders above backup source - Fix #4209: Fix slow SFTP upload performance - Fix #4503: Correct hardlink handling in stats command - Fix #4568: Prevent forget --keep-tags <invalid> from deleting all snapshots - Fix #4615: Make find not sometimes ignore directories - Fix #4656: Properly report ID of newly added keys - Fix #4703: Shutdown cleanly when receiving SIGTERM - Fix #4709: Correct --no-lock handling of ls and tag commands - Fix #4760: Fix possible error on concurrent cache cleanup - Fix #4850: Handle UTF-16 password files in key command correctly - Fix #4902: Update snapshot summary on rewrite - Chg #956: Return exit code 10 and 11 for non-existing and locked repository - Chg #4540: Require at least ARMv6 for ARM binaries - Chg #4602: Deprecate legacy index format and s3legacy repository layout - Chg #4627: Redesign backend error handling to improve reliability - Chg #4707: Disable S3 anonymous authentication by default - Chg #4744: Include full key ID in JSON output of key list - Enh #662: Optionally skip snapshot creation if nothing changed - Enh #693: Include snapshot size in snapshots output - Enh #805: Add bitrot detection to diff command - Enh #828: Improve features of the repair packs command - Enh #1786: Support repositories with empty password - Enh #2348: Add --delete option to restore command - Enh #3067: Add extended options to configure Windows Shadow Copy Service - Enh #3406: Improve dump performance for large files - Enh #3806: Optimize and make prune command resumable - Enh #4006: (alpha) Store deviceID only for hardlinks - Enh #4048: Add support for FUSE-T with mount on macOS - Enh #4251: Support reading backup from a command's standard output - Enh #4287: Support connection to rest-server using unix socket - Enh #4354: Significantly reduce prune memory usage - Enh #4437: Make check command create non-existent cache directory - Enh #4472: Support AWS Assume Role for S3 backend - Enh #4547: Add --json option to version command - Enh #4549: Add --ncdu option to ls command - Enh #4573: Support rewriting host and time metadata in snapshots - Enh #4583: Ignore s3.storage-class archive tiers for metadata - Enh #4590: Speed up mount command's error detection - Enh #4601: Add support for feature flags - Enh #4611: Back up more file metadata on Windows - Enh #4664: Make ls use message_type field in JSON output - Enh #4676: Make key command's actions separate sub-commands - Enh #4678: Add --target option to the dump command - Enh #4708: Back up and restore SecurityDescriptors on Windows - Enh #4733: Allow specifying --host via environment variable - Enh #4737: Include snapshot ID in reason field of forget JSON output - Enh #4764: Support forgetting all snapshots - Enh #4768: Allow specifying custom User-Agent for outgoing requests - Enh #4781: Add restore options to read include/exclude patterns from files - Enh #4807: Support Extended Attributes on Windows NTFS - Enh #4817: Make overwrite behavior of restore customizable - Enh #4839: Add dry-run support to restore command for all the details see https://github.com/restic/restic/releases/tag/v0.17.0 or /usr/share/doc/packages/restic/CHANGELOG.md - Update to version 0.16.5 - Enh #4799: Add option to force use of Azure CLI credential - Enh #4873: Update dependencies - Update to version 0.16.4 This release works around and improves detection of a bug in the compression library used by restic. The resulting issue only happens when using restic 0.16.3 and the max compression level (the default auto and off compression levels are not affected), and when the source files being backed up have specific data in them to trigger the bug. If you use max compression, you can use restic check --read-data to make sure you're not affected. - Update to version 0.16.3 - Fix #4560: Improve errors for irregular files on Windows - Fix #4574: Support backup of deduplicated files on Windows again - Fix #4612: Improve error handling for rclone backend - Fix #4624: Correct restore progress information if an error occurs - Fix #4626: Improve reliability of restoring large files - Update to version 0.16.2 - Fix #4540: Restore ARMv5 support for ARM binaries - Fix #4545: Repair documentation build on Read the Docs - Update to version 0.16.1 A very long list of improvements for all the details see https://github.com/restic/restic/releases/tag/v0.16.1 It contains an important bug fix which prevents data corruption when compression is set to max. Moderate SUSE bug 1239264 CVE-2025-22868 at SUSE CVE-2025-22868 at NVD cpe:/o:opensuse:leap:15.6 Security update for gitea-tea (Moderate) openSUSE Leap 15.6 This update for gitea-tea fixes the following issues: - gitea-te: update newer dependencies to fix security issues (boo#1235367 boo#1239493 boo#1234598) Moderate SUSE bug 1234598 SUSE bug 1235367 SUSE bug 1239493 CVE-2024-45337 at SUSE CVE-2024-45337 at NVD CVE-2024-45338 at SUSE CVE-2024-45338 at NVD CVE-2025-22869 at SUSE CVE-2025-22869 at NVD cpe:/o:opensuse:leap:15.6 Security update for dcmtk (Moderate) openSUSE Leap 15.6 This update for dcmtk fixes the following issues: - CVE-2025-2357: Fixed segmentation fault in the JPEG-LS decoder (boo#1239679). Moderate SUSE bug 1239679 CVE-2025-2357 at SUSE CVE-2025-2357 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issue: Chromium 134.0.6998.117 (stable released 2025-03-20) (boo#1239819) * CVE-2025-2476: Use after free in Lens Important SUSE bug 1239819 CVE-2025-2476 at SUSE CVE-2025-2476 at NVD cpe:/o:opensuse:leap:15.6 Security update for wget2 (Important) openSUSE Leap 15.6 This update for wget2 fixes the following issues: - Update to release 2.2.1 * Fix file overwrite issue with metalink [CVE-2025-69194 bsc#1255728] * Fix remote buffer overflow in get_local_filename_real() [CVE-2025-69195 bsc#1255729] * Fix a redirect/mirror regression from 400713ca * Use the local system timestamp when requested via --no-use-server-timestamps * Prevent file truncation with --no-clobber * Improve messages about why URLs are not being followed * Fix metalink with -O/--output-document * Fix sorting of metalink mirrors by priority * Add --show-progress to improve backwards compatibility to wget * Fix buffer overflow in wget_iri_clone() after wget_iri_set_scheme() * Allow 'no_' prefix in config options * Use libnghttp2 for HTTP/2 testing * Set exit status to 8 on 403 response code * Fix convert-links * Fix --server-response for HTTP/1.1 - Update to release 2.2.0 * Don't truncate file when -c and -O are combined * Don't log URI userinfo to logs * Fix downloading multiple files via HTTP/2 * Support connecting with HTTP/1.0 proxies * Ignore 1xx HTTP responses for HTTP/1.1 * Disable TCP Fast Open by default * Fix segfault when OCSP response is missing * Add libproxy support Important SUSE bug 1255728 SUSE bug 1255729 CVE-2025-69194 at SUSE CVE-2025-69194 at NVD CVE-2025-69195 at SUSE CVE-2025-69195 at NVD cpe:/o:opensuse:leap:15.6 Security update for v2ray-core (Important) openSUSE Leap 15.6 This update for v2ray-core fixes the following issues: - Update version to 5.47.0 * Add sticky choice option for leastping * Add support for enrollment links in tlsmirror * Add Wireguard Outbound (unreleased) * Add sticky choice option for leastping * Generalize IP address parsing in TUN stack options * Fix bugs - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo-header (boo#1260329) - Update version to 5.44.1 * uTLS: bundled library updated to v1.8.2 for Chrome120 imitation profile identification * Update golang toolchain to v1.25.6, which fixed an vulnerable (tls.Config).Clone function * Fix bugs - Update version to 5.42.0 * Add TLSMirror bootstrap enrollment and self enrollment feature * TLSMirror Inverse Role Request Tripper Enrollment Server Support - CVE-2025-47911: v2ray-core: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents (boo#1251404) * Update golang.org/x/net to 0.45.0 in vendor - Update version to 5.38.0 * TLSMirror Connection Enrollment System * Add TLSMirror Sequence Watermarking * LSMirror developer preview protocol is now a part of mainline V2Ray * proxy dns with NOTIMP error * Add TLSMirror looks like TLS censorship resistant transport protocol as a developer preview transport * proxy dns with NOTIMP error * fix false success from SOCKS server when Dispatch() fails * HTTP inbound: Directly forward plain HTTP 1xx response header * add a option to override domain used to query https record * Fix bugs * Update vendor Important SUSE bug 1251404 SUSE bug 1260329 CVE-2025-47911 at SUSE CVE-2025-47911 at NVD CVE-2026-33186 at SUSE CVE-2026-33186 at NVD cpe:/o:opensuse:leap:15.6 Security update for glusterfs (Important) openSUSE Leap 15.6 This update for glusterfs fixes the following issues: - Update to release 11.2 * Next minor release tentative date: Release will be based on requirement only * Users are highly encouraged to upgrade to newer releases of GlusterFS. * Important fixes in this release - Regression suite tests failures are addressed - Fixed notify stack-based buffer over-read (boo#1208519, CVE-2023-26253) - Update to release 11.1 * Fix upgrade issue by reverting posix change related to storage.reserve value * Fix possible data loss during rebalance if there is any linkfile on the system - Disable IO_uring for now [boo#1210894] - Update to release 11 [boo#1208517] [boo#1208519] * Major performance impovement of ~36% with rmdir operations * Extension of ZFS support for snapshots * Qouta implimentation based on namespace * Major cleanups and readdir/readdirp improvements * Fixed use-after-free in dht_setxattr_mds_cbk (CVE-2022-48340) - Update to release 10.2 * Some 165 bugfixes with none particularly sticking out Important SUSE bug 1208517 SUSE bug 1208519 SUSE bug 1210894 SUSE bug 1212476 CVE-2022-48340 at SUSE CVE-2022-48340 at NVD CVE-2023-26253 at SUSE CVE-2023-26253 at NVD cpe:/o:opensuse:leap:15.6 Security update for libjxl (Moderate) openSUSE Leap 15.6 This update for libjxl fixes the following issues: - Update to release 0.8.5 (boo#1258090): * fix tile dimension in low memory rendering pipeline [CVE-2025-12474]. Moderate SUSE bug 1258090 CVE-2025-12474 at SUSE CVE-2025-12474 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: Chromium 146.0.7680.177 (boo#1261249): * CVE-2026-5273: Use after free in CSS * CVE-2026-5272: Heap buffer overflow in GPU * CVE-2026-5274: Integer overflow in Codecs * CVE-2026-5275: Heap buffer overflow in ANGLE * CVE-2026-5276: Insufficient policy enforcement in WebUSB * CVE-2026-5277: Integer overflow in ANGLE * CVE-2026-5278: Use after free in Web MIDI * CVE-2026-5279: Object corruption in V8 * CVE-2026-5280: Use after free in WebCodecs * CVE-2026-5281: Use after free in Dawn * CVE-2026-5282: Out of bounds read in WebCodecs * CVE-2026-5283: Inappropriate implementation in ANGLE * CVE-2026-5284: Use after free in Dawn * CVE-2026-5285: Use after free in WebGL * CVE-2026-5286: Use after free in Dawn * CVE-2026-5287: Use after free in PDF * CVE-2026-5288: Use after free in WebView * CVE-2026-5289: Use after free in Navigation * CVE-2026-5290: Use after free in Compositing * CVE-2026-5291: Inappropriate implementation in WebGL * CVE-2026-5292: Out of bounds read in WebCodecs Important SUSE bug 1261249 CVE-2026-5272 at SUSE CVE-2026-5272 at NVD CVE-2026-5273 at SUSE CVE-2026-5273 at NVD CVE-2026-5274 at SUSE CVE-2026-5274 at NVD CVE-2026-5275 at SUSE CVE-2026-5275 at NVD CVE-2026-5276 at SUSE CVE-2026-5276 at NVD CVE-2026-5277 at SUSE CVE-2026-5277 at NVD CVE-2026-5278 at SUSE CVE-2026-5278 at NVD CVE-2026-5279 at SUSE CVE-2026-5279 at NVD CVE-2026-5280 at SUSE CVE-2026-5280 at NVD CVE-2026-5281 at SUSE CVE-2026-5281 at NVD CVE-2026-5282 at SUSE CVE-2026-5282 at NVD CVE-2026-5283 at SUSE CVE-2026-5283 at NVD CVE-2026-5284 at SUSE CVE-2026-5284 at NVD CVE-2026-5285 at SUSE CVE-2026-5285 at NVD CVE-2026-5286 at SUSE CVE-2026-5286 at NVD CVE-2026-5287 at SUSE CVE-2026-5287 at NVD CVE-2026-5288 at SUSE CVE-2026-5288 at NVD CVE-2026-5289 at SUSE CVE-2026-5289 at NVD CVE-2026-5290 at SUSE CVE-2026-5290 at NVD CVE-2026-5291 at SUSE CVE-2026-5291 at NVD CVE-2026-5292 at SUSE CVE-2026-5292 at NVD cpe:/o:opensuse:leap:15.6 Security update for osslsigncode (Critical) openSUSE Leap 15.6 This update for osslsigncode fixes the following issues: - Update to 2.13 (boo#1260680, CVE-2025-70888): * fixed integer overflows when processing APPX compressed data streams * fixed double-free vulnerabilities in APPX file processing * fixed multiple memory corruption issues in PE page hash computation - Changes from 2.12: * fixed a buffer overflow while extracting message digests - Changes from 2.11: * added keyUsage validation for signer certificate * added printing CRL details during signature verification * implemented a workaround for CRL servers returning the HTTP Content-Type header other than application/pkix-crl * fixed HTTP keep-alive handling * fixed macOS compiler and linker flags * fixed undefined BIO_get_fp() behavior with BIO_FLAGS_UPLINK_INTERNAL - update to 2.10: * added JavaScript signing * added PKCS#11 provider support (requires OpenSSL 3.0+) * added support for providers without specifying '-pkcs11module' option * (OpenSSL 3.0+, e.g., for the upcoming CNG provider) * added compatibility with the CNG engine version 1.1 or later * added the '-engineCtrl' option to control hardware and CNG engines * added the '-blobFile' option to specify a file containing the blob content * improved unauthenticated blob support (thanks to Asger Hautop Drewsen) * improved UTF-8 handling for certificate subjects and issuers * fixed support for multiple signerInfo contentType OIDs (CTL and Authenticode) * fixed tests for python-cryptography >= 43.0.0 - update to version 2.9: * added a 64 bit long pseudo-random NONCE in the TSA request * missing NID_pkcs9_signingTime is no longer an error * added support for PEM-encoded CRLs * fixed the APPX central directory sorting order * added a special '-' file name to read the passphrase from stdin * used native HTTP client with OpenSSL 3.x, removing libcurl dependency * added '-login' option to force a login to PKCS11 engines * added the '-ignore-crl' option to disable fetching and verifying CRL Distribution Points * changed error output to stderr instead of stdout * various testing framework improvements * various memory corruption fixes - update to version 2.8: * Microsoft PowerShell signing sponsored by Cisco Systems, Inc. * fixed setting unauthenticated attributes (Countersignature, Unauthenticated * Data Blob) in a nested signature * added the '-index' option to verify a specific signature or modify its unauthenticated attributes * added CAT file verification * added listing the contents of a CAT file with the '-verbose' option * added the new 'extract-data' command to extract a PKCS#7 data content to be signed with 'sign' and attached with 'attach-signature' * added PKCS9_SEQUENCE_NUMBER authenticated attribute support * added the '-ignore-cdp' option to disable CRL Distribution Points (CDP) online verification * unsuccessful CRL retrieval and verification changed into a critical error the '-p' option modified to also use to configured proxy to connect CRL Distribution Points * added implicit allowlisting of the Microsoft Root Authority serial number 00C1008B3C3C8811D13EF663ECDF40 * added listing of certificate chain retrieved from the signature in case of verification failure - update to 2.7.0 * fixed signing CAB files (by Michael Brown) * fixed handling of unsupported commands (by Maxim Bagryantsev) * fixed writing DIFAT sectors * added APPX support (by Maciej Panek and Małgorzata Olsz?wka) * added a built-in TSA response generation (-TSA-certs, -TSA-key and -TSA-time options) * added verification of CRLs specified in the signing certificate * added MSI DIFAT sectors support (by Max Bagryantsev) * added the '-h' option to set the cryptographic hash function for the 'attach -signature' and 'add' commands * set the default hash function to 'sha256' * added the 'attach-signature' option to compute and compare the leaf certificate hash for the 'add' command * renamed the '-st' option '-time' * updated the '-time' option to also set explicit verification time * added the '-ignore-timestamp' option * removed the '-timestamp-expiration' option * numerous bugfixes * documentation updates Critical SUSE bug 1260680 CVE-2025-70888 at SUSE CVE-2025-70888 at NVD cpe:/o:opensuse:leap:15.6 Security update for keybase-client (Important) openSUSE Leap 15.6 This update for keybase-client fixes the following issues: - CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read (boo#1254023) - CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (boo#1253563) - CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption (boo#1253864) Important SUSE bug 1253563 SUSE bug 1253864 SUSE bug 1254023 CVE-2025-47913 at SUSE CVE-2025-47913 at NVD CVE-2025-47914 at SUSE CVE-2025-47914 at NVD CVE-2025-58181 at SUSE CVE-2025-58181 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Flask-HTTPAuth (Moderate) openSUSE Leap 15.6 This update for python-Flask-HTTPAuth fixes the following issues: - CVE-2026-34531: Do not accept empty tokens (boo#1261355) Moderate SUSE bug 1261355 CVE-2026-34531 at SUSE CVE-2026-34531 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: Chromium 147.0.7727.55 (boo#1261758): * CVE-2026-5858: Heap buffer overflow in WebML * CVE-2026-5859: Integer overflow in WebML * CVE-2026-5860: Use after free in WebRTC * CVE-2026-5861: Use after free in V8 * CVE-2026-5862: Inappropriate implementation in V8 * CVE-2026-5863: Inappropriate implementation in V8 * CVE-2026-5864: Heap buffer overflow in WebAudio * CVE-2026-5865: Type Confusion in V8 * CVE-2026-5866: Use after free in Media * CVE-2026-5867: Heap buffer overflow in WebML * CVE-2026-5868: Heap buffer overflow in ANGLE * CVE-2026-5869: Heap buffer overflow in WebML * CVE-2026-5870: Integer overflow in Skia * CVE-2026-5871: Type Confusion in V8 * CVE-2026-5872: Use after free in Blink * CVE-2026-5873: Out of bounds read and write in V8 * CVE-2026-5874: Use after free in PrivateAI * CVE-2026-5875: Policy bypass in Blink * CVE-2026-5876: Side-channel information leakage in Navigation * CVE-2026-5877: Use after free in Navigation * CVE-2026-5878: Incorrect security UI in Blink * CVE-2026-5879: Insufficient validation of untrusted input in ANGLE * CVE-2026-5880: Incorrect security UI in browser UI * CVE-2026-5881: Policy bypass in LocalNetworkAccess * CVE-2026-5882: Incorrect security UI in Fullscreen * CVE-2026-5883: Use after free in Media * CVE-2026-5884: Insufficient validation of untrusted input in Media * CVE-2026-5885: Insufficient validation of untrusted input in WebML * CVE-2026-5886: Out of bounds read in WebAudio * CVE-2026-5887: Insufficient validation of untrusted input in Downloads * CVE-2026-5888: Uninitialized Use in WebCodecs * CVE-2026-5889: Cryptographic Flaw in PDFium * CVE-2026-5890: Race in WebCodecs * CVE-2026-5891: Insufficient policy enforcement in browser UI * CVE-2026-5892: Insufficient policy enforcement in PWAs * CVE-2026-5893: Race in V8 * CVE-2026-5894: Inappropriate implementation in PDF * CVE-2026-5895: Incorrect security UI in Omnibox * CVE-2026-5896: Policy bypass in Audio * CVE-2026-5897: Incorrect security UI in Downloads * CVE-2026-5898: Incorrect security UI in Omnibox * CVE-2026-5899: Incorrect security UI in History Navigation * CVE-2026-5900: Policy bypass in Downloads * CVE-2026-5901: Policy bypass in DevTools * CVE-2026-5902: Race in Media * CVE-2026-5903: Policy bypass in IFrameSandbox * CVE-2026-5904: Use after free in V8 * CVE-2026-5905: Incorrect security UI in Permissions * CVE-2026-5906: Incorrect security UI in Omnibox * CVE-2026-5907: Insufficient data validation in Media * CVE-2026-5908: Integer overflow in Media * CVE-2026-5909: Integer overflow in Media * CVE-2026-5910: Integer overflow in Media * CVE-2026-5911: Policy bypass in ServiceWorkers * CVE-2026-5912: Integer overflow in WebRTC * CVE-2026-5913: Out of bounds read in Blink * CVE-2026-5914: Type Confusion in CSS * CVE-2026-5915: Insufficient validation of untrusted input in WebML * CVE-2026-5918: Inappropriate implementation in Navigation * CVE-2026-5919: Insufficient validation of untrusted input in WebSockets * enforce a num,ber of new Local Area Network (LAN) restrictions * New Web Printing API * vertical tabs support (trial) - new in 147 (for developers): * Element-scoped view transitions exposes startViewTransition on arbitrary HTML elements. * CSS contrast-color() helps meet accessibility requirements * The CSS border-shape property lets you create non-rectangular borders * CVE-2025-4096: Heap buffer overflow in HTML * CVE-2025-4050: Out of bounds memory access in DevTools * CVE-2025-4051: Insufficient data validation in DevTools * CVE-2025-4052: Inappropriate implementation in DevTools * CVE-2024-7000: Use after free in CSS * CVE-2024-3834: Use after free in Downloads * CVE-2020-6465: Use after free in reader mode * CVE-2020-6466: Use after free in media * CVE-2020-6467: Use after free in WebRTC * CVE-2020-6468: Type Confusion in V8 * CVE-2020-6469: Insufficient policy enforcement in developer tools * CVE-2020-6470: Insufficient validation of untrusted input in clipboard * CVE-2020-6471: Insufficient policy enforcement in developer tools * CVE-2020-6472: Insufficient policy enforcement in developer tools * CVE-2020-6473: Insufficient policy enforcement in Blink * CVE-2020-6474: Use after free in Blink * CVE-2020-6475: Incorrect security UI in full screen * CVE-2020-6476: Insufficient policy enforcement in tab strip * CVE-2020-6477: Inappropriate implementation in installer * CVE-2020-6478: Inappropriate implementation in full screen * CVE-2020-6479: Inappropriate implementation in sharing * CVE-2020-6480: Insufficient policy enforcement in enterprise * CVE-2020-6481: Insufficient policy enforcement in URL formatting * CVE-2020-6482: Insufficient policy enforcement in developer tools * CVE-2020-6483: Insufficient policy enforcement in payments * CVE-2020-6484: Insufficient data validation in ChromeDriver * CVE-2020-6485: Insufficient data validation in media router * CVE-2020-6486: Insufficient policy enforcement in navigations * CVE-2020-6487: Insufficient policy enforcement in downloads * CVE-2020-6488: Insufficient policy enforcement in downloads * CVE-2020-6489: Inappropriate implementation in developer tools * CVE-2020-6490: Insufficient data validation in loader * CVE-2020-6491: Incorrect security UI in site information * CVE-2019-5754: Inappropriate implementation in QUIC Networking * CVE-2019-5782: Inappropriate implementation in V8 * CVE-2019-5755: Inappropriate implementation in V8 * CVE-2019-5756: Use after free in PDFium * CVE-2019-5757: Type Confusion in SVG * CVE-2019-5758: Use after free in Blink * CVE-2019-5759: Use after free in HTML select elements * CVE-2019-5760: Use after free in WebRTC * CVE-2019-5761: Use after free in SwiftShader * CVE-2019-5762: Use after free in PDFium * CVE-2019-5763: Insufficient validation of untrusted input in V8 * CVE-2019-5764: Use after free in WebRTC * CVE-2019-5765: Insufficient policy enforcement in the browser * CVE-2019-5766: Insufficient policy enforcement in Canvas * CVE-2019-5767: Incorrect security UI in WebAPKs * CVE-2019-5768: Insufficient policy enforcement in DevTools * CVE-2019-5769: Insufficient validation of untrusted input in Blink * CVE-2019-5770: Heap buffer overflow in WebGL * CVE-2019-5771: Heap buffer overflow in SwiftShader * CVE-2019-5772: Use after free in PDFium * CVE-2019-5773: Insufficient data validation in IndexedDB * CVE-2019-5774: Insufficient validation of untrusted input in SafeBrowsing * CVE-2019-5775: Insufficient policy enforcement in Omnibox * CVE-2019-5776: Insufficient policy enforcement in Omnibox * CVE-2019-5777: Insufficient policy enforcement in Omnibox * CVE-2019-5778: Insufficient policy enforcement in Extensions * CVE-2019-5779: Insufficient policy enforcement in ServiceWorker * CVE-2019-5780: Insufficient policy enforcement * CVE-2019-5781: Insufficient policy enforcement in Omnibox * High CVE-2018-6031: Use after free in PDFium * High CVE-2018-6032: Same origin bypass in Shared Worker * High CVE-2018-6033: Race when opening downloaded files * Medium CVE-2018-6034: Integer overflow in Blink * Medium CVE-2018-6035: Insufficient isolation of devtools from extensions * Medium CVE-2018-6036: Integer underflow in WebAssembly * Medium CVE-2018-6037: Insufficient user gesture requirements in autofill * Medium CVE-2018-6038: Heap buffer overflow in WebGL * Medium CVE-2018-6039: XSS in DevTools * Medium CVE-2018-6040: Content security policy bypass * Medium CVE-2018-6041: URL spoof in Navigation * Medium CVE-2018-6042: URL spoof in OmniBox * Medium CVE-2018-6043: Insufficient escaping with external URL handlers * Medium CVE-2018-6045: Insufficient isolation of devtools from extensions * Medium CVE-2018-6046: Insufficient isolation of devtools from extensions * Medium CVE-2018-6047: Cross origin URL leak in WebGL * Low CVE-2018-6048: Referrer policy bypass in Blink * Low CVE-2017-15420: URL spoofing in Omnibox * Low CVE-2018-6049: UI spoof in Permissions * Low CVE-2018-6050: URL spoof in OmniBox * Low CVE-2018-6051: Referrer leak in XSS Auditor * Low CVE-2018-6052: Incomplete no-referrer policy implementation * Low CVE-2018-6053: Leak of page thumbnails in New Tab Page * Low CVE-2018-6054: Use after free in WebUI * CVE-2017-5070: Type confusion in V8 * CVE-2017-5071: Out of bounds read in V8 * CVE-2017-5072: Address spoofing in Omnibox * CVE-2017-5073: Use after free in print preview * CVE-2017-5074: Use after free in Apps Bluetooth * CVE-2017-5075: Information leak in CSP reporting * CVE-2017-5086: Address spoofing in Omnibox * CVE-2017-5076: Address spoofing in Omnibox * CVE-2017-5077: Heap buffer overflow in Skia * CVE-2017-5078: Possible command injection in mailto handling * CVE-2017-5079: UI spoofing in Blink * CVE-2017-5080: Use after free in credit card autofill * CVE-2017-5081: Extension verification bypass * CVE-2017-5082: Insufficient hardening in credit card editor * CVE-2017-5083: UI spoofing in Blink * CVE-2017-5085: Inappropriate javascript execution on WebUI pages - CVE-2016-1663: Use-after-free in Blink's V8 bindings * CVE-2013-6643: Unprompted sync with an attacker's * Use Google's online spellchecker to identify misspelled words Important SUSE bug 1261758 CVE-2013-6643 at SUSE CVE-2013-6643 at NVD CVE-2016-1663 at SUSE CVE-2016-1663 at NVD CVE-2017-15420 at SUSE CVE-2017-15420 at NVD CVE-2017-5070 at SUSE CVE-2017-5070 at NVD CVE-2017-5071 at SUSE CVE-2017-5071 at NVD CVE-2017-5072 at SUSE CVE-2017-5072 at NVD CVE-2017-5073 at SUSE CVE-2017-5073 at NVD CVE-2017-5074 at SUSE CVE-2017-5074 at NVD CVE-2017-5075 at SUSE CVE-2017-5075 at NVD CVE-2017-5076 at SUSE CVE-2017-5076 at NVD CVE-2017-5077 at SUSE CVE-2017-5077 at NVD CVE-2017-5078 at SUSE CVE-2017-5078 at NVD CVE-2017-5079 at SUSE CVE-2017-5079 at NVD CVE-2017-5080 at SUSE CVE-2017-5080 at NVD CVE-2017-5081 at SUSE CVE-2017-5081 at NVD CVE-2017-5082 at SUSE CVE-2017-5082 at NVD CVE-2017-5083 at SUSE CVE-2017-5083 at NVD CVE-2017-5085 at SUSE CVE-2017-5085 at NVD CVE-2017-5086 at SUSE CVE-2017-5086 at NVD CVE-2018-6031 at SUSE CVE-2018-6031 at NVD CVE-2018-6032 at SUSE CVE-2018-6032 at NVD CVE-2018-6033 at SUSE CVE-2018-6033 at NVD CVE-2018-6034 at SUSE CVE-2018-6034 at NVD CVE-2018-6035 at SUSE CVE-2018-6035 at NVD CVE-2018-6036 at SUSE CVE-2018-6036 at NVD CVE-2018-6037 at SUSE CVE-2018-6037 at NVD CVE-2018-6038 at SUSE CVE-2018-6038 at NVD CVE-2018-6039 at SUSE CVE-2018-6039 at NVD CVE-2018-6040 at SUSE CVE-2018-6040 at NVD CVE-2018-6041 at SUSE CVE-2018-6041 at NVD CVE-2018-6042 at SUSE CVE-2018-6042 at NVD CVE-2018-6043 at SUSE CVE-2018-6043 at NVD CVE-2018-6045 at SUSE CVE-2018-6045 at NVD CVE-2018-6046 at SUSE CVE-2018-6046 at NVD CVE-2018-6047 at SUSE CVE-2018-6047 at NVD CVE-2018-6048 at SUSE CVE-2018-6048 at NVD CVE-2018-6049 at SUSE CVE-2018-6049 at NVD CVE-2018-6050 at SUSE CVE-2018-6050 at NVD CVE-2018-6051 at SUSE CVE-2018-6051 at NVD CVE-2018-6052 at SUSE CVE-2018-6052 at NVD CVE-2018-6053 at SUSE CVE-2018-6053 at NVD CVE-2018-6054 at SUSE CVE-2018-6054 at NVD CVE-2019-5754 at SUSE CVE-2019-5754 at NVD CVE-2019-5755 at SUSE CVE-2019-5755 at NVD CVE-2019-5756 at SUSE CVE-2019-5756 at NVD CVE-2019-5757 at SUSE CVE-2019-5757 at NVD CVE-2019-5758 at SUSE CVE-2019-5758 at NVD CVE-2019-5759 at SUSE CVE-2019-5759 at NVD CVE-2019-5760 at SUSE CVE-2019-5760 at NVD CVE-2019-5761 at SUSE CVE-2019-5761 at NVD CVE-2019-5762 at SUSE CVE-2019-5762 at NVD CVE-2019-5763 at SUSE CVE-2019-5763 at NVD CVE-2019-5764 at SUSE CVE-2019-5764 at NVD CVE-2019-5765 at SUSE CVE-2019-5765 at NVD CVE-2019-5766 at SUSE CVE-2019-5766 at NVD CVE-2019-5767 at SUSE CVE-2019-5767 at NVD CVE-2019-5768 at SUSE CVE-2019-5768 at NVD CVE-2019-5769 at SUSE CVE-2019-5769 at NVD CVE-2019-5770 at SUSE CVE-2019-5770 at NVD CVE-2019-5771 at SUSE CVE-2019-5771 at NVD CVE-2019-5772 at SUSE CVE-2019-5772 at NVD CVE-2019-5773 at SUSE CVE-2019-5773 at NVD CVE-2019-5774 at SUSE CVE-2019-5774 at NVD CVE-2019-5775 at SUSE CVE-2019-5775 at NVD CVE-2019-5776 at SUSE CVE-2019-5776 at NVD CVE-2019-5777 at SUSE CVE-2019-5777 at NVD CVE-2019-5778 at SUSE CVE-2019-5778 at NVD CVE-2019-5779 at SUSE CVE-2019-5779 at NVD CVE-2019-5780 at SUSE CVE-2019-5780 at NVD CVE-2019-5781 at SUSE CVE-2019-5781 at NVD CVE-2019-5782 at SUSE CVE-2019-5782 at NVD CVE-2020-6465 at SUSE CVE-2020-6465 at NVD CVE-2020-6466 at SUSE CVE-2020-6466 at NVD CVE-2020-6467 at SUSE CVE-2020-6467 at NVD CVE-2020-6468 at SUSE CVE-2020-6468 at NVD CVE-2020-6469 at SUSE CVE-2020-6469 at NVD CVE-2020-6470 at SUSE CVE-2020-6470 at NVD CVE-2020-6471 at SUSE CVE-2020-6471 at NVD CVE-2020-6472 at SUSE CVE-2020-6472 at NVD CVE-2020-6473 at SUSE CVE-2020-6473 at NVD CVE-2020-6474 at SUSE CVE-2020-6474 at NVD CVE-2020-6475 at SUSE CVE-2020-6475 at NVD CVE-2020-6476 at SUSE CVE-2020-6476 at NVD CVE-2020-6477 at SUSE CVE-2020-6477 at NVD CVE-2020-6478 at SUSE CVE-2020-6478 at NVD CVE-2020-6479 at SUSE CVE-2020-6479 at NVD CVE-2020-6480 at SUSE CVE-2020-6480 at NVD CVE-2020-6481 at SUSE CVE-2020-6481 at NVD CVE-2020-6482 at SUSE CVE-2020-6482 at NVD CVE-2020-6483 at SUSE CVE-2020-6483 at NVD CVE-2020-6484 at SUSE CVE-2020-6484 at NVD CVE-2020-6485 at SUSE CVE-2020-6485 at NVD CVE-2020-6486 at SUSE CVE-2020-6486 at NVD CVE-2020-6487 at SUSE CVE-2020-6487 at NVD CVE-2020-6488 at SUSE CVE-2020-6488 at NVD CVE-2020-6489 at SUSE CVE-2020-6489 at NVD CVE-2020-6490 at SUSE CVE-2020-6490 at NVD CVE-2020-6491 at SUSE CVE-2020-6491 at NVD CVE-2024-3834 at SUSE CVE-2024-3834 at NVD CVE-2024-7000 at SUSE CVE-2024-7000 at NVD CVE-2025-4050 at SUSE CVE-2025-4050 at NVD CVE-2025-4051 at SUSE CVE-2025-4051 at NVD CVE-2025-4052 at SUSE CVE-2025-4052 at NVD CVE-2025-4096 at SUSE CVE-2025-4096 at NVD CVE-2026-5858 at SUSE CVE-2026-5858 at NVD CVE-2026-5859 at SUSE CVE-2026-5859 at NVD CVE-2026-5860 at SUSE CVE-2026-5860 at NVD CVE-2026-5861 at SUSE CVE-2026-5861 at NVD CVE-2026-5862 at SUSE CVE-2026-5862 at NVD CVE-2026-5863 at SUSE CVE-2026-5863 at NVD CVE-2026-5864 at SUSE CVE-2026-5864 at NVD CVE-2026-5865 at SUSE CVE-2026-5865 at NVD CVE-2026-5866 at SUSE CVE-2026-5866 at NVD CVE-2026-5867 at SUSE CVE-2026-5867 at NVD CVE-2026-5868 at SUSE CVE-2026-5868 at NVD CVE-2026-5869 at SUSE CVE-2026-5869 at NVD CVE-2026-5870 at SUSE CVE-2026-5870 at NVD CVE-2026-5871 at SUSE CVE-2026-5871 at NVD CVE-2026-5872 at SUSE CVE-2026-5872 at NVD CVE-2026-5873 at SUSE CVE-2026-5873 at NVD CVE-2026-5874 at SUSE CVE-2026-5874 at NVD CVE-2026-5875 at SUSE CVE-2026-5875 at NVD CVE-2026-5876 at SUSE CVE-2026-5876 at NVD CVE-2026-5877 at SUSE CVE-2026-5877 at NVD CVE-2026-5878 at SUSE CVE-2026-5878 at NVD CVE-2026-5879 at SUSE CVE-2026-5879 at NVD CVE-2026-5880 at SUSE CVE-2026-5880 at NVD CVE-2026-5881 at SUSE CVE-2026-5881 at NVD CVE-2026-5882 at SUSE CVE-2026-5882 at NVD CVE-2026-5883 at SUSE CVE-2026-5883 at NVD CVE-2026-5884 at SUSE CVE-2026-5884 at NVD CVE-2026-5885 at SUSE CVE-2026-5885 at NVD CVE-2026-5886 at SUSE CVE-2026-5886 at NVD CVE-2026-5887 at SUSE CVE-2026-5887 at NVD CVE-2026-5888 at SUSE CVE-2026-5888 at NVD CVE-2026-5889 at SUSE CVE-2026-5889 at NVD CVE-2026-5890 at SUSE CVE-2026-5890 at NVD CVE-2026-5891 at SUSE CVE-2026-5891 at NVD CVE-2026-5892 at SUSE CVE-2026-5892 at NVD CVE-2026-5893 at SUSE CVE-2026-5893 at NVD CVE-2026-5894 at SUSE CVE-2026-5894 at NVD CVE-2026-5895 at SUSE CVE-2026-5895 at NVD CVE-2026-5896 at SUSE CVE-2026-5896 at NVD CVE-2026-5897 at SUSE CVE-2026-5897 at NVD CVE-2026-5898 at SUSE CVE-2026-5898 at NVD CVE-2026-5899 at SUSE CVE-2026-5899 at NVD CVE-2026-5900 at SUSE CVE-2026-5900 at NVD CVE-2026-5901 at SUSE CVE-2026-5901 at NVD CVE-2026-5902 at SUSE CVE-2026-5902 at NVD CVE-2026-5903 at SUSE CVE-2026-5903 at NVD CVE-2026-5904 at SUSE CVE-2026-5904 at NVD CVE-2026-5905 at SUSE CVE-2026-5905 at NVD CVE-2026-5906 at SUSE CVE-2026-5906 at NVD CVE-2026-5907 at SUSE CVE-2026-5907 at NVD CVE-2026-5908 at SUSE CVE-2026-5908 at NVD CVE-2026-5909 at SUSE CVE-2026-5909 at NVD CVE-2026-5910 at SUSE CVE-2026-5910 at NVD CVE-2026-5911 at SUSE CVE-2026-5911 at NVD CVE-2026-5912 at SUSE CVE-2026-5912 at NVD CVE-2026-5913 at SUSE CVE-2026-5913 at NVD CVE-2026-5914 at SUSE CVE-2026-5914 at NVD CVE-2026-5915 at SUSE CVE-2026-5915 at NVD CVE-2026-5918 at SUSE CVE-2026-5918 at NVD CVE-2026-5919 at SUSE CVE-2026-5919 at NVD cpe:/o:opensuse:leap:15.6 Security update for zk (Moderate) openSUSE Leap 15.6 This update for zk fixes the following issues: - Update to version 0.15.2 * Find notes with missing backlinks using zk list --missing-backlink * LSP diagnostic for missing backlinks when other notes link to current note without reciprocal links * Code action to add missing backlinks * LSP diagnostic for self-referential links * Release tarballs now output the program version * Config path can be set with $ZK_CONFIG_DIR * bump deps: golang.org/x/crypto v0.45.0 fixes CVE-2025-58181 - Update to version 0.15.0 * fixed LSP crashes when editing code fences and/or working in text files with code fences * new feature to set a group path 'by name', in that any directory with the same name can share the same group rules, no matter how deep in the notebook. See references below. - Update to version 0.14.2 * Path in .zk/config.toml for the default note template now accepts UNIX '~/paths' * Find notes without tags with zk list --tagless * fix: LSP ignores magnet links as links to notes * fix: Note titles with double quoted words no longer break json output * fix: Grammar in error output * fix: Group rules could not be nested - Update to version 0.14.1 * Fixed parsing large notes @khimaros in #339 * fix day range parsing (#382) by @tjex in #384 * accept tripple dash file URIs as valid links by @tjex in #391 * fix(lsp): fix trigger completion of zk LSP by @Rahlir in #397 * fix(lsp): ignore diagnostic check within code blocks by @Rahlir in #399 * allow notebook as hidden dir by @tjex in #402 * documentation fixes Moderate CVE-2025-58181 at SUSE CVE-2025-58181 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Moderate) openSUSE Leap 15.6 This update for chromium fixes the following issues: - Chromium 144.0.7559.59 (boo#1256614) * CVE-2026-0899: Out of bounds memory access in V8 * CVE-2026-0900: Inappropriate implementation in V8 * CVE-2026-0901: Inappropriate implementation in Blink * CVE-2026-0902: Inappropriate implementation in V8 * CVE-2026-0903: Insufficient validation of untrusted input in Downloads * CVE-2026-0904: Incorrect security UI in Digital Credentials * CVE-2026-0905: Insufficient policy enforcement in Network * CVE-2026-0906: Incorrect security UI * CVE-2026-0907: Incorrect security UI in Split View * CVE-2026-0908: Use after free in ANGLE - use noopenh264 where available Moderate SUSE bug 1256614 CVE-2026-0899 at SUSE CVE-2026-0899 at NVD CVE-2026-0900 at SUSE CVE-2026-0900 at NVD CVE-2026-0901 at SUSE CVE-2026-0901 at NVD CVE-2026-0902 at SUSE CVE-2026-0902 at NVD CVE-2026-0903 at SUSE CVE-2026-0903 at NVD CVE-2026-0904 at SUSE CVE-2026-0904 at NVD CVE-2026-0905 at SUSE CVE-2026-0905 at NVD CVE-2026-0906 at SUSE CVE-2026-0906 at NVD CVE-2026-0907 at SUSE CVE-2026-0907 at NVD CVE-2026-0908 at SUSE CVE-2026-0908 at NVD cpe:/o:opensuse:leap:15.6 Security update for coredns (Important) openSUSE Leap 15.6 This update for coredns fixes the following issues: - CVE-2025-68156: Fixed a denial of service due to uncontrolled recursion in expression evaluation (bsc#1255345) - Update to version 1.14.0: * core: Fix gosec G115 integer overflow warnings * core: Add regex length limit * plugin/azure: Fix slice init length * plugin/errors: Add optional show_first flag to consolidate directive * plugin/file: Fix for misleading SOA parser warnings * plugin/kubernetes: Rate limits to api server * plugin/metrics: Implement plugin chain tracking * plugin/sign: Report parser err before missing SOA * build(deps): bump github.com/expr-lang/expr from 1.17.6 to 1.17.7 - Update to version 1.13.2: * core: Add basic support for DoH3 * core: Avoid proxy unnecessary alloc in Yield * core: Fix usage of sync.Pool to save an alloc * core: Fix data race with sync.RWMutex for uniq * core: Prevent QUIC reload panic by lazily initializing the listener * core: Refactor/use reflect.TypeFor * plugin/auto: Limit regex length * plugin/cache: Remove superfluous allocations in item.toMsg * plugin/cache: Isolate metadata in prefetch goroutine * plugin/cache: Correct spelling of MaximumDefaultTTL in cache and dnsutil packages * plugin/dnstap: Better error handling (redial & logging) when Dnstap is busy * plugin/file: Performance finetuning * plugin/forward: Disallow NOERROR in failover * plugin/forward: Added support for per-nameserver TLS SNI * plugin/forward: Prevent busy loop on connection err * plugin/forward: Add max connect attempts knob * plugin/geoip: Add ASN schema support * plugin/geoip: Add support for subdivisions * plugin/kubernetes: Fix kubernetes plugin logging * plugin/multisocket: Cap num sockets to prevent OOM * plugin/nomad: Support service filtering * plugin/rewrite: Pre-compile CNAME rewrite regexp * plugin/secondary: Fix reload causing secondary plugin goroutine to leak - Update to version 1.13.1: * core: Avoid string concatenation in loops * core: Update golang to 1.25.2 and golang.org/x/net to v0.45.0 on CVE fixes * plugin/sign: Reject invalid UTF‑8 dbfile token - Update to version 1.13.0: * core: Export timeout values in dnsserver.Server * core: Fix Corefile infinite loop on unclosed braces * core: Fix Corefile related import cycle issue * core: Normalize panics on invalid origins * core: Rely on dns.Server.ShutdownContext to gracefully stop * plugin/dnstap: Add bounds for plugin args * plugin/file: Fix data race in tree Elem.Name * plugin/forward: No failover to next upstream when receiving SERVFAIL or REFUSED response codes * plugin/grpc: Enforce DNS message size limits * plugin/loop: Prevent panic when ListenHosts is empty * plugin/loop: Avoid panic on invalid server block * plugin/nomad: Add a Nomad plugin * plugin/reload: Prevent SIGTERM/reload deadlock Important SUSE bug 1255345 CVE-2025-68156 at SUSE CVE-2025-68156 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-weasyprint (Important) openSUSE Leap 15.6 This update for python-weasyprint fixes the following issues: - CVE-2025-68616: Fixed a server-side request forgery in default fetcher (boo#1256936). Important SUSE bug 1256936 CVE-2025-68616 at SUSE CVE-2025-68616 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Moderate) openSUSE Leap 15.6 This update for chromium fixes the following issues: - Chromium 144.0.7559.96 (boo#1257011) * CVE-2026-1220: Race in V8 - update INSTALL.sh to handle the addded tags in the desktop file (boo#1256938) Moderate SUSE bug 1256938 SUSE bug 1257011 CVE-2026-1220 at SUSE CVE-2026-1220 at NVD cpe:/o:opensuse:leap:15.6 Security update for cacti, cacti-spine (Critical) openSUSE Leap 15.6 This update for cacti, cacti-spine fixes the following issues: cacti 1.2.30: - Unable to add new users - When using Automation Rules, specifying graph criteria may cause issues - When transferring a system from a backup if the poller has not run recently rrdtool issues are found - When translating, quotes may cause incorrect text to appear - When using Boost for the first time, warnings may appear - When refreshing forms, items may be checked incorrectly by xmacan cacti 1.2.29: - CVE-2025-22604 GHSA-c5j8-jxj3-hh36 - Authenticated RCE via multi-line SNMP responses (bsc#1236488) - CVE-2025-24368 GHSA-f9c7-7rc3-574c - SQL Injection vulnerability when using tree rules through Automation API (bsc#1236490) - CVE-2024-54145 GHSA-fh3x-69rr-qqpp - SQL Injection vulnerability when request automation devices (bsc#1236487) - CVE-2025-24367 GHSA-fxrq-fr7h-9rqq - Arbitrary File Creation leading to RCE (bsc#1236489) - CVE-2024-45598 GHSA-pv2c-97pp-vxwg - Local File Inclusion (LFI) Vulnerability via Poller Standard Error Log Path (bsc#1236482) - CVE-2024-54146 GHSA-vj9g-P7F2-4wqj - SQL Injection vulnerability when view host template (bsc#1236486) - issue: Temporary table names may incorrectly think they have a schema - issue: When using Preset Time to view graphs, it is using a fixed point rather than relative time - issue: Fix issue where RRA files are not automatically removed - issue: Fix invalid help link for Automation Networks - issue: Unable to disable a tree within the GUI - issue: When removing graphs, RRA files may be left behind - issue: Improve compatibility with ping under FreeBSD - issue: Improve compatibility wtih Slice RRD tool under PHP 8.x - issue: Allow IPv6 formats to use colons without port - issue: Update Fortigate, Aruba OSCX and Clearpass templates - issue: When a plugin is disabled, unable to use GUI to enable it again - issue: When upgrading, ensure that replication only runs as necessary - issue: Improve caching and syncing issues with replication - issue: Improve caching techniques for database calls - issue: Improve compatibility for Error constants under PHP 8.4 - issue: When running the upgrade database script, cursor is left in the middle of the row - issue: Guest page does not automatically refresh - issue: When installing, conversion of tables may produce collation errors - feature: Add HPE Nimble/Alletra template - feature: When installing, only convert core cacti tables - Add /srv/www directories to filelist [boo#1231027] - fix for cacti-cron.timer & cacti-cron.service failing after upgrade has already removed - replace cacti-cron.timer & cacti-cron.service with cactid.service to fix thold & other 'sub poller' poller processes not running. cacti 1.2.28: - CVE-2024-43365 GHSA-49f2-hwx9-qffr: XSS vulnerability when creating external links with the consolenewsection parameter (bsc#1231372) - CVE-2024-43364 GHSA-fgc6-g8gc-wcg5: XSS vulnerability when creating external links with the title parameter (bsc#1231371) - CVE-2024-43363 GHSA-gxq4-mv8h-6qj4: RCE vulnerability can be executed via Log Poisoning (bsc#1231370) - CVE-2024-43362 GHSA-wh9c-v56x-v77c: XSS vulnerability when creating external links with the fileurl parameter - issue: When using LDAP authentication the first time, warnings may appear in logs - issue: When installing, a replication loop for plugin_realms may occur - issue: When installing, remote poller may attempt to sync with other pollers - issue: When a Data Query has a space, indexes may not be properly escaped - issue: Boost does not always order data source records properly - issue: Add IP address to the login audit for successful logins by xmacan - issue: Undefined variable error may sometimes occur when dealing with RRD output by MSS970 - issue: When export to CSV, only the first line of notes is included - issue: When rendering forms, missing default value can cause errors - issue: Allow hosted content to be executable for the links page - issue: When closing database connections, some may linger incorrectly - issue: When changing passwords, an infinite loop may occur by ddb4github - issue: When using Cacti Daemon, a 'Cron out of sync' message may be reported - issue: Add ability to filter/sort users by group or last login time - issue: When using List View, unable to add Graphs to a Report - issue: When using SNMPv3, some devices may show polling issues - issue: Limit table conversion to Cacti core tables - issue: Fix issues with posix-based kills on Windows - issue: When installing, password changes may fail on new installations - issue: When using structured RRD folders, permission issues may be flagged incorrectly - issue: When unable to locate a valid theme, new default will be Modern - issue: Properly cache the data source information for dsstats processing - issue: When reindexing, verify all fields may not work as intended - feature: Add ability to log database connections/disconnections - feature: Add Ping Method where connection refused assumes host is up - feature: When displaying graphs, default end time does not show full 24 hour period - feature: Add --id to remove_device.php - feature: Add Location and Site to Graph List View - feature: Add more verbose logging to Boost - feature: Update jQuery to 3.7.1 - feature: Update jQueryUI to 1.14.0 - feature: Update Purify.js to 3.1.6 - feature: Update billboard.js to 3.13.0 - feature: Improve the performance of the repopulation of the poller cache Changes in cacti-spine: cacti-spine 1.2.30: - no changes - Bump/rebuild to match Cacti 1.2.30 cacti-spine 1.2.28: - When using Ping or SNMP Uptime, host is not always detected properly - Add Ping Method where connection refused assumes host is up Critical SUSE bug 1231027 SUSE bug 1231369 SUSE bug 1231370 SUSE bug 1231371 SUSE bug 1231372 SUSE bug 1236482 SUSE bug 1236486 SUSE bug 1236487 SUSE bug 1236488 SUSE bug 1236489 SUSE bug 1236490 CVE-2024-43362 at SUSE CVE-2024-43362 at NVD CVE-2024-43363 at SUSE CVE-2024-43363 at NVD CVE-2024-43364 at SUSE CVE-2024-43364 at NVD CVE-2024-43365 at SUSE CVE-2024-43365 at NVD CVE-2024-45598 at SUSE CVE-2024-45598 at NVD CVE-2024-54145 at SUSE CVE-2024-54145 at NVD CVE-2024-54146 at SUSE CVE-2024-54146 at NVD CVE-2025-22604 at SUSE CVE-2025-22604 at NVD CVE-2025-24367 at SUSE CVE-2025-24367 at NVD CVE-2025-24368 at SUSE CVE-2025-24368 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 Chromium was updated to fix the following issues: Chromium 144.0.7559.109 (boo#1257404) * CVE-2026-1504: Inappropriate implementation in Background Fetch API Important SUSE bug 1257404 CVE-2026-1504 at SUSE CVE-2026-1504 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Django (Important) openSUSE Leap 15.6 This update for python-Django fixes the following issues: - CVE-2026-1312: Fixed potential SQL injection via QuerySet.order_by and FilteredRelation (bsc#1257408). - CVE-2026-1287: Fixed potential SQL injection in column aliases via control characters (bsc#1257407). - CVE-2026-1207: Fixed potential SQL injection via raster lookups on PostGIS (bsc#1257405). - CVE-2026-1285: Fixed potential denial-of-service in django.utils.text.Truncator HTML methods (bsc#1257406). - CVE-2025-13473: Fixed username enumeration through timing difference in mod_wsgi authentication handler (bsc#1257401). Important SUSE bug 1257401 SUSE bug 1257405 SUSE bug 1257406 SUSE bug 1257407 SUSE bug 1257408 CVE-2025-13473 at SUSE CVE-2025-13473 at NVD CVE-2026-1207 at SUSE CVE-2026-1207 at NVD CVE-2026-1285 at SUSE CVE-2026-1285 at NVD CVE-2026-1287 at SUSE CVE-2026-1287 at NVD CVE-2026-1312 at SUSE CVE-2026-1312 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: - Chromium 144.0.7559.132 (boo#1257650) * CVE-2026-1861: Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. * CVE-2026-1862: Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Important SUSE bug 1257650 CVE-2026-1861 at SUSE CVE-2026-1861 at NVD CVE-2026-1862 at SUSE CVE-2026-1862 at NVD cpe:/o:opensuse:leap:15.6 Security update for assimp (Moderate) openSUSE Leap 15.6 This update for assimp fixes the following issues: - CVE-2025-3548: Fixed denial of service when processing malformed files which may lead to an out-of-bounds read (boo#1241367). Moderate SUSE bug 1241367 CVE-2025-3548 at SUSE CVE-2025-3548 at NVD cpe:/o:opensuse:leap:15.6 Security update for htmldoc (Important) openSUSE Leap 15.6 This update for htmldoc fixes the following issues: - CVE-2024-46478: Fixed buffer overflow when handling tabs through the parse_pre function (boo#1232380). Important SUSE bug 1232380 CVE-2024-46478 at SUSE CVE-2024-46478 at NVD cpe:/o:opensuse:leap:15.6 Security update for dcmtk (Moderate) openSUSE Leap 15.6 This update for dcmtk fixes the following issues: - Update to 3.7.0. See docs/CHANGES.370 for the full list of changes * CVE-2025-14841: invalid messages may trigger a segmentation fault due to a NULL pointer dereference (boo#1255292). * CVE-2025-14607: manipulation to component dcmdata could lead to memory corruption (boo#1255464). - Avoid unnecessary dependencies (boo#1254123): Moderate SUSE bug 1254123 SUSE bug 1255292 SUSE bug 1255464 CVE-2025-14607 at SUSE CVE-2025-14607 at NVD CVE-2025-14841 at SUSE CVE-2025-14841 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: - fix INSTALL.sh again to replace the tags in desktop file, appdata and manpage (boo#1258199) - Chromium 145.0.7632.75: * CVE-2026-2441: Use after free in CSS (boo#1258185) - Chromium 145.0.7632.67: * Revert a change in url_fixer that may have caused crashes - Chromium 145.0.7632.45 (boo#1258116) * jpeg-xl support has been readded * CVE-2026-2313: Use after free in CSS * CVE-2026-2314: Heap buffer overflow in Codecs * CVE-2026-2315: Inappropriate implementation in WebGPU * CVE-2026-2316: Insufficient policy enforcement in Frames * CVE-2026-2317: Inappropriate implementation in Animation * CVE-2026-2318: Inappropriate implementation in PictureInPicture * CVE-2026-2319: Race in DevTools * CVE-2026-2320: Inappropriate implementation in File input * CVE-2026-2321: Use after free in Ozone * CVE-2026-2322: Inappropriate implementation in File input * CVE-2026-2323: Inappropriate implementation in Downloads Important SUSE bug 1258116 SUSE bug 1258185 SUSE bug 1258199 CVE-2026-2313 at SUSE CVE-2026-2313 at NVD CVE-2026-2314 at SUSE CVE-2026-2314 at NVD CVE-2026-2315 at SUSE CVE-2026-2315 at NVD CVE-2026-2316 at SUSE CVE-2026-2316 at NVD CVE-2026-2317 at SUSE CVE-2026-2317 at NVD CVE-2026-2318 at SUSE CVE-2026-2318 at NVD CVE-2026-2319 at SUSE CVE-2026-2319 at NVD CVE-2026-2320 at SUSE CVE-2026-2320 at NVD CVE-2026-2321 at SUSE CVE-2026-2321 at NVD CVE-2026-2322 at SUSE CVE-2026-2322 at NVD CVE-2026-2323 at SUSE CVE-2026-2323 at NVD CVE-2026-2441 at SUSE CVE-2026-2441 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-nltk (Important) openSUSE Leap 15.6 This update for python-nltk fixes the following issues: - CVE-2025-14009: Fixed Secure ZIP extraction (boo#1258436) Important SUSE bug 1258436 CVE-2025-14009 at SUSE CVE-2025-14009 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: - Chromium 145.0.7632.109 (boo#1258438): * CVE-2026-2648: Heap buffer overflow in PDFium * CVE-2026-2649: Integer overflow in V8 * CVE-2026-2650: Heap buffer overflow in Media Important SUSE bug 1258438 CVE-2026-2648 at SUSE CVE-2026-2648 at NVD CVE-2026-2649 at SUSE CVE-2026-2649 at NVD CVE-2026-2650 at SUSE CVE-2026-2650 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium, noopenh264 (Important) openSUSE Leap 15.6 This update for chromium, noopenh264 fixes the following issues: Changes in chromium: - Chromium 143.0.7499.192 (boo#1256067): * CVE-2026-0628: Insufficient policy enforcement in WebView tag - Chromium 143.0.7499.169 (stable released 2025-12-18) * no cve listed yet Changes in noopenh264: - Introducing the package. Important SUSE bug 1256067 CVE-2026-0628 at SUSE CVE-2026-0628 at NVD cpe:/o:opensuse:leap:15.6 Security update for openQA, openQA-devel-container, os-autoinst (Moderate) openSUSE Leap 15.6 This update for openQA, openQA-devel-container, os-autoinst fixes the following issues: Changes in openQA: - Update to version 5.1771422749.560a3b26: * fix(mcp): set navbar check expression to read-only * feat: support inverted result filters in /tests/overview * fix(test): Enable helm install-chart test again * git subrepo pull (merge) --force external/os-autoinst-common * feat: Make allowed hosts for SCENARIO_DEFINITIONS_YAML_FILE configurable * test: Consider everything under `lib/OpenQA/Shared/` covered * fix: Provide specific error message if job was removed `enqueue_…_track` * refactor: Remove useless error message in `enqueue_and_keep_track` * test: Cover case of successful executing in `enqueue_and_keep_track` * refactor: Simplify error handling of `enqueue_and_keep_track` * test: Cover error handling of `enqueue_and_keep_track` * test: Consider shared session controller fully covered * refactor: Avoid duplications in sessions controller * refactor: Use signatures in session controller code * test: Cover error handling in case of a bad CRSF token * test: Cover test route for session * fix(worker): reject jobs explicitly when worker is stopping * feat: Remove workaround for codecov and gpg * feat: Switch to Leap 16 in Helm charts * feat: Switch to Leap 16.0 in openqa_data container * feat: Replace all Leap 15.6 with 16.0 in docs and scripts * test: Cover showing special image when backend has terminated * fix: Use new apachectl command * Update openQA containers to Leap 16.0 * test: Extend tests for controller handling live view * refactor: Move throttling into its own function * feat(throttling): throttle jobs resources based on parameters size * refactor: Avoid repeated use of `$t->app->minion` in gru tasks tests * feat: Allow archiving jobs with infinite important storage durations * feat: Flag jobs without results as archived for consistency * feat: Remove one corner case preventing jobs from being archived - Update to version 5.1770718745.ce2072d3: * feat(ui): use clickable test overview summary counts for quick filtering * build(Makefile): fix uninterruptable tests * docs: Mention caveats of `…_cleanup_max_free_percentage` setting * test(25-cache-service): fix race conditions * test(ui/21-admin-needles): properly wait for modal dialog and deletion * test(ui/13-admin): properly wait for API key deletion * test(40-openqa-clone-job): properly isolate from system config * test(15-asset): bump timeout to current runtime * chore: fix CVE-2026-25547 (boo#1257852) by overriding minimatch * build(deps-dev): bump @eslint from 9.36.0 to 9.38.0 * fix(eslint): correct style to be eslint-9.38 compliant * build(deps-dev): bump @eslint-community/regexpp from 4.12.1 to 4.12.2 * build(deps-dev): bump @eslint/config-array from 0.21.0 to 0.21.1 * build(deps-dev): bump @eslint/object-schema from 2.1.6 to 2.1.7 * refactor: Improve variable names in function to determine expired jobs * test: Improve name of subtest for archiving * test: Verify that archiving works regardless of logs/results present * Dependency cron 2026-02-06 * Bump js-yaml from 4.1.0 to 4.1.1 * build(deps): bump ace-builds from 1.43.3 to 1.43.4 - Update to version 5.1770308102.12dfd0e4: * fix: Configure sudoers correctly in Leap 16 * Also use devel:openQA/16.0 in dependency bot workflow * test: Consider all controller code covered * refactor: Remove unused 'group connect' endpoints * test: Cover `openqa_jobs_by_worker` field of InfluxDB endpoint * test: Cover all cases of search of audit log table * refactor: Simplify function to render audit log index page * test: Add test for `eventid` parameter of audit log page * test: Cover remaining lines of `Asset.pm` Changes in os-autoinst: - Update to version 5.1771353921.c8005c9: * git subrepo pull (merge) --force external/os-autoinst-common * style: Fix crop.py style issues * workaround: Remove 'get_mempolicy' warning from qemu-img output * parse_extra_log: Allow passing additional args to upload_logs * refactor: Distinguish tests by the script path in `loadtest` * refactor: Simplify approach for avoiding redefine warnings - Update to version 5.1770715824.6a80a85: * style: Fix crop.py style issues * workaround: Remove 'get_mempolicy' warning from qemu-img output * parse_extra_log: Allow passing additional args to upload_logs * refactor: Distinguish tests by the script path in `loadtest` * refactor: Simplify approach for avoiding redefine warnings * test: Allow running tests with `Test::Warnings<0.033` * test: Format test of `loadtestdir` in a more compact way - Update to version 5.1770127521.c249fe9: * refactor: Distinguish tests by the script path in `loadtest` * refactor: Simplify approach for avoiding redefine warnings * test: Allow running tests with `Test::Warnings<0.033` * test: Format test of `loadtestdir` in a more compact way * test: Use `ENABLE_MODERN_PERL_FEATURES=1` in test suite * feat: Allow enabling strict/warnings/signatures globally * fix: Improve wrong comment about enablement of modern Perl features Changes in openQA-devel-container: - Update to version 5.1771422749.560a3b26b: * Update to latest openQA version Moderate SUSE bug 1257852 CVE-2026-25547 at SUSE CVE-2026-25547 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: - Chromium 145.0.7632.116 (boo#1258733): * CVE-2026-3061: Out of bounds read in Media * CVE-2026-3062: Out of bounds read and write in Tint * CVE-2025-3063: Inappropriate implementation in DevTools Important SUSE bug 1258733 CVE-2025-3063 at SUSE CVE-2025-3063 at NVD CVE-2026-3061 at SUSE CVE-2026-3061 at NVD CVE-2026-3062 at SUSE CVE-2026-3062 at NVD cpe:/o:opensuse:leap:15.6 Security update for roundcubemail (Important) openSUSE Leap 15.6 This update for roundcubemail fixes the following issues: - update to 1.6.13 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security vulnerabilities: + Fix CSS injection vulnerability reported by CERT Polska (boo#1258052, CVE-2026-26079). + Fix remote image blocking bypass via SVG content reported by nullcathedral (boo#1257909, CVE-2026-25916). This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. Please do backup your data before updating! CHANGELOG + Managesieve: Fix handling of string-list format values for date tests in Out of Office (#10075) + Fix CSS injection vulnerability reported by CERT Polska. + Fix remote image blocking bypass via SVG content reported by nullcathedral. - update to 1.6.12 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security vulnerabilities: + Fix Cross-Site-Scripting vulnerability via SVG's animate tag reported by Valentin T., CrowdStrike (boo#1255308, CVE-2025-68461). + Fix Information Disclosure vulnerability in the HTML style sanitizer reported by somerandomdev (boo#1255306, CVE-2025-68460). This version is considered stable and we recommend to update all productive installations of Roundcube 1.6.x with it. + Support IPv6 in database DSN (#9937) + Don't force specific error_reporting setting + Fix compatibility with PHP 8.5 regarding array_first() + Remove X-XSS-Protection example from .htaccess file (#9875) + Fix 'Assign to group' action state after creation of a first group (#9889) + Fix bug where contacts search would fail if contactlist_fields contained vcard fields (#9850) + Fix bug where an mbox export file could include inconsistent message delimiters (#9879) + Fix parsing of inline styles that aren't well-formatted (#9948) + Fix Cross-Site-Scripting vulnerability via SVG's animate tag + Fix Information Disclosure vulnerability in the HTML style sanitizer Important SUSE bug 1255306 SUSE bug 1255308 SUSE bug 1257909 SUSE bug 1258052 CVE-2025-68460 at SUSE CVE-2025-68460 at NVD CVE-2025-68461 at SUSE CVE-2025-68461 at NVD CVE-2026-25916 at SUSE CVE-2026-25916 at NVD CVE-2026-26079 at SUSE CVE-2026-26079 at NVD cpe:/o:opensuse:leap:15.6 Security update for libaec (Moderate) openSUSE Leap 15.6 This update for libaec fixes the following issues: Libaec was updated to version 1.1.6 to fix a buffer overflow [bnc#1258965]. Moderate SUSE bug 1258965 cpe:/o:opensuse:leap:15.6 Security update for gitea-tea (Moderate) openSUSE Leap 15.6 This update for gitea-tea fixes the following issues: - update to 0.12.0: * New Features - Add tea actions commands for managing workflow runs and workflows in #880, #796 - Add tea api subcommand for arbitrary API calls not covered by existing commands in #879 - Add repository webhook management commands in #798 - Add JSON output support for single PR view in #864 - Add JSON output and file redirection for issue detail view in #841 - Support creating AGit flow pull requests in #867 * Bug Fixes - Fix authentication via environment variables when specifying repo argument in #809 - Fix issue detail view ignoring --owner flag in #899 - Fix PR create crash in #823 - Fix TTY prompt handling in #897 - Fix termenv OSC RGBA handling in #907 - Fix labels delete command and --id flag type in #865 - Fix delete repo command description in #858 - Fix pagination flags for secrets list, webhooks list, and pull requests list in #853, #852, - #851 - Enable git worktree support and improve PR create error handling in #850 - Only prompt for SSH passphrase when necessary in #844 - Only prompt for login confirmation when no default login is set in #839 - Skip token uniqueness check when using SSH authentication in #898 - Require non-empty token in GetLoginByToken in #895 - Fix config file permissions to remove group read/write in #856 * Improvements - Add file locking for safe concurrent access to config file in #881 - Improve error messages throughout the CLI in #871 - Send consistent HTTP request headers in #888 - Revert requiring HTTP/HTTPS login URLs; restore SSH as a login method in #891 - Refactor context into dedicated subpackages in #873, #888 - General code cleanup and improvements in #869, #870 - Add test coverage for login matching in #820 * Build & Dependencies - Build with Go 1.25 in #886 - Build for Windows aarch64 - Update Gitea SDK version in #868 - Update Nix flake in #872 - Update dependencies including lipgloss v2, urfave/cli v3.6.2, go-git v5.16.5, and various Go modules in #849, #875, #876, #878, #884, #885, #900, #901, #904, #905 - Update CI actions (checkout v6, setup-go v6) in #882, #883 Moderate CVE-2025-47911 at SUSE CVE-2025-47911 at NVD CVE-2025-58190 at SUSE CVE-2025-58190 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: Chromium 145.0.7632.159 (boo#1259213) * CVE-2026-3536: Integer overflow in ANGLE * CVE-2026-3537: Object lifecycle issue in PowerVR * CVE-2026-3538: Integer overflow in Skia * CVE-2026-3539: Object lifecycle issue in DevTools * CVE-2026-3540: Inappropriate implementation in WebAudio * CVE-2026-3541: Inappropriate implementation in CSS * CVE-2026-3542: Inappropriate implementation in WebAssembly * CVE-2026-3543: Inappropriate implementation in V8 * CVE-2026-3544: Heap buffer overflow in WebCodecs * CVE-2026-3545: Insufficient data validation in Navigation Important SUSE bug 1259213 CVE-2026-3536 at SUSE CVE-2026-3536 at NVD CVE-2026-3537 at SUSE CVE-2026-3537 at NVD CVE-2026-3538 at SUSE CVE-2026-3538 at NVD CVE-2026-3539 at SUSE CVE-2026-3539 at NVD CVE-2026-3540 at SUSE CVE-2026-3540 at NVD CVE-2026-3541 at SUSE CVE-2026-3541 at NVD CVE-2026-3542 at SUSE CVE-2026-3542 at NVD CVE-2026-3543 at SUSE CVE-2026-3543 at NVD CVE-2026-3544 at SUSE CVE-2026-3544 at NVD CVE-2026-3545 at SUSE CVE-2026-3545 at NVD cpe:/o:opensuse:leap:15.6 Security update for coredns (Important) openSUSE Leap 15.6 This update for coredns fixes the following issues: Update to version 1.14.2: - CVE-2026-26017: Fixed DNS access control bypass due to default execution order of plugins and TOCTOU flaw (bsc#1259320). - CVE-2026-26018: Fixed denial of service in the loop detection plugin due to predictable PRNG combined with fatal error handler (bsc#1259319). Update to version 1.14.1: - This release primarily addresses security vulnerabilities affecting Go versions prior to Go 1.25.6 and Go 1.24.12 (CVE-2025-61728, CVE-2025-61726, CVE-2025-68121, CVE-2025-61731, CVE-2025-68119). - CVE-2025-68156: Fixed uncontrolled recursion in expression evaluation can cause a denial of service (bsc#1255345). Important SUSE bug 1255345 SUSE bug 1259319 SUSE bug 1259320 CVE-2025-61726 at SUSE CVE-2025-61726 at NVD CVE-2025-61728 at SUSE CVE-2025-61728 at NVD CVE-2025-61731 at SUSE CVE-2025-61731 at NVD CVE-2025-68119 at SUSE CVE-2025-68119 at NVD CVE-2025-68121 at SUSE CVE-2025-68121 at NVD CVE-2025-68156 at SUSE CVE-2025-68156 at NVD CVE-2026-26017 at SUSE CVE-2026-26017 at NVD CVE-2026-26018 at SUSE CVE-2026-26018 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: - Chromium 146.0.7680.80: * CVE-2026-3909: Out of bounds write in Skia (boo#1259659) - Chromium 146.0.7680.75: * CVE-2026-3910: Inappropriate implementation in V8 (boo#1259648) - Chromium 146.0.7680.71 (released 2026-03-11) (boo#1259530) * CVE-2026-3913: Heap buffer overflow in WebML * CVE-2026-3914: Integer overflow in WebML * CVE-2026-3915: Heap buffer overflow in WebML * CVE-2026-3916: Out of bounds read in Web Speech * CVE-2026-3917: Use after free in Agents * CVE-2026-3918: Use after free in WebMCP * CVE-2026-3919: Use after free in Extensions * CVE-2026-3920: Out of bounds memory access in WebML * CVE-2026-3921: Use after free in TextEncoding * CVE-2026-3922: Use after free in MediaStream * CVE-2026-3923: Use after free in WebMIDI * CVE-2026-3924: Use after free in WindowDialog * CVE-2026-3925: Incorrect security UI in LookalikeChecks * CVE-2026-3926: Out of bounds read in V8 * CVE-2026-3927: Incorrect security UI in PictureInPicture * CVE-2026-3928: Insufficient policy enforcement in Extensions * CVE-2026-3929: Side-channel information leakage in ResourceTiming * CVE-2026-3930: Unsafe navigation in Navigation * CVE-2026-3931: Heap buffer overflow in Skia * CVE-2026-3932: Insufficient policy enforcement in PDF * CVE-2026-3934: Insufficient policy enforcement in ChromeDriver * CVE-2026-3935: Incorrect security UI in WebAppInstalls * CVE-2026-3936: Use after free in WebView * CVE-2026-3937: Incorrect security UI in Downloads * CVE-2026-3938: Insufficient policy enforcement in Clipboard * CVE-2026-3939: Insufficient policy enforcement in PDF * CVE-2026-3940: Insufficient policy enforcement in DevTools * CVE-2026-3941: Insufficient policy enforcement in DevTools * CVE-2026-3942: Incorrect security UI in PictureInPicture Important SUSE bug 1259530 SUSE bug 1259648 SUSE bug 1259659 CVE-2026-3909 at SUSE CVE-2026-3909 at NVD CVE-2026-3910 at SUSE CVE-2026-3910 at NVD CVE-2026-3913 at SUSE CVE-2026-3913 at NVD CVE-2026-3914 at SUSE CVE-2026-3914 at NVD CVE-2026-3915 at SUSE CVE-2026-3915 at NVD CVE-2026-3916 at SUSE CVE-2026-3916 at NVD CVE-2026-3917 at SUSE CVE-2026-3917 at NVD CVE-2026-3918 at SUSE CVE-2026-3918 at NVD CVE-2026-3919 at SUSE CVE-2026-3919 at NVD CVE-2026-3920 at SUSE CVE-2026-3920 at NVD CVE-2026-3921 at SUSE CVE-2026-3921 at NVD CVE-2026-3922 at SUSE CVE-2026-3922 at NVD CVE-2026-3923 at SUSE CVE-2026-3923 at NVD CVE-2026-3924 at SUSE CVE-2026-3924 at NVD CVE-2026-3925 at SUSE CVE-2026-3925 at NVD CVE-2026-3926 at SUSE CVE-2026-3926 at NVD CVE-2026-3927 at SUSE CVE-2026-3927 at NVD CVE-2026-3928 at SUSE CVE-2026-3928 at NVD CVE-2026-3929 at SUSE CVE-2026-3929 at NVD CVE-2026-3930 at SUSE CVE-2026-3930 at NVD CVE-2026-3931 at SUSE CVE-2026-3931 at NVD CVE-2026-3932 at SUSE CVE-2026-3932 at NVD CVE-2026-3934 at SUSE CVE-2026-3934 at NVD CVE-2026-3935 at SUSE CVE-2026-3935 at NVD CVE-2026-3936 at SUSE CVE-2026-3936 at NVD CVE-2026-3937 at SUSE CVE-2026-3937 at NVD CVE-2026-3938 at SUSE CVE-2026-3938 at NVD CVE-2026-3939 at SUSE CVE-2026-3939 at NVD CVE-2026-3940 at SUSE CVE-2026-3940 at NVD CVE-2026-3941 at SUSE CVE-2026-3941 at NVD CVE-2026-3942 at SUSE CVE-2026-3942 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-simpleeval (Important) openSUSE Leap 15.6 This update for python-simpleeval fixes the following issues: - CVE-2026-32640: Objects (including modules) can leak dangerous modules through to direct access inside the sandbox (boo#1259685) Important SUSE bug 1259685 CVE-2026-32640 at SUSE CVE-2026-32640 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: - Chromium 146.0.7680.153 (boo#1259964): * CVE-2026-4439: Out of bounds memory access in WebGL * CVE-2026-4440: Out of bounds read and write in WebGL * CVE-2026-4441: Use after free in Base * CVE-2026-4442: Heap buffer overflow in CSS * CVE-2026-4443: Heap buffer overflow in WebAudio * CVE-2026-4444: Stack buffer overflow in WebRTC * CVE-2026-4445: Use after free in WebRTC * CVE-2026-4446: Use after free in WebRTC * CVE-2026-4447: Inappropriate implementation in V8 * CVE-2026-4448: Heap buffer overflow in ANGLE * CVE-2026-4449: Use after free in Blink * CVE-2026-4450: Out of bounds write in V8 * CVE-2026-4451: Insufficient validation of untrusted input in Navigation * CVE-2026-4452: Integer overflow in ANGLE * CVE-2026-4453: Integer overflow in Dawn * CVE-2026-4454: Use after free in Network * CVE-2026-4455: Heap buffer overflow in PDFium * CVE-2026-4456: Use after free in Digital Credentials API * CVE-2026-4457: Type Confusion in V8 * CVE-2026-4458: Use after free in Extensions * CVE-2026-4459: Out of bounds read and write in WebAudio * CVE-2026-4460: Out of bounds read in Skia * CVE-2026-4461: Inappropriate implementation in V8 * CVE-2026-4462: Out of bounds read in Blink * CVE-2026-4463: Heap buffer overflow in WebRTC * CVE-2026-4464: Integer overflow in ANGLE - fix INSTALL.sh (upstream changed CHANNEL to channel in wrapper) Important SUSE bug 1259964 CVE-2026-4439 at SUSE CVE-2026-4439 at NVD CVE-2026-4440 at SUSE CVE-2026-4440 at NVD CVE-2026-4441 at SUSE CVE-2026-4441 at NVD CVE-2026-4442 at SUSE CVE-2026-4442 at NVD CVE-2026-4443 at SUSE CVE-2026-4443 at NVD CVE-2026-4444 at SUSE CVE-2026-4444 at NVD CVE-2026-4445 at SUSE CVE-2026-4445 at NVD CVE-2026-4446 at SUSE CVE-2026-4446 at NVD CVE-2026-4447 at SUSE CVE-2026-4447 at NVD CVE-2026-4448 at SUSE CVE-2026-4448 at NVD CVE-2026-4449 at SUSE CVE-2026-4449 at NVD CVE-2026-4450 at SUSE CVE-2026-4450 at NVD CVE-2026-4451 at SUSE CVE-2026-4451 at NVD CVE-2026-4452 at SUSE CVE-2026-4452 at NVD CVE-2026-4453 at SUSE CVE-2026-4453 at NVD CVE-2026-4454 at SUSE CVE-2026-4454 at NVD CVE-2026-4455 at SUSE CVE-2026-4455 at NVD CVE-2026-4456 at SUSE CVE-2026-4456 at NVD CVE-2026-4457 at SUSE CVE-2026-4457 at NVD CVE-2026-4458 at SUSE CVE-2026-4458 at NVD CVE-2026-4459 at SUSE CVE-2026-4459 at NVD CVE-2026-4460 at SUSE CVE-2026-4460 at NVD CVE-2026-4461 at SUSE CVE-2026-4461 at NVD CVE-2026-4462 at SUSE CVE-2026-4462 at NVD CVE-2026-4463 at SUSE CVE-2026-4463 at NVD CVE-2026-4464 at SUSE CVE-2026-4464 at NVD cpe:/o:opensuse:leap:15.6 Security update for chromium (Important) openSUSE Leap 15.6 This update for chromium fixes the following issues: - Chromium 146.0.7680.164 (boo#1260376) * CVE-2026-4673: Heap buffer overflow in WebAudio * CVE-2026-4674: Out of bounds read in CSS * CVE-2026-4675: Heap buffer overflow in WebGL * CVE-2026-4676: Use after free in Dawn * CVE-2026-4677: Out of bounds read in WebAudio * CVE-2026-4678: Use after free in WebGPU * CVE-2026-4679: Integer overflow in Fonts * CVE-2026-4680: Use after free in FedCM Important SUSE bug 1260376 CVE-2026-4673 at SUSE CVE-2026-4673 at NVD CVE-2026-4674 at SUSE CVE-2026-4674 at NVD CVE-2026-4675 at SUSE CVE-2026-4675 at NVD CVE-2026-4676 at SUSE CVE-2026-4676 at NVD CVE-2026-4677 at SUSE CVE-2026-4677 at NVD CVE-2026-4678 at SUSE CVE-2026-4678 at NVD CVE-2026-4679 at SUSE CVE-2026-4679 at NVD CVE-2026-4680 at SUSE CVE-2026-4680 at NVD cpe:/o:opensuse:leap:15.6 Security update for netty, netty-tcnative (Important) openSUSE Leap 15.6 This update for netty, netty-tcnative fixes the following issues: - CVE-2024-29025: Fixed out of memory due to large number of form fields (bsc#1222045). Important SUSE bug 1222045 CVE-2024-29025 at SUSE CVE-2024-29025 at NVD cpe:/o:opensuse:leap:15.6 Security update for cosign (Moderate) openSUSE Leap 15.6 This update for cosign fixes the following issues: - CVE-2024-29902: Fixed denial of service on host machine via remote image with a malicious attachments (bsc#1222835) - CVE-2024-29903: Fixed denial of service on host machine via malicious software artifacts (bsc#1222837) Other fixes: - Updated to 2.2.4 (jsc#SLE-23879) * Fixes for GHSA-88jx-383q-w4qc and GHSA-95pr-fxf5-86gv (#3661) * ErrNoSignaturesFound should be used when there is no signature attached to an image. (#3526) * fix semgrep issues for dgryski.semgrep-go ruleset (#3541) * Honor creation timestamp for signatures again (#3549) * Features * Adds Support for Fulcio Client Credentials Flow, and Argument to Set Flow Explicitly (#3578) Moderate SUSE bug 1222835 SUSE bug 1222837 CVE-2024-29902 at SUSE CVE-2024-29902 at NVD CVE-2024-29903 at SUSE CVE-2024-29903 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-11-openjdk (Low) openSUSE Leap 15.6 This update for java-11-openjdk fixes the following issues: - CVE-2024-21011: Fixed denial of service due to long Exception message logging (JDK-8319851,bsc#1222979) - CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup (JDK-8315708,bsc#1222987) - CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (JDK-8322122,bsc#1222983) - CVE-2024-21085: Fixed denial of service due to Pack200 excessive memory allocation (JDK-8322114,bsc#1222984) - CVE-2024-21094: Fixed unauthorized data modification due to C2 compilation failure with 'Exceeded _node_regs array' (JDK-8317507,JDK-8325348,bsc#1222986) Other fixes: - Upgrade to upstream tag jdk-11.0.23+9 (April 2024 CPU) * Security fixes + JDK-8318340: Improve RSA key implementations * Other changes + JDK-6928542: Chinese characters in RTF are not decoded + JDK-7132796: [macosx] closed/javax/swing/JComboBox/4517214/ /bug4517214.java fails on MacOS + JDK-7148092: [macosx] When Alt+down arrow key is pressed, the combobox popup does not appear. + JDK-8054022: HttpURLConnection timeouts with Expect: 100-Continue and no chunking + JDK-8054572: [macosx] JComboBox paints the border incorrectly + JDK-8058176: [mlvm] tests should not allow code cache exhaustion + JDK-8067651: LevelTransitionTest.java, fix trivial methods levels logic + JDK-8068225: nsk/jdi/EventQueue/remove_l/remove_l005 intermittently times out + JDK-8156889: ListKeychainStore.sh fails in some virtualized environments + JDK-8166275: vm/mlvm/meth/stress/compiler/deoptimize keeps timeouting + JDK-8166554: Avoid compilation blocking in OverloadCompileQueueTest.java + JDK-8169475: WheelModifier.java fails by timeout + JDK-8180266: Convert sun/security/provider/KeyStore/DKSTest.sh to Java Jtreg Test + JDK-8186610: move ModuleUtils to top-level testlibrary + JDK-8192864: defmeth tests can hide failures + JDK-8193543: Regression automated test '/open/test/jdk/java/ /awt/TrayIcon/SystemTrayInstance/SystemTrayInstanceTest.java' fails + JDK-8198668: MemoryPoolMBean/isUsageThresholdExceeded/ /isexceeded001/TestDescription.java still failing + JDK-8202282: [TESTBUG] appcds TestCommon .makeCommandLineForAppCDS() can be removed + JDK-8202790: DnD test DisposeFrameOnDragTest.java does not clean up + JDK-8202931: [macos] java/awt/Choice/ChoicePopupLocation/ /ChoicePopupLocation.java fails + JDK-8207211: [TESTBUG] Remove excessive output from CDS/AppCDS tests + JDK-8207214: Broken links in JDK API serialized-form page + JDK-8207855: Make applications/jcstress invoke tests in batches + JDK-8208243: vmTestbase/gc/lock/jni/jnilock002/ /TestDescription.java fails in jdk/hs nightly + JDK-8208278: [mlvm] [TESTBUG] vm.mlvm.mixed.stress.java .findDeadlock.INDIFY_Test Deadlocked threads are not always detected + JDK-8208623: [TESTBUG] runtime/LoadClass/LongBCP.java fails in AUFS file system + JDK-8208699: remove unneeded imports from runtime tests + JDK-8208704: runtime/appcds/MultiReleaseJars.java timed out often in hs-tier7 testing + JDK-8208705: [TESTBUG] The -Xlog:cds,cds+hashtables vm option is not always required for appcds tests + JDK-8209549: remove VMPropsExt from TEST.ROOT + JDK-8209595: MonitorVmStartTerminate.java timed out + JDK-8209946: [TESTBUG] CDS tests should use '@run driver' + JDK-8211438: [Testbug] runtime/XCheckJniJsig/XCheckJSig.java looks for libjsig in wrong location + JDK-8211978: Move testlibrary/jdk/testlibrary/ /SimpleSSLContext.java and testkeys to network testlibrary + JDK-8213622: Windows VS2013 build failure - ''snprintf': identifier not found' + JDK-8213926: WB_EnqueueInitializerForCompilation requests compilation for NULL + JDK-8213927: G1 ignores AlwaysPreTouch when UseTransparentHugePages is enabled + JDK-8214908: add ctw tests for jdk.jfr and jdk.management.jfr modules + JDK-8214915: CtwRunner misses export for jdk.internal.access + JDK-8216408: XMLStreamWriter setDefaultNamespace(null) throws NullPointerException + JDK-8217475: Unexpected StackOverflowError in 'process reaper' thread + JDK-8218754: JDK-8068225 regression in JDIBreakpointTest + JDK-8219475: javap man page needs to be updated + JDK-8219585: [TESTBUG] sun/management/jmxremote/bootstrap/ /JMXInterfaceBindingTest.java passes trivially when it shouldn't + JDK-8219612: [TESTBUG] compiler.codecache.stress.Helper .TestCaseImpl can't be defined in different runtime package as its nest host + JDK-8225471: Test utility jdk.test.lib.util.FileUtils .areAllMountPointsAccessible needs to tolerate duplicates + JDK-8226706: (se) Reduce the number of outer loop iterations on Windows in java/nio/channels/Selector/RacyDeregister.java + JDK-8226905: unproblem list applications/ctw/modules/* tests on windows + JDK-8226910: make it possible to use jtreg's -match via run-test framework + JDK-8227438: [TESTLIB] Determine if file exists by Files.exists in function FileUtils.deleteFileIfExistsWithRetry + JDK-8231585: java/lang/management/ThreadMXBean/ /MaxDepthForThreadInfoTest.java fails with java.lang.NullPointerException + JDK-8232839: JDI AfterThreadDeathTest.java failed due to 'FAILED: Did not get expected IllegalThreadStateException on a StepRequest.enable()' + JDK-8233453: MLVM deoptimize stress test timed out + JDK-8234309: LFGarbageCollectedTest.java fails with parse Exception + JDK-8237222: [macos] java/awt/Focus/UnaccessibleChoice/ /AccessibleChoiceTest.java fails + JDK-8237777: 'Dumping core ...' is shown despite claiming that '# No core dump will be written.' + JDK-8237834: com/sun/jndi/ldap/LdapDnsProviderTest.java failing with LDAP response read timeout + JDK-8238274: (sctp) JDK-7118373 is not fixed for SctpChannel + JDK-8239801: [macos] java/awt/Focus/UnaccessibleChoice/ /AccessibleChoiceTest.java fails + JDK-8244679: JVM/TI GetCurrentContendedMonitor/contmon001 failed due to '(IsSameObject#3) unexpected monitor object: 0x000000562336DBA8' + JDK-8246222: Rename javac test T6395981.java to be more informative + JDK-8247818: GCC 10 warning stringop-overflow with symbol code + JDK-8249087: Always initialize _body[0..1] in Symbol constructor + JDK-8251349: Add TestCaseImpl to OverloadCompileQueueTest.java's build dependencies + JDK-8251904: vmTestbase/nsk/sysdict/vm/stress/btree/btree010/ /btree010.java fails with ClassNotFoundException: nsk.sysdict.share.BTree0LLRLRLRRLR + JDK-8253543: sanity/client/SwingSet/src/ /ButtonDemoScreenshotTest.java failed with 'AssertionError: All pixels are not black' + JDK-8253739: java/awt/image/MultiResolutionImage/ /MultiResolutionImageObserverTest.java fails + JDK-8253820: Save test images and dumps with timestamps from client sanity suite + JDK-8255277: randomDelay in DrainDeadlockT and LoggingDeadlock do not randomly delay + JDK-8255546: Missing coverage for javax.smartcardio.CardPermission and ResponseAPDU + JDK-8255743: Relax SIGFPE match in in runtime/ErrorHandling/SecondaryErrorTest.java + JDK-8257505: nsk/share/test/StressOptions stressTime is scaled in getter but not when printed + JDK-8259801: Enable XML Signature secure validation mode by default + JDK-8264135: UnsafeGetStableArrayElement should account for different JIT implementation details + JDK-8265349: vmTestbase/../stress/compiler/deoptimize/ /Test.java fails with OOME due to CodeCache exhaustion. + JDK-8269025: jsig/Testjsig.java doesn't check exit code + JDK-8269077: TestSystemGC uses 'require vm.gc.G1' for large pages subtest + JDK-8271094: runtime/duplAttributes/DuplAttributesTest.java doesn't check exit code + JDK-8271224: runtime/EnclosingMethodAttr/EnclMethodAttr.java doesn't check exit code + JDK-8271828: mark hotspot runtime/classFileParserBug tests which ignore external VM flags + JDK-8271829: mark hotspot runtime/Throwable tests which ignore external VM flags + JDK-8271890: mark hotspot runtime/Dictionary tests which ignore external VM flags + JDK-8272291: mark hotspot runtime/logging tests which ignore external VM flags + JDK-8272335: runtime/cds/appcds/MoveJDKTest.java doesn't check exit codes + JDK-8272551: mark hotspot runtime/modules tests which ignore external VM flags + JDK-8272552: mark hotspot runtime/cds tests which ignore external VM flags + JDK-8273803: Zero: Handle 'zero' variant in CommandLineOptionTest.java + JDK-8274122: java/io/File/createTempFile/SpecialTempFile.java fails in Windows 11 + JDK-8274621: NullPointerException because listenAddress[0] is null + JDK-8276796: gc/TestSystemGC.java large pages subtest fails with ZGC + JDK-8280007: Enable Neoverse N1 optimizations for Arm Neoverse V1 & N2 + JDK-8281149: (fs) java/nio/file/FileStore/Basic.java fails with java.lang.RuntimeException: values differ by more than 1GB + JDK-8281377: Remove vmTestbase/nsk/monitoring/ThreadMXBean/ /ThreadInfo/Deadlock/JavaDeadlock001/TestDescription.java from problemlist. + JDK-8281717: Cover logout method for several LoginModule + JDK-8282665: [REDO] ByteBufferTest.java: replace endless recursion with RuntimeException in void ck(double x, double y) + JDK-8284090: com/sun/security/auth/module/AllPlatforms.java fails to compile + JDK-8285756: clean up use of bad arguments for `@clean` in langtools tests + JDK-8285785: CheckCleanerBound test fails with PasswordCallback object is not released + JDK-8285867: Convert applet manual tests SelectionVisible.java to Frame and automate + JDK-8286846: test/jdk/javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java fails on mac aarch64 + JDK-8286969: Add a new test library API to execute kinit in SecurityTools.java + JDK-8287113: JFR: Periodic task thread uses period for method sampling events + JDK-8289511: Improve test coverage for XPath Axes: child + JDK-8289764: gc/lock tests failed with 'OutOfMemoryError: Java heap space: failed reallocation of scalar replaced objects' + JDK-8289948: Improve test coverage for XPath functions: Node Set Functions + JDK-8290399: [macos] Aqua LAF does not fire an action event if combo box menu is displayed + JDK-8290909: MemoryPoolMBean/isUsageThresholdExceeded tests failed with 'isUsageThresholdExceeded() returned false, and is still false, while threshold = MMMMMMM and used peak = NNNNNNN' + JDK-8292182: [TESTLIB] Enhance JAXPPolicyManager to setup required permissions for jtreg version 7 jar + JDK-8292946: GC lock/jni/jnilock001 test failed 'assert(gch->gc_cause() == GCCause::_scavenge_alot || !gch->incremental_collection_failed()) failed: Twice in a row' + JDK-8293819: sun/util/logging/PlatformLoggerTest.java failed with 'RuntimeException: Retrieved backing PlatformLogger level null is not the expected CONFIG' + JDK-8294158: HTML formatting for PassFailJFrame instructions + JDK-8294254: [macOS] javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java failure + JDK-8294402: Add diagnostic logging to VMProps.checkDockerSupport + JDK-8294535: Add screen capture functionality to PassFailJFrame + JDK-8296083: javax/swing/JTree/6263446/bug6263446.java fails intermittently on a VM + JDK-8296384: [TESTBUG] sun/security/provider/SecureRandom/ /AbstractDrbg/SpecTest.java intermittently timeout + JDK-8299494: Test vmTestbase/nsk/stress/except/except011.java failed: ExceptionInInitializerError: target class not found + JDK-8300269: The selected item in an editable JComboBox with titled border is not visible in Aqua LAF + JDK-8300727: java/awt/List/ListGarbageCollectionTest/ /AwtListGarbageCollectionTest.java failed with 'List wasn't garbage collected' + JDK-8301310: The SendRawSysexMessage test may cause a JVM crash + JDK-8301377: adjust timeout for JLI GetObjectSizeIntrinsicsTest.java subtest again + JDK-8301846: Invalid TargetDataLine after screen lock when using JFileChooser or COM library + JDK-8302017: Allocate BadPaddingException only if it will be thrown + JDK-8302109: Trivial fixes to btree tests + JDK-8302149: Speed up compiler/jsr292/methodHandleExceptions/TestAMEnotNPE.java + JDK-8302607: increase timeout for ContinuousCallSiteTargetChange.java + JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM + JDK-8304314: StackWalkTest.java fails after CODETOOLS-7903373 + JDK-8304725: AsyncGetCallTrace can cause SIGBUS on M1 + JDK-8305502: adjust timeouts in three more M&M tests + JDK-8305505: NPE in javazic compiler + JDK-8305972: Update XML Security for Java to 3.0.2 + JDK-8306072: Open source several AWT MouseInfo related tests + JDK-8306076: Open source AWT misc tests + JDK-8306409: Open source AWT KeyBoardFocusManger, LightWeightComponent related tests + JDK-8306640: Open source several AWT TextArea related tests + JDK-8306652: Open source AWT MenuItem related tests + JDK-8306681: Open source more AWT DnD related tests + JDK-8306683: Open source several clipboard and color AWT tests + JDK-8306752: Open source several container and component AWT tests + JDK-8306753: Open source several container AWT tests + JDK-8306755: Open source few Swing JComponent and AbstractButton tests + JDK-8306812: Open source several AWT Miscellaneous tests + JDK-8306871: Open source more AWT Drag & Drop tests + JDK-8306996: Open source Swing MenuItem related tests + JDK-8307123: Fix deprecation warnings in DPrinter + JDK-8307130: Open source few Swing JMenu tests + JDK-8307299: Move more DnD tests to open + JDK-8307311: Timeouts on one macOS 12.6.1 host of two Swing JTableHeader tests + JDK-8307381: Open Source JFrame, JIF related Swing Tests + JDK-8307683: Loop Predication should not hoist range checks with trap on success projection by negating their condition + JDK-8308043: Deadlock in TestCSLocker.java due to blocking GC while allocating + JDK-8308116: jdk.test.lib.compiler.InMemoryJavaCompiler .compile does not close files + JDK-8308223: failure handler missed jcmd.vm.info command + JDK-8308232: nsk/jdb tests don't pass -verbose flag to the debuggee + JDK-8308245: Add -proc:full to describe current default annotation processing policy + JDK-8308336: Test java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java failed: java.net.BindException: Address already in use + JDK-8309104: [JVMCI] compiler/unsafe/ /UnsafeGetStableArrayElement test asserts wrong values with Graal + JDK-8309119: [17u/11u] Redo JDK-8297951: C2: Create skeleton predicates for all If nodes in loop predication + JDK-8309462: [AIX] vmTestbase/nsk/jvmti/RunAgentThread/ /agentthr001/TestDescription.java crashing due to empty while loop + JDK-8309778: java/nio/file/Files/CopyAndMove.java fails when using second test directory + JDK-8309870: Using -proc:full should be considered requesting explicit annotation processing + JDK-8310106: sun.security.ssl.SSLHandshake .getHandshakeProducer() incorrectly checks handshakeConsumers + JDK-8310238: [test bug] javax/swing/JTableHeader/6889007/ /bug6889007.java fails + JDK-8310551: vmTestbase/nsk/jdb/interrupt/interrupt001/ /interrupt001.java timed out due to missing prompt + JDK-8310807: java/nio/channels/DatagramChannel/Connect.java timed out + JDK-8311081: KeytoolReaderP12Test.java fail on localized Windows platform + JDK-8311511: Improve description of NativeLibrary JFR event + JDK-8311585: Add JRadioButtonMenuItem to bug8031573.java + JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074 + JDK-8313082: Enable CreateCoredumpOnCrash for testing in makefiles + JDK-8313164: src/java.desktop/windows/native/libawt/windows/ /awt_Robot.cpp GetRGBPixels adjust releasing of resources + JDK-8313252: Java_sun_awt_windows_ThemeReader_paintBackground release resources in early returns + JDK-8313643: Update HarfBuzz to 8.2.2 + JDK-8313816: Accessing jmethodID might lead to spurious crashes + JDK-8314144: gc/g1/ihop/TestIHOPStatic.java fails due to extra concurrent mark with -Xcomp + JDK-8314164: java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java fails intermittently in timeout + JDK-8314883: Java_java_util_prefs_FileSystemPreferences_lockFile0 write result errno in missing case + JDK-8315034: File.mkdirs() occasionally fails to create folders on Windows shared folder + JDK-8315042: NPE in PKCS7.parseOldSignedData + JDK-8315415: OutputAnalyzer.shouldMatchByLine() fails in some cases + JDK-8315499: build using devkit on Linux ppc64le RHEL puts path to devkit into libsplashscreen + JDK-8315594: Open source few headless Swing misc tests + JDK-8315600: Open source few more headless Swing misc tests + JDK-8315602: Open source swing security manager test + JDK-8315606: Open source few swing text/html tests + JDK-8315611: Open source swing text/html and tree test + JDK-8315680: java/lang/ref/ReachabilityFenceTest.java should run with -Xbatch + JDK-8315731: Open source several Swing Text related tests + JDK-8315761: Open source few swing JList and JMenuBar tests + JDK-8315986: [macos14] javax/swing/JMenuItem/4654927/ /bug4654927.java: component must be showing on the screen to determine its location + JDK-8316001: GC: Make TestArrayAllocatorMallocLimit use createTestJvm + JDK-8316028: Update FreeType to 2.13.2 + JDK-8316030: Update Libpng to 1.6.40 + JDK-8316106: Open source few swing JInternalFrame and JMenuBar tests + JDK-8316461: Fix: make test outputs TEST SUCCESS after unsuccessful exit + JDK-8316947: Write a test to check textArea triggers MouseEntered/MouseExited events properly + JDK-8317307: test/jdk/com/sun/jndi/ldap/ /LdapPoolTimeoutTest.java fails with ConnectException: Connection timed out: no further information + JDK-8317327: Remove JT_JAVA dead code in jib-profiles.js + JDK-8318154: Improve stability of WheelModifier.java test + JDK-8318410: jdk/java/lang/instrument/BootClassPath/ /BootClassPathTest.sh fails on Japanese Windows + JDK-8318468: compiler/tiered/LevelTransitionTest.java fails with -XX:CompileThreshold=100 -XX:TieredStopAtLevel=1 + JDK-8318603: Parallelize sun/java2d/marlin/ClipShapeTest.java + JDK-8318607: Enable parallelism in vmTestbase/nsk/stress/jni tests + JDK-8318608: Enable parallelism in vmTestbase/nsk/stress/threads tests + JDK-8318736: com/sun/jdi/JdwpOnThrowTest.java failed with 'transport error 202: bind failed: Address already in use' + JDK-8318889: C2: add bailout after assert Bad graph detected in build_loop_late + JDK-8318951: Additional negative value check in JPEG decoding + JDK-8318955: Add ReleaseIntArrayElements in Java_sun_awt_X11_XlibWrapper_SetBitmapShape XlbWrapper.c to early return + JDK-8318971: Better Error Handling for Jar Tool When Processing Non-existent Files + JDK-8318983: Fix comment typo in PKCS12Passwd.java + JDK-8319124: Update XML Security for Java to 3.0.3 + JDK-8319456: jdk/jfr/event/gc/collection/ /TestGCCauseWith[Serial|Parallel].java : GC cause 'GCLocker Initiated GC' not in the valid causes + JDK-8319668: Fixup of jar filename typo in BadFactoryTest.sh + JDK-8320001: javac crashes while adding type annotations to the return type of a constructor + JDK-8320208: Update Public Suffix List to b5bf572 + JDK-8320363: ppc64 TypeEntries::type_unknown logic looks wrong, missed optimization opportunity + JDK-8320597: RSA signature verification fails on signed data that does not encode params correctly + JDK-8320798: Console read line with zero out should zero out underlying buffer + JDK-8320884: Bump update version for OpenJDK: jdk-11.0.23 + JDK-8320937: support latest VS2022 MSC_VER in abstract_vm_version.cpp + JDK-8321151: JDK-8294427 breaks Windows L&F on all older Windows versions + JDK-8321215: Incorrect x86 instruction encoding for VSIB addressing mode + JDK-8321408: Add Certainly roots R1 and E1 + JDK-8321480: ISO 4217 Amendment 176 Update + JDK-8322178: Error. can't find jdk.testlibrary .SimpleSSLContext in test directory or libraries + JDK-8322417: Console read line with zero out should zero out when throwing exception + JDK-8322725: (tz) Update Timezone Data to 2023d + JDK-8322750: Test 'api/java_awt/interactive/ /SystemTrayTests.html' failed because A blue ball icon is added outside of the system tray + JDK-8322752: [11u] GetStackTraceAndRetransformTest.java is failing assert + JDK-8322772: Clean up code after JDK-8322417 + JDK-8323008: filter out harmful -std* flags added by autoconf from CXX + JDK-8323243: JNI invocation of an abstract instance method corrupts the stack + JDK-8323515: Create test alias 'all' for all test roots + JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/ /platform/docker/TestDockerMemoryMetrics.java always fail because OOM killed + JDK-8324184: Windows VS2010 build failed with 'error C2275: 'int64_t'' + JDK-8324307: [11u] hotspot fails to build with GCC 12 and newer (non-static data member initializers) + JDK-8324347: Enable 'maybe-uninitialized' warning for FreeType 2.13.1 + JDK-8324659: GHA: Generic jtreg errors are not reported + JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/ /AKISerialNumber.java is failing + JDK-8325150: (tz) Update Timezone Data to 2024a + JDK-8326109: GCC 13 reports maybe-uninitialized warnings for jni.cpp with dtrace enabled + JDK-8326503: [11u] java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java fail because of package org.junit.jupiter.api does not exist + JDK-8327391: Add SipHash attribution file + JDK-8329837: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.23 - Removed the possibility to use the system timezone-java (bsc#1213470) Low SUSE bug 1213470 SUSE bug 1222979 SUSE bug 1222983 SUSE bug 1222984 SUSE bug 1222986 SUSE bug 1222987 CVE-2024-21011 at SUSE CVE-2024-21011 at NVD CVE-2024-21012 at SUSE CVE-2024-21012 at NVD CVE-2024-21068 at SUSE CVE-2024-21068 at NVD CVE-2024-21085 at SUSE CVE-2024-21085 at NVD CVE-2024-21094 at SUSE CVE-2024-21094 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-17-openjdk (Low) openSUSE Leap 15.6 This update for java-17-openjdk fixes the following issues: - CVE-2024-21011: Fixed denial of service due to long Exception message logging (JDK-8319851,bsc#1222979) - CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup (JDK-8315708,bsc#1222987) - CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (JDK-8322122,bsc#1222983) - CVE-2024-21094: Fixed unauthorized data modification due to C2 compilation failure with 'Exceeded _node_regs array' (JDK-8317507,JDK-8325348,bsc#1222986) Other fixes: - Update to upstream tag jdk-17.0.11+9 (April 2024 CPU) * Security fixes + JDK-8318340: Improve RSA key implementations * Other changes + JDK-6928542: Chinese characters in RTF are not decoded + JDK-7132796: [macosx] closed/javax/swing/JComboBox/4517214/ /bug4517214.java fails on MacOS + JDK-7148092: [macosx] When Alt+down arrow key is pressed, the combobox popup does not appear. + JDK-7167356: (javac) investigate failing tests in JavacParserTest + JDK-8054022: HttpURLConnection timeouts with Expect: 100-Continue and no chunking + JDK-8054572: [macosx] JComboBox paints the border incorrectly + JDK-8169475: WheelModifier.java fails by timeout + JDK-8205076: [17u] Inet6AddressImpl.c: `lookupIfLocalHost` accesses `int InetAddress.preferIPv6Address` as a boolean + JDK-8209595: MonitorVmStartTerminate.java timed out + JDK-8210410: Refactor java.util.Currency:i18n shell tests to plain java tests + JDK-8261404: Class.getReflectionFactory() is not thread-safe + JDK-8261837: SIGSEGV in ciVirtualCallTypeData::translate_from + JDK-8263256: Test java/net/Inet6Address/serialize/ /Inet6AddressSerializationTest.java fails due to dynamic reconfigurations of network interface during test + JDK-8269258: java/net/httpclient/ManyRequestsLegacy.java failed with connection timeout + JDK-8271118: C2: StressGCM should have higher priority than frequency-based policy + JDK-8271616: oddPart in MutableBigInteger::mutableModInverse contains info on final result + JDK-8272811: Document the effects of building with _GNU_SOURCE in os_posix.hpp + JDK-8272853: improve `JavadocTester.runTests` + JDK-8273454: C2: Transform (-a)*(-b) into a*b + JDK-8274060: C2: Incorrect computation after JDK-8273454 + JDK-8274122: java/io/File/createTempFile/SpecialTempFile.java fails in Windows 11 + JDK-8274621: NullPointerException because listenAddress[0] is null + JDK-8274632: Possible pointer overflow in PretouchTask chunk claiming + JDK-8274634: Use String.equals instead of String.compareTo in java.desktop + JDK-8276125: RunThese24H.java SIGSEGV in JfrThreadGroup::thread_group_id + JDK-8278028: [test-library] Warnings cleanup of the test library + JDK-8278312: Update SimpleSSLContext keystore to use SANs for localhost IP addresses + JDK-8278363: Create extented container test groups + JDK-8280241: (aio) AsynchronousSocketChannel init fails in IPv6 only Windows env + JDK-8281377: Remove vmTestbase/nsk/monitoring/ThreadMXBean/ /ThreadInfo/Deadlock/JavaDeadlock001/TestDescription.java from problemlist. + JDK-8281543: Remove unused code/headerfile dtraceAttacher.hpp + JDK-8281585: Remove unused imports under test/lib and jtreg/gc + JDK-8283400: [macos] a11y : Screen magnifier does not reflect JRadioButton value change + JDK-8283626: AArch64: Set relocInfo::offset_unit to 4 + JDK-8283994: Make Xerces DatatypeException stackless + JDK-8286312: Stop mixing signed and unsigned types in bit operations + JDK-8286846: test/jdk/javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java fails on mac aarch64 + JDK-8287832: jdk/jfr/event/runtime/TestActiveSettingEvent.java failed with 'Expected two batches of Active Setting events' + JDK-8288663: JFR: Disabling the JfrThreadSampler commits only a partially disabled state + JDK-8288846: misc tests fail 'assert(ms < 1000) failed: Un-interruptable sleep, short time use only' + JDK-8289764: gc/lock tests failed with 'OutOfMemoryError: Java heap space: failed reallocation of scalar replaced objects' + JDK-8290041: ModuleDescriptor.hashCode is inconsistent + JDK-8290203: ProblemList vmTestbase/nsk/jvmti/scenarios/ /capability/CM03/cm03t001/TestDescription.java on linux-all + JDK-8290399: [macos] Aqua LAF does not fire an action event if combo box menu is displayed + JDK-8292458: Atomic operations on scoped enums don't build with clang + JDK-8292946: GC lock/jni/jnilock001 test failed 'assert(gch->gc_cause() == GCCause::_scavenge_alot || !gch->incremental_collection_failed()) failed: Twice in a row' + JDK-8293117: Add atomic bitset functions + JDK-8293547: Add relaxed add_and_fetch for macos aarch64 atomics + JDK-8294158: HTML formatting for PassFailJFrame instructions + JDK-8294254: [macOS] javax/swing/plaf/aqua/ /CustomComboBoxFocusTest.java failure + JDK-8294535: Add screen capture functionality to PassFailJFrame + JDK-8295068: SSLEngine throws NPE parsing CertificateRequests + JDK-8295124: Atomic::add to pointer type may return wrong value + JDK-8295274: HelidonAppTest.java fails 'assert(event->should_commit()) failed: invariant' from compiled frame' + JDK-8296631: NSS tests failing on OL9 linux-aarch64 hosts + JDK-8297968: Crash in PrintOptoAssembly + JDK-8298087: XML Schema Validation reports an required attribute twice via ErrorHandler + JDK-8299494: Test vmTestbase/nsk/stress/except/except011.java failed: ExceptionInInitializerError: target class not found + JDK-8300269: The selected item in an editable JComboBox with titled border is not visible in Aqua LAF + JDK-8301306: java/net/httpclient/* fail with -Xcomp + JDK-8301310: The SendRawSysexMessage test may cause a JVM crash + JDK-8301787: java/net/httpclient/SpecialHeadersTest failing after JDK-8301306 + JDK-8301846: Invalid TargetDataLine after screen lock when using JFileChooser or COM library + JDK-8302017: Allocate BadPaddingException only if it will be thrown + JDK-8302149: Speed up compiler/jsr292/methodHandleExceptions/ /TestAMEnotNPE.java + JDK-8303605: Memory leaks in Metaspace gtests + JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM + JDK-8304696: Duplicate class names in dynamicArchive tests can lead to test failure + JDK-8305356: Fix ignored bad CompileCommands in tests + JDK-8305900: Use loopback IP addresses in security policy files of httpclient tests + JDK-8305906: HttpClient may use incorrect key when finding pooled HTTP/2 connection for IPv6 address + JDK-8305962: update jcstress to 0.16 + JDK-8305972: Update XML Security for Java to 3.0.2 + JDK-8306014: Update javax.net.ssl TLS tests to use SSLContextTemplate or SSLEngineTemplate + JDK-8306408: Fix the format of several tables in building.md + JDK-8307185: pkcs11 native libraries make JNI calls into java code while holding GC lock + JDK-8307926: Support byte-sized atomic bitset operations + JDK-8307955: Prefer to PTRACE_GETREGSET instead of PTRACE_GETREGS in method 'ps_proc.c::process_get_lwp_regs' + JDK-8307990: jspawnhelper must close its writing side of a pipe before reading from it + JDK-8308043: Deadlock in TestCSLocker.java due to blocking GC while allocating + JDK-8308245: Add -proc:full to describe current default annotation processing policy + JDK-8308336: Test java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java failed: java.net.BindException: Address already in use + JDK-8309302: java/net/Socket/Timeouts.java fails with AssertionError on test temporal post condition + JDK-8309305: sun/security/ssl/SSLSocketImpl/ /BlockedAsyncClose.java fails with jtreg test timeout + JDK-8309462: [AIX] vmTestbase/nsk/jvmti/RunAgentThread/ /agentthr001/TestDescription.java crashing due to empty while loop + JDK-8309733: [macOS, Accessibility] VoiceOver: Incorrect announcements of JRadioButton + JDK-8309870: Using -proc:full should be considered requesting explicit annotation processing + JDK-8310106: sun.security.ssl.SSLHandshake .getHandshakeProducer() incorrectly checks handshakeConsumers + JDK-8310238: [test bug] javax/swing/JTableHeader/6889007/ /bug6889007.java fails + JDK-8310380: Handle problems in core-related tests on macOS when codesign tool does not work + JDK-8310631: test/jdk/sun/nio/cs/TestCharsetMapping.java is spuriously passing + JDK-8310807: java/nio/channels/DatagramChannel/Connect.java timed out + JDK-8310838: Correct range notations in MethodTypeDesc specification + JDK-8310844: [AArch64] C1 compilation fails because monitor offset in OSR buffer is too large for immediate + JDK-8310923: Refactor Currency tests to use JUnit + JDK-8311081: KeytoolReaderP12Test.java fail on localized Windows platform + JDK-8311160: [macOS, Accessibility] VoiceOver: No announcements on JRadioButtonMenuItem and JCheckBoxMenuItem + JDK-8311581: Remove obsolete code and comments in TestLVT.java + JDK-8311645: Memory leak in jspawnhelper spawnChild after JDK-8307990 + JDK-8311986: Disable runtime/os/TestTracePageSizes.java for ShenandoahGC + JDK-8312428: PKCS11 tests fail with NSS 3.91 + JDK-8312434: SPECjvm2008/xml.transform with CDS fails with 'can't seal package nu.xom' + JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074 + JDK-8313082: Enable CreateCoredumpOnCrash for testing in makefiles + JDK-8313206: PKCS11 tests silently skip execution + JDK-8313575: Refactor PKCS11Test tests + JDK-8313621: test/jdk/jdk/internal/math/FloatingDecimal/ /TestFloatingDecimal should use RandomFactory + JDK-8313643: Update HarfBuzz to 8.2.2 + JDK-8313816: Accessing jmethodID might lead to spurious crashes + JDK-8314164: java/net/HttpURLConnection/ /HttpURLConnectionExpectContinueTest.java fails intermittently in timeout + JDK-8314220: Configurable InlineCacheBuffer size + JDK-8314830: runtime/ErrorHandling/ tests ignore external VM flags + JDK-8315034: File.mkdirs() occasionally fails to create folders on Windows shared folder + JDK-8315042: NPE in PKCS7.parseOldSignedData + JDK-8315594: Open source few headless Swing misc tests + JDK-8315600: Open source few more headless Swing misc tests + JDK-8315602: Open source swing security manager test + JDK-8315611: Open source swing text/html and tree test + JDK-8315680: java/lang/ref/ReachabilityFenceTest.java should run with -Xbatch + JDK-8315731: Open source several Swing Text related tests + JDK-8315761: Open source few swing JList and JMenuBar tests + JDK-8315920: C2: 'control input must dominate current control' assert failure + JDK-8315986: [macos14] javax/swing/JMenuItem/4654927/ /bug4654927.java: component must be showing on the screen to determine its location + JDK-8316001: GC: Make TestArrayAllocatorMallocLimit use createTestJvm + JDK-8316028: Update FreeType to 2.13.2 + JDK-8316030: Update Libpng to 1.6.40 + JDK-8316106: Open source few swing JInternalFrame and JMenuBar tests + JDK-8316304: (fs) Add support for BasicFileAttributes .creationTime() for Linux + JDK-8316392: compiler/interpreter/ /TestVerifyStackAfterDeopt.java failed with SIGBUS in PcDescContainer::find_pc_desc_internal + JDK-8316414: C2: large byte array clone triggers 'failed: malformed control flow' assertion failure on linux-x86 + JDK-8316415: Parallelize sun/security/rsa/SignedObjectChain.java subtests + JDK-8316418: containers/docker/TestMemoryWithCgroupV1.java get OOM killed with Parallel GC + JDK-8316445: Mark com/sun/management/HotSpotDiagnosticMXBean/ /CheckOrigin.java as vm.flagless + JDK-8316679: C2 SuperWord: wrong result, load should not be moved before store if not comparable + JDK-8316693: Simplify at-requires checkDockerSupport() + JDK-8316929: Shenandoah: Shenandoah degenerated GC and full GC need to cleanup old OopMapCache entries + JDK-8316947: Write a test to check textArea triggers MouseEntered/MouseExited events properly + JDK-8317039: Enable specifying the JDK used to run jtreg + JDK-8317144: Exclude sun/security/pkcs11/sslecc/ /ClientJSSEServerJSSE.java on Linux ppc64le + JDK-8317307: test/jdk/com/sun/jndi/ldap/ /LdapPoolTimeoutTest.java fails with ConnectException: Connection timed out: no further information + JDK-8317603: Improve exception messages thrown by sun.nio.ch.Net native methods (win) + JDK-8317771: [macos14] Expand/collapse a JTree using keyboard freezes the application in macOS 14 Sonoma + JDK-8317807: JAVA_FLAGS removed from jtreg running in JDK-8317039 + JDK-8317960: [17u] Excessive CPU usage on AbstractQueuedSynchronized.isEnqueued + JDK-8318154: Improve stability of WheelModifier.java test + JDK-8318183: C2: VM may crash after hitting node limit + JDK-8318410: jdk/java/lang/instrument/BootClassPath/ /BootClassPathTest.sh fails on Japanese Windows + JDK-8318468: compiler/tiered/LevelTransitionTest.java fails with -XX:CompileThreshold=100 -XX:TieredStopAtLevel=1 + JDK-8318490: Increase timeout for JDK tests that are close to the limit when run with libgraal + JDK-8318603: Parallelize sun/java2d/marlin/ClipShapeTest.java + JDK-8318607: Enable parallelism in vmTestbase/nsk/stress/jni tests + JDK-8318608: Enable parallelism in vmTestbase/nsk/stress/threads tests + JDK-8318689: jtreg is confused when folder name is the same as the test name + JDK-8318736: com/sun/jdi/JdwpOnThrowTest.java failed with 'transport error 202: bind failed: Address already in use' + JDK-8318951: Additional negative value check in JPEG decoding + JDK-8318955: Add ReleaseIntArrayElements in Java_sun_awt_X11_XlibWrapper_SetBitmapShape XlbWrapper.c to early return + JDK-8318957: Enhance agentlib:jdwp help output by info about allow option + JDK-8318961: increase javacserver connection timeout values and max retry attempts + JDK-8318971: Better Error Handling for Jar Tool When Processing Non-existent Files + JDK-8318983: Fix comment typo in PKCS12Passwd.java + JDK-8319124: Update XML Security for Java to 3.0.3 + JDK-8319213: Compatibility.java reads both stdout and stderr of JdkUtils + JDK-8319436: Proxy.newProxyInstance throws NPE if loader is null and interface not visible from class loader + JDK-8319456: jdk/jfr/event/gc/collection/ /TestGCCauseWith[Serial|Parallel].java : GC cause 'GCLocker Initiated GC' not in the valid causes + JDK-8319668: Fixup of jar filename typo in BadFactoryTest.sh + JDK-8319922: libCreationTimeHelper.so fails to link in JDK 21 + JDK-8319961: JvmtiEnvBase doesn't zero _ext_event_callbacks + JDK-8320001: javac crashes while adding type annotations to the return type of a constructor + JDK-8320168: handle setsocktopt return values + JDK-8320208: Update Public Suffix List to b5bf572 + JDK-8320300: Adjust hs_err output in malloc/mmap error cases + JDK-8320363: ppc64 TypeEntries::type_unknown logic looks wrong, missed optimization opportunity + JDK-8320597: RSA signature verification fails on signed data that does not encode params correctly + JDK-8320798: Console read line with zero out should zero out underlying buffer + JDK-8320885: Bump update version for OpenJDK: jdk-17.0.11 + JDK-8320921: GHA: Parallelize hotspot_compiler test jobs + JDK-8320937: support latest VS2022 MSC_VER in abstract_vm_version.cpp + JDK-8321151: JDK-8294427 breaks Windows L&F on all older Windows versions + JDK-8321215: Incorrect x86 instruction encoding for VSIB addressing mode + JDK-8321408: Add Certainly roots R1 and E1 + JDK-8321480: ISO 4217 Amendment 176 Update + JDK-8321599: Data loss in AVX3 Base64 decoding + JDK-8321815: Shenandoah: gc state should be synchronized to java threads only once per safepoint + JDK-8321972: test runtime/Unsafe/InternalErrorTest.java timeout on linux-riscv64 platform + JDK-8322098: os::Linux::print_system_memory_info enhance the THP output with /sys/kernel/mm/transparent_hugepage/hpage_pmd_size + JDK-8322321: Add man page doc for -XX:+VerifySharedSpaces + JDK-8322417: Console read line with zero out should zero out when throwing exception + JDK-8322583: RISC-V: Enable fast class initialization checks + JDK-8322725: (tz) Update Timezone Data to 2023d + JDK-8322750: Test 'api/java_awt/interactive/ /SystemTrayTests.html' failed because A blue ball icon is added outside of the system tray + JDK-8322772: Clean up code after JDK-8322417 + JDK-8322783: prioritize /etc/os-release over /etc/SuSE-release in hs_err/info output + JDK-8322968: [17u] Amend Atomics gtest with 1-byte tests + JDK-8323008: filter out harmful -std* flags added by autoconf from CXX + JDK-8323021: Shenandoah: Encountered reference count always attributed to first worker thread + JDK-8323086: Shenandoah: Heap could be corrupted by oom during evacuation + JDK-8323243: JNI invocation of an abstract instance method corrupts the stack + JDK-8323331: fix typo hpage_pdm_size + JDK-8323428: Shenandoah: Unused memory in regions compacted during a full GC should be mangled + JDK-8323515: Create test alias 'all' for all test roots + JDK-8323637: Capture hotspot replay files in GHA + JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/platform/docker/TestDockerMemoryMetrics.java always fail because OOM killed + JDK-8323806: [17u] VS2017 build fails with warning after 8293117. + JDK-8324184: Windows VS2010 build failed with 'error C2275: 'int64_t'' + JDK-8324280: RISC-V: Incorrect implementation in VM_Version::parse_satp_mode + JDK-8324347: Enable 'maybe-uninitialized' warning for FreeType 2.13.1 + JDK-8324514: ClassLoaderData::print_on should print address of class loader + JDK-8324647: Invalid test group of lib-test after JDK-8323515 + JDK-8324659: GHA: Generic jtreg errors are not reported + JDK-8324937: GHA: Avoid multiple test suites per job + JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/ /AKISerialNumber.java is failing + JDK-8325150: (tz) Update Timezone Data to 2024a + JDK-8325585: Remove no longer necessary calls to set/unset-in-asgct flag in JDK 17 + JDK-8326000: Remove obsolete comments for class sun.security.ssl.SunJSSE + JDK-8327036: [macosx-aarch64] SIGBUS in MarkActivationClosure::do_code_blob reached from Unsafe_CopySwapMemory0 + JDK-8327391: Add SipHash attribution file + JDK-8329836: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.11 - Removed the possibility to use the system timezone-java (bsc#1213470). Low SUSE bug 1213470 SUSE bug 1222979 SUSE bug 1222983 SUSE bug 1222986 SUSE bug 1222987 CVE-2024-21011 at SUSE CVE-2024-21011 at NVD CVE-2024-21012 at SUSE CVE-2024-21012 at NVD CVE-2024-21068 at SUSE CVE-2024-21068 at NVD CVE-2024-21094 at SUSE CVE-2024-21094 at NVD cpe:/o:opensuse:leap:15.6 Security update for grafana and mybatis (Moderate) openSUSE Leap 15.6 This update for grafana and mybatis fixes the following issues: grafana was updated to version 9.5.18: - Grafana now requires Go 1.20 - Security issues fixed: * CVE-2024-1313: Require same organisation when deleting snapshots (bsc#1222155) * CVE-2023-6152: Add email verification when updating user email (bsc#1219912) - Other non-security related changes: * Version 9.5.17: + [FEATURE] Alerting: Backport use Alertmanager API v2 * Version 9.5.16: + [BUGFIX] Annotations: Split cleanup into separate queries and deletes to avoid deadlocks on MySQL * Version 9.5.15: + [FEATURE] Alerting: Attempt to retry retryable errors * Version 9.5.14: + [BUGFIX] Alerting: Fix state manager to not keep datasource_uid and ref_id labels in state after Error + [BUGFIX] Transformations: Config overrides being lost when config from query transform is applied + [BUGFIX] LDAP: Fix enable users on successfull login * Version 9.5.13: + [BUGFIX] BrowseDashboards: Only remember the most recent expanded folder + [BUGFIX] Licensing: Pass func to update env variables when starting plugin * Version 9.5.12: + [FEATURE] Azure: Add support for Workload Identity authentication * Version 9.5.9: + [FEATURE] SSE: Fix DSNode to not panic when response has empty response + [FEATURE] Prometheus: Handle the response with different field key order + [BUGFIX] LDAP: Fix user disabling mybatis: - `apache-commons-ognl` is now a non-optional dependency - Fixed building with log4j v1 and v2 dependencies Moderate SUSE bug 1219912 SUSE bug 1222155 CVE-2023-6152 at SUSE CVE-2023-6152 at NVD CVE-2024-1313 at SUSE CVE-2024-1313 at NVD cpe:/o:opensuse:leap:15.6 Security update for bouncycastle (Moderate) openSUSE Leap 15.6 This update for bouncycastle fixes the following issues: Update to version 1.78.1, including fixes for: - CVE-2024-30171: Fixed timing side-channel attacks against RSA decryption (both PKCS#1v1.5 and OAEP). (bsc#1223252) Moderate SUSE bug 1223252 CVE-2024-30171 at SUSE CVE-2024-30171 at NVD cpe:/o:opensuse:leap:15.6 Security update for rpm (Moderate) openSUSE Leap 15.6 This update for rpm fixes the following issues: Security fixes: - CVE-2021-3521: Fixed missing subkey binding signature checking (bsc#1191175) Other fixes: - accept more signature subpackets marked as critical (bsc#1218686) - backport limit support for the autopatch macro (bsc#1189495) Moderate SUSE bug 1189495 SUSE bug 1191175 SUSE bug 1218686 CVE-2021-3521 at SUSE CVE-2021-3521 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-pymongo (Important) openSUSE Leap 15.6 This update for python-pymongo fixes the following issues: - CVE-2024-21506: Fixed out-of-bounds read in the BSON module (bsc#1222492) Important SUSE bug 1222492 CVE-2024-21506 at SUSE CVE-2024-21506 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.22 (Moderate) openSUSE Leap 15.6 This update for go1.22 fixes the following issues: Update to go1.22.3: - CVE-2024-24787: cmd/go: arbitrary code execution during build on darwin (bsc#1224017) - CVE-2024-24788: net: high cpu usage in extractExtendedRCode (bsc#1224018) - cmd/compile: Go 1.22.x failed to be bootstrapped from 386 to ppc64le - cmd/compile: changing a hot concrete method to interface method triggers a PGO ICE - runtime: deterministic fallback hashes across process boundary - net/http: TestRequestLimit/h2 becomes significantly more expensive and slower after x/net@v0.23.0 Moderate SUSE bug 1218424 SUSE bug 1224017 SUSE bug 1224018 CVE-2024-24787 at SUSE CVE-2024-24787 at NVD CVE-2024-24788 at SUSE CVE-2024-24788 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.21 (Moderate) openSUSE Leap 15.6 This update for go1.21 fixes the following issues: Update to go1.21.10: - CVE-2024-24787: cmd/go: arbitrary code execution during build on darwin (bsc#1224017) - net/http: TestRequestLimit/h2 becomes significantly more expensive and slower after x/net@v0.23.0 Moderate SUSE bug 1212475 SUSE bug 1224017 CVE-2024-24787 at SUSE CVE-2024-24787 at NVD cpe:/o:opensuse:leap:15.6 Security update for ghostscript (Moderate) openSUSE Leap 15.6 This update for ghostscript fixes the following issues: - CVE-2023-52722: Do not allow eexec seeds other than the Type 1 standard while using SAFER mode (bsc#1223852). Moderate SUSE bug 1223852 CVE-2023-52722 at SUSE CVE-2023-52722 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Werkzeug (Important) openSUSE Leap 15.6 This update for python-Werkzeug fixes the following issues: - CVE-2024-34069: Fixed a remote code execution through debugger when interacting with attacker controlled domain (bsc#1223979). Important SUSE bug 1223979 CVE-2024-34069 at SUSE CVE-2024-34069 at NVD cpe:/o:opensuse:leap:15.6 Security update for ffmpeg (Important) openSUSE Leap 15.6 This update for ffmpeg fixes the following issues: - CVE-2023-50010: Fixed an arbitrary code execution via the set_encoder_id() (bsc#1223256). Important SUSE bug 1223256 CVE-2023-50010 at SUSE CVE-2023-50010 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Werkzeug (Important) openSUSE Leap 15.6 This update for python-Werkzeug fixes the following issues: - CVE-2024-34069: Fixed a remote code execution through debugger when interacting with attacker controlled domain (bsc#1223979). Important SUSE bug 1223979 CVE-2024-34069 at SUSE CVE-2024-34069 at NVD cpe:/o:opensuse:leap:15.6 Recommended update for google-cloud SDK (Moderate) openSUSE Leap 15.6 This update for google-cloud SDK fixes the following issues: - Add python311 cloud services packages and dependencies (jsc#PED-7987, jsc#PED-6697) - Bellow 5 binaries Obsolete the python3.6 counterpart: python311-google-resumable-media python311-google-api-core python311-google-cloud-storage python311-google-cloud-core python311-googleapis-common-protos - Regular python311 updates (without Obsoletes): python-google-auth python-grpcio python-sqlparse - New python311 packages: libcrc32c python-google-cloud-appengine-logging python-google-cloud-artifact-registry python-google-cloud-audit-log python-google-cloud-build python-google-cloud-compute python-google-cloud-dns python-google-cloud-domains python-google-cloud-iam python-google-cloud-kms-inventory python-google-cloud-kms python-google-cloud-logging python-google-cloud-run python-google-cloud-secret-manager python-google-cloud-service-directory python-google-cloud-spanner python-google-cloud-vpc-access python-google-crc32c python-grpc-google-iam-v1 python-grpcio-status python-proto-plus In python-sqlparse this security issue was fixed: CVE-2023-30608: Fixed parser that contained a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) (bsc#1210617) Moderate SUSE bug 1210617 CVE-2023-30608 at SUSE CVE-2023-30608 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-arcomplete, python-Fabric, python-PyGithub, python-antlr4-python3-runtime, python-avro, python-chardet, python-distro, python-docker, python-fakeredis, python-fixedint, python-httplib2, python-httpretty, python-javaproperties, python-jsondiff, python-knack, python-marshmallow, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-opentelemetry-sdk, python-opentelemetry-semantic-conventions, python-opentelemetry-test-utils, python-pycomposefile, python-pydash, python-redis, python-retrying, python-semver, python-sshtunnel, python-strictyaml, python-sure, python-vcrpy, python-xmltodict (Important) openSUSE Leap 15.6 This update for python-argcomplete, python-Fabric, python-PyGithub, python-antlr4-python3-runtime, python-avro, python-chardet, python-distro, python-docker, python-fakeredis, python-fixedint, python-httplib2, python-httpretty, python-javaproperties, python-jsondiff, python-knack, python-marshmallow, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-opentelemetry-sdk, python-opentelemetry-semantic-conventions, python-opentelemetry-test-utils, python-pycomposefile, python-pydash, python-redis, python-retrying, python-semver, python-sshtunnel, python-strictyaml, python-sure, python-vcrpy, python-xmltodict contains the following fixes: Changes in python-argcomplete - Update to 3.3.0 (bsc#1222880): * Preserve compatibility with argparse option tuples of length 4. This update is required to use argcomplete on Python 3.11.9+ or 3.12.3+. - update to 3.2.3: * Allow register-python-argcomplete output to be used as lazy-loaded zsh completion module (#475) - Move debug_stream initialization to helper method to allow fd 9 behavior to be overridden in subclasses (#471) - update to 3.2.2: * Expand tilde in zsh - Remove coverage check - Fix zsh test failures: avoid coloring terminal - update to 3.2.1: * Allow explicit zsh global completion activation (#467) * Fix and test global completion in zsh (#463, #466) * Add –yes option to activate-global-python-argcomplete (#461) * Test suite improvements - drop without_zsh.patch: obsolete - update to 3.1.6: * Respect user choice in activate-global-python-argcomplete * Escape colon in zsh completions. Fixes #456 * Call \_default as a fallback in zsh global completion - update to 3.1.4: * Call \_default as a fallback in zsh global completion * zsh: Allow to use external script (#453) * Add support for Python 3.12 and drop EOL 3.6 and 3.7 (#449) * Use homebrew prefix by default * zsh: Allow to use external script (#453) Changes in python-Fabric: - Update to 3.2.2 - add fix-test-deps.patch to remove vendored dependencies *[Bug]: fabric.runners.Remote failed to properly deregister its SIGWINCH signal handler on shutdown; in rare situations this could cause tracebacks when the Python process receives SIGWINCH while no remote session is active. This has been fixed. * [Bug] #2204: The signal handling functionality added in Fabric 2.6 caused unrecoverable tracebacks when invoked from inside a thread (such as the use of fabric.group.ThreadingGroup) under certain interpreter versions. This has been fixed by simply refusing to register signal handlers when not in the main thread. Thanks to Francesco Giordano and others for the reports. * [Bug]: Neglected to actually add deprecated to our runtime dependency specification (it was still in our development dependencies). This has been fixed. * [Feature]: Enhanced fabric.testing in ways large and small: Backwards-compatibly merged the functionality of MockSFTP into MockRemote (may be opted-into by instantiating the latter with enable_sftp=True) so you can mock out both SSH and SFTP functionality in the same test, which was previously impossible. It also means you can use this in a Pytest autouse fixture to prevent any tests from accidentally hitting the network! A new pytest fixture, remote_with_sftp, has been added which leverages the previous bullet point (an all-in-one fixture suitable for, eg, preventing any incidental ssh/sftp attempts during test execution). A pile of documentation and test enhancements (yes, testing our testing helpers is a thing). * [Support]: Added a new runtime dependency on the Deprecated library. * [Support]: Language update: applied s/sanity/safety/g to the codebase (with the few actual API members using the term now marked deprecated & new ones added in the meantime, mostly in fabric.testing). * [Feature]: Add a new CLI flag to fab, fab --list-agent-keys, which will attempt to connect to your local SSH agent and print a key list, similarly to ssh-add -l. This is mostly useful for expectations-checking Fabric and Paramiko’s agent functionality, or for situations where you might not have ssh-add handy. * [Feature]: Implement opt-in support for Paramiko 3.2’s AuthStrategy machinery, as follows: Added a new module and class, fabric.auth.OpenSSHAuthStrategy, which leverages aforementioned new Paramiko functionality to marry loaded SSH config files with Fabric-level and runtime-level parameters, arriving at what should be OpenSSH-client-compatible authentication behavior. See its API docs for details. Added new configuration settings: authentication.strategy_class, which defaults to None, but can be set to OpenSSHAuthStrategy to opt-in to the new behavior. authentication.identities, which defaults to the empty list, and can be a list of private key paths for use by the new strategy class. * [Bug] #2263: Explicitly add our dependency on decorator to setup.py instead of using Invoke’s old, now removed, vendored copy of same. This allows Fabric to happily use Invoke 2.1 and above - Update to 3.0.1 * [Bug] #2241: A typo prevented Fabric’s command runner from properly calling its superclass stop() method, which in tandem with a related Invoke bug meant messy or long shutdowns in many scenarios. - Changes from 3.0.0 * [Feature]: Change the default configuration value for inline_ssh_env from False to True, to better align with the practicalities of common SSH server configurations. - Warning This change is backwards incompatible if you were using environment-variable-setting kwargs or config settings, such as Connection.run(command, env={'SOME': 'ENV VARS'}), and were not already explicitly specifying the value of inline_ssh_env. * [Bug] #1981: (fixed in #2195) Automatically close any open SFTP session during fabric.connection.Connection.close; this avoids issues encountered upon re-opening a previously-closed connection object. * [Support]: Drop support for Python <3.6, including Python 2. - Warning This is a backwards incompatible change if you are not yet on Python 3.6 or above; however, pip shouldn’t offer you this version of Fabric as long as your pip version understands python_requires metadata. - Drop remove-mock.patch because now in upstream. - Drop remove-pathlib2.patch because now in upstream. - Add %{?sle15_python_module_pythons} - Remove conditional definition of python_module. - Add patch remove-pathlib2.patch: * Drop install_requires on pathlib2. - Update to 2.7.1: * [Bug] #1924: (also #2007) Overhaul behavior and testing re: merging together different sources for the key_filename parameter in Connection.connect_kwargs. This fixes a number of type-related errors (string objects have no extend attribute, cannot add lists to strings, etc). - Update to 2.7.0: * Add ~fabric.connection.Connection.shell, a belated port of the v1 open_shell() feature. * Forward local terminal resizes to the remote end, when applicable. (For the technical: this means we now turn SIGWINCH into SSH window-change messages.) * Update ~fabric.connection.Connection temporarily so that it doesn't incidentally apply replace_env=True to local shell commands, only remote ones. - Add patch remove-mock.patch: * Use unittest.mock, instead of mock - pytest-relaxed now supports pytest 6, so test on all python versions. - Don't test on python310 -- gh#bitprophet/pytest-relaxed#12 (This is mainly required by azure-cli in the primary python3 flavor) - Update to 2.6.0: * [Feature] #1999: Add sudo support to Group. Thanks to Bonnie Hardin for the report and to Winston Nolan for an early patchset. * [Feature] #1810: Add put/get support to Group. * [Feature] #1868: Ported a feature from v1: interpolating the local path argument in Transfer.get with connection and remote filepath attributes. For example, cxn.get(remote='/var/log/foo.log', local='{host}/') is now feasible for storing a file in per-host-named directories or files, and in fact Group.get does this by default. * [Feature]: When the local path argument to Transfer.get contains nonexistent directories, they are now created instead of raising an error. Warning: This change introduces a new runtime dependency: pathlib2. * [Bug]: Fix a handful of issues in the handling and mocking of SFTP local paths and os.path members within fabric.testing; this should remove some occasional “useless Mocks” as well as hewing closer to the real behavior of things like os.path.abspath re: path normalization. - Update Requires from setup.py Changes in python-PyGithub: - Switch package to modern Python Stack on SLE-15 + Add %{?sle15_python_module_pythons} + Drop %{?!python_module:%define python_module() python-%{**} python3-%{**}} + Drop %define skip_python2 1 - Update to 1.57 Breaking Changes * Add support for Python 3.11, drop support for Python 3.6 (#2332) (1e2f10d) Bug Fixes & Improvements * Speed up get requested reviewers and teams for pr (#2349) (6725ece) * [WorkflowRun] - Add missing attributes (run_started_at & run_attempt), remove deprecated unicode type (#2273) (3a6235b) * Add support for repository autolink references (#2016) (0fadd6b) * Add retry and pool_size to typing (#2151) (784a3ef) * Fix/types for repo topic team (#2341) (db9337a) * Add class Artifact (#2313) (#2319) (437ff84) - Update to 1.56 This is the last release that will support Python 3.6. *Bug Fixes & Improvements Create repo from template (#2090) (b50283a) Improve signature of Repository.create_repo (#2118) (001970d) Add support for 'visibility' attribute preview for Repositories (#1872) (8d1397a) Add Repository.rename_branch method (#2089) (6452ddf) Add function to delete pending reviews on a pull request (#1897) (c8a945b) Cover all code paths in search_commits (#2087) (f1faf94) Correctly deal when PaginatedList's data is a dict (#2084) (93b92cd) Add two_factor_authentication in AuthenticatedUser. (#1972) (4f00cbf) Add ProjectCard.edit() to the type stub (#2080) (d417e4c) Add method to delete Workflow runs (#2078) (b1c8eec) Implement organization.cancel_invitation() (#2072) (53fb498) Feat: Add html_url property in Team Class. (#1983) (6570892) Add support for Python 3.10 (#2073) (aa694f8) Add github actions secrets to org (#2006) (bc5e595) Correct replay for Organization.create_project() test (#2075) (fcc1236) Fix install command example (#2043) (99e00a2) Fix: #1671 Convert Python Bool to API Parameter for Authenticated User Notifications (#2001) (1da600a) Do not transform requestHeaders when logging (#1965) (1265747) Add type to OrderedDict (#1954) (ed7d0fe) Add Commit.get_pulls() to pyi (#1958) (b466470) Adding headers in GithubException is a breaking change (#1931) (d1644e3) - Update to 1.55: * Remove client_id/client_secret authentication (#1888) (901af8c8) * Adjust to Github API changes regarding emails (#1890) (2c77cfad) + This impacts what AuthenticatedUser.get_emails() returns * Export headers in GithubException (#1887) (ddd437a7) * Do not import from unpackaged paths in typing (#1926) (27ba7838) * Implement hash for CompletableGithubObject (#1922) (4faff23c) * Use right variable in both get_check_runs() (#1889) (3003e065) * fix bad assertions in github.Project.edit (#1817) (6bae9e5c) * Add support for deleting repository secrets (#1868) (696793de) * Adding github actions secrets (#1681) (c90c050e) * Drop support for Python 3.5 (#1770) (63e4fae9) * Fix stubs file for Repository (fab682a5) * The Github.get_installation(integer) method has been removed. * Repository.create_deployment()'s payload parameter is now a dictionary. * Add support for Check Suites (#1764) (6d501b28) * Add missing preview features of Deployment and Deployment Statuses API * Add Support for Check Runs (#1727) (c77c0676) * Add WorkflowRun.workflow_id (#1737) (78a29a7c) * Added support for the Self-Hosted actions runners API (#1684) (24251f4b) * Fix Branch protection status in the examples (#1729) (88800844) * Filter the DeprecationWarning in Team tests (#1728) (23f47539) * Added get_installations() to Organizations (#1695) (b42fb244) * Fix #1507: Add new Teams: Add or update team repository endpoint * Added support for `Repository.get_workflow_runs` parameters * feat(pullrequest): add the rebaseable attribute (#1690) (ee4c7a7e) * Add support for deleting reactions (#1708) (f7d203c0) * Add get_timeline() to Issue's type stubs (#1663) (6bc9ecc8) - Update to 1.53: * Add method get_team_membership for user to Team (#1658) (749e8d35) * PaginatedList's totalCount is 0 if no last page (#1641) (69b37b4a) * Add initial support for Github Apps. (#1631) (260558c1) * Add delete_branch_on_merge arg to Repository.edit type stub (#1639) (15b5ae0c) * upload_asset with data in memory (#1601) (a7786393) * Make Issue.closed_by nullable (#1629) (06dae387) * Add support for workflow dispatch event (#1625) (16850ef1) * Do not check reaction_type before sending (#1592) (136a3e80) * more flexible header splitting (#1616) (85e71361) * Add support for deployment statuses (#1588) (048c8a1d) * Adds the 'twitter_username' attribute to NamedUser. (#1585) (079f75a7) * Add support for Workflow Runs (#1583) (4fb1d23f) * Small documentation correction in Repository.py (#1565) (f0f6ec83) * Remove 'api_preview' parameter from type stubs and docstrings (#1559) (cc1b884c) * Repository.update_file() content also accepts bytes (#1543) (9fb8588b) * Fix Repository.get_issues stub (#1540) (b40b75f8) * Check all arguments of NamedUser.get_repos() (#1532) (69bfc325) * Remove RateLimit.rate (#1529) (7abf6004) * PullRequestReview is not a completable object (#1528) (19fc43ab) * Remove pointless setters in GitReleaseAsset (#1527) (1dd1cf9c) * Drop some unimplemented methods in GitRef (#1525) (d4b61311) * Fixed formatting of docstrings for `Repository.create_git_tag_and_release()` and `StatsPunchCard`. (#1520) (ce400bc7) * Remove Repository.topics (#1505) (53d58d2b) * Correct Repository.get_workflows() (#1518) (8727003f) * correct Repository.stargazers_count return type to int (#1513) (b5737d41) * Raise a FutureWarning on use of client_{id,secret} (#1506) (2475fa66) * Improve type signature for create_from_raw_data (#1503) (c7b5eff0) * feat(column): move, edit and delete project columns (#1497) (a32a8965) * Add support for Workflows (#1496) (a1ed7c0e) * Add OAuth support for GitHub applications (4b437110) * Create AccessToken entity (4a6468aa) * Extend installation attributes (61808da1) - Update to 1.51 + New features * PyGithub now supports type checking * Ability to retrieve public events * Add and handle the maintainer_can_modify attribute in PullRequest * List matching references * Add create_repository_dispatch * Add some Organization and Repository attributes. * Add create project method + Bug Fixes & Improvements * Drop use of shadow-cat for draft PRs * AuthenticatedUser.get_organization_membership() should be str * Drop documentation for len() of PaginatedList * Fix param name of projectcard's move function * Correct typos found with codespell * Export IncompletableObject in the github namespace * Add GitHub Action workflow for checks * Drop unneeded ignore rule for flake8 * Use pytest to parametrize tests * Type stubs are now packaged with the build * Get the project column by id - Drop parametrized and pytest-cov from BuildRequires. - Update to 1.47 + Bug Fixes & Improvements * Add support to edit and delete a project (#1434) (f11f739) * Add method for fetching pull requests associated with a commit (#1433) (0c55381) * Add 'get_repo_permission' to Team class (#1416) (219bde5) * Add list projects support, update tests (#1431) (e44d11d) * Don't transform completely in PullRequest.*assignees (#1428) (b1c3549) * Add create_project support, add tests (#1429) (bf62f75) * Add draft attribute, update test (bd28524) * Docstring for Repository.create_git_tag_and_release (#1425) (bfeacde) * Create a tox docs environment (#1426) (b30c09a) * Add Deployments API (#1424) (3d93ee1) * Add support for editing project cards (#1418) (425280c) * Add draft flag parameter, update tests (bd0211e) * Switch to using pytest (#1423) (c822dd1) * Fix GitMembership with a hammer (#1420) (f2939eb) * Add support to reply to a Pull request comment (#1374) (1c82573) * PullRequest.update_branch(): allow expected_head_sha to be empty (#1412) (806130e) * Implement ProjectCard.delete() (#1417) (aeb27b7) * Add pre-commit plugin for black/isort/flake8 (#1398) (08b1c47) * Add tox (#1388) (125536f) * Open file in text mode in scripts/add_attribute.py (#1396) (0396a49) * Silence most ResourceWarnings (#1393) (dd31a70) * Assert more attributes in Membership (#1391) (d6dee01) * Assert on changed Repository attributes (#1390) (6e3ceb1) * Add reset to the repr for Rate (#1389) (0829af8) - Update to 1.46 + Bug Fixes & Improvements * Add repo edit support for delete_branch_on_merge * Fix mistake in Repository.create_fork() * Correct two attributes in Invitation * Search repo issues by string label * Correct Repository.create_git_tag_and_release() * exposed seats and filled_seats for Github Organization Plan * Repository.create_project() body is optional * Implement move action for ProjectCard * Tidy up ProjectCard.get_content() * Added nested teams and parent * Correct parameter for Label.edit * doc: example of Pull Request creation * Fix PyPI wheel deployment - No longer build Python 2 package - Drop BuildRequires on mock, no longer required - Drop no-hardcoded-dep.patch, no longer required - Update to 1.45: + Breaking Changes * Branch.edit_{user,team}_push_restrictions() have been removed The new API is: Branch.add_{user,team}_push_restrictions() to add new members Branch.replace_{user,team}_push_restrictions() to replace all members Branch.remove_{user,team}_push_restrictions() to remove members * The api_preview parameter to Github() has been removed. + Bug Fixes & Improvements * Allow sha=None for InputGitTreeElement * Support github timeline events. * Add support for update branch * Refactor Logging tests * Fix rtd build * Apply black to whole codebase * Fix class used returning pull request comments * Support for create_fork * Use Repository.get_contents() in tests * Allow GithubObject.update() to be passed headers * Correct URL for assignees on PRs * Use inclusive ordered comparison for 'parameterized' requirement * Deprecate Repository.get_dir_contents() * Apply some polish to manage.sh - Refresh no-hardcoded-dep.patch - Add patch to not pull in hardcoded dependencies: * no-hardcoded-dep.patch - Update to 1.44.1: * Too many changes to enumerate. - Drop PyGithub-drop-network-tests.patch, the test in question no longer requires network access. - Drop fix-httpretty-dep.patch, the httpretty requirement has been relaxed upstream. - Use %python_expand to run the test suite, it works fine on Python 3 now. - Add mock and parameterized to BuildRequires, the test suite requires them. - Update to 1.43.8: * Add two factor attributes on organizations (#1132) (a073168) * Add Repository methods for pending invitations (#1159) (57af1e0) * Adds get_issue_events to PullRequest object (#1154) (acd515a) * Add invitee and inviter to Invitation (#1156) (0f2beac) * Adding support for pending team invitations (#993) (edab176) * Add support for custom base_url in GithubIntegration class (#1093) (6cd0d64) * GithubIntegration: enable getting installation (#1135) (1818704) * Add sorting capability to Organization.get_repos() (#1139) (ef6f009) * Add new Organization.get_team_by_slug method (#1144) (4349bca) * Add description field when creating a new team (#1125) (4a37860) * Handle a path of / in Repository.get_contents() (#1070) (102c820) * Add issue lock/unlock (#1107) (ec7bbcf) * Fix bug in recursive repository contents example (#1166) (8b6b450) * Allow name to be specified for upload_asset (#1151) (8d2a6b5) * Fixes #1106 for GitHub Enterprise API (#1110) (5406579) - Update to 1.43.7: * Exclude tests from PyPI distribution (#1031) (78d283b9) * Add codecov badge (#1090) (4c0b54c0) - Update to 1.43.6: * New features o Add support for Python 3.7 (#1028) (6faa00ac) o Adding HTTP retry functionality via urllib3 (#1002) (5ae7af55) o Add new dismiss() method on PullRequestReview (#1053) (8ef71b1b) o Add since and before to get_notifications (#1074) (7ee6c417) o Add url parameter to include anonymous contributors in get_contributors (#1075) (293846be) o Provide option to extend expiration of jwt token (#1068) (86a9d8e9) * Bug Fixes & Improvements o Fix the default parameter for PullRequest.create_review (#1058) (118def30) o Fix get_access_token (#1042) (6a89eb64) o Fix Organization.add_to_members role passing (#1039) (480f91cf) * Deprecation o Remove Status API (6efd6318) - Add patch fix-httpretty-dep.patch Changes in python-antlr4-python3-runtime: - Switch package to modern Python Stack on SLE-15 + Add %{?sle15_python_module_pythons} + Drop %{?!python_module:%define python_module() python-%{**} python3-%{**}} + Drop %define skip_python2 1 + Drop support for older Python 3.x versions - fix build for python 3.12 - require setuptools - Update to version 4.13.1 csharp target * [CSharp] Fix for #4386 -- change signatures for ReportAttemptingFullContext() and ReportContextSensitivity() to be identical to all other targets (target:csharp, type:cleanup) go target * Move GetText(), SetText(), and String() from CommonToken to BaseToken (target:go, type:cleanup) * Restore 'Obtained from string' source name. (target:go, type:cleanup) * fix: Fix very minor code issues spotted by goreportcard.com (target:go, type:cleanup) java target * Java: suppress this-escape warning introduced in JDK 21. (actions, target:java) javascript target * Adds default targets for babel configuration (target:javascript) * fix dependabot warnings (target:javascript, type:cleanup) swift target * [SWIFT] Add Antlr4Dynamic product (target:swift) * Cleanup duplicate SwiftTarget code (target:swift, type:cleanup) dart target * [Dart] Fix for #4320--export additional types (type:bug, target:dart) - from version 4.13.0 Issues fixed * antlr4 jar doubled in size in 4.9.3 (unicode, comp:performance) * Go: exponentially bad/absymal performance as of ... (type:bug, target:go) * Go runtime panic (type:bug, target:go) Improvements, features * Update LexerATNSimulator.cs with virtual Consume (type:improvement, target:csharp) * Feature/fixembedding (type:improvement, target:go, comp:performance) * Provide Javascript port of TokenStreamRewriter (type:feature, target:javascript, target:typescript) - from version 4.12.0 Issues fixed * github actions now fail for python2 and ubuntu clang and ubuntu swift (comp:runtime, comp:build, comp:testing) * js mergeArrays output differs from java (atn-analysis, target:javascript) * C++ target fails Performance/DropLoopEntryBranchInLRRule_4.txt (atn-analysis, type:bug, target:cpp) * Wrong grammarFileName in generated code (code-gen, type:bug) * C++ crashes on new test ParserExec/ListLabelsOnRuleRefStartOfAlt.txt (atn-analysis, type:bug, target:cpp) * [JavaScript runtime] Bad field name, bad comments (type:bug) Improvements, features * Fully qualify std::move invocations to fix -Wunqualified-std-cast-call (type:improvement, target:cpp) * Extract FileUtils updates by @ericvergnaud (type:improvement, cross-platform-issue, comp:testing) * Extract unit test updates by @ericvergnaud needed for TypeScript (type:improvement, comp:testing) * [Go target] Fix for #3926: Add accessors for tree navigation to interfaces in generated parser (trees-contexts, code-gen, type:improvement, target:go) * GitHub Workflows security hardening (actions, type:improvement, comp:testing) - from version 4.11.1 * Just fixes 4.11.0 release issue. I forgot to change runtime tool version so it didn't say SNAPSHOT. - from version 4.11.0 Issues fixed * Disable failing CI tests in master (comp:build, comp:testing) * Create accessor for Go-based IntervalSet.intervals (target:go) * Grammar Name Conflict Golang with SPARQL issue (target:go, type:cleanup) * Dependency declaration error in ANTLR 4.10.1 (comp:build) * Drop old version of Visual Studio C++ (2013, 2015, 2017) (comp:build, target:cpp) * Circular grammar inclusion causes stack overflow in the tool. (comp:tool, type:bug) * Cpp, Go, JavaScript, Python2/3: Template rendering error. (code-gen, comp:runtime, target:java, target:javascript, target:python2, target:python3, target:go) Improvements, features * Augment error message during testing to include full cause of problem. (type:improvement, comp:testing) * Include swift & tool verification in CI workflow (type:improvement, comp:build, cross-platform-issue, target:swift) * Issue #3783: CI Check Builds (type:improvement, comp:build, cross-platform-issue, comp:testing) * Parallel lock free testing, remove potential deadlocks, cache static data, go to descriptor via test (comp:runtime, type:improvement, comp:testing) * update getting-started doc (type:improvement, comp:doc) * Getting Started has error (type:improvement, comp:doc) * new nuget directory for building ANTLR4 C++ runtime as 3 Nuget packages (type:improvement, comp:build, target:cpp) * Add interp tool like TestRig (comp:tool, type:feature) * Issue 3720: Java 2 Security issue (type:improvement, target:java) * Cpp: Disable warnings for external project (type:bug, type:improvement, target:cpp) * Fix Docker README for arm OS user (type:improvement, comp:doc) - from version 4.10.1 * [C++] Remove reference to antlrcpp:s2ws * Update publishing instruction for Dart - from version 4.10.0 Issues fixed * C++ runtime: Version identifier macro ? (target:cpp, type:cleanup) * Generating XPath lexer/parser (actions, type:bug) * do we need this C++ ATN serialization? (target:cpp, type:cleanup) * Incorrect type of token with number 0xFFFF because of incorrect ATN serialization (atn-analysis, type:bug) * Clean up ATN serialization: rm UUID and shifting by value of 2 (atn-analysis, type:cleanup) * The parseFile method of the InterpreterDataReader class is missing code: 'line = br.readLine();' (type:bug, target:java) * antlr.runtime.standard 4.9.3 invalid strong name. (type:bug, comp:build, target:csharp) * Serialized ATN data element 810567 element 11 out of range 0..65535 (atn-analysis, type:cleanup) * Go target, unable to check when custom error strategy is in recovery mode (target:go) * Escape issue for characeters (grammars, type:bug) * antlr4 java.lang.NullPointerException Antlr 4 4.8 (grammars, comp:tool, type:bug) * UnsupportedOperationException while generating code for large grammars. (atn-analysis, type:cleanup) * Add a more understandable message than 'Serialized ATN data element .... element ... out of range 0..65535' (atn-analysis, type:cleanup) * avoid java.lang.StackOverflowError (lexers, error-handling) * Getting this error: Exception in thread 'main' java.lang.UnsupportedOperationException: Serialized ATN data element out of range (atn-analysis, type:cleanup) Improvements, features * Updated getting started with Cpp documentation. (type:improvement, comp:doc) * Escape bad words during grammar generation (code-gen, type:improvement) * Implement caseInsensitive option (lexers, options, type:improvement) * Some tool bugfixes (error-handling, comp:tool, type:improvement, type:cleanup) - Run testsuite using the tests/run.py script instead of %pyunittest - Switch build systemd from setuptools to pyproject.toml - Update BuildRequires from pyproject.toml - Update filename pattern in %files section - Update to version 4.9.3 Issues fixed * Swift Target Crashes with Multi-Threading * JavaScript Runtime bug * Go target, cannot use superClass for the lexer grammar! * Python runtime is inconsistent with Java * FunctionDef source extract using getText() * Provide .NET Framework target in the csharp nuget package * Go target for Antlr tool, type ',int8' => 'int8' * Flutter/Dart web support * Allow Antlr Javascript runtime to be loaded into Kindle Touch * Fix Go test suite * Weird error Improvements, features * [C++] Use faster alternative to dynamic_cast when not testing inherit * Stackoverflow after upgrading from 4.6 to 4.7 - from version 4.9.2 Issues fixed * CSharp and Java produce different results for identical input, identical tokens Improvements, features * Moved away from travis-ci.com - Source upstream tarball from Github since PyPi tarball no longer ships testsuite - Update to version 4.9.1. * Improve python3 performance by adding slots * Fix incorrect python token string templates - Add testing. - Skip python2 because this is for python3. - Use python_alternative Changes in python-avro: - Switch package to modern Python Stack on SLE-15 + Add %{?sle15_python_module_pythons} + Drop %define skip_python2 1 - Update to version 1.11.3: + See jira board for all the fixes addressed in this release: https://issues.apache.org/jira/browse/AVRO-3855?jql=project%3DAVRO%20AND%20fixVersion%3D1.11.3 - Drop py311.patch: fixed upstream. - Add py311.patch to make tests compatible with python 3.11 gh#apache/avro#1961 - Update to 1.11.1 (from GitHub release notes): - Avro specification - Clarify which names are allowed to be qualified with namespaces - Inconsistent behaviour on types as invalid names - Clarify how fullnames are created, with example - IDL: add syntax to create optional fields - Improve docs for logical type annotation - Python - Scale assignment optimization - 'Scale' property from decimal object - Byte reading in avro.io does not assert bytes read - validate the default value of an enum field - Pass LogicalType to BytesDecimalSchema - Website - Website refactor - Document IDL support in IDEs Changes in python-chardet: - update to 5.2.0: * Adds support for running chardet CLI via `python -m chardet` Changes in python-distro: - Switch to autosetup macro. - update to 1.9.0: * Refactor distro.info() method to return an InfoDict [#360] * Ignore the file '/etc/board-release' [#353] * Ignore the file '/etc/ec2_version' [#359] * Test on modern versions of CPython and PyPy and macOS [#362] * Add support for ALT Linux Server 10.1 distribution [#354] * Add Debian Testing to the tests [#356] * Update archlinux resource for tests [#352] - Remove duplicate files calling %fdupes - add sle15_python_module_pythons - update to 1.8.0: * Lowered `LinuxDistribution._distro_release_info` method complexity [#327] * Added official support for Buildroot distribution [#329] * Added official support for Guix distribution [#330] * Added support for `/etc/debian_version` [#333] & [#349] * Fixed a typography in CONTRIBUTING.md [#340] * Improved README.md 'Usage' code block [#343] * Bumped black to v22.3.0 in pre-commit.ci configuration [#331] * Enabled GitHub Dependabot to keep GitHub Actions up to date [#335] - remove shebang from distro.py - update to version 1.7.0: - BACKWARD COMPATIBILITY: - Dropped support for EOL Pythons 2.7, 3.4 and 3.5 [[#281](https://github.com/python-distro/distro/pull/281)] - Dropped support for LSB and `uname` back-ends when `--root-dir` is specified [[#311](https://github.com/python-distro/distro/pull/311)] - Moved `distro.py` to `src/distro/distro.py` [[#315](https://github.com/python-distro/distro/pull/315)] - ENHANCEMENTS: - Documented that `distro.version()` can return an empty string on rolling releases [[#312](https://github.com/python-distro/distro/pull/312)] - Documented support for Python 3.10 [[#316](https://github.com/python-distro/distro/pull/316)] - Added official support for Rocky Linux distribution [[#318](https://github.com/python-distro/distro/pull/318)] - Added a shebang to `distro.py` to allow standalone execution [[#313](https://github.com/python-distro/distro/pull/313)] - Added support for AIX platforms [[#311](https://github.com/python-distro/distro/pull/311)] - Added compliance for PEP-561 [[#315](https://github.com/python-distro/distro/pull/315)] - BUG FIXES: - Fixed `include_uname` parameter oversight [[#305](https://github.com/python-distro/distro/pull/305)] - Fixed crash when `uname -rs` output is empty [[#304](https://github.com/python-distro/distro/pull/304)] - Fixed Amazon Linux identifier in `distro.id()` documentation [[#318](https://github.com/python-distro/distro/pull/318)] - Fixed OpenSuse >= 15 support [[#319](https://github.com/python-distro/distro/pull/319)] - Fixed encoding issues when opening distro release files [[#324](https://github.com/python-distro/distro/pull/324)] - Fixed `linux_distribution` regression introduced in [[#230](https://github.com/python-distro/distro/pull/230)] [[#325](https://github.com/python-distro/distro/pull/325)] - Tests: Set locale to UTF-8 to fix tests on Leap 15.3. - Expliciting setting of locale is not necessary anymore (gh#python-distro/distro#223). - Update to version 1.6.0 * Deprecated the distro.linux_distribution() function. Use distro.id(), distro.version() and distro.name() instead [#296] * Deprecated Python 2.7, 3.4 and 3.5 support. Further releases will only support Python 3.6+ * Added type hints to distro module [#269] * Added __version__ for checking distro version [#292] * Added support for arbitrary rootfs via the root_dir parameter [#247] * Added the --root-dir option to CLI [#161] * Added fallback to /usr/lib/os-release when /etc/os-release isn't available [#262] * Fixed subprocess.CalledProcessError when running lsb_release [#261] * Ignore /etc/iredmail-release file while parsing distribution [#268] * Use a binary file for /dev/null to avoid TextIOWrapper overhead [#271] - use %pytest macro - Enable tests properly (this is pytest, not unittest), Changes in python-docker: - update to 7.0.0: * Removed SSL version (`ssl_version`) and explicit hostname check (`assert_hostname`) options (#3185) * Python 3.7+ supports TLSv1.3 by default * Websocket support is no longer included by default (#3123) * Use `pip install docker[websockets]` to include `websocket- client` dependency * By default, `docker-py` hijacks the TCP connection and does not use Websockets * Websocket client is only required to use `attach_socket(container, ws=True)` * Python 3.7 no longer supported (reached end-of-life June 2023) (#3187) * Python 3.12 support (#3185) * Full `networking_config` support for `containers.create()` * Replaces `network_driver_opt` (added in 6.1.0) * Add `health()` property to container that returns status (e.g. `unhealthy`) * Add `pause` option to `container.commit()` (#3159) * Add support for bind mount propagation (e.g. `rshared`, `private`) * Add support for `filters`, `keep_storage`, and `all` in `prune_builds()` on API v1.39+ (#3192) * Consistently return `docker.errors.NotFound` on 404 responses * Validate tag format before push (#3191) - update to 6.1.3: * Bugfixes - Fix eventlet compatibility (#3132) - update to 6.1.2: * Bugfixes - Fix for socket timeouts on long docker exec calls (#3125) - Respect timeout param on Windows (#3112) - update to 6.1.1: * Upgrade Notes (6.1.x) - Errors are no longer returned during client initialization if the credential helper cannot be found. A warning will be emitted instead, and an error is returned if the credential helper is used. * Bugfixes - Fix containers.stats() hanging with stream=True - Correct return type in docs for containers.diff() method - update to 6.1.0: * Upgrade Notes - Errors are no longer returned during client initialization if the credential helper cannot be found. A warning will be emitted instead, and an error is returned if the credential helper is used. * Features - Python 3.11 support - Use poll() instead of select() on non-Windows platforms - New API fields - network_driver_opt on container run / create - one-shot on container stats - status on services list * Bugfixes - Support for requests 2.29.0+ and urllib3 2.x - Do not strip characters from volume names - Fix connection leak on container.exec_* operations - Fix errors closing named pipes on Windows - update to 6.0.1: * Notice This version is not compatible with requests 2.29+ or urllib3 2.x. Either add requests < 2.29 and urllib3 < 2 to your requirements or upgrade to to the latest docker-py release. * Bugfixes - Fix for The pipe has been ended errors on Windows (#3056) - Support floats for timestamps in Docker logs (since / until) (#3031) - update to 6.0.0: * Upgrade Notes - Minimum supported Python version is 3.7+ - When installing with pip, the docker[tls] extra is deprecated and a no-op, use docker for same functionality (TLS support is always available now) - Native Python SSH client (used by default / use_ssh_client=False) will now - reject unknown host keys with paramiko.ssh_exception.SSHException - Short IDs are now 12 characters instead of 10 characters (same as Docker CLI) - Version metadata is now exposed as __version__ * Features - Python 3.10 support - Automatically negotiate most secure TLS version - Add platform (e.g. linux/amd64, darwin/arm64) to container create & run - Add support for GlobalJob and ReplicatedJobs for Swarm - Add remove() method on Image - Add force param to disable() on Plugin * Bugfixes - Fix install issues on Windows related to pywin32 - Do not accept unknown SSH host keys in native Python SSH mode - Use 12 character short IDs for consistency with Docker CLI - Ignore trailing whitespace in .dockerignore files - Fix IPv6 host parsing when explicit port specified - Fix ProxyCommand option for SSH connections - Do not spawn extra subshell when launching external SSH client - Improve exception semantics to preserve context - Documentation improvements (formatting, examples, typos, missing params) * Miscellaneous - Upgrade dependencies in requirements.txt to latest versions - Remove extraneous transitive dependencies - Eliminate usages of deprecated functions/methods - Test suite reliability improvements - GitHub Actions workflows for linting, unit tests, integration tests, and publishing releases - add sle15_python_module_pythons - python-six is not required as well - python-mock actually not required for build - update to 5.0.3: * Add cap_add and cap_drop parameters to service create and ContainerSpec * Add templating parameter to config create * Bump urllib3 to 1.26.5 * Bump requests to 2.26.0 * Remove support for Python 2.7 * Make Python 3.6 the minimum version supported - Update to 4.4.4 From project changelog: 4.4.4 Bugfixes Remove LD_LIBRARY_PATH and SSL_CERT_FILE environment variables when shelling out to the ssh client 4.4.3 Features Add support for docker.types.Placement.MaxReplicas Bugfixes Fix SSH port parsing when shelling out to the ssh client 4.4.2 Bugfixes Fix SSH connection bug where the hostname was incorrectly trimmed and the error was hidden Fix docs example Miscellaneous Add Python3.8 and 3.9 in setup.py classifier list 4.4.1 Bugfixes Avoid setting unsuported parameter for subprocess.Popen on Windows Replace use of deprecated 'filter' argument on ''docker/api/image' - update to 4.4.0: - Add an alternative SSH connection to the paramiko one, based on shelling out to the SSh client. Similar to the behaviour of Docker cli - Default image tag to `latest` on `pull` - Fix plugin model upgrade - Fix examples URL in ulimits - Improve exception messages for server and client errors - Bump cryptography from 2.3 to 3.2 - Set default API version to `auto` - Fix conversion to bytes for `float` - Support OpenSSH `identityfile` option - Add `DeviceRequest` type to expose host resources such as GPUs - Add support for `DriverOpts` in EndpointConfig - Disable compression by default when using container.get_archive method - Update default API version to v1.39 - Update test engine version to 19.03.12 - update to 4.2.2: - Fix context load for non-docker endpoints - update to 4.2.1: - Add option on when to use `tls` on Context constructor - Make context orchestrator field optional - Bump required version of pycreds to 0.4.0 (sync with requirements.txt) - update to 3.7.0 (mandatory for latest docker-compose) - add python-dockerpycreds dependency in the spec file rebase hide_py_pckgmgmt.patch Changes in python-fakeredis: - update to 2.21.0: * Implement all TOP-K commands (`TOPK.INFO`, `TOPK.LIST`, `TOPK.RESERVE`, * `TOPK.ADD`, `TOPK.COUNT`, `TOPK.QUERY`, `TOPK.INCRBY`) #278 * Implement all cuckoo filter commands #276 * Implement all Count-Min Sketch commands #277 * Fix XREAD blocking bug #274 #275 * EXAT option does not work #279 - update to 2.20.1: * Fix `XREAD` bug #256 * Testing for python 3.12 - update to 2.20.0: * Implement `BITFIELD` command #247 * Implement `COMMAND`, `COMMAND INFO`, `COMMAND COUNT` #248 - Remove unnecessary BR on python-lupa - update to 2.19.0: * Implement Bloom filters commands #239 * Fix error on blocking XREADGROUP #237 - update to 2.18.1: * Fix stream type issue #233 - update to 2.18.0: * Implement `PUBSUB NUMPAT` #195, `SSUBSCRIBE` #199, `SPUBLISH` #198, `SUNSUBSCRIBE` #200, `PUBSUB SHARDCHANNELS` #196, `PUBSUB SHARDNUMSUB` #197 * Fix All aio.FakeRedis instances share the same server #218 - update to 2.17.0: * Implement `LPOS` #207, `LMPOP` #184, and `BLMPOP` #183 * Implement `ZMPOP` #191, `BZMPOP` #186 * Fix incorrect error msg for group not found #210 * fix: use same server_key within pipeline when issued watch issue with ZRANGE and ZRANGESTORE with BYLEX #214 * Implemented support for `JSON.MSET` #174, `JSON.MERGE` #181 * Add support for version for async FakeRedis #205 * Updated how to test django_rq #204 - update to 2.15.0: * Implemented support for various stream groups commands: * `XGROUP CREATE` #161, `XGROUP DESTROY` #164, `XGROUP SETID` #165, `XGROUP DELCONSUMER` #162, * `XGROUP CREATECONSUMER` #163, `XINFO GROUPS` #168, `XINFO CONSUMERS` #168, `XINFO STREAM` #169, `XREADGROUP` #171, * `XACK` #157, `XPENDING` #170, `XCLAIM` #159, `XAUTOCLAIM` * Implemented sorted set commands: * `ZRANDMEMBER` #192, `ZDIFF` #187, `ZINTER` #189, `ZUNION` #194, `ZDIFFSTORE` #188, * `ZINTERCARD` #190, `ZRANGESTORE` #193 * Implemented list commands: * `BLMOVE` #182, * Improved documentation. * Fix documentation link * Fix requirement for packaging.Version #177 * Implement `HRANDFIELD` #156 * Implement `JSON.MSET` * Improve streams code - update to 2.13.0: * Fixed xadd timestamp (fixes #151) (#152) * Implement XDEL #153 * Improve test code * Fix reported security issue * Add support for `Connection.read_response` arguments used in redis-py 4.5.5 and 5.0.0 * Adding state for scan commands (#99) * Improved documentation (added async sample, etc.) - update to 2.12.0: * Implement `XREAD` #147 * Unique FakeServer when no connection params are provided * Minor fixes supporting multiple connections * Update documentation * connection parameters awareness: * Creating multiple clients with the same connection parameters will result in the same server data structure. * Fix creating fakeredis.aioredis using url with user/password - add sle15_python_module_pythons - Update to 2.10.3: * Support for redis-py 5.0.0b1 * Include tests in sdist (#133) * Fix import used in GenericCommandsMixin.randomkey (#135) * Fix async_timeout usage on py3.11 (#132) * Enable testing django-cache using FakeConnection. * All geo commands implemented * Fix bug for xrange * Fix bug for xrevrange * Implement XTRIM * Add support for MAXLEN, MAXID, LIMIT arguments for XADD command * Add support for ZRANGE arguments for ZRANGE command #127 * Relax python version requirement #128 * Support for redis-py 4.5.0 #125 - update to 2.7.1: * Fix import error for NoneType (#120) * Implement - JSON.ARRINDEX - JSON.OBJLEN - JSON.OBJKEYS - JSON.ARRPOP - JSON.ARRTRIM - JSON.NUMINCRBY - JSON.NUMMULTBY - XADD - XLEN - XRANGE - XREVRANGE * Implement `JSON.TYPE`, `JSON.ARRLEN` and `JSON.ARRAPPEND` * Fix encoding of None (#118) - update to v2.5.0: * Implement support for BITPOS (bitmap command) (#112) * Fix json mget when dict is returned (#114) * fix: properly export (#116) * Extract param handling (#113) - update to v2.4.0: * Implement LCS (#111), BITOP (#110) * Fix bug checking type in scan_iter (#109) * Implement GETEX (#102) * Implement support for JSON.STRAPPEND (json command) (#98) * Implement JSON.STRLEN, JSON.TOGGLE and fix bugs with JSON.DEL (#96) * Implement PUBSUB CHANNELS, PUBSUB NUMSUB * Implement JSON.CLEAR (#87) * Support for redis-py v4.4.0 * Implement json.mget (#85) * Initial json module support - JSON.GET, JSON.SET and JSON.DEL (#80) * fix: add nowait for asyncio disconnect (#76) * Refactor how commands are registered (#79) * Refactor tests from redispy4_plus (#77) * Remove support for aioredis separate from redis-py (redis-py versions 4.1.2 and below). (#65) * Add support for redis-py v4.4rc4 (#73) * Add mypy support (#74) * Implement support for zmscore by @the-wondersmith in #67 * What's Changed * implement GETDEL and SINTERCARD support by @cunla in #57 * Test get float-type behavior by @cunla in #59 * Implement BZPOPMIN/BZPOPMAX support by @cunla in #60 - drop fakeredis-pr54-fix-ensure_str.patch (upstream) - Update to 1.9.3 * Removed python-six dependency * zadd support for GT/LT by @cunla in #49 * Remove six dependency by @cunla in #51 * Add host to conn_pool_args by @cunla in #51 - Drop python-fakeredis-no-six.patch which was incomplete * all commits, including the missing ones in release now - Add fakeredis-pr54-fix-ensure_str.patch - use upstream https://github.com/cunla/fakeredis-py/pull/51/ - modified patches % python-fakeredis-no-six.patch (refreshed) - version update to 1.9.1 * Zrange byscore by @cunla in #44 * Expire options by @cunla in #46 * Enable redis7 support by @cunla in #42 - added patches fix https://github.com/cunla/fakeredis-py/issues/50 + python-fakeredis-no-six.patch - Update to 1.8.1 * fix: allow redis 4.3.* by @terencehonles in #30 - Release 1.8 * Fix handling url with username and password by @cunla in #27 * Refactor tests by @cunla in #28 - Release 1.7.6 * add IMOVE operation by @BGroever in #11 * Add SMISMEMBER command by @OlegZv in #20 * fix: work with redis.asyncio by @zhongkechen in #10 * Migrate to poetry by @cunla in #12 * Create annotation for redis4+ tests by @cunla in #14 * Make aioredis and lupa optional dependencies by @cunla in #16 * Remove aioredis requirement if redis-py 4.2+ by @ikornaselur in #19 - update to 1.7.0 * Change a number of corner-case behaviours to match Redis 6.2.6. * Fix DeprecationWarning for sampling from a set * Improved support for constructor arguments * Support redis-py 4 * Add support for GET option to SET * PERSIST and EXPIRE should invalidate watches - Update to 1.6.1 * #305 Some packaging modernisation * #306 Fix FakeRedisMixin.from_url for unix sockets * #308 Remove use of async_generator from tests - Release 1.6.0 * #304 Support aioredis 2 * #302 Switch CI from Travis CI to Github Actions - update to 1.5.2 * support python 3.9 * support aioredis - Disable py2 as upstream actually disabled python2 support competely * The syntax simply is not compatible - Update to 1.3.0: * No upstream changelog - python2 tests are dysfunctional, test with python3 only - Update to 1.0.5: * No upstream changelog - Update to 1.0.4: * various bugfixes all around - Update to v1.0.3 * Support for redis 3.2 (no effective changes in v1.0.2) - Initial spec for v1.0.1 Changes in python-fixedint: - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install - Fix capitalization in Summary - Limit Python files matched in %files section - Switch package to modern Python Stack on SLE-15 + Add %{?sle15_python_module_pythons} + Drop %{?!python_module:%define python_module() python-%{**} python3-%{**}} - Initial build + Version 0.2.0 Changes in python-httplib2: - require setuptools - Clean up SPEC file. - Add %{?sle15_python_module_pythons} - update to 0.22.0: * https: disable_ssl_certificate_validation caused ValueError: Cannot set verify_mode to CERT_NONE when check_hostname is enabled - Update to 0.21.0: * http: `Content-Encoding: deflate` must accept zlib encapsulation * https://github.com/httplib2/httplib2/pull/230 * Begin support and CI against CPython 3.10 and 3.11. - update to 0.20.4: proxy: support proxy urls with ipv6 address Tests compatible with Python3.10 and recent pytest. - add pyparsing dependency - update to 0.20.2: auth: support pyparsing v3 proxy: correct extraction of errno from pysocks ProxyConnectionError IMPORTANT cacerts: remove expired DST Root CA X3, add ISRG Root X1, X2 - update to 0.19.1: * auth header parsing performance optimizations; Thanks to Paul McGuire * Use mock from the standard library on Python>=3.3 set first, othewise a 'ValueError: Cannot set verify_mode to CERT_NONE when check_hostname instead (bnc#761162) item not in cache - initial version of python-httplib2 (0.2.0) Changes in python-httpretty: - Add patch 0001-Fix-test_417_openssl.py-if-pyOpenSSL-not-available.patch: * Fix tests without pyOpenSSL support in urllib3 - Allow building with python-urllib3 >= 2.x - Do not use python-boto3 when building in SLE where it's currently not available for python311 - Add %{?sle15_python_module_pythons} - skip failing testsuite tests after requests update - Add patch relax-test-callback-response.patch: * Relax timeout for test_callback_response (bsc#1209571) - Add patch 460-miliseconds_tests.patch (gh#gabrielfalcao/HTTPretty#460): * Correct tests for s390x and aarch64 because of timeout failures after 2 miliseconds - Fix test suite: * Remove nose idioms * Remove outdated test skips - Add patch double-slash-paths.patch: * http.request may replace // with /, handle that in the testcase. - Add 453-fix-tests-pytest.patch (gh#gabrielfalcao/HTTPretty#449) to make tests compatible with pytest. - Add patch remove-mock.patch: * Use unittest.mock in the functional tests. - specfile: * update copyright year - update to version 1.1.4: * Bugfix: #435 Fallback to WARNING when logging.getLogger().level is None. - changes from version 1.1.3: * Bugfix: #430 Respect socket timeout. - changes from version 1.1.2: * Bugfix: #426 Segmentation fault when running against a large amount of tests with pytest --mypy. - changes from version 1.1.1: * Bugfix: httpretty.disable() injects pyopenssl into :py:mod:`urllib3` even if it originally wasn't #417 * Bugfix: 'Incompatibility with boto3 S3 put_object' #416 * Bugfix: 'Regular expression for URL -> TypeError: wrap_socket() missing 1 required' #413 * Bugfix: 'Making requests to non-stadard port throws TimeoutError '#387 - changes from version 1.1.0: * Feature: Display mismatched URL within UnmockedError whenever possible. #388 * Feature: Display mismatched URL via logging. #419 * Add new properties to :py:class:`httpretty.core.HTTPrettyRequest` (protocol, host, url, path, method). - Updater to 1.0.5 * Bugfix: Support socket.socketpair() . #402 * Bugfix: Prevent exceptions from re-applying monkey patches. #406 - Release 1.0.4 * Python 3.8 and 3.9 support. #407 - Update to 1.0.3 * Fix compatibility with urllib3>=1.26. #410 - Replace nose with nose2 - avoid reading DNS resolver settings gh#gabrielfalcao/HTTPretty#405 - remove unnecessary test packages - Update to 1.0.2 * Drop Python 2 support. * Fix usage with redis and improve overall real-socket passthrough. * Fix TypeError: wrap_socket() missing 1 required positional argument: 'sock'. * Fix simple typo: neighter -> neither. * Updated documentation for register_uri concerning using ports. * Clarify relation between ``enabled`` and ``httprettized`` in API docs. * Align signature with builtin socket. - Version update to 0.9.6: * Many fixes all around * Support for python 3.7 - Make sure we really run the tests - Remove superfluous devel dependency for noarch package Changes in python-javaproperties: - Switch package to modern Python Stack on SLE-15 + Add %{?sle15_python_module_pythons} - version update to 0.8.1 v0.8.1 (2021-10-05) ------------------- - Fix a typing issue in Python 3.9 - Support Python 3.10 v0.8.0 (2020-11-28) ------------------- - Drop support for Python 2.7, 3.4, and 3.5 - Support Python 3.9 - `ensure_ascii` parameter added to `PropertiesFile.dump()` and `PropertiesFile.dumps()` - **Bugfix**: When parsing XML input, empty `<entry>` tags now produce an empty string as a value, not `None` - Added type annotations - `Properties` and `PropertiesFile` no longer raise `TypeError` when given a non-string key or value, as type correctness is now expected to be enforced through static type checking - The `PropertiesElement` classes returned by `parse()` are no longer subclasses of `namedtuple`, but they can still be iterated over to retrieve their fields like a tuple - python-six is not required Changes in python-jsondiff: - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install - Limit Python files matched in %files section - Add %{?sle15_python_module_pythons} - Update to version 2.0.0 * Removed deprecated function * Remove deprecated jsondiff entry point - from version 1.3.1 * Optionally allow different escape_str than '$' * Clarified the readme, closes #23 * Fixed readme - Remove jsondiff command from %install, %post, %postun and %files sections Changes in python-knack: - Switch package to modern Python Stack on SLE-15 + Add %{?sle15_python_module_pythons} + Drop %{?!python_module:%define python_module() python-%{**} python3-%{**}} + Drop %define skip_python2 1 - Update to version 0.11.0 * Declare support for Python 3.11 and drop support for Python 3.7 (#275) * Stop converting argument's `bool` default value to `DefaultInt` (#273) - Update to version 0.10.1 * Support bytearray serialization (#268) - Update to version 0.10.0 * Enable Virtual Terminal mode on legacy Windows terminal to support ANSI escape sequences (#265) * Drop Python 3.6 support (#259) - python-mock is not required for build Changes in python-marshmallow: - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install - Limit Python files matched in %files section - update to 3.20.2: * Bug fixes: - Fix Nested field type hint for lambda Schema types (:pr:`2164`). * Other changes: - Officially support Python 3.12 (:pr:`2188`). - update to 3.20.1: * Fix call to ``get_declared_fields``: pass ``dict_cls`` again * Add ``absolute`` parameter to ``URL`` validator and ``Url`` * Use Abstract Base Classes to define ``FieldABC`` and ``SchemaABC`` * Use `OrderedSet` as default `set_class`. Schemas are now ordered by default. * Handle ``OSError`` and ``OverflowError`` in ``utils.from_timestamp`` (:pr:`2102`). * Fix the default inheritance of nested partial schemas * Officially support Python 3.11 (:pr:`2067`). * Drop support for Python 3.7 (:pr:`2135`). - Switch documentation to be within the main package on SLE15 - rename docs subpackage to the more common doc name - Update to 3.19.0 * Add timestamp and timestamp_ms formats to fields.DateTime (#612). Thanks @vgavro for the suggestion and thanks @vanHoi for the PR. Changes in python-opencensus: - Add Obsoletes for old python3 package on SLE-15 - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install - Update to 0.11.4 * Changed bit-mapping for `httpx` and `fastapi` integrations - Refresh patches for new version * opencensus-pr1002-remove-mock.patch - Switch package to modern Python Stack on SLE-15 * Add %{?sle15_python_module_pythons} * Drop %{?!python_module:%define python_module() python-%{**} python3-%{**}} - update to 0.11.3 * Updated azure modules - sorry, six is still needed :( - update to 0.11.2: * Updated `azure`, `fastapi`,`flask` modules * Updated `azure`, `httpx` modules - Update to 0.11.0 * Updated `azure`, `context`, `flask`, `requests` modules - from version 0.10.0 * Add kwargs to derived gauge (#1135) - from version 0.9.0 * Make sure handler.flush() doesn't deadlock (#1112) - Refresh patches for new version * opencensus-pr1002-remove-mock.patch - Update Requires from setup.py Changes in python-opencensus-context: - Clean up the SPEC file - Switch package to modern Python Stack on SLE-15 + Add %{?sle15_python_module_pythons} + Drop %{?!python_module:%define python_module() python-%{**} python3-%{**}} - Update to 0.1.3 * Move `version.py` file into `runtime_context` folder (#1143) Changes in python-opencensus-ext-threading: - Switch package to modern Python Stack on SLE-15 + Add %{?sle15_python_module_pythons} + Drop %{?!python_module:%define python_module() python-%{**} python3-%{**}} + Drop build support for Python 2.x Changes in python-opentelemetry-api: - update to 1.23.0: * Use Attribute rather than boundattribute in logrecord (#3567) * Fix flush error when no LoggerProvider configured for LoggingHandler (#3608) * Fix OTLPMetricExporter ignores preferred_aggregation property (#3603) * Logs: set observed_timestamp field (#3565) * Add missing Resource SchemaURL in OTLP exporters (#3652) * Fix loglevel warning text (#3566) * Prometheus Exporter string representation for target_info labels (#3659) * Logs: ObservedTimestamp field is missing in console exporter output (#3564) * Fix explicit bucket histogram aggregation (#3429) * Add code.lineno, code.function and code.filepath to all logs (#3645) * Add Synchronous Gauge instrument (#3462) * Drop support for 3.7 (#3668) * Include key in attribute sequence warning (#3639) * Upgrade markupsafe, Flask and related dependencies to dev and test environments (#3609) * Handle HTTP 2XX responses as successful in OTLP exporters (#3623) * Improve Resource Detector timeout messaging (#3645) * Add Proxy classes for logging (#3575) * Remove dependency on 'backoff' library (#3679) - update to 1.22.0: * Prometheus exporter sanitize info metric (#3572) * Remove Jaeger exporters (#3554) * Log stacktrace on `UNKNOWN` status OTLP export error (#3536) * Fix OTLPExporterMixin shutdown timeout period (#3524) * Handle `taskName` `logrecord` attribute (#3557) - update to 1.21.0: * Fix `SumAggregation`(#3390) * Fix handling of empty metric collection cycles (#3335) * Fix error when no LoggerProvider configured for LoggingHandler (#3423) * Make `opentelemetry_metrics_exporter` entrypoint support pull exporters (#3428) * Allow instrument names to have '/' and up to 255 characters (#3442) * Do not load Resource on sdk import (#3447) * Update semantic conventions to version 1.21.0 (#3251) * Add missing schema_url in global api for logging and metrics (#3251) * Prometheus exporter support for auto instrumentation (#3413) * Modify Prometheus exporter to translate non-monotonic Sums into Gauges (#3306) * Update the body type in the log ($3343) * Add max_scale option to Exponential Bucket Histogram Aggregation (#3323) * Use BoundedAttributes instead of raw dict to extract attributes from LogRecord (#3310) * Support dropped_attributes_count in LogRecord and exporters (#3351) * Add unit to view instrument selection criteria (#3341) * Upgrade opentelemetry-proto to 0.20 and regen #3355) * Include endpoint in Grpc transient error warning #3362) * Fixed bug where logging export is tracked as trace #3375) * Select histogram aggregation with an environment variable * Move Protobuf encoding to its own package (#3169) * Add experimental feature to detect resource detectors in auto instrumentation (#3181) * Fix exporting of ExponentialBucketHistogramAggregation from opentelemetry.sdk.metrics.view (#3240) * Fix headers types mismatch for OTLP Exporters (#3226) * Fix suppress instrumentation for log batch processor (#3223) * Add speced out environment variables and arguments for BatchLogRecordProcessor (#3237) - Fix `ParentBased` sampler for implicit parent spans. Fix also `trace_state` erasure for dropped spans or spans sampled by the `TraceIdRatioBased` sampler. Changes in python-opentelemetry-sdk: - Add missing python-wheel build dependency to BuildRequires - update to 1.23.0: * Use Attribute rather than boundattribute in logrecord (#3567) * Fix flush error when no LoggerProvider configured for LoggingHandler (#3608) * Fix OTLPMetricExporter ignores preferred_aggregation property (#3603) * Logs: set observed_timestamp field (#3565) * Add missing Resource SchemaURL in OTLP exporters (#3652) * Fix loglevel warning text (#3566) * Prometheus Exporter string representation for target_info labels (#3659) * Logs: ObservedTimestamp field is missing in console exporter output (#3564) * Fix explicit bucket histogram aggregation (#3429) * Add code.lineno, code.function and code.filepath to all logs (#3645) * Add Synchronous Gauge instrument (#3462) * Drop support for 3.7 (#3668) * Include key in attribute sequence warning (#3639) * Upgrade markupsafe, Flask and related dependencies to dev and test environments (#3609) * Handle HTTP 2XX responses as successful in OTLP exporters (#3623) * Improve Resource Detector timeout messaging (#3645) * Add Proxy classes for logging (#3575) * Remove dependency on 'backoff' library (#3679) - update to 1.23.0: * Use Attribute rather than boundattribute in logrecord (#3567) * Fix flush error when no LoggerProvider configured for LoggingHandler (#3608) * Fix OTLPMetricExporter ignores preferred_aggregation property (#3603) * Logs: set observed_timestamp field (#3565) * Add missing Resource SchemaURL in OTLP exporters (#3652) * Fix loglevel warning text (#3566) * Prometheus Exporter string representation for target_info labels (#3659) * Logs: ObservedTimestamp field is missing in console exporter output (#3564) * Fix explicit bucket histogram aggregation (#3429) * Add code.lineno, code.function and code.filepath to all logs (#3645) * Add Synchronous Gauge instrument (#3462) * Drop support for 3.7 (#3668) * Include key in attribute sequence warning (#3639) * Upgrade markupsafe, Flask and related dependencies to dev and test environments (#3609) * Handle HTTP 2XX responses as successful in OTLP exporters (#3623) * Improve Resource Detector timeout messaging (#3645) * Add Proxy classes for logging (#3575) * Remove dependency on 'backoff' library (#3679) - Switch package to modern Python Stack on SLE-15 + Add %{?sle15_python_module_pythons} - Initial package (1.22.0) Changes in python-opentelemetry-semantic-conventions: - update to 0.44b0: * Use Attribute rather than boundattribute in logrecord (#3567) * Fix flush error when no LoggerProvider configured for LoggingHandler (#3608) * Fix OTLPMetricExporter ignores preferred_aggregation property (#3603) * Logs: set observed_timestamp field (#3565) * Add missing Resource SchemaURL in OTLP exporters (#3652) * Fix loglevel warning text (#3566) * Prometheus Exporter string representation for target_info labels (#3659) * Logs: ObservedTimestamp field is missing in console exporter output (#3564) * Fix explicit bucket histogram aggregation (#3429) * Add code.lineno, code.function and code.filepath to all logs (#3645) * Add Synchronous Gauge instrument (#3462) * Drop support for 3.7 (#3668) * Include key in attribute sequence warning (#3639) * Upgrade markupsafe, Flask and related dependencies to dev and test environments (#3609) * Handle HTTP 2XX responses as successful in OTLP exporters (#3623) * Improve Resource Detector timeout messaging (#3645) * Add Proxy classes for logging (#3575) * Remove dependency on 'backoff' library (#3679) - update to 0.43b0: * Prometheus exporter sanitize info metric * Remove Jaeger exporters * Log stacktrace on `UNKNOWN` status OTLP export error * Fix OTLPExporterMixin shutdown timeout period * Handle `taskName` `logrecord` attribute * Fix `SumAggregation` * Fix handling of empty metric collection cycles * Fix error when no LoggerProvider configured for LoggingHandler * Make `opentelemetry_metrics_exporter` entrypoint support pull exporters * Allow instrument names to have '/' and up to 255 characters * Do not load Resource on sdk import * Update semantic conventions to version 1.21.0 * Add missing schema_url in global api for logging and metrics * Prometheus exporter support for auto instrumentation * Drop `setuptools` runtime requirement. * Update the body type in the log ($3343) * Add max_scale option to Exponential Bucket Histogram Aggregation * Use BoundedAttributes instead of raw dict to extract attributes from LogRecord * Support dropped_attributes_count in LogRecord and exporters * Add unit to view instrument selection criteria * Upgrade opentelemetry-proto to 0.20 and regen #3355) * Include endpoint in Grpc transient error warning #3362) * Fixed bug where logging export is tracked as trace #3375) * Select histogram aggregation with an environment variable * Move Protobuf encoding to its own package * Add experimental feature to detect resource detectors in auto instrumentation * Fix exporting of ExponentialBucketHistogramAggregation from opentelemetry.sdk.metrics.view * Fix headers types mismatch for OTLP Exporters * Fix suppress instrumentation for log batch processor * Add speced out environment variables and arguments for BatchLogRecordProcessor - Initial build + Version 0.25b2 Changes in python-opentelemetry-test-utils: - update to 0.44b0: * Use Attribute rather than boundattribute in logrecord (#3567) * Fix flush error when no LoggerProvider configured for LoggingHandler (#3608) * Fix OTLPMetricExporter ignores preferred_aggregation property (#3603) * Logs: set observed_timestamp field (#3565) * Add missing Resource SchemaURL in OTLP exporters (#3652) * Fix loglevel warning text (#3566) * Prometheus Exporter string representation for target_info labels (#3659) * Logs: ObservedTimestamp field is missing in console exporter output (#3564) * Fix explicit bucket histogram aggregation (#3429) * Add code.lineno, code.function and code.filepath to all logs (#3645) * Add Synchronous Gauge instrument (#3462) * Drop support for 3.7 (#3668) * Include key in attribute sequence warning (#3639) * Upgrade markupsafe, Flask and related dependencies to dev and test environments (#3609) * Handle HTTP 2XX responses as successful in OTLP exporters (#3623) * Improve Resource Detector timeout messaging (#3645) * Add Proxy classes for logging (#3575) * Remove dependency on 'backoff' library (#3679) - Initial package (0.43b0) Changes in python-pycomposefile: - Switch package to modern Python Stack on SLE-15 + Add %{?sle15_python_module_pythons} - Initial build + Version 0.0.30 Changes in python-pydash: - Switch package to modern Python Stack on SLE-15 + Add %{?sle15_python_module_pythons} + Drop %{?!python_module:%define python_module() python-%{**} python3-%{**}} - Update to version 6.0.2 * Only prevent access to object paths containing ``__globals__`` or ``__builtins__`` instead of all dunder-methods for non-dict/list objects. - from version 6.0.1 * Fix exception raised due to mishandling of non-string keys in functions like ``get()`` for non-dict/list objects that used integer index references like ``'[0]'``. - from version 6.0.0 * Prevent access to object paths containing dunder-methods in functions like ``get()`` for non-dict/list objects. Attempting to access dunder-methods using get-path keys will raise a ``KeyError`` (e.g. ``get(SomeClass(), '__init__'`` will raise). Access to dict keys are unaffected (e.g. ``get({'__init__': True}, '__init__')`` will return ``True``). (**breaking change**) * Add support for Python 3.11. * Drop support for Python 3.6 (**breaking change**) - from version 5.1.2 * Remove unnecessary type check and conversion for ``exceptions`` argument in ``pydash.retry``. - from version 5.1.1 * Add support for Python 3.10. * Fix timing assertion issue in test for ``pydash.delay`` where it could fail on certain environments. - Switch build system from setuptools to pyproject.toml - Update BuildRequires from pyproject.toml - version update to 5.1.0 v5.1.0 (2021-10-02) ------------------- - Support matches-style callbacks on non-dictionary objects that are compatible with ``pydash.get`` in functions like ``pydash.find``. v5.0.2 (2021-07-15) ------------------- - Fix compatibility issue between ``pydash.py_`` / ``pydash._`` and ``typing.Protocol`` + ``typing.runtime_checkable`` that caused an exception to be raised for ``isinstance(py_, SomeRuntimeCheckableProtocol)``. v5.0.1 (2021-06-27) ------------------- - Fix bug in ``merge_with`` that prevented custom iteratee from being used when recursively merging. Thanks weineel_! v5.0.0 (2021-03-29) ------------------- - Drop support for Python 2.7. (**breaking change**) - Improve Unicode word splitting in string functions to be inline with Lodash. Thanks mervynlee94_! (**breaking change**) - ``camel_case`` - ``human_case`` - ``kebab_case`` - ``lower_case`` - ``pascal_case`` - ``separator_case`` - ``slugify`` - ``snake_case`` - ``start_case`` - ``upper_case`` - Optimize regular expression constants used in ``pydash.strings`` by pre-compiling them to regular expression pattern objects. v4.9.3 (2021-03-03) ------------------- - Fix regression introduced in ``v4.8.0`` that caused ``merge`` and ``merge_with`` to raise an exception when passing ``None`` as the first argument. v4.9.2 (2020-12-24) ------------------- - Fix regression introduced in ``v4.9.1`` that broke ``pydash.get`` for dictionaries and dot-delimited keys that reference integer dict-keys. v4.9.1 (2020-12-14) ------------------- - Fix bug in ``get/has`` that caused ``defaultdict`` objects to get populated on key access. v4.9.0 (2020-10-27) ------------------- - Add ``default_to_any``. Thanks gonzalonaveira_! - Fix mishandling of key names containing ``\.`` in ``set_``, ``set_with``, and ``update_with`` where the ``.`` was not treated as a literal value within the key name. Thanks zhaowb_! - python-mock is not required for build - Activate test suite - Update to v4.8.0 - Initial spec for v4.7.6 Changes in python-redis: - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install - add https://github.com/redis/redis-py/pull/3005 as Close-various-objects-created-during-asyncio-tests.patch to fix tests for python 3.12 - Add patch to increase timeouts in s390x where tests take longer to run: * increase-test-timeout.patch - Disable broken tests for ppc64le, bsc#1216606 - Add pytest.ini source needed to run tests - Remove/disable broken tests because of suse environment - drop tox.ini. seems it does no longer exist in 5.0.1 - add support to easily disable the testsuite at build time - update to 5.0.1 - New Features - Provide aclose() / close() for classes requiring lifetime management (#2898) - Add support for ModuleCommands in cluster (#2951) - Add support for multiple values in RPUSHX (#2949) - Add Redis.from_pool() class method, for explicitly owning and closing a ConnectionPool (#2913) - Bug Fixes - Fixing monitor parsing for messages containing specific substrings (#2950) - Cluster determine slot command name need to be upper (#2919) - Support timeout = 0 in search query (#2934) - Fix async sentinel: add push_request keyword argument to read_response (#2922) - Fix protocol checking for search commands (#2923) - Fix: SentinelManagedConnection.read_response() got an unexpected keyword argument 'push_request' (#2894) - Fix: automatically close connection pool for async Sentinel (#2900) - Save a reference to created async tasks, to avoid tasks potentially disappearing (#2816) - Avoid reference cycling by the garbage collector during response reading (#2932) - Maintenance - Type hint improvements (#2952) - Replace clear_connect_callbacks with _deregister_connect_callback (#2955) - Async fixes, remove del and other things (#2870) - Add pagination, sorting and grouping examples to search json example (#2890) - Remove process-id checks from asyncio. Asyncio and fork() does not mix. (#2911) - Fix resource usage and cleanup Mocks in the unit tests (#2936) - Remove mentions of tox (#2929) - Add 7.2 to supported Redis versions (#2896) - Fix resource warnings in unit tests (#2899) - Fix typo in redis-stream-example.ipynb (#2918) - Deprecate RedisGraph (#2927) - Fix redis 7.2.0 tests (#2902) - Fix test_scorer (search) (#2920) - changes from 5.0.0 - What's new? - Triggers and Functions support Triggers and Functions allow you to execute server-side functions triggered when key values are modified or created in Redis, a stream entry arrival, or explicitly calling them. Simply put, you can replace Lua scripts with easy-to-develop JavaScript or TypeScript code. Move your business logic closer to the data to ensure a lower latency, and forget about updating dependent key values manually in your code. Try it for yourself with Quick start - Full Redis 7.2 and RESP3 support - Python 3.7 End-of-Life - Python 3.7 has reached its end-of-life (EOL) as of June 2023. This means that starting from this date, Python 3.7 will no longer receive any updates, including security patches, bug fixes, or improvements. If you continue to use Python 3.7 post-EOL, you may expose your projects and systems to potential security vulnerabilities. We ended its support in this version and strongly recommend migrating to Python 3.10. - Bug Fixes - Fix timeout retrying on pipeline execution (#2812) - Fix socket garbage collection (#2859) - Maintenance - Updating client license to clear, MIT (#2884) - Add py.typed in accordance with PEP-561 (#2738) - Dependabot label change (#2880) - Fix type hints in SearchCommands (#2817) - Add sync modules (except search) tests to cluster CI (#2850) - Fix a duplicate word in CONTRIBUTING.md (#2848) - Fixing doc builds (#2869) - Change cluster docker to edge and enable debug command (#2853) - changes from 4.6.0 - Experimental Features - Support JSON.MERGE command (#2761) - Support JSON.MSET command (#2766) - New Features - Extract abstract async connection class (#2734) - Add support for WAITAOF (#2760) - Introduce OutOfMemoryError exception for Redis write command rejections due to OOM errors (#2778) - Add WITHSCORE argument to ZRANK (#2758) - Bug Fixes - Fix dead weakref in sentinel connection causing ReferenceError (#2767) (#2771) - Fix Key Error in parse_xinfo_stream (#2788) - Remove unnecessary __del__ handlers (#2755) - Added support for missing argument to SentinelManagedConnection.read_response() (#2756) - Maintenance - Fix type hint for retry_on_error in async cluster (#2804) - Clean up documents and fix some redirects (#2801) - Add unit tests for the connect method of all Redis connection classes (#2631) - Docstring formatting fix (#2796) - update to 4.5.5: * Add support for CLIENT NO-TOUCH * Add support for CLUSTER MYSHARDID * Add 'address_remap' feature to RedisCluster * Add WITHSCORES argument to ZREVRANK command * Improve error output for master discovery * Fix XADD: allow non negative maxlen * Fix create single connection client from url * Optionally disable disconnects in read_response * Fix SLOWLOG GET return value * Fix potential race condition during disconnection * Return response in case of KeyError * Fix incorrect usage of once flag in async Sentinel * Fix memory leak caused by hiredis in asyncio case * Really do not use asyncio's timeout lib before 3.11.2 - add sle15_python_module_pythons - Update to 4.5.4: * Security + Cancelling an async future does not, properly trigger, leading to a potential data leak in specific cases. (CVE-2023-28858, bsc#1209811) + Cancelling an async future does not, properly trigger, leading to a potential data leak in specific cases. (CVE-2023-28859, bsc#1209812) * New Features + Introduce AbstractConnection so that UnixDomainSocketConnection can call super().init (#2588) + Added queue_class to REDIS_ALLOWED_KEYS (#2577) + Made search document subscriptable (#2615) + Sped up the protocol parsing (#2596) + Use hiredis::pack_command to serialized the commands. (#2570) + Add support for unlink in cluster pipeline (#2562) * Bug Fixes + Fixing cancelled async futures (#2666) + Fix: do not use asyncio's timeout lib before 3.11.2 (#2659) + Fix UDS in v4.5.2: UnixDomainSocketConnection missing constructor argument (#2630) + CWE-404 AsyncIO Race Condition Fix (#2624, #2579) + Fix behaviour of async PythonParser to match RedisParser as for issue #2349 (#2582) + Replace async_timeout by asyncio.timeout (#2602) + Update json().arrindex() default values (#2611) + Fix #2581 UnixDomainSocketConnection object has no attribute _command_packer (#2583) + Fix issue with pack_commands returning an empty byte sequence (#2416) + Async HiredisParser should finish parsing after a Connection.disconnect() (#2557) + Check for none, prior to raising exception (#2569) + Tuple function cannot be passed more than one argument (#2573) + Synchronise concurrent command calls to single-client to single-client mode (#2568) + Async: added 'blocking' argument to call lock method (#2454) + Added a replacement for the default cluster node in the event of failure. (#2463) + Fixed geosearch: Wrong number of arguments for geosearch command (#2464) - Clean up BuildRequires and Requires. - Disable broken test test_xautoclaim gh#redis/redis-py#2554 - udpate to 4.3.5: * Add support for TIMESERIES 1.8 (#2296) * Graph - add counters for removed labels and properties (#2292) * Add support for TDIGEST.QUANTILE extensions (#2317) * Add TDIGEST.TRIMMED_MEAN (#2300) * Add support for async GRAPH module (#2273) * Support TDIGEST.MERGESTORE and make compression optional on TDIGEST.CREATE (#2319) * Adding reserve as an alias for create, so that we have BF.RESERVE and CF.RESERVE accuratenly supported (#2331) * Fix async connection.is_connected to return a boolean value (#2278) * Fix: workaround asyncio bug on connection reset by peer (#2259) * Fix crash: key expire while search (#2270) * Async cluster: fix concurrent pipeline (#2280) * Fix async SEARCH pipeline (#2316) * Fix KeyError in async cluster - initialize before execute multi key commands (#2439) * Supply chain risk reduction: remove dependency on library named deprecated (#2386) * Search test - Ignore order of the items in the response (#2322) * Fix GRAPH.LIST & TDIGEST.QUANTILE tests (#2335) * Fix TimeSeries range aggregation (twa) tests (#2358) * Mark TOPK.COUNT as deprecated (#2363) - update to 4.3.4: * Fix backward compatibility from 4.3.2 in Lock.acquire() * Fix XAUTOCLAIM to return the full response, instead of only keys 2+ * Added dynamic_startup_nodes configuration to RedisCluster. * Fix retries in async mode * Async cluster: fix simultaneous initialize * Uppercased commands in CommandsParser.get_keys * Late eval of the skip condition in async tests * Reuse the old nodes' connections when a cluster topology refresh is being done * Docs: add pipeline examples * Correct retention_msecs value * Cluster: use pipeline to execute split commands * Docs: Add a note about client_setname and client_name difference - Delete unused redismod.conf, remove duplicate Source entry for tox.ini - Add redismod.conf and tox.ini as Sources to SPEC file. - Update to version 4.3.3 * Fix Lock crash, and versioning 4.3.3 (#2210) * Async cluster: improve docs (#2208) - Release 4.3.2 * SHUTDOWN - add support for the new NOW, FORCE and ABORT modifiers (#2150) * Adding pipeline support for async cluster (#2199) * Support CF.MEXISTS + Clean bf/commands.py (#2184) * Extending query_params for FT.PROFILE (#2198) * Implementing ClusterPipeline Lock (#2190) * Set default response_callbacks to redis.asyncio.cluster.ClusterNode (#2201) * Add default None for maxlen at xtrim command (#2188) * Async cluster: add/update typing (#2195) * Changed list type to single element type (#2203) * Made sync lock consistent and added types to it (#2137) * Async cluster: optimisations (#2205) * Fix typos in README (#2206) * Fix modules links to https://redis.io/commands/ (#2185) - Update to version 4.3.1 * Allow negative `retries` for `Retry` class to retry forever * Add `items` parameter to `hset` signature * Create codeql-analysis.yml (#1988). Thanks @chayim * Add limited support for Lua scripting with RedisCluster * Implement `.lock()` method on RedisCluster * Fix cursor returned by SCAN for RedisCluster & change default target to PRIMARIES * Fix scan_iter for RedisCluster * Remove verbose logging when initializing ClusterPubSub, ClusterPipeline or RedisCluster * Fix broken connection writer lock-up for asyncio (#2065) * Fix auth bug when provided with no username (#2086) - Release 4.1.3 * Fix flushdb and flushall (#1926) * Add redis5 and redis4 dockers (#1871) * Change json.clear test multi to be up to date with redisjson (#1922) * Fixing volume for unstable_cluster docker (#1914) * Update changes file with changes since 4.0.0-beta2 (#1915) - Release 4.1.2 * Invalid OCSP certificates should raise ConnectionError on failed validation (#1907) * Added retry mechanism on socket timeouts when connecting to the server (#1895) * LMOVE, BLMOVE return incorrect responses (#1906) * Fixing AttributeError in UnixDomainSocketConnection (#1903) * Fixing TypeError in GraphCommands.explain (#1901) * For tests, increasing wait time for the cluster (#1908) * Increased pubsub's wait_for_messages timeout to prevent flaky tests (#1893) * README code snippets formatted to highlight properly (#1888) * Fix link in the main page (#1897) * Documentation fixes: JSON Example, SSL Connection Examples, RTD version (#1887) * Direct link to readthedocs (#1885) - Release 4.1.1 * Add retries to connections in Sentinel Pools (#1879) * OCSP Stapling Support (#1873) * Define incr/decr as aliases of incrby/decrby (#1874) * FT.CREATE - support MAXTEXTFIELDS, TEMPORARY, NOHL, NOFREQS, SKIPINITIALSCAN (#1847) * Timeseries docs fix (#1877) * get_connection: catch OSError too (#1832) * Set keys var otherwise variable not created (#1853) * Clusters should optionally require full slot coverage (#1845) * Triple quote docstrings in client.py PEP 257 (#1876) * syncing requirements (#1870) * Typo and typing in GraphCommands documentation (#1855) * Allowing poetry and redis-py to install together (#1854) * setup.py: Add project_urls for PyPI (#1867) * Support test with redis unstable docker (#1850) * Connection examples (#1835) * Documentation cleanup (#1841) - Release 4.1.0 * OCSP stapling support (#1820) * Support for SELECT (#1825) * Support for specifying error types with retry (#1817) * Support for RESET command since Redis 6.2.0 (#1824) * Support CLIENT TRACKING (#1612) * Support WRITE in CLIENT PAUSE (#1549) * JSON set_file and set_path support (#1818) * Allow ssl_ca_path with rediss:// urls (#1814) * Support for password-encrypted SSL private keys (#1782) * Support SYNC and PSYNC (#1741) * Retry on error exception and timeout fixes (#1821) * Fixing read race condition during pubsub (#1737) * Fixing exception in listen (#1823) * Fixed MovedError, and stopped iterating through startup nodes when slots are fully covered (#1819) * Socket not closing after server disconnect (#1797) * Single sourcing the package version (#1791) * Ensure redis_connect_func is set on uds connection (#1794) * SRTALGO - Skip for redis versions greater than 7.0.0 (#1831) * Documentation updates (#1822) * Add CI action to install package from repository commit hash (#1781) (#1790) * Fix link in lmove docstring (#1793) * Disabling JSON.DEBUG tests (#1787) * Migrated targeted nodes to kwargs in Cluster Mode (#1762) * Added support for MONITOR in clusters (#1756) * Adding ROLE Command (#1610) * Integrate RedisBloom support (#1683) * Adding RedisGraph support (#1556) * Allow overriding connection class via keyword arguments (#1752) * Aggregation LOAD * support for RediSearch (#1735) * Adding cluster, bloom, and graph docs (#1779) * Add packaging to setup_requires, and use >= to play nice to setup.py (fixes #1625) (#1780) * Fixing the license link in the readme (#1778) * Removing distutils from tests (#1773) * Fix cluster ACL tests (#1774) * Improved RedisCluster's reinitialize_steps and documentation (#1765) * Added black and isort (#1734) * Link Documents for all module commands (#1711) * Pyupgrade + flynt + f-strings (#1759) * Remove unused aggregation subclasses in RediSearch (#1754) * Adding RedisCluster client to support Redis Cluster Mode (#1660) * Support RediSearch FT.PROFILE command (#1727) * Adding support for non-decodable commands (#1731) * COMMAND GETKEYS support (#1738) * RedisJSON 2.0.4 behaviour support (#1747) * Removing deprecating distutils (PEP 632) (#1730) * Updating PR template (#1745) * Removing duplication of Script class (#1751) * Splitting documentation for read the docs (#1743) * Improve code coverage for aggregation tests (#1713) * Fixing COMMAND GETKEYS tests (#1750) * GitHub release improvements (#1684) - Release 4.0.2 * Restoring Sentinel commands to redis client (#1723) * Better removal of hiredis warning (#1726) * Adding links to redis documents in function calls (#1719) - Release 4.0.1 * Removing command on initial connections (#1722) * Removing hiredis warning when not installed (#1721) - Release 4.0.0 * FT.EXPLAINCLI intentionally raising NotImplementedError * Restoring ZRANGE desc for Redis < 6.2.0 (#1697) * Response parsing occasionally fails to parse floats (#1692) * Re-enabling read-the-docs (#1707) * Call HSET after FT.CREATE to avoid keyspace scan (#1706) * Unit tests fixes for compatibility (#1703) * Improve documentation about Locks (#1701) * Fixes to allow --redis-url to pass through all tests (#1700) * Fix unit tests running against Redis 4.0.0 (#1699) * Search alias test fix (#1695) * Adding RediSearch/RedisJSON tests (#1691) * Updating codecov rules (#1689) * Tests to validate custom JSON decoders (#1681) * Added breaking icon to release drafter (#1702) * Removing dependency on six (#1676) * Re-enable pipeline support for JSON and TimeSeries (#1674) * Export Sentinel, and SSL like other classes (#1671) * Restore zrange functionality for older versions of Redis (#1670) * Fixed garbage collection deadlock (#1578) * Tests to validate built python packages (#1678) * Sleep for flaky search test (#1680) * Test function renames, to match standards (#1679) * Docstring improvements for Redis class (#1675) * Fix georadius tests (#1672) * Improvements to JSON coverage (#1666) * Add python_requires setuptools check for python > 3.6 (#1656) * SMISMEMBER support (#1667) * Exposing the module version in loaded_modules (#1648) * RedisTimeSeries support (#1652) * Support for json multipath ($) (#1663) * Added boolean parsing to PEXPIRE and PEXPIREAT (#1665) * Add python_requires setuptools check for python > 3.6 (#1656) * Adding vulture for static analysis (#1655) * Starting to clean the docs (#1657) * Update README.md (#1654) * Adding description format for package (#1651) * Publish to pypi as releases are generated with the release drafter (#1647) * Restore actions to prs (#1653) * Fixing the package to include commands (#1649) * Re-enabling codecov as part of CI process (#1646) * Adding support for redisearch (#1640) Thanks @chayim * redisjson support (#1636) Thanks @chayim * Sentinel: Add SentinelManagedSSLConnection (#1419) Thanks @AbdealiJK * Enable floating parameters in SET (ex and px) (#1635) Thanks @AvitalFineRedis * Add warning when hiredis not installed. Recommend installation. (#1621) Thanks @adiamzn * Raising NotImplementedError for SCRIPT DEBUG and DEBUG SEGFAULT (#1624) Thanks @chayim * CLIENT REDIR command support (#1623) Thanks @chayim * REPLICAOF command implementation (#1622) Thanks @chayim * Add support to NX XX and CH to GEOADD (#1605) Thanks @AvitalFineRedis * Add support to ZRANGE and ZRANGESTORE parameters (#1603) Thanks @AvitalFineRedis * Pre 6.2 redis should default to None for script flush (#1641) Thanks @chayim * Add FULL option to XINFO SUMMARY (#1638) Thanks @agusdmb * Geosearch test should use any=True (#1594) Thanks @Andrew-Chen-Wang * Removing packaging dependency (#1626) Thanks @chayim * Fix client_kill_filter docs for skimpy (#1596) Thanks @Andrew-Chen-Wang * Normalize minid and maxlen docs (#1593) Thanks @Andrew-Chen-Wang * Update docs for multiple usernames for ACL DELUSER (#1595) Thanks @Andrew-Chen-Wang * Fix grammar of get param in set command (#1588) Thanks @Andrew-Chen-Wang * Fix docs for client_kill_filter (#1584) Thanks @Andrew-Chen-Wang * Convert README & CONTRIBUTING from rst to md (#1633) Thanks @davidylee * Test BYLEX param in zrangestore (#1634) Thanks @AvitalFineRedis * Tox integrations with invoke and docker (#1632) Thanks @chayim * Adding the release drafter to help simplify release notes (#1618). Thanks @chayim * BACKWARDS INCOMPATIBLE: Removed support for end of life Python 2.7. #1318 * BACKWARDS INCOMPATIBLE: All values within Redis URLs are unquoted via urllib.parse.unquote. Prior versions of redis-py supported this by specifying the ``decode_components`` flag to the ``from_url`` functions. This is now done by default and cannot be disabled. #589 * POTENTIALLY INCOMPATIBLE: Redis commands were moved into a mixin (see commands.py). Anyone importing ``redis.client`` to access commands directly should import ``redis.commands``. #1534, #1550 * Removed technical debt on REDIS_6_VERSION placeholder. Thanks @chayim #1582. * Various docus fixes. Thanks @Andrew-Chen-Wang #1585, #1586. * Support for LOLWUT command, available since Redis 5.0.0. Thanks @brainix #1568. * Added support for CLIENT REPLY, available in Redis 3.2.0. Thanks @chayim #1581. * Support for Auto-reconnect PubSub on get_message. Thanks @luhn #1574. * Fix RST syntax error in README/ Thanks @JanCBrammer #1451. * IDLETIME and FREQ support for RESTORE. Thanks @chayim #1580. * Supporting args with MODULE LOAD. Thanks @chayim #1579. * Updating RedisLabs with Redis. Thanks @gkorland #1575. * Added support for ASYNC to SCRIPT FLUSH available in Redis 6.2.0. Thanks @chayim. #1567 * Added CLIENT LIST fix to support multiple client ids available in Redis 2.8.12. Thanks @chayim #1563. * Added DISCARD support for pipelines available in Redis 2.0.0. Thanks @chayim #1565. * Added ACL DELUSER support for deleting lists of users available in Redis 6.2.0. Thanks @chayim. #1562 * Added CLIENT TRACKINFO support available in Redis 6.2.0. Thanks @chayim. #1560 * Added GEOSEARCH and GEOSEARCHSTORE support available in Redis 6.2.0. Thanks @AvitalFine Redis. #1526 * Added LPUSHX support for lists available in Redis 4.0.0. Thanks @chayim. #1559 * Added support for QUIT available in Redis 1.0.0. Thanks @chayim. #1558 * Added support for COMMAND COUNT available in Redis 2.8.13. Thanks @chayim. #1554. * Added CREATECONSUMER support for XGROUP available in Redis 6.2.0. Thanks @AvitalFineRedis. #1553 * Including slowly complexity in INFO if available. Thanks @ian28223 #1489. * Added support for STRALGO available in Redis 6.0.0. Thanks @AvitalFineRedis. #1528 * Addes support for ZMSCORE available in Redis 6.2.0. Thanks @2014BDuck and @jiekun.zhu. #1437 * Support MINID and LIMIT on XADD available in Redis 6.2.0. Thanks @AvitalFineRedis. #1548 * Added sentinel commands FLUSHCONFIG, CKQUORUM, FAILOVER, and RESET available in Redis 2.8.12. Thanks @otherpirate. #834 * Migrated Version instead of StrictVersion for Python 3.10. Thanks @tirkarthi. #1552 * Added retry mechanism with backoff. Thanks @nbraun-amazon. #1494 * Migrated commands to a mixin. Thanks @chayim. #1534 * Added support for ZUNION, available in Redis 6.2.0. Thanks @AvitalFineRedis. #1522 * Added support for CLIENT LIST with ID, available in Redis 6.2.0. Thanks @chayim. #1505 * Added support for MINID and LIMIT with xtrim, available in Reds 6.2.0. Thanks @chayim. #1508 * Implemented LMOVE and BLMOVE commands, available in Redis 6.2.0. Thanks @chayim. #1504 * Added GET argument to SET command, available in Redis 6.2.0. Thanks @2014BDuck. #1412 * Documentation fixes. Thanks @enjoy-binbin @jonher937. #1496 #1532 * Added support for XAUTOCLAIM, available in Redis 6.2.0. Thanks @AvitalFineRedis. #1529 * Added IDLE support for XPENDING, available in Redis 6.2.0. Thanks @AvitalFineRedis. #1523 * Add a count parameter to lpop/rpop, available in Redis 6.2.0. Thanks @wavenator. #1487 * Added a (pypy) trove classifier for Python 3.9. Thanks @D3X. #1535 * Added ZINTER support, available in Redis 6.2.0. Thanks @AvitalFineRedis. #1520 * Added ZINTER support, available in Redis 6.2.0. Thanks @AvitalFineRedis. #1520 * Added ZDIFF and ZDIFFSTORE support, available in Redis 6.2.0. Thanks @AvitalFineRedis. #1518 * Added ZRANGESTORE support, available in Redis 6.2.0. Thanks @AvitalFineRedis. #1521 * Added LT and GT support for ZADD, available in Redis 6.2.0. Thanks @chayim. #1509 * Added ZRANDMEMBER support, available in Redis 6.2.0. Thanks @AvitalFineRedis. #1519 * Added GETDEL support, available in Redis 6.2.0. Thanks @AvitalFineRedis. #1514 * Added CLIENT KILL laddr filter, available in Redis 6.2.0. Thanks @chayim. #1506 * Added CLIENT UNPAUSE, available in Redis 6.2.0. Thanks @chayim. #1512 * Added NOMKSTREAM support for XADD, available in Redis 6.2.0. Thanks @chayim. #1507 * Added HRANDFIELD support, available in Redis 6.2.0. Thanks @AvitalFineRedis. #1513 * Added CLIENT INFO support, available in Redis 6.2.0. Thanks @AvitalFineRedis. #1517 * Added GETEX support, available in Redis 6.2.0. Thanks @AvitalFineRedis. #1515 * Added support for COPY command, available in Redis 6.2.0. Thanks @malinaa96. #1492 * Provide a development and testing environment via docker. Thanks @abrookins. #1365 * Added support for the LPOS command available in Redis 6.0.6. Thanks @aparcar #1353/#1354 * Added support for the ACL LOG command available in Redis 6. Thanks @2014BDuck. #1307 * Added support for ABSTTL option of the RESTORE command available in Redis 5.0. Thanks @charettes. #1423 - Drop account-defaults-redis.patch merged upstream - Add account-defaults-redis.patch which fixes failing tests by taking into consideration redis defaults, not overwriting them (gh#andymccurdy/redis-py#1499). - Skipp two tests because of gh#andymccurdy/redis-py#1459. - update to 3.5.3 * Restore try/except clauses to __del__ methods. These will be removed in 4.0 when more explicit resource management if enforced. #1339 * Update the master_address when Sentinels promote a new master. #847 * Update SentinelConnectionPool to not forcefully disconnect other in-use connections which can negatively affect threaded applications. #1345 3.5.2 * Tune the locking in ConnectionPool.get_connection so that the lock is not held while waiting for the socket to establish and validate the TCP connection. 3.5.1 * Fix for HSET argument validation to allow any non-None key. Thanks @AleksMat, #1337, #1341 3.5.0 * Removed exception trapping from __del__ methods. redis-py objects that hold various resources implement __del__ cleanup methods to release those resources when the object goes out of scope. This provides a fallback for when these objects aren't explicitly closed by user code. Prior to this change any errors encountered in closing these resources would be hidden from the user. Thanks @jdufresne. #1281 * Expanded support for connection strings specifying a username connecting to pre-v6 servers. #1274 * Optimized Lock's blocking_timeout and sleep. If the lock cannot be acquired and the sleep value would cause the loop to sleep beyond blocking_timeout, fail immediately. Thanks @clslgrnc. #1263 * Added support for passing Python memoryviews to Redis command args that expect strings or bytes. The memoryview instance is sent directly to the socket such that there are zero copies made of the underlying data during command packing. Thanks @Cody-G. #1265, #1285 * HSET command now can accept multiple pairs. HMSET has been marked as deprecated now. Thanks to @laixintao #1271 * Don't manually DISCARD when encountering an ExecAbortError. Thanks @nickgaya, #1300/#1301 * Reset the watched state of pipelines after calling exec. This saves a roundtrip to the server by not having to call UNWATCH within Pipeline.reset(). Thanks @nickgaya, #1299/#1302 * Added the KEEPTTL option for the SET command. Thanks @laixintao #1304/#1280 * Added the MEMORY STATS command. #1268 * Lock.extend() now has a new option, `replace_ttl`. When False (the default), Lock.extend() adds the `additional_time` to the lock's existing TTL. When replace_ttl=True, the lock's existing TTL is replaced with the value of `additional_time`. * Add testing and support for PyPy. - downgrade requires for redis to recommends * Better error handling Changes in python-retrying: - Switch package to modern Python Stack on SLE-15 + Add %{?sle15_python_module_pythons} - require setuptools - Switch to pyproject macros. - Stop using greedy globs in %files. - Update to version 1.3.4 * Added Greg Roodt as maintainer * Formatted code with black * Updated repository references - Improve summary. - Remove superfluous devel dependency for noarch package - Initial package Changes in python-semver: - update to 3.0.2: * :pr:`418`: Replace :class:`~collection.OrderedDict` with :class:`dict`. * The dict datatype is ordered since Python 3.7. As we do not support Python 3.6 anymore, it can be considered safe to avoid :class:`~collection.OrderedDict`. * :pr:`431`: Clarify version policy for the different semver versions (v2, v3, >v3) and the supported Python versions. * :gh:`432`: Improve external doc links to Python and Pydantic. * :pr:`417`: Amend GitHub Actions to check against MacOS. - remove obsolete setup-remove-asterisk.patch - update to version 3.0.1: - Remove incorrect dependencies from build-system section of pyproject.toml by @mgorny in #405 - correct typo in function description of next_version by @treee111 in #406 - Improve GitHub Action by @tomschr in #408 - Add CITATION.cff for citation by @tomschr in #409 - Add Version class to __all__ export. Fix #410 by @Soneji in #411 - Configure docformatter by @tomschr in #412 - Prepare version 3.0.1 by @tomschr in #413 - update to version 3.0.0: - Bugfixes - :gh:`291`: Disallow negative numbers in VersionInfo arguments for ``major``, ``minor``, and ``patch``. * :gh:`310`: Rework API documentation. Follow a more 'semi-manual' attempt and add auto directives into :file:`docs/api.rst`. * :gh:`344`: Allow empty string, a string with a prefix, or ``None`` as token in :meth:`~semver.version.Version.bump_build` and :meth:`~semver.version.Version.bump_prerelease`. * :pr:`384`: General cleanup, reformat files: * Reformat source code with black again as some config options did accidentely exclude the semver source code. Mostly remove some includes/excludes in the black config. * Integrate concurrency in GH Action * Ignore Python files on project dirs in .gitignore * Remove unused patterns in MANIFEST.in * Use ``extend-exclude`` for flake in :file:`setup.cfg`` and adapt list. * Use ``skip_install=True`` in :file:`tox.ini` for black * :pr:`393`: Fix command :command:`python -m semver` to avoid the error 'invalid choice' * :pr:`396`: Calling :meth:`~semver.version.Version.parse` on a derived class will show correct type of derived class. - Deprecations * :gh:`169`: Deprecate CLI functions not imported from ``semver.cli``. * :gh:`234`: In :file:`setup.py` simplified file and remove ``Tox`` and ``Clean`` classes * :gh:`284`: Deprecate the use of :meth:`~Version.isvalid`. Rename :meth:`~semver.version.Version.isvalid` to :meth:`~semver.version.Version.is_valid` for consistency reasons with :meth:`~semver.version.Version.is_compatible`. * :pr:`402`: Keep :func:`semver.compare <semver._deprecated.compare>`. Although it breaks consistency with module level functions, it seems it's a much needed/used function. It's still unclear if we should deprecate this function or not (that's why we use :py:exc:`PendingDeprecationWarning`). As we don't have a uniform initializer yet, this function stays in the :file:`_deprecated.py` file for the time being until we find a better solution. See :gh:`258` for details. - Features * Remove :file:`semver.py` * Create :file:`src/semver/__init__.py` * Create :file:`src/semver/cli.py` for all CLI methods * Create :file:`src/semver/_deprecated.py` for the ``deprecated`` decorator and other deprecated functions * Create :file:`src/semver/__main__.py` to allow calling the CLI using :command:`python -m semver` * Create :file:`src/semver/_types.py` to hold type aliases * Create :file:`src/semver/version.py` to hold the :class:`Version` class (old name :class:`VersionInfo`) and its utility functions * Create :file:`src/semver/__about__.py` for all the metadata variables * :gh:`213`: Add typing information * :gh:`284`: Implement :meth:`~semver.version.Version.is_compatible` to make 'is self compatible with X'. * :gh:`305`: Rename :class:`~semver.version.VersionInfo` to :class:`~semver.version.Version` but keep an alias for compatibility - add setup-remove-asterisk.patch to fix build error - update to version 3.0.0-dev.4: - Bug Fixes: - :gh:`374`: Correct Towncrier's config entries in the :file:`pyproject.toml` file. The old entries ``[[tool.towncrier.type]]`` are deprecated and need to be replaced by ``[tool.towncrier.fragment.<TYPE>]``. - Deprecations: - :gh:`372`: Deprecate support for Python 3.6. Python 3.6 reached its end of life and isn't supported anymore. At the time of writing (Dec 2022), the lowest version is 3.7. Although the `poll <https://github.com/python-semver/python-semver/discussions/371>`_ didn't cast many votes, the majority agree to remove support for Python 3.6. - Improved Documentation: - :gh:`335`: Add new section 'Converting versions between PyPI and semver' the limitations and possible use cases to convert from one into the other versioning scheme. - :gh:`340`: Describe how to get version from a file - :gh:`343`: Describe combining Pydantic with semver in the 'Advanced topic' section. - :gh:`350`: Restructure usage section. Create subdirectory 'usage/' and splitted all section into different files. - :gh:`351`: Introduce new topics for: * 'Migration to semver3' * 'Advanced topics' - Features: - :pr:`359`: Add optional parameter ``optional_minor_and_patch`` in :meth:`.Version.parse` to allow optional minor and patch parts. - :pr:`362`: Make :meth:`.Version.match` accept a bare version string as match expression, defaulting to equality testing. - :gh:`364`: Enhance :file:`pyproject.toml` to make it possible to use the :command:`pyproject-build` command from the build module. For more information, see :ref:`build-semver`. - :gh:`365`: Improve :file:`pyproject.toml`. * Use setuptools, add metadata. Taken approach from `A Practical Guide to Setuptools and Pyproject.toml <https://godatadriven.com/blog/a-practical-guide-to-setuptools-and-pyproject-toml/>`_. * Doc: Describe building of semver * Remove :file:`.travis.yml` in :file:`MANIFEST.in` (not needed anymore) * Distinguish between Python 3.6 and others in :file:`tox.ini` * Add skip_missing_interpreters option for :file:`tox.ini` * GH Action: Upgrade setuptools and setuptools-scm and test against 3.11.0-rc.2 - Trivial/Internal Changes: - :gh:`378`: Fix some typos in Towncrier configuration - switch to the tagged version rather than a gh branch tarball - fix support for Python 3.10 with update to development version: - update to revision g4d2df08: - Changes for the upcoming release can be found in: - the `'changelog.d' directory <https://github.com/python-semver/python-semver/tree/master/changelog.d>`_: - in our repository.: - update to version 3.0.0-dev.2: - Deprecations: - :gh:`169`: Deprecate CLI functions not imported from ``semver.cli``. - Features: - :gh:`169`: Create semver package and split code among different modules in the packages. * Remove :file:`semver.py` * Create :file:`src/semver/__init__.py` * Create :file:`src/semver/cli.py` for all CLI methods * Create :file:`src/semver/_deprecated.py` for the ``deprecated`` decorator and other deprecated functions * Create :file:`src/semver/__main__.py` to allow calling the CLI using :command:`python -m semver` * Create :file:`src/semver/_types.py` to hold type aliases * Create :file:`src/semver/version.py` to hold the :class:`Version` class (old name :class:`VersionInfo`) and its utility functions * Create :file:`src/semver/__about__.py` for all the metadata variables - :gh:`305`: Rename :class:`VersionInfo` to :class:`Version` but keep an alias for compatibility - Improved Documentation: - :gh:`304`: Several improvements in documentation: * Reorganize API documentation. * Add migration chapter from semver2 to semver3. * Distinguish between changlog for version 2 and 3 - :gh:`305`: Add note about :class:`Version` rename. - Trivial/Internal Changes: - :gh:`169`: Adapted infrastructure code to the new project layout. * Replace :file:`setup.py` with :file:`setup.cfg` because the :file:`setup.cfg` is easier to use * Adapt documentation code snippets where needed * Adapt tests * Changed the ``deprecated`` to hardcode the ``semver`` package name in the warning. Increase coverage to 100% for all non-deprecated APIs - :gh:`304`: Support PEP-561 :file:`py.typed`. According to the mentioned PEP: 'Package maintainers who wish to support type checking of their code MUST add a marker file named :file:`py.typed` to their package supporting typing.' Add package_data to :file:`setup.cfg` to include this marker in dist and whl file. - update to version 3.0.0-dev.1: - Deprecations: - :pr:`290`: For semver 3.0.0-alpha0: * Remove anything related to Python2 * In :file:`tox.ini` and :file:`.travis.yml` Remove targets py27, py34, py35, and pypy. Add py38, py39, and nightly (allow to fail) * In :file:`setup.py` simplified file and remove ``Tox`` and ``Clean`` classes * Remove old Python versions (2.7, 3.4, 3.5, and pypy) from Travis - :gh:`234`: In :file:`setup.py` simplified file and remove ``Tox`` and ``Clean`` classes - Features: - :pr:`290`: Create semver 3.0.0-alpha0 * Update :file:`README.rst`, mention maintenance branch ``maint/v2``. * Remove old code mainly used for Python2 compatibility, adjusted code to support Python3 features. * Split test suite into separate files under :file:`tests/` directory * Adjust and update :file:`setup.py`. Requires Python >=3.6.* Extract metadata directly from source (affects all the ``__version__``, ``__author__`` etc. variables) - :gh:`270`: Configure Towncrier (:pr:`273`:) * Add :file:`changelog.d/.gitignore` to keep this directory * Create :file:`changelog.d/README.rst` with some descriptions * Add :file:`changelog.d/_template.rst` as Towncrier template * Add ``[tool.towncrier]`` section in :file:`pyproject.toml` * Add 'changelog' target into :file:`tox.ini`. Use it like :command:`tox -e changelog -- CMD` whereas ``CMD`` is a Towncrier command. The default :command:`tox -e changelog` calls Towncrier to create a draft of the changelog file and output it to stdout. * Update documentation and add include a new section 'Changelog' included from :file:`changelog.d/README.rst`. - :gh:`276`: Document how to create a sublass from :class:`VersionInfo` class - :gh:`213`: Add typing information - Bug Fixes: - :gh:`291`: Disallow negative numbers in VersionInfo arguments for ``major``, ``minor``, and ``patch``. - Improved Documentation: - :pr:`290`: Several improvements in the documentation: * New layout to distinguish from the semver2 development line. * Create new logo. * Remove any occurances of Python2. * Describe changelog process with Towncrier. * Update the release process. - Trivial/Internal Changes: - :pr:`290`: Add supported Python versions to :command:`black`. * PR #62. Support custom default names for pre and build Changes in python-sshtunnel: - Require update-alternatives for the scriptlets. - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install - Limit Python files matched in %files section - Use %sle15_python_module_pythons - do not require python-mock for build - update to 0.4.0: + Change the daemon mod flag for all tunnel threads (is not fully backward compatible) to prevent unexpected hangs (`#219`_) + Add docker based end to end functinal tests for Mongo/Postgres/MySQL + Add docker based end to end hangs tests + Fix host key directory detection + Unify default ssh config folder to `~/.ssh` + Increase open connection timeout to 10 secods + Change default with context behavior to use `.stop(force=True)` on exit + Remove useless `daemon_forward_servers = True` hack for hangs prevention + Set transport keepalive to 5 second by default + Set default transport timeout to 0.1 + Deprecate and remove `block_on_close` option + Fix 'deadlocks' / 'tunneling hangs' + Add `.stop(force=True)` for force close active connections + Fixes bug with orphan thread for a tunnel that is DOWN + Support IPv6 without proxy command. Use built-in paramiko create socket logic. The logic tries to use ipv6 socket family first, then ipv4 socket family. Changes in python-strictyaml: - require setuptools - update to 1.7.3: * REFACTOR : Fix pipeline. * TOOLING : Improvements to pyenv multi-environment tester. * FEATURE : Upgraded package to use pyproject.toml files * REFACTOR : Fixed linter errors. * TOOLING : Build wheel and sdist that both work. - Add %{?sle15_python_module_pythons} - Update to 1.6.2 No relevant code changes. see details changelog: https://hitchdev.com/strictyaml/changelog/#latest - update to 1.6.1 too many changes to be listed here see detailed changelog: https://hitchdev.com/strictyaml/changelog/ - update to 1.4.4 * Add support for NaN and infinity representations * Optional keys in mappings and set value to None * Support underscores in int and decimal * NullNone - parse 'null' as None like YAML 1.2 does. * Bundle last propertly working ruamel.yaml version in with strictyaml. - version update to 1.0.6 * BUGFIX : Fix accidental python 2 breakage. * BUGFIX : Accidental misrecognition of boolean values as numbers - cause of #85. * BUGFIX : Fix for #86 - handle changing multiline strings. * BUGFIX: handle deprecated collections import in the parser (#82) - Update to 1.0.5: * BUGFIX : Fixed python 2 bug introduced when fixing #72. * FEATURE : Include tests / stories in package. * BUG: issue #72. Now setitem uses schema. - Expand %description. - Initial spec for v1.0.3 Changes in python-sure: - Switch build system from setuptools to pyproject.toml + Add python-pip and python-wheel to BuildRequires + Replace %python_build with %pyproject_wheel + Replace %python_install with %pyproject_install - update to 2.0.1: * Fixes CI build (Github Actions) * Fixes broken tests * Housekeeping: Licensing * Disable nosetests for testing leaving only pytest as supported test-runner for now - Add %{?sle15_python_module_pythons} - Remove mock from BuildRequires. - Rebase python-sure-no-mock.patch to remove one missed import. - do not require mock for build nor runtime - added patches fix https://github.com/gabrielfalcao/sure/pull/161 + python-sure-no-mock.patch - Update to 2.0.0 * No longer patch the builtin dir() function, which fixes pytest in some cases such as projects using gevent. - switch to pytest - Version update to 1.4.11: * Reading the version dynamically was causing import errors that caused error when installing package. Refs #144 Changes in python-vcrpy: - Update to 6.0.1 * BREAKING: Fix issue with httpx support (thanks @parkerhancock) in #784. * BREAKING: Drop support for `boto` (vcrpy still supports boto3, but is dropping the deprecated `boto` support in this release. (thanks @jairhenrique) * Fix compatibility issue with Python 3.12 (thanks @hartwork) * Drop simplejson (fixes some compatibility issues) (thanks @jairhenrique) * Run CI on Python 3.12 and PyPy 3.9-3.10 (thanks @mgorny) * Various linting and docs improvements (thanks @jairhenrique) * Tornado fixes (thanks @graingert) - version update to 5.1.0 * Use ruff for linting (instead of current flake8/isort/pyflakes) - thanks @jairhenrique * Enable rule B (flake8-bugbear) on ruff - thanks @jairhenrique * Configure read the docs V2 - thanks @jairhenrique * Fix typo in docs - thanks @quasimik * Make json.loads of Python >=3.6 decode bytes by itself - thanks @hartwork * Fix body matcher for chunked requests (fixes #734) - thanks @hartwork * Fix query param filter for aiohttp (fixes #517) - thanks @hartwork and @salomvary * Remove unnecessary dependency on six. - thanks @charettes * build(deps): update sphinx requirement from <7 to <8 - thanks @jairhenrique * Add action to validate docs - thanks @jairhenrique * Add editorconfig file - thanks @jairhenrique * Drop iscoroutinefunction fallback function for unsupported python thanks @jairhenrique - for changelog for older releases refer to https://github.com/kevin1024/vcrpy/releases - six is not required - Use sle15_python_module_pythons - Restrict urllib3 < 2 -- gh#kevin1024/vcrpy#688 - Update to version 4.2.1 * Fix a bug where the first request in a redirect chain was not being recorded with aiohttp * Various typos and small fixes, thanks @jairhenrique, @timgates42 - Update to 4.1.1: * Fix HTTPX support for versions greater than 0.15 (thanks @jairhenrique) * Include a trailing newline on json cassettes (thanks @AaronRobson) - Update to 4.1.0: * Add support for httpx!! (thanks @herdigiorgi) * Add the new allow_playback_repeats option (thanks @tysonholub) * Several aiohttp improvements (cookie support, multiple headers with same key) (Thanks @pauloromeira) * Use enums for record modes (thanks @aaronbannin) * Bugfix: Do not redirect on 304 in aiohttp (Thanks @royjs) * Bugfix: Fix test suite by switching to mockbin (thanks @jairhenrique) - Remove patch 0001-Revert-v4.0.x-Remove-legacy-python-and-add-python3.8.patch as we dropped py2 integration support on Tumbleweed - Added patch 0001-Revert-v4.0.x-Remove-legacy-python-and-add-python3.8.patch * Enable python2 again since it breaks many packages - Fix locale on Leap - update to version 4.0.2 * Remove Python2 support * Add Python 3.8 TravisCI support * Correct mock imports Changes in python-xmltodict: - Clean up the SPEC file. - add sle15_python_module_pythons - update to 0.13.0: * Add install info to readme for openSUSE. (#205) * Support defaultdict for namespace mapping (#211) * parse(generator) is now possible (#212) * Processing comments on parsing from xml to dict (connected to #109) (#221) * Add expand_iter kw to unparse to expand iterables (#213) * Fixed some typos * Add support for python3.8 * Drop Jython/Python 2 and add Python 3.9/3.10. * Drop OrderedDict in Python >= 3.7 * Do not use len() to determine if a sequence is empty * Add more namespace attribute tests * Fix encoding issue in setup.py - Add patch skip-tests-expat-245.patch: * Do not run tests that make no sense with a current Expat. Changes in python-asgiref: First package shipment. Important SUSE bug 1209571 SUSE bug 1209811 SUSE bug 1209812 SUSE bug 1216606 SUSE bug 1222880 SUSE bug 761162 CVE-2023-28858 at SUSE CVE-2023-28858 at NVD CVE-2023-28859 at SUSE CVE-2023-28859 at NVD cpe:/o:opensuse:leap:15.6 Security update for python310 (Moderate) openSUSE Leap 15.6 This update for python310 fixes the following issues: - CVE-2023-52425: Fixed using the system libexpat (bsc#1219559). Moderate SUSE bug 1219559 CVE-2023-52425 at SUSE CVE-2023-52425 at NVD cpe:/o:opensuse:leap:15.6 Security update for perl (Important) openSUSE Leap 15.6 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) Important SUSE bug 1082216 SUSE bug 1082233 SUSE bug 1213638 CVE-2018-6798 at SUSE CVE-2018-6798 at NVD CVE-2018-6913 at SUSE CVE-2018-6913 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaFirefox (Important) openSUSE Leap 15.6 This update for MozillaFirefox fixes the following issues: Update to version 115.11.0 ESR (bsc#1224056): - CVE-2024-4367: Arbitrary JavaScript execution in PDF.js - CVE-2024-4767: IndexedDB files retained in private browsing mode - CVE-2024-4768: Potential permissions request bypass via clickjacking - CVE-2024-4769: Cross-origin responses could be distinguished between script and non-script content-types - CVE-2024-4770: Use-after-free could occur when printing to PDF - CVE-2024-4777: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11 Important SUSE bug 1222535 SUSE bug 1224056 CVE-2024-2609 at SUSE CVE-2024-2609 at NVD CVE-2024-3302 at SUSE CVE-2024-3302 at NVD CVE-2024-3852 at SUSE CVE-2024-3852 at NVD CVE-2024-3854 at SUSE CVE-2024-3854 at NVD CVE-2024-3857 at SUSE CVE-2024-3857 at NVD CVE-2024-3859 at SUSE CVE-2024-3859 at NVD CVE-2024-3861 at SUSE CVE-2024-3861 at NVD CVE-2024-3863 at SUSE CVE-2024-3863 at NVD CVE-2024-3864 at SUSE CVE-2024-3864 at NVD CVE-2024-4367 at SUSE CVE-2024-4367 at NVD CVE-2024-4767 at SUSE CVE-2024-4767 at NVD CVE-2024-4768 at SUSE CVE-2024-4768 at NVD CVE-2024-4769 at SUSE CVE-2024-4769 at NVD CVE-2024-4770 at SUSE CVE-2024-4770 at NVD CVE-2024-4777 at SUSE CVE-2024-4777 at NVD cpe:/o:opensuse:leap:15.6 Security update for ucode-intel (Important) openSUSE Leap 15.6 This update for ucode-intel fixes the following issues: Intel CPU Microcode was updated to the 20240514 release (bsc#1224277) - CVE-2023-45733: Fixed a potential security vulnerability in some Intel? Processors that may have allowed information disclosure. - CVE-2023-46103: Fixed a potential security vulnerability in Intel? Core™ Ultra Processors that may have allowed denial of service. - CVE-2023-45745,CVE-2023-47855: Fixed a potential security vulnerabilities in some Intel? Trust Domain Extensions (TDX) module software that may have allowed escalation of privilege. Important SUSE bug 1224277 CVE-2023-45733 at SUSE CVE-2023-45733 at NVD CVE-2023-45745 at SUSE CVE-2023-45745 at NVD CVE-2023-46103 at SUSE CVE-2023-46103 at NVD CVE-2023-47855 at SUSE CVE-2023-47855 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-1_8_0-openj9 (Moderate) openSUSE Leap 15.6 This update for java-1_8_0-openj9 fixes the following issues: Update to OpenJDK 8u412 build 08 with OpenJ9 0.44.0 virtual machine: - CVE-2024-21094: Fixed C2 compilation failure with 'Exceeded _node_regs array' (bsc#1222986). - CVE-2024-21011: Fixed long Exception message leading to crash (bsc#1222979). - CVE-2024-21085: Fixed Pack200 excessive memory allocation (bsc#1222984). - CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (bsc#1222983). Moderate SUSE bug 1213470 SUSE bug 1222979 SUSE bug 1222983 SUSE bug 1222984 SUSE bug 1222986 CVE-2024-21011 at SUSE CVE-2024-21011 at NVD CVE-2024-21068 at SUSE CVE-2024-21068 at NVD CVE-2024-21085 at SUSE CVE-2024-21085 at NVD CVE-2024-21094 at SUSE CVE-2024-21094 at NVD cpe:/o:opensuse:leap:15.6 Security update for warewulf4 (Important) openSUSE Leap 15.6 This update for warewulf4 fixes the following issues: - fixed wwctl configure --all doesn't configure ssh (bsc#1225402) - update to 4.5.2 with following changes: * Reorder dnsmasq config to put iPXE last * Update go-digest dependency to fix CVE-2024-3727: digest values not always validated (bsc#1224124) - updated to version 4.5.1 with following changes * wwctl [profile|node] list -a handles now slices correclty * Fix a locking issue with concurrent read/writes for node status - Remove API package as use of this wasn't documented - use tftp.socket for activation (bsc#1216994) Important SUSE bug 1216994 SUSE bug 1224124 SUSE bug 1225402 CVE-2024-3727 at SUSE CVE-2024-3727 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-requests (Moderate) openSUSE Leap 15.6 This update for python-requests fixes the following issues: - CVE-2024-35195: Fixed cert verification regardless of changes to the value of `verify` (bsc#1224788). Moderate SUSE bug 1224788 CVE-2024-35195 at SUSE CVE-2024-35195 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaThunderbird (Important) openSUSE Leap 15.6 This update for MozillaThunderbird fixes the following issues: Update to version 115.11 (bsc#1224056): - CVE-2024-4367: Arbitrary JavaScript execution in PDF.js - CVE-2024-4767: IndexedDB files retained in private browsing mode - CVE-2024-4768: Potential permissions request bypass via clickjacking - CVE-2024-4769: Cross-origin responses could be distinguished between script and non-script content-types - CVE-2024-4770: Use-after-free could occur when printing to PDF - CVE-2024-4777: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11 - fixed: Splitter arrow between task list and task description did not behave as expected - fixed: Calendar Event Attendees dialog had incorrectly sized rows Important SUSE bug 1224056 CVE-2024-4367 at SUSE CVE-2024-4367 at NVD CVE-2024-4767 at SUSE CVE-2024-4767 at NVD CVE-2024-4768 at SUSE CVE-2024-4768 at NVD CVE-2024-4769 at SUSE CVE-2024-4769 at NVD CVE-2024-4770 at SUSE CVE-2024-4770 at NVD CVE-2024-4777 at SUSE CVE-2024-4777 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-1_8_0-ibm (Important) openSUSE Leap 15.6 This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 25 (bsc#1223470): - CVE-2023-38264: Fixed Object Request Broker (ORB) denial of service (bsc#1224164). - CVE-2024-21094: Fixed C2 compilation fails with 'Exceeded _node_regs array' (bsc#1222986). - CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (bsc#1222983). - CVE-2024-21085: Fixed Pack200 excessive memory allocation (bsc#1222984). - CVE-2024-21011: Fixed Long Exception message leading to crash (bsc#1222979). - CVE-2024-21012: Fixed HTTP/2 client improper reverse DNS lookup (bsc#1222987). Important SUSE bug 1222979 SUSE bug 1222983 SUSE bug 1222984 SUSE bug 1222986 SUSE bug 1222987 SUSE bug 1223470 SUSE bug 1224164 CVE-2023-38264 at SUSE CVE-2023-38264 at NVD CVE-2024-21011 at SUSE CVE-2024-21011 at NVD CVE-2024-21012 at SUSE CVE-2024-21012 at NVD CVE-2024-21068 at SUSE CVE-2024-21068 at NVD CVE-2024-21085 at SUSE CVE-2024-21085 at NVD CVE-2024-21094 at SUSE CVE-2024-21094 at NVD cpe:/o:opensuse:leap:15.6 Security update for uriparser (Important) openSUSE Leap 15.6 This update for uriparser fixes the following issues: - CVE-2024-34402: Fixed integer overflow protection in ComposeQueryEngine (bsc#1223887). - CVE-2024-34403: Fixed integer overflow protection in ComposeQueryMallocExMm (bsc#1223888). Important SUSE bug 1223887 SUSE bug 1223888 CVE-2024-34402 at SUSE CVE-2024-34402 at NVD CVE-2024-34403 at SUSE CVE-2024-34403 at NVD cpe:/o:opensuse:leap:15.6 Security update for python (Moderate) openSUSE Leap 15.6 This update for python fixes the following issues: - CVE-2023-52425: Fixed using the system libexpat (bsc#1219559). - CVE-2023-27043: Modifed fix for unicode string handling in email.utils.parseaddr() (bsc#1222537). - CVE-2022-48560: Fixed use-after-free in Python via heappushpop in heapq (bsc#1214675). - CVE-2024-0450: Detect the vulnerability of the 'quoted-overlap' zipbomb (bsc#1221854). Bug fixes: - Switch off tests. ONLY FOR FACTORY!!! (bsc#1219306). - Build with -std=gnu89 to build correctly with gcc14 (bsc#1220970). - Switch from %patchN style to the %patch -P N one. Moderate SUSE bug 1214675 SUSE bug 1219306 SUSE bug 1219559 SUSE bug 1220970 SUSE bug 1221854 SUSE bug 1222537 CVE-2022-48560 at SUSE CVE-2022-48560 at NVD CVE-2023-27043 at SUSE CVE-2023-27043 at NVD CVE-2023-52425 at SUSE CVE-2023-52425 at NVD CVE-2024-0450 at SUSE CVE-2024-0450 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Jinja2 (Moderate) openSUSE Leap 15.6 This update for python-Jinja2 fixes the following issues: - Fixed HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-34064, bsc#1223980, CVE-2024-22195, bsc#1218722) Moderate SUSE bug 1218722 SUSE bug 1223980 CVE-2024-22195 at SUSE CVE-2024-22195 at NVD CVE-2024-34064 at SUSE CVE-2024-34064 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-aiohttp (Moderate) openSUSE Leap 15.6 This update for python-aiohttp fixes the following issues: - CVE-2024-27306: Fixed XSS on index pages for static file handling (bsc#1223098) Moderate SUSE bug 1223098 CVE-2024-27306 at SUSE CVE-2024-27306 at NVD cpe:/o:opensuse:leap:15.6 Security update for fwupdate (Moderate) openSUSE Leap 15.6 This update of fwupdate fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). - Update the email address of security team in SBAT (bsc#1221301) - elf_aarch64_efi.lds: set the memory permission explicitly to avoid ld warning like 'LOAD segment with RWX permissions' Moderate SUSE bug 1209188 SUSE bug 1221301 cpe:/o:opensuse:leap:15.6 Security update for python-tqdm (Moderate) openSUSE Leap 15.6 This update for python-tqdm fixes the following issues: Update to version 4.66.4: * rich: fix completion * cli: eval safety (CVE-2024-34062, bsc#1223880) * pandas: add DataFrame.progress_map * notebook: fix HTML padding * keras: fix resuming training when verbose>=2 * fix format_num negative fractions missing leading zero * fix Python 3.12 DeprecationWarning on import Moderate SUSE bug 1223880 CVE-2024-34062 at SUSE CVE-2024-34062 at NVD cpe:/o:opensuse:leap:15.6 Security update for Java (Important) openSUSE Leap 15.6 This update for Java fixes thefollowing issues: apiguardian was updated to vesion 1.1.2: - Added LICENSE/NOTICE to the generated jar - Allow @API to be declared at the package level - Explain usage of Status.DEPRECATED - Include OSGi metadata in manifest assertj-core was implemented at version 3.25.3: - New package implementation needed by Junit5 byte-buddy was updated to version v1.14.16: - `byte-buddy` is required by `assertj-core` - Changes in version v1.14.16: * Update ASM and introduce support for Java 23. - Changes in version v1.14.15: * Allow attaching from root on J9. - Changes of v1.14.14: * Adjust type validation to accept additional names that are legal in the class file format. * Fix dynamic attach on Windows when a service user is active. * Avoid failure when using Android's strict mode. dom4j was updated to version 2.1.4: - Improvements and potentially breaking changes: * Added new factory method org.dom4j.io.SAXReader.createDefault(). It has more secure defaults than new SAXReader(), which uses system XMLReaderFactory.createXMLReader() or SAXParserFactory.newInstance().newSAXParser(). * If you use some optional dependency of dom4j (for example Jaxen, xsdlib etc.), you need to specify an explicit dependency on it in your project. They are no longer marked as a mandatory transitive dependency by dom4j. * Following SAX parser features are disabled by default in DocumentHelper.parse() for security reasons (they were enabled in previous versions): + http://xml.org/sax/properties/external-general-entities + http://xml.org/sax/properties/external-parameter-entities - Other changes: * Do not depend on jtidy, since it is not used during build * Fixed license to Plexus * JPMS: Add the Automatic-Module-Name attribute to the manifest. * Make a separate flavour for a minimal `dom4j-bootstrap` package used to build `jaxen` and full `dom4j` * Updated pull-parser version * Reuse the writeAttribute method in writeAttributes * Support build on OS with non-UTF8 as default charset * Gradle: add an automatic module name * Use Correct License Name 'Plexus' * Possible vulnerability of DocumentHelper.parseText() to XML injection * CVS directories left in the source tree * XMLWriter does not escape supplementary unicode characters correctly * writer.writeOpen(x) doesn't write namespaces * Fixed concurrency problem with QNameCache * All dependencies are optional * SAXReader: hardcoded namespace features * Validate QNames * StringIndexOutOfBoundsException in XMLWriter.writeElementContent() * TreeNode has grown some generics * QName serialization fix * DocumentException initialize with nested exception * Accidentally occurring error in a multi-threaded test * Added compatibility with W3C DOM Level 3 * Use Java generics hamcrest: - `hamcrest-core` has been replaced by `hamcrest` (no source changes) junit had the following change: - Require hamcrest >= 2.2 junit5 was updated to version 5.10.2: - Conditional execution based on OS architectures - Configurable cleanup mode for @TempDir - Configurable thread mode for @Timeout - Custom class loader support for class/method selectors, @MethodSource, @EnabledIf, and @DisabledIf - Dry-run mode for test execution - Failure threshold for @RepeatedTest - Fixed build with the latest open-test-reporting milestone - Fixed dependencies in module-info.java files - Fixed unreported exception error that is fatal with JDK 21 - Improved configurability of parallel execution - New @SelectMethod support in test @Suite classes. - New ConsoleLauncher subcommand for test discovery without execution - New convenience base classes for implementing ArgumentsProvider and ArgumentConverter - New IterationSelector - New LauncherInterceptor SPI - New NamespacedHierarchicalStore for use in third-party test engines - New TempDirFactory SPI for customizing how temporary directories are created - New testfeed details mode for ConsoleLauncher - New TestInstancePreConstructCallback extension API - Numerous bug fixes and minor improvements - Parameter injection for @MethodSource methods - Promotion of various experimental APIs to stable - Reusable parameter resolution for custom extension methods via ExecutableInvoker - Stacktrace pruning to hide internal JUnit calls - The binaries are compatible with java 1.8 - Various improvements to ConsoleLauncher - XML reports in new Open Test Reporting format jdom: - Security issues fixed: * CVE-2021-33813: Fixed an XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request (bsc#1187446) - Other changes and bugs fixed: * Fixed wrong entries in changelog (bsc#1224410) * The packages `jaxen`, `saxpath` and `xom` are now separate standalone packages instead of being part of `jdom` jaxen was implemented at version 2.0.0: - New standalone RPM package implementation, originally part of `jdom` source package - Classpaths are much smaller and less complex, and will suppress a lot of noise from static analysis tools. - The Jaxen core code is also a little smaller and has fixed a few minor bugs in XPath evaluation - Despite the major version bump, this should be a drop in replacement for almost every project. The two major possible incompatibilities are: * The minimum supported Java version is now 1.5, up from 1.4 in 1.2.0 and 1.3 in 1.1.6. * dom4j, XOM, and JDOM are now optional dependencies so if a project was depending on them to be loaded transitively it will need to add explicit dependencies to build. jopt-simple: - Included jopt-simple to Package Hub 15 SP5 (no source changes) objectweb-asm was updated to version 9.7: - New Opcodes.V23 constant for Java 23 - Bugs fixed * Fixed unit test regression in dex2jar. * Fixed 'ClassNode#outerClass' with incorrect JavaDocs. * asm-bom packaging should be 'pom'. * The Textifier prints a supplementary space at the end of each method that throws at least one exception. open-test-reporting: - Included `open-test-reporting-events` and `open-test-reporting-schema` to the channels as they are runtime dependencies of Junit5 (no source changes) saxpath was implemented at version 1.0 FCS: - New standalone RPM package implementation, originally part of `jdom` source package (openSUSE Leap 15.5 package only) xom was implemented at version 1.3.9: - New standalone RPM package implementation, originally part of `jdom` source package - The Nodes and Elements classes are iterable so you can use the enhanced for loop syntax on instances of these classes. - The copy() method is now covariant. - Adds Automatic-Moduole-Name to jar - Remove direct dependency on xml-apis:xml-apis artifact since these classes are now available in the core runtime. - Eliminate usage of com.sun classes to make XOM compatible with JDK 16. - Replace remaining usages of StringBuffer with StringBuilder to slightly improve performance. Important SUSE bug 1187446 SUSE bug 1224410 CVE-2021-33813 at SUSE CVE-2021-33813 at NVD cpe:/o:opensuse:leap:15.6 Security update for 389-ds (Moderate) openSUSE Leap 15.6 This update for 389-ds fixes the following issues: - Update to version 2.2.8~git65.347aae6: - CVE-2024-1062: Resolved possible denial of service when audit logging is enabled. (bsc#1219836) Moderate SUSE bug 1219836 CVE-2024-1062 at SUSE CVE-2024-1062 at NVD cpe:/o:opensuse:leap:15.6 Security update for ffmpeg (Important) openSUSE Leap 15.6 This update for ffmpeg fixes the following issues: - CVE-2023-51794: Fixed a heap buffer overflow in libavfilter. (bsc#1223437) Important SUSE bug 1223437 CVE-2023-51794 at SUSE CVE-2023-51794 at NVD cpe:/o:opensuse:leap:15.6 Security update for ffmpeg-4 (Important) openSUSE Leap 15.6 This update for ffmpeg-4 fixes the following issues: - CVE-2020-22021: Fixed buffer overflow vulnerability in filter_edges function in libavfilter/vf_yadif.c (bsc#1186586). - CVE-2023-51794: Fixed a heap buffer overflow in libavfilter. (bsc#1223437) Important SUSE bug 1186586 SUSE bug 1223437 CVE-2020-22021 at SUSE CVE-2020-22021 at NVD CVE-2023-51794 at SUSE CVE-2023-51794 at NVD cpe:/o:opensuse:leap:15.6 Security update for mariadb104 (Moderate) openSUSE Leap 15.6 This update for mariadb104 fixes the following issues: - Update to 10.4.33: - CVE-2023-22084: Fixed a bug that allowed high privileged attackers with network access via multiple protocols to compromise the server. (bsc#1217405) Moderate SUSE bug 1217405 CVE-2023-22084 at SUSE CVE-2023-22084 at NVD cpe:/o:opensuse:leap:15.6 Security update for unbound (Important) openSUSE Leap 15.6 This update for unbound fixes the following issues: unbound was updated to 1.20.0: * A lot of bugfixes and added features. For a complete list take a look at the changelog located at: /usr/share/doc/packages/unbound/Changelog or https://www.nlnetlabs.nl/projects/unbound/download/ Some Noteworthy Changes: * Removed DLV. The DLV has been decommisioned since unbound 1.5.4 and has been advised to stop using it since. The use of dlv options displays a warning. * Remove EDNS lame procedure, do not re-query without EDNS after timeout. * Add DNS over HTTPS * libunbound has been upgraded to major version 8 Security Fixes: * CVE-2023-50387: DNSSEC verification complexity can be exploited to exhaust CPU resources and stall DNS resolvers. [bsc#1219823] * CVE-2023-50868: NSEC3 closest encloser proof can exhaust CPU. [bsc#1219826] * CVE-2022-30698: Novel 'ghost domain names' attack by introducing subdomain delegations. [bsc#1202033] * CVE-2022-30699: Novel 'ghost domain names' attack by updating almost expired delegation information. [bsc#1202031] * CVE-2022-3204: NRDelegation attack leads to uncontrolled resource consumption (Non-Responsive Delegation Attack). [bsc#1203643] Packaging Changes: * Use prefixes instead of sudo in unbound.service * Remove no longer necessary BuildRequires: libfstrm-devel and libprotobuf-c-devel Important SUSE bug 1202031 SUSE bug 1202033 SUSE bug 1203643 SUSE bug 1219823 SUSE bug 1219826 CVE-2022-30698 at SUSE CVE-2022-30698 at NVD CVE-2022-30699 at SUSE CVE-2022-30699 at NVD CVE-2022-3204 at SUSE CVE-2022-3204 at NVD CVE-2023-50387 at SUSE CVE-2023-50387 at NVD CVE-2023-50868 at SUSE CVE-2023-50868 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-PyMySQL (Important) openSUSE Leap 15.6 This update for python-PyMySQL fixes the following issues: - CVE-2024-36039: Fixed SQL injection when used with untrusted JSON input (bsc#1225070). Important SUSE bug 1225070 CVE-2024-36039 at SUSE CVE-2024-36039 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-docker (Moderate) openSUSE Leap 15.6 This update for python-docker fixes the following issues: - CVE-2024-35195: Fixed missing certificate verification (bsc#1224788). Moderate SUSE bug 1224788 CVE-2024-35195 at SUSE CVE-2024-35195 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-docker (Moderate) openSUSE Leap 15.6 This update for python-docker fixes the following issues: - CVE-2024-35195: Fix failure with updated python-requests. (bsc#1224788) Moderate SUSE bug 1224788 CVE-2024-35195 at SUSE CVE-2024-35195 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-idna (Moderate) openSUSE Leap 15.6 This update for python-idna fixes the following issues: - CVE-2024-3651: Fixed a denial of service via resource consumption through specially crafted inputs to idna.encode() (bsc#1222842) Moderate SUSE bug 1222842 CVE-2024-3651 at SUSE CVE-2024-3651 at NVD cpe:/o:opensuse:leap:15.6 Security update for sssd (Important) openSUSE Leap 15.6 This update for sssd fixes the following issues: - CVE-2023-3758: Fixed race condition during authorization leads to GPO policies functioning inconsistently (bsc#1223100). The following non-security bugs were fixed: - Use the name from the cached entries when updating them to avoid capitalization problems (bsc#1223050). - Extend sssctl command line tool to manage the cached GPOs; (jsc#PED-7677). Important SUSE bug 1223050 SUSE bug 1223100 CVE-2023-3758 at SUSE CVE-2023-3758 at NVD cpe:/o:opensuse:leap:15.6 Security update for util-linux (Important) openSUSE Leap 15.6 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall to avoid potential account takeover. (bsc#1221831) Important SUSE bug 1218609 SUSE bug 1220117 SUSE bug 1221831 SUSE bug 1223605 CVE-2024-28085 at SUSE CVE-2024-28085 at NVD cpe:/o:opensuse:leap:15.6 Security update for webkit2gtk3 (Important) openSUSE Leap 15.6 This update for webkit2gtk3 fixes the following issues: - Update to version 2.44.2 (bsc#1225071): - CVE-2024-23252: Fixed a vulnerability where processed web content may lead to a denial-of-service. (bsc#1222010) - CVE-2024-23254: Fixed a vulnerability where a malicious website may exfiltrate audio data cross-origin. (bsc#1222010) - CVE-2024-23263: Fixed a vulnerability where processed maliciously crafted web content may prevent Content Security Policy from being enforced. (bsc#1222010) - CVE-2024-23280: Fixed a vulnerability where a maliciously crafted webpage may be able to fingerprint the user. (bsc#1222010) - CVE-2024-23284: Fixed a vulnerability where processed maliciously crafted web content may prevent Content Security Policy from being enforced. (bsc#1222010) - CVE-2023-42950: Fixed a vulnerability where processed maliciously crafted web content may lead to arbitrary code execution. (bsc#1222010) - CVE-2023-42956: Fixed a vulnerability where processed web content may lead to a denial-of-service. (bsc#1222010) - CVE-2023-42843: Fixed a vulnerability where visiting a malicious website may lead to address bar spoofing. (bsc#1222010) - CVE-2024-27834: Fixed a vulnerability where an attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. (bsc#1225071) Important SUSE bug 1222010 SUSE bug 1225071 CVE-2023-42843 at SUSE CVE-2023-42843 at NVD CVE-2023-42950 at SUSE CVE-2023-42950 at NVD CVE-2023-42956 at SUSE CVE-2023-42956 at NVD CVE-2024-23252 at SUSE CVE-2024-23252 at NVD CVE-2024-23254 at SUSE CVE-2024-23254 at NVD CVE-2024-23263 at SUSE CVE-2024-23263 at NVD CVE-2024-23280 at SUSE CVE-2024-23280 at NVD CVE-2024-23284 at SUSE CVE-2024-23284 at NVD CVE-2024-27834 at SUSE CVE-2024-27834 at NVD cpe:/o:opensuse:leap:15.6 Security update for gstreamer-plugins-base (Important) openSUSE Leap 15.6 This update for gstreamer-plugins-base fixes the following issues: - CVE-2024-4453: Fixed lack of proper validation of user-supplied data when parsing EXIF metadata (bsc#1224806) Important SUSE bug 1224806 CVE-2024-4453 at SUSE CVE-2024-4453 at NVD cpe:/o:opensuse:leap:15.6 Security update for glib2 (Moderate) openSUSE Leap 15.6 This update for glib2 fixes the following issues: Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in version 2.78.5: + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. (bsc#1224044) + Bugs fixed: - gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree() due to filename with bad encoding - gcontenttype: Make filename valid utf-8 string before processing. - gdbusconnection: Don't deliver signals if the sender doesn't match. Changes in version 2.78.4: + Bugs fixed: - Fix generated RST anchors for methods, signals and properties. - docs/reference: depend on a native gtk-doc. - gobject_gdb.py: Do not break bt on optimized build. - gregex: clean up usage of _GRegex.jit_status. Moderate SUSE bug 1224044 CVE-2024-34397 at SUSE CVE-2024-34397 at NVD cpe:/o:opensuse:leap:15.6 Security update for squid (Moderate) openSUSE Leap 15.6 This update for squid fixes the following issues: - CVE-2024-33427: Fixed possible buffer overread that could have led to a denial-of-service (bsc#1225417). Moderate SUSE bug 1225417 CVE-2024-33427 at SUSE CVE-2024-33427 at NVD cpe:/o:opensuse:leap:15.6 Security update for libvirt (Moderate) openSUSE Leap 15.6 This update for libvirt fixes the following issues: - CVE-2024-4418: Fixed a stack use-after-free by ensuring temporary GSource is removed from client event loop. (bsc#1223849) Moderate SUSE bug 1222584 SUSE bug 1223849 CVE-2024-4418 at SUSE CVE-2024-4418 at NVD cpe:/o:opensuse:leap:15.6 Security update for apache2 (Important) openSUSE Leap 15.6 This update for apache2 fixes the following issues: - CVE-2023-38709: Fixed HTTP response splitting (bsc#1222330). - CVE-2024-24795: Fixed HTTP response splitting in multiple modules (bsc#1222332). - CVE-2024-27316: Fixed HTTP/2 CONTINUATION frames can be utilized for DoS attacks (bsc#1221401). Important SUSE bug 1221401 SUSE bug 1222330 SUSE bug 1222332 CVE-2023-38709 at SUSE CVE-2023-38709 at NVD CVE-2024-24795 at SUSE CVE-2024-24795 at NVD CVE-2024-27316 at SUSE CVE-2024-27316 at NVD cpe:/o:opensuse:leap:15.6 Security update for aws-nitro-enclaves-cli (Moderate) openSUSE Leap 15.6 This update for aws-nitro-enclaves-cli fixes the following issues: - CVE-2023-50711: Fixed out of bounds memory accesses in embedded vmm-sys-util (bsc#1218501). Moderate SUSE bug 1218501 CVE-2023-50711 at SUSE CVE-2023-50711 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.21 (Moderate) openSUSE Leap 15.6 This update for go1.21 fixes the following issues: go1.21.11 release (bsc#1212475). - CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip (bsc#1225973). - CVE-2024-24790: Fixed unexpected behavior from Is methods for IPv4-mapped IPv6 addresses (bsc#1225974). Moderate SUSE bug 1212475 SUSE bug 1225973 SUSE bug 1225974 CVE-2024-24789 at SUSE CVE-2024-24789 at NVD CVE-2024-24790 at SUSE CVE-2024-24790 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.22 (Moderate) openSUSE Leap 15.6 This update for go1.22 fixes the following issues: go1.21.11 release (bsc#1212475). - CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip (bsc#1225973). - CVE-2024-24790: Fixed unexpected behavior from Is methods for IPv4-mapped IPv6 addresses (bsc#1225974). Moderate SUSE bug 1218424 SUSE bug 1225973 SUSE bug 1225974 CVE-2024-24789 at SUSE CVE-2024-24789 at NVD CVE-2024-24790 at SUSE CVE-2024-24790 at NVD cpe:/o:opensuse:leap:15.6 Security update for frr (Important) openSUSE Leap 15.6 This update for frr fixes the following issues: - CVE-2024-34088: Fixed null pointer via get_edge() function can trigger a denial of service (bsc#1223786). - CVE-2024-31951: Fixed buffer overflow in ospf_te_parse_ext_link (bsc#1222528). - CVE-2024-31950: Fixed buffer overflow and daemon crash in ospf_te_parse_ri (bsc#1222526). Important SUSE bug 1222526 SUSE bug 1222528 SUSE bug 1223786 CVE-2024-31950 at SUSE CVE-2024-31950 at NVD CVE-2024-31951 at SUSE CVE-2024-31951 at NVD CVE-2024-34088 at SUSE CVE-2024-34088 at NVD cpe:/o:opensuse:leap:15.6 Security update for rmt-server (Moderate) openSUSE Leap 15.6 This update for rmt-server fixes the following issues: - Update to version 2.17 - CVE-2024-28103: Fixed Permissions-Policy that was only served on responses with an HTML related Content-Type. (bsc#1225997) Moderate SUSE bug 1203171 SUSE bug 1225997 CVE-2024-28103 at SUSE CVE-2024-28103 at NVD cpe:/o:opensuse:leap:15.6 Security update for iperf (Moderate) openSUSE Leap 15.6 This update for iperf fixes the following issues: - Update to version 3.17.1 - CVE-2024-26306: Fixed a vulnerability that could led to marvin attack if the authentication option is used. (bsc#1224262) Moderate SUSE bug 1224262 CVE-2024-26306 at SUSE CVE-2024-26306 at NVD cpe:/o:opensuse:leap:15.6 Security update for skopeo (Important) openSUSE Leap 15.6 This update for skopeo fixes the following issues: - Update to version 1.14.4: - CVE-2024-3727: Fixed a vulnerability that allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, resource exhaustion, local path traversal and other attacks. (bsc#1224123) Important SUSE bug 1224123 CVE-2024-28180 at SUSE CVE-2024-28180 at NVD CVE-2024-3727 at SUSE CVE-2024-3727 at NVD cpe:/o:opensuse:leap:15.6 Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (Important) openSUSE Leap 15.6 This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: - Bump github.com/containers/image/v5 (bsc#1224119, CVE-2024-3727) - Remove SLE15 SP4 from the distro check (end of general support) - Add LABEL with source URL Important SUSE bug 1224119 CVE-2024-3727 at SUSE CVE-2024-3727 at NVD cpe:/o:opensuse:leap:15.6 Security update for cups (Important) openSUSE Leap 15.6 This update for cups fixes the following issues: - CVE-2024-35235: Fixed a bug in cupsd that could allow an attacker to change the permissions of other files in the system. (bsc#1225365) - Handle local 'Negotiate' authentication response for cli clients (bsc#1223179) Important SUSE bug 1223179 SUSE bug 1225365 CVE-2024-35235 at SUSE CVE-2024-35235 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-scikit-learn (Moderate) openSUSE Leap 15.6 This update for python-scikit-learn fixes the following issues: -CVE-2024-5206: Fixed a possible sensitive data leak in TfidfVectorizer. (bsc#1226185) Moderate SUSE bug 1226185 CVE-2024-5206 at SUSE CVE-2024-5206 at NVD cpe:/o:opensuse:leap:15.6 Security update for podman (Important) openSUSE Leap 15.6 This update for podman fixes the following issues: - Update to version 4.9.5 - CVE-2024-3727: Fixed a flaw that allowed attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. (bsc#1224122) - CVE-2024-24786: Fixed an infinite loop in protojson. (bsc#1226136) Important SUSE bug 1224122 SUSE bug 1226136 CVE-2024-24786 at SUSE CVE-2024-24786 at NVD CVE-2024-3727 at SUSE CVE-2024-3727 at NVD cpe:/o:opensuse:leap:15.6 Security update for mariadb (Moderate) openSUSE Leap 15.6 This update for mariadb fixes the following issues: - CVE-2024-21096: Fixed mysqldump unspecified vulnerability (bsc#1225983). - Update to 10.11.8. Moderate SUSE bug 1225983 CVE-2024-21096 at SUSE CVE-2024-21096 at NVD cpe:/o:opensuse:leap:15.6 Security update for php8 (Important) openSUSE Leap 15.6 This update for php8 fixes the following issues: - CVE-2024-5458: Fixed an issue that allows to bypass filters in filter_var FILTER_VALIDATE_URL. (bsc#1226073) Important SUSE bug 1226073 CVE-2024-5458 at SUSE CVE-2024-5458 at NVD cpe:/o:opensuse:leap:15.6 Security update for booth (Important) openSUSE Leap 15.6 This update for booth fixes the following issues: - CVE-2024-3049: Fixed a vulnerability where a specially crafted hash can lead to invalid HMAC being accepted by Booth server. (bsc#1226032) Important SUSE bug 1226032 CVE-2024-3049 at SUSE CVE-2024-3049 at NVD cpe:/o:opensuse:leap:15.6 Security update for libaom (Important) openSUSE Leap 15.6 This update for libaom fixes the following issues: - CVE-2024-5171: Fixed heap buffer overflow in img_alloc_helper() caused by integer overflow (bsc#1226020). Important SUSE bug 1226020 CVE-2024-5171 at SUSE CVE-2024-5171 at NVD cpe:/o:opensuse:leap:15.6 Security update for openssl-1_1 (Important) openSUSE Leap 15.6 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) Important SUSE bug 1225551 CVE-2024-4741 at SUSE CVE-2024-4741 at NVD cpe:/o:opensuse:leap:15.6 Security update for less (Important) openSUSE Leap 15.6 This update for less fixes the following issues: - CVE-2024-32487: Fixed OS command injection via a newline character in the file name. (bsc#1222849) Important SUSE bug 1222849 CVE-2024-32487 at SUSE CVE-2024-32487 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaFirefox (Important) openSUSE Leap 15.6 This update for MozillaFirefox fixes the following issues: - Update to version 115.12.0 ESR (bsc#1226027) - CVE-2024-5702: Use-after-free in networking - CVE-2024-5688: Use-after-free in JavaScript object transplant - CVE-2024-5690: External protocol handlers leaked by timing attack - CVE-2024-5691: Sandboxed iframes were able to bypass sandbox restrictions to open a new window - CVE-2024-5692: Bypass of file name restrictions during saving - CVE-2024-5693: Cross-Origin Image leak via Offscreen Canvas - CVE-2024-5696: Memory Corruption in Text Fragments - CVE-2024-5700: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 Important SUSE bug 1226027 CVE-2024-5688 at SUSE CVE-2024-5688 at NVD CVE-2024-5690 at SUSE CVE-2024-5690 at NVD CVE-2024-5691 at SUSE CVE-2024-5691 at NVD CVE-2024-5692 at SUSE CVE-2024-5692 at NVD CVE-2024-5693 at SUSE CVE-2024-5693 at NVD CVE-2024-5696 at SUSE CVE-2024-5696 at NVD CVE-2024-5700 at SUSE CVE-2024-5700 at NVD CVE-2024-5702 at SUSE CVE-2024-5702 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Authlib (Important) openSUSE Leap 15.6 This update for python-Authlib fixes the following issues: - Update to version 1.3.1 - CVE-2024-37568: Fixed algorithm confusion with asymmetric public keys. (bsc#1226138) Important SUSE bug 1226138 CVE-2024-37568 at SUSE CVE-2024-37568 at NVD cpe:/o:opensuse:leap:15.6 Security update for openssl-3 (Important) openSUSE Leap 15.6 This update for openssl-3 fixes the following issues: Security issues fixed: - CVE-2024-4603: Check DSA parameters for excessive sizes before validating (bsc#1224388) - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) Other issues fixed: - Enable livepatching support (bsc#1223428) - Fix HDKF key derivation (bsc#1225291, gh#openssl/openssl#23448, + gh#openssl/openssl#23456) Important SUSE bug 1223428 SUSE bug 1224388 SUSE bug 1225291 SUSE bug 1225551 CVE-2024-4603 at SUSE CVE-2024-4603 at NVD CVE-2024-4741 at SUSE CVE-2024-4741 at NVD cpe:/o:opensuse:leap:15.6 Security update for xdg-desktop-portal (Important) openSUSE Leap 15.6 This update for xdg-desktop-portal fixes the following issues: - CVE-2024-32462: Fix arbitrary code execution outside bwrap sandbox by checking that the first commandline item doesn't start with whitespaces or a hyphen. (bsc#1223110) Important SUSE bug 1223110 CVE-2024-32462 at SUSE CVE-2024-32462 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaThunderbird (Important) openSUSE Leap 15.6 This update for MozillaThunderbird fixes the following issues: - Update to version 115.12.0 ESR (bsc#1226027) - CVE-2024-5702: Use-after-free in networking - CVE-2024-5688: Use-after-free in JavaScript object transplant - CVE-2024-5690: External protocol handlers leaked by timing attack - CVE-2024-5691: Sandboxed iframes were able to bypass sandbox restrictions to open a new window - CVE-2024-5692: Bypass of file name restrictions during saving - CVE-2024-5693: Cross-Origin Image leak via Offscreen Canvas - CVE-2024-5696: Memory Corruption in Text Fragments - CVE-2024-5700: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 Important SUSE bug 1226027 CVE-2024-5688 at SUSE CVE-2024-5688 at NVD CVE-2024-5690 at SUSE CVE-2024-5690 at NVD CVE-2024-5691 at SUSE CVE-2024-5691 at NVD CVE-2024-5692 at SUSE CVE-2024-5692 at NVD CVE-2024-5693 at SUSE CVE-2024-5693 at NVD CVE-2024-5696 at SUSE CVE-2024-5696 at NVD CVE-2024-5700 at SUSE CVE-2024-5700 at NVD CVE-2024-5702 at SUSE CVE-2024-5702 at NVD cpe:/o:opensuse:leap:15.6 Security update for gdk-pixbuf (Important) openSUSE Leap 15.6 This update for gdk-pixbuf fixes the following issues: gdk-pixbuf was updated to version 2.42.12: - Security issues fixed: * CVE-2022-48622: Fixed vulnerability where a crafted .ani file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack to a denial of service or code execution attack (bsc#1219276) - Changes in version 2.42.12: + ani: Reject files with multiple INA or IART chunks, + ani: validate chunk size, + Updated translations. - Enable other image loaders such as xpm and xbm (bsc#1223903) - Changes in version 2.42.11: + Disable fringe loaders by default. + Introspection fixes. + Updated translations. - Changes in version 2.42.10: + Search for rst2man.py. + Update the memory size limit for JPEG images. + Updated translations. - Fixed loading of larger images - Avoid Bash specific syntax in baselibs postscript (bsc#1195391) Important SUSE bug 1195391 SUSE bug 1219276 SUSE bug 1223903 CVE-2022-48622 at SUSE CVE-2022-48622 at NVD cpe:/o:opensuse:leap:15.6 Feature update for rabbitmq-server313, erlang26, elixir115 (Important) openSUSE Leap 15.6 This update for rabbitmq-server313, erlang26, elixir115 fixes the following issues: rabbitmq-server was implemented with a parallel versioned RPM package at version 3.13.1 (jsc#PED-8414): - Security issues fixed: * CVE-2021-22116: Fixed improper input validation that may lead to Denial of Sercice (DoS) attacks (bsc#1186203) * CVE-2021-32718, CVE-2021-32719: Fixed potential for JavaScript code execution in the management UI (bsc#1187818, bsc#1187819) * CVE-2022-31008: Fixed encryption key used to encrypt the URI was seeded with a predictable secret (bsc#1205267) * CVE-2023-46118: Fixed HTTP API vulnerability for denial of service (DoS) attacks with very large messages (bsc#1216582) - Other bugs fixed: * Fixed RabbitMQ maintenance status issue (bsc#1199431) * Provide user/group for RPM 4.19 (bsc#1219532) * Fixed `rabbitmqctl` command for `add_user` (bsc#1222591) * Added hardening to systemd service(s) (bsc#1181400) * Use /run instead of deprecated /var/run in tmpfiles.conf (bsc#1185075) - For the full list of upstream changes of this update between version 3.8.11 and 3.13.1 please consult: * https://www.rabbitmq.com/release-information erlang26: - Provide RPM package as it's a dependency of rabbitmq-server313 (jsc#PED-8414) elixir115: - Provide RPM package as needed in some cases by rabbitmq-server313 (jsc#PED-8414) Important SUSE bug 1181400 SUSE bug 1185075 SUSE bug 1186203 SUSE bug 1187818 SUSE bug 1187819 SUSE bug 1199431 SUSE bug 1205267 SUSE bug 1216582 SUSE bug 1219532 SUSE bug 1222591 CVE-2021-22116 at SUSE CVE-2021-22116 at NVD CVE-2021-32718 at SUSE CVE-2021-32718 at NVD CVE-2021-32719 at SUSE CVE-2021-32719 at NVD CVE-2022-31008 at SUSE CVE-2022-31008 at NVD CVE-2023-46118 at SUSE CVE-2023-46118 at NVD cpe:/o:opensuse:leap:15.6 Security update for libarchive (Important) openSUSE Leap 15.6 This update for libarchive fixes the following issues: - CVE-2024-20697: Fixed Out of bounds Remote Code Execution Vulnerability (bsc#1225972). - CVE-2024-20696: Fixed heap based out-of-bounds write (bsc#1225971). Important SUSE bug 1225971 SUSE bug 1225972 CVE-2024-20696 at SUSE CVE-2024-20696 at NVD CVE-2024-20697 at SUSE CVE-2024-20697 at NVD cpe:/o:opensuse:leap:15.6 Security update for php-composer2 (Important) openSUSE Leap 15.6 This update for php-composer2 fixes the following issues: - CVE-2024-35241: Fixed code execution when installing packages in repository with specially crafted branch names (bsc#1226181). - CVE-2024-35242: Fixed command injection via specially crafted branch names during repository cloning (bsc#1226182). Important SUSE bug 1226181 SUSE bug 1226182 CVE-2024-35241 at SUSE CVE-2024-35241 at NVD CVE-2024-35242 at SUSE CVE-2024-35242 at NVD cpe:/o:opensuse:leap:15.6 Security update for containerd (Important) openSUSE Leap 15.6 This update for containerd fixes the following issues: Update to containerd v1.7.17. - CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request (bsc#1221400). - Fixed /sys/devices/virtual/powercap accessibility by default containers to mitigate power-based side channel attacks (bsc#1224323). Important SUSE bug 1221400 SUSE bug 1224323 CVE-2023-45288 at SUSE CVE-2023-45288 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170). - CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721). - CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111). - CVE-2024-26673: Fixed netfilter/nft_ct layer 3 and 4 protocol sanitization (bsc#1222368). - CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657). - CVE-2024-26993: Fixed fs/sysfs reference leak in sysfs_break_active_protection() (bsc#1223693). - CVE-2024-27013: Fixed tun limit printing rate when illegal packet received by tun device (bsc#1223745). - CVE-2024-27014: Fixed net/mlx5e to prevent deadlock while disabling aRFS (bsc#1223735). - CVE-2024-26948: Fixed drm/amd/display by adding dc_state NULL check in dc_state_release (bsc#1223664). - CVE-2024-27056: Fixed wifi/iwlwifi/mvm to ensure offloading TID queue exists (bsc#1223822). - CVE-2024-26960: Fixed mm/swap race between free_swap_and_cache() and swapoff() (bsc#1223655). - CVE-2023-52652: Fixed NTB for possible name leak in ntb_register_device() (bsc#1223686). - CVE-2024-23848: Fixed media/cec for possible use-after-free in cec_queue_msg_fh (bsc#1219104). - CVE-2024-26982: Fixed Squashfs inode number check not to be an invalid value of zero (bsc#1223634). - CVE-2024-26878: Fixed quota for potential NULL pointer dereference (bsc#1223060). - CVE-2024-26901: Fixed do_sys_name_to_handle() to use kzalloc() to prevent kernel-infoleak (bsc#1223198). - CVE-2024-26671: Fixed blk-mq IO hang from sbitmap wakeup race (bsc#1222357). - CVE-2024-26772: Fixed ext4 to avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (bsc#1222613). - CVE-2024-26906: Disallowed vsyscall page read for copy_from_kernel_nofault() (bsc#1223202). - CVE-2024-26816: Ignore relocations in .notes section when building with CONFIG_XEN_PV=y (bsc#1222624). - CVE-2024-26783: Fixed mm/vmscan bug when calling wakeup_kswapd() with a wrong zone index (bsc#1222615). - CVE-2024-26883: Fixed bpf stackmap overflow check on 32-bit arches (bsc#1223035). - CVE-2024-26884: Fixed bpf hashtab overflow check on 32-bit arches (bsc#1223189). - CVE-2024-26885: Fixed bpf DEVMAP_HASH overflow check on 32-bit arches (bsc#1223190). - CVE-2024-26882: Fixed net/ip_tunnel to make sure to pull inner header in ip_tunnel_rcv() (bsc#1223034). - CVE-2023-52645: Fixed pmdomain/mediatek race conditions with genpd (bsc#1223033). - CVE-2024-26836: Fixed platform/x86/think-lmi password opcode ordering for workstations (bsc#1222968). - CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342). - CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found() (bsc#1222618). - CVE-2024-26807: Fixed spi/cadence-qspi NULL pointer reference in runtime PM hooks (bsc#1222801). - CVE-2024-26737: Fixed selftests/bpf racing between bpf_timer_cancel_and_free and bpf_timer_cancel (bsc#1222557). - CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585). - CVE-2024-26684: Fixed net/stmmac/xgmac handling of DPP safety error for DMA channels (bsc#1222445). - CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422). - CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044). - CVE-2023-52503: Fixed tee/amdtee use-after-free vulnerability in amdtee_close_session (bsc#1220915). - CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830). - CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293). - CVE-2024-25739: Fixed possible crash in create_empty_lvol() in drivers/mtd/ubi/vtbl.c (bsc#1219834). - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562). - CVE-2024-36030: Fix the double free in rvu_npc_freemem() (bsc#1225712) - CVE-2023-52698: Fix memory leak in netlbl_calipso_add_pass() (bsc#1224621) - CVE-2024-26860: Fix a memory leak when rechecking the data (bsc#1223077). - CVE-2023-52772: Fix use-after-free in unix_stream_read_actor() (bsc#1224989). - CVE-2024-27431: Zero-initialise xdp_rxq_info struct before running XDP program (bsc#1224718). - CVE-2024-35860: Support deferring bpf_link dealloc to after RCU grace period BPF link for some program types (bsc#1224531). - CVE-2024-35964: Fix not validating setsockopt user input Check user input length before copying data (bsc#1224581). - CVE-2023-0160: Prevent lock inversion deadlock in map delete elem (bsc#1209657). - CVE-2024-35903: Fix IP after emitting call depth accounting Adjust the IP passed to `emit_patch` so it calculates the correct offset for the CALL instruction if `x86_call_depth_emit_accounting` emits code (bsc#1224493). - CVE-2024-35931: Skip do PCI error slot reset during RAS recovery (bsc#1224652). - CVE-2024-35877: Fix VM_PAT handling in COW mappings (bsc#1224525). - CVE-2024-35969: Fix race condition between ipv6_get_ifaddr and ipv6_del_addr (bsc#1224580) - CVE-2024-35852: Fix memory leak when canceling rehash work The rehash delayed work is rescheduled with a delay if the number of credits at end of the work is not negative as supposedly it means that the migration ended (bsc#1224502). - CVE-2024-36006: Fix incorrect list API usage (bsc#1224541). - CVE-2024-36007: Fix warning during rehash (bsc#1224543). - CVE-2024-35872: Fix GUP-fast succeeding on secretmem folios (bsc#1224530). - CVE-2024-35956: Fix qgroup prealloc rsv leak in subvolume operations (bsc#1224674) - CVE-2023-52771: Fix delete_endpoint() vs parent unregistration race (bsc#1225007). - CVE-2024-27408: Add sync read before starting the DMA transfer in remote setup (bsc#1224430). - CVE-2024-35943: Add a null pointer check to the omap_prm_domain_init devm_kasprintf()returns a pointer to dynamically allocated memory which can be NULL upon failure (bsc#1224649). - CVE-2024-35921: Fix oops when HEVC init fails (bsc#1224477). - CVE-2023-52860: Use cpuhp_state_remove_instance_nocalls() for hisi_hns3_pmu uninit process (bsc#1224936). - CVE-2024-35991: kABI workaround for struct idxd_evl (bsc#1224553). - CVE-2024-35854: Fix possible use-after-free during rehash (bsc#1224636). - CVE-2024-27418: Take ownership of skb in mctp_local_output (bsc#1224720) - CVE-2024-27417: Fix potential 'struct net' leak in inet6_rtm_getaddr() (bsc#1224721). - CVE-2024-35905: Protect against int overflow for stack access size (bsc#1224488). - CVE-2024-35917: Fix bpf_plt pointer arithmetic (bsc#1224481). - CVE-2023-52674: Add clamp() in scarlett2_mixer_ctl_put() to nsure the value passed to scarlett2_mixer_ctl_put() is between 0 and SCARLETT2_MIXER_MAX_VALUE so we don't attempt to access outside scarlett2_mixer_values[] (bsc#1224727). - CVE-2023-52680: Add missing error checks to *_ctl_get() because the *_ctl_get() functions which call scarlett2_update_*() were not checking the return value (bsc#1224608). - CVE-2023-52692: Add missing error check to scarlett2_usb_set_config() scarlett2_usb_set_config() calls scarlett2_usb_get() but was not checking the result (bsc#1224628). - CVE-2024-35944: Fix memcpy() run-time warning in dg_dispatch_as_host() Syzkaller hit 'WARNING in dg_dispatch_as_host' bug (bsc#1224648). - CVE-2024-26923: Suppress false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384). - CVE-2023-52659: Ensure input to pfn_to_kaddr() is treated as a 64-bit type (bsc#1224442). - CVE-2024-21823: Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may have allowed an authorized user to potentially enable denial of service via local access (bsc#1223625). - CVE-2024-26828: Fix underflow in parse_server_interfaces() (bsc#1223084). - CVE-2024-27395: Fix Use-After-Free in ovs_ct_exit Since kfree_rcu (bsc#1224098). - CVE-2023-52483: Perform route lookups under a RCU read-side lock (bsc#1220738). - CVE-2024-27396: Fix Use-After-Free in gtp_dellink (bsc#1224096). - CVE-2024-26632: Fix iterating over an empty bio with bio_for_each_folio_all (bsc#1221635). - CVE-2024-27401: Ensure that packet_buffer_get respects the user_length provided. (bsc#1224181). - CVE-2024-26775: Avoid potential deadlock at set_capacity (bsc#1222627). - CVE-2024-26958: Fix UAF in direct writes (bsc#1223653). - CVE-2024-26643: Mark set as dead when unbinding anonymous set with timeout While the rhashtable set gc runs asynchronously, a race allowed it to collect elements from anonymous sets with timeouts while it is being released from the commit path. (bsc#1221829). - CVE-2023-52618: Check for unlikely string overflow (bsc#1221615). - CVE-2023-6238: Only privileged user could specify a small meta buffer and let the device perform larger Direct Memory Access (DMA) into the same buffer, overwriting unrelated kernel memory, causing random kernel crashes and memory corruption (bsc#1217384). - CVE-2024-26946: Use copy_from_kernel_nofault() to read from unsafe address Read from an unsafe address with copy_from_kernel_nofault() in arch_adjust_kprobe_addr() because this function is used before checking the address is in text or not (bsc#1223669). - CVE-2024-26945: Fix nr_cpus nr_iaa case If nr_cpus nr_iaa, the calculated cpus_per_iaa will be 0, which causes a divide-by-0 in rebalance_wq_table() (bsc#1223732). - CVE-2024-26679: Read sk->sk_family once in inet_recv_error() inet_recv_error() is called without holding the socket lock. IPv6 socket could mutate to IPv4 with IPV6_ADDRFORM socket option and trigger a KCSAN warning (bsc#1222385). - CVE-2024-26791: Properly validate device names (bsc#1222793) - CVE-2023-52641: Add NULL ptr dereference checking at the end of attr_allocate_frame() (bsc#1222303) - CVE-2024-26726: Do not drop extent_map for free space inode on write error (bsc#1222532) - CVE-2024-27022: Defer linking file vma until vma is fully initialized (bsc#1223774). - CVE-2024-26899: Fix deadlock between bd_link_disk_holder and partition scan (bsc#1223045). - CVE-2024-26638: Always initialize struct msghdr completely (bsc#1221649). - CVE-2024-26909: Fix drm bridge use-after-free A recent DRM series purporting to simplify support (bsc#1223143). - CVE-2024-26674: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups (bsc#1222378). - CVE-2024-26832: Fix missing folio cleanup in writeback race path (bsc#1223007). - CVE-2024-26844: Fix WARNING in _copy_from_iter (bsc#1223015). - CVE-2024-26774: Avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt (bsc#1222622). - CVE-2024-26815: Properly check TCA_TAPRIO_TC_ENTRY_INDEX (bsc#1222635). - cve-2024-267600: Fix bio_put() for error case (bsc#1222596). - CVE-2024-26731: Fix NULL pointer dereference in sk_psock_verdict_data_ready() (bsc#1222371). - CVE-2024-26740: Use the backlog for mirred ingress (bsc#1222563). - CVE-2023-52640: Fix oob in ntfs_listxattr The length of name cannot exceed the space occupied by ea (bsc#1222301). - CVE-2023-52631: Fix a NULL dereference bug (bsc#1222264). - CVE-2023-52458: Add check that partition length needs to be aligned with block size (bsc#1220428). - CVE-2023-6270: Fix the potential use-after-free problem in aoecmd_cfg_pkts (bsc#1218562). - CVE-2024-26805: Fix kernel-infoleak-after-free in __skb_datagram_iter (bsc#1222630). - CVE-2024-26991: Do not overflow lpage_info when checking attributes (bsc#1223695). - CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138). - CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path (bsc#1223390). - CVE-2024-26822: Set correct id, uid and cruid for multiuser automounts (bsc#1223011). - CVE-2023-52434: Fixed potential OOBs in smb2_parse_contexts() (bsc#1220148). - CVE-2024-26928: Fixed potential UAF in cifs_debug_files_proc_show() (bsc#1223532). - CVE-2024-35999: Fixed missing lock when picking channel (bsc#1224550). - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766). - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764). - CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763). - CVE-2024-35865: Fixed potential UAF in smb2_is_valid_oplock_break() (bsc#1224668). - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765). - CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1224664). - CVE-2024-35868: Fixed potential UAF in cifs_stats_proc_write() (bsc#1224678). - CVE-2024-35866: Fixed potential UAF in cifs_dump_full_key() (bsc#1224667). - CVE-2024-35869: Guarantee refcounted children from parent session (bsc#1224679). - CVE-2024-35870: Fixed UAF in smb2_reconnect_server() (bsc#1224672). - CVE-2024-26692: Fixed regression in writes when non-standard maximum write size negotiated (bsc#1222464). - CVE-2024-27036: Fixed writeback data corruption (bsc#1223810). The following non-security bugs were fixed: - 9p: add missing locking around taking dentry fid list (git-fixes) - ACPI: CPPC: Fix access width used for PCC registers (git-fixes). - ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro (git-fixes). - ACPI: CPPC: Use access_width over bit_width for system memory accesses (stable-fixes). - ACPI: Fix Generic Initiator Affinity _OSC bit (git-fixes). - ACPI: LPSS: Advertise number of chip selects via property (git-fixes). - ACPI: bus: Indicate support for IRQ ResourceSource thru _OSC (git-fixes). - ACPI: bus: Indicate support for _TFP thru _OSC (git-fixes). - ACPI: bus: Indicate support for the Generic Event Device thru _OSC (git-fixes). - ACPI: disable -Wstringop-truncation (git-fixes). - ACPI: resource: Add Infinity laptops to irq1_edge_low_force_override (stable-fixes). - ACPI: resource: Do IRQ override on Lunnen Ground laptops (stable-fixes). - ACPI: scan: Do not increase dep_unmet for already met dependencies (git-fixes). - ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 (bsc#1217750). - ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS (stable-fixes). - ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() (git-fixes). - ALSA/hda: intel-dsp-config: reduce log verbosity (git-fixes). - ALSA: Fix deadlocks with kctl removals at disconnection (stable-fixes). - ALSA: aoa: avoid false-positive format truncation warning (git-fixes). - ALSA: core: Fix NULL module pointer assignment at card init (git-fixes). - ALSA: core: Remove debugfs at disconnection (git-fixes). - ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter (stable-fixes). - ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup (git-fixes). - ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC (stable-fixes). - ALSA: hda/realtek - Fix inactive headset mic jack (stable-fixes). - ALSA: hda/realtek - Set GPIO3 to default at S4 state for Thinkpad with ALC1318 (stable-fixes). - ALSA: hda/realtek - fixed headset Mic not show (stable-fixes). - ALSA: hda/realtek: Add quirk for HP SnowWhite laptops (stable-fixes). - ALSA: hda/realtek: Add quirk for HP Spectre x360 14 eu0000 (stable-fixes). - ALSA: hda/realtek: Add quirks for ASUS Laptops using CS35L56 (stable-fixes). - ALSA: hda/realtek: Add quirks for HP Omen models using CS35L41 (stable-fixes). - ALSA: hda/realtek: Add quirks for Huawei Matebook D14 NBLB-WAX9N (stable-fixes). - ALSA: hda/realtek: Add quirks for Lenovo 13X (stable-fixes). - ALSA: hda/realtek: Add quirks for some Clevo laptops (stable-fixes). - ALSA: hda/realtek: Add sound quirks for Lenovo Legion slim 7 16ARHA7 models (stable-fixes). - ALSA: hda/realtek: Add support for ASUS Zenbook 2024 HN7306W (stable-fixes). - ALSA: hda/realtek: Adjust G814JZR to use SPI init for amp (git-fixes). - ALSA: hda/realtek: Drop doubly quirk entry for 103c:8a2e (git-fixes). - ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 (stable-fixes). - ALSA: hda/realtek: Fix build error without CONFIG_PM (stable-fixes). - ALSA: hda/realtek: Fix conflicting PCI SSID 17aa:386f for Lenovo Legion models (bsc#1223462). - ALSA: hda/realtek: Fix internal speakers for Legion Y9000X 2022 IAH7 (stable-fixes). - ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU (stable-fixes). - ALSA: hda/realtek: Fix volumn control of ThinkBook 16P Gen4 (git-fixes). - ALSA: hda/realtek: Fixes for Asus GU605M and GA403U sound (stable-fixes). - ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone (git-fixes). - ALSA: hda/realtek: cs35l41: Support ASUS ROG G634JYR (stable-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for ProBook 440/460 G11 (stable-fixes). - ALSA: hda/realtek: fix the hp playback volume issue for LG machines (stable-fixes). - ALSA: hda/tas2781: Add new vendor_id and subsystem_id to support ThinkPad ICE-1 (stable-fixes). - ALSA: hda/tas2781: add locks to kcontrols (git-fixes). - ALSA: hda/tas2781: correct the register for pow calibrated data (git-fixes). - ALSA: hda/tas2781: remove digital gain kcontrol (git-fixes). - ALSA: hda: Add Intel BMG PCI ID and HDMI codec vid (stable-fixes). - ALSA: hda: clarify Copyright information (stable-fixes). - ALSA: hda: cs35l41: Add support for ASUS ROG 2024 Laptops (stable-fixes). - ALSA: hda: cs35l41: Ignore errors when configuring IRQs (stable-fixes). - ALSA: hda: cs35l41: Remove Speaker ID for Lenovo Legion slim 7 16ARHA7 (git-fixes). - ALSA: hda: cs35l41: Remove redundant argument to cs35l41_request_firmware_file() (stable-fixes). - ALSA: hda: cs35l41: Set the max PCM Gain using tuning setting (stable-fixes). - ALSA: hda: cs35l41: Support HP Omen models without _DSD (stable-fixes). - ALSA: hda: cs35l41: Support Lenovo 13X laptop without _DSD (stable-fixes). - ALSA: hda: cs35l41: Update DSP1RX5/6 Sources for DSP config (stable-fixes). - ALSA: hda: cs35l56: Add ACPI device match tables (git-fixes). - ALSA: hda: cs35l56: Exit cache-only after cs35l56_wait_for_firmware_boot() (stable-fixes). - ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance (git-fixes). - ALSA: hda: cs35l56: Set the init_done flag before component_add() (git-fixes). - ALSA: hda: hda_cs_dsp_ctl: Remove notification of driver write (stable-fixes). - ALSA: hda: intel-dsp-config: harden I2C/I2S codec detection (stable-fixes). - ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() (git-fixes). - ALSA: line6: Zero-initialize message buffers (stable-fixes). - ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support (stable-fixes). - ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support (stable-fixes). - ALSA: scarlett2: Add correct product series name to messages (stable-fixes). - ALSA: scarlett2: Add missing error check to scarlett2_config_save() (git-fixes). - ALSA: scarlett2: Add support for Clarett 8Pre USB (stable-fixes). - ALSA: scarlett2: Default mixer driver to enabled (stable-fixes). - ALSA: scarlett2: Move USB IDs out from device_info struct (stable-fixes). - ALSA: seq: Do not clear bank selection at event -> UMP MIDI2 conversion (git-fixes). - ALSA: seq: Fix incorrect UMP type for system messages (git-fixes). - ALSA: seq: Fix missing bank setup between MIDI1/MIDI2 UMP conversion (git-fixes). - ALSA: seq: Fix yet another spot for system message conversion (git-fixes). - ALSA: seq: ump: Fix conversion from MIDI2 to MIDI1 UMP messages (git-fixes). - ALSA: seq: ump: Fix swapped song position pointer data (git-fixes). - ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs (git-fixes). - ALSA: timer: Set lower bound of start tick time (stable-fixes). - ALSA: ump: Do not accept an invalid UMP protocol number (git-fixes). - ALSA: ump: Do not clear bank selection after sending a program change (git-fixes). - ALSA: ump: Set default protocol when not given explicitly (git-fixes). - ALSA: usb-audio: Add sampling rates support for Mbox3 (stable-fixes). - ALSA: usb-audio: Fix for sampling rates support for Mbox3 (stable-fixes). - ARM: 9381/1: kasan: clear stale stack poison (git-fixes). - ARM: OMAP2+: fix N810 MMC gpiod table (git-fixes). - ARM: OMAP2+: fix USB regression on Nokia N8x0 (git-fixes). - ARM: imx: Check return value of devm_kasprintf in imx_mmdc_perf_init (git-fixes). - ARM: imx_v6_v7_defconfig: Restore CONFIG_BACKLIGHT_CLASS_DEVICE (git-fixes). - ARM: prctl: reject PR_SET_MDWE on pre-ARMv6 (stable-fixes). - ARM: s5pv210: fix pm.c kernel-doc warning (git-fixes). - ASoC: Intel: Disable route checks for Skylake boards (git-fixes). - ASoC: Intel: avs: Fix ASRC module initialization (git-fixes). - ASoC: Intel: avs: Fix potential integer overflow (git-fixes). - ASoC: Intel: avs: Populate board selection with new I2S entries (stable-fixes). - ASoC: Intel: avs: Set name of control as in topology (git-fixes). - ASoC: Intel: avs: Test result of avs_get_module_entry() (git-fixes). - ASoC: Intel: avs: ssm4567: Do not ignore route checks (git-fixes). - ASoC: Intel: bytcr_rt5640: Apply Asus T100TA quirk to Asus T100TAM too (git-fixes). - ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops (stable-fixes). - ASoC: SOF: Intel: add default firmware library path for LNL (git-fixes). - ASoC: SOF: Intel: hda-dsp: Skip IMR boot on ACE platforms in case of S3 suspend (stable-fixes). - ASoC: SOF: Intel: lnl: Correct rom_status_reg (git-fixes). - ASoC: SOF: Intel: mtl: Correct rom_status_reg (git-fixes). - ASoC: SOF: Intel: mtl: Disable interrupts when firmware boot failed (git-fixes). - ASoC: SOF: Intel: mtl: Implement firmware boot state check (git-fixes). - ASoC: SOF: Intel: mtl: call dsp dump when boot retry fails (stable-fixes). - ASoC: SOF: amd: Optimize quirk for Valve Galileo (stable-fixes). - ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend (stable-fixes). - ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension (git-fixes). - ASoC: acp: Support microphone from device Acer 315-24p (git-fixes). - ASoC: amd: acp: fix for acp_init function error handling (git-fixes). - ASoC: amd: yc: Add Lenovo ThinkBook 21J0 into DMI quirk table (stable-fixes). - ASoC: amd: yc: Fix non-functional mic on ASUS M7600RE (stable-fixes). - ASoC: amd: yc: Fix non-functional mic on Lenovo 21J2 (stable-fixes). - ASoC: amd: yc: Revert 'Fix non-functional mic on Lenovo 21J2' (stable-fixes). - ASoC: codecs: wsa881x: set clk_stop_mode1 flag (git-fixes). - ASoC: cs35l41: Update DSP1RX5/6 Sources for DSP config (git-fixes). - ASoC: cs35l56: Fix unintended bus access while resetting amp (git-fixes). - ASoC: cs35l56: Prevent overwriting firmware ASP config (git-fixes). - ASoC: da7219-aad: fix usage of device_get_named_child_node() (git-fixes). - ASoC: kirkwood: Fix potential NULL dereference (git-fixes). - ASoC: mediatek: Assign dummy when codec not specified for a DAI link (git-fixes). - ASoC: mediatek: mt8192: fix register configuration for tdm (git-fixes). - ASoC: meson: axg-card: make links nonatomic (git-fixes). - ASoC: meson: axg-fifo: use FIELD helpers (stable-fixes). - ASoC: meson: axg-fifo: use threaded irq to check periods (git-fixes). - ASoC: meson: axg-tdm-interface: manage formatters in trigger (git-fixes). - ASoC: meson: cards: select SND_DYNAMIC_MINORS (git-fixes). - ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw (git-fixes). - ASoC: rockchip: i2s-tdm: Fix inaccurate sampling rates (git-fixes). - ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating (git-fixes). - ASoC: rt5645: Make LattePanda board DMI match more precise (stable-fixes). - ASoC: rt5682-sdw: fix locking sequence (git-fixes). - ASoC: rt711-sdca: fix locking sequence (git-fixes). - ASoC: rt711-sdw: fix locking sequence (git-fixes). - ASoC: rt712-sdca-sdw: fix locking sequence (git-fixes). - ASoC: rt715-sdca: volume step modification (git-fixes). - ASoC: rt715: add vendor clear control register (git-fixes). - ASoC: rt722-sdca-sdw: fix locking sequence (git-fixes). - ASoC: rt722-sdca: add headset microphone vrefo setting (git-fixes). - ASoC: rt722-sdca: modify channel number to support 4 channels (git-fixes). - ASoC: soc-core.c: Skip dummy codec when adding platforms (stable-fixes). - ASoC: tas2552: Add TX path for capturing AUDIO-OUT data (git-fixes). - ASoC: tas2781: Fix a warning reported by robot kernel test (git-fixes). - ASoC: tas2781: Fix wrong loading calibrated data sequence (git-fixes). - ASoC: tas2781: mark dvc_tlv with __maybe_unused (git-fixes). - ASoC: tegra: Fix DSPK 16-bit playback (git-fixes). - ASoC: ti: Convert Pandora ASoC to GPIO descriptors (stable-fixes). - ASoC: ti: davinci-mcasp: Fix race condition during probe (git-fixes). - ASoC: tlv320adc3xxx: Do not strip remove function when driver is builtin (git-fixes). - ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (git-fixes). - ASoC: wm_adsp: Add missing MODULE_DESCRIPTION() (git-fixes). - ASoC: wm_adsp: Fix missing mutex_lock in wm_adsp_write_ctl() (git-fixes). - Add alt-commit to a nouveau patch - Add cherry-picked id to amdgpu patch - Add cherry-picked id to amdgpu patch (git-fixes) - Add cherry-picked patch references to amdgpu patches - Add reference to L3 bsc#1225765 in BPF control flow graph and precision backtrack fixes (bsc#1225756) The L3 bsc#1225765 was created seperately since our customer requires PTF. - Bluetooth: Add new quirk for broken read key length on ATS2851 (stable-fixes). - Bluetooth: Fix TOCTOU in HCI debugfs implementation (git-fixes). - Bluetooth: Fix memory leak in hci_req_sync_complete() (git-fixes). - Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() (stable-fixes). - Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout (git-fixes). - Bluetooth: HCI: Fix potential null-ptr-deref (git-fixes). - Bluetooth: ISO: Align broadcast sync_timeout with connection timeout (stable-fixes). - Bluetooth: ISO: Do not reject BT_ISO_QOS if parameters are unset (git-fixes). - Bluetooth: L2CAP: Fix not validating setsockopt user input (git-fixes). - Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect() (git-fixes). - Bluetooth: MGMT: Fix failing to MGMT_OP_ADD_UUID/MGMT_OP_REMOVE_UUID (bsc#1221504). - Bluetooth: RFCOMM: Fix not validating setsockopt user input (git-fixes). - Bluetooth: SCO: Fix not validating setsockopt user input (git-fixes). - Bluetooth: add quirk for broken address properties (git-fixes). - Bluetooth: btintel: Fix null ptr deref in btintel_read_version (stable-fixes). - Bluetooth: btintel: Fixe build regression (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 (stable-fixes). - Bluetooth: btusb: Fix triggering coredump implementation for QCA (git-fixes). - Bluetooth: hci_core: Cancel request on command timeout (stable-fixes). - Bluetooth: hci_event: Fix sending HCI_OP_READ_ENC_KEY_SIZE (git-fixes). - Bluetooth: hci_event: set the conn encrypted before conn establishes (stable-fixes). - Bluetooth: hci_sock: Fix not validating setsockopt user input (git-fixes). - Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync (git-fixes). - Bluetooth: hci_sync: Fix using the same interval and window for Coded PHY (git-fixes). - Bluetooth: hci_sync: Use QoS to determine which PHY to scan (stable-fixes). - Bluetooth: l2cap: Do not double set the HCI_CONN_MGMT_CONNECTED bit (git-fixes). - Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (git-fixes). - Bluetooth: mgmt: Fix limited discoverable off timeout (stable-fixes). - Bluetooth: msft: fix slab-use-after-free in msft_do_close() (git-fixes). - Bluetooth: qca: Fix error code in qca_read_fw_build_info() (git-fixes). - Bluetooth: qca: add missing firmware sanity checks (git-fixes). - Bluetooth: qca: fix NULL-deref on non-serdev setup (git-fixes). - Bluetooth: qca: fix NULL-deref on non-serdev suspend (git-fixes). - Bluetooth: qca: fix NVM configuration parsing (git-fixes). - Bluetooth: qca: fix device-address endianness (git-fixes). - Bluetooth: qca: fix firmware check error path (git-fixes). - Bluetooth: qca: fix info leak when fetching fw build id (git-fixes). - Delete patches.suse/btrfs-qgroup-fix-qgroup-prealloc-rsv-leak-in-subvolu.patch. Quoting bsc#1225945#c11: 'So the upstream 6.5 kernel commit (1b53e51a4a8f ('btrfs: do not commit transaction for every subvol create') ) was never backported to SLE, so that fix eb96e221937a ('btrfs: fix unwritten extent buffer after snapshotting a new subvolume') was never backported.' - Docs/admin-guide/mm/damon/usage: fix wrong example of DAMOS filter matching sysfs file (git-fixes). - Drop usb gadget patch that was taken mistakenly and reverted (git-fixes) - EDAC/synopsys: Fix ECC status and IRQ control race condition (git-fixes). - Edit 'amdkfd: use calloc instead of kzalloc to avoid integer overflow' Reference CVE and bug numbers. - Enable CONFIG_FIPS_SIGNATURE_SELFTEST (bsc#1222771) - Enable new CONFIG_FIPS_SIGNATURE_SELFTEST_ECDSA. - Enable new CONFIG_FIPS_SIGNATURE_SELFTEST_RSA. - Fix a potential infinite loop in extract_user_to_sg() (git-fixes). - Fix build errors due to new UIO_MEM_DMA_COHERENT mess (git-fixes). - Fix patches.suse/coresight-etm4x-Add-ACPI-support-in-platform-driver.patch (bsc#1218779 bsc#1220587) Put back patch hunk which where missed because file rename drivers/acpi/acpi_amba.c -> drivers/acpi/arm64/amba.c - HID: amd_sfh: Handle 'no sensors' in PM operations (git-fixes). - HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up (git-fixes). - HID: input: avoid polling stylus battery on Chromebook Pompom (stable-fixes). - HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors (git-fixes). - HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (git-fixes). - HID: logitech-dj: allow mice to use all types of reports (git-fixes). - HID: multitouch: Add required quirk for Synaptics 0xcddc device (stable-fixes). - IB/mlx5: Use __iowrite64_copy() for write combining stores (git-fixes) - Input: cyapa - add missing input core locking to suspend/resume functions (git-fixes). - Input: gpio_keys_polled - suppress deferred probe error for gpio (stable-fixes). - Input: imagis - use FIELD_GET where applicable (stable-fixes). - Input: ims-pcu - fix printf string overflow (git-fixes). - Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (git-fixes). - Input: synaptics-rmi4 - fail probing if memory allocation for 'phys' fails (stable-fixes). - Input: xpad - add additional HyperX Controller Identifiers (stable-fixes). - Input: xpad - add support for Snakebyte GAMEPADs (stable-fixes). - KEYS: trusted: Do not use WARN when encode fails (git-fixes). - KEYS: trusted: Fix memory leak in tpm2_key_encode() (git-fixes). - KVM: SVM: Add support for allowing zero SEV ASIDs (git-fixes). - KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (git-fixes). - KVM: SVM: Use unsigned integers when dealing with ASIDs (git-fixes). - KVM: VMX: Disable LBR virtualization if the CPU does not support LBR callstacks (git-fixes). - KVM: VMX: Report up-to-date exit qualification to userspace (git-fixes). - KVM: nVMX: Clear EXIT_QUALIFICATION when injecting an EPT Misconfig (git-fixes). - KVM: s390: Check kvm pointer when testing KVM_CAP_S390_HPAGE_1M (git-fixes bsc#1224790). - KVM: x86/mmu: Do not force emulation of L2 accesses to non-APIC internal slots (git-fixes). - KVM: x86/mmu: Move private vs. shared check above slot validity checks (git-fixes). - KVM: x86/mmu: Restrict KVM_SW_PROTECTED_VM to the TDP MMU (git-fixes). - KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status (git-fixes). - KVM: x86/pmu: Allow programming events that match unsupported arch events (git-fixes). - KVM: x86/pmu: Always treat Fixed counters as available when supported (git-fixes). - KVM: x86/pmu: Apply 'fast' RDPMC only to Intel PMUs (git-fixes). - KVM: x86/pmu: Disable support for adaptive PEBS (git-fixes). - KVM: x86/pmu: Disallow 'fast' RDPMC for architectural Intel PMUs (git-fixes). - KVM: x86/pmu: Do not ignore bits 31:30 for RDPMC index on AMD (git-fixes). - KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms (git-fixes). - KVM: x86/pmu: Explicitly check NMI from guest to reducee false positives (git-fixes). - KVM: x86/pmu: Prioritize VMX interception over #GP on RDPMC due to bad index (git-fixes). - KVM: x86/pmu: Set enable bits for GP counters in PERF_GLOBAL_CTRL at 'RESET' (git-fixes). - KVM: x86/pmu: Zero out PMU metadata on AMD if PMU is disabled (git-fixes). - KVM: x86/xen: fix recursive deadlock in timer injection (git-fixes). - KVM: x86/xen: improve accuracy of Xen timers (git-fixes). - KVM: x86/xen: inject vCPU upcall vector when local APIC is enabled (git-fixes). - KVM: x86/xen: remove WARN_ON_ONCE() with false positives in evtchn delivery (git-fixes). - KVM: x86: Allow, do not ignore, same-value writes to immutable MSRs (git-fixes). - KVM: x86: Fix broken debugregs ABI for 32 bit kernels (git-fixes). - KVM: x86: Fully re-initialize supported_mce_cap on vendor module load (git-fixes). - KVM: x86: Introduce __kvm_get_hypervisor_cpuid() helper (git-fixes). - KVM: x86: Mark target gfn of emulated atomic instruction as dirty (git-fixes). - KVM: x86: Only set APICV_INHIBIT_REASON_ABSENT if APICv is enabled (git-fixes). - KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible (git-fixes). - KVM: x86: Update KVM_SW_PROTECTED_VM docs to make it clear they're a WIP (git-fixes). - KVM: x86: Use actual kvm_cpuid.base for clearing KVM_FEATURE_PV_UNHALT (git-fixes). - Move out-of-tree powerpc patch to the right section - Move the upstreamed BT fix patch to sorted section - Move the upstreamed BT patch into sorted section - Move upstreamed ACPI patch into sorted section - Move upstreamed HD-audio patch into sorted section - Move upstreamed USB fix into sorted section - Move upstreamed media patches into sorted section - Move upstreamed mm patches into sorted section - Move upstreamed patches into sorted section - Move upstreamed patches into sorted section - Move upstreamed patches into sorted section - Move upstreamed patches into sorted section - Move upstreamed powerpc patches into sorted section - Move upstreamed powerpc patches into sorted section - NFC: trf7970a: disable all regulators on removal (git-fixes). - NFS: Fix an off by one in root_nfs_cat() (git-fixes). - NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt (git-fixes). - NFS: Read unlock folio on nfs_page_create_from_folio() error (git-fixes). - NFSD: Convert the callback workqueue to use delayed_work (git-fixes). - NFSD: Fix nfsd_clid_class use of __string_len() macro (git-fixes). - NFSD: Reschedule CB operations when backchannel rpc_clnt is shut down (git-fixes). - NFSD: Reset cb_seq_status after NFS4ERR_DELAY (git-fixes). - NFSD: Retransmit callbacks after client reconnects (git-fixes). - NFSD: change LISTXATTRS cookie encoding to big-endian (git-fixes). - NFSD: fix LISTXATTRS returning a short list with eof=TRUE (git-fixes). - NFSD: fix LISTXATTRS returning more bytes than maxcount (git-fixes). - NFSD: fix nfsd4_listxattr_validate_cookie (git-fixes). - NFSv4.1/pnfs: fix NFS with TLS in pnfs (git-fixes). - NFSv4.2: fix listxattr maximum XDR buffer size (git-fixes). - NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (git-fixes). - Octeontx2-af: fix pause frame configuration in GMP mode (git-fixes). - PCI/AER: Block runtime suspend when handling errors (stable-fixes). - PCI/ASPM: Use RMW accessors for changing LNKCTL (git-fixes). - PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports (stable-fixes). - PCI/DPC: Use FIELD_GET() (stable-fixes). - PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3 (git-fixes). - PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3 (git-fixes). - PCI/PM: Drain runtime-idle callbacks before driver removal (stable-fixes). - PCI: Delay after FLR of Solidigm P44 Pro NVMe (stable-fixes). - PCI: Disable D3cold on Asus B1400 PCI-NVMe bridge (stable-fixes). - PCI: Execute quirk_enable_clear_retrain_link() earlier (stable-fixes). - PCI: Fix typos in docs and comments (stable-fixes). - PCI: Make link retraining use RMW accessors for changing LNKCTL (git-fixes). - PCI: Simplify pcie_capability_clear_and_set_word() to ..._clear_word() (stable-fixes). - PCI: dwc: ep: Fix DBI access failure for drivers requiring refclk from host (git-fixes). - PCI: hv: Fix ring buffer size calculation (git-fixes). - PCI: qcom: Add support for sa8775p SoC (git-fixes). - PCI: qcom: Disable ASPM L0s for sc8280xp, sa8540p and sa8295p (git-fixes). - PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id (git-fixes). - PCI: rpaphp: Error out on busy status from get-sensor-state (bsc#1223369 ltc#205888). - PCI: switchtec: Add support for PCIe Gen5 devices (stable-fixes). - PCI: switchtec: Use normal comment style (stable-fixes). - PCI: tegra194: Fix probe path for Endpoint mode (git-fixes). - PM / devfreq: Synchronize devfreq_monitor_[start/stop] (stable-fixes). - PM: s2idle: Make sure CPUs will wakeup directly on resume (git-fixes). - Port 'certs: Add ECDSA signature verification self-test'. - Port 'certs: Move RSA self-test data to separate file'. - RAS/AMD/FMPM: Avoid NULL ptr deref in get_saved_records() (jsc#PED-7619). - RAS/AMD/FMPM: Fix build when debugfs is not enabled (jsc#PED-7619). - RAS/AMD/FMPM: Safely handle saved records of various sizes (jsc#PED-7619). - RDMA/IPoIB: Fix format truncation compilation errors (git-fixes) - RDMA/cm: Print the old state when cm_destroy_id gets timeout (git-fixes) - RDMA/cm: add timeout to cm_destroy_id wait (git-fixes) - RDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw (git-fixes) - RDMA/hns: Add max_ah and cq moderation capacities in query_device() (git-fixes) - RDMA/hns: Fix GMV table pagesize (git-fixes) - RDMA/hns: Fix UAF for cq async event (git-fixes) - RDMA/hns: Fix deadlock on SRQ async events. (git-fixes) - RDMA/hns: Fix return value in hns_roce_map_mr_sg (git-fixes) - RDMA/hns: Modify the print level of CQE error (git-fixes) - RDMA/hns: Use complete parentheses in macros (git-fixes) - RDMA/mana_ib: Fix bug in creation of dma regions (git-fixes). - RDMA/mlx5: Adding remote atomic access flag to updatable flags (git-fixes) - RDMA/mlx5: Change check for cacheable mkeys (git-fixes) - RDMA/mlx5: Fix port number for counter query in multi-port configuration (git-fixes) - RDMA/mlx5: Uncacheable mkey has neither rb_key or cache_ent (git-fixes) - RDMA/rxe: Allow good work requests to be executed (git-fixes) - RDMA/rxe: Fix incorrect rxe_put in error path (git-fixes) - RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (git-fixes) - RDMA/rxe: Fix the problem 'mutex_destroy missing' (git-fixes) - README.BRANCH: Remove copy of branch name - Reapply 'drm/qxl: simplify qxl_fence_wait' (stable-fixes). - Refresh patches.suse/0002-PKCS-7-Check-codeSigning-EKU-for-kernel-module-and-k.patch (bsc#1222771). In preparation of enabling CONFIG_FIPS_SIGNATURE_SELFTEST, amend the missing 'usage' argument in the pkcs7_validate_trust() invocation from the PKCS#7 selftest. - Refresh patches.suse/ASoC-SOF-Intel-mtl-Implement-firmware-boot-state-che.patch. - Remove NTFSv3 from configs (bsc#1224429) References: bsc#1224429 comment#3 We only support fuse version of the NTFS-3g driver. Disable NTFSv3 from all configs. This was enabled in d016c04d731 ('Bump to 6.4 kernel (jsc#PED-4593)') - Rename patches.suse/Workaround-broken-chacha-crypto-fallback.patch to patches.suse/powerpc-crypto-chacha-p10-Fix-failure-on-non-Power10.patch. - Revert 'ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default' (stable-fixes). - Revert 'ASoC: SOF: Intel: hda-dai-ops: only allocate/release streams for first CPU DAI' (stable-fixes). - Revert 'ASoC: SOF: Intel: hda-dai-ops: reset device count for SoundWire DAIs' (stable-fixes). - Revert 'PCI/MSI: Provide IMS (Interrupt Message Store) support' (git-fixes). - Revert 'PCI/MSI: Provide pci_ims_alloc/free_irq()' (git-fixes). - Revert 'PCI/MSI: Provide stubs for IMS functions' (git-fixes). - Revert 'cifs: reconnect work should have reference on server struct' (git-fixes, bsc#1225172). - Revert 'drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()' (stable-fixes). - Revert 'drm/amd/display: Fix sending VSC (+ colorimetry) packets for DP/eDP displays without PSR' (stable-fixes). - Revert 'drm/amdkfd: fix gfx_target_version for certain 11.0.3 devices' (stable-fixes). - Revert 'drm/bridge: ti-sn65dsi83: Fix enable error path' (git-fixes). - Revert 'drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()' (stable-fixes). - Revert 'drm/qxl: simplify qxl_fence_wait' (git-fixes). - Revert 'iommu/amd: Enable PCI/IMS' (git-fixes). - Revert 'iommu/vt-d: Enable PCI/IMS' (git-fixes). - Revert 'net/mlx5: Block entering switchdev mode with ns inconsistency' (git-fixes). - Revert 'net/mlx5e: Check the number of elements before walk TC rhashtable' (git-fixes). - Revert 'selinux: introduce an initial SID for early boot processes' (bsc#1208593) It caused a regression on ALP-current branch, kernel-obs-qa build failed. - Revert 'usb: cdc-wdm: close race between read and workqueue' (git-fixes). - Revert 'usb: phy: generic: Get the vbus supply' (git-fixes). - SEV: disable SEV-ES DebugSwap by default (git-fixes). - SUNRPC: fix a memleak in gss_import_v2_context (git-fixes). - SUNRPC: fix some memleaks in gssx_dec_option_array (git-fixes). - USB: UAS: return ENODEV when submit urbs fail with device not attached (stable-fixes). - USB: core: Add hub_get() and hub_put() routines (stable-fixes). - USB: core: Fix access violation during port device removal (git-fixes). - USB: core: Fix deadlock in port 'disable' sysfs attribute (stable-fixes). - USB: core: Fix deadlock in usb_deauthorize_interface() (git-fixes). - USB: serial: add device ID for VeriFone adapter (stable-fixes). - USB: serial: cp210x: add ID for MGP Instruments PDS100 (stable-fixes). - USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M (stable-fixes). - USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB (stable-fixes). - USB: serial: option: add Fibocom FM135-GL variants (stable-fixes). - USB: serial: option: add Lonsung U8300/U9300 product (stable-fixes). - USB: serial: option: add MeiG Smart SLM320 product (stable-fixes). - USB: serial: option: add Rolling RW101-GL and RW135-GL support (stable-fixes). - USB: serial: option: add Telit FN920C04 rmnet compositions (stable-fixes). - USB: serial: option: add support for Fibocom FM650/FG650 (stable-fixes). - USB: serial: option: support Quectel EM060K sub-models (stable-fixes). - Update patches.suse/Bluetooth-hci_sync-Don-t-double-print-name-in-add-re.patch (bsc#1216358). Added bugzilla reference - Update patches.suse/nvme-ensure-disabling-pairs-with-unquiesce.patch (jsc#PED-6252 jsc#PED-5728 jsc#PED-5062 jsc#PED-3535 bsc#1224534). - Update ath11k suspend patches from the latest subsystem tree (bsc#1207948). - Update config files. Disable N_GSM (jsc#PED-8240). - Update patches.suse/gpio-tegra186-Fix-tegra186_gpio_is_accessible-check.patch (git-fixes bsc#1223439) - Update patches.suse/powerpc-pseries-vas-Hold-mmap_mutex-after-mmap-lock-.patch (bsc#1012628 jsc#PED-542 git-fixes bsc#1213573 ltc#203238). - Update patches.suse/scsi-qedf-Don-t-process-stag-work-during-unload.patch (bsc#1214852) - Update patches.suse/scsi-qedf-Wait-for-stag-work-during-unload.patch (bsc#1214852) - VMCI: Fix an error handling path in vmci_guest_probe_device() (git-fixes). - VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() (stable-fixes). - Workaround broken chacha crypto fallback (bsc#1218205). - accel/ivpu: Fix deadlock in context_xa (git-fixes). - admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET (git-fixes). - ahci: asm1064: asm1166: do not limit reported ports (git-fixes). - ahci: asm1064: correct count of reported ports (stable-fixes). - amd/amdkfd: sync all devices to wait all processes being evicted (stable-fixes). - amdkfd: use calloc instead of kzalloc to avoid integer overflow (stable-fixes). - arm64/head: Disable MMU at EL2 before clearing HCR_EL2.E2H (git-fixes). - arm64/ptrace: Use saved floating point state type to determine SVE (git-fixes) - arm64/sve: Lower the maximum allocation for the SVE ptrace regset (git-fixes) - arm64: Add the arm64.no32bit_el0 command line option (jsc#PED-3184). Please note that some adjustments were needed since the upstream commit is based on kernel 6.9 which has idreg-override.c moved under arch/arm64/kernel/pi/. - arm64: bpf: fix 32bit unconditional bswap (git-fixes). - arm64: dts: Fix dtc interrupt_provider warnings (git-fixes) - arm64: dts: allwinner: Pine H64: correctly remove reg_gmac_3v3 (git-fixes) - arm64: dts: allwinner: h616: Fix I2C0 pins (git-fixes) - arm64: dts: broadcom: bcmbca: bcm4908: drop invalid switch cells (git-fixes) - arm64: dts: hi3798cv200: fix the size of GICR (git-fixes) - arm64: dts: imx8-ss-conn: fix usb lpcg indices (git-fixes) - arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order (git-fixes) - arm64: dts: imx8-ss-dma: fix adc lpcg indices (git-fixes) - arm64: dts: imx8-ss-dma: fix can lpcg indices (git-fixes) - arm64: dts: imx8-ss-dma: fix spi lpcg indices (git-fixes) - arm64: dts: imx8-ss-lsio: fix pwm lpcg indices (git-fixes) - arm64: dts: imx8qm-ss-dma: fix can lpcg indices (git-fixes) - arm64: dts: marvell: reorder crypto interrupts on Armada SoCs (git-fixes) - arm64: dts: microchip: sparx5: fix mdio reg (git-fixes) - arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK (git-fixes) - arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK (git-fixes) - arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro (git-fixes) - arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 (git-fixes) - arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for (git-fixes) - arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 (git-fixes) - arm64: dts: rockchip: fix rk3328 hdmi ports node (git-fixes) - arm64: dts: rockchip: fix rk3399 hdmi ports node (git-fixes) - arm64: dts: rockchip: regulator for sd needs to be always on for (git-fixes) - arm64: dts: rockchip: set PHY address of MT7531 switch to 0x1f (git-fixes) - arm64: hibernate: Fix level3 translation fault in swsusp_save() (git-fixes). - arm64: tegra: Correct Tegra132 I2C alias (git-fixes) - arm64: tegra: Set the correct PHY mode for MGBE (git-fixes) - arm_pmu: acpi: Add a representative platform device for TRBE (bsc#1220587) - arm_pmu: acpi: Refactor arm_spe_acpi_register_device() (bsc#1220587) - asm-generic: make sparse happy with odd-sized put_unaligned_*() (stable-fixes). - ata: libata-core: Allow command duration limits detection for ACS-4 drives (git-fixes). - ata: pata_legacy: make legacy_exit() work again (git-fixes). - ata: sata_gemini: Check clk_enable() result (stable-fixes). - ata: sata_mv: Fix PCI device ID table declaration compilation warning (git-fixes). - ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit (git-fixes). - autofs: use wake_up() instead of wake_up_interruptible(() (bsc#1224166). - ax25: Fix netdev refcount issue (git-fixes). - ax25: Fix reference count leak issue of net_device (git-fixes). - ax25: Fix reference count leak issues of ax25_dev (git-fixes). - ax25: fix use-after-free bugs caused by ax25_ds_del_timer (git-fixes). - batman-adv: Avoid infinite loop trying to resize local TT (git-fixes). - bitops: add missing prototype check (git-fixes). - blacklist.conf: workqueues: system-wide nr_active enforcement patchset; not worth the risk (bsc#1225580) - blk-cgroup: fix list corruption from reorder of WRITE ->lqueued (bsc#1225605). - blk-cgroup: fix list corruption from resetting io stat (bsc#1225605). - block: fix q->blkg_list corruption during disk rebind (bsc#1223591). - bnx2x: Fix firmware version string character counts (git-fixes). - bnxt_en: Fix error recovery for RoCE ulp client (git-fixes). - bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init() (git-fixes). - bnxt_en: Reset PTP tx_avail after possible firmware reset (git-fixes). - bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (git-fixes) - bootconfig: Fix the kerneldoc of _xbc_exit() (git-fixes). - bootconfig: use memblock_free_late to free xbc memory to buddy (git-fixes). - bootmem: use kmemleak_free_part_phys in free_bootmem_page (git-fixes). - bootmem: use kmemleak_free_part_phys in put_page_bootmem (git-fixes). - bpf, arm64: Fix incorrect runtime stats (git-fixes) - bpf, arm64: fix bug in BPF_LDX_MEMSX (git-fixes) - bpf, scripts: Correct GPL license name (git-fixes). - bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END (git-fixes). - bpf: fix precision backtracking instruction iteration (bsc#1225756). - bpf: handle ldimm64 properly in check_cfg() (bsc#1225756). - btrfs: add a helper to read the superblock metadata_uuid (git-fixes) - btrfs: add and use helper to check if block group is used (bsc#1220120). - btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() (git-fixes) - btrfs: add new unused block groups to the list of unused block groups (bsc#1220120). - btrfs: allow to run delayed refs by bytes to be released instead of count (bsc#1220120). - btrfs: always clear PERTRANS metadata during commit (git-fixes) - btrfs: always print transaction aborted messages with an error level (git-fixes) - btrfs: always reserve space for delayed refs when starting transaction (bsc#1220120). - btrfs: assert correct lock is held at btrfs_select_ref_head() (bsc#1220120). - btrfs: assert delayed node locked when removing delayed item (git-fixes) - btrfs: avoid start and commit empty transaction when flushing qgroups (bsc#1220120). - btrfs: avoid start and commit empty transaction when starting qgroup rescan (bsc#1220120). - btrfs: avoid starting and committing empty transaction when flushing space (bsc#1220120). - btrfs: avoid starting new transaction when flushing delayed items and refs (bsc#1220120). - btrfs: check for BTRFS_FS_ERROR in pending ordered assert (git-fixes) - btrfs: compare the correct fsid/metadata_uuid in btrfs_validate_super (git-fixes) - btrfs: defrag: avoid unnecessary defrag caused by incorrect extent size (git-fixes) - btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args (git-fixes) - btrfs: do not allow non subvolume root targets for snapshot (git-fixes) - btrfs: do not arbitrarily slow down delalloc if we're committing (git-fixes) - btrfs: do not delete unused block group if it may be used soon (bsc#1220120). - btrfs: do not refill whole delayed refs block reserve when starting transaction (bsc#1220120). - btrfs: do not start transaction when joining with TRANS_JOIN_NOSTART (git-fixes) - btrfs: do not steal space from global rsv after a transaction abort (bsc#1220120). - btrfs: do not warn if discard range is not aligned to sector (git-fixes) - btrfs: ensure fiemap does not race with writes when FIEMAP_FLAG_SYNC is given (bsc#1223285). - btrfs: error out when COWing block using a stale transaction (git-fixes) - btrfs: error out when reallocating block for defrag using a stale transaction (git-fixes) - btrfs: export: handle invalid inode or root reference in btrfs_get_parent() (git-fixes) - btrfs: fail priority metadata ticket with real fs error (bsc#1220120). - btrfs: file_remove_privs needs an exclusive lock in direct io write (git-fixes) - btrfs: fix 64bit compat send ioctl arguments not initializing version member (git-fixes) - btrfs: fix deadlock with fiemap and extent locking (bsc#1223285). - btrfs: fix information leak in btrfs_ioctl_logical_to_ino() (git-fixes) - btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() (git-fixes) - btrfs: fix lockdep splat and potential deadlock after failure running delayed items (git-fixes) - btrfs: fix off-by-one chunk length calculation at contains_pending_extent() (git-fixes) - btrfs: fix off-by-one when checking chunk map includes logical address (git-fixes) - btrfs: fix race between ordered extent completion and fiemap (bsc#1223285). - btrfs: fix race when detecting delalloc ranges during fiemap (bsc#1223285). - btrfs: fix race when refilling delayed refs block reserve (git-fixes) - btrfs: fix start transaction qgroup rsv double free (git-fixes) - btrfs: fix stripe length calculation for non-zoned data chunk allocation (bsc#1217489). - btrfs: fix wrong block_start calculation for btrfs_drop_extent_map_range() (git-fixes) Dropped hunk in selftests (test_case_7), 92e1229b204d6. - btrfs: free qgroup rsv on io failure (git-fixes) - btrfs: free the allocated memory if btrfs_alloc_page_array() fails (git-fixes) - btrfs: get rid of label and goto at insert_delayed_ref() (bsc#1220120). - btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() (git-fixes) - btrfs: handle errors properly in update_inline_extent_backref() (git-fixes) - btrfs: initialize key where it's used when running delayed data ref (bsc#1220120). - btrfs: log message if extent item not found when running delayed extent op (bsc#1220120). - btrfs: make btrfs_cleanup_fs_roots() static (bsc#1220120). - btrfs: make btrfs_destroy_delayed_refs() return void (bsc#1220120). - btrfs: make btrfs_destroy_marked_extents() return void (bsc#1220120). - btrfs: make btrfs_destroy_pinned_extent() return void (bsc#1220120). - btrfs: make error messages more clear when getting a chunk map (git-fixes) - btrfs: make find_first_extent_bit() return a boolean (bsc#1220120). - btrfs: make find_free_dev_extent() static (bsc#1220120). - btrfs: make insert_delayed_ref() return a bool instead of an int (bsc#1220120). - btrfs: merge find_free_dev_extent() and find_free_dev_extent_start() (bsc#1220120). - btrfs: move btrfs_free_excluded_extents() into block-group.c (bsc#1220120). - btrfs: open code trivial btrfs_add_excluded_extent() (bsc#1220120). - btrfs: output extra debug info if we failed to find an inline backref (git-fixes) - btrfs: pass a space_info argument to btrfs_reserve_metadata_bytes() (bsc#1220120). - btrfs: prevent transaction block reserve underflow when starting transaction (git-fixes) - btrfs: print available space across all block groups when dumping space info (bsc#1220120). - btrfs: print available space for a block group when dumping a space info (bsc#1220120). - btrfs: print block group super and delalloc bytes when dumping space info (bsc#1220120). - btrfs: print target number of bytes when dumping free space (bsc#1220120). - btrfs: qgroup: always free reserved space for extent records (bsc#1216196). - btrfs: qgroup: convert PREALLOC to PERTRANS after record_root_in_trans (git-fixes) - btrfs: record delayed inode root in transaction (git-fixes) - btrfs: reject encoded write if inode has nodatasum flag set (git-fixes) - btrfs: release path before inode lookup during the ino lookup ioctl (git-fixes) - btrfs: remove pointless 'ref_root' variable from run_delayed_data_ref() (bsc#1220120). - btrfs: remove pointless in_tree field from struct btrfs_delayed_ref_node (bsc#1220120). - btrfs: remove pointless initialization at btrfs_delayed_refs_rsv_release() (bsc#1220120). - btrfs: remove redundant BUG_ON() from __btrfs_inc_extent_ref() (bsc#1220120). - btrfs: remove refs_to_add argument from __btrfs_inc_extent_ref() (bsc#1220120). - btrfs: remove refs_to_drop argument from __btrfs_free_extent() (bsc#1220120). - btrfs: remove the refcount warning/check at btrfs_put_delayed_ref() (bsc#1220120). - btrfs: remove unnecessary logic when running new delayed references (bsc#1220120). - btrfs: remove unnecessary prototype declarations at disk-io.c (bsc#1220120). - btrfs: remove unused is_head field from struct btrfs_delayed_ref_node (bsc#1220120). - btrfs: rename add_new_free_space() to btrfs_add_new_free_space() (bsc#1220120). - btrfs: reorder some members of struct btrfs_delayed_ref_head (bsc#1220120). - btrfs: reserve space for delayed refs on a per ref basis (bsc#1220120). - btrfs: reset destination buffer when read_extent_buffer() gets invalid range (git-fixes) - btrfs: return -EUCLEAN for delayed tree ref with a ref count not equals to 1 (git-fixes) - btrfs: return -EUCLEAN if extent item is missing when searching inline backref (bsc#1220120). - btrfs: return real error when orphan cleanup fails due to a transaction abort (bsc#1220120). - btrfs: send: do not issue unnecessary zero writes for trailing hole (bsc#1222459). - btrfs: send: ensure send_fd is writable (git-fixes) - btrfs: send: handle path ref underflow in header iterate_inode_ref() (git-fixes) - btrfs: send: return EOPNOTSUPP on unknown flags (git-fixes) - btrfs: set page extent mapped after read_folio in relocate_one_page (git-fixes) - btrfs: simplify check for extent item overrun at lookup_inline_extent_backref() (bsc#1220120). - btrfs: stop doing excessive space reservation for csum deletion (bsc#1220120). - btrfs: store the error that turned the fs into error state (bsc#1220120). - btrfs: sysfs: validate scrub_speed_max value (git-fixes) - btrfs: tree-checker: fix inline ref size in error messages (git-fixes) - btrfs: update comment for btrfs_join_transaction_nostart() (bsc#1220120). - btrfs: update documentation for add_new_free_space() (bsc#1220120). - btrfs: use a bool to track qgroup record insertion when adding ref head (bsc#1220120). - btrfs: use a single switch statement when initializing delayed ref head (bsc#1220120). - btrfs: use a single variable for return value at lookup_inline_extent_backref() (bsc#1220120). - btrfs: use a single variable for return value at run_delayed_extent_op() (bsc#1220120). - btrfs: use bool type for delayed ref head fields that are used as booleans (bsc#1220120). - btrfs: use the correct superblock to compare fsid in btrfs_validate_super (git-fixes) - btrfs: use u64 for buffer sizes in the tree search ioctls (git-fixes) - btrfs: zoned: do not skip block groups with 100% zone unusable (bsc#1220120). - bus: mhi: ep: check the correct variable in mhi_ep_register_controller() (git-fixes). - ceph: redirty page before returning AOP_WRITEPAGE_ACTIVATE (bsc#1224866). - ceph: stop copying to iter at EOF on sync reads (bsc#1222606). - certs: Add ECDSA signature verification self-test (bsc#1222777). - certs: Move RSA self-test data to separate file (bsc#1222777). - cifs: Do not use certain unnecessary folio_*() functions (bsc#1225172). - cifs: account for primary channel in the interface list (bsc#1225172). - cifs: cifs_chan_is_iface_active should be called with chan_lock held (bsc#1225172). - cifs: distribute channels across interfaces based on speed (bsc#1225172). - cifs: do not pass cifs_sb when trying to add channels (bsc#1225172). - cifs: failure to add channel on iface should bump up weight (git-fixes, bsc#1225172). - cifs: fix charset issue in reconnection (bsc#1225172). - cifs: fix leak of iface for primary channel (git-fixes, bsc#1225172). - cifs: handle cases where a channel is closed (bsc#1225172). - cifs: handle cases where multiple sessions share connection (bsc#1225172). - cifs: reconnect work should have reference on server struct (bsc#1225172). - clk: Do not hold prepare_lock when calling kref_put() (stable-fixes). - clk: Get runtime PM before walking tree during disable_unused (git-fixes). - clk: Get runtime PM before walking tree for clk_summary (git-fixes). - clk: Initialize struct clk_core kref earlier (stable-fixes). - clk: Remove prepare_lock hold assertion in __clk_release() (git-fixes). - clk: Show active consumers of clocks in debugfs (stable-fixes). - clk: mediatek: Do a runtime PM get on controllers during probe (git-fixes). - clk: mediatek: mt8365-mm: fix DPI0 parent (git-fixes). - clk: mediatek: pllfh: Do not log error for missing fhctl node (git-fixes). - clk: qcom: clk-alpha-pll: fix rate setting for Stromer PLLs (git-fixes). - clk: qcom: clk-alpha-pll: remove invalid Stromer register offset (git-fixes). - clk: qcom: dispcc-sm6350: fix DisplayPort clocks (git-fixes). - clk: qcom: dispcc-sm8450: fix DisplayPort clocks (git-fixes). - clk: qcom: dispcc-sm8550: fix DisplayPort clocks (git-fixes). - clk: qcom: mmcc-msm8998: fix venus clock issue (git-fixes). - clk: qcom: reset: Commonize the de/assert functions (stable-fixes). - clk: qcom: reset: Ensure write completion on reset de/assertion (git-fixes). - clk: renesas: r8a779a0: Fix CANFD parent clock (git-fixes). - clk: renesas: r9a07g043: Add clock and reset entry for PLIC (git-fixes). - clk: rs9: fix wrong default value for clock amplitude (git-fixes). - clk: samsung: exynosautov9: fix wrong pll clock id value (git-fixes). - clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change (git-fixes). - clocksource/drivers/arm_global_timer: Fix maximum prescaler value (git-fixes). - clocksource/drivers/imx: Fix -Wunused-but-set-variable warning (git-fixes). - comedi: vmk80xx: fix incomplete endpoint checking (git-fixes). - coresight: trbe: Add a representative coresight_platform_data for (bsc#1220587) - coresight: trbe: Allocate platform data per device (bsc#1220587) - coresight: trbe: Enable ACPI based TRBE devices (bsc#1220587) - counter: linux/counter.h: fix Excess kernel-doc description warning (git-fixes). - cppc_cpufreq: Fix possible null pointer dereference (git-fixes). - cpufreq: brcmstb-avs-cpufreq: ISO C90 forbids mixed declarations (git-fixes). - cpufreq: exit() callback is optional (git-fixes). - cpumask: Add for_each_cpu_from() (bsc#1225053). - crypto: bcm - Fix pointer arithmetic (git-fixes). - crypto: ccp - Add support for PCI device 0x156E (bsc#1223338). - crypto: ccp - Add support for PCI device 0x17E0 (bsc#1223338). - crypto: ccp - drop platform ifdef checks (git-fixes). - crypto: ecc - update ecc_gen_privkey for FIPS 186-5 (bsc#1222782). - crypto: ecdsa - Fix module auto-load on add-key (git-fixes). - crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init (git-fixes). - crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (git-fixes). - crypto: qat - fix ring to service map for dcc in 4xxx (git-fixes). - crypto: qat - improve error logging to be consistent across features (git-fixes). - crypto: qat - relocate and rename get_service_enabled() (stable-fixes). - crypto: qat - specify firmware files for 402xx (git-fixes). - crypto: rsa - add a check for allocation failure (bsc#1222775). - crypto: rsa - allow only odd e and restrict value in FIPS mode (bsc#1222775). - crypto: testmgr - remove unused xts4096 and xts512 algorithms from testmgr.c (bsc#1222769). - crypto: x86/nh-avx2 - add missing vzeroupper (git-fixes). - crypto: x86/sha256-avx2 - add missing vzeroupper (git-fixes). - crypto: x86/sha512-avx2 - add missing vzeroupper (git-fixes). - cxl/acpi: Fix load failures due to single window creation failure (git-fixes). - cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window (git-fixes). - cxl/trace: Properly initialize cxl_poison region name (git-fixes). - dax/bus.c: replace driver-core lock usage by a local rwsem (jsc#PED-5853). - dax/bus.c: replace several sprintf() with sysfs_emit() (jsc#PED-5853). - dax: alloc_dax() return ERR_PTR(-EOPNOTSUPP) for CONFIG_DAX=n (jsc#PED-5853). - device-dax: make dax_bus_type const (jsc#PED-5853). - dlm: fix user space lkb refcounting (git-fixes). - dm crypt: remove redundant state settings after waking up (jsc#PED-7542). - dm thin: add braces around conditional code that spans lines (jsc#PED-7542). - dm verity: set DM_TARGET_SINGLETON feature flag (jsc#PED-7542). - dm-integrity: set max_integrity_segments in dm_integrity_io_hints (jsc#PED-7542). - dm-multipath: dont't attempt SG_IO on non-SCSI-disks (bsc#1223575). - dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape (bsc#1219596) Also update diff context in patches.suse/dm-raid-fix-false-positive-for-requeue-needed-during-b25b.patch - dm-raid: add a new helper prepare_suspend() in md_personality (jsc#PED-7542). - dm-raid: really frozen sync_thread during suspend (jsc#PED-7542). - dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users (git-fixes). - dm: update relevant MODULE_AUTHOR entries to latest dm-devel mailing list (jsc#PED-7542). - dma-buf/sw-sync: do not enable IRQ from sync_print_obj() (git-fixes). - dma-buf: Fix NULL pointer dereference in sanitycheck() (git-fixes). - dma-mapping: benchmark: fix node id validation (git-fixes). - dma-mapping: benchmark: handle NUMA_NO_NODE correctly (git-fixes). - dma: xilinx_dpdma: Fix locking (git-fixes). - dmaengine: axi-dmac: fix possible race in remove() (git-fixes). - dmaengine: idma64: Add check for dma_set_max_seg_size (git-fixes). - dmaengine: idxd: Avoid unnecessary destruction of file_ida (git-fixes). - dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (git-fixes). - dmaengine: owl: fix register access functions (git-fixes). - dmaengine: tegra186: Fix residual calculation (git-fixes). - docs: Restore 'smart quotes' for quotes (stable-fixes). - docs: kernel_include.py: Cope with docutils 0.21 (stable-fixes). - docs: netdev: Fix typo in Signed-off-by tag (git-fixes). - driver core: Introduce device_link_wait_removal() (stable-fixes). - drivers/nvme: Add quirks for device 126f:2262 (git-fixes). - drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init() (stable-fixes). - drm/amd/display: Add dml2 copy functions (stable-fixes). - drm/amd/display: Allow dirty rects to be sent to dmub when abm is active (stable-fixes). - drm/amd/display: Atom Integrated System Info v2_2 for DCN35 (stable-fixes). - drm/amd/display: Change default size for dummy plane in DML2 (stable-fixes). - drm/amd/display: Do not recursively call manual trigger programming (stable-fixes). - drm/amd/display: Enable colorspace property for MST connectors (git-fixes). - drm/amd/display: Fix bounds check for dcn35 DcfClocks (git-fixes). - drm/amd/display: Fix division by zero in setup_dsc_config (stable-fixes). - drm/amd/display: Fix idle check for shared firmware state (stable-fixes). - drm/amd/display: Fix incorrect DSC instance for MST (stable-fixes). - drm/amd/display: Fix nanosec stat overflow (stable-fixes). - drm/amd/display: Fix noise issue on HDMI AV mute (stable-fixes). - drm/amd/display: Fix potential index out of bounds in color transformation function (git-fixes). - drm/amd/display: Handle Y carry-over in VCP X.Y calculation (stable-fixes). - drm/amd/display: Init DPPCLK from SMU on dcn32 (stable-fixes). - drm/amd/display: Override min required DCFCLK in dml1_validate (stable-fixes). - drm/amd/display: Prevent crash when disable stream (stable-fixes). - drm/amd/display: Program VSC SDP colorimetry for all DP sinks >= 1.4 (stable-fixes). - drm/amd/display: Remove MPC rate control logic from DCN30 and above (stable-fixes). - drm/amd/display: Remove redundant condition in dcn35_calc_blocks_to_gate() (git-fixes). - drm/amd/display: Return the correct HDCP error code (stable-fixes). - drm/amd/display: Send DTBCLK disable message on first commit (git-fixes). - drm/amd/display: Set DCN351 BB and IP the same as DCN35 (stable-fixes). - drm/amd/display: Set VSC SDP Colorimetry same way for MST and SST (stable-fixes). - drm/amd/display: Update odm when ODM combine is changed on an otg master pipe with no plane (stable-fixes). - drm/amd/display: Use freesync when `DRM_EDID_FEATURE_CONTINUOUS_FREQ` found (stable-fixes). - drm/amd/display: fix disable otg wa logic in DCN316 (stable-fixes). - drm/amd/display: fix input states translation error for dcn35 & dcn351 (stable-fixes). - drm/amd/display: handle range offsets in VRR ranges (stable-fixes). - drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 (stable-fixes). - drm/amd/swsmu: modify the gfx activity scaling (stable-fixes). - drm/amd: Flush GFXOFF requests in prepare stage (git-fixes). - drm/amdgpu/display: Address kdoc for 'is_psr_su' in 'fill_dc_dirty_rects' (git-fixes). - drm/amdgpu/pm: Check the validity of overdiver power limit (git-fixes). - drm/amdgpu/pm: Fix NULL pointer dereference when get power limit (git-fixes). - drm/amdgpu/pm: Fix the error of pwm1_enable setting (stable-fixes). - drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 (stable-fixes). - drm/amdgpu: Assign correct bits for SDMA HDP flush (stable-fixes). - drm/amdgpu: Enable gpu reset for S3 abort cases on Raven series (stable-fixes). - drm/amdgpu: Fix VCN allocation in CPX partition (stable-fixes). - drm/amdgpu: Fix comparison in amdgpu_res_cpu_visible (git-fixes). - drm/amdgpu: Fix leak when GPU memory allocation fails (stable-fixes). - drm/amdgpu: Refine IB schedule error logging (stable-fixes). - drm/amdgpu: Reset dGPU if suspend got aborted (stable-fixes). - drm/amdgpu: always force full reset for SOC21 (stable-fixes). - drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag (stable-fixes). - drm/amdgpu: drop setting buffer funcs in sdma442 (git-fixes). - drm/amdgpu: fix deadlock while reading mqd from debugfs (git-fixes). - drm/amdgpu: fix doorbell regression (git-fixes). - drm/amdgpu: fix incorrect number of active RBs for gfx11 (stable-fixes). - drm/amdgpu: fix mmhub client id out-of-bounds access (git-fixes). - drm/amdgpu: fix use-after-free bug (stable-fixes). - drm/amdgpu: fix visible VRAM handling during faults (git-fixes). - drm/amdgpu: implement IRQ_STATE_ENABLE for SDMA v4.4.2 (stable-fixes). - drm/amdgpu: make damage clips support configurable (stable-fixes). - drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 (git-fixes). - drm/amdgpu: remove invalid resource->start check v2 (git-fixes). - drm/amdgpu: validate the parameters of bo mapping operations more clearly (git-fixes). - drm/amdkfd: Check cgroup when returning DMABuf info (stable-fixes). - drm/amdkfd: Fix memory leak in create_process failure (git-fixes). - drm/amdkfd: Reset GPU on queue preemption failure (stable-fixes). - drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (git-fixes). - drm/amdkfd: fix TLB flush after unmap for GFX9.4.2 (stable-fixes). - drm/amdkfd: range check cp bad op exception interrupts (stable-fixes). - drm/arm/malidp: fix a possible null pointer dereference (git-fixes). - drm/ast: Fix soft lockup (git-fixes). - drm/bridge: Fix improper bridge init order with pre_enable_prev_first (git-fixes). - drm/bridge: anx7625: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: anx7625: Update audio status while detecting (git-fixes). - drm/bridge: dpc3433: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: icn6211: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: lt8912b: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: lt9611: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: lt9611uxc: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: tc358775: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: tc358775: fix support for jeida-18 and jeida-24 (git-fixes). - drm/buddy: check range allocation matches alignment (stable-fixes). - drm/client: Fully protect modes[] with dev->mode_config.mutex (stable-fixes). - drm/connector: Add \n to message about demoting connector force-probes (git-fixes). - drm/display: fix typo (git-fixes). - drm/exynos: do not return negative values from .get_modes() (stable-fixes). - drm/fbdev-generic: Do not set physical framebuffer address (git-fixes). - drm/gma500: Remove lid code (git-fixes). - drm/i915/audio: Fix audio time stamp programming for DP (stable-fixes). - drm/i915/bios: Fix parsing backlight BDB data (git-fixes). - drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() (stable-fixes). - drm/i915/cdclk: Fix CDCLK programming order when pipes are active (git-fixes). - drm/i915/display: Use i915_gem_object_get_dma_address to get dma address (stable-fixes). - drm/i915/dp: Fix the computation for compressed_bpp for DISPLAY &lt; 13 (git-fixes). - drm/i915/dp: Remove support for UHBR13.5 (git-fixes). - drm/i915/dpt: Make DPT object unshrinkable (git-fixes). - drm/i915/dsb: Fix DSB vblank waits when using VRR (git-fixes). - drm/i915/dsi: Go back to the previous INIT_OTP/DISPLAY_ON order, mostly (git-fixes). - drm/i915/gt: Automate CCS Mode setting during engine resets (git-fixes). - drm/i915/gt: Disable HW load balancing for CCS (git-fixes). - drm/i915/gt: Disarm breadcrumbs if engines are already idle (git-fixes). - drm/i915/gt: Do not generate the command streamer for all the CCS (git-fixes). - drm/i915/gt: Enable only one CCS for compute workload (git-fixes). - drm/i915/gt: Fix CCS id's calculation for CCS mode setting (git-fixes). - drm/i915/gt: Reset queue_priority_hint on parking (git-fixes). - drm/i915/guc: avoid FIELD_PREP warning (git-fixes). - drm/i915/hwmon: Fix locking inversion in sysfs getter (git-fixes). - drm/i915/lspcon: Separate function to set expected mode (bsc#1193599). - drm/i915/lspcon: Separate lspcon probe and lspcon init (bsc#1193599). - drm/i915/mst: Limit MST+DSC to TGL+ (git-fixes). - drm/i915/mst: Reject FEC+MST on ICL (git-fixes). - drm/i915/mtl: Update workaround 14018575942 (git-fixes). - drm/i915/vrr: Disable VRR when using bigjoiner (stable-fixes). - drm/i915/vrr: Generate VRR 'safe window' for DSB (git-fixes). - drm/i915: Disable port sync when bigjoiner is used (stable-fixes). - drm/i915: Do not match JSL in ehl_combo_pll_div_frac_wa_needed() (git-fixes). - drm/i915: Fix audio component initialization (git-fixes). - drm/i915: Include the PLL name in the debug messages (stable-fixes). - drm/i915: Pre-populate the cursor physical dma address (git-fixes). - drm/i915: Replace a memset() with zero initialization (stable-fixes). - drm/i915: Stop printing pipe name as hex (stable-fixes). - drm/i915: Suppress old PLL pipe_mask checks for MG/TC/TBT PLLs (stable-fixes). - drm/i915: Try to preserve the current shared_dpll for fastset on type-c ports (stable-fixes). - drm/i915: Use named initializers for DPLL info (stable-fixes). - drm/imx/ipuv3: do not return negative values from .get_modes() (stable-fixes). - drm/lcdif: Do not disable clocks on already suspended hardware (git-fixes). - drm/mediatek: Add 0 size check to mtk_drm_gem_obj (git-fixes). - drm/mediatek: Init `ddp_comp` with devm_kcalloc() (git-fixes). - drm/mediatek: dp: Fix mtk_dp_aux_transfer return value (git-fixes). - drm/meson: dw-hdmi: add bandgap setting for g12 (git-fixes). - drm/meson: dw-hdmi: power up phy on device init (git-fixes). - drm/meson: gate px_clk when setting rate (git-fixes). - drm/meson: vclk: fix calculation of 59.94 fractional rates (git-fixes). - drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails (git-fixes). - drm/msm/adreno: fix CP cycles stat retrieval on a7xx (git-fixes). - drm/msm/dp: Avoid a long timeout for AUX transfer if nothing connected (git-fixes). - drm/msm/dp: allow voltage swing / pre emphasis of 3 (git-fixes). - drm/msm/dp: fix typo in dp_display_handle_port_status_changed() (git-fixes). - drm/msm/dpu: Add callback function pointer check before its call (git-fixes). - drm/msm/dpu: Allow configuring multiple active DSC blocks (git-fixes). - drm/msm/dpu: Always flush the slave INTF on the CTL (git-fixes). - drm/msm/dpu: do not allow overriding data from catalog (git-fixes). - drm/msm/dpu: make error messages at dpu_core_irq_register_callback() more sensible (git-fixes). - drm/msm/dpu: use devres-managed allocation for MDP TOP (stable-fixes). - drm/msm/dsi: Print dual-DSI-adjusted pclk instead of original mode pclk (git-fixes). - drm/msm: Add newlines to some debug prints (git-fixes). - drm/nouveau/disp: Fix missing backlight control on Macbook 5, 1 (bsc#1223838). - drm/nouveau/dp: Do not probe eDP ports twice harder (stable-fixes). - drm/nouveau/dp: Fix incorrect return code in r535_dp_aux_xfer() (git-fixes). - drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor() (stable-fixes). - drm/nouveau: use tile_mode and pte_kind for VM_BIND bo allocations (git-fixes). - drm/omapdrm: Fix console by implementing fb_dirty (git-fixes). - drm/panel: do not return negative error codes from drm_panel_get_modes() (stable-fixes). - drm/panel: ili9341: Respect deferred probe (git-fixes). - drm/panel: ili9341: Use predefined error codes (git-fixes). - drm/panel: ltk050h3146w: add MIPI_DSI_MODE_VIDEO to LTK050H3148W flags (git-fixes). - drm/panel: ltk050h3146w: drop duplicate commands from LTK050H3148W init (git-fixes). - drm/panel: novatek-nt35950: Do not log an error when DSI host can't be found (git-fixes). - drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector (git-fixes). - drm/panel: sitronix-st7789v: fix display size for jt240mhqs_hwt_ek_e3 panel (git-fixes). - drm/panel: sitronix-st7789v: fix timing for jt240mhqs_hwt_ek_e3 panel (git-fixes). - drm/panel: sitronix-st7789v: tweak timing for jt240mhqs_hwt_ek_e3 panel (git-fixes). - drm/panel: visionox-rm69299: do not unregister DSI device (git-fixes). - drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr() (git-fixes). - drm/panfrost: fix power transition timeout warnings (git-fixes). - drm/prime: Unbreak virtgpu dma-buf export (git-fixes). - drm/probe-helper: warn about negative .get_modes() (stable-fixes). - drm/qxl: remove unused `count` variable from `qxl_surface_id_alloc()` (git-fixes). - drm/qxl: remove unused variable from `qxl_process_single_command()` (git-fixes). - drm/radeon: make -fstrict-flex-arrays=3 happy (git-fixes). - drm/radeon: silence UBSAN warning (v3) (stable-fixes). - drm/rockchip: vop2: Do not divide height twice for YUV (git-fixes). - drm/rockchip: vop2: Remove AR30 and AB30 format support (git-fixes). - drm/sched: fix null-ptr-deref in init entity (git-fixes). - drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (git-fixes). - drm/ttm: return ENOSPC from ttm_bo_mem_space v3 (stable-fixes). - drm/ttm: stop pooling cached NUMA pages v2 (git-fixes). - drm/vc4: do not check if plane->state->fb == state->fb (stable-fixes). - drm/vc4: hdmi: do not return negative values from .get_modes() (stable-fixes). - drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed (git-fixes). - drm/vmwgfx: Enable DMA mappings with SEV (git-fixes). - drm/vmwgfx: Fix Legacy Display Unit (git-fixes). - drm/vmwgfx: Fix crtc's atomic check conditional (git-fixes). - drm/vmwgfx: Fix invalid reads in fence signaled events (git-fixes). - drm/vmwgfx: Fix prime import/export (git-fixes). - drm/vmwgfx: Sort primary plane formats by order of preference (git-fixes). - drm: Check output polling initialized before disabling (stable-fixes). - drm: Check polling initialized before enabling in drm_helper_probe_single_connector_modes (stable-fixes). - drm: Fix drm_fixp2int_round() making it add 0.5 (git-fixes). - drm: add drm_gem_object_is_shared_for_memory_stats() helper (stable-fixes). - drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference (git-fixes). - drm: nv04: Fix out of bounds access (git-fixes). - drm: panel-orientation-quirks: Add quirk for GPD Win Mini (stable-fixes). - drm: vc4: Fix possible null pointer dereference (git-fixes). - drm: zynqmp_dpsub: Always register bridge (git-fixes). - dt-bindings: clock: qcom: Add missing UFS QREF clocks (git-fixes) - dump_stack: Do not get cpu_sync for panic CPU (bsc#1225607). - dyndbg: fix old BUG_ON in >control parser (stable-fixes). - e1000e: Minor flow correction in e1000_shutdown function (git-fixes). - e1000e: Workaround for sporadic MDI error on Meteor Lake systems (git-fixes). - e1000e: move force SMBUS from enable ulp function to avoid PHY loss issue (git-fixes). - ecryptfs: Fix buffer size for tag 66 packet (git-fixes) - ecryptfs: Reject casefold directory inodes (git-fixes) - efi/unaccepted: do not let /proc/vmcore try to access unaccepted memory (git-fixes). - efi/unaccepted: touch soft lockup during memory accept (git-fixes). - efi: disable mirror feature during crashkernel (stable-fixes). - efi: fix panic in kdump kernel (git-fixes). - efi: libstub: only free priv.runtime_map when allocated (git-fixes). - extcon: max8997: select IRQ_DOMAIN instead of depending on it (git-fixes). - fast_dput(): handle underflows gracefully (git-fixes) - fat: fix uninitialized field in nostale filehandles (git-fixes) - fbdev: fix incorrect address computation in deferred IO (git-fixes). - fbdev: savage: Handle err return when savagefb_check_var failed (git-fixes). - fbdev: sh7760fb: allow modular build (git-fixes). - fbdev: shmobile: fix snprintf truncation (git-fixes). - fbdev: sisfb: hide unused variables (git-fixes). - fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 (stable-fixes). - fbmon: prevent division by zero in fb_videomode_from_videomode() (stable-fixes). - firewire: core: use long bus reset on gap count error (stable-fixes). - firewire: ohci: mask bus reset interrupts between ISR and bottom half (stable-fixes). - firmware: arm_scmi: Make raw debugfs entries non-seekable (git-fixes). - firmware: dmi-id: add a release callback function (git-fixes). - firmware: raspberrypi: Use correct device for DMA mappings (git-fixes). - firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename() (stable-fixes). - fs/9p: only translate RWX permissions for plain 9P2000 (git-fixes) - fs/9p: translate O_TRUNC into OTRUNC (git-fixes) - fs: Fix error checking for d_hash_and_lookup() (git-fixes) - fs: indicate request originates from old mount API (git-fixes) - fs: relax mount_setattr() permission checks (git-fixes) - fsverity: skip PKCS#7 parser when keyring is empty (git-fixes) - ftrace: Fix possible use-after-free issue in ftrace_location() (git-fixes). - fuse: do not unhash root (bsc#1223946). - fuse: fix root lookup with nonzero generation (bsc#1223945). - geneve: fix header validation in geneve[6]_xmit_skb (git-fixes). - geneve: make sure to pull inner header in geneve_rx() (git-fixes). - gpio: cdev: check for NULL labels when sanitizing them for irqs (git-fixes). - gpio: cdev: fix missed label sanitizing in debounce_setup() (git-fixes). - gpio: cdev: sanitize the label before requesting the interrupt (stable-fixes). - gpio: crystalcove: Use -ENOTSUPP consistently (stable-fixes). - gpio: tangier: Use correct type for the IRQ chip data (git-fixes). - gpio: tegra186: Fix tegra186_gpio_is_accessible() check (git-fixes). - gpio: wcove: Use -ENOTSUPP consistently (stable-fixes). - gpiolib: cdev: fix uninitialised kfifo (git-fixes). - gpiolib: cdev: relocate debounce_period_us from struct gpio_desc (stable-fixes). - gpiolib: swnode: Remove wrong header inclusion (git-fixes). - gpu: host1x: Do not setup DMA for virtual devices (stable-fixes). - gtp: fix use-after-free and null-ptr-deref in gtp_newlink() (git-fixes). - hwmon: (amc6821) add of_match table (stable-fixes). - hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock (git-fixes). - hwmon: (corsair-cpro) Use a separate buffer for sending commands (git-fixes). - hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() (git-fixes). - hwmon: (intel-m10-bmc-hwmon) Fix multiplier for N6000 board power sensor (git-fixes). - hwmon: (lm70) fix links in doc and comments (git-fixes). - hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us (git-fixes). - hwmon: (shtc1) Fix property misspelling (git-fixes). - hwtracing: hisi_ptt: Move type check to the beginning of hisi_ptt_pmu_event_init() (git-fixes). - i2c: cadence: Avoid fifo clear after start (git-fixes). - i2c: pxa: hide unused icr_bits[] variable (git-fixes). - i2c: smbus: fix NULL function pointer dereference (git-fixes). - i2c: synquacer: Fix an error handling path in synquacer_i2c_probe() (git-fixes). - i3c: master: svc: change ENXIO to EAGAIN when IBI occurs during start frame (git-fixes). - i3c: master: svc: fix invalidate IBI type and miss call client IBI handler (git-fixes). - i40e: Enforce software interrupt during busy-poll exit (git-fixes). - i40e: Fix VF MAC filter removal (git-fixes). - i40e: Fix firmware version comparison function (git-fixes). - i40e: disable NAPI right after disabling irqs when handling xsk_pool (git-fixes). - i40e: fix i40e_count_filters() to count only active/new filters (git-fixes). - i40e: fix vf may be used uninitialized in this function warning (git-fixes). - i915: make inject_virtual_interrupt() void (stable-fixes). - ice: Refactor FW data type and fix bitmap casting issue (git-fixes). - ice: fix enabling RX VLAN filtering (git-fixes). - ice: fix memory corruption bug with suspend and rebuild (git-fixes). - ice: fix stats being updated by way too large values (git-fixes). - ice: fix typo in assignment (git-fixes). - ice: fix uninitialized dplls mutex usage (git-fixes). - ice: reconfig host after changing MSI-X on VF (git-fixes). - ice: reorder disabling IRQ and NAPI in ice_qp_dis (git-fixes). - ice: use relative VSI index for VFs instead of PF VSI number (git-fixes). - ice: virtchnl: stop pretending to support RSS over AQ or registers (git-fixes). - ida: make 'ida_dump' static (git-fixes). - idma64: Do not try to serve interrupts when device is powered off (git-fixes). - idpf: disable local BH when scheduling napi for marker packets (git-fixes). - idpf: extend tx watchdog timeout (bsc#1224137). - idpf: fix kernel panic on unknown packet types (git-fixes). - igb: Fix missing time sync events (git-fixes). - igb: extend PTP timestamp adjustments to i211 (git-fixes). - igc: Fix missing time sync events (git-fixes). - igc: Remove stale comment about Tx timestamping (git-fixes). - igc: avoid returning frame twice in XDP_REDIRECT (git-fixes). - iio: accel: mxc4005: Interrupt handling fixes (git-fixes). - iio: adc: stm32: Fixing err code to not indicate success (git-fixes). - iio: core: Leave private pointer NULL when no private data supplied (git-fixes). - iio: dummy_evgen: remove Excess kernel-doc comments (git-fixes). - iio: gts-helper: Fix division loop (git-fixes). - iio: pressure: Fixes BME280 SPI driver data (git-fixes). - iio: pressure: dps310: support negative temperature values (git-fixes). - iio:imu: adis16475: Fix sync mode setting (git-fixes). - inet: frags: eliminate kernel-doc warning (git-fixes). - inet_diag: annotate data-races around inet_diag_table[] (git-fixes). - init/main.c: Fix potential static_command_line memory overflow (git-fixes). - init: open /initrd.image with O_LARGEFILE (stable-fixes). - input/touchscreen: imagis: Correct the maximum touch area value (stable-fixes). - intel: legacy: Partial revert of field get conversion (git-fixes). - interconnect: qcom: osm-l3: Replace custom implementation of COUNT_ARGS() (git-fixes). - interconnect: qcom: qcm2290: Fix mas_snoc_bimc QoS port assignment (git-fixes). - interconnect: qcom: sc8180x: Mark CO0 BCM keepalive (git-fixes). - interconnect: qcom: sm8550: Enable sync_state (git-fixes). - io_uring: kabi cookie remove (bsc#1217384). - iomap: clear the per-folio dirty bits on all writeback failures (git-fixes) - iommu/arm-smmu-v3: Check that the RID domain is S1 in SVA (git-fixes). - iommu/dma: Force swiotlb_max_mapping_size on an untrusted device (bsc#1224331) - iommu/dma: Trace bounce buffer usage when mapping buffers (git-fixes). - iommu/vt-d: Allocate local memory for page request queue (git-fixes). - iommu/vt-d: Fix wrong use of pasid config (git-fixes). - iommu/vt-d: Set SSADE when attaching to a parent with dirty tracking (git-fixes). - iommu: Map reserved memory as cacheable if device is coherent (git-fixes). - iommufd/iova_bitmap: Bounds check mapped::pages access (git-fixes). - iommufd/iova_bitmap: Consider page offset for the pages to be pinned (git-fixes). - iommufd/iova_bitmap: Switch iova_bitmap::bitmap to an u8 array (git-fixes). - iommufd: Add missing IOMMUFD_DRIVER kconfig for the selftest (git-fixes). - iommufd: Fix iopt_access_list_id overwrite bug (git-fixes). - iommufd: Reject non-zero data_type if no data_len is provided (git-fixes). - ionic: set adminq irq affinity (git-fixes). - ipv4: annotate data-races around fi->fib_dead (git-fixes). - irqchip/alpine-msi: Fix off-by-one in allocation error path (git-fixes). - irqchip/armada-370-xp: Suppress unused-function warning (git-fixes). - irqchip/gic-v3-its: Do not assume vPE tables are preallocated (git-fixes). - irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1 (git-fixes). - irqchip/gic-v3-its: Prevent double free on error (git-fixes). - irqchip/loongson-pch-msi: Fix off-by-one on allocation error path (git-fixes). - irqchip/mbigen: Do not use bus_get_dev_root() to find the parent (git-fixes). - irqchip/renesas-rzg2l: Add macro to retrieve TITSR register offset based on register's index (stable-fixes). - irqchip/renesas-rzg2l: Flush posted write in irq_eoi() (git-fixes). - irqchip/renesas-rzg2l: Implement restriction when writing ISCR register (stable-fixes). - irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger type (git-fixes). - irqchip/renesas-rzg2l: Rename rzg2l_irq_eoi() (stable-fixes). - irqchip/renesas-rzg2l: Rename rzg2l_tint_eoi() (stable-fixes). - ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() (git-fixes). - ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able (git-fixes). - jffs2: prevent xattr node from overflowing the eraseblock (git-fixes). - kABI fix of KVM: x86/pmu: Allow programming events that match unsupported arch events (bsc#1225696). - kABI fix of KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible (git-fixes). - kABI workaround for cs35l56 (git-fixes). - kABI workaround for of driver changes (git-fixes). - kABI: Adjust trace_iterator.wait_index (git-fixes). - kabi fix of perf/x86/intel: Expose existence of callback support to KVM (git fixes). - kabi/severities: Remove mitigation-related symbols Those are used by the core kernel to implement CPU vulnerabilities mitigation and are not expected to be consumed by 3rd party users. - kabi/severities: ignore IMS functions They were dropped in previous patches. Noone is supposed to use them. - kabi/severities: ignore TAS2781 symbol drop, it's only locally used - kabi/severities: ignore Wangxun ethernet driver local symbols - kabi/severities: ignore brcmfmac-specific local symbols - kasan, fortify: properly rename memintrinsics (git-fixes). - kasan/test: avoid gcc warning for intentional overflow (git-fixes). - kasan: disable kasan_non_canonical_hook() for HW tags (git-fixes). - kasan: print the original fault addr when access invalid shadow (git-fixes). - kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 (stable-fixes). - kconfig: fix infinite loop when expanding a macro at the end of file (git-fixes). - kexec: do syscore_shutdown() in kernel_kexec (git-fixes). - kprobes: Fix possible use-after-free issue on kprobe registration (git-fixes). - kselftest: Add a ksft_perror() helper (stable-fixes). - kunit/fortify: Fix mismatched kvalloc()/vfree() usage (git-fixes). - leds: pwm: Disable PWM when going to suspend (git-fixes). - lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure (git-fixes). - libnvdimm: Fix ACPI_NFIT in BLK_DEV_PMEM help (jsc#PED-5853). - libperf evlist: Avoid out-of-bounds access (git-fixes). - libsubcmd: Fix parse-options memory leak (git-fixes). - livepatch: Fix missing newline character in klp_resolve_symbols() (bsc#1223539). - locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock (git-fixes) - lsm: fix the logic in security_inode_getsecctx() (git-fixes). - mac802154: fix llsec key resources release in mac802154_llsec_key_del (git-fixes). - maple_tree: fix mas_empty_area_rev() null pointer dereference (git-fixes). - md/dm-raid: do not call md_reap_sync_thread() directly (jsc#PED-7542). - md/raid1-10: add a helper raid1_check_read_range() (jsc#PED-7542). - md/raid1-10: factor out a new helper raid1_should_read_first() (jsc#PED-7542). - md/raid1: factor out choose_bb_rdev() from read_balance() (jsc#PED-7542). - md/raid1: factor out choose_slow_rdev() from read_balance() (jsc#PED-7542). - md/raid1: factor out helpers to add rdev to conf (jsc#PED-7542). - md/raid1: factor out helpers to choose the best rdev from read_balance() (jsc#PED-7542). - md/raid1: factor out read_first_rdev() from read_balance() (jsc#PED-7542). - md/raid1: factor out the code to manage sequential IO (jsc#PED-7542). - md/raid1: fix choose next idle in read_balance() (jsc#PED-7542). - md/raid1: record nonrot rdevs while adding/removing rdevs to conf (jsc#PED-7542). - md: Do not clear MD_CLOSING when the raid is about to stop (jsc#PED-7542). - md: add a new helper rdev_has_badblock() (jsc#PED-7542). - md: add a new helper reshape_interrupted() (jsc#PED-7542). - md: changed the switch of RAID_VERSION to if (jsc#PED-7542). - md: check mddev->pers before calling md_set_readonly() (jsc#PED-7542). - md: clean up invalid BUG_ON in md_ioctl (jsc#PED-7542). - md: clean up openers check in do_md_stop() and md_set_readonly() (jsc#PED-7542). - md: do not clear MD_RECOVERY_FROZEN for new dm-raid until resume (jsc#PED-7542). - md: export helper md_is_rdwr() (jsc#PED-7542). - md: export helpers to stop sync_thread (jsc#PED-7542). - md: factor out a helper to sync mddev (jsc#PED-7542). - md: fix kmemleak of rdev->serial (jsc#PED-7542). - md: get rdev->mddev with READ_ONCE() (jsc#PED-7542). - md: merge the check of capabilities into md_ioctl_valid() (jsc#PED-7542). - md: preserve KABI in struct md_personality (jsc#PED-7542). - md: remove redundant check of 'mddev->sync_thread' (jsc#PED-7542). - md: remove redundant md_wakeup_thread() (jsc#PED-7542). - md: return directly before setting did_set_md_closing (jsc#PED-7542). - md: sync blockdev before stopping raid or setting readonly (jsc#PED-7542). - md: use RCU lock to protect traversal in md_spares_need_change() (jsc#PED-7542). - media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries (git-fixes). - media: cadence: csi2rx: use match fwnode for media link (git-fixes). - media: cec: core: remove length check of Timer Status (stable-fixes). - media: dt-bindings: ovti,ov2680: Fix the power supply names (git-fixes). - media: flexcop-usb: fix sanity check of bNumEndpoints (git-fixes). - media: i2c: et8ek8: Do not strip remove function when driver is builtin (git-fixes). - media: ipu3-cio2: Request IRQ earlier (git-fixes). - media: mc: Fix flags handling when creating pad links (stable-fixes). - media: mc: Fix graph walk in media_pipeline_start (git-fixes). - media: mc: Rename pad variable to clarify intent (stable-fixes). - media: mc: mark the media devnode as registered from the, start (git-fixes). - media: ngene: Add dvb_ca_en50221_init return value check (git-fixes). - media: rcar-vin: work around -Wenum-compare-conditional warning (git-fixes). - media: rkisp1: Fix IRQ handling due to shared interrupts (stable-fixes). - media: sta2x11: fix irq handler cast (stable-fixes). - media: stk1160: fix bounds checking in stk1160_copy_video() (git-fixes). - media: sunxi: a83-mips-csi2: also select GENERIC_PHY (git-fixes). - media: uvcvideo: Add quirk for Logitech Rally Bar (git-fixes). - media: v4l2-subdev: Fix stream handling for crop API (git-fixes). - media: v4l: Do not turn on privacy LED if streamon fails (git-fixes). - mei: me: add arrow lake point H DID (stable-fixes). - mei: me: add arrow lake point S DID (stable-fixes). - mei: me: add lunar lake point M DID (stable-fixes). - mei: me: disable RPL-S on SPS and IGN firmwares (git-fixes). - mlxbf_gige: call request_irq() after NAPI initialized (git-fixes). - mlxbf_gige: stop PHY during open() error paths (git-fixes). - mlxbf_gige: stop interface during shutdown (git-fixes). - mlxsw: Use refcount_t for reference counting (git-fixes). - mm,page_owner: Defer enablement of static branch (bsc#1222366). - mm,page_owner: Fix accounting of pages when migrating (bsc#1222366). - mm,page_owner: Fix printing of stack records (bsc#1222366). - mm,page_owner: Fix refcount imbalance (bsc#1222366). - mm,page_owner: Update metadata for tail pages (bsc#1222366). - mm,page_owner: check for null stack_record before bumping its refcount (bsc#1222366). - mm,page_owner: drop unnecessary check (bsc#1222366). - mm,page_owner: fix recursion (bsc#1222366). - mm/slab: make __free(kfree) accept error pointers (git-fixes). - mm: memcg: do not periodically flush stats when memcg is disabled (bsc#1222525). - mm: memcg: use larger batches for proactive reclaim (bsc#1222522). - mm: page_owner: fix wrong information in dump_page_owner (git-fixes). - mm_init kABI workaround (git-fixes). - mmc: core: Add HS400 tuning in HS400es initialization (stable-fixes). - mmc: core: Avoid negative index with array access (git-fixes). - mmc: core: Initialize mmc_blk_ioc_data (git-fixes). - mmc: davinci: Do not strip remove function when driver is builtin (git-fixes). - mmc: omap: fix broken slot switch lookup (git-fixes). - mmc: omap: fix deferred probe (git-fixes). - mmc: omap: restore original power up/down steps (git-fixes). - mmc: sdhci-msm: pervent access to suspended controller (git-fixes). - mmc: sdhci-omap: re-tuning is needed after a pm transition to support emmc HS200 mode (git-fixes). - mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock (git-fixes). - mmc: sdhci_am654: Add OTAP/ITAP delay enable (git-fixes). - mmc: sdhci_am654: Add tuning algorithm for delay chain (git-fixes). - mmc: sdhci_am654: Fix ITAPDLY for HS400 timing (git-fixes). - mmc: sdhci_am654: Write ITAPDLY for DDR52 timing (git-fixes). - modpost: Add '.ltext' and '.ltext.*' to TEXT_SECTIONS (stable-fixes). - mptcp: Remove unnecessary test for __mptcp_init_sock() (git-fixes). - mptcp: annotate data-races around msk->rmem_fwd_alloc (git-fixes). - mptcp: fix bogus receive window shrinkage with multiple subflows (git-fixes). - mptcp: move __mptcp_error_report in protocol.c (git-fixes). - mptcp: process pending subflow error on close (git-fixes). - mtd: core: Report error if first mtd_otp_size() call fails in mtd_otp_nvmem_add() (git-fixes). - mtd: diskonchip: work around ubsan link failure (stable-fixes). - mtd: rawnand: hynix: fixed typo (git-fixes). - mtd: spinand: Add support for 5-byte IDs (stable-fixes). - net/mlx5: Correctly compare pkt reformat ids (git-fixes). - net/mlx5: E-switch, Change flow rule destination checking (git-fixes). - net/mlx5: E-switch, store eswitch pointer before registering devlink_param (git-fixes). - net/mlx5: Fix fw reporter diagnose output (git-fixes). - net/mlx5: Fix peer devlink set for SF representor devlink port (git-fixes). - net/mlx5: Lag, restore buckets number to default after hash LAG deactivation (git-fixes). - net/mlx5: Properly link new fs rules into the tree (git-fixes). - net/mlx5: Register devlink first under devlink lock (git-fixes). - net/mlx5: Restore mistakenly dropped parts in register devlink flow (git-fixes). - net/mlx5: SF, Stop waiting for FW as teardown was called (git-fixes). - net/mlx5: offset comp irq index in name by one (git-fixes). - net/mlx5e: Change the warning when ignore_flow_level is not supported (git-fixes). - net/mlx5e: Do not produce metadata freelist entries in Tx port ts WQE xmit (git-fixes). - net/mlx5e: Fix mlx5e_priv_init() cleanup flow (git-fixes). - net/mlx5e: HTB, Fix inconsistencies with QoS SQs number (git-fixes). - net/mlx5e: RSS, Block XOR hash with over 128 channels (git-fixes). - net/mlx5e: RSS, Block changing channels number when RXFH is configured (git-fixes). - net/mlx5e: Switch to using _bh variant of of spinlock API in port timestamping NAPI poll context (git-fixes). - net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map (git-fixes). - net/smc: bugfix for smcr v2 server connect success statistic (git-fixes). - net/smc: fix documentation of buffer sizes (git-fixes). - net/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add (git-fixes). - net/x25: fix incorrect parameter validation in the x25_getsockopt() function (git-fixes). - net: NSH: fix kernel-doc notation warning (git-fixes). - net: Use sockaddr_storage for getsockopt(SO_PEERNAME) (git-fixes). - net: add netdev_lockdep_set_classes() to virtual drivers (git-fixes). - net: annotate data-races around sk->sk_bind_phc (git-fixes). - net: annotate data-races around sk->sk_forward_alloc (git-fixes). - net: annotate data-races around sk->sk_lingertime (git-fixes). - net: annotate data-races around sk->sk_tsflags (git-fixes). - net: bonding: remove kernel-doc comment marker (git-fixes). - net: cfg802154: fix kernel-doc notation warnings (git-fixes). - net: dsa: microchip: fix register write order in ksz8_ind_write8() (git-fixes). - net: dsa: mt7530: fix handling of all link-local frames (git-fixes). - net: dsa: mt7530: fix link-local frames that ingress vlan filtering ports (git-fixes). - net: dsa: mt7530: prevent possible incorrect XTAL frequency selection (git-fixes). - net: dsa: mt7530: trap link-local frames regardless of ST Port State (git-fixes). - net: dsa: sja1105: Fix parameters order in sja1110_pcs_mdio_write_c45() (git-fixes). - net: ena: Fix incorrect descriptor free behavior (git-fixes). - net: ena: Fix potential sign extension issue (git-fixes). - net: ena: Move XDP code to its new files (git-fixes). - net: ena: Pass ena_adapter instead of net_device to ena_xmit_common() (git-fixes). - net: ena: Remove ena_select_queue (git-fixes). - net: ena: Set tx_info->xdpf value to NULL (git-fixes). - net: ena: Use tx_ring instead of xdp_ring for XDP channel TX (git-fixes). - net: ena: Wrong missing IO completions check order (git-fixes). - net: ethernet: mtk_eth_soc: fix PPE hanging issue (git-fixes). - net: ethernet: ti: cpsw: enable mac_managed_pm to fix mdio (git-fixes). - net: fec: Set mac_managed_pm during probe (git-fixes). - net: hns3: fix index limit to support all queue stats (git-fixes). - net: hns3: fix kernel crash when 1588 is received on HIP08 devices (git-fixes). - net: hns3: fix kernel crash when devlink reload during pf initialization (git-fixes). - net: hns3: fix port duplex configure error in IMP reset (git-fixes). - net: hns3: fix wrong judgment condition issue (git-fixes). - net: hns3: mark unexcuted loopback test result as UNEXECUTED (git-fixes). - net: hns3: tracing: fix hclgevf trace event strings (git-fixes). - net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() (git-fixes). - net: ks8851: Handle softirqs at the end of IRQ thread to fix hang (git-fixes). - net: ks8851: Inline ks8851_rx_skb() (git-fixes). - net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs (git-fixes). - net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips (git-fixes). - net: libwx: fix memory leak on free page (git-fixes). - net: ll_temac: platform_get_resource replaced by wrong function (git-fixes). - net: llc: fix kernel-doc notation warnings (git-fixes). - net: mana: Fix Rx DMA datasize and skb_over_panic (git-fixes). - net: mediatek: mtk_eth_soc: clear MAC_MCR_FORCE_LINK only when MAC is up (git-fixes). - net: nfc: remove inappropriate attrs check (stable-fixes). - net: pcs: xpcs: Return EINVAL in the internal methods (git-fixes). - net: phy: fix phy_read_poll_timeout argument type in genphy_loopback (git-fixes). - net: phy: micrel: Fix potential null pointer dereference (git-fixes). - net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping (git-fixes). - net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8061 (git-fixes). - net: phy: phy_device: Prevent nullptr exceptions on ISR (git-fixes). - net: phy: phy_device: Prevent nullptr exceptions on ISR (stable-fixes). - net: ravb: Always process TX descriptor ring (git-fixes). - net: ravb: Let IP-specific receive function to interrogate descriptors (git-fixes). - net: smsc95xx: add support for SYS TEC USB-SPEmodule1 (git-fixes). - net: sparx5: Fix use after free inside sparx5_del_mact_entry (git-fixes). - net: sparx5: fix wrong config being used when reconfiguring PCS (git-fixes). - net: sparx5: flower: fix fragment flags handling (git-fixes). - net: stmmac: Fix incorrect dereference in interrupt handlers (git-fixes). - net: stmmac: dwmac-starfive: Add support for JH7100 SoC (git-fixes). - net: stmmac: fix rx queue priority assignment (git-fixes). - net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr() (git-fixes). - net: tcp: fix unexcepted socket die when snd_wnd is 0 (git-fixes). - net: tls, fix WARNIING in __sk_msg_free (bsc#1221858). - net: tls: fix returned read length with async decrypt (bsc#1221858). - net: tls: fix use-after-free with partial reads and async (bsc#1221858). - net: usb: ax88179_178a: avoid the interface always configured as random address (git-fixes). - net: usb: ax88179_178a: avoid writing the mac address before first reading (git-fixes). - net: usb: ax88179_178a: fix link status when link is set to down/up (git-fixes). - net: usb: ax88179_178a: stop lying about skb->truesize (git-fixes). - net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (git-fixes). - net: usb: smsc95xx: stop lying about skb->truesize (git-fixes). - net: usb: sr9700: stop lying about skb->truesize (git-fixes). - net: veth: do not manipulate GRO when using XDP (git-fixes). - net: wwan: t7xx: Split 64bit accesses to fix alignment issues (git-fixes). - net:usb:qmi_wwan: support Rolling modules (stable-fixes). - netfilter: nf_tables: disable toggling dormant table state more than once (git-fixes). - netfilter: nf_tables: uapi: Describe NFTA_RULE_CHAIN_ID (git-fixes). - netfilter: nft_ct: fix l3num expectations with inet pseudo family (git-fixes). - netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention (git-fixes). - nf_conntrack: fix -Wunused-const-variable= (git-fixes). - nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() (git-fixes). - nfc: nci: Fix kcov check in nci_rx_work() (git-fixes). - nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet (git-fixes). - nfc: nci: Fix uninit-value in nci_rx_work (git-fixes). - nfp: flower: handle acti_netdevs allocation failure (git-fixes). - nfs: fix panic when nfs4_ff_layout_prepare_ds() fails (git-fixes). - nfsd: Fix a regression in nfsd_setattr() (git-fixes). - nfsd: do not call locks_release_private() twice concurrently (git-fixes). - nfsd: use __fput_sync() to avoid delayed closing of files (bsc#1223380 bsc#1217408). - nilfs2: fix OOB in nilfs_set_de_type (git-fixes). - nilfs2: fix out-of-range warning (git-fixes). - nilfs2: fix potential bug in end_buffer_async_write (git-fixes). - nilfs2: fix unexpected freezing of nilfs_segctor_sync() (git-fixes). - nilfs2: fix use-after-free of timer for log writer thread (git-fixes). - nilfs2: make superblock data array index computation sparse friendly (git-fixes). - nouveau/dmem: handle kcalloc() allocation failure (git-fixes). - nouveau/gsp: do not check devinit disable on GSP (git-fixes). - nouveau/uvmm: fix addr/range calcs for remap operations (git-fixes). - nouveau: fix devinit paths to only handle display on GSP (git-fixes). - nouveau: fix function cast warning (git-fixes). - nouveau: fix instmem race condition around ptr stores (git-fixes). - nouveau: lock the client object tree (stable-fixes). - nouveau: reset the bo resource bus info after an eviction (git-fixes). - nvdimm/pmem: Treat alloc_dax() -EOPNOTSUPP failure as non-fatal (jsc#PED-5853). - nvdimm/pmem: fix leak on dax_add_host() failure (jsc#PED-5853). - nvdimm: make nvdimm_bus_type const (jsc#PED-5853). - nvme-fc: do not wait in vain when unloading module (git-fixes). - nvme-multipath: fix io accounting on failover (git-fixes). - nvme-pci: Add quirk for broken MSIs (git-fixes). - nvme-tcp: strict pdu pacing to avoid send stalls on TLS (bsc#1221858). - nvme: fix multipath batched completion accounting (git-fixes). - nvme: fix reconnection fail due to reserved tag allocation (git-fixes). - nvme: fix warn output about shared namespaces without CONFIG_NVME_MULTIPATH (git-fixes). - nvmet-fc: abort command when there is no binding (git-fixes). - nvmet-fc: defer cleanup using RCU properly (git-fixes). - nvmet-fc: hold reference on hostport match (git-fixes). - nvmet-fc: release reference on target port (git-fixes). - nvmet-fcloop: swap the list_add_tail arguments (git-fixes). - nvmet-tcp: fix nvme tcp ida memory leak (git-fixes).++ kernel-source-azure.spec (revision 4)%define git_commit ba2f81d0ba1ad117dc6a5494a21d358f354126d7Release: &lt;RELEASE>.gba2f81d - nvmet: fix ns enable/disable possible hang (git-fixes). - octeontx2-af: Add array index check (git-fixes). - octeontx2-af: Fix NIX SQ mode and BP config (git-fixes). - octeontx2-af: Fix devlink params (git-fixes). - octeontx2-af: Fix issue with loading coalesced KPU profiles (git-fixes). - octeontx2-af: Use matching wake_up API variant in CGX command interface (git-fixes). - octeontx2-af: Use separate handlers for interrupts (git-fixes). - octeontx2-pf: Fix transmit scheduler resource leak (git-fixes). - octeontx2-pf: Send UP messages to VF only when VF is up (git-fixes). - octeontx2-pf: Use default max_active works instead of one (git-fixes). - octeontx2-pf: Wait till detach_resources msg is complete (git-fixes). - octeontx2-pf: check negative error code in otx2_open() (git-fixes). - octeontx2-pf: fix FLOW_DIS_IS_FRAGMENT implementation (git-fixes). - octeontx2: Detect the mbox up or down message via register (git-fixes). - of: dynamic: Synchronize of_changeset_destroy() with the devlink removals (git-fixes). - of: module: add buffer overflow check in of_modalias() (git-fixes). - of: module: prevent NULL pointer dereference in vsnprintf() (stable-fixes). - of: property: Add in-ports/out-ports support to of_graph_get_port_parent() (stable-fixes). - of: property: Improve finding the consumer of a remote-endpoint property (git-fixes). - of: property: Improve finding the supplier of a remote-endpoint property (git-fixes). - of: property: fix typo in io-channels (git-fixes). - of: property: fw_devlink: Fix stupid bug in remote-endpoint parsing (git-fixes). - of: unittest: Fix compile in the non-dynamic case (git-fixes). - overflow: Allow non-type arg to type_max() and type_min() (stable-fixes). - peci: linux/peci.h: fix Excess kernel-doc description warning (git-fixes). - perf annotate: Fix annotation_calc_lines() to pass correct address to get_srcline() (git-fixes). - perf annotate: Get rid of duplicate --group option item (git-fixes). - perf auxtrace: Fix multiple use of --itrace option (git-fixes). - perf bench internals inject-build-id: Fix trap divide when collecting just one DSO (git-fixes). - perf bench uprobe: Remove lib64 from libc.so.6 binary path (git-fixes). - perf bpf: Clean up the generated/copied vmlinux.h (git-fixes). - perf daemon: Fix file leak in daemon_session__control (git-fixes). - perf docs: Document bpf event modifier (git-fixes). - perf evsel: Fix duplicate initialization of data->id in evsel__parse_sample() (git-fixes). - perf expr: Fix 'has_event' function for metric style events (git-fixes). - perf intel-pt: Fix unassigned instruction op (discovered by MemorySanitizer) (git-fixes). - perf jevents: Drop or simplify small integer values (git-fixes). - perf list: fix short description for some cache events (git-fixes). - perf lock contention: Add a missing NULL check (git-fixes). - perf metric: Do not remove scale from counts (git-fixes). - perf pmu: Count sys and cpuid JSON events separately (git fixes). - perf pmu: Fix a potential memory leak in perf_pmu__lookup() (git-fixes). - perf pmu: Treat the msr pmu as software (git-fixes). - perf print-events: make is_event_supported() more robust (git-fixes). - perf probe: Add missing libgen.h header needed for using basename() (git-fixes). - perf record: Check conflict between '--timestamp-filename' option and pipe mode before recording (git-fixes). - perf record: Fix debug message placement for test consumption (git-fixes). - perf record: Fix possible incorrect free in record__switch_output() (git-fixes). - perf report: Avoid SEGV in report__setup_sample_type() (git-fixes). - perf sched timehist: Fix -g/--call-graph option failure (git-fixes). - perf script: Show also errors for --insn-trace option (git-fixes). - perf srcline: Add missed addr2line closes (git-fixes). - perf stat: Avoid metric-only segv (git-fixes). - perf stat: Do not display metric header for non-leader uncore events (git-fixes). - perf stat: Do not fail on metrics on s390 z/VM systems (git-fixes). - perf symbols: Fix ownership of string in dso__load_vmlinux() (git-fixes). - perf test shell arm_coresight: Increase buffer size for Coresight basic tests (git-fixes). - perf tests: Apply attributes to all events in object code reading test (git-fixes). - perf tests: Make 'test data symbol' more robust on Neoverse N1 (git-fixes). - perf tests: Make data symbol test wait for perf to start (bsc#1220045). - perf tests: Skip data symbol test if buf1 symbol is missing (bsc#1220045). - perf thread: Fixes to thread__new() related to initializing comm (git-fixes). - perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str() (git-fixes). - perf top: Uniform the event name for the hybrid machine (git-fixes). - perf top: Use evsel's cpus to replace user_requested_cpus (git-fixes). - perf ui browser: Avoid SEGV on title (git fixes). - perf ui browser: Do not save pointer to stack memory (git-fixes). - perf vendor events amd: Add Zen 4 memory controller events (git-fixes). - perf vendor events amd: Fix Zen 4 cache latency events (git-fixes). - perf/x86/amd/core: Avoid register reset when CPU is dead (git-fixes). - perf/x86/amd/core: Update and fix stalled-cycles-* events for Zen 2 and later (git-fixes). - perf/x86/amd/lbr: Discard erroneous branch entries (git-fixes). - perf/x86/amd/lbr: Use freeze based on availability (git-fixes). - perf/x86/intel/ds: Do not clear ->pebs_data_cfg for the last PEBS event (git-fixes). - perf/x86/intel: Expose existence of callback support to KVM (git-fixes). - perf/x86: Fix out of range data (git-fixes). - phy: freescale: imx8m-pcie: fix pcie link-up instability (git-fixes). - phy: marvell: a3700-comphy: Fix hardcoded array size (git-fixes). - phy: marvell: a3700-comphy: Fix out of bounds read (git-fixes). - phy: rockchip-snps-pcie3: fix bifurcation on rk3588 (git-fixes). - phy: rockchip-snps-pcie3: fix clearing PHP_GRF_PCIESEL_CON bits (git-fixes). - phy: rockchip: naneng-combphy: Fix mux on rk3588 (git-fixes). - phy: ti: tusb1210: Resolve charger-det crash if charger psy is unregistered (git-fixes). - pinctrl/meson: fix typo in PDM's pin name (git-fixes). - pinctrl: armada-37xx: remove an unused variable (git-fixes). - pinctrl: baytrail: Fix selecting gpio pinctrl state (git-fixes). - pinctrl: core: delete incorrect free in pinctrl_enable() (git-fixes). - pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() (git-fixes). - pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback (git-fixes). - pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE (git-fixes). - pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T (git-fixes). - pinctrl: qcom: pinctrl-sm7150: Fix sdc1 and ufs special pins regs (git-fixes). - pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs (stable-fixes). - platform/chrome: cros_ec_uart: properly fix race condition (git-fixes). - platform/x86/amd/pmc: Extend Framework 13 quirk to more BIOSes (stable-fixes). - platform/x86/intel-uncore-freq: Do not present root domain on error (git-fixes). - platform/x86: ISST: Add Granite Rapids-D to HPM CPU list (stable-fixes). - platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet (stable-fixes). - platform/x86: x86-android-tablets: Fix acer_b1_750_goodix_gpios name (stable-fixes). - platform/x86: xiaomi-wmi: Fix race condition when reporting key events (git-fixes). - power: rt9455: hide unused rt9455_boost_voltage_values (git-fixes). - power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator (git-fixes). - powerpc/crypto/chacha-p10: Fix failure on non Power10 (bsc#1218205). - powerpc/eeh: Permanently disable the removed device (bsc#1223991 ltc#205740). - powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks (git-fixes). - powerpc/pseries/lparcfg: drop error message from guest name lookup (bsc#1187716 ltc#193451 git-fixes). - powerpc/pseries/vio: Do not return ENODEV if node or compatible missing (bsc#1220783). - powerpc/pseries: make max polling consistent for longer H_CALLs (bsc#1215199). - powerpc/uaccess: Fix build errors seen with GCC 13/14 (bsc#1194869). - powerpc/uaccess: Use YZ asm constraint for ld (bsc#1194869). - powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191). - ppdev: Add an error check in register_device (git-fixes). - prctl: generalize PR_SET_MDWE support check to be per-arch (bsc#1225610). - printk: Add this_cpu_in_panic() (bsc#1225607). - printk: Adjust mapping for 32bit seq macros (bsc#1225607). - printk: Avoid non-panic CPUs writing to ringbuffer (bsc#1225607). - printk: Consolidate console deferred printing (bsc#1225607). - printk: Disable passing console lock owner completely during panic() (bsc#1225607). - printk: Do not take console lock for console_flush_on_panic() (bsc#1225607). - printk: For @suppress_panic_printk check for other CPU in panic (bsc#1225607). - printk: Keep non-panic-CPUs out of console lock (bsc#1225607). - printk: Let no_printk() use _printk() (bsc#1225618). - printk: Reduce console_unblank() usage in unsafe scenarios (bsc#1225607). - printk: Rename abandon_console_lock_in_panic() to other_cpu_in_panic() (bsc#1225607). - printk: Update @console_may_schedule in console_trylock_spinning() (bsc#1225616). - printk: Use prb_first_seq() as base for 32bit seq macros (bsc#1225607). - printk: Wait for all reserved records with pr_flush() (bsc#1225607). - printk: nbcon: Relocate 32bit seq macros (bsc#1225607). - printk: ringbuffer: Clarify special lpos values (bsc#1225607). - printk: ringbuffer: Cleanup reader terminology (bsc#1225607). - printk: ringbuffer: Do not skip non-finalized records with prb_next_seq() (bsc#1225607). - printk: ringbuffer: Skip non-finalized records in panic (bsc#1225607). - proc/kcore: do not try to access unaccepted memory (git-fixes). - pstore/zone: Add a null pointer check to the psz_kmsg_read (stable-fixes). - pstore: inode: Convert mutex usage to guard(mutex) (stable-fixes). - pstore: inode: Only d_invalidate() is needed (git-fixes). - pwm: img: fix pwm clock lookup (git-fixes). - qibfs: fix dentry leak (git-fixes) - r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d (git-fixes). - r8169: skip DASH fw status checks when DASH is disabled (git-fixes). - random: handle creditable entropy from atomic process context (git-fixes). - regmap: Add regmap_read_bypassed() (git-fixes). - regmap: kunit: Ensure that changed bytes are actually different (stable-fixes). - regmap: maple: Fix cache corruption in regcache_maple_drop() (git-fixes). - regmap: maple: Fix uninitialized symbol 'ret' warnings (git-fixes). - regulator: bd71828: Do not overwrite runtime voltages (git-fixes). - regulator: change devm_regulator_get_enable_optional() stub to return Ok (git-fixes). - regulator: change stubbed devm_regulator_get_enable to return Ok (git-fixes). - regulator: core: fix debugfs creation regression (git-fixes). - regulator: mt6360: De-capitalize devicetree regulator subnodes (git-fixes). - regulator: tps65132: Add of_match table (stable-fixes). - remoteproc: k3-r5: Do not allow core1 to power up before core0 via sysfs (git-fixes). - remoteproc: k3-r5: Jump to error handling labels in start/stop errors (git-fixes). - remoteproc: k3-r5: Wait for core0 power-up before powering up core1 (git-fixes). - remoteproc: mediatek: Make sure IPI buffer fits in L2TCM (git-fixes). - remoteproc: stm32: Fix incorrect type assignment returned by stm32_rproc_get_loaded_rsc_tablef (git-fixes). - remoteproc: virtio: Fix wdg cannot recovery remote processor (git-fixes). - ring-buffer: Do not set shortest_full when full target is hit (git-fixes). - ring-buffer: Fix a race between readers and resize checks (git-fixes). - ring-buffer: Fix full_waiters_pending in poll (git-fixes). - ring-buffer: Fix resetting of shortest_full (git-fixes). - ring-buffer: Fix waking up ring buffer readers (git-fixes). - ring-buffer: Make wake once of ring_buffer_wait() more robust (git-fixes). - ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() (git-fixes). - ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment (git-fixes). - rtc: mt6397: select IRQ_DOMAIN instead of depending on it (git-fixes). - s390/bpf: Emit a barrier for BPF_FETCH instructions (git-fixes bsc#1224792). - s390/cio: Ensure the copied buf is NUL terminated (git-fixes bsc#1223869). - s390/cio: fix tracepoint subchannel type field (git-fixes bsc#1224793). - s390/cpacf: Split and rework cpacf query functions (git-fixes bsc#1225133). - s390/cpum_cf: make crypto counters upward compatible across machine types (bsc#1224348). - s390/ipl: Fix incorrect initialization of len fields in nvme reipl block (git-fixes bsc#1225136). - s390/ipl: Fix incorrect initialization of nvme dump block (git-fixes bsc#1225134). - s390/ism: Properly fix receive message buffer allocation (git-fixes bsc#1223590). - s390/mm: Fix clearing storage keys for huge pages (git-fixes bsc#1223871). - s390/mm: Fix storage key clearing for guest huge pages (git-fixes bsc#1223872). - s390/qeth: Fix kernel panic after setting hsuid (git-fixes bsc#1223874). - s390/vdso: Add CFI for RA register to asm macro vdso_func (git-fixes bsc#1223870). - s390/vdso: drop '-fPIC' from LDFLAGS (git-fixes bsc#1223593). - s390/vtime: fix average steal time calculation (git-fixes bsc#1221783). - s390/zcrypt: fix reference counting on zcrypt card objects (git-fixes bsc#1223592). - sched-fair-Add-EAS-checks-before-updating-root_domain-overutilized.patch. - sched-fair-Combine-EAS-check-with-overutilized-access.patch. - sched-fair-Introduce-is_rd_overutilized-helper-function-to-access-root_domain-overutilized.patch. - sched/balancing: Rename newidle_balance() => sched_balance_newidle() (bsc#1222173). - sched/fair: Check root_domain::overload value before update (bsc#1222173). - sched/fair: Use helper functions to access root_domain::overload (bsc#1222173). - sched/psi: Select KERNFS as needed (git-fixes). - sched/topology: Optimize topology_span_sane() (bsc#1225053). - scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn (git-fixes). - scsi: core: Consult supported VPD page list prior to fetching page (git-fixes). - scsi: core: Fix unremoved procfs host directory regression (git-fixes). - scsi: csiostor: Avoid function pointer casts (git-fixes). - scsi: hisi_sas: Modify the deadline for ata_wait_after_reset() (git-fixes). - scsi: libsas: Add a helper sas_get_sas_addr_and_dev_type() (git-fixes). - scsi: libsas: Fix disk not being scanned in after being removed (git-fixes). - scsi: lpfc: Add support for 32 byte CDBs (bsc#1225842). - scsi: lpfc: Change default logging level for unsolicited CT MIB commands (bsc#1225842). - scsi: lpfc: Change lpfc_hba hba_flag member into a bitmask (bsc#1225842). Refresh: - patches.suse/lpfc-reintroduce-old-irq-probe-logic.patch - scsi: lpfc: Clear deferred RSCN processing flag when driver is unloading (bsc#1225842). - scsi: lpfc: Copyright updates for 14.4.0.1 patches (bsc#1221777). - scsi: lpfc: Copyright updates for 14.4.0.2 patches (bsc#1225842). - scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() (bsc#1221777). - scsi: lpfc: Correct size for wqe for memset() (bsc#1221777). - scsi: lpfc: Define lpfc_dmabuf type for ctx_buf ptr (bsc#1221777). - scsi: lpfc: Define lpfc_nodelist type for ctx_ndlp ptr (bsc#1221777). - scsi: lpfc: Define types in a union for generic void *context3 ptr (bsc#1221777). - scsi: lpfc: Introduce rrq_list_lock to protect active_rrq_list (bsc#1225842). - scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (bsc#1221777). - scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1221777). - scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1221777 bsc#1217959). - scsi: lpfc: Remove unnecessary log message in queuecommand path (bsc#1221777). - scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() (bsc#1221777). - scsi: lpfc: Update logging of protection type for T10 DIF I/O (bsc#1225842). - scsi: lpfc: Update lpfc version to 14.4.0.1 (bsc#1221777). - scsi: lpfc: Update lpfc version to 14.4.0.2 (bsc#1225842). - scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic (bsc#1221777). - scsi: lpfc: Use a dedicated lock for ras_fwlog state (bsc#1221777). - scsi: mpi3mr: Reduce stack usage in mpi3mr_refresh_sas_ports() (git-fixes). - scsi: mpt3sas: Prevent sending diag_reset when the controller is ready (git-fixes). - scsi: mylex: Fix sysfs buffer lengths (git-fixes). - scsi: qla2xxx: Change debug message during driver unload (bsc1221816). - scsi: qla2xxx: Delay I/O Abort on PCI error (bsc1221816). - scsi: qla2xxx: Fix N2N stuck connection (bsc1221816). - scsi: qla2xxx: Fix command flush on cable pull (bsc1221816). - scsi: qla2xxx: Fix double free of fcport (bsc1221816). - scsi: qla2xxx: Fix double free of the ha->vp_map pointer (bsc1221816). - scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (git-fixes). - scsi: qla2xxx: NVME|FCP prefer flag not being honored (bsc1221816). - scsi: qla2xxx: Prevent command send on chip reset (bsc1221816). - scsi: qla2xxx: Split FCE|EFT trace control (bsc1221816). - scsi: qla2xxx: Update manufacturer detail (bsc1221816). - scsi: qla2xxx: Update version to 10.02.09.200-k (bsc1221816). - scsi: sd: Unregister device if device_add_disk() failed in sd_probe() (git-fixes). - scsi: sg: Avoid race in error handling & drop bogus warn (git-fixes). - scsi: sg: Avoid sg device teardown race (git-fixes). - scsi: smartpqi: Fix disable_managed_interrupts (git-fixes). - sctp: annotate data-races around sk->sk_wmem_queued (git-fixes). - sdhci-of-dwcmshc: disable PM runtime in dwcmshc_remove() (git-fixes). - selftests/binderfs: use the Makefile's rules, not Make's implicit rules (git-fixes). - selftests/bpf: add edge case backtracking logic test (bsc#1225756). - selftests/bpf: precision tracking test for BPF_NEG and BPF_END (bsc#1225756). - selftests/ftrace: Fix event filter target_func selection (stable-fixes). - selftests/ftrace: Limit length in subsystem-enable tests (git-fixes). - selftests/kcmp: remove unused open mode (git-fixes). - selftests/net: convert test_bridge_neigh_suppress.sh to run it in unique namespace (stable-fixes). - selftests/pidfd: Fix config for pidfd_setns_test (git-fixes). - selftests/powerpc/dexcr: Add -no-pie to hashchk tests (git-fixes). - selftests/powerpc/papr-vpd: Fix missing variable initialization (jsc#PED-4486 git-fixes). - selftests/resctrl: fix clang build failure: use LOCAL_HDRS (git-fixes). - selftests/timers/posix_timers: Reimplement check_timer_distribution() (git-fixes). - selftests: default to host arch for LLVM builds (git-fixes). - selftests: forwarding: Fix ping failure due to short timeout (git-fixes). - selftests: kselftest: Fix build failure with NOLIBC (git-fixes). - selftests: kselftest: Mark functions that unconditionally call exit() as __noreturn (git-fixes). - selftests: net: bridge: increase IGMP/MLD exclude timeout membership interval (git-fixes). - selftests: net: kill smcrouted in the cleanup logic in amt.sh (git-fixes). - selftests: net: move amt to socat for better compatibility (git-fixes). - selftests: test_bridge_neigh_suppress.sh: Fix failures due to duplicate MAC (git-fixes). - selftests: timers: Convert posix_timers test to generate KTAP output (stable-fixes). - selftests: timers: Fix abs() warning in posix_timers test (git-fixes). - selftests: timers: Fix posix_timers ksft_print_msg() warning (git-fixes). - selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior (stable-fixes). - selftests: vxlan_mdb: Fix failures with old libnet (git-fixes). - selinux: avoid dereference of garbage after mount failure (git-fixes). - selinux: introduce an initial SID for early boot processes (bsc#1208593). - serial/pmac_zilog: Remove flawed mitigation for rx irq flood (git-fixes). - serial: 8250_bcm7271: use default_mux_rate if possible (git-fixes). - serial: 8250_dw: Revert: Do not reclock if already at correct rate (git-fixes). - serial: 8250_exar: Do not remove GPIO device on suspend (git-fixes). - serial: 8520_mtk: Set RTS on shutdown for Rx in-band wakeup (git-fixes). - serial: Lock console when calling into driver before registration (git-fixes). - serial: core: Fix atomicity violation in uart_tiocmget (git-fixes). - serial: core: only stop transmit when HW fifo is empty (git-fixes). - serial: kgdboc: Fix NMI-safety problems from keyboard reset code (stable-fixes). - serial: max3100: Fix bitwise types (git-fixes). - serial: max3100: Lock port->lock when calling uart_handle_cts_change() (git-fixes). - serial: max310x: fix NULL pointer dereference in I2C instantiation (git-fixes). - serial: max310x: fix syntax error in IRQ error message (git-fixes). - serial: mxs-auart: add spinlock around changing cts state (git-fixes). - serial: sc16is7xx: add proper sched.h include for sched_set_fifo() (git-fixes). - serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler (git-fixes). - serial: sh-sci: protect invalidating RXDMA on shutdown (git-fixes). - serial: stm32: Reset .throttled state in .startup() (git-fixes). - series.conf: cleanup Fix subsection header to silence series_insert error. - slimbus: core: Remove usage of the deprecated ida_simple_xx() API (git-fixes). - slimbus: qcom-ngd-ctrl: Add timeout for wait operation (git-fixes). - smb3: show beginning time for per share stats (bsc#1225172). - smb: client: ensure to try all targets when finding nested links (bsc#1225172). - smb: client: fix mount when dns_resolver key is not available (git-fixes, bsc#1225172). - smb: client: fix parsing of SMB3.1.1 POSIX create context (git-fixes, bsc#1225172). - smb: client: get rid of dfs code dep in namespace.c (bsc#1225172). - smb: client: get rid of dfs naming in automount code (bsc#1225172). - smb: client: introduce DFS_CACHE_TGT_LIST() (bsc#1225172). - smb: client: reduce stack usage in cifs_try_adding_channels() (bsc#1225172). - smb: client: remove extra @chan_count check in __cifs_put_smb_ses() (bsc#1225172). - smb: client: rename cifs_dfs_ref.c to namespace.c (bsc#1225172). - soc: fsl: qbman: Always disable interrupts when taking cgr_lock (git-fixes). - soc: fsl: qbman: Use raw spinlock for cgr_lock (git-fixes). - soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE (git-fixes). - soc: microchip: Fix POLARFIRE_SOC_SYS_CTRL input prompt (stable-fixes). - soc: qcom: pmic_glink: Make client-lock non-sleeping (git-fixes). - soc: qcom: pmic_glink: do not traverse clients list without a lock (git-fixes). - soc: qcom: pmic_glink: notify clients about the current state (git-fixes). - soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request (git-fixes). - sock_diag: annotate data-races around sock_diag_handlers[family] (git-fixes). - soundwire: amd: fix for wake interrupt handling for clockstop mode (git-fixes). - speakup: Avoid crash on very long word (git-fixes). - speakup: Fix 8bit characters from direct synth (git-fixes). - speakup: Fix sizeof() vs ARRAY_SIZE() bug (git-fixes). - spi: Do not mark message DMA mapped when no transfer in it is (git-fixes). - spi: fix null pointer dereference within spi_sync (git-fixes). - spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs (git-fixes). - spi: intel-pci: Add support for Lunar Lake-M SPI serial flash (stable-fixes). - spi: lm70llp: fix links in doc and comments (git-fixes). - spi: lpspi: Avoid potential use-after-free in probe() (git-fixes). - spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe (git-fixes). - spi: microchip-core-qspi: fix setting spi bus clock rate (git-fixes). - spi: spi-fsl-lpspi: remove redundant spi_controller_put call (git-fixes). - spi: spi-mt65xx: Fix NULL pointer access in interrupt handler (git-fixes). - spi: stm32: Do not warn about spurious interrupts (git-fixes). - spi: xilinx: Fix kernel documentation in the xilinx_spi.h (git-fixes). - spmi: hisi-spmi-controller: Do not override device identifier (git-fixes). - staging: vc04_services: changen strncpy() to strscpy_pad() (stable-fixes). - staging: vc04_services: fix information leak in create_component() (git-fixes). - staging: vt6655: Remove unused declaration of RFbAL7230SelectChannelPostProcess() (git-fixes). - stmmac: Clear variable when destroying workqueue (git-fixes). - supported.conf: support tcp_dctcp module (jsc#PED-8111) - swiotlb: Fix alignment checks when both allocation and DMA masks are (bsc#1224331) - swiotlb: Fix double-allocation of slots due to broken alignment (bsc#1224331) - swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc() (bsc#1224331) - swiotlb: extend buffer pre-padding to alloc_align_mask if necessary (bsc#1224331) - swiotlb: use the calculated number of areas (git-fixes). - thermal/drivers/qcom/lmh: Check for SCM availability at probe (git-fixes). - thermal/drivers/tsens: Fix null pointer dereference (git-fixes). - thermal/of: Assume polling-delay(-passive) 0 when absent (stable-fixes). - thermal: devfreq_cooling: Fix perf state when calculate dfc res_util (git-fixes). - thunderbolt: Avoid notify PM core about runtime PM resume (stable-fixes). - thunderbolt: Do not create DisplayPort tunnels on adapters of the same router (git-fixes). - thunderbolt: Fix wake configurations after device unplug (stable-fixes). - thunderbolt: Introduce tb_path_deactivate_hop() (stable-fixes). - thunderbolt: Introduce tb_port_reset() (stable-fixes). - thunderbolt: Make tb_switch_reset() support Thunderbolt 2, 3 and USB4 routers (stable-fixes). - thunderbolt: Reset only non-USB4 host routers in resume (git-fixes). - tls: break out of main loop when PEEK gets a non-data record (bsc#1221858). - tls: do not skip over different type records from the rx_list (bsc#1221858). - tls: fix peeking with sync+async decryption (bsc#1221858). - tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1221858). - tools/arch/x86/intel_sdsi: Fix maximum meter bundle length (git-fixes). - tools/arch/x86/intel_sdsi: Fix meter_certificate decoding (git-fixes). - tools/arch/x86/intel_sdsi: Fix meter_show display (git-fixes). - tools/latency-collector: Fix -Wformat-security compile warns (git-fixes). - tools/power turbostat: Expand probe_intel_uncore_frequency() (bsc#1221765). - tools/power/turbostat: Fix uncore frequency file string (bsc#1221765). - tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer (git-fixes). - tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string (git-fixes). - tracing/ring-buffer: Fix wait_on_pipe() race (git-fixes). - tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test (git-fixes). - tracing: Have saved_cmdlines arrays all in one allocation (git-fixes). - tracing: Remove precision vsnprintf() check from print event (git-fixes). - tracing: Use .flush() call to wake up readers (git-fixes). - tracing: hide unused ftrace_event_id_fops (git-fixes). - tty: n_gsm: fix missing receive state reset after mode switch (git-fixes). - tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (git-fixes). - tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT (git-fixes). - tty: vt: fix 20 vs 0x20 typo in EScsiignore (git-fixes). - ubifs: Queue up space reservation tasks if retrying many times (git-fixes). - ubifs: Remove unreachable code in dbg_check_ltab_lnum (git-fixes). - ubifs: Set page uptodate in the correct place (git-fixes). - ubifs: dbg_check_idx_size: Fix kmemleak if loading znode failed (git-fixes). - ubifs: fix sort function prototype (git-fixes). - usb: Disable USB3 LPM at shutdown (stable-fixes). - usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device (bsc#1220569). - usb: aqc111: stop lying about skb->truesize (git-fixes). - usb: audio-v2: Correct comments for struct uac_clock_selector_descriptor (git-fixes). - usb: cdc-wdm: close race between read and workqueue (git-fixes). - usb: dwc2: gadget: Fix exiting from clock gating (git-fixes). - usb: dwc2: gadget: LPM flow fix (git-fixes). - usb: dwc2: host: Fix ISOC flow in DDMA mode (git-fixes). - usb: dwc2: host: Fix dereference issue in DDMA completion flow (git-fixes). - usb: dwc2: host: Fix hibernation flow (git-fixes). - usb: dwc2: host: Fix remote wakeup from hibernation (git-fixes). - usb: dwc3-am62: Disable wakeup at remove (git-fixes). - usb: dwc3-am62: Rename private data (git-fixes). - usb: dwc3-am62: fix module unload/reload behavior (git-fixes). - usb: dwc3: Properly set system wakeup (git-fixes). - usb: dwc3: Wait unconditionally after issuing EndXfer command (git-fixes). - usb: dwc3: core: Prevent phy suspend during init (Git-fixes). - usb: dwc3: pci: Drop duplicate ID (git-fixes). - usb: fotg210: Add missing kernel doc description (git-fixes). - usb: gadget: composite: fix OS descriptors w_value logic (git-fixes). - usb: gadget: f_fs: Fix a race condition when processing setup packets (git-fixes). - usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (git-fixes). - usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error (stable-fixes). - usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin (git-fixes). - usb: gadget: u_audio: Clear uac pointer when freed (git-fixes). - usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind (git-fixes). - usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR (stable-fixes). - usb: gadget: uvc: use correct buffer size when parsing configfs lists (git-fixes). - usb: ohci: Prevent missed ohci interrupts (git-fixes). - usb: phy: generic: Get the vbus supply (git-fixes). - usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined (stable-fixes). - usb: typec: Return size of buffer if pd_set operation succeeds (git-fixes). - usb: typec: tcpci: add generic tcpci fallback compatible (stable-fixes). - usb: typec: tcpm: Check for port partner validity before consuming it (git-fixes). - usb: typec: tcpm: Correct port source pdo array in pd_set callback (git-fixes). - usb: typec: tcpm: Correct the PDO counting in pd_set (git-fixes). - usb: typec: tcpm: Update PD of Type-C port upon pd_set (git-fixes). - usb: typec: tcpm: clear pd_event queue in PORT_RESET (git-fixes). - usb: typec: tcpm: fix double-free issue in tcpm_port_unregister_pd() (git-fixes). - usb: typec: tcpm: unregister existing source caps before re-registration (git-fixes). - usb: typec: tipd: fix event checking for tps6598x (git-fixes). - usb: typec: ucsi: Ack unsupported commands (stable-fixes). - usb: typec: ucsi: Check for notifications after init (git-fixes). - usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros (git-fixes). - usb: typec: ucsi: Clear EVENT_PENDING under PPM lock (git-fixes). - usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset (stable-fixes). - usb: typec: ucsi: Fix connector check on init (git-fixes). - usb: typec: ucsi: Fix race between typec_switch and role_switch (git-fixes). - usb: typec: ucsi: Limit read size on v1.2 (stable-fixes). - usb: typec: ucsi: always register a link to USB PD device (git-fixes). - usb: typec: ucsi: displayport: Fix potential deadlock (git-fixes). - usb: typec: ucsi: simplify partner's PD caps registration (git-fixes). - usb: typec: ucsi_acpi: Refactor and fix DELL quirk (git-fixes). - usb: udc: remove warning when queue disabled ep (stable-fixes). - usb: xhci-plat: Do not include xhci.h (stable-fixes). - usb: xhci: Add error handling in xhci_map_urb_for_dma (git-fixes). - usb: xhci: Implement xhci_handshake_check_state() helper. - usb: xhci: correct return value in case of STS_HCE (git-fixes). - vboxsf: Avoid an spurious warning if load_nls_xxx() fails (git-fixes). - vboxsf: explicitly deny setlease attempts (stable-fixes). - vdpa/mlx5: Allow CVQ size changes (git-fixes). - vdpa_sim: reset must not run (git-fixes). - veth: try harder when allocating queue memory (git-fixes). - vhost: Add smp_rmb() in vhost_enable_notify() (git-fixes). - vhost: Add smp_rmb() in vhost_vq_avail_empty() (git-fixes). - virtio-blk: Ensure no requests in virtqueues before deleting vqs (git-fixes). - virtio: treat alloc_dax() -EOPNOTSUPP failure as non-fatal (bsc#1223944). - virtio_net: Do not send RSS key if it is not supported (git-fixes). - vmci: prevent speculation leaks by sanitizing event in event_deliver() (git-fixes). - vsock/virtio: fix packet delivery to tap device (git-fixes). - watchdog: bd9576: Drop 'always-running' property (git-fixes). - watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger (git-fixes). - watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin (git-fixes). - watchdog: sa1100: Fix PTR_ERR_OR_ZERO() vs NULL check in sa1100dog_probe() (git-fixes). - wifi: ar5523: enable proper endpoint verification (git-fixes). - wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (git-fixes). - wifi: ath10k: poll service ready message before failing (git-fixes). - wifi: ath10k: populate board data for WCN3990 (git-fixes). - wifi: ath11k: decrease MHI channel buffer length to 8KB (bsc#1207948). - wifi: ath11k: do not force enable power save on non-running vdevs (git-fixes). - wifi: ath12k: fix out-of-bound access of qmi_invoke_handler() (git-fixes). - wifi: ath9k: fix LNA selection in ath_ant_try_scan() (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro (stable-fixes). - wifi: brcmfmac: Demote vendor-specific attach/detach messages to info (git-fixes). - wifi: brcmfmac: add per-vendor feature detection callback (stable-fixes). - wifi: brcmfmac: cfg80211: Use WSEC to set SAE password (stable-fixes). - wifi: brcmfmac: pcie: handle randbuf allocation failure (git-fixes). - wifi: carl9170: add a proper sanity check for endpoints (git-fixes). - wifi: carl9170: re-fix fortified-memset warning (git-fixes). - wifi: cfg80211: check A-MSDU format more carefully (stable-fixes). - wifi: cfg80211: fix rdev_dump_mpp() arguments order (stable-fixes). - wifi: ieee80211: fix ieee80211_mle_basic_sta_prof_size_ok() (git-fixes). - wifi: iwlwifi: fw: do not always use FW dump trig (git-fixes). - wifi: iwlwifi: fw: fix compile w/o CONFIG_ACPI (git-fixes). - wifi: iwlwifi: mvm: allocate STA links only for active links (git-fixes). - wifi: iwlwifi: mvm: fix active link counting during recovery (git-fixes). - wifi: iwlwifi: mvm: fix check in iwl_mvm_sta_fw_id_mask (git-fixes). - wifi: iwlwifi: mvm: guard against invalid STA ID on removal (stable-fixes). - wifi: iwlwifi: mvm: include link ID when releasing frames (git-fixes). - wifi: iwlwifi: mvm: init vif works only once (git-fixes). - wifi: iwlwifi: mvm: remove old PASN station when adding a new one (git-fixes). - wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd (git-fixes). - wifi: iwlwifi: mvm: rfi: fix potential response leaks (git-fixes). - wifi: iwlwifi: mvm: select STA mask only for active links (git-fixes). - wifi: iwlwifi: mvm: use correct address 3 in A-MSDU (stable-fixes). - wifi: iwlwifi: pcie: Add the PCI device id for new hardware (stable-fixes). - wifi: iwlwifi: pcie: fix RB status reading (stable-fixes). - wifi: iwlwifi: read txq->read_ptr under lock (stable-fixes). - wifi: iwlwifi: reconfigure TLC during HW restart (git-fixes). - wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (stable-fixes). - wifi: mac80211: clean up assignments to pointer cache (stable-fixes). - wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc (stable-fixes). - wifi: mac80211: fix prep_connection error path (stable-fixes). - wifi: mac80211: fix unaligned le16 access (git-fixes). - wifi: mac80211: only call drv_sta_rc_update for uploaded stations (stable-fixes). - wifi: mac80211: remove link before AP (git-fixes). - wifi: mac80211_hwsim: init peer measurement result (git-fixes). - wifi: mt76: mt7603: add wpdma tx eof flag for PSE client reset (git-fixes). - wifi: mt76: mt7603: fix tx queue of loopback packets (git-fixes). - wifi: mt76: mt7915: workaround too long expansion sparse warnings (git-fixes). - wifi: mt76: mt7996: add locking for accessing mapped registers (stable-fixes). - wifi: mt76: mt7996: disable AMSDU for non-data frames (stable-fixes). - wifi: mwl8k: initialize cmd->addr[] properly (git-fixes). - wifi: nl80211: do not free NULL coalescing rule (git-fixes). - wifi: rtw88: 8821cu: Fix connection failure (stable-fixes). - wifi: rtw88: Add missing VID/PIDs for 8811CU and 8821CU (stable-fixes). - wifi: rtw89: fix null pointer access when abort scan (stable-fixes). - wifi: rtw89: pci: correct TX resource checking for PCI DMA channel of firmware command (git-fixes). - wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor (stable-fixes). - wireguard: netlink: access device through ctx instead of peer (git-fixes). - wireguard: netlink: check for dangling peer via is_dead instead of empty list (git-fixes). - wireguard: receive: annotate data-race around receiving_counter.counter (git-fixes). - x86/CPU/AMD: Add models 0x10-0x1f to the Zen5 range (git-fixes). - x86/Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT (git-fixes). - x86/bugs: Fix BHI retpoline check (git-fixes). - x86/bugs: Fix the SRSO mitigation on Zen3/4 (git-fixes). - x86/bugs: Remove default case for fully switched enums (git-fixes). - x86/calldepth: Rename __x86_return_skl() to call_depth_return_thunk() (git-fixes). - x86/coco: Require seeding RNG with RDRAND on CoCo systems (git-fixes). - x86/cpu: Add model number for Intel Arrow Lake mobile processor (git-fixes). - x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ (git-fixes). - x86/efistub: Add missing boot_params for mixed mode compat entry (git-fixes). - x86/efistub: Call mixed mode boot services on the firmware's stack (git-fixes). - x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (git-fixes). - x86/hyperv: Allow 15-bit APIC IDs for VTL platforms (git-fixes). - x86/hyperv: Use per cpu initial stack for vtl context (git-fixes). - x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y (git-fixes). - x86/kvm/Kconfig: Have KVM_AMD_SEV select ARCH_HAS_CC_PLATFORM (git-fixes). - x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (git-fixes). - x86/nmi: Fix the inverse 'in NMI handler' check (git-fixes). - x86/nospec: Refactor UNTRAIN_RET[_*] (git-fixes). - x86/pm: Work around false positive kmemleak report in msr_build_context() (git-fixes). - x86/purgatory: Switch to the position-independent small code model (git-fixes). - x86/rethunk: Use SYM_CODE_START[_LOCAL]_NOALIGN macros (git-fixes). - x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk (git-fixes). - x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO (git-fixes). - x86/srso: Disentangle rethunk-dependent options (git-fixes). - x86/srso: Fix unret validation dependencies (git-fixes). - x86/srso: Improve i-cache locality for alias mitigation (git-fixes). - x86/srso: Print actual mitigation if requested mitigation isn't possible (git-fixes). - x86/srso: Remove 'pred_cmd' label (git-fixes). - x86/srso: Unexport untraining functions (git-fixes). - x86/xen: Add some null pointer checking to smp.c (git-fixes). - x86/xen: attempt to inflate the memory balloon on PVH (git-fixes). - xdp, bonding: Fix feature flags when there are no slave devs anymore (git-fixes). - xen-netfront: Add missing skb_mark_for_recycle (git-fixes). - xen/events: drop xen_allocate_irqs_dynamic() (git-fixes). - xen/events: fix error code in xen_bind_pirq_msi_to_irq() (git-fixes). - xen/events: increment refcnt only if event channel is refcounted (git-fixes). - xen/events: modify internal [un]bind interfaces (git-fixes). - xen/events: reduce externally visible helper functions (git-fixes). - xen/events: remove some simple helpers from events_base.c (git-fixes). - xen/evtchn: avoid WARN() when unbinding an event channel (git-fixes). - xen: evtchn: Allow shared registration of IRQ handers (git-fixes). - xfs: add lock protection when remove perag from radix tree (git-fixes). - xfs: allow extent free intents to be retried (git-fixes). - xfs: fix perag leak when growfs fails (git-fixes). - xfs: force all buffers to be written during btree bulk load (git-fixes). - xfs: make xchk_iget safer in the presence of corrupt inode btrees (git-fixes). - xfs: pass the xfs_defer_pending object to iop_recover (git-fixes). - xfs: recompute growfsrtfree transaction reservation while growing rt volume (git-fixes). - xfs: transfer recovered intent item ownership in ->iop_recover (git-fixes). - xfs: use xfs_defer_pending objects to recover intent items (git-fixes). - xhci: Simplify event ring dequeue pointer update for port change events (git-fixes). - xhci: add helper that checks for unhandled events on a event ring (git-fixes). - xhci: remove unnecessary event_ring_deq parameter from xhci_handle_event() (git-fixes). - xhci: simplify event ring dequeue tracking for transfer events (git-fixes). - 9p: add missing locking around taking dentry fid list (git-fixes) - accel/ivpu: Fix deadlock in context_xa (git-fixes). - ACPI: bus: Indicate support for _TFP thru _OSC (git-fixes). - ACPI: bus: Indicate support for IRQ ResourceSource thru _OSC (git-fixes). - ACPI: bus: Indicate support for the Generic Event Device thru _OSC (git-fixes). - ACPI: CPPC: Fix access width used for PCC registers (git-fixes). - ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro (git-fixes). - ACPI: CPPC: Use access_width over bit_width for system memory accesses (stable-fixes). - ACPI: disable -Wstringop-truncation (git-fixes). - ACPI: Fix Generic Initiator Affinity _OSC bit (git-fixes). - ACPI: LPSS: Advertise number of chip selects via property (git-fixes). - ACPI: resource: Add Infinity laptops to irq1_edge_low_force_override (stable-fixes). - ACPI: resource: Do IRQ override on Lunnen Ground laptops (stable-fixes). - ACPI: scan: Do not increase dep_unmet for already met dependencies (git-fixes). - ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 (bsc#1217750). - ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS (stable-fixes). - ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() (git-fixes). - admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET (git-fixes). - ahci: asm1064: asm1166: do not limit reported ports (git-fixes). - ahci: asm1064: correct count of reported ports (stable-fixes). - ALSA: aoa: avoid false-positive format truncation warning (git-fixes). - ALSA: core: Fix NULL module pointer assignment at card init (git-fixes). - ALSA: core: Remove debugfs at disconnection (git-fixes). - ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter (stable-fixes). - ALSA: Fix deadlocks with kctl removals at disconnection (stable-fixes). - ALSA: hda: Add Intel BMG PCI ID and HDMI codec vid (stable-fixes). - ALSA: hda: clarify Copyright information (stable-fixes). - ALSA: hda: cs35l41: Add support for ASUS ROG 2024 Laptops (stable-fixes). - ALSA: hda: cs35l41: Ignore errors when configuring IRQs (stable-fixes). - ALSA: hda: cs35l41: Remove redundant argument to cs35l41_request_firmware_file() (stable-fixes). - ALSA: hda: cs35l41: Remove Speaker ID for Lenovo Legion slim 7 16ARHA7 (git-fixes). - ALSA: hda: cs35l41: Set the max PCM Gain using tuning setting (stable-fixes). - ALSA: hda: cs35l41: Support HP Omen models without _DSD (stable-fixes). - ALSA: hda: cs35l41: Support Lenovo 13X laptop without _DSD (stable-fixes). - ALSA: hda: cs35l41: Update DSP1RX5/6 Sources for DSP config (stable-fixes). - ALSA: hda: cs35l56: Add ACPI device match tables (git-fixes). - ALSA: hda: cs35l56: Exit cache-only after cs35l56_wait_for_firmware_boot() (stable-fixes). - ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance (git-fixes). - ALSA: hda: cs35l56: Set the init_done flag before component_add() (git-fixes). - ALSA: hda: hda_cs_dsp_ctl: Remove notification of driver write (stable-fixes). - ALSA: hda: intel-dsp-config: harden I2C/I2S codec detection (stable-fixes). - ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() (git-fixes). - ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup (git-fixes). - ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC (stable-fixes). - ALSA: hda/realtek - Fix inactive headset mic jack (stable-fixes). - ALSA: hda/realtek - fixed headset Mic not show (stable-fixes). - ALSA: hda/realtek - Set GPIO3 to default at S4 state for Thinkpad with ALC1318 (stable-fixes). - ALSA: hda/realtek: Add quirk for HP SnowWhite laptops (stable-fixes). - ALSA: hda/realtek: Add quirk for HP Spectre x360 14 eu0000 (stable-fixes). - ALSA: hda/realtek: Add quirks for ASUS Laptops using CS35L56 (stable-fixes). - ALSA: hda/realtek: Add quirks for HP Omen models using CS35L41 (stable-fixes). - ALSA: hda/realtek: Add quirks for Huawei Matebook D14 NBLB-WAX9N (stable-fixes). - ALSA: hda/realtek: Add quirks for Lenovo 13X (stable-fixes). - ALSA: hda/realtek: Add quirks for some Clevo laptops (stable-fixes). - ALSA: hda/realtek: Add sound quirks for Lenovo Legion slim 7 16ARHA7 models (stable-fixes). - ALSA: hda/realtek: Add support for ASUS Zenbook 2024 HN7306W (stable-fixes). - ALSA: hda/realtek: Adjust G814JZR to use SPI init for amp (git-fixes). - ALSA: hda/realtek: cs35l41: Support ASUS ROG G634JYR (stable-fixes). - ALSA: hda/realtek: Drop doubly quirk entry for 103c:8a2e (git-fixes). - ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 (stable-fixes). - ALSA: hda/realtek: Fix build error without CONFIG_PM (stable-fixes). - ALSA: hda/realtek: Fix conflicting PCI SSID 17aa:386f for Lenovo Legion models (bsc#1223462). - ALSA: hda/realtek: Fix internal speakers for Legion Y9000X 2022 IAH7 (stable-fixes). - ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU (stable-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for ProBook 440/460 G11 (stable-fixes). - ALSA: hda/realtek: fix the hp playback volume issue for LG machines (stable-fixes). - ALSA: hda/realtek: Fix volumn control of ThinkBook 16P Gen4 (git-fixes). - ALSA: hda/realtek: Fixes for Asus GU605M and GA403U sound (stable-fixes). - ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone (git-fixes). - ALSA: hda/tas2781: add locks to kcontrols (git-fixes). - ALSA: hda/tas2781: Add new vendor_id and subsystem_id to support ThinkPad ICE-1 (stable-fixes). - ALSA: hda/tas2781: correct the register for pow calibrated data (git-fixes). - ALSA: hda/tas2781: remove digital gain kcontrol (git-fixes). - ALSA: line6: Zero-initialize message buffers (stable-fixes). - ALSA: scarlett2: Add correct product series name to messages (stable-fixes). - ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support (stable-fixes). - ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support (stable-fixes). - ALSA: scarlett2: Add missing error check to scarlett2_config_save() (git-fixes). - ALSA: scarlett2: Add support for Clarett 8Pre USB (stable-fixes). - ALSA: scarlett2: Default mixer driver to enabled (stable-fixes). - ALSA: scarlett2: Move USB IDs out from device_info struct (stable-fixes). - ALSA: seq: Do not clear bank selection at event -> UMP MIDI2 conversion (git-fixes). - ALSA: seq: Fix incorrect UMP type for system messages (git-fixes). - ALSA: seq: Fix missing bank setup between MIDI1/MIDI2 UMP conversion (git-fixes). - ALSA: seq: Fix yet another spot for system message conversion (git-fixes). - ALSA: seq: ump: Fix conversion from MIDI2 to MIDI1 UMP messages (git-fixes). - ALSA: seq: ump: Fix swapped song position pointer data (git-fixes). - ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs (git-fixes). - ALSA: timer: Set lower bound of start tick time (stable-fixes). - ALSA: ump: Do not accept an invalid UMP protocol number (git-fixes). - ALSA: ump: Do not clear bank selection after sending a program change (git-fixes). - ALSA: ump: Set default protocol when not given explicitly (git-fixes). - ALSA: usb-audio: Add sampling rates support for Mbox3 (stable-fixes). - ALSA: usb-audio: Fix for sampling rates support for Mbox3 (stable-fixes). - ALSA/hda: intel-dsp-config: reduce log verbosity (git-fixes). - amd/amdkfd: sync all devices to wait all processes being evicted (stable-fixes). - amdkfd: use calloc instead of kzalloc to avoid integer overflow (stable-fixes). - arm_pmu: acpi: Add a representative platform device for TRBE (bsc#1220587) - arm_pmu: acpi: Refactor arm_spe_acpi_register_device() (bsc#1220587) - ARM: 9381/1: kasan: clear stale stack poison (git-fixes). - ARM: imx_v6_v7_defconfig: Restore CONFIG_BACKLIGHT_CLASS_DEVICE (git-fixes). - ARM: imx: Check return value of devm_kasprintf in imx_mmdc_perf_init (git-fixes). - ARM: OMAP2+: fix N810 MMC gpiod table (git-fixes). - ARM: OMAP2+: fix USB regression on Nokia N8x0 (git-fixes). - ARM: prctl: reject PR_SET_MDWE on pre-ARMv6 (stable-fixes). - ARM: s5pv210: fix pm.c kernel-doc warning (git-fixes). - arm64: Add the arm64.no32bit_el0 command line option (jsc#PED-3184). - arm64: bpf: fix 32bit unconditional bswap (git-fixes). - arm64: dts: allwinner: h616: Fix I2C0 pins (git-fixes) - arm64: dts: allwinner: Pine H64: correctly remove reg_gmac_3v3 (git-fixes) - arm64: dts: broadcom: bcmbca: bcm4908: drop invalid switch cells (git-fixes) - arm64: dts: Fix dtc interrupt_provider warnings (git-fixes) - arm64: dts: hi3798cv200: fix the size of GICR (git-fixes) - arm64: dts: imx8-ss-conn: fix usb lpcg indices (git-fixes) - arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order (git-fixes) - arm64: dts: imx8-ss-dma: fix adc lpcg indices (git-fixes) - arm64: dts: imx8-ss-dma: fix can lpcg indices (git-fixes) - arm64: dts: imx8-ss-dma: fix spi lpcg indices (git-fixes) - arm64: dts: imx8-ss-lsio: fix pwm lpcg indices (git-fixes) - arm64: dts: imx8qm-ss-dma: fix can lpcg indices (git-fixes) - arm64: dts: marvell: reorder crypto interrupts on Armada SoCs (git-fixes) - arm64: dts: microchip: sparx5: fix mdio reg (git-fixes) - arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK (git-fixes) - arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK (git-fixes) - arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 (git-fixes) - arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for (git-fixes) - arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 (git-fixes) - arm64: dts: rockchip: fix rk3328 hdmi ports node (git-fixes) - arm64: dts: rockchip: fix rk3399 hdmi ports node (git-fixes) - arm64: dts: rockchip: regulator for sd needs to be always on for (git-fixes) - arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro (git-fixes) - arm64: dts: rockchip: set PHY address of MT7531 switch to 0x1f (git-fixes) - arm64: hibernate: Fix level3 translation fault in swsusp_save() (git-fixes). - arm64: tegra: Correct Tegra132 I2C alias (git-fixes) - arm64: tegra: Set the correct PHY mode for MGBE (git-fixes) - arm64/head: Disable MMU at EL2 before clearing HCR_EL2.E2H (git-fixes). - arm64/ptrace: Use saved floating point state type to determine SVE (git-fixes) - arm64/sve: Lower the maximum allocation for the SVE ptrace regset (git-fixes) - asm-generic: make sparse happy with odd-sized put_unaligned_*() (stable-fixes). - ASoC: acp: Support microphone from device Acer 315-24p (git-fixes). - ASoC: amd: acp: fix for acp_init function error handling (git-fixes). - ASoC: amd: yc: Add Lenovo ThinkBook 21J0 into DMI quirk table (stable-fixes). - ASoC: amd: yc: Fix non-functional mic on ASUS M7600RE (stable-fixes). - ASoC: amd: yc: Fix non-functional mic on Lenovo 21J2 (stable-fixes). - ASoC: amd: yc: Revert 'Fix non-functional mic on Lenovo 21J2' (stable-fixes). - ASoC: codecs: wsa881x: set clk_stop_mode1 flag (git-fixes). - ASoC: cs35l41: Update DSP1RX5/6 Sources for DSP config (git-fixes). - ASoC: cs35l56: Fix unintended bus access while resetting amp (git-fixes). - ASoC: cs35l56: Prevent overwriting firmware ASP config (git-fixes). - ASoC: da7219-aad: fix usage of device_get_named_child_node() (git-fixes). - ASoC: Intel: avs: Fix ASRC module initialization (git-fixes). - ASoC: Intel: avs: Fix potential integer overflow (git-fixes). - ASoC: Intel: avs: Populate board selection with new I2S entries (stable-fixes). - ASoC: Intel: avs: Set name of control as in topology (git-fixes). - ASoC: Intel: avs: ssm4567: Do not ignore route checks (git-fixes). - ASoC: Intel: avs: Test result of avs_get_module_entry() (git-fixes). - ASoC: Intel: bytcr_rt5640: Apply Asus T100TA quirk to Asus T100TAM too (git-fixes). - ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops (stable-fixes). - ASoC: Intel: Disable route checks for Skylake boards (git-fixes). - ASoC: kirkwood: Fix potential NULL dereference (git-fixes). - ASoC: mediatek: Assign dummy when codec not specified for a DAI link (git-fixes). - ASoC: mediatek: mt8192: fix register configuration for tdm (git-fixes). - ASoC: meson: axg-card: make links nonatomic (git-fixes). - ASoC: meson: axg-fifo: use FIELD helpers (stable-fixes). - ASoC: meson: axg-fifo: use threaded irq to check periods (git-fixes). - ASoC: meson: axg-tdm-interface: manage formatters in trigger (git-fixes). - ASoC: meson: cards: select SND_DYNAMIC_MINORS (git-fixes). - ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw (git-fixes). - ASoC: rockchip: i2s-tdm: Fix inaccurate sampling rates (git-fixes). - ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating (git-fixes). - ASoC: rt5645: Make LattePanda board DMI match more precise (stable-fixes). - ASoC: rt5682-sdw: fix locking sequence (git-fixes). - ASoC: rt711-sdca: fix locking sequence (git-fixes). - ASoC: rt711-sdw: fix locking sequence (git-fixes). - ASoC: rt712-sdca-sdw: fix locking sequence (git-fixes). - ASoC: rt715-sdca: volume step modification (git-fixes). - ASoC: rt715: add vendor clear control register (git-fixes). - ASoC: rt722-sdca-sdw: fix locking sequence (git-fixes). - ASoC: rt722-sdca: add headset microphone vrefo setting (git-fixes). - ASoC: rt722-sdca: modify channel number to support 4 channels (git-fixes). - ASoC: soc-core.c: Skip dummy codec when adding platforms (stable-fixes). - ASoC: SOF: amd: Optimize quirk for Valve Galileo (stable-fixes). - ASoC: SOF: Intel: add default firmware library path for LNL (git-fixes). - ASoC: SOF: Intel: hda-dsp: Skip IMR boot on ACE platforms in case of S3 suspend (stable-fixes). - ASoC: SOF: Intel: lnl: Correct rom_status_reg (git-fixes). - ASoC: SOF: Intel: mtl: call dsp dump when boot retry fails (stable-fixes). - ASoC: SOF: Intel: mtl: Correct rom_status_reg (git-fixes). - ASoC: SOF: Intel: mtl: Disable interrupts when firmware boot failed (git-fixes). - ASoC: SOF: Intel: mtl: Implement firmware boot state check (git-fixes). - ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend (stable-fixes). - ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension (git-fixes). - ASoC: tas2552: Add TX path for capturing AUDIO-OUT data (git-fixes). - ASoC: tas2781: Fix a warning reported by robot kernel test (git-fixes). - ASoC: tas2781: Fix wrong loading calibrated data sequence (git-fixes). - ASoC: tas2781: mark dvc_tlv with __maybe_unused (git-fixes). - ASoC: tegra: Fix DSPK 16-bit playback (git-fixes). - ASoC: ti: Convert Pandora ASoC to GPIO descriptors (stable-fixes). - ASoC: ti: davinci-mcasp: Fix race condition during probe (git-fixes). - ASoC: tlv320adc3xxx: Do not strip remove function when driver is builtin (git-fixes). - ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (git-fixes). - ASoC: wm_adsp: Add missing MODULE_DESCRIPTION() (git-fixes). - ASoC: wm_adsp: Fix missing mutex_lock in wm_adsp_write_ctl() (git-fixes). - ata: libata-core: Allow command duration limits detection for ACS-4 drives (git-fixes). - ata: pata_legacy: make legacy_exit() work again (git-fixes). - ata: sata_gemini: Check clk_enable() result (stable-fixes). - ata: sata_mv: Fix PCI device ID table declaration compilation warning (git-fixes). - ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit (git-fixes). - autofs: use wake_up() instead of wake_up_interruptible(() (bsc#1224166). - ax25: Fix netdev refcount issue (git-fixes). - ax25: Fix reference count leak issue of net_device (git-fixes). - ax25: Fix reference count leak issues of ax25_dev (git-fixes). - ax25: fix use-after-free bugs caused by ax25_ds_del_timer (git-fixes). - batman-adv: Avoid infinite loop trying to resize local TT (git-fixes). - bitops: add missing prototype check (git-fixes). - blk-cgroup: fix list corruption from reorder of WRITE ->lqueued (bsc#1225605). - blk-cgroup: fix list corruption from resetting io stat (bsc#1225605). - block: fix q->blkg_list corruption during disk rebind (bsc#1223591). - Bluetooth: Add new quirk for broken read key length on ATS2851 (stable-fixes). - Bluetooth: add quirk for broken address properties (git-fixes). - Bluetooth: btintel: Fix null ptr deref in btintel_read_version (stable-fixes). - Bluetooth: btintel: Fixe build regression (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 (stable-fixes). - Bluetooth: btusb: Fix triggering coredump implementation for QCA (git-fixes). - Bluetooth: Fix memory leak in hci_req_sync_complete() (git-fixes). - Bluetooth: Fix TOCTOU in HCI debugfs implementation (git-fixes). - Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() (stable-fixes). - Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout (git-fixes). - Bluetooth: hci_core: Cancel request on command timeout (stable-fixes). - Bluetooth: hci_event: Fix sending HCI_OP_READ_ENC_KEY_SIZE (git-fixes). - Bluetooth: hci_event: set the conn encrypted before conn establishes (stable-fixes). - Bluetooth: hci_sock: Fix not validating setsockopt user input (git-fixes). - Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync (git-fixes). - Bluetooth: hci_sync: Fix using the same interval and window for Coded PHY (git-fixes). - Bluetooth: hci_sync: Use QoS to determine which PHY to scan (stable-fixes). - Bluetooth: HCI: Fix potential null-ptr-deref (git-fixes). - Bluetooth: ISO: Align broadcast sync_timeout with connection timeout (stable-fixes). - Bluetooth: ISO: Do not reject BT_ISO_QOS if parameters are unset (git-fixes). - Bluetooth: l2cap: Do not double set the HCI_CONN_MGMT_CONNECTED bit (git-fixes). - Bluetooth: L2CAP: Fix not validating setsockopt user input (git-fixes). - Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (git-fixes). - Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect() (git-fixes). - Bluetooth: MGMT: Fix failing to MGMT_OP_ADD_UUID/MGMT_OP_REMOVE_UUID (bsc#1221504). - Bluetooth: mgmt: Fix limited discoverable off timeout (stable-fixes). - Bluetooth: msft: fix slab-use-after-free in msft_do_close() (git-fixes). - Bluetooth: qca: add missing firmware sanity checks (git-fixes). - Bluetooth: qca: fix device-address endianness (git-fixes). - Bluetooth: qca: Fix error code in qca_read_fw_build_info() (git-fixes). - Bluetooth: qca: fix firmware check error path (git-fixes). - Bluetooth: qca: fix info leak when fetching fw build id (git-fixes). - Bluetooth: qca: fix NULL-deref on non-serdev setup (git-fixes). - Bluetooth: qca: fix NULL-deref on non-serdev suspend (git-fixes). - Bluetooth: qca: fix NVM configuration parsing (git-fixes). - Bluetooth: RFCOMM: Fix not validating setsockopt user input (git-fixes). - Bluetooth: SCO: Fix not validating setsockopt user input (git-fixes). - bnx2x: Fix firmware version string character counts (git-fixes). - bnxt_en: Fix error recovery for RoCE ulp client (git-fixes). - bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init() (git-fixes). - bnxt_en: Reset PTP tx_avail after possible firmware reset (git-fixes). - bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (git-fixes) - bootconfig: Fix the kerneldoc of _xbc_exit() (git-fixes). - bootconfig: use memblock_free_late to free xbc memory to buddy (git-fixes). - bootmem: use kmemleak_free_part_phys in free_bootmem_page (git-fixes). - bootmem: use kmemleak_free_part_phys in put_page_bootmem (git-fixes). - bpf, arm64: fix bug in BPF_LDX_MEMSX (git-fixes) - bpf, arm64: Fix incorrect runtime stats (git-fixes) - bpf, scripts: Correct GPL license name (git-fixes). - bpf: fix precision backtracking instruction iteration (bsc#1225756). - bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END (git-fixes). - bpf: handle ldimm64 properly in check_cfg() (bsc#1225756). - btrfs: add a helper to read the superblock metadata_uuid (git-fixes) - btrfs: add and use helper to check if block group is used (bsc#1220120). - btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() (git-fixes) - btrfs: add new unused block groups to the list of unused block groups (bsc#1220120). - btrfs: allow to run delayed refs by bytes to be released instead of count (bsc#1220120). - btrfs: always clear PERTRANS metadata during commit (git-fixes) - btrfs: always print transaction aborted messages with an error level (git-fixes) - btrfs: always reserve space for delayed refs when starting transaction (bsc#1220120). - btrfs: assert correct lock is held at btrfs_select_ref_head() (bsc#1220120). - btrfs: assert delayed node locked when removing delayed item (git-fixes) - btrfs: avoid start and commit empty transaction when flushing qgroups (bsc#1220120). - btrfs: avoid start and commit empty transaction when starting qgroup rescan (bsc#1220120). - btrfs: avoid starting and committing empty transaction when flushing space (bsc#1220120). - btrfs: avoid starting new transaction when flushing delayed items and refs (bsc#1220120). - btrfs: check for BTRFS_FS_ERROR in pending ordered assert (git-fixes) - btrfs: compare the correct fsid/metadata_uuid in btrfs_validate_super (git-fixes) - btrfs: defrag: avoid unnecessary defrag caused by incorrect extent size (git-fixes) - btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args (git-fixes) - btrfs: do not allow non subvolume root targets for snapshot (git-fixes) - btrfs: do not arbitrarily slow down delalloc if we're committing (git-fixes) - btrfs: do not delete unused block group if it may be used soon (bsc#1220120). - btrfs: do not refill whole delayed refs block reserve when starting transaction (bsc#1220120). - btrfs: do not start transaction when joining with TRANS_JOIN_NOSTART (git-fixes) - btrfs: do not steal space from global rsv after a transaction abort (bsc#1220120). - btrfs: do not warn if discard range is not aligned to sector (git-fixes) - btrfs: ensure fiemap does not race with writes when FIEMAP_FLAG_SYNC is given (bsc#1223285). - btrfs: error out when COWing block using a stale transaction (git-fixes) - btrfs: error out when reallocating block for defrag using a stale transaction (git-fixes) - btrfs: error when COWing block from a root that is being deleted (git-fixes) - btrfs: export: handle invalid inode or root reference in btrfs_get_parent() (git-fixes) - btrfs: fail priority metadata ticket with real fs error (bsc#1220120). - btrfs: file_remove_privs needs an exclusive lock in direct io write (git-fixes) - btrfs: fix 64bit compat send ioctl arguments not initializing version member (git-fixes) - btrfs: fix deadlock with fiemap and extent locking (bsc#1223285). - btrfs: fix information leak in btrfs_ioctl_logical_to_ino() (git-fixes) - btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() (git-fixes) - btrfs: fix lockdep splat and potential deadlock after failure running delayed items (git-fixes) - btrfs: fix off-by-one chunk length calculation at contains_pending_extent() (git-fixes) - btrfs: fix off-by-one when checking chunk map includes logical address (git-fixes) - btrfs: fix race between ordered extent completion and fiemap (bsc#1223285). - btrfs: fix race when detecting delalloc ranges during fiemap (bsc#1223285). - btrfs: fix race when refilling delayed refs block reserve (git-fixes) - btrfs: fix start transaction qgroup rsv double free (git-fixes) - btrfs: fix stripe length calculation for non-zoned data chunk allocation (bsc#1217489). - btrfs: fix wrong block_start calculation for btrfs_drop_extent_map_range() (git-fixes) Dropped hunk in selftests (test_case_7), 92e1229b204d6. - btrfs: free qgroup rsv on io failure (git-fixes) - btrfs: free the allocated memory if btrfs_alloc_page_array() fails (git-fixes) - btrfs: get rid of label and goto at insert_delayed_ref() (bsc#1220120). - btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() (git-fixes) - btrfs: handle errors properly in update_inline_extent_backref() (git-fixes) - btrfs: initialize key where it's used when running delayed data ref (bsc#1220120). - btrfs: log message if extent item not found when running delayed extent op (bsc#1220120). - btrfs: make btrfs_cleanup_fs_roots() static (bsc#1220120). - btrfs: make btrfs_destroy_delayed_refs() return void (bsc#1220120). - btrfs: make btrfs_destroy_marked_extents() return void (bsc#1220120). - btrfs: make btrfs_destroy_pinned_extent() return void (bsc#1220120). - btrfs: make error messages more clear when getting a chunk map (git-fixes) - btrfs: make find_first_extent_bit() return a boolean (bsc#1220120). - btrfs: make find_free_dev_extent() static (bsc#1220120). - btrfs: make insert_delayed_ref() return a bool instead of an int (bsc#1220120). - btrfs: merge find_free_dev_extent() and find_free_dev_extent_start() (bsc#1220120). - btrfs: move btrfs_free_excluded_extents() into block-group.c (bsc#1220120). - btrfs: open code trivial btrfs_add_excluded_extent() (bsc#1220120). - btrfs: output extra debug info if we failed to find an inline backref (git-fixes) - btrfs: pass a space_info argument to btrfs_reserve_metadata_bytes() (bsc#1220120). - btrfs: prevent transaction block reserve underflow when starting transaction (git-fixes) - btrfs: print available space across all block groups when dumping space info (bsc#1220120). - btrfs: print available space for a block group when dumping a space info (bsc#1220120). - btrfs: print block group super and delalloc bytes when dumping space info (bsc#1220120). - btrfs: print target number of bytes when dumping free space (bsc#1220120). - btrfs: qgroup: always free reserved space for extent records (bsc#1216196). - btrfs: qgroup: convert PREALLOC to PERTRANS after record_root_in_trans (git-fixes) - btrfs: record delayed inode root in transaction (git-fixes) - btrfs: reject encoded write if inode has nodatasum flag set (git-fixes) - btrfs: release path before inode lookup during the ino lookup ioctl (git-fixes) - btrfs: remove pointless 'ref_root' variable from run_delayed_data_ref() (bsc#1220120). - btrfs: remove pointless in_tree field from struct btrfs_delayed_ref_node (bsc#1220120). - btrfs: remove pointless initialization at btrfs_delayed_refs_rsv_release() (bsc#1220120). - btrfs: remove redundant BUG_ON() from __btrfs_inc_extent_ref() (bsc#1220120). - btrfs: remove refs_to_add argument from __btrfs_inc_extent_ref() (bsc#1220120). - btrfs: remove refs_to_drop argument from __btrfs_free_extent() (bsc#1220120). - btrfs: remove the refcount warning/check at btrfs_put_delayed_ref() (bsc#1220120). - btrfs: remove unnecessary logic when running new delayed references (bsc#1220120). - btrfs: remove unnecessary prototype declarations at disk-io.c (bsc#1220120). - btrfs: remove unused is_head field from struct btrfs_delayed_ref_node (bsc#1220120). - btrfs: rename add_new_free_space() to btrfs_add_new_free_space() (bsc#1220120). - btrfs: reorder some members of struct btrfs_delayed_ref_head (bsc#1220120). - btrfs: reserve space for delayed refs on a per ref basis (bsc#1220120). - btrfs: reset destination buffer when read_extent_buffer() gets invalid range (git-fixes) - btrfs: return -EUCLEAN for delayed tree ref with a ref count not equals to 1 (git-fixes) - btrfs: return -EUCLEAN if extent item is missing when searching inline backref (bsc#1220120). - btrfs: return real error when orphan cleanup fails due to a transaction abort (bsc#1220120). - btrfs: send: do not issue unnecessary zero writes for trailing hole (bsc#1222459). - btrfs: send: ensure send_fd is writable (git-fixes) - btrfs: send: handle path ref underflow in header iterate_inode_ref() (git-fixes) - btrfs: send: return EOPNOTSUPP on unknown flags (git-fixes) - btrfs: set page extent mapped after read_folio in relocate_one_page (git-fixes) - btrfs: simplify check for extent item overrun at lookup_inline_extent_backref() (bsc#1220120). - btrfs: stop doing excessive space reservation for csum deletion (bsc#1220120). - btrfs: store the error that turned the fs into error state (bsc#1220120). - btrfs: sysfs: validate scrub_speed_max value (git-fixes) - btrfs: tree-checker: fix inline ref size in error messages (git-fixes) - btrfs: update comment for btrfs_join_transaction_nostart() (bsc#1220120). - btrfs: update documentation for add_new_free_space() (bsc#1220120). - btrfs: use a bool to track qgroup record insertion when adding ref head (bsc#1220120). - btrfs: use a single switch statement when initializing delayed ref head (bsc#1220120). - btrfs: use a single variable for return value at lookup_inline_extent_backref() (bsc#1220120). - btrfs: use a single variable for return value at run_delayed_extent_op() (bsc#1220120). - btrfs: use bool type for delayed ref head fields that are used as booleans (bsc#1220120). - btrfs: use the correct superblock to compare fsid in btrfs_validate_super (git-fixes) - btrfs: use u64 for buffer sizes in the tree search ioctls (git-fixes) - btrfs: zoned: do not skip block groups with 100% zone unusable (bsc#1220120). - bus: mhi: ep: check the correct variable in mhi_ep_register_controller() (git-fixes). - ceph: redirty page before returning AOP_WRITEPAGE_ACTIVATE (bsc#1224866). - ceph: stop copying to iter at EOF on sync reads (bsc#1222606). - certs: Add ECDSA signature verification self-test (bsc#1222777). - certs: Move RSA self-test data to separate file (bsc#1222777). - clk: Do not hold prepare_lock when calling kref_put() (stable-fixes). - clk: Get runtime PM before walking tree during disable_unused (git-fixes). - clk: Get runtime PM before walking tree for clk_summary (git-fixes). - clk: Initialize struct clk_core kref earlier (stable-fixes). - clk: mediatek: Do a runtime PM get on controllers during probe (git-fixes). - clk: mediatek: mt8365-mm: fix DPI0 parent (git-fixes). - clk: mediatek: pllfh: Do not log error for missing fhctl node (git-fixes). - clk: qcom: clk-alpha-pll: fix rate setting for Stromer PLLs (git-fixes). - clk: qcom: clk-alpha-pll: remove invalid Stromer register offset (git-fixes). - clk: qcom: dispcc-sm6350: fix DisplayPort clocks (git-fixes). - clk: qcom: dispcc-sm8450: fix DisplayPort clocks (git-fixes). - clk: qcom: dispcc-sm8550: fix DisplayPort clocks (git-fixes). - clk: qcom: mmcc-msm8998: fix venus clock issue (git-fixes). - clk: qcom: reset: Commonize the de/assert functions (stable-fixes). - clk: qcom: reset: Ensure write completion on reset de/assertion (git-fixes). - clk: Remove prepare_lock hold assertion in __clk_release() (git-fixes). - clk: renesas: r8a779a0: Fix CANFD parent clock (git-fixes). - clk: renesas: r9a07g043: Add clock and reset entry for PLIC (git-fixes). - clk: rs9: fix wrong default value for clock amplitude (git-fixes). - clk: samsung: exynosautov9: fix wrong pll clock id value (git-fixes). - clk: Show active consumers of clocks in debugfs (stable-fixes). - clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change (git-fixes). - clocksource/drivers/arm_global_timer: Fix maximum prescaler value (git-fixes). - clocksource/drivers/imx: Fix -Wunused-but-set-variable warning (git-fixes). - comedi: vmk80xx: fix incomplete endpoint checking (git-fixes). - coresight: trbe: Add a representative coresight_platform_data for (bsc#1220587) - coresight: trbe: Allocate platform data per device (bsc#1220587) - coresight: trbe: Enable ACPI based TRBE devices (bsc#1220587) - counter: linux/counter.h: fix Excess kernel-doc description warning (git-fixes). - cppc_cpufreq: Fix possible null pointer dereference (git-fixes). - cpufreq: brcmstb-avs-cpufreq: ISO C90 forbids mixed declarations (git-fixes). - cpufreq: exit() callback is optional (git-fixes). - cpumask: Add for_each_cpu_from() (bsc#1225053). - crypto: bcm - Fix pointer arithmetic (git-fixes). - crypto: ccp - Add support for PCI device 0x156E (bsc#1223338). - crypto: ccp - Add support for PCI device 0x17E0 (bsc#1223338). - crypto: ccp - drop platform ifdef checks (git-fixes). - crypto: ecc - update ecc_gen_privkey for FIPS 186-5 (bsc#1222782). - crypto: ecdsa - Fix module auto-load on add-key (git-fixes). - crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init (git-fixes). - crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (git-fixes). - crypto: qat - fix ring to service map for dcc in 4xxx (git-fixes). - crypto: qat - improve error logging to be consistent across features (git-fixes). - crypto: qat - relocate and rename get_service_enabled() (stable-fixes). - crypto: qat - specify firmware files for 402xx (git-fixes). - crypto: rsa - add a check for allocation failure (bsc#1222775). - crypto: rsa - allow only odd e and restrict value in FIPS mode (bsc#1222775). - crypto: testmgr - remove unused xts4096 and xts512 algorithms from testmgr.c (bsc#1222769). - crypto: x86/nh-avx2 - add missing vzeroupper (git-fixes). - crypto: x86/sha256-avx2 - add missing vzeroupper (git-fixes). - crypto: x86/sha512-avx2 - add missing vzeroupper (git-fixes). - cxl/acpi: Fix load failures due to single window creation failure (git-fixes). - cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window (git-fixes). - cxl/trace: Properly initialize cxl_poison region name (git-fixes). - dax: alloc_dax() return ERR_PTR(-EOPNOTSUPP) for CONFIG_DAX=n (jsc#PED-5853). - dax/bus.c: replace driver-core lock usage by a local rwsem (jsc#PED-5853). - dax/bus.c: replace several sprintf() with sysfs_emit() (jsc#PED-5853). - device-dax: make dax_bus_type const (jsc#PED-5853). - dlm: fix user space lkb refcounting (git-fixes). - dm crypt: remove redundant state settings after waking up (jsc#PED-7542). - dm thin: add braces around conditional code that spans lines (jsc#PED-7542). - dm verity: set DM_TARGET_SINGLETON feature flag (jsc#PED-7542). - dm-integrity: set max_integrity_segments in dm_integrity_io_hints (jsc#PED-7542). - dm-multipath: dont't attempt SG_IO on non-SCSI-disks (bsc#1223575). - dm-raid: add a new helper prepare_suspend() in md_personality (jsc#PED-7542). - dm-raid: really frozen sync_thread during suspend (jsc#PED-7542). - dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape (bsc#1219596) - dm: update relevant MODULE_AUTHOR entries to latest dm-devel mailing list (jsc#PED-7542). - dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users (git-fixes). - dma-buf: Fix NULL pointer dereference in sanitycheck() (git-fixes). - dma-buf/sw-sync: do not enable IRQ from sync_print_obj() (git-fixes). - dma-mapping: benchmark: fix node id validation (git-fixes). - dma-mapping: benchmark: handle NUMA_NO_NODE correctly (git-fixes). - dma: xilinx_dpdma: Fix locking (git-fixes). - dmaengine: axi-dmac: fix possible race in remove() (git-fixes). - dmaengine: idma64: Add check for dma_set_max_seg_size (git-fixes). - dmaengine: idxd: Avoid unnecessary destruction of file_ida (git-fixes). - dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (git-fixes). - dmaengine: owl: fix register access functions (git-fixes). - dmaengine: tegra186: Fix residual calculation (git-fixes). - driver core: Introduce device_link_wait_removal() (stable-fixes). - drivers/nvme: Add quirks for device 126f:2262 (git-fixes). - drm: add drm_gem_object_is_shared_for_memory_stats() helper (stable-fixes). - drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference (git-fixes). - drm: Check output polling initialized before disabling (stable-fixes). - drm: Check polling initialized before enabling in drm_helper_probe_single_connector_modes (stable-fixes). - drm: Fix drm_fixp2int_round() making it add 0.5 (git-fixes). - drm: nv04: Fix out of bounds access (git-fixes). - drm: panel-orientation-quirks: Add quirk for GPD Win Mini (stable-fixes). - drm: vc4: Fix possible null pointer dereference (git-fixes). - drm: zynqmp_dpsub: Always register bridge (git-fixes). - drm/amd: Flush GFXOFF requests in prepare stage (git-fixes). - drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init() (stable-fixes). - drm/amd/display: Add dml2 copy functions (stable-fixes). - drm/amd/display: Allow dirty rects to be sent to dmub when abm is active (stable-fixes). - drm/amd/display: Atom Integrated System Info v2_2 for DCN35 (stable-fixes). - drm/amd/display: Change default size for dummy plane in DML2 (stable-fixes). - drm/amd/display: Do not recursively call manual trigger programming (stable-fixes). - drm/amd/display: Enable colorspace property for MST connectors (git-fixes). - drm/amd/display: Fix bounds check for dcn35 DcfClocks (git-fixes). - drm/amd/display: fix disable otg wa logic in DCN316 (stable-fixes). - drm/amd/display: Fix division by zero in setup_dsc_config (stable-fixes). - drm/amd/display: Fix idle check for shared firmware state (stable-fixes). - drm/amd/display: Fix incorrect DSC instance for MST (stable-fixes). - drm/amd/display: fix input states translation error for dcn35 & dcn351 (stable-fixes). - drm/amd/display: Fix nanosec stat overflow (stable-fixes). - drm/amd/display: Fix noise issue on HDMI AV mute (stable-fixes). - drm/amd/display: Fix potential index out of bounds in color transformation function (git-fixes). - drm/amd/display: handle range offsets in VRR ranges (stable-fixes). - drm/amd/display: Handle Y carry-over in VCP X.Y calculation (stable-fixes). - drm/amd/display: Init DPPCLK from SMU on dcn32 (stable-fixes). - drm/amd/display: Override min required DCFCLK in dml1_validate (stable-fixes). - drm/amd/display: Prevent crash when disable stream (stable-fixes). - drm/amd/display: Program VSC SDP colorimetry for all DP sinks >= 1.4 (stable-fixes). - drm/amd/display: Remove MPC rate control logic from DCN30 and above (stable-fixes). - drm/amd/display: Remove redundant condition in dcn35_calc_blocks_to_gate() (git-fixes). - drm/amd/display: Return the correct HDCP error code (stable-fixes). - drm/amd/display: Send DTBCLK disable message on first commit (git-fixes). - drm/amd/display: Set DCN351 BB and IP the same as DCN35 (stable-fixes). - drm/amd/display: Set VSC SDP Colorimetry same way for MST and SST (stable-fixes). - drm/amd/display: Update odm when ODM combine is changed on an otg master pipe with no plane (stable-fixes). - drm/amd/display: Use freesync when `DRM_EDID_FEATURE_CONTINUOUS_FREQ` found (stable-fixes). - drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 (stable-fixes). - drm/amd/swsmu: modify the gfx activity scaling (stable-fixes). - drm/amdgpu: always force full reset for SOC21 (stable-fixes). - drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag (stable-fixes). - drm/amdgpu: Assign correct bits for SDMA HDP flush (stable-fixes). - drm/amdgpu: drop setting buffer funcs in sdma442 (git-fixes). - drm/amdgpu: Enable gpu reset for S3 abort cases on Raven series (stable-fixes). - drm/amdgpu: Fix comparison in amdgpu_res_cpu_visible (git-fixes). - drm/amdgpu: fix deadlock while reading mqd from debugfs (git-fixes). - drm/amdgpu: fix doorbell regression (git-fixes). - drm/amdgpu: fix incorrect number of active RBs for gfx11 (stable-fixes). - drm/amdgpu: Fix leak when GPU memory allocation fails (stable-fixes). - drm/amdgpu: fix mmhub client id out-of-bounds access (git-fixes). - drm/amdgpu: fix use-after-free bug (stable-fixes). - drm/amdgpu: Fix VCN allocation in CPX partition (stable-fixes). - drm/amdgpu: fix visible VRAM handling during faults (git-fixes). - drm/amdgpu: implement IRQ_STATE_ENABLE for SDMA v4.4.2 (stable-fixes). - drm/amdgpu: make damage clips support configurable (stable-fixes). - drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 (git-fixes). - drm/amdgpu: Refine IB schedule error logging (stable-fixes). - drm/amdgpu: remove invalid resource->start check v2 (git-fixes). - drm/amdgpu: Reset dGPU if suspend got aborted (stable-fixes). - drm/amdgpu: validate the parameters of bo mapping operations more clearly (git-fixes). - drm/amdgpu/display: Address kdoc for 'is_psr_su' in 'fill_dc_dirty_rects' (git-fixes). - drm/amdgpu/pm: Check the validity of overdiver power limit (git-fixes). - drm/amdgpu/pm: Fix NULL pointer dereference when get power limit (git-fixes). - drm/amdgpu/pm: Fix the error of pwm1_enable setting (stable-fixes). - drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 (stable-fixes). - drm/amdkfd: Check cgroup when returning DMABuf info (stable-fixes). - drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (git-fixes). - drm/amdkfd: Fix memory leak in create_process failure (git-fixes). - drm/amdkfd: fix TLB flush after unmap for GFX9.4.2 (stable-fixes). - drm/amdkfd: range check cp bad op exception interrupts (stable-fixes). - drm/amdkfd: Reset GPU on queue preemption failure (stable-fixes). - drm/arm/malidp: fix a possible null pointer dereference (git-fixes). - drm/ast: Fix soft lockup (git-fixes). - drm/bridge: anx7625: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: anx7625: Update audio status while detecting (git-fixes). - drm/bridge: dpc3433: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: Fix improper bridge init order with pre_enable_prev_first (git-fixes). - drm/bridge: icn6211: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: lt8912b: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: lt9611: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: lt9611uxc: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: tc358775: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: tc358775: fix support for jeida-18 and jeida-24 (git-fixes). - drm/buddy: check range allocation matches alignment (stable-fixes). - drm/ci: update device type for volteer devices (git-fixes). - drm/client: Fully protect modes[] with dev->mode_config.mutex (stable-fixes). - drm/connector: Add \n to message about demoting connector force-probes (git-fixes). - drm/display: fix typo (git-fixes). - drm/exynos: do not return negative values from .get_modes() (stable-fixes). - drm/fbdev-generic: Do not set physical framebuffer address (git-fixes). - drm/gma500: Remove lid code (git-fixes). - drm/i915: Disable live M/N updates when using bigjoiner (stable-fixes). - drm/i915: Disable port sync when bigjoiner is used (stable-fixes). - drm/i915: Do not match JSL in ehl_combo_pll_div_frac_wa_needed() (git-fixes). - drm/i915: Fix audio component initialization (git-fixes). - drm/i915: Include the PLL name in the debug messages (stable-fixes). - drm/i915: Pre-populate the cursor physical dma address (git-fixes). - drm/i915: Replace a memset() with zero initialization (stable-fixes). - drm/i915: Stop printing pipe name as hex (stable-fixes). - drm/i915: Suppress old PLL pipe_mask checks for MG/TC/TBT PLLs (stable-fixes). - drm/i915: Try to preserve the current shared_dpll for fastset on type-c ports (stable-fixes). - drm/i915: Use named initializers for DPLL info (stable-fixes). - drm/i915/audio: Fix audio time stamp programming for DP (stable-fixes). - drm/i915/bios: Fix parsing backlight BDB data (git-fixes). - drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() (stable-fixes). - drm/i915/cdclk: Fix CDCLK programming order when pipes are active (git-fixes). - drm/i915/display: Use i915_gem_object_get_dma_address to get dma address (stable-fixes). - drm/i915/dp: Fix the computation for compressed_bpp for DISPLAY &lt; 13 (git-fixes). - drm/i915/dp: Remove support for UHBR13.5 (git-fixes). - drm/i915/dpt: Make DPT object unshrinkable (git-fixes). - drm/i915/dsb: Fix DSB vblank waits when using VRR (git-fixes). - drm/i915/dsi: Go back to the previous INIT_OTP/DISPLAY_ON order, mostly (git-fixes). - drm/i915/gt: Automate CCS Mode setting during engine resets (git-fixes). - drm/i915/gt: Disable HW load balancing for CCS (git-fixes). - drm/i915/gt: Disarm breadcrumbs if engines are already idle (git-fixes). - drm/i915/gt: Do not generate the command streamer for all the CCS (git-fixes). - drm/i915/gt: Enable only one CCS for compute workload (git-fixes). - drm/i915/gt: Fix CCS id's calculation for CCS mode setting (git-fixes). - drm/i915/gt: Reset queue_priority_hint on parking (git-fixes). - drm/i915/guc: avoid FIELD_PREP warning (git-fixes). - drm/i915/hwmon: Fix locking inversion in sysfs getter (git-fixes). - drm/i915/lspcon: Separate function to set expected mode (bsc#1193599). - drm/i915/lspcon: Separate lspcon probe and lspcon init (bsc#1193599). - drm/i915/mst: Limit MST+DSC to TGL+ (git-fixes). - drm/i915/mst: Reject FEC+MST on ICL (git-fixes). - drm/i915/mtl: Update workaround 14018575942 (git-fixes). - drm/i915/vrr: Disable VRR when using bigjoiner (stable-fixes). - drm/i915/vrr: Generate VRR 'safe window' for DSB (git-fixes). - drm/imx/ipuv3: do not return negative values from .get_modes() (stable-fixes). - drm/lcdif: Do not disable clocks on already suspended hardware (git-fixes). - drm/mediatek: Add 0 size check to mtk_drm_gem_obj (git-fixes). - drm/mediatek: dp: Fix mtk_dp_aux_transfer return value (git-fixes). - drm/mediatek: Init `ddp_comp` with devm_kcalloc() (git-fixes). - drm/meson: dw-hdmi: add bandgap setting for g12 (git-fixes). - drm/meson: dw-hdmi: power up phy on device init (git-fixes). - drm/meson: gate px_clk when setting rate (git-fixes). - drm/meson: vclk: fix calculation of 59.94 fractional rates (git-fixes). - drm/msm: Add newlines to some debug prints (git-fixes). - drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails (git-fixes). - drm/msm/adreno: fix CP cycles stat retrieval on a7xx (git-fixes). - drm/msm/dp: allow voltage swing / pre emphasis of 3 (git-fixes). - drm/msm/dp: Avoid a long timeout for AUX transfer if nothing connected (git-fixes). - drm/msm/dp: fix typo in dp_display_handle_port_status_changed() (git-fixes). - drm/msm/dpu: Add callback function pointer check before its call (git-fixes). - drm/msm/dpu: Allow configuring multiple active DSC blocks (git-fixes). - drm/msm/dpu: Always flush the slave INTF on the CTL (git-fixes). - drm/msm/dpu: do not allow overriding data from catalog (git-fixes). - drm/msm/dpu: make error messages at dpu_core_irq_register_callback() more sensible (git-fixes). - drm/msm/dpu: use devres-managed allocation for MDP TOP (stable-fixes). - drm/msm/dsi: Print dual-DSI-adjusted pclk instead of original mode pclk (git-fixes). - drm/nouveau: use tile_mode and pte_kind for VM_BIND bo allocations (git-fixes). - drm/nouveau/disp: Fix missing backlight control on Macbook 5, 1 (bsc#1223838). - drm/nouveau/dp: Do not probe eDP ports twice harder (stable-fixes). - drm/nouveau/dp: Fix incorrect return code in r535_dp_aux_xfer() (git-fixes). - drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor() (stable-fixes). - drm/omapdrm: Fix console by implementing fb_dirty (git-fixes). - drm/panel: do not return negative error codes from drm_panel_get_modes() (stable-fixes). - drm/panel: ili9341: Respect deferred probe (git-fixes). - drm/panel: ili9341: Use predefined error codes (git-fixes). - drm/panel: ltk050h3146w: add MIPI_DSI_MODE_VIDEO to LTK050H3148W flags (git-fixes). - drm/panel: ltk050h3146w: drop duplicate commands from LTK050H3148W init (git-fixes). - drm/panel: novatek-nt35950: Do not log an error when DSI host can't be found (git-fixes). - drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector (git-fixes). - drm/panel: sitronix-st7789v: fix display size for jt240mhqs_hwt_ek_e3 panel (git-fixes). - drm/panel: sitronix-st7789v: fix timing for jt240mhqs_hwt_ek_e3 panel (git-fixes). - drm/panel: sitronix-st7789v: tweak timing for jt240mhqs_hwt_ek_e3 panel (git-fixes). - drm/panel: visionox-rm69299: do not unregister DSI device (git-fixes). - drm/panfrost: fix power transition timeout warnings (git-fixes). - drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr() (git-fixes). - drm/prime: Unbreak virtgpu dma-buf export (git-fixes). - drm/probe-helper: warn about negative .get_modes() (stable-fixes). - drm/qxl: remove unused `count` variable from `qxl_surface_id_alloc()` (git-fixes). - drm/qxl: remove unused variable from `qxl_process_single_command()` (git-fixes). - drm/radeon: make -fstrict-flex-arrays=3 happy (git-fixes). - drm/radeon: silence UBSAN warning (v3) (stable-fixes). - drm/rockchip: vop2: Do not divide height twice for YUV (git-fixes). - drm/rockchip: vop2: Remove AR30 and AB30 format support (git-fixes). - drm/sched: fix null-ptr-deref in init entity (git-fixes). - drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (git-fixes). - drm/ttm: return ENOSPC from ttm_bo_mem_space v3 (stable-fixes). - drm/ttm: stop pooling cached NUMA pages v2 (git-fixes). - drm/vc4: do not check if plane->state->fb == state->fb (stable-fixes). - drm/vc4: hdmi: do not return negative values from .get_modes() (stable-fixes). - drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed (git-fixes). - drm/vmwgfx: Enable DMA mappings with SEV (git-fixes). - drm/vmwgfx: Fix crtc's atomic check conditional (git-fixes). - drm/vmwgfx: Fix invalid reads in fence signaled events (git-fixes). - drm/vmwgfx: Fix Legacy Display Unit (git-fixes). - drm/vmwgfx: Fix prime import/export (git-fixes). - drm/vmwgfx: Sort primary plane formats by order of preference (git-fixes). - dt-bindings: clock: qcom: Add missing UFS QREF clocks (git-fixes) - dump_stack: Do not get cpu_sync for panic CPU (bsc#1225607). - dyndbg: fix old BUG_ON in >control parser (stable-fixes). - e1000e: Minor flow correction in e1000_shutdown function (git-fixes). - e1000e: move force SMBUS from enable ulp function to avoid PHY loss issue (git-fixes). - e1000e: Workaround for sporadic MDI error on Meteor Lake systems (git-fixes). - ecryptfs: Fix buffer size for tag 66 packet (git-fixes) - ecryptfs: Reject casefold directory inodes (git-fixes) - EDAC/synopsys: Fix ECC status and IRQ control race condition (git-fixes). - efi: disable mirror feature during crashkernel (stable-fixes). - efi: fix panic in kdump kernel (git-fixes). - efi: libstub: only free priv.runtime_map when allocated (git-fixes). - efi/unaccepted: do not let /proc/vmcore try to access unaccepted memory (git-fixes). - efi/unaccepted: touch soft lockup during memory accept (git-fixes). - extcon: max8997: select IRQ_DOMAIN instead of depending on it (git-fixes). - fast_dput(): handle underflows gracefully (git-fixes) - fat: fix uninitialized field in nostale filehandles (git-fixes) - fbdev: fix incorrect address computation in deferred IO (git-fixes). - fbdev: savage: Handle err return when savagefb_check_var failed (git-fixes). - fbdev: sh7760fb: allow modular build (git-fixes). - fbdev: shmobile: fix snprintf truncation (git-fixes). - fbdev: sisfb: hide unused variables (git-fixes). - fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 (stable-fixes). - fbmon: prevent division by zero in fb_videomode_from_videomode() (stable-fixes). - firewire: core: use long bus reset on gap count error (stable-fixes). - firewire: ohci: mask bus reset interrupts between ISR and bottom half (stable-fixes). - firmware: arm_scmi: Make raw debugfs entries non-seekable (git-fixes). - firmware: dmi-id: add a release callback function (git-fixes). - firmware: raspberrypi: Use correct device for DMA mappings (git-fixes). - firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename() (stable-fixes). - fs: Fix error checking for d_hash_and_lookup() (git-fixes) - fs: indicate request originates from old mount API (git-fixes) - fs: relax mount_setattr() permission checks (git-fixes) - fs/9p: only translate RWX permissions for plain 9P2000 (git-fixes) - fs/9p: translate O_TRUNC into OTRUNC (git-fixes) - fsverity: skip PKCS#7 parser when keyring is empty (git-fixes) - ftrace: Fix possible use-after-free issue in ftrace_location() (git-fixes). - fuse: do not unhash root (bsc#1223946). - fuse: fix root lookup with nonzero generation (bsc#1223945). - geneve: fix header validation in geneve[6]_xmit_skb (git-fixes). - geneve: make sure to pull inner header in geneve_rx() (git-fixes). - gpio: cdev: check for NULL labels when sanitizing them for irqs (git-fixes). - gpio: cdev: fix missed label sanitizing in debounce_setup() (git-fixes). - gpio: cdev: sanitize the label before requesting the interrupt (stable-fixes). - gpio: crystalcove: Use -ENOTSUPP consistently (stable-fixes). - gpio: tangier: Use correct type for the IRQ chip data (git-fixes). - gpio: tegra186: Fix tegra186_gpio_is_accessible() check (git-fixes). - gpio: wcove: Use -ENOTSUPP consistently (stable-fixes). - gpiolib: cdev: fix uninitialised kfifo (git-fixes). - gpiolib: cdev: relocate debounce_period_us from struct gpio_desc (stable-fixes). - gpiolib: swnode: Remove wrong header inclusion (git-fixes). - gpu: host1x: Do not setup DMA for virtual devices (stable-fixes). - gtp: fix use-after-free and null-ptr-deref in gtp_newlink() (git-fixes). - HID: amd_sfh: Handle 'no sensors' in PM operations (git-fixes). - HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up (git-fixes). - HID: input: avoid polling stylus battery on Chromebook Pompom (stable-fixes). - HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors (git-fixes). - HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (git-fixes). - HID: logitech-dj: allow mice to use all types of reports (git-fixes). - HID: multitouch: Add required quirk for Synaptics 0xcddc device (stable-fixes). - hwmon: (amc6821) add of_match table (stable-fixes). - hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock (git-fixes). - hwmon: (corsair-cpro) Use a separate buffer for sending commands (git-fixes). - hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() (git-fixes). - hwmon: (intel-m10-bmc-hwmon) Fix multiplier for N6000 board power sensor (git-fixes). - hwmon: (lm70) fix links in doc and comments (git-fixes). - hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us (git-fixes). - hwmon: (shtc1) Fix property misspelling (git-fixes). - hwtracing: hisi_ptt: Move type check to the beginning of hisi_ptt_pmu_event_init() (git-fixes). - i2c: acpi: Unbind mux adapters before delete (git-fixes). - i2c: cadence: Avoid fifo clear after start (git-fixes). - i2c: pxa: hide unused icr_bits[] variable (git-fixes). - i2c: smbus: fix NULL function pointer dereference (git-fixes). - i2c: synquacer: Fix an error handling path in synquacer_i2c_probe() (git-fixes). - i3c: master: svc: change ENXIO to EAGAIN when IBI occurs during start frame (git-fixes). - i3c: master: svc: fix invalidate IBI type and miss call client IBI handler (git-fixes). - i40e: disable NAPI right after disabling irqs when handling xsk_pool (git-fixes). - i40e: Enforce software interrupt during busy-poll exit (git-fixes). - i40e: Fix firmware version comparison function (git-fixes). - i40e: fix i40e_count_filters() to count only active/new filters (git-fixes). - i40e: Fix VF MAC filter removal (git-fixes). - i40e: fix vf may be used uninitialized in this function warning (git-fixes). - i915: make inject_virtual_interrupt() void (stable-fixes). - IB/mlx5: Use __iowrite64_copy() for write combining stores (git-fixes) - ice: fix enabling RX VLAN filtering (git-fixes). - ice: fix memory corruption bug with suspend and rebuild (git-fixes). - ice: fix stats being updated by way too large values (git-fixes). - ice: fix typo in assignment (git-fixes). - ice: fix uninitialized dplls mutex usage (git-fixes). - ice: reconfig host after changing MSI-X on VF (git-fixes). - ice: Refactor FW data type and fix bitmap casting issue (git-fixes). - ice: reorder disabling IRQ and NAPI in ice_qp_dis (git-fixes). - ice: use relative VSI index for VFs instead of PF VSI number (git-fixes). - ice: virtchnl: stop pretending to support RSS over AQ or registers (git-fixes). - ida: make 'ida_dump' static (git-fixes). - idma64: Do not try to serve interrupts when device is powered off (git-fixes). - idpf: disable local BH when scheduling napi for marker packets (git-fixes). - idpf: extend tx watchdog timeout (bsc#1224137). - idpf: fix kernel panic on unknown packet types (git-fixes). - igb: extend PTP timestamp adjustments to i211 (git-fixes). - igb: Fix missing time sync events (git-fixes). - igc: avoid returning frame twice in XDP_REDIRECT (git-fixes). - igc: Fix missing time sync events (git-fixes). - igc: Remove stale comment about Tx timestamping (git-fixes). - iio: accel: mxc4005: Interrupt handling fixes (git-fixes). - iio: adc: stm32: Fixing err code to not indicate success (git-fixes). - iio: core: Leave private pointer NULL when no private data supplied (git-fixes). - iio: dummy_evgen: remove Excess kernel-doc comments (git-fixes). - iio: gts-helper: Fix division loop (git-fixes). - iio: pressure: dps310: support negative temperature values (git-fixes). - iio: pressure: Fixes BME280 SPI driver data (git-fixes). - iio:imu: adis16475: Fix sync mode setting (git-fixes). - inet_diag: annotate data-races around inet_diag_table[] (git-fixes). - inet: frags: eliminate kernel-doc warning (git-fixes). - init: open /initrd.image with O_LARGEFILE (stable-fixes). - init/main.c: Fix potential static_command_line memory overflow (git-fixes). - Input: allocate keycode for Display refresh rate toggle (stable-fixes). - Input: cyapa - add missing input core locking to suspend/resume functions (git-fixes). - Input: gpio_keys_polled - suppress deferred probe error for gpio (stable-fixes). - Input: imagis - use FIELD_GET where applicable (stable-fixes). - Input: ims-pcu - fix printf string overflow (git-fixes). - Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (git-fixes). - Input: synaptics-rmi4 - fail probing if memory allocation for 'phys' fails (stable-fixes). - Input: xpad - add additional HyperX Controller Identifiers (stable-fixes). - Input: xpad - add support for Snakebyte GAMEPADs (stable-fixes). - input/touchscreen: imagis: Correct the maximum touch area value (stable-fixes). - intel: legacy: Partial revert of field get conversion (git-fixes). - interconnect: qcom: osm-l3: Replace custom implementation of COUNT_ARGS() (git-fixes). - interconnect: qcom: qcm2290: Fix mas_snoc_bimc QoS port assignment (git-fixes). - interconnect: qcom: sc8180x: Mark CO0 BCM keepalive (git-fixes). - interconnect: qcom: sm8550: Enable sync_state (git-fixes). - io_uring: kabi cookie remove (bsc#1217384). - iomap: clear the per-folio dirty bits on all writeback failures (git-fixes) - iommu: Map reserved memory as cacheable if device is coherent (git-fixes). - iommu/arm-smmu-v3: Check that the RID domain is S1 in SVA (git-fixes). - iommu/dma: Force swiotlb_max_mapping_size on an untrusted device (bsc#1224331) - iommu/dma: Trace bounce buffer usage when mapping buffers (git-fixes). - iommu/vt-d: Allocate local memory for page request queue (git-fixes). - iommu/vt-d: Fix wrong use of pasid config (git-fixes). - iommu/vt-d: Set SSADE when attaching to a parent with dirty tracking (git-fixes). - iommu/vt-d: Update iotlb in nested domain attach (git-fixes). - iommufd: Add missing IOMMUFD_DRIVER kconfig for the selftest (git-fixes). - iommufd: Fix iopt_access_list_id overwrite bug (git-fixes). - iommufd: Reject non-zero data_type if no data_len is provided (git-fixes). - iommufd/iova_bitmap: Bounds check mapped::pages access (git-fixes). - iommufd/iova_bitmap: Consider page offset for the pages to be pinned (git-fixes). - iommufd/iova_bitmap: Switch iova_bitmap::bitmap to an u8 array (git-fixes). - ionic: set adminq irq affinity (git-fixes). - ipv4: annotate data-races around fi->fib_dead (git-fixes). - irqchip/alpine-msi: Fix off-by-one in allocation error path (git-fixes). - irqchip/armada-370-xp: Suppress unused-function warning (git-fixes). - irqchip/gic-v3-its: Do not assume vPE tables are preallocated (git-fixes). - irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1 (git-fixes). - irqchip/gic-v3-its: Prevent double free on error (git-fixes). - irqchip/loongson-pch-msi: Fix off-by-one on allocation error path (git-fixes). - irqchip/mbigen: Do not use bus_get_dev_root() to find the parent (git-fixes). - irqchip/renesas-rzg2l: Add macro to retrieve TITSR register offset based on register's index (stable-fixes). - irqchip/renesas-rzg2l: Flush posted write in irq_eoi() (git-fixes). - irqchip/renesas-rzg2l: Implement restriction when writing ISCR register (stable-fixes). - irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger type (git-fixes). - irqchip/renesas-rzg2l: Rename rzg2l_irq_eoi() (stable-fixes). - irqchip/renesas-rzg2l: Rename rzg2l_tint_eoi() (stable-fixes). - ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able (git-fixes). - ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() (git-fixes). - jffs2: prevent xattr node from overflowing the eraseblock (git-fixes). - kabi/severities: ignore brcmfmac-specific local symbols - kabi/severities: ignore IMS functions They were dropped in previous patches. Noone is supposed to use them. - kabi/severities: ignore TAS2781 symbol drop, it's only locally used - kabi/severities: ignore Wangxun ethernet driver local symbols - kabi/severities: Remove mitigation-related symbols Those are used by the core kernel to implement CPU vulnerabilities mitigation and are not expected to be consumed by 3rd party users. - kasan, fortify: properly rename memintrinsics (git-fixes). - kasan: disable kasan_non_canonical_hook() for HW tags (git-fixes). - kasan: print the original fault addr when access invalid shadow (git-fixes). - kasan/test: avoid gcc warning for intentional overflow (git-fixes). - kexec: do syscore_shutdown() in kernel_kexec (git-fixes). - KEYS: trusted: Do not use WARN when encode fails (git-fixes). - KEYS: trusted: Fix memory leak in tpm2_key_encode() (git-fixes). - kprobes: Fix possible use-after-free issue on kprobe registration (git-fixes). - kselftest: Add a ksft_perror() helper (stable-fixes). - kunit/fortify: Fix mismatched kvalloc()/vfree() usage (git-fixes). - KVM: nVMX: Clear EXIT_QUALIFICATION when injecting an EPT Misconfig (git-fixes). - KVM: s390: Check kvm pointer when testing KVM_CAP_S390_HPAGE_1M (git-fixes bsc#1224790). - KVM: SVM: Add support for allowing zero SEV ASIDs (git-fixes). - KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (git-fixes). - KVM: SVM: Use unsigned integers when dealing with ASIDs (git-fixes). - KVM: VMX: Disable LBR virtualization if the CPU does not support LBR callstacks (git-fixes). - KVM: VMX: Report up-to-date exit qualification to userspace (git-fixes). - KVM: x86: Allow, do not ignore, same-value writes to immutable MSRs (git-fixes). - KVM: x86: Fix broken debugregs ABI for 32 bit kernels (git-fixes). - KVM: x86: Fully re-initialize supported_mce_cap on vendor module load (git-fixes). - KVM: x86: Introduce __kvm_get_hypervisor_cpuid() helper (git-fixes). - KVM: x86: Mark target gfn of emulated atomic instruction as dirty (git-fixes). - KVM: x86: Only set APICV_INHIBIT_REASON_ABSENT if APICv is enabled (git-fixes). - KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible (git-fixes). - KVM: x86: Update KVM_SW_PROTECTED_VM docs to make it clear they're a WIP (git-fixes). - KVM: x86: Use actual kvm_cpuid.base for clearing KVM_FEATURE_PV_UNHALT (git-fixes). - KVM: x86/mmu: Do not force emulation of L2 accesses to non-APIC internal slots (git-fixes). - KVM: x86/mmu: Move private vs. shared check above slot validity checks (git-fixes). - KVM: x86/mmu: Restrict KVM_SW_PROTECTED_VM to the TDP MMU (git-fixes). - KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status (git-fixes). - KVM: x86/pmu: Allow programming events that match unsupported arch events (git-fixes). - KVM: x86/pmu: Always treat Fixed counters as available when supported (git-fixes). - KVM: x86/pmu: Apply 'fast' RDPMC only to Intel PMUs (git-fixes). - KVM: x86/pmu: Disable support for adaptive PEBS (git-fixes). - KVM: x86/pmu: Disallow 'fast' RDPMC for architectural Intel PMUs (git-fixes). - KVM: x86/pmu: Do not ignore bits 31:30 for RDPMC index on AMD (git-fixes). - KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms (git-fixes). - KVM: x86/pmu: Explicitly check NMI from guest to reducee false positives (git-fixes). - KVM: x86/pmu: Prioritize VMX interception over #GP on RDPMC due to bad index (git-fixes). - KVM: x86/pmu: Set enable bits for GP counters in PERF_GLOBAL_CTRL at 'RESET' (git-fixes). - KVM: x86/pmu: Zero out PMU metadata on AMD if PMU is disabled (git-fixes). - KVM: x86/xen: fix recursive deadlock in timer injection (git-fixes). - KVM: x86/xen: improve accuracy of Xen timers (git-fixes). - KVM: x86/xen: inject vCPU upcall vector when local APIC is enabled (git-fixes). - KVM: x86/xen: remove WARN_ON_ONCE() with false positives in evtchn delivery (git-fixes). - leds: pwm: Disable PWM when going to suspend (git-fixes). - lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure (git-fixes). - libnvdimm: Fix ACPI_NFIT in BLK_DEV_PMEM help (jsc#PED-5853). - libsubcmd: Fix parse-options memory leak (git-fixes). - livepatch: Fix missing newline character in klp_resolve_symbols() (bsc#1223539). - locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock (git-fixes) - lsm: fix the logic in security_inode_getsecctx() (git-fixes). - mac802154: fix llsec key resources release in mac802154_llsec_key_del (git-fixes). - maple_tree: fix mas_empty_area_rev() null pointer dereference (git-fixes). - md: add a new helper rdev_has_badblock() (jsc#PED-7542). - md: add a new helper reshape_interrupted() (jsc#PED-7542). - md: changed the switch of RAID_VERSION to if (jsc#PED-7542). - md: check mddev->pers before calling md_set_readonly() (jsc#PED-7542). - md: clean up invalid BUG_ON in md_ioctl (jsc#PED-7542). - md: clean up openers check in do_md_stop() and md_set_readonly() (jsc#PED-7542). - md: Do not clear MD_CLOSING when the raid is about to stop (jsc#PED-7542). - md: do not clear MD_RECOVERY_FROZEN for new dm-raid until resume (jsc#PED-7542). - md: export helper md_is_rdwr() (jsc#PED-7542). - md: export helpers to stop sync_thread (jsc#PED-7542). - md: factor out a helper to sync mddev (jsc#PED-7542). - md: fix kmemleak of rdev->serial (jsc#PED-7542). - md: get rdev->mddev with READ_ONCE() (jsc#PED-7542). - md: merge the check of capabilities into md_ioctl_valid() (jsc#PED-7542). - md: preserve KABI in struct md_personality (jsc#PED-7542). - md: remove redundant check of 'mddev->sync_thread' (jsc#PED-7542). - md: remove redundant md_wakeup_thread() (jsc#PED-7542). - md: return directly before setting did_set_md_closing (jsc#PED-7542). - md: sync blockdev before stopping raid or setting readonly (jsc#PED-7542). - md: use RCU lock to protect traversal in md_spares_need_change() (jsc#PED-7542). - md/dm-raid: do not call md_reap_sync_thread() directly (jsc#PED-7542). - md/raid1-10: add a helper raid1_check_read_range() (jsc#PED-7542). - md/raid1-10: factor out a new helper raid1_should_read_first() (jsc#PED-7542). - md/raid1: factor out choose_bb_rdev() from read_balance() (jsc#PED-7542). - md/raid1: factor out choose_slow_rdev() from read_balance() (jsc#PED-7542). - md/raid1: factor out helpers to add rdev to conf (jsc#PED-7542). - md/raid1: factor out helpers to choose the best rdev from read_balance() (jsc#PED-7542). - md/raid1: factor out read_first_rdev() from read_balance() (jsc#PED-7542). - md/raid1: factor out the code to manage sequential IO (jsc#PED-7542). - md/raid1: fix choose next idle in read_balance() (jsc#PED-7542). - md/raid1: record nonrot rdevs while adding/removing rdevs to conf (jsc#PED-7542). - media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries (git-fixes). - media: cadence: csi2rx: use match fwnode for media link (git-fixes). - media: cec: core: remove length check of Timer Status (stable-fixes). - media: dt-bindings: ovti,ov2680: Fix the power supply names (git-fixes). - media: flexcop-usb: fix sanity check of bNumEndpoints (git-fixes). - media: i2c: et8ek8: Do not strip remove function when driver is builtin (git-fixes). - media: ipu3-cio2: Request IRQ earlier (git-fixes). - media: mc: Fix flags handling when creating pad links (stable-fixes). - media: mc: Fix graph walk in media_pipeline_start (git-fixes). - media: mc: mark the media devnode as registered from the, start (git-fixes). - media: mc: Rename pad variable to clarify intent (stable-fixes). - media: ngene: Add dvb_ca_en50221_init return value check (git-fixes). - media: rcar-vin: work around -Wenum-compare-conditional warning (git-fixes). - media: rkisp1: Fix IRQ handling due to shared interrupts (stable-fixes). - media: sta2x11: fix irq handler cast (stable-fixes). - media: stk1160: fix bounds checking in stk1160_copy_video() (git-fixes). - media: sunxi: a83-mips-csi2: also select GENERIC_PHY (git-fixes). - media: uvcvideo: Add quirk for Logitech Rally Bar (git-fixes). - media: v4l: Do not turn on privacy LED if streamon fails (git-fixes). - media: v4l2-subdev: Fix stream handling for crop API (git-fixes). - mei: me: add arrow lake point H DID (stable-fixes). - mei: me: add arrow lake point S DID (stable-fixes). - mei: me: add lunar lake point M DID (stable-fixes). - mei: me: disable RPL-S on SPS and IGN firmwares (git-fixes). - mlxbf_gige: call request_irq() after NAPI initialized (git-fixes). - mlxbf_gige: stop interface during shutdown (git-fixes). - mlxbf_gige: stop PHY during open() error paths (git-fixes). - mlxsw: Use refcount_t for reference counting (git-fixes). - mm_init kABI workaround (git-fixes). - mm,page_owner: check for null stack_record before bumping its refcount (bsc#1222366). - mm,page_owner: Defer enablement of static branch (bsc#1222366). - mm,page_owner: drop unnecessary check (bsc#1222366). - mm,page_owner: Fix accounting of pages when migrating (bsc#1222366). - mm,page_owner: Fix printing of stack records (bsc#1222366). - mm,page_owner: fix recursion (bsc#1222366). - mm,page_owner: Fix refcount imbalance (bsc#1222366). - mm,page_owner: Update metadata for tail pages (bsc#1222366). - mm: memcg: do not periodically flush stats when memcg is disabled (bsc#1222525). - mm: memcg: use larger batches for proactive reclaim (bsc#1222522). - mm: page_owner: fix wrong information in dump_page_owner (git-fixes). - mm/slab: make __free(kfree) accept error pointers (git-fixes). - mmc: core: Add HS400 tuning in HS400es initialization (stable-fixes). - mmc: core: Avoid negative index with array access (git-fixes). - mmc: core: Initialize mmc_blk_ioc_data (git-fixes). - mmc: davinci: Do not strip remove function when driver is builtin (git-fixes). - mmc: omap: fix broken slot switch lookup (git-fixes). - mmc: omap: fix deferred probe (git-fixes). - mmc: omap: restore original power up/down steps (git-fixes). - mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock (git-fixes). - mmc: sdhci_am654: Add OTAP/ITAP delay enable (git-fixes). - mmc: sdhci_am654: Add tuning algorithm for delay chain (git-fixes). - mmc: sdhci_am654: Fix ITAPDLY for HS400 timing (git-fixes). - mmc: sdhci_am654: Write ITAPDLY for DDR52 timing (git-fixes). - mmc: sdhci-msm: pervent access to suspended controller (git-fixes). - mmc: sdhci-omap: re-tuning is needed after a pm transition to support emmc HS200 mode (git-fixes). - modpost: Add '.ltext' and '.ltext.*' to TEXT_SECTIONS (stable-fixes). - mptcp: annotate data-races around msk->rmem_fwd_alloc (git-fixes). - mptcp: fix bogus receive window shrinkage with multiple subflows (git-fixes). - mptcp: move __mptcp_error_report in protocol.c (git-fixes). - mptcp: process pending subflow error on close (git-fixes). - mptcp: Remove unnecessary test for __mptcp_init_sock() (git-fixes). - mtd: core: Report error if first mtd_otp_size() call fails in mtd_otp_nvmem_add() (git-fixes). - mtd: diskonchip: work around ubsan link failure (stable-fixes). - mtd: rawnand: hynix: fixed typo (git-fixes). - mtd: spinand: Add support for 5-byte IDs (stable-fixes). - net: add netdev_lockdep_set_classes() to virtual drivers (git-fixes). - net: annotate data-races around sk->sk_bind_phc (git-fixes). - net: annotate data-races around sk->sk_forward_alloc (git-fixes). - net: annotate data-races around sk->sk_lingertime (git-fixes). - net: annotate data-races around sk->sk_tsflags (git-fixes). - net: bonding: remove kernel-doc comment marker (git-fixes). - net: cfg802154: fix kernel-doc notation warnings (git-fixes). - net: dsa: microchip: fix register write order in ksz8_ind_write8() (git-fixes). - net: dsa: mt7530: fix handling of all link-local frames (git-fixes). - net: dsa: mt7530: fix link-local frames that ingress vlan filtering ports (git-fixes). - net: dsa: mt7530: prevent possible incorrect XTAL frequency selection (git-fixes). - net: dsa: mt7530: trap link-local frames regardless of ST Port State (git-fixes). - net: dsa: sja1105: Fix parameters order in sja1110_pcs_mdio_write_c45() (git-fixes). - net: ena: Fix incorrect descriptor free behavior (git-fixes). - net: ena: Fix potential sign extension issue (git-fixes). - net: ena: Move XDP code to its new files (git-fixes). - net: ena: Pass ena_adapter instead of net_device to ena_xmit_common() (git-fixes). - net: ena: Remove ena_select_queue (git-fixes). - net: ena: Set tx_info->xdpf value to NULL (git-fixes). - net: ena: Use tx_ring instead of xdp_ring for XDP channel TX (git-fixes). - net: ena: Wrong missing IO completions check order (git-fixes). - net: ethernet: mtk_eth_soc: fix PPE hanging issue (git-fixes). - net: ethernet: ti: cpsw: enable mac_managed_pm to fix mdio (git-fixes). - net: fec: Set mac_managed_pm during probe (git-fixes). - net: hns3: fix index limit to support all queue stats (git-fixes). - net: hns3: fix kernel crash when 1588 is received on HIP08 devices (git-fixes). - net: hns3: fix kernel crash when devlink reload during pf initialization (git-fixes). - net: hns3: fix port duplex configure error in IMP reset (git-fixes). - net: hns3: fix wrong judgment condition issue (git-fixes). - net: hns3: mark unexcuted loopback test result as UNEXECUTED (git-fixes). - net: hns3: tracing: fix hclgevf trace event strings (git-fixes). - net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() (git-fixes). - net: ks8851: Handle softirqs at the end of IRQ thread to fix hang (git-fixes). - net: ks8851: Inline ks8851_rx_skb() (git-fixes). - net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs (git-fixes). - net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips (git-fixes). - net: libwx: fix memory leak on free page (git-fixes). - net: ll_temac: platform_get_resource replaced by wrong function (git-fixes). - net: llc: fix kernel-doc notation warnings (git-fixes). - net: mana: Fix Rx DMA datasize and skb_over_panic (git-fixes). - net: mediatek: mtk_eth_soc: clear MAC_MCR_FORCE_LINK only when MAC is up (git-fixes). - net: nfc: remove inappropriate attrs check (stable-fixes). - net: NSH: fix kernel-doc notation warning (git-fixes). - net: pcs: xpcs: Return EINVAL in the internal methods (git-fixes). - net: phy: fix phy_read_poll_timeout argument type in genphy_loopback (git-fixes). - net: phy: micrel: Fix potential null pointer dereference (git-fixes). - net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping (git-fixes). - net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8061 (git-fixes). - net: phy: phy_device: Prevent nullptr exceptions on ISR (git-fixes). - net: phy: phy_device: Prevent nullptr exceptions on ISR (stable-fixes). - net: ravb: Always process TX descriptor ring (git-fixes). - net: ravb: Always update error counters (git-fixes). - net: ravb: Let IP-specific receive function to interrogate descriptors (git-fixes). - net: smsc95xx: add support for SYS TEC USB-SPEmodule1 (git-fixes). - net: sparx5: Fix use after free inside sparx5_del_mact_entry (git-fixes). - net: sparx5: fix wrong config being used when reconfiguring PCS (git-fixes). - net: sparx5: flower: fix fragment flags handling (git-fixes). - net: stmmac: dwmac-starfive: Add support for JH7100 SoC (git-fixes). - net: stmmac: Fix incorrect dereference in interrupt handlers (git-fixes). - net: stmmac: fix rx queue priority assignment (git-fixes). - net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr() (git-fixes). - net: tcp: fix unexcepted socket die when snd_wnd is 0 (git-fixes). - net: tls, fix WARNIING in __sk_msg_free (bsc#1221858). - net: tls: fix returned read length with async decrypt (bsc#1221858). - net: tls: fix use-after-free with partial reads and async (bsc#1221858). - net: usb: ax88179_178a: avoid the interface always configured as random address (git-fixes). - net: usb: ax88179_178a: avoid writing the mac address before first reading (git-fixes). - net: usb: ax88179_178a: fix link status when link is set to down/up (git-fixes). - net: usb: ax88179_178a: stop lying about skb->truesize (git-fixes). - net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (git-fixes). - net: usb: smsc95xx: stop lying about skb->truesize (git-fixes). - net: usb: sr9700: stop lying about skb->truesize (git-fixes). - net: Use sockaddr_storage for getsockopt(SO_PEERNAME) (git-fixes). - net: veth: do not manipulate GRO when using XDP (git-fixes). - net: wwan: t7xx: Split 64bit accesses to fix alignment issues (git-fixes). - net:usb:qmi_wwan: support Rolling modules (stable-fixes). - net/mlx5: Correctly compare pkt reformat ids (git-fixes). - net/mlx5: E-switch, Change flow rule destination checking (git-fixes). - net/mlx5: E-switch, store eswitch pointer before registering devlink_param (git-fixes). - net/mlx5: Fix fw reporter diagnose output (git-fixes). - net/mlx5: Fix peer devlink set for SF representor devlink port (git-fixes). - net/mlx5: Lag, restore buckets number to default after hash LAG deactivation (git-fixes). - net/mlx5: offset comp irq index in name by one (git-fixes). - net/mlx5: Properly link new fs rules into the tree (git-fixes). - net/mlx5: Register devlink first under devlink lock (git-fixes). - net/mlx5: Restore mistakenly dropped parts in register devlink flow (git-fixes). - net/mlx5: SF, Stop waiting for FW as teardown was called (git-fixes). - net/mlx5e: Change the warning when ignore_flow_level is not supported (git-fixes). - net/mlx5e: Do not produce metadata freelist entries in Tx port ts WQE xmit (git-fixes). - net/mlx5e: Fix MACsec state loss upon state update in offload path (git-fixes). - net/mlx5e: Fix mlx5e_priv_init() cleanup flow (git-fixes). - net/mlx5e: HTB, Fix inconsistencies with QoS SQs number (git-fixes). - net/mlx5e: RSS, Block changing channels number when RXFH is configured (git-fixes). - net/mlx5e: RSS, Block XOR hash with over 128 channels (git-fixes). - net/mlx5e: Switch to using _bh variant of of spinlock API in port timestamping NAPI poll context (git-fixes). - net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map (git-fixes). - net/smc: bugfix for smcr v2 server connect success statistic (git-fixes). - net/smc: fix documentation of buffer sizes (git-fixes). - net/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add (git-fixes). - net/x25: fix incorrect parameter validation in the x25_getsockopt() function (git-fixes). - netfilter: nf_tables: disable toggling dormant table state more than once (git-fixes). - netfilter: nf_tables: uapi: Describe NFTA_RULE_CHAIN_ID (git-fixes). - netfilter: nft_ct: fix l3num expectations with inet pseudo family (git-fixes). - netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention (git-fixes). - nf_conntrack: fix -Wunused-const-variable= (git-fixes). - nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() (git-fixes). - nfc: nci: Fix kcov check in nci_rx_work() (git-fixes). - nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet (git-fixes). - nfc: nci: Fix uninit-value in nci_rx_work (git-fixes). - NFC: trf7970a: disable all regulators on removal (git-fixes). - nfp: flower: handle acti_netdevs allocation failure (git-fixes). - NFS: Fix an off by one in root_nfs_cat() (git-fixes). - NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt (git-fixes). - nfs: fix panic when nfs4_ff_layout_prepare_ds() fails (git-fixes). - NFS: Read unlock folio on nfs_page_create_from_folio() error (git-fixes). - NFSD: change LISTXATTRS cookie encoding to big-endian (git-fixes). - NFSD: Convert the callback workqueue to use delayed_work (git-fixes). - nfsd: do not call locks_release_private() twice concurrently (git-fixes). - nfsd: Fix a regression in nfsd_setattr() (git-fixes). - NFSD: fix LISTXATTRS returning a short list with eof=TRUE (git-fixes). - NFSD: fix LISTXATTRS returning more bytes than maxcount (git-fixes). - NFSD: Fix nfsd_clid_class use of __string_len() macro (git-fixes). - NFSD: fix nfsd4_listxattr_validate_cookie (git-fixes). - NFSD: Reschedule CB operations when backchannel rpc_clnt is shut down (git-fixes). - NFSD: Reset cb_seq_status after NFS4ERR_DELAY (git-fixes). - NFSD: Retransmit callbacks after client reconnects (git-fixes). - nfsd: use __fput_sync() to avoid delayed closing of files (bsc#1223380 bsc#1217408). - NFSv4.1/pnfs: fix NFS with TLS in pnfs (git-fixes). - NFSv4.2: fix listxattr maximum XDR buffer size (git-fixes). - NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (git-fixes). - nilfs2: fix OOB in nilfs_set_de_type (git-fixes). - nilfs2: fix out-of-range warning (git-fixes). - nilfs2: fix potential bug in end_buffer_async_write (git-fixes). - nilfs2: fix unexpected freezing of nilfs_segctor_sync() (git-fixes). - nilfs2: fix use-after-free of timer for log writer thread (git-fixes). - nilfs2: make superblock data array index computation sparse friendly (git-fixes). - nouveau: fix devinit paths to only handle display on GSP (git-fixes). - nouveau: fix function cast warning (git-fixes). - nouveau: fix instmem race condition around ptr stores (git-fixes). - nouveau: lock the client object tree (stable-fixes). - nouveau: reset the bo resource bus info after an eviction (git-fixes). - nouveau/dmem: handle kcalloc() allocation failure (git-fixes). - nouveau/gsp: do not check devinit disable on GSP (git-fixes). - nouveau/uvmm: fix addr/range calcs for remap operations (git-fixes). - nvdimm: make nvdimm_bus_type const (jsc#PED-5853). - nvdimm/pmem: fix leak on dax_add_host() failure (jsc#PED-5853). - nvdimm/pmem: Treat alloc_dax() -EOPNOTSUPP failure as non-fatal (jsc#PED-5853). - nvme-fc: do not wait in vain when unloading module (git-fixes). - nvme-pci: Add quirk for broken MSIs (git-fixes). - nvme-tcp: strict pdu pacing to avoid send stalls on TLS (bsc#1221858). - nvme: fix reconnection fail due to reserved tag allocation (git-fixes). - nvme: fix warn output about shared namespaces without CONFIG_NVME_MULTIPATH (git-fixes). - nvmet-fc: abort command when there is no binding (git-fixes). - nvmet-fc: avoid deadlock on delete association path (git-fixes). - nvmet-fc: defer cleanup using RCU properly (git-fixes). - nvmet-fc: hold reference on hostport match (git-fixes). - nvmet-fc: release reference on target port (git-fixes). - nvmet-fc: take ref count on tgtport before delete assoc (git-fixes). - nvmet-fcloop: swap the list_add_tail arguments (git-fixes). - nvmet-tcp: fix nvme tcp ida memory leak (git-fixes). - octeontx2-af: Add array index check (git-fixes). - octeontx2-af: Fix devlink params (git-fixes). - octeontx2-af: Fix issue with loading coalesced KPU profiles (git-fixes). - octeontx2-af: Fix NIX SQ mode and BP config (git-fixes). - Octeontx2-af: fix pause frame configuration in GMP mode (git-fixes). - octeontx2-af: Use matching wake_up API variant in CGX command interface (git-fixes). - octeontx2-af: Use separate handlers for interrupts (git-fixes). - octeontx2-pf: check negative error code in otx2_open() (git-fixes). - octeontx2-pf: fix FLOW_DIS_IS_FRAGMENT implementation (git-fixes). - octeontx2-pf: Fix transmit scheduler resource leak (git-fixes). - octeontx2-pf: Send UP messages to VF only when VF is up (git-fixes). - octeontx2-pf: Use default max_active works instead of one (git-fixes). - octeontx2-pf: Wait till detach_resources msg is complete (git-fixes). - octeontx2: Detect the mbox up or down message via register (git-fixes). - of: dynamic: Synchronize of_changeset_destroy() with the devlink removals (git-fixes). - of: module: add buffer overflow check in of_modalias() (git-fixes). - of: module: prevent NULL pointer dereference in vsnprintf() (stable-fixes). - of: property: Add in-ports/out-ports support to of_graph_get_port_parent() (stable-fixes). - of: property: fix typo in io-channels (git-fixes). - of: property: fw_devlink: Fix stupid bug in remote-endpoint parsing (git-fixes). - of: property: Improve finding the consumer of a remote-endpoint property (git-fixes). - of: property: Improve finding the supplier of a remote-endpoint property (git-fixes). - of: unittest: Fix compile in the non-dynamic case (git-fixes). - PCI: Delay after FLR of Solidigm P44 Pro NVMe (stable-fixes). - PCI: Disable D3cold on Asus B1400 PCI-NVMe bridge (stable-fixes). - PCI: dwc: ep: Fix DBI access failure for drivers requiring refclk from host (git-fixes). - PCI: Execute quirk_enable_clear_retrain_link() earlier (stable-fixes). - PCI: Fix typos in docs and comments (stable-fixes). - PCI: hv: Fix ring buffer size calculation (git-fixes). - PCI: Make link retraining use RMW accessors for changing LNKCTL (git-fixes). - PCI: qcom: Add support for sa8775p SoC (git-fixes). - PCI: qcom: Disable ASPM L0s for sc8280xp, sa8540p and sa8295p (git-fixes). - PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id (git-fixes). - PCI: rpaphp: Error out on busy status from get-sensor-state (bsc#1223369 ltc#205888). - PCI: Simplify pcie_capability_clear_and_set_word() to ..._clear_word() (stable-fixes). - PCI: switchtec: Add support for PCIe Gen5 devices (stable-fixes). - PCI: switchtec: Use normal comment style (stable-fixes). - PCI: tegra194: Fix probe path for Endpoint mode (git-fixes). - PCI/AER: Block runtime suspend when handling errors (stable-fixes). - PCI/ASPM: Use RMW accessors for changing LNKCTL (git-fixes). - PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports (stable-fixes). - PCI/DPC: Use FIELD_GET() (stable-fixes). - PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3 (git-fixes). - PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3 (git-fixes). - PCI/PM: Drain runtime-idle callbacks before driver removal (stable-fixes). - peci: linux/peci.h: fix Excess kernel-doc description warning (git-fixes). - perf tests: Make data symbol test wait for perf to start (bsc#1220045). - perf tests: Skip data symbol test if buf1 symbol is missing (bsc#1220045). - perf/x86/amd/core: Avoid register reset when CPU is dead (git-fixes). - perf/x86/amd/core: Update and fix stalled-cycles-* events for Zen 2 and later (git-fixes). - perf/x86/amd/lbr: Use freeze based on availability (git-fixes). - perf/x86/intel: Expose existence of callback support to KVM (git-fixes). - phy: freescale: imx8m-pcie: fix pcie link-up instability (git-fixes). - phy: marvell: a3700-comphy: Fix hardcoded array size (git-fixes). - phy: marvell: a3700-comphy: Fix out of bounds read (git-fixes). - phy: rockchip-snps-pcie3: fix bifurcation on rk3588 (git-fixes). - phy: rockchip-snps-pcie3: fix clearing PHP_GRF_PCIESEL_CON bits (git-fixes). - phy: rockchip: naneng-combphy: Fix mux on rk3588 (git-fixes). - phy: ti: tusb1210: Resolve charger-det crash if charger psy is unregistered (git-fixes). - pinctrl: armada-37xx: remove an unused variable (git-fixes). - pinctrl: baytrail: Fix selecting gpio pinctrl state (git-fixes). - pinctrl: core: delete incorrect free in pinctrl_enable() (git-fixes). - pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() (git-fixes). - pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback (git-fixes). - pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE (git-fixes). - pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T (git-fixes). - pinctrl: qcom: pinctrl-sm7150: Fix sdc1 and ufs special pins regs (git-fixes). - pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs (stable-fixes). - pinctrl/meson: fix typo in PDM's pin name (git-fixes). - platform/chrome: cros_ec_uart: properly fix race condition (git-fixes). - platform/x86: intel-vbtn: Update tablet mode switch at end of probe (git-fixes). - platform/x86: ISST: Add Granite Rapids-D to HPM CPU list (stable-fixes). - platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet (stable-fixes). - platform/x86: x86-android-tablets: Fix acer_b1_750_goodix_gpios name (stable-fixes). - platform/x86: xiaomi-wmi: Fix race condition when reporting key events (git-fixes). - platform/x86/amd/pmc: Extend Framework 13 quirk to more BIOSes (stable-fixes). - platform/x86/intel-uncore-freq: Do not present root domain on error (git-fixes). - PM / devfreq: Synchronize devfreq_monitor_[start/stop] (stable-fixes). - PM: s2idle: Make sure CPUs will wakeup directly on resume (git-fixes). - power: rt9455: hide unused rt9455_boost_voltage_values (git-fixes). - power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator (git-fixes). - powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191). - powerpc/crypto/chacha-p10: Fix failure on non Power10 (bsc#1218205). - powerpc/eeh: Permanently disable the removed device (bsc#1223991 ltc#205740). - powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks (git-fixes). - powerpc/pseries: make max polling consistent for longer H_CALLs (bsc#1215199). - powerpc/pseries/vio: Do not return ENODEV if node or compatible missing (bsc#1220783). - ppdev: Add an error check in register_device (git-fixes). - prctl: generalize PR_SET_MDWE support check to be per-arch (bsc#1225610). - printk: Add this_cpu_in_panic() (bsc#1225607). - printk: Adjust mapping for 32bit seq macros (bsc#1225607). - printk: Avoid non-panic CPUs writing to ringbuffer (bsc#1225607). - printk: Consolidate console deferred printing (bsc#1225607). - printk: Disable passing console lock owner completely during panic() (bsc#1225607). - printk: Do not take console lock for console_flush_on_panic() (bsc#1225607). - printk: For @suppress_panic_printk check for other CPU in panic (bsc#1225607). - printk: Keep non-panic-CPUs out of console lock (bsc#1225607). - printk: Let no_printk() use _printk() (bsc#1225618). - printk: nbcon: Relocate 32bit seq macros (bsc#1225607). - printk: Reduce console_unblank() usage in unsafe scenarios (bsc#1225607). - printk: Rename abandon_console_lock_in_panic() to other_cpu_in_panic() (bsc#1225607). - printk: ringbuffer: Clarify special lpos values (bsc#1225607). - printk: ringbuffer: Cleanup reader terminology (bsc#1225607). - printk: ringbuffer: Do not skip non-finalized records with prb_next_seq() (bsc#1225607). - printk: ringbuffer: Skip non-finalized records in panic (bsc#1225607). - printk: Update @console_may_schedule in console_trylock_spinning() (bsc#1225616). - printk: Use prb_first_seq() as base for 32bit seq macros (bsc#1225607). - printk: Wait for all reserved records with pr_flush() (bsc#1225607). - proc/kcore: do not try to access unaccepted memory (git-fixes). - pstore: inode: Convert mutex usage to guard(mutex) (stable-fixes). - pstore: inode: Only d_invalidate() is needed (git-fixes). - pstore/zone: Add a null pointer check to the psz_kmsg_read (stable-fixes). - pwm: img: fix pwm clock lookup (git-fixes). - qibfs: fix dentry leak (git-fixes) - r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d (git-fixes). - r8169: skip DASH fw status checks when DASH is disabled (git-fixes). - random: handle creditable entropy from atomic process context (git-fixes). - RAS/AMD/FMPM: Avoid NULL ptr deref in get_saved_records() (jsc#PED-7619). - RAS/AMD/FMPM: Fix build when debugfs is not enabled (jsc#PED-7619). - RAS/AMD/FMPM: Safely handle saved records of various sizes (jsc#PED-7619). - RDMA/cm: add timeout to cm_destroy_id wait (git-fixes) - RDMA/cm: Print the old state when cm_destroy_id gets timeout (git-fixes) - RDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw (git-fixes) - RDMA/hns: Add max_ah and cq moderation capacities in query_device() (git-fixes) - RDMA/hns: Fix deadlock on SRQ async events. (git-fixes) - RDMA/hns: Fix GMV table pagesize (git-fixes) - RDMA/hns: Fix return value in hns_roce_map_mr_sg (git-fixes) - RDMA/hns: Fix UAF for cq async event (git-fixes) - RDMA/hns: Modify the print level of CQE error (git-fixes) - RDMA/hns: Use complete parentheses in macros (git-fixes) - RDMA/IPoIB: Fix format truncation compilation errors (git-fixes) - RDMA/mana_ib: Fix bug in creation of dma regions (git-fixes). - RDMA/mlx5: Adding remote atomic access flag to updatable flags (git-fixes) - RDMA/mlx5: Change check for cacheable mkeys (git-fixes) - RDMA/mlx5: Fix port number for counter query in multi-port configuration (git-fixes) - RDMA/mlx5: Uncacheable mkey has neither rb_key or cache_ent (git-fixes) - RDMA/rxe: Allow good work requests to be executed (git-fixes) - RDMA/rxe: Fix incorrect rxe_put in error path (git-fixes) - RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (git-fixes) - RDMA/rxe: Fix the problem 'mutex_destroy missing' (git-fixes) - regmap: Add regmap_read_bypassed() (git-fixes). - regmap: kunit: Ensure that changed bytes are actually different (stable-fixes). - regmap: maple: Fix cache corruption in regcache_maple_drop() (git-fixes). - regmap: maple: Fix uninitialized symbol 'ret' warnings (git-fixes). - regulator: bd71828: Do not overwrite runtime voltages (git-fixes). - regulator: change devm_regulator_get_enable_optional() stub to return Ok (git-fixes). - regulator: change stubbed devm_regulator_get_enable to return Ok (git-fixes). - regulator: core: fix debugfs creation regression (git-fixes). - regulator: mt6360: De-capitalize devicetree regulator subnodes (git-fixes). - regulator: tps65132: Add of_match table (stable-fixes). - remoteproc: k3-r5: Do not allow core1 to power up before core0 via sysfs (git-fixes). - remoteproc: k3-r5: Jump to error handling labels in start/stop errors (git-fixes). - remoteproc: k3-r5: Wait for core0 power-up before powering up core1 (git-fixes). - remoteproc: mediatek: Make sure IPI buffer fits in L2TCM (git-fixes). - remoteproc: stm32: Fix incorrect type assignment returned by stm32_rproc_get_loaded_rsc_tablef (git-fixes). - remoteproc: virtio: Fix wdg cannot recovery remote processor (git-fixes). - Revert 'ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default' (stable-fixes). - Revert 'ASoC: SOF: Intel: hda-dai-ops: only allocate/release streams for first CPU DAI' (stable-fixes). - Revert 'ASoC: SOF: Intel: hda-dai-ops: reset device count for SoundWire DAIs' (stable-fixes). - Revert 'drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()' (stable-fixes). - Revert 'drm/amd/display: Fix sending VSC (+ colorimetry) packets for DP/eDP displays without PSR' (stable-fixes). - Revert 'drm/amd/display: fix USB-C flag update after enc10 feature init' (stable-fixes). - Revert 'drm/amdkfd: fix gfx_target_version for certain 11.0.3 devices' (stable-fixes). - Revert 'drm/bridge: ti-sn65dsi83: Fix enable error path' (git-fixes). - Revert 'drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()' (stable-fixes). - Revert 'drm/qxl: simplify qxl_fence_wait' (git-fixes). - Revert 'iommu/amd: Enable PCI/IMS' (git-fixes). - Revert 'iommu/vt-d: Enable PCI/IMS' (git-fixes). - Revert 'net/mlx5: Block entering switchdev mode with ns inconsistency' (git-fixes). - Revert 'net/mlx5e: Check the number of elements before walk TC rhashtable' (git-fixes). - Revert 'PCI/MSI: Provide IMS (Interrupt Message Store) support' (git-fixes). - Revert 'PCI/MSI: Provide pci_ims_alloc/free_irq()' (git-fixes). - Revert 'PCI/MSI: Provide stubs for IMS functions' (git-fixes). - Revert 'selinux: introduce an initial SID for early boot processes' (bsc#1208593) It caused a regression on ALP-current branch, kernel-obs-qa build failed. - Revert 'thermal: core: Do not update trip points inside the hysteresis range' (git-fixes). - Revert 'usb: cdc-wdm: close race between read and workqueue' (git-fixes). - Revert 'usb: phy: generic: Get the vbus supply' (git-fixes). - ring-buffer: Do not set shortest_full when full target is hit (git-fixes). - ring-buffer: Fix a race between readers and resize checks (git-fixes). - ring-buffer: Fix full_waiters_pending in poll (git-fixes). - ring-buffer: Fix resetting of shortest_full (git-fixes). - ring-buffer: Fix waking up ring buffer readers (git-fixes). - ring-buffer: Make wake once of ring_buffer_wait() more robust (git-fixes). - ring-buffer: Only update pages_touched when a new page is touched (git-fixes). - ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment (git-fixes). - ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() (git-fixes). - rtc: mt6397: select IRQ_DOMAIN instead of depending on it (git-fixes). - s390/bpf: Emit a barrier for BPF_FETCH instructions (git-fixes bsc#1224792). - s390/cio: Ensure the copied buf is NUL terminated (git-fixes bsc#1223869). - s390/cio: fix tracepoint subchannel type field (git-fixes bsc#1224793). - s390/cpacf: Split and rework cpacf query functions (git-fixes bsc#1225133). - s390/cpum_cf: make crypto counters upward compatible across machine types (bsc#1224348). - s390/ipl: Fix incorrect initialization of len fields in nvme reipl block (git-fixes bsc#1225136). - s390/ipl: Fix incorrect initialization of nvme dump block (git-fixes bsc#1225134). - s390/ism: Properly fix receive message buffer allocation (git-fixes bsc#1223590). - s390/mm: Fix clearing storage keys for huge pages (git-fixes bsc#1223871). - s390/mm: Fix storage key clearing for guest huge pages (git-fixes bsc#1223872). - s390/qeth: Fix kernel panic after setting hsuid (git-fixes bsc#1223874). - s390/vdso: Add CFI for RA register to asm macro vdso_func (git-fixes bsc#1223870). - s390/vdso: drop '-fPIC' from LDFLAGS (git-fixes bsc#1223593). - s390/vtime: fix average steal time calculation (git-fixes bsc#1221783). - s390/zcrypt: fix reference counting on zcrypt card objects (git-fixes bsc#1223592). - sched/balancing: Rename newidle_balance() => sched_balance_newidle() (bsc#1222173). - sched/fair: Check root_domain::overload value before update (bsc#1222173). - sched/fair: Use helper functions to access root_domain::overload (bsc#1222173). - sched/psi: Select KERNFS as needed (git-fixes). - sched/topology: Optimize topology_span_sane() (bsc#1225053). - scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn (git-fixes). - scsi: core: Consult supported VPD page list prior to fetching page (git-fixes). - scsi: core: Fix unremoved procfs host directory regression (git-fixes). - scsi: csiostor: Avoid function pointer casts (git-fixes). - scsi: hisi_sas: Modify the deadline for ata_wait_after_reset() (git-fixes). - scsi: libsas: Add a helper sas_get_sas_addr_and_dev_type() (git-fixes). - scsi: libsas: Fix disk not being scanned in after being removed (git-fixes). - scsi: lpfc: Copyright updates for 14.4.0.1 patches (bsc#1221777). - scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() (bsc#1221777). - scsi: lpfc: Correct size for wqe for memset() (bsc#1221777). - scsi: lpfc: Define lpfc_dmabuf type for ctx_buf ptr (bsc#1221777). - scsi: lpfc: Define lpfc_nodelist type for ctx_ndlp ptr (bsc#1221777). - scsi: lpfc: Define types in a union for generic void *context3 ptr (bsc#1221777). - scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (bsc#1221777). - scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1221777). - scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1221777 bsc#1217959). - scsi: lpfc: Remove unnecessary log message in queuecommand path (bsc#1221777). - scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() (bsc#1221777). - scsi: lpfc: Update lpfc version to 14.4.0.1 (bsc#1221777). - scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic (bsc#1221777). - scsi: lpfc: Use a dedicated lock for ras_fwlog state (bsc#1221777). - scsi: mpi3mr: Reduce stack usage in mpi3mr_refresh_sas_ports() (git-fixes). - scsi: mpt3sas: Prevent sending diag_reset when the controller is ready (git-fixes). - scsi: mylex: Fix sysfs buffer lengths (git-fixes). - scsi: qla2xxx: Change debug message during driver unload (bsc1221816). - scsi: qla2xxx: Delay I/O Abort on PCI error (bsc1221816). - scsi: qla2xxx: Fix command flush on cable pull (bsc1221816). - scsi: qla2xxx: Fix double free of fcport (bsc1221816). - scsi: qla2xxx: Fix double free of the ha->vp_map pointer (bsc1221816). - scsi: qla2xxx: Fix N2N stuck connection (bsc1221816). - scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (git-fixes). - scsi: qla2xxx: NVME|FCP prefer flag not being honored (bsc1221816). - scsi: qla2xxx: Prevent command send on chip reset (bsc1221816). - scsi: qla2xxx: Split FCE|EFT trace control (bsc1221816). - scsi: qla2xxx: Update manufacturer detail (bsc1221816). - scsi: qla2xxx: Update version to 10.02.09.200-k (bsc1221816). - scsi: sd: Unregister device if device_add_disk() failed in sd_probe() (git-fixes). - scsi: sg: Avoid race in error handling & drop bogus warn (git-fixes). - scsi: sg: Avoid sg device teardown race (git-fixes). - scsi: smartpqi: Fix disable_managed_interrupts (git-fixes). - sctp: annotate data-races around sk->sk_wmem_queued (git-fixes). - sdhci-of-dwcmshc: disable PM runtime in dwcmshc_remove() (git-fixes). - selftests: default to host arch for LLVM builds (git-fixes). - selftests: forwarding: Fix ping failure due to short timeout (git-fixes). - selftests: kselftest: Fix build failure with NOLIBC (git-fixes). - selftests: kselftest: Mark functions that unconditionally call exit() as __noreturn (git-fixes). - selftests: net: bridge: increase IGMP/MLD exclude timeout membership interval (git-fixes). - selftests: net: kill smcrouted in the cleanup logic in amt.sh (git-fixes). - selftests: net: move amt to socat for better compatibility (git-fixes). - selftests: test_bridge_neigh_suppress.sh: Fix failures due to duplicate MAC (git-fixes). - selftests: timers: Convert posix_timers test to generate KTAP output (stable-fixes). - selftests: timers: Fix abs() warning in posix_timers test (git-fixes). - selftests: timers: Fix posix_timers ksft_print_msg() warning (git-fixes). - selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior (stable-fixes). - selftests: vxlan_mdb: Fix failures with old libnet (git-fixes). - selftests/binderfs: use the Makefile's rules, not Make's implicit rules (git-fixes). - selftests/bpf: add edge case backtracking logic test (bsc#1225756). - selftests/bpf: precision tracking test for BPF_NEG and BPF_END (bsc#1225756). - selftests/ftrace: Fix event filter target_func selection (stable-fixes). - selftests/ftrace: Limit length in subsystem-enable tests (git-fixes). - selftests/kcmp: remove unused open mode (git-fixes). - selftests/net: convert test_bridge_neigh_suppress.sh to run it in unique namespace (stable-fixes). - selftests/pidfd: Fix config for pidfd_setns_test (git-fixes). - selftests/powerpc/dexcr: Add -no-pie to hashchk tests (git-fixes). - selftests/powerpc/papr-vpd: Fix missing variable initialization (jsc#PED-4486 git-fixes). - selftests/resctrl: fix clang build failure: use LOCAL_HDRS (git-fixes). - selftests/timers/posix_timers: Reimplement check_timer_distribution() (git-fixes). - selinux: avoid dereference of garbage after mount failure (git-fixes). - selinux: introduce an initial SID for early boot processes (bsc#1208593). - serial: 8250_bcm7271: use default_mux_rate if possible (git-fixes). - serial: 8250_dw: Revert: Do not reclock if already at correct rate (git-fixes). - serial: 8250_exar: Do not remove GPIO device on suspend (git-fixes). - serial: 8520_mtk: Set RTS on shutdown for Rx in-band wakeup (git-fixes). - serial: core: Fix atomicity violation in uart_tiocmget (git-fixes). - serial: core: only stop transmit when HW fifo is empty (git-fixes). - serial: kgdboc: Fix NMI-safety problems from keyboard reset code (stable-fixes). - serial: Lock console when calling into driver before registration (git-fixes). - serial: max3100: Fix bitwise types (git-fixes). - serial: max3100: Lock port->lock when calling uart_handle_cts_change() (git-fixes). - serial: max3100: Update uart_driver_registered on driver removal (git-fixes). - serial: max310x: fix NULL pointer dereference in I2C instantiation (git-fixes). - serial: max310x: fix syntax error in IRQ error message (git-fixes). - serial: mxs-auart: add spinlock around changing cts state (git-fixes). - serial: sc16is7xx: add proper sched.h include for sched_set_fifo() (git-fixes). - serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler (git-fixes). - serial: sh-sci: protect invalidating RXDMA on shutdown (git-fixes). - serial: stm32: Reset .throttled state in .startup() (git-fixes). - serial/pmac_zilog: Remove flawed mitigation for rx irq flood (git-fixes). - SEV: disable SEV-ES DebugSwap by default (git-fixes). - slimbus: core: Remove usage of the deprecated ida_simple_xx() API (git-fixes). - slimbus: qcom-ngd-ctrl: Add timeout for wait operation (git-fixes). - soc: fsl: qbman: Always disable interrupts when taking cgr_lock (git-fixes). - soc: fsl: qbman: Use raw spinlock for cgr_lock (git-fixes). - soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE (git-fixes). - soc: microchip: Fix POLARFIRE_SOC_SYS_CTRL input prompt (stable-fixes). - soc: qcom: pmic_glink: do not traverse clients list without a lock (git-fixes). - soc: qcom: pmic_glink: Make client-lock non-sleeping (git-fixes). - soc: qcom: pmic_glink: notify clients about the current state (git-fixes). - soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request (git-fixes). - sock_diag: annotate data-races around sock_diag_handlers[family] (git-fixes). - soundwire: amd: fix for wake interrupt handling for clockstop mode (git-fixes). - speakup: Avoid crash on very long word (git-fixes). - speakup: Fix 8bit characters from direct synth (git-fixes). - speakup: Fix sizeof() vs ARRAY_SIZE() bug (git-fixes). - spi: Do not mark message DMA mapped when no transfer in it is (git-fixes). - spi: fix null pointer dereference within spi_sync (git-fixes). - spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs (git-fixes). - spi: intel-pci: Add support for Lunar Lake-M SPI serial flash (stable-fixes). - spi: lm70llp: fix links in doc and comments (git-fixes). - spi: lpspi: Avoid potential use-after-free in probe() (git-fixes). - spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe (git-fixes). - spi: microchip-core-qspi: fix setting spi bus clock rate (git-fixes). - spi: spi-fsl-lpspi: remove redundant spi_controller_put call (git-fixes). - spi: spi-mt65xx: Fix NULL pointer access in interrupt handler (git-fixes). - spi: stm32: Do not warn about spurious interrupts (git-fixes). - spi: xilinx: Fix kernel documentation in the xilinx_spi.h (git-fixes). - spmi: hisi-spmi-controller: Do not override device identifier (git-fixes). - staging: vc04_services: changen strncpy() to strscpy_pad() (stable-fixes). - staging: vc04_services: fix information leak in create_component() (git-fixes). - staging: vt6655: Remove unused declaration of RFbAL7230SelectChannelPostProcess() (git-fixes). - stmmac: Clear variable when destroying workqueue (git-fixes). - SUNRPC: fix a memleak in gss_import_v2_context (git-fixes). - SUNRPC: fix some memleaks in gssx_dec_option_array (git-fixes). - supported.conf: support tcp_dctcp module (jsc#PED-8111) - swiotlb: extend buffer pre-padding to alloc_align_mask if necessary (bsc#1224331) - swiotlb: Fix alignment checks when both allocation and DMA masks are (bsc#1224331) - swiotlb: Fix double-allocation of slots due to broken alignment (bsc#1224331) - swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc() (bsc#1224331) - swiotlb: use the calculated number of areas (git-fixes). - thermal: devfreq_cooling: Fix perf state when calculate dfc res_util (git-fixes). - thermal/drivers/qcom/lmh: Check for SCM availability at probe (git-fixes). - thermal/drivers/tsens: Fix null pointer dereference (git-fixes). - thermal/of: Assume polling-delay(-passive) 0 when absent (stable-fixes). - thunderbolt: Avoid notify PM core about runtime PM resume (stable-fixes). - thunderbolt: Do not create DisplayPort tunnels on adapters of the same router (git-fixes). - thunderbolt: Fix wake configurations after device unplug (stable-fixes). - thunderbolt: Introduce tb_path_deactivate_hop() (stable-fixes). - thunderbolt: Introduce tb_port_reset() (stable-fixes). - thunderbolt: Make tb_switch_reset() support Thunderbolt 2, 3 and USB4 routers (stable-fixes). - thunderbolt: Reset only non-USB4 host routers in resume (git-fixes). - tls: break out of main loop when PEEK gets a non-data record (bsc#1221858). - tls: do not skip over different type records from the rx_list (bsc#1221858). - tls: fix peeking with sync+async decryption (bsc#1221858). - tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1221858). - tools/arch/x86/intel_sdsi: Fix maximum meter bundle length (git-fixes). - tools/arch/x86/intel_sdsi: Fix meter_certificate decoding (git-fixes). - tools/arch/x86/intel_sdsi: Fix meter_show display (git-fixes). - tools/latency-collector: Fix -Wformat-security compile warns (git-fixes). - tools/power turbostat: Expand probe_intel_uncore_frequency() (bsc#1221765). - tools/power/turbostat: Fix uncore frequency file string (bsc#1221765). - tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer (git-fixes). - tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test (git-fixes). - tracing: Have saved_cmdlines arrays all in one allocation (git-fixes). - tracing: hide unused ftrace_event_id_fops (git-fixes). - tracing: Remove precision vsnprintf() check from print event (git-fixes). - tracing: Use .flush() call to wake up readers (git-fixes). - tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string (git-fixes). - tracing/ring-buffer: Fix wait_on_pipe() race (git-fixes). - tty: n_gsm: fix missing receive state reset after mode switch (git-fixes). - tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (git-fixes). - tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT (git-fixes). - tty: vt: fix 20 vs 0x20 typo in EScsiignore (git-fixes). - ubifs: dbg_check_idx_size: Fix kmemleak if loading znode failed (git-fixes). - ubifs: fix sort function prototype (git-fixes). - ubifs: Queue up space reservation tasks if retrying many times (git-fixes). - ubifs: Remove unreachable code in dbg_check_ltab_lnum (git-fixes). - ubifs: Set page uptodate in the correct place (git-fixes). - usb: aqc111: stop lying about skb->truesize (git-fixes). - usb: audio-v2: Correct comments for struct uac_clock_selector_descriptor (git-fixes). - usb: cdc-wdm: close race between read and workqueue (git-fixes). - USB: core: Add hub_get() and hub_put() routines (stable-fixes). - USB: core: Fix access violation during port device removal (git-fixes). - USB: core: Fix deadlock in port 'disable' sysfs attribute (stable-fixes). - USB: core: Fix deadlock in usb_deauthorize_interface() (git-fixes). - usb: Disable USB3 LPM at shutdown (stable-fixes). - usb: dwc2: gadget: Fix exiting from clock gating (git-fixes). - usb: dwc2: gadget: LPM flow fix (git-fixes). - usb: dwc2: host: Fix dereference issue in DDMA completion flow (git-fixes). - usb: dwc2: host: Fix hibernation flow (git-fixes). - usb: dwc2: host: Fix ISOC flow in DDMA mode (git-fixes). - usb: dwc2: host: Fix remote wakeup from hibernation (git-fixes). - usb: dwc3-am62: Disable wakeup at remove (git-fixes). - usb: dwc3-am62: fix module unload/reload behavior (git-fixes). - usb: dwc3-am62: Rename private data (git-fixes). - usb: dwc3: core: Prevent phy suspend during init (Git-fixes). - usb: dwc3: pci: Drop duplicate ID (git-fixes). - usb: dwc3: Properly set system wakeup (git-fixes). - usb: dwc3: Wait unconditionally after issuing EndXfer command (git-fixes). - usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device (bsc#1220569). - usb: fotg210: Add missing kernel doc description (git-fixes). - usb: gadget: composite: fix OS descriptors w_value logic (git-fixes). - usb: gadget: f_fs: Fix a race condition when processing setup packets (git-fixes). - usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (git-fixes). - usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error (stable-fixes). - usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin (git-fixes). - usb: gadget: u_audio: Clear uac pointer when freed (git-fixes). - usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind (git-fixes). - usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR (stable-fixes). - usb: gadget: uvc: use correct buffer size when parsing configfs lists (git-fixes). - usb: ohci: Prevent missed ohci interrupts (git-fixes). - usb: phy: generic: Get the vbus supply (git-fixes). - USB: serial: add device ID for VeriFone adapter (stable-fixes). - USB: serial: cp210x: add ID for MGP Instruments PDS100 (stable-fixes). - USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M (stable-fixes). - USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB (stable-fixes). - USB: serial: option: add Fibocom FM135-GL variants (stable-fixes). - USB: serial: option: add Lonsung U8300/U9300 product (stable-fixes). - USB: serial: option: add MeiG Smart SLM320 product (stable-fixes). - USB: serial: option: add Rolling RW101-GL and RW135-GL support (stable-fixes). - USB: serial: option: add support for Fibocom FM650/FG650 (stable-fixes). - USB: serial: option: add Telit FN920C04 rmnet compositions (stable-fixes). - USB: serial: option: support Quectel EM060K sub-models (stable-fixes). - usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined (stable-fixes). - usb: typec: Return size of buffer if pd_set operation succeeds (git-fixes). - usb: typec: tcpci: add generic tcpci fallback compatible (stable-fixes). - usb: typec: tcpm: Check for port partner validity before consuming it (git-fixes). - usb: typec: tcpm: clear pd_event queue in PORT_RESET (git-fixes). - usb: typec: tcpm: Correct port source pdo array in pd_set callback (git-fixes). - usb: typec: tcpm: Correct the PDO counting in pd_set (git-fixes). - usb: typec: tcpm: fix double-free issue in tcpm_port_unregister_pd() (git-fixes). - usb: typec: tcpm: unregister existing source caps before re-registration (git-fixes). - usb: typec: tcpm: Update PD of Type-C port upon pd_set (git-fixes). - usb: typec: tipd: fix event checking for tps6598x (git-fixes). - usb: typec: ucsi_acpi: Refactor and fix DELL quirk (git-fixes). - usb: typec: ucsi: Ack unsupported commands (stable-fixes). - usb: typec: ucsi: always register a link to USB PD device (git-fixes). - usb: typec: ucsi: Check for notifications after init (git-fixes). - usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros (git-fixes). - usb: typec: ucsi: Clear EVENT_PENDING under PPM lock (git-fixes). - usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset (stable-fixes). - usb: typec: ucsi: displayport: Fix potential deadlock (git-fixes). - usb: typec: ucsi: Fix connector check on init (git-fixes). - usb: typec: ucsi: Fix race between typec_switch and role_switch (git-fixes). - usb: typec: ucsi: Limit read size on v1.2 (stable-fixes). - usb: typec: ucsi: simplify partner's PD caps registration (git-fixes). - USB: UAS: return ENODEV when submit urbs fail with device not attached (stable-fixes). - usb: udc: remove warning when queue disabled ep (stable-fixes). - usb: xhci-plat: Do not include xhci.h (stable-fixes). - usb: xhci: Add error handling in xhci_map_urb_for_dma (git-fixes). - usb: xhci: correct return value in case of STS_HCE (git-fixes). - usb: xhci: Implement xhci_handshake_check_state() helper. - vboxsf: Avoid an spurious warning if load_nls_xxx() fails (git-fixes). - vboxsf: explicitly deny setlease attempts (stable-fixes). - vdpa_sim: reset must not run (git-fixes). - vdpa/mlx5: Allow CVQ size changes (git-fixes). - veth: try harder when allocating queue memory (git-fixes). - vhost: Add smp_rmb() in vhost_enable_notify() (git-fixes). - vhost: Add smp_rmb() in vhost_vq_avail_empty() (git-fixes). - virtio_net: Do not send RSS key if it is not supported (git-fixes). - virtio-blk: Ensure no requests in virtqueues before deleting vqs (git-fixes). - virtio: treat alloc_dax() -EOPNOTSUPP failure as non-fatal (bsc#1223944). - VMCI: Fix an error handling path in vmci_guest_probe_device() (git-fixes). - VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() (stable-fixes). - vmci: prevent speculation leaks by sanitizing event in event_deliver() (git-fixes). - vsock/virtio: fix packet delivery to tap device (git-fixes). - watchdog: bd9576: Drop 'always-running' property (git-fixes). - watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger (git-fixes). - watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin (git-fixes). - watchdog: sa1100: Fix PTR_ERR_OR_ZERO() vs NULL check in sa1100dog_probe() (git-fixes). - wifi: ar5523: enable proper endpoint verification (git-fixes). - wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (git-fixes). - wifi: ath10k: poll service ready message before failing (git-fixes). - wifi: ath10k: populate board data for WCN3990 (git-fixes). - wifi: ath11k: decrease MHI channel buffer length to 8KB (bsc#1207948). - wifi: ath11k: do not force enable power save on non-running vdevs (git-fixes). - wifi: ath12k: fix out-of-bound access of qmi_invoke_handler() (git-fixes). - wifi: ath12k: Update Qualcomm Innovation Center, Inc. copyrights (stable-fixes). - wifi: ath9k: fix LNA selection in ath_ant_try_scan() (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro (stable-fixes). - wifi: brcmfmac: add per-vendor feature detection callback (stable-fixes). - wifi: brcmfmac: cfg80211: Use WSEC to set SAE password (stable-fixes). - wifi: brcmfmac: Demote vendor-specific attach/detach messages to info (git-fixes). - wifi: brcmfmac: pcie: handle randbuf allocation failure (git-fixes). - wifi: carl9170: add a proper sanity check for endpoints (git-fixes). - wifi: carl9170: re-fix fortified-memset warning (git-fixes). - wifi: cfg80211: check A-MSDU format more carefully (stable-fixes). - wifi: cfg80211: fix rdev_dump_mpp() arguments order (stable-fixes). - wifi: ieee80211: fix ieee80211_mle_basic_sta_prof_size_ok() (git-fixes). - wifi: iwlwifi: fw: do not always use FW dump trig (git-fixes). - wifi: iwlwifi: fw: fix compile w/o CONFIG_ACPI (git-fixes). - wifi: iwlwifi: mvm: allocate STA links only for active links (git-fixes). - wifi: iwlwifi: mvm: fix active link counting during recovery (git-fixes). - wifi: iwlwifi: mvm: fix check in iwl_mvm_sta_fw_id_mask (git-fixes). - wifi: iwlwifi: mvm: guard against invalid STA ID on removal (stable-fixes). - wifi: iwlwifi: mvm: include link ID when releasing frames (git-fixes). - wifi: iwlwifi: mvm: init vif works only once (git-fixes). - wifi: iwlwifi: mvm: remove old PASN station when adding a new one (git-fixes). - wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd (git-fixes). - wifi: iwlwifi: mvm: rfi: fix potential response leaks (git-fixes). - wifi: iwlwifi: mvm: select STA mask only for active links (git-fixes). - wifi: iwlwifi: mvm: use correct address 3 in A-MSDU (stable-fixes). - wifi: iwlwifi: pcie: Add the PCI device id for new hardware (stable-fixes). - wifi: iwlwifi: pcie: fix RB status reading (stable-fixes). - wifi: iwlwifi: read txq->read_ptr under lock (stable-fixes). - wifi: iwlwifi: reconfigure TLC during HW restart (git-fixes). - wifi: mac80211_hwsim: init peer measurement result (git-fixes). - wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (stable-fixes). - wifi: mac80211: clean up assignments to pointer cache (stable-fixes). - wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc (stable-fixes). - wifi: mac80211: fix prep_connection error path (stable-fixes). - wifi: mac80211: fix unaligned le16 access (git-fixes). - wifi: mac80211: only call drv_sta_rc_update for uploaded stations (stable-fixes). - wifi: mac80211: remove link before AP (git-fixes). - wifi: mt76: mt7603: add wpdma tx eof flag for PSE client reset (git-fixes). - wifi: mt76: mt7603: fix tx queue of loopback packets (git-fixes). - wifi: mt76: mt7915: workaround too long expansion sparse warnings (git-fixes). - wifi: mt76: mt7996: add locking for accessing mapped registers (stable-fixes). - wifi: mt76: mt7996: disable AMSDU for non-data frames (stable-fixes). - wifi: mwl8k: initialize cmd->addr[] properly (git-fixes). - wifi: nl80211: do not free NULL coalescing rule (git-fixes). - wifi: rtw88: 8821cu: Fix connection failure (stable-fixes). - wifi: rtw88: Add missing VID/PIDs for 8811CU and 8821CU (stable-fixes). - wifi: rtw89: fix null pointer access when abort scan (stable-fixes). - wifi: rtw89: pci: correct TX resource checking for PCI DMA channel of firmware command (git-fixes). - wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor (stable-fixes). - wireguard: netlink: access device through ctx instead of peer (git-fixes). - wireguard: netlink: check for dangling peer via is_dead instead of empty list (git-fixes). - wireguard: receive: annotate data-race around receiving_counter.counter (git-fixes). - x86/bugs: Fix BHI retpoline check (git-fixes). - x86/bugs: Fix the SRSO mitigation on Zen3/4 (git-fixes). - x86/bugs: Remove default case for fully switched enums (git-fixes). - x86/calldepth: Rename __x86_return_skl() to call_depth_return_thunk() (git-fixes). - x86/coco: Require seeding RNG with RDRAND on CoCo systems (git-fixes). - x86/cpu: Add model number for Intel Arrow Lake mobile processor (git-fixes). - x86/CPU/AMD: Add models 0x10-0x1f to the Zen5 range (git-fixes). - x86/CPU/AMD: Update the Zenbleed microcode revisions (git-fixes). - x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ (git-fixes). - x86/efistub: Add missing boot_params for mixed mode compat entry (git-fixes). - x86/efistub: Call mixed mode boot services on the firmware's stack (git-fixes). - x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (git-fixes). - x86/hyperv: Allow 15-bit APIC IDs for VTL platforms (git-fixes). - x86/hyperv: Use per cpu initial stack for vtl context (git-fixes). - x86/Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT (git-fixes). - x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y (git-fixes). - x86/kvm/Kconfig: Have KVM_AMD_SEV select ARCH_HAS_CC_PLATFORM (git-fixes). - x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (git-fixes). - x86/nmi: Fix the inverse 'in NMI handler' check (git-fixes). - x86/nospec: Refactor UNTRAIN_RET[_*] (git-fixes). - x86/pm: Work around false positive kmemleak report in msr_build_context() (git-fixes). - x86/purgatory: Switch to the position-independent small code model (git-fixes). - x86/rethunk: Use SYM_CODE_START[_LOCAL]_NOALIGN macros (git-fixes). - x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk (git-fixes). - x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO (git-fixes). - x86/srso: Disentangle rethunk-dependent options (git-fixes). - x86/srso: Fix unret validation dependencies (git-fixes). - x86/srso: Improve i-cache locality for alias mitigation (git-fixes). - x86/srso: Print actual mitigation if requested mitigation isn't possible (git-fixes). - x86/srso: Remove 'pred_cmd' label (git-fixes). - x86/srso: Unexport untraining functions (git-fixes). - x86/xen: Add some null pointer checking to smp.c (git-fixes). - x86/xen: attempt to inflate the memory balloon on PVH (git-fixes). - xdp, bonding: Fix feature flags when there are no slave devs anymore (git-fixes). - xen-netfront: Add missing skb_mark_for_recycle (git-fixes). - xen: evtchn: Allow shared registration of IRQ handers (git-fixes). - xen/events: drop xen_allocate_irqs_dynamic() (git-fixes). - xen/events: fix error code in xen_bind_pirq_msi_to_irq() (git-fixes). - xen/events: increment refcnt only if event channel is refcounted (git-fixes). - xen/events: modify internal [un]bind interfaces (git-fixes). - xen/events: reduce externally visible helper functions (git-fixes). - xen/events: remove some simple helpers from events_base.c (git-fixes). - xen/evtchn: avoid WARN() when unbinding an event channel (git-fixes). - xfs: add lock protection when remove perag from radix tree (git-fixes). - xfs: allow extent free intents to be retried (git-fixes). - xfs: fix perag leak when growfs fails (git-fixes). - xfs: force all buffers to be written during btree bulk load (git-fixes). - xfs: make xchk_iget safer in the presence of corrupt inode btrees (git-fixes). - xfs: pass the xfs_defer_pending object to iop_recover (git-fixes). - xfs: recompute growfsrtfree transaction reservation while growing rt volume (git-fixes). - xfs: transfer recovered intent item ownership in ->iop_recover (git-fixes). - xfs: use xfs_defer_pending objects to recover intent items (git-fixes). - xhci: add helper that checks for unhandled events on a event ring (git-fixes). - xhci: remove unnecessary event_ring_deq parameter from xhci_handle_event() (git-fixes). - xhci: Simplify event ring dequeue pointer update for port change events (git-fixes). - xhci: simplify event ring dequeue tracking for transfer events (git-fixes). - xhci: update event ring dequeue pointer position to controller correctly (git-fixes). Altered because we cannot take the multiple interrupter code Important SUSE bug 1012628 SUSE bug 1065729 SUSE bug 1181674 SUSE bug 1187716 SUSE bug 1193599 SUSE bug 1194869 SUSE bug 1207948 SUSE bug 1208593 SUSE bug 1209657 SUSE bug 1213573 SUSE bug 1214852 SUSE bug 1215199 SUSE bug 1216196 SUSE bug 1216358 SUSE bug 1216702 SUSE bug 1217169 SUSE bug 1217384 SUSE bug 1217408 SUSE bug 1217489 SUSE bug 1217750 SUSE bug 1217959 SUSE bug 1218205 SUSE bug 1218336 SUSE bug 1218447 SUSE bug 1218562 SUSE bug 1218779 SUSE bug 1218917 SUSE bug 1219104 SUSE bug 1219170 SUSE bug 1219596 SUSE bug 1219623 SUSE bug 1219834 SUSE bug 1220021 SUSE bug 1220045 SUSE bug 1220120 SUSE bug 1220148 SUSE bug 1220328 SUSE bug 1220342 SUSE bug 1220428 SUSE bug 1220430 SUSE bug 1220569 SUSE bug 1220587 SUSE bug 1220738 SUSE bug 1220783 SUSE bug 1220915 SUSE bug 1221044 SUSE bug 1221276 SUSE bug 1221293 SUSE bug 1221303 SUSE bug 1221375 SUSE bug 1221504 SUSE bug 1221612 SUSE bug 1221615 SUSE bug 1221635 SUSE bug 1221645 SUSE bug 1221649 SUSE bug 1221765 SUSE bug 1221777 SUSE bug 1221783 SUSE bug 1221816 SUSE bug 1221829 SUSE bug 1221830 SUSE bug 1221858 SUSE bug 1222115 SUSE bug 1222173 SUSE bug 1222264 SUSE bug 1222273 SUSE bug 1222294 SUSE bug 1222301 SUSE bug 1222303 SUSE bug 1222304 SUSE bug 1222307 SUSE bug 1222357 SUSE bug 1222366 SUSE bug 1222368 SUSE bug 1222371 SUSE bug 1222378 SUSE bug 1222379 SUSE bug 1222385 SUSE bug 1222422 SUSE bug 1222426 SUSE bug 1222428 SUSE bug 1222437 SUSE bug 1222445 SUSE bug 1222459 SUSE bug 1222464 SUSE bug 1222489 SUSE bug 1222522 SUSE bug 1222525 SUSE bug 1222527 SUSE bug 1222531 SUSE bug 1222532 SUSE bug 1222549 SUSE bug 1222550 SUSE bug 1222557 SUSE bug 1222559 SUSE bug 1222563 SUSE bug 1222585 SUSE bug 1222586 SUSE bug 1222596 SUSE bug 1222606 SUSE bug 1222608 SUSE bug 1222613 SUSE bug 1222615 SUSE bug 1222618 SUSE bug 1222622 SUSE bug 1222624 SUSE bug 1222627 SUSE bug 1222630 SUSE bug 1222635 SUSE bug 1222721 SUSE bug 1222727 SUSE bug 1222769 SUSE bug 1222771 SUSE bug 1222772 SUSE bug 1222775 SUSE bug 1222777 SUSE bug 1222780 SUSE bug 1222782 SUSE bug 1222793 SUSE bug 1222799 SUSE bug 1222801 SUSE bug 1222968 SUSE bug 1223007 SUSE bug 1223011 SUSE bug 1223015 SUSE bug 1223016 SUSE bug 1223020 SUSE bug 1223023 SUSE bug 1223024 SUSE bug 1223030 SUSE bug 1223033 SUSE bug 1223034 SUSE bug 1223035 SUSE bug 1223038 SUSE bug 1223039 SUSE bug 1223041 SUSE bug 1223045 SUSE bug 1223046 SUSE bug 1223051 SUSE bug 1223052 SUSE bug 1223058 SUSE bug 1223060 SUSE bug 1223061 SUSE bug 1223076 SUSE bug 1223077 SUSE bug 1223084 SUSE bug 1223111 SUSE bug 1223113 SUSE bug 1223138 SUSE bug 1223143 SUSE bug 1223187 SUSE bug 1223189 SUSE bug 1223190 SUSE bug 1223191 SUSE bug 1223198 SUSE bug 1223202 SUSE bug 1223285 SUSE bug 1223315 SUSE bug 1223338 SUSE bug 1223369 SUSE bug 1223380 SUSE bug 1223384 SUSE bug 1223390 SUSE bug 1223439 SUSE bug 1223462 SUSE bug 1223532 SUSE bug 1223539 SUSE bug 1223575 SUSE bug 1223590 SUSE bug 1223591 SUSE bug 1223592 SUSE bug 1223593 SUSE bug 1223625 SUSE bug 1223628 SUSE bug 1223629 SUSE bug 1223633 SUSE bug 1223634 SUSE bug 1223637 SUSE bug 1223641 SUSE bug 1223643 SUSE bug 1223649 SUSE bug 1223650 SUSE bug 1223651 SUSE bug 1223652 SUSE bug 1223653 SUSE bug 1223654 SUSE bug 1223655 SUSE bug 1223660 SUSE bug 1223661 SUSE bug 1223663 SUSE bug 1223664 SUSE bug 1223665 SUSE bug 1223666 SUSE bug 1223668 SUSE bug 1223669 SUSE bug 1223670 SUSE bug 1223671 SUSE bug 1223675 SUSE bug 1223677 SUSE bug 1223678 SUSE bug 1223686 SUSE bug 1223692 SUSE bug 1223693 SUSE bug 1223695 SUSE bug 1223696 SUSE bug 1223698 SUSE bug 1223705 SUSE bug 1223712 SUSE bug 1223718 SUSE bug 1223728 SUSE bug 1223732 SUSE bug 1223735 SUSE bug 1223739 SUSE bug 1223741 SUSE bug 1223744 SUSE bug 1223745 SUSE bug 1223747 SUSE bug 1223748 SUSE bug 1223749 SUSE bug 1223750 SUSE bug 1223752 SUSE bug 1223754 SUSE bug 1223757 SUSE bug 1223759 SUSE bug 1223761 SUSE bug 1223762 SUSE bug 1223774 SUSE bug 1223782 SUSE bug 1223787 SUSE bug 1223788 SUSE bug 1223789 SUSE bug 1223790 SUSE bug 1223802 SUSE bug 1223805 SUSE bug 1223810 SUSE bug 1223822 SUSE bug 1223827 SUSE bug 1223831 SUSE bug 1223834 SUSE bug 1223838 SUSE bug 1223869 SUSE bug 1223870 SUSE bug 1223871 SUSE bug 1223872 SUSE bug 1223874 SUSE bug 1223944 SUSE bug 1223945 SUSE bug 1223946 SUSE bug 1223991 SUSE bug 1224076 SUSE bug 1224096 SUSE bug 1224098 SUSE bug 1224099 SUSE bug 1224137 SUSE bug 1224166 SUSE bug 1224174 SUSE bug 1224177 SUSE bug 1224180 SUSE bug 1224181 SUSE bug 1224331 SUSE bug 1224348 SUSE bug 1224423 SUSE bug 1224429 SUSE bug 1224430 SUSE bug 1224432 SUSE bug 1224433 SUSE bug 1224437 SUSE bug 1224438 SUSE bug 1224442 SUSE bug 1224443 SUSE bug 1224445 SUSE bug 1224449 SUSE bug 1224477 SUSE bug 1224479 SUSE bug 1224480 SUSE bug 1224481 SUSE bug 1224482 SUSE bug 1224486 SUSE bug 1224487 SUSE bug 1224488 SUSE bug 1224491 SUSE bug 1224492 SUSE bug 1224493 SUSE bug 1224494 SUSE bug 1224495 SUSE bug 1224500 SUSE bug 1224501 SUSE bug 1224502 SUSE bug 1224504 SUSE bug 1224505 SUSE bug 1224506 SUSE bug 1224507 SUSE bug 1224508 SUSE bug 1224509 SUSE bug 1224511 SUSE bug 1224513 SUSE bug 1224517 SUSE bug 1224519 SUSE bug 1224521 SUSE bug 1224524 SUSE bug 1224525 SUSE bug 1224526 SUSE bug 1224530 SUSE bug 1224531 SUSE bug 1224534 SUSE bug 1224537 SUSE bug 1224541 SUSE bug 1224542 SUSE bug 1224543 SUSE bug 1224546 SUSE bug 1224550 SUSE bug 1224552 SUSE bug 1224553 SUSE bug 1224555 SUSE bug 1224557 SUSE bug 1224558 SUSE bug 1224559 SUSE bug 1224562 SUSE bug 1224565 SUSE bug 1224566 SUSE bug 1224567 SUSE bug 1224568 SUSE bug 1224569 SUSE bug 1224571 SUSE bug 1224573 SUSE bug 1224576 SUSE bug 1224577 SUSE bug 1224578 SUSE bug 1224579 SUSE bug 1224580 SUSE bug 1224581 SUSE bug 1224582 SUSE bug 1224585 SUSE bug 1224586 SUSE bug 1224587 SUSE bug 1224588 SUSE bug 1224592 SUSE bug 1224596 SUSE bug 1224598 SUSE bug 1224600 SUSE bug 1224601 SUSE bug 1224602 SUSE bug 1224603 SUSE bug 1224605 SUSE bug 1224607 SUSE bug 1224608 SUSE bug 1224609 SUSE bug 1224611 SUSE bug 1224613 SUSE bug 1224615 SUSE bug 1224617 SUSE bug 1224618 SUSE bug 1224620 SUSE bug 1224621 SUSE bug 1224622 SUSE bug 1224623 SUSE bug 1224624 SUSE bug 1224626 SUSE bug 1224627 SUSE bug 1224628 SUSE bug 1224629 SUSE bug 1224630 SUSE bug 1224632 SUSE bug 1224633 SUSE bug 1224634 SUSE bug 1224636 SUSE bug 1224637 SUSE bug 1224638 SUSE bug 1224639 SUSE bug 1224640 SUSE bug 1224643 SUSE bug 1224644 SUSE bug 1224645 SUSE bug 1224646 SUSE bug 1224647 SUSE bug 1224648 SUSE bug 1224649 SUSE bug 1224650 SUSE bug 1224651 SUSE bug 1224652 SUSE bug 1224653 SUSE bug 1224654 SUSE bug 1224657 SUSE bug 1224660 SUSE bug 1224663 SUSE bug 1224664 SUSE bug 1224665 SUSE bug 1224666 SUSE bug 1224667 SUSE bug 1224668 SUSE bug 1224671 SUSE bug 1224672 SUSE bug 1224674 SUSE bug 1224675 SUSE bug 1224676 SUSE bug 1224677 SUSE bug 1224678 SUSE bug 1224679 SUSE bug 1224680 SUSE bug 1224681 SUSE bug 1224682 SUSE bug 1224683 SUSE bug 1224685 SUSE bug 1224686 SUSE bug 1224687 SUSE bug 1224688 SUSE bug 1224692 SUSE bug 1224696 SUSE bug 1224697 SUSE bug 1224699 SUSE bug 1224701 SUSE bug 1224703 SUSE bug 1224704 SUSE bug 1224705 SUSE bug 1224706 SUSE bug 1224707 SUSE bug 1224709 SUSE bug 1224710 SUSE bug 1224712 SUSE bug 1224714 SUSE bug 1224716 SUSE bug 1224717 SUSE bug 1224718 SUSE bug 1224719 SUSE bug 1224720 SUSE bug 1224721 SUSE bug 1224722 SUSE bug 1224723 SUSE bug 1224725 SUSE bug 1224727 SUSE bug 1224728 SUSE bug 1224729 SUSE bug 1224730 SUSE bug 1224731 SUSE bug 1224732 SUSE bug 1224733 SUSE bug 1224736 SUSE bug 1224738 SUSE bug 1224739 SUSE bug 1224740 SUSE bug 1224741 SUSE bug 1224742 SUSE bug 1224747 SUSE bug 1224749 SUSE bug 1224763 SUSE bug 1224764 SUSE bug 1224765 SUSE bug 1224766 SUSE bug 1224790 SUSE bug 1224792 SUSE bug 1224793 SUSE bug 1224803 SUSE bug 1224804 SUSE bug 1224866 SUSE bug 1224936 SUSE bug 1224989 SUSE bug 1225007 SUSE bug 1225053 SUSE bug 1225133 SUSE bug 1225134 SUSE bug 1225136 SUSE bug 1225172 SUSE bug 1225502 SUSE bug 1225578 SUSE bug 1225579 SUSE bug 1225580 SUSE bug 1225593 SUSE bug 1225605 SUSE bug 1225607 SUSE bug 1225610 SUSE bug 1225616 SUSE bug 1225618 SUSE bug 1225640 SUSE bug 1225642 SUSE bug 1225692 SUSE bug 1225694 SUSE bug 1225695 SUSE bug 1225696 SUSE bug 1225698 SUSE bug 1225699 SUSE bug 1225704 SUSE bug 1225705 SUSE bug 1225708 SUSE bug 1225710 SUSE bug 1225712 SUSE bug 1225714 SUSE bug 1225715 SUSE bug 1225720 SUSE bug 1225722 SUSE bug 1225728 SUSE bug 1225734 SUSE bug 1225735 SUSE bug 1225736 SUSE bug 1225747 SUSE bug 1225748 SUSE bug 1225749 SUSE bug 1225750 SUSE bug 1225756 SUSE bug 1225765 SUSE bug 1225766 SUSE bug 1225769 SUSE bug 1225773 SUSE bug 1225775 SUSE bug 1225842 SUSE bug 1225945 CVE-2023-0160 at SUSE CVE-2023-0160 at NVD CVE-2023-47233 at SUSE CVE-2023-47233 at NVD CVE-2023-52434 at SUSE CVE-2023-52434 at NVD CVE-2023-52458 at SUSE CVE-2023-52458 at NVD CVE-2023-52463 at SUSE CVE-2023-52463 at NVD CVE-2023-52472 at SUSE CVE-2023-52472 at NVD CVE-2023-52483 at SUSE CVE-2023-52483 at NVD CVE-2023-52492 at SUSE CVE-2023-52492 at NVD CVE-2023-52503 at SUSE CVE-2023-52503 at NVD CVE-2023-52591 at SUSE CVE-2023-52591 at NVD CVE-2023-52608 at SUSE CVE-2023-52608 at NVD CVE-2023-52616 at SUSE CVE-2023-52616 at NVD CVE-2023-52618 at SUSE CVE-2023-52618 at NVD CVE-2023-52631 at SUSE CVE-2023-52631 at NVD CVE-2023-52635 at SUSE CVE-2023-52635 at NVD CVE-2023-52640 at SUSE CVE-2023-52640 at NVD CVE-2023-52641 at SUSE CVE-2023-52641 at NVD CVE-2023-52645 at SUSE CVE-2023-52645 at NVD CVE-2023-52652 at SUSE CVE-2023-52652 at NVD CVE-2023-52653 at SUSE CVE-2023-52653 at NVD CVE-2023-52654 at SUSE CVE-2023-52654 at NVD CVE-2023-52655 at SUSE CVE-2023-52655 at NVD CVE-2023-52657 at SUSE CVE-2023-52657 at NVD CVE-2023-52658 at SUSE CVE-2023-52658 at NVD CVE-2023-52659 at SUSE CVE-2023-52659 at NVD CVE-2023-52660 at SUSE CVE-2023-52660 at NVD CVE-2023-52661 at SUSE CVE-2023-52661 at NVD CVE-2023-52662 at SUSE CVE-2023-52662 at NVD CVE-2023-52663 at SUSE CVE-2023-52663 at NVD CVE-2023-52664 at SUSE CVE-2023-52664 at NVD CVE-2023-52667 at SUSE CVE-2023-52667 at NVD CVE-2023-52669 at SUSE CVE-2023-52669 at NVD CVE-2023-52670 at SUSE CVE-2023-52670 at NVD CVE-2023-52671 at SUSE CVE-2023-52671 at NVD CVE-2023-52673 at SUSE CVE-2023-52673 at NVD CVE-2023-52674 at SUSE CVE-2023-52674 at NVD CVE-2023-52675 at SUSE CVE-2023-52675 at NVD CVE-2023-52676 at SUSE CVE-2023-52676 at NVD CVE-2023-52678 at SUSE CVE-2023-52678 at NVD CVE-2023-52679 at SUSE CVE-2023-52679 at NVD CVE-2023-52680 at SUSE CVE-2023-52680 at NVD CVE-2023-52681 at SUSE CVE-2023-52681 at NVD CVE-2023-52683 at SUSE CVE-2023-52683 at NVD CVE-2023-52685 at SUSE CVE-2023-52685 at NVD CVE-2023-52686 at SUSE CVE-2023-52686 at NVD CVE-2023-52687 at SUSE CVE-2023-52687 at NVD CVE-2023-52690 at SUSE CVE-2023-52690 at NVD CVE-2023-52691 at SUSE CVE-2023-52691 at NVD CVE-2023-52692 at SUSE CVE-2023-52692 at NVD CVE-2023-52693 at SUSE CVE-2023-52693 at NVD CVE-2023-52694 at SUSE CVE-2023-52694 at NVD CVE-2023-52695 at SUSE CVE-2023-52695 at NVD CVE-2023-52696 at SUSE CVE-2023-52696 at NVD CVE-2023-52697 at SUSE CVE-2023-52697 at NVD CVE-2023-52698 at SUSE CVE-2023-52698 at NVD CVE-2023-52771 at SUSE CVE-2023-52771 at NVD CVE-2023-52772 at SUSE CVE-2023-52772 at NVD CVE-2023-52860 at SUSE CVE-2023-52860 at NVD CVE-2023-52882 at SUSE CVE-2023-52882 at NVD CVE-2023-6238 at SUSE CVE-2023-6238 at NVD CVE-2023-6270 at SUSE CVE-2023-6270 at NVD CVE-2023-6531 at SUSE CVE-2023-6531 at NVD CVE-2023-7042 at SUSE CVE-2023-7042 at NVD CVE-2024-0639 at SUSE CVE-2024-0639 at NVD CVE-2024-21823 at SUSE CVE-2024-21823 at NVD CVE-2024-22099 at SUSE CVE-2024-22099 at NVD CVE-2024-23848 at SUSE CVE-2024-23848 at NVD CVE-2024-24861 at SUSE CVE-2024-24861 at NVD CVE-2024-25739 at SUSE CVE-2024-25739 at NVD CVE-2024-26601 at SUSE CVE-2024-26601 at NVD CVE-2024-26611 at SUSE CVE-2024-26611 at NVD CVE-2024-26614 at SUSE CVE-2024-26614 at NVD CVE-2024-26632 at SUSE CVE-2024-26632 at NVD CVE-2024-26638 at SUSE CVE-2024-26638 at NVD CVE-2024-26642 at SUSE CVE-2024-26642 at NVD CVE-2024-26643 at SUSE CVE-2024-26643 at NVD CVE-2024-26652 at SUSE CVE-2024-26652 at NVD CVE-2024-26654 at SUSE CVE-2024-26654 at NVD CVE-2024-26656 at SUSE CVE-2024-26656 at NVD CVE-2024-26657 at SUSE CVE-2024-26657 at NVD CVE-2024-26671 at SUSE CVE-2024-26671 at NVD CVE-2024-26673 at SUSE CVE-2024-26673 at NVD CVE-2024-26674 at SUSE CVE-2024-26674 at NVD CVE-2024-26675 at SUSE CVE-2024-26675 at NVD CVE-2024-26679 at SUSE CVE-2024-26679 at NVD CVE-2024-26684 at SUSE CVE-2024-26684 at NVD CVE-2024-26685 at SUSE CVE-2024-26685 at NVD CVE-2024-26692 at SUSE CVE-2024-26692 at NVD CVE-2024-26696 at SUSE CVE-2024-26696 at NVD CVE-2024-26697 at SUSE CVE-2024-26697 at NVD CVE-2024-26704 at SUSE CVE-2024-26704 at NVD CVE-2024-26714 at SUSE CVE-2024-26714 at NVD CVE-2024-26726 at SUSE CVE-2024-26726 at NVD CVE-2024-26731 at SUSE CVE-2024-26731 at NVD CVE-2024-26733 at SUSE CVE-2024-26733 at NVD CVE-2024-26736 at SUSE CVE-2024-26736 at NVD CVE-2024-26737 at SUSE CVE-2024-26737 at NVD CVE-2024-26739 at SUSE CVE-2024-26739 at NVD CVE-2024-26740 at SUSE CVE-2024-26740 at NVD CVE-2024-26742 at SUSE CVE-2024-26742 at NVD CVE-2024-26756 at SUSE CVE-2024-26756 at NVD CVE-2024-26757 at SUSE CVE-2024-26757 at NVD CVE-2024-26760 at SUSE CVE-2024-26760 at NVD CVE-2024-26761 at SUSE CVE-2024-26761 at NVD CVE-2024-26764 at SUSE CVE-2024-26764 at NVD CVE-2024-26769 at SUSE CVE-2024-26769 at NVD CVE-2024-26772 at SUSE CVE-2024-26772 at NVD CVE-2024-26773 at SUSE CVE-2024-26773 at NVD CVE-2024-26774 at SUSE CVE-2024-26774 at NVD CVE-2024-26775 at SUSE CVE-2024-26775 at NVD CVE-2024-26779 at SUSE CVE-2024-26779 at NVD CVE-2024-26783 at SUSE CVE-2024-26783 at NVD CVE-2024-26786 at SUSE CVE-2024-26786 at NVD CVE-2024-26791 at SUSE CVE-2024-26791 at NVD CVE-2024-26793 at SUSE CVE-2024-26793 at NVD CVE-2024-26794 at SUSE CVE-2024-26794 at NVD CVE-2024-26802 at SUSE CVE-2024-26802 at NVD CVE-2024-26805 at SUSE CVE-2024-26805 at NVD CVE-2024-26807 at SUSE CVE-2024-26807 at NVD CVE-2024-26815 at SUSE CVE-2024-26815 at NVD CVE-2024-26816 at SUSE CVE-2024-26816 at NVD CVE-2024-26822 at SUSE CVE-2024-26822 at NVD CVE-2024-26828 at SUSE CVE-2024-26828 at NVD CVE-2024-26832 at SUSE CVE-2024-26832 at NVD CVE-2024-26836 at SUSE CVE-2024-26836 at NVD CVE-2024-26844 at SUSE CVE-2024-26844 at NVD CVE-2024-26846 at SUSE CVE-2024-26846 at NVD CVE-2024-26848 at SUSE CVE-2024-26848 at NVD CVE-2024-26853 at SUSE CVE-2024-26853 at NVD CVE-2024-26854 at SUSE CVE-2024-26854 at NVD CVE-2024-26855 at SUSE CVE-2024-26855 at NVD CVE-2024-26856 at SUSE CVE-2024-26856 at NVD CVE-2024-26857 at SUSE CVE-2024-26857 at NVD CVE-2024-26858 at SUSE CVE-2024-26858 at NVD CVE-2024-26860 at SUSE CVE-2024-26860 at NVD CVE-2024-26861 at SUSE CVE-2024-26861 at NVD CVE-2024-26862 at SUSE CVE-2024-26862 at NVD CVE-2024-26866 at SUSE CVE-2024-26866 at NVD CVE-2024-26868 at SUSE CVE-2024-26868 at NVD CVE-2024-26870 at SUSE CVE-2024-26870 at NVD CVE-2024-26878 at SUSE CVE-2024-26878 at NVD CVE-2024-26881 at SUSE CVE-2024-26881 at NVD CVE-2024-26882 at SUSE CVE-2024-26882 at NVD CVE-2024-26883 at SUSE CVE-2024-26883 at NVD CVE-2024-26884 at SUSE CVE-2024-26884 at NVD CVE-2024-26885 at SUSE CVE-2024-26885 at NVD CVE-2024-26898 at SUSE CVE-2024-26898 at NVD CVE-2024-26899 at SUSE CVE-2024-26899 at NVD CVE-2024-26900 at SUSE CVE-2024-26900 at NVD CVE-2024-26901 at SUSE CVE-2024-26901 at NVD CVE-2024-26903 at SUSE CVE-2024-26903 at NVD CVE-2024-26906 at SUSE CVE-2024-26906 at NVD CVE-2024-26909 at SUSE CVE-2024-26909 at NVD CVE-2024-26921 at SUSE CVE-2024-26921 at NVD CVE-2024-26922 at SUSE CVE-2024-26922 at NVD CVE-2024-26923 at SUSE CVE-2024-26923 at NVD CVE-2024-26925 at SUSE CVE-2024-26925 at NVD CVE-2024-26928 at SUSE CVE-2024-26928 at NVD CVE-2024-26932 at SUSE CVE-2024-26932 at NVD CVE-2024-26933 at SUSE CVE-2024-26933 at NVD CVE-2024-26934 at SUSE CVE-2024-26934 at NVD CVE-2024-26935 at SUSE CVE-2024-26935 at NVD CVE-2024-26937 at SUSE CVE-2024-26937 at NVD CVE-2024-26938 at SUSE CVE-2024-26938 at NVD CVE-2024-26940 at SUSE CVE-2024-26940 at NVD CVE-2024-26943 at SUSE CVE-2024-26943 at NVD CVE-2024-26945 at SUSE CVE-2024-26945 at NVD CVE-2024-26946 at SUSE CVE-2024-26946 at NVD CVE-2024-26948 at SUSE CVE-2024-26948 at NVD CVE-2024-26949 at SUSE CVE-2024-26949 at NVD CVE-2024-26950 at SUSE CVE-2024-26950 at NVD CVE-2024-26951 at SUSE CVE-2024-26951 at NVD CVE-2024-26956 at SUSE CVE-2024-26956 at NVD CVE-2024-26957 at SUSE CVE-2024-26957 at NVD CVE-2024-26958 at SUSE CVE-2024-26958 at NVD CVE-2024-26960 at SUSE CVE-2024-26960 at NVD CVE-2024-26961 at SUSE CVE-2024-26961 at NVD CVE-2024-26962 at SUSE CVE-2024-26962 at NVD CVE-2024-26963 at SUSE CVE-2024-26963 at NVD CVE-2024-26964 at SUSE CVE-2024-26964 at NVD CVE-2024-26972 at SUSE CVE-2024-26972 at NVD CVE-2024-26973 at SUSE CVE-2024-26973 at NVD CVE-2024-26978 at SUSE CVE-2024-26978 at NVD CVE-2024-26979 at SUSE CVE-2024-26979 at NVD CVE-2024-26981 at SUSE CVE-2024-26981 at NVD CVE-2024-26982 at SUSE CVE-2024-26982 at NVD CVE-2024-26983 at SUSE CVE-2024-26983 at NVD CVE-2024-26984 at SUSE CVE-2024-26984 at NVD CVE-2024-26986 at SUSE CVE-2024-26986 at NVD CVE-2024-26988 at SUSE CVE-2024-26988 at NVD CVE-2024-26989 at SUSE CVE-2024-26989 at NVD CVE-2024-26990 at SUSE CVE-2024-26990 at NVD CVE-2024-26991 at SUSE CVE-2024-26991 at NVD CVE-2024-26992 at SUSE CVE-2024-26992 at NVD CVE-2024-26993 at SUSE CVE-2024-26993 at NVD CVE-2024-26994 at SUSE CVE-2024-26994 at NVD CVE-2024-26995 at SUSE CVE-2024-26995 at NVD CVE-2024-26996 at SUSE CVE-2024-26996 at NVD CVE-2024-26997 at SUSE CVE-2024-26997 at NVD CVE-2024-26999 at SUSE CVE-2024-26999 at NVD CVE-2024-27000 at SUSE CVE-2024-27000 at NVD CVE-2024-27001 at SUSE CVE-2024-27001 at NVD CVE-2024-27002 at SUSE CVE-2024-27002 at NVD CVE-2024-27003 at SUSE CVE-2024-27003 at NVD CVE-2024-27004 at SUSE CVE-2024-27004 at NVD CVE-2024-27008 at SUSE CVE-2024-27008 at NVD CVE-2024-27013 at SUSE CVE-2024-27013 at NVD CVE-2024-27014 at SUSE CVE-2024-27014 at NVD CVE-2024-27022 at SUSE CVE-2024-27022 at NVD CVE-2024-27027 at SUSE CVE-2024-27027 at NVD CVE-2024-27028 at SUSE CVE-2024-27028 at NVD CVE-2024-27029 at SUSE CVE-2024-27029 at NVD CVE-2024-27030 at SUSE CVE-2024-27030 at NVD CVE-2024-27031 at SUSE CVE-2024-27031 at NVD CVE-2024-27036 at SUSE CVE-2024-27036 at NVD CVE-2024-27046 at SUSE CVE-2024-27046 at NVD CVE-2024-27056 at SUSE CVE-2024-27056 at NVD CVE-2024-27057 at SUSE CVE-2024-27057 at NVD CVE-2024-27062 at SUSE CVE-2024-27062 at NVD CVE-2024-27067 at SUSE CVE-2024-27067 at NVD CVE-2024-27080 at SUSE CVE-2024-27080 at NVD CVE-2024-27388 at SUSE CVE-2024-27388 at NVD CVE-2024-27389 at SUSE CVE-2024-27389 at NVD CVE-2024-27393 at SUSE CVE-2024-27393 at NVD CVE-2024-27395 at SUSE CVE-2024-27395 at NVD CVE-2024-27396 at SUSE CVE-2024-27396 at NVD CVE-2024-27398 at SUSE CVE-2024-27398 at NVD CVE-2024-27399 at SUSE CVE-2024-27399 at NVD CVE-2024-27400 at SUSE CVE-2024-27400 at NVD CVE-2024-27401 at SUSE CVE-2024-27401 at NVD CVE-2024-27405 at SUSE CVE-2024-27405 at NVD CVE-2024-27408 at SUSE CVE-2024-27408 at NVD CVE-2024-27410 at SUSE CVE-2024-27410 at NVD CVE-2024-27411 at SUSE CVE-2024-27411 at NVD CVE-2024-27412 at SUSE CVE-2024-27412 at NVD CVE-2024-27413 at SUSE CVE-2024-27413 at NVD CVE-2024-27416 at SUSE CVE-2024-27416 at NVD CVE-2024-27417 at SUSE CVE-2024-27417 at NVD CVE-2024-27418 at SUSE CVE-2024-27418 at NVD CVE-2024-27431 at SUSE CVE-2024-27431 at NVD CVE-2024-27432 at SUSE CVE-2024-27432 at NVD CVE-2024-27434 at SUSE CVE-2024-27434 at NVD CVE-2024-27435 at SUSE CVE-2024-27435 at NVD CVE-2024-27436 at SUSE CVE-2024-27436 at NVD CVE-2024-35784 at SUSE CVE-2024-35784 at NVD CVE-2024-35786 at SUSE CVE-2024-35786 at NVD CVE-2024-35788 at SUSE CVE-2024-35788 at NVD CVE-2024-35789 at SUSE CVE-2024-35789 at NVD CVE-2024-35790 at SUSE CVE-2024-35790 at NVD CVE-2024-35791 at SUSE CVE-2024-35791 at NVD CVE-2024-35794 at SUSE CVE-2024-35794 at NVD CVE-2024-35795 at SUSE CVE-2024-35795 at NVD CVE-2024-35796 at SUSE CVE-2024-35796 at NVD CVE-2024-35799 at SUSE CVE-2024-35799 at NVD CVE-2024-35800 at SUSE CVE-2024-35800 at NVD CVE-2024-35801 at SUSE CVE-2024-35801 at NVD CVE-2024-35803 at SUSE CVE-2024-35803 at NVD CVE-2024-35804 at SUSE CVE-2024-35804 at NVD CVE-2024-35806 at SUSE CVE-2024-35806 at NVD CVE-2024-35808 at SUSE CVE-2024-35808 at NVD CVE-2024-35809 at SUSE CVE-2024-35809 at NVD CVE-2024-35810 at SUSE CVE-2024-35810 at NVD CVE-2024-35811 at SUSE CVE-2024-35811 at NVD CVE-2024-35812 at SUSE CVE-2024-35812 at NVD CVE-2024-35813 at SUSE CVE-2024-35813 at NVD CVE-2024-35814 at SUSE CVE-2024-35814 at NVD CVE-2024-35815 at SUSE CVE-2024-35815 at NVD CVE-2024-35817 at SUSE CVE-2024-35817 at NVD CVE-2024-35819 at SUSE CVE-2024-35819 at NVD CVE-2024-35821 at SUSE CVE-2024-35821 at NVD CVE-2024-35822 at SUSE CVE-2024-35822 at NVD CVE-2024-35823 at SUSE CVE-2024-35823 at NVD CVE-2024-35824 at SUSE CVE-2024-35824 at NVD CVE-2024-35825 at SUSE CVE-2024-35825 at NVD CVE-2024-35828 at SUSE CVE-2024-35828 at NVD CVE-2024-35829 at SUSE CVE-2024-35829 at NVD CVE-2024-35830 at SUSE CVE-2024-35830 at NVD CVE-2024-35833 at SUSE CVE-2024-35833 at NVD CVE-2024-35834 at SUSE CVE-2024-35834 at NVD CVE-2024-35835 at SUSE CVE-2024-35835 at NVD CVE-2024-35836 at SUSE CVE-2024-35836 at NVD CVE-2024-35837 at SUSE CVE-2024-35837 at NVD CVE-2024-35838 at SUSE CVE-2024-35838 at NVD CVE-2024-35841 at SUSE CVE-2024-35841 at NVD CVE-2024-35842 at SUSE CVE-2024-35842 at NVD CVE-2024-35845 at SUSE CVE-2024-35845 at NVD CVE-2024-35847 at SUSE CVE-2024-35847 at NVD CVE-2024-35849 at SUSE CVE-2024-35849 at NVD CVE-2024-35850 at SUSE CVE-2024-35850 at NVD CVE-2024-35851 at SUSE CVE-2024-35851 at NVD CVE-2024-35852 at SUSE CVE-2024-35852 at NVD CVE-2024-35854 at SUSE CVE-2024-35854 at NVD CVE-2024-35860 at SUSE CVE-2024-35860 at NVD CVE-2024-35861 at SUSE CVE-2024-35861 at NVD CVE-2024-35862 at SUSE CVE-2024-35862 at NVD CVE-2024-35863 at SUSE CVE-2024-35863 at NVD CVE-2024-35864 at SUSE CVE-2024-35864 at NVD CVE-2024-35865 at SUSE CVE-2024-35865 at NVD CVE-2024-35866 at SUSE CVE-2024-35866 at NVD CVE-2024-35867 at SUSE CVE-2024-35867 at NVD CVE-2024-35868 at SUSE CVE-2024-35868 at NVD CVE-2024-35869 at SUSE CVE-2024-35869 at NVD CVE-2024-35870 at SUSE CVE-2024-35870 at NVD CVE-2024-35872 at SUSE CVE-2024-35872 at NVD CVE-2024-35875 at SUSE CVE-2024-35875 at NVD CVE-2024-35877 at SUSE CVE-2024-35877 at NVD CVE-2024-35878 at SUSE CVE-2024-35878 at NVD CVE-2024-35879 at SUSE CVE-2024-35879 at NVD CVE-2024-35883 at SUSE CVE-2024-35883 at NVD CVE-2024-35885 at SUSE CVE-2024-35885 at NVD CVE-2024-35887 at SUSE CVE-2024-35887 at NVD CVE-2024-35889 at SUSE CVE-2024-35889 at NVD CVE-2024-35891 at SUSE CVE-2024-35891 at NVD CVE-2024-35895 at SUSE CVE-2024-35895 at NVD CVE-2024-35901 at SUSE CVE-2024-35901 at NVD CVE-2024-35903 at SUSE CVE-2024-35903 at NVD CVE-2024-35904 at SUSE CVE-2024-35904 at NVD CVE-2024-35905 at SUSE CVE-2024-35905 at NVD CVE-2024-35907 at SUSE CVE-2024-35907 at NVD CVE-2024-35909 at SUSE CVE-2024-35909 at NVD CVE-2024-35911 at SUSE CVE-2024-35911 at NVD CVE-2024-35912 at SUSE CVE-2024-35912 at NVD CVE-2024-35914 at SUSE CVE-2024-35914 at NVD CVE-2024-35915 at SUSE CVE-2024-35915 at NVD CVE-2024-35916 at SUSE CVE-2024-35916 at NVD CVE-2024-35917 at SUSE CVE-2024-35917 at NVD CVE-2024-35921 at SUSE CVE-2024-35921 at NVD CVE-2024-35922 at SUSE CVE-2024-35922 at NVD CVE-2024-35924 at SUSE CVE-2024-35924 at NVD CVE-2024-35927 at SUSE CVE-2024-35927 at NVD CVE-2024-35928 at SUSE CVE-2024-35928 at NVD CVE-2024-35930 at SUSE CVE-2024-35930 at NVD CVE-2024-35931 at SUSE CVE-2024-35931 at NVD CVE-2024-35932 at SUSE CVE-2024-35932 at NVD CVE-2024-35933 at SUSE CVE-2024-35933 at NVD CVE-2024-35935 at SUSE CVE-2024-35935 at NVD CVE-2024-35936 at SUSE CVE-2024-35936 at NVD CVE-2024-35937 at SUSE CVE-2024-35937 at NVD CVE-2024-35938 at SUSE CVE-2024-35938 at NVD CVE-2024-35940 at SUSE CVE-2024-35940 at NVD CVE-2024-35943 at SUSE CVE-2024-35943 at NVD CVE-2024-35944 at SUSE CVE-2024-35944 at NVD CVE-2024-35945 at SUSE CVE-2024-35945 at NVD CVE-2024-35946 at SUSE CVE-2024-35946 at NVD CVE-2024-35947 at SUSE CVE-2024-35947 at NVD CVE-2024-35950 at SUSE CVE-2024-35950 at NVD CVE-2024-35951 at SUSE CVE-2024-35951 at NVD CVE-2024-35952 at SUSE CVE-2024-35952 at NVD CVE-2024-35953 at SUSE CVE-2024-35953 at NVD CVE-2024-35954 at SUSE CVE-2024-35954 at NVD CVE-2024-35955 at SUSE CVE-2024-35955 at NVD CVE-2024-35956 at SUSE CVE-2024-35956 at NVD CVE-2024-35958 at SUSE CVE-2024-35958 at NVD CVE-2024-35959 at SUSE CVE-2024-35959 at NVD CVE-2024-35960 at SUSE CVE-2024-35960 at NVD CVE-2024-35961 at SUSE CVE-2024-35961 at NVD CVE-2024-35963 at SUSE CVE-2024-35963 at NVD CVE-2024-35964 at SUSE CVE-2024-35964 at NVD CVE-2024-35965 at SUSE CVE-2024-35965 at NVD CVE-2024-35966 at SUSE CVE-2024-35966 at NVD CVE-2024-35967 at SUSE CVE-2024-35967 at NVD CVE-2024-35969 at SUSE CVE-2024-35969 at NVD CVE-2024-35971 at SUSE CVE-2024-35971 at NVD CVE-2024-35972 at SUSE CVE-2024-35972 at NVD CVE-2024-35973 at SUSE CVE-2024-35973 at NVD CVE-2024-35974 at SUSE CVE-2024-35974 at NVD CVE-2024-35975 at SUSE CVE-2024-35975 at NVD CVE-2024-35977 at SUSE CVE-2024-35977 at NVD CVE-2024-35978 at SUSE CVE-2024-35978 at NVD CVE-2024-35981 at SUSE CVE-2024-35981 at NVD CVE-2024-35982 at SUSE CVE-2024-35982 at NVD CVE-2024-35984 at SUSE CVE-2024-35984 at NVD CVE-2024-35986 at SUSE CVE-2024-35986 at NVD CVE-2024-35989 at SUSE CVE-2024-35989 at NVD CVE-2024-35990 at SUSE CVE-2024-35990 at NVD CVE-2024-35991 at SUSE CVE-2024-35991 at NVD CVE-2024-35992 at SUSE CVE-2024-35992 at NVD CVE-2024-35995 at SUSE CVE-2024-35995 at NVD CVE-2024-35997 at SUSE CVE-2024-35997 at NVD CVE-2024-35999 at SUSE CVE-2024-35999 at NVD CVE-2024-36002 at SUSE CVE-2024-36002 at NVD CVE-2024-36006 at SUSE CVE-2024-36006 at NVD CVE-2024-36007 at SUSE CVE-2024-36007 at NVD CVE-2024-36009 at SUSE CVE-2024-36009 at NVD CVE-2024-36011 at SUSE CVE-2024-36011 at NVD CVE-2024-36012 at SUSE CVE-2024-36012 at NVD CVE-2024-36013 at SUSE CVE-2024-36013 at NVD CVE-2024-36014 at SUSE CVE-2024-36014 at NVD CVE-2024-36015 at SUSE CVE-2024-36015 at NVD CVE-2024-36016 at SUSE CVE-2024-36016 at NVD CVE-2024-36018 at SUSE CVE-2024-36018 at NVD CVE-2024-36019 at SUSE CVE-2024-36019 at NVD CVE-2024-36020 at SUSE CVE-2024-36020 at NVD CVE-2024-36021 at SUSE CVE-2024-36021 at NVD CVE-2024-36025 at SUSE CVE-2024-36025 at NVD CVE-2024-36026 at SUSE CVE-2024-36026 at NVD CVE-2024-36029 at SUSE CVE-2024-36029 at NVD CVE-2024-36030 at SUSE CVE-2024-36030 at NVD CVE-2024-36032 at SUSE CVE-2024-36032 at NVD CVE-2024-36880 at SUSE CVE-2024-36880 at NVD CVE-2024-36885 at SUSE CVE-2024-36885 at NVD CVE-2024-36890 at SUSE CVE-2024-36890 at NVD CVE-2024-36891 at SUSE CVE-2024-36891 at NVD CVE-2024-36893 at SUSE CVE-2024-36893 at NVD CVE-2024-36894 at SUSE CVE-2024-36894 at NVD CVE-2024-36895 at SUSE CVE-2024-36895 at NVD CVE-2024-36896 at SUSE CVE-2024-36896 at NVD CVE-2024-36897 at SUSE CVE-2024-36897 at NVD CVE-2024-36898 at SUSE CVE-2024-36898 at NVD CVE-2024-36906 at SUSE CVE-2024-36906 at NVD CVE-2024-36918 at SUSE CVE-2024-36918 at NVD CVE-2024-36921 at SUSE CVE-2024-36921 at NVD CVE-2024-36922 at SUSE CVE-2024-36922 at NVD CVE-2024-36928 at SUSE CVE-2024-36928 at NVD CVE-2024-36930 at SUSE CVE-2024-36930 at NVD CVE-2024-36931 at SUSE CVE-2024-36931 at NVD CVE-2024-36936 at SUSE CVE-2024-36936 at NVD CVE-2024-36940 at SUSE CVE-2024-36940 at NVD CVE-2024-36941 at SUSE CVE-2024-36941 at NVD CVE-2024-36942 at SUSE CVE-2024-36942 at NVD CVE-2024-36944 at SUSE CVE-2024-36944 at NVD CVE-2024-36947 at SUSE CVE-2024-36947 at NVD CVE-2024-36949 at SUSE CVE-2024-36949 at NVD CVE-2024-36950 at SUSE CVE-2024-36950 at NVD CVE-2024-36951 at SUSE CVE-2024-36951 at NVD CVE-2024-36955 at SUSE CVE-2024-36955 at NVD CVE-2024-36959 at SUSE CVE-2024-36959 at NVD cpe:/o:opensuse:leap:15.6 Security update for podofo (Moderate) openSUSE Leap 15.6 This update for podofo fixes the following issues: - CVE-2019-9199: Fixed a NULL pointer dereference in podofoimpose (bsc#1127855) - CVE-2018-20797: Fixed an excessive memory allocation in PoDoFo:podofo_calloc (bsc#1127514) - CVE-2019-10723: Fixed a memory leak in PdfPagesTreeCache (bsc#1131544) Moderate SUSE bug 1127514 SUSE bug 1127855 SUSE bug 1131544 CVE-2018-20797 at SUSE CVE-2018-20797 at NVD CVE-2019-10723 at SUSE CVE-2019-10723 at NVD CVE-2019-9199 at SUSE CVE-2019-9199 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-cryptography (Moderate) openSUSE Leap 15.6 This update for python-cryptography fixes the following issues: - CVE-2024-26130: Fix a NULL pointer dereference in pkcs12.serialize_key_and_certificates(). (bsc#1220210) Moderate SUSE bug 1220210 CVE-2024-26130 at SUSE CVE-2024-26130 at NVD cpe:/o:opensuse:leap:15.6 Security update for vte (Important) openSUSE Leap 15.6 This update for vte fixes the following issues: - CVE-2024-37535: Fixed a bug that allowed an attacker to cause a denial of service (memory consumption) via a window resize escape. (bsc#1226134) Important SUSE bug 1226134 CVE-2024-37535 at SUSE CVE-2024-37535 at NVD cpe:/o:opensuse:leap:15.6 Security update for gnome-settings-daemon (Important) openSUSE Leap 15.6 This update for gnome-settings-daemon fixes the following issues: - CVE-2024-38394: Fixed mismatches in interpreting USB authorization policy (bsc#1226423). Important SUSE bug 1226423 CVE-2024-38394 at SUSE CVE-2024-38394 at NVD cpe:/o:opensuse:leap:15.6 Security update for ntfs-3g_ntfsprogs (Moderate) openSUSE Leap 15.6 This update for ntfs-3g_ntfsprogs fixes the following issue: - CVE-2023-52890: fix a use after free in ntfs_uppercase_mbs (bsc#1226007) Moderate SUSE bug 1226007 CVE-2023-52890 at SUSE CVE-2023-52890 at NVD cpe:/o:opensuse:leap:15.6 Security update for hdf5 (Important) openSUSE Leap 15.6 This update for hdf5 fixes the following issues: - Fix bsc#1224158 - this fixes: CVE-2024-29158, CVE-2024-29161, CVE-2024-29166, CVE-2024-32608, CVE-2024-32610, CVE-2024-32614, CVE-2024-32619, CVE-2024-32620, CVE-2024-33873, CVE-2024-33874, CVE-2024-33875 Additionally, these fixes resolve crashes triggered by the reproducers for CVE-2017-17507, CVE-2018-11205. These crashes appear to be unrelated to the original problems. This update also ships several missing PackageHub packages for 15 SP5 and 15 SP6. Important SUSE bug 1224158 CVE-2017-17507 at SUSE CVE-2017-17507 at NVD CVE-2018-11205 at SUSE CVE-2018-11205 at NVD CVE-2024-29158 at SUSE CVE-2024-29158 at NVD CVE-2024-29161 at SUSE CVE-2024-29161 at NVD CVE-2024-29166 at SUSE CVE-2024-29166 at NVD CVE-2024-32608 at SUSE CVE-2024-32608 at NVD CVE-2024-32610 at SUSE CVE-2024-32610 at NVD CVE-2024-32614 at SUSE CVE-2024-32614 at NVD CVE-2024-32619 at SUSE CVE-2024-32619 at NVD CVE-2024-32620 at SUSE CVE-2024-32620 at NVD CVE-2024-33873 at SUSE CVE-2024-33873 at NVD CVE-2024-33874 at SUSE CVE-2024-33874 at NVD CVE-2024-33875 at SUSE CVE-2024-33875 at NVD cpe:/o:opensuse:leap:15.6 Security update for ghostscript (Important) openSUSE Leap 15.6 This update for ghostscript fixes the following issues: - CVE-2024-33871: Prevent OPVP device arbitrary code execution via custom Driver library. (bsc#1225491) Important SUSE bug 1225491 CVE-2024-33871 at SUSE CVE-2024-33871 at NVD cpe:/o:opensuse:leap:15.6 Security update for avahi (Moderate) openSUSE Leap 15.6 This update for avahi fixes the following issues: - CVE-2023-38471: Fixed a reachable assertion in dbus_set_host_name. (bsc#1216594) - CVE-2023-38469: Fixed a reachable assertion in avahi_dns_packet_append_record. (bsc#1216598) Moderate SUSE bug 1216594 SUSE bug 1216598 SUSE bug 1226586 CVE-2023-38469 at SUSE CVE-2023-38469 at NVD CVE-2023-38471 at SUSE CVE-2023-38471 at NVD cpe:/o:opensuse:leap:15.6 Security update for wget (Moderate) openSUSE Leap 15.6 This update for wget fixes the following issues: - CVE-2024-38428: Fix mishandled semicolons in the userinfo subcomponent of a URI. (bsc#1226419) Moderate SUSE bug 1226419 CVE-2024-38428 at SUSE CVE-2024-38428 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657). - CVE-2023-52434: Fixed potential OOBs in smb2_parse_contexts() (bsc#1220148). - CVE-2023-52458: Fixed check that partition length needs to be aligned with block size (bsc#1220428). - CVE-2023-52503: Fixed tee/amdtee use-after-free vulnerability in amdtee_close_session (bsc#1220915). - CVE-2023-52618: Fixed string overflow in block/rnbd-srv (bsc#1221615). - CVE-2023-52631: Fixed an NULL dereference bug (bsc#1222264 CVE-2023-52631). - CVE-2023-52635: Fixed PM/devfreq to synchronize devfreq_monitor_[start/stop] (bsc#1222294). - CVE-2023-52640: Fixed out-of-bounds in ntfs_listxattr (bsc#1222301). - CVE-2023-52641: Fixed NULL ptr dereference checking at the end of attr_allocate_frame() (bsc#1222303) - CVE-2023-52645: Fixed pmdomain/mediatek race conditions with genpd (bsc#1223033). - CVE-2023-52652: Fixed NTB for possible name leak in ntb_register_device() (bsc#1223686). - CVE-2023-52659: Fixed to pfn_to_kaddr() not treated as a 64-bit type (bsc#1224442). - CVE-2023-52674: Add clamp() in scarlett2_mixer_ctl_put() (bsc#1224727). - CVE-2023-52680: Fixed missing error checks to *_ctl_get() (bsc#1224608). - CVE-2023-52692: Fixed missing error check to scarlett2_usb_set_config() (bsc#1224628). - CVE-2023-52698: Fixed memory leak in netlbl_calipso_add_pass() (CVE-2023-52698 bsc#1224621) - CVE-2023-52771: Fixed delete_endpoint() vs parent unregistration race (bsc#1225007). - CVE-2023-52772: Fixed use-after-free in unix_stream_read_actor() (bsc#1224989). - CVE-2023-52860: Fixed null pointer dereference in hisi_hns3 (bsc#1224936). - CVE-2023-6238: Fixed kcalloc() arguments order (bsc#1217384). - CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336). - CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917). - CVE-2024-21823: Fixed safety flag to struct ends (bsc#1223625). - CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170). - CVE-2024-23848: Fixed media/cec for possible use-after-free in cec_queue_msg_fh (bsc#1219104). - CVE-2024-24861: Fixed an overflow due to race condition in media/xc4000 device driver in xc4000 xc4000_get_frequency() function (bsc#1219623). - CVE-2024-25739: Fixed possible crash in create_empty_lvol() in drivers/mtd/ubi/vtbl.c (bsc#1219834). - CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342). - CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293). - CVE-2024-26632: Fixed iterating over an empty bio with bio_for_each_folio_all (bsc#1221635). - CVE-2024-26638: Fixed uninitialize struct msghdr completely (bsc#1221649 CVE-2024-26638). - CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830). - CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829). - CVE-2024-26654: Fixed use after free in ALSA/sh/aica (bsc#1222304). - CVE-2024-26656: Fixed drm/amdgpu use-after-free bug (bsc#1222307). - CVE-2024-26671: Fixed blk-mq IO hang from sbitmap wakeup race (bsc#1222357). - CVE-2024-26673: Fixed netfilter/nft_ct layer 3 and 4 protocol sanitization (bsc#1222368). - CVE-2024-26674: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups (bsc#1222378). - CVE-2024-26679: Fixed read sk->sk_family once in inet_recv_error() (bsc#1222385). - CVE-2024-26684: Fixed net/stmmac/xgmac handling of DPP safety error for DMA channels (bsc#1222445). - CVE-2024-26685: Fixed nilfs2 potential bug in end_buffer_async_write (bsc#1222437). - CVE-2024-26692: Fixed regression in writes when non-standard maximum write size negotiated (bsc#1222464). - CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422). - CVE-2024-26726: Fixed invalid drop extent_map for free space inode on write error (bsc#1222532) - CVE-2024-26731: Fixed NULL pointer dereference in sk_psock_verdict_data_ready() (bsc#1222371). - CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585). - CVE-2024-26737: Fixed selftests/bpf racing between bpf_timer_cancel_and_free and bpf_timer_cancel (bsc#1222557). - CVE-2024-26740: Fixed use the backlog for mirred ingress (bsc#1222563). - CVE-2024-26760: Fixed bio_put() for error case (bsc#1222596 cve-2024-267600). - CVE-2024-26760: Fixed scsi/target/pscsi bio_put() for error case (bsc#1222596). - CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721). - CVE-2024-26772: Fixed ext4 to avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (bsc#1222613). - CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found() (bsc#1222618). - CVE-2024-26774: Fixed dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt (bsc#1222622). - CVE-2024-26775: Fixed potential deadlock at set_capacity (bsc#1222627). - CVE-2024-26783: Fixed mm/vmscan bug when calling wakeup_kswapd() with a wrong zone index (bsc#1222615). - CVE-2024-26791: Fixed properly validate device names in btrfs (bsc#1222793) - CVE-2024-26793: Fixed an use-after-free and null-ptr-deref in gtp_newlink() in gtp (bsc#1222428). - CVE-2024-26805: Fixed a kernel-infoleak-after-free in __skb_datagram_iter in netlink (bsc#1222630). - CVE-2024-26807: Fixed spi/cadence-qspi NULL pointer reference in runtime PM hooks (bsc#1222801). - CVE-2024-26815: Fixed improper TCA_TAPRIO_TC_ENTRY_INDEX check (bsc#1222635). - CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y (bsc#1222624). - CVE-2024-26822: Set correct id, uid and cruid for multiuser automounts (bsc#1223011). - CVE-2024-26832: Fixed missing folio cleanup in writeback race path (bsc#1223007). - CVE-2024-26836: Fixed platform/x86/think-lmi password opcode ordering for workstations (bsc#1222968). - CVE-2024-26844: Fixed WARNING in _copy_from_iter (bsc#1223015). - CVE-2024-26853: Fixed igc returning frame twice in XDP_REDIRECT (bsc#1223061). - CVE-2024-26855: Fixed net/ice potential NULL pointer dereference in ice_bridge_setlink() (bsc#1223051). - CVE-2024-26856: Fixed use-after-free inside sparx5_del_mact_entry (bsc#1223052). - CVE-2024-26857: Fixed geneve to make sure to pull inner header in geneve_rx() (bsc#1223058). - CVE-2024-26860: Fixed a memory leak when rechecking the data (bsc#1223077). - CVE-2024-26861: Fixed wireguard/receive annotate data-race around receiving_counter.counter (bsc#1223076). - CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111). - CVE-2024-26866: Fixed spi/spi-fsl-lpspi by removing redundant spi_controller_put call (bsc#1223024). - CVE-2024-26878: Fixed quota for potential NULL pointer dereference (bsc#1223060). - CVE-2024-26881: Fixed net/hns3 kernel crash when 1588 is received on HIP08 devices (bsc#1223041). - CVE-2024-26882: Fixed net/ip_tunnel to make sure to pull inner header in ip_tunnel_rcv() (bsc#1223034). - CVE-2024-26883: Fixed bpf stackmap overflow check on 32-bit arches (bsc#1223035). - CVE-2024-26884: Fixed bpf hashtab overflow check on 32-bit arches (bsc#1223189). - CVE-2024-26885: Fixed bpf DEVMAP_HASH overflow check on 32-bit arches (bsc#1223190). - CVE-2024-26899: Fixed deadlock between bd_link_disk_holder and partition scan (bsc#1223045). - CVE-2024-26901: Fixed do_sys_name_to_handle() to use kzalloc() to prevent kernel-infoleak (bsc#1223198). - CVE-2024-26906: Fixed invalid vsyscall page read for copy_from_kernel_nofault() (bsc#1223202). - CVE-2024-26909: Fixed drm bridge use-after-free (bsc#1223143). - CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138). - CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384). - CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path (bsc#1223390). - CVE-2024-26928: Fix potential UAF in cifs_debug_files_proc_show() (bsc#1223532). - CVE-2024-26945: Fixed nr_cpus &lt; nr_iaa case (bsc#1223732). - CVE-2024-26946: Fixed copy_from_kernel_nofault() to read from unsafe address (bsc#1223669). - CVE-2024-26948: Fixed drm/amd/display by adding dc_state NULL check in dc_state_release (bsc#1223664). - CVE-2024-26950: Fixed wireguard/netlink to access device through ctx instead of peer (bsc#1223661). - CVE-2024-26951: Fixed wireguard/netlink check for dangling peer via is_dead instead of empty list (bsc#1223660). - CVE-2024-26958: Fixed UAF in direct writes (bsc#1223653). - CVE-2024-26960: Fixed mm/swap race between free_swap_and_cache() and swapoff() (bsc#1223655). - CVE-2024-26982: Fixed Squashfs inode number check not to be an invalid value of zero (bsc#1223634). - CVE-2024-26991: Fixed overflow lpage_info when checking attributes (bsc#1223695). - CVE-2024-26993: Fixed fs/sysfs reference leak in sysfs_break_active_protection() (bsc#1223693). - CVE-2024-27013: Fixed tun limit printing rate when illegal packet received by tun device (bsc#1223745). - CVE-2024-27014: Fixed net/mlx5e to prevent deadlock while disabling aRFS (bsc#1223735). - CVE-2024-27022: Fixed linking file vma until vma is fully initialized (bsc#1223774). - CVE-2024-27030: Fixed octeontx2-af to use separate handlers for interrupts (bsc#1223790). - CVE-2024-27036: Fixed writeback data corruption (bsc#1223810). - CVE-2024-27046: Fixed nfp/flower handling acti_netdevs allocation failure (bsc#1223827). - CVE-2024-27056: Fixed wifi/iwlwifi/mvm to ensure offloading TID queue exists (bsc#1223822). - CVE-2024-27062: Fixed nouveau lock inside client object tree (bsc#1223834). - CVE-2024-27389: Fixed pstore inode handling with d_invalidate() (bsc#1223705). - CVE-2024-27395: Fixed Use-After-Free in ovs_ct_exit (bsc#1224098). - CVE-2024-27396: Fixed Use-After-Free in gtp_dellink (bsc#1224096). - CVE-2024-27401: Fixed user_length taken into account when fetching packet contents (bsc#1224181). - CVE-2024-27408: Fixed race condition in dmaengine w-edma/eDMA (bsc#1224430). - CVE-2024-27417: Fixed potential 'struct net' leak in inet6_rtm_getaddr() (bsc#1224721) - CVE-2024-27418: Fixed memory leak in mctp_local_output (bsc#1224720) - CVE-2024-27431: Fixed Zero-initialise xdp_rxq_info struct before running XDP program (bsc#1224718). - CVE-2024-35852: Fixed memory leak when canceling rehash work (bsc#1224502). - CVE-2024-35854: Fixed possible use-after-free during rehash (bsc#1224636). - CVE-2024-35860: struct bpf_link and bpf_link_ops kABI workaround (bsc#1224531). - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766). - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764). - CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763). - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765). - CVE-2024-35865: Fixed potential UAF in smb2_is_valid_oplock_break() (bsc#1224668). - CVE-2024-35866: Fixed potential UAF in cifs_dump_full_key() (bsc#1224667). - CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1224664). - CVE-2024-35868: Fixed potential UAF in cifs_stats_proc_write() (bsc#1224678). - CVE-2024-35869: Guarantee refcounted children from parent session (bsc#1224679). - CVE-2024-35870: Fixed UAF in smb2_reconnect_server() (bsc#1224672). - CVE-2024-35872: Fixed GUP-fast succeeding on secretmem folios (bsc#1224530). - CVE-2024-35877: Fixed VM_PAT handling in COW mappings (bsc#1224525). - CVE-2024-35895: Fixed lock inversion deadlock in map delete elem (bsc#1224511). - CVE-2024-35903: Fixed IP after emitting call depth accounting (bsc#1224493). - CVE-2024-35905: Fixed int overflow for stack access size (bsc#1224488). - CVE-2024-35917: Fixed Fix bpf_plt pointer arithmetic (bsc#1224481). - CVE-2024-35921: Fixed oops when HEVC init fails (bsc#1224477). - CVE-2024-35931: Fixed PCI error slot reset during RAS recovery (bsc#1224652). - CVE-2024-35943: Fixed a null pointer dereference in omap_prm_domain_init (bsc#1224649). - CVE-2024-35944: Fixed memcpy() run-time warning in dg_dispatch_as_host() (bsc#1224648). - CVE-2024-35956: Fixed qgroup prealloc rsv leak in subvolume operations (bsc#1224674) - CVE-2024-35964: Fixed not validating setsockopt user input (bsc#1224581). - CVE-2024-35969: Fixed race condition between ipv6_get_ifaddr and ipv6_del_addr (bsc#1224580). - CVE-2024-35991: Fixed kABI workaround for struct idxd_evl (bsc#1224553). - CVE-2024-35999: Fixed missing lock when picking channel (bsc#1224550). - CVE-2024-36006: Fixed incorrect list API usage (bsc#1224541). - CVE-2024-36007: Fixed warning during rehash (bsc#1224543). - CVE-2024-36030: Fixed the double free in rvu_npc_freemem() (bsc#1225712) The following non-security bugs were fixed: - 9p: add missing locking around taking dentry fid list (git-fixes) - accel/ivpu: Fix deadlock in context_xa (git-fixes). - ACPI: bus: Indicate support for IRQ ResourceSource thru _OSC (git-fixes). - ACPI: bus: Indicate support for _TFP thru _OSC (git-fixes). - ACPI: bus: Indicate support for the Generic Event Device thru _OSC (git-fixes). - ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() (git-fixes). - ACPI: CPPC: Fix access width used for PCC registers (git-fixes). - ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro (git-fixes). - ACPI: CPPC: Use access_width over bit_width for system memory accesses (stable-fixes). - ACPI: disable -Wstringop-truncation (git-fixes). - ACPI: Fix Generic Initiator Affinity _OSC bit (git-fixes). - ACPI: LPSS: Advertise number of chip selects via property (git-fixes). - ACPI: resource: Add Infinity laptops to irq1_edge_low_force_override (stable-fixes). - ACPI: resource: Do IRQ override on Lunnen Ground laptops (stable-fixes). - ACPI: scan: Do not increase dep_unmet for already met dependencies (git-fixes). - ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 (bsc#1217750). - ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS (stable-fixes). - Add alt-commit to a nouveau patch - Add reference to L3 bsc#1225765 in BPF control flow graph and precision backtrack fixes (bsc#1225756) The L3 bsc#1225765 was created seperately since our customer requires PTF. - admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET (git-fixes). - ahci: asm1064: asm1166: do not limit reported ports (git-fixes). - ahci: asm1064: correct count of reported ports (stable-fixes). - ALSA: aoa: avoid false-positive format truncation warning (git-fixes). - ALSA: core: Fix NULL module pointer assignment at card init (git-fixes). - ALSA: core: Remove debugfs at disconnection (git-fixes). - ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter (stable-fixes). - ALSA: Fix deadlocks with kctl removals at disconnection (stable-fixes). - ALSA: hda: Add Intel BMG PCI ID and HDMI codec vid (stable-fixes). - ALSA: hda: clarify Copyright information (stable-fixes). - ALSA: hda: cs35l41: Add support for ASUS ROG 2024 Laptops (stable-fixes). - ALSA: hda: cs35l41: Ignore errors when configuring IRQs (stable-fixes). - ALSA: hda: cs35l41: Remove redundant argument to cs35l41_request_firmware_file() (stable-fixes). - ALSA: hda: cs35l41: Remove Speaker ID for Lenovo Legion slim 7 16ARHA7 (git-fixes). - ALSA: hda: cs35l41: Set the max PCM Gain using tuning setting (stable-fixes). - ALSA: hda: cs35l41: Support HP Omen models without _DSD (stable-fixes). - ALSA: hda: cs35l41: Support Lenovo 13X laptop without _DSD (stable-fixes). - ALSA: hda: cs35l41: Update DSP1RX5/6 Sources for DSP config (stable-fixes). - ALSA: hda: cs35l56: Add ACPI device match tables (git-fixes). - ALSA: hda: cs35l56: Exit cache-only after cs35l56_wait_for_firmware_boot() (stable-fixes). - ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance (git-fixes). - ALSA: hda: cs35l56: Set the init_done flag before component_add() (git-fixes). - ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup (git-fixes). - ALSA: hda: hda_cs_dsp_ctl: Remove notification of driver write (stable-fixes). - ALSA: hda: intel-dsp-config: harden I2C/I2S codec detection (stable-fixes). - ALSA/hda: intel-dsp-config: reduce log verbosity (git-fixes). - ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() (git-fixes). - ALSA: hda/realtek: Add quirk for HP SnowWhite laptops (stable-fixes). - ALSA: hda/realtek: Add quirk for HP Spectre x360 14 eu0000 (stable-fixes). - ALSA: hda/realtek: Add quirks for ASUS Laptops using CS35L56 (stable-fixes). - ALSA: hda/realtek: Add quirks for HP Omen models using CS35L41 (stable-fixes). - ALSA: hda/realtek: Add quirks for Huawei Matebook D14 NBLB-WAX9N (stable-fixes). - ALSA: hda/realtek: Add quirks for Lenovo 13X (stable-fixes). - ALSA: hda/realtek: Add quirks for some Clevo laptops (stable-fixes). - ALSA: hda/realtek: Add sound quirks for Lenovo Legion slim 7 16ARHA7 models (stable-fixes). - ALSA: hda/realtek: Add support for ASUS Zenbook 2024 HN7306W (stable-fixes). - ALSA: hda/realtek: Adjust G814JZR to use SPI init for amp (git-fixes). - ALSA: hda/realtek: cs35l41: Support ASUS ROG G634JYR (stable-fixes). - ALSA: hda/realtek: Drop doubly quirk entry for 103c:8a2e (git-fixes). - ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC (stable-fixes). - ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 (stable-fixes). - ALSA: hda/realtek: Fix build error without CONFIG_PM (stable-fixes). - ALSA: hda/realtek: Fix conflicting PCI SSID 17aa:386f for Lenovo Legion models (bsc#1223462). - ALSA: hda/realtek - fixed headset Mic not show (stable-fixes). - ALSA: hda/realtek: Fixes for Asus GU605M and GA403U sound (stable-fixes). - ALSA: hda/realtek - Fix inactive headset mic jack (stable-fixes). - ALSA: hda/realtek: Fix internal speakers for Legion Y9000X 2022 IAH7 (stable-fixes). - ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU (stable-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for ProBook 440/460 G11 (stable-fixes). - ALSA: hda/realtek: fix the hp playback volume issue for LG machines (stable-fixes). - ALSA: hda/realtek: Fix volumn control of ThinkBook 16P Gen4 (git-fixes). - ALSA: hda/realtek - Set GPIO3 to default at S4 state for Thinkpad with ALC1318 (stable-fixes). - ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone (git-fixes). - ALSA: hda/tas2781: add locks to kcontrols (git-fixes). - ALSA: hda/tas2781: Add new vendor_id and subsystem_id to support ThinkPad ICE-1 (stable-fixes). - ALSA: hda/tas2781: correct the register for pow calibrated data (git-fixes). - ALSA: hda/tas2781: remove digital gain kcontrol (git-fixes). - ALSA: line6: Zero-initialize message buffers (stable-fixes). - ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support (stable-fixes). - ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support (stable-fixes). - ALSA: scarlett2: Add missing error check to scarlett2_config_save() (git-fixes). - ALSA: scarlett2: Add support for Clarett 8Pre USB (stable-fixes). - ALSA: scarlett2: Default mixer driver to enabled (stable-fixes). - ALSA: scarlett2: Move USB IDs out from device_info struct (stable-fixes). - ALSA: seq: Do not clear bank selection at event -> UMP MIDI2 conversion (git-fixes). - ALSA: seq: Fix incorrect UMP type for system messages (git-fixes). - ALSA: seq: Fix missing bank setup between MIDI1/MIDI2 UMP conversion (git-fixes). - ALSA: seq: Fix yet another spot for system message conversion (git-fixes). - ALSA: seq: ump: Fix conversion from MIDI2 to MIDI1 UMP messages (git-fixes). - ALSA: seq: ump: Fix swapped song position pointer data (git-fixes). - ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs (git-fixes). - ALSA: timer: Set lower bound of start tick time (stable-fixes). - ALSA: ump: Do not accept an invalid UMP protocol number (git-fixes). - ALSA: ump: Do not clear bank selection after sending a program change (git-fixes). - ALSA: ump: Set default protocol when not given explicitly (git-fixes). - ALSA: usb-audio: Add sampling rates support for Mbox3 (stable-fixes). - ALSA: usb-audio: Fix for sampling rates support for Mbox3 (stable-fixes). - amd/amdkfd: sync all devices to wait all processes being evicted (stable-fixes). - amdkfd: use calloc instead of kzalloc to avoid integer overflow (stable-fixes). - arm64: bpf: fix 32bit unconditional bswap (git-fixes). - arm64: dts: allwinner: h616: Fix I2C0 pins (git-fixes) - arm64: dts: allwinner: Pine H64: correctly remove reg_gmac_3v3 (git-fixes) - arm64: dts: broadcom: bcmbca: bcm4908: drop invalid switch cells (git-fixes) - arm64: dts: Fix dtc interrupt_provider warnings (git-fixes) - arm64: dts: hi3798cv200: fix the size of GICR (git-fixes) - arm64: dts: imx8qm-ss-dma: fix can lpcg indices (git-fixes) - arm64: dts: imx8-ss-conn: fix usb lpcg indices (git-fixes) - arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order (git-fixes) - arm64: dts: imx8-ss-dma: fix adc lpcg indices (git-fixes) - arm64: dts: imx8-ss-dma: fix can lpcg indices (git-fixes) - arm64: dts: imx8-ss-dma: fix spi lpcg indices (git-fixes) - arm64: dts: imx8-ss-lsio: fix pwm lpcg indices (git-fixes) - arm64: dts: marvell: reorder crypto interrupts on Armada SoCs (git-fixes) - arm64: dts: microchip: sparx5: fix mdio reg (git-fixes) - arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK (git-fixes) - arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 (git-fixes) - arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for (git-fixes) - arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 (git-fixes) - arm64: dts: rockchip: fix rk3328 hdmi ports node (git-fixes) - arm64: dts: rockchip: fix rk3399 hdmi ports node (git-fixes) - arm64: dts: rockchip: regulator for sd needs to be always on for (git-fixes) - arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro (git-fixes) - arm64: dts: rockchip: set PHY address of MT7531 switch to 0x1f (git-fixes) - arm64/head: Disable MMU at EL2 before clearing HCR_EL2.E2H (git-fixes). - arm64: hibernate: Fix level3 translation fault in swsusp_save() (git-fixes). - arm64/ptrace: Use saved floating point state type to determine SVE (git-fixes) - arm64/sve: Lower the maximum allocation for the SVE ptrace regset (git-fixes) - arm64: tegra: Correct Tegra132 I2C alias (git-fixes) - arm64: tegra: Set the correct PHY mode for MGBE (git-fixes) - ARM: 9381/1: kasan: clear stale stack poison (git-fixes). - ARM: imx: Check return value of devm_kasprintf in imx_mmdc_perf_init (git-fixes). - ARM: imx_v6_v7_defconfig: Restore CONFIG_BACKLIGHT_CLASS_DEVICE (git-fixes). - ARM: OMAP2+: fix N810 MMC gpiod table (git-fixes). - ARM: OMAP2+: fix USB regression on Nokia N8x0 (git-fixes). - arm_pmu: acpi: Add a representative platform device for TRBE (bsc#1220587) - arm_pmu: acpi: Refactor arm_spe_acpi_register_device() (bsc#1220587) - ARM: prctl: reject PR_SET_MDWE on pre-ARMv6 (stable-fixes). - ARM: s5pv210: fix pm.c kernel-doc warning (git-fixes). - asm-generic: make sparse happy with odd-sized put_unaligned_*() (stable-fixes). - ASoC: acp: Support microphone from device Acer 315-24p (git-fixes). - ASoC: amd: acp: fix for acp_init function error handling (git-fixes). - ASoC: amd: yc: Add Lenovo ThinkBook 21J0 into DMI quirk table (stable-fixes). - ASoC: amd: yc: Fix non-functional mic on ASUS M7600RE (stable-fixes). - ASoC: amd: yc: Fix non-functional mic on Lenovo 21J2 (stable-fixes). - ASoC: amd: yc: Revert 'Fix non-functional mic on Lenovo 21J2' (stable-fixes). - ASoC: codecs: wsa881x: set clk_stop_mode1 flag (git-fixes). - ASoC: cs35l56: Fix unintended bus access while resetting amp (git-fixes). - ASoC: cs35l56: Prevent overwriting firmware ASP config (git-fixes). - ASoC: da7219-aad: fix usage of device_get_named_child_node() (git-fixes). - ASoC: Intel: avs: Fix ASRC module initialization (git-fixes). - ASoC: Intel: avs: Fix potential integer overflow (git-fixes). - ASoC: Intel: avs: Populate board selection with new I2S entries (stable-fixes). - ASoC: Intel: avs: Set name of control as in topology (git-fixes). - ASoC: Intel: avs: ssm4567: Do not ignore route checks (git-fixes). - ASoC: Intel: avs: Test result of avs_get_module_entry() (git-fixes). - ASoC: Intel: bytcr_rt5640: Apply Asus T100TA quirk to Asus T100TAM too (git-fixes). - ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops (stable-fixes). - ASoC: Intel: Disable route checks for Skylake boards (git-fixes). - ASoC: kirkwood: Fix potential NULL dereference (git-fixes). - ASoC: mediatek: Assign dummy when codec not specified for a DAI link (git-fixes). - ASoC: mediatek: mt8192: fix register configuration for tdm (git-fixes). - ASoC: meson: axg-card: make links nonatomic (git-fixes). - ASoC: meson: axg-fifo: use FIELD helpers (stable-fixes). - ASoC: meson: axg-fifo: use threaded irq to check periods (git-fixes). - ASoC: meson: axg-tdm-interface: manage formatters in trigger (git-fixes). - ASoC: meson: cards: select SND_DYNAMIC_MINORS (git-fixes). - ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw (git-fixes). - ASoC: rockchip: i2s-tdm: Fix inaccurate sampling rates (git-fixes). - ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating (git-fixes). - ASoC: rt5645: Make LattePanda board DMI match more precise (stable-fixes). - ASoC: rt5682-sdw: fix locking sequence (git-fixes). - ASoC: rt711-sdca: fix locking sequence (git-fixes). - ASoC: rt711-sdw: fix locking sequence (git-fixes). - ASoC: rt712-sdca-sdw: fix locking sequence (git-fixes). - ASoC: rt715: add vendor clear control register (git-fixes). - ASoC: rt715-sdca: volume step modification (git-fixes). - ASoC: rt722-sdca: add headset microphone vrefo setting (git-fixes). - ASoC: rt722-sdca: modify channel number to support 4 channels (git-fixes). - ASoC: rt722-sdca-sdw: fix locking sequence (git-fixes). - ASoC: soc-core.c: Skip dummy codec when adding platforms (stable-fixes). - ASoC: SOF: amd: Optimize quirk for Valve Galileo (stable-fixes). - ASoC: SOF: Intel: add default firmware library path for LNL (git-fixes). - ASoC: SOF: Intel: hda-dsp: Skip IMR boot on ACE platforms in case of S3 suspend (stable-fixes). - ASoC: SOF: Intel: lnl: Correct rom_status_reg (git-fixes). - ASoC: SOF: Intel: mtl: call dsp dump when boot retry fails (stable-fixes). - ASoC: SOF: Intel: mtl: Correct rom_status_reg (git-fixes). - ASoC: SOF: Intel: mtl: Disable interrupts when firmware boot failed (git-fixes). - ASoC: SOF: Intel: mtl: Implement firmware boot state check (git-fixes). - ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend (stable-fixes). - ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension (git-fixes). - ASoC: tas2552: Add TX path for capturing AUDIO-OUT data (git-fixes). - ASoC: tas2781: Fix a warning reported by robot kernel test (git-fixes). - ASoC: tas2781: Fix wrong loading calibrated data sequence (git-fixes). - ASoC: tas2781: mark dvc_tlv with __maybe_unused (git-fixes). - ASoC: tegra: Fix DSPK 16-bit playback (git-fixes). - ASoC: ti: Convert Pandora ASoC to GPIO descriptors (stable-fixes). - ASoC: ti: davinci-mcasp: Fix race condition during probe (git-fixes). - ASoC: tlv320adc3xxx: Do not strip remove function when driver is builtin (git-fixes). - ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (git-fixes). - ASoC: wm_adsp: Add missing MODULE_DESCRIPTION() (git-fixes). - ASoC: wm_adsp: Fix missing mutex_lock in wm_adsp_write_ctl() (git-fixes). - ata: libata-core: Allow command duration limits detection for ACS-4 drives (git-fixes). - ata: pata_legacy: make legacy_exit() work again (git-fixes). - ata: sata_gemini: Check clk_enable() result (stable-fixes). - ata: sata_mv: Fix PCI device ID table declaration compilation warning (git-fixes). - ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit (git-fixes). - autofs: use wake_up() instead of wake_up_interruptible(() (bsc#1224166). - ax25: Fix netdev refcount issue (git-fixes). - ax25: Fix reference count leak issue of net_device (git-fixes). - ax25: Fix reference count leak issues of ax25_dev (git-fixes). - ax25: fix use-after-free bugs caused by ax25_ds_del_timer (git-fixes). - batman-adv: Avoid infinite loop trying to resize local TT (git-fixes). - bitops: add missing prototype check (git-fixes). - blk-cgroup: fix list corruption from reorder of WRITE ->lqueued (bsc#1225605). - blk-cgroup: fix list corruption from resetting io stat (bsc#1225605). - block: fix q->blkg_list corruption during disk rebind (bsc#1223591). - Bluetooth: Add new quirk for broken read key length on ATS2851 (stable-fixes). - Bluetooth: add quirk for broken address properties (git-fixes). - Bluetooth: btintel: Fixe build regression (git-fixes). - Bluetooth: btintel: Fix null ptr deref in btintel_read_version (stable-fixes). - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 (stable-fixes). - Bluetooth: btusb: Fix triggering coredump implementation for QCA (git-fixes). - Bluetooth: Fix memory leak in hci_req_sync_complete() (git-fixes). - Bluetooth: Fix TOCTOU in HCI debugfs implementation (git-fixes). - Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() (stable-fixes). - Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout (git-fixes). - Bluetooth: hci_core: Cancel request on command timeout (stable-fixes). - Bluetooth: hci_event: Fix sending HCI_OP_READ_ENC_KEY_SIZE (git-fixes). - Bluetooth: hci_event: set the conn encrypted before conn establishes (stable-fixes). - Bluetooth: HCI: Fix potential null-ptr-deref (git-fixes). - Bluetooth: hci_sock: Fix not validating setsockopt user input (git-fixes). - Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync (git-fixes). - Bluetooth: hci_sync: Fix using the same interval and window for Coded PHY (git-fixes). - Bluetooth: hci_sync: Use QoS to determine which PHY to scan (stable-fixes). - Bluetooth: ISO: Align broadcast sync_timeout with connection timeout (stable-fixes). - Bluetooth: ISO: Do not reject BT_ISO_QOS if parameters are unset (git-fixes). - Bluetooth: l2cap: Do not double set the HCI_CONN_MGMT_CONNECTED bit (git-fixes). - Bluetooth: L2CAP: Fix not validating setsockopt user input (git-fixes). - Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (git-fixes). - Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect() (git-fixes). - Bluetooth: MGMT: Fix failing to MGMT_OP_ADD_UUID/MGMT_OP_REMOVE_UUID (bsc#1221504). - Bluetooth: mgmt: Fix limited discoverable off timeout (stable-fixes). - Bluetooth: msft: fix slab-use-after-free in msft_do_close() (git-fixes). - Bluetooth: qca: add missing firmware sanity checks (git-fixes). - Bluetooth: qca: fix device-address endianness (git-fixes). - Bluetooth: qca: Fix error code in qca_read_fw_build_info() (git-fixes). - Bluetooth: qca: fix firmware check error path (git-fixes). - Bluetooth: qca: fix info leak when fetching fw build id (git-fixes). - Bluetooth: qca: fix NULL-deref on non-serdev setup (git-fixes). - Bluetooth: qca: fix NULL-deref on non-serdev suspend (git-fixes). - Bluetooth: qca: fix NVM configuration parsing (git-fixes). - Bluetooth: RFCOMM: Fix not validating setsockopt user input (git-fixes). - Bluetooth: SCO: Fix not validating setsockopt user input (git-fixes). - bnx2x: Fix firmware version string character counts (git-fixes). - bnxt_en: Fix error recovery for RoCE ulp client (git-fixes). - bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init() (git-fixes). - bnxt_en: Reset PTP tx_avail after possible firmware reset (git-fixes). - bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (git-fixes) - bootconfig: Fix the kerneldoc of _xbc_exit() (git-fixes). - bootconfig: use memblock_free_late to free xbc memory to buddy (git-fixes). - bootmem: use kmemleak_free_part_phys in free_bootmem_page (git-fixes). - bootmem: use kmemleak_free_part_phys in put_page_bootmem (git-fixes). - bpf, arm64: fix bug in BPF_LDX_MEMSX (git-fixes) - bpf, arm64: Fix incorrect runtime stats (git-fixes) - bpf: fix precision backtracking instruction iteration (bsc#1225756). - bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END (git-fixes). - bpf: handle ldimm64 properly in check_cfg() (bsc#1225756). - bpf, scripts: Correct GPL license name (git-fixes). - btrfs: add a helper to read the superblock metadata_uuid (git-fixes) - btrfs: add and use helper to check if block group is used (bsc#1220120). - btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() (git-fixes) - btrfs: add new unused block groups to the list of unused block groups (bsc#1220120). - btrfs: allow to run delayed refs by bytes to be released instead of count (bsc#1220120). - btrfs: always print transaction aborted messages with an error level (git-fixes) - btrfs: always reserve space for delayed refs when starting transaction (bsc#1220120). - btrfs: assert correct lock is held at btrfs_select_ref_head() (bsc#1220120). - btrfs: assert delayed node locked when removing delayed item (git-fixes) - btrfs: avoid starting and committing empty transaction when flushing space (bsc#1220120). - btrfs: avoid starting new transaction when flushing delayed items and refs (bsc#1220120). - btrfs: check for BTRFS_FS_ERROR in pending ordered assert (git-fixes) - btrfs: compare the correct fsid/metadata_uuid in btrfs_validate_super (git-fixes) - btrfs: defrag: avoid unnecessary defrag caused by incorrect extent size (git-fixes) - btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args (git-fixes) - btrfs: do not allow non subvolume root targets for snapshot (git-fixes) - btrfs: do not arbitrarily slow down delalloc if we're committing (git-fixes) - btrfs: do not delete unused block group if it may be used soon (bsc#1220120). - btrfs: do not refill whole delayed refs block reserve when starting transaction (bsc#1220120). - btrfs: do not start transaction when joining with TRANS_JOIN_NOSTART (git-fixes) - btrfs: do not steal space from global rsv after a transaction abort (bsc#1220120). - btrfs: do not warn if discard range is not aligned to sector (git-fixes) - btrfs: ensure fiemap does not race with writes when FIEMAP_FLAG_SYNC is given (bsc#1223285). - btrfs: error out when COWing block using a stale transaction (git-fixes) - btrfs: error out when reallocating block for defrag using a stale transaction (git-fixes) - btrfs: error when COWing block from a root that is being deleted (git-fixes) - btrfs: export: handle invalid inode or root reference in btrfs_get_parent() (git-fixes) - btrfs: fail priority metadata ticket with real fs error (bsc#1220120). - btrfs: file_remove_privs needs an exclusive lock in direct io write (git-fixes) - btrfs: fix 64bit compat send ioctl arguments not initializing version member (git-fixes) - btrfs: fix deadlock with fiemap and extent locking (bsc#1223285). - btrfs: fix information leak in btrfs_ioctl_logical_to_ino() (git-fixes) - btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() (git-fixes) - btrfs: fix lockdep splat and potential deadlock after failure running delayed items (git-fixes) - btrfs: fix off-by-one chunk length calculation at contains_pending_extent() (git-fixes) - btrfs: fix off-by-one when checking chunk map includes logical address (git-fixes) - btrfs: fix race between ordered extent completion and fiemap (bsc#1223285). - btrfs: fix race when detecting delalloc ranges during fiemap (bsc#1223285). - btrfs: fix race when refilling delayed refs block reserve (git-fixes) - btrfs: fix start transaction qgroup rsv double free (git-fixes) - btrfs: fix stripe length calculation for non-zoned data chunk allocation (bsc#1217489). - btrfs: fix wrong block_start calculation for btrfs_drop_extent_map_range() (git-fixes) Dropped hunk in selftests (test_case_7), 92e1229b204d6. - btrfs: free qgroup rsv on io failure (git-fixes) - btrfs: free the allocated memory if btrfs_alloc_page_array() fails (git-fixes) - btrfs: get rid of label and goto at insert_delayed_ref() (bsc#1220120). - btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() (git-fixes) - btrfs: handle errors properly in update_inline_extent_backref() (git-fixes) - btrfs: initialize key where it's used when running delayed data ref (bsc#1220120). - btrfs: log message if extent item not found when running delayed extent op (bsc#1220120). - btrfs: make btrfs_cleanup_fs_roots() static (bsc#1220120). - btrfs: make btrfs_destroy_delayed_refs() return void (bsc#1220120). - btrfs: make btrfs_destroy_marked_extents() return void (bsc#1220120). - btrfs: make btrfs_destroy_pinned_extent() return void (bsc#1220120). - btrfs: make error messages more clear when getting a chunk map (git-fixes) - btrfs: make find_first_extent_bit() return a boolean (bsc#1220120). - btrfs: make find_free_dev_extent() static (bsc#1220120). - btrfs: make insert_delayed_ref() return a bool instead of an int (bsc#1220120). - btrfs: merge find_free_dev_extent() and find_free_dev_extent_start() (bsc#1220120). - btrfs: move btrfs_free_excluded_extents() into block-group.c (bsc#1220120). - btrfs: open code trivial btrfs_add_excluded_extent() (bsc#1220120). - btrfs: output extra debug info if we failed to find an inline backref (git-fixes) - btrfs: pass a space_info argument to btrfs_reserve_metadata_bytes() (bsc#1220120). - btrfs: prevent transaction block reserve underflow when starting transaction (git-fixes) - btrfs: print available space across all block groups when dumping space info (bsc#1220120). - btrfs: print available space for a block group when dumping a space info (bsc#1220120). - btrfs: print block group super and delalloc bytes when dumping space info (bsc#1220120). - btrfs: print target number of bytes when dumping free space (bsc#1220120). - btrfs: qgroup: always free reserved space for extent records (bsc#1216196). - btrfs: qgroup: convert PREALLOC to PERTRANS after record_root_in_trans (git-fixes) - btrfs: record delayed inode root in transaction (git-fixes) - btrfs: reject encoded write if inode has nodatasum flag set (git-fixes) - btrfs: release path before inode lookup during the ino lookup ioctl (git-fixes) - btrfs: remove pointless initialization at btrfs_delayed_refs_rsv_release() (bsc#1220120). - btrfs: remove pointless in_tree field from struct btrfs_delayed_ref_node (bsc#1220120). - btrfs: remove pointless 'ref_root' variable from run_delayed_data_ref() (bsc#1220120). - btrfs: remove redundant BUG_ON() from __btrfs_inc_extent_ref() (bsc#1220120). - btrfs: remove refs_to_add argument from __btrfs_inc_extent_ref() (bsc#1220120). - btrfs: remove refs_to_drop argument from __btrfs_free_extent() (bsc#1220120). - btrfs: remove the refcount warning/check at btrfs_put_delayed_ref() (bsc#1220120). - btrfs: remove unnecessary logic when running new delayed references (bsc#1220120). - btrfs: remove unnecessary prototype declarations at disk-io.c (bsc#1220120). - btrfs: remove unused is_head field from struct btrfs_delayed_ref_node (bsc#1220120). - btrfs: rename add_new_free_space() to btrfs_add_new_free_space() (bsc#1220120). - btrfs: reorder some members of struct btrfs_delayed_ref_head (bsc#1220120). - btrfs: reserve space for delayed refs on a per ref basis (bsc#1220120). - btrfs: reset destination buffer when read_extent_buffer() gets invalid range (git-fixes) - btrfs: return -EUCLEAN for delayed tree ref with a ref count not equals to 1 (git-fixes) - btrfs: return -EUCLEAN if extent item is missing when searching inline backref (bsc#1220120). - btrfs: return real error when orphan cleanup fails due to a transaction abort (bsc#1220120). - btrfs: send: do not issue unnecessary zero writes for trailing hole (bsc#1222459). - btrfs: send: ensure send_fd is writable (git-fixes) - btrfs: send: handle path ref underflow in header iterate_inode_ref() (git-fixes) - btrfs: send: return EOPNOTSUPP on unknown flags (git-fixes) - btrfs: set page extent mapped after read_folio in relocate_one_page (git-fixes) - btrfs: simplify check for extent item overrun at lookup_inline_extent_backref() (bsc#1220120). - btrfs: stop doing excessive space reservation for csum deletion (bsc#1220120). - btrfs: store the error that turned the fs into error state (bsc#1220120). - btrfs: sysfs: validate scrub_speed_max value (git-fixes) - btrfs: tree-checker: fix inline ref size in error messages (git-fixes) - btrfs: update comment for btrfs_join_transaction_nostart() (bsc#1220120). - btrfs: update documentation for add_new_free_space() (bsc#1220120). - btrfs: use a bool to track qgroup record insertion when adding ref head (bsc#1220120). - btrfs: use a single switch statement when initializing delayed ref head (bsc#1220120). - btrfs: use a single variable for return value at lookup_inline_extent_backref() (bsc#1220120). - btrfs: use a single variable for return value at run_delayed_extent_op() (bsc#1220120). - btrfs: use bool type for delayed ref head fields that are used as booleans (bsc#1220120). - btrfs: use the correct superblock to compare fsid in btrfs_validate_super (git-fixes) - btrfs: use u64 for buffer sizes in the tree search ioctls (git-fixes) - btrfs: zoned: do not skip block groups with 100% zone unusable (bsc#1220120). - bus: mhi: ep: check the correct variable in mhi_ep_register_controller() (git-fixes). - ceph: redirty page before returning AOP_WRITEPAGE_ACTIVATE (bsc#1224866). - ceph: stop copying to iter at EOF on sync reads (bsc#1222606). - certs: Add ECDSA signature verification self-test (bsc#1222777). - certs: Move RSA self-test data to separate file (bsc#1222777). - cifs: account for primary channel in the interface list (bsc#1225172). - cifs: cifs_chan_is_iface_active should be called with chan_lock held (bsc#1225172). - cifs: distribute channels across interfaces based on speed (bsc#1225172).++ kernel-source.spec (revision 4)%define git_commit 596cd3fdbd0fb5902e80279485ad8596f4e82397Release: &lt;RELEASE>.g596cd3f - cifs: do not pass cifs_sb when trying to add channels (bsc#1225172). - cifs: Do not use certain unnecessary folio_*() functions (bsc#1225172). - cifs: failure to add channel on iface should bump up weight (git-fixes, bsc#1225172). - cifs: fix charset issue in reconnection (bsc#1225172). - cifs: fix leak of iface for primary channel (git-fixes, bsc#1225172). - cifs: handle cases where a channel is closed (bsc#1225172). - cifs: handle cases where multiple sessions share connection (bsc#1225172). - cifs: reconnect work should have reference on server struct (bsc#1225172). - clk: Do not hold prepare_lock when calling kref_put() (stable-fixes). - clk: Get runtime PM before walking tree during disable_unused (git-fixes). - clk: Get runtime PM before walking tree for clk_summary (git-fixes). - clk: Initialize struct clk_core kref earlier (stable-fixes). - clk: mediatek: Do a runtime PM get on controllers during probe (git-fixes). - clk: mediatek: mt8365-mm: fix DPI0 parent (git-fixes). - clk: mediatek: pllfh: Do not log error for missing fhctl node (git-fixes). - clk: qcom: clk-alpha-pll: fix rate setting for Stromer PLLs (git-fixes). - clk: qcom: clk-alpha-pll: remove invalid Stromer register offset (git-fixes). - clk: qcom: dispcc-sm6350: fix DisplayPort clocks (git-fixes). - clk: qcom: dispcc-sm8450: fix DisplayPort clocks (git-fixes). - clk: qcom: dispcc-sm8550: fix DisplayPort clocks (git-fixes). - clk: qcom: mmcc-msm8998: fix venus clock issue (git-fixes). - clk: qcom: reset: Commonize the de/assert functions (stable-fixes). - clk: qcom: reset: Ensure write completion on reset de/assertion (git-fixes). - clk: Remove prepare_lock hold assertion in __clk_release() (git-fixes). - clk: renesas: r8a779a0: Fix CANFD parent clock (git-fixes). - clk: renesas: r9a07g043: Add clock and reset entry for PLIC (git-fixes). - clk: rs9: fix wrong default value for clock amplitude (git-fixes). - clk: samsung: exynosautov9: fix wrong pll clock id value (git-fixes). - clk: Show active consumers of clocks in debugfs (stable-fixes). - clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change (git-fixes). - clocksource/drivers/arm_global_timer: Fix maximum prescaler value (git-fixes). - clocksource/drivers/imx: Fix -Wunused-but-set-variable warning (git-fixes). - comedi: vmk80xx: fix incomplete endpoint checking (git-fixes). - coresight: trbe: Add a representative coresight_platform_data for (bsc#1220587) - coresight: trbe: Allocate platform data per device (bsc#1220587) - coresight: trbe: Enable ACPI based TRBE devices (bsc#1220587) - counter: linux/counter.h: fix Excess kernel-doc description warning (git-fixes). - cppc_cpufreq: Fix possible null pointer dereference (git-fixes). - cpufreq: brcmstb-avs-cpufreq: ISO C90 forbids mixed declarations (git-fixes). - cpufreq: exit() callback is optional (git-fixes). - cpumask: Add for_each_cpu_from() (bsc#1225053). - crypto: bcm - Fix pointer arithmetic (git-fixes). - crypto: ccp - Add support for PCI device 0x156E (bsc#1223338). - crypto: ccp - Add support for PCI device 0x17E0 (bsc#1223338). - crypto: ccp - drop platform ifdef checks (git-fixes). - crypto: ecc - update ecc_gen_privkey for FIPS 186-5 (bsc#1222782). - crypto: ecdsa - Fix module auto-load on add-key (git-fixes). - crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init (git-fixes). - crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (git-fixes). - crypto: qat - fix ring to service map for dcc in 4xxx (git-fixes). - crypto: qat - improve error logging to be consistent across features (git-fixes). - crypto: qat - relocate and rename get_service_enabled() (stable-fixes). - crypto: qat - specify firmware files for 402xx (git-fixes). - crypto: rsa - add a check for allocation failure (bsc#1222775). - crypto: rsa - allow only odd e and restrict value in FIPS mode (bsc#1222775). - crypto: testmgr - remove unused xts4096 and xts512 algorithms from testmgr.c (bsc#1222769). - crypto: x86/nh-avx2 - add missing vzeroupper (git-fixes). - crypto: x86/sha256-avx2 - add missing vzeroupper (git-fixes). - crypto: x86/sha512-avx2 - add missing vzeroupper (git-fixes). - cxl/acpi: Fix load failures due to single window creation failure (git-fixes). - cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window (git-fixes). - cxl/trace: Properly initialize cxl_poison region name (git-fixes). - dax: alloc_dax() return ERR_PTR(-EOPNOTSUPP) for CONFIG_DAX=n (jsc#PED-5853). - dax/bus.c: replace driver-core lock usage by a local rwsem (jsc#PED-5853). - dax/bus.c: replace several sprintf() with sysfs_emit() (jsc#PED-5853). - device-dax: make dax_bus_type const (jsc#PED-5853). - dlm: fix user space lkb refcounting (git-fixes). - dma-buf: Fix NULL pointer dereference in sanitycheck() (git-fixes). - dma-buf/sw-sync: do not enable IRQ from sync_print_obj() (git-fixes). - dmaengine: axi-dmac: fix possible race in remove() (git-fixes). - dmaengine: idma64: Add check for dma_set_max_seg_size (git-fixes). - dmaengine: idxd: Avoid unnecessary destruction of file_ida (git-fixes). - dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (git-fixes). - dmaengine: owl: fix register access functions (git-fixes). - dmaengine: tegra186: Fix residual calculation (git-fixes). - dma-mapping: benchmark: fix node id validation (git-fixes). - dma-mapping: benchmark: handle NUMA_NO_NODE correctly (git-fixes). - dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users (git-fixes). - dma: xilinx_dpdma: Fix locking (git-fixes). - dm crypt: remove redundant state settings after waking up (jsc#PED-7542). - dm-integrity: set max_integrity_segments in dm_integrity_io_hints (jsc#PED-7542). - dm-multipath: dont't attempt SG_IO on non-SCSI-disks (bsc#1223575). - dm-raid: add a new helper prepare_suspend() in md_personality (jsc#PED-7542). - dm-raid: really frozen sync_thread during suspend (jsc#PED-7542). - dm thin: add braces around conditional code that spans lines (jsc#PED-7542). - dm: update relevant MODULE_AUTHOR entries to latest dm-devel mailing list (jsc#PED-7542). - dm verity: set DM_TARGET_SINGLETON feature flag (jsc#PED-7542). - Docs/admin-guide/mm/damon/usage: fix wrong example of DAMOS filter matching sysfs file (git-fixes). - docs: kernel_include.py: Cope with docutils 0.21 (stable-fixes). - docs: netdev: Fix typo in Signed-off-by tag (git-fixes). - docs: Restore 'smart quotes' for quotes (stable-fixes). - driver core: Introduce device_link_wait_removal() (stable-fixes). - drivers/nvme: Add quirks for device 126f:2262 (git-fixes). - drm: add drm_gem_object_is_shared_for_memory_stats() helper (stable-fixes). - drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init() (stable-fixes). - drm/amd/display: Add dml2 copy functions (stable-fixes). - drm/amd/display: Allow dirty rects to be sent to dmub when abm is active (stable-fixes). - drm/amd/display: Atom Integrated System Info v2_2 for DCN35 (stable-fixes). - drm/amd/display: Change default size for dummy plane in DML2 (stable-fixes). - drm/amd/display: Do not recursively call manual trigger programming (stable-fixes). - drm/amd/display: Enable colorspace property for MST connectors (git-fixes). - drm/amd/display: Fix bounds check for dcn35 DcfClocks (git-fixes). - drm/amd/display: fix disable otg wa logic in DCN316 (stable-fixes). - drm/amd/display: Fix division by zero in setup_dsc_config (stable-fixes). - drm/amd/display: Fix idle check for shared firmware state (stable-fixes). - drm/amd/display: Fix incorrect DSC instance for MST (stable-fixes). - drm/amd/display: fix input states translation error for dcn35 & dcn351 (stable-fixes). - drm/amd/display: Fix nanosec stat overflow (stable-fixes). - drm/amd/display: Fix noise issue on HDMI AV mute (stable-fixes). - drm/amd/display: Fix potential index out of bounds in color transformation function (git-fixes). - drm/amd/display: handle range offsets in VRR ranges (stable-fixes). - drm/amd/display: Handle Y carry-over in VCP X.Y calculation (stable-fixes). - drm/amd/display: Init DPPCLK from SMU on dcn32 (stable-fixes). - drm/amd/display: Override min required DCFCLK in dml1_validate (stable-fixes). - drm/amd/display: Prevent crash when disable stream (stable-fixes). - drm/amd/display: Program VSC SDP colorimetry for all DP sinks >= 1.4 (stable-fixes). - drm/amd/display: Remove MPC rate control logic from DCN30 and above (stable-fixes). - drm/amd/display: Remove redundant condition in dcn35_calc_blocks_to_gate() (git-fixes). - drm/amd/display: Return the correct HDCP error code (stable-fixes). - drm/amd/display: Set DCN351 BB and IP the same as DCN35 (stable-fixes). - drm/amd/display: Set VSC SDP Colorimetry same way for MST and SST (stable-fixes). - drm/amd/display: Use freesync when `DRM_EDID_FEATURE_CONTINUOUS_FREQ` found (stable-fixes). - drm/amd: Flush GFXOFF requests in prepare stage (git-fixes). - drm/amdgpu: always force full reset for SOC21 (stable-fixes). - drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag (stable-fixes). - drm/amdgpu: Assign correct bits for SDMA HDP flush (stable-fixes). - drm/amdgpu/display: Address kdoc for 'is_psr_su' in 'fill_dc_dirty_rects' (git-fixes). - drm/amdgpu: drop setting buffer funcs in sdma442 (git-fixes). - drm/amdgpu: Fix comparison in amdgpu_res_cpu_visible (git-fixes). - drm/amdgpu: fix deadlock while reading mqd from debugfs (git-fixes). - drm/amdgpu: fix doorbell regression (git-fixes). - drm/amdgpu: fix incorrect number of active RBs for gfx11 (stable-fixes). - drm/amdgpu: Fix leak when GPU memory allocation fails (stable-fixes). - drm/amdgpu: fix mmhub client id out-of-bounds access (git-fixes). - drm/amdgpu: fix use-after-free bug (stable-fixes). - drm/amdgpu: Fix VCN allocation in CPX partition (stable-fixes). - drm/amdgpu: fix visible VRAM handling during faults (git-fixes). - drm/amdgpu: implement IRQ_STATE_ENABLE for SDMA v4.4.2 (stable-fixes). - drm/amdgpu: make damage clips support configurable (stable-fixes). - drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 (git-fixes). - drm/amdgpu/pm: Check the validity of overdiver power limit (git-fixes). - drm/amdgpu/pm: Fix NULL pointer dereference when get power limit (git-fixes). - drm/amdgpu/pm: Fix the error of pwm1_enable setting (stable-fixes). - drm/amdgpu: Refine IB schedule error logging (stable-fixes). - drm/amdgpu: remove invalid resource->start check v2 (git-fixes). - drm/amdgpu: Reset dGPU if suspend got aborted (stable-fixes). - drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 (stable-fixes). - drm/amdgpu: validate the parameters of bo mapping operations more clearly (git-fixes). - drm/amdkfd: Check cgroup when returning DMABuf info (stable-fixes). - drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (git-fixes). - drm/amdkfd: Fix memory leak in create_process failure (git-fixes). - drm/amdkfd: fix TLB flush after unmap for GFX9.4.2 (stable-fixes). - drm/amdkfd: range check cp bad op exception interrupts (stable-fixes). - drm/amdkfd: Reset GPU on queue preemption failure (stable-fixes). - drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 (stable-fixes). - drm/amd/swsmu: modify the gfx activity scaling (stable-fixes). - drm/arm/malidp: fix a possible null pointer dereference (git-fixes). - drm/ast: Fix soft lockup (git-fixes). - drm/bridge: anx7625: Do not log an error when DSI host can't be found (git-fixes). - drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference (git-fixes). - drm/bridge: dpc3433: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: Fix improper bridge init order with pre_enable_prev_first (git-fixes). - drm/bridge: icn6211: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: lt8912b: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: lt9611: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: lt9611uxc: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: tc358775: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: tc358775: fix support for jeida-18 and jeida-24 (git-fixes). - drm/buddy: check range allocation matches alignment (stable-fixes). - drm: Check output polling initialized before disabling (stable-fixes). - drm: Check polling initialized before enabling in drm_helper_probe_single_connector_modes (stable-fixes). - drm/client: Fully protect modes[] with dev->mode_config.mutex (stable-fixes). - drm/connector: Add \n to message about demoting connector force-probes (git-fixes). - drm/display: fix typo (git-fixes). - drm/exynos: do not return negative values from .get_modes() (stable-fixes). - drm/fbdev-generic: Do not set physical framebuffer address (git-fixes). - drm: Fix drm_fixp2int_round() making it add 0.5 (git-fixes). - drm/gma500: Remove lid code (git-fixes). - drm/i915/audio: Fix audio time stamp programming for DP (stable-fixes). - drm/i915/bios: Fix parsing backlight BDB data (git-fixes). - drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() (stable-fixes). - drm/i915/cdclk: Fix CDCLK programming order when pipes are active (git-fixes). - drm/i915: Disable live M/N updates when using bigjoiner (stable-fixes). - drm/i915: Disable port sync when bigjoiner is used (stable-fixes). - drm/i915/display: Use i915_gem_object_get_dma_address to get dma address (stable-fixes). - drm/i915: Do not match JSL in ehl_combo_pll_div_frac_wa_needed() (git-fixes). - drm/i915/dp: Fix the computation for compressed_bpp for DISPLAY &lt; 13 (git-fixes). - drm/i915/dp: Remove support for UHBR13.5 (git-fixes). - drm/i915/dpt: Make DPT object unshrinkable (git-fixes). - drm/i915/dsb: Fix DSB vblank waits when using VRR (git-fixes). - drm/i915/dsi: Go back to the previous INIT_OTP/DISPLAY_ON order, mostly (git-fixes). - drm/i915: Fix audio component initialization (git-fixes). - drm/i915/gt: Automate CCS Mode setting during engine resets (git-fixes). - drm/i915/gt: Disable HW load balancing for CCS (git-fixes). - drm/i915/gt: Disarm breadcrumbs if engines are already idle (git-fixes). - drm/i915/gt: Do not generate the command streamer for all the CCS (git-fixes). - drm/i915/gt: Enable only one CCS for compute workload (git-fixes). - drm/i915/gt: Fix CCS id's calculation for CCS mode setting (git-fixes). - drm/i915/gt: Reset queue_priority_hint on parking (git-fixes). - drm/i915/guc: avoid FIELD_PREP warning (git-fixes). - drm/i915/hwmon: Fix locking inversion in sysfs getter (git-fixes). - drm/i915: Include the PLL name in the debug messages (stable-fixes). - drm/i915/lspcon: Separate function to set expected mode (bsc#1193599). - drm/i915/lspcon: Separate lspcon probe and lspcon init (bsc#1193599). - drm/i915/mst: Limit MST+DSC to TGL+ (git-fixes). - drm/i915/mst: Reject FEC+MST on ICL (git-fixes). - drm/i915: Pre-populate the cursor physical dma address (git-fixes). - drm/i915: Replace a memset() with zero initialization (stable-fixes). - drm/i915: Stop printing pipe name as hex (stable-fixes). - drm/i915: Suppress old PLL pipe_mask checks for MG/TC/TBT PLLs (stable-fixes). - drm/i915: Try to preserve the current shared_dpll for fastset on type-c ports (stable-fixes). - drm/i915: Use named initializers for DPLL info (stable-fixes). - drm/i915/vrr: Disable VRR when using bigjoiner (stable-fixes). - drm/i915/vrr: Generate VRR 'safe window' for DSB (git-fixes). - drm/imx/ipuv3: do not return negative values from .get_modes() (stable-fixes). - drm/lcdif: Do not disable clocks on already suspended hardware (git-fixes). - drm/mediatek: Add 0 size check to mtk_drm_gem_obj (git-fixes). - drm/mediatek: dp: Fix mtk_dp_aux_transfer return value (git-fixes). - drm/mediatek: Init `ddp_comp` with devm_kcalloc() (git-fixes). - drm/meson: dw-hdmi: add bandgap setting for g12 (git-fixes). - drm/meson: dw-hdmi: power up phy on device init (git-fixes). - drm/meson: gate px_clk when setting rate (git-fixes). - drm/meson: vclk: fix calculation of 59.94 fractional rates (git-fixes). - drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails (git-fixes). - drm/msm: Add newlines to some debug prints (git-fixes). - drm/msm/adreno: fix CP cycles stat retrieval on a7xx (git-fixes). - drm/msm/dp: allow voltage swing / pre emphasis of 3 (git-fixes). - drm/msm/dp: Avoid a long timeout for AUX transfer if nothing connected (git-fixes). - drm/msm/dp: fix typo in dp_display_handle_port_status_changed() (git-fixes). - drm/msm/dpu: Add callback function pointer check before its call (git-fixes). - drm/msm/dpu: Allow configuring multiple active DSC blocks (git-fixes). - drm/msm/dpu: Always flush the slave INTF on the CTL (git-fixes). - drm/msm/dpu: do not allow overriding data from catalog (git-fixes). - drm/msm/dpu: make error messages at dpu_core_irq_register_callback() more sensible (git-fixes). - drm/msm/dpu: use devres-managed allocation for MDP TOP (stable-fixes). - drm/msm/dsi: Print dual-DSI-adjusted pclk instead of original mode pclk (git-fixes). - drm/nouveau/disp: Fix missing backlight control on Macbook 5, 1 (bsc#1223838). - drm/nouveau/dp: Do not probe eDP ports twice harder (stable-fixes). - drm/nouveau/dp: Fix incorrect return code in r535_dp_aux_xfer() (git-fixes). - drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor() (stable-fixes). - drm/nouveau: use tile_mode and pte_kind for VM_BIND bo allocations (git-fixes). - drm: nv04: Fix out of bounds access (git-fixes). - drm/omapdrm: Fix console by implementing fb_dirty (git-fixes). - drm/panel: do not return negative error codes from drm_panel_get_modes() (stable-fixes). - drm/panel: ili9341: Respect deferred probe (git-fixes). - drm/panel: ili9341: Use predefined error codes (git-fixes). - drm/panel: ltk050h3146w: add MIPI_DSI_MODE_VIDEO to LTK050H3148W flags (git-fixes). - drm/panel: ltk050h3146w: drop duplicate commands from LTK050H3148W init (git-fixes). - drm/panel: novatek-nt35950: Do not log an error when DSI host can't be found (git-fixes). - drm: panel-orientation-quirks: Add quirk for GPD Win Mini (stable-fixes). - drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector (git-fixes). - drm/panel: sitronix-st7789v: fix display size for jt240mhqs_hwt_ek_e3 panel (git-fixes). - drm/panel: sitronix-st7789v: fix timing for jt240mhqs_hwt_ek_e3 panel (git-fixes). - drm/panel: sitronix-st7789v: tweak timing for jt240mhqs_hwt_ek_e3 panel (git-fixes). - drm/panel: visionox-rm69299: do not unregister DSI device (git-fixes). - drm/panfrost: fix power transition timeout warnings (git-fixes). - drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr() (git-fixes). - drm/prime: Unbreak virtgpu dma-buf export (git-fixes). - drm/probe-helper: warn about negative .get_modes() (stable-fixes). - drm/qxl: remove unused `count` variable from `qxl_surface_id_alloc()` (git-fixes). - drm/qxl: remove unused variable from `qxl_process_single_command()` (git-fixes). - drm/radeon: make -fstrict-flex-arrays=3 happy (git-fixes). - drm/radeon: silence UBSAN warning (v3) (stable-fixes). - drm/rockchip: vop2: Do not divide height twice for YUV (git-fixes). - drm/rockchip: vop2: Remove AR30 and AB30 format support (git-fixes). - drm/sched: fix null-ptr-deref in init entity (git-fixes). - drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (git-fixes). - drm/ttm: return ENOSPC from ttm_bo_mem_space v3 (stable-fixes). - drm/ttm: stop pooling cached NUMA pages v2 (git-fixes). - drm/vc4: do not check if plane->state->fb == state->fb (stable-fixes). - drm: vc4: Fix possible null pointer dereference (git-fixes). - drm/vc4: hdmi: do not return negative values from .get_modes() (stable-fixes). - drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed (git-fixes). - drm/vmwgfx: Enable DMA mappings with SEV (git-fixes). - drm/vmwgfx: Fix crtc's atomic check conditional (git-fixes). - drm/vmwgfx: Fix invalid reads in fence signaled events (git-fixes). - drm/vmwgfx: Fix Legacy Display Unit (git-fixes). - drm/vmwgfx: Fix prime import/export (git-fixes). - drm/vmwgfx: Sort primary plane formats by order of preference (git-fixes). - drm: zynqmp_dpsub: Always register bridge (git-fixes). - dt-bindings: clock: qcom: Add missing UFS QREF clocks (git-fixes) - dump_stack: Do not get cpu_sync for panic CPU (bsc#1225607). - dyndbg: fix old BUG_ON in >control parser (stable-fixes). - e1000e: Minor flow correction in e1000_shutdown function (git-fixes). - e1000e: move force SMBUS from enable ulp function to avoid PHY loss issue (git-fixes). - e1000e: Workaround for sporadic MDI error on Meteor Lake systems (git-fixes). - ecryptfs: Fix buffer size for tag 66 packet (git-fixes) - ecryptfs: Reject casefold directory inodes (git-fixes) - EDAC/synopsys: Fix ECC status and IRQ control race condition (git-fixes). - Edit 'amdkfd: use calloc instead of kzalloc to avoid integer overflow' Reference CVE and bug numbers. - efi: disable mirror feature during crashkernel (stable-fixes). - efi: fix panic in kdump kernel (git-fixes). - efi: libstub: only free priv.runtime_map when allocated (git-fixes). - efi/unaccepted: do not let /proc/vmcore try to access unaccepted memory (git-fixes). - efi/unaccepted: touch soft lockup during memory accept (git-fixes). - Enable CONFIG_FIPS_SIGNATURE_SELFTEST (bsc#1222771) - Enable new CONFIG_FIPS_SIGNATURE_SELFTEST_ECDSA. - Enable new CONFIG_FIPS_SIGNATURE_SELFTEST_RSA. - extcon: max8997: select IRQ_DOMAIN instead of depending on it (git-fixes). - fast_dput(): handle underflows gracefully (git-fixes) - fat: fix uninitialized field in nostale filehandles (git-fixes) - fbdev: fix incorrect address computation in deferred IO (git-fixes). - fbdev: savage: Handle err return when savagefb_check_var failed (git-fixes). - fbdev: sh7760fb: allow modular build (git-fixes). - fbdev: shmobile: fix snprintf truncation (git-fixes). - fbdev: sisfb: hide unused variables (git-fixes). - fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 (stable-fixes). - fbmon: prevent division by zero in fb_videomode_from_videomode() (stable-fixes). - firewire: core: use long bus reset on gap count error (stable-fixes). - firewire: ohci: mask bus reset interrupts between ISR and bottom half (stable-fixes). - firmware: arm_scmi: Make raw debugfs entries non-seekable (git-fixes). - firmware: dmi-id: add a release callback function (git-fixes). - firmware: raspberrypi: Use correct device for DMA mappings (git-fixes). - firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename() (stable-fixes). - Fix a potential infinite loop in extract_user_to_sg() (git-fixes). - Fix build errors due to new UIO_MEM_DMA_COHERENT mess (git-fixes). - fs/9p: only translate RWX permissions for plain 9P2000 (git-fixes) - fs/9p: translate O_TRUNC into OTRUNC (git-fixes) - fs: Fix error checking for d_hash_and_lookup() (git-fixes) - fs: indicate request originates from old mount API (git-fixes) - fs: relax mount_setattr() permission checks (git-fixes) - fsverity: skip PKCS#7 parser when keyring is empty (git-fixes) - ftrace: Fix possible use-after-free issue in ftrace_location() (git-fixes). - fuse: do not unhash root (bsc#1223946). - fuse: fix root lookup with nonzero generation (bsc#1223945). - geneve: fix header validation in geneve[6]_xmit_skb (git-fixes). - geneve: make sure to pull inner header in geneve_rx() (git-fixes). - gpio: cdev: check for NULL labels when sanitizing them for irqs (git-fixes). - gpio: cdev: fix missed label sanitizing in debounce_setup() (git-fixes). - gpio: cdev: sanitize the label before requesting the interrupt (stable-fixes). - gpio: crystalcove: Use -ENOTSUPP consistently (stable-fixes). - gpiolib: cdev: fix uninitialised kfifo (git-fixes). - gpiolib: cdev: relocate debounce_period_us from struct gpio_desc (stable-fixes). - gpiolib: swnode: Remove wrong header inclusion (git-fixes). - gpio: tangier: Use correct type for the IRQ chip data (git-fixes). - gpio: tegra186: Fix tegra186_gpio_is_accessible() check (git-fixes). - gpio: wcove: Use -ENOTSUPP consistently (stable-fixes). - gpu: host1x: Do not setup DMA for virtual devices (stable-fixes). - gtp: fix use-after-free and null-ptr-deref in gtp_newlink() (git-fixes). - HID: amd_sfh: Handle 'no sensors' in PM operations (git-fixes). - HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up (git-fixes). - HID: input: avoid polling stylus battery on Chromebook Pompom (stable-fixes). - HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors (git-fixes). - HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (git-fixes). - HID: logitech-dj: allow mice to use all types of reports (git-fixes). - HID: multitouch: Add required quirk for Synaptics 0xcddc device (stable-fixes). - hwmon: (amc6821) add of_match table (stable-fixes). - hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock (git-fixes). - hwmon: (corsair-cpro) Use a separate buffer for sending commands (git-fixes). - hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() (git-fixes). - hwmon: (intel-m10-bmc-hwmon) Fix multiplier for N6000 board power sensor (git-fixes). - hwmon: (lm70) fix links in doc and comments (git-fixes). - hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us (git-fixes). - hwmon: (shtc1) Fix property misspelling (git-fixes). - hwtracing: hisi_ptt: Move type check to the beginning of hisi_ptt_pmu_event_init() (git-fixes). - i2c: acpi: Unbind mux adapters before delete (git-fixes). - i2c: cadence: Avoid fifo clear after start (git-fixes). - i2c: pxa: hide unused icr_bits[] variable (git-fixes). - i2c: smbus: fix NULL function pointer dereference (git-fixes). - i2c: synquacer: Fix an error handling path in synquacer_i2c_probe() (git-fixes). - i3c: master: svc: change ENXIO to EAGAIN when IBI occurs during start frame (git-fixes). - i3c: master: svc: fix invalidate IBI type and miss call client IBI handler (git-fixes). - i40e: disable NAPI right after disabling irqs when handling xsk_pool (git-fixes). - i40e: Enforce software interrupt during busy-poll exit (git-fixes). - i40e: Fix firmware version comparison function (git-fixes). - i40e: fix i40e_count_filters() to count only active/new filters (git-fixes). - i40e: Fix VF MAC filter removal (git-fixes). - i40e: fix vf may be used uninitialized in this function warning (git-fixes). - i915: make inject_virtual_interrupt() void (stable-fixes). - IB/mlx5: Use __iowrite64_copy() for write combining stores (git-fixes) - ice: fix enabling RX VLAN filtering (git-fixes). - ice: fix memory corruption bug with suspend and rebuild (git-fixes). - ice: fix stats being updated by way too large values (git-fixes). - ice: fix typo in assignment (git-fixes). - ice: fix uninitialized dplls mutex usage (git-fixes). - ice: reconfig host after changing MSI-X on VF (git-fixes). - ice: Refactor FW data type and fix bitmap casting issue (git-fixes). - ice: reorder disabling IRQ and NAPI in ice_qp_dis (git-fixes). - ice: use relative VSI index for VFs instead of PF VSI number (git-fixes). - ice: virtchnl: stop pretending to support RSS over AQ or registers (git-fixes). - ida: make 'ida_dump' static (git-fixes). - idma64: Do not try to serve interrupts when device is powered off (git-fixes). - idpf: disable local BH when scheduling napi for marker packets (git-fixes). - idpf: extend tx watchdog timeout (bsc#1224137). - idpf: fix kernel panic on unknown packet types (git-fixes). - igb: extend PTP timestamp adjustments to i211 (git-fixes). - igb: Fix missing time sync events (git-fixes). - igc: avoid returning frame twice in XDP_REDIRECT (git-fixes). - igc: Fix missing time sync events (git-fixes). - igc: Remove stale comment about Tx timestamping (git-fixes). - iio: accel: mxc4005: Interrupt handling fixes (git-fixes). - iio: adc: stm32: Fixing err code to not indicate success (git-fixes). - iio: core: Leave private pointer NULL when no private data supplied (git-fixes). - iio: dummy_evgen: remove Excess kernel-doc comments (git-fixes). - iio: gts-helper: Fix division loop (git-fixes). - iio:imu: adis16475: Fix sync mode setting (git-fixes). - iio: pressure: dps310: support negative temperature values (git-fixes). - iio: pressure: Fixes BME280 SPI driver data (git-fixes). - inet_diag: annotate data-races around inet_diag_table[] (git-fixes). - inet: frags: eliminate kernel-doc warning (git-fixes). - init/main.c: Fix potential static_command_line memory overflow (git-fixes). - init: open /initrd.image with O_LARGEFILE (stable-fixes). - Input: allocate keycode for Display refresh rate toggle (stable-fixes). - Input: cyapa - add missing input core locking to suspend/resume functions (git-fixes). - Input: gpio_keys_polled - suppress deferred probe error for gpio (stable-fixes). - Input: imagis - use FIELD_GET where applicable (stable-fixes). - Input: ims-pcu - fix printf string overflow (git-fixes). - Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (git-fixes). - Input: synaptics-rmi4 - fail probing if memory allocation for 'phys' fails (stable-fixes). - input/touchscreen: imagis: Correct the maximum touch area value (stable-fixes). - Input: xpad - add additional HyperX Controller Identifiers (stable-fixes). - Input: xpad - add support for Snakebyte GAMEPADs (stable-fixes). - intel: legacy: Partial revert of field get conversion (git-fixes). - interconnect: qcom: osm-l3: Replace custom implementation of COUNT_ARGS() (git-fixes). - interconnect: qcom: qcm2290: Fix mas_snoc_bimc QoS port assignment (git-fixes). - interconnect: qcom: sc8180x: Mark CO0 BCM keepalive (git-fixes). - interconnect: qcom: sm8550: Enable sync_state (git-fixes). - iomap: clear the per-folio dirty bits on all writeback failures (git-fixes) - iommu/arm-smmu-v3: Check that the RID domain is S1 in SVA (git-fixes). - iommu/dma: Force swiotlb_max_mapping_size on an untrusted device (bsc#1224331) - iommu/dma: Trace bounce buffer usage when mapping buffers (git-fixes). - iommufd: Add missing IOMMUFD_DRIVER kconfig for the selftest (git-fixes). - iommufd: Fix iopt_access_list_id overwrite bug (git-fixes). - iommufd/iova_bitmap: Bounds check mapped::pages access (git-fixes). - iommufd/iova_bitmap: Consider page offset for the pages to be pinned (git-fixes). - iommufd/iova_bitmap: Switch iova_bitmap::bitmap to an u8 array (git-fixes). - iommufd: Reject non-zero data_type if no data_len is provided (git-fixes). - iommu: Map reserved memory as cacheable if device is coherent (git-fixes). - iommu/vt-d: Allocate local memory for page request queue (git-fixes). - iommu/vt-d: Fix wrong use of pasid config (git-fixes). - iommu/vt-d: Set SSADE when attaching to a parent with dirty tracking (git-fixes). - iommu/vt-d: Update iotlb in nested domain attach (git-fixes). - ionic: set adminq irq affinity (git-fixes). - io_uring: kabi cookie remove (bsc#1217384). - ipv4: annotate data-races around fi->fib_dead (git-fixes). - irqchip/alpine-msi: Fix off-by-one in allocation error path (git-fixes). - irqchip/armada-370-xp: Suppress unused-function warning (git-fixes). - irqchip/gic-v3-its: Do not assume vPE tables are preallocated (git-fixes). - irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1 (git-fixes). - irqchip/gic-v3-its: Prevent double free on error (git-fixes). - irqchip/loongson-pch-msi: Fix off-by-one on allocation error path (git-fixes). - irqchip/mbigen: Do not use bus_get_dev_root() to find the parent (git-fixes). - irqchip/renesas-rzg2l: Add macro to retrieve TITSR register offset based on register's index (stable-fixes). - irqchip/renesas-rzg2l: Flush posted write in irq_eoi() (git-fixes). - irqchip/renesas-rzg2l: Implement restriction when writing ISCR register (stable-fixes). - irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger type (git-fixes). - irqchip/renesas-rzg2l: Rename rzg2l_irq_eoi() (stable-fixes). - irqchip/renesas-rzg2l: Rename rzg2l_tint_eoi() (stable-fixes). - ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() (git-fixes). - ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able (git-fixes). - jffs2: prevent xattr node from overflowing the eraseblock (git-fixes). - kABI: Adjust trace_iterator.wait_index (git-fixes). - kABI fix of KVM: x86/pmu: Allow programming events that match unsupported arch events (bsc#1225696). - kABI fix of KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible (git-fixes). - kabi fix of perf/x86/intel: Expose existence of callback support to KVM (git fixes). - kabi/severities: ignore brcmfmac-specific local symbols - kabi/severities: ignore IMS functions They were dropped in previous patches. Noone is supposed to use them. - kabi/severities: ignore TAS2781 symbol drop, it's only locally used - kabi/severities: ignore Wangxun ethernet driver local symbols - kabi/severities: Remove mitigation-related symbols Those are used by the core kernel to implement CPU vulnerabilities mitigation and are not expected to be consumed by 3rd party users. - kABI workaround for cs35l56 (git-fixes). - kABI workaround for of driver changes (git-fixes). - kasan: disable kasan_non_canonical_hook() for HW tags (git-fixes). - kasan, fortify: properly rename memintrinsics (git-fixes). - kasan: print the original fault addr when access invalid shadow (git-fixes). - kasan/test: avoid gcc warning for intentional overflow (git-fixes). - kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 (stable-fixes). - kconfig: fix infinite loop when expanding a macro at the end of file (git-fixes). - kexec: do syscore_shutdown() in kernel_kexec (git-fixes). - KEYS: trusted: Do not use WARN when encode fails (git-fixes). - KEYS: trusted: Fix memory leak in tpm2_key_encode() (git-fixes). - kprobes: Fix possible use-after-free issue on kprobe registration (git-fixes). - kselftest: Add a ksft_perror() helper (stable-fixes). - kunit/fortify: Fix mismatched kvalloc()/vfree() usage (git-fixes). - KVM: nVMX: Clear EXIT_QUALIFICATION when injecting an EPT Misconfig (git-fixes). - KVM: s390: Check kvm pointer when testing KVM_CAP_S390_HPAGE_1M (git-fixes bsc#1224790). - KVM: SVM: Add support for allowing zero SEV ASIDs (git-fixes). - KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (git-fixes). - KVM: SVM: Use unsigned integers when dealing with ASIDs (git-fixes). - KVM: VMX: Disable LBR virtualization if the CPU does not support LBR callstacks (git-fixes). - KVM: VMX: Report up-to-date exit qualification to userspace (git-fixes). - KVM: x86: Allow, do not ignore, same-value writes to immutable MSRs (git-fixes). - KVM: x86: Fix broken debugregs ABI for 32 bit kernels (git-fixes). - KVM: x86: Fully re-initialize supported_mce_cap on vendor module load (git-fixes). - KVM: x86: Introduce __kvm_get_hypervisor_cpuid() helper (git-fixes). - KVM: x86: Mark target gfn of emulated atomic instruction as dirty (git-fixes). - KVM: x86/mmu: Do not force emulation of L2 accesses to non-APIC internal slots (git-fixes). - KVM: x86/mmu: Move private vs. shared check above slot validity checks (git-fixes). - KVM: x86/mmu: Restrict KVM_SW_PROTECTED_VM to the TDP MMU (git-fixes). - KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status (git-fixes). - KVM: x86: Only set APICV_INHIBIT_REASON_ABSENT if APICv is enabled (git-fixes). - KVM: x86/pmu: Allow programming events that match unsupported arch events (git-fixes). - KVM: x86/pmu: Always treat Fixed counters as available when supported (git-fixes). - KVM: x86/pmu: Apply 'fast' RDPMC only to Intel PMUs (git-fixes). - KVM: x86/pmu: Disable support for adaptive PEBS (git-fixes). - KVM: x86/pmu: Disallow 'fast' RDPMC for architectural Intel PMUs (git-fixes). - KVM: x86/pmu: Do not ignore bits 31:30 for RDPMC index on AMD (git-fixes). - KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms (git-fixes). - KVM: x86/pmu: Explicitly check NMI from guest to reducee false positives (git-fixes). - KVM: x86/pmu: Prioritize VMX interception over #GP on RDPMC due to bad index (git-fixes). - KVM: x86/pmu: Set enable bits for GP counters in PERF_GLOBAL_CTRL at 'RESET' (git-fixes). - KVM: x86/pmu: Zero out PMU metadata on AMD if PMU is disabled (git-fixes). - KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible (git-fixes). - KVM: x86: Update KVM_SW_PROTECTED_VM docs to make it clear they're a WIP (git-fixes). - KVM: x86: Use actual kvm_cpuid.base for clearing KVM_FEATURE_PV_UNHALT (git-fixes). - KVM: x86/xen: fix recursive deadlock in timer injection (git-fixes). - KVM: x86/xen: improve accuracy of Xen timers (git-fixes). - KVM: x86/xen: inject vCPU upcall vector when local APIC is enabled (git-fixes). - KVM: x86/xen: remove WARN_ON_ONCE() with false positives in evtchn delivery (git-fixes). - leds: pwm: Disable PWM when going to suspend (git-fixes). - libnvdimm: Fix ACPI_NFIT in BLK_DEV_PMEM help (jsc#PED-5853). - libperf evlist: Avoid out-of-bounds access (git-fixes). - libsubcmd: Fix parse-options memory leak (git-fixes). - lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure (git-fixes). - livepatch: Fix missing newline character in klp_resolve_symbols() (bsc#1223539). - locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock (git-fixes) - lsm: fix the logic in security_inode_getsecctx() (git-fixes). - mac802154: fix llsec key resources release in mac802154_llsec_key_del (git-fixes). - maple_tree: fix mas_empty_area_rev() null pointer dereference (git-fixes). - md: add a new helper rdev_has_badblock() (jsc#PED-7542). - md: add a new helper reshape_interrupted() (jsc#PED-7542). - md: changed the switch of RAID_VERSION to if (jsc#PED-7542). - md: check mddev->pers before calling md_set_readonly() (jsc#PED-7542). - md: clean up invalid BUG_ON in md_ioctl (jsc#PED-7542). - md: clean up openers check in do_md_stop() and md_set_readonly() (jsc#PED-7542). - md/dm-raid: do not call md_reap_sync_thread() directly (jsc#PED-7542). - md: Do not clear MD_CLOSING when the raid is about to stop (jsc#PED-7542). - md: do not clear MD_RECOVERY_FROZEN for new dm-raid until resume (jsc#PED-7542). - md: export helper md_is_rdwr() (jsc#PED-7542). - md: export helpers to stop sync_thread (jsc#PED-7542). - md: factor out a helper to sync mddev (jsc#PED-7542). - md: fix kmemleak of rdev->serial (jsc#PED-7542). - md: get rdev->mddev with READ_ONCE() (jsc#PED-7542). - md: merge the check of capabilities into md_ioctl_valid() (jsc#PED-7542). - md: preserve KABI in struct md_personality (jsc#PED-7542). - md/raid1-10: add a helper raid1_check_read_range() (jsc#PED-7542). - md/raid1-10: factor out a new helper raid1_should_read_first() (jsc#PED-7542). - md/raid1: factor out choose_bb_rdev() from read_balance() (jsc#PED-7542). - md/raid1: factor out choose_slow_rdev() from read_balance() (jsc#PED-7542). - md/raid1: factor out helpers to add rdev to conf (jsc#PED-7542). - md/raid1: factor out helpers to choose the best rdev from read_balance() (jsc#PED-7542). - md/raid1: factor out read_first_rdev() from read_balance() (jsc#PED-7542). - md/raid1: factor out the code to manage sequential IO (jsc#PED-7542). - md/raid1: fix choose next idle in read_balance() (jsc#PED-7542). - md/raid1: record nonrot rdevs while adding/removing rdevs to conf (jsc#PED-7542). - md: remove redundant check of 'mddev->sync_thread' (jsc#PED-7542). - md: remove redundant md_wakeup_thread() (jsc#PED-7542). - md: return directly before setting did_set_md_closing (jsc#PED-7542). - md: sync blockdev before stopping raid or setting readonly (jsc#PED-7542). - md: use RCU lock to protect traversal in md_spares_need_change() (jsc#PED-7542). - media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries (git-fixes). - media: cadence: csi2rx: use match fwnode for media link (git-fixes). - media: cec: core: remove length check of Timer Status (stable-fixes). - media: dt-bindings: ovti,ov2680: Fix the power supply names (git-fixes). - media: flexcop-usb: fix sanity check of bNumEndpoints (git-fixes). - media: i2c: et8ek8: Do not strip remove function when driver is builtin (git-fixes). - media: ipu3-cio2: Request IRQ earlier (git-fixes). - media: mc: Fix flags handling when creating pad links (stable-fixes). - media: mc: Fix graph walk in media_pipeline_start (git-fixes). - media: mc: mark the media devnode as registered from the, start (git-fixes). - media: mc: Rename pad variable to clarify intent (stable-fixes). - media: ngene: Add dvb_ca_en50221_init return value check (git-fixes). - media: rcar-vin: work around -Wenum-compare-conditional warning (git-fixes). - media: rkisp1: Fix IRQ handling due to shared interrupts (stable-fixes). - media: sta2x11: fix irq handler cast (stable-fixes). - media: stk1160: fix bounds checking in stk1160_copy_video() (git-fixes). - media: sunxi: a83-mips-csi2: also select GENERIC_PHY (git-fixes). - media: uvcvideo: Add quirk for Logitech Rally Bar (git-fixes). - media: v4l2-subdev: Fix stream handling for crop API (git-fixes). - media: v4l: Do not turn on privacy LED if streamon fails (git-fixes). - mei: me: add arrow lake point H DID (stable-fixes). - mei: me: add arrow lake point S DID (stable-fixes). - mei: me: add lunar lake point M DID (stable-fixes). - mei: me: disable RPL-S on SPS and IGN firmwares (git-fixes). - mlxbf_gige: call request_irq() after NAPI initialized (git-fixes). - mlxbf_gige: stop interface during shutdown (git-fixes). - mlxbf_gige: stop PHY during open() error paths (git-fixes). - mlxsw: Use refcount_t for reference counting (git-fixes). - mmc: core: Add HS400 tuning in HS400es initialization (stable-fixes). - mmc: core: Avoid negative index with array access (git-fixes). - mmc: core: Initialize mmc_blk_ioc_data (git-fixes). - mmc: davinci: Do not strip remove function when driver is builtin (git-fixes). - mmc: omap: fix broken slot switch lookup (git-fixes). - mmc: omap: fix deferred probe (git-fixes). - mmc: omap: restore original power up/down steps (git-fixes). - mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock (git-fixes). - mmc: sdhci_am654: Add OTAP/ITAP delay enable (git-fixes). - mmc: sdhci_am654: Add tuning algorithm for delay chain (git-fixes). - mmc: sdhci_am654: Fix ITAPDLY for HS400 timing (git-fixes). - mmc: sdhci_am654: Write ITAPDLY for DDR52 timing (git-fixes). - mmc: sdhci-msm: pervent access to suspended controller (git-fixes). - mmc: sdhci-omap: re-tuning is needed after a pm transition to support emmc HS200 mode (git-fixes). - mm_init kABI workaround (git-fixes). - mm: memcg: do not periodically flush stats when memcg is disabled (bsc#1222525). - mm: memcg: use larger batches for proactive reclaim (bsc#1222522). - mm,page_owner: check for null stack_record before bumping its refcount (bsc#1222366). - mm,page_owner: Defer enablement of static branch (bsc#1222366). - mm,page_owner: drop unnecessary check (bsc#1222366). - mm,page_owner: Fix accounting of pages when migrating (bsc#1222366). - mm,page_owner: Fix printing of stack records (bsc#1222366). - mm,page_owner: fix recursion (bsc#1222366). - mm,page_owner: Fix refcount imbalance (bsc#1222366). - mm: page_owner: fix wrong information in dump_page_owner (git-fixes). - mm,page_owner: Update metadata for tail pages (bsc#1222366). - mm/slab: make __free(kfree) accept error pointers (git-fixes). - modpost: Add '.ltext' and '.ltext.*' to TEXT_SECTIONS (stable-fixes). - mptcp: annotate data-races around msk->rmem_fwd_alloc (git-fixes). - mptcp: fix bogus receive window shrinkage with multiple subflows (git-fixes). - mptcp: move __mptcp_error_report in protocol.c (git-fixes). - mptcp: process pending subflow error on close (git-fixes). - mptcp: Remove unnecessary test for __mptcp_init_sock() (git-fixes). - mtd: core: Report error if first mtd_otp_size() call fails in mtd_otp_nvmem_add() (git-fixes). - mtd: diskonchip: work around ubsan link failure (stable-fixes). - mtd: rawnand: hynix: fixed typo (git-fixes). - mtd: spinand: Add support for 5-byte IDs (stable-fixes). - net: add netdev_lockdep_set_classes() to virtual drivers (git-fixes). - net: annotate data-races around sk->sk_bind_phc (git-fixes). - net: annotate data-races around sk->sk_forward_alloc (git-fixes). - net: annotate data-races around sk->sk_lingertime (git-fixes). - net: annotate data-races around sk->sk_tsflags (git-fixes). - net: bonding: remove kernel-doc comment marker (git-fixes). - net: cfg802154: fix kernel-doc notation warnings (git-fixes). - net: dsa: microchip: fix register write order in ksz8_ind_write8() (git-fixes). - net: dsa: mt7530: fix handling of all link-local frames (git-fixes). - net: dsa: mt7530: fix link-local frames that ingress vlan filtering ports (git-fixes). - net: dsa: mt7530: prevent possible incorrect XTAL frequency selection (git-fixes). - net: dsa: mt7530: trap link-local frames regardless of ST Port State (git-fixes). - net: dsa: sja1105: Fix parameters order in sja1110_pcs_mdio_write_c45() (git-fixes). - net: ena: Fix incorrect descriptor free behavior (git-fixes). - net: ena: Fix potential sign extension issue (git-fixes). - net: ena: Move XDP code to its new files (git-fixes). - net: ena: Pass ena_adapter instead of net_device to ena_xmit_common() (git-fixes). - net: ena: Remove ena_select_queue (git-fixes). - net: ena: Set tx_info->xdpf value to NULL (git-fixes). - net: ena: Use tx_ring instead of xdp_ring for XDP channel TX (git-fixes). - net: ena: Wrong missing IO completions check order (git-fixes). - net: ethernet: mtk_eth_soc: fix PPE hanging issue (git-fixes). - net: ethernet: ti: cpsw: enable mac_managed_pm to fix mdio (git-fixes). - net: fec: Set mac_managed_pm during probe (git-fixes). - netfilter: nf_tables: disable toggling dormant table state more than once (git-fixes). - netfilter: nf_tables: uapi: Describe NFTA_RULE_CHAIN_ID (git-fixes). - netfilter: nft_ct: fix l3num expectations with inet pseudo family (git-fixes). - netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention (git-fixes). - net: hns3: fix index limit to support all queue stats (git-fixes). - net: hns3: fix kernel crash when 1588 is received on HIP08 devices (git-fixes). - net: hns3: fix kernel crash when devlink reload during pf initialization (git-fixes). - net: hns3: fix port duplex configure error in IMP reset (git-fixes). - net: hns3: fix wrong judgment condition issue (git-fixes). - net: hns3: mark unexcuted loopback test result as UNEXECUTED (git-fixes). - net: hns3: tracing: fix hclgevf trace event strings (git-fixes). - net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() (git-fixes). - net: ks8851: Handle softirqs at the end of IRQ thread to fix hang (git-fixes). - net: ks8851: Inline ks8851_rx_skb() (git-fixes). - net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs (git-fixes). - net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips (git-fixes). - net: libwx: fix memory leak on free page (git-fixes). - net: llc: fix kernel-doc notation warnings (git-fixes). - net: ll_temac: platform_get_resource replaced by wrong function (git-fixes). - net: mana: Fix Rx DMA datasize and skb_over_panic (git-fixes). - net: mediatek: mtk_eth_soc: clear MAC_MCR_FORCE_LINK only when MAC is up (git-fixes). - net/mlx5: Correctly compare pkt reformat ids (git-fixes). - net/mlx5e: Change the warning when ignore_flow_level is not supported (git-fixes). - net/mlx5e: Do not produce metadata freelist entries in Tx port ts WQE xmit (git-fixes). - net/mlx5e: Fix MACsec state loss upon state update in offload path (git-fixes). - net/mlx5e: Fix mlx5e_priv_init() cleanup flow (git-fixes). - net/mlx5e: HTB, Fix inconsistencies with QoS SQs number (git-fixes). - net/mlx5e: RSS, Block changing channels number when RXFH is configured (git-fixes). - net/mlx5e: RSS, Block XOR hash with over 128 channels (git-fixes). - net/mlx5: E-switch, Change flow rule destination checking (git-fixes). - net/mlx5: E-switch, store eswitch pointer before registering devlink_param (git-fixes). - net/mlx5e: Switch to using _bh variant of of spinlock API in port timestamping NAPI poll context (git-fixes). - net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map (git-fixes). - net/mlx5: Fix fw reporter diagnose output (git-fixes). - net/mlx5: Fix peer devlink set for SF representor devlink port (git-fixes). - net/mlx5: Lag, restore buckets number to default after hash LAG deactivation (git-fixes). - net/mlx5: offset comp irq index in name by one (git-fixes). - net/mlx5: Properly link new fs rules into the tree (git-fixes). - net/mlx5: Register devlink first under devlink lock (git-fixes). - net/mlx5: Restore mistakenly dropped parts in register devlink flow (git-fixes). - net/mlx5: SF, Stop waiting for FW as teardown was called (git-fixes). - net: nfc: remove inappropriate attrs check (stable-fixes). - net: NSH: fix kernel-doc notation warning (git-fixes). - net: pcs: xpcs: Return EINVAL in the internal methods (git-fixes). - net: phy: fix phy_read_poll_timeout argument type in genphy_loopback (git-fixes). - net: phy: micrel: Fix potential null pointer dereference (git-fixes). - net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping (git-fixes). - net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8061 (git-fixes). - net: phy: phy_device: Prevent nullptr exceptions on ISR (git-fixes). - net: phy: phy_device: Prevent nullptr exceptions on ISR (stable-fixes). - net: ravb: Always process TX descriptor ring (git-fixes). - net: ravb: Let IP-specific receive function to interrogate descriptors (git-fixes). - net/smc: bugfix for smcr v2 server connect success statistic (git-fixes). - net/smc: fix documentation of buffer sizes (git-fixes). - net/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add (git-fixes). - net: smsc95xx: add support for SYS TEC USB-SPEmodule1 (git-fixes). - net: sparx5: Fix use after free inside sparx5_del_mact_entry (git-fixes). - net: sparx5: fix wrong config being used when reconfiguring PCS (git-fixes). - net: sparx5: flower: fix fragment flags handling (git-fixes). - net: stmmac: dwmac-starfive: Add support for JH7100 SoC (git-fixes). - net: stmmac: Fix incorrect dereference in interrupt handlers (git-fixes). - net: stmmac: fix rx queue priority assignment (git-fixes). - net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr() (git-fixes). - net: tcp: fix unexcepted socket die when snd_wnd is 0 (git-fixes). - net: tls: fix returned read length with async decrypt (bsc#1221858). - net: tls: fix use-after-free with partial reads and async (bsc#1221858). - net: tls, fix WARNIING in __sk_msg_free (bsc#1221858). - net: usb: ax88179_178a: avoid the interface always configured as random address (git-fixes). - net: usb: ax88179_178a: avoid writing the mac address before first reading (git-fixes). - net: usb: ax88179_178a: fix link status when link is set to down/up (git-fixes). - net: usb: ax88179_178a: stop lying about skb->truesize (git-fixes). - net:usb:qmi_wwan: support Rolling modules (stable-fixes). - net: usb: smsc95xx: stop lying about skb->truesize (git-fixes). - net: usb: sr9700: stop lying about skb->truesize (git-fixes). - net: Use sockaddr_storage for getsockopt(SO_PEERNAME) (git-fixes). - net: veth: do not manipulate GRO when using XDP (git-fixes). - net: wwan: t7xx: Split 64bit accesses to fix alignment issues (git-fixes). - net/x25: fix incorrect parameter validation in the x25_getsockopt() function (git-fixes). - nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() (git-fixes). - nfc: nci: Fix kcov check in nci_rx_work() (git-fixes). - nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet (git-fixes). - nfc: nci: Fix uninit-value in nci_rx_work (git-fixes). - nf_conntrack: fix -Wunused-const-variable= (git-fixes). - NFC: trf7970a: disable all regulators on removal (git-fixes). - nfp: flower: handle acti_netdevs allocation failure (git-fixes). - NFSD: change LISTXATTRS cookie encoding to big-endian (git-fixes). - NFSD: Convert the callback workqueue to use delayed_work (git-fixes). - nfsd: do not call locks_release_private() twice concurrently (git-fixes). - nfsd: Fix a regression in nfsd_setattr() (git-fixes). - NFSD: fix LISTXATTRS returning a short list with eof=TRUE (git-fixes). - NFSD: fix LISTXATTRS returning more bytes than maxcount (git-fixes). - NFSD: fix nfsd4_listxattr_validate_cookie (git-fixes). - NFSD: Fix nfsd_clid_class use of __string_len() macro (git-fixes). - NFSD: Reschedule CB operations when backchannel rpc_clnt is shut down (git-fixes). - NFSD: Reset cb_seq_status after NFS4ERR_DELAY (git-fixes). - NFSD: Retransmit callbacks after client reconnects (git-fixes). - nfsd: use __fput_sync() to avoid delayed closing of files (bsc#1223380 bsc#1217408). - NFS: Fix an off by one in root_nfs_cat() (git-fixes). - NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt (git-fixes). - nfs: fix panic when nfs4_ff_layout_prepare_ds() fails (git-fixes). - NFS: Read unlock folio on nfs_page_create_from_folio() error (git-fixes). - NFSv4.1/pnfs: fix NFS with TLS in pnfs (git-fixes). - NFSv4.2: fix listxattr maximum XDR buffer size (git-fixes). - NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (git-fixes). - nilfs2: fix OOB in nilfs_set_de_type (git-fixes). - nilfs2: fix out-of-range warning (git-fixes). - nilfs2: fix potential bug in end_buffer_async_write (git-fixes). - nilfs2: fix unexpected freezing of nilfs_segctor_sync() (git-fixes). - nilfs2: fix use-after-free of timer for log writer thread (git-fixes). - nilfs2: make superblock data array index computation sparse friendly (git-fixes). - nouveau/dmem: handle kcalloc() allocation failure (git-fixes). - nouveau: fix devinit paths to only handle display on GSP (git-fixes). - nouveau: fix function cast warning (git-fixes). - nouveau: fix instmem race condition around ptr stores (git-fixes). - nouveau/gsp: do not check devinit disable on GSP (git-fixes). - nouveau: lock the client object tree (stable-fixes). - nouveau: reset the bo resource bus info after an eviction (git-fixes). - nouveau/uvmm: fix addr/range calcs for remap operations (git-fixes). - nvdimm: make nvdimm_bus_type const (jsc#PED-5853). - nvdimm/pmem: fix leak on dax_add_host() failure (jsc#PED-5853). - nvdimm/pmem: Treat alloc_dax() -EOPNOTSUPP failure as non-fatal (jsc#PED-5853). - nvme-fc: do not wait in vain when unloading module (git-fixes). - nvme: fix multipath batched completion accounting (git-fixes). - nvme: fix reconnection fail due to reserved tag allocation (git-fixes). - nvme: fix warn output about shared namespaces without CONFIG_NVME_MULTIPATH (git-fixes). - nvme-multipath: fix io accounting on failover (git-fixes). - nvme-pci: Add quirk for broken MSIs (git-fixes). - nvme-tcp: strict pdu pacing to avoid send stalls on TLS (bsc#1221858). - nvmet-fc: abort command when there is no binding (git-fixes). - nvmet-fc: avoid deadlock on delete association path (git-fixes). - nvmet-fc: defer cleanup using RCU properly (git-fixes). - nvmet-fc: hold reference on hostport match (git-fixes). - nvmet-fcloop: swap the list_add_tail arguments (git-fixes). - nvmet-fc: release reference on target port (git-fixes). - nvmet-fc: take ref count on tgtport before delete assoc (git-fixes). - nvmet: fix ns enable/disable possible hang (git-fixes). - nvmet-tcp: fix nvme tcp ida memory leak (git-fixes). - octeontx2-af: Add array index check (git-fixes). - octeontx2-af: Fix devlink params (git-fixes). - octeontx2-af: Fix issue with loading coalesced KPU profiles (git-fixes). - octeontx2-af: Fix NIX SQ mode and BP config (git-fixes). - Octeontx2-af: fix pause frame configuration in GMP mode (git-fixes). - octeontx2-af: Use matching wake_up API variant in CGX command interface (git-fixes). - octeontx2-af: Use separate handlers for interrupts (git-fixes). - octeontx2: Detect the mbox up or down message via register (git-fixes). - octeontx2-pf: check negative error code in otx2_open() (git-fixes). - octeontx2-pf: fix FLOW_DIS_IS_FRAGMENT implementation (git-fixes). - octeontx2-pf: Fix transmit scheduler resource leak (git-fixes). - octeontx2-pf: Send UP messages to VF only when VF is up (git-fixes). - octeontx2-pf: Use default max_active works instead of one (git-fixes). - octeontx2-pf: Wait till detach_resources msg is complete (git-fixes). - of: dynamic: Synchronize of_changeset_destroy() with the devlink removals (git-fixes). - of: module: add buffer overflow check in of_modalias() (git-fixes). - of: module: prevent NULL pointer dereference in vsnprintf() (stable-fixes). - of: property: Add in-ports/out-ports support to of_graph_get_port_parent() (stable-fixes). - of: property: fix typo in io-channels (git-fixes). - of: property: fw_devlink: Fix stupid bug in remote-endpoint parsing (git-fixes). - of: property: Improve finding the consumer of a remote-endpoint property (git-fixes). - of: property: Improve finding the supplier of a remote-endpoint property (git-fixes). - of: unittest: Fix compile in the non-dynamic case (git-fixes). - overflow: Allow non-type arg to type_max() and type_min() (stable-fixes). - PCI/AER: Block runtime suspend when handling errors (stable-fixes). - PCI/ASPM: Use RMW accessors for changing LNKCTL (git-fixes). - PCI: Delay after FLR of Solidigm P44 Pro NVMe (stable-fixes). - PCI: Disable D3cold on Asus B1400 PCI-NVMe bridge (stable-fixes). - PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports (stable-fixes). - PCI/DPC: Use FIELD_GET() (stable-fixes). - PCI: dwc: ep: Fix DBI access failure for drivers requiring refclk from host (git-fixes). - PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3 (git-fixes). - PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3 (git-fixes). - PCI: Execute quirk_enable_clear_retrain_link() earlier (stable-fixes). - PCI: Fix typos in docs and comments (stable-fixes). - PCI: hv: Fix ring buffer size calculation (git-fixes). - PCI: Make link retraining use RMW accessors for changing LNKCTL (git-fixes). - PCI/PM: Drain runtime-idle callbacks before driver removal (stable-fixes). - PCI: qcom: Add support for sa8775p SoC (git-fixes). - PCI: qcom: Disable ASPM L0s for sc8280xp, sa8540p and sa8295p (git-fixes). - PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id (git-fixes). - PCI: rpaphp: Error out on busy status from get-sensor-state (bsc#1223369 ltc#205888). - PCI: Simplify pcie_capability_clear_and_set_word() to ..._clear_word() (stable-fixes). - PCI: switchtec: Add support for PCIe Gen5 devices (stable-fixes). - PCI: switchtec: Use normal comment style (stable-fixes). - PCI: tegra194: Fix probe path for Endpoint mode (git-fixes). - peci: linux/peci.h: fix Excess kernel-doc description warning (git-fixes). - perf annotate: Fix annotation_calc_lines() to pass correct address to get_srcline() (git-fixes). - perf annotate: Get rid of duplicate --group option item (git-fixes). - perf auxtrace: Fix multiple use of --itrace option (git-fixes). - perf bench internals inject-build-id: Fix trap divide when collecting just one DSO (git-fixes). - perf bench uprobe: Remove lib64 from libc.so.6 binary path (git-fixes). - perf bpf: Clean up the generated/copied vmlinux.h (git-fixes). - perf daemon: Fix file leak in daemon_session__control (git-fixes). - perf docs: Document bpf event modifier (git-fixes). - perf evsel: Fix duplicate initialization of data->id in evsel__parse_sample() (git-fixes). - perf expr: Fix 'has_event' function for metric style events (git-fixes). - perf intel-pt: Fix unassigned instruction op (discovered by MemorySanitizer) (git-fixes). - perf jevents: Drop or simplify small integer values (git-fixes). - perf list: fix short description for some cache events (git-fixes). - perf lock contention: Add a missing NULL check (git-fixes). - perf metric: Do not remove scale from counts (git-fixes). - perf pmu: Count sys and cpuid JSON events separately (git fixes). - perf pmu: Fix a potential memory leak in perf_pmu__lookup() (git-fixes). - perf pmu: Treat the msr pmu as software (git-fixes). - perf print-events: make is_event_supported() more robust (git-fixes). - perf probe: Add missing libgen.h header needed for using basename() (git-fixes). - perf record: Check conflict between '--timestamp-filename' option and pipe mode before recording (git-fixes). - perf record: Fix debug message placement for test consumption (git-fixes). - perf record: Fix possible incorrect free in record__switch_output() (git-fixes). - perf report: Avoid SEGV in report__setup_sample_type() (git-fixes). - perf sched timehist: Fix -g/--call-graph option failure (git-fixes). - perf script: Show also errors for --insn-trace option (git-fixes). - perf srcline: Add missed addr2line closes (git-fixes). - perf stat: Avoid metric-only segv (git-fixes). - perf stat: Do not display metric header for non-leader uncore events (git-fixes). - perf stat: Do not fail on metrics on s390 z/VM systems (git-fixes). - perf symbols: Fix ownership of string in dso__load_vmlinux() (git-fixes). - perf tests: Apply attributes to all events in object code reading test (git-fixes). - perf test shell arm_coresight: Increase buffer size for Coresight basic tests (git-fixes). - perf tests: Make data symbol test wait for perf to start (bsc#1220045). - perf tests: Make 'test data symbol' more robust on Neoverse N1 (git-fixes). - perf tests: Skip data symbol test if buf1 symbol is missing (bsc#1220045). - perf thread: Fixes to thread__new() related to initializing comm (git-fixes). - perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str() (git-fixes). - perf top: Uniform the event name for the hybrid machine (git-fixes). - perf top: Use evsel's cpus to replace user_requested_cpus (git-fixes). - perf ui browser: Avoid SEGV on title (git fixes). - perf ui browser: Do not save pointer to stack memory (git-fixes). - perf vendor events amd: Add Zen 4 memory controller events (git-fixes). - perf vendor events amd: Fix Zen 4 cache latency events (git-fixes). - perf/x86/amd/core: Avoid register reset when CPU is dead (git-fixes). - perf/x86/amd/lbr: Discard erroneous branch entries (git-fixes). - perf/x86/amd/lbr: Use freeze based on availability (git-fixes). - perf/x86: Fix out of range data (git-fixes). - perf/x86/intel/ds: Do not clear ->pebs_data_cfg for the last PEBS event (git-fixes). - perf/x86/intel: Expose existence of callback support to KVM (git-fixes). - phy: freescale: imx8m-pcie: fix pcie link-up instability (git-fixes). - phy: marvell: a3700-comphy: Fix hardcoded array size (git-fixes). - phy: marvell: a3700-comphy: Fix out of bounds read (git-fixes). - phy: rockchip: naneng-combphy: Fix mux on rk3588 (git-fixes). - phy: rockchip-snps-pcie3: fix bifurcation on rk3588 (git-fixes). - phy: rockchip-snps-pcie3: fix clearing PHP_GRF_PCIESEL_CON bits (git-fixes). - phy: ti: tusb1210: Resolve charger-det crash if charger psy is unregistered (git-fixes). - pinctrl: armada-37xx: remove an unused variable (git-fixes). - pinctrl: baytrail: Fix selecting gpio pinctrl state (git-fixes). - pinctrl: core: delete incorrect free in pinctrl_enable() (git-fixes). - pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() (git-fixes). - pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback (git-fixes). - pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE (git-fixes). - pinctrl/meson: fix typo in PDM's pin name (git-fixes). - pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T (git-fixes). - pinctrl: qcom: pinctrl-sm7150: Fix sdc1 and ufs special pins regs (git-fixes). - pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs (stable-fixes). - platform/chrome: cros_ec_uart: properly fix race condition (git-fixes). - platform/x86/amd/pmc: Extend Framework 13 quirk to more BIOSes (stable-fixes). - platform/x86/intel-uncore-freq: Do not present root domain on error (git-fixes). - platform/x86: intel-vbtn: Update tablet mode switch at end of probe (git-fixes). - platform/x86: ISST: Add Granite Rapids-D to HPM CPU list (stable-fixes). - platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet (stable-fixes). - platform/x86: x86-android-tablets: Fix acer_b1_750_goodix_gpios name (stable-fixes). - platform/x86: xiaomi-wmi: Fix race condition when reporting key events (git-fixes). - PM / devfreq: Synchronize devfreq_monitor_[start/stop] (stable-fixes). - PM: s2idle: Make sure CPUs will wakeup directly on resume (git-fixes). - Port 'certs: Add ECDSA signature verification self-test'. - Port 'certs: Move RSA self-test data to separate file'. - powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191). - powerpc/crypto/chacha-p10: Fix failure on non Power10 (bsc#1218205). - powerpc/eeh: Permanently disable the removed device (bsc#1223991 ltc#205740). - powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks (git-fixes). - powerpc/pseries/lparcfg: drop error message from guest name lookup (bsc#1187716 ltc#193451 git-fixes). - powerpc/pseries: make max polling consistent for longer H_CALLs (bsc#1215199). - powerpc/pseries/vio: Do not return ENODEV if node or compatible missing (bsc#1220783). - powerpc/uaccess: Fix build errors seen with GCC 13/14 (bsc#1194869). - powerpc/uaccess: Use YZ asm constraint for ld (bsc#1194869). - power: rt9455: hide unused rt9455_boost_voltage_values (git-fixes). - power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator (git-fixes). - ppdev: Add an error check in register_device (git-fixes). - prctl: generalize PR_SET_MDWE support check to be per-arch (bsc#1225610). - printk: Add this_cpu_in_panic() (bsc#1225607). - printk: Adjust mapping for 32bit seq macros (bsc#1225607). - printk: Avoid non-panic CPUs writing to ringbuffer (bsc#1225607). - printk: Consolidate console deferred printing (bsc#1225607). - printk: Disable passing console lock owner completely during panic() (bsc#1225607). - printk: Do not take console lock for console_flush_on_panic() (bsc#1225607). - printk: For @suppress_panic_printk check for other CPU in panic (bsc#1225607). - printk: Keep non-panic-CPUs out of console lock (bsc#1225607). - printk: Let no_printk() use _printk() (bsc#1225618). - printk: nbcon: Relocate 32bit seq macros (bsc#1225607). - printk: Reduce console_unblank() usage in unsafe scenarios (bsc#1225607). - printk: Rename abandon_console_lock_in_panic() to other_cpu_in_panic() (bsc#1225607). - printk: ringbuffer: Clarify special lpos values (bsc#1225607). - printk: ringbuffer: Cleanup reader terminology (bsc#1225607). - printk: ringbuffer: Do not skip non-finalized records with prb_next_seq() (bsc#1225607). - printk: ringbuffer: Skip non-finalized records in panic (bsc#1225607). - printk: Update @console_may_schedule in console_trylock_spinning() (bsc#1225616). - printk: Use prb_first_seq() as base for 32bit seq macros (bsc#1225607). - printk: Wait for all reserved records with pr_flush() (bsc#1225607). - proc/kcore: do not try to access unaccepted memory (git-fixes). - pstore: inode: Convert mutex usage to guard(mutex) (stable-fixes). - pstore: inode: Only d_invalidate() is needed (git-fixes). - pstore/zone: Add a null pointer check to the psz_kmsg_read (stable-fixes). - pwm: img: fix pwm clock lookup (git-fixes). - qibfs: fix dentry leak (git-fixes) - r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d (git-fixes). - r8169: skip DASH fw status checks when DASH is disabled (git-fixes). - random: handle creditable entropy from atomic process context (git-fixes). - RAS/AMD/FMPM: Avoid NULL ptr deref in get_saved_records() (jsc#PED-7619). - RAS/AMD/FMPM: Fix build when debugfs is not enabled (jsc#PED-7619). - RAS/AMD/FMPM: Safely handle saved records of various sizes (jsc#PED-7619). - RDMA/cm: add timeout to cm_destroy_id wait (git-fixes) - RDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw (git-fixes) - RDMA/cm: Print the old state when cm_destroy_id gets timeout (git-fixes) - RDMA/hns: Add max_ah and cq moderation capacities in query_device() (git-fixes) - RDMA/hns: Fix deadlock on SRQ async events. (git-fixes) - RDMA/hns: Fix GMV table pagesize (git-fixes) - RDMA/hns: Fix return value in hns_roce_map_mr_sg (git-fixes) - RDMA/hns: Fix UAF for cq async event (git-fixes) - RDMA/hns: Modify the print level of CQE error (git-fixes) - RDMA/hns: Use complete parentheses in macros (git-fixes) - RDMA/IPoIB: Fix format truncation compilation errors (git-fixes) - RDMA/mana_ib: Fix bug in creation of dma regions (git-fixes). - RDMA/mlx5: Adding remote atomic access flag to updatable flags (git-fixes) - RDMA/mlx5: Change check for cacheable mkeys (git-fixes) - RDMA/mlx5: Fix port number for counter query in multi-port configuration (git-fixes) - RDMA/mlx5: Uncacheable mkey has neither rb_key or cache_ent (git-fixes) - RDMA/rxe: Allow good work requests to be executed (git-fixes) - RDMA/rxe: Fix incorrect rxe_put in error path (git-fixes) - RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (git-fixes) - RDMA/rxe: Fix the problem 'mutex_destroy missing' (git-fixes) - README.BRANCH: Remove copy of branch name - Reapply 'drm/qxl: simplify qxl_fence_wait' (stable-fixes). - regmap: Add regmap_read_bypassed() (git-fixes). - regmap: kunit: Ensure that changed bytes are actually different (stable-fixes). - regmap: maple: Fix cache corruption in regcache_maple_drop() (git-fixes). - regmap: maple: Fix uninitialized symbol 'ret' warnings (git-fixes). - regulator: bd71828: Do not overwrite runtime voltages (git-fixes). - regulator: change devm_regulator_get_enable_optional() stub to return Ok (git-fixes). - regulator: change stubbed devm_regulator_get_enable to return Ok (git-fixes). - regulator: core: fix debugfs creation regression (git-fixes). - regulator: mt6360: De-capitalize devicetree regulator subnodes (git-fixes). - regulator: tps65132: Add of_match table (stable-fixes). - remoteproc: k3-r5: Do not allow core1 to power up before core0 via sysfs (git-fixes). - remoteproc: k3-r5: Jump to error handling labels in start/stop errors (git-fixes). - remoteproc: k3-r5: Wait for core0 power-up before powering up core1 (git-fixes). - remoteproc: mediatek: Make sure IPI buffer fits in L2TCM (git-fixes). - remoteproc: stm32: Fix incorrect type assignment returned by stm32_rproc_get_loaded_rsc_tablef (git-fixes). - remoteproc: virtio: Fix wdg cannot recovery remote processor (git-fixes). - Remove NTFSv3 from configs (bsc#1224429) References: bsc#1224429 comment#3 We only support fuse version of the NTFS-3g driver. Disable NTFSv3 from all configs. This was enabled in d016c04d731 ('Bump to 6.4 kernel (jsc#PED-4593)') - Revert 'ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default' (stable-fixes). - Revert 'ASoC: SOF: Intel: hda-dai-ops: only allocate/release streams for first CPU DAI' (stable-fixes). - Revert 'ASoC: SOF: Intel: hda-dai-ops: reset device count for SoundWire DAIs' (stable-fixes). - Revert 'cifs: reconnect work should have reference on server struct' (git-fixes, bsc#1225172). - Revert 'drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()' (stable-fixes). - Revert 'drm/amd/display: Fix sending VSC (+ colorimetry) packets for DP/eDP displays without PSR' (stable-fixes). - Revert 'drm/amdkfd: fix gfx_target_version for certain 11.0.3 devices' (stable-fixes). - Revert 'drm/bridge: ti-sn65dsi83: Fix enable error path' (git-fixes). - Revert 'drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()' (stable-fixes). - Revert 'drm/qxl: simplify qxl_fence_wait' (git-fixes). - Revert 'iommu/amd: Enable PCI/IMS' (git-fixes). - Revert 'iommu/vt-d: Enable PCI/IMS' (git-fixes). - Revert 'net/mlx5: Block entering switchdev mode with ns inconsistency' (git-fixes). - Revert 'net/mlx5e: Check the number of elements before walk TC rhashtable' (git-fixes). - Revert 'PCI/MSI: Provide IMS (Interrupt Message Store) support' (git-fixes). - Revert 'PCI/MSI: Provide pci_ims_alloc/free_irq()' (git-fixes). - Revert 'PCI/MSI: Provide stubs for IMS functions' (git-fixes). - Revert 'selinux: introduce an initial SID for early boot processes' (bsc#1208593) It caused a regression on ALP-current branch, kernel-obs-qa build failed. - Revert 'usb: cdc-wdm: close race between read and workqueue' (git-fixes). - Revert 'usb: phy: generic: Get the vbus supply' (git-fixes). - ring-buffer: Do not set shortest_full when full target is hit (git-fixes). - ring-buffer: Fix a race between readers and resize checks (git-fixes). - ring-buffer: Fix full_waiters_pending in poll (git-fixes). - ring-buffer: Fix resetting of shortest_full (git-fixes). - ring-buffer: Fix waking up ring buffer readers (git-fixes). - ring-buffer: Make wake once of ring_buffer_wait() more robust (git-fixes). - ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment (git-fixes). - ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() (git-fixes). - rtc: mt6397: select IRQ_DOMAIN instead of depending on it (git-fixes). - s390/bpf: Emit a barrier for BPF_FETCH instructions (git-fixes bsc#1224792). - s390/cio: Ensure the copied buf is NUL terminated (git-fixes bsc#1223869). - s390/cio: fix tracepoint subchannel type field (git-fixes bsc#1224793). - s390/cpacf: Split and rework cpacf query functions (git-fixes bsc#1225133). - s390/ipl: Fix incorrect initialization of len fields in nvme reipl block (git-fixes bsc#1225136). - s390/ipl: Fix incorrect initialization of nvme dump block (git-fixes bsc#1225134). - s390/ism: Properly fix receive message buffer allocation (git-fixes bsc#1223590). - s390/mm: Fix clearing storage keys for huge pages (git-fixes bsc#1223871). - s390/mm: Fix storage key clearing for guest huge pages (git-fixes bsc#1223872). - s390/qeth: Fix kernel panic after setting hsuid (git-fixes bsc#1223874). - s390/vdso: Add CFI for RA register to asm macro vdso_func (git-fixes bsc#1223870). - s390/vdso: drop '-fPIC' from LDFLAGS (git-fixes bsc#1223593). - s390/vtime: fix average steal time calculation (git-fixes bsc#1221783). - s390/zcrypt: fix reference counting on zcrypt card objects (git-fixes bsc#1223592). - sched/balancing: Rename newidle_balance() => sched_balance_newidle() (bsc#1222173). - sched/fair: Check root_domain::overload value before update (bsc#1222173). - sched/fair: Use helper functions to access root_domain::overload (bsc#1222173). - sched/psi: Select KERNFS as needed (git-fixes). - sched/topology: Optimize topology_span_sane() (bsc#1225053). - scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn (git-fixes). - scsi: core: Consult supported VPD page list prior to fetching page (git-fixes). - scsi: core: Fix unremoved procfs host directory regression (git-fixes). - scsi: csiostor: Avoid function pointer casts (git-fixes). - scsi: hisi_sas: Modify the deadline for ata_wait_after_reset() (git-fixes). - scsi: libsas: Add a helper sas_get_sas_addr_and_dev_type() (git-fixes). - scsi: libsas: Fix disk not being scanned in after being removed (git-fixes). - scsi: lpfc: Add support for 32 byte CDBs (bsc#1225842). - scsi: lpfc: Change default logging level for unsolicited CT MIB commands (bsc#1225842). - scsi: lpfc: Change lpfc_hba hba_flag member into a bitmask (bsc#1225842). Refresh: - patches.suse/lpfc-reintroduce-old-irq-probe-logic.patch - scsi: lpfc: Clear deferred RSCN processing flag when driver is unloading (bsc#1225842). - scsi: lpfc: Copyright updates for 14.4.0.1 patches (bsc#1221777). - scsi: lpfc: Copyright updates for 14.4.0.2 patches (bsc#1225842). - scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() (bsc#1221777). - scsi: lpfc: Correct size for wqe for memset() (bsc#1221777). - scsi: lpfc: Define lpfc_dmabuf type for ctx_buf ptr (bsc#1221777). - scsi: lpfc: Define lpfc_nodelist type for ctx_ndlp ptr (bsc#1221777). - scsi: lpfc: Define types in a union for generic void *context3 ptr (bsc#1221777). - scsi: lpfc: Introduce rrq_list_lock to protect active_rrq_list (bsc#1225842). - scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (bsc#1221777). - scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1221777). - scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1221777 bsc#1217959). - scsi: lpfc: Remove unnecessary log message in queuecommand path (bsc#1221777). - scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() (bsc#1221777). - scsi: lpfc: Update logging of protection type for T10 DIF I/O (bsc#1225842). - scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic (bsc#1221777). - scsi: lpfc: Update lpfc version to 14.4.0.1 (bsc#1221777). - scsi: lpfc: Update lpfc version to 14.4.0.2 (bsc#1225842). - scsi: lpfc: Use a dedicated lock for ras_fwlog state (bsc#1221777). - scsi: mpt3sas: Prevent sending diag_reset when the controller is ready (git-fixes). - scsi: mylex: Fix sysfs buffer lengths (git-fixes). - scsi: qla2xxx: Change debug message during driver unload (bsc1221816). - scsi: qla2xxx: Delay I/O Abort on PCI error (bsc1221816). - scsi: qla2xxx: Fix command flush on cable pull (bsc1221816). - scsi: qla2xxx: Fix double free of fcport (bsc1221816). - scsi: qla2xxx: Fix double free of the ha->vp_map pointer (bsc1221816). - scsi: qla2xxx: Fix N2N stuck connection (bsc1221816). - scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (git-fixes). - scsi: qla2xxx: NVME|FCP prefer flag not being honored (bsc1221816). - scsi: qla2xxx: Prevent command send on chip reset (bsc1221816). - scsi: qla2xxx: Split FCE|EFT trace control (bsc1221816). - scsi: qla2xxx: Update manufacturer detail (bsc1221816). - scsi: qla2xxx: Update version to 10.02.09.200-k (bsc1221816). - scsi: sd: Unregister device if device_add_disk() failed in sd_probe() (git-fixes). - scsi: sg: Avoid race in error handling & drop bogus warn (git-fixes). - scsi: sg: Avoid sg device teardown race (git-fixes). - scsi: smartpqi: Fix disable_managed_interrupts (git-fixes). - sctp: annotate data-races around sk->sk_wmem_queued (git-fixes). - sdhci-of-dwcmshc: disable PM runtime in dwcmshc_remove() (git-fixes). - selftests/binderfs: use the Makefile's rules, not Make's implicit rules (git-fixes). - selftests/bpf: add edge case backtracking logic test (bsc#1225756). - selftests/bpf: precision tracking test for BPF_NEG and BPF_END (bsc#1225756). - selftests: default to host arch for LLVM builds (git-fixes). - selftests: forwarding: Fix ping failure due to short timeout (git-fixes). - selftests/ftrace: Fix event filter target_func selection (stable-fixes). - selftests/ftrace: Limit length in subsystem-enable tests (git-fixes). - selftests/kcmp: remove unused open mode (git-fixes). - selftests: kselftest: Fix build failure with NOLIBC (git-fixes). - selftests: kselftest: Mark functions that unconditionally call exit() as __noreturn (git-fixes). - selftests: net: bridge: increase IGMP/MLD exclude timeout membership interval (git-fixes). - selftests/net: convert test_bridge_neigh_suppress.sh to run it in unique namespace (stable-fixes). - selftests: net: kill smcrouted in the cleanup logic in amt.sh (git-fixes). - selftests: net: move amt to socat for better compatibility (git-fixes). - selftests/pidfd: Fix config for pidfd_setns_test (git-fixes). - selftests/powerpc/dexcr: Add -no-pie to hashchk tests (git-fixes). - selftests/powerpc/papr-vpd: Fix missing variable initialization (jsc#PED-4486 git-fixes). - selftests/resctrl: fix clang build failure: use LOCAL_HDRS (git-fixes). - selftests: test_bridge_neigh_suppress.sh: Fix failures due to duplicate MAC (git-fixes). - selftests: timers: Convert posix_timers test to generate KTAP output (stable-fixes). - selftests: timers: Fix abs() warning in posix_timers test (git-fixes). - selftests: timers: Fix posix_timers ksft_print_msg() warning (git-fixes). - selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior (stable-fixes). - selftests/timers/posix_timers: Reimplement check_timer_distribution() (git-fixes). - selftests: vxlan_mdb: Fix failures with old libnet (git-fixes). - selinux: avoid dereference of garbage after mount failure (git-fixes). - selinux: introduce an initial SID for early boot processes (bsc#1208593). - serial: 8250_bcm7271: use default_mux_rate if possible (git-fixes). - serial: 8250_dw: Revert: Do not reclock if already at correct rate (git-fixes). - serial: 8250_exar: Do not remove GPIO device on suspend (git-fixes). - serial: 8520_mtk: Set RTS on shutdown for Rx in-band wakeup (git-fixes). - serial: core: Fix atomicity violation in uart_tiocmget (git-fixes). - serial: core: only stop transmit when HW fifo is empty (git-fixes). - serial: kgdboc: Fix NMI-safety problems from keyboard reset code (stable-fixes). - serial: Lock console when calling into driver before registration (git-fixes). - serial: max3100: Fix bitwise types (git-fixes). - serial: max3100: Lock port->lock when calling uart_handle_cts_change() (git-fixes). - serial: max310x: fix NULL pointer dereference in I2C instantiation (git-fixes). - serial: max310x: fix syntax error in IRQ error message (git-fixes). - serial: mxs-auart: add spinlock around changing cts state (git-fixes). - serial/pmac_zilog: Remove flawed mitigation for rx irq flood (git-fixes). - serial: sc16is7xx: add proper sched.h include for sched_set_fifo() (git-fixes). - serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler (git-fixes). - serial: sh-sci: protect invalidating RXDMA on shutdown (git-fixes). - serial: stm32: Reset .throttled state in .startup() (git-fixes). - series.conf: cleanup Fix subsection header to silence series_insert error. - SEV: disable SEV-ES DebugSwap by default (git-fixes). - slimbus: core: Remove usage of the deprecated ida_simple_xx() API (git-fixes). - slimbus: qcom-ngd-ctrl: Add timeout for wait operation (git-fixes). - smb3: show beginning time for per share stats (bsc#1225172). - smb: client: ensure to try all targets when finding nested links (bsc#1225172). - smb: client: fix mount when dns_resolver key is not available (git-fixes, bsc#1225172). - smb: client: fix parsing of SMB3.1.1 POSIX create context (git-fixes, bsc#1225172). - smb: client: get rid of dfs code dep in namespace.c (bsc#1225172). - smb: client: get rid of dfs naming in automount code (bsc#1225172). - smb: client: introduce DFS_CACHE_TGT_LIST() (bsc#1225172). - smb: client: reduce stack usage in cifs_try_adding_channels() (bsc#1225172). - smb: client: remove extra @chan_count check in __cifs_put_smb_ses() (bsc#1225172). - smb: client: rename cifs_dfs_ref.c to namespace.c (bsc#1225172). - soc: fsl: qbman: Always disable interrupts when taking cgr_lock (git-fixes). - soc: fsl: qbman: Use raw spinlock for cgr_lock (git-fixes). - sock_diag: annotate data-races around sock_diag_handlers[family] (git-fixes). - soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE (git-fixes). - soc: microchip: Fix POLARFIRE_SOC_SYS_CTRL input prompt (stable-fixes). - soc: qcom: pmic_glink: do not traverse clients list without a lock (git-fixes). - soc: qcom: pmic_glink: Make client-lock non-sleeping (git-fixes). - soc: qcom: pmic_glink: notify clients about the current state (git-fixes). - soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request (git-fixes). - soundwire: amd: fix for wake interrupt handling for clockstop mode (git-fixes). - speakup: Avoid crash on very long word (git-fixes). - speakup: Fix 8bit characters from direct synth (git-fixes). - speakup: Fix sizeof() vs ARRAY_SIZE() bug (git-fixes). - spi: Do not mark message DMA mapped when no transfer in it is (git-fixes). - spi: fix null pointer dereference within spi_sync (git-fixes). - spi: intel-pci: Add support for Lunar Lake-M SPI serial flash (stable-fixes). - spi: lm70llp: fix links in doc and comments (git-fixes). - spi: lpspi: Avoid potential use-after-free in probe() (git-fixes). - spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe (git-fixes). - spi: microchip-core-qspi: fix setting spi bus clock rate (git-fixes). - spi: spi-fsl-lpspi: remove redundant spi_controller_put call (git-fixes). - spi: spi-mt65xx: Fix NULL pointer access in interrupt handler (git-fixes). - spi: stm32: Do not warn about spurious interrupts (git-fixes). - spi: xilinx: Fix kernel documentation in the xilinx_spi.h (git-fixes). - spmi: hisi-spmi-controller: Do not override device identifier (git-fixes). - staging: vc04_services: changen strncpy() to strscpy_pad() (stable-fixes). - staging: vc04_services: fix information leak in create_component() (git-fixes). - staging: vt6655: Remove unused declaration of RFbAL7230SelectChannelPostProcess() (git-fixes). - stmmac: Clear variable when destroying workqueue (git-fixes). - SUNRPC: fix a memleak in gss_import_v2_context (git-fixes). - SUNRPC: fix some memleaks in gssx_dec_option_array (git-fixes). - supported.conf: support tcp_dctcp module (jsc#PED-8111) - swiotlb: extend buffer pre-padding to alloc_align_mask if necessary (bsc#1224331) - swiotlb: Fix alignment checks when both allocation and DMA masks are (bsc#1224331) - swiotlb: Fix double-allocation of slots due to broken alignment (bsc#1224331) - swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc() (bsc#1224331) - swiotlb: use the calculated number of areas (git-fixes). - Temporarily drop KVM patch that caused a regression (bsc#1226158). - thermal: devfreq_cooling: Fix perf state when calculate dfc res_util (git-fixes). - thermal/drivers/qcom/lmh: Check for SCM availability at probe (git-fixes). - thermal/drivers/tsens: Fix null pointer dereference (git-fixes). - thermal/of: Assume polling-delay(-passive) 0 when absent (stable-fixes). - thunderbolt: Avoid notify PM core about runtime PM resume (stable-fixes). - thunderbolt: Do not create DisplayPort tunnels on adapters of the same router (git-fixes). - thunderbolt: Fix wake configurations after device unplug (stable-fixes). - thunderbolt: Introduce tb_path_deactivate_hop() (stable-fixes). - thunderbolt: Introduce tb_port_reset() (stable-fixes). - thunderbolt: Make tb_switch_reset() support Thunderbolt 2, 3 and USB4 routers (stable-fixes). - thunderbolt: Reset only non-USB4 host routers in resume (git-fixes). - tls: break out of main loop when PEEK gets a non-data record (bsc#1221858). - tls: do not skip over different type records from the rx_list (bsc#1221858). - tls: fix peeking with sync+async decryption (bsc#1221858). - tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1221858). - tools/arch/x86/intel_sdsi: Fix maximum meter bundle length (git-fixes). - tools/arch/x86/intel_sdsi: Fix meter_certificate decoding (git-fixes). - tools/arch/x86/intel_sdsi: Fix meter_show display (git-fixes). - tools/latency-collector: Fix -Wformat-security compile warns (git-fixes). - tools/power turbostat: Expand probe_intel_uncore_frequency() (bsc#1221765). - tools/power/turbostat: Fix uncore frequency file string (bsc#1221765). - tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer (git-fixes). - tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test (git-fixes). - tracing: Have saved_cmdlines arrays all in one allocation (git-fixes). - tracing: hide unused ftrace_event_id_fops (git-fixes). - tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string (git-fixes). - tracing: Remove precision vsnprintf() check from print event (git-fixes). - tracing/ring-buffer: Fix wait_on_pipe() race (git-fixes). - tracing: Use .flush() call to wake up readers (git-fixes). - tty: n_gsm: fix missing receive state reset after mode switch (git-fixes). - tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (git-fixes). - tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT (git-fixes). - tty: vt: fix 20 vs 0x20 typo in EScsiignore (git-fixes). - ubifs: dbg_check_idx_size: Fix kmemleak if loading znode failed (git-fixes). - ubifs: fix sort function prototype (git-fixes). - ubifs: Queue up space reservation tasks if retrying many times (git-fixes). - ubifs: Remove unreachable code in dbg_check_ltab_lnum (git-fixes). - ubifs: Set page uptodate in the correct place (git-fixes). - Update config files. Disable N_GSM (jsc#PED-8240). - Update patches.suse/nvme-ensure-disabling-pairs-with-unquiesce.patch (jsc#PED-6252 jsc#PED-5728 jsc#PED-5062 jsc#PED-3535 bsc#1224534). - usb: aqc111: stop lying about skb->truesize (git-fixes). - usb: audio-v2: Correct comments for struct uac_clock_selector_descriptor (git-fixes). - usb: cdc-wdm: close race between read and workqueue (git-fixes). - USB: core: Add hub_get() and hub_put() routines (stable-fixes). - USB: core: Fix access violation during port device removal (git-fixes). - USB: core: Fix deadlock in port 'disable' sysfs attribute (stable-fixes). - USB: core: Fix deadlock in usb_deauthorize_interface() (git-fixes). - usb: Disable USB3 LPM at shutdown (stable-fixes). - usb: dwc2: gadget: Fix exiting from clock gating (git-fixes). - usb: dwc2: gadget: LPM flow fix (git-fixes). - usb: dwc2: host: Fix dereference issue in DDMA completion flow (git-fixes). - usb: dwc2: host: Fix hibernation flow (git-fixes). - usb: dwc2: host: Fix ISOC flow in DDMA mode (git-fixes). - usb: dwc2: host: Fix remote wakeup from hibernation (git-fixes). - usb: dwc3-am62: Disable wakeup at remove (git-fixes). - usb: dwc3-am62: fix module unload/reload behavior (git-fixes). - usb: dwc3-am62: Rename private data (git-fixes). - usb: dwc3: core: Prevent phy suspend during init (Git-fixes). - usb: dwc3: pci: Drop duplicate ID (git-fixes). - usb: dwc3: Properly set system wakeup (git-fixes). - usb: dwc3: Wait unconditionally after issuing EndXfer command (git-fixes). - usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device (bsc#1220569). - usb: fotg210: Add missing kernel doc description (git-fixes). - usb: gadget: composite: fix OS descriptors w_value logic (git-fixes). - usb: gadget: f_fs: Fix a race condition when processing setup packets (git-fixes). - usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (git-fixes). - usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error (stable-fixes). - usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin (git-fixes). - usb: gadget: u_audio: Clear uac pointer when freed (git-fixes). - usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind (git-fixes). - usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR (stable-fixes). - usb: gadget: uvc: use correct buffer size when parsing configfs lists (git-fixes). - usb: ohci: Prevent missed ohci interrupts (git-fixes). - usb: phy: generic: Get the vbus supply (git-fixes). - USB: serial: add device ID for VeriFone adapter (stable-fixes). - USB: serial: cp210x: add ID for MGP Instruments PDS100 (stable-fixes). - USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M (stable-fixes). - USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB (stable-fixes). - USB: serial: option: add Fibocom FM135-GL variants (stable-fixes). - USB: serial: option: add Lonsung U8300/U9300 product (stable-fixes). - USB: serial: option: add MeiG Smart SLM320 product (stable-fixes). - USB: serial: option: add Rolling RW101-GL and RW135-GL support (stable-fixes). - USB: serial: option: add support for Fibocom FM650/FG650 (stable-fixes). - USB: serial: option: add Telit FN920C04 rmnet compositions (stable-fixes). - USB: serial: option: support Quectel EM060K sub-models (stable-fixes). - usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined (stable-fixes). - usb: typec: Return size of buffer if pd_set operation succeeds (git-fixes). - usb: typec: tcpci: add generic tcpci fallback compatible (stable-fixes). - usb: typec: tcpm: Check for port partner validity before consuming it (git-fixes). - usb: typec: tcpm: clear pd_event queue in PORT_RESET (git-fixes). - usb: typec: tcpm: Correct port source pdo array in pd_set callback (git-fixes). - usb: typec: tcpm: Correct the PDO counting in pd_set (git-fixes). - usb: typec: tcpm: fix double-free issue in tcpm_port_unregister_pd() (git-fixes). - usb: typec: tcpm: unregister existing source caps before re-registration (git-fixes). - usb: typec: tipd: fix event checking for tps6598x (git-fixes). - usb: typec: ucsi: Ack unsupported commands (stable-fixes). - usb: typec: ucsi_acpi: Refactor and fix DELL quirk (git-fixes). - usb: typec: ucsi: always register a link to USB PD device (git-fixes). - usb: typec: ucsi: Check for notifications after init (git-fixes). - usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros (git-fixes). - usb: typec: ucsi: Clear EVENT_PENDING under PPM lock (git-fixes). - usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset (stable-fixes). - usb: typec: ucsi: displayport: Fix potential deadlock (git-fixes). - usb: typec: ucsi: Fix connector check on init (git-fixes). - usb: typec: ucsi: Fix race between typec_switch and role_switch (git-fixes). - usb: typec: ucsi: Limit read size on v1.2 (stable-fixes). - usb: typec: ucsi: simplify partner's PD caps registration (git-fixes). - USB: UAS: return ENODEV when submit urbs fail with device not attached (stable-fixes). - usb: udc: remove warning when queue disabled ep (stable-fixes). - usb: xhci: Add error handling in xhci_map_urb_for_dma (git-fixes). - usb: xhci: correct return value in case of STS_HCE (git-fixes). - usb: xhci: Implement xhci_handshake_check_state() helper. - usb: xhci-plat: Do not include xhci.h (stable-fixes). - vboxsf: Avoid an spurious warning if load_nls_xxx() fails (git-fixes). - vboxsf: explicitly deny setlease attempts (stable-fixes). - vdpa/mlx5: Allow CVQ size changes (git-fixes). - vdpa_sim: reset must not run (git-fixes). - veth: try harder when allocating queue memory (git-fixes). - vhost: Add smp_rmb() in vhost_enable_notify() (git-fixes). - vhost: Add smp_rmb() in vhost_vq_avail_empty() (git-fixes). - virtio-blk: Ensure no requests in virtqueues before deleting vqs (git-fixes). - virtio_net: Do not send RSS key if it is not supported (git-fixes). - virtio: treat alloc_dax() -EOPNOTSUPP failure as non-fatal (bsc#1223944). - VMCI: Fix an error handling path in vmci_guest_probe_device() (git-fixes). - VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() (stable-fixes). - vmci: prevent speculation leaks by sanitizing event in event_deliver() (git-fixes). - vsock/virtio: fix packet delivery to tap device (git-fixes). - watchdog: bd9576: Drop 'always-running' property (git-fixes). - watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger (git-fixes). - watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin (git-fixes). - watchdog: sa1100: Fix PTR_ERR_OR_ZERO() vs NULL check in sa1100dog_probe() (git-fixes). - wifi: ar5523: enable proper endpoint verification (git-fixes). - wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (git-fixes). - wifi: ath10k: poll service ready message before failing (git-fixes). - wifi: ath10k: populate board data for WCN3990 (git-fixes). - wifi: ath11k: decrease MHI channel buffer length to 8KB (bsc#1207948). - wifi: ath11k: do not force enable power save on non-running vdevs (git-fixes). - wifi: ath12k: fix out-of-bound access of qmi_invoke_handler() (git-fixes). - wifi: ath9k: fix LNA selection in ath_ant_try_scan() (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro (stable-fixes). - wifi: brcmfmac: add per-vendor feature detection callback (stable-fixes). - wifi: brcmfmac: cfg80211: Use WSEC to set SAE password (stable-fixes). - wifi: brcmfmac: Demote vendor-specific attach/detach messages to info (git-fixes). - wifi: brcmfmac: pcie: handle randbuf allocation failure (git-fixes). - wifi: carl9170: add a proper sanity check for endpoints (git-fixes). - wifi: carl9170: re-fix fortified-memset warning (git-fixes). - wifi: cfg80211: check A-MSDU format more carefully (stable-fixes). - wifi: cfg80211: fix rdev_dump_mpp() arguments order (stable-fixes). - wifi: ieee80211: fix ieee80211_mle_basic_sta_prof_size_ok() (git-fixes). - wifi: iwlwifi: fw: do not always use FW dump trig (git-fixes). - wifi: iwlwifi: fw: fix compile w/o CONFIG_ACPI (git-fixes). - wifi: iwlwifi: mvm: allocate STA links only for active links (git-fixes). - wifi: iwlwifi: mvm: fix active link counting during recovery (git-fixes). - wifi: iwlwifi: mvm: fix check in iwl_mvm_sta_fw_id_mask (git-fixes). - wifi: iwlwifi: mvm: guard against invalid STA ID on removal (stable-fixes). - wifi: iwlwifi: mvm: include link ID when releasing frames (git-fixes). - wifi: iwlwifi: mvm: init vif works only once (git-fixes). - wifi: iwlwifi: mvm: remove old PASN station when adding a new one (git-fixes). - wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd (git-fixes). - wifi: iwlwifi: mvm: rfi: fix potential response leaks (git-fixes). - wifi: iwlwifi: mvm: select STA mask only for active links (git-fixes). - wifi: iwlwifi: mvm: use correct address 3 in A-MSDU (stable-fixes). - wifi: iwlwifi: pcie: Add the PCI device id for new hardware (stable-fixes). - wifi: iwlwifi: pcie: fix RB status reading (stable-fixes). - wifi: iwlwifi: read txq->read_ptr under lock (stable-fixes). - wifi: iwlwifi: reconfigure TLC during HW restart (git-fixes). - wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (stable-fixes). - wifi: mac80211: clean up assignments to pointer cache (stable-fixes). - wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc (stable-fixes). - wifi: mac80211: fix prep_connection error path (stable-fixes). - wifi: mac80211: fix unaligned le16 access (git-fixes). - wifi: mac80211_hwsim: init peer measurement result (git-fixes). - wifi: mac80211: only call drv_sta_rc_update for uploaded stations (stable-fixes). - wifi: mac80211: remove link before AP (git-fixes). - wifi: mt76: mt7603: add wpdma tx eof flag for PSE client reset (git-fixes). - wifi: mt76: mt7603: fix tx queue of loopback packets (git-fixes). - wifi: mt76: mt7915: workaround too long expansion sparse warnings (git-fixes). - wifi: mt76: mt7996: add locking for accessing mapped registers (stable-fixes). - wifi: mt76: mt7996: disable AMSDU for non-data frames (stable-fixes). - wifi: mwl8k: initialize cmd->addr[] properly (git-fixes). - wifi: nl80211: do not free NULL coalescing rule (git-fixes). - wifi: rtw88: 8821cu: Fix connection failure (stable-fixes). - wifi: rtw88: Add missing VID/PIDs for 8811CU and 8821CU (stable-fixes). - wifi: rtw89: fix null pointer access when abort scan (stable-fixes). - wifi: rtw89: pci: correct TX resource checking for PCI DMA channel of firmware command (git-fixes). - wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor (stable-fixes). - wireguard: netlink: access device through ctx instead of peer (git-fixes). - wireguard: netlink: check for dangling peer via is_dead instead of empty list (git-fixes). - wireguard: receive: annotate data-race around receiving_counter.counter (git-fixes). - Workaround broken chacha crypto fallback (bsc#1218205). - x86/bugs: Fix BHI retpoline check (git-fixes). - x86/bugs: Fix the SRSO mitigation on Zen3/4 (git-fixes). - x86/bugs: Remove default case for fully switched enums (git-fixes). - x86/calldepth: Rename __x86_return_skl() to call_depth_return_thunk() (git-fixes). - x86/coco: Require seeding RNG with RDRAND on CoCo systems (git-fixes). - x86/cpu: Add model number for Intel Arrow Lake mobile processor (git-fixes). - x86/CPU/AMD: Add models 0x10-0x1f to the Zen5 range (git-fixes). - x86/CPU/AMD: Update the Zenbleed microcode revisions (git-fixes). - x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ (git-fixes). - x86/efistub: Add missing boot_params for mixed mode compat entry (git-fixes). - x86/efistub: Call mixed mode boot services on the firmware's stack (git-fixes). - x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (git-fixes). - x86/hyperv: Allow 15-bit APIC IDs for VTL platforms (git-fixes). - x86/hyperv: Use per cpu initial stack for vtl context (git-fixes). - x86/Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT (git-fixes). - x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y (git-fixes). - x86/kvm/Kconfig: Have KVM_AMD_SEV select ARCH_HAS_CC_PLATFORM (git-fixes). - x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (git-fixes). - x86/nmi: Fix the inverse 'in NMI handler' check (git-fixes). - x86/nospec: Refactor UNTRAIN_RET[_*] (git-fixes). - x86/pm: Work around false positive kmemleak report in msr_build_context() (git-fixes). - x86/purgatory: Switch to the position-independent small code model (git-fixes). - x86/rethunk: Use SYM_CODE_START[_LOCAL]_NOALIGN macros (git-fixes). - x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk (git-fixes). - x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO (git-fixes). - x86/srso: Disentangle rethunk-dependent options (git-fixes). - x86/srso: Fix unret validation dependencies (git-fixes). - x86/srso: Improve i-cache locality for alias mitigation (git-fixes). - x86/srso: Print actual mitigation if requested mitigation isn't possible (git-fixes). - x86/srso: Remove 'pred_cmd' label (git-fixes). - x86/srso: Unexport untraining functions (git-fixes). - x86/xen: Add some null pointer checking to smp.c (git-fixes). - x86/xen: attempt to inflate the memory balloon on PVH (git-fixes). - xdp, bonding: Fix feature flags when there are no slave devs anymore (git-fixes). - xen/events: drop xen_allocate_irqs_dynamic() (git-fixes). - xen/events: fix error code in xen_bind_pirq_msi_to_irq() (git-fixes). - xen/events: increment refcnt only if event channel is refcounted (git-fixes). - xen/events: modify internal [un]bind interfaces (git-fixes). - xen/events: reduce externally visible helper functions (git-fixes). - xen/events: remove some simple helpers from events_base.c (git-fixes). - xen: evtchn: Allow shared registration of IRQ handers (git-fixes). - xen/evtchn: avoid WARN() when unbinding an event channel (git-fixes). - xen-netfront: Add missing skb_mark_for_recycle (git-fixes). - xfs: add lock protection when remove perag from radix tree (git-fixes). - xfs: allow extent free intents to be retried (git-fixes). - xfs: fix perag leak when growfs fails (git-fixes). - xfs: force all buffers to be written during btree bulk load (git-fixes). - xfs: make xchk_iget safer in the presence of corrupt inode btrees (git-fixes). - xfs: pass the xfs_defer_pending object to iop_recover (git-fixes). - xfs: recompute growfsrtfree transaction reservation while growing rt volume (git-fixes). - xfs: transfer recovered intent item ownership in ->iop_recover (git-fixes). - xfs: use xfs_defer_pending objects to recover intent items (git-fixes). - xhci: add helper that checks for unhandled events on a event ring (git-fixes). - xhci: remove unnecessary event_ring_deq parameter from xhci_handle_event() (git-fixes). - xhci: Simplify event ring dequeue pointer update for port change events (git-fixes). - xhci: simplify event ring dequeue tracking for transfer events (git-fixes). Important SUSE bug 1012628 SUSE bug 1065729 SUSE bug 1181674 SUSE bug 1187716 SUSE bug 1193599 SUSE bug 1194869 SUSE bug 1207948 SUSE bug 1208593 SUSE bug 1209657 SUSE bug 1213573 SUSE bug 1214852 SUSE bug 1215199 SUSE bug 1216196 SUSE bug 1216358 SUSE bug 1216702 SUSE bug 1217169 SUSE bug 1217384 SUSE bug 1217408 SUSE bug 1217489 SUSE bug 1217750 SUSE bug 1217959 SUSE bug 1218205 SUSE bug 1218336 SUSE bug 1218447 SUSE bug 1218779 SUSE bug 1218917 SUSE bug 1219104 SUSE bug 1219170 SUSE bug 1219596 SUSE bug 1219623 SUSE bug 1219834 SUSE bug 1220021 SUSE bug 1220045 SUSE bug 1220120 SUSE bug 1220148 SUSE bug 1220328 SUSE bug 1220342 SUSE bug 1220428 SUSE bug 1220430 SUSE bug 1220569 SUSE bug 1220587 SUSE bug 1220783 SUSE bug 1220915 SUSE bug 1221044 SUSE bug 1221293 SUSE bug 1221303 SUSE bug 1221504 SUSE bug 1221612 SUSE bug 1221615 SUSE bug 1221635 SUSE bug 1221645 SUSE bug 1221649 SUSE bug 1221765 SUSE bug 1221777 SUSE bug 1221783 SUSE bug 1221816 SUSE bug 1221829 SUSE bug 1221830 SUSE bug 1221858 SUSE bug 1222048 SUSE bug 1222173 SUSE bug 1222264 SUSE bug 1222273 SUSE bug 1222294 SUSE bug 1222301 SUSE bug 1222303 SUSE bug 1222304 SUSE bug 1222307 SUSE bug 1222357 SUSE bug 1222366 SUSE bug 1222368 SUSE bug 1222371 SUSE bug 1222378 SUSE bug 1222385 SUSE bug 1222422 SUSE bug 1222426 SUSE bug 1222428 SUSE bug 1222437 SUSE bug 1222445 SUSE bug 1222459 SUSE bug 1222464 SUSE bug 1222489 SUSE bug 1222522 SUSE bug 1222525 SUSE bug 1222532 SUSE bug 1222557 SUSE bug 1222559 SUSE bug 1222563 SUSE bug 1222585 SUSE bug 1222596 SUSE bug 1222606 SUSE bug 1222608 SUSE bug 1222613 SUSE bug 1222615 SUSE bug 1222618 SUSE bug 1222622 SUSE bug 1222624 SUSE bug 1222627 SUSE bug 1222630 SUSE bug 1222635 SUSE bug 1222721 SUSE bug 1222727 SUSE bug 1222769 SUSE bug 1222771 SUSE bug 1222775 SUSE bug 1222777 SUSE bug 1222780 SUSE bug 1222782 SUSE bug 1222793 SUSE bug 1222799 SUSE bug 1222801 SUSE bug 1222968 SUSE bug 1223007 SUSE bug 1223011 SUSE bug 1223015 SUSE bug 1223020 SUSE bug 1223023 SUSE bug 1223024 SUSE bug 1223033 SUSE bug 1223034 SUSE bug 1223035 SUSE bug 1223038 SUSE bug 1223039 SUSE bug 1223041 SUSE bug 1223045 SUSE bug 1223046 SUSE bug 1223051 SUSE bug 1223052 SUSE bug 1223058 SUSE bug 1223060 SUSE bug 1223061 SUSE bug 1223076 SUSE bug 1223077 SUSE bug 1223111 SUSE bug 1223113 SUSE bug 1223138 SUSE bug 1223143 SUSE bug 1223187 SUSE bug 1223189 SUSE bug 1223190 SUSE bug 1223191 SUSE bug 1223198 SUSE bug 1223202 SUSE bug 1223285 SUSE bug 1223315 SUSE bug 1223338 SUSE bug 1223369 SUSE bug 1223380 SUSE bug 1223384 SUSE bug 1223390 SUSE bug 1223439 SUSE bug 1223462 SUSE bug 1223532 SUSE bug 1223539 SUSE bug 1223575 SUSE bug 1223590 SUSE bug 1223591 SUSE bug 1223592 SUSE bug 1223593 SUSE bug 1223625 SUSE bug 1223629 SUSE bug 1223633 SUSE bug 1223634 SUSE bug 1223637 SUSE bug 1223641 SUSE bug 1223643 SUSE bug 1223649 SUSE bug 1223650 SUSE bug 1223651 SUSE bug 1223652 SUSE bug 1223653 SUSE bug 1223654 SUSE bug 1223655 SUSE bug 1223660 SUSE bug 1223661 SUSE bug 1223664 SUSE bug 1223665 SUSE bug 1223666 SUSE bug 1223668 SUSE bug 1223669 SUSE bug 1223670 SUSE bug 1223671 SUSE bug 1223675 SUSE bug 1223677 SUSE bug 1223678 SUSE bug 1223686 SUSE bug 1223692 SUSE bug 1223693 SUSE bug 1223695 SUSE bug 1223696 SUSE bug 1223698 SUSE bug 1223705 SUSE bug 1223712 SUSE bug 1223718 SUSE bug 1223728 SUSE bug 1223732 SUSE bug 1223735 SUSE bug 1223739 SUSE bug 1223741 SUSE bug 1223744 SUSE bug 1223745 SUSE bug 1223747 SUSE bug 1223748 SUSE bug 1223749 SUSE bug 1223750 SUSE bug 1223752 SUSE bug 1223754 SUSE bug 1223757 SUSE bug 1223759 SUSE bug 1223761 SUSE bug 1223762 SUSE bug 1223774 SUSE bug 1223782 SUSE bug 1223787 SUSE bug 1223788 SUSE bug 1223789 SUSE bug 1223790 SUSE bug 1223802 SUSE bug 1223805 SUSE bug 1223810 SUSE bug 1223822 SUSE bug 1223827 SUSE bug 1223831 SUSE bug 1223834 SUSE bug 1223838 SUSE bug 1223869 SUSE bug 1223870 SUSE bug 1223871 SUSE bug 1223872 SUSE bug 1223874 SUSE bug 1223944 SUSE bug 1223945 SUSE bug 1223946 SUSE bug 1223991 SUSE bug 1224076 SUSE bug 1224096 SUSE bug 1224098 SUSE bug 1224099 SUSE bug 1224137 SUSE bug 1224166 SUSE bug 1224174 SUSE bug 1224177 SUSE bug 1224180 SUSE bug 1224181 SUSE bug 1224331 SUSE bug 1224423 SUSE bug 1224429 SUSE bug 1224430 SUSE bug 1224432 SUSE bug 1224433 SUSE bug 1224437 SUSE bug 1224438 SUSE bug 1224442 SUSE bug 1224443 SUSE bug 1224445 SUSE bug 1224449 SUSE bug 1224477 SUSE bug 1224479 SUSE bug 1224480 SUSE bug 1224481 SUSE bug 1224482 SUSE bug 1224486 SUSE bug 1224487 SUSE bug 1224488 SUSE bug 1224491 SUSE bug 1224492 SUSE bug 1224493 SUSE bug 1224494 SUSE bug 1224495 SUSE bug 1224500 SUSE bug 1224501 SUSE bug 1224502 SUSE bug 1224504 SUSE bug 1224505 SUSE bug 1224506 SUSE bug 1224507 SUSE bug 1224508 SUSE bug 1224509 SUSE bug 1224511 SUSE bug 1224513 SUSE bug 1224517 SUSE bug 1224519 SUSE bug 1224521 SUSE bug 1224524 SUSE bug 1224525 SUSE bug 1224526 SUSE bug 1224530 SUSE bug 1224531 SUSE bug 1224534 SUSE bug 1224537 SUSE bug 1224541 SUSE bug 1224542 SUSE bug 1224543 SUSE bug 1224546 SUSE bug 1224550 SUSE bug 1224552 SUSE bug 1224553 SUSE bug 1224555 SUSE bug 1224557 SUSE bug 1224558 SUSE bug 1224559 SUSE bug 1224562 SUSE bug 1224565 SUSE bug 1224566 SUSE bug 1224567 SUSE bug 1224568 SUSE bug 1224569 SUSE bug 1224571 SUSE bug 1224573 SUSE bug 1224576 SUSE bug 1224577 SUSE bug 1224578 SUSE bug 1224579 SUSE bug 1224580 SUSE bug 1224581 SUSE bug 1224582 SUSE bug 1224585 SUSE bug 1224586 SUSE bug 1224587 SUSE bug 1224588 SUSE bug 1224592 SUSE bug 1224596 SUSE bug 1224598 SUSE bug 1224600 SUSE bug 1224601 SUSE bug 1224602 SUSE bug 1224603 SUSE bug 1224605 SUSE bug 1224607 SUSE bug 1224608 SUSE bug 1224609 SUSE bug 1224611 SUSE bug 1224613 SUSE bug 1224615 SUSE bug 1224617 SUSE bug 1224618 SUSE bug 1224620 SUSE bug 1224621 SUSE bug 1224622 SUSE bug 1224623 SUSE bug 1224624 SUSE bug 1224626 SUSE bug 1224627 SUSE bug 1224628 SUSE bug 1224629 SUSE bug 1224630 SUSE bug 1224632 SUSE bug 1224633 SUSE bug 1224634 SUSE bug 1224636 SUSE bug 1224637 SUSE bug 1224638 SUSE bug 1224639 SUSE bug 1224640 SUSE bug 1224643 SUSE bug 1224644 SUSE bug 1224645 SUSE bug 1224646 SUSE bug 1224647 SUSE bug 1224648 SUSE bug 1224649 SUSE bug 1224650 SUSE bug 1224651 SUSE bug 1224652 SUSE bug 1224653 SUSE bug 1224654 SUSE bug 1224657 SUSE bug 1224660 SUSE bug 1224663 SUSE bug 1224664 SUSE bug 1224665 SUSE bug 1224666 SUSE bug 1224667 SUSE bug 1224668 SUSE bug 1224671 SUSE bug 1224672 SUSE bug 1224674 SUSE bug 1224675 SUSE bug 1224676 SUSE bug 1224677 SUSE bug 1224678 SUSE bug 1224679 SUSE bug 1224680 SUSE bug 1224681 SUSE bug 1224682 SUSE bug 1224683 SUSE bug 1224685 SUSE bug 1224686 SUSE bug 1224687 SUSE bug 1224688 SUSE bug 1224692 SUSE bug 1224696 SUSE bug 1224697 SUSE bug 1224699 SUSE bug 1224701 SUSE bug 1224703 SUSE bug 1224704 SUSE bug 1224705 SUSE bug 1224706 SUSE bug 1224707 SUSE bug 1224709 SUSE bug 1224710 SUSE bug 1224712 SUSE bug 1224714 SUSE bug 1224716 SUSE bug 1224717 SUSE bug 1224718 SUSE bug 1224719 SUSE bug 1224720 SUSE bug 1224721 SUSE bug 1224722 SUSE bug 1224723 SUSE bug 1224725 SUSE bug 1224727 SUSE bug 1224728 SUSE bug 1224729 SUSE bug 1224730 SUSE bug 1224731 SUSE bug 1224732 SUSE bug 1224733 SUSE bug 1224736 SUSE bug 1224738 SUSE bug 1224739 SUSE bug 1224740 SUSE bug 1224741 SUSE bug 1224742 SUSE bug 1224747 SUSE bug 1224749 SUSE bug 1224763 SUSE bug 1224764 SUSE bug 1224765 SUSE bug 1224766 SUSE bug 1224790 SUSE bug 1224792 SUSE bug 1224793 SUSE bug 1224803 SUSE bug 1224804 SUSE bug 1224866 SUSE bug 1224936 SUSE bug 1224989 SUSE bug 1225007 SUSE bug 1225053 SUSE bug 1225133 SUSE bug 1225134 SUSE bug 1225136 SUSE bug 1225172 SUSE bug 1225502 SUSE bug 1225578 SUSE bug 1225579 SUSE bug 1225580 SUSE bug 1225593 SUSE bug 1225605 SUSE bug 1225607 SUSE bug 1225610 SUSE bug 1225616 SUSE bug 1225618 SUSE bug 1225640 SUSE bug 1225642 SUSE bug 1225692 SUSE bug 1225694 SUSE bug 1225695 SUSE bug 1225696 SUSE bug 1225698 SUSE bug 1225699 SUSE bug 1225704 SUSE bug 1225705 SUSE bug 1225708 SUSE bug 1225710 SUSE bug 1225712 SUSE bug 1225714 SUSE bug 1225715 SUSE bug 1225720 SUSE bug 1225722 SUSE bug 1225728 SUSE bug 1225734 SUSE bug 1225735 SUSE bug 1225736 SUSE bug 1225747 SUSE bug 1225748 SUSE bug 1225749 SUSE bug 1225750 SUSE bug 1225756 SUSE bug 1225765 SUSE bug 1225766 SUSE bug 1225769 SUSE bug 1225773 SUSE bug 1225775 SUSE bug 1225842 SUSE bug 1225945 SUSE bug 1226158 CVE-2023-0160 at SUSE CVE-2023-0160 at NVD CVE-2023-52434 at SUSE CVE-2023-52434 at NVD CVE-2023-52458 at SUSE CVE-2023-52458 at NVD CVE-2023-52472 at SUSE CVE-2023-52472 at NVD CVE-2023-52503 at SUSE CVE-2023-52503 at NVD CVE-2023-52616 at SUSE CVE-2023-52616 at NVD CVE-2023-52618 at SUSE CVE-2023-52618 at NVD CVE-2023-52631 at SUSE CVE-2023-52631 at NVD CVE-2023-52635 at SUSE CVE-2023-52635 at NVD CVE-2023-52640 at SUSE CVE-2023-52640 at NVD CVE-2023-52641 at SUSE CVE-2023-52641 at NVD CVE-2023-52645 at SUSE CVE-2023-52645 at NVD CVE-2023-52652 at SUSE CVE-2023-52652 at NVD CVE-2023-52653 at SUSE CVE-2023-52653 at NVD CVE-2023-52654 at SUSE CVE-2023-52654 at NVD CVE-2023-52655 at SUSE CVE-2023-52655 at NVD CVE-2023-52657 at SUSE CVE-2023-52657 at NVD CVE-2023-52658 at SUSE CVE-2023-52658 at NVD CVE-2023-52659 at SUSE CVE-2023-52659 at NVD CVE-2023-52660 at SUSE CVE-2023-52660 at NVD CVE-2023-52661 at SUSE CVE-2023-52661 at NVD CVE-2023-52662 at SUSE CVE-2023-52662 at NVD CVE-2023-52663 at SUSE CVE-2023-52663 at NVD CVE-2023-52664 at SUSE CVE-2023-52664 at NVD CVE-2023-52667 at SUSE CVE-2023-52667 at NVD CVE-2023-52669 at SUSE CVE-2023-52669 at NVD CVE-2023-52670 at SUSE CVE-2023-52670 at NVD CVE-2023-52671 at SUSE CVE-2023-52671 at NVD CVE-2023-52673 at SUSE CVE-2023-52673 at NVD CVE-2023-52674 at SUSE CVE-2023-52674 at NVD CVE-2023-52675 at SUSE CVE-2023-52675 at NVD CVE-2023-52676 at SUSE CVE-2023-52676 at NVD CVE-2023-52678 at SUSE CVE-2023-52678 at NVD CVE-2023-52679 at SUSE CVE-2023-52679 at NVD CVE-2023-52680 at SUSE CVE-2023-52680 at NVD CVE-2023-52681 at SUSE CVE-2023-52681 at NVD CVE-2023-52683 at SUSE CVE-2023-52683 at NVD CVE-2023-52685 at SUSE CVE-2023-52685 at NVD CVE-2023-52686 at SUSE CVE-2023-52686 at NVD CVE-2023-52687 at SUSE CVE-2023-52687 at NVD CVE-2023-52690 at SUSE CVE-2023-52690 at NVD CVE-2023-52691 at SUSE CVE-2023-52691 at NVD CVE-2023-52692 at SUSE CVE-2023-52692 at NVD CVE-2023-52693 at SUSE CVE-2023-52693 at NVD CVE-2023-52694 at SUSE CVE-2023-52694 at NVD CVE-2023-52695 at SUSE CVE-2023-52695 at NVD CVE-2023-52696 at SUSE CVE-2023-52696 at NVD CVE-2023-52697 at SUSE CVE-2023-52697 at NVD CVE-2023-52698 at SUSE CVE-2023-52698 at NVD CVE-2023-52771 at SUSE CVE-2023-52771 at NVD CVE-2023-52772 at SUSE CVE-2023-52772 at NVD CVE-2023-52860 at SUSE CVE-2023-52860 at NVD CVE-2023-52882 at SUSE CVE-2023-52882 at NVD CVE-2023-6238 at SUSE CVE-2023-6238 at NVD CVE-2023-7042 at SUSE CVE-2023-7042 at NVD CVE-2024-0639 at SUSE CVE-2024-0639 at NVD CVE-2024-21823 at SUSE CVE-2024-21823 at NVD CVE-2024-22099 at SUSE CVE-2024-22099 at NVD CVE-2024-23848 at SUSE CVE-2024-23848 at NVD CVE-2024-24861 at SUSE CVE-2024-24861 at NVD CVE-2024-25739 at SUSE CVE-2024-25739 at NVD CVE-2024-26601 at SUSE CVE-2024-26601 at NVD CVE-2024-26611 at SUSE CVE-2024-26611 at NVD CVE-2024-26614 at SUSE CVE-2024-26614 at NVD CVE-2024-26632 at SUSE CVE-2024-26632 at NVD CVE-2024-26638 at SUSE CVE-2024-26638 at NVD CVE-2024-26642 at SUSE CVE-2024-26642 at NVD CVE-2024-26643 at SUSE CVE-2024-26643 at NVD CVE-2024-26650 at SUSE CVE-2024-26650 at NVD CVE-2024-26654 at SUSE CVE-2024-26654 at NVD CVE-2024-26656 at SUSE CVE-2024-26656 at NVD CVE-2024-26657 at SUSE CVE-2024-26657 at NVD CVE-2024-26671 at SUSE CVE-2024-26671 at NVD CVE-2024-26673 at SUSE CVE-2024-26673 at NVD CVE-2024-26674 at SUSE CVE-2024-26674 at NVD CVE-2024-26679 at SUSE CVE-2024-26679 at NVD CVE-2024-26684 at SUSE CVE-2024-26684 at NVD CVE-2024-26685 at SUSE CVE-2024-26685 at NVD CVE-2024-26692 at SUSE CVE-2024-26692 at NVD CVE-2024-26704 at SUSE CVE-2024-26704 at NVD CVE-2024-26714 at SUSE CVE-2024-26714 at NVD CVE-2024-26726 at SUSE CVE-2024-26726 at NVD CVE-2024-26731 at SUSE CVE-2024-26731 at NVD CVE-2024-26733 at SUSE CVE-2024-26733 at NVD CVE-2024-26737 at SUSE CVE-2024-26737 at NVD CVE-2024-26739 at SUSE CVE-2024-26739 at NVD CVE-2024-26740 at SUSE CVE-2024-26740 at NVD CVE-2024-26742 at SUSE CVE-2024-26742 at NVD CVE-2024-26760 at SUSE CVE-2024-26760 at NVD CVE-2024-26761 at SUSE CVE-2024-26761 at NVD CVE-2024-26764 at SUSE CVE-2024-26764 at NVD CVE-2024-26769 at SUSE CVE-2024-26769 at NVD CVE-2024-26772 at SUSE CVE-2024-26772 at NVD CVE-2024-26773 at SUSE CVE-2024-26773 at NVD CVE-2024-26774 at SUSE CVE-2024-26774 at NVD CVE-2024-26775 at SUSE CVE-2024-26775 at NVD CVE-2024-26783 at SUSE CVE-2024-26783 at NVD CVE-2024-26786 at SUSE CVE-2024-26786 at NVD CVE-2024-26791 at SUSE CVE-2024-26791 at NVD CVE-2024-26793 at SUSE CVE-2024-26793 at NVD CVE-2024-26794 at SUSE CVE-2024-26794 at NVD CVE-2024-26802 at SUSE CVE-2024-26802 at NVD CVE-2024-26805 at SUSE CVE-2024-26805 at NVD CVE-2024-26807 at SUSE CVE-2024-26807 at NVD CVE-2024-26815 at SUSE CVE-2024-26815 at NVD CVE-2024-26816 at SUSE CVE-2024-26816 at NVD CVE-2024-26822 at SUSE CVE-2024-26822 at NVD CVE-2024-26832 at SUSE CVE-2024-26832 at NVD CVE-2024-26836 at SUSE CVE-2024-26836 at NVD CVE-2024-26844 at SUSE CVE-2024-26844 at NVD CVE-2024-26846 at SUSE CVE-2024-26846 at NVD CVE-2024-26853 at SUSE CVE-2024-26853 at NVD CVE-2024-26854 at SUSE CVE-2024-26854 at NVD CVE-2024-26855 at SUSE CVE-2024-26855 at NVD CVE-2024-26856 at SUSE CVE-2024-26856 at NVD CVE-2024-26857 at SUSE CVE-2024-26857 at NVD CVE-2024-26858 at SUSE CVE-2024-26858 at NVD CVE-2024-26860 at SUSE CVE-2024-26860 at NVD CVE-2024-26861 at SUSE CVE-2024-26861 at NVD CVE-2024-26862 at SUSE CVE-2024-26862 at NVD CVE-2024-26866 at SUSE CVE-2024-26866 at NVD CVE-2024-26868 at SUSE CVE-2024-26868 at NVD CVE-2024-26870 at SUSE CVE-2024-26870 at NVD CVE-2024-26878 at SUSE CVE-2024-26878 at NVD CVE-2024-26881 at SUSE CVE-2024-26881 at NVD CVE-2024-26882 at SUSE CVE-2024-26882 at NVD CVE-2024-26883 at SUSE CVE-2024-26883 at NVD CVE-2024-26884 at SUSE CVE-2024-26884 at NVD CVE-2024-26885 at SUSE CVE-2024-26885 at NVD CVE-2024-26899 at SUSE CVE-2024-26899 at NVD CVE-2024-26900 at SUSE CVE-2024-26900 at NVD CVE-2024-26901 at SUSE CVE-2024-26901 at NVD CVE-2024-26903 at SUSE CVE-2024-26903 at NVD CVE-2024-26906 at SUSE CVE-2024-26906 at NVD CVE-2024-26909 at SUSE CVE-2024-26909 at NVD CVE-2024-26921 at SUSE CVE-2024-26921 at NVD CVE-2024-26922 at SUSE CVE-2024-26922 at NVD CVE-2024-26923 at SUSE CVE-2024-26923 at NVD CVE-2024-26925 at SUSE CVE-2024-26925 at NVD CVE-2024-26928 at SUSE CVE-2024-26928 at NVD CVE-2024-26932 at SUSE CVE-2024-26932 at NVD CVE-2024-26933 at SUSE CVE-2024-26933 at NVD CVE-2024-26934 at SUSE CVE-2024-26934 at NVD CVE-2024-26935 at SUSE CVE-2024-26935 at NVD CVE-2024-26937 at SUSE CVE-2024-26937 at NVD CVE-2024-26938 at SUSE CVE-2024-26938 at NVD CVE-2024-26940 at SUSE CVE-2024-26940 at NVD CVE-2024-26943 at SUSE CVE-2024-26943 at NVD CVE-2024-26945 at SUSE CVE-2024-26945 at NVD CVE-2024-26946 at SUSE CVE-2024-26946 at NVD CVE-2024-26948 at SUSE CVE-2024-26948 at NVD CVE-2024-26949 at SUSE CVE-2024-26949 at NVD CVE-2024-26950 at SUSE CVE-2024-26950 at NVD CVE-2024-26951 at SUSE CVE-2024-26951 at NVD CVE-2024-26957 at SUSE CVE-2024-26957 at NVD CVE-2024-26958 at SUSE CVE-2024-26958 at NVD CVE-2024-26960 at SUSE CVE-2024-26960 at NVD CVE-2024-26961 at SUSE CVE-2024-26961 at NVD CVE-2024-26962 at SUSE CVE-2024-26962 at NVD CVE-2024-26963 at SUSE CVE-2024-26963 at NVD CVE-2024-26964 at SUSE CVE-2024-26964 at NVD CVE-2024-26972 at SUSE CVE-2024-26972 at NVD CVE-2024-26973 at SUSE CVE-2024-26973 at NVD CVE-2024-26978 at SUSE CVE-2024-26978 at NVD CVE-2024-26981 at SUSE CVE-2024-26981 at NVD CVE-2024-26982 at SUSE CVE-2024-26982 at NVD CVE-2024-26983 at SUSE CVE-2024-26983 at NVD CVE-2024-26984 at SUSE CVE-2024-26984 at NVD CVE-2024-26986 at SUSE CVE-2024-26986 at NVD CVE-2024-26988 at SUSE CVE-2024-26988 at NVD CVE-2024-26989 at SUSE CVE-2024-26989 at NVD CVE-2024-26990 at SUSE CVE-2024-26990 at NVD CVE-2024-26991 at SUSE CVE-2024-26991 at NVD CVE-2024-26992 at SUSE CVE-2024-26992 at NVD CVE-2024-26993 at SUSE CVE-2024-26993 at NVD CVE-2024-26994 at SUSE CVE-2024-26994 at NVD CVE-2024-26995 at SUSE CVE-2024-26995 at NVD CVE-2024-26996 at SUSE CVE-2024-26996 at NVD CVE-2024-26997 at SUSE CVE-2024-26997 at NVD CVE-2024-26999 at SUSE CVE-2024-26999 at NVD CVE-2024-27000 at SUSE CVE-2024-27000 at NVD CVE-2024-27001 at SUSE CVE-2024-27001 at NVD CVE-2024-27002 at SUSE CVE-2024-27002 at NVD CVE-2024-27003 at SUSE CVE-2024-27003 at NVD CVE-2024-27004 at SUSE CVE-2024-27004 at NVD CVE-2024-27008 at SUSE CVE-2024-27008 at NVD CVE-2024-27013 at SUSE CVE-2024-27013 at NVD CVE-2024-27014 at SUSE CVE-2024-27014 at NVD CVE-2024-27022 at SUSE CVE-2024-27022 at NVD CVE-2024-27027 at SUSE CVE-2024-27027 at NVD CVE-2024-27028 at SUSE CVE-2024-27028 at NVD CVE-2024-27029 at SUSE CVE-2024-27029 at NVD CVE-2024-27030 at SUSE CVE-2024-27030 at NVD CVE-2024-27031 at SUSE CVE-2024-27031 at NVD CVE-2024-27036 at SUSE CVE-2024-27036 at NVD CVE-2024-27046 at SUSE CVE-2024-27046 at NVD CVE-2024-27056 at SUSE CVE-2024-27056 at NVD CVE-2024-27057 at SUSE CVE-2024-27057 at NVD CVE-2024-27062 at SUSE CVE-2024-27062 at NVD CVE-2024-27067 at SUSE CVE-2024-27067 at NVD CVE-2024-27080 at SUSE CVE-2024-27080 at NVD CVE-2024-27388 at SUSE CVE-2024-27388 at NVD CVE-2024-27389 at SUSE CVE-2024-27389 at NVD CVE-2024-27393 at SUSE CVE-2024-27393 at NVD CVE-2024-27395 at SUSE CVE-2024-27395 at NVD CVE-2024-27396 at SUSE CVE-2024-27396 at NVD CVE-2024-27398 at SUSE CVE-2024-27398 at NVD CVE-2024-27399 at SUSE CVE-2024-27399 at NVD CVE-2024-27400 at SUSE CVE-2024-27400 at NVD CVE-2024-27401 at SUSE CVE-2024-27401 at NVD CVE-2024-27405 at SUSE CVE-2024-27405 at NVD CVE-2024-27408 at SUSE CVE-2024-27408 at NVD CVE-2024-27410 at SUSE CVE-2024-27410 at NVD CVE-2024-27411 at SUSE CVE-2024-27411 at NVD CVE-2024-27412 at SUSE CVE-2024-27412 at NVD CVE-2024-27413 at SUSE CVE-2024-27413 at NVD CVE-2024-27416 at SUSE CVE-2024-27416 at NVD CVE-2024-27417 at SUSE CVE-2024-27417 at NVD CVE-2024-27418 at SUSE CVE-2024-27418 at NVD CVE-2024-27431 at SUSE CVE-2024-27431 at NVD CVE-2024-27432 at SUSE CVE-2024-27432 at NVD CVE-2024-27434 at SUSE CVE-2024-27434 at NVD CVE-2024-27435 at SUSE CVE-2024-27435 at NVD CVE-2024-27436 at SUSE CVE-2024-27436 at NVD CVE-2024-35784 at SUSE CVE-2024-35784 at NVD CVE-2024-35786 at SUSE CVE-2024-35786 at NVD CVE-2024-35788 at SUSE CVE-2024-35788 at NVD CVE-2024-35789 at SUSE CVE-2024-35789 at NVD CVE-2024-35790 at SUSE CVE-2024-35790 at NVD CVE-2024-35791 at SUSE CVE-2024-35791 at NVD CVE-2024-35794 at SUSE CVE-2024-35794 at NVD CVE-2024-35795 at SUSE CVE-2024-35795 at NVD CVE-2024-35796 at SUSE CVE-2024-35796 at NVD CVE-2024-35799 at SUSE CVE-2024-35799 at NVD CVE-2024-35800 at SUSE CVE-2024-35800 at NVD CVE-2024-35801 at SUSE CVE-2024-35801 at NVD CVE-2024-35803 at SUSE CVE-2024-35803 at NVD CVE-2024-35804 at SUSE CVE-2024-35804 at NVD CVE-2024-35806 at SUSE CVE-2024-35806 at NVD CVE-2024-35808 at SUSE CVE-2024-35808 at NVD CVE-2024-35809 at SUSE CVE-2024-35809 at NVD CVE-2024-35810 at SUSE CVE-2024-35810 at NVD CVE-2024-35811 at SUSE CVE-2024-35811 at NVD CVE-2024-35812 at SUSE CVE-2024-35812 at NVD CVE-2024-35813 at SUSE CVE-2024-35813 at NVD CVE-2024-35814 at SUSE CVE-2024-35814 at NVD CVE-2024-35815 at SUSE CVE-2024-35815 at NVD CVE-2024-35817 at SUSE CVE-2024-35817 at NVD CVE-2024-35819 at SUSE CVE-2024-35819 at NVD CVE-2024-35821 at SUSE CVE-2024-35821 at NVD CVE-2024-35822 at SUSE CVE-2024-35822 at NVD CVE-2024-35823 at SUSE CVE-2024-35823 at NVD CVE-2024-35824 at SUSE CVE-2024-35824 at NVD CVE-2024-35825 at SUSE CVE-2024-35825 at NVD CVE-2024-35828 at SUSE CVE-2024-35828 at NVD CVE-2024-35829 at SUSE CVE-2024-35829 at NVD CVE-2024-35830 at SUSE CVE-2024-35830 at NVD CVE-2024-35833 at SUSE CVE-2024-35833 at NVD CVE-2024-35834 at SUSE CVE-2024-35834 at NVD CVE-2024-35835 at SUSE CVE-2024-35835 at NVD CVE-2024-35836 at SUSE CVE-2024-35836 at NVD CVE-2024-35837 at SUSE CVE-2024-35837 at NVD CVE-2024-35838 at SUSE CVE-2024-35838 at NVD CVE-2024-35841 at SUSE CVE-2024-35841 at NVD CVE-2024-35842 at SUSE CVE-2024-35842 at NVD CVE-2024-35845 at SUSE CVE-2024-35845 at NVD CVE-2024-35847 at SUSE CVE-2024-35847 at NVD CVE-2024-35849 at SUSE CVE-2024-35849 at NVD CVE-2024-35850 at SUSE CVE-2024-35850 at NVD CVE-2024-35851 at SUSE CVE-2024-35851 at NVD CVE-2024-35852 at SUSE CVE-2024-35852 at NVD CVE-2024-35854 at SUSE CVE-2024-35854 at NVD CVE-2024-35860 at SUSE CVE-2024-35860 at NVD CVE-2024-35861 at SUSE CVE-2024-35861 at NVD CVE-2024-35862 at SUSE CVE-2024-35862 at NVD CVE-2024-35863 at SUSE CVE-2024-35863 at NVD CVE-2024-35864 at SUSE CVE-2024-35864 at NVD CVE-2024-35865 at SUSE CVE-2024-35865 at NVD CVE-2024-35866 at SUSE CVE-2024-35866 at NVD CVE-2024-35867 at SUSE CVE-2024-35867 at NVD CVE-2024-35868 at SUSE CVE-2024-35868 at NVD CVE-2024-35869 at SUSE CVE-2024-35869 at NVD CVE-2024-35870 at SUSE CVE-2024-35870 at NVD CVE-2024-35872 at SUSE CVE-2024-35872 at NVD CVE-2024-35875 at SUSE CVE-2024-35875 at NVD CVE-2024-35877 at SUSE CVE-2024-35877 at NVD CVE-2024-35878 at SUSE CVE-2024-35878 at NVD CVE-2024-35879 at SUSE CVE-2024-35879 at NVD CVE-2024-35883 at SUSE CVE-2024-35883 at NVD CVE-2024-35885 at SUSE CVE-2024-35885 at NVD CVE-2024-35887 at SUSE CVE-2024-35887 at NVD CVE-2024-35889 at SUSE CVE-2024-35889 at NVD CVE-2024-35891 at SUSE CVE-2024-35891 at NVD CVE-2024-35895 at SUSE CVE-2024-35895 at NVD CVE-2024-35901 at SUSE CVE-2024-35901 at NVD CVE-2024-35903 at SUSE CVE-2024-35903 at NVD CVE-2024-35904 at SUSE CVE-2024-35904 at NVD CVE-2024-35905 at SUSE CVE-2024-35905 at NVD CVE-2024-35907 at SUSE CVE-2024-35907 at NVD CVE-2024-35909 at SUSE CVE-2024-35909 at NVD CVE-2024-35911 at SUSE CVE-2024-35911 at NVD CVE-2024-35912 at SUSE CVE-2024-35912 at NVD CVE-2024-35914 at SUSE CVE-2024-35914 at NVD CVE-2024-35915 at SUSE CVE-2024-35915 at NVD CVE-2024-35916 at SUSE CVE-2024-35916 at NVD CVE-2024-35917 at SUSE CVE-2024-35917 at NVD CVE-2024-35921 at SUSE CVE-2024-35921 at NVD CVE-2024-35922 at SUSE CVE-2024-35922 at NVD CVE-2024-35924 at SUSE CVE-2024-35924 at NVD CVE-2024-35927 at SUSE CVE-2024-35927 at NVD CVE-2024-35928 at SUSE CVE-2024-35928 at NVD CVE-2024-35930 at SUSE CVE-2024-35930 at NVD CVE-2024-35931 at SUSE CVE-2024-35931 at NVD CVE-2024-35932 at SUSE CVE-2024-35932 at NVD CVE-2024-35933 at SUSE CVE-2024-35933 at NVD CVE-2024-35935 at SUSE CVE-2024-35935 at NVD CVE-2024-35936 at SUSE CVE-2024-35936 at NVD CVE-2024-35937 at SUSE CVE-2024-35937 at NVD CVE-2024-35938 at SUSE CVE-2024-35938 at NVD CVE-2024-35940 at SUSE CVE-2024-35940 at NVD CVE-2024-35943 at SUSE CVE-2024-35943 at NVD CVE-2024-35944 at SUSE CVE-2024-35944 at NVD CVE-2024-35945 at SUSE CVE-2024-35945 at NVD CVE-2024-35946 at SUSE CVE-2024-35946 at NVD CVE-2024-35947 at SUSE CVE-2024-35947 at NVD CVE-2024-35950 at SUSE CVE-2024-35950 at NVD CVE-2024-35951 at SUSE CVE-2024-35951 at NVD CVE-2024-35952 at SUSE CVE-2024-35952 at NVD CVE-2024-35953 at SUSE CVE-2024-35953 at NVD CVE-2024-35954 at SUSE CVE-2024-35954 at NVD CVE-2024-35955 at SUSE CVE-2024-35955 at NVD CVE-2024-35956 at SUSE CVE-2024-35956 at NVD CVE-2024-35958 at SUSE CVE-2024-35958 at NVD CVE-2024-35959 at SUSE CVE-2024-35959 at NVD CVE-2024-35960 at SUSE CVE-2024-35960 at NVD CVE-2024-35961 at SUSE CVE-2024-35961 at NVD CVE-2024-35963 at SUSE CVE-2024-35963 at NVD CVE-2024-35964 at SUSE CVE-2024-35964 at NVD CVE-2024-35965 at SUSE CVE-2024-35965 at NVD CVE-2024-35966 at SUSE CVE-2024-35966 at NVD CVE-2024-35967 at SUSE CVE-2024-35967 at NVD CVE-2024-35969 at SUSE CVE-2024-35969 at NVD CVE-2024-35971 at SUSE CVE-2024-35971 at NVD CVE-2024-35972 at SUSE CVE-2024-35972 at NVD CVE-2024-35973 at SUSE CVE-2024-35973 at NVD CVE-2024-35974 at SUSE CVE-2024-35974 at NVD CVE-2024-35975 at SUSE CVE-2024-35975 at NVD CVE-2024-35977 at SUSE CVE-2024-35977 at NVD CVE-2024-35978 at SUSE CVE-2024-35978 at NVD CVE-2024-35981 at SUSE CVE-2024-35981 at NVD CVE-2024-35982 at SUSE CVE-2024-35982 at NVD CVE-2024-35984 at SUSE CVE-2024-35984 at NVD CVE-2024-35986 at SUSE CVE-2024-35986 at NVD CVE-2024-35989 at SUSE CVE-2024-35989 at NVD CVE-2024-35990 at SUSE CVE-2024-35990 at NVD CVE-2024-35991 at SUSE CVE-2024-35991 at NVD CVE-2024-35992 at SUSE CVE-2024-35992 at NVD CVE-2024-35995 at SUSE CVE-2024-35995 at NVD CVE-2024-35997 at SUSE CVE-2024-35997 at NVD CVE-2024-35999 at SUSE CVE-2024-35999 at NVD CVE-2024-36002 at SUSE CVE-2024-36002 at NVD CVE-2024-36006 at SUSE CVE-2024-36006 at NVD CVE-2024-36007 at SUSE CVE-2024-36007 at NVD CVE-2024-36009 at SUSE CVE-2024-36009 at NVD CVE-2024-36011 at SUSE CVE-2024-36011 at NVD CVE-2024-36012 at SUSE CVE-2024-36012 at NVD CVE-2024-36013 at SUSE CVE-2024-36013 at NVD CVE-2024-36014 at SUSE CVE-2024-36014 at NVD CVE-2024-36015 at SUSE CVE-2024-36015 at NVD CVE-2024-36016 at SUSE CVE-2024-36016 at NVD CVE-2024-36018 at SUSE CVE-2024-36018 at NVD CVE-2024-36019 at SUSE CVE-2024-36019 at NVD CVE-2024-36020 at SUSE CVE-2024-36020 at NVD CVE-2024-36021 at SUSE CVE-2024-36021 at NVD CVE-2024-36025 at SUSE CVE-2024-36025 at NVD CVE-2024-36026 at SUSE CVE-2024-36026 at NVD CVE-2024-36029 at SUSE CVE-2024-36029 at NVD CVE-2024-36030 at SUSE CVE-2024-36030 at NVD CVE-2024-36032 at SUSE CVE-2024-36032 at NVD CVE-2024-36880 at SUSE CVE-2024-36880 at NVD CVE-2024-36885 at SUSE CVE-2024-36885 at NVD CVE-2024-36890 at SUSE CVE-2024-36890 at NVD CVE-2024-36891 at SUSE CVE-2024-36891 at NVD CVE-2024-36893 at SUSE CVE-2024-36893 at NVD CVE-2024-36894 at SUSE CVE-2024-36894 at NVD CVE-2024-36895 at SUSE CVE-2024-36895 at NVD CVE-2024-36896 at SUSE CVE-2024-36896 at NVD CVE-2024-36897 at SUSE CVE-2024-36897 at NVD CVE-2024-36898 at SUSE CVE-2024-36898 at NVD CVE-2024-36906 at SUSE CVE-2024-36906 at NVD CVE-2024-36918 at SUSE CVE-2024-36918 at NVD CVE-2024-36921 at SUSE CVE-2024-36921 at NVD CVE-2024-36922 at SUSE CVE-2024-36922 at NVD CVE-2024-36928 at SUSE CVE-2024-36928 at NVD CVE-2024-36930 at SUSE CVE-2024-36930 at NVD CVE-2024-36931 at SUSE CVE-2024-36931 at NVD CVE-2024-36936 at SUSE CVE-2024-36936 at NVD CVE-2024-36940 at SUSE CVE-2024-36940 at NVD CVE-2024-36941 at SUSE CVE-2024-36941 at NVD CVE-2024-36942 at SUSE CVE-2024-36942 at NVD CVE-2024-36944 at SUSE CVE-2024-36944 at NVD CVE-2024-36947 at SUSE CVE-2024-36947 at NVD CVE-2024-36949 at SUSE CVE-2024-36949 at NVD CVE-2024-36950 at SUSE CVE-2024-36950 at NVD CVE-2024-36951 at SUSE CVE-2024-36951 at NVD CVE-2024-36955 at SUSE CVE-2024-36955 at NVD CVE-2024-36959 at SUSE CVE-2024-36959 at NVD cpe:/o:opensuse:leap:15.6 Security update for python310 (Low) openSUSE Leap 15.6 This update for python310 fixes the following issues: - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) Low SUSE bug 1226448 CVE-2024-4032 at SUSE CVE-2024-4032 at NVD cpe:/o:opensuse:leap:15.6 Security update for libreoffice (Important) openSUSE Leap 15.6 This update for libreoffice fixes the following issues: Libreoffice was updated to version 24.2.4.2: - Release notes: * https://wiki.documentfoundation.org/Releases/24.2.1/RC1 * https://wiki.documentfoundation.org/Releases/24.2.1/RC2 - Security issues fixed: * CVE-2024-3044: Fixed unchecked script execution in graphic on-click binding (bsc#1224279) - Other issues fixed: * Fixed LibreOffice build failures with ICU 75 (bsc#1224309) - Updated bundled dependencies: * curl version update from 8.6.0 to 8.7.1 * gpgme version update from 1.20.0 to 1.23.2 * libassuan version update from 2.5.6 to 2.5.7 * libgpg-error version update from 1.47 to 1.48 Important SUSE bug 1224279 SUSE bug 1224309 CVE-2024-3044 at SUSE CVE-2024-3044 at NVD cpe:/o:opensuse:leap:15.6 Security update for pgadmin4 (Important) openSUSE Leap 15.6 This update for pgadmin4 fixes the following issues: - CVE-2024-4216: Fixed XSS in /settings/store endpoint (bsc#1223868). - CVE-2024-4215: Fixed multi-factor authentication bypass (bsc#1223867). Important SUSE bug 1223867 SUSE bug 1223868 CVE-2024-4215 at SUSE CVE-2024-4215 at NVD CVE-2024-4216 at SUSE CVE-2024-4216 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql15 (Moderate) openSUSE Leap 15.6 This update for postgresql15 fixes the following issues: - Upgrade to 15.7. (bsc#1224051) - CVE-2024-4317: Restrict visibility of pg_stats_ext and pg_stats_ext_exprs entries to the table owner. See release notes for the steps that have to be taken to fix existing PostgreSQL instances. (bsc#1224038) Moderate SUSE bug 1224038 SUSE bug 1224051 CVE-2024-4317 at SUSE CVE-2024-4317 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql14 (Moderate) openSUSE Leap 15.6 This update for postgresql14 fixes the following issues: - Upgrade to 14.12 (bsc#1224051): - CVE-2024-4317: Restrict visibility of pg_stats_ext and pg_stats_ext_exprs entries to the table owner. See release notes for the steps that have to be taken to fix existing PostgreSQL instances. (bsc#1224038) Moderate SUSE bug 1224038 SUSE bug 1224051 CVE-2024-4317 at SUSE CVE-2024-4317 at NVD cpe:/o:opensuse:leap:15.6 Security update for wireshark (Moderate) openSUSE Leap 15.6 This update for wireshark fixes the following issues: Update to version 3.6.22: - CVE-2024-4854: MONGO and ZigBee TLV dissector infinite loops (bsc#1224274) - CVE-2024-4853: The editcap command line utility could crash when chopping bytes from the beginning of a packet (bsc#1224259) - CVE-2024-4855: The editcap command line utility could crash when injecting secrets while writing multiple files (bsc#1224276) Moderate SUSE bug 1224259 SUSE bug 1224274 SUSE bug 1224276 CVE-2024-4853 at SUSE CVE-2024-4853 at NVD CVE-2024-4854 at SUSE CVE-2024-4854 at NVD CVE-2024-4855 at SUSE CVE-2024-4855 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql16 (Moderate) openSUSE Leap 15.6 This update for postgresql16 fixes the following issues: PostgreSQL upgrade to version 16.3 (bsc#1224051): - CVE-2024-4317: Fixed visibility restriction of pg_stats_ext and pg_stats_ext_exprs entries to the table owner (bsc#1224038). Bug fixes: - Fix incompatibility with LLVM 18. - Prepare for PostgreSQL 17. - Make sure all compilation and doc generation happens in %build. - Require LLVM <= 17 for now, because LLVM 18 doesn't seem to work. - Remove constraints file because improved memory usage for s390x - Use %patch -P N instead of deprecated %patchN. Release notes: - https://www.postgresql.org/docs/release/16.3/ Moderate SUSE bug 1224038 SUSE bug 1224051 CVE-2024-4317 at SUSE CVE-2024-4317 at NVD cpe:/o:opensuse:leap:15.6 Security update for libxml2 (Low) openSUSE Leap 15.6 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). Low SUSE bug 1224282 CVE-2024-34459 at SUSE CVE-2024-34459 at NVD cpe:/o:opensuse:leap:15.6 Security update for squid (Moderate) openSUSE Leap 15.6 This update for squid fixes the following issues: - Update to version 6.10 - CVE-2024-37894: Fixed a denial of Service issue in ESI processing (bsc#1227086) Moderate SUSE bug 1227086 CVE-2024-37894 at SUSE CVE-2024-37894 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Js2Py (Critical) openSUSE Leap 15.6 This update for python-Js2Py fixes the following issues: - CVE-2024-28397: Fixed a potential sandbox escape via untrusted JavaScript code (bsc#1226660). Critical SUSE bug 1226660 CVE-2024-28397 at SUSE CVE-2024-28397 at NVD cpe:/o:opensuse:leap:15.6 Security update for openssh (Important) openSUSE Leap 15.6 This update for openssh fixes the following issues: - CVE-2024-6387: Fixed race condition in a signal handler (bsc#1226642) Important SUSE bug 1226642 CVE-2024-6387 at SUSE CVE-2024-6387 at NVD cpe:/o:opensuse:leap:15.6 Security update for git (Important) openSUSE Leap 15.6 This update for git fixes the following issues: - CVE-2024-32002: Fix recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion. (bsc#1224168) - CVE-2024-32004: Fixed arbitrary code execution during local clones. (bsc#1224170) - CVE-2024-32020: Fix file overwriting vulnerability during local clones. (bsc#1224171) - CVE-2024-32021: Git may create hardlinks to arbitrary user-readable files. (bsc#1224172) - CVE-2024-32465: Fixed arbitrary code execution during clone operations. (bsc#1224173) Important SUSE bug 1224168 SUSE bug 1224170 SUSE bug 1224171 SUSE bug 1224172 SUSE bug 1224173 CVE-2024-32002 at SUSE CVE-2024-32002 at NVD CVE-2024-32004 at SUSE CVE-2024-32004 at NVD CVE-2024-32020 at SUSE CVE-2024-32020 at NVD CVE-2024-32021 at SUSE CVE-2024-32021 at NVD CVE-2024-32465 at SUSE CVE-2024-32465 at NVD cpe:/o:opensuse:leap:15.6 Security update for python39 (Moderate) openSUSE Leap 15.6 This update for python39 fixes the following issues: - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) Moderate SUSE bug 1226447 SUSE bug 1226448 CVE-2024-0397 at SUSE CVE-2024-0397 at NVD CVE-2024-4032 at SUSE CVE-2024-4032 at NVD cpe:/o:opensuse:leap:15.6 Security update for podofo (Low) openSUSE Leap 15.6 This update for podofo fixes the following issues: - PdfEncrypt: Validate more encrypt dictionary parameters (bsc#1213720) - PdfXRefStreamParserObject: Fixed handling of invalid XRef stream entries (bsc#1213720) Low SUSE bug 1213720 cpe:/o:opensuse:leap:15.6 Security update for libndp (Important) openSUSE Leap 15.6 This update for libndp fixes the following issues: - CVE-2024-5564: Add a check on the route information option length field. (bsc#1225771) Important SUSE bug 1225771 CVE-2024-5564 at SUSE CVE-2024-5564 at NVD cpe:/o:opensuse:leap:15.6 Security update for podman (Moderate) openSUSE Leap 15.6 This update for podman fixes the following issues: - CVE-2024-6104: Fixed a potential leak of sensitive information on HTTP log file (bsc#1227052). Moderate SUSE bug 1227052 CVE-2024-6104 at SUSE CVE-2024-6104 at NVD cpe:/o:opensuse:leap:15.6 Security update for libxml2 (Low) openSUSE Leap 15.6 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). Low SUSE bug 1224282 CVE-2024-34459 at SUSE CVE-2024-34459 at NVD cpe:/o:opensuse:leap:15.6 Security update for ghostscript (Important) openSUSE Leap 15.6 This update for ghostscript fixes the following issues: - CVE-2024-29510: Fixed an arbitrary path traversal when running in a permitted path (bsc#1226945). - CVE-2024-33870: Fixed a format string injection that could lead to command execution (bsc#1226944). - CVE-2024-33869: Fixed a path validation bypass that could lead to path traversal (bsc#1226946). Important SUSE bug 1226944 SUSE bug 1226945 SUSE bug 1226946 CVE-2024-29510 at SUSE CVE-2024-29510 at NVD CVE-2024-33869 at SUSE CVE-2024-33869 at NVD CVE-2024-33870 at SUSE CVE-2024-33870 at NVD cpe:/o:opensuse:leap:15.6 Security update for apache2-mod_auth_openidc (Important) openSUSE Leap 15.6 This update for apache2-mod_auth_openidc fixes the following issues: - CVE-2024-24814: Fixed a bug that can led to DoS when `OIDCSessionType client-cookie` is set and a crafted Cookie header is supplied. (bsc#1219911) Important SUSE bug 1219911 SUSE bug 1227261 CVE-2024-24814 at SUSE CVE-2024-24814 at NVD cpe:/o:opensuse:leap:15.6 Security update for krb5 (Important) openSUSE Leap 15.6 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). Important SUSE bug 1227186 SUSE bug 1227187 CVE-2024-37370 at SUSE CVE-2024-37370 at NVD CVE-2024-37371 at SUSE CVE-2024-37371 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.21 (Important) openSUSE Leap 15.6 This update for go1.21 fixes the following issues: Updated to version 1.21.12 (bsc#1212475): - CVE-2024-24791: Fixed a potential denial of service due to improper handling of HTTP 100-continue headers (bsc#1227314). Important SUSE bug 1212475 SUSE bug 1227314 CVE-2024-24791 at SUSE CVE-2024-24791 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.22 (Important) openSUSE Leap 15.6 This update for go1.22 fixes the following issues: Updated to version 1.22.5 (bsc#1218424): - CVE-2024-24791: Fixed a potential denial of service due to improper handling of HTTP 100-continue headers (bsc#1227314). Important SUSE bug 1218424 SUSE bug 1227314 CVE-2024-24791 at SUSE CVE-2024-24791 at NVD cpe:/o:opensuse:leap:15.6 Security update for netty3 (Important) openSUSE Leap 15.6 This update for netty3 fixes the following issues: - CVE-2024-29025: Fixed HttpPostRequestDecoder can out of memory due to large number of form fields (bsc#1222045). Important SUSE bug 1222045 CVE-2024-29025 at SUSE CVE-2024-29025 at NVD cpe:/o:opensuse:leap:15.6 Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container (Important) openSUSE Leap 15.6 This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues: - Collect component Role rules under operator Role instead of ClusterRole (bsc#1223965, CVE-2024-33394) - Ensure procps is installed (provides ps for tests) Containers were rebuilt against current go and maintenance updates. Important SUSE bug 1223965 CVE-2024-33394 at SUSE CVE-2024-33394 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-urllib3 (Moderate) openSUSE Leap 15.6 This update for python-urllib3 fixes the following issues: - CVE-2024-37891: Fixed proxy-authorization request header not stripped during cross-origin redirects (bsc#1226469). Moderate SUSE bug 1226469 CVE-2024-37891 at SUSE CVE-2024-37891 at NVD cpe:/o:opensuse:leap:15.6 Security update for freeradius-server (Important) openSUSE Leap 15.6 This update for freeradius-server fixes the following issues: - CVE-2024-3596: Fixed chosen-prefix collision attack against MD5 (bsc#1223414). Important SUSE bug 1223414 CVE-2024-3596 at SUSE CVE-2024-3596 at NVD cpe:/o:opensuse:leap:15.6 Security update for openssh (Moderate) openSUSE Leap 15.6 This update for openssh fixes the following issues: Security fixes: - CVE-2024-39894: Fixed timing attacks against echo-off password entry (bsc#1227318). Other fixes: - Add obsoletes for openssh-server-config-rootlogin (bsc#1227350). - Add #include <stdlib.h> in some files added by the ldap patch to fix build with gcc14 (bsc#1225904). - Remove the recommendation for openssh-server-config-rootlogin from openssh-server (bsc#1224392). Moderate SUSE bug 1218215 SUSE bug 1224392 SUSE bug 1225904 SUSE bug 1227318 SUSE bug 1227350 CVE-2023-51385 at SUSE CVE-2023-51385 at NVD CVE-2024-39894 at SUSE CVE-2024-39894 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-zipp (Low) openSUSE Leap 15.6 This update for python-zipp fixes the following issues: - CVE-2024-5569: Fixed DoS vulnerability when processing a specially crafted zip file (bsc#1227547). Low SUSE bug 1227547 CVE-2024-5569 at SUSE CVE-2024-5569 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaFirefox (Important) openSUSE Leap 15.6 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 115.13.0 ESR (MFSA 2024-30, bsc#1226316): - CVE-2024-6600: Memory corruption in WebGL API - CVE-2024-6601: Race condition in permission assignment - CVE-2024-6602: Memory corruption in NSS - CVE-2024-6603: Memory corruption in thread creation - CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 Other fixes: - Fix GNOME search provider (bsc#1225278) Important SUSE bug 1225278 SUSE bug 1226316 CVE-2024-5688 at SUSE CVE-2024-5688 at NVD CVE-2024-5690 at SUSE CVE-2024-5690 at NVD CVE-2024-5691 at SUSE CVE-2024-5691 at NVD CVE-2024-5692 at SUSE CVE-2024-5692 at NVD CVE-2024-5693 at SUSE CVE-2024-5693 at NVD CVE-2024-5696 at SUSE CVE-2024-5696 at NVD CVE-2024-5700 at SUSE CVE-2024-5700 at NVD CVE-2024-5702 at SUSE CVE-2024-5702 at NVD CVE-2024-6600 at SUSE CVE-2024-6600 at NVD CVE-2024-6601 at SUSE CVE-2024-6601 at NVD CVE-2024-6602 at SUSE CVE-2024-6602 at NVD CVE-2024-6603 at SUSE CVE-2024-6603 at NVD CVE-2024-6604 at SUSE CVE-2024-6604 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-zipp (Low) openSUSE Leap 15.6 This update for python-zipp fixes the following issues: - CVE-2024-5569: Fixed DoS vulnerability when processing a specially crafted zip file (bsc#1227547). Low SUSE bug 1227547 CVE-2024-5569 at SUSE CVE-2024-5569 at NVD cpe:/o:opensuse:leap:15.6 Security update for oniguruma (Moderate) openSUSE Leap 15.6 This update for oniguruma fixes the following issues: - CVE-2019-13225: Fixed null-pointer dereference in match_at() in regexec.c (bsc#1141157). Moderate SUSE bug 1141157 CVE-2019-13225 at SUSE CVE-2019-13225 at NVD cpe:/o:opensuse:leap:15.6 Security update for apache2 (Important) openSUSE Leap 15.6 This update for apache2 fixes the following issues: - CVE-2024-38477: Fixed null pointer dereference in mod_proxy (bsc#1227270) - CVE-2024-39573: Fixed potential SSRF in mod_rewrite (bsc#1227271) Important SUSE bug 1227270 SUSE bug 1227271 CVE-2024-38477 at SUSE CVE-2024-38477 at NVD CVE-2024-39573 at SUSE CVE-2024-39573 at NVD cpe:/o:opensuse:leap:15.6 Security update for libvpx (Important) openSUSE Leap 15.6 This update for libvpx fixes the following issues: - CVE-2024-5197: Fixed interger overflow when calling vpx_img_alloc() or vpx_img_wrap() with large parameters (bsc#1225879). - CVE-2023-6349: Fixed heap overflow when encoding a frame that has larger dimensions than the originally configured size (bsc#1225403). - CVE-2023-44488: Fixed heap buffer overflow in vp8 encoding (bsc#1216879). Important SUSE bug 1216879 SUSE bug 1225403 SUSE bug 1225879 CVE-2023-44488 at SUSE CVE-2023-44488 at NVD CVE-2023-6349 at SUSE CVE-2023-6349 at NVD CVE-2024-5197 at SUSE CVE-2024-5197 at NVD cpe:/o:opensuse:leap:15.6 Security update for tomcat10 (Important) openSUSE Leap 15.6 This update for tomcat10 fixes the following issues: - CVE-2024-34750: Fixed an improper handling of exceptional conditions (bsc#1227399). Important SUSE bug 1227399 CVE-2024-34750 at SUSE CVE-2024-34750 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaThunderbird (Moderate) openSUSE Leap 15.6 This update for MozillaThunderbird fixes the following issues: Security fixes: - CVE-2024-34703: Fixed denial of service due to overly large elliptic curve parameters in Botan (bsc#1227239) Other fixes: - Mozilla Thunderbird 115.12.1 * 115.12.0 got pulled because of upstream automation process errors and Windows installer signing changes. No code changes, changelog is the same as 115.12.0 (bsc#1226495) Moderate SUSE bug 1226495 SUSE bug 1227239 CVE-2024-34703 at SUSE CVE-2024-34703 at NVD cpe:/o:opensuse:leap:15.6 Security update for python3 (Important) openSUSE Leap 15.6 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) Important SUSE bug 1219559 SUSE bug 1220664 SUSE bug 1221563 SUSE bug 1221854 SUSE bug 1222075 SUSE bug 1226447 SUSE bug 1226448 CVE-2023-52425 at SUSE CVE-2023-52425 at NVD CVE-2024-0397 at SUSE CVE-2024-0397 at NVD CVE-2024-0450 at SUSE CVE-2024-0450 at NVD CVE-2024-4032 at SUSE CVE-2024-4032 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-black (Important) openSUSE Leap 15.6 This update for python-black fixes the following issues: Updated to version 24.3.0: - CVE-2024-21503: Fixed a performance downgrade on docstrings that contain large numbers of leading tab characters (bsc#1221530). Important SUSE bug 1221530 CVE-2024-21503 at SUSE CVE-2024-21503 at NVD cpe:/o:opensuse:leap:15.6 Security update for tomcat (Important) openSUSE Leap 15.6 This update for tomcat fixes the following issues: Updated to version 9.0.91: - CVE-2024-34750: Fixed an improper handling of exceptional conditions (bsc#1227399). Important SUSE bug 1227399 CVE-2024-34750 at SUSE CVE-2024-34750 at NVD cpe:/o:opensuse:leap:15.6 Security update for xen (Important) openSUSE Leap 15.6 This update for xen fixes the following issues: - CVE-2023-46842: Fixed x86 HVM hypercalls may trigger Xen bug check (XSA-454, bsc#1221984). - CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling (XSA-458, bsc#1227355). Important SUSE bug 1027519 SUSE bug 1214718 SUSE bug 1221984 SUSE bug 1225953 SUSE bug 1227355 CVE-2023-46842 at SUSE CVE-2023-46842 at NVD CVE-2024-31143 at SUSE CVE-2024-31143 at NVD cpe:/o:opensuse:leap:15.6 Security update for emacs (Important) openSUSE Leap 15.6 This update for emacs fixes the following issues: - CVE-2024-39331: Fixed evaluation of arbitrary unsafe Elisp code in Org mode (bsc#1226957). Important SUSE bug 1226957 CVE-2024-39331 at SUSE CVE-2024-39331 at NVD cpe:/o:opensuse:leap:15.6 Security update for mockito, snakeyaml, testng (Important) openSUSE Leap 15.6 This update for mockito, snakeyaml, testng fixes the following issues: mockito was updated to version 5.11.0: - Added bundle manifest to the mockito-core artifact - Mockito 5 is making core changes to ensure compatibility with future JDK versions. - Switch the Default MockMaker to mockito-inline (not applicable to mockito-android) * Mockito 2.7.6 introduced the mockito-inline mockmaker based on the 'inline bytecode' principle, offering compatibility advantages over the subclass mockmaker * This change avoids JDK restrictions, such as violating module boundaries and leaking subclass creation - Legitimate use cases for the subclass mockmaker: * Scenarios where the inline mockmaker does not function, such as on Graal VM's native image * If avoiding mocking final classes, the subclass mockmaker remains a viable option, although issues may arise on JDK 17+ * Mockito aims to support both mockmakers, allowing users to choose based on their requirements. - Update the Minimum Supported Java Version to 11 * Mockito 5 raised the minimum supported Java version to 11 * Community member @reta contributed to this change. * Users still on JDK 8 can continue using Mockito 4, with minimal API differences between versions - New type() Method on ArgumentMatcher * The ArgumentMatcher interface now includes a new type() method to support varargs methods, addressing previous limitations * Users can now differentiate between matching calls with any exact number of arguments or match any number of arguments * Mockito 5 provides a default implementation of the new method, ensuring backward compatibility. * No obligation for users to implement the new method; Mockito 5 considers Void.type by default for varargs handling * ArgumentCaptor is now fully type-aware, enabling capturing specific subclasses on a generic method. - byte-buddy does not bundle asm, but uses objectweb-asm as external library snake-yaml was updated to version 2.2: - Changes of version 2.2: * Define default scalar style as PLAIN (for polyglot Maven) * Add missing 'exports org.yaml.snakeyaml.inspector' to module-info.java - Changes of version 2.1: * Heavy Allocation in Emitter.analyzeScalar(String) due to Regex Overhead * Use identity in toString() for sequences to avoid OutOfMemoryError * NumberFormatException from SnakeYAML due to int overflow for corrupt YAML version * Document size limit should be applied to single document notthe whole input stream * Detect invalid Unicode code point (thanks to Tatu Saloranta) * Remove Trusted*Inspector classes from main sources tree - Changes of version 2.0: * Rollback to Java 7 target * Add module-info.java * Migrate to Java 8 * Remove many deprecated constructors * Remove long deprecated methods in FlowStyle * Do not allow global tags by default * Yaml.LoadAs() signature to support Class<? super T> type instead of Class<T> * CustomClassLoaderConstructor takes LoaderOptions * Check input parameters for non-null values testng was updated to version 7.10.1: - Security issues fixed: * CVE-2022-4065: Fixed Zip Slip Vulnerability (bsc#1205628) - Changes of version 7.10.1: * Fixed maven build with junit5 - Changes of version 7.10.0: * Minor discrepancy fixes * Deleting TestNG eclipse plugin specific classes * Remove deprecated JUnit related support in TestNG * Handle exceptions in emailable Reporter * Added wrapperbot and update workflow order * Support ITestNGFactory customisation * Streamlined data provider listener invocation * Streamlined Guice Module creation in concurrency. * Copy test result attributes when unexpected failures * chore: use explicit dependency versions instead of refreshVersions * Removed Ant * Support ordering of listeners * Added errorprone * Allow custom thread pool executors to be wired in. * Allow data providers to be non cacheable * Use Locks instead of synchronised keyword * Document pgp artifact signing keys * Added Unique Id for all test class instances * Added issue management workflows * Map object to configurations * Allow listeners to be disabled at runtime * Streamlined Data Provider execution * Honour inheritance when parsing listener factories * Tweaks around accessing SuiteResult * Streamlined random generation * Streamlined dependencies for configurations - Changes of version 7.9.0: * Fixed maps containing nulls can be incorrectly considered equal * Test Results as artifacts for failed runs * Fixed data races * Dont honour params specified in suite-file tag * Decouple SuiteRunner and TestRunner * Disable Native DI for BeforeSuite methods * Streamlined running Parallel Dataproviders+retries * Removed extra whitespace in log for Configuration.createMethods() * Added the link for TestNG Documentation's GitHub Repo in README.md * FirstTimeOnlyConfig methods + Listener invocations * Added overrideGroupsFromCliInParentChildXml test * Ensure thread safety for attribute access * Added @inherited to the Listeners annotation * Restrict Group inheritance to Before|AfterGroups * Ensure ITestResult injected to @AfterMethod is apt * Support suite level thread pools for data provider * Favour CompletableFuture instead of PoolService * Favour FutureTask for concurrency support * Shared Threadpool for normal/datadriven tests. * Abort for invalid combinations - Changes of version 7.8.0: * [Feature] Not exception but warning if some (not all) of the given test names are not found in suite files. * [Feature] Generate testng-results.xml per test suite * [Feature] Allow test classes to define 'configfailurepolicy' at a per class level * XmlTest index is not set for test suites invoked with YAML * Listener's onAfterClass is called before @afterclass configuration methods are executed. * After upgrading to TestNG 7.5.0, setting ITestResult.status to FAILURE doesn't fail the test anymore * JUnitReportReporter should capture the test case output at the test case level * TestNG.xml doesn't honour Parallel value of a clone * before configuration and before invocation should be 'SKIP' when beforeMethod is 'skip' * Test listeners specified in parent testng.xml file are not included in testng-failed.xml file * Discrepancies with DataProvider and Retry of failed tests * Skipped Tests with DataProvider appear as failed * testng-results xml reports config skips from base classes as ignored * Feature: Check that specific object present in List * Upgraded snakeyaml to 2.0 - Changes of version 7.7.1: * Streamline overloaded assertion methods for Groovy - Changes of version 7.7.0: * Replace FindBugs by SpotBugs * Gradle: Drop forUseAtConfigurationTime() * Added ability to provide custom message to assertThrows\expectThrows methods * Only resolve hostname once * Prevent overlogging of debug msgs in Graph impl * Streamlined dataprovider invoking in abstract classes * Streamlined TestResult due to expectedExceptions * Unexpected test runs count with retry analyzer * Make PackageUtils compliant with JPMS * Ability to retry a data provider during failures * Fixing bug with DataProvider retry * Added config key for callback discrepancy behavior * Fixed FileAlreadyExistsException error on copy * JarFileUtils.delete(File f) throw actual exception (instead of FileNotFound) when file cannot be deleted #2825 * Changing assertion message of the osgitest * Enhancing the Matrix * Avoid Compilation errors on Semeru JDK flavour. * Add addition yml extension * Support getting dependencies info for a test * Honour regex in dependsOnMethods * Ensure All tests run all the time * Deprecate support for running Spock Tests * Streamline dependsOnMethods for configurations * Ensure ITestContext available for JUnit4 tests * Deprecate support for running JUnit tests * Changes of 7.6.1 * Fix Files.copy() such that parent dirs are created * Remove deprecated utility methods - Changes of version 7.6.0: * Remove redundant Parameter implementation * Upgraded to JDK11 * Move SimpleBaseTest to be Kotlin based * Restore testnames when using suites in suite. * Moving ClassHelperTests into Kotlin * IHookable and IConfigurable callback discrepancy * Minor refactoring * Add additional condition for assertEqualsNoOrder * beforeConfiguration() listener method should be invoked for skipped configurations as well * Keep the initial order of listeners * SuiteRunner could not be initial by default Configuration * Enable Dataprovider failures to be considered. * BeforeGroups should run before any matched test * Fixed possible StringIndexOutOfBoundsException exception in XmlReporter * DataProvider: possibility to unload dataprovider class, when done with it * Fixed possibilty that AfterGroups method is invoked before all tests * Fixed equals implementation for WrappedTestNGMethod * Wire-In listeners consistently * Streamline AfterClass invocation * Show FQMN for tests in console * Honour custom attribute values in TestNG default reports Important SUSE bug 1205628 CVE-2022-4065 at SUSE CVE-2022-4065 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-39371: io_uring: check for non-NULL file pointer in io_file_can_poll() (bsc#1226990). - CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098). - CVE-2024-38610: drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() (bsc#1226758). - CVE-2024-37354: btrfs: fix crash on racing fsync and size-extending write into prealloc (bsc#1227101). - CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767). - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785). - CVE-2024-38570: gfs2: Fix potential glock use-after-free on unmount (bsc#1226775). - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732). - CVE-2023-52840: Fix use after free in rmi_unregister_function() (bsc#1224928). - CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595). - CVE-2023-52834: atl1c: Work around the DMA RX overflow issue (bsc#1225599). - CVE-2023-52875: Add check for mtk_alloc_clk_data (bsc#1225096). - CVE-2023-52865: Add check for mtk_alloc_clk_data (bsc#1225086). - CVE-2023-52821: Fixed a possible null pointer dereference (bsc#1225022). - CVE-2023-52867: Fixed possible buffer overflow (bsc#1225009). - CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634,). - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866). - CVE-2023-52759: Ignore negated quota changes (bsc#1225560). - CVE-2023-52796: Add ipvlan_route_v6_outbound() helper (bsc#1224930). - CVE-2023-52807: Fixed out-of-bounds access may occur when coalesce info is read via debugfs (bsc#1225097). - CVE-2023-52864: Fixed opening of char device (bsc#1225132). - CVE-2024-36926: Fixed LPAR panics during boot up with a frozen PE (bsc#1222011). - CVE-2023-52871: Handle a second device without data corruption (bsc#1225534) - CVE-2023-52795: Fixed use after free in vhost_vdpa_probe() (bsc#1225085). - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611). - CVE-2024-37353: virtio: fixed a double free in vp_del_vqs() (bsc#1226875). - CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994). - CVE-2024-35843: iommu/vt-d: Use device rbtree in iopf reporting path (bsc#1224751). - CVE-2024-37078: nilfs2: fix potential kernel bug due to lack of writeback flag waiting (bsc#1227066). - CVE-2024-35247: fpga: region: add owner module and take its refcount (bsc#1226948). - CVE-2024-36479: fpga: bridge: add owner module and take its refcount (bsc#1226949). - CVE-2024-37021: fpga: manager: add owner module and take its refcount (bsc#1226950). - CVE-2024-36281: net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules (bsc#1226799). - CVE-2024-38580: epoll: be better about file lifetimes (bsc#1226610). - CVE-2024-36478: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (bsc#1226841). - CVE-2024-38636: f2fs: multidev: fix to recognize valid zero block address (bsc#1226879). - CVE-2024-38661: s390/ap: Fix crash in AP internal function modify_bitmap() (bsc#1226996). - CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789). - CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786). - CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514). - CVE-2024-36917: block: fix overflow in blk_ioctl_discard() (bsc#1225770). - CVE-2024-38627: stm class: Fix a double free in stm_register_device() (bsc#1226857). - CVE-2024-38603: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() (bsc#1226842). - CVE-2024-38553: net: fec: remove .ndo_poll_controller to avoid deadlock (bsc#1226744). - CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607). - CVE-2024-38556: net/mlx5: Add a timeout to acquire the command queue semaphore (bsc#1226774). - CVE-2024-38557: net/mlx5: Reload only IB representors upon lag disable/enable (bsc#1226781). - CVE-2024-38608: net/mlx5e: Fix netif state handling (bsc#1226746). - CVE-2024-38597: eth: sungem: remove .ndo_poll_controller to avoid deadlocks (bsc#1226749). - CVE-2024-38594: net: stmmac: move the EST lock to struct stmmac_priv (bsc#1226734). - CVE-2024-38569: drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group (bsc#1226772). - CVE-2024-38568: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group (bsc#1226771). - CVE-2024-26814: vfio/fsl-mc: Block calling interrupt handler without trigger (bsc#1222810). - CVE-2024-26813: vfio/platform: Create persistent IRQ handlers (bsc#1222809). - CVE-2024-36945: net/smc: fix neighbour and rtable leak in smc_ib_find_route() (bsc#1225823). - CVE-2024-36923: fs/9p: fix uninitialized values during inode evict (bsc#1225815). - CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145). - CVE-2024-27414: rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back (bsc#1224439). - CVE-2024-35886: ipv6: Fix infinite recursion in fib6_dump_done() (bsc#1224670). - CVE-2024-36024: drm/amd/display: Disable idle reallow as part of command/gpint execution (bsc#1225702). - CVE-2024-36903: ipv6: Fix potential uninit-value access in __ip6_make_skb() (bsc#1225741). - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737). - CVE-2024-35979: raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1224572). - CVE-2024-35807: ext4: fix corruption during on-line resize (bsc#1224735). - CVE-2023-52622: ext4: avoid online resizing failures due to oversized flex bg (bsc#1222080). - CVE-2023-52843: llc: verify mac len before reading mac header (bsc#1224951). - CVE-2024-35898: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (bsc#1224498). - CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758). - CVE-2024-36882: mm: use memalloc_nofs_save() in page_cache_ra_order() (bsc#1225723). - CVE-2024-36916: blk-iocost: avoid out of bounds shift (bsc#1225759). - CVE-2024-36900: net: hns3: fix kernel crash when devlink reload during initialization (bsc#1225726). - CVE-2023-52787: blk-mq: make sure active queue usage is held for bio_integrity_prep() (bsc#1225105). - CVE-2024-35925: block: prevent division by zero in blk_rq_stat_sum() (bsc#1224661). - CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935). - CVE-2023-52786: ext4: fix racy may inline data check in dio write (bsc#1224939). - CVE-2024-36934: bna: ensure the copied buf is NUL terminated (bsc#1225760). - CVE-2024-36935: ice: ensure the copied buf is NUL terminated (bsc#1225763). - CVE-2024-36937: xdp: use flags field to disambiguate broadcast redirect (bsc#1225834). - CVE-2023-52672: pipe: wakeup wr_wait after setting max_usage (bsc#1224614). - CVE-2023-52845: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (bsc#1225585). - CVE-2024-36005: netfilter: nf_tables: honor table dormant flag from netdev release event path (bsc#1224539). - CVE-2024-26845: scsi: target: core: Add TMF to tmr_list handling (bsc#1223018). - CVE-2024-35892: net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() (bsc#1224515). - CVE-2024-35848: eeprom: at24: fix memory corruption race condition (bsc#1224612). - CVE-2024-35884: udp: do not accept non-tunnel GSO skbs landing in a tunnel (bsc#1224520). - CVE-2024-35857: icmp: prevent possible NULL dereferences from icmp_build_probe() (bsc#1224619). - CVE-2023-52735: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself (bsc#1225475). - CVE-2024-35926: crypto: iaa - Fix async_disable descriptor leak (bsc#1224655). - CVE-2024-35976: Validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (bsc#1224575). - CVE-2024-36938: Fixed NULL pointer dereference in sk_psock_skb_ingress_enqueue (bsc#1225761). - CVE-2024-36008: ipv4: check for NULL idev in ip_route_use_hint() (bsc#1224540). - CVE-2024-35998: Fixed lock ordering potential deadlock in cifs_sync_mid_result (bsc#1224549). - CVE-2023-52757: Fixed potential deadlock when releasing mids (bsc#1225548). - CVE-2024-27419: Fixed data-races around sysctl_net_busy_read (bsc#1224759) - CVE-2024-36957: octeontx2-af: avoid off-by-one read from userspace (bsc#1225762). - CVE-2024-26625: Call sock_orphan() at release time (bsc#1221086) - CVE-2024-35880: io_uring/kbuf: hold io_buffer_list reference over mmap (bsc#1224523). - CVE-2024-35831: io_uring: Fix release of pinned pages when __io_uaddr_map fails (bsc#1224698). - CVE-2024-35827: io_uring/net: fix overflow check in io_recvmsg_mshot_prep() (bsc#1224606). - CVE-2023-52656: Dropped any code related to SCM_RIGHTS (bsc#1224187). - CVE-2023-52699: sysv: don't call sb_bread() with pointers_lock held (bsc#1224659). The following non-security bugs were fixed: - KVM: arm64: Use local TLBI on permission relaxation (bsc#1219478). - KVM: x86/pmu: Prioritize VMX interception over #GP on RDPMC due to bad index (bsc#1226158). - NFS: abort nfs_atomic_open_v23 if name is too long (bsc#1219847). - NFS: add atomic_open for NFSv3 to handle O_TRUNC correctly (bsc#1219847). - NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226). - PCI: Clear Secondary Status errors after enumeration (bsc#1226928) - RAS/AMD/ATL: Fix MI300 bank hash (bsc#1225300). - RAS/AMD/ATL: Use system settings for MI300 DRAM to normalized address translation (bsc#1225300). - Revert 'build initrd without systemd' (bsc#1195775)' - arm64: mm: Batch dsb and isb when populating pgtables (jsc#PED-8688). - arm64: mm: Do not remap pgtables for allocate vs populate (jsc#PED-8688). - arm64: mm: Do not remap pgtables per-cont(pte|pmd) block (jsc#PED-8688). - bpf: check bpf_func_state->callback_depth when pruning states (bsc#1225903). - bpf: correct loop detection for iterators convergence (bsc#1225903). - bpf: exact states comparison for iterator convergence checks (bsc#1225903). - bpf: extract __check_reg_arg() utility function (bsc#1225903). - bpf: extract same_callsites() as utility function (bsc#1225903). - bpf: extract setup_func_entry() utility function (bsc#1225903). - bpf: keep track of max number of bpf_loop callback iterations (bsc#1225903). - bpf: move explored_state() closer to the beginning of verifier.c (bsc#1225903). - bpf: print full verifier states on infinite loop detection (bsc#1225903). - bpf: verify callbacks as if they are called unknown number of times (bsc#1225903). - bpf: widening for callback iterators (bsc#1225903). - cachefiles: remove requests from xarray during flushing requests (bsc#1226588). - ceph: add ceph_cap_unlink_work to fire check_caps() immediately (bsc#1226022). - ceph: always check dir caps asynchronously (bsc#1226022). - ceph: always queue a writeback when revoking the Fb caps (bsc#1226022). - ceph: break the check delayed cap loop every 5s (bsc#1226022). - ceph: switch to use cap_delay_lock for the unlink delay list (bsc#1226022). - crypto: deflate - Add aliases to deflate (bsc#1227190). - crypto: iaa - Account for cpu-less numa nodes (bsc#1227190). - ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958) - kABI: bpf: verifier kABI workaround (bsc#1225903). - net: ena: Fix redundant device NUMA node override (jsc#PED-8688). - net: mana: Enable MANA driver on ARM64 with 4K page size (jsc#PED-8491). - nfs: Avoid flushing many pages with NFS_FILE_SYNC (bsc#1218442). - nfs: Bump default write congestion size (bsc#1218442). - nfsd: optimise recalculate_deny_mode() for a common case (bsc#1217912). - nvme-fabrics: short-circuit reconnect retries (bsc#1186716). - nvme-tcp: Export the nvme_tcp_wq to sysfs (bsc#1224049). - nvme/tcp: Add wq_unbound modparam for nvme_tcp_wq (bsc#1224049). - nvme: do not retry authentication failures (bsc#1186716). - nvme: return kernel error codes for admin queue connect (bsc#1186716). - nvmet: lock config semaphore when accessing DH-HMAC-CHAP key (bsc#1186716). - nvmet: return DHCHAP status codes from nvmet_setup_auth() (bsc#1186716). - ocfs2: adjust enabling place for la window (bsc#1219224). - ocfs2: fix sparse warnings (bsc#1219224). - ocfs2: improve write IO performance when fragmentation is high (bsc#1219224). - ocfs2: speed up chain-list searching (bsc#1219224). - rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212). - rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211). - s390/cpacf: Make use of invalid opcode produce a link error (bsc#1227072). - sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() (bsc#1226791). - selftests/bpf: test case for callback_depth states pruning logic (bsc#1225903). - selftests/bpf: test if state loops are detected in a tricky case (bsc#1225903). - selftests/bpf: test widening for iterating callbacks (bsc#1225903). - selftests/bpf: tests for iterating callbacks (bsc#1225903). - selftests/bpf: tests with delayed read/precision makrs in loop body (bsc#1225903). - selftests/bpf: track string payload offset as scalar in strobemeta (bsc#1225903). - selftests/bpf: track tcp payload offset as scalar in xdp_synproxy (bsc#1225903). - supported.conf: Add APM X-Gene SoC hardware monitoring driver (bsc#1223265 jsc#PED-8570) - tcp: Dump bound-only sockets in inet_diag (bsc#1204562). - x86/mce: Dynamically size space for machine check records (bsc#1222241). - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962). Important SUSE bug 1186716 SUSE bug 1195775 SUSE bug 1204562 SUSE bug 1209834 SUSE bug 1217481 SUSE bug 1217912 SUSE bug 1218442 SUSE bug 1219224 SUSE bug 1219478 SUSE bug 1219596 SUSE bug 1219633 SUSE bug 1219847 SUSE bug 1219953 SUSE bug 1221086 SUSE bug 1221777 SUSE bug 1221958 SUSE bug 1222011 SUSE bug 1222015 SUSE bug 1222080 SUSE bug 1222241 SUSE bug 1222380 SUSE bug 1222588 SUSE bug 1222617 SUSE bug 1222619 SUSE bug 1222809 SUSE bug 1222810 SUSE bug 1223018 SUSE bug 1223265 SUSE bug 1224049 SUSE bug 1224187 SUSE bug 1224439 SUSE bug 1224497 SUSE bug 1224498 SUSE bug 1224515 SUSE bug 1224520 SUSE bug 1224523 SUSE bug 1224539 SUSE bug 1224540 SUSE bug 1224549 SUSE bug 1224572 SUSE bug 1224575 SUSE bug 1224583 SUSE bug 1224584 SUSE bug 1224606 SUSE bug 1224612 SUSE bug 1224614 SUSE bug 1224619 SUSE bug 1224655 SUSE bug 1224659 SUSE bug 1224661 SUSE bug 1224662 SUSE bug 1224670 SUSE bug 1224673 SUSE bug 1224698 SUSE bug 1224735 SUSE bug 1224751 SUSE bug 1224759 SUSE bug 1224928 SUSE bug 1224930 SUSE bug 1224932 SUSE bug 1224933 SUSE bug 1224935 SUSE bug 1224937 SUSE bug 1224939 SUSE bug 1224941 SUSE bug 1224944 SUSE bug 1224946 SUSE bug 1224947 SUSE bug 1224949 SUSE bug 1224951 SUSE bug 1224988 SUSE bug 1224992 SUSE bug 1224998 SUSE bug 1225000 SUSE bug 1225001 SUSE bug 1225004 SUSE bug 1225006 SUSE bug 1225008 SUSE bug 1225009 SUSE bug 1225014 SUSE bug 1225015 SUSE bug 1225022 SUSE bug 1225025 SUSE bug 1225028 SUSE bug 1225029 SUSE bug 1225031 SUSE bug 1225036 SUSE bug 1225041 SUSE bug 1225044 SUSE bug 1225049 SUSE bug 1225050 SUSE bug 1225076 SUSE bug 1225077 SUSE bug 1225078 SUSE bug 1225081 SUSE bug 1225085 SUSE bug 1225086 SUSE bug 1225090 SUSE bug 1225092 SUSE bug 1225096 SUSE bug 1225097 SUSE bug 1225098 SUSE bug 1225101 SUSE bug 1225103 SUSE bug 1225104 SUSE bug 1225105 SUSE bug 1225106 SUSE bug 1225108 SUSE bug 1225120 SUSE bug 1225132 SUSE bug 1225180 SUSE bug 1225300 SUSE bug 1225391 SUSE bug 1225472 SUSE bug 1225475 SUSE bug 1225476 SUSE bug 1225477 SUSE bug 1225478 SUSE bug 1225485 SUSE bug 1225490 SUSE bug 1225527 SUSE bug 1225529 SUSE bug 1225530 SUSE bug 1225532 SUSE bug 1225534 SUSE bug 1225548 SUSE bug 1225550 SUSE bug 1225553 SUSE bug 1225554 SUSE bug 1225555 SUSE bug 1225556 SUSE bug 1225557 SUSE bug 1225559 SUSE bug 1225560 SUSE bug 1225564 SUSE bug 1225565 SUSE bug 1225566 SUSE bug 1225568 SUSE bug 1225569 SUSE bug 1225570 SUSE bug 1225571 SUSE bug 1225572 SUSE bug 1225573 SUSE bug 1225577 SUSE bug 1225581 SUSE bug 1225583 SUSE bug 1225584 SUSE bug 1225585 SUSE bug 1225586 SUSE bug 1225587 SUSE bug 1225588 SUSE bug 1225589 SUSE bug 1225590 SUSE bug 1225591 SUSE bug 1225592 SUSE bug 1225594 SUSE bug 1225595 SUSE bug 1225599 SUSE bug 1225602 SUSE bug 1225605 SUSE bug 1225609 SUSE bug 1225611 SUSE bug 1225681 SUSE bug 1225702 SUSE bug 1225723 SUSE bug 1225726 SUSE bug 1225731 SUSE bug 1225732 SUSE bug 1225737 SUSE bug 1225741 SUSE bug 1225758 SUSE bug 1225759 SUSE bug 1225760 SUSE bug 1225761 SUSE bug 1225762 SUSE bug 1225763 SUSE bug 1225767 SUSE bug 1225770 SUSE bug 1225815 SUSE bug 1225820 SUSE bug 1225823 SUSE bug 1225827 SUSE bug 1225834 SUSE bug 1225866 SUSE bug 1225872 SUSE bug 1225898 SUSE bug 1225903 SUSE bug 1226022 SUSE bug 1226131 SUSE bug 1226145 SUSE bug 1226149 SUSE bug 1226155 SUSE bug 1226158 SUSE bug 1226163 SUSE bug 1226211 SUSE bug 1226212 SUSE bug 1226226 SUSE bug 1226457 SUSE bug 1226503 SUSE bug 1226513 SUSE bug 1226514 SUSE bug 1226520 SUSE bug 1226582 SUSE bug 1226587 SUSE bug 1226588 SUSE bug 1226592 SUSE bug 1226593 SUSE bug 1226594 SUSE bug 1226595 SUSE bug 1226597 SUSE bug 1226607 SUSE bug 1226608 SUSE bug 1226610 SUSE bug 1226612 SUSE bug 1226613 SUSE bug 1226630 SUSE bug 1226632 SUSE bug 1226633 SUSE bug 1226634 SUSE bug 1226637 SUSE bug 1226657 SUSE bug 1226658 SUSE bug 1226734 SUSE bug 1226735 SUSE bug 1226737 SUSE bug 1226738 SUSE bug 1226739 SUSE bug 1226740 SUSE bug 1226741 SUSE bug 1226742 SUSE bug 1226744 SUSE bug 1226746 SUSE bug 1226747 SUSE bug 1226749 SUSE bug 1226754 SUSE bug 1226758 SUSE bug 1226760 SUSE bug 1226761 SUSE bug 1226764 SUSE bug 1226767 SUSE bug 1226768 SUSE bug 1226769 SUSE bug 1226771 SUSE bug 1226772 SUSE bug 1226774 SUSE bug 1226775 SUSE bug 1226776 SUSE bug 1226777 SUSE bug 1226780 SUSE bug 1226781 SUSE bug 1226786 SUSE bug 1226788 SUSE bug 1226789 SUSE bug 1226790 SUSE bug 1226791 SUSE bug 1226796 SUSE bug 1226799 SUSE bug 1226837 SUSE bug 1226839 SUSE bug 1226840 SUSE bug 1226841 SUSE bug 1226842 SUSE bug 1226844 SUSE bug 1226848 SUSE bug 1226852 SUSE bug 1226856 SUSE bug 1226857 SUSE bug 1226859 SUSE bug 1226861 SUSE bug 1226863 SUSE bug 1226864 SUSE bug 1226867 SUSE bug 1226868 SUSE bug 1226875 SUSE bug 1226876 SUSE bug 1226878 SUSE bug 1226879 SUSE bug 1226886 SUSE bug 1226890 SUSE bug 1226891 SUSE bug 1226894 SUSE bug 1226895 SUSE bug 1226905 SUSE bug 1226908 SUSE bug 1226909 SUSE bug 1226911 SUSE bug 1226928 SUSE bug 1226934 SUSE bug 1226938 SUSE bug 1226939 SUSE bug 1226941 SUSE bug 1226948 SUSE bug 1226949 SUSE bug 1226950 SUSE bug 1226962 SUSE bug 1226976 SUSE bug 1226989 SUSE bug 1226990 SUSE bug 1226992 SUSE bug 1226994 SUSE bug 1226995 SUSE bug 1226996 SUSE bug 1227066 SUSE bug 1227072 SUSE bug 1227085 SUSE bug 1227089 SUSE bug 1227090 SUSE bug 1227096 SUSE bug 1227101 SUSE bug 1227190 CVE-2021-47432 at SUSE CVE-2021-47432 at NVD CVE-2022-48772 at SUSE CVE-2022-48772 at NVD CVE-2023-52622 at SUSE CVE-2023-52622 at NVD CVE-2023-52656 at SUSE CVE-2023-52656 at NVD CVE-2023-52672 at SUSE CVE-2023-52672 at NVD CVE-2023-52699 at SUSE CVE-2023-52699 at NVD CVE-2023-52735 at SUSE CVE-2023-52735 at NVD CVE-2023-52749 at SUSE CVE-2023-52749 at NVD CVE-2023-52750 at SUSE CVE-2023-52750 at NVD CVE-2023-52753 at SUSE CVE-2023-52753 at NVD CVE-2023-52754 at SUSE CVE-2023-52754 at NVD CVE-2023-52757 at SUSE CVE-2023-52757 at NVD CVE-2023-52759 at SUSE CVE-2023-52759 at NVD CVE-2023-52762 at SUSE CVE-2023-52762 at NVD CVE-2023-52763 at SUSE CVE-2023-52763 at NVD CVE-2023-52764 at SUSE CVE-2023-52764 at NVD CVE-2023-52765 at SUSE CVE-2023-52765 at NVD CVE-2023-52766 at SUSE CVE-2023-52766 at NVD CVE-2023-52767 at SUSE CVE-2023-52767 at NVD CVE-2023-52768 at SUSE CVE-2023-52768 at NVD CVE-2023-52769 at SUSE CVE-2023-52769 at NVD CVE-2023-52773 at SUSE CVE-2023-52773 at NVD CVE-2023-52774 at SUSE CVE-2023-52774 at NVD CVE-2023-52776 at SUSE CVE-2023-52776 at NVD CVE-2023-52777 at SUSE CVE-2023-52777 at NVD CVE-2023-52780 at SUSE CVE-2023-52780 at NVD CVE-2023-52781 at SUSE CVE-2023-52781 at NVD CVE-2023-52782 at SUSE CVE-2023-52782 at NVD CVE-2023-52783 at SUSE CVE-2023-52783 at NVD CVE-2023-52784 at SUSE CVE-2023-52784 at NVD CVE-2023-52786 at SUSE CVE-2023-52786 at NVD CVE-2023-52787 at SUSE CVE-2023-52787 at NVD CVE-2023-52788 at SUSE CVE-2023-52788 at NVD CVE-2023-52789 at SUSE CVE-2023-52789 at NVD CVE-2023-52791 at SUSE CVE-2023-52791 at NVD CVE-2023-52792 at SUSE CVE-2023-52792 at NVD CVE-2023-52794 at SUSE CVE-2023-52794 at NVD CVE-2023-52795 at SUSE CVE-2023-52795 at NVD CVE-2023-52796 at SUSE CVE-2023-52796 at NVD CVE-2023-52798 at SUSE CVE-2023-52798 at NVD CVE-2023-52799 at SUSE CVE-2023-52799 at NVD CVE-2023-52800 at SUSE CVE-2023-52800 at NVD CVE-2023-52801 at SUSE CVE-2023-52801 at NVD CVE-2023-52803 at SUSE CVE-2023-52803 at NVD CVE-2023-52804 at SUSE CVE-2023-52804 at NVD CVE-2023-52805 at SUSE CVE-2023-52805 at NVD CVE-2023-52806 at SUSE CVE-2023-52806 at NVD CVE-2023-52807 at SUSE CVE-2023-52807 at NVD CVE-2023-52808 at SUSE CVE-2023-52808 at NVD CVE-2023-52809 at SUSE CVE-2023-52809 at NVD CVE-2023-52810 at SUSE CVE-2023-52810 at NVD CVE-2023-52811 at SUSE CVE-2023-52811 at NVD CVE-2023-52812 at SUSE CVE-2023-52812 at NVD CVE-2023-52813 at SUSE CVE-2023-52813 at NVD CVE-2023-52814 at SUSE CVE-2023-52814 at NVD CVE-2023-52815 at SUSE CVE-2023-52815 at NVD CVE-2023-52816 at SUSE CVE-2023-52816 at NVD CVE-2023-52817 at SUSE CVE-2023-52817 at NVD CVE-2023-52818 at SUSE CVE-2023-52818 at NVD CVE-2023-52819 at SUSE CVE-2023-52819 at NVD CVE-2023-52821 at SUSE CVE-2023-52821 at NVD CVE-2023-52825 at SUSE CVE-2023-52825 at NVD CVE-2023-52826 at SUSE CVE-2023-52826 at NVD CVE-2023-52827 at SUSE CVE-2023-52827 at NVD CVE-2023-52829 at SUSE CVE-2023-52829 at NVD CVE-2023-52832 at SUSE CVE-2023-52832 at NVD CVE-2023-52833 at SUSE CVE-2023-52833 at NVD CVE-2023-52834 at SUSE CVE-2023-52834 at NVD CVE-2023-52835 at SUSE CVE-2023-52835 at NVD CVE-2023-52836 at SUSE CVE-2023-52836 at NVD CVE-2023-52837 at SUSE CVE-2023-52837 at NVD CVE-2023-52838 at SUSE CVE-2023-52838 at NVD CVE-2023-52840 at SUSE CVE-2023-52840 at NVD CVE-2023-52841 at SUSE CVE-2023-52841 at NVD CVE-2023-52842 at SUSE CVE-2023-52842 at NVD CVE-2023-52843 at SUSE CVE-2023-52843 at NVD CVE-2023-52844 at SUSE CVE-2023-52844 at NVD CVE-2023-52845 at SUSE CVE-2023-52845 at NVD CVE-2023-52846 at SUSE CVE-2023-52846 at NVD CVE-2023-52847 at SUSE CVE-2023-52847 at NVD CVE-2023-52849 at SUSE CVE-2023-52849 at NVD CVE-2023-52850 at SUSE CVE-2023-52850 at NVD CVE-2023-52851 at SUSE CVE-2023-52851 at NVD CVE-2023-52853 at SUSE CVE-2023-52853 at NVD CVE-2023-52854 at SUSE CVE-2023-52854 at NVD CVE-2023-52855 at SUSE CVE-2023-52855 at NVD CVE-2023-52856 at SUSE CVE-2023-52856 at NVD CVE-2023-52857 at SUSE CVE-2023-52857 at NVD CVE-2023-52858 at SUSE CVE-2023-52858 at NVD CVE-2023-52861 at SUSE CVE-2023-52861 at NVD CVE-2023-52862 at SUSE CVE-2023-52862 at NVD CVE-2023-52863 at SUSE CVE-2023-52863 at NVD CVE-2023-52864 at SUSE CVE-2023-52864 at NVD CVE-2023-52865 at SUSE CVE-2023-52865 at NVD CVE-2023-52866 at SUSE CVE-2023-52866 at NVD CVE-2023-52867 at SUSE CVE-2023-52867 at NVD CVE-2023-52868 at SUSE CVE-2023-52868 at NVD CVE-2023-52869 at SUSE CVE-2023-52869 at NVD CVE-2023-52870 at SUSE CVE-2023-52870 at NVD CVE-2023-52871 at SUSE CVE-2023-52871 at NVD CVE-2023-52872 at SUSE CVE-2023-52872 at NVD CVE-2023-52873 at SUSE CVE-2023-52873 at NVD CVE-2023-52874 at SUSE CVE-2023-52874 at NVD CVE-2023-52875 at SUSE CVE-2023-52875 at NVD CVE-2023-52876 at SUSE CVE-2023-52876 at NVD CVE-2023-52877 at SUSE CVE-2023-52877 at NVD CVE-2023-52878 at SUSE CVE-2023-52878 at NVD CVE-2023-52879 at SUSE CVE-2023-52879 at NVD CVE-2023-52880 at SUSE CVE-2023-52880 at NVD CVE-2023-52881 at SUSE CVE-2023-52881 at NVD CVE-2023-52883 at SUSE CVE-2023-52883 at NVD CVE-2023-52884 at SUSE CVE-2023-52884 at NVD CVE-2024-26482 at SUSE CVE-2024-26482 at NVD CVE-2024-26625 at SUSE CVE-2024-26625 at NVD CVE-2024-26676 at SUSE CVE-2024-26676 at NVD CVE-2024-26750 at SUSE CVE-2024-26750 at NVD CVE-2024-26758 at SUSE CVE-2024-26758 at NVD CVE-2024-26767 at SUSE CVE-2024-26767 at NVD CVE-2024-26780 at SUSE CVE-2024-26780 at NVD CVE-2024-26813 at SUSE CVE-2024-26813 at NVD CVE-2024-26814 at SUSE CVE-2024-26814 at NVD CVE-2024-26845 at SUSE CVE-2024-26845 at NVD CVE-2024-26889 at SUSE CVE-2024-26889 at NVD CVE-2024-26920 at SUSE CVE-2024-26920 at NVD CVE-2024-27414 at SUSE CVE-2024-27414 at NVD CVE-2024-27419 at SUSE CVE-2024-27419 at NVD CVE-2024-33619 at SUSE CVE-2024-33619 at NVD CVE-2024-34777 at SUSE CVE-2024-34777 at NVD CVE-2024-35247 at SUSE CVE-2024-35247 at NVD CVE-2024-35807 at SUSE CVE-2024-35807 at NVD CVE-2024-35827 at SUSE CVE-2024-35827 at NVD CVE-2024-35831 at SUSE CVE-2024-35831 at NVD CVE-2024-35843 at SUSE CVE-2024-35843 at NVD CVE-2024-35848 at SUSE CVE-2024-35848 at NVD CVE-2024-35857 at SUSE CVE-2024-35857 at NVD CVE-2024-35880 at SUSE CVE-2024-35880 at NVD CVE-2024-35884 at SUSE CVE-2024-35884 at NVD CVE-2024-35886 at SUSE CVE-2024-35886 at NVD CVE-2024-35892 at SUSE CVE-2024-35892 at NVD CVE-2024-35896 at SUSE CVE-2024-35896 at NVD CVE-2024-35898 at SUSE CVE-2024-35898 at NVD CVE-2024-35900 at SUSE CVE-2024-35900 at NVD CVE-2024-35925 at SUSE CVE-2024-35925 at NVD CVE-2024-35926 at SUSE CVE-2024-35926 at NVD CVE-2024-35957 at SUSE CVE-2024-35957 at NVD CVE-2024-35962 at SUSE CVE-2024-35962 at NVD CVE-2024-35970 at SUSE CVE-2024-35970 at NVD CVE-2024-35976 at SUSE CVE-2024-35976 at NVD CVE-2024-35979 at SUSE CVE-2024-35979 at NVD CVE-2024-35998 at SUSE CVE-2024-35998 at NVD CVE-2024-36005 at SUSE CVE-2024-36005 at NVD CVE-2024-36008 at SUSE CVE-2024-36008 at NVD CVE-2024-36010 at SUSE CVE-2024-36010 at NVD CVE-2024-36017 at SUSE CVE-2024-36017 at NVD CVE-2024-36024 at SUSE CVE-2024-36024 at NVD CVE-2024-36281 at SUSE CVE-2024-36281 at NVD CVE-2024-36477 at SUSE CVE-2024-36477 at NVD CVE-2024-36478 at SUSE CVE-2024-36478 at NVD CVE-2024-36479 at SUSE CVE-2024-36479 at NVD CVE-2024-36882 at SUSE CVE-2024-36882 at NVD CVE-2024-36887 at SUSE CVE-2024-36887 at NVD CVE-2024-36899 at SUSE CVE-2024-36899 at NVD CVE-2024-36900 at SUSE CVE-2024-36900 at NVD CVE-2024-36903 at SUSE CVE-2024-36903 at NVD CVE-2024-36904 at SUSE CVE-2024-36904 at NVD CVE-2024-36915 at SUSE CVE-2024-36915 at NVD CVE-2024-36916 at SUSE CVE-2024-36916 at NVD CVE-2024-36917 at SUSE CVE-2024-36917 at NVD CVE-2024-36919 at SUSE CVE-2024-36919 at NVD CVE-2024-36923 at SUSE CVE-2024-36923 at NVD CVE-2024-36924 at SUSE CVE-2024-36924 at NVD CVE-2024-36926 at SUSE CVE-2024-36926 at NVD CVE-2024-36934 at SUSE CVE-2024-36934 at NVD CVE-2024-36935 at SUSE CVE-2024-36935 at NVD CVE-2024-36937 at SUSE CVE-2024-36937 at NVD CVE-2024-36938 at SUSE CVE-2024-36938 at NVD CVE-2024-36945 at SUSE CVE-2024-36945 at NVD CVE-2024-36952 at SUSE CVE-2024-36952 at NVD CVE-2024-36957 at SUSE CVE-2024-36957 at NVD CVE-2024-36960 at SUSE CVE-2024-36960 at NVD CVE-2024-36962 at SUSE CVE-2024-36962 at NVD CVE-2024-36964 at SUSE CVE-2024-36964 at NVD CVE-2024-36965 at SUSE CVE-2024-36965 at NVD CVE-2024-36967 at SUSE CVE-2024-36967 at NVD CVE-2024-36969 at SUSE CVE-2024-36969 at NVD CVE-2024-36971 at SUSE CVE-2024-36971 at NVD CVE-2024-36972 at SUSE CVE-2024-36972 at NVD CVE-2024-36973 at SUSE CVE-2024-36973 at NVD CVE-2024-36975 at SUSE CVE-2024-36975 at NVD CVE-2024-36977 at SUSE CVE-2024-36977 at NVD CVE-2024-36978 at SUSE CVE-2024-36978 at NVD CVE-2024-37021 at SUSE CVE-2024-37021 at NVD CVE-2024-37078 at SUSE CVE-2024-37078 at NVD CVE-2024-37353 at SUSE CVE-2024-37353 at NVD CVE-2024-37354 at SUSE CVE-2024-37354 at NVD CVE-2024-38381 at SUSE CVE-2024-38381 at NVD CVE-2024-38384 at SUSE CVE-2024-38384 at NVD CVE-2024-38385 at SUSE CVE-2024-38385 at NVD CVE-2024-38388 at SUSE CVE-2024-38388 at NVD CVE-2024-38390 at SUSE CVE-2024-38390 at NVD CVE-2024-38391 at SUSE CVE-2024-38391 at NVD CVE-2024-38539 at SUSE CVE-2024-38539 at NVD CVE-2024-38540 at SUSE CVE-2024-38540 at NVD CVE-2024-38541 at SUSE CVE-2024-38541 at NVD CVE-2024-38543 at SUSE CVE-2024-38543 at NVD CVE-2024-38544 at SUSE CVE-2024-38544 at NVD CVE-2024-38545 at SUSE CVE-2024-38545 at NVD CVE-2024-38546 at SUSE CVE-2024-38546 at NVD CVE-2024-38547 at SUSE CVE-2024-38547 at NVD CVE-2024-38548 at SUSE CVE-2024-38548 at NVD CVE-2024-38549 at SUSE CVE-2024-38549 at NVD CVE-2024-38550 at SUSE CVE-2024-38550 at NVD CVE-2024-38551 at SUSE CVE-2024-38551 at NVD CVE-2024-38552 at SUSE CVE-2024-38552 at NVD CVE-2024-38553 at SUSE CVE-2024-38553 at NVD CVE-2024-38554 at SUSE CVE-2024-38554 at NVD CVE-2024-38555 at SUSE CVE-2024-38555 at NVD CVE-2024-38556 at SUSE CVE-2024-38556 at NVD CVE-2024-38557 at SUSE CVE-2024-38557 at NVD CVE-2024-38559 at SUSE CVE-2024-38559 at NVD CVE-2024-38560 at SUSE CVE-2024-38560 at NVD CVE-2024-38562 at SUSE CVE-2024-38562 at NVD CVE-2024-38564 at SUSE CVE-2024-38564 at NVD CVE-2024-38565 at SUSE CVE-2024-38565 at NVD CVE-2024-38566 at SUSE CVE-2024-38566 at NVD CVE-2024-38567 at SUSE CVE-2024-38567 at NVD CVE-2024-38568 at SUSE CVE-2024-38568 at NVD CVE-2024-38569 at SUSE CVE-2024-38569 at NVD CVE-2024-38570 at SUSE CVE-2024-38570 at NVD CVE-2024-38571 at SUSE CVE-2024-38571 at NVD CVE-2024-38572 at SUSE CVE-2024-38572 at NVD CVE-2024-38573 at SUSE CVE-2024-38573 at NVD CVE-2024-38575 at SUSE CVE-2024-38575 at NVD CVE-2024-38578 at SUSE CVE-2024-38578 at NVD CVE-2024-38579 at SUSE CVE-2024-38579 at NVD CVE-2024-38580 at SUSE CVE-2024-38580 at NVD CVE-2024-38581 at SUSE CVE-2024-38581 at NVD CVE-2024-38582 at SUSE CVE-2024-38582 at NVD CVE-2024-38583 at SUSE CVE-2024-38583 at NVD CVE-2024-38587 at SUSE CVE-2024-38587 at NVD CVE-2024-38588 at SUSE CVE-2024-38588 at NVD CVE-2024-38590 at SUSE CVE-2024-38590 at NVD CVE-2024-38591 at SUSE CVE-2024-38591 at NVD CVE-2024-38592 at SUSE CVE-2024-38592 at NVD CVE-2024-38594 at SUSE CVE-2024-38594 at NVD CVE-2024-38595 at SUSE CVE-2024-38595 at NVD CVE-2024-38597 at SUSE CVE-2024-38597 at NVD CVE-2024-38599 at SUSE CVE-2024-38599 at NVD CVE-2024-38600 at SUSE CVE-2024-38600 at NVD CVE-2024-38601 at SUSE CVE-2024-38601 at NVD CVE-2024-38602 at SUSE CVE-2024-38602 at NVD CVE-2024-38603 at SUSE CVE-2024-38603 at NVD CVE-2024-38605 at SUSE CVE-2024-38605 at NVD CVE-2024-38608 at SUSE CVE-2024-38608 at NVD CVE-2024-38610 at SUSE CVE-2024-38610 at NVD CVE-2024-38611 at SUSE CVE-2024-38611 at NVD CVE-2024-38615 at SUSE CVE-2024-38615 at NVD CVE-2024-38616 at SUSE CVE-2024-38616 at NVD CVE-2024-38617 at SUSE CVE-2024-38617 at NVD CVE-2024-38618 at SUSE CVE-2024-38618 at NVD CVE-2024-38619 at SUSE CVE-2024-38619 at NVD CVE-2024-38621 at SUSE CVE-2024-38621 at NVD CVE-2024-38622 at SUSE CVE-2024-38622 at NVD CVE-2024-38627 at SUSE CVE-2024-38627 at NVD CVE-2024-38628 at SUSE CVE-2024-38628 at NVD CVE-2024-38629 at SUSE CVE-2024-38629 at NVD CVE-2024-38630 at SUSE CVE-2024-38630 at NVD CVE-2024-38633 at SUSE CVE-2024-38633 at NVD CVE-2024-38634 at SUSE CVE-2024-38634 at NVD CVE-2024-38635 at SUSE CVE-2024-38635 at NVD CVE-2024-38636 at SUSE CVE-2024-38636 at NVD CVE-2024-38661 at SUSE CVE-2024-38661 at NVD CVE-2024-38663 at SUSE CVE-2024-38663 at NVD CVE-2024-38664 at SUSE CVE-2024-38664 at NVD CVE-2024-38780 at SUSE CVE-2024-38780 at NVD CVE-2024-39277 at SUSE CVE-2024-39277 at NVD CVE-2024-39291 at SUSE CVE-2024-39291 at NVD CVE-2024-39296 at SUSE CVE-2024-39296 at NVD CVE-2024-39301 at SUSE CVE-2024-39301 at NVD CVE-2024-39362 at SUSE CVE-2024-39362 at NVD CVE-2024-39371 at SUSE CVE-2024-39371 at NVD CVE-2024-39463 at SUSE CVE-2024-39463 at NVD CVE-2024-39466 at SUSE CVE-2024-39466 at NVD CVE-2024-39469 at SUSE CVE-2024-39469 at NVD CVE-2024-39471 at SUSE CVE-2024-39471 at NVD cpe:/o:opensuse:leap:15.6 Security update for python312 (Moderate) openSUSE Leap 15.6 This update for python312 fixes the following issues: - CVE-2024-4032: Corrected information about public and private IPv4 and IPv6 address ranges (bsc#1226448). Moderate SUSE bug 1225660 SUSE bug 1226447 SUSE bug 1226448 SUSE bug 1227152 SUSE bug 1227378 CVE-2024-0397 at SUSE CVE-2024-0397 at NVD CVE-2024-4030 at SUSE CVE-2024-4030 at NVD CVE-2024-4032 at SUSE CVE-2024-4032 at NVD cpe:/o:opensuse:leap:15.6 Security update for nodejs20 (Moderate) openSUSE Leap 15.6 This update for nodejs20 fixes the following issues: Update to 20.15.1: - CVE-2024-36138: Fixed CVE-2024-27980 fix bypass (bsc#1227560) - CVE-2024-22020: Fixed a bypass of network import restriction via data URL (bsc#1227554) - CVE-2024-22018: Fixed fs.lstat bypasses permission model (bsc#1227562) - CVE-2024-36137: Fixed fs.fchown/fchmod bypasses permission model (bsc#1227561) - CVE-2024-37372: Fixed Permission model improperly processes UNC paths (bsc#1227563) Changes in 20.15.0: - test_runner: support test plans - inspector: introduce the --inspect-wait flag - zlib: expose zlib.crc32() - cli: allow running wasm in limited vmem with --disable-wasm-trap-handler Changes in 20.14.0 - src,permission: throw async errors on async APIs - test_runner: support forced exit Changes in 20.13.1: - buffer: improve base64 and base64url performance - crypto: deprecate implicitly shortened GCM tags - events,doc: mark CustomEvent as stable - fs: add stacktrace to fs/promises - report: add --report-exclude-network option - src: add uv_get_available_memory to report and process - stream: support typed arrays - util: support array of formats in util.styleText - v8: implement v8.queryObjects() for memory leak regression testing - watch: mark as stable Moderate SUSE bug 1227554 SUSE bug 1227560 SUSE bug 1227561 SUSE bug 1227562 SUSE bug 1227563 CVE-2024-22018 at SUSE CVE-2024-22018 at NVD CVE-2024-22020 at SUSE CVE-2024-22020 at NVD CVE-2024-27980 at SUSE CVE-2024-27980 at NVD CVE-2024-36137 at SUSE CVE-2024-36137 at NVD CVE-2024-36138 at SUSE CVE-2024-36138 at NVD CVE-2024-37372 at SUSE CVE-2024-37372 at NVD cpe:/o:opensuse:leap:15.6 Security update for kernel-firmware (Moderate) openSUSE Leap 15.6 This update for kernel-firmware fixes the following issues: - CVE-2023-38417: Fixed improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 (bsc#1225600) - CVE-2023-47210: Fixed improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 (bsc#1225601) - Update to version 20240712 (git commit ed874ed83cac): * amdgpu: update DMCUB to v0.0.225.0 for Various AMDGPU Asics * qcom: add gpu firmwares for x1e80100 chipset (bsc#1219458) * linux-firmware: add firmware for qat_402xx devices * amdgpu: update raven firmware * amdgpu: update SMU 13.0.10 firmware * amdgpu: update SDMA 6.0.3 firmware * amdgpu: update PSP 13.0.10 firmware * amdgpu: update GC 11.0.3 firmware * amdgpu: update vega20 firmware * amdgpu: update PSP 13.0.5 firmware * amdgpu: update PSP 13.0.8 firmware * amdgpu: update vega12 firmware * amdgpu: update vega10 firmware * amdgpu: update VCN 4.0.0 firmware * amdgpu: update SDMA 6.0.0 firmware * amdgpu: update PSP 13.0.0 firmware * amdgpu: update GC 11.0.0 firmware * amdgpu: update picasso firmware * amdgpu: update beige goby firmware * amdgpu: update vangogh firmware * amdgpu: update dimgrey cavefish firmware * amdgpu: update navy flounder firmware * amdgpu: update PSP 13.0.11 firmware * amdgpu: update GC 11.0.4 firmware * amdgpu: update green sardine firmware * amdgpu: update VCN 4.0.2 firmware * amdgpu: update SDMA 6.0.1 firmware * amdgpu: update PSP 13.0.4 firmware * amdgpu: update GC 11.0.1 firmware * amdgpu: update sienna cichlid firmware * amdgpu: update VPE 6.1.1 firmware * amdgpu: update VCN 4.0.6 firmware * amdgpu: update SDMA 6.1.1 firmware * amdgpu: update PSP 14.0.1 firmware * amdgpu: update GC 11.5.1 firmware * amdgpu: update VCN 4.0.5 firmware * amdgpu: update SDMA 6.1.0 firmware * amdgpu: update PSP 14.0.0 firmware * amdgpu: update GC 11.5.0 firmware * amdgpu: update navi14 firmware * amdgpu: update renoir firmware * amdgpu: update navi12 firmware * amdgpu: update PSP 13.0.6 firmware * amdgpu: update GC 9.4.3 firmware * amdgpu: update yellow carp firmware * amdgpu: update VCN 4.0.4 firmware * amdgpu: update SMU 13.0.7 firmware * amdgpu: update SDMA 6.0.2 firmware * amdgpu: update PSP 13.0.7 firmware * amdgpu: update GC 11.0.2 firmware * amdgpu: update navi10 firmware * amdgpu: update raven2 firmware * amdgpu: update aldebaran firmware * linux-firmware: Update AMD cpu microcode * linux-firmware: Add ISH firmware file for Intel Lunar Lake platform * amdgpu: update DMCUB to v0.0.224.0 for Various AMDGPU Asics * cirrus: cs35l41: Update various firmware for ASUS laptops using CS35L41 * amdgpu: Update ISP FW for isp v4.1.1 - Update to version 20240622 (git commit 7d931f8afa51): * linux-firmware: mediatek: Update MT8173 VPU firmware to v1.2.0 * qcom: Add AIC100 firmware files - Update to version 20240618 (git commit 7d931f8afa51): * amlogic: Update bluetooth firmware binary * linux-firmware: Update firmware file for Intel BlazarU core * linux-firmware: Update firmware file for Intel Bluetooth Magnetor core * linux-firmware: Update firmware file for Intel Bluetooth Solar core * linux-firmware: Update firmware file for Intel Bluetooth Pulsar core * rtl_bt: Update RTL8822C BT UART firmware to 0xB5D6_6DCB * rtl_bt: Update RTL8822C BT USB firmware to 0xAED6_6DCB * amdgpu: update DMCUB to v0.0.222.0 for DCN314 * iwlwifi: add ty/So/Ma firmwares for core88-87 release * iwlwifi: update cc/Qu/QuZ firmwares for core88-87 release * linux-firmware: add new cc33xx firmware for cc33xx chips * cirrus: cs35l56: Update firmware for Cirrus CS35L56 for ASUS UM5606 laptop * cirrus: cs35l56: Update firmware for Cirrus CS35L56 for various ASUS laptops * linux-firmware: Add firmware for Lenovo Thinkbooks * amdgpu: update yellow carp firmware * amdgpu: update VCN 4.0.4 firmware * amdgpu: update SDMA 6.0.2 firmware * amdgpu: update PSP 13.0.7 firmware * amdgpu: update GC 11.0.2 firmware * amdgpu: update navi10 firmware * amdgpu: update raven2 firmware * amdgpu: update raven firmware * amdgpu: update SMU 13.0.10 firmware * amdgpu: update SDMA 6.0.3 firmware * amdgpu: update PSP 13.0.10 firmware * amdgpu: update GC 11.0.3 firmware * amdgpu: update VCN 3.1.2 firmware * amdgpu: update PSP 13.0.5 firmware * amdgpu: update psp 13.0.8 firmware * amdgpu: update vega20 firmware * amdgpu: update vega12 firmware * amdgpu: update vega10 firmware * amdgpu: update VCN 4.0.0 firmware * amdgpu: update smu 13.0.0 firmware * amdgpu: update SDMA 6.0.0 firmware * amdgpu: update PSP 13.0.0 firmware * amdgpu: update GC 11.0.0 firmware * amdgpu: update picasso firmware * amdgpu: update beige goby firmware * amdgpu: update vangogh firmware * amdgpu: update dimgrey cavefish firmware * amdgpu: update green sardine firmware * amdgpu: update navy flounder firmware * amdgpu: update PSP 13.0.11 firmware * amdgpu: update GC 11.0.4 firmware * amdgpu: update VCN 4.0.2 firmware * amdgpu: update SDMA 6.0.1 firmware * amdgpu: update PSP 13.0.4 firmware * amdgpu: update GC 11.0.1 firmware * amdgpu: update sienna cichlid firmware * amdgpu: update VCN 4.0.5 firmware * amdgpu: update PSP 14.0.0 firmware * amdgpu: update GC 11.5.0 firmware * amdgpu: update navi14 firmware * amdgpu: update SMU 13.0.6 firmware * amdgpu: update PSP 13.0.6 firmware * amdgpu: update GC 9.4.3 firmware * amdgpu: update renoir firmware * amdgpu: update navi12 firmware * amdgpu: update aldebaran firmware * amdgpu: add support for PSP 14.0.1 * amdgpu: add support for VPE 6.1.1 * amdgpu: add support for VCN 4.0.6 * amdgpu: add support for SDMA 6.1.1 * amdgpu: add support for GC 11.5.1 * amdgpu: Add support for DCN 3.5.1 * QCA: Update Bluetooth QCA2066 firmware to 2.1.0-00639 * cnm: update chips&media wave521c firmware. * linux-firmware: Add ordinary firmware for RTL8821AU device - Update to version 20240519 (git commit aae8224390e2): * amdgpu: add new ISP 4.1.1 firmware - Update to version 20240510 (git commit 7c2303328d8e): * linux-firmware: Amphion: Update vpu firmware * linux-firmware: Update firmware file for Intel BlazarU core * linux-firmware: Update firmware file for Intel Bluetooth Magnetor core * linux-firmware: Update firmware file for Intel Bluetooth Solar core * linux-firmware: Update firmware file for Intel Bluetooth Solar core * i915: Add BMG DMC v2.06 * linux-firmware: Add CS35L41 HDA Firmware for Asus HN7306 * linux-firmware: Update firmware tuning for HP Consumer Laptop * amdgpu: DMCUB updates for various AMDGPU ASICs * rtl_bt: Update RTL8822C BT UART firmware to 0x0FD6_407B * rtl_bt: Update RTL8822C BT USB firmware to 0x0ED6_407B * cirrus: cs35l56: Add firmware for Cirrus CS35L56 for various ASUS laptops * linux-firmware: Add firmware and tuning for Lenovo Y770S - Update to version 20240426 (git commit 2398d264f953): * amdgpu: DMCUB updates for various AMDGPU ASICs * linux-firmware: Add firmware for Cirrus CS35L56 for various HP laptops * i915: Update Xe2LPD DMC to v2.20 * linux-firmware: Remove Calibration Firmware and Tuning for CS35L41 * linux-firmware: Add firmware for Lenovo Thinkbook 13X * ASoC: tas2781: Add dsp firmware for Thinkpad ICE-1 laptop * amdgpu: add DMCUB 3.5 firmware * amdgpu: add VPE 6.1.0 firmware * amdgpu: add VCN 4.0.5 firmware * amdgpu: add UMSCH 4.0.0 firmware * amdgpu: add SDMA 6.1.0 firmware * amdgpu: add PSP 14.0.0 firmware * amdgpu: add GC 11.5.0 firmware * amdgpu: update license date - Update to version 20240419 (git commit 7eab37522984): * Montage: update firmware for Mont-TSSE * linux-firmware: Add tuning parameter configs for CS35L41 Firmware * linux-firmware: Fix firmware names for Laptop SSID 104316a3 * linux-firmware: Add CS35L41 HDA Firmware for Lenovo Legion Slim 7 16ARHA7 * linux-firmware: update firmware for mediatek bluetooth chip (MT7922) * linux-firmware: update firmware for MT7922 WiFi device * iwlwifi: add gl FW for core87-44 release * iwlwifi: add ty/So/Ma firmwares for core87-44 release * iwlwifi: update cc/Qu/QuZ firmwares for core87-44 release * nvidia: Update Tegra210 XUSB firmware to v50.29 * amdgpu: update beige goby firmware * amdgpu: update dimgrey cavefish firmware * amdgpu: update psp 13.0.11 firmware * amdgpu: update gc 11.0.4 firmware * amdgpu: update navy flounder firmware * amdgpu: update renoir firmware * amdgpu: update vcn 4.0.2 firmware * amdgpu: update sdma 6.0.1 firmware * amdgpu: update psp 13.0.4 firmware * amdgpu: update gc 11.0.1 firmware * amdgpu: update sienna cichlid firmware * amdgpu: update vega20 firmware * amdgpu: update yellow carp firmware * amdgpu: update green sardine firmware * amdgpu: update vega12 firmware * amdgpu: update raven2 firmware * amdgpu: update vcn 4.0.4 firmware * amdgpu: update smu 13.0.7 firmware * amdgpu: update sdma 6.0.2 firmware * amdgpu: update ipsp 13.0.7 firmware * amdgpu: update gc 11.0.2 firmware * amdgpu: update vega10 firmware * amdgpu: update raven firmware * amdgpu: update navi14 firmware * amdgpu: update smu 13.0.10 firmware * amdgpu: update sdma 6.0.3 firmware * amdgpu: update psp 13.0.10 firmware * amdgpu: update gc 11.0.3 firmware * amdgpu: update vcn 3.1.2 firmware * amdgpu: update psp 13.0.5 firmware * amdgpu: update gc 10.3.6 firmware * amdgpu: update navi12 firmware * amdgpu: update arcturus firmware * amdgpu: update vangogh firmware * amdgpu: update navi10 firmware * amdgpu: update vcn 4.0.3 firmware * amdgpu: update smu 13.0.6 firmware * amdgpu: update psp 13.0.6 firmware * amdgpu: update gc 9.4.3 firmware * amdgpu: update vcn 4.0.0 firmware * amdgpu: update smu 13.0.0 firmware * amdgpu: update sdma 6.0.0 firmware * amdgpu: update psp 13.0.0 firmware * amdgpu: update gc 11.0.0 firmware * amdgpu: update firmware * amdgpu: update aldebaran firmware * amdgpu: update psp 13.0.8 firmware * amdgpu: update gc 10.3.7 firmware * linux-firmware: mediatek: Update MT8173 VPU firmware to v1.1.9 * ath10k: WCN3990: hw1.0: add qcm2290 firmware API file * ath10k: WCN3990: hw1.0: move firmware back from qcom/ location * i915: Add DG2 HuC 7.10.15 * amdgpu: DMCUB updates for various AMDGPU ASICs * linux-firmware: update firmware for en8811h 2.5G ethernet phy * rtw89: 8852c: update fw to v0.27.56.14 * rtw89: 8922a: add firmware v0.35.18.0 * rtw88: Add RTL8703B firmware v11.0.0 - Drop duplicated WHENCE from kernel-firmware-* subpackages (bsc#1222319) - Update to version 20240322 (git commit 9a6a0cc195c1): * mekdiatek: Update mt8186 SOF firmware to v2.0.1 * linux-firmware: Add firmware for Cirrus CS35L56 for Dell laptops * Montage: update firmware for Mont-TSSE * WHENCE: Link the Raspberry Pi CM4 and 5B to the 4B * Intel Bluetooth: Update firmware file for Intel Bluetooth BE200 * Intel Bluetooth: Update firmware file for Magnetor Intel Bluetooth AX101 * Intel Bluetooth: Update firmware file for Magnetor Intel Bluetooth AX203 * Intel Bluetooth: Update firmware file for Magnetor Intel Bluetooth AX211 * Intel Bluetooth: Update firmware file for SolarF Intel Bluetooth AX101 * Intel Bluetooth: Update firmware file for Solar Intel Bluetooth AX101 * Intel Bluetooth: Update firmware file for SolarF Intel Bluetooth AX203 * Intel Bluetooth: Update firmware file for Solar Intel Bluetooth AX203 * Intel Bluetooth: Update firmware file for SolarF Intel Bluetooth AX211 * Intel Bluetooth: Update firmware file for Solar Intel Bluetooth AX211 * Intel Bluetooth: Update firmware file for Solar Intel Bluetooth AX210 * Intel Bluetooth: Update firmware file for Intel Bluetooth AX200 * Intel Bluetooth: Update firmware file for Intel Bluetooth AX201 * Intel Bluetooth: Update firmware file for Intel Bluetooth 9560 * Intel Bluetooth: Update firmware file for Intel Bluetooth 9260 * amdgpu: DMCUB updates for various AMDGPU ASICs * linux-firmware: mediatek: Update MT8173 VPU firmware to v1.1.8 * imx: sdma: update firmware to v3.6/v4.6 - Update to version 20240312 (git commit 4a404b5bfdb9): * linux-firmware: update firmware for mediatek bluetooth chip (MT7921) * iwlwifi: update 9000-family firmwares to core85-89 * rtl_bt: Update RTL8852A BT USB firmware to 0xD9D6_17DA * linux-firmware: update firmware for MT7921 WiFi device * linux-firmware: update firmware for mediatek bluetooth chip (MT7922) * linux-firmware: update firmware for MT7922 WiFi device * linux-firmware: Add CS35L41 HDA Firmware for Lenovo Thinkbook 16P Laptops - Update to version 20240229 (git commit 977332782302): * amdgpu: Update VCN firmware binaries * Intel IPU2: Add firmware files * brcm: Add nvram for the Acer Iconia One 7 B1-750 tablet * i915: Add Xe2LPD DMC v2.18 * i915: Update MTL DMC v2.21 - Update to version 20240220 (git commit 73b4429fae36): * linux-firmware: update firmware for en8811h 2.5G ethernet phy * linux-firmware: add firmware for MT7996 * xe: First GuC release for LNL and Xe * i915: Add GuC v70.20.0 for ADL-P, DG1, DG2, MTL and TGL * linux-firmware: Add CS35L41 firmware for Lenovo Legion 7i gen7 laptop (16IAX7) * brcm: Add nvram for the Asus Memo Pad 7 ME176C tablet * ice: update ice DDP package to 1.3.36.0 * Intel IPU3 ImgU: Move firmware file under intel/ipu * Intel IPU6: Move firmware binaries under ipu/ * check_whence: Add a check for duplicate link entries * WHENCE: Clean up section separators * linux-firmware: Add CS35L41 firmware for additional ASUS Zenbook 2023 models * panthor: Add initial firmware for Gen10 Arm Mali GPUs * amdgpu: DMCUB Updates for DCN321: 7.0.38.0 * amdgpu: DMCUB updates for Yellow Carp: 4.0.68.0 * qcom: update venus firmware file for v5.4 * Montage: add firmware for Mont-TSSE * amdgpu: update DMCUB to v0.0.203.0 for DCN314 and DCN32 * linux-firmware: Remove 2 HP laptops using CS35L41 Audio Firmware * linux-firmware: Fix filenames for some CS35L41 firmwares for HP Moderate SUSE bug 1219458 SUSE bug 1222319 SUSE bug 1225600 SUSE bug 1225601 CVE-2023-38417 at SUSE CVE-2023-38417 at NVD CVE-2023-47210 at SUSE CVE-2023-47210 at NVD cpe:/o:opensuse:leap:15.6 Security update for gnome-shell (Moderate) openSUSE Leap 15.6 This update for gnome-shell fixes the following issues: - CVE-2024-36472: Fixed portal helper automatically launched without user confirmation (bsc#1225567) Moderate SUSE bug 1215485 SUSE bug 1225567 CVE-2023-43090 at SUSE CVE-2023-43090 at NVD CVE-2024-36472 at SUSE CVE-2024-36472 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Django (Important) openSUSE Leap 15.6 This update for python-Django fixes the following issues: - CVE-2024-38875: Fixed potential denial-of-service attack via certain inputs with a very large number of brackets (bsc#1227590) - CVE-2024-39329: Fixed username enumeration through timing difference for users with unusable passwords (bsc#1227593) - CVE-2024-39330: Fixed potential directory traversal in django.core.files.storage.Storage.save() (bsc#1227594) - CVE-2024-39614: Fixed potential denial-of-service through django.utils.translation.get_supported_language_variant() (bsc#1227595) Important SUSE bug 1227590 SUSE bug 1227593 SUSE bug 1227594 SUSE bug 1227595 CVE-2024-38875 at SUSE CVE-2024-38875 at NVD CVE-2024-39329 at SUSE CVE-2024-39329 at NVD CVE-2024-39330 at SUSE CVE-2024-39330 at NVD CVE-2024-39614 at SUSE CVE-2024-39614 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-21-openjdk (Important) openSUSE Leap 15.6 This update for java-21-openjdk fixes the following issues: Updated to version 21.0.4+7 (July 2024 CPU): - CVE-2024-21131: Fixed a potential UTF8 size overflow (bsc#1228046). - CVE-2024-21138: Fixed an infinite loop due to excessive symbol length (bsc#1228047). - CVE-2024-21140: Fixed a pre-loop limit overflow in Range Check Elimination (bsc#1228048). - CVE-2024-21147: Fixed an out-of-bounds access in 2D image handling (bsc#1228052). - CVE-2024-21145: Fixed an index overflow in RangeCheckElimination (bsc#1228051). Important SUSE bug 1227298 SUSE bug 1228046 SUSE bug 1228047 SUSE bug 1228048 SUSE bug 1228051 SUSE bug 1228052 CVE-2024-21131 at SUSE CVE-2024-21131 at NVD CVE-2024-21138 at SUSE CVE-2024-21138 at NVD CVE-2024-21140 at SUSE CVE-2024-21140 at NVD CVE-2024-21145 at SUSE CVE-2024-21145 at NVD CVE-2024-21147 at SUSE CVE-2024-21147 at NVD cpe:/o:opensuse:leap:15.6 Security update for git (Important) openSUSE Leap 15.6 This update for git fixes the following issues: - CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in git_index_add (bsc#1219660) Important SUSE bug 1219660 CVE-2024-24577 at SUSE CVE-2024-24577 at NVD cpe:/o:opensuse:leap:15.6 Security update for libgit2 (Important) openSUSE Leap 15.6 This update for libgit2 fixes the following issues: Update to 1.7.2: Security fixes: - CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in git_index_add (bsc#1219660) - CVE-2024-24575: Fixed potential infinite loop condition in git_revparse_single() (bsc#1219664) Other fixes: - A bug in the smart transport negotiation could have caused an out-of-bounds read when a remote server did not advertise capabilities. Important SUSE bug 1219660 SUSE bug 1219664 CVE-2024-24575 at SUSE CVE-2024-24575 at NVD CVE-2024-24577 at SUSE CVE-2024-24577 at NVD cpe:/o:opensuse:leap:15.6 Security update for kernel-firmware-nvidia-gspx-G06 (Important) openSUSE Leap 15.6 This update for kernel-firmware-nvidia-gspx-G06 fixes the following issues: Update to version 555.42.06 for CUDA. Security Update 550.90.07: - CVE-2024-0090: Fixed out of bounds write (bsc#1223356). - CVE-2024-0092: Fixed incorrect exception handling (bsc#1223356). - CVE-2024-0091: Fixed untrusted pointer dereference (bsc#1223356). Changes in kernel-firmware-nvidia-gspx-G06: - Update to 550.100 (bsc#1227575) - Add a second flavor to be used by the kernel module versions used by CUDA. The firmware targetting CUDA contains '-cuda' in its name to track its versions separately from the graphics firmware. (bsc#1227417) Changes in nvidia-open-driver-G06-signed: - Update to 550.100 (bsc#1227575) * Fixed a bug that caused OpenGL triple buffering to behave like double buffering. - To avoid issues with missing dependencies when no CUDA repo is present make the dependecy to nvidia-compute-G06 conditional. - CUDA is not available for Tumbleweed, exclude the build of the cuda flavor. - preamble: let the -cuda flavor KMP require the -cuda flavor firmware - Add a second flavor for building the kernel module versions used by CUDA. The kmp targetting CUDA contains '-cuda' in its name to track its versions separately from the graphics kmp. (bsc#1227417) - Provide the meta package nv-prefer-signed-open-driver to make sure the latest available SUSE-build open driver is installed - independent of the latest available open driver version in he CUDA repository. Rationale: The package cuda-runtime provides the link between CUDA and the kernel driver version through a Requires: cuda-drivers >= %version This implies that a CUDA version will run withany kernel driver version equal or higher than a base version. nvidia-compute-G06 provides the glue layer between CUDA and a specific version of he kernel driver both by providing a set of base libraries and by requiring a specific kernel version. 'cuda-drivers' (provided by nvidia-compute-utils-G06) requires an unversioned nvidia-compute-G06. With this, the resolver will install the latest available and applicable nvidia-compute-G06. nv-prefer-signed-open-driver then represents the latest available open driver version and restricts the nvidia-compute-G06 version to it. (bsc#1227419) Important SUSE bug 1223356 SUSE bug 1223454 SUSE bug 1227417 SUSE bug 1227419 SUSE bug 1227575 CVE-2024-0090 at SUSE CVE-2024-0090 at NVD CVE-2024-0091 at SUSE CVE-2024-0091 at NVD CVE-2024-0092 at SUSE CVE-2024-0092 at NVD cpe:/o:opensuse:leap:15.6 Security update for apache2 (Important) openSUSE Leap 15.6 This update for apache2 fixes the following issues: - CVE-2024-36387: Fixed DoS by null pointer in websocket over HTTP/2 (bsc#1227272) - CVE-2024-38475: Fixed improper escaping of output in mod_rewrite (bsc#1227268) - CVE-2024-38476: Fixed server may use exploitable/malicious backend application output to run local handlers via internal redirect (bsc#1227269) Important SUSE bug 1227268 SUSE bug 1227269 SUSE bug 1227272 CVE-2024-36387 at SUSE CVE-2024-36387 at NVD CVE-2024-38475 at SUSE CVE-2024-38475 at NVD CVE-2024-38476 at SUSE CVE-2024-38476 at NVD cpe:/o:opensuse:leap:15.6 Security update for p7zip (Important) openSUSE Leap 15.6 This update for p7zip fixes the following issues: - CVE-2023-52168: Fixed heap-based buffer overflow in the NTFS handler allows two bytes to be overwritten at multiple offsets (bsc#1227358) - CVE-2023-52169: Fixed out-of-bounds read in NTFS handler (bsc#1227359) Important SUSE bug 1227358 SUSE bug 1227359 CVE-2023-52168 at SUSE CVE-2023-52168 at NVD CVE-2023-52169 at SUSE CVE-2023-52169 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-dnspython (Moderate) openSUSE Leap 15.6 This update for python-dnspython fixes the following issues: - CVE-2023-29483: Fixed an issue that allowed remote attackers to interfere with DNS name resolution (bsc#1222693). Moderate SUSE bug 1222693 CVE-2023-29483 at SUSE CVE-2023-29483 at NVD cpe:/o:opensuse:leap:15.6 Security update for ghostscript (Moderate) openSUSE Leap 15.6 This update for ghostscript fixes the following issues: - CVE-2024-29508: Fixed heap pointer leak in pdf_base_font_alloc (bsc#1227380) Moderate SUSE bug 1227380 CVE-2024-29508 at SUSE CVE-2024-29508 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-17-openjdk (Important) openSUSE Leap 15.6 This update for java-17-openjdk fixes the following issues: Updated to version 17.0.12+7 (July 2024 CPU): - CVE-2024-21131: Fixed a potential UTF8 size overflow (bsc#1228046). - CVE-2024-21138: Fixed an infinite loop due to excessive symbol length (bsc#1228047). - CVE-2024-21140: Fixed a pre-loop limit overflow in Range Check Elimination (bsc#1228048). - CVE-2024-21147: Fixed an out-of-bounds access in 2D image handling (bsc#1228052). - CVE-2024-21145: Fixed an index overflow in RangeCheckElimination (bsc#1228051). Important SUSE bug 1227298 SUSE bug 1228046 SUSE bug 1228047 SUSE bug 1228048 SUSE bug 1228051 SUSE bug 1228052 CVE-2024-21131 at SUSE CVE-2024-21131 at NVD CVE-2024-21138 at SUSE CVE-2024-21138 at NVD CVE-2024-21140 at SUSE CVE-2024-21140 at NVD CVE-2024-21145 at SUSE CVE-2024-21145 at NVD CVE-2024-21147 at SUSE CVE-2024-21147 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-11-openjdk (Important) openSUSE Leap 15.6 This update for java-11-openjdk fixes the following issues: Updated to version 11.0.24+8 (July 2024 CPU): - CVE-2024-21131: Fixed a potential UTF8 size overflow (bsc#1228046). - CVE-2024-21138: Fixed an infinite loop due to excessive symbol length (bsc#1228047). - CVE-2024-21140: Fixed a pre-loop limit overflow in Range Check Elimination (bsc#1228048). - CVE-2024-21147: Fixed an out-of-bounds access in 2D image handling (bsc#1228052). - CVE-2024-21145: Fixed an index overflow in RangeCheckElimination (bsc#1228051). - CVE-2024-21144: Fixed an excessive loading time in Pack200 due to improper header validation (bsc#1228050). Important SUSE bug 1227298 SUSE bug 1228046 SUSE bug 1228047 SUSE bug 1228048 SUSE bug 1228050 SUSE bug 1228051 SUSE bug 1228052 CVE-2024-21131 at SUSE CVE-2024-21131 at NVD CVE-2024-21138 at SUSE CVE-2024-21138 at NVD CVE-2024-21140 at SUSE CVE-2024-21140 at NVD CVE-2024-21144 at SUSE CVE-2024-21144 at NVD CVE-2024-21145 at SUSE CVE-2024-21145 at NVD CVE-2024-21147 at SUSE CVE-2024-21147 at NVD cpe:/o:opensuse:leap:15.6 Security update for shadow (Important) openSUSE Leap 15.6 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). Important SUSE bug 916845 CVE-2013-4235 at SUSE CVE-2013-4235 at NVD cpe:/o:opensuse:leap:15.6 Security update for freerdp (Important) openSUSE Leap 15.6 This update for freerdp fixes the following issues: - CVE-2024-22211: Fixed integer overflow in `freerdp_bitmap_planar_context_reset` that could lead to heap-buffer overflow (bsc#1219049) - CVE-2024-32658: Fixed out-of-bounds read in Interleaved RLE Bitmap Codec in FreeRDP based clients (bsc#1223353) - CVE-2024-32659: Fixed out-of-bounds read if `((nWidth == 0) and (nHeight == 0))` (bsc#1223346) - CVE-2024-32660: Fixed client crash via invalid huge allocation size (bsc#1223347) - CVE-2024-32661: Fixed client NULL pointer dereference (bsc#1223348) Important SUSE bug 1219049 SUSE bug 1223346 SUSE bug 1223347 SUSE bug 1223348 SUSE bug 1223353 CVE-2024-22211 at SUSE CVE-2024-22211 at NVD CVE-2024-32658 at SUSE CVE-2024-32658 at NVD CVE-2024-32659 at SUSE CVE-2024-32659 at NVD CVE-2024-32660 at SUSE CVE-2024-32660 at NVD CVE-2024-32661 at SUSE CVE-2024-32661 at NVD cpe:/o:opensuse:leap:15.6 Security update for espeak-ng (Moderate) openSUSE Leap 15.6 This update for espeak-ng fixes the following issues: - CVE-2023-49990: Fixed buffer overflow in SetUpPhonemeTable function at synthdata.c (bsc#1218010) - CVE-2023-49991: Fixed stack-buffer-underflow exists in the function CountVowelPosition in synthdata.c (bsc#1218006) - CVE-2023-49992: Fixed stack-buffer-overflow exists in the function RemoveEnding in dictionary.c (bsc#1218007) - CVE-2023-49993: Fixed buffer overflow in ReadClause function at readclause.c (bsc#1218008) - CVE-2023-49994: Fixed floating point exception in PeaksToHarmspect at wavegen.c (bsc#1218009) Moderate SUSE bug 1218006 SUSE bug 1218007 SUSE bug 1218008 SUSE bug 1218009 SUSE bug 1218010 CVE-2023-49990 at SUSE CVE-2023-49990 at NVD CVE-2023-49991 at SUSE CVE-2023-49991 at NVD CVE-2023-49992 at SUSE CVE-2023-49992 at NVD CVE-2023-49993 at SUSE CVE-2023-49993 at NVD CVE-2023-49994 at SUSE CVE-2023-49994 at NVD cpe:/o:opensuse:leap:15.6 Security update for gtk3 (Important) openSUSE Leap 15.6 This update for gtk3 fixes the following issues: - CVE-2024-6655: Fixed library injection from current working directory (bsc#1228120) Important SUSE bug 1228120 CVE-2024-6655 at SUSE CVE-2024-6655 at NVD cpe:/o:opensuse:leap:15.6 Security update for gtk2 (Important) openSUSE Leap 15.6 This update for gtk2 fixes the following issues: - CVE-2024-6655: Fixed library injection from current working directory (bsc#1228120) Important SUSE bug 1228120 CVE-2024-6655 at SUSE CVE-2024-6655 at NVD cpe:/o:opensuse:leap:15.6 Security update for openssl-3 (Important) openSUSE Leap 15.6 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) Important SUSE bug 1222899 SUSE bug 1223336 SUSE bug 1226463 SUSE bug 1227138 CVE-2024-5535 at SUSE CVE-2024-5535 at NVD cpe:/o:opensuse:leap:15.6 Security update for bind (Important) openSUSE Leap 15.6 This update for bind fixes the following issues: Update to release 9.18.28 Security fixes: - CVE-2024-0760: Fixed a flood of DNS messages over TCP may make the server unstable (bsc#1228255) - CVE-2024-1737: Fixed BIND's database will be slow if a very large number of RRs exist at the same name (bsc#1228256) - CVE-2024-1975: Fixed SIG(0) can be used to exhaust CPU resources (bsc#1228257) - CVE-2024-4076: Fixed assertion failure when serving both stale cache data and authoritative zone content (bsc#1228258) Changelog: * Command-line options for IPv4-only (named -4) and IPv6-only (named -6) modes are now respected for zone primaries, also-notify, and parental-agents. * An RPZ response’s SOA record TTL was set to 1 instead of the SOA TTL, if add-soa was used. This has been fixed. * When a query related to zone maintenance (NOTIFY, SOA) timed out close to a view shutdown (triggered e.g. by rndc reload), named could crash with an assertion failure. This has been fixed. * The statistics channel counters that indicated the number of currently connected TCP IPv4/IPv6 clients were not properly adjusted in certain failure scenarios. This has been fixed. * Some servers that could not be reached due to EHOSTDOWN or ENETDOWN conditions were incorrectly prioritized during server selection. These are now properly handled as unreachable. * On some systems the libuv call may return an error code when sending a TCP reset for a connection, which triggers an assertion failure in named. This error condition is now dealt with in a more graceful manner, by logging the incident and shutting down the connection. * Changes to listen-on statements were ignored on reconfiguration unless the port or interface address was changed, making it impossible to change a related listener transport type. That issue has been fixed. * A bug in the keymgr code unintentionally slowed down some DNSSEC key rollovers. This has been fixed. * Some ISO 8601 durations were accepted erroneously, leading to shorter durations than expected. This has been fixed * A regression in cache-cleaning code enabled memory use to grow significantly more quickly than before, until the configured max-cache-size limit was reached. This has been fixed. * Using rndc flush inadvertently caused cache cleaning to become less effective. This could ultimately lead to the configured max-cache-size limit being exceeded and has now been fixed. * The logic for cleaning up expired cached DNS records was tweaked to be more aggressive. This change helps with enforcing max-cache-ttl and max-ncache-ttl in a timely manner. * It was possible to trigger a use-after-free assertion when the overmem cache cleaning was initiated. This has been fixed. New Features: * A new option signatures-jitter has been added to dnssec-policy to allow signature expirations to be spread out over a period of time. * The statistics channel now includes counters that indicate the number of currently connected TCP IPv4/IPv6 clients. * Added RESOLVER.ARPA to the built in empty zones. Feature Changes: * DNSSEC signatures that are not valid because the current time falls outside the signature inception and expiration dates are skipped instead of causing an immediate validation failure. Security Fixes: * A malicious DNS client that sent many queries over TCP but never read the responses could cause a server to respond slowly or not at all for other clients. This has been fixed. (CVE-2024-0760) * It is possible to craft excessively large resource records sets, which have the effect of slowing down database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-records-per-type option. * It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowing down database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-types-per-name option. (CVE-2024-1737) * Validating DNS messages signed using the SIG(0) protocol (RFC 2931) could cause excessive CPU load, leading to a denial-of-service condition. Support for SIG(0) message validation was removed from this version of named. (CVE-2024-1975) * Due to a logic error, lookups that triggered serving stale data and required lookups in local authoritative zone data could have resulted in an assertion failure. This has been fixed. * Potential data races were found in our DoH implementation, related to HTTP/2 session object management and endpoints set object management after reconfiguration. These issues have been fixed. * When looking up the NS records of parent zones as part of looking up DS records, it was possible for named to trigger an assertion failure if serve-stale was enabled. This has been fixed. (CVE-2024-4076) Important SUSE bug 1228255 SUSE bug 1228256 SUSE bug 1228257 SUSE bug 1228258 CVE-2024-0760 at SUSE CVE-2024-0760 at NVD CVE-2024-1737 at SUSE CVE-2024-1737 at NVD CVE-2024-1975 at SUSE CVE-2024-1975 at NVD CVE-2024-4076 at SUSE CVE-2024-4076 at NVD cpe:/o:opensuse:leap:15.6 Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (Moderate) openSUSE Leap 15.6 This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: Update to version 1.59.0 - Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.59.0 - Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.58.1 Moderate cpe:/o:opensuse:leap:15.6 Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container (Moderate) openSUSE Leap 15.6 This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues: - Update to version 1.2.2 Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.2.2 Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.2.1 Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.2.0 - Use predefined configuration files for libvirt - Install psmisc (provides killall for tests) Moderate cpe:/o:opensuse:leap:15.6 Security update for orc (Important) openSUSE Leap 15.6 This update for orc fixes the following issues: - CVE-2024-40897: Fixed stack-based buffer overflow in the orc compiler when formatting error messages for certain input files (bsc#1228184) Important SUSE bug 1228184 CVE-2024-40897 at SUSE CVE-2024-40897 at NVD cpe:/o:opensuse:leap:15.6 Recommended update for mozilla-nss (Moderate) openSUSE Leap 15.6 This update for mozilla-nss fixes the following issues: - Fixed startup crash of Firefox when using FIPS-mode (bsc#1223724). - Added 'Provides: nss' so other RPMs that require 'nss' can be installed (jira PED-6358). - FIPS: added safe memsets (bsc#1222811) - FIPS: restrict AES-GCM (bsc#1222830) - FIPS: Updated FIPS approved cipher lists (bsc#1222813, bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118) - FIPS: Updated FIPS self tests (bsc#1222807, bsc#1222828, bsc#1222834) - FIPS: Updated FIPS approved cipher lists (bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116) - Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh depends on it and will create a broken, empty config, if sed is missing (bsc#1227918) Update to NSS 3.101.2: * bmo#1905691 - ChaChaXor to return after the function update to NSS 3.101.1: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. update to NSS 3.101: * add diagnostic assertions for SFTKObject refcount. * freeing the slot in DeleteCertAndKey if authentication failed * fix formatting issues. * Add Firmaprofesional CA Root-A Web to NSS. * remove invalid acvp fuzz test vectors. * pad short P-384 and P-521 signatures gtests. * remove unused FreeBL ECC code. * pad short P-384 and P-521 signatures. * be less strict about ECDSA private key length. * Integrate HACL* P-521. * Integrate HACL* P-384. * memory leak in create_objects_from_handles. * ensure all input is consumed in a few places in mozilla::pkix * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * clean up escape handling * Use lib::pkix as default validator instead of the old-one * Need to add high level support for PQ signing. * Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * Allow for non-full length ecdsa signature when using softoken * Modification of .taskcluster.yml due to mozlint indent defects * Implement support for PBMAC1 in PKCS#12 * disable VLA warnings for fuzz builds. * remove redundant AllocItem implementation. * add PK11_ReadDistrustAfterAttribute. * - Clang-formatting of SEC_GetMgfTypeByOidTag update * Set SEC_ERROR_LIBRARY_FAILURE on self-test failure * sftk_getParameters(): Fix fallback to default variable after error with configfile. * Switch to the mozillareleases/image_builder image - switch from ec_field_GFp to ec_field_plain Update to NSS 3.100: * merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations. * remove ckcapi. * avoid a potential PK11GenericObject memory leak. * Remove incomplete ESDH code. * Decrypt RSA OAEP encrypted messages. * Fix certutil CRLDP URI code. * Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys. * Add ability to encrypt and decrypt CMS messages using ECDH. * Correct Templates for key agreement in smime/cmsasn.c. * Moving the decodedCert allocation to NSS. * Allow developers to speed up repeated local execution of NSS tests that depend on certificates. Update to NSS 3.99: * Removing check for message len in ed25519 (bmo#1325335) * add ed25519 to SECU_ecName2params. (bmo#1884276) * add EdDSA wycheproof tests. (bmo#1325335) * nss/lib layer code for EDDSA. (bmo#1325335) * Adding EdDSA implementation. (bmo#1325335) * Exporting Certificate Compression types (bmo#1881027) * Updating ACVP docker to rust 1.74 (bmo#1880857) * Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335) * Add NSS_CMSRecipient_IsSupported. (bmo#1877730) Update to NSS 3.98: * (CVE-2023-5388) Timing attack against RSA decryption in TLS * Certificate Compression: enabling the check that the compression was advertised * Move Windows workers to nss-1/b-win2022-alpha * Remove Email trust bit from OISTE WISeKey Global Root GC CA * Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss` * Certificate Compression: Updating nss_bogo_shim to support Certificate compression * TLS Certificate Compression (RFC 8879) Implementation * Add valgrind annotations to freebl kyber operations for constant-time execution tests * Set nssckbi version number to 2.66 * Add Telekom Security roots * Add D-Trust 2022 S/MIME roots * Remove expired Security Communication RootCA1 root * move keys to a slot that supports concatenation in PK11_ConcatSymKeys * remove unmaintained tls-interop tests * bogo: add support for the -ipv6 and -shim-id shim flags * bogo: add support for the -curves shim flag and update Kyber expectations * bogo: adjust expectation for a key usage bit test * mozpkix: add option to ignore invalid subject alternative names * Fix selfserv not stripping `publicname:` from -X value * take ownership of ecckilla shims * add valgrind annotations to freebl/ec.c * PR_INADDR_ANY needs PR_htonl before assignment to inet.ip * Update zlib to 1.3.1 Update to NSS 3.97: * make Xyber768d00 opt-in by policy * add libssl support for xyber768d00 * add PK11_ConcatSymKeys * add Kyber and a PKCS#11 KEM interface to softoken * add a FreeBL API for Kyber * part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff * part 1: add a script for vendoring kyber from pq-crystals repo * Removing the calls to RSA Blind from loader.* * fix worker type for level3 mac tasks * RSA Blind implementation * Remove DSA selftests * read KWP testvectors from JSON * Backed out changeset dcb174139e4f * Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation * Wrap CC shell commands in gyp expansions Update to NSS 3.96.1: * Use pypi dependencies for MacOS worker in ./build_gyp.sh * p7sign: add -a hash and -u certusage (also p7verify cleanups) * add a defensive check for large ssl_DefSend return values * Add dependency to the taskcluster script for Darwin * Upgrade version of the MacOS worker for the CI Update to NSS 3.95: * Bump builtins version number. * Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert. * Remove 4 DigiCert (Symantec/Verisign) Root Certificates * Remove 3 TrustCor Root Certificates from NSS. * Remove Camerfirma root certificates from NSS. * Remove old Autoridad de Certificacion Firmaprofesional Certificate. * Add four Commscope root certificates to NSS. * Add TrustAsia Global Root CA G3 and G4 root certificates. * Include P-384 and P-521 Scalar Validation from HACL* * Include P-256 Scalar Validation from HACL*. * After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level * Add means to provide library parameters to C_Initialize * add OSXSAVE and XCR0 tests to AVX2 detection. * Typo in ssl3_AppendHandshakeNumber * Introducing input check of ssl3_AppendHandshakeNumber * Fix Invalid casts in instance.c Update to NSS 3.94: * Updated code and commit ID for HACL* * update ACVP fuzzed test vector: refuzzed with current NSS * Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants * NSS needs a database tool that can dump the low level representation of the database * declare string literals using char in pkixnames_tests.cpp * avoid implicit conversion for ByteString * update rust version for acvp docker * Moving the init function of the mpi_ints before clean-up in ec.c * P-256 ECDH and ECDSA from HACL* * Add ACVP test vectors to the repository * Stop relying on std::basic_string<uint8_t> * Transpose the PPC_ABI check from Makefile to gyp Update to NSS 3.93: * Update zlib in NSS to 1.3. * softoken: iterate hashUpdate calls for long inputs. * regenerate NameConstraints test certificates (bsc#1214980). Update to NSS 3.92: * Set nssckbi version number to 2.62 * Add 4 Atos TrustedRoot Root CA certificates to NSS * Add 4 SSL.com Root CA certificates * Add Sectigo E46 and R46 Root CA certificates * Add LAWtrust Root CA2 (4096) * Remove E-Tugra Certification Authority root * Remove Camerfirma Chambers of Commerce Root. * Remove Hongkong Post Root CA 1 * Remove E-Tugra Global Root CA ECC v3 and RSA v3 * Avoid redefining BYTE_ORDER on hppa Linux Update to NSS 3.91: * Implementation of the HW support check for ADX instruction * Removing the support of Curve25519 * Fix comment about the addition of ticketSupportsEarlyData * Adding args to enable-legacy-db build * dbtests.sh failure in 'certutil dump keys with explicit default trust flags' * Initialize flags in slot structures * Improve the length check of RSA input to avoid heap overflow * Followup Fixes * avoid processing unexpected inputs by checking for m_exptmod base sign * add a limit check on order_k to avoid infinite loop * Update HACL* to commit 5f6051d2 * add SHA3 to cryptohi and softoken * HACL SHA3 * Disabling ASM C25519 for A but X86_64 Update to NSS 3.90.3: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * clean up escape handling. * remove redundant AllocItem implementation. * Disable ASM support for Curve25519. * Disable ASM support for Curve25519 for all but X86_64. Moderate SUSE bug 1214980 SUSE bug 1222804 SUSE bug 1222807 SUSE bug 1222811 SUSE bug 1222813 SUSE bug 1222814 SUSE bug 1222821 SUSE bug 1222822 SUSE bug 1222826 SUSE bug 1222828 SUSE bug 1222830 SUSE bug 1222833 SUSE bug 1222834 SUSE bug 1223724 SUSE bug 1224113 SUSE bug 1224115 SUSE bug 1224116 SUSE bug 1224118 SUSE bug 1227918 CVE-2023-5388 at SUSE CVE-2023-5388 at NVD cpe:/o:opensuse:leap:15.6 Security update for dri3proto, presentproto, wayland-protocols, xwayland (Moderate) openSUSE Leap 15.6 This update for dri3proto, presentproto, wayland-protocols, xwayland fixes the following issues: Changes in presentproto: * update to version 1.4 (patch generated from xorgproto-2024.1 sources) Changes in wayland-protocols: - Update to version 1.36: * xdg-dialog: fix missing namespace in protocol name - Changes from version 1.35: * cursor-shape-v1: Does not advertises the list of supported cursors * xdg-shell: add missing enum attribute to set_constraint_adjustment * xdg-shell: recommend against drawing decorations when tiled * tablet-v2: mark as stable * staging: add alpha-modifier protocol - Update to 1.36 * Fix to the xdg dialog protocol * tablet-v2 protocol is now stable * alpha-modifier: new protocol * Bug fix to the cursor shape documentation * The xdg-shell protocol now also explicitly recommends against drawing decorations outside of the window geometry when tiled - Update to 1.34: * xdg-dialog: new protocol * xdg-toplevel-drag: new protocol * Fix typo in ext-foreign-toplevel-list-v1 * tablet-v2: clarify that name/id events are optional * linux-drm-syncobj-v1: new protocol * linux-explicit-synchronization-v1: add linux-drm-syncobj note - Update to version 1.33: * xdg-shell: Clarify what a toplevel by default includes * linux-dmabuf: sync changes from unstable to stable * linux-dmabuf: require all planes to use the same modifier * presentation-time: stop referring to Linux/glibc * security-context-v1: Make sandbox engine names use reverse-DNS * xdg-decoration: remove ambiguous wording in configure event * xdg-decoration: fix configure event summary * linux-dmabuf: mark as stable * linux-dmabuf: add note about implicit sync * security-context-v1: Document what can be done with the open sockets * security-context-v1: Document out of band metadata for flatpak Changes in dri3proto: * update to version 1.4 (patch generated from xorgproto-2024.1 sources) Changes in xwayland: - Update to bugfix release 24.1.1 for the current stable 24.1 branch of Xwayland * xwayland: fix segment fault in `xwl_glamor_gbm_init_main_dev` * os: Explicitly include X11/Xmd.h for CARD32 definition to fix building on i686 * present: On *BSD, epoll-shim is needed to emulate eventfd() * xwayland: Stop on first unmapped child * xwayland/window-buffers: Promote xwl_window_buffer * xwayland/window-buffers: Add xwl_window_buffer_release() * xwayland/glamor/gbm: Copy explicit sync code to GLAMOR/GBM * xwayland/window-buffers: Use synchronization from GLAMOR/GBM * xwayland/window-buffers: Do not always set syncpnts * xwayland/window-buffers: Move code to submit pixmaps * xwayland/window-buffers: Set syncpnts for all pixmaps * xwayland: Move xwl_window disposal to its own function * xwayland: Make sure we do not leak xwl_window on destroy * wayland/window-buffers: Move buffer disposal to its own function * xwayland/window-buffers: optionally force disposal * wayland: Force disposal of windows buffers for root on destroy * xwayland: Check for pointer in xwl_seat_leave_ptr() * xwayland: remove includedir from pkgconfig - disable DPMS on sle15 due to missing proto package - Update to feature release 24.1.0 * This fixes a couple of regressions introduced in the previous release candidate versions along with a fix for XTEST emulation with EI. + xwayland: Send ei_device_frame on device_scroll_discrete + xwayland: Restore the ResizeWindow handler + xwayland: Handle rootful resize in ResizeWindow + xwayland: Move XRandR emulation to the ResizeWindow hook + xwayland: Use correct xwl_window lookup function in xwl_set_shape - eglstreams has been dropped - Update to bug fix relesae 23.2.7 * m4: drop autoconf leftovers * xwayland: Send ei_device_frame on device_scroll_discrete * xwayland: Call drmFreeDevice for dma-buf default feedback * xwayland: Use drmDevicesEqual in xwl_dmabuf_feedback_tranche_done * dri3: Free formats in cache_formats_and_modifiers * xwayland/glamor: Handle depth 15 in gbm_format_for_depth * Revert 'xwayland/glamor: Avoid implicit redirection with depth 32 parent windows' * xwayland: Check for outputs before lease devices * xwayland: Do not remove output on withdraw if leased - Update to 23.2.6 * This is a quick bug fix release to address a regression introduced by the fix for CVE-2024-31083 in xwayland-23.2.5. - Security update 23.2.5 This release contains the 3 security fixes that actually apply to Xwayland reported in the security advisory of April 3rd 2024 * CVE-2024-31080 * CVE-2024-31081 * CVE-2024-31083 Additionally, it also contains a couple of other fixes, a copy/paste error in the DeviceStateNotify event and a fix to enable buttons with pointer gestures for backward compatibility with legacy X11 clients. - Don't provide xorg-x11-server-source * xwayland sources are not meant for a generic server. Moderate SUSE bug 1219892 SUSE bug 1222309 SUSE bug 1222310 SUSE bug 1222312 SUSE bug 1222442 CVE-2024-31080 at SUSE CVE-2024-31080 at NVD CVE-2024-31081 at SUSE CVE-2024-31081 at NVD CVE-2024-31083 at SUSE CVE-2024-31083 at NVD cpe:/o:opensuse:leap:15.6 Security update for patch (Low) openSUSE Leap 15.6 This update for patch fixes the following issues: - CVE-2019-20633: Fixed double-free/OOB read in pch.c (bsc#1167721) Low SUSE bug 1167721 CVE-2019-20633 at SUSE CVE-2019-20633 at NVD cpe:/o:opensuse:leap:15.6 Security update for curl (Important) openSUSE Leap 15.6 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) Important SUSE bug 1227888 SUSE bug 1228535 CVE-2024-6197 at SUSE CVE-2024-6197 at NVD CVE-2024-7264 at SUSE CVE-2024-7264 at NVD cpe:/o:opensuse:leap:15.6 Security update for kernel-firmware (Moderate) openSUSE Leap 15.6 This update for kernel-firmware fixes the following issues: Update to version 20240728: * amdgpu: update DMCUB to v0.0.227.0 for DCN35 and DCN351 * Revert 'iwlwifi: update ty/So/Ma firmwares for core89-58 release' * linux-firmware: update firmware for MT7922 WiFi device * linux-firmware: update firmware for MT7921 WiFi device * linux-firmware: update firmware for mediatek bluetooth chip (MT7922) * linux-firmware: update firmware for mediatek bluetooth chip (MT7921) * iwlwifi: add gl FW for core89-58 release * iwlwifi: update ty/So/Ma firmwares for core89-58 release * iwlwifi: update cc/Qu/QuZ firmwares for core89-58 release * mediatek: Update mt8195 SOF firmware and sof-tplg * ASoC: tas2781: fix the license issue for tas781 firmware * rtl_bt: Update RTL8852B BT USB FW to 0x048F_4008 * i915: Update Xe2LPD DMC to v2.21 * qcom: move signed x1e80100 signed firmware to the SoC subdir * qcom: add video firmware file for vpu-3.0 * intel: avs: Add topology file for I2S Analog Devices 4567 * intel: avs: Add topology file for I2S Nuvoton 8825 * intel: avs: Add topology file for I2S Maxim 98927 * intel: avs: Add topology file for I2S Maxim 98373 * intel: avs: Add topology file for I2S Maxim 98357a * intel: avs: Add topology file for I2S Dialog 7219 * intel: avs: Add topology file for I2S Realtek 5663 * intel: avs: Add topology file for I2S Realtek 5640 * intel: avs: Add topology file for I2S Realtek 5514 * intel: avs: Add topology file for I2S Realtek 298 * intel: avs: Add topology file for I2S Realtek 286 * intel: avs: Add topology file for I2S Realtek 274 * intel: avs: Add topology file for Digital Microphone Array * intel: avs: Add topology file for HDMI codecs * intel: avs: Add topology file for HDAudio codecs * intel: avs: Update AudioDSP base firmware for APL-based platforms Moderate SUSE bug 1225600 SUSE bug 1225601 CVE-2023-38417 at SUSE CVE-2023-38417 at NVD CVE-2023-47210 at SUSE CVE-2023-47210 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-1_8_0-openjdk (Important) openSUSE Leap 15.6 This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u422 (icedtea-3.32.0): * Security fixes + JDK-8314794, CVE-2024-21131, bsc#1228046: Improve UTF8 String supports + JDK-8319859, CVE-2024-21138, bsc#1228047: Better symbol storage + JDK-8320097: Improve Image transformations + JDK-8320548, CVE-2024-21140, bsc#1228048: Improved loop handling + JDK-8322106, CVE-2024-21144, bsc#1228050: Enhance Pack 200 loading + JDK-8323231, CVE-2024-21147, bsc#1228052: Improve array management + JDK-8323390: Enhance mask blit functionality + JDK-8324559, CVE-2024-21145, bsc#1228051: Improve 2D image handling + JDK-8325600: Better symbol storage * Import of OpenJDK 8 u422 build 05 + JDK-8025439: [TEST BUG] [macosx] PrintServiceLookup.lookupPrintServices doesn't work properly since jdk8b105 + JDK-8069389: CompilerOracle prefix wildcarding is broken for long strings + JDK-8159454: [TEST_BUG] javax/swing/ToolTipManager/7123767/ /bug7123767.java: number of checked graphics configurations should be limited + JDK-8198321: javax/swing/JEditorPane/5076514/bug5076514.java fails + JDK-8203691: [TESTBUG] Test /runtime/containers/cgroup/PlainRead.java fails + JDK-8205407: [windows, vs<2017] C4800 after 8203197 + JDK-8235834: IBM-943 charset encoder needs updating + JDK-8239965: XMLEncoder/Test4625418.java fails due to 'Error: Cp943 - can't read properly' + JDK-8240756: [macos] SwingSet2:TableDemo:Printed Japanese characters were garbled + JDK-8256152: tests fail because of ambiguous method resolution + JDK-8258855: Two tests sun/security/krb5/auto/ /ReplayCacheTestProc.java and ReplayCacheTestProcWithMD5.java failed on OL8.3 + JDK-8262017: C2: assert(n != __null) failed: Bad immediate dominator info. + JDK-8268916: Tests for AffirmTrust roots + JDK-8278067: Make HttpURLConnection default keep alive timeout configurable + JDK-8291226: Create Test Cases to cover scenarios for JDK-8278067 + JDK-8291637: HttpClient default keep alive timeout not followed if server sends invalid value + JDK-8291638: Keep-Alive timeout of 0 should close connection immediately + JDK-8293562: KeepAliveCache Blocks Threads while Closing Connections + JDK-8303466: C2: failed: malformed control flow. Limit type made precise with MaxL/MinL + JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM + JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074 + JDK-8315020: The macro definition for LoongArch64 zero build is not accurate. + JDK-8316138: Add GlobalSign 2 TLS root certificates + JDK-8318410: jdk/java/lang/instrument/BootClassPath/ /BootClassPathTest.sh fails on Japanese Windows + JDK-8320005: Allow loading of shared objects with .a extension on AIX + JDK-8324185: [8u] Accept Xcode 12+ builds on macOS + JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/ /AKISerialNumber.java is failing + JDK-8325927: [8u] Backport of JDK-8170552 missed part of the test + JDK-8326686: Bump update version of OpenJDK: 8u422 + JDK-8327440: Fix 'bad source file' error during beaninfo generation + JDK-8328809: [8u] Problem list some CA tests + JDK-8328825: Google CAInterop test failures + JDK-8329544: [8u] sun/security/krb5/auto/ /ReplayCacheTestProc.java cannot find the testlibrary + JDK-8331791: [8u] AIX build break from JDK-8320005 backport + JDK-8331980: [8u] Problem list CAInterop.java#certignarootca test + JDK-8335552: [8u] JDK-8303466 backport to 8u requires 3 ::Identity signature fixes * Bug fixes + JDK-8331730: [8u] GHA: update sysroot for cross builds to Debian bullseye + JDK-8333669: [8u] GHA: Dead VS2010 download link + JDK-8318039: GHA: Bump macOS and Xcode versions Important SUSE bug 1228046 SUSE bug 1228047 SUSE bug 1228048 SUSE bug 1228050 SUSE bug 1228051 SUSE bug 1228052 CVE-2024-21131 at SUSE CVE-2024-21131 at NVD CVE-2024-21138 at SUSE CVE-2024-21138 at NVD CVE-2024-21140 at SUSE CVE-2024-21140 at NVD CVE-2024-21144 at SUSE CVE-2024-21144 at NVD CVE-2024-21145 at SUSE CVE-2024-21145 at NVD CVE-2024-21147 at SUSE CVE-2024-21147 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaThunderbird (Important) openSUSE Leap 15.6 This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 115.13 (MFSA 2024-31, bsc#1226316): Security fixes: - CVE-2024-6600: Memory corruption in WebGL API (bmo#1888340) - CVE-2024-6601: Race condition in permission assignment (bmo#1890748) - CVE-2024-6602: Memory corruption in NSS (bmo#1895032) - CVE-2024-6603: Memory corruption in thread creation (bmo#1895081) - CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, Thunderbird 128, and Thunderbird 115.13 (bmo#1748105, bmo#1837550, bmo#1884266) Other fixes: - fixed: After starting Thunderbird, the message list position was sometimes set to an incorrect position (bmo#1896009) Important SUSE bug 1226316 CVE-2024-6600 at SUSE CVE-2024-6600 at NVD CVE-2024-6601 at SUSE CVE-2024-6601 at NVD CVE-2024-6602 at SUSE CVE-2024-6602 at NVD CVE-2024-6603 at SUSE CVE-2024-6603 at NVD CVE-2024-6604 at SUSE CVE-2024-6604 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-47210: wifi: iwlwifi: bump FW API to 90 for BZ/SC devices (bsc#1225601, bsc#1225600). - CVE-2023-52435: net: prevent mss overflow in skb_segment() (bsc#1220138). - CVE-2023-52751: smb: client: fix use-after-free in smb2_query_info_compound() (bsc#1225489). - CVE-2023-52775: net/smc: avoid data corruption caused by decline (bsc#1225088). - CVE-2024-26615: net/smc: fix illegal rmb_desc access in SMC-D connection dump (bsc#1220942). - CVE-2024-26623: pds_core: Prevent race issues involving the adminq (bsc#1221057). - CVE-2024-26633: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (bsc#1221647). - CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656). - CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659). - CVE-2024-26641: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (bsc#1221654). - CVE-2024-26663: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (bsc#1222326). - CVE-2024-26665: tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328). - CVE-2024-26691: KVM: arm64: Fix circular locking dependency (bsc#1222463). - CVE-2024-26734: devlink: fix possible use-after-free and memory leaks in devlink_init() (bsc#1222438). - CVE-2024-26785: iommufd: Fix protection fault in iommufd_test_syz_conv_iova (bsc#1222779). - CVE-2024-26826: mptcp: fix data re-injection from stale subflow (bsc#1223010). - CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021). - CVE-2024-26944: btrfs: zoned: fix lock ordering in btrfs_zone_activate() (bsc#1223731). - CVE-2024-27012: netfilter: nf_tables: restore set elements when delete set fails (bsc#1223804). - CVE-2024-27015: netfilter: flowtable: incorrect pppoe tuple (bsc#1223806). - CVE-2024-27016: netfilter: flowtable: validate pppoe header (bsc#1223807). - CVE-2024-27019: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (bsc#1223813) - CVE-2024-27020: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (bsc#1223815) - CVE-2024-27025: nbd: null check for nla_nest_start (bsc#1223778) - CVE-2024-27064: netfilter: nf_tables: Fix a memory leak in nf_tables_updchain (bsc#1223740). - CVE-2024-27065: netfilter: nf_tables: do not compare internal table flags on updates (bsc#1223836). - CVE-2024-27402: phonet/pep: fix racy skb_queue_empty() use (bsc#1224414). - CVE-2024-27404: mptcp: fix data races on remote_id (bsc#1224422) - CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743). - CVE-2024-35853: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (bsc#1224604). - CVE-2024-35854: Fixed possible use-after-free during rehash (bsc#1224636). - CVE-2024-35890: gro: fix ownership transfer (bsc#1224516). - CVE-2024-35893: net/sched: act_skbmod: prevent kernel-infoleak (bsc#1224512) - CVE-2024-35899: netfilter: nf_tables: flush pending destroy work before exit_net release (bsc#1224499) - CVE-2024-35908: tls: get psock ref after taking rxlock to avoid leak (bsc#1224490) - CVE-2024-35934: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (bsc#1224641) - CVE-2024-35942: pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain (bsc#1224589). - CVE-2024-36003: ice: fix LAG and VF lock dependency in ice_reset_vf() (bsc#1224544). - CVE-2024-36004: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1224545) - CVE-2024-36901: ipv6: prevent NULL dereference in ip6_output() (bsc#1225711) - CVE-2024-36902: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (bsc#1225719). - CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744). - CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717). - CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745). - CVE-2024-36912: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752). - CVE-2024-36913: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753). - CVE-2024-36914: drm/amd/display: Skip on writeback when it's not applicable (bsc#1225757). - CVE-2024-36946: phonet: fix rtm_phonet_notify() skb allocation (bsc#1225851). - CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519). - CVE-2024-38558: net: openvswitch: fix overwriting ct original tuple for ICMPv6 (bsc#1226783). - CVE-2024-38586: r8169: Fix possible ring buffer corruption on fragmented Tx packets (bsc#1226750). - CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757). - CVE-2024-38604: block: refine the EOF check in blkdev_iomap_begin (bsc#1226866). - CVE-2024-38659: enic: Validate length of nl attributes in enic_set_vf_port (bsc#1226883). - CVE-2024-39276: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (bsc#1226993). - CVE-2024-39468: smb: client: fix deadlock in smb2_find_smb_tcon() (bsc#1227103. - CVE-2024-39472: xfs: fix log recovery buffer allocation for the legacy h_size fixup (bsc#1227432). - CVE-2024-39474: mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL (bsc#1227434). - CVE-2024-39482: bcache: fix variable length array abuse in btree_iter (bsc#1227447). - CVE-2024-39487: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (bsc#1227573) - CVE-2024-39490: ipv6: sr: fix missing sk_buff release in seg6_input_core (bsc#1227626). - CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716). - CVE-2024-39496: btrfs: zoned: fix use-after-free due to race with dev replace (bsc#1227719). - CVE-2024-39498: drm/mst: Fix NULL pointer dereference at drm_dp_add_payload_part2 (bsc#1227723) - CVE-2024-39502: ionic: fix use after netif_napi_del() (bsc#1227755). - CVE-2024-39504: netfilter: nft_inner: validate mandatory meta and payload (bsc#1227757). - CVE-2024-39507: net: hns3: fix kernel crash problem in concurrent scenario (bsc#1227730). - CVE-2024-40901: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (bsc#1227762). - CVE-2024-40906: net/mlx5: Always stop health timer during driver removal (bsc#1227763). - CVE-2024-40908: bpf: Set run context for rawtp test_run callback (bsc#1227783). - CVE-2024-40919: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() (bsc#1227779). - CVE-2024-40923: vmxnet3: disable rx data ring on dma allocation failure (bsc#1227786). - CVE-2024-40925: block: fix request.queuelist usage in flush (bsc#1227789). - CVE-2024-40928: net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool() (bsc#1227788). - CVE-2024-40931: mptcp: ensure snd_una is properly initialized on connect (bsc#1227780). - CVE-2024-40935: cachefiles: flush all requests after setting CACHEFILES_DEAD (bsc#1227797). - CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836). - CVE-2024-40940: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail (bsc#1227800). - CVE-2024-40947: ima: Avoid blocking in RCU read-side critical section (bsc#1227803). - CVE-2024-40948: mm/page_table_check: fix crash on ZONE_DEVICE (bsc#1227801). - CVE-2024-40953: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (bsc#1227806). - CVE-2024-40960: ipv6: prevent possible NULL dereference in rt6_probe() (bsc#1227813). - CVE-2024-40961: ipv6: prevent possible NULL deref in fib6_nh_init() (bsc#1227814). - CVE-2024-40966: kABI: tty: add the option to have a tty reject a new ldisc (bsc#1227886). - CVE-2024-40970: Avoid hw_desc array overrun in dw-axi-dmac (bsc#1227899). - CVE-2024-40972: ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (bsc#1227910). - CVE-2024-40975: platform/x86: x86-android-tablets: Unregister devices in reverse order (bsc#1227926). - CVE-2024-40998: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (bsc#1227866). - CVE-2024-40999: net: ena: Add validation for completion descriptors consistency (bsc#1227913). - CVE-2024-41006: netrom: Fix a memory leak in nr_heartbeat_expiry() (bsc#1227862). - CVE-2024-41013: xfs: do not walk off the end of a directory data block (bsc#1228405). - CVE-2024-41014: xfs: add bounds checking to xlog_recover_process_data (bsc#1228408). - CVE-2024-41017: jfs: do not walk off the end of ealist (bsc#1228403). - CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328). - CVE-2024-41091: tun: add missing verification for short frame (bsc#1228327). The following non-security bugs were fixed: - ACPI: EC: Abort address space access upon error (stable-fixes). - ACPI: EC: Avoid returning AE_OK on errors in address space handler (stable-fixes). - ACPI: processor_idle: Fix invalid comparison with insertion sort for latency (git-fixes). - ALSA: PCM: Allow resume only for suspended streams (stable-fixes). - ALSA: dmaengine: Synchronize dma channel after drop() (stable-fixes). - ALSA: dmaengine_pcm: terminate dmaengine before synchronize (stable-fixes). - ALSA: emux: improve patch ioctl data validation (stable-fixes). - ALSA: hda/conexant: Mute speakers at suspend / shutdown (bsc#1228269). - ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown (bsc#1228269). - ALSA: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes). - ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 (stable-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (stable-fixes). - ALSA: hda/realtek: Limit mic boost on VAIO PRO PX (stable-fixes). - ALSA: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes). - ALSA: hda/realtek: cs35l41: Fixup remaining asus strix models (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for EliteBook 645/665 G11 (stable-fixes). - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx (stable-fixes). - ALSA: hda/tas2781: Add new quirk for Lenovo Hera2 Laptop (stable-fixes). - ALSA: hda: cs35l41: Fix swapped l/r audio channels for Lenovo ThinBook 13x Gen4 (git-fixes). - ALSA: pcm_dmaengine: Do not synchronize DMA channel when DMA is paused (git-fixes). - ALSA: seq: ump: Skip useless ports for static blocks (git-fixes). - ALSA: ump: Do not update FB name for static blocks (git-fixes). - ALSA: ump: Force 1 Group for MIDI1 FBs (git-fixes). - ALSA: usb-audio: Add a quirk for Sonix HD USB Camera (stable-fixes). - ALSA: usb-audio: Fix microphone sound on HD webcam (stable-fixes). - ALSA: usb-audio: Move HD Webcam quirk to the right place (git-fixes). - ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable (git-fixes). - ASoC: SOF: Intel: hda-pcm: Limit the maximum number of periods by MAX_BDL_ENTRIES (stable-fixes). - ASoC: SOF: Intel: hda: fix null deref on system suspend entry (git-fixes). - ASoC: SOF: imx8m: Fix DSP control regmap retrieval (git-fixes). - ASoC: SOF: ipc4-topology: Preserve the DMA Link ID for ChainDMA on unprepare (git-fixes). - ASoC: SOF: ipc4-topology: Use correct queue_id for requesting input pin format (stable-fixes). - ASoC: SOF: sof-audio: Skip unprepare for in-use widgets on error rollback (stable-fixes). - ASoC: TAS2781: Fix tasdev_load_calibrated_data() (git-fixes). - ASoC: amd: Adjust error handling in case of absent codec device (git-fixes). - ASoC: amd: yc: Fix non-functional mic on ASUS M5602RA (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E16 Gen 2 (bsc#1228269). - ASoC: cs35l56: Accept values greater than 0 as IRQ numbers (git-fixes). - ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value (git-fixes). - ASoC: max98088: Check for clk_prepare_enable() error (git-fixes). - ASoC: qcom: Adjust issues in case of DT error in asoc_qcom_lpass_cpu_platform_probe() (git-fixes). - ASoC: rt711-sdw: add missing readable registers (stable-fixes). - ASoC: rt722-sdca-sdw: add debounce time for type detection (stable-fixes). - ASoC: rt722-sdca-sdw: add silence detection register as volatile (stable-fixes). - ASoC: sof: amd: fix for firmware reload failure in Vangogh platform (git-fixes). - ASoC: ti: davinci-mcasp: Set min period size using FIFO config (stable-fixes). - ASoC: ti: omap-hdmi: Fix too long driver name (stable-fixes). - ASoC: topology: Do not assign fields that are already set (stable-fixes). - ASoC: topology: Fix references to freed memory (stable-fixes). - ASoc: tas2781: Enable RCA-based playback without DSP firmware download (git-fixes). - Bluetooth: ISO: Check socket flag instead of hcon (git-fixes). - Bluetooth: Ignore too large handle values in BIG (git-fixes). - Bluetooth: btintel: Refactor btintel_set_ppag() (git-fixes). - Bluetooth: btnxpuart: Add handling for boot-signature timeout errors (git-fixes). - Bluetooth: btnxpuart: Enable Power Save feature on startup (stable-fixes). - Bluetooth: hci_bcm4377: Fix msgid release (git-fixes). - Bluetooth: hci_bcm4377: Use correct unit for timeouts (git-fixes). - Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (stable-fixes). - Bluetooth: hci_event: Fix setting of unicast qos interval (git-fixes). - Bluetooth: hci_event: Set QoS encryption from BIGInfo report (git-fixes). - Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot (git-fixes). - Bluetooth: qca: set power_ctrl_enabled on NULL returned by gpiod_get_optional() (git-fixes). - Enable CONFIG_SCHED_CLUSTER=y on arm64 (jsc#PED-8701). - HID: Ignore battery for ELAN touchscreens 2F2C and 4116 (stable-fixes). - HID: wacom: Modify pen IDs (git-fixes). - Input: ads7846 - use spi_device_id table (stable-fixes). - Input: elan_i2c - do not leave interrupt disabled on suspend failure (git-fixes). - Input: elantech - fix touchpad state on resume for Lenovo N24 (stable-fixes). - Input: ff-core - prefer struct_size over open coded arithmetic (stable-fixes). - Input: i8042 - add Ayaneo Kun to i8042 quirk table (stable-fixes). - Input: qt1050 - handle CHIP_ID reading error (git-fixes). - Input: silead - Always support 10 fingers (stable-fixes). - Input: xpad - add support for ASUS ROG RAIKIRI PRO (stable-fixes). - KVM: SEV-ES: Delegate LBR virtualization to the processor (git-fixes). - KVM: SEV-ES: Disallow SEV-ES guests when X86_FEATURE_LBRV is absent (git-fixes). - KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked (git-fixes). - KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC routes (git-fixes). - NFS: Fix READ_PLUS when server does not support OP_READ_PLUS (git-fixes). - NFS: add barriers when testing for NFS_FSDATA_BLOCKED (git-fixes). - NFSD: Fix checksum mismatches in the duplicate reply cache (git-fixes). - NFSv4.1 enforce rootpath check in fs_location query (git-fixes). - NFSv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362). - NFSv4: Fixup smatch warning for ambiguous return (git-fixes). - PCI/ASPM: Update save_state when configuration changes (bsc#1226915) - PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal (git-fixes). - PCI: Do not wait for disconnected devices when resuming (git-fixes). - PCI: Extend ACS configurability (bsc#1228090). - PCI: Fix resource double counting on remove & rescan (git-fixes). - PCI: Introduce cleanup helpers for device reference counts and locks (stable-fixes). - PCI: dw-rockchip: Fix initial PERST# GPIO value (git-fixes). - PCI: dwc: Fix index 0 incorrectly being interpreted as a free ATU slot (git-fixes). - PCI: endpoint: Clean up error handling in vpci_scan_bus() (git-fixes). - PCI: endpoint: Fix error handling in epf_ntb_epc_cleanup() (git-fixes). - PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init() (git-fixes). - PCI: keystone: Do not enable BAR 0 for AM654x (git-fixes). - PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() (git-fixes). - PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode() (git-fixes). - PCI: qcom-ep: Disable resources unconditionally during PERST# assert (git-fixes). - PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() (git-fixes). - PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (git-fixes). - PCI: tegra194: Set EP alignment restriction for inbound ATU (git-fixes). - PCI: vmd: Create domain symlink before pci_bus_add_devices() (bsc#1227363). - RDMA/mana_ib: Ignore optional access flags for MRs (git-fixes). - RDMA/restrack: Fix potential invalid address access (git-fixes) - Revert 'drm/bridge: tc358767: Set default CLRSIPO count' (stable-fixes). - Revert 'gfs2: fix glock shrinker ref issues' (git-fixes). - Revert 'leds: led-core: Fix refcount leak in of_led_get()' (git-fixes). - Revert 'usb: musb: da8xx: Set phy in OTG mode by default' (stable-fixes). - Revert 'wifi: ath11k: call ath11k_mac_fils_discovery() without condition' (bsc#1227149). - Revert 'wifi: ath12k: use ATH12K_PCI_IRQ_DP_OFFSET for DP IRQ' (bsc#1227149). - Revert 'wifi: iwlwifi: bump FW API to 90 for BZ/SC devices' (bsc#1227149). - SUNRPC: Fix gss_free_in_token_pages() (git-fixes). - SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (git-fixes). - SUNRPC: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272). - SUNRPC: return proper error from gss_wrap_req_priv (git-fixes). - USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (stable-fixes). - USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (git-fixes). - USB: serial: mos7840: fix crash on resume (git-fixes). - USB: serial: option: add Fibocom FM350-GL (stable-fixes). - USB: serial: option: add Netprisma LCUK54 series modules (stable-fixes). - USB: serial: option: add Rolling RW350-GL variants (stable-fixes). - USB: serial: option: add Telit FN912 rmnet compositions (stable-fixes). - USB: serial: option: add Telit generic core-dump composition (stable-fixes). - USB: serial: option: add support for Foxconn T99W651 (stable-fixes). - Update config files (bsc#1227282). Update the CONFIG_LSM option to include the selinux LSM in the default set of LSMs. The selinux LSM will not get enabled because it is preceded by apparmor, which is the first exclusive LSM. Updating CONFIG_LSM resolves failures that result in the system not booting up when 'security=selinux selinux=1' is passed to the kernel and SELinux policies are installed. - Update config files for mt76 stuff (bsc#1227149) - Update config files: adjust for Arm CONFIG_MT798X_WMAC (bsc#1227149) - Update config files: update for the realtek wifi driver updates (bsc#1227149) - X.509: Fix the parser of extended key usage for length (bsc#1218820). - arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502) - arm64/io: add constant-argument check (bsc#1226502 git-fixes) - arm64: dts: freescale: imx8mm-verdin: enable hysteresis on slow input (git-fixes) - arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes) - arm64: dts: imx93-11x11-evk: Remove the 'no-sdio' property (git-fixes) - arm64: dts: rockchip: Add mdio and ethernet-phy nodes to (git-fixes) - arm64: dts: rockchip: Add missing power-domains for rk356x vop_mmu (git-fixes) - arm64: dts: rockchip: Add pinctrl for UART0 to rk3308-rock-pi-s (git-fixes) - arm64: dts: rockchip: Add sdmmc related properties on (git-fixes) - arm64: dts: rockchip: Add sound-dai-cells for RK3368 (git-fixes) - arm64: dts: rockchip: Drop invalid mic-in-differential on (git-fixes) - arm64: dts: rockchip: Fix SD NAND and eMMC init on rk3308-rock-pi-s (git-fixes) - arm64: dts: rockchip: Fix mic-in-differential usage on (git-fixes) - arm64: dts: rockchip: Fix mic-in-differential usage on rk3566-roc-pc (git-fixes) - arm64: dts: rockchip: Fix the DCDC_REG2 minimum voltage on Quartz64 (git-fixes) - arm64: dts: rockchip: Fix the value of `dlg,jack-det-rate` mismatch (git-fixes) - arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes) - arm64: dts: rockchip: Rename LED related pinctrl nodes on (git-fixes) - arm64: dts: rockchip: Update WIFi/BT related nodes on (git-fixes) - arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes) - ata: libata-scsi: Fix offsets for the fixed format sense data (git-fixes). - auxdisplay: ht16k33: Drop reference after LED registration (git-fixes). - block: Move checking GENHD_FL_NO_PART to bdev_add_partition() (bsc#1226213). - bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX (git-fixes). - bus: mhi: host: allow MHI client drivers to provide the firmware via a pointer (bsc#1227149). - bytcr_rt5640 : inverse jack detect for Archos 101 cesium (stable-fixes). - cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd (git-fixes). - can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (git-fixes). - can: kvaser_usb: fix return value for hif_usb_send_regout (stable-fixes). - cdrom: rearrange last_media_change check to avoid unintentional overflow (stable-fixes). - ceph: fix incorrect kmalloc size of pagevec mempool (bsc#1228417). - char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (git-fixes). - checkpatch: really skip LONG_LINE_* when LONG_LINE is ignored (git-fixes). - cifs: Add a laundromat thread for cached directories (git-fixes, bsc#1225172). - clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use (git-fixes). - clk: mediatek: mt8183: Only enable runtime PM on mt8183-mfgcfg (git-fixes). - clk: qcom: clk-alpha-pll: set ALPHA_EN bit for Stromer Plus PLLs (git-fixes). - clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents (git-fixes). - config/arm64: Enable CoreSight PMU drivers (bsc#1228289 jsc#PED-7859) - cpufreq/amd-pstate: Fix the scaling_max_freq setting on shared memory CPPC systems (git-fixes). - cpufreq: ti-cpufreq: Handle deferred probe with dev_err_probe() (git-fixes). - crypto/ecdh: make ecdh_compute_value() to zeroize the public key (bsc#1222768). - crypto/ecdsa: make ecdsa_ecc_ctx_deinit() to zeroize the public key (bsc#1222768). - crypto: aead,cipher - zeroize key buffer after use (stable-fixes). - crypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked (git-fixes). - crypto: ecdh - explicitly zeroize private_key (stable-fixes). - crypto: ecdsa - Fix the public key format description (git-fixes). - crypto: hisilicon/debugfs - Fix debugfs uninit process issue (stable-fixes). - crypto: qat - extend scope of lock in adf_cfg_add_key_value_param() (git-fixes). - decompress_bunzip2: fix rare decompression failure (git-fixes). - devres: Fix devm_krealloc() wasting memory (git-fixes). - devres: Fix memory leakage caused by driver API devm_free_percpu() (git-fixes). - dlm: fix user space lock decision to copy lvb (git-fixes). - dma: fix call order in dmam_free_coherent (git-fixes). - dmaengine: ti: k3-udma: Fix BCHAN count with UHC and HC channels (git-fixes). - docs: crypto: async-tx-api: fix broken code example (git-fixes). - drivers/xen: Improve the late XenStore init protocol (git-fixes). - drivers: soc: xilinx: check return status of get_api_version() (git-fixes). - drm/amd/amdgpu: Fix uninitialized variable warnings (git-fixes). - drm/amd/display: ASSERT when failing to find index by plane/stream id (stable-fixes). - drm/amd/display: Account for cursor prefetch BW in DML1 mode support (stable-fixes). - drm/amd/display: Add refresh rate range check (stable-fixes). - drm/amd/display: Check index msg_id before read or write (stable-fixes). - drm/amd/display: Check pipe offset before setting vblank (stable-fixes). - drm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport (stable-fixes). - drm/amd/display: Fix overlapping copy within dml_core_mode_programming (stable-fixes). - drm/amd/display: Fix refresh rate range for some panel (stable-fixes). - drm/amd/display: Fix uninitialized variables in DM (stable-fixes). - drm/amd/display: Move 'struct scaler_data' off stack (git-fixes). - drm/amd/display: Send DP_TOTAL_LTTPR_CNT during detection if LTTPR is present (stable-fixes). - drm/amd/display: Skip finding free audio for unknown engine_id (stable-fixes). - drm/amd/display: Skip pipe if the pipe idx not set properly (stable-fixes). - drm/amd/display: Update efficiency bandwidth for dcn351 (stable-fixes). - drm/amd/display: Workaround register access in idle race with cursor (stable-fixes). - drm/amd/display: change dram_clock_latency to 34us for dcn35 (stable-fixes). - drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes). - drm/amd/pm: remove logically dead code for renoir (git-fixes). - drm/amdgpu/atomfirmware: fix parsing of vram_info (stable-fixes). - drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes). - drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit (git-fixes). - drm/amdgpu: Fix memory range calculation (git-fixes). - drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (git-fixes). - drm/amdgpu: Fix uninitialized variable warnings (stable-fixes). - drm/amdgpu: Indicate CU havest info to CP (stable-fixes). - drm/amdgpu: Initialize timestamp for some legacy SOCs (stable-fixes). - drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes). - drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (stable-fixes). - drm/amdgpu: avoid using null object of framebuffer (stable-fixes). - drm/amdgpu: fix locking scope when flushing tlb (stable-fixes). - drm/amdgpu: fix the warning about the expression (int)size - len (stable-fixes). - drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes). - drm/amdgpu: silence UBSAN warning (stable-fixes). - drm/amdkfd: Fix CU Masking for GFX 9.4.3 (git-fixes). - drm/amdkfd: Let VRAM allocations go to GTT domain on small APUs (stable-fixes). - drm/arm/komeda: Fix komeda probe failing if there are no links in the secondary pipeline (git-fixes). - drm/bridge: it6505: fix hibernate to resume no display issue (git-fixes). - drm/bridge: samsung-dsim: Set P divider based on min/max of fin pll (git-fixes). - drm/dp_mst: Fix all mstb marked as not probed after suspend/resume (git-fixes). - drm/etnaviv: fix DMA direction handling for cached RW buffers (git-fixes). - drm/exynos: dp: drop driver owner initialization (stable-fixes). - drm/fbdev-dma: Fix framebuffer mode for big endian devices (git-fixes). - drm/fbdev-generic: Fix framebuffer on big endian devices (git-fixes). - drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (git-fixes). - drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (git-fixes). - drm/i915/dp: Do not switch the LTTPR mode on an active link (git-fixes). - drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 (git-fixes). - drm/lima: Mark simple_ondemand governor as softdep (git-fixes). - drm/lima: fix shared irq handling on driver remove (stable-fixes). - drm/mediatek: Add DRM_MODE_ROTATE_0 to rotation property (git-fixes). - drm/mediatek: Add OVL compatible name for MT8195 (git-fixes). - drm/mediatek: Add missing plane settings when async update (git-fixes). - drm/mediatek: Call drm_atomic_helper_shutdown() at shutdown time (stable-fixes). - drm/mediatek: Fix XRGB setting error in Mixer (git-fixes). - drm/mediatek: Fix XRGB setting error in OVL (git-fixes). - drm/mediatek: Fix bit depth overwritten for mtk_ovl_set bit_depth() (git-fixes). - drm/mediatek: Fix destination alpha error in OVL (git-fixes). - drm/mediatek: Remove less-than-zero comparison of an unsigned value (git-fixes). - drm/mediatek: Set DRM mode configs accordingly (git-fixes). - drm/mediatek: Support DRM plane alpha in Mixer (git-fixes). - drm/mediatek: Support DRM plane alpha in OVL (git-fixes). - drm/mediatek: Support RGBA8888 and RGBX8888 in OVL on MT8195 (git-fixes). - drm/mediatek: Turn off the layers with zero width or height (git-fixes). - drm/mediatek: Use 8-bit alpha in ETHDR (git-fixes). - drm/meson: fix canvas release in bind function (git-fixes). - drm/mgag200: Bind I2C lifetime to DRM device (git-fixes). - drm/mgag200: Set DDC timeout in milliseconds (git-fixes). - drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() (git-fixes). - drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_generic_write_seq() (git-fixes). - drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op (git-fixes). - drm/msm/dpu: fix encoder irq wait skip (git-fixes). - drm/msm/dsi: set VIDEO_COMPRESSION_MODE_CTRL_WC (git-fixes). - drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config (git-fixes). - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (stable-fixes). - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (stable-fixes). - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (git-fixes). - drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() (git-fixes). - drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators (git-fixes). - drm/panel: himax-hx8394: Handle errors from mipi_dsi_dcs_set_display_on() better (git-fixes). - drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (stable-fixes). - drm/panel: ilitek-ili9882t: Check for errors on the NOP in prepare() (git-fixes). - drm/panel: ilitek-ili9882t: If prepare fails, disable GPIO before regulators (git-fixes). - drm/panfrost: Mark simple_ondemand governor as softdep (git-fixes). - drm/qxl: Add check for drm_cvt_mode (git-fixes). - drm/radeon/radeon_display: Decrease the size of allocated memory (stable-fixes). - drm/radeon: check bo_va->bo is non-NULL before using it (stable-fixes). - drm/rockchip: vop2: Fix the port mux of VP2 (git-fixes). - drm/ttm: Always take the bo delayed cleanup path for imported bos (git-fixes). - drm/udl: Remove DRM_CONNECTOR_POLL_HPD (git-fixes). - drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency (stable-fixes). - drm: panel-orientation-quirks: Add quirk for Aya Neo KUN (stable-fixes). - drm: panel-orientation-quirks: Add quirk for Valve Galileo (stable-fixes). - drm: zynqmp_dpsub: Fix an error handling path in zynqmp_dpsub_probe() (git-fixes). - drm: zynqmp_kms: Fix AUX bus not getting unregistered (git-fixes). - eeprom: at24: Probe for DDR3 thermal sensor in the SPD case (stable-fixes). - eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes). - erofs: ensure m_llen is reset to 0 if metadata is invalid (git-fixes). - exfat: fix potential deadlock on __exfat_get_dentry_set (git-fixes). - f2fs: fix error path of __f2fs_build_free_nids (git-fixes). - filelock: fix potential use-after-free in posix_lock_inode (git-fixes). - firmware: cs_dsp: Fix overflow checking of wmfw header (git-fixes). - firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers (git-fixes). - firmware: cs_dsp: Return error if block header overflows file (git-fixes). - firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (git-fixes). - firmware: cs_dsp: Validate payload length before processing block (git-fixes). - firmware: dmi: Stop decoding on broken entry (stable-fixes). - firmware: turris-mox-rwtm: Do not complete if there are no waiters (git-fixes). - firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (git-fixes). - firmware: turris-mox-rwtm: Initialize completion before mailbox (git-fixes). - fs/file: fix the check in find_next_fd() (git-fixes). - fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() (git-fixes). - fuse: verify {g,u}id mount options correctly (bsc#1228193). - gfs2: Do not forget to complete delayed withdraw (git-fixes). - gfs2: Fix 'ignore unlock failures after withdraw' (git-fixes). - gfs2: Fix invalid metadata access in punch_hole (git-fixes). - gfs2: Get rid of gfs2_alloc_blocks generation parameter (git-fixes). - gfs2: Rename gfs2_lookup_{ simple => meta } (git-fixes). - gfs2: Use mapping->gfp_mask for metadata inodes (git-fixes). - gfs2: convert to ctime accessor functions (git-fixes). - gpio: mc33880: Convert comma to semicolon (git-fixes). - gpio: pca953x: fix pca953x_irq_bus_sync_unlock race (stable-fixes). - hfsplus: fix to avoid false alarm of circular locking (git-fixes). - hfsplus: fix uninit-value in copy_name (git-fixes). - hpet: Support 32-bit userspace (git-fixes). - hwmon: (adt7475) Fix default duty on fan is disabled (git-fixes). - hwmon: (max6697) Fix swapped temp{1,8} critical alarms (git-fixes). - hwmon: (max6697) Fix underflow when writing limit attributes (git-fixes). - hwrng: amd - Convert PCIBIOS_* return codes to errnos (git-fixes). - hwrng: core - Fix wrong quality calculation at hw rng registration (git-fixes). - i2c: i801: Annotate apanel_addr as __ro_after_init (stable-fixes). - i2c: mark HostNotify target address as used (git-fixes). - i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr (git-fixes). - i2c: rcar: bring hardware to known state when probing (git-fixes). - i2c: testunit: avoid re-issued work after read message (git-fixes). - i2c: testunit: correct Kconfig description (git-fixes). - i40e: fix: remove needless retries of NVM update (bsc#1227736). - iio: Fix the sorting functionality in iio_gts_build_avail_time_table (git-fixes). - iio: frequency: adrf6780: rm clk provider include (git-fixes). - iio: pressure: bmp280: Fix BMP580 temperature reading (stable-fixes). - iio: pressure: fix some word spelling errors (stable-fixes). - input: Add event code for accessibility key (stable-fixes). - input: Add support for 'Do Not Disturb' (stable-fixes). - interconnect: qcom: qcm2290: Fix mas_snoc_bimc RPM master ID (git-fixes). - iommu/amd: Fix panic accessing amd_iommu_enable_faulting (bsc#1224767). - iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes). - iommu/vt-d: Allocate DMAR fault interrupts locally (bsc#1224767). - iommu/vt-d: Improve ITE fault handling if target device isn't present (git-fixes). - iommu: Fix compilation without CONFIG_IOMMU_INTEL (git-fixes). - ipmi: ssif_bmc: prevent integer overflow on 32bit systems (git-fixes). - iwlwifi: fw: fix more kernel-doc warnings (bsc#1227149). - iwlwifi: mvm: Drop unused fw_trips_index[] from iwl_mvm_thermal_device (bsc#1227149). - iwlwifi: mvm: Populate trip table before registering thermal zone (bsc#1227149). - iwlwifi: mvm: Use for_each_thermal_trip() for walking trip points (bsc#1227149). - jffs2: Fix potential illegal address access in jffs2_free_inode (git-fixes). - jfs: Fix array-index-out-of-bounds in diFree (git-fixes). - jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383). - kABI workaround for wireless updates (bsc#1227149). - kabi/severities: cleanup and update for WiFi driver entries (bsc#1227149) - kabi/severities: cover all ath/* drivers (bsc#1227149) All symbols in ath/* network drivers are local and can be ignored - kabi/severities: cover all mt76 modules (bsc#1227149) - kabi/severities: ignore amd pds internal symbols - kabi/severities: ignore kABI changes Realtek WiFi drivers (bsc#1227149) All those symbols are local and used for its own helpers - kabi: Use __iowriteXX_copy_inlined for in-kernel modules (bsc#1226502) - kbuild: avoid build error when single DTB is turned into composite DTB (git-fixes). - kconfig: gconf: give a proper initial state to the Save button (stable-fixes). - kconfig: remove wrong expr_trans_bool() (stable-fixes). - kernel-binary: vdso: Own module_dir - knfsd: LOOKUP can return an illegal error value (git-fixes). - kobject_uevent: Fix OOB access within zap_modalias_env() (git-fixes). - kprobe/ftrace: bail out if ftrace was killed (git-fixes). - kprobe/ftrace: fix build error due to bad function definition (git-fixes). - kunit: Fix checksum tests on big endian CPUs (git-fixed). - leds: flash: leds-qcom-flash: Test the correct variable in init (git-fixes). - leds: mt6360: Fix memory leak in mt6360_init_isnk_properties() (git-fixes). - leds: ss4200: Convert PCIBIOS_* return codes to errnos (git-fixes). - leds: trigger: Unregister sysfs attributes before calling deactivate() (git-fixes). - leds: triggers: Flush pending brightness before activating trigger (git-fixes). - lib: objagg: Fix general protection fault (git-fixes). - lib: objagg: Fix spelling (git-fixes). - lib: test_objagg: Fix spelling (git-fixes). - libceph: fix race between delayed_work() and ceph_monc_stop() (bsc#1228192). - mISDN: Fix a use after free in hfcmulti_tx() (git-fixes). - mISDN: fix MISDN_TIME_STAMP handling (git-fixes). - mac802154: fix time calculation in ieee802154_configure_durations() (git-fixes). - mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (git-fixes). - media: dvb-frontends: tda10048: Fix integer overflow (stable-fixes). - media: dvb-frontends: tda18271c2dd: Remove casting during div (stable-fixes). - media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (git-fixes). - media: dvb-usb: dib0700_devices: Add missing release_firmware() (stable-fixes). - media: dvb: as102-fe: Fix as10x_register_addr packing (stable-fixes). - media: dvbdev: Initialize sbuf (stable-fixes). - media: dw2102: Do not translate i2c read into write (stable-fixes). - media: dw2102: fix a potential buffer overflow (git-fixes). - media: i2c: Fix imx412 exposure control (git-fixes). - media: imon: Fix race getting ictx->lock (git-fixes). - media: imx-jpeg: Drop initial source change event if capture has been setup (git-fixes). - media: imx-jpeg: Remove some redundant error logs (git-fixes). - media: imx-pxp: Fix ERR_PTR dereference in pxp_probe() (git-fixes). - media: pci: ivtv: Add check for DMA map result (git-fixes). - media: rcar-vin: Fix YUYV8_1X16 handling for CSI-2 (git-fixes). - media: renesas: vsp1: Fix _irqsave and _irq mix (git-fixes). - media: renesas: vsp1: Store RPF partition configuration per RPF instance (git-fixes). - media: s2255: Use refcount_t instead of atomic_t for num_channels (stable-fixes). - media: uvcvideo: Fix integer overflow calculating timestamp (git-fixes). - media: uvcvideo: Override default flags (git-fixes). - media: v4l: async: Fix NULL pointer dereference in adding ancillary links (git-fixes). - media: v4l: subdev: Fix typo in documentation (git-fixes). - media: venus: fix use after free in vdec_close (git-fixes). - media: venus: flush all buffers in output plane streamoff (git-fixes). - mei: demote client disconnect warning on suspend to debug (stable-fixes). - mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes). - mfd: pm8008: Fix regmap irq chip initialisation (git-fixes). - misc: fastrpc: Avoid updating PD type for capability request (git-fixes). - misc: fastrpc: Copy the complete capability structure to user (git-fixes). - misc: fastrpc: Fix DSP capabilities request (git-fixes). - misc: fastrpc: Fix memory leak in audio daemon attach operation (git-fixes). - misc: fastrpc: Fix ownership reassignment of remote heap (git-fixes). - misc: fastrpc: Restrict untrusted app to attach to privileged PD (git-fixes). - mt76: connac: move more mt7921/mt7915 mac shared code in connac lib (bsc#1227149). - mt76: mt7996: rely on mt76_sta_stats in mt76_wcid (bsc#1227149). - mtd: partitions: redboot: Added conversion of operands to a larger type (stable-fixes). - net/dcb: check for detached device before executing callbacks (bsc#1215587). - net: ethernet: mtk_wed: introduce mtk_wed_buf structure (bsc#1227149). - net: ethernet: mtk_wed: rename mtk_rxbm_desc in mtk_wed_bm_desc (bsc#1227149). - net: fill in MODULE_DESCRIPTION()s in kuba@'s modules (bsc#1227149). - net: hns3: Remove io_stop_wc() calls after __iowrite64_copy() (bsc#1226502) - net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() (stable-fixes). - net: mana: Fix possible double free in error handling path (git-fixes). - net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes). - net: phy: microchip: lan87xx: reinit PHY after cable test (git-fixes). - net: phy: phy_device: Fix PHY LED blinking code comment (git-fixes). - net: usb: qmi_wwan: add Telit FN912 compositions (stable-fixes). - nfc/nci: Add the inconsistency check between the input data length and count (stable-fixes). - nfs: Block on write congestion (bsc#1218442). - nfs: Drop pointless check from nfs_commit_release_pages() (bsc#1218442). - nfs: Fix up kabi after adding write_congestion_wait (bsc#1218442). - nfs: Handle error of rpc_proc_register() in nfs_net_init() (git-fixes). - nfs: Properly initialize server->writeback (bsc#1218442). - nfs: drop the incorrect assertion in nfs_swap_rw() (git-fixes). - nfs: fix undefined behavior in nfs_block_bits() (git-fixes). - nfs: keep server info for remounts (git-fixes). - nfsd: hold a lighter-weight client reference over CB_RECALL_ANY (git-fixes). - nilfs2: add missing check for inode numbers on directory entries (stable-fixes). - nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (git-fixes). - nilfs2: convert persistent object allocator to use kmap_local (git-fixes). - nilfs2: fix incorrect inode allocation from reserved inodes (git-fixes). - nilfs2: fix inode number range checks (stable-fixes). - ocfs2: fix DIO failure due to insufficient transaction credits (git-fixes). - ocfs2: fix races between hole punching and AIO+DIO (git-fixes). - ocfs2: use coarse time for new created files (git-fixes). - orangefs: fix out-of-bounds fsid access (git-fixes). - pNFS/filelayout: fixup pNfs allocation modes (git-fixes). - phy: cadence-torrent: Check return value on register read (git-fixes). - pinctrl: core: fix possible memory leak when pinctrl_enable() fails (git-fixes). - pinctrl: freescale: mxs: Fix refcount of child (git-fixes). - pinctrl: renesas: r8a779g0: FIX PWM suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix (H)SCIF1 suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix (H)SCIF3 suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix CANFD5 suffix (git-fixes). - pinctrl: renesas: r8a779g0: Fix FXR_TXEN[AB] suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix IRQ suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix TCLK suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix TPU suffixes (git-fixes). - pinctrl: rockchip: update rk3308 iomux routes (git-fixes). - pinctrl: single: fix possible memory leak when pinctrl_enable() fails (git-fixes). - pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (git-fixes). - platform/chrome: cros_ec_debugfs: fix wrong EC message version (git-fixes). - platform/x86: lg-laptop: Change ACPI device id (stable-fixes). - platform/x86: lg-laptop: Remove LGEX0815 hotkey handling (stable-fixes). - platform/x86: lg-laptop: Use ACPI device handle when evaluating WMAB/WMBB (stable-fixes). - platform/x86: toshiba_acpi: Fix array out-of-bounds access (git-fixes). - platform/x86: toshiba_acpi: Fix quickstart quirk handling (git-fixes). - platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6' tablet (stable-fixes). - platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro (stable-fixes). - platform/x86: wireless-hotkey: Add support for LG Airplane Button (stable-fixes). - power: supply: ab8500: Fix error handling when calling iio_read_channel_processed() (git-fixes). - power: supply: ingenic: Fix some error handling paths in ingenic_battery_get_property() (git-fixes). - powerpc/64s/radix/kfence: map __kfence_pool at page granularity (bsc#1223570 ltc#205770). - powerpc/prom: Add CPU info to hardware description string later (bsc#1215199). - powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869). - powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487). - pwm: stm32: Always do lazy disabling (git-fixes). - regmap-i2c: Subtract reg size from max_write (stable-fixes). - remoteproc: imx_rproc: Fix refcount mistake in imx_rproc_addr_init (git-fixes). - remoteproc: imx_rproc: Skip over memory region when node value is NULL (git-fixes). - remoteproc: k3-r5: Fix IPC-only mode detection (git-fixes). - remoteproc: stm32_rproc: Fix mailbox interrupts queuing (git-fixes). - rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL (git-fixes). - rtc: abx80x: Fix return value of nvmem callback on read (git-fixes). - rtc: cmos: Fix return value of nvmem callbacks (git-fixes). - rtc: interface: Add RTC offset to alarm after fix-up (git-fixes). - rtc: isl1208: Fix return value of nvmem callbacks (git-fixes). - s390: Implement __iowrite32_copy() (bsc#1226502) - s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502) - saa7134: Unchecked i2c_transfer function result fixed (git-fixes). - selftests/sigaltstack: Fix ppc64 GCC build (git-fixes). - selftests: fix OOM in msg_zerocopy selftest (git-fixes). - selftests: make order checking verbose in msg_zerocopy selftest (git-fixes). - serial: imx: Raise TX trigger level to 8 (stable-fixes). - smb3: allow controlling length of time directory entries are cached with dir leases (git-fixes, bsc#1225172). - smb3: allow controlling maximum number of cached directories (git-fixes, bsc#1225172). - smb3: do not start laundromat thread when dir leases disabled (git-fixes, bsc#1225172). - smb: client: do not start laundromat thread on nohandlecache (git-fixes, bsc#1225172). - smb: client: make laundromat a delayed worker (git-fixes, bsc#1225172). - smb: client: prevent new fids from being removed by laundromat (git-fixes, bsc#1225172). - soc: qcom: pdr: fix parsing of domains lists (git-fixes). - soc: qcom: pdr: protect locator_addr with the main mutex (git-fixes). - soc: qcom: pmic_glink: Handle the return value of pmic_glink_init (git-fixes). - soc: qcom: rpmh-rsc: Ensure irqs are not disabled by rpmh_rsc_send_data() callers (git-fixes). - soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (stable-fixes). - soc: xilinx: rename cpu_number1 to dummy_cpu_number (git-fixes). - spi: atmel-quadspi: Add missing check for clk_prepare (git-fixes). - spi: cadence: Ensure data lines set to low during dummy-cycle period (stable-fixes). - spi: imx: Do not expect DMA for i.MX{25,35,50,51,53} cspi devices (stable-fixes). - spi: microchip-core: defer asserting chip select until just before write to TX FIFO (git-fixes). - spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer (git-fixes). - spi: microchip-core: fix the issues in the isr (git-fixes). - spi: microchip-core: only disable SPI controller when register value change requires it (git-fixes). - spi: mux: set ctlr->bits_per_word_mask (stable-fixes). - spi: spi-microchip-core: Fix the number of chip selects supported (git-fixes). - spi: spidev: add correct compatible for Rohm BH2228FV (git-fixes). - sunrpc: fix NFSACL RPC retry on soft mount (git-fixes). - supported.conf: Add support for v4l2-dv-timings (jsc#PED-8644) - supported.conf: mark vdpa modules supported (jsc#PED-8954) - supported.conf: update for mt76 stuff (bsc#1227149) - thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data (stable-fixes). - tools/memory-model: Fix bug in lock.cat (git-fixes). - tools/power turbostat: Remember global max_die_id (stable-fixes). - tools/power/cpupower: Fix Pstate frequency reporting on AMD Family 1Ah CPUs (stable-fixes). - tracefs: Add missing lockdown check to tracefs_create_dir() (git-fixes). - tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() (git-fixes). - tracing: Build event generation tests only as modules (git-fixes). - usb: dwc3: core: Add DWC31 version 2.00a controller (stable-fixes). - usb: dwc3: core: Workaround for CSR read timeout (stable-fixes). - usb: dwc3: pci: add support for the Intel Panther Lake (stable-fixes). - usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (stable-fixes). - usb: gadget: printer: SS+ support (stable-fixes). - usb: typec: ucsi: Ack also failed Get Error commands (git-fixes). - usb: typec: ucsi: Never send a lone connector change ack (stable-fixes). - usb: ucsi: stm32: fix command completion handling (git-fixes). - usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB (stable-fixes). - vmlinux.lds.h: catch .bss..L* sections into BSS') (git-fixes). - watchdog: rzg2l_wdt: Check return status of pm_runtime_put() (git-fixes). - watchdog: rzg2l_wdt: Use pm_runtime_resume_and_get() (git-fixes). - watchdog: rzn1: Convert comma to semicolon (git-fixes). - wifi: add HAS_IOPORT dependencies (bsc#1227149). - wifi: ar5523: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath10/11/12k: Use alloc_ordered_workqueue() to create ordered workqueues (bsc#1227149). - wifi: ath10k: Annotate struct ath10k_ce_ring with __counted_by (bsc#1227149). - wifi: ath10k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath10k: Drop checks that are always false (bsc#1227149). - wifi: ath10k: Drop cleaning of driver data from probe error path and remove (bsc#1227149). - wifi: ath10k: Fix a few spelling errors (bsc#1227149). - wifi: ath10k: Fix enum ath10k_fw_crash_dump_type kernel-doc (bsc#1227149). - wifi: ath10k: Fix htt_data_tx_completion kernel-doc warning (bsc#1227149). - wifi: ath10k: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath10k: Remove unused struct ath10k_htc_frame (bsc#1227149). - wifi: ath10k: Update Qualcomm Innovation Center, Inc. copyrights (bsc#1227149). - wifi: ath10k: Use DECLARE_FLEX_ARRAY() for ath10k_htc_record (bsc#1227149). - wifi: ath10k: Use list_count_nodes() (bsc#1227149). - wifi: ath10k: add missing wmi_10_4_feature_mask documentation (bsc#1227149). - wifi: ath10k: add support to allow broadcast action frame RX (bsc#1227149). - wifi: ath10k: consistently use kstrtoX_from_user() functions (bsc#1227149). - wifi: ath10k: correctly document enum wmi_tlv_tx_pause_id (bsc#1227149). - wifi: ath10k: drop HTT_DATA_TX_STATUS_DOWNLOAD_FAIL (bsc#1227149). - wifi: ath10k: fix Wvoid-pointer-to-enum-cast warning (bsc#1227149). - wifi: ath10k: fix htt_q_state_conf & htt_q_state kernel-doc (bsc#1227149). - wifi: ath10k: improve structure padding (bsc#1227149). - wifi: ath10k: indicate to mac80211 scan complete with aborted flag for ATH10K_SCAN_STARTING state (bsc#1227149). - wifi: ath10k: remove ath10k_htc_record::pauload[] (bsc#1227149). - wifi: ath10k: remove duplicate memset() in 10.4 TDLS peer update (bsc#1227149). - wifi: ath10k: remove struct wmi_pdev_chanlist_update_event (bsc#1227149). - wifi: ath10k: remove unused template structs (bsc#1227149). - wifi: ath10k: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: ath10k: replace deprecated strncpy with memcpy (bsc#1227149). - wifi: ath10k: simplify __ath10k_htt_tx_txq_recalc() (bsc#1227149). - wifi: ath10k: simplify ath10k_peer_create() (bsc#1227149). - wifi: ath10k: use flexible array in struct wmi_host_mem_chunks (bsc#1227149). - wifi: ath10k: use flexible array in struct wmi_tdls_peer_capabilities (bsc#1227149). - wifi: ath10k: use flexible arrays for WMI start scan TLVs (bsc#1227149). - wifi: ath11k: Add HTT stats for PHY reset case (bsc#1227149). - wifi: ath11k: Add coldboot calibration support for QCN9074 (bsc#1227149). - wifi: ath11k: Allow ath11k to boot without caldata in ftm mode (bsc#1227149). - wifi: ath11k: Consistently use ath11k_vif_to_arvif() (bsc#1227149). - wifi: ath11k: Consolidate WMI peer flags (bsc#1227149). - wifi: ath11k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath11k: Do not directly use scan_flags in struct scan_req_params (bsc#1227149). - wifi: ath11k: EMA beacon support (bsc#1227149). - wifi: ath11k: Fix a few spelling errors (bsc#1227149). - wifi: ath11k: Fix ath11k_htc_record flexible record (bsc#1227149). - wifi: ath11k: Introduce and use ath11k_sta_to_arsta() (bsc#1227149). - wifi: ath11k: MBSSID beacon support (bsc#1227149). - wifi: ath11k: MBSSID configuration during vdev create/start (bsc#1227149). - wifi: ath11k: MBSSID parameter configuration in AP mode (bsc#1227149). - wifi: ath11k: Really consistently use ath11k_vif_to_arvif() (bsc#1227149). - wifi: ath11k: Relocate the func ath11k_mac_bitrate_mask_num_ht_rates() and change hweight16 to hweight8 (bsc#1227149). - wifi: ath11k: Remove ath11k_base::bd_api (bsc#1227149). - wifi: ath11k: Remove cal_done check during probe (bsc#1227149). - wifi: ath11k: Remove obsolete struct wmi_peer_flags_map *peer_flags (bsc#1227149). - wifi: ath11k: Remove scan_flags union from struct scan_req_params (bsc#1227149). - wifi: ath11k: Remove struct ath11k::ops (bsc#1227149). - wifi: ath11k: Remove unneeded semicolon (bsc#1227149). - wifi: ath11k: Remove unused declarations (bsc#1227149). - wifi: ath11k: Remove unused struct ath11k_htc_frame (bsc#1227149). - wifi: ath11k: Send HT fixed rate in WMI peer fixed param (bsc#1227149). - wifi: ath11k: Split coldboot calibration hw_param (bsc#1227149). - wifi: ath11k: Update Qualcomm Innovation Center, Inc. copyrights (bsc#1227149). - wifi: ath11k: Use device_get_match_data() (bsc#1227149). - wifi: ath11k: Use list_count_nodes() (bsc#1227149). - wifi: ath11k: add WMI event debug messages (bsc#1227149). - wifi: ath11k: add WMI_TLV_SERVICE_EXT_TPC_REG_SUPPORT service bit (bsc#1227149). - wifi: ath11k: add chip id board name while searching board-2.bin for WCN6855 (bsc#1227149). - wifi: ath11k: add firmware-2.bin support (bsc#1227149). - wifi: ath11k: add handler for WMI_VDEV_SET_TPC_POWER_CMDID (bsc#1227149). - wifi: ath11k: add parse of transmit power envelope element (bsc#1227149). - wifi: ath11k: add parsing of phy bitmap for reg rules (bsc#1227149). - wifi: ath11k: add support for QCA2066 (bsc#1227149). - wifi: ath11k: add support to select 6 GHz regulatory type (bsc#1227149). - wifi: ath11k: ath11k_debugfs_register(): fix format-truncation warning (bsc#1227149). - wifi: ath11k: avoid forward declaration of ath11k_mac_start_vdev_delay() (bsc#1227149). - wifi: ath11k: call ath11k_mac_fils_discovery() without condition (bsc#1227149). - wifi: ath11k: constify MHI channel and controller configs (bsc#1227149). - wifi: ath11k: debug: add ATH11K_DBG_CE (bsc#1227149). - wifi: ath11k: debug: remove unused ATH11K_DBG_ANY (bsc#1227149). - wifi: ath11k: debug: use all upper case in ATH11k_DBG_HAL (bsc#1227149). - wifi: ath11k: do not use %pK (bsc#1227149). - wifi: ath11k: document HAL_RX_BUF_RBM_SW4_BM (bsc#1227149). - wifi: ath11k: dp: cleanup debug message (bsc#1227149). - wifi: ath11k: driver settings for MBSSID and EMA (bsc#1227149). - wifi: ath11k: drop NULL pointer check in ath11k_update_per_peer_tx_stats() (bsc#1227149). - wifi: ath11k: drop redundant check in ath11k_dp_rx_mon_dest_process() (bsc#1227149). - wifi: ath11k: enable 36 bit mask for stream DMA (bsc#1227149). - wifi: ath11k: factory test mode support (bsc#1227149). - wifi: ath11k: fill parameters for vdev set tpc power WMI command (bsc#1227149). - wifi: ath11k: fix CAC running state during virtual interface start (bsc#1227149). - wifi: ath11k: fix IOMMU errors on buffer rings (bsc#1227149). - wifi: ath11k: fix RCU documentation in ath11k_mac_op_ipv6_changed() (git-fixes). - wifi: ath11k: fix WCN6750 firmware crash caused by 17 num_vdevs (bsc#1227149). - wifi: ath11k: fix Wvoid-pointer-to-enum-cast warning (bsc#1227149). - wifi: ath11k: fix a possible dead lock caused by ab->base_lock (bsc#1227149). - wifi: ath11k: fix ath11k_mac_op_remain_on_channel() stack usage (bsc#1227149). - wifi: ath11k: fix connection failure due to unexpected peer delete (bsc#1227149). - wifi: ath11k: fix tid bitmap is 0 in peer rx mu stats (bsc#1227149). - wifi: ath11k: fix wrong definition of CE ring's base address (git-fixes). - wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes). - wifi: ath11k: hal: cleanup debug message (bsc#1227149). - wifi: ath11k: htc: cleanup debug messages (bsc#1227149). - wifi: ath11k: initialize eirp_power before use (bsc#1227149). - wifi: ath11k: mac: fix struct ieee80211_sband_iftype_data handling (bsc#1227149). - wifi: ath11k: mhi: add a warning message for MHI_CB_EE_RDDM crash (bsc#1227149). - wifi: ath11k: move pci.ops registration ahead (bsc#1227149). - wifi: ath11k: move power type check to ASSOC stage when connecting to 6 GHz AP (bsc#1227149). - wifi: ath11k: move references from rsvd2 to info fields (bsc#1227149). - wifi: ath11k: pci: cleanup debug logging (bsc#1227149). - wifi: ath11k: print debug level in debug messages (bsc#1227149). - wifi: ath11k: provide address list if chip supports 2 stations (bsc#1227149). - wifi: ath11k: qmi: refactor ath11k_qmi_m3_load() (bsc#1227149). - wifi: ath11k: refactor ath11k_wmi_tlv_parse_alloc() (bsc#1227149). - wifi: ath11k: refactor setting country code logic (stable-fixes). - wifi: ath11k: refactor vif parameter configurations (bsc#1227149). - wifi: ath11k: rely on mac80211 debugfs handling for vif (bsc#1227149). - wifi: ath11k: remove ath11k_htc_record::pauload[] (bsc#1227149). - wifi: ath11k: remove invalid peer create logic (bsc#1227149). - wifi: ath11k: remove manual mask names from debug messages (bsc#1227149). - wifi: ath11k: remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath11k: remove unsupported event handlers (bsc#1227149). - wifi: ath11k: remove unused function ath11k_tm_event_wmi() (bsc#1227149). - wifi: ath11k: remove unused members of 'struct ath11k_base' (bsc#1227149). - wifi: ath11k: remove unused scan_events from struct scan_req_params (bsc#1227149). - wifi: ath11k: rename MBSSID fields in wmi_vdev_up_cmd (bsc#1227149). - wifi: ath11k: rename ath11k_start_vdev_delay() (bsc#1227149). - wifi: ath11k: rename the sc naming convention to ab (bsc#1227149). - wifi: ath11k: rename the wmi_sc naming convention to wmi_ab (bsc#1227149). - wifi: ath11k: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: ath11k: restore country code during resume (git-fixes). - wifi: ath11k: save max transmit power in vdev start response event from firmware (bsc#1227149). - wifi: ath11k: save power spectral density(PSD) of regulatory rule (bsc#1227149). - wifi: ath11k: simplify ath11k_mac_validate_vht_he_fixed_rate_settings() (bsc#1227149). - wifi: ath11k: simplify the code with module_platform_driver (bsc#1227149). - wifi: ath11k: store cur_regulatory_info for each radio (bsc#1227149). - wifi: ath11k: support 2 station interfaces (bsc#1227149). - wifi: ath11k: update proper pdev/vdev id for testmode command (bsc#1227149). - wifi: ath11k: update regulatory rules when connect to AP on 6 GHz band for station (bsc#1227149). - wifi: ath11k: update regulatory rules when interface added (bsc#1227149). - wifi: ath11k: use RCU when accessing struct inet6_dev::ac_list (bsc#1227149). - wifi: ath11k: use WMI_VDEV_SET_TPC_POWER_CMDID when EXT_TPC_REG_SUPPORT for 6 GHz (bsc#1227149). - wifi: ath11k: use kstrtoul_from_user() where appropriate (bsc#1227149). - wifi: ath11k: use select for CRYPTO_MICHAEL_MIC (bsc#1227149). - wifi: ath11k: wmi: add unified command debug messages (bsc#1227149). - wifi: ath11k: wmi: cleanup error handling in ath11k_wmi_send_init_country_cmd() (bsc#1227149). - wifi: ath11k: wmi: use common error handling style (bsc#1227149). - wifi: ath11k: workaround too long expansion sparse warnings (bsc#1227149). - wifi: ath12k: Add logic to write QRTR node id to scratch (bsc#1227149). - wifi: ath12k: Add missing qmi_txn_cancel() calls (bsc#1227149). - wifi: ath12k: Add support to parse new WMI event for 6 GHz regulatory (bsc#1227149). - wifi: ath12k: Consistently use ath12k_vif_to_arvif() (bsc#1227149). - wifi: ath12k: Consolidate WMI peer flags (bsc#1227149). - wifi: ath12k: Correct 6 GHz frequency value in rx status (git-fixes). - wifi: ath12k: Do not drop tx_status in failure case (git-fixes). - wifi: ath12k: Do not use scan_flags from struct ath12k_wmi_scan_req_arg (bsc#1227149). - wifi: ath12k: Enable Mesh support for QCN9274 (bsc#1227149). - wifi: ath12k: Fix a few spelling errors (bsc#1227149). - wifi: ath12k: Fix tx completion ring (WBM2SW) setup failure (git-fixes). - wifi: ath12k: Fix uninitialized use of ret in ath12k_mac_allocate() (bsc#1227149). - wifi: ath12k: Introduce and use ath12k_sta_to_arsta() (bsc#1227149). - wifi: ath12k: Introduce the container for mac80211 hw (bsc#1227149). - wifi: ath12k: Make QMI message rules const (bsc#1227149). - wifi: ath12k: Optimize the mac80211 hw data access (bsc#1227149). - wifi: ath12k: Read board id to support split-PHY QCN9274 (bsc#1227149). - wifi: ath12k: Refactor the mac80211 hw access from link/radio (bsc#1227149). - wifi: ath12k: Remove ath12k_base::bd_api (bsc#1227149). - wifi: ath12k: Remove obsolete struct wmi_peer_flags_map *peer_flags (bsc#1227149). - wifi: ath12k: Remove some dead code (bsc#1227149). - wifi: ath12k: Remove struct ath12k::ops (bsc#1227149). - wifi: ath12k: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath12k: Remove unnecessary struct qmi_txn initializers (bsc#1227149). - wifi: ath12k: Remove unused declarations (bsc#1227149). - wifi: ath12k: Remove unused scan_flags from struct ath12k_wmi_scan_req_arg (bsc#1227149). - wifi: ath12k: Set default beacon mode to burst mode (bsc#1227149). - wifi: ath12k: Use initializers for QMI message buffers (bsc#1227149). - wifi: ath12k: Use msdu_end to check MCBC (bsc#1227149). - wifi: ath12k: Use pdev_id rather than mac_id to get pdev (bsc#1227149). - wifi: ath12k: WMI support to process EHT capabilities (bsc#1227149). - wifi: ath12k: add 320 MHz bandwidth enums (bsc#1227149). - wifi: ath12k: add CE and ext IRQ flag to indicate irq_handler (bsc#1227149). - wifi: ath12k: add EHT PHY modes (bsc#1227149). - wifi: ath12k: add MAC id support in WBM error path (bsc#1227149). - wifi: ath12k: add MLO header in peer association (bsc#1227149). - wifi: ath12k: add P2P IE in beacon template (bsc#1227149). - wifi: ath12k: add QMI PHY capability learn support (bsc#1227149). - wifi: ath12k: add WMI support for EHT peer (bsc#1227149). - wifi: ath12k: add ath12k_qmi_free_resource() for recovery (bsc#1227149). - wifi: ath12k: add fallback board name without variant while searching board-2.bin (bsc#1227149). - wifi: ath12k: add firmware-2.bin support (bsc#1227149). - wifi: ath12k: add handler for scan event WMI_SCAN_EVENT_DEQUEUED (bsc#1227149). - wifi: ath12k: add keep backward compatibility of PHY mode to avoid firmware crash (bsc#1227149). - wifi: ath12k: add msdu_end structure for WCN7850 (bsc#1227149). - wifi: ath12k: add parsing of phy bitmap for reg rules (bsc#1227149). - wifi: ath12k: add processing for TWT disable event (bsc#1227149). - wifi: ath12k: add processing for TWT enable event (bsc#1227149). - wifi: ath12k: add qmi_cnss_feature_bitmap field to hardware parameters (bsc#1227149). - wifi: ath12k: add rcu lock for ath12k_wmi_p2p_noa_event() (bsc#1227149). - wifi: ath12k: add read variant from SMBIOS for download board data (bsc#1227149). - wifi: ath12k: add string type to search board data in board-2.bin for WCN7850 (bsc#1227149). - wifi: ath12k: add support for BA1024 (bsc#1227149). - wifi: ath12k: add support for collecting firmware log (bsc#1227149). - wifi: ath12k: add support for hardware rfkill for WCN7850 (bsc#1227149). - wifi: ath12k: add support for peer meta data version (bsc#1227149). - wifi: ath12k: add support one MSI vector (bsc#1227149). - wifi: ath12k: add support to search regdb data in board-2.bin for WCN7850 (bsc#1227149). - wifi: ath12k: add wait operation for tx management packets for flush from mac80211 (bsc#1227149). - wifi: ath12k: advertise P2P dev support for WCN7850 (bsc#1227149). - wifi: ath12k: allow specific mgmt frame tx while vdev is not up (bsc#1227149). - wifi: ath12k: ath12k_start_vdev_delay(): convert to use ar (bsc#1227149). - wifi: ath12k: avoid deadlock by change ieee80211_queue_work for regd_update_work (bsc#1227149). - wifi: ath12k: avoid duplicated vdev stop (git-fixes). - wifi: ath12k: avoid explicit HW conversion argument in Rxdma replenish (bsc#1227149). - wifi: ath12k: avoid explicit RBM id argument in Rxdma replenish (bsc#1227149). - wifi: ath12k: avoid explicit mac id argument in Rxdma replenish (bsc#1227149). - wifi: ath12k: avoid repeated hw access from ar (bsc#1227149). - wifi: ath12k: avoid repeated wiphy access from hw (bsc#1227149). - wifi: ath12k: call ath12k_mac_fils_discovery() without condition (bsc#1227149). - wifi: ath12k: change DMA direction while mapping reinjected packets (git-fixes). - wifi: ath12k: change MAC buffer ring size to 2048 (bsc#1227149). - wifi: ath12k: change WLAN_SCAN_PARAMS_MAX_IE_LEN from 256 to 512 (bsc#1227149). - wifi: ath12k: change interface combination for P2P mode (bsc#1227149). - wifi: ath12k: change to initialize recovery variables earlier in ath12k_core_reset() (bsc#1227149). - wifi: ath12k: change to treat alpha code na as world wide regdomain (bsc#1227149). - wifi: ath12k: change to use dynamic memory for channel list of scan (bsc#1227149). - wifi: ath12k: check M3 buffer size as well whey trying to reuse it (bsc#1227149). - wifi: ath12k: check hardware major version for WCN7850 (bsc#1227149). - wifi: ath12k: configure RDDM size to MHI for device recovery (bsc#1227149). - wifi: ath12k: configure puncturing bitmap (bsc#1227149). - wifi: ath12k: correct the data_type from QMI_OPT_FLAG to QMI_UNSIGNED_1_BYTE for mlo_capable (bsc#1227149). - wifi: ath12k: delete the timer rx_replenish_retry during rmmod (bsc#1227149). - wifi: ath12k: designating channel frequency for ROC scan (bsc#1227149). - wifi: ath12k: disable QMI PHY capability learn in split-phy QCN9274 (bsc#1227149). - wifi: ath12k: do not drop data frames from unassociated stations (bsc#1227149). - wifi: ath12k: do not restore ASPM in case of single MSI vector (bsc#1227149). - wifi: ath12k: drop NULL pointer check in ath12k_update_per_peer_tx_stats() (bsc#1227149). - wifi: ath12k: drop failed transmitted frames from metric calculation (git-fixes). - wifi: ath12k: enable 320 MHz bandwidth for 6 GHz band in EHT PHY capability for WCN7850 (bsc#1227149). - wifi: ath12k: enable 802.11 power save mode in station mode (bsc#1227149). - wifi: ath12k: enable IEEE80211_HW_SINGLE_SCAN_ON_ALL_BANDS for WCN7850 (bsc#1227149). - wifi: ath12k: fetch correct pdev id from WMI_SERVICE_READY_EXT_EVENTID (bsc#1227149). - wifi: ath12k: fix PCI read and write (bsc#1227149). - wifi: ath12k: fix WARN_ON during ath12k_mac_update_vif_chan (bsc#1227149). - wifi: ath12k: fix broken structure wmi_vdev_create_cmd (bsc#1227149). - wifi: ath12k: fix conf_mutex in ath12k_mac_op_unassign_vif_chanctx() (bsc#1227149). - wifi: ath12k: fix debug messages (bsc#1227149). - wifi: ath12k: fix fetching MCBC flag for QCN9274 (bsc#1227149). - wifi: ath12k: fix firmware assert during insmod in memory segment mode (bsc#1227149). - wifi: ath12k: fix firmware crash during reo reinject (git-fixes). - wifi: ath12k: fix invalid m3 buffer address (bsc#1227149). - wifi: ath12k: fix invalid memory access while processing fragmented packets (git-fixes). - wifi: ath12k: fix kernel crash during resume (bsc#1227149). - wifi: ath12k: fix license in p2p.c and p2p.h (bsc#1227149). - wifi: ath12k: fix peer metadata parsing (git-fixes). - wifi: ath12k: fix potential wmi_mgmt_tx_queue race condition (bsc#1227149). - wifi: ath12k: fix radar detection in 160 MHz (bsc#1227149). - wifi: ath12k: fix recovery fail while firmware crash when doing channel switch (bsc#1227149). - wifi: ath12k: fix the error handler of rfkill config (bsc#1227149). - wifi: ath12k: fix the issue that the multicast/broadcast indicator is not read correctly for WCN7850 (bsc#1227149). - wifi: ath12k: fix the problem that down grade phy mode operation (bsc#1227149). - wifi: ath12k: fix wrong definition of CE ring's base address (git-fixes). - wifi: ath12k: fix wrong definitions of hal_reo_update_rx_queue (bsc#1227149). - wifi: ath12k: get msi_data again after request_irq is called (bsc#1227149). - wifi: ath12k: implement handling of P2P NoA event (bsc#1227149). - wifi: ath12k: implement remain on channel for P2P mode (bsc#1227149). - wifi: ath12k: increase vdev setup timeout (bsc#1227149). - wifi: ath12k: indicate NON MBSSID vdev by default during vdev start (bsc#1227149). - wifi: ath12k: indicate scan complete for scan canceled when scan running (bsc#1227149). - wifi: ath12k: indicate to mac80211 scan complete with aborted flag for ATH12K_SCAN_STARTING state (bsc#1227149). - wifi: ath12k: move HE capabilities processing to a new function (bsc#1227149). - wifi: ath12k: move peer delete after vdev stop of station for WCN7850 (bsc#1227149). - wifi: ath12k: parse WMI service ready ext2 event (bsc#1227149). - wifi: ath12k: peer assoc for 320 MHz (bsc#1227149). - wifi: ath12k: prepare EHT peer assoc parameters (bsc#1227149). - wifi: ath12k: propagate EHT capabilities to userspace (bsc#1227149). - wifi: ath12k: refactor DP Rxdma ring structure (bsc#1227149). - wifi: ath12k: refactor QMI MLO host capability helper function (bsc#1227149). - wifi: ath12k: refactor ath12k_bss_assoc() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_allocate() and ath12k_mac_destroy() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_ampdu_action() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_conf_tx() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_config() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_configure_filter() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_flush() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_start() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_stop() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_update_vif_offload() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_register() and ath12k_mac_unregister() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_setup_channels_rates() (bsc#1227149). - wifi: ath12k: refactor ath12k_wmi_tlv_parse_alloc() (bsc#1227149). - wifi: ath12k: refactor multiple MSI vector implementation (bsc#1227149). - wifi: ath12k: refactor the rfkill worker (bsc#1227149). - wifi: ath12k: register EHT mesh capabilities (bsc#1227149). - wifi: ath12k: relax list iteration in ath12k_mac_vif_unref() (bsc#1227149). - wifi: ath12k: relocate ath12k_dp_pdev_pre_alloc() call (bsc#1227149). - wifi: ath12k: remove hal_desc_sz from hw params (bsc#1227149). - wifi: ath12k: remove redundant memset() in ath12k_hal_reo_qdesc_setup() (bsc#1227149). - wifi: ath12k: remove the unused scan_events from ath12k_wmi_scan_req_arg (bsc#1227149). - wifi: ath12k: remove unused ATH12K_BD_IE_BOARD_EXT (bsc#1227149). - wifi: ath12k: rename HE capabilities setup/copy functions (bsc#1227149). - wifi: ath12k: rename the sc naming convention to ab (bsc#1227149). - wifi: ath12k: rename the wmi_sc naming convention to wmi_ab (bsc#1227149). - wifi: ath12k: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: ath12k: send WMI_PEER_REORDER_QUEUE_SETUP_CMDID when ADDBA session starts (bsc#1227149). - wifi: ath12k: set IRQ affinity to CPU0 in case of one MSI vector (bsc#1227149). - wifi: ath12k: set PERST pin no pull request for WCN7850 (bsc#1227149). - wifi: ath12k: split hal_ops to support RX TLVs word mask compaction (bsc#1227149). - wifi: ath12k: subscribe required word mask from rx tlv (bsc#1227149). - wifi: ath12k: support default regdb while searching board-2.bin for WCN7850 (bsc#1227149). - wifi: ath12k: trigger station disconnect on hardware restart (bsc#1227149). - wifi: ath12k: use ATH12K_PCI_IRQ_DP_OFFSET for DP IRQ (bsc#1227149). - wifi: ath12k: use correct flag field for 320 MHz channels (bsc#1227149). - wifi: ath12k: use select for CRYPTO_MICHAEL_MIC (bsc#1227149). - wifi: ath5k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath5k: Remove redundant dev_err() (bsc#1227149). - wifi: ath5k: ath5k_hw_get_median_noise_floor(): use swap() (bsc#1227149). - wifi: ath5k: remove phydir check from ath5k_debug_init_device() (bsc#1227149). - wifi: ath5k: remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath5k: remove unused ath5k_eeprom_info::ee_antenna (bsc#1227149). - wifi: ath5k: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: ath6kl: Remove error checking for debugfs_create_dir() (bsc#1227149). - wifi: ath6kl: remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath6kl: replace deprecated strncpy with memcpy (bsc#1227149). - wifi: ath9k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath9k: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath9k: Remove unnecessary ternary operators (bsc#1227149). - wifi: ath9k: Remove unused declarations (bsc#1227149). - wifi: ath9k: avoid using uninitialized array (bsc#1227149). - wifi: ath9k: clean up function ath9k_hif_usb_resume (bsc#1227149). - wifi: ath9k: consistently use kstrtoX_from_user() functions (bsc#1227149). - wifi: ath9k: delete some unused/duplicate macros (bsc#1227149). - wifi: ath9k: fix parameter check in ath9k_init_debug() (bsc#1227149). - wifi: ath9k: remove redundant assignment to variable ret (bsc#1227149). - wifi: ath9k: reset survey of current channel after a scan started (bsc#1227149). - wifi: ath9k: simplify ar9003_hw_process_ini() (bsc#1227149). - wifi: ath9k: use u32 for txgain indexes (bsc#1227149). - wifi: ath9k: work around memset overflow warning (bsc#1227149). - wifi: ath9k_htc: fix format-truncation warning (bsc#1227149). - wifi: ath: Use is_multicast_ether_addr() to check multicast Ether address (bsc#1227149). - wifi: ath: dfs_pattern_detector: Use flex array to simplify code (bsc#1227149). - wifi: ath: remove unused-but-set parameter (bsc#1227149). - wifi: ath: work around false-positive stringop-overread warning (bsc#1227149). - wifi: atk10k: Do not opencode ath10k_pci_priv() in ath10k_ahb_priv() (bsc#1227149). - wifi: atmel: remove unused ioctl function (bsc#1227149). - wifi: b43: silence sparse warnings (bsc#1227149). - wifi: brcm80211: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: brcmfmac: Annotate struct brcmf_gscan_config with __counted_by (bsc#1227149). - wifi: brcmfmac: Detect corner error case earlier with log (bsc#1227149). - wifi: brcmfmac: add linefeed at end of file (bsc#1227149). - wifi: brcmfmac: allow per-vendor event handling (bsc#1227149). - wifi: brcmfmac: do not cast hidden SSID attribute value to boolean (bsc#1227149). - wifi: brcmfmac: do not pass hidden SSID attribute as value directly (bsc#1227149). - wifi: brcmfmac: export firmware interface functions (bsc#1227149). - wifi: brcmfmac: firmware: Annotate struct brcmf_fw_request with __counted_by (bsc#1227149). - wifi: brcmfmac: fix format-truncation warnings (bsc#1227149). - wifi: brcmfmac: fix gnu_printf warnings (bsc#1227149). - wifi: brcmfmac: fweh: Add __counted_by for struct brcmf_fweh_queue_item and use struct_size() (bsc#1227149). - wifi: brcmfmac: fweh: Fix boot crash on Raspberry Pi 4 (bsc#1227149). - wifi: brcmfmac: move feature overrides before feature_disable (bsc#1227149). - wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (git-fixes). - wifi: brcmsmac: cleanup SCB-related data types (bsc#1227149). - wifi: brcmsmac: fix gnu_printf warnings (bsc#1227149). - wifi: brcmsmac: phy: Remove unreachable code (bsc#1227149). - wifi: brcmsmac: remove more unused data types (bsc#1227149). - wifi: brcmsmac: remove unused data type (bsc#1227149). - wifi: brcmsmac: replace deprecated strncpy with memcpy (bsc#1227149). - wifi: brcmsmac: silence sparse warnings (bsc#1227149). - wifi: brcmutil: use helper function pktq_empty() instead of open code (bsc#1227149). - wifi: carl9170: Remove redundant assignment to pointer super (bsc#1227149). - wifi: carl9170: remove unnecessary (void*) conversions (bsc#1227149). - wifi: cfg80211: Add support for setting TID to link mapping (bsc#1227149). - wifi: cfg80211: Allow AP/P2PGO to indicate port authorization to peer STA/P2PClient (bsc#1227149). - wifi: cfg80211: Extend support for scanning while MLO connected (bsc#1227149). - wifi: cfg80211: Fix typo in documentation (bsc#1227149). - wifi: cfg80211: Handle specific BSSID in 6GHz scanning (bsc#1227149). - wifi: cfg80211: Include operating class 137 in 6GHz band (bsc#1227149). - wifi: cfg80211: OWE DH IE handling offload (bsc#1227149). - wifi: cfg80211: Replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: cfg80211: Schedule regulatory check on BSS STA channel change (bsc#1227149). - wifi: cfg80211: Update the default DSCP-to-UP mapping (bsc#1227149). - wifi: cfg80211: add BSS usage reporting (bsc#1227149). - wifi: cfg80211: add RNR with reporting AP information (bsc#1227149). - wifi: cfg80211: add a flag to disable wireless extensions (bsc#1227149). - wifi: cfg80211: add local_state_change to deauth trace (bsc#1227149). - wifi: cfg80211: add locked debugfs wrappers (bsc#1227149). - wifi: cfg80211: add support for SPP A-MSDUs (bsc#1227149). - wifi: cfg80211: address several kerneldoc warnings (bsc#1227149). - wifi: cfg80211: allow reg update by driver even if wiphy->regd is set (bsc#1227149). - wifi: cfg80211: annotate iftype_data pointer with sparse (bsc#1227149). - wifi: cfg80211: avoid double free if updating BSS fails (bsc#1227149). - wifi: cfg80211: call reg_call_notifier on beacon hints (bsc#1227149). - wifi: cfg80211: check RTNL when iterating devices (bsc#1227149). - wifi: cfg80211: check wiphy mutex is held for wdev mutex (bsc#1227149). - wifi: cfg80211: consume both probe response and beacon IEs (bsc#1227149). - wifi: cfg80211: detect stuck ECSA element in probe resp (bsc#1227149). - wifi: cfg80211: ensure cfg80211_bss_update frees IEs on error (bsc#1227149). - wifi: cfg80211: export DFS CAC time and usable state helper functions (bsc#1227149). - wifi: cfg80211: expose nl80211_chan_width_to_mhz for wide sharing (bsc#1227149). - wifi: cfg80211: fix 6 GHz scan request building (stable-fixes). - wifi: cfg80211: fix CQM for non-range use (bsc#1227149). - wifi: cfg80211: fix header kernel-doc typos (bsc#1227149). - wifi: cfg80211: fix kernel-doc for wiphy_delayed_work_flush() (bsc#1227149). - wifi: cfg80211: fix spelling & punctutation (bsc#1227149). - wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (git-fixes). - wifi: cfg80211: generate an ML element for per-STA profiles (bsc#1227149). - wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (git-fixes). - wifi: cfg80211: handle UHB AP and STA power type (bsc#1227149). - wifi: cfg80211: hold wiphy lock in cfg80211_any_wiphy_oper_chan() (bsc#1227149). - wifi: cfg80211: hold wiphy mutex for send_interface (bsc#1227149). - wifi: cfg80211: improve documentation for flag fields (bsc#1227149). - wifi: cfg80211: introduce cfg80211_ssid_eq() (bsc#1227149). - wifi: cfg80211: make RX assoc data const (bsc#1227149). - wifi: cfg80211: make read-only array centers_80mhz static const (bsc#1227149). - wifi: cfg80211: modify prototype for change_beacon (bsc#1227149). - wifi: cfg80211: reg: Support P2P operation on DFS channels (bsc#1227149). - wifi: cfg80211: reg: describe return values in kernel-doc (bsc#1227149). - wifi: cfg80211: reg: fix various kernel-doc issues (bsc#1227149). - wifi: cfg80211: reg: hold wiphy mutex for wdev iteration (bsc#1227149). - wifi: cfg80211: remove scan_width support (bsc#1227149). - wifi: cfg80211: remove wdev mutex (bsc#1227149). - wifi: cfg80211: rename UHB to 6 GHz (bsc#1227149). - wifi: cfg80211: report per-link errors during association (bsc#1227149). - wifi: cfg80211: report unprotected deauth/disassoc in wowlan (bsc#1227149). - wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (git-fixes). - wifi: cfg80211: save power spectral density(psd) of regulatory rule (bsc#1227149). - wifi: cfg80211: set correct param change count in ML element (bsc#1227149). - wifi: cfg80211: sme: hold wiphy lock for wdev iteration (bsc#1227149). - wifi: cfg80211: sort certificates in build (bsc#1227149). - wifi: cfg80211: split struct cfg80211_ap_settings (bsc#1227149). - wifi: cfg80211: validate HE operation element parsing (bsc#1227149). - wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (stable-fixes). - wifi: cfg80211: wext: convert return value to kernel-doc (bsc#1227149). - wifi: cfg80211: wext: set ssids=NULL for passive scans (git-fixes). - wifi: cw1200: Avoid processing an invalid TIM IE (bsc#1227149). - wifi: cw1200: Convert to GPIO descriptors (bsc#1227149). - wifi: cw1200: fix __le16 sparse warnings (bsc#1227149). - wifi: cw1200: restore endian swapping (bsc#1227149). - wifi: drivers: Explicitly include correct DT includes (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for Broadcom WLAN (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for ar5523 (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for mt76 drivers (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for p54spi (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wcn36xx (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wilc1000 (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wl1251 and wl12xx (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wl18xx (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wlcore (bsc#1227149). - wifi: hostap: Add __counted_by for struct prism2_download_data and use struct_size() (bsc#1227149). - wifi: hostap: fix stringop-truncations GCC warning (bsc#1227149). - wifi: hostap: remove unused ioctl function (bsc#1227149). - wifi: ieee80211: add UL-bandwidth definition of trigger frame (bsc#1227149). - wifi: ieee80211: add definitions for negotiated TID to Link map (bsc#1227149). - wifi: ieee80211: check for NULL in ieee80211_mle_size_ok() (stable-fixes). - wifi: iwlmei: do not send SAP messages if AMT is disabled (bsc#1227149). - wifi: iwlmei: do not send nic info with invalid mac address (bsc#1227149). - wifi: iwlmei: send HOST_GOES_DOWN message even if wiamt is disabled (bsc#1227149). - wifi: iwlmei: send driver down SAP message only if wiamt is enabled (bsc#1227149). - wifi: iwlmvm: fw: Add new OEM vendor to tas approved list (bsc#1227149). - wifi: iwlwifi: Add rf_mapping of new wifi7 devices (bsc#1227149). - wifi: iwlwifi: Add support for PPAG cmd v5 and PPAG revision 3 (bsc#1227149). - wifi: iwlwifi: Add support for new 802.11be device (bsc#1227149). - wifi: iwlwifi: Do not mark DFS channels as NO-IR (bsc#1227149). - wifi: iwlwifi: Extract common prph mac/phy regions data dump logic (bsc#1227149). - wifi: iwlwifi: Fix spelling mistake 'SESION' -> 'SESSION' (bsc#1227149). - wifi: iwlwifi: Use request_module_nowait (bsc#1227149). - wifi: iwlwifi: abort scan when rfkill on but device enabled (bsc#1227149). - wifi: iwlwifi: add HONOR to PPAG approved list (bsc#1227149). - wifi: iwlwifi: add Razer to ppag approved list (bsc#1227149). - wifi: iwlwifi: add mapping of a periphery register crf for WH RF (bsc#1227149). - wifi: iwlwifi: add new RF support for wifi7 (bsc#1227149). - wifi: iwlwifi: add support for SNPS DPHYIP region type (bsc#1227149). - wifi: iwlwifi: add support for a wiphy_work rx handler (bsc#1227149). - wifi: iwlwifi: add support for activating UNII-1 in WW via BIOS (bsc#1227149). - wifi: iwlwifi: add support for new ini region types (bsc#1227149). - wifi: iwlwifi: adjust rx_phyinfo debugfs to MLO (bsc#1227149). - wifi: iwlwifi: always have 'uats_enabled' (bsc#1227149). - wifi: iwlwifi: api: clean up some kernel-doc/typos (bsc#1227149). - wifi: iwlwifi: api: dbg-tlv: fix up kernel-doc (bsc#1227149). - wifi: iwlwifi: api: fix a small upper/lower-case typo (bsc#1227149). - wifi: iwlwifi: api: fix center_freq label in PHY diagram (bsc#1227149). - wifi: iwlwifi: api: fix constant version to match FW (bsc#1227149). - wifi: iwlwifi: api: fix kernel-doc reference (bsc#1227149). - wifi: iwlwifi: bump FW API to 84 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: bump FW API to 86 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: bump FW API to 87 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: bump FW API to 88 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: cancel session protection only if there is one (bsc#1227149). - wifi: iwlwifi: change link id in time event to s8 (bsc#1227149). - wifi: iwlwifi: check for kmemdup() return value in iwl_parse_tlv_firmware() (bsc#1227149). - wifi: iwlwifi: cleanup BT Shared Single Antenna code (bsc#1227149). - wifi: iwlwifi: cleanup sending PER_CHAIN_LIMIT_OFFSET_CMD (bsc#1227149). - wifi: iwlwifi: cleanup uefi variables loading (bsc#1227149). - wifi: iwlwifi: clear link_id in time_event (bsc#1227149). - wifi: iwlwifi: dbg-tlv: avoid extra allocation/copy (bsc#1227149). - wifi: iwlwifi: dbg-tlv: use struct_size() for allocation (bsc#1227149). - wifi: iwlwifi: disable 160 MHz based on subsystem device ID (bsc#1227149). - wifi: iwlwifi: disable eSR when BT is active (bsc#1227149). - wifi: iwlwifi: disable multi rx queue for 9000 (bsc#1227149). - wifi: iwlwifi: do not check TAS block list size twice (bsc#1227149). - wifi: iwlwifi: do not use TRUE/FALSE with bool (bsc#1227149). - wifi: iwlwifi: drop NULL pointer check in iwl_mvm_tzone_set_trip_temp() (bsc#1227149). - wifi: iwlwifi: dvm: remove kernel-doc warnings (bsc#1227149). - wifi: iwlwifi: error-dump: fix kernel-doc issues (bsc#1227149). - wifi: iwlwifi: fail NIC access fast on dead NIC (bsc#1227149). - wifi: iwlwifi: fix #ifdef CONFIG_ACPI check (bsc#1227149). - wifi: iwlwifi: fix iwl_mvm_get_valid_rx_ant() (git-fixes). - wifi: iwlwifi: fix opmode start/stop race (bsc#1227149). - wifi: iwlwifi: fix some kernel-doc issues (bsc#1227149). - wifi: iwlwifi: fix system commands group ordering (bsc#1227149). - wifi: iwlwifi: fix the rf step and flavor bits range (bsc#1227149). - wifi: iwlwifi: fw: Add support for UATS table in UHB (bsc#1227149). - wifi: iwlwifi: fw: Fix debugfs command sending (bsc#1227149). - wifi: iwlwifi: fw: allow vmalloc for PNVM image (bsc#1227149). - wifi: iwlwifi: fw: dbg: ensure correct config name sizes (bsc#1227149). - wifi: iwlwifi: fw: disable firmware debug asserts (bsc#1227149). - wifi: iwlwifi: fw: file: clean up kernel-doc (bsc#1227149). - wifi: iwlwifi: fw: file: do not use [0] for variable arrays (bsc#1227149). - wifi: iwlwifi: fw: fix compiler warning for NULL string print (bsc#1227149). - wifi: iwlwifi: fw: increase fw_version string size (bsc#1227149). - wifi: iwlwifi: fw: reconstruct the API/CAPA enum number (bsc#1227149). - wifi: iwlwifi: fw: replace deprecated strncpy with strscpy_pad (bsc#1227149). - wifi: iwlwifi: handle per-phy statistics from fw (bsc#1227149). - wifi: iwlwifi: implement GLAI ACPI table loading (bsc#1227149). - wifi: iwlwifi: implement can_activate_links callback (bsc#1227149). - wifi: iwlwifi: implement enable/disable for China 2022 regulatory (bsc#1227149). - wifi: iwlwifi: iwl-fh.h: fix kernel-doc issues (bsc#1227149). - wifi: iwlwifi: iwl-trans.h: clean up kernel-doc (bsc#1227149). - wifi: iwlwifi: iwlmvm: handle unprotected deauth/disassoc in d3 (bsc#1227149). - wifi: iwlwifi: load b0 version of ucode for HR1/HR2 (bsc#1227149). - wifi: iwlwifi: make TB reallocation a debug message (bsc#1227149). - wifi: iwlwifi: make time_events MLO aware (bsc#1227149). - wifi: iwlwifi: mei: return error from register when not built (bsc#1227149). - wifi: iwlwifi: mvm: Add basic link selection logic (bsc#1227149). - wifi: iwlwifi: mvm: Add support for removing responder TKs (bsc#1227149). - wifi: iwlwifi: mvm: Allow DFS concurrent operation (bsc#1227149). - wifi: iwlwifi: mvm: Configure the link mapping for non-MLD FW (bsc#1227149). - wifi: iwlwifi: mvm: Correctly report TSF data in scan complete (bsc#1227149). - wifi: iwlwifi: mvm: Declare support for secure LTF measurement (bsc#1227149). - wifi: iwlwifi: mvm: Do not warn if valid link pair was not found (bsc#1227149). - wifi: iwlwifi: mvm: Do not warn on invalid link on scan complete (bsc#1227149). - wifi: iwlwifi: mvm: Extend support for P2P service discovery (bsc#1227149). - wifi: iwlwifi: mvm: Fix FTM initiator flags (bsc#1227149). - wifi: iwlwifi: mvm: Fix scan abort handling with HW rfkill (stable-fixes). - wifi: iwlwifi: mvm: Fix unreachable code path (bsc#1227149). - wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd (stable-fixes). - wifi: iwlwifi: mvm: Keep connection in case of missed beacons during RX (bsc#1227149). - wifi: iwlwifi: mvm: Return success if link could not be removed (bsc#1227149). - wifi: iwlwifi: mvm: Use the link ID provided in scan request (bsc#1227149). - wifi: iwlwifi: mvm: add US/Canada MCC to API (bsc#1227149). - wifi: iwlwifi: mvm: add a debug print when we get a BAR (bsc#1227149). - wifi: iwlwifi: mvm: add a debugfs hook to clear the monitor data (bsc#1227149). - wifi: iwlwifi: mvm: add a per-link debugfs (bsc#1227149). - wifi: iwlwifi: mvm: add a print when sending RLC command (bsc#1227149). - wifi: iwlwifi: mvm: add start mac ctdp sum calculation debugfs handler (bsc#1227149). - wifi: iwlwifi: mvm: add support for TID to link mapping neg request (bsc#1227149). - wifi: iwlwifi: mvm: add support for new wowlan_info_notif (bsc#1227149). - wifi: iwlwifi: mvm: advertise MLO only if EHT is enabled (bsc#1227149). - wifi: iwlwifi: mvm: advertise support for SCS traffic description (bsc#1227149). - wifi: iwlwifi: mvm: advertise support for protected ranging negotiation (bsc#1227149). - wifi: iwlwifi: mvm: always update keys in D3 exit (bsc#1227149). - wifi: iwlwifi: mvm: avoid garbage iPN (bsc#1227149). - wifi: iwlwifi: mvm: calculate EMLSR mode after connection (bsc#1227149). - wifi: iwlwifi: mvm: check AP supports EMLSR (bsc#1227149). - wifi: iwlwifi: mvm: check for iwl_mvm_mld_update_sta() errors (bsc#1227149). - wifi: iwlwifi: mvm: check link more carefully (bsc#1227149). - wifi: iwlwifi: mvm: check own capabilities for EMLSR (bsc#1227149). - wifi: iwlwifi: mvm: cleanup MLO and non-MLO unification code (bsc#1227149). - wifi: iwlwifi: mvm: combine condition/warning (bsc#1227149). - wifi: iwlwifi: mvm: consider having one active link (bsc#1227149). - wifi: iwlwifi: mvm: const-ify chandef pointers (bsc#1227149). - wifi: iwlwifi: mvm: cycle FW link on chanctx removal (bsc#1227149). - wifi: iwlwifi: mvm: d3: avoid intermediate/early mutex unlock (bsc#1227149). - wifi: iwlwifi: mvm: d3: disconnect on GTK rekey failure (bsc#1227149). - wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup (stable-fixes). - wifi: iwlwifi: mvm: d3: implement suspend with MLO (bsc#1227149). - wifi: iwlwifi: mvm: debugfs for fw system stats (bsc#1227149). - wifi: iwlwifi: mvm: define RX queue sync timeout as a macro (bsc#1227149). - wifi: iwlwifi: mvm: disable MLO for the time being (bsc#1227149). - wifi: iwlwifi: mvm: disallow puncturing in US/Canada (bsc#1227149). - wifi: iwlwifi: mvm: disconnect long CSA only w/o alternative (bsc#1227149). - wifi: iwlwifi: mvm: disconnect station vifs if recovery failed (bsc#1227149). - wifi: iwlwifi: mvm: do not abort queue sync in CT-kill (bsc#1227149). - wifi: iwlwifi: mvm: do not add dummy phy context (bsc#1227149). - wifi: iwlwifi: mvm: do not always disable EMLSR due to BT coex (bsc#1227149). - wifi: iwlwifi: mvm: do not do duplicate detection for nullfunc packets (bsc#1227149). - wifi: iwlwifi: mvm: do not limit VLP/AFC to UATS-enabled (git-fixes). - wifi: iwlwifi: mvm: do not send BT_COEX_CI command on new devices (bsc#1227149). - wifi: iwlwifi: mvm: do not send NDPs for new tx devices (bsc#1227149). - wifi: iwlwifi: mvm: do not send STA_DISABLE_TX_CMD for newer firmware (bsc#1227149). - wifi: iwlwifi: mvm: do not send the smart fifo command if not needed (bsc#1227149). - wifi: iwlwifi: mvm: do not set trigger frame padding in AP mode (bsc#1227149). - wifi: iwlwifi: mvm: do not support reduced tx power on ack for new devices (bsc#1227149). - wifi: iwlwifi: mvm: do not wake up rx_sync_waitq upon RFKILL (git-fixes). - wifi: iwlwifi: mvm: enable FILS DF Tx on non-PSC channel (bsc#1227149). - wifi: iwlwifi: mvm: enable HE TX/RX &lt;242 tone RU on new RFs (bsc#1227149). - wifi: iwlwifi: mvm: expand queue sync warning messages (bsc#1227149). - wifi: iwlwifi: mvm: extend alive timeout to 2 seconds (bsc#1227149). - wifi: iwlwifi: mvm: fix ROC version check (bsc#1227149). - wifi: iwlwifi: mvm: fix SB CFG check (bsc#1227149). - wifi: iwlwifi: mvm: fix a battery life regression (bsc#1227149). - wifi: iwlwifi: mvm: fix a crash on 7265 (bsc#1227149). - wifi: iwlwifi: mvm: fix kernel-doc (bsc#1227149). - wifi: iwlwifi: mvm: fix link ID management (bsc#1227149). - wifi: iwlwifi: mvm: fix recovery flow in CSA (bsc#1227149). - wifi: iwlwifi: mvm: fix regdb initialization (bsc#1227149). - wifi: iwlwifi: mvm: fix the PHY context resolution for p2p device (bsc#1227149). - wifi: iwlwifi: mvm: fix the TXF mapping for BZ devices (bsc#1227149). - wifi: iwlwifi: mvm: fix the key PN index (bsc#1227149). - wifi: iwlwifi: mvm: fix thermal kernel-doc (bsc#1227149). - wifi: iwlwifi: mvm: fold the ref++ into iwl_mvm_phy_ctxt_add (bsc#1227149). - wifi: iwlwifi: mvm: handle BA session teardown in RF-kill (stable-fixes). - wifi: iwlwifi: mvm: handle debugfs names more carefully (bsc#1227149). - wifi: iwlwifi: mvm: handle link-STA allocation in restart (bsc#1227149). - wifi: iwlwifi: mvm: implement ROC version 3 (bsc#1227149). - wifi: iwlwifi: mvm: implement new firmware API for statistics (bsc#1227149). - wifi: iwlwifi: mvm: increase session protection after CSA (bsc#1227149). - wifi: iwlwifi: mvm: introduce PHY_CONTEXT_CMD_API_VER_5 (bsc#1227149). - wifi: iwlwifi: mvm: introduce esr_disable_reason (bsc#1227149). - wifi: iwlwifi: mvm: iterate active links for STA queues (bsc#1227149). - wifi: iwlwifi: mvm: limit EHT 320 MHz MCS for STEP URM (bsc#1227149). - wifi: iwlwifi: mvm: limit pseudo-D3 to 60 seconds (bsc#1227149). - wifi: iwlwifi: mvm: log dropped frames (bsc#1227149). - wifi: iwlwifi: mvm: log dropped packets due to MIC error (bsc#1227149). - wifi: iwlwifi: mvm: make 'pldr_sync' mode effective (bsc#1227149). - wifi: iwlwifi: mvm: make functions public (bsc#1227149). - wifi: iwlwifi: mvm: make pldr_sync AX210 specific (bsc#1227149). - wifi: iwlwifi: mvm: move BA notif messages before action (bsc#1227149). - wifi: iwlwifi: mvm: move RU alloc B2 placement (bsc#1227149). - wifi: iwlwifi: mvm: move listen interval to constants (bsc#1227149). - wifi: iwlwifi: mvm: offload IGTK in AP if BIGTK is supported (bsc#1227149). - wifi: iwlwifi: mvm: partially support PHY context version 6 (bsc#1227149). - wifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF (bsc#1227149). - wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option (stable-fixes). - wifi: iwlwifi: mvm: reduce maximum RX A-MPDU size (bsc#1227149). - wifi: iwlwifi: mvm: refactor TX rate handling (bsc#1227149). - wifi: iwlwifi: mvm: refactor duplicate chanctx condition (bsc#1227149). - wifi: iwlwifi: mvm: remove EHT code from mac80211.c (bsc#1227149). - wifi: iwlwifi: mvm: remove IWL_MVM_STATUS_NEED_FLUSH_P2P (bsc#1227149). - wifi: iwlwifi: mvm: remove flags for enable/disable beacon filter (bsc#1227149). - wifi: iwlwifi: mvm: remove one queue sync on BA session stop (bsc#1227149). - wifi: iwlwifi: mvm: remove set_tim callback for MLD ops (bsc#1227149). - wifi: iwlwifi: mvm: remove stale STA link data during restart (stable-fixes). - wifi: iwlwifi: mvm: rework debugfs handling (bsc#1227149). - wifi: iwlwifi: mvm: show dump even for pldr_sync (bsc#1227149). - wifi: iwlwifi: mvm: show skb_mac_gso_segment() failure reason (bsc#1227149). - wifi: iwlwifi: mvm: simplify the reorder buffer (bsc#1227149). - wifi: iwlwifi: mvm: skip adding debugfs symlink for reconfig (bsc#1227149). - wifi: iwlwifi: mvm: support CSA with MLD (bsc#1227149). - wifi: iwlwifi: mvm: support SPP A-MSDUs (bsc#1227149). - wifi: iwlwifi: mvm: support flush on AP interfaces (bsc#1227149). - wifi: iwlwifi: mvm: support injection antenna control (bsc#1227149). - wifi: iwlwifi: mvm: support iwl_dev_tx_power_cmd_v8 (bsc#1227149). - wifi: iwlwifi: mvm: support set_antenna() (bsc#1227149). - wifi: iwlwifi: mvm: unlock mvm if there is no primary link (bsc#1227149). - wifi: iwlwifi: mvm: use fast balance scan in case of an active P2P GO (bsc#1227149). - wifi: iwlwifi: mvm: use the new command to clear the internal buffer (bsc#1227149). - wifi: iwlwifi: mvm: work around A-MSDU size problem (bsc#1227149). - wifi: iwlwifi: no power save during transition to D3 (bsc#1227149). - wifi: iwlwifi: nvm-parse: advertise common packet padding (bsc#1227149). - wifi: iwlwifi: nvm: parse the VLP/AFC bit from regulatory (bsc#1227149). - wifi: iwlwifi: pcie: (re-)assign BAR0 on driver bind (bsc#1227149). - wifi: iwlwifi: pcie: Add new PCI device id and CNVI (bsc#1227149). - wifi: iwlwifi: pcie: clean up WFPM control bits (bsc#1227149). - wifi: iwlwifi: pcie: clean up device removal work (bsc#1227149). - wifi: iwlwifi: pcie: clean up gen1/gen2 TFD unmap (bsc#1227149). - wifi: iwlwifi: pcie: do not allow hw-rfkill to stop device on gen2 (bsc#1227149). - wifi: iwlwifi: pcie: dump CSRs before removal (bsc#1227149). - wifi: iwlwifi: pcie: enable TOP fatal error interrupt (bsc#1227149). - wifi: iwlwifi: pcie: fix kernel-doc issues (bsc#1227149). - wifi: iwlwifi: pcie: get_crf_id() can be void (bsc#1227149). - wifi: iwlwifi: pcie: give up mem read if HW is dead (bsc#1227149). - wifi: iwlwifi: pcie: move gen1 TB handling to header (bsc#1227149). - wifi: iwlwifi: pcie: point invalid TFDs to invalid data (bsc#1227149). - wifi: iwlwifi: pcie: propagate iwl_pcie_gen2_apm_init() error (bsc#1227149). - wifi: iwlwifi: pcie: rescan bus if no parent (bsc#1227149). - wifi: iwlwifi: prepare for reading DSM from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading PPAG table from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading SAR tables from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading SPLC from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading TAS table from UEFI (bsc#1227149). - wifi: iwlwifi: properly check if link is active (bsc#1227149). - wifi: iwlwifi: properly set WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK (stable-fixes). - wifi: iwlwifi: queue: fix kernel-doc (bsc#1227149). - wifi: iwlwifi: queue: improve warning for no skb in reclaim (bsc#1227149). - wifi: iwlwifi: queue: move iwl_txq_gen2_set_tb() up (bsc#1227149). - wifi: iwlwifi: read DSM func 2 for specific RF types (bsc#1227149). - wifi: iwlwifi: read DSM functions from UEFI (bsc#1227149). - wifi: iwlwifi: read ECKV table from UEFI (bsc#1227149). - wifi: iwlwifi: read PPAG table from UEFI (bsc#1227149). - wifi: iwlwifi: read SAR tables from UEFI (bsc#1227149). - wifi: iwlwifi: read SPLC from UEFI (bsc#1227149). - wifi: iwlwifi: read WRDD table from UEFI (bsc#1227149). - wifi: iwlwifi: read WTAS table from UEFI (bsc#1227149). - wifi: iwlwifi: read mac step from aux register (bsc#1227149). - wifi: iwlwifi: refactor RX tracing (bsc#1227149). - wifi: iwlwifi: remove 'def_rx_queue' struct member (bsc#1227149). - wifi: iwlwifi: remove Gl A-step remnants (bsc#1227149). - wifi: iwlwifi: remove WARN from read_mem32() (bsc#1227149). - wifi: iwlwifi: remove async command callback (bsc#1227149). - wifi: iwlwifi: remove dead-code (bsc#1227149). - wifi: iwlwifi: remove extra kernel-doc (bsc#1227149). - wifi: iwlwifi: remove memory check for LMAC error address (bsc#1227149). - wifi: iwlwifi: remove retry loops in start (bsc#1227149). - wifi: iwlwifi: remove unused function prototype (bsc#1227149). - wifi: iwlwifi: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: iwlwifi: return negative -EINVAL instead of positive EINVAL (bsc#1227149). - wifi: iwlwifi: rfi: use a single DSM function for all RFI configurations (bsc#1227149). - wifi: iwlwifi: send EDT table to FW (bsc#1227149). - wifi: iwlwifi: separate TAS 'read-from-BIOS' and 'send-to-FW' flows (bsc#1227149). - wifi: iwlwifi: simplify getting DSM from ACPI (bsc#1227149). - wifi: iwlwifi: skip affinity setting on non-SMP (bsc#1227149). - wifi: iwlwifi: skip opmode start retries on dead transport (bsc#1227149). - wifi: iwlwifi: small cleanups in PPAG table flows (bsc#1227149). - wifi: iwlwifi: support link command version 2 (bsc#1227149). - wifi: iwlwifi: support link id in SESSION_PROTECTION_NOTIF (bsc#1227149). - wifi: iwlwifi: support link_id in SESSION_PROTECTION cmd (bsc#1227149). - wifi: iwlwifi: take SGOM and UATS code out of ACPI ifdef (bsc#1227149). - wifi: iwlwifi: take send-DSM-to-FW flows out of ACPI ifdef (bsc#1227149). - wifi: iwlwifi: trace full frames with TX status request (bsc#1227149). - wifi: iwlwifi: update context info structure definitions (bsc#1227149). - wifi: iwlwifi: use system_unbound_wq for debug dump (bsc#1227149). - wifi: iwlwifi: validate PPAG table when sent to FW (bsc#1227149). - wifi: lib80211: remove unused variables iv32 and iv16 (bsc#1227149). - wifi: libertas: Follow renaming of SPI 'master' to 'controller' (bsc#1227149). - wifi: libertas: add missing calls to cancel_work_sync() (bsc#1227149). - wifi: libertas: cleanup SDIO reset (bsc#1227149). - wifi: libertas: handle possible spu_write_u16() errors (bsc#1227149). - wifi: libertas: prefer kstrtoX() for simple integer conversions (bsc#1227149). - wifi: libertas: simplify list operations in free_if_spi_card() (bsc#1227149). - wifi: libertas: use convenient lists to manage SDIO packets (bsc#1227149). - wifi: mac80211: Add __counted_by for struct ieee802_11_elems and use struct_size() (bsc#1227149). - wifi: mac80211: Avoid address calculations via out of bounds array indexing (stable-fixes). - wifi: mac80211: Check if we had first beacon with relevant links (bsc#1227149). - wifi: mac80211: Do not force off-channel for management Tx with MLO (bsc#1227149). - wifi: mac80211: Do not include crypto/algapi.h (bsc#1227149). - wifi: mac80211: Extend support for scanning while MLO connected (bsc#1227149). - wifi: mac80211: Fix SMPS handling in the context of MLO (bsc#1227149). - wifi: mac80211: Notify the low level driver on change in MLO valid links (bsc#1227149). - wifi: mac80211: Print local link address during authentication (bsc#1227149). - wifi: mac80211: Recalc offload when monitor stop (git-fixes). - wifi: mac80211: Remove unused function declarations (bsc#1227149). - wifi: mac80211: Rename and update IEEE80211_VIF_DISABLE_SMPS_OVERRIDE (bsc#1227149). - wifi: mac80211: Replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: mac80211: Sanity check tx bitrate if not provided by driver (bsc#1227149). - wifi: mac80211: Schedule regulatory channels check on bandwith change (bsc#1227149). - wifi: mac80211: Skip association timeout update after comeback rejection (bsc#1227149). - wifi: mac80211: add a driver callback to add vif debugfs (bsc#1227149). - wifi: mac80211: add a driver callback to check active_links (bsc#1227149). - wifi: mac80211: add a flag to disallow puncturing (bsc#1227149). - wifi: mac80211: add back SPDX identifier (bsc#1227149). - wifi: mac80211: add ieee80211_tdls_sta_link_id() (stable-fixes). - wifi: mac80211: add link id to ieee80211_gtk_rekey_add() (bsc#1227149). - wifi: mac80211: add link id to mgd_prepare_tx() (bsc#1227149). - wifi: mac80211: add more ops assertions (bsc#1227149). - wifi: mac80211: add more warnings about inserting sta info (bsc#1227149). - wifi: mac80211: add support for SPP A-MSDUs (bsc#1227149). - wifi: mac80211: add support for mld in ieee80211_chswitch_done (bsc#1227149). - wifi: mac80211: add support for parsing TID to Link mapping element (bsc#1227149). - wifi: mac80211: add/remove driver debugfs entries as appropriate (bsc#1227149). - wifi: mac80211: additions to change_beacon() (bsc#1227149). - wifi: mac80211: address some kerneldoc warnings (bsc#1227149). - wifi: mac80211: allow 64-bit radiotap timestamps (bsc#1227149). - wifi: mac80211: allow for_each_sta_active_link() under RCU (bsc#1227149). - wifi: mac80211: apply mcast rate only if interface is up (stable-fixes). - wifi: mac80211: cancel multi-link reconf work on disconnect (git-fixes). - wifi: mac80211: chanctx emulation set CHANGE_CHANNEL when in_reconfig (git-fixes). - wifi: mac80211: check EHT/TTLM action frame length (bsc#1227149). - wifi: mac80211: check wiphy mutex in ops (bsc#1227149). - wifi: mac80211: cleanup airtime arithmetic with ieee80211_sta_keep_active() (bsc#1227149). - wifi: mac80211: cleanup auth_data only if association continues (bsc#1227149). - wifi: mac80211: convert A-MPDU work to wiphy work (bsc#1227149). - wifi: mac80211: correctly set active links upon TTLM (bsc#1227149). - wifi: mac80211: correcty limit wider BW TDLS STAs (git-fixes). - wifi: mac80211: debugfs: lock wiphy instead of RTNL (bsc#1227149). - wifi: mac80211: describe return values in kernel-doc (bsc#1227149). - wifi: mac80211: disable softirqs for queued frame handling (git-fixes). - wifi: mac80211: do not connect to an AP while it's in a CSA process (bsc#1227149). - wifi: mac80211: do not re-add debugfs entries during resume (bsc#1227149). - wifi: mac80211: do not select link ID if not provided in scan request (bsc#1227149). - wifi: mac80211: do not set ESS capab bit in assoc request (bsc#1227149). - wifi: mac80211: drop robust action frames before assoc (bsc#1227149). - wifi: mac80211: drop spurious WARN_ON() in ieee80211_ibss_csa_beacon() (bsc#1227149). - wifi: mac80211: ethtool: always hold wiphy mutex (bsc#1227149). - wifi: mac80211: ethtool: hold wiphy mutex (bsc#1227149). - wifi: mac80211: expand __ieee80211_data_to_8023() status (bsc#1227149). - wifi: mac80211: extend wiphy lock in interface removal (bsc#1227149). - wifi: mac80211: fix BA session teardown race (bsc#1227149). - wifi: mac80211: fix BSS_CHANGED_UNSOL_BCAST_PROBE_RESP (bsc#1227149). - wifi: mac80211: fix SMPS status handling (bsc#1227149). - wifi: mac80211: fix TXQ error path and cleanup (bsc#1227149). - wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (stable-fixes). - wifi: mac80211: fix a expired vs. cancel race in roc (bsc#1227149). - wifi: mac80211: fix advertised TTLM scheduling (bsc#1227149). - wifi: mac80211: fix another key installation error path (bsc#1227149). - wifi: mac80211: fix change_address deadlock during unregister (bsc#1227149). - wifi: mac80211: fix channel switch link data (bsc#1227149). - wifi: mac80211: fix driver debugfs for vif type change (bsc#1227149). - wifi: mac80211: fix error path key leak (bsc#1227149). - wifi: mac80211: fix header kernel-doc typos (bsc#1227149). - wifi: mac80211: fix ieee80211_drop_unencrypted_mgmt return type/value (bsc#1227149). - wifi: mac80211: fix monitor channel with chanctx emulation (bsc#1227149). - wifi: mac80211: fix potential key leak (bsc#1227149). - wifi: mac80211: fix spelling typo in comment (bsc#1227149). - wifi: mac80211: fix unsolicited broadcast probe config (bsc#1227149). - wifi: mac80211: fix various kernel-doc issues (bsc#1227149). - wifi: mac80211: fixes in FILS discovery updates (bsc#1227149). - wifi: mac80211: flush STA queues on unauthorization (bsc#1227149). - wifi: mac80211: flush wiphy work where appropriate (bsc#1227149). - wifi: mac80211: handle debugfs when switching to/from MLO (bsc#1227149). - wifi: mac80211: handle tasklet frames before stopping (stable-fixes). - wifi: mac80211: hold wiphy lock in netdev/link debugfs (bsc#1227149). - wifi: mac80211: hold wiphy_lock around concurrency checks (bsc#1227149). - wifi: mac80211: improve CSA/ECSA connection refusal (bsc#1227149). - wifi: mac80211: initialize SMPS mode correctly (bsc#1227149). - wifi: mac80211: lock wiphy for aggregation debugfs (bsc#1227149). - wifi: mac80211: lock wiphy in IP address notifier (bsc#1227149). - wifi: mac80211: make mgd_protect_tdls_discover MLO-aware (bsc#1227149). - wifi: mac80211: mesh: Remove unused function declaration mesh_ids_set_default() (bsc#1227149). - wifi: mac80211: mesh: fix some kdoc warnings (bsc#1227149). - wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (stable-fixes). - wifi: mac80211: move CSA finalize to wiphy work (bsc#1227149). - wifi: mac80211: move DFS CAC work to wiphy work (bsc#1227149). - wifi: mac80211: move TDLS work to wiphy work (bsc#1227149). - wifi: mac80211: move color change finalize to wiphy work (bsc#1227149). - wifi: mac80211: move dynamic PS to wiphy work (bsc#1227149). - wifi: mac80211: move filter reconfig to wiphy work (bsc#1227149). - wifi: mac80211: move key tailroom work to wiphy work (bsc#1227149). - wifi: mac80211: move link activation work to wiphy work (bsc#1227149). - wifi: mac80211: move monitor work to wiphy work (bsc#1227149). - wifi: mac80211: move tspec work to wiphy work (bsc#1227149). - wifi: mac80211: process and save negotiated TID to Link mapping request (bsc#1227149). - wifi: mac80211: purge TX queues in flush_queues flow (bsc#1227149). - wifi: mac80211: reduce iflist_mtx (bsc#1227149). - wifi: mac80211: reject MLO channel configuration if not supported (bsc#1227149). - wifi: mac80211: relax RCU check in for_each_vif_active_link() (bsc#1227149). - wifi: mac80211: remove RX_DROP_UNUSABLE (bsc#1227149). - wifi: mac80211: remove ampdu_mlme.mtx (bsc#1227149). - wifi: mac80211: remove chanctx_mtx (bsc#1227149). - wifi: mac80211: remove key_mtx (bsc#1227149). - wifi: mac80211: remove local->mtx (bsc#1227149). - wifi: mac80211: remove redundant ML element check (bsc#1227149). - wifi: mac80211: remove shifted rate support (bsc#1227149). - wifi: mac80211: remove sta_mtx (bsc#1227149). - wifi: mac80211: remove unnecessary struct forward declaration (bsc#1227149). - wifi: mac80211: rename ieee80211_tx_status() to ieee80211_tx_status_skb() (bsc#1227149). - wifi: mac80211: rename struct cfg80211_rx_assoc_resp to cfg80211_rx_assoc_resp_data (bsc#1227149). - wifi: mac80211: report per-link error during association (bsc#1227149). - wifi: mac80211: reset negotiated TTLM on disconnect (git-fixes). - wifi: mac80211: rework RX timestamp flags (bsc#1227149). - wifi: mac80211: rework ack_frame_id handling a bit (bsc#1227149). - wifi: mac80211: rx.c: fix sentence grammar (bsc#1227149). - wifi: mac80211: set wiphy for virtual monitors (bsc#1227149). - wifi: mac80211: simplify non-chanctx drivers (bsc#1227149). - wifi: mac80211: split ieee80211_drop_unencrypted_mgmt() return value (bsc#1227149). - wifi: mac80211: sta_info.c: fix sentence grammar (bsc#1227149). - wifi: mac80211: support antenna control in injection (bsc#1227149). - wifi: mac80211: support handling of advertised TID-to-link mapping (bsc#1227149). - wifi: mac80211: take MBSSID/EHT data also from probe resp (bsc#1227149). - wifi: mac80211: take wiphy lock for MAC addr change (bsc#1227149). - wifi: mac80211: tx: clarify conditions in if statement (bsc#1227149). - wifi: mac80211: update beacon counters per link basis (bsc#1227149). - wifi: mac80211: update some locking documentation (bsc#1227149). - wifi: mac80211: update the rx_chains after set_antenna() (bsc#1227149). - wifi: mac80211: use bandwidth indication element for CSA (bsc#1227149). - wifi: mac80211: use deflink and fix typo in link ID check (bsc#1227149). - wifi: mac80211: use wiphy locked debugfs for sdata/link (bsc#1227149). - wifi: mac80211: use wiphy locked debugfs helpers for agg_status (bsc#1227149). - wifi: mt7601u: delete dead code checking debugfs returns (bsc#1227149). - wifi: mt7601u: replace strlcpy() with strscpy() (bsc#1227149). - wifi: mt76: Annotate struct mt76_rx_tid with __counted_by (bsc#1227149). - wifi: mt76: Convert to platform remove callback returning void (bsc#1227149). - wifi: mt76: Remove redundant assignment to variable tidno (bsc#1227149). - wifi: mt76: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: mt76: Replace strlcpy() with strscpy() (bsc#1227149). - wifi: mt76: Use PTR_ERR_OR_ZERO() to simplify code (bsc#1227149). - wifi: mt76: add DMA mapping error check in mt76_alloc_txwi() (bsc#1227149). - wifi: mt76: add ability to explicitly forbid LED registration with DT (bsc#1227149). - wifi: mt76: add support for providing eeprom in nvmem cells (bsc#1227149). - wifi: mt76: add tx_nss histogram to ethtool stats (bsc#1227149). - wifi: mt76: change txpower init to per-phy (bsc#1227149). - wifi: mt76: check sta rx control frame to multibss capability (bsc#1227149). - wifi: mt76: check txs format before getting skb by pid (bsc#1227149). - wifi: mt76: check vif type before reporting cca and csa (bsc#1227149). - wifi: mt76: connac: add MBSSID support for mt7996 (bsc#1227149). - wifi: mt76: connac: add beacon duplicate TX mode support for mt7996 (bsc#1227149). - wifi: mt76: connac: add beacon protection support for mt7996 (bsc#1227149). - wifi: mt76: connac: add connac3 mac library (bsc#1227149). - wifi: mt76: connac: add data field in struct tlv (bsc#1227149). - wifi: mt76: connac: add eht support for phy mode config (bsc#1227149). - wifi: mt76: connac: add eht support for tx power (bsc#1227149). - wifi: mt76: connac: add firmware support for mt7992 (bsc#1227149). - wifi: mt76: connac: add more unified command IDs (bsc#1227149). - wifi: mt76: connac: add more unified event IDs (bsc#1227149). - wifi: mt76: connac: add new definition of tx descriptor (bsc#1227149). - wifi: mt76: connac: add support for dsp firmware download (bsc#1227149). - wifi: mt76: connac: add support to set ifs time by mcu command (bsc#1227149). - wifi: mt76: connac: add thermal protection support for mt7996 (bsc#1227149). - wifi: mt76: connac: check for null before dereferencing (bsc#1227149). - wifi: mt76: connac: export functions for mt7925 (bsc#1227149). - wifi: mt76: connac: introduce helper for mt7925 chipset (bsc#1227149). - wifi: mt76: connac: set correct muar_idx for mt799x chipsets (bsc#1227149). - wifi: mt76: connac: set fixed_bw bit in TX descriptor for fixed rate frames (bsc#1227149). - wifi: mt76: connac: use muar idx 0xe for non-mt799x as well (bsc#1227149). - wifi: mt76: disable HW AMSDU when using fixed rate (bsc#1227149). - wifi: mt76: dma: introduce __mt76_dma_queue_reset utility routine (bsc#1227149). - wifi: mt76: enable UNII-4 channel 177 support (bsc#1227149). - wifi: mt76: fix race condition related to checking tx queue fill status (bsc#1227149). - wifi: mt76: fix the issue of missing txpwr settings from ch153 to ch177 (bsc#1227149). - wifi: mt76: fix typo in mt76_get_of_eeprom_from_nvmem function (bsc#1227149). - wifi: mt76: increase MT_QFLAG_WED_TYPE size (bsc#1227149). - wifi: mt76: introduce mt76_queue_is_wed_tx_free utility routine (bsc#1227149). - wifi: mt76: introduce wed pointer in mt76_queue (bsc#1227149). - wifi: mt76: limit support of precal loading for mt7915 to MTD only (bsc#1227149). - wifi: mt76: make mt76_get_of_eeprom static again (bsc#1227149). - wifi: mt76: mmio: move mt76_mmio_wed_{init,release}_rx_buf in common code (bsc#1227149). - wifi: mt76: move ampdu_state in mt76_wcid (bsc#1227149). - wifi: mt76: move mt76_mmio_wed_offload_{enable,disable} in common code (bsc#1227149). - wifi: mt76: move mt76_net_setup_tc in common code (bsc#1227149). - wifi: mt76: move rate info in mt76_vif (bsc#1227149). - wifi: mt76: move wed reset common code in mt76 module (bsc#1227149). - wifi: mt76: mt7603: add missing register initialization for MT7628 (bsc#1227149). - wifi: mt76: mt7603: disable A-MSDU tx support on MT7628 (bsc#1227149). - wifi: mt76: mt7603: fix beacon interval after disabling a single vif (bsc#1227149). - wifi: mt76: mt7603: fix tx filter/flush function (bsc#1227149). - wifi: mt76: mt7603: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7603: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt7615: add missing chanctx ops (bsc#1227149). - wifi: mt76: mt7615: enable BSS_CHANGED_MU_GROUPS support (bsc#1227149). - wifi: mt76: mt7615: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7615: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt76_connac3: move lmac queue enumeration in mt76_connac3_mac.h (bsc#1227149). - wifi: mt76: mt76x02: fix return value check in mt76x02_mac_process_rx (bsc#1227149). - wifi: mt76: mt76x2u: add netgear wdna3100v3 to device table (bsc#1227149). - wifi: mt76: mt7915 add tc offloading support (bsc#1227149). - wifi: mt76: mt7915: accumulate mu-mimo ofdma muru stats (bsc#1227149). - wifi: mt76: mt7915: add locking for accessing mapped registers (bsc#1227149). - wifi: mt76: mt7915: add missing chanctx ops (bsc#1227149). - wifi: mt76: mt7915: add support for MT7981 (bsc#1227149). - wifi: mt76: mt7915: also MT7981 is 3T3R but nss2 on 5 GHz band (bsc#1227149). - wifi: mt76: mt7915: disable WFDMA Tx/Rx during SER recovery (bsc#1227149). - wifi: mt76: mt7915: drop return in mt7915_sta_statistics (bsc#1227149). - wifi: mt76: mt7915: fix EEPROM offset of TSSI flag on MT7981 (bsc#1227149). - wifi: mt76: mt7915: fix error recovery with WED enabled (bsc#1227149). - wifi: mt76: mt7915: fix monitor mode issues (bsc#1227149). - wifi: mt76: mt7915: move mib_stats structure in mt76.h (bsc#1227149). - wifi: mt76: mt7915: move poll_list in mt76_wcid (bsc#1227149). - wifi: mt76: mt7915: move sta_poll_list and sta_poll_lock in mt76_dev (bsc#1227149). - wifi: mt76: mt7915: report tx retries/failed counts for non-WED path (bsc#1227149). - wifi: mt76: mt7915: update mpdu density capability (bsc#1227149). - wifi: mt76: mt7915: update mt798x_wmac_adie_patch_7976 (bsc#1227149). - wifi: mt76: mt7921: Support temp sensor (bsc#1227149). - wifi: mt76: mt7921: add 6GHz power type support for clc (bsc#1227149). - wifi: mt76: mt7921: convert acpisar and clc pointers to void (bsc#1227149). - wifi: mt76: mt7921: enable set txpower for UNII-4 (bsc#1227149). - wifi: mt76: mt7921: fix 6GHz disabled by the missing default CLC config (bsc#1227149). - wifi: mt76: mt7921: fix CLC command timeout when suspend/resume (bsc#1227149). - wifi: mt76: mt7921: fix a potential association failure upon resuming (bsc#1227149). - wifi: mt76: mt7921: fix kernel panic by accessing invalid 6GHz channel info (bsc#1227149). - wifi: mt76: mt7921: fix suspend issue on MediaTek COB platform (bsc#1227149). - wifi: mt76: mt7921: fix the unfinished command of regd_notifier before suspend (bsc#1227149). - wifi: mt76: mt7921: fix wrong 6Ghz power type (bsc#1227149). - wifi: mt76: mt7921: get regulatory information from the clc event (bsc#1227149). - wifi: mt76: mt7921: get rid of MT7921_RESET_TIMEOUT marco (bsc#1227149). - wifi: mt76: mt7921: make mt7921_mac_sta_poll static (bsc#1227149). - wifi: mt76: mt7921: move acpi_sar code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move common register definition in mt792x_regs.h (bsc#1227149). - wifi: mt76: mt7921: move connac nic capability handling to mt7921 (bsc#1227149). - wifi: mt76: mt7921: move debugfs shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move dma shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move hif_ops macro in mt792x.h (bsc#1227149). - wifi: mt76: mt7921: move init shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move mac shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move mt7921_dma_init in pci.c (bsc#1227149). - wifi: mt76: mt7921: move mt7921u_disconnect mt792x-lib (bsc#1227149). - wifi: mt76: mt7921: move mt792x_hw_dev in mt792x.h (bsc#1227149). - wifi: mt76: mt7921: move mt792x_mutex_{acquire/release} in mt792x.h (bsc#1227149). - wifi: mt76: mt7921: move runtime-pm pci code in mt792x-lib (bsc#1227149). - wifi: mt76: mt7921: move shared runtime-pm code on mt792x-lib (bsc#1227149). - wifi: mt76: mt7921: reduce the size of MCU firmware download Rx queue (bsc#1227149). - wifi: mt76: mt7921: rely on mib_stats shared definition (bsc#1227149). - wifi: mt76: mt7921: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7921: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt7921: remove macro duplication in regs.h (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_dev in mt792x_dev (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_hif_ops in mt792x_hif_ops (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_phy in mt792x_phy (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_sta in mt792x_sta (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_vif in mt792x_vif (bsc#1227149). - wifi: mt76: mt7921: support 5.9/6GHz channel config in acpi (bsc#1227149). - wifi: mt76: mt7921: update the channel usage when the regd domain changed (bsc#1227149). - wifi: mt76: mt7921e: report tx retries/failed counts in tx free event (bsc#1227149). - wifi: mt76: mt7925: add Mediatek Wi-Fi7 driver for mt7925 chips (bsc#1227149). - wifi: mt76: mt7925: add flow to avoid chip bt function fail (bsc#1227149). - wifi: mt76: mt7925: add support to set ifs time by mcu command (bsc#1227149). - wifi: mt76: mt7925: ensure 4-byte alignment for suspend & wow command (bsc#1227149). - wifi: mt76: mt7925: fix SAP no beacon issue in 5Ghz and 6Ghz band (bsc#1227149). - wifi: mt76: mt7925: fix WoW failed in encrypted mode (bsc#1227149). - wifi: mt76: mt7925: fix connect to 80211b mode fail in 2Ghz band (bsc#1227149). - wifi: mt76: mt7925: fix fw download fail (bsc#1227149). - wifi: mt76: mt7925: fix mcu query command fail (bsc#1227149). - wifi: mt76: mt7925: fix the wrong data type for scan command (bsc#1227149). - wifi: mt76: mt7925: fix the wrong header translation config (bsc#1227149). - wifi: mt76: mt7925: fix typo in mt7925_init_he_caps (bsc#1227149). - wifi: mt76: mt7925: fix wmm queue mapping (bsc#1227149). - wifi: mt76: mt7925: remove iftype from mt7925_init_eht_caps signature (bsc#1227149). - wifi: mt76: mt7925: support temperature sensor (bsc#1227149). - wifi: mt76: mt7925: update PCIe DMA settings (bsc#1227149). - wifi: mt76: mt7925e: fix use-after-free in free_irq() (bsc#1227149). - wifi: mt76: mt792x: add the illegal value check for mtcl table of acpi (bsc#1227149). - wifi: mt76: mt792x: fix ethtool warning (bsc#1227149). - wifi: mt76: mt792x: introduce mt792x-lib module (bsc#1227149). - wifi: mt76: mt792x: introduce mt792x-usb module (bsc#1227149). - wifi: mt76: mt792x: introduce mt792x_irq_map (bsc#1227149). - wifi: mt76: mt792x: move MT7921_PM_TIMEOUT and MT7921_HW_SCAN_TIMEOUT in common code (bsc#1227149). - wifi: mt76: mt792x: move more dma shared code in mt792x_dma (bsc#1227149). - wifi: mt76: mt792x: move mt7921_load_firmware in mt792x-lib module (bsc#1227149). - wifi: mt76: mt792x: move mt7921_skb_add_usb_sdio_hdr in mt792x module (bsc#1227149). - wifi: mt76: mt792x: move shared structure definition in mt792x.h (bsc#1227149). - wifi: mt76: mt792x: move some common usb code in mt792x module (bsc#1227149). - wifi: mt76: mt792x: support mt7925 chip init (bsc#1227149). - wifi: mt76: mt792x: update the country list of EU for ACPI SAR (bsc#1227149). - wifi: mt76: mt792xu: enable dmashdl support (bsc#1227149). - wifi: mt76: mt7996: Add mcu commands for getting sta tx statistic (bsc#1227149). - wifi: mt76: mt7996: Use DECLARE_FLEX_ARRAY() and fix -Warray-bounds warnings (bsc#1227149). - wifi: mt76: mt7996: add DMA support for mt7992 (bsc#1227149). - wifi: mt76: mt7996: add TX statistics for EHT mode in debugfs (bsc#1227149). - wifi: mt76: mt7996: add muru support (bsc#1227149). - wifi: mt76: mt7996: add sanity checks for background radar trigger (stable-fixes). - wifi: mt76: mt7996: add support for variants with auxiliary RX path (bsc#1227149). - wifi: mt76: mt7996: add thermal sensor device support (bsc#1227149). - wifi: mt76: mt7996: add txpower setting support (bsc#1227149). - wifi: mt76: mt7996: adjust WFDMA settings to improve performance (bsc#1227149). - wifi: mt76: mt7996: adjust interface num and wtbl size for mt7992 (bsc#1227149). - wifi: mt76: mt7996: align the format of fixed rate command (bsc#1227149). - wifi: mt76: mt7996: check txs format before getting skb by pid (bsc#1227149). - wifi: mt76: mt7996: disable WFDMA Tx/Rx during SER recovery (bsc#1227149). - wifi: mt76: mt7996: drop return in mt7996_sta_statistics (bsc#1227149). - wifi: mt76: mt7996: enable BSS_CHANGED_MU_GROUPS support (bsc#1227149). - wifi: mt76: mt7996: enable PPDU-TxS to host (bsc#1227149). - wifi: mt76: mt7996: enable VHT extended NSS BW feature (bsc#1227149). - wifi: mt76: mt7996: ensure 4-byte alignment for beacon commands (bsc#1227149). - wifi: mt76: mt7996: fix alignment of sta info event (bsc#1227149). - wifi: mt76: mt7996: fix fortify warning (bsc#1227149). - wifi: mt76: mt7996: fix fw loading timeout (bsc#1227149). - wifi: mt76: mt7996: fix mt7996_mcu_all_sta_info_event struct packing (bsc#1227149). - wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature (bsc#1227149). - wifi: mt76: mt7996: fix size of txpower MCU command (bsc#1227149). - wifi: mt76: mt7996: fix uninitialized variable in mt7996_irq_tasklet() (bsc#1227149). - wifi: mt76: mt7996: fix uninitialized variable in parsing txfree (bsc#1227149). - wifi: mt76: mt7996: get tx_retries and tx_failed from txfree (bsc#1227149). - wifi: mt76: mt7996: handle IEEE80211_RC_SMPS_CHANGED (bsc#1227149). - wifi: mt76: mt7996: increase tx token size (bsc#1227149). - wifi: mt76: mt7996: introduce mt7996_band_valid() (bsc#1227149). - wifi: mt76: mt7996: mark GCMP IGTK unsupported (bsc#1227149). - wifi: mt76: mt7996: move radio ctrl commands to proper functions (bsc#1227149). - wifi: mt76: mt7996: only set vif teardown cmds at remove interface (bsc#1227149). - wifi: mt76: mt7996: rely on mib_stats shared definition (bsc#1227149). - wifi: mt76: mt7996: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7996: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt7996: remove TXS queue setting (bsc#1227149). - wifi: mt76: mt7996: remove periodic MPDU TXS request (bsc#1227149). - wifi: mt76: mt7996: rework ampdu params setting (bsc#1227149). - wifi: mt76: mt7996: rework register offsets for mt7992 (bsc#1227149). - wifi: mt76: mt7996: set DMA mask to 36 bits for boards with more than 4GB of RAM (bsc#1227149). - wifi: mt76: mt7996: support more options for mt7996_set_bitrate_mask() (bsc#1227149). - wifi: mt76: mt7996: support mt7992 eeprom loading (bsc#1227149). - wifi: mt76: mt7996: support per-band LED control (bsc#1227149). - wifi: mt76: mt7996: switch to mcu command for TX GI report (bsc#1227149). - wifi: mt76: mt7996: use u16 for val field in mt7996_mcu_set_rro signature (bsc#1227149). - wifi: mt76: permit to load precal from NVMEM cell for mt7915 (bsc#1227149). - wifi: mt76: permit to use alternative cell name to eeprom NVMEM load (bsc#1227149). - wifi: mt76: reduce spin_lock_bh held up in mt76_dma_rx_cleanup (bsc#1227149). - wifi: mt76: replace skb_put with skb_put_zero (stable-fixes). - wifi: mt76: report non-binding skb tx rate when WED is active (bsc#1227149). - wifi: mt76: set page_pool napi pointer for mmio devices (bsc#1227149). - wifi: mt76: split get_of_eeprom in subfunction (bsc#1227149). - wifi: mt76: usb: create a dedicated queue for psd traffic (bsc#1227149). - wifi: mt76: usb: store usb endpoint in mt76_queue (bsc#1227149). - wifi: mt76: use atomic iface iteration for pre-TBTT work (bsc#1227149). - wifi: mt76: use chainmask for power delta calculation (bsc#1227149). - wifi: mwifiex: Drop unused headers (bsc#1227149). - wifi: mwifiex: Fix interface type change (git-fixes). - wifi: mwifiex: Refactor 1-element array into flexible array in struct mwifiex_ie_types_chan_list_param_set (bsc#1227149). - wifi: mwifiex: Replace one-element array with flexible-array member in struct mwifiex_ie_types_rxba_sync (bsc#1227149). - wifi: mwifiex: Set WIPHY_FLAG_NETNS_OK flag (bsc#1227149). - wifi: mwifiex: Use default @max_active for workqueues (bsc#1227149). - wifi: mwifiex: Use helpers to check multicast addresses (bsc#1227149). - wifi: mwifiex: Use list_count_nodes() (bsc#1227149). - wifi: mwifiex: cleanup adapter data (bsc#1227149). - wifi: mwifiex: cleanup private data structures (bsc#1227149). - wifi: mwifiex: cleanup struct mwifiex_sdio_mpa_rx (bsc#1227149). - wifi: mwifiex: drop BUG_ON from TX paths (bsc#1227149). - wifi: mwifiex: fix comment typos in SDIO module (bsc#1227149). - wifi: mwifiex: followup PCIE and related cleanups (bsc#1227149). - wifi: mwifiex: handle possible mwifiex_write_reg() errors (bsc#1227149). - wifi: mwifiex: handle possible sscanf() errors (bsc#1227149). - wifi: mwifiex: mwifiex_process_sleep_confirm_resp(): remove unused priv variable (bsc#1227149). - wifi: mwifiex: prefer strscpy() over strlcpy() (bsc#1227149). - wifi: mwifiex: simplify PCIE write operations (bsc#1227149). - wifi: mwifiex: use MODULE_FIRMWARE to add firmware files metadata (bsc#1227149). - wifi: mwifiex: use cfg80211_ssid_eq() instead of mwifiex_ssid_cmp() (bsc#1227149). - wifi: mwifiex: use is_zero_ether_addr() instead of ether_addr_equal() (bsc#1227149). - wifi: mwifiex: use kstrtoX_from_user() in debugfs handlers (bsc#1227149). - wifi: nl80211: Extend del pmksa support for SAE and OWE security (bsc#1227149). - wifi: nl80211: Remove unused declaration nl80211_pmsr_dump_results() (bsc#1227149). - wifi: nl80211: additions to NL80211_CMD_SET_BEACON (bsc#1227149). - wifi: nl80211: allow reporting wakeup for unprot deauth/disassoc (bsc#1227149). - wifi: nl80211: fixes to FILS discovery updates (bsc#1227149). - wifi: nl80211: refactor nl80211_send_mlme_event() arguments (bsc#1227149). - wifi: p54: Add missing MODULE_FIRMWARE macro (bsc#1227149). - wifi: p54: Annotate struct p54_cal_database with __counted_by (bsc#1227149). - wifi: p54: fix GCC format truncation warning with wiphy->fw_version (bsc#1227149). - wifi: plfxlc: Drop unused include (bsc#1227149). - wifi: radiotap: add bandwidth definition of EHT U-SIG (bsc#1227149). - wifi: remove unused argument of ieee80211_get_tdls_action() (bsc#1227149). - wifi: rsi: fix restricted __le32 degrades to integer sparse warnings (bsc#1227149). - wifi: rsi: rsi_91x_coex: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_debugfs: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_hal: Remove unnecessary conversions (bsc#1227149). - wifi: rsi: rsi_91x_mac80211: Remove unnecessary conversions (bsc#1227149). - wifi: rsi: rsi_91x_main: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_sdio: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_sdio_ops: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_usb: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_usb_ops: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rt2x00: Simplify bool conversion (bsc#1227149). - wifi: rt2x00: correct MAC_SYS_CTRL register RX mask in R-Calibration (bsc#1227149). - wifi: rt2x00: disable RTS threshold for rt2800 by default (bsc#1227149). - wifi: rt2x00: fix MT7620 low RSSI issue (bsc#1227149). - wifi: rt2x00: fix rt2800 watchdog function (bsc#1227149). - wifi: rt2x00: fix the typo in comments (bsc#1227149). - wifi: rt2x00: improve MT7620 register initialization (bsc#1227149). - wifi: rt2x00: introduce DMA busy check watchdog for rt2800 (bsc#1227149). - wifi: rt2x00: limit MT7620 TX power based on eeprom calibration (bsc#1227149). - wifi: rt2x00: make watchdog param per device (bsc#1227149). - wifi: rt2x00: remove redundant check if u8 array element is less than zero (bsc#1227149). - wifi: rt2x00: remove useless code in rt2x00queue_create_tx_descriptor() (bsc#1227149). - wifi: rt2x00: rework MT7620 PA/LNA RF calibration (bsc#1227149). - wifi: rt2x00: rework MT7620 channel config function (bsc#1227149). - wifi: rt2x00: silence sparse warnings (bsc#1227149). - wifi: rt2x00: simplify rt2x00crypto_rx_insert_iv() (bsc#1227149). - wifi: rtl8xxxu: 8188e: convert usage of priv->vif to priv->vifs[0] (bsc#1227149). - wifi: rtl8xxxu: 8188f: Limit TX power index (git-fixes). - wifi: rtl8xxxu: Actually use macid in rtl8xxxu_gen2_report_connect (bsc#1227149). - wifi: rtl8xxxu: Add TP-Link TL-WN823N V2 (bsc#1227149). - wifi: rtl8xxxu: Add a description about the device ID 0x7392:0xb722 (bsc#1227149). - wifi: rtl8xxxu: Add beacon functions (bsc#1227149). - wifi: rtl8xxxu: Add parameter force to rtl8xxxu_refresh_rate_mask (bsc#1227149). - wifi: rtl8xxxu: Add parameter macid to update_rate_mask (bsc#1227149). - wifi: rtl8xxxu: Add parameter role to report_connect (bsc#1227149). - wifi: rtl8xxxu: Add set_tim() callback (bsc#1227149). - wifi: rtl8xxxu: Add sta_add() and sta_remove() callbacks (bsc#1227149). - wifi: rtl8xxxu: Add start_ap() callback (bsc#1227149). - wifi: rtl8xxxu: Allow creating interface in AP mode (bsc#1227149). - wifi: rtl8xxxu: Allow setting rts threshold to -1 (bsc#1227149). - wifi: rtl8xxxu: Clean up filter configuration (bsc#1227149). - wifi: rtl8xxxu: Declare AP mode support for 8188f (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8192EU (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8192FU (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8710BU (RTL8188GU) (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8723BU (bsc#1227149). - wifi: rtl8xxxu: Enable hw seq for mgmt/non-QoS data frames (bsc#1227149). - wifi: rtl8xxxu: Fix LED control code of RTL8192FU (bsc#1227149). - wifi: rtl8xxxu: Fix off by one initial RTS rate (bsc#1227149). - wifi: rtl8xxxu: Put the macid in txdesc (bsc#1227149). - wifi: rtl8xxxu: Remove usage of ieee80211_get_tx_rate() (bsc#1227149). - wifi: rtl8xxxu: Remove usage of tx_info->control.rates[0].flags (bsc#1227149). - wifi: rtl8xxxu: Rename some registers (bsc#1227149). - wifi: rtl8xxxu: Select correct queue for beacon frames (bsc#1227149). - wifi: rtl8xxxu: Set maximum number of supported stations (bsc#1227149). - wifi: rtl8xxxu: Support USB RX aggregation for the newer chips (bsc#1227149). - wifi: rtl8xxxu: Support new chip RTL8192FU (bsc#1227149). - wifi: rtl8xxxu: add hw crypto support for AP mode (bsc#1227149). - wifi: rtl8xxxu: add macids for STA mode (bsc#1227149). - wifi: rtl8xxxu: add missing number of sec cam entries for all variants (bsc#1227149). - wifi: rtl8xxxu: check vif before using in rtl8xxxu_tx() (bsc#1227149). - wifi: rtl8xxxu: convert EN_DESC_ID of TX descriptor to le32 type (bsc#1227149). - wifi: rtl8xxxu: declare concurrent mode support for 8188f (bsc#1227149). - wifi: rtl8xxxu: do not parse CFO, if both interfaces are connected in STA mode (bsc#1227149). - wifi: rtl8xxxu: enable MFP support with security flag of RX descriptor (bsc#1227149). - wifi: rtl8xxxu: enable channel switch support (bsc#1227149). - wifi: rtl8xxxu: extend check for matching bssid to both interfaces (bsc#1227149). - wifi: rtl8xxxu: extend wifi connected check to both interfaces (bsc#1227149). - wifi: rtl8xxxu: fix error messages (bsc#1227149). - wifi: rtl8xxxu: fix mixed declarations in rtl8xxxu_set_aifs() (bsc#1227149). - wifi: rtl8xxxu: make instances of iface limit and combination to be static const (bsc#1227149). - wifi: rtl8xxxu: make supporting AP mode only on port 0 transparent (bsc#1227149). - wifi: rtl8xxxu: mark TOTOLINK N150UA V5/N150UA-B as tested (bsc#1227149). - wifi: rtl8xxxu: prepare supporting two virtual interfaces (bsc#1227149). - wifi: rtl8xxxu: remove assignment of priv->vif in rtl8xxxu_bss_info_changed() (bsc#1227149). - wifi: rtl8xxxu: remove obsolete priv->vif (bsc#1227149). - wifi: rtl8xxxu: rtl8xxxu_rx_complete(): remove unnecessary return (bsc#1227149). - wifi: rtl8xxxu: support multiple interface in start_ap() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in bss_info_changed() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in configure_filter() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in set_aifs() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in update_beacon_work_callback() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in watchdog_callback() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in {add,remove}_interface() (bsc#1227149). - wifi: rtl8xxxu: support setting bssid register for multiple interfaces (bsc#1227149). - wifi: rtl8xxxu: support setting linktype for both interfaces (bsc#1227149). - wifi: rtl8xxxu: support setting mac address register for both interfaces (bsc#1227149). - wifi: rtl8xxxu: update rate mask per sta (bsc#1227149). - wifi: rtlwifi: Convert to use PCIe capability accessors (bsc#1227149). - wifi: rtlwifi: Ignore IEEE80211_CONF_CHANGE_RETRY_LIMITS (bsc#1227149). - wifi: rtlwifi: Remove bridge vendor/device ids (bsc#1227149). - wifi: rtlwifi: Remove rtl_intf_ops.read_efuse_byte (bsc#1227149). - wifi: rtlwifi: Remove unused PCI related defines and struct (bsc#1227149). - wifi: rtlwifi: Speed up firmware loading for USB (bsc#1227149). - wifi: rtlwifi: cleanup USB interface (bsc#1227149). - wifi: rtlwifi: cleanup few rtlxxx_tx_fill_desc() routines (bsc#1227149). - wifi: rtlwifi: cleanup few rtlxxxx_set_hw_reg() routines (bsc#1227149). - wifi: rtlwifi: cleanup struct rtl_hal (bsc#1227149). - wifi: rtlwifi: cleanup struct rtl_phy (bsc#1227149). - wifi: rtlwifi: cleanup struct rtl_ps_ctl (bsc#1227149). - wifi: rtlwifi: drop chk_switch_dmdp() from HAL interface (bsc#1227149). - wifi: rtlwifi: drop fill_fake_txdesc() from HAL interface (bsc#1227149). - wifi: rtlwifi: drop pre_fill_tx_bd_desc() from HAL interface (bsc#1227149). - wifi: rtlwifi: drop unused const_amdpci_aspm (bsc#1227149). - wifi: rtlwifi: remove misused flag from HAL data (bsc#1227149). - wifi: rtlwifi: remove unreachable code in rtl92d_dm_check_edca_turbo() (bsc#1227149). - wifi: rtlwifi: remove unused dualmac control leftovers (bsc#1227149). - wifi: rtlwifi: remove unused timer and related code (bsc#1227149). - wifi: rtlwifi: rtl8192cu: Fix 2T2R chip type detection (bsc#1227149). - wifi: rtlwifi: rtl8192cu: Fix TX aggregation (bsc#1227149). - wifi: rtlwifi: rtl8192de: Do not read register in _rtl92de_query_rxphystatus (bsc#1227149). - wifi: rtlwifi: rtl8723: Remove unused function rtl8723_cmd_send_packet() (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Access full PMCS reg and use pci_regs.h (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Add pdev into _rtl8821ae_clear_pci_pme_status() (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Remove unnecessary PME_Status bit set (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Reverse PM Capability exists check (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Use pci_find_capability() (bsc#1227149). - wifi: rtlwifi: rtl8821ae: phy: remove some useless code (bsc#1227149). - wifi: rtlwifi: rtl8821ae: phy: using calculate_bit_shift() (bsc#1227149). - wifi: rtlwifi: rtl92ee_dm_dynamic_primary_cca_check(): fix typo in function name (bsc#1227149). - wifi: rtlwifi: rtl_usb: Store the endpoint addresses (bsc#1227149). - wifi: rtlwifi: rtl_usb: Use sync register writes (bsc#1227149). - wifi: rtlwifi: set initial values for unexpected cases of USB endpoint priority (bsc#1227149). - wifi: rtlwifi: simplify LED management (bsc#1227149). - wifi: rtlwifi: simplify TX command fill callbacks (bsc#1227149). - wifi: rtlwifi: simplify rtl_action_proc() and rtl_tx_agg_start() (bsc#1227149). - wifi: rtlwifi: use convenient list_count_nodes() (bsc#1227149). - wifi: rtlwifi: use eth_broadcast_addr() to assign broadcast address (bsc#1227149). - wifi: rtlwifi: use helper function rtl_get_hdr() (bsc#1227149). - wifi: rtlwifi: use unsigned long for bt_coexist_8723 timestamp (bsc#1227149). - wifi: rtlwifi: use unsigned long for rtl_bssid_entry timestamp (bsc#1227149). - wifi: rtw88: 8821c: tweak CCK TX filter setting for SRRC regulation (bsc#1227149). - wifi: rtw88: 8821c: update TX power limit to V67 (bsc#1227149). - wifi: rtw88: 8822c: update TX power limit to V70 (bsc#1227149). - wifi: rtw88: 8822ce: refine power parameters for RFE type 5 (bsc#1227149). - wifi: rtw88: Add support for the SDIO based RTL8723DS chipset (bsc#1227149). - wifi: rtw88: Fix AP mode incorrect DTIM behavior (bsc#1227149). - wifi: rtw88: Fix action frame transmission fail before association (bsc#1227149). - wifi: rtw88: Skip high queue in hci_flush (bsc#1227149). - wifi: rtw88: Stop high queue during scan (bsc#1227149). - wifi: rtw88: Use random MAC when efuse MAC invalid (bsc#1227149). - wifi: rtw88: add missing unwind goto for __rtw_download_firmware() (bsc#1227149). - wifi: rtw88: debug: add to check if debug mask is enabled (bsc#1227149). - wifi: rtw88: debug: remove wrapper of rtw_dbg() (bsc#1227149). - wifi: rtw88: dump firmware debug information in abnormal state (bsc#1227149). - wifi: rtw88: fix incorrect error codes in rtw_debugfs_copy_from_user (bsc#1227149). - wifi: rtw88: fix incorrect error codes in rtw_debugfs_set_* (bsc#1227149). - wifi: rtw88: fix not entering PS mode after AP stops (bsc#1227149). - wifi: rtw88: fix typo rtw8822cu_probe (bsc#1227149). - wifi: rtw88: process VO packets without workqueue to avoid PTK rekey failed (bsc#1227149). - wifi: rtw88: refine register based H2C command (bsc#1227149). - wifi: rtw88: regd: configure QATAR and UK (bsc#1227149). - wifi: rtw88: regd: update regulatory map to R64-R42 (bsc#1227149). - wifi: rtw88: remove unused USB bulkout size set (bsc#1227149). - wifi: rtw88: remove unused and set but unused leftovers (bsc#1227149). - wifi: rtw88: rtw8723d: Implement RTL8723DS (SDIO) efuse parsing (bsc#1227149). - wifi: rtw88: simplify __rtw_tx_work() (bsc#1227149). - wifi: rtw88: simplify vif iterators (bsc#1227149). - wifi: rtw88: use cfg80211_ssid_eq() instead of rtw_ssid_equal() (bsc#1227149). - wifi: rtw88: use kstrtoX_from_user() in debugfs handlers (bsc#1227149). - wifi: rtw88: use struct instead of macros to set TX desc (bsc#1227149). - wifi: rtw89: 52c: rfk: disable DPK during MCC (bsc#1227149). - wifi: rtw89: 52c: rfk: refine MCC channel info notification (bsc#1227149). - wifi: rtw89: 8851b: add 8851B basic chip_info (bsc#1227149). - wifi: rtw89: 8851b: add 8851be to Makefile and Kconfig (bsc#1227149). - wifi: rtw89: 8851b: add BT coexistence support function (bsc#1227149). - wifi: rtw89: 8851b: add DLE mem and HFC quota (bsc#1227149). - wifi: rtw89: 8851b: add MAC configurations to chip_info (bsc#1227149). - wifi: rtw89: 8851b: add NCTL post table (bsc#1227149). - wifi: rtw89: 8851b: add RF configurations (bsc#1227149). - wifi: rtw89: 8851b: add TX power related functions (bsc#1227149). - wifi: rtw89: 8851b: add basic power on function (bsc#1227149). - wifi: rtw89: 8851b: add set channel function (bsc#1227149). - wifi: rtw89: 8851b: add set_channel_rf() (bsc#1227149). - wifi: rtw89: 8851b: add support WoWLAN to 8851B (bsc#1227149). - wifi: rtw89: 8851b: add to parse efuse content (bsc#1227149). - wifi: rtw89: 8851b: add to read efuse version to recognize hardware version B (bsc#1227149). - wifi: rtw89: 8851b: configure CRASH_TRIGGER feature for 8851B (bsc#1227149). - wifi: rtw89: 8851b: configure GPIO according to RFE type (bsc#1227149). - wifi: rtw89: 8851b: configure to force 1 TX power value (bsc#1227149). - wifi: rtw89: 8851b: enable hw_scan support (bsc#1227149). - wifi: rtw89: 8851b: fill BB related capabilities to chip_info (bsc#1227149). - wifi: rtw89: 8851b: rfk: Fix spelling mistake KIP_RESOTRE -> KIP_RESTORE (bsc#1227149). - wifi: rtw89: 8851b: rfk: add AACK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add DACK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add DPK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add IQK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add LCK track (bsc#1227149). - wifi: rtw89: 8851b: rfk: add RCK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add RX DCK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add TSSI (bsc#1227149). - wifi: rtw89: 8851b: rfk: update IQK to version 0x8 (bsc#1227149). - wifi: rtw89: 8851b: update RF radio A parameters to R28 (bsc#1227149). - wifi: rtw89: 8851b: update TX power tables to R28 (bsc#1227149). - wifi: rtw89: 8851b: update TX power tables to R34 (bsc#1227149). - wifi: rtw89: 8851b: update TX power tables to R37 (bsc#1227149). - wifi: rtw89: 8851be: add 8851BE PCI entry and fill PCI capabilities (bsc#1227149). - wifi: rtw89: 8852b: fix definition of KIP register number (git-fixes). - wifi: rtw89: 8852b: update TX power tables to R35 (bsc#1227149). - wifi: rtw89: 8852b: update TX power tables to R36 (bsc#1227149). - wifi: rtw89: 8852c: Fix TSSI causes transmit power inaccuracy (bsc#1227149). - wifi: rtw89: 8852c: Update bandedge parameters for better performance (bsc#1227149). - wifi: rtw89: 8852c: add quirk to set PCI BER for certain platforms (bsc#1227149). - wifi: rtw89: 8852c: declare to support two chanctx (bsc#1227149). - wifi: rtw89: 8852c: read RX gain offset from efuse for 6GHz channels (bsc#1227149). - wifi: rtw89: 8852c: update RF radio A/B parameters to R63 (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R63 with 6 GHz power type (1 of 3) (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R63 with 6 GHz power type (2 of 3) (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R63 with 6 GHz power type (3 of 3) (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R67 (bsc#1227149). - wifi: rtw89: 8922a: add 8922A basic chip info (bsc#1227149). - wifi: rtw89: 8922a: add BTG functions to assist BT coexistence to control TX/RX (bsc#1227149). - wifi: rtw89: 8922a: add NCTL pre-settings for WiFi 7 chips (bsc#1227149). - wifi: rtw89: 8922a: add RF read/write v2 (bsc#1227149). - wifi: rtw89: 8922a: add SER IMR tables (bsc#1227149). - wifi: rtw89: 8922a: add TX power related ops (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops related to BB init (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops to get thermal value (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::bb_preinit to enable BB before downloading firmware (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::cfg_txrx_path (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::rfk_hw_init (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::rfk_init_late to do initial RF calibrations later (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::{enable,disable}_bb_rf (bsc#1227149). - wifi: rtw89: 8922a: add coexistence helpers of SW grant (bsc#1227149). - wifi: rtw89: 8922a: add helper of set_channel (bsc#1227149). - wifi: rtw89: 8922a: add ieee80211_ops::hw_scan (bsc#1227149). - wifi: rtw89: 8922a: add more fields to beacon H2C command to support multi-links (bsc#1227149). - wifi: rtw89: 8922a: add power on/off functions (bsc#1227149). - wifi: rtw89: 8922a: add register definitions of H2C, C2H, page, RRSR and EDCCA (bsc#1227149). - wifi: rtw89: 8922a: add set_channel BB part (bsc#1227149). - wifi: rtw89: 8922a: add set_channel MAC part (bsc#1227149). - wifi: rtw89: 8922a: add set_channel RF part (bsc#1227149). - wifi: rtw89: 8922a: configure CRASH_TRIGGER FW feature (bsc#1227149). - wifi: rtw89: 8922a: correct register definition and merge IO for ctrl_nbtg_bt_tx() (bsc#1227149). - wifi: rtw89: 8922a: declare to support two chanctx (bsc#1227149). - wifi: rtw89: 8922a: dump MAC registers when SER occurs (bsc#1227149). - wifi: rtw89: 8922a: extend and add quota number (bsc#1227149). - wifi: rtw89: 8922a: hook handlers of TX/RX descriptors to chip_ops (bsc#1227149). - wifi: rtw89: 8922a: implement AP mode related reg for BE generation (bsc#1227149). - wifi: rtw89: 8922a: implement {stop,resume}_sch_tx and cfg_ppdu (bsc#1227149). - wifi: rtw89: 8922a: read efuse content from physical map (bsc#1227149). - wifi: rtw89: 8922a: read efuse content via efuse map struct from logic map (bsc#1227149). - wifi: rtw89: 8922a: rfk: implement chip_ops to call RF calibrations (bsc#1227149). - wifi: rtw89: 8922a: set RX gain along with set_channel operation (bsc#1227149). - wifi: rtw89: 8922a: set chip_ops FEM and GPIO to NULL (bsc#1227149). - wifi: rtw89: 8922a: set memory heap address for secure firmware (bsc#1227149). - wifi: rtw89: 8922a: update BA CAM number to 24 (bsc#1227149). - wifi: rtw89: 8922a: update the register used in DIG and the DIG flow (bsc#1227149). - wifi: rtw89: 8922ae: add 8922AE PCI entry and basic info (bsc#1227149). - wifi: rtw89: 8922ae: add v2 interrupt handlers for 8922AE (bsc#1227149). - wifi: rtw89: Add EHT rate mask as parameters of RA H2C command (bsc#1227149). - wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() (git-fixes). - wifi: rtw89: Fix clang -Wimplicit-fallthrough in rtw89_query_sar() (bsc#1227149). - wifi: rtw89: Introduce Time Averaged SAR (TAS) feature (bsc#1227149). - wifi: rtw89: Refine active scan behavior in 6 GHz (bsc#1227149). - wifi: rtw89: Set default CQM config if not present (bsc#1227149). - wifi: rtw89: TX power stuffs replace confusing naming of _max with _num (bsc#1227149). - wifi: rtw89: Update EHT PHY beamforming capability (bsc#1227149). - wifi: rtw89: acpi: process 6 GHz band policy from DSM (bsc#1227149). - wifi: rtw89: add C2H RA event V1 to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: add C2H event handlers of RFK log and report (bsc#1227149). - wifi: rtw89: add CFO XTAL registers field to support 8851B (bsc#1227149). - wifi: rtw89: add DBCC H2C to notify firmware the status (bsc#1227149). - wifi: rtw89: add EHT capabilities for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add EHT radiotap in monitor mode (bsc#1227149). - wifi: rtw89: add EVM and SNR statistics to debugfs (bsc#1227149). - wifi: rtw89: add EVM for antenna diversity (bsc#1227149). - wifi: rtw89: add H2C RA command V1 to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: add H2C command to download beacon frame for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add RSSI based antenna diversity (bsc#1227149). - wifi: rtw89: add RSSI statistics for the case of antenna diversity to debugfs (bsc#1227149). - wifi: rtw89: add XTAL SI for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add chip_info::chip_gen to determine chip generation (bsc#1227149). - wifi: rtw89: add chip_info::txwd_info size to generalize TX WD submit (bsc#1227149). - wifi: rtw89: add chip_ops::h2c_ba_cam() to configure BA CAM (bsc#1227149). - wifi: rtw89: add chip_ops::query_rxdesc() and rxd_len as helpers to support newer chips (bsc#1227149). - wifi: rtw89: add chip_ops::update_beacon to abstract update beacon operation (bsc#1227149). - wifi: rtw89: add firmware H2C command of BA CAM V1 (bsc#1227149). - wifi: rtw89: add firmware parser for v1 format (bsc#1227149). - wifi: rtw89: add firmware suit for BB MCU 0/1 (bsc#1227149). - wifi: rtw89: add function prototype for coex request duration (bsc#1227149). - wifi: rtw89: add mac_gen pointer to access mac port registers (bsc#1227149). - wifi: rtw89: add mlo_dbcc_mode for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add new H2C command to pause/sleep transmitting by MAC ID (bsc#1227149). - wifi: rtw89: add new H2C for PS mode in 802.11be chip (bsc#1227149). - wifi: rtw89: add reserved size as factor of DLE used size (bsc#1227149). - wifi: rtw89: add subband index of primary channel to struct rtw89_chan (bsc#1227149). - wifi: rtw89: add to display hardware rates v1 histogram in debugfs (bsc#1227149). - wifi: rtw89: add to fill TX descriptor for firmware command v2 (bsc#1227149). - wifi: rtw89: add to fill TX descriptor v2 (bsc#1227149). - wifi: rtw89: add to parse firmware elements of BB and RF tables (bsc#1227149). - wifi: rtw89: add to query RX descriptor format v2 (bsc#1227149). - wifi: rtw89: add tx_wake notify for 8851B (bsc#1227149). - wifi: rtw89: add wait/completion for abort scan (bsc#1227149). - wifi: rtw89: adjust init_he_cap() to add EHT cap into iftype_data (bsc#1227149). - wifi: rtw89: advertise missing extended scan feature (bsc#1227149). - wifi: rtw89: avoid stringop-overflow warning (bsc#1227149). - wifi: rtw89: call rtw89_chan_get() by vif chanctx if aware of vif (bsc#1227149). - wifi: rtw89: chan: MCC take reconfig into account (bsc#1227149). - wifi: rtw89: chan: add sub-entity swap function to cover replacing (bsc#1227149). - wifi: rtw89: chan: move handling from add/remove to assign/unassign for MLO (bsc#1227149). - wifi: rtw89: chan: support MCC on Wi-Fi 7 chips (bsc#1227149). - wifi: rtw89: chan: tweak bitmap recalc ahead before MLO (bsc#1227149). - wifi: rtw89: chan: tweak weight recalc ahead before MLO (bsc#1227149). - wifi: rtw89: change naming of BA CAM from V1 to V0_EXT (bsc#1227149). - wifi: rtw89: change qutoa to DBCC by default for WiFi 7 chips (bsc#1227149). - wifi: rtw89: change supported bandwidths of chip_info to bit mask (bsc#1227149). - wifi: rtw89: cleanup firmware elements parsing (bsc#1227149). - wifi: rtw89: cleanup private data structures (bsc#1227149). - wifi: rtw89: cleanup rtw89_iqk_info and related code (bsc#1227149). - wifi: rtw89: coex: Add Bluetooth RSSI level information (bsc#1227149). - wifi: rtw89: coex: Add Pre-AGC control to enhance Wi-Fi RX performance (bsc#1227149). - wifi: rtw89: coex: Add coexistence policy to decrease WiFi packet CRC-ERR (bsc#1227149). - wifi: rtw89: coex: Fix wrong Wi-Fi role info and FDDT parameter members (bsc#1227149). - wifi: rtw89: coex: Record down Wi-Fi initial mode information (bsc#1227149). - wifi: rtw89: coex: Reorder H2C command index to align with firmware (bsc#1227149). - wifi: rtw89: coex: Set Bluetooth scan low-priority when Wi-Fi link/scan (bsc#1227149). - wifi: rtw89: coex: Still show hardware grant signal info even Wi-Fi is PS (bsc#1227149). - wifi: rtw89: coex: To improve Wi-Fi performance while BT is idle (bsc#1227149). - wifi: rtw89: coex: Translate antenna configuration from ID to string (bsc#1227149). - wifi: rtw89: coex: Update BTG control related logic (bsc#1227149). - wifi: rtw89: coex: Update RF parameter control setting logic (bsc#1227149). - wifi: rtw89: coex: Update coexistence policy for Wi-Fi LPS (bsc#1227149). - wifi: rtw89: coex: When Bluetooth not available do not set power/gain (bsc#1227149). - wifi: rtw89: coex: add BTC ctrl_info version 7 and related logic (bsc#1227149). - wifi: rtw89: coex: add annotation __counted_by() for struct rtw89_btc_btf_set_slot_table (bsc#1227149). - wifi: rtw89: coex: add annotation __counted_by() to struct rtw89_btc_btf_set_mon_reg (bsc#1227149). - wifi: rtw89: coex: add init_info H2C command format version 7 (bsc#1227149). - wifi: rtw89: coex: add return value to ensure H2C command is success or not (bsc#1227149). - wifi: rtw89: coex: fix configuration for shared antenna for 8922A (bsc#1227149). - wifi: rtw89: coex: use struct assignment to replace memcpy() to append TDMA content (bsc#1227149). - wifi: rtw89: configure PPDU max user by chip (bsc#1227149). - wifi: rtw89: consider RX info for WiFi 7 chips (bsc#1227149). - wifi: rtw89: consolidate registers of mac port to struct (bsc#1227149). - wifi: rtw89: correct PHY register offset for PHY-1 (bsc#1227149). - wifi: rtw89: correct the DCFO tracking flow to improve CFO compensation (bsc#1227149). - wifi: rtw89: debug: add FW log component for scan (bsc#1227149). - wifi: rtw89: debug: add debugfs entry to disable dynamic mechanism (bsc#1227149). - wifi: rtw89: debug: add to check if debug mask is enabled (bsc#1227149). - wifi: rtw89: debug: remove wrapper of rtw89_debug() (bsc#1227149). - wifi: rtw89: debug: show txpwr table according to chip gen (bsc#1227149). - wifi: rtw89: debug: txpwr table access only valid page according to chip (bsc#1227149). - wifi: rtw89: debug: txpwr table supports Wi-Fi 7 chips (bsc#1227149). - wifi: rtw89: declare EXT NSS BW of VHT capability (bsc#1227149). - wifi: rtw89: declare MCC in interface combination (bsc#1227149). - wifi: rtw89: define hardware rate v1 for WiFi 7 chips (bsc#1227149). - wifi: rtw89: differentiate narrow_bw_ru_dis setting according to chip gen (bsc#1227149). - wifi: rtw89: disable RTS when broadcast/multicast (bsc#1227149). - wifi: rtw89: download firmware with five times retry (bsc#1227149). - wifi: rtw89: drop TIMING_BEACON_ONLY and sync beacon TSF by self (bsc#1227149). - wifi: rtw89: enlarge supported length of read_reg debugfs entry (bsc#1227149). - wifi: rtw89: extend PHY status parser to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: fix HW scan not aborting properly (git-fixes). - wifi: rtw89: fix HW scan timeout due to TSF sync issue (bsc#1227149). - wifi: rtw89: fix a width vs precision bug (bsc#1227149). - wifi: rtw89: fix disabling concurrent mode TX hang issue (bsc#1227149). - wifi: rtw89: fix misbehavior of TX beacon in concurrent mode (bsc#1227149). - wifi: rtw89: fix not entering PS mode after AP stops (bsc#1227149). - wifi: rtw89: fix spelling typo of IQK debug messages (bsc#1227149). - wifi: rtw89: fix typo of rtw89_fw_h2c_mcc_macid_bitmap() (bsc#1227149). - wifi: rtw89: fw: add H2C command to reset CMAC table for WiFi 7 (bsc#1227149). - wifi: rtw89: fw: add H2C command to reset DMAC table for WiFi 7 (bsc#1227149). - wifi: rtw89: fw: add H2C command to update security CAM v2 (bsc#1227149). - wifi: rtw89: fw: add checking type for variant type of firmware (bsc#1227149). - wifi: rtw89: fw: add chip_ops to update CMAC table to associated station (bsc#1227149). - wifi: rtw89: fw: add definition of H2C command and C2H event for MRC series (bsc#1227149). - wifi: rtw89: fw: add version field to BB MCU firmware element (bsc#1227149). - wifi: rtw89: fw: consider checksum length of security data (bsc#1227149). - wifi: rtw89: fw: download firmware with key data for secure boot (bsc#1227149). - wifi: rtw89: fw: extend JOIN H2C command to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: fw: extend program counter dump for Wi-Fi 7 chip (bsc#1227149). - wifi: rtw89: fw: fill CMAC table to associated station for WiFi 7 chips (bsc#1227149). - wifi: rtw89: fw: generalize download firmware flow by mac_gen pointers (bsc#1227149). - wifi: rtw89: fw: implement MRC H2C command functions (bsc#1227149). - wifi: rtw89: fw: implement supported functions of download firmware for WiFi 7 chips (bsc#1227149). - wifi: rtw89: fw: load TX power track tables from fw_element (bsc#1227149). - wifi: rtw89: fw: move polling function of firmware path ready to an individual function (bsc#1227149). - wifi: rtw89: fw: parse secure section from firmware file (bsc#1227149). - wifi: rtw89: fw: propagate an argument include_bb for BB MCU firmware (bsc#1227149). - wifi: rtw89: fw: read firmware secure information from efuse (bsc#1227149). - wifi: rtw89: fw: refine download flow to support variant firmware suits (bsc#1227149). - wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband (bsc#1227149). - wifi: rtw89: fw: update TX AMPDU parameter to CMAC table (bsc#1227149). - wifi: rtw89: fw: use struct to fill BA CAM H2C commands (bsc#1227149). - wifi: rtw89: fw: use struct to fill JOIN H2C command (bsc#1227149). - wifi: rtw89: get data rate mode/NSS/MCS v1 from RX descriptor (bsc#1227149). - wifi: rtw89: indicate TX power by rate table inside RFE parameter (bsc#1227149). - wifi: rtw89: indicate TX shape table inside RFE parameter (bsc#1227149). - wifi: rtw89: initialize antenna for antenna diversity (bsc#1227149). - wifi: rtw89: initialize multi-channel handling (bsc#1227149). - wifi: rtw89: introduce infrastructure of firmware elements (bsc#1227149). - wifi: rtw89: introduce realtek ACPI DSM method (bsc#1227149). - wifi: rtw89: introduce v1 format of firmware header (bsc#1227149). - wifi: rtw89: load BB parameters to PHY-1 (bsc#1227149). - wifi: rtw89: load RFK log format string from firmware file (bsc#1227149). - wifi: rtw89: load TX power by rate when RFE parms setup (bsc#1227149). - wifi: rtw89: load TX power related tables from FW elements (bsc#1227149). - wifi: rtw89: mac: Fix spelling mistakes 'notfify' -> 'notify' (bsc#1227149). - wifi: rtw89: mac: add coexistence helpers {cfg/get}_plt (bsc#1227149). - wifi: rtw89: mac: add feature_init to initialize BA CAM V1 (bsc#1227149). - wifi: rtw89: mac: add flags to check if CMAC and DMAC are enabled (bsc#1227149). - wifi: rtw89: mac: add mac_gen_def::band1_offset to map MAC band1 register address (bsc#1227149). - wifi: rtw89: mac: add registers of MU-EDCA parameters for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: add suffix _ax to MAC functions (bsc#1227149). - wifi: rtw89: mac: add sys_init and filter option for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: add to access efuse for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: add to get DLE reserved quota (bsc#1227149). - wifi: rtw89: mac: check queue empty according to chip gen (bsc#1227149). - wifi: rtw89: mac: correct MUEDCA setting for MAC-1 (bsc#1227149). - wifi: rtw89: mac: define internal memory address for WiFi 7 chip (bsc#1227149). - wifi: rtw89: mac: define register address of rx_filter to generalize code (bsc#1227149). - wifi: rtw89: mac: do bf_monitor only if WiFi 6 chips (bsc#1227149). - wifi: rtw89: mac: functions to configure hardware engine and quota for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: generalize code to indirectly access WiFi internal memory (bsc#1227149). - wifi: rtw89: mac: generalize register of MU-EDCA switch according to chip gen (bsc#1227149). - wifi: rtw89: mac: get TX power control register according to chip gen (bsc#1227149). - wifi: rtw89: mac: handle C2H receive/done ACK in interrupt context (bsc#1227149). - wifi: rtw89: mac: implement MRC C2H event handling (bsc#1227149). - wifi: rtw89: mac: implement to configure TX/RX engines for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: move code related to hardware engine to individual functions (bsc#1227149). - wifi: rtw89: mac: refine SER setting during WiFi CPU power on (bsc#1227149). - wifi: rtw89: mac: reset PHY-1 hardware when going to enable/disable (bsc#1227149). - wifi: rtw89: mac: return held quota of DLE when changing MAC-1 (bsc#1227149). - wifi: rtw89: mac: set bf_assoc capabilities according to chip gen (bsc#1227149). - wifi: rtw89: mac: set bfee_ctrl() according to chip gen (bsc#1227149). - wifi: rtw89: mac: update RTS threshold according to chip gen (bsc#1227149). - wifi: rtw89: mac: use mac_gen pointer to access about efuse (bsc#1227149). - wifi: rtw89: mac: use pointer to access functions of hardware engine and quota (bsc#1227149). - wifi: rtw89: mcc: consider and determine BT duration (bsc#1227149). - wifi: rtw89: mcc: deal with BT slot change (bsc#1227149). - wifi: rtw89: mcc: deal with P2P PS change (bsc#1227149). - wifi: rtw89: mcc: deal with beacon NoA if GO exists (bsc#1227149). - wifi: rtw89: mcc: decide pattern and calculate parameters (bsc#1227149). - wifi: rtw89: mcc: fill fundamental configurations (bsc#1227149). - wifi: rtw89: mcc: fix NoA start time when GO is auxiliary (bsc#1227149). - wifi: rtw89: mcc: initialize start flow (bsc#1227149). - wifi: rtw89: mcc: track beacon offset and update when needed (bsc#1227149). - wifi: rtw89: mcc: trigger FW to start/stop MCC (bsc#1227149). - wifi: rtw89: mcc: update role bitmap when changed (bsc#1227149). - wifi: rtw89: modify the register setting and the flow of CFO tracking (bsc#1227149). - wifi: rtw89: move software DCFO compensation setting to proper position (bsc#1227149). - wifi: rtw89: only reset BB/RF for existing WiFi 6 chips while starting up (bsc#1227149). - wifi: rtw89: packet offload wait for FW response (bsc#1227149). - wifi: rtw89: parse EHT information from RX descriptor and PPDU status packet (bsc#1227149). - wifi: rtw89: parse TX EHT rate selected by firmware from RA C2H report (bsc#1227149). - wifi: rtw89: parse and print out RFK log from C2H events (bsc#1227149). - wifi: rtw89: pause/proceed MCC for ROC and HW scan (bsc#1227149). - wifi: rtw89: pci: add LTR v2 for WiFi 7 chip (bsc#1227149). - wifi: rtw89: pci: add PCI generation information to pci_info for each chip (bsc#1227149). - wifi: rtw89: pci: add new RX ring design to determine full RX ring efficiently (bsc#1227149). - wifi: rtw89: pci: add pre_deinit to be called after probe complete (bsc#1227149). - wifi: rtw89: pci: correct interrupt mitigation register for 8852CE (bsc#1227149). - wifi: rtw89: pci: define PCI ring address for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: fix interrupt enable mask for HALT C2H of RTL8851B (bsc#1227149). - wifi: rtw89: pci: generalize code of PCI control DMA IO for WiFi 7 (bsc#1227149). - wifi: rtw89: pci: generalize interrupt status bits of interrupt handlers (bsc#1227149). - wifi: rtw89: pci: implement PCI CLK/ASPM/L1SS for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: implement PCI mac_post_init for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: implement PCI mac_pre_init for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: interrupt v2 refine IMR for SER (bsc#1227149). - wifi: rtw89: pci: reset BDRAM according to chip gen (bsc#1227149). - wifi: rtw89: pci: stop/start DMA for level 1 recovery according to chip gen (bsc#1227149). - wifi: rtw89: pci: update SER timer unit and timeout time (bsc#1227149). - wifi: rtw89: pci: update interrupt mitigation register for 8922AE (bsc#1227149). - wifi: rtw89: pci: use DBI function for 8852AE/8852BE/8851BE (bsc#1227149). - wifi: rtw89: pci: use gen_def pointer to configure mac_{pre,post}_init and clear PCI ring index (bsc#1227149). - wifi: rtw89: pci: validate RX tag for RXQ and RPQ (bsc#1227149). - wifi: rtw89: phy: add BB wrapper of TX power for WiFi 7 chips (bsc#1227149). - wifi: rtw89: phy: add parser to support RX gain dynamic setting flow (bsc#1227149). - wifi: rtw89: phy: add phy_gen_def::cr_base to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: phy: change naming related BT coexistence functions (bsc#1227149). - wifi: rtw89: phy: dynamically adjust EDCCA threshold (bsc#1227149). - wifi: rtw89: phy: extend TX power common stuffs for Wi-Fi 7 chips (bsc#1227149). - wifi: rtw89: phy: generalize valid bit of BSS color (bsc#1227149). - wifi: rtw89: phy: ignore special data from BB parameter file (bsc#1227149). - wifi: rtw89: phy: modify register setting of ENV_MNTR, PHYSTS and DIG (bsc#1227149). - wifi: rtw89: phy: move bb_gain_info used by WiFi 6 chips to union (bsc#1227149). - wifi: rtw89: phy: print out RFK log with formatted string (bsc#1227149). - wifi: rtw89: phy: rate pattern handles HW rate by chip gen (bsc#1227149). - wifi: rtw89: phy: refine helpers used for raw TX power (bsc#1227149). - wifi: rtw89: phy: set TX power RU limit according to chip gen (bsc#1227149). - wifi: rtw89: phy: set TX power by rate according to chip gen (bsc#1227149). - wifi: rtw89: phy: set TX power limit according to chip gen (bsc#1227149). - wifi: rtw89: phy: set TX power offset according to chip gen (bsc#1227149). - wifi: rtw89: phy: set channel_info for WiFi 7 chips (bsc#1227149). - wifi: rtw89: prepare scan leaf functions for wifi 7 ICs (bsc#1227149). - wifi: rtw89: process regulatory for 6 GHz power type (bsc#1227149). - wifi: rtw89: provide functions to configure NoA for beacon update (bsc#1227149). - wifi: rtw89: recognize log format from firmware file (bsc#1227149). - wifi: rtw89: reference quota mode when setting Tx power (bsc#1227149). - wifi: rtw89: refine H2C command that pause transmitting by MAC ID (bsc#1227149). - wifi: rtw89: refine add_chan H2C command to encode_bits (bsc#1227149). - wifi: rtw89: refine bandwidth 160MHz uplink OFDMA performance (bsc#1227149). - wifi: rtw89: refine clearing supported bands to check 2/5 GHz first (bsc#1227149). - wifi: rtw89: refine element naming used by queue empty check (bsc#1227149). - wifi: rtw89: refine hardware scan C2H events (bsc#1227149). - wifi: rtw89: refine packet offload delete flow of 6 GHz probe (bsc#1227149). - wifi: rtw89: refine packet offload handling under SER (bsc#1227149). - wifi: rtw89: refine remain on channel flow to improve P2P connection (bsc#1227149). - wifi: rtw89: refine rtw89_correct_cck_chan() by rtw89_hw_to_nl80211_band() (bsc#1227149). - wifi: rtw89: refine uplink trigger based control mechanism (bsc#1227149). - wifi: rtw89: regd: configure Thailand in regulation type (bsc#1227149). - wifi: rtw89: regd: handle policy of 6 GHz according to BIOS (bsc#1227149). - wifi: rtw89: regd: judge 6 GHz according to chip and BIOS (bsc#1227149). - wifi: rtw89: regd: judge UNII-4 according to BIOS and chip (bsc#1227149). - wifi: rtw89: regd: update regulatory map to R64-R40 (bsc#1227149). - wifi: rtw89: regd: update regulatory map to R64-R43 (bsc#1227149). - wifi: rtw89: regd: update regulatory map to R65-R44 (bsc#1227149). - wifi: rtw89: release bit in rtw89_fw_h2c_del_pkt_offload() (bsc#1227149). - wifi: rtw89: return failure if needed firmware elements are not recognized (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger DACK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger DPK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger IQK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger RX DCK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger TSSI (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger TXGAPK (bsc#1227149). - wifi: rtw89: rfk: add a completion to wait RF calibration report from C2H event (bsc#1227149). - wifi: rtw89: rfk: disable driver tracking during MCC (bsc#1227149). - wifi: rtw89: rfk: send channel information to firmware for RF calibrations (bsc#1227149). - wifi: rtw89: sar: let caller decide the center frequency to query (bsc#1227149). - wifi: rtw89: scan offload wait for FW done ACK (bsc#1227149). - wifi: rtw89: ser: L1 add pre-M0 and post-M0 states (bsc#1227149). - wifi: rtw89: ser: reset total_sta_assoc and tdls_peer when L2 (bsc#1227149). - wifi: rtw89: set TX power without precondition during setting channel (bsc#1227149). - wifi: rtw89: set capability of TX antenna diversity (bsc#1227149). - wifi: rtw89: set entry size of address CAM to H2C field by chip (bsc#1227149). - wifi: rtw89: show EHT rate in debugfs (bsc#1227149). - wifi: rtw89: support U-NII-4 channels on 5GHz band (bsc#1227149). - wifi: rtw89: support firmware log with formatted text (bsc#1227149). - wifi: rtw89: suppress the log for specific SER called CMDPSR_FRZTO (bsc#1227149). - wifi: rtw89: tweak H2C TX waiting function for SER (bsc#1227149). - wifi: rtw89: update DMA function with different generation (bsc#1227149). - wifi: rtw89: update ps_state register for chips with different generation (bsc#1227149). - wifi: rtw89: update scan C2H messages for wifi 7 IC (bsc#1227149). - wifi: rtw89: update suspend/resume for different generation (bsc#1227149). - wifi: rtw89: use PLCP information to match BSS_COLOR and AID (bsc#1227149). - wifi: rtw89: use chip_info::small_fifo_size to choose debug_mask (bsc#1227149). - wifi: rtw89: use flexible array member in rtw89_btc_btf_tlv (bsc#1227149). - wifi: rtw89: use struct and le32_get_bits to access RX info (bsc#1227149). - wifi: rtw89: use struct and le32_get_bits() to access RX descriptor (bsc#1227149). - wifi: rtw89: use struct and le32_get_bits() to access received PHY status IEs (bsc#1227149). - wifi: rtw89: use struct rtw89_phy_sts_ie0 instead of macro to access PHY IE0 status (bsc#1227149). - wifi: rtw89: use struct to access RA report (bsc#1227149). - wifi: rtw89: use struct to access firmware C2H event header (bsc#1227149). - wifi: rtw89: use struct to access register-based H2C/C2H (bsc#1227149). - wifi: rtw89: use struct to fill H2C command to download beacon frame (bsc#1227149). - wifi: rtw89: use struct to parse firmware header (bsc#1227149). - wifi: rtw89: use struct to set RA H2C command (bsc#1227149). - wifi: rtw89: wow: move release offload packet earlier for WoWLAN mode (bsc#1227149). - wifi: rtw89: wow: refine WoWLAN flows of HCI interrupts and low power mode (bsc#1227149). - wifi: rtw89: wow: set security engine options for 802.11ax chips only (bsc#1227149). - wifi: rtw89: wow: update WoWLAN reason register for different chips (bsc#1227149). - wifi: rtw89: wow: update WoWLAN status register for different generation (bsc#1227149). - wifi: rtw89: wow: update config mac function with different generation (bsc#1227149). - wifi: ti: wlcore: sdio: Drop unused include (bsc#1227149). - wifi: virt_wifi: avoid reporting connection success with wrong SSID (git-fixes). - wifi: virt_wifi: do not use strlen() in const context (git-fixes). - wifi: wcn36xx: Annotate struct wcn36xx_hal_ind_msg with __counted_by (bsc#1227149). - wifi: wcn36xx: Convert to platform remove callback returning void (bsc#1227149). - wifi: wcn36xx: remove unnecessary (void*) conversions (bsc#1227149). - wifi: wext: avoid extra calls to strlen() in ieee80211_bss() (bsc#1227149). - wifi: wfx: Use devm_kmemdup to replace devm_kmalloc + memcpy (bsc#1227149). - wifi: wfx: allow to send frames during ROC (bsc#1227149). - wifi: wfx: fix power_save setting when AP is stopped (bsc#1227149). - wifi: wfx: implement wfx_remain_on_channel() (bsc#1227149). - wifi: wfx: introduce hif_scan_uniq() (bsc#1227149). - wifi: wfx: move wfx_skb_*() out of the header file (bsc#1227149). - wifi: wfx: relocate wfx_rate_mask_to_hw() (bsc#1227149). - wifi: wfx: scan_lock is global to the device (bsc#1227149). - wifi: wfx: simplify exclusion between scan and Rx filters (bsc#1227149). - wifi: wil6210: fw: Replace zero-length arrays with DECLARE_FLEX_ARRAY() helper (bsc#1227149). - wifi: wil6210: wmi: Replace zero-length array with DECLARE_FLEX_ARRAY() helper (bsc#1227149). - wifi: wilc1000: Increase ASSOC response buffer (bsc#1227149). - wifi: wilc1000: Remove unused declarations (bsc#1227149). - wifi: wilc1000: add SPI commands retry mechanism (bsc#1227149). - wifi: wilc1000: add back-off algorithm to balance tx queue packets (bsc#1227149). - wifi: wilc1000: add missing read critical sections around vif list traversal (bsc#1227149). - wifi: wilc1000: always release SDIO host in wilc_sdio_cmd53() (bsc#1227149). - wifi: wilc1000: cleanup struct wilc_conn_info (bsc#1227149). - wifi: wilc1000: correct CRC7 calculation (bsc#1227149). - wifi: wilc1000: fix declarations ordering (bsc#1227149). - wifi: wilc1000: fix driver_handler when committing initial configuration (bsc#1227149). - wifi: wilc1000: fix ies_len type in connect path (git-fixes). - wifi: wilc1000: fix incorrect power down sequence (bsc#1227149). - wifi: wilc1000: remove AKM suite be32 conversion for external auth request (bsc#1227149). - wifi: wilc1000: remove setting msg.spi (bsc#1227149). - wifi: wilc1000: remove use of has_thrpt_enh3 flag (bsc#1227149). - wifi: wilc1000: set preamble size to auto as default in wilc_init_fw_config() (bsc#1227149). - wifi: wilc1000: simplify remain on channel support (bsc#1227149). - wifi: wilc1000: simplify wilc_scan() (bsc#1227149). - wifi: wilc1000: split deeply nested RCU list traversal in dedicated helper (bsc#1227149). - wifi: wilc1000: use SRCU instead of RCU for vif list traversal (bsc#1227149). - wifi: wilc1000: validate chip id during bus probe (bsc#1227149). - wifi: wl1251: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wl18xx: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wlcore: boot: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wlcore: main: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wlcore: sdio: Rate limit wl12xx_sdio_raw_{read,write}() failures warns (bsc#1227149). - wifi: wlcore: sdio: Use module_sdio_driver macro to simplify the code (bsc#1227149). - wifi: zd1211rw: fix typo 'tranmits' (bsc#1227149). - wifi: zd1211rw: remove __nocast from zd_addr_t (bsc#1227149). - wifi: zd1211rw: silence sparse warnings (bsc#1227149). - wlcore: spi: Remove redundant of_match_ptr() (bsc#1227149). - x86/amd_nb: Check for invalid SMN reads (git-fixes). - x86/apic: Force native_apic_mem_read() to use the MOV instruction (git-fixes). - x86/asm: Fix build of UML with KASAN (git-fixes). - x86/bhi: Avoid warning in #DB handler due to BHI mitigation :(git-fixes). - x86/boot: Ignore NMIs during very early boot (git-fixes). - x86/cpu: Provide default cache line size if not enumerated (git-fixes). - x86/csum: Fix clang -Wuninitialized in csum_partial() (git-fixes). - x86/csum: Improve performance of `csum_partial` (git-fixes). - x86/csum: Remove unnecessary odd handling (git-fixes). - x86/csum: clean up `csum_partial' further (git-fixes). - x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (git-fixes). - x86/head/64: Move the __head definition to &lt;asm/init.h> (git-fixes). - x86/insn: Add VEX versions of VPDPBUSD, VPDPBUSDS, VPDPWSSD and VPDPWSSDS (git-fixes). - x86/kconfig: Add as-instr64 macro to properly evaluate AS_WRUSS (git-fixes). - x86/resctrl: Read supported bandwidth sources from CPUID (git-fixes). - x86/resctrl: Remove redundant variable in mbm_config_write_domain() (git-fixes). - x86/shstk: Make return uprobe work with shadow stack (git-fixes). - x86/speculation, objtool: Use absolute relocations for annotations (git-fixes). - x86: Stop using weak symbols for __iowrite32_copy() (bsc#1226502) - xen/x86: add extra pages to unpopulated-alloc if available (git-fixes). - xfs: Add cond_resched to block unmap range and reflink remap path (bsc#1228211). - xfs: use roundup_pow_of_two instead of ffs during xlog_find_tail (git-fixes). - xhci: always resume roothubs if xHC was reset during resume (stable-fixes). Important SUSE bug 1194869 SUSE bug 1215199 SUSE bug 1215587 SUSE bug 1218442 SUSE bug 1218730 SUSE bug 1218820 SUSE bug 1219832 SUSE bug 1220138 SUSE bug 1220427 SUSE bug 1220430 SUSE bug 1220942 SUSE bug 1221057 SUSE bug 1221647 SUSE bug 1221654 SUSE bug 1221656 SUSE bug 1221659 SUSE bug 1222326 SUSE bug 1222328 SUSE bug 1222438 SUSE bug 1222463 SUSE bug 1222768 SUSE bug 1222775 SUSE bug 1222779 SUSE bug 1222893 SUSE bug 1223010 SUSE bug 1223021 SUSE bug 1223570 SUSE bug 1223731 SUSE bug 1223740 SUSE bug 1223778 SUSE bug 1223804 SUSE bug 1223806 SUSE bug 1223807 SUSE bug 1223813 SUSE bug 1223815 SUSE bug 1223836 SUSE bug 1223863 SUSE bug 1224414 SUSE bug 1224422 SUSE bug 1224490 SUSE bug 1224499 SUSE bug 1224512 SUSE bug 1224516 SUSE bug 1224544 SUSE bug 1224545 SUSE bug 1224589 SUSE bug 1224604 SUSE bug 1224636 SUSE bug 1224641 SUSE bug 1224743 SUSE bug 1224767 SUSE bug 1225088 SUSE bug 1225172 SUSE bug 1225272 SUSE bug 1225489 SUSE bug 1225600 SUSE bug 1225601 SUSE bug 1225711 SUSE bug 1225717 SUSE bug 1225719 SUSE bug 1225744 SUSE bug 1225745 SUSE bug 1225746 SUSE bug 1225752 SUSE bug 1225753 SUSE bug 1225757 SUSE bug 1225805 SUSE bug 1225810 SUSE bug 1225830 SUSE bug 1225835 SUSE bug 1225839 SUSE bug 1225840 SUSE bug 1225843 SUSE bug 1225847 SUSE bug 1225851 SUSE bug 1225856 SUSE bug 1225894 SUSE bug 1225895 SUSE bug 1225896 SUSE bug 1226202 SUSE bug 1226213 SUSE bug 1226502 SUSE bug 1226519 SUSE bug 1226750 SUSE bug 1226757 SUSE bug 1226783 SUSE bug 1226866 SUSE bug 1226883 SUSE bug 1226915 SUSE bug 1226993 SUSE bug 1227103 SUSE bug 1227149 SUSE bug 1227282 SUSE bug 1227362 SUSE bug 1227363 SUSE bug 1227383 SUSE bug 1227432 SUSE bug 1227433 SUSE bug 1227434 SUSE bug 1227435 SUSE bug 1227443 SUSE bug 1227446 SUSE bug 1227447 SUSE bug 1227487 SUSE bug 1227573 SUSE bug 1227626 SUSE bug 1227716 SUSE bug 1227719 SUSE bug 1227723 SUSE bug 1227730 SUSE bug 1227736 SUSE bug 1227755 SUSE bug 1227757 SUSE bug 1227762 SUSE bug 1227763 SUSE bug 1227779 SUSE bug 1227780 SUSE bug 1227783 SUSE bug 1227786 SUSE bug 1227788 SUSE bug 1227789 SUSE bug 1227797 SUSE bug 1227800 SUSE bug 1227801 SUSE bug 1227803 SUSE bug 1227806 SUSE bug 1227813 SUSE bug 1227814 SUSE bug 1227836 SUSE bug 1227855 SUSE bug 1227862 SUSE bug 1227866 SUSE bug 1227886 SUSE bug 1227899 SUSE bug 1227910 SUSE bug 1227913 SUSE bug 1227926 SUSE bug 1228090 SUSE bug 1228192 SUSE bug 1228193 SUSE bug 1228211 SUSE bug 1228269 SUSE bug 1228289 SUSE bug 1228327 SUSE bug 1228328 SUSE bug 1228403 SUSE bug 1228405 SUSE bug 1228408 SUSE bug 1228417 CVE-2023-38417 at SUSE CVE-2023-38417 at NVD CVE-2023-47210 at SUSE CVE-2023-47210 at NVD CVE-2023-51780 at SUSE CVE-2023-51780 at NVD CVE-2023-52435 at SUSE CVE-2023-52435 at NVD CVE-2023-52472 at SUSE CVE-2023-52472 at NVD CVE-2023-52751 at SUSE CVE-2023-52751 at NVD CVE-2023-52775 at SUSE CVE-2023-52775 at NVD CVE-2024-25741 at SUSE CVE-2024-25741 at NVD CVE-2024-26615 at SUSE CVE-2024-26615 at NVD CVE-2024-26623 at SUSE CVE-2024-26623 at NVD CVE-2024-26633 at SUSE CVE-2024-26633 at NVD CVE-2024-26635 at SUSE CVE-2024-26635 at NVD CVE-2024-26636 at SUSE CVE-2024-26636 at NVD CVE-2024-26641 at SUSE CVE-2024-26641 at NVD CVE-2024-26663 at SUSE CVE-2024-26663 at NVD CVE-2024-26665 at SUSE CVE-2024-26665 at NVD CVE-2024-26691 at SUSE CVE-2024-26691 at NVD CVE-2024-26734 at SUSE CVE-2024-26734 at NVD CVE-2024-26785 at SUSE CVE-2024-26785 at NVD CVE-2024-26826 at SUSE CVE-2024-26826 at NVD CVE-2024-26863 at SUSE CVE-2024-26863 at NVD CVE-2024-26944 at SUSE CVE-2024-26944 at NVD CVE-2024-27012 at SUSE CVE-2024-27012 at NVD CVE-2024-27015 at SUSE CVE-2024-27015 at NVD CVE-2024-27016 at SUSE CVE-2024-27016 at NVD CVE-2024-27019 at SUSE CVE-2024-27019 at NVD CVE-2024-27020 at SUSE CVE-2024-27020 at NVD CVE-2024-27025 at SUSE CVE-2024-27025 at NVD CVE-2024-27064 at SUSE CVE-2024-27064 at NVD CVE-2024-27065 at SUSE CVE-2024-27065 at NVD CVE-2024-27402 at SUSE CVE-2024-27402 at NVD CVE-2024-27404 at SUSE CVE-2024-27404 at NVD CVE-2024-35805 at SUSE CVE-2024-35805 at NVD CVE-2024-35853 at SUSE CVE-2024-35853 at NVD CVE-2024-35854 at SUSE CVE-2024-35854 at NVD CVE-2024-35890 at SUSE CVE-2024-35890 at NVD CVE-2024-35893 at SUSE CVE-2024-35893 at NVD CVE-2024-35899 at SUSE CVE-2024-35899 at NVD CVE-2024-35908 at SUSE CVE-2024-35908 at NVD CVE-2024-35934 at SUSE CVE-2024-35934 at NVD CVE-2024-35942 at SUSE CVE-2024-35942 at NVD CVE-2024-36003 at SUSE CVE-2024-36003 at NVD CVE-2024-36004 at SUSE CVE-2024-36004 at NVD CVE-2024-36889 at SUSE CVE-2024-36889 at NVD CVE-2024-36901 at SUSE CVE-2024-36901 at NVD CVE-2024-36902 at SUSE CVE-2024-36902 at NVD CVE-2024-36909 at SUSE CVE-2024-36909 at NVD CVE-2024-36910 at SUSE CVE-2024-36910 at NVD CVE-2024-36911 at SUSE CVE-2024-36911 at NVD CVE-2024-36912 at SUSE CVE-2024-36912 at NVD CVE-2024-36913 at SUSE CVE-2024-36913 at NVD CVE-2024-36914 at SUSE CVE-2024-36914 at NVD CVE-2024-36922 at SUSE CVE-2024-36922 at NVD CVE-2024-36930 at SUSE CVE-2024-36930 at NVD CVE-2024-36940 at SUSE CVE-2024-36940 at NVD CVE-2024-36941 at SUSE CVE-2024-36941 at NVD CVE-2024-36942 at SUSE CVE-2024-36942 at NVD CVE-2024-36944 at SUSE CVE-2024-36944 at NVD CVE-2024-36946 at SUSE CVE-2024-36946 at NVD CVE-2024-36947 at SUSE CVE-2024-36947 at NVD CVE-2024-36949 at SUSE CVE-2024-36949 at NVD CVE-2024-36950 at SUSE CVE-2024-36950 at NVD CVE-2024-36951 at SUSE CVE-2024-36951 at NVD CVE-2024-36955 at SUSE CVE-2024-36955 at NVD CVE-2024-36959 at SUSE CVE-2024-36959 at NVD CVE-2024-36974 at SUSE CVE-2024-36974 at NVD CVE-2024-38558 at SUSE CVE-2024-38558 at NVD CVE-2024-38586 at SUSE CVE-2024-38586 at NVD CVE-2024-38598 at SUSE CVE-2024-38598 at NVD CVE-2024-38604 at SUSE CVE-2024-38604 at NVD CVE-2024-38659 at SUSE CVE-2024-38659 at NVD CVE-2024-39276 at SUSE CVE-2024-39276 at NVD CVE-2024-39468 at SUSE CVE-2024-39468 at NVD CVE-2024-39472 at SUSE CVE-2024-39472 at NVD CVE-2024-39473 at SUSE CVE-2024-39473 at NVD CVE-2024-39474 at SUSE CVE-2024-39474 at NVD CVE-2024-39475 at SUSE CVE-2024-39475 at NVD CVE-2024-39479 at SUSE CVE-2024-39479 at NVD CVE-2024-39481 at SUSE CVE-2024-39481 at NVD CVE-2024-39482 at SUSE CVE-2024-39482 at NVD CVE-2024-39487 at SUSE CVE-2024-39487 at NVD CVE-2024-39490 at SUSE CVE-2024-39490 at NVD CVE-2024-39494 at SUSE CVE-2024-39494 at NVD CVE-2024-39496 at SUSE CVE-2024-39496 at NVD CVE-2024-39498 at SUSE CVE-2024-39498 at NVD CVE-2024-39502 at SUSE CVE-2024-39502 at NVD CVE-2024-39504 at SUSE CVE-2024-39504 at NVD CVE-2024-39507 at SUSE CVE-2024-39507 at NVD CVE-2024-40901 at SUSE CVE-2024-40901 at NVD CVE-2024-40906 at SUSE CVE-2024-40906 at NVD CVE-2024-40908 at SUSE CVE-2024-40908 at NVD CVE-2024-40919 at SUSE CVE-2024-40919 at NVD CVE-2024-40923 at SUSE CVE-2024-40923 at NVD CVE-2024-40925 at SUSE CVE-2024-40925 at NVD CVE-2024-40928 at SUSE CVE-2024-40928 at NVD CVE-2024-40931 at SUSE CVE-2024-40931 at NVD CVE-2024-40935 at SUSE CVE-2024-40935 at NVD CVE-2024-40937 at SUSE CVE-2024-40937 at NVD CVE-2024-40940 at SUSE CVE-2024-40940 at NVD CVE-2024-40947 at SUSE CVE-2024-40947 at NVD CVE-2024-40948 at SUSE CVE-2024-40948 at NVD CVE-2024-40953 at SUSE CVE-2024-40953 at NVD CVE-2024-40960 at SUSE CVE-2024-40960 at NVD CVE-2024-40961 at SUSE CVE-2024-40961 at NVD CVE-2024-40966 at SUSE CVE-2024-40966 at NVD CVE-2024-40970 at SUSE CVE-2024-40970 at NVD CVE-2024-40972 at SUSE CVE-2024-40972 at NVD CVE-2024-40975 at SUSE CVE-2024-40975 at NVD CVE-2024-40979 at SUSE CVE-2024-40979 at NVD CVE-2024-40998 at SUSE CVE-2024-40998 at NVD CVE-2024-40999 at SUSE CVE-2024-40999 at NVD CVE-2024-41006 at SUSE CVE-2024-41006 at NVD CVE-2024-41011 at SUSE CVE-2024-41011 at NVD CVE-2024-41013 at SUSE CVE-2024-41013 at NVD CVE-2024-41014 at SUSE CVE-2024-41014 at NVD CVE-2024-41017 at SUSE CVE-2024-41017 at NVD CVE-2024-41090 at SUSE CVE-2024-41090 at NVD CVE-2024-41091 at SUSE CVE-2024-41091 at NVD cpe:/o:opensuse:leap:15.6 Security update for shadow (Moderate) openSUSE Leap 15.6 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) Moderate SUSE bug 1228770 CVE-2013-4235 at SUSE CVE-2013-4235 at NVD cpe:/o:opensuse:leap:15.6 Security update for libnbd (Important) openSUSE Leap 15.6 This update for libnbd fixes the following issues: - CVE-2024-7383: Fixed incorrect verification of a NBD server's certificate when using TLS to connect to the server (bsc#1228872) Other fixes: - Update to version 1.18.5. Important SUSE bug 1228872 CVE-2024-7383 at SUSE CVE-2024-7383 at NVD cpe:/o:opensuse:leap:15.6 Security update for ffmpeg (Moderate) openSUSE Leap 15.6 This update for ffmpeg fixes the following issues: - CVE-2024-32230: Fixed buffer overflow due to negative-size-param bug at libavcodec/mpegvideo_enc.c in load_input_picture (bsc#1227296) Moderate SUSE bug 1227296 CVE-2024-32230 at SUSE CVE-2024-32230 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Django (Important) openSUSE Leap 15.6 This update for python-Django fixes the following issues: - CVE-2024-42005: Fixed SQL injection in QuerySet.values() and values_list() (bsc#1228629) - CVE-2024-41989: Fixed Memory exhaustion in django.utils.numberformat.floatformat() (bsc#1228630) - CVE-2024-41990: Fixed denial-of-service vulnerability in django.utils.html.urlize() (bsc#1228631) - CVE-2024-41991: Fixed another denial-of-service vulnerability in django.utils.html.urlize() (bsc#1228632) Important SUSE bug 1228629 SUSE bug 1228630 SUSE bug 1228631 SUSE bug 1228632 CVE-2024-41989 at SUSE CVE-2024-41989 at NVD CVE-2024-41990 at SUSE CVE-2024-41990 at NVD CVE-2024-41991 at SUSE CVE-2024-41991 at NVD CVE-2024-42005 at SUSE CVE-2024-42005 at NVD cpe:/o:opensuse:leap:15.6 Security update for kubernetes1.23 (Moderate) openSUSE Leap 15.6 This update for kubernetes1.23 fixes the following issues: - CVE-2021-25743: Fixed sanitization of raw data of escape, meta or control sequences before output it to terminal (bsc#1194400) Moderate SUSE bug 1194400 CVE-2021-25743 at SUSE CVE-2021-25743 at NVD cpe:/o:opensuse:leap:15.6 Security update for kubernetes1.24 (Moderate) openSUSE Leap 15.6 This update for kubernetes1.24 fixes the following issues: - CVE-2021-25743: Fixed sanitization of raw data of escape, meta or control sequences before output it to terminal (bsc#1194400) Moderate SUSE bug 1194400 CVE-2021-25743 at SUSE CVE-2021-25743 at NVD cpe:/o:opensuse:leap:15.6 Security update for ffmpeg-4 (Moderate) openSUSE Leap 15.6 This update for ffmpeg-4 fixes the following issues: - CVE-2024-32230: Fixed buffer overflow due to negative-size-param bug in load_input_picture() (bsc#1227296). - CVE-2023-51798: Fixed buffer overflow via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c (bsc#1223304). Moderate SUSE bug 1223304 SUSE bug 1227296 CVE-2023-51798 at SUSE CVE-2023-51798 at NVD CVE-2024-32230 at SUSE CVE-2024-32230 at NVD cpe:/o:opensuse:leap:15.6 Security update for ca-certificates-mozilla (Important) openSUSE Leap 15.6 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 Important SUSE bug 1220356 SUSE bug 1227525 cpe:/o:opensuse:leap:15.6 Security update for qt6-base (Important) openSUSE Leap 15.6 This update for qt6-base fixes the following issues: - CVE-2024-33861: Fixed an invalid pointer being passed as a callback which coud lead to modification of the stack (bsc#1223917) - CVE-2024-39936: Fixed information leakage due to process HTTP2 communication before encrypted() can be responded to (bsc#1227426) Important SUSE bug 1223917 SUSE bug 1227426 CVE-2024-33861 at SUSE CVE-2024-33861 at NVD CVE-2024-39936 at SUSE CVE-2024-39936 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Twisted (Important) openSUSE Leap 15.6 This update for python-Twisted fixes the following issues: - CVE-2024-41671: Fixed an information disclosure due to HTTP requests processed out-of-order (bsc#1228549) - CVE-2024-41810: Fixed reflected XSS via HTML injection in redirect response (bsc#1228552) Important SUSE bug 1228549 SUSE bug 1228552 CVE-2024-41671 at SUSE CVE-2024-41671 at NVD CVE-2024-41810 at SUSE CVE-2024-41810 at NVD cpe:/o:opensuse:leap:15.6 Security update for libqt5-qtbase (Important) openSUSE Leap 15.6 This update for libqt5-qtbase fixes the following issues: - CVE-2023-45935: Fixed NULL pointer dereference in QXcbConnection::initializeAllAtoms() due to anomalous behavior from the X server (bsc#1222120) - CVE-2024-39936: Fixed information leakage due to process HTTP2 communication before encrypted() can be responded to (bsc#1227426) Important SUSE bug 1222120 SUSE bug 1227426 CVE-2023-45935 at SUSE CVE-2023-45935 at NVD CVE-2024-39936 at SUSE CVE-2024-39936 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-41014: xfs: add bounds checking to xlog_recover_process_data (bsc#1228408). - CVE-2024-41013: xfs: do not walk off the end of a directory data block (bsc#1228405). - CVE-2024-41017: jfs: do not walk off the end of ealist (bsc#1228403). - CVE-2024-40972: ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (bsc#1227910). - CVE-2024-39276: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (bsc#1226993). - CVE-2024-40925: block: fix request.queuelist usage in flush (bsc#1227789). - CVE-2024-40998: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (bsc#1227866). - CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716). - CVE-2024-39496: btrfs: zoned: fix use-after-free due to race with dev replace (bsc#1227719). - CVE-2024-41091: tun: add missing verification for short frame (bsc#1228327). - CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328). - CVE-2024-40999: net: ena: Add validation for completion descriptors consistency (bsc#1227913). - CVE-2024-40966: kABI: tty: add the option to have a tty reject a new ldisc (bsc#1227886). - CVE-2024-40975: platform/x86: x86-android-tablets: Unregister devices in reverse order (bsc#1227926). - CVE-2024-40970: Avoid hw_desc array overrun in dw-axi-dmac (bsc#1227899). - CVE-2024-40947: ima: Avoid blocking in RCU read-side critical section (bsc#1227803). - CVE-2024-40908: bpf: Set run context for rawtp test_run callback (bsc#1227783). - CVE-2024-40960: ipv6: prevent possible NULL dereference in rt6_probe() (bsc#1227813). - CVE-2024-40935: cachefiles: flush all requests after setting CACHEFILES_DEAD (bsc#1227797). - CVE-2024-40961: ipv6: prevent possible NULL deref in fib6_nh_init() (bsc#1227814). - CVE-2024-39504: netfilter: nft_inner: validate mandatory meta and payload (bsc#1227757). - CVE-2024-41006: netrom: Fix a memory leak in nr_heartbeat_expiry() (bsc#1227862). - CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836). - CVE-2024-39507: net: hns3: fix kernel crash problem in concurrent scenario (bsc#1227730). - CVE-2024-40940: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail (bsc#1227800). - CVE-2024-40928: net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool() (bsc#1227788). - CVE-2024-26944: btrfs: zoned: fix lock ordering in btrfs_zone_activate() (bsc#1223731). - CVE-2024-40923: vmxnet3: disable rx data ring on dma allocation failure (bsc#1227786). - CVE-2024-40931: mptcp: ensure snd_una is properly initialized on connect (bsc#1227780). - CVE-2024-40919: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() (bsc#1227779). - CVE-2024-39487: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (bsc#1227573) - CVE-2024-35908: tls: get psock ref after taking rxlock to avoid leak (bsc#1224490) - CVE-2024-35899: netfilter: nf_tables: flush pending destroy work before exit_net release (bsc#1224499) - CVE-2024-35934: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (bsc#1224641) - CVE-2024-35893: net/sched: act_skbmod: prevent kernel-infoleak (bsc#1224512) - CVE-2024-40901: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (bsc#1227762). - CVE-2024-39472: xfs: fix log recovery buffer allocation for the legacy h_size fixup (bsc#1227432). - CVE-2024-40953: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (bsc#1227806). - CVE-2024-27404: mptcp: fix data races on remote_id (bsc#1224422) - CVE-2024-27020: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (bsc#1223815) - CVE-2024-27019: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (bsc#1223813) - CVE-2024-40948: mm/page_table_check: fix crash on ZONE_DEVICE (bsc#1227801). - CVE-2024-35890: gro: fix ownership transfer (bsc#1224516). - CVE-2024-36902: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (bsc#1225719). - CVE-2024-36946: phonet: fix rtm_phonet_notify() skb allocation (bsc#1225851). - CVE-2024-38586: r8169: Fix possible ring buffer corruption on fragmented Tx packets (bsc#1226750). - CVE-2024-39468: smb: client: fix deadlock in smb2_find_smb_tcon() (bsc#1227103. - CVE-2024-40906: net/mlx5: Always stop health timer during driver removal (bsc#1227763). - CVE-2024-27012: netfilter: nf_tables: restore set elements when delete set fails (bsc#1223804). - CVE-2024-39498: drm/mst: Fix NULL pointer dereference at drm_dp_add_payload_part2 (bsc#1227723) - CVE-2024-39502: ionic: fix use after netif_napi_del() (bsc#1227755). - CVE-2024-27016: netfilter: flowtable: validate pppoe header (bsc#1223807). - CVE-2024-36901: ipv6: prevent NULL dereference in ip6_output() (bsc#1225711) - CVE-2024-36004: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1224545) - CVE-2024-27025: nbd: null check for nla_nest_start (bsc#1223778) - CVE-2024-35853: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (bsc#1224604). - CVE-2024-35854: Fixed possible use-after-free during rehash (bsc#1224636). - CVE-2024-27402: phonet/pep: fix racy skb_queue_empty() use (bsc#1224414). - CVE-2023-52435: net: prevent mss overflow in skb_segment() (bsc#1220138). - CVE-2024-27065: netfilter: nf_tables: do not compare internal table flags on updates (bsc#1223836). - CVE-2024-27015: netfilter: flowtable: incorrect pppoe tuple (bsc#1223806). - CVE-2024-27064: netfilter: nf_tables: Fix a memory leak in nf_tables_updchain (bsc#1223740). - CVE-2024-26663: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (bsc#1222326). - CVE-2023-47210: wifi: iwlwifi: bump FW API to 90 for BZ/SC devices (bsc#1225601, bsc#1225600). - CVE-2023-52775: net/smc: avoid data corruption caused by decline (bsc#1225088). - CVE-2024-38558: net: openvswitch: fix overwriting ct original tuple for ICMPv6 (bsc#1226783). - CVE-2024-39490: ipv6: sr: fix missing sk_buff release in seg6_input_core (bsc#1227626). - CVE-2024-26826: mptcp: fix data re-injection from stale subflow (bsc#1223010). - CVE-2024-26615: net/smc: fix illegal rmb_desc access in SMC-D connection dump (bsc#1220942). - CVE-2024-35942: pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain (bsc#1224589). - CVE-2024-26691: KVM: arm64: Fix circular locking dependency (bsc#1222463). - CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744). - CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717). - CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745). - CVE-2024-36912: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752). - CVE-2024-36913: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753). - CVE-2024-26665: tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328). - CVE-2024-38659: enic: Validate length of nl attributes in enic_set_vf_port (bsc#1226883). - CVE-2023-52751: smb: client: fix use-after-free in smb2_query_info_compound() (bsc#1225489). - CVE-2024-39482: bcache: fix variable length array abuse in btree_iter (bsc#1227447). - CVE-2024-39474: mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL (bsc#1227434). - CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659). - CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656). - CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757). - CVE-2024-36003: ice: fix LAG and VF lock dependency in ice_reset_vf() (bsc#1224544). - CVE-2024-38604: block: refine the EOF check in blkdev_iomap_begin (bsc#1226866). - CVE-2024-26641: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (bsc#1221654). - CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021). - CVE-2024-26633: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (bsc#1221647). - CVE-2024-26623: pds_core: Prevent race issues involving the adminq (bsc#1221057). - CVE-2024-26785: iommufd: Fix protection fault in iommufd_test_syz_conv_iova (bsc#1222779). - CVE-2024-26734: devlink: fix possible use-after-free and memory leaks in devlink_init() (bsc#1222438). - CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743). - CVE-2024-39371: io_uring: check for non-NULL file pointer in io_file_can_poll() (bsc#1226990). - CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098). - CVE-2024-38610: drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() (bsc#1226758). - CVE-2024-37354: btrfs: fix crash on racing fsync and size-extending write into prealloc (bsc#1227101). - CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767). - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785). - CVE-2024-38570: gfs2: Fix potential glock use-after-free on unmount (bsc#1226775). - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732). - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611). - CVE-2024-37353: virtio: fixed a double free in vp_del_vqs() (bsc#1226875). - CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994). - CVE-2024-35843: iommu/vt-d: Use device rbtree in iopf reporting path (bsc#1224751). - CVE-2024-37078: nilfs2: fix potential kernel bug due to lack of writeback flag waiting (bsc#1227066). - CVE-2024-35247: fpga: region: add owner module and take its refcount (bsc#1226948). - CVE-2024-36479: fpga: bridge: add owner module and take its refcount (bsc#1226949). - CVE-2024-37021: fpga: manager: add owner module and take its refcount (bsc#1226950). - CVE-2024-36281: net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules (bsc#1226799). - CVE-2024-38580: epoll: be better about file lifetimes (bsc#1226610). - CVE-2024-36478: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (bsc#1226841). - CVE-2024-38636: f2fs: multidev: fix to recognize valid zero block address (bsc#1226879). - CVE-2024-38661: s390/ap: Fix crash in AP internal function modify_bitmap() (bsc#1226996). - CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789). - CVE-2024-38566: bpf: Fix verifier assumptions about socket->sk (bsc#1226790). - CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786). - CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514). - CVE-2024-36917: block: fix overflow in blk_ioctl_discard() (bsc#1225770). - CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519). - CVE-2024-38627: stm class: Fix a double free in stm_register_device() (bsc#1226857). - CVE-2024-38603: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() (bsc#1226842). - CVE-2024-38553: net: fec: remove .ndo_poll_controller to avoid deadlock (bsc#1226744). - CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607). - CVE-2024-38556: net/mlx5: Add a timeout to acquire the command queue semaphore (bsc#1226774). - CVE-2024-38557: net/mlx5: Reload only IB representors upon lag disable/enable (bsc#1226781). - CVE-2024-38608: net/mlx5e: Fix netif state handling (bsc#1226746). - CVE-2024-38597: eth: sungem: remove .ndo_poll_controller to avoid deadlocks (bsc#1226749). - CVE-2024-38594: net: stmmac: move the EST lock to struct stmmac_priv (bsc#1226734). - CVE-2024-38569: drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group (bsc#1226772). - CVE-2024-38568: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group (bsc#1226771). - CVE-2024-26814: vfio/fsl-mc: Block calling interrupt handler without trigger (bsc#1222810). - CVE-2024-26813: vfio/platform: Create persistent IRQ handlers (bsc#1222809). - CVE-2024-36945: net/smc: fix neighbour and rtable leak in smc_ib_find_route() (bsc#1225823). - CVE-2024-36923: fs/9p: fix uninitialized values during inode evict (bsc#1225815). - CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145). - CVE-2024-27414: rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back (bsc#1224439). - CVE-2024-35900: netfilter: nf_tables: reject new basechain after table flag update (bsc#1224497). - CVE-2024-35886: ipv6: Fix infinite recursion in fib6_dump_done() (bsc#1224670). - CVE-2024-36024: drm/amd/display: Disable idle reallow as part of command/gpint execution (bsc#1225702). - CVE-2024-36903: ipv6: Fix potential uninit-value access in __ip6_make_skb() (bsc#1225741). - CVE-2024-36914: drm/amd/display: Skip on writeback when it's not applicable (bsc#1225757). - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737). - CVE-2024-35979: raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1224572). - CVE-2024-35807: ext4: fix corruption during on-line resize (bsc#1224735). - CVE-2023-52622: ext4: avoid online resizing failures due to oversized flex bg (bsc#1222080). - CVE-2023-52843: llc: verify mac len before reading mac header (bsc#1224951). - CVE-2024-35898: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (bsc#1224498). - CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758). - CVE-2024-36017: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (bsc#1225681). - CVE-2024-36882: mm: use memalloc_nofs_save() in page_cache_ra_order() (bsc#1225723). - CVE-2024-36916: blk-iocost: avoid out of bounds shift (bsc#1225759). - CVE-2024-36900: net: hns3: fix kernel crash when devlink reload during initialization (bsc#1225726). - CVE-2023-52787: blk-mq: make sure active queue usage is held for bio_integrity_prep() (bsc#1225105). - CVE-2024-35925: block: prevent division by zero in blk_rq_stat_sum() (bsc#1224661). - CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935). - CVE-2023-52786: ext4: fix racy may inline data check in dio write (bsc#1224939). - CVE-2024-36934: bna: ensure the copied buf is NUL terminated (bsc#1225760). - CVE-2024-36935: ice: ensure the copied buf is NUL terminated (bsc#1225763). - CVE-2024-36937: xdp: use flags field to disambiguate broadcast redirect (bsc#1225834). - CVE-2023-52672: pipe: wakeup wr_wait after setting max_usage (bsc#1224614). - CVE-2023-52845: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (bsc#1225585). - CVE-2024-36005: netfilter: nf_tables: honor table dormant flag from netdev release event path (bsc#1224539). - CVE-2024-26845: scsi: target: core: Add TMF to tmr_list handling (bsc#1223018). - CVE-2024-35892: net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() (bsc#1224515). - CVE-2024-35848: eeprom: at24: fix memory corruption race condition (bsc#1224612). - CVE-2024-35884: udp: do not accept non-tunnel GSO skbs landing in a tunnel (bsc#1224520). - CVE-2024-35857: icmp: prevent possible NULL dereferences from icmp_build_probe() (bsc#1224619). - CVE-2023-52735: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself (bsc#1225475). - CVE-2024-35926: crypto: iaa - Fix async_disable descriptor leak (bsc#1224655). - CVE-2024-35976: Validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (bsc#1224575). - CVE-2024-36938: Fixed NULL pointer dereference in sk_psock_skb_ingress_enqueue (bsc#1225761). - CVE-2024-36008: ipv4: check for NULL idev in ip_route_use_hint() (bsc#1224540). - CVE-2024-35998: Fixed lock ordering potential deadlock in cifs_sync_mid_result (bsc#1224549). - CVE-2023-52757: Fixed potential deadlock when releasing mids (bsc#1225548). - CVE-2024-27419: Fixed data-races around sysctl_net_busy_read (bsc#1224759) - CVE-2024-36957: octeontx2-af: avoid off-by-one read from userspace (bsc#1225762). - CVE-2024-26625: Call sock_orphan() at release time (bsc#1221086) - CVE-2024-35880: io_uring/kbuf: hold io_buffer_list reference over mmap (bsc#1224523). - CVE-2024-35831: io_uring: Fix release of pinned pages when __io_uaddr_map fails (bsc#1224698). - CVE-2024-35827: io_uring/net: fix overflow check in io_recvmsg_mshot_prep() (bsc#1224606). - CVE-2023-52656: Dropped any code related to SCM_RIGHTS (bsc#1224187). - CVE-2023-52699: sysv: don't call sb_bread() with pointers_lock held (bsc#1224659). The following non-security bugs were fixed: - ACPI: EC: Abort address space access upon error (stable-fixes). - ACPI: EC: Avoid returning AE_OK on errors in address space handler (stable-fixes). - ACPI: EC: Evaluate orphan _REG under EC device (git-fixes). - ACPI: EC: Install address space handler at the namespace root (stable-fixes). - ACPI: processor_idle: Fix invalid comparison with insertion sort for latency (git-fixes). - ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx (stable-fixes). - ACPI: x86: Add PNP_UART1_SKIP quirk for Lenovo Blade2 tablets (stable-fixes). - ACPI: x86: Force StorageD3Enable on more products (stable-fixes). - ACPICA: Revert 'ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.' (git-fixes). - ALSA/hda: intel-dsp-config: Document AVS as dsp_driver option (git-fixes). - ALSA: PCM: Allow resume only for suspended streams (stable-fixes). - ALSA: dmaengine: Synchronize dma channel after drop() (stable-fixes). - ALSA: dmaengine_pcm: terminate dmaengine before synchronize (stable-fixes). - ALSA: emux: improve patch ioctl data validation (stable-fixes). - ALSA: hda/conexant: Mute speakers at suspend / shutdown (bsc#1228269). - ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown (bsc#1228269). - ALSA: hda/realtek: Add more codec ID to no shutup pins list (stable-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14AHP9 (stable-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14ARP8 (stable-fixes). - ALSA: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes). - ALSA: hda/realtek: Enable headset mic on IdeaPad 330-17IKB 81DM (git-fixes). - ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 (stable-fixes). - ALSA: hda/realtek: Fix conflicting quirk for PCI SSID 17aa:3820 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (stable-fixes). - ALSA: hda/realtek: Limit mic boost on N14AP7 (stable-fixes). - ALSA: hda/realtek: Limit mic boost on VAIO PRO PX (stable-fixes). - ALSA: hda/realtek: Remove Framework Laptop 16 from quirks (git-fixes). - ALSA: hda/realtek: Support Lenovo Thinkbook 13x Gen 4 (stable-fixes). - ALSA: hda/realtek: Support Lenovo Thinkbook 16P Gen 5 (stable-fixes). - ALSA: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes). - ALSA: hda/realtek: cs35l41: Fixup remaining asus strix models (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for EliteBook 645/665 G11 (stable-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for ProBook 445/465 G11 (stable-fixes). - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx (stable-fixes). - ALSA: hda/tas2781: Add new quirk for Lenovo Hera2 Laptop (stable-fixes). - ALSA: hda: cs35l41: Component should be unbound before deconstruction (git-fixes). - ALSA: hda: cs35l41: Fix swapped l/r audio channels for Lenovo ThinBook 13x Gen4 (git-fixes). - ALSA: hda: cs35l41: Possible null pointer dereference in cs35l41_hda_unbind() (git-fixes). - ALSA: hda: cs35l41: Support Lenovo Thinkbook 13x Gen 4 (stable-fixes). - ALSA: hda: cs35l41: Support Lenovo Thinkbook 16P Gen 5 (stable-fixes). - ALSA: hda: cs35l56: Component should be unbound before deconstruction (git-fixes). - ALSA: hda: cs35l56: Fix lifecycle of codec pointer (stable-fixes). - ALSA: hda: tas2781: Component should be unbound before deconstruction (git-fixes). - ALSA: pcm_dmaengine: Do not synchronize DMA channel when DMA is paused (git-fixes). - ALSA: seq: Fix missing MSB in MIDI2 SPP conversion (git-fixes). - ALSA: seq: Fix missing channel at encoding RPN/NRPN MIDI2 messages (git-fixes). - ALSA: seq: ump: Fix missing System Reset message handling (git-fixes). - ALSA: seq: ump: Skip useless ports for static blocks (git-fixes). - ALSA: ump: Do not update FB name for static blocks (git-fixes). - ALSA: ump: Force 1 Group for MIDI1 FBs (git-fixes). - ALSA: usb-audio: Add a quirk for Sonix HD USB Camera (stable-fixes). - ALSA: usb-audio: Fix microphone sound on HD webcam (stable-fixes). - ALSA: usb-audio: Move HD Webcam quirk to the right place (git-fixes). - ASoC: Intel: common: add ACPI matching tables for Arrow Lake (stable-fixes). - ASoC: Intel: sof-sdw: really remove FOUR_SPEAKER quirk (git-fixes). - ASoC: Intel: sof_sdw: add JD2 quirk for HP Omen 14 (stable-fixes). - ASoC: Intel: sof_sdw: add quirk for Dell SKU 0C0F (stable-fixes). - ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable (git-fixes). - ASoC: SOF: Intel: hda-pcm: Limit the maximum number of periods by MAX_BDL_ENTRIES (stable-fixes). - ASoC: SOF: Intel: hda: fix null deref on system suspend entry (git-fixes). - ASoC: SOF: imx8m: Fix DSP control regmap retrieval (git-fixes). - ASoC: SOF: ipc4-topology: Preserve the DMA Link ID for ChainDMA on unprepare (git-fixes). - ASoC: SOF: ipc4-topology: Use correct queue_id for requesting input pin format (stable-fixes). - ASoC: SOF: pcm: Restrict DSP D0i3 during S0ix to IPC3 (stable-fixes). - ASoC: SOF: sof-audio: Skip unprepare for in-use widgets on error rollback (stable-fixes). - ASoC: TAS2781: Fix tasdev_load_calibrated_data() (git-fixes). - ASoC: amd: Adjust error handling in case of absent codec device (git-fixes). - ASoC: amd: acp: add a null check for chip_pdev structure (git-fixes). - ASoC: amd: acp: remove i2s configuration check in acp_i2s_probe() (git-fixes). - ASoC: amd: yc: Fix non-functional mic on ASUS M5602RA (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E16 Gen 2 (bsc#1228269). - ASoC: cs35l56: Accept values greater than 0 as IRQ numbers (git-fixes). - ASoC: fsl-asoc-card: set priv->pdev before using it (git-fixes). - ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value (git-fixes). - ASoC: max98088: Check for clk_prepare_enable() error (git-fixes). - ASoC: q6apm-lpass-dai: close graph on prepare errors (git-fixes). - ASoC: qcom: Adjust issues in case of DT error in asoc_qcom_lpass_cpu_platform_probe() (git-fixes). - ASoC: rockchip: i2s-tdm: Fix trcm mode by setting clock on right mclk (git-fixes). - ASoC: rt711-sdw: add missing readable registers (stable-fixes). - ASoC: rt722-sdca-sdw: add debounce time for type detection (stable-fixes). - ASoC: rt722-sdca-sdw: add silence detection register as volatile (stable-fixes). - ASoC: sof: amd: fix for firmware reload failure in Vangogh platform (git-fixes). - ASoC: ti: davinci-mcasp: Set min period size using FIFO config (stable-fixes). - ASoC: ti: omap-hdmi: Fix too long driver name (stable-fixes). - ASoC: topology: Do not assign fields that are already set (stable-fixes). - ASoC: topology: Fix references to freed memory (stable-fixes). - ASoc: tas2781: Enable RCA-based playback without DSP firmware download (git-fixes). - Bluetooth: ISO: Check socket flag instead of hcon (git-fixes). - Bluetooth: ISO: Fix BIS cleanup (stable-fixes). - Bluetooth: Ignore too large handle values in BIG (git-fixes). - Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ (git-fixes). - Bluetooth: Remove usage of the deprecated ida_simple_xx() API (stable-fixes). - Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl (stable-fixes). - Bluetooth: btintel: Refactor btintel_set_ppag() (git-fixes). - Bluetooth: btnxpuart: Add handling for boot-signature timeout errors (git-fixes). - Bluetooth: btnxpuart: Enable Power Save feature on startup (stable-fixes). - Bluetooth: hci_bcm4377: Fix msgid release (git-fixes). - Bluetooth: hci_bcm4377: Use correct unit for timeouts (git-fixes). - Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (stable-fixes). - Bluetooth: hci_event: Fix setting of unicast qos interval (git-fixes). - Bluetooth: hci_event: Remove code to removed CONFIG_BT_HS (stable-fixes). - Bluetooth: hci_event: Set QoS encryption from BIGInfo report (git-fixes). - Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot (git-fixes). - Bluetooth: qca: set power_ctrl_enabled on NULL returned by gpiod_get_optional() (git-fixes). - Enable CONFIG_SCHED_CLUSTER=y on arm64 (jsc#PED-8701). - HID: Add quirk for Logitech Casa touchpad (stable-fixes). - HID: Ignore battery for ELAN touchscreens 2F2C and 4116 (stable-fixes). - HID: core: remove unnecessary WARN_ON() in implement() (git-fixes). - HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() (git-fixes). - HID: mcp-2221: cancel delayed_work only when CONFIG_IIO is enabled (stable-fixes). - HID: wacom: Modify pen IDs (git-fixes). - Input: ads7846 - use spi_device_id table (stable-fixes). - Input: elan_i2c - do not leave interrupt disabled on suspend failure (git-fixes). - Input: elantech - fix touchpad state on resume for Lenovo N24 (stable-fixes). - Input: ff-core - prefer struct_size over open coded arithmetic (stable-fixes). - Input: i8042 - add Ayaneo Kun to i8042 quirk table (stable-fixes). - Input: ili210x - fix ili251x_read_touch_data() return value (git-fixes). - Input: qt1050 - handle CHIP_ID reading error (git-fixes). - Input: silead - Always support 10 fingers (stable-fixes). - Input: xpad - add support for ASUS ROG RAIKIRI (git-fixes). - Input: xpad - add support for ASUS ROG RAIKIRI PRO (stable-fixes). - KVM: SEV-ES: Delegate LBR virtualization to the processor (git-fixes). - KVM: SEV-ES: Disallow SEV-ES guests when X86_FEATURE_LBRV is absent (git-fixes). - KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked (git-fixes). - KVM: arm64: Use local TLBI on permission relaxation (bsc#1219478). - KVM: x86/pmu: Prioritize VMX interception over #GP on RDPMC due to bad index (bsc#1226158). - KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC routes (git-fixes). - KVM: x86: Do not advertise guest.MAXPHYADDR as host.MAXPHYADDR in CPUID (git-fixes). - NFS: Fix READ_PLUS when server does not support OP_READ_PLUS (git-fixes). - NFS: abort nfs_atomic_open_v23 if name is too long (bsc#1219847). - NFS: add atomic_open for NFSv3 to handle O_TRUNC correctly (bsc#1219847). - NFS: add barriers when testing for NFS_FSDATA_BLOCKED (git-fixes). - NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226). - NFSD: Fix checksum mismatches in the duplicate reply cache (git-fixes). - NFSv4.1 enforce rootpath check in fs_location query (git-fixes). - NFSv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362). - NFSv4: Fixup smatch warning for ambiguous return (git-fixes). - PCI/ASPM: Update save_state when configuration changes (bsc#1226915) - PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal (git-fixes). - PCI/MSI: Fix UAF in msi_capability_init (git-fixes). - PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (stable-fixes). - PCI: Clear Secondary Status errors after enumeration (bsc#1226928) - PCI: Do not wait for disconnected devices when resuming (git-fixes). - PCI: Extend ACS configurability (bsc#1228090). - PCI: Fix resource double counting on remove & rescan (git-fixes). - PCI: Introduce cleanup helpers for device reference counts and locks (stable-fixes). - PCI: dw-rockchip: Fix initial PERST# GPIO value (git-fixes). - PCI: dwc: Fix index 0 incorrectly being interpreted as a free ATU slot (git-fixes). - PCI: endpoint: Clean up error handling in vpci_scan_bus() (git-fixes). - PCI: endpoint: Fix error handling in epf_ntb_epc_cleanup() (git-fixes). - PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init() (git-fixes). - PCI: keystone: Do not enable BAR 0 for AM654x (git-fixes). - PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() (git-fixes). - PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode() (git-fixes). - PCI: qcom-ep: Disable resources unconditionally during PERST# assert (git-fixes). - PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() (git-fixes). - PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (git-fixes). - PCI: tegra194: Set EP alignment restriction for inbound ATU (git-fixes). - PCI: vmd: Create domain symlink before pci_bus_add_devices() (bsc#1227363). - RAS/AMD/ATL: Fix MI300 bank hash (bsc#1225300). - RAS/AMD/ATL: Use system settings for MI300 DRAM to normalized address translation (bsc#1225300). - RDMA/bnxt_re: Fix the max msix vectors macro (git-fixes) - RDMA/mana_ib: Ignore optional access flags for MRs (git-fixes). - RDMA/mlx5: Add check for srq max_sge attribute (git-fixes) - RDMA/mlx5: Ensure created mkeys always have a populated rb_key (git-fixes) - RDMA/mlx5: Fix unwind flow as part of mlx5_ib_stage_init_init (git-fixes) - RDMA/mlx5: Follow rb_key.ats when creating new mkeys (git-fixes) - RDMA/mlx5: Remove extra unlock on error path (git-fixes) - RDMA/restrack: Fix potential invalid address access (git-fixes) - RDMA/rxe: Fix data copy for IB_SEND_INLINE (git-fixes) - RDMA/rxe: Fix responder length checking for UD request packets (git-fixes) - SUNRPC: Fix gss_free_in_token_pages() (git-fixes). - SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (git-fixes). - SUNRPC: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272). - SUNRPC: return proper error from gss_wrap_req_priv (git-fixes). - Temporarily drop KVM patch that caused a regression (bsc#1226158) - USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (stable-fixes). - USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (git-fixes). - USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (git-fixes). - USB: serial: mos7840: fix crash on resume (git-fixes). - USB: serial: option: add Fibocom FM350-GL (stable-fixes). - USB: serial: option: add Netprisma LCUK54 series modules (stable-fixes). - USB: serial: option: add Rolling RW350-GL variants (stable-fixes). - USB: serial: option: add Telit FN912 rmnet compositions (stable-fixes). - USB: serial: option: add Telit generic core-dump composition (stable-fixes). - USB: serial: option: add support for Foxconn T99W651 (stable-fixes). - USB: xen-hcd: Traverse host/ when CONFIG_USB_XEN_HCD is selected (git-fixes). - X.509: Fix the parser of extended key usage for length (bsc#1218820). - arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502) - arm64/io: add constant-argument check (bsc#1226502 git-fixes) - arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (git-fixes). - arm64: dts: freescale: imx8mm-verdin: enable hysteresis on slow input (git-fixes) - arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes) - arm64: dts: imx93-11x11-evk: Remove the 'no-sdio' property (git-fixes) - arm64: dts: rockchip: Add mdio and ethernet-phy nodes to (git-fixes) - arm64: dts: rockchip: Add missing power-domains for rk356x vop_mmu (git-fixes) - arm64: dts: rockchip: Add pinctrl for UART0 to rk3308-rock-pi-s (git-fixes) - arm64: dts: rockchip: Add sdmmc related properties on (git-fixes) - arm64: dts: rockchip: Add sound-dai-cells for RK3368 (git-fixes) - arm64: dts: rockchip: Drop invalid mic-in-differential on (git-fixes) - arm64: dts: rockchip: Fix SD NAND and eMMC init on rk3308-rock-pi-s (git-fixes) - arm64: dts: rockchip: Fix mic-in-differential usage on (git-fixes) - arm64: dts: rockchip: Fix mic-in-differential usage on rk3566-roc-pc (git-fixes) - arm64: dts: rockchip: Fix the DCDC_REG2 minimum voltage on Quartz64 (git-fixes) - arm64: dts: rockchip: Fix the value of `dlg,jack-det-rate` mismatch (git-fixes) - arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes) - arm64: dts: rockchip: Rename LED related pinctrl nodes on (git-fixes) - arm64: dts: rockchip: Update WIFi/BT related nodes on (git-fixes) - arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes) - arm64: mm: Batch dsb and isb when populating pgtables (jsc#PED-8688). - arm64: mm: Do not remap pgtables for allocate vs populate (jsc#PED-8688). - arm64: mm: Do not remap pgtables per-cont(pte|pmd) block (jsc#PED-8688). - ata,scsi: libata-core: Do not leak memory for ata_port struct members (git-fixes). - ata: ahci: Clean up sysfs file on error (git-fixes). - ata: libata-core: Fix double free on error (git-fixes). - ata: libata-core: Fix null pointer dereference on error (git-fixes). - ata: libata-scsi: Fix offsets for the fixed format sense data (git-fixes). - auxdisplay: ht16k33: Drop reference after LED registration (git-fixes). - ax25: Fix refcount imbalance on inbound connections (git-fixes). - batman-adv: Do not accept TT entries for out-of-spec VIDs (git-fixes). - batman-adv: bypass empty buckets in batadv_purge_orig_ref() (stable-fixes). - block: Move checking GENHD_FL_NO_PART to bdev_add_partition() (bsc#1226213). - bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX (git-fixes). - bpf: check bpf_func_state->callback_depth when pruning states (bsc#1225903). - bpf: correct loop detection for iterators convergence (bsc#1225903). - bpf: exact states comparison for iterator convergence checks (bsc#1225903). - bpf: extract __check_reg_arg() utility function (bsc#1225903). - bpf: extract same_callsites() as utility function (bsc#1225903). - bpf: extract setup_func_entry() utility function (bsc#1225903). - bpf: keep track of max number of bpf_loop callback iterations (bsc#1225903). - bpf: move explored_state() closer to the beginning of verifier.c (bsc#1225903). - bpf: print full verifier states on infinite loop detection (bsc#1225903). - bpf: verify callbacks as if they are called unknown number of times (bsc#1225903). - bpf: widening for callback iterators (bsc#1225903). - bus: mhi: host: allow MHI client drivers to provide the firmware via a pointer (bsc#1227149). - bytcr_rt5640 : inverse jack detect for Archos 101 cesium (stable-fixes). - cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd (git-fixes). - cachefiles: remove requests from xarray during flushing requests (bsc#1226588). - can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (git-fixes). - can: kvaser_usb: fix return value for hif_usb_send_regout (stable-fixes). - can: mcp251xfd: fix infinite loop when xmit fails (git-fixes). - cdrom: rearrange last_media_change check to avoid unintentional overflow (stable-fixes). - ceph: add ceph_cap_unlink_work to fire check_caps() immediately (bsc#1226022). - ceph: always check dir caps asynchronously (bsc#1226022). - ceph: always queue a writeback when revoking the Fb caps (bsc#1226022). - ceph: break the check delayed cap loop every 5s (bsc#1226022). - ceph: fix incorrect kmalloc size of pagevec mempool (bsc#1228417). - ceph: switch to use cap_delay_lock for the unlink delay list (bsc#1226022). - char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (git-fixes). - checkpatch: really skip LONG_LINE_* when LONG_LINE is ignored (git-fixes). - cifs: Add a laundromat thread for cached directories (git-fixes, bsc#1225172). - clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use (git-fixes). - clk: mediatek: mt8183: Only enable runtime PM on mt8183-mfgcfg (git-fixes). - clk: qcom: clk-alpha-pll: set ALPHA_EN bit for Stromer Plus PLLs (git-fixes). - clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents (git-fixes). - clkdev: Update clkdev id usage to allow for longer names (stable-fixes). - config/arm64: Enable CoreSight PMU drivers (bsc#1228289 jsc#PED-7859) - counter: ti-eqep: enable clock at probe (git-fixes). - cpufreq/amd-pstate: Fix the scaling_max_freq setting on shared memory CPPC systems (git-fixes). - cpufreq: amd-pstate: Fix the inconsistency in max frequency units (git-fixes). - cpufreq: amd-pstate: fix memory leak on CPU EPP exit (stable-fixes). - cpufreq: ti-cpufreq: Handle deferred probe with dev_err_probe() (git-fixes). - crypto/ecdh: make ecdh_compute_value() to zeroize the public key (bsc#1222768). - crypto/ecdsa: make ecdsa_ecc_ctx_deinit() to zeroize the public key (bsc#1222768). - crypto: aead,cipher - zeroize key buffer after use (stable-fixes). - crypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked (git-fixes). - crypto: deflate - Add aliases to deflate (bsc#1227190). - crypto: ecdh - explicitly zeroize private_key (stable-fixes). - crypto: ecdsa - Fix the public key format description (git-fixes). - crypto: ecrdsa - Fix module auto-load on add_key (stable-fixes). - crypto: hisilicon/debugfs - Fix debugfs uninit process issue (stable-fixes). - crypto: hisilicon/qm - Add the err memory release process to qm uninit (stable-fixes). - crypto: hisilicon/sec - Fix memory leak for sec resource release (stable-fixes). - crypto: iaa - Account for cpu-less numa nodes (bsc#1227190). - crypto: qat - extend scope of lock in adf_cfg_add_key_value_param() (git-fixes). - cxl/region: Fix cxlr_pmem leaks (git-fixes). - cxl/region: Fix memregion leaks in devm_cxl_add_region() (git-fixes). - cxl/test: Add missing vmalloc.h for tools/testing/cxl/test/mem.c (git-fixes). - cxl/trace: Correct DPA field masks for general_media & dram events (git-fixes). - decompress_bunzip2: fix rare decompression failure (git-fixes). - devres: Fix devm_krealloc() wasting memory (git-fixes). - devres: Fix memory leakage caused by driver API devm_free_percpu() (git-fixes). - dlm: fix user space lock decision to copy lvb (git-fixes). - dma: fix call order in dmam_free_coherent (git-fixes). - dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (git-fixes). - dmaengine: ioatdma: Fix error path in ioat3_dma_probe() (git-fixes). - dmaengine: ioatdma: Fix kmemleak in ioat_pci_probe() (git-fixes). - dmaengine: ioatdma: Fix leaking on version mismatch (git-fixes). - dmaengine: ioatdma: Fix missing kmem_cache_destroy() (git-fixes). - dmaengine: ti: k3-udma: Fix BCHAN count with UHC and HC channels (git-fixes). - docs: crypto: async-tx-api: fix broken code example (git-fixes). - dpll: spec: use proper enum for pin capabilities attribute (git-fixes). - drivers/xen: Improve the late XenStore init protocol (git-fixes). - drivers: core: synchronize really_probe() and dev_uevent() (git-fixes). - drivers: soc: xilinx: check return status of get_api_version() (git-fixes). - drm/amd/amdgpu: Fix uninitialized variable warnings (git-fixes). - drm/amd/display: ASSERT when failing to find index by plane/stream id (stable-fixes). - drm/amd/display: Account for cursor prefetch BW in DML1 mode support (stable-fixes). - drm/amd/display: Add VCO speed parameter for DCN31 FPU (stable-fixes). - drm/amd/display: Add dtbclk access to dcn315 (stable-fixes). - drm/amd/display: Add refresh rate range check (stable-fixes). - drm/amd/display: Allocate zero bw after bw alloc enable (stable-fixes). - drm/amd/display: Check index msg_id before read or write (stable-fixes). - drm/amd/display: Check pipe offset before setting vblank (stable-fixes). - drm/amd/display: Disable seamless boot on 128b/132b encoding (stable-fixes). - drm/amd/display: Exit idle optimizations before HDCP execution (stable-fixes). - drm/amd/display: Fix DC mode screen flickering on DCN321 (stable-fixes). - drm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport (stable-fixes). - drm/amd/display: Fix overlapping copy within dml_core_mode_programming (stable-fixes). - drm/amd/display: Fix refresh rate range for some panel (stable-fixes). - drm/amd/display: Fix uninitialized variables in DM (stable-fixes). - drm/amd/display: Move 'struct scaler_data' off stack (git-fixes). - drm/amd/display: Remove pixle rate limit for subvp (stable-fixes). - drm/amd/display: Revert Remove pixle rate limit for subvp (stable-fixes). - drm/amd/display: Send DP_TOTAL_LTTPR_CNT during detection if LTTPR is present (stable-fixes). - drm/amd/display: Set color_mgmt_changed to true on unsuspend (stable-fixes). - drm/amd/display: Skip finding free audio for unknown engine_id (stable-fixes). - drm/amd/display: Skip pipe if the pipe idx not set properly (stable-fixes). - drm/amd/display: Update efficiency bandwidth for dcn351 (stable-fixes). - drm/amd/display: Workaround register access in idle race with cursor (stable-fixes). - drm/amd/display: change dram_clock_latency to 34us for dcn35 (stable-fixes). - drm/amd/display: revert Exit idle optimizations before HDCP execution (stable-fixes). - drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes). - drm/amd/pm: Restore config space after reset (stable-fixes). - drm/amd/pm: remove logically dead code for renoir (git-fixes). - drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms (git-fixes). - drm/amdgpu/atomfirmware: add intergrated info v2.3 table (stable-fixes). - drm/amdgpu/atomfirmware: fix parsing of vram_info (stable-fixes). - drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes). - drm/amdgpu/mes: fix use-after-free issue (stable-fixes). - drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit (git-fixes). - drm/amdgpu: Fix VRAM memory accounting (stable-fixes). - drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode() (git-fixes). - drm/amdgpu: Fix memory range calculation (git-fixes). - drm/amdgpu: Fix pci state save during mode-1 reset (git-fixes). - drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (git-fixes). - drm/amdgpu: Fix the ring buffer size for queue VM flush (stable-fixes). - drm/amdgpu: Fix uninitialized variable warnings (stable-fixes). - drm/amdgpu: Indicate CU havest info to CP (stable-fixes). - drm/amdgpu: Initialize timestamp for some legacy SOCs (stable-fixes). - drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes). - drm/amdgpu: Update BO eviction priorities (stable-fixes). - drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (stable-fixes). - drm/amdgpu: add error handle to avoid out-of-bounds (stable-fixes). - drm/amdgpu: avoid using null object of framebuffer (stable-fixes). - drm/amdgpu: fix UBSAN warning in kv_dpm.c (stable-fixes). - drm/amdgpu: fix locking scope when flushing tlb (stable-fixes). - drm/amdgpu: fix the warning about the expression (int)size - len (stable-fixes). - drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes). - drm/amdgpu: init microcode chip name from ip versions (stable-fixes). - drm/amdgpu: silence UBSAN warning (stable-fixes). - drm/amdkfd: Add VRAM accounting for SVM migration (stable-fixes). - drm/amdkfd: Fix CU Masking for GFX 9.4.3 (git-fixes). - drm/amdkfd: Flush the process wq before creating a kfd_process (stable-fixes). - drm/amdkfd: Let VRAM allocations go to GTT domain on small APUs (stable-fixes). - drm/arm/komeda: Fix komeda probe failing if there are no links in the secondary pipeline (git-fixes). - drm/bridge/panel: Fix runtime warning on panel bridge release (git-fixes). - drm/bridge: it6505: fix hibernate to resume no display issue (git-fixes). - drm/bridge: samsung-dsim: Set P divider based on min/max of fin pll (git-fixes). - drm/dp_mst: Fix all mstb marked as not probed after suspend/resume (git-fixes). - drm/drm_file: Fix pid refcounting race (git-fixes). - drm/etnaviv: fix DMA direction handling for cached RW buffers (git-fixes). - drm/etnaviv: fix tx clock gating on some GC7000 variants (stable-fixes). - drm/exynos/vidi: fix memory leak in .get_modes() (stable-fixes). - drm/exynos: dp: drop driver owner initialization (stable-fixes). - drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found (git-fixes). - drm/fbdev-dma: Fix framebuffer mode for big endian devices (git-fixes). - drm/fbdev-dma: Only set smem_start is enable per module option (git-fixes). - drm/fbdev-generic: Fix framebuffer on big endian devices (git-fixes). - drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (git-fixes). - drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (git-fixes). - drm/i915/dp: Do not switch the LTTPR mode on an active link (git-fixes). - drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 (git-fixes). - drm/i915/gt: Fix potential UAF by revoke of fence registers (git-fixes). - drm/i915/hwmon: Get rid of devm (stable-fixes). - drm/i915/mso: using joiner is not possible with eDP MSO (git-fixes). - drm/komeda: check for error-valued pointer (git-fixes). - drm/lima: Mark simple_ondemand governor as softdep (git-fixes). - drm/lima: add mask irq callback to gp and pp (stable-fixes). - drm/lima: fix shared irq handling on driver remove (stable-fixes). - drm/lima: mask irqs in timeout path before hard reset (stable-fixes). - drm/mediatek: Add DRM_MODE_ROTATE_0 to rotation property (git-fixes). - drm/mediatek: Add OVL compatible name for MT8195 (git-fixes). - drm/mediatek: Add missing plane settings when async update (git-fixes). - drm/mediatek: Call drm_atomic_helper_shutdown() at shutdown time (stable-fixes). - drm/mediatek: Fix XRGB setting error in Mixer (git-fixes). - drm/mediatek: Fix XRGB setting error in OVL (git-fixes). - drm/mediatek: Fix bit depth overwritten for mtk_ovl_set bit_depth() (git-fixes). - drm/mediatek: Fix destination alpha error in OVL (git-fixes). - drm/mediatek: Remove less-than-zero comparison of an unsigned value (git-fixes). - drm/mediatek: Set DRM mode configs accordingly (git-fixes). - drm/mediatek: Support DRM plane alpha in Mixer (git-fixes). - drm/mediatek: Support DRM plane alpha in OVL (git-fixes). - drm/mediatek: Support RGBA8888 and RGBX8888 in OVL on MT8195 (git-fixes). - drm/mediatek: Turn off the layers with zero width or height (git-fixes). - drm/mediatek: Use 8-bit alpha in ETHDR (git-fixes). - drm/meson: fix canvas release in bind function (git-fixes). - drm/mgag200: Bind I2C lifetime to DRM device (git-fixes). - drm/mgag200: Set DDC timeout in milliseconds (git-fixes). - drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() (git-fixes). - drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_generic_write_seq() (git-fixes). - drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op (git-fixes). - drm/msm/dpu: fix encoder irq wait skip (git-fixes). - drm/msm/dsi: set VIDEO_COMPRESSION_MODE_CTRL_WC (git-fixes). - drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config (git-fixes). - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (stable-fixes). - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (stable-fixes). - drm/nouveau: do not attempt to schedule hpd_work on headless cards (git-fixes). - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (git-fixes). - drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() (git-fixes). - drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators (git-fixes). - drm/panel: himax-hx8394: Handle errors from mipi_dsi_dcs_set_display_on() better (git-fixes). - drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (stable-fixes). - drm/panel: ilitek-ili9882t: Check for errors on the NOP in prepare() (git-fixes). - drm/panel: ilitek-ili9882t: If prepare fails, disable GPIO before regulators (git-fixes). - drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA (git-fixes). - drm/panel: sitronix-st7789v: Add check for of_drm_get_panel_orientation (git-fixes). - drm/panfrost: Mark simple_ondemand governor as softdep (git-fixes). - drm/qxl: Add check for drm_cvt_mode (git-fixes). - drm/radeon/radeon_display: Decrease the size of allocated memory (stable-fixes). - drm/radeon: check bo_va->bo is non-NULL before using it (stable-fixes). - drm/radeon: fix UBSAN warning in kv_dpm.c (stable-fixes). - drm/rockchip: vop2: Fix the port mux of VP2 (git-fixes). - drm/sun4i: hdmi: Convert encoder to atomic (stable-fixes). - drm/sun4i: hdmi: Move mode_set into enable (stable-fixes). - drm/ttm: Always take the bo delayed cleanup path for imported bos (git-fixes). - drm/udl: Remove DRM_CONNECTOR_POLL_HPD (git-fixes). - drm/vmwgfx: 3D disabled should not effect STDU memory limits (git-fixes). - drm/vmwgfx: Do not memcmp equivalent pointers (git-fixes). - drm/vmwgfx: Filter modes which exceed graphics memory (git-fixes). - drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency (stable-fixes). - drm: panel-orientation-quirks: Add quirk for Aya Neo KUN (stable-fixes). - drm: panel-orientation-quirks: Add quirk for Valve Galileo (stable-fixes). - drm: zynqmp_dpsub: Fix an error handling path in zynqmp_dpsub_probe() (git-fixes). - drm: zynqmp_kms: Fix AUX bus not getting unregistered (git-fixes). - eeprom: at24: Probe for DDR3 thermal sensor in the SPD case (stable-fixes). - eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes). - efi/x86: Free EFI memory map only when installing a new one (git-fixes). - erofs: ensure m_llen is reset to 0 if metadata is invalid (git-fixes). - exfat: fix potential deadlock on __exfat_get_dentry_set (git-fixes). - f2fs: fix error path of __f2fs_build_free_nids (git-fixes). - filelock: fix potential use-after-free in posix_lock_inode (git-fixes). - firmware: cs_dsp: Fix overflow checking of wmfw header (git-fixes). - firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers (git-fixes). - firmware: cs_dsp: Return error if block header overflows file (git-fixes). - firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (git-fixes). - firmware: cs_dsp: Validate payload length before processing block (git-fixes). - firmware: dmi: Stop decoding on broken entry (stable-fixes). - firmware: psci: Fix return value from psci_system_suspend() (git-fixes). - firmware: turris-mox-rwtm: Do not complete if there are no waiters (git-fixes). - firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (git-fixes). - firmware: turris-mox-rwtm: Initialize completion before mailbox (git-fixes). - fpga: dfl-pci: add PCI subdevice ID for Intel D5005 card (stable-fixes). - fs/file: fix the check in find_next_fd() (git-fixes). - fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() (git-fixes). - fuse: verify {g,u}id mount options correctly (bsc#1228193). - genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after() (git-fixes). - gfs2: Do not forget to complete delayed withdraw (git-fixes). - gfs2: Fix 'ignore unlock failures after withdraw' (git-fixes). - gfs2: Fix invalid metadata access in punch_hole (git-fixes). - gfs2: Get rid of gfs2_alloc_blocks generation parameter (git-fixes). - gfs2: Rename gfs2_lookup_{ simple => meta } (git-fixes). - gfs2: Use mapping->gfp_mask for metadata inodes (git-fixes). - gfs2: convert to ctime accessor functions (git-fixes). - gpio: davinci: Validate the obtained number of IRQs (git-fixes). - gpio: lpc32xx: fix module autoloading (stable-fixes). - gpio: mc33880: Convert comma to semicolon (git-fixes). - gpio: pca953x: fix pca953x_irq_bus_sync_unlock race (stable-fixes). - gpio: tqmx86: fix broken IRQ_TYPE_EDGE_BOTH interrupt type (git-fixes). - gpio: tqmx86: fix typo in Kconfig label (git-fixes). - gpio: tqmx86: introduce shadow register for GPIO output value (git-fixes). - gpio: tqmx86: store IRQ trigger type and unmask status separately (git-fixes). - gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) (git-fixes). - hfsplus: fix to avoid false alarm of circular locking (git-fixes). - hfsplus: fix uninit-value in copy_name (git-fixes). - hpet: Support 32-bit userspace (git-fixes). - hwmon: (adt7475) Fix default duty on fan is disabled (git-fixes). - hwmon: (max6697) Fix swapped temp{1,8} critical alarms (git-fixes). - hwmon: (max6697) Fix underflow when writing limit attributes (git-fixes). - hwrng: amd - Convert PCIBIOS_* return codes to errnos (git-fixes). - hwrng: core - Fix wrong quality calculation at hw rng registration (git-fixes). - i2c: at91: Fix the functionality flags of the slave-only interface (git-fixes). - i2c: designware: Fix the functionality flags of the slave-only interface (git-fixes). - i2c: i801: Annotate apanel_addr as __ro_after_init (stable-fixes). - i2c: mark HostNotify target address as used (git-fixes). - i2c: ocores: set IACK bit after core is enabled (git-fixes). - i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr (git-fixes). - i2c: rcar: bring hardware to known state when probing (git-fixes). - i2c: testunit: avoid re-issued work after read message (git-fixes). - i2c: testunit: correct Kconfig description (git-fixes). - i2c: testunit: discard write requests while old command is running (git-fixes). - i2c: testunit: do not erase registers after STOP (git-fixes). - i40e: fix: remove needless retries of NVM update (bsc#1227736). - iio: Fix the sorting functionality in iio_gts_build_avail_time_table (git-fixes). - iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF (git-fixes). - iio: accel: mxc4005: Reset chip on probe() and resume() (stable-fixes). - iio: accel: mxc4005: allow module autoloading via OF compatible (stable-fixes). - iio: adc: ad7266: Fix variable checking bug (git-fixes). - iio: adc: ad9467: fix scan type sign (git-fixes). - iio: adc: ad9467: use chip_info variables instead of array (stable-fixes). - iio: adc: ad9467: use spi_get_device_match_data() (stable-fixes). - iio: chemical: bme680: Fix calibration data variable (git-fixes). - iio: chemical: bme680: Fix overflows in compensate() functions (git-fixes). - iio: chemical: bme680: Fix pressure value output (git-fixes). - iio: chemical: bme680: Fix sensor data read operation (git-fixes). - iio: dac: ad5592r: fix temperature channel scaling value (git-fixes). - iio: frequency: adrf6780: rm clk provider include (git-fixes). - iio: imu: inv_icm42600: delete unneeded update watermark call (git-fixes). - iio: pressure: bmp280: Fix BMP580 temperature reading (stable-fixes). - iio: pressure: fix some word spelling errors (stable-fixes). - iio: xilinx-ams: Do not include ams_ctrl_channels in scan_mask (git-fixes). - input: Add event code for accessibility key (stable-fixes). - input: Add support for 'Do Not Disturb' (stable-fixes). - intel_th: pci: Add Granite Rapids SOC support (stable-fixes). - intel_th: pci: Add Granite Rapids support (stable-fixes). - intel_th: pci: Add Lunar Lake support (stable-fixes). - intel_th: pci: Add Meteor Lake-S CPU support (stable-fixes). - intel_th: pci: Add Meteor Lake-S support (stable-fixes). - intel_th: pci: Add Sapphire Rapids SOC support (stable-fixes). - interconnect: qcom: qcm2290: Fix mas_snoc_bimc RPM master ID (git-fixes). - io-wq: write next_work before dropping acct_lock (git-fixes). - io_uring/io-wq: Use set_bit() and test_bit() at worker->flags (git-fixes). - io_uring/io-wq: avoid garbage value of 'match' in io_wq_enqueue() (git-fixes). - io_uring/kbuf: get rid of bl->is_ready (git-fixes). - io_uring/kbuf: get rid of lower BGID lists (git-fixes). - io_uring/kbuf: protect io_buffer_list teardown with a reference (git-fixes). Reuses a padding space in the structure. - io_uring/kbuf: rename is_mapped (git-fixes). - io_uring/net: correct the type of variable (git-fixes). - io_uring/net: correctly handle multishot recvmsg retry setup (git-fixes). - io_uring/net: fix sendzc lazy wake polling (git-fixes). - io_uring/net: move receive multishot out of the generic msghdr path (git-fixes). - io_uring/net: restore msg_control on sendzc retry (git-fixes). - io_uring/net: unify how recvmsg and sendmsg copy in the msghdr (git-fixes). - io_uring/rsrc: do not lock while !TASK_RUNNING (git-fixes). - io_uring/rsrc: fix incorrect assignment of iter->nr_segs in io_import_fixed (git-fixes). - io_uring/rw: do not allow multishot reads without NOWAIT support (git-fixes). - io_uring/rw: return IOU_ISSUE_SKIP_COMPLETE for multishot retry (git-fixes). - io_uring/sqpoll: work around a potential audit memory leak (git-fixes). - io_uring/unix: drop usage of io_uring socket (git-fixes). - io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64() failure (git-fixes). - io_uring: clean rings on NO_MMAP alloc fail (git-fixes). - io_uring: clear opcode specific data for an early failure (git-fixes). - io_uring: do not save/restore iowait state (git-fixes). - io_uring: fail NOP if non-zero op flags is passed in (git-fixes). - io_uring: fix io_queue_proc modifying req->flags (git-fixes). - io_uring: fix mshot io-wq checks (git-fixes). - io_uring: fix mshot read defer taskrun cqe posting (git-fixes). - io_uring: fix poll_remove stalled req completion (git-fixes). - io_uring: remove looping around handling traditional task_work (git-fixes). - io_uring: remove unconditional looping in local task_work handling (git-fixes). - io_uring: use private workqueue for exit work (git-fixes). - io_uring: use the right type for work_llist empty check (git-fixes). - iommu/amd: Enhance def_domain_type to handle untrusted device (git-fixes). - iommu/amd: Fix panic accessing amd_iommu_enable_faulting (bsc#1224767). - iommu/amd: Fix sysfs leak in iommu init (git-fixes). - iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes). - iommu/vt-d: Allocate DMAR fault interrupts locally (bsc#1224767). - iommu/vt-d: Fix WARN_ON in iommu probe path (git-fixes). - iommu/vt-d: Improve ITE fault handling if target device isn't present (git-fixes). - iommu/vt-d: Use rbtree to track iommu probed devices (git-fixes). - iommu: Fix compilation without CONFIG_IOMMU_INTEL (git-fixes). - iommu: Return right value in iommu_sva_bind_device() (git-fixes). - iommu: Undo pasid attachment only for the devices that have succeeded (git-fixes). - iommu: mtk: fix module autoloading (git-fixes). - ipmi: ssif_bmc: prevent integer overflow on 32bit systems (git-fixes). - ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958) - iwlwifi: fw: fix more kernel-doc warnings (bsc#1227149). - iwlwifi: mvm: Drop unused fw_trips_index[] from iwl_mvm_thermal_device (bsc#1227149). - iwlwifi: mvm: Populate trip table before registering thermal zone (bsc#1227149). - iwlwifi: mvm: Use for_each_thermal_trip() for walking trip points (bsc#1227149). - jffs2: Fix potential illegal address access in jffs2_free_inode (git-fixes). - jfs: Fix array-index-out-of-bounds in diFree (git-fixes). - jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383). - kABI fix of KVM: x86/pmu: Prioritize VMX interception over - kABI workaround for sof_ipc_pcm_ops (git-fixes). - kABI workaround for wireless updates (bsc#1227149). - kABI: bpf: verifier kABI workaround (bsc#1225903). - kabi/severities: Ignore io_uring internal symbols - kabi/severities: cleanup and update for WiFi driver entries (bsc#1227149) - kabi/severities: cover all ath/* drivers (bsc#1227149) All symbols in ath/* network drivers are local and can be ignored - kabi/severities: cover all mt76 modules (bsc#1227149) - kabi/severities: ignore amd pds internal symbols - kabi/severities: ignore kABI changes Realtek WiFi drivers (bsc#1227149) All those symbols are local and used for its own helpers - kabi: Use __iowriteXX_copy_inlined for in-kernel modules (bsc#1226502) - kbuild: Fix build target deb-pkg: ln: failed to create hard link (git-fixes). - kbuild: Install dtb files as 0644 in Makefile.dtbinst (git-fixes). - kbuild: avoid build error when single DTB is turned into composite DTB (git-fixes). - kbuild: doc: Update default INSTALL_MOD_DIR from extra to updates (git-fixes). - kconfig: doc: fix a typo in the note about 'imply' (git-fixes). - kconfig: fix comparison to constant symbols, 'm', 'n' (git-fixes). - kconfig: gconf: give a proper initial state to the Save button (stable-fixes). - kconfig: remove wrong expr_trans_bool() (stable-fixes). - kcov: do not lose track of remote references during softirqs (git-fixes). - kernel-binary: vdso: Own module_dir - kernel-doc: fix struct_group_tagged() parsing (git-fixes). - kheaders: explicitly define file modes for archived headers (stable-fixes). - knfsd: LOOKUP can return an illegal error value (git-fixes). - kobject_uevent: Fix OOB access within zap_modalias_env() (git-fixes). - kprobe/ftrace: bail out if ftrace was killed (git-fixes). - kprobe/ftrace: fix build error due to bad function definition (git-fixes). - kunit: Fix checksum tests on big endian CPUs (git-fixed). - leds: flash: leds-qcom-flash: Test the correct variable in init (git-fixes). - leds: mt6360: Fix memory leak in mt6360_init_isnk_properties() (git-fixes). - leds: ss4200: Convert PCIBIOS_* return codes to errnos (git-fixes). - leds: trigger: Unregister sysfs attributes before calling deactivate() (git-fixes). - leds: triggers: Flush pending brightness before activating trigger (git-fixes). - lib: objagg: Fix general protection fault (git-fixes). - lib: objagg: Fix spelling (git-fixes). - lib: test_objagg: Fix spelling (git-fixes). - libceph: fix race between delayed_work() and ceph_monc_stop() (bsc#1228192). - mISDN: Fix a use after free in hfcmulti_tx() (git-fixes). - mISDN: fix MISDN_TIME_STAMP handling (git-fixes). - mac802154: fix time calculation in ieee802154_configure_durations() (git-fixes). - mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (git-fixes). - media: dvb-frontends: tda10048: Fix integer overflow (stable-fixes). - media: dvb-frontends: tda18271c2dd: Remove casting during div (stable-fixes). - media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (git-fixes). - media: dvb-usb: dib0700_devices: Add missing release_firmware() (stable-fixes). - media: dvb: as102-fe: Fix as10x_register_addr packing (stable-fixes). - media: dvbdev: Initialize sbuf (stable-fixes). - media: dw2102: Do not translate i2c read into write (stable-fixes). - media: dw2102: fix a potential buffer overflow (git-fixes). - media: i2c: Fix imx412 exposure control (git-fixes). - media: imon: Fix race getting ictx->lock (git-fixes). - media: imx-jpeg: Drop initial source change event if capture has been setup (git-fixes). - media: imx-jpeg: Remove some redundant error logs (git-fixes). - media: imx-pxp: Fix ERR_PTR dereference in pxp_probe() (git-fixes). - media: lgdt3306a: Add a check against null-pointer-def (stable-fixes). - media: mxl5xx: Move xpt structures off stack (stable-fixes). - media: pci: ivtv: Add check for DMA map result (git-fixes). - media: radio-shark2: Avoid led_names truncations (git-fixes). - media: rcar-vin: Fix YUYV8_1X16 handling for CSI-2 (git-fixes). - media: renesas: vsp1: Fix _irqsave and _irq mix (git-fixes). - media: renesas: vsp1: Store RPF partition configuration per RPF instance (git-fixes). - media: s2255: Use refcount_t instead of atomic_t for num_channels (stable-fixes). - media: uvcvideo: Fix integer overflow calculating timestamp (git-fixes). - media: uvcvideo: Override default flags (git-fixes). - media: v4l2-core: hold videodev_lock until dev reg, finishes (stable-fixes). - media: v4l: async: Fix NULL pointer dereference in adding ancillary links (git-fixes). - media: v4l: subdev: Fix typo in documentation (git-fixes). - media: venus: fix use after free in vdec_close (git-fixes). - media: venus: flush all buffers in output plane streamoff (git-fixes). - mei: demote client disconnect warning on suspend to debug (stable-fixes). - mei: me: release irq in mei_me_pci_resume error path (git-fixes). - mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes). - mfd: pm8008: Fix regmap irq chip initialisation (git-fixes). - misc: fastrpc: Avoid updating PD type for capability request (git-fixes). - misc: fastrpc: Copy the complete capability structure to user (git-fixes). - misc: fastrpc: Fix DSP capabilities request (git-fixes). - misc: fastrpc: Fix memory leak in audio daemon attach operation (git-fixes). - misc: fastrpc: Fix ownership reassignment of remote heap (git-fixes). - misc: fastrpc: Restrict untrusted app to attach to privileged PD (git-fixes). - misc: microchip: pci1xxxx: Fix a memory leak in the error handling of gp_aux_bus_probe() (git-fixes). - misc: microchip: pci1xxxx: fix double free in the error handling of gp_aux_bus_probe() (git-fixes). - mmc: core: Add mmc_gpiod_set_cd_config() function (stable-fixes). - mmc: core: Do not force a retune before RPMB switch (stable-fixes). - mmc: sdhci-acpi: Add quirk to enable pull-up on the card-detect GPIO on Asus T100TA (git-fixes). - mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A (stable-fixes). - mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working (stable-fixes). - mmc: sdhci-acpi: Sort DMI quirks alphabetically (stable-fixes). - mmc: sdhci-brcmstb: check R1_STATUS for erase/trim/discard (git-fixes). - mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos (git-fixes). - mmc: sdhci: Add support for 'Tuning Error' interrupts (stable-fixes). - mmc: sdhci: Do not invert write-protect twice (git-fixes). - mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() (git-fixes). - module: do not ignore sysfs_create_link() failures (git-fixes). - mt76: connac: move more mt7921/mt7915 mac shared code in connac lib (bsc#1227149). - mt76: mt7996: rely on mt76_sta_stats in mt76_wcid (bsc#1227149). - mtd: partitions: redboot: Added conversion of operands to a larger type (stable-fixes). - mtd: rawnand: Bypass a couple of sanity checks during NAND identification (git-fixes). - mtd: rawnand: Ensure ECC configuration is propagated to upper layers (git-fixes). - mtd: rawnand: Fix the nand_read_data_op() early check (git-fixes). - mtd: rawnand: rockchip: ensure NVDDR timings are rejected (git-fixes). - net/dcb: check for detached device before executing callbacks (bsc#1215587). - net/mlx5: Fix MTMP register capability offset in MCAM register (git-fixes). - net: can: j1939: Initialize unused data in j1939_send_one() (git-fixes). - net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new (git-fixes). - net: can: j1939: recover socket queue on CAN bus error during BAM transmission (git-fixes). - net: ena: Fix redundant device NUMA node override (jsc#PED-8688). - net: ethernet: mtk_wed: introduce mtk_wed_buf structure (bsc#1227149). - net: ethernet: mtk_wed: rename mtk_rxbm_desc in mtk_wed_bm_desc (bsc#1227149). - net: fill in MODULE_DESCRIPTION()s in kuba@'s modules (bsc#1227149). - net: hns3: Remove io_stop_wc() calls after __iowrite64_copy() (bsc#1226502) - net: lan743x: Support WOL at both the PHY and MAC appropriately (git-fixes). - net: lan743x: disable WOL upon resume to restore full data path operation (git-fixes). - net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() (stable-fixes). - net: mana: Enable MANA driver on ARM64 with 4K page size (jsc#PED-8491). - net: mana: Fix possible double free in error handling path (git-fixes). - net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes). - net: phy: Micrel KSZ8061: fix errata solution not taking effect problem (git-fixes). - net: phy: micrel: add Microchip KSZ 9477 to the device table (git-fixes). - net: phy: micrel: fix KSZ9477 PHY issues after suspend/resume (git-fixes). - net: phy: microchip: lan87xx: reinit PHY after cable test (git-fixes). - net: phy: mxl-gpy: Remove interrupt mask clearing from config_init (git-fixes). - net: phy: phy_device: Fix PHY LED blinking code comment (git-fixes). - net: usb: ax88179_178a: improve link status logs (git-fixes). - net: usb: ax88179_178a: improve reset check (git-fixes). - net: usb: qmi_wwan: add Telit FN912 compositions (stable-fixes). - net: usb: qmi_wwan: add Telit FN920C04 compositions (git-fixes). - net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings (git-fixes). - nfc/nci: Add the inconsistency check between the input data length and count (stable-fixes). - nfs: Avoid flushing many pages with NFS_FILE_SYNC (bsc#1218442). - nfs: Block on write congestion (bsc#1218442). - nfs: Bump default write congestion size (bsc#1218442). - nfs: Drop pointless check from nfs_commit_release_pages() (bsc#1218442). - nfs: Fix up kabi after adding write_congestion_wait (bsc#1218442). - nfs: Handle error of rpc_proc_register() in nfs_net_init() (git-fixes). - nfs: Properly initialize server->writeback (bsc#1218442). - nfs: drop the incorrect assertion in nfs_swap_rw() (git-fixes). - nfs: fix undefined behavior in nfs_block_bits() (git-fixes). - nfs: keep server info for remounts (git-fixes). - nfsd: hold a lighter-weight client reference over CB_RECALL_ANY (git-fixes). - nfsd: optimise recalculate_deny_mode() for a common case (bsc#1217912). - nilfs2: add missing check for inode numbers on directory entries (stable-fixes). - nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (git-fixes). - nilfs2: convert persistent object allocator to use kmap_local (git-fixes). - nilfs2: fix incorrect inode allocation from reserved inodes (git-fixes). - nilfs2: fix inode number range checks (stable-fixes). - nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors (git-fixes). - nilfs2: fix potential hang in nilfs_detach_log_writer() (git-fixes). - nilfs2: return the mapped address from nilfs_get_page() (stable-fixes). - nouveau: add an ioctl to report vram usage (stable-fixes). - nouveau: add an ioctl to return vram bar size (stable-fixes). - nouveau: report byte usage in VRAM usage (git-fixes). - nvme-fabrics: short-circuit reconnect retries (bsc#1186716). - nvme-tcp: Export the nvme_tcp_wq to sysfs (bsc#1224049). - nvme/tcp: Add wq_unbound modparam for nvme_tcp_wq (bsc#1224049). - nvme: cancel pending I/O if nvme controller is in terminal state (bsc#1226503). - nvme: do not retry authentication failures (bsc#1186716). - nvme: find numa distance only if controller has valid numa id (git-fixes). - nvme: fix nvme_pr_* status code parsing (git-fixes). - nvme: return kernel error codes for admin queue connect (bsc#1186716). - nvmet-auth: replace pr_debug() with pr_err() to report an error (git-fixes). - nvmet-auth: return the error code to the nvmet_auth_host_hash() callers (git-fixes). - nvmet-passthru: propagate status from id override functions (git-fixes). - nvmet-tcp: fix possible memory leak when tearing down a controller (git-fixes). - nvmet: fix nvme status code when namespace is disabled (git-fixes). - nvmet: lock config semaphore when accessing DH-HMAC-CHAP key (bsc#1186716). - nvmet: prevent sprintf() overflow in nvmet_subsys_nsid_exists() (git-fixes). - nvmet: return DHCHAP status codes from nvmet_setup_auth() (bsc#1186716). - ocfs2: adjust enabling place for la window (bsc#1219224). - ocfs2: fix DIO failure due to insufficient transaction credits (git-fixes). - ocfs2: fix races between hole punching and AIO+DIO (git-fixes). - ocfs2: fix sparse warnings (bsc#1219224). - ocfs2: improve write IO performance when fragmentation is high (bsc#1219224). - ocfs2: speed up chain-list searching (bsc#1219224). - ocfs2: use coarse time for new created files (git-fixes). - orangefs: fix out-of-bounds fsid access (git-fixes). - pNFS/filelayout: fixup pNfs allocation modes (git-fixes). - phy: cadence-torrent: Check return value on register read (git-fixes). - pinctrl: core: fix possible memory leak when pinctrl_enable() fails (git-fixes). - pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (git-fixes). - pinctrl: freescale: mxs: Fix refcount of child (git-fixes). - pinctrl: qcom: spmi-gpio: drop broken pm8008 support (git-fixes). - pinctrl: renesas: r8a779g0: FIX PWM suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix (H)SCIF1 suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix (H)SCIF3 suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix CANFD5 suffix (git-fixes). - pinctrl: renesas: r8a779g0: Fix FXR_TXEN[AB] suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix IRQ suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix TCLK suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix TPU suffixes (git-fixes). - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins (git-fixes). - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins (git-fixes). - pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set (git-fixes). - pinctrl: rockchip: update rk3308 iomux routes (git-fixes). - pinctrl: rockchip: use dedicated pinctrl type for RK3328 (git-fixes). - pinctrl: single: fix possible memory leak when pinctrl_enable() fails (git-fixes). - pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (git-fixes). - platform/chrome: cros_ec_debugfs: fix wrong EC message version (git-fixes). - platform/x86/intel/tpmi: Handle error from tpmi_process_info() (stable-fixes). - platform/x86: ISST: Add Grand Ridge to HPM CPU list (stable-fixes). - platform/x86: dell-smbios: Fix wrong token data in sysfs (git-fixes). - platform/x86: lg-laptop: Change ACPI device id (stable-fixes). - platform/x86: lg-laptop: Remove LGEX0815 hotkey handling (stable-fixes). - platform/x86: lg-laptop: Use ACPI device handle when evaluating WMAB/WMBB (stable-fixes). - platform/x86: thinkpad_acpi: Take hotkey_mutex during hotkey_exit() (git-fixes). - platform/x86: toshiba_acpi: Add quirk for buttons on Z830 (stable-fixes). - platform/x86: toshiba_acpi: Fix array out-of-bounds access (git-fixes). - platform/x86: toshiba_acpi: Fix quickstart quirk handling (git-fixes). - platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6' tablet (stable-fixes). - platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro (stable-fixes). - platform/x86: wireless-hotkey: Add support for LG Airplane Button (stable-fixes). - power: supply: ab8500: Fix error handling when calling iio_read_channel_processed() (git-fixes). - power: supply: cros_usbpd: provide ID table for avoiding fallback match (stable-fixes). - power: supply: ingenic: Fix some error handling paths in ingenic_battery_get_property() (git-fixes). - powerpc/64s/radix/kfence: map __kfence_pool at page granularity (bsc#1223570 ltc#205770). - powerpc/prom: Add CPU info to hardware description string later (bsc#1215199). - powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869). - powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487). - pwm: sti: Prepare removing pwm_chip from driver data (stable-fixes). - pwm: sti: Simplify probe function using devm functions (git-fixes). - pwm: stm32: Always do lazy disabling (git-fixes). - regmap-i2c: Subtract reg size from max_write (stable-fixes). - regulator: bd71815: fix ramp values (git-fixes). - regulator: core: Fix modpost error 'regulator_get_regmap' undefined (git-fixes). - regulator: irq_helpers: duplicate IRQ name (stable-fixes). - regulator: vqmmc-ipq4019: fix module autoloading (stable-fixes). - remoteproc: imx_rproc: Fix refcount mistake in imx_rproc_addr_init (git-fixes). - remoteproc: imx_rproc: Skip over memory region when node value is NULL (git-fixes). - remoteproc: k3-r5: Fix IPC-only mode detection (git-fixes). - remoteproc: stm32_rproc: Fix mailbox interrupts queuing (git-fixes). - rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL (git-fixes). - rtc: abx80x: Fix return value of nvmem callback on read (git-fixes). - rtc: cmos: Fix return value of nvmem callbacks (git-fixes). - rtc: interface: Add RTC offset to alarm after fix-up (git-fixes). - rtc: isl1208: Fix return value of nvmem callbacks (git-fixes). - s390/cpacf: Make use of invalid opcode produce a link error (git-fixes bsc#1227072). - s390: Implement __iowrite32_copy() (bsc#1226502) - s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502) - saa7134: Unchecked i2c_transfer function result fixed (git-fixes). - sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() (bsc#1226791). - selftests/bpf: test case for callback_depth states pruning logic (bsc#1225903). - selftests/bpf: test if state loops are detected in a tricky case (bsc#1225903). - selftests/bpf: test widening for iterating callbacks (bsc#1225903). - selftests/bpf: tests for iterating callbacks (bsc#1225903). - selftests/bpf: tests with delayed read/precision makrs in loop body (bsc#1225903). - selftests/bpf: track string payload offset as scalar in strobemeta (bsc#1225903). - selftests/bpf: track tcp payload offset as scalar in xdp_synproxy (bsc#1225903). - selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages (git-fixes). - selftests/mm: fix build warnings on ppc64 (stable-fixes). - selftests/sigaltstack: Fix ppc64 GCC build (git-fixes). - selftests: fix OOM in msg_zerocopy selftest (git-fixes). - selftests: make order checking verbose in msg_zerocopy selftest (git-fixes). - selftests: mptcp: add ms units for tc-netem delay (stable-fixes). - selftests: sud_test: return correct emulated syscall value on RISC-V (stable-fixes). - serial: bcm63xx-uart: fix tx after conversion to uart_port_tx_limited() (git-fixes). - serial: core: introduce uart_port_tx_limited_flags() (git-fixes). - serial: exar: adding missing CTI and Exar PCI ids (stable-fixes). - serial: imx: Introduce timeout when waiting on transmitter empty (stable-fixes). - serial: imx: Raise TX trigger level to 8 (stable-fixes). - smb3: allow controlling length of time directory entries are cached with dir leases (git-fixes, bsc#1225172). - smb3: allow controlling maximum number of cached directories (git-fixes, bsc#1225172). - smb3: do not start laundromat thread when dir leases disabled (git-fixes, bsc#1225172). - smb: client: do not start laundromat thread on nohandlecache (git-fixes, bsc#1225172). - smb: client: make laundromat a delayed worker (git-fixes, bsc#1225172). - smb: client: prevent new fids from being removed by laundromat (git-fixes, bsc#1225172). - soc: qcom: pdr: fix parsing of domains lists (git-fixes). - soc: qcom: pdr: protect locator_addr with the main mutex (git-fixes). - soc: qcom: pmic_glink: Handle the return value of pmic_glink_init (git-fixes). - soc: qcom: rpmh-rsc: Ensure irqs are not disabled by rpmh_rsc_send_data() callers (git-fixes). - soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (stable-fixes). - soc: xilinx: rename cpu_number1 to dummy_cpu_number (git-fixes). - soundwire: cadence: fix invalid PDI offset (stable-fixes). - spi: atmel-quadspi: Add missing check for clk_prepare (git-fixes). - spi: cadence: Ensure data lines set to low during dummy-cycle period (stable-fixes). - spi: imx: Do not expect DMA for i.MX{25,35,50,51,53} cspi devices (stable-fixes). - spi: microchip-core: defer asserting chip select until just before write to TX FIFO (git-fixes). - spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer (git-fixes). - spi: microchip-core: fix the issues in the isr (git-fixes). - spi: microchip-core: only disable SPI controller when register value change requires it (git-fixes). - spi: mux: set ctlr->bits_per_word_mask (stable-fixes). - spi: spi-microchip-core: Fix the number of chip selects supported (git-fixes). - spi: spidev: add correct compatible for Rohm BH2228FV (git-fixes). - spi: stm32: qspi: Clamp stm32_qspi_get_mode() output to CCR_BUSWIDTH_4 (git-fixes). - spi: stm32: qspi: Fix dual flash mode sanity test in stm32_qspi_setup() (git-fixes). - ssb: Fix potential NULL pointer dereference in ssb_device_uevent() (stable-fixes). - struct acpi_ec kABI workaround (git-fixes). - sunrpc: fix NFSACL RPC retry on soft mount (git-fixes). - tcp: Dump bound-only sockets in inet_diag (bsc#1204562). - thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data (stable-fixes). - thermal/drivers/mediatek/lvts_thermal: Return error in case of invalid efuse data (git-fixes). - thunderbolt: debugfs: Fix margin debugfs node creation condition (git-fixes). - tools/memory-model: Fix bug in lock.cat (git-fixes). - tools/power turbostat: Remember global max_die_id (stable-fixes). - tools/power/cpupower: Fix Pstate frequency reporting on AMD Family 1Ah CPUs (stable-fixes). - tools: ynl: do not leak mcast_groups on init error (git-fixes). - tools: ynl: fix handling of multiple mcast groups (git-fixes). - tools: ynl: make sure we always pass yarg to mnl_cb_run (git-fixes). - tpm_tis: Do *not* flush uninitialized work (git-fixes). - tracefs: Add missing lockdown check to tracefs_create_dir() (git-fixes). - tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() (git-fixes). - tracing: Build event generation tests only as modules (git-fixes). - tty: mcf: MCF54418 has 10 UARTS (git-fixes). - tty: n_tty: Fix buffer offsets when lookahead is used (git-fixes). - usb-storage: alauda: Check whether the media is initialized (git-fixes). - usb: atm: cxacru: fix endpoint checking in cxacru_bind() (git-fixes). - usb: dwc3: core: Add DWC31 version 2.00a controller (stable-fixes). - usb: dwc3: core: Workaround for CSR read timeout (stable-fixes). - usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock (git-fixes). - usb: dwc3: pci: Do not set 'linux,phy_charger_detect' property on Lenovo Yoga Tab2 1380 (stable-fixes). - usb: dwc3: pci: add support for the Intel Panther Lake (stable-fixes). - usb: gadget: aspeed_udc: fix device address configuration (git-fixes). - usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (stable-fixes). - usb: gadget: function: Remove usage of the deprecated ida_simple_xx() API (stable-fixes). - usb: gadget: printer: SS+ support (stable-fixes). - usb: gadget: printer: fix races against disable (git-fixes). - usb: gadget: uvc: configfs: ensure guid to be valid before set (stable-fixes). - usb: misc: uss720: check for incompatible versions of the Belkin F5U002 (stable-fixes). - usb: musb: da8xx: fix a resource leak in probe() (git-fixes). - usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state (git-fixes). - usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps (git-fixes). - usb: typec: ucsi: Ack also failed Get Error commands (git-fixes). - usb: typec: ucsi: Never send a lone connector change ack (stable-fixes). - usb: typec: ucsi: glink: fix child node release in probe function (git-fixes). - usb: typec: ucsi_glink: drop special handling for CCI_BUSY (stable-fixes). - usb: ucsi: stm32: fix command completion handling (git-fixes). - usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB (stable-fixes). - virtio_net: avoid data-races on dev->stats fields (git-fixes). - virtio_net: checksum offloading handling fix (git-fixes). - vmlinux.lds.h: catch .bss..L* sections into BSS') (git-fixes). - watchdog: rzg2l_wdt: Check return status of pm_runtime_put() (git-fixes). - watchdog: rzg2l_wdt: Use pm_runtime_resume_and_get() (git-fixes). - watchdog: rzn1: Convert comma to semicolon (git-fixes). - wifi: add HAS_IOPORT dependencies (bsc#1227149). - wifi: ar5523: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath10/11/12k: Use alloc_ordered_workqueue() to create ordered workqueues (bsc#1227149). - wifi: ath10k: Annotate struct ath10k_ce_ring with __counted_by (bsc#1227149). - wifi: ath10k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath10k: Drop checks that are always false (bsc#1227149). - wifi: ath10k: Drop cleaning of driver data from probe error path and remove (bsc#1227149). - wifi: ath10k: Fix a few spelling errors (bsc#1227149). - wifi: ath10k: Fix enum ath10k_fw_crash_dump_type kernel-doc (bsc#1227149). - wifi: ath10k: Fix htt_data_tx_completion kernel-doc warning (bsc#1227149). - wifi: ath10k: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath10k: Remove unused struct ath10k_htc_frame (bsc#1227149). - wifi: ath10k: Update Qualcomm Innovation Center, Inc. copyrights (bsc#1227149). - wifi: ath10k: Use DECLARE_FLEX_ARRAY() for ath10k_htc_record (bsc#1227149). - wifi: ath10k: Use list_count_nodes() (bsc#1227149). - wifi: ath10k: add missing wmi_10_4_feature_mask documentation (bsc#1227149). - wifi: ath10k: add support to allow broadcast action frame RX (bsc#1227149). - wifi: ath10k: consistently use kstrtoX_from_user() functions (bsc#1227149). - wifi: ath10k: correctly document enum wmi_tlv_tx_pause_id (bsc#1227149). - wifi: ath10k: drop HTT_DATA_TX_STATUS_DOWNLOAD_FAIL (bsc#1227149). - wifi: ath10k: fix QCOM_RPROC_COMMON dependency (git-fixes). - wifi: ath10k: fix Wvoid-pointer-to-enum-cast warning (bsc#1227149). - wifi: ath10k: fix htt_q_state_conf & htt_q_state kernel-doc (bsc#1227149). - wifi: ath10k: improve structure padding (bsc#1227149). - wifi: ath10k: indicate to mac80211 scan complete with aborted flag for ATH10K_SCAN_STARTING state (bsc#1227149). - wifi: ath10k: remove ath10k_htc_record::pauload[] (bsc#1227149). - wifi: ath10k: remove duplicate memset() in 10.4 TDLS peer update (bsc#1227149). - wifi: ath10k: remove struct wmi_pdev_chanlist_update_event (bsc#1227149). - wifi: ath10k: remove unused template structs (bsc#1227149). - wifi: ath10k: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: ath10k: replace deprecated strncpy with memcpy (bsc#1227149). - wifi: ath10k: simplify __ath10k_htt_tx_txq_recalc() (bsc#1227149). - wifi: ath10k: simplify ath10k_peer_create() (bsc#1227149). - wifi: ath10k: use flexible array in struct wmi_host_mem_chunks (bsc#1227149). - wifi: ath10k: use flexible array in struct wmi_tdls_peer_capabilities (bsc#1227149). - wifi: ath10k: use flexible arrays for WMI start scan TLVs (bsc#1227149). - wifi: ath11k: Add HTT stats for PHY reset case (bsc#1227149). - wifi: ath11k: Add coldboot calibration support for QCN9074 (bsc#1227149). - wifi: ath11k: Allow ath11k to boot without caldata in ftm mode (bsc#1227149). - wifi: ath11k: Consistently use ath11k_vif_to_arvif() (bsc#1227149). - wifi: ath11k: Consolidate WMI peer flags (bsc#1227149). - wifi: ath11k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath11k: Do not directly use scan_flags in struct scan_req_params (bsc#1227149). - wifi: ath11k: EMA beacon support (bsc#1227149). - wifi: ath11k: Fix a few spelling errors (bsc#1227149). - wifi: ath11k: Fix ath11k_htc_record flexible record (bsc#1227149). - wifi: ath11k: Introduce and use ath11k_sta_to_arsta() (bsc#1227149). - wifi: ath11k: MBSSID beacon support (bsc#1227149). - wifi: ath11k: MBSSID configuration during vdev create/start (bsc#1227149). - wifi: ath11k: MBSSID parameter configuration in AP mode (bsc#1227149). - wifi: ath11k: Really consistently use ath11k_vif_to_arvif() (bsc#1227149). - wifi: ath11k: Relocate the func ath11k_mac_bitrate_mask_num_ht_rates() and change hweight16 to hweight8 (bsc#1227149). - wifi: ath11k: Remove ath11k_base::bd_api (bsc#1227149). - wifi: ath11k: Remove cal_done check during probe (bsc#1227149). - wifi: ath11k: Remove obsolete struct wmi_peer_flags_map *peer_flags (bsc#1227149). - wifi: ath11k: Remove scan_flags union from struct scan_req_params (bsc#1227149). - wifi: ath11k: Remove struct ath11k::ops (bsc#1227149). - wifi: ath11k: Remove unneeded semicolon (bsc#1227149). - wifi: ath11k: Remove unused declarations (bsc#1227149). - wifi: ath11k: Remove unused struct ath11k_htc_frame (bsc#1227149). - wifi: ath11k: Send HT fixed rate in WMI peer fixed param (bsc#1227149). - wifi: ath11k: Split coldboot calibration hw_param (bsc#1227149). - wifi: ath11k: Update Qualcomm Innovation Center, Inc. copyrights (bsc#1227149). - wifi: ath11k: Use device_get_match_data() (bsc#1227149). - wifi: ath11k: Use list_count_nodes() (bsc#1227149). - wifi: ath11k: add WMI event debug messages (bsc#1227149). - wifi: ath11k: add WMI_TLV_SERVICE_EXT_TPC_REG_SUPPORT service bit (bsc#1227149). - wifi: ath11k: add chip id board name while searching board-2.bin for WCN6855 (bsc#1227149). - wifi: ath11k: add firmware-2.bin support (bsc#1227149). - wifi: ath11k: add handler for WMI_VDEV_SET_TPC_POWER_CMDID (bsc#1227149). - wifi: ath11k: add parse of transmit power envelope element (bsc#1227149). - wifi: ath11k: add parsing of phy bitmap for reg rules (bsc#1227149). - wifi: ath11k: add support for QCA2066 (bsc#1227149). - wifi: ath11k: add support to select 6 GHz regulatory type (bsc#1227149). - wifi: ath11k: ath11k_debugfs_register(): fix format-truncation warning (bsc#1227149). - wifi: ath11k: avoid forward declaration of ath11k_mac_start_vdev_delay() (bsc#1227149). - wifi: ath11k: call ath11k_mac_fils_discovery() without condition (bsc#1227149). - wifi: ath11k: constify MHI channel and controller configs (bsc#1227149). - wifi: ath11k: debug: add ATH11K_DBG_CE (bsc#1227149). - wifi: ath11k: debug: remove unused ATH11K_DBG_ANY (bsc#1227149). - wifi: ath11k: debug: use all upper case in ATH11k_DBG_HAL (bsc#1227149). - wifi: ath11k: do not use %pK (bsc#1227149). - wifi: ath11k: document HAL_RX_BUF_RBM_SW4_BM (bsc#1227149). - wifi: ath11k: dp: cleanup debug message (bsc#1227149). - wifi: ath11k: driver settings for MBSSID and EMA (bsc#1227149). - wifi: ath11k: drop NULL pointer check in ath11k_update_per_peer_tx_stats() (bsc#1227149). - wifi: ath11k: drop redundant check in ath11k_dp_rx_mon_dest_process() (bsc#1227149). - wifi: ath11k: enable 36 bit mask for stream DMA (bsc#1227149). - wifi: ath11k: factory test mode support (bsc#1227149). - wifi: ath11k: fill parameters for vdev set tpc power WMI command (bsc#1227149). - wifi: ath11k: fix CAC running state during virtual interface start (bsc#1227149). - wifi: ath11k: fix IOMMU errors on buffer rings (bsc#1227149). - wifi: ath11k: fix RCU documentation in ath11k_mac_op_ipv6_changed() (git-fixes). - wifi: ath11k: fix WCN6750 firmware crash caused by 17 num_vdevs (bsc#1227149). - wifi: ath11k: fix Wvoid-pointer-to-enum-cast warning (bsc#1227149). - wifi: ath11k: fix a possible dead lock caused by ab->base_lock (bsc#1227149). - wifi: ath11k: fix ath11k_mac_op_remain_on_channel() stack usage (bsc#1227149). - wifi: ath11k: fix connection failure due to unexpected peer delete (bsc#1227149). - wifi: ath11k: fix tid bitmap is 0 in peer rx mu stats (bsc#1227149). - wifi: ath11k: fix wrong definition of CE ring's base address (git-fixes). - wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes). - wifi: ath11k: hal: cleanup debug message (bsc#1227149). - wifi: ath11k: htc: cleanup debug messages (bsc#1227149). - wifi: ath11k: initialize eirp_power before use (bsc#1227149). - wifi: ath11k: mac: fix struct ieee80211_sband_iftype_data handling (bsc#1227149). - wifi: ath11k: mhi: add a warning message for MHI_CB_EE_RDDM crash (bsc#1227149). - wifi: ath11k: move pci.ops registration ahead (bsc#1227149). - wifi: ath11k: move power type check to ASSOC stage when connecting to 6 GHz AP (bsc#1227149). - wifi: ath11k: move references from rsvd2 to info fields (bsc#1227149). - wifi: ath11k: pci: cleanup debug logging (bsc#1227149). - wifi: ath11k: print debug level in debug messages (bsc#1227149). - wifi: ath11k: provide address list if chip supports 2 stations (bsc#1227149). - wifi: ath11k: qmi: refactor ath11k_qmi_m3_load() (bsc#1227149). - wifi: ath11k: refactor ath11k_wmi_tlv_parse_alloc() (bsc#1227149). - wifi: ath11k: refactor setting country code logic (stable-fixes). - wifi: ath11k: refactor vif parameter configurations (bsc#1227149). - wifi: ath11k: rely on mac80211 debugfs handling for vif (bsc#1227149). - wifi: ath11k: remove ath11k_htc_record::pauload[] (bsc#1227149). - wifi: ath11k: remove invalid peer create logic (bsc#1227149). - wifi: ath11k: remove manual mask names from debug messages (bsc#1227149). - wifi: ath11k: remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath11k: remove unsupported event handlers (bsc#1227149). - wifi: ath11k: remove unused function ath11k_tm_event_wmi() (bsc#1227149). - wifi: ath11k: remove unused members of 'struct ath11k_base' (bsc#1227149). - wifi: ath11k: remove unused scan_events from struct scan_req_params (bsc#1227149). - wifi: ath11k: rename MBSSID fields in wmi_vdev_up_cmd (bsc#1227149). - wifi: ath11k: rename ath11k_start_vdev_delay() (bsc#1227149). - wifi: ath11k: rename the sc naming convention to ab (bsc#1227149). - wifi: ath11k: rename the wmi_sc naming convention to wmi_ab (bsc#1227149). - wifi: ath11k: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: ath11k: restore country code during resume (git-fixes). - wifi: ath11k: save max transmit power in vdev start response event from firmware (bsc#1227149). - wifi: ath11k: save power spectral density(PSD) of regulatory rule (bsc#1227149). - wifi: ath11k: simplify ath11k_mac_validate_vht_he_fixed_rate_settings() (bsc#1227149). - wifi: ath11k: simplify the code with module_platform_driver (bsc#1227149). - wifi: ath11k: store cur_regulatory_info for each radio (bsc#1227149). - wifi: ath11k: support 2 station interfaces (bsc#1227149). - wifi: ath11k: update proper pdev/vdev id for testmode command (bsc#1227149). - wifi: ath11k: update regulatory rules when connect to AP on 6 GHz band for station (bsc#1227149). - wifi: ath11k: update regulatory rules when interface added (bsc#1227149). - wifi: ath11k: use RCU when accessing struct inet6_dev::ac_list (bsc#1227149). - wifi: ath11k: use WMI_VDEV_SET_TPC_POWER_CMDID when EXT_TPC_REG_SUPPORT for 6 GHz (bsc#1227149). - wifi: ath11k: use kstrtoul_from_user() where appropriate (bsc#1227149). - wifi: ath11k: use select for CRYPTO_MICHAEL_MIC (bsc#1227149). - wifi: ath11k: wmi: add unified command debug messages (bsc#1227149). - wifi: ath11k: wmi: cleanup error handling in ath11k_wmi_send_init_country_cmd() (bsc#1227149). - wifi: ath11k: wmi: use common error handling style (bsc#1227149). - wifi: ath11k: workaround too long expansion sparse warnings (bsc#1227149). - wifi: ath12k: Add logic to write QRTR node id to scratch (bsc#1227149). - wifi: ath12k: Add missing qmi_txn_cancel() calls (bsc#1227149). - wifi: ath12k: Add support to parse new WMI event for 6 GHz regulatory (bsc#1227149). - wifi: ath12k: Consistently use ath12k_vif_to_arvif() (bsc#1227149). - wifi: ath12k: Consolidate WMI peer flags (bsc#1227149). - wifi: ath12k: Correct 6 GHz frequency value in rx status (git-fixes). - wifi: ath12k: Do not drop tx_status in failure case (git-fixes). - wifi: ath12k: Do not use scan_flags from struct ath12k_wmi_scan_req_arg (bsc#1227149). - wifi: ath12k: Enable Mesh support for QCN9274 (bsc#1227149). - wifi: ath12k: Fix a few spelling errors (bsc#1227149). - wifi: ath12k: Fix tx completion ring (WBM2SW) setup failure (git-fixes). - wifi: ath12k: Fix uninitialized use of ret in ath12k_mac_allocate() (bsc#1227149). - wifi: ath12k: Introduce and use ath12k_sta_to_arsta() (bsc#1227149). - wifi: ath12k: Introduce the container for mac80211 hw (bsc#1227149). - wifi: ath12k: Make QMI message rules const (bsc#1227149). - wifi: ath12k: Optimize the mac80211 hw data access (bsc#1227149). - wifi: ath12k: Read board id to support split-PHY QCN9274 (bsc#1227149). - wifi: ath12k: Refactor the mac80211 hw access from link/radio (bsc#1227149). - wifi: ath12k: Remove ath12k_base::bd_api (bsc#1227149). - wifi: ath12k: Remove obsolete struct wmi_peer_flags_map *peer_flags (bsc#1227149). - wifi: ath12k: Remove some dead code (bsc#1227149). - wifi: ath12k: Remove struct ath12k::ops (bsc#1227149). - wifi: ath12k: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath12k: Remove unnecessary struct qmi_txn initializers (bsc#1227149). - wifi: ath12k: Remove unused declarations (bsc#1227149). - wifi: ath12k: Remove unused scan_flags from struct ath12k_wmi_scan_req_arg (bsc#1227149). - wifi: ath12k: Set default beacon mode to burst mode (bsc#1227149). - wifi: ath12k: Use initializers for QMI message buffers (bsc#1227149). - wifi: ath12k: Use msdu_end to check MCBC (bsc#1227149). - wifi: ath12k: Use pdev_id rather than mac_id to get pdev (bsc#1227149). - wifi: ath12k: WMI support to process EHT capabilities (bsc#1227149). - wifi: ath12k: add 320 MHz bandwidth enums (bsc#1227149). - wifi: ath12k: add CE and ext IRQ flag to indicate irq_handler (bsc#1227149). - wifi: ath12k: add EHT PHY modes (bsc#1227149). - wifi: ath12k: add MAC id support in WBM error path (bsc#1227149). - wifi: ath12k: add MLO header in peer association (bsc#1227149). - wifi: ath12k: add P2P IE in beacon template (bsc#1227149). - wifi: ath12k: add QMI PHY capability learn support (bsc#1227149). - wifi: ath12k: add WMI support for EHT peer (bsc#1227149). - wifi: ath12k: add ath12k_qmi_free_resource() for recovery (bsc#1227149). - wifi: ath12k: add fallback board name without variant while searching board-2.bin (bsc#1227149). - wifi: ath12k: add firmware-2.bin support (bsc#1227149). - wifi: ath12k: add handler for scan event WMI_SCAN_EVENT_DEQUEUED (bsc#1227149). - wifi: ath12k: add keep backward compatibility of PHY mode to avoid firmware crash (bsc#1227149). - wifi: ath12k: add msdu_end structure for WCN7850 (bsc#1227149). - wifi: ath12k: add parsing of phy bitmap for reg rules (bsc#1227149). - wifi: ath12k: add processing for TWT disable event (bsc#1227149). - wifi: ath12k: add processing for TWT enable event (bsc#1227149). - wifi: ath12k: add qmi_cnss_feature_bitmap field to hardware parameters (bsc#1227149). - wifi: ath12k: add rcu lock for ath12k_wmi_p2p_noa_event() (bsc#1227149). - wifi: ath12k: add read variant from SMBIOS for download board data (bsc#1227149). - wifi: ath12k: add string type to search board data in board-2.bin for WCN7850 (bsc#1227149). - wifi: ath12k: add support for BA1024 (bsc#1227149). - wifi: ath12k: add support for collecting firmware log (bsc#1227149). - wifi: ath12k: add support for hardware rfkill for WCN7850 (bsc#1227149). - wifi: ath12k: add support for peer meta data version (bsc#1227149). - wifi: ath12k: add support one MSI vector (bsc#1227149). - wifi: ath12k: add support to search regdb data in board-2.bin for WCN7850 (bsc#1227149). - wifi: ath12k: add wait operation for tx management packets for flush from mac80211 (bsc#1227149). - wifi: ath12k: advertise P2P dev support for WCN7850 (bsc#1227149). - wifi: ath12k: allow specific mgmt frame tx while vdev is not up (bsc#1227149). - wifi: ath12k: ath12k_start_vdev_delay(): convert to use ar (bsc#1227149). - wifi: ath12k: avoid deadlock by change ieee80211_queue_work for regd_update_work (bsc#1227149). - wifi: ath12k: avoid duplicated vdev stop (git-fixes). - wifi: ath12k: avoid explicit HW conversion argument in Rxdma replenish (bsc#1227149). - wifi: ath12k: avoid explicit RBM id argument in Rxdma replenish (bsc#1227149). - wifi: ath12k: avoid explicit mac id argument in Rxdma replenish (bsc#1227149). - wifi: ath12k: avoid repeated hw access from ar (bsc#1227149). - wifi: ath12k: avoid repeated wiphy access from hw (bsc#1227149). - wifi: ath12k: call ath12k_mac_fils_discovery() without condition (bsc#1227149). - wifi: ath12k: change DMA direction while mapping reinjected packets (git-fixes). - wifi: ath12k: change MAC buffer ring size to 2048 (bsc#1227149). - wifi: ath12k: change WLAN_SCAN_PARAMS_MAX_IE_LEN from 256 to 512 (bsc#1227149). - wifi: ath12k: change interface combination for P2P mode (bsc#1227149). - wifi: ath12k: change to initialize recovery variables earlier in ath12k_core_reset() (bsc#1227149). - wifi: ath12k: change to treat alpha code na as world wide regdomain (bsc#1227149). - wifi: ath12k: change to use dynamic memory for channel list of scan (bsc#1227149). - wifi: ath12k: check M3 buffer size as well whey trying to reuse it (bsc#1227149). - wifi: ath12k: check hardware major version for WCN7850 (bsc#1227149). - wifi: ath12k: configure RDDM size to MHI for device recovery (bsc#1227149). - wifi: ath12k: configure puncturing bitmap (bsc#1227149). - wifi: ath12k: correct the data_type from QMI_OPT_FLAG to QMI_UNSIGNED_1_BYTE for mlo_capable (bsc#1227149). - wifi: ath12k: delete the timer rx_replenish_retry during rmmod (bsc#1227149). - wifi: ath12k: designating channel frequency for ROC scan (bsc#1227149). - wifi: ath12k: disable QMI PHY capability learn in split-phy QCN9274 (bsc#1227149). - wifi: ath12k: do not drop data frames from unassociated stations (bsc#1227149). - wifi: ath12k: do not restore ASPM in case of single MSI vector (bsc#1227149). - wifi: ath12k: drop NULL pointer check in ath12k_update_per_peer_tx_stats() (bsc#1227149). - wifi: ath12k: drop failed transmitted frames from metric calculation (git-fixes). - wifi: ath12k: enable 320 MHz bandwidth for 6 GHz band in EHT PHY capability for WCN7850 (bsc#1227149). - wifi: ath12k: enable 802.11 power save mode in station mode (bsc#1227149). - wifi: ath12k: enable IEEE80211_HW_SINGLE_SCAN_ON_ALL_BANDS for WCN7850 (bsc#1227149). - wifi: ath12k: fetch correct pdev id from WMI_SERVICE_READY_EXT_EVENTID (bsc#1227149). - wifi: ath12k: fix PCI read and write (bsc#1227149). - wifi: ath12k: fix WARN_ON during ath12k_mac_update_vif_chan (bsc#1227149). - wifi: ath12k: fix broken structure wmi_vdev_create_cmd (bsc#1227149). - wifi: ath12k: fix conf_mutex in ath12k_mac_op_unassign_vif_chanctx() (bsc#1227149). - wifi: ath12k: fix debug messages (bsc#1227149). - wifi: ath12k: fix fetching MCBC flag for QCN9274 (bsc#1227149). - wifi: ath12k: fix firmware assert during insmod in memory segment mode (bsc#1227149). - wifi: ath12k: fix firmware crash during reo reinject (git-fixes). - wifi: ath12k: fix invalid m3 buffer address (bsc#1227149). - wifi: ath12k: fix invalid memory access while processing fragmented packets (git-fixes). - wifi: ath12k: fix kernel crash during resume (bsc#1227149). - wifi: ath12k: fix license in p2p.c and p2p.h (bsc#1227149). - wifi: ath12k: fix peer metadata parsing (git-fixes). - wifi: ath12k: fix potential wmi_mgmt_tx_queue race condition (bsc#1227149). - wifi: ath12k: fix radar detection in 160 MHz (bsc#1227149). - wifi: ath12k: fix recovery fail while firmware crash when doing channel switch (bsc#1227149). - wifi: ath12k: fix the error handler of rfkill config (bsc#1227149). - wifi: ath12k: fix the issue that the multicast/broadcast indicator is not read correctly for WCN7850 (bsc#1227149). - wifi: ath12k: fix the problem that down grade phy mode operation (bsc#1227149). - wifi: ath12k: fix wrong definition of CE ring's base address (git-fixes). - wifi: ath12k: fix wrong definitions of hal_reo_update_rx_queue (bsc#1227149). - wifi: ath12k: get msi_data again after request_irq is called (bsc#1227149). - wifi: ath12k: implement handling of P2P NoA event (bsc#1227149). - wifi: ath12k: implement remain on channel for P2P mode (bsc#1227149). - wifi: ath12k: increase vdev setup timeout (bsc#1227149). - wifi: ath12k: indicate NON MBSSID vdev by default during vdev start (bsc#1227149). - wifi: ath12k: indicate scan complete for scan canceled when scan running (bsc#1227149). - wifi: ath12k: indicate to mac80211 scan complete with aborted flag for ATH12K_SCAN_STARTING state (bsc#1227149). - wifi: ath12k: move HE capabilities processing to a new function (bsc#1227149). - wifi: ath12k: move peer delete after vdev stop of station for WCN7850 (bsc#1227149). - wifi: ath12k: parse WMI service ready ext2 event (bsc#1227149). - wifi: ath12k: peer assoc for 320 MHz (bsc#1227149). - wifi: ath12k: prepare EHT peer assoc parameters (bsc#1227149). - wifi: ath12k: propagate EHT capabilities to userspace (bsc#1227149). - wifi: ath12k: refactor DP Rxdma ring structure (bsc#1227149). - wifi: ath12k: refactor QMI MLO host capability helper function (bsc#1227149). - wifi: ath12k: refactor ath12k_bss_assoc() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_allocate() and ath12k_mac_destroy() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_ampdu_action() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_conf_tx() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_config() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_configure_filter() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_flush() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_start() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_stop() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_update_vif_offload() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_register() and ath12k_mac_unregister() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_setup_channels_rates() (bsc#1227149). - wifi: ath12k: refactor ath12k_wmi_tlv_parse_alloc() (bsc#1227149). - wifi: ath12k: refactor multiple MSI vector implementation (bsc#1227149). - wifi: ath12k: refactor the rfkill worker (bsc#1227149). - wifi: ath12k: register EHT mesh capabilities (bsc#1227149). - wifi: ath12k: relax list iteration in ath12k_mac_vif_unref() (bsc#1227149). - wifi: ath12k: relocate ath12k_dp_pdev_pre_alloc() call (bsc#1227149). - wifi: ath12k: remove hal_desc_sz from hw params (bsc#1227149). - wifi: ath12k: remove redundant memset() in ath12k_hal_reo_qdesc_setup() (bsc#1227149). - wifi: ath12k: remove the unused scan_events from ath12k_wmi_scan_req_arg (bsc#1227149). - wifi: ath12k: remove unused ATH12K_BD_IE_BOARD_EXT (bsc#1227149). - wifi: ath12k: rename HE capabilities setup/copy functions (bsc#1227149). - wifi: ath12k: rename the sc naming convention to ab (bsc#1227149). - wifi: ath12k: rename the wmi_sc naming convention to wmi_ab (bsc#1227149). - wifi: ath12k: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: ath12k: send WMI_PEER_REORDER_QUEUE_SETUP_CMDID when ADDBA session starts (bsc#1227149). - wifi: ath12k: set IRQ affinity to CPU0 in case of one MSI vector (bsc#1227149). - wifi: ath12k: set PERST pin no pull request for WCN7850 (bsc#1227149). - wifi: ath12k: split hal_ops to support RX TLVs word mask compaction (bsc#1227149). - wifi: ath12k: subscribe required word mask from rx tlv (bsc#1227149). - wifi: ath12k: support default regdb while searching board-2.bin for WCN7850 (bsc#1227149). - wifi: ath12k: trigger station disconnect on hardware restart (bsc#1227149). - wifi: ath12k: use ATH12K_PCI_IRQ_DP_OFFSET for DP IRQ (bsc#1227149). - wifi: ath12k: use correct flag field for 320 MHz channels (bsc#1227149). - wifi: ath12k: use select for CRYPTO_MICHAEL_MIC (bsc#1227149). - wifi: ath5k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath5k: Remove redundant dev_err() (bsc#1227149). - wifi: ath5k: ath5k_hw_get_median_noise_floor(): use swap() (bsc#1227149). - wifi: ath5k: remove phydir check from ath5k_debug_init_device() (bsc#1227149). - wifi: ath5k: remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath5k: remove unused ath5k_eeprom_info::ee_antenna (bsc#1227149). - wifi: ath5k: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: ath6kl: Remove error checking for debugfs_create_dir() (bsc#1227149). - wifi: ath6kl: remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath6kl: replace deprecated strncpy with memcpy (bsc#1227149). - wifi: ath9k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath9k: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath9k: Remove unnecessary ternary operators (bsc#1227149). - wifi: ath9k: Remove unused declarations (bsc#1227149). - wifi: ath9k: avoid using uninitialized array (bsc#1227149). - wifi: ath9k: clean up function ath9k_hif_usb_resume (bsc#1227149). - wifi: ath9k: consistently use kstrtoX_from_user() functions (bsc#1227149). - wifi: ath9k: delete some unused/duplicate macros (bsc#1227149). - wifi: ath9k: fix parameter check in ath9k_init_debug() (bsc#1227149). - wifi: ath9k: remove redundant assignment to variable ret (bsc#1227149). - wifi: ath9k: reset survey of current channel after a scan started (bsc#1227149). - wifi: ath9k: simplify ar9003_hw_process_ini() (bsc#1227149). - wifi: ath9k: use u32 for txgain indexes (bsc#1227149). - wifi: ath9k: work around memset overflow warning (bsc#1227149). - wifi: ath9k_htc: fix format-truncation warning (bsc#1227149). - wifi: ath: Use is_multicast_ether_addr() to check multicast Ether address (bsc#1227149). - wifi: ath: dfs_pattern_detector: Use flex array to simplify code (bsc#1227149). - wifi: ath: remove unused-but-set parameter (bsc#1227149). - wifi: ath: work around false-positive stringop-overread warning (bsc#1227149). - wifi: atk10k: Do not opencode ath10k_pci_priv() in ath10k_ahb_priv() (bsc#1227149). - wifi: atmel: remove unused ioctl function (bsc#1227149). - wifi: b43: silence sparse warnings (bsc#1227149). - wifi: brcm80211: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: brcmfmac: Annotate struct brcmf_gscan_config with __counted_by (bsc#1227149). - wifi: brcmfmac: Detect corner error case earlier with log (bsc#1227149). - wifi: brcmfmac: add linefeed at end of file (bsc#1227149). - wifi: brcmfmac: allow per-vendor event handling (bsc#1227149). - wifi: brcmfmac: do not cast hidden SSID attribute value to boolean (bsc#1227149). - wifi: brcmfmac: do not pass hidden SSID attribute as value directly (bsc#1227149). - wifi: brcmfmac: export firmware interface functions (bsc#1227149). - wifi: brcmfmac: firmware: Annotate struct brcmf_fw_request with __counted_by (bsc#1227149). - wifi: brcmfmac: fix format-truncation warnings (bsc#1227149). - wifi: brcmfmac: fix gnu_printf warnings (bsc#1227149). - wifi: brcmfmac: fweh: Add __counted_by for struct brcmf_fweh_queue_item and use struct_size() (bsc#1227149). - wifi: brcmfmac: fweh: Fix boot crash on Raspberry Pi 4 (bsc#1227149). - wifi: brcmfmac: move feature overrides before feature_disable (bsc#1227149). - wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (git-fixes). - wifi: brcmsmac: cleanup SCB-related data types (bsc#1227149). - wifi: brcmsmac: fix gnu_printf warnings (bsc#1227149). - wifi: brcmsmac: phy: Remove unreachable code (bsc#1227149). - wifi: brcmsmac: remove more unused data types (bsc#1227149). - wifi: brcmsmac: remove unused data type (bsc#1227149). - wifi: brcmsmac: replace deprecated strncpy with memcpy (bsc#1227149). - wifi: brcmsmac: silence sparse warnings (bsc#1227149). - wifi: brcmutil: use helper function pktq_empty() instead of open code (bsc#1227149). - wifi: carl9170: Remove redundant assignment to pointer super (bsc#1227149). - wifi: carl9170: remove unnecessary (void*) conversions (bsc#1227149). - wifi: cfg80211: Add support for setting TID to link mapping (bsc#1227149). - wifi: cfg80211: Allow AP/P2PGO to indicate port authorization to peer STA/P2PClient (bsc#1227149). - wifi: cfg80211: Extend support for scanning while MLO connected (bsc#1227149). - wifi: cfg80211: Fix typo in documentation (bsc#1227149). - wifi: cfg80211: Handle specific BSSID in 6GHz scanning (bsc#1227149). - wifi: cfg80211: Include operating class 137 in 6GHz band (bsc#1227149). - wifi: cfg80211: Lock wiphy in cfg80211_get_station (git-fixes). - wifi: cfg80211: OWE DH IE handling offload (bsc#1227149). - wifi: cfg80211: Replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: cfg80211: Schedule regulatory check on BSS STA channel change (bsc#1227149). - wifi: cfg80211: Update the default DSCP-to-UP mapping (bsc#1227149). - wifi: cfg80211: add BSS usage reporting (bsc#1227149). - wifi: cfg80211: add RNR with reporting AP information (bsc#1227149). - wifi: cfg80211: add a flag to disable wireless extensions (bsc#1227149). - wifi: cfg80211: add local_state_change to deauth trace (bsc#1227149). - wifi: cfg80211: add locked debugfs wrappers (bsc#1227149). - wifi: cfg80211: add support for SPP A-MSDUs (bsc#1227149). - wifi: cfg80211: address several kerneldoc warnings (bsc#1227149). - wifi: cfg80211: allow reg update by driver even if wiphy->regd is set (bsc#1227149). - wifi: cfg80211: annotate iftype_data pointer with sparse (bsc#1227149). - wifi: cfg80211: avoid double free if updating BSS fails (bsc#1227149). - wifi: cfg80211: call reg_call_notifier on beacon hints (bsc#1227149). - wifi: cfg80211: check RTNL when iterating devices (bsc#1227149). - wifi: cfg80211: check wiphy mutex is held for wdev mutex (bsc#1227149). - wifi: cfg80211: consume both probe response and beacon IEs (bsc#1227149). - wifi: cfg80211: detect stuck ECSA element in probe resp (bsc#1227149). - wifi: cfg80211: ensure cfg80211_bss_update frees IEs on error (bsc#1227149). - wifi: cfg80211: export DFS CAC time and usable state helper functions (bsc#1227149). - wifi: cfg80211: expose nl80211_chan_width_to_mhz for wide sharing (bsc#1227149). - wifi: cfg80211: fix 6 GHz scan request building (stable-fixes). - wifi: cfg80211: fix CQM for non-range use (bsc#1227149). - wifi: cfg80211: fix header kernel-doc typos (bsc#1227149). - wifi: cfg80211: fix kernel-doc for wiphy_delayed_work_flush() (bsc#1227149). - wifi: cfg80211: fix spelling & punctutation (bsc#1227149). - wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class (stable-fixes). - wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (git-fixes). - wifi: cfg80211: fully move wiphy work to unbound workqueue (git-fixes). - wifi: cfg80211: generate an ML element for per-STA profiles (bsc#1227149). - wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (git-fixes). - wifi: cfg80211: handle UHB AP and STA power type (bsc#1227149). - wifi: cfg80211: hold wiphy lock in cfg80211_any_wiphy_oper_chan() (bsc#1227149). - wifi: cfg80211: hold wiphy mutex for send_interface (bsc#1227149). - wifi: cfg80211: improve documentation for flag fields (bsc#1227149). - wifi: cfg80211: introduce cfg80211_ssid_eq() (bsc#1227149). - wifi: cfg80211: make RX assoc data const (bsc#1227149). - wifi: cfg80211: make read-only array centers_80mhz static const (bsc#1227149). - wifi: cfg80211: modify prototype for change_beacon (bsc#1227149). - wifi: cfg80211: pmsr: use correct nla_get_uX functions (git-fixes). - wifi: cfg80211: reg: Support P2P operation on DFS channels (bsc#1227149). - wifi: cfg80211: reg: describe return values in kernel-doc (bsc#1227149). - wifi: cfg80211: reg: fix various kernel-doc issues (bsc#1227149). - wifi: cfg80211: reg: hold wiphy mutex for wdev iteration (bsc#1227149). - wifi: cfg80211: remove scan_width support (bsc#1227149). - wifi: cfg80211: remove wdev mutex (bsc#1227149). - wifi: cfg80211: rename UHB to 6 GHz (bsc#1227149). - wifi: cfg80211: report per-link errors during association (bsc#1227149). - wifi: cfg80211: report unprotected deauth/disassoc in wowlan (bsc#1227149). - wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (git-fixes). - wifi: cfg80211: save power spectral density(psd) of regulatory rule (bsc#1227149). - wifi: cfg80211: set correct param change count in ML element (bsc#1227149). - wifi: cfg80211: sme: hold wiphy lock for wdev iteration (bsc#1227149). - wifi: cfg80211: sort certificates in build (bsc#1227149). - wifi: cfg80211: split struct cfg80211_ap_settings (bsc#1227149). - wifi: cfg80211: validate HE operation element parsing (bsc#1227149). - wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (stable-fixes). - wifi: cfg80211: wext: convert return value to kernel-doc (bsc#1227149). - wifi: cfg80211: wext: set ssids=NULL for passive scans (git-fixes). - wifi: cw1200: Avoid processing an invalid TIM IE (bsc#1227149). - wifi: cw1200: Convert to GPIO descriptors (bsc#1227149). - wifi: cw1200: fix __le16 sparse warnings (bsc#1227149). - wifi: cw1200: restore endian swapping (bsc#1227149). - wifi: drivers: Explicitly include correct DT includes (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for Broadcom WLAN (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for ar5523 (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for mt76 drivers (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for p54spi (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wcn36xx (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wilc1000 (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wl1251 and wl12xx (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wl18xx (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wlcore (bsc#1227149). - wifi: hostap: Add __counted_by for struct prism2_download_data and use struct_size() (bsc#1227149). - wifi: hostap: fix stringop-truncations GCC warning (bsc#1227149). - wifi: hostap: remove unused ioctl function (bsc#1227149). - wifi: ieee80211: add UL-bandwidth definition of trigger frame (bsc#1227149). - wifi: ieee80211: add definitions for negotiated TID to Link map (bsc#1227149). - wifi: ieee80211: check for NULL in ieee80211_mle_size_ok() (stable-fixes). - wifi: iwlmei: do not send SAP messages if AMT is disabled (bsc#1227149). - wifi: iwlmei: do not send nic info with invalid mac address (bsc#1227149). - wifi: iwlmei: send HOST_GOES_DOWN message even if wiamt is disabled (bsc#1227149). - wifi: iwlmei: send driver down SAP message only if wiamt is enabled (bsc#1227149). - wifi: iwlmvm: fw: Add new OEM vendor to tas approved list (bsc#1227149). - wifi: iwlwifi: Add rf_mapping of new wifi7 devices (bsc#1227149). - wifi: iwlwifi: Add support for PPAG cmd v5 and PPAG revision 3 (bsc#1227149). - wifi: iwlwifi: Add support for new 802.11be device (bsc#1227149). - wifi: iwlwifi: Do not mark DFS channels as NO-IR (bsc#1227149). - wifi: iwlwifi: Extract common prph mac/phy regions data dump logic (bsc#1227149). - wifi: iwlwifi: Fix spelling mistake 'SESION' -> 'SESSION' (bsc#1227149). - wifi: iwlwifi: Use request_module_nowait (bsc#1227149). - wifi: iwlwifi: abort scan when rfkill on but device enabled (bsc#1227149). - wifi: iwlwifi: add HONOR to PPAG approved list (bsc#1227149). - wifi: iwlwifi: add Razer to ppag approved list (bsc#1227149). - wifi: iwlwifi: add mapping of a periphery register crf for WH RF (bsc#1227149). - wifi: iwlwifi: add new RF support for wifi7 (bsc#1227149). - wifi: iwlwifi: add support for SNPS DPHYIP region type (bsc#1227149). - wifi: iwlwifi: add support for a wiphy_work rx handler (bsc#1227149). - wifi: iwlwifi: add support for activating UNII-1 in WW via BIOS (bsc#1227149). - wifi: iwlwifi: add support for new ini region types (bsc#1227149). - wifi: iwlwifi: adjust rx_phyinfo debugfs to MLO (bsc#1227149). - wifi: iwlwifi: always have 'uats_enabled' (bsc#1227149). - wifi: iwlwifi: api: clean up some kernel-doc/typos (bsc#1227149). - wifi: iwlwifi: api: dbg-tlv: fix up kernel-doc (bsc#1227149). - wifi: iwlwifi: api: fix a small upper/lower-case typo (bsc#1227149). - wifi: iwlwifi: api: fix center_freq label in PHY diagram (bsc#1227149). - wifi: iwlwifi: api: fix constant version to match FW (bsc#1227149). - wifi: iwlwifi: api: fix kernel-doc reference (bsc#1227149). - wifi: iwlwifi: bump FW API to 84 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: bump FW API to 86 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: bump FW API to 87 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: bump FW API to 88 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: cancel session protection only if there is one (bsc#1227149). - wifi: iwlwifi: change link id in time event to s8 (bsc#1227149). - wifi: iwlwifi: check for kmemdup() return value in iwl_parse_tlv_firmware() (bsc#1227149). - wifi: iwlwifi: cleanup BT Shared Single Antenna code (bsc#1227149). - wifi: iwlwifi: cleanup sending PER_CHAIN_LIMIT_OFFSET_CMD (bsc#1227149). - wifi: iwlwifi: cleanup uefi variables loading (bsc#1227149). - wifi: iwlwifi: clear link_id in time_event (bsc#1227149). - wifi: iwlwifi: dbg-tlv: avoid extra allocation/copy (bsc#1227149). - wifi: iwlwifi: dbg-tlv: use struct_size() for allocation (bsc#1227149). - wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef (git-fixes). - wifi: iwlwifi: disable 160 MHz based on subsystem device ID (bsc#1227149). - wifi: iwlwifi: disable eSR when BT is active (bsc#1227149). - wifi: iwlwifi: disable multi rx queue for 9000 (bsc#1227149). - wifi: iwlwifi: do not check TAS block list size twice (bsc#1227149). - wifi: iwlwifi: do not use TRUE/FALSE with bool (bsc#1227149). - wifi: iwlwifi: drop NULL pointer check in iwl_mvm_tzone_set_trip_temp() (bsc#1227149). - wifi: iwlwifi: dvm: remove kernel-doc warnings (bsc#1227149). - wifi: iwlwifi: error-dump: fix kernel-doc issues (bsc#1227149). - wifi: iwlwifi: fail NIC access fast on dead NIC (bsc#1227149). - wifi: iwlwifi: fix #ifdef CONFIG_ACPI check (bsc#1227149). - wifi: iwlwifi: fix iwl_mvm_get_valid_rx_ant() (git-fixes). - wifi: iwlwifi: fix opmode start/stop race (bsc#1227149). - wifi: iwlwifi: fix some kernel-doc issues (bsc#1227149). - wifi: iwlwifi: fix system commands group ordering (bsc#1227149). - wifi: iwlwifi: fix the rf step and flavor bits range (bsc#1227149). - wifi: iwlwifi: fw: Add support for UATS table in UHB (bsc#1227149). - wifi: iwlwifi: fw: Fix debugfs command sending (bsc#1227149). - wifi: iwlwifi: fw: allow vmalloc for PNVM image (bsc#1227149). - wifi: iwlwifi: fw: dbg: ensure correct config name sizes (bsc#1227149). - wifi: iwlwifi: fw: disable firmware debug asserts (bsc#1227149). - wifi: iwlwifi: fw: file: clean up kernel-doc (bsc#1227149). - wifi: iwlwifi: fw: file: do not use [0] for variable arrays (bsc#1227149). - wifi: iwlwifi: fw: fix compiler warning for NULL string print (bsc#1227149). - wifi: iwlwifi: fw: increase fw_version string size (bsc#1227149). - wifi: iwlwifi: fw: reconstruct the API/CAPA enum number (bsc#1227149). - wifi: iwlwifi: fw: replace deprecated strncpy with strscpy_pad (bsc#1227149). - wifi: iwlwifi: handle per-phy statistics from fw (bsc#1227149). - wifi: iwlwifi: implement GLAI ACPI table loading (bsc#1227149). - wifi: iwlwifi: implement can_activate_links callback (bsc#1227149). - wifi: iwlwifi: implement enable/disable for China 2022 regulatory (bsc#1227149). - wifi: iwlwifi: iwl-fh.h: fix kernel-doc issues (bsc#1227149). - wifi: iwlwifi: iwl-trans.h: clean up kernel-doc (bsc#1227149). - wifi: iwlwifi: iwlmvm: handle unprotected deauth/disassoc in d3 (bsc#1227149). - wifi: iwlwifi: load b0 version of ucode for HR1/HR2 (bsc#1227149). - wifi: iwlwifi: make TB reallocation a debug message (bsc#1227149). - wifi: iwlwifi: make time_events MLO aware (bsc#1227149). - wifi: iwlwifi: mei: return error from register when not built (bsc#1227149). - wifi: iwlwifi: mvm: Add basic link selection logic (bsc#1227149). - wifi: iwlwifi: mvm: Add support for removing responder TKs (bsc#1227149). - wifi: iwlwifi: mvm: Allow DFS concurrent operation (bsc#1227149). - wifi: iwlwifi: mvm: Configure the link mapping for non-MLD FW (bsc#1227149). - wifi: iwlwifi: mvm: Correctly report TSF data in scan complete (bsc#1227149). - wifi: iwlwifi: mvm: Declare support for secure LTF measurement (bsc#1227149). - wifi: iwlwifi: mvm: Do not warn if valid link pair was not found (bsc#1227149). - wifi: iwlwifi: mvm: Do not warn on invalid link on scan complete (bsc#1227149). - wifi: iwlwifi: mvm: Extend support for P2P service discovery (bsc#1227149). - wifi: iwlwifi: mvm: Fix FTM initiator flags (bsc#1227149). - wifi: iwlwifi: mvm: Fix scan abort handling with HW rfkill (stable-fixes). - wifi: iwlwifi: mvm: Fix unreachable code path (bsc#1227149). - wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd (stable-fixes). - wifi: iwlwifi: mvm: Keep connection in case of missed beacons during RX (bsc#1227149). - wifi: iwlwifi: mvm: Return success if link could not be removed (bsc#1227149). - wifi: iwlwifi: mvm: Use the link ID provided in scan request (bsc#1227149). - wifi: iwlwifi: mvm: add US/Canada MCC to API (bsc#1227149). - wifi: iwlwifi: mvm: add a debug print when we get a BAR (bsc#1227149). - wifi: iwlwifi: mvm: add a debugfs hook to clear the monitor data (bsc#1227149). - wifi: iwlwifi: mvm: add a per-link debugfs (bsc#1227149). - wifi: iwlwifi: mvm: add a print when sending RLC command (bsc#1227149). - wifi: iwlwifi: mvm: add start mac ctdp sum calculation debugfs handler (bsc#1227149). - wifi: iwlwifi: mvm: add support for TID to link mapping neg request (bsc#1227149). - wifi: iwlwifi: mvm: add support for new wowlan_info_notif (bsc#1227149). - wifi: iwlwifi: mvm: advertise MLO only if EHT is enabled (bsc#1227149). - wifi: iwlwifi: mvm: advertise support for SCS traffic description (bsc#1227149). - wifi: iwlwifi: mvm: advertise support for protected ranging negotiation (bsc#1227149). - wifi: iwlwifi: mvm: always update keys in D3 exit (bsc#1227149). - wifi: iwlwifi: mvm: avoid garbage iPN (bsc#1227149). - wifi: iwlwifi: mvm: calculate EMLSR mode after connection (bsc#1227149). - wifi: iwlwifi: mvm: check AP supports EMLSR (bsc#1227149). - wifi: iwlwifi: mvm: check for iwl_mvm_mld_update_sta() errors (bsc#1227149). - wifi: iwlwifi: mvm: check link more carefully (bsc#1227149). - wifi: iwlwifi: mvm: check n_ssids before accessing the ssids (git-fixes). - wifi: iwlwifi: mvm: check own capabilities for EMLSR (bsc#1227149). - wifi: iwlwifi: mvm: cleanup MLO and non-MLO unification code (bsc#1227149). - wifi: iwlwifi: mvm: combine condition/warning (bsc#1227149). - wifi: iwlwifi: mvm: consider having one active link (bsc#1227149). - wifi: iwlwifi: mvm: const-ify chandef pointers (bsc#1227149). - wifi: iwlwifi: mvm: cycle FW link on chanctx removal (bsc#1227149). - wifi: iwlwifi: mvm: d3: avoid intermediate/early mutex unlock (bsc#1227149). - wifi: iwlwifi: mvm: d3: disconnect on GTK rekey failure (bsc#1227149). - wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup (stable-fixes). - wifi: iwlwifi: mvm: d3: implement suspend with MLO (bsc#1227149). - wifi: iwlwifi: mvm: debugfs for fw system stats (bsc#1227149). - wifi: iwlwifi: mvm: define RX queue sync timeout as a macro (bsc#1227149). - wifi: iwlwifi: mvm: disable MLO for the time being (bsc#1227149). - wifi: iwlwifi: mvm: disallow puncturing in US/Canada (bsc#1227149). - wifi: iwlwifi: mvm: disconnect long CSA only w/o alternative (bsc#1227149). - wifi: iwlwifi: mvm: disconnect station vifs if recovery failed (bsc#1227149). - wifi: iwlwifi: mvm: do not abort queue sync in CT-kill (bsc#1227149). - wifi: iwlwifi: mvm: do not add dummy phy context (bsc#1227149). - wifi: iwlwifi: mvm: do not always disable EMLSR due to BT coex (bsc#1227149). - wifi: iwlwifi: mvm: do not do duplicate detection for nullfunc packets (bsc#1227149). - wifi: iwlwifi: mvm: do not initialize csa_work twice (git-fixes). - wifi: iwlwifi: mvm: do not limit VLP/AFC to UATS-enabled (git-fixes). - wifi: iwlwifi: mvm: do not read past the mfuart notifcation (git-fixes). - wifi: iwlwifi: mvm: do not send BT_COEX_CI command on new devices (bsc#1227149). - wifi: iwlwifi: mvm: do not send NDPs for new tx devices (bsc#1227149). - wifi: iwlwifi: mvm: do not send STA_DISABLE_TX_CMD for newer firmware (bsc#1227149). - wifi: iwlwifi: mvm: do not send the smart fifo command if not needed (bsc#1227149). - wifi: iwlwifi: mvm: do not set trigger frame padding in AP mode (bsc#1227149). - wifi: iwlwifi: mvm: do not support reduced tx power on ack for new devices (bsc#1227149). - wifi: iwlwifi: mvm: do not wake up rx_sync_waitq upon RFKILL (git-fixes). - wifi: iwlwifi: mvm: enable FILS DF Tx on non-PSC channel (bsc#1227149). - wifi: iwlwifi: mvm: enable HE TX/RX &lt;242 tone RU on new RFs (bsc#1227149). - wifi: iwlwifi: mvm: expand queue sync warning messages (bsc#1227149). - wifi: iwlwifi: mvm: extend alive timeout to 2 seconds (bsc#1227149). - wifi: iwlwifi: mvm: fix ROC version check (bsc#1227149). - wifi: iwlwifi: mvm: fix SB CFG check (bsc#1227149). - wifi: iwlwifi: mvm: fix a battery life regression (bsc#1227149). - wifi: iwlwifi: mvm: fix a crash on 7265 (bsc#1227149). - wifi: iwlwifi: mvm: fix kernel-doc (bsc#1227149). - wifi: iwlwifi: mvm: fix link ID management (bsc#1227149). - wifi: iwlwifi: mvm: fix recovery flow in CSA (bsc#1227149). - wifi: iwlwifi: mvm: fix regdb initialization (bsc#1227149). - wifi: iwlwifi: mvm: fix the PHY context resolution for p2p device (bsc#1227149). - wifi: iwlwifi: mvm: fix the TXF mapping for BZ devices (bsc#1227149). - wifi: iwlwifi: mvm: fix the key PN index (bsc#1227149). - wifi: iwlwifi: mvm: fix thermal kernel-doc (bsc#1227149). - wifi: iwlwifi: mvm: fold the ref++ into iwl_mvm_phy_ctxt_add (bsc#1227149). - wifi: iwlwifi: mvm: handle BA session teardown in RF-kill (stable-fixes). - wifi: iwlwifi: mvm: handle debugfs names more carefully (bsc#1227149). - wifi: iwlwifi: mvm: handle link-STA allocation in restart (bsc#1227149). - wifi: iwlwifi: mvm: implement ROC version 3 (bsc#1227149). - wifi: iwlwifi: mvm: implement new firmware API for statistics (bsc#1227149). - wifi: iwlwifi: mvm: increase session protection after CSA (bsc#1227149). - wifi: iwlwifi: mvm: introduce PHY_CONTEXT_CMD_API_VER_5 (bsc#1227149). - wifi: iwlwifi: mvm: introduce esr_disable_reason (bsc#1227149). - wifi: iwlwifi: mvm: iterate active links for STA queues (bsc#1227149). - wifi: iwlwifi: mvm: limit EHT 320 MHz MCS for STEP URM (bsc#1227149). - wifi: iwlwifi: mvm: limit pseudo-D3 to 60 seconds (bsc#1227149). - wifi: iwlwifi: mvm: log dropped frames (bsc#1227149). - wifi: iwlwifi: mvm: log dropped packets due to MIC error (bsc#1227149). - wifi: iwlwifi: mvm: make 'pldr_sync' mode effective (bsc#1227149). - wifi: iwlwifi: mvm: make functions public (bsc#1227149). - wifi: iwlwifi: mvm: make pldr_sync AX210 specific (bsc#1227149). - wifi: iwlwifi: mvm: move BA notif messages before action (bsc#1227149). - wifi: iwlwifi: mvm: move RU alloc B2 placement (bsc#1227149). - wifi: iwlwifi: mvm: move listen interval to constants (bsc#1227149). - wifi: iwlwifi: mvm: offload IGTK in AP if BIGTK is supported (bsc#1227149). - wifi: iwlwifi: mvm: partially support PHY context version 6 (bsc#1227149). - wifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF (bsc#1227149). - wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option (stable-fixes). - wifi: iwlwifi: mvm: reduce maximum RX A-MPDU size (bsc#1227149). - wifi: iwlwifi: mvm: refactor TX rate handling (bsc#1227149). - wifi: iwlwifi: mvm: refactor duplicate chanctx condition (bsc#1227149). - wifi: iwlwifi: mvm: remove EHT code from mac80211.c (bsc#1227149). - wifi: iwlwifi: mvm: remove IWL_MVM_STATUS_NEED_FLUSH_P2P (bsc#1227149). - wifi: iwlwifi: mvm: remove flags for enable/disable beacon filter (bsc#1227149). - wifi: iwlwifi: mvm: remove one queue sync on BA session stop (bsc#1227149). - wifi: iwlwifi: mvm: remove set_tim callback for MLD ops (bsc#1227149). - wifi: iwlwifi: mvm: remove stale STA link data during restart (stable-fixes). - wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 (git-fixes). - wifi: iwlwifi: mvm: rework debugfs handling (bsc#1227149). - wifi: iwlwifi: mvm: set properly mac header (git-fixes). - wifi: iwlwifi: mvm: show dump even for pldr_sync (bsc#1227149). - wifi: iwlwifi: mvm: show skb_mac_gso_segment() failure reason (bsc#1227149). - wifi: iwlwifi: mvm: simplify the reorder buffer (bsc#1227149). - wifi: iwlwifi: mvm: skip adding debugfs symlink for reconfig (bsc#1227149). - wifi: iwlwifi: mvm: support CSA with MLD (bsc#1227149). - wifi: iwlwifi: mvm: support SPP A-MSDUs (bsc#1227149). - wifi: iwlwifi: mvm: support flush on AP interfaces (bsc#1227149). - wifi: iwlwifi: mvm: support injection antenna control (bsc#1227149). - wifi: iwlwifi: mvm: support iwl_dev_tx_power_cmd_v8 (bsc#1227149). - wifi: iwlwifi: mvm: support set_antenna() (bsc#1227149). - wifi: iwlwifi: mvm: unlock mvm if there is no primary link (bsc#1227149). - wifi: iwlwifi: mvm: use fast balance scan in case of an active P2P GO (bsc#1227149). - wifi: iwlwifi: mvm: use the new command to clear the internal buffer (bsc#1227149). - wifi: iwlwifi: mvm: work around A-MSDU size problem (bsc#1227149). - wifi: iwlwifi: no power save during transition to D3 (bsc#1227149). - wifi: iwlwifi: nvm-parse: advertise common packet padding (bsc#1227149). - wifi: iwlwifi: nvm: parse the VLP/AFC bit from regulatory (bsc#1227149). - wifi: iwlwifi: pcie: (re-)assign BAR0 on driver bind (bsc#1227149). - wifi: iwlwifi: pcie: Add new PCI device id and CNVI (bsc#1227149). - wifi: iwlwifi: pcie: clean up WFPM control bits (bsc#1227149). - wifi: iwlwifi: pcie: clean up device removal work (bsc#1227149). - wifi: iwlwifi: pcie: clean up gen1/gen2 TFD unmap (bsc#1227149). - wifi: iwlwifi: pcie: do not allow hw-rfkill to stop device on gen2 (bsc#1227149). - wifi: iwlwifi: pcie: dump CSRs before removal (bsc#1227149). - wifi: iwlwifi: pcie: enable TOP fatal error interrupt (bsc#1227149). - wifi: iwlwifi: pcie: fix kernel-doc issues (bsc#1227149). - wifi: iwlwifi: pcie: get_crf_id() can be void (bsc#1227149). - wifi: iwlwifi: pcie: give up mem read if HW is dead (bsc#1227149). - wifi: iwlwifi: pcie: move gen1 TB handling to header (bsc#1227149). - wifi: iwlwifi: pcie: point invalid TFDs to invalid data (bsc#1227149). - wifi: iwlwifi: pcie: propagate iwl_pcie_gen2_apm_init() error (bsc#1227149). - wifi: iwlwifi: pcie: rescan bus if no parent (bsc#1227149). - wifi: iwlwifi: prepare for reading DSM from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading PPAG table from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading SAR tables from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading SPLC from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading TAS table from UEFI (bsc#1227149). - wifi: iwlwifi: properly check if link is active (bsc#1227149). - wifi: iwlwifi: properly set WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK (stable-fixes). - wifi: iwlwifi: queue: fix kernel-doc (bsc#1227149). - wifi: iwlwifi: queue: improve warning for no skb in reclaim (bsc#1227149). - wifi: iwlwifi: queue: move iwl_txq_gen2_set_tb() up (bsc#1227149). - wifi: iwlwifi: read DSM func 2 for specific RF types (bsc#1227149). - wifi: iwlwifi: read DSM functions from UEFI (bsc#1227149). - wifi: iwlwifi: read ECKV table from UEFI (bsc#1227149). - wifi: iwlwifi: read PPAG table from UEFI (bsc#1227149). - wifi: iwlwifi: read SAR tables from UEFI (bsc#1227149). - wifi: iwlwifi: read SPLC from UEFI (bsc#1227149). - wifi: iwlwifi: read WRDD table from UEFI (bsc#1227149). - wifi: iwlwifi: read WTAS table from UEFI (bsc#1227149). - wifi: iwlwifi: read mac step from aux register (bsc#1227149). - wifi: iwlwifi: refactor RX tracing (bsc#1227149). - wifi: iwlwifi: remove 'def_rx_queue' struct member (bsc#1227149). - wifi: iwlwifi: remove Gl A-step remnants (bsc#1227149). - wifi: iwlwifi: remove WARN from read_mem32() (bsc#1227149). - wifi: iwlwifi: remove async command callback (bsc#1227149). - wifi: iwlwifi: remove dead-code (bsc#1227149). - wifi: iwlwifi: remove extra kernel-doc (bsc#1227149). - wifi: iwlwifi: remove memory check for LMAC error address (bsc#1227149). - wifi: iwlwifi: remove retry loops in start (bsc#1227149). - wifi: iwlwifi: remove unused function prototype (bsc#1227149). - wifi: iwlwifi: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: iwlwifi: return negative -EINVAL instead of positive EINVAL (bsc#1227149). - wifi: iwlwifi: rfi: use a single DSM function for all RFI configurations (bsc#1227149). - wifi: iwlwifi: send EDT table to FW (bsc#1227149). - wifi: iwlwifi: separate TAS 'read-from-BIOS' and 'send-to-FW' flows (bsc#1227149). - wifi: iwlwifi: simplify getting DSM from ACPI (bsc#1227149). - wifi: iwlwifi: skip affinity setting on non-SMP (bsc#1227149). - wifi: iwlwifi: skip opmode start retries on dead transport (bsc#1227149). - wifi: iwlwifi: small cleanups in PPAG table flows (bsc#1227149). - wifi: iwlwifi: support link command version 2 (bsc#1227149). - wifi: iwlwifi: support link id in SESSION_PROTECTION_NOTIF (bsc#1227149). - wifi: iwlwifi: support link_id in SESSION_PROTECTION cmd (bsc#1227149). - wifi: iwlwifi: take SGOM and UATS code out of ACPI ifdef (bsc#1227149). - wifi: iwlwifi: take send-DSM-to-FW flows out of ACPI ifdef (bsc#1227149). - wifi: iwlwifi: trace full frames with TX status request (bsc#1227149). - wifi: iwlwifi: update context info structure definitions (bsc#1227149). - wifi: iwlwifi: use system_unbound_wq for debug dump (bsc#1227149). - wifi: iwlwifi: validate PPAG table when sent to FW (bsc#1227149). - wifi: lib80211: remove unused variables iv32 and iv16 (bsc#1227149). - wifi: libertas: Follow renaming of SPI 'master' to 'controller' (bsc#1227149). - wifi: libertas: add missing calls to cancel_work_sync() (bsc#1227149). - wifi: libertas: cleanup SDIO reset (bsc#1227149). - wifi: libertas: handle possible spu_write_u16() errors (bsc#1227149). - wifi: libertas: prefer kstrtoX() for simple integer conversions (bsc#1227149). - wifi: libertas: simplify list operations in free_if_spi_card() (bsc#1227149). - wifi: libertas: use convenient lists to manage SDIO packets (bsc#1227149). - wifi: mac80211: Add __counted_by for struct ieee802_11_elems and use struct_size() (bsc#1227149). - wifi: mac80211: Avoid address calculations via out of bounds array indexing (stable-fixes). - wifi: mac80211: Check if we had first beacon with relevant links (bsc#1227149). - wifi: mac80211: Do not force off-channel for management Tx with MLO (bsc#1227149). - wifi: mac80211: Do not include crypto/algapi.h (bsc#1227149). - wifi: mac80211: Extend support for scanning while MLO connected (bsc#1227149). - wifi: mac80211: Fix SMPS handling in the context of MLO (bsc#1227149). - wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (git-fixes). - wifi: mac80211: Notify the low level driver on change in MLO valid links (bsc#1227149). - wifi: mac80211: Print local link address during authentication (bsc#1227149). - wifi: mac80211: Recalc offload when monitor stop (git-fixes). - wifi: mac80211: Remove unused function declarations (bsc#1227149). - wifi: mac80211: Rename and update IEEE80211_VIF_DISABLE_SMPS_OVERRIDE (bsc#1227149). - wifi: mac80211: Replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: mac80211: Sanity check tx bitrate if not provided by driver (bsc#1227149). - wifi: mac80211: Schedule regulatory channels check on bandwith change (bsc#1227149). - wifi: mac80211: Skip association timeout update after comeback rejection (bsc#1227149). - wifi: mac80211: add a driver callback to add vif debugfs (bsc#1227149). - wifi: mac80211: add a driver callback to check active_links (bsc#1227149). - wifi: mac80211: add a flag to disallow puncturing (bsc#1227149). - wifi: mac80211: add back SPDX identifier (bsc#1227149). - wifi: mac80211: add ieee80211_tdls_sta_link_id() (stable-fixes). - wifi: mac80211: add link id to ieee80211_gtk_rekey_add() (bsc#1227149). - wifi: mac80211: add link id to mgd_prepare_tx() (bsc#1227149). - wifi: mac80211: add more ops assertions (bsc#1227149). - wifi: mac80211: add more warnings about inserting sta info (bsc#1227149). - wifi: mac80211: add support for SPP A-MSDUs (bsc#1227149). - wifi: mac80211: add support for mld in ieee80211_chswitch_done (bsc#1227149). - wifi: mac80211: add support for parsing TID to Link mapping element (bsc#1227149). - wifi: mac80211: add/remove driver debugfs entries as appropriate (bsc#1227149). - wifi: mac80211: additions to change_beacon() (bsc#1227149). - wifi: mac80211: address some kerneldoc warnings (bsc#1227149). - wifi: mac80211: allow 64-bit radiotap timestamps (bsc#1227149). - wifi: mac80211: allow for_each_sta_active_link() under RCU (bsc#1227149). - wifi: mac80211: apply mcast rate only if interface is up (stable-fixes). - wifi: mac80211: cancel multi-link reconf work on disconnect (git-fixes). - wifi: mac80211: chanctx emulation set CHANGE_CHANNEL when in_reconfig (git-fixes). - wifi: mac80211: check EHT/TTLM action frame length (bsc#1227149). - wifi: mac80211: check wiphy mutex in ops (bsc#1227149). - wifi: mac80211: cleanup airtime arithmetic with ieee80211_sta_keep_active() (bsc#1227149). - wifi: mac80211: cleanup auth_data only if association continues (bsc#1227149). - wifi: mac80211: convert A-MPDU work to wiphy work (bsc#1227149). - wifi: mac80211: correctly parse Spatial Reuse Parameter Set element (git-fixes). - wifi: mac80211: correctly set active links upon TTLM (bsc#1227149). - wifi: mac80211: correcty limit wider BW TDLS STAs (git-fixes). - wifi: mac80211: debugfs: lock wiphy instead of RTNL (bsc#1227149). - wifi: mac80211: describe return values in kernel-doc (bsc#1227149). - wifi: mac80211: disable softirqs for queued frame handling (git-fixes). - wifi: mac80211: do not connect to an AP while it's in a CSA process (bsc#1227149). - wifi: mac80211: do not re-add debugfs entries during resume (bsc#1227149). - wifi: mac80211: do not select link ID if not provided in scan request (bsc#1227149). - wifi: mac80211: do not set ESS capab bit in assoc request (bsc#1227149). - wifi: mac80211: do not use rate mask for scanning (stable-fixes). - wifi: mac80211: drop robust action frames before assoc (bsc#1227149). - wifi: mac80211: drop spurious WARN_ON() in ieee80211_ibss_csa_beacon() (bsc#1227149). - wifi: mac80211: ensure beacon is non-S1G prior to extracting the beacon timestamp field (stable-fixes). - wifi: mac80211: ethtool: always hold wiphy mutex (bsc#1227149). - wifi: mac80211: ethtool: hold wiphy mutex (bsc#1227149). - wifi: mac80211: expand __ieee80211_data_to_8023() status (bsc#1227149). - wifi: mac80211: extend wiphy lock in interface removal (bsc#1227149). - wifi: mac80211: fix BA session teardown race (bsc#1227149). - wifi: mac80211: fix BSS_CHANGED_UNSOL_BCAST_PROBE_RESP (bsc#1227149). - wifi: mac80211: fix SMPS status handling (bsc#1227149). - wifi: mac80211: fix TXQ error path and cleanup (bsc#1227149). - wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (stable-fixes). - wifi: mac80211: fix a expired vs. cancel race in roc (bsc#1227149). - wifi: mac80211: fix advertised TTLM scheduling (bsc#1227149). - wifi: mac80211: fix another key installation error path (bsc#1227149). - wifi: mac80211: fix change_address deadlock during unregister (bsc#1227149). - wifi: mac80211: fix channel switch link data (bsc#1227149). - wifi: mac80211: fix driver debugfs for vif type change (bsc#1227149). - wifi: mac80211: fix error path key leak (bsc#1227149). - wifi: mac80211: fix header kernel-doc typos (bsc#1227149). - wifi: mac80211: fix ieee80211_drop_unencrypted_mgmt return type/value (bsc#1227149). - wifi: mac80211: fix monitor channel with chanctx emulation (bsc#1227149). - wifi: mac80211: fix potential key leak (bsc#1227149). - wifi: mac80211: fix spelling typo in comment (bsc#1227149). - wifi: mac80211: fix unsolicited broadcast probe config (bsc#1227149). - wifi: mac80211: fix various kernel-doc issues (bsc#1227149). - wifi: mac80211: fixes in FILS discovery updates (bsc#1227149). - wifi: mac80211: flush STA queues on unauthorization (bsc#1227149). - wifi: mac80211: flush wiphy work where appropriate (bsc#1227149). - wifi: mac80211: handle debugfs when switching to/from MLO (bsc#1227149). - wifi: mac80211: handle tasklet frames before stopping (stable-fixes). - wifi: mac80211: hold wiphy lock in netdev/link debugfs (bsc#1227149). - wifi: mac80211: hold wiphy_lock around concurrency checks (bsc#1227149). - wifi: mac80211: improve CSA/ECSA connection refusal (bsc#1227149). - wifi: mac80211: initialize SMPS mode correctly (bsc#1227149). - wifi: mac80211: lock wiphy for aggregation debugfs (bsc#1227149). - wifi: mac80211: lock wiphy in IP address notifier (bsc#1227149). - wifi: mac80211: make mgd_protect_tdls_discover MLO-aware (bsc#1227149). - wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects (git-fixes). - wifi: mac80211: mesh: Remove unused function declaration mesh_ids_set_default() (bsc#1227149). - wifi: mac80211: mesh: fix some kdoc warnings (bsc#1227149). - wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (stable-fixes). - wifi: mac80211: move CSA finalize to wiphy work (bsc#1227149). - wifi: mac80211: move DFS CAC work to wiphy work (bsc#1227149). - wifi: mac80211: move TDLS work to wiphy work (bsc#1227149). - wifi: mac80211: move color change finalize to wiphy work (bsc#1227149). - wifi: mac80211: move dynamic PS to wiphy work (bsc#1227149). - wifi: mac80211: move filter reconfig to wiphy work (bsc#1227149). - wifi: mac80211: move key tailroom work to wiphy work (bsc#1227149). - wifi: mac80211: move link activation work to wiphy work (bsc#1227149). - wifi: mac80211: move monitor work to wiphy work (bsc#1227149). - wifi: mac80211: move tspec work to wiphy work (bsc#1227149). - wifi: mac80211: process and save negotiated TID to Link mapping request (bsc#1227149). - wifi: mac80211: purge TX queues in flush_queues flow (bsc#1227149). - wifi: mac80211: reduce iflist_mtx (bsc#1227149). - wifi: mac80211: reject MLO channel configuration if not supported (bsc#1227149). - wifi: mac80211: relax RCU check in for_each_vif_active_link() (bsc#1227149). - wifi: mac80211: remove RX_DROP_UNUSABLE (bsc#1227149). - wifi: mac80211: remove ampdu_mlme.mtx (bsc#1227149). - wifi: mac80211: remove chanctx_mtx (bsc#1227149). - wifi: mac80211: remove key_mtx (bsc#1227149). - wifi: mac80211: remove local->mtx (bsc#1227149). - wifi: mac80211: remove redundant ML element check (bsc#1227149). - wifi: mac80211: remove shifted rate support (bsc#1227149). - wifi: mac80211: remove sta_mtx (bsc#1227149). - wifi: mac80211: remove unnecessary struct forward declaration (bsc#1227149). - wifi: mac80211: rename ieee80211_tx_status() to ieee80211_tx_status_skb() (bsc#1227149). - wifi: mac80211: rename struct cfg80211_rx_assoc_resp to cfg80211_rx_assoc_resp_data (bsc#1227149). - wifi: mac80211: report per-link error during association (bsc#1227149). - wifi: mac80211: reset negotiated TTLM on disconnect (git-fixes). - wifi: mac80211: rework RX timestamp flags (bsc#1227149). - wifi: mac80211: rework ack_frame_id handling a bit (bsc#1227149). - wifi: mac80211: rx.c: fix sentence grammar (bsc#1227149). - wifi: mac80211: set wiphy for virtual monitors (bsc#1227149). - wifi: mac80211: simplify non-chanctx drivers (bsc#1227149). - wifi: mac80211: split ieee80211_drop_unencrypted_mgmt() return value (bsc#1227149). - wifi: mac80211: sta_info.c: fix sentence grammar (bsc#1227149). - wifi: mac80211: support antenna control in injection (bsc#1227149). - wifi: mac80211: support handling of advertised TID-to-link mapping (bsc#1227149). - wifi: mac80211: take MBSSID/EHT data also from probe resp (bsc#1227149). - wifi: mac80211: take wiphy lock for MAC addr change (bsc#1227149). - wifi: mac80211: tx: clarify conditions in if statement (bsc#1227149). - wifi: mac80211: update beacon counters per link basis (bsc#1227149). - wifi: mac80211: update some locking documentation (bsc#1227149). - wifi: mac80211: update the rx_chains after set_antenna() (bsc#1227149). - wifi: mac80211: use bandwidth indication element for CSA (bsc#1227149). - wifi: mac80211: use deflink and fix typo in link ID check (bsc#1227149). - wifi: mac80211: use wiphy locked debugfs for sdata/link (bsc#1227149). - wifi: mac80211: use wiphy locked debugfs helpers for agg_status (bsc#1227149). - wifi: mt7601u: delete dead code checking debugfs returns (bsc#1227149). - wifi: mt7601u: replace strlcpy() with strscpy() (bsc#1227149). - wifi: mt76: Annotate struct mt76_rx_tid with __counted_by (bsc#1227149). - wifi: mt76: Convert to platform remove callback returning void (bsc#1227149). - wifi: mt76: Remove redundant assignment to variable tidno (bsc#1227149). - wifi: mt76: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: mt76: Replace strlcpy() with strscpy() (bsc#1227149). - wifi: mt76: Use PTR_ERR_OR_ZERO() to simplify code (bsc#1227149). - wifi: mt76: add DMA mapping error check in mt76_alloc_txwi() (bsc#1227149). - wifi: mt76: add ability to explicitly forbid LED registration with DT (bsc#1227149). - wifi: mt76: add support for providing eeprom in nvmem cells (bsc#1227149). - wifi: mt76: add tx_nss histogram to ethtool stats (bsc#1227149). - wifi: mt76: change txpower init to per-phy (bsc#1227149). - wifi: mt76: check sta rx control frame to multibss capability (bsc#1227149). - wifi: mt76: check txs format before getting skb by pid (bsc#1227149). - wifi: mt76: check vif type before reporting cca and csa (bsc#1227149). - wifi: mt76: connac: add MBSSID support for mt7996 (bsc#1227149). - wifi: mt76: connac: add beacon duplicate TX mode support for mt7996 (bsc#1227149). - wifi: mt76: connac: add beacon protection support for mt7996 (bsc#1227149). - wifi: mt76: connac: add connac3 mac library (bsc#1227149). - wifi: mt76: connac: add data field in struct tlv (bsc#1227149). - wifi: mt76: connac: add eht support for phy mode config (bsc#1227149). - wifi: mt76: connac: add eht support for tx power (bsc#1227149). - wifi: mt76: connac: add firmware support for mt7992 (bsc#1227149). - wifi: mt76: connac: add more unified command IDs (bsc#1227149). - wifi: mt76: connac: add more unified event IDs (bsc#1227149). - wifi: mt76: connac: add new definition of tx descriptor (bsc#1227149). - wifi: mt76: connac: add support for dsp firmware download (bsc#1227149). - wifi: mt76: connac: add support to set ifs time by mcu command (bsc#1227149). - wifi: mt76: connac: add thermal protection support for mt7996 (bsc#1227149). - wifi: mt76: connac: check for null before dereferencing (bsc#1227149). - wifi: mt76: connac: export functions for mt7925 (bsc#1227149). - wifi: mt76: connac: introduce helper for mt7925 chipset (bsc#1227149). - wifi: mt76: connac: set correct muar_idx for mt799x chipsets (bsc#1227149). - wifi: mt76: connac: set fixed_bw bit in TX descriptor for fixed rate frames (bsc#1227149). - wifi: mt76: connac: use muar idx 0xe for non-mt799x as well (bsc#1227149). - wifi: mt76: disable HW AMSDU when using fixed rate (bsc#1227149). - wifi: mt76: dma: introduce __mt76_dma_queue_reset utility routine (bsc#1227149). - wifi: mt76: enable UNII-4 channel 177 support (bsc#1227149). - wifi: mt76: fix race condition related to checking tx queue fill status (bsc#1227149). - wifi: mt76: fix the issue of missing txpwr settings from ch153 to ch177 (bsc#1227149). - wifi: mt76: fix typo in mt76_get_of_eeprom_from_nvmem function (bsc#1227149). - wifi: mt76: increase MT_QFLAG_WED_TYPE size (bsc#1227149). - wifi: mt76: introduce mt76_queue_is_wed_tx_free utility routine (bsc#1227149). - wifi: mt76: introduce wed pointer in mt76_queue (bsc#1227149). - wifi: mt76: limit support of precal loading for mt7915 to MTD only (bsc#1227149). - wifi: mt76: make mt76_get_of_eeprom static again (bsc#1227149). - wifi: mt76: mmio: move mt76_mmio_wed_{init,release}_rx_buf in common code (bsc#1227149). - wifi: mt76: move ampdu_state in mt76_wcid (bsc#1227149). - wifi: mt76: move mt76_mmio_wed_offload_{enable,disable} in common code (bsc#1227149). - wifi: mt76: move mt76_net_setup_tc in common code (bsc#1227149). - wifi: mt76: move rate info in mt76_vif (bsc#1227149). - wifi: mt76: move wed reset common code in mt76 module (bsc#1227149). - wifi: mt76: mt7603: add missing register initialization for MT7628 (bsc#1227149). - wifi: mt76: mt7603: disable A-MSDU tx support on MT7628 (bsc#1227149). - wifi: mt76: mt7603: fix beacon interval after disabling a single vif (bsc#1227149). - wifi: mt76: mt7603: fix tx filter/flush function (bsc#1227149). - wifi: mt76: mt7603: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7603: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt7615: add missing chanctx ops (bsc#1227149). - wifi: mt76: mt7615: enable BSS_CHANGED_MU_GROUPS support (bsc#1227149). - wifi: mt76: mt7615: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7615: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt76_connac3: move lmac queue enumeration in mt76_connac3_mac.h (bsc#1227149). - wifi: mt76: mt76x02: fix return value check in mt76x02_mac_process_rx (bsc#1227149). - wifi: mt76: mt76x2u: add netgear wdna3100v3 to device table (bsc#1227149). - wifi: mt76: mt7915 add tc offloading support (bsc#1227149). - wifi: mt76: mt7915: accumulate mu-mimo ofdma muru stats (bsc#1227149). - wifi: mt76: mt7915: add locking for accessing mapped registers (bsc#1227149). - wifi: mt76: mt7915: add missing chanctx ops (bsc#1227149). - wifi: mt76: mt7915: add support for MT7981 (bsc#1227149). - wifi: mt76: mt7915: also MT7981 is 3T3R but nss2 on 5 GHz band (bsc#1227149). - wifi: mt76: mt7915: disable WFDMA Tx/Rx during SER recovery (bsc#1227149). - wifi: mt76: mt7915: drop return in mt7915_sta_statistics (bsc#1227149). - wifi: mt76: mt7915: fix EEPROM offset of TSSI flag on MT7981 (bsc#1227149). - wifi: mt76: mt7915: fix error recovery with WED enabled (bsc#1227149). - wifi: mt76: mt7915: fix monitor mode issues (bsc#1227149). - wifi: mt76: mt7915: move mib_stats structure in mt76.h (bsc#1227149). - wifi: mt76: mt7915: move poll_list in mt76_wcid (bsc#1227149). - wifi: mt76: mt7915: move sta_poll_list and sta_poll_lock in mt76_dev (bsc#1227149). - wifi: mt76: mt7915: report tx retries/failed counts for non-WED path (bsc#1227149). - wifi: mt76: mt7915: update mpdu density capability (bsc#1227149). - wifi: mt76: mt7915: update mt798x_wmac_adie_patch_7976 (bsc#1227149). - wifi: mt76: mt7921: Support temp sensor (bsc#1227149). - wifi: mt76: mt7921: add 6GHz power type support for clc (bsc#1227149). - wifi: mt76: mt7921: convert acpisar and clc pointers to void (bsc#1227149). - wifi: mt76: mt7921: enable set txpower for UNII-4 (bsc#1227149). - wifi: mt76: mt7921: fix 6GHz disabled by the missing default CLC config (bsc#1227149). - wifi: mt76: mt7921: fix CLC command timeout when suspend/resume (bsc#1227149). - wifi: mt76: mt7921: fix a potential association failure upon resuming (bsc#1227149). - wifi: mt76: mt7921: fix kernel panic by accessing invalid 6GHz channel info (bsc#1227149). - wifi: mt76: mt7921: fix suspend issue on MediaTek COB platform (bsc#1227149). - wifi: mt76: mt7921: fix the unfinished command of regd_notifier before suspend (bsc#1227149). - wifi: mt76: mt7921: fix wrong 6Ghz power type (bsc#1227149). - wifi: mt76: mt7921: get regulatory information from the clc event (bsc#1227149). - wifi: mt76: mt7921: get rid of MT7921_RESET_TIMEOUT marco (bsc#1227149). - wifi: mt76: mt7921: make mt7921_mac_sta_poll static (bsc#1227149). - wifi: mt76: mt7921: move acpi_sar code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move common register definition in mt792x_regs.h (bsc#1227149). - wifi: mt76: mt7921: move connac nic capability handling to mt7921 (bsc#1227149). - wifi: mt76: mt7921: move debugfs shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move dma shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move hif_ops macro in mt792x.h (bsc#1227149). - wifi: mt76: mt7921: move init shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move mac shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move mt7921_dma_init in pci.c (bsc#1227149). - wifi: mt76: mt7921: move mt7921u_disconnect mt792x-lib (bsc#1227149). - wifi: mt76: mt7921: move mt792x_hw_dev in mt792x.h (bsc#1227149). - wifi: mt76: mt7921: move mt792x_mutex_{acquire/release} in mt792x.h (bsc#1227149). - wifi: mt76: mt7921: move runtime-pm pci code in mt792x-lib (bsc#1227149). - wifi: mt76: mt7921: move shared runtime-pm code on mt792x-lib (bsc#1227149). - wifi: mt76: mt7921: reduce the size of MCU firmware download Rx queue (bsc#1227149). - wifi: mt76: mt7921: rely on mib_stats shared definition (bsc#1227149). - wifi: mt76: mt7921: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7921: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt7921: remove macro duplication in regs.h (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_dev in mt792x_dev (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_hif_ops in mt792x_hif_ops (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_phy in mt792x_phy (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_sta in mt792x_sta (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_vif in mt792x_vif (bsc#1227149). - wifi: mt76: mt7921: support 5.9/6GHz channel config in acpi (bsc#1227149). - wifi: mt76: mt7921: update the channel usage when the regd domain changed (bsc#1227149). - wifi: mt76: mt7921e: report tx retries/failed counts in tx free event (bsc#1227149). - wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (stable-fixes). - wifi: mt76: mt7925: add Mediatek Wi-Fi7 driver for mt7925 chips (bsc#1227149). - wifi: mt76: mt7925: add flow to avoid chip bt function fail (bsc#1227149). - wifi: mt76: mt7925: add support to set ifs time by mcu command (bsc#1227149). - wifi: mt76: mt7925: ensure 4-byte alignment for suspend & wow command (bsc#1227149). - wifi: mt76: mt7925: fix SAP no beacon issue in 5Ghz and 6Ghz band (bsc#1227149). - wifi: mt76: mt7925: fix WoW failed in encrypted mode (bsc#1227149). - wifi: mt76: mt7925: fix connect to 80211b mode fail in 2Ghz band (bsc#1227149). - wifi: mt76: mt7925: fix fw download fail (bsc#1227149). - wifi: mt76: mt7925: fix mcu query command fail (bsc#1227149). - wifi: mt76: mt7925: fix the wrong data type for scan command (bsc#1227149). - wifi: mt76: mt7925: fix the wrong header translation config (bsc#1227149). - wifi: mt76: mt7925: fix typo in mt7925_init_he_caps (bsc#1227149). - wifi: mt76: mt7925: fix wmm queue mapping (bsc#1227149). - wifi: mt76: mt7925: remove iftype from mt7925_init_eht_caps signature (bsc#1227149). - wifi: mt76: mt7925: support temperature sensor (bsc#1227149). - wifi: mt76: mt7925: update PCIe DMA settings (bsc#1227149). - wifi: mt76: mt7925e: fix use-after-free in free_irq() (bsc#1227149). - wifi: mt76: mt792x: add the illegal value check for mtcl table of acpi (bsc#1227149). - wifi: mt76: mt792x: fix ethtool warning (bsc#1227149). - wifi: mt76: mt792x: introduce mt792x-lib module (bsc#1227149). - wifi: mt76: mt792x: introduce mt792x-usb module (bsc#1227149). - wifi: mt76: mt792x: introduce mt792x_irq_map (bsc#1227149). - wifi: mt76: mt792x: move MT7921_PM_TIMEOUT and MT7921_HW_SCAN_TIMEOUT in common code (bsc#1227149). - wifi: mt76: mt792x: move more dma shared code in mt792x_dma (bsc#1227149). - wifi: mt76: mt792x: move mt7921_load_firmware in mt792x-lib module (bsc#1227149). - wifi: mt76: mt792x: move mt7921_skb_add_usb_sdio_hdr in mt792x module (bsc#1227149). - wifi: mt76: mt792x: move shared structure definition in mt792x.h (bsc#1227149). - wifi: mt76: mt792x: move some common usb code in mt792x module (bsc#1227149). - wifi: mt76: mt792x: support mt7925 chip init (bsc#1227149). - wifi: mt76: mt792x: update the country list of EU for ACPI SAR (bsc#1227149). - wifi: mt76: mt792xu: enable dmashdl support (bsc#1227149). - wifi: mt76: mt7996: Add mcu commands for getting sta tx statistic (bsc#1227149). - wifi: mt76: mt7996: Use DECLARE_FLEX_ARRAY() and fix -Warray-bounds warnings (bsc#1227149). - wifi: mt76: mt7996: add DMA support for mt7992 (bsc#1227149). - wifi: mt76: mt7996: add TX statistics for EHT mode in debugfs (bsc#1227149). - wifi: mt76: mt7996: add muru support (bsc#1227149). - wifi: mt76: mt7996: add sanity checks for background radar trigger (stable-fixes). - wifi: mt76: mt7996: add support for variants with auxiliary RX path (bsc#1227149). - wifi: mt76: mt7996: add thermal sensor device support (bsc#1227149). - wifi: mt76: mt7996: add txpower setting support (bsc#1227149). - wifi: mt76: mt7996: adjust WFDMA settings to improve performance (bsc#1227149). - wifi: mt76: mt7996: adjust interface num and wtbl size for mt7992 (bsc#1227149). - wifi: mt76: mt7996: align the format of fixed rate command (bsc#1227149). - wifi: mt76: mt7996: check txs format before getting skb by pid (bsc#1227149). - wifi: mt76: mt7996: disable WFDMA Tx/Rx during SER recovery (bsc#1227149). - wifi: mt76: mt7996: drop return in mt7996_sta_statistics (bsc#1227149). - wifi: mt76: mt7996: enable BSS_CHANGED_MU_GROUPS support (bsc#1227149). - wifi: mt76: mt7996: enable PPDU-TxS to host (bsc#1227149). - wifi: mt76: mt7996: enable VHT extended NSS BW feature (bsc#1227149). - wifi: mt76: mt7996: ensure 4-byte alignment for beacon commands (bsc#1227149). - wifi: mt76: mt7996: fix alignment of sta info event (bsc#1227149). - wifi: mt76: mt7996: fix fortify warning (bsc#1227149). - wifi: mt76: mt7996: fix fw loading timeout (bsc#1227149). - wifi: mt76: mt7996: fix mt7996_mcu_all_sta_info_event struct packing (bsc#1227149). - wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature (bsc#1227149). - wifi: mt76: mt7996: fix size of txpower MCU command (bsc#1227149). - wifi: mt76: mt7996: fix uninitialized variable in mt7996_irq_tasklet() (bsc#1227149). - wifi: mt76: mt7996: fix uninitialized variable in parsing txfree (bsc#1227149). - wifi: mt76: mt7996: get tx_retries and tx_failed from txfree (bsc#1227149). - wifi: mt76: mt7996: handle IEEE80211_RC_SMPS_CHANGED (bsc#1227149). - wifi: mt76: mt7996: increase tx token size (bsc#1227149). - wifi: mt76: mt7996: introduce mt7996_band_valid() (bsc#1227149). - wifi: mt76: mt7996: mark GCMP IGTK unsupported (bsc#1227149). - wifi: mt76: mt7996: move radio ctrl commands to proper functions (bsc#1227149). - wifi: mt76: mt7996: only set vif teardown cmds at remove interface (bsc#1227149). - wifi: mt76: mt7996: rely on mib_stats shared definition (bsc#1227149). - wifi: mt76: mt7996: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7996: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt7996: remove TXS queue setting (bsc#1227149). - wifi: mt76: mt7996: remove periodic MPDU TXS request (bsc#1227149). - wifi: mt76: mt7996: rework ampdu params setting (bsc#1227149). - wifi: mt76: mt7996: rework register offsets for mt7992 (bsc#1227149). - wifi: mt76: mt7996: set DMA mask to 36 bits for boards with more than 4GB of RAM (bsc#1227149). - wifi: mt76: mt7996: support more options for mt7996_set_bitrate_mask() (bsc#1227149). - wifi: mt76: mt7996: support mt7992 eeprom loading (bsc#1227149). - wifi: mt76: mt7996: support per-band LED control (bsc#1227149). - wifi: mt76: mt7996: switch to mcu command for TX GI report (bsc#1227149). - wifi: mt76: mt7996: use u16 for val field in mt7996_mcu_set_rro signature (bsc#1227149). - wifi: mt76: permit to load precal from NVMEM cell for mt7915 (bsc#1227149). - wifi: mt76: permit to use alternative cell name to eeprom NVMEM load (bsc#1227149). - wifi: mt76: reduce spin_lock_bh held up in mt76_dma_rx_cleanup (bsc#1227149). - wifi: mt76: replace skb_put with skb_put_zero (stable-fixes). - wifi: mt76: report non-binding skb tx rate when WED is active (bsc#1227149). - wifi: mt76: set page_pool napi pointer for mmio devices (bsc#1227149). - wifi: mt76: split get_of_eeprom in subfunction (bsc#1227149). - wifi: mt76: usb: create a dedicated queue for psd traffic (bsc#1227149). - wifi: mt76: usb: store usb endpoint in mt76_queue (bsc#1227149). - wifi: mt76: use atomic iface iteration for pre-TBTT work (bsc#1227149). - wifi: mt76: use chainmask for power delta calculation (bsc#1227149). - wifi: mwifiex: Drop unused headers (bsc#1227149). - wifi: mwifiex: Fix interface type change (git-fixes). - wifi: mwifiex: Refactor 1-element array into flexible array in struct mwifiex_ie_types_chan_list_param_set (bsc#1227149). - wifi: mwifiex: Replace one-element array with flexible-array member in struct mwifiex_ie_types_rxba_sync (bsc#1227149). - wifi: mwifiex: Set WIPHY_FLAG_NETNS_OK flag (bsc#1227149). - wifi: mwifiex: Use default @max_active for workqueues (bsc#1227149). - wifi: mwifiex: Use helpers to check multicast addresses (bsc#1227149). - wifi: mwifiex: Use list_count_nodes() (bsc#1227149). - wifi: mwifiex: cleanup adapter data (bsc#1227149). - wifi: mwifiex: cleanup private data structures (bsc#1227149). - wifi: mwifiex: cleanup struct mwifiex_sdio_mpa_rx (bsc#1227149). - wifi: mwifiex: drop BUG_ON from TX paths (bsc#1227149). - wifi: mwifiex: fix comment typos in SDIO module (bsc#1227149). - wifi: mwifiex: followup PCIE and related cleanups (bsc#1227149). - wifi: mwifiex: handle possible mwifiex_write_reg() errors (bsc#1227149). - wifi: mwifiex: handle possible sscanf() errors (bsc#1227149). - wifi: mwifiex: mwifiex_process_sleep_confirm_resp(): remove unused priv variable (bsc#1227149). - wifi: mwifiex: prefer strscpy() over strlcpy() (bsc#1227149). - wifi: mwifiex: simplify PCIE write operations (bsc#1227149). - wifi: mwifiex: use MODULE_FIRMWARE to add firmware files metadata (bsc#1227149). - wifi: mwifiex: use cfg80211_ssid_eq() instead of mwifiex_ssid_cmp() (bsc#1227149). - wifi: mwifiex: use is_zero_ether_addr() instead of ether_addr_equal() (bsc#1227149). - wifi: mwifiex: use kstrtoX_from_user() in debugfs handlers (bsc#1227149). - wifi: nl80211: Avoid address calculations via out of bounds array indexing (git-fixes). - wifi: nl80211: Extend del pmksa support for SAE and OWE security (bsc#1227149). - wifi: nl80211: Remove unused declaration nl80211_pmsr_dump_results() (bsc#1227149). - wifi: nl80211: additions to NL80211_CMD_SET_BEACON (bsc#1227149). - wifi: nl80211: allow reporting wakeup for unprot deauth/disassoc (bsc#1227149). - wifi: nl80211: fixes to FILS discovery updates (bsc#1227149). - wifi: nl80211: refactor nl80211_send_mlme_event() arguments (bsc#1227149). - wifi: p54: Add missing MODULE_FIRMWARE macro (bsc#1227149). - wifi: p54: Annotate struct p54_cal_database with __counted_by (bsc#1227149). - wifi: p54: fix GCC format truncation warning with wiphy->fw_version (bsc#1227149). - wifi: plfxlc: Drop unused include (bsc#1227149). - wifi: radiotap: add bandwidth definition of EHT U-SIG (bsc#1227149). - wifi: remove unused argument of ieee80211_get_tdls_action() (bsc#1227149). - wifi: rsi: fix restricted __le32 degrades to integer sparse warnings (bsc#1227149). - wifi: rsi: rsi_91x_coex: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_debugfs: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_hal: Remove unnecessary conversions (bsc#1227149). - wifi: rsi: rsi_91x_mac80211: Remove unnecessary conversions (bsc#1227149). - wifi: rsi: rsi_91x_main: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_sdio: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_sdio_ops: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_usb: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_usb_ops: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rt2x00: Simplify bool conversion (bsc#1227149). - wifi: rt2x00: correct MAC_SYS_CTRL register RX mask in R-Calibration (bsc#1227149). - wifi: rt2x00: disable RTS threshold for rt2800 by default (bsc#1227149). - wifi: rt2x00: fix MT7620 low RSSI issue (bsc#1227149). - wifi: rt2x00: fix rt2800 watchdog function (bsc#1227149). - wifi: rt2x00: fix the typo in comments (bsc#1227149). - wifi: rt2x00: improve MT7620 register initialization (bsc#1227149). - wifi: rt2x00: introduce DMA busy check watchdog for rt2800 (bsc#1227149). - wifi: rt2x00: limit MT7620 TX power based on eeprom calibration (bsc#1227149). - wifi: rt2x00: make watchdog param per device (bsc#1227149). - wifi: rt2x00: remove redundant check if u8 array element is less than zero (bsc#1227149). - wifi: rt2x00: remove useless code in rt2x00queue_create_tx_descriptor() (bsc#1227149). - wifi: rt2x00: rework MT7620 PA/LNA RF calibration (bsc#1227149). - wifi: rt2x00: rework MT7620 channel config function (bsc#1227149). - wifi: rt2x00: silence sparse warnings (bsc#1227149). - wifi: rt2x00: simplify rt2x00crypto_rx_insert_iv() (bsc#1227149). - wifi: rtl8xxxu: 8188e: convert usage of priv->vif to priv->vifs[0] (bsc#1227149). - wifi: rtl8xxxu: 8188f: Limit TX power index (git-fixes). - wifi: rtl8xxxu: Actually use macid in rtl8xxxu_gen2_report_connect (bsc#1227149). - wifi: rtl8xxxu: Add TP-Link TL-WN823N V2 (bsc#1227149). - wifi: rtl8xxxu: Add a description about the device ID 0x7392:0xb722 (bsc#1227149). - wifi: rtl8xxxu: Add beacon functions (bsc#1227149). - wifi: rtl8xxxu: Add parameter force to rtl8xxxu_refresh_rate_mask (bsc#1227149). - wifi: rtl8xxxu: Add parameter macid to update_rate_mask (bsc#1227149). - wifi: rtl8xxxu: Add parameter role to report_connect (bsc#1227149). - wifi: rtl8xxxu: Add set_tim() callback (bsc#1227149). - wifi: rtl8xxxu: Add sta_add() and sta_remove() callbacks (bsc#1227149). - wifi: rtl8xxxu: Add start_ap() callback (bsc#1227149). - wifi: rtl8xxxu: Allow creating interface in AP mode (bsc#1227149). - wifi: rtl8xxxu: Allow setting rts threshold to -1 (bsc#1227149). - wifi: rtl8xxxu: Clean up filter configuration (bsc#1227149). - wifi: rtl8xxxu: Declare AP mode support for 8188f (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8192EU (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8192FU (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8710BU (RTL8188GU) (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8723BU (bsc#1227149). - wifi: rtl8xxxu: Enable hw seq for mgmt/non-QoS data frames (bsc#1227149). - wifi: rtl8xxxu: Fix LED control code of RTL8192FU (bsc#1227149). - wifi: rtl8xxxu: Fix off by one initial RTS rate (bsc#1227149). - wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU (stable-fixes). - wifi: rtl8xxxu: Put the macid in txdesc (bsc#1227149). - wifi: rtl8xxxu: Remove usage of ieee80211_get_tx_rate() (bsc#1227149). - wifi: rtl8xxxu: Remove usage of tx_info->control.rates[0].flags (bsc#1227149). - wifi: rtl8xxxu: Rename some registers (bsc#1227149). - wifi: rtl8xxxu: Select correct queue for beacon frames (bsc#1227149). - wifi: rtl8xxxu: Set maximum number of supported stations (bsc#1227149). - wifi: rtl8xxxu: Support USB RX aggregation for the newer chips (bsc#1227149). - wifi: rtl8xxxu: Support new chip RTL8192FU (bsc#1227149). - wifi: rtl8xxxu: add hw crypto support for AP mode (bsc#1227149). - wifi: rtl8xxxu: add macids for STA mode (bsc#1227149). - wifi: rtl8xxxu: add missing number of sec cam entries for all variants (bsc#1227149). - wifi: rtl8xxxu: check vif before using in rtl8xxxu_tx() (bsc#1227149). - wifi: rtl8xxxu: convert EN_DESC_ID of TX descriptor to le32 type (bsc#1227149). - wifi: rtl8xxxu: declare concurrent mode support for 8188f (bsc#1227149). - wifi: rtl8xxxu: do not parse CFO, if both interfaces are connected in STA mode (bsc#1227149). - wifi: rtl8xxxu: enable MFP support with security flag of RX descriptor (bsc#1227149). - wifi: rtl8xxxu: enable channel switch support (bsc#1227149). - wifi: rtl8xxxu: extend check for matching bssid to both interfaces (bsc#1227149). - wifi: rtl8xxxu: extend wifi connected check to both interfaces (bsc#1227149). - wifi: rtl8xxxu: fix error messages (bsc#1227149). - wifi: rtl8xxxu: fix mixed declarations in rtl8xxxu_set_aifs() (bsc#1227149). - wifi: rtl8xxxu: make instances of iface limit and combination to be static const (bsc#1227149). - wifi: rtl8xxxu: make supporting AP mode only on port 0 transparent (bsc#1227149). - wifi: rtl8xxxu: mark TOTOLINK N150UA V5/N150UA-B as tested (bsc#1227149). - wifi: rtl8xxxu: prepare supporting two virtual interfaces (bsc#1227149). - wifi: rtl8xxxu: remove assignment of priv->vif in rtl8xxxu_bss_info_changed() (bsc#1227149). - wifi: rtl8xxxu: remove obsolete priv->vif (bsc#1227149). - wifi: rtl8xxxu: rtl8xxxu_rx_complete(): remove unnecessary return (bsc#1227149). - wifi: rtl8xxxu: support multiple interface in start_ap() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in bss_info_changed() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in configure_filter() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in set_aifs() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in update_beacon_work_callback() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in watchdog_callback() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in {add,remove}_interface() (bsc#1227149). - wifi: rtl8xxxu: support setting bssid register for multiple interfaces (bsc#1227149). - wifi: rtl8xxxu: support setting linktype for both interfaces (bsc#1227149). - wifi: rtl8xxxu: support setting mac address register for both interfaces (bsc#1227149). - wifi: rtl8xxxu: update rate mask per sta (bsc#1227149). - wifi: rtlwifi: Convert to use PCIe capability accessors (bsc#1227149). - wifi: rtlwifi: Ignore IEEE80211_CONF_CHANGE_RETRY_LIMITS (bsc#1227149). - wifi: rtlwifi: Remove bridge vendor/device ids (bsc#1227149). - wifi: rtlwifi: Remove rtl_intf_ops.read_efuse_byte (bsc#1227149). - wifi: rtlwifi: Remove unused PCI related defines and struct (bsc#1227149). - wifi: rtlwifi: Speed up firmware loading for USB (bsc#1227149). - wifi: rtlwifi: cleanup USB interface (bsc#1227149). - wifi: rtlwifi: cleanup few rtlxxx_tx_fill_desc() routines (bsc#1227149). - wifi: rtlwifi: cleanup few rtlxxxx_set_hw_reg() routines (bsc#1227149). - wifi: rtlwifi: cleanup struct rtl_hal (bsc#1227149). - wifi: rtlwifi: cleanup struct rtl_phy (bsc#1227149). - wifi: rtlwifi: cleanup struct rtl_ps_ctl (bsc#1227149). - wifi: rtlwifi: drop chk_switch_dmdp() from HAL interface (bsc#1227149). - wifi: rtlwifi: drop fill_fake_txdesc() from HAL interface (bsc#1227149). - wifi: rtlwifi: drop pre_fill_tx_bd_desc() from HAL interface (bsc#1227149). - wifi: rtlwifi: drop unused const_amdpci_aspm (bsc#1227149). - wifi: rtlwifi: remove misused flag from HAL data (bsc#1227149). - wifi: rtlwifi: remove unreachable code in rtl92d_dm_check_edca_turbo() (bsc#1227149). - wifi: rtlwifi: remove unused dualmac control leftovers (bsc#1227149). - wifi: rtlwifi: remove unused timer and related code (bsc#1227149). - wifi: rtlwifi: rtl8192cu: Fix 2T2R chip type detection (bsc#1227149). - wifi: rtlwifi: rtl8192cu: Fix TX aggregation (bsc#1227149). - wifi: rtlwifi: rtl8192de: Do not read register in _rtl92de_query_rxphystatus (bsc#1227149). - wifi: rtlwifi: rtl8192de: Fix 5 GHz TX power (stable-fixes). - wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path (stable-fixes). - wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE (stable-fixes). - wifi: rtlwifi: rtl8723: Remove unused function rtl8723_cmd_send_packet() (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Access full PMCS reg and use pci_regs.h (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Add pdev into _rtl8821ae_clear_pci_pme_status() (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Remove unnecessary PME_Status bit set (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Reverse PM Capability exists check (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Use pci_find_capability() (bsc#1227149). - wifi: rtlwifi: rtl8821ae: phy: remove some useless code (bsc#1227149). - wifi: rtlwifi: rtl8821ae: phy: using calculate_bit_shift() (bsc#1227149). - wifi: rtlwifi: rtl92ee_dm_dynamic_primary_cca_check(): fix typo in function name (bsc#1227149). - wifi: rtlwifi: rtl_usb: Store the endpoint addresses (bsc#1227149). - wifi: rtlwifi: rtl_usb: Use sync register writes (bsc#1227149). - wifi: rtlwifi: set initial values for unexpected cases of USB endpoint priority (bsc#1227149). - wifi: rtlwifi: simplify LED management (bsc#1227149). - wifi: rtlwifi: simplify TX command fill callbacks (bsc#1227149). - wifi: rtlwifi: simplify rtl_action_proc() and rtl_tx_agg_start() (bsc#1227149). - wifi: rtlwifi: use convenient list_count_nodes() (bsc#1227149). - wifi: rtlwifi: use eth_broadcast_addr() to assign broadcast address (bsc#1227149). - wifi: rtlwifi: use helper function rtl_get_hdr() (bsc#1227149). - wifi: rtlwifi: use unsigned long for bt_coexist_8723 timestamp (bsc#1227149). - wifi: rtlwifi: use unsigned long for rtl_bssid_entry timestamp (bsc#1227149). - wifi: rtw88: 8821c: tweak CCK TX filter setting for SRRC regulation (bsc#1227149). - wifi: rtw88: 8821c: update TX power limit to V67 (bsc#1227149). - wifi: rtw88: 8822c: update TX power limit to V70 (bsc#1227149). - wifi: rtw88: 8822ce: refine power parameters for RFE type 5 (bsc#1227149). - wifi: rtw88: Add support for the SDIO based RTL8723DS chipset (bsc#1227149). - wifi: rtw88: Fix AP mode incorrect DTIM behavior (bsc#1227149). - wifi: rtw88: Fix action frame transmission fail before association (bsc#1227149). - wifi: rtw88: Skip high queue in hci_flush (bsc#1227149). - wifi: rtw88: Stop high queue during scan (bsc#1227149). - wifi: rtw88: Use random MAC when efuse MAC invalid (bsc#1227149). - wifi: rtw88: add missing unwind goto for __rtw_download_firmware() (bsc#1227149). - wifi: rtw88: debug: add to check if debug mask is enabled (bsc#1227149). - wifi: rtw88: debug: remove wrapper of rtw_dbg() (bsc#1227149). - wifi: rtw88: dump firmware debug information in abnormal state (bsc#1227149). - wifi: rtw88: fix incorrect error codes in rtw_debugfs_copy_from_user (bsc#1227149). - wifi: rtw88: fix incorrect error codes in rtw_debugfs_set_* (bsc#1227149). - wifi: rtw88: fix not entering PS mode after AP stops (bsc#1227149). - wifi: rtw88: fix typo rtw8822cu_probe (bsc#1227149). - wifi: rtw88: process VO packets without workqueue to avoid PTK rekey failed (bsc#1227149). - wifi: rtw88: refine register based H2C command (bsc#1227149). - wifi: rtw88: regd: configure QATAR and UK (bsc#1227149). - wifi: rtw88: regd: update regulatory map to R64-R42 (bsc#1227149). - wifi: rtw88: remove unused USB bulkout size set (bsc#1227149). - wifi: rtw88: remove unused and set but unused leftovers (bsc#1227149). - wifi: rtw88: rtw8723d: Implement RTL8723DS (SDIO) efuse parsing (bsc#1227149). - wifi: rtw88: simplify __rtw_tx_work() (bsc#1227149). - wifi: rtw88: simplify vif iterators (bsc#1227149). - wifi: rtw88: use cfg80211_ssid_eq() instead of rtw_ssid_equal() (bsc#1227149). - wifi: rtw88: use kstrtoX_from_user() in debugfs handlers (bsc#1227149). - wifi: rtw88: use struct instead of macros to set TX desc (bsc#1227149). - wifi: rtw89: 52c: rfk: disable DPK during MCC (bsc#1227149). - wifi: rtw89: 52c: rfk: refine MCC channel info notification (bsc#1227149). - wifi: rtw89: 8851b: add 8851B basic chip_info (bsc#1227149). - wifi: rtw89: 8851b: add 8851be to Makefile and Kconfig (bsc#1227149). - wifi: rtw89: 8851b: add BT coexistence support function (bsc#1227149). - wifi: rtw89: 8851b: add DLE mem and HFC quota (bsc#1227149). - wifi: rtw89: 8851b: add MAC configurations to chip_info (bsc#1227149). - wifi: rtw89: 8851b: add NCTL post table (bsc#1227149). - wifi: rtw89: 8851b: add RF configurations (bsc#1227149). - wifi: rtw89: 8851b: add TX power related functions (bsc#1227149). - wifi: rtw89: 8851b: add basic power on function (bsc#1227149). - wifi: rtw89: 8851b: add set channel function (bsc#1227149). - wifi: rtw89: 8851b: add set_channel_rf() (bsc#1227149). - wifi: rtw89: 8851b: add support WoWLAN to 8851B (bsc#1227149). - wifi: rtw89: 8851b: add to parse efuse content (bsc#1227149). - wifi: rtw89: 8851b: add to read efuse version to recognize hardware version B (bsc#1227149). - wifi: rtw89: 8851b: configure CRASH_TRIGGER feature for 8851B (bsc#1227149). - wifi: rtw89: 8851b: configure GPIO according to RFE type (bsc#1227149). - wifi: rtw89: 8851b: configure to force 1 TX power value (bsc#1227149). - wifi: rtw89: 8851b: enable hw_scan support (bsc#1227149). - wifi: rtw89: 8851b: fill BB related capabilities to chip_info (bsc#1227149). - wifi: rtw89: 8851b: rfk: Fix spelling mistake KIP_RESOTRE -> KIP_RESTORE (bsc#1227149). - wifi: rtw89: 8851b: rfk: add AACK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add DACK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add DPK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add IQK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add LCK track (bsc#1227149). - wifi: rtw89: 8851b: rfk: add RCK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add RX DCK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add TSSI (bsc#1227149). - wifi: rtw89: 8851b: rfk: update IQK to version 0x8 (bsc#1227149). - wifi: rtw89: 8851b: update RF radio A parameters to R28 (bsc#1227149). - wifi: rtw89: 8851b: update TX power tables to R28 (bsc#1227149). - wifi: rtw89: 8851b: update TX power tables to R34 (bsc#1227149). - wifi: rtw89: 8851b: update TX power tables to R37 (bsc#1227149). - wifi: rtw89: 8851be: add 8851BE PCI entry and fill PCI capabilities (bsc#1227149). - wifi: rtw89: 8852b: fix definition of KIP register number (git-fixes). - wifi: rtw89: 8852b: update TX power tables to R35 (bsc#1227149). - wifi: rtw89: 8852b: update TX power tables to R36 (bsc#1227149). - wifi: rtw89: 8852c: Fix TSSI causes transmit power inaccuracy (bsc#1227149). - wifi: rtw89: 8852c: Update bandedge parameters for better performance (bsc#1227149). - wifi: rtw89: 8852c: add quirk to set PCI BER for certain platforms (bsc#1227149). - wifi: rtw89: 8852c: declare to support two chanctx (bsc#1227149). - wifi: rtw89: 8852c: read RX gain offset from efuse for 6GHz channels (bsc#1227149). - wifi: rtw89: 8852c: update RF radio A/B parameters to R63 (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R63 with 6 GHz power type (1 of 3) (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R63 with 6 GHz power type (2 of 3) (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R63 with 6 GHz power type (3 of 3) (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R67 (bsc#1227149). - wifi: rtw89: 8922a: add 8922A basic chip info (bsc#1227149). - wifi: rtw89: 8922a: add BTG functions to assist BT coexistence to control TX/RX (bsc#1227149). - wifi: rtw89: 8922a: add NCTL pre-settings for WiFi 7 chips (bsc#1227149). - wifi: rtw89: 8922a: add RF read/write v2 (bsc#1227149). - wifi: rtw89: 8922a: add SER IMR tables (bsc#1227149). - wifi: rtw89: 8922a: add TX power related ops (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops related to BB init (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops to get thermal value (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::bb_preinit to enable BB before downloading firmware (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::cfg_txrx_path (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::rfk_hw_init (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::rfk_init_late to do initial RF calibrations later (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::{enable,disable}_bb_rf (bsc#1227149). - wifi: rtw89: 8922a: add coexistence helpers of SW grant (bsc#1227149). - wifi: rtw89: 8922a: add helper of set_channel (bsc#1227149). - wifi: rtw89: 8922a: add ieee80211_ops::hw_scan (bsc#1227149). - wifi: rtw89: 8922a: add more fields to beacon H2C command to support multi-links (bsc#1227149). - wifi: rtw89: 8922a: add power on/off functions (bsc#1227149). - wifi: rtw89: 8922a: add register definitions of H2C, C2H, page, RRSR and EDCCA (bsc#1227149). - wifi: rtw89: 8922a: add set_channel BB part (bsc#1227149). - wifi: rtw89: 8922a: add set_channel MAC part (bsc#1227149). - wifi: rtw89: 8922a: add set_channel RF part (bsc#1227149). - wifi: rtw89: 8922a: configure CRASH_TRIGGER FW feature (bsc#1227149). - wifi: rtw89: 8922a: correct register definition and merge IO for ctrl_nbtg_bt_tx() (bsc#1227149). - wifi: rtw89: 8922a: declare to support two chanctx (bsc#1227149). - wifi: rtw89: 8922a: dump MAC registers when SER occurs (bsc#1227149). - wifi: rtw89: 8922a: extend and add quota number (bsc#1227149). - wifi: rtw89: 8922a: hook handlers of TX/RX descriptors to chip_ops (bsc#1227149). - wifi: rtw89: 8922a: implement AP mode related reg for BE generation (bsc#1227149). - wifi: rtw89: 8922a: implement {stop,resume}_sch_tx and cfg_ppdu (bsc#1227149). - wifi: rtw89: 8922a: read efuse content from physical map (bsc#1227149). - wifi: rtw89: 8922a: read efuse content via efuse map struct from logic map (bsc#1227149). - wifi: rtw89: 8922a: rfk: implement chip_ops to call RF calibrations (bsc#1227149). - wifi: rtw89: 8922a: set RX gain along with set_channel operation (bsc#1227149). - wifi: rtw89: 8922a: set chip_ops FEM and GPIO to NULL (bsc#1227149). - wifi: rtw89: 8922a: set memory heap address for secure firmware (bsc#1227149). - wifi: rtw89: 8922a: update BA CAM number to 24 (bsc#1227149). - wifi: rtw89: 8922a: update the register used in DIG and the DIG flow (bsc#1227149). - wifi: rtw89: 8922ae: add 8922AE PCI entry and basic info (bsc#1227149). - wifi: rtw89: 8922ae: add v2 interrupt handlers for 8922AE (bsc#1227149). - wifi: rtw89: Add EHT rate mask as parameters of RA H2C command (bsc#1227149). - wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() (git-fixes). - wifi: rtw89: Fix clang -Wimplicit-fallthrough in rtw89_query_sar() (bsc#1227149). - wifi: rtw89: Introduce Time Averaged SAR (TAS) feature (bsc#1227149). - wifi: rtw89: Refine active scan behavior in 6 GHz (bsc#1227149). - wifi: rtw89: Set default CQM config if not present (bsc#1227149). - wifi: rtw89: TX power stuffs replace confusing naming of _max with _num (bsc#1227149). - wifi: rtw89: Update EHT PHY beamforming capability (bsc#1227149). - wifi: rtw89: acpi: process 6 GHz band policy from DSM (bsc#1227149). - wifi: rtw89: add C2H RA event V1 to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: add C2H event handlers of RFK log and report (bsc#1227149). - wifi: rtw89: add CFO XTAL registers field to support 8851B (bsc#1227149). - wifi: rtw89: add DBCC H2C to notify firmware the status (bsc#1227149). - wifi: rtw89: add EHT capabilities for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add EHT radiotap in monitor mode (bsc#1227149). - wifi: rtw89: add EVM and SNR statistics to debugfs (bsc#1227149). - wifi: rtw89: add EVM for antenna diversity (bsc#1227149). - wifi: rtw89: add H2C RA command V1 to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: add H2C command to download beacon frame for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add RSSI based antenna diversity (bsc#1227149). - wifi: rtw89: add RSSI statistics for the case of antenna diversity to debugfs (bsc#1227149). - wifi: rtw89: add XTAL SI for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add chip_info::chip_gen to determine chip generation (bsc#1227149). - wifi: rtw89: add chip_info::txwd_info size to generalize TX WD submit (bsc#1227149). - wifi: rtw89: add chip_ops::h2c_ba_cam() to configure BA CAM (bsc#1227149). - wifi: rtw89: add chip_ops::query_rxdesc() and rxd_len as helpers to support newer chips (bsc#1227149). - wifi: rtw89: add chip_ops::update_beacon to abstract update beacon operation (bsc#1227149). - wifi: rtw89: add firmware H2C command of BA CAM V1 (bsc#1227149). - wifi: rtw89: add firmware parser for v1 format (bsc#1227149). - wifi: rtw89: add firmware suit for BB MCU 0/1 (bsc#1227149). - wifi: rtw89: add function prototype for coex request duration (bsc#1227149). - wifi: rtw89: add mac_gen pointer to access mac port registers (bsc#1227149). - wifi: rtw89: add mlo_dbcc_mode for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add new H2C command to pause/sleep transmitting by MAC ID (bsc#1227149). - wifi: rtw89: add new H2C for PS mode in 802.11be chip (bsc#1227149). - wifi: rtw89: add reserved size as factor of DLE used size (bsc#1227149). - wifi: rtw89: add subband index of primary channel to struct rtw89_chan (bsc#1227149). - wifi: rtw89: add to display hardware rates v1 histogram in debugfs (bsc#1227149). - wifi: rtw89: add to fill TX descriptor for firmware command v2 (bsc#1227149). - wifi: rtw89: add to fill TX descriptor v2 (bsc#1227149). - wifi: rtw89: add to parse firmware elements of BB and RF tables (bsc#1227149). - wifi: rtw89: add to query RX descriptor format v2 (bsc#1227149). - wifi: rtw89: add tx_wake notify for 8851B (bsc#1227149). - wifi: rtw89: add wait/completion for abort scan (bsc#1227149). - wifi: rtw89: adjust init_he_cap() to add EHT cap into iftype_data (bsc#1227149). - wifi: rtw89: advertise missing extended scan feature (bsc#1227149). - wifi: rtw89: avoid stringop-overflow warning (bsc#1227149). - wifi: rtw89: call rtw89_chan_get() by vif chanctx if aware of vif (bsc#1227149). - wifi: rtw89: chan: MCC take reconfig into account (bsc#1227149). - wifi: rtw89: chan: add sub-entity swap function to cover replacing (bsc#1227149). - wifi: rtw89: chan: move handling from add/remove to assign/unassign for MLO (bsc#1227149). - wifi: rtw89: chan: support MCC on Wi-Fi 7 chips (bsc#1227149). - wifi: rtw89: chan: tweak bitmap recalc ahead before MLO (bsc#1227149). - wifi: rtw89: chan: tweak weight recalc ahead before MLO (bsc#1227149). - wifi: rtw89: change naming of BA CAM from V1 to V0_EXT (bsc#1227149). - wifi: rtw89: change qutoa to DBCC by default for WiFi 7 chips (bsc#1227149). - wifi: rtw89: change supported bandwidths of chip_info to bit mask (bsc#1227149). - wifi: rtw89: cleanup firmware elements parsing (bsc#1227149). - wifi: rtw89: cleanup private data structures (bsc#1227149). - wifi: rtw89: cleanup rtw89_iqk_info and related code (bsc#1227149). - wifi: rtw89: coex: Add Bluetooth RSSI level information (bsc#1227149). - wifi: rtw89: coex: Add Pre-AGC control to enhance Wi-Fi RX performance (bsc#1227149). - wifi: rtw89: coex: Add coexistence policy to decrease WiFi packet CRC-ERR (bsc#1227149). - wifi: rtw89: coex: Fix wrong Wi-Fi role info and FDDT parameter members (bsc#1227149). - wifi: rtw89: coex: Record down Wi-Fi initial mode information (bsc#1227149). - wifi: rtw89: coex: Reorder H2C command index to align with firmware (bsc#1227149). - wifi: rtw89: coex: Set Bluetooth scan low-priority when Wi-Fi link/scan (bsc#1227149). - wifi: rtw89: coex: Still show hardware grant signal info even Wi-Fi is PS (bsc#1227149). - wifi: rtw89: coex: To improve Wi-Fi performance while BT is idle (bsc#1227149). - wifi: rtw89: coex: Translate antenna configuration from ID to string (bsc#1227149). - wifi: rtw89: coex: Update BTG control related logic (bsc#1227149). - wifi: rtw89: coex: Update RF parameter control setting logic (bsc#1227149). - wifi: rtw89: coex: Update coexistence policy for Wi-Fi LPS (bsc#1227149). - wifi: rtw89: coex: When Bluetooth not available do not set power/gain (bsc#1227149). - wifi: rtw89: coex: add BTC ctrl_info version 7 and related logic (bsc#1227149). - wifi: rtw89: coex: add annotation __counted_by() for struct rtw89_btc_btf_set_slot_table (bsc#1227149). - wifi: rtw89: coex: add annotation __counted_by() to struct rtw89_btc_btf_set_mon_reg (bsc#1227149). - wifi: rtw89: coex: add init_info H2C command format version 7 (bsc#1227149). - wifi: rtw89: coex: add return value to ensure H2C command is success or not (bsc#1227149). - wifi: rtw89: coex: fix configuration for shared antenna for 8922A (bsc#1227149). - wifi: rtw89: coex: use struct assignment to replace memcpy() to append TDMA content (bsc#1227149). - wifi: rtw89: configure PPDU max user by chip (bsc#1227149). - wifi: rtw89: consider RX info for WiFi 7 chips (bsc#1227149). - wifi: rtw89: consolidate registers of mac port to struct (bsc#1227149). - wifi: rtw89: correct PHY register offset for PHY-1 (bsc#1227149). - wifi: rtw89: correct aSIFSTime for 6GHz band (stable-fixes). - wifi: rtw89: correct the DCFO tracking flow to improve CFO compensation (bsc#1227149). - wifi: rtw89: debug: add FW log component for scan (bsc#1227149). - wifi: rtw89: debug: add debugfs entry to disable dynamic mechanism (bsc#1227149). - wifi: rtw89: debug: add to check if debug mask is enabled (bsc#1227149). - wifi: rtw89: debug: remove wrapper of rtw89_debug() (bsc#1227149). - wifi: rtw89: debug: show txpwr table according to chip gen (bsc#1227149). - wifi: rtw89: debug: txpwr table access only valid page according to chip (bsc#1227149). - wifi: rtw89: debug: txpwr table supports Wi-Fi 7 chips (bsc#1227149). - wifi: rtw89: declare EXT NSS BW of VHT capability (bsc#1227149). - wifi: rtw89: declare MCC in interface combination (bsc#1227149). - wifi: rtw89: define hardware rate v1 for WiFi 7 chips (bsc#1227149). - wifi: rtw89: differentiate narrow_bw_ru_dis setting according to chip gen (bsc#1227149). - wifi: rtw89: disable RTS when broadcast/multicast (bsc#1227149). - wifi: rtw89: download firmware with five times retry (bsc#1227149). - wifi: rtw89: drop TIMING_BEACON_ONLY and sync beacon TSF by self (bsc#1227149). - wifi: rtw89: enlarge supported length of read_reg debugfs entry (bsc#1227149). - wifi: rtw89: extend PHY status parser to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: fix HW scan not aborting properly (git-fixes). - wifi: rtw89: fix HW scan timeout due to TSF sync issue (bsc#1227149). - wifi: rtw89: fix a width vs precision bug (bsc#1227149). - wifi: rtw89: fix disabling concurrent mode TX hang issue (bsc#1227149). - wifi: rtw89: fix misbehavior of TX beacon in concurrent mode (bsc#1227149). - wifi: rtw89: fix not entering PS mode after AP stops (bsc#1227149). - wifi: rtw89: fix spelling typo of IQK debug messages (bsc#1227149). - wifi: rtw89: fix typo of rtw89_fw_h2c_mcc_macid_bitmap() (bsc#1227149). - wifi: rtw89: fw: add H2C command to reset CMAC table for WiFi 7 (bsc#1227149). - wifi: rtw89: fw: add H2C command to reset DMAC table for WiFi 7 (bsc#1227149). - wifi: rtw89: fw: add H2C command to update security CAM v2 (bsc#1227149). - wifi: rtw89: fw: add checking type for variant type of firmware (bsc#1227149). - wifi: rtw89: fw: add chip_ops to update CMAC table to associated station (bsc#1227149). - wifi: rtw89: fw: add definition of H2C command and C2H event for MRC series (bsc#1227149). - wifi: rtw89: fw: add version field to BB MCU firmware element (bsc#1227149). - wifi: rtw89: fw: consider checksum length of security data (bsc#1227149). - wifi: rtw89: fw: download firmware with key data for secure boot (bsc#1227149). - wifi: rtw89: fw: extend JOIN H2C command to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: fw: extend program counter dump for Wi-Fi 7 chip (bsc#1227149). - wifi: rtw89: fw: fill CMAC table to associated station for WiFi 7 chips (bsc#1227149). - wifi: rtw89: fw: generalize download firmware flow by mac_gen pointers (bsc#1227149). - wifi: rtw89: fw: implement MRC H2C command functions (bsc#1227149). - wifi: rtw89: fw: implement supported functions of download firmware for WiFi 7 chips (bsc#1227149). - wifi: rtw89: fw: load TX power track tables from fw_element (bsc#1227149). - wifi: rtw89: fw: move polling function of firmware path ready to an individual function (bsc#1227149). - wifi: rtw89: fw: parse secure section from firmware file (bsc#1227149). - wifi: rtw89: fw: propagate an argument include_bb for BB MCU firmware (bsc#1227149). - wifi: rtw89: fw: read firmware secure information from efuse (bsc#1227149). - wifi: rtw89: fw: refine download flow to support variant firmware suits (bsc#1227149). - wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband (bsc#1227149). - wifi: rtw89: fw: update TX AMPDU parameter to CMAC table (bsc#1227149). - wifi: rtw89: fw: use struct to fill BA CAM H2C commands (bsc#1227149). - wifi: rtw89: fw: use struct to fill JOIN H2C command (bsc#1227149). - wifi: rtw89: get data rate mode/NSS/MCS v1 from RX descriptor (bsc#1227149). - wifi: rtw89: indicate TX power by rate table inside RFE parameter (bsc#1227149). - wifi: rtw89: indicate TX shape table inside RFE parameter (bsc#1227149). - wifi: rtw89: initialize antenna for antenna diversity (bsc#1227149). - wifi: rtw89: initialize multi-channel handling (bsc#1227149). - wifi: rtw89: introduce infrastructure of firmware elements (bsc#1227149). - wifi: rtw89: introduce realtek ACPI DSM method (bsc#1227149). - wifi: rtw89: introduce v1 format of firmware header (bsc#1227149). - wifi: rtw89: load BB parameters to PHY-1 (bsc#1227149). - wifi: rtw89: load RFK log format string from firmware file (bsc#1227149). - wifi: rtw89: load TX power by rate when RFE parms setup (bsc#1227149). - wifi: rtw89: load TX power related tables from FW elements (bsc#1227149). - wifi: rtw89: mac: Fix spelling mistakes 'notfify' -> 'notify' (bsc#1227149). - wifi: rtw89: mac: add coexistence helpers {cfg/get}_plt (bsc#1227149). - wifi: rtw89: mac: add feature_init to initialize BA CAM V1 (bsc#1227149). - wifi: rtw89: mac: add flags to check if CMAC and DMAC are enabled (bsc#1227149). - wifi: rtw89: mac: add mac_gen_def::band1_offset to map MAC band1 register address (bsc#1227149). - wifi: rtw89: mac: add registers of MU-EDCA parameters for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: add suffix _ax to MAC functions (bsc#1227149). - wifi: rtw89: mac: add sys_init and filter option for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: add to access efuse for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: add to get DLE reserved quota (bsc#1227149). - wifi: rtw89: mac: check queue empty according to chip gen (bsc#1227149). - wifi: rtw89: mac: correct MUEDCA setting for MAC-1 (bsc#1227149). - wifi: rtw89: mac: define internal memory address for WiFi 7 chip (bsc#1227149). - wifi: rtw89: mac: define register address of rx_filter to generalize code (bsc#1227149). - wifi: rtw89: mac: do bf_monitor only if WiFi 6 chips (bsc#1227149). - wifi: rtw89: mac: functions to configure hardware engine and quota for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: generalize code to indirectly access WiFi internal memory (bsc#1227149). - wifi: rtw89: mac: generalize register of MU-EDCA switch according to chip gen (bsc#1227149). - wifi: rtw89: mac: get TX power control register according to chip gen (bsc#1227149). - wifi: rtw89: mac: handle C2H receive/done ACK in interrupt context (bsc#1227149). - wifi: rtw89: mac: implement MRC C2H event handling (bsc#1227149). - wifi: rtw89: mac: implement to configure TX/RX engines for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: move code related to hardware engine to individual functions (bsc#1227149). - wifi: rtw89: mac: refine SER setting during WiFi CPU power on (bsc#1227149). - wifi: rtw89: mac: reset PHY-1 hardware when going to enable/disable (bsc#1227149). - wifi: rtw89: mac: return held quota of DLE when changing MAC-1 (bsc#1227149). - wifi: rtw89: mac: set bf_assoc capabilities according to chip gen (bsc#1227149). - wifi: rtw89: mac: set bfee_ctrl() according to chip gen (bsc#1227149). - wifi: rtw89: mac: update RTS threshold according to chip gen (bsc#1227149). - wifi: rtw89: mac: use mac_gen pointer to access about efuse (bsc#1227149). - wifi: rtw89: mac: use pointer to access functions of hardware engine and quota (bsc#1227149). - wifi: rtw89: mcc: consider and determine BT duration (bsc#1227149). - wifi: rtw89: mcc: deal with BT slot change (bsc#1227149). - wifi: rtw89: mcc: deal with P2P PS change (bsc#1227149). - wifi: rtw89: mcc: deal with beacon NoA if GO exists (bsc#1227149). - wifi: rtw89: mcc: decide pattern and calculate parameters (bsc#1227149). - wifi: rtw89: mcc: fill fundamental configurations (bsc#1227149). - wifi: rtw89: mcc: fix NoA start time when GO is auxiliary (bsc#1227149). - wifi: rtw89: mcc: initialize start flow (bsc#1227149). - wifi: rtw89: mcc: track beacon offset and update when needed (bsc#1227149). - wifi: rtw89: mcc: trigger FW to start/stop MCC (bsc#1227149). - wifi: rtw89: mcc: update role bitmap when changed (bsc#1227149). - wifi: rtw89: modify the register setting and the flow of CFO tracking (bsc#1227149). - wifi: rtw89: move software DCFO compensation setting to proper position (bsc#1227149). - wifi: rtw89: only reset BB/RF for existing WiFi 6 chips while starting up (bsc#1227149). - wifi: rtw89: packet offload wait for FW response (bsc#1227149). - wifi: rtw89: parse EHT information from RX descriptor and PPDU status packet (bsc#1227149). - wifi: rtw89: parse TX EHT rate selected by firmware from RA C2H report (bsc#1227149). - wifi: rtw89: parse and print out RFK log from C2H events (bsc#1227149). - wifi: rtw89: pause/proceed MCC for ROC and HW scan (bsc#1227149). - wifi: rtw89: pci: add LTR v2 for WiFi 7 chip (bsc#1227149). - wifi: rtw89: pci: add PCI generation information to pci_info for each chip (bsc#1227149). - wifi: rtw89: pci: add new RX ring design to determine full RX ring efficiently (bsc#1227149). - wifi: rtw89: pci: add pre_deinit to be called after probe complete (bsc#1227149). - wifi: rtw89: pci: correct interrupt mitigation register for 8852CE (bsc#1227149). - wifi: rtw89: pci: define PCI ring address for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: fix interrupt enable mask for HALT C2H of RTL8851B (bsc#1227149). - wifi: rtw89: pci: generalize code of PCI control DMA IO for WiFi 7 (bsc#1227149). - wifi: rtw89: pci: generalize interrupt status bits of interrupt handlers (bsc#1227149). - wifi: rtw89: pci: implement PCI CLK/ASPM/L1SS for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: implement PCI mac_post_init for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: implement PCI mac_pre_init for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: interrupt v2 refine IMR for SER (bsc#1227149). - wifi: rtw89: pci: reset BDRAM according to chip gen (bsc#1227149). - wifi: rtw89: pci: stop/start DMA for level 1 recovery according to chip gen (bsc#1227149). - wifi: rtw89: pci: update SER timer unit and timeout time (bsc#1227149). - wifi: rtw89: pci: update interrupt mitigation register for 8922AE (bsc#1227149). - wifi: rtw89: pci: use DBI function for 8852AE/8852BE/8851BE (bsc#1227149). - wifi: rtw89: pci: use gen_def pointer to configure mac_{pre,post}_init and clear PCI ring index (bsc#1227149). - wifi: rtw89: pci: validate RX tag for RXQ and RPQ (bsc#1227149). - wifi: rtw89: phy: add BB wrapper of TX power for WiFi 7 chips (bsc#1227149). - wifi: rtw89: phy: add parser to support RX gain dynamic setting flow (bsc#1227149). - wifi: rtw89: phy: add phy_gen_def::cr_base to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: phy: change naming related BT coexistence functions (bsc#1227149). - wifi: rtw89: phy: dynamically adjust EDCCA threshold (bsc#1227149). - wifi: rtw89: phy: extend TX power common stuffs for Wi-Fi 7 chips (bsc#1227149). - wifi: rtw89: phy: generalize valid bit of BSS color (bsc#1227149). - wifi: rtw89: phy: ignore special data from BB parameter file (bsc#1227149). - wifi: rtw89: phy: modify register setting of ENV_MNTR, PHYSTS and DIG (bsc#1227149). - wifi: rtw89: phy: move bb_gain_info used by WiFi 6 chips to union (bsc#1227149). - wifi: rtw89: phy: print out RFK log with formatted string (bsc#1227149). - wifi: rtw89: phy: rate pattern handles HW rate by chip gen (bsc#1227149). - wifi: rtw89: phy: refine helpers used for raw TX power (bsc#1227149). - wifi: rtw89: phy: set TX power RU limit according to chip gen (bsc#1227149). - wifi: rtw89: phy: set TX power by rate according to chip gen (bsc#1227149). - wifi: rtw89: phy: set TX power limit according to chip gen (bsc#1227149). - wifi: rtw89: phy: set TX power offset according to chip gen (bsc#1227149). - wifi: rtw89: phy: set channel_info for WiFi 7 chips (bsc#1227149). - wifi: rtw89: prepare scan leaf functions for wifi 7 ICs (bsc#1227149). - wifi: rtw89: process regulatory for 6 GHz power type (bsc#1227149). - wifi: rtw89: provide functions to configure NoA for beacon update (bsc#1227149). - wifi: rtw89: recognize log format from firmware file (bsc#1227149). - wifi: rtw89: reference quota mode when setting Tx power (bsc#1227149). - wifi: rtw89: refine H2C command that pause transmitting by MAC ID (bsc#1227149). - wifi: rtw89: refine add_chan H2C command to encode_bits (bsc#1227149). - wifi: rtw89: refine bandwidth 160MHz uplink OFDMA performance (bsc#1227149). - wifi: rtw89: refine clearing supported bands to check 2/5 GHz first (bsc#1227149). - wifi: rtw89: refine element naming used by queue empty check (bsc#1227149). - wifi: rtw89: refine hardware scan C2H events (bsc#1227149). - wifi: rtw89: refine packet offload delete flow of 6 GHz probe (bsc#1227149). - wifi: rtw89: refine packet offload handling under SER (bsc#1227149). - wifi: rtw89: refine remain on channel flow to improve P2P connection (bsc#1227149). - wifi: rtw89: refine rtw89_correct_cck_chan() by rtw89_hw_to_nl80211_band() (bsc#1227149). - wifi: rtw89: refine uplink trigger based control mechanism (bsc#1227149). - wifi: rtw89: regd: configure Thailand in regulation type (bsc#1227149). - wifi: rtw89: regd: handle policy of 6 GHz according to BIOS (bsc#1227149). - wifi: rtw89: regd: judge 6 GHz according to chip and BIOS (bsc#1227149). - wifi: rtw89: regd: judge UNII-4 according to BIOS and chip (bsc#1227149). - wifi: rtw89: regd: update regulatory map to R64-R40 (bsc#1227149). - wifi: rtw89: regd: update regulatory map to R64-R43 (bsc#1227149). - wifi: rtw89: regd: update regulatory map to R65-R44 (bsc#1227149). - wifi: rtw89: release bit in rtw89_fw_h2c_del_pkt_offload() (bsc#1227149). - wifi: rtw89: return failure if needed firmware elements are not recognized (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger DACK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger DPK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger IQK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger RX DCK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger TSSI (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger TXGAPK (bsc#1227149). - wifi: rtw89: rfk: add a completion to wait RF calibration report from C2H event (bsc#1227149). - wifi: rtw89: rfk: disable driver tracking during MCC (bsc#1227149). - wifi: rtw89: rfk: send channel information to firmware for RF calibrations (bsc#1227149). - wifi: rtw89: sar: let caller decide the center frequency to query (bsc#1227149). - wifi: rtw89: scan offload wait for FW done ACK (bsc#1227149). - wifi: rtw89: ser: L1 add pre-M0 and post-M0 states (bsc#1227149). - wifi: rtw89: ser: reset total_sta_assoc and tdls_peer when L2 (bsc#1227149). - wifi: rtw89: set TX power without precondition during setting channel (bsc#1227149). - wifi: rtw89: set capability of TX antenna diversity (bsc#1227149). - wifi: rtw89: set entry size of address CAM to H2C field by chip (bsc#1227149). - wifi: rtw89: show EHT rate in debugfs (bsc#1227149). - wifi: rtw89: support U-NII-4 channels on 5GHz band (bsc#1227149). - wifi: rtw89: support firmware log with formatted text (bsc#1227149). - wifi: rtw89: suppress the log for specific SER called CMDPSR_FRZTO (bsc#1227149). - wifi: rtw89: tweak H2C TX waiting function for SER (bsc#1227149). - wifi: rtw89: update DMA function with different generation (bsc#1227149). - wifi: rtw89: update ps_state register for chips with different generation (bsc#1227149). - wifi: rtw89: update scan C2H messages for wifi 7 IC (bsc#1227149). - wifi: rtw89: update suspend/resume for different generation (bsc#1227149). - wifi: rtw89: use PLCP information to match BSS_COLOR and AID (bsc#1227149). - wifi: rtw89: use chip_info::small_fifo_size to choose debug_mask (bsc#1227149). - wifi: rtw89: use flexible array member in rtw89_btc_btf_tlv (bsc#1227149). - wifi: rtw89: use struct and le32_get_bits to access RX info (bsc#1227149). - wifi: rtw89: use struct and le32_get_bits() to access RX descriptor (bsc#1227149). - wifi: rtw89: use struct and le32_get_bits() to access received PHY status IEs (bsc#1227149). - wifi: rtw89: use struct rtw89_phy_sts_ie0 instead of macro to access PHY IE0 status (bsc#1227149). - wifi: rtw89: use struct to access RA report (bsc#1227149). - wifi: rtw89: use struct to access firmware C2H event header (bsc#1227149). - wifi: rtw89: use struct to access register-based H2C/C2H (bsc#1227149). - wifi: rtw89: use struct to fill H2C command to download beacon frame (bsc#1227149). - wifi: rtw89: use struct to parse firmware header (bsc#1227149). - wifi: rtw89: use struct to set RA H2C command (bsc#1227149). - wifi: rtw89: wow: move release offload packet earlier for WoWLAN mode (bsc#1227149). - wifi: rtw89: wow: refine WoWLAN flows of HCI interrupts and low power mode (bsc#1227149). - wifi: rtw89: wow: set security engine options for 802.11ax chips only (bsc#1227149). - wifi: rtw89: wow: update WoWLAN reason register for different chips (bsc#1227149). - wifi: rtw89: wow: update WoWLAN status register for different generation (bsc#1227149). - wifi: rtw89: wow: update config mac function with different generation (bsc#1227149). - wifi: ti: wlcore: sdio: Drop unused include (bsc#1227149). - wifi: virt_wifi: avoid reporting connection success with wrong SSID (git-fixes). - wifi: virt_wifi: do not use strlen() in const context (git-fixes). - wifi: wcn36xx: Annotate struct wcn36xx_hal_ind_msg with __counted_by (bsc#1227149). - wifi: wcn36xx: Convert to platform remove callback returning void (bsc#1227149). - wifi: wcn36xx: remove unnecessary (void*) conversions (bsc#1227149). - wifi: wext: avoid extra calls to strlen() in ieee80211_bss() (bsc#1227149). - wifi: wfx: Use devm_kmemdup to replace devm_kmalloc + memcpy (bsc#1227149). - wifi: wfx: allow to send frames during ROC (bsc#1227149). - wifi: wfx: fix power_save setting when AP is stopped (bsc#1227149). - wifi: wfx: implement wfx_remain_on_channel() (bsc#1227149). - wifi: wfx: introduce hif_scan_uniq() (bsc#1227149). - wifi: wfx: move wfx_skb_*() out of the header file (bsc#1227149). - wifi: wfx: relocate wfx_rate_mask_to_hw() (bsc#1227149). - wifi: wfx: scan_lock is global to the device (bsc#1227149). - wifi: wfx: simplify exclusion between scan and Rx filters (bsc#1227149). - wifi: wil6210: fw: Replace zero-length arrays with DECLARE_FLEX_ARRAY() helper (bsc#1227149). - wifi: wil6210: wmi: Replace zero-length array with DECLARE_FLEX_ARRAY() helper (bsc#1227149). - wifi: wilc1000: Increase ASSOC response buffer (bsc#1227149). - wifi: wilc1000: Remove unused declarations (bsc#1227149). - wifi: wilc1000: add SPI commands retry mechanism (bsc#1227149). - wifi: wilc1000: add back-off algorithm to balance tx queue packets (bsc#1227149). - wifi: wilc1000: add missing read critical sections around vif list traversal (bsc#1227149). - wifi: wilc1000: always release SDIO host in wilc_sdio_cmd53() (bsc#1227149). - wifi: wilc1000: cleanup struct wilc_conn_info (bsc#1227149). - wifi: wilc1000: correct CRC7 calculation (bsc#1227149). - wifi: wilc1000: fix declarations ordering (bsc#1227149). - wifi: wilc1000: fix driver_handler when committing initial configuration (bsc#1227149). - wifi: wilc1000: fix ies_len type in connect path (git-fixes). - wifi: wilc1000: fix incorrect power down sequence (bsc#1227149). - wifi: wilc1000: remove AKM suite be32 conversion for external auth request (bsc#1227149). - wifi: wilc1000: remove setting msg.spi (bsc#1227149). - wifi: wilc1000: remove use of has_thrpt_enh3 flag (bsc#1227149). - wifi: wilc1000: set preamble size to auto as default in wilc_init_fw_config() (bsc#1227149). - wifi: wilc1000: simplify remain on channel support (bsc#1227149). - wifi: wilc1000: simplify wilc_scan() (bsc#1227149). - wifi: wilc1000: split deeply nested RCU list traversal in dedicated helper (bsc#1227149). - wifi: wilc1000: use SRCU instead of RCU for vif list traversal (bsc#1227149). - wifi: wilc1000: validate chip id during bus probe (bsc#1227149). - wifi: wl1251: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wl18xx: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wlcore: boot: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wlcore: main: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wlcore: sdio: Rate limit wl12xx_sdio_raw_{read,write}() failures warns (bsc#1227149). - wifi: wlcore: sdio: Use module_sdio_driver macro to simplify the code (bsc#1227149). - wifi: zd1211rw: fix typo 'tranmits' (bsc#1227149). - wifi: zd1211rw: remove __nocast from zd_addr_t (bsc#1227149). - wifi: zd1211rw: silence sparse warnings (bsc#1227149). - wlcore: spi: Remove redundant of_match_ptr() (bsc#1227149). - work around gcc bugs with 'asm goto' with outputs (git-fixes). - x86/amd_nb: Check for invalid SMN reads (git-fixes). - x86/apic: Force native_apic_mem_read() to use the MOV instruction (git-fixes). - x86/asm: Fix build of UML with KASAN (git-fixes). - x86/asm: Remove the __iomem annotation of movdir64b()'s dst argument (git-fixes). - x86/bhi: Avoid warning in #DB handler due to BHI mitigation :(git-fixes). - x86/boot: Ignore NMIs during very early boot (git-fixes). - x86/cpu: Provide default cache line size if not enumerated (git-fixes). - x86/csum: Fix clang -Wuninitialized in csum_partial() (git-fixes). - x86/csum: Improve performance of `csum_partial` (git-fixes). - x86/csum: Remove unnecessary odd handling (git-fixes). - x86/csum: clean up `csum_partial' further (git-fixes). - x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (git-fixes). - x86/head/64: Move the __head definition to &lt;asm/init.h> (git-fixes). - x86/insn: Add VEX versions of VPDPBUSD, VPDPBUSDS, VPDPWSSD and VPDPWSSDS (git-fixes). - x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map (git-fixes). - x86/kconfig: Add as-instr64 macro to properly evaluate AS_WRUSS (git-fixes). - x86/kexec: Fix bug with call depth tracking (git-fixes). - x86/mce: Dynamically size space for machine check records (bsc#1222241). - x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel (git-fixes). - x86/nmi: Drop unused declaration of proc_nmi_enabled() (git-fixes). - x86/resctrl: Read supported bandwidth sources from CPUID (git-fixes). - x86/resctrl: Remove redundant variable in mbm_config_write_domain() (git-fixes). - x86/sev: Fix position dependent variable references in startup code (git-fixes). - x86/shstk: Make return uprobe work with shadow stack (git-fixes). - x86/speculation, objtool: Use absolute relocations for annotations (git-fixes). - x86/tdx: Preserve shared bit on mprotect() (git-fixes). - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962). - x86/uaccess: Fix missed zeroing of ia32 u64 get_user() range checking (git-fixes). - x86: Stop using weak symbols for __iowrite32_copy() (bsc#1226502) - xen/x86: add extra pages to unpopulated-alloc if available (git-fixes). - xfs: Add cond_resched to block unmap range and reflink remap path (bsc#1228211). - xfs: use roundup_pow_of_two instead of ffs during xlog_find_tail (git-fixes). - xhci: Apply broken streams quirk to Etron EJ188 xHCI host (stable-fixes). - xhci: Apply reset resume quirk to Etron EJ188 xHCI host (stable-fixes). - xhci: Handle TD clearing for multiple streams case (git-fixes). - xhci: Set correct transferred length for cancelled bulk transfers (stable-fixes). - xhci: always resume roothubs if xHC was reset during resume (stable-fixes). Important SUSE bug 1186716 SUSE bug 1194869 SUSE bug 1195775 SUSE bug 1204562 SUSE bug 1209834 SUSE bug 1215199 SUSE bug 1215587 SUSE bug 1217481 SUSE bug 1217912 SUSE bug 1218442 SUSE bug 1218730 SUSE bug 1218820 SUSE bug 1219224 SUSE bug 1219478 SUSE bug 1219596 SUSE bug 1219633 SUSE bug 1219832 SUSE bug 1219847 SUSE bug 1219953 SUSE bug 1220138 SUSE bug 1220427 SUSE bug 1220430 SUSE bug 1220942 SUSE bug 1221057 SUSE bug 1221086 SUSE bug 1221647 SUSE bug 1221654 SUSE bug 1221656 SUSE bug 1221659 SUSE bug 1221777 SUSE bug 1221958 SUSE bug 1222011 SUSE bug 1222015 SUSE bug 1222080 SUSE bug 1222241 SUSE bug 1222326 SUSE bug 1222328 SUSE bug 1222380 SUSE bug 1222438 SUSE bug 1222463 SUSE bug 1222588 SUSE bug 1222617 SUSE bug 1222619 SUSE bug 1222768 SUSE bug 1222775 SUSE bug 1222779 SUSE bug 1222809 SUSE bug 1222810 SUSE bug 1222893 SUSE bug 1223010 SUSE bug 1223018 SUSE bug 1223021 SUSE bug 1223265 SUSE bug 1223570 SUSE bug 1223731 SUSE bug 1223740 SUSE bug 1223778 SUSE bug 1223804 SUSE bug 1223806 SUSE bug 1223807 SUSE bug 1223813 SUSE bug 1223815 SUSE bug 1223836 SUSE bug 1223863 SUSE bug 1224049 SUSE bug 1224187 SUSE bug 1224414 SUSE bug 1224422 SUSE bug 1224439 SUSE bug 1224490 SUSE bug 1224497 SUSE bug 1224498 SUSE bug 1224499 SUSE bug 1224512 SUSE bug 1224515 SUSE bug 1224516 SUSE bug 1224520 SUSE bug 1224523 SUSE bug 1224539 SUSE bug 1224540 SUSE bug 1224544 SUSE bug 1224545 SUSE bug 1224549 SUSE bug 1224572 SUSE bug 1224575 SUSE bug 1224583 SUSE bug 1224584 SUSE bug 1224589 SUSE bug 1224604 SUSE bug 1224606 SUSE bug 1224612 SUSE bug 1224614 SUSE bug 1224619 SUSE bug 1224636 SUSE bug 1224641 SUSE bug 1224655 SUSE bug 1224659 SUSE bug 1224661 SUSE bug 1224662 SUSE bug 1224670 SUSE bug 1224673 SUSE bug 1224698 SUSE bug 1224735 SUSE bug 1224743 SUSE bug 1224751 SUSE bug 1224759 SUSE bug 1224767 SUSE bug 1224928 SUSE bug 1224930 SUSE bug 1224932 SUSE bug 1224933 SUSE bug 1224935 SUSE bug 1224937 SUSE bug 1224939 SUSE bug 1224941 SUSE bug 1224944 SUSE bug 1224946 SUSE bug 1224947 SUSE bug 1224949 SUSE bug 1224951 SUSE bug 1224988 SUSE bug 1224992 SUSE bug 1224998 SUSE bug 1225000 SUSE bug 1225001 SUSE bug 1225004 SUSE bug 1225006 SUSE bug 1225008 SUSE bug 1225009 SUSE bug 1225014 SUSE bug 1225015 SUSE bug 1225022 SUSE bug 1225025 SUSE bug 1225028 SUSE bug 1225029 SUSE bug 1225031 SUSE bug 1225036 SUSE bug 1225041 SUSE bug 1225044 SUSE bug 1225049 SUSE bug 1225050 SUSE bug 1225076 SUSE bug 1225077 SUSE bug 1225078 SUSE bug 1225081 SUSE bug 1225085 SUSE bug 1225086 SUSE bug 1225088 SUSE bug 1225090 SUSE bug 1225092 SUSE bug 1225096 SUSE bug 1225097 SUSE bug 1225098 SUSE bug 1225101 SUSE bug 1225103 SUSE bug 1225104 SUSE bug 1225105 SUSE bug 1225106 SUSE bug 1225108 SUSE bug 1225120 SUSE bug 1225132 SUSE bug 1225172 SUSE bug 1225180 SUSE bug 1225272 SUSE bug 1225300 SUSE bug 1225391 SUSE bug 1225472 SUSE bug 1225475 SUSE bug 1225476 SUSE bug 1225477 SUSE bug 1225478 SUSE bug 1225485 SUSE bug 1225489 SUSE bug 1225490 SUSE bug 1225527 SUSE bug 1225529 SUSE bug 1225530 SUSE bug 1225532 SUSE bug 1225534 SUSE bug 1225548 SUSE bug 1225550 SUSE bug 1225553 SUSE bug 1225554 SUSE bug 1225555 SUSE bug 1225556 SUSE bug 1225557 SUSE bug 1225559 SUSE bug 1225560 SUSE bug 1225564 SUSE bug 1225565 SUSE bug 1225566 SUSE bug 1225568 SUSE bug 1225569 SUSE bug 1225570 SUSE bug 1225571 SUSE bug 1225572 SUSE bug 1225573 SUSE bug 1225577 SUSE bug 1225581 SUSE bug 1225583 SUSE bug 1225584 SUSE bug 1225585 SUSE bug 1225586 SUSE bug 1225587 SUSE bug 1225588 SUSE bug 1225589 SUSE bug 1225590 SUSE bug 1225591 SUSE bug 1225592 SUSE bug 1225594 SUSE bug 1225595 SUSE bug 1225599 SUSE bug 1225600 SUSE bug 1225601 SUSE bug 1225602 SUSE bug 1225605 SUSE bug 1225609 SUSE bug 1225611 SUSE bug 1225681 SUSE bug 1225702 SUSE bug 1225711 SUSE bug 1225717 SUSE bug 1225719 SUSE bug 1225723 SUSE bug 1225726 SUSE bug 1225731 SUSE bug 1225732 SUSE bug 1225737 SUSE bug 1225741 SUSE bug 1225744 SUSE bug 1225745 SUSE bug 1225746 SUSE bug 1225752 SUSE bug 1225753 SUSE bug 1225757 SUSE bug 1225758 SUSE bug 1225759 SUSE bug 1225760 SUSE bug 1225761 SUSE bug 1225762 SUSE bug 1225763 SUSE bug 1225767 SUSE bug 1225770 SUSE bug 1225805 SUSE bug 1225810 SUSE bug 1225815 SUSE bug 1225820 SUSE bug 1225823 SUSE bug 1225827 SUSE bug 1225829 SUSE bug 1225830 SUSE bug 1225834 SUSE bug 1225835 SUSE bug 1225839 SUSE bug 1225840 SUSE bug 1225843 SUSE bug 1225847 SUSE bug 1225851 SUSE bug 1225856 SUSE bug 1225866 SUSE bug 1225872 SUSE bug 1225894 SUSE bug 1225895 SUSE bug 1225896 SUSE bug 1225898 SUSE bug 1225903 SUSE bug 1226022 SUSE bug 1226131 SUSE bug 1226145 SUSE bug 1226149 SUSE bug 1226155 SUSE bug 1226158 SUSE bug 1226163 SUSE bug 1226202 SUSE bug 1226211 SUSE bug 1226212 SUSE bug 1226213 SUSE bug 1226226 SUSE bug 1226457 SUSE bug 1226502 SUSE bug 1226503 SUSE bug 1226513 SUSE bug 1226514 SUSE bug 1226519 SUSE bug 1226520 SUSE bug 1226582 SUSE bug 1226587 SUSE bug 1226588 SUSE bug 1226592 SUSE bug 1226593 SUSE bug 1226594 SUSE bug 1226595 SUSE bug 1226597 SUSE bug 1226607 SUSE bug 1226608 SUSE bug 1226610 SUSE bug 1226612 SUSE bug 1226613 SUSE bug 1226630 SUSE bug 1226632 SUSE bug 1226633 SUSE bug 1226634 SUSE bug 1226637 SUSE bug 1226657 SUSE bug 1226658 SUSE bug 1226734 SUSE bug 1226735 SUSE bug 1226737 SUSE bug 1226738 SUSE bug 1226739 SUSE bug 1226740 SUSE bug 1226741 SUSE bug 1226742 SUSE bug 1226744 SUSE bug 1226746 SUSE bug 1226747 SUSE bug 1226749 SUSE bug 1226750 SUSE bug 1226754 SUSE bug 1226757 SUSE bug 1226758 SUSE bug 1226760 SUSE bug 1226761 SUSE bug 1226764 SUSE bug 1226767 SUSE bug 1226768 SUSE bug 1226769 SUSE bug 1226771 SUSE bug 1226772 SUSE bug 1226774 SUSE bug 1226775 SUSE bug 1226776 SUSE bug 1226777 SUSE bug 1226780 SUSE bug 1226781 SUSE bug 1226783 SUSE bug 1226785 SUSE bug 1226786 SUSE bug 1226788 SUSE bug 1226789 SUSE bug 1226790 SUSE bug 1226791 SUSE bug 1226796 SUSE bug 1226799 SUSE bug 1226837 SUSE bug 1226839 SUSE bug 1226840 SUSE bug 1226841 SUSE bug 1226842 SUSE bug 1226844 SUSE bug 1226848 SUSE bug 1226852 SUSE bug 1226856 SUSE bug 1226857 SUSE bug 1226859 SUSE bug 1226861 SUSE bug 1226863 SUSE bug 1226864 SUSE bug 1226866 SUSE bug 1226867 SUSE bug 1226868 SUSE bug 1226875 SUSE bug 1226876 SUSE bug 1226878 SUSE bug 1226879 SUSE bug 1226883 SUSE bug 1226886 SUSE bug 1226890 SUSE bug 1226891 SUSE bug 1226894 SUSE bug 1226895 SUSE bug 1226905 SUSE bug 1226908 SUSE bug 1226909 SUSE bug 1226911 SUSE bug 1226915 SUSE bug 1226928 SUSE bug 1226934 SUSE bug 1226938 SUSE bug 1226939 SUSE bug 1226941 SUSE bug 1226948 SUSE bug 1226949 SUSE bug 1226950 SUSE bug 1226962 SUSE bug 1226976 SUSE bug 1226989 SUSE bug 1226990 SUSE bug 1226992 SUSE bug 1226993 SUSE bug 1226994 SUSE bug 1226995 SUSE bug 1226996 SUSE bug 1227066 SUSE bug 1227072 SUSE bug 1227085 SUSE bug 1227089 SUSE bug 1227090 SUSE bug 1227096 SUSE bug 1227101 SUSE bug 1227103 SUSE bug 1227149 SUSE bug 1227190 SUSE bug 1227282 SUSE bug 1227362 SUSE bug 1227363 SUSE bug 1227383 SUSE bug 1227432 SUSE bug 1227433 SUSE bug 1227434 SUSE bug 1227435 SUSE bug 1227443 SUSE bug 1227446 SUSE bug 1227447 SUSE bug 1227487 SUSE bug 1227573 SUSE bug 1227626 SUSE bug 1227716 SUSE bug 1227719 SUSE bug 1227723 SUSE bug 1227730 SUSE bug 1227736 SUSE bug 1227755 SUSE bug 1227757 SUSE bug 1227762 SUSE bug 1227763 SUSE bug 1227779 SUSE bug 1227780 SUSE bug 1227783 SUSE bug 1227786 SUSE bug 1227788 SUSE bug 1227789 SUSE bug 1227797 SUSE bug 1227800 SUSE bug 1227801 SUSE bug 1227803 SUSE bug 1227806 SUSE bug 1227813 SUSE bug 1227814 SUSE bug 1227836 SUSE bug 1227855 SUSE bug 1227862 SUSE bug 1227866 SUSE bug 1227886 SUSE bug 1227899 SUSE bug 1227910 SUSE bug 1227913 SUSE bug 1227926 SUSE bug 1228090 SUSE bug 1228192 SUSE bug 1228193 SUSE bug 1228211 SUSE bug 1228269 SUSE bug 1228289 SUSE bug 1228327 SUSE bug 1228328 SUSE bug 1228403 SUSE bug 1228405 SUSE bug 1228408 SUSE bug 1228417 CVE-2021-47432 at SUSE CVE-2021-47432 at NVD CVE-2022-48772 at SUSE CVE-2022-48772 at NVD CVE-2023-38417 at SUSE CVE-2023-38417 at NVD CVE-2023-47210 at SUSE CVE-2023-47210 at NVD CVE-2023-51780 at SUSE CVE-2023-51780 at NVD CVE-2023-52435 at SUSE CVE-2023-52435 at NVD CVE-2023-52472 at SUSE CVE-2023-52472 at NVD CVE-2023-52622 at SUSE CVE-2023-52622 at NVD CVE-2023-52656 at SUSE CVE-2023-52656 at NVD CVE-2023-52672 at SUSE CVE-2023-52672 at NVD CVE-2023-52699 at SUSE CVE-2023-52699 at NVD CVE-2023-52735 at SUSE CVE-2023-52735 at NVD CVE-2023-52749 at SUSE CVE-2023-52749 at NVD CVE-2023-52750 at SUSE CVE-2023-52750 at NVD CVE-2023-52751 at SUSE CVE-2023-52751 at NVD CVE-2023-52753 at SUSE CVE-2023-52753 at NVD CVE-2023-52754 at SUSE CVE-2023-52754 at NVD CVE-2023-52757 at SUSE CVE-2023-52757 at NVD CVE-2023-52759 at SUSE CVE-2023-52759 at NVD CVE-2023-52762 at SUSE CVE-2023-52762 at NVD CVE-2023-52763 at SUSE CVE-2023-52763 at NVD CVE-2023-52764 at SUSE CVE-2023-52764 at NVD CVE-2023-52765 at SUSE CVE-2023-52765 at NVD CVE-2023-52766 at SUSE CVE-2023-52766 at NVD CVE-2023-52767 at SUSE CVE-2023-52767 at NVD CVE-2023-52768 at SUSE CVE-2023-52768 at NVD CVE-2023-52769 at SUSE CVE-2023-52769 at NVD CVE-2023-52773 at SUSE CVE-2023-52773 at NVD CVE-2023-52774 at SUSE CVE-2023-52774 at NVD CVE-2023-52775 at SUSE CVE-2023-52775 at NVD CVE-2023-52776 at SUSE CVE-2023-52776 at NVD CVE-2023-52777 at SUSE CVE-2023-52777 at NVD CVE-2023-52780 at SUSE CVE-2023-52780 at NVD CVE-2023-52781 at SUSE CVE-2023-52781 at NVD CVE-2023-52782 at SUSE CVE-2023-52782 at NVD CVE-2023-52783 at SUSE CVE-2023-52783 at NVD CVE-2023-52784 at SUSE CVE-2023-52784 at NVD CVE-2023-52786 at SUSE CVE-2023-52786 at NVD CVE-2023-52787 at SUSE CVE-2023-52787 at NVD CVE-2023-52788 at SUSE CVE-2023-52788 at NVD CVE-2023-52789 at SUSE CVE-2023-52789 at NVD CVE-2023-52791 at SUSE CVE-2023-52791 at NVD CVE-2023-52792 at SUSE CVE-2023-52792 at NVD CVE-2023-52794 at SUSE CVE-2023-52794 at NVD CVE-2023-52795 at SUSE CVE-2023-52795 at NVD CVE-2023-52796 at SUSE CVE-2023-52796 at NVD CVE-2023-52798 at SUSE CVE-2023-52798 at NVD CVE-2023-52799 at SUSE CVE-2023-52799 at NVD CVE-2023-52800 at SUSE CVE-2023-52800 at NVD CVE-2023-52801 at SUSE CVE-2023-52801 at NVD CVE-2023-52803 at SUSE CVE-2023-52803 at NVD CVE-2023-52804 at SUSE CVE-2023-52804 at NVD CVE-2023-52805 at SUSE CVE-2023-52805 at NVD CVE-2023-52806 at SUSE CVE-2023-52806 at NVD CVE-2023-52807 at SUSE CVE-2023-52807 at NVD CVE-2023-52808 at SUSE CVE-2023-52808 at NVD CVE-2023-52809 at SUSE CVE-2023-52809 at NVD CVE-2023-52810 at SUSE CVE-2023-52810 at NVD CVE-2023-52811 at SUSE CVE-2023-52811 at NVD CVE-2023-52812 at SUSE CVE-2023-52812 at NVD CVE-2023-52813 at SUSE CVE-2023-52813 at NVD CVE-2023-52814 at SUSE CVE-2023-52814 at NVD CVE-2023-52815 at SUSE CVE-2023-52815 at NVD CVE-2023-52816 at SUSE CVE-2023-52816 at NVD CVE-2023-52817 at SUSE CVE-2023-52817 at NVD CVE-2023-52818 at SUSE CVE-2023-52818 at NVD CVE-2023-52819 at SUSE CVE-2023-52819 at NVD CVE-2023-52821 at SUSE CVE-2023-52821 at NVD CVE-2023-52825 at SUSE CVE-2023-52825 at NVD CVE-2023-52826 at SUSE CVE-2023-52826 at NVD CVE-2023-52827 at SUSE CVE-2023-52827 at NVD CVE-2023-52829 at SUSE CVE-2023-52829 at NVD CVE-2023-52832 at SUSE CVE-2023-52832 at NVD CVE-2023-52833 at SUSE CVE-2023-52833 at NVD CVE-2023-52834 at SUSE CVE-2023-52834 at NVD CVE-2023-52835 at SUSE CVE-2023-52835 at NVD CVE-2023-52836 at SUSE CVE-2023-52836 at NVD CVE-2023-52837 at SUSE CVE-2023-52837 at NVD CVE-2023-52838 at SUSE CVE-2023-52838 at NVD CVE-2023-52840 at SUSE CVE-2023-52840 at NVD CVE-2023-52841 at SUSE CVE-2023-52841 at NVD CVE-2023-52842 at SUSE CVE-2023-52842 at NVD CVE-2023-52843 at SUSE CVE-2023-52843 at NVD CVE-2023-52844 at SUSE CVE-2023-52844 at NVD CVE-2023-52845 at SUSE CVE-2023-52845 at NVD CVE-2023-52846 at SUSE CVE-2023-52846 at NVD CVE-2023-52847 at SUSE CVE-2023-52847 at NVD CVE-2023-52849 at SUSE CVE-2023-52849 at NVD CVE-2023-52850 at SUSE CVE-2023-52850 at NVD CVE-2023-52851 at SUSE CVE-2023-52851 at NVD CVE-2023-52853 at SUSE CVE-2023-52853 at NVD CVE-2023-52854 at SUSE CVE-2023-52854 at NVD CVE-2023-52855 at SUSE CVE-2023-52855 at NVD CVE-2023-52856 at SUSE CVE-2023-52856 at NVD CVE-2023-52857 at SUSE CVE-2023-52857 at NVD CVE-2023-52858 at SUSE CVE-2023-52858 at NVD CVE-2023-52861 at SUSE CVE-2023-52861 at NVD CVE-2023-52862 at SUSE CVE-2023-52862 at NVD CVE-2023-52863 at SUSE CVE-2023-52863 at NVD CVE-2023-52864 at SUSE CVE-2023-52864 at NVD CVE-2023-52865 at SUSE CVE-2023-52865 at NVD CVE-2023-52866 at SUSE CVE-2023-52866 at NVD CVE-2023-52867 at SUSE CVE-2023-52867 at NVD CVE-2023-52868 at SUSE CVE-2023-52868 at NVD CVE-2023-52869 at SUSE CVE-2023-52869 at NVD CVE-2023-52870 at SUSE CVE-2023-52870 at NVD CVE-2023-52871 at SUSE CVE-2023-52871 at NVD CVE-2023-52872 at SUSE CVE-2023-52872 at NVD CVE-2023-52873 at SUSE CVE-2023-52873 at NVD CVE-2023-52874 at SUSE CVE-2023-52874 at NVD CVE-2023-52875 at SUSE CVE-2023-52875 at NVD CVE-2023-52876 at SUSE CVE-2023-52876 at NVD CVE-2023-52877 at SUSE CVE-2023-52877 at NVD CVE-2023-52878 at SUSE CVE-2023-52878 at NVD CVE-2023-52879 at SUSE CVE-2023-52879 at NVD CVE-2023-52880 at SUSE CVE-2023-52880 at NVD CVE-2023-52881 at SUSE CVE-2023-52881 at NVD CVE-2023-52883 at SUSE CVE-2023-52883 at NVD CVE-2023-52884 at SUSE CVE-2023-52884 at NVD CVE-2024-25741 at SUSE CVE-2024-25741 at NVD CVE-2024-26615 at SUSE CVE-2024-26615 at NVD CVE-2024-26623 at SUSE CVE-2024-26623 at NVD CVE-2024-26625 at SUSE CVE-2024-26625 at NVD CVE-2024-26633 at SUSE CVE-2024-26633 at NVD CVE-2024-26635 at SUSE CVE-2024-26635 at NVD CVE-2024-26636 at SUSE CVE-2024-26636 at NVD CVE-2024-26641 at SUSE CVE-2024-26641 at NVD CVE-2024-26663 at SUSE CVE-2024-26663 at NVD CVE-2024-26665 at SUSE CVE-2024-26665 at NVD CVE-2024-26676 at SUSE CVE-2024-26676 at NVD CVE-2024-26691 at SUSE CVE-2024-26691 at NVD CVE-2024-26734 at SUSE CVE-2024-26734 at NVD CVE-2024-26750 at SUSE CVE-2024-26750 at NVD CVE-2024-26758 at SUSE CVE-2024-26758 at NVD CVE-2024-26767 at SUSE CVE-2024-26767 at NVD CVE-2024-26780 at SUSE CVE-2024-26780 at NVD CVE-2024-26785 at SUSE CVE-2024-26785 at NVD CVE-2024-26813 at SUSE CVE-2024-26813 at NVD CVE-2024-26814 at SUSE CVE-2024-26814 at NVD CVE-2024-26826 at SUSE CVE-2024-26826 at NVD CVE-2024-26845 at SUSE CVE-2024-26845 at NVD CVE-2024-26863 at SUSE CVE-2024-26863 at NVD CVE-2024-26889 at SUSE CVE-2024-26889 at NVD CVE-2024-26920 at SUSE CVE-2024-26920 at NVD CVE-2024-26944 at SUSE CVE-2024-26944 at NVD CVE-2024-27012 at SUSE CVE-2024-27012 at NVD CVE-2024-27015 at SUSE CVE-2024-27015 at NVD CVE-2024-27016 at SUSE CVE-2024-27016 at NVD CVE-2024-27019 at SUSE CVE-2024-27019 at NVD CVE-2024-27020 at SUSE CVE-2024-27020 at NVD CVE-2024-27025 at SUSE CVE-2024-27025 at NVD CVE-2024-27064 at SUSE CVE-2024-27064 at NVD CVE-2024-27065 at SUSE CVE-2024-27065 at NVD CVE-2024-27402 at SUSE CVE-2024-27402 at NVD CVE-2024-27404 at SUSE CVE-2024-27404 at NVD CVE-2024-27414 at SUSE CVE-2024-27414 at NVD CVE-2024-27419 at SUSE CVE-2024-27419 at NVD CVE-2024-33619 at SUSE CVE-2024-33619 at NVD CVE-2024-34777 at SUSE CVE-2024-34777 at NVD CVE-2024-35247 at SUSE CVE-2024-35247 at NVD CVE-2024-35805 at SUSE CVE-2024-35805 at NVD CVE-2024-35807 at SUSE CVE-2024-35807 at NVD CVE-2024-35827 at SUSE CVE-2024-35827 at NVD CVE-2024-35831 at SUSE CVE-2024-35831 at NVD CVE-2024-35843 at SUSE CVE-2024-35843 at NVD CVE-2024-35848 at SUSE CVE-2024-35848 at NVD CVE-2024-35853 at SUSE CVE-2024-35853 at NVD CVE-2024-35854 at SUSE CVE-2024-35854 at NVD CVE-2024-35857 at SUSE CVE-2024-35857 at NVD CVE-2024-35880 at SUSE CVE-2024-35880 at NVD CVE-2024-35884 at SUSE CVE-2024-35884 at NVD CVE-2024-35886 at SUSE CVE-2024-35886 at NVD CVE-2024-35890 at SUSE CVE-2024-35890 at NVD CVE-2024-35892 at SUSE CVE-2024-35892 at NVD CVE-2024-35893 at SUSE CVE-2024-35893 at NVD CVE-2024-35896 at SUSE CVE-2024-35896 at NVD CVE-2024-35898 at SUSE CVE-2024-35898 at NVD CVE-2024-35899 at SUSE CVE-2024-35899 at NVD CVE-2024-35900 at SUSE CVE-2024-35900 at NVD CVE-2024-35908 at SUSE CVE-2024-35908 at NVD CVE-2024-35925 at SUSE CVE-2024-35925 at NVD CVE-2024-35926 at SUSE CVE-2024-35926 at NVD CVE-2024-35934 at SUSE CVE-2024-35934 at NVD CVE-2024-35942 at SUSE CVE-2024-35942 at NVD CVE-2024-35957 at SUSE CVE-2024-35957 at NVD CVE-2024-35962 at SUSE CVE-2024-35962 at NVD CVE-2024-35970 at SUSE CVE-2024-35970 at NVD CVE-2024-35976 at SUSE CVE-2024-35976 at NVD CVE-2024-35979 at SUSE CVE-2024-35979 at NVD CVE-2024-35998 at SUSE CVE-2024-35998 at NVD CVE-2024-36003 at SUSE CVE-2024-36003 at NVD CVE-2024-36004 at SUSE CVE-2024-36004 at NVD CVE-2024-36005 at SUSE CVE-2024-36005 at NVD CVE-2024-36008 at SUSE CVE-2024-36008 at NVD CVE-2024-36010 at SUSE CVE-2024-36010 at NVD CVE-2024-36017 at SUSE CVE-2024-36017 at NVD CVE-2024-36024 at SUSE CVE-2024-36024 at NVD CVE-2024-36281 at SUSE CVE-2024-36281 at NVD CVE-2024-36477 at SUSE CVE-2024-36477 at NVD CVE-2024-36478 at SUSE CVE-2024-36478 at NVD CVE-2024-36479 at SUSE CVE-2024-36479 at NVD CVE-2024-36882 at SUSE CVE-2024-36882 at NVD CVE-2024-36887 at SUSE CVE-2024-36887 at NVD CVE-2024-36889 at SUSE CVE-2024-36889 at NVD CVE-2024-36899 at SUSE CVE-2024-36899 at NVD CVE-2024-36900 at SUSE CVE-2024-36900 at NVD CVE-2024-36901 at SUSE CVE-2024-36901 at NVD CVE-2024-36902 at SUSE CVE-2024-36902 at NVD CVE-2024-36903 at SUSE CVE-2024-36903 at NVD CVE-2024-36904 at SUSE CVE-2024-36904 at NVD CVE-2024-36909 at SUSE CVE-2024-36909 at NVD CVE-2024-36910 at SUSE CVE-2024-36910 at NVD CVE-2024-36911 at SUSE CVE-2024-36911 at NVD CVE-2024-36912 at SUSE CVE-2024-36912 at NVD CVE-2024-36913 at SUSE CVE-2024-36913 at NVD CVE-2024-36914 at SUSE CVE-2024-36914 at NVD CVE-2024-36915 at SUSE CVE-2024-36915 at NVD CVE-2024-36916 at SUSE CVE-2024-36916 at NVD CVE-2024-36917 at SUSE CVE-2024-36917 at NVD CVE-2024-36919 at SUSE CVE-2024-36919 at NVD CVE-2024-36922 at SUSE CVE-2024-36922 at NVD CVE-2024-36923 at SUSE CVE-2024-36923 at NVD CVE-2024-36924 at SUSE CVE-2024-36924 at NVD CVE-2024-36926 at SUSE CVE-2024-36926 at NVD CVE-2024-36930 at SUSE CVE-2024-36930 at NVD CVE-2024-36934 at SUSE CVE-2024-36934 at NVD CVE-2024-36935 at SUSE CVE-2024-36935 at NVD CVE-2024-36937 at SUSE CVE-2024-36937 at NVD CVE-2024-36938 at SUSE CVE-2024-36938 at NVD CVE-2024-36940 at SUSE CVE-2024-36940 at NVD CVE-2024-36941 at SUSE CVE-2024-36941 at NVD CVE-2024-36942 at SUSE CVE-2024-36942 at NVD CVE-2024-36944 at SUSE CVE-2024-36944 at NVD CVE-2024-36945 at SUSE CVE-2024-36945 at NVD CVE-2024-36946 at SUSE CVE-2024-36946 at NVD CVE-2024-36947 at SUSE CVE-2024-36947 at NVD CVE-2024-36949 at SUSE CVE-2024-36949 at NVD CVE-2024-36950 at SUSE CVE-2024-36950 at NVD CVE-2024-36951 at SUSE CVE-2024-36951 at NVD CVE-2024-36952 at SUSE CVE-2024-36952 at NVD CVE-2024-36955 at SUSE CVE-2024-36955 at NVD CVE-2024-36957 at SUSE CVE-2024-36957 at NVD CVE-2024-36959 at SUSE CVE-2024-36959 at NVD CVE-2024-36960 at SUSE CVE-2024-36960 at NVD CVE-2024-36962 at SUSE CVE-2024-36962 at NVD CVE-2024-36964 at SUSE CVE-2024-36964 at NVD CVE-2024-36965 at SUSE CVE-2024-36965 at NVD CVE-2024-36967 at SUSE CVE-2024-36967 at NVD CVE-2024-36969 at SUSE CVE-2024-36969 at NVD CVE-2024-36971 at SUSE CVE-2024-36971 at NVD CVE-2024-36972 at SUSE CVE-2024-36972 at NVD CVE-2024-36973 at SUSE CVE-2024-36973 at NVD CVE-2024-36974 at SUSE CVE-2024-36974 at NVD CVE-2024-36975 at SUSE CVE-2024-36975 at NVD CVE-2024-36977 at SUSE CVE-2024-36977 at NVD CVE-2024-36978 at SUSE CVE-2024-36978 at NVD CVE-2024-37021 at SUSE CVE-2024-37021 at NVD CVE-2024-37078 at SUSE CVE-2024-37078 at NVD CVE-2024-37353 at SUSE CVE-2024-37353 at NVD CVE-2024-37354 at SUSE CVE-2024-37354 at NVD CVE-2024-38381 at SUSE CVE-2024-38381 at NVD CVE-2024-38384 at SUSE CVE-2024-38384 at NVD CVE-2024-38385 at SUSE CVE-2024-38385 at NVD CVE-2024-38388 at SUSE CVE-2024-38388 at NVD CVE-2024-38390 at SUSE CVE-2024-38390 at NVD CVE-2024-38391 at SUSE CVE-2024-38391 at NVD CVE-2024-38539 at SUSE CVE-2024-38539 at NVD CVE-2024-38540 at SUSE CVE-2024-38540 at NVD CVE-2024-38541 at SUSE CVE-2024-38541 at NVD CVE-2024-38543 at SUSE CVE-2024-38543 at NVD CVE-2024-38544 at SUSE CVE-2024-38544 at NVD CVE-2024-38545 at SUSE CVE-2024-38545 at NVD CVE-2024-38546 at SUSE CVE-2024-38546 at NVD CVE-2024-38547 at SUSE CVE-2024-38547 at NVD CVE-2024-38548 at SUSE CVE-2024-38548 at NVD CVE-2024-38549 at SUSE CVE-2024-38549 at NVD CVE-2024-38550 at SUSE CVE-2024-38550 at NVD CVE-2024-38551 at SUSE CVE-2024-38551 at NVD CVE-2024-38552 at SUSE CVE-2024-38552 at NVD CVE-2024-38553 at SUSE CVE-2024-38553 at NVD CVE-2024-38554 at SUSE CVE-2024-38554 at NVD CVE-2024-38555 at SUSE CVE-2024-38555 at NVD CVE-2024-38556 at SUSE CVE-2024-38556 at NVD CVE-2024-38557 at SUSE CVE-2024-38557 at NVD CVE-2024-38558 at SUSE CVE-2024-38558 at NVD CVE-2024-38559 at SUSE CVE-2024-38559 at NVD CVE-2024-38560 at SUSE CVE-2024-38560 at NVD CVE-2024-38562 at SUSE CVE-2024-38562 at NVD CVE-2024-38564 at SUSE CVE-2024-38564 at NVD CVE-2024-38565 at SUSE CVE-2024-38565 at NVD CVE-2024-38566 at SUSE CVE-2024-38566 at NVD CVE-2024-38567 at SUSE CVE-2024-38567 at NVD CVE-2024-38568 at SUSE CVE-2024-38568 at NVD CVE-2024-38569 at SUSE CVE-2024-38569 at NVD CVE-2024-38570 at SUSE CVE-2024-38570 at NVD CVE-2024-38571 at SUSE CVE-2024-38571 at NVD CVE-2024-38572 at SUSE CVE-2024-38572 at NVD CVE-2024-38573 at SUSE CVE-2024-38573 at NVD CVE-2024-38575 at SUSE CVE-2024-38575 at NVD CVE-2024-38578 at SUSE CVE-2024-38578 at NVD CVE-2024-38579 at SUSE CVE-2024-38579 at NVD CVE-2024-38580 at SUSE CVE-2024-38580 at NVD CVE-2024-38581 at SUSE CVE-2024-38581 at NVD CVE-2024-38582 at SUSE CVE-2024-38582 at NVD CVE-2024-38583 at SUSE CVE-2024-38583 at NVD CVE-2024-38586 at SUSE CVE-2024-38586 at NVD CVE-2024-38587 at SUSE CVE-2024-38587 at NVD CVE-2024-38588 at SUSE CVE-2024-38588 at NVD CVE-2024-38590 at SUSE CVE-2024-38590 at NVD CVE-2024-38591 at SUSE CVE-2024-38591 at NVD CVE-2024-38592 at SUSE CVE-2024-38592 at NVD CVE-2024-38594 at SUSE CVE-2024-38594 at NVD CVE-2024-38595 at SUSE CVE-2024-38595 at NVD CVE-2024-38597 at SUSE CVE-2024-38597 at NVD CVE-2024-38598 at SUSE CVE-2024-38598 at NVD CVE-2024-38599 at SUSE CVE-2024-38599 at NVD CVE-2024-38600 at SUSE CVE-2024-38600 at NVD CVE-2024-38601 at SUSE CVE-2024-38601 at NVD CVE-2024-38602 at SUSE CVE-2024-38602 at NVD CVE-2024-38603 at SUSE CVE-2024-38603 at NVD CVE-2024-38604 at SUSE CVE-2024-38604 at NVD CVE-2024-38605 at SUSE CVE-2024-38605 at NVD CVE-2024-38608 at SUSE CVE-2024-38608 at NVD CVE-2024-38610 at SUSE CVE-2024-38610 at NVD CVE-2024-38611 at SUSE CVE-2024-38611 at NVD CVE-2024-38615 at SUSE CVE-2024-38615 at NVD CVE-2024-38616 at SUSE CVE-2024-38616 at NVD CVE-2024-38617 at SUSE CVE-2024-38617 at NVD CVE-2024-38618 at SUSE CVE-2024-38618 at NVD CVE-2024-38619 at SUSE CVE-2024-38619 at NVD CVE-2024-38621 at SUSE CVE-2024-38621 at NVD CVE-2024-38622 at SUSE CVE-2024-38622 at NVD CVE-2024-38627 at SUSE CVE-2024-38627 at NVD CVE-2024-38628 at SUSE CVE-2024-38628 at NVD CVE-2024-38629 at SUSE CVE-2024-38629 at NVD CVE-2024-38630 at SUSE CVE-2024-38630 at NVD CVE-2024-38633 at SUSE CVE-2024-38633 at NVD CVE-2024-38634 at SUSE CVE-2024-38634 at NVD CVE-2024-38635 at SUSE CVE-2024-38635 at NVD CVE-2024-38636 at SUSE CVE-2024-38636 at NVD CVE-2024-38659 at SUSE CVE-2024-38659 at NVD CVE-2024-38661 at SUSE CVE-2024-38661 at NVD CVE-2024-38663 at SUSE CVE-2024-38663 at NVD CVE-2024-38664 at SUSE CVE-2024-38664 at NVD CVE-2024-38780 at SUSE CVE-2024-38780 at NVD CVE-2024-39276 at SUSE CVE-2024-39276 at NVD CVE-2024-39277 at SUSE CVE-2024-39277 at NVD CVE-2024-39291 at SUSE CVE-2024-39291 at NVD CVE-2024-39296 at SUSE CVE-2024-39296 at NVD CVE-2024-39301 at SUSE CVE-2024-39301 at NVD CVE-2024-39362 at SUSE CVE-2024-39362 at NVD CVE-2024-39371 at SUSE CVE-2024-39371 at NVD CVE-2024-39463 at SUSE CVE-2024-39463 at NVD CVE-2024-39466 at SUSE CVE-2024-39466 at NVD CVE-2024-39468 at SUSE CVE-2024-39468 at NVD CVE-2024-39469 at SUSE CVE-2024-39469 at NVD CVE-2024-39471 at SUSE CVE-2024-39471 at NVD CVE-2024-39472 at SUSE CVE-2024-39472 at NVD CVE-2024-39473 at SUSE CVE-2024-39473 at NVD CVE-2024-39474 at SUSE CVE-2024-39474 at NVD CVE-2024-39475 at SUSE CVE-2024-39475 at NVD CVE-2024-39479 at SUSE CVE-2024-39479 at NVD CVE-2024-39481 at SUSE CVE-2024-39481 at NVD CVE-2024-39482 at SUSE CVE-2024-39482 at NVD CVE-2024-39487 at SUSE CVE-2024-39487 at NVD CVE-2024-39490 at SUSE CVE-2024-39490 at NVD CVE-2024-39494 at SUSE CVE-2024-39494 at NVD CVE-2024-39496 at SUSE CVE-2024-39496 at NVD CVE-2024-39498 at SUSE CVE-2024-39498 at NVD CVE-2024-39502 at SUSE CVE-2024-39502 at NVD CVE-2024-39504 at SUSE CVE-2024-39504 at NVD CVE-2024-39507 at SUSE CVE-2024-39507 at NVD CVE-2024-40901 at SUSE CVE-2024-40901 at NVD CVE-2024-40906 at SUSE CVE-2024-40906 at NVD CVE-2024-40908 at SUSE CVE-2024-40908 at NVD CVE-2024-40919 at SUSE CVE-2024-40919 at NVD CVE-2024-40923 at SUSE CVE-2024-40923 at NVD CVE-2024-40925 at SUSE CVE-2024-40925 at NVD CVE-2024-40928 at SUSE CVE-2024-40928 at NVD CVE-2024-40931 at SUSE CVE-2024-40931 at NVD CVE-2024-40935 at SUSE CVE-2024-40935 at NVD CVE-2024-40937 at SUSE CVE-2024-40937 at NVD CVE-2024-40940 at SUSE CVE-2024-40940 at NVD CVE-2024-40947 at SUSE CVE-2024-40947 at NVD CVE-2024-40948 at SUSE CVE-2024-40948 at NVD CVE-2024-40953 at SUSE CVE-2024-40953 at NVD CVE-2024-40960 at SUSE CVE-2024-40960 at NVD CVE-2024-40961 at SUSE CVE-2024-40961 at NVD CVE-2024-40966 at SUSE CVE-2024-40966 at NVD CVE-2024-40970 at SUSE CVE-2024-40970 at NVD CVE-2024-40972 at SUSE CVE-2024-40972 at NVD CVE-2024-40975 at SUSE CVE-2024-40975 at NVD CVE-2024-40979 at SUSE CVE-2024-40979 at NVD CVE-2024-40998 at SUSE CVE-2024-40998 at NVD CVE-2024-40999 at SUSE CVE-2024-40999 at NVD CVE-2024-41006 at SUSE CVE-2024-41006 at NVD CVE-2024-41011 at SUSE CVE-2024-41011 at NVD CVE-2024-41013 at SUSE CVE-2024-41013 at NVD CVE-2024-41014 at SUSE CVE-2024-41014 at NVD CVE-2024-41017 at SUSE CVE-2024-41017 at NVD CVE-2024-41090 at SUSE CVE-2024-41090 at NVD CVE-2024-41091 at SUSE CVE-2024-41091 at NVD cpe:/o:opensuse:leap:15.6 Security update for python312-setuptools (Important) openSUSE Leap 15.6 This update for python312-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) Important SUSE bug 1228105 CVE-2024-6345 at SUSE CVE-2024-6345 at NVD cpe:/o:opensuse:leap:15.6 Security update for webkit2gtk3 (Important) openSUSE Leap 15.6 This update for webkit2gtk3 fixes the following issues: - CVE-2024-40776: Fixed a use-after-free issue with improved memory management (bsc#1228613). - CVE-2024-40779: Fixed a out-of-bounds read with improved bounds checking (bsc#1228693). - CVE-2024-40780: Fixed another out-of-bounds read with improved bounds checking (bsc#1228694). - CVE-2024-40782: Fixed a second use-after-free issue with improved memory management (bsc#1228695). Important SUSE bug 1228613 SUSE bug 1228693 SUSE bug 1228694 SUSE bug 1228695 CVE-2024-40776 at SUSE CVE-2024-40776 at NVD CVE-2024-40779 at SUSE CVE-2024-40779 at NVD CVE-2024-40780 at SUSE CVE-2024-40780 at NVD CVE-2024-40782 at SUSE CVE-2024-40782 at NVD cpe:/o:opensuse:leap:15.6 Security update for python39-setuptools (Important) openSUSE Leap 15.6 This update for python39-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) Important SUSE bug 1228105 CVE-2024-6345 at SUSE CVE-2024-6345 at NVD cpe:/o:opensuse:leap:15.6 Security update for python310-setuptools (Important) openSUSE Leap 15.6 This update for python310-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) Important SUSE bug 1228105 CVE-2024-6345 at SUSE CVE-2024-6345 at NVD cpe:/o:opensuse:leap:15.6 Security update for 389-ds (Important) openSUSE Leap 15.6 This update for 389-ds fixes the following issues: Security issues fixed: - CVE-2024-3657: Fixed potential denial of service via specially crafted kerberos AS-REQ request (bsc#1225512) - CVE-2024-5953: Fixed a denial of service caused by malformed userPassword hashes (bsc#1226277) - CVE-2024-2199: Fixed a crash caused by malformed userPassword in do_modify() (bsc#1225507) Non-security issues fixed: - crash when user does change password using iso-8859-1 encoding (bsc#1228912) - Update to version 2.2.10: Issue 2324 - Add a CI test (#6289) Issue 6284 - BUG - freelist ordering causes high wtime Issue 5327 - Fix test metadata Issue 5853 - Update Cargo.lock Issue 5962 - Rearrange includes for 32-bit support logic Issue 5973 - Fix fedora cop RawHide builds (#5974) Bump braces from 3.0.2 to 3.0.3 in /src/cockpit/389-console Issue 6254 - Enabling replication for a sub suffix crashes browser (#6255) Issue 6224 - d2entry - Could not open id2entry err 0 - at startup when having sub-suffixes (#6225) Issue 6183 - Slow ldif2db import on a newly created BDB backend (#6208) Issue 6170 - audit log buffering doesn't handle large updates Issue 6193 - Test failure: test_tls_command_returns_error_text Issue 6189 - CI tests fail with `[Errno 2] No such file or directory: '/var/cache/dnf/metadata_lock.pid'` Issue 6172 - RFE: improve the performance of evaluation of filter component when tested against a large valueset (like group members) (#6173) Issue 6092 - passwordHistory is not updated with a pre-hashed password (#6093) Issue 6080 - ns-slapd crash in referint_get_config (#6081) Issue 6117 - Fix the UTC offset print (#6118) Issue 5305 - OpenLDAP version autodetection doesn't work Issue 6112 - RFE - add new operation note for MFA authentications Issue 5842 - Add log buffering to audit log Issue 6103 - New connection timeout error breaks errormap (#6104) Issue 6067 - Improve dsidm CLI No Such Entry handling (#6079) Issue 6096 - Improve connection timeout error logging (#6097) Issue 6067 - Add hidden -v and -j options to each CLI subcommand (#6088) Issue 5487 - Fix various isses with logconv.pl (#6085) Issue 6052 - Paged results test sets hostname to `localhost` on test collection Issue 6061 - Certificate lifetime displayed as NaN Issue 6043, 6044 - Enhance Rust and JS bundling and add SPDX licenses for both (#6045) Issue 3555 - Remove audit-ci from dependencies (#6056) Issue 5647 - Fix unused variable warning from previous commit (#5670) issue 5647 - covscan: memory leak in audit log when adding entries (#5650) Issue 6047 - Add a check for tagged commits Issue 6041 - dscreate ds-root - accepts relative path (#6042) Issue 6034 - Change replica_id from str to int Issue 5938 - Attribute Names changed to lowercase after adding the Attributes (#5940) Issue 5870 - ns-slapd crashes at startup if a backend has no suffix (#5871) Issue 5939 - During an update, if the target entry is reverted in the entry cache, the server should not retry to lock it (#6007) Issue 5944 - Reversion of the entry cache should be limited to BETXN plugin failures (#5994) Issue 5954 - Disable Transparent Huge Pages Important SUSE bug 1225507 SUSE bug 1225512 SUSE bug 1226277 SUSE bug 1228912 CVE-2024-2199 at SUSE CVE-2024-2199 at NVD CVE-2024-3657 at SUSE CVE-2024-3657 at NVD CVE-2024-5953 at SUSE CVE-2024-5953 at NVD cpe:/o:opensuse:leap:15.6 Security update for zziplib (Moderate) openSUSE Leap 15.6 This update for zziplib fixes the following issues: - CVE-2024-39134: Fixed a stack buffer overflow via the __zzip_fetch_disk_trailer() (bsc#1227178) Moderate SUSE bug 1227178 CVE-2024-39134 at SUSE CVE-2024-39134 at NVD cpe:/o:opensuse:leap:15.6 Security update for kubernetes1.25 (Moderate) openSUSE Leap 15.6 This update for kubernetes1.25 fixes the following issues: - CVE-2021-25743: Fixed sanitization of raw data of escape, meta or control sequences before output it to terminal (bsc#1194400) Other fixes: - Included kubernetes1.25-client package. (jsc#PED-5755) Moderate SUSE bug 1194400 CVE-2021-25743 at SUSE CVE-2021-25743 at NVD cpe:/o:opensuse:leap:15.6 Security update for openssl-1_1 (Moderate) openSUSE Leap 15.6 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng. (bsc#1226463) - Fixed C99 violations to allow the package to build with GCC 14. (bsc#1225907) Moderate SUSE bug 1225907 SUSE bug 1226463 SUSE bug 1227138 CVE-2024-5535 at SUSE CVE-2024-5535 at NVD cpe:/o:opensuse:leap:15.6 Security update for osc (Moderate) openSUSE Leap 15.6 This update for osc fixes the following issues: - 1.9.0 - Security: - Fix possibility to overwrite special files in .osc (CVE-2024-22034 bsc#1225911) Source files are now stored in the 'sources' subdirectory which prevents name collisons. This requires changing version of '.osc' store to 2.0. - Command-line: - Introduce build --checks parameter - Library: - OscConfigParser: Remove automatic __name__ option - 1.8.3 - Command-line: - Change 'repairwc' command to always run all repair steps - Library: - Make most of the fields in KeyinfoPubkey and KeyinfoSslcert models optional - Fix colorize() to avoid wrapping empty string into color escape sequences - Provide default values for kwargs.get/pop in get_results() function - 1.8.2 - Library: - Change 'repairwc' command to fix missing .osc/_osclib_version - Make error message in check_store_version() more generic to work for both projects and packages - Fix check_store_version in project store - 1.8.1 - Command-line: - Fix 'linkpac' command crash when used with '--disable-build' or '--disable-publish' option - 1.8.0 - Command-line: - Improve 'submitrequest' command to inherit description from superseded request - Fix 'mv' command when renaming a file multiple times - Improve 'info' command to support projects - Improve 'getbinaries' command by accepting '-M' / '--multibuild-package' option outside checkouts - Add architecture filtering to 'release' command - Change 'results' command so the normal and multibuild packages have the same output - Change 'results' command to use csv writer instead of formatting csv as string - Add couple mutually exclusive options errors to 'results' command - Set a default value for 'results --format' only for the csv output - Add support for 'results --format' for the default text mode - Update help text for '--format' option in 'results' command - Add 'results --fail-on-error/-F' flag - Redirect venv warnings from stderr to debug output - Configuration: - Fix config parser to throw an exception on duplicate sections or options - Modify conf.get_config() to print permissions warning to stderr rather than stdout - Library: - Run check_store_version() in obs_scm.Store and fix related code in Project and Package - Forbid extracting files with absolute path from 'cpio' archives (bsc#1122683) - Forbid extracting files with absolute path from 'ar' archives (bsc#1122683) - Remove no longer valid warning from core.unpack_srcrpm() - Make obs_api.KeyinfoSslcert keyid and fingerprint fields optional - Fix return value in build build.create_build_descr_data() - Fix core.get_package_results() to obey 'multibuild_packages' argument - Tests: - Fix tests so they don't modify fixtures - 1.7.0 - Command-line: - Add 'person search' command - Add 'person register' command - Add '-M/--multibuild-package' option to '[what]dependson' commands - Update '-U/--user' option in 'maintainer' command to accept also an email address - Fix 'branch' command to allow using '--new-package' option on packages that do not exist - Fix 'buildinfo' command to include obs:cli_debug_packages by default - Fix 'buildinfo' command to send complete local build environment as the 'build' command does - Fix 'maintainer --devel-project' to raise an error if running outside a working copy without any arguments - Fix handling arguments in 'service remoterun prj/pac' - Fix 'rebuild' command so the '--all' option conflicts with the 'package' argument - Fix crash when removing 'scmsync' element from dst package meta in 'linkpac' command - Fix crash when reading dst package meta in 'linkpac' command - Allow `osc rpmlint` to infer prj/pkg from CWD - Propagate exit code from the run() and do_() commandline methods - Give a hint where a scmsync git is hosted - Fix crash in 'updatepacmetafromspec' command when working with an incomplete spec - Improve 'updatepacmetafromspec' command to expand rpm spec macros by calling rpmspec to query the data - Improve 'build' and 'buildinfo' commands by uploading *.inc files to OBS for parsing BuildRequires (bsc#1221340) - Improve 'service' command by printing names of running services - Improve 'getbinaries' command by ignoring source and debuginfo filters when a binary name is specified - Change 'build' command to pass '--jobs' option to 'build' tool only if 'build_jobs' > 0 - Clarify 'list' command's help that that listing binaries doesn't contain md5 checksums - Improve 'log' command: produce proper CSV and XML outputs, add -p/--patch option for the text output - Allow setlinkrev to set a specific vrev - Document '--buildtool-opt=--noclean' example in 'build' command's help - Fix handling the default package argument on the command-line - Configuration: - Document loading configuration from env variables - Connection: - Don't retry on error 400 - Remove now unused 'retry_on_400' http_request() option from XmlModel - Revert 'Don't retry on 400 HTTP status code in core.server_diff()' - Revert 'connection: Allow disabling retry on 400 HTTP status code' - Authentication: - Update SignatureAuthHandler to support specifying ssh key by its fingerprint - Use ssh key from ssh agent that contains comment 'obs=<apiurl-hostname>' - Use strings instead of bytes in SignatureAuthHandler - Cache password from SecretService to avoid spamming user with an accept dialog - Never ask for credentials when displaying help - Remove unused SignatureAuthHandler.get_fingerprint() - Library: - Add rootless build support for 'qemu' VM type - Support package linking of packages from scmsync projects - Fix do_createrequest() function to return None instead of request id - Replace invalid 'if' with 'elif' in BaseModel.dict() - Fix crash when no prefered packages are defined - Add XmlModel class that encapsulates manipulation with XML - Add obs_api.Person.cmd_register() for registering new users - Fix conf.get_config() to ignore file type bits when comparing oscrc perms - Fix conf.get_config() to correctly handle overrides when env variables are set - Fix output.tty.IS_INTERACTIVE when os.isatty() throws OSError - Improve cmdln.HelpFormatter to obey newline characters - Update list of color codes in 'output.tty' module - Remove core.setDevelProject() in favor of core.set_devel_project() - Move removing control characters to output.sanitize_text() - Improve sanitize_text() to keep selected CSI escape sequences - Add output.pipe_to_pager() that pipes lines to a pager without creating an intermediate temporary file - Fix output.safe_write() in connection with NamedTemporaryFile - Modernize output.run_pager() - Extend output.print_msg() to accept 'error' and 'warning' values of 'to_print' argument - Add XPathQuery class for translating keyword arguments to an xpath query - Add obs_api.Keyinfo class - Add obs_api.Package class - Add Package.get_revision_list() for listing commit log - Add obs_api.PackageSources class for handling OBS SCM sources - Add obs_api.Person class - Add obs_api.Project class - Add obs_api.Request class - Add obs_api.Token class - Allow storing apiurl in the XmlModel instances - Allow retrieving default field value from top-level model - Fix BaseModel to convert dictionaries to objects on retrieving a model list - Fix BaseModel to always deepcopy mutable defaults on first use - Implement do_snapshot() and has_changed() methods to determine changes in BaseModel - Implement total ordering on BaseModel - Add comments with available attributes/elements to edited XML - Refactoring: - Migrate repo {list,add,remove} commands to obs_api.Project - Migrate core.show_package_disabled_repos() to obs_api.Package - Migrate core.Package.update_package_meta() to obs_api.Package - Migrate core.get_repos_of_project() to obs_api.Project - Migrate core.get_repositories_of_project() to obs_api.Project - Migrate core.show_scmsync() to obs_api.{Package,Project} - Migrate core.set_devel_project() to obs_api.Package - Migrate core.show_devel_project() to obs_api.Package - Migrate Fetcher.run() to obs_api.Keyinfo - Migrate core.create_submit_request() to obs_api.Request - Migrate 'token' command to obs_api.Token - Migrate 'whois/user' command to obs_api.Person - Migrate 'signkey' command to obs_api.Keyinfo - Move print_msg() to the 'osc.output' module - Move run_pager() and get_default_pager() from 'core' to 'output' module - Move core.Package to obs_scm.Package - Move core.Project to obs_scm.Project - Move functions manipulating store from core to obs_scm.store - Move store.Store to obs_scm.Store - Move core.Linkinfo to obs_scm.Linkinfo - Move core.Serviceinfo to obs_scm.Serviceinfo - Move core.File to obs_scm.File - Merge _private.project.ProjectMeta into obs_api.Project - Spec: - Remove dependency on /usr/bin/python3 using %python3_fix_shebang macro (bsc#1212476) - 1.6.2 - Command-line: - Fix 'branch' command to allow using '--new-package' option on packages that do not exist - Fix 'buildinfo' command to include obs:cli_debug_packages by default - Fix 'buildinfo' command to send complete local build environment as the 'build' command does - Allow `osc rpmlint` to infer prj/pkg from CWD - Propagate exit code from the run() and do_() commandline methods - Give a hint where a scmsync git is hosted - Fix crash in 'updatepacmetafromspec' command when working with an incomplete spec - Authentication: - Cache password from SecretService to avoid spamming user with an accept dialog - Never ask for credentials when displaying help - Library: - Support package linking of packages from scmsync projects - Fix do_createrequest() function to return None instead of request id - Replace invalid 'if' with 'elif' in BaseModel.dict() - Fix crash when no prefered packages are defined - 1.6.1 - Command-line: - Use busybox compatible commands for completion - Change 'wipe' command to use the new get_user_input() function - Fix error 500 in running 'meta attribute <prj>' - Configuration: - Fix resolving config symlink to the actual config file - Honor XDG_CONFIG_HOME and XDG_CACHE_HOME env vars - Warn about ignoring XDG_CONFIG_HOME and ~/.config/osc/oscrc if ~/.oscrc exists - Library: - Error out when branching a scmsync package - New get_user_input() function for consistent handling of user input - Move xml_indent, xml_quote and xml_unquote to osc.util.xml module - Refactor makeurl(), deprecate query taking string or list arguments, drop osc_urlencode() - Remove all path quoting, rely on makeurl() - Always use dict query in makeurl() - Fix core.slash_split() to strip both leading and trailing slashes - 1.6.0 - Command-line: - The 'token --trigger' command no longer sets '--operation=runservice' by default. - Change 'token --create' command to require '--operation' - Fix 'linkdiff' command error 400: prj/pac/md5 not in repository - Update 'build' command to support building 'productcompose' build type with updateinfo.xml data - Don't show meter in terminals that are not interactive - Fix traceback when running osc from an arbitrary git repo that fails to map branch to a project (bsc#1218170) - Configuration: - Implement reading credentials from environmental variables - Allow starting with an empty config if --configfile is either empty or points to /dev/null - Implement 'quiet' conf option - Password can be an empty string (commonly used with ssh auth) - Connection: - Allow -X HEAD on osc api requests as well - Library: - Fix credentials managers to consistently return Password - Fix Password.encode() on python < 3.8 - Refactor 'meter' module, use config settings to pick the right class - Convert to using f-strings - Use Field.get_callback to handle quiet/verbose and http_debug/http_full_debug options - Implement get_callback that allows modifying returned value to the Field class - Add support for List[BaseModel] type to Field class - Report class name when reporting an error during instantiating BaseModel object - Fix exporting an empty model field in BaseModel.dict() - Fix initializing a sub-model instance from a dictionary - Implement 'Enum' support in models - Fix Field.origin_type for Optional types - Drop unused 'exclude_unset' argument from BaseModel.dict() method - Store cached model defaults in self._defaults, avoid sharing references to mutable defaults - Limit model attributes to predefined fields by forbidding creating new attributes on fly - Store model values in self._values dict instead of private attributes - Spec: - Recommend openssh-clients for ssh-add that is required during ssh auth - Add 0%{?amzn} macro that wasn't usptreamed Moderate SUSE bug 1122683 SUSE bug 1212476 SUSE bug 1218170 SUSE bug 1221340 SUSE bug 1225911 CVE-2024-22034 at SUSE CVE-2024-22034 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-WebOb (Moderate) openSUSE Leap 15.6 This update for python-WebOb fixes the following issues: - CVE-2024-42353: Fixed open redirect via WebOb's Response object in Location header (bsc#1229221) Moderate SUSE bug 1229221 CVE-2024-42353 at SUSE CVE-2024-42353 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657). - CVE-2023-38417: wifi: iwlwifi: bump FW API to 90 for BZ/SC devices (bsc#1225600). - CVE-2023-47210: wifi: iwlwifi: bump FW API to 90 for BZ/SC devices (bsc#1225601). - CVE-2023-52435: net: prevent mss overflow in skb_segment() (bsc#1220138). - CVE-2023-52458: Fixed check that partition length needs to be aligned with block size (bsc#1220428). - CVE-2023-52503: Fixed tee/amdtee use-after-free vulnerability in amdtee_close_session (bsc#1220915). - CVE-2023-52618: Fixed string overflow in block/rnbd-srv (bsc#1221615). - CVE-2023-52622: ext4: avoid online resizing failures due to oversized flex bg (bsc#1222080). - CVE-2023-52631: Fixed an NULL dereference bug (bsc#1222264 CVE-2023-52631). - CVE-2023-52640: Fixed out-of-bounds in ntfs_listxattr (bsc#1222301). - CVE-2023-52641: Fixed NULL ptr dereference checking at the end of attr_allocate_frame() (bsc#1222303) - CVE-2023-52645: Fixed pmdomain/mediatek race conditions with genpd (bsc#1223033). - CVE-2023-52652: Fixed NTB for possible name leak in ntb_register_device() (bsc#1223686). - CVE-2023-52656: Dropped any code related to SCM_RIGHTS (bsc#1224187). - CVE-2023-52672: pipe: wakeup wr_wait after setting max_usage (bsc#1224614). - CVE-2023-52674: Add clamp() in scarlett2_mixer_ctl_put() (bsc#1224727). - CVE-2023-52659: Fixed to pfn_to_kaddr() not treated as a 64-bit type (bsc#1224442) - CVE-2023-52680: Fixed missing error checks to *_ctl_get() (bsc#1224608). - CVE-2023-52692: Fixed missing error check to scarlett2_usb_set_config() (bsc#1224628). - CVE-2023-52698: Fixed memory leak in netlbl_calipso_add_pass() (CVE-2023-52698 bsc#1224621) - CVE-2023-52699: sysv: don't call sb_bread() with pointers_lock held (bsc#1224659). - CVE-2023-52735: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself (bsc#1225475). - CVE-2023-52751: smb: client: fix use-after-free in smb2_query_info_compound() (bsc#1225489). - CVE-2023-52757: Fixed potential deadlock when releasing mids (bsc#1225548). - CVE-2023-52771: Fixed delete_endpoint() vs parent unregistration race (bsc#1225007). - CVE-2023-52772: Fixed use-after-free in unix_stream_read_actor() (bsc#1224989). - CVE-2023-52775: net/smc: avoid data corruption caused by decline (bsc#1225088). - CVE-2023-52786: ext4: fix racy may inline data check in dio write (bsc#1224939). - CVE-2023-52787: blk-mq: make sure active queue usage is held for bio_integrity_prep() (bsc#1225105). - CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935). - CVE-2023-52843: llc: verify mac len before reading mac header (bsc#1224951). - CVE-2023-52845: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (bsc#1225585). - CVE-2023-52855: usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency (bsc#1225583). - CVE-2023-52860: Fixed null pointer dereference in hisi_hns3 (bsc#1224936). - CVE-2023-52875: Add check for mtk_alloc_clk_data (bsc#1225096). - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611). - CVE-2023-6238: Fixed kcalloc() arguments order (bsc#1217384). - CVE-2024-21823: Fixed safety flag to struct ends (bsc#1223625). - CVE-2024-23848: Fixed media/cec for possible use-after-free in cec_queue_msg_fh (bsc#1219104). - CVE-2024-25739: Fixed possible crash in create_empty_lvol() in drivers/mtd/ubi/vtbl.c (bsc#1219834). - CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342). - CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293). - CVE-2024-26615: net/smc: fix illegal rmb_desc access in SMC-D connection dump (bsc#1220942). - CVE-2024-26623: pds_core: Prevent race issues involving the adminq (bsc#1221057). - CVE-2024-26625: Call sock_orphan() at release time (bsc#1221086) - CVE-2024-26632: Fixed iterating over an empty bio with bio_for_each_folio_all (bsc#1221635). - CVE-2024-26633: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (bsc#1221647). - CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656). - CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659). - CVE-2024-26638: Fixed uninitialize struct msghdr completely (bsc#1221649 CVE-2024-26638). - CVE-2024-26641: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (bsc#1221654). - CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830). - CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829). - CVE-2024-26663: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (bsc#1222326). - CVE-2024-26665: tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328). - CVE-2024-26671: Fixed blk-mq IO hang from sbitmap wakeup race (bsc#1222357). - CVE-2024-26673: Fixed netfilter/nft_ct layer 3 and 4 protocol sanitization (bsc#1222368). - CVE-2024-26674: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups (bsc#1222378). - CVE-2024-26679: Fixed read sk->sk_family once in inet_recv_error() (bsc#1222385). - CVE-2024-26684: Fixed net/stmmac/xgmac handling of DPP safety error for DMA channels (bsc#1222445). - CVE-2024-26691: KVM: arm64: Fix circular locking dependency (bsc#1222463). - CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422). - CVE-2024-26726: Fixed invalid drop extent_map for free space inode on write error (bsc#1222532) - CVE-2024-26731: Fixed NULL pointer dereference in sk_psock_verdict_data_ready() (bsc#1222371). - CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585). - CVE-2024-26734: devlink: fix possible use-after-free and memory leaks in devlink_init() (bsc#1222438). - CVE-2024-26737: Fixed selftests/bpf racing between bpf_timer_cancel_and_free and bpf_timer_cancel (bsc#1222557). - CVE-2024-26740: Fixed use the backlog for mirred ingress (bsc#1222563). - CVE-2024-26760: scsi: target: pscsi: Fix bio_put() for error case (bsc#1222596). - CVE-2024-26772: Fixed ext4 to avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (bsc#1222613). - CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found() (bsc#1222618). - CVE-2024-26774: Fixed dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt (bsc#1222622). - CVE-2024-26775: Fixed potential deadlock at set_capacity (bsc#1222627). - CVE-2024-26783: Fixed mm/vmscan bug when calling wakeup_kswapd() with a wrong zone index (bsc#1222615). - CVE-2024-26785: iommufd: Fix protection fault in iommufd_test_syz_conv_iova (bsc#1222779). - CVE-2024-26791: Fixed properly validate device names in btrfs (bsc#1222793) - CVE-2024-26805: Fixed a kernel-infoleak-after-free in __skb_datagram_iter in netlink (bsc#1222630). - CVE-2024-26807: Fixed spi/cadence-qspi NULL pointer reference in runtime PM hooks (bsc#1222801). - CVE-2024-26813: vfio/platform: Create persistent IRQ handlers (bsc#1222809). - CVE-2024-26814: vfio/fsl-mc: Block calling interrupt handler without trigger (bsc#1222810). - CVE-2024-26815: Fixed improper TCA_TAPRIO_TC_ENTRY_INDEX check (bsc#1222635). - CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y (bsc#1222624). - CVE-2024-26822: Set correct id, uid and cruid for multiuser automounts (bsc#1223011). - CVE-2024-26826: mptcp: fix data re-injection from stale subflow (bsc#1223010). - CVE-2024-26832: Fixed missing folio cleanup in writeback race path (bsc#1223007). - CVE-2024-26836: Fixed platform/x86/think-lmi password opcode ordering for workstations (bsc#1222968). - CVE-2024-26844: Fixed WARNING in _copy_from_iter (bsc#1223015). - CVE-2024-26845: scsi: target: core: Add TMF to tmr_list handling (bsc#1223018). - CVE-2024-26860: Fixed a memory leak when rechecking the data (bsc#1223077). - CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111). - CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021). - CVE-2024-26878: Fixed quota for potential NULL pointer dereference (bsc#1223060). - CVE-2024-26882: Fixed net/ip_tunnel to make sure to pull inner header in ip_tunnel_rcv() (bsc#1223034). - CVE-2024-26883: Fixed bpf stackmap overflow check on 32-bit arches (bsc#1223035). - CVE-2024-26884: Fixed bpf hashtab overflow check on 32-bit arches (bsc#1223189). - CVE-2024-26885: Fixed bpf DEVMAP_HASH overflow check on 32-bit arches (bsc#1223190). - CVE-2024-26899: Fixed deadlock between bd_link_disk_holder and partition scan (bsc#1223045). - CVE-2024-26901: Fixed do_sys_name_to_handle() to use kzalloc() to prevent kernel-infoleak (bsc#1223198). - CVE-2024-26906: Fixed invalid vsyscall page read for copy_from_kernel_nofault() (bsc#1223202). - CVE-2024-26909: Fixed drm bridge use-after-free (bsc#1223143). - CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138). - CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384). - CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path (bsc#1223390). - CVE-2024-26928: Fixed potential UAF in cifs_debug_files_proc_show() (bsc#1223532). - CVE-2024-26944: btrfs: zoned: fix lock ordering in btrfs_zone_activate() (bsc#1223731). - CVE-2024-26945: Fixed nr_cpus &lt; nr_iaa case (bsc#1223732). - CVE-2024-26946: Fixed copy_from_kernel_nofault() to read from unsafe address (bsc#1223669). - CVE-2024-26948: Fixed drm/amd/display by adding dc_state NULL check in dc_state_release (bsc#1223664). - CVE-2024-26958: Fixed UAF in direct writes (bsc#1223653). - CVE-2024-26960: Fixed mm/swap race between free_swap_and_cache() and swapoff() (bsc#1223655). - CVE-2024-26982: Fixed Squashfs inode number check not to be an invalid value of zero (bsc#1223634). - CVE-2024-26991: Fixed overflow lpage_info when checking attributes (bsc#1223695). - CVE-2024-26993: Fixed fs/sysfs reference leak in sysfs_break_active_protection() (bsc#1223693). - CVE-2024-27012: netfilter: nf_tables: restore set elements when delete set fails (bsc#1223804). - CVE-2024-27013: Fixed tun limit printing rate when illegal packet received by tun device (bsc#1223745). - CVE-2024-27014: Fixed net/mlx5e to prevent deadlock while disabling aRFS (bsc#1223735). - CVE-2024-27015: netfilter: flowtable: incorrect pppoe tuple (bsc#1223806). - CVE-2024-27016: netfilter: flowtable: validate pppoe header (bsc#1223807). - CVE-2024-27019: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (bsc#1223813) - CVE-2024-27020: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (bsc#1223815) - CVE-2024-27022: Fixed linking file vma until vma is fully initialized (bsc#1223774). - CVE-2024-27025: nbd: null check for nla_nest_start (bsc#1223778) - CVE-2024-27056: Fixed wifi/iwlwifi/mvm to ensure offloading TID queue exists (bsc#1223822). - CVE-2024-27064: netfilter: nf_tables: Fix a memory leak in nf_tables_updchain (bsc#1223740). - CVE-2024-27065: netfilter: nf_tables: do not compare internal table flags on updates (bsc#1223836). - CVE-2024-27395: Fixed Use-After-Free in ovs_ct_exit (bsc#1224098). - CVE-2024-27396: Fixed Use-After-Free in gtp_dellink (bsc#1224096). - CVE-2024-27401: Fixed user_length taken into account when fetching packet contents (bsc#1224181). - CVE-2024-27402: phonet/pep: fix racy skb_queue_empty() use (bsc#1224414). - CVE-2024-27404: mptcp: fix data races on remote_id (bsc#1224422) - CVE-2024-27408: Fixed race condition in dmaengine w-edma/eDMA (bsc#1224430). - CVE-2024-27414: rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back (bsc#1224439). - CVE-2024-27417: Fixed potential 'struct net' leak in inet6_rtm_getaddr() (bsc#1224721) - CVE-2024-27418: Fixed memory leak in mctp_local_output (bsc#1224720) - CVE-2024-27419: Fixed data-races around sysctl_net_busy_read (bsc#1224759) - CVE-2024-27431: Fixed Zero-initialise xdp_rxq_info struct before running XDP program (bsc#1224718). - CVE-2024-35247: fpga: region: add owner module and take its refcount (bsc#1226948). - CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743). - CVE-2024-35807: ext4: fix corruption during on-line resize (bsc#1224735). - CVE-2024-35827: io_uring/net: fix overflow check in io_recvmsg_mshot_prep() (bsc#1224606). - CVE-2024-35831: io_uring: Fix release of pinned pages when __io_uaddr_map fails (bsc#1224698). - CVE-2024-35843: iommu/vt-d: Use device rbtree in iopf reporting path (bsc#1224751). - CVE-2024-35848: eeprom: at24: fix memory corruption race condition (bsc#1224612). - CVE-2024-35852: Fixed memory leak when canceling rehash work (bsc#1224502). - CVE-2024-35853: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (bsc#1224604). - CVE-2024-35854: Fixed possible use-after-free during rehash (bsc#1224636). - CVE-2024-35857: icmp: prevent possible NULL dereferences from icmp_build_probe() (bsc#1224619). - CVE-2024-35860: Struct bpf_link and bpf_link_ops kABI workaround (bsc#1224531). - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766). - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764). - CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763). - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765). - CVE-2024-35865: Fixed potential UAF in smb2_is_valid_oplock_break() (bsc#1224668). - CVE-2024-35866: Fixed potential UAF in cifs_dump_full_key() (bsc#1224667). - CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1224664). - CVE-2024-35868: Fixed potential UAF in cifs_stats_proc_write() (bsc#1224678). - CVE-2024-35872: Fixed GUP-fast succeeding on secretmem folios (bsc#1224530). - CVE-2024-35877: Fixed VM_PAT handling in COW mappings (bsc#1224525). - CVE-2024-35880: io_uring/kbuf: hold io_buffer_list reference over mmap (bsc#1224523). - CVE-2024-35884: udp: do not accept non-tunnel GSO skbs landing in a tunnel (bsc#1224520). - CVE-2024-35886: ipv6: Fix infinite recursion in fib6_dump_done() (bsc#1224670). - CVE-2024-35890: gro: fix ownership transfer (bsc#1224516). - CVE-2024-35892: net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() (bsc#1224515). - CVE-2024-35893: net/sched: act_skbmod: prevent kernel-infoleak (bsc#1224512) - CVE-2024-35895: Fixed lock inversion deadlock in map delete elem (bsc#1224511). - CVE-2024-35898: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (bsc#1224498). - CVE-2024-35899: netfilter: nf_tables: flush pending destroy work before exit_net release (bsc#1224499) - CVE-2024-35900: netfilter: nf_tables: reject new basechain after table flag update (bsc#1224497). - CVE-2024-35903: Fixed IP after emitting call depth accounting (bsc#1224493). - CVE-2024-35908: tls: get psock ref after taking rxlock to avoid leak (bsc#1224490) - CVE-2024-35917: Fixed Fix bpf_plt pointer arithmetic (bsc#1224481). - CVE-2024-35921: Fixed oops when HEVC init fails (bsc#1224477). - CVE-2024-35925: block: prevent division by zero in blk_rq_stat_sum() (bsc#1224661). - CVE-2024-35926: crypto: iaa - Fix async_disable descriptor leak (bsc#1224655). - CVE-2024-35931: Fixed PCI error slot reset during RAS recovery (bsc#1224652). - CVE-2024-35934: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (bsc#1224641) - CVE-2024-35942: pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain (bsc#1224589). - CVE-2024-35943: Fixed a null pointer dereference in omap_prm_domain_init (bsc#1224649). - CVE-2024-35944: Fixed memcpy() run-time warning in dg_dispatch_as_host() (bsc#1224648). - CVE-2024-35964: Fixed not validating setsockopt user input (bsc#1224581). - CVE-2024-35969: Fixed race condition between ipv6_get_ifaddr and ipv6_del_addr (bsc#1224580). - CVE-2024-35976: Validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (bsc#1224575). - CVE-2024-35979: raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1224572). - CVE-2024-35991: Fixed kABI workaround for struct idxd_evl (bsc#1224553). - CVE-2024-35998: Fixed lock ordering potential deadlock in cifs_sync_mid_result (bsc#1224549). - CVE-2024-35999: Fixed missing lock when picking channel (bsc#1224550). - CVE-2024-36003: ice: fix LAG and VF lock dependency in ice_reset_vf() (bsc#1224544). - CVE-2024-36004: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1224545) - CVE-2024-36005: netfilter: nf_tables: honor table dormant flag from netdev release event path (bsc#1224539). - CVE-2024-36006: Fixed incorrect list API usage (bsc#1224541). - CVE-2024-36007: Fixed warning during rehash (bsc#1224543). - CVE-2024-36008: ipv4: check for NULL idev in ip_route_use_hint() (bsc#1224540). - CVE-2024-36017: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (bsc#1225681). - CVE-2024-36024: drm/amd/display: Disable idle reallow as part of command/gpint execution (bsc#1225702). - CVE-2024-36030: Fixed the double free in rvu_npc_freemem() (bsc#1225712) - CVE-2024-36281: net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules (bsc#1226799). - CVE-2024-36478: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (bsc#1226841). - CVE-2024-36479: fpga: bridge: add owner module and take its refcount (bsc#1226949). - CVE-2024-36882: mm: use memalloc_nofs_save() in page_cache_ra_order() (bsc#1225723). - CVE-2024-36889: ata: libata-scsi: Fix offsets for the fixed format sense data (bsc#1225746). - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737). - CVE-2024-36900: net: hns3: fix kernel crash when devlink reload during initialization (bsc#1225726). - CVE-2024-36901: ipv6: prevent NULL dereference in ip6_output() (bsc#1225711) - CVE-2024-36902: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (bsc#1225719). - CVE-2024-36903: ipv6: Fix potential uninit-value access in __ip6_make_skb() (bsc#1225741). - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732). - CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744). - CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717). - CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745). - CVE-2024-36912: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752). - CVE-2024-36913: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753). - CVE-2024-36914: drm/amd/display: Skip on writeback when it's not applicable (bsc#1225757). - CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758). - CVE-2024-36916: blk-iocost: avoid out of bounds shift (bsc#1225759). - CVE-2024-36917: block: fix overflow in blk_ioctl_discard() (bsc#1225770). - CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767). - CVE-2024-36923: fs/9p: fix uninitialized values during inode evict (bsc#1225815). - CVE-2024-36934: bna: ensure the copied buf is NUL terminated (bsc#1225760). - CVE-2024-36935: ice: ensure the copied buf is NUL terminated (bsc#1225763). - CVE-2024-36937: xdp: use flags field to disambiguate broadcast redirect (bsc#1225834). - CVE-2024-36938: Fixed NULL pointer dereference in sk_psock_skb_ingress_enqueue (bsc#1225761). - CVE-2024-36945: net/smc: fix neighbour and rtable leak in smc_ib_find_route() (bsc#1225823). - CVE-2024-36946: phonet: fix rtm_phonet_notify() skb allocation (bsc#1225851). - CVE-2024-36957: octeontx2-af: avoid off-by-one read from userspace (bsc#1225762). - CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145). - CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514). - CVE-2024-37021: fpga: manager: add owner module and take its refcount (bsc#1226950). - CVE-2024-37078: nilfs2: fix potential kernel bug due to lack of writeback flag waiting (bsc#1227066). - CVE-2024-37353: virtio: fixed a double free in vp_del_vqs() (bsc#1226875). - CVE-2024-37354: btrfs: fix crash on racing fsync and size-extending write into prealloc (bsc#1227101). - CVE-2024-38553: net: fec: remove .ndo_poll_controller to avoid deadlock (bsc#1226744). - CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607). - CVE-2024-38556: net/mlx5: Add a timeout to acquire the command queue semaphore (bsc#1226774). - CVE-2024-38557: net/mlx5: Reload only IB representors upon lag disable/enable (bsc#1226781). - CVE-2024-38558: net: openvswitch: fix overwriting ct original tuple for ICMPv6 (bsc#1226783). - CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789). - CVE-2024-38566: bpf: Fix verifier assumptions about socket->sk (bsc#1226790). - CVE-2024-38568: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group (bsc#1226771). - CVE-2024-38569: drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group (bsc#1226772). - CVE-2024-38570: gfs2: Fix potential glock use-after-free on unmount (bsc#1226775). - CVE-2024-38580: epoll: be better about file lifetimes (bsc#1226610). - CVE-2024-38586: r8169: Fix possible ring buffer corruption on fragmented Tx packets (bsc#1226750). - CVE-2024-38594: net: stmmac: move the EST lock to struct stmmac_priv (bsc#1226734). - CVE-2024-38597: eth: sungem: remove .ndo_poll_controller to avoid deadlocks (bsc#1226749). - CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757). - CVE-2024-38603: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() (bsc#1226842). - CVE-2024-38604: block: refine the EOF check in blkdev_iomap_begin (bsc#1226866). - CVE-2024-38608: net/mlx5e: Fix netif state handling (bsc#1226746). - CVE-2024-38610: drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() (bsc#1226758). - CVE-2024-38627: stm class: Fix a double free in stm_register_device() (bsc#1226857). - CVE-2024-38636: f2fs: multidev: fix to recognize valid zero block address (bsc#1226879). - CVE-2024-38659: enic: Validate length of nl attributes in enic_set_vf_port (bsc#1226883). - CVE-2024-38661: s390/ap: Fix crash in AP internal function modify_bitmap() (bsc#1226996). - CVE-2024-39276: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (bsc#1226993). - CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994). - CVE-2024-39371: io_uring: check for non-NULL file pointer in io_file_can_poll() (bsc#1226990). - CVE-2024-39468: smb: client: fix deadlock in smb2_find_smb_tcon() (bsc#1227103. - CVE-2024-39472: xfs: fix log recovery buffer allocation for the legacy h_size fixup (bsc#1227432). - CVE-2024-39474: mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL (bsc#1227434). - CVE-2024-39482: bcache: fix variable length array abuse in btree_iter (bsc#1227447). - CVE-2024-39487: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (bsc#1227573) - CVE-2024-39490: ipv6: sr: fix missing sk_buff release in seg6_input_core (bsc#1227626). - CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716). - CVE-2024-39496: btrfs: zoned: fix use-after-free due to race with dev replace (bsc#1227719). - CVE-2024-39498: drm/mst: Fix NULL pointer dereference at drm_dp_add_payload_part2 (bsc#1227723) - CVE-2024-39502: ionic: fix use after netif_napi_del() (bsc#1227755). - CVE-2024-39504: netfilter: nft_inner: validate mandatory meta and payload (bsc#1227757). - CVE-2024-39507: net: hns3: fix kernel crash problem in concurrent scenario (bsc#1227730). - CVE-2024-40901: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (bsc#1227762). - CVE-2024-40906: net/mlx5: Always stop health timer during driver removal (bsc#1227763). - CVE-2024-40908: bpf: Set run context for rawtp test_run callback (bsc#1227783). - CVE-2024-40919: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() (bsc#1227779). - CVE-2024-40923: vmxnet3: disable rx data ring on dma allocation failure (bsc#1227786). - CVE-2024-40925: block: fix request.queuelist usage in flush (bsc#1227789). - CVE-2024-40928: net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool() (bsc#1227788). - CVE-2024-40931: mptcp: ensure snd_una is properly initialized on connect (bsc#1227780). - CVE-2024-40935: cachefiles: flush all requests after setting CACHEFILES_DEAD (bsc#1227797). - CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836). - CVE-2024-40940: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail (bsc#1227800). - CVE-2024-40947: ima: Avoid blocking in RCU read-side critical section (bsc#1227803). - CVE-2024-40948: mm/page_table_check: fix crash on ZONE_DEVICE (bsc#1227801). - CVE-2024-40953: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (bsc#1227806). - CVE-2024-40960: ipv6: prevent possible NULL dereference in rt6_probe() (bsc#1227813). - CVE-2024-40961: ipv6: prevent possible NULL deref in fib6_nh_init() (bsc#1227814). - CVE-2024-40966: kABI: tty: add the option to have a tty reject a new ldisc (bsc#1227886). - CVE-2024-40970: Avoid hw_desc array overrun in dw-axi-dmac (bsc#1227899). - CVE-2024-40972: ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (bsc#1227910). - CVE-2024-40975: platform/x86: x86-android-tablets: Unregister devices in reverse order (bsc#1227926). - CVE-2024-40998: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (bsc#1227866). - CVE-2024-40999: net: ena: Add validation for completion descriptors consistency (bsc#1227913). - CVE-2024-41006: netrom: Fix a memory leak in nr_heartbeat_expiry() (bsc#1227862). - CVE-2024-41013: xfs: do not walk off the end of a directory data block (bsc#1228405). - CVE-2024-41014: xfs: add bounds checking to xlog_recover_process_data (bsc#1228408). - CVE-2024-41017: jfs: do not walk off the end of ealist (bsc#1228403). - CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328). - CVE-2024-41091: tun: add missing verification for short frame (bsc#1228327). The following non-security bugs were fixed: - 9p: add missing locking around taking dentry fid list (git-fixes) - accel/ivpu: Fix deadlock in context_xa (git-fixes). - ACPI: bus: Indicate support for IRQ ResourceSource thru _OSC (git-fixes). - ACPI: bus: Indicate support for _TFP thru _OSC (git-fixes). - ACPI: bus: Indicate support for the Generic Event Device thru _OSC (git-fixes). - ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() (git-fixes). - ACPICA: Revert 'ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.' (git-fixes). - ACPI: CPPC: Fix access width used for PCC registers (git-fixes). - ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro (git-fixes). - ACPI: CPPC: Use access_width over bit_width for system memory accesses (stable-fixes). - ACPI: disable -Wstringop-truncation (git-fixes). - ACPI: EC: Abort address space access upon error (stable-fixes). - ACPI: EC: Avoid returning AE_OK on errors in address space handler (stable-fixes). - ACPI: EC: Evaluate orphan _REG under EC device (git-fixes). - ACPI: EC: Install address space handler at the namespace root (stable-fixes). - ACPI: Fix Generic Initiator Affinity _OSC bit (git-fixes). - ACPI: LPSS: Advertise number of chip selects via property (git-fixes). - ACPI: processor_idle: Fix invalid comparison with insertion sort for latency (git-fixes). - ACPI: resource: Add Infinity laptops to irq1_edge_low_force_override (stable-fixes). - ACPI: resource: Do IRQ override on Lunnen Ground laptops (stable-fixes). - ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx (stable-fixes). - ACPI: scan: Do not increase dep_unmet for already met dependencies (git-fixes). - ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 (bsc#1217750). - ACPI: x86: Add PNP_UART1_SKIP quirk for Lenovo Blade2 tablets (stable-fixes). - ACPI: x86: Force StorageD3Enable on more products (stable-fixes). - ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS (stable-fixes). - Add console: Improve console_srcu_read_flags() comments device property: Add SOFTWARE_NODE() macro for defining software nodes device property: Add fwnode_name_eq() device property: Add fwnode_property_match_property_string() device property: Implement device_is_big_endian() device property: Implement device_is_compatible() nbcon: Provide functions for drivers to acquire console for non-printing. panic: Flush kernel log buffer at the end panic: Mark emergency section in oops panic: Mark emergency section in warn panic: add option to dump blocked tasks in panic_print panic: suppress gnu_printf warning printk: Add @flags argument for console_is_usable() printk: Add function to replay kernel log on consoles printk: Add kthread for all legacy consoles printk: Add non-BKL (nbcon) console basic infrastructure printk: Add notation to console_srcu locking printk: Atomic print in printk context on shutdown printk: Avoid console_lock dance if no legacy or boot consoles printk: Avoid false positive lockdep report for legacy printing printk: Check printk_deferred_enter()/_exit() usage printk: Check valid console index for preferred console printk: Constify name for add_preferred_console() printk: Coordinate direct printing in panic printk: Do not try to parse DEVNAME:0.0 console options printk: Flag register_console() if console is set on command line. printk: Let console_is_usable() handle nbcon printk: Make console_is_usable() available to nbcon printk: Make static printk buffers available to nbcon printk: Properly deal with nbcon consoles on seq init printk: Provide helper for message prepending printk: Provide threadprintk boot argument printk: Reduce pr_flush() pooling time printk: Remove the now superfluous sentinel elements from ctl_table array printk: Save console options for add_preferred_console_match() printk: Track nbcon consoles printk: Track registered boot consoles printk: fix illegal pbufs access for !CONFIG_PRINTK printk: flush consoles before checking progress printk: nbcon: Add acquire/release logic printk: nbcon: Add buffer management printk: nbcon: Add callbacks to synchronize with driver printk: nbcon: Add context to console_is_usable() printk: nbcon: Add detailed doc for write_atomic() printk: nbcon: Add emit function and callback function for atomic printing printk: nbcon: Add helper to assign priority based on CPU state printk: nbcon: Add ownership state functions printk: nbcon: Add printer thread wakeups printk: nbcon: Add sequence handling printk: nbcon: Add unsafe flushing on panic printk: nbcon: Allow drivers to mark unsafe regions and check state. printk: nbcon: Do not rely on proxy headers printk: nbcon: Implement emergency sections printk: nbcon: Introduce printing kthreads printk: nbcon: Provide function to flush using write_atomic() printk: nbcon: Provide function to reacquire ownership printk: nbcon: Remove return value for write_atomic() printk: nbcon: Show replay message on takeover printk: nbcon: Start printing threads printk: nbcon: Use driver synchronization while (un)registering printk: nbcon: Use nbcon consoles in console_flush_all() serial: convert uart sysrq handling to u8 serial: core: Add UPIO_UNKNOWN constant for unknown port type serial: core: Controller id cannot be negative serial: core: Fix serial core port id to not use port->line serial: core: Implement processing in port->lock wrapper serial: core: Introduce wrapper to set @uart_port->cons serial: core: Move struct uart_port::quirks closer to possible serial: core: Provide low-level functions to lock port serial: core: Update uart_poll_timeout() function to return unsigned long. serial: core: Use lock wrappers serial: core: do not kfree device managed data serial: core: fix -EPROBE_DEFER handling in init serial: make uart_insert_char() accept u8s serial: port: Introduce a common helper to read properties tty/sysrq: Replay kernel log messages on consoles via sysrq - Add reference to L3 bsc#1225765 in BPF control flow graph and precision backtrack fixes (bsc#1225756) The L3 bsc#1225765 was created seperately since our customer requires PTF. - admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET (git-fixes). - ahci: asm1064: asm1166: do not limit reported ports (git-fixes). - ahci: asm1064: correct count of reported ports (stable-fixes). - ALSA: aoa: avoid false-positive format truncation warning (git-fixes). - ALSA: core: Fix NULL module pointer assignment at card init (git-fixes). - ALSA: core: Remove debugfs at disconnection (git-fixes). - ALSA: dmaengine_pcm: terminate dmaengine before synchronize (stable-fixes). - ALSA: dmaengine: Synchronize dma channel after drop() (stable-fixes). - ALSA: emux: improve patch ioctl data validation (stable-fixes). - ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter (stable-fixes). - ALSA: Fix deadlocks with kctl removals at disconnection (stable-fixes). - ALSA: hda: Add Intel BMG PCI ID and HDMI codec vid (stable-fixes). - ALSA: hda: clarify Copyright information (stable-fixes). - ALSA: hda/conexant: Mute speakers at suspend / shutdown (bsc#1228269). - ALSA: hda: cs35l41: Add support for ASUS ROG 2024 Laptops (stable-fixes). - ALSA: hda: cs35l41: Component should be unbound before deconstruction (git-fixes). - ALSA: hda: cs35l41: Fix swapped l/r audio channels for Lenovo ThinBook 13x Gen4 (git-fixes). - ALSA: hda: cs35l41: Ignore errors when configuring IRQs (stable-fixes). - ALSA: hda: cs35l41: Possible null pointer dereference in cs35l41_hda_unbind() (git-fixes). - ALSA: hda: cs35l41: Remove redundant argument to cs35l41_request_firmware_file() (stable-fixes). - ALSA: hda: cs35l41: Remove Speaker ID for Lenovo Legion slim 7 16ARHA7 (git-fixes). - ALSA: hda: cs35l41: Set the max PCM Gain using tuning setting (stable-fixes). - ALSA: hda: cs35l41: Support HP Omen models without _DSD (stable-fixes). - ALSA: hda: cs35l41: Support Lenovo 13X laptop without _DSD (stable-fixes). - ALSA: hda: cs35l41: Support Lenovo Thinkbook 13x Gen 4 (stable-fixes). - ALSA: hda: cs35l41: Support Lenovo Thinkbook 16P Gen 5 (stable-fixes). - ALSA: hda: cs35l56: Add ACPI device match tables (git-fixes). - ALSA: hda: cs35l56: Component should be unbound before deconstruction (git-fixes). - ALSA: hda: cs35l56: Exit cache-only after cs35l56_wait_for_firmware_boot() (stable-fixes). - ALSA: hda: cs35l56: Fix lifecycle of codec pointer (stable-fixes). - ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance (git-fixes). - ALSA: hda: cs35l56: Set the init_done flag before component_add() (git-fixes). - ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup (git-fixes). - ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown (bsc#1228269). - ALSA: hda: hda_cs_dsp_ctl: Remove notification of driver write (stable-fixes). - ALSA/hda: intel-dsp-config: Document AVS as dsp_driver option (git-fixes). - ALSA: hda: intel-dsp-config: harden I2C/I2S codec detection (stable-fixes). - ALSA/hda: intel-dsp-config: reduce log verbosity (git-fixes). - ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() (git-fixes). - ALSA: hda/realtek: Add more codec ID to no shutup pins list (stable-fixes). - ALSA: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes). - ALSA: hda/realtek: Add quirk for HP SnowWhite laptops (stable-fixes). - ALSA: hda/realtek: Add quirk for HP Spectre x360 14 eu0000 (stable-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14AHP9 (stable-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14ARP8 (stable-fixes). - ALSA: hda/realtek: Add quirks for ASUS Laptops using CS35L56 (stable-fixes). - ALSA: hda/realtek: Add quirks for HP Omen models using CS35L41 (stable-fixes). - ALSA: hda/realtek: Add quirks for Huawei Matebook D14 NBLB-WAX9N (stable-fixes). - ALSA: hda/realtek: Add quirks for Lenovo 13X (stable-fixes). - ALSA: hda/realtek: Add quirks for some Clevo laptops (stable-fixes). - ALSA: hda/realtek: Add sound quirks for Lenovo Legion slim 7 16ARHA7 models (stable-fixes). - ALSA: hda/realtek: Add support for ASUS Zenbook 2024 HN7306W (stable-fixes). - ALSA: hda/realtek: Adjust G814JZR to use SPI init for amp (git-fixes). - ALSA: hda/realtek: cs35l41: Fixup remaining asus strix models (git-fixes). - ALSA: hda/realtek: cs35l41: Support ASUS ROG G634JYR (stable-fixes). - ALSA: hda/realtek: Drop doubly quirk entry for 103c:8a2e (git-fixes). - ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC (stable-fixes). - ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 (stable-fixes). - ALSA: hda/realtek: Enable headset mic on IdeaPad 330-17IKB 81DM (git-fixes). - ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 (stable-fixes). - ALSA: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes). - ALSA: hda/realtek: Fix build error without CONFIG_PM (stable-fixes). - ALSA: hda/realtek: Fix conflicting PCI SSID 17aa:386f for Lenovo Legion models (bsc#1223462). - ALSA: hda/realtek: Fix conflicting quirk for PCI SSID 17aa:3820 (git-fixes). - ALSA: hda/realtek - fixed headset Mic not show (stable-fixes). - ALSA: hda/realtek: Fixes for Asus GU605M and GA403U sound (stable-fixes). - ALSA: hda/realtek - Fix inactive headset mic jack (stable-fixes). - ALSA: hda/realtek: Fix internal speakers for Legion Y9000X 2022 IAH7 (stable-fixes). - ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU (stable-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for EliteBook 645/665 G11 (stable-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for ProBook 440/460 G11 (stable-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for ProBook 445/465 G11 (stable-fixes). - ALSA: hda/realtek: fix the hp playback volume issue for LG machines (stable-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (stable-fixes). - ALSA: hda/realtek: Fix volumn control of ThinkBook 16P Gen4 (git-fixes). - ALSA: hda/realtek: Limit mic boost on N14AP7 (stable-fixes). - ALSA: hda/realtek: Limit mic boost on VAIO PRO PX (stable-fixes). - ALSA: hda/realtek: Remove Framework Laptop 16 from quirks (git-fixes). - ALSA: hda/realtek - Set GPIO3 to default at S4 state for Thinkpad with ALC1318 (stable-fixes). - ALSA: hda/realtek: Support Lenovo Thinkbook 13x Gen 4 (stable-fixes). - ALSA: hda/realtek: Support Lenovo Thinkbook 16P Gen 5 (stable-fixes). - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx (stable-fixes). - ALSA: hda/tas2781: add locks to kcontrols (git-fixes). - ALSA: hda/tas2781: Add new quirk for Lenovo Hera2 Laptop (stable-fixes). - ALSA: hda/tas2781: Add new vendor_id and subsystem_id to support ThinkPad ICE-1 (stable-fixes). - ALSA: hda: tas2781: Component should be unbound before deconstruction (git-fixes). - ALSA: hda/tas2781: correct the register for pow calibrated data (git-fixes). - ALSA: hda/tas2781: remove digital gain kcontrol (git-fixes). - ALSA: line6: Zero-initialize message buffers (stable-fixes). - ALSA: PCM: Allow resume only for suspended streams (stable-fixes). - ALSA: pcm_dmaengine: Do not synchronize DMA channel when DMA is paused (git-fixes). - ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support (stable-fixes). - ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support (stable-fixes). - ALSA: scarlett2: Add missing error check to scarlett2_config_save() (git-fixes). - ALSA: scarlett2: Add support for Clarett 8Pre USB (stable-fixes). - ALSA: scarlett2: Default mixer driver to enabled (stable-fixes). - ALSA: scarlett2: Move USB IDs out from device_info struct (stable-fixes). - ALSA: seq: Do not clear bank selection at event -> UMP MIDI2 conversion (git-fixes). - ALSA: seq: Fix incorrect UMP type for system messages (git-fixes). - ALSA: seq: Fix missing bank setup between MIDI1/MIDI2 UMP conversion (git-fixes). - ALSA: seq: Fix missing channel at encoding RPN/NRPN MIDI2 messages (git-fixes). - ALSA: seq: Fix missing MSB in MIDI2 SPP conversion (git-fixes). - ALSA: seq: Fix yet another spot for system message conversion (git-fixes). - ALSA: seq: ump: Fix conversion from MIDI2 to MIDI1 UMP messages (git-fixes). - ALSA: seq: ump: Fix missing System Reset message handling (git-fixes). - ALSA: seq: ump: Fix swapped song position pointer data (git-fixes). - ALSA: seq: ump: Skip useless ports for static blocks (git-fixes). - ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs (git-fixes). - ALSA: timer: Set lower bound of start tick time (stable-fixes). - ALSA: ump: Do not accept an invalid UMP protocol number (git-fixes). - ALSA: ump: Do not clear bank selection after sending a program change (git-fixes). - ALSA: ump: Force 1 Group for MIDI1 FBs (git-fixes). - ALSA: ump: Set default protocol when not given explicitly (git-fixes). - ALSA: usb-audio: Add a quirk for Sonix HD USB Camera (stable-fixes). - ALSA: usb-audio: Add sampling rates support for Mbox3 (stable-fixes). - ALSA: usb-audio: Fix for sampling rates support for Mbox3 (stable-fixes). - ALSA: usb-audio: Fix microphone sound on HD webcam (stable-fixes). - ALSA: usb-audio: Move HD Webcam quirk to the right place (git-fixes). - amd/amdkfd: sync all devices to wait all processes being evicted (stable-fixes). - amdkfd: use calloc instead of kzalloc to avoid integer overflow (stable-fixes). - arm64: Add the arm64.no32bit_el0 command line option (jsc#PED-3184). - arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (git-fixes). - arm64: bpf: fix 32bit unconditional bswap (git-fixes). - arm64: dts: allwinner: h616: Fix I2C0 pins (git-fixes) - arm64: dts: allwinner: Pine H64: correctly remove reg_gmac_3v3 (git-fixes) - arm64: dts: broadcom: bcmbca: bcm4908: drop invalid switch cells (git-fixes) - arm64: dts: Fix dtc interrupt_provider warnings (git-fixes) - arm64: dts: freescale: imx8mm-verdin: enable hysteresis on slow input (git-fixes) - arm64: dts: hi3798cv200: fix the size of GICR (git-fixes) - arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes) - arm64: dts: imx8qm-ss-dma: fix can lpcg indices (git-fixes) - arm64: dts: imx8-ss-conn: fix usb lpcg indices (git-fixes) - arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order (git-fixes) - arm64: dts: imx8-ss-dma: fix adc lpcg indices (git-fixes) - arm64: dts: imx8-ss-dma: fix can lpcg indices (git-fixes) - arm64: dts: imx8-ss-dma: fix spi lpcg indices (git-fixes) - arm64: dts: imx8-ss-lsio: fix pwm lpcg indices (git-fixes) - arm64: dts: imx93-11x11-evk: Remove the 'no-sdio' property (git-fixes) - arm64: dts: marvell: reorder crypto interrupts on Armada SoCs (git-fixes) - arm64: dts: microchip: sparx5: fix mdio reg (git-fixes) - arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK (git-fixes) - arm64: dts: rockchip: Add mdio and ethernet-phy nodes to (git-fixes) - arm64: dts: rockchip: Add missing power-domains for rk356x vop_mmu (git-fixes) - arm64: dts: rockchip: Add pinctrl for UART0 to rk3308-rock-pi-s (git-fixes) - arm64: dts: rockchip: Add sdmmc related properties on (git-fixes) - arm64: dts: rockchip: Add sound-dai-cells for RK3368 (git-fixes) - arm64: dts: rockchip: Drop invalid mic-in-differential on (git-fixes) - arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 (git-fixes) - arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for (git-fixes) - arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 (git-fixes) - arm64: dts: rockchip: Fix mic-in-differential usage on (git-fixes) - arm64: dts: rockchip: Fix mic-in-differential usage on rk3566-roc-pc (git-fixes) - arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes) - arm64: dts: rockchip: fix rk3328 hdmi ports node (git-fixes) - arm64: dts: rockchip: fix rk3399 hdmi ports node (git-fixes) - arm64: dts: rockchip: Fix SD NAND and eMMC init on rk3308-rock-pi-s (git-fixes) - arm64: dts: rockchip: Fix the DCDC_REG2 minimum voltage on Quartz64 (git-fixes) - arm64: dts: rockchip: Fix the value of `dlg,jack-det-rate` mismatch (git-fixes) - arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes) - arm64: dts: rockchip: regulator for sd needs to be always on for (git-fixes) - arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro (git-fixes) - arm64: dts: rockchip: Rename LED related pinctrl nodes on (git-fixes) - arm64: dts: rockchip: set PHY address of MT7531 switch to 0x1f (git-fixes) - arm64/head: Disable MMU at EL2 before clearing HCR_EL2.E2H (git-fixes). - arm64: hibernate: Fix level3 translation fault in swsusp_save() (git-fixes). - arm64/io: add constant-argument check (bsc#1226502 git-fixes) - arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502) - arm64: mm: Batch dsb and isb when populating pgtables (jsc#PED-8688). - arm64: mm: Do not remap pgtables for allocate vs populate (jsc#PED-8688). - arm64: mm: Do not remap pgtables per-cont(pte|pmd) block (jsc#PED-8688). - arm64/ptrace: Use saved floating point state type to determine SVE (git-fixes) - arm64/sve: Lower the maximum allocation for the SVE ptrace regset (git-fixes) - arm64: tegra: Correct Tegra132 I2C alias (git-fixes) - arm64: tegra: Set the correct PHY mode for MGBE (git-fixes) - ARM: 9381/1: kasan: clear stale stack poison (git-fixes). - ARM: imx: Check return value of devm_kasprintf in imx_mmdc_perf_init (git-fixes). - ARM: imx_v6_v7_defconfig: Restore CONFIG_BACKLIGHT_CLASS_DEVICE (git-fixes). - ARM: OMAP2+: fix N810 MMC gpiod table (git-fixes). - ARM: OMAP2+: fix USB regression on Nokia N8x0 (git-fixes). - arm_pmu: acpi: Add a representative platform device for TRBE (bsc#1220587) - arm_pmu: acpi: Refactor arm_spe_acpi_register_device() (bsc#1220587) - ARM: prctl: reject PR_SET_MDWE on pre-ARMv6 (stable-fixes). - ARM: s5pv210: fix pm.c kernel-doc warning (git-fixes). - asm-generic: make sparse happy with odd-sized put_unaligned_*() (stable-fixes). - ASoC: acp: Support microphone from device Acer 315-24p (git-fixes). - ASoC: amd: acp: add a null check for chip_pdev structure (git-fixes). - ASoC: amd: acp: fix for acp_init function error handling (git-fixes). - ASoC: amd: acp: remove i2s configuration check in acp_i2s_probe() (git-fixes). - ASoC: amd: Adjust error handling in case of absent codec device (git-fixes). - ASoC: amd: yc: Add Lenovo ThinkBook 21J0 into DMI quirk table (stable-fixes). - ASoC: amd: yc: Fix non-functional mic on ASUS M5602RA (stable-fixes). - ASoC: amd: yc: Fix non-functional mic on ASUS M7600RE (stable-fixes). - ASoC: amd: yc: Fix non-functional mic on Lenovo 21J2 (stable-fixes). - ASoC: amd: yc: Revert 'Fix non-functional mic on Lenovo 21J2' (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E16 Gen 2 (bsc#1228269). - ASoC: codecs: wsa881x: set clk_stop_mode1 flag (git-fixes). - ASoC: cs35l56: Accept values greater than 0 as IRQ numbers (git-fixes). - ASoC: cs35l56: Fix unintended bus access while resetting amp (git-fixes). - ASoC: cs35l56: Prevent overwriting firmware ASP config (git-fixes). - ASoC: da7219-aad: fix usage of device_get_named_child_node() (git-fixes). - ASoC: fsl-asoc-card: set priv->pdev before using it (git-fixes). - ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value (git-fixes). - ASoC: Intel: avs: Fix ASRC module initialization (git-fixes). - ASoC: Intel: avs: Fix potential integer overflow (git-fixes). - ASoC: Intel: avs: Populate board selection with new I2S entries (stable-fixes). - ASoC: Intel: avs: Set name of control as in topology (git-fixes). - ASoC: Intel: avs: ssm4567: Do not ignore route checks (git-fixes). - ASoC: Intel: avs: Test result of avs_get_module_entry() (git-fixes). - ASoC: Intel: bytcr_rt5640: Apply Asus T100TA quirk to Asus T100TAM too (git-fixes). - ASoC: Intel: common: add ACPI matching tables for Arrow Lake (stable-fixes). - ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops (stable-fixes). - ASoC: Intel: Disable route checks for Skylake boards (git-fixes). - ASoC: Intel: sof_sdw: add JD2 quirk for HP Omen 14 (stable-fixes). - ASoC: Intel: sof_sdw: add quirk for Dell SKU 0C0F (stable-fixes). - ASoC: Intel: sof-sdw: really remove FOUR_SPEAKER quirk (git-fixes). - ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable (git-fixes). - ASoC: kirkwood: Fix potential NULL dereference (git-fixes). - ASoC: max98088: Check for clk_prepare_enable() error (git-fixes). - ASoC: mediatek: Assign dummy when codec not specified for a DAI link (git-fixes). - ASoC: mediatek: mt8192: fix register configuration for tdm (git-fixes). - ASoC: meson: axg-card: make links nonatomic (git-fixes). - ASoC: meson: axg-fifo: use FIELD helpers (stable-fixes). - ASoC: meson: axg-fifo: use threaded irq to check periods (git-fixes). - ASoC: meson: axg-tdm-interface: manage formatters in trigger (git-fixes). - ASoC: meson: cards: select SND_DYNAMIC_MINORS (git-fixes). - ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw (git-fixes). - ASoC: q6apm-lpass-dai: close graph on prepare errors (git-fixes). - ASoC: qcom: Adjust issues in case of DT error in asoc_qcom_lpass_cpu_platform_probe() (git-fixes). - ASoC: rockchip: i2s-tdm: Fix inaccurate sampling rates (git-fixes). - ASoC: rockchip: i2s-tdm: Fix trcm mode by setting clock on right mclk (git-fixes). - ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating (git-fixes). - ASoC: rt5645: Make LattePanda board DMI match more precise (stable-fixes). - ASoC: rt5682-sdw: fix locking sequence (git-fixes). - ASoC: rt711-sdca: fix locking sequence (git-fixes). - ASoC: rt711-sdw: add missing readable registers (stable-fixes). - ASoC: rt711-sdw: fix locking sequence (git-fixes). - ASoC: rt712-sdca-sdw: fix locking sequence (git-fixes). - ASoC: rt715: add vendor clear control register (git-fixes). - ASoC: rt715-sdca: volume step modification (git-fixes). - ASoC: rt722-sdca: add headset microphone vrefo setting (git-fixes). - ASoC: rt722-sdca: modify channel number to support 4 channels (git-fixes). - ASoC: rt722-sdca-sdw: add debounce time for type detection (stable-fixes). - ASoC: rt722-sdca-sdw: add silence detection register as volatile (stable-fixes). - ASoC: rt722-sdca-sdw: fix locking sequence (git-fixes). - ASoC: soc-core.c: Skip dummy codec when adding platforms (stable-fixes). - ASoC: sof: amd: fix for firmware reload failure in Vangogh platform (git-fixes). - ASoC: SOF: amd: Optimize quirk for Valve Galileo (stable-fixes). - ASoC: SOF: imx8m: Fix DSP control regmap retrieval (git-fixes). - ASoC: SOF: Intel: add default firmware library path for LNL (git-fixes). - ASoC: SOF: Intel: hda-dsp: Skip IMR boot on ACE platforms in case of S3 suspend (stable-fixes). - ASoC: SOF: Intel: hda: fix null deref on system suspend entry (git-fixes). - ASoC: SOF: Intel: hda-pcm: Limit the maximum number of periods by MAX_BDL_ENTRIES (stable-fixes). - ASoC: SOF: Intel: lnl: Correct rom_status_reg (git-fixes). - ASoC: SOF: Intel: mtl: call dsp dump when boot retry fails (stable-fixes). - ASoC: SOF: Intel: mtl: Correct rom_status_reg (git-fixes). - ASoC: SOF: Intel: mtl: Disable interrupts when firmware boot failed (git-fixes). - ASoC: SOF: Intel: mtl: Implement firmware boot state check (git-fixes). - ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend (stable-fixes). - ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension (git-fixes). - ASoC: SOF: ipc4-topology: Preserve the DMA Link ID for ChainDMA on unprepare (git-fixes). - ASoC: SOF: ipc4-topology: Use correct queue_id for requesting input pin format (stable-fixes). - ASoC: SOF: pcm: Restrict DSP D0i3 during S0ix to IPC3 (stable-fixes). - ASoC: SOF: sof-audio: Skip unprepare for in-use widgets on error rollback (stable-fixes). - ASoC: tas2552: Add TX path for capturing AUDIO-OUT data (git-fixes). - ASoc: tas2781: Enable RCA-based playback without DSP firmware download (git-fixes). - ASoC: tas2781: Fix a warning reported by robot kernel test (git-fixes). - ASoC: TAS2781: Fix tasdev_load_calibrated_data() (git-fixes). - ASoC: tas2781: Fix wrong loading calibrated data sequence (git-fixes). - ASoC: tas2781: mark dvc_tlv with __maybe_unused (git-fixes). - ASoC: tegra: Fix DSPK 16-bit playback (git-fixes). - ASoC: ti: Convert Pandora ASoC to GPIO descriptors (stable-fixes). - ASoC: ti: davinci-mcasp: Fix race condition during probe (git-fixes). - ASoC: ti: davinci-mcasp: Set min period size using FIFO config (stable-fixes). - ASoC: ti: omap-hdmi: Fix too long driver name (stable-fixes). - ASoC: tlv320adc3xxx: Do not strip remove function when driver is builtin (git-fixes). - ASoC: topology: Do not assign fields that are already set (stable-fixes). - ASoC: topology: Fix references to freed memory (stable-fixes). - ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (git-fixes). - ASoC: wm_adsp: Add missing MODULE_DESCRIPTION() (git-fixes). - ASoC: wm_adsp: Fix missing mutex_lock in wm_adsp_write_ctl() (git-fixes). - ata: ahci: Clean up sysfs file on error (git-fixes). - ata: libata-core: Allow command duration limits detection for ACS-4 drives (git-fixes). - ata: libata-core: Fix double free on error (git-fixes). - ata: libata-core: Fix null pointer dereference on error (git-fixes). - ata: pata_legacy: make legacy_exit() work again (git-fixes). - ata: sata_gemini: Check clk_enable() result (stable-fixes). - ata: sata_mv: Fix PCI device ID table declaration compilation warning (git-fixes). - ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit (git-fixes). - ata,scsi: libata-core: Do not leak memory for ata_port struct members (git-fixes). - autofs: use wake_up() instead of wake_up_interruptible(() (bsc#1224166). - auxdisplay: ht16k33: Drop reference after LED registration (git-fixes). - ax25: Fix netdev refcount issue (git-fixes). - ax25: Fix refcount imbalance on inbound connections (git-fixes). - ax25: Fix reference count leak issue of net_device (git-fixes). - ax25: Fix reference count leak issues of ax25_dev (git-fixes). - ax25: fix use-after-free bugs caused by ax25_ds_del_timer (git-fixes). - batman-adv: Avoid infinite loop trying to resize local TT (git-fixes). - batman-adv: bypass empty buckets in batadv_purge_orig_ref() (stable-fixes). - batman-adv: Do not accept TT entries for out-of-spec VIDs (git-fixes). - bitops: add missing prototype check (git-fixes). - blk-cgroup: fix list corruption from reorder of WRITE ->lqueued (bsc#1225605). - blk-cgroup: fix list corruption from resetting io stat (bsc#1225605). - block: fix q->blkg_list corruption during disk rebind (bsc#1223591). - block: Move checking GENHD_FL_NO_PART to bdev_add_partition() (bsc#1226213). - Bluetooth: Add new quirk for broken read key length on ATS2851 (stable-fixes). - Bluetooth: add quirk for broken address properties (git-fixes). - Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl (stable-fixes). - Bluetooth: btintel: Fixe build regression (git-fixes). - Bluetooth: btintel: Fix null ptr deref in btintel_read_version (stable-fixes). - Bluetooth: btintel: Refactor btintel_set_ppag() (git-fixes). - Bluetooth: btnxpuart: Add handling for boot-signature timeout errors (git-fixes). - Bluetooth: btnxpuart: Enable Power Save feature on startup (stable-fixes). - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 (stable-fixes). - Bluetooth: btusb: Fix triggering coredump implementation for QCA (git-fixes). - Bluetooth: Fix memory leak in hci_req_sync_complete() (git-fixes). - Bluetooth: Fix TOCTOU in HCI debugfs implementation (git-fixes). - Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() (stable-fixes). - Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout (git-fixes). - Bluetooth: hci_bcm4377: Fix msgid release (git-fixes). - Bluetooth: hci_bcm4377: Use correct unit for timeouts (git-fixes). - Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (stable-fixes). - Bluetooth: hci_core: Cancel request on command timeout (stable-fixes). - bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX (git-fixes). - Bluetooth: hci_event: Fix sending HCI_OP_READ_ENC_KEY_SIZE (git-fixes). - Bluetooth: hci_event: Fix setting of unicast qos interval (git-fixes). - Bluetooth: hci_event: Remove code to removed CONFIG_BT_HS (stable-fixes). - Bluetooth: hci_event: Set QoS encryption from BIGInfo report (git-fixes). - Bluetooth: hci_event: set the conn encrypted before conn establishes (stable-fixes). - Bluetooth: HCI: Fix potential null-ptr-deref (git-fixes). - Bluetooth: hci_sock: Fix not validating setsockopt user input (git-fixes). - Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync (git-fixes). - Bluetooth: hci_sync: Fix using the same interval and window for Coded PHY (git-fixes). - Bluetooth: hci_sync: Use QoS to determine which PHY to scan (stable-fixes). - Bluetooth: Ignore too large handle values in BIG (git-fixes). - Bluetooth: ISO: Align broadcast sync_timeout with connection timeout (stable-fixes). - Bluetooth: ISO: Check socket flag instead of hcon (git-fixes). - Bluetooth: ISO: Do not reject BT_ISO_QOS if parameters are unset (git-fixes). - Bluetooth: ISO: Fix BIS cleanup (stable-fixes). - Bluetooth: l2cap: Do not double set the HCI_CONN_MGMT_CONNECTED bit (git-fixes). - Bluetooth: L2CAP: Fix not validating setsockopt user input (git-fixes). - Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (git-fixes). - Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ (git-fixes). - Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect() (git-fixes). - Bluetooth: MGMT: Fix failing to MGMT_OP_ADD_UUID/MGMT_OP_REMOVE_UUID (bsc#1221504). - Bluetooth: mgmt: Fix limited discoverable off timeout (stable-fixes). - Bluetooth: msft: fix slab-use-after-free in msft_do_close() (git-fixes). - Bluetooth: qca: add missing firmware sanity checks (git-fixes). - Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot (git-fixes). - Bluetooth: qca: fix device-address endianness (git-fixes). - Bluetooth: qca: Fix error code in qca_read_fw_build_info() (git-fixes). - Bluetooth: qca: fix firmware check error path (git-fixes). - Bluetooth: qca: fix info leak when fetching fw build id (git-fixes). - Bluetooth: qca: fix NULL-deref on non-serdev setup (git-fixes). - Bluetooth: qca: fix NULL-deref on non-serdev suspend (git-fixes). - Bluetooth: qca: fix NVM configuration parsing (git-fixes). - Bluetooth: qca: set power_ctrl_enabled on NULL returned by gpiod_get_optional() (git-fixes). - Bluetooth: Remove usage of the deprecated ida_simple_xx() API (stable-fixes). - Bluetooth: RFCOMM: Fix not validating setsockopt user input (git-fixes). - Bluetooth: SCO: Fix not validating setsockopt user input (git-fixes). - bnx2x: Fix firmware version string character counts (git-fixes). - bnxt_en: Fix error recovery for RoCE ulp client (git-fixes). - bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init() (git-fixes). - bnxt_en: Reset PTP tx_avail after possible firmware reset (git-fixes). - bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (git-fixes) - bootconfig: Fix the kerneldoc of _xbc_exit() (git-fixes). - bootconfig: use memblock_free_late to free xbc memory to buddy (git-fixes). - bootmem: use kmemleak_free_part_phys in free_bootmem_page (git-fixes). - bootmem: use kmemleak_free_part_phys in put_page_bootmem (git-fixes). - bpf, arm64: fix bug in BPF_LDX_MEMSX (git-fixes) - bpf, arm64: Fix incorrect runtime stats (git-fixes) - bpf: check bpf_func_state->callback_depth when pruning states (bsc#1225903). - bpf: correct loop detection for iterators convergence (bsc#1225903). - bpf: exact states comparison for iterator convergence checks (bsc#1225903). - bpf: extract __check_reg_arg() utility function (bsc#1225903). - bpf: extract same_callsites() as utility function (bsc#1225903). - bpf: extract setup_func_entry() utility function (bsc#1225903). - bpf: fix precision backtracking instruction iteration (bsc#1225756). - bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END (git-fixes). - bpf: handle ldimm64 properly in check_cfg() (bsc#1225756). - bpf: keep track of max number of bpf_loop callback iterations (bsc#1225903). - bpf: move explored_state() closer to the beginning of verifier.c (bsc#1225903). - bpf: print full verifier states on infinite loop detection (bsc#1225903). - bpf: Remove xdp_do_flush_map() (bsc#1214683 (PREEMPT_RT prerequisite backports)). - bpf, scripts: Correct GPL license name (git-fixes). - bpf: verify callbacks as if they are called unknown number of times (bsc#1225903). - bpf: widening for callback iterators (bsc#1225903). - btrfs: add a helper to read the superblock metadata_uuid (git-fixes) - btrfs: add and use helper to check if block group is used (bsc#1220120). - btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() (git-fixes) - btrfs: add new unused block groups to the list of unused block groups (bsc#1220120). - btrfs: allow to run delayed refs by bytes to be released instead of count (bsc#1220120). - btrfs: always clear PERTRANS metadata during commit (git-fixes) - btrfs: always print transaction aborted messages with an error level (git-fixes) - btrfs: always reserve space for delayed refs when starting transaction (bsc#1220120). - btrfs: assert correct lock is held at btrfs_select_ref_head() (bsc#1220120). - btrfs: assert delayed node locked when removing delayed item (git-fixes) - btrfs: avoid start and commit empty transaction when flushing qgroups (bsc#1220120). - btrfs: avoid start and commit empty transaction when starting qgroup rescan (bsc#1220120). - btrfs: avoid starting and committing empty transaction when flushing space (bsc#1220120). - btrfs: avoid starting new transaction when flushing delayed items and refs (bsc#1220120). - btrfs: check for BTRFS_FS_ERROR in pending ordered assert (git-fixes) - btrfs: compare the correct fsid/metadata_uuid in btrfs_validate_super (git-fixes) - btrfs: defrag: avoid unnecessary defrag caused by incorrect extent size (git-fixes) - btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args (git-fixes) - btrfs: do not allow non subvolume root targets for snapshot (git-fixes) - btrfs: do not arbitrarily slow down delalloc if we're committing (git-fixes) - btrfs: do not delete unused block group if it may be used soon (bsc#1220120). - btrfs: do not refill whole delayed refs block reserve when starting transaction (bsc#1220120). - btrfs: do not start transaction when joining with TRANS_JOIN_NOSTART (git-fixes) - btrfs: do not steal space from global rsv after a transaction abort (bsc#1220120). - btrfs: do not warn if discard range is not aligned to sector (git-fixes) - btrfs: ensure fiemap does not race with writes when FIEMAP_FLAG_SYNC is given (bsc#1223285). - btrfs: error out when COWing block using a stale transaction (git-fixes) - btrfs: error out when reallocating block for defrag using a stale transaction (git-fixes) - btrfs: export: handle invalid inode or root reference in btrfs_get_parent() (git-fixes) - btrfs: fail priority metadata ticket with real fs error (bsc#1220120). - btrfs: file_remove_privs needs an exclusive lock in direct io write (git-fixes) - btrfs: fix 64bit compat send ioctl arguments not initializing version member (git-fixes) - btrfs: fix deadlock with fiemap and extent locking (bsc#1223285). - btrfs: fix information leak in btrfs_ioctl_logical_to_ino() (git-fixes) - btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() (git-fixes) - btrfs: fix lockdep splat and potential deadlock after failure running delayed items (git-fixes) - btrfs: fix off-by-one chunk length calculation at contains_pending_extent() (git-fixes) - btrfs: fix off-by-one when checking chunk map includes logical address (git-fixes) - btrfs: fix race between ordered extent completion and fiemap (bsc#1223285). - btrfs: fix race when detecting delalloc ranges during fiemap (bsc#1223285). - btrfs: fix race when refilling delayed refs block reserve (git-fixes) - btrfs: fix start transaction qgroup rsv double free (git-fixes) - btrfs: fix stripe length calculation for non-zoned data chunk allocation (bsc#1217489). - btrfs: fix wrong block_start calculation for btrfs_drop_extent_map_range() (git-fixes) Dropped hunk in selftests (test_case_7), 92e1229b204d6. - btrfs: free qgroup rsv on io failure (git-fixes) - btrfs: free the allocated memory if btrfs_alloc_page_array() fails (git-fixes) - btrfs: get rid of label and goto at insert_delayed_ref() (bsc#1220120). - btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() (git-fixes) - btrfs: handle errors properly in update_inline_extent_backref() (git-fixes) - btrfs: initialize key where it's used when running delayed data ref (bsc#1220120). - btrfs: log message if extent item not found when running delayed extent op (bsc#1220120). - btrfs: make btrfs_cleanup_fs_roots() static (bsc#1220120). - btrfs: make btrfs_destroy_delayed_refs() return void (bsc#1220120). - btrfs: make btrfs_destroy_marked_extents() return void (bsc#1220120). - btrfs: make btrfs_destroy_pinned_extent() return void (bsc#1220120). - btrfs: make error messages more clear when getting a chunk map (git-fixes) - btrfs: make find_first_extent_bit() return a boolean (bsc#1220120). - btrfs: make find_free_dev_extent() static (bsc#1220120). - btrfs: make insert_delayed_ref() return a bool instead of an int (bsc#1220120). - btrfs: merge find_free_dev_extent() and find_free_dev_extent_start() (bsc#1220120). - btrfs: move btrfs_free_excluded_extents() into block-group.c (bsc#1220120). - btrfs: open code trivial btrfs_add_excluded_extent() (bsc#1220120). - btrfs: output extra debug info if we failed to find an inline backref (git-fixes) - btrfs: pass a space_info argument to btrfs_reserve_metadata_bytes() (bsc#1220120). - btrfs: prevent transaction block reserve underflow when starting transaction (git-fixes) - btrfs: print available space across all block groups when dumping space info (bsc#1220120). - btrfs: print available space for a block group when dumping a space info (bsc#1220120). - btrfs: print block group super and delalloc bytes when dumping space info (bsc#1220120). - btrfs: print target number of bytes when dumping free space (bsc#1220120). - btrfs: qgroup: always free reserved space for extent records (bsc#1216196). - btrfs: qgroup: convert PREALLOC to PERTRANS after record_root_in_trans (git-fixes) - btrfs: record delayed inode root in transaction (git-fixes) - btrfs: reject encoded write if inode has nodatasum flag set (git-fixes) - btrfs: release path before inode lookup during the ino lookup ioctl (git-fixes) - btrfs: remove pointless initialization at btrfs_delayed_refs_rsv_release() (bsc#1220120). - btrfs: remove pointless in_tree field from struct btrfs_delayed_ref_node (bsc#1220120). - btrfs: remove pointless 'ref_root' variable from run_delayed_data_ref() (bsc#1220120). - btrfs: remove redundant BUG_ON() from __btrfs_inc_extent_ref() (bsc#1220120). - btrfs: remove refs_to_add argument from __btrfs_inc_extent_ref() (bsc#1220120). - btrfs: remove refs_to_drop argument from __btrfs_free_extent() (bsc#1220120). - btrfs: remove the refcount warning/check at btrfs_put_delayed_ref() (bsc#1220120). - btrfs: remove unnecessary logic when running new delayed references (bsc#1220120). - btrfs: remove unnecessary prototype declarations at disk-io.c (bsc#1220120). - btrfs: remove unused is_head field from struct btrfs_delayed_ref_node (bsc#1220120). - btrfs: rename add_new_free_space() to btrfs_add_new_free_space() (bsc#1220120). - btrfs: reorder some members of struct btrfs_delayed_ref_head (bsc#1220120). - btrfs: reserve space for delayed refs on a per ref basis (bsc#1220120). - btrfs: reset destination buffer when read_extent_buffer() gets invalid range (git-fixes) - btrfs: return -EUCLEAN for delayed tree ref with a ref count not equals to 1 (git-fixes) - btrfs: return -EUCLEAN if extent item is missing when searching inline backref (bsc#1220120). - btrfs: return real error when orphan cleanup fails due to a transaction abort (bsc#1220120). - btrfs: send: do not issue unnecessary zero writes for trailing hole (bsc#1222459). - btrfs: send: ensure send_fd is writable (git-fixes) - btrfs: send: handle path ref underflow in header iterate_inode_ref() (git-fixes) - btrfs: send: return EOPNOTSUPP on unknown flags (git-fixes) - btrfs: set page extent mapped after read_folio in relocate_one_page (git-fixes) - btrfs: simplify check for extent item overrun at lookup_inline_extent_backref() (bsc#1220120). - btrfs: stop doing excessive space reservation for csum deletion (bsc#1220120). - btrfs: store the error that turned the fs into error state (bsc#1220120). - btrfs: sysfs: validate scrub_speed_max value (git-fixes) - btrfs: tree-checker: fix inline ref size in error messages (git-fixes) - btrfs: update comment for btrfs_join_transaction_nostart() (bsc#1220120). - btrfs: update documentation for add_new_free_space() (bsc#1220120). - btrfs: use a bool to track qgroup record insertion when adding ref head (bsc#1220120). - btrfs: use a single switch statement when initializing delayed ref head (bsc#1220120). - btrfs: use a single variable for return value at lookup_inline_extent_backref() (bsc#1220120). - btrfs: use a single variable for return value at run_delayed_extent_op() (bsc#1220120). - btrfs: use bool type for delayed ref head fields that are used as booleans (bsc#1220120). - btrfs: use the correct superblock to compare fsid in btrfs_validate_super (git-fixes) - btrfs: use u64 for buffer sizes in the tree search ioctls (git-fixes) - btrfs: zoned: do not skip block groups with 100% zone unusable (bsc#1220120). - bus: mhi: ep: check the correct variable in mhi_ep_register_controller() (git-fixes). - bus: mhi: host: allow MHI client drivers to provide the firmware via a pointer (bsc#1227149). - bytcr_rt5640 : inverse jack detect for Archos 101 cesium (stable-fixes). - cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd (git-fixes). - cachefiles: remove requests from xarray during flushing requests (bsc#1226588). - can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (git-fixes). - can: kvaser_usb: fix return value for hif_usb_send_regout (stable-fixes). - can: mcp251xfd: fix infinite loop when xmit fails (git-fixes). - cdrom: rearrange last_media_change check to avoid unintentional overflow (stable-fixes). - ceph: add ceph_cap_unlink_work to fire check_caps() immediately (bsc#1226022). - ceph: always check dir caps asynchronously (bsc#1226022). - ceph: always queue a writeback when revoking the Fb caps (bsc#1226022). - ceph: break the check delayed cap loop every 5s (bsc#1226022). - ceph: fix incorrect kmalloc size of pagevec mempool (bsc#1228417). - ceph: redirty page before returning AOP_WRITEPAGE_ACTIVATE (bsc#1224866). - ceph: stop copying to iter at EOF on sync reads (bsc#1222606). - ceph: switch to use cap_delay_lock for the unlink delay list (bsc#1226022). - char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (git-fixes). - checkpatch: really skip LONG_LINE_* when LONG_LINE is ignored (git-fixes). - cifs: Add a laundromat thread for cached directories (git-fixes, bsc#1225172). - clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use (git-fixes). - clk: Do not hold prepare_lock when calling kref_put() (stable-fixes). - clk: Get runtime PM before walking tree during disable_unused (git-fixes). - clk: Get runtime PM before walking tree for clk_summary (git-fixes). - clk: Initialize struct clk_core kref earlier (stable-fixes). - clk: mediatek: Do a runtime PM get on controllers during probe (git-fixes). - clk: mediatek: mt8183: Only enable runtime PM on mt8183-mfgcfg (git-fixes). - clk: mediatek: mt8365-mm: fix DPI0 parent (git-fixes). - clk: mediatek: pllfh: Do not log error for missing fhctl node (git-fixes). - clk: qcom: clk-alpha-pll: fix rate setting for Stromer PLLs (git-fixes). - clk: qcom: clk-alpha-pll: remove invalid Stromer register offset (git-fixes). - clk: qcom: clk-alpha-pll: set ALPHA_EN bit for Stromer Plus PLLs (git-fixes). - clk: qcom: dispcc-sm6350: fix DisplayPort clocks (git-fixes). - clk: qcom: dispcc-sm8450: fix DisplayPort clocks (git-fixes). - clk: qcom: dispcc-sm8550: fix DisplayPort clocks (git-fixes). - clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents (git-fixes). - clk: qcom: mmcc-msm8998: fix venus clock issue (git-fixes). - clk: qcom: reset: Commonize the de/assert functions (stable-fixes). - clk: qcom: reset: Ensure write completion on reset de/assertion (git-fixes). - clk: Remove prepare_lock hold assertion in __clk_release() (git-fixes). - clk: renesas: r8a779a0: Fix CANFD parent clock (git-fixes). - clk: renesas: r9a07g043: Add clock and reset entry for PLIC (git-fixes). - clk: rs9: fix wrong default value for clock amplitude (git-fixes). - clk: samsung: exynosautov9: fix wrong pll clock id value (git-fixes). - clk: Show active consumers of clocks in debugfs (stable-fixes). - clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change (git-fixes). - clocksource/drivers/arm_global_timer: Fix maximum prescaler value (git-fixes). - clocksource/drivers/imx: Fix -Wunused-but-set-variable warning (git-fixes). - comedi: vmk80xx: fix incomplete endpoint checking (git-fixes). - config/arm64: Enable CoreSight PMU drivers (bsc#1228289 jsc#PED-7859) - coresight: trbe: Add a representative coresight_platform_data for (bsc#1220587) - coresight: trbe: Allocate platform data per device (bsc#1220587) - coresight: trbe: Enable ACPI based TRBE devices (bsc#1220587) - counter: linux/counter.h: fix Excess kernel-doc description warning (git-fixes). - counter: ti-eqep: enable clock at probe (git-fixes). - cppc_cpufreq: Fix possible null pointer dereference (git-fixes). - cpufreq: amd-pstate: fix memory leak on CPU EPP exit (stable-fixes). - cpufreq: amd-pstate: Fix the inconsistency in max frequency units (git-fixes). - cpufreq/amd-pstate: Fix the scaling_max_freq setting on shared memory CPPC systems (git-fixes). - cpufreq: brcmstb-avs-cpufreq: ISO C90 forbids mixed declarations (git-fixes). - cpufreq: exit() callback is optional (git-fixes). - cpufreq: ti-cpufreq: Handle deferred probe with dev_err_probe() (git-fixes). - cpumask: Add for_each_cpu_from() (bsc#1225053). - crypto: aead,cipher - zeroize key buffer after use (stable-fixes). - crypto: bcm - Fix pointer arithmetic (git-fixes). - crypto: ccp - Add support for PCI device 0x156E (bsc#1223338). - crypto: ccp - Add support for PCI device 0x17E0 (bsc#1223338). - crypto: ccp - drop platform ifdef checks (git-fixes). - crypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked (git-fixes). - crypto: deflate - Add aliases to deflate (bsc#1227190). - crypto: ecc - update ecc_gen_privkey for FIPS 186-5 (bsc#1222782). - crypto: ecdh - explicitly zeroize private_key (stable-fixes). - crypto/ecdh: make ecdh_compute_value() to zeroize the public key (bsc#1222768). - crypto: ecdsa - Fix module auto-load on add-key (git-fixes). - crypto: ecdsa - Fix the public key format description (git-fixes). - crypto/ecdsa: make ecdsa_ecc_ctx_deinit() to zeroize the public key (bsc#1222768). - crypto: ecrdsa - Fix module auto-load on add_key (stable-fixes). - crypto: hisilicon/debugfs - Fix debugfs uninit process issue (stable-fixes). - crypto: hisilicon/qm - Add the err memory release process to qm uninit (stable-fixes). - crypto: hisilicon/sec - Fix memory leak for sec resource release (stable-fixes). - crypto: iaa - Account for cpu-less numa nodes (bsc#1227190). - crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init (git-fixes). - crypto: qat - extend scope of lock in adf_cfg_add_key_value_param() (git-fixes). - crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (git-fixes). - crypto: qat - fix ring to service map for dcc in 4xxx (git-fixes). - crypto: qat - improve error logging to be consistent across features (git-fixes). - crypto: qat - relocate and rename get_service_enabled() (stable-fixes). - crypto: qat - specify firmware files for 402xx (git-fixes). - crypto: rsa - add a check for allocation failure (bsc#1222775). - crypto: rsa - allow only odd e and restrict value in FIPS mode (bsc#1222775). - crypto: testmgr - remove unused xts4096 and xts512 algorithms from testmgr.c (bsc#1222769). - crypto: x86/nh-avx2 - add missing vzeroupper (git-fixes). - crypto: x86/sha256-avx2 - add missing vzeroupper (git-fixes). - crypto: x86/sha512-avx2 - add missing vzeroupper (git-fixes). - cxgb4: Properly lock TX queue for the selftest (bsc#1214683 (PREEMPT_RT prerequisite backports)). - cxl/acpi: Fix load failures due to single window creation failure (git-fixes). - cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window (git-fixes). - cxl/region: Fix cxlr_pmem leaks (git-fixes). - cxl/region: Fix memregion leaks in devm_cxl_add_region() (git-fixes). - cxl/test: Add missing vmalloc.h for tools/testing/cxl/test/mem.c (git-fixes). - cxl/trace: Correct DPA field masks for general_media & dram events (git-fixes). - cxl/trace: Properly initialize cxl_poison region name (git-fixes). - dax: alloc_dax() return ERR_PTR(-EOPNOTSUPP) for CONFIG_DAX=n (jsc#PED-5853). - dax/bus.c: replace driver-core lock usage by a local rwsem (jsc#PED-5853). - dax/bus.c: replace several sprintf() with sysfs_emit() (jsc#PED-5853). - decompress_bunzip2: fix rare decompression failure (git-fixes). - device-dax: make dax_bus_type const (jsc#PED-5853). - devres: Fix devm_krealloc() wasting memory (git-fixes). - devres: Fix memory leakage caused by driver API devm_free_percpu() (git-fixes). - dlm: fix user space lkb refcounting (git-fixes). - dlm: fix user space lock decision to copy lvb (git-fixes). - dma-buf: Fix NULL pointer dereference in sanitycheck() (git-fixes). - dma-buf/sw-sync: do not enable IRQ from sync_print_obj() (git-fixes). - dmaengine: axi-dmac: fix possible race in remove() (git-fixes). - dmaengine: idma64: Add check for dma_set_max_seg_size (git-fixes). - dmaengine: idxd: Avoid unnecessary destruction of file_ida (git-fixes). - dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (git-fixes). - dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (git-fixes). - dmaengine: ioatdma: Fix error path in ioat3_dma_probe() (git-fixes). - dmaengine: ioatdma: Fix kmemleak in ioat_pci_probe() (git-fixes). - dmaengine: ioatdma: Fix leaking on version mismatch (git-fixes). - dmaengine: ioatdma: Fix missing kmem_cache_destroy() (git-fixes). - dmaengine: owl: fix register access functions (git-fixes). - dmaengine: tegra186: Fix residual calculation (git-fixes). - dmaengine: ti: k3-udma: Fix BCHAN count with UHC and HC channels (git-fixes). - dma: fix call order in dmam_free_coherent (git-fixes). - dma-mapping: benchmark: fix node id validation (git-fixes). - dma-mapping: benchmark: handle NUMA_NO_NODE correctly (git-fixes). - dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users (git-fixes). - dma: xilinx_dpdma: Fix locking (git-fixes). - dm crypt: remove redundant state settings after waking up (jsc#PED-7542). - dm-integrity: set max_integrity_segments in dm_integrity_io_hints (jsc#PED-7542). - dm-multipath: dont't attempt SG_IO on non-SCSI-disks (bsc#1223575). - dm-raid: add a new helper prepare_suspend() in md_personality (jsc#PED-7542). - dm-raid: really frozen sync_thread during suspend (jsc#PED-7542). - dm thin: add braces around conditional code that spans lines (jsc#PED-7542). - dm: update relevant MODULE_AUTHOR entries to latest dm-devel mailing list (jsc#PED-7542). - dm verity: set DM_TARGET_SINGLETON feature flag (jsc#PED-7542). - Docs/admin-guide/mm/damon/usage: fix wrong example of DAMOS filter matching sysfs file (git-fixes). - docs: crypto: async-tx-api: fix broken code example (git-fixes). - docs: kernel_include.py: Cope with docutils 0.21 (stable-fixes). - docs: netdev: Fix typo in Signed-off-by tag (git-fixes). - docs: Restore 'smart quotes' for quotes (stable-fixes). - dpll: spec: use proper enum for pin capabilities attribute (git-fixes). - driver core: Introduce device_link_wait_removal() (stable-fixes). - drivers: core: synchronize really_probe() and dev_uevent() (git-fixes). - drivers/nvme: Add quirks for device 126f:2262 (git-fixes). - drivers: soc: xilinx: check return status of get_api_version() (git-fixes). - drivers/xen: Improve the late XenStore init protocol (git-fixes). - drm: add drm_gem_object_is_shared_for_memory_stats() helper (stable-fixes). - drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init() (stable-fixes). - drm/amd/amdgpu: Fix uninitialized variable warnings (git-fixes). - drm/amd/display: Account for cursor prefetch BW in DML1 mode support (stable-fixes). - drm/amd/display: Add dml2 copy functions (stable-fixes). - drm/amd/display: Add dtbclk access to dcn315 (stable-fixes). - drm/amd/display: Add VCO speed parameter for DCN31 FPU (stable-fixes). - drm/amd/display: Allocate zero bw after bw alloc enable (stable-fixes). - drm/amd/display: Allow dirty rects to be sent to dmub when abm is active (stable-fixes). - drm/amd/display: ASSERT when failing to find index by plane/stream id (stable-fixes). - drm/amd/display: Atom Integrated System Info v2_2 for DCN35 (stable-fixes). - drm/amd/display: Change default size for dummy plane in DML2 (stable-fixes). - drm/amd/display: change dram_clock_latency to 34us for dcn35 (stable-fixes). - drm/amd/display: Check index msg_id before read or write (stable-fixes). - drm/amd/display: Check pipe offset before setting vblank (stable-fixes). - drm/amd/display: Disable seamless boot on 128b/132b encoding (stable-fixes). - drm/amd/display: Do not recursively call manual trigger programming (stable-fixes). - drm/amd/display: Enable colorspace property for MST connectors (git-fixes). - drm/amd/display: Exit idle optimizations before HDCP execution (stable-fixes). - drm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport (stable-fixes). - drm/amd/display: Fix bounds check for dcn35 DcfClocks (git-fixes). - drm/amd/display: Fix DC mode screen flickering on DCN321 (stable-fixes). - drm/amd/display: fix disable otg wa logic in DCN316 (stable-fixes). - drm/amd/display: Fix division by zero in setup_dsc_config (stable-fixes). - drm/amd/display: Fix idle check for shared firmware state (stable-fixes). - drm/amd/display: Fix incorrect DSC instance for MST (stable-fixes). - drm/amd/display: fix input states translation error for dcn35 & dcn351 (stable-fixes). - drm/amd/display: Fix nanosec stat overflow (stable-fixes). - drm/amd/display: Fix noise issue on HDMI AV mute (stable-fixes). - drm/amd/display: Fix overlapping copy within dml_core_mode_programming (stable-fixes). - drm/amd/display: Fix potential index out of bounds in color transformation function (git-fixes). - drm/amd/display: Fix uninitialized variables in DM (stable-fixes). - drm/amd/display: handle range offsets in VRR ranges (stable-fixes). - drm/amd/display: Handle Y carry-over in VCP X.Y calculation (stable-fixes). - drm/amd/display: Init DPPCLK from SMU on dcn32 (stable-fixes). - drm/amd/display: Move 'struct scaler_data' off stack (git-fixes). - drm/amd/display: Override min required DCFCLK in dml1_validate (stable-fixes). - drm/amd/display: Prevent crash when disable stream (stable-fixes). - drm/amd/display: Program VSC SDP colorimetry for all DP sinks >= 1.4 (stable-fixes). - drm/amd/display: Remove MPC rate control logic from DCN30 and above (stable-fixes). - drm/amd/display: Remove pixle rate limit for subvp (stable-fixes). - drm/amd/display: Remove redundant condition in dcn35_calc_blocks_to_gate() (git-fixes). - drm/amd/display: Return the correct HDCP error code (stable-fixes). - drm/amd/display: revert Exit idle optimizations before HDCP execution (stable-fixes). - drm/amd/display: Revert Remove pixle rate limit for subvp (stable-fixes). - drm/amd/display: Send DP_TOTAL_LTTPR_CNT during detection if LTTPR is present (stable-fixes). - drm/amd/display: Send DTBCLK disable message on first commit (git-fixes). - drm/amd/display: Set color_mgmt_changed to true on unsuspend (stable-fixes). - drm/amd/display: Set DCN351 BB and IP the same as DCN35 (stable-fixes). - drm/amd/display: Set VSC SDP Colorimetry same way for MST and SST (stable-fixes). - drm/amd/display: Skip finding free audio for unknown engine_id (stable-fixes). - drm/amd/display: Skip pipe if the pipe idx not set properly (stable-fixes). - drm/amd/display: Use freesync when `DRM_EDID_FEATURE_CONTINUOUS_FREQ` found (stable-fixes). - drm/amd/display: Workaround register access in idle race with cursor (stable-fixes). - drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms (git-fixes). - drm/amd: Flush GFXOFF requests in prepare stage (git-fixes). - drm/amdgpu: add error handle to avoid out-of-bounds (stable-fixes). - drm/amdgpu: always force full reset for SOC21 (stable-fixes). - drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag (stable-fixes). - drm/amdgpu: Assign correct bits for SDMA HDP flush (stable-fixes). - drm/amdgpu/atomfirmware: add intergrated info v2.3 table (stable-fixes). - drm/amdgpu/atomfirmware: fix parsing of vram_info (stable-fixes). - drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes). - drm/amdgpu: avoid using null object of framebuffer (stable-fixes). - drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit (git-fixes). - drm/amdgpu/display: Address kdoc for 'is_psr_su' in 'fill_dc_dirty_rects' (git-fixes). - drm/amdgpu: drop setting buffer funcs in sdma442 (git-fixes). - drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode() (git-fixes). - drm/amdgpu: Fix comparison in amdgpu_res_cpu_visible (git-fixes). - drm/amdgpu: fix deadlock while reading mqd from debugfs (git-fixes). - drm/amdgpu: fix doorbell regression (git-fixes). - drm/amdgpu: fix incorrect number of active RBs for gfx11 (stable-fixes). - drm/amdgpu: Fix leak when GPU memory allocation fails (stable-fixes). - drm/amdgpu: fix locking scope when flushing tlb (stable-fixes). - drm/amdgpu: Fix memory range calculation (git-fixes). - drm/amdgpu: fix mmhub client id out-of-bounds access (git-fixes). - drm/amdgpu: Fix pci state save during mode-1 reset (git-fixes). - drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (git-fixes). - drm/amdgpu: Fix the ring buffer size for queue VM flush (stable-fixes). - drm/amdgpu: fix the warning about the expression (int)size - len (stable-fixes). - drm/amdgpu: fix UBSAN warning in kv_dpm.c (stable-fixes). - drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes). - drm/amdgpu: Fix uninitialized variable warnings (stable-fixes). - drm/amdgpu: fix use-after-free bug (stable-fixes). - drm/amdgpu: Fix VCN allocation in CPX partition (stable-fixes). - drm/amdgpu: fix visible VRAM handling during faults (git-fixes). - drm/amdgpu: Fix VRAM memory accounting (stable-fixes). - drm/amdgpu: implement IRQ_STATE_ENABLE for SDMA v4.4.2 (stable-fixes). - drm/amdgpu: Indicate CU havest info to CP (stable-fixes). - drm/amdgpu: Initialize timestamp for some legacy SOCs (stable-fixes). - drm/amdgpu: init microcode chip name from ip versions (stable-fixes). - drm/amdgpu: make damage clips support configurable (stable-fixes). - drm/amdgpu/mes: fix use-after-free issue (stable-fixes). - drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 (git-fixes). - drm/amdgpu/pm: Check the validity of overdiver power limit (git-fixes). - drm/amdgpu/pm: Fix NULL pointer dereference when get power limit (git-fixes). - drm/amdgpu/pm: Fix the error of pwm1_enable setting (stable-fixes). - drm/amdgpu: Refine IB schedule error logging (stable-fixes). - drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes). - drm/amdgpu: remove invalid resource->start check v2 (git-fixes). - drm/amdgpu: Reset dGPU if suspend got aborted (stable-fixes). - drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 (stable-fixes). - drm/amdgpu: silence UBSAN warning (stable-fixes). - drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (stable-fixes). - drm/amdgpu: validate the parameters of bo mapping operations more clearly (git-fixes). - drm/amdkfd: Add VRAM accounting for SVM migration (stable-fixes). - drm/amdkfd: Check cgroup when returning DMABuf info (stable-fixes). - drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (git-fixes). - drm/amdkfd: Fix CU Masking for GFX 9.4.3 (git-fixes). - drm/amdkfd: Fix memory leak in create_process failure (git-fixes). - drm/amdkfd: fix TLB flush after unmap for GFX9.4.2 (stable-fixes). - drm/amdkfd: Flush the process wq before creating a kfd_process (stable-fixes). - drm/amdkfd: Let VRAM allocations go to GTT domain on small APUs (stable-fixes). - drm/amdkfd: range check cp bad op exception interrupts (stable-fixes). - drm/amdkfd: Reset GPU on queue preemption failure (stable-fixes). - drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes). - drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 (stable-fixes). - drm/amd/pm: remove logically dead code for renoir (git-fixes). - drm/amd/pm: Restore config space after reset (stable-fixes). - drm/amd/swsmu: modify the gfx activity scaling (stable-fixes). - drm/arm/komeda: Fix komeda probe failing if there are no links in the secondary pipeline (git-fixes). - drm/arm/malidp: fix a possible null pointer dereference (git-fixes). - drm/ast: Fix soft lockup (git-fixes). - drm/bridge: anx7625: Do not log an error when DSI host can't be found (git-fixes). - drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference (git-fixes). - drm/bridge: dpc3433: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: Fix improper bridge init order with pre_enable_prev_first (git-fixes). - drm/bridge: icn6211: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: it6505: fix hibernate to resume no display issue (git-fixes). - drm/bridge: lt8912b: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: lt9611: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: lt9611uxc: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge/panel: Fix runtime warning on panel bridge release (git-fixes). - drm/bridge: samsung-dsim: Set P divider based on min/max of fin pll (git-fixes). - drm/bridge: tc358775: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: tc358775: fix support for jeida-18 and jeida-24 (git-fixes). - drm/buddy: check range allocation matches alignment (stable-fixes). - drm: Check output polling initialized before disabling (stable-fixes). - drm: Check polling initialized before enabling in drm_helper_probe_single_connector_modes (stable-fixes). - drm/client: Fully protect modes[] with dev->mode_config.mutex (stable-fixes). - drm/connector: Add \n to message about demoting connector force-probes (git-fixes). - drm/display: fix typo (git-fixes). - drm/dp_mst: Fix all mstb marked as not probed after suspend/resume (git-fixes). - drm/etnaviv: fix DMA direction handling for cached RW buffers (git-fixes). - drm/etnaviv: fix tx clock gating on some GC7000 variants (stable-fixes). - drm/exynos: do not return negative values from .get_modes() (stable-fixes). - drm/exynos: dp: drop driver owner initialization (stable-fixes). - drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found (git-fixes). - drm/exynos/vidi: fix memory leak in .get_modes() (stable-fixes). - drm/fbdev-dma: Fix framebuffer mode for big endian devices (git-fixes). - drm/fbdev-dma: Only set smem_start is enable per module option (git-fixes). - drm/fbdev-generic: Do not set physical framebuffer address (git-fixes). - drm/fbdev-generic: Fix framebuffer on big endian devices (git-fixes). - drm: Fix drm_fixp2int_round() making it add 0.5 (git-fixes). - drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (git-fixes). - drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (git-fixes). - drm/gma500: Remove lid code (git-fixes). - drm/i915/audio: Fix audio time stamp programming for DP (stable-fixes). - drm/i915/bios: Fix parsing backlight BDB data (git-fixes). - drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() (stable-fixes). - drm/i915/cdclk: Fix CDCLK programming order when pipes are active (git-fixes). - drm/i915: Disable port sync when bigjoiner is used (stable-fixes). - drm/i915/display: Use i915_gem_object_get_dma_address to get dma address (stable-fixes). - drm/i915: Do not match JSL in ehl_combo_pll_div_frac_wa_needed() (git-fixes). - drm/i915/dp: Do not switch the LTTPR mode on an active link (git-fixes). - drm/i915/dp: Fix the computation for compressed_bpp for DISPLAY &lt; 13 (git-fixes). - drm/i915/dp: Remove support for UHBR13.5 (git-fixes). - drm/i915/dpt: Make DPT object unshrinkable (git-fixes). - drm/i915/dsb: Fix DSB vblank waits when using VRR (git-fixes). - drm/i915/dsi: Go back to the previous INIT_OTP/DISPLAY_ON order, mostly (git-fixes). - drm/i915: Fix audio component initialization (git-fixes). - drm/i915/gt: Automate CCS Mode setting during engine resets (git-fixes). - drm/i915/gt: Disable HW load balancing for CCS (git-fixes). - drm/i915/gt: Disarm breadcrumbs if engines are already idle (git-fixes). - drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 (git-fixes). - drm/i915/gt: Do not generate the command streamer for all the CCS (git-fixes). - drm/i915/gt: Enable only one CCS for compute workload (git-fixes). - drm/i915/gt: Fix CCS id's calculation for CCS mode setting (git-fixes). - drm/i915/gt: Fix potential UAF by revoke of fence registers (git-fixes). - drm/i915/gt: Reset queue_priority_hint on parking (git-fixes). - drm/i915/guc: avoid FIELD_PREP warning (git-fixes). - drm/i915/hwmon: Fix locking inversion in sysfs getter (git-fixes). - drm/i915/hwmon: Get rid of devm (stable-fixes). - drm/i915: Include the PLL name in the debug messages (stable-fixes). - drm/i915/lspcon: Separate function to set expected mode (bsc#1193599). - drm/i915/lspcon: Separate lspcon probe and lspcon init (bsc#1193599). - drm/i915/mso: using joiner is not possible with eDP MSO (git-fixes). - drm/i915/mst: Limit MST+DSC to TGL+ (git-fixes). - drm/i915/mst: Reject FEC+MST on ICL (git-fixes). - drm/i915: Pre-populate the cursor physical dma address (git-fixes). - drm/i915: Replace a memset() with zero initialization (stable-fixes). - drm/i915: Stop printing pipe name as hex (stable-fixes). - drm/i915: Suppress old PLL pipe_mask checks for MG/TC/TBT PLLs (stable-fixes). - drm/i915: Try to preserve the current shared_dpll for fastset on type-c ports (stable-fixes). - drm/i915: Use named initializers for DPLL info (stable-fixes). - drm/i915/vrr: Disable VRR when using bigjoiner (stable-fixes). - drm/i915/vrr: Generate VRR 'safe window' for DSB (git-fixes). - drm/imx/ipuv3: do not return negative values from .get_modes() (stable-fixes). - drm/komeda: check for error-valued pointer (git-fixes). - drm/lcdif: Do not disable clocks on already suspended hardware (git-fixes). - drm/lima: add mask irq callback to gp and pp (stable-fixes). - drm/lima: fix shared irq handling on driver remove (stable-fixes). - drm/lima: Mark simple_ondemand governor as softdep (git-fixes). - drm/lima: mask irqs in timeout path before hard reset (stable-fixes). - drm/mediatek: Add 0 size check to mtk_drm_gem_obj (git-fixes). - drm/mediatek: Add DRM_MODE_ROTATE_0 to rotation property (git-fixes). - drm/mediatek: Add OVL compatible name for MT8195 (git-fixes). - drm/mediatek: Call drm_atomic_helper_shutdown() at shutdown time (stable-fixes). - drm/mediatek: dp: Fix mtk_dp_aux_transfer return value (git-fixes). - drm/mediatek: Fix bit depth overwritten for mtk_ovl_set bit_depth() (git-fixes). - drm/mediatek: Fix destination alpha error in OVL (git-fixes). - drm/mediatek: Fix XRGB setting error in Mixer (git-fixes). - drm/mediatek: Fix XRGB setting error in OVL (git-fixes). - drm/mediatek: Init `ddp_comp` with devm_kcalloc() (git-fixes). - drm/mediatek: Remove less-than-zero comparison of an unsigned value (git-fixes). - drm/mediatek: Set DRM mode configs accordingly (git-fixes). - drm/mediatek: Support DRM plane alpha in Mixer (git-fixes). - drm/mediatek: Support DRM plane alpha in OVL (git-fixes). - drm/mediatek: Support RGBA8888 and RGBX8888 in OVL on MT8195 (git-fixes). - drm/mediatek: Turn off the layers with zero width or height (git-fixes). - drm/mediatek: Use 8-bit alpha in ETHDR (git-fixes). - drm/meson: dw-hdmi: add bandgap setting for g12 (git-fixes). - drm/meson: dw-hdmi: power up phy on device init (git-fixes). - drm/meson: fix canvas release in bind function (git-fixes). - drm/meson: gate px_clk when setting rate (git-fixes). - drm/meson: vclk: fix calculation of 59.94 fractional rates (git-fixes). - drm/mgag200: Bind I2C lifetime to DRM device (git-fixes). - drm/mgag200: Set DDC timeout in milliseconds (git-fixes). - drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() (git-fixes). - drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_generic_write_seq() (git-fixes). - drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails (git-fixes). - drm/msm: Add newlines to some debug prints (git-fixes). - drm/msm/adreno: fix CP cycles stat retrieval on a7xx (git-fixes). - drm/msm/dp: allow voltage swing / pre emphasis of 3 (git-fixes). - drm/msm/dp: Avoid a long timeout for AUX transfer if nothing connected (git-fixes). - drm/msm/dp: fix typo in dp_display_handle_port_status_changed() (git-fixes). - drm/msm/dpu: Add callback function pointer check before its call (git-fixes). - drm/msm/dpu: Allow configuring multiple active DSC blocks (git-fixes). - drm/msm/dpu: Always flush the slave INTF on the CTL (git-fixes). - drm/msm/dpu: do not allow overriding data from catalog (git-fixes). - drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op (git-fixes). - drm/msm/dpu: fix encoder irq wait skip (git-fixes). - drm/msm/dpu: make error messages at dpu_core_irq_register_callback() more sensible (git-fixes). - drm/msm/dpu: use devres-managed allocation for MDP TOP (stable-fixes). - drm/msm/dsi: Print dual-DSI-adjusted pclk instead of original mode pclk (git-fixes). - drm/msm/dsi: set VIDEO_COMPRESSION_MODE_CTRL_WC (git-fixes). - drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config (git-fixes). - drm/nouveau/disp: Fix missing backlight control on Macbook 5, 1 (bsc#1223838). - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (stable-fixes). - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (stable-fixes). - drm/nouveau: do not attempt to schedule hpd_work on headless cards (git-fixes). - drm/nouveau/dp: Do not probe eDP ports twice harder (stable-fixes). - drm/nouveau/dp: Fix incorrect return code in r535_dp_aux_xfer() (git-fixes). - drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor() (stable-fixes). - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (git-fixes). - drm/nouveau: use tile_mode and pte_kind for VM_BIND bo allocations (git-fixes). - drm: nv04: Fix out of bounds access (git-fixes). - drm/omapdrm: Fix console by implementing fb_dirty (git-fixes). - drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() (git-fixes). - drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators (git-fixes). - drm/panel: do not return negative error codes from drm_panel_get_modes() (stable-fixes). - drm/panel: himax-hx8394: Handle errors from mipi_dsi_dcs_set_display_on() better (git-fixes). - drm/panel: ili9341: Respect deferred probe (git-fixes). - drm/panel: ili9341: Use predefined error codes (git-fixes). - drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (stable-fixes). - drm/panel: ilitek-ili9882t: Check for errors on the NOP in prepare() (git-fixes). - drm/panel: ilitek-ili9882t: If prepare fails, disable GPIO before regulators (git-fixes). - drm/panel: ltk050h3146w: add MIPI_DSI_MODE_VIDEO to LTK050H3148W flags (git-fixes). - drm/panel: ltk050h3146w: drop duplicate commands from LTK050H3148W init (git-fixes). - drm/panel: novatek-nt35950: Do not log an error when DSI host can't be found (git-fixes). - drm: panel-orientation-quirks: Add quirk for Aya Neo KUN (stable-fixes). - drm: panel-orientation-quirks: Add quirk for GPD Win Mini (stable-fixes). - drm: panel-orientation-quirks: Add quirk for Valve Galileo (stable-fixes). - drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA (git-fixes). - drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector (git-fixes). - drm/panel: sitronix-st7789v: Add check for of_drm_get_panel_orientation (git-fixes). - drm/panel: sitronix-st7789v: fix display size for jt240mhqs_hwt_ek_e3 panel (git-fixes). - drm/panel: sitronix-st7789v: fix timing for jt240mhqs_hwt_ek_e3 panel (git-fixes). - drm/panel: sitronix-st7789v: tweak timing for jt240mhqs_hwt_ek_e3 panel (git-fixes). - drm/panel: visionox-rm69299: do not unregister DSI device (git-fixes). - drm/panfrost: fix power transition timeout warnings (git-fixes). - drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr() (git-fixes). - drm/panfrost: Mark simple_ondemand governor as softdep (git-fixes). - drm/prime: Unbreak virtgpu dma-buf export (git-fixes). - drm/probe-helper: warn about negative .get_modes() (stable-fixes). - drm/qxl: Add check for drm_cvt_mode (git-fixes). - drm/qxl: remove unused `count` variable from `qxl_surface_id_alloc()` (git-fixes). - drm/qxl: remove unused variable from `qxl_process_single_command()` (git-fixes). - drm/radeon: check bo_va->bo is non-NULL before using it (stable-fixes). - drm/radeon: fix UBSAN warning in kv_dpm.c (stable-fixes). - drm/radeon: make -fstrict-flex-arrays=3 happy (git-fixes). - drm/radeon/radeon_display: Decrease the size of allocated memory (stable-fixes). - drm/radeon: silence UBSAN warning (v3) (stable-fixes). - drm/rockchip: vop2: Do not divide height twice for YUV (git-fixes). - drm/rockchip: vop2: Fix the port mux of VP2 (git-fixes). - drm/rockchip: vop2: Remove AR30 and AB30 format support (git-fixes). - drm/sched: fix null-ptr-deref in init entity (git-fixes). - drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (git-fixes). - drm/sun4i: hdmi: Convert encoder to atomic (stable-fixes). - drm/sun4i: hdmi: Move mode_set into enable (stable-fixes). - drm/ttm: Always take the bo delayed cleanup path for imported bos (git-fixes). - drm/ttm: return ENOSPC from ttm_bo_mem_space v3 (stable-fixes). - drm/ttm: stop pooling cached NUMA pages v2 (git-fixes). - drm/udl: Remove DRM_CONNECTOR_POLL_HPD (git-fixes). - drm/vc4: do not check if plane->state->fb == state->fb (stable-fixes). - drm: vc4: Fix possible null pointer dereference (git-fixes). - drm/vc4: hdmi: do not return negative values from .get_modes() (stable-fixes). - drm/vmwgfx: 3D disabled should not effect STDU memory limits (git-fixes). - drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed (git-fixes). - drm/vmwgfx: Do not memcmp equivalent pointers (git-fixes). - drm/vmwgfx: Enable DMA mappings with SEV (git-fixes). - drm/vmwgfx: Filter modes which exceed graphics memory (git-fixes). - drm/vmwgfx: Fix crtc's atomic check conditional (git-fixes). - drm/vmwgfx: Fix invalid reads in fence signaled events (git-fixes). - drm/vmwgfx: Fix Legacy Display Unit (git-fixes). - drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency (stable-fixes). - drm/vmwgfx: Fix prime import/export (git-fixes). - drm/vmwgfx: Sort primary plane formats by order of preference (git-fixes). - drm: zynqmp_dpsub: Always register bridge (git-fixes). - drm: zynqmp_dpsub: Fix an error handling path in zynqmp_dpsub_probe() (git-fixes). - drm: zynqmp_kms: Fix AUX bus not getting unregistered (git-fixes). - dt-bindings: clock: qcom: Add missing UFS QREF clocks (git-fixes) - dump_stack: Do not get cpu_sync for panic CPU (bsc#1225607). - dyndbg: fix old BUG_ON in >control parser (stable-fixes). - e1000e: Minor flow correction in e1000_shutdown function (git-fixes). - e1000e: move force SMBUS from enable ulp function to avoid PHY loss issue (git-fixes). - e1000e: Workaround for sporadic MDI error on Meteor Lake systems (git-fixes). - ecryptfs: Fix buffer size for tag 66 packet (git-fixes) - ecryptfs: Reject casefold directory inodes (git-fixes) - EDAC/synopsys: Fix ECC status and IRQ control race condition (git-fixes). - Edit 'amdkfd: use calloc instead of kzalloc to avoid integer overflow' Reference CVE and bug numbers. - eeprom: at24: Probe for DDR3 thermal sensor in the SPD case (stable-fixes). - eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes). - efi: disable mirror feature during crashkernel (stable-fixes). - efi: fix panic in kdump kernel (git-fixes). - efi: libstub: only free priv.runtime_map when allocated (git-fixes). - efi/unaccepted: do not let /proc/vmcore try to access unaccepted memory (git-fixes). - efi/unaccepted: touch soft lockup during memory accept (git-fixes). - efi/x86: Free EFI memory map only when installing a new one (git-fixes). - Enable CONFIG_FIPS_SIGNATURE_SELFTEST (bsc#1222771) - Enable CONFIG_SCHED_CLUSTER=y on arm64 (jsc#PED-8701). - erofs: ensure m_llen is reset to 0 if metadata is invalid (git-fixes). - exfat: fix potential deadlock on __exfat_get_dentry_set (git-fixes). - extcon: max8997: select IRQ_DOMAIN instead of depending on it (git-fixes). - f2fs: fix error path of __f2fs_build_free_nids (git-fixes). - fast_dput(): handle underflows gracefully (git-fixes) - fat: fix uninitialized field in nostale filehandles (git-fixes) - fbdev: fix incorrect address computation in deferred IO (git-fixes). - fbdev: savage: Handle err return when savagefb_check_var failed (git-fixes). - fbdev: sh7760fb: allow modular build (git-fixes). - fbdev: shmobile: fix snprintf truncation (git-fixes). - fbdev: sisfb: hide unused variables (git-fixes). - fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 (stable-fixes). - fbmon: prevent division by zero in fb_videomode_from_videomode() (stable-fixes). - filelock: fix potential use-after-free in posix_lock_inode (git-fixes). - firewire: core: use long bus reset on gap count error (stable-fixes). - firewire: ohci: mask bus reset interrupts between ISR and bottom half (stable-fixes). - firmware: arm_scmi: Make raw debugfs entries non-seekable (git-fixes). - firmware: cs_dsp: Fix overflow checking of wmfw header (git-fixes). - firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers (git-fixes). - firmware: cs_dsp: Return error if block header overflows file (git-fixes). - firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (git-fixes). - firmware: cs_dsp: Validate payload length before processing block (git-fixes). - firmware: dmi-id: add a release callback function (git-fixes). - firmware: dmi: Stop decoding on broken entry (stable-fixes). - firmware: psci: Fix return value from psci_system_suspend() (git-fixes). - firmware: raspberrypi: Use correct device for DMA mappings (git-fixes). - firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename() (stable-fixes). - firmware: turris-mox-rwtm: Do not complete if there are no waiters (git-fixes). - firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (git-fixes). - firmware: turris-mox-rwtm: Initialize completion before mailbox (git-fixes). - Fix a potential infinite loop in extract_user_to_sg() (git-fixes). - Fix build errors due to new UIO_MEM_DMA_COHERENT mess (git-fixes). - fpga: dfl-pci: add PCI subdevice ID for Intel D5005 card (stable-fixes). - fs/9p: only translate RWX permissions for plain 9P2000 (git-fixes) - fs/9p: translate O_TRUNC into OTRUNC (git-fixes) - fs/file: fix the check in find_next_fd() (git-fixes). - fs: Fix error checking for d_hash_and_lookup() (git-fixes) - fs: indicate request originates from old mount API (git-fixes) - fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() (git-fixes). - fs: relax mount_setattr() permission checks (git-fixes) - fsverity: skip PKCS#7 parser when keyring is empty (git-fixes) - ftrace: Fix possible use-after-free issue in ftrace_location() (git-fixes). - fuse: do not unhash root (bsc#1223946). - fuse: fix root lookup with nonzero generation (bsc#1223945). - fuse: verify {g,u}id mount options correctly (bsc#1228193). - geneve: fix header validation in geneve[6]_xmit_skb (git-fixes). - geneve: make sure to pull inner header in geneve_rx() (git-fixes). - genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after() (git-fixes). - gfs2: convert to ctime accessor functions (git-fixes). - gfs2: Do not forget to complete delayed withdraw (git-fixes). - gfs2: Fix 'ignore unlock failures after withdraw' (git-fixes). - gfs2: Fix invalid metadata access in punch_hole (git-fixes). - gfs2: Get rid of gfs2_alloc_blocks generation parameter (git-fixes). - gfs2: Rename gfs2_lookup_{ simple => meta } (git-fixes). - gfs2: Use mapping->gfp_mask for metadata inodes (git-fixes). - gpio: cdev: check for NULL labels when sanitizing them for irqs (git-fixes). - gpio: cdev: fix missed label sanitizing in debounce_setup() (git-fixes). - gpio: cdev: sanitize the label before requesting the interrupt (stable-fixes). - gpio: crystalcove: Use -ENOTSUPP consistently (stable-fixes). - gpio: davinci: Validate the obtained number of IRQs (git-fixes). - gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) (git-fixes). - gpiolib: cdev: fix uninitialised kfifo (git-fixes). - gpiolib: cdev: relocate debounce_period_us from struct gpio_desc (stable-fixes). - gpiolib: swnode: Remove wrong header inclusion (git-fixes). - gpio: lpc32xx: fix module autoloading (stable-fixes). - gpio: mc33880: Convert comma to semicolon (git-fixes). - gpio: pca953x: fix pca953x_irq_bus_sync_unlock race (stable-fixes). - gpio: tangier: Use correct type for the IRQ chip data (git-fixes). - gpio: tegra186: Fix tegra186_gpio_is_accessible() check (git-fixes). - gpio: tqmx86: fix broken IRQ_TYPE_EDGE_BOTH interrupt type (git-fixes). - gpio: tqmx86: fix typo in Kconfig label (git-fixes). - gpio: tqmx86: introduce shadow register for GPIO output value (git-fixes). - gpio: tqmx86: store IRQ trigger type and unmask status separately (git-fixes). - gpio: wcove: Use -ENOTSUPP consistently (stable-fixes). - gpu: host1x: Do not setup DMA for virtual devices (stable-fixes). - gtp: fix use-after-free and null-ptr-deref in gtp_newlink() (git-fixes). - hfsplus: fix to avoid false alarm of circular locking (git-fixes). - hfsplus: fix uninit-value in copy_name (git-fixes). - HID: Add quirk for Logitech Casa touchpad (stable-fixes). - HID: amd_sfh: Handle 'no sensors' in PM operations (git-fixes). - HID: core: remove unnecessary WARN_ON() in implement() (git-fixes). - HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up (git-fixes). - HID: Ignore battery for ELAN touchscreens 2F2C and 4116 (stable-fixes). - HID: input: avoid polling stylus battery on Chromebook Pompom (stable-fixes). - HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors (git-fixes). - HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (git-fixes). - HID: logitech-dj: allow mice to use all types of reports (git-fixes). - HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() (git-fixes). - HID: mcp-2221: cancel delayed_work only when CONFIG_IIO is enabled (stable-fixes). - HID: multitouch: Add required quirk for Synaptics 0xcddc device (stable-fixes). - HID: wacom: Modify pen IDs (git-fixes). - hpet: Support 32-bit userspace (git-fixes). - hwmon: (adt7475) Fix default duty on fan is disabled (git-fixes). - hwmon: (amc6821) add of_match table (stable-fixes). - hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock (git-fixes). - hwmon: (corsair-cpro) Use a separate buffer for sending commands (git-fixes). - hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() (git-fixes). - hwmon: (intel-m10-bmc-hwmon) Fix multiplier for N6000 board power sensor (git-fixes). - hwmon: (lm70) fix links in doc and comments (git-fixes). - hwmon: (max6697) Fix swapped temp{1,8} critical alarms (git-fixes). - hwmon: (max6697) Fix underflow when writing limit attributes (git-fixes). - hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us (git-fixes). - hwmon: (shtc1) Fix property misspelling (git-fixes). - hwrng: amd - Convert PCIBIOS_* return codes to errnos (git-fixes). - hwrng: core - Fix wrong quality calculation at hw rng registration (git-fixes). - hwtracing: hisi_ptt: Move type check to the beginning of hisi_ptt_pmu_event_init() (git-fixes). - i2c: acpi: Unbind mux adapters before delete (git-fixes). - i2c: at91: Fix the functionality flags of the slave-only interface (git-fixes). - i2c: cadence: Avoid fifo clear after start (git-fixes). - i2c: designware: Fix the functionality flags of the slave-only interface (git-fixes). - i2c: i801: Annotate apanel_addr as __ro_after_init (stable-fixes). - i2c: mark HostNotify target address as used (git-fixes). - i2c: ocores: set IACK bit after core is enabled (git-fixes). - i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr (git-fixes). - i2c: pxa: hide unused icr_bits[] variable (git-fixes). - i2c: rcar: bring hardware to known state when probing (git-fixes). - i2c: smbus: fix NULL function pointer dereference (git-fixes). - i2c: synquacer: Fix an error handling path in synquacer_i2c_probe() (git-fixes). - i2c: testunit: avoid re-issued work after read message (git-fixes). - i2c: testunit: correct Kconfig description (git-fixes). - i2c: testunit: discard write requests while old command is running (git-fixes). - i2c: testunit: do not erase registers after STOP (git-fixes). - i3c: master: svc: change ENXIO to EAGAIN when IBI occurs during start frame (git-fixes). - i3c: master: svc: fix invalidate IBI type and miss call client IBI handler (git-fixes). - i40e: disable NAPI right after disabling irqs when handling xsk_pool (git-fixes). - i40e: Enforce software interrupt during busy-poll exit (git-fixes). - i40e: Fix firmware version comparison function (git-fixes). - i40e: fix i40e_count_filters() to count only active/new filters (git-fixes). - i40e: fix: remove needless retries of NVM update (bsc#1227736). - i40e: Fix VF MAC filter removal (git-fixes). - i40e: fix vf may be used uninitialized in this function warning (git-fixes). - i915: make inject_virtual_interrupt() void (stable-fixes). - IB/mlx5: Use __iowrite64_copy() for write combining stores (git-fixes) - ice: fix enabling RX VLAN filtering (git-fixes). - ice: fix memory corruption bug with suspend and rebuild (git-fixes). - ice: fix stats being updated by way too large values (git-fixes). - ice: fix typo in assignment (git-fixes). - ice: fix uninitialized dplls mutex usage (git-fixes). - ice: reconfig host after changing MSI-X on VF (git-fixes). - ice: Refactor FW data type and fix bitmap casting issue (git-fixes). - ice: reorder disabling IRQ and NAPI in ice_qp_dis (git-fixes). - ice: use relative VSI index for VFs instead of PF VSI number (git-fixes). - ice: virtchnl: stop pretending to support RSS over AQ or registers (git-fixes). - ida: make 'ida_dump' static (git-fixes). - idma64: Do not try to serve interrupts when device is powered off (git-fixes). - idpf: disable local BH when scheduling napi for marker packets (git-fixes). - idpf: extend tx watchdog timeout (bsc#1224137). - idpf: fix kernel panic on unknown packet types (git-fixes). - igb: extend PTP timestamp adjustments to i211 (git-fixes). - igb: Fix missing time sync events (git-fixes). - igc: avoid returning frame twice in XDP_REDIRECT (git-fixes). - igc: Fix missing time sync events (git-fixes). - igc: Remove stale comment about Tx timestamping (git-fixes). - iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF (git-fixes). - iio: accel: mxc4005: allow module autoloading via OF compatible (stable-fixes). - iio: accel: mxc4005: Interrupt handling fixes (git-fixes). - iio: accel: mxc4005: Reset chip on probe() and resume() (stable-fixes). - iio: adc: ad7266: Fix variable checking bug (git-fixes). - iio: adc: ad9467: fix scan type sign (git-fixes). - iio: adc: ad9467: use chip_info variables instead of array (stable-fixes). - iio: adc: ad9467: use spi_get_device_match_data() (stable-fixes). - iio: adc: stm32: Fixing err code to not indicate success (git-fixes). - iio: chemical: bme680: Fix calibration data variable (git-fixes). - iio: chemical: bme680: Fix overflows in compensate() functions (git-fixes). - iio: chemical: bme680: Fix pressure value output (git-fixes). - iio: chemical: bme680: Fix sensor data read operation (git-fixes). - iio: core: Leave private pointer NULL when no private data supplied (git-fixes). - iio: dac: ad5592r: fix temperature channel scaling value (git-fixes). - iio: dummy_evgen: remove Excess kernel-doc comments (git-fixes). - iio: Fix the sorting functionality in iio_gts_build_avail_time_table (git-fixes). - iio: frequency: adrf6780: rm clk provider include (git-fixes). - iio: gts-helper: Fix division loop (git-fixes). - iio:imu: adis16475: Fix sync mode setting (git-fixes). - iio: imu: inv_icm42600: delete unneeded update watermark call (git-fixes). - iio: pressure: bmp280: Fix BMP580 temperature reading (stable-fixes). - iio: pressure: dps310: support negative temperature values (git-fixes). - iio: pressure: Fixes BME280 SPI driver data (git-fixes). - iio: pressure: fix some word spelling errors (stable-fixes). - iio: xilinx-ams: Do not include ams_ctrl_channels in scan_mask (git-fixes). - inet_diag: annotate data-races around inet_diag_table[] (git-fixes). - inet: frags: eliminate kernel-doc warning (git-fixes). - init/main.c: Fix potential static_command_line memory overflow (git-fixes). - init: open /initrd.image with O_LARGEFILE (stable-fixes). - input: Add event code for accessibility key (stable-fixes). - input: Add support for 'Do Not Disturb' (stable-fixes). - Input: ads7846 - use spi_device_id table (stable-fixes). - Input: cyapa - add missing input core locking to suspend/resume functions (git-fixes). - Input: elan_i2c - do not leave interrupt disabled on suspend failure (git-fixes). - Input: elantech - fix touchpad state on resume for Lenovo N24 (stable-fixes). - Input: ff-core - prefer struct_size over open coded arithmetic (stable-fixes). - Input: gpio_keys_polled - suppress deferred probe error for gpio (stable-fixes). - Input: i8042 - add Ayaneo Kun to i8042 quirk table (stable-fixes). - Input: ili210x - fix ili251x_read_touch_data() return value (git-fixes). - Input: imagis - use FIELD_GET where applicable (stable-fixes). - Input: ims-pcu - fix printf string overflow (git-fixes). - Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (git-fixes). - Input: qt1050 - handle CHIP_ID reading error (git-fixes). - Input: silead - Always support 10 fingers (stable-fixes). - Input: synaptics-rmi4 - fail probing if memory allocation for 'phys' fails (stable-fixes). - input/touchscreen: imagis: Correct the maximum touch area value (stable-fixes). - Input: xpad - add additional HyperX Controller Identifiers (stable-fixes). - Input: xpad - add support for ASUS ROG RAIKIRI (git-fixes). - Input: xpad - add support for ASUS ROG RAIKIRI PRO (stable-fixes). - Input: xpad - add support for Snakebyte GAMEPADs (stable-fixes). - intel: legacy: Partial revert of field get conversion (git-fixes). - intel_th: pci: Add Granite Rapids SOC support (stable-fixes). - intel_th: pci: Add Granite Rapids support (stable-fixes). - intel_th: pci: Add Lunar Lake support (stable-fixes). - intel_th: pci: Add Meteor Lake-S CPU support (stable-fixes). - intel_th: pci: Add Meteor Lake-S support (stable-fixes). - intel_th: pci: Add Sapphire Rapids SOC support (stable-fixes). - interconnect: qcom: osm-l3: Replace custom implementation of COUNT_ARGS() (git-fixes). - interconnect: qcom: qcm2290: Fix mas_snoc_bimc QoS port assignment (git-fixes). - interconnect: qcom: qcm2290: Fix mas_snoc_bimc RPM master ID (git-fixes). - interconnect: qcom: sc8180x: Mark CO0 BCM keepalive (git-fixes). - interconnect: qcom: sm8550: Enable sync_state (git-fixes). - iomap: clear the per-folio dirty bits on all writeback failures (git-fixes) - iommu/amd: Enhance def_domain_type to handle untrusted device (git-fixes). - iommu/amd: Fix panic accessing amd_iommu_enable_faulting (bsc#1224767). - iommu/amd: Fix sysfs leak in iommu init (git-fixes). - iommu/arm-smmu-v3: Check that the RID domain is S1 in SVA (git-fixes). - iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes). - iommu/dma: Force swiotlb_max_mapping_size on an untrusted device (bsc#1224331) - iommu/dma: Trace bounce buffer usage when mapping buffers (git-fixes). - iommufd: Add missing IOMMUFD_DRIVER kconfig for the selftest (git-fixes). - iommufd: Fix iopt_access_list_id overwrite bug (git-fixes). - iommufd/iova_bitmap: Bounds check mapped::pages access (git-fixes). - iommufd/iova_bitmap: Consider page offset for the pages to be pinned (git-fixes). - iommufd/iova_bitmap: Switch iova_bitmap::bitmap to an u8 array (git-fixes). - iommufd: Reject non-zero data_type if no data_len is provided (git-fixes). - iommu: Fix compilation without CONFIG_IOMMU_INTEL (git-fixes). - iommu: Map reserved memory as cacheable if device is coherent (git-fixes). - iommu: mtk: fix module autoloading (git-fixes). - iommu: Return right value in iommu_sva_bind_device() (git-fixes). - iommu: Undo pasid attachment only for the devices that have succeeded (git-fixes). - iommu/vt-d: Allocate DMAR fault interrupts locally (bsc#1224767). - iommu/vt-d: Allocate local memory for page request queue (git-fixes). - iommu/vt-d: Fix WARN_ON in iommu probe path (git-fixes). - iommu/vt-d: Fix wrong use of pasid config (git-fixes). - iommu/vt-d: Improve ITE fault handling if target device isn't present (git-fixes). - iommu/vt-d: Set SSADE when attaching to a parent with dirty tracking (git-fixes). - iommu/vt-d: Use rbtree to track iommu probed devices (git-fixes). - ionic: set adminq irq affinity (git-fixes). - io_uring: clean rings on NO_MMAP alloc fail (git-fixes). - io_uring: clear opcode specific data for an early failure (git-fixes). - io_uring: do not save/restore iowait state (git-fixes). - io_uring: fail NOP if non-zero op flags is passed in (git-fixes). - io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64() failure (git-fixes). - io_uring: fix io_queue_proc modifying req->flags (git-fixes). - io_uring: fix mshot io-wq checks (git-fixes). - io_uring: fix mshot read defer taskrun cqe posting (git-fixes). - io_uring: fix poll_remove stalled req completion (git-fixes). - io_uring/io-wq: avoid garbage value of 'match' in io_wq_enqueue() (git-fixes). - io_uring/io-wq: Use set_bit() and test_bit() at worker->flags (git-fixes). - io_uring: kabi cookie remove (bsc#1217384). - io_uring/kbuf: get rid of bl->is_ready (git-fixes). - io_uring/kbuf: get rid of lower BGID lists (git-fixes). Including kabi preservation patch. - io_uring/kbuf: protect io_buffer_list teardown with a reference (git-fixes). Reuses a padding space in the structure. - io_uring/kbuf: rename is_mapped (git-fixes). - io_uring/net: correctly handle multishot recvmsg retry setup (git-fixes). - io_uring/net: correct the type of variable (git-fixes). - io_uring/net: fix sendzc lazy wake polling (git-fixes). - io_uring/net: move receive multishot out of the generic msghdr path (git-fixes). - io_uring/net: restore msg_control on sendzc retry (git-fixes). - io_uring/net: unify how recvmsg and sendmsg copy in the msghdr (git-fixes). - io_uring: remove looping around handling traditional task_work (git-fixes). - io_uring: remove unconditional looping in local task_work handling (git-fixes). - io_uring/rsrc: do not lock while !TASK_RUNNING (git-fixes). - io_uring/rsrc: fix incorrect assignment of iter->nr_segs in io_import_fixed (git-fixes). - io_uring/rw: do not allow multishot reads without NOWAIT support (git-fixes). - io_uring/rw: return IOU_ISSUE_SKIP_COMPLETE for multishot retry (git-fixes). - io_uring/sqpoll: work around a potential audit memory leak (git-fixes). - io_uring/unix: drop usage of io_uring socket (git-fixes). - io_uring: use private workqueue for exit work (git-fixes). - io_uring: use the right type for work_llist empty check (git-fixes). - io-wq: write next_work before dropping acct_lock (git-fixes). - ipmi: ssif_bmc: prevent integer overflow on 32bit systems (git-fixes). - ipv4: annotate data-races around fi->fib_dead (git-fixes). - ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958) - irqchip/alpine-msi: Fix off-by-one in allocation error path (git-fixes). - irqchip/armada-370-xp: Suppress unused-function warning (git-fixes). - irqchip/gic-v3-its: Do not assume vPE tables are preallocated (git-fixes). - irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1 (git-fixes). - irqchip/gic-v3-its: Prevent double free on error (git-fixes). - irqchip/loongson-pch-msi: Fix off-by-one on allocation error path (git-fixes). - irqchip/mbigen: Do not use bus_get_dev_root() to find the parent (git-fixes). - irqchip/renesas-rzg2l: Add macro to retrieve TITSR register offset based on register's index (stable-fixes). - irqchip/renesas-rzg2l: Flush posted write in irq_eoi() (git-fixes). - irqchip/renesas-rzg2l: Implement restriction when writing ISCR register (stable-fixes). - irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger type (git-fixes). - irqchip/renesas-rzg2l: Rename rzg2l_irq_eoi() (stable-fixes). - irqchip/renesas-rzg2l: Rename rzg2l_tint_eoi() (stable-fixes). - iwlwifi: fw: fix more kernel-doc warnings (bsc#1227149). - iwlwifi: mvm: Drop unused fw_trips_index[] from iwl_mvm_thermal_device (bsc#1227149). - iwlwifi: mvm: Populate trip table before registering thermal zone (bsc#1227149). - iwlwifi: mvm: Use for_each_thermal_trip() for walking trip points (bsc#1227149). - ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() (git-fixes). - ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able (git-fixes). - jffs2: Fix potential illegal address access in jffs2_free_inode (git-fixes). - jffs2: prevent xattr node from overflowing the eraseblock (git-fixes). - jfs: Fix array-index-out-of-bounds in diFree (git-fixes). - jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383). - kABI: Adjust trace_iterator.wait_index (git-fixes). - kABI: bpf: verifier kABI workaround (bsc#1225903). - kABI fix of KVM: x86/pmu: Allow programming events that match unsupported arch events (bsc#1225696). - kABI fix of KVM: x86/pmu: Prioritize VMX interception over - kABI fix of KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible (git-fixes). - kabi fix of perf/x86/intel: Expose existence of callback support to KVM (git fixes). - kabi/severities: cleanup and update for WiFi driver entries (bsc#1227149) - kabi/severities: cover all ath/* drivers (bsc#1227149) All symbols in ath/* network drivers are local and can be ignored - kabi/severities: cover all mt76 modules (bsc#1227149) - kabi/severities: ignore amd pds internal symbols - kabi/severities: ignore brcmfmac-specific local symbols - kabi/severities: ignore IMS functions They were dropped in previous patches. Noone is supposed to use them. - kabi/severities: Ignore io_uring internal symbols - kabi/severities: ignore kABI changes Realtek WiFi drivers (bsc#1227149) All those symbols are local and used for its own helpers - kabi/severities: ignore TAS2781 symbol drop, it's only locally used - kabi/severities: ignore Wangxun ethernet driver local symbols - kabi/severities: Remove mitigation-related symbols Those are used by the core kernel to implement CPU vulnerabilities mitigation and are not expected to be consumed by 3rd party users. - kabi: Use __iowriteXX_copy_inlined for in-kernel modules (bsc#1226502) - kABI workaround for cs35l56 (git-fixes). - kABI workaround for of driver changes (git-fixes). - kABI workaround for sof_ipc_pcm_ops (git-fixes). - kABI workaround for wireless updates (bsc#1227149). - kasan: disable kasan_non_canonical_hook() for HW tags (git-fixes). - kasan, fortify: properly rename memintrinsics (git-fixes). - kasan: print the original fault addr when access invalid shadow (git-fixes). - kasan/test: avoid gcc warning for intentional overflow (git-fixes). - kbuild: avoid build error when single DTB is turned into composite DTB (git-fixes). - kbuild: Fix build target deb-pkg: ln: failed to create hard link (git-fixes). - kbuild: Install dtb files as 0644 in Makefile.dtbinst (git-fixes). - kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 (stable-fixes). - kconfig: doc: fix a typo in the note about 'imply' (git-fixes). - kconfig: fix comparison to constant symbols, 'm', 'n' (git-fixes). - kconfig: fix infinite loop when expanding a macro at the end of file (git-fixes). - kconfig: gconf: give a proper initial state to the Save button (stable-fixes). - kconfig: remove wrong expr_trans_bool() (stable-fixes). - kcov: do not lose track of remote references during softirqs (git-fixes). - kernel-binary: vdso: Own module_dir - kernel-doc: fix struct_group_tagged() parsing (git-fixes). - kexec: do syscore_shutdown() in kernel_kexec (git-fixes). - KEYS: trusted: Do not use WARN when encode fails (git-fixes). - KEYS: trusted: Fix memory leak in tpm2_key_encode() (git-fixes). - kheaders: explicitly define file modes for archived headers (stable-fixes). - knfsd: LOOKUP can return an illegal error value (git-fixes). - kobject_uevent: Fix OOB access within zap_modalias_env() (git-fixes). - kprobe/ftrace: bail out if ftrace was killed (git-fixes). - kprobe/ftrace: fix build error due to bad function definition (git-fixes). - kprobes: Fix possible use-after-free issue on kprobe registration (git-fixes). - kselftest: Add a ksft_perror() helper (stable-fixes). - kunit: Fix checksum tests on big endian CPUs (git-fixed). - kunit/fortify: Fix mismatched kvalloc()/vfree() usage (git-fixes). - KVM: arm64: Use local TLBI on permission relaxation (bsc#1219478). - KVM: nVMX: Clear EXIT_QUALIFICATION when injecting an EPT Misconfig (git-fixes). - KVM: s390: Check kvm pointer when testing KVM_CAP_S390_HPAGE_1M (git-fixes bsc#1224790). - KVM: SEV-ES: Delegate LBR virtualization to the processor (git-fixes). - KVM: SEV-ES: Disallow SEV-ES guests when X86_FEATURE_LBRV is absent (git-fixes). - KVM: SVM: Add support for allowing zero SEV ASIDs (git-fixes). - KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (git-fixes). - KVM: SVM: Use unsigned integers when dealing with ASIDs (git-fixes). - KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked (git-fixes). - KVM: VMX: Disable LBR virtualization if the CPU does not support LBR callstacks (git-fixes). - KVM: VMX: Report up-to-date exit qualification to userspace (git-fixes). - KVM: x86: Allow, do not ignore, same-value writes to immutable MSRs (git-fixes). - KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC routes (git-fixes). - KVM: x86: Do not advertise guest.MAXPHYADDR as host.MAXPHYADDR in CPUID (git-fixes). - KVM: x86: Fix broken debugregs ABI for 32 bit kernels (git-fixes). - KVM: x86: Fully re-initialize supported_mce_cap on vendor module load (git-fixes). - KVM: x86: Introduce __kvm_get_hypervisor_cpuid() helper (git-fixes). - KVM: x86: Mark target gfn of emulated atomic instruction as dirty (git-fixes). - KVM: x86/mmu: Do not force emulation of L2 accesses to non-APIC internal slots (git-fixes). - KVM: x86/mmu: Move private vs. shared check above slot validity checks (git-fixes). - KVM: x86/mmu: Restrict KVM_SW_PROTECTED_VM to the TDP MMU (git-fixes). - KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status (git-fixes). - KVM: x86: Only set APICV_INHIBIT_REASON_ABSENT if APICv is enabled (git-fixes). - KVM: x86/pmu: Allow programming events that match unsupported arch events (git-fixes). - KVM: x86/pmu: Always treat Fixed counters as available when supported (git-fixes). - KVM: x86/pmu: Apply 'fast' RDPMC only to Intel PMUs (git-fixes). - KVM: x86/pmu: Disable support for adaptive PEBS (git-fixes). - KVM: x86/pmu: Disallow 'fast' RDPMC for architectural Intel PMUs (git-fixes). - KVM: x86/pmu: Do not ignore bits 31:30 for RDPMC index on AMD (git-fixes). - KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms (git-fixes). - KVM: x86/pmu: Explicitly check NMI from guest to reducee false positives (git-fixes). - KVM: x86/pmu: Prioritize VMX interception over #GP on RDPMC due to bad index (bsc#1226158). - KVM: x86/pmu: Prioritize VMX interception over #GP on RDPMC due to bad index (git-fixes). - KVM: x86/pmu: Set enable bits for GP counters in PERF_GLOBAL_CTRL at 'RESET' (git-fixes). - KVM: x86/pmu: Zero out PMU metadata on AMD if PMU is disabled (git-fixes). - KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible (git-fixes). - KVM: x86: Use actual kvm_cpuid.base for clearing KVM_FEATURE_PV_UNHALT (git-fixes). - KVM: x86/xen: fix recursive deadlock in timer injection (git-fixes). - KVM: x86/xen: improve accuracy of Xen timers (git-fixes). - KVM: x86/xen: inject vCPU upcall vector when local APIC is enabled (git-fixes). - KVM: x86/xen: remove WARN_ON_ONCE() with false positives in evtchn delivery (git-fixes). - leds: flash: leds-qcom-flash: Test the correct variable in init (git-fixes). - leds: mt6360: Fix memory leak in mt6360_init_isnk_properties() (git-fixes). - leds: pwm: Disable PWM when going to suspend (git-fixes). - leds: ss4200: Convert PCIBIOS_* return codes to errnos (git-fixes). - leds: triggers: Flush pending brightness before activating trigger (git-fixes). - leds: trigger: Unregister sysfs attributes before calling deactivate() (git-fixes). - libceph: fix race between delayed_work() and ceph_monc_stop() (bsc#1228192). - libnvdimm: Fix ACPI_NFIT in BLK_DEV_PMEM help (jsc#PED-5853). - lib: objagg: Fix general protection fault (git-fixes). - lib: objagg: Fix spelling (git-fixes). - libperf evlist: Avoid out-of-bounds access (git-fixes). - libsubcmd: Fix parse-options memory leak (git-fixes). - lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure (git-fixes). - lib: test_objagg: Fix spelling (git-fixes). - livepatch: Fix missing newline character in klp_resolve_symbols() (bsc#1223539). - locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock (git-fixes) - lsm: fix the logic in security_inode_getsecctx() (git-fixes). - mac802154: fix llsec key resources release in mac802154_llsec_key_del (git-fixes). - mac802154: fix time calculation in ieee802154_configure_durations() (git-fixes). - mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (git-fixes). - maple_tree: fix mas_empty_area_rev() null pointer dereference (git-fixes). - md: add a new helper rdev_has_badblock() (jsc#PED-7542). - md: add a new helper reshape_interrupted() (jsc#PED-7542). - md: changed the switch of RAID_VERSION to if (jsc#PED-7542). - md: check mddev->pers before calling md_set_readonly() (jsc#PED-7542). - md: clean up invalid BUG_ON in md_ioctl (jsc#PED-7542). - md: clean up openers check in do_md_stop() and md_set_readonly() (jsc#PED-7542). - md/dm-raid: do not call md_reap_sync_thread() directly (jsc#PED-7542). - md: Do not clear MD_CLOSING when the raid is about to stop (jsc#PED-7542). - md: do not clear MD_RECOVERY_FROZEN for new dm-raid until resume (jsc#PED-7542). - md: export helper md_is_rdwr() (jsc#PED-7542). - md: export helpers to stop sync_thread (jsc#PED-7542). - md: factor out a helper to sync mddev (jsc#PED-7542). - md: fix kmemleak of rdev->serial (jsc#PED-7542). - md: get rdev->mddev with READ_ONCE() (jsc#PED-7542). - md: merge the check of capabilities into md_ioctl_valid() (jsc#PED-7542). - md: preserve KABI in struct md_personality (jsc#PED-7542). - md/raid1-10: add a helper raid1_check_read_range() (jsc#PED-7542). - md/raid1-10: factor out a new helper raid1_should_read_first() (jsc#PED-7542). - md/raid1: factor out choose_bb_rdev() from read_balance() (jsc#PED-7542). - md/raid1: factor out choose_slow_rdev() from read_balance() (jsc#PED-7542). - md/raid1: factor out helpers to add rdev to conf (jsc#PED-7542). - md/raid1: factor out helpers to choose the best rdev from read_balance() (jsc#PED-7542). - md/raid1: factor out read_first_rdev() from read_balance() (jsc#PED-7542). - md/raid1: factor out the code to manage sequential IO (jsc#PED-7542). - md/raid1: fix choose next idle in read_balance() (jsc#PED-7542). - md/raid1: record nonrot rdevs while adding/removing rdevs to conf (jsc#PED-7542). - md: remove redundant check of 'mddev->sync_thread' (jsc#PED-7542). - md: remove redundant md_wakeup_thread() (jsc#PED-7542). - md: return directly before setting did_set_md_closing (jsc#PED-7542). - md: sync blockdev before stopping raid or setting readonly (jsc#PED-7542). - md: use RCU lock to protect traversal in md_spares_need_change() (jsc#PED-7542). - media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries (git-fixes). - media: cadence: csi2rx: use match fwnode for media link (git-fixes). - media: cec: core: remove length check of Timer Status (stable-fixes). - media: dt-bindings: ovti,ov2680: Fix the power supply names (git-fixes). - media: dvb: as102-fe: Fix as10x_register_addr packing (stable-fixes). - media: dvbdev: Initialize sbuf (stable-fixes). - media: dvb-frontends: tda10048: Fix integer overflow (stable-fixes). - media: dvb-frontends: tda18271c2dd: Remove casting during div (stable-fixes). - media: dvb-usb: dib0700_devices: Add missing release_firmware() (stable-fixes). - media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (git-fixes). - media: dw2102: Do not translate i2c read into write (stable-fixes). - media: dw2102: fix a potential buffer overflow (git-fixes). - media: flexcop-usb: fix sanity check of bNumEndpoints (git-fixes). - media: i2c: et8ek8: Do not strip remove function when driver is builtin (git-fixes). - media: i2c: Fix imx412 exposure control (git-fixes). - media: imon: Fix race getting ictx->lock (git-fixes). - media: imx-jpeg: Drop initial source change event if capture has been setup (git-fixes). - media: imx-jpeg: Remove some redundant error logs (git-fixes). - media: imx-pxp: Fix ERR_PTR dereference in pxp_probe() (git-fixes). - media: ipu3-cio2: Request IRQ earlier (git-fixes). - media: lgdt3306a: Add a check against null-pointer-def (stable-fixes). - media: mc: Fix flags handling when creating pad links (stable-fixes). - media: mc: Fix graph walk in media_pipeline_start (git-fixes). - media: mc: mark the media devnode as registered from the, start (git-fixes). - media: mc: Rename pad variable to clarify intent (stable-fixes). - media: mxl5xx: Move xpt structures off stack (stable-fixes). - media: ngene: Add dvb_ca_en50221_init return value check (git-fixes). - media: pci: ivtv: Add check for DMA map result (git-fixes). - media: radio-shark2: Avoid led_names truncations (git-fixes). - media: rcar-vin: Fix YUYV8_1X16 handling for CSI-2 (git-fixes). - media: rcar-vin: work around -Wenum-compare-conditional warning (git-fixes). - media: renesas: vsp1: Fix _irqsave and _irq mix (git-fixes). - media: renesas: vsp1: Store RPF partition configuration per RPF instance (git-fixes). - media: rkisp1: Fix IRQ handling due to shared interrupts (stable-fixes). - media: s2255: Use refcount_t instead of atomic_t for num_channels (stable-fixes). - media: sta2x11: fix irq handler cast (stable-fixes). - media: stk1160: fix bounds checking in stk1160_copy_video() (git-fixes). - media: sunxi: a83-mips-csi2: also select GENERIC_PHY (git-fixes). - media: uvcvideo: Add quirk for Logitech Rally Bar (git-fixes). - media: uvcvideo: Fix integer overflow calculating timestamp (git-fixes). - media: uvcvideo: Override default flags (git-fixes). - media: v4l2-core: hold videodev_lock until dev reg, finishes (stable-fixes). - media: v4l2-subdev: Fix stream handling for crop API (git-fixes). - media: v4l: async: Fix NULL pointer dereference in adding ancillary links (git-fixes). - media: v4l: Do not turn on privacy LED if streamon fails (git-fixes). - media: v4l: subdev: Fix typo in documentation (git-fixes). - media: venus: fix use after free in vdec_close (git-fixes). - media: venus: flush all buffers in output plane streamoff (git-fixes). - mei: demote client disconnect warning on suspend to debug (stable-fixes). - mei: me: add arrow lake point H DID (stable-fixes). - mei: me: add arrow lake point S DID (stable-fixes). - mei: me: add lunar lake point M DID (stable-fixes). - mei: me: disable RPL-S on SPS and IGN firmwares (git-fixes). - mei: me: release irq in mei_me_pci_resume error path (git-fixes). - Merge branch 'SLE15-SP6' (7c8fc2c7cc52) into 'SLE15-SP6-RT' - mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes). - mfd: pm8008: Fix regmap irq chip initialisation (git-fixes). - misc: fastrpc: Avoid updating PD type for capability request (git-fixes). - misc: fastrpc: Copy the complete capability structure to user (git-fixes). - misc: fastrpc: Fix DSP capabilities request (git-fixes). - misc: fastrpc: Fix memory leak in audio daemon attach operation (git-fixes). - misc: fastrpc: Fix ownership reassignment of remote heap (git-fixes). - misc: fastrpc: Restrict untrusted app to attach to privileged PD (git-fixes). - misc: microchip: pci1xxxx: Fix a memory leak in the error handling of gp_aux_bus_probe() (git-fixes). - misc: microchip: pci1xxxx: fix double free in the error handling of gp_aux_bus_probe() (git-fixes). - mISDN: Fix a use after free in hfcmulti_tx() (git-fixes). - mISDN: fix MISDN_TIME_STAMP handling (git-fixes). - mlxbf_gige: call request_irq() after NAPI initialized (git-fixes). - mlxbf_gige: stop interface during shutdown (git-fixes). - mlxbf_gige: stop PHY during open() error paths (git-fixes). - mlxsw: Use refcount_t for reference counting (git-fixes). - mmc: core: Add HS400 tuning in HS400es initialization (stable-fixes). - mmc: core: Add mmc_gpiod_set_cd_config() function (stable-fixes). - mmc: core: Avoid negative index with array access (git-fixes). - mmc: core: Do not force a retune before RPMB switch (stable-fixes). - mmc: core: Initialize mmc_blk_ioc_data (git-fixes). - mmc: davinci: Do not strip remove function when driver is builtin (git-fixes). - mmc: omap: fix broken slot switch lookup (git-fixes). - mmc: omap: fix deferred probe (git-fixes). - mmc: omap: restore original power up/down steps (git-fixes). - mmc: sdhci-acpi: Add quirk to enable pull-up on the card-detect GPIO on Asus T100TA (git-fixes). - mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A (stable-fixes). - mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working (stable-fixes). - mmc: sdhci-acpi: Sort DMI quirks alphabetically (stable-fixes). - mmc: sdhci: Add support for 'Tuning Error' interrupts (stable-fixes). - mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock (git-fixes). - mmc: sdhci_am654: Add OTAP/ITAP delay enable (git-fixes). - mmc: sdhci_am654: Add tuning algorithm for delay chain (git-fixes). - mmc: sdhci_am654: Fix ITAPDLY for HS400 timing (git-fixes). - mmc: sdhci_am654: Write ITAPDLY for DDR52 timing (git-fixes). - mmc: sdhci-brcmstb: check R1_STATUS for erase/trim/discard (git-fixes). - mmc: sdhci: Do not invert write-protect twice (git-fixes). - mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() (git-fixes). - mmc: sdhci-msm: pervent access to suspended controller (git-fixes). - mmc: sdhci-omap: re-tuning is needed after a pm transition to support emmc HS200 mode (git-fixes). - mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos (git-fixes). - mm_init kABI workaround (git-fixes). - mm: memcg: do not periodically flush stats when memcg is disabled (bsc#1222525). - mm: memcg: use larger batches for proactive reclaim (bsc#1222522). - mm,page_owner: check for null stack_record before bumping its refcount (bsc#1222366). - mm,page_owner: Defer enablement of static branch (bsc#1222366). - mm,page_owner: drop unnecessary check (bsc#1222366). - mm,page_owner: Fix accounting of pages when migrating (bsc#1222366). - mm,page_owner: Fix printing of stack records (bsc#1222366). - mm,page_owner: fix recursion (bsc#1222366). - mm,page_owner: Fix refcount imbalance (bsc#1222366). - mm: page_owner: fix wrong information in dump_page_owner (git-fixes). - mm,page_owner: Update metadata for tail pages (bsc#1222366). - mm/slab: make __free(kfree) accept error pointers (git-fixes). - modpost: Add '.ltext' and '.ltext.*' to TEXT_SECTIONS (stable-fixes). - module: do not ignore sysfs_create_link() failures (git-fixes). - mptcp: annotate data-races around msk->rmem_fwd_alloc (git-fixes). - mptcp: fix bogus receive window shrinkage with multiple subflows (git-fixes). - mptcp: move __mptcp_error_report in protocol.c (git-fixes). - mptcp: process pending subflow error on close (git-fixes). - mptcp: Remove unnecessary test for __mptcp_init_sock() (git-fixes). - mt76: connac: move more mt7921/mt7915 mac shared code in connac lib (bsc#1227149). - mt76: mt7996: rely on mt76_sta_stats in mt76_wcid (bsc#1227149). - mtd: core: Report error if first mtd_otp_size() call fails in mtd_otp_nvmem_add() (git-fixes). - mtd: diskonchip: work around ubsan link failure (stable-fixes). - mtd: partitions: redboot: Added conversion of operands to a larger type (stable-fixes). - mtd: rawnand: Bypass a couple of sanity checks during NAND identification (git-fixes). - mtd: rawnand: Ensure ECC configuration is propagated to upper layers (git-fixes). - mtd: rawnand: Fix the nand_read_data_op() early check (git-fixes). - mtd: rawnand: hynix: fixed typo (git-fixes). - mtd: rawnand: rockchip: ensure NVDDR timings are rejected (git-fixes). - mtd: spinand: Add support for 5-byte IDs (stable-fixes). - net: add netdev_lockdep_set_classes() to virtual drivers (git-fixes). - net: annotate data-races around sk->sk_bind_phc (git-fixes). - net: annotate data-races around sk->sk_forward_alloc (git-fixes). - net: annotate data-races around sk->sk_lingertime (git-fixes). - net: annotate data-races around sk->sk_tsflags (git-fixes). - net: bonding: remove kernel-doc comment marker (git-fixes). - net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new (git-fixes). - net: can: j1939: Initialize unused data in j1939_send_one() (git-fixes). - net: can: j1939: recover socket queue on CAN bus error during BAM transmission (git-fixes). - net: cfg802154: fix kernel-doc notation warnings (git-fixes). - net/dcb: check for detached device before executing callbacks (bsc#1215587). - net: dsa: microchip: fix register write order in ksz8_ind_write8() (git-fixes). - net: dsa: mt7530: fix handling of all link-local frames (git-fixes). - net: dsa: mt7530: fix link-local frames that ingress vlan filtering ports (git-fixes). - net: dsa: mt7530: prevent possible incorrect XTAL frequency selection (git-fixes). - net: dsa: mt7530: trap link-local frames regardless of ST Port State (git-fixes). - net: dsa: sja1105: Fix parameters order in sja1110_pcs_mdio_write_c45() (git-fixes). - net: ena: Fix incorrect descriptor free behavior (git-fixes). - net: ena: Fix potential sign extension issue (git-fixes). - net: ena: Fix redundant device NUMA node override (jsc#PED-8688). - net: ena: Move XDP code to its new files (git-fixes). - net: ena: Pass ena_adapter instead of net_device to ena_xmit_common() (git-fixes). - net: ena: Remove ena_select_queue (git-fixes). - net: ena: Set tx_info->xdpf value to NULL (git-fixes). - net: ena: Use tx_ring instead of xdp_ring for XDP channel TX (git-fixes). - net: ena: Wrong missing IO completions check order (git-fixes). - net: ethernet: mtk_eth_soc: fix PPE hanging issue (git-fixes). - net: ethernet: mtk_wed: introduce mtk_wed_buf structure (bsc#1227149). - net: ethernet: mtk_wed: rename mtk_rxbm_desc in mtk_wed_bm_desc (bsc#1227149). - net: ethernet: ti: cpsw: enable mac_managed_pm to fix mdio (git-fixes). - net: fec: Set mac_managed_pm during probe (git-fixes). - net: fill in MODULE_DESCRIPTION()s in kuba@'s modules (bsc#1227149). - netfilter: nf_tables: disable toggling dormant table state more than once (git-fixes). - netfilter: nf_tables: uapi: Describe NFTA_RULE_CHAIN_ID (git-fixes). - netfilter: nft_ct: fix l3num expectations with inet pseudo family (git-fixes). - netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention (git-fixes). - net: hns3: fix index limit to support all queue stats (git-fixes). - net: hns3: fix kernel crash when 1588 is received on HIP08 devices (git-fixes). - net: hns3: fix kernel crash when devlink reload during pf initialization (git-fixes). - net: hns3: fix port duplex configure error in IMP reset (git-fixes). - net: hns3: fix wrong judgment condition issue (git-fixes). - net: hns3: mark unexcuted loopback test result as UNEXECUTED (git-fixes). - net: hns3: Remove io_stop_wc() calls after __iowrite64_copy() (bsc#1226502) - net: hns3: tracing: fix hclgevf trace event strings (git-fixes). - net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() (git-fixes). - net: ks8851: Handle softirqs at the end of IRQ thread to fix hang (git-fixes). - net: ks8851: Inline ks8851_rx_skb() (git-fixes). - net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs (git-fixes). - net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips (git-fixes). - net: lan743x: disable WOL upon resume to restore full data path operation (git-fixes). - net: lan743x: Support WOL at both the PHY and MAC appropriately (git-fixes). - net: libwx: fix memory leak on free page (git-fixes). - net: llc: fix kernel-doc notation warnings (git-fixes). - net: ll_temac: platform_get_resource replaced by wrong function (git-fixes). - net: mana: Enable MANA driver on ARM64 with 4K page size (jsc#PED-8491). - net: mana: Fix possible double free in error handling path (git-fixes). - net: mana: Fix Rx DMA datasize and skb_over_panic (git-fixes). - net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes). - net: mediatek: mtk_eth_soc: clear MAC_MCR_FORCE_LINK only when MAC is up (git-fixes). - net/mlx5: Correctly compare pkt reformat ids (git-fixes). - net/mlx5e: Change the warning when ignore_flow_level is not supported (git-fixes). - net/mlx5e: Do not produce metadata freelist entries in Tx port ts WQE xmit (git-fixes). - net/mlx5e: Fix MACsec state loss upon state update in offload path (git-fixes). - net/mlx5e: Fix mlx5e_priv_init() cleanup flow (git-fixes). - net/mlx5e: HTB, Fix inconsistencies with QoS SQs number (git-fixes). - net/mlx5e: RSS, Block changing channels number when RXFH is configured (git-fixes). - net/mlx5e: RSS, Block XOR hash with over 128 channels (git-fixes). - net/mlx5: E-switch, Change flow rule destination checking (git-fixes). - net/mlx5: E-switch, store eswitch pointer before registering devlink_param (git-fixes). - net/mlx5e: Switch to using _bh variant of of spinlock API in port timestamping NAPI poll context (git-fixes). - net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map (git-fixes). - net/mlx5: Fix fw reporter diagnose output (git-fixes). - net/mlx5: Fix MTMP register capability offset in MCAM register (git-fixes). - net/mlx5: Fix peer devlink set for SF representor devlink port (git-fixes). - net/mlx5: Lag, restore buckets number to default after hash LAG deactivation (git-fixes). - net/mlx5: offset comp irq index in name by one (git-fixes). - net/mlx5: Properly link new fs rules into the tree (git-fixes). - net/mlx5: Register devlink first under devlink lock (git-fixes). - net/mlx5: Restore mistakenly dropped parts in register devlink flow (git-fixes). - net/mlx5: SF, Stop waiting for FW as teardown was called (git-fixes). - net: nfc: remove inappropriate attrs check (stable-fixes). - net: NSH: fix kernel-doc notation warning (git-fixes). - net: pcs: xpcs: Return EINVAL in the internal methods (git-fixes). - net: phy: fix phy_read_poll_timeout argument type in genphy_loopback (git-fixes). - net: phy: micrel: add Microchip KSZ 9477 to the device table (git-fixes). - net: phy: micrel: fix KSZ9477 PHY issues after suspend/resume (git-fixes). - net: phy: micrel: Fix potential null pointer dereference (git-fixes). - net: phy: Micrel KSZ8061: fix errata solution not taking effect problem (git-fixes). - net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping (git-fixes). - net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8061 (git-fixes). - net: phy: microchip: lan87xx: reinit PHY after cable test (git-fixes). - net: phy: mxl-gpy: Remove interrupt mask clearing from config_init (git-fixes). - net: phy: phy_device: Fix PHY LED blinking code comment (git-fixes). - net: phy: phy_device: Prevent nullptr exceptions on ISR (git-fixes). - net: phy: phy_device: Prevent nullptr exceptions on ISR (stable-fixes). - net: ravb: Always process TX descriptor ring (git-fixes). - net: ravb: Let IP-specific receive function to interrogate descriptors (git-fixes). - net: Remove conditional threaded-NAPI wakeup based on task state (bsc#1214683 (PREEMPT_RT prerequisite backports)). - net/smc: bugfix for smcr v2 server connect success statistic (git-fixes). - net/smc: fix documentation of buffer sizes (git-fixes). - net/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add (git-fixes). - net: smsc95xx: add support for SYS TEC USB-SPEmodule1 (git-fixes). - net: sparx5: Fix use after free inside sparx5_del_mact_entry (git-fixes). - net: sparx5: fix wrong config being used when reconfiguring PCS (git-fixes). - net: sparx5: flower: fix fragment flags handling (git-fixes). - net: stmmac: dwmac-starfive: Add support for JH7100 SoC (git-fixes). - net: stmmac: Fix incorrect dereference in interrupt handlers (git-fixes). - net: stmmac: fix rx queue priority assignment (git-fixes). - net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr() (git-fixes). - net: tcp: fix unexcepted socket die when snd_wnd is 0 (git-fixes). - net: tls: fix returned read length with async decrypt (bsc#1221858). - net: tls: fix use-after-free with partial reads and async (bsc#1221858). - net: tls, fix WARNIING in __sk_msg_free (bsc#1221858). - net: usb: ax88179_178a: avoid the interface always configured as random address (git-fixes). - net: usb: ax88179_178a: avoid writing the mac address before first reading (git-fixes). - net: usb: ax88179_178a: fix link status when link is set to down/up (git-fixes). - net: usb: ax88179_178a: improve link status logs (git-fixes). - net: usb: ax88179_178a: improve reset check (git-fixes). - net: usb: ax88179_178a: stop lying about skb->truesize (git-fixes). - net: usb: qmi_wwan: add Telit FN912 compositions (stable-fixes). - net: usb: qmi_wwan: add Telit FN920C04 compositions (git-fixes). - net:usb:qmi_wwan: support Rolling modules (stable-fixes). - net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings (git-fixes). - net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (git-fixes). - net: usb: smsc95xx: stop lying about skb->truesize (git-fixes). - net: usb: sr9700: stop lying about skb->truesize (git-fixes). - net: Use sockaddr_storage for getsockopt(SO_PEERNAME) (git-fixes). - net: veth: do not manipulate GRO when using XDP (git-fixes). - net: wwan: t7xx: Split 64bit accesses to fix alignment issues (git-fixes). - net/x25: fix incorrect parameter validation in the x25_getsockopt() function (git-fixes). - nfc/nci: Add the inconsistency check between the input data length and count (stable-fixes). - nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() (git-fixes). - nfc: nci: Fix kcov check in nci_rx_work() (git-fixes). - nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet (git-fixes). - nfc: nci: Fix uninit-value in nci_rx_work (git-fixes). - nf_conntrack: fix -Wunused-const-variable= (git-fixes). - NFC: trf7970a: disable all regulators on removal (git-fixes). - nfp: flower: handle acti_netdevs allocation failure (git-fixes). - NFS: abort nfs_atomic_open_v23 if name is too long (bsc#1219847). - NFS: add atomic_open for NFSv3 to handle O_TRUNC correctly (bsc#1219847). - NFS: add barriers when testing for NFS_FSDATA_BLOCKED (git-fixes). - nfs: Avoid flushing many pages with NFS_FILE_SYNC (bsc#1218442). - NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226). - nfs: Block on write congestion (bsc#1218442). - nfs: Bump default write congestion size (bsc#1218442). - NFSD: change LISTXATTRS cookie encoding to big-endian (git-fixes). - NFSD: Convert the callback workqueue to use delayed_work (git-fixes). - nfsd: do not call locks_release_private() twice concurrently (git-fixes). - nfsd: Fix a regression in nfsd_setattr() (git-fixes). - NFSD: Fix checksum mismatches in the duplicate reply cache (git-fixes). - NFSD: fix LISTXATTRS returning a short list with eof=TRUE (git-fixes). - NFSD: fix LISTXATTRS returning more bytes than maxcount (git-fixes). - NFSD: fix nfsd4_listxattr_validate_cookie (git-fixes). - NFSD: Fix nfsd_clid_class use of __string_len() macro (git-fixes). - nfsd: hold a lighter-weight client reference over CB_RECALL_ANY (git-fixes). - nfsd: optimise recalculate_deny_mode() for a common case (bsc#1217912). - NFSD: Reschedule CB operations when backchannel rpc_clnt is shut down (git-fixes). - NFSD: Reset cb_seq_status after NFS4ERR_DELAY (git-fixes). - NFSD: Retransmit callbacks after client reconnects (git-fixes). - nfs: Drop pointless check from nfs_commit_release_pages() (bsc#1218442). - nfs: drop the incorrect assertion in nfs_swap_rw() (git-fixes). - nfsd: use __fput_sync() to avoid delayed closing of files (bsc#1223380 bsc#1217408). - NFS: Fix an off by one in root_nfs_cat() (git-fixes). - NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt (git-fixes). - nfs: fix panic when nfs4_ff_layout_prepare_ds() fails (git-fixes). - NFS: Fix READ_PLUS when server does not support OP_READ_PLUS (git-fixes). - nfs: fix undefined behavior in nfs_block_bits() (git-fixes). - nfs: Fix up kabi after adding write_congestion_wait (bsc#1218442). - nfs: Handle error of rpc_proc_register() in nfs_net_init() (git-fixes). - nfs: keep server info for remounts (git-fixes). - nfs: Properly initialize server->writeback (bsc#1218442). - NFS: Read unlock folio on nfs_page_create_from_folio() error (git-fixes). - NFSv4.1 enforce rootpath check in fs_location query (git-fixes). - NFSv4.1/pnfs: fix NFS with TLS in pnfs (git-fixes). - NFSv4.2: fix listxattr maximum XDR buffer size (git-fixes). - NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (git-fixes). - NFSv4: Fixup smatch warning for ambiguous return (git-fixes). - NFSv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362). - nilfs2: add missing check for inode numbers on directory entries (stable-fixes). - nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (git-fixes). - nilfs2: convert persistent object allocator to use kmap_local (git-fixes). - nilfs2: fix incorrect inode allocation from reserved inodes (git-fixes). - nilfs2: fix inode number range checks (stable-fixes). - nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors (git-fixes). - nilfs2: fix OOB in nilfs_set_de_type (git-fixes). - nilfs2: fix out-of-range warning (git-fixes). - nilfs2: fix potential bug in end_buffer_async_write (git-fixes). - nilfs2: fix potential hang in nilfs_detach_log_writer() (git-fixes). - nilfs2: fix unexpected freezing of nilfs_segctor_sync() (git-fixes). - nilfs2: fix use-after-free of timer for log writer thread (git-fixes). - nilfs2: make superblock data array index computation sparse friendly (git-fixes). - nilfs2: return the mapped address from nilfs_get_page() (stable-fixes). - nouveau: add an ioctl to report vram usage (stable-fixes). - nouveau: add an ioctl to return vram bar size (stable-fixes). - nouveau/dmem: handle kcalloc() allocation failure (git-fixes). - nouveau: fix devinit paths to only handle display on GSP (git-fixes). - nouveau: fix function cast warning (git-fixes). - nouveau: fix instmem race condition around ptr stores (git-fixes). - nouveau/gsp: do not check devinit disable on GSP (git-fixes). - nouveau: lock the client object tree (stable-fixes). - nouveau: report byte usage in VRAM usage (git-fixes). - nouveau: reset the bo resource bus info after an eviction (git-fixes). - nouveau/uvmm: fix addr/range calcs for remap operations (git-fixes). - nvdimm: make nvdimm_bus_type const (jsc#PED-5853). - nvdimm/pmem: fix leak on dax_add_host() failure (jsc#PED-5853). - nvdimm/pmem: Treat alloc_dax() -EOPNOTSUPP failure as non-fatal (jsc#PED-5853). - nvme: cancel pending I/O if nvme controller is in terminal state (bsc#1226503). - nvme: do not retry authentication failures (bsc#1186716). - nvme-fabrics: short-circuit reconnect retries (bsc#1186716). - nvme-fc: do not wait in vain when unloading module (git-fixes). - nvme: find numa distance only if controller has valid numa id (git-fixes). - nvme: fix multipath batched completion accounting (git-fixes). - nvme: fix nvme_pr_* status code parsing (git-fixes). - nvme: fix reconnection fail due to reserved tag allocation (git-fixes). - nvme: fix warn output about shared namespaces without CONFIG_NVME_MULTIPATH (git-fixes). - nvme-multipath: fix io accounting on failover (git-fixes). - nvme-pci: Add quirk for broken MSIs (git-fixes). - nvme: return kernel error codes for admin queue connect (bsc#1186716). - nvmet-auth: replace pr_debug() with pr_err() to report an error (git-fixes). - nvmet-auth: return the error code to the nvmet_auth_host_hash() callers (git-fixes). - nvme/tcp: Add wq_unbound modparam for nvme_tcp_wq (bsc#1224049). - nvme-tcp: Export the nvme_tcp_wq to sysfs (bsc#1224049). - nvme-tcp: strict pdu pacing to avoid send stalls on TLS (bsc#1221858). - nvmet-fc: abort command when there is no binding (git-fixes). - nvmet-fc: defer cleanup using RCU properly (git-fixes). - nvmet-fc: hold reference on hostport match (git-fixes). - nvmet-fcloop: swap the list_add_tail arguments (git-fixes). - nvmet-fc: release reference on target port (git-fixes). - nvmet: fix ns enable/disable possible hang (git-fixes). - nvmet: fix nvme status code when namespace is disabled (git-fixes). - nvmet: lock config semaphore when accessing DH-HMAC-CHAP key (bsc#1186716). - nvmet-passthru: propagate status from id override functions (git-fixes). - nvmet: prevent sprintf() overflow in nvmet_subsys_nsid_exists() (git-fixes). - nvmet: return DHCHAP status codes from nvmet_setup_auth() (bsc#1186716). - nvmet-tcp: fix nvme tcp ida memory leak (git-fixes). - nvmet-tcp: fix possible memory leak when tearing down a controller (git-fixes). - ocfs2: adjust enabling place for la window (bsc#1219224). - ocfs2: fix DIO failure due to insufficient transaction credits (git-fixes). - ocfs2: fix races between hole punching and AIO+DIO (git-fixes). - ocfs2: fix sparse warnings (bsc#1219224). - ocfs2: improve write IO performance when fragmentation is high (bsc#1219224). - ocfs2: speed up chain-list searching (bsc#1219224). - ocfs2: use coarse time for new created files (git-fixes). - octeontx2-af: Add array index check (git-fixes). - octeontx2-af: Fix devlink params (git-fixes). - octeontx2-af: Fix issue with loading coalesced KPU profiles (git-fixes). - octeontx2-af: Fix NIX SQ mode and BP config (git-fixes). - Octeontx2-af: fix pause frame configuration in GMP mode (git-fixes). - octeontx2-af: Use matching wake_up API variant in CGX command interface (git-fixes). - octeontx2-af: Use separate handlers for interrupts (git-fixes). - octeontx2: Detect the mbox up or down message via register (git-fixes). - octeontx2-pf: check negative error code in otx2_open() (git-fixes). - octeontx2-pf: fix FLOW_DIS_IS_FRAGMENT implementation (git-fixes). - octeontx2-pf: Fix transmit scheduler resource leak (git-fixes). - octeontx2-pf: Send UP messages to VF only when VF is up (git-fixes). - octeontx2-pf: Use default max_active works instead of one (git-fixes). - octeontx2-pf: Wait till detach_resources msg is complete (git-fixes). - of: dynamic: Synchronize of_changeset_destroy() with the devlink removals (git-fixes). - of: module: add buffer overflow check in of_modalias() (git-fixes). - of: module: prevent NULL pointer dereference in vsnprintf() (stable-fixes). - of: property: Add in-ports/out-ports support to of_graph_get_port_parent() (stable-fixes). - of: property: fix typo in io-channels (git-fixes). - of: property: fw_devlink: Fix stupid bug in remote-endpoint parsing (git-fixes). - of: property: Improve finding the consumer of a remote-endpoint property (git-fixes). - of: property: Improve finding the supplier of a remote-endpoint property (git-fixes). - of: unittest: Fix compile in the non-dynamic case (git-fixes). - orangefs: fix out-of-bounds fsid access (git-fixes). - overflow: Allow non-type arg to type_max() and type_min() (stable-fixes). - PCI/AER: Block runtime suspend when handling errors (stable-fixes). - PCI/ASPM: Update save_state when configuration changes (bsc#1226915) - PCI/ASPM: Use RMW accessors for changing LNKCTL (git-fixes). - PCI: Clear Secondary Status errors after enumeration (bsc#1226928) - PCI: Delay after FLR of Solidigm P44 Pro NVMe (stable-fixes). - PCI: Disable D3cold on Asus B1400 PCI-NVMe bridge (stable-fixes). - PCI: Do not wait for disconnected devices when resuming (git-fixes). - PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal (git-fixes). - PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports (stable-fixes). - PCI/DPC: Use FIELD_GET() (stable-fixes). - PCI: dwc: ep: Fix DBI access failure for drivers requiring refclk from host (git-fixes). - PCI: dwc: Fix index 0 incorrectly being interpreted as a free ATU slot (git-fixes). - PCI: dw-rockchip: Fix initial PERST# GPIO value (git-fixes). - PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3 (git-fixes). - PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3 (git-fixes). - PCI: endpoint: Clean up error handling in vpci_scan_bus() (git-fixes). - PCI: endpoint: Fix error handling in epf_ntb_epc_cleanup() (git-fixes). - PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init() (git-fixes). - PCI: Execute quirk_enable_clear_retrain_link() earlier (stable-fixes). - PCI: Extend ACS configurability (bsc#1228090). - PCI: Fix resource double counting on remove & rescan (git-fixes). - PCI: Fix typos in docs and comments (stable-fixes). - PCI: hv: Fix ring buffer size calculation (git-fixes). - PCI: Introduce cleanup helpers for device reference counts and locks (stable-fixes). - PCI: keystone: Do not enable BAR 0 for AM654x (git-fixes). - PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() (git-fixes). - PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode() (git-fixes). - PCI: Make link retraining use RMW accessors for changing LNKCTL (git-fixes). - PCI/MSI: Fix UAF in msi_capability_init (git-fixes). - PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (stable-fixes). - PCI/PM: Drain runtime-idle callbacks before driver removal (stable-fixes). - PCI: qcom: Add support for sa8775p SoC (git-fixes). - PCI: qcom: Disable ASPM L0s for sc8280xp, sa8540p and sa8295p (git-fixes). - PCI: qcom-ep: Disable resources unconditionally during PERST# assert (git-fixes). - PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() (git-fixes). - PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id (git-fixes). - PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (git-fixes). - PCI: rpaphp: Error out on busy status from get-sensor-state (bsc#1223369 ltc#205888). - PCI: Simplify pcie_capability_clear_and_set_word() to ..._clear_word() (stable-fixes). - PCI: switchtec: Add support for PCIe Gen5 devices (stable-fixes). - PCI: switchtec: Use normal comment style (stable-fixes). - PCI: tegra194: Fix probe path for Endpoint mode (git-fixes). - PCI: tegra194: Set EP alignment restriction for inbound ATU (git-fixes). - PCI: vmd: Create domain symlink before pci_bus_add_devices() (bsc#1227363). - peci: linux/peci.h: fix Excess kernel-doc description warning (git-fixes). - perf annotate: Fix annotation_calc_lines() to pass correct address to get_srcline() (git-fixes). - perf annotate: Get rid of duplicate --group option item (git-fixes). - perf auxtrace: Fix multiple use of --itrace option (git-fixes). - perf bench internals inject-build-id: Fix trap divide when collecting just one DSO (git-fixes). - perf bench uprobe: Remove lib64 from libc.so.6 binary path (git-fixes). - perf bpf: Clean up the generated/copied vmlinux.h (git-fixes). - perf daemon: Fix file leak in daemon_session__control (git-fixes). - perf docs: Document bpf event modifier (git-fixes). - perf: Enqueue SIGTRAP always via task_work (bsc#1214683 (PREEMPT_RT prerequisite backports)). - perf evsel: Fix duplicate initialization of data->id in evsel__parse_sample() (git-fixes). - perf expr: Fix 'has_event' function for metric style events (git-fixes). - perf intel-pt: Fix unassigned instruction op (discovered by MemorySanitizer) (git-fixes). - perf jevents: Drop or simplify small integer values (git-fixes). - perf list: fix short description for some cache events (git-fixes). - perf lock contention: Add a missing NULL check (git-fixes). - perf metric: Do not remove scale from counts (git-fixes). - perf: Move irq_work_queue() where the event is prepared (bsc#1214683 (PREEMPT_RT prerequisite backports)). - perf pmu: Count sys and cpuid JSON events separately (git fixes). - perf pmu: Fix a potential memory leak in perf_pmu__lookup() (git-fixes). - perf pmu: Treat the msr pmu as software (git-fixes). - perf print-events: make is_event_supported() more robust (git-fixes). - perf probe: Add missing libgen.h header needed for using basename() (git-fixes). - perf record: Check conflict between '--timestamp-filename' option and pipe mode before recording (git-fixes). - perf record: Fix debug message placement for test consumption (git-fixes). - perf record: Fix possible incorrect free in record__switch_output() (git-fixes). - perf: Remove perf_swevent_get_recursion_context() from perf_pending_task() (bsc#1214683 (PREEMPT_RT prerequisite backports)). - perf report: Avoid SEGV in report__setup_sample_type() (git-fixes). - perf sched timehist: Fix -g/--call-graph option failure (git-fixes). - perf script: Show also errors for --insn-trace option (git-fixes). - perf: Split __perf_pending_irq() out of perf_pending_irq() (bsc#1214683 (PREEMPT_RT prerequisite backports)). - perf srcline: Add missed addr2line closes (git-fixes). - perf stat: Avoid metric-only segv (git-fixes). - perf stat: Do not display metric header for non-leader uncore events (git-fixes). - perf stat: Do not fail on metrics on s390 z/VM systems (git-fixes). - perf symbols: Fix ownership of string in dso__load_vmlinux() (git-fixes). - perf tests: Apply attributes to all events in object code reading test (git-fixes). - perf test shell arm_coresight: Increase buffer size for Coresight basic tests (git-fixes). - perf tests: Make data symbol test wait for perf to start (bsc#1220045). - perf tests: Make 'test data symbol' more robust on Neoverse N1 (git-fixes). - perf tests: Skip data symbol test if buf1 symbol is missing (bsc#1220045). - perf thread: Fixes to thread__new() related to initializing comm (git-fixes). - perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str() (git-fixes). - perf top: Uniform the event name for the hybrid machine (git-fixes). - perf top: Use evsel's cpus to replace user_requested_cpus (git-fixes). - perf ui browser: Avoid SEGV on title (git fixes). - perf ui browser: Do not save pointer to stack memory (git-fixes). - perf vendor events amd: Add Zen 4 memory controller events (git-fixes). - perf vendor events amd: Fix Zen 4 cache latency events (git-fixes). - perf/x86/amd/core: Avoid register reset when CPU is dead (git-fixes). - perf/x86/amd/lbr: Discard erroneous branch entries (git-fixes). - perf/x86/amd/lbr: Use freeze based on availability (git-fixes). - perf/x86: Fix out of range data (git-fixes). - perf/x86/intel/ds: Do not clear ->pebs_data_cfg for the last PEBS event (git-fixes). - perf/x86/intel: Expose existence of callback support to KVM (git-fixes). - phy: cadence-torrent: Check return value on register read (git-fixes). - phy: freescale: imx8m-pcie: fix pcie link-up instability (git-fixes). - phy: marvell: a3700-comphy: Fix hardcoded array size (git-fixes). - phy: marvell: a3700-comphy: Fix out of bounds read (git-fixes). - phy: rockchip: naneng-combphy: Fix mux on rk3588 (git-fixes). - phy: rockchip-snps-pcie3: fix bifurcation on rk3588 (git-fixes). - phy: rockchip-snps-pcie3: fix clearing PHP_GRF_PCIESEL_CON bits (git-fixes). - phy: ti: tusb1210: Resolve charger-det crash if charger psy is unregistered (git-fixes). - pinctrl: armada-37xx: remove an unused variable (git-fixes). - pinctrl: baytrail: Fix selecting gpio pinctrl state (git-fixes). - pinctrl: core: fix possible memory leak when pinctrl_enable() fails (git-fixes). - pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() (git-fixes). - pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (git-fixes). - pinctrl: freescale: mxs: Fix refcount of child (git-fixes). - pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback (git-fixes). - pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE (git-fixes). - pinctrl/meson: fix typo in PDM's pin name (git-fixes). - pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T (git-fixes). - pinctrl: qcom: pinctrl-sm7150: Fix sdc1 and ufs special pins regs (git-fixes). - pinctrl: qcom: spmi-gpio: drop broken pm8008 support (git-fixes). - pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs (stable-fixes). - pinctrl: renesas: r8a779g0: Fix CANFD5 suffix (git-fixes). - pinctrl: renesas: r8a779g0: Fix FXR_TXEN[AB] suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix (H)SCIF1 suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix (H)SCIF3 suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix IRQ suffixes (git-fixes). - pinctrl: renesas: r8a779g0: FIX PWM suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix TCLK suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix TPU suffixes (git-fixes). - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins (git-fixes). - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins (git-fixes). - pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set (git-fixes). - pinctrl: rockchip: use dedicated pinctrl type for RK3328 (git-fixes). - pinctrl: single: fix possible memory leak when pinctrl_enable() fails (git-fixes). - pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (git-fixes). - platform/chrome: cros_ec_debugfs: fix wrong EC message version (git-fixes). - platform/chrome: cros_ec_uart: properly fix race condition (git-fixes). - platform/x86/amd/pmc: Extend Framework 13 quirk to more BIOSes (stable-fixes). - platform/x86: dell-smbios: Fix wrong token data in sysfs (git-fixes). - platform/x86/intel/tpmi: Handle error from tpmi_process_info() (stable-fixes). - platform/x86/intel-uncore-freq: Do not present root domain on error (git-fixes). - platform/x86: ISST: Add Grand Ridge to HPM CPU list (stable-fixes). - platform/x86: ISST: Add Granite Rapids-D to HPM CPU list (stable-fixes). - platform/x86: lg-laptop: Change ACPI device id (stable-fixes). - platform/x86: lg-laptop: Remove LGEX0815 hotkey handling (stable-fixes). - platform/x86: lg-laptop: Use ACPI device handle when evaluating WMAB/WMBB (stable-fixes). - platform/x86: thinkpad_acpi: Take hotkey_mutex during hotkey_exit() (git-fixes). - platform/x86: toshiba_acpi: Add quirk for buttons on Z830 (stable-fixes). - platform/x86: toshiba_acpi: Fix array out-of-bounds access (git-fixes). - platform/x86: toshiba_acpi: Fix quickstart quirk handling (git-fixes). - platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet (stable-fixes). - platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6' tablet (stable-fixes). - platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro (stable-fixes). - platform/x86: wireless-hotkey: Add support for LG Airplane Button (stable-fixes). - platform/x86: x86-android-tablets: Fix acer_b1_750_goodix_gpios name (stable-fixes). - platform/x86: xiaomi-wmi: Fix race condition when reporting key events (git-fixes). - PM / devfreq: Synchronize devfreq_monitor_[start/stop] (stable-fixes). - PM: s2idle: Make sure CPUs will wakeup directly on resume (git-fixes). - pNFS/filelayout: fixup pNfs allocation modes (git-fixes). - Port 'certs: Move RSA self-test data to separate file'. - powerpc/64s/radix/kfence: map __kfence_pool at page granularity (bsc#1223570 ltc#205770). - powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191). - powerpc/crypto/chacha-p10: Fix failure on non Power10 (bsc#1218205). - powerpc/eeh: Permanently disable the removed device (bsc#1223991 ltc#205740). - powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks (git-fixes). - powerpc/prom: Add CPU info to hardware description string later (bsc#1215199). - powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869). - powerpc/pseries/lparcfg: drop error message from guest name lookup (bsc#1187716 ltc#193451 git-fixes). - powerpc/pseries: make max polling consistent for longer H_CALLs (bsc#1215199). - powerpc/pseries/vio: Do not return ENODEV if node or compatible missing (bsc#1220783). - powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487). - powerpc/uaccess: Fix build errors seen with GCC 13/14 (bsc#1194869). - powerpc/uaccess: Use YZ asm constraint for ld (bsc#1194869). - power: rt9455: hide unused rt9455_boost_voltage_values (git-fixes). - power: supply: ab8500: Fix error handling when calling iio_read_channel_processed() (git-fixes). - power: supply: cros_usbpd: provide ID table for avoiding fallback match (stable-fixes). - power: supply: ingenic: Fix some error handling paths in ingenic_battery_get_property() (git-fixes). - power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator (git-fixes). - ppdev: Add an error check in register_device (git-fixes). - prctl: generalize PR_SET_MDWE support check to be per-arch (bsc#1225610). - Preparation update to v6.10-rc3-rt5 ((bsc#1214683 (PREEMPT_RT prerequisite backports)). - printk: Add this_cpu_in_panic() (bsc#1225607). - printk: Adjust mapping for 32bit seq macros (bsc#1225607). - printk: Avoid non-panic CPUs writing to ringbuffer (bsc#1225607). - printk: Consolidate console deferred printing (bsc#1225607). - printk: Disable passing console lock owner completely during panic() (bsc#1225607). - printk: Do not take console lock for console_flush_on_panic() (bsc#1225607). - printk: For @suppress_panic_printk check for other CPU in panic (bsc#1225607). - printk: Keep non-panic-CPUs out of console lock (bsc#1225607). - printk: Let no_printk() use _printk() (bsc#1225618). - printk: nbcon: Relocate 32bit seq macros (bsc#1225607). - printk: Reduce console_unblank() usage in unsafe scenarios (bsc#1225607). - printk: Rename abandon_console_lock_in_panic() to other_cpu_in_panic() (bsc#1225607). - printk: ringbuffer: Clarify special lpos values (bsc#1225607). - printk: ringbuffer: Cleanup reader terminology (bsc#1225607). - printk: ringbuffer: Do not skip non-finalized records with prb_next_seq() (bsc#1225607). - printk: ringbuffer: Skip non-finalized records in panic (bsc#1225607). - printk: Update @console_may_schedule in console_trylock_spinning() (bsc#1225616). - printk: Use prb_first_seq() as base for 32bit seq macros (bsc#1225607). - printk: Wait for all reserved records with pr_flush() (bsc#1225607). - proc/kcore: do not try to access unaccepted memory (git-fixes). - pstore: inode: Convert mutex usage to guard(mutex) (stable-fixes). - pstore: inode: Only d_invalidate() is needed (git-fixes). - pstore/zone: Add a null pointer check to the psz_kmsg_read (stable-fixes). - pwm: img: fix pwm clock lookup (git-fixes). - pwm: sti: Prepare removing pwm_chip from driver data (stable-fixes). - pwm: sti: Simplify probe function using devm functions (git-fixes). - pwm: stm32: Always do lazy disabling (git-fixes). - qibfs: fix dentry leak (git-fixes) - r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d (git-fixes). - r8169: skip DASH fw status checks when DASH is disabled (git-fixes). - random: handle creditable entropy from atomic process context (git-fixes). - RAS/AMD/ATL: Fix MI300 bank hash (bsc#1225300). - RAS/AMD/ATL: Use system settings for MI300 DRAM to normalized address translation (bsc#1225300). - RAS/AMD/FMPM: Avoid NULL ptr deref in get_saved_records() (jsc#PED-7619). - RAS/AMD/FMPM: Fix build when debugfs is not enabled (jsc#PED-7619). - RAS/AMD/FMPM: Safely handle saved records of various sizes (jsc#PED-7619). - RDMA/bnxt_re: Fix the max msix vectors macro (git-fixes) - RDMA/cm: add timeout to cm_destroy_id wait (git-fixes) - RDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw (git-fixes) - RDMA/cm: Print the old state when cm_destroy_id gets timeout (git-fixes) - RDMA/hns: Add max_ah and cq moderation capacities in query_device() (git-fixes) - RDMA/hns: Fix deadlock on SRQ async events. (git-fixes) - RDMA/hns: Fix GMV table pagesize (git-fixes) - RDMA/hns: Fix return value in hns_roce_map_mr_sg (git-fixes) - RDMA/hns: Fix UAF for cq async event (git-fixes) - RDMA/hns: Modify the print level of CQE error (git-fixes) - RDMA/hns: Use complete parentheses in macros (git-fixes) - RDMA/IPoIB: Fix format truncation compilation errors (git-fixes) - RDMA/mana_ib: Fix bug in creation of dma regions (git-fixes). - RDMA/mana_ib: Ignore optional access flags for MRs (git-fixes). - RDMA/mlx5: Add check for srq max_sge attribute (git-fixes) - RDMA/mlx5: Adding remote atomic access flag to updatable flags (git-fixes) - RDMA/mlx5: Change check for cacheable mkeys (git-fixes) - RDMA/mlx5: Ensure created mkeys always have a populated rb_key (git-fixes) - RDMA/mlx5: Fix port number for counter query in multi-port configuration (git-fixes) - RDMA/mlx5: Fix unwind flow as part of mlx5_ib_stage_init_init (git-fixes) - RDMA/mlx5: Follow rb_key.ats when creating new mkeys (git-fixes) - RDMA/mlx5: Remove extra unlock on error path (git-fixes) - RDMA/mlx5: Uncacheable mkey has neither rb_key or cache_ent (git-fixes) - RDMA/restrack: Fix potential invalid address access (git-fixes) - RDMA/rxe: Allow good work requests to be executed (git-fixes) - RDMA/rxe: Fix data copy for IB_SEND_INLINE (git-fixes) - RDMA/rxe: Fix incorrect rxe_put in error path (git-fixes) - RDMA/rxe: Fix responder length checking for UD request packets (git-fixes) - RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (git-fixes) - RDMA/rxe: Fix the problem 'mutex_destroy missing' (git-fixes) - README.BRANCH: Remove copy of branch name - Reapply 'drm/qxl: simplify qxl_fence_wait' (stable-fixes). - Refresh ARM (bsc#1214683 (PREEMPT_RT prerequisite backports)). - Refresh kabi workaround ath updates (bsc#1227149#) - Refresh the previous ASoC patch, landed in subsystem tree (bsc#1228269) - regmap: Add regmap_read_bypassed() (git-fixes). - regmap-i2c: Subtract reg size from max_write (stable-fixes). - regmap: kunit: Ensure that changed bytes are actually different (stable-fixes). - regmap: maple: Fix cache corruption in regcache_maple_drop() (git-fixes). - regmap: maple: Fix uninitialized symbol 'ret' warnings (git-fixes). - regulator: bd71815: fix ramp values (git-fixes). - regulator: bd71828: Do not overwrite runtime voltages (git-fixes). - regulator: change devm_regulator_get_enable_optional() stub to return Ok (git-fixes). - regulator: change stubbed devm_regulator_get_enable to return Ok (git-fixes). - regulator: core: fix debugfs creation regression (git-fixes). - regulator: core: Fix modpost error 'regulator_get_regmap' undefined (git-fixes). - regulator: irq_helpers: duplicate IRQ name (stable-fixes). - regulator: mt6360: De-capitalize devicetree regulator subnodes (git-fixes). - regulator: tps65132: Add of_match table (stable-fixes). - regulator: vqmmc-ipq4019: fix module autoloading (stable-fixes). - remoteproc: imx_rproc: Fix refcount mistake in imx_rproc_addr_init (git-fixes). - remoteproc: imx_rproc: Skip over memory region when node value is NULL (git-fixes). - remoteproc: k3-r5: Do not allow core1 to power up before core0 via sysfs (git-fixes). - remoteproc: k3-r5: Fix IPC-only mode detection (git-fixes). - remoteproc: k3-r5: Jump to error handling labels in start/stop errors (git-fixes). - remoteproc: k3-r5: Wait for core0 power-up before powering up core1 (git-fixes). - remoteproc: mediatek: Make sure IPI buffer fits in L2TCM (git-fixes). - remoteproc: stm32: Fix incorrect type assignment returned by stm32_rproc_get_loaded_rsc_tablef (git-fixes). - remoteproc: stm32_rproc: Fix mailbox interrupts queuing (git-fixes). - remoteproc: virtio: Fix wdg cannot recovery remote processor (git-fixes). - Remove NTFSv3 from configs (bsc#1224429) References: bsc#1224429 comment#3 We only support fuse version of the NTFS-3g driver. Disable NTFSv3 from all configs. This was enabled in d016c04d731 ('Bump to 6.4 kernel (jsc#PED-4593)') - Replace with mainline and sort - Revert 'ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default' (stable-fixes). - Revert 'ASoC: SOF: Intel: hda-dai-ops: only allocate/release streams for first CPU DAI' (stable-fixes). - Revert 'ASoC: SOF: Intel: hda-dai-ops: reset device count for SoundWire DAIs' (stable-fixes). - Revert 'build initrd without systemd' (bsc#1195775)' - Revert 'drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()' (stable-fixes). - Revert 'drm/amd/display: Fix sending VSC (+ colorimetry) packets for DP/eDP displays without PSR' (stable-fixes). - Revert 'drm/amdkfd: fix gfx_target_version for certain 11.0.3 devices' (stable-fixes). - Revert 'drm/bridge: tc358767: Set default CLRSIPO count' (stable-fixes). - Revert 'drm/bridge: ti-sn65dsi83: Fix enable error path' (git-fixes). - Revert 'drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()' (stable-fixes). - Revert 'drm/qxl: simplify qxl_fence_wait' (git-fixes). - Revert 'gfs2: fix glock shrinker ref issues' (git-fixes). - Revert 'iommu/amd: Enable PCI/IMS' (git-fixes). - Revert 'iommu/vt-d: Enable PCI/IMS' (git-fixes). - Revert 'leds: led-core: Fix refcount leak in of_led_get()' (git-fixes). - Revert 'net/mlx5: Block entering switchdev mode with ns inconsistency' (git-fixes). - Revert 'net/mlx5e: Check the number of elements before walk TC rhashtable' (git-fixes). - Revert 'PCI/MSI: Provide IMS (Interrupt Message Store) support' (git-fixes). - Revert 'PCI/MSI: Provide pci_ims_alloc/free_irq()' (git-fixes). - Revert 'PCI/MSI: Provide stubs for IMS functions' (git-fixes). - Revert 'selinux: introduce an initial SID for early boot processes' (bsc#1208593) It caused a regression on ALP-current branch, kernel-obs-qa build failed. - Revert 'serial: core: only stop transmit when HW fifo is empty' (git-fixes). - Revert 'usb: cdc-wdm: close race between read and workqueue' (git-fixes). - Revert 'usb: musb: da8xx: Set phy in OTG mode by default' (stable-fixes). - Revert 'usb: phy: generic: Get the vbus supply' (git-fixes). - Revert 'wifi: ath11k: call ath11k_mac_fils_discovery() without condition' (bsc#1227149). - Revert 'wifi: ath12k: use ATH12K_PCI_IRQ_DP_OFFSET for DP IRQ' (bsc#1227149). - Revert 'wifi: iwlwifi: bump FW API to 90 for BZ/SC devices' (bsc#1227149). - ring-buffer: Do not set shortest_full when full target is hit (git-fixes). - ring-buffer: Fix a race between readers and resize checks (git-fixes). - ring-buffer: Fix full_waiters_pending in poll (git-fixes). - ring-buffer: Fix resetting of shortest_full (git-fixes). - ring-buffer: Fix waking up ring buffer readers (git-fixes). - ring-buffer: Make wake once of ring_buffer_wait() more robust (git-fixes). - ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment (git-fixes). - ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() (git-fixes). - rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL (git-fixes). - rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212) Some builds do not just create an iso9660 image, but also mount it during build. - rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211) docker needs more networking modules, even legacy iptable_nat and _filter. - rpm/kernel-obs-build.spec.in: Include algif_hash, aegis128 and xts modules afgif_hash is needed by some packages (e.g. iwd) for tests, xts is used for LUKS2 volumes by default and aegis128 is useful as AEAD cipher for LUKS2. Wrap the long line to make it readable. - rtc: abx80x: Fix return value of nvmem callback on read (git-fixes). - rtc: cmos: Fix return value of nvmem callbacks (git-fixes). - rtc: interface: Add RTC offset to alarm after fix-up (git-fixes). - rtc: isl1208: Fix return value of nvmem callbacks (git-fixes). - rtc: mt6397: select IRQ_DOMAIN instead of depending on it (git-fixes). - s390/bpf: Emit a barrier for BPF_FETCH instructions (git-fixes bsc#1224792). - s390/cio: Ensure the copied buf is NUL terminated (git-fixes bsc#1223869). - s390/cio: fix tracepoint subchannel type field (git-fixes bsc#1224793). - s390/cpacf: Make use of invalid opcode produce a link error (git-fixes bsc#1227072). - s390/cpacf: Split and rework cpacf query functions (git-fixes bsc#1225133). - s390: Implement __iowrite32_copy() (bsc#1226502) - s390/ipl: Fix incorrect initialization of len fields in nvme reipl block (git-fixes bsc#1225136). - s390/ipl: Fix incorrect initialization of nvme dump block (git-fixes bsc#1225134). - s390/ism: Properly fix receive message buffer allocation (git-fixes bsc#1223590). - s390/mm: Fix clearing storage keys for huge pages (git-fixes bsc#1223871). - s390/mm: Fix storage key clearing for guest huge pages (git-fixes bsc#1223872). - s390/qeth: Fix kernel panic after setting hsuid (git-fixes bsc#1223874). - s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502) - s390/vdso: Add CFI for RA register to asm macro vdso_func (git-fixes bsc#1223870). - s390/vdso: drop '-fPIC' from LDFLAGS (git-fixes bsc#1223593). - s390/vtime: fix average steal time calculation (git-fixes bsc#1221783). - s390/zcrypt: fix reference counting on zcrypt card objects (git-fixes bsc#1223592). - saa7134: Unchecked i2c_transfer function result fixed (git-fixes). - sched/balancing: Rename newidle_balance() => sched_balance_newidle() (bsc#1222173). - sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() (bsc#1226791). - sched/debug: Update stale reference to sched_debug.c (bsc#1214683 (PREEMPT_RT prerequisite backports)). - sched/fair: Check root_domain::overload value before update (bsc#1222173). - sched/fair: Use helper functions to access root_domain::overload (bsc#1222173). - sched/psi: Select KERNFS as needed (git-fixes). - sched/topology: Optimize topology_span_sane() (bsc#1225053). - scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn (git-fixes). - scsi: core: Consult supported VPD page list prior to fetching page (git-fixes). - scsi: core: Fix unremoved procfs host directory regression (git-fixes). - scsi: csiostor: Avoid function pointer casts (git-fixes). - scsi: hisi_sas: Modify the deadline for ata_wait_after_reset() (git-fixes). - scsi: libsas: Add a helper sas_get_sas_addr_and_dev_type() (git-fixes). - scsi: libsas: Fix disk not being scanned in after being removed (git-fixes). - scsi: lpfc: Add support for 32 byte CDBs (bsc#1225842). - scsi: lpfc: Change default logging level for unsolicited CT MIB commands (bsc#1225842). - scsi: lpfc: Clear deferred RSCN processing flag when driver is unloading (bsc#1225842). - scsi: lpfc: Copyright updates for 14.4.0.1 patches (bsc#1221777). - scsi: lpfc: Copyright updates for 14.4.0.2 patches (bsc#1225842). - scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() (bsc#1221777). - scsi: lpfc: Correct size for wqe for memset() (bsc#1221777). - scsi: lpfc: Define lpfc_dmabuf type for ctx_buf ptr (bsc#1221777). - scsi: lpfc: Define lpfc_nodelist type for ctx_ndlp ptr (bsc#1221777). - scsi: lpfc: Define types in a union for generic void *context3 ptr (bsc#1221777). - scsi: lpfc: Introduce rrq_list_lock to protect active_rrq_list (bsc#1225842). - scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (bsc#1221777). - scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1221777). - scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1221777 bsc#1217959). - scsi: lpfc: Remove unnecessary log message in queuecommand path (bsc#1221777). - scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() (bsc#1221777). - scsi: lpfc: Update logging of protection type for T10 DIF I/O (bsc#1225842). - scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic (bsc#1221777). - scsi: lpfc: Update lpfc version to 14.4.0.1 (bsc#1221777). - scsi: lpfc: Update lpfc version to 14.4.0.2 (bsc#1225842). - scsi: lpfc: Use a dedicated lock for ras_fwlog state (bsc#1221777). - scsi: mpt3sas: Prevent sending diag_reset when the controller is ready (git-fixes). - scsi: mylex: Fix sysfs buffer lengths (git-fixes). - scsi: qla2xxx: Change debug message during driver unload (bsc1221816). - scsi: qla2xxx: Delay I/O Abort on PCI error (bsc1221816). - scsi: qla2xxx: Fix command flush on cable pull (bsc1221816). - scsi: qla2xxx: Fix double free of fcport (bsc1221816). - scsi: qla2xxx: Fix double free of the ha->vp_map pointer (bsc1221816). - scsi: qla2xxx: Fix N2N stuck connection (bsc1221816). - scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (git-fixes). - scsi: qla2xxx: NVME|FCP prefer flag not being honored (bsc1221816). - scsi: qla2xxx: Prevent command send on chip reset (bsc1221816). - scsi: qla2xxx: Split FCE|EFT trace control (bsc1221816). - scsi: qla2xxx: Update manufacturer detail (bsc1221816). - scsi: qla2xxx: Update version to 10.02.09.200-k (bsc1221816). - scsi: sd: Unregister device if device_add_disk() failed in sd_probe() (git-fixes). - scsi: sg: Avoid race in error handling & drop bogus warn (git-fixes). - scsi: sg: Avoid sg device teardown race (git-fixes). - scsi: smartpqi: Fix disable_managed_interrupts (git-fixes). - sctp: annotate data-races around sk->sk_wmem_queued (git-fixes). - sdhci-of-dwcmshc: disable PM runtime in dwcmshc_remove() (git-fixes). - selftests/binderfs: use the Makefile's rules, not Make's implicit rules (git-fixes). - selftests/bpf: add edge case backtracking logic test (bsc#1225756). - selftests/bpf: precision tracking test for BPF_NEG and BPF_END (bsc#1225756). - selftests/bpf: test case for callback_depth states pruning logic (bsc#1225903). - selftests/bpf: test if state loops are detected in a tricky case (bsc#1225903). - selftests/bpf: tests for iterating callbacks (bsc#1225903). - selftests/bpf: tests with delayed read/precision makrs in loop body (bsc#1225903). - selftests/bpf: test widening for iterating callbacks (bsc#1225903). - selftests/bpf: track string payload offset as scalar in strobemeta (bsc#1225903). - selftests/bpf: track tcp payload offset as scalar in xdp_synproxy (bsc#1225903). - selftests: default to host arch for LLVM builds (git-fixes). - selftests: fix OOM in msg_zerocopy selftest (git-fixes). - selftests: forwarding: Fix ping failure due to short timeout (git-fixes). - selftests/ftrace: Fix event filter target_func selection (stable-fixes). - selftests/ftrace: Limit length in subsystem-enable tests (git-fixes). - selftests: hsr: Extend the testsuite to also cover HSRv1 (bsc#1214683 (PREEMPT_RT prerequisite backports)). - selftests: hsr: Reorder the testsuite (bsc#1214683 (PREEMPT_RT prerequisite backports)). - selftests: hsr: Use `let' properly (bsc#1214683 (PREEMPT_RT prerequisite backports)). - selftests/kcmp: remove unused open mode (git-fixes). - selftests: kselftest: Fix build failure with NOLIBC (git-fixes). - selftests: kselftest: Mark functions that unconditionally call exit() as __noreturn (git-fixes). - selftests: make order checking verbose in msg_zerocopy selftest (git-fixes). - selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages (git-fixes). - selftests/mm: fix build warnings on ppc64 (stable-fixes). - selftests: mptcp: add ms units for tc-netem delay (stable-fixes). - selftests: net: bridge: increase IGMP/MLD exclude timeout membership interval (git-fixes). - selftests/net: convert test_bridge_neigh_suppress.sh to run it in unique namespace (stable-fixes). - selftests: net: kill smcrouted in the cleanup logic in amt.sh (git-fixes). - selftests: net: move amt to socat for better compatibility (git-fixes). - selftests/pidfd: Fix config for pidfd_setns_test (git-fixes). - selftests/powerpc/dexcr: Add -no-pie to hashchk tests (git-fixes). - selftests/powerpc/papr-vpd: Fix missing variable initialization (jsc#PED-4486 git-fixes). - selftests/resctrl: fix clang build failure: use LOCAL_HDRS (git-fixes). - selftests/sigaltstack: Fix ppc64 GCC build (git-fixes). - selftests: sud_test: return correct emulated syscall value on RISC-V (stable-fixes). - selftests: test_bridge_neigh_suppress.sh: Fix failures due to duplicate MAC (git-fixes). - selftests: timers: Convert posix_timers test to generate KTAP output (stable-fixes). - selftests: timers: Fix abs() warning in posix_timers test (git-fixes). - selftests: timers: Fix posix_timers ksft_print_msg() warning (git-fixes). - selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior (stable-fixes). - selftests/timers/posix_timers: Reimplement check_timer_distribution() (git-fixes). - selftests: vxlan_mdb: Fix failures with old libnet (git-fixes). - selinux: avoid dereference of garbage after mount failure (git-fixes). - selinux: introduce an initial SID for early boot processes (bsc#1208593). - serial: 8250_bcm7271: use default_mux_rate if possible (git-fixes). - serial: 8250_dw: Revert: Do not reclock if already at correct rate (git-fixes). - serial: 8250_exar: Do not remove GPIO device on suspend (git-fixes). - serial: 8520_mtk: Set RTS on shutdown for Rx in-band wakeup (git-fixes). - serial: bcm63xx-uart: fix tx after conversion to uart_port_tx_limited() (git-fixes). - serial: core: Fix atomicity violation in uart_tiocmget (git-fixes). - serial: core: introduce uart_port_tx_limited_flags() (git-fixes). - serial: core: only stop transmit when HW fifo is empty (git-fixes). - serial: exar: adding missing CTI and Exar PCI ids (stable-fixes). - serial: imx: Introduce timeout when waiting on transmitter empty (stable-fixes). - serial: imx: Raise TX trigger level to 8 (stable-fixes). - serial: kgdboc: Fix NMI-safety problems from keyboard reset code (stable-fixes). - serial: Lock console when calling into driver before registration (git-fixes). - serial: max3100: Fix bitwise types (git-fixes). - serial: max3100: Lock port->lock when calling uart_handle_cts_change() (git-fixes). - serial: max310x: fix NULL pointer dereference in I2C instantiation (git-fixes). - serial: max310x: fix syntax error in IRQ error message (git-fixes). - serial: mxs-auart: add spinlock around changing cts state (git-fixes). - serial: pch: Do not disable interrupts while acquiring lock in ISR (bsc#1214683 (PREEMPT_RT prerequisite backports)). - serial: pch: Do not initialize uart_port's spin_lock (bsc#1214683 (PREEMPT_RT prerequisite backports)). - serial: pch: Invoke handle_rx_to() directly (bsc#1214683 (PREEMPT_RT prerequisite backports)). - serial: pch: Make push_rx() return void (bsc#1214683 (PREEMPT_RT prerequisite backports)). - serial/pmac_zilog: Remove flawed mitigation for rx irq flood (git-fixes). - serial: sc16is7xx: add proper sched.h include for sched_set_fifo() (git-fixes). - serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler (git-fixes). - serial: sh-sci: protect invalidating RXDMA on shutdown (git-fixes). - serial: stm32: Reset .throttled state in .startup() (git-fixes). - SEV: disable SEV-ES DebugSwap by default (git-fixes). - slimbus: core: Remove usage of the deprecated ida_simple_xx() API (git-fixes). - slimbus: qcom-ngd-ctrl: Add timeout for wait operation (git-fixes). - smb3: allow controlling length of time directory entries are cached with dir leases (git-fixes, bsc#1225172). - smb3: allow controlling maximum number of cached directories (git-fixes, bsc#1225172). - smb3: do not start laundromat thread when dir leases disabled (git-fixes, bsc#1225172). - smb: client: do not start laundromat thread on nohandlecache (git-fixes, bsc#1225172). - smb: client: make laundromat a delayed worker (git-fixes, bsc#1225172). - smb: client: prevent new fids from being removed by laundromat (git-fixes, bsc#1225172). - soc: fsl: qbman: Always disable interrupts when taking cgr_lock (git-fixes). - soc: fsl: qbman: Use raw spinlock for cgr_lock (git-fixes). - sock_diag: annotate data-races around sock_diag_handlers[family] (git-fixes). - soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE (git-fixes). - soc: microchip: Fix POLARFIRE_SOC_SYS_CTRL input prompt (stable-fixes). - soc: qcom: pdr: fix parsing of domains lists (git-fixes). - soc: qcom: pdr: protect locator_addr with the main mutex (git-fixes). - soc: qcom: pmic_glink: do not traverse clients list without a lock (git-fixes). - soc: qcom: pmic_glink: Handle the return value of pmic_glink_init (git-fixes). - soc: qcom: pmic_glink: Make client-lock non-sleeping (git-fixes). - soc: qcom: pmic_glink: notify clients about the current state (git-fixes). - soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request (git-fixes). - soc: qcom: rpmh-rsc: Ensure irqs are not disabled by rpmh_rsc_send_data() callers (git-fixes). - soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (stable-fixes). - soc: xilinx: rename cpu_number1 to dummy_cpu_number (git-fixes). - soundwire: amd: fix for wake interrupt handling for clockstop mode (git-fixes). - soundwire: cadence: fix invalid PDI offset (stable-fixes). - speakup: Avoid crash on very long word (git-fixes). - speakup: Fix 8bit characters from direct synth (git-fixes). - speakup: Fix sizeof() vs ARRAY_SIZE() bug (git-fixes). - spi: atmel-quadspi: Add missing check for clk_prepare (git-fixes). - spi: cadence: Ensure data lines set to low during dummy-cycle period (stable-fixes). - spi: Do not mark message DMA mapped when no transfer in it is (git-fixes). - spi: fix null pointer dereference within spi_sync (git-fixes). - spi: imx: Do not expect DMA for i.MX{25,35,50,51,53} cspi devices (stable-fixes). - spi: intel-pci: Add support for Lunar Lake-M SPI serial flash (stable-fixes). - spi: lm70llp: fix links in doc and comments (git-fixes). - spi: lpspi: Avoid potential use-after-free in probe() (git-fixes). - spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe (git-fixes). - spi: microchip-core: defer asserting chip select until just before write to TX FIFO (git-fixes). - spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer (git-fixes). - spi: microchip-core: fix the issues in the isr (git-fixes). - spi: microchip-core: only disable SPI controller when register value change requires it (git-fixes). - spi: microchip-core-qspi: fix setting spi bus clock rate (git-fixes). - spi: mux: set ctlr->bits_per_word_mask (stable-fixes). - spi: spidev: add correct compatible for Rohm BH2228FV (git-fixes). - spi: spi-fsl-lpspi: remove redundant spi_controller_put call (git-fixes). - spi: spi-microchip-core: Fix the number of chip selects supported (git-fixes). - spi: spi-mt65xx: Fix NULL pointer access in interrupt handler (git-fixes). - spi: stm32: Do not warn about spurious interrupts (git-fixes). - spi: stm32: qspi: Clamp stm32_qspi_get_mode() output to CCR_BUSWIDTH_4 (git-fixes). - spi: stm32: qspi: Fix dual flash mode sanity test in stm32_qspi_setup() (git-fixes). - spi: xilinx: Fix kernel documentation in the xilinx_spi.h (git-fixes). - spmi: hisi-spmi-controller: Do not override device identifier (git-fixes). - ssb: Fix potential NULL pointer dereference in ssb_device_uevent() (stable-fixes). - staging: vc04_services: changen strncpy() to strscpy_pad() (stable-fixes). - staging: vc04_services: fix information leak in create_component() (git-fixes). - staging: vt6655: Remove unused declaration of RFbAL7230SelectChannelPostProcess() (git-fixes). - stmmac: Clear variable when destroying workqueue (git-fixes). - struct acpi_ec kABI workaround (git-fixes). - SUNRPC: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272). - SUNRPC: fix a memleak in gss_import_v2_context (git-fixes). - SUNRPC: Fix gss_free_in_token_pages() (git-fixes). - SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (git-fixes). - sunrpc: fix NFSACL RPC retry on soft mount (git-fixes). - SUNRPC: fix some memleaks in gssx_dec_option_array (git-fixes). - SUNRPC: return proper error from gss_wrap_req_priv (git-fixes). - supported.conf: Add APM X-Gene SoC hardware monitoring driver (bsc#1223265 jsc#PED-8570) - supported.conf: Add support for v4l2-dv-timings (jsc#PED-8644) - supported.conf: mark orangefs as optional We do not support orangefs at all (and it is already marked as such), but since there are no SLE consumers of it, mark it as optional. - supported.conf: mark ufs as unsupported UFS is an unsupported filesystem, mark it as such. We still keep it around (not marking as optional), to accommodate any potential migrations from BSD systems. - supported.conf: mark vdpa modules supported (jsc#PED-8954) - supported.conf: support tcp_dctcp module (jsc#PED-8111) - supported.conf: update for mt76 stuff (bsc#1227149) - swiotlb: extend buffer pre-padding to alloc_align_mask if necessary (bsc#1224331) - swiotlb: Fix alignment checks when both allocation and DMA masks are (bsc#1224331) - swiotlb: Fix double-allocation of slots due to broken alignment (bsc#1224331) - swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc() (bsc#1224331) - swiotlb: use the calculated number of areas (git-fixes). - tcp: Dump bound-only sockets in inet_diag (bsc#1204562). - Temporarily drop KVM patch that caused a regression (bsc#1226158) - thermal: devfreq_cooling: Fix perf state when calculate dfc res_util (git-fixes). - thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data (stable-fixes). - thermal/drivers/mediatek/lvts_thermal: Return error in case of invalid efuse data (git-fixes). - thermal/drivers/qcom/lmh: Check for SCM availability at probe (git-fixes). - thermal/drivers/tsens: Fix null pointer dereference (git-fixes). - thermal/of: Assume polling-delay(-passive) 0 when absent (stable-fixes). - thunderbolt: Avoid notify PM core about runtime PM resume (stable-fixes). - thunderbolt: debugfs: Fix margin debugfs node creation condition (git-fixes). - thunderbolt: Do not create DisplayPort tunnels on adapters of the same router (git-fixes). - thunderbolt: Fix wake configurations after device unplug (stable-fixes). - thunderbolt: Introduce tb_path_deactivate_hop() (stable-fixes). - thunderbolt: Introduce tb_port_reset() (stable-fixes). - thunderbolt: Make tb_switch_reset() support Thunderbolt 2, 3 and USB4 routers (stable-fixes). - thunderbolt: Reset only non-USB4 host routers in resume (git-fixes). - tls: break out of main loop when PEEK gets a non-data record (bsc#1221858). - tls: do not skip over different type records from the rx_list (bsc#1221858). - tls: fix peeking with sync+async decryption (bsc#1221858). - tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1221858). - tools/arch/x86/intel_sdsi: Fix maximum meter bundle length (git-fixes). - tools/arch/x86/intel_sdsi: Fix meter_certificate decoding (git-fixes). - tools/arch/x86/intel_sdsi: Fix meter_show display (git-fixes). - tools/latency-collector: Fix -Wformat-security compile warns (git-fixes). - tools/memory-model: Fix bug in lock.cat (git-fixes). - tools/power/cpupower: Fix Pstate frequency reporting on AMD Family 1Ah CPUs (stable-fixes). - tools/power turbostat: Expand probe_intel_uncore_frequency() (bsc#1221765). - tools/power/turbostat: Fix uncore frequency file string (bsc#1221765). - tools/power turbostat: Remember global max_die_id (stable-fixes). - tools: ynl: do not leak mcast_groups on init error (git-fixes). - tools: ynl: fix handling of multiple mcast groups (git-fixes). - tools: ynl: make sure we always pass yarg to mnl_cb_run (git-fixes). - tpm_tis: Do *not* flush uninitialized work (git-fixes). - tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer (git-fixes). - tracefs: Add missing lockdown check to tracefs_create_dir() (git-fixes). - tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test (git-fixes). - tracing: Build event generation tests only as modules (git-fixes). - tracing: Have saved_cmdlines arrays all in one allocation (git-fixes). - tracing: hide unused ftrace_event_id_fops (git-fixes). - tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string (git-fixes). - tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() (git-fixes). - tracing: Remove precision vsnprintf() check from print event (git-fixes). - tracing/ring-buffer: Fix wait_on_pipe() race (git-fixes). - tracing: Use .flush() call to wake up readers (git-fixes). - tty: mcf: MCF54418 has 10 UARTS (git-fixes). - tty: n_gsm: fix missing receive state reset after mode switch (git-fixes). - tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (git-fixes). - tty: n_tty: Fix buffer offsets when lookahead is used (git-fixes). - tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT (git-fixes). - tty: vt: fix 20 vs 0x20 typo in EScsiignore (git-fixes). - ubifs: dbg_check_idx_size: Fix kmemleak if loading znode failed (git-fixes). - ubifs: fix sort function prototype (git-fixes). - ubifs: Queue up space reservation tasks if retrying many times (git-fixes). - ubifs: Remove unreachable code in dbg_check_ltab_lnum (git-fixes). - ubifs: Set page uptodate in the correct place (git-fixes). - Update config files: adjust for Arm CONFIG_MT798X_WMAC (bsc#1227149) - Update config files (bsc#1227282). Update the CONFIG_LSM option to include the selinux LSM in the default set of LSMs. The selinux LSM will not get enabled because it is preceded by apparmor, which is the first exclusive LSM. Updating CONFIG_LSM resolves failures that result in the system not booting up when 'security=selinux selinux=1' is passed to the kernel and SELinux policies are installed. - Update config files. Disable N_GSM (jsc#PED-8240). - Update config files for mt76 stuff (bsc#1227149) - Update config files: update for the realtek wifi driver updates (bsc#1227149) - USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (stable-fixes). - usb: aqc111: stop lying about skb->truesize (git-fixes). - usb: atm: cxacru: fix endpoint checking in cxacru_bind() (git-fixes). - usb: audio-v2: Correct comments for struct uac_clock_selector_descriptor (git-fixes). - usb: cdc-wdm: close race between read and workqueue (git-fixes). - USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (git-fixes). - USB: core: Add hub_get() and hub_put() routines (stable-fixes). - USB: core: Fix access violation during port device removal (git-fixes). - USB: core: Fix deadlock in port 'disable' sysfs attribute (stable-fixes). - USB: core: Fix deadlock in usb_deauthorize_interface() (git-fixes). - USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (git-fixes). - usb: Disable USB3 LPM at shutdown (stable-fixes). - usb: dwc2: gadget: Fix exiting from clock gating (git-fixes). - usb: dwc2: gadget: LPM flow fix (git-fixes). - usb: dwc2: host: Fix dereference issue in DDMA completion flow (git-fixes). - usb: dwc2: host: Fix hibernation flow (git-fixes). - usb: dwc2: host: Fix ISOC flow in DDMA mode (git-fixes). - usb: dwc2: host: Fix remote wakeup from hibernation (git-fixes). - usb: dwc3-am62: Disable wakeup at remove (git-fixes). - usb: dwc3-am62: fix module unload/reload behavior (git-fixes). - usb: dwc3-am62: Rename private data (git-fixes). - usb: dwc3: core: Add DWC31 version 2.00a controller (stable-fixes). - usb: dwc3: core: Prevent phy suspend during init (Git-fixes). - usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock (git-fixes). - usb: dwc3: core: Workaround for CSR read timeout (stable-fixes). - usb: dwc3: pci: add support for the Intel Panther Lake (stable-fixes). - usb: dwc3: pci: Do not set 'linux,phy_charger_detect' property on Lenovo Yoga Tab2 1380 (stable-fixes). - usb: dwc3: pci: Drop duplicate ID (git-fixes). - usb: dwc3: Properly set system wakeup (git-fixes). - usb: dwc3: Wait unconditionally after issuing EndXfer command (git-fixes). - usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device (bsc#1220569). - usb: fotg210: Add missing kernel doc description (git-fixes). - usb: gadget: aspeed_udc: fix device address configuration (git-fixes). - usb: gadget: composite: fix OS descriptors w_value logic (git-fixes). - usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (stable-fixes). - usb: gadget: f_fs: Fix a race condition when processing setup packets (git-fixes). - usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (git-fixes). - usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error (stable-fixes). - usb: gadget: function: Remove usage of the deprecated ida_simple_xx() API (stable-fixes). - usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin (git-fixes). - usb: gadget: printer: fix races against disable (git-fixes). - usb: gadget: printer: SS+ support (stable-fixes). - usb: gadget: u_audio: Clear uac pointer when freed (git-fixes). - usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind (git-fixes). - usb: gadget: uvc: configfs: ensure guid to be valid before set (stable-fixes). - usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR (stable-fixes). - usb: gadget: uvc: use correct buffer size when parsing configfs lists (git-fixes). - usb: misc: uss720: check for incompatible versions of the Belkin F5U002 (stable-fixes). - usb: musb: da8xx: fix a resource leak in probe() (git-fixes). - usb: ohci: Prevent missed ohci interrupts (git-fixes). - usb: phy: generic: Get the vbus supply (git-fixes). - USB: serial: add device ID for VeriFone adapter (stable-fixes). - USB: serial: cp210x: add ID for MGP Instruments PDS100 (stable-fixes). - USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M (stable-fixes). - USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB (stable-fixes). - USB: serial: mos7840: fix crash on resume (git-fixes). - USB: serial: option: add Fibocom FM135-GL variants (stable-fixes). - USB: serial: option: add Fibocom FM350-GL (stable-fixes). - USB: serial: option: add Lonsung U8300/U9300 product (stable-fixes). - USB: serial: option: add MeiG Smart SLM320 product (stable-fixes). - USB: serial: option: add Rolling RW101-GL and RW135-GL support (stable-fixes). - USB: serial: option: add Rolling RW350-GL variants (stable-fixes). - USB: serial: option: add support for Fibocom FM650/FG650 (stable-fixes). - USB: serial: option: add support for Foxconn T99W651 (stable-fixes). - USB: serial: option: add Telit FN912 rmnet compositions (stable-fixes). - USB: serial: option: add Telit FN920C04 rmnet compositions (stable-fixes). - USB: serial: option: add Telit generic core-dump composition (stable-fixes). - USB: serial: option: support Quectel EM060K sub-models (stable-fixes). - usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined (stable-fixes). - usb-storage: alauda: Check whether the media is initialized (git-fixes). - usb: typec: Return size of buffer if pd_set operation succeeds (git-fixes). - usb: typec: tcpci: add generic tcpci fallback compatible (stable-fixes). - usb: typec: tcpm: Check for port partner validity before consuming it (git-fixes). - usb: typec: tcpm: clear pd_event queue in PORT_RESET (git-fixes). - usb: typec: tcpm: Correct port source pdo array in pd_set callback (git-fixes). - usb: typec: tcpm: Correct the PDO counting in pd_set (git-fixes). - usb: typec: tcpm: fix double-free issue in tcpm_port_unregister_pd() (git-fixes). - usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps (git-fixes). - usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state (git-fixes). - usb: typec: tcpm: unregister existing source caps before re-registration (git-fixes). - usb: typec: tipd: fix event checking for tps6598x (git-fixes). - usb: typec: ucsi: Ack also failed Get Error commands (git-fixes). - usb: typec: ucsi: Ack unsupported commands (stable-fixes). - usb: typec: ucsi_acpi: Refactor and fix DELL quirk (git-fixes). - usb: typec: ucsi: always register a link to USB PD device (git-fixes). - usb: typec: ucsi: Check for notifications after init (git-fixes). - usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros (git-fixes). - usb: typec: ucsi: Clear EVENT_PENDING under PPM lock (git-fixes). - usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset (stable-fixes). - usb: typec: ucsi: displayport: Fix potential deadlock (git-fixes). - usb: typec: ucsi: Fix connector check on init (git-fixes). - usb: typec: ucsi: Fix race between typec_switch and role_switch (git-fixes). - usb: typec: ucsi_glink: drop special handling for CCI_BUSY (stable-fixes). - usb: typec: ucsi: glink: fix child node release in probe function (git-fixes). - usb: typec: ucsi: Limit read size on v1.2 (stable-fixes). - usb: typec: ucsi: Never send a lone connector change ack (stable-fixes). - usb: typec: ucsi: simplify partner's PD caps registration (git-fixes). - USB: UAS: return ENODEV when submit urbs fail with device not attached (stable-fixes). - usb: ucsi: stm32: fix command completion handling (git-fixes). - usb: udc: remove warning when queue disabled ep (stable-fixes). - USB: xen-hcd: Traverse host/ when CONFIG_USB_XEN_HCD is selected (git-fixes). - usb: xhci: Add error handling in xhci_map_urb_for_dma (git-fixes). - usb: xhci: correct return value in case of STS_HCE (git-fixes). - usb: xhci: Implement xhci_handshake_check_state() helper. - usb: xhci-plat: Do not include xhci.h (stable-fixes). - usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB (stable-fixes). - vboxsf: Avoid an spurious warning if load_nls_xxx() fails (git-fixes). - vboxsf: explicitly deny setlease attempts (stable-fixes). - vdpa/mlx5: Allow CVQ size changes (git-fixes). - vdpa_sim: reset must not run (git-fixes). - veth: try harder when allocating queue memory (git-fixes). - vhost: Add smp_rmb() in vhost_enable_notify() (git-fixes). - vhost: Add smp_rmb() in vhost_vq_avail_empty() (git-fixes). - virtio-blk: Ensure no requests in virtqueues before deleting vqs (git-fixes). - virtio_net: avoid data-races on dev->stats fields (git-fixes). - virtio_net: checksum offloading handling fix (git-fixes). - virtio_net: Do not send RSS key if it is not supported (git-fixes). - virtio: treat alloc_dax() -EOPNOTSUPP failure as non-fatal (bsc#1223944). - VMCI: Fix an error handling path in vmci_guest_probe_device() (git-fixes). - VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() (stable-fixes). - vmci: prevent speculation leaks by sanitizing event in event_deliver() (git-fixes). - vmlinux.lds.h: catch .bss..L* sections into BSS') (git-fixes). - vsock/virtio: fix packet delivery to tap device (git-fixes). - watchdog: bd9576: Drop 'always-running' property (git-fixes). - watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger (git-fixes). - watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin (git-fixes). - watchdog: rzg2l_wdt: Check return status of pm_runtime_put() (git-fixes). - watchdog: rzg2l_wdt: Use pm_runtime_resume_and_get() (git-fixes). - watchdog: rzn1: Convert comma to semicolon (git-fixes). - watchdog: sa1100: Fix PTR_ERR_OR_ZERO() vs NULL check in sa1100dog_probe() (git-fixes). - wifi: add HAS_IOPORT dependencies (bsc#1227149). - wifi: ar5523: enable proper endpoint verification (git-fixes). - wifi: ar5523: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath10/11/12k: Use alloc_ordered_workqueue() to create ordered workqueues (bsc#1227149). - wifi: ath10k: add missing wmi_10_4_feature_mask documentation (bsc#1227149). - wifi: ath10k: add support to allow broadcast action frame RX (bsc#1227149). - wifi: ath10k: Annotate struct ath10k_ce_ring with __counted_by (bsc#1227149). - wifi: ath10k: consistently use kstrtoX_from_user() functions (bsc#1227149). - wifi: ath10k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath10k: correctly document enum wmi_tlv_tx_pause_id (bsc#1227149). - wifi: ath10k: Drop checks that are always false (bsc#1227149). - wifi: ath10k: Drop cleaning of driver data from probe error path and remove (bsc#1227149). - wifi: ath10k: drop HTT_DATA_TX_STATUS_DOWNLOAD_FAIL (bsc#1227149). - wifi: ath10k: Fix a few spelling errors (bsc#1227149). - wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (git-fixes). - wifi: ath10k: Fix enum ath10k_fw_crash_dump_type kernel-doc (bsc#1227149). - wifi: ath10k: Fix htt_data_tx_completion kernel-doc warning (bsc#1227149). - wifi: ath10k: fix htt_q_state_conf & htt_q_state kernel-doc (bsc#1227149). - wifi: ath10k: fix QCOM_RPROC_COMMON dependency (git-fixes). - wifi: ath10k: fix Wvoid-pointer-to-enum-cast warning (bsc#1227149). - wifi: ath10k: improve structure padding (bsc#1227149). - wifi: ath10k: indicate to mac80211 scan complete with aborted flag for ATH10K_SCAN_STARTING state (bsc#1227149). - wifi: ath10k: poll service ready message before failing (git-fixes). - wifi: ath10k: populate board data for WCN3990 (git-fixes). - wifi: ath10k: remove ath10k_htc_record::pauload[] (bsc#1227149). - wifi: ath10k: remove duplicate memset() in 10.4 TDLS peer update (bsc#1227149). - wifi: ath10k: remove struct wmi_pdev_chanlist_update_event (bsc#1227149). - wifi: ath10k: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath10k: Remove unused struct ath10k_htc_frame (bsc#1227149). - wifi: ath10k: remove unused template structs (bsc#1227149). - wifi: ath10k: replace deprecated strncpy with memcpy (bsc#1227149). - wifi: ath10k: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: ath10k: simplify __ath10k_htt_tx_txq_recalc() (bsc#1227149). - wifi: ath10k: simplify ath10k_peer_create() (bsc#1227149). - wifi: ath10k: Update Qualcomm Innovation Center, Inc. copyrights (bsc#1227149). - wifi: ath10k: Use DECLARE_FLEX_ARRAY() for ath10k_htc_record (bsc#1227149). - wifi: ath10k: use flexible array in struct wmi_host_mem_chunks (bsc#1227149). - wifi: ath10k: use flexible array in struct wmi_tdls_peer_capabilities (bsc#1227149). - wifi: ath10k: use flexible arrays for WMI start scan TLVs (bsc#1227149). - wifi: ath10k: Use list_count_nodes() (bsc#1227149). - wifi: ath11k: add chip id board name while searching board-2.bin for WCN6855 (bsc#1227149). - wifi: ath11k: Add coldboot calibration support for QCN9074 (bsc#1227149). - wifi: ath11k: add firmware-2.bin support (bsc#1227149). - wifi: ath11k: add handler for WMI_VDEV_SET_TPC_POWER_CMDID (bsc#1227149). - wifi: ath11k: Add HTT stats for PHY reset case (bsc#1227149). - wifi: ath11k: add parse of transmit power envelope element (bsc#1227149). - wifi: ath11k: add parsing of phy bitmap for reg rules (bsc#1227149). - wifi: ath11k: add support for QCA2066 (bsc#1227149). - wifi: ath11k: add support to select 6 GHz regulatory type (bsc#1227149). - wifi: ath11k: add WMI event debug messages (bsc#1227149). - wifi: ath11k: add WMI_TLV_SERVICE_EXT_TPC_REG_SUPPORT service bit (bsc#1227149). - wifi: ath11k: Allow ath11k to boot without caldata in ftm mode (bsc#1227149). - wifi: ath11k: ath11k_debugfs_register(): fix format-truncation warning (bsc#1227149). - wifi: ath11k: avoid forward declaration of ath11k_mac_start_vdev_delay() (bsc#1227149). - wifi: ath11k: call ath11k_mac_fils_discovery() without condition (bsc#1227149). - wifi: ath11k: Consistently use ath11k_vif_to_arvif() (bsc#1227149). - wifi: ath11k: Consolidate WMI peer flags (bsc#1227149). - wifi: ath11k: constify MHI channel and controller configs (bsc#1227149). - wifi: ath11k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath11k: debug: add ATH11K_DBG_CE (bsc#1227149). - wifi: ath11k: debug: remove unused ATH11K_DBG_ANY (bsc#1227149). - wifi: ath11k: debug: use all upper case in ATH11k_DBG_HAL (bsc#1227149). - wifi: ath11k: decrease MHI channel buffer length to 8KB (bsc#1207948). - wifi: ath11k: document HAL_RX_BUF_RBM_SW4_BM (bsc#1227149). - wifi: ath11k: Do not directly use scan_flags in struct scan_req_params (bsc#1227149). - wifi: ath11k: do not force enable power save on non-running vdevs (git-fixes). - wifi: ath11k: do not use %pK (bsc#1227149). - wifi: ath11k: dp: cleanup debug message (bsc#1227149). - wifi: ath11k: driver settings for MBSSID and EMA (bsc#1227149). - wifi: ath11k: drop NULL pointer check in ath11k_update_per_peer_tx_stats() (bsc#1227149). - wifi: ath11k: drop redundant check in ath11k_dp_rx_mon_dest_process() (bsc#1227149). - wifi: ath11k: EMA beacon support (bsc#1227149). - wifi: ath11k: enable 36 bit mask for stream DMA (bsc#1227149). - wifi: ath11k: factory test mode support (bsc#1227149). - wifi: ath11k: fill parameters for vdev set tpc power WMI command (bsc#1227149). - wifi: ath11k: Fix a few spelling errors (bsc#1227149). - wifi: ath11k: fix a possible dead lock caused by ab->base_lock (bsc#1227149). - wifi: ath11k: Fix ath11k_htc_record flexible record (bsc#1227149). - wifi: ath11k: fix ath11k_mac_op_remain_on_channel() stack usage (bsc#1227149). - wifi: ath11k: fix CAC running state during virtual interface start (bsc#1227149). - wifi: ath11k: fix connection failure due to unexpected peer delete (bsc#1227149). - wifi: ath11k: fix IOMMU errors on buffer rings (bsc#1227149). - wifi: ath11k: fix RCU documentation in ath11k_mac_op_ipv6_changed() (git-fixes). - wifi: ath11k: fix tid bitmap is 0 in peer rx mu stats (bsc#1227149). - wifi: ath11k: fix WCN6750 firmware crash caused by 17 num_vdevs (bsc#1227149). - wifi: ath11k: fix wrong definition of CE ring's base address (git-fixes). - wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes). - wifi: ath11k: fix Wvoid-pointer-to-enum-cast warning (bsc#1227149). - wifi: ath11k: hal: cleanup debug message (bsc#1227149). - wifi: ath11k: htc: cleanup debug messages (bsc#1227149). - wifi: ath11k: initialize eirp_power before use (bsc#1227149). - wifi: ath11k: Introduce and use ath11k_sta_to_arsta() (bsc#1227149). - wifi: ath11k: mac: fix struct ieee80211_sband_iftype_data handling (bsc#1227149). - wifi: ath11k: MBSSID beacon support (bsc#1227149). - wifi: ath11k: MBSSID configuration during vdev create/start (bsc#1227149). - wifi: ath11k: MBSSID parameter configuration in AP mode (bsc#1227149). - wifi: ath11k: mhi: add a warning message for MHI_CB_EE_RDDM crash (bsc#1227149). - wifi: ath11k: move pci.ops registration ahead (bsc#1227149). - wifi: ath11k: move power type check to ASSOC stage when connecting to 6 GHz AP (bsc#1227149). - wifi: ath11k: move references from rsvd2 to info fields (bsc#1227149). - wifi: ath11k: pci: cleanup debug logging (bsc#1227149). - wifi: ath11k: print debug level in debug messages (bsc#1227149). - wifi: ath11k: provide address list if chip supports 2 stations (bsc#1227149). - wifi: ath11k: qmi: refactor ath11k_qmi_m3_load() (bsc#1227149). - wifi: ath11k: Really consistently use ath11k_vif_to_arvif() (bsc#1227149). - wifi: ath11k: refactor ath11k_wmi_tlv_parse_alloc() (bsc#1227149). - wifi: ath11k: refactor setting country code logic (stable-fixes). - wifi: ath11k: refactor vif parameter configurations (bsc#1227149). - wifi: ath11k: Relocate the func ath11k_mac_bitrate_mask_num_ht_rates() and change hweight16 to hweight8 (bsc#1227149). - wifi: ath11k: rely on mac80211 debugfs handling for vif (bsc#1227149). - wifi: ath11k: Remove ath11k_base::bd_api (bsc#1227149). - wifi: ath11k: remove ath11k_htc_record::pauload[] (bsc#1227149). - wifi: ath11k: Remove cal_done check during probe (bsc#1227149). - wifi: ath11k: remove invalid peer create logic (bsc#1227149). - wifi: ath11k: remove manual mask names from debug messages (bsc#1227149). - wifi: ath11k: Remove obsolete struct wmi_peer_flags_map *peer_flags (bsc#1227149). - wifi: ath11k: Remove scan_flags union from struct scan_req_params (bsc#1227149). - wifi: ath11k: Remove struct ath11k::ops (bsc#1227149). - wifi: ath11k: remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath11k: Remove unneeded semicolon (bsc#1227149). - wifi: ath11k: remove unsupported event handlers (bsc#1227149). - wifi: ath11k: Remove unused declarations (bsc#1227149). - wifi: ath11k: remove unused function ath11k_tm_event_wmi() (bsc#1227149). - wifi: ath11k: remove unused members of 'struct ath11k_base' (bsc#1227149). - wifi: ath11k: remove unused scan_events from struct scan_req_params (bsc#1227149). - wifi: ath11k: Remove unused struct ath11k_htc_frame (bsc#1227149). - wifi: ath11k: rename ath11k_start_vdev_delay() (bsc#1227149). - wifi: ath11k: rename MBSSID fields in wmi_vdev_up_cmd (bsc#1227149). - wifi: ath11k: rename the sc naming convention to ab (bsc#1227149). - wifi: ath11k: rename the wmi_sc naming convention to wmi_ab (bsc#1227149). - wifi: ath11k: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: ath11k: restore country code during resume (git-fixes). - wifi: ath11k: save max transmit power in vdev start response event from firmware (bsc#1227149). - wifi: ath11k: save power spectral density(PSD) of regulatory rule (bsc#1227149). - wifi: ath11k: Send HT fixed rate in WMI peer fixed param (bsc#1227149). - wifi: ath11k: simplify ath11k_mac_validate_vht_he_fixed_rate_settings() (bsc#1227149). - wifi: ath11k: simplify the code with module_platform_driver (bsc#1227149). - wifi: ath11k: Split coldboot calibration hw_param (bsc#1227149). - wifi: ath11k: store cur_regulatory_info for each radio (bsc#1227149). - wifi: ath11k: support 2 station interfaces (bsc#1227149). - wifi: ath11k: update proper pdev/vdev id for testmode command (bsc#1227149). - wifi: ath11k: Update Qualcomm Innovation Center, Inc. copyrights (bsc#1227149). - wifi: ath11k: update regulatory rules when connect to AP on 6 GHz band for station (bsc#1227149). - wifi: ath11k: update regulatory rules when interface added (bsc#1227149). - wifi: ath11k: Use device_get_match_data() (bsc#1227149). - wifi: ath11k: use kstrtoul_from_user() where appropriate (bsc#1227149). - wifi: ath11k: Use list_count_nodes() (bsc#1227149). - wifi: ath11k: use RCU when accessing struct inet6_dev::ac_list (bsc#1227149). - wifi: ath11k: use select for CRYPTO_MICHAEL_MIC (bsc#1227149). - wifi: ath11k: use WMI_VDEV_SET_TPC_POWER_CMDID when EXT_TPC_REG_SUPPORT for 6 GHz (bsc#1227149). - wifi: ath11k: wmi: add unified command debug messages (bsc#1227149). - wifi: ath11k: wmi: cleanup error handling in ath11k_wmi_send_init_country_cmd() (bsc#1227149). - wifi: ath11k: wmi: use common error handling style (bsc#1227149). - wifi: ath11k: workaround too long expansion sparse warnings (bsc#1227149). - wifi: ath12k: add 320 MHz bandwidth enums (bsc#1227149). - wifi: ath12k: add ath12k_qmi_free_resource() for recovery (bsc#1227149). - wifi: ath12k: add CE and ext IRQ flag to indicate irq_handler (bsc#1227149). - wifi: ath12k: add EHT PHY modes (bsc#1227149). - wifi: ath12k: add fallback board name without variant while searching board-2.bin (bsc#1227149). - wifi: ath12k: add firmware-2.bin support (bsc#1227149). - wifi: ath12k: add handler for scan event WMI_SCAN_EVENT_DEQUEUED (bsc#1227149). - wifi: ath12k: add keep backward compatibility of PHY mode to avoid firmware crash (bsc#1227149). - wifi: ath12k: Add logic to write QRTR node id to scratch (bsc#1227149). - wifi: ath12k: add MAC id support in WBM error path (bsc#1227149). - wifi: ath12k: Add missing qmi_txn_cancel() calls (bsc#1227149). - wifi: ath12k: add MLO header in peer association (bsc#1227149). - wifi: ath12k: add msdu_end structure for WCN7850 (bsc#1227149). - wifi: ath12k: add P2P IE in beacon template (bsc#1227149). - wifi: ath12k: add parsing of phy bitmap for reg rules (bsc#1227149). - wifi: ath12k: add processing for TWT disable event (bsc#1227149). - wifi: ath12k: add processing for TWT enable event (bsc#1227149). - wifi: ath12k: add qmi_cnss_feature_bitmap field to hardware parameters (bsc#1227149). - wifi: ath12k: add QMI PHY capability learn support (bsc#1227149). - wifi: ath12k: add rcu lock for ath12k_wmi_p2p_noa_event() (bsc#1227149). - wifi: ath12k: add read variant from SMBIOS for download board data (bsc#1227149). - wifi: ath12k: add string type to search board data in board-2.bin for WCN7850 (bsc#1227149). - wifi: ath12k: add support for BA1024 (bsc#1227149). - wifi: ath12k: add support for collecting firmware log (bsc#1227149). - wifi: ath12k: add support for hardware rfkill for WCN7850 (bsc#1227149). - wifi: ath12k: add support for peer meta data version (bsc#1227149). - wifi: ath12k: add support one MSI vector (bsc#1227149). - wifi: ath12k: Add support to parse new WMI event for 6 GHz regulatory (bsc#1227149). - wifi: ath12k: add support to search regdb data in board-2.bin for WCN7850 (bsc#1227149). - wifi: ath12k: add wait operation for tx management packets for flush from mac80211 (bsc#1227149). - wifi: ath12k: add WMI support for EHT peer (bsc#1227149). - wifi: ath12k: advertise P2P dev support for WCN7850 (bsc#1227149). - wifi: ath12k: allow specific mgmt frame tx while vdev is not up (bsc#1227149). - wifi: ath12k: ath12k_start_vdev_delay(): convert to use ar (bsc#1227149). - wifi: ath12k: avoid deadlock by change ieee80211_queue_work for regd_update_work (bsc#1227149). - wifi: ath12k: avoid duplicated vdev stop (git-fixes). - wifi: ath12k: avoid explicit HW conversion argument in Rxdma replenish (bsc#1227149). - wifi: ath12k: avoid explicit mac id argument in Rxdma replenish (bsc#1227149). - wifi: ath12k: avoid explicit RBM id argument in Rxdma replenish (bsc#1227149). - wifi: ath12k: avoid repeated hw access from ar (bsc#1227149). - wifi: ath12k: avoid repeated wiphy access from hw (bsc#1227149). - wifi: ath12k: call ath12k_mac_fils_discovery() without condition (bsc#1227149). - wifi: ath12k: change DMA direction while mapping reinjected packets (git-fixes). - wifi: ath12k: change interface combination for P2P mode (bsc#1227149). - wifi: ath12k: change MAC buffer ring size to 2048 (bsc#1227149). - wifi: ath12k: change to initialize recovery variables earlier in ath12k_core_reset() (bsc#1227149). - wifi: ath12k: change to treat alpha code na as world wide regdomain (bsc#1227149). - wifi: ath12k: change to use dynamic memory for channel list of scan (bsc#1227149). - wifi: ath12k: change WLAN_SCAN_PARAMS_MAX_IE_LEN from 256 to 512 (bsc#1227149). - wifi: ath12k: check hardware major version for WCN7850 (bsc#1227149). - wifi: ath12k: check M3 buffer size as well whey trying to reuse it (bsc#1227149). - wifi: ath12k: configure puncturing bitmap (bsc#1227149). - wifi: ath12k: configure RDDM size to MHI for device recovery (bsc#1227149). - wifi: ath12k: Consistently use ath12k_vif_to_arvif() (bsc#1227149). - wifi: ath12k: Consolidate WMI peer flags (bsc#1227149). - wifi: ath12k: Correct 6 GHz frequency value in rx status (git-fixes). - wifi: ath12k: correct the data_type from QMI_OPT_FLAG to QMI_UNSIGNED_1_BYTE for mlo_capable (bsc#1227149). - wifi: ath12k: delete the timer rx_replenish_retry during rmmod (bsc#1227149). - wifi: ath12k: designating channel frequency for ROC scan (bsc#1227149). - wifi: ath12k: disable QMI PHY capability learn in split-phy QCN9274 (bsc#1227149). - wifi: ath12k: do not drop data frames from unassociated stations (bsc#1227149). - wifi: ath12k: Do not drop tx_status in failure case (git-fixes). - wifi: ath12k: do not restore ASPM in case of single MSI vector (bsc#1227149). - wifi: ath12k: Do not use scan_flags from struct ath12k_wmi_scan_req_arg (bsc#1227149). - wifi: ath12k: drop failed transmitted frames from metric calculation (git-fixes). - wifi: ath12k: drop NULL pointer check in ath12k_update_per_peer_tx_stats() (bsc#1227149). - wifi: ath12k: enable 320 MHz bandwidth for 6 GHz band in EHT PHY capability for WCN7850 (bsc#1227149). - wifi: ath12k: enable 802.11 power save mode in station mode (bsc#1227149). - wifi: ath12k: enable IEEE80211_HW_SINGLE_SCAN_ON_ALL_BANDS for WCN7850 (bsc#1227149). - wifi: ath12k: Enable Mesh support for QCN9274 (bsc#1227149). - wifi: ath12k: fetch correct pdev id from WMI_SERVICE_READY_EXT_EVENTID (bsc#1227149). - wifi: ath12k: Fix a few spelling errors (bsc#1227149). - wifi: ath12k: fix broken structure wmi_vdev_create_cmd (bsc#1227149). - wifi: ath12k: fix conf_mutex in ath12k_mac_op_unassign_vif_chanctx() (bsc#1227149). - wifi: ath12k: fix debug messages (bsc#1227149). - wifi: ath12k: fix fetching MCBC flag for QCN9274 (bsc#1227149). - wifi: ath12k: fix firmware assert during insmod in memory segment mode (bsc#1227149). - wifi: ath12k: fix firmware crash during reo reinject (git-fixes). - wifi: ath12k: fix invalid m3 buffer address (bsc#1227149). - wifi: ath12k: fix invalid memory access while processing fragmented packets (git-fixes). - wifi: ath12k: fix kernel crash during resume (bsc#1227149). - wifi: ath12k: fix license in p2p.c and p2p.h (bsc#1227149). - wifi: ath12k: fix out-of-bound access of qmi_invoke_handler() (git-fixes). - wifi: ath12k: fix PCI read and write (bsc#1227149). - wifi: ath12k: fix peer metadata parsing (git-fixes). - wifi: ath12k: fix potential wmi_mgmt_tx_queue race condition (bsc#1227149). - wifi: ath12k: fix radar detection in 160 MHz (bsc#1227149). - wifi: ath12k: fix recovery fail while firmware crash when doing channel switch (bsc#1227149). - wifi: ath12k: fix the error handler of rfkill config (bsc#1227149). - wifi: ath12k: fix the issue that the multicast/broadcast indicator is not read correctly for WCN7850 (bsc#1227149). - wifi: ath12k: fix the problem that down grade phy mode operation (bsc#1227149). - wifi: ath12k: Fix tx completion ring (WBM2SW) setup failure (git-fixes). - wifi: ath12k: Fix uninitialized use of ret in ath12k_mac_allocate() (bsc#1227149). - wifi: ath12k: fix WARN_ON during ath12k_mac_update_vif_chan (bsc#1227149). - wifi: ath12k: fix wrong definition of CE ring's base address (git-fixes). - wifi: ath12k: fix wrong definitions of hal_reo_update_rx_queue (bsc#1227149). - wifi: ath12k: get msi_data again after request_irq is called (bsc#1227149). - wifi: ath12k: implement handling of P2P NoA event (bsc#1227149). - wifi: ath12k: implement remain on channel for P2P mode (bsc#1227149). - wifi: ath12k: increase vdev setup timeout (bsc#1227149). - wifi: ath12k: indicate NON MBSSID vdev by default during vdev start (bsc#1227149). - wifi: ath12k: indicate scan complete for scan canceled when scan running (bsc#1227149). - wifi: ath12k: indicate to mac80211 scan complete with aborted flag for ATH12K_SCAN_STARTING state (bsc#1227149). - wifi: ath12k: Introduce and use ath12k_sta_to_arsta() (bsc#1227149). - wifi: ath12k: Introduce the container for mac80211 hw (bsc#1227149). - wifi: ath12k: Make QMI message rules const (bsc#1227149). - wifi: ath12k: move HE capabilities processing to a new function (bsc#1227149). - wifi: ath12k: move peer delete after vdev stop of station for WCN7850 (bsc#1227149). - wifi: ath12k: Optimize the mac80211 hw data access (bsc#1227149). - wifi: ath12k: parse WMI service ready ext2 event (bsc#1227149). - wifi: ath12k: peer assoc for 320 MHz (bsc#1227149). - wifi: ath12k: prepare EHT peer assoc parameters (bsc#1227149). - wifi: ath12k: propagate EHT capabilities to userspace (bsc#1227149). - wifi: ath12k: Read board id to support split-PHY QCN9274 (bsc#1227149). - wifi: ath12k: refactor ath12k_bss_assoc() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_allocate() and ath12k_mac_destroy() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_ampdu_action() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_config() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_configure_filter() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_conf_tx() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_flush() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_start() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_stop() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_update_vif_offload() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_register() and ath12k_mac_unregister() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_setup_channels_rates() (bsc#1227149). - wifi: ath12k: refactor ath12k_wmi_tlv_parse_alloc() (bsc#1227149). - wifi: ath12k: refactor DP Rxdma ring structure (bsc#1227149). - wifi: ath12k: refactor multiple MSI vector implementation (bsc#1227149). - wifi: ath12k: refactor QMI MLO host capability helper function (bsc#1227149). - wifi: ath12k: Refactor the mac80211 hw access from link/radio (bsc#1227149). - wifi: ath12k: refactor the rfkill worker (bsc#1227149). - wifi: ath12k: register EHT mesh capabilities (bsc#1227149). - wifi: ath12k: relax list iteration in ath12k_mac_vif_unref() (bsc#1227149). - wifi: ath12k: relocate ath12k_dp_pdev_pre_alloc() call (bsc#1227149). - wifi: ath12k: Remove ath12k_base::bd_api (bsc#1227149). - wifi: ath12k: remove hal_desc_sz from hw params (bsc#1227149). - wifi: ath12k: Remove obsolete struct wmi_peer_flags_map *peer_flags (bsc#1227149). - wifi: ath12k: remove redundant memset() in ath12k_hal_reo_qdesc_setup() (bsc#1227149). - wifi: ath12k: Remove some dead code (bsc#1227149). - wifi: ath12k: Remove struct ath12k::ops (bsc#1227149). - wifi: ath12k: remove the unused scan_events from ath12k_wmi_scan_req_arg (bsc#1227149). - wifi: ath12k: Remove unnecessary struct qmi_txn initializers (bsc#1227149). - wifi: ath12k: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath12k: remove unused ATH12K_BD_IE_BOARD_EXT (bsc#1227149). - wifi: ath12k: Remove unused declarations (bsc#1227149). - wifi: ath12k: Remove unused scan_flags from struct ath12k_wmi_scan_req_arg (bsc#1227149). - wifi: ath12k: rename HE capabilities setup/copy functions (bsc#1227149). - wifi: ath12k: rename the sc naming convention to ab (bsc#1227149). - wifi: ath12k: rename the wmi_sc naming convention to wmi_ab (bsc#1227149). - wifi: ath12k: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: ath12k: send WMI_PEER_REORDER_QUEUE_SETUP_CMDID when ADDBA session starts (bsc#1227149). - wifi: ath12k: Set default beacon mode to burst mode (bsc#1227149). - wifi: ath12k: set IRQ affinity to CPU0 in case of one MSI vector (bsc#1227149). - wifi: ath12k: set PERST pin no pull request for WCN7850 (bsc#1227149). - wifi: ath12k: split hal_ops to support RX TLVs word mask compaction (bsc#1227149). - wifi: ath12k: subscribe required word mask from rx tlv (bsc#1227149). - wifi: ath12k: support default regdb while searching board-2.bin for WCN7850 (bsc#1227149). - wifi: ath12k: trigger station disconnect on hardware restart (bsc#1227149). - wifi: ath12k: use ATH12K_PCI_IRQ_DP_OFFSET for DP IRQ (bsc#1227149). - wifi: ath12k: use correct flag field for 320 MHz channels (bsc#1227149). - wifi: ath12k: Use initializers for QMI message buffers (bsc#1227149). - wifi: ath12k: Use msdu_end to check MCBC (bsc#1227149). - wifi: ath12k: Use pdev_id rather than mac_id to get pdev (bsc#1227149). - wifi: ath12k: use select for CRYPTO_MICHAEL_MIC (bsc#1227149). - wifi: ath12k: WMI support to process EHT capabilities (bsc#1227149). - wifi: ath5k: ath5k_hw_get_median_noise_floor(): use swap() (bsc#1227149). - wifi: ath5k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath5k: remove phydir check from ath5k_debug_init_device() (bsc#1227149). - wifi: ath5k: Remove redundant dev_err() (bsc#1227149). - wifi: ath5k: remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath5k: remove unused ath5k_eeprom_info::ee_antenna (bsc#1227149). - wifi: ath5k: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: ath6kl: Remove error checking for debugfs_create_dir() (bsc#1227149). - wifi: ath6kl: remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath6kl: replace deprecated strncpy with memcpy (bsc#1227149). - wifi: ath9k: avoid using uninitialized array (bsc#1227149). - wifi: ath9k: clean up function ath9k_hif_usb_resume (bsc#1227149). - wifi: ath9k: consistently use kstrtoX_from_user() functions (bsc#1227149). - wifi: ath9k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath9k: delete some unused/duplicate macros (bsc#1227149). - wifi: ath9k: fix LNA selection in ath_ant_try_scan() (stable-fixes). - wifi: ath9k: fix parameter check in ath9k_init_debug() (bsc#1227149). - wifi: ath9k_htc: fix format-truncation warning (bsc#1227149). - wifi: ath9k: remove redundant assignment to variable ret (bsc#1227149). - wifi: ath9k: Remove unnecessary ternary operators (bsc#1227149). - wifi: ath9k: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath9k: Remove unused declarations (bsc#1227149). - wifi: ath9k: reset survey of current channel after a scan started (bsc#1227149). - wifi: ath9k: simplify ar9003_hw_process_ini() (bsc#1227149). - wifi: ath9k: use u32 for txgain indexes (bsc#1227149). - wifi: ath9k: work around memset overflow warning (bsc#1227149). - wifi: ath: dfs_pattern_detector: Use flex array to simplify code (bsc#1227149). - wifi: ath: remove unused-but-set parameter (bsc#1227149). - wifi: ath: Use is_multicast_ether_addr() to check multicast Ether address (bsc#1227149). - wifi: ath: work around false-positive stringop-overread warning (bsc#1227149). - wifi: atk10k: Do not opencode ath10k_pci_priv() in ath10k_ahb_priv() (bsc#1227149). - wifi: atmel: remove unused ioctl function (bsc#1227149). - wifi: b43: silence sparse warnings (bsc#1227149). - wifi: brcm80211: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro (stable-fixes). - wifi: brcmfmac: add linefeed at end of file (bsc#1227149). - wifi: brcmfmac: add per-vendor feature detection callback (stable-fixes). - wifi: brcmfmac: allow per-vendor event handling (bsc#1227149). - wifi: brcmfmac: Annotate struct brcmf_gscan_config with __counted_by (bsc#1227149). - wifi: brcmfmac: cfg80211: Use WSEC to set SAE password (stable-fixes). - wifi: brcmfmac: Demote vendor-specific attach/detach messages to info (git-fixes). - wifi: brcmfmac: Detect corner error case earlier with log (bsc#1227149). - wifi: brcmfmac: do not cast hidden SSID attribute value to boolean (bsc#1227149). - wifi: brcmfmac: do not pass hidden SSID attribute as value directly (bsc#1227149). - wifi: brcmfmac: export firmware interface functions (bsc#1227149). - wifi: brcmfmac: firmware: Annotate struct brcmf_fw_request with __counted_by (bsc#1227149). - wifi: brcmfmac: fix format-truncation warnings (bsc#1227149). - wifi: brcmfmac: fix gnu_printf warnings (bsc#1227149). - wifi: brcmfmac: fweh: Add __counted_by for struct brcmf_fweh_queue_item and use struct_size() (bsc#1227149). - wifi: brcmfmac: fweh: Fix boot crash on Raspberry Pi 4 (bsc#1227149). - wifi: brcmfmac: move feature overrides before feature_disable (bsc#1227149). - wifi: brcmfmac: pcie: handle randbuf allocation failure (git-fixes). - wifi: brcmsmac: cleanup SCB-related data types (bsc#1227149). - wifi: brcmsmac: fix gnu_printf warnings (bsc#1227149). - wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (git-fixes). - wifi: brcmsmac: phy: Remove unreachable code (bsc#1227149). - wifi: brcmsmac: remove more unused data types (bsc#1227149). - wifi: brcmsmac: remove unused data type (bsc#1227149). - wifi: brcmsmac: replace deprecated strncpy with memcpy (bsc#1227149). - wifi: brcmsmac: silence sparse warnings (bsc#1227149). - wifi: brcmutil: use helper function pktq_empty() instead of open code (bsc#1227149). - wifi: carl9170: add a proper sanity check for endpoints (git-fixes). - wifi: carl9170: re-fix fortified-memset warning (git-fixes). - wifi: carl9170: Remove redundant assignment to pointer super (bsc#1227149). - wifi: carl9170: remove unnecessary (void*) conversions (bsc#1227149). - wifi: cfg80211: add a flag to disable wireless extensions (bsc#1227149). - wifi: cfg80211: add BSS usage reporting (bsc#1227149). - wifi: cfg80211: add local_state_change to deauth trace (bsc#1227149). - wifi: cfg80211: add locked debugfs wrappers (bsc#1227149). - wifi: cfg80211: address several kerneldoc warnings (bsc#1227149). - wifi: cfg80211: add RNR with reporting AP information (bsc#1227149). - wifi: cfg80211: Add support for setting TID to link mapping (bsc#1227149). - wifi: cfg80211: add support for SPP A-MSDUs (bsc#1227149). - wifi: cfg80211: Allow AP/P2PGO to indicate port authorization to peer STA/P2PClient (bsc#1227149). - wifi: cfg80211: allow reg update by driver even if wiphy->regd is set (bsc#1227149). - wifi: cfg80211: annotate iftype_data pointer with sparse (bsc#1227149). - wifi: cfg80211: avoid double free if updating BSS fails (bsc#1227149). - wifi: cfg80211: call reg_call_notifier on beacon hints (bsc#1227149). - wifi: cfg80211: check A-MSDU format more carefully (stable-fixes). - wifi: cfg80211: check RTNL when iterating devices (bsc#1227149). - wifi: cfg80211: check wiphy mutex is held for wdev mutex (bsc#1227149). - wifi: cfg80211: consume both probe response and beacon IEs (bsc#1227149). - wifi: cfg80211: detect stuck ECSA element in probe resp (bsc#1227149). - wifi: cfg80211: ensure cfg80211_bss_update frees IEs on error (bsc#1227149). - wifi: cfg80211: export DFS CAC time and usable state helper functions (bsc#1227149). - wifi: cfg80211: expose nl80211_chan_width_to_mhz for wide sharing (bsc#1227149). - wifi: cfg80211: Extend support for scanning while MLO connected (bsc#1227149). - wifi: cfg80211: fix 6 GHz scan request building (stable-fixes). - wifi: cfg80211: fix CQM for non-range use (bsc#1227149). - wifi: cfg80211: fix header kernel-doc typos (bsc#1227149). - wifi: cfg80211: fix kernel-doc for wiphy_delayed_work_flush() (bsc#1227149). - wifi: cfg80211: fix rdev_dump_mpp() arguments order (stable-fixes). - wifi: cfg80211: fix spelling & punctutation (bsc#1227149). - wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class (stable-fixes). - wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (git-fixes). - wifi: cfg80211: Fix typo in documentation (bsc#1227149). - wifi: cfg80211: fully move wiphy work to unbound workqueue (git-fixes). - wifi: cfg80211: generate an ML element for per-STA profiles (bsc#1227149). - wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (git-fixes). - wifi: cfg80211: Handle specific BSSID in 6GHz scanning (bsc#1227149). - wifi: cfg80211: handle UHB AP and STA power type (bsc#1227149). - wifi: cfg80211: hold wiphy lock in cfg80211_any_wiphy_oper_chan() (bsc#1227149). - wifi: cfg80211: hold wiphy mutex for send_interface (bsc#1227149). - wifi: cfg80211: improve documentation for flag fields (bsc#1227149). - wifi: cfg80211: Include operating class 137 in 6GHz band (bsc#1227149). - wifi: cfg80211: introduce cfg80211_ssid_eq() (bsc#1227149). - wifi: cfg80211: Lock wiphy in cfg80211_get_station (git-fixes). - wifi: cfg80211: make read-only array centers_80mhz static const (bsc#1227149). - wifi: cfg80211: make RX assoc data const (bsc#1227149). - wifi: cfg80211: modify prototype for change_beacon (bsc#1227149). - wifi: cfg80211: OWE DH IE handling offload (bsc#1227149). - wifi: cfg80211: pmsr: use correct nla_get_uX functions (git-fixes). - wifi: cfg80211: reg: describe return values in kernel-doc (bsc#1227149). - wifi: cfg80211: reg: fix various kernel-doc issues (bsc#1227149). - wifi: cfg80211: reg: hold wiphy mutex for wdev iteration (bsc#1227149). - wifi: cfg80211: reg: Support P2P operation on DFS channels (bsc#1227149). - wifi: cfg80211: remove scan_width support (bsc#1227149). - wifi: cfg80211: remove wdev mutex (bsc#1227149). - wifi: cfg80211: rename UHB to 6 GHz (bsc#1227149). - wifi: cfg80211: Replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: cfg80211: report per-link errors during association (bsc#1227149). - wifi: cfg80211: report unprotected deauth/disassoc in wowlan (bsc#1227149). - wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (git-fixes). - wifi: cfg80211: save power spectral density(psd) of regulatory rule (bsc#1227149). - wifi: cfg80211: Schedule regulatory check on BSS STA channel change (bsc#1227149). - wifi: cfg80211: set correct param change count in ML element (bsc#1227149). - wifi: cfg80211: sme: hold wiphy lock for wdev iteration (bsc#1227149). - wifi: cfg80211: sort certificates in build (bsc#1227149). - wifi: cfg80211: split struct cfg80211_ap_settings (bsc#1227149). - wifi: cfg80211: Update the default DSCP-to-UP mapping (bsc#1227149). - wifi: cfg80211: validate HE operation element parsing (bsc#1227149). - wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (stable-fixes). - wifi: cfg80211: wext: convert return value to kernel-doc (bsc#1227149). - wifi: cfg80211: wext: set ssids=NULL for passive scans (git-fixes). - wifi: cw1200: Avoid processing an invalid TIM IE (bsc#1227149). - wifi: cw1200: Convert to GPIO descriptors (bsc#1227149). - wifi: cw1200: fix __le16 sparse warnings (bsc#1227149). - wifi: cw1200: restore endian swapping (bsc#1227149). - wifi: drivers: Explicitly include correct DT includes (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for ar5523 (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for Broadcom WLAN (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for mt76 drivers (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for p54spi (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wcn36xx (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wilc1000 (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wl1251 and wl12xx (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wl18xx (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wlcore (bsc#1227149). - wifi: hostap: Add __counted_by for struct prism2_download_data and use struct_size() (bsc#1227149). - wifi: hostap: fix stringop-truncations GCC warning (bsc#1227149). - wifi: hostap: remove unused ioctl function (bsc#1227149). - wifi: ieee80211: add definitions for negotiated TID to Link map (bsc#1227149). - wifi: ieee80211: add UL-bandwidth definition of trigger frame (bsc#1227149). - wifi: ieee80211: check for NULL in ieee80211_mle_size_ok() (stable-fixes). - wifi: ieee80211: fix ieee80211_mle_basic_sta_prof_size_ok() (git-fixes). - wifi: iwlmei: do not send nic info with invalid mac address (bsc#1227149). - wifi: iwlmei: do not send SAP messages if AMT is disabled (bsc#1227149). - wifi: iwlmei: send driver down SAP message only if wiamt is enabled (bsc#1227149). - wifi: iwlmei: send HOST_GOES_DOWN message even if wiamt is disabled (bsc#1227149). - wifi: iwlmvm: fw: Add new OEM vendor to tas approved list (bsc#1227149). - wifi: iwlwifi: abort scan when rfkill on but device enabled (bsc#1227149). - wifi: iwlwifi: add HONOR to PPAG approved list (bsc#1227149). - wifi: iwlwifi: add mapping of a periphery register crf for WH RF (bsc#1227149). - wifi: iwlwifi: add new RF support for wifi7 (bsc#1227149). - wifi: iwlwifi: add Razer to ppag approved list (bsc#1227149). - wifi: iwlwifi: Add rf_mapping of new wifi7 devices (bsc#1227149). - wifi: iwlwifi: add support for activating UNII-1 in WW via BIOS (bsc#1227149). - wifi: iwlwifi: add support for a wiphy_work rx handler (bsc#1227149). - wifi: iwlwifi: Add support for new 802.11be device (bsc#1227149). - wifi: iwlwifi: add support for new ini region types (bsc#1227149). - wifi: iwlwifi: Add support for PPAG cmd v5 and PPAG revision 3 (bsc#1227149). - wifi: iwlwifi: add support for SNPS DPHYIP region type (bsc#1227149). - wifi: iwlwifi: adjust rx_phyinfo debugfs to MLO (bsc#1227149). - wifi: iwlwifi: always have 'uats_enabled' (bsc#1227149). - wifi: iwlwifi: api: clean up some kernel-doc/typos (bsc#1227149). - wifi: iwlwifi: api: dbg-tlv: fix up kernel-doc (bsc#1227149). - wifi: iwlwifi: api: fix a small upper/lower-case typo (bsc#1227149). - wifi: iwlwifi: api: fix center_freq label in PHY diagram (bsc#1227149). - wifi: iwlwifi: api: fix constant version to match FW (bsc#1227149). - wifi: iwlwifi: api: fix kernel-doc reference (bsc#1227149). - wifi: iwlwifi: bump FW API to 84 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: bump FW API to 86 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: bump FW API to 87 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: bump FW API to 88 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: cancel session protection only if there is one (bsc#1227149). - wifi: iwlwifi: change link id in time event to s8 (bsc#1227149). - wifi: iwlwifi: check for kmemdup() return value in iwl_parse_tlv_firmware() (bsc#1227149). - wifi: iwlwifi: cleanup BT Shared Single Antenna code (bsc#1227149). - wifi: iwlwifi: cleanup sending PER_CHAIN_LIMIT_OFFSET_CMD (bsc#1227149). - wifi: iwlwifi: cleanup uefi variables loading (bsc#1227149). - wifi: iwlwifi: clear link_id in time_event (bsc#1227149). - wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef (git-fixes). - wifi: iwlwifi: dbg-tlv: avoid extra allocation/copy (bsc#1227149). - wifi: iwlwifi: dbg-tlv: use struct_size() for allocation (bsc#1227149). - wifi: iwlwifi: disable 160 MHz based on subsystem device ID (bsc#1227149). - wifi: iwlwifi: disable eSR when BT is active (bsc#1227149). - wifi: iwlwifi: disable multi rx queue for 9000 (bsc#1227149). - wifi: iwlwifi: do not check TAS block list size twice (bsc#1227149). - wifi: iwlwifi: Do not mark DFS channels as NO-IR (bsc#1227149). - wifi: iwlwifi: do not use TRUE/FALSE with bool (bsc#1227149). - wifi: iwlwifi: drop NULL pointer check in iwl_mvm_tzone_set_trip_temp() (bsc#1227149). - wifi: iwlwifi: dvm: remove kernel-doc warnings (bsc#1227149). - wifi: iwlwifi: error-dump: fix kernel-doc issues (bsc#1227149). - wifi: iwlwifi: Extract common prph mac/phy regions data dump logic (bsc#1227149). - wifi: iwlwifi: fail NIC access fast on dead NIC (bsc#1227149). - wifi: iwlwifi: fix #ifdef CONFIG_ACPI check (bsc#1227149). - wifi: iwlwifi: fix iwl_mvm_get_valid_rx_ant() (git-fixes). - wifi: iwlwifi: fix opmode start/stop race (bsc#1227149). - wifi: iwlwifi: fix some kernel-doc issues (bsc#1227149). - wifi: iwlwifi: Fix spelling mistake 'SESION' -> 'SESSION' (bsc#1227149). - wifi: iwlwifi: fix system commands group ordering (bsc#1227149). - wifi: iwlwifi: fix the rf step and flavor bits range (bsc#1227149). - wifi: iwlwifi: fw: Add support for UATS table in UHB (bsc#1227149). - wifi: iwlwifi: fw: allow vmalloc for PNVM image (bsc#1227149). - wifi: iwlwifi: fw: dbg: ensure correct config name sizes (bsc#1227149). - wifi: iwlwifi: fw: disable firmware debug asserts (bsc#1227149). - wifi: iwlwifi: fw: do not always use FW dump trig (git-fixes). - wifi: iwlwifi: fw: file: clean up kernel-doc (bsc#1227149). - wifi: iwlwifi: fw: file: do not use [0] for variable arrays (bsc#1227149). - wifi: iwlwifi: fw: fix compiler warning for NULL string print (bsc#1227149). - wifi: iwlwifi: fw: fix compile w/o CONFIG_ACPI (git-fixes). - wifi: iwlwifi: fw: Fix debugfs command sending (bsc#1227149). - wifi: iwlwifi: fw: increase fw_version string size (bsc#1227149). - wifi: iwlwifi: fw: reconstruct the API/CAPA enum number (bsc#1227149). - wifi: iwlwifi: fw: replace deprecated strncpy with strscpy_pad (bsc#1227149). - wifi: iwlwifi: handle per-phy statistics from fw (bsc#1227149). - wifi: iwlwifi: implement can_activate_links callback (bsc#1227149). - wifi: iwlwifi: implement enable/disable for China 2022 regulatory (bsc#1227149). - wifi: iwlwifi: implement GLAI ACPI table loading (bsc#1227149). - wifi: iwlwifi: iwl-fh.h: fix kernel-doc issues (bsc#1227149). - wifi: iwlwifi: iwlmvm: handle unprotected deauth/disassoc in d3 (bsc#1227149). - wifi: iwlwifi: iwl-trans.h: clean up kernel-doc (bsc#1227149). - wifi: iwlwifi: load b0 version of ucode for HR1/HR2 (bsc#1227149). - wifi: iwlwifi: make TB reallocation a debug message (bsc#1227149). - wifi: iwlwifi: make time_events MLO aware (bsc#1227149). - wifi: iwlwifi: mei: return error from register when not built (bsc#1227149). - wifi: iwlwifi: mvm: add a debugfs hook to clear the monitor data (bsc#1227149). - wifi: iwlwifi: mvm: add a debug print when we get a BAR (bsc#1227149). - wifi: iwlwifi: mvm: add a per-link debugfs (bsc#1227149). - wifi: iwlwifi: mvm: add a print when sending RLC command (bsc#1227149). - wifi: iwlwifi: mvm: Add basic link selection logic (bsc#1227149). - wifi: iwlwifi: mvm: add start mac ctdp sum calculation debugfs handler (bsc#1227149). - wifi: iwlwifi: mvm: add support for new wowlan_info_notif (bsc#1227149). - wifi: iwlwifi: mvm: Add support for removing responder TKs (bsc#1227149). - wifi: iwlwifi: mvm: add support for TID to link mapping neg request (bsc#1227149). - wifi: iwlwifi: mvm: add US/Canada MCC to API (bsc#1227149). - wifi: iwlwifi: mvm: advertise MLO only if EHT is enabled (bsc#1227149). - wifi: iwlwifi: mvm: advertise support for protected ranging negotiation (bsc#1227149). - wifi: iwlwifi: mvm: advertise support for SCS traffic description (bsc#1227149). - wifi: iwlwifi: mvm: allocate STA links only for active links (git-fixes). - wifi: iwlwifi: mvm: Allow DFS concurrent operation (bsc#1227149). - wifi: iwlwifi: mvm: always update keys in D3 exit (bsc#1227149). - wifi: iwlwifi: mvm: avoid garbage iPN (bsc#1227149). - wifi: iwlwifi: mvm: calculate EMLSR mode after connection (bsc#1227149). - wifi: iwlwifi: mvm: check AP supports EMLSR (bsc#1227149). - wifi: iwlwifi: mvm: check for iwl_mvm_mld_update_sta() errors (bsc#1227149). - wifi: iwlwifi: mvm: check link more carefully (bsc#1227149). - wifi: iwlwifi: mvm: check n_ssids before accessing the ssids (git-fixes). - wifi: iwlwifi: mvm: check own capabilities for EMLSR (bsc#1227149). - wifi: iwlwifi: mvm: cleanup MLO and non-MLO unification code (bsc#1227149). - wifi: iwlwifi: mvm: combine condition/warning (bsc#1227149). - wifi: iwlwifi: mvm: Configure the link mapping for non-MLD FW (bsc#1227149). - wifi: iwlwifi: mvm: consider having one active link (bsc#1227149). - wifi: iwlwifi: mvm: const-ify chandef pointers (bsc#1227149). - wifi: iwlwifi: mvm: Correctly report TSF data in scan complete (bsc#1227149). - wifi: iwlwifi: mvm: cycle FW link on chanctx removal (bsc#1227149). - wifi: iwlwifi: mvm: d3: avoid intermediate/early mutex unlock (bsc#1227149). - wifi: iwlwifi: mvm: d3: disconnect on GTK rekey failure (bsc#1227149). - wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup (stable-fixes). - wifi: iwlwifi: mvm: d3: implement suspend with MLO (bsc#1227149). - wifi: iwlwifi: mvm: debugfs for fw system stats (bsc#1227149). - wifi: iwlwifi: mvm: Declare support for secure LTF measurement (bsc#1227149). - wifi: iwlwifi: mvm: define RX queue sync timeout as a macro (bsc#1227149). - wifi: iwlwifi: mvm: disable MLO for the time being (bsc#1227149). - wifi: iwlwifi: mvm: disallow puncturing in US/Canada (bsc#1227149). - wifi: iwlwifi: mvm: disconnect long CSA only w/o alternative (bsc#1227149). - wifi: iwlwifi: mvm: disconnect station vifs if recovery failed (bsc#1227149). - wifi: iwlwifi: mvm: do not abort queue sync in CT-kill (bsc#1227149). - wifi: iwlwifi: mvm: do not add dummy phy context (bsc#1227149). - wifi: iwlwifi: mvm: do not always disable EMLSR due to BT coex (bsc#1227149). - wifi: iwlwifi: mvm: do not do duplicate detection for nullfunc packets (bsc#1227149). - wifi: iwlwifi: mvm: do not initialize csa_work twice (git-fixes). - wifi: iwlwifi: mvm: do not limit VLP/AFC to UATS-enabled (git-fixes). - wifi: iwlwifi: mvm: do not read past the mfuart notifcation (git-fixes). - wifi: iwlwifi: mvm: do not send BT_COEX_CI command on new devices (bsc#1227149). - wifi: iwlwifi: mvm: do not send NDPs for new tx devices (bsc#1227149). - wifi: iwlwifi: mvm: do not send STA_DISABLE_TX_CMD for newer firmware (bsc#1227149). - wifi: iwlwifi: mvm: do not send the smart fifo command if not needed (bsc#1227149). - wifi: iwlwifi: mvm: do not set trigger frame padding in AP mode (bsc#1227149). - wifi: iwlwifi: mvm: do not support reduced tx power on ack for new devices (bsc#1227149). - wifi: iwlwifi: mvm: do not wake up rx_sync_waitq upon RFKILL (git-fixes). - wifi: iwlwifi: mvm: Do not warn if valid link pair was not found (bsc#1227149). - wifi: iwlwifi: mvm: Do not warn on invalid link on scan complete (bsc#1227149). - wifi: iwlwifi: mvm: enable FILS DF Tx on non-PSC channel (bsc#1227149). - wifi: iwlwifi: mvm: enable HE TX/RX &lt;242 tone RU on new RFs (bsc#1227149). - wifi: iwlwifi: mvm: expand queue sync warning messages (bsc#1227149). - wifi: iwlwifi: mvm: extend alive timeout to 2 seconds (bsc#1227149). - wifi: iwlwifi: mvm: Extend support for P2P service discovery (bsc#1227149). - wifi: iwlwifi: mvm: fix a battery life regression (bsc#1227149). - wifi: iwlwifi: mvm: fix a crash on 7265 (bsc#1227149). - wifi: iwlwifi: mvm: fix active link counting during recovery (git-fixes). - wifi: iwlwifi: mvm: fix check in iwl_mvm_sta_fw_id_mask (git-fixes). - wifi: iwlwifi: mvm: Fix FTM initiator flags (bsc#1227149). - wifi: iwlwifi: mvm: fix kernel-doc (bsc#1227149). - wifi: iwlwifi: mvm: fix link ID management (bsc#1227149). - wifi: iwlwifi: mvm: fix recovery flow in CSA (bsc#1227149). - wifi: iwlwifi: mvm: fix regdb initialization (bsc#1227149). - wifi: iwlwifi: mvm: fix ROC version check (bsc#1227149). - wifi: iwlwifi: mvm: fix SB CFG check (bsc#1227149). - wifi: iwlwifi: mvm: Fix scan abort handling with HW rfkill (stable-fixes). - wifi: iwlwifi: mvm: fix the key PN index (bsc#1227149). - wifi: iwlwifi: mvm: fix the PHY context resolution for p2p device (bsc#1227149). - wifi: iwlwifi: mvm: fix thermal kernel-doc (bsc#1227149). - wifi: iwlwifi: mvm: fix the TXF mapping for BZ devices (bsc#1227149). - wifi: iwlwifi: mvm: Fix unreachable code path (bsc#1227149). - wifi: iwlwifi: mvm: fold the ref++ into iwl_mvm_phy_ctxt_add (bsc#1227149). - wifi: iwlwifi: mvm: guard against invalid STA ID on removal (stable-fixes). - wifi: iwlwifi: mvm: handle BA session teardown in RF-kill (stable-fixes). - wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd (stable-fixes). - wifi: iwlwifi: mvm: handle debugfs names more carefully (bsc#1227149). - wifi: iwlwifi: mvm: handle link-STA allocation in restart (bsc#1227149). - wifi: iwlwifi: mvm: implement new firmware API for statistics (bsc#1227149). - wifi: iwlwifi: mvm: implement ROC version 3 (bsc#1227149). - wifi: iwlwifi: mvm: include link ID when releasing frames (git-fixes). - wifi: iwlwifi: mvm: increase session protection after CSA (bsc#1227149). - wifi: iwlwifi: mvm: init vif works only once (git-fixes). - wifi: iwlwifi: mvm: introduce esr_disable_reason (bsc#1227149). - wifi: iwlwifi: mvm: introduce PHY_CONTEXT_CMD_API_VER_5 (bsc#1227149). - wifi: iwlwifi: mvm: iterate active links for STA queues (bsc#1227149). - wifi: iwlwifi: mvm: Keep connection in case of missed beacons during RX (bsc#1227149). - wifi: iwlwifi: mvm: limit EHT 320 MHz MCS for STEP URM (bsc#1227149). - wifi: iwlwifi: mvm: limit pseudo-D3 to 60 seconds (bsc#1227149). - wifi: iwlwifi: mvm: log dropped frames (bsc#1227149). - wifi: iwlwifi: mvm: log dropped packets due to MIC error (bsc#1227149). - wifi: iwlwifi: mvm: make functions public (bsc#1227149). - wifi: iwlwifi: mvm: make pldr_sync AX210 specific (bsc#1227149). - wifi: iwlwifi: mvm: make 'pldr_sync' mode effective (bsc#1227149). - wifi: iwlwifi: mvm: move BA notif messages before action (bsc#1227149). - wifi: iwlwifi: mvm: move listen interval to constants (bsc#1227149). - wifi: iwlwifi: mvm: move RU alloc B2 placement (bsc#1227149). - wifi: iwlwifi: mvm: offload IGTK in AP if BIGTK is supported (bsc#1227149). - wifi: iwlwifi: mvm: partially support PHY context version 6 (bsc#1227149). - wifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF (bsc#1227149). - wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option (stable-fixes). - wifi: iwlwifi: mvm: reduce maximum RX A-MPDU size (bsc#1227149). - wifi: iwlwifi: mvm: refactor duplicate chanctx condition (bsc#1227149). - wifi: iwlwifi: mvm: refactor TX rate handling (bsc#1227149). - wifi: iwlwifi: mvm: remove EHT code from mac80211.c (bsc#1227149). - wifi: iwlwifi: mvm: remove flags for enable/disable beacon filter (bsc#1227149). - wifi: iwlwifi: mvm: remove IWL_MVM_STATUS_NEED_FLUSH_P2P (bsc#1227149). - wifi: iwlwifi: mvm: remove old PASN station when adding a new one (git-fixes). - wifi: iwlwifi: mvm: remove one queue sync on BA session stop (bsc#1227149). - wifi: iwlwifi: mvm: remove set_tim callback for MLD ops (bsc#1227149). - wifi: iwlwifi: mvm: remove stale STA link data during restart (stable-fixes). - wifi: iwlwifi: mvm: Return success if link could not be removed (bsc#1227149). - wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd (git-fixes). - wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 (git-fixes). - wifi: iwlwifi: mvm: rework debugfs handling (bsc#1227149). - wifi: iwlwifi: mvm: rfi: fix potential response leaks (git-fixes). - wifi: iwlwifi: mvm: select STA mask only for active links (git-fixes). - wifi: iwlwifi: mvm: set properly mac header (git-fixes). - wifi: iwlwifi: mvm: show dump even for pldr_sync (bsc#1227149). - wifi: iwlwifi: mvm: show skb_mac_gso_segment() failure reason (bsc#1227149). - wifi: iwlwifi: mvm: simplify the reorder buffer (bsc#1227149). - wifi: iwlwifi: mvm: skip adding debugfs symlink for reconfig (bsc#1227149). - wifi: iwlwifi: mvm: support CSA with MLD (bsc#1227149). - wifi: iwlwifi: mvm: support flush on AP interfaces (bsc#1227149). - wifi: iwlwifi: mvm: support injection antenna control (bsc#1227149). - wifi: iwlwifi: mvm: support iwl_dev_tx_power_cmd_v8 (bsc#1227149). - wifi: iwlwifi: mvm: support set_antenna() (bsc#1227149). - wifi: iwlwifi: mvm: support SPP A-MSDUs (bsc#1227149). - wifi: iwlwifi: mvm: unlock mvm if there is no primary link (bsc#1227149). - wifi: iwlwifi: mvm: use correct address 3 in A-MSDU (stable-fixes). - wifi: iwlwifi: mvm: use fast balance scan in case of an active P2P GO (bsc#1227149). - wifi: iwlwifi: mvm: Use the link ID provided in scan request (bsc#1227149). - wifi: iwlwifi: mvm: use the new command to clear the internal buffer (bsc#1227149). - wifi: iwlwifi: mvm: work around A-MSDU size problem (bsc#1227149). - wifi: iwlwifi: no power save during transition to D3 (bsc#1227149). - wifi: iwlwifi: nvm-parse: advertise common packet padding (bsc#1227149). - wifi: iwlwifi: nvm: parse the VLP/AFC bit from regulatory (bsc#1227149). - wifi: iwlwifi: pcie: Add new PCI device id and CNVI (bsc#1227149). - wifi: iwlwifi: pcie: Add the PCI device id for new hardware (stable-fixes). - wifi: iwlwifi: pcie: clean up device removal work (bsc#1227149). - wifi: iwlwifi: pcie: clean up gen1/gen2 TFD unmap (bsc#1227149). - wifi: iwlwifi: pcie: clean up WFPM control bits (bsc#1227149). - wifi: iwlwifi: pcie: do not allow hw-rfkill to stop device on gen2 (bsc#1227149). - wifi: iwlwifi: pcie: dump CSRs before removal (bsc#1227149). - wifi: iwlwifi: pcie: enable TOP fatal error interrupt (bsc#1227149). - wifi: iwlwifi: pcie: fix kernel-doc issues (bsc#1227149). - wifi: iwlwifi: pcie: fix RB status reading (stable-fixes). - wifi: iwlwifi: pcie: get_crf_id() can be void (bsc#1227149). - wifi: iwlwifi: pcie: give up mem read if HW is dead (bsc#1227149). - wifi: iwlwifi: pcie: move gen1 TB handling to header (bsc#1227149). - wifi: iwlwifi: pcie: point invalid TFDs to invalid data (bsc#1227149). - wifi: iwlwifi: pcie: propagate iwl_pcie_gen2_apm_init() error (bsc#1227149). - wifi: iwlwifi: pcie: (re-)assign BAR0 on driver bind (bsc#1227149). - wifi: iwlwifi: pcie: rescan bus if no parent (bsc#1227149). - wifi: iwlwifi: prepare for reading DSM from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading PPAG table from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading SAR tables from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading SPLC from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading TAS table from UEFI (bsc#1227149). - wifi: iwlwifi: properly check if link is active (bsc#1227149). - wifi: iwlwifi: properly set WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK (stable-fixes). - wifi: iwlwifi: queue: fix kernel-doc (bsc#1227149). - wifi: iwlwifi: queue: improve warning for no skb in reclaim (bsc#1227149). - wifi: iwlwifi: queue: move iwl_txq_gen2_set_tb() up (bsc#1227149). - wifi: iwlwifi: read DSM func 2 for specific RF types (bsc#1227149). - wifi: iwlwifi: read DSM functions from UEFI (bsc#1227149). - wifi: iwlwifi: read ECKV table from UEFI (bsc#1227149). - wifi: iwlwifi: read mac step from aux register (bsc#1227149). - wifi: iwlwifi: read PPAG table from UEFI (bsc#1227149). - wifi: iwlwifi: read SAR tables from UEFI (bsc#1227149). - wifi: iwlwifi: read SPLC from UEFI (bsc#1227149). - wifi: iwlwifi: read txq->read_ptr under lock (stable-fixes). - wifi: iwlwifi: read WRDD table from UEFI (bsc#1227149). - wifi: iwlwifi: read WTAS table from UEFI (bsc#1227149). - wifi: iwlwifi: reconfigure TLC during HW restart (git-fixes). - wifi: iwlwifi: refactor RX tracing (bsc#1227149). - wifi: iwlwifi: remove async command callback (bsc#1227149). - wifi: iwlwifi: remove dead-code (bsc#1227149). - wifi: iwlwifi: remove 'def_rx_queue' struct member (bsc#1227149). - wifi: iwlwifi: remove extra kernel-doc (bsc#1227149). - wifi: iwlwifi: remove Gl A-step remnants (bsc#1227149). - wifi: iwlwifi: remove memory check for LMAC error address (bsc#1227149). - wifi: iwlwifi: remove retry loops in start (bsc#1227149). - wifi: iwlwifi: remove unused function prototype (bsc#1227149). - wifi: iwlwifi: remove WARN from read_mem32() (bsc#1227149). - wifi: iwlwifi: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: iwlwifi: return negative -EINVAL instead of positive EINVAL (bsc#1227149). - wifi: iwlwifi: rfi: use a single DSM function for all RFI configurations (bsc#1227149). - wifi: iwlwifi: send EDT table to FW (bsc#1227149). - wifi: iwlwifi: separate TAS 'read-from-BIOS' and 'send-to-FW' flows (bsc#1227149). - wifi: iwlwifi: simplify getting DSM from ACPI (bsc#1227149). - wifi: iwlwifi: skip affinity setting on non-SMP (bsc#1227149). - wifi: iwlwifi: skip opmode start retries on dead transport (bsc#1227149). - wifi: iwlwifi: small cleanups in PPAG table flows (bsc#1227149). - wifi: iwlwifi: support link command version 2 (bsc#1227149). - wifi: iwlwifi: support link_id in SESSION_PROTECTION cmd (bsc#1227149). - wifi: iwlwifi: support link id in SESSION_PROTECTION_NOTIF (bsc#1227149). - wifi: iwlwifi: take send-DSM-to-FW flows out of ACPI ifdef (bsc#1227149). - wifi: iwlwifi: take SGOM and UATS code out of ACPI ifdef (bsc#1227149). - wifi: iwlwifi: trace full frames with TX status request (bsc#1227149). - wifi: iwlwifi: update context info structure definitions (bsc#1227149). - wifi: iwlwifi: Use request_module_nowait (bsc#1227149). - wifi: iwlwifi: use system_unbound_wq for debug dump (bsc#1227149). - wifi: iwlwifi: validate PPAG table when sent to FW (bsc#1227149). - wifi: lib80211: remove unused variables iv32 and iv16 (bsc#1227149). - wifi: libertas: add missing calls to cancel_work_sync() (bsc#1227149). - wifi: libertas: cleanup SDIO reset (bsc#1227149). - wifi: libertas: Follow renaming of SPI 'master' to 'controller' (bsc#1227149). - wifi: libertas: handle possible spu_write_u16() errors (bsc#1227149). - wifi: libertas: prefer kstrtoX() for simple integer conversions (bsc#1227149). - wifi: libertas: simplify list operations in free_if_spi_card() (bsc#1227149). - wifi: libertas: use convenient lists to manage SDIO packets (bsc#1227149). - wifi: mac80211: add a driver callback to add vif debugfs (bsc#1227149). - wifi: mac80211: add a driver callback to check active_links (bsc#1227149). - wifi: mac80211: add a flag to disallow puncturing (bsc#1227149). - wifi: mac80211: add back SPDX identifier (bsc#1227149). - wifi: mac80211: Add __counted_by for struct ieee802_11_elems and use struct_size() (bsc#1227149). - wifi: mac80211: add ieee80211_tdls_sta_link_id() (stable-fixes). - wifi: mac80211: additions to change_beacon() (bsc#1227149). - wifi: mac80211: add link id to ieee80211_gtk_rekey_add() (bsc#1227149). - wifi: mac80211: add link id to mgd_prepare_tx() (bsc#1227149). - wifi: mac80211: add more ops assertions (bsc#1227149). - wifi: mac80211: add more warnings about inserting sta info (bsc#1227149). - wifi: mac80211: add/remove driver debugfs entries as appropriate (bsc#1227149). - wifi: mac80211: address some kerneldoc warnings (bsc#1227149). - wifi: mac80211: add support for mld in ieee80211_chswitch_done (bsc#1227149). - wifi: mac80211: add support for parsing TID to Link mapping element (bsc#1227149). - wifi: mac80211: add support for SPP A-MSDUs (bsc#1227149). - wifi: mac80211: allow 64-bit radiotap timestamps (bsc#1227149). - wifi: mac80211: allow for_each_sta_active_link() under RCU (bsc#1227149). - wifi: mac80211: apply mcast rate only if interface is up (stable-fixes). - wifi: mac80211: Avoid address calculations via out of bounds array indexing (stable-fixes). - wifi: mac80211: cancel multi-link reconf work on disconnect (git-fixes). - wifi: mac80211: chanctx emulation set CHANGE_CHANNEL when in_reconfig (git-fixes). - wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (stable-fixes). - wifi: mac80211: check EHT/TTLM action frame length (bsc#1227149). - wifi: mac80211: Check if we had first beacon with relevant links (bsc#1227149). - wifi: mac80211: check wiphy mutex in ops (bsc#1227149). - wifi: mac80211: cleanup airtime arithmetic with ieee80211_sta_keep_active() (bsc#1227149). - wifi: mac80211: clean up assignments to pointer cache (stable-fixes). - wifi: mac80211: cleanup auth_data only if association continues (bsc#1227149). - wifi: mac80211: convert A-MPDU work to wiphy work (bsc#1227149). - wifi: mac80211: correctly parse Spatial Reuse Parameter Set element (git-fixes). - wifi: mac80211: correctly set active links upon TTLM (bsc#1227149). - wifi: mac80211: correcty limit wider BW TDLS STAs (git-fixes). - wifi: mac80211: debugfs: lock wiphy instead of RTNL (bsc#1227149). - wifi: mac80211: describe return values in kernel-doc (bsc#1227149). - wifi: mac80211: disable softirqs for queued frame handling (git-fixes). - wifi: mac80211: do not connect to an AP while it's in a CSA process (bsc#1227149). - wifi: mac80211: Do not force off-channel for management Tx with MLO (bsc#1227149). - wifi: mac80211: Do not include crypto/algapi.h (bsc#1227149). - wifi: mac80211: do not re-add debugfs entries during resume (bsc#1227149). - wifi: mac80211: do not select link ID if not provided in scan request (bsc#1227149). - wifi: mac80211: do not set ESS capab bit in assoc request (bsc#1227149). - wifi: mac80211: do not use rate mask for scanning (stable-fixes). - wifi: mac80211: drop robust action frames before assoc (bsc#1227149). - wifi: mac80211: drop spurious WARN_ON() in ieee80211_ibss_csa_beacon() (bsc#1227149). - wifi: mac80211: ensure beacon is non-S1G prior to extracting the beacon timestamp field (stable-fixes). - wifi: mac80211: ethtool: always hold wiphy mutex (bsc#1227149). - wifi: mac80211: ethtool: hold wiphy mutex (bsc#1227149). - wifi: mac80211: expand __ieee80211_data_to_8023() status (bsc#1227149). - wifi: mac80211: Extend support for scanning while MLO connected (bsc#1227149). - wifi: mac80211: extend wiphy lock in interface removal (bsc#1227149). - wifi: mac80211: fix advertised TTLM scheduling (bsc#1227149). - wifi: mac80211: fix a expired vs. cancel race in roc (bsc#1227149). - wifi: mac80211: fix another key installation error path (bsc#1227149). - wifi: mac80211: fix BA session teardown race (bsc#1227149). - wifi: mac80211: fix BSS_CHANGED_UNSOL_BCAST_PROBE_RESP (bsc#1227149). - wifi: mac80211: fix change_address deadlock during unregister (bsc#1227149). - wifi: mac80211: fix channel switch link data (bsc#1227149). - wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (git-fixes). - wifi: mac80211: fix driver debugfs for vif type change (bsc#1227149). - wifi: mac80211: fix error path key leak (bsc#1227149). - wifi: mac80211: fixes in FILS discovery updates (bsc#1227149). - wifi: mac80211: fix header kernel-doc typos (bsc#1227149). - wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc (stable-fixes). - wifi: mac80211: fix ieee80211_drop_unencrypted_mgmt return type/value (bsc#1227149). - wifi: mac80211: fix monitor channel with chanctx emulation (bsc#1227149). - wifi: mac80211: fix potential key leak (bsc#1227149). - wifi: mac80211: fix prep_connection error path (stable-fixes). - wifi: mac80211: Fix SMPS handling in the context of MLO (bsc#1227149). - wifi: mac80211: fix SMPS status handling (bsc#1227149). - wifi: mac80211: fix spelling typo in comment (bsc#1227149). - wifi: mac80211: fix TXQ error path and cleanup (bsc#1227149). - wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (stable-fixes). - wifi: mac80211: fix unaligned le16 access (git-fixes). - wifi: mac80211: fix unsolicited broadcast probe config (bsc#1227149). - wifi: mac80211: fix various kernel-doc issues (bsc#1227149). - wifi: mac80211: flush STA queues on unauthorization (bsc#1227149). - wifi: mac80211: flush wiphy work where appropriate (bsc#1227149). - wifi: mac80211: handle debugfs when switching to/from MLO (bsc#1227149). - wifi: mac80211: handle tasklet frames before stopping (stable-fixes). - wifi: mac80211: hold wiphy_lock around concurrency checks (bsc#1227149). - wifi: mac80211: hold wiphy lock in netdev/link debugfs (bsc#1227149). - wifi: mac80211_hwsim: init peer measurement result (git-fixes). - wifi: mac80211: improve CSA/ECSA connection refusal (bsc#1227149). - wifi: mac80211: initialize SMPS mode correctly (bsc#1227149). - wifi: mac80211: lock wiphy for aggregation debugfs (bsc#1227149). - wifi: mac80211: lock wiphy in IP address notifier (bsc#1227149). - wifi: mac80211: make mgd_protect_tdls_discover MLO-aware (bsc#1227149). - wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects (git-fixes). - wifi: mac80211: mesh: fix some kdoc warnings (bsc#1227149). - wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (stable-fixes). - wifi: mac80211: mesh: Remove unused function declaration mesh_ids_set_default() (bsc#1227149). - wifi: mac80211: move color change finalize to wiphy work (bsc#1227149). - wifi: mac80211: move CSA finalize to wiphy work (bsc#1227149). - wifi: mac80211: move DFS CAC work to wiphy work (bsc#1227149). - wifi: mac80211: move dynamic PS to wiphy work (bsc#1227149). - wifi: mac80211: move filter reconfig to wiphy work (bsc#1227149). - wifi: mac80211: move key tailroom work to wiphy work (bsc#1227149). - wifi: mac80211: move link activation work to wiphy work (bsc#1227149). - wifi: mac80211: move monitor work to wiphy work (bsc#1227149). - wifi: mac80211: move TDLS work to wiphy work (bsc#1227149). - wifi: mac80211: move tspec work to wiphy work (bsc#1227149). - wifi: mac80211: Notify the low level driver on change in MLO valid links (bsc#1227149). - wifi: mac80211: Print local link address during authentication (bsc#1227149). - wifi: mac80211: process and save negotiated TID to Link mapping request (bsc#1227149). - wifi: mac80211: purge TX queues in flush_queues flow (bsc#1227149). - wifi: mac80211: Recalc offload when monitor stop (git-fixes). - wifi: mac80211: reduce iflist_mtx (bsc#1227149). - wifi: mac80211: reject MLO channel configuration if not supported (bsc#1227149). - wifi: mac80211: relax RCU check in for_each_vif_active_link() (bsc#1227149). - wifi: mac80211: remove ampdu_mlme.mtx (bsc#1227149). - wifi: mac80211: remove chanctx_mtx (bsc#1227149). - wifi: mac80211: remove key_mtx (bsc#1227149). - wifi: mac80211: remove link before AP (git-fixes). - wifi: mac80211: remove local->mtx (bsc#1227149). - wifi: mac80211: remove redundant ML element check (bsc#1227149). - wifi: mac80211: remove RX_DROP_UNUSABLE (bsc#1227149). - wifi: mac80211: remove shifted rate support (bsc#1227149). - wifi: mac80211: remove sta_mtx (bsc#1227149). - wifi: mac80211: remove unnecessary struct forward declaration (bsc#1227149). - wifi: mac80211: Remove unused function declarations (bsc#1227149). - wifi: mac80211: Rename and update IEEE80211_VIF_DISABLE_SMPS_OVERRIDE (bsc#1227149). - wifi: mac80211: rename ieee80211_tx_status() to ieee80211_tx_status_skb() (bsc#1227149). - wifi: mac80211: rename struct cfg80211_rx_assoc_resp to cfg80211_rx_assoc_resp_data (bsc#1227149). - wifi: mac80211: Replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: mac80211: report per-link error during association (bsc#1227149). - wifi: mac80211: reset negotiated TTLM on disconnect (git-fixes). - wifi: mac80211: rework ack_frame_id handling a bit (bsc#1227149). - wifi: mac80211: rework RX timestamp flags (bsc#1227149). - wifi: mac80211: rx.c: fix sentence grammar (bsc#1227149). - wifi: mac80211: Sanity check tx bitrate if not provided by driver (bsc#1227149). - wifi: mac80211: Schedule regulatory channels check on bandwith change (bsc#1227149). - wifi: mac80211: set wiphy for virtual monitors (bsc#1227149). - wifi: mac80211: simplify non-chanctx drivers (bsc#1227149). - wifi: mac80211: Skip association timeout update after comeback rejection (bsc#1227149). - wifi: mac80211: split ieee80211_drop_unencrypted_mgmt() return value (bsc#1227149). - wifi: mac80211: sta_info.c: fix sentence grammar (bsc#1227149). - wifi: mac80211: support antenna control in injection (bsc#1227149). - wifi: mac80211: support handling of advertised TID-to-link mapping (bsc#1227149). - wifi: mac80211: take MBSSID/EHT data also from probe resp (bsc#1227149). - wifi: mac80211: take wiphy lock for MAC addr change (bsc#1227149). - wifi: mac80211: tx: clarify conditions in if statement (bsc#1227149). - wifi: mac80211: update beacon counters per link basis (bsc#1227149). - wifi: mac80211: update some locking documentation (bsc#1227149). - wifi: mac80211: update the rx_chains after set_antenna() (bsc#1227149). - wifi: mac80211: use bandwidth indication element for CSA (bsc#1227149). - wifi: mac80211: use deflink and fix typo in link ID check (bsc#1227149). - wifi: mac80211: use wiphy locked debugfs for sdata/link (bsc#1227149). - wifi: mac80211: use wiphy locked debugfs helpers for agg_status (bsc#1227149). - wifi: mt7601u: delete dead code checking debugfs returns (bsc#1227149). - wifi: mt7601u: replace strlcpy() with strscpy() (bsc#1227149). - wifi: mt76: add ability to explicitly forbid LED registration with DT (bsc#1227149). - wifi: mt76: add DMA mapping error check in mt76_alloc_txwi() (bsc#1227149). - wifi: mt76: add support for providing eeprom in nvmem cells (bsc#1227149). - wifi: mt76: add tx_nss histogram to ethtool stats (bsc#1227149). - wifi: mt76: Annotate struct mt76_rx_tid with __counted_by (bsc#1227149). - wifi: mt76: change txpower init to per-phy (bsc#1227149). - wifi: mt76: check sta rx control frame to multibss capability (bsc#1227149). - wifi: mt76: check txs format before getting skb by pid (bsc#1227149). - wifi: mt76: check vif type before reporting cca and csa (bsc#1227149). - wifi: mt76: connac: add beacon duplicate TX mode support for mt7996 (bsc#1227149). - wifi: mt76: connac: add beacon protection support for mt7996 (bsc#1227149). - wifi: mt76: connac: add connac3 mac library (bsc#1227149). - wifi: mt76: connac: add data field in struct tlv (bsc#1227149). - wifi: mt76: connac: add eht support for phy mode config (bsc#1227149). - wifi: mt76: connac: add eht support for tx power (bsc#1227149). - wifi: mt76: connac: add firmware support for mt7992 (bsc#1227149). - wifi: mt76: connac: add MBSSID support for mt7996 (bsc#1227149). - wifi: mt76: connac: add more unified command IDs (bsc#1227149). - wifi: mt76: connac: add more unified event IDs (bsc#1227149). - wifi: mt76: connac: add new definition of tx descriptor (bsc#1227149). - wifi: mt76: connac: add support for dsp firmware download (bsc#1227149). - wifi: mt76: connac: add support to set ifs time by mcu command (bsc#1227149). - wifi: mt76: connac: add thermal protection support for mt7996 (bsc#1227149). - wifi: mt76: connac: check for null before dereferencing (bsc#1227149). - wifi: mt76: connac: export functions for mt7925 (bsc#1227149). - wifi: mt76: connac: introduce helper for mt7925 chipset (bsc#1227149). - wifi: mt76: connac: set correct muar_idx for mt799x chipsets (bsc#1227149). - wifi: mt76: connac: set fixed_bw bit in TX descriptor for fixed rate frames (bsc#1227149). - wifi: mt76: connac: use muar idx 0xe for non-mt799x as well (bsc#1227149). - wifi: mt76: Convert to platform remove callback returning void (bsc#1227149). - wifi: mt76: disable HW AMSDU when using fixed rate (bsc#1227149). - wifi: mt76: dma: introduce __mt76_dma_queue_reset utility routine (bsc#1227149). - wifi: mt76: enable UNII-4 channel 177 support (bsc#1227149). - wifi: mt76: fix race condition related to checking tx queue fill status (bsc#1227149). - wifi: mt76: fix the issue of missing txpwr settings from ch153 to ch177 (bsc#1227149). - wifi: mt76: fix typo in mt76_get_of_eeprom_from_nvmem function (bsc#1227149). - wifi: mt76: increase MT_QFLAG_WED_TYPE size (bsc#1227149). - wifi: mt76: introduce mt76_queue_is_wed_tx_free utility routine (bsc#1227149). - wifi: mt76: introduce wed pointer in mt76_queue (bsc#1227149). - wifi: mt76: limit support of precal loading for mt7915 to MTD only (bsc#1227149). - wifi: mt76: make mt76_get_of_eeprom static again (bsc#1227149). - wifi: mt76: mmio: move mt76_mmio_wed_{init,release}_rx_buf in common code (bsc#1227149). - wifi: mt76: move ampdu_state in mt76_wcid (bsc#1227149). - wifi: mt76: move mt76_mmio_wed_offload_{enable,disable} in common code (bsc#1227149). - wifi: mt76: move mt76_net_setup_tc in common code (bsc#1227149). - wifi: mt76: move rate info in mt76_vif (bsc#1227149). - wifi: mt76: move wed reset common code in mt76 module (bsc#1227149). - wifi: mt76: mt7603: add missing register initialization for MT7628 (bsc#1227149). - wifi: mt76: mt7603: add wpdma tx eof flag for PSE client reset (git-fixes). - wifi: mt76: mt7603: disable A-MSDU tx support on MT7628 (bsc#1227149). - wifi: mt76: mt7603: fix beacon interval after disabling a single vif (bsc#1227149). - wifi: mt76: mt7603: fix tx filter/flush function (bsc#1227149). - wifi: mt76: mt7603: fix tx queue of loopback packets (git-fixes). - wifi: mt76: mt7603: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7603: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt7615: add missing chanctx ops (bsc#1227149). - wifi: mt76: mt7615: enable BSS_CHANGED_MU_GROUPS support (bsc#1227149). - wifi: mt76: mt7615: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7615: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt76_connac3: move lmac queue enumeration in mt76_connac3_mac.h (bsc#1227149). - wifi: mt76: mt76x02: fix return value check in mt76x02_mac_process_rx (bsc#1227149). - wifi: mt76: mt76x2u: add netgear wdna3100v3 to device table (bsc#1227149). - wifi: mt76: mt7915: accumulate mu-mimo ofdma muru stats (bsc#1227149). - wifi: mt76: mt7915: add locking for accessing mapped registers (bsc#1227149). - wifi: mt76: mt7915: add missing chanctx ops (bsc#1227149). - wifi: mt76: mt7915: add support for MT7981 (bsc#1227149). - wifi: mt76: mt7915 add tc offloading support (bsc#1227149). - wifi: mt76: mt7915: also MT7981 is 3T3R but nss2 on 5 GHz band (bsc#1227149). - wifi: mt76: mt7915: disable WFDMA Tx/Rx during SER recovery (bsc#1227149). - wifi: mt76: mt7915: drop return in mt7915_sta_statistics (bsc#1227149). - wifi: mt76: mt7915: fix EEPROM offset of TSSI flag on MT7981 (bsc#1227149). - wifi: mt76: mt7915: fix error recovery with WED enabled (bsc#1227149). - wifi: mt76: mt7915: fix monitor mode issues (bsc#1227149). - wifi: mt76: mt7915: move mib_stats structure in mt76.h (bsc#1227149). - wifi: mt76: mt7915: move poll_list in mt76_wcid (bsc#1227149). - wifi: mt76: mt7915: move sta_poll_list and sta_poll_lock in mt76_dev (bsc#1227149). - wifi: mt76: mt7915: report tx retries/failed counts for non-WED path (bsc#1227149). - wifi: mt76: mt7915: update mpdu density capability (bsc#1227149). - wifi: mt76: mt7915: update mt798x_wmac_adie_patch_7976 (bsc#1227149). - wifi: mt76: mt7915: workaround too long expansion sparse warnings (git-fixes). - wifi: mt76: mt7921: add 6GHz power type support for clc (bsc#1227149). - wifi: mt76: mt7921: convert acpisar and clc pointers to void (bsc#1227149). - wifi: mt76: mt7921: enable set txpower for UNII-4 (bsc#1227149). - wifi: mt76: mt7921e: report tx retries/failed counts in tx free event (bsc#1227149). - wifi: mt76: mt7921: fix 6GHz disabled by the missing default CLC config (bsc#1227149). - wifi: mt76: mt7921: fix a potential association failure upon resuming (bsc#1227149). - wifi: mt76: mt7921: fix CLC command timeout when suspend/resume (bsc#1227149). - wifi: mt76: mt7921: fix kernel panic by accessing invalid 6GHz channel info (bsc#1227149). - wifi: mt76: mt7921: fix suspend issue on MediaTek COB platform (bsc#1227149). - wifi: mt76: mt7921: fix the unfinished command of regd_notifier before suspend (bsc#1227149). - wifi: mt76: mt7921: fix wrong 6Ghz power type (bsc#1227149). - wifi: mt76: mt7921: get regulatory information from the clc event (bsc#1227149). - wifi: mt76: mt7921: get rid of MT7921_RESET_TIMEOUT marco (bsc#1227149). - wifi: mt76: mt7921: make mt7921_mac_sta_poll static (bsc#1227149). - wifi: mt76: mt7921: move acpi_sar code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move common register definition in mt792x_regs.h (bsc#1227149). - wifi: mt76: mt7921: move connac nic capability handling to mt7921 (bsc#1227149). - wifi: mt76: mt7921: move debugfs shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move dma shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move hif_ops macro in mt792x.h (bsc#1227149). - wifi: mt76: mt7921: move init shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move mac shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move mt7921_dma_init in pci.c (bsc#1227149). - wifi: mt76: mt7921: move mt7921u_disconnect mt792x-lib (bsc#1227149). - wifi: mt76: mt7921: move mt792x_hw_dev in mt792x.h (bsc#1227149). - wifi: mt76: mt7921: move mt792x_mutex_{acquire/release} in mt792x.h (bsc#1227149). - wifi: mt76: mt7921: move runtime-pm pci code in mt792x-lib (bsc#1227149). - wifi: mt76: mt7921: move shared runtime-pm code on mt792x-lib (bsc#1227149). - wifi: mt76: mt7921: reduce the size of MCU firmware download Rx queue (bsc#1227149). - wifi: mt76: mt7921: rely on mib_stats shared definition (bsc#1227149). - wifi: mt76: mt7921: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7921: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt7921: remove macro duplication in regs.h (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_dev in mt792x_dev (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_hif_ops in mt792x_hif_ops (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_phy in mt792x_phy (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_sta in mt792x_sta (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_vif in mt792x_vif (bsc#1227149). - wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (stable-fixes). - wifi: mt76: mt7921: support 5.9/6GHz channel config in acpi (bsc#1227149). - wifi: mt76: mt7921: Support temp sensor (bsc#1227149). - wifi: mt76: mt7921: update the channel usage when the regd domain changed (bsc#1227149). - wifi: mt76: mt7925: add flow to avoid chip bt function fail (bsc#1227149). - wifi: mt76: mt7925: add Mediatek Wi-Fi7 driver for mt7925 chips (bsc#1227149). - wifi: mt76: mt7925: add support to set ifs time by mcu command (bsc#1227149). - wifi: mt76: mt7925e: fix use-after-free in free_irq() (bsc#1227149). - wifi: mt76: mt7925: ensure 4-byte alignment for suspend & wow command (bsc#1227149). - wifi: mt76: mt7925: fix connect to 80211b mode fail in 2Ghz band (bsc#1227149). - wifi: mt76: mt7925: fix fw download fail (bsc#1227149). - wifi: mt76: mt7925: fix mcu query command fail (bsc#1227149). - wifi: mt76: mt7925: fix SAP no beacon issue in 5Ghz and 6Ghz band (bsc#1227149). - wifi: mt76: mt7925: fix the wrong data type for scan command (bsc#1227149). - wifi: mt76: mt7925: fix the wrong header translation config (bsc#1227149). - wifi: mt76: mt7925: fix typo in mt7925_init_he_caps (bsc#1227149). - wifi: mt76: mt7925: fix wmm queue mapping (bsc#1227149). - wifi: mt76: mt7925: fix WoW failed in encrypted mode (bsc#1227149). - wifi: mt76: mt7925: remove iftype from mt7925_init_eht_caps signature (bsc#1227149). - wifi: mt76: mt7925: support temperature sensor (bsc#1227149). - wifi: mt76: mt7925: update PCIe DMA settings (bsc#1227149). - wifi: mt76: mt792x: add the illegal value check for mtcl table of acpi (bsc#1227149). - wifi: mt76: mt792x: fix ethtool warning (bsc#1227149). - wifi: mt76: mt792x: introduce mt792x_irq_map (bsc#1227149). - wifi: mt76: mt792x: introduce mt792x-lib module (bsc#1227149). - wifi: mt76: mt792x: introduce mt792x-usb module (bsc#1227149). - wifi: mt76: mt792x: move more dma shared code in mt792x_dma (bsc#1227149). - wifi: mt76: mt792x: move mt7921_load_firmware in mt792x-lib module (bsc#1227149). - wifi: mt76: mt792x: move MT7921_PM_TIMEOUT and MT7921_HW_SCAN_TIMEOUT in common code (bsc#1227149). - wifi: mt76: mt792x: move mt7921_skb_add_usb_sdio_hdr in mt792x module (bsc#1227149). - wifi: mt76: mt792x: move shared structure definition in mt792x.h (bsc#1227149). - wifi: mt76: mt792x: move some common usb code in mt792x module (bsc#1227149). - wifi: mt76: mt792x: support mt7925 chip init (bsc#1227149). - wifi: mt76: mt792xu: enable dmashdl support (bsc#1227149). - wifi: mt76: mt792x: update the country list of EU for ACPI SAR (bsc#1227149). - wifi: mt76: mt7996: add DMA support for mt7992 (bsc#1227149). - wifi: mt76: mt7996: add locking for accessing mapped registers (stable-fixes). - wifi: mt76: mt7996: Add mcu commands for getting sta tx statistic (bsc#1227149). - wifi: mt76: mt7996: add muru support (bsc#1227149). - wifi: mt76: mt7996: add sanity checks for background radar trigger (stable-fixes). - wifi: mt76: mt7996: add support for variants with auxiliary RX path (bsc#1227149). - wifi: mt76: mt7996: add thermal sensor device support (bsc#1227149). - wifi: mt76: mt7996: add txpower setting support (bsc#1227149). - wifi: mt76: mt7996: add TX statistics for EHT mode in debugfs (bsc#1227149). - wifi: mt76: mt7996: adjust interface num and wtbl size for mt7992 (bsc#1227149). - wifi: mt76: mt7996: adjust WFDMA settings to improve performance (bsc#1227149). - wifi: mt76: mt7996: align the format of fixed rate command (bsc#1227149). - wifi: mt76: mt7996: check txs format before getting skb by pid (bsc#1227149). - wifi: mt76: mt7996: disable AMSDU for non-data frames (stable-fixes). - wifi: mt76: mt7996: disable WFDMA Tx/Rx during SER recovery (bsc#1227149). - wifi: mt76: mt7996: drop return in mt7996_sta_statistics (bsc#1227149). - wifi: mt76: mt7996: enable BSS_CHANGED_MU_GROUPS support (bsc#1227149). - wifi: mt76: mt7996: enable PPDU-TxS to host (bsc#1227149). - wifi: mt76: mt7996: enable VHT extended NSS BW feature (bsc#1227149). - wifi: mt76: mt7996: ensure 4-byte alignment for beacon commands (bsc#1227149). - wifi: mt76: mt7996: fix alignment of sta info event (bsc#1227149). - wifi: mt76: mt7996: fix fortify warning (bsc#1227149). - wifi: mt76: mt7996: fix fw loading timeout (bsc#1227149). - wifi: mt76: mt7996: fix mt7996_mcu_all_sta_info_event struct packing (bsc#1227149). - wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature (bsc#1227149). - wifi: mt76: mt7996: fix size of txpower MCU command (bsc#1227149). - wifi: mt76: mt7996: fix uninitialized variable in mt7996_irq_tasklet() (bsc#1227149). - wifi: mt76: mt7996: fix uninitialized variable in parsing txfree (bsc#1227149). - wifi: mt76: mt7996: get tx_retries and tx_failed from txfree (bsc#1227149). - wifi: mt76: mt7996: handle IEEE80211_RC_SMPS_CHANGED (bsc#1227149). - wifi: mt76: mt7996: increase tx token size (bsc#1227149). - wifi: mt76: mt7996: introduce mt7996_band_valid() (bsc#1227149). - wifi: mt76: mt7996: mark GCMP IGTK unsupported (bsc#1227149). - wifi: mt76: mt7996: move radio ctrl commands to proper functions (bsc#1227149). - wifi: mt76: mt7996: only set vif teardown cmds at remove interface (bsc#1227149). - wifi: mt76: mt7996: rely on mib_stats shared definition (bsc#1227149). - wifi: mt76: mt7996: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7996: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt7996: remove periodic MPDU TXS request (bsc#1227149). - wifi: mt76: mt7996: remove TXS queue setting (bsc#1227149). - wifi: mt76: mt7996: rework ampdu params setting (bsc#1227149). - wifi: mt76: mt7996: rework register offsets for mt7992 (bsc#1227149). - wifi: mt76: mt7996: set DMA mask to 36 bits for boards with more than 4GB of RAM (bsc#1227149). - wifi: mt76: mt7996: support more options for mt7996_set_bitrate_mask() (bsc#1227149). - wifi: mt76: mt7996: support mt7992 eeprom loading (bsc#1227149). - wifi: mt76: mt7996: support per-band LED control (bsc#1227149). - wifi: mt76: mt7996: switch to mcu command for TX GI report (bsc#1227149). - wifi: mt76: mt7996: Use DECLARE_FLEX_ARRAY() and fix -Warray-bounds warnings (bsc#1227149). - wifi: mt76: mt7996: use u16 for val field in mt7996_mcu_set_rro signature (bsc#1227149). - wifi: mt76: permit to load precal from NVMEM cell for mt7915 (bsc#1227149). - wifi: mt76: permit to use alternative cell name to eeprom NVMEM load (bsc#1227149). - wifi: mt76: reduce spin_lock_bh held up in mt76_dma_rx_cleanup (bsc#1227149). - wifi: mt76: Remove redundant assignment to variable tidno (bsc#1227149). - wifi: mt76: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: mt76: replace skb_put with skb_put_zero (stable-fixes). - wifi: mt76: Replace strlcpy() with strscpy() (bsc#1227149). - wifi: mt76: report non-binding skb tx rate when WED is active (bsc#1227149). - wifi: mt76: set page_pool napi pointer for mmio devices (bsc#1227149). - wifi: mt76: split get_of_eeprom in subfunction (bsc#1227149). - wifi: mt76: usb: create a dedicated queue for psd traffic (bsc#1227149). - wifi: mt76: usb: store usb endpoint in mt76_queue (bsc#1227149). - wifi: mt76: use atomic iface iteration for pre-TBTT work (bsc#1227149). - wifi: mt76: use chainmask for power delta calculation (bsc#1227149). - wifi: mt76: Use PTR_ERR_OR_ZERO() to simplify code (bsc#1227149). - wifi: mwifiex: cleanup adapter data (bsc#1227149). - wifi: mwifiex: cleanup private data structures (bsc#1227149). - wifi: mwifiex: cleanup struct mwifiex_sdio_mpa_rx (bsc#1227149). - wifi: mwifiex: drop BUG_ON from TX paths (bsc#1227149). - wifi: mwifiex: Drop unused headers (bsc#1227149). - wifi: mwifiex: fix comment typos in SDIO module (bsc#1227149). - wifi: mwifiex: Fix interface type change (git-fixes). - wifi: mwifiex: followup PCIE and related cleanups (bsc#1227149). - wifi: mwifiex: handle possible mwifiex_write_reg() errors (bsc#1227149). - wifi: mwifiex: handle possible sscanf() errors (bsc#1227149). - wifi: mwifiex: mwifiex_process_sleep_confirm_resp(): remove unused priv variable (bsc#1227149). - wifi: mwifiex: prefer strscpy() over strlcpy() (bsc#1227149). - wifi: mwifiex: Refactor 1-element array into flexible array in struct mwifiex_ie_types_chan_list_param_set (bsc#1227149). - wifi: mwifiex: Replace one-element array with flexible-array member in struct mwifiex_ie_types_rxba_sync (bsc#1227149). - wifi: mwifiex: Set WIPHY_FLAG_NETNS_OK flag (bsc#1227149). - wifi: mwifiex: simplify PCIE write operations (bsc#1227149). - wifi: mwifiex: use cfg80211_ssid_eq() instead of mwifiex_ssid_cmp() (bsc#1227149). - wifi: mwifiex: Use default @max_active for workqueues (bsc#1227149). - wifi: mwifiex: Use helpers to check multicast addresses (bsc#1227149). - wifi: mwifiex: use is_zero_ether_addr() instead of ether_addr_equal() (bsc#1227149). - wifi: mwifiex: use kstrtoX_from_user() in debugfs handlers (bsc#1227149). - wifi: mwifiex: Use list_count_nodes() (bsc#1227149). - wifi: mwifiex: use MODULE_FIRMWARE to add firmware files metadata (bsc#1227149). - wifi: mwl8k: initialize cmd->addr[] properly (git-fixes). - wifi: nl80211: additions to NL80211_CMD_SET_BEACON (bsc#1227149). - wifi: nl80211: allow reporting wakeup for unprot deauth/disassoc (bsc#1227149). - wifi: nl80211: Avoid address calculations via out of bounds array indexing (git-fixes). - wifi: nl80211: do not free NULL coalescing rule (git-fixes). - wifi: nl80211: Extend del pmksa support for SAE and OWE security (bsc#1227149). - wifi: nl80211: fixes to FILS discovery updates (bsc#1227149). - wifi: nl80211: refactor nl80211_send_mlme_event() arguments (bsc#1227149). - wifi: nl80211: Remove unused declaration nl80211_pmsr_dump_results() (bsc#1227149). - wifi: p54: Add missing MODULE_FIRMWARE macro (bsc#1227149). - wifi: p54: Annotate struct p54_cal_database with __counted_by (bsc#1227149). - wifi: p54: fix GCC format truncation warning with wiphy->fw_version (bsc#1227149). - wifi: plfxlc: Drop unused include (bsc#1227149). - wifi: radiotap: add bandwidth definition of EHT U-SIG (bsc#1227149). - wifi: remove unused argument of ieee80211_get_tdls_action() (bsc#1227149). - wifi: rsi: fix restricted __le32 degrades to integer sparse warnings (bsc#1227149). - wifi: rsi: rsi_91x_coex: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_debugfs: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_hal: Remove unnecessary conversions (bsc#1227149). - wifi: rsi: rsi_91x_mac80211: Remove unnecessary conversions (bsc#1227149). - wifi: rsi: rsi_91x_main: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_sdio_ops: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_sdio: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_usb_ops: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_usb: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rt2x00: correct MAC_SYS_CTRL register RX mask in R-Calibration (bsc#1227149). - wifi: rt2x00: disable RTS threshold for rt2800 by default (bsc#1227149). - wifi: rt2x00: fix MT7620 low RSSI issue (bsc#1227149). - wifi: rt2x00: fix rt2800 watchdog function (bsc#1227149). - wifi: rt2x00: fix the typo in comments (bsc#1227149). - wifi: rt2x00: improve MT7620 register initialization (bsc#1227149). - wifi: rt2x00: introduce DMA busy check watchdog for rt2800 (bsc#1227149). - wifi: rt2x00: limit MT7620 TX power based on eeprom calibration (bsc#1227149). - wifi: rt2x00: make watchdog param per device (bsc#1227149). - wifi: rt2x00: remove redundant check if u8 array element is less than zero (bsc#1227149). - wifi: rt2x00: remove useless code in rt2x00queue_create_tx_descriptor() (bsc#1227149). - wifi: rt2x00: rework MT7620 channel config function (bsc#1227149). - wifi: rt2x00: rework MT7620 PA/LNA RF calibration (bsc#1227149). - wifi: rt2x00: silence sparse warnings (bsc#1227149). - wifi: rt2x00: Simplify bool conversion (bsc#1227149). - wifi: rt2x00: simplify rt2x00crypto_rx_insert_iv() (bsc#1227149). - wifi: rtl8xxxu: 8188e: convert usage of priv->vif to priv->vifs[0] (bsc#1227149). - wifi: rtl8xxxu: 8188f: Limit TX power index (git-fixes). - wifi: rtl8xxxu: Actually use macid in rtl8xxxu_gen2_report_connect (bsc#1227149). - wifi: rtl8xxxu: Add a description about the device ID 0x7392:0xb722 (bsc#1227149). - wifi: rtl8xxxu: Add beacon functions (bsc#1227149). - wifi: rtl8xxxu: add hw crypto support for AP mode (bsc#1227149). - wifi: rtl8xxxu: add macids for STA mode (bsc#1227149). - wifi: rtl8xxxu: add missing number of sec cam entries for all variants (bsc#1227149). - wifi: rtl8xxxu: Add parameter force to rtl8xxxu_refresh_rate_mask (bsc#1227149). - wifi: rtl8xxxu: Add parameter macid to update_rate_mask (bsc#1227149). - wifi: rtl8xxxu: Add parameter role to report_connect (bsc#1227149). - wifi: rtl8xxxu: Add set_tim() callback (bsc#1227149). - wifi: rtl8xxxu: Add sta_add() and sta_remove() callbacks (bsc#1227149). - wifi: rtl8xxxu: Add start_ap() callback (bsc#1227149). - wifi: rtl8xxxu: Add TP-Link TL-WN823N V2 (bsc#1227149). - wifi: rtl8xxxu: Allow creating interface in AP mode (bsc#1227149). - wifi: rtl8xxxu: Allow setting rts threshold to -1 (bsc#1227149). - wifi: rtl8xxxu: check vif before using in rtl8xxxu_tx() (bsc#1227149). - wifi: rtl8xxxu: Clean up filter configuration (bsc#1227149). - wifi: rtl8xxxu: convert EN_DESC_ID of TX descriptor to le32 type (bsc#1227149). - wifi: rtl8xxxu: Declare AP mode support for 8188f (bsc#1227149). - wifi: rtl8xxxu: declare concurrent mode support for 8188f (bsc#1227149). - wifi: rtl8xxxu: do not parse CFO, if both interfaces are connected in STA mode (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8192EU (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8192FU (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8710BU (RTL8188GU) (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8723BU (bsc#1227149). - wifi: rtl8xxxu: enable channel switch support (bsc#1227149). - wifi: rtl8xxxu: Enable hw seq for mgmt/non-QoS data frames (bsc#1227149). - wifi: rtl8xxxu: enable MFP support with security flag of RX descriptor (bsc#1227149). - wifi: rtl8xxxu: extend check for matching bssid to both interfaces (bsc#1227149). - wifi: rtl8xxxu: extend wifi connected check to both interfaces (bsc#1227149). - wifi: rtl8xxxu: fix error messages (bsc#1227149). - wifi: rtl8xxxu: Fix LED control code of RTL8192FU (bsc#1227149). - wifi: rtl8xxxu: fix mixed declarations in rtl8xxxu_set_aifs() (bsc#1227149). - wifi: rtl8xxxu: Fix off by one initial RTS rate (bsc#1227149). - wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU (stable-fixes). - wifi: rtl8xxxu: make instances of iface limit and combination to be static const (bsc#1227149). - wifi: rtl8xxxu: make supporting AP mode only on port 0 transparent (bsc#1227149). - wifi: rtl8xxxu: mark TOTOLINK N150UA V5/N150UA-B as tested (bsc#1227149). - wifi: rtl8xxxu: prepare supporting two virtual interfaces (bsc#1227149). - wifi: rtl8xxxu: Put the macid in txdesc (bsc#1227149). - wifi: rtl8xxxu: remove assignment of priv->vif in rtl8xxxu_bss_info_changed() (bsc#1227149). - wifi: rtl8xxxu: remove obsolete priv->vif (bsc#1227149). - wifi: rtl8xxxu: Remove usage of ieee80211_get_tx_rate() (bsc#1227149). - wifi: rtl8xxxu: Remove usage of tx_info->control.rates[0].flags (bsc#1227149). - wifi: rtl8xxxu: Rename some registers (bsc#1227149). - wifi: rtl8xxxu: rtl8xxxu_rx_complete(): remove unnecessary return (bsc#1227149). - wifi: rtl8xxxu: Select correct queue for beacon frames (bsc#1227149). - wifi: rtl8xxxu: Set maximum number of supported stations (bsc#1227149). - wifi: rtl8xxxu: support multiple interface in start_ap() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in {add,remove}_interface() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in bss_info_changed() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in configure_filter() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in set_aifs() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in update_beacon_work_callback() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in watchdog_callback() (bsc#1227149). - wifi: rtl8xxxu: Support new chip RTL8192FU (bsc#1227149). - wifi: rtl8xxxu: support setting bssid register for multiple interfaces (bsc#1227149). - wifi: rtl8xxxu: support setting linktype for both interfaces (bsc#1227149). - wifi: rtl8xxxu: support setting mac address register for both interfaces (bsc#1227149). - wifi: rtl8xxxu: Support USB RX aggregation for the newer chips (bsc#1227149). - wifi: rtl8xxxu: update rate mask per sta (bsc#1227149). - wifi: rtlwifi: cleanup few rtlxxx_tx_fill_desc() routines (bsc#1227149). - wifi: rtlwifi: cleanup few rtlxxxx_set_hw_reg() routines (bsc#1227149). - wifi: rtlwifi: cleanup struct rtl_hal (bsc#1227149). - wifi: rtlwifi: cleanup struct rtl_phy (bsc#1227149). - wifi: rtlwifi: cleanup struct rtl_ps_ctl (bsc#1227149). - wifi: rtlwifi: cleanup USB interface (bsc#1227149). - wifi: rtlwifi: Convert to use PCIe capability accessors (bsc#1227149). - wifi: rtlwifi: drop chk_switch_dmdp() from HAL interface (bsc#1227149). - wifi: rtlwifi: drop fill_fake_txdesc() from HAL interface (bsc#1227149). - wifi: rtlwifi: drop pre_fill_tx_bd_desc() from HAL interface (bsc#1227149). - wifi: rtlwifi: drop unused const_amdpci_aspm (bsc#1227149). - wifi: rtlwifi: Ignore IEEE80211_CONF_CHANGE_RETRY_LIMITS (bsc#1227149). - wifi: rtlwifi: Remove bridge vendor/device ids (bsc#1227149). - wifi: rtlwifi: remove misused flag from HAL data (bsc#1227149). - wifi: rtlwifi: Remove rtl_intf_ops.read_efuse_byte (bsc#1227149). - wifi: rtlwifi: remove unreachable code in rtl92d_dm_check_edca_turbo() (bsc#1227149). - wifi: rtlwifi: remove unused dualmac control leftovers (bsc#1227149). - wifi: rtlwifi: Remove unused PCI related defines and struct (bsc#1227149). - wifi: rtlwifi: remove unused timer and related code (bsc#1227149). - wifi: rtlwifi: rtl8192cu: Fix 2T2R chip type detection (bsc#1227149). - wifi: rtlwifi: rtl8192cu: Fix TX aggregation (bsc#1227149). - wifi: rtlwifi: rtl8192de: Do not read register in _rtl92de_query_rxphystatus (bsc#1227149). - wifi: rtlwifi: rtl8192de: Fix 5 GHz TX power (stable-fixes). - wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path (stable-fixes). - wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE (stable-fixes). - wifi: rtlwifi: rtl8723: Remove unused function rtl8723_cmd_send_packet() (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Access full PMCS reg and use pci_regs.h (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Add pdev into _rtl8821ae_clear_pci_pme_status() (bsc#1227149). - wifi: rtlwifi: rtl8821ae: phy: remove some useless code (bsc#1227149). - wifi: rtlwifi: rtl8821ae: phy: using calculate_bit_shift() (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Remove unnecessary PME_Status bit set (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Reverse PM Capability exists check (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Use pci_find_capability() (bsc#1227149). - wifi: rtlwifi: rtl92ee_dm_dynamic_primary_cca_check(): fix typo in function name (bsc#1227149). - wifi: rtlwifi: rtl_usb: Store the endpoint addresses (bsc#1227149). - wifi: rtlwifi: rtl_usb: Use sync register writes (bsc#1227149). - wifi: rtlwifi: set initial values for unexpected cases of USB endpoint priority (bsc#1227149). - wifi: rtlwifi: simplify LED management (bsc#1227149). - wifi: rtlwifi: simplify rtl_action_proc() and rtl_tx_agg_start() (bsc#1227149). - wifi: rtlwifi: simplify TX command fill callbacks (bsc#1227149). - wifi: rtlwifi: Speed up firmware loading for USB (bsc#1227149). - wifi: rtlwifi: use convenient list_count_nodes() (bsc#1227149). - wifi: rtlwifi: use eth_broadcast_addr() to assign broadcast address (bsc#1227149). - wifi: rtlwifi: use helper function rtl_get_hdr() (bsc#1227149). - wifi: rtlwifi: use unsigned long for bt_coexist_8723 timestamp (bsc#1227149). - wifi: rtlwifi: use unsigned long for rtl_bssid_entry timestamp (bsc#1227149). - wifi: rtw88: 8821c: tweak CCK TX filter setting for SRRC regulation (bsc#1227149). - wifi: rtw88: 8821cu: Fix connection failure (stable-fixes). - wifi: rtw88: 8821c: update TX power limit to V67 (bsc#1227149). - wifi: rtw88: 8822ce: refine power parameters for RFE type 5 (bsc#1227149). - wifi: rtw88: 8822c: update TX power limit to V70 (bsc#1227149). - wifi: rtw88: add missing unwind goto for __rtw_download_firmware() (bsc#1227149). - wifi: rtw88: Add missing VID/PIDs for 8811CU and 8821CU (stable-fixes). - wifi: rtw88: Add support for the SDIO based RTL8723DS chipset (bsc#1227149). - wifi: rtw88: debug: add to check if debug mask is enabled (bsc#1227149). - wifi: rtw88: debug: remove wrapper of rtw_dbg() (bsc#1227149). - wifi: rtw88: dump firmware debug information in abnormal state (bsc#1227149). - wifi: rtw88: Fix action frame transmission fail before association (bsc#1227149). - wifi: rtw88: Fix AP mode incorrect DTIM behavior (bsc#1227149). - wifi: rtw88: fix incorrect error codes in rtw_debugfs_copy_from_user (bsc#1227149). - wifi: rtw88: fix incorrect error codes in rtw_debugfs_set_* (bsc#1227149). - wifi: rtw88: fix not entering PS mode after AP stops (bsc#1227149). - wifi: rtw88: fix typo rtw8822cu_probe (bsc#1227149). - wifi: rtw88: process VO packets without workqueue to avoid PTK rekey failed (bsc#1227149). - wifi: rtw88: refine register based H2C command (bsc#1227149). - wifi: rtw88: regd: configure QATAR and UK (bsc#1227149). - wifi: rtw88: regd: update regulatory map to R64-R42 (bsc#1227149). - wifi: rtw88: remove unused and set but unused leftovers (bsc#1227149). - wifi: rtw88: remove unused USB bulkout size set (bsc#1227149). - wifi: rtw88: rtw8723d: Implement RTL8723DS (SDIO) efuse parsing (bsc#1227149). - wifi: rtw88: simplify __rtw_tx_work() (bsc#1227149). - wifi: rtw88: simplify vif iterators (bsc#1227149). - wifi: rtw88: Skip high queue in hci_flush (bsc#1227149). - wifi: rtw88: Stop high queue during scan (bsc#1227149). - wifi: rtw88: use cfg80211_ssid_eq() instead of rtw_ssid_equal() (bsc#1227149). - wifi: rtw88: use kstrtoX_from_user() in debugfs handlers (bsc#1227149). - wifi: rtw88: Use random MAC when efuse MAC invalid (bsc#1227149). - wifi: rtw88: use struct instead of macros to set TX desc (bsc#1227149). - wifi: rtw89: 52c: rfk: disable DPK during MCC (bsc#1227149). - wifi: rtw89: 52c: rfk: refine MCC channel info notification (bsc#1227149). - wifi: rtw89: 8851b: add 8851B basic chip_info (bsc#1227149). - wifi: rtw89: 8851b: add 8851be to Makefile and Kconfig (bsc#1227149). - wifi: rtw89: 8851b: add basic power on function (bsc#1227149). - wifi: rtw89: 8851b: add BT coexistence support function (bsc#1227149). - wifi: rtw89: 8851b: add DLE mem and HFC quota (bsc#1227149). - wifi: rtw89: 8851b: add MAC configurations to chip_info (bsc#1227149). - wifi: rtw89: 8851b: add NCTL post table (bsc#1227149). - wifi: rtw89: 8851b: add RF configurations (bsc#1227149). - wifi: rtw89: 8851b: add set channel function (bsc#1227149). - wifi: rtw89: 8851b: add set_channel_rf() (bsc#1227149). - wifi: rtw89: 8851b: add support WoWLAN to 8851B (bsc#1227149). - wifi: rtw89: 8851b: add to parse efuse content (bsc#1227149). - wifi: rtw89: 8851b: add to read efuse version to recognize hardware version B (bsc#1227149). - wifi: rtw89: 8851b: add TX power related functions (bsc#1227149). - wifi: rtw89: 8851b: configure CRASH_TRIGGER feature for 8851B (bsc#1227149). - wifi: rtw89: 8851b: configure GPIO according to RFE type (bsc#1227149). - wifi: rtw89: 8851b: configure to force 1 TX power value (bsc#1227149). - wifi: rtw89: 8851be: add 8851BE PCI entry and fill PCI capabilities (bsc#1227149). - wifi: rtw89: 8851b: enable hw_scan support (bsc#1227149). - wifi: rtw89: 8851b: fill BB related capabilities to chip_info (bsc#1227149). - wifi: rtw89: 8851b: rfk: add AACK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add DACK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add DPK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add IQK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add LCK track (bsc#1227149). - wifi: rtw89: 8851b: rfk: add RCK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add RX DCK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add TSSI (bsc#1227149). - wifi: rtw89: 8851b: rfk: Fix spelling mistake KIP_RESOTRE -> KIP_RESTORE (bsc#1227149). - wifi: rtw89: 8851b: rfk: update IQK to version 0x8 (bsc#1227149). - wifi: rtw89: 8851b: update RF radio A parameters to R28 (bsc#1227149). - wifi: rtw89: 8851b: update TX power tables to R28 (bsc#1227149). - wifi: rtw89: 8851b: update TX power tables to R34 (bsc#1227149). - wifi: rtw89: 8851b: update TX power tables to R37 (bsc#1227149). - wifi: rtw89: 8852b: fix definition of KIP register number (git-fixes). - wifi: rtw89: 8852b: update TX power tables to R35 (bsc#1227149). - wifi: rtw89: 8852b: update TX power tables to R36 (bsc#1227149). - wifi: rtw89: 8852c: add quirk to set PCI BER for certain platforms (bsc#1227149). - wifi: rtw89: 8852c: declare to support two chanctx (bsc#1227149). - wifi: rtw89: 8852c: Fix TSSI causes transmit power inaccuracy (bsc#1227149). - wifi: rtw89: 8852c: read RX gain offset from efuse for 6GHz channels (bsc#1227149). - wifi: rtw89: 8852c: Update bandedge parameters for better performance (bsc#1227149). - wifi: rtw89: 8852c: update RF radio A/B parameters to R63 (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R63 with 6 GHz power type (1 of 3) (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R63 with 6 GHz power type (2 of 3) (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R63 with 6 GHz power type (3 of 3) (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R67 (bsc#1227149). - wifi: rtw89: 8922a: add 8922A basic chip info (bsc#1227149). - wifi: rtw89: 8922a: add BTG functions to assist BT coexistence to control TX/RX (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::bb_preinit to enable BB before downloading firmware (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::cfg_txrx_path (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::{enable,disable}_bb_rf (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops related to BB init (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::rfk_hw_init (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::rfk_init_late to do initial RF calibrations later (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops to get thermal value (bsc#1227149). - wifi: rtw89: 8922a: add coexistence helpers of SW grant (bsc#1227149). - wifi: rtw89: 8922a: add helper of set_channel (bsc#1227149). - wifi: rtw89: 8922a: add ieee80211_ops::hw_scan (bsc#1227149). - wifi: rtw89: 8922a: add more fields to beacon H2C command to support multi-links (bsc#1227149). - wifi: rtw89: 8922a: add NCTL pre-settings for WiFi 7 chips (bsc#1227149). - wifi: rtw89: 8922a: add power on/off functions (bsc#1227149). - wifi: rtw89: 8922a: add register definitions of H2C, C2H, page, RRSR and EDCCA (bsc#1227149). - wifi: rtw89: 8922a: add RF read/write v2 (bsc#1227149). - wifi: rtw89: 8922a: add SER IMR tables (bsc#1227149). - wifi: rtw89: 8922a: add set_channel BB part (bsc#1227149). - wifi: rtw89: 8922a: add set_channel MAC part (bsc#1227149). - wifi: rtw89: 8922a: add set_channel RF part (bsc#1227149). - wifi: rtw89: 8922a: add TX power related ops (bsc#1227149). - wifi: rtw89: 8922a: configure CRASH_TRIGGER FW feature (bsc#1227149). - wifi: rtw89: 8922a: correct register definition and merge IO for ctrl_nbtg_bt_tx() (bsc#1227149). - wifi: rtw89: 8922a: declare to support two chanctx (bsc#1227149). - wifi: rtw89: 8922a: dump MAC registers when SER occurs (bsc#1227149). - wifi: rtw89: 8922ae: add 8922AE PCI entry and basic info (bsc#1227149). - wifi: rtw89: 8922ae: add v2 interrupt handlers for 8922AE (bsc#1227149). - wifi: rtw89: 8922a: extend and add quota number (bsc#1227149). - wifi: rtw89: 8922a: hook handlers of TX/RX descriptors to chip_ops (bsc#1227149). - wifi: rtw89: 8922a: implement AP mode related reg for BE generation (bsc#1227149). - wifi: rtw89: 8922a: implement {stop,resume}_sch_tx and cfg_ppdu (bsc#1227149). - wifi: rtw89: 8922a: read efuse content from physical map (bsc#1227149). - wifi: rtw89: 8922a: read efuse content via efuse map struct from logic map (bsc#1227149). - wifi: rtw89: 8922a: rfk: implement chip_ops to call RF calibrations (bsc#1227149). - wifi: rtw89: 8922a: set chip_ops FEM and GPIO to NULL (bsc#1227149). - wifi: rtw89: 8922a: set memory heap address for secure firmware (bsc#1227149). - wifi: rtw89: 8922a: set RX gain along with set_channel operation (bsc#1227149). - wifi: rtw89: 8922a: update BA CAM number to 24 (bsc#1227149). - wifi: rtw89: 8922a: update the register used in DIG and the DIG flow (bsc#1227149). - wifi: rtw89: acpi: process 6 GHz band policy from DSM (bsc#1227149). - wifi: rtw89: add C2H event handlers of RFK log and report (bsc#1227149). - wifi: rtw89: add C2H RA event V1 to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: add CFO XTAL registers field to support 8851B (bsc#1227149). - wifi: rtw89: add chip_info::chip_gen to determine chip generation (bsc#1227149). - wifi: rtw89: add chip_info::txwd_info size to generalize TX WD submit (bsc#1227149). - wifi: rtw89: add chip_ops::h2c_ba_cam() to configure BA CAM (bsc#1227149). - wifi: rtw89: add chip_ops::query_rxdesc() and rxd_len as helpers to support newer chips (bsc#1227149). - wifi: rtw89: add chip_ops::update_beacon to abstract update beacon operation (bsc#1227149). - wifi: rtw89: add DBCC H2C to notify firmware the status (bsc#1227149). - wifi: rtw89: add EHT capabilities for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add EHT radiotap in monitor mode (bsc#1227149). - wifi: rtw89: Add EHT rate mask as parameters of RA H2C command (bsc#1227149). - wifi: rtw89: add EVM and SNR statistics to debugfs (bsc#1227149). - wifi: rtw89: add EVM for antenna diversity (bsc#1227149). - wifi: rtw89: add firmware H2C command of BA CAM V1 (bsc#1227149). - wifi: rtw89: add firmware parser for v1 format (bsc#1227149). - wifi: rtw89: add firmware suit for BB MCU 0/1 (bsc#1227149). - wifi: rtw89: add function prototype for coex request duration (bsc#1227149). - wifi: rtw89: add H2C command to download beacon frame for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add H2C RA command V1 to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: add mac_gen pointer to access mac port registers (bsc#1227149). - wifi: rtw89: add mlo_dbcc_mode for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add new H2C command to pause/sleep transmitting by MAC ID (bsc#1227149). - wifi: rtw89: add new H2C for PS mode in 802.11be chip (bsc#1227149). - wifi: rtw89: add reserved size as factor of DLE used size (bsc#1227149). - wifi: rtw89: add RSSI based antenna diversity (bsc#1227149). - wifi: rtw89: add RSSI statistics for the case of antenna diversity to debugfs (bsc#1227149). - wifi: rtw89: add subband index of primary channel to struct rtw89_chan (bsc#1227149). - wifi: rtw89: add to display hardware rates v1 histogram in debugfs (bsc#1227149). - wifi: rtw89: add to fill TX descriptor for firmware command v2 (bsc#1227149). - wifi: rtw89: add to fill TX descriptor v2 (bsc#1227149). - wifi: rtw89: add to parse firmware elements of BB and RF tables (bsc#1227149). - wifi: rtw89: add to query RX descriptor format v2 (bsc#1227149). - wifi: rtw89: add tx_wake notify for 8851B (bsc#1227149). - wifi: rtw89: add wait/completion for abort scan (bsc#1227149). - wifi: rtw89: add XTAL SI for WiFi 7 chips (bsc#1227149). - wifi: rtw89: adjust init_he_cap() to add EHT cap into iftype_data (bsc#1227149). - wifi: rtw89: advertise missing extended scan feature (bsc#1227149). - wifi: rtw89: avoid stringop-overflow warning (bsc#1227149). - wifi: rtw89: call rtw89_chan_get() by vif chanctx if aware of vif (bsc#1227149). - wifi: rtw89: chan: add sub-entity swap function to cover replacing (bsc#1227149). - wifi: rtw89: change naming of BA CAM from V1 to V0_EXT (bsc#1227149). - wifi: rtw89: change qutoa to DBCC by default for WiFi 7 chips (bsc#1227149). - wifi: rtw89: change supported bandwidths of chip_info to bit mask (bsc#1227149). - wifi: rtw89: chan: MCC take reconfig into account (bsc#1227149). - wifi: rtw89: chan: move handling from add/remove to assign/unassign for MLO (bsc#1227149). - wifi: rtw89: chan: support MCC on Wi-Fi 7 chips (bsc#1227149). - wifi: rtw89: chan: tweak bitmap recalc ahead before MLO (bsc#1227149). - wifi: rtw89: chan: tweak weight recalc ahead before MLO (bsc#1227149). - wifi: rtw89: cleanup firmware elements parsing (bsc#1227149). - wifi: rtw89: cleanup private data structures (bsc#1227149). - wifi: rtw89: cleanup rtw89_iqk_info and related code (bsc#1227149). - wifi: rtw89: coex: add annotation __counted_by() for struct rtw89_btc_btf_set_slot_table (bsc#1227149). - wifi: rtw89: coex: add annotation __counted_by() to struct rtw89_btc_btf_set_mon_reg (bsc#1227149). - wifi: rtw89: coex: Add Bluetooth RSSI level information (bsc#1227149). - wifi: rtw89: coex: add BTC ctrl_info version 7 and related logic (bsc#1227149). - wifi: rtw89: coex: Add coexistence policy to decrease WiFi packet CRC-ERR (bsc#1227149). - wifi: rtw89: coex: add init_info H2C command format version 7 (bsc#1227149). - wifi: rtw89: coex: Add Pre-AGC control to enhance Wi-Fi RX performance (bsc#1227149). - wifi: rtw89: coex: add return value to ensure H2C command is success or not (bsc#1227149). - wifi: rtw89: coex: fix configuration for shared antenna for 8922A (bsc#1227149). - wifi: rtw89: coex: Fix wrong Wi-Fi role info and FDDT parameter members (bsc#1227149). - wifi: rtw89: coex: Record down Wi-Fi initial mode information (bsc#1227149). - wifi: rtw89: coex: Reorder H2C command index to align with firmware (bsc#1227149). - wifi: rtw89: coex: Set Bluetooth scan low-priority when Wi-Fi link/scan (bsc#1227149). - wifi: rtw89: coex: Still show hardware grant signal info even Wi-Fi is PS (bsc#1227149). - wifi: rtw89: coex: To improve Wi-Fi performance while BT is idle (bsc#1227149). - wifi: rtw89: coex: Translate antenna configuration from ID to string (bsc#1227149). - wifi: rtw89: coex: Update BTG control related logic (bsc#1227149). - wifi: rtw89: coex: Update coexistence policy for Wi-Fi LPS (bsc#1227149). - wifi: rtw89: coex: Update RF parameter control setting logic (bsc#1227149). - wifi: rtw89: coex: use struct assignment to replace memcpy() to append TDMA content (bsc#1227149). - wifi: rtw89: coex: When Bluetooth not available do not set power/gain (bsc#1227149). - wifi: rtw89: configure PPDU max user by chip (bsc#1227149). - wifi: rtw89: consider RX info for WiFi 7 chips (bsc#1227149). - wifi: rtw89: consolidate registers of mac port to struct (bsc#1227149). - wifi: rtw89: correct aSIFSTime for 6GHz band (stable-fixes). - wifi: rtw89: correct PHY register offset for PHY-1 (bsc#1227149). - wifi: rtw89: correct the DCFO tracking flow to improve CFO compensation (bsc#1227149). - wifi: rtw89: debug: add debugfs entry to disable dynamic mechanism (bsc#1227149). - wifi: rtw89: debug: add FW log component for scan (bsc#1227149). - wifi: rtw89: debug: add to check if debug mask is enabled (bsc#1227149). - wifi: rtw89: debug: remove wrapper of rtw89_debug() (bsc#1227149). - wifi: rtw89: debug: show txpwr table according to chip gen (bsc#1227149). - wifi: rtw89: debug: txpwr table access only valid page according to chip (bsc#1227149). - wifi: rtw89: debug: txpwr table supports Wi-Fi 7 chips (bsc#1227149). - wifi: rtw89: declare EXT NSS BW of VHT capability (bsc#1227149). - wifi: rtw89: declare MCC in interface combination (bsc#1227149). - wifi: rtw89: define hardware rate v1 for WiFi 7 chips (bsc#1227149). - wifi: rtw89: differentiate narrow_bw_ru_dis setting according to chip gen (bsc#1227149). - wifi: rtw89: disable RTS when broadcast/multicast (bsc#1227149). - wifi: rtw89: download firmware with five times retry (bsc#1227149). - wifi: rtw89: drop TIMING_BEACON_ONLY and sync beacon TSF by self (bsc#1227149). - wifi: rtw89: enlarge supported length of read_reg debugfs entry (bsc#1227149). - wifi: rtw89: extend PHY status parser to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() (git-fixes). - wifi: rtw89: fix a width vs precision bug (bsc#1227149). - wifi: rtw89: Fix clang -Wimplicit-fallthrough in rtw89_query_sar() (bsc#1227149). - wifi: rtw89: fix disabling concurrent mode TX hang issue (bsc#1227149). - wifi: rtw89: fix HW scan not aborting properly (git-fixes). - wifi: rtw89: fix HW scan timeout due to TSF sync issue (bsc#1227149). - wifi: rtw89: fix misbehavior of TX beacon in concurrent mode (bsc#1227149). - wifi: rtw89: fix not entering PS mode after AP stops (bsc#1227149). - wifi: rtw89: fix null pointer access when abort scan (stable-fixes). - wifi: rtw89: fix spelling typo of IQK debug messages (bsc#1227149). - wifi: rtw89: fix typo of rtw89_fw_h2c_mcc_macid_bitmap() (bsc#1227149). - wifi: rtw89: fw: add checking type for variant type of firmware (bsc#1227149). - wifi: rtw89: fw: add chip_ops to update CMAC table to associated station (bsc#1227149). - wifi: rtw89: fw: add definition of H2C command and C2H event for MRC series (bsc#1227149). - wifi: rtw89: fw: add H2C command to reset CMAC table for WiFi 7 (bsc#1227149). - wifi: rtw89: fw: add H2C command to reset DMAC table for WiFi 7 (bsc#1227149). - wifi: rtw89: fw: add H2C command to update security CAM v2 (bsc#1227149). - wifi: rtw89: fw: add version field to BB MCU firmware element (bsc#1227149). - wifi: rtw89: fw: consider checksum length of security data (bsc#1227149). - wifi: rtw89: fw: download firmware with key data for secure boot (bsc#1227149). - wifi: rtw89: fw: extend JOIN H2C command to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: fw: extend program counter dump for Wi-Fi 7 chip (bsc#1227149). - wifi: rtw89: fw: fill CMAC table to associated station for WiFi 7 chips (bsc#1227149). - wifi: rtw89: fw: generalize download firmware flow by mac_gen pointers (bsc#1227149). - wifi: rtw89: fw: implement MRC H2C command functions (bsc#1227149). - wifi: rtw89: fw: implement supported functions of download firmware for WiFi 7 chips (bsc#1227149). - wifi: rtw89: fw: load TX power track tables from fw_element (bsc#1227149). - wifi: rtw89: fw: move polling function of firmware path ready to an individual function (bsc#1227149). - wifi: rtw89: fw: parse secure section from firmware file (bsc#1227149). - wifi: rtw89: fw: propagate an argument include_bb for BB MCU firmware (bsc#1227149). - wifi: rtw89: fw: read firmware secure information from efuse (bsc#1227149). - wifi: rtw89: fw: refine download flow to support variant firmware suits (bsc#1227149). - wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband (bsc#1227149). - wifi: rtw89: fw: update TX AMPDU parameter to CMAC table (bsc#1227149). - wifi: rtw89: fw: use struct to fill BA CAM H2C commands (bsc#1227149). - wifi: rtw89: fw: use struct to fill JOIN H2C command (bsc#1227149). - wifi: rtw89: get data rate mode/NSS/MCS v1 from RX descriptor (bsc#1227149). - wifi: rtw89: indicate TX power by rate table inside RFE parameter (bsc#1227149). - wifi: rtw89: indicate TX shape table inside RFE parameter (bsc#1227149). - wifi: rtw89: initialize antenna for antenna diversity (bsc#1227149). - wifi: rtw89: initialize multi-channel handling (bsc#1227149). - wifi: rtw89: introduce infrastructure of firmware elements (bsc#1227149). - wifi: rtw89: introduce realtek ACPI DSM method (bsc#1227149). - wifi: rtw89: Introduce Time Averaged SAR (TAS) feature (bsc#1227149). - wifi: rtw89: introduce v1 format of firmware header (bsc#1227149). - wifi: rtw89: load BB parameters to PHY-1 (bsc#1227149). - wifi: rtw89: load RFK log format string from firmware file (bsc#1227149). - wifi: rtw89: load TX power by rate when RFE parms setup (bsc#1227149). - wifi: rtw89: load TX power related tables from FW elements (bsc#1227149). - wifi: rtw89: mac: add coexistence helpers {cfg/get}_plt (bsc#1227149). - wifi: rtw89: mac: add feature_init to initialize BA CAM V1 (bsc#1227149). - wifi: rtw89: mac: add flags to check if CMAC and DMAC are enabled (bsc#1227149). - wifi: rtw89: mac: add mac_gen_def::band1_offset to map MAC band1 register address (bsc#1227149). - wifi: rtw89: mac: add registers of MU-EDCA parameters for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: add suffix _ax to MAC functions (bsc#1227149). - wifi: rtw89: mac: add sys_init and filter option for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: add to access efuse for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: add to get DLE reserved quota (bsc#1227149). - wifi: rtw89: mac: check queue empty according to chip gen (bsc#1227149). - wifi: rtw89: mac: correct MUEDCA setting for MAC-1 (bsc#1227149). - wifi: rtw89: mac: define internal memory address for WiFi 7 chip (bsc#1227149). - wifi: rtw89: mac: define register address of rx_filter to generalize code (bsc#1227149). - wifi: rtw89: mac: do bf_monitor only if WiFi 6 chips (bsc#1227149). - wifi: rtw89: mac: Fix spelling mistakes 'notfify' -> 'notify' (bsc#1227149). - wifi: rtw89: mac: functions to configure hardware engine and quota for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: generalize code to indirectly access WiFi internal memory (bsc#1227149). - wifi: rtw89: mac: generalize register of MU-EDCA switch according to chip gen (bsc#1227149). - wifi: rtw89: mac: get TX power control register according to chip gen (bsc#1227149). - wifi: rtw89: mac: handle C2H receive/done ACK in interrupt context (bsc#1227149). - wifi: rtw89: mac: implement MRC C2H event handling (bsc#1227149). - wifi: rtw89: mac: implement to configure TX/RX engines for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: move code related to hardware engine to individual functions (bsc#1227149). - wifi: rtw89: mac: refine SER setting during WiFi CPU power on (bsc#1227149). - wifi: rtw89: mac: reset PHY-1 hardware when going to enable/disable (bsc#1227149). - wifi: rtw89: mac: return held quota of DLE when changing MAC-1 (bsc#1227149). - wifi: rtw89: mac: set bf_assoc capabilities according to chip gen (bsc#1227149). - wifi: rtw89: mac: set bfee_ctrl() according to chip gen (bsc#1227149). - wifi: rtw89: mac: update RTS threshold according to chip gen (bsc#1227149). - wifi: rtw89: mac: use mac_gen pointer to access about efuse (bsc#1227149). - wifi: rtw89: mac: use pointer to access functions of hardware engine and quota (bsc#1227149). - wifi: rtw89: mcc: consider and determine BT duration (bsc#1227149). - wifi: rtw89: mcc: deal with beacon NoA if GO exists (bsc#1227149). - wifi: rtw89: mcc: deal with BT slot change (bsc#1227149). - wifi: rtw89: mcc: deal with P2P PS change (bsc#1227149). - wifi: rtw89: mcc: decide pattern and calculate parameters (bsc#1227149). - wifi: rtw89: mcc: fill fundamental configurations (bsc#1227149). - wifi: rtw89: mcc: fix NoA start time when GO is auxiliary (bsc#1227149). - wifi: rtw89: mcc: initialize start flow (bsc#1227149). - wifi: rtw89: mcc: track beacon offset and update when needed (bsc#1227149). - wifi: rtw89: mcc: trigger FW to start/stop MCC (bsc#1227149). - wifi: rtw89: mcc: update role bitmap when changed (bsc#1227149). - wifi: rtw89: modify the register setting and the flow of CFO tracking (bsc#1227149). - wifi: rtw89: move software DCFO compensation setting to proper position (bsc#1227149). - wifi: rtw89: only reset BB/RF for existing WiFi 6 chips while starting up (bsc#1227149). - wifi: rtw89: packet offload wait for FW response (bsc#1227149). - wifi: rtw89: parse and print out RFK log from C2H events (bsc#1227149). - wifi: rtw89: parse EHT information from RX descriptor and PPDU status packet (bsc#1227149). - wifi: rtw89: parse TX EHT rate selected by firmware from RA C2H report (bsc#1227149). - wifi: rtw89: pause/proceed MCC for ROC and HW scan (bsc#1227149). - wifi: rtw89: pci: add LTR v2 for WiFi 7 chip (bsc#1227149). - wifi: rtw89: pci: add new RX ring design to determine full RX ring efficiently (bsc#1227149). - wifi: rtw89: pci: add PCI generation information to pci_info for each chip (bsc#1227149). - wifi: rtw89: pci: add pre_deinit to be called after probe complete (bsc#1227149). - wifi: rtw89: pci: correct interrupt mitigation register for 8852CE (bsc#1227149). - wifi: rtw89: pci: correct TX resource checking for PCI DMA channel of firmware command (git-fixes). - wifi: rtw89: pci: define PCI ring address for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor (stable-fixes). - wifi: rtw89: pci: fix interrupt enable mask for HALT C2H of RTL8851B (bsc#1227149). - wifi: rtw89: pci: generalize code of PCI control DMA IO for WiFi 7 (bsc#1227149). - wifi: rtw89: pci: generalize interrupt status bits of interrupt handlers (bsc#1227149). - wifi: rtw89: pci: implement PCI CLK/ASPM/L1SS for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: implement PCI mac_post_init for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: implement PCI mac_pre_init for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: interrupt v2 refine IMR for SER (bsc#1227149). - wifi: rtw89: pci: reset BDRAM according to chip gen (bsc#1227149). - wifi: rtw89: pci: stop/start DMA for level 1 recovery according to chip gen (bsc#1227149). - wifi: rtw89: pci: update interrupt mitigation register for 8922AE (bsc#1227149). - wifi: rtw89: pci: update SER timer unit and timeout time (bsc#1227149). - wifi: rtw89: pci: use DBI function for 8852AE/8852BE/8851BE (bsc#1227149). - wifi: rtw89: pci: use gen_def pointer to configure mac_{pre,post}_init and clear PCI ring index (bsc#1227149). - wifi: rtw89: pci: validate RX tag for RXQ and RPQ (bsc#1227149). - wifi: rtw89: phy: add BB wrapper of TX power for WiFi 7 chips (bsc#1227149). - wifi: rtw89: phy: add parser to support RX gain dynamic setting flow (bsc#1227149). - wifi: rtw89: phy: add phy_gen_def::cr_base to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: phy: change naming related BT coexistence functions (bsc#1227149). - wifi: rtw89: phy: dynamically adjust EDCCA threshold (bsc#1227149). - wifi: rtw89: phy: extend TX power common stuffs for Wi-Fi 7 chips (bsc#1227149). - wifi: rtw89: phy: generalize valid bit of BSS color (bsc#1227149). - wifi: rtw89: phy: ignore special data from BB parameter file (bsc#1227149). - wifi: rtw89: phy: modify register setting of ENV_MNTR, PHYSTS and DIG (bsc#1227149). - wifi: rtw89: phy: move bb_gain_info used by WiFi 6 chips to union (bsc#1227149). - wifi: rtw89: phy: print out RFK log with formatted string (bsc#1227149). - wifi: rtw89: phy: rate pattern handles HW rate by chip gen (bsc#1227149). - wifi: rtw89: phy: refine helpers used for raw TX power (bsc#1227149). - wifi: rtw89: phy: set channel_info for WiFi 7 chips (bsc#1227149). - wifi: rtw89: phy: set TX power by rate according to chip gen (bsc#1227149). - wifi: rtw89: phy: set TX power limit according to chip gen (bsc#1227149). - wifi: rtw89: phy: set TX power offset according to chip gen (bsc#1227149). - wifi: rtw89: phy: set TX power RU limit according to chip gen (bsc#1227149). - wifi: rtw89: prepare scan leaf functions for wifi 7 ICs (bsc#1227149). - wifi: rtw89: process regulatory for 6 GHz power type (bsc#1227149). - wifi: rtw89: provide functions to configure NoA for beacon update (bsc#1227149). - wifi: rtw89: recognize log format from firmware file (bsc#1227149). - wifi: rtw89: reference quota mode when setting Tx power (bsc#1227149). - wifi: rtw89: Refine active scan behavior in 6 GHz (bsc#1227149). - wifi: rtw89: refine add_chan H2C command to encode_bits (bsc#1227149). - wifi: rtw89: refine bandwidth 160MHz uplink OFDMA performance (bsc#1227149). - wifi: rtw89: refine clearing supported bands to check 2/5 GHz first (bsc#1227149). - wifi: rtw89: refine element naming used by queue empty check (bsc#1227149). - wifi: rtw89: refine H2C command that pause transmitting by MAC ID (bsc#1227149). - wifi: rtw89: refine hardware scan C2H events (bsc#1227149). - wifi: rtw89: refine packet offload delete flow of 6 GHz probe (bsc#1227149). - wifi: rtw89: refine packet offload handling under SER (bsc#1227149). - wifi: rtw89: refine remain on channel flow to improve P2P connection (bsc#1227149). - wifi: rtw89: refine rtw89_correct_cck_chan() by rtw89_hw_to_nl80211_band() (bsc#1227149). - wifi: rtw89: refine uplink trigger based control mechanism (bsc#1227149). - wifi: rtw89: regd: configure Thailand in regulation type (bsc#1227149). - wifi: rtw89: regd: handle policy of 6 GHz according to BIOS (bsc#1227149). - wifi: rtw89: regd: judge 6 GHz according to chip and BIOS (bsc#1227149). - wifi: rtw89: regd: judge UNII-4 according to BIOS and chip (bsc#1227149). - wifi: rtw89: regd: update regulatory map to R64-R40 (bsc#1227149). - wifi: rtw89: regd: update regulatory map to R64-R43 (bsc#1227149). - wifi: rtw89: regd: update regulatory map to R65-R44 (bsc#1227149). - wifi: rtw89: release bit in rtw89_fw_h2c_del_pkt_offload() (bsc#1227149). - wifi: rtw89: return failure if needed firmware elements are not recognized (bsc#1227149). - wifi: rtw89: rfk: add a completion to wait RF calibration report from C2H event (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger DACK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger DPK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger IQK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger RX DCK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger TSSI (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger TXGAPK (bsc#1227149). - wifi: rtw89: rfk: disable driver tracking during MCC (bsc#1227149). - wifi: rtw89: rfk: send channel information to firmware for RF calibrations (bsc#1227149). - wifi: rtw89: sar: let caller decide the center frequency to query (bsc#1227149). - wifi: rtw89: scan offload wait for FW done ACK (bsc#1227149). - wifi: rtw89: ser: L1 add pre-M0 and post-M0 states (bsc#1227149). - wifi: rtw89: ser: reset total_sta_assoc and tdls_peer when L2 (bsc#1227149). - wifi: rtw89: set capability of TX antenna diversity (bsc#1227149). - wifi: rtw89: Set default CQM config if not present (bsc#1227149). - wifi: rtw89: set entry size of address CAM to H2C field by chip (bsc#1227149). - wifi: rtw89: set TX power without precondition during setting channel (bsc#1227149). - wifi: rtw89: show EHT rate in debugfs (bsc#1227149). - wifi: rtw89: support firmware log with formatted text (bsc#1227149). - wifi: rtw89: support U-NII-4 channels on 5GHz band (bsc#1227149). - wifi: rtw89: suppress the log for specific SER called CMDPSR_FRZTO (bsc#1227149). - wifi: rtw89: tweak H2C TX waiting function for SER (bsc#1227149). - wifi: rtw89: TX power stuffs replace confusing naming of _max with _num (bsc#1227149). - wifi: rtw89: update DMA function with different generation (bsc#1227149). - wifi: rtw89: Update EHT PHY beamforming capability (bsc#1227149). - wifi: rtw89: update ps_state register for chips with different generation (bsc#1227149). - wifi: rtw89: update scan C2H messages for wifi 7 IC (bsc#1227149). - wifi: rtw89: update suspend/resume for different generation (bsc#1227149). - wifi: rtw89: use chip_info::small_fifo_size to choose debug_mask (bsc#1227149). - wifi: rtw89: use flexible array member in rtw89_btc_btf_tlv (bsc#1227149). - wifi: rtw89: use PLCP information to match BSS_COLOR and AID (bsc#1227149). - wifi: rtw89: use struct and le32_get_bits() to access received PHY status IEs (bsc#1227149). - wifi: rtw89: use struct and le32_get_bits() to access RX descriptor (bsc#1227149). - wifi: rtw89: use struct and le32_get_bits to access RX info (bsc#1227149). - wifi: rtw89: use struct rtw89_phy_sts_ie0 instead of macro to access PHY IE0 status (bsc#1227149). - wifi: rtw89: use struct to access firmware C2H event header (bsc#1227149). - wifi: rtw89: use struct to access RA report (bsc#1227149). - wifi: rtw89: use struct to access register-based H2C/C2H (bsc#1227149). - wifi: rtw89: use struct to fill H2C command to download beacon frame (bsc#1227149). - wifi: rtw89: use struct to parse firmware header (bsc#1227149). - wifi: rtw89: use struct to set RA H2C command (bsc#1227149). - wifi: rtw89: wow: move release offload packet earlier for WoWLAN mode (bsc#1227149). - wifi: rtw89: wow: refine WoWLAN flows of HCI interrupts and low power mode (bsc#1227149). - wifi: rtw89: wow: set security engine options for 802.11ax chips only (bsc#1227149). - wifi: rtw89: wow: update config mac function with different generation (bsc#1227149). - wifi: rtw89: wow: update WoWLAN reason register for different chips (bsc#1227149). - wifi: rtw89: wow: update WoWLAN status register for different generation (bsc#1227149). - wifi: ti: wlcore: sdio: Drop unused include (bsc#1227149). - wifi: virt_wifi: avoid reporting connection success with wrong SSID (git-fixes). - wifi: virt_wifi: do not use strlen() in const context (git-fixes). - wifi: wcn36xx: Annotate struct wcn36xx_hal_ind_msg with __counted_by (bsc#1227149). - wifi: wcn36xx: Convert to platform remove callback returning void (bsc#1227149). - wifi: wcn36xx: remove unnecessary (void*) conversions (bsc#1227149). - wifi: wext: avoid extra calls to strlen() in ieee80211_bss() (bsc#1227149). - wifi: wfx: allow to send frames during ROC (bsc#1227149). - wifi: wfx: fix power_save setting when AP is stopped (bsc#1227149). - wifi: wfx: implement wfx_remain_on_channel() (bsc#1227149). - wifi: wfx: introduce hif_scan_uniq() (bsc#1227149). - wifi: wfx: move wfx_skb_*() out of the header file (bsc#1227149). - wifi: wfx: relocate wfx_rate_mask_to_hw() (bsc#1227149). - wifi: wfx: scan_lock is global to the device (bsc#1227149). - wifi: wfx: simplify exclusion between scan and Rx filters (bsc#1227149). - wifi: wfx: Use devm_kmemdup to replace devm_kmalloc + memcpy (bsc#1227149). - wifi: wil6210: fw: Replace zero-length arrays with DECLARE_FLEX_ARRAY() helper (bsc#1227149). - wifi: wil6210: wmi: Replace zero-length array with DECLARE_FLEX_ARRAY() helper (bsc#1227149). - wifi: wilc1000: add back-off algorithm to balance tx queue packets (bsc#1227149). - wifi: wilc1000: add missing read critical sections around vif list traversal (bsc#1227149). - wifi: wilc1000: add SPI commands retry mechanism (bsc#1227149). - wifi: wilc1000: always release SDIO host in wilc_sdio_cmd53() (bsc#1227149). - wifi: wilc1000: cleanup struct wilc_conn_info (bsc#1227149). - wifi: wilc1000: correct CRC7 calculation (bsc#1227149). - wifi: wilc1000: fix declarations ordering (bsc#1227149). - wifi: wilc1000: fix driver_handler when committing initial configuration (bsc#1227149). - wifi: wilc1000: fix ies_len type in connect path (git-fixes). - wifi: wilc1000: fix incorrect power down sequence (bsc#1227149). - wifi: wilc1000: Increase ASSOC response buffer (bsc#1227149). - wifi: wilc1000: remove AKM suite be32 conversion for external auth request (bsc#1227149). - wifi: wilc1000: remove setting msg.spi (bsc#1227149). - wifi: wilc1000: Remove unused declarations (bsc#1227149). - wifi: wilc1000: remove use of has_thrpt_enh3 flag (bsc#1227149). - wifi: wilc1000: set preamble size to auto as default in wilc_init_fw_config() (bsc#1227149). - wifi: wilc1000: simplify remain on channel support (bsc#1227149). - wifi: wilc1000: simplify wilc_scan() (bsc#1227149). - wifi: wilc1000: split deeply nested RCU list traversal in dedicated helper (bsc#1227149). - wifi: wilc1000: use SRCU instead of RCU for vif list traversal (bsc#1227149). - wifi: wilc1000: validate chip id during bus probe (bsc#1227149). - wifi: wl1251: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wl18xx: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wlcore: boot: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wlcore: main: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wlcore: sdio: Rate limit wl12xx_sdio_raw_{read,write}() failures warns (bsc#1227149). - wifi: wlcore: sdio: Use module_sdio_driver macro to simplify the code (bsc#1227149). - wifi: zd1211rw: fix typo 'tranmits' (bsc#1227149). - wifi: zd1211rw: remove __nocast from zd_addr_t (bsc#1227149). - wifi: zd1211rw: silence sparse warnings (bsc#1227149). - wireguard: netlink: access device through ctx instead of peer (git-fixes). - wireguard: netlink: check for dangling peer via is_dead instead of empty list (git-fixes). - wireguard: receive: annotate data-race around receiving_counter.counter (git-fixes). - wlcore: spi: Remove redundant of_match_ptr() (bsc#1227149). - Workaround broken chacha crypto fallback (bsc#1218205). - work around gcc bugs with 'asm goto' with outputs (git-fixes). - X.509: Fix the parser of extended key usage for length (bsc#1218820). - x86/amd_nb: Check for invalid SMN reads (git-fixes). - x86/apic: Force native_apic_mem_read() to use the MOV instruction (git-fixes). - x86/asm: Fix build of UML with KASAN (git-fixes). - x86/asm: Remove the __iomem annotation of movdir64b()'s dst argument (git-fixes). - x86/bhi: Avoid warning in #DB handler due to BHI mitigation :(git-fixes). - x86/boot: Ignore NMIs during very early boot (git-fixes). - x86/bugs: Fix BHI retpoline check (git-fixes). - x86/bugs: Fix the SRSO mitigation on Zen3/4 (git-fixes). - x86/bugs: Remove default case for fully switched enums (git-fixes). - x86/calldepth: Rename __x86_return_skl() to call_depth_return_thunk() (git-fixes). - x86/coco: Require seeding RNG with RDRAND on CoCo systems (git-fixes). - x86/cpu: Add model number for Intel Arrow Lake mobile processor (git-fixes). - x86/CPU/AMD: Add models 0x10-0x1f to the Zen5 range (git-fixes). - x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ (git-fixes). - x86/cpu: Provide default cache line size if not enumerated (git-fixes). - x86/csum: clean up `csum_partial' further (git-fixes). - x86/csum: Fix clang -Wuninitialized in csum_partial() (git-fixes). - x86/csum: Improve performance of `csum_partial` (git-fixes). - x86/csum: Remove unnecessary odd handling (git-fixes). - x86/efistub: Add missing boot_params for mixed mode compat entry (git-fixes). - x86/efistub: Call mixed mode boot services on the firmware's stack (git-fixes). - x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (git-fixes). - x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (git-fixes). - x86/head/64: Move the __head definition to &lt;asm/init.h> (git-fixes). - x86/hyperv: Allow 15-bit APIC IDs for VTL platforms (git-fixes). - x86/hyperv: Use per cpu initial stack for vtl context (git-fixes). - x86/insn: Add VEX versions of VPDPBUSD, VPDPBUSDS, VPDPWSSD and VPDPWSSDS (git-fixes). - x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map (git-fixes). - x86/kconfig: Add as-instr64 macro to properly evaluate AS_WRUSS (git-fixes). - x86/Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT (git-fixes). - x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y (git-fixes). - x86/kexec: Fix bug with call depth tracking (git-fixes). - x86/kvm/Kconfig: Have KVM_AMD_SEV select ARCH_HAS_CC_PLATFORM (git-fixes). - x86/mce: Dynamically size space for machine check records (bsc#1222241). - x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (git-fixes). - x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel (git-fixes). - x86/nmi: Drop unused declaration of proc_nmi_enabled() (git-fixes). - x86/nmi: Fix the inverse 'in NMI handler' check (git-fixes). - x86/nospec: Refactor UNTRAIN_RET[_*] (git-fixes). - x86/pm: Work around false positive kmemleak report in msr_build_context() (git-fixes). - x86/purgatory: Switch to the position-independent small code model (git-fixes). - x86/resctrl: Read supported bandwidth sources from CPUID (git-fixes). - x86/resctrl: Remove redundant variable in mbm_config_write_domain() (git-fixes). - x86/rethunk: Use SYM_CODE_START[_LOCAL]_NOALIGN macros (git-fixes). - x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk (git-fixes). - x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO (git-fixes). - x86/sev: Fix position dependent variable references in startup code (git-fixes). - x86/shstk: Make return uprobe work with shadow stack (git-fixes). - x86/speculation, objtool: Use absolute relocations for annotations (git-fixes). - x86/srso: Disentangle rethunk-dependent options (git-fixes). - x86/srso: Fix unret validation dependencies (git-fixes). - x86/srso: Improve i-cache locality for alias mitigation (git-fixes). - x86/srso: Print actual mitigation if requested mitigation isn't possible (git-fixes). - x86/srso: Remove 'pred_cmd' label (git-fixes). - x86/srso: Unexport untraining functions (git-fixes). - x86: Stop using weak symbols for __iowrite32_copy() (bsc#1226502) - x86/tdx: Preserve shared bit on mprotect() (git-fixes). - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962). - x86/uaccess: Fix missed zeroing of ia32 u64 get_user() range checking (git-fixes). - x86/xen: Add some null pointer checking to smp.c (git-fixes). - x86/xen: attempt to inflate the memory balloon on PVH (git-fixes). - xdp, bonding: Fix feature flags when there are no slave devs anymore (git-fixes). - xen/events: drop xen_allocate_irqs_dynamic() (git-fixes). - xen/events: fix error code in xen_bind_pirq_msi_to_irq() (git-fixes). - xen/events: increment refcnt only if event channel is refcounted (git-fixes). - xen/events: modify internal [un]bind interfaces (git-fixes). - xen/events: reduce externally visible helper functions (git-fixes). - xen/events: remove some simple helpers from events_base.c (git-fixes). - xen: evtchn: Allow shared registration of IRQ handers (git-fixes). - xen/evtchn: avoid WARN() when unbinding an event channel (git-fixes). - xen-netfront: Add missing skb_mark_for_recycle (git-fixes). - xen/x86: add extra pages to unpopulated-alloc if available (git-fixes). - xfs: Add cond_resched to block unmap range and reflink remap path (bsc#1228211). - xfs: add lock protection when remove perag from radix tree (git-fixes). - xfs: allow extent free intents to be retried (git-fixes). - xfs: fix perag leak when growfs fails (git-fixes). - xfs: force all buffers to be written during btree bulk load (git-fixes). - xfs: make xchk_iget safer in the presence of corrupt inode btrees (git-fixes). - xfs: pass the xfs_defer_pending object to iop_recover (git-fixes). - xfs: recompute growfsrtfree transaction reservation while growing rt volume (git-fixes). - xfs: transfer recovered intent item ownership in ->iop_recover (git-fixes). - xfs: use roundup_pow_of_two instead of ffs during xlog_find_tail (git-fixes). - xfs: use xfs_defer_pending objects to recover intent items (git-fixes). - xhci: add helper that checks for unhandled events on a event ring (git-fixes). - xhci: always resume roothubs if xHC was reset during resume (stable-fixes). - xhci: Apply broken streams quirk to Etron EJ188 xHCI host (stable-fixes). - xhci: Apply reset resume quirk to Etron EJ188 xHCI host (stable-fixes). - xhci: Handle TD clearing for multiple streams case (git-fixes). - xhci: remove unnecessary event_ring_deq parameter from xhci_handle_event() (git-fixes). - xhci: Set correct transferred length for cancelled bulk transfers (stable-fixes). - xhci: simplify event ring dequeue tracking for transfer events (git-fixes). - xsk: Add truesize to skb_add_rx_frag() (bsc#1214683 (PREEMPT_RT prerequisite backports)). Important SUSE bug 1012628 SUSE bug 1065729 SUSE bug 1181674 SUSE bug 1186716 SUSE bug 1187716 SUSE bug 1193599 SUSE bug 1194869 SUSE bug 1195775 SUSE bug 1204562 SUSE bug 1207948 SUSE bug 1208593 SUSE bug 1209657 SUSE bug 1209834 SUSE bug 1213573 SUSE bug 1214683 SUSE bug 1214852 SUSE bug 1215199 SUSE bug 1215587 SUSE bug 1216196 SUSE bug 1216358 SUSE bug 1216702 SUSE bug 1217384 SUSE bug 1217408 SUSE bug 1217481 SUSE bug 1217489 SUSE bug 1217750 SUSE bug 1217912 SUSE bug 1217959 SUSE bug 1218205 SUSE bug 1218336 SUSE bug 1218442 SUSE bug 1218730 SUSE bug 1218779 SUSE bug 1218820 SUSE bug 1218917 SUSE bug 1219104 SUSE bug 1219170 SUSE bug 1219224 SUSE bug 1219478 SUSE bug 1219596 SUSE bug 1219623 SUSE bug 1219633 SUSE bug 1219832 SUSE bug 1219834 SUSE bug 1219847 SUSE bug 1219953 SUSE bug 1220021 SUSE bug 1220045 SUSE bug 1220120 SUSE bug 1220138 SUSE bug 1220328 SUSE bug 1220342 SUSE bug 1220427 SUSE bug 1220428 SUSE bug 1220430 SUSE bug 1220569 SUSE bug 1220587 SUSE bug 1220783 SUSE bug 1220915 SUSE bug 1220942 SUSE bug 1221044 SUSE bug 1221057 SUSE bug 1221086 SUSE bug 1221293 SUSE bug 1221303 SUSE bug 1221504 SUSE bug 1221612 SUSE bug 1221615 SUSE bug 1221635 SUSE bug 1221645 SUSE bug 1221647 SUSE bug 1221649 SUSE bug 1221654 SUSE bug 1221656 SUSE bug 1221659 SUSE bug 1221765 SUSE bug 1221777 SUSE bug 1221783 SUSE bug 1221816 SUSE bug 1221829 SUSE bug 1221830 SUSE bug 1221858 SUSE bug 1221958 SUSE bug 1222011 SUSE bug 1222015 SUSE bug 1222048 SUSE bug 1222080 SUSE bug 1222115 SUSE bug 1222173 SUSE bug 1222241 SUSE bug 1222264 SUSE bug 1222273 SUSE bug 1222294 SUSE bug 1222301 SUSE bug 1222303 SUSE bug 1222304 SUSE bug 1222307 SUSE bug 1222326 SUSE bug 1222328 SUSE bug 1222357 SUSE bug 1222366 SUSE bug 1222368 SUSE bug 1222371 SUSE bug 1222378 SUSE bug 1222380 SUSE bug 1222385 SUSE bug 1222422 SUSE bug 1222426 SUSE bug 1222428 SUSE bug 1222437 SUSE bug 1222438 SUSE bug 1222445 SUSE bug 1222459 SUSE bug 1222463 SUSE bug 1222489 SUSE bug 1222522 SUSE bug 1222525 SUSE bug 1222531 SUSE bug 1222532 SUSE bug 1222557 SUSE bug 1222559 SUSE bug 1222563 SUSE bug 1222585 SUSE bug 1222588 SUSE bug 1222596 SUSE bug 1222606 SUSE bug 1222608 SUSE bug 1222613 SUSE bug 1222615 SUSE bug 1222617 SUSE bug 1222618 SUSE bug 1222619 SUSE bug 1222622 SUSE bug 1222624 SUSE bug 1222627 SUSE bug 1222630 SUSE bug 1222635 SUSE bug 1222721 SUSE bug 1222727 SUSE bug 1222768 SUSE bug 1222769 SUSE bug 1222771 SUSE bug 1222775 SUSE bug 1222779 SUSE bug 1222780 SUSE bug 1222782 SUSE bug 1222793 SUSE bug 1222799 SUSE bug 1222801 SUSE bug 1222809 SUSE bug 1222810 SUSE bug 1222893 SUSE bug 1222968 SUSE bug 1223007 SUSE bug 1223010 SUSE bug 1223011 SUSE bug 1223013 SUSE bug 1223015 SUSE bug 1223018 SUSE bug 1223020 SUSE bug 1223021 SUSE bug 1223023 SUSE bug 1223024 SUSE bug 1223033 SUSE bug 1223034 SUSE bug 1223035 SUSE bug 1223038 SUSE bug 1223039 SUSE bug 1223041 SUSE bug 1223045 SUSE bug 1223046 SUSE bug 1223051 SUSE bug 1223052 SUSE bug 1223058 SUSE bug 1223060 SUSE bug 1223061 SUSE bug 1223076 SUSE bug 1223077 SUSE bug 1223111 SUSE bug 1223113 SUSE bug 1223138 SUSE bug 1223143 SUSE bug 1223187 SUSE bug 1223189 SUSE bug 1223190 SUSE bug 1223191 SUSE bug 1223198 SUSE bug 1223202 SUSE bug 1223265 SUSE bug 1223285 SUSE bug 1223315 SUSE bug 1223338 SUSE bug 1223369 SUSE bug 1223380 SUSE bug 1223384 SUSE bug 1223390 SUSE bug 1223439 SUSE bug 1223462 SUSE bug 1223532 SUSE bug 1223539 SUSE bug 1223570 SUSE bug 1223575 SUSE bug 1223590 SUSE bug 1223591 SUSE bug 1223592 SUSE bug 1223593 SUSE bug 1223625 SUSE bug 1223629 SUSE bug 1223633 SUSE bug 1223634 SUSE bug 1223637 SUSE bug 1223641 SUSE bug 1223643 SUSE bug 1223649 SUSE bug 1223650 SUSE bug 1223651 SUSE bug 1223652 SUSE bug 1223653 SUSE bug 1223654 SUSE bug 1223655 SUSE bug 1223660 SUSE bug 1223661 SUSE bug 1223664 SUSE bug 1223665 SUSE bug 1223666 SUSE bug 1223668 SUSE bug 1223669 SUSE bug 1223670 SUSE bug 1223671 SUSE bug 1223675 SUSE bug 1223677 SUSE bug 1223678 SUSE bug 1223686 SUSE bug 1223692 SUSE bug 1223693 SUSE bug 1223695 SUSE bug 1223696 SUSE bug 1223698 SUSE bug 1223705 SUSE bug 1223712 SUSE bug 1223718 SUSE bug 1223728 SUSE bug 1223731 SUSE bug 1223732 SUSE bug 1223735 SUSE bug 1223739 SUSE bug 1223740 SUSE bug 1223741 SUSE bug 1223744 SUSE bug 1223745 SUSE bug 1223747 SUSE bug 1223748 SUSE bug 1223749 SUSE bug 1223750 SUSE bug 1223752 SUSE bug 1223754 SUSE bug 1223757 SUSE bug 1223759 SUSE bug 1223761 SUSE bug 1223762 SUSE bug 1223774 SUSE bug 1223778 SUSE bug 1223782 SUSE bug 1223787 SUSE bug 1223788 SUSE bug 1223790 SUSE bug 1223802 SUSE bug 1223804 SUSE bug 1223805 SUSE bug 1223806 SUSE bug 1223807 SUSE bug 1223813 SUSE bug 1223815 SUSE bug 1223822 SUSE bug 1223827 SUSE bug 1223831 SUSE bug 1223834 SUSE bug 1223836 SUSE bug 1223838 SUSE bug 1223863 SUSE bug 1223869 SUSE bug 1223870 SUSE bug 1223871 SUSE bug 1223872 SUSE bug 1223874 SUSE bug 1223944 SUSE bug 1223945 SUSE bug 1223946 SUSE bug 1223991 SUSE bug 1224049 SUSE bug 1224076 SUSE bug 1224096 SUSE bug 1224098 SUSE bug 1224137 SUSE bug 1224166 SUSE bug 1224177 SUSE bug 1224180 SUSE bug 1224181 SUSE bug 1224187 SUSE bug 1224331 SUSE bug 1224414 SUSE bug 1224422 SUSE bug 1224423 SUSE bug 1224429 SUSE bug 1224430 SUSE bug 1224432 SUSE bug 1224433 SUSE bug 1224437 SUSE bug 1224438 SUSE bug 1224439 SUSE bug 1224442 SUSE bug 1224443 SUSE bug 1224445 SUSE bug 1224449 SUSE bug 1224477 SUSE bug 1224479 SUSE bug 1224480 SUSE bug 1224481 SUSE bug 1224482 SUSE bug 1224486 SUSE bug 1224487 SUSE bug 1224488 SUSE bug 1224490 SUSE bug 1224491 SUSE bug 1224492 SUSE bug 1224493 SUSE bug 1224494 SUSE bug 1224495 SUSE bug 1224497 SUSE bug 1224498 SUSE bug 1224499 SUSE bug 1224500 SUSE bug 1224501 SUSE bug 1224502 SUSE bug 1224504 SUSE bug 1224505 SUSE bug 1224506 SUSE bug 1224507 SUSE bug 1224508 SUSE bug 1224509 SUSE bug 1224511 SUSE bug 1224512 SUSE bug 1224513 SUSE bug 1224515 SUSE bug 1224516 SUSE bug 1224517 SUSE bug 1224519 SUSE bug 1224520 SUSE bug 1224521 SUSE bug 1224523 SUSE bug 1224524 SUSE bug 1224525 SUSE bug 1224526 SUSE bug 1224530 SUSE bug 1224531 SUSE bug 1224534 SUSE bug 1224537 SUSE bug 1224539 SUSE bug 1224540 SUSE bug 1224541 SUSE bug 1224542 SUSE bug 1224543 SUSE bug 1224544 SUSE bug 1224545 SUSE bug 1224546 SUSE bug 1224549 SUSE bug 1224550 SUSE bug 1224552 SUSE bug 1224553 SUSE bug 1224555 SUSE bug 1224557 SUSE bug 1224558 SUSE bug 1224559 SUSE bug 1224562 SUSE bug 1224565 SUSE bug 1224566 SUSE bug 1224567 SUSE bug 1224568 SUSE bug 1224569 SUSE bug 1224571 SUSE bug 1224572 SUSE bug 1224573 SUSE bug 1224575 SUSE bug 1224576 SUSE bug 1224577 SUSE bug 1224578 SUSE bug 1224579 SUSE bug 1224580 SUSE bug 1224581 SUSE bug 1224582 SUSE bug 1224583 SUSE bug 1224584 SUSE bug 1224585 SUSE bug 1224586 SUSE bug 1224587 SUSE bug 1224588 SUSE bug 1224589 SUSE bug 1224592 SUSE bug 1224596 SUSE bug 1224598 SUSE bug 1224600 SUSE bug 1224601 SUSE bug 1224602 SUSE bug 1224603 SUSE bug 1224604 SUSE bug 1224605 SUSE bug 1224606 SUSE bug 1224607 SUSE bug 1224608 SUSE bug 1224609 SUSE bug 1224611 SUSE bug 1224612 SUSE bug 1224613 SUSE bug 1224614 SUSE bug 1224615 SUSE bug 1224617 SUSE bug 1224618 SUSE bug 1224619 SUSE bug 1224620 SUSE bug 1224621 SUSE bug 1224622 SUSE bug 1224623 SUSE bug 1224624 SUSE bug 1224626 SUSE bug 1224627 SUSE bug 1224628 SUSE bug 1224629 SUSE bug 1224630 SUSE bug 1224632 SUSE bug 1224633 SUSE bug 1224634 SUSE bug 1224636 SUSE bug 1224637 SUSE bug 1224638 SUSE bug 1224639 SUSE bug 1224640 SUSE bug 1224641 SUSE bug 1224643 SUSE bug 1224644 SUSE bug 1224645 SUSE bug 1224646 SUSE bug 1224647 SUSE bug 1224648 SUSE bug 1224649 SUSE bug 1224650 SUSE bug 1224651 SUSE bug 1224652 SUSE bug 1224653 SUSE bug 1224654 SUSE bug 1224655 SUSE bug 1224657 SUSE bug 1224659 SUSE bug 1224660 SUSE bug 1224661 SUSE bug 1224662 SUSE bug 1224663 SUSE bug 1224664 SUSE bug 1224665 SUSE bug 1224666 SUSE bug 1224667 SUSE bug 1224668 SUSE bug 1224670 SUSE bug 1224671 SUSE bug 1224673 SUSE bug 1224674 SUSE bug 1224675 SUSE bug 1224676 SUSE bug 1224677 SUSE bug 1224678 SUSE bug 1224680 SUSE bug 1224681 SUSE bug 1224682 SUSE bug 1224683 SUSE bug 1224685 SUSE bug 1224686 SUSE bug 1224687 SUSE bug 1224688 SUSE bug 1224692 SUSE bug 1224696 SUSE bug 1224697 SUSE bug 1224698 SUSE bug 1224699 SUSE bug 1224701 SUSE bug 1224703 SUSE bug 1224704 SUSE bug 1224705 SUSE bug 1224706 SUSE bug 1224707 SUSE bug 1224709 SUSE bug 1224710 SUSE bug 1224712 SUSE bug 1224714 SUSE bug 1224716 SUSE bug 1224717 SUSE bug 1224718 SUSE bug 1224719 SUSE bug 1224720 SUSE bug 1224721 SUSE bug 1224722 SUSE bug 1224723 SUSE bug 1224725 SUSE bug 1224727 SUSE bug 1224728 SUSE bug 1224729 SUSE bug 1224730 SUSE bug 1224731 SUSE bug 1224732 SUSE bug 1224733 SUSE bug 1224735 SUSE bug 1224736 SUSE bug 1224738 SUSE bug 1224739 SUSE bug 1224740 SUSE bug 1224741 SUSE bug 1224742 SUSE bug 1224743 SUSE bug 1224747 SUSE bug 1224749 SUSE bug 1224751 SUSE bug 1224759 SUSE bug 1224763 SUSE bug 1224764 SUSE bug 1224765 SUSE bug 1224766 SUSE bug 1224767 SUSE bug 1224790 SUSE bug 1224792 SUSE bug 1224793 SUSE bug 1224803 SUSE bug 1224804 SUSE bug 1224866 SUSE bug 1224928 SUSE bug 1224930 SUSE bug 1224932 SUSE bug 1224933 SUSE bug 1224935 SUSE bug 1224936 SUSE bug 1224937 SUSE bug 1224939 SUSE bug 1224941 SUSE bug 1224944 SUSE bug 1224946 SUSE bug 1224947 SUSE bug 1224949 SUSE bug 1224951 SUSE bug 1224988 SUSE bug 1224989 SUSE bug 1224992 SUSE bug 1224998 SUSE bug 1225000 SUSE bug 1225001 SUSE bug 1225004 SUSE bug 1225006 SUSE bug 1225007 SUSE bug 1225008 SUSE bug 1225009 SUSE bug 1225014 SUSE bug 1225015 SUSE bug 1225022 SUSE bug 1225025 SUSE bug 1225028 SUSE bug 1225029 SUSE bug 1225031 SUSE bug 1225036 SUSE bug 1225041 SUSE bug 1225044 SUSE bug 1225049 SUSE bug 1225050 SUSE bug 1225053 SUSE bug 1225076 SUSE bug 1225077 SUSE bug 1225078 SUSE bug 1225081 SUSE bug 1225085 SUSE bug 1225086 SUSE bug 1225088 SUSE bug 1225090 SUSE bug 1225092 SUSE bug 1225096 SUSE bug 1225097 SUSE bug 1225101 SUSE bug 1225103 SUSE bug 1225104 SUSE bug 1225105 SUSE bug 1225106 SUSE bug 1225108 SUSE bug 1225120 SUSE bug 1225132 SUSE bug 1225133 SUSE bug 1225134 SUSE bug 1225136 SUSE bug 1225172 SUSE bug 1225180 SUSE bug 1225272 SUSE bug 1225300 SUSE bug 1225391 SUSE bug 1225472 SUSE bug 1225475 SUSE bug 1225476 SUSE bug 1225477 SUSE bug 1225478 SUSE bug 1225485 SUSE bug 1225489 SUSE bug 1225490 SUSE bug 1225502 SUSE bug 1225527 SUSE bug 1225529 SUSE bug 1225530 SUSE bug 1225532 SUSE bug 1225534 SUSE bug 1225548 SUSE bug 1225550 SUSE bug 1225553 SUSE bug 1225554 SUSE bug 1225555 SUSE bug 1225556 SUSE bug 1225557 SUSE bug 1225559 SUSE bug 1225560 SUSE bug 1225564 SUSE bug 1225565 SUSE bug 1225566 SUSE bug 1225568 SUSE bug 1225569 SUSE bug 1225570 SUSE bug 1225571 SUSE bug 1225572 SUSE bug 1225573 SUSE bug 1225577 SUSE bug 1225578 SUSE bug 1225579 SUSE bug 1225580 SUSE bug 1225581 SUSE bug 1225583 SUSE bug 1225584 SUSE bug 1225585 SUSE bug 1225586 SUSE bug 1225587 SUSE bug 1225588 SUSE bug 1225589 SUSE bug 1225590 SUSE bug 1225591 SUSE bug 1225592 SUSE bug 1225593 SUSE bug 1225594 SUSE bug 1225595 SUSE bug 1225599 SUSE bug 1225600 SUSE bug 1225601 SUSE bug 1225602 SUSE bug 1225605 SUSE bug 1225607 SUSE bug 1225609 SUSE bug 1225610 SUSE bug 1225611 SUSE bug 1225616 SUSE bug 1225618 SUSE bug 1225640 SUSE bug 1225642 SUSE bug 1225681 SUSE bug 1225692 SUSE bug 1225694 SUSE bug 1225695 SUSE bug 1225696 SUSE bug 1225698 SUSE bug 1225699 SUSE bug 1225702 SUSE bug 1225704 SUSE bug 1225705 SUSE bug 1225708 SUSE bug 1225710 SUSE bug 1225711 SUSE bug 1225712 SUSE bug 1225714 SUSE bug 1225715 SUSE bug 1225717 SUSE bug 1225719 SUSE bug 1225720 SUSE bug 1225722 SUSE bug 1225723 SUSE bug 1225726 SUSE bug 1225728 SUSE bug 1225731 SUSE bug 1225732 SUSE bug 1225734 SUSE bug 1225735 SUSE bug 1225736 SUSE bug 1225737 SUSE bug 1225741 SUSE bug 1225744 SUSE bug 1225745 SUSE bug 1225746 SUSE bug 1225747 SUSE bug 1225748 SUSE bug 1225749 SUSE bug 1225750 SUSE bug 1225752 SUSE bug 1225753 SUSE bug 1225756 SUSE bug 1225757 SUSE bug 1225758 SUSE bug 1225759 SUSE bug 1225760 SUSE bug 1225761 SUSE bug 1225762 SUSE bug 1225763 SUSE bug 1225765 SUSE bug 1225766 SUSE bug 1225767 SUSE bug 1225769 SUSE bug 1225770 SUSE bug 1225773 SUSE bug 1225775 SUSE bug 1225805 SUSE bug 1225810 SUSE bug 1225815 SUSE bug 1225820 SUSE bug 1225823 SUSE bug 1225827 SUSE bug 1225829 SUSE bug 1225830 SUSE bug 1225834 SUSE bug 1225839 SUSE bug 1225840 SUSE bug 1225842 SUSE bug 1225843 SUSE bug 1225847 SUSE bug 1225851 SUSE bug 1225866 SUSE bug 1225872 SUSE bug 1225894 SUSE bug 1225895 SUSE bug 1225896 SUSE bug 1225898 SUSE bug 1225903 SUSE bug 1225945 SUSE bug 1226022 SUSE bug 1226131 SUSE bug 1226145 SUSE bug 1226149 SUSE bug 1226155 SUSE bug 1226158 SUSE bug 1226163 SUSE bug 1226202 SUSE bug 1226211 SUSE bug 1226212 SUSE bug 1226213 SUSE bug 1226226 SUSE bug 1226457 SUSE bug 1226502 SUSE bug 1226503 SUSE bug 1226513 SUSE bug 1226514 SUSE bug 1226520 SUSE bug 1226582 SUSE bug 1226587 SUSE bug 1226588 SUSE bug 1226592 SUSE bug 1226593 SUSE bug 1226594 SUSE bug 1226597 SUSE bug 1226607 SUSE bug 1226608 SUSE bug 1226610 SUSE bug 1226612 SUSE bug 1226613 SUSE bug 1226630 SUSE bug 1226632 SUSE bug 1226633 SUSE bug 1226634 SUSE bug 1226637 SUSE bug 1226657 SUSE bug 1226658 SUSE bug 1226734 SUSE bug 1226735 SUSE bug 1226737 SUSE bug 1226738 SUSE bug 1226739 SUSE bug 1226740 SUSE bug 1226741 SUSE bug 1226742 SUSE bug 1226744 SUSE bug 1226746 SUSE bug 1226747 SUSE bug 1226749 SUSE bug 1226750 SUSE bug 1226754 SUSE bug 1226757 SUSE bug 1226758 SUSE bug 1226760 SUSE bug 1226761 SUSE bug 1226764 SUSE bug 1226767 SUSE bug 1226768 SUSE bug 1226769 SUSE bug 1226771 SUSE bug 1226772 SUSE bug 1226774 SUSE bug 1226775 SUSE bug 1226776 SUSE bug 1226777 SUSE bug 1226780 SUSE bug 1226781 SUSE bug 1226783 SUSE bug 1226788 SUSE bug 1226789 SUSE bug 1226790 SUSE bug 1226791 SUSE bug 1226796 SUSE bug 1226799 SUSE bug 1226837 SUSE bug 1226839 SUSE bug 1226840 SUSE bug 1226841 SUSE bug 1226842 SUSE bug 1226844 SUSE bug 1226848 SUSE bug 1226852 SUSE bug 1226856 SUSE bug 1226857 SUSE bug 1226859 SUSE bug 1226861 SUSE bug 1226863 SUSE bug 1226864 SUSE bug 1226866 SUSE bug 1226867 SUSE bug 1226868 SUSE bug 1226875 SUSE bug 1226876 SUSE bug 1226878 SUSE bug 1226879 SUSE bug 1226883 SUSE bug 1226886 SUSE bug 1226890 SUSE bug 1226891 SUSE bug 1226894 SUSE bug 1226895 SUSE bug 1226905 SUSE bug 1226908 SUSE bug 1226909 SUSE bug 1226911 SUSE bug 1226915 SUSE bug 1226928 SUSE bug 1226934 SUSE bug 1226938 SUSE bug 1226939 SUSE bug 1226941 SUSE bug 1226948 SUSE bug 1226949 SUSE bug 1226950 SUSE bug 1226962 SUSE bug 1226976 SUSE bug 1226989 SUSE bug 1226990 SUSE bug 1226992 SUSE bug 1226993 SUSE bug 1226994 SUSE bug 1226995 SUSE bug 1226996 SUSE bug 1227066 SUSE bug 1227072 SUSE bug 1227085 SUSE bug 1227089 SUSE bug 1227090 SUSE bug 1227096 SUSE bug 1227101 SUSE bug 1227103 SUSE bug 1227149 SUSE bug 1227190 SUSE bug 1227282 SUSE bug 1227362 SUSE bug 1227363 SUSE bug 1227383 SUSE bug 1227432 SUSE bug 1227433 SUSE bug 1227434 SUSE bug 1227435 SUSE bug 1227443 SUSE bug 1227446 SUSE bug 1227447 SUSE bug 1227487 SUSE bug 1227573 SUSE bug 1227626 SUSE bug 1227716 SUSE bug 1227719 SUSE bug 1227723 SUSE bug 1227730 SUSE bug 1227736 SUSE bug 1227755 SUSE bug 1227757 SUSE bug 1227762 SUSE bug 1227763 SUSE bug 1227779 SUSE bug 1227780 SUSE bug 1227783 SUSE bug 1227786 SUSE bug 1227788 SUSE bug 1227789 SUSE bug 1227797 SUSE bug 1227800 SUSE bug 1227801 SUSE bug 1227803 SUSE bug 1227806 SUSE bug 1227813 SUSE bug 1227814 SUSE bug 1227836 SUSE bug 1227855 SUSE bug 1227862 SUSE bug 1227866 SUSE bug 1227886 SUSE bug 1227899 SUSE bug 1227910 SUSE bug 1227913 SUSE bug 1227926 SUSE bug 1228090 SUSE bug 1228192 SUSE bug 1228193 SUSE bug 1228211 SUSE bug 1228269 SUSE bug 1228289 SUSE bug 1228327 SUSE bug 1228328 SUSE bug 1228403 SUSE bug 1228405 SUSE bug 1228408 SUSE bug 1228417 CVE-2021-47432 at SUSE CVE-2021-47432 at NVD CVE-2022-48772 at SUSE CVE-2022-48772 at NVD CVE-2023-0160 at SUSE CVE-2023-0160 at NVD CVE-2023-38417 at SUSE CVE-2023-38417 at NVD CVE-2023-47210 at SUSE CVE-2023-47210 at NVD CVE-2023-51780 at SUSE CVE-2023-51780 at NVD CVE-2023-52435 at SUSE CVE-2023-52435 at NVD CVE-2023-52458 at SUSE CVE-2023-52458 at NVD CVE-2023-52472 at SUSE CVE-2023-52472 at NVD CVE-2023-52503 at SUSE CVE-2023-52503 at NVD CVE-2023-52616 at SUSE CVE-2023-52616 at NVD CVE-2023-52618 at SUSE CVE-2023-52618 at NVD CVE-2023-52622 at SUSE CVE-2023-52622 at NVD CVE-2023-52631 at SUSE CVE-2023-52631 at NVD CVE-2023-52635 at SUSE CVE-2023-52635 at NVD CVE-2023-52640 at SUSE CVE-2023-52640 at NVD CVE-2023-52641 at SUSE CVE-2023-52641 at NVD CVE-2023-52645 at SUSE CVE-2023-52645 at NVD CVE-2023-52652 at SUSE CVE-2023-52652 at NVD CVE-2023-52653 at SUSE CVE-2023-52653 at NVD CVE-2023-52656 at SUSE CVE-2023-52656 at NVD CVE-2023-52657 at SUSE CVE-2023-52657 at NVD CVE-2023-52658 at SUSE CVE-2023-52658 at NVD CVE-2023-52659 at SUSE CVE-2023-52659 at NVD CVE-2023-52660 at SUSE CVE-2023-52660 at NVD CVE-2023-52661 at SUSE CVE-2023-52661 at NVD CVE-2023-52662 at SUSE CVE-2023-52662 at NVD CVE-2023-52663 at SUSE CVE-2023-52663 at NVD CVE-2023-52664 at SUSE CVE-2023-52664 at NVD CVE-2023-52667 at SUSE CVE-2023-52667 at NVD CVE-2023-52669 at SUSE CVE-2023-52669 at NVD CVE-2023-52670 at SUSE CVE-2023-52670 at NVD CVE-2023-52671 at SUSE CVE-2023-52671 at NVD CVE-2023-52672 at SUSE CVE-2023-52672 at NVD CVE-2023-52673 at SUSE CVE-2023-52673 at NVD CVE-2023-52674 at SUSE CVE-2023-52674 at NVD CVE-2023-52675 at SUSE CVE-2023-52675 at NVD CVE-2023-52676 at SUSE CVE-2023-52676 at NVD CVE-2023-52678 at SUSE CVE-2023-52678 at NVD CVE-2023-52679 at SUSE CVE-2023-52679 at NVD CVE-2023-52680 at SUSE CVE-2023-52680 at NVD CVE-2023-52681 at SUSE CVE-2023-52681 at NVD CVE-2023-52683 at SUSE CVE-2023-52683 at NVD CVE-2023-52685 at SUSE CVE-2023-52685 at NVD CVE-2023-52686 at SUSE CVE-2023-52686 at NVD CVE-2023-52687 at SUSE CVE-2023-52687 at NVD CVE-2023-52690 at SUSE CVE-2023-52690 at NVD CVE-2023-52691 at SUSE CVE-2023-52691 at NVD CVE-2023-52692 at SUSE CVE-2023-52692 at NVD CVE-2023-52693 at SUSE CVE-2023-52693 at NVD CVE-2023-52694 at SUSE CVE-2023-52694 at NVD CVE-2023-52695 at SUSE CVE-2023-52695 at NVD CVE-2023-52696 at SUSE CVE-2023-52696 at NVD CVE-2023-52697 at SUSE CVE-2023-52697 at NVD CVE-2023-52698 at SUSE CVE-2023-52698 at NVD CVE-2023-52699 at SUSE CVE-2023-52699 at NVD CVE-2023-52735 at SUSE CVE-2023-52735 at NVD CVE-2023-52749 at SUSE CVE-2023-52749 at NVD CVE-2023-52750 at SUSE CVE-2023-52750 at NVD CVE-2023-52751 at SUSE CVE-2023-52751 at NVD CVE-2023-52753 at SUSE CVE-2023-52753 at NVD CVE-2023-52754 at SUSE CVE-2023-52754 at NVD CVE-2023-52757 at SUSE CVE-2023-52757 at NVD CVE-2023-52759 at SUSE CVE-2023-52759 at NVD CVE-2023-52762 at SUSE CVE-2023-52762 at NVD CVE-2023-52763 at SUSE CVE-2023-52763 at NVD CVE-2023-52764 at SUSE CVE-2023-52764 at NVD CVE-2023-52765 at SUSE CVE-2023-52765 at NVD CVE-2023-52766 at SUSE CVE-2023-52766 at NVD CVE-2023-52767 at SUSE CVE-2023-52767 at NVD CVE-2023-52768 at SUSE CVE-2023-52768 at NVD CVE-2023-52769 at SUSE CVE-2023-52769 at NVD CVE-2023-52771 at SUSE CVE-2023-52771 at NVD CVE-2023-52772 at SUSE CVE-2023-52772 at NVD CVE-2023-52773 at SUSE CVE-2023-52773 at NVD CVE-2023-52774 at SUSE CVE-2023-52774 at NVD CVE-2023-52775 at SUSE CVE-2023-52775 at NVD CVE-2023-52776 at SUSE CVE-2023-52776 at NVD CVE-2023-52777 at SUSE CVE-2023-52777 at NVD CVE-2023-52780 at SUSE CVE-2023-52780 at NVD CVE-2023-52781 at SUSE CVE-2023-52781 at NVD CVE-2023-52782 at SUSE CVE-2023-52782 at NVD CVE-2023-52783 at SUSE CVE-2023-52783 at NVD CVE-2023-52784 at SUSE CVE-2023-52784 at NVD CVE-2023-52786 at SUSE CVE-2023-52786 at NVD CVE-2023-52787 at SUSE CVE-2023-52787 at NVD CVE-2023-52788 at SUSE CVE-2023-52788 at NVD CVE-2023-52789 at SUSE CVE-2023-52789 at NVD CVE-2023-52791 at SUSE CVE-2023-52791 at NVD CVE-2023-52792 at SUSE CVE-2023-52792 at NVD CVE-2023-52794 at SUSE CVE-2023-52794 at NVD CVE-2023-52795 at SUSE CVE-2023-52795 at NVD CVE-2023-52796 at SUSE CVE-2023-52796 at NVD CVE-2023-52798 at SUSE CVE-2023-52798 at NVD CVE-2023-52799 at SUSE CVE-2023-52799 at NVD CVE-2023-52800 at SUSE CVE-2023-52800 at NVD CVE-2023-52801 at SUSE CVE-2023-52801 at NVD CVE-2023-52803 at SUSE CVE-2023-52803 at NVD CVE-2023-52804 at SUSE CVE-2023-52804 at NVD CVE-2023-52805 at SUSE CVE-2023-52805 at NVD CVE-2023-52806 at SUSE CVE-2023-52806 at NVD CVE-2023-52807 at SUSE CVE-2023-52807 at NVD CVE-2023-52808 at SUSE CVE-2023-52808 at NVD CVE-2023-52809 at SUSE CVE-2023-52809 at NVD CVE-2023-52810 at SUSE CVE-2023-52810 at NVD CVE-2023-52811 at SUSE CVE-2023-52811 at NVD CVE-2023-52812 at SUSE CVE-2023-52812 at NVD CVE-2023-52813 at SUSE CVE-2023-52813 at NVD CVE-2023-52814 at SUSE CVE-2023-52814 at NVD CVE-2023-52815 at SUSE CVE-2023-52815 at NVD CVE-2023-52816 at SUSE CVE-2023-52816 at NVD CVE-2023-52817 at SUSE CVE-2023-52817 at NVD CVE-2023-52818 at SUSE CVE-2023-52818 at NVD CVE-2023-52819 at SUSE CVE-2023-52819 at NVD CVE-2023-52821 at SUSE CVE-2023-52821 at NVD CVE-2023-52825 at SUSE CVE-2023-52825 at NVD CVE-2023-52826 at SUSE CVE-2023-52826 at NVD CVE-2023-52827 at SUSE CVE-2023-52827 at NVD CVE-2023-52829 at SUSE CVE-2023-52829 at NVD CVE-2023-52832 at SUSE CVE-2023-52832 at NVD CVE-2023-52833 at SUSE CVE-2023-52833 at NVD CVE-2023-52834 at SUSE CVE-2023-52834 at NVD CVE-2023-52835 at SUSE CVE-2023-52835 at NVD CVE-2023-52836 at SUSE CVE-2023-52836 at NVD CVE-2023-52837 at SUSE CVE-2023-52837 at NVD CVE-2023-52838 at SUSE CVE-2023-52838 at NVD CVE-2023-52840 at SUSE CVE-2023-52840 at NVD CVE-2023-52841 at SUSE CVE-2023-52841 at NVD CVE-2023-52842 at SUSE CVE-2023-52842 at NVD CVE-2023-52843 at SUSE CVE-2023-52843 at NVD CVE-2023-52844 at SUSE CVE-2023-52844 at NVD CVE-2023-52845 at SUSE CVE-2023-52845 at NVD CVE-2023-52847 at SUSE CVE-2023-52847 at NVD CVE-2023-52849 at SUSE CVE-2023-52849 at NVD CVE-2023-52850 at SUSE CVE-2023-52850 at NVD CVE-2023-52851 at SUSE CVE-2023-52851 at NVD CVE-2023-52853 at SUSE CVE-2023-52853 at NVD CVE-2023-52854 at SUSE CVE-2023-52854 at NVD CVE-2023-52855 at SUSE CVE-2023-52855 at NVD CVE-2023-52856 at SUSE CVE-2023-52856 at NVD CVE-2023-52857 at SUSE CVE-2023-52857 at NVD CVE-2023-52858 at SUSE CVE-2023-52858 at NVD CVE-2023-52860 at SUSE CVE-2023-52860 at NVD CVE-2023-52861 at SUSE CVE-2023-52861 at NVD CVE-2023-52862 at SUSE CVE-2023-52862 at NVD CVE-2023-52863 at SUSE CVE-2023-52863 at NVD CVE-2023-52864 at SUSE CVE-2023-52864 at NVD CVE-2023-52865 at SUSE CVE-2023-52865 at NVD CVE-2023-52866 at SUSE CVE-2023-52866 at NVD CVE-2023-52867 at SUSE CVE-2023-52867 at NVD CVE-2023-52868 at SUSE CVE-2023-52868 at NVD CVE-2023-52869 at SUSE CVE-2023-52869 at NVD CVE-2023-52870 at SUSE CVE-2023-52870 at NVD CVE-2023-52871 at SUSE CVE-2023-52871 at NVD CVE-2023-52872 at SUSE CVE-2023-52872 at NVD CVE-2023-52873 at SUSE CVE-2023-52873 at NVD CVE-2023-52874 at SUSE CVE-2023-52874 at NVD CVE-2023-52875 at SUSE CVE-2023-52875 at NVD CVE-2023-52876 at SUSE CVE-2023-52876 at NVD CVE-2023-52877 at SUSE CVE-2023-52877 at NVD CVE-2023-52878 at SUSE CVE-2023-52878 at NVD CVE-2023-52879 at SUSE CVE-2023-52879 at NVD CVE-2023-52880 at SUSE CVE-2023-52880 at NVD CVE-2023-52881 at SUSE CVE-2023-52881 at NVD CVE-2023-52882 at SUSE CVE-2023-52882 at NVD CVE-2023-52883 at SUSE CVE-2023-52883 at NVD CVE-2023-52884 at SUSE CVE-2023-52884 at NVD CVE-2023-6238 at SUSE CVE-2023-6238 at NVD CVE-2023-7042 at SUSE CVE-2023-7042 at NVD CVE-2024-0639 at SUSE CVE-2024-0639 at NVD CVE-2024-21823 at SUSE CVE-2024-21823 at NVD CVE-2024-22099 at SUSE CVE-2024-22099 at NVD CVE-2024-23848 at SUSE CVE-2024-23848 at NVD CVE-2024-24861 at SUSE CVE-2024-24861 at NVD CVE-2024-25739 at SUSE CVE-2024-25739 at NVD CVE-2024-25741 at SUSE CVE-2024-25741 at NVD CVE-2024-26601 at SUSE CVE-2024-26601 at NVD CVE-2024-26611 at SUSE CVE-2024-26611 at NVD CVE-2024-26614 at SUSE CVE-2024-26614 at NVD CVE-2024-26615 at SUSE CVE-2024-26615 at NVD CVE-2024-26623 at SUSE CVE-2024-26623 at NVD CVE-2024-26625 at SUSE CVE-2024-26625 at NVD CVE-2024-26632 at SUSE CVE-2024-26632 at NVD CVE-2024-26633 at SUSE CVE-2024-26633 at NVD CVE-2024-26635 at SUSE CVE-2024-26635 at NVD CVE-2024-26636 at SUSE CVE-2024-26636 at NVD CVE-2024-26638 at SUSE CVE-2024-26638 at NVD CVE-2024-26641 at SUSE CVE-2024-26641 at NVD CVE-2024-26642 at SUSE CVE-2024-26642 at NVD CVE-2024-26643 at SUSE CVE-2024-26643 at NVD CVE-2024-26650 at SUSE CVE-2024-26650 at NVD CVE-2024-26652 at SUSE CVE-2024-26652 at NVD CVE-2024-26654 at SUSE CVE-2024-26654 at NVD CVE-2024-26656 at SUSE CVE-2024-26656 at NVD CVE-2024-26657 at SUSE CVE-2024-26657 at NVD CVE-2024-26663 at SUSE CVE-2024-26663 at NVD CVE-2024-26665 at SUSE CVE-2024-26665 at NVD CVE-2024-26671 at SUSE CVE-2024-26671 at NVD CVE-2024-26673 at SUSE CVE-2024-26673 at NVD CVE-2024-26674 at SUSE CVE-2024-26674 at NVD CVE-2024-26676 at SUSE CVE-2024-26676 at NVD CVE-2024-26679 at SUSE CVE-2024-26679 at NVD CVE-2024-26684 at SUSE CVE-2024-26684 at NVD CVE-2024-26685 at SUSE CVE-2024-26685 at NVD CVE-2024-26691 at SUSE CVE-2024-26691 at NVD CVE-2024-26704 at SUSE CVE-2024-26704 at NVD CVE-2024-26714 at SUSE CVE-2024-26714 at NVD CVE-2024-26726 at SUSE CVE-2024-26726 at NVD CVE-2024-26731 at SUSE CVE-2024-26731 at NVD CVE-2024-26733 at SUSE CVE-2024-26733 at NVD CVE-2024-26734 at SUSE CVE-2024-26734 at NVD CVE-2024-26737 at SUSE CVE-2024-26737 at NVD CVE-2024-26739 at SUSE CVE-2024-26739 at NVD CVE-2024-26740 at SUSE CVE-2024-26740 at NVD CVE-2024-26742 at SUSE CVE-2024-26742 at NVD CVE-2024-26750 at SUSE CVE-2024-26750 at NVD CVE-2024-26756 at SUSE CVE-2024-26756 at NVD CVE-2024-26758 at SUSE CVE-2024-26758 at NVD CVE-2024-26760 at SUSE CVE-2024-26760 at NVD CVE-2024-26761 at SUSE CVE-2024-26761 at NVD CVE-2024-26764 at SUSE CVE-2024-26764 at NVD CVE-2024-26767 at SUSE CVE-2024-26767 at NVD CVE-2024-26769 at SUSE CVE-2024-26769 at NVD CVE-2024-26772 at SUSE CVE-2024-26772 at NVD CVE-2024-26773 at SUSE CVE-2024-26773 at NVD CVE-2024-26774 at SUSE CVE-2024-26774 at NVD CVE-2024-26775 at SUSE CVE-2024-26775 at NVD CVE-2024-26780 at SUSE CVE-2024-26780 at NVD CVE-2024-26783 at SUSE CVE-2024-26783 at NVD CVE-2024-26785 at SUSE CVE-2024-26785 at NVD CVE-2024-26786 at SUSE CVE-2024-26786 at NVD CVE-2024-26791 at SUSE CVE-2024-26791 at NVD CVE-2024-26793 at SUSE CVE-2024-26793 at NVD CVE-2024-26794 at SUSE CVE-2024-26794 at NVD CVE-2024-26802 at SUSE CVE-2024-26802 at NVD CVE-2024-26805 at SUSE CVE-2024-26805 at NVD CVE-2024-26807 at SUSE CVE-2024-26807 at NVD CVE-2024-26813 at SUSE CVE-2024-26813 at NVD CVE-2024-26814 at SUSE CVE-2024-26814 at NVD CVE-2024-26815 at SUSE CVE-2024-26815 at NVD CVE-2024-26816 at SUSE CVE-2024-26816 at NVD CVE-2024-26822 at SUSE CVE-2024-26822 at NVD CVE-2024-26826 at SUSE CVE-2024-26826 at NVD CVE-2024-26832 at SUSE CVE-2024-26832 at NVD CVE-2024-26836 at SUSE CVE-2024-26836 at NVD CVE-2024-26842 at SUSE CVE-2024-26842 at NVD CVE-2024-26844 at SUSE CVE-2024-26844 at NVD CVE-2024-26845 at SUSE CVE-2024-26845 at NVD CVE-2024-26846 at SUSE CVE-2024-26846 at NVD CVE-2024-26853 at SUSE CVE-2024-26853 at NVD CVE-2024-26854 at SUSE CVE-2024-26854 at NVD CVE-2024-26855 at SUSE CVE-2024-26855 at NVD CVE-2024-26856 at SUSE CVE-2024-26856 at NVD CVE-2024-26857 at SUSE CVE-2024-26857 at NVD CVE-2024-26858 at SUSE CVE-2024-26858 at NVD CVE-2024-26860 at SUSE CVE-2024-26860 at NVD CVE-2024-26861 at SUSE CVE-2024-26861 at NVD CVE-2024-26862 at SUSE CVE-2024-26862 at NVD CVE-2024-26863 at SUSE CVE-2024-26863 at NVD CVE-2024-26866 at SUSE CVE-2024-26866 at NVD CVE-2024-26868 at SUSE CVE-2024-26868 at NVD CVE-2024-26870 at SUSE CVE-2024-26870 at NVD CVE-2024-26878 at SUSE CVE-2024-26878 at NVD CVE-2024-26881 at SUSE CVE-2024-26881 at NVD CVE-2024-26882 at SUSE CVE-2024-26882 at NVD CVE-2024-26883 at SUSE CVE-2024-26883 at NVD CVE-2024-26884 at SUSE CVE-2024-26884 at NVD CVE-2024-26885 at SUSE CVE-2024-26885 at NVD CVE-2024-26889 at SUSE CVE-2024-26889 at NVD CVE-2024-26899 at SUSE CVE-2024-26899 at NVD CVE-2024-26900 at SUSE CVE-2024-26900 at NVD CVE-2024-26901 at SUSE CVE-2024-26901 at NVD CVE-2024-26903 at SUSE CVE-2024-26903 at NVD CVE-2024-26906 at SUSE CVE-2024-26906 at NVD CVE-2024-26909 at SUSE CVE-2024-26909 at NVD CVE-2024-26920 at SUSE CVE-2024-26920 at NVD CVE-2024-26921 at SUSE CVE-2024-26921 at NVD CVE-2024-26922 at SUSE CVE-2024-26922 at NVD CVE-2024-26923 at SUSE CVE-2024-26923 at NVD CVE-2024-26925 at SUSE CVE-2024-26925 at NVD CVE-2024-26928 at SUSE CVE-2024-26928 at NVD CVE-2024-26932 at SUSE CVE-2024-26932 at NVD CVE-2024-26933 at SUSE CVE-2024-26933 at NVD CVE-2024-26934 at SUSE CVE-2024-26934 at NVD CVE-2024-26935 at SUSE CVE-2024-26935 at NVD CVE-2024-26937 at SUSE CVE-2024-26937 at NVD CVE-2024-26938 at SUSE CVE-2024-26938 at NVD CVE-2024-26940 at SUSE CVE-2024-26940 at NVD CVE-2024-26943 at SUSE CVE-2024-26943 at NVD CVE-2024-26944 at SUSE CVE-2024-26944 at NVD CVE-2024-26945 at SUSE CVE-2024-26945 at NVD CVE-2024-26946 at SUSE CVE-2024-26946 at NVD CVE-2024-26948 at SUSE CVE-2024-26948 at NVD CVE-2024-26949 at SUSE CVE-2024-26949 at NVD CVE-2024-26950 at SUSE CVE-2024-26950 at NVD CVE-2024-26951 at SUSE CVE-2024-26951 at NVD CVE-2024-26957 at SUSE CVE-2024-26957 at NVD CVE-2024-26958 at SUSE CVE-2024-26958 at NVD CVE-2024-26960 at SUSE CVE-2024-26960 at NVD CVE-2024-26961 at SUSE CVE-2024-26961 at NVD CVE-2024-26962 at SUSE CVE-2024-26962 at NVD CVE-2024-26963 at SUSE CVE-2024-26963 at NVD CVE-2024-26964 at SUSE CVE-2024-26964 at NVD CVE-2024-26972 at SUSE CVE-2024-26972 at NVD CVE-2024-26973 at SUSE CVE-2024-26973 at NVD CVE-2024-26978 at SUSE CVE-2024-26978 at NVD CVE-2024-26981 at SUSE CVE-2024-26981 at NVD CVE-2024-26982 at SUSE CVE-2024-26982 at NVD CVE-2024-26983 at SUSE CVE-2024-26983 at NVD CVE-2024-26984 at SUSE CVE-2024-26984 at NVD CVE-2024-26986 at SUSE CVE-2024-26986 at NVD CVE-2024-26988 at SUSE CVE-2024-26988 at NVD CVE-2024-26989 at SUSE CVE-2024-26989 at NVD CVE-2024-26990 at SUSE CVE-2024-26990 at NVD CVE-2024-26991 at SUSE CVE-2024-26991 at NVD CVE-2024-26992 at SUSE CVE-2024-26992 at NVD CVE-2024-26993 at SUSE CVE-2024-26993 at NVD CVE-2024-26994 at SUSE CVE-2024-26994 at NVD CVE-2024-26995 at SUSE CVE-2024-26995 at NVD CVE-2024-26996 at SUSE CVE-2024-26996 at NVD CVE-2024-26997 at SUSE CVE-2024-26997 at NVD CVE-2024-26999 at SUSE CVE-2024-26999 at NVD CVE-2024-27000 at SUSE CVE-2024-27000 at NVD CVE-2024-27001 at SUSE CVE-2024-27001 at NVD CVE-2024-27002 at SUSE CVE-2024-27002 at NVD CVE-2024-27003 at SUSE CVE-2024-27003 at NVD CVE-2024-27004 at SUSE CVE-2024-27004 at NVD CVE-2024-27008 at SUSE CVE-2024-27008 at NVD CVE-2024-27012 at SUSE CVE-2024-27012 at NVD CVE-2024-27013 at SUSE CVE-2024-27013 at NVD CVE-2024-27014 at SUSE CVE-2024-27014 at NVD CVE-2024-27015 at SUSE CVE-2024-27015 at NVD CVE-2024-27016 at SUSE CVE-2024-27016 at NVD CVE-2024-27019 at SUSE CVE-2024-27019 at NVD CVE-2024-27020 at SUSE CVE-2024-27020 at NVD CVE-2024-27022 at SUSE CVE-2024-27022 at NVD CVE-2024-27025 at SUSE CVE-2024-27025 at NVD CVE-2024-27027 at SUSE CVE-2024-27027 at NVD CVE-2024-27028 at SUSE CVE-2024-27028 at NVD CVE-2024-27030 at SUSE CVE-2024-27030 at NVD CVE-2024-27031 at SUSE CVE-2024-27031 at NVD CVE-2024-27046 at SUSE CVE-2024-27046 at NVD CVE-2024-27056 at SUSE CVE-2024-27056 at NVD CVE-2024-27057 at SUSE CVE-2024-27057 at NVD CVE-2024-27062 at SUSE CVE-2024-27062 at NVD CVE-2024-27064 at SUSE CVE-2024-27064 at NVD CVE-2024-27065 at SUSE CVE-2024-27065 at NVD CVE-2024-27067 at SUSE CVE-2024-27067 at NVD CVE-2024-27080 at SUSE CVE-2024-27080 at NVD CVE-2024-27388 at SUSE CVE-2024-27388 at NVD CVE-2024-27389 at SUSE CVE-2024-27389 at NVD CVE-2024-27393 at SUSE CVE-2024-27393 at NVD CVE-2024-27395 at SUSE CVE-2024-27395 at NVD CVE-2024-27396 at SUSE CVE-2024-27396 at NVD CVE-2024-27399 at SUSE CVE-2024-27399 at NVD CVE-2024-27400 at SUSE CVE-2024-27400 at NVD CVE-2024-27401 at SUSE CVE-2024-27401 at NVD CVE-2024-27402 at SUSE CVE-2024-27402 at NVD CVE-2024-27404 at SUSE CVE-2024-27404 at NVD CVE-2024-27405 at SUSE CVE-2024-27405 at NVD CVE-2024-27408 at SUSE CVE-2024-27408 at NVD CVE-2024-27410 at SUSE CVE-2024-27410 at NVD CVE-2024-27411 at SUSE CVE-2024-27411 at NVD CVE-2024-27412 at SUSE CVE-2024-27412 at NVD CVE-2024-27413 at SUSE CVE-2024-27413 at NVD CVE-2024-27414 at SUSE CVE-2024-27414 at NVD CVE-2024-27416 at SUSE CVE-2024-27416 at NVD CVE-2024-27417 at SUSE CVE-2024-27417 at NVD CVE-2024-27418 at SUSE CVE-2024-27418 at NVD CVE-2024-27419 at SUSE CVE-2024-27419 at NVD CVE-2024-27431 at SUSE CVE-2024-27431 at NVD CVE-2024-27432 at SUSE CVE-2024-27432 at NVD CVE-2024-27434 at SUSE CVE-2024-27434 at NVD CVE-2024-27435 at SUSE CVE-2024-27435 at NVD CVE-2024-27436 at SUSE CVE-2024-27436 at NVD CVE-2024-33619 at SUSE CVE-2024-33619 at NVD CVE-2024-34777 at SUSE CVE-2024-34777 at NVD CVE-2024-35247 at SUSE CVE-2024-35247 at NVD CVE-2024-35784 at SUSE CVE-2024-35784 at NVD CVE-2024-35786 at SUSE CVE-2024-35786 at NVD CVE-2024-35788 at SUSE CVE-2024-35788 at NVD CVE-2024-35789 at SUSE CVE-2024-35789 at NVD CVE-2024-35790 at SUSE CVE-2024-35790 at NVD CVE-2024-35791 at SUSE CVE-2024-35791 at NVD CVE-2024-35794 at SUSE CVE-2024-35794 at NVD CVE-2024-35795 at SUSE CVE-2024-35795 at NVD CVE-2024-35796 at SUSE CVE-2024-35796 at NVD CVE-2024-35799 at SUSE CVE-2024-35799 at NVD CVE-2024-35800 at SUSE CVE-2024-35800 at NVD CVE-2024-35801 at SUSE CVE-2024-35801 at NVD CVE-2024-35803 at SUSE CVE-2024-35803 at NVD CVE-2024-35804 at SUSE CVE-2024-35804 at NVD CVE-2024-35805 at SUSE CVE-2024-35805 at NVD CVE-2024-35806 at SUSE CVE-2024-35806 at NVD CVE-2024-35807 at SUSE CVE-2024-35807 at NVD CVE-2024-35808 at SUSE CVE-2024-35808 at NVD CVE-2024-35809 at SUSE CVE-2024-35809 at NVD CVE-2024-35810 at SUSE CVE-2024-35810 at NVD CVE-2024-35811 at SUSE CVE-2024-35811 at NVD CVE-2024-35812 at SUSE CVE-2024-35812 at NVD CVE-2024-35813 at SUSE CVE-2024-35813 at NVD CVE-2024-35814 at SUSE CVE-2024-35814 at NVD CVE-2024-35815 at SUSE CVE-2024-35815 at NVD CVE-2024-35817 at SUSE CVE-2024-35817 at NVD CVE-2024-35819 at SUSE CVE-2024-35819 at NVD CVE-2024-35821 at SUSE CVE-2024-35821 at NVD CVE-2024-35822 at SUSE CVE-2024-35822 at NVD CVE-2024-35823 at SUSE CVE-2024-35823 at NVD CVE-2024-35824 at SUSE CVE-2024-35824 at NVD CVE-2024-35825 at SUSE CVE-2024-35825 at NVD CVE-2024-35827 at SUSE CVE-2024-35827 at NVD CVE-2024-35828 at SUSE CVE-2024-35828 at NVD CVE-2024-35829 at SUSE CVE-2024-35829 at NVD CVE-2024-35830 at SUSE CVE-2024-35830 at NVD CVE-2024-35831 at SUSE CVE-2024-35831 at NVD CVE-2024-35833 at SUSE CVE-2024-35833 at NVD CVE-2024-35834 at SUSE CVE-2024-35834 at NVD CVE-2024-35835 at SUSE CVE-2024-35835 at NVD CVE-2024-35836 at SUSE CVE-2024-35836 at NVD CVE-2024-35837 at SUSE CVE-2024-35837 at NVD CVE-2024-35838 at SUSE CVE-2024-35838 at NVD CVE-2024-35841 at SUSE CVE-2024-35841 at NVD CVE-2024-35842 at SUSE CVE-2024-35842 at NVD CVE-2024-35843 at SUSE CVE-2024-35843 at NVD CVE-2024-35845 at SUSE CVE-2024-35845 at NVD CVE-2024-35847 at SUSE CVE-2024-35847 at NVD CVE-2024-35848 at SUSE CVE-2024-35848 at NVD CVE-2024-35849 at SUSE CVE-2024-35849 at NVD CVE-2024-35850 at SUSE CVE-2024-35850 at NVD CVE-2024-35851 at SUSE CVE-2024-35851 at NVD CVE-2024-35852 at SUSE CVE-2024-35852 at NVD CVE-2024-35853 at SUSE CVE-2024-35853 at NVD CVE-2024-35854 at SUSE CVE-2024-35854 at NVD CVE-2024-35857 at SUSE CVE-2024-35857 at NVD CVE-2024-35860 at SUSE CVE-2024-35860 at NVD CVE-2024-35861 at SUSE CVE-2024-35861 at NVD CVE-2024-35862 at SUSE CVE-2024-35862 at NVD CVE-2024-35863 at SUSE CVE-2024-35863 at NVD CVE-2024-35864 at SUSE CVE-2024-35864 at NVD CVE-2024-35865 at SUSE CVE-2024-35865 at NVD CVE-2024-35866 at SUSE CVE-2024-35866 at NVD CVE-2024-35867 at SUSE CVE-2024-35867 at NVD CVE-2024-35868 at SUSE CVE-2024-35868 at NVD CVE-2024-35872 at SUSE CVE-2024-35872 at NVD CVE-2024-35875 at SUSE CVE-2024-35875 at NVD CVE-2024-35877 at SUSE CVE-2024-35877 at NVD CVE-2024-35878 at SUSE CVE-2024-35878 at NVD CVE-2024-35879 at SUSE CVE-2024-35879 at NVD CVE-2024-35880 at SUSE CVE-2024-35880 at NVD CVE-2024-35883 at SUSE CVE-2024-35883 at NVD CVE-2024-35884 at SUSE CVE-2024-35884 at NVD CVE-2024-35885 at SUSE CVE-2024-35885 at NVD CVE-2024-35886 at SUSE CVE-2024-35886 at NVD CVE-2024-35887 at SUSE CVE-2024-35887 at NVD CVE-2024-35889 at SUSE CVE-2024-35889 at NVD CVE-2024-35890 at SUSE CVE-2024-35890 at NVD CVE-2024-35891 at SUSE CVE-2024-35891 at NVD CVE-2024-35892 at SUSE CVE-2024-35892 at NVD CVE-2024-35893 at SUSE CVE-2024-35893 at NVD CVE-2024-35895 at SUSE CVE-2024-35895 at NVD CVE-2024-35896 at SUSE CVE-2024-35896 at NVD CVE-2024-35898 at SUSE CVE-2024-35898 at NVD CVE-2024-35899 at SUSE CVE-2024-35899 at NVD CVE-2024-35900 at SUSE CVE-2024-35900 at NVD CVE-2024-35901 at SUSE CVE-2024-35901 at NVD CVE-2024-35903 at SUSE CVE-2024-35903 at NVD CVE-2024-35904 at SUSE CVE-2024-35904 at NVD CVE-2024-35905 at SUSE CVE-2024-35905 at NVD CVE-2024-35907 at SUSE CVE-2024-35907 at NVD CVE-2024-35908 at SUSE CVE-2024-35908 at NVD CVE-2024-35909 at SUSE CVE-2024-35909 at NVD CVE-2024-35911 at SUSE CVE-2024-35911 at NVD CVE-2024-35912 at SUSE CVE-2024-35912 at NVD CVE-2024-35914 at SUSE CVE-2024-35914 at NVD CVE-2024-35915 at SUSE CVE-2024-35915 at NVD CVE-2024-35916 at SUSE CVE-2024-35916 at NVD CVE-2024-35917 at SUSE CVE-2024-35917 at NVD CVE-2024-35921 at SUSE CVE-2024-35921 at NVD CVE-2024-35922 at SUSE CVE-2024-35922 at NVD CVE-2024-35924 at SUSE CVE-2024-35924 at NVD CVE-2024-35925 at SUSE CVE-2024-35925 at NVD CVE-2024-35926 at SUSE CVE-2024-35926 at NVD CVE-2024-35927 at SUSE CVE-2024-35927 at NVD CVE-2024-35928 at SUSE CVE-2024-35928 at NVD CVE-2024-35930 at SUSE CVE-2024-35930 at NVD CVE-2024-35931 at SUSE CVE-2024-35931 at NVD CVE-2024-35932 at SUSE CVE-2024-35932 at NVD CVE-2024-35933 at SUSE CVE-2024-35933 at NVD CVE-2024-35934 at SUSE CVE-2024-35934 at NVD CVE-2024-35935 at SUSE CVE-2024-35935 at NVD CVE-2024-35936 at SUSE CVE-2024-35936 at NVD CVE-2024-35937 at SUSE CVE-2024-35937 at NVD CVE-2024-35938 at SUSE CVE-2024-35938 at NVD CVE-2024-35940 at SUSE CVE-2024-35940 at NVD CVE-2024-35942 at SUSE CVE-2024-35942 at NVD CVE-2024-35943 at SUSE CVE-2024-35943 at NVD CVE-2024-35944 at SUSE CVE-2024-35944 at NVD CVE-2024-35945 at SUSE CVE-2024-35945 at NVD CVE-2024-35946 at SUSE CVE-2024-35946 at NVD CVE-2024-35947 at SUSE CVE-2024-35947 at NVD CVE-2024-35950 at SUSE CVE-2024-35950 at NVD CVE-2024-35951 at SUSE CVE-2024-35951 at NVD CVE-2024-35952 at SUSE CVE-2024-35952 at NVD CVE-2024-35953 at SUSE CVE-2024-35953 at NVD CVE-2024-35954 at SUSE CVE-2024-35954 at NVD CVE-2024-35955 at SUSE CVE-2024-35955 at NVD CVE-2024-35956 at SUSE CVE-2024-35956 at NVD CVE-2024-35957 at SUSE CVE-2024-35957 at NVD CVE-2024-35958 at SUSE CVE-2024-35958 at NVD CVE-2024-35959 at SUSE CVE-2024-35959 at NVD CVE-2024-35960 at SUSE CVE-2024-35960 at NVD CVE-2024-35961 at SUSE CVE-2024-35961 at NVD CVE-2024-35962 at SUSE CVE-2024-35962 at NVD CVE-2024-35963 at SUSE CVE-2024-35963 at NVD CVE-2024-35964 at SUSE CVE-2024-35964 at NVD CVE-2024-35965 at SUSE CVE-2024-35965 at NVD CVE-2024-35966 at SUSE CVE-2024-35966 at NVD CVE-2024-35967 at SUSE CVE-2024-35967 at NVD CVE-2024-35969 at SUSE CVE-2024-35969 at NVD CVE-2024-35970 at SUSE CVE-2024-35970 at NVD CVE-2024-35971 at SUSE CVE-2024-35971 at NVD CVE-2024-35972 at SUSE CVE-2024-35972 at NVD CVE-2024-35973 at SUSE CVE-2024-35973 at NVD CVE-2024-35974 at SUSE CVE-2024-35974 at NVD CVE-2024-35975 at SUSE CVE-2024-35975 at NVD CVE-2024-35976 at SUSE CVE-2024-35976 at NVD CVE-2024-35977 at SUSE CVE-2024-35977 at NVD CVE-2024-35978 at SUSE CVE-2024-35978 at NVD CVE-2024-35979 at SUSE CVE-2024-35979 at NVD CVE-2024-35981 at SUSE CVE-2024-35981 at NVD CVE-2024-35982 at SUSE CVE-2024-35982 at NVD CVE-2024-35984 at SUSE CVE-2024-35984 at NVD CVE-2024-35986 at SUSE CVE-2024-35986 at NVD CVE-2024-35989 at SUSE CVE-2024-35989 at NVD CVE-2024-35990 at SUSE CVE-2024-35990 at NVD CVE-2024-35991 at SUSE CVE-2024-35991 at NVD CVE-2024-35992 at SUSE CVE-2024-35992 at NVD CVE-2024-35995 at SUSE CVE-2024-35995 at NVD CVE-2024-35997 at SUSE CVE-2024-35997 at NVD CVE-2024-35998 at SUSE CVE-2024-35998 at NVD CVE-2024-35999 at SUSE CVE-2024-35999 at NVD CVE-2024-36002 at SUSE CVE-2024-36002 at NVD CVE-2024-36003 at SUSE CVE-2024-36003 at NVD CVE-2024-36004 at SUSE CVE-2024-36004 at NVD CVE-2024-36005 at SUSE CVE-2024-36005 at NVD CVE-2024-36006 at SUSE CVE-2024-36006 at NVD CVE-2024-36007 at SUSE CVE-2024-36007 at NVD CVE-2024-36008 at SUSE CVE-2024-36008 at NVD CVE-2024-36009 at SUSE CVE-2024-36009 at NVD CVE-2024-36010 at SUSE CVE-2024-36010 at NVD CVE-2024-36011 at SUSE CVE-2024-36011 at NVD CVE-2024-36012 at SUSE CVE-2024-36012 at NVD CVE-2024-36013 at SUSE CVE-2024-36013 at NVD CVE-2024-36014 at SUSE CVE-2024-36014 at NVD CVE-2024-36015 at SUSE CVE-2024-36015 at NVD CVE-2024-36016 at SUSE CVE-2024-36016 at NVD CVE-2024-36017 at SUSE CVE-2024-36017 at NVD CVE-2024-36018 at SUSE CVE-2024-36018 at NVD CVE-2024-36019 at SUSE CVE-2024-36019 at NVD CVE-2024-36020 at SUSE CVE-2024-36020 at NVD CVE-2024-36021 at SUSE CVE-2024-36021 at NVD CVE-2024-36024 at SUSE CVE-2024-36024 at NVD CVE-2024-36025 at SUSE CVE-2024-36025 at NVD CVE-2024-36026 at SUSE CVE-2024-36026 at NVD CVE-2024-36029 at SUSE CVE-2024-36029 at NVD CVE-2024-36030 at SUSE CVE-2024-36030 at NVD CVE-2024-36032 at SUSE CVE-2024-36032 at NVD CVE-2024-36281 at SUSE CVE-2024-36281 at NVD CVE-2024-36477 at SUSE CVE-2024-36477 at NVD CVE-2024-36478 at SUSE CVE-2024-36478 at NVD CVE-2024-36479 at SUSE CVE-2024-36479 at NVD CVE-2024-36880 at SUSE CVE-2024-36880 at NVD CVE-2024-36882 at SUSE CVE-2024-36882 at NVD CVE-2024-36885 at SUSE CVE-2024-36885 at NVD CVE-2024-36887 at SUSE CVE-2024-36887 at NVD CVE-2024-36889 at SUSE CVE-2024-36889 at NVD CVE-2024-36890 at SUSE CVE-2024-36890 at NVD CVE-2024-36891 at SUSE CVE-2024-36891 at NVD CVE-2024-36893 at SUSE CVE-2024-36893 at NVD CVE-2024-36894 at SUSE CVE-2024-36894 at NVD CVE-2024-36895 at SUSE CVE-2024-36895 at NVD CVE-2024-36896 at SUSE CVE-2024-36896 at NVD CVE-2024-36897 at SUSE CVE-2024-36897 at NVD CVE-2024-36898 at SUSE CVE-2024-36898 at NVD CVE-2024-36899 at SUSE CVE-2024-36899 at NVD CVE-2024-36900 at SUSE CVE-2024-36900 at NVD CVE-2024-36901 at SUSE CVE-2024-36901 at NVD CVE-2024-36902 at SUSE CVE-2024-36902 at NVD CVE-2024-36903 at SUSE CVE-2024-36903 at NVD CVE-2024-36904 at SUSE CVE-2024-36904 at NVD CVE-2024-36906 at SUSE CVE-2024-36906 at NVD CVE-2024-36909 at SUSE CVE-2024-36909 at NVD CVE-2024-36910 at SUSE CVE-2024-36910 at NVD CVE-2024-36911 at SUSE CVE-2024-36911 at NVD CVE-2024-36912 at SUSE CVE-2024-36912 at NVD CVE-2024-36913 at SUSE CVE-2024-36913 at NVD CVE-2024-36914 at SUSE CVE-2024-36914 at NVD CVE-2024-36915 at SUSE CVE-2024-36915 at NVD CVE-2024-36916 at SUSE CVE-2024-36916 at NVD CVE-2024-36917 at SUSE CVE-2024-36917 at NVD CVE-2024-36918 at SUSE CVE-2024-36918 at NVD CVE-2024-36919 at SUSE CVE-2024-36919 at NVD CVE-2024-36921 at SUSE CVE-2024-36921 at NVD CVE-2024-36922 at SUSE CVE-2024-36922 at NVD CVE-2024-36923 at SUSE CVE-2024-36923 at NVD CVE-2024-36924 at SUSE CVE-2024-36924 at NVD CVE-2024-36926 at SUSE CVE-2024-36926 at NVD CVE-2024-36928 at SUSE CVE-2024-36928 at NVD CVE-2024-36930 at SUSE CVE-2024-36930 at NVD CVE-2024-36931 at SUSE CVE-2024-36931 at NVD CVE-2024-36934 at SUSE CVE-2024-36934 at NVD CVE-2024-36935 at SUSE CVE-2024-36935 at NVD CVE-2024-36936 at SUSE CVE-2024-36936 at NVD CVE-2024-36937 at SUSE CVE-2024-36937 at NVD CVE-2024-36938 at SUSE CVE-2024-36938 at NVD CVE-2024-36940 at SUSE CVE-2024-36940 at NVD CVE-2024-36942 at SUSE CVE-2024-36942 at NVD CVE-2024-36944 at SUSE CVE-2024-36944 at NVD CVE-2024-36945 at SUSE CVE-2024-36945 at NVD CVE-2024-36946 at SUSE CVE-2024-36946 at NVD CVE-2024-36947 at SUSE CVE-2024-36947 at NVD CVE-2024-36949 at SUSE CVE-2024-36949 at NVD CVE-2024-36950 at SUSE CVE-2024-36950 at NVD CVE-2024-36951 at SUSE CVE-2024-36951 at NVD CVE-2024-36952 at SUSE CVE-2024-36952 at NVD CVE-2024-36955 at SUSE CVE-2024-36955 at NVD CVE-2024-36957 at SUSE CVE-2024-36957 at NVD CVE-2024-36959 at SUSE CVE-2024-36959 at NVD CVE-2024-36960 at SUSE CVE-2024-36960 at NVD CVE-2024-36962 at SUSE CVE-2024-36962 at NVD CVE-2024-36964 at SUSE CVE-2024-36964 at NVD CVE-2024-36965 at SUSE CVE-2024-36965 at NVD CVE-2024-36967 at SUSE CVE-2024-36967 at NVD CVE-2024-36969 at SUSE CVE-2024-36969 at NVD CVE-2024-36971 at SUSE CVE-2024-36971 at NVD CVE-2024-36972 at SUSE CVE-2024-36972 at NVD CVE-2024-36973 at SUSE CVE-2024-36973 at NVD CVE-2024-36975 at SUSE CVE-2024-36975 at NVD CVE-2024-36977 at SUSE CVE-2024-36977 at NVD CVE-2024-36978 at SUSE CVE-2024-36978 at NVD CVE-2024-37021 at SUSE CVE-2024-37021 at NVD CVE-2024-37078 at SUSE CVE-2024-37078 at NVD CVE-2024-37353 at SUSE CVE-2024-37353 at NVD CVE-2024-37354 at SUSE CVE-2024-37354 at NVD CVE-2024-38381 at SUSE CVE-2024-38381 at NVD CVE-2024-38384 at SUSE CVE-2024-38384 at NVD CVE-2024-38385 at SUSE CVE-2024-38385 at NVD CVE-2024-38388 at SUSE CVE-2024-38388 at NVD CVE-2024-38390 at SUSE CVE-2024-38390 at NVD CVE-2024-38391 at SUSE CVE-2024-38391 at NVD CVE-2024-38539 at SUSE CVE-2024-38539 at NVD CVE-2024-38540 at SUSE CVE-2024-38540 at NVD CVE-2024-38541 at SUSE CVE-2024-38541 at NVD CVE-2024-38543 at SUSE CVE-2024-38543 at NVD CVE-2024-38544 at SUSE CVE-2024-38544 at NVD CVE-2024-38546 at SUSE CVE-2024-38546 at NVD CVE-2024-38547 at SUSE CVE-2024-38547 at NVD CVE-2024-38548 at SUSE CVE-2024-38548 at NVD CVE-2024-38549 at SUSE CVE-2024-38549 at NVD CVE-2024-38550 at SUSE CVE-2024-38550 at NVD CVE-2024-38551 at SUSE CVE-2024-38551 at NVD CVE-2024-38552 at SUSE CVE-2024-38552 at NVD CVE-2024-38553 at SUSE CVE-2024-38553 at NVD CVE-2024-38554 at SUSE CVE-2024-38554 at NVD CVE-2024-38555 at SUSE CVE-2024-38555 at NVD CVE-2024-38556 at SUSE CVE-2024-38556 at NVD CVE-2024-38557 at SUSE CVE-2024-38557 at NVD CVE-2024-38558 at SUSE CVE-2024-38558 at NVD CVE-2024-38562 at SUSE CVE-2024-38562 at NVD CVE-2024-38564 at SUSE CVE-2024-38564 at NVD CVE-2024-38565 at SUSE CVE-2024-38565 at NVD CVE-2024-38566 at SUSE CVE-2024-38566 at NVD CVE-2024-38567 at SUSE CVE-2024-38567 at NVD CVE-2024-38568 at SUSE CVE-2024-38568 at NVD CVE-2024-38569 at SUSE CVE-2024-38569 at NVD CVE-2024-38570 at SUSE CVE-2024-38570 at NVD CVE-2024-38571 at SUSE CVE-2024-38571 at NVD CVE-2024-38572 at SUSE CVE-2024-38572 at NVD CVE-2024-38573 at SUSE CVE-2024-38573 at NVD CVE-2024-38575 at SUSE CVE-2024-38575 at NVD CVE-2024-38578 at SUSE CVE-2024-38578 at NVD CVE-2024-38579 at SUSE CVE-2024-38579 at NVD CVE-2024-38580 at SUSE CVE-2024-38580 at NVD CVE-2024-38581 at SUSE CVE-2024-38581 at NVD CVE-2024-38582 at SUSE CVE-2024-38582 at NVD CVE-2024-38583 at SUSE CVE-2024-38583 at NVD CVE-2024-38586 at SUSE CVE-2024-38586 at NVD CVE-2024-38587 at SUSE CVE-2024-38587 at NVD CVE-2024-38588 at SUSE CVE-2024-38588 at NVD CVE-2024-38590 at SUSE CVE-2024-38590 at NVD CVE-2024-38591 at SUSE CVE-2024-38591 at NVD CVE-2024-38592 at SUSE CVE-2024-38592 at NVD CVE-2024-38594 at SUSE CVE-2024-38594 at NVD CVE-2024-38595 at SUSE CVE-2024-38595 at NVD CVE-2024-38597 at SUSE CVE-2024-38597 at NVD CVE-2024-38598 at SUSE CVE-2024-38598 at NVD CVE-2024-38599 at SUSE CVE-2024-38599 at NVD CVE-2024-38600 at SUSE CVE-2024-38600 at NVD CVE-2024-38601 at SUSE CVE-2024-38601 at NVD CVE-2024-38602 at SUSE CVE-2024-38602 at NVD CVE-2024-38603 at SUSE CVE-2024-38603 at NVD CVE-2024-38604 at SUSE CVE-2024-38604 at NVD CVE-2024-38605 at SUSE CVE-2024-38605 at NVD CVE-2024-38608 at SUSE CVE-2024-38608 at NVD CVE-2024-38610 at SUSE CVE-2024-38610 at NVD CVE-2024-38611 at SUSE CVE-2024-38611 at NVD CVE-2024-38615 at SUSE CVE-2024-38615 at NVD CVE-2024-38616 at SUSE CVE-2024-38616 at NVD CVE-2024-38617 at SUSE CVE-2024-38617 at NVD CVE-2024-38618 at SUSE CVE-2024-38618 at NVD CVE-2024-38619 at SUSE CVE-2024-38619 at NVD CVE-2024-38621 at SUSE CVE-2024-38621 at NVD CVE-2024-38622 at SUSE CVE-2024-38622 at NVD CVE-2024-38627 at SUSE CVE-2024-38627 at NVD CVE-2024-38628 at SUSE CVE-2024-38628 at NVD CVE-2024-38629 at SUSE CVE-2024-38629 at NVD CVE-2024-38630 at SUSE CVE-2024-38630 at NVD CVE-2024-38633 at SUSE CVE-2024-38633 at NVD CVE-2024-38634 at SUSE CVE-2024-38634 at NVD CVE-2024-38635 at SUSE CVE-2024-38635 at NVD CVE-2024-38636 at SUSE CVE-2024-38636 at NVD CVE-2024-38659 at SUSE CVE-2024-38659 at NVD CVE-2024-38661 at SUSE CVE-2024-38661 at NVD CVE-2024-38663 at SUSE CVE-2024-38663 at NVD CVE-2024-38664 at SUSE CVE-2024-38664 at NVD CVE-2024-38780 at SUSE CVE-2024-38780 at NVD CVE-2024-39276 at SUSE CVE-2024-39276 at NVD CVE-2024-39277 at SUSE CVE-2024-39277 at NVD CVE-2024-39291 at SUSE CVE-2024-39291 at NVD CVE-2024-39296 at SUSE CVE-2024-39296 at NVD CVE-2024-39301 at SUSE CVE-2024-39301 at NVD CVE-2024-39362 at SUSE CVE-2024-39362 at NVD CVE-2024-39371 at SUSE CVE-2024-39371 at NVD CVE-2024-39463 at SUSE CVE-2024-39463 at NVD CVE-2024-39466 at SUSE CVE-2024-39466 at NVD CVE-2024-39468 at SUSE CVE-2024-39468 at NVD CVE-2024-39469 at SUSE CVE-2024-39469 at NVD CVE-2024-39471 at SUSE CVE-2024-39471 at NVD CVE-2024-39472 at SUSE CVE-2024-39472 at NVD CVE-2024-39473 at SUSE CVE-2024-39473 at NVD CVE-2024-39474 at SUSE CVE-2024-39474 at NVD CVE-2024-39475 at SUSE CVE-2024-39475 at NVD CVE-2024-39479 at SUSE CVE-2024-39479 at NVD CVE-2024-39481 at SUSE CVE-2024-39481 at NVD CVE-2024-39482 at SUSE CVE-2024-39482 at NVD CVE-2024-39487 at SUSE CVE-2024-39487 at NVD CVE-2024-39490 at SUSE CVE-2024-39490 at NVD CVE-2024-39494 at SUSE CVE-2024-39494 at NVD CVE-2024-39496 at SUSE CVE-2024-39496 at NVD CVE-2024-39498 at SUSE CVE-2024-39498 at NVD CVE-2024-39502 at SUSE CVE-2024-39502 at NVD CVE-2024-39504 at SUSE CVE-2024-39504 at NVD CVE-2024-39507 at SUSE CVE-2024-39507 at NVD CVE-2024-40901 at SUSE CVE-2024-40901 at NVD CVE-2024-40906 at SUSE CVE-2024-40906 at NVD CVE-2024-40908 at SUSE CVE-2024-40908 at NVD CVE-2024-40919 at SUSE CVE-2024-40919 at NVD CVE-2024-40923 at SUSE CVE-2024-40923 at NVD CVE-2024-40925 at SUSE CVE-2024-40925 at NVD CVE-2024-40928 at SUSE CVE-2024-40928 at NVD CVE-2024-40931 at SUSE CVE-2024-40931 at NVD CVE-2024-40935 at SUSE CVE-2024-40935 at NVD CVE-2024-40937 at SUSE CVE-2024-40937 at NVD CVE-2024-40940 at SUSE CVE-2024-40940 at NVD CVE-2024-40947 at SUSE CVE-2024-40947 at NVD CVE-2024-40948 at SUSE CVE-2024-40948 at NVD CVE-2024-40953 at SUSE CVE-2024-40953 at NVD CVE-2024-40960 at SUSE CVE-2024-40960 at NVD CVE-2024-40961 at SUSE CVE-2024-40961 at NVD CVE-2024-40966 at SUSE CVE-2024-40966 at NVD CVE-2024-40970 at SUSE CVE-2024-40970 at NVD CVE-2024-40972 at SUSE CVE-2024-40972 at NVD CVE-2024-40975 at SUSE CVE-2024-40975 at NVD CVE-2024-40979 at SUSE CVE-2024-40979 at NVD CVE-2024-40998 at SUSE CVE-2024-40998 at NVD CVE-2024-40999 at SUSE CVE-2024-40999 at NVD CVE-2024-41006 at SUSE CVE-2024-41006 at NVD CVE-2024-41011 at SUSE CVE-2024-41011 at NVD CVE-2024-41013 at SUSE CVE-2024-41013 at NVD CVE-2024-41014 at SUSE CVE-2024-41014 at NVD CVE-2024-41017 at SUSE CVE-2024-41017 at NVD CVE-2024-41090 at SUSE CVE-2024-41090 at NVD CVE-2024-41091 at SUSE CVE-2024-41091 at NVD cpe:/o:opensuse:leap:15.6 Security update for python310 (Important) openSUSE Leap 15.6 This update for python310 fixes the following issues: Security issue fixed: - CVE-2024-6923: Fixed email header injection due to unquoted newlines (bsc#1228780) Non-security issues fixed: - Improve python reproducible builds (bsc#1227999) - Make pip and modern tools install directly in /usr/local when used by the user (bsc#1225660) - Fixed executable bits for /usr/bin/idle* (bsc#1227378). Important SUSE bug 1225660 SUSE bug 1227378 SUSE bug 1227999 SUSE bug 1228780 CVE-2024-6923 at SUSE CVE-2024-6923 at NVD cpe:/o:opensuse:leap:15.6 Security update for qemu (Important) openSUSE Leap 15.6 This update for qemu fixes the following issues: - CVE-2024-4467: Fixed denial of service and file read/write via qemu-img info command (bsc#1227322) - CVE-2024-7409: Fixed denial of service via improper synchronization in QEMU NBD Server during socket closure (bsc#1229007) * nbd/server: Close stray clients at server-stop * nbd/server: Drop non-negotiating clients * nbd/server: Cap default max-connections to 100 * nbd/server: Plumb in new args to nbd_client_add() * nbd: Minor style and typo fixes - Update qemu to version 8.2.6 Important SUSE bug 1227322 SUSE bug 1229007 CVE-2024-4467 at SUSE CVE-2024-4467 at NVD CVE-2024-7409 at SUSE CVE-2024-7409 at NVD cpe:/o:opensuse:leap:15.6 Security update for libqt5-qt3d (Important) openSUSE Leap 15.6 This update for libqt5-qt3d fixes the following issues: - CVE-2024-40724: Fixed a heap-based buffer overflow in the PLY importer class (bsc#1228204) - Checked for a nullptr returned from the shader manager - Fill image with transparency by default to avoid having junk if it's not filled properly before the first paint call - Fixed QTextureAtlas parenting that could lead to crashes due to being used after free'd Important SUSE bug 1228204 CVE-2024-40724 at SUSE CVE-2024-40724 at NVD cpe:/o:opensuse:leap:15.6 Security update for libqt5-qtquick3d (Important) openSUSE Leap 15.6 This update for libqt5-qtquick3d fixes the following issues: - CVE-2024-40724: Fixed a heap-based buffer overflow in the PLY importer class (bsc#1228199) - Fixed progressive anti-aliasing, which doesn't work if any object in the scene used a PrincipledMaterial - Fixed a crash when a custom material/effect shader variable changes - Skipped processing unknown uniforms, as those that are vendor specific Important SUSE bug 1228199 CVE-2024-40724 at SUSE CVE-2024-40724 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaFirefox (Important) openSUSE Leap 15.6 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 128.1.0 ESR (MFSA 2024-35, bsc#1228648) - CVE-2024-7518: Fullscreen notification dialog can be obscured by document - CVE-2024-7519: Out of bounds memory access in graphics shared memory handling - CVE-2024-7520: Type confusion in WebAssembly - CVE-2024-7521: Incomplete WebAssembly exception handing - CVE-2024-7522: Out of bounds read in editor component - CVE-2024-7524: CSP strict-dynamic bypass using web-compatibility shims - CVE-2024-7525: Missing permission check when creating a StreamFilter - CVE-2024-7526: Uninitialized memory used by WebGL - CVE-2024-7527: Use-after-free in JavaScript garbage collection - CVE-2024-7528: Use-after-free in IndexedDB - CVE-2024-7529: Document content could partially obscure security prompts - CVE-2024-7531: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Important SUSE bug 1226316 SUSE bug 1228648 CVE-2024-6600 at SUSE CVE-2024-6600 at NVD CVE-2024-6601 at SUSE CVE-2024-6601 at NVD CVE-2024-6602 at SUSE CVE-2024-6602 at NVD CVE-2024-6603 at SUSE CVE-2024-6603 at NVD CVE-2024-6604 at SUSE CVE-2024-6604 at NVD CVE-2024-6605 at SUSE CVE-2024-6605 at NVD CVE-2024-6606 at SUSE CVE-2024-6606 at NVD CVE-2024-6607 at SUSE CVE-2024-6607 at NVD CVE-2024-6608 at SUSE CVE-2024-6608 at NVD CVE-2024-6609 at SUSE CVE-2024-6609 at NVD CVE-2024-6610 at SUSE CVE-2024-6610 at NVD CVE-2024-6611 at SUSE CVE-2024-6611 at NVD CVE-2024-6612 at SUSE CVE-2024-6612 at NVD CVE-2024-6613 at SUSE CVE-2024-6613 at NVD CVE-2024-6614 at SUSE CVE-2024-6614 at NVD CVE-2024-6615 at SUSE CVE-2024-6615 at NVD CVE-2024-7518 at SUSE CVE-2024-7518 at NVD CVE-2024-7519 at SUSE CVE-2024-7519 at NVD CVE-2024-7520 at SUSE CVE-2024-7520 at NVD CVE-2024-7521 at SUSE CVE-2024-7521 at NVD CVE-2024-7522 at SUSE CVE-2024-7522 at NVD CVE-2024-7524 at SUSE CVE-2024-7524 at NVD CVE-2024-7525 at SUSE CVE-2024-7525 at NVD CVE-2024-7526 at SUSE CVE-2024-7526 at NVD CVE-2024-7527 at SUSE CVE-2024-7527 at NVD CVE-2024-7528 at SUSE CVE-2024-7528 at NVD CVE-2024-7529 at SUSE CVE-2024-7529 at NVD CVE-2024-7531 at SUSE CVE-2024-7531 at NVD cpe:/o:opensuse:leap:15.6 Security update for python3-setuptools (Important) openSUSE Leap 15.6 This update for python3-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) Important SUSE bug 1228105 CVE-2024-6345 at SUSE CVE-2024-6345 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-setuptools (Important) openSUSE Leap 15.6 This update for python-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) Important SUSE bug 1228105 CVE-2024-6345 at SUSE CVE-2024-6345 at NVD cpe:/o:opensuse:leap:15.6 Security update for python39 (Important) openSUSE Leap 15.6 This update for python39 fixes the following issues: Security issues fixed: - CVE-2024-6923: Fixed email header injection due to unquoted newlines (bsc#1228780) - CVE-2024-5642: Removed support for anything but OpenSSL 1.1.1 or newer (bsc#1227233) Non-security issues fixed: - Fixed executable bits for /usr/bin/idle* (bsc#1227378). - Improve python reproducible builds (bsc#1227999) Important SUSE bug 1227233 SUSE bug 1227378 SUSE bug 1227999 SUSE bug 1228780 CVE-2024-5642 at SUSE CVE-2024-5642 at NVD CVE-2024-6923 at SUSE CVE-2024-6923 at NVD cpe:/o:opensuse:leap:15.6 Security update for kubernetes1.26 (Important) openSUSE Leap 15.6 This update for kubernetes1.26 fixes the following issues: Update kubernetes to version 1.26.15: - CVE-2024-24786: Fixed infinite loop in protojson.Unmarshal in golang-protobuf (bsc#1229867) - CVE-2023-39325: Fixed a flaw that can lead to a DoS due to a rapid stream resets causing excessive work. This is also known as CVE-2023-44487. (bsc#1229869) - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack in net/http (bsc#1229869) Other fixes: - Fixed packages required by kubernetes1.26-client installation (bsc#1229008) - Update go to version v1.22.5 (bsc#1229858) - Add upstream patch for reproducible builds (bsc#1062303) Important SUSE bug 1062303 SUSE bug 1229008 SUSE bug 1229858 SUSE bug 1229867 SUSE bug 1229869 CVE-2023-39325 at SUSE CVE-2023-39325 at NVD CVE-2023-44487 at SUSE CVE-2023-44487 at NVD CVE-2024-24786 at SUSE CVE-2024-24786 at NVD cpe:/o:opensuse:leap:15.6 Security update for ucode-intel (Important) openSUSE Leap 15.6 This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20240813 release (bsc#1229129) - CVE-2024-24853: Security updates for [INTEL-SA-01083](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html) - CVE-2024-25939: Security updates for [INTEL-SA-01118](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01118.html) - CVE-2024-24980: Security updates for [INTEL-SA-01100](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01100.html) - CVE-2023-42667: Security updates for [INTEL-SA-01038](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01038.html) - CVE-2023-49141: Security updates for [INTEL-SA-01046](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01046.html) Other issues fixed: - Update for functional issues. Refer to [Intel Core Ultra Processor](https://cdrdv2.intel.com/v1/dl/getContent/792254) for details. - Update for functional issues. Refer to [3rd Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780) for details. - Update for functional issues. Refer to [3rd Generation Intel Xeon Scalable Processors Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/634897) for details. - Update for functional issues. Refer to [2nd Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details - Update for functional issues. Refer to [Intel Xeon D-2700 Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/714071) for details. - Update for functional issues. Refer to [Intel Xeon E-2300 Processor Specification Update ](https://cdrdv2.intel.com/v1/dl/getContent/709192) for details. - Update for functional issues. Refer to [13th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/740518) for details. - Update for functional issues. Refer to [12th Generation Intel Core Processor Family](https://cdrdv2.intel.com/v1/dl/getContent/682436) for details. - Update for functional issues. Refer to [11th Gen Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/631123) for details. - Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/341079) for details. - Update for functional issues. Refer to [10th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/615213) for details. - Update for functional issues. Refer to [8th and 9th Generation Intel Core Processor Family Spec Update](https://cdrdv2.intel.com/v1/dl/getContent/337346) for details. - Update for functional issues. Refer to [8th Generation Intel Core Processor Families Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338025) for details. - Update for functional issues. Refer to [7th and 8th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/334663) for details. - Update for functional issues. Refer to [Intel Processors and Intel Core i3 N-Series](https://cdrdv2.intel.com/v1/dl/getContent/764616) for details. - Update for functional issues. Refer to [Intel Atom x6000E Series, and Intel Pentium and Celeron N and J Series Processors for Internet of Things (IoT) Applications](https://cdrdv2.intel.com/v1/dl/getContent/636674) for details. Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | AML-Y22 | H0 | 06-8e-09/10 | 000000f4 | 000000f6 | Core Gen8 Mobile | AML-Y42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile | CFL-H | R0 | 06-9e-0d/22 | 000000fc | 00000100 | Core Gen9 Mobile | CFL-H/S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9 | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f6 | 000000f8 | Core Gen8 Desktop, Mobile, Xeon E | CFL-S | B0 | 06-9e-0b/02 | 000000f4 | 000000f6 | Core Gen8 | CFL-S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9 Desktop | CFL-U43e | D0 | 06-8e-0a/c0 | 000000f4 | 000000f6 | Core Gen8 Mobile | CLX-SP | B1 | 06-55-07/bf | 05003605 | 05003707 | Xeon Scalable Gen2 | CML-H | R1 | 06-a5-02/20 | 000000fa | 000000fc | Core Gen10 Mobile | CML-S102 | Q0 | 06-a5-05/22 | 000000fa | 000000fc | Core Gen10 | CML-S62 | G1 | 06-a5-03/22 | 000000fa | 000000fc | Core Gen10 | CML-U42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile | CML-U62 V1 | A0 | 06-a6-00/80 | 000000fa | 000000fe | Core Gen10 Mobile | CML-U62 V2 | K1 | 06-a6-01/80 | 000000fa | 000000fc | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile | CPX-SP | A1 | 06-55-0b/bf | 07002802 | 07002904 | Xeon Scalable Gen3 | EHL | B1 | 06-96-01/01 | 00000019 | 0000001a | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E | ICL-D | B0 | 06-6c-01/10 | 01000290 | 010002b0 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000c4 | 000000c6 | Core Gen10 Mobile | ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003d1 | 0d0003e7 | Xeon Scalable Gen3 | KBL-R U | Y0 | 06-8e-0a/c0 | 000000f4 | 000000f6 | Core Gen8 Mobile | KBL-U23e | J1 | 06-8e-09/c0 | 000000f4 | 000000f6 | Core Gen7 Mobile | KBL-U/Y | H0 | 06-8e-09/c0 | 000000f4 | 000000f6 | Core Gen7 Mobile | MTL | C-0 | 06-aa-04/e6 | 0000001c | 0000001e | Core Ultra Processor | RKL-S | B0 | 06-a7-01/02 | 0000005e | 00000062 | Core Gen11 | TGL | B0/B1 | 06-8c-01/80 | 000000b6 | 000000b8 | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 00000050 | 00000052 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000036 | 00000038 | Core Gen11 Mobile | WHL-U | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen8 Mobile | WHL-U | W0 | 06-8e-0b/d0 | 000000f4 | 000000f6 | Core Gen8 Mobile - update to 20240531: * Update for functional issues. Refer to Intel Pentium Silver and Intel Celeron Processor Specification Update - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | GLK | B0 | 06-7a-01/01 | 00000040 | 00000042 | Pentium Silver N/J5xxx, Celeron N/J4xxx Important SUSE bug 1229129 CVE-2023-42667 at SUSE CVE-2023-42667 at NVD CVE-2023-49141 at SUSE CVE-2023-49141 at NVD CVE-2024-24853 at SUSE CVE-2024-24853 at NVD CVE-2024-24980 at SUSE CVE-2024-24980 at NVD CVE-2024-25939 at SUSE CVE-2024-25939 at NVD cpe:/o:opensuse:leap:15.6 Security update for kubernetes1.28 (Important) openSUSE Leap 15.6 This update for kubernetes1.28 fixes the following issues: Update kubernetes to version 1.28.13: - CVE-2024-24786: Fixed infinite loop in protojson.Unmarshal in golang-protobuf (bsc#1229867) - CVE-2023-39325: Fixed a flaw that can lead to a DoS due to a rapid stream resets causing excessive work. This is also known as CVE-2023-44487. (bsc#1229869) - CVE-2023-45288: Fixed denial of service due to close connections when receiving too many headers in net/http and x/net/http2 (bsc#1229869) - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack in net/http (bsc#1229869) Other fixes: - Update go to version v1.22.5 (bsc#1229858) Important SUSE bug 1229858 SUSE bug 1229867 SUSE bug 1229869 CVE-2023-39325 at SUSE CVE-2023-39325 at NVD CVE-2023-44487 at SUSE CVE-2023-44487 at NVD CVE-2023-45288 at SUSE CVE-2023-45288 at NVD CVE-2024-24786 at SUSE CVE-2024-24786 at NVD cpe:/o:opensuse:leap:15.6 Security update for kubernetes1.27 (Important) openSUSE Leap 15.6 This update for kubernetes1.27 fixes the following issues: Update kubernetes to version 1.27.16 - CVE-2024-24786: Fixed infinite loop in protojson.Unmarshal in golang-protobuf (bsc#1229867) - CVE-2023-39325: Fixed a flaw that can lead to a DoS due to a rapid stream resets causing excessive work. This is also known as CVE-2023-44487. (bsc#1229869) - CVE-2023-45288: Fixed denial of service due to close connections when receiving too many headers in net/http and x/net/http2 (bsc#1229869) - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack in net/http (bsc#1229869) Other fixes: - Update go to version v1.22.5 (bsc#1229858) Important SUSE bug 1229858 SUSE bug 1229867 SUSE bug 1229869 CVE-2023-39325 at SUSE CVE-2023-39325 at NVD CVE-2023-44487 at SUSE CVE-2023-44487 at NVD CVE-2023-45288 at SUSE CVE-2023-45288 at NVD CVE-2024-24786 at SUSE CVE-2024-24786 at NVD cpe:/o:opensuse:leap:15.6 Security update for bubblewrap and flatpak (Important) openSUSE Leap 15.6 This update for bubblewrap and flatpak fixes the following issues: - CVE-2024-42472: Fixed access to files outside sandbox for apps using persistent (bsc#1229157) Important SUSE bug 1229157 CVE-2024-42472 at SUSE CVE-2024-42472 at NVD cpe:/o:opensuse:leap:15.6 Security update for openssl-3 (Moderate) openSUSE Leap 15.6 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753). Moderate SUSE bug 1220523 SUSE bug 1220690 SUSE bug 1220693 SUSE bug 1220696 SUSE bug 1221365 SUSE bug 1221751 SUSE bug 1221752 SUSE bug 1221753 SUSE bug 1221760 SUSE bug 1221786 SUSE bug 1221787 SUSE bug 1221821 SUSE bug 1221822 SUSE bug 1221824 SUSE bug 1221827 SUSE bug 1229465 CVE-2024-6119 at SUSE CVE-2024-6119 at NVD cpe:/o:opensuse:leap:15.6 Security update for frr (Important) openSUSE Leap 15.6 This update for frr fixes the following issues: - CVE-2024-44070: Fixed missing stream length check before TLV value is taken in bgp_attr_encap (bsc#1229438) Important SUSE bug 1229438 CVE-2024-44070 at SUSE CVE-2024-44070 at NVD cpe:/o:opensuse:leap:15.6 Security update for webkit2gtk3 (Important) openSUSE Leap 15.6 This update for webkit2gtk3 fixes the following issues: Update to version 2.44.3 (bsc#1228696 bsc#1228697 bsc#1228698): - Fix web process cache suspend/resume when sandbox is enabled. - Fix accelerated images dissapearing after scrolling. - Fix video flickering with DMA-BUF sink. - Fix pointer lock on X11. - Fix movement delta on mouse events in GTK3. - Undeprecate console message API and make it available in 2022 API. - Fix several crashes and rendering issues. - Security fixes: CVE-2024-40776, CVE-2024-40779, CVE-2024-40780, CVE-2024-40782, CVE-2024-40785, CVE-2024-40789, CVE-2024-40794, CVE-2024-4558. Important SUSE bug 1228696 SUSE bug 1228697 SUSE bug 1228698 CVE-2024-40776 at SUSE CVE-2024-40776 at NVD CVE-2024-40779 at SUSE CVE-2024-40779 at NVD CVE-2024-40780 at SUSE CVE-2024-40780 at NVD CVE-2024-40782 at SUSE CVE-2024-40782 at NVD CVE-2024-40785 at SUSE CVE-2024-40785 at NVD CVE-2024-40789 at SUSE CVE-2024-40789 at NVD CVE-2024-40794 at SUSE CVE-2024-40794 at NVD CVE-2024-4558 at SUSE CVE-2024-4558 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-aiohttp (Moderate) openSUSE Leap 15.6 This update for python-aiohttp fixes the following issues: - CVE-2024-42367: Fixed path traversal outside the root directory when requests involve compressed files as symbolic links (bsc#1229226) Moderate SUSE bug 1229226 CVE-2024-42367 at SUSE CVE-2024-42367 at NVD cpe:/o:opensuse:leap:15.6 Security update for unbound (Low) openSUSE Leap 15.6 This update for unbound fixes the following issues: - CVE-2024-43167: Fix null pointer dereference issue in function ub_ctx_set_fwd (bsc#1229068) Low SUSE bug 1229068 CVE-2024-43167 at SUSE CVE-2024-43167 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaThunderbird (Important) openSUSE Leap 15.6 This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 115.14 * fixed: When using an external installation of GnuPG, Thunderbird occassionally sent/received corrupted messages * fixed: Users of external GnuPG were unable to decrypt incorrectly encoded messages (bmo#1906903) * fixed: Flatpak install of 128.0esr was incorrectly downgraded to 115.13.0esr (bmo#1908299) * fixed: Security fixes MFSA 2024-38 (bsc#1228648) * CVE-2024-7519: Out of bounds memory access in graphics shared memory handling * CVE-2024-7521: Incomplete WebAssembly exception handing * CVE-2024-7522: Out of bounds read in editor component * CVE-2024-7525: Missing permission check when creating a StreamFilter * CVE-2024-7526: Uninitialized memory used by WebGL * CVE-2024-7527: Use-after-free in JavaScript garbage collection * CVE-2024-7529: Document content could partially obscure security prompts Important SUSE bug 1228648 CVE-2024-7519 at SUSE CVE-2024-7519 at NVD CVE-2024-7521 at SUSE CVE-2024-7521 at NVD CVE-2024-7522 at SUSE CVE-2024-7522 at NVD CVE-2024-7525 at SUSE CVE-2024-7525 at NVD CVE-2024-7526 at SUSE CVE-2024-7526 at NVD CVE-2024-7527 at SUSE CVE-2024-7527 at NVD CVE-2024-7529 at SUSE CVE-2024-7529 at NVD cpe:/o:opensuse:leap:15.6 Security update for xen (Important) openSUSE Leap 15.6 This update for xen fixes the following issues: - CVE-2024-31145: Fixed error handling in x86 IOMMU identity mapping (XSA-460, bsc#1228574) - CVE-2024-31146: Fixed PCI device pass-through with shared resources (XSA-461, bsc#1228575) Other fixes: - Update to Xen 4.18.3 security bug fix release (bsc#1027519) Important SUSE bug 1027519 SUSE bug 1228574 SUSE bug 1228575 CVE-2024-31145 at SUSE CVE-2024-31145 at NVD CVE-2024-31146 at SUSE CVE-2024-31146 at NVD cpe:/o:opensuse:leap:15.6 Security update for ffmpeg (Moderate) openSUSE Leap 15.6 This update for ffmpeg fixes the following issues: - CVE-2020-22027: Fixed heap-based Buffer Overflow vulnerability exits in deflate16 at libavfilter/vf_neighbor.c (bsc#1186607) - CVE-2021-38291: Fixed an assertion failure at src/libavutil/mathematics.c (bsc#1189428) - CVE-2023-51798: Fixed floating point exception(FPE) via the interpolate function (bsc#1223304) Moderate SUSE bug 1186607 SUSE bug 1189428 SUSE bug 1223304 CVE-2020-22027 at SUSE CVE-2020-22027 at NVD CVE-2021-38291 at SUSE CVE-2021-38291 at NVD CVE-2023-51798 at SUSE CVE-2023-51798 at NVD cpe:/o:opensuse:leap:15.6 Security update for tiff (Moderate) openSUSE Leap 15.6 This update for tiff fixes the following issues: - CVE-2024-7006: Fixed null pointer dereference in tif_dirinfo.c (bsc#1228924) Moderate SUSE bug 1228924 CVE-2024-7006 at SUSE CVE-2024-7006 at NVD cpe:/o:opensuse:leap:15.6 Security update for dovecot23 (Important) openSUSE Leap 15.6 This update for dovecot23 fixes the following issues: - CVE-2024-23185: Fixed a denial of service with large headers (bsc#1229183) - CVE-2024-23184: Fixed a denial of service parsing messages containing many address headers (bsc#1229184) Important SUSE bug 1229183 SUSE bug 1229184 CVE-2024-23184 at SUSE CVE-2024-23184 at NVD CVE-2024-23185 at SUSE CVE-2024-23185 at NVD cpe:/o:opensuse:leap:15.6 Security update for openssl-1_0_0 (Moderate) openSUSE Leap 15.6 This update for openssl-1_0_0 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138, bsc#1227227) Moderate SUSE bug 1227138 SUSE bug 1227227 CVE-2024-5535 at SUSE CVE-2024-5535 at NVD cpe:/o:opensuse:leap:15.6 Security update for buildah, docker (Critical) openSUSE Leap 15.6 This update for buildah, docker fixes the following issues: Changes in docker: - CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267) - CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268) - CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438) - CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324) Other fixes: - Update to Docker 25.0.6-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/25.0/#2506> - Update to Docker 25.0.5-ce (bsc#1223409) - Fix BuildKit's symlink resolution logic to correctly handle non-lexical symlinks. (bsc#1221916) - Write volume options atomically so sudden system crashes won't result in future Docker starts failing due to empty files. (bsc#1214855) Changes in buildah: - Update to version 1.35.4: * [release-1.35] Bump to Buildah v1.35.4 * [release-1.35] CVE-2024-3727 updates (bsc#1224117) * integration test: handle new labels in 'bud and test --unsetlabel' * [release-1.35] Bump go-jose CVE-2024-28180 * [release-1.35] Bump ocicrypt and go-jose CVE-2024-28180 - Update to version 1.35.3: * [release-1.35] Bump to Buildah v1.35.3 * [release-1.35] correctly configure /etc/hosts and resolv.conf * [release-1.35] buildah: refactor resolv/hosts setup. * [release-1.35] rename the hostFile var to reflect * [release-1.35] Bump c/common to v0.58.1 * [release-1.35] Bump Buildah to v1.35.2 * [release-1.35] CVE-2024-24786 protobuf to 1.33 * [release-1.35] Bump to v1.35.2-dev - Update to version 1.35.1: * [release-1.35] Bump to v1.35.1 * [release-1.35] CVE-2024-1753 container escape fix (bsc#1221677) - Buildah dropped cni support, require netavark instead (bsc#1221243) - Remove obsolete requires libcontainers-image & libcontainers-storage - Require passt for rootless networking (poo#156955) Buildah moved to passt/pasta for rootless networking from slirp4netns (https://github.com/containers/common/pull/1846) - Update to version 1.35.0: * Bump v1.35.0 * Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0 * conformance tests: don't break on trailing zeroes in layer blobs * Add a conformance test for copying to a mounted prior stage * fix(deps): update module github.com/stretchr/testify to v1.9.0 * cgroups: reuse version check from c/common * Update vendor of containers/(common,image) * fix(deps): update github.com/containers/storage digest to eadc620 * fix(deps): update github.com/containers/luksy digest to ceb12d4 * fix(deps): update github.com/containers/image/v5 digest to cdc6802 * manifest add: complain if we get artifact flags without --artifact * Use retry logic from containers/common * Vendor in containers/(storage,image,common) * Update module golang.org/x/crypto to v0.20.0 * Add comment re: Total Success task name * tests: skip_if_no_unshare(): check for --setuid * Properly handle build --pull=false * [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1 * Update module go.etcd.io/bbolt to v1.3.9 * Revert 'Reduce official image size' * Update module github.com/opencontainers/image-spec to v1.1.0 * Reduce official image size * Build with CNI support on FreeBSD * build --all-platforms: skip some base 'image' platforms * Bump main to v1.35.0-dev * Vendor in latest containers/(storage,image,common) * Split up error messages for missing --sbom related flags * `buildah manifest`: add artifact-related options * cmd/buildah/manifest.go: lock lists before adding/annotating/pushing * cmd/buildah/manifest.go: don't make struct declarations aliases * Use golang.org/x/exp/slices.Contains * Disable loong64 again * Fix a couple of typos in one-line comments * egrep is obsolescent; use grep -E * Try Cirrus with a newer VM version * Set CONTAINERS_CONF in the chroot-mount-flags integration test * Update to match dependency API update * Update github.com/openshift/imagebuilder and containers/common * docs: correct default authfile path * fix(deps): update module github.com/containerd/containerd to v1.7.13 * tests: retrofit test for heredoc summary * build, heredoc: show heredoc summary in build output * manifest, push: add support for --retry and --retry-delay * fix(deps): update github.com/openshift/imagebuilder digest to b767bc3 * imagebuildah: fix crash with empty RUN * fix(deps): update github.com/containers/luksy digest to b62d551 * fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security] * fix(deps): update module github.com/moby/buildkit to v0.12.5 [security] * Make buildah match podman for handling of ulimits * docs: move footnotes to where they're applicable * Allow users to specify no-dereference * Run codespell on code * Fix FreeBSD version parsing * Fix a build break on FreeBSD * Remove a bad FROM line * fix(deps): update module github.com/onsi/gomega to v1.31.1 * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6 * docs: use reversed logo for dark theme in README * build,commit: add --sbom to scan and produce SBOMs when committing * commit: force omitHistory if the parent has layers but no history * docs: fix a couple of typos * internal/mkcw.Archive(): handle extra image content * stage_executor,heredoc: honor interpreter in heredoc * stage_executor,layers: burst cache if heredoc content is changed * fix(deps): update module golang.org/x/crypto to v0.18.0 * Replace map[K]bool with map[K]struct{} where it makes sense * fix(deps): update module golang.org/x/sync to v0.6.0 * fix(deps): update module golang.org/x/term to v0.16.0 * Bump CI VMs * Replace strings.SplitN with strings.Cut * fix(deps): update github.com/containers/storage digest to ef81e9b * fix(deps): update github.com/containers/image/v5 digest to 1b221d4 * fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1 * Document use of containers-transports values in buildah * fix(deps): update module golang.org/x/crypto to v0.17.0 [security] * chore(deps): update dependency containers/automation_images to v20231208 * manifest: addCompression use default from containers.conf * commit: add a --add-file flag * mkcw: populate the rootfs using an overlay * chore(deps): update dependency containers/automation_images to v20230517 * [skip-ci] Update actions/stale action to v9 * fix(deps): update module github.com/containernetworking/plugins to v1.4.0 * fix(deps): update github.com/containers/image/v5 digest to 7a40fee * Bump to v1.34.1-dev * Ignore errors if label.Relabel returns ENOSUP Critical SUSE bug 1214855 SUSE bug 1219267 SUSE bug 1219268 SUSE bug 1219438 SUSE bug 1221243 SUSE bug 1221677 SUSE bug 1221916 SUSE bug 1223409 SUSE bug 1224117 SUSE bug 1228324 CVE-2024-1753 at SUSE CVE-2024-1753 at NVD CVE-2024-23651 at SUSE CVE-2024-23651 at NVD CVE-2024-23652 at SUSE CVE-2024-23652 at NVD CVE-2024-23653 at SUSE CVE-2024-23653 at NVD CVE-2024-24786 at SUSE CVE-2024-24786 at NVD CVE-2024-28180 at SUSE CVE-2024-28180 at NVD CVE-2024-3727 at SUSE CVE-2024-3727 at NVD CVE-2024-41110 at SUSE CVE-2024-41110 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-1_8_0-openj9 (Important) openSUSE Leap 15.6 This update for java-1_8_0-openj9 fixes the following issues: - Update to OpenJDK 8u422 build 05 with OpenJ9 0.46.0 virtual machine - CVE-2024-21147: Fixed an array index overflow in RangeCheckElimination. (bsc#1228052) - CVE-2024-21145: Fixed an out-of-bounds access in 2D image handling. (bsc#1228051) - CVE-2024-21140: Fixed a range check elimination pre-loop limit overflow. (bsc#1228048) - CVE-2024-21144: Pack200 increase loading time due to improper header validation. (bsc#1228050) - CVE-2024-21138: Fixed an issue where excessive symbol length can lead to infinite loop. (bsc#1228047) - CVE-2024-21131: Fixed a potential UTF8 size overflow. (bsc#1228046) Important SUSE bug 1228046 SUSE bug 1228047 SUSE bug 1228048 SUSE bug 1228050 SUSE bug 1228051 SUSE bug 1228052 CVE-2024-21131 at SUSE CVE-2024-21131 at NVD CVE-2024-21138 at SUSE CVE-2024-21138 at NVD CVE-2024-21140 at SUSE CVE-2024-21140 at NVD CVE-2024-21144 at SUSE CVE-2024-21144 at NVD CVE-2024-21145 at SUSE CVE-2024-21145 at NVD CVE-2024-21147 at SUSE CVE-2024-21147 at NVD cpe:/o:opensuse:leap:15.6 Security update for buildah (Important) openSUSE Leap 15.6 This update for buildah fixes the following issues: Update to version 1.35.4: * Bump to Buildah v1.35.4 * CVE-2024-3727 updates (bsc#1224117) * integration test: handle new labels in 'bud and test --unsetlabel' * Bump go-jose CVE-2024-28180 * Bump ocicrypt and go-jose CVE-2024-28180 Update to version 1.35.3: * correctly configure /etc/hosts and resolv.conf * buildah: refactor resolv/hosts setup. * CVE-2024-24786 protobuf to 1.33 Update to version 1.35.1: * CVE-2024-1753 container escape fix (bsc#1221677) - Buildah dropped cni support, require netavark instead (bsc#1221243) - Remove obsolete requires libcontainers-image & libcontainers-storage - Require passt for rootless networking (poo#156955) Buildah moved to passt/pasta for rootless networking from slirp4netns (https://github.com/containers/common/pull/1846) Update to version 1.35.0: * Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0 * conformance tests: don't break on trailing zeroes in layer blobs * Add a conformance test for copying to a mounted prior stage * cgroups: reuse version check from c/common * Update vendor of containers/(common,image) * manifest add: complain if we get artifact flags without --artifact * Use retry logic from containers/common * Vendor in containers/(storage,image,common) * Update module golang.org/x/crypto to v0.20.0 * Add comment re: Total Success task name * tests: skip_if_no_unshare(): check for --setuid * Properly handle build --pull=false * [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1 * Update module go.etcd.io/bbolt to v1.3.9 * Revert 'Reduce official image size' * Update module github.com/opencontainers/image-spec to v1.1.0 * Reduce official image size * Build with CNI support on FreeBSD * build --all-platforms: skip some base 'image' platforms * Bump main to v1.35.0-dev * Vendor in latest containers/(storage,image,common) * Split up error messages for missing --sbom related flags * `buildah manifest`: add artifact-related options * cmd/buildah/manifest.go: lock lists before adding/annotating/pushing * cmd/buildah/manifest.go: don't make struct declarations aliases * Use golang.org/x/exp/slices.Contains * Disable loong64 again * Fix a couple of typos in one-line comments * egrep is obsolescent; use grep -E * Try Cirrus with a newer VM version * Set CONTAINERS_CONF in the chroot-mount-flags integration test * Update to match dependency API update * Update github.com/openshift/imagebuilder and containers/common * docs: correct default authfile path * tests: retrofit test for heredoc summary * build, heredoc: show heredoc summary in build output * manifest, push: add support for --retry and --retry-delay * imagebuildah: fix crash with empty RUN * Make buildah match podman for handling of ulimits * docs: move footnotes to where they're applicable * Allow users to specify no-dereference * docs: use reversed logo for dark theme in README * build,commit: add --sbom to scan and produce SBOMs when committing * commit: force omitHistory if the parent has layers but no history * docs: fix a couple of typos * internal/mkcw.Archive(): handle extra image content * stage_executor,heredoc: honor interpreter in heredoc * stage_executor,layers: burst cache if heredoc content is changed * Replace map[K]bool with map[K]struct{} where it makes sense * Replace strings.SplitN with strings.Cut * Document use of containers-transports values in buildah * manifest: addCompression use default from containers.conf * commit: add a --add-file flag * mkcw: populate the rootfs using an overlay * Ignore errors if label.Relabel returns ENOSUP Important SUSE bug 1221243 SUSE bug 1221677 SUSE bug 1224117 CVE-2024-1753 at SUSE CVE-2024-1753 at NVD CVE-2024-24786 at SUSE CVE-2024-24786 at NVD CVE-2024-28180 at SUSE CVE-2024-28180 at NVD CVE-2024-3727 at SUSE CVE-2024-3727 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql16 (Important) openSUSE Leap 15.6 This update for postgresql16 fixes the following issues: - Upgrade to 12.20 (bsc#1229013) - CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. (bsc#1229013) Important SUSE bug 1229013 CVE-2024-7348 at SUSE CVE-2024-7348 at NVD cpe:/o:opensuse:leap:15.6 Security update for kubernetes1.26 (Important) openSUSE Leap 15.6 This update for kubernetes1.26 fixes the following issues: - CVE-2023-45288: Close connections when receiving too many headers. (bsc#1229869) Important SUSE bug 1229869 CVE-2023-45288 at SUSE CVE-2023-45288 at NVD cpe:/o:opensuse:leap:15.6 Security update for python312-pip (Low) openSUSE Leap 15.6 This update for python312-pip fixes the following issues: - CVE-2023-5752: Avoiding injection of arbitrary configuration through Mercurial parameter. (bsc#1217353) Low SUSE bug 1217353 CVE-2023-5752 at SUSE CVE-2023-5752 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaFirefox (Important) openSUSE Leap 15.6 This update for MozillaFirefox fixes the following issues: - Update to Firefox Extended Support Release 128.2.0 ESR (bsc#1229821) - CVE-2024-8381: Type confusion when looking up a property name in a 'with' block - CVE-2024-8382: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran - CVE-2024-8383: Firefox did not ask before openings news: links in an external application - CVE-2024-8384: Garbage collection could mis-color cross-compartment objects in OOM conditions - CVE-2024-8385: WASM type confusion involving ArrayTypes - CVE-2024-8386: SelectElements could be shown over another site if popups are allowed - CVE-2024-8387: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2 Important SUSE bug 1229821 CVE-2024-8381 at SUSE CVE-2024-8381 at NVD CVE-2024-8382 at SUSE CVE-2024-8382 at NVD CVE-2024-8383 at SUSE CVE-2024-8383 at NVD CVE-2024-8384 at SUSE CVE-2024-8384 at NVD CVE-2024-8385 at SUSE CVE-2024-8385 at NVD CVE-2024-8386 at SUSE CVE-2024-8386 at NVD CVE-2024-8387 at SUSE CVE-2024-8387 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql16 (Important) openSUSE Leap 15.6 This update for postgresql16 fixes the following issues: - Upgrade to 15.8 (bsc#1229013) - CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. (bsc#1229013) Important SUSE bug 1229013 CVE-2024-7348 at SUSE CVE-2024-7348 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql16 (Important) openSUSE Leap 15.6 This update for postgresql16 fixes the following issues: - Upgrade to 16.4 (bsc#1229013) - CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. (bsc#1229013) - CVE-2024-4317: Restrict visibility of pg_stats_ext and pg_stats_ext_exprs entries to the table owner. See the release notes for the steps that have to be taken to fix existing PostgreSQL instances. (bsc#1224038) Important SUSE bug 1224038 SUSE bug 1224051 SUSE bug 1229013 CVE-2024-4317 at SUSE CVE-2024-4317 at NVD CVE-2024-7348 at SUSE CVE-2024-7348 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql16 (Important) openSUSE Leap 15.6 This update for postgresql16 fixes the following issues: - Upgrade to 14.13 (bsc#1229013) - CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. (bsc#1229013) Important SUSE bug 1229013 CVE-2024-7348 at SUSE CVE-2024-7348 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Django (Important) openSUSE Leap 15.6 This update for python-Django fixes the following issues: - CVE-2024-45230: Fixed potential denial-of-service vulnerability in django.utils.html.urlize(). (bsc#1229823) - CVE-2024-45231: Fixed potential user email enumeration via response status on password reset. (bsc#1229824) Important SUSE bug 1229823 SUSE bug 1229824 CVE-2024-45230 at SUSE CVE-2024-45230 at NVD CVE-2024-45231 at SUSE CVE-2024-45231 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-1_8_0-ibm (Important) openSUSE Leap 15.6 This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 8 Fix Pack 30 (bsc#1228346) - CVE-2024-21147: Fixed an array index overflow in RangeCheckElimination. (bsc#1228052) - CVE-2024-21145: Fixed an out-of-bounds access in 2D image handling. (bsc#1228051) - CVE-2024-21140: Fixed a range check elimination pre-loop limit overflow. (bsc#1228048) - CVE-2024-21144: Pack200 increase loading time due to improper header validation. (bsc#1228050) - CVE-2024-21138: Fixed an issue where excessive symbol length can lead to infinite loop. (bsc#1228047) - CVE-2024-21131: Fixed a potential UTF8 size overflow. (bsc#1228046) - CVE-2024-27267: Fixed an Object Request Broker (ORB) remote denial of service. (bsc#1229224) Important SUSE bug 1228046 SUSE bug 1228047 SUSE bug 1228048 SUSE bug 1228050 SUSE bug 1228051 SUSE bug 1228052 SUSE bug 1228346 SUSE bug 1229224 CVE-2024-21131 at SUSE CVE-2024-21131 at NVD CVE-2024-21138 at SUSE CVE-2024-21138 at NVD CVE-2024-21140 at SUSE CVE-2024-21140 at NVD CVE-2024-21144 at SUSE CVE-2024-21144 at NVD CVE-2024-21145 at SUSE CVE-2024-21145 at NVD CVE-2024-21147 at SUSE CVE-2024-21147 at NVD CVE-2024-27267 at SUSE CVE-2024-27267 at NVD cpe:/o:opensuse:leap:15.6 Security update for gradle (Moderate) openSUSE Leap 15.6 This update for gradle fixes the following issues: - CVE-2023-35946: Fixed a dependency issue leading the cache to write files into an unintended location. (bsc#1212930) Moderate SUSE bug 1212930 CVE-2023-35946 at SUSE CVE-2023-35946 at NVD cpe:/o:opensuse:leap:15.6 Security update for wireshark (Important) openSUSE Leap 15.6 This update for wireshark fixes the following issues: wireshark was updated from version 3.6.23 to version 4.2.6 (jsc#PED-8517): - Security issues fixed with this update: * CVE-2024-0207: HTTP3 dissector crash (bsc#1218503) * CVE-2024-0210: Zigbee TLV dissector crash (bsc#1218506) * CVE-2024-0211: DOCSIS dissector crash (bsc#1218507) * CVE-2023-6174: Fixed SSH dissector crash (bsc#1217247) * CVE-2023-6175: NetScreen file parser crash (bsc#1217272) * CVE-2023-5371: RTPS dissector memory leak (bsc#1215959) * CVE-2023-3649: iSCSI dissector crash (bsc#1213318) * CVE-2023-2854: BLF file parser crash (bsc#1211708) * CVE-2023-0666: RTPS dissector crash (bsc#1211709) * CVE-2023-0414: EAP dissector crash (bsc#1207666) - Major changes introduced with versions 4.2.0 and 4.0.0: * Version 4.2.0 https://www.wireshark.org/docs/relnotes/wireshark-4.2.0.html * Version 4.0.0 https://www.wireshark.org/docs/relnotes/wireshark-4.0.0.html - Added an aditional desktopfile to start wireshark which asks for the super user password. Important SUSE bug 1207666 SUSE bug 1211708 SUSE bug 1211709 SUSE bug 1213318 SUSE bug 1215959 SUSE bug 1217247 SUSE bug 1217272 SUSE bug 1218503 SUSE bug 1218506 SUSE bug 1218507 SUSE bug 1222030 CVE-2023-0414 at SUSE CVE-2023-0414 at NVD CVE-2023-0666 at SUSE CVE-2023-0666 at NVD CVE-2023-2854 at SUSE CVE-2023-2854 at NVD CVE-2023-3649 at SUSE CVE-2023-3649 at NVD CVE-2023-5371 at SUSE CVE-2023-5371 at NVD CVE-2023-6174 at SUSE CVE-2023-6174 at NVD CVE-2023-6175 at SUSE CVE-2023-6175 at NVD CVE-2024-0207 at SUSE CVE-2024-0207 at NVD CVE-2024-0210 at SUSE CVE-2024-0210 at NVD CVE-2024-0211 at SUSE CVE-2024-0211 at NVD CVE-2024-2955 at SUSE CVE-2024-2955 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql16 (Important) openSUSE Leap 15.6 This update for postgresql16 fixes the following issues: - Upgrade to 13.16 (bsc#1229013) - CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. (bsc#1229013) Important SUSE bug 1229013 CVE-2024-7348 at SUSE CVE-2024-7348 at NVD cpe:/o:opensuse:leap:15.6 Security update for apache2 (Important) openSUSE Leap 15.6 This update for apache2 fixes the following issues: - CVE-2024-38474: Fixed substitution encoding issue in mod_rewrite (bsc#1227278) - CVE-2024-38473: Fixed encoding problem in mod_proxy (bsc#1227276) - CVE-2024-39884: Fixed source code disclosure with handlers configured via AddType (bsc#1227353) Important SUSE bug 1227276 SUSE bug 1227278 SUSE bug 1227353 CVE-2024-38473 at SUSE CVE-2024-38473 at NVD CVE-2024-38474 at SUSE CVE-2024-38474 at NVD CVE-2024-39884 at SUSE CVE-2024-39884 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576). - CVE-2023-52489: Fix race in accessing memory_section->usage (bsc#1221326). - CVE-2024-43821: Fix a possible null pointer dereference (bsc#1229315). - CVE-2024-43911: Fix NULL dereference at band check in starting tx ba session (bsc#1229827). - CVE-2024-42277: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409). - CVE-2024-43880: Put back removed metod in struct objagg_ops (bsc#1229481). - CVE-2024-43899: Fix null pointer deref in dcn20_resource.c (bsc#1229754). - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503) - CVE-2024-43866: Always drain health in shutdown callback (bsc#1229495). - CVE-2024-26812: Struct virqfd kABI workaround (bsc#1222808). - CVE-2024-27010: Fix mirred deadlock on device recursion (bsc#1223720). - CVE-2024-36270: Fix reference in patches.suse/netfilter-tproxy-bail-out-if-IP-has-been-disabled-on.patch (bsc#1226798) - CVE-2024-36881: Reset ptes when close() for wr-protected ones (bsc#1225718). - CVE-2024-42316: Fix div-by-zero in vmpressure_calc_level() (bsc#1229353). - CVE-2024-43855: Fix deadlock between mddev_suspend and flush bio (bsc#1229342,). - CVE-2024-43864: Fix CT entry update leaks of modify header context (bsc#1229496) - CVE-2024-26631: Fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630). - CVE-2024-42109: Unconditionally flush pending work before notifier (bsc#1228505) - CVE-2024-41084: Avoid null pointer dereference in region lookup (bsc#1228472) - CVE-2024-40905: Fix possible race in __fib6_drop_pcpu_from() (bsc#1227761) - CVE-2024-39489: Fix memleak in seg6_hmac_init_algo (bsc#1227623) - CVE-2024-36489: Fix missing memory barrier in tls_init (bsc#1226874) - CVE-2024-27079: Add kABI workaround patch (bsc#1223742). - CVE-2024-41020: Fix fcntl/close race recovery compat path (bsc#1228427). - CVE-2024-35897: Discard table flag update with pending basechain deletion (bsc#1224510). - CVE-2024-27403: Restore const specifier in flow_offload_route_init() (bsc#1224415). - CVE-2024-27011: Fix memleak in map from abort path (bsc#1223803). - CVE-2024-26668: Reject configurations that cause integer overflow (bsc#1222335). - CVE-2024-26835: Set dormant flag on hook register failure (bsc#1222967). - CVE-2024-26808: Handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634). - CVE-2024-26809: Release elements in clone only from destroy path (bsc#1222633). - CVE-2023-52581: Fix memleak when more than 255 elements expired (bsc#1220877). - CVE-2024-43837: Fix updating attached freplace prog in prog_array map (bsc#1229297). - CVE-2024-35939: Fixed leak pages on dma_set_decrypted() failure (bsc#1224535). - CVE-2024-42291: Add a per-VF limit on number of FDIR filters (bsc#1229374). - CVE-2024-42268: Fix missing lock on sync reset reload (bsc#1229391). - CVE-2024-43834: Fix invalid wait context of page_pool_destroy() (bsc#1229314) - CVE-2024-27433: Fix an error handling path in clk_mt8135_apmixed_probe() (bsc#1224711). - CVE-2024-36286: Acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801) - CVE-2024-26851: Add protection for bmp length out of range (bsc#1223074) - CVE-2024-40920: Fix suspicious rcu usage in br_mst_set_state (bsc#1227781). - CVE-2024-40921: Pass vlan group directly to br_mst_vlan_set_state (bsc#1227784). - CVE-2024-36979: Fix vlan use-after-free (bsc#1226604). - CVE-2024-26590: Fix inconsistent per-file compression format (bsc#1220252,). - CVE-2023-52859: Fix use-after-free when register pmu fails (bsc#1225582). - CVE-2024-42270: Fix null-ptr-deref in iptable_nat_table_init() (bsc#1229404) - CVE-2024-42269: Fix potential null-ptr-deref in ip6table_nat_table_init() (bsc#1229402) - CVE-2024-42284: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382) - CVE-2024-42283: Initialize all fields in dumped nexthops (bsc#1229383) - CVE-2024-42312: Always initialize i_uid/i_gid (bsc#1229357) - CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345) - CVE-2024-42322: Properly dereference pe in ip_vs_add_service (bsc#1229347) - CVE-2024-42308: Update DRM patch reference (bsc#1229411) - CVE-2024-42301: Update parport patch reference (bsc#1229407) - CVE-2024-42290: Handle runtime power management correctly (bsc#1229379). - CVE-2024-42318: Do not lose track of restrictions on cred_transfer (bsc#1229351). - CVE-2023-52889: Fix null pointer deref when receiving skb during sock creation (bsc#1229287,). - CVE-2024-42295: Handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370). - CVE-2024-43850: Fix refcount imbalance seen during bwmon_remove (bsc#1229316). - CVE-2024-43831: Handle invalid decoder vsi (bsc#1229309). - CVE-2024-43839: Adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301). - CVE-2024-41007: Use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863). - CVE-2024-42281: Fix a segment issue when downgrading gso_size (bsc#1229386). - CVE-2024-26669: kABI fix for --Fix chain template offload (bsc#1222350). - CVE-2024-26677: kABI fix for -Fix delayed ACKs to not set the reference serial number (bsc#1222387). - CVE-2024-41050: Cyclic allocation of msg_id to avoid reuse (bsc#1228499). - CVE-2024-41051: Wait for ondemand_object_worker to finish when dropping object (bsc#1228468). - CVE-2024-41074: Set object to close if ondemand_id > 0 in copen (bsc#1228643). - CVE-2024-41075: Add consistency check for copen/cread (bsc#1228646). - CVE-2024-41012: Remove locks reliably when fcntl/close race is detected (bsc#1228247). - CVE-2024-41080: Fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616). - CVE-2024-42246: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989). - CVE-2024-42159: Use proper format specifier in mpi3mr_sas_port_add() (bsc#1228754 CVE-2024-42159 git-fixes). - CVE-2024-42241: Disable PMD-sized page cache if needed (bsc#1228986). - CVE-2024-42245: Revert 'Make sure to try to detach at least one movable task' (bsc#1228978). - CVE-2024-26735: Fix possible use-after-free and null-ptr-deref (bsc#1222372). - CVE-2024-26837: Skip MDB replays of deferred events on offload (bsc#1222973). - CVE-2024-42155: Wipe copies of protected- and secure-keys (bsc#1228733). - CVE-2024-42156: Wipe copies of clear-key structures on failure (bsc#1228722). - CVE-2024-42157: Wipe sensitive data on failure (bsc#1228727). - CVE-2024-42158: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720). - CVE-2024-38662: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885). - CVE-2024-36911: Do not free decrypted memory (bsc#1225745). - CVE-2024-36910: Do not free decrypted memory (bsc#1225717). - CVE-2024-36909: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744). - CVE-2024-40938: Fix d_parent walk (bsc#1227840). - CVE-2024-42247: Avoid unaligned 64-bit memory accesses (bsc#1228988). - CVE-2024-41010: Add netlink helper library (bsc#1228021). - CVE-2024-42106: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493). - CVE-2024-42095: Fix Errata i2310 with RX FIFO level check (bsc#1228446). - CVE-2024-41068: Fix sclp_init() cleanup on failure (bsc#1228579). - CVE-2024-42138: Fix double memory deallocation in case of invalid INI file (bsc#1228500). - CVE-2024-42107: Do not process extts if PTP is disabled (bsc#1228494). - CVE-2024-42139: Fix improper extts handling (bsc#1228503). - CVE-2024-42110: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501). - CVE-2024-42113: Initialize num_q_vectors for MSI/INTx interrupts (bsc#1228568). - CVE-2024-42148: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487). - CVE-2024-42142: E-switch, Create ingress ACL when needed (bsc#1228491). - CVE-2024-42073: Fix memory corruptions on Spectrum-4 systems (bsc#1228457). - CVE-2024-42162: Account for stopped queues when reading NIC stats (bsc#1228706). - CVE-2024-42082: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482). - CVE-2024-40978: Fix crash while reading debugfs attribute (bsc#1227929). - CVE-2024-41000: Prefer different overflow check (bsc#1227867). - CVE-2024-40995: Fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830). - CVE-2024-42161: Avoid uninitialized value in BPF_CORE_READ_BITFIELD (bsc#1228756). - CVE-2024-41069: Fix route memory corruption (bsc#1228644). - CVE-2024-39506: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729). - CVE-2024-42145: Implement a limit on UMAD receive List (bsc#1228743). - CVE-2024-40994: Fix integer overflow in max_vclocks_store (bsc#1227829). - CVE-2024-42124: Make qedf_execute_tmf() non-preemptible (bsc#1228705). - CVE-2024-42096: Stop playing stack games in profile_pc() (bsc#1228633). - CVE-2024-42224: Correct check for empty list (bsc#1228723). - CVE-2024-41048: Skip zero length skb in sk_msg_recvmsg (bsc#1228565). - CVE-2024-40958: Make get_net_ns() handle zero refcount net (bsc#1227812). - CVE-2024-40939: Fix tainted pointer delete is case of region creation fail (bsc#1227799). - CVE-2024-36933: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment() (bsc#1225832). - CVE-2024-36929: Reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814). - CVE-2024-41044: Reject claimed-as-LCP but actually malformed packets (bsc#1228530). - CVE-2024-41066: Add tx check to prevent skb leak (bsc#1228640). - CVE-2024-42093: Avoid explicit cpumask var allocation on stack (bsc#1228680). - CVE-2024-42122: Add NULL pointer check for kzalloc (bsc#1228591). - CVE-2024-41078: Fix quota root leak after quota disable failure (bsc#1228655). - CVE-2024-40989: Disassociate vcpus from redistributor region on teardown (bsc#1227823). - CVE-2024-41064: Avoid possible crash when edev->pdev changes (bsc#1228599). - CVE-2024-41036: Fix deadlock with the SPI chip variant (bsc#1228496) - CVE-2024-41040: Fix UAF when resolving a clash (bsc#1228518). - CVE-2024-35949: Make sure that WRITTEN is set on all metadata blocks (bsc#1224700). - CVE-2024-41081: Block BH in ila_output() (bsc#1228617). - CVE-2024-41076: Fix memory leak in nfs4_set_security_label (bsc#1228649). - CVE-2024-42079: Fix NULL pointer dereference in gfs2_log_flush (bsc#1228672). - CVE-2024-41057: Fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1228462). - CVE-2024-41058: Fix slab-use-after-free in fscache_withdraw_volume() (bsc#1228459). - CVE-2024-41015: Add bounds checking to ocfs2_check_dir_entry() (bsc#1228409). - CVE-2024-40956: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810). - CVE-2024-27437: Disable auto-enable of exclusive INTx IRQ (bsc#1222625). - CVE-2024-41032: Check if a hash-index is in cpu_possible_mask (bsc#1228460) - CVE-2024-40957: Fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors (bsc#1227811) - CVE-2024-41041: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (bsc#1228520). - CVE-2024-40954: Do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) - CVE-2024-42070: Fully validate NFT_DATA_VALUE on store to data registers (bsc#1228470). - CVE-2024-41070: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581). - CVE-2024-40959: Check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884). - CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020). - CVE-2024-40909: Fix a potential use-after-free in bpf_link_free() (bsc#1227798). - CVE-2024-27024: Fix WARNING in rds_conn_connect_if_down (bsc#1223777). The following non-security bugs were fixed: - ACPI: battery: create alarm sysfs attribute atomically (stable-fixes). - ACPI: processor_idle: use raw_safe_halt() in acpi_idle_play_dead() (git-fixes). - ACPI: SBS: manage alarm sysfs attribute through psy core (stable-fixes). - ACPI/NUMA: Apply SRAT proximity domain to entire CFMWS window (git-fixes). - afs: fix __afs_break_callback() / afs_drop_open_mmap() race (git-fixes). - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes). - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes). - ALSA: hda: Conditionally use snooping for AMD HDMI (git-fixes). - ALSA: hda: conexant: Fix headset auto detect fail in the polling mode (git-fixes). - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes). - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes). - ALSA: hda/realtek - Fixed ALC256 headphone no sound (stable-fixes). - ALSA: hda/realtek - FIxed ALC285 headphone no sound (stable-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes). - ALSA: hda/realtek: Add quirk for Acer Aspire E5-574G (stable-fixes). - ALSA: hda/realtek: Add support for new HP G12 laptops (stable-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Laptop 14-ey0xxx (stable-fixes). - ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book3 Ultra (stable-fixes). - ALSA: hda/realtek: Implement sound init sequence for Samsung Galaxy Book3 Pro 360 (stable-fixes). - ALSA: hda/realtek: support HP Pavilion Aero 13-bg0xxx Mute LED (stable-fixes). - ALSA: hda/tas2781: fix wrong calibrated data order (git-fixes). - ALSA: hda/tas2781: Use correct endian conversion (git-fixes). - ALSA: line6: Fix racy access to midibuf (stable-fixes). - ALSA: line6: Fix racy access to midibuf (stable-fixes). - ALSA: seq: Skip event type filtering for UMP events (git-fixes). - ALSA: seq: ump: Explicitly reset RPN with Null RPN (stable-fixes). - ALSA: seq: ump: Optimize conversions from SysEx to UMP (git-fixes). - ALSA: seq: ump: Transmit RPN/NRPN message at each MSB/LSB data reception (stable-fixes). - ALSA: seq: ump: Use the common RPN/bank conversion context (stable-fixes). - ALSA: timer: Relax start tick time check for slave timer elements (git-fixes). - ALSA: ump: Explicitly reset RPN with Null RPN (stable-fixes). - ALSA: ump: Transmit RPN/NRPN message at each MSB/LSB data reception (stable-fixes). - ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET (stable-fixes). - ALSA: usb-audio: Correct surround channels in UAC1 channel map (git-fixes). - ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes). - ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes). - ALSA: usb-audio: Support Yamaha P-125 quirk entry (stable-fixes). - ALSA: usb: Fix UBSAN warning in parse_audio_unit() (stable-fixes). - apparmor: unpack transition table if dfa is not present (bsc#1226031). - arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes) - arm64: Add Neoverse-V2 part (git-fixes) - arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes) - arm64: barrier: Restore spec_bar() macro (git-fixes) - arm64: cputype: Add Cortex-A720 definitions (git-fixes) - arm64: cputype: Add Cortex-A725 definitions (git-fixes) - arm64: cputype: Add Cortex-X1C definitions (git-fixes) - arm64: cputype: Add Cortex-X3 definitions (git-fixes) - arm64: cputype: Add Cortex-X4 definitions (git-fixes) - arm64: cputype: Add Cortex-X925 definitions (git-fixes) - arm64: cputype: Add Neoverse-V3 definitions (git-fixes) - arm64: dts: imx8mp: add HDMI power-domains (git-fixes) - arm64: dts: imx8mp: Add NPU Node (git-fixes) - arm64: dts: imx8mp: Fix pgc vpu locations (git-fixes) - arm64: dts: imx8mp: Fix pgc_mlmix location (git-fixes) - arm64: errata: Expand speculative SSBS workaround (again) (git-fixes) - arm64: errata: Expand speculative SSBS workaround (git-fixes) - arm64: errata: Unify speculative SSBS errata logic (git-fixes). Update config files. - arm64: Fix KASAN random tag seed initialization (git-fixes) - arm64: jump_label: Ensure patched jump_labels are visible to all CPUs (git-fixes) - ASoC: allow module autoloading for table board_ids (stable-fixes). - ASoC: allow module autoloading for table db1200_pids (stable-fixes). - ASoC: amd: acp: fix module autoloading (git-fixes). - ASoC: amd: yc: Add quirk entry for OMEN by HP Gaming Laptop 16-n0xxx (bsc#1227182). - ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes). - ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes). - ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes). - ASoC: cs35l45: Checks index of cs35l45_irqs[] (stable-fixes). - ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes). - ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes). - ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes). - ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes). - ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes). - ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes). - ASoC: mediatek: mt8188: Mark AFE_DAC_CON0 register as volatile (stable-fixes). - ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes). - ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes). - ASoC: nau8822: Lower debug print priority (stable-fixes). - ASoC: nau8822: Lower debug print priority (stable-fixes). - ASoC: SOF: amd: Fix for acp init sequence (git-fixes). - ASoC: SOF: Intel: hda-dsp: Make sure that no irq handler is pending before suspend (stable-fixes). - ASoC: SOF: ipc4: check return value of snd_sof_ipc_msg_data (stable-fixes). - ASoC: SOF: mediatek: Add missing board compatible (stable-fixes). - ASoC: SOF: Remove libraries from topology lookups (git-fixes). - ASoC: SOF: Remove libraries from topology lookups (git-fixes). - ata: libata-scsi: Do not overwrite valid sense data when CK_COND=1 (stable-fixes). - ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error (stable-fixes). - Bluetooth: Add device 13d3:3572 IMC Networks Bluetooth Radio (stable-fixes). - Bluetooth: bnep: Fix out-of-bound access (stable-fixes). - Bluetooth: btintel: Fail setup on error (git-fixes). - Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading (stable-fixes). - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 (stable-fixes). - Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables (stable-fixes). - Bluetooth: Fix usage of __hci_cmd_sync_status (git-fixes). - Bluetooth: hci_conn: Check non NULL function before calling for HFP offload (stable-fixes). - Bluetooth: hci_core: Fix LE quote calculation (git-fixes). - Bluetooth: hci_core: Fix not handling hibernation actions (git-fixes). - Bluetooth: hci_sync: avoid dup filtering when passive scanning with adv monitor (git-fixes). - Bluetooth: hci_sync: Fix suspending with wrong filter policy (git-fixes). - Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (git-fixes). - Bluetooth: L2CAP: Fix deadlock (git-fixes). - Bluetooth: MGMT: Add error handling to pair_device() (git-fixes). - Bluetooth: SMP: Fix assumption of Central always being Initiator (git-fixes). - bnxt_re: Fix imm_data endianness (git-fixes) - bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG (git-fixes) - bpf, lpm: Fix check prefixlen before walking trie (git-fixes). - bpf: Add crosstask check to __bpf_get_stack (git-fixes). - bpf: Detect IP == ksym.end as part of BPF program (git-fixes). - bpf: do not infer PTR_TO_CTX for programs with unnamed context type (git-fixes). - bpf: enforce precision of R0 on callback return (git-fixes). - bpf: Ensure proper register state printing for cond jumps (git-fixes). - bpf: extract bpf_ctx_convert_map logic and make it more reusable (git-fixes). - bpf: Fix a few selftest failures due to llvm18 change (git-fixes). - bpf: Fix a kernel verifier crash in stacksafe() (bsc#1225903). - bpf: Fix check_stack_write_fixed_off() to correctly spill imm (git-fixes). - bpf: fix control-flow graph checking in privileged mode (git-fixes). - bpf: Fix kfunc callback register type handling (git-fixes). - bpf: Fix prog_array_map_poke_run map poke update (git-fixes). - bpf: Fix unnecessary -EBUSY from htab_lock_bucket (git-fixes). - bpf: handle bpf_user_pt_regs_t typedef explicitly for PTR_TO_CTX global arg (git-fixes). - bpf: hardcode BPF_PROG_PACK_SIZE to 2MB * num_possible_nodes() (git-fixes). - bpf: kprobe: remove unused declaring of bpf_kprobe_override (git-fixes). - bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly (git-fixes). - bpf: Remove unnecessary wait from bpf_map_copy_value() (git-fixes). - bpf: Set uattr->batch.count as zero before batched update or deletion (git-fixes). - bpf: simplify btf_get_prog_ctx_type() into btf_is_prog_ctx_type() (git-fixes). - bpf/tests: Remove duplicate JSGT tests (git-fixes). - bpftool: Align output skeleton ELF code (git-fixes). - bpftool: Fix -Wcast-qual warning (git-fixes). - bpftool: mark orphaned programs during prog show (git-fixes). - bpftool: Silence build warning about calloc() (git-fixes). - btrfs: add a btrfs_finish_ordered_extent helper (git-fixes). - btrfs: add a is_data_bbio helper (git-fixes). - btrfs: add an ordered_extent pointer to struct btrfs_bio (git-fixes). - btrfs: copy dir permission and time when creating a stub subvolume (bsc#1228321). - btrfs: ensure fast fsync waits for ordered extents after a write failure (git-fixes). - btrfs: factor out a btrfs_queue_ordered_fn helper (git-fixes). - btrfs: factor out a can_finish_ordered_extent helper (git-fixes). - btrfs: fix corruption after buffer fault in during direct IO append write (git-fixes). - btrfs: fix double inode unlock for direct IO sync writes (git-fixes). - btrfs: fix extent map use-after-free when adding pages to compressed bio (git-fixes). - btrfs: fix leak of qgroup extent records after transaction abort (git-fixes). - btrfs: fix ordered extent split error handling in btrfs_dio_submit_io (git-fixes). - btrfs: limit write bios to a single ordered extent (git-fixes). - btrfs: make btrfs_finish_ordered_extent() return void (git-fixes). - btrfs: merge the two calls to btrfs_add_ordered_extent in run_delalloc_nocow (git-fixes). - btrfs: open code btrfs_bio_end_io in btrfs_dio_submit_io (git-fixes). - btrfs: open code end_extent_writepage in end_bio_extent_writepage (git-fixes). - btrfs: pass a btrfs_inode to btrfs_fdatawrite_range() (git-fixes). - btrfs: pass a btrfs_inode to btrfs_wait_ordered_range() (git-fixes). - btrfs: pass an ordered_extent to btrfs_reloc_clone_csums (git-fixes). - btrfs: pass an ordered_extent to btrfs_submit_compressed_write (git-fixes). - btrfs: remove btrfs_add_ordered_extent (git-fixes). - btrfs: rename err to ret in btrfs_direct_write() (git-fixes). - btrfs: uninline some static inline helpers from tree-log.h (git-fixes). - btrfs: use a btrfs_inode in the log context (struct btrfs_log_ctx) (git-fixes). - btrfs: use a btrfs_inode local variable at btrfs_sync_file() (git-fixes). - btrfs: use bbio->ordered in btrfs_csum_one_bio (git-fixes). - btrfs: use btrfs_finish_ordered_extent to complete buffered writes (git-fixes). - btrfs: use btrfs_finish_ordered_extent to complete compressed writes (git-fixes). - btrfs: use btrfs_finish_ordered_extent to complete direct writes (git-fixes). - btrfs: use irq safe locking when running and adding delayed iputs (git-fixes). - cachefiles, erofs: Fix NULL deref in when cachefiles is not doing ondemand-mode (bsc#1229245). - cachefiles: add missing lock protection when polling (bsc#1229256). - cachefiles: add restore command to recover inflight ondemand read requests (bsc#1229244). - cachefiles: add spin_lock for cachefiles_ondemand_info (bsc#1229249). - cachefiles: cancel all requests for the object that is being dropped (bsc#1229255). - cachefiles: defer exposing anon_fd until after copy_to_user() succeeds (bsc#1229251). - cachefiles: extract ondemand info field from cachefiles_object (bsc#1229240). - cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read() (bsc#1229247). - cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd() (bsc#1229246). - cachefiles: introduce object ondemand state (bsc#1229239). - cachefiles: make on-demand read killable (bsc#1229252). - cachefiles: narrow the scope of triggering EPOLLIN events in ondemand mode (bsc#1229243). - cachefiles: never get a new anonymous fd if ondemand_id is valid (bsc#1229250). - cachefiles: propagate errors from vfs_getxattr() to avoid infinite loop (bsc#1229253). - cachefiles: remove err_put_fd label in cachefiles_ondemand_daemon_read() (bsc#1229248). - cachefiles: resend an open request if the read request's object is closed (bsc#1229241). - cachefiles: stop sending new request when dropping object (bsc#1229254). - can: mcp251xfd: tef: prepare to workaround broken TEF FIFO tail index erratum (stable-fixes). - can: mcp251xfd: tef: update workaround for erratum DS80000789E 6 of mcp2518fd (stable-fixes). - ceph: periodically flush the cap releases (bsc#1230056). - cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254). - cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254). - cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254). - cgroup: preserve KABI of cgroup_root (bsc#1222254). - cgroup: Remove unnecessary list_empty() (bsc#1222254). - cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801). - char: xillybus: Check USB endpoints when probing device (git-fixes). - char: xillybus: Do not destroy workqueue from work item running on it (stable-fixes). - char: xillybus: Refine workqueue handling (git-fixes). - clk: en7523: fix rate divider for slic and spi clocks (git-fixes). - clk: qcom: camcc-sc7280: Add parent dependency to all camera GDSCs (git-fixes). - clk: qcom: gcc-sa8775p: Update the GDSC wait_val fields and flags (git-fixes). - clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE clock (git-fixes). - clk: qcom: gpucc-sa8775p: Park RCG's clk source at XO during disable (git-fixes). - clk: qcom: gpucc-sa8775p: Remove the CLK_IS_CRITICAL and ALWAYS_ON flags (git-fixes). - clk: qcom: gpucc-sa8775p: Update wait_val fields for GPU GDSC's (git-fixes). - clk: qcom: gpucc-sm8350: Park RCG's clk source at XO during disable (git-fixes). - clk: qcom: kpss-xcc: Return of_clk_add_hw_provider to transfer the error (git-fixes). - clk: qcom: Park shared RCGs upon registration (git-fixes). - clk: visconti: Add bounds-checking coverage for struct visconti_pll_provider (stable-fixes). - clocksource/drivers/sh_cmt: Address race condition for clock events (stable-fixes). - cpu/SMT: Enable SMT only if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes). - cxl/region: Move cxl_dpa_to_region() work to the region driver (bsc#1228472) - dev/parport: fix the array out-of-bounds risk (stable-fixes). - device property: Add cleanup.h based fwnode_handle_put() scope based cleanup (stable-fixes). - dmaengine: dw: Add memory bus width verification (git-fixes). - dmaengine: dw: Add peripheral bus width verification (git-fixes). - docs: KVM: Fix register ID of SPSR_FIQ (git-fixes). - driver core: Fix uevent_show() vs driver detach race (git-fixes). - drm/admgpu: fix dereferencing null pointer context (stable-fixes). - drm/amd/display: Add delay to improve LTTPR UHBR interop (stable-fixes). - drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update (stable-fixes). - drm/amd/display: Add null checker before passing variables (stable-fixes). - drm/amd/display: Adjust cursor position (git-fixes). - drm/amd/display: avoid using null object of framebuffer (git-fixes). - drm/amd/display: Check for NULL pointer (stable-fixes). - drm/amd/display: fix cursor offset on rotation 180 (git-fixes). - drm/amd/display: fix s2idle entry for DCN3.5+ (stable-fixes). - drm/amd/display: Skip Recompute DSC Params if no Stream on Link (stable-fixes). - drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr (stable-fixes). - drm/amdgpu: Actually check flags for all context ops (stable-fixes). - drm/amdgpu: Add lock around VF RLCG interface (stable-fixes). - drm/amdgpu: fix dereference null return value for the function amdgpu_vm_pt_parent (stable-fixes). - drm/amdgpu: fix potential resource leak warning (stable-fixes). - drm/amdgpu: Fix the null pointer dereference to ras_manager (stable-fixes). - drm/amdgpu: Forward soft recovery errors to userspace (stable-fixes). - drm/amdgpu: reset vm state machine after gpu reset(vram lost) (stable-fixes). - drm/amdgpu: Validate TA binary size (stable-fixes). - drm/amdgpu/jpeg2: properly set atomics vmid field (stable-fixes). - drm/amdgpu/jpeg4: properly set atomics vmid field (stable-fixes). - drm/amdgpu/pm: Fix the null pointer dereference for smu7 (stable-fixes). - drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules (stable-fixes). - drm/amdgpu/pm: Fix the param type of set_power_profile_mode (stable-fixes). - drm/amdgpu/sdma5.2: limit wptr workaround to sdma 5.2.1 (git-fixes). - drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell (stable-fixes). - drm/bridge: analogix_dp: properly handle zero sized AUX transactions (stable-fixes). - drm/client: fix null pointer dereference in drm_client_modeset_probe (git-fixes). - drm/dp_mst: Skip CSN if topology probing is not done yet (stable-fixes). - drm/etnaviv: do not block scheduler when GPU is still active (stable-fixes). - drm/i915: Fix possible int overflow in skl_ddi_calculate_wrpll() (git-fixes). - drm/i915/dsi: Make Lenovo Yoga Tab 3 X90F DMI match less strict (git-fixes). - drm/i915/gem: Adjust vma offset for framebuffer mmap offset (stable-fixes). - drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (git-fixes). - drm/i915/hdcp: Fix HDCP2_STREAM_STATUS macro (git-fixes). - drm/lima: set gp bus_stop bit before hard reset (stable-fixes). - drm/mediatek/dp: Fix spurious kfree() (git-fixes). - drm/msm: Reduce fallout of fence signaling vs reclaim hangs (stable-fixes). - drm/msm/dp: fix the max supported bpp logic (git-fixes). - drm/msm/dp: reset the link phy params before link training (git-fixes). - drm/msm/dpu: capture snapshot on the first commit_done timeout (stable-fixes). - drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (git-fixes). - drm/msm/dpu: do not play tricks with debug macros (git-fixes). - drm/msm/dpu: drop MSM_ENC_VBLANK support (stable-fixes). - drm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable() (git-fixes). - drm/msm/dpu: split dpu_encoder_wait_for_event into two functions (stable-fixes). - drm/msm/dpu: take plane rotation into account for wide planes (git-fixes). - drm/msm/dpu: try multirect based on mdp clock limits (stable-fixes). - drm/msm/dpu: use drmm-managed allocation for dpu_encoder_phys (stable-fixes). - drm/msm/mdss: Rename path references to mdp_path (stable-fixes). - drm/msm/mdss: switch mdss to use devm_of_icc_get() (stable-fixes). - drm/nouveau: prime: fix refcount underflow (git-fixes). - drm/panel: nt36523: Set 120Hz fps for xiaomi,elish panels (stable-fixes). - drm/radeon: Remove __counted_by from StateArray.states[] (git-fixes). - drm/radeon/evergreen_cs: Clean up errors in evergreen_cs.c (bsc#1229024). - drm/rockchip: vop2: clear afbc en and transform bit for cluster window at linear mode (stable-fixes). - drm/virtio: Fix type of dma-fence context variable (git-fixes). - drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes). - drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes). - drm/vmwgfx: Fix prime with external buffers (git-fixes). - efi/libstub: Zero initialize heap allocated struct screen_info (git-fixes). - evm: do not copy up 'security.evm' xattr (git-fixes). - firmware: cirrus: cs_dsp: Initialize debugfs_root to invalid (stable-fixes). - fs/netfs/fscache_cookie: add missing 'n_accesses' check (bsc#1229455). - fuse: Initialize beyond-EOF page contents before setting uptodate (bsc#1229456). - genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline (git-fixes). - genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware (git-fixes). - genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() (git-fixes). - gfs2: setattr_chown: Add missing initialization (git-fixes). - gpio: mlxbf3: Support shutdown() function (git-fixes). - gpio: prevent potential speculation leaks in gpio_device_get_desc() (stable-fixes). - gpio: sysfs: extend the critical section for unregistering sysfs devices (stable-fixes). - gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (git-fixes). - hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (git-fixes). - HID: wacom: Defer calculation of resolution until resolution_code is known (git-fixes). - hwmon: (ltc2992) Avoid division by zero (stable-fixes). - hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt() (git-fixes). - hwmon: (pc87360) Bounds check data->innr usage (stable-fixes). - i2c: Fix conditional for substituting empty ACPI functions (stable-fixes). - i2c: qcom-geni: Add missing clk_disable_unprepare in geni_i2c_runtime_resume (git-fixes). - i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume (git-fixes). - i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume (git-fixes). - i2c: riic: avoid potential division by zero (stable-fixes). - i2c: smbus: Improve handling of stuck alerts (git-fixes). - i2c: smbus: Send alert notifications to all devices if source not found (git-fixes). - i2c: stm32f7: Add atomic_xfer method to driver (stable-fixes). - i2c: Use IS_REACHABLE() for substituting empty ACPI functions (git-fixes). - i3c: mipi-i3c-hci: Do not unmap region not mapped for transfer (stable-fixes). - i3c: mipi-i3c-hci: Remove BUG() when Ring Abort request times out (stable-fixes). - i915/perf: Remove code to update PWR_CLK_STATE for gen12 (git-fixes). - ice: Fix NULL pointer access, if PF does not support SRIOV_LAG (bsc#1228737). - Input: i8042 - add forcenorestore quirk to leave controller untouched even on s3 (stable-fixes). - Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table (bsc#1229056). - Input: i8042 - use new forcenorestore quirk to replace old buggy quirk combination (stable-fixes). - Input: MT - limit max slots (stable-fixes). - io_uring: Drop per-ctx dummy_ubuf (git-fixes). - io_uring: fix io_match_task must_hold (git-fixes). - io_uring: Fix probe of disabled operations (git-fixes). - io_uring: tighten task exit cancellations (git-fixes). - io_uring/advise: support 64-bit lengths (git-fixes). - iommu/amd: Convert comma to semicolon (git-fixes). - iommu/vt-d: Fix identity map bounds in si_domain_init() (git-fixes). - iommufd/device: Fix hwpt at err_unresv in iommufd_device_do_replace() (git-fixes). - ip6_tunnel: Fix broken GRO (bsc#1229444). - ipv6: sr: fix incorrect unregister order (git-fixes). - irqdomain: Fixed unbalanced fwnode get and put (git-fixes). - jfs: define xtree root and page independently (git-fixes). - jfs: fix null ptr deref in dtInsertEntry (git-fixes). - jfs: Fix shift-out-of-bounds in dbDiscardAG (git-fixes). - jump_label: Clarify condition in static_key_fast_inc_not_disabled() (git-fixes). - jump_label: Fix concurrency issues in static_key_slow_dec() (git-fixes). - jump_label: Fix the fix, brown paper bags galore (git-fixes). - jump_label: Simplify and clarify static_key_fast_inc_cpus_locked() (git-fixes). - kabi fix for KVM: s390: fix LPSWEY handling (bsc#1227634 git-fixes). - kabi fix for SUNRPC: add a missing rpc_stat for TCP TLS (git-fixes). - kABI fix of: virtio-crypto: handle config changed by work queue (git-fixes). - kABI workaround for sound core UMP conversion (stable-fixes). - kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783) - kabi/severity: add nvme common code The nvme common code is also allowed to change the data structures, there are only internal users. - kcov: properly check for softirq context (git-fixes). - kernfs: Convert kernfs_path_from_node_locked() from strlcpy() to strscpy() (bsc#1229134). - kernfs: fix false-positive WARN(nr_mmapped) in kernfs_drain_open_files (git-fixes). - kprobes: Fix to check symbol prefixes correctly (git-fixes). - kprobes: Prohibit probing on CFI preamble symbol (git-fixes). - KVM: Always flush async #PF workqueue when vCPU is being destroyed (git-fixes). - KVM: arm64: AArch32: Fix spurious trapping of conditional instructions (git-fixes). - KVM: arm64: Add missing memory barriers when switching to pKVM's hyp pgd (git-fixes). - KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode (git-fixes). - KVM: arm64: Fix __pkvm_init_switch_pgd call ABI (git-fixes). - KVM: arm64: Fix AArch32 register narrowing on userspace write (git-fixes). - KVM: arm64: Fix clobbered ELR in sync abort/SError (git-fixes) - KVM: arm64: GICv4: Do not perform a map to a mapped vLPI (git-fixes). - KVM: arm64: timers: Correctly handle TGE flip with CNTPOFF_EL2 (git-fixes). - KVM: arm64: timers: Fix resource leaks in kvm_timer_hyp_init() (git-fixes). - KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() (git-fixes). - KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler (git-fixes). - KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id (git-fixes). - KVM: arm64: vgic-v4: Restore pending state on host userspace write (git-fixes). - KVM: arm64: vgic: Add a non-locking primitive for kvm_vgic_vcpu_destroy() (git-fixes). - KVM: arm64: vgic: Force vcpu vgic teardown on vcpu destroy (git-fixes). - KVM: arm64: vgic: Simplify kvm_vgic_destroy() (git-fixes). - KVM: fix kvm_mmu_memory_cache allocation warning (git-fixes). - KVM: Make KVM_MEM_GUEST_MEMFD mutually exclusive with KVM_MEM_READONLY (git-fixes). - KVM: nVMX: Add a helper to get highest pending from Posted Interrupt vector (git-fixes). - KVM: nVMX: Check for pending posted interrupts when looking for nested events (git-fixes). - KVM: nVMX: Request immediate exit iff pending nested event needs injection (git-fixes). - KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3 (bsc#1194869). - KVM: PPC: Book3S HV: Handle pending exceptions on guest entry with MSR_EE (bsc#1215199). - KVM: Protect vcpu->pid dereference via debugfs with RCU (git-fixes). - KVM: Reject overly excessive IDs in KVM_CREATE_VCPU (git-fixes). - KVM: s390: fix LPSWEY handling (bsc#1227634 git-fixes). - KVM: s390: fix validity interception issue when gisa is switched off (git-fixes bsc#1229167). - kvm: s390: Reject memory region operations for ucontrol VMs (git-fixes bsc#1229168). - KVM: Stop processing *all* memslots when 'null' mmu_notifier handler is found (git-fixes). - KVM: VMX: Move posted interrupt descriptor out of VMX code (git-fixes). - KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked() (git-fixes). - KVM: VMX: Switch __vmx_exit() and kvm_x86_vendor_exit() in vmx_exit() (git-fixes). - KVM: x86: Limit check IDs for KVM_SET_BOOT_CPU_ID (git-fixes). - KVM: x86/mmu: Bug the VM if KVM tries to split a !hugepage SPTE (git-fixes). - libbpf: Add missing LIBBPF_API annotation to libbpf_set_memlock_rlim API (git-fixes). - libbpf: Apply map_set_def_max_entries() for inner_maps on creation (git-fixes). - libbpf: Fix faccessat() usage on Android (git-fixes). - libbpf: Use OPTS_SET() macro in bpf_xdp_query() (git-fixes). - md-cluster: fix hanging issue while a new disk adding (bsc#1223395). - md-cluster: fix hanging issue while a new disk adding (bsc#1223395). - md-cluster: fix no recovery job when adding/re-adding a disk (bsc#1223395). - md-cluster: fix no recovery job when adding/re-adding a disk (bsc#1223395). - md-cluster: keeping kabi compatibility for upstream commit 35a0a409fa26 (bsc#1223395). - md: add a mddev_add_trace_msg helper (git-fixes). - md: add check for sleepers in md_wakeup_thread() (git-fixes). - md: change the return value type of md_write_start to void (git-fixes). - md: do not account sync_io if iostats of the disk is disabled (git-fixes). - md: do not delete safemode_timer in mddev_suspend (git-fixes). - md: Do not wait for MD_RECOVERY_NEEDED for HOT_REMOVE_DISK ioctl (git-fixes). - md: factor out a helper exceed_read_errors() to check read_errors (git-fixes). - md: fix a suspicious RCU usage warning (git-fixes). - md/md-bitmap: fix writing non bitmap pages (git-fixes). - md/raid1: set max_sectors during early return from choose_slow_rdev() (git-fixes). - md/raid1: support read error check (git-fixes). - md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (git-fixes). - md/raid5: fix spares errors about rcu usage (git-fixes). - md/raid5: recheck if reshape has finished with device_lock held (git-fixes). - media: amphion: Remove lock in s_ctrl callback (stable-fixes). - media: drivers/media/dvb-core: copy user arrays safely (stable-fixes). - media: pci: cx23885: check cx23885_vdev_init() return (stable-fixes). - media: Revert 'media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()' (git-fixes). - media: uvcvideo: Add quirk for invalid dev_sof in Logitech C920 (git-fixes). - media: uvcvideo: Disable autosuspend for Insta360 Link (stable-fixes). - media: uvcvideo: Fix the bandwdith quirk on USB 3.x (stable-fixes). - media: uvcvideo: Ignore empty TS packets (stable-fixes). - media: uvcvideo: Quirk for invalid dev_sof in Logitech C922 (stable-fixes). - media: xc2028: avoid use-after-free in load_firmware_cb() (stable-fixes). - memcg: protect concurrent access to mem_cgroup_idr (git-fixes). - memory: stm32-fmc2-ebi: check regmap_read return value (stable-fixes). - memory: tegra: Skip SID programming if SID registers are not set (stable-fixes). - minmax: add a few more MIN_T/MAX_T users (bsc#1229024). - minmax: avoid overly complicated constant expressions in VM code (bsc#1229024). - minmax: do not use max() in situations that want a C constant expression (bsc#1229024). - minmax: fix up min3() and max3() too (bsc#1229024). - minmax: improve macro expansion and type checking (bsc#1229024). - minmax: make generic MIN() and MAX() macros available everywhere (bsc#1229024). - minmax: simplify and clarify min_t()/max_t() implementation (bsc#1229024). - minmax: simplify min()/max()/clamp() implementation (bsc#1229024). - mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes). - mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes). - mmc: dw_mmc: allow biu and ciu clocks to defer (git-fixes). - mmc: mmc_test: Fix NULL dereference on allocation failure (git-fixes). - mmc: mtk-sd: receive cmd8 data when hs400 tuning fail (git-fixes). - net: drop bad gso csum_start and offset in virtio_net_hdr (git-fixes). - net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb() (git-fixes). - net: fix sk_memory_allocated_{add|sub} vs softirqs (bsc#1228757). - net: mana: Add support for page sizes other than 4KB on ARM64 (jsc#PED-8491 bsc#1226530). - net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings (bsc#1229154). - net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes). - net: mana: Fix RX buf alloc_size alignment and atomic op panic (bsc#1229086). - net: missing check virtio (git-fixes). - net: phy: micrel: Fix the KSZ9131 MDI-X status issue (git-fixes). - net: phy: realtek: add support for RTL8366S Gigabit PHY (git-fixes). - net: usb: qmi_wwan: fix memory leak for not ip packets (git-fixes). - net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git-fixes). - net/iucv: fix the allocation size of iucv_path_table array (git-fixes bsc#1229451). - net/iucv: fix use after free in iucv_sock_close() (bsc#1228973). - net/rds: fix possible cp null dereference (git-fixes). - net/sched: initialize noop_qdisc owner (git-fixes). - netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() (bsc#1228459 bsc#1228462). - nfc: pn533: Add poll mod list filling check (git-fixes). - nfs: do not invalidate dentries on transient errors (git-fixes). - nfs: expose /proc/net/sunrpc/nfs in net namespaces (git-fixes). - nfs: make the rpc_stat per net namespace (git-fixes). - nfs: pass explicit offset/count to trace events (git-fixes). - nfs: propagate readlink errors in nfs_symlink_filler (git-fixes). - NFSD: Support write delegations in LAYOUTGET (git-fixes). - NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes). - nouveau/firmware: use dma non-coherent allocator (git-fixes). - nvme_core: scan namespaces asynchronously (bsc#1224105). - nvme-multipath: find NUMA path only for online numa-node (git-fixes). - nvme-multipath: implement 'queue-depth' iopolicy (bsc#1227706). - nvme-multipath: prepare for 'queue-depth' iopolicy (bsc#1227706). - nvme-pci: add missing condition check for existence of mapped data (git-fixes). - nvme-pci: do not directly handle subsys reset fallout (bsc#1220066). - nvme-pci: Fix the instructions for disabling power management (git-fixes). - nvme-sysfs: add 'tls_configured_key' sysfs attribute (bsc#1221857). - nvme-sysfs: add 'tls_keyring' attribute (bsc#1221857). - nvme-tcp: check for invalidated or revoked key (bsc#1221857). - nvme-tcp: sanitize TLS key handling (bsc#1221857). - nvme: add a newline to the 'tls_key' sysfs attribute (bsc#1221857). - nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset (git-fixes). - nvme: avoid double free special payload (git-fixes). - nvme: fix NVME_NS_DEAC may incorrectly identifying the disk as EXT_LBA (git-fixes). - nvme: fixup comment for nvme RDMA Provider Type (git-fixes). - nvme: split off TLS sysfs attributes into a separate group (bsc#1221857). - nvme: tcp: remove unnecessary goto statement (bsc#1221857). - nvmet-auth: fix nvmet_auth hash error handling (git-fixes). - nvmet: always initialize cqe.result (git-fixes). - nvmet: do not return 'reserved' for empty TSAS values (git-fixes). - nvmet: fix a possible leak when destroy a ctrl during qp establishment (git-fixes). - nvmet: make 'tsas' attribute idempotent for RDMA (git-fixes). - ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410). - padata: Fix possible divide-by-0 panic in padata_mt_helper() (git-fixes). - PCI: Add Edimax Vendor ID to pci_ids.h (stable-fixes). - PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (git-fixes). - PCI: loongson: Enable MSI in LS7A Root Complex (stable-fixes). - perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 (git-fixes). - pinctrl: mediatek: common-v2: Fix broken bias-disable for PULL_PU_PD_RSEL_TYPE (git-fixes). - pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins (git-fixes). - pinctrl: single: fix potential NULL dereference in pcs_get_function() (git-fixes). - pinctrl: starfive: jh7110: Correct the level trigger configuration of iev register (git-fixes). - platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes). - platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes). - platform/surface: aggregator: Fix warning when controller is destroyed in probe (git-fixes). - platform/x86: lg-laptop: fix %s null argument warning (stable-fixes). - platform/x86/amd/hsmp: Add support for ACPI based probing (jsc#PED-8779). - platform/x86/amd/hsmp: Cache pci_dev in struct hsmp_socket (jsc#PED-8779). - platform/x86/amd/hsmp: Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779). - platform/x86/amd/hsmp: Check HSMP support on AMD family of processors (jsc#PED-8779). - platform/x86/amd/hsmp: Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779). - platform/x86/amd/hsmp: Create static func to handle platdev (jsc#PED-8779). - platform/x86/amd/hsmp: Define a struct to hold mailbox regs (jsc#PED-8779). - platform/x86/amd/hsmp: Move dev from platdev to hsmp_socket (jsc#PED-8779). - platform/x86/amd/hsmp: Move hsmp_test to probe (jsc#PED-8779). - platform/x86/amd/hsmp: Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779). - platform/x86/amd/hsmp: Remove extra parenthesis and add a space (jsc#PED-8779). - platform/x86/amd/hsmp: Restructure sysfs group creation (jsc#PED-8779). - platform/x86/amd/hsmp: switch to use device_add_groups() (jsc#PED-8779). - platform/x86/intel/ifs: Initialize union ifs_status to zero (git-fixes). - power: supply: axp288_charger: Fix constant_charge_voltage writes (git-fixes). - power: supply: axp288_charger: Round constant_charge_voltage writes down (git-fixes). - power: supply: qcom_battmgr: return EAGAIN when firmware service is not up (git-fixes). - powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (bsc#1194869). - powerpc: xor_vmx: Add '-mhard-float' to CFLAGS (bsc#1194869). - powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (bsc#1194869). - powerpc/io: Avoid clang null pointer arithmetic warnings (bsc#1194869). - powerpc/kexec_file: fix cpus node update to FDT (bsc#1194869). - powerpc/kexec: make the update_cpus_node() function public (bsc#1194869). - powerpc/kexec: split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP (bsc#1194869). - powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (bsc#1194869). - powerpc/pseries: Whitelist dtl slub object for copying to userspace (bsc#1194869). - powerpc/radix: Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869). - powerpc/topology: Check if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes). - powerpc/xmon: Check cpu id in commands 'c#', 'dp#' and 'dx#' (bsc#1194869). - printk/panic: Allow cpu backtraces to be written into ringbuffer during panic (bsc#1225607). - RDMA: Fix netdev tracker in ib_device_set_netdev (git-fixes) - RDMA/cache: Release GID table even if leak is detected (git-fixes) - RDMA/device: Return error earlier if port in not valid (git-fixes) - RDMA/hns: Check atomic wr length (git-fixes) - RDMA/hns: Fix insufficient extend DB for VFs. (git-fixes) - RDMA/hns: Fix mbx timing out before CMD execution is completed (git-fixes) - RDMA/hns: Fix missing pagesize and alignment check in FRMR (git-fixes) - RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes) - RDMA/hns: Fix soft lockup under heavy CEQE load (git-fixes) - RDMA/hns: Fix undifined behavior caused by invalid max_sge (git-fixes) - RDMA/hns: Fix unmatch exception handling when init eq table fails (git-fixes) - RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes) - RDMA/mana_ib: Use virtual address in dma regions for MRs (git-fixes). - RDMA/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes) - RDMA/mlx4: Fix truncated output warning in mad.c (git-fixes) - RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes) - RDMA/rxe: Do not set BTH_ACK_MASK for UC or UD QPs (git-fixes) - reiserfs: fix uninit-value in comp_keys (git-fixes). - rtc: nct3018y: fix possible NULL dereference (stable-fixes). - s390/cpum_cf: Fix endless loop in CF_DIAG event stop (git-fixes bsc#1229171). - s390/dasd: fix error checks in dasd_copy_pair_store() (git-fixes bsc#1229173). - s390/dasd: fix error recovery leading to data corruption on ESE devices (git-fixes bsc#1229452). - s390/pci: Add missing virt_to_phys() for directed DIBV (git-fixes bsc#1229174). - s390/pci: Allow allocation of more than 1 MSI interrupt (git-fixes bsc#1229172). - s390/pci: Refactor arch_setup_msi_irqs() (git-fixes bsc#1229172). - s390/pkey: harmonize pkey s390 debug feature calls (bsc#1228720). - s390/pkey: introduce dynamic debugging for pkey (bsc#1228720). - s390/sclp: Prevent release of buffer in I/O (git-fixes bsc#1229169). - s390/uv: Panic for set and remove shared access UVC errors (git-fixes bsc#1229170). - samples/bpf: syscall_tp_user: Fix array out-of-bound access (git-fixes). - samples/bpf: syscall_tp_user: Rename num_progs into nr_tests (git-fixes). - sbitmap: use READ_ONCE to access map->word (stable-fixes). - scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (bsc#1228857). - scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (bsc#1228857). - scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (bsc#1228857). - scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (bsc#1228857). - scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (bsc#1228857). - scsi: lpfc: Relax PRLI issue conditions after GID_FT response (bsc#1228857). - scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (bsc#1228857). - scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857). - scsi: qla2xxx: Avoid possible run-time warning with long model_num (bsc#1228850). - scsi: qla2xxx: Complete command early within lock (bsc#1228850). - scsi: qla2xxx: Convert comma to semicolon (bsc#1228850). - scsi: qla2xxx: Drop driver owner assignment (bsc#1228850). - scsi: qla2xxx: During vport delete send async logout explicitly (bsc#1228850). - scsi: qla2xxx: Fix debugfs output for fw_resource_count (bsc#1228850). - scsi: qla2xxx: Fix flash read failure (bsc#1228850). - scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850). - scsi: qla2xxx: Fix optrom version displayed in FDMI (bsc#1228850). - scsi: qla2xxx: Indent help text (bsc#1228850). - scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850). - scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple' (bsc#1228850). - scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (bsc#1228850). - scsi: qla2xxx: Unable to act on RSCN for port online (bsc#1228850). - scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850). - scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850). - scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850). - selftest/bpf: Add map_in_maps with BPF_MAP_TYPE_PERF_EVENT_ARRAY values (git-fixes). - selftests/bpf: Add a test to verify previous stacksafe() fix (bsc#1225903). - selftests/bpf: Add assert for user stacks in test_task_stack (git-fixes). - selftests/bpf: Add netkit to tc_redirect selftest (git-fixes). - selftests/bpf: De-veth-ize the tc_redirect test case (git-fixes). - selftests/bpf: Disable IPv6 for lwt_redirect test (git-fixes). - selftests/bpf: fix bpf_loop_bench for new callback verification scheme (git-fixes). - selftests/bpf: fix compiler warnings in RELEASE=1 mode (git-fixes). - selftests/bpf: Fix erroneous bitmask operation (git-fixes). - selftests/bpf: Fix issues in setup_classid_environment() (git-fixes). - selftests/bpf: Fix potential premature unload in bpf_testmod (git-fixes). - selftests/bpf: Fix pyperf180 compilation failure with clang18 (git-fixes). - selftests/bpf: fix RELEASE=1 build for tc_opts (git-fixes). - selftests/bpf: Fix the flaky tc_redirect_dtime test (git-fixes). - selftests/bpf: Fix up xdp bonding test wrt feature flags (git-fixes). - selftests/bpf: Make linked_list failure test more robust (git-fixes). - selftests/bpf: Relax time_tai test for equal timestamps in tai_forward (git-fixes). - selftests/bpf: satisfy compiler by having explicit return in btf test (git-fixes). - selftests/bpf: Skip module_fentry_shadow test when bpf_testmod is not available (git-fixes). - selftests/bpf: Wait for the netstamp_needed_key static key to be turned on (git-fixes). - serial: core: check uartclk for zero to avoid divide by zero (stable-fixes). - soc: qcom: cmd-db: Map shared memory as WC, not WB (git-fixes). - soc: qcom: pmic_glink: Actually communicate when remote goes down (git-fixes). - soundwire: stream: fix programming slave ports for non-continous port maps (git-fixes). - spi: Add empty versions of ACPI functions (stable-fixes). - spi: microchip-core: fix init function not setting the master and motorola modes (git-fixes). - spi: microchip-core: switch to use modern name (stable-fixes). - spi: spi-fsl-lpspi: Fix scldiv calculation (git-fixes). - spi: spidev: Add missing spi_device_id for bh2228fv (git-fixes). - Squashfs: fix variable overflow triggered by sysbot (git-fixes). - squashfs: squashfs_read_data need to check if the length is 0 (git-fixes). - ssb: Fix division by zero issue in ssb_calc_clock_rate (stable-fixes). - staging: iio: resolver: ad2s1210: fix use before initialization (stable-fixes). - staging: ks7010: disable bh on tx_dev_lock (stable-fixes). - string.h: Introduce memtostr() and memtostr_pad() (bsc#1228849). - SUNRPC: add a missing rpc_stat for TCP TLS (git-fixes). - sunrpc: add a struct rpc_stats arg to rpc_create_args (git-fixes). - SUNRPC: Fix a race to wake a sync task (git-fixes). - swiotlb: do not set total_used to 0 in swiotlb_create_debugfs_files() (git-fixes). - swiotlb: fix swiotlb_bounce() to do partial sync's correctly (git-fixes). - syscalls: fix compat_sys_io_pgetevents_time64 usage (git-fixes). - thermal: bcm2835: Convert to platform remove callback returning void (stable-fixes). - thermal/drivers/broadcom: Fix race between removal and clock disable (git-fixes). - thunderbolt: Mark XDomain as unplugged when router is removed (stable-fixes). - tools/perf: Fix perf bench epoll to enable the run when some CPU's are offline (bsc#1227747). - tools/perf: Fix perf bench futex to enable the run when some CPU's are offline (bsc#1227747). - tools/perf: Fix timing issue with parallel threads in perf bench wake-up-parallel (bsc#1227747). - tools/resolve_btfids: fix build with musl libc (git-fixes). - tools/resolve_btfids: Fix comparison of distinct pointer types warning in resolve_btfids (git-fixes). - tools/resolve_btfids: Fix cross-compilation to non-host endianness (git-fixes). - tools/resolve_btfids: Refactor set sorting with types from btf_ids.h (git-fixes). - trace/pid_list: Change gfp flags in pid_list_fill_irq() (git-fixes). - tracing: Return from tracing_buffers_read() if the file has been closed (bsc#1229136 git-fixes). - tty: atmel_serial: use the correct RTS flag (git-fixes). - tty: serial: fsl_lpuart: mark last busy before uart_add_one_port (git-fixes). - usb: cdnsp: fix for Link TRB with TC (git-fixes). - usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function (git-fixes). - usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() (git-fixes). - usb: dwc3: core: Skip setting event buffers for host only controllers (stable-fixes). - usb: dwc3: omap: add missing depopulate in probe error path (git-fixes). - usb: dwc3: st: add missing depopulate in probe error path (git-fixes). - usb: dwc3: st: fix probed platform device ref count on probe error path (git-fixes). - usb: gadget: core: Check for unset descriptor (git-fixes). - usb: gadget: fsl: Increase size of name buffer for endpoints (stable-fixes). - usb: gadget: u_audio: Check return codes from usb_ep_enable and config_ep_by_speed (git-fixes). - usb: gadget: u_serial: Set start_delayed during suspend (git-fixes). - usb: gadget: uvc: cleanup request when not in correct state (stable-fixes). - USB: serial: debug: do not echo input by default (stable-fixes). - usb: typec: fsa4480: add support for Audio Accessory Mode (git-fixes). - usb: typec: fsa4480: Add support to swap SBU orientation (git-fixes). - usb: typec: fsa4480: Check if the chip is really there (git-fixes). - usb: typec: fsa4480: Relax CHIP_ID check (git-fixes). - usb: typec: fsa4480: rework mux & switch setup to handle more states (git-fixes). - usb: vhci-hcd: Do not drop references before new references are gained (stable-fixes). - vfio/pci: fix potential memory leak in vfio_intx_enable() (git-fixes). - vhost-scsi: Handle vhost_vq_work_queue failures for events (git-fixes). - vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (git-fixes). - vhost: Release worker mutex during flushes (git-fixes). - vhost: Use virtqueue mutex for swapping worker (git-fixes). - vhost/vsock: always initialize seqpacket_allow (git-fixes). - virt: guest_memfd: fix reference leak on hwpoisoned page (git-fixes). - virtio_net: use u64_stats_t infra to avoid data-races (git-fixes). - virtio-crypto: handle config changed by work queue (git-fixes). - virtio: reenable config if freezing device failed (git-fixes). - virtiofs: forbid newlines in tags (bsc#1229940). - wifi: ath12k: fix memory leak in ath12k_dp_rx_peer_frag_setup() (stable-fixes). - wifi: ath12k: fix soft lockup on suspend (git-fixes). - wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion (git-fixes). - wifi: cfg80211: fix reporting failed MLO links status with cfg80211_connect_done (git-fixes). - wifi: iwlwifi: fw: fix wgds rev 3 exact size (git-fixes). - wifi: mac80211: use monitor sdata with driver only if desired (git-fixes). - wifi: mwifiex: duplicate static structs used in driver instances (git-fixes). - wifi: nl80211: disallow setting special AP channel widths (stable-fixes). - wifi: nl80211: do not give key data to userspace (stable-fixes). - wifi: rtw88: usb: Fix disconnection after beacon loss (stable-fixes). - wifi: wfx: repair open network AP mode (git-fixes). - workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454). - workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454). - x86/asm: Use %c/%n instead of %P operand modifier in asm templates (git-fixes). - x86/entry/64: Remove obsolete comment on tracing vs. SYSRET (git-fixes). - x86/mm: Fix pti_clone_entry_text() for i386 (git-fixes). - x86/mm: Fix pti_clone_pgtable() alignment assumption (git-fixes). - x86/mtrr: Check if fixed MTRRs exist before saving them (git-fixes). - x86/numa: Fix SRAT lookup of CFMWS ranges with numa_fill_memblks() (git-fixes). - x86/numa: Fix the address overlap check in numa_fill_memblks() (git-fixes). - x86/numa: Fix the sort compare func used in numa_fill_memblks() (git-fixes). - x86/numa: Introduce numa_fill_memblks() (git-fixes). - x86/pci: Skip early E820 check for ECAM region (git-fixes). - x86/xen: Convert comma to semicolon (git-fixes). - xfs: allow cross-linking special files without project quota (git-fixes). - xfs: allow symlinks with short remote targets (bsc#1229160). - xfs: allow unlinked symlinks and dirs with zero size (git-fixes). - xfs: attr forks require attr, not attr2 (git-fixes). - xfs: convert comma to semicolon (git-fixes). - xfs: do not use current->journal_info (git-fixes). - xfs: Fix missing interval for missing_owner in xfs fsmap (git-fixes). - xfs: Fix the owner setting issue for rmap query in xfs fsmap (git-fixes). - xfs: fix unlink vs cluster buffer instantiation race (git-fixes). - xfs: honor init_xattrs in xfs_init_new_inode for !ATTR fs (git-fixes). - xfs: journal geometry is not properly bounds checked (git-fixes). - xfs: match lock mode in xfs_buffered_write_iomap_begin() (git-fixes). - xfs: require XFS_SB_FEAT_INCOMPAT_LOG_XATTRS for attr log intent item recovery (git-fixes). - xfs: upgrade the extent counters in xfs_reflink_end_cow_extent later (git-fixes). - xfs: use consistent uid/gid when grabbing dquots for inodes (git-fixes). - xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code (git-fixes). - xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (git-fixes). - xprtrdma: Fix rpcrdma_reqs_reset() (git-fixes). Important SUSE bug 1012628 SUSE bug 1193454 SUSE bug 1194869 SUSE bug 1205462 SUSE bug 1208783 SUSE bug 1213123 SUSE bug 1214285 SUSE bug 1215199 SUSE bug 1220066 SUSE bug 1220252 SUSE bug 1220877 SUSE bug 1221326 SUSE bug 1221630 SUSE bug 1221645 SUSE bug 1221652 SUSE bug 1221857 SUSE bug 1222254 SUSE bug 1222335 SUSE bug 1222350 SUSE bug 1222364 SUSE bug 1222372 SUSE bug 1222387 SUSE bug 1222433 SUSE bug 1222434 SUSE bug 1222463 SUSE bug 1222625 SUSE bug 1222633 SUSE bug 1222634 SUSE bug 1222808 SUSE bug 1222967 SUSE bug 1222973 SUSE bug 1223053 SUSE bug 1223074 SUSE bug 1223191 SUSE bug 1223395 SUSE bug 1223635 SUSE bug 1223720 SUSE bug 1223731 SUSE bug 1223742 SUSE bug 1223763 SUSE bug 1223767 SUSE bug 1223777 SUSE bug 1223803 SUSE bug 1224105 SUSE bug 1224415 SUSE bug 1224485 SUSE bug 1224496 SUSE bug 1224510 SUSE bug 1224535 SUSE bug 1224631 SUSE bug 1224636 SUSE bug 1224690 SUSE bug 1224694 SUSE bug 1224700 SUSE bug 1224711 SUSE bug 1225475 SUSE bug 1225582 SUSE bug 1225607 SUSE bug 1225717 SUSE bug 1225718 SUSE bug 1225744 SUSE bug 1225745 SUSE bug 1225751 SUSE bug 1225814 SUSE bug 1225832 SUSE bug 1225838 SUSE bug 1225903 SUSE bug 1226031 SUSE bug 1226127 SUSE bug 1226502 SUSE bug 1226530 SUSE bug 1226588 SUSE bug 1226604 SUSE bug 1226743 SUSE bug 1226751 SUSE bug 1226765 SUSE bug 1226798 SUSE bug 1226801 SUSE bug 1226834 SUSE bug 1226874 SUSE bug 1226885 SUSE bug 1226920 SUSE bug 1227149 SUSE bug 1227182 SUSE bug 1227383 SUSE bug 1227437 SUSE bug 1227492 SUSE bug 1227493 SUSE bug 1227494 SUSE bug 1227618 SUSE bug 1227620 SUSE bug 1227623 SUSE bug 1227627 SUSE bug 1227634 SUSE bug 1227706 SUSE bug 1227722 SUSE bug 1227724 SUSE bug 1227725 SUSE bug 1227728 SUSE bug 1227729 SUSE bug 1227732 SUSE bug 1227733 SUSE bug 1227734 SUSE bug 1227747 SUSE bug 1227750 SUSE bug 1227754 SUSE bug 1227758 SUSE bug 1227760 SUSE bug 1227761 SUSE bug 1227764 SUSE bug 1227766 SUSE bug 1227770 SUSE bug 1227771 SUSE bug 1227772 SUSE bug 1227774 SUSE bug 1227781 SUSE bug 1227784 SUSE bug 1227785 SUSE bug 1227787 SUSE bug 1227790 SUSE bug 1227791 SUSE bug 1227792 SUSE bug 1227796 SUSE bug 1227798 SUSE bug 1227799 SUSE bug 1227802 SUSE bug 1227808 SUSE bug 1227810 SUSE bug 1227811 SUSE bug 1227812 SUSE bug 1227815 SUSE bug 1227816 SUSE bug 1227818 SUSE bug 1227820 SUSE bug 1227823 SUSE bug 1227824 SUSE bug 1227826 SUSE bug 1227828 SUSE bug 1227829 SUSE bug 1227830 SUSE bug 1227832 SUSE bug 1227833 SUSE bug 1227834 SUSE bug 1227839 SUSE bug 1227840 SUSE bug 1227846 SUSE bug 1227849 SUSE bug 1227851 SUSE bug 1227853 SUSE bug 1227863 SUSE bug 1227864 SUSE bug 1227865 SUSE bug 1227867 SUSE bug 1227869 SUSE bug 1227870 SUSE bug 1227883 SUSE bug 1227884 SUSE bug 1227891 SUSE bug 1227893 SUSE bug 1227929 SUSE bug 1227950 SUSE bug 1227957 SUSE bug 1227981 SUSE bug 1228020 SUSE bug 1228021 SUSE bug 1228114 SUSE bug 1228192 SUSE bug 1228195 SUSE bug 1228202 SUSE bug 1228235 SUSE bug 1228236 SUSE bug 1228237 SUSE bug 1228247 SUSE bug 1228321 SUSE bug 1228409 SUSE bug 1228410 SUSE bug 1228426 SUSE bug 1228427 SUSE bug 1228429 SUSE bug 1228446 SUSE bug 1228447 SUSE bug 1228449 SUSE bug 1228450 SUSE bug 1228452 SUSE bug 1228456 SUSE bug 1228457 SUSE bug 1228458 SUSE bug 1228459 SUSE bug 1228460 SUSE bug 1228462 SUSE bug 1228463 SUSE bug 1228466 SUSE bug 1228467 SUSE bug 1228468 SUSE bug 1228469 SUSE bug 1228470 SUSE bug 1228472 SUSE bug 1228479 SUSE bug 1228480 SUSE bug 1228481 SUSE bug 1228482 SUSE bug 1228483 SUSE bug 1228484 SUSE bug 1228485 SUSE bug 1228486 SUSE bug 1228487 SUSE bug 1228489 SUSE bug 1228491 SUSE bug 1228492 SUSE bug 1228493 SUSE bug 1228494 SUSE bug 1228495 SUSE bug 1228496 SUSE bug 1228499 SUSE bug 1228500 SUSE bug 1228501 SUSE bug 1228502 SUSE bug 1228503 SUSE bug 1228505 SUSE bug 1228508 SUSE bug 1228509 SUSE bug 1228510 SUSE bug 1228511 SUSE bug 1228513 SUSE bug 1228515 SUSE bug 1228516 SUSE bug 1228518 SUSE bug 1228520 SUSE bug 1228525 SUSE bug 1228527 SUSE bug 1228530 SUSE bug 1228531 SUSE bug 1228539 SUSE bug 1228561 SUSE bug 1228563 SUSE bug 1228564 SUSE bug 1228565 SUSE bug 1228567 SUSE bug 1228568 SUSE bug 1228572 SUSE bug 1228576 SUSE bug 1228579 SUSE bug 1228580 SUSE bug 1228581 SUSE bug 1228582 SUSE bug 1228584 SUSE bug 1228586 SUSE bug 1228588 SUSE bug 1228590 SUSE bug 1228591 SUSE bug 1228599 SUSE bug 1228615 SUSE bug 1228616 SUSE bug 1228617 SUSE bug 1228625 SUSE bug 1228626 SUSE bug 1228633 SUSE bug 1228635 SUSE bug 1228636 SUSE bug 1228640 SUSE bug 1228643 SUSE bug 1228644 SUSE bug 1228646 SUSE bug 1228649 SUSE bug 1228650 SUSE bug 1228654 SUSE bug 1228655 SUSE bug 1228656 SUSE bug 1228658 SUSE bug 1228660 SUSE bug 1228662 SUSE bug 1228665 SUSE bug 1228666 SUSE bug 1228667 SUSE bug 1228672 SUSE bug 1228673 SUSE bug 1228674 SUSE bug 1228677 SUSE bug 1228680 SUSE bug 1228687 SUSE bug 1228705 SUSE bug 1228706 SUSE bug 1228707 SUSE bug 1228708 SUSE bug 1228709 SUSE bug 1228710 SUSE bug 1228718 SUSE bug 1228720 SUSE bug 1228721 SUSE bug 1228722 SUSE bug 1228723 SUSE bug 1228724 SUSE bug 1228726 SUSE bug 1228727 SUSE bug 1228733 SUSE bug 1228737 SUSE bug 1228743 SUSE bug 1228748 SUSE bug 1228754 SUSE bug 1228756 SUSE bug 1228757 SUSE bug 1228758 SUSE bug 1228764 SUSE bug 1228766 SUSE bug 1228779 SUSE bug 1228801 SUSE bug 1228849 SUSE bug 1228850 SUSE bug 1228857 SUSE bug 1228959 SUSE bug 1228964 SUSE bug 1228966 SUSE bug 1228967 SUSE bug 1228973 SUSE bug 1228977 SUSE bug 1228978 SUSE bug 1228979 SUSE bug 1228986 SUSE bug 1228988 SUSE bug 1228989 SUSE bug 1228991 SUSE bug 1228992 SUSE bug 1229005 SUSE bug 1229024 SUSE bug 1229042 SUSE bug 1229045 SUSE bug 1229046 SUSE bug 1229054 SUSE bug 1229056 SUSE bug 1229086 SUSE bug 1229134 SUSE bug 1229136 SUSE bug 1229154 SUSE bug 1229156 SUSE bug 1229160 SUSE bug 1229167 SUSE bug 1229168 SUSE bug 1229169 SUSE bug 1229170 SUSE bug 1229171 SUSE bug 1229172 SUSE bug 1229173 SUSE bug 1229174 SUSE bug 1229239 SUSE bug 1229240 SUSE bug 1229241 SUSE bug 1229243 SUSE bug 1229244 SUSE bug 1229245 SUSE bug 1229246 SUSE bug 1229247 SUSE bug 1229248 SUSE bug 1229249 SUSE bug 1229250 SUSE bug 1229251 SUSE bug 1229252 SUSE bug 1229253 SUSE bug 1229254 SUSE bug 1229255 SUSE bug 1229256 SUSE bug 1229287 SUSE bug 1229290 SUSE bug 1229291 SUSE bug 1229292 SUSE bug 1229294 SUSE bug 1229296 SUSE bug 1229297 SUSE bug 1229298 SUSE bug 1229299 SUSE bug 1229301 SUSE bug 1229303 SUSE bug 1229304 SUSE bug 1229305 SUSE bug 1229307 SUSE bug 1229309 SUSE bug 1229312 SUSE bug 1229313 SUSE bug 1229314 SUSE bug 1229315 SUSE bug 1229316 SUSE bug 1229317 SUSE bug 1229318 SUSE bug 1229319 SUSE bug 1229320 SUSE bug 1229327 SUSE bug 1229341 SUSE bug 1229342 SUSE bug 1229344 SUSE bug 1229345 SUSE bug 1229346 SUSE bug 1229347 SUSE bug 1229349 SUSE bug 1229350 SUSE bug 1229351 SUSE bug 1229353 SUSE bug 1229354 SUSE bug 1229355 SUSE bug 1229356 SUSE bug 1229357 SUSE bug 1229358 SUSE bug 1229359 SUSE bug 1229360 SUSE bug 1229365 SUSE bug 1229366 SUSE bug 1229369 SUSE bug 1229370 SUSE bug 1229373 SUSE bug 1229374 SUSE bug 1229379 SUSE bug 1229381 SUSE bug 1229382 SUSE bug 1229383 SUSE bug 1229386 SUSE bug 1229388 SUSE bug 1229390 SUSE bug 1229391 SUSE bug 1229392 SUSE bug 1229395 SUSE bug 1229398 SUSE bug 1229399 SUSE bug 1229400 SUSE bug 1229402 SUSE bug 1229403 SUSE bug 1229404 SUSE bug 1229407 SUSE bug 1229409 SUSE bug 1229410 SUSE bug 1229411 SUSE bug 1229413 SUSE bug 1229414 SUSE bug 1229417 SUSE bug 1229444 SUSE bug 1229451 SUSE bug 1229452 SUSE bug 1229455 SUSE bug 1229456 SUSE bug 1229480 SUSE bug 1229481 SUSE bug 1229482 SUSE bug 1229484 SUSE bug 1229485 SUSE bug 1229486 SUSE bug 1229487 SUSE bug 1229488 SUSE bug 1229489 SUSE bug 1229490 SUSE bug 1229493 SUSE bug 1229495 SUSE bug 1229496 SUSE bug 1229497 SUSE bug 1229500 SUSE bug 1229503 SUSE bug 1229707 SUSE bug 1229739 SUSE bug 1229743 SUSE bug 1229746 SUSE bug 1229747 SUSE bug 1229752 SUSE bug 1229754 SUSE bug 1229755 SUSE bug 1229756 SUSE bug 1229759 SUSE bug 1229761 SUSE bug 1229767 SUSE bug 1229781 SUSE bug 1229784 SUSE bug 1229785 SUSE bug 1229787 SUSE bug 1229788 SUSE bug 1229789 SUSE bug 1229792 SUSE bug 1229820 SUSE bug 1229827 SUSE bug 1229830 SUSE bug 1229837 SUSE bug 1229940 SUSE bug 1230056 CVE-2023-52489 at SUSE CVE-2023-52489 at NVD CVE-2023-52581 at SUSE CVE-2023-52581 at NVD CVE-2023-52668 at SUSE CVE-2023-52668 at NVD CVE-2023-52688 at SUSE CVE-2023-52688 at NVD CVE-2023-52735 at SUSE CVE-2023-52735 at NVD CVE-2023-52859 at SUSE CVE-2023-52859 at NVD CVE-2023-52885 at SUSE CVE-2023-52885 at NVD CVE-2023-52886 at SUSE CVE-2023-52886 at NVD CVE-2023-52887 at SUSE CVE-2023-52887 at NVD CVE-2023-52889 at SUSE CVE-2023-52889 at NVD CVE-2024-26590 at SUSE CVE-2024-26590 at NVD CVE-2024-26631 at SUSE CVE-2024-26631 at NVD CVE-2024-26637 at SUSE CVE-2024-26637 at NVD CVE-2024-26668 at SUSE CVE-2024-26668 at NVD CVE-2024-26669 at SUSE CVE-2024-26669 at NVD CVE-2024-26677 at SUSE CVE-2024-26677 at NVD CVE-2024-26682 at SUSE CVE-2024-26682 at NVD CVE-2024-26683 at SUSE CVE-2024-26683 at NVD CVE-2024-26691 at SUSE CVE-2024-26691 at NVD CVE-2024-26735 at SUSE CVE-2024-26735 at NVD CVE-2024-26808 at SUSE CVE-2024-26808 at NVD CVE-2024-26809 at SUSE CVE-2024-26809 at NVD CVE-2024-26812 at SUSE CVE-2024-26812 at NVD CVE-2024-26835 at SUSE CVE-2024-26835 at NVD CVE-2024-26837 at SUSE CVE-2024-26837 at NVD CVE-2024-26849 at SUSE CVE-2024-26849 at NVD CVE-2024-26851 at SUSE CVE-2024-26851 at NVD CVE-2024-26889 at SUSE CVE-2024-26889 at NVD CVE-2024-26920 at SUSE CVE-2024-26920 at NVD CVE-2024-26944 at SUSE CVE-2024-26944 at NVD CVE-2024-26976 at SUSE CVE-2024-26976 at NVD CVE-2024-27010 at SUSE CVE-2024-27010 at NVD CVE-2024-27011 at SUSE CVE-2024-27011 at NVD CVE-2024-27024 at SUSE CVE-2024-27024 at NVD CVE-2024-27049 at SUSE CVE-2024-27049 at NVD CVE-2024-27050 at SUSE CVE-2024-27050 at NVD CVE-2024-27079 at SUSE CVE-2024-27079 at NVD CVE-2024-27403 at SUSE CVE-2024-27403 at NVD CVE-2024-27433 at SUSE CVE-2024-27433 at NVD CVE-2024-27437 at SUSE CVE-2024-27437 at NVD CVE-2024-31076 at SUSE CVE-2024-31076 at NVD CVE-2024-35854 at SUSE CVE-2024-35854 at NVD CVE-2024-35855 at SUSE CVE-2024-35855 at NVD CVE-2024-35897 at SUSE CVE-2024-35897 at NVD CVE-2024-35902 at SUSE CVE-2024-35902 at NVD CVE-2024-35913 at SUSE CVE-2024-35913 at NVD CVE-2024-35939 at SUSE CVE-2024-35939 at NVD CVE-2024-35949 at SUSE CVE-2024-35949 at NVD CVE-2024-36270 at SUSE CVE-2024-36270 at NVD CVE-2024-36286 at SUSE CVE-2024-36286 at NVD CVE-2024-36288 at SUSE CVE-2024-36288 at NVD CVE-2024-36489 at SUSE CVE-2024-36489 at NVD CVE-2024-36881 at SUSE CVE-2024-36881 at NVD CVE-2024-36907 at SUSE CVE-2024-36907 at NVD CVE-2024-36909 at SUSE CVE-2024-36909 at NVD CVE-2024-36910 at SUSE CVE-2024-36910 at NVD CVE-2024-36911 at SUSE CVE-2024-36911 at NVD CVE-2024-36929 at SUSE CVE-2024-36929 at NVD CVE-2024-36933 at SUSE CVE-2024-36933 at NVD CVE-2024-36939 at SUSE CVE-2024-36939 at NVD CVE-2024-36970 at SUSE CVE-2024-36970 at NVD CVE-2024-36979 at SUSE CVE-2024-36979 at NVD CVE-2024-38548 at SUSE CVE-2024-38548 at NVD CVE-2024-38563 at SUSE CVE-2024-38563 at NVD CVE-2024-38609 at SUSE CVE-2024-38609 at NVD CVE-2024-38662 at SUSE CVE-2024-38662 at NVD CVE-2024-39476 at SUSE CVE-2024-39476 at NVD CVE-2024-39483 at SUSE CVE-2024-39483 at NVD CVE-2024-39484 at SUSE CVE-2024-39484 at NVD CVE-2024-39486 at SUSE CVE-2024-39486 at NVD CVE-2024-39488 at SUSE CVE-2024-39488 at NVD CVE-2024-39489 at SUSE CVE-2024-39489 at NVD CVE-2024-39491 at SUSE CVE-2024-39491 at NVD CVE-2024-39493 at SUSE CVE-2024-39493 at NVD CVE-2024-39497 at SUSE CVE-2024-39497 at NVD CVE-2024-39499 at SUSE CVE-2024-39499 at NVD CVE-2024-39500 at SUSE CVE-2024-39500 at NVD CVE-2024-39501 at SUSE CVE-2024-39501 at NVD CVE-2024-39505 at SUSE CVE-2024-39505 at NVD CVE-2024-39506 at SUSE CVE-2024-39506 at NVD CVE-2024-39508 at SUSE CVE-2024-39508 at NVD CVE-2024-39509 at SUSE CVE-2024-39509 at NVD CVE-2024-39510 at SUSE CVE-2024-39510 at NVD CVE-2024-40899 at SUSE CVE-2024-40899 at NVD CVE-2024-40900 at SUSE CVE-2024-40900 at NVD CVE-2024-40902 at SUSE CVE-2024-40902 at NVD CVE-2024-40903 at SUSE CVE-2024-40903 at NVD CVE-2024-40904 at SUSE CVE-2024-40904 at NVD CVE-2024-40905 at SUSE CVE-2024-40905 at NVD CVE-2024-40909 at SUSE CVE-2024-40909 at NVD CVE-2024-40910 at SUSE CVE-2024-40910 at NVD CVE-2024-40911 at SUSE CVE-2024-40911 at NVD CVE-2024-40912 at SUSE CVE-2024-40912 at NVD CVE-2024-40913 at SUSE CVE-2024-40913 at NVD CVE-2024-40916 at SUSE CVE-2024-40916 at NVD CVE-2024-40920 at SUSE CVE-2024-40920 at NVD CVE-2024-40921 at SUSE CVE-2024-40921 at NVD CVE-2024-40922 at SUSE CVE-2024-40922 at NVD CVE-2024-40924 at SUSE CVE-2024-40924 at NVD CVE-2024-40926 at SUSE CVE-2024-40926 at NVD CVE-2024-40927 at SUSE CVE-2024-40927 at NVD CVE-2024-40929 at SUSE CVE-2024-40929 at NVD CVE-2024-40930 at SUSE CVE-2024-40930 at NVD CVE-2024-40932 at SUSE CVE-2024-40932 at NVD CVE-2024-40934 at SUSE CVE-2024-40934 at NVD CVE-2024-40936 at SUSE CVE-2024-40936 at NVD CVE-2024-40938 at SUSE CVE-2024-40938 at NVD CVE-2024-40939 at SUSE CVE-2024-40939 at NVD CVE-2024-40941 at SUSE CVE-2024-40941 at NVD CVE-2024-40942 at SUSE CVE-2024-40942 at NVD CVE-2024-40943 at SUSE CVE-2024-40943 at NVD CVE-2024-40944 at SUSE CVE-2024-40944 at NVD CVE-2024-40945 at SUSE CVE-2024-40945 at NVD CVE-2024-40954 at SUSE CVE-2024-40954 at NVD CVE-2024-40956 at SUSE CVE-2024-40956 at NVD CVE-2024-40957 at SUSE CVE-2024-40957 at NVD CVE-2024-40958 at SUSE CVE-2024-40958 at NVD CVE-2024-40959 at SUSE CVE-2024-40959 at NVD CVE-2024-40962 at SUSE CVE-2024-40962 at NVD CVE-2024-40964 at SUSE CVE-2024-40964 at NVD CVE-2024-40967 at SUSE CVE-2024-40967 at NVD CVE-2024-40976 at SUSE CVE-2024-40976 at NVD CVE-2024-40977 at SUSE CVE-2024-40977 at NVD CVE-2024-40978 at SUSE CVE-2024-40978 at NVD CVE-2024-40981 at SUSE CVE-2024-40981 at NVD CVE-2024-40982 at SUSE CVE-2024-40982 at NVD CVE-2024-40984 at SUSE CVE-2024-40984 at NVD CVE-2024-40987 at SUSE CVE-2024-40987 at NVD CVE-2024-40988 at SUSE CVE-2024-40988 at NVD CVE-2024-40989 at SUSE CVE-2024-40989 at NVD CVE-2024-40990 at SUSE CVE-2024-40990 at NVD CVE-2024-40992 at SUSE CVE-2024-40992 at NVD CVE-2024-40994 at SUSE CVE-2024-40994 at NVD CVE-2024-40995 at SUSE CVE-2024-40995 at NVD CVE-2024-40997 at SUSE CVE-2024-40997 at NVD CVE-2024-41000 at SUSE CVE-2024-41000 at NVD CVE-2024-41001 at SUSE CVE-2024-41001 at NVD CVE-2024-41002 at SUSE CVE-2024-41002 at NVD CVE-2024-41004 at SUSE CVE-2024-41004 at NVD CVE-2024-41007 at SUSE CVE-2024-41007 at NVD CVE-2024-41009 at SUSE CVE-2024-41009 at NVD CVE-2024-41010 at SUSE CVE-2024-41010 at NVD CVE-2024-41011 at SUSE CVE-2024-41011 at NVD CVE-2024-41012 at SUSE CVE-2024-41012 at NVD CVE-2024-41015 at SUSE CVE-2024-41015 at NVD CVE-2024-41016 at SUSE CVE-2024-41016 at NVD CVE-2024-41020 at SUSE CVE-2024-41020 at NVD CVE-2024-41022 at SUSE CVE-2024-41022 at NVD CVE-2024-41024 at SUSE CVE-2024-41024 at NVD CVE-2024-41025 at SUSE CVE-2024-41025 at NVD CVE-2024-41028 at SUSE CVE-2024-41028 at NVD CVE-2024-41032 at SUSE CVE-2024-41032 at NVD CVE-2024-41035 at SUSE CVE-2024-41035 at NVD CVE-2024-41036 at SUSE CVE-2024-41036 at NVD CVE-2024-41037 at SUSE CVE-2024-41037 at NVD CVE-2024-41038 at SUSE CVE-2024-41038 at NVD CVE-2024-41039 at SUSE CVE-2024-41039 at NVD CVE-2024-41040 at SUSE CVE-2024-41040 at NVD CVE-2024-41041 at SUSE CVE-2024-41041 at NVD CVE-2024-41044 at SUSE CVE-2024-41044 at NVD CVE-2024-41045 at SUSE CVE-2024-41045 at NVD CVE-2024-41048 at SUSE CVE-2024-41048 at NVD CVE-2024-41049 at SUSE CVE-2024-41049 at NVD CVE-2024-41050 at SUSE CVE-2024-41050 at NVD CVE-2024-41051 at SUSE CVE-2024-41051 at NVD CVE-2024-41056 at SUSE CVE-2024-41056 at NVD CVE-2024-41057 at SUSE CVE-2024-41057 at NVD CVE-2024-41058 at SUSE CVE-2024-41058 at NVD CVE-2024-41059 at SUSE CVE-2024-41059 at NVD CVE-2024-41060 at SUSE CVE-2024-41060 at NVD CVE-2024-41061 at SUSE CVE-2024-41061 at NVD CVE-2024-41062 at SUSE CVE-2024-41062 at NVD CVE-2024-41063 at SUSE CVE-2024-41063 at NVD CVE-2024-41064 at SUSE CVE-2024-41064 at NVD CVE-2024-41065 at SUSE CVE-2024-41065 at NVD CVE-2024-41066 at SUSE CVE-2024-41066 at NVD CVE-2024-41068 at SUSE CVE-2024-41068 at NVD CVE-2024-41069 at SUSE CVE-2024-41069 at NVD CVE-2024-41070 at SUSE CVE-2024-41070 at NVD CVE-2024-41071 at SUSE CVE-2024-41071 at NVD CVE-2024-41072 at SUSE CVE-2024-41072 at NVD CVE-2024-41073 at SUSE CVE-2024-41073 at NVD CVE-2024-41074 at SUSE CVE-2024-41074 at NVD CVE-2024-41075 at SUSE CVE-2024-41075 at NVD CVE-2024-41076 at SUSE CVE-2024-41076 at NVD CVE-2024-41078 at SUSE CVE-2024-41078 at NVD CVE-2024-41079 at SUSE CVE-2024-41079 at NVD CVE-2024-41080 at SUSE CVE-2024-41080 at NVD CVE-2024-41081 at SUSE CVE-2024-41081 at NVD CVE-2024-41084 at SUSE CVE-2024-41084 at NVD CVE-2024-41087 at SUSE CVE-2024-41087 at NVD CVE-2024-41088 at SUSE CVE-2024-41088 at NVD CVE-2024-41089 at SUSE CVE-2024-41089 at NVD CVE-2024-41092 at SUSE CVE-2024-41092 at NVD CVE-2024-41093 at SUSE CVE-2024-41093 at NVD CVE-2024-41094 at SUSE CVE-2024-41094 at NVD CVE-2024-41095 at SUSE CVE-2024-41095 at NVD CVE-2024-41096 at SUSE CVE-2024-41096 at NVD CVE-2024-41097 at SUSE CVE-2024-41097 at NVD CVE-2024-41098 at SUSE CVE-2024-41098 at NVD CVE-2024-42064 at SUSE CVE-2024-42064 at NVD CVE-2024-42069 at SUSE CVE-2024-42069 at NVD CVE-2024-42070 at SUSE CVE-2024-42070 at NVD CVE-2024-42073 at SUSE CVE-2024-42073 at NVD CVE-2024-42074 at SUSE CVE-2024-42074 at NVD CVE-2024-42076 at SUSE CVE-2024-42076 at NVD CVE-2024-42077 at SUSE CVE-2024-42077 at NVD CVE-2024-42079 at SUSE CVE-2024-42079 at NVD CVE-2024-42080 at SUSE CVE-2024-42080 at NVD CVE-2024-42082 at SUSE CVE-2024-42082 at NVD CVE-2024-42085 at SUSE CVE-2024-42085 at NVD CVE-2024-42086 at SUSE CVE-2024-42086 at NVD CVE-2024-42087 at SUSE CVE-2024-42087 at NVD CVE-2024-42089 at SUSE CVE-2024-42089 at NVD CVE-2024-42090 at SUSE CVE-2024-42090 at NVD CVE-2024-42092 at SUSE CVE-2024-42092 at NVD CVE-2024-42093 at SUSE CVE-2024-42093 at NVD CVE-2024-42095 at SUSE CVE-2024-42095 at NVD CVE-2024-42096 at SUSE CVE-2024-42096 at NVD CVE-2024-42097 at SUSE CVE-2024-42097 at NVD CVE-2024-42098 at SUSE CVE-2024-42098 at NVD CVE-2024-42101 at SUSE CVE-2024-42101 at NVD CVE-2024-42104 at SUSE CVE-2024-42104 at NVD CVE-2024-42105 at SUSE CVE-2024-42105 at NVD CVE-2024-42106 at SUSE CVE-2024-42106 at NVD CVE-2024-42107 at SUSE CVE-2024-42107 at NVD CVE-2024-42109 at SUSE CVE-2024-42109 at NVD CVE-2024-42110 at SUSE CVE-2024-42110 at NVD CVE-2024-42113 at SUSE CVE-2024-42113 at NVD CVE-2024-42114 at SUSE CVE-2024-42114 at NVD CVE-2024-42115 at SUSE CVE-2024-42115 at NVD CVE-2024-42117 at SUSE CVE-2024-42117 at NVD CVE-2024-42119 at SUSE CVE-2024-42119 at NVD CVE-2024-42120 at SUSE CVE-2024-42120 at NVD CVE-2024-42121 at SUSE CVE-2024-42121 at NVD CVE-2024-42122 at SUSE CVE-2024-42122 at NVD CVE-2024-42124 at SUSE CVE-2024-42124 at NVD CVE-2024-42125 at SUSE CVE-2024-42125 at NVD CVE-2024-42126 at SUSE CVE-2024-42126 at NVD CVE-2024-42127 at SUSE CVE-2024-42127 at NVD CVE-2024-42130 at SUSE CVE-2024-42130 at NVD CVE-2024-42131 at SUSE CVE-2024-42131 at NVD CVE-2024-42132 at SUSE CVE-2024-42132 at NVD CVE-2024-42133 at SUSE CVE-2024-42133 at NVD CVE-2024-42136 at SUSE CVE-2024-42136 at NVD CVE-2024-42137 at SUSE CVE-2024-42137 at NVD CVE-2024-42138 at SUSE CVE-2024-42138 at NVD CVE-2024-42139 at SUSE CVE-2024-42139 at NVD CVE-2024-42141 at SUSE CVE-2024-42141 at NVD CVE-2024-42142 at SUSE CVE-2024-42142 at NVD CVE-2024-42143 at SUSE CVE-2024-42143 at NVD CVE-2024-42144 at SUSE CVE-2024-42144 at NVD CVE-2024-42145 at SUSE CVE-2024-42145 at NVD CVE-2024-42147 at SUSE CVE-2024-42147 at NVD CVE-2024-42148 at SUSE CVE-2024-42148 at NVD CVE-2024-42152 at SUSE CVE-2024-42152 at NVD CVE-2024-42153 at SUSE CVE-2024-42153 at NVD CVE-2024-42155 at SUSE CVE-2024-42155 at NVD CVE-2024-42156 at SUSE CVE-2024-42156 at NVD CVE-2024-42157 at SUSE CVE-2024-42157 at NVD CVE-2024-42158 at SUSE CVE-2024-42158 at NVD CVE-2024-42159 at SUSE CVE-2024-42159 at NVD CVE-2024-42161 at SUSE CVE-2024-42161 at NVD CVE-2024-42162 at SUSE CVE-2024-42162 at NVD CVE-2024-42223 at SUSE CVE-2024-42223 at NVD CVE-2024-42224 at SUSE CVE-2024-42224 at NVD CVE-2024-42225 at SUSE CVE-2024-42225 at NVD CVE-2024-42226 at SUSE CVE-2024-42226 at NVD CVE-2024-42227 at SUSE CVE-2024-42227 at NVD CVE-2024-42228 at SUSE CVE-2024-42228 at NVD CVE-2024-42229 at SUSE CVE-2024-42229 at NVD CVE-2024-42230 at SUSE CVE-2024-42230 at NVD CVE-2024-42232 at SUSE CVE-2024-42232 at NVD CVE-2024-42236 at SUSE CVE-2024-42236 at NVD CVE-2024-42237 at SUSE CVE-2024-42237 at NVD CVE-2024-42238 at SUSE CVE-2024-42238 at NVD CVE-2024-42239 at SUSE CVE-2024-42239 at NVD CVE-2024-42240 at SUSE CVE-2024-42240 at NVD CVE-2024-42241 at SUSE CVE-2024-42241 at NVD CVE-2024-42244 at SUSE CVE-2024-42244 at NVD CVE-2024-42245 at SUSE CVE-2024-42245 at NVD CVE-2024-42246 at SUSE CVE-2024-42246 at NVD CVE-2024-42247 at SUSE CVE-2024-42247 at NVD CVE-2024-42250 at SUSE CVE-2024-42250 at NVD CVE-2024-42253 at SUSE CVE-2024-42253 at NVD CVE-2024-42259 at SUSE CVE-2024-42259 at NVD CVE-2024-42268 at SUSE CVE-2024-42268 at NVD CVE-2024-42269 at SUSE CVE-2024-42269 at NVD CVE-2024-42270 at SUSE CVE-2024-42270 at NVD CVE-2024-42271 at SUSE CVE-2024-42271 at NVD CVE-2024-42274 at SUSE CVE-2024-42274 at NVD CVE-2024-42276 at SUSE CVE-2024-42276 at NVD CVE-2024-42277 at SUSE CVE-2024-42277 at NVD CVE-2024-42278 at SUSE CVE-2024-42278 at NVD CVE-2024-42279 at SUSE CVE-2024-42279 at NVD CVE-2024-42280 at SUSE CVE-2024-42280 at NVD CVE-2024-42281 at SUSE CVE-2024-42281 at NVD CVE-2024-42283 at SUSE CVE-2024-42283 at NVD CVE-2024-42284 at SUSE CVE-2024-42284 at NVD CVE-2024-42285 at SUSE CVE-2024-42285 at NVD CVE-2024-42286 at SUSE CVE-2024-42286 at NVD CVE-2024-42287 at SUSE CVE-2024-42287 at NVD CVE-2024-42288 at SUSE CVE-2024-42288 at NVD CVE-2024-42289 at SUSE CVE-2024-42289 at NVD CVE-2024-42290 at SUSE CVE-2024-42290 at NVD CVE-2024-42291 at SUSE CVE-2024-42291 at NVD CVE-2024-42292 at SUSE CVE-2024-42292 at NVD CVE-2024-42295 at SUSE CVE-2024-42295 at NVD CVE-2024-42298 at SUSE CVE-2024-42298 at NVD CVE-2024-42301 at SUSE CVE-2024-42301 at NVD CVE-2024-42302 at SUSE CVE-2024-42302 at NVD CVE-2024-42303 at SUSE CVE-2024-42303 at NVD CVE-2024-42308 at SUSE CVE-2024-42308 at NVD CVE-2024-42309 at SUSE CVE-2024-42309 at NVD CVE-2024-42310 at SUSE CVE-2024-42310 at NVD CVE-2024-42311 at SUSE CVE-2024-42311 at NVD CVE-2024-42312 at SUSE CVE-2024-42312 at NVD CVE-2024-42313 at SUSE CVE-2024-42313 at NVD CVE-2024-42314 at SUSE CVE-2024-42314 at NVD CVE-2024-42315 at SUSE CVE-2024-42315 at NVD CVE-2024-42316 at SUSE CVE-2024-42316 at NVD CVE-2024-42318 at SUSE CVE-2024-42318 at NVD CVE-2024-42319 at SUSE CVE-2024-42319 at NVD CVE-2024-42320 at SUSE CVE-2024-42320 at NVD CVE-2024-42322 at SUSE CVE-2024-42322 at NVD CVE-2024-43816 at SUSE CVE-2024-43816 at NVD CVE-2024-43817 at SUSE CVE-2024-43817 at NVD CVE-2024-43818 at SUSE CVE-2024-43818 at NVD CVE-2024-43819 at SUSE CVE-2024-43819 at NVD CVE-2024-43821 at SUSE CVE-2024-43821 at NVD CVE-2024-43823 at SUSE CVE-2024-43823 at NVD CVE-2024-43824 at SUSE CVE-2024-43824 at NVD CVE-2024-43825 at SUSE CVE-2024-43825 at NVD CVE-2024-43826 at SUSE CVE-2024-43826 at NVD CVE-2024-43829 at SUSE CVE-2024-43829 at NVD CVE-2024-43830 at SUSE CVE-2024-43830 at NVD CVE-2024-43831 at SUSE CVE-2024-43831 at NVD CVE-2024-43833 at SUSE CVE-2024-43833 at NVD CVE-2024-43834 at SUSE CVE-2024-43834 at NVD CVE-2024-43837 at SUSE CVE-2024-43837 at NVD CVE-2024-43839 at SUSE CVE-2024-43839 at NVD CVE-2024-43840 at SUSE CVE-2024-43840 at NVD CVE-2024-43841 at SUSE CVE-2024-43841 at NVD CVE-2024-43842 at SUSE CVE-2024-43842 at NVD CVE-2024-43846 at SUSE CVE-2024-43846 at NVD CVE-2024-43847 at SUSE CVE-2024-43847 at NVD CVE-2024-43849 at SUSE CVE-2024-43849 at NVD CVE-2024-43850 at SUSE CVE-2024-43850 at NVD CVE-2024-43851 at SUSE CVE-2024-43851 at NVD CVE-2024-43853 at SUSE CVE-2024-43853 at NVD CVE-2024-43854 at SUSE CVE-2024-43854 at NVD CVE-2024-43855 at SUSE CVE-2024-43855 at NVD CVE-2024-43856 at SUSE CVE-2024-43856 at NVD CVE-2024-43858 at SUSE CVE-2024-43858 at NVD CVE-2024-43860 at SUSE CVE-2024-43860 at NVD CVE-2024-43861 at SUSE CVE-2024-43861 at NVD CVE-2024-43863 at SUSE CVE-2024-43863 at NVD CVE-2024-43864 at SUSE CVE-2024-43864 at NVD CVE-2024-43866 at SUSE CVE-2024-43866 at NVD CVE-2024-43867 at SUSE CVE-2024-43867 at NVD CVE-2024-43871 at SUSE CVE-2024-43871 at NVD CVE-2024-43872 at SUSE CVE-2024-43872 at NVD CVE-2024-43873 at SUSE CVE-2024-43873 at NVD CVE-2024-43874 at SUSE CVE-2024-43874 at NVD CVE-2024-43875 at SUSE CVE-2024-43875 at NVD CVE-2024-43876 at SUSE CVE-2024-43876 at NVD CVE-2024-43877 at SUSE CVE-2024-43877 at NVD CVE-2024-43879 at SUSE CVE-2024-43879 at NVD CVE-2024-43880 at SUSE CVE-2024-43880 at NVD CVE-2024-43881 at SUSE CVE-2024-43881 at NVD CVE-2024-43882 at SUSE CVE-2024-43882 at NVD CVE-2024-43883 at SUSE CVE-2024-43883 at NVD CVE-2024-43884 at SUSE CVE-2024-43884 at NVD CVE-2024-43885 at SUSE CVE-2024-43885 at NVD CVE-2024-43889 at SUSE CVE-2024-43889 at NVD CVE-2024-43892 at SUSE CVE-2024-43892 at NVD CVE-2024-43893 at SUSE CVE-2024-43893 at NVD CVE-2024-43894 at SUSE CVE-2024-43894 at NVD CVE-2024-43895 at SUSE CVE-2024-43895 at NVD CVE-2024-43897 at SUSE CVE-2024-43897 at NVD CVE-2024-43899 at SUSE CVE-2024-43899 at NVD CVE-2024-43900 at SUSE CVE-2024-43900 at NVD CVE-2024-43902 at SUSE CVE-2024-43902 at NVD CVE-2024-43903 at SUSE CVE-2024-43903 at NVD CVE-2024-43905 at SUSE CVE-2024-43905 at NVD CVE-2024-43906 at SUSE CVE-2024-43906 at NVD CVE-2024-43907 at SUSE CVE-2024-43907 at NVD CVE-2024-43908 at SUSE CVE-2024-43908 at NVD CVE-2024-43909 at SUSE CVE-2024-43909 at NVD CVE-2024-43911 at SUSE CVE-2024-43911 at NVD CVE-2024-43912 at SUSE CVE-2024-43912 at NVD CVE-2024-44931 at SUSE CVE-2024-44931 at NVD CVE-2024-44938 at SUSE CVE-2024-44938 at NVD CVE-2024-44939 at SUSE CVE-2024-44939 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576). - CVE-2023-52489: Fix race in accessing memory_section->usage (bsc#1221326). - CVE-2024-43821: Fix a possible null pointer dereference (bsc#1229315). - CVE-2024-43911: Fix NULL dereference at band check in starting tx ba session (bsc#1229827). - CVE-2024-42277: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409). - CVE-2024-43880: Put back removed metod in struct objagg_ops (bsc#1229481). - CVE-2024-43899: Fix null pointer deref in dcn20_resource.c (bsc#1229754). - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503) - CVE-2024-43866: Always drain health in shutdown callback (bsc#1229495). - CVE-2024-26812: Struct virqfd kABI workaround (bsc#1222808). - CVE-2024-27010: Fix mirred deadlock on device recursion (bsc#1223720). - CVE-2024-36881: Fix reset ptes when close() for wr-protected (bsc#1225718). - CVE-2024-42316: Fix div-by-zero in vmpressure_calc_level() (bsc#1229353). - CVE-2024-43855: Fix deadlock between mddev_suspend and flush bio (bsc#1229342). - CVE-2024-43864: Fix CT entry update leaks of modify header context (bsc#1229496). - CVE-2024-26631: Fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630). - CVE-2024-42109: Unconditionally flush pending work before notifier (bsc#1228505). - CVE-2024-41084: Avoid null pointer dereference in region lookup (bsc#1228472). - CVE-2024-40905: Fix possible race in __fib6_drop_pcpu_from() (bsc#1227761) - CVE-2024-39489: Fix memleak in seg6_hmac_init_algo (bsc#1227623) - CVE-2024-36489: Fix missing memory barrier in tls_init (bsc#1226874) - CVE-2024-27079: Fix NULL domain on device release (bsc#1223742). - CVE-2024-41020: Fix fcntl/close race recovery compat path (bsc#1228427). - CVE-2024-35897: Discard table flag update with pending basechain deletion (bsc#1224510). - CVE-2024-27403: Restore const specifier in flow_offload_route_init() (bsc#1224415). - CVE-2024-27011: Fix memleak in map from abort path (bsc#1223803). - CVE-2024-26668: Reject configurations that cause integer overflow (bsc#1222335). - CVE-2024-26835: Set dormant flag on hook register failure (bsc#1222967). - CVE-2024-26808: Handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634). - CVE-2024-26809: Release elements in clone only from destroy path (bsc#1222633). - CVE-2023-52581: Fix memleak when more than 255 elements expired (bsc#1220877). - CVE-2024-43837: Fix updating attached freplace prog in prog_array map (bsc#1229297). - CVE-2024-35939: Fixed leak pages on dma_set_decrypted() failure (bsc#1224535). - CVE-2024-42291: Add a per-VF limit on number of FDIR filters (bsc#1229374). - CVE-2024-42268: Fix missing lock on sync reset reload (bsc#1229391). - CVE-2024-43834: Fix invalid wait context of page_pool_destroy() (bsc#1229314) - CVE-2024-27433: Fix an error handling path in clk_mt8135_apmixed_probe() (bsc#1224711). - CVE-2024-36286: Acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801) - CVE-2024-26851: Add protection for bmp length out of range (bsc#1223074) - CVE-2024-40920: Fix suspicious rcu usage in br_mst_set_state (bsc#1227781). - CVE-2024-40921: Pass vlan group directly to br_mst_vlan_set_state (bsc#1227784). - CVE-2024-36979: Fix vlan use-after-free (bsc#1226604). - CVE-2024-26590: Fix inconsistent per-file compression format (bsc#1220252). - CVE-2023-52859: Fix use-after-free when register pmu fails (bsc#1225582). - CVE-2024-42270: Fix null-ptr-deref in iptable_nat_table_init() (bsc#1229404). - CVE-2024-42269: Fix potential null-ptr-deref in ip6table_nat_table_init() (bsc#1229402). - CVE-2024-42284: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382) - CVE-2024-42283: Initialize all fields in dumped nexthops (bsc#1229383) - CVE-2024-42312: Always initialize i_uid/i_gid (bsc#1229357) - CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345) - CVE-2024-42322: Properly dereference pe in ip_vs_add_service (bsc#1229347) - CVE-2024-42290: Handle runtime power management correctly (bsc#1229379). - CVE-2024-42318: Do not lose track of restrictions on cred_transfer (bsc#1229351). - CVE-2023-52889: Fix null pointer deref when receiving skb during sock creation (bsc#1229287). - CVE-2024-42295: Handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370). - CVE-2024-43850: Fix refcount imbalance seen during bwmon_remove (bsc#1229316). - CVE-2024-43831: Handle invalid decoder vsi (bsc#1229309). - CVE-2024-43839: Adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301). - CVE-2024-41007: Use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863). - CVE-2024-42281: Fix a segment issue when downgrading gso_size (bsc#1229386). - CVE-2024-26669: Fix chain template offload (bsc#1222350). - CVE-2024-26677: Blacklist e7870cf13d20 (' Fix delayed ACKs to not set the reference serial number') (bsc#1222387) - CVE-2024-41050: Cyclic allocation of msg_id to avoid reuse (bsc#1228499). - CVE-2024-41051: Wait for ondemand_object_worker to finish when dropping object (bsc#1228468). - CVE-2024-41074: Set object to close if ondemand_id < 0 in copen (bsc#1228643). - CVE-2024-41075: Add consistency check for copen/cread (bsc#1228646). - CVE-2024-41012: Remove locks reliably when fcntl/close race is detected (bsc#1228247). - CVE-2024-41080: Fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616). - CVE-2024-42246: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989). - CVE-2024-42159: Fix sanitise num_phys (bsc#1228754). - CVE-2024-42241: Disable PMD-sized page cache if needed (bsc#1228986). - CVE-2024-42245: Revert 'sched/fair: Make sure to try to detach at least one movable task' (bsc#1228978). - CVE-2024-26735: Fix possible use-after-free and null-ptr-deref (bsc#1222372). - CVE-2024-26837: Race between creation of new group memberships and generation of the list of MDB events to replay (bsc#1222973). - CVE-2024-42155: Wipe copies of protected- and secure-keys (bsc#1228733). - CVE-2024-42156: Wipe copies of clear-key structures on failure (bsc#1228722). - CVE-2024-42157: Wipe sensitive data on failure (bsc#1228727). - CVE-2024-42158: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720). - CVE-2024-38662: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885). - CVE-2024-40938: Fix d_parent walk (bsc#1227840). - CVE-2024-42247: Avoid unaligned 64-bit memory accesses (bsc#1228988). - CVE-2024-41010: Fix too early release of tcx_entry (bsc#1228021). - CVE-2024-42106: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493). - CVE-2024-42095: Fix Errata i2310 with RX FIFO level check (bsc#1228446). - CVE-2024-41068: Fix sclp_init() cleanup on failure (bsc#1228579). - CVE-2024-42138: Fix double memory deallocation in case of invalid INI file (bsc#1228500). - CVE-2024-42107: Do not process extts if PTP is disabled (bsc#1228494). - CVE-2024-42139: Fix improper extts handling (bsc#1228503). - CVE-2024-42110: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501). - CVE-2024-42113: Initialize num_q_vectors for MSI/INTx interrupts (bsc#1228568). - CVE-2024-42148: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487). - CVE-2024-42142: E-switch, Create ingress ACL when needed (bsc#1228491). - CVE-2024-42073: Fix memory corruptions on Spectrum-4 systems (bsc#1228457). - CVE-2024-42162: Account for stopped queues when reading NIC stats (bsc#1228706). - CVE-2024-42082: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482). - CVE-2024-40978: Fix crash while reading debugfs attribute (bsc#1227929). - CVE-2024-41000: Prefer different overflow check (bsc#1227867). - CVE-2024-40995: Fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830). - CVE-2024-42161: Avoid uninitialized value in BPF_CORE_READ_BITFIELD (bsc#1228756). - CVE-2024-41069: Fix route memory corruption (bsc#1228644). - CVE-2024-39506: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729). - CVE-2024-42145: Implement a limit on UMAD receive List (bsc#1228743). - CVE-2024-40994: Fix integer overflow in max_vclocks_store (bsc#1227829). - CVE-2024-42124: Make qedf_execute_tmf() non-preemptible (bsc#1228705). - CVE-2024-42096: Stop playing stack games in profile_pc() (bsc#1228633). - CVE-2024-42224: Correct check for empty list (bsc#1228723). - CVE-2024-41048: Skip zero length skb in sk_msg_recvmsg (bsc#1228565). - CVE-2024-40958: Make get_net_ns() handle zero refcount net (bsc#1227812). - CVE-2024-40939: Fix tainted pointer delete is case of region creation fail (bsc#1227799). - CVE-2024-36933: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832). - CVE-2024-36929: Reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814). - CVE-2024-41044: Reject claimed-as-LCP but actually malformed packets (bsc#1228530). - CVE-2024-41066: Add tx check to prevent skb leak (bsc#1228640). - CVE-2024-42093: Avoid explicit cpumask var allocation on stack (bsc#1228680). - CVE-2024-42122: Add NULL pointer check for kzalloc (bsc#1228591). - CVE-2024-41078: Fix quota root leak after quota disable failure (bsc#1228655). - CVE-2024-40989: Disassociate vcpus from redistributor region on teardown (bsc#1227823). - CVE-2024-41064: Avoid possible crash when edev->pdev changes (bsc#1228599). - CVE-2024-41036: Fix deadlock with the SPI chip variant (bsc#1228496). - CVE-2024-41040: Fix UAF when resolving a clash (bsc#1228518). - CVE-2024-35949: Make sure that WRITTEN is set on all metadata blocks (bsc#1224700). - CVE-2024-41081: Block BH in ila_output() (bsc#1228617). - CVE-2024-41076: Fix memory leak in nfs4_set_security_label (bsc#1228649). - CVE-2024-42079: Fix NULL pointer dereference in gfs2_log_flush (bsc#1228672). - CVE-2024-41057: Fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1228462). - CVE-2024-41058: Fix slab-use-after-free in fscache_withdraw_volume() (bsc#1228459). - CVE-2024-41015: Add bounds checking to ocfs2_check_dir_entry() (bsc#1228409). - CVE-2024-40956: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810). - CVE-2024-27437: Disable auto-enable of exclusive INTx IRQ (bsc#1222625). - CVE-2024-41032: Check if a hash-index is in cpu_possible_mask (bsc#1228460). - CVE-2024-40957: Fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors (bsc#1227811). - CVE-2024-41041: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (bsc#1228520). - CVE-2024-40954: Do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) - CVE-2024-42070: Fully validate NFT_DATA_VALUE on store to data registers (bsc#1228470). - CVE-2024-41070: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581). - CVE-2024-40959: Check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884). - CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020). - CVE-2024-40909: Fix a potential use-after-free in bpf_link_free() (bsc#1227798). - CVE-2024-27024: Fix WARNING in rds_conn_connect_if_down (bsc#1223777). The following non-security bugs were fixed: - ACPI: battery: create alarm sysfs attribute atomically (stable-fixes). - ACPI: processor_idle: use raw_safe_halt() in acpi_idle_play_dead() (git-fixes). - ACPI: SBS: manage alarm sysfs attribute through psy core (stable-fixes). - ACPI/NUMA: Apply SRAT proximity domain to entire CFMWS window (git-fixes). - afs: fix __afs_break_callback() / afs_drop_open_mmap() race (git-fixes). - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes). - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes). - ALSA: hda: Conditionally use snooping for AMD HDMI (git-fixes). - ALSA: hda: conexant: Fix headset auto detect fail in the polling mode (git-fixes). - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes). - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes). - ALSA: hda/realtek - Fixed ALC256 headphone no sound (stable-fixes). - ALSA: hda/realtek - FIxed ALC285 headphone no sound (stable-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes). - ALSA: hda/realtek: Add quirk for Acer Aspire E5-574G (stable-fixes). - ALSA: hda/realtek: Add support for new HP G12 laptops (stable-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Laptop 14-ey0xxx (stable-fixes). - ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book3 Ultra (stable-fixes). - ALSA: hda/realtek: Implement sound init sequence for Samsung Galaxy Book3 Pro 360 (stable-fixes). - ALSA: hda/realtek: support HP Pavilion Aero 13-bg0xxx Mute LED (stable-fixes). - ALSA: hda/tas2781: fix wrong calibrated data order (git-fixes). - ALSA: hda/tas2781: Use correct endian conversion (git-fixes). - ALSA: line6: Fix racy access to midibuf (stable-fixes). - ALSA: line6: Fix racy access to midibuf (stable-fixes). - ALSA: seq: Skip event type filtering for UMP events (git-fixes). - ALSA: seq: ump: Explicitly reset RPN with Null RPN (stable-fixes). - ALSA: seq: ump: Optimize conversions from SysEx to UMP (git-fixes). - ALSA: seq: ump: Transmit RPN/NRPN message at each MSB/LSB data reception (stable-fixes). - ALSA: seq: ump: Use the common RPN/bank conversion context (stable-fixes). - ALSA: timer: Relax start tick time check for slave timer elements (git-fixes). - ALSA: ump: Explicitly reset RPN with Null RPN (stable-fixes). - ALSA: ump: Transmit RPN/NRPN message at each MSB/LSB data reception (stable-fixes). - ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET (stable-fixes). - ALSA: usb-audio: Correct surround channels in UAC1 channel map (git-fixes). - ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes). - ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes). - ALSA: usb-audio: Support Yamaha P-125 quirk entry (stable-fixes). - ALSA: usb: Fix UBSAN warning in parse_audio_unit() (stable-fixes). - apparmor: unpack transition table if dfa is not present (bsc#1226031). - arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes) - arm64: Add Neoverse-V2 part (git-fixes) - arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes) - arm64: barrier: Restore spec_bar() macro (git-fixes) - arm64: cputype: Add Cortex-A720 definitions (git-fixes) - arm64: cputype: Add Cortex-A725 definitions (git-fixes) - arm64: cputype: Add Cortex-X1C definitions (git-fixes) - arm64: cputype: Add Cortex-X3 definitions (git-fixes) - arm64: cputype: Add Cortex-X4 definitions (git-fixes) - arm64: cputype: Add Cortex-X925 definitions (git-fixes) - arm64: cputype: Add Neoverse-V3 definitions (git-fixes) - arm64: dts: imx8mp: add HDMI power-domains (git-fixes) - arm64: dts: imx8mp: Add NPU Node (git-fixes) - arm64: dts: imx8mp: Fix pgc vpu locations (git-fixes) - arm64: dts: imx8mp: Fix pgc_mlmix location (git-fixes) - arm64: errata: Expand speculative SSBS workaround (again) (git-fixes) - arm64: errata: Expand speculative SSBS workaround (git-fixes) - arm64: errata: Unify speculative SSBS errata logic (git-fixes). Update config files. - arm64: Fix KASAN random tag seed initialization (git-fixes) - arm64: jump_label: Ensure patched jump_labels are visible to all CPUs (git-fixes) - ASoC: allow module autoloading for table board_ids (stable-fixes). - ASoC: allow module autoloading for table db1200_pids (stable-fixes). - ASoC: amd: acp: fix module autoloading (git-fixes). - ASoC: amd: yc: Add quirk entry for OMEN by HP Gaming Laptop 16-n0xxx (bsc#1227182). - ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes). - ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes). - ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes). - ASoC: cs35l45: Checks index of cs35l45_irqs[] (stable-fixes). - ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes). - ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes). - ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes). - ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes). - ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes). - ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes). - ASoC: mediatek: mt8188: Mark AFE_DAC_CON0 register as volatile (stable-fixes). - ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes). - ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes). - ASoC: nau8822: Lower debug print priority (stable-fixes). - ASoC: nau8822: Lower debug print priority (stable-fixes). - ASoC: SOF: amd: Fix for acp init sequence (git-fixes). - ASoC: SOF: Intel: hda-dsp: Make sure that no irq handler is pending before suspend (stable-fixes). - ASoC: SOF: ipc4: check return value of snd_sof_ipc_msg_data (stable-fixes). - ASoC: SOF: mediatek: Add missing board compatible (stable-fixes). - ASoC: SOF: Remove libraries from topology lookups (git-fixes). - ASoC: SOF: Remove libraries from topology lookups (git-fixes). - ata: libata-scsi: Do not overwrite valid sense data when CK_COND=1 (stable-fixes). - ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error (stable-fixes). - Bluetooth: Add device 13d3:3572 IMC Networks Bluetooth Radio (stable-fixes). - Bluetooth: bnep: Fix out-of-bound access (stable-fixes). - Bluetooth: btintel: Fail setup on error (git-fixes). - Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading (stable-fixes). - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 (stable-fixes). - Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables (stable-fixes). - Bluetooth: Fix usage of __hci_cmd_sync_status (git-fixes). - Bluetooth: hci_conn: Check non NULL function before calling for HFP offload (stable-fixes). - Bluetooth: hci_core: Fix LE quote calculation (git-fixes). - Bluetooth: hci_core: Fix not handling hibernation actions (git-fixes). - Bluetooth: hci_sync: avoid dup filtering when passive scanning with adv monitor (git-fixes). - Bluetooth: hci_sync: Fix suspending with wrong filter policy (git-fixes). - Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (git-fixes). - Bluetooth: L2CAP: Fix deadlock (git-fixes). - Bluetooth: MGMT: Add error handling to pair_device() (git-fixes). - Bluetooth: SMP: Fix assumption of Central always being Initiator (git-fixes). - bnxt_re: Fix imm_data endianness (git-fixes) - bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG (git-fixes) - bpf, lpm: Fix check prefixlen before walking trie (git-fixes). - bpf: Add crosstask check to __bpf_get_stack (git-fixes). - bpf: Detect IP == ksym.end as part of BPF program (git-fixes). - bpf: do not infer PTR_TO_CTX for programs with unnamed context type (git-fixes). - bpf: enforce precision of R0 on callback return (git-fixes). - bpf: Ensure proper register state printing for cond jumps (git-fixes). - bpf: extract bpf_ctx_convert_map logic and make it more reusable (git-fixes). - bpf: Fix a few selftest failures due to llvm18 change (git-fixes). - bpf: Fix a kernel verifier crash in stacksafe() (bsc#1225903). - bpf: Fix check_stack_write_fixed_off() to correctly spill imm (git-fixes). - bpf: fix control-flow graph checking in privileged mode (git-fixes). - bpf: Fix kfunc callback register type handling (git-fixes). - bpf: Fix prog_array_map_poke_run map poke update (git-fixes). - bpf: Fix unnecessary -EBUSY from htab_lock_bucket (git-fixes). - bpf: handle bpf_user_pt_regs_t typedef explicitly for PTR_TO_CTX global arg (git-fixes). - bpf: hardcode BPF_PROG_PACK_SIZE to 2MB * num_possible_nodes() (git-fixes). - bpf: kprobe: remove unused declaring of bpf_kprobe_override (git-fixes). - bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly (git-fixes). - bpf: Remove unnecessary wait from bpf_map_copy_value() (git-fixes). - bpf: Set uattr->batch.count as zero before batched update or deletion (git-fixes). - bpf: simplify btf_get_prog_ctx_type() into btf_is_prog_ctx_type() (git-fixes). - bpf/tests: Remove duplicate JSGT tests (git-fixes). - bpftool: Align output skeleton ELF code (git-fixes). - bpftool: Fix -Wcast-qual warning (git-fixes). - bpftool: mark orphaned programs during prog show (git-fixes). - bpftool: Silence build warning about calloc() (git-fixes). - btrfs: add a btrfs_finish_ordered_extent helper (git-fixes). - btrfs: add a is_data_bbio helper (git-fixes). - btrfs: add an ordered_extent pointer to struct btrfs_bio (git-fixes). - btrfs: copy dir permission and time when creating a stub subvolume (bsc#1228321). - btrfs: ensure fast fsync waits for ordered extents after a write failure (git-fixes). - btrfs: factor out a btrfs_queue_ordered_fn helper (git-fixes). - btrfs: factor out a can_finish_ordered_extent helper (git-fixes). - btrfs: fix corruption after buffer fault in during direct IO append write (git-fixes). - btrfs: fix double inode unlock for direct IO sync writes (git-fixes). - btrfs: fix extent map use-after-free when adding pages to compressed bio (git-fixes). - btrfs: fix leak of qgroup extent records after transaction abort (git-fixes). - btrfs: fix ordered extent split error handling in btrfs_dio_submit_io (git-fixes). - btrfs: limit write bios to a single ordered extent (git-fixes). - btrfs: make btrfs_finish_ordered_extent() return void (git-fixes). - btrfs: merge the two calls to btrfs_add_ordered_extent in run_delalloc_nocow (git-fixes). - btrfs: open code btrfs_bio_end_io in btrfs_dio_submit_io (git-fixes). - btrfs: open code end_extent_writepage in end_bio_extent_writepage (git-fixes). - btrfs: pass a btrfs_inode to btrfs_fdatawrite_range() (git-fixes). - btrfs: pass a btrfs_inode to btrfs_wait_ordered_range() (git-fixes). - btrfs: pass an ordered_extent to btrfs_reloc_clone_csums (git-fixes). - btrfs: pass an ordered_extent to btrfs_submit_compressed_write (git-fixes). - btrfs: remove btrfs_add_ordered_extent (git-fixes). - btrfs: rename err to ret in btrfs_direct_write() (git-fixes). - btrfs: uninline some static inline helpers from tree-log.h (git-fixes). - btrfs: use a btrfs_inode in the log context (struct btrfs_log_ctx) (git-fixes). - btrfs: use a btrfs_inode local variable at btrfs_sync_file() (git-fixes). - btrfs: use bbio->ordered in btrfs_csum_one_bio (git-fixes). - btrfs: use btrfs_finish_ordered_extent to complete buffered writes (git-fixes). - btrfs: use btrfs_finish_ordered_extent to complete compressed writes (git-fixes). - btrfs: use btrfs_finish_ordered_extent to complete direct writes (git-fixes). - btrfs: use irq safe locking when running and adding delayed iputs (git-fixes). - cachefiles, erofs: Fix NULL deref in when cachefiles is not doing ondemand-mode (bsc#1229245). - cachefiles: add missing lock protection when polling (bsc#1229256). - cachefiles: add restore command to recover inflight ondemand read requests (bsc#1229244). - cachefiles: add spin_lock for cachefiles_ondemand_info (bsc#1229249). - cachefiles: cancel all requests for the object that is being dropped (bsc#1229255). - cachefiles: defer exposing anon_fd until after copy_to_user() succeeds (bsc#1229251). - cachefiles: extract ondemand info field from cachefiles_object (bsc#1229240). - cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read() (bsc#1229247). - cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd() (bsc#1229246). - cachefiles: introduce object ondemand state (bsc#1229239). - cachefiles: make on-demand read killable (bsc#1229252). - cachefiles: narrow the scope of triggering EPOLLIN events in ondemand mode (bsc#1229243). - cachefiles: never get a new anonymous fd if ondemand_id is valid (bsc#1229250). - cachefiles: propagate errors from vfs_getxattr() to avoid infinite loop (bsc#1229253). - cachefiles: remove err_put_fd label in cachefiles_ondemand_daemon_read() (bsc#1229248). - cachefiles: resend an open request if the read request's object is closed (bsc#1229241). - cachefiles: stop sending new request when dropping object (bsc#1229254). - can: mcp251xfd: tef: prepare to workaround broken TEF FIFO tail index erratum (stable-fixes). - can: mcp251xfd: tef: update workaround for erratum DS80000789E 6 of mcp2518fd (stable-fixes). - ceph: periodically flush the cap releases (bsc#1230056). - certs: Move RSA self-test data to separate file (bsc#1222777). - cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254). - cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254). - cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254). - cgroup: preserve KABI of cgroup_root (bsc#1222254). - cgroup: Remove unnecessary list_empty() (bsc#1222254). - cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801). - char: xillybus: Check USB endpoints when probing device (git-fixes). - char: xillybus: Do not destroy workqueue from work item running on it (stable-fixes). - char: xillybus: Refine workqueue handling (git-fixes). - clk: en7523: fix rate divider for slic and spi clocks (git-fixes). - clk: qcom: camcc-sc7280: Add parent dependency to all camera GDSCs (git-fixes). - clk: qcom: gcc-sa8775p: Update the GDSC wait_val fields and flags (git-fixes). - clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE clock (git-fixes). - clk: qcom: gpucc-sa8775p: Park RCG's clk source at XO during disable (git-fixes). - clk: qcom: gpucc-sa8775p: Remove the CLK_IS_CRITICAL and ALWAYS_ON flags (git-fixes). - clk: qcom: gpucc-sa8775p: Update wait_val fields for GPU GDSC's (git-fixes). - clk: qcom: gpucc-sm8350: Park RCG's clk source at XO during disable (git-fixes). - clk: qcom: kpss-xcc: Return of_clk_add_hw_provider to transfer the error (git-fixes). - clk: qcom: Park shared RCGs upon registration (git-fixes). - clk: visconti: Add bounds-checking coverage for struct visconti_pll_provider (stable-fixes). - clocksource/drivers/sh_cmt: Address race condition for clock events (stable-fixes). - cpu/SMT: Enable SMT only if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes). - cxl/region: Move cxl_dpa_to_region() work to the region driver (bsc#1228472) - dev/parport: fix the array out-of-bounds risk (stable-fixes). - device property: Add cleanup.h based fwnode_handle_put() scope based cleanup (stable-fixes). - dmaengine: dw: Add memory bus width verification (git-fixes). - dmaengine: dw: Add peripheral bus width verification (git-fixes). - docs: KVM: Fix register ID of SPSR_FIQ (git-fixes). - driver core: Fix uevent_show() vs driver detach race (git-fixes). - drm/admgpu: fix dereferencing null pointer context (stable-fixes). - drm/amd/display: Add delay to improve LTTPR UHBR interop (stable-fixes). - drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update (stable-fixes). - drm/amd/display: Add null checker before passing variables (stable-fixes). - drm/amd/display: Adjust cursor position (git-fixes). - drm/amd/display: avoid using null object of framebuffer (git-fixes). - drm/amd/display: Check for NULL pointer (stable-fixes). - drm/amd/display: fix cursor offset on rotation 180 (git-fixes). - drm/amd/display: fix s2idle entry for DCN3.5+ (stable-fixes). - drm/amd/display: Skip Recompute DSC Params if no Stream on Link (stable-fixes). - drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr (stable-fixes). - drm/amdgpu: Actually check flags for all context ops (stable-fixes). - drm/amdgpu: Add lock around VF RLCG interface (stable-fixes). - drm/amdgpu: fix dereference null return value for the function amdgpu_vm_pt_parent (stable-fixes). - drm/amdgpu: fix potential resource leak warning (stable-fixes). - drm/amdgpu: Fix the null pointer dereference to ras_manager (stable-fixes). - drm/amdgpu: Forward soft recovery errors to userspace (stable-fixes). - drm/amdgpu: reset vm state machine after gpu reset(vram lost) (stable-fixes). - drm/amdgpu: Validate TA binary size (stable-fixes). - drm/amdgpu/jpeg2: properly set atomics vmid field (stable-fixes). - drm/amdgpu/jpeg4: properly set atomics vmid field (stable-fixes). - drm/amdgpu/pm: Fix the null pointer dereference for smu7 (stable-fixes). - drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules (stable-fixes). - drm/amdgpu/pm: Fix the param type of set_power_profile_mode (stable-fixes). - drm/amdgpu/sdma5.2: limit wptr workaround to sdma 5.2.1 (git-fixes). - drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell (stable-fixes). - drm/bridge: analogix_dp: properly handle zero sized AUX transactions (stable-fixes). - drm/client: fix null pointer dereference in drm_client_modeset_probe (git-fixes). - drm/dp_mst: Skip CSN if topology probing is not done yet (stable-fixes). - drm/etnaviv: do not block scheduler when GPU is still active (stable-fixes). - drm/i915: Fix possible int overflow in skl_ddi_calculate_wrpll() (git-fixes). - drm/i915/dsi: Make Lenovo Yoga Tab 3 X90F DMI match less strict (git-fixes). - drm/i915/gem: Adjust vma offset for framebuffer mmap offset (stable-fixes). - drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (git-fixes). - drm/i915/hdcp: Fix HDCP2_STREAM_STATUS macro (git-fixes). - drm/lima: set gp bus_stop bit before hard reset (stable-fixes). - drm/mediatek/dp: Fix spurious kfree() (git-fixes). - drm/msm: Reduce fallout of fence signaling vs reclaim hangs (stable-fixes). - drm/msm/dp: fix the max supported bpp logic (git-fixes). - drm/msm/dp: reset the link phy params before link training (git-fixes). - drm/msm/dpu: capture snapshot on the first commit_done timeout (stable-fixes). - drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (git-fixes). - drm/msm/dpu: do not play tricks with debug macros (git-fixes). - drm/msm/dpu: drop MSM_ENC_VBLANK support (stable-fixes). - drm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable() (git-fixes). - drm/msm/dpu: split dpu_encoder_wait_for_event into two functions (stable-fixes). - drm/msm/dpu: take plane rotation into account for wide planes (git-fixes). - drm/msm/dpu: try multirect based on mdp clock limits (stable-fixes). - drm/msm/dpu: use drmm-managed allocation for dpu_encoder_phys (stable-fixes). - drm/msm/mdss: Rename path references to mdp_path (stable-fixes). - drm/msm/mdss: switch mdss to use devm_of_icc_get() (stable-fixes). - drm/nouveau: prime: fix refcount underflow (git-fixes). - drm/panel: nt36523: Set 120Hz fps for xiaomi,elish panels (stable-fixes). - drm/radeon: Remove __counted_by from StateArray.states[] (git-fixes). - drm/radeon/evergreen_cs: Clean up errors in evergreen_cs.c (bsc#1229024). - drm/rockchip: vop2: clear afbc en and transform bit for cluster window at linear mode (stable-fixes). - drm/virtio: Fix type of dma-fence context variable (git-fixes). - drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes). - drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes). - drm/vmwgfx: Fix prime with external buffers (git-fixes). - efi/libstub: Zero initialize heap allocated struct screen_info (git-fixes). - evm: do not copy up 'security.evm' xattr (git-fixes). - firmware: cirrus: cs_dsp: Initialize debugfs_root to invalid (stable-fixes). - fs/netfs/fscache_cookie: add missing 'n_accesses' check (bsc#1229455). - fuse: Initialize beyond-EOF page contents before setting uptodate (bsc#1229456). - genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline (git-fixes). - genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware (git-fixes). - genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() (git-fixes). - gfs2: setattr_chown: Add missing initialization (git-fixes). - gpio: mlxbf3: Support shutdown() function (git-fixes). - gpio: prevent potential speculation leaks in gpio_device_get_desc() (stable-fixes). - gpio: sysfs: extend the critical section for unregistering sysfs devices (stable-fixes). - gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (git-fixes). - hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (git-fixes). - HID: wacom: Defer calculation of resolution until resolution_code is known (git-fixes). - hwmon: (ltc2992) Avoid division by zero (stable-fixes). - hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt() (git-fixes). - hwmon: (pc87360) Bounds check data->innr usage (stable-fixes). - i2c: Fix conditional for substituting empty ACPI functions (stable-fixes). - i2c: qcom-geni: Add missing clk_disable_unprepare in geni_i2c_runtime_resume (git-fixes). - i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume (git-fixes). - i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume (git-fixes). - i2c: riic: avoid potential division by zero (stable-fixes). - i2c: smbus: Improve handling of stuck alerts (git-fixes). - i2c: smbus: Send alert notifications to all devices if source not found (git-fixes). - i2c: stm32f7: Add atomic_xfer method to driver (stable-fixes). - i2c: Use IS_REACHABLE() for substituting empty ACPI functions (git-fixes). - i3c: mipi-i3c-hci: Do not unmap region not mapped for transfer (stable-fixes). - i3c: mipi-i3c-hci: Remove BUG() when Ring Abort request times out (stable-fixes). - i915/perf: Remove code to update PWR_CLK_STATE for gen12 (git-fixes). - ice: Fix NULL pointer access, if PF does not support SRIOV_LAG (bsc#1228737). - Input: i8042 - add forcenorestore quirk to leave controller untouched even on s3 (stable-fixes). - Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table (bsc#1229056). - Input: i8042 - use new forcenorestore quirk to replace old buggy quirk combination (stable-fixes). - Input: MT - limit max slots (stable-fixes). - io_uring: Drop per-ctx dummy_ubuf (git-fixes). - io_uring: fix io_match_task must_hold (git-fixes). - io_uring: Fix probe of disabled operations (git-fixes). - io_uring: tighten task exit cancellations (git-fixes). - io_uring/advise: support 64-bit lengths (git-fixes). - iommu/amd: Convert comma to semicolon (git-fixes). - iommu/vt-d: Fix identity map bounds in si_domain_init() (git-fixes). - iommufd/device: Fix hwpt at err_unresv in iommufd_device_do_replace() (git-fixes). - ip6_tunnel: Fix broken GRO (bsc#1229444). - ipv6: sr: fix incorrect unregister order (git-fixes). - irqdomain: Fixed unbalanced fwnode get and put (git-fixes). - jfs: define xtree root and page independently (git-fixes). - jfs: fix null ptr deref in dtInsertEntry (git-fixes). - jfs: Fix shift-out-of-bounds in dbDiscardAG (git-fixes). - jump_label: Clarify condition in static_key_fast_inc_not_disabled() (git-fixes). - jump_label: Fix concurrency issues in static_key_slow_dec() (git-fixes). - jump_label: Fix the fix, brown paper bags galore (git-fixes). - jump_label: Simplify and clarify static_key_fast_inc_cpus_locked() (git-fixes). - kabi fix for KVM: s390: fix LPSWEY handling (bsc#1227634 git-fixes). - kabi fix for SUNRPC: add a missing rpc_stat for TCP TLS (git-fixes). - kABI fix of: virtio-crypto: handle config changed by work queue (git-fixes). - kABI workaround for sound core UMP conversion (stable-fixes). - kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783) - kabi/severity: add nvme common code The nvme common code is also allowed to change the data structures, there are only internal users. - kcov: properly check for softirq context (git-fixes). - kernfs: Convert kernfs_path_from_node_locked() from strlcpy() to strscpy() (bsc#1229134). - kernfs: fix false-positive WARN(nr_mmapped) in kernfs_drain_open_files (git-fixes). - kprobes: Fix to check symbol prefixes correctly (git-fixes). - kprobes: Prohibit probing on CFI preamble symbol (git-fixes). - KVM: Always flush async #PF workqueue when vCPU is being destroyed (git-fixes). - KVM: arm64: AArch32: Fix spurious trapping of conditional instructions (git-fixes). - KVM: arm64: Add missing memory barriers when switching to pKVM's hyp pgd (git-fixes). - KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode (git-fixes). - KVM: arm64: Fix __pkvm_init_switch_pgd call ABI (git-fixes). - KVM: arm64: Fix AArch32 register narrowing on userspace write (git-fixes). - KVM: arm64: Fix clobbered ELR in sync abort/SError (git-fixes) - KVM: arm64: GICv4: Do not perform a map to a mapped vLPI (git-fixes). - KVM: arm64: timers: Correctly handle TGE flip with CNTPOFF_EL2 (git-fixes). - KVM: arm64: timers: Fix resource leaks in kvm_timer_hyp_init() (git-fixes). - KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() (git-fixes). - KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler (git-fixes). - KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id (git-fixes). - KVM: arm64: vgic-v4: Restore pending state on host userspace write (git-fixes). - KVM: arm64: vgic: Add a non-locking primitive for kvm_vgic_vcpu_destroy() (git-fixes). - KVM: arm64: vgic: Force vcpu vgic teardown on vcpu destroy (git-fixes). - KVM: arm64: vgic: Simplify kvm_vgic_destroy() (git-fixes). - KVM: fix kvm_mmu_memory_cache allocation warning (git-fixes). - KVM: Make KVM_MEM_GUEST_MEMFD mutually exclusive with KVM_MEM_READONLY (git-fixes). - KVM: nVMX: Add a helper to get highest pending from Posted Interrupt vector (git-fixes). - KVM: nVMX: Check for pending posted interrupts when looking for nested events (git-fixes). - KVM: nVMX: Request immediate exit iff pending nested event needs injection (git-fixes). - KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3 (bsc#1194869). - KVM: PPC: Book3S HV: Handle pending exceptions on guest entry with MSR_EE (bsc#1215199). - KVM: Protect vcpu->pid dereference via debugfs with RCU (git-fixes). - KVM: Reject overly excessive IDs in KVM_CREATE_VCPU (git-fixes). - KVM: s390: fix LPSWEY handling (bsc#1227634 git-fixes). - KVM: s390: fix validity interception issue when gisa is switched off (git-fixes bsc#1229167). - kvm: s390: Reject memory region operations for ucontrol VMs (git-fixes bsc#1229168). - KVM: Stop processing *all* memslots when 'null' mmu_notifier handler is found (git-fixes). - KVM: VMX: Move posted interrupt descriptor out of VMX code (git-fixes). - KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked() (git-fixes). - KVM: VMX: Switch __vmx_exit() and kvm_x86_vendor_exit() in vmx_exit() (git-fixes). - KVM: x86: Limit check IDs for KVM_SET_BOOT_CPU_ID (git-fixes). - KVM: x86/mmu: Bug the VM if KVM tries to split a !hugepage SPTE (git-fixes). - libbpf: Add missing LIBBPF_API annotation to libbpf_set_memlock_rlim API (git-fixes). - libbpf: Apply map_set_def_max_entries() for inner_maps on creation (git-fixes). - libbpf: Fix faccessat() usage on Android (git-fixes). - libbpf: Use OPTS_SET() macro in bpf_xdp_query() (git-fixes). - md-cluster: fix hanging issue while a new disk adding (bsc#1223395). - md-cluster: fix hanging issue while a new disk adding (bsc#1223395). - md-cluster: fix no recovery job when adding/re-adding a disk (bsc#1223395). - md-cluster: fix no recovery job when adding/re-adding a disk (bsc#1223395). - md-cluster: keeping kabi compatibility for upstream commit 35a0a409fa26 (bsc#1223395). - md: add a mddev_add_trace_msg helper (git-fixes). - md: add check for sleepers in md_wakeup_thread() (git-fixes). - md: change the return value type of md_write_start to void (git-fixes). - md: do not account sync_io if iostats of the disk is disabled (git-fixes). - md: do not delete safemode_timer in mddev_suspend (git-fixes). - md: Do not wait for MD_RECOVERY_NEEDED for HOT_REMOVE_DISK ioctl (git-fixes). - md: factor out a helper exceed_read_errors() to check read_errors (git-fixes). - md: fix a suspicious RCU usage warning (git-fixes). - md/md-bitmap: fix writing non bitmap pages (git-fixes). - md/raid1: set max_sectors during early return from choose_slow_rdev() (git-fixes). - md/raid1: support read error check (git-fixes). - md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (git-fixes). - md/raid5: fix spares errors about rcu usage (git-fixes). - md/raid5: recheck if reshape has finished with device_lock held (git-fixes). - media: amphion: Remove lock in s_ctrl callback (stable-fixes). - media: drivers/media/dvb-core: copy user arrays safely (stable-fixes). - media: pci: cx23885: check cx23885_vdev_init() return (stable-fixes). - media: Revert 'media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()' (git-fixes). - media: uvcvideo: Add quirk for invalid dev_sof in Logitech C920 (git-fixes). - media: uvcvideo: Disable autosuspend for Insta360 Link (stable-fixes). - media: uvcvideo: Fix the bandwdith quirk on USB 3.x (stable-fixes). - media: uvcvideo: Ignore empty TS packets (stable-fixes). - media: uvcvideo: Quirk for invalid dev_sof in Logitech C922 (stable-fixes). - media: xc2028: avoid use-after-free in load_firmware_cb() (stable-fixes). - memcg: protect concurrent access to mem_cgroup_idr (git-fixes). - memory: stm32-fmc2-ebi: check regmap_read return value (stable-fixes). - memory: tegra: Skip SID programming if SID registers are not set (stable-fixes). - minmax: add a few more MIN_T/MAX_T users (bsc#1229024). - minmax: avoid overly complicated constant expressions in VM code (bsc#1229024). - minmax: do not use max() in situations that want a C constant expression (bsc#1229024). - minmax: fix up min3() and max3() too (bsc#1229024). - minmax: improve macro expansion and type checking (bsc#1229024). - minmax: make generic MIN() and MAX() macros available everywhere (bsc#1229024). - minmax: simplify and clarify min_t()/max_t() implementation (bsc#1229024). - minmax: simplify min()/max()/clamp() implementation (bsc#1229024). - mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes). - mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes). - mmc: dw_mmc: allow biu and ciu clocks to defer (git-fixes). - mmc: mmc_test: Fix NULL dereference on allocation failure (git-fixes). - mmc: mtk-sd: receive cmd8 data when hs400 tuning fail (git-fixes). - net: drop bad gso csum_start and offset in virtio_net_hdr (git-fixes). - net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb() (git-fixes). - net: fix sk_memory_allocated_{add|sub} vs softirqs (bsc#1228757). - net: mana: Add support for page sizes other than 4KB on ARM64 (jsc#PED-8491 bsc#1226530). - net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings (bsc#1229154). - net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes). - net: mana: Fix RX buf alloc_size alignment and atomic op panic (bsc#1229086). - net: missing check virtio (git-fixes). - net: phy: micrel: Fix the KSZ9131 MDI-X status issue (git-fixes). - net: phy: realtek: add support for RTL8366S Gigabit PHY (git-fixes). - net: usb: qmi_wwan: fix memory leak for not ip packets (git-fixes). - net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git-fixes). - net/iucv: fix the allocation size of iucv_path_table array (git-fixes bsc#1229451). - net/iucv: fix use after free in iucv_sock_close() (bsc#1228973). - net/rds: fix possible cp null dereference (git-fixes). - net/sched: initialize noop_qdisc owner (git-fixes). - netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() (bsc#1228459 bsc#1228462). - nfc: pn533: Add poll mod list filling check (git-fixes). - nfs: do not invalidate dentries on transient errors (git-fixes). - nfs: expose /proc/net/sunrpc/nfs in net namespaces (git-fixes). - nfs: make the rpc_stat per net namespace (git-fixes). - nfs: pass explicit offset/count to trace events (git-fixes). - nfs: propagate readlink errors in nfs_symlink_filler (git-fixes). - NFSD: Support write delegations in LAYOUTGET (git-fixes). - NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes). - nouveau/firmware: use dma non-coherent allocator (git-fixes). - nvme_core: scan namespaces asynchronously (bsc#1224105). - nvme-multipath: find NUMA path only for online numa-node (git-fixes). - nvme-multipath: implement 'queue-depth' iopolicy (bsc#1227706). - nvme-multipath: prepare for 'queue-depth' iopolicy (bsc#1227706). - nvme-pci: add missing condition check for existence of mapped data (git-fixes). - nvme-pci: do not directly handle subsys reset fallout (bsc#1220066). - nvme-pci: Fix the instructions for disabling power management (git-fixes). - nvme-sysfs: add 'tls_configured_key' sysfs attribute (bsc#1221857). - nvme-sysfs: add 'tls_keyring' attribute (bsc#1221857). - nvme-tcp: check for invalidated or revoked key (bsc#1221857). - nvme-tcp: sanitize TLS key handling (bsc#1221857). - nvme: add a newline to the 'tls_key' sysfs attribute (bsc#1221857). - nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset (git-fixes). - nvme: avoid double free special payload (git-fixes). - nvme: fix NVME_NS_DEAC may incorrectly identifying the disk as EXT_LBA (git-fixes). - nvme: fixup comment for nvme RDMA Provider Type (git-fixes). - nvme: split off TLS sysfs attributes into a separate group (bsc#1221857). - nvme: tcp: remove unnecessary goto statement (bsc#1221857). - nvmet-auth: fix nvmet_auth hash error handling (git-fixes). - nvmet: always initialize cqe.result (git-fixes). - nvmet: do not return 'reserved' for empty TSAS values (git-fixes). - nvmet: fix a possible leak when destroy a ctrl during qp establishment (git-fixes). - nvmet: make 'tsas' attribute idempotent for RDMA (git-fixes). - ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410). - padata: Fix possible divide-by-0 panic in padata_mt_helper() (git-fixes). - PCI: Add Edimax Vendor ID to pci_ids.h (stable-fixes). - PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (git-fixes). - PCI: loongson: Enable MSI in LS7A Root Complex (stable-fixes). - perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 (git-fixes). - pinctrl: mediatek: common-v2: Fix broken bias-disable for PULL_PU_PD_RSEL_TYPE (git-fixes). - pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins (git-fixes). - pinctrl: single: fix potential NULL dereference in pcs_get_function() (git-fixes). - pinctrl: starfive: jh7110: Correct the level trigger configuration of iev register (git-fixes). - platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes). - platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes). - platform/surface: aggregator: Fix warning when controller is destroyed in probe (git-fixes). - platform/x86: lg-laptop: fix %s null argument warning (stable-fixes). - platform/x86/amd/hsmp: Add support for ACPI based probing (jsc#PED-8779). - platform/x86/amd/hsmp: Cache pci_dev in struct hsmp_socket (jsc#PED-8779). - platform/x86/amd/hsmp: Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779). - platform/x86/amd/hsmp: Check HSMP support on AMD family of processors (jsc#PED-8779). - platform/x86/amd/hsmp: Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779). - platform/x86/amd/hsmp: Create static func to handle platdev (jsc#PED-8779). - platform/x86/amd/hsmp: Define a struct to hold mailbox regs (jsc#PED-8779). - platform/x86/amd/hsmp: Move dev from platdev to hsmp_socket (jsc#PED-8779). - platform/x86/amd/hsmp: Move hsmp_test to probe (jsc#PED-8779). - platform/x86/amd/hsmp: Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779). - platform/x86/amd/hsmp: Remove extra parenthesis and add a space (jsc#PED-8779). - platform/x86/amd/hsmp: Restructure sysfs group creation (jsc#PED-8779). - platform/x86/amd/hsmp: switch to use device_add_groups() (jsc#PED-8779). - platform/x86/intel/ifs: Initialize union ifs_status to zero (git-fixes). - power: supply: axp288_charger: Fix constant_charge_voltage writes (git-fixes). - power: supply: axp288_charger: Round constant_charge_voltage writes down (git-fixes). - power: supply: qcom_battmgr: return EAGAIN when firmware service is not up (git-fixes). - powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (bsc#1194869). - powerpc: xor_vmx: Add '-mhard-float' to CFLAGS (bsc#1194869). - powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (bsc#1194869). - powerpc/io: Avoid clang null pointer arithmetic warnings (bsc#1194869). - powerpc/kexec_file: fix cpus node update to FDT (bsc#1194869). - powerpc/kexec: make the update_cpus_node() function public (bsc#1194869). - powerpc/kexec: split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP (bsc#1194869). - powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (bsc#1194869). - powerpc/pseries: Whitelist dtl slub object for copying to userspace (bsc#1194869). - powerpc/radix: Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869). - powerpc/topology: Check if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes). - powerpc/xmon: Check cpu id in commands 'c#', 'dp#' and 'dx#' (bsc#1194869). - printk/panic: Allow cpu backtraces to be written into ringbuffer during panic (bsc#1225607). - RDMA: Fix netdev tracker in ib_device_set_netdev (git-fixes) - RDMA/cache: Release GID table even if leak is detected (git-fixes) - RDMA/device: Return error earlier if port in not valid (git-fixes) - RDMA/hns: Check atomic wr length (git-fixes) - RDMA/hns: Fix insufficient extend DB for VFs. (git-fixes) - RDMA/hns: Fix mbx timing out before CMD execution is completed (git-fixes) - RDMA/hns: Fix missing pagesize and alignment check in FRMR (git-fixes) - RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes) - RDMA/hns: Fix soft lockup under heavy CEQE load (git-fixes) - RDMA/hns: Fix undifined behavior caused by invalid max_sge (git-fixes) - RDMA/hns: Fix unmatch exception handling when init eq table fails (git-fixes) - RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes) - RDMA/mana_ib: Use virtual address in dma regions for MRs (git-fixes). - RDMA/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes) - RDMA/mlx4: Fix truncated output warning in mad.c (git-fixes) - RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes) - RDMA/rxe: Do not set BTH_ACK_MASK for UC or UD QPs (git-fixes) - reiserfs: fix uninit-value in comp_keys (git-fixes). - rtc: nct3018y: fix possible NULL dereference (stable-fixes). - s390/cpum_cf: Fix endless loop in CF_DIAG event stop (git-fixes bsc#1229171). - s390/dasd: fix error checks in dasd_copy_pair_store() (git-fixes bsc#1229173). - s390/dasd: fix error recovery leading to data corruption on ESE devices (git-fixes bsc#1229452). - s390/pci: Add missing virt_to_phys() for directed DIBV (git-fixes bsc#1229174). - s390/pci: Allow allocation of more than 1 MSI interrupt (git-fixes bsc#1229172). - s390/pci: Refactor arch_setup_msi_irqs() (git-fixes bsc#1229172). - s390/pkey: harmonize pkey s390 debug feature calls (bsc#1228720). - s390/pkey: introduce dynamic debugging for pkey (bsc#1228720). - s390/sclp: Prevent release of buffer in I/O (git-fixes bsc#1229169). - s390/uv: Panic for set and remove shared access UVC errors (git-fixes bsc#1229170). - samples/bpf: syscall_tp_user: Fix array out-of-bound access (git-fixes). - samples/bpf: syscall_tp_user: Rename num_progs into nr_tests (git-fixes). - sbitmap: use READ_ONCE to access map->word (stable-fixes). - scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (bsc#1228857). - scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (bsc#1228857). - scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (bsc#1228857). - scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (bsc#1228857). - scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (bsc#1228857). - scsi: lpfc: Relax PRLI issue conditions after GID_FT response (bsc#1228857). - scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (bsc#1228857). - scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857). - scsi: qla2xxx: Avoid possible run-time warning with long model_num (bsc#1228850). - scsi: qla2xxx: Complete command early within lock (bsc#1228850). - scsi: qla2xxx: Convert comma to semicolon (bsc#1228850). - scsi: qla2xxx: Drop driver owner assignment (bsc#1228850). - scsi: qla2xxx: During vport delete send async logout explicitly (bsc#1228850). - scsi: qla2xxx: Fix debugfs output for fw_resource_count (bsc#1228850). - scsi: qla2xxx: Fix flash read failure (bsc#1228850). - scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850). - scsi: qla2xxx: Fix optrom version displayed in FDMI (bsc#1228850). - scsi: qla2xxx: Indent help text (bsc#1228850). - scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850). - scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple' (bsc#1228850). - scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (bsc#1228850). - scsi: qla2xxx: Unable to act on RSCN for port online (bsc#1228850). - scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850). - scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850). - scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850). - selftest/bpf: Add map_in_maps with BPF_MAP_TYPE_PERF_EVENT_ARRAY values (git-fixes). - selftests/bpf: Add a test to verify previous stacksafe() fix (bsc#1225903). - selftests/bpf: Add assert for user stacks in test_task_stack (git-fixes). - selftests/bpf: Add netkit to tc_redirect selftest (git-fixes). - selftests/bpf: De-veth-ize the tc_redirect test case (git-fixes). - selftests/bpf: Disable IPv6 for lwt_redirect test (git-fixes). - selftests/bpf: fix bpf_loop_bench for new callback verification scheme (git-fixes). - selftests/bpf: fix compiler warnings in RELEASE=1 mode (git-fixes). - selftests/bpf: Fix erroneous bitmask operation (git-fixes). - selftests/bpf: Fix issues in setup_classid_environment() (git-fixes). - selftests/bpf: Fix potential premature unload in bpf_testmod (git-fixes). - selftests/bpf: Fix pyperf180 compilation failure with clang18 (git-fixes). - selftests/bpf: fix RELEASE=1 build for tc_opts (git-fixes). - selftests/bpf: Fix the flaky tc_redirect_dtime test (git-fixes). - selftests/bpf: Fix up xdp bonding test wrt feature flags (git-fixes). - selftests/bpf: Make linked_list failure test more robust (git-fixes). - selftests/bpf: Relax time_tai test for equal timestamps in tai_forward (git-fixes). - selftests/bpf: satisfy compiler by having explicit return in btf test (git-fixes). - selftests/bpf: Skip module_fentry_shadow test when bpf_testmod is not available (git-fixes). - selftests/bpf: Wait for the netstamp_needed_key static key to be turned on (git-fixes). - serial: core: check uartclk for zero to avoid divide by zero (stable-fixes). - soc: qcom: cmd-db: Map shared memory as WC, not WB (git-fixes). - soc: qcom: pmic_glink: Actually communicate when remote goes down (git-fixes). - soundwire: stream: fix programming slave ports for non-continous port maps (git-fixes). - spi: Add empty versions of ACPI functions (stable-fixes). - spi: microchip-core: fix init function not setting the master and motorola modes (git-fixes). - spi: microchip-core: switch to use modern name (stable-fixes). - spi: spi-fsl-lpspi: Fix scldiv calculation (git-fixes). - spi: spidev: Add missing spi_device_id for bh2228fv (git-fixes). - Squashfs: fix variable overflow triggered by sysbot (git-fixes). - squashfs: squashfs_read_data need to check if the length is 0 (git-fixes). - ssb: Fix division by zero issue in ssb_calc_clock_rate (stable-fixes). - staging: iio: resolver: ad2s1210: fix use before initialization (stable-fixes). - staging: ks7010: disable bh on tx_dev_lock (stable-fixes). - string.h: Introduce memtostr() and memtostr_pad() (bsc#1228849). - SUNRPC: add a missing rpc_stat for TCP TLS (git-fixes). - sunrpc: add a struct rpc_stats arg to rpc_create_args (git-fixes). - SUNRPC: Fix a race to wake a sync task (git-fixes). - swiotlb: do not set total_used to 0 in swiotlb_create_debugfs_files() (git-fixes). - swiotlb: fix swiotlb_bounce() to do partial sync's correctly (git-fixes). - syscalls: fix compat_sys_io_pgetevents_time64 usage (git-fixes). - thermal: bcm2835: Convert to platform remove callback returning void (stable-fixes). - thermal/drivers/broadcom: Fix race between removal and clock disable (git-fixes). - thunderbolt: Mark XDomain as unplugged when router is removed (stable-fixes). - tools/perf: Fix perf bench epoll to enable the run when some CPU's are offline (bsc#1227747). - tools/perf: Fix perf bench futex to enable the run when some CPU's are offline (bsc#1227747). - tools/perf: Fix timing issue with parallel threads in perf bench wake-up-parallel (bsc#1227747). - tools/resolve_btfids: fix build with musl libc (git-fixes). - tools/resolve_btfids: Fix comparison of distinct pointer types warning in resolve_btfids (git-fixes). - tools/resolve_btfids: Fix cross-compilation to non-host endianness (git-fixes). - tools/resolve_btfids: Refactor set sorting with types from btf_ids.h (git-fixes). - trace/pid_list: Change gfp flags in pid_list_fill_irq() (git-fixes). - tracing: Return from tracing_buffers_read() if the file has been closed (bsc#1229136 git-fixes). - tty: atmel_serial: use the correct RTS flag (git-fixes). - tty: serial: fsl_lpuart: mark last busy before uart_add_one_port (git-fixes). - usb: cdnsp: fix for Link TRB with TC (git-fixes). - usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function (git-fixes). - usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() (git-fixes). - usb: dwc3: core: Skip setting event buffers for host only controllers (stable-fixes). - usb: dwc3: omap: add missing depopulate in probe error path (git-fixes). - usb: dwc3: st: add missing depopulate in probe error path (git-fixes). - usb: dwc3: st: fix probed platform device ref count on probe error path (git-fixes). - usb: gadget: core: Check for unset descriptor (git-fixes). - usb: gadget: fsl: Increase size of name buffer for endpoints (stable-fixes). - usb: gadget: u_audio: Check return codes from usb_ep_enable and config_ep_by_speed (git-fixes). - usb: gadget: u_serial: Set start_delayed during suspend (git-fixes). - usb: gadget: uvc: cleanup request when not in correct state (stable-fixes). - USB: serial: debug: do not echo input by default (stable-fixes). - usb: typec: fsa4480: add support for Audio Accessory Mode (git-fixes). - usb: typec: fsa4480: Add support to swap SBU orientation (git-fixes). - usb: typec: fsa4480: Check if the chip is really there (git-fixes). - usb: typec: fsa4480: Relax CHIP_ID check (git-fixes). - usb: typec: fsa4480: rework mux & switch setup to handle more states (git-fixes). - usb: vhci-hcd: Do not drop references before new references are gained (stable-fixes). - vfio/pci: fix potential memory leak in vfio_intx_enable() (git-fixes). - vhost-scsi: Handle vhost_vq_work_queue failures for events (git-fixes). - vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (git-fixes). - vhost: Release worker mutex during flushes (git-fixes). - vhost: Use virtqueue mutex for swapping worker (git-fixes). - vhost/vsock: always initialize seqpacket_allow (git-fixes). - virt: guest_memfd: fix reference leak on hwpoisoned page (git-fixes). - virtio_net: use u64_stats_t infra to avoid data-races (git-fixes). - virtio-crypto: handle config changed by work queue (git-fixes). - virtio: reenable config if freezing device failed (git-fixes). - virtiofs: forbid newlines in tags (bsc#1229940). - wifi: ath12k: fix memory leak in ath12k_dp_rx_peer_frag_setup() (stable-fixes). - wifi: ath12k: fix soft lockup on suspend (git-fixes). - wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion (git-fixes). - wifi: cfg80211: fix reporting failed MLO links status with cfg80211_connect_done (git-fixes). - wifi: iwlwifi: fw: fix wgds rev 3 exact size (git-fixes). - wifi: mac80211: use monitor sdata with driver only if desired (git-fixes). - wifi: mwifiex: duplicate static structs used in driver instances (git-fixes). - wifi: nl80211: disallow setting special AP channel widths (stable-fixes). - wifi: nl80211: do not give key data to userspace (stable-fixes). - wifi: rtw88: usb: Fix disconnection after beacon loss (stable-fixes). - wifi: wfx: repair open network AP mode (git-fixes). - workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454). - workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454). - x86/asm: Use %c/%n instead of %P operand modifier in asm templates (git-fixes). - x86/entry/64: Remove obsolete comment on tracing vs. SYSRET (git-fixes). - x86/mm: Fix pti_clone_entry_text() for i386 (git-fixes). - x86/mm: Fix pti_clone_pgtable() alignment assumption (git-fixes). - x86/mtrr: Check if fixed MTRRs exist before saving them (git-fixes). - x86/numa: Fix SRAT lookup of CFMWS ranges with numa_fill_memblks() (git-fixes). - x86/numa: Fix the address overlap check in numa_fill_memblks() (git-fixes). - x86/numa: Fix the sort compare func used in numa_fill_memblks() (git-fixes). - x86/numa: Introduce numa_fill_memblks() (git-fixes). - x86/pci: Skip early E820 check for ECAM region (git-fixes). - x86/xen: Convert comma to semicolon (git-fixes). - xfs: allow cross-linking special files without project quota (git-fixes). - xfs: allow symlinks with short remote targets (bsc#1229160). - xfs: allow unlinked symlinks and dirs with zero size (git-fixes). - xfs: attr forks require attr, not attr2 (git-fixes). - xfs: convert comma to semicolon (git-fixes). - xfs: do not use current->journal_info (git-fixes). - xfs: Fix missing interval for missing_owner in xfs fsmap (git-fixes). - xfs: Fix the owner setting issue for rmap query in xfs fsmap (git-fixes). - xfs: fix unlink vs cluster buffer instantiation race (git-fixes). - xfs: honor init_xattrs in xfs_init_new_inode for !ATTR fs (git-fixes). - xfs: journal geometry is not properly bounds checked (git-fixes). - xfs: match lock mode in xfs_buffered_write_iomap_begin() (git-fixes). - xfs: require XFS_SB_FEAT_INCOMPAT_LOG_XATTRS for attr log intent item recovery (git-fixes). - xfs: upgrade the extent counters in xfs_reflink_end_cow_extent later (git-fixes). - xfs: use consistent uid/gid when grabbing dquots for inodes (git-fixes). - xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code (git-fixes). - xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (git-fixes). - xprtrdma: Fix rpcrdma_reqs_reset() (git-fixes). Important SUSE bug 1012628 SUSE bug 1193454 SUSE bug 1194869 SUSE bug 1205462 SUSE bug 1208783 SUSE bug 1213123 SUSE bug 1214285 SUSE bug 1215199 SUSE bug 1219596 SUSE bug 1220066 SUSE bug 1220252 SUSE bug 1220877 SUSE bug 1221326 SUSE bug 1221630 SUSE bug 1221645 SUSE bug 1221652 SUSE bug 1221857 SUSE bug 1222254 SUSE bug 1222335 SUSE bug 1222350 SUSE bug 1222364 SUSE bug 1222372 SUSE bug 1222387 SUSE bug 1222433 SUSE bug 1222434 SUSE bug 1222625 SUSE bug 1222633 SUSE bug 1222634 SUSE bug 1222777 SUSE bug 1222808 SUSE bug 1222967 SUSE bug 1222973 SUSE bug 1223053 SUSE bug 1223074 SUSE bug 1223191 SUSE bug 1223395 SUSE bug 1223635 SUSE bug 1223720 SUSE bug 1223731 SUSE bug 1223742 SUSE bug 1223763 SUSE bug 1223767 SUSE bug 1223777 SUSE bug 1223803 SUSE bug 1224105 SUSE bug 1224415 SUSE bug 1224485 SUSE bug 1224496 SUSE bug 1224510 SUSE bug 1224535 SUSE bug 1224631 SUSE bug 1224636 SUSE bug 1224690 SUSE bug 1224694 SUSE bug 1224700 SUSE bug 1224711 SUSE bug 1225461 SUSE bug 1225474 SUSE bug 1225475 SUSE bug 1225582 SUSE bug 1225607 SUSE bug 1225718 SUSE bug 1225751 SUSE bug 1225814 SUSE bug 1225832 SUSE bug 1225838 SUSE bug 1225903 SUSE bug 1226031 SUSE bug 1226127 SUSE bug 1226502 SUSE bug 1226530 SUSE bug 1226588 SUSE bug 1226604 SUSE bug 1226743 SUSE bug 1226751 SUSE bug 1226765 SUSE bug 1226798 SUSE bug 1226801 SUSE bug 1226834 SUSE bug 1226874 SUSE bug 1226885 SUSE bug 1226920 SUSE bug 1227149 SUSE bug 1227182 SUSE bug 1227383 SUSE bug 1227437 SUSE bug 1227492 SUSE bug 1227493 SUSE bug 1227494 SUSE bug 1227618 SUSE bug 1227620 SUSE bug 1227623 SUSE bug 1227627 SUSE bug 1227634 SUSE bug 1227706 SUSE bug 1227722 SUSE bug 1227724 SUSE bug 1227725 SUSE bug 1227728 SUSE bug 1227729 SUSE bug 1227732 SUSE bug 1227733 SUSE bug 1227734 SUSE bug 1227747 SUSE bug 1227750 SUSE bug 1227754 SUSE bug 1227758 SUSE bug 1227760 SUSE bug 1227761 SUSE bug 1227764 SUSE bug 1227766 SUSE bug 1227770 SUSE bug 1227771 SUSE bug 1227772 SUSE bug 1227774 SUSE bug 1227781 SUSE bug 1227784 SUSE bug 1227785 SUSE bug 1227787 SUSE bug 1227790 SUSE bug 1227791 SUSE bug 1227792 SUSE bug 1227796 SUSE bug 1227798 SUSE bug 1227799 SUSE bug 1227802 SUSE bug 1227808 SUSE bug 1227810 SUSE bug 1227811 SUSE bug 1227812 SUSE bug 1227815 SUSE bug 1227816 SUSE bug 1227818 SUSE bug 1227820 SUSE bug 1227823 SUSE bug 1227824 SUSE bug 1227826 SUSE bug 1227828 SUSE bug 1227829 SUSE bug 1227830 SUSE bug 1227832 SUSE bug 1227833 SUSE bug 1227834 SUSE bug 1227839 SUSE bug 1227840 SUSE bug 1227846 SUSE bug 1227849 SUSE bug 1227851 SUSE bug 1227853 SUSE bug 1227863 SUSE bug 1227864 SUSE bug 1227865 SUSE bug 1227867 SUSE bug 1227869 SUSE bug 1227870 SUSE bug 1227883 SUSE bug 1227884 SUSE bug 1227891 SUSE bug 1227893 SUSE bug 1227929 SUSE bug 1227950 SUSE bug 1227957 SUSE bug 1227981 SUSE bug 1228020 SUSE bug 1228021 SUSE bug 1228114 SUSE bug 1228192 SUSE bug 1228195 SUSE bug 1228202 SUSE bug 1228235 SUSE bug 1228236 SUSE bug 1228237 SUSE bug 1228247 SUSE bug 1228321 SUSE bug 1228409 SUSE bug 1228410 SUSE bug 1228426 SUSE bug 1228427 SUSE bug 1228429 SUSE bug 1228446 SUSE bug 1228447 SUSE bug 1228449 SUSE bug 1228450 SUSE bug 1228452 SUSE bug 1228456 SUSE bug 1228457 SUSE bug 1228458 SUSE bug 1228459 SUSE bug 1228460 SUSE bug 1228462 SUSE bug 1228463 SUSE bug 1228466 SUSE bug 1228467 SUSE bug 1228468 SUSE bug 1228469 SUSE bug 1228470 SUSE bug 1228472 SUSE bug 1228479 SUSE bug 1228480 SUSE bug 1228481 SUSE bug 1228482 SUSE bug 1228483 SUSE bug 1228484 SUSE bug 1228485 SUSE bug 1228486 SUSE bug 1228487 SUSE bug 1228489 SUSE bug 1228491 SUSE bug 1228492 SUSE bug 1228493 SUSE bug 1228494 SUSE bug 1228495 SUSE bug 1228496 SUSE bug 1228499 SUSE bug 1228500 SUSE bug 1228501 SUSE bug 1228502 SUSE bug 1228503 SUSE bug 1228505 SUSE bug 1228508 SUSE bug 1228509 SUSE bug 1228510 SUSE bug 1228511 SUSE bug 1228513 SUSE bug 1228515 SUSE bug 1228516 SUSE bug 1228518 SUSE bug 1228520 SUSE bug 1228525 SUSE bug 1228527 SUSE bug 1228530 SUSE bug 1228531 SUSE bug 1228539 SUSE bug 1228561 SUSE bug 1228563 SUSE bug 1228564 SUSE bug 1228565 SUSE bug 1228567 SUSE bug 1228568 SUSE bug 1228572 SUSE bug 1228576 SUSE bug 1228579 SUSE bug 1228580 SUSE bug 1228581 SUSE bug 1228582 SUSE bug 1228584 SUSE bug 1228586 SUSE bug 1228588 SUSE bug 1228590 SUSE bug 1228591 SUSE bug 1228599 SUSE bug 1228615 SUSE bug 1228616 SUSE bug 1228617 SUSE bug 1228625 SUSE bug 1228626 SUSE bug 1228633 SUSE bug 1228635 SUSE bug 1228636 SUSE bug 1228640 SUSE bug 1228643 SUSE bug 1228644 SUSE bug 1228646 SUSE bug 1228649 SUSE bug 1228650 SUSE bug 1228654 SUSE bug 1228655 SUSE bug 1228656 SUSE bug 1228658 SUSE bug 1228660 SUSE bug 1228662 SUSE bug 1228665 SUSE bug 1228666 SUSE bug 1228667 SUSE bug 1228672 SUSE bug 1228673 SUSE bug 1228674 SUSE bug 1228677 SUSE bug 1228680 SUSE bug 1228687 SUSE bug 1228705 SUSE bug 1228706 SUSE bug 1228707 SUSE bug 1228708 SUSE bug 1228709 SUSE bug 1228710 SUSE bug 1228718 SUSE bug 1228720 SUSE bug 1228721 SUSE bug 1228722 SUSE bug 1228723 SUSE bug 1228724 SUSE bug 1228726 SUSE bug 1228727 SUSE bug 1228733 SUSE bug 1228737 SUSE bug 1228743 SUSE bug 1228748 SUSE bug 1228754 SUSE bug 1228756 SUSE bug 1228757 SUSE bug 1228758 SUSE bug 1228764 SUSE bug 1228766 SUSE bug 1228779 SUSE bug 1228801 SUSE bug 1228849 SUSE bug 1228850 SUSE bug 1228857 SUSE bug 1228959 SUSE bug 1228964 SUSE bug 1228966 SUSE bug 1228967 SUSE bug 1228973 SUSE bug 1228977 SUSE bug 1228978 SUSE bug 1228979 SUSE bug 1228986 SUSE bug 1228988 SUSE bug 1228989 SUSE bug 1228991 SUSE bug 1228992 SUSE bug 1229005 SUSE bug 1229024 SUSE bug 1229042 SUSE bug 1229045 SUSE bug 1229046 SUSE bug 1229054 SUSE bug 1229056 SUSE bug 1229086 SUSE bug 1229134 SUSE bug 1229136 SUSE bug 1229154 SUSE bug 1229156 SUSE bug 1229160 SUSE bug 1229167 SUSE bug 1229168 SUSE bug 1229169 SUSE bug 1229170 SUSE bug 1229171 SUSE bug 1229172 SUSE bug 1229173 SUSE bug 1229174 SUSE bug 1229239 SUSE bug 1229240 SUSE bug 1229241 SUSE bug 1229243 SUSE bug 1229244 SUSE bug 1229245 SUSE bug 1229246 SUSE bug 1229247 SUSE bug 1229248 SUSE bug 1229249 SUSE bug 1229250 SUSE bug 1229251 SUSE bug 1229252 SUSE bug 1229253 SUSE bug 1229254 SUSE bug 1229255 SUSE bug 1229256 SUSE bug 1229287 SUSE bug 1229290 SUSE bug 1229291 SUSE bug 1229292 SUSE bug 1229294 SUSE bug 1229296 SUSE bug 1229297 SUSE bug 1229298 SUSE bug 1229299 SUSE bug 1229301 SUSE bug 1229303 SUSE bug 1229304 SUSE bug 1229305 SUSE bug 1229307 SUSE bug 1229309 SUSE bug 1229312 SUSE bug 1229313 SUSE bug 1229314 SUSE bug 1229315 SUSE bug 1229316 SUSE bug 1229317 SUSE bug 1229318 SUSE bug 1229319 SUSE bug 1229320 SUSE bug 1229327 SUSE bug 1229341 SUSE bug 1229342 SUSE bug 1229344 SUSE bug 1229345 SUSE bug 1229346 SUSE bug 1229347 SUSE bug 1229349 SUSE bug 1229350 SUSE bug 1229351 SUSE bug 1229353 SUSE bug 1229354 SUSE bug 1229355 SUSE bug 1229356 SUSE bug 1229357 SUSE bug 1229358 SUSE bug 1229359 SUSE bug 1229360 SUSE bug 1229365 SUSE bug 1229366 SUSE bug 1229369 SUSE bug 1229370 SUSE bug 1229373 SUSE bug 1229374 SUSE bug 1229379 SUSE bug 1229381 SUSE bug 1229382 SUSE bug 1229383 SUSE bug 1229386 SUSE bug 1229388 SUSE bug 1229390 SUSE bug 1229391 SUSE bug 1229392 SUSE bug 1229395 SUSE bug 1229398 SUSE bug 1229399 SUSE bug 1229400 SUSE bug 1229402 SUSE bug 1229403 SUSE bug 1229404 SUSE bug 1229407 SUSE bug 1229409 SUSE bug 1229410 SUSE bug 1229411 SUSE bug 1229413 SUSE bug 1229414 SUSE bug 1229417 SUSE bug 1229444 SUSE bug 1229451 SUSE bug 1229452 SUSE bug 1229455 SUSE bug 1229456 SUSE bug 1229480 SUSE bug 1229481 SUSE bug 1229482 SUSE bug 1229484 SUSE bug 1229485 SUSE bug 1229486 SUSE bug 1229487 SUSE bug 1229488 SUSE bug 1229489 SUSE bug 1229490 SUSE bug 1229493 SUSE bug 1229495 SUSE bug 1229496 SUSE bug 1229497 SUSE bug 1229500 SUSE bug 1229503 SUSE bug 1229707 SUSE bug 1229739 SUSE bug 1229743 SUSE bug 1229746 SUSE bug 1229747 SUSE bug 1229752 SUSE bug 1229754 SUSE bug 1229755 SUSE bug 1229756 SUSE bug 1229759 SUSE bug 1229761 SUSE bug 1229767 SUSE bug 1229781 SUSE bug 1229784 SUSE bug 1229785 SUSE bug 1229787 SUSE bug 1229788 SUSE bug 1229789 SUSE bug 1229792 SUSE bug 1229820 SUSE bug 1229827 SUSE bug 1229830 SUSE bug 1229837 SUSE bug 1229940 SUSE bug 1230056 CVE-2023-52489 at SUSE CVE-2023-52489 at NVD CVE-2023-52581 at SUSE CVE-2023-52581 at NVD CVE-2023-52668 at SUSE CVE-2023-52668 at NVD CVE-2023-52688 at SUSE CVE-2023-52688 at NVD CVE-2023-52756 at SUSE CVE-2023-52756 at NVD CVE-2023-52766 at SUSE CVE-2023-52766 at NVD CVE-2023-52800 at SUSE CVE-2023-52800 at NVD CVE-2023-52802 at SUSE CVE-2023-52802 at NVD CVE-2023-52859 at SUSE CVE-2023-52859 at NVD CVE-2023-52885 at SUSE CVE-2023-52885 at NVD CVE-2023-52886 at SUSE CVE-2023-52886 at NVD CVE-2023-52887 at SUSE CVE-2023-52887 at NVD CVE-2023-52889 at SUSE CVE-2023-52889 at NVD CVE-2024-26590 at SUSE CVE-2024-26590 at NVD CVE-2024-26631 at SUSE CVE-2024-26631 at NVD CVE-2024-26637 at SUSE CVE-2024-26637 at NVD CVE-2024-26668 at SUSE CVE-2024-26668 at NVD CVE-2024-26669 at SUSE CVE-2024-26669 at NVD CVE-2024-26677 at SUSE CVE-2024-26677 at NVD CVE-2024-26682 at SUSE CVE-2024-26682 at NVD CVE-2024-26683 at SUSE CVE-2024-26683 at NVD CVE-2024-26735 at SUSE CVE-2024-26735 at NVD CVE-2024-26758 at SUSE CVE-2024-26758 at NVD CVE-2024-26767 at SUSE CVE-2024-26767 at NVD CVE-2024-26808 at SUSE CVE-2024-26808 at NVD CVE-2024-26809 at SUSE CVE-2024-26809 at NVD CVE-2024-26812 at SUSE CVE-2024-26812 at NVD CVE-2024-26835 at SUSE CVE-2024-26835 at NVD CVE-2024-26837 at SUSE CVE-2024-26837 at NVD CVE-2024-26849 at SUSE CVE-2024-26849 at NVD CVE-2024-26851 at SUSE CVE-2024-26851 at NVD CVE-2024-26889 at SUSE CVE-2024-26889 at NVD CVE-2024-26920 at SUSE CVE-2024-26920 at NVD CVE-2024-26976 at SUSE CVE-2024-26976 at NVD CVE-2024-27010 at SUSE CVE-2024-27010 at NVD CVE-2024-27011 at SUSE CVE-2024-27011 at NVD CVE-2024-27024 at SUSE CVE-2024-27024 at NVD CVE-2024-27049 at SUSE CVE-2024-27049 at NVD CVE-2024-27050 at SUSE CVE-2024-27050 at NVD CVE-2024-27079 at SUSE CVE-2024-27079 at NVD CVE-2024-27403 at SUSE CVE-2024-27403 at NVD CVE-2024-27433 at SUSE CVE-2024-27433 at NVD CVE-2024-27437 at SUSE CVE-2024-27437 at NVD CVE-2024-31076 at SUSE CVE-2024-31076 at NVD CVE-2024-35855 at SUSE CVE-2024-35855 at NVD CVE-2024-35897 at SUSE CVE-2024-35897 at NVD CVE-2024-35902 at SUSE CVE-2024-35902 at NVD CVE-2024-35913 at SUSE CVE-2024-35913 at NVD CVE-2024-35939 at SUSE CVE-2024-35939 at NVD CVE-2024-35949 at SUSE CVE-2024-35949 at NVD CVE-2024-36270 at SUSE CVE-2024-36270 at NVD CVE-2024-36286 at SUSE CVE-2024-36286 at NVD CVE-2024-36288 at SUSE CVE-2024-36288 at NVD CVE-2024-36489 at SUSE CVE-2024-36489 at NVD CVE-2024-36881 at SUSE CVE-2024-36881 at NVD CVE-2024-36907 at SUSE CVE-2024-36907 at NVD CVE-2024-36929 at SUSE CVE-2024-36929 at NVD CVE-2024-36933 at SUSE CVE-2024-36933 at NVD CVE-2024-36939 at SUSE CVE-2024-36939 at NVD CVE-2024-36970 at SUSE CVE-2024-36970 at NVD CVE-2024-36979 at SUSE CVE-2024-36979 at NVD CVE-2024-38548 at SUSE CVE-2024-38548 at NVD CVE-2024-38563 at SUSE CVE-2024-38563 at NVD CVE-2024-38609 at SUSE CVE-2024-38609 at NVD CVE-2024-38662 at SUSE CVE-2024-38662 at NVD CVE-2024-39476 at SUSE CVE-2024-39476 at NVD CVE-2024-39483 at SUSE CVE-2024-39483 at NVD CVE-2024-39484 at SUSE CVE-2024-39484 at NVD CVE-2024-39486 at SUSE CVE-2024-39486 at NVD CVE-2024-39488 at SUSE CVE-2024-39488 at NVD CVE-2024-39489 at SUSE CVE-2024-39489 at NVD CVE-2024-39491 at SUSE CVE-2024-39491 at NVD CVE-2024-39493 at SUSE CVE-2024-39493 at NVD CVE-2024-39497 at SUSE CVE-2024-39497 at NVD CVE-2024-39499 at SUSE CVE-2024-39499 at NVD CVE-2024-39500 at SUSE CVE-2024-39500 at NVD CVE-2024-39501 at SUSE CVE-2024-39501 at NVD CVE-2024-39505 at SUSE CVE-2024-39505 at NVD CVE-2024-39506 at SUSE CVE-2024-39506 at NVD CVE-2024-39508 at SUSE CVE-2024-39508 at NVD CVE-2024-39509 at SUSE CVE-2024-39509 at NVD CVE-2024-39510 at SUSE CVE-2024-39510 at NVD CVE-2024-40899 at SUSE CVE-2024-40899 at NVD CVE-2024-40900 at SUSE CVE-2024-40900 at NVD CVE-2024-40902 at SUSE CVE-2024-40902 at NVD CVE-2024-40903 at SUSE CVE-2024-40903 at NVD CVE-2024-40904 at SUSE CVE-2024-40904 at NVD CVE-2024-40905 at SUSE CVE-2024-40905 at NVD CVE-2024-40909 at SUSE CVE-2024-40909 at NVD CVE-2024-40910 at SUSE CVE-2024-40910 at NVD CVE-2024-40911 at SUSE CVE-2024-40911 at NVD CVE-2024-40912 at SUSE CVE-2024-40912 at NVD CVE-2024-40913 at SUSE CVE-2024-40913 at NVD CVE-2024-40916 at SUSE CVE-2024-40916 at NVD CVE-2024-40920 at SUSE CVE-2024-40920 at NVD CVE-2024-40921 at SUSE CVE-2024-40921 at NVD CVE-2024-40922 at SUSE CVE-2024-40922 at NVD CVE-2024-40924 at SUSE CVE-2024-40924 at NVD CVE-2024-40926 at SUSE CVE-2024-40926 at NVD CVE-2024-40927 at SUSE CVE-2024-40927 at NVD CVE-2024-40929 at SUSE CVE-2024-40929 at NVD CVE-2024-40930 at SUSE CVE-2024-40930 at NVD CVE-2024-40932 at SUSE CVE-2024-40932 at NVD CVE-2024-40934 at SUSE CVE-2024-40934 at NVD CVE-2024-40936 at SUSE CVE-2024-40936 at NVD CVE-2024-40938 at SUSE CVE-2024-40938 at NVD CVE-2024-40939 at SUSE CVE-2024-40939 at NVD CVE-2024-40941 at SUSE CVE-2024-40941 at NVD CVE-2024-40942 at SUSE CVE-2024-40942 at NVD CVE-2024-40943 at SUSE CVE-2024-40943 at NVD CVE-2024-40944 at SUSE CVE-2024-40944 at NVD CVE-2024-40945 at SUSE CVE-2024-40945 at NVD CVE-2024-40954 at SUSE CVE-2024-40954 at NVD CVE-2024-40956 at SUSE CVE-2024-40956 at NVD CVE-2024-40957 at SUSE CVE-2024-40957 at NVD CVE-2024-40958 at SUSE CVE-2024-40958 at NVD CVE-2024-40959 at SUSE CVE-2024-40959 at NVD CVE-2024-40962 at SUSE CVE-2024-40962 at NVD CVE-2024-40964 at SUSE CVE-2024-40964 at NVD CVE-2024-40967 at SUSE CVE-2024-40967 at NVD CVE-2024-40976 at SUSE CVE-2024-40976 at NVD CVE-2024-40977 at SUSE CVE-2024-40977 at NVD CVE-2024-40978 at SUSE CVE-2024-40978 at NVD CVE-2024-40981 at SUSE CVE-2024-40981 at NVD CVE-2024-40982 at SUSE CVE-2024-40982 at NVD CVE-2024-40984 at SUSE CVE-2024-40984 at NVD CVE-2024-40987 at SUSE CVE-2024-40987 at NVD CVE-2024-40988 at SUSE CVE-2024-40988 at NVD CVE-2024-40989 at SUSE CVE-2024-40989 at NVD CVE-2024-40990 at SUSE CVE-2024-40990 at NVD CVE-2024-40992 at SUSE CVE-2024-40992 at NVD CVE-2024-40994 at SUSE CVE-2024-40994 at NVD CVE-2024-40995 at SUSE CVE-2024-40995 at NVD CVE-2024-40997 at SUSE CVE-2024-40997 at NVD CVE-2024-41000 at SUSE CVE-2024-41000 at NVD CVE-2024-41001 at SUSE CVE-2024-41001 at NVD CVE-2024-41002 at SUSE CVE-2024-41002 at NVD CVE-2024-41004 at SUSE CVE-2024-41004 at NVD CVE-2024-41007 at SUSE CVE-2024-41007 at NVD CVE-2024-41009 at SUSE CVE-2024-41009 at NVD CVE-2024-41010 at SUSE CVE-2024-41010 at NVD CVE-2024-41011 at SUSE CVE-2024-41011 at NVD CVE-2024-41012 at SUSE CVE-2024-41012 at NVD CVE-2024-41015 at SUSE CVE-2024-41015 at NVD CVE-2024-41016 at SUSE CVE-2024-41016 at NVD CVE-2024-41020 at SUSE CVE-2024-41020 at NVD CVE-2024-41022 at SUSE CVE-2024-41022 at NVD CVE-2024-41024 at SUSE CVE-2024-41024 at NVD CVE-2024-41025 at SUSE CVE-2024-41025 at NVD CVE-2024-41028 at SUSE CVE-2024-41028 at NVD CVE-2024-41032 at SUSE CVE-2024-41032 at NVD CVE-2024-41035 at SUSE CVE-2024-41035 at NVD CVE-2024-41036 at SUSE CVE-2024-41036 at NVD CVE-2024-41037 at SUSE CVE-2024-41037 at NVD CVE-2024-41038 at SUSE CVE-2024-41038 at NVD CVE-2024-41039 at SUSE CVE-2024-41039 at NVD CVE-2024-41040 at SUSE CVE-2024-41040 at NVD CVE-2024-41041 at SUSE CVE-2024-41041 at NVD CVE-2024-41044 at SUSE CVE-2024-41044 at NVD CVE-2024-41045 at SUSE CVE-2024-41045 at NVD CVE-2024-41048 at SUSE CVE-2024-41048 at NVD CVE-2024-41049 at SUSE CVE-2024-41049 at NVD CVE-2024-41050 at SUSE CVE-2024-41050 at NVD CVE-2024-41051 at SUSE CVE-2024-41051 at NVD CVE-2024-41056 at SUSE CVE-2024-41056 at NVD CVE-2024-41057 at SUSE CVE-2024-41057 at NVD CVE-2024-41058 at SUSE CVE-2024-41058 at NVD CVE-2024-41059 at SUSE CVE-2024-41059 at NVD CVE-2024-41060 at SUSE CVE-2024-41060 at NVD CVE-2024-41061 at SUSE CVE-2024-41061 at NVD CVE-2024-41062 at SUSE CVE-2024-41062 at NVD CVE-2024-41063 at SUSE CVE-2024-41063 at NVD CVE-2024-41064 at SUSE CVE-2024-41064 at NVD CVE-2024-41065 at SUSE CVE-2024-41065 at NVD CVE-2024-41066 at SUSE CVE-2024-41066 at NVD CVE-2024-41068 at SUSE CVE-2024-41068 at NVD CVE-2024-41069 at SUSE CVE-2024-41069 at NVD CVE-2024-41070 at SUSE CVE-2024-41070 at NVD CVE-2024-41071 at SUSE CVE-2024-41071 at NVD CVE-2024-41072 at SUSE CVE-2024-41072 at NVD CVE-2024-41073 at SUSE CVE-2024-41073 at NVD CVE-2024-41074 at SUSE CVE-2024-41074 at NVD CVE-2024-41075 at SUSE CVE-2024-41075 at NVD CVE-2024-41076 at SUSE CVE-2024-41076 at NVD CVE-2024-41078 at SUSE CVE-2024-41078 at NVD CVE-2024-41079 at SUSE CVE-2024-41079 at NVD CVE-2024-41080 at SUSE CVE-2024-41080 at NVD CVE-2024-41081 at SUSE CVE-2024-41081 at NVD CVE-2024-41084 at SUSE CVE-2024-41084 at NVD CVE-2024-41087 at SUSE CVE-2024-41087 at NVD CVE-2024-41088 at SUSE CVE-2024-41088 at NVD CVE-2024-41089 at SUSE CVE-2024-41089 at NVD CVE-2024-41092 at SUSE CVE-2024-41092 at NVD CVE-2024-41093 at SUSE CVE-2024-41093 at NVD CVE-2024-41094 at SUSE CVE-2024-41094 at NVD CVE-2024-41095 at SUSE CVE-2024-41095 at NVD CVE-2024-41096 at SUSE CVE-2024-41096 at NVD CVE-2024-41097 at SUSE CVE-2024-41097 at NVD CVE-2024-41098 at SUSE CVE-2024-41098 at NVD CVE-2024-42064 at SUSE CVE-2024-42064 at NVD CVE-2024-42069 at SUSE CVE-2024-42069 at NVD CVE-2024-42070 at SUSE CVE-2024-42070 at NVD CVE-2024-42073 at SUSE CVE-2024-42073 at NVD CVE-2024-42074 at SUSE CVE-2024-42074 at NVD CVE-2024-42076 at SUSE CVE-2024-42076 at NVD CVE-2024-42077 at SUSE CVE-2024-42077 at NVD CVE-2024-42079 at SUSE CVE-2024-42079 at NVD CVE-2024-42080 at SUSE CVE-2024-42080 at NVD CVE-2024-42082 at SUSE CVE-2024-42082 at NVD CVE-2024-42085 at SUSE CVE-2024-42085 at NVD CVE-2024-42086 at SUSE CVE-2024-42086 at NVD CVE-2024-42087 at SUSE CVE-2024-42087 at NVD CVE-2024-42089 at SUSE CVE-2024-42089 at NVD CVE-2024-42090 at SUSE CVE-2024-42090 at NVD CVE-2024-42092 at SUSE CVE-2024-42092 at NVD CVE-2024-42093 at SUSE CVE-2024-42093 at NVD CVE-2024-42095 at SUSE CVE-2024-42095 at NVD CVE-2024-42096 at SUSE CVE-2024-42096 at NVD CVE-2024-42097 at SUSE CVE-2024-42097 at NVD CVE-2024-42098 at SUSE CVE-2024-42098 at NVD CVE-2024-42101 at SUSE CVE-2024-42101 at NVD CVE-2024-42104 at SUSE CVE-2024-42104 at NVD CVE-2024-42105 at SUSE CVE-2024-42105 at NVD CVE-2024-42106 at SUSE CVE-2024-42106 at NVD CVE-2024-42107 at SUSE CVE-2024-42107 at NVD CVE-2024-42109 at SUSE CVE-2024-42109 at NVD CVE-2024-42110 at SUSE CVE-2024-42110 at NVD CVE-2024-42113 at SUSE CVE-2024-42113 at NVD CVE-2024-42114 at SUSE CVE-2024-42114 at NVD CVE-2024-42115 at SUSE CVE-2024-42115 at NVD CVE-2024-42117 at SUSE CVE-2024-42117 at NVD CVE-2024-42119 at SUSE CVE-2024-42119 at NVD CVE-2024-42120 at SUSE CVE-2024-42120 at NVD CVE-2024-42121 at SUSE CVE-2024-42121 at NVD CVE-2024-42122 at SUSE CVE-2024-42122 at NVD CVE-2024-42124 at SUSE CVE-2024-42124 at NVD CVE-2024-42125 at SUSE CVE-2024-42125 at NVD CVE-2024-42126 at SUSE CVE-2024-42126 at NVD CVE-2024-42127 at SUSE CVE-2024-42127 at NVD CVE-2024-42130 at SUSE CVE-2024-42130 at NVD CVE-2024-42131 at SUSE CVE-2024-42131 at NVD CVE-2024-42132 at SUSE CVE-2024-42132 at NVD CVE-2024-42133 at SUSE CVE-2024-42133 at NVD CVE-2024-42136 at SUSE CVE-2024-42136 at NVD CVE-2024-42137 at SUSE CVE-2024-42137 at NVD CVE-2024-42138 at SUSE CVE-2024-42138 at NVD CVE-2024-42139 at SUSE CVE-2024-42139 at NVD CVE-2024-42141 at SUSE CVE-2024-42141 at NVD CVE-2024-42142 at SUSE CVE-2024-42142 at NVD CVE-2024-42143 at SUSE CVE-2024-42143 at NVD CVE-2024-42144 at SUSE CVE-2024-42144 at NVD CVE-2024-42145 at SUSE CVE-2024-42145 at NVD CVE-2024-42147 at SUSE CVE-2024-42147 at NVD CVE-2024-42148 at SUSE CVE-2024-42148 at NVD CVE-2024-42152 at SUSE CVE-2024-42152 at NVD CVE-2024-42153 at SUSE CVE-2024-42153 at NVD CVE-2024-42155 at SUSE CVE-2024-42155 at NVD CVE-2024-42156 at SUSE CVE-2024-42156 at NVD CVE-2024-42157 at SUSE CVE-2024-42157 at NVD CVE-2024-42158 at SUSE CVE-2024-42158 at NVD CVE-2024-42159 at SUSE CVE-2024-42159 at NVD CVE-2024-42161 at SUSE CVE-2024-42161 at NVD CVE-2024-42162 at SUSE CVE-2024-42162 at NVD CVE-2024-42223 at SUSE CVE-2024-42223 at NVD CVE-2024-42224 at SUSE CVE-2024-42224 at NVD CVE-2024-42225 at SUSE CVE-2024-42225 at NVD CVE-2024-42226 at SUSE CVE-2024-42226 at NVD CVE-2024-42227 at SUSE CVE-2024-42227 at NVD CVE-2024-42228 at SUSE CVE-2024-42228 at NVD CVE-2024-42229 at SUSE CVE-2024-42229 at NVD CVE-2024-42230 at SUSE CVE-2024-42230 at NVD CVE-2024-42232 at SUSE CVE-2024-42232 at NVD CVE-2024-42236 at SUSE CVE-2024-42236 at NVD CVE-2024-42237 at SUSE CVE-2024-42237 at NVD CVE-2024-42238 at SUSE CVE-2024-42238 at NVD CVE-2024-42239 at SUSE CVE-2024-42239 at NVD CVE-2024-42240 at SUSE CVE-2024-42240 at NVD CVE-2024-42241 at SUSE CVE-2024-42241 at NVD CVE-2024-42244 at SUSE CVE-2024-42244 at NVD CVE-2024-42245 at SUSE CVE-2024-42245 at NVD CVE-2024-42246 at SUSE CVE-2024-42246 at NVD CVE-2024-42247 at SUSE CVE-2024-42247 at NVD CVE-2024-42250 at SUSE CVE-2024-42250 at NVD CVE-2024-42253 at SUSE CVE-2024-42253 at NVD CVE-2024-42259 at SUSE CVE-2024-42259 at NVD CVE-2024-42268 at SUSE CVE-2024-42268 at NVD CVE-2024-42269 at SUSE CVE-2024-42269 at NVD CVE-2024-42270 at SUSE CVE-2024-42270 at NVD CVE-2024-42271 at SUSE CVE-2024-42271 at NVD CVE-2024-42274 at SUSE CVE-2024-42274 at NVD CVE-2024-42276 at SUSE CVE-2024-42276 at NVD CVE-2024-42277 at SUSE CVE-2024-42277 at NVD CVE-2024-42278 at SUSE CVE-2024-42278 at NVD CVE-2024-42279 at SUSE CVE-2024-42279 at NVD CVE-2024-42280 at SUSE CVE-2024-42280 at NVD CVE-2024-42281 at SUSE CVE-2024-42281 at NVD CVE-2024-42283 at SUSE CVE-2024-42283 at NVD CVE-2024-42284 at SUSE CVE-2024-42284 at NVD CVE-2024-42285 at SUSE CVE-2024-42285 at NVD CVE-2024-42286 at SUSE CVE-2024-42286 at NVD CVE-2024-42287 at SUSE CVE-2024-42287 at NVD CVE-2024-42288 at SUSE CVE-2024-42288 at NVD CVE-2024-42289 at SUSE CVE-2024-42289 at NVD CVE-2024-42290 at SUSE CVE-2024-42290 at NVD CVE-2024-42291 at SUSE CVE-2024-42291 at NVD CVE-2024-42292 at SUSE CVE-2024-42292 at NVD CVE-2024-42295 at SUSE CVE-2024-42295 at NVD CVE-2024-42298 at SUSE CVE-2024-42298 at NVD CVE-2024-42301 at SUSE CVE-2024-42301 at NVD CVE-2024-42302 at SUSE CVE-2024-42302 at NVD CVE-2024-42303 at SUSE CVE-2024-42303 at NVD CVE-2024-42308 at SUSE CVE-2024-42308 at NVD CVE-2024-42309 at SUSE CVE-2024-42309 at NVD CVE-2024-42310 at SUSE CVE-2024-42310 at NVD CVE-2024-42311 at SUSE CVE-2024-42311 at NVD CVE-2024-42312 at SUSE CVE-2024-42312 at NVD CVE-2024-42313 at SUSE CVE-2024-42313 at NVD CVE-2024-42314 at SUSE CVE-2024-42314 at NVD CVE-2024-42315 at SUSE CVE-2024-42315 at NVD CVE-2024-42316 at SUSE CVE-2024-42316 at NVD CVE-2024-42318 at SUSE CVE-2024-42318 at NVD CVE-2024-42319 at SUSE CVE-2024-42319 at NVD CVE-2024-42320 at SUSE CVE-2024-42320 at NVD CVE-2024-42322 at SUSE CVE-2024-42322 at NVD CVE-2024-43816 at SUSE CVE-2024-43816 at NVD CVE-2024-43817 at SUSE CVE-2024-43817 at NVD CVE-2024-43818 at SUSE CVE-2024-43818 at NVD CVE-2024-43819 at SUSE CVE-2024-43819 at NVD CVE-2024-43821 at SUSE CVE-2024-43821 at NVD CVE-2024-43823 at SUSE CVE-2024-43823 at NVD CVE-2024-43824 at SUSE CVE-2024-43824 at NVD CVE-2024-43825 at SUSE CVE-2024-43825 at NVD CVE-2024-43826 at SUSE CVE-2024-43826 at NVD CVE-2024-43829 at SUSE CVE-2024-43829 at NVD CVE-2024-43830 at SUSE CVE-2024-43830 at NVD CVE-2024-43831 at SUSE CVE-2024-43831 at NVD CVE-2024-43833 at SUSE CVE-2024-43833 at NVD CVE-2024-43834 at SUSE CVE-2024-43834 at NVD CVE-2024-43837 at SUSE CVE-2024-43837 at NVD CVE-2024-43839 at SUSE CVE-2024-43839 at NVD CVE-2024-43840 at SUSE CVE-2024-43840 at NVD CVE-2024-43841 at SUSE CVE-2024-43841 at NVD CVE-2024-43842 at SUSE CVE-2024-43842 at NVD CVE-2024-43846 at SUSE CVE-2024-43846 at NVD CVE-2024-43847 at SUSE CVE-2024-43847 at NVD CVE-2024-43849 at SUSE CVE-2024-43849 at NVD CVE-2024-43850 at SUSE CVE-2024-43850 at NVD CVE-2024-43851 at SUSE CVE-2024-43851 at NVD CVE-2024-43853 at SUSE CVE-2024-43853 at NVD CVE-2024-43854 at SUSE CVE-2024-43854 at NVD CVE-2024-43855 at SUSE CVE-2024-43855 at NVD CVE-2024-43856 at SUSE CVE-2024-43856 at NVD CVE-2024-43858 at SUSE CVE-2024-43858 at NVD CVE-2024-43860 at SUSE CVE-2024-43860 at NVD CVE-2024-43861 at SUSE CVE-2024-43861 at NVD CVE-2024-43863 at SUSE CVE-2024-43863 at NVD CVE-2024-43864 at SUSE CVE-2024-43864 at NVD CVE-2024-43866 at SUSE CVE-2024-43866 at NVD CVE-2024-43867 at SUSE CVE-2024-43867 at NVD CVE-2024-43871 at SUSE CVE-2024-43871 at NVD CVE-2024-43872 at SUSE CVE-2024-43872 at NVD CVE-2024-43873 at SUSE CVE-2024-43873 at NVD CVE-2024-43874 at SUSE CVE-2024-43874 at NVD CVE-2024-43875 at SUSE CVE-2024-43875 at NVD CVE-2024-43876 at SUSE CVE-2024-43876 at NVD CVE-2024-43877 at SUSE CVE-2024-43877 at NVD CVE-2024-43879 at SUSE CVE-2024-43879 at NVD CVE-2024-43880 at SUSE CVE-2024-43880 at NVD CVE-2024-43881 at SUSE CVE-2024-43881 at NVD CVE-2024-43882 at SUSE CVE-2024-43882 at NVD CVE-2024-43883 at SUSE CVE-2024-43883 at NVD CVE-2024-43884 at SUSE CVE-2024-43884 at NVD CVE-2024-43885 at SUSE CVE-2024-43885 at NVD CVE-2024-43889 at SUSE CVE-2024-43889 at NVD CVE-2024-43892 at SUSE CVE-2024-43892 at NVD CVE-2024-43893 at SUSE CVE-2024-43893 at NVD CVE-2024-43894 at SUSE CVE-2024-43894 at NVD CVE-2024-43895 at SUSE CVE-2024-43895 at NVD CVE-2024-43897 at SUSE CVE-2024-43897 at NVD CVE-2024-43899 at SUSE CVE-2024-43899 at NVD CVE-2024-43900 at SUSE CVE-2024-43900 at NVD CVE-2024-43902 at SUSE CVE-2024-43902 at NVD CVE-2024-43903 at SUSE CVE-2024-43903 at NVD CVE-2024-43905 at SUSE CVE-2024-43905 at NVD CVE-2024-43906 at SUSE CVE-2024-43906 at NVD CVE-2024-43907 at SUSE CVE-2024-43907 at NVD CVE-2024-43908 at SUSE CVE-2024-43908 at NVD CVE-2024-43909 at SUSE CVE-2024-43909 at NVD CVE-2024-43911 at SUSE CVE-2024-43911 at NVD CVE-2024-43912 at SUSE CVE-2024-43912 at NVD CVE-2024-44931 at SUSE CVE-2024-44931 at NVD CVE-2024-44938 at SUSE CVE-2024-44938 at NVD CVE-2024-44939 at SUSE CVE-2024-44939 at NVD cpe:/o:opensuse:leap:15.6 Security update for curl (Moderate) openSUSE Leap 15.6 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) Moderate SUSE bug 1230093 CVE-2024-8096 at SUSE CVE-2024-8096 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.22 (Moderate) openSUSE Leap 15.6 This update for go1.22 fixes the following issues: - Update go v1.22.7 - CVE-2024-34155: Fixed stack exhaustion in all Parse* functions. (bsc#1230252) - CVE-2024-34156: Fixed stack exhaustion in Decoder.Decode. (bsc#1230253) - CVE-2024-34158: Fixed stack exhaustion in Parse. (bsc#1230254) Moderate SUSE bug 1218424 SUSE bug 1230252 SUSE bug 1230253 SUSE bug 1230254 CVE-2024-34155 at SUSE CVE-2024-34155 at NVD CVE-2024-34156 at SUSE CVE-2024-34156 at NVD CVE-2024-34158 at SUSE CVE-2024-34158 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.23 (Moderate) openSUSE Leap 15.6 This update for go1.23 fixes the following issues: - Update go v1.23.1 - CVE-2024-34155: Fixed stack exhaustion in all Parse* functions. (bsc#1230252) - CVE-2024-34156: Fixed stack exhaustion in Decoder.Decode. (bsc#1230253) - CVE-2024-34158: Fixed stack exhaustion in Parse. (bsc#1230254) Moderate SUSE bug 1229122 SUSE bug 1230252 SUSE bug 1230253 SUSE bug 1230254 CVE-2024-34155 at SUSE CVE-2024-34155 at NVD CVE-2024-34156 at SUSE CVE-2024-34156 at NVD CVE-2024-34158 at SUSE CVE-2024-34158 at NVD cpe:/o:opensuse:leap:15.6 Security update for expat (Moderate) openSUSE Leap 15.6 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) Moderate SUSE bug 1229930 SUSE bug 1229931 SUSE bug 1229932 CVE-2024-45490 at SUSE CVE-2024-45490 at NVD CVE-2024-45491 at SUSE CVE-2024-45491 at NVD CVE-2024-45492 at SUSE CVE-2024-45492 at NVD cpe:/o:opensuse:leap:15.6 Security update for libpcap (Moderate) openSUSE Leap 15.6 This update for libpcap fixes the following issues: - CVE-2024-8006: NULL pointer dereference in function pcap_findalldevs_ex(). (bsc#1230034) - CVE-2023-7256: double free via struct addrinfo in function sock_initaddress(). (bsc#1230020) Moderate SUSE bug 1230020 SUSE bug 1230034 CVE-2023-7256 at SUSE CVE-2023-7256 at NVD CVE-2024-8006 at SUSE CVE-2024-8006 at NVD cpe:/o:opensuse:leap:15.6 Security update for colord (Moderate) openSUSE Leap 15.6 This update for colord fixes the following issues: - Fixed a potential local privilege escalation by removing the script in the specfile which changes the ownership of /var/lib/colord. (bsc#1208056) Moderate SUSE bug 1208056 cpe:/o:opensuse:leap:15.6 Security update for containerd (Important) openSUSE Leap 15.6 This update for containerd fixes the following issues: - Update to containerd v1.7.21 - CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics. (bsc#1217070) - CVE-2023-45142: Fixed DoS vulnerability in otelhttp. (bsc#1228553) Important SUSE bug 1200528 SUSE bug 1217070 SUSE bug 1228553 CVE-2022-1996 at SUSE CVE-2022-1996 at NVD CVE-2023-45142 at SUSE CVE-2023-45142 at NVD CVE-2023-47108 at SUSE CVE-2023-47108 at NVD cpe:/o:opensuse:leap:15.6 Security update for runc (Low) openSUSE Leap 15.6 This update for runc fixes the following issues: - Update to runc v1.1.14 - CVE-2024-45310: Fixed an issue where runc can be tricked into creating empty files/directories on host. (bsc#1230092) Low SUSE bug 1230092 CVE-2024-45310 at SUSE CVE-2024-45310 at NVD cpe:/o:opensuse:leap:15.6 Security update for wireshark (Moderate) openSUSE Leap 15.6 This update for wireshark fixes the following issues: - CVE-2024-8250: Fixed NTLMSSP dissector crash (bsc#1229907). Moderate SUSE bug 1229907 SUSE bug 1230372 CVE-2024-8250 at SUSE CVE-2024-8250 at NVD CVE-2024-8645 at SUSE CVE-2024-8645 at NVD cpe:/o:opensuse:leap:15.6 Security update for SUSE Manager Client Tools (Important) openSUSE Leap 15.6 This update fixes the following issues: golang-github-prometheus-prometheus: - Security issues fixed: * CVE-2024-6104: Update go-retryablehttp to version 0.7.7 (bsc#1227038) * CVE-2023-45142: Updated otelhttp to version 0.46.1 (bsc#1228556) - Require Go > 1.20 for building - Migrate from `disabled` to `manual` service mode - Update to 2.45.6 (jsc#PED-3577): * Security fixes in dependencies - Update to 2.45.5: * [BUGFIX] tsdb/agent: ensure that new series get written to WAL on rollback. * [BUGFIX] Remote write: Avoid a race condition when applying configuration. - Update to 2.45.4: * [BUGFIX] Remote read: Release querier resources before encoding the results. - Update to 2.45.3: * [BUGFIX] TSDB: Remove double memory snapshot on shutdown. - Update to 2.45.2: * [BUGFIX] TSDB: Fix PostingsForMatchers race with creating new series. - Update to 2.45.1: * [ENHANCEMENT] Hetzner SD: Support larger ID's that will be used by Hetzner in September. * [BUGFIX] Linode SD: Cast InstanceSpec values to int64 to avoid overflows on 386 architecture. * [BUGFIX] TSDB: Handle TOC parsing failures. rhnlib: - Version 5.0.4-0 * Add the old TLS code for very old traditional clients still on python 2.7 (bsc#1228198) spacecmd: - Version 5.0.9-0 * Update translation strings uyuni-tools: - Version 0.1.21-0 * mgrpxy: Fix typo on Systemd template - Version 0.1.20-0 * Update the push tag to 5.0.1 * mgrpxy: expose port on IPv6 network (bsc#1227951) - Version 0.1.19-0 * Skip updating Tomcat remote debug if conf file is not present - Version 0.1.18-0 * Setup Confidential Computing container during migration (bsc#1227588) * Add the /etc/uyuni/uyuni-tools.yaml path to the config help * Split systemd config files to not loose configuration at upgrade (bsc#1227718) * Use the same logic for image computation in mgradm and mgrpxy (bsc#1228026) * Allow building with different Helm and container default registry paths (bsc#1226191) * Fix recursion in mgradm upgrade podman list --help * Setup hub xmlrpc API service in migration to Podman (bsc#1227588) * Setup disabled hub xmlrpc API service in all cases (bsc#1227584) * Clean the inspection code to make it faster * Properly detect IPv6 enabled on Podman network (bsc#1224349) * Fix the log file path generation * Write scripts output to uyuni-tools.log file * Add uyuni-hubxml-rpc to the list of values in mgradm scale --help * Use path in mgradm support sql file input (bsc#1227505) * On Ubuntu build with go1.21 instead of go1.20 * Enforce Cobbler setup (bsc#1226847) * Expose port on IPv6 network (bsc#1227951) * show output of podman image search --list-tags command * Implement mgrpxy support config command * During migration, ignore /etc/sysconfig/tomcat and /etc/tomcat/tomcat.conf (bsc#1228183) * During migration, remove java.annotation,com.sun.xml.bind and UseConcMarkSweepGC settings * Disable node exporter port for Kubernetes * Fix start, stop and restart in Kubernetes * Increase start timeout in Kubernetes * Fix traefik query * Fix password entry usability (bsc#1226437) * Add --prepare option to migrate command * Fix random error during installation of CA certificate (bsc#1227245) * Clarify and fix distro name guessing when not provided (bsc#1226284) * Replace not working Fatal error by plain error return (bsc#1220136) * Allow server installation with preexisting storage volumes * Do not report error when purging mounted volume (bsc#1225349) * Preserve PAGER settings from the host for interactive sql usage (bsc#1226914) * Add mgrpxy command to clear the Squid cache * Use local images for Confidential Computing and Hub containers (bsc#1227586) - Version 0.1.17-0 * Allow GPG files to be loaded from the local file (bsc#1227195) - Version 0.1.16-0 * Prefer local images in all migration steps (bsc#1227244) - Version 0.1.15-0 * Define --registry flag behaviour (bsc#1226793) - Version 0.1.14-0 * Do not rely on hardcoded registry, remove any FQDN - Version 0.1.13-0 * Fix mgradm support config tarball creation (bsc#1226759) - Version 0.1.12-0 * Detection of k8s on Proxy was wrongly influenced by Server setting Important SUSE bug 1220136 SUSE bug 1224349 SUSE bug 1225349 SUSE bug 1226191 SUSE bug 1226284 SUSE bug 1226437 SUSE bug 1226759 SUSE bug 1226793 SUSE bug 1226847 SUSE bug 1226914 SUSE bug 1227038 SUSE bug 1227195 SUSE bug 1227244 SUSE bug 1227245 SUSE bug 1227505 SUSE bug 1227584 SUSE bug 1227586 SUSE bug 1227588 SUSE bug 1227718 SUSE bug 1227951 SUSE bug 1228026 SUSE bug 1228183 SUSE bug 1228198 SUSE bug 1228556 CVE-2023-45142 at SUSE CVE-2023-45142 at NVD CVE-2024-6104 at SUSE CVE-2024-6104 at NVD cpe:/o:opensuse:leap:15.6 Security update for golang-github-prometheus-prometheus (Important) openSUSE Leap 15.6 This update for golang-github-prometheus-prometheus fixes the following issues: - Require Go > 1.20 for building - Bump go-retryablehttp to version 0.7.7 (CVE-2024-6104, bsc#1227038) - Migrate from `disabled` to `manual` service mode - Add0003-Bump-go-retryablehttp.patch - Update to 2.45.6 (jsc#PED-3577): * Security fixes in dependencies - Update to 2.45.5: * [BUGFIX] tsdb/agent: ensure that new series get written to WAL on rollback. * [BUGFIX] Remote write: Avoid a race condition when applying configuration. - Update to 2.45.4: * [BUGFIX] Remote read: Release querier resources before encoding the results. - Update to 2.45.3: * Security fixes in dependencies * [BUGFIX] TSDB: Remove double memory snapshot on shutdown. - Update to 2.45.2: * Security fixes in dependencies * [SECURITY] Updated otelhttp to version 0.46.1 (CVE-2023-45142, bsc#1228556) * [BUGFIX] TSDB: Fix PostingsForMatchers race with creating new series. - Update to 2.45.1: * [ENHANCEMENT] Hetzner SD: Support larger ID's that will be used by Hetzner in September. * [BUGFIX] Linode SD: Cast InstanceSpec values to int64 to avoid overflows on 386 architecture. * [BUGFIX] TSDB: Handle TOC parsing failures. - update to 2.45.0 (jsc#PED-5406): * [FEATURE] API: New limit parameter to limit the number of items returned by `/api/v1/status/tsdb` endpoint. * [FEATURE] Config: Add limits to global config. * [FEATURE] Consul SD: Added support for `path_prefix`. * [FEATURE] Native histograms: Add option to scrape both classic and native histograms. * [FEATURE] Native histograms: Added support for two more arithmetic operators `avg_over_time` and `sum_over_time`. * [FEATURE] Promtool: When providing the block id, only one block will be loaded and analyzed. * [FEATURE] Remote-write: New Azure ad configuration to support remote writing directly to Azure Monitor workspace. * [FEATURE] TSDB: Samples per chunk are now configurable with flag `storage.tsdb.samples-per-chunk`. By default set to its former value 120. * [ENHANCEMENT] Native histograms: bucket size can now be limited to avoid scrape fails. * [ENHANCEMENT] TSDB: Dropped series are now deleted from the WAL sooner. * [BUGFIX] Native histograms: ChunkSeries iterator now checks if a new sample can be appended to the open chunk. * [BUGFIX] Native histograms: Fix Histogram Appender `Appendable()` segfault. * [BUGFIX] Native histograms: Fix setting reset header to gauge histograms in seriesToChunkEncoder. * [BUGFIX] TSDB: Tombstone intervals are not modified after Get() call. * [BUGFIX] TSDB: Use path/filepath to set the WAL directory. - update to 2.44.0: * [FEATURE] Remote-read: Handle native histograms. * [FEATURE] Promtool: Health and readiness check of prometheus server in CLI. * [FEATURE] PromQL: Add `query_samples_total` metric, the total number of samples loaded by all queries. * [ENHANCEMENT] Storage: Optimise buffer used to iterate through samples. * [ENHANCEMENT] Scrape: Reduce memory allocations on target labels. * [ENHANCEMENT] PromQL: Use faster heap method for `topk()` / `bottomk()`. * [ENHANCEMENT] Rules API: Allow filtering by rule name. * [ENHANCEMENT] Native Histograms: Various fixes and improvements. * [ENHANCEMENT] UI: Search of scraping pools is now case-insensitive. * [ENHANCEMENT] TSDB: Add an affirmative log message for successful WAL repair. * [BUGFIX] TSDB: Block compaction failed when shutting down. * [BUGFIX] TSDB: Out-of-order chunks could be ignored if the write-behind log was deleted. - rebase patch 0001-Do-not-force-the-pure-Go-name-resolver.patch onto v2.44.0 - update to 2.43.1 * [BUGFIX] Labels: Set() after Del() would be ignored, which broke some relabeling rules. - update to 2.43.0: * [FEATURE] Promtool: Add HTTP client configuration to query commands. * [FEATURE] Scrape: Add `include_scrape_configs` to include scrape configs from different files. * [FEATURE] HTTP client: Add `no_proxy` to exclude URLs from proxied requests. * [FEATURE] HTTP client: Add `proxy_from_enviroment` to read proxies from env variables. * [ENHANCEMENT] API: Add support for setting lookback delta per query via the API. * [ENHANCEMENT] API: Change HTTP status code from 503/422 to 499 if a request is canceled. * [ENHANCEMENT] Scrape: Allow exemplars for all metric types. * [ENHANCEMENT] TSDB: Add metrics for head chunks and WAL folders size. * [ENHANCEMENT] TSDB: Automatically remove incorrect snapshot with index that is ahead of WAL. * [ENHANCEMENT] TSDB: Improve Prometheus parser error outputs to be more comprehensible. * [ENHANCEMENT] UI: Scope `group by` labels to metric in autocompletion. * [BUGFIX] Scrape: Fix `prometheus_target_scrape_pool_target_limit` metric not set before reloading. * [BUGFIX] TSDB: Correctly update `prometheus_tsdb_head_chunks_removed_total` and `prometheus_tsdb_head_chunks` metrics when reading WAL. * [BUGFIX] TSDB: Use the correct unit (seconds) when recording out-of-order append deltas in the `prometheus_tsdb_sample_ooo_delta` metric. - update to 2.42.0: This release comes with a bunch of feature coverage for native histograms and breaking changes. If you are trying native histograms already, we recommend you remove the `wal` directory when upgrading. Because the old WAL record for native histograms is not backward compatible in v2.42.0, this will lead to some data loss for the latest data. Additionally, if you scrape 'float histograms' or use recording rules on native histograms in v2.42.0 (which writes float histograms), it is a one-way street since older versions do not support float histograms. * [CHANGE] **breaking** TSDB: Changed WAL record format for the experimental native histograms. * [FEATURE] Add 'keep_firing_for' field to alerting rules. * [FEATURE] Promtool: Add support of selecting timeseries for TSDB dump. * [ENHANCEMENT] Agent: Native histogram support. * [ENHANCEMENT] Rules: Support native histograms in recording rules. * [ENHANCEMENT] SD: Add container ID as a meta label for pod targets for Kubernetes. * [ENHANCEMENT] SD: Add VM size label to azure service discovery. * [ENHANCEMENT] Support native histograms in federation. * [ENHANCEMENT] TSDB: Add gauge histogram support. * [ENHANCEMENT] TSDB/Scrape: Support FloatHistogram that represents buckets as float64 values. * [ENHANCEMENT] UI: Show individual scrape pools on /targets page. - update to 2.41.0: * [FEATURE] Relabeling: Add keepequal and dropequal relabel actions. * [FEATURE] Add support for HTTP proxy headers. * [ENHANCEMENT] Reload private certificates when changed on disk. * [ENHANCEMENT] Add max_version to specify maximum TLS version in tls_config. * [ENHANCEMENT] Add goos and goarch labels to prometheus_build_info. * [ENHANCEMENT] SD: Add proxy support for EC2 and LightSail SDs. * [ENHANCEMENT] SD: Add new metric prometheus_sd_file_watcher_errors_total. * [ENHANCEMENT] Remote Read: Use a pool to speed up marshalling. * [ENHANCEMENT] TSDB: Improve handling of tombstoned chunks in iterators. * [ENHANCEMENT] TSDB: Optimize postings offset table reading. * [BUGFIX] Scrape: Validate the metric name, label names, and label values after relabeling. * [BUGFIX] Remote Write receiver and rule manager: Fix error handling. - update to 2.40.7: * [BUGFIX] TSDB: Fix queries involving negative buckets of native histograms. - update to 2.40.5: * [BUGFIX] TSDB: Fix queries involving native histograms due to improper reset of iterators. - update to 2.40.3: * [BUGFIX] TSDB: Fix compaction after a deletion is called. - update to 2.40.2: * [BUGFIX] UI: Fix black-on-black metric name color in dark mode. - update to 2.40.1: * [BUGFIX] TSDB: Fix alignment for atomic int64 for 32 bit architecture. * [BUGFIX] Scrape: Fix accept headers. - update to 2.40.0: * [FEATURE] Add experimental support for native histograms. Enable with the flag --enable-feature=native-histograms. * [FEATURE] SD: Add service discovery for OVHcloud. * [ENHANCEMENT] Kubernetes SD: Use protobuf encoding. * [ENHANCEMENT] TSDB: Use golang.org/x/exp/slices for improved sorting speed. * [ENHANCEMENT] Consul SD: Add enterprise admin partitions. Adds __meta_consul_partition label. Adds partition config in consul_sd_config. * [BUGFIX] API: Fix API error codes for /api/v1/labels and /api/v1/series. - update to 2.39.1: * [BUGFIX] Rules: Fix notifier relabel changing the labels on active alerts. - update to 2.39.0: * [FEATURE] experimental TSDB: Add support for ingesting out-of-order samples. This is configured via out_of_order_time_window field in the config file; check config file docs for more info. * [ENHANCEMENT] API: /-/healthy and /-/ready API calls now also respond to a HEAD request on top of existing GET support. * [ENHANCEMENT] PuppetDB SD: Add __meta_puppetdb_query label. * [ENHANCEMENT] AWS EC2 SD: Add __meta_ec2_region label. * [ENHANCEMENT] AWS Lightsail SD: Add __meta_lightsail_region label. * [ENHANCEMENT] Scrape: Optimise relabeling by re-using memory. * [ENHANCEMENT] TSDB: Improve WAL replay timings. * [ENHANCEMENT] TSDB: Optimise memory by not storing unnecessary data in the memory. * [ENHANCEMENT] TSDB: Allow overlapping blocks by default. --storage.tsdb.allow-overlapping-blocks now has no effect. * [ENHANCEMENT] UI: Click to copy label-value pair from query result to clipboard. * [BUGFIX] TSDB: Turn off isolation for Head compaction to fix a memory leak. * [BUGFIX] TSDB: Fix 'invalid magic number 0' error on Prometheus startup. * [BUGFIX] PromQL: Properly close file descriptor when logging unfinished queries. * [BUGFIX] Agent: Fix validation of flag options and prevent WAL from growing more than desired. - update to 2.38.0: * [FEATURE]: Web: Add a /api/v1/format_query HTTP API endpoint that allows pretty-formatting PromQL expressions. * [FEATURE]: UI: Add support for formatting PromQL expressions in the UI. * [FEATURE]: DNS SD: Support MX records for discovering targets. * [FEATURE]: Templates: Add toTime() template function that allows converting sample timestamps to Go time.Time values. * [ENHANCEMENT]: Kubernetes SD: Add __meta_kubernetes_service_port_number meta label indicating the service port number. * [ENHANCEMENT]: Kubernetes SD: Add __meta_kubernetes_pod_container_image meta label indicating the container image. * [ENHANCEMENT]: PromQL: When a query panics, also log the query itself alongside the panic message. * [ENHANCEMENT]: UI: Tweak colors in the dark theme to improve the contrast ratio. * [ENHANCEMENT]: Web: Speed up calls to /api/v1/rules by avoiding locks and using atomic types instead. * [ENHANCEMENT]: Scrape: Add a no-default-scrape-port feature flag, which omits or removes any default HTTP (:80) or HTTPS (:443) ports in the target's scrape address. * [BUGFIX]: TSDB: In the WAL watcher metrics, expose the type='exemplar' label instead of type='unknown' for exemplar records. * [BUGFIX]: TSDB: Fix race condition around allocating series IDs during chunk snapshot loading. - Remove npm_licenses.tar.bz2 during 'make clean' - Remove web-ui archives during 'make clean'. * [SECURITY] CVE-2022-41715: Limit memory used by parsing regexps (bsc#1204023). - Fix uncontrolled resource consumption by updating Go to version 1.20.1 (CVE-2022-41723, bsc#1208298) Important SUSE bug 1204023 SUSE bug 1208298 SUSE bug 1227038 SUSE bug 1228556 CVE-2022-41715 at SUSE CVE-2022-41715 at NVD CVE-2022-41723 at SUSE CVE-2022-41723 at NVD CVE-2023-45142 at SUSE CVE-2023-45142 at NVD CVE-2024-6104 at SUSE CVE-2024-6104 at NVD cpe:/o:opensuse:leap:15.6 Security update for ffmpeg-4 (Important) openSUSE Leap 15.6 This update for ffmpeg-4 fixes the following issues: - CVE-2024-7055: Fixed a heap-based buffer overflow in pnmdec. (bsc#1229026) Important SUSE bug 1229026 CVE-2024-7055 at SUSE CVE-2024-7055 at NVD cpe:/o:opensuse:leap:15.6 Security update for python312 (Important) openSUSE Leap 15.6 This update for python312 fixes the following issues: - Update to 3.12.6 - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module. (bsc#1228780). - CVE-2024-7592: Fixed Email header injection due to unquoted newlines. (bsc#1229596) - CVE-2024-6232: Fixed ReDos via excessive backtracking while parsing header values. (bsc#1230227) - CVE-2024-8088: Fixed denial of service in zipfile. (bsc#1229704) Important SUSE bug 1227999 SUSE bug 1228780 SUSE bug 1229596 SUSE bug 1229704 SUSE bug 1230227 CVE-2024-6232 at SUSE CVE-2024-6232 at NVD CVE-2024-6923 at SUSE CVE-2024-6923 at NVD CVE-2024-7592 at SUSE CVE-2024-7592 at NVD CVE-2024-8088 at SUSE CVE-2024-8088 at NVD cpe:/o:opensuse:leap:15.6 Security update for clamav (Important) openSUSE Leap 15.6 This update for clamav fixes the following issues: - Update to version 0.103.12 - CVE-2024-20506: Disable symlinks following to prevent an attacker to corrupt system files. (bsc#1230162) - CVE-2024-20505: Fixed possible out-of-bounds read bug in the PDF file parser. (bsc#1230161) Important SUSE bug 1230161 SUSE bug 1230162 CVE-2024-20505 at SUSE CVE-2024-20505 at NVD CVE-2024-20506 at SUSE CVE-2024-20506 at NVD cpe:/o:opensuse:leap:15.6 Security update for ucode-intel (Moderate) openSUSE Leap 15.6 This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20240910 release (bsc#1230400) - CVE-2024-23984: Observable discrepancy in RAPL interface for some Intel Processors may allow a privileged user to potentially enable information disclosure via local access. - CVE-2024-24968: Improper finite state machines (FSMs) in hardware logic in some Intel Processors may allow an privileged user to potentially enable a denial of service via local access. Moderate SUSE bug 1230400 CVE-2024-23984 at SUSE CVE-2024-23984 at NVD CVE-2024-24968 at SUSE CVE-2024-24968 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes. The following non-security bugs were fixed: - Drop soundwire patch that caused a regression (bsc#1230350) - Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' (bsc#1230413) - Revert 'mm/sparsemem: fix race in accessing memory_section->usage' (bsc#1230413) - Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' (bsc#1230413) Important SUSE bug 1230350 SUSE bug 1230413 cpe:/o:opensuse:leap:15.6 Security update for kubernetes1.24 (Important) openSUSE Leap 15.6 This update for kubernetes1.24 fixes the following issues: - CVE-2023-39325: go1.20: excessive resource consumption when dealing with rapid stream resets. (bsc#1229869) - CVE-2023-44487: google.golang.org/grpc, kube-apiserver: HTTP/2 rapid reset vulnerability. (bsc#1229869) - CVE-2023-45288: golang.org/x/net: excessive CPU consumption when processing unlimited sets of headers. (bsc#1229869) - CVE-2024-24786: github.com/golang/protobuf: infinite loop when unmarshaling invalid JSON. (bsc#1229867) Bug fixes: - Update go to version 1.22.5 in build requirements. (bsc#1229858) Important SUSE bug 1216109 SUSE bug 1216123 SUSE bug 1221400 SUSE bug 1226136 SUSE bug 1229858 SUSE bug 1229867 SUSE bug 1229869 SUSE bug 1230323 CVE-2023-39325 at SUSE CVE-2023-39325 at NVD CVE-2023-44487 at SUSE CVE-2023-44487 at NVD CVE-2023-45288 at SUSE CVE-2023-45288 at NVD CVE-2024-24786 at SUSE CVE-2024-24786 at NVD cpe:/o:opensuse:leap:15.6 Security update for kubernetes1.25 (Important) openSUSE Leap 15.6 This update for kubernetes1.25 fixes the following issues: - CVE-2023-45288: golang.org/x/net: excessive CPU consumption when processing unlimited sets of headers. (bsc#1229869) - CVE-2023-44487: google.golang.org/grpc, kube-apiserver: HTTP/2 rapid reset vulnerability. (bsc#1229869) - CVE-2024-24786: github.com/golang/protobuf: infinite loop when unmarshaling invalid JSON. (bsc#1229867) Bug fixes: - Update go to version 1.22.5 in build requirements. (bsc#1229858) Important SUSE bug 1216109 SUSE bug 1216123 SUSE bug 1221400 SUSE bug 1226136 SUSE bug 1229858 SUSE bug 1229867 SUSE bug 1229869 SUSE bug 1230323 CVE-2023-39325 at SUSE CVE-2023-39325 at NVD CVE-2023-44487 at SUSE CVE-2023-44487 at NVD CVE-2023-45288 at SUSE CVE-2023-45288 at NVD CVE-2024-24786 at SUSE CVE-2024-24786 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-azure-identity (Moderate) openSUSE Leap 15.6 This update for python-azure-identity fixes the following issues: - CVE-2024-35255: Fixed an Azure identity libraries elevation of privilege vulnerability. (bsc#1230100) Moderate SUSE bug 1230100 CVE-2024-35255 at SUSE CVE-2024-35255 at NVD cpe:/o:opensuse:leap:15.6 Security update for wpa_supplicant (Important) openSUSE Leap 15.6 This update for wpa_supplicant fixes the following issues: - CVE-2023-52160: Bypassing WiFi Authentication (bsc#1219975). Important SUSE bug 1219975 CVE-2023-52160 at SUSE CVE-2023-52160 at NVD cpe:/o:opensuse:leap:15.6 Security update for python310 (Important) openSUSE Leap 15.6 This update for python310 fixes the following issues: - Update to version 3.10.15 - CVE-2024-8088: Fixed denial of service in zipfile. (bsc#1229704) - CVE-2024-7592: Fixed uncontrolled CPU resource consumption when in http.cookies module. (bsc#1229596) - CVE-2024-6232: Fixed ReDos via excessive backtracking while parsing header values. (bsc#1230227) Important SUSE bug 1229596 SUSE bug 1229704 SUSE bug 1230227 CVE-2024-6232 at SUSE CVE-2024-6232 at NVD CVE-2024-7592 at SUSE CVE-2024-7592 at NVD CVE-2024-8088 at SUSE CVE-2024-8088 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-43911: wifi: mac80211: fix NULL dereference at band check in starting tx ba session (bsc#1229827). - CVE-2024-43899: drm/amd/display: Fix null pointer deref in dcn20_resource.c (bsc#1229754). - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503) - CVE-2024-43880: kabi: lib: objagg: Put back removed metod in struct objagg_ops (bsc#1229481). - CVE-2024-43866: net/mlx5: Always drain health in shutdown callback (bsc#1229495). - CVE-2024-43864: net/mlx5e: Fix CT entry update leaks of modify header context (bsc#1229496). - CVE-2024-43855: md: fix deadlock between mddev_suspend and flush bio (bsc#1229342). - CVE-2024-43854: block: initialize integrity buffer to zero before writing it to media (bsc#1229345) - CVE-2024-43850: soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove (bsc#1229316). - CVE-2024-43839: bna: adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301). - CVE-2024-43837: bpf: Fix updating attached freplace prog in prog_array map (bsc#1229297). - CVE-2024-43834: xdp: fix invalid wait context of page_pool_destroy() (bsc#1229314) - CVE-2024-43831: media: mediatek: vcodec: Handle invalid decoder vsi (bsc#1229309). - CVE-2024-43821: scsi: lpfc: Fix a possible null pointer dereference (bsc#1229315). - CVE-2024-42322: ipvs: properly dereference pe in ip_vs_add_service (bsc#1229347) - CVE-2024-42318: landlock: Do not lose track of restrictions on cred_transfer (bsc#1229351). - CVE-2024-42316: mm/mglru: fix div-by-zero in vmpressure_calc_level() (bsc#1229353). - CVE-2024-42312: sysctl: always initialize i_uid/i_gid (bsc#1229357) - CVE-2024-42308: Update DRM patch reference (bsc#1229411) - CVE-2024-42301: dev/parport: fix the array out-of-bounds risk (bsc#1229407). - CVE-2024-42295: nilfs2: handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370). - CVE-2024-42291: ice: Add a per-VF limit on number of FDIR filters (bsc#1229374). - CVE-2024-42290: irqchip/imx-irqsteer: Handle runtime power management correctly (bsc#1229379). - CVE-2024-42284: tipc: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382) - CVE-2024-42283: net: nexthop: Initialize all fields in dumped nexthops (bsc#1229383) - CVE-2024-42281: bpf: Fix a segment issue when downgrading gso_size (bsc#1229386). - CVE-2024-42277: iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409). - CVE-2024-42270: netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init() (bsc#1229404). - CVE-2024-42269: netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init() (bsc#1229402). - CVE-2024-42268: net/mlx5: Fix missing lock on sync reset reload (bsc#1229391). - CVE-2024-42247: wireguard: allowedips: avoid unaligned 64-bit memory accesses (bsc#1228988). - CVE-2024-42246: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989). - CVE-2024-42245: Revert 'sched/fair: Make sure to try to detach at least one movable task' (bsc#1228978). - CVE-2024-42241: mm/shmem: disable PMD-sized page cache if needed (bsc#1228986). - CVE-2024-42224: net: dsa: mv88e6xxx: Correct check for empty list (bsc#1228723). - CVE-2024-42162: gve: Account for stopped queues when reading NIC stats (bsc#1228706). - CVE-2024-42161: bpf: avoid uninitialized value in BPF_CORE_READ_BITFIELD (bsc#1228756). - CVE-2024-42159: scsi: mpi3mr: fix sanitise num_phys (bsc#1228754). - CVE-2024-42158: s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720). - CVE-2024-42157: s390/pkey: Wipe sensitive data on failure (bsc#1228727). - CVE-2024-42156: s390/pkey: Wipe copies of clear-key structures on failure (bsc#1228722). - CVE-2024-42155: s390/pkey: Wipe copies of protected- and secure-keys (bsc#1228733). - CVE-2024-42148: bnx2x: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487). - CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743). - CVE-2024-42142: net/mlx5: E-switch, Create ingress ACL when needed (bsc#1228491). - CVE-2024-42139: ice: Fix improper extts handling (bsc#1228503). - CVE-2024-42138: mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file (bsc#1228500). - CVE-2024-42124: scsi: qedf: Make qedf_execute_tmf() non-preemptible (bsc#1228705). - CVE-2024-42122: drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591). - CVE-2024-42113: net: txgbe: initialize num_q_vectors for MSI/INTx interrupts (bsc#1228568). - CVE-2024-42110: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501). - CVE-2024-42109: netfilter: nf_tables: unconditionally flush pending work before notifier (bsc#1228505). - CVE-2024-42107: ice: Do not process extts if PTP is disabled (bsc#1228494). - CVE-2024-42106: inet_diag: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493). - CVE-2024-42096: x86: stop playing stack games in profile_pc() (bsc#1228633). - CVE-2024-42095: serial: 8250_omap: Fix Errata i2310 with RX FIFO level check (bsc#1228446). - CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680). - CVE-2024-42082: xdp: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482). - CVE-2024-42079: gfs2: Fix NULL pointer dereference in gfs2_log_flush (bsc#1228672). - CVE-2024-42073: mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems (bsc#1228457). - CVE-2024-42070: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (bsc#1228470). - CVE-2024-41084: cxl/region: Avoid null pointer dereference in region lookup (bsc#1228472). - CVE-2024-41081: ila: block BH in ila_output() (bsc#1228617). - CVE-2024-41080: io_uring: fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616). - CVE-2024-41078: btrfs: qgroup: fix quota root leak after quota disable failure (bsc#1228655). - CVE-2024-41076: NFSv4: Fix memory leak in nfs4_set_security_label (bsc#1228649). - CVE-2024-41075: cachefiles: add consistency check for copen/cread (bsc#1228646). - CVE-2024-41074: cachefiles: Set object to close if ondemand_id < 0 in copen (bsc#1228643). - CVE-2024-41070: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581). - CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644). - CVE-2024-41068: s390/sclp: Fix sclp_init() cleanup on failure (bsc#1228579). - CVE-2024-41066: ibmvnic: add tx check to prevent skb leak (bsc#1228640). - CVE-2024-41064: powerpc/eeh: avoid possible crash when edev->pdev changes (bsc#1228599). - CVE-2024-41062: bluetooth/l2cap: sync sock recv cb and release (bsc#1228576). - CVE-2024-41058: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() (bsc#1228459). - CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1228462). - CVE-2024-41051: cachefiles: wait for ondemand_object_worker to finish when dropping object (bsc#1228468). - CVE-2024-41050: cachefiles: cyclic allocation of msg_id to avoid reuse (bsc#1228499). - CVE-2024-41048: skmsg: Skip zero length skb in sk_msg_recvmsg (bsc#1228565). - CVE-2024-41044: ppp: reject claimed-as-LCP but actually malformed packets (bsc#1228530). - CVE-2024-41041: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (bsc#1228520). - CVE-2024-41040: net/sched: Fix UAF when resolving a clash (bsc#1228518). - CVE-2024-41036: net: ks8851: Fix deadlock with the SPI chip variant (bsc#1228496). - CVE-2024-41032: mm: vmalloc: check if a hash-index is in cpu_possible_mask (bsc#1228460). - CVE-2024-41020: filelock: Fix fcntl/close race recovery compat path (bsc#1228427). - CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry() (bsc#1228409). - CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247). - CVE-2024-41010: bpf: Fix too early release of tcx_entry (bsc#1228021). - CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020). - CVE-2024-41007: tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863). - CVE-2024-41000: block/ioctl: prefer different overflow check (bsc#1227867). - CVE-2024-40995: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830). - CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829). - CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823). - CVE-2024-40978: scsi: qedi: Fix crash while reading debugfs attribute (bsc#1227929). - CVE-2024-40959: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884). - CVE-2024-40958: netns: Make get_net_ns() handle zero refcount net (bsc#1227812). - CVE-2024-40957: seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors (bsc#1227811). - CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810). - CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) - CVE-2024-40939: net: wwan: iosm: Fix tainted pointer delete is case of region creation fail (bsc#1227799). - CVE-2024-40938: landlock: fix d_parent walk (bsc#1227840). - CVE-2024-40921: net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state (bsc#1227784). - CVE-2024-40920: net: bridge: mst: fix suspicious rcu usage in br_mst_set_state (bsc#1227781). - CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1227798). - CVE-2024-40905: ipv6: fix possible race in __fib6_drop_pcpu_from() (bsc#1227761) - CVE-2024-39506: liquidio: adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729). - CVE-2024-39489: ipv6: sr: fix memleak in seg6_hmac_init_algo (bsc#1227623) - CVE-2024-38662: selftests/bpf: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885). - CVE-2024-36979: net: bridge: mst: fix vlan use-after-free (bsc#1226604). - CVE-2024-36933: net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832). - CVE-2024-36929: net: core: reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814). - CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745). - CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717). - CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744). - CVE-2024-36881: mm/userfaultfd: Fix reset ptes when close() for wr-protected (bsc#1225718). - CVE-2024-36489: tls: fix missing memory barrier in tls_init (bsc#1226874) - CVE-2024-36286: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801) - CVE-2024-36270: Fix reference in patches.suse/netfilter-tproxy-bail-out-if-IP-has-been-disabled-on.patch (bsc#1226798) - CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700). - CVE-2024-35939: Fixed leak pages on dma_set_decrypted() failure (bsc#1224535). - CVE-2024-35897: netfilter: nf_tables: discard table flag update with pending basechain deletion (bsc#1224510). - CVE-2024-27437: vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625). - CVE-2024-27433: clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe() (bsc#1224711). - CVE-2024-27403: kabi: restore const specifier in flow_offload_route_init() (bsc#1224415). - CVE-2024-27079: iommu/vt-d: Fix NULL domain on device release (bsc#1223742). - CVE-2024-27024: net/rds: fix WARNING in rds_conn_connect_if_down (bsc#1223777). - CVE-2024-27011: netfilter: nf_tables: fix memleak in map from abort path (bsc#1223803). - CVE-2024-27010: net/sched: Fix mirred deadlock on device recursion (bsc#1223720). - CVE-2024-26851: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (bsc#1223074) - CVE-2024-26837: net: bridge: switchdev: race between creation of new group memberships and generation of the list of MDB events to replay (bsc#1222973). - CVE-2024-26835: netfilter: nf_tables: set dormant flag on hook register failure (bsc#1222967). - CVE-2024-26812: kABI: vfio: struct virqfd kABI workaround (bsc#1222808). - CVE-2024-26809: netfilter: nft_set_pipapo: release elements in clone only from destroy path (bsc#1222633). - CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634). - CVE-2024-26735: ipv6: sr: fix possible use-after-free and null-ptr-deref (bsc#1222372). - CVE-2024-26677: blacklist.conf: Add e7870cf13d20 ('rxrpc: Fix delayed ACKs to not set the reference serial number') (bsc#1222387) - CVE-2024-26669: kABI fix for net/sched: flower: Fix chain template offload (bsc#1222350). - CVE-2024-26668: netfilter: nft_limit: reject configurations that cause integer overflow (bsc#1222335). - CVE-2024-26631: ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630). - CVE-2024-26590: erofs: fix inconsistent per-file compression format (bsc#1220252). - CVE-2023-52889: apparmor: Fix null pointer deref when receiving skb during sock creation (bsc#1229287). - CVE-2023-52859: perf: hisi: Fix use-after-free when register pmu fails (bsc#1225582). - CVE-2023-52581: netfilter: nf_tables: fix memleak when more than 255 elements expired (bsc#1220877). - CVE-2023-52489: mm/sparsemem: fix race in accessing memory_section->usage (bsc#1221326). The following non-security bugs were fixed: - ACPI/NUMA: Apply SRAT proximity domain to entire CFMWS window (git-fixes). - ACPI: SBS: manage alarm sysfs attribute through psy core (stable-fixes). - ACPI: battery: create alarm sysfs attribute atomically (stable-fixes). - ACPI: processor_idle: use raw_safe_halt() in acpi_idle_play_dead() (git-fixes). - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes). - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes). - ALSA: hda/realtek - Fixed ALC256 headphone no sound (stable-fixes). - ALSA: hda/realtek - Fixed ALC285 headphone no sound (stable-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes). - ALSA: hda/realtek: Add quirk for Acer Aspire E5-574G (stable-fixes). - ALSA: hda/realtek: Add support for new HP G12 laptops (stable-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Laptop 14-ey0xxx (stable-fixes). - ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book3 Ultra (stable-fixes). - ALSA: hda/realtek: Implement sound init sequence for Samsung Galaxy Book3 Pro 360 (stable-fixes). - ALSA: hda/realtek: support HP Pavilion Aero 13-bg0xxx Mute LED (stable-fixes). - ALSA: hda/tas2781: Use correct endian conversion (git-fixes). - ALSA: hda/tas2781: fix wrong calibrated data order (git-fixes). - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes). - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes). - ALSA: hda: Conditionally use snooping for AMD HDMI (git-fixes). - ALSA: hda: conexant: Fix headset auto detect fail in the polling mode (git-fixes). - ALSA: line6: Fix racy access to midibuf (stable-fixes). - ALSA: line6: Fix racy access to midibuf (stable-fixes). - ALSA: seq: Skip event type filtering for UMP events (git-fixes). - ALSA: seq: ump: Explicitly reset RPN with Null RPN (stable-fixes). - ALSA: seq: ump: Optimize conversions from SysEx to UMP (git-fixes). - ALSA: seq: ump: Transmit RPN/NRPN message at each MSB/LSB data reception (stable-fixes). - ALSA: seq: ump: Use the common RPN/bank conversion context (stable-fixes). - ALSA: timer: Relax start tick time check for slave timer elements (git-fixes). - ALSA: ump: Explicitly reset RPN with Null RPN (stable-fixes). - ALSA: ump: Transmit RPN/NRPN message at each MSB/LSB data reception (stable-fixes). - ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET (stable-fixes). - ALSA: usb-audio: Correct surround channels in UAC1 channel map (git-fixes). - ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes). - ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes). - ALSA: usb-audio: Support Yamaha P-125 quirk entry (stable-fixes). - ALSA: usb: Fix UBSAN warning in parse_audio_unit() (stable-fixes). - ASoC: SOF: Intel: hda-dsp: Make sure that no irq handler is pending before suspend (stable-fixes). - ASoC: SOF: Remove libraries from topology lookups (git-fixes). - ASoC: SOF: Remove libraries from topology lookups (git-fixes). - ASoC: SOF: amd: Fix for acp init sequence (git-fixes). - ASoC: SOF: ipc4: check return value of snd_sof_ipc_msg_data (stable-fixes). - ASoC: SOF: mediatek: Add missing board compatible (stable-fixes). - ASoC: allow module autoloading for table board_ids (stable-fixes). - ASoC: allow module autoloading for table db1200_pids (stable-fixes). - ASoC: amd: acp: fix module autoloading (git-fixes). - ASoC: amd: yc: Add quirk entry for OMEN by HP Gaming Laptop 16-n0xxx (bsc#1227182). - ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes). - ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes). - ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes). - ASoC: cs35l45: Checks index of cs35l45_irqs[] (stable-fixes). - ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes). - ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes). - ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes). - ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes). - ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes). - ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes). - ASoC: mediatek: mt8188: Mark AFE_DAC_CON0 register as volatile (stable-fixes). - ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes). - ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes). - ASoC: nau8822: Lower debug print priority (stable-fixes). - ASoC: nau8822: Lower debug print priority (stable-fixes). - Bluetooth: Add device 13d3:3572 IMC Networks Bluetooth Radio (stable-fixes). - Bluetooth: Fix usage of __hci_cmd_sync_status (git-fixes). - Bluetooth: L2CAP: Fix deadlock (git-fixes). - Bluetooth: MGMT: Add error handling to pair_device() (git-fixes). - Bluetooth: SMP: Fix assumption of Central always being Initiator (git-fixes). - Bluetooth: bnep: Fix out-of-bound access (stable-fixes). - Bluetooth: btintel: Fail setup on error (git-fixes). - Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading (stable-fixes). - Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables (stable-fixes). - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 (stable-fixes). - Bluetooth: hci_conn: Check non NULL function before calling for HFP offload (stable-fixes). - Bluetooth: hci_core: Fix LE quote calculation (git-fixes). - Bluetooth: hci_core: Fix not handling hibernation actions (git-fixes). - Bluetooth: hci_sync: Fix suspending with wrong filter policy (git-fixes). - Bluetooth: hci_sync: avoid dup filtering when passive scanning with adv monitor (git-fixes). - Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (git-fixes). - Drop libata patch that caused a regression (bsc#1229054) - HID: wacom: Defer calculation of resolution until resolution_code is known (git-fixes). - Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table (bsc#1229056). - Input: i8042 - add forcenorestore quirk to leave controller untouched even on s3 (stable-fixes). - Input: i8042 - use new forcenorestore quirk to replace old buggy quirk combination (stable-fixes). - KVM: Always flush async #PF workqueue when vCPU is being destroyed (git-fixes). - KVM: Make KVM_MEM_GUEST_MEMFD mutually exclusive with KVM_MEM_READONLY (git-fixes). - KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3 (bsc#1194869). - KVM: PPC: Book3S HV: Handle pending exceptions on guest entry with MSR_EE (bsc#1215199). - KVM: Protect vcpu->pid dereference via debugfs with RCU (git-fixes). - KVM: Reject overly excessive IDs in KVM_CREATE_VCPU (git-fixes). - KVM: Stop processing *all* memslots when 'null' mmu_notifier handler is found (git-fixes). - KVM: VMX: Move posted interrupt descriptor out of VMX code (git-fixes). - KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked() (git-fixes). - KVM: VMX: Switch __vmx_exit() and kvm_x86_vendor_exit() in vmx_exit() (git-fixes). - KVM: arm64: AArch32: Fix spurious trapping of conditional instructions (git-fixes). - KVM: arm64: Add missing memory barriers when switching to pKVM's hyp pgd (git-fixes). - KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode (git-fixes). - KVM: arm64: Fix AArch32 register narrowing on userspace write (git-fixes). - KVM: arm64: Fix __pkvm_init_switch_pgd call ABI (git-fixes). - KVM: arm64: Fix clobbered ELR in sync abort/SError (git-fixes) - KVM: arm64: GICv4: Do not perform a map to a mapped vLPI (git-fixes). - KVM: arm64: timers: Correctly handle TGE flip with CNTPOFF_EL2 (git-fixes). - KVM: arm64: timers: Fix resource leaks in kvm_timer_hyp_init() (git-fixes). - KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler (git-fixes). - KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() (git-fixes). - KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id (git-fixes). - KVM: arm64: vgic-v4: Restore pending state on host userspace write (git-fixes). - KVM: arm64: vgic: Add a non-locking primitive for kvm_vgic_vcpu_destroy() (git-fixes). - KVM: arm64: vgic: Force vcpu vgic teardown on vcpu destroy (git-fixes). - KVM: arm64: vgic: Simplify kvm_vgic_destroy() (git-fixes). - KVM: fix kvm_mmu_memory_cache allocation warning (git-fixes). - KVM: nVMX: Add a helper to get highest pending from Posted Interrupt vector (git-fixes). - KVM: nVMX: Check for pending posted interrupts when looking for nested events (git-fixes). - KVM: nVMX: Request immediate exit iff pending nested event needs injection (git-fixes). - KVM: s390: fix LPSWEY handling (bsc#1227634 git-fixes). - KVM: s390: fix validity interception issue when gisa is switched off (git-fixes bsc#1229167). - KVM: x86/mmu: Bug the VM if KVM tries to split a !hugepage SPTE (git-fixes). - KVM: x86: Limit check IDs for KVM_SET_BOOT_CPU_ID (git-fixes). - Move upstreamed powerpc patches into sorted section - Move upstreamed sound patches into sorted section - Moved upstreamed ASoC patch into sorted section - NFSD: Support write delegations in LAYOUTGET (git-fixes). - NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes). - PCI: Add Edimax Vendor ID to pci_ids.h (stable-fixes). - PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (git-fixes). - PCI: loongson: Enable MSI in LS7A Root Complex (stable-fixes). - RDMA/cache: Release GID table even if leak is detected (git-fixes) - RDMA/device: Return error earlier if port in not valid (git-fixes) - RDMA/hns: Check atomic wr length (git-fixes) - RDMA/hns: Fix insufficient extend DB for VFs. (git-fixes) - RDMA/hns: Fix mbx timing out before CMD execution is completed (git-fixes) - RDMA/hns: Fix missing pagesize and alignment check in FRMR (git-fixes) - RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes) - RDMA/hns: Fix soft lockup under heavy CEQE load (git-fixes) - RDMA/hns: Fix undifined behavior caused by invalid max_sge (git-fixes) - RDMA/hns: Fix unmatch exception handling when init eq table fails (git-fixes) - RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes) - RDMA/mana_ib: Use virtual address in dma regions for MRs (git-fixes). - RDMA/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes) - RDMA/mlx4: Fix truncated output warning in mad.c (git-fixes) - RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes) - RDMA/rxe: Do not set BTH_ACK_MASK for UC or UD QPs (git-fixes) - RDMA: Fix netdev tracker in ib_device_set_netdev (git-fixes) - Revert 'ALSA: firewire-lib: obsolete workqueue for period update' (bsc#1208783). - Revert 'ALSA: firewire-lib: operate for period elapse event in process context' (bsc#1208783). - Revert 'KVM: Prevent module exit until all VMs are freed' (git-fixes). - Revert 'Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d'' (git-fixes). - Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d' (git-fixes). - Revert 'misc: fastrpc: Restrict untrusted app to attach to privileged PD' (git-fixes). - Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' (bsc#1230413). - Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' (bsc#1230413). - Revert 'mm/sparsemem: fix race in accessing memory_section->usage' (bsc#1230413). - Revert 'usb: gadget: uvc: cleanup request when not in correct state' (stable-fixes). - Revert 'usb: typec: tcpm: clear pd_event queue in PORT_RESET' (git-fixes). - SUNRPC: Fix a race to wake a sync task (git-fixes). - SUNRPC: add a missing rpc_stat for TCP TLS (git-fixes). - Squashfs: fix variable overflow triggered by sysbot (git-fixes). - USB: serial: debug: do not echo input by default (stable-fixes). - Update config files. Disable CONFIG_KFENCE on ppc64le (bsc#1226920) - Update config files. Disable vdpa drivers for Alibaba ENI and SolidNET (jsc#PED-8954, bsc#1227834) - Update patch references for ASoC regression fixes (bsc#1229045, bsc#1229046) - afs: fix __afs_break_callback() / afs_drop_open_mmap() race (git-fixes). - apparmor: unpack transition table if dfa is not present (bsc#1226031). - arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes) - arm64: Add Neoverse-V2 part (git-fixes) - arm64: Fix KASAN random tag seed initialization (git-fixes) - arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes) - arm64: barrier: Restore spec_bar() macro (git-fixes) - arm64: cputype: Add Cortex-A720 definitions (git-fixes) - arm64: cputype: Add Cortex-A725 definitions (git-fixes) - arm64: cputype: Add Cortex-X1C definitions (git-fixes) - arm64: cputype: Add Cortex-X3 definitions (git-fixes) - arm64: cputype: Add Cortex-X4 definitions (git-fixes) - arm64: cputype: Add Cortex-X925 definitions (git-fixes) - arm64: cputype: Add Neoverse-V3 definitions (git-fixes) - arm64: dts: imx8mp: Add NPU Node (git-fixes) - arm64: dts: imx8mp: Fix pgc vpu locations (git-fixes) - arm64: dts: imx8mp: Fix pgc_mlmix location (git-fixes) - arm64: dts: imx8mp: add HDMI power-domains (git-fixes) - arm64: errata: Expand speculative SSBS workaround (again) (git-fixes) - arm64: errata: Expand speculative SSBS workaround (git-fixes) - arm64: errata: Unify speculative SSBS errata logic (git-fixes). Update config files. - arm64: jump_label: Ensure patched jump_labels are visible to all CPUs (git-fixes) - ata: libata-scsi: Do not overwrite valid sense data when CK_COND=1 (stable-fixes). - ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error (stable-fixes). - blacklist.conf: Add libata upstream revert entry (bsc#1229054) - bnxt_re: Fix imm_data endianness (git-fixes) - bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG (git-fixes) - bpf, lpm: Fix check prefixlen before walking trie (git-fixes). - bpf/tests: Remove duplicate JSGT tests (git-fixes). - bpf: Add crosstask check to __bpf_get_stack (git-fixes). - bpf: Detect IP == ksym.end as part of BPF program (git-fixes). - bpf: Ensure proper register state printing for cond jumps (git-fixes). - bpf: Fix a few selftest failures due to llvm18 change (git-fixes). - bpf: Fix a kernel verifier crash in stacksafe() (bsc#1225903). - bpf: Fix check_stack_write_fixed_off() to correctly spill imm (git-fixes). - bpf: Fix kfunc callback register type handling (git-fixes). - bpf: Fix prog_array_map_poke_run map poke update (git-fixes). - bpf: Fix unnecessary -EBUSY from htab_lock_bucket (git-fixes). - bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly (git-fixes). - bpf: Remove unnecessary wait from bpf_map_copy_value() (git-fixes). - bpf: Set uattr->batch.count as zero before batched update or deletion (git-fixes). - bpf: do not infer PTR_TO_CTX for programs with unnamed context type (git-fixes). - bpf: enforce precision of R0 on callback return (git-fixes). - bpf: extract bpf_ctx_convert_map logic and make it more reusable (git-fixes). - bpf: fix control-flow graph checking in privileged mode (git-fixes). - bpf: handle bpf_user_pt_regs_t typedef explicitly for PTR_TO_CTX global arg (git-fixes). - bpf: hardcode BPF_PROG_PACK_SIZE to 2MB * num_possible_nodes() (git-fixes). - bpf: kprobe: remove unused declaring of bpf_kprobe_override (git-fixes). - bpf: simplify btf_get_prog_ctx_type() into btf_is_prog_ctx_type() (git-fixes). - bpftool: Align output skeleton ELF code (git-fixes). - bpftool: Fix -Wcast-qual warning (git-fixes). - bpftool: Silence build warning about calloc() (git-fixes). - bpftool: mark orphaned programs during prog show (git-fixes). - btrfs: add a btrfs_finish_ordered_extent helper (git-fixes). - btrfs: add a is_data_bbio helper (git-fixes). - btrfs: add an ordered_extent pointer to struct btrfs_bio (git-fixes). - btrfs: copy dir permission and time when creating a stub subvolume (bsc#1228321). - btrfs: ensure fast fsync waits for ordered extents after a write failure (git-fixes). - btrfs: factor out a btrfs_queue_ordered_fn helper (git-fixes). - btrfs: factor out a can_finish_ordered_extent helper (git-fixes). - btrfs: fix corruption after buffer fault in during direct IO append write (git-fixes). - btrfs: fix double inode unlock for direct IO sync writes (git-fixes). - btrfs: fix extent map use-after-free when adding pages to compressed bio (git-fixes). - btrfs: fix leak of qgroup extent records after transaction abort (git-fixes). - btrfs: fix ordered extent split error handling in btrfs_dio_submit_io (git-fixes). - btrfs: limit write bios to a single ordered extent (git-fixes). - btrfs: make btrfs_finish_ordered_extent() return void (git-fixes). - btrfs: merge the two calls to btrfs_add_ordered_extent in run_delalloc_nocow (git-fixes). - btrfs: open code btrfs_bio_end_io in btrfs_dio_submit_io (git-fixes). - btrfs: open code end_extent_writepage in end_bio_extent_writepage (git-fixes). - btrfs: pass a btrfs_inode to btrfs_fdatawrite_range() (git-fixes). - btrfs: pass a btrfs_inode to btrfs_wait_ordered_range() (git-fixes). - btrfs: pass an ordered_extent to btrfs_reloc_clone_csums (git-fixes). - btrfs: pass an ordered_extent to btrfs_submit_compressed_write (git-fixes). - btrfs: remove btrfs_add_ordered_extent (git-fixes). - btrfs: rename err to ret in btrfs_direct_write() (git-fixes). - btrfs: uninline some static inline helpers from tree-log.h (git-fixes). - btrfs: use a btrfs_inode in the log context (struct btrfs_log_ctx) (git-fixes). - btrfs: use a btrfs_inode local variable at btrfs_sync_file() (git-fixes). - btrfs: use bbio->ordered in btrfs_csum_one_bio (git-fixes). - btrfs: use btrfs_finish_ordered_extent to complete buffered writes (git-fixes). - btrfs: use btrfs_finish_ordered_extent to complete compressed writes (git-fixes). - btrfs: use btrfs_finish_ordered_extent to complete direct writes (git-fixes). - btrfs: use irq safe locking when running and adding delayed iputs (git-fixes). - cachefiles, erofs: Fix NULL deref in when cachefiles is not doing ondemand-mode (bsc#1229245). - cachefiles: add missing lock protection when polling (bsc#1229256). - cachefiles: add restore command to recover inflight ondemand read requests (bsc#1229244). - cachefiles: add spin_lock for cachefiles_ondemand_info (bsc#1229249). - cachefiles: cancel all requests for the object that is being dropped (bsc#1229255). - cachefiles: defer exposing anon_fd until after copy_to_user() succeeds (bsc#1229251). - cachefiles: extract ondemand info field from cachefiles_object (bsc#1229240). - cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read() (bsc#1229247). - cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd() (bsc#1229246). - cachefiles: introduce object ondemand state (bsc#1229239). - cachefiles: make on-demand read killable (bsc#1229252). - cachefiles: narrow the scope of triggering EPOLLIN events in ondemand mode (bsc#1229243). - cachefiles: never get a new anonymous fd if ondemand_id is valid (bsc#1229250). - cachefiles: propagate errors from vfs_getxattr() to avoid infinite loop (bsc#1229253). - cachefiles: remove err_put_fd label in cachefiles_ondemand_daemon_read() (bsc#1229248). - cachefiles: resend an open request if the read request's object is closed (bsc#1229241). - cachefiles: stop sending new request when dropping object (bsc#1229254). - can: mcp251xfd: tef: prepare to workaround broken TEF FIFO tail index erratum (stable-fixes). - can: mcp251xfd: tef: update workaround for erratum DS80000789E 6 of mcp2518fd (stable-fixes). - ceph: periodically flush the cap releases (bsc#1230056). - cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801). - cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254). - cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254). - cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254). - cgroup: Remove unnecessary list_empty() (bsc#1222254). - cgroup: preserve KABI of cgroup_root (bsc#1222254). - char: xillybus: Check USB endpoints when probing device (git-fixes). - char: xillybus: Do not destroy workqueue from work item running on it (stable-fixes). - char: xillybus: Refine workqueue handling (git-fixes). - clk: en7523: fix rate divider for slic and spi clocks (git-fixes). - clk: qcom: Park shared RCGs upon registration (git-fixes). - clk: qcom: camcc-sc7280: Add parent dependency to all camera GDSCs (git-fixes). - clk: qcom: gcc-sa8775p: Update the GDSC wait_val fields and flags (git-fixes). - clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE clock (git-fixes). - clk: qcom: gpucc-sa8775p: Park RCG's clk source at XO during disable (git-fixes). - clk: qcom: gpucc-sa8775p: Remove the CLK_IS_CRITICAL and ALWAYS_ON flags (git-fixes). - clk: qcom: gpucc-sa8775p: Update wait_val fields for GPU GDSC's (git-fixes). - clk: qcom: gpucc-sm8350: Park RCG's clk source at XO during disable (git-fixes). - clk: qcom: kpss-xcc: Return of_clk_add_hw_provider to transfer the error (git-fixes). - clk: visconti: Add bounds-checking coverage for struct visconti_pll_provider (stable-fixes). - clocksource/drivers/sh_cmt: Address race condition for clock events (stable-fixes). - cpu/SMT: Enable SMT only if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes). - dev/parport: fix the array out-of-bounds risk (stable-fixes). - device property: Add cleanup.h based fwnode_handle_put() scope based cleanup (stable-fixes). - dmaengine: dw: Add memory bus width verification (git-fixes). - dmaengine: dw: Add peripheral bus width verification (git-fixes). - docs: KVM: Fix register ID of SPSR_FIQ (git-fixes). - driver core: Fix uevent_show() vs driver detach race (git-fixes). - drm/admgpu: fix dereferencing null pointer context (stable-fixes). - drm/amd/display: Add delay to improve LTTPR UHBR interop (stable-fixes). - drm/amd/display: Add null checker before passing variables (stable-fixes). - drm/amd/display: Adjust cursor position (git-fixes). - drm/amd/display: Check for NULL pointer (stable-fixes). - drm/amd/display: Skip Recompute DSC Params if no Stream on Link (stable-fixes). - drm/amd/display: avoid using null object of framebuffer (git-fixes). - drm/amd/display: fix cursor offset on rotation 180 (git-fixes). - drm/amd/display: fix s2idle entry for DCN3.5+ (stable-fixes). - drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr (stable-fixes). - drm/amdgpu/jpeg2: properly set atomics vmid field (stable-fixes). - drm/amdgpu/jpeg4: properly set atomics vmid field (stable-fixes). - drm/amdgpu/pm: Fix the null pointer dereference for smu7 (stable-fixes). - drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules (stable-fixes). - drm/amdgpu/pm: Fix the param type of set_power_profile_mode (stable-fixes). - drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell (stable-fixes). - drm/amdgpu/sdma5.2: limit wptr workaround to sdma 5.2.1 (git-fixes). - drm/amdgpu: Actually check flags for all context ops (stable-fixes). - drm/amdgpu: Add lock around VF RLCG interface (stable-fixes). - drm/amdgpu: Fix the null pointer dereference to ras_manager (stable-fixes). - drm/amdgpu: Forward soft recovery errors to userspace (stable-fixes). - drm/amdgpu: Validate TA binary size (stable-fixes). - drm/amdgpu: fix dereference null return value for the function amdgpu_vm_pt_parent (stable-fixes). - drm/amdgpu: fix potential resource leak warning (stable-fixes). - drm/amdgpu: reset vm state machine after gpu reset(vram lost) (stable-fixes). - drm/bridge: analogix_dp: properly handle zero sized AUX transactions (stable-fixes). - drm/client: fix null pointer dereference in drm_client_modeset_probe (git-fixes). - drm/dp_mst: Skip CSN if topology probing is not done yet (stable-fixes). - drm/etnaviv: do not block scheduler when GPU is still active (stable-fixes). - drm/i915/dsi: Make Lenovo Yoga Tab 3 X90F DMI match less strict (git-fixes). - drm/i915/gem: Adjust vma offset for framebuffer mmap offset (stable-fixes). - drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (git-fixes). - drm/i915/hdcp: Fix HDCP2_STREAM_STATUS macro (git-fixes). - drm/i915: Fix possible int overflow in skl_ddi_calculate_wrpll() (git-fixes). - drm/lima: set gp bus_stop bit before hard reset (stable-fixes). - drm/mediatek/dp: Fix spurious kfree() (git-fixes). - drm/msm/dp: fix the max supported bpp logic (git-fixes). - drm/msm/dp: reset the link phy params before link training (git-fixes). - drm/msm/dpu: capture snapshot on the first commit_done timeout (stable-fixes). - drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (git-fixes). - drm/msm/dpu: do not play tricks with debug macros (git-fixes). - drm/msm/dpu: drop MSM_ENC_VBLANK support (stable-fixes). - drm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable() (git-fixes). - drm/msm/dpu: split dpu_encoder_wait_for_event into two functions (stable-fixes). - drm/msm/dpu: take plane rotation into account for wide planes (git-fixes). - drm/msm/dpu: try multirect based on mdp clock limits (stable-fixes). - drm/msm/dpu: use drmm-managed allocation for dpu_encoder_phys (stable-fixes). - drm/msm/mdss: Rename path references to mdp_path (stable-fixes). - drm/msm/mdss: switch mdss to use devm_of_icc_get() (stable-fixes). - drm/msm: Reduce fallout of fence signaling vs reclaim hangs (stable-fixes). - drm/nouveau: prime: fix refcount underflow (git-fixes). - drm/panel: nt36523: Set 120Hz fps for xiaomi,elish panels (stable-fixes). - drm/radeon/evergreen_cs: Clean up errors in evergreen_cs.c (bsc#1229024). - drm/radeon: Remove __counted_by from StateArray.states[] (git-fixes). - drm/rockchip: vop2: clear afbc en and transform bit for cluster window at linear mode (stable-fixes). - drm/virtio: Fix type of dma-fence context variable (git-fixes). - drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes). - drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes). - drm/vmwgfx: Fix prime with external buffers (git-fixes). - efi/libstub: Zero initialize heap allocated struct screen_info (git-fixes). - evm: do not copy up 'security.evm' xattr (git-fixes). - firmware: cirrus: cs_dsp: Initialize debugfs_root to invalid (stable-fixes). - fs/netfs/fscache_cookie: add missing 'n_accesses' check (bsc#1229455). - fuse: Initialize beyond-EOF page contents before setting uptodate (bsc#1229456). - genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline (git-fixes). - genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware (git-fixes). - genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() (git-fixes). - gfs2: setattr_chown: Add missing initialization (git-fixes). - gpio: mlxbf3: Support shutdown() function (git-fixes). - gpio: prevent potential speculation leaks in gpio_device_get_desc() (stable-fixes). - gpio: sysfs: extend the critical section for unregistering sysfs devices (stable-fixes). - gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (git-fixes). - hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (git-fixes). - hwmon: (ltc2992) Avoid division by zero (stable-fixes). - hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt() (git-fixes). - hwmon: (pc87360) Bounds check data->innr usage (stable-fixes). - i2c: Fix conditional for substituting empty ACPI functions (stable-fixes). - i2c: Use IS_REACHABLE() for substituting empty ACPI functions (git-fixes). - i2c: qcom-geni: Add missing clk_disable_unprepare in geni_i2c_runtime_resume (git-fixes). - i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume (git-fixes). - i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume (git-fixes). - i2c: riic: avoid potential division by zero (stable-fixes). - i2c: smbus: Improve handling of stuck alerts (git-fixes). - i2c: smbus: Send alert notifications to all devices if source not found (git-fixes). - i2c: stm32f7: Add atomic_xfer method to driver (stable-fixes). - i3c: mipi-i3c-hci: Do not unmap region not mapped for transfer (stable-fixes). - i3c: mipi-i3c-hci: Remove BUG() when Ring Abort request times out (stable-fixes). - i915/perf: Remove code to update PWR_CLK_STATE for gen12 (git-fixes). - ice: Fix NULL pointer access, if PF does not support SRIOV_LAG (bsc#1228737). - io_uring/advise: support 64-bit lengths (git-fixes). - io_uring: Drop per-ctx dummy_ubuf (git-fixes). - io_uring: Fix probe of disabled operations (git-fixes). - io_uring: fix io_match_task must_hold (git-fixes). - io_uring: tighten task exit cancellations (git-fixes). - iommu/amd: Convert comma to semicolon (git-fixes). - iommu/vt-d: Fix identity map bounds in si_domain_init() (git-fixes). - iommufd/device: Fix hwpt at err_unresv in iommufd_device_do_replace() (git-fixes). - ip6_tunnel: Fix broken GRO (bsc#1229444). - ipv6: sr: fix incorrect unregister order (git-fixes). - irqdomain: Fixed unbalanced fwnode get and put (git-fixes). - jfs: Fix shift-out-of-bounds in dbDiscardAG (git-fixes). - jfs: define xtree root and page independently (git-fixes). - jfs: fix null ptr deref in dtInsertEntry (git-fixes). - jump_label: Clarify condition in static_key_fast_inc_not_disabled() (git-fixes). - jump_label: Fix concurrency issues in static_key_slow_dec() (git-fixes). - jump_label: Fix the fix, brown paper bags galore (git-fixes). - jump_label: Simplify and clarify static_key_fast_inc_cpus_locked() (git-fixes). - kABI fix of: virtio-crypto: handle config changed by work queue (git-fixes). - kABI workaround for sound core UMP conversion (stable-fixes). - kabi fix for KVM: s390: fix LPSWEY handling (bsc#1227634 git-fixes). - kabi fix for SUNRPC: add a missing rpc_stat for TCP TLS (git-fixes). - kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783) - kabi: more build fix without patches.kabi (bsc#1226502) - kcov: properly check for softirq context (git-fixes). - kernel-binary.spec.in: Enable klp_symbols on openSUSE Tumbleweed (boo#1229042). - kernel-binary: generate and install compile_commands.json (bsc#1228971). - kernfs: Convert kernfs_path_from_node_locked() from strlcpy() to strscpy() (bsc#1229134). - kernfs: fix false-positive WARN(nr_mmapped) in kernfs_drain_open_files (git-fixes). - kprobes: Fix to check symbol prefixes correctly (git-fixes). - kprobes: Prohibit probing on CFI preamble symbol (git-fixes). - kvm: s390: Reject memory region operations for ucontrol VMs (git-fixes bsc#1229168). - libbpf: Add missing LIBBPF_API annotation to libbpf_set_memlock_rlim API (git-fixes). - libbpf: Apply map_set_def_max_entries() for inner_maps on creation (git-fixes). - libbpf: Fix faccessat() usage on Android (git-fixes). - libbpf: Use OPTS_SET() macro in bpf_xdp_query() (git-fixes). - md-cluster: fix hanging issue while a new disk adding (bsc#1223395). - md-cluster: fix hanging issue while a new disk adding (bsc#1223395). - md-cluster: fix no recovery job when adding/re-adding a disk (bsc#1223395). - md-cluster: fix no recovery job when adding/re-adding a disk (bsc#1223395). - md-cluster: keeping kabi compatibility for upstream commit 35a0a409fa26 (bsc#1223395). - md/md-bitmap: fix writing non bitmap pages (git-fixes). - md/raid1: set max_sectors during early return from choose_slow_rdev() (git-fixes). - md/raid1: support read error check (git-fixes). - md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (git-fixes). - md/raid5: fix spares errors about rcu usage (git-fixes). - md/raid5: recheck if reshape has finished with device_lock held (git-fixes). - md: Do not wait for MD_RECOVERY_NEEDED for HOT_REMOVE_DISK ioctl (git-fixes). - md: add a mddev_add_trace_msg helper (git-fixes). - md: add check for sleepers in md_wakeup_thread() (git-fixes). - md: change the return value type of md_write_start to void (git-fixes). - md: do not account sync_io if iostats of the disk is disabled (git-fixes). - md: do not delete safemode_timer in mddev_suspend (git-fixes). - md: factor out a helper exceed_read_errors() to check read_errors (git-fixes). - md: fix a suspicious RCU usage warning (git-fixes). - media: Revert 'media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()' (git-fixes). - media: amphion: Remove lock in s_ctrl callback (stable-fixes). - media: drivers/media/dvb-core: copy user arrays safely (stable-fixes). - media: pci: cx23885: check cx23885_vdev_init() return (stable-fixes). - media: uvcvideo: Add quirk for invalid dev_sof in Logitech C920 (git-fixes). - media: uvcvideo: Disable autosuspend for Insta360 Link (stable-fixes). - media: uvcvideo: Fix the bandwdith quirk on USB 3.x (stable-fixes). - media: uvcvideo: Ignore empty TS packets (stable-fixes). - media: uvcvideo: Quirk for invalid dev_sof in Logitech C922 (stable-fixes). - media: xc2028: avoid use-after-free in load_firmware_cb() (stable-fixes). - memcg: protect concurrent access to mem_cgroup_idr (git-fixes). - memory: stm32-fmc2-ebi: check regmap_read return value (stable-fixes). - memory: tegra: Skip SID programming if SID registers are not set (stable-fixes). - minmax: add a few more MIN_T/MAX_T users (bsc#1229024). - minmax: avoid overly complicated constant expressions in VM code (bsc#1229024). - minmax: do not use max() in situations that want a C constant expression (bsc#1229024). - minmax: fix up min3() and max3() too (bsc#1229024). - minmax: improve macro expansion and type checking (bsc#1229024). - minmax: make generic MIN() and MAX() macros available everywhere (bsc#1229024). - minmax: simplify and clarify min_t()/max_t() implementation (bsc#1229024). - minmax: simplify min()/max()/clamp() implementation (bsc#1229024). - mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes). - mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes). - mmc: dw_mmc: allow biu and ciu clocks to defer (git-fixes). - mmc: mmc_test: Fix NULL dereference on allocation failure (git-fixes). - mmc: mtk-sd: receive cmd8 data when hs400 tuning fail (git-fixes). - net/iucv: fix the allocation size of iucv_path_table array (git-fixes bsc#1229451). - net/iucv: fix use after free in iucv_sock_close() (bsc#1228973). - net/rds: fix possible cp null dereference (git-fixes). - net/sched: initialize noop_qdisc owner (git-fixes). - net: drop bad gso csum_start and offset in virtio_net_hdr (git-fixes). - net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb() (git-fixes). - net: fix sk_memory_allocated_{add|sub} vs softirqs (bsc#1228757). - net: mana: Add support for page sizes other than 4KB on ARM64 (jsc#PED-8491 bsc#1226530). - net: mana: Fix RX buf alloc_size alignment and atomic op panic (bsc#1229086). - net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings (bsc#1229154). - net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes). - net: missing check virtio (git-fixes). - net: phy: micrel: Fix the KSZ9131 MDI-X status issue (git-fixes). - net: phy: realtek: add support for RTL8366S Gigabit PHY (git-fixes). - net: usb: qmi_wwan: fix memory leak for not ip packets (git-fixes). - net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git-fixes). - netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() (bsc#1228459 bsc#1228462). - nfc: pn533: Add poll mod list filling check (git-fixes). - nfs: do not invalidate dentries on transient errors (git-fixes). - nfs: expose /proc/net/sunrpc/nfs in net namespaces (git-fixes). - nfs: make the rpc_stat per net namespace (git-fixes). - nfs: pass explicit offset/count to trace events (git-fixes). - nfs: propagate readlink errors in nfs_symlink_filler (git-fixes). - nouveau/firmware: use dma non-coherent allocator (git-fixes). - nvme-multipath: find NUMA path only for online numa-node (git-fixes). - nvme-multipath: implement 'queue-depth' iopolicy (bsc#1227706). - nvme-multipath: prepare for 'queue-depth' iopolicy (bsc#1227706). - nvme-pci: Fix the instructions for disabling power management (git-fixes). - nvme-pci: add missing condition check for existence of mapped data (git-fixes). - nvme-pci: do not directly handle subsys reset fallout (bsc#1220066). - nvme-sysfs: add 'tls_configured_key' sysfs attribute (bsc#1221857). - nvme-sysfs: add 'tls_keyring' attribute (bsc#1221857). - nvme-tcp: check for invalidated or revoked key (bsc#1221857). - nvme-tcp: sanitize TLS key handling (bsc#1221857). - nvme: add a newline to the 'tls_key' sysfs attribute (bsc#1221857). - nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset (git-fixes). - nvme: avoid double free special payload (git-fixes). - nvme: fix NVME_NS_DEAC may incorrectly identifying the disk as EXT_LBA (git-fixes). - nvme: fixup comment for nvme RDMA Provider Type (git-fixes). - nvme: split off TLS sysfs attributes into a separate group (bsc#1221857). - nvme: tcp: remove unnecessary goto statement (bsc#1221857). - nvme_core: scan namespaces asynchronously (bsc#1224105). - nvmet-auth: fix nvmet_auth hash error handling (git-fixes). - nvmet: always initialize cqe.result (git-fixes). - nvmet: do not return 'reserved' for empty TSAS values (git-fixes). - nvmet: fix a possible leak when destroy a ctrl during qp establishment (git-fixes). - nvmet: make 'tsas' attribute idempotent for RDMA (git-fixes). - ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410). - padata: Fix possible divide-by-0 panic in padata_mt_helper() (git-fixes). - perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 (git-fixes). - pinctrl: mediatek: common-v2: Fix broken bias-disable for PULL_PU_PD_RSEL_TYPE (git-fixes). - pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins (git-fixes). - pinctrl: single: fix potential NULL dereference in pcs_get_function() (git-fixes). - pinctrl: starfive: jh7110: Correct the level trigger configuration of iev register (git-fixes). - platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes). - platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes). - platform/surface: aggregator: Fix warning when controller is destroyed in probe (git-fixes). - platform/x86/amd/hsmp: Add support for ACPI based probing (jsc#PED-8779). - platform/x86/amd/hsmp: Cache pci_dev in struct hsmp_socket (jsc#PED-8779). - platform/x86/amd/hsmp: Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779). - platform/x86/amd/hsmp: Check HSMP support on AMD family of processors (jsc#PED-8779). - platform/x86/amd/hsmp: Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779). - platform/x86/amd/hsmp: Create static func to handle platdev (jsc#PED-8779). - platform/x86/amd/hsmp: Define a struct to hold mailbox regs (jsc#PED-8779). - platform/x86/amd/hsmp: Move dev from platdev to hsmp_socket (jsc#PED-8779). - platform/x86/amd/hsmp: Move hsmp_test to probe (jsc#PED-8779). - platform/x86/amd/hsmp: Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779). - platform/x86/amd/hsmp: Remove extra parenthesis and add a space (jsc#PED-8779). - platform/x86/amd/hsmp: Restructure sysfs group creation (jsc#PED-8779). - platform/x86/amd/hsmp: switch to use device_add_groups() (jsc#PED-8779). - platform/x86/intel/ifs: Initialize union ifs_status to zero (git-fixes). - platform/x86: lg-laptop: fix %s null argument warning (stable-fixes). - power: supply: axp288_charger: Fix constant_charge_voltage writes (git-fixes). - power: supply: axp288_charger: Round constant_charge_voltage writes down (git-fixes). - power: supply: qcom_battmgr: return EAGAIN when firmware service is not up (git-fixes). - powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (bsc#1194869). - powerpc/io: Avoid clang null pointer arithmetic warnings (bsc#1194869). - powerpc/kexec: make the update_cpus_node() function public (bsc#1194869). - powerpc/kexec: split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP (bsc#1194869). - powerpc/kexec_file: fix cpus node update to FDT (bsc#1194869). - powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (bsc#1194869). - powerpc/pseries: Whitelist dtl slub object for copying to userspace (bsc#1194869). - powerpc/radix: Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869). - powerpc/topology: Check if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes). - powerpc/xmon: Check cpu id in commands 'c#', 'dp#' and 'dx#' (bsc#1194869). - powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (bsc#1194869). - powerpc: xor_vmx: Add '-mhard-float' to CFLAGS (bsc#1194869). - printk/panic: Allow cpu backtraces to be written into ringbuffer during panic (bsc#1225607). - reiserfs: fix uninit-value in comp_keys (git-fixes). - rtc: nct3018y: fix possible NULL dereference (stable-fixes). - s390/cpum_cf: Fix endless loop in CF_DIAG event stop (git-fixes bsc#1229171). - s390/dasd: fix error checks in dasd_copy_pair_store() (git-fixes bsc#1229173). - s390/dasd: fix error recovery leading to data corruption on ESE devices (git-fixes bsc#1229452). - s390/pci: Add missing virt_to_phys() for directed DIBV (git-fixes bsc#1229174). - s390/pci: Allow allocation of more than 1 MSI interrupt (git-fixes bsc#1229172). - s390/pci: Refactor arch_setup_msi_irqs() (git-fixes bsc#1229172). - s390/pkey: harmonize pkey s390 debug feature calls (bsc#1228720). - s390/pkey: introduce dynamic debugging for pkey (bsc#1228720). - s390/sclp: Prevent release of buffer in I/O (git-fixes bsc#1229169). - s390/uv: Panic for set and remove shared access UVC errors (git-fixes bsc#1229170). - samples/bpf: syscall_tp_user: Fix array out-of-bound access (git-fixes). - samples/bpf: syscall_tp_user: Rename num_progs into nr_tests (git-fixes). - sbitmap: use READ_ONCE to access map->word (stable-fixes). - scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (bsc#1228857). - scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (bsc#1228857). - scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (bsc#1228857). - scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (bsc#1228857). - scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (bsc#1228857). - scsi: lpfc: Relax PRLI issue conditions after GID_FT response (bsc#1228857). - scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (bsc#1228857). - scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857). - scsi: qla2xxx: Avoid possible run-time warning with long model_num (bsc#1228850). - scsi: qla2xxx: Complete command early within lock (bsc#1228850). - scsi: qla2xxx: Convert comma to semicolon (bsc#1228850). - scsi: qla2xxx: Drop driver owner assignment (bsc#1228850). - scsi: qla2xxx: During vport delete send async logout explicitly (bsc#1228850). - scsi: qla2xxx: Fix debugfs output for fw_resource_count (bsc#1228850). - scsi: qla2xxx: Fix flash read failure (bsc#1228850). - scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850). - scsi: qla2xxx: Fix optrom version displayed in FDMI (bsc#1228850). - scsi: qla2xxx: Indent help text (bsc#1228850). - scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850). - scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple' (bsc#1228850). - scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (bsc#1228850). - scsi: qla2xxx: Unable to act on RSCN for port online (bsc#1228850). - scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850). - scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850). - scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850). - selftest/bpf: Add map_in_maps with BPF_MAP_TYPE_PERF_EVENT_ARRAY values (git-fixes). - selftests/bpf: Add a test to verify previous stacksafe() fix (bsc#1225903). - selftests/bpf: Add assert for user stacks in test_task_stack (git-fixes). - selftests/bpf: Add netkit to tc_redirect selftest (git-fixes). - selftests/bpf: De-veth-ize the tc_redirect test case (git-fixes). - selftests/bpf: Disable IPv6 for lwt_redirect test (git-fixes). - selftests/bpf: Fix erroneous bitmask operation (git-fixes). - selftests/bpf: Fix issues in setup_classid_environment() (git-fixes). - selftests/bpf: Fix potential premature unload in bpf_testmod (git-fixes). - selftests/bpf: Fix pyperf180 compilation failure with clang18 (git-fixes). - selftests/bpf: Fix the flaky tc_redirect_dtime test (git-fixes). - selftests/bpf: Fix up xdp bonding test wrt feature flags (git-fixes). - selftests/bpf: Make linked_list failure test more robust (git-fixes). - selftests/bpf: Relax time_tai test for equal timestamps in tai_forward (git-fixes). - selftests/bpf: Skip module_fentry_shadow test when bpf_testmod is not available (git-fixes). - selftests/bpf: Wait for the netstamp_needed_key static key to be turned on (git-fixes). - selftests/bpf: fix RELEASE=1 build for tc_opts (git-fixes). - selftests/bpf: fix bpf_loop_bench for new callback verification scheme (git-fixes). - selftests/bpf: fix compiler warnings in RELEASE=1 mode (git-fixes). - selftests/bpf: satisfy compiler by having explicit return in btf test (git-fixes). - serial: core: check uartclk for zero to avoid divide by zero (stable-fixes). - soc: qcom: cmd-db: Map shared memory as WC, not WB (git-fixes). - soc: qcom: pmic_glink: Actually communicate when remote goes down (git-fixes). - soundwire: stream: fix programming slave ports for non-continous port maps (git-fixes). - spi: Add empty versions of ACPI functions (stable-fixes). - spi: microchip-core: fix init function not setting the master and motorola modes (git-fixes). - spi: microchip-core: switch to use modern name (stable-fixes). - spi: spi-fsl-lpspi: Fix scldiv calculation (git-fixes). - spi: spidev: Add missing spi_device_id for bh2228fv (git-fixes). - squashfs: squashfs_read_data need to check if the length is 0 (git-fixes). - ssb: Fix division by zero issue in ssb_calc_clock_rate (stable-fixes). - staging: iio: resolver: ad2s1210: fix use before initialization (stable-fixes). - staging: ks7010: disable bh on tx_dev_lock (stable-fixes). - string.h: Introduce memtostr() and memtostr_pad() (bsc#1228849). - sunrpc: add a struct rpc_stats arg to rpc_create_args (git-fixes). - swiotlb: do not set total_used to 0 in swiotlb_create_debugfs_files() (git-fixes). - swiotlb: fix swiotlb_bounce() to do partial sync's correctly (git-fixes). - syscalls: fix compat_sys_io_pgetevents_time64 usage (git-fixes). - thermal/drivers/broadcom: Fix race between removal and clock disable (git-fixes). - thermal: bcm2835: Convert to platform remove callback returning void (stable-fixes). - thunderbolt: Mark XDomain as unplugged when router is removed (stable-fixes). - tools/perf: Fix perf bench epoll to enable the run when some CPU's are offline (bsc#1227747). - tools/perf: Fix perf bench futex to enable the run when some CPU's are offline (bsc#1227747). - tools/perf: Fix timing issue with parallel threads in perf bench wake-up-parallel (bsc#1227747). - tools/resolve_btfids: Fix comparison of distinct pointer types warning in resolve_btfids (git-fixes). - tools/resolve_btfids: Fix cross-compilation to non-host endianness (git-fixes). - tools/resolve_btfids: Refactor set sorting with types from btf_ids.h (git-fixes). - tools/resolve_btfids: fix build with musl libc (git-fixes). - trace/pid_list: Change gfp flags in pid_list_fill_irq() (git-fixes). - tracing: Return from tracing_buffers_read() if the file has been closed (bsc#1229136 git-fixes). - tty: atmel_serial: use the correct RTS flag (git-fixes). - tty: serial: fsl_lpuart: mark last busy before uart_add_one_port (git-fixes). - usb: cdnsp: fix for Link TRB with TC (git-fixes). - usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function (git-fixes). - usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() (git-fixes). - usb: dwc3: core: Skip setting event buffers for host only controllers (stable-fixes). - usb: dwc3: omap: add missing depopulate in probe error path (git-fixes). - usb: dwc3: st: add missing depopulate in probe error path (git-fixes). - usb: dwc3: st: fix probed platform device ref count on probe error path (git-fixes). - usb: gadget: core: Check for unset descriptor (git-fixes). - usb: gadget: fsl: Increase size of name buffer for endpoints (stable-fixes). - usb: gadget: u_audio: Check return codes from usb_ep_enable and config_ep_by_speed (git-fixes). - usb: gadget: u_serial: Set start_delayed during suspend (git-fixes). - usb: gadget: uvc: cleanup request when not in correct state (stable-fixes). - usb: typec: fsa4480: Add support to swap SBU orientation (git-fixes). - usb: typec: fsa4480: Check if the chip is really there (git-fixes). - usb: typec: fsa4480: Relax CHIP_ID check (git-fixes). - usb: typec: fsa4480: add support for Audio Accessory Mode (git-fixes). - usb: typec: fsa4480: rework mux & switch setup to handle more states (git-fixes). - usb: vhci-hcd: Do not drop references before new references are gained (stable-fixes). - vfio/pci: fix potential memory leak in vfio_intx_enable() (git-fixes). - vhost-scsi: Handle vhost_vq_work_queue failures for events (git-fixes). - vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (git-fixes). - vhost/vsock: always initialize seqpacket_allow (git-fixes). - vhost: Release worker mutex during flushes (git-fixes). - vhost: Use virtqueue mutex for swapping worker (git-fixes). - virt: guest_memfd: fix reference leak on hwpoisoned page (git-fixes). - virtio-crypto: handle config changed by work queue (git-fixes). - virtio: reenable config if freezing device failed (git-fixes). - virtio_net: use u64_stats_t infra to avoid data-races (git-fixes). - virtiofs: forbid newlines in tags (bsc#1229940). - wifi: ath12k: fix memory leak in ath12k_dp_rx_peer_frag_setup() (stable-fixes). - wifi: ath12k: fix soft lockup on suspend (git-fixes). - wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion (git-fixes). - wifi: cfg80211: fix reporting failed MLO links status with cfg80211_connect_done (git-fixes). - wifi: iwlwifi: fw: fix wgds rev 3 exact size (git-fixes). - wifi: mac80211: use monitor sdata with driver only if desired (git-fixes). - wifi: mwifiex: duplicate static structs used in driver instances (git-fixes). - wifi: nl80211: disallow setting special AP channel widths (stable-fixes). - wifi: nl80211: do not give key data to userspace (stable-fixes). - wifi: rtw88: usb: Fix disconnection after beacon loss (stable-fixes). - wifi: wfx: repair open network AP mode (git-fixes). - workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454). - workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454). - x86/asm: Use %c/%n instead of %P operand modifier in asm templates (git-fixes). - x86/entry/64: Remove obsolete comment on tracing vs. SYSRET (git-fixes). - x86/mm: Fix pti_clone_entry_text() for i386 (git-fixes). - x86/mm: Fix pti_clone_pgtable() alignment assumption (git-fixes). - x86/mtrr: Check if fixed MTRRs exist before saving them (git-fixes). - x86/numa: Fix SRAT lookup of CFMWS ranges with numa_fill_memblks() (git-fixes). - x86/numa: Fix the address overlap check in numa_fill_memblks() (git-fixes). - x86/numa: Fix the sort compare func used in numa_fill_memblks() (git-fixes). - x86/numa: Introduce numa_fill_memblks() (git-fixes). - x86/pci: Skip early E820 check for ECAM region (git-fixes). - x86/xen: Convert comma to semicolon (git-fixes). - xfs: Fix missing interval for missing_owner in xfs fsmap (git-fixes). - xfs: Fix the owner setting issue for rmap query in xfs fsmap (git-fixes). - xfs: allow cross-linking special files without project quota (git-fixes). - xfs: allow symlinks with short remote targets (bsc#1229160). - xfs: allow unlinked symlinks and dirs with zero size (git-fixes). - xfs: attr forks require attr, not attr2 (git-fixes). - xfs: convert comma to semicolon (git-fixes). - xfs: do not use current->journal_info (git-fixes). - xfs: fix unlink vs cluster buffer instantiation race (git-fixes). - xfs: honor init_xattrs in xfs_init_new_inode for !ATTR fs (git-fixes). - xfs: journal geometry is not properly bounds checked (git-fixes). - xfs: match lock mode in xfs_buffered_write_iomap_begin() (git-fixes). - xfs: require XFS_SB_FEAT_INCOMPAT_LOG_XATTRS for attr log intent item recovery (git-fixes). - xfs: upgrade the extent counters in xfs_reflink_end_cow_extent later (git-fixes). - xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code (git-fixes). - xfs: use consistent uid/gid when grabbing dquots for inodes (git-fixes). - xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (git-fixes). - xprtrdma: Fix rpcrdma_reqs_reset() (git-fixes). Important SUSE bug 1012628 SUSE bug 1193454 SUSE bug 1194869 SUSE bug 1205462 SUSE bug 1208783 SUSE bug 1213123 SUSE bug 1214285 SUSE bug 1215199 SUSE bug 1220066 SUSE bug 1220252 SUSE bug 1220877 SUSE bug 1221326 SUSE bug 1221630 SUSE bug 1221645 SUSE bug 1221652 SUSE bug 1221857 SUSE bug 1222254 SUSE bug 1222335 SUSE bug 1222350 SUSE bug 1222364 SUSE bug 1222372 SUSE bug 1222387 SUSE bug 1222433 SUSE bug 1222434 SUSE bug 1222463 SUSE bug 1222625 SUSE bug 1222633 SUSE bug 1222634 SUSE bug 1222808 SUSE bug 1222967 SUSE bug 1222973 SUSE bug 1223053 SUSE bug 1223074 SUSE bug 1223191 SUSE bug 1223395 SUSE bug 1223635 SUSE bug 1223720 SUSE bug 1223731 SUSE bug 1223742 SUSE bug 1223763 SUSE bug 1223767 SUSE bug 1223777 SUSE bug 1223803 SUSE bug 1224105 SUSE bug 1224415 SUSE bug 1224485 SUSE bug 1224496 SUSE bug 1224510 SUSE bug 1224535 SUSE bug 1224631 SUSE bug 1224636 SUSE bug 1224690 SUSE bug 1224694 SUSE bug 1224700 SUSE bug 1224711 SUSE bug 1225475 SUSE bug 1225582 SUSE bug 1225607 SUSE bug 1225717 SUSE bug 1225718 SUSE bug 1225744 SUSE bug 1225745 SUSE bug 1225751 SUSE bug 1225814 SUSE bug 1225832 SUSE bug 1225838 SUSE bug 1225903 SUSE bug 1226031 SUSE bug 1226127 SUSE bug 1226502 SUSE bug 1226530 SUSE bug 1226588 SUSE bug 1226604 SUSE bug 1226743 SUSE bug 1226751 SUSE bug 1226765 SUSE bug 1226798 SUSE bug 1226801 SUSE bug 1226834 SUSE bug 1226874 SUSE bug 1226885 SUSE bug 1226920 SUSE bug 1227149 SUSE bug 1227182 SUSE bug 1227383 SUSE bug 1227437 SUSE bug 1227492 SUSE bug 1227493 SUSE bug 1227494 SUSE bug 1227618 SUSE bug 1227620 SUSE bug 1227623 SUSE bug 1227627 SUSE bug 1227634 SUSE bug 1227706 SUSE bug 1227722 SUSE bug 1227724 SUSE bug 1227725 SUSE bug 1227728 SUSE bug 1227729 SUSE bug 1227732 SUSE bug 1227733 SUSE bug 1227734 SUSE bug 1227747 SUSE bug 1227750 SUSE bug 1227754 SUSE bug 1227758 SUSE bug 1227760 SUSE bug 1227761 SUSE bug 1227764 SUSE bug 1227766 SUSE bug 1227770 SUSE bug 1227771 SUSE bug 1227772 SUSE bug 1227774 SUSE bug 1227781 SUSE bug 1227784 SUSE bug 1227785 SUSE bug 1227787 SUSE bug 1227790 SUSE bug 1227791 SUSE bug 1227792 SUSE bug 1227796 SUSE bug 1227798 SUSE bug 1227799 SUSE bug 1227802 SUSE bug 1227808 SUSE bug 1227810 SUSE bug 1227811 SUSE bug 1227812 SUSE bug 1227815 SUSE bug 1227816 SUSE bug 1227818 SUSE bug 1227820 SUSE bug 1227823 SUSE bug 1227824 SUSE bug 1227826 SUSE bug 1227828 SUSE bug 1227829 SUSE bug 1227830 SUSE bug 1227832 SUSE bug 1227833 SUSE bug 1227834 SUSE bug 1227839 SUSE bug 1227840 SUSE bug 1227846 SUSE bug 1227849 SUSE bug 1227851 SUSE bug 1227853 SUSE bug 1227863 SUSE bug 1227864 SUSE bug 1227865 SUSE bug 1227867 SUSE bug 1227869 SUSE bug 1227870 SUSE bug 1227883 SUSE bug 1227884 SUSE bug 1227891 SUSE bug 1227893 SUSE bug 1227929 SUSE bug 1227950 SUSE bug 1227957 SUSE bug 1227981 SUSE bug 1228020 SUSE bug 1228021 SUSE bug 1228114 SUSE bug 1228192 SUSE bug 1228195 SUSE bug 1228202 SUSE bug 1228235 SUSE bug 1228236 SUSE bug 1228237 SUSE bug 1228247 SUSE bug 1228321 SUSE bug 1228409 SUSE bug 1228410 SUSE bug 1228426 SUSE bug 1228427 SUSE bug 1228429 SUSE bug 1228446 SUSE bug 1228447 SUSE bug 1228449 SUSE bug 1228450 SUSE bug 1228452 SUSE bug 1228456 SUSE bug 1228457 SUSE bug 1228458 SUSE bug 1228459 SUSE bug 1228460 SUSE bug 1228462 SUSE bug 1228463 SUSE bug 1228466 SUSE bug 1228467 SUSE bug 1228468 SUSE bug 1228469 SUSE bug 1228470 SUSE bug 1228472 SUSE bug 1228479 SUSE bug 1228480 SUSE bug 1228481 SUSE bug 1228482 SUSE bug 1228483 SUSE bug 1228484 SUSE bug 1228485 SUSE bug 1228486 SUSE bug 1228487 SUSE bug 1228489 SUSE bug 1228491 SUSE bug 1228492 SUSE bug 1228493 SUSE bug 1228494 SUSE bug 1228495 SUSE bug 1228496 SUSE bug 1228499 SUSE bug 1228500 SUSE bug 1228501 SUSE bug 1228502 SUSE bug 1228503 SUSE bug 1228505 SUSE bug 1228508 SUSE bug 1228509 SUSE bug 1228510 SUSE bug 1228511 SUSE bug 1228513 SUSE bug 1228515 SUSE bug 1228516 SUSE bug 1228518 SUSE bug 1228520 SUSE bug 1228525 SUSE bug 1228527 SUSE bug 1228530 SUSE bug 1228531 SUSE bug 1228539 SUSE bug 1228561 SUSE bug 1228563 SUSE bug 1228564 SUSE bug 1228565 SUSE bug 1228567 SUSE bug 1228568 SUSE bug 1228572 SUSE bug 1228576 SUSE bug 1228579 SUSE bug 1228580 SUSE bug 1228581 SUSE bug 1228582 SUSE bug 1228584 SUSE bug 1228586 SUSE bug 1228588 SUSE bug 1228590 SUSE bug 1228591 SUSE bug 1228599 SUSE bug 1228615 SUSE bug 1228616 SUSE bug 1228617 SUSE bug 1228625 SUSE bug 1228626 SUSE bug 1228633 SUSE bug 1228635 SUSE bug 1228636 SUSE bug 1228640 SUSE bug 1228643 SUSE bug 1228644 SUSE bug 1228646 SUSE bug 1228649 SUSE bug 1228650 SUSE bug 1228654 SUSE bug 1228655 SUSE bug 1228656 SUSE bug 1228658 SUSE bug 1228660 SUSE bug 1228662 SUSE bug 1228665 SUSE bug 1228666 SUSE bug 1228667 SUSE bug 1228672 SUSE bug 1228673 SUSE bug 1228674 SUSE bug 1228677 SUSE bug 1228680 SUSE bug 1228687 SUSE bug 1228705 SUSE bug 1228706 SUSE bug 1228707 SUSE bug 1228708 SUSE bug 1228709 SUSE bug 1228710 SUSE bug 1228718 SUSE bug 1228720 SUSE bug 1228721 SUSE bug 1228722 SUSE bug 1228723 SUSE bug 1228724 SUSE bug 1228726 SUSE bug 1228727 SUSE bug 1228733 SUSE bug 1228737 SUSE bug 1228743 SUSE bug 1228748 SUSE bug 1228754 SUSE bug 1228756 SUSE bug 1228757 SUSE bug 1228758 SUSE bug 1228764 SUSE bug 1228766 SUSE bug 1228779 SUSE bug 1228801 SUSE bug 1228849 SUSE bug 1228850 SUSE bug 1228857 SUSE bug 1228959 SUSE bug 1228964 SUSE bug 1228966 SUSE bug 1228967 SUSE bug 1228973 SUSE bug 1228977 SUSE bug 1228978 SUSE bug 1228979 SUSE bug 1228986 SUSE bug 1228988 SUSE bug 1228989 SUSE bug 1228991 SUSE bug 1228992 SUSE bug 1229005 SUSE bug 1229024 SUSE bug 1229042 SUSE bug 1229045 SUSE bug 1229046 SUSE bug 1229054 SUSE bug 1229056 SUSE bug 1229086 SUSE bug 1229134 SUSE bug 1229136 SUSE bug 1229154 SUSE bug 1229156 SUSE bug 1229160 SUSE bug 1229167 SUSE bug 1229168 SUSE bug 1229169 SUSE bug 1229170 SUSE bug 1229171 SUSE bug 1229172 SUSE bug 1229173 SUSE bug 1229174 SUSE bug 1229239 SUSE bug 1229240 SUSE bug 1229241 SUSE bug 1229243 SUSE bug 1229244 SUSE bug 1229245 SUSE bug 1229246 SUSE bug 1229247 SUSE bug 1229248 SUSE bug 1229249 SUSE bug 1229250 SUSE bug 1229251 SUSE bug 1229252 SUSE bug 1229253 SUSE bug 1229254 SUSE bug 1229255 SUSE bug 1229256 SUSE bug 1229287 SUSE bug 1229290 SUSE bug 1229291 SUSE bug 1229292 SUSE bug 1229294 SUSE bug 1229296 SUSE bug 1229297 SUSE bug 1229298 SUSE bug 1229299 SUSE bug 1229301 SUSE bug 1229303 SUSE bug 1229304 SUSE bug 1229305 SUSE bug 1229307 SUSE bug 1229309 SUSE bug 1229312 SUSE bug 1229313 SUSE bug 1229314 SUSE bug 1229315 SUSE bug 1229316 SUSE bug 1229317 SUSE bug 1229318 SUSE bug 1229319 SUSE bug 1229320 SUSE bug 1229327 SUSE bug 1229341 SUSE bug 1229342 SUSE bug 1229344 SUSE bug 1229345 SUSE bug 1229346 SUSE bug 1229347 SUSE bug 1229349 SUSE bug 1229350 SUSE bug 1229351 SUSE bug 1229353 SUSE bug 1229354 SUSE bug 1229355 SUSE bug 1229356 SUSE bug 1229357 SUSE bug 1229358 SUSE bug 1229359 SUSE bug 1229360 SUSE bug 1229365 SUSE bug 1229366 SUSE bug 1229369 SUSE bug 1229370 SUSE bug 1229373 SUSE bug 1229374 SUSE bug 1229379 SUSE bug 1229381 SUSE bug 1229382 SUSE bug 1229383 SUSE bug 1229386 SUSE bug 1229388 SUSE bug 1229390 SUSE bug 1229391 SUSE bug 1229392 SUSE bug 1229395 SUSE bug 1229398 SUSE bug 1229399 SUSE bug 1229400 SUSE bug 1229402 SUSE bug 1229403 SUSE bug 1229404 SUSE bug 1229407 SUSE bug 1229409 SUSE bug 1229410 SUSE bug 1229411 SUSE bug 1229413 SUSE bug 1229414 SUSE bug 1229417 SUSE bug 1229444 SUSE bug 1229451 SUSE bug 1229452 SUSE bug 1229455 SUSE bug 1229456 SUSE bug 1229480 SUSE bug 1229481 SUSE bug 1229482 SUSE bug 1229484 SUSE bug 1229485 SUSE bug 1229486 SUSE bug 1229487 SUSE bug 1229488 SUSE bug 1229489 SUSE bug 1229490 SUSE bug 1229493 SUSE bug 1229495 SUSE bug 1229496 SUSE bug 1229497 SUSE bug 1229500 SUSE bug 1229503 SUSE bug 1229707 SUSE bug 1229739 SUSE bug 1229743 SUSE bug 1229746 SUSE bug 1229747 SUSE bug 1229752 SUSE bug 1229754 SUSE bug 1229755 SUSE bug 1229756 SUSE bug 1229759 SUSE bug 1229761 SUSE bug 1229767 SUSE bug 1229781 SUSE bug 1229784 SUSE bug 1229785 SUSE bug 1229787 SUSE bug 1229788 SUSE bug 1229789 SUSE bug 1229792 SUSE bug 1229820 SUSE bug 1229827 SUSE bug 1229830 SUSE bug 1229837 SUSE bug 1229940 SUSE bug 1230056 SUSE bug 1230350 SUSE bug 1230413 CVE-2023-52489 at SUSE CVE-2023-52489 at NVD CVE-2023-52581 at SUSE CVE-2023-52581 at NVD CVE-2023-52668 at SUSE CVE-2023-52668 at NVD CVE-2023-52688 at SUSE CVE-2023-52688 at NVD CVE-2023-52735 at SUSE CVE-2023-52735 at NVD CVE-2023-52859 at SUSE CVE-2023-52859 at NVD CVE-2023-52885 at SUSE CVE-2023-52885 at NVD CVE-2023-52886 at SUSE CVE-2023-52886 at NVD CVE-2023-52887 at SUSE CVE-2023-52887 at NVD CVE-2023-52889 at SUSE CVE-2023-52889 at NVD CVE-2024-26590 at SUSE CVE-2024-26590 at NVD CVE-2024-26631 at SUSE CVE-2024-26631 at NVD CVE-2024-26637 at SUSE CVE-2024-26637 at NVD CVE-2024-26668 at SUSE CVE-2024-26668 at NVD CVE-2024-26669 at SUSE CVE-2024-26669 at NVD CVE-2024-26677 at SUSE CVE-2024-26677 at NVD CVE-2024-26682 at SUSE CVE-2024-26682 at NVD CVE-2024-26683 at SUSE CVE-2024-26683 at NVD CVE-2024-26691 at SUSE CVE-2024-26691 at NVD CVE-2024-26735 at SUSE CVE-2024-26735 at NVD CVE-2024-26808 at SUSE CVE-2024-26808 at NVD CVE-2024-26809 at SUSE CVE-2024-26809 at NVD CVE-2024-26812 at SUSE CVE-2024-26812 at NVD CVE-2024-26835 at SUSE CVE-2024-26835 at NVD CVE-2024-26837 at SUSE CVE-2024-26837 at NVD CVE-2024-26849 at SUSE CVE-2024-26849 at NVD CVE-2024-26851 at SUSE CVE-2024-26851 at NVD CVE-2024-26889 at SUSE CVE-2024-26889 at NVD CVE-2024-26920 at SUSE CVE-2024-26920 at NVD CVE-2024-26944 at SUSE CVE-2024-26944 at NVD CVE-2024-26976 at SUSE CVE-2024-26976 at NVD CVE-2024-27010 at SUSE CVE-2024-27010 at NVD CVE-2024-27011 at SUSE CVE-2024-27011 at NVD CVE-2024-27024 at SUSE CVE-2024-27024 at NVD CVE-2024-27049 at SUSE CVE-2024-27049 at NVD CVE-2024-27050 at SUSE CVE-2024-27050 at NVD CVE-2024-27079 at SUSE CVE-2024-27079 at NVD CVE-2024-27403 at SUSE CVE-2024-27403 at NVD CVE-2024-27433 at SUSE CVE-2024-27433 at NVD CVE-2024-27437 at SUSE CVE-2024-27437 at NVD CVE-2024-31076 at SUSE CVE-2024-31076 at NVD CVE-2024-35854 at SUSE CVE-2024-35854 at NVD CVE-2024-35855 at SUSE CVE-2024-35855 at NVD CVE-2024-35897 at SUSE CVE-2024-35897 at NVD CVE-2024-35902 at SUSE CVE-2024-35902 at NVD CVE-2024-35913 at SUSE CVE-2024-35913 at NVD CVE-2024-35939 at SUSE CVE-2024-35939 at NVD CVE-2024-35949 at SUSE CVE-2024-35949 at NVD CVE-2024-36270 at SUSE CVE-2024-36270 at NVD CVE-2024-36286 at SUSE CVE-2024-36286 at NVD CVE-2024-36288 at SUSE CVE-2024-36288 at NVD CVE-2024-36489 at SUSE CVE-2024-36489 at NVD CVE-2024-36881 at SUSE CVE-2024-36881 at NVD CVE-2024-36907 at SUSE CVE-2024-36907 at NVD CVE-2024-36909 at SUSE CVE-2024-36909 at NVD CVE-2024-36910 at SUSE CVE-2024-36910 at NVD CVE-2024-36911 at SUSE CVE-2024-36911 at NVD CVE-2024-36929 at SUSE CVE-2024-36929 at NVD CVE-2024-36933 at SUSE CVE-2024-36933 at NVD CVE-2024-36939 at SUSE CVE-2024-36939 at NVD CVE-2024-36970 at SUSE CVE-2024-36970 at NVD CVE-2024-36979 at SUSE CVE-2024-36979 at NVD CVE-2024-38548 at SUSE CVE-2024-38548 at NVD CVE-2024-38563 at SUSE CVE-2024-38563 at NVD CVE-2024-38609 at SUSE CVE-2024-38609 at NVD CVE-2024-38662 at SUSE CVE-2024-38662 at NVD CVE-2024-39476 at SUSE CVE-2024-39476 at NVD CVE-2024-39483 at SUSE CVE-2024-39483 at NVD CVE-2024-39484 at SUSE CVE-2024-39484 at NVD CVE-2024-39486 at SUSE CVE-2024-39486 at NVD CVE-2024-39488 at SUSE CVE-2024-39488 at NVD CVE-2024-39489 at SUSE CVE-2024-39489 at NVD CVE-2024-39491 at SUSE CVE-2024-39491 at NVD CVE-2024-39493 at SUSE CVE-2024-39493 at NVD CVE-2024-39497 at SUSE CVE-2024-39497 at NVD CVE-2024-39499 at SUSE CVE-2024-39499 at NVD CVE-2024-39500 at SUSE CVE-2024-39500 at NVD CVE-2024-39501 at SUSE CVE-2024-39501 at NVD CVE-2024-39505 at SUSE CVE-2024-39505 at NVD CVE-2024-39506 at SUSE CVE-2024-39506 at NVD CVE-2024-39508 at SUSE CVE-2024-39508 at NVD CVE-2024-39509 at SUSE CVE-2024-39509 at NVD CVE-2024-39510 at SUSE CVE-2024-39510 at NVD CVE-2024-40899 at SUSE CVE-2024-40899 at NVD CVE-2024-40900 at SUSE CVE-2024-40900 at NVD CVE-2024-40902 at SUSE CVE-2024-40902 at NVD CVE-2024-40903 at SUSE CVE-2024-40903 at NVD CVE-2024-40904 at SUSE CVE-2024-40904 at NVD CVE-2024-40905 at SUSE CVE-2024-40905 at NVD CVE-2024-40909 at SUSE CVE-2024-40909 at NVD CVE-2024-40910 at SUSE CVE-2024-40910 at NVD CVE-2024-40911 at SUSE CVE-2024-40911 at NVD CVE-2024-40912 at SUSE CVE-2024-40912 at NVD CVE-2024-40913 at SUSE CVE-2024-40913 at NVD CVE-2024-40916 at SUSE CVE-2024-40916 at NVD CVE-2024-40920 at SUSE CVE-2024-40920 at NVD CVE-2024-40921 at SUSE CVE-2024-40921 at NVD CVE-2024-40922 at SUSE CVE-2024-40922 at NVD CVE-2024-40924 at SUSE CVE-2024-40924 at NVD CVE-2024-40926 at SUSE CVE-2024-40926 at NVD CVE-2024-40927 at SUSE CVE-2024-40927 at NVD CVE-2024-40929 at SUSE CVE-2024-40929 at NVD CVE-2024-40930 at SUSE CVE-2024-40930 at NVD CVE-2024-40932 at SUSE CVE-2024-40932 at NVD CVE-2024-40934 at SUSE CVE-2024-40934 at NVD CVE-2024-40936 at SUSE CVE-2024-40936 at NVD CVE-2024-40938 at SUSE CVE-2024-40938 at NVD CVE-2024-40939 at SUSE CVE-2024-40939 at NVD CVE-2024-40941 at SUSE CVE-2024-40941 at NVD CVE-2024-40942 at SUSE CVE-2024-40942 at NVD CVE-2024-40943 at SUSE CVE-2024-40943 at NVD CVE-2024-40944 at SUSE CVE-2024-40944 at NVD CVE-2024-40945 at SUSE CVE-2024-40945 at NVD CVE-2024-40954 at SUSE CVE-2024-40954 at NVD CVE-2024-40956 at SUSE CVE-2024-40956 at NVD CVE-2024-40957 at SUSE CVE-2024-40957 at NVD CVE-2024-40958 at SUSE CVE-2024-40958 at NVD CVE-2024-40959 at SUSE CVE-2024-40959 at NVD CVE-2024-40962 at SUSE CVE-2024-40962 at NVD CVE-2024-40964 at SUSE CVE-2024-40964 at NVD CVE-2024-40967 at SUSE CVE-2024-40967 at NVD CVE-2024-40976 at SUSE CVE-2024-40976 at NVD CVE-2024-40977 at SUSE CVE-2024-40977 at NVD CVE-2024-40978 at SUSE CVE-2024-40978 at NVD CVE-2024-40981 at SUSE CVE-2024-40981 at NVD CVE-2024-40982 at SUSE CVE-2024-40982 at NVD CVE-2024-40984 at SUSE CVE-2024-40984 at NVD CVE-2024-40987 at SUSE CVE-2024-40987 at NVD CVE-2024-40988 at SUSE CVE-2024-40988 at NVD CVE-2024-40989 at SUSE CVE-2024-40989 at NVD CVE-2024-40990 at SUSE CVE-2024-40990 at NVD CVE-2024-40992 at SUSE CVE-2024-40992 at NVD CVE-2024-40994 at SUSE CVE-2024-40994 at NVD CVE-2024-40995 at SUSE CVE-2024-40995 at NVD CVE-2024-40997 at SUSE CVE-2024-40997 at NVD CVE-2024-41000 at SUSE CVE-2024-41000 at NVD CVE-2024-41001 at SUSE CVE-2024-41001 at NVD CVE-2024-41002 at SUSE CVE-2024-41002 at NVD CVE-2024-41004 at SUSE CVE-2024-41004 at NVD CVE-2024-41007 at SUSE CVE-2024-41007 at NVD CVE-2024-41009 at SUSE CVE-2024-41009 at NVD CVE-2024-41010 at SUSE CVE-2024-41010 at NVD CVE-2024-41011 at SUSE CVE-2024-41011 at NVD CVE-2024-41012 at SUSE CVE-2024-41012 at NVD CVE-2024-41015 at SUSE CVE-2024-41015 at NVD CVE-2024-41016 at SUSE CVE-2024-41016 at NVD CVE-2024-41020 at SUSE CVE-2024-41020 at NVD CVE-2024-41022 at SUSE CVE-2024-41022 at NVD CVE-2024-41024 at SUSE CVE-2024-41024 at NVD CVE-2024-41025 at SUSE CVE-2024-41025 at NVD CVE-2024-41028 at SUSE CVE-2024-41028 at NVD CVE-2024-41032 at SUSE CVE-2024-41032 at NVD CVE-2024-41035 at SUSE CVE-2024-41035 at NVD CVE-2024-41036 at SUSE CVE-2024-41036 at NVD CVE-2024-41037 at SUSE CVE-2024-41037 at NVD CVE-2024-41038 at SUSE CVE-2024-41038 at NVD CVE-2024-41039 at SUSE CVE-2024-41039 at NVD CVE-2024-41040 at SUSE CVE-2024-41040 at NVD CVE-2024-41041 at SUSE CVE-2024-41041 at NVD CVE-2024-41044 at SUSE CVE-2024-41044 at NVD CVE-2024-41045 at SUSE CVE-2024-41045 at NVD CVE-2024-41048 at SUSE CVE-2024-41048 at NVD CVE-2024-41049 at SUSE CVE-2024-41049 at NVD CVE-2024-41050 at SUSE CVE-2024-41050 at NVD CVE-2024-41051 at SUSE CVE-2024-41051 at NVD CVE-2024-41056 at SUSE CVE-2024-41056 at NVD CVE-2024-41057 at SUSE CVE-2024-41057 at NVD CVE-2024-41058 at SUSE CVE-2024-41058 at NVD CVE-2024-41059 at SUSE CVE-2024-41059 at NVD CVE-2024-41060 at SUSE CVE-2024-41060 at NVD CVE-2024-41061 at SUSE CVE-2024-41061 at NVD CVE-2024-41062 at SUSE CVE-2024-41062 at NVD CVE-2024-41063 at SUSE CVE-2024-41063 at NVD CVE-2024-41064 at SUSE CVE-2024-41064 at NVD CVE-2024-41065 at SUSE CVE-2024-41065 at NVD CVE-2024-41066 at SUSE CVE-2024-41066 at NVD CVE-2024-41068 at SUSE CVE-2024-41068 at NVD CVE-2024-41069 at SUSE CVE-2024-41069 at NVD CVE-2024-41070 at SUSE CVE-2024-41070 at NVD CVE-2024-41071 at SUSE CVE-2024-41071 at NVD CVE-2024-41072 at SUSE CVE-2024-41072 at NVD CVE-2024-41073 at SUSE CVE-2024-41073 at NVD CVE-2024-41074 at SUSE CVE-2024-41074 at NVD CVE-2024-41075 at SUSE CVE-2024-41075 at NVD CVE-2024-41076 at SUSE CVE-2024-41076 at NVD CVE-2024-41078 at SUSE CVE-2024-41078 at NVD CVE-2024-41079 at SUSE CVE-2024-41079 at NVD CVE-2024-41080 at SUSE CVE-2024-41080 at NVD CVE-2024-41081 at SUSE CVE-2024-41081 at NVD CVE-2024-41084 at SUSE CVE-2024-41084 at NVD CVE-2024-41087 at SUSE CVE-2024-41087 at NVD CVE-2024-41088 at SUSE CVE-2024-41088 at NVD CVE-2024-41089 at SUSE CVE-2024-41089 at NVD CVE-2024-41092 at SUSE CVE-2024-41092 at NVD CVE-2024-41093 at SUSE CVE-2024-41093 at NVD CVE-2024-41094 at SUSE CVE-2024-41094 at NVD CVE-2024-41095 at SUSE CVE-2024-41095 at NVD CVE-2024-41096 at SUSE CVE-2024-41096 at NVD CVE-2024-41097 at SUSE CVE-2024-41097 at NVD CVE-2024-41098 at SUSE CVE-2024-41098 at NVD CVE-2024-42064 at SUSE CVE-2024-42064 at NVD CVE-2024-42069 at SUSE CVE-2024-42069 at NVD CVE-2024-42070 at SUSE CVE-2024-42070 at NVD CVE-2024-42073 at SUSE CVE-2024-42073 at NVD CVE-2024-42074 at SUSE CVE-2024-42074 at NVD CVE-2024-42076 at SUSE CVE-2024-42076 at NVD CVE-2024-42077 at SUSE CVE-2024-42077 at NVD CVE-2024-42079 at SUSE CVE-2024-42079 at NVD CVE-2024-42080 at SUSE CVE-2024-42080 at NVD CVE-2024-42082 at SUSE CVE-2024-42082 at NVD CVE-2024-42085 at SUSE CVE-2024-42085 at NVD CVE-2024-42086 at SUSE CVE-2024-42086 at NVD CVE-2024-42087 at SUSE CVE-2024-42087 at NVD CVE-2024-42089 at SUSE CVE-2024-42089 at NVD CVE-2024-42090 at SUSE CVE-2024-42090 at NVD CVE-2024-42092 at SUSE CVE-2024-42092 at NVD CVE-2024-42093 at SUSE CVE-2024-42093 at NVD CVE-2024-42095 at SUSE CVE-2024-42095 at NVD CVE-2024-42096 at SUSE CVE-2024-42096 at NVD CVE-2024-42097 at SUSE CVE-2024-42097 at NVD CVE-2024-42098 at SUSE CVE-2024-42098 at NVD CVE-2024-42101 at SUSE CVE-2024-42101 at NVD CVE-2024-42104 at SUSE CVE-2024-42104 at NVD CVE-2024-42105 at SUSE CVE-2024-42105 at NVD CVE-2024-42106 at SUSE CVE-2024-42106 at NVD CVE-2024-42107 at SUSE CVE-2024-42107 at NVD CVE-2024-42109 at SUSE CVE-2024-42109 at NVD CVE-2024-42110 at SUSE CVE-2024-42110 at NVD CVE-2024-42113 at SUSE CVE-2024-42113 at NVD CVE-2024-42114 at SUSE CVE-2024-42114 at NVD CVE-2024-42115 at SUSE CVE-2024-42115 at NVD CVE-2024-42117 at SUSE CVE-2024-42117 at NVD CVE-2024-42119 at SUSE CVE-2024-42119 at NVD CVE-2024-42120 at SUSE CVE-2024-42120 at NVD CVE-2024-42121 at SUSE CVE-2024-42121 at NVD CVE-2024-42122 at SUSE CVE-2024-42122 at NVD CVE-2024-42124 at SUSE CVE-2024-42124 at NVD CVE-2024-42125 at SUSE CVE-2024-42125 at NVD CVE-2024-42126 at SUSE CVE-2024-42126 at NVD CVE-2024-42127 at SUSE CVE-2024-42127 at NVD CVE-2024-42130 at SUSE CVE-2024-42130 at NVD CVE-2024-42131 at SUSE CVE-2024-42131 at NVD CVE-2024-42132 at SUSE CVE-2024-42132 at NVD CVE-2024-42133 at SUSE CVE-2024-42133 at NVD CVE-2024-42136 at SUSE CVE-2024-42136 at NVD CVE-2024-42137 at SUSE CVE-2024-42137 at NVD CVE-2024-42138 at SUSE CVE-2024-42138 at NVD CVE-2024-42139 at SUSE CVE-2024-42139 at NVD CVE-2024-42141 at SUSE CVE-2024-42141 at NVD CVE-2024-42142 at SUSE CVE-2024-42142 at NVD CVE-2024-42143 at SUSE CVE-2024-42143 at NVD CVE-2024-42144 at SUSE CVE-2024-42144 at NVD CVE-2024-42145 at SUSE CVE-2024-42145 at NVD CVE-2024-42147 at SUSE CVE-2024-42147 at NVD CVE-2024-42148 at SUSE CVE-2024-42148 at NVD CVE-2024-42152 at SUSE CVE-2024-42152 at NVD CVE-2024-42153 at SUSE CVE-2024-42153 at NVD CVE-2024-42155 at SUSE CVE-2024-42155 at NVD CVE-2024-42156 at SUSE CVE-2024-42156 at NVD CVE-2024-42157 at SUSE CVE-2024-42157 at NVD CVE-2024-42158 at SUSE CVE-2024-42158 at NVD CVE-2024-42159 at SUSE CVE-2024-42159 at NVD CVE-2024-42161 at SUSE CVE-2024-42161 at NVD CVE-2024-42162 at SUSE CVE-2024-42162 at NVD CVE-2024-42223 at SUSE CVE-2024-42223 at NVD CVE-2024-42224 at SUSE CVE-2024-42224 at NVD CVE-2024-42225 at SUSE CVE-2024-42225 at NVD CVE-2024-42226 at SUSE CVE-2024-42226 at NVD CVE-2024-42227 at SUSE CVE-2024-42227 at NVD CVE-2024-42228 at SUSE CVE-2024-42228 at NVD CVE-2024-42229 at SUSE CVE-2024-42229 at NVD CVE-2024-42230 at SUSE CVE-2024-42230 at NVD CVE-2024-42232 at SUSE CVE-2024-42232 at NVD CVE-2024-42236 at SUSE CVE-2024-42236 at NVD CVE-2024-42237 at SUSE CVE-2024-42237 at NVD CVE-2024-42238 at SUSE CVE-2024-42238 at NVD CVE-2024-42239 at SUSE CVE-2024-42239 at NVD CVE-2024-42240 at SUSE CVE-2024-42240 at NVD CVE-2024-42241 at SUSE CVE-2024-42241 at NVD CVE-2024-42244 at SUSE CVE-2024-42244 at NVD CVE-2024-42245 at SUSE CVE-2024-42245 at NVD CVE-2024-42246 at SUSE CVE-2024-42246 at NVD CVE-2024-42247 at SUSE CVE-2024-42247 at NVD CVE-2024-42250 at SUSE CVE-2024-42250 at NVD CVE-2024-42253 at SUSE CVE-2024-42253 at NVD CVE-2024-42259 at SUSE CVE-2024-42259 at NVD CVE-2024-42268 at SUSE CVE-2024-42268 at NVD CVE-2024-42269 at SUSE CVE-2024-42269 at NVD CVE-2024-42270 at SUSE CVE-2024-42270 at NVD CVE-2024-42271 at SUSE CVE-2024-42271 at NVD CVE-2024-42274 at SUSE CVE-2024-42274 at NVD CVE-2024-42276 at SUSE CVE-2024-42276 at NVD CVE-2024-42277 at SUSE CVE-2024-42277 at NVD CVE-2024-42278 at SUSE CVE-2024-42278 at NVD CVE-2024-42279 at SUSE CVE-2024-42279 at NVD CVE-2024-42280 at SUSE CVE-2024-42280 at NVD CVE-2024-42281 at SUSE CVE-2024-42281 at NVD CVE-2024-42283 at SUSE CVE-2024-42283 at NVD CVE-2024-42284 at SUSE CVE-2024-42284 at NVD CVE-2024-42285 at SUSE CVE-2024-42285 at NVD CVE-2024-42286 at SUSE CVE-2024-42286 at NVD CVE-2024-42287 at SUSE CVE-2024-42287 at NVD CVE-2024-42288 at SUSE CVE-2024-42288 at NVD CVE-2024-42289 at SUSE CVE-2024-42289 at NVD CVE-2024-42290 at SUSE CVE-2024-42290 at NVD CVE-2024-42291 at SUSE CVE-2024-42291 at NVD CVE-2024-42292 at SUSE CVE-2024-42292 at NVD CVE-2024-42295 at SUSE CVE-2024-42295 at NVD CVE-2024-42298 at SUSE CVE-2024-42298 at NVD CVE-2024-42301 at SUSE CVE-2024-42301 at NVD CVE-2024-42302 at SUSE CVE-2024-42302 at NVD CVE-2024-42303 at SUSE CVE-2024-42303 at NVD CVE-2024-42308 at SUSE CVE-2024-42308 at NVD CVE-2024-42309 at SUSE CVE-2024-42309 at NVD CVE-2024-42310 at SUSE CVE-2024-42310 at NVD CVE-2024-42311 at SUSE CVE-2024-42311 at NVD CVE-2024-42312 at SUSE CVE-2024-42312 at NVD CVE-2024-42313 at SUSE CVE-2024-42313 at NVD CVE-2024-42314 at SUSE CVE-2024-42314 at NVD CVE-2024-42315 at SUSE CVE-2024-42315 at NVD CVE-2024-42316 at SUSE CVE-2024-42316 at NVD CVE-2024-42318 at SUSE CVE-2024-42318 at NVD CVE-2024-42319 at SUSE CVE-2024-42319 at NVD CVE-2024-42320 at SUSE CVE-2024-42320 at NVD CVE-2024-42322 at SUSE CVE-2024-42322 at NVD CVE-2024-43816 at SUSE CVE-2024-43816 at NVD CVE-2024-43817 at SUSE CVE-2024-43817 at NVD CVE-2024-43818 at SUSE CVE-2024-43818 at NVD CVE-2024-43819 at SUSE CVE-2024-43819 at NVD CVE-2024-43821 at SUSE CVE-2024-43821 at NVD CVE-2024-43823 at SUSE CVE-2024-43823 at NVD CVE-2024-43824 at SUSE CVE-2024-43824 at NVD CVE-2024-43825 at SUSE CVE-2024-43825 at NVD CVE-2024-43826 at SUSE CVE-2024-43826 at NVD CVE-2024-43829 at SUSE CVE-2024-43829 at NVD CVE-2024-43830 at SUSE CVE-2024-43830 at NVD CVE-2024-43831 at SUSE CVE-2024-43831 at NVD CVE-2024-43833 at SUSE CVE-2024-43833 at NVD CVE-2024-43834 at SUSE CVE-2024-43834 at NVD CVE-2024-43837 at SUSE CVE-2024-43837 at NVD CVE-2024-43839 at SUSE CVE-2024-43839 at NVD CVE-2024-43840 at SUSE CVE-2024-43840 at NVD CVE-2024-43841 at SUSE CVE-2024-43841 at NVD CVE-2024-43842 at SUSE CVE-2024-43842 at NVD CVE-2024-43846 at SUSE CVE-2024-43846 at NVD CVE-2024-43847 at SUSE CVE-2024-43847 at NVD CVE-2024-43849 at SUSE CVE-2024-43849 at NVD CVE-2024-43850 at SUSE CVE-2024-43850 at NVD CVE-2024-43851 at SUSE CVE-2024-43851 at NVD CVE-2024-43853 at SUSE CVE-2024-43853 at NVD CVE-2024-43854 at SUSE CVE-2024-43854 at NVD CVE-2024-43855 at SUSE CVE-2024-43855 at NVD CVE-2024-43856 at SUSE CVE-2024-43856 at NVD CVE-2024-43858 at SUSE CVE-2024-43858 at NVD CVE-2024-43860 at SUSE CVE-2024-43860 at NVD CVE-2024-43861 at SUSE CVE-2024-43861 at NVD CVE-2024-43863 at SUSE CVE-2024-43863 at NVD CVE-2024-43864 at SUSE CVE-2024-43864 at NVD CVE-2024-43866 at SUSE CVE-2024-43866 at NVD CVE-2024-43867 at SUSE CVE-2024-43867 at NVD CVE-2024-43871 at SUSE CVE-2024-43871 at NVD CVE-2024-43872 at SUSE CVE-2024-43872 at NVD CVE-2024-43873 at SUSE CVE-2024-43873 at NVD CVE-2024-43874 at SUSE CVE-2024-43874 at NVD CVE-2024-43875 at SUSE CVE-2024-43875 at NVD CVE-2024-43876 at SUSE CVE-2024-43876 at NVD CVE-2024-43877 at SUSE CVE-2024-43877 at NVD CVE-2024-43879 at SUSE CVE-2024-43879 at NVD CVE-2024-43880 at SUSE CVE-2024-43880 at NVD CVE-2024-43881 at SUSE CVE-2024-43881 at NVD CVE-2024-43882 at SUSE CVE-2024-43882 at NVD CVE-2024-43883 at SUSE CVE-2024-43883 at NVD CVE-2024-43884 at SUSE CVE-2024-43884 at NVD CVE-2024-43885 at SUSE CVE-2024-43885 at NVD CVE-2024-43889 at SUSE CVE-2024-43889 at NVD CVE-2024-43892 at SUSE CVE-2024-43892 at NVD CVE-2024-43893 at SUSE CVE-2024-43893 at NVD CVE-2024-43894 at SUSE CVE-2024-43894 at NVD CVE-2024-43895 at SUSE CVE-2024-43895 at NVD CVE-2024-43897 at SUSE CVE-2024-43897 at NVD CVE-2024-43899 at SUSE CVE-2024-43899 at NVD CVE-2024-43900 at SUSE CVE-2024-43900 at NVD CVE-2024-43902 at SUSE CVE-2024-43902 at NVD CVE-2024-43903 at SUSE CVE-2024-43903 at NVD CVE-2024-43905 at SUSE CVE-2024-43905 at NVD CVE-2024-43906 at SUSE CVE-2024-43906 at NVD CVE-2024-43907 at SUSE CVE-2024-43907 at NVD CVE-2024-43908 at SUSE CVE-2024-43908 at NVD CVE-2024-43909 at SUSE CVE-2024-43909 at NVD CVE-2024-43911 at SUSE CVE-2024-43911 at NVD CVE-2024-43912 at SUSE CVE-2024-43912 at NVD CVE-2024-44931 at SUSE CVE-2024-44931 at NVD CVE-2024-44938 at SUSE CVE-2024-44938 at NVD CVE-2024-44939 at SUSE CVE-2024-44939 at NVD cpe:/o:opensuse:leap:15.6 Security update for rage-encryption (Moderate) openSUSE Leap 15.6 This update for rage-encryption fixes the following issues: - Update to version 0.10.0 - CVE-2024-43806: Fixed rustix::fs::Dir iterator with the linux_raw backend that can cause memory exhaustion. (bsc#1229959) Moderate SUSE bug 1229959 CVE-2024-43806 at SUSE CVE-2024-43806 at NVD cpe:/o:opensuse:leap:15.6 Security update for python39 (Important) openSUSE Leap 15.6 This update for python39 fixes the following issues: - Update to 3.9.20: - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) - CVE-2024-7592: quadratic algorithm used when parsing cookies leads to excessive resource consumption. (bsc#1229596) - CVE-2024-8088: lack of name validation when extracting a zip archive leads to infinite loops. (bsc#1229704) Important SUSE bug 1229596 SUSE bug 1229704 SUSE bug 1230227 CVE-2024-6232 at SUSE CVE-2024-6232 at NVD CVE-2024-7592 at SUSE CVE-2024-7592 at NVD CVE-2024-8088 at SUSE CVE-2024-8088 at NVD cpe:/o:opensuse:leap:15.6 Security update for xen (Moderate) openSUSE Leap 15.6 This update for xen fixes the following issues: - CVE-2024-45817: Fixed a deadlock in vlapic_error. (bsc#1230366, XSA-462) Moderate SUSE bug 1230366 CVE-2024-45817 at SUSE CVE-2024-45817 at NVD cpe:/o:opensuse:leap:15.6 Security update for python311 (Important) openSUSE Leap 15.6 This update for python311 fixes the following issues: Update python311 to version 3.11.10. - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) - CVE-2024-7592: quadratic algorithm used when parsing cookies leads to excessive resource consumption. (bsc#1229596) - CVE-2024-8088: lack of name validation when extracting a zip archive leads to infinite loops. (bsc#1229704) Important SUSE bug 1229596 SUSE bug 1229704 SUSE bug 1230227 CVE-2024-6232 at SUSE CVE-2024-6232 at NVD CVE-2024-7592 at SUSE CVE-2024-7592 at NVD CVE-2024-8088 at SUSE CVE-2024-8088 at NVD cpe:/o:opensuse:leap:15.6 Security update for apr (Moderate) openSUSE Leap 15.6 This update for apr fixes the following issues: - CVE-2023-49582: Fixed an unexpected lax shared memory permissions. (bsc#1229783) Moderate SUSE bug 1229783 CVE-2023-49582 at SUSE CVE-2023-49582 at NVD cpe:/o:opensuse:leap:15.6 Security update for opensc (Low) openSUSE Leap 15.6 This update for opensc fixes the following issues: - CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init. (bsc#1230076) - CVE-2024-45619: Incorrect handling length of buffers or files in libopensc. (bsc#1230075) - CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init. (bsc#1230074) - CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc. (bsc#1230073) - CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc. (bsc#1230072) - CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init. (bsc#1230071) - CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key. (bsc#1230364) Low SUSE bug 1217722 SUSE bug 1230071 SUSE bug 1230072 SUSE bug 1230073 SUSE bug 1230074 SUSE bug 1230075 SUSE bug 1230076 SUSE bug 1230364 CVE-2024-45615 at SUSE CVE-2024-45615 at NVD CVE-2024-45616 at SUSE CVE-2024-45616 at NVD CVE-2024-45617 at SUSE CVE-2024-45617 at NVD CVE-2024-45618 at SUSE CVE-2024-45618 at NVD CVE-2024-45619 at SUSE CVE-2024-45619 at NVD CVE-2024-45620 at SUSE CVE-2024-45620 at NVD CVE-2024-8443 at SUSE CVE-2024-8443 at NVD cpe:/o:opensuse:leap:15.6 Security update for kubernetes1.24 (Important) openSUSE Leap 15.6 This update of kubernetes1.24 fixes the following issues: - rebuild the package with the current go 1.23 security release (bsc#1229122). Important SUSE bug 1229122 SUSE bug 1230252 SUSE bug 1230253 SUSE bug 1230254 CVE-2024-34155 at SUSE CVE-2024-34155 at NVD CVE-2024-34156 at SUSE CVE-2024-34156 at NVD CVE-2024-34158 at SUSE CVE-2024-34158 at NVD cpe:/o:opensuse:leap:15.6 Security update for kubernetes1.28 (Important) openSUSE Leap 15.6 This update of kubernetes1.28 fixes the following issues: - rebuild the package with the current go 1.23 security release (bsc#1229122). Important SUSE bug 1229122 SUSE bug 1230252 SUSE bug 1230253 SUSE bug 1230254 CVE-2024-34155 at SUSE CVE-2024-34155 at NVD CVE-2024-34156 at SUSE CVE-2024-34156 at NVD CVE-2024-34158 at SUSE CVE-2024-34158 at NVD cpe:/o:opensuse:leap:15.6 Security update for kubernetes1.27 (Important) openSUSE Leap 15.6 This update of kubernetes1.27 fixes the following issues: - rebuild the package with the current go 1.23 security release (bsc#1229122). Important SUSE bug 1229122 SUSE bug 1230252 SUSE bug 1230253 SUSE bug 1230254 CVE-2024-34155 at SUSE CVE-2024-34155 at NVD CVE-2024-34156 at SUSE CVE-2024-34156 at NVD CVE-2024-34158 at SUSE CVE-2024-34158 at NVD cpe:/o:opensuse:leap:15.6 Security update for kubernetes1.26 (Important) openSUSE Leap 15.6 This update of kubernetes1.26 fixes the following issues: - rebuild the package with the current go 1.23 security release (bsc#1229122). Important SUSE bug 1229122 SUSE bug 1230252 SUSE bug 1230253 SUSE bug 1230254 CVE-2024-34155 at SUSE CVE-2024-34155 at NVD CVE-2024-34156 at SUSE CVE-2024-34156 at NVD CVE-2024-34158 at SUSE CVE-2024-34158 at NVD cpe:/o:opensuse:leap:15.6 Security update for kubernetes1.25 (Important) openSUSE Leap 15.6 This update of kubernetes1.25 fixes the following issues: - rebuild the package with the current go 1.23 security release (bsc#1229122). Important SUSE bug 1229122 SUSE bug 1230252 SUSE bug 1230253 SUSE bug 1230254 CVE-2024-34155 at SUSE CVE-2024-34155 at NVD CVE-2024-34156 at SUSE CVE-2024-34156 at NVD CVE-2024-34158 at SUSE CVE-2024-34158 at NVD cpe:/o:opensuse:leap:15.6 Security update for python3 (Important) openSUSE Leap 15.6 This update for python3 fixes the following issues: - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780). - CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233). - CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596). - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) Bug fixes: - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999). - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). - Remove %suse_update_desktop_file macro as it is not useful any more. Important SUSE bug 1227233 SUSE bug 1227378 SUSE bug 1227999 SUSE bug 1228780 SUSE bug 1229596 SUSE bug 1230227 CVE-2024-5642 at SUSE CVE-2024-5642 at NVD CVE-2024-6232 at SUSE CVE-2024-6232 at NVD CVE-2024-6923 at SUSE CVE-2024-6923 at NVD CVE-2024-7592 at SUSE CVE-2024-7592 at NVD cpe:/o:opensuse:leap:15.6 Security update for quagga (Important) openSUSE Leap 15.6 This update for quagga fixes the following issues: - CVE-2017-15865: sensitive information disclosed when malformed BGP UPDATE packets are processed. (bsc#1230866) - CVE-2024-44070: crash when parsing Tunnel Encap attribute due to no length check. (bsc#1229438) - CVE-2022-37032: out-of-bounds read when parsing a BGP capability message due to incorrect size check. (bsc#1202023) Important SUSE bug 1202023 SUSE bug 1229438 SUSE bug 1230866 CVE-2017-15865 at SUSE CVE-2017-15865 at NVD CVE-2022-37032 at SUSE CVE-2022-37032 at NVD CVE-2024-44070 at SUSE CVE-2024-44070 at NVD cpe:/o:opensuse:leap:15.6 Security update for openssl-3 (Important) openSUSE Leap 15.6 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) Important SUSE bug 1230698 CVE-2024-41996 at SUSE CVE-2024-41996 at NVD cpe:/o:opensuse:leap:15.6 Security update for openvpn (Moderate) openSUSE Leap 15.6 This update for openvpn fixes the following issues: - CVE-2024-28882: Fix multiple exit notifications from authenticated clients will extend the validity of a closing session (bsc#1227546) Moderate SUSE bug 1227546 CVE-2024-28882 at SUSE CVE-2024-28882 at NVD cpe:/o:opensuse:leap:15.6 Security update for OpenIPMI (Moderate) openSUSE Leap 15.6 This update for OpenIPMI fixes the following issues: - CVE-2024-42934: crash or message authentication bypass on IPMI simulator due to missing bounds check. (bsc#1229910) Moderate SUSE bug 1229910 CVE-2024-42934 at SUSE CVE-2024-42934 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaThunderbird (Important) openSUSE Leap 15.6 This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 128.2.3 MFSA 2024-43 (bsc#1229821) * CVE-2024-8394: Crash when aborting verification of OTR chat. * CVE-2024-8385: WASM type confusion involving ArrayTypes. * CVE-2024-8381: Type confusion when looking up a property name in a 'with' block. * CVE-2024-8382: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran. * CVE-2024-8384: Garbage collection could mis-color cross-compartment objects in OOM conditions. * CVE-2024-8386: SelectElements could be shown over another site if popups are allowed. * CVE-2024-8387: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. MFSA 2024-37 (bsc#1228648) * CVE-2024-7518: Fullscreen notification dialog can be obscured by document content. * CVE-2024-7519: Out of bounds memory access in graphics shared memory handling. * CVE-2024-7520: Type confusion in WebAssembly. * CVE-2024-7521: Incomplete WebAssembly exception handing. * CVE-2024-7522: Out of bounds read in editor component. * CVE-2024-7525: Missing permission check when creating a StreamFilter. * CVE-2024-7526: Uninitialized memory used by WebGL. * CVE-2024-7527: Use-after-free in JavaScript garbage collection. * CVE-2024-7528: Use-after-free in IndexedDB. * CVE-2024-7529: Document content could partially obscure security prompts. MFSA 2024-32 (bsc#1226316) * CVE-2024-6606: Out-of-bounds read in clipboard component. * CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented. * CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock. * CVE-2024-6609: Memory corruption in NSS. * CVE-2024-6610: Form validation popups could block exiting full-screen mode. * CVE-2024-6600: Memory corruption in WebGL API. * CVE-2024-6601: Race condition in permission assignment. * CVE-2024-6602: Memory corruption in NSS. * CVE-2024-6603: Memory corruption in thread creation. * CVE-2024-6611: Incorrect handling of SameSite cookies. * CVE-2024-6612: CSP violation leakage when using devtools. * CVE-2024-6613: Incorrect listing of stack frames. * CVE-2024-6614: Incorrect listing of stack frames. * CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, Thunderbird 128, and Thunderbird 115.13. * CVE-2024-6615: Memory safety bugs fixed in Firefox 128 and Thunderbird 128. Bug fixes: - Recommend libfido2-udev in order to try to get security keys (e.g. Yubikeys) working out of the box. (bsc#1184272) Important SUSE bug 1184272 SUSE bug 1226316 SUSE bug 1228648 SUSE bug 1229821 CVE-2024-6600 at SUSE CVE-2024-6600 at NVD CVE-2024-6601 at SUSE CVE-2024-6601 at NVD CVE-2024-6602 at SUSE CVE-2024-6602 at NVD CVE-2024-6603 at SUSE CVE-2024-6603 at NVD CVE-2024-6604 at SUSE CVE-2024-6604 at NVD CVE-2024-6606 at SUSE CVE-2024-6606 at NVD CVE-2024-6607 at SUSE CVE-2024-6607 at NVD CVE-2024-6608 at SUSE CVE-2024-6608 at NVD CVE-2024-6609 at SUSE CVE-2024-6609 at NVD CVE-2024-6610 at SUSE CVE-2024-6610 at NVD CVE-2024-6611 at SUSE CVE-2024-6611 at NVD CVE-2024-6612 at SUSE CVE-2024-6612 at NVD CVE-2024-6613 at SUSE CVE-2024-6613 at NVD CVE-2024-6614 at SUSE CVE-2024-6614 at NVD CVE-2024-6615 at SUSE CVE-2024-6615 at NVD CVE-2024-7518 at SUSE CVE-2024-7518 at NVD CVE-2024-7519 at SUSE CVE-2024-7519 at NVD CVE-2024-7520 at SUSE CVE-2024-7520 at NVD CVE-2024-7521 at SUSE CVE-2024-7521 at NVD CVE-2024-7522 at SUSE CVE-2024-7522 at NVD CVE-2024-7525 at SUSE CVE-2024-7525 at NVD CVE-2024-7526 at SUSE CVE-2024-7526 at NVD CVE-2024-7527 at SUSE CVE-2024-7527 at NVD CVE-2024-7528 at SUSE CVE-2024-7528 at NVD CVE-2024-7529 at SUSE CVE-2024-7529 at NVD CVE-2024-8381 at SUSE CVE-2024-8381 at NVD CVE-2024-8382 at SUSE CVE-2024-8382 at NVD CVE-2024-8384 at SUSE CVE-2024-8384 at NVD CVE-2024-8385 at SUSE CVE-2024-8385 at NVD CVE-2024-8386 at SUSE CVE-2024-8386 at NVD CVE-2024-8387 at SUSE CVE-2024-8387 at NVD CVE-2024-8394 at SUSE CVE-2024-8394 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaFirefox (Important) openSUSE Leap 15.6 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 128.3.0 ESR (MFSA-2024-47, bsc#1230979): - CVE-2024-8900: Clipboard write permission bypass - CVE-2024-9392: Compromised content process can bypass site isolation - CVE-2024-9393: Cross-origin access to PDF contents through multipart responses - CVE-2024-9394: Cross-origin access to JSON contents through multipart responses - CVE-2024-9396: Potential memory corruption may occur when cloning certain objects - CVE-2024-9397: Potential directory upload bypass via clickjacking - CVE-2024-9398: External protocol handlers could be enumerated via popups - CVE-2024-9399: Specially crafted WebTransport requests could lead to denial of service - CVE-2024-9400: Potential memory corruption during JIT compilation - CVE-2024-9401: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 - CVE-2024-9402: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 Important SUSE bug 1230979 CVE-2024-8900 at SUSE CVE-2024-8900 at NVD CVE-2024-9392 at SUSE CVE-2024-9392 at NVD CVE-2024-9393 at SUSE CVE-2024-9393 at NVD CVE-2024-9394 at SUSE CVE-2024-9394 at NVD CVE-2024-9396 at SUSE CVE-2024-9396 at NVD CVE-2024-9397 at SUSE CVE-2024-9397 at NVD CVE-2024-9398 at SUSE CVE-2024-9398 at NVD CVE-2024-9399 at SUSE CVE-2024-9399 at NVD CVE-2024-9400 at SUSE CVE-2024-9400 at NVD CVE-2024-9401 at SUSE CVE-2024-9401 at NVD CVE-2024-9402 at SUSE CVE-2024-9402 at NVD cpe:/o:opensuse:leap:15.6 Security update for cups-filters (Critical) openSUSE Leap 15.6 This update for cups-filters fixes the following issues: - cups-browsed would bind on UDP INADDR_ANY:631 and trust any packet from any source to trigger a Get-Printer-Attributes IPP request to an attacker controlled URL. This patch removes support for the legacy CUPS and LDAP protocols(bsc#1230939, CVE-2024-47176) Critical SUSE bug 1230939 CVE-2024-47176 at SUSE CVE-2024-47176 at NVD cpe:/o:opensuse:leap:15.6 Security update for pcp (Important) openSUSE Leap 15.6 This update for pcp fixes the following issues: pcp was updated from version 5.3.7 to version 6.2.0 (jsc#PED-8192, jsc#PED-8389): - Security issues fixed: * CVE-2024-45770: Fixed a symlink attack that allows escalating from the pcp to the root user (bsc#1230552) * CVE-2024-45769: Fixed a heap corruption through metric pmstore operations (bsc#1230551) * CVE-2023-6917: Fixed local privilege escalation from pcp user to root in /usr/libexec/pcp/lib/pmproxy (bsc#1217826) * CVE-2024-3019: Disabled redis proxy by default (bsc#1222121) - Major changes: * Add version 3 PCP archive support: instance domain change-deltas, Y2038-safe timestamps, nanosecond-precision timestamps, arbitrary timezones support, 64-bit file offsets used throughout for larger (beyond 2GB) individual volumes. + Opt-in using the /etc/pcp.conf PCP_ARCHIVE_VERSION setting + Version 2 archives remain the default (for next few years). * Switch to using OpenSSL only throughout PCP (dropped NSS/NSPR); this impacts on libpcp, PMAPI clients and PMCD use of encryption; these are now configured and used consistently with pmproxy HTTPS support and redis-server, which were both already using OpenSSL. * New nanosecond precision timestamp PMAPI calls for PCP library interfaces that make use of timestamps. These are all optional, and full backward compatibility is preserved for existing tools. * For the full list of changes please consult the packaged CHANGELOG file - Other packaging changes: * Moved pmlogger_daily into main package (bsc#1222815) * Change dependency from openssl-devel >= 1.1.1 to openssl-devel >= 1.0.2p. Required for SLE-12. * Introduce 'pmda-resctrl' package, disabled for architectures other than x86_64. * Change the architecture for various subpackages to 'noarch' as they contain no binaries. * Disable 'pmda-mssql', as it fails to build. Important SUSE bug 1217826 SUSE bug 1222121 SUSE bug 1222815 SUSE bug 1230551 SUSE bug 1230552 CVE-2023-6917 at SUSE CVE-2023-6917 at NVD CVE-2024-3019 at SUSE CVE-2024-3019 at NVD CVE-2024-45769 at SUSE CVE-2024-45769 at NVD CVE-2024-45770 at SUSE CVE-2024-45770 at NVD cpe:/o:opensuse:leap:15.6 Security update for redis (Important) openSUSE Leap 15.6 This update for redis fixes the following issues: - CVE-2024-31227: Fixed parsing issue leading to denail of service (bsc#1231266) - CVE-2024-31228: Fixed unbounded recursive pattern matching (bsc#1231265) - CVE-2024-31449: Fixed integer overflow bug in Lua bit_tohex (bsc#1231264) Important SUSE bug 1231264 SUSE bug 1231265 SUSE bug 1231266 CVE-2024-31227 at SUSE CVE-2024-31227 at NVD CVE-2024-31228 at SUSE CVE-2024-31228 at NVD CVE-2024-31449 at SUSE CVE-2024-31449 at NVD cpe:/o:opensuse:leap:15.6 Security update for redis7 (Important) openSUSE Leap 15.6 This update for redis7 fixes the following issues: - CVE-2024-31227: Fixed parsing issue leading to denail of service (bsc#1231266) - CVE-2024-31228: Fixed unbounded recursive pattern matching (bsc#1231265) - CVE-2024-31449: Fixed integer overflow bug in Lua bit_tohex (bsc#1231264) Important SUSE bug 1231264 SUSE bug 1231265 SUSE bug 1231266 CVE-2024-31227 at SUSE CVE-2024-31227 at NVD CVE-2024-31228 at SUSE CVE-2024-31228 at NVD CVE-2024-31449 at SUSE CVE-2024-31449 at NVD cpe:/o:opensuse:leap:15.6 Security update for mozjs115 (Moderate) openSUSE Leap 15.6 This update for mozjs115 fixes the following issues: - CVE-2024-45490: Fixed negative len for XML_ParseBuffer in embedded expat (bnc#1230036) - CVE-2024-45491: Fixed integer overflow in dtdCopy in embedded expat (bnc#1230037) - CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart in embedded expat (bnc#1230038) Moderate SUSE bug 1230036 SUSE bug 1230037 SUSE bug 1230038 CVE-2024-45490 at SUSE CVE-2024-45490 at NVD CVE-2024-45491 at SUSE CVE-2024-45491 at NVD CVE-2024-45492 at SUSE CVE-2024-45492 at NVD cpe:/o:opensuse:leap:15.6 Security update for Mesa (Moderate) openSUSE Leap 15.6 This update for Mesa fixes the following issues: - CVE-2023-45913: Fixed NULL pointer dereference via dri2GetGlxDrawableFromXDrawableId() (bsc#1222040) - CVE-2023-45919: Fixed buffer over-read in glXQueryServerString() (bsc#1222041) - CVE-2023-45922: Fixed segmentation violation in __glXGetDrawableAttribute() (bsc#1222042) Moderate SUSE bug 1222040 SUSE bug 1222041 SUSE bug 1222042 CVE-2023-45913 at SUSE CVE-2023-45913 at NVD CVE-2023-45919 at SUSE CVE-2023-45919 at NVD CVE-2023-45922 at SUSE CVE-2023-45922 at NVD cpe:/o:opensuse:leap:15.6 Security update for json-lib (Moderate) openSUSE Leap 15.6 This update for json-lib fixes the following issues: - CVE-2024-47855: Fixed mishandled unbalanced comment string (bsc#1231295) Moderate SUSE bug 1231295 CVE-2024-47855 at SUSE CVE-2024-47855 at NVD cpe:/o:opensuse:leap:15.6 Security update for buildah (Moderate) openSUSE Leap 15.6 This update for buildah fixes the following issues: - CVE-2024-9407: Fixed Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction (bsc#1231208). - CVE-2024-9341: Fixed FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library in cri-o (nsc#1231230). Moderate SUSE bug 1231208 SUSE bug 1231230 CVE-2024-9341 at SUSE CVE-2024-9341 at NVD CVE-2024-9407 at SUSE CVE-2024-9407 at NVD cpe:/o:opensuse:leap:15.6 Security update for podman (Moderate) openSUSE Leap 15.6 This update for podman fixes the following issues: - CVE-2024-9341: Fixed FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library (bsc#1231230) Moderate SUSE bug 1231230 CVE-2024-6104 at SUSE CVE-2024-6104 at NVD CVE-2024-9341 at SUSE CVE-2024-9341 at NVD cpe:/o:opensuse:leap:15.6 Security update for podofo (Moderate) openSUSE Leap 15.6 This update for podofo fixes the following issues: - CVE-2015-8981: Fixed heap overflow in the function ReadXRefSubsection (bsc#1023190) - CVE-2017-6840: Fixed invalid memory read in ColorChanger::GetColorFromStack (colorchanger.cpp) (bsc#1027787) - CVE-2017-6841: Fixed NULL pointer dereference in GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement (graphicsstack.h) (bsc#1027786) - CVE-2017-6842: Fixed NULL pointer dereference in ColorChanger::GetColorFromStack (colorchanger.cpp) (bsc#1027785) - CVE-2017-6845: Fixed NULL pointer dereference in GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace (graphicsstack.h) (bsc#1027779) - CVE-2017-6849: Fixed NULL pointer dereference in PoDoFo::PdfColorGray::~PdfColorGray (PdfColor.cpp) (bsc#1027776) - CVE-2017-8378: Fixed denial of service (application crash) vectors related to m_offsets.size (PdfParser::ReadObjects func in base/PdfParser.cpp) (bsc#1037000) - Fixed NULL pointer dereference in PdfInfo::GuessFormat (pdfinfo.cpp) (bsc#1023072) Moderate SUSE bug 1023072 SUSE bug 1023190 SUSE bug 1027776 SUSE bug 1027779 SUSE bug 1027785 SUSE bug 1027786 SUSE bug 1027787 SUSE bug 1037000 SUSE bug 1075322 SUSE bug 1084894 CVE-2015-8981 at SUSE CVE-2015-8981 at NVD CVE-2017-6840 at SUSE CVE-2017-6840 at NVD CVE-2017-6841 at SUSE CVE-2017-6841 at NVD CVE-2017-6842 at SUSE CVE-2017-6842 at NVD CVE-2017-6845 at SUSE CVE-2017-6845 at NVD CVE-2017-6849 at SUSE CVE-2017-6849 at NVD CVE-2017-8378 at SUSE CVE-2017-8378 at NVD CVE-2018-5309 at SUSE CVE-2018-5309 at NVD CVE-2018-8001 at SUSE CVE-2018-8001 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52610: net/sched: act_ct: fix skb leak and crash on ooo frags (bsc#1221610). - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487). - CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269). - CVE-2024-26640: tcp: add sanity checks to rx zerocopy (bsc#1221650). - CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340). - CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629). - CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606). - CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846). - CVE-2024-40965: i2c: lpi2c: Avoid calling clk_get_rate during transfer (bsc#1227885). - CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890). - CVE-2024-40983: tipc: force a dst refcount before doing decryption (bsc#1227819). - CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507). - CVE-2024-42243: mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray (bsc#1229001). - CVE-2024-42252: closures: Change BUG_ON() to WARN_ON() (bsc#1229004). - CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334). - CVE-2024-42294: block: fix deadlock between sd_remove & sd_release (bsc#1229371). - CVE-2024-42304: ext4: make sure the first directory block is not a hole (bsc#1229364). - CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363). - CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362). - CVE-2024-43828: ext4: fix infinite loop when replaying fast_commit (bsc#1229394). - CVE-2024-43832: s390/uv: Do not call folio_wait_writeback() without a folio reference (bsc#1229380). - CVE-2024-43845: udf: Fix bogus checksum computation in udf_rename() (bsc#1229389). - CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764). - CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753). - CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790). - CVE-2024-44935: sctp: Fix null-ptr-deref in reuseport_add_sock() (bsc#1229810). - CVE-2024-44944: netfilter: ctnetlink: use helper function to calculate expect ID (bsc#1229899). - CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). - CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180). - CVE-2024-44951: serial: sc16is7xx: fix TX fifo corruption (bsc#1230181). - CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (bsc#1230209). - CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1230211). - CVE-2024-44984: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT (bsc#1230240). - CVE-2024-44985: ipv6: prevent possible UAF in ip6_xmit() (bsc#1230206). - CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185). - CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192). - CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference (bsc#1230193). - CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok (bsc#1230194). - CVE-2024-44991: tcp: prevent concurrent execution of tcp_sk_exit_batch (bsc#1230195). - CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171). - CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233). - CVE-2024-45002: rtla/osnoise: Prevent NULL dereference in error handling (bsc#1230169). - CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245). - CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442). - CVE-2024-45017: net/mlx5: Fix IPsec RoCE MPV trace call (bsc#1230430). - CVE-2024-45018: netfilter: flowtable: initialise extack before use (bsc#1230431). - CVE-2024-45019: net/mlx5e: Take state lock during tx timeout reporter (bsc#1230432). - CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434). - CVE-2024-45022: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0 (bsc#1230435). - CVE-2024-45023: md/raid1: Fix data corruption for degraded array with slow disk (bsc#1230455). - CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe (bsc#1230451). - CVE-2024-45030: igb: cope with large MAX_SKB_FRAGS (bsc#1230457). - CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506). - CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549). - CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556). - CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517). - CVE-2024-46687: btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk() (bsc#1230518). - CVE-2024-46691: usb: typec: ucsi: Move unregister out of atomic section (bsc#1230526). - CVE-2024-46692: firmware: qcom: scm: Mark get_wq_ctx() as atomic call (bsc#1230520). - CVE-2024-46693: kABI workaround for soc-qcom pmic_glink changes (bsc#1230521). - CVE-2024-46710: drm/vmwgfx: Prevent unmapping active read buffers (bsc#1230540). - CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719). - CVE-2024-46729: drm/amd/display: Fix incorrect size calculation for loop (bsc#1230704). - CVE-2024-46735: ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() (bsc#1230727). - CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756). - CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info() (bsc#1230786). - CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794). - CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796). - CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used (bsc#1230772). - CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810). - CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815). - CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825). - CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120). The following non-security bugs were fixed: - ABI: testing: fix admv8818 attr description (git-fixes). - ACPI: CPPC: Add helper to get the highest performance value (stable-fixes). - ACPI: CPPC: Fix MASK_VAL() usage (git-fixes). - ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() (git-fixes). - ACPI: processor: Fix memory leaks in error paths of processor_add() (stable-fixes). - ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (stable-fixes). - ACPI: sysfs: validate return type of _STR method (git-fixes). - ACPICA: Implement ACPI_WARNING_ONCE and ACPI_ERROR_ONCE (stable-fixes). - ACPICA: executer/exsystem: Do not nag user about every Stall() violating the spec (git-fixes). - ALSA: control: Apply sanity check of input values for user elements (stable-fixes). - ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (stable-fixes). - ALSA: hda/realtek - Fix inactive headset mic jack for ASUS Vivobook 15 X1504VAP (stable-fixes). - ALSA: hda/realtek: Enable Mute Led for HP Victus 15-fb1xxx (stable-fixes). - ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx (stable-fixes). - ALSA: hda/realtek: add patch for internal mic in Lenovo V145 (stable-fixes). - ALSA: hda/realtek: extend quirks for Clevo V5[46]0 (stable-fixes). - ALSA: hda: Add input value sanity checks to HDMI channel map controls (stable-fixes). - ALSA: hda: add HDMI codec ID for Intel PTL (stable-fixes). - ALSA: hda: cs35l41: fix module autoloading (git-fixes). - ARM: 9406/1: Fix callchain_trace() return value (git-fixes). - ASoC: Intel: soc-acpi-cht: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes). - ASoC: amd: yc: Add a quirk for MSI Bravo 17 (D7VEK) (stable-fixes). - ASoC: codecs: avoid possible garbage value in peb2466_reg_read() (git-fixes). - ASoC: cs42l42: Convert comma to semicolon (git-fixes). - ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (git-fixes). - ASoC: intel: fix module autoloading (stable-fixes). - ASoC: meson: Remove unused declartion in header file (git-fixes). - ASoC: meson: axg-card: fix 'use-after-free' (git-fixes). - ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error (git-fixes). - ASoC: rt5682s: Return devm_of_clk_add_hw_provider to transfer the error (git-fixes). - ASoC: soc-ac97: Fix the incorrect description (git-fixes). - ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode (git-fixes). - ASoC: tas2781-i2c: Get the right GPIO line (git-fixes). - ASoC: tda7419: fix module autoloading (stable-fixes). - ASoC: tegra: Fix CBB error during probe() (git-fixes). - ASoC: topology: Properly initialize soc_enum values (stable-fixes). - ASoc: SOF: topology: Clear SOF link platform name upon unload (git-fixes). - ASoc: TAS2781: replace beXX_to_cpup with get_unaligned_beXX for potentially broken alignment (stable-fixes). - Bluetooth: MGMT: Ignore keys being loaded with invalid type (git-fixes). - Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush() (stable-fixes). - Bluetooth: btusb: Fix not handling ZPL/short-transfer (git-fixes). - Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED (git-fixes). - Bluetooth: hci_event: Use HCI error defines instead of magic values (stable-fixes). - Bluetooth: hci_sync: Add helper functions to manipulate cmd_sync queue (stable-fixes). - Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL (git-fixes). - Detect memory allocation failure in annotated_source__alloc_histograms (bsc#1227962). - Documentation: ioctl: document 0x07 ioctl code (git-fixes). - Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (git-fixes). - Drivers: hv: vmbus: Fix the misplaced function description (git-fixes). - Drop soundwire patch that caused a regression (bsc#1230350) - HID: amd_sfh: free driver_data after destroying hid device (stable-fixes). - HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (stable-fixes). - HID: multitouch: Add support for GT7868Q (stable-fixes). - HID: wacom: Do not warn about dropped packets for first packet (git-fixes). - HID: wacom: Support sequence numbers smaller than 16-bit (git-fixes). - IB/core: Fix ib_cache_setup_one error flow cleanup (git-fixes) - Input: adp5588-keys - fix check on return code (git-fixes). - Input: ads7846 - ratelimit the spi_sync error message (stable-fixes). - Input: ili210x - use kvmalloc() to allocate buffer for firmware update (stable-fixes). - Input: ilitek_ts_i2c - avoid wrong input subsystem sync (git-fixes). - Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - Input: synaptics - enable SMBus for HP Elitebook 840 G2 (stable-fixes). - Input: tsc2004/5 - do not hard code interrupt trigger (git-fixes). - Input: tsc2004/5 - fix reset handling on probe (git-fixes). - Input: tsc2004/5 - use device core to create driver-specific device attributes (git-fixes). - Input: uinput - reject requests with unreasonable number of slots (stable-fixes). - KEYS: prevent NULL pointer dereference in find_asymmetric_key() (git-fixes). - KVM: SVM: Do not advertise Bus Lock Detect to guest if SVM support is missing (git-fixes). - KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE (git-fixes). - KVM: arm64: Block unsafe FF-A calls from the host (git-fixes). - KVM: arm64: Disallow copying MTE to guest memory while KVM is dirty logging (git-fixes). - KVM: arm64: Do not pass a TLBI level hint when zapping table entries (git-fixes). - KVM: arm64: Do not re-initialize the KVM lock (git-fixes). - KVM: arm64: Invalidate EL1&0 TLB entries for all VMIDs in nvhe hyp init (git-fixes). - KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 (git-fixes). - KVM: arm64: Release pfn, i.e. put page, if copying MTE tags hits ZONE_DEVICE (git-fixes). - KVM: arm64: nvhe: Ignore SVE hint in SMCCC function ID (git-fixes). - KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() (git-fixes). - KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS (git-fixes). - Move fixes into sorted section (bsc#1230119) - Move s390 kabi patch into the kabi section - NFS: never reuse a NFSv4.0 lock-owner (bsc#1227726). - NFSD: Fix frame size warning in svc_export_parse() (git-fixes). - NFSD: Rewrite synopsis of nfsd_percpu_counters_init() (git-fixes). - NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (git-fixes). - PCI: Add missing bridge lock to pci_bus_lock() (stable-fixes). - PCI: Wait for Link before restoring Downstream Buses (git-fixes). - PCI: al: Check IORESOURCE_BUS existence during probe (stable-fixes). - PCI: dra7xx: Fix error handling when IRQ request fails in probe (git-fixes). - PCI: dra7xx: Fix threaded IRQ request for 'dra7xx-pcie-main' IRQ (git-fixes). - PCI: dwc: Expose dw_pcie_ep_exit() to module (git-fixes). - PCI: imx6: Fix missing call to phy_power_off() in error handling (git-fixes). - PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (stable-fixes). - PCI: keystone: Fix if-statement expression in ks_pcie_quirk() (git-fixes). - PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port() (git-fixes). - PCI: qcom-ep: Enable controller resources like PHY only after refclk is available (git-fixes). - PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes). - PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes). - PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666). - RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes) - RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes) - RDMA/efa: Properly handle unexpected AQ completions (git-fixes) - RDMA/erdma: Return QP state in erdma_query_qp (git-fixes) - RDMA/hns: Do not modify rq next block addr in HIP09 QPC (git-fixes) - RDMA/hns: Fix 1bit-ECC recovery address in non-4K OS (git-fixes) - RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08 (git-fixes) - RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (git-fixes) - RDMA/hns: Fix ah error counter in sw stat not increasing (git-fixes) - RDMA/hns: Fix restricted __le16 degrades to integer issue (git-fixes) - RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (git-fixes) - RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (git-fixes) - RDMA/hns: Optimize hem allocation performance (git-fixes) - RDMA/irdma: fix error message in irdma_modify_qp_roce() (git-fixes) - RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git-fixes) - RDMA/mlx5: Drop redundant work canceling from clean_keys() (git-fixes) - RDMA/mlx5: Fix MR cache temp entries cleanup (git-fixes) - RDMA/mlx5: Fix counter update on MR cache mkey creation (git-fixes) - RDMA/mlx5: Limit usage of over-sized mkeys from the MR cache (git-fixes) - RDMA/mlx5: Obtain upper net device only when needed (git-fixes) - RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (git-fixes) - RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (git-fixes) - Restore dropped fields for bluetooth MGMT/SMP structs (git-fixes). - Revert 'Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE' (git-fixes). - Revert 'PCI: Extend ACS configurability (bsc#1228090).' (bsc#1229019) - Revert 'drm/amdgpu: align pp_power_profile_mode with kernel docs' (stable-fixes). - Revert 'media: tuners: fix error return code of hybrid_tuner_request_state()' (git-fixes). - Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' (bsc#1230413) - Revert 'mm/sparsemem: fix race in accessing memory_section->usage' (bsc#1230413) - Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' (bsc#1230413) - Split kabi part of dm_blk_ioctl-implement-path-failover-for-SG_IO.patch - Squashfs: sanity check symbolic link size (git-fixes). - USB: class: CDC-ACM: fix race between get_serial and set_serial (git-fixes). - USB: serial: kobil_sct: restore initial terminal settings (git-fixes). - USB: serial: option: add MeiG Smart SRM825L (git-fixes). - USB: serial: option: add MeiG Smart SRM825L (stable-fixes). - USB: serial: pl2303: add device id for Macrosilicon MS3020 (stable-fixes). - USB: usbtmc: prevent kernel-usb-infoleak (git-fixes). - VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (git-fixes). - afs: Do not cross .backup mountpoint from backup volume (git-fixes). - afs: Revert 'afs: Hide silly-rename files from userspace' (git-fixes). - arm64/mm: Modify range-based tlbi to decrement scale (bsc#1229585) - arm64/mm: Update tlb invalidation routines for FEAT_LPA2 (bsc#1229585) - arm64: acpi: Move get_cpu_for_acpi_id() to a header (git-fixes). - arm64: dts: allwinner: h616: Add r_i2c pinctrl nodes (git-fixes). - arm64: dts: exynos: exynos7885-jackpotlte: Correct RAM amount to 4GB (git-fixes). - arm64: dts: imx8-ss-dma: Fix adc0 closing brace location (git-fixes). - arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity (git-fixes). - arm64: dts: rockchip: Correct vendor prefix for Hardkernel ODROID-M1 (git-fixes). - arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency (git-fixes). - arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E (git-fixes). - arm64: dts: rockchip: fix eMMC/SPI corruption when audio has been used on RK3399 Puma (git-fixes). - arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma (git-fixes). - arm64: signal: Fix some under-bracketed UAPI macros (git-fixes). - arm64: tlb: Allow range operation for MAX_TLBI_RANGE_PAGES (bsc#1229585) - arm64: tlb: Fix TLBI RANGE operand (bsc#1229585) - arm64: tlb: Improve __TLBI_VADDR_RANGE() (bsc#1229585) - ata: libata-scsi: Fix ata_msense_control() CDL page reporting (git-fixes). - ata: libata: Clear DID_TIME_OUT for ATA PT commands with sense data (git-fixes). - ata: libata: Fix memory leak for error path in ata_host_alloc() (git-fixes). - ata: pata_macio: Use WARN instead of BUG (stable-fixes). - blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600). - blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600). - bpf, events: Use prog to emit ksymbol event for main program (git-fixes). - bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() (git-fixes). - btrfs: fix race between direct IO write and fsync when using same fd (git-fixes). - btrfs: send: allow cloning non-aligned extent if it ends at i_size (bsc#1230854). - bus: integrator-lm: fix OF node leak in probe() (git-fixes). - cachefiles: Fix non-taking of sb_writers around set/removexattr (bsc#1231008). - cachefiles: fix dentry leak in cachefiles_open_file() (bsc#1231183). - can: bcm: Clear bo->bcm_proc_read after remove_proc_entry() (git-fixes). - can: bcm: Remove proc entry when dev is unregistered (git-fixes). - can: j1939: use correct function name in comment (git-fixes). - can: kvaser_pciefd: Skip redundant NULL pointer check in ISR (stable-fixes). - can: m_can: Release irq on error in m_can_open (git-fixes). - can: m_can: enable NAPI before enabling interrupts (git-fixes). - can: m_can: m_can_close(): stop clocks after device has been shut down (git-fixes). - can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open (git-fixes). - can: mcp251xfd: clarify the meaning of timestamp (stable-fixes). - can: mcp251xfd: fix ring configuration when switching from CAN-CC to CAN-FD mode (git-fixes). - can: mcp251xfd: mcp251xfd_handle_rxif_ring_uinc(): factor out in separate function (stable-fixes). - can: mcp251xfd: mcp251xfd_ring_init(): check TX-coalescing configuration (stable-fixes). - can: mcp251xfd: move mcp251xfd_timestamp_start()/stop() into mcp251xfd_chip_start/stop() (stable-fixes). - can: mcp251xfd: properly indent labels (stable-fixes). - can: mcp251xfd: rx: add workaround for erratum DS80000789E 6 of mcp2518fd (stable-fixes). - can: mcp251xfd: rx: prepare to workaround broken RX FIFO head index erratum (stable-fixes). - cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (git-fixes). - cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (stable-fixes). - ceph: remove the incorrect Fw reference check when dirtying pages (bsc#1231182). - clk: Add a devm variant of clk_rate_exclusive_get() (bsc#1227885). - clk: Provide !COMMON_CLK dummy for devm_clk_rate_exclusive_get() (bsc#1227885). - clk: qcom: clk-alpha-pll: Fix the pll post div mask (git-fixes). - clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (git-fixes). - clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled (git-fixes). - clk: qcom: gcc-sc8280xp: do not use parking clk_ops for QUPs (git-fixes). - clk: qcom: gcc-sm8550: Do not park the USB RCG at registration time (git-fixes). - clk: qcom: gcc-sm8550: Do not use parking clk_ops for QUPs (git-fixes). - clk: qcom: ipq9574: Update the alpha PLL type for GPLLs (git-fixes). - clk: ti: dra7-atl: Fix leak of of_nodes (git-fixes). - clocksource/drivers/imx-tpm: Fix next event not taking effect sometime (git-fixes). - clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX (git-fixes). - clocksource/drivers/qcom: Add missing iounmap() on errors in msm_dt_timer_init() (git-fixes). - cpufreq: amd-pstate: Enable amd-pstate preferred core support (stable-fixes). - cpufreq: amd-pstate: fix the highest frequency issue which limits performance (git-fixes). - cpufreq: scmi: Avoid overflow of target_freq in fast switch (stable-fixes). - cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately (git-fixes). - crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure (git-fixes). - crypto: ccp - do not request interrupt on cmd completion when irqs disabled (git-fixes). - crypto: iaa - Fix potential use after free bug (git-fixes). - crypto: qat - fix unintentional re-enabling of error interrupts (stable-fixes). - crypto: xor - fix template benchmarking (git-fixes). - cxl/core: Fix incorrect vendor debug UUID define (git-fixes). - cxl/pci: Fix to record only non-zero ranges (git-fixes). - devres: Initialize an uninitialized struct member (stable-fixes). - dma-buf: heaps: Fix off-by-one in CMA heap fault handler (git-fixes). - dma-debug: avoid deadlock between dma debug vs printk and netconsole (stable-fixes). - dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor (stable-fixes). - dmaengine: altera-msgdma: use irq variant of spin_lock/unlock while invoking callbacks (stable-fixes). - driver core: Fix a potential null-ptr-deref in module_add_driver() (git-fixes). - driver core: Fix error handling in driver API device_rename() (git-fixes). - driver: iio: add missing checks on iio_info's callback access (stable-fixes). - drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error (git-fixes). - drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error (git-fixes). - drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() (git-fixes). - drm/amd/amdgpu: Check tbo resource pointer (stable-fixes). - drm/amd/amdgpu: Properly tune the size of struct (git-fixes). - drm/amd/display: Add array index check for hdcp ddc access (stable-fixes). - drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func (git-fixes). - drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing (stable-fixes). - drm/amd/display: Assign linear_pitch_alignment even for VM (stable-fixes). - drm/amd/display: Avoid overflow from uint32_t to uint8_t (stable-fixes). - drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct() (git-fixes). - drm/amd/display: Check BIOS images before it is used (stable-fixes). - drm/amd/display: Check HDCP returned status (stable-fixes). - drm/amd/display: Check UnboundedRequestEnabled's value (stable-fixes). - drm/amd/display: Check denominator pbn_div before used (stable-fixes). - drm/amd/display: Check gpio_id before used as array index (stable-fixes). - drm/amd/display: Check index for aux_rd_interval before using (stable-fixes). - drm/amd/display: Check msg_id before processing transcation (stable-fixes). - drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (stable-fixes). - drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX (stable-fixes). - drm/amd/display: Defer handling mst up request in resume (stable-fixes). - drm/amd/display: Disable error correction if it's not supported (stable-fixes). - drm/amd/display: Do not use fsleep for PSR exit waits on dmub replay (stable-fixes). - drm/amd/display: Ensure array index tg_inst won't be -1 (stable-fixes). - drm/amd/display: Ensure index calculation will not overflow (stable-fixes). - drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (stable-fixes). - drm/amd/display: Fix Coverity INTEGER_OVERFLOW within decide_fallback_link_setting_max_bw_policy (stable-fixes). - drm/amd/display: Fix Coverity INTERGER_OVERFLOW within construct_integrated_info (stable-fixes). - drm/amd/display: Fix FEC_READY write on DP LT (stable-fixes). - drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box (stable-fixes). - drm/amd/display: Fix pipe addition logic in calc_blocks_to_ungate DCN35 (stable-fixes). - drm/amd/display: Handle the case which quad_part is equal 0 (stable-fixes). - drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection (stable-fixes). - drm/amd/display: Replace dm_execute_dmub_cmd with dc_wake_and_execute_dmub_cmd (git-fixes). - drm/amd/display: Run DC_LOG_DC after checking link->link_enc (stable-fixes). - drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration (stable-fixes). - drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (stable-fixes). - drm/amd/display: Solve mst monitors blank out problem after resume (git-fixes). - drm/amd/display: Spinlock before reading event (stable-fixes). - drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (stable-fixes). - drm/amd/display: Wake DMCUB before sending a command for replay feature (stable-fixes). - drm/amd/display: added NULL check at start of dc_validate_stream (stable-fixes). - drm/amd/display: handle nulled pipe context in DCE110's set_drr() (git-fixes). - drm/amd/display: use preferred link settings for dp signal only (stable-fixes). - drm/amd/pm: Fix negative array index read (stable-fixes). - drm/amd/pm: check negtive return for table entries (stable-fixes). - drm/amd/pm: check specific index for aldebaran (stable-fixes). - drm/amd/pm: check specific index for smu13 (stable-fixes). - drm/amd/pm: fix the Out-of-bounds read warning (stable-fixes). - drm/amd/pm: fix uninitialized variable warning (stable-fixes). - drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr (stable-fixes). - drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt (stable-fixes). - drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr (stable-fixes). - drm/amd/pm: fix warning using uninitialized value of max_vid_step (stable-fixes). - drm/amd: Add gfx12 swizzle mode defs (stable-fixes). - drm/amdgpu/atomfirmware: Silence UBSAN warning (stable-fixes). - drm/amdgpu/display: handle gfx12 in amdgpu_dm_plane_format_mod_supported (stable-fixes). - drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs (stable-fixes). - drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc (stable-fixes). - drm/amdgpu/pm: Fix uninitialized variable agc_btc_response (stable-fixes). - drm/amdgpu/pm: Fix uninitialized variable warning for smu10 (stable-fixes). - drm/amdgpu/swsmu: always force a state reprogram on init (stable-fixes). - drm/amdgpu: Fix get each xcp macro (git-fixes). - drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (stable-fixes). - drm/amdgpu: Fix out-of-bounds write warning (stable-fixes). - drm/amdgpu: Fix smatch static checker warning (stable-fixes). - drm/amdgpu: Fix the uninitialized variable warning (stable-fixes). - drm/amdgpu: Fix the warning division or modulo by zero (stable-fixes). - drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (stable-fixes). - drm/amdgpu: Fix uninitialized variable warning in amdgpu_info_ioctl (stable-fixes). - drm/amdgpu: Handle sg size limit for contiguous allocation (stable-fixes). - drm/amdgpu: Set no_hw_access when VF request full GPU fails (stable-fixes). - drm/amdgpu: add lock in amdgpu_gart_invalidate_tlb (stable-fixes). - drm/amdgpu: add lock in kfd_process_dequeue_from_device (stable-fixes). - drm/amdgpu: add missing error handling in function amdgpu_gmc_flush_gpu_tlb_pasid (stable-fixes). - drm/amdgpu: add skip_hw_access checks for sriov (stable-fixes). - drm/amdgpu: align pp_power_profile_mode with kernel docs (stable-fixes). - drm/amdgpu: avoid reading vf2pf info size from FB (stable-fixes). - drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 (stable-fixes). - drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts (stable-fixes). - drm/amdgpu: fix a possible null pointer dereference (git-fixes). - drm/amdgpu: fix contiguous handling for IB parsing v2 (git-fixes). - drm/amdgpu: fix dereference after null check (stable-fixes). - drm/amdgpu: fix mc_data out-of-bounds read warning (stable-fixes). - drm/amdgpu: fix overflowed array index read warning (stable-fixes). - drm/amdgpu: fix overflowed constant warning in mmhub_set_clockgating() (stable-fixes). - drm/amdgpu: fix the waring dereferencing hive (stable-fixes). - drm/amdgpu: fix ucode out-of-bounds read warning (stable-fixes). - drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes). - drm/amdgpu: handle gfx12 in amdgpu_display_verify_sizes (stable-fixes). - drm/amdgpu: properly handle vbios fake edid sizing (git-fixes). - drm/amdgpu: reject gang submit on reserved VMIDs (stable-fixes). - drm/amdgpu: the warning dereferencing obj for nbio_v7_4 (stable-fixes). - drm/amdgpu: update type of buf size to u32 for eeprom functions (stable-fixes). - drm/amdgu: fix Unintentional integer overflow for mall size (stable-fixes). - drm/amdkfd: Check debug trap enable before write dbg_ev_file (stable-fixes). - drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (stable-fixes). - drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() (git-fixes). - drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ (stable-fixes). - drm/drm-bridge: Drop conditionals around of_node pointers (stable-fixes). - drm/fb-helper: Do not schedule_work() to flush frame buffer during panic() (stable-fixes). - drm/gpuvm: fix missing dependency to DRM_EXEC (git-fixes). - drm/i915/fence: Mark debug_fence_free() with __maybe_unused (git-fixes). - drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (git-fixes). - drm/i915/guc: prevent a possible int overflow in wq offsets (git-fixes). - drm/i915: Do not attempt to load the GSC multiple times (git-fixes). - drm/kfd: Correct pinned buffer handling at kfd restore and validate process (stable-fixes). - drm/mediatek: Set sensible cursor width/height values to fix crash (stable-fixes). - drm/mediatek: ovl_adaptor: Add missing of_node_put() (git-fixes). - drm/meson: plane: Add error handling (stable-fixes). - drm/msm/a5xx: disable preemption in submits by default (git-fixes). - drm/msm/a5xx: fix races in preemption evaluation stage (git-fixes). - drm/msm/a5xx: properly clear preemption records on resume (git-fixes). - drm/msm/a5xx: workaround early ring-buffer emptiness check (git-fixes). - drm/msm/adreno: Fix error return if missing firmware-name (stable-fixes). - drm/msm/dsi: correct programming sequence for SM8350 / SM8450 (git-fixes). - drm/msm: Fix incorrect file name output in adreno_request_fw() (git-fixes). - drm/msm: fix %s null argument error (git-fixes). - drm/nouveau/fb: restore init() for ramgp102 (git-fixes). - drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets (git-fixes). - drm/radeon: fix null pointer dereference in radeon_add_common_modes (git-fixes). - drm/radeon: properly handle vbios fake edid sizing (git-fixes). - drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode (git-fixes). - drm/rockchip: vop: Allow 4096px width scaling (git-fixes). - drm/rockchip: vop: clear DMA stop bit on RK3066 (git-fixes). - drm/rockchip: vop: enable VOP_FEATURE_INTERNAL_RGB on RK3066 (git-fixes). - drm/stm: Fix an error handling path in stm_drm_platform_probe() (git-fixes). - drm/stm: ltdc: check memory returned by devm_kzalloc() (git-fixes). - drm/syncobj: Fix syncobj leak in drm_syncobj_eventfd_ioctl (git-fixes). - drm/vc4: hdmi: Handle error case of pm_runtime_resume_and_get (git-fixes). - drm: komeda: Fix an issue related to normalized zpos (stable-fixes). - drm: omapdrm: Add missing check for alloc_ordered_workqueue (git-fixes). - drm: panel-orientation-quirks: Add quirk for Ayn Loki Max (stable-fixes). - drm: panel-orientation-quirks: Add quirk for Ayn Loki Zero (stable-fixes). - drm: panel-orientation-quirks: Add quirk for OrangePi Neo (stable-fixes). - ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate() (git-fixes). - erofs: fix incorrect symlink detection in fast symlink (git-fixes). - exfat: fix memory leak in exfat_load_bitmap() (git-fixes). - fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() (git-fixes). - firmware: arm_scmi: Fix double free in OPTEE transport (git-fixes). - firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() (git-fixes). - firmware_loader: Block path traversal (git-fixes). - fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF (bsc#1230602). - fuse: fix memory leak in fuse_create_open (bsc#1230124). - fuse: update stats for pages in dropped aux writeback list (bsc#1230125). - fuse: use unsigned type for getxattr/listxattr size truncation (bsc#1230123). - gpio: modepin: Enable module autoloading (git-fixes). - gpio: rockchip: fix OF node leak in probe() (git-fixes). - hwmon: (adc128d818) Fix underflows seen when writing limit attributes (stable-fixes). - hwmon: (asus-ec-sensors) remove VRM temp X570-E GAMING (stable-fixes). - hwmon: (k10temp) Check return value of amd_smn_read() (stable-fixes). - hwmon: (lm95234) Fix underflows seen when writing limit attributes (stable-fixes). - hwmon: (max16065) Fix overflows seen when writing limits (git-fixes). - hwmon: (nct6775-core) Fix underflows seen when writing limit attributes (stable-fixes). - hwmon: (ntc_thermistor) fix module autoloading (git-fixes). - hwmon: (pmbus) Conditionally clear individual status bits for pmbus rev >= 1.2 (git-fixes). - hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (stable-fixes). - hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init (git-fixes). - hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume (git-fixes). - hwrng: mtk - Use devm_pm_runtime_enable (git-fixes). - i2c: aspeed: Update the stop sw state when the bus recovery occurs (git-fixes). - i2c: designware: fix controller is holding SCL low while ENABLE bit is disabled (git-fixes). - i2c: isch: Add missed 'else' (git-fixes). - i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - i2c: xiic: Wait for TX empty to avoid missed TX NAKs (git-fixes). - i3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition (git-fixes). - i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup (stable-fixes). - iio: adc: ad7124: fix chip ID mismatch (git-fixes). - iio: adc: ad7124: fix config comparison (git-fixes). - iio: adc: ad7606: fix oversampling gpio array (git-fixes). - iio: adc: ad7606: fix standby gpio state to match the documentation (git-fixes). - iio: adc: ad7606: remove frstdata check for serial mode (git-fixes). - iio: buffer-dmaengine: fix releasing dma channel on error (git-fixes). - iio: chemical: bme680: Fix read/write ops to device by adding mutexes (git-fixes). - iio: fix scale application in iio_convert_raw_to_processed_unlocked (git-fixes). - iio: magnetometer: ak8975: Fix reading for ak099xx sensors (git-fixes). - ipmi: docs: do not advertise deprecated sysfs entries (git-fixes). - ipmi:ssif: Improve detecting during probing (bsc#1228771) - ipmi:ssif: Improve detecting during probing (bsc#1228771) Move patch into the sorted section. - ipv6: fix possible UAF in ip6_finish_output2() (bsc#1230206) - jfs: fix out-of-bounds in dbNextAG() and diAlloc() (git-fixes). - kABI workaround for cros_ec stuff (git-fixes). - kABI: Split kABI out of 'io_uring/kbuf: get rid of bl->is_ready' - kABI: Split kABI out of 'io_uring: Re-add dummy_ubuf for kABI purposes' - kABI: Split kABI out of io_uring/kbuf: protect io_buffer_list teardown with a reference - kabi: dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776). - kselftests: dmabuf-heaps: Ensure the driver name is null-terminated (stable-fixes). - kthread: Fix task state in kthread worker if being frozen (bsc#1231146). - leds: spi-byte: Call of_node_put() on error path (stable-fixes). - lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (stable-fixes). - lirc: rc_dev_get_from_fd(): fix file leak (git-fixes). - mailbox: bcm2835: Fix timeout during suspend mode (git-fixes). - mailbox: rockchip: fix a typo in module autoloading (git-fixes). - media: i2c: ar0521: Use cansleep version of gpiod_set_value() (git-fixes). - media: ov5675: Fix power on/off delay timings (git-fixes). - media: platform: rzg2l-cru: rzg2l-csi2: Add missing MODULE_DEVICE_TABLE (git-fixes). - media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (stable-fixes). - media: qcom: camss: Remove use_count guard in stop_streaming (git-fixes). - media: sun4i_csi: Implement link validate for sun4i_csi subdev (git-fixes). - media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags (git-fixes). - media: uvcvideo: Enforce alignment of frame and interval (stable-fixes). - media: venus: fix use after free bug in venus_remove due to race condition (git-fixes). - media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes). - media: vivid: do not set HDMI TX controls if there are no HDMI outputs (stable-fixes). - media: vivid: fix wrong sizeimage value for mplane (stable-fixes). - memory: mtk-smi: Use devm_clk_get_enabled() (git-fixes). - memory: tegra186-emc: drop unused to_tegra186_emc() (git-fixes). - minmax: reduce min/max macro expansion in atomisp driver (git-fixes). - misc: fastrpc: Fix double free of 'buf' in error path (git-fixes). - mmc: core: apply SD quirks earlier during probe (git-fixes). - mmc: cqhci: Fix checking of CQHCI_HALT state (git-fixes). - mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (git-fixes). - mmc: sdhci-of-aspeed: fix module autoloading (git-fixes). - module: Fix KCOV-ignored file name (git-fixes). - mtd: powernv: Add check devm_kasprintf() returned value (git-fixes). - mtd: slram: insert break after errors in parsing the map (git-fixes). - net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (git-fixes). - net: phy: Fix missing of_node_put() for leds (git-fixes). - net: phy: vitesse: repair vsc73xx autonegotiation (stable-fixes). - net: tighten bad gso csum offset check in virtio_net_hdr (git-fixes). - net: usb: qmi_wwan: add MeiG Smart SRM825L (stable-fixes). - nfsd: Do not leave work of closing files to a work queue (bsc#1228140). - nilfs2: determine empty node blocks as corrupted (git-fixes). - nilfs2: fix missing cleanup on rollforward recovery error (git-fixes). - nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() (git-fixes). - nilfs2: fix potential oob read in nilfs_btree_check_delete() (git-fixes). - nilfs2: fix state management in error path of log writing function (git-fixes). - nilfs2: protect references to superblock parameters exposed in sysfs (git-fixes). - nouveau: fix the fwsec sb verification register (git-fixes). - nvme-multipath: avoid hang on inaccessible namespaces (bsc#1228244). - nvme-multipath: system fails to create generic nvme device (bsc#1228244). - nvme-pci: Add sleep quirk for Samsung 990 Evo (git-fixes). - nvme-pci: allocate tagset on reset if necessary (git-fixes). - nvme-tcp: fix link failure for TCP auth (git-fixes). - nvme/pci: Add APST quirk for Lenovo N60z laptop (git-fixes). - nvme: clear caller pointer on identify failure (git-fixes). - nvme: fix namespace removal list (git-fixes). - nvmet-rdma: fix possible bad dereference when freeing rsps (git-fixes). - nvmet-tcp: do not continue for invalid icreq (git-fixes). - nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes). - nvmet-trace: avoid dereferencing pointer too early (git-fixes). - nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes). - ocfs2: cancel dqi_sync_work before freeing oinfo (git-fixes). - ocfs2: fix null-ptr-deref when journal load failed (git-fixes). - ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (git-fixes). - ocfs2: remove unreasonable unlock in ocfs2_read_blocks (git-fixes). - pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (stable-fixes). - pcmcia: Use resource_size function on resource object (stable-fixes). - perf annotate: Introduce global annotation_options (git-fixes). - perf annotate: Split branch stack cycles information out of 'struct annotation_line' (git-fixes). - perf annotate: Use global annotation_options (git-fixes). - perf arch events: Fix duplicate RISC-V SBI firmware event name (git-fixes). - perf intel-pt: Fix aux_watermark calculation for 64-bit size (git-fixes). - perf intel-pt: Fix exclude_guest setting (git-fixes). - perf machine thread: Remove exited threads by default (git-fixes). - perf maps: Move symbol maps functions to maps.c (git-fixes). - perf pmu: Assume sysfs events are always the same case (git-fixes). - perf pmus: Fixes always false when compare duplicates aliases (git-fixes). - perf record: Lazy load kernel symbols (git-fixes). - perf report: Convert to the global annotation_options (git-fixes). - perf report: Fix condition in sort__sym_cmp() (git-fixes). - perf stat: Fix the hard-coded metrics calculation on the hybrid (git-fixes). - perf test: Make test_arm_callgraph_fp.sh more robust (git-fixes). - perf tool: fix dereferencing NULL al->maps (git-fixes). - perf tools: Add/use PMU reverse lookup from config to name (git-fixes). - perf tools: Use pmus to describe type from attribute (git-fixes). - perf top: Convert to the global annotation_options (git-fixes). - perf/core: Fix missing wakeup when waiting for context reference (git-fixes). - perf/x86/intel/cstate: Add pkg C2 residency counter for Sierra Forest (git-fixes). - perf/x86/intel/cstate: Fix Alderlake/Raptorlake/Meteorlake (git-fixes). - perf/x86/intel/ds: Fix non 0 retire latency on Raptorlake (git-fixes). - perf/x86/intel/pt: Fix a topa_entry base address calculation (git-fixes). - perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation (git-fixes). - perf/x86/intel/pt: Fix topa_entry base length (git-fixes). - perf/x86/intel/uncore: Fix the bits of the CHA extended umask for SPR (git-fixes). - perf/x86/intel/uncore: Support HBM and CXL PMON counters (bsc#1230119). - perf/x86/intel: Add a distinct name for Granite Rapids (git-fixes). - perf/x86/intel: Factor out the initialization code for SPR (git fixes). - perf/x86/intel: Limit the period on Haswell (git-fixes). - perf/x86/intel: Use the common uarch name for the shared functions (git fixes). - perf/x86/uncore: Apply the unit control RB tree to MMIO uncore units (bsc#1230119). - perf/x86/uncore: Apply the unit control RB tree to MSR uncore units (bsc#1230119). - perf/x86/uncore: Apply the unit control RB tree to PCI uncore units (bsc#1230119). - perf/x86/uncore: Cleanup unused unit structure (bsc#1230119). - perf/x86/uncore: Retrieve the unit ID from the unit control RB tree (bsc#1230119). - perf/x86/uncore: Save the unit control address of all units (bsc#1230119). - perf/x86/uncore: Support per PMU cpumask (bsc#1230119). - perf/x86: Fix smp_processor_id()-in-preemptible warnings (git-fixes). - perf/x86: Serialize set_attr_rdpmc() (git-fixes). - perf: Fix default aux_watermark calculation (git-fixes). - perf: Fix event leak upon exit (git-fixes). - perf: Fix perf_aux_size() for greater-than 32-bit size (git-fixes). - perf: Prevent passing zero nr_pages to rb_alloc_aux() (git-fixes). - perf: script: add raw|disasm arguments to --insn-trace option (git-fixes). - phy: zynqmp: Take the phy mutex in xlate (stable-fixes). - pinctrl: at91: make it work with current gpiolib (stable-fixes). - pinctrl: meteorlake: Add Arrow Lake-H/U ACPI ID (stable-fixes). - pinctrl: single: fix missing error code in pcs_probe() (git-fixes). - platform/chrome: cros_ec_lpc: MEC access can use an AML mutex (stable-fixes). - platform/surface: aggregator_registry: Add Support for Surface Pro 10 (stable-fixes). - platform/surface: aggregator_registry: Add support for Surface Laptop Go 3 (stable-fixes). - platform/x86: dell-smbios: Fix error path in dell_smbios_init() (git-fixes). - platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array (git-fixes). - platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (git-fixes). - platform/x86: x86-android-tablets: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes). - power: supply: Drop use_cnt check from power_supply_property_is_writeable() (git-fixes). - power: supply: axp20x_battery: Remove design from min and max voltage (git-fixes). - power: supply: hwmon: Fix missing temp1_max_alarm attribute (git-fixes). - power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense (git-fixes). - powercap/intel_rapl: Add support for AMD family 1Ah (stable-fixes). - powerpc/qspinlock: Fix deadlock in MCS queue (bac#1230295 ltc#206656). - pwm: xilinx: Fix u32 overflow issue in 32-bit width PWM mode (stable-fixes). - r8152: add vendor/device ID pair for D-Link DUB-E250 (git-fixes). - regmap: maple: work around gcc-14.1 false-positive warning (stable-fixes). - regmap: spi: Fix potential off-by-one when calculating reserved size (stable-fixes). - regulator: Return actual error in of_regulator_bulk_get_all() (git-fixes). - regulator: core: Fix regulator_is_supported_voltage() kerneldoc return value (git-fixes). - regulator: core: Fix short description for _regulator_check_status_enabled() (git-fixes). - regulator: core: Stub devm_regulator_bulk_get_const() if !CONFIG_REGULATOR (git-fixes). - regulator: rt5120: Convert comma to semicolon (git-fixes). - regulator: wm831x-isink: Convert comma to semicolon (git-fixes). - remoteproc: imx_rproc: Correct ddr alias for i.MX8M (git-fixes). - remoteproc: imx_rproc: Initialize workqueue earlier (git-fixes). - remoteproc: k3-r5: Fix error handling when power-up failed (git-fixes). - reset: berlin: fix OF node leak in probe() error path (git-fixes). - reset: k210: fix OF node leak in probe() error path (git-fixes). - resource: fix region_intersects() vs add_memory_driver_managed() (git-fixes). - rpm/check-for-config-changes: Exclude ARCH_USING_PATCHABLE_FUNCTION_ENTRY gcc version dependent, at least on ppc - rtc: at91sam9: fix OF node leak in probe() error path (git-fixes). - s390/dasd: Fix redundant /proc/dasd* entries removal (bsc#1227694). - s390/dasd: Remove DMA alignment (LTC#208933 bsc#1230426 git-fixes). - s390/mm: Convert gmap_make_secure to use a folio (git-fixes bsc#1230562). - s390/mm: Convert make_page_secure to use a folio (git-fixes bsc#1230563). - s390: allow pte_offset_map_lock() to fail (git-fixes bsc#1230564). - scripts: kconfig: merge_config: config files: add a trailing newline (stable-fixes). - scripts: sphinx-pre-install: remove unnecessary double check for $cur_version (git-fixes). - scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223). - scsi: lpfc: Change diagnostic log flag during receipt of unknown ELS cmds (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Fix overflow build issue (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Fix unintentional double clearing of vmid_flag (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Remove redundant vport assignment when building an abort request (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Update PRLO handling in direct attached topology (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Update lpfc version to 14.4.0.4 (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (bsc#1229429 jsc#PED-9899). - scsi: sd: Fix off-by-one error in sd_read_block_characteristics() (bsc#1223848). - selftests: lib: remove strscpy test (git-fixes). - selinux,smack: do not bypass permissions check in inode_setsecctx hook (stable-fixes). - soc: fsl: cpm1: tsa: Fix tsa_write8() (git-fixes). - soc: versatile: integrator: fix OF node leak in probe() error path (git-fixes). - spi: atmel-quadspi: Avoid overwriting delay register settings (git-fixes). - spi: atmel-quadspi: Undo runtime PM changes at driver exit time (git-fixes). - spi: bcm63xx: Enable module autoloading (stable-fixes). - spi: bcm63xx: Fix module autoloading (git-fixes). - spi: meson-spicc: convert comma to semicolon (git-fixes). - spi: nxp-fspi: fix the KASAN report out-of-bounds bug (git-fixes). - spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ (git-fixes). - spi: ppc4xx: handle irq_of_parse_and_map() errors (git-fixes). - spi: rockchip: Resolve unbalanced runtime PM / system PM handling (git-fixes). - spi: rpc-if: Add missing MODULE_DEVICE_TABLE (git-fixes). - spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time (git-fixes). - spi: spidev: Add an entry for elgin,jg10309-01 (stable-fixes). - spi: spidev: Add missing spi_device_id for jg10309-01 (git-fixes). - staging: iio: frequency: ad9834: Validate frequency parameter value (git-fixes). - supported.conf: mark adiantum and xctr crypto modules as supported (bsc#1231035) - thunderbolt: Fix XDomain rx_lanes_show and tx_lanes_show (git-fixes). - thunderbolt: Fix calculation of consumed USB3 bandwidth on a path (git-fixes). - thunderbolt: Fix rollback in tb_port_lane_bonding_enable() for lane 1 (git-fixes). - thunderbolt: There are only 5 basic router registers in pre-USB4 routers (git-fixes). - tomoyo: fallback to realpath if symlink's pathname does not exist (git-fixes). - tools/perf: Fix the string match for '/tmp/perf-$PID.map' files in dso__load (git-fixes). - tpm: Clean up TPM space after command failure (git-fixes). - tracing: Avoid possible softlockup in tracing_iter_reset() (git-fixes). - tty: rp2: Fix reset with non forgiving PCIe host bridges (git-fixes). - uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (git-fixes). - usb: cdnsp: Fix incorrect usb_request status (git-fixes). - usb: dwc2: Skip clock gating on Broadcom SoCs (git-fixes). - usb: dwc2: drd: fix clock gating on USB role switch (git-fixes). - usb: dwc3: Avoid waking up gadget during startxfer (git-fixes). - usb: dwc3: core: Prevent USB core invalid event buffer address access (git-fixes). - usb: dwc3: core: Prevent USB core invalid event buffer address access (stable-fixes). - usb: dwc3: core: update LC timer as per USB Spec V3.2 (stable-fixes). - usb: gadget: aspeed_udc: validate endpoint index for ast udc (stable-fixes). - usb: typec: ucsi: Fix null pointer dereference in trace (stable-fixes). - usb: typec: ucsi: Wait 20ms before reading CCI after a reset (git-fixes). - usb: uas: set host status byte on data completion error (stable-fixes). - usbip: Do not submit special requests twice (stable-fixes). - usbnet: ipheth: add CDC NCM support (git-fixes). - usbnet: ipheth: do not stop RX on failing RX callback (git-fixes). - usbnet: ipheth: drop RX URBs with no payload (git-fixes). - usbnet: ipheth: fix carrier detection in modes 1 and 4 (git-fixes). - usbnet: ipheth: fix risk of NULL pointer deallocation (git-fixes). - usbnet: ipheth: race between ipheth_close and error handling (stable-fixes). - usbnet: ipheth: remove extraneous rx URB length check (git-fixes). - usbnet: ipheth: transmit URBs without trailing padding (git-fixes). - usbnet: modern method to get random MAC (git-fixes). - virtio-net: synchronize probe with ndo_set_features (git-fixes). - virtio_net: Fix napi_skb_cache_put warning (git-fixes). - virtio_net: fixing XDP for fully checksummed packets handling (git-fixes). - watchdog: imx_sc_wdt: Do not disable WDT in suspend (git-fixes). - wifi: ath11k: initialize 'ret' in ath11k_qmi_load_file_target_mem() (stable-fixes). - wifi: ath12k: fix BSS chan info request WMI command (git-fixes). - wifi: ath12k: fix firmware crash due to invalid peer nss (stable-fixes). - wifi: ath12k: fix invalid AMPDU factor calculation in ath12k_peer_assoc_h_he() (git-fixes). - wifi: ath12k: fix uninitialize symbol error on ath12k_peer_assoc_h_he() (stable-fixes). - wifi: ath12k: initialize 'ret' in ath12k_dp_rxdma_ring_sel_config_wcn7850() (stable-fixes). - wifi: ath12k: initialize 'ret' in ath12k_qmi_load_file_target_mem() (stable-fixes). - wifi: ath12k: match WMI BSS chan info structure with firmware definition (git-fixes). - wifi: ath9k: Remove error checks when creating debugfs entries (git-fixes). - wifi: brcmfmac: introducing fwil query functions (git-fixes). - wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (stable-fixes). - wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() (git-fixes). - wifi: cfg80211: fix bug of mapping AF3x to incorrect User Priority (git-fixes). - wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors (git-fixes). - wifi: cfg80211: make hash table duplicates more survivable (stable-fixes). - wifi: cfg80211: restrict operation during radar detection (stable-fixes). - wifi: iwlwifi: clear trans->state earlier upon error (stable-fixes). - wifi: iwlwifi: lower message level for FW buffer destination (stable-fixes). - wifi: iwlwifi: mvm: do not wait for tx queues if firmware is dead (stable-fixes). - wifi: iwlwifi: mvm: fix iwl_mvm_max_scan_ie_fw_cmd_room() (stable-fixes). - wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation (stable-fixes). - wifi: iwlwifi: mvm: increase the time between ranging measurements (git-fixes). - wifi: iwlwifi: mvm: pause TCM when the firmware is stopped (stable-fixes). - wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check (stable-fixes). - wifi: mac80211: check ieee80211_bss_info_change_notify() against MLD (stable-fixes). - wifi: mac80211: do not use rate mask for offchannel TX either (git-fixes). - wifi: mac80211: fix the comeback long retry times (git-fixes). - wifi: mac80211: free skb on error path in ieee80211_beacon_get_ap() (stable-fixes). - wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() (git-fixes). - wifi: mt76: connac: fix checksum offload fields of connac3 RXD (git-fixes). - wifi: mt76: mt7603: fix mixed declarations and code (git-fixes). - wifi: mt76: mt7615: check devm_kasprintf() returned value (git-fixes). - wifi: mt76: mt7915: check devm_kasprintf() returned value (git-fixes). - wifi: mt76: mt7915: fix oops on non-dbdc mt7986 (git-fixes). - wifi: mt76: mt7915: fix rx filter setting for bfee functionality (git-fixes). - wifi: mt76: mt7921: Check devm_kasprintf() returned value (git-fixes). - wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change (stable-fixes). - wifi: mt76: mt7921: fix wrong UNII-4 freq range check for the channel usage (git-fixes). - wifi: mt76: mt7925: fix a potential array-index-out-of-bounds issue for clc (git-fixes). - wifi: mt76: mt7996: fix EHT beamforming capability check (git-fixes). - wifi: mt76: mt7996: fix HE and EHT beamforming capabilities (git-fixes). - wifi: mt76: mt7996: fix NULL pointer dereference in mt7996_mcu_sta_bfer_he (git-fixes). - wifi: mt76: mt7996: fix traffic delay when switching back to working channel (git-fixes). - wifi: mt76: mt7996: fix uninitialized TLV data (git-fixes). - wifi: mt76: mt7996: fix wmm set of station interface to 3 (git-fixes). - wifi: mt76: mt7996: use hweight16 to get correct tx antenna (git-fixes). - wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (stable-fixes). - wifi: rtw88: 8822c: Fix reported RX band width (git-fixes). - wifi: rtw88: always wait for both firmware loading attempts (git-fixes). - wifi: rtw88: remove CPT execution branch never used (git-fixes). - wifi: rtw88: usb: schedule rx work after everything is set up (stable-fixes). - wifi: rtw89: ser: avoid multiple deinit on same CAM (stable-fixes). - wifi: rtw89: wow: prevent to send unexpected H2C during download Firmware (stable-fixes). - wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param (git-fixes). - x86/hyperv: fix kexec crash due to VP assist page corruption (git-fixes). - x86/kaslr: Expose and use the end of the physical memory address space (bsc#1229443). - x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382). - x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382). - x86/mm: Use lookup_address_in_pgd_attr() in show_fault_oops() (bsc#1221527). - x86/pat: Fix W^X violation false-positives when running as Xen PV guest (bsc#1221527). - x86/pat: Introduce lookup_address_in_pgd_attr() (bsc#1221527). - x86/pat: Restructure _lookup_address_cpa() (bsc#1221527). - xen/swiotlb: add alignment check for dma buffers (bsc#1229928). - xen/swiotlb: fix allocated size (git-fixes). - xen: add capability to remap non-RAM pages to different PFNs (bsc#1226003). - xen: allow mapping ACPI data using a different physical address (bsc#1226003). - xen: introduce generic helper checking for memory map conflicts (bsc#1226003). - xen: move checks for e820 conflicts further up (bsc#1226003). - xen: move max_pfn in xen_memory_setup() out of function scope (bsc#1226003). - xen: tolerate ACPI NVS memory overlapping with Xen allocated memory (bsc#1226003). - xen: use correct end address of kernel for conflict checking (bsc#1226003). - xfs: restrict when we try to align cow fork delalloc to cowextsz hints (git-fixes). - xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them (git-fixes). - xz: cleanup CRC32 edits from 2018 (git-fixes). Important SUSE bug 1012628 SUSE bug 1183045 SUSE bug 1215199 SUSE bug 1216223 SUSE bug 1216776 SUSE bug 1220382 SUSE bug 1221527 SUSE bug 1221610 SUSE bug 1221650 SUSE bug 1222629 SUSE bug 1223600 SUSE bug 1223848 SUSE bug 1225487 SUSE bug 1225812 SUSE bug 1225903 SUSE bug 1226003 SUSE bug 1226507 SUSE bug 1226606 SUSE bug 1226666 SUSE bug 1226846 SUSE bug 1226860 SUSE bug 1227487 SUSE bug 1227694 SUSE bug 1227726 SUSE bug 1227819 SUSE bug 1227885 SUSE bug 1227890 SUSE bug 1227962 SUSE bug 1228090 SUSE bug 1228140 SUSE bug 1228244 SUSE bug 1228507 SUSE bug 1228771 SUSE bug 1229001 SUSE bug 1229004 SUSE bug 1229019 SUSE bug 1229086 SUSE bug 1229167 SUSE bug 1229169 SUSE bug 1229289 SUSE bug 1229334 SUSE bug 1229362 SUSE bug 1229363 SUSE bug 1229364 SUSE bug 1229371 SUSE bug 1229380 SUSE bug 1229389 SUSE bug 1229394 SUSE bug 1229429 SUSE bug 1229443 SUSE bug 1229452 SUSE bug 1229455 SUSE bug 1229456 SUSE bug 1229494 SUSE bug 1229585 SUSE bug 1229753 SUSE bug 1229764 SUSE bug 1229768 SUSE bug 1229790 SUSE bug 1229810 SUSE bug 1229899 SUSE bug 1229928 SUSE bug 1230015 SUSE bug 1230119 SUSE bug 1230123 SUSE bug 1230124 SUSE bug 1230125 SUSE bug 1230169 SUSE bug 1230170 SUSE bug 1230171 SUSE bug 1230173 SUSE bug 1230174 SUSE bug 1230175 SUSE bug 1230176 SUSE bug 1230178 SUSE bug 1230180 SUSE bug 1230181 SUSE bug 1230185 SUSE bug 1230191 SUSE bug 1230192 SUSE bug 1230193 SUSE bug 1230194 SUSE bug 1230195 SUSE bug 1230200 SUSE bug 1230204 SUSE bug 1230206 SUSE bug 1230207 SUSE bug 1230209 SUSE bug 1230211 SUSE bug 1230213 SUSE bug 1230217 SUSE bug 1230221 SUSE bug 1230224 SUSE bug 1230230 SUSE bug 1230232 SUSE bug 1230233 SUSE bug 1230240 SUSE bug 1230244 SUSE bug 1230245 SUSE bug 1230247 SUSE bug 1230248 SUSE bug 1230269 SUSE bug 1230270 SUSE bug 1230295 SUSE bug 1230340 SUSE bug 1230350 SUSE bug 1230413 SUSE bug 1230426 SUSE bug 1230430 SUSE bug 1230431 SUSE bug 1230432 SUSE bug 1230433 SUSE bug 1230434 SUSE bug 1230435 SUSE bug 1230440 SUSE bug 1230441 SUSE bug 1230442 SUSE bug 1230444 SUSE bug 1230450 SUSE bug 1230451 SUSE bug 1230454 SUSE bug 1230455 SUSE bug 1230457 SUSE bug 1230459 SUSE bug 1230506 SUSE bug 1230507 SUSE bug 1230511 SUSE bug 1230515 SUSE bug 1230517 SUSE bug 1230518 SUSE bug 1230519 SUSE bug 1230520 SUSE bug 1230521 SUSE bug 1230524 SUSE bug 1230526 SUSE bug 1230533 SUSE bug 1230535 SUSE bug 1230539 SUSE bug 1230540 SUSE bug 1230549 SUSE bug 1230556 SUSE bug 1230562 SUSE bug 1230563 SUSE bug 1230564 SUSE bug 1230580 SUSE bug 1230582 SUSE bug 1230589 SUSE bug 1230602 SUSE bug 1230699 SUSE bug 1230700 SUSE bug 1230701 SUSE bug 1230702 SUSE bug 1230703 SUSE bug 1230704 SUSE bug 1230705 SUSE bug 1230706 SUSE bug 1230709 SUSE bug 1230711 SUSE bug 1230712 SUSE bug 1230715 SUSE bug 1230719 SUSE bug 1230722 SUSE bug 1230724 SUSE bug 1230725 SUSE bug 1230726 SUSE bug 1230727 SUSE bug 1230730 SUSE bug 1230731 SUSE bug 1230732 SUSE bug 1230747 SUSE bug 1230748 SUSE bug 1230749 SUSE bug 1230751 SUSE bug 1230752 SUSE bug 1230753 SUSE bug 1230756 SUSE bug 1230761 SUSE bug 1230766 SUSE bug 1230767 SUSE bug 1230768 SUSE bug 1230771 SUSE bug 1230772 SUSE bug 1230775 SUSE bug 1230776 SUSE bug 1230780 SUSE bug 1230783 SUSE bug 1230786 SUSE bug 1230787 SUSE bug 1230791 SUSE bug 1230794 SUSE bug 1230796 SUSE bug 1230802 SUSE bug 1230806 SUSE bug 1230808 SUSE bug 1230809 SUSE bug 1230810 SUSE bug 1230812 SUSE bug 1230813 SUSE bug 1230814 SUSE bug 1230815 SUSE bug 1230821 SUSE bug 1230825 SUSE bug 1230830 SUSE bug 1230831 SUSE bug 1230854 SUSE bug 1230948 SUSE bug 1231008 SUSE bug 1231035 SUSE bug 1231120 SUSE bug 1231146 SUSE bug 1231182 SUSE bug 1231183 CVE-2023-52610 at SUSE CVE-2023-52610 at NVD CVE-2023-52752 at SUSE CVE-2023-52752 at NVD CVE-2023-52915 at SUSE CVE-2023-52915 at NVD CVE-2023-52916 at SUSE CVE-2023-52916 at NVD CVE-2024-26640 at SUSE CVE-2024-26640 at NVD CVE-2024-26759 at SUSE CVE-2024-26759 at NVD CVE-2024-26804 at SUSE CVE-2024-26804 at NVD CVE-2024-36953 at SUSE CVE-2024-36953 at NVD CVE-2024-38538 at SUSE CVE-2024-38538 at NVD CVE-2024-38596 at SUSE CVE-2024-38596 at NVD CVE-2024-38632 at SUSE CVE-2024-38632 at NVD CVE-2024-40965 at SUSE CVE-2024-40965 at NVD CVE-2024-40973 at SUSE CVE-2024-40973 at NVD CVE-2024-40983 at SUSE CVE-2024-40983 at NVD CVE-2024-42154 at SUSE CVE-2024-42154 at NVD CVE-2024-42243 at SUSE CVE-2024-42243 at NVD CVE-2024-42252 at SUSE CVE-2024-42252 at NVD CVE-2024-42265 at SUSE CVE-2024-42265 at NVD CVE-2024-42294 at SUSE CVE-2024-42294 at NVD CVE-2024-42304 at SUSE CVE-2024-42304 at NVD CVE-2024-42305 at SUSE CVE-2024-42305 at NVD CVE-2024-42306 at SUSE CVE-2024-42306 at NVD CVE-2024-43828 at SUSE CVE-2024-43828 at NVD CVE-2024-43832 at SUSE CVE-2024-43832 at NVD CVE-2024-43835 at SUSE CVE-2024-43835 at NVD CVE-2024-43845 at SUSE CVE-2024-43845 at NVD CVE-2024-43870 at SUSE CVE-2024-43870 at NVD CVE-2024-43890 at SUSE CVE-2024-43890 at NVD CVE-2024-43898 at SUSE CVE-2024-43898 at NVD CVE-2024-43904 at SUSE CVE-2024-43904 at NVD CVE-2024-43914 at SUSE CVE-2024-43914 at NVD CVE-2024-44935 at SUSE CVE-2024-44935 at NVD CVE-2024-44944 at SUSE CVE-2024-44944 at NVD CVE-2024-44946 at SUSE CVE-2024-44946 at NVD CVE-2024-44947 at SUSE CVE-2024-44947 at NVD CVE-2024-44948 at SUSE CVE-2024-44948 at NVD CVE-2024-44950 at SUSE CVE-2024-44950 at NVD CVE-2024-44951 at SUSE CVE-2024-44951 at NVD CVE-2024-44952 at SUSE CVE-2024-44952 at NVD CVE-2024-44954 at SUSE CVE-2024-44954 at NVD CVE-2024-44960 at SUSE CVE-2024-44960 at NVD CVE-2024-44961 at SUSE CVE-2024-44961 at NVD CVE-2024-44962 at SUSE CVE-2024-44962 at NVD CVE-2024-44965 at SUSE CVE-2024-44965 at NVD CVE-2024-44967 at SUSE CVE-2024-44967 at NVD CVE-2024-44969 at SUSE CVE-2024-44969 at NVD CVE-2024-44970 at SUSE CVE-2024-44970 at NVD CVE-2024-44971 at SUSE CVE-2024-44971 at NVD CVE-2024-44977 at SUSE CVE-2024-44977 at NVD CVE-2024-44982 at SUSE CVE-2024-44982 at NVD CVE-2024-44984 at SUSE CVE-2024-44984 at NVD CVE-2024-44985 at SUSE CVE-2024-44985 at NVD CVE-2024-44986 at SUSE CVE-2024-44986 at NVD CVE-2024-44987 at SUSE CVE-2024-44987 at NVD CVE-2024-44988 at SUSE CVE-2024-44988 at NVD CVE-2024-44989 at SUSE CVE-2024-44989 at NVD CVE-2024-44990 at SUSE CVE-2024-44990 at NVD CVE-2024-44991 at SUSE CVE-2024-44991 at NVD CVE-2024-44997 at SUSE CVE-2024-44997 at NVD CVE-2024-44998 at SUSE CVE-2024-44998 at NVD CVE-2024-44999 at SUSE CVE-2024-44999 at NVD CVE-2024-45000 at SUSE CVE-2024-45000 at NVD CVE-2024-45001 at SUSE CVE-2024-45001 at NVD CVE-2024-45002 at SUSE CVE-2024-45002 at NVD CVE-2024-45003 at SUSE CVE-2024-45003 at NVD CVE-2024-45005 at SUSE CVE-2024-45005 at NVD CVE-2024-45006 at SUSE CVE-2024-45006 at NVD CVE-2024-45007 at SUSE CVE-2024-45007 at NVD CVE-2024-45008 at SUSE CVE-2024-45008 at NVD CVE-2024-45011 at SUSE CVE-2024-45011 at NVD CVE-2024-45012 at SUSE CVE-2024-45012 at NVD CVE-2024-45013 at SUSE CVE-2024-45013 at NVD CVE-2024-45015 at SUSE CVE-2024-45015 at NVD CVE-2024-45017 at SUSE CVE-2024-45017 at NVD CVE-2024-45018 at SUSE CVE-2024-45018 at NVD CVE-2024-45019 at SUSE CVE-2024-45019 at NVD CVE-2024-45020 at SUSE CVE-2024-45020 at NVD CVE-2024-45021 at SUSE CVE-2024-45021 at NVD CVE-2024-45022 at SUSE CVE-2024-45022 at NVD CVE-2024-45023 at SUSE CVE-2024-45023 at NVD CVE-2024-45026 at SUSE CVE-2024-45026 at NVD CVE-2024-45028 at SUSE CVE-2024-45028 at NVD CVE-2024-45029 at SUSE CVE-2024-45029 at NVD CVE-2024-45030 at SUSE CVE-2024-45030 at NVD CVE-2024-46672 at SUSE CVE-2024-46672 at NVD CVE-2024-46673 at SUSE CVE-2024-46673 at NVD CVE-2024-46674 at SUSE CVE-2024-46674 at NVD CVE-2024-46675 at SUSE CVE-2024-46675 at NVD CVE-2024-46676 at SUSE CVE-2024-46676 at NVD CVE-2024-46677 at SUSE CVE-2024-46677 at NVD CVE-2024-46679 at SUSE CVE-2024-46679 at NVD CVE-2024-46685 at SUSE CVE-2024-46685 at NVD CVE-2024-46686 at SUSE CVE-2024-46686 at NVD CVE-2024-46687 at SUSE CVE-2024-46687 at NVD CVE-2024-46689 at SUSE CVE-2024-46689 at NVD CVE-2024-46691 at SUSE CVE-2024-46691 at NVD CVE-2024-46692 at SUSE CVE-2024-46692 at NVD CVE-2024-46693 at SUSE CVE-2024-46693 at NVD CVE-2024-46694 at SUSE CVE-2024-46694 at NVD CVE-2024-46695 at SUSE CVE-2024-46695 at NVD CVE-2024-46702 at SUSE CVE-2024-46702 at NVD CVE-2024-46706 at SUSE CVE-2024-46706 at NVD CVE-2024-46707 at SUSE CVE-2024-46707 at NVD CVE-2024-46709 at SUSE CVE-2024-46709 at NVD CVE-2024-46710 at SUSE CVE-2024-46710 at NVD CVE-2024-46714 at SUSE CVE-2024-46714 at NVD CVE-2024-46715 at SUSE CVE-2024-46715 at NVD CVE-2024-46716 at SUSE CVE-2024-46716 at NVD CVE-2024-46717 at SUSE CVE-2024-46717 at NVD CVE-2024-46719 at SUSE CVE-2024-46719 at NVD CVE-2024-46720 at SUSE CVE-2024-46720 at NVD CVE-2024-46722 at SUSE CVE-2024-46722 at NVD CVE-2024-46723 at SUSE CVE-2024-46723 at NVD CVE-2024-46724 at SUSE CVE-2024-46724 at NVD CVE-2024-46725 at SUSE CVE-2024-46725 at NVD CVE-2024-46726 at SUSE CVE-2024-46726 at NVD CVE-2024-46728 at SUSE CVE-2024-46728 at NVD CVE-2024-46729 at SUSE CVE-2024-46729 at NVD CVE-2024-46730 at SUSE CVE-2024-46730 at NVD CVE-2024-46731 at SUSE CVE-2024-46731 at NVD CVE-2024-46732 at SUSE CVE-2024-46732 at NVD CVE-2024-46734 at SUSE CVE-2024-46734 at NVD CVE-2024-46735 at SUSE CVE-2024-46735 at NVD CVE-2024-46737 at SUSE CVE-2024-46737 at NVD CVE-2024-46738 at SUSE CVE-2024-46738 at NVD CVE-2024-46739 at SUSE CVE-2024-46739 at NVD CVE-2024-46741 at SUSE CVE-2024-46741 at NVD CVE-2024-46743 at SUSE CVE-2024-46743 at NVD CVE-2024-46744 at SUSE CVE-2024-46744 at NVD CVE-2024-46745 at SUSE CVE-2024-46745 at NVD CVE-2024-46746 at SUSE CVE-2024-46746 at NVD CVE-2024-46747 at SUSE CVE-2024-46747 at NVD CVE-2024-46749 at SUSE CVE-2024-46749 at NVD CVE-2024-46750 at SUSE CVE-2024-46750 at NVD CVE-2024-46751 at SUSE CVE-2024-46751 at NVD CVE-2024-46752 at SUSE CVE-2024-46752 at NVD CVE-2024-46753 at SUSE CVE-2024-46753 at NVD CVE-2024-46755 at SUSE CVE-2024-46755 at NVD CVE-2024-46756 at SUSE CVE-2024-46756 at NVD CVE-2024-46757 at SUSE CVE-2024-46757 at NVD CVE-2024-46758 at SUSE CVE-2024-46758 at NVD CVE-2024-46759 at SUSE CVE-2024-46759 at NVD CVE-2024-46760 at SUSE CVE-2024-46760 at NVD CVE-2024-46761 at SUSE CVE-2024-46761 at NVD CVE-2024-46767 at SUSE CVE-2024-46767 at NVD CVE-2024-46771 at SUSE CVE-2024-46771 at NVD CVE-2024-46772 at SUSE CVE-2024-46772 at NVD CVE-2024-46773 at SUSE CVE-2024-46773 at NVD CVE-2024-46774 at SUSE CVE-2024-46774 at NVD CVE-2024-46776 at SUSE CVE-2024-46776 at NVD CVE-2024-46778 at SUSE CVE-2024-46778 at NVD CVE-2024-46780 at SUSE CVE-2024-46780 at NVD CVE-2024-46781 at SUSE CVE-2024-46781 at NVD CVE-2024-46783 at SUSE CVE-2024-46783 at NVD CVE-2024-46784 at SUSE CVE-2024-46784 at NVD CVE-2024-46786 at SUSE CVE-2024-46786 at NVD CVE-2024-46787 at SUSE CVE-2024-46787 at NVD CVE-2024-46791 at SUSE CVE-2024-46791 at NVD CVE-2024-46794 at SUSE CVE-2024-46794 at NVD CVE-2024-46797 at SUSE CVE-2024-46797 at NVD CVE-2024-46798 at SUSE CVE-2024-46798 at NVD CVE-2024-46822 at SUSE CVE-2024-46822 at NVD cpe:/o:opensuse:leap:15.6 Security update for mozjs78 (Moderate) openSUSE Leap 15.6 This update for mozjs78 fixes the following issues: - CVE-2024-45490: Fixed negative len for XML_ParseBuffer in embedded expat (bnc#1230036) - CVE-2024-45491: Fixed integer overflow in dtdCopy in embedded expat (bnc#1230037) - CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart in embedded expat (bnc#1230038) Moderate SUSE bug 1230036 SUSE bug 1230037 SUSE bug 1230038 CVE-2024-45490 at SUSE CVE-2024-45490 at NVD CVE-2024-45491 at SUSE CVE-2024-45491 at NVD CVE-2024-45492 at SUSE CVE-2024-45492 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52610: net/sched: act_ct: fix skb leak and crash on ooo frags (bsc#1221610). - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487). - CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269). - CVE-2024-26640: tcp: add sanity checks to rx zerocopy (bsc#1221650). - CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340). - CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629). - CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606). - CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846). - CVE-2024-40965: i2c: lpi2c: Avoid calling clk_get_rate during transfer (bsc#1227885). - CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890). - CVE-2024-40983: tipc: force a dst refcount before doing decryption (bsc#1227819). - CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507). - CVE-2024-42243: mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray (bsc#1229001). - CVE-2024-42252: closures: Change BUG_ON() to WARN_ON() (bsc#1229004). - CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334). - CVE-2024-42294: block: fix deadlock between sd_remove & sd_release (bsc#1229371). - CVE-2024-42304: ext4: make sure the first directory block is not a hole (bsc#1229364). - CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363). - CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362). - CVE-2024-43828: ext4: fix infinite loop when replaying fast_commit (bsc#1229394). - CVE-2024-43832: s390/uv: Do not call folio_wait_writeback() without a folio reference (bsc#1229380). - CVE-2024-43845: udf: Fix bogus checksum computation in udf_rename() (bsc#1229389). - CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764). - CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753). - CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790). - CVE-2024-44935: sctp: Fix null-ptr-deref in reuseport_add_sock() (bsc#1229810). - CVE-2024-44944: netfilter: ctnetlink: use helper function to calculate expect ID (bsc#1229899). - CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). - CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180). - CVE-2024-44951: serial: sc16is7xx: fix TX fifo corruption (bsc#1230181). - CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (bsc#1230209). - CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1230211). - CVE-2024-44984: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT (bsc#1230240). - CVE-2024-44985: ipv6: prevent possible UAF in ip6_xmit() (bsc#1230206). - CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185). - CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192). - CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference (bsc#1230193). - CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok (bsc#1230194). - CVE-2024-44991: tcp: prevent concurrent execution of tcp_sk_exit_batch (bsc#1230195). - CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171). - CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233). - CVE-2024-45002: rtla/osnoise: Prevent NULL dereference in error handling (bsc#1230169). - CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245). - CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442). - CVE-2024-45017: net/mlx5: Fix IPsec RoCE MPV trace call (bsc#1230430). - CVE-2024-45018: netfilter: flowtable: initialise extack before use (bsc#1230431). - CVE-2024-45019: net/mlx5e: Take state lock during tx timeout reporter (bsc#1230432). - CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434). - CVE-2024-45022: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0 (bsc#1230435). - CVE-2024-45023: md/raid1: Fix data corruption for degraded array with slow disk (bsc#1230455). - CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe (bsc#1230451). - CVE-2024-45030: igb: cope with large MAX_SKB_FRAGS (bsc#1230457). - CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506). - CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549). - CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556). - CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517). - CVE-2024-46687: btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk() (bsc#1230518). - CVE-2024-46691: usb: typec: ucsi: Move unregister out of atomic section (bsc#1230526). - CVE-2024-46692: firmware: qcom: scm: Mark get_wq_ctx() as atomic call (bsc#1230520). - CVE-2024-46693: kABI workaround for soc-qcom pmic_glink changes (bsc#1230521). - CVE-2024-46710: drm/vmwgfx: Prevent unmapping active read buffers (bsc#1230540). - CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719). - CVE-2024-46729: drm/amd/display: Fix incorrect size calculation for loop (bsc#1230704). - CVE-2024-46735: ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() (bsc#1230727). - CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756). - CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info() (bsc#1230786). - CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794). - CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796). - CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used (bsc#1230772). - CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810). - CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815). - CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825). - CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120). The following non-security bugs were fixed: - ABI: testing: fix admv8818 attr description (git-fixes). - ACPI: CPPC: Add helper to get the highest performance value (stable-fixes). - ACPI: CPPC: Fix MASK_VAL() usage (git-fixes). - ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() (git-fixes). - ACPI: processor: Fix memory leaks in error paths of processor_add() (stable-fixes). - ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (stable-fixes). - ACPI: sysfs: validate return type of _STR method (git-fixes). - ACPICA: Implement ACPI_WARNING_ONCE and ACPI_ERROR_ONCE (stable-fixes). - ACPICA: executer/exsystem: Do not nag user about every Stall() violating the spec (git-fixes). - ALSA: control: Apply sanity check of input values for user elements (stable-fixes). - ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (stable-fixes). - ALSA: hda/realtek - Fix inactive headset mic jack for ASUS Vivobook 15 X1504VAP (stable-fixes). - ALSA: hda/realtek: Enable Mute Led for HP Victus 15-fb1xxx (stable-fixes). - ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx (stable-fixes). - ALSA: hda/realtek: add patch for internal mic in Lenovo V145 (stable-fixes). - ALSA: hda/realtek: extend quirks for Clevo V5[46]0 (stable-fixes). - ALSA: hda: Add input value sanity checks to HDMI channel map controls (stable-fixes). - ALSA: hda: add HDMI codec ID for Intel PTL (stable-fixes). - ALSA: hda: cs35l41: fix module autoloading (git-fixes). - ARM: 9406/1: Fix callchain_trace() return value (git-fixes). - ASoC: Intel: soc-acpi-cht: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes). - ASoC: amd: yc: Add a quirk for MSI Bravo 17 (D7VEK) (stable-fixes). - ASoC: codecs: avoid possible garbage value in peb2466_reg_read() (git-fixes). - ASoC: cs42l42: Convert comma to semicolon (git-fixes). - ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (git-fixes). - ASoC: intel: fix module autoloading (stable-fixes). - ASoC: meson: Remove unused declartion in header file (git-fixes). - ASoC: meson: axg-card: fix 'use-after-free' (git-fixes). - ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error (git-fixes). - ASoC: rt5682s: Return devm_of_clk_add_hw_provider to transfer the error (git-fixes). - ASoC: soc-ac97: Fix the incorrect description (git-fixes). - ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode (git-fixes). - ASoC: tas2781-i2c: Get the right GPIO line (git-fixes). - ASoC: tda7419: fix module autoloading (stable-fixes). - ASoC: tegra: Fix CBB error during probe() (git-fixes). - ASoC: topology: Properly initialize soc_enum values (stable-fixes). - ASoc: SOF: topology: Clear SOF link platform name upon unload (git-fixes). - ASoc: TAS2781: replace beXX_to_cpup with get_unaligned_beXX for potentially broken alignment (stable-fixes). - Bluetooth: MGMT: Ignore keys being loaded with invalid type (git-fixes). - Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush() (stable-fixes). - Bluetooth: btusb: Fix not handling ZPL/short-transfer (git-fixes). - Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED (git-fixes). - Bluetooth: hci_event: Use HCI error defines instead of magic values (stable-fixes). - Bluetooth: hci_sync: Add helper functions to manipulate cmd_sync queue (stable-fixes). - Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL (git-fixes). - Detect memory allocation failure in annotated_source__alloc_histograms (bsc#1227962). - Documentation: ioctl: document 0x07 ioctl code (git-fixes). - Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (git-fixes). - Drivers: hv: vmbus: Fix the misplaced function description (git-fixes). - HID: amd_sfh: free driver_data after destroying hid device (stable-fixes). - HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (stable-fixes). - HID: multitouch: Add support for GT7868Q (stable-fixes). - HID: wacom: Do not warn about dropped packets for first packet (git-fixes). - HID: wacom: Support sequence numbers smaller than 16-bit (git-fixes). - IB/core: Fix ib_cache_setup_one error flow cleanup (git-fixes) - Input: adp5588-keys - fix check on return code (git-fixes). - Input: ads7846 - ratelimit the spi_sync error message (stable-fixes). - Input: ili210x - use kvmalloc() to allocate buffer for firmware update (stable-fixes). - Input: ilitek_ts_i2c - avoid wrong input subsystem sync (git-fixes). - Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - Input: synaptics - enable SMBus for HP Elitebook 840 G2 (stable-fixes). - Input: tsc2004/5 - do not hard code interrupt trigger (git-fixes). - Input: tsc2004/5 - fix reset handling on probe (git-fixes). - Input: tsc2004/5 - use device core to create driver-specific device attributes (git-fixes). - Input: uinput - reject requests with unreasonable number of slots (stable-fixes). - KEYS: prevent NULL pointer dereference in find_asymmetric_key() (git-fixes). - KVM: SVM: Do not advertise Bus Lock Detect to guest if SVM support is missing (git-fixes). - KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE (git-fixes). - KVM: arm64: Block unsafe FF-A calls from the host (git-fixes). - KVM: arm64: Disallow copying MTE to guest memory while KVM is dirty logging (git-fixes). - KVM: arm64: Do not pass a TLBI level hint when zapping table entries (git-fixes). - KVM: arm64: Do not re-initialize the KVM lock (git-fixes). - KVM: arm64: Invalidate EL1&0 TLB entries for all VMIDs in nvhe hyp init (git-fixes). - KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 (git-fixes). - KVM: arm64: Release pfn, i.e. put page, if copying MTE tags hits ZONE_DEVICE (git-fixes). - KVM: arm64: nvhe: Ignore SVE hint in SMCCC function ID (git-fixes). - KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() (git-fixes). - KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS (git-fixes). - Move fixes into sorted section (bsc#1230119) - NFS: never reuse a NFSv4.0 lock-owner (bsc#1227726). - NFSD: Fix frame size warning in svc_export_parse() (git-fixes). - NFSD: Rewrite synopsis of nfsd_percpu_counters_init() (git-fixes). - NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (git-fixes). - PCI: Add missing bridge lock to pci_bus_lock() (stable-fixes). - PCI: Wait for Link before restoring Downstream Buses (git-fixes). - PCI: al: Check IORESOURCE_BUS existence during probe (stable-fixes). - PCI: dra7xx: Fix error handling when IRQ request fails in probe (git-fixes). - PCI: dra7xx: Fix threaded IRQ request for 'dra7xx-pcie-main' IRQ (git-fixes). - PCI: dwc: Expose dw_pcie_ep_exit() to module (git-fixes). - PCI: imx6: Fix missing call to phy_power_off() in error handling (git-fixes). - PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (stable-fixes). - PCI: keystone: Fix if-statement expression in ks_pcie_quirk() (git-fixes). - PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port() (git-fixes). - PCI: qcom-ep: Enable controller resources like PHY only after refclk is available (git-fixes). - PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes). - PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes). - PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666). - RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes) - RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes) - RDMA/efa: Properly handle unexpected AQ completions (git-fixes) - RDMA/erdma: Return QP state in erdma_query_qp (git-fixes) - RDMA/hns: Do not modify rq next block addr in HIP09 QPC (git-fixes) - RDMA/hns: Fix 1bit-ECC recovery address in non-4K OS (git-fixes) - RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08 (git-fixes) - RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (git-fixes) - RDMA/hns: Fix ah error counter in sw stat not increasing (git-fixes) - RDMA/hns: Fix restricted __le16 degrades to integer issue (git-fixes) - RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (git-fixes) - RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (git-fixes) - RDMA/hns: Optimize hem allocation performance (git-fixes) - RDMA/irdma: fix error message in irdma_modify_qp_roce() (git-fixes) - RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git-fixes) - RDMA/mlx5: Drop redundant work canceling from clean_keys() (git-fixes) - RDMA/mlx5: Fix MR cache temp entries cleanup (git-fixes) - RDMA/mlx5: Fix counter update on MR cache mkey creation (git-fixes) - RDMA/mlx5: Limit usage of over-sized mkeys from the MR cache (git-fixes) - RDMA/mlx5: Obtain upper net device only when needed (git-fixes) - RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (git-fixes) - RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (git-fixes) - Restore dropped fields for bluetooth MGMT/SMP structs (git-fixes). - Revert 'Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE' (git-fixes). - Revert 'PCI: Extend ACS configurability (bsc#1228090).' (bsc#1229019) - Revert 'drm/amdgpu: align pp_power_profile_mode with kernel docs' (stable-fixes). - Revert 'media: tuners: fix error return code of hybrid_tuner_request_state()' (git-fixes). - Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' - Revert 'mm/sparsemem: fix race in accessing memory_section->usage' - Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' - Squashfs: sanity check symbolic link size (git-fixes). - USB: class: CDC-ACM: fix race between get_serial and set_serial (git-fixes). - USB: serial: kobil_sct: restore initial terminal settings (git-fixes). - USB: serial: option: add MeiG Smart SRM825L (git-fixes). - USB: serial: pl2303: add device id for Macrosilicon MS3020 (stable-fixes). - USB: usbtmc: prevent kernel-usb-infoleak (git-fixes). - VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (git-fixes). - afs: Do not cross .backup mountpoint from backup volume (git-fixes). - afs: Revert 'afs: Hide silly-rename files from userspace' (git-fixes). - arm64/mm: Modify range-based tlbi to decrement scale (bsc#1229585) - arm64/mm: Update tlb invalidation routines for FEAT_LPA2 (bsc#1229585) - arm64: acpi: Move get_cpu_for_acpi_id() to a header (git-fixes). - arm64: dts: allwinner: h616: Add r_i2c pinctrl nodes (git-fixes). - arm64: dts: exynos: exynos7885-jackpotlte: Correct RAM amount to 4GB (git-fixes). - arm64: dts: imx8-ss-dma: Fix adc0 closing brace location (git-fixes). - arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity (git-fixes). - arm64: dts: rockchip: Correct vendor prefix for Hardkernel ODROID-M1 (git-fixes). - arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency (git-fixes). - arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E (git-fixes). - arm64: dts: rockchip: fix eMMC/SPI corruption when audio has been used on RK3399 Puma (git-fixes). - arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma (git-fixes). - arm64: signal: Fix some under-bracketed UAPI macros (git-fixes). - arm64: tlb: Allow range operation for MAX_TLBI_RANGE_PAGES (bsc#1229585) - arm64: tlb: Fix TLBI RANGE operand (bsc#1229585) - arm64: tlb: Improve __TLBI_VADDR_RANGE() (bsc#1229585) - ata: libata-scsi: Fix ata_msense_control() CDL page reporting (git-fixes). - ata: libata: Clear DID_TIME_OUT for ATA PT commands with sense data (git-fixes). - ata: libata: Fix memory leak for error path in ata_host_alloc() (git-fixes). - ata: pata_macio: Use WARN instead of BUG (stable-fixes). - blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600). - blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600). - bpf, events: Use prog to emit ksymbol event for main program (git-fixes). - bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() (git-fixes). - btrfs: fix race between direct IO write and fsync when using same fd (git-fixes). - btrfs: send: allow cloning non-aligned extent if it ends at i_size (bsc#1230854). - bus: integrator-lm: fix OF node leak in probe() (git-fixes). - cachefiles: Fix non-taking of sb_writers around set/removexattr (bsc#1231008). - cachefiles: fix dentry leak in cachefiles_open_file() (bsc#1231183). - can: bcm: Clear bo->bcm_proc_read after remove_proc_entry() (git-fixes). - can: bcm: Remove proc entry when dev is unregistered (git-fixes). - can: j1939: use correct function name in comment (git-fixes). - can: kvaser_pciefd: Skip redundant NULL pointer check in ISR (stable-fixes). - can: m_can: Release irq on error in m_can_open (git-fixes). - can: m_can: enable NAPI before enabling interrupts (git-fixes). - can: m_can: m_can_close(): stop clocks after device has been shut down (git-fixes). - can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open (git-fixes). - can: mcp251xfd: clarify the meaning of timestamp (stable-fixes). - can: mcp251xfd: fix ring configuration when switching from CAN-CC to CAN-FD mode (git-fixes). - can: mcp251xfd: mcp251xfd_handle_rxif_ring_uinc(): factor out in separate function (stable-fixes). - can: mcp251xfd: mcp251xfd_ring_init(): check TX-coalescing configuration (stable-fixes). - can: mcp251xfd: move mcp251xfd_timestamp_start()/stop() into mcp251xfd_chip_start/stop() (stable-fixes). - can: mcp251xfd: properly indent labels (stable-fixes). - can: mcp251xfd: rx: add workaround for erratum DS80000789E 6 of mcp2518fd (stable-fixes). - can: mcp251xfd: rx: prepare to workaround broken RX FIFO head index erratum (stable-fixes). - cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (git-fixes). - cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (stable-fixes). - ceph: remove the incorrect Fw reference check when dirtying pages (bsc#1231182). - clk: Add a devm variant of clk_rate_exclusive_get() (bsc#1227885). - clk: Provide !COMMON_CLK dummy for devm_clk_rate_exclusive_get() (bsc#1227885). - clk: qcom: clk-alpha-pll: Fix the pll post div mask (git-fixes). - clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (git-fixes). - clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled (git-fixes). - clk: qcom: gcc-sc8280xp: do not use parking clk_ops for QUPs (git-fixes). - clk: qcom: gcc-sm8550: Do not park the USB RCG at registration time (git-fixes). - clk: qcom: gcc-sm8550: Do not use parking clk_ops for QUPs (git-fixes). - clk: qcom: ipq9574: Update the alpha PLL type for GPLLs (git-fixes). - clk: ti: dra7-atl: Fix leak of of_nodes (git-fixes). - clocksource/drivers/imx-tpm: Fix next event not taking effect sometime (git-fixes). - clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX (git-fixes). - clocksource/drivers/qcom: Add missing iounmap() on errors in msm_dt_timer_init() (git-fixes). - cpufreq: amd-pstate: Enable amd-pstate preferred core support (stable-fixes). - cpufreq: amd-pstate: fix the highest frequency issue which limits performance (git-fixes). - cpufreq: scmi: Avoid overflow of target_freq in fast switch (stable-fixes). - cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately (git-fixes). - crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure (git-fixes). - crypto: ccp - do not request interrupt on cmd completion when irqs disabled (git-fixes). - crypto: iaa - Fix potential use after free bug (git-fixes). - crypto: qat - fix unintentional re-enabling of error interrupts (stable-fixes). - crypto: xor - fix template benchmarking (git-fixes). - cxl/core: Fix incorrect vendor debug UUID define (git-fixes). - cxl/pci: Fix to record only non-zero ranges (git-fixes). - devres: Initialize an uninitialized struct member (stable-fixes). - dma-buf: heaps: Fix off-by-one in CMA heap fault handler (git-fixes). - dma-debug: avoid deadlock between dma debug vs printk and netconsole (stable-fixes). - dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor (stable-fixes). - dmaengine: altera-msgdma: use irq variant of spin_lock/unlock while invoking callbacks (stable-fixes). - driver core: Fix a potential null-ptr-deref in module_add_driver() (git-fixes). - driver core: Fix error handling in driver API device_rename() (git-fixes). - driver: iio: add missing checks on iio_info's callback access (stable-fixes). - drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error (git-fixes). - drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error (git-fixes). - drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() (git-fixes). - drm/amd/amdgpu: Check tbo resource pointer (stable-fixes). - drm/amd/amdgpu: Properly tune the size of struct (git-fixes). - drm/amd/display: Add array index check for hdcp ddc access (stable-fixes). - drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func (git-fixes). - drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing (stable-fixes). - drm/amd/display: Assign linear_pitch_alignment even for VM (stable-fixes). - drm/amd/display: Avoid overflow from uint32_t to uint8_t (stable-fixes). - drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct() (git-fixes). - drm/amd/display: Check BIOS images before it is used (stable-fixes). - drm/amd/display: Check HDCP returned status (stable-fixes). - drm/amd/display: Check UnboundedRequestEnabled's value (stable-fixes). - drm/amd/display: Check denominator pbn_div before used (stable-fixes). - drm/amd/display: Check gpio_id before used as array index (stable-fixes). - drm/amd/display: Check index for aux_rd_interval before using (stable-fixes). - drm/amd/display: Check msg_id before processing transcation (stable-fixes). - drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (stable-fixes). - drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX (stable-fixes). - drm/amd/display: Defer handling mst up request in resume (stable-fixes). - drm/amd/display: Disable error correction if it's not supported (stable-fixes). - drm/amd/display: Do not use fsleep for PSR exit waits on dmub replay (stable-fixes). - drm/amd/display: Ensure array index tg_inst won't be -1 (stable-fixes). - drm/amd/display: Ensure index calculation will not overflow (stable-fixes). - drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (stable-fixes). - drm/amd/display: Fix Coverity INTEGER_OVERFLOW within decide_fallback_link_setting_max_bw_policy (stable-fixes). - drm/amd/display: Fix Coverity INTERGER_OVERFLOW within construct_integrated_info (stable-fixes). - drm/amd/display: Fix FEC_READY write on DP LT (stable-fixes). - drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box (stable-fixes). - drm/amd/display: Fix pipe addition logic in calc_blocks_to_ungate DCN35 (stable-fixes). - drm/amd/display: Handle the case which quad_part is equal 0 (stable-fixes). - drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection (stable-fixes). - drm/amd/display: Replace dm_execute_dmub_cmd with dc_wake_and_execute_dmub_cmd (git-fixes). - drm/amd/display: Run DC_LOG_DC after checking link->link_enc (stable-fixes). - drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration (stable-fixes). - drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (stable-fixes). - drm/amd/display: Solve mst monitors blank out problem after resume (git-fixes). - drm/amd/display: Spinlock before reading event (stable-fixes). - drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (stable-fixes). - drm/amd/display: Wake DMCUB before sending a command for replay feature (stable-fixes). - drm/amd/display: added NULL check at start of dc_validate_stream (stable-fixes). - drm/amd/display: handle nulled pipe context in DCE110's set_drr() (git-fixes). - drm/amd/display: use preferred link settings for dp signal only (stable-fixes). - drm/amd/pm: Fix negative array index read (stable-fixes). - drm/amd/pm: check negtive return for table entries (stable-fixes). - drm/amd/pm: check specific index for aldebaran (stable-fixes). - drm/amd/pm: check specific index for smu13 (stable-fixes). - drm/amd/pm: fix the Out-of-bounds read warning (stable-fixes). - drm/amd/pm: fix uninitialized variable warning (stable-fixes). - drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr (stable-fixes). - drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt (stable-fixes). - drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr (stable-fixes). - drm/amd/pm: fix warning using uninitialized value of max_vid_step (stable-fixes). - drm/amd: Add gfx12 swizzle mode defs (stable-fixes). - drm/amdgpu/atomfirmware: Silence UBSAN warning (stable-fixes). - drm/amdgpu/display: handle gfx12 in amdgpu_dm_plane_format_mod_supported (stable-fixes). - drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs (stable-fixes). - drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc (stable-fixes). - drm/amdgpu/pm: Fix uninitialized variable agc_btc_response (stable-fixes). - drm/amdgpu/pm: Fix uninitialized variable warning for smu10 (stable-fixes). - drm/amdgpu/swsmu: always force a state reprogram on init (stable-fixes). - drm/amdgpu: Fix get each xcp macro (git-fixes). - drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (stable-fixes). - drm/amdgpu: Fix out-of-bounds write warning (stable-fixes). - drm/amdgpu: Fix smatch static checker warning (stable-fixes). - drm/amdgpu: Fix the uninitialized variable warning (stable-fixes). - drm/amdgpu: Fix the warning division or modulo by zero (stable-fixes). - drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (stable-fixes). - drm/amdgpu: Fix uninitialized variable warning in amdgpu_info_ioctl (stable-fixes). - drm/amdgpu: Handle sg size limit for contiguous allocation (stable-fixes). - drm/amdgpu: Set no_hw_access when VF request full GPU fails (stable-fixes). - drm/amdgpu: add lock in amdgpu_gart_invalidate_tlb (stable-fixes). - drm/amdgpu: add lock in kfd_process_dequeue_from_device (stable-fixes). - drm/amdgpu: add missing error handling in function amdgpu_gmc_flush_gpu_tlb_pasid (stable-fixes). - drm/amdgpu: add skip_hw_access checks for sriov (stable-fixes). - drm/amdgpu: align pp_power_profile_mode with kernel docs (stable-fixes). - drm/amdgpu: avoid reading vf2pf info size from FB (stable-fixes). - drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 (stable-fixes). - drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts (stable-fixes). - drm/amdgpu: fix a possible null pointer dereference (git-fixes). - drm/amdgpu: fix contiguous handling for IB parsing v2 (git-fixes). - drm/amdgpu: fix dereference after null check (stable-fixes). - drm/amdgpu: fix mc_data out-of-bounds read warning (stable-fixes). - drm/amdgpu: fix overflowed array index read warning (stable-fixes). - drm/amdgpu: fix overflowed constant warning in mmhub_set_clockgating() (stable-fixes). - drm/amdgpu: fix the waring dereferencing hive (stable-fixes). - drm/amdgpu: fix ucode out-of-bounds read warning (stable-fixes). - drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes). - drm/amdgpu: handle gfx12 in amdgpu_display_verify_sizes (stable-fixes). - drm/amdgpu: properly handle vbios fake edid sizing (git-fixes). - drm/amdgpu: reject gang submit on reserved VMIDs (stable-fixes). - drm/amdgpu: the warning dereferencing obj for nbio_v7_4 (stable-fixes). - drm/amdgpu: update type of buf size to u32 for eeprom functions (stable-fixes). - drm/amdgu: fix Unintentional integer overflow for mall size (stable-fixes). - drm/amdkfd: Check debug trap enable before write dbg_ev_file (stable-fixes). - drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (stable-fixes). - drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() (git-fixes). - drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ (stable-fixes). - drm/drm-bridge: Drop conditionals around of_node pointers (stable-fixes). - drm/fb-helper: Do not schedule_work() to flush frame buffer during panic() (stable-fixes). - drm/gpuvm: fix missing dependency to DRM_EXEC (git-fixes). - drm/i915/fence: Mark debug_fence_free() with __maybe_unused (git-fixes). - drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (git-fixes). - drm/i915/guc: prevent a possible int overflow in wq offsets (git-fixes). - drm/i915: Do not attempt to load the GSC multiple times (git-fixes). - drm/kfd: Correct pinned buffer handling at kfd restore and validate process (stable-fixes). - drm/mediatek: Set sensible cursor width/height values to fix crash (stable-fixes). - drm/mediatek: ovl_adaptor: Add missing of_node_put() (git-fixes). - drm/meson: plane: Add error handling (stable-fixes). - drm/msm/a5xx: disable preemption in submits by default (git-fixes). - drm/msm/a5xx: fix races in preemption evaluation stage (git-fixes). - drm/msm/a5xx: properly clear preemption records on resume (git-fixes). - drm/msm/a5xx: workaround early ring-buffer emptiness check (git-fixes). - drm/msm/adreno: Fix error return if missing firmware-name (stable-fixes). - drm/msm/dsi: correct programming sequence for SM8350 / SM8450 (git-fixes). - drm/msm: Fix incorrect file name output in adreno_request_fw() (git-fixes). - drm/msm: fix %s null argument error (git-fixes). - drm/nouveau/fb: restore init() for ramgp102 (git-fixes). - drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets (git-fixes). - drm/radeon: fix null pointer dereference in radeon_add_common_modes (git-fixes). - drm/radeon: properly handle vbios fake edid sizing (git-fixes). - drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode (git-fixes). - drm/rockchip: vop: Allow 4096px width scaling (git-fixes). - drm/rockchip: vop: clear DMA stop bit on RK3066 (git-fixes). - drm/rockchip: vop: enable VOP_FEATURE_INTERNAL_RGB on RK3066 (git-fixes). - drm/stm: Fix an error handling path in stm_drm_platform_probe() (git-fixes). - drm/stm: ltdc: check memory returned by devm_kzalloc() (git-fixes). - drm/syncobj: Fix syncobj leak in drm_syncobj_eventfd_ioctl (git-fixes). - drm/vc4: hdmi: Handle error case of pm_runtime_resume_and_get (git-fixes). - drm: komeda: Fix an issue related to normalized zpos (stable-fixes). - drm: omapdrm: Add missing check for alloc_ordered_workqueue (git-fixes). - drm: panel-orientation-quirks: Add quirk for Ayn Loki Max (stable-fixes). - drm: panel-orientation-quirks: Add quirk for Ayn Loki Zero (stable-fixes). - drm: panel-orientation-quirks: Add quirk for OrangePi Neo (stable-fixes). - ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate() (git-fixes). - erofs: fix incorrect symlink detection in fast symlink (git-fixes). - exfat: fix memory leak in exfat_load_bitmap() (git-fixes). - fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() (git-fixes). - firmware: arm_scmi: Fix double free in OPTEE transport (git-fixes). - firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() (git-fixes). - firmware_loader: Block path traversal (git-fixes). - fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF (bsc#1230602). - fuse: fix memory leak in fuse_create_open (bsc#1230124). - fuse: update stats for pages in dropped aux writeback list (bsc#1230125). - fuse: use unsigned type for getxattr/listxattr size truncation (bsc#1230123). - gpio: modepin: Enable module autoloading (git-fixes). - gpio: rockchip: fix OF node leak in probe() (git-fixes). - hwmon: (adc128d818) Fix underflows seen when writing limit attributes (stable-fixes). - hwmon: (asus-ec-sensors) remove VRM temp X570-E GAMING (stable-fixes). - hwmon: (k10temp) Check return value of amd_smn_read() (stable-fixes). - hwmon: (lm95234) Fix underflows seen when writing limit attributes (stable-fixes). - hwmon: (max16065) Fix overflows seen when writing limits (git-fixes). - hwmon: (nct6775-core) Fix underflows seen when writing limit attributes (stable-fixes). - hwmon: (ntc_thermistor) fix module autoloading (git-fixes). - hwmon: (pmbus) Conditionally clear individual status bits for pmbus rev >= 1.2 (git-fixes). - hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (stable-fixes). - hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init (git-fixes). - hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume (git-fixes). - hwrng: mtk - Use devm_pm_runtime_enable (git-fixes). - i2c: aspeed: Update the stop sw state when the bus recovery occurs (git-fixes). - i2c: designware: fix controller is holding SCL low while ENABLE bit is disabled (git-fixes). - i2c: isch: Add missed 'else' (git-fixes). - i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - i2c: xiic: Wait for TX empty to avoid missed TX NAKs (git-fixes). - i3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition (git-fixes). - i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup (stable-fixes). - iio: adc: ad7124: fix chip ID mismatch (git-fixes). - iio: adc: ad7124: fix config comparison (git-fixes). - iio: adc: ad7606: fix oversampling gpio array (git-fixes). - iio: adc: ad7606: fix standby gpio state to match the documentation (git-fixes). - iio: adc: ad7606: remove frstdata check for serial mode (git-fixes). - iio: buffer-dmaengine: fix releasing dma channel on error (git-fixes). - iio: chemical: bme680: Fix read/write ops to device by adding mutexes (git-fixes). - iio: fix scale application in iio_convert_raw_to_processed_unlocked (git-fixes). - iio: magnetometer: ak8975: Fix reading for ak099xx sensors (git-fixes). - ipmi: docs: do not advertise deprecated sysfs entries (git-fixes). - ipmi:ssif: Improve detecting during probing (bsc#1228771) - ipmi:ssif: Improve detecting during probing (bsc#1228771) - ipv6: fix possible UAF in ip6_finish_output2() (bsc#1230206) - jfs: fix out-of-bounds in dbNextAG() and diAlloc() (git-fixes). - kABI workaround for cros_ec stuff (git-fixes). - kabi: dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776). - kselftests: dmabuf-heaps: Ensure the driver name is null-terminated (stable-fixes). - kthread: Fix task state in kthread worker if being frozen (bsc#1231146). - leds: spi-byte: Call of_node_put() on error path (stable-fixes). - lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (stable-fixes). - lirc: rc_dev_get_from_fd(): fix file leak (git-fixes). - mailbox: bcm2835: Fix timeout during suspend mode (git-fixes). - mailbox: rockchip: fix a typo in module autoloading (git-fixes). - media: i2c: ar0521: Use cansleep version of gpiod_set_value() (git-fixes). - media: ov5675: Fix power on/off delay timings (git-fixes). - media: platform: rzg2l-cru: rzg2l-csi2: Add missing MODULE_DEVICE_TABLE (git-fixes). - media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (stable-fixes). - media: qcom: camss: Remove use_count guard in stop_streaming (git-fixes). - media: sun4i_csi: Implement link validate for sun4i_csi subdev (git-fixes). - media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags (git-fixes). - media: uvcvideo: Enforce alignment of frame and interval (stable-fixes). - media: venus: fix use after free bug in venus_remove due to race condition (git-fixes). - media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes). - media: vivid: do not set HDMI TX controls if there are no HDMI outputs (stable-fixes). - media: vivid: fix wrong sizeimage value for mplane (stable-fixes). - memory: mtk-smi: Use devm_clk_get_enabled() (git-fixes). - memory: tegra186-emc: drop unused to_tegra186_emc() (git-fixes). - minmax: reduce min/max macro expansion in atomisp driver (git-fixes). - misc: fastrpc: Fix double free of 'buf' in error path (git-fixes). - mmc: core: apply SD quirks earlier during probe (git-fixes). - mmc: cqhci: Fix checking of CQHCI_HALT state (git-fixes). - mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (git-fixes). - mmc: sdhci-of-aspeed: fix module autoloading (git-fixes). - module: Fix KCOV-ignored file name (git-fixes). - mtd: powernv: Add check devm_kasprintf() returned value (git-fixes). - mtd: slram: insert break after errors in parsing the map (git-fixes). - net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (git-fixes). - net: phy: Fix missing of_node_put() for leds (git-fixes). - net: phy: vitesse: repair vsc73xx autonegotiation (stable-fixes). - net: tighten bad gso csum offset check in virtio_net_hdr (git-fixes). - net: usb: qmi_wwan: add MeiG Smart SRM825L (stable-fixes). - nfsd: Do not leave work of closing files to a work queue (bsc#1228140). - nilfs2: determine empty node blocks as corrupted (git-fixes). - nilfs2: fix missing cleanup on rollforward recovery error (git-fixes). - nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() (git-fixes). - nilfs2: fix potential oob read in nilfs_btree_check_delete() (git-fixes). - nilfs2: fix state management in error path of log writing function (git-fixes). - nilfs2: protect references to superblock parameters exposed in sysfs (git-fixes). - nouveau: fix the fwsec sb verification register (git-fixes). - nvme-multipath: avoid hang on inaccessible namespaces (bsc#1228244). - nvme-multipath: system fails to create generic nvme device (bsc#1228244). - nvme-pci: Add sleep quirk for Samsung 990 Evo (git-fixes). - nvme-pci: allocate tagset on reset if necessary (git-fixes). - nvme-tcp: fix link failure for TCP auth (git-fixes). - nvme/pci: Add APST quirk for Lenovo N60z laptop (git-fixes). - nvme: clear caller pointer on identify failure (git-fixes). - nvme: fix namespace removal list (git-fixes). - nvmet-rdma: fix possible bad dereference when freeing rsps (git-fixes). - nvmet-tcp: do not continue for invalid icreq (git-fixes). - nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes). - nvmet-trace: avoid dereferencing pointer too early (git-fixes). - nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes). - ocfs2: cancel dqi_sync_work before freeing oinfo (git-fixes). - ocfs2: fix null-ptr-deref when journal load failed (git-fixes). - ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (git-fixes). - ocfs2: remove unreasonable unlock in ocfs2_read_blocks (git-fixes). - pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (stable-fixes). - pcmcia: Use resource_size function on resource object (stable-fixes). - perf annotate: Introduce global annotation_options (git-fixes). - perf annotate: Split branch stack cycles information out of 'struct annotation_line' (git-fixes). - perf annotate: Use global annotation_options (git-fixes). - perf arch events: Fix duplicate RISC-V SBI firmware event name (git-fixes). - perf intel-pt: Fix aux_watermark calculation for 64-bit size (git-fixes). - perf intel-pt: Fix exclude_guest setting (git-fixes). - perf machine thread: Remove exited threads by default (git-fixes). - perf maps: Move symbol maps functions to maps.c (git-fixes). - perf pmu: Assume sysfs events are always the same case (git-fixes). - perf pmus: Fixes always false when compare duplicates aliases (git-fixes). - perf record: Lazy load kernel symbols (git-fixes). - perf report: Convert to the global annotation_options (git-fixes). - perf report: Fix condition in sort__sym_cmp() (git-fixes). - perf stat: Fix the hard-coded metrics calculation on the hybrid (git-fixes). - perf test: Make test_arm_callgraph_fp.sh more robust (git-fixes). - perf tool: fix dereferencing NULL al->maps (git-fixes). - perf tools: Add/use PMU reverse lookup from config to name (git-fixes). - perf tools: Use pmus to describe type from attribute (git-fixes). - perf top: Convert to the global annotation_options (git-fixes). - perf/core: Fix missing wakeup when waiting for context reference (git-fixes). - perf/x86/intel/cstate: Add pkg C2 residency counter for Sierra Forest (git-fixes). - perf/x86/intel/cstate: Fix Alderlake/Raptorlake/Meteorlake (git-fixes). - perf/x86/intel/ds: Fix non 0 retire latency on Raptorlake (git-fixes). - perf/x86/intel/pt: Fix a topa_entry base address calculation (git-fixes). - perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation (git-fixes). - perf/x86/intel/pt: Fix topa_entry base length (git-fixes). - perf/x86/intel/uncore: Fix the bits of the CHA extended umask for SPR (git-fixes). - perf/x86/intel/uncore: Support HBM and CXL PMON counters (bsc#1230119). - perf/x86/intel: Add a distinct name for Granite Rapids (git-fixes). - perf/x86/intel: Factor out the initialization code for SPR (git fixes). - perf/x86/intel: Limit the period on Haswell (git-fixes). - perf/x86/intel: Use the common uarch name for the shared functions (git fixes). - perf/x86/uncore: Apply the unit control RB tree to MMIO uncore units (bsc#1230119). - perf/x86/uncore: Apply the unit control RB tree to MSR uncore units (bsc#1230119). - perf/x86/uncore: Apply the unit control RB tree to PCI uncore units (bsc#1230119). - perf/x86/uncore: Cleanup unused unit structure (bsc#1230119). - perf/x86/uncore: Retrieve the unit ID from the unit control RB tree (bsc#1230119). - perf/x86/uncore: Save the unit control address of all units (bsc#1230119). - perf/x86/uncore: Support per PMU cpumask (bsc#1230119). - perf/x86: Fix smp_processor_id()-in-preemptible warnings (git-fixes). - perf/x86: Serialize set_attr_rdpmc() (git-fixes). - perf: Fix default aux_watermark calculation (git-fixes). - perf: Fix event leak upon exit (git-fixes). - perf: Fix perf_aux_size() for greater-than 32-bit size (git-fixes). - perf: Prevent passing zero nr_pages to rb_alloc_aux() (git-fixes). - perf: script: add raw|disasm arguments to --insn-trace option (git-fixes). - phy: zynqmp: Take the phy mutex in xlate (stable-fixes). - pinctrl: at91: make it work with current gpiolib (stable-fixes). - pinctrl: meteorlake: Add Arrow Lake-H/U ACPI ID (stable-fixes). - pinctrl: single: fix missing error code in pcs_probe() (git-fixes). - platform/chrome: cros_ec_lpc: MEC access can use an AML mutex (stable-fixes). - platform/surface: aggregator_registry: Add Support for Surface Pro 10 (stable-fixes). - platform/surface: aggregator_registry: Add support for Surface Laptop Go 3 (stable-fixes). - platform/x86: dell-smbios: Fix error path in dell_smbios_init() (git-fixes). - platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array (git-fixes). - platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (git-fixes). - platform/x86: x86-android-tablets: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes). - power: supply: Drop use_cnt check from power_supply_property_is_writeable() (git-fixes). - power: supply: axp20x_battery: Remove design from min and max voltage (git-fixes). - power: supply: hwmon: Fix missing temp1_max_alarm attribute (git-fixes). - power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense (git-fixes). - powercap/intel_rapl: Add support for AMD family 1Ah (stable-fixes). - powerpc/qspinlock: Fix deadlock in MCS queue (bac#1230295 ltc#206656). - pwm: xilinx: Fix u32 overflow issue in 32-bit width PWM mode (stable-fixes). - r8152: add vendor/device ID pair for D-Link DUB-E250 (git-fixes). - regmap: maple: work around gcc-14.1 false-positive warning (stable-fixes). - regmap: spi: Fix potential off-by-one when calculating reserved size (stable-fixes). - regulator: Return actual error in of_regulator_bulk_get_all() (git-fixes). - regulator: core: Fix regulator_is_supported_voltage() kerneldoc return value (git-fixes). - regulator: core: Fix short description for _regulator_check_status_enabled() (git-fixes). - regulator: core: Stub devm_regulator_bulk_get_const() if !CONFIG_REGULATOR (git-fixes). - regulator: rt5120: Convert comma to semicolon (git-fixes). - regulator: wm831x-isink: Convert comma to semicolon (git-fixes). - remoteproc: imx_rproc: Correct ddr alias for i.MX8M (git-fixes). - remoteproc: imx_rproc: Initialize workqueue earlier (git-fixes). - remoteproc: k3-r5: Fix error handling when power-up failed (git-fixes). - reset: berlin: fix OF node leak in probe() error path (git-fixes). - reset: k210: fix OF node leak in probe() error path (git-fixes). - resource: fix region_intersects() vs add_memory_driver_managed() (git-fixes). - rpm/check-for-config-changes: Exclude ARCH_USING_PATCHABLE_FUNCTION_ENTRY gcc version dependent, at least on ppc - rtc: at91sam9: fix OF node leak in probe() error path (git-fixes). - s390/dasd: Fix redundant /proc/dasd* entries removal (bsc#1227694). - s390/dasd: Remove DMA alignment (LTC#208933 bsc#1230426 git-fixes). - s390/mm: Convert gmap_make_secure to use a folio (git-fixes bsc#1230562). - s390/mm: Convert make_page_secure to use a folio (git-fixes bsc#1230563). - s390: allow pte_offset_map_lock() to fail (git-fixes bsc#1230564). - scripts: kconfig: merge_config: config files: add a trailing newline (stable-fixes). - scripts: sphinx-pre-install: remove unnecessary double check for $cur_version (git-fixes). - scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223). - scsi: lpfc: Change diagnostic log flag during receipt of unknown ELS cmds (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Fix overflow build issue (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Fix unintentional double clearing of vmid_flag (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Remove redundant vport assignment when building an abort request (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Update PRLO handling in direct attached topology (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Update lpfc version to 14.4.0.4 (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (bsc#1229429 jsc#PED-9899). - scsi: sd: Fix off-by-one error in sd_read_block_characteristics() (bsc#1223848). - selftests: lib: remove strscpy test (git-fixes). - selinux,smack: do not bypass permissions check in inode_setsecctx hook (stable-fixes). - soc: fsl: cpm1: tsa: Fix tsa_write8() (git-fixes). - soc: versatile: integrator: fix OF node leak in probe() error path (git-fixes). - spi: atmel-quadspi: Avoid overwriting delay register settings (git-fixes). - spi: atmel-quadspi: Undo runtime PM changes at driver exit time (git-fixes). - spi: bcm63xx: Enable module autoloading (stable-fixes). - spi: bcm63xx: Fix module autoloading (git-fixes). - spi: meson-spicc: convert comma to semicolon (git-fixes). - spi: nxp-fspi: fix the KASAN report out-of-bounds bug (git-fixes). - spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ (git-fixes). - spi: ppc4xx: handle irq_of_parse_and_map() errors (git-fixes). - spi: rockchip: Resolve unbalanced runtime PM / system PM handling (git-fixes). - spi: rpc-if: Add missing MODULE_DEVICE_TABLE (git-fixes). - spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time (git-fixes). - spi: spidev: Add an entry for elgin,jg10309-01 (stable-fixes). - spi: spidev: Add missing spi_device_id for jg10309-01 (git-fixes). - staging: iio: frequency: ad9834: Validate frequency parameter value (git-fixes). - supported.conf: mark adiantum and xctr crypto modules as supported (bsc#1231035) - thunderbolt: Fix XDomain rx_lanes_show and tx_lanes_show (git-fixes). - thunderbolt: Fix calculation of consumed USB3 bandwidth on a path (git-fixes). - thunderbolt: Fix rollback in tb_port_lane_bonding_enable() for lane 1 (git-fixes). - thunderbolt: There are only 5 basic router registers in pre-USB4 routers (git-fixes). - tomoyo: fallback to realpath if symlink's pathname does not exist (git-fixes). - tools/perf: Fix the string match for '/tmp/perf-$PID.map' files in dso__load (git-fixes). - tpm: Clean up TPM space after command failure (git-fixes). - tracing: Avoid possible softlockup in tracing_iter_reset() (git-fixes). - tty: rp2: Fix reset with non forgiving PCIe host bridges (git-fixes). - uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (git-fixes). - usb: cdnsp: Fix incorrect usb_request status (git-fixes). - usb: dwc2: Skip clock gating on Broadcom SoCs (git-fixes). - usb: dwc2: drd: fix clock gating on USB role switch (git-fixes). - usb: dwc3: Avoid waking up gadget during startxfer (git-fixes). - usb: dwc3: core: Prevent USB core invalid event buffer address access (git-fixes). - usb: dwc3: core: Prevent USB core invalid event buffer address access (stable-fixes). - usb: dwc3: core: update LC timer as per USB Spec V3.2 (stable-fixes). - usb: gadget: aspeed_udc: validate endpoint index for ast udc (stable-fixes). - usb: typec: ucsi: Fix null pointer dereference in trace (stable-fixes). - usb: typec: ucsi: Wait 20ms before reading CCI after a reset (git-fixes). - usb: uas: set host status byte on data completion error (stable-fixes). - usbip: Do not submit special requests twice (stable-fixes). - usbnet: ipheth: add CDC NCM support (git-fixes). - usbnet: ipheth: do not stop RX on failing RX callback (git-fixes). - usbnet: ipheth: drop RX URBs with no payload (git-fixes). - usbnet: ipheth: fix carrier detection in modes 1 and 4 (git-fixes). - usbnet: ipheth: fix risk of NULL pointer deallocation (git-fixes). - usbnet: ipheth: race between ipheth_close and error handling (stable-fixes). - usbnet: ipheth: remove extraneous rx URB length check (git-fixes). - usbnet: ipheth: transmit URBs without trailing padding (git-fixes). - usbnet: modern method to get random MAC (git-fixes). - virtio-net: synchronize probe with ndo_set_features (git-fixes). - virtio_net: Fix napi_skb_cache_put warning (git-fixes). - virtio_net: fixing XDP for fully checksummed packets handling (git-fixes). - watchdog: imx_sc_wdt: Do not disable WDT in suspend (git-fixes). - wifi: ath11k: initialize 'ret' in ath11k_qmi_load_file_target_mem() (stable-fixes). - wifi: ath12k: fix BSS chan info request WMI command (git-fixes). - wifi: ath12k: fix firmware crash due to invalid peer nss (stable-fixes). - wifi: ath12k: fix invalid AMPDU factor calculation in ath12k_peer_assoc_h_he() (git-fixes). - wifi: ath12k: fix uninitialize symbol error on ath12k_peer_assoc_h_he() (stable-fixes). - wifi: ath12k: initialize 'ret' in ath12k_dp_rxdma_ring_sel_config_wcn7850() (stable-fixes). - wifi: ath12k: initialize 'ret' in ath12k_qmi_load_file_target_mem() (stable-fixes). - wifi: ath12k: match WMI BSS chan info structure with firmware definition (git-fixes). - wifi: ath9k: Remove error checks when creating debugfs entries (git-fixes). - wifi: brcmfmac: introducing fwil query functions (git-fixes). - wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (stable-fixes). - wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() (git-fixes). - wifi: cfg80211: fix bug of mapping AF3x to incorrect User Priority (git-fixes). - wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors (git-fixes). - wifi: cfg80211: make hash table duplicates more survivable (stable-fixes). - wifi: cfg80211: restrict operation during radar detection (stable-fixes). - wifi: iwlwifi: clear trans->state earlier upon error (stable-fixes). - wifi: iwlwifi: lower message level for FW buffer destination (stable-fixes). - wifi: iwlwifi: mvm: do not wait for tx queues if firmware is dead (stable-fixes). - wifi: iwlwifi: mvm: fix iwl_mvm_max_scan_ie_fw_cmd_room() (stable-fixes). - wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation (stable-fixes). - wifi: iwlwifi: mvm: increase the time between ranging measurements (git-fixes). - wifi: iwlwifi: mvm: pause TCM when the firmware is stopped (stable-fixes). - wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check (stable-fixes). - wifi: mac80211: check ieee80211_bss_info_change_notify() against MLD (stable-fixes). - wifi: mac80211: do not use rate mask for offchannel TX either (git-fixes). - wifi: mac80211: fix the comeback long retry times (git-fixes). - wifi: mac80211: free skb on error path in ieee80211_beacon_get_ap() (stable-fixes). - wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() (git-fixes). - wifi: mt76: connac: fix checksum offload fields of connac3 RXD (git-fixes). - wifi: mt76: mt7603: fix mixed declarations and code (git-fixes). - wifi: mt76: mt7615: check devm_kasprintf() returned value (git-fixes). - wifi: mt76: mt7915: check devm_kasprintf() returned value (git-fixes). - wifi: mt76: mt7915: fix oops on non-dbdc mt7986 (git-fixes). - wifi: mt76: mt7915: fix rx filter setting for bfee functionality (git-fixes). - wifi: mt76: mt7921: Check devm_kasprintf() returned value (git-fixes). - wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change (stable-fixes). - wifi: mt76: mt7921: fix wrong UNII-4 freq range check for the channel usage (git-fixes). - wifi: mt76: mt7925: fix a potential array-index-out-of-bounds issue for clc (git-fixes). - wifi: mt76: mt7996: fix EHT beamforming capability check (git-fixes). - wifi: mt76: mt7996: fix HE and EHT beamforming capabilities (git-fixes). - wifi: mt76: mt7996: fix NULL pointer dereference in mt7996_mcu_sta_bfer_he (git-fixes). - wifi: mt76: mt7996: fix traffic delay when switching back to working channel (git-fixes). - wifi: mt76: mt7996: fix uninitialized TLV data (git-fixes). - wifi: mt76: mt7996: fix wmm set of station interface to 3 (git-fixes). - wifi: mt76: mt7996: use hweight16 to get correct tx antenna (git-fixes). - wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (stable-fixes). - wifi: rtw88: 8822c: Fix reported RX band width (git-fixes). - wifi: rtw88: always wait for both firmware loading attempts (git-fixes). - wifi: rtw88: remove CPT execution branch never used (git-fixes). - wifi: rtw88: usb: schedule rx work after everything is set up (stable-fixes). - wifi: rtw89: ser: avoid multiple deinit on same CAM (stable-fixes). - wifi: rtw89: wow: prevent to send unexpected H2C during download Firmware (stable-fixes). - wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param (git-fixes). - x86/hyperv: fix kexec crash due to VP assist page corruption (git-fixes). - x86/kaslr: Expose and use the end of the physical memory address space (bsc#1229443). - x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382). - x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382). - x86/mm: Use lookup_address_in_pgd_attr() in show_fault_oops() (bsc#1221527). - x86/pat: Fix W^X violation false-positives when running as Xen PV guest (bsc#1221527). - x86/pat: Introduce lookup_address_in_pgd_attr() (bsc#1221527). - x86/pat: Restructure _lookup_address_cpa() (bsc#1221527). - xen/swiotlb: add alignment check for dma buffers (bsc#1229928). - xen/swiotlb: fix allocated size (git-fixes). - xen: add capability to remap non-RAM pages to different PFNs (bsc#1226003). - xen: allow mapping ACPI data using a different physical address (bsc#1226003). - xen: introduce generic helper checking for memory map conflicts (bsc#1226003). - xen: move checks for e820 conflicts further up (bsc#1226003). - xen: move max_pfn in xen_memory_setup() out of function scope (bsc#1226003). - xen: tolerate ACPI NVS memory overlapping with Xen allocated memory (bsc#1226003). - xen: use correct end address of kernel for conflict checking (bsc#1226003). - xfs: restrict when we try to align cow fork delalloc to cowextsz hints (git-fixes). - xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them (git-fixes). - xz: cleanup CRC32 edits from 2018 (git-fixes). Important SUSE bug 1012628 SUSE bug 1183045 SUSE bug 1215199 SUSE bug 1216223 SUSE bug 1216776 SUSE bug 1220382 SUSE bug 1221527 SUSE bug 1221610 SUSE bug 1221650 SUSE bug 1222629 SUSE bug 1223600 SUSE bug 1223848 SUSE bug 1225487 SUSE bug 1225812 SUSE bug 1225903 SUSE bug 1226003 SUSE bug 1226507 SUSE bug 1226606 SUSE bug 1226666 SUSE bug 1226846 SUSE bug 1226860 SUSE bug 1227487 SUSE bug 1227694 SUSE bug 1227726 SUSE bug 1227819 SUSE bug 1227885 SUSE bug 1227890 SUSE bug 1227962 SUSE bug 1228090 SUSE bug 1228140 SUSE bug 1228244 SUSE bug 1228507 SUSE bug 1228771 SUSE bug 1229001 SUSE bug 1229004 SUSE bug 1229019 SUSE bug 1229086 SUSE bug 1229167 SUSE bug 1229169 SUSE bug 1229289 SUSE bug 1229334 SUSE bug 1229362 SUSE bug 1229363 SUSE bug 1229364 SUSE bug 1229371 SUSE bug 1229380 SUSE bug 1229389 SUSE bug 1229394 SUSE bug 1229429 SUSE bug 1229443 SUSE bug 1229452 SUSE bug 1229455 SUSE bug 1229456 SUSE bug 1229494 SUSE bug 1229585 SUSE bug 1229753 SUSE bug 1229764 SUSE bug 1229768 SUSE bug 1229790 SUSE bug 1229810 SUSE bug 1229899 SUSE bug 1229928 SUSE bug 1230015 SUSE bug 1230119 SUSE bug 1230123 SUSE bug 1230124 SUSE bug 1230125 SUSE bug 1230169 SUSE bug 1230170 SUSE bug 1230171 SUSE bug 1230173 SUSE bug 1230174 SUSE bug 1230175 SUSE bug 1230176 SUSE bug 1230178 SUSE bug 1230180 SUSE bug 1230181 SUSE bug 1230185 SUSE bug 1230191 SUSE bug 1230192 SUSE bug 1230193 SUSE bug 1230194 SUSE bug 1230195 SUSE bug 1230200 SUSE bug 1230204 SUSE bug 1230206 SUSE bug 1230207 SUSE bug 1230209 SUSE bug 1230211 SUSE bug 1230213 SUSE bug 1230217 SUSE bug 1230221 SUSE bug 1230224 SUSE bug 1230230 SUSE bug 1230232 SUSE bug 1230233 SUSE bug 1230240 SUSE bug 1230244 SUSE bug 1230245 SUSE bug 1230247 SUSE bug 1230248 SUSE bug 1230269 SUSE bug 1230270 SUSE bug 1230295 SUSE bug 1230340 SUSE bug 1230426 SUSE bug 1230430 SUSE bug 1230431 SUSE bug 1230432 SUSE bug 1230433 SUSE bug 1230434 SUSE bug 1230435 SUSE bug 1230440 SUSE bug 1230441 SUSE bug 1230442 SUSE bug 1230444 SUSE bug 1230450 SUSE bug 1230451 SUSE bug 1230454 SUSE bug 1230455 SUSE bug 1230457 SUSE bug 1230459 SUSE bug 1230506 SUSE bug 1230507 SUSE bug 1230511 SUSE bug 1230515 SUSE bug 1230517 SUSE bug 1230518 SUSE bug 1230519 SUSE bug 1230520 SUSE bug 1230521 SUSE bug 1230524 SUSE bug 1230526 SUSE bug 1230533 SUSE bug 1230535 SUSE bug 1230539 SUSE bug 1230540 SUSE bug 1230549 SUSE bug 1230556 SUSE bug 1230562 SUSE bug 1230563 SUSE bug 1230564 SUSE bug 1230580 SUSE bug 1230582 SUSE bug 1230589 SUSE bug 1230602 SUSE bug 1230699 SUSE bug 1230700 SUSE bug 1230701 SUSE bug 1230702 SUSE bug 1230703 SUSE bug 1230704 SUSE bug 1230705 SUSE bug 1230706 SUSE bug 1230709 SUSE bug 1230711 SUSE bug 1230712 SUSE bug 1230715 SUSE bug 1230719 SUSE bug 1230722 SUSE bug 1230724 SUSE bug 1230725 SUSE bug 1230726 SUSE bug 1230727 SUSE bug 1230730 SUSE bug 1230731 SUSE bug 1230732 SUSE bug 1230747 SUSE bug 1230748 SUSE bug 1230749 SUSE bug 1230751 SUSE bug 1230752 SUSE bug 1230753 SUSE bug 1230756 SUSE bug 1230761 SUSE bug 1230766 SUSE bug 1230767 SUSE bug 1230768 SUSE bug 1230771 SUSE bug 1230772 SUSE bug 1230775 SUSE bug 1230776 SUSE bug 1230780 SUSE bug 1230783 SUSE bug 1230786 SUSE bug 1230787 SUSE bug 1230791 SUSE bug 1230794 SUSE bug 1230796 SUSE bug 1230802 SUSE bug 1230806 SUSE bug 1230808 SUSE bug 1230809 SUSE bug 1230810 SUSE bug 1230812 SUSE bug 1230813 SUSE bug 1230814 SUSE bug 1230815 SUSE bug 1230821 SUSE bug 1230825 SUSE bug 1230830 SUSE bug 1230831 SUSE bug 1230854 SUSE bug 1230948 SUSE bug 1231008 SUSE bug 1231035 SUSE bug 1231120 SUSE bug 1231146 SUSE bug 1231182 SUSE bug 1231183 CVE-2023-52610 at SUSE CVE-2023-52610 at NVD CVE-2023-52752 at SUSE CVE-2023-52752 at NVD CVE-2023-52915 at SUSE CVE-2023-52915 at NVD CVE-2023-52916 at SUSE CVE-2023-52916 at NVD CVE-2024-26640 at SUSE CVE-2024-26640 at NVD CVE-2024-26759 at SUSE CVE-2024-26759 at NVD CVE-2024-26804 at SUSE CVE-2024-26804 at NVD CVE-2024-36953 at SUSE CVE-2024-36953 at NVD CVE-2024-38538 at SUSE CVE-2024-38538 at NVD CVE-2024-38596 at SUSE CVE-2024-38596 at NVD CVE-2024-38632 at SUSE CVE-2024-38632 at NVD CVE-2024-40965 at SUSE CVE-2024-40965 at NVD CVE-2024-40973 at SUSE CVE-2024-40973 at NVD CVE-2024-40983 at SUSE CVE-2024-40983 at NVD CVE-2024-42154 at SUSE CVE-2024-42154 at NVD CVE-2024-42243 at SUSE CVE-2024-42243 at NVD CVE-2024-42252 at SUSE CVE-2024-42252 at NVD CVE-2024-42265 at SUSE CVE-2024-42265 at NVD CVE-2024-42294 at SUSE CVE-2024-42294 at NVD CVE-2024-42304 at SUSE CVE-2024-42304 at NVD CVE-2024-42305 at SUSE CVE-2024-42305 at NVD CVE-2024-42306 at SUSE CVE-2024-42306 at NVD CVE-2024-43828 at SUSE CVE-2024-43828 at NVD CVE-2024-43832 at SUSE CVE-2024-43832 at NVD CVE-2024-43835 at SUSE CVE-2024-43835 at NVD CVE-2024-43845 at SUSE CVE-2024-43845 at NVD CVE-2024-43870 at SUSE CVE-2024-43870 at NVD CVE-2024-43890 at SUSE CVE-2024-43890 at NVD CVE-2024-43898 at SUSE CVE-2024-43898 at NVD CVE-2024-43904 at SUSE CVE-2024-43904 at NVD CVE-2024-43914 at SUSE CVE-2024-43914 at NVD CVE-2024-44935 at SUSE CVE-2024-44935 at NVD CVE-2024-44944 at SUSE CVE-2024-44944 at NVD CVE-2024-44946 at SUSE CVE-2024-44946 at NVD CVE-2024-44947 at SUSE CVE-2024-44947 at NVD CVE-2024-44948 at SUSE CVE-2024-44948 at NVD CVE-2024-44950 at SUSE CVE-2024-44950 at NVD CVE-2024-44951 at SUSE CVE-2024-44951 at NVD CVE-2024-44952 at SUSE CVE-2024-44952 at NVD CVE-2024-44954 at SUSE CVE-2024-44954 at NVD CVE-2024-44960 at SUSE CVE-2024-44960 at NVD CVE-2024-44961 at SUSE CVE-2024-44961 at NVD CVE-2024-44962 at SUSE CVE-2024-44962 at NVD CVE-2024-44965 at SUSE CVE-2024-44965 at NVD CVE-2024-44967 at SUSE CVE-2024-44967 at NVD CVE-2024-44969 at SUSE CVE-2024-44969 at NVD CVE-2024-44970 at SUSE CVE-2024-44970 at NVD CVE-2024-44971 at SUSE CVE-2024-44971 at NVD CVE-2024-44977 at SUSE CVE-2024-44977 at NVD CVE-2024-44982 at SUSE CVE-2024-44982 at NVD CVE-2024-44984 at SUSE CVE-2024-44984 at NVD CVE-2024-44985 at SUSE CVE-2024-44985 at NVD CVE-2024-44986 at SUSE CVE-2024-44986 at NVD CVE-2024-44987 at SUSE CVE-2024-44987 at NVD CVE-2024-44988 at SUSE CVE-2024-44988 at NVD CVE-2024-44989 at SUSE CVE-2024-44989 at NVD CVE-2024-44990 at SUSE CVE-2024-44990 at NVD CVE-2024-44991 at SUSE CVE-2024-44991 at NVD CVE-2024-44997 at SUSE CVE-2024-44997 at NVD CVE-2024-44998 at SUSE CVE-2024-44998 at NVD CVE-2024-44999 at SUSE CVE-2024-44999 at NVD CVE-2024-45000 at SUSE CVE-2024-45000 at NVD CVE-2024-45001 at SUSE CVE-2024-45001 at NVD CVE-2024-45002 at SUSE CVE-2024-45002 at NVD CVE-2024-45003 at SUSE CVE-2024-45003 at NVD CVE-2024-45005 at SUSE CVE-2024-45005 at NVD CVE-2024-45006 at SUSE CVE-2024-45006 at NVD CVE-2024-45007 at SUSE CVE-2024-45007 at NVD CVE-2024-45008 at SUSE CVE-2024-45008 at NVD CVE-2024-45011 at SUSE CVE-2024-45011 at NVD CVE-2024-45012 at SUSE CVE-2024-45012 at NVD CVE-2024-45013 at SUSE CVE-2024-45013 at NVD CVE-2024-45015 at SUSE CVE-2024-45015 at NVD CVE-2024-45017 at SUSE CVE-2024-45017 at NVD CVE-2024-45018 at SUSE CVE-2024-45018 at NVD CVE-2024-45019 at SUSE CVE-2024-45019 at NVD CVE-2024-45020 at SUSE CVE-2024-45020 at NVD CVE-2024-45021 at SUSE CVE-2024-45021 at NVD CVE-2024-45022 at SUSE CVE-2024-45022 at NVD CVE-2024-45023 at SUSE CVE-2024-45023 at NVD CVE-2024-45026 at SUSE CVE-2024-45026 at NVD CVE-2024-45028 at SUSE CVE-2024-45028 at NVD CVE-2024-45029 at SUSE CVE-2024-45029 at NVD CVE-2024-45030 at SUSE CVE-2024-45030 at NVD CVE-2024-46672 at SUSE CVE-2024-46672 at NVD CVE-2024-46673 at SUSE CVE-2024-46673 at NVD CVE-2024-46674 at SUSE CVE-2024-46674 at NVD CVE-2024-46675 at SUSE CVE-2024-46675 at NVD CVE-2024-46676 at SUSE CVE-2024-46676 at NVD CVE-2024-46677 at SUSE CVE-2024-46677 at NVD CVE-2024-46679 at SUSE CVE-2024-46679 at NVD CVE-2024-46685 at SUSE CVE-2024-46685 at NVD CVE-2024-46686 at SUSE CVE-2024-46686 at NVD CVE-2024-46687 at SUSE CVE-2024-46687 at NVD CVE-2024-46689 at SUSE CVE-2024-46689 at NVD CVE-2024-46691 at SUSE CVE-2024-46691 at NVD CVE-2024-46692 at SUSE CVE-2024-46692 at NVD CVE-2024-46693 at SUSE CVE-2024-46693 at NVD CVE-2024-46694 at SUSE CVE-2024-46694 at NVD CVE-2024-46695 at SUSE CVE-2024-46695 at NVD CVE-2024-46702 at SUSE CVE-2024-46702 at NVD CVE-2024-46706 at SUSE CVE-2024-46706 at NVD CVE-2024-46707 at SUSE CVE-2024-46707 at NVD CVE-2024-46709 at SUSE CVE-2024-46709 at NVD CVE-2024-46710 at SUSE CVE-2024-46710 at NVD CVE-2024-46714 at SUSE CVE-2024-46714 at NVD CVE-2024-46715 at SUSE CVE-2024-46715 at NVD CVE-2024-46716 at SUSE CVE-2024-46716 at NVD CVE-2024-46717 at SUSE CVE-2024-46717 at NVD CVE-2024-46719 at SUSE CVE-2024-46719 at NVD CVE-2024-46720 at SUSE CVE-2024-46720 at NVD CVE-2024-46722 at SUSE CVE-2024-46722 at NVD CVE-2024-46723 at SUSE CVE-2024-46723 at NVD CVE-2024-46724 at SUSE CVE-2024-46724 at NVD CVE-2024-46725 at SUSE CVE-2024-46725 at NVD CVE-2024-46726 at SUSE CVE-2024-46726 at NVD CVE-2024-46728 at SUSE CVE-2024-46728 at NVD CVE-2024-46729 at SUSE CVE-2024-46729 at NVD CVE-2024-46730 at SUSE CVE-2024-46730 at NVD CVE-2024-46731 at SUSE CVE-2024-46731 at NVD CVE-2024-46732 at SUSE CVE-2024-46732 at NVD CVE-2024-46734 at SUSE CVE-2024-46734 at NVD CVE-2024-46735 at SUSE CVE-2024-46735 at NVD CVE-2024-46737 at SUSE CVE-2024-46737 at NVD CVE-2024-46738 at SUSE CVE-2024-46738 at NVD CVE-2024-46739 at SUSE CVE-2024-46739 at NVD CVE-2024-46741 at SUSE CVE-2024-46741 at NVD CVE-2024-46743 at SUSE CVE-2024-46743 at NVD CVE-2024-46744 at SUSE CVE-2024-46744 at NVD CVE-2024-46745 at SUSE CVE-2024-46745 at NVD CVE-2024-46746 at SUSE CVE-2024-46746 at NVD CVE-2024-46747 at SUSE CVE-2024-46747 at NVD CVE-2024-46749 at SUSE CVE-2024-46749 at NVD CVE-2024-46750 at SUSE CVE-2024-46750 at NVD CVE-2024-46751 at SUSE CVE-2024-46751 at NVD CVE-2024-46752 at SUSE CVE-2024-46752 at NVD CVE-2024-46753 at SUSE CVE-2024-46753 at NVD CVE-2024-46755 at SUSE CVE-2024-46755 at NVD CVE-2024-46756 at SUSE CVE-2024-46756 at NVD CVE-2024-46757 at SUSE CVE-2024-46757 at NVD CVE-2024-46758 at SUSE CVE-2024-46758 at NVD CVE-2024-46759 at SUSE CVE-2024-46759 at NVD CVE-2024-46760 at SUSE CVE-2024-46760 at NVD CVE-2024-46761 at SUSE CVE-2024-46761 at NVD CVE-2024-46767 at SUSE CVE-2024-46767 at NVD CVE-2024-46771 at SUSE CVE-2024-46771 at NVD CVE-2024-46772 at SUSE CVE-2024-46772 at NVD CVE-2024-46773 at SUSE CVE-2024-46773 at NVD CVE-2024-46774 at SUSE CVE-2024-46774 at NVD CVE-2024-46776 at SUSE CVE-2024-46776 at NVD CVE-2024-46778 at SUSE CVE-2024-46778 at NVD CVE-2024-46780 at SUSE CVE-2024-46780 at NVD CVE-2024-46781 at SUSE CVE-2024-46781 at NVD CVE-2024-46783 at SUSE CVE-2024-46783 at NVD CVE-2024-46784 at SUSE CVE-2024-46784 at NVD CVE-2024-46786 at SUSE CVE-2024-46786 at NVD CVE-2024-46787 at SUSE CVE-2024-46787 at NVD CVE-2024-46791 at SUSE CVE-2024-46791 at NVD CVE-2024-46794 at SUSE CVE-2024-46794 at NVD CVE-2024-46797 at SUSE CVE-2024-46797 at NVD CVE-2024-46798 at SUSE CVE-2024-46798 at NVD CVE-2024-46822 at SUSE CVE-2024-46822 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52610: net/sched: act_ct: fix skb leak and crash on ooo frags (bsc#1221610). - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487). - CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269). - CVE-2024-26640: tcp: add sanity checks to rx zerocopy (bsc#1221650). - CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340). - CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629). - CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606). - CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846). - CVE-2024-40965: i2c: lpi2c: Avoid calling clk_get_rate during transfer (bsc#1227885). - CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890). - CVE-2024-40983: tipc: force a dst refcount before doing decryption (bsc#1227819). - CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507). - CVE-2024-42243: mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray (bsc#1229001). - CVE-2024-42252: closures: Change BUG_ON() to WARN_ON() (bsc#1229004). - CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334). - CVE-2024-42294: block: fix deadlock between sd_remove & sd_release (bsc#1229371). - CVE-2024-42304: ext4: make sure the first directory block is not a hole (bsc#1229364). - CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363). - CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362). - CVE-2024-43828: ext4: fix infinite loop when replaying fast_commit (bsc#1229394). - CVE-2024-43832: s390/uv: Do not call folio_wait_writeback() without a folio reference (bsc#1229380). - CVE-2024-43845: udf: Fix bogus checksum computation in udf_rename() (bsc#1229389). - CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764). - CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753). - CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790). - CVE-2024-44935: sctp: Fix null-ptr-deref in reuseport_add_sock() (bsc#1229810). - CVE-2024-44944: netfilter: ctnetlink: use helper function to calculate expect ID (bsc#1229899). - CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). - CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180). - CVE-2024-44951: serial: sc16is7xx: fix TX fifo corruption (bsc#1230181). - CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (bsc#1230209). - CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1230211). - CVE-2024-44984: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT (bsc#1230240). - CVE-2024-44985: ipv6: prevent possible UAF in ip6_xmit() (bsc#1230206). - CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185). - CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192). - CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference (bsc#1230193). - CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok (bsc#1230194). - CVE-2024-44991: tcp: prevent concurrent execution of tcp_sk_exit_batch (bsc#1230195). - CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171). - CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233). - CVE-2024-45002: rtla/osnoise: Prevent NULL dereference in error handling (bsc#1230169). - CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245). - CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442). - CVE-2024-45017: net/mlx5: Fix IPsec RoCE MPV trace call (bsc#1230430). - CVE-2024-45018: netfilter: flowtable: initialise extack before use (bsc#1230431). - CVE-2024-45019: net/mlx5e: Take state lock during tx timeout reporter (bsc#1230432). - CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434). - CVE-2024-45022: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0 (bsc#1230435). - CVE-2024-45023: md/raid1: Fix data corruption for degraded array with slow disk (bsc#1230455). - CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe (bsc#1230451). - CVE-2024-45030: igb: cope with large MAX_SKB_FRAGS (bsc#1230457). - CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506). - CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549). - CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556). - CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517). - CVE-2024-46687: btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk() (bsc#1230518). - CVE-2024-46691: usb: typec: ucsi: Move unregister out of atomic section (bsc#1230526). - CVE-2024-46692: firmware: qcom: scm: Mark get_wq_ctx() as atomic call (bsc#1230520). - CVE-2024-46693: kABI workaround for soc-qcom pmic_glink changes (bsc#1230521). - CVE-2024-46710: drm/vmwgfx: Prevent unmapping active read buffers (bsc#1230540). - CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719). - CVE-2024-46729: drm/amd/display: Fix incorrect size calculation for loop (bsc#1230704). - CVE-2024-46735: ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() (bsc#1230727). - CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756). - CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info() (bsc#1230786). - CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794). - CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796). - CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used (bsc#1230772). - CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810). - CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815). - CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825). - CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120). The following non-security bugs were fixed: - ABI: testing: fix admv8818 attr description (git-fixes). - ACPI: CPPC: Add helper to get the highest performance value (stable-fixes). - ACPI: CPPC: Fix MASK_VAL() usage (git-fixes). - ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() (git-fixes). - ACPI: processor: Fix memory leaks in error paths of processor_add() (stable-fixes). - ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (stable-fixes). - ACPI: sysfs: validate return type of _STR method (git-fixes). - ACPICA: Implement ACPI_WARNING_ONCE and ACPI_ERROR_ONCE (stable-fixes). - ACPICA: executer/exsystem: Do not nag user about every Stall() violating the spec (git-fixes). - ALSA: control: Apply sanity check of input values for user elements (stable-fixes). - ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (stable-fixes). - ALSA: hda/realtek - Fix inactive headset mic jack for ASUS Vivobook 15 X1504VAP (stable-fixes). - ALSA: hda/realtek: Enable Mute Led for HP Victus 15-fb1xxx (stable-fixes). - ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx (stable-fixes). - ALSA: hda/realtek: add patch for internal mic in Lenovo V145 (stable-fixes). - ALSA: hda/realtek: extend quirks for Clevo V5[46]0 (stable-fixes). - ALSA: hda: Add input value sanity checks to HDMI channel map controls (stable-fixes). - ALSA: hda: add HDMI codec ID for Intel PTL (stable-fixes). - ALSA: hda: cs35l41: fix module autoloading (git-fixes). - ARM: 9406/1: Fix callchain_trace() return value (git-fixes). - ASoC: Intel: soc-acpi-cht: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes). - ASoC: amd: yc: Add a quirk for MSI Bravo 17 (D7VEK) (stable-fixes). - ASoC: codecs: avoid possible garbage value in peb2466_reg_read() (git-fixes). - ASoC: cs42l42: Convert comma to semicolon (git-fixes). - ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (git-fixes). - ASoC: intel: fix module autoloading (stable-fixes). - ASoC: meson: Remove unused declartion in header file (git-fixes). - ASoC: meson: axg-card: fix 'use-after-free' (git-fixes). - ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error (git-fixes). - ASoC: rt5682s: Return devm_of_clk_add_hw_provider to transfer the error (git-fixes). - ASoC: soc-ac97: Fix the incorrect description (git-fixes). - ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode (git-fixes). - ASoC: tas2781-i2c: Get the right GPIO line (git-fixes). - ASoC: tda7419: fix module autoloading (stable-fixes). - ASoC: tegra: Fix CBB error during probe() (git-fixes). - ASoC: topology: Properly initialize soc_enum values (stable-fixes). - ASoc: SOF: topology: Clear SOF link platform name upon unload (git-fixes). - ASoc: TAS2781: replace beXX_to_cpup with get_unaligned_beXX for potentially broken alignment (stable-fixes). - Bluetooth: MGMT: Ignore keys being loaded with invalid type (git-fixes). - Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush() (stable-fixes). - Bluetooth: btusb: Fix not handling ZPL/short-transfer (git-fixes). - Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED (git-fixes). - Bluetooth: hci_event: Use HCI error defines instead of magic values (stable-fixes). - Bluetooth: hci_sync: Add helper functions to manipulate cmd_sync queue (stable-fixes). - Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL (git-fixes). - Detect memory allocation failure in annotated_source__alloc_histograms (bsc#1227962). - Documentation: ioctl: document 0x07 ioctl code (git-fixes). - Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (git-fixes). - Drivers: hv: vmbus: Fix the misplaced function description (git-fixes). - HID: amd_sfh: free driver_data after destroying hid device (stable-fixes). - HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (stable-fixes). - HID: multitouch: Add support for GT7868Q (stable-fixes). - HID: wacom: Do not warn about dropped packets for first packet (git-fixes). - HID: wacom: Support sequence numbers smaller than 16-bit (git-fixes). - IB/core: Fix ib_cache_setup_one error flow cleanup (git-fixes) - Input: adp5588-keys - fix check on return code (git-fixes). - Input: ads7846 - ratelimit the spi_sync error message (stable-fixes). - Input: ili210x - use kvmalloc() to allocate buffer for firmware update (stable-fixes). - Input: ilitek_ts_i2c - avoid wrong input subsystem sync (git-fixes). - Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - Input: synaptics - enable SMBus for HP Elitebook 840 G2 (stable-fixes). - Input: tsc2004/5 - do not hard code interrupt trigger (git-fixes). - Input: tsc2004/5 - fix reset handling on probe (git-fixes). - Input: tsc2004/5 - use device core to create driver-specific device attributes (git-fixes). - Input: uinput - reject requests with unreasonable number of slots (stable-fixes). - KEYS: prevent NULL pointer dereference in find_asymmetric_key() (git-fixes). - KVM: SVM: Do not advertise Bus Lock Detect to guest if SVM support is missing (git-fixes). - KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE (git-fixes). - KVM: arm64: Block unsafe FF-A calls from the host (git-fixes). - KVM: arm64: Disallow copying MTE to guest memory while KVM is dirty logging (git-fixes). - KVM: arm64: Do not pass a TLBI level hint when zapping table entries (git-fixes). - KVM: arm64: Do not re-initialize the KVM lock (git-fixes). - KVM: arm64: Invalidate EL1&0 TLB entries for all VMIDs in nvhe hyp init (git-fixes). - KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 (git-fixes). - KVM: arm64: Release pfn, i.e. put page, if copying MTE tags hits ZONE_DEVICE (git-fixes). - KVM: arm64: nvhe: Ignore SVE hint in SMCCC function ID (git-fixes). - KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() (git-fixes). - KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS (git-fixes). - Merge branch 'SLE15-SP6' (ea7c56db3e5d) into 'SLE15-SP6-RT' - NFS: never reuse a NFSv4.0 lock-owner (bsc#1227726). - NFSD: Fix frame size warning in svc_export_parse() (git-fixes). - NFSD: Rewrite synopsis of nfsd_percpu_counters_init() (git-fixes). - NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (git-fixes). - No -rt specific changes this merge. - PCI: Add missing bridge lock to pci_bus_lock() (stable-fixes). - PCI: Wait for Link before restoring Downstream Buses (git-fixes). - PCI: al: Check IORESOURCE_BUS existence during probe (stable-fixes). - PCI: dra7xx: Fix error handling when IRQ request fails in probe (git-fixes). - PCI: dra7xx: Fix threaded IRQ request for 'dra7xx-pcie-main' IRQ (git-fixes). - PCI: dwc: Expose dw_pcie_ep_exit() to module (git-fixes). - PCI: imx6: Fix missing call to phy_power_off() in error handling (git-fixes). - PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (stable-fixes). - PCI: keystone: Fix if-statement expression in ks_pcie_quirk() (git-fixes). - PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port() (git-fixes). - PCI: qcom-ep: Enable controller resources like PHY only after refclk is available (git-fixes). - PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes). - PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes). - PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666). - RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes) - RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes) - RDMA/efa: Properly handle unexpected AQ completions (git-fixes) - RDMA/erdma: Return QP state in erdma_query_qp (git-fixes) - RDMA/hns: Do not modify rq next block addr in HIP09 QPC (git-fixes) - RDMA/hns: Fix 1bit-ECC recovery address in non-4K OS (git-fixes) - RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08 (git-fixes) - RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (git-fixes) - RDMA/hns: Fix ah error counter in sw stat not increasing (git-fixes) - RDMA/hns: Fix restricted __le16 degrades to integer issue (git-fixes) - RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (git-fixes) - RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (git-fixes) - RDMA/hns: Optimize hem allocation performance (git-fixes) - RDMA/irdma: fix error message in irdma_modify_qp_roce() (git-fixes) - RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git-fixes) - RDMA/mlx5: Drop redundant work canceling from clean_keys() (git-fixes) - RDMA/mlx5: Fix MR cache temp entries cleanup (git-fixes) - RDMA/mlx5: Fix counter update on MR cache mkey creation (git-fixes) - RDMA/mlx5: Limit usage of over-sized mkeys from the MR cache (git-fixes) - RDMA/mlx5: Obtain upper net device only when needed (git-fixes) - RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (git-fixes) - RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (git-fixes) - Restore dropped fields for bluetooth MGMT/SMP structs (git-fixes). - Revert 'Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE' (git-fixes). - Revert 'PCI: Extend ACS configurability (bsc#1228090).' (bsc#1229019) - Revert 'drm/amdgpu: align pp_power_profile_mode with kernel docs' (stable-fixes). - Revert 'media: tuners: fix error return code of hybrid_tuner_request_state()' (git-fixes). - Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' - Revert 'mm/sparsemem: fix race in accessing memory_section->usage' - Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' - Squashfs: sanity check symbolic link size (git-fixes). - USB: class: CDC-ACM: fix race between get_serial and set_serial (git-fixes). - USB: serial: kobil_sct: restore initial terminal settings (git-fixes). - USB: serial: option: add MeiG Smart SRM825L (git-fixes). - USB: serial: option: add MeiG Smart SRM825L (stable-fixes). - USB: serial: pl2303: add device id for Macrosilicon MS3020 (stable-fixes). - USB: usbtmc: prevent kernel-usb-infoleak (git-fixes). - VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (git-fixes). - afs: Do not cross .backup mountpoint from backup volume (git-fixes). - afs: Revert 'afs: Hide silly-rename files from userspace' (git-fixes). - arm64/mm: Modify range-based tlbi to decrement scale (bsc#1229585) - arm64/mm: Update tlb invalidation routines for FEAT_LPA2 (bsc#1229585) - arm64: acpi: Move get_cpu_for_acpi_id() to a header (git-fixes). - arm64: dts: allwinner: h616: Add r_i2c pinctrl nodes (git-fixes). - arm64: dts: exynos: exynos7885-jackpotlte: Correct RAM amount to 4GB (git-fixes). - arm64: dts: imx8-ss-dma: Fix adc0 closing brace location (git-fixes). - arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity (git-fixes). - arm64: dts: rockchip: Correct vendor prefix for Hardkernel ODROID-M1 (git-fixes). - arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency (git-fixes). - arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E (git-fixes). - arm64: dts: rockchip: fix eMMC/SPI corruption when audio has been used on RK3399 Puma (git-fixes). - arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma (git-fixes). - arm64: signal: Fix some under-bracketed UAPI macros (git-fixes). - arm64: tlb: Allow range operation for MAX_TLBI_RANGE_PAGES (bsc#1229585) - arm64: tlb: Fix TLBI RANGE operand (bsc#1229585) - arm64: tlb: Improve __TLBI_VADDR_RANGE() (bsc#1229585) - ata: libata-scsi: Fix ata_msense_control() CDL page reporting (git-fixes). - ata: libata: Clear DID_TIME_OUT for ATA PT commands with sense data (git-fixes). - ata: libata: Fix memory leak for error path in ata_host_alloc() (git-fixes). - ata: pata_macio: Use WARN instead of BUG (stable-fixes). - blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600). - blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600). - bpf, events: Use prog to emit ksymbol event for main program (git-fixes). - bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() (git-fixes). - btrfs: fix race between direct IO write and fsync when using same fd (git-fixes). - btrfs: send: allow cloning non-aligned extent if it ends at i_size (bsc#1230854). - bus: integrator-lm: fix OF node leak in probe() (git-fixes). - cachefiles: Fix non-taking of sb_writers around set/removexattr (bsc#1231008). - cachefiles: fix dentry leak in cachefiles_open_file() (bsc#1231183). - can: bcm: Clear bo->bcm_proc_read after remove_proc_entry() (git-fixes). - can: bcm: Remove proc entry when dev is unregistered (git-fixes). - can: j1939: use correct function name in comment (git-fixes). - can: kvaser_pciefd: Skip redundant NULL pointer check in ISR (stable-fixes). - can: m_can: Release irq on error in m_can_open (git-fixes). - can: m_can: enable NAPI before enabling interrupts (git-fixes). - can: m_can: m_can_close(): stop clocks after device has been shut down (git-fixes). - can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open (git-fixes). - can: mcp251xfd: clarify the meaning of timestamp (stable-fixes). - can: mcp251xfd: fix ring configuration when switching from CAN-CC to CAN-FD mode (git-fixes). - can: mcp251xfd: mcp251xfd_handle_rxif_ring_uinc(): factor out in separate function (stable-fixes). - can: mcp251xfd: mcp251xfd_ring_init(): check TX-coalescing configuration (stable-fixes). - can: mcp251xfd: move mcp251xfd_timestamp_start()/stop() into mcp251xfd_chip_start/stop() (stable-fixes). - can: mcp251xfd: properly indent labels (stable-fixes). - can: mcp251xfd: rx: add workaround for erratum DS80000789E 6 of mcp2518fd (stable-fixes). - can: mcp251xfd: rx: prepare to workaround broken RX FIFO head index erratum (stable-fixes). - cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (git-fixes). - cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (stable-fixes). - ceph: remove the incorrect Fw reference check when dirtying pages (bsc#1231182). - clk: Add a devm variant of clk_rate_exclusive_get() (bsc#1227885). - clk: Provide !COMMON_CLK dummy for devm_clk_rate_exclusive_get() (bsc#1227885). - clk: qcom: clk-alpha-pll: Fix the pll post div mask (git-fixes). - clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (git-fixes). - clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled (git-fixes). - clk: qcom: gcc-sc8280xp: do not use parking clk_ops for QUPs (git-fixes). - clk: qcom: gcc-sm8550: Do not park the USB RCG at registration time (git-fixes). - clk: qcom: gcc-sm8550: Do not use parking clk_ops for QUPs (git-fixes). - clk: qcom: ipq9574: Update the alpha PLL type for GPLLs (git-fixes). - clk: ti: dra7-atl: Fix leak of of_nodes (git-fixes). - clocksource/drivers/imx-tpm: Fix next event not taking effect sometime (git-fixes). - clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX (git-fixes). - clocksource/drivers/qcom: Add missing iounmap() on errors in msm_dt_timer_init() (git-fixes). - cpufreq: amd-pstate: Enable amd-pstate preferred core support (stable-fixes). - cpufreq: amd-pstate: fix the highest frequency issue which limits performance (git-fixes). - cpufreq: scmi: Avoid overflow of target_freq in fast switch (stable-fixes). - cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately (git-fixes). - crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure (git-fixes). - crypto: ccp - do not request interrupt on cmd completion when irqs disabled (git-fixes). - crypto: iaa - Fix potential use after free bug (git-fixes). - crypto: qat - fix unintentional re-enabling of error interrupts (stable-fixes). - crypto: xor - fix template benchmarking (git-fixes). - cxl/core: Fix incorrect vendor debug UUID define (git-fixes). - cxl/pci: Fix to record only non-zero ranges (git-fixes). - devres: Initialize an uninitialized struct member (stable-fixes). - dma-buf: heaps: Fix off-by-one in CMA heap fault handler (git-fixes). - dma-debug: avoid deadlock between dma debug vs printk and netconsole (stable-fixes). - dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor (stable-fixes). - dmaengine: altera-msgdma: use irq variant of spin_lock/unlock while invoking callbacks (stable-fixes). - driver core: Fix a potential null-ptr-deref in module_add_driver() (git-fixes). - driver core: Fix error handling in driver API device_rename() (git-fixes). - driver: iio: add missing checks on iio_info's callback access (stable-fixes). - drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error (git-fixes). - drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error (git-fixes). - drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() (git-fixes). - drm/amd/amdgpu: Check tbo resource pointer (stable-fixes). - drm/amd/amdgpu: Properly tune the size of struct (git-fixes). - drm/amd/display: Add array index check for hdcp ddc access (stable-fixes). - drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func (git-fixes). - drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing (stable-fixes). - drm/amd/display: Assign linear_pitch_alignment even for VM (stable-fixes). - drm/amd/display: Avoid overflow from uint32_t to uint8_t (stable-fixes). - drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct() (git-fixes). - drm/amd/display: Check BIOS images before it is used (stable-fixes). - drm/amd/display: Check HDCP returned status (stable-fixes). - drm/amd/display: Check UnboundedRequestEnabled's value (stable-fixes). - drm/amd/display: Check denominator pbn_div before used (stable-fixes). - drm/amd/display: Check gpio_id before used as array index (stable-fixes). - drm/amd/display: Check index for aux_rd_interval before using (stable-fixes). - drm/amd/display: Check msg_id before processing transcation (stable-fixes). - drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (stable-fixes). - drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX (stable-fixes). - drm/amd/display: Defer handling mst up request in resume (stable-fixes). - drm/amd/display: Disable error correction if it's not supported (stable-fixes). - drm/amd/display: Do not use fsleep for PSR exit waits on dmub replay (stable-fixes). - drm/amd/display: Ensure array index tg_inst won't be -1 (stable-fixes). - drm/amd/display: Ensure index calculation will not overflow (stable-fixes). - drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (stable-fixes). - drm/amd/display: Fix Coverity INTEGER_OVERFLOW within decide_fallback_link_setting_max_bw_policy (stable-fixes). - drm/amd/display: Fix Coverity INTERGER_OVERFLOW within construct_integrated_info (stable-fixes). - drm/amd/display: Fix FEC_READY write on DP LT (stable-fixes). - drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box (stable-fixes). - drm/amd/display: Fix pipe addition logic in calc_blocks_to_ungate DCN35 (stable-fixes). - drm/amd/display: Handle the case which quad_part is equal 0 (stable-fixes). - drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection (stable-fixes). - drm/amd/display: Replace dm_execute_dmub_cmd with dc_wake_and_execute_dmub_cmd (git-fixes). - drm/amd/display: Run DC_LOG_DC after checking link->link_enc (stable-fixes). - drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration (stable-fixes). - drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (stable-fixes). - drm/amd/display: Solve mst monitors blank out problem after resume (git-fixes). - drm/amd/display: Spinlock before reading event (stable-fixes). - drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (stable-fixes). - drm/amd/display: Wake DMCUB before sending a command for replay feature (stable-fixes). - drm/amd/display: added NULL check at start of dc_validate_stream (stable-fixes). - drm/amd/display: handle nulled pipe context in DCE110's set_drr() (git-fixes). - drm/amd/display: use preferred link settings for dp signal only (stable-fixes). - drm/amd/pm: Fix negative array index read (stable-fixes). - drm/amd/pm: check negtive return for table entries (stable-fixes). - drm/amd/pm: check specific index for aldebaran (stable-fixes). - drm/amd/pm: check specific index for smu13 (stable-fixes). - drm/amd/pm: fix the Out-of-bounds read warning (stable-fixes). - drm/amd/pm: fix uninitialized variable warning (stable-fixes). - drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr (stable-fixes). - drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt (stable-fixes). - drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr (stable-fixes). - drm/amd/pm: fix warning using uninitialized value of max_vid_step (stable-fixes). - drm/amd: Add gfx12 swizzle mode defs (stable-fixes). - drm/amdgpu/atomfirmware: Silence UBSAN warning (stable-fixes). - drm/amdgpu/display: handle gfx12 in amdgpu_dm_plane_format_mod_supported (stable-fixes). - drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs (stable-fixes). - drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc (stable-fixes). - drm/amdgpu/pm: Fix uninitialized variable agc_btc_response (stable-fixes). - drm/amdgpu/pm: Fix uninitialized variable warning for smu10 (stable-fixes). - drm/amdgpu/swsmu: always force a state reprogram on init (stable-fixes). - drm/amdgpu: Fix get each xcp macro (git-fixes). - drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (stable-fixes). - drm/amdgpu: Fix out-of-bounds write warning (stable-fixes). - drm/amdgpu: Fix smatch static checker warning (stable-fixes). - drm/amdgpu: Fix the uninitialized variable warning (stable-fixes). - drm/amdgpu: Fix the warning division or modulo by zero (stable-fixes). - drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (stable-fixes). - drm/amdgpu: Fix uninitialized variable warning in amdgpu_info_ioctl (stable-fixes). - drm/amdgpu: Handle sg size limit for contiguous allocation (stable-fixes). - drm/amdgpu: Set no_hw_access when VF request full GPU fails (stable-fixes). - drm/amdgpu: add lock in amdgpu_gart_invalidate_tlb (stable-fixes). - drm/amdgpu: add lock in kfd_process_dequeue_from_device (stable-fixes). - drm/amdgpu: add missing error handling in function amdgpu_gmc_flush_gpu_tlb_pasid (stable-fixes). - drm/amdgpu: add skip_hw_access checks for sriov (stable-fixes). - drm/amdgpu: align pp_power_profile_mode with kernel docs (stable-fixes). - drm/amdgpu: avoid reading vf2pf info size from FB (stable-fixes). - drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 (stable-fixes). - drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts (stable-fixes). - drm/amdgpu: fix a possible null pointer dereference (git-fixes). - drm/amdgpu: fix contiguous handling for IB parsing v2 (git-fixes). - drm/amdgpu: fix dereference after null check (stable-fixes). - drm/amdgpu: fix mc_data out-of-bounds read warning (stable-fixes). - drm/amdgpu: fix overflowed array index read warning (stable-fixes). - drm/amdgpu: fix overflowed constant warning in mmhub_set_clockgating() (stable-fixes). - drm/amdgpu: fix the waring dereferencing hive (stable-fixes). - drm/amdgpu: fix ucode out-of-bounds read warning (stable-fixes). - drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes). - drm/amdgpu: handle gfx12 in amdgpu_display_verify_sizes (stable-fixes). - drm/amdgpu: properly handle vbios fake edid sizing (git-fixes). - drm/amdgpu: reject gang submit on reserved VMIDs (stable-fixes). - drm/amdgpu: the warning dereferencing obj for nbio_v7_4 (stable-fixes). - drm/amdgpu: update type of buf size to u32 for eeprom functions (stable-fixes). - drm/amdgu: fix Unintentional integer overflow for mall size (stable-fixes). - drm/amdkfd: Check debug trap enable before write dbg_ev_file (stable-fixes). - drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (stable-fixes). - drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() (git-fixes). - drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ (stable-fixes). - drm/drm-bridge: Drop conditionals around of_node pointers (stable-fixes). - drm/fb-helper: Do not schedule_work() to flush frame buffer during panic() (stable-fixes). - drm/gpuvm: fix missing dependency to DRM_EXEC (git-fixes). - drm/i915/fence: Mark debug_fence_free() with __maybe_unused (git-fixes). - drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (git-fixes). - drm/i915/guc: prevent a possible int overflow in wq offsets (git-fixes). - drm/i915: Do not attempt to load the GSC multiple times (git-fixes). - drm/kfd: Correct pinned buffer handling at kfd restore and validate process (stable-fixes). - drm/mediatek: Set sensible cursor width/height values to fix crash (stable-fixes). - drm/mediatek: ovl_adaptor: Add missing of_node_put() (git-fixes). - drm/meson: plane: Add error handling (stable-fixes). - drm/msm/a5xx: disable preemption in submits by default (git-fixes). - drm/msm/a5xx: fix races in preemption evaluation stage (git-fixes). - drm/msm/a5xx: properly clear preemption records on resume (git-fixes). - drm/msm/a5xx: workaround early ring-buffer emptiness check (git-fixes). - drm/msm/adreno: Fix error return if missing firmware-name (stable-fixes). - drm/msm/dsi: correct programming sequence for SM8350 / SM8450 (git-fixes). - drm/msm: Fix incorrect file name output in adreno_request_fw() (git-fixes). - drm/msm: fix %s null argument error (git-fixes). - drm/nouveau/fb: restore init() for ramgp102 (git-fixes). - drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets (git-fixes). - drm/radeon: fix null pointer dereference in radeon_add_common_modes (git-fixes). - drm/radeon: properly handle vbios fake edid sizing (git-fixes). - drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode (git-fixes). - drm/rockchip: vop: Allow 4096px width scaling (git-fixes). - drm/rockchip: vop: clear DMA stop bit on RK3066 (git-fixes). - drm/rockchip: vop: enable VOP_FEATURE_INTERNAL_RGB on RK3066 (git-fixes). - drm/stm: Fix an error handling path in stm_drm_platform_probe() (git-fixes). - drm/stm: ltdc: check memory returned by devm_kzalloc() (git-fixes). - drm/syncobj: Fix syncobj leak in drm_syncobj_eventfd_ioctl (git-fixes). - drm/vc4: hdmi: Handle error case of pm_runtime_resume_and_get (git-fixes). - drm: komeda: Fix an issue related to normalized zpos (stable-fixes). - drm: omapdrm: Add missing check for alloc_ordered_workqueue (git-fixes). - drm: panel-orientation-quirks: Add quirk for Ayn Loki Max (stable-fixes). - drm: panel-orientation-quirks: Add quirk for Ayn Loki Zero (stable-fixes). - drm: panel-orientation-quirks: Add quirk for OrangePi Neo (stable-fixes). - ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate() (git-fixes). - erofs: fix incorrect symlink detection in fast symlink (git-fixes). - exfat: fix memory leak in exfat_load_bitmap() (git-fixes). - fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() (git-fixes). - firmware: arm_scmi: Fix double free in OPTEE transport (git-fixes). - firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() (git-fixes). - firmware_loader: Block path traversal (git-fixes). - fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF (bsc#1230602). - fuse: fix memory leak in fuse_create_open (bsc#1230124). - fuse: update stats for pages in dropped aux writeback list (bsc#1230125). - fuse: use unsigned type for getxattr/listxattr size truncation (bsc#1230123). - gpio: modepin: Enable module autoloading (git-fixes). - gpio: rockchip: fix OF node leak in probe() (git-fixes). - hwmon: (adc128d818) Fix underflows seen when writing limit attributes (stable-fixes). - hwmon: (asus-ec-sensors) remove VRM temp X570-E GAMING (stable-fixes). - hwmon: (k10temp) Check return value of amd_smn_read() (stable-fixes). - hwmon: (lm95234) Fix underflows seen when writing limit attributes (stable-fixes). - hwmon: (max16065) Fix overflows seen when writing limits (git-fixes). - hwmon: (nct6775-core) Fix underflows seen when writing limit attributes (stable-fixes). - hwmon: (ntc_thermistor) fix module autoloading (git-fixes). - hwmon: (pmbus) Conditionally clear individual status bits for pmbus rev >= 1.2 (git-fixes). - hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (stable-fixes). - hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init (git-fixes). - hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume (git-fixes). - hwrng: mtk - Use devm_pm_runtime_enable (git-fixes). - i2c: aspeed: Update the stop sw state when the bus recovery occurs (git-fixes). - i2c: designware: fix controller is holding SCL low while ENABLE bit is disabled (git-fixes). - i2c: isch: Add missed 'else' (git-fixes). - i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - i2c: xiic: Wait for TX empty to avoid missed TX NAKs (git-fixes). - i3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition (git-fixes). - i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup (stable-fixes). - iio: adc: ad7124: fix chip ID mismatch (git-fixes). - iio: adc: ad7124: fix config comparison (git-fixes). - iio: adc: ad7606: fix oversampling gpio array (git-fixes). - iio: adc: ad7606: fix standby gpio state to match the documentation (git-fixes). - iio: adc: ad7606: remove frstdata check for serial mode (git-fixes). - iio: buffer-dmaengine: fix releasing dma channel on error (git-fixes). - iio: chemical: bme680: Fix read/write ops to device by adding mutexes (git-fixes). - iio: fix scale application in iio_convert_raw_to_processed_unlocked (git-fixes). - iio: magnetometer: ak8975: Fix reading for ak099xx sensors (git-fixes). - ipmi: docs: do not advertise deprecated sysfs entries (git-fixes). - ipmi:ssif: Improve detecting during probing (bsc#1228771) - ipmi:ssif: Improve detecting during probing (bsc#1228771) - ipv6: fix possible UAF in ip6_finish_output2() (bsc#1230206) - jfs: fix out-of-bounds in dbNextAG() and diAlloc() (git-fixes). - kABI workaround for cros_ec stuff (git-fixes). - kABI: Split kABI out of 'io_uring/kbuf: get rid of bl->is_ready' - kABI: Split kABI out of 'io_uring: Re-add dummy_ubuf for kABI purposes' - kABI: Split kABI out of io_uring/kbuf: protect io_buffer_list teardown with a reference - kabi: dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776). - kselftests: dmabuf-heaps: Ensure the driver name is null-terminated (stable-fixes). - kthread: Fix task state in kthread worker if being frozen (bsc#1231146). - leds: spi-byte: Call of_node_put() on error path (stable-fixes). - lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (stable-fixes). - lirc: rc_dev_get_from_fd(): fix file leak (git-fixes). - mailbox: bcm2835: Fix timeout during suspend mode (git-fixes). - mailbox: rockchip: fix a typo in module autoloading (git-fixes). - media: i2c: ar0521: Use cansleep version of gpiod_set_value() (git-fixes). - media: ov5675: Fix power on/off delay timings (git-fixes). - media: platform: rzg2l-cru: rzg2l-csi2: Add missing MODULE_DEVICE_TABLE (git-fixes). - media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (stable-fixes). - media: qcom: camss: Remove use_count guard in stop_streaming (git-fixes). - media: sun4i_csi: Implement link validate for sun4i_csi subdev (git-fixes). - media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags (git-fixes). - media: uvcvideo: Enforce alignment of frame and interval (stable-fixes). - media: venus: fix use after free bug in venus_remove due to race condition (git-fixes). - media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes). - media: vivid: do not set HDMI TX controls if there are no HDMI outputs (stable-fixes). - media: vivid: fix wrong sizeimage value for mplane (stable-fixes). - memory: mtk-smi: Use devm_clk_get_enabled() (git-fixes). - memory: tegra186-emc: drop unused to_tegra186_emc() (git-fixes). - minmax: reduce min/max macro expansion in atomisp driver (git-fixes). - misc: fastrpc: Fix double free of 'buf' in error path (git-fixes). - mmc: core: apply SD quirks earlier during probe (git-fixes). - mmc: cqhci: Fix checking of CQHCI_HALT state (git-fixes). - mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (git-fixes). - mmc: sdhci-of-aspeed: fix module autoloading (git-fixes). - module: Fix KCOV-ignored file name (git-fixes). - mtd: powernv: Add check devm_kasprintf() returned value (git-fixes). - mtd: slram: insert break after errors in parsing the map (git-fixes). - net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (git-fixes). - net: phy: Fix missing of_node_put() for leds (git-fixes). - net: phy: vitesse: repair vsc73xx autonegotiation (stable-fixes). - net: tighten bad gso csum offset check in virtio_net_hdr (git-fixes). - net: usb: qmi_wwan: add MeiG Smart SRM825L (stable-fixes). - nfsd: Do not leave work of closing files to a work queue (bsc#1228140). - nilfs2: determine empty node blocks as corrupted (git-fixes). - nilfs2: fix missing cleanup on rollforward recovery error (git-fixes). - nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() (git-fixes). - nilfs2: fix potential oob read in nilfs_btree_check_delete() (git-fixes). - nilfs2: fix state management in error path of log writing function (git-fixes). - nilfs2: protect references to superblock parameters exposed in sysfs (git-fixes). - nouveau: fix the fwsec sb verification register (git-fixes). - nvme-multipath: avoid hang on inaccessible namespaces (bsc#1228244). - nvme-multipath: system fails to create generic nvme device (bsc#1228244). - nvme-pci: Add sleep quirk for Samsung 990 Evo (git-fixes). - nvme-pci: allocate tagset on reset if necessary (git-fixes). - nvme-tcp: fix link failure for TCP auth (git-fixes). - nvme/pci: Add APST quirk for Lenovo N60z laptop (git-fixes). - nvme: clear caller pointer on identify failure (git-fixes). - nvme: fix namespace removal list (git-fixes). - nvmet-rdma: fix possible bad dereference when freeing rsps (git-fixes). - nvmet-tcp: do not continue for invalid icreq (git-fixes). - nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes). - nvmet-trace: avoid dereferencing pointer too early (git-fixes). - nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes). - ocfs2: cancel dqi_sync_work before freeing oinfo (git-fixes). - ocfs2: fix null-ptr-deref when journal load failed (git-fixes). - ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (git-fixes). - ocfs2: remove unreasonable unlock in ocfs2_read_blocks (git-fixes). - pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (stable-fixes). - pcmcia: Use resource_size function on resource object (stable-fixes). - perf annotate: Introduce global annotation_options (git-fixes). - perf annotate: Split branch stack cycles information out of 'struct annotation_line' (git-fixes). - perf annotate: Use global annotation_options (git-fixes). - perf arch events: Fix duplicate RISC-V SBI firmware event name (git-fixes). - perf intel-pt: Fix aux_watermark calculation for 64-bit size (git-fixes). - perf intel-pt: Fix exclude_guest setting (git-fixes). - perf machine thread: Remove exited threads by default (git-fixes). - perf maps: Move symbol maps functions to maps.c (git-fixes). - perf pmu: Assume sysfs events are always the same case (git-fixes). - perf pmus: Fixes always false when compare duplicates aliases (git-fixes). - perf record: Lazy load kernel symbols (git-fixes). - perf report: Convert to the global annotation_options (git-fixes). - perf report: Fix condition in sort__sym_cmp() (git-fixes). - perf stat: Fix the hard-coded metrics calculation on the hybrid (git-fixes). - perf test: Make test_arm_callgraph_fp.sh more robust (git-fixes). - perf tool: fix dereferencing NULL al->maps (git-fixes). - perf tools: Add/use PMU reverse lookup from config to name (git-fixes). - perf tools: Use pmus to describe type from attribute (git-fixes). - perf top: Convert to the global annotation_options (git-fixes). - perf/core: Fix missing wakeup when waiting for context reference (git-fixes). - perf/x86/intel/cstate: Add pkg C2 residency counter for Sierra Forest (git-fixes). - perf/x86/intel/cstate: Fix Alderlake/Raptorlake/Meteorlake (git-fixes). - perf/x86/intel/ds: Fix non 0 retire latency on Raptorlake (git-fixes). - perf/x86/intel/pt: Fix a topa_entry base address calculation (git-fixes). - perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation (git-fixes). - perf/x86/intel/pt: Fix topa_entry base length (git-fixes). - perf/x86/intel/uncore: Fix the bits of the CHA extended umask for SPR (git-fixes). - perf/x86/intel/uncore: Support HBM and CXL PMON counters (bsc#1230119). - perf/x86/intel: Add a distinct name for Granite Rapids (git-fixes). - perf/x86/intel: Factor out the initialization code for SPR (git fixes). - perf/x86/intel: Limit the period on Haswell (git-fixes). - perf/x86/intel: Use the common uarch name for the shared functions (git fixes). - perf/x86/uncore: Apply the unit control RB tree to MMIO uncore units (bsc#1230119). - perf/x86/uncore: Apply the unit control RB tree to MSR uncore units (bsc#1230119). - perf/x86/uncore: Apply the unit control RB tree to PCI uncore units (bsc#1230119). - perf/x86/uncore: Cleanup unused unit structure (bsc#1230119). - perf/x86/uncore: Retrieve the unit ID from the unit control RB tree (bsc#1230119). - perf/x86/uncore: Save the unit control address of all units (bsc#1230119). - perf/x86/uncore: Support per PMU cpumask (bsc#1230119). - perf/x86: Fix smp_processor_id()-in-preemptible warnings (git-fixes). - perf/x86: Serialize set_attr_rdpmc() (git-fixes). - perf: Fix default aux_watermark calculation (git-fixes). - perf: Fix event leak upon exit (git-fixes). - perf: Fix perf_aux_size() for greater-than 32-bit size (git-fixes). - perf: Prevent passing zero nr_pages to rb_alloc_aux() (git-fixes). - perf: script: add raw|disasm arguments to --insn-trace option (git-fixes). - phy: zynqmp: Take the phy mutex in xlate (stable-fixes). - pinctrl: at91: make it work with current gpiolib (stable-fixes). - pinctrl: meteorlake: Add Arrow Lake-H/U ACPI ID (stable-fixes). - pinctrl: single: fix missing error code in pcs_probe() (git-fixes). - platform/chrome: cros_ec_lpc: MEC access can use an AML mutex (stable-fixes). - platform/surface: aggregator_registry: Add Support for Surface Pro 10 (stable-fixes). - platform/surface: aggregator_registry: Add support for Surface Laptop Go 3 (stable-fixes). - platform/x86: dell-smbios: Fix error path in dell_smbios_init() (git-fixes). - platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array (git-fixes). - platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (git-fixes). - platform/x86: x86-android-tablets: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes). - power: supply: Drop use_cnt check from power_supply_property_is_writeable() (git-fixes). - power: supply: axp20x_battery: Remove design from min and max voltage (git-fixes). - power: supply: hwmon: Fix missing temp1_max_alarm attribute (git-fixes). - power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense (git-fixes). - powercap/intel_rapl: Add support for AMD family 1Ah (stable-fixes). - powerpc/qspinlock: Fix deadlock in MCS queue (bac#1230295 ltc#206656). - pwm: xilinx: Fix u32 overflow issue in 32-bit width PWM mode (stable-fixes). - r8152: add vendor/device ID pair for D-Link DUB-E250 (git-fixes). - regmap: maple: work around gcc-14.1 false-positive warning (stable-fixes). - regmap: spi: Fix potential off-by-one when calculating reserved size (stable-fixes). - regulator: Return actual error in of_regulator_bulk_get_all() (git-fixes). - regulator: core: Fix regulator_is_supported_voltage() kerneldoc return value (git-fixes). - regulator: core: Fix short description for _regulator_check_status_enabled() (git-fixes). - regulator: core: Stub devm_regulator_bulk_get_const() if !CONFIG_REGULATOR (git-fixes). - regulator: rt5120: Convert comma to semicolon (git-fixes). - regulator: wm831x-isink: Convert comma to semicolon (git-fixes). - remoteproc: imx_rproc: Correct ddr alias for i.MX8M (git-fixes). - remoteproc: imx_rproc: Initialize workqueue earlier (git-fixes). - remoteproc: k3-r5: Fix error handling when power-up failed (git-fixes). - reset: berlin: fix OF node leak in probe() error path (git-fixes). - reset: k210: fix OF node leak in probe() error path (git-fixes). - resource: fix region_intersects() vs add_memory_driver_managed() (git-fixes). - rpm/check-for-config-changes: Exclude ARCH_USING_PATCHABLE_FUNCTION_ENTRY gcc version dependent, at least on ppc - rtc: at91sam9: fix OF node leak in probe() error path (git-fixes). - s390/dasd: Fix redundant /proc/dasd* entries removal (bsc#1227694). - s390/dasd: Remove DMA alignment (LTC#208933 bsc#1230426 git-fixes). - s390/mm: Convert gmap_make_secure to use a folio (git-fixes bsc#1230562). - s390/mm: Convert make_page_secure to use a folio (git-fixes bsc#1230563). - s390: allow pte_offset_map_lock() to fail (git-fixes bsc#1230564). - scripts: kconfig: merge_config: config files: add a trailing newline (stable-fixes). - scripts: sphinx-pre-install: remove unnecessary double check for $cur_version (git-fixes). - scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223). - scsi: lpfc: Change diagnostic log flag during receipt of unknown ELS cmds (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Fix overflow build issue (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Fix unintentional double clearing of vmid_flag (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Remove redundant vport assignment when building an abort request (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Update PRLO handling in direct attached topology (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Update lpfc version to 14.4.0.4 (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (bsc#1229429 jsc#PED-9899). - scsi: sd: Fix off-by-one error in sd_read_block_characteristics() (bsc#1223848). - selftests: lib: remove strscpy test (git-fixes). - selinux,smack: do not bypass permissions check in inode_setsecctx hook (stable-fixes). - soc: fsl: cpm1: tsa: Fix tsa_write8() (git-fixes). - soc: versatile: integrator: fix OF node leak in probe() error path (git-fixes). - spi: atmel-quadspi: Avoid overwriting delay register settings (git-fixes). - spi: atmel-quadspi: Undo runtime PM changes at driver exit time (git-fixes). - spi: bcm63xx: Enable module autoloading (stable-fixes). - spi: bcm63xx: Fix module autoloading (git-fixes). - spi: meson-spicc: convert comma to semicolon (git-fixes). - spi: nxp-fspi: fix the KASAN report out-of-bounds bug (git-fixes). - spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ (git-fixes). - spi: ppc4xx: handle irq_of_parse_and_map() errors (git-fixes). - spi: rockchip: Resolve unbalanced runtime PM / system PM handling (git-fixes). - spi: rpc-if: Add missing MODULE_DEVICE_TABLE (git-fixes). - spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time (git-fixes). - spi: spidev: Add an entry for elgin,jg10309-01 (stable-fixes). - spi: spidev: Add missing spi_device_id for jg10309-01 (git-fixes). - staging: iio: frequency: ad9834: Validate frequency parameter value (git-fixes). - supported.conf: mark adiantum and xctr crypto modules as supported (bsc#1231035) - thunderbolt: Fix XDomain rx_lanes_show and tx_lanes_show (git-fixes). - thunderbolt: Fix calculation of consumed USB3 bandwidth on a path (git-fixes). - thunderbolt: Fix rollback in tb_port_lane_bonding_enable() for lane 1 (git-fixes). - thunderbolt: There are only 5 basic router registers in pre-USB4 routers (git-fixes). - tomoyo: fallback to realpath if symlink's pathname does not exist (git-fixes). - tools/perf: Fix the string match for '/tmp/perf-$PID.map' files in dso__load (git-fixes). - tpm: Clean up TPM space after command failure (git-fixes). - tracing: Avoid possible softlockup in tracing_iter_reset() (git-fixes). - tty: rp2: Fix reset with non forgiving PCIe host bridges (git-fixes). - uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (git-fixes). - usb: cdnsp: Fix incorrect usb_request status (git-fixes). - usb: dwc2: Skip clock gating on Broadcom SoCs (git-fixes). - usb: dwc2: drd: fix clock gating on USB role switch (git-fixes). - usb: dwc3: Avoid waking up gadget during startxfer (git-fixes). - usb: dwc3: core: Prevent USB core invalid event buffer address access (git-fixes). - usb: dwc3: core: Prevent USB core invalid event buffer address access (stable-fixes). - usb: dwc3: core: update LC timer as per USB Spec V3.2 (stable-fixes). - usb: gadget: aspeed_udc: validate endpoint index for ast udc (stable-fixes). - usb: typec: ucsi: Fix null pointer dereference in trace (stable-fixes). - usb: typec: ucsi: Wait 20ms before reading CCI after a reset (git-fixes). - usb: uas: set host status byte on data completion error (stable-fixes). - usbip: Do not submit special requests twice (stable-fixes). - usbnet: ipheth: add CDC NCM support (git-fixes). - usbnet: ipheth: do not stop RX on failing RX callback (git-fixes). - usbnet: ipheth: drop RX URBs with no payload (git-fixes). - usbnet: ipheth: fix carrier detection in modes 1 and 4 (git-fixes). - usbnet: ipheth: fix risk of NULL pointer deallocation (git-fixes). - usbnet: ipheth: race between ipheth_close and error handling (stable-fixes). - usbnet: ipheth: remove extraneous rx URB length check (git-fixes). - usbnet: ipheth: transmit URBs without trailing padding (git-fixes). - usbnet: modern method to get random MAC (git-fixes). - virtio-net: synchronize probe with ndo_set_features (git-fixes). - virtio_net: Fix napi_skb_cache_put warning (git-fixes). - virtio_net: fixing XDP for fully checksummed packets handling (git-fixes). - watchdog: imx_sc_wdt: Do not disable WDT in suspend (git-fixes). - wifi: ath11k: initialize 'ret' in ath11k_qmi_load_file_target_mem() (stable-fixes). - wifi: ath12k: fix BSS chan info request WMI command (git-fixes). - wifi: ath12k: fix firmware crash due to invalid peer nss (stable-fixes). - wifi: ath12k: fix invalid AMPDU factor calculation in ath12k_peer_assoc_h_he() (git-fixes). - wifi: ath12k: fix uninitialize symbol error on ath12k_peer_assoc_h_he() (stable-fixes). - wifi: ath12k: initialize 'ret' in ath12k_dp_rxdma_ring_sel_config_wcn7850() (stable-fixes). - wifi: ath12k: initialize 'ret' in ath12k_qmi_load_file_target_mem() (stable-fixes). - wifi: ath12k: match WMI BSS chan info structure with firmware definition (git-fixes). - wifi: ath9k: Remove error checks when creating debugfs entries (git-fixes). - wifi: brcmfmac: introducing fwil query functions (git-fixes). - wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (stable-fixes). - wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() (git-fixes). - wifi: cfg80211: fix bug of mapping AF3x to incorrect User Priority (git-fixes). - wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors (git-fixes). - wifi: cfg80211: make hash table duplicates more survivable (stable-fixes). - wifi: cfg80211: restrict operation during radar detection (stable-fixes). - wifi: iwlwifi: clear trans->state earlier upon error (stable-fixes). - wifi: iwlwifi: lower message level for FW buffer destination (stable-fixes). - wifi: iwlwifi: mvm: do not wait for tx queues if firmware is dead (stable-fixes). - wifi: iwlwifi: mvm: fix iwl_mvm_max_scan_ie_fw_cmd_room() (stable-fixes). - wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation (stable-fixes). - wifi: iwlwifi: mvm: increase the time between ranging measurements (git-fixes). - wifi: iwlwifi: mvm: pause TCM when the firmware is stopped (stable-fixes). - wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check (stable-fixes). - wifi: mac80211: check ieee80211_bss_info_change_notify() against MLD (stable-fixes). - wifi: mac80211: do not use rate mask for offchannel TX either (git-fixes). - wifi: mac80211: fix the comeback long retry times (git-fixes). - wifi: mac80211: free skb on error path in ieee80211_beacon_get_ap() (stable-fixes). - wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() (git-fixes). - wifi: mt76: connac: fix checksum offload fields of connac3 RXD (git-fixes). - wifi: mt76: mt7603: fix mixed declarations and code (git-fixes). - wifi: mt76: mt7615: check devm_kasprintf() returned value (git-fixes). - wifi: mt76: mt7915: check devm_kasprintf() returned value (git-fixes). - wifi: mt76: mt7915: fix oops on non-dbdc mt7986 (git-fixes). - wifi: mt76: mt7915: fix rx filter setting for bfee functionality (git-fixes). - wifi: mt76: mt7921: Check devm_kasprintf() returned value (git-fixes). - wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change (stable-fixes). - wifi: mt76: mt7921: fix wrong UNII-4 freq range check for the channel usage (git-fixes). - wifi: mt76: mt7925: fix a potential array-index-out-of-bounds issue for clc (git-fixes). - wifi: mt76: mt7996: fix EHT beamforming capability check (git-fixes). - wifi: mt76: mt7996: fix HE and EHT beamforming capabilities (git-fixes). - wifi: mt76: mt7996: fix NULL pointer dereference in mt7996_mcu_sta_bfer_he (git-fixes). - wifi: mt76: mt7996: fix traffic delay when switching back to working channel (git-fixes). - wifi: mt76: mt7996: fix uninitialized TLV data (git-fixes). - wifi: mt76: mt7996: fix wmm set of station interface to 3 (git-fixes). - wifi: mt76: mt7996: use hweight16 to get correct tx antenna (git-fixes). - wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (stable-fixes). - wifi: rtw88: 8822c: Fix reported RX band width (git-fixes). - wifi: rtw88: always wait for both firmware loading attempts (git-fixes). - wifi: rtw88: remove CPT execution branch never used (git-fixes). - wifi: rtw88: usb: schedule rx work after everything is set up (stable-fixes). - wifi: rtw89: ser: avoid multiple deinit on same CAM (stable-fixes). - wifi: rtw89: wow: prevent to send unexpected H2C during download Firmware (stable-fixes). - wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param (git-fixes). - x86/hyperv: fix kexec crash due to VP assist page corruption (git-fixes). - x86/kaslr: Expose and use the end of the physical memory address space (bsc#1229443). - x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382). - x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382). - x86/mm: Use lookup_address_in_pgd_attr() in show_fault_oops() (bsc#1221527). - x86/pat: Fix W^X violation false-positives when running as Xen PV guest (bsc#1221527). - x86/pat: Introduce lookup_address_in_pgd_attr() (bsc#1221527). - x86/pat: Restructure _lookup_address_cpa() (bsc#1221527). - xen/swiotlb: add alignment check for dma buffers (bsc#1229928). - xen/swiotlb: fix allocated size (git-fixes). - xen: add capability to remap non-RAM pages to different PFNs (bsc#1226003). - xen: allow mapping ACPI data using a different physical address (bsc#1226003). - xen: introduce generic helper checking for memory map conflicts (bsc#1226003). - xen: move checks for e820 conflicts further up (bsc#1226003). - xen: move max_pfn in xen_memory_setup() out of function scope (bsc#1226003). - xen: tolerate ACPI NVS memory overlapping with Xen allocated memory (bsc#1226003). - xen: use correct end address of kernel for conflict checking (bsc#1226003). - xfs: restrict when we try to align cow fork delalloc to cowextsz hints (git-fixes). - xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them (git-fixes). - xz: cleanup CRC32 edits from 2018 (git-fixes). Important SUSE bug 1012628 SUSE bug 1183045 SUSE bug 1215199 SUSE bug 1216223 SUSE bug 1216776 SUSE bug 1220382 SUSE bug 1221527 SUSE bug 1221610 SUSE bug 1221650 SUSE bug 1222629 SUSE bug 1223600 SUSE bug 1223848 SUSE bug 1225487 SUSE bug 1225812 SUSE bug 1225903 SUSE bug 1226003 SUSE bug 1226507 SUSE bug 1226606 SUSE bug 1226666 SUSE bug 1226846 SUSE bug 1226860 SUSE bug 1227487 SUSE bug 1227694 SUSE bug 1227726 SUSE bug 1227819 SUSE bug 1227885 SUSE bug 1227890 SUSE bug 1227962 SUSE bug 1228090 SUSE bug 1228140 SUSE bug 1228244 SUSE bug 1228507 SUSE bug 1228771 SUSE bug 1229001 SUSE bug 1229004 SUSE bug 1229019 SUSE bug 1229086 SUSE bug 1229167 SUSE bug 1229169 SUSE bug 1229289 SUSE bug 1229334 SUSE bug 1229362 SUSE bug 1229363 SUSE bug 1229364 SUSE bug 1229371 SUSE bug 1229380 SUSE bug 1229389 SUSE bug 1229394 SUSE bug 1229429 SUSE bug 1229443 SUSE bug 1229452 SUSE bug 1229455 SUSE bug 1229456 SUSE bug 1229494 SUSE bug 1229585 SUSE bug 1229753 SUSE bug 1229764 SUSE bug 1229768 SUSE bug 1229790 SUSE bug 1229810 SUSE bug 1229899 SUSE bug 1229928 SUSE bug 1230015 SUSE bug 1230119 SUSE bug 1230123 SUSE bug 1230124 SUSE bug 1230125 SUSE bug 1230169 SUSE bug 1230170 SUSE bug 1230171 SUSE bug 1230173 SUSE bug 1230174 SUSE bug 1230175 SUSE bug 1230176 SUSE bug 1230178 SUSE bug 1230180 SUSE bug 1230181 SUSE bug 1230185 SUSE bug 1230191 SUSE bug 1230192 SUSE bug 1230193 SUSE bug 1230194 SUSE bug 1230195 SUSE bug 1230200 SUSE bug 1230204 SUSE bug 1230206 SUSE bug 1230207 SUSE bug 1230209 SUSE bug 1230211 SUSE bug 1230213 SUSE bug 1230217 SUSE bug 1230221 SUSE bug 1230224 SUSE bug 1230230 SUSE bug 1230232 SUSE bug 1230233 SUSE bug 1230240 SUSE bug 1230244 SUSE bug 1230245 SUSE bug 1230247 SUSE bug 1230248 SUSE bug 1230269 SUSE bug 1230270 SUSE bug 1230295 SUSE bug 1230340 SUSE bug 1230426 SUSE bug 1230430 SUSE bug 1230431 SUSE bug 1230432 SUSE bug 1230433 SUSE bug 1230434 SUSE bug 1230435 SUSE bug 1230440 SUSE bug 1230441 SUSE bug 1230442 SUSE bug 1230444 SUSE bug 1230450 SUSE bug 1230451 SUSE bug 1230454 SUSE bug 1230455 SUSE bug 1230457 SUSE bug 1230459 SUSE bug 1230506 SUSE bug 1230507 SUSE bug 1230511 SUSE bug 1230515 SUSE bug 1230517 SUSE bug 1230518 SUSE bug 1230519 SUSE bug 1230520 SUSE bug 1230521 SUSE bug 1230524 SUSE bug 1230526 SUSE bug 1230533 SUSE bug 1230535 SUSE bug 1230539 SUSE bug 1230540 SUSE bug 1230549 SUSE bug 1230556 SUSE bug 1230562 SUSE bug 1230563 SUSE bug 1230564 SUSE bug 1230580 SUSE bug 1230582 SUSE bug 1230589 SUSE bug 1230602 SUSE bug 1230699 SUSE bug 1230700 SUSE bug 1230701 SUSE bug 1230702 SUSE bug 1230703 SUSE bug 1230704 SUSE bug 1230705 SUSE bug 1230706 SUSE bug 1230709 SUSE bug 1230711 SUSE bug 1230712 SUSE bug 1230715 SUSE bug 1230719 SUSE bug 1230722 SUSE bug 1230724 SUSE bug 1230725 SUSE bug 1230726 SUSE bug 1230727 SUSE bug 1230730 SUSE bug 1230731 SUSE bug 1230732 SUSE bug 1230747 SUSE bug 1230748 SUSE bug 1230749 SUSE bug 1230751 SUSE bug 1230752 SUSE bug 1230753 SUSE bug 1230756 SUSE bug 1230761 SUSE bug 1230766 SUSE bug 1230767 SUSE bug 1230768 SUSE bug 1230771 SUSE bug 1230772 SUSE bug 1230775 SUSE bug 1230776 SUSE bug 1230780 SUSE bug 1230783 SUSE bug 1230786 SUSE bug 1230787 SUSE bug 1230791 SUSE bug 1230794 SUSE bug 1230796 SUSE bug 1230802 SUSE bug 1230806 SUSE bug 1230808 SUSE bug 1230809 SUSE bug 1230810 SUSE bug 1230812 SUSE bug 1230813 SUSE bug 1230814 SUSE bug 1230815 SUSE bug 1230821 SUSE bug 1230825 SUSE bug 1230830 SUSE bug 1230831 SUSE bug 1230854 SUSE bug 1230948 SUSE bug 1231008 SUSE bug 1231035 SUSE bug 1231120 SUSE bug 1231146 SUSE bug 1231182 SUSE bug 1231183 CVE-2023-52610 at SUSE CVE-2023-52610 at NVD CVE-2023-52752 at SUSE CVE-2023-52752 at NVD CVE-2023-52915 at SUSE CVE-2023-52915 at NVD CVE-2023-52916 at SUSE CVE-2023-52916 at NVD CVE-2024-26640 at SUSE CVE-2024-26640 at NVD CVE-2024-26759 at SUSE CVE-2024-26759 at NVD CVE-2024-26804 at SUSE CVE-2024-26804 at NVD CVE-2024-36953 at SUSE CVE-2024-36953 at NVD CVE-2024-38538 at SUSE CVE-2024-38538 at NVD CVE-2024-38596 at SUSE CVE-2024-38596 at NVD CVE-2024-38632 at SUSE CVE-2024-38632 at NVD CVE-2024-40965 at SUSE CVE-2024-40965 at NVD CVE-2024-40973 at SUSE CVE-2024-40973 at NVD CVE-2024-40983 at SUSE CVE-2024-40983 at NVD CVE-2024-42154 at SUSE CVE-2024-42154 at NVD CVE-2024-42243 at SUSE CVE-2024-42243 at NVD CVE-2024-42252 at SUSE CVE-2024-42252 at NVD CVE-2024-42265 at SUSE CVE-2024-42265 at NVD CVE-2024-42294 at SUSE CVE-2024-42294 at NVD CVE-2024-42304 at SUSE CVE-2024-42304 at NVD CVE-2024-42305 at SUSE CVE-2024-42305 at NVD CVE-2024-42306 at SUSE CVE-2024-42306 at NVD CVE-2024-43828 at SUSE CVE-2024-43828 at NVD CVE-2024-43832 at SUSE CVE-2024-43832 at NVD CVE-2024-43835 at SUSE CVE-2024-43835 at NVD CVE-2024-43845 at SUSE CVE-2024-43845 at NVD CVE-2024-43870 at SUSE CVE-2024-43870 at NVD CVE-2024-43890 at SUSE CVE-2024-43890 at NVD CVE-2024-43898 at SUSE CVE-2024-43898 at NVD CVE-2024-43904 at SUSE CVE-2024-43904 at NVD CVE-2024-43914 at SUSE CVE-2024-43914 at NVD CVE-2024-44935 at SUSE CVE-2024-44935 at NVD CVE-2024-44944 at SUSE CVE-2024-44944 at NVD CVE-2024-44946 at SUSE CVE-2024-44946 at NVD CVE-2024-44947 at SUSE CVE-2024-44947 at NVD CVE-2024-44948 at SUSE CVE-2024-44948 at NVD CVE-2024-44950 at SUSE CVE-2024-44950 at NVD CVE-2024-44951 at SUSE CVE-2024-44951 at NVD CVE-2024-44952 at SUSE CVE-2024-44952 at NVD CVE-2024-44954 at SUSE CVE-2024-44954 at NVD CVE-2024-44960 at SUSE CVE-2024-44960 at NVD CVE-2024-44961 at SUSE CVE-2024-44961 at NVD CVE-2024-44962 at SUSE CVE-2024-44962 at NVD CVE-2024-44965 at SUSE CVE-2024-44965 at NVD CVE-2024-44967 at SUSE CVE-2024-44967 at NVD CVE-2024-44969 at SUSE CVE-2024-44969 at NVD CVE-2024-44970 at SUSE CVE-2024-44970 at NVD CVE-2024-44971 at SUSE CVE-2024-44971 at NVD CVE-2024-44977 at SUSE CVE-2024-44977 at NVD CVE-2024-44982 at SUSE CVE-2024-44982 at NVD CVE-2024-44984 at SUSE CVE-2024-44984 at NVD CVE-2024-44985 at SUSE CVE-2024-44985 at NVD CVE-2024-44986 at SUSE CVE-2024-44986 at NVD CVE-2024-44987 at SUSE CVE-2024-44987 at NVD CVE-2024-44988 at SUSE CVE-2024-44988 at NVD CVE-2024-44989 at SUSE CVE-2024-44989 at NVD CVE-2024-44990 at SUSE CVE-2024-44990 at NVD CVE-2024-44991 at SUSE CVE-2024-44991 at NVD CVE-2024-44997 at SUSE CVE-2024-44997 at NVD CVE-2024-44998 at SUSE CVE-2024-44998 at NVD CVE-2024-44999 at SUSE CVE-2024-44999 at NVD CVE-2024-45000 at SUSE CVE-2024-45000 at NVD CVE-2024-45001 at SUSE CVE-2024-45001 at NVD CVE-2024-45002 at SUSE CVE-2024-45002 at NVD CVE-2024-45003 at SUSE CVE-2024-45003 at NVD CVE-2024-45005 at SUSE CVE-2024-45005 at NVD CVE-2024-45006 at SUSE CVE-2024-45006 at NVD CVE-2024-45007 at SUSE CVE-2024-45007 at NVD CVE-2024-45008 at SUSE CVE-2024-45008 at NVD CVE-2024-45011 at SUSE CVE-2024-45011 at NVD CVE-2024-45012 at SUSE CVE-2024-45012 at NVD CVE-2024-45013 at SUSE CVE-2024-45013 at NVD CVE-2024-45015 at SUSE CVE-2024-45015 at NVD CVE-2024-45017 at SUSE CVE-2024-45017 at NVD CVE-2024-45018 at SUSE CVE-2024-45018 at NVD CVE-2024-45019 at SUSE CVE-2024-45019 at NVD CVE-2024-45020 at SUSE CVE-2024-45020 at NVD CVE-2024-45021 at SUSE CVE-2024-45021 at NVD CVE-2024-45022 at SUSE CVE-2024-45022 at NVD CVE-2024-45023 at SUSE CVE-2024-45023 at NVD CVE-2024-45026 at SUSE CVE-2024-45026 at NVD CVE-2024-45028 at SUSE CVE-2024-45028 at NVD CVE-2024-45029 at SUSE CVE-2024-45029 at NVD CVE-2024-45030 at SUSE CVE-2024-45030 at NVD CVE-2024-46672 at SUSE CVE-2024-46672 at NVD CVE-2024-46673 at SUSE CVE-2024-46673 at NVD CVE-2024-46674 at SUSE CVE-2024-46674 at NVD CVE-2024-46675 at SUSE CVE-2024-46675 at NVD CVE-2024-46676 at SUSE CVE-2024-46676 at NVD CVE-2024-46677 at SUSE CVE-2024-46677 at NVD CVE-2024-46679 at SUSE CVE-2024-46679 at NVD CVE-2024-46685 at SUSE CVE-2024-46685 at NVD CVE-2024-46686 at SUSE CVE-2024-46686 at NVD CVE-2024-46687 at SUSE CVE-2024-46687 at NVD CVE-2024-46689 at SUSE CVE-2024-46689 at NVD CVE-2024-46691 at SUSE CVE-2024-46691 at NVD CVE-2024-46692 at SUSE CVE-2024-46692 at NVD CVE-2024-46693 at SUSE CVE-2024-46693 at NVD CVE-2024-46694 at SUSE CVE-2024-46694 at NVD CVE-2024-46695 at SUSE CVE-2024-46695 at NVD CVE-2024-46702 at SUSE CVE-2024-46702 at NVD CVE-2024-46706 at SUSE CVE-2024-46706 at NVD CVE-2024-46707 at SUSE CVE-2024-46707 at NVD CVE-2024-46709 at SUSE CVE-2024-46709 at NVD CVE-2024-46710 at SUSE CVE-2024-46710 at NVD CVE-2024-46714 at SUSE CVE-2024-46714 at NVD CVE-2024-46715 at SUSE CVE-2024-46715 at NVD CVE-2024-46716 at SUSE CVE-2024-46716 at NVD CVE-2024-46717 at SUSE CVE-2024-46717 at NVD CVE-2024-46719 at SUSE CVE-2024-46719 at NVD CVE-2024-46720 at SUSE CVE-2024-46720 at NVD CVE-2024-46722 at SUSE CVE-2024-46722 at NVD CVE-2024-46723 at SUSE CVE-2024-46723 at NVD CVE-2024-46724 at SUSE CVE-2024-46724 at NVD CVE-2024-46725 at SUSE CVE-2024-46725 at NVD CVE-2024-46726 at SUSE CVE-2024-46726 at NVD CVE-2024-46728 at SUSE CVE-2024-46728 at NVD CVE-2024-46729 at SUSE CVE-2024-46729 at NVD CVE-2024-46730 at SUSE CVE-2024-46730 at NVD CVE-2024-46731 at SUSE CVE-2024-46731 at NVD CVE-2024-46732 at SUSE CVE-2024-46732 at NVD CVE-2024-46734 at SUSE CVE-2024-46734 at NVD CVE-2024-46735 at SUSE CVE-2024-46735 at NVD CVE-2024-46737 at SUSE CVE-2024-46737 at NVD CVE-2024-46738 at SUSE CVE-2024-46738 at NVD CVE-2024-46739 at SUSE CVE-2024-46739 at NVD CVE-2024-46741 at SUSE CVE-2024-46741 at NVD CVE-2024-46743 at SUSE CVE-2024-46743 at NVD CVE-2024-46744 at SUSE CVE-2024-46744 at NVD CVE-2024-46745 at SUSE CVE-2024-46745 at NVD CVE-2024-46746 at SUSE CVE-2024-46746 at NVD CVE-2024-46747 at SUSE CVE-2024-46747 at NVD CVE-2024-46749 at SUSE CVE-2024-46749 at NVD CVE-2024-46750 at SUSE CVE-2024-46750 at NVD CVE-2024-46751 at SUSE CVE-2024-46751 at NVD CVE-2024-46752 at SUSE CVE-2024-46752 at NVD CVE-2024-46753 at SUSE CVE-2024-46753 at NVD CVE-2024-46755 at SUSE CVE-2024-46755 at NVD CVE-2024-46756 at SUSE CVE-2024-46756 at NVD CVE-2024-46757 at SUSE CVE-2024-46757 at NVD CVE-2024-46758 at SUSE CVE-2024-46758 at NVD CVE-2024-46759 at SUSE CVE-2024-46759 at NVD CVE-2024-46760 at SUSE CVE-2024-46760 at NVD CVE-2024-46761 at SUSE CVE-2024-46761 at NVD CVE-2024-46767 at SUSE CVE-2024-46767 at NVD CVE-2024-46771 at SUSE CVE-2024-46771 at NVD CVE-2024-46772 at SUSE CVE-2024-46772 at NVD CVE-2024-46773 at SUSE CVE-2024-46773 at NVD CVE-2024-46774 at SUSE CVE-2024-46774 at NVD CVE-2024-46776 at SUSE CVE-2024-46776 at NVD CVE-2024-46778 at SUSE CVE-2024-46778 at NVD CVE-2024-46780 at SUSE CVE-2024-46780 at NVD CVE-2024-46781 at SUSE CVE-2024-46781 at NVD CVE-2024-46783 at SUSE CVE-2024-46783 at NVD CVE-2024-46784 at SUSE CVE-2024-46784 at NVD CVE-2024-46786 at SUSE CVE-2024-46786 at NVD CVE-2024-46787 at SUSE CVE-2024-46787 at NVD CVE-2024-46791 at SUSE CVE-2024-46791 at NVD CVE-2024-46794 at SUSE CVE-2024-46794 at NVD CVE-2024-46797 at SUSE CVE-2024-46797 at NVD CVE-2024-46798 at SUSE CVE-2024-46798 at NVD CVE-2024-46822 at SUSE CVE-2024-46822 at NVD cpe:/o:opensuse:leap:15.6 Security update for libreoffice (Important) openSUSE Leap 15.6 This update for libreofficefixes the following issues: libreoffice was updated to version 24.8.1.2 (jsc#PED-10362): - Release notes: * https://wiki.documentfoundation.org/Releases/24.8.0/RC1 and * https://wiki.documentfoundation.org/Releases/24.8.0/RC2 and * https://wiki.documentfoundation.org/Releases/24.8.0/RC3 - Security issues fixed: * CVE-2024-526: Fixed TLS certificates are not properly verified when utilizing LibreOfficeKit (bsc#1226975) - Other bugs fixed: * Use system curl instead of the bundled one on systems greater than or equal to SLE15 (bsc#1229589) * Use the new clucene function, which makes index files reproducible (bsc#1047218) * Support firebird database with new package `libreoffice-base-drivers-firebird` in Package Hub and openSUSE Leap (bsc#1225597) - Update bundled dependencies: * Java-Websocket updated from 1.5.4 to 1.5.6 * boost updated from 1.82.0 to 1.85.0 * curl updated from 8.7.1 to 8.9.1 * fontconfig updated from 2.14.2 to 2.15.0 * freetype updated from 2.13.0 to 2.13.2 * harfbuzz updated from 8.2.2 to 8.5.0 * icu4c-data updated from 73.2 to 74.2 * icu4c-src updated from 73.2 to 74.2 * libassuan updated from 2.5.7 to 3.0.1 * libcmis updated from 0.6.1 to 0.6.2 * libgpg-error updated from 1.48 to 1.50 * pdfium updated from 6179 to 6425 * poppler updated from 23.09.0 to 24.08.0 * tiff updated from 4.6.0 to 4.6.0t Important SUSE bug 1047218 SUSE bug 1225597 SUSE bug 1226975 SUSE bug 1229589 CVE-2024-5261 at SUSE CVE-2024-5261 at NVD cpe:/o:opensuse:leap:15.6 Recommended update for python-requests (Moderate) openSUSE Leap 15.6 This update for python-requests fixes the following issue: - Update CVE-2024-35195.patch to allow the usage of 'verify' parameter as a directory (bsc#1225912) Moderate SUSE bug 1225912 CVE-2024-35195 at SUSE CVE-2024-35195 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaFirefox (Critical) openSUSE Leap 15.6 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 128.3.1 ESR MFSA 2024-51 (bsc#1231413) - CVE-2024-9680: Use-after-free in Animation timeline (bmo#1923344) Also includes the following CVEs from MFSA 2024-47 (bsc#1230979) - CVE-2024-9392: Compromised content process can bypass site isolation (bmo#1899154, bmo#1905843) - CVE-2024-9393: Cross-origin access to PDF contents through multipart responses (bmo#1918301) - CVE-2024-9394: Cross-origin access to JSON contents through multipart responses (bmo#1918874) - CVE-2024-8900: Clipboard write permission bypass (bmo#1872841) - CVE-2024-9396: Potential memory corruption may occur when cloning certain objects (bmo#1912471) - CVE-2024-9397: Potential directory upload bypass via clickjacking (bmo#1916659) - CVE-2024-9398: External protocol handlers could be enumerated via popups (bmo#1881037) - CVE-2024-9399: Specially crafted WebTransport requests could lead to denial of service (bmo#1907726) - CVE-2024-9400: Potential memory corruption during JIT compilation (bmo#1915249) - CVE-2024-9401: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1916476) - CVE-2024-9402: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3i (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1913445, bmo#1914106, bmo#1914475, bmo#1914963, bmo#1915008, bmo#1916476) Critical SUSE bug 1230979 SUSE bug 1231413 CVE-2024-8900 at SUSE CVE-2024-8900 at NVD CVE-2024-9392 at SUSE CVE-2024-9392 at NVD CVE-2024-9393 at SUSE CVE-2024-9393 at NVD CVE-2024-9394 at SUSE CVE-2024-9394 at NVD CVE-2024-9396 at SUSE CVE-2024-9396 at NVD CVE-2024-9397 at SUSE CVE-2024-9397 at NVD CVE-2024-9398 at SUSE CVE-2024-9398 at NVD CVE-2024-9399 at SUSE CVE-2024-9399 at NVD CVE-2024-9400 at SUSE CVE-2024-9400 at NVD CVE-2024-9401 at SUSE CVE-2024-9401 at NVD CVE-2024-9402 at SUSE CVE-2024-9402 at NVD CVE-2024-9680 at SUSE CVE-2024-9680 at NVD cpe:/o:opensuse:leap:15.6 Security update for wireshark (Moderate) openSUSE Leap 15.6 This update for wireshark fixes the following issues: Update to Wireshark 4.2.8: - CVE-2024-9781: Fixed AppleTalk and RELOAD Framing dissector crash (bsc#1231476). - Further features, bug fixes and updated protocol support as listed in: https://www.wireshark.org/docs/relnotes/wireshark-4.2.8.html Moderate SUSE bug 1231476 CVE-2024-9781 at SUSE CVE-2024-9781 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaThunderbird (Important) openSUSE Leap 15.6 This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.3.1 (MFSA 2024-51, bsc#1231413): - CVE-2024-9680: Use-after-free in Animation timeline Update to Mozilla Thunderbird 128.3 (MFSA 2024-49, bsc#1230979): - CVE-2024-9392: Compromised content process can bypass site isolation - CVE-2024-9393: Cross-origin access to PDF contents through multipart responses - CVE-2024-9394: Cross-origin access to JSON contents through multipart responses - CVE-2024-8900: Clipboard write permission bypass - CVE-2024-9396: Potential memory corruption may occur when cloning certain objects - CVE-2024-9397: Potential directory upload bypass via clickjacking - CVE-2024-9398: External protocol handlers could be enumerated via popups - CVE-2024-9399: Specially crafted WebTransport requests could lead to denial of service - CVE-2024-9400: Potential memory corruption during JIT compilation - CVE-2024-9401: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 - CVE-2024-9402: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 Other fixes: - fixed: Opening an EML file with a 'mailto:' link did not work - fixed: Collapsed POP3 account folder was expanded after emptying trash on exit - fixed: 'Mark Folder Read' on a cross-folder search marked all underlying folders read - fixed: Unable to open/view attached OpenPGP encrypted messages - fixed: Unable to 'Decrypt and Open' an attached OpenPGP key file - fixed: Subject could disappear when replying to a message saved in an EML file - fixed: OAuth2 authentication method was not available when adding SMTP server - fixed: Unable to subscribe to .ics calendars in some situations - fixed: Visual and UX improvements Important SUSE bug 1230979 SUSE bug 1231413 CVE-2024-8900 at SUSE CVE-2024-8900 at NVD CVE-2024-9392 at SUSE CVE-2024-9392 at NVD CVE-2024-9393 at SUSE CVE-2024-9393 at NVD CVE-2024-9394 at SUSE CVE-2024-9394 at NVD CVE-2024-9396 at SUSE CVE-2024-9396 at NVD CVE-2024-9397 at SUSE CVE-2024-9397 at NVD CVE-2024-9398 at SUSE CVE-2024-9398 at NVD CVE-2024-9399 at SUSE CVE-2024-9399 at NVD CVE-2024-9400 at SUSE CVE-2024-9400 at NVD CVE-2024-9401 at SUSE CVE-2024-9401 at NVD CVE-2024-9402 at SUSE CVE-2024-9402 at NVD CVE-2024-9680 at SUSE CVE-2024-9680 at NVD cpe:/o:opensuse:leap:15.6 Security update for keepalived (Moderate) openSUSE Leap 15.6 This update for keepalived fixes the following issues: - CVE-2024-41184: Fixed integer overflow in vrrp_ipsets_handler (bsc#1228123) Moderate SUSE bug 1228123 CVE-2024-41184 at SUSE CVE-2024-41184 at NVD cpe:/o:opensuse:leap:15.6 Security update for unbound (Moderate) openSUSE Leap 15.6 This update for unbound fixes the following issues: - CVE-2024-8508: Fixed unbounded name compression that could lead to denial of service (bsc#1231284) Moderate SUSE bug 1231284 CVE-2024-8508 at SUSE CVE-2024-8508 at NVD cpe:/o:opensuse:leap:15.6 Security update for etcd (Moderate) openSUSE Leap 15.6 This update for etcd fixes the following issues: Update to version 3.5.12: Security fixes: - CVE-2018-16873: Fixed remote command execution in cmd/go (bsc#1118897) - CVE-2018-16874: Fixed directory traversal in cmd/go (bsc#1118898) - CVE-2018-16875: Fixed CPU denial of service in crypto/x509 (bsc#1118899) - CVE-2018-16886: Fixed improper authentication issue when RBAC and client-cert-auth is enabled (bsc#1121850) - CVE-2020-15106: Fixed panic in decodeRecord method (bsc#1174951) - CVE-2020-15112: Fixed improper checks in entry index (bsc#1174951) - CVE-2021-28235: Fixed information discosure via debug function (bsc#1210138) - CVE-2022-41723: Fixed quadratic complexity in HPACK decoding in net/http (bsc#1208270, bsc#1208297) - CVE-2023-29406: Fixed insufficient sanitization of Host header in go net/http (bsc#1213229) - CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (bsc#1217070) - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (aka Terrapin Attack) in crypto/ssh (bsc#1217950, bsc#1218150) Other changes: - Added hardening to systemd service(s) (bsc#1181400) - Fixed static /tmp file issue (bsc#1199031) - Fixed systemd service not starting (bsc#1183703) Full changelog: https://github.com/etcd-io/etcd/compare/v3.3.1...v3.5.12 Moderate SUSE bug 1095184 SUSE bug 1118897 SUSE bug 1118898 SUSE bug 1118899 SUSE bug 1121850 SUSE bug 1174951 SUSE bug 1181400 SUSE bug 1183703 SUSE bug 1199031 SUSE bug 1208270 SUSE bug 1208297 SUSE bug 1210138 SUSE bug 1213229 SUSE bug 1217070 SUSE bug 1217950 SUSE bug 1218150 CVE-2018-16873 at SUSE CVE-2018-16873 at NVD CVE-2018-16874 at SUSE CVE-2018-16874 at NVD CVE-2018-16875 at SUSE CVE-2018-16875 at NVD CVE-2018-16886 at SUSE CVE-2018-16886 at NVD CVE-2020-15106 at SUSE CVE-2020-15106 at NVD CVE-2020-15112 at SUSE CVE-2020-15112 at NVD CVE-2021-28235 at SUSE CVE-2021-28235 at NVD CVE-2022-41723 at SUSE CVE-2022-41723 at NVD CVE-2023-29406 at SUSE CVE-2023-29406 at NVD CVE-2023-47108 at SUSE CVE-2023-47108 at NVD CVE-2023-48795 at SUSE CVE-2023-48795 at NVD cpe:/o:opensuse:leap:15.6 Security update for libarchive (Important) openSUSE Leap 15.6 This update for libarchive fixes the following issues: - CVE-2024-48957: Fixed out-of-bounds access in execute_filter_audio in archive_read_support_format_rar.c (bsc#1231544). Important SUSE bug 1231544 CVE-2024-48957 at SUSE CVE-2024-48957 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-starlette (Important) openSUSE Leap 15.6 This update for python-starlette fixes the following issues: - CVE-2024-47874: Fixed possible DoS via parts size in multipart/form-data requests (bsc#1231689) Important SUSE bug 1231689 CVE-2024-47874 at SUSE CVE-2024-47874 at NVD cpe:/o:opensuse:leap:15.6 Security update for jetty-minimal (Moderate) openSUSE Leap 15.6 This update for jetty-minimal fixes the following issues: - CVE-2024-8184: Fixed remote denial-of-service in ThreadLimitHandler.getRemote() (bsc#1231651). Moderate SUSE bug 1231651 CVE-2024-8184 at SUSE CVE-2024-8184 at NVD cpe:/o:opensuse:leap:15.6 Security update for buildah (Moderate) openSUSE Leap 15.6 This update for buildah fixes the following issues: - CVE-2024-9675: Fixed arbitrary cache directory mount (bsc#1231499) Moderate SUSE bug 1231499 CVE-2024-9675 at SUSE CVE-2024-9675 at NVD cpe:/o:opensuse:leap:15.6 Security update for php8 (Moderate) openSUSE Leap 15.6 This update for php8 fixes the following issues: Update to php 8.2.24: - CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed (bsc#1231360) - CVE-2024-8927: Fixed cgi.force_redirect configuration is bypassable due to an environment variable collision (bsc#1231358) - CVE-2024-9026: Fixed pollution of worker output logs in PHP-FPM (bsc#1231382) Moderate SUSE bug 1231358 SUSE bug 1231360 SUSE bug 1231382 CVE-2024-8925 at SUSE CVE-2024-8925 at NVD CVE-2024-8927 at SUSE CVE-2024-8927 at NVD CVE-2024-9026 at SUSE CVE-2024-9026 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaThunderbird (Important) openSUSE Leap 15.6 This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.3.1 (MFSA 2024-52, bsc#1231413): - CVE-2024-9680: Fixed use-after-free in Animation timeline (bmo#1923344) Important SUSE bug 1231413 CVE-2024-9680 at SUSE CVE-2024-9680 at NVD cpe:/o:opensuse:leap:15.6 Security update for php7 (Moderate) openSUSE Leap 15.6 This update for php7 fixes the following issues: - CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed (bsc#1231360) - CVE-2024-8927: Fixed cgi.force_redirect configuration is bypassable due to an environment variable collision (bsc#1231358) - CVE-2024-9026: Fixed pollution of worker output logs in PHP-FPM (bsc#1231382) Moderate SUSE bug 1231358 SUSE bug 1231360 SUSE bug 1231382 CVE-2024-8925 at SUSE CVE-2024-8925 at NVD CVE-2024-8927 at SUSE CVE-2024-8927 at NVD CVE-2024-9026 at SUSE CVE-2024-9026 at NVD cpe:/o:opensuse:leap:15.6 Security update for podman (Moderate) openSUSE Leap 15.6 This update for podman fixes the following issues: - CVE-2024-9675: Fixed cache arbitrary directory mount (bsc#1231499). - CVE-2024-9407: Fixed improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction (bsc#1231208). The following non-security bug was fixed: - rootless ipv6 containers can't be started (bsc#1214612). Moderate SUSE bug 1214612 SUSE bug 1231208 SUSE bug 1231499 CVE-2024-9407 at SUSE CVE-2024-9407 at NVD CVE-2024-9675 at SUSE CVE-2024-9675 at NVD cpe:/o:opensuse:leap:15.6 Security update for apache2 (Important) openSUSE Leap 15.6 This update for apache2 fixes the following issues: - CVE-2024-40725: Fixed source code disclosure of local content (bsc#1228097) Important SUSE bug 1228097 CVE-2024-40725 at SUSE CVE-2024-40725 at NVD cpe:/o:opensuse:leap:15.6 Security update for protobuf (Important) openSUSE Leap 15.6 This update for protobuf fixes the following issues: - CVE-2024-7254: Fixed stack overflow vulnerability in Protocol Buffer (bsc#1230778) Important SUSE bug 1230778 CVE-2024-7254 at SUSE CVE-2024-7254 at NVD cpe:/o:opensuse:leap:15.6 Security update for cargo-c (Moderate) openSUSE Leap 15.6 This update for cargo-c fixes the following issues: Security fixes: - CVE-2024-45405: Fixed gix-path improper path resolution (bsc#1230683) Other fixes: - Update to version 0.10.3~git0.ee7d7ef: Moderate SUSE bug 1230683 CVE-2024-45405 at SUSE CVE-2024-45405 at NVD cpe:/o:opensuse:leap:15.6 Security update for webkit2gtk3 (Important) openSUSE Leap 15.6 This update for webkit2gtk3 fixes the following issues: Update to version 2.46.0 (bsc#1231039). - CVE-2024-40866 - CVE-2024-44187 Already fixed in version 2.44.3: - CVE-2024-27838 - CVE-2024-27851 Already fixed in version 2.44.2: - CVE-2024-27834 - CVE-2024-27808 - CVE-2024-27820 - CVE-2024-27833 Already fixed in version 2.44.1: - CVE-2024-23222 - CVE-2024-23206 - CVE-2024-23213 - CVE-2024-23271 Important SUSE bug 1231039 CVE-2024-23206 at SUSE CVE-2024-23206 at NVD CVE-2024-23213 at SUSE CVE-2024-23213 at NVD CVE-2024-23222 at SUSE CVE-2024-23222 at NVD CVE-2024-23271 at SUSE CVE-2024-23271 at NVD CVE-2024-27808 at SUSE CVE-2024-27808 at NVD CVE-2024-27820 at SUSE CVE-2024-27820 at NVD CVE-2024-27833 at SUSE CVE-2024-27833 at NVD CVE-2024-27834 at SUSE CVE-2024-27834 at NVD CVE-2024-27838 at SUSE CVE-2024-27838 at NVD CVE-2024-27851 at SUSE CVE-2024-27851 at NVD CVE-2024-40866 at SUSE CVE-2024-40866 at NVD CVE-2024-44187 at SUSE CVE-2024-44187 at NVD CVE-2024-4558 at SUSE CVE-2024-4558 at NVD cpe:/o:opensuse:leap:15.6 Security update for podman (Moderate) openSUSE Leap 15.6 This update for podman fixes the following issues: - CVE-2024-9676: Fixed symlink traversal vulnerability in the containers/storage library that could cause Denial of Service (DoS) (bsc#1231698) Moderate SUSE bug 1231698 CVE-2024-9676 at SUSE CVE-2024-9676 at NVD cpe:/o:opensuse:leap:15.6 Security update for buildah (Moderate) openSUSE Leap 15.6 This update for buildah fixes the following issues: - CVE-2024-9676: Fixed symlink traversal vulnerability in the containers/storage library that could cause Denial of Service (DoS) (bsc#1231698) Moderate SUSE bug 1231698 CVE-2024-9676 at SUSE CVE-2024-9676 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.21-openssl (Important) openSUSE Leap 15.6 This update for go1.21-openssl fixes the following issues: - CVE-2024-24791: Fixed denial of service due to improper 100-continue handling (bsc#1227314) - CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip (bsc#1225973) - CVE-2024-24790: Fixed unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip (bsc#1225974) - CVE-2024-24787: Fixed arbitrary code execution during build on darwin in cmd/go (bsc#1224017) - CVE-2023-45288: Fixed denial of service due to close connections when receiving too many headers in net/http and x/net/http2 (bsc#1221400) - CVE-2023-45289: Fixed incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http and net/http/cookiejar (bsc#1221000) - CVE-2023-45290: Fixed memory exhaustion in Request.ParseMultipartForm in net/http (bsc#1221001) - CVE-2024-24783: Fixed denial of service on certificates with an unknown public key algorithm in crypto/x509 (bsc#1220999) - CVE-2024-24784: Fixed comments in display names are incorrectly handled in net/mail (bsc#1221002) - CVE-2024-24785: Fixed errors returned from MarshalJSON methods may break template escaping in html/template (bsc#1221003) Other fixes: - Update to version 1.21.13.1 cut from the go1.21-fips-release (jsc#SLE-18320) - Update to version 1.21.13 (bsc#1212475) - Remove subpackage go1.x-openssl-libstd for compiled shared object libstd.so. (jsc#PED-1962) - Ensure VERSION file is present in GOROOT as required by go tool dist and go tool distpack (bsc#1219988) Important SUSE bug 1212475 SUSE bug 1219988 SUSE bug 1220999 SUSE bug 1221000 SUSE bug 1221001 SUSE bug 1221002 SUSE bug 1221003 SUSE bug 1221400 SUSE bug 1224017 SUSE bug 1225973 SUSE bug 1225974 SUSE bug 1227314 CVE-2023-45288 at SUSE CVE-2023-45288 at NVD CVE-2023-45289 at SUSE CVE-2023-45289 at NVD CVE-2023-45290 at SUSE CVE-2023-45290 at NVD CVE-2024-24783 at SUSE CVE-2024-24783 at NVD CVE-2024-24784 at SUSE CVE-2024-24784 at NVD CVE-2024-24785 at SUSE CVE-2024-24785 at NVD CVE-2024-24787 at SUSE CVE-2024-24787 at NVD CVE-2024-24789 at SUSE CVE-2024-24789 at NVD CVE-2024-24790 at SUSE CVE-2024-24790 at NVD CVE-2024-24791 at SUSE CVE-2024-24791 at NVD cpe:/o:opensuse:leap:15.6 Security update for pgadmin4 (Important) openSUSE Leap 15.6 This update for pgadmin4 fixes the following issues: - CVE-2024-38355: Fixed socket.io: unhandled 'error' event (bsc#1226967) - CVE-2024-38998: Fixed requirejs: prototype pollution via function config (bsc#1227248) - CVE-2024-38999: Fixed requirejs: prototype pollution via function s.contexts._.configure (bsc#1227252) - CVE-2024-39338: Fixed axios: server-side request forgery due to requests for path relative URLs being processed as protocol relative URLs in axios (bsc#1229423) - CVE-2024-4067: Fixed micromatch: vulnerable to Regular Expression Denial of Service (ReDoS) (bsc#1224366) - CVE-2024-4068: Fixed braces: fails to limit the number of characters it can handle, which could lead to Memory Exhaustion (bsc#1224295) - CVE-2024-43788: Fixed webpack: DOM clobbering gadget in AutoPublicPathRuntimeModule could lead to XSS (bsc#1229861) - CVE-2024-48948: Fixed elliptic: ECDSA signature verification error due to leading zero may reject legitimate transactions in elliptic (bsc#1231684) - CVE-2024-48949: Fixed elliptic: Missing Validation in Elliptic's EDDSA Signature Verification (bsc#1231564) - CVE-2024-9014: Fixed OAuth2 issue that could lead to information leak (bsc#1230928) Important SUSE bug 1224295 SUSE bug 1224366 SUSE bug 1226967 SUSE bug 1227248 SUSE bug 1227252 SUSE bug 1229423 SUSE bug 1229861 SUSE bug 1230928 SUSE bug 1231564 SUSE bug 1231684 CVE-2024-38355 at SUSE CVE-2024-38355 at NVD CVE-2024-38998 at SUSE CVE-2024-38998 at NVD CVE-2024-38999 at SUSE CVE-2024-38999 at NVD CVE-2024-39338 at SUSE CVE-2024-39338 at NVD CVE-2024-4067 at SUSE CVE-2024-4067 at NVD CVE-2024-4068 at SUSE CVE-2024-4068 at NVD CVE-2024-43788 at SUSE CVE-2024-43788 at NVD CVE-2024-48948 at SUSE CVE-2024-48948 at NVD CVE-2024-48949 at SUSE CVE-2024-48949 at NVD CVE-2024-9014 at SUSE CVE-2024-9014 at NVD cpe:/o:opensuse:leap:15.6 Security update for xorg-x11-server (Important) openSUSE Leap 15.6 This update for xorg-x11-server fixes the following issues: - CVE-2024-9632: Fixed heap-based buffer overflow privilege escalation in _XkbSetCompatMap (bsc#1231565). Important SUSE bug 1231565 CVE-2024-9632 at SUSE CVE-2024-9632 at NVD cpe:/o:opensuse:leap:15.6 Security update for xwayland (Important) openSUSE Leap 15.6 This update for xwayland fixes the following issues: - CVE-2024-9632: Fixed heap-based buffer overflow privilege escalation in _XkbSetCompatMap (bsc#1231565). Important SUSE bug 1231565 CVE-2024-9632 at SUSE CVE-2024-9632 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Werkzeug (Moderate) openSUSE Leap 15.6 This update for python-Werkzeug fixes the following issues: - CVE-2024-49767: Fixed possible resource exhaustion when parsing file data in forms (bsc#1232449). Moderate SUSE bug 1232449 CVE-2024-49767 at SUSE CVE-2024-49767 at NVD cpe:/o:opensuse:leap:15.6 Security update for 389-ds (Important) openSUSE Leap 15.6 This update for 389-ds fixes the following issues: - Persist extracted key path for ldap_ssl_client_init over repeat invocations (bsc#1230852) - Re-enable use of .dsrc basedn for dsidm commands (bsc#1231462) - Update to version 2.2.10~git18.20ce9289: * RFE: Use previously extracted key path * Update dsidm to prioritize basedn from .dsrc over interactive input * UI: Instance fails to load when DB backup directory doesn't exist * Improve online import robustness when the server is under load * Ensure all slapi_log_err calls end format strings with newline character \n * RFE: when memberof is enabled, defer updates of members from the update of the group * Provide more information in the error message during setup_ol_tls_conn() * Wrong set of entries returned for some search filters * Schema lib389 object is not keeping custom schema data upon editing * UI: Fix audit issue with npm - micromatch * Fix long delay when setting replication agreement with dsconf * Changelog trims updates from a given RID even if a consumer has not received any of them * test_password_modify_non_utf8 should set default password storage scheme * Update Cargo.lock * Rearrange includes for 32-bit support logic * Fix fedora cop RawHide builds * Bump braces from 3.0.2 to 3.0.3 in /src/cockpit/389-console * Enabling replication for a sub suffix crashes browser * d2entry - Could not open id2entry err 0 - at startup when having sub-suffixes * Slow ldif2db import on a newly created BDB backend * Audit log buffering doesn't handle large updates * RFE: improve the performance of evaluation of filter component when tested against a large valueset (like group members) * passwordHistory is not updated with a pre-hashed password * ns-slapd crash in referint_get_config * Fix the UTC offset print * Fix OpenLDAP version autodetection * RFE: add new operation note for MFA authentications * Add log buffering to audit log * Fix connection timeout error breaking errormap * Improve dsidm CLI No Such Entry handling * Improve connection timeout error logging * Add hidden -v and -j options to each CLI subcommand * Fix various issues with logconv.pl * Fix certificate lifetime displayed as NaN * Enhance Rust and JS bundling and add SPDX licenses for both * Remove audit-ci from dependencies * Fix unused variable warning from previous commit * covscan: fix memory leak in audit log when adding entries * Add a check for tagged commits * dscreate ds-root - accepts relative path * Change replica_id from str to int * Attribute Names changed to lowercase after adding the Attributes * ns-slapd crashes at startup if a backend has no suffix * During an update, if the target entry is reverted in the entry cache, the server should not retry to lock it * Reversion of the entry cache should be limited to BETXN plugin failures * Disable Transparent Huge Pages * Freelist ordering causes high wtime * Security fix for CVE-2024-2199 - VUL-0: CVE-2024-3657: 389-ds: potential denial of service via specially crafted kerberos AS-REQ request (bsc#1225512) - VUL-0: CVE-2024-5953: 389-ds: malformed userPassword hashes may cause a denial of service (bsc#1226277) - 389ds crash when user does change password using iso-8859-1 encoding (bsc#1228912) Important SUSE bug 1225512 SUSE bug 1226277 SUSE bug 1228912 SUSE bug 1230852 SUSE bug 1231462 CVE-2024-2199 at SUSE CVE-2024-2199 at NVD CVE-2024-3657 at SUSE CVE-2024-3657 at NVD CVE-2024-5953 at SUSE CVE-2024-5953 at NVD cpe:/o:opensuse:leap:15.6 Security update for uwsgi (Moderate) openSUSE Leap 15.6 This update for uwsgi fixes the following issues: - CVE-2024-24795: Fixed HTTP Response Splitting in multiple modules (bsc#1222332) Moderate SUSE bug 1222332 CVE-2024-24795 at SUSE CVE-2024-24795 at NVD cpe:/o:opensuse:leap:15.6 Security update for cups-filters (Critical) openSUSE Leap 15.6 This update for cups-filters fixes the following issues: - CVE-2024-47850: cups-browsed can be abused to initiate remote DDoS against third-party targets (bsc#1231294) - CVE-2024-47076: Fixed lack of input sanitization in cfGetPrinterAttributes5 (bsc#1230937). Critical SUSE bug 1230937 SUSE bug 1231294 CVE-2024-47076 at SUSE CVE-2024-47076 at NVD CVE-2024-47850 at SUSE CVE-2024-47850 at NVD cpe:/o:opensuse:leap:15.6 Security update for rubygem-bundler (Important) openSUSE Leap 15.6 This update for rubygem-bundler fixes the following issues: - CVE-2021-43809: Fixed remote execution via Gemfile argument injection (bsc#1193578) Important SUSE bug 1193578 CVE-2021-43809 at SUSE CVE-2021-43809 at NVD cpe:/o:opensuse:leap:15.6 Security update for ruby2.5 (Important) openSUSE Leap 15.6 This update for ruby2.5 fixes the following issues: - CVE-2024-43398: Fixed DoS when parsing a XML that has many deep elements with the same local name attributes (bsc#1229673) - CVE-2024-41123: Fixed DoS when parsing an XML that contains many specific characters such as whitespaces, >] and ]> (bsc#1228794) - CVE-2024-41946: Fixed DoS when parsing an XML that has many entity expansions with SAX2 or pull parser API (bsc#1228799) - CVE-2024-35176: Fixed DoS when parsing an XML that has many left angled brackets in an attribute value (bsc#1224390) - CVE-2024-39908: Fixed ReDos when parsing an XML that has many specific characters (bsc#1228072) Important SUSE bug 1224390 SUSE bug 1228072 SUSE bug 1228794 SUSE bug 1228799 SUSE bug 1229673 CVE-2024-35176 at SUSE CVE-2024-35176 at NVD CVE-2024-39908 at SUSE CVE-2024-39908 at NVD CVE-2024-41123 at SUSE CVE-2024-41123 at NVD CVE-2024-41946 at SUSE CVE-2024-41946 at NVD CVE-2024-43398 at SUSE CVE-2024-43398 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-11-openjdk (Moderate) openSUSE Leap 15.6 This update for java-11-openjdk fixes the following issues: Updated to version 11.0.25+9 (October 2024 CPU): - CVE-2024-21208: Fixed partial DoS in component Networking (bsc#1231702) - CVE-2024-21210: Fixed unauthorized read/write access to data in component Hotspot (bsc#1231711) - CVE-2024-21217: Fixed partial DoS in component Serialization (bsc#1231716) - CVE-2024-21235: Fixed unauthorized read/write access to data in component Hotspot (bsc#1231719) Moderate SUSE bug 1231702 SUSE bug 1231711 SUSE bug 1231716 SUSE bug 1231719 CVE-2024-21208 at SUSE CVE-2024-21208 at NVD CVE-2024-21210 at SUSE CVE-2024-21210 at NVD CVE-2024-21217 at SUSE CVE-2024-21217 at NVD CVE-2024-21235 at SUSE CVE-2024-21235 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-waitress (Important) openSUSE Leap 15.6 This update for python-waitress fixes the following issues: - CVE-2024-49768: Fixed request processing race condition in HTTP pipelining with invalid first request when lookahead is enabled (bsc#1232556) - CVE-2024-49769: Fixed incorrect connection clean up leads to a busy-loop and resource exhaustion (bsc#1232554) Important SUSE bug 1232554 SUSE bug 1232556 CVE-2024-49768 at SUSE CVE-2024-49768 at NVD CVE-2024-49769 at SUSE CVE-2024-49769 at NVD cpe:/o:opensuse:leap:15.6 Security update for rubygem-actionpack-5_1 (Moderate) openSUSE Leap 15.6 This update for rubygem-actionpack-5_1 fixes the following issues: - CVE-2024-47887: Fixed Possible ReDoS vulnerability in HTTP Token authentication in Action Controller (bsc#1231729). - CVE-2024-42228: Fixed uninitialized value *size when calling amdgpu_vce_cs_reloc (bsc#1228667). Moderate SUSE bug 1228667 SUSE bug 1231729 CVE-2024-42228 at SUSE CVE-2024-42228 at NVD CVE-2024-47887 at SUSE CVE-2024-47887 at NVD cpe:/o:opensuse:leap:15.6 Security update for rubygem-actionmailer-5_1 (Moderate) openSUSE Leap 15.6 This update for rubygem-actionmailer-5_1 fixes the following issues: - CVE-2024-47889: Fixed Possible ReDoS vulnerability in block_format in Action Mailer (bsc#1231723). Moderate SUSE bug 1231723 CVE-2024-47889 at SUSE CVE-2024-47889 at NVD cpe:/o:opensuse:leap:15.6 Security update for python3 (Moderate) openSUSE Leap 15.6 This update for python3 fixes the following issues: Security fixes: - CVE-2024-9287: properly quote path names provided when creating a virtual environment (bsc#1232241) Other fixes: - Drop .pyc files from docdir for reproducible builds (bsc#1230906) Moderate SUSE bug 1230906 SUSE bug 1232241 CVE-2024-9287 at SUSE CVE-2024-9287 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaFirefox (Important) openSUSE Leap 15.6 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 128.4.0 ESR (bsc#1231879): - CVE-2024-10458: Permission leak via embed or object elements - CVE-2024-10459: Use-after-free in layout with accessibility - CVE-2024-10460: Confusing display of origin for external protocol handler prompt - CVE-2024-10461: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response - CVE-2024-10462: Origin of permission prompt could be spoofed by long URL - CVE-2024-10463: Cross origin video frame leak - CVE-2024-10464: History interface could have been used to cause a Denial of Service condition in the browser - CVE-2024-10465: Clipboard 'paste' button persisted across tabs - CVE-2024-10466: DOM push subscription message could hang Firefox - CVE-2024-10467: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4 Important SUSE bug 1231879 CVE-2024-10458 at SUSE CVE-2024-10458 at NVD CVE-2024-10459 at SUSE CVE-2024-10459 at NVD CVE-2024-10460 at SUSE CVE-2024-10460 at NVD CVE-2024-10461 at SUSE CVE-2024-10461 at NVD CVE-2024-10462 at SUSE CVE-2024-10462 at NVD CVE-2024-10463 at SUSE CVE-2024-10463 at NVD CVE-2024-10464 at SUSE CVE-2024-10464 at NVD CVE-2024-10465 at SUSE CVE-2024-10465 at NVD CVE-2024-10466 at SUSE CVE-2024-10466 at NVD CVE-2024-10467 at SUSE CVE-2024-10467 at NVD cpe:/o:opensuse:leap:15.6 Security update for openssl-1_1 (Moderate) openSUSE Leap 15.6 This update for openssl-1_1 fixes the following issues: Security fixes: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) Other fixes: - FIPS: AES GCM external IV implementation (bsc#1228618) - FIPS: Mark PBKDF2 and HKDF HMAC input keys with size >= 112 bits as approved in the SLI. (bsc#1228623) - FIPS: Enforce KDF in FIPS style (bsc#1224270) - FIPS: Mark HKDF and TLSv1.3 KDF as approved in the SLI (bsc#1228619) - FIPS: The X9.31 scheme is not approved for RSA signature operations in FIPS 186-5. (bsc#1224269) - FIPS: Differentiate the PSS length requirements (bsc#1224275) - FIPS: Mark sigGen and sigVer primitives as non-approved (bsc#1224272) - FIPS: Disable PKCSv1.5 and shake in FIPS mode (bsc#1224271) - FIPS: Mark SHA1 as non-approved in the SLI (bsc#1224266) - FIPS: DH FIPS selftest and safe prime group (bsc#1224264) - FIPS: Remove not needed FIPS DRBG files (bsc#1224268) - FIPS: Add Pair-wise Consistency Test when generating DH key (bsc#1224265) - FIPS: Disallow non-approved KDF types (bsc#1224267) - FIPS: Disallow RSA sigVer with 1024 and ECDSA sigVer/keyVer P-192 (bsc#1224273) - FIPS: DRBG component chaining (bsc#1224258) - FIPS: Align CRNGT_BUFSIZ with Jitter RNG output size (bsc#1224260) Moderate SUSE bug 1220262 SUSE bug 1224258 SUSE bug 1224260 SUSE bug 1224264 SUSE bug 1224265 SUSE bug 1224266 SUSE bug 1224267 SUSE bug 1224268 SUSE bug 1224269 SUSE bug 1224270 SUSE bug 1224271 SUSE bug 1224272 SUSE bug 1224273 SUSE bug 1224275 SUSE bug 1228618 SUSE bug 1228619 SUSE bug 1228623 CVE-2023-50782 at SUSE CVE-2023-50782 at NVD cpe:/o:opensuse:leap:15.6 Security update for libgsf (Important) openSUSE Leap 15.6 This update for libgsf fixes the following issues: - CVE-2024-42415, CVE-2024-36474: Fixed integer overflows affecting memory allocation (bsc#1231282, bsc#1231283). Important SUSE bug 1231282 SUSE bug 1231283 CVE-2024-36474 at SUSE CVE-2024-36474 at NVD CVE-2024-42415 at SUSE CVE-2024-42415 at NVD cpe:/o:opensuse:leap:15.6 Security update for gradle (Important) openSUSE Leap 15.6 This update for gradle fixes the following issues: - CVE-2023-35947: Fixed an issue while unpacking tar archives, where files could be created outside of the unpack location (bsc#1212931). Important SUSE bug 1212931 CVE-2023-35947 at SUSE CVE-2023-35947 at NVD cpe:/o:opensuse:leap:15.6 Security update for python310 (Moderate) openSUSE Leap 15.6 This update for python310 fixes the following issues: - CVE-2024-9287: Fixed quoted path names provided when creating a virtual environment (bsc#1232241). Bug fixes: - Drop .pyc files from docdir for reproducible builds (bsc#1230906). Moderate SUSE bug 1230906 SUSE bug 1232241 CVE-2024-9287 at SUSE CVE-2024-9287 at NVD cpe:/o:opensuse:leap:15.6 Security update for curl (Moderate) openSUSE Leap 15.6 This update for curl fixes the following issues: - CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528) Moderate SUSE bug 1232528 CVE-2024-9681 at SUSE CVE-2024-9681 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.23-openssl (Important) openSUSE Leap 15.6 This update for go1.23-openssl fixes the following issues: This update ships go1.23-openssl version 1.23.2.2. (jsc#SLE-18320) - go1.23.2 (released 2024-10-01) includes fixes to the compiler, cgo, the runtime, and the maps, os, os/exec, time, and unique packages. * go#69119 os: double close pidfd if caller uses pidfd updated by os.StartProcess * go#69156 maps: segmentation violation in maps.Clone * go#69219 cmd/cgo: alignment issue with int128 inside of a struct * go#69240 unique: fatal error: found pointer to free object * go#69333 runtime,time: timer.Stop returns false even when no value is read from the channel * go#69383 unique: large string still referenced, after interning only a small substring * go#69402 os/exec: resource leak on exec failure * go#69511 cmd/compile: mysterious crashes and non-determinism with range over func - Update to version 1.23.1.1 cut from the go1.23-fips-release branch at the revision tagged go1.23.1-1-openssl-fips. * Update to Go 1.23.1 (#238) - go1.23.1 (released 2024-09-05) includes security fixes to the encoding/gob, go/build/constraint, and go/parser packages, as well as bug fixes to the compiler, the go command, the runtime, and the database/sql, go/types, os, runtime/trace, and unique packages. CVE-2024-34155 CVE-2024-34156 CVE-2024-34158: - go#69143 go#69138 bsc#1230252 security: fix CVE-2024-34155 go/parser: stack exhaustion in all Parse* functions - go#69145 go#69139 bsc#1230253 security: fix CVE-2024-34156 encoding/gob: stack exhaustion in Decoder.Decode - go#69149 go#69141 bsc#1230254 security: fix CVE-2024-34158 go/build/constraint: stack exhaustion in Parse - go#68812 os: TestChtimes failures - go#68894 go/types: 'under' panics on Alias type - go#68905 cmd/compile: error in Go 1.23.0 with generics, type aliases and indexing - go#68907 os: CopyFS overwrites existing file in destination. - go#68973 cmd/cgo: aix c-archive corrupting stack - go#68992 unique: panic when calling unique.Make with string casted as any - go#68994 cmd/go: any invocation creates read-only telemetry configuration file under GOMODCACHE - go#68995 cmd/go: multi-arch build via qemu fails to exec go binary - go#69041 database/sql: panic in database/sql.(*connRequestSet).deleteIndex - go#69087 runtime/trace: crash during traceAdvance when collecting call stack for cgo-calling goroutine - go#69094 cmd/go: breaking change in 1.23rc2 with version constraints in GOPATH mode - go1.23 (released 2024-08-13) is a major release of Go. go1.23.x minor releases will be provided through August 2025. https://github.com/golang/go/wiki/Go-Release-Cycle go1.23 arrives six months after go1.22. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. * Language change: Go 1.23 makes the (Go 1.22) 'range-over-func' experiment a part of the language. The 'range' clause in a 'for-range' loop now accepts iterator functions of the following types: func(func() bool) func(func(K) bool) func(func(K, V) bool) as range expressions. Calls of the iterator argument function produce the iteration values for the 'for-range' loop. For details see the iter package documentation and the language spec. For motivation see the 2022 'range-over-func' discussion. * Language change: Go 1.23 includes preview support for generic type aliases. Building the toolchain with GOEXPERIMENT=aliastypeparams enables this feature within a package. (Using generic alias types across package boundaries is not yet supported.) * Opt-in Telemetry: Starting in Go 1.23, the Go toolchain can collect usage and breakage statistics that help the Go team understand how the Go toolchain is used and how well it is working. We refer to these statistics as Go telemetry. Go telemetry is an opt-in system, controlled by the go telemetry command. By default, the toolchain programs collect statistics in counter files that can be inspected locally but are otherwise unused (go telemetry local). To help us keep Go working well and understand Go usage, please consider opting in to Go telemetry by running go telemetry on. In that mode, anonymous counter reports are uploaded to telemetry.go.dev weekly, where they are aggregated into graphs and also made available for download by any Go contributors or users wanting to analyze the data. See 'Go Telemetry' for more details about the Go Telemetry system. * go command: Setting the GOROOT_FINAL environment variable no longer has an effect (#62047). Distributions that install the go command to a location other than $GOROOT/bin/go should install a symlink instead of relocating or copying the go binary. * go command: The new go env -changed flag causes the command to print only those settings whose effective value differs from the default value that would be obtained in an empty environment with no prior uses of the -w flag. * go command: The new go mod tidy -diff flag causes the command not to modify the files but instead print the necessary changes as a unified diff. It exits with a non-zero code if updates are needed. * go command: The go list -m -json command now includes new Sum and GoModSum fields. This is similar to the existing behavior of the go mod download -json command. * go command: The new godebug directive in go.mod and go.work declares a GODEBUG setting to apply for the work module or workspace in use. * go vet: The go vet subcommand now includes the stdversion analyzer, which flags references to symbols that are too new for the version of Go in effect in the referring file. (The effective version is determined by the go directive in the file's enclosing go.mod file, and by any //go:build constraints in the file.) For example, it will report a diagnostic for a reference to the reflect.TypeFor function (introduced in go1.22) from a file in a module whose go.mod file specifies go 1.21. * cgo: cmd/cgo supports the new -ldflags flag for passing flags to the C linker. The go command uses it automatically, avoiding 'argument list too long' errors with a very large CGO_LDFLAGS. * go trace: The trace tool now better tolerates partially broken traces by attempting to recover what trace data it can. This functionality is particularly helpful when viewing a trace that was collected during a program crash, since the trace data leading up to the crash will now be recoverable under most circumstances. * Runtime: The traceback printed by the runtime after an unhandled panic or other fatal error now indents the second and subsequent lines of the error message (for example, the argument to panic) by a single tab, so that it can be unambiguously distinguished from the stack trace of the first goroutine. See go#64590 for discussion. * Compiler: The build time overhead to building with Profile Guided Optimization has been reduced significantly. Previously, large builds could see 100%+ build time increase from enabling PGO. In Go 1.23, overhead should be in the single digit percentages. * Compiler: The compiler in Go 1.23 can now overlap the stack frame slots of local variables accessed in disjoint regions of a function, which reduces stack usage for Go applications. * Compiler: For 386 and amd64, the compiler will use information from PGO to align certain hot blocks in loops. This improves performance an additional 1-1.5% at a cost of an additional 0.1% text and binary size. This is currently only implemented on 386 and amd64 because it has not shown an improvement on other platforms. Hot block alignment can be disabled with -gcflags=[<packages>=]-d=alignhot=0. * Linker: The linker now disallows using a //go:linkname directive to refer to internal symbols in the standard library (including the runtime) that are not marked with //go:linkname on their definitions. Similarly, the linker disallows references to such symbols from assembly code. For backward compatibility, existing usages of //go:linkname found in a large open-source code corpus remain supported. Any new references to standard library internal symbols will be disallowed. * Linker: A linker command line flag -checklinkname=0 can be used to disable this check, for debugging and experimenting purposes. * Linker: When building a dynamically linked ELF binary (including PIE binary), the new -bindnow flag enables immediate function binding. * Standard library changes: * timer: 1.23 makes two significant changes to the implementation of time.Timer and time.Ticker. First, Timers and Tickers that are no longer referred to by the program become eligible for garbage collection immediately, even if their Stop methods have not been called. Earlier versions of Go did not collect unstopped Timers until after they had fired and never collected unstopped Tickers. Second, the timer channel associated with a Timer or Ticker is now unbuffered, with capacity 0. The main effect of this change is that Go now guarantees that for any call to a Reset or Stop method, no stale values prepared before that call will be sent or received after the call. Earlier versions of Go used channels with a one-element buffer, making it difficult to use Reset and Stop correctly. A visible effect of this change is that len and cap of timer channels now returns 0 instead of 1, which may affect programs that poll the length to decide whether a receive on the timer channel will succeed. Such code should use a non-blocking receive instead. These new behaviors are only enabled when the main Go program is in a module with a go.mod go line using Go 1.23.0 or later. When Go 1.23 builds older programs, the old behaviors remain in effect. The new GODEBUG setting asynctimerchan=1 can be used to revert back to asynchronous channel behaviors even when a program names Go 1.23.0 or later in its go.mod file. * unique: The new unique package provides facilities for canonicalizing values (like 'interning' or 'hash-consing'). Any value of comparable type may be canonicalized with the new Make[T] function, which produces a reference to a canonical copy of the value in the form of a Handle[T]. Two Handle[T] are equal if and only if the values used to produce the handles are equal, allowing programs to deduplicate values and reduce their memory footprint. Comparing two Handle[T] values is efficient, reducing down to a simple pointer comparison. * iter: The new iter package provides the basic definitions for working with user-defined iterators. * slices: The slices package adds several functions that work with iterators: - All returns an iterator over slice indexes and values. - Values returns an iterator over slice elements. - Backward returns an iterator that loops over a slice backward. - Collect collects values from an iterator into a new slice. - AppendSeq appends values from an iterator to an existing slice. - Sorted collects values from an iterator into a new slice, and then sorts the slice. - SortedFunc is like Sorted but with a comparison function. - SortedStableFunc is like SortFunc but uses a stable sort algorithm. - Chunk returns an iterator over consecutive sub-slices of up to n elements of a slice. * maps: The maps package adds several functions that work with iterators: - All returns an iterator over key-value pairs from a map. - Keys returns an iterator over keys in a map. - Values returns an iterator over values in a map. - Insert adds the key-value pairs from an iterator to an existing map. - Collect collects key-value pairs from an iterator into a new map and returns it. * structs: The new structs package provides types for struct fields that modify properties of the containing struct type such as memory layout. In this release, the only such type is HostLayout which indicates that a structure with a field of that type has a layout that conforms to host platform expectations. * Minor changes to the standard library: As always, there are various minor changes and updates to the library, made with the Go 1 promise of compatibility in mind. * archive/tar: If the argument to FileInfoHeader implements the new FileInfoNames interface, then the interface methods will be used to set the Uname/Gname of the file header. This allows applications to override the system-dependent Uname/Gname lookup. * crypto/tls: The TLS client now supports the Encrypted Client Hello draft specification. This feature can be enabled by setting the Config.EncryptedClientHelloConfigList field to an encoded ECHConfigList for the host that is being connected to. * crypto/tls: The QUICConn type used by QUIC implementations includes new events reporting on the state of session resumption, and provides a way for the QUIC layer to add data to session tickets and session cache entries. * crypto/tls: 3DES cipher suites were removed from the default list used when Config.CipherSuites is nil. The default can be reverted by adding tls3des=1 to the GODEBUG environment variable. * crypto/tls: The experimental post-quantum key exchange mechanism X25519Kyber768Draft00 is now enabled by default when Config.CurvePreferences is nil. The default can be reverted by adding tlskyber=0 to the GODEBUG environment variable. * crypto/tls: Go 1.23 changed the behavior of X509KeyPair and LoadX509KeyPair to populate the Certificate.Leaf field of the returned Certificate. The new x509keypairleaf GODEBUG setting is added for this behavior. * crypto/x509: CreateCertificateRequest now correctly supports RSA-PSS signature algorithms. * crypto/x509: CreateCertificateRequest and CreateRevocationList now verify the generated signature using the signer's public key. If the signature is invalid, an error is returned. This has been the behavior of CreateCertificate since Go 1.16. * crypto/x509: The x509sha1 GODEBUG setting will be removed in the next Go major release (Go 1.24). This will mean that crypto/x509 will no longer support verifying signatures on certificates that use SHA-1 based signature algorithms. * crypto/x509: The new ParseOID function parses a dot-encoded ASN.1 Object Identifier string. The OID type now implements the encoding.BinaryMarshaler, encoding.BinaryUnmarshaler, encoding.TextMarshaler, encoding.TextUnmarshaler interfaces. database/sql * crypto/x509: Errors returned by driver.Valuer implementations are now wrapped for improved error handling during operations like DB.Query, DB.Exec, and DB.QueryRow. * debug/elf: The debug/elf package now defines PT_OPENBSD_NOBTCFI. This ProgType is used to disable Branch Tracking Control Flow Integrity (BTCFI) enforcement on OpenBSD binaries. * debug/elf: Now defines the symbol type constants STT_RELC, STT_SRELC, and STT_GNU_IFUNC. * encoding/binary The new Encode and Decode functions are byte slice equivalents to Read and Write. Append allows marshaling multiple data into the same byte slice. * go/ast: The new Preorder function returns a convenient iterator over all the nodes of a syntax tree. * go/types: The Func type, which represents a function or method symbol, now has a Func.Signature method that returns the function's type, which is always a Signature. * go/types: The Alias type now has an Rhs method that returns the type on the right-hand side of its declaration: given type A = B, the Rhs of A is B. (go#66559) * go/types: The methods Alias.Origin, Alias.SetTypeParams, Alias.TypeParams, and Alias.TypeArgs have been added. They are needed for generic alias types. * go/types: By default, go/types now produces Alias type nodes for type aliases. This behavior can be controlled by the GODEBUG gotypesalias flag. Its default has changed from 0 in Go 1.22 to 1 in Go 1.23. * math/rand/v2: The Uint function and Rand.Uint method have been added. They were inadvertently left out of Go 1.22. * math/rand/v2: The new ChaCha8.Read method implements the io.Reader interface. * net: The new type KeepAliveConfig permits fine-tuning the keep-alive options for TCP connections, via a new TCPConn.SetKeepAliveConfig method and new KeepAliveConfig fields for Dialer and ListenConfig. * net: The DNSError type now wraps errors caused by timeouts or cancellation. For example, errors.Is(someDNSErr, context.DeadlineExceedeed) will now report whether a DNS error was caused by a timeout. * net: The new GODEBUG setting netedns0=0 disables sending EDNS0 additional headers on DNS requests, as they reportedly break the DNS server on some modems. * net/http: Cookie now preserves double quotes surrounding a cookie value. The new Cookie.Quoted field indicates whether the Cookie.Value was originally quoted. * net/http: The new Request.CookiesNamed method retrieves all cookies that match the given name. * net/http: The new Cookie.Partitioned field identifies cookies with the Partitioned attribute. * net/http: The patterns used by ServeMux now allow one or more spaces or tabs after the method name. Previously, only a single space was permitted. * net/http: The new ParseCookie function parses a Cookie header value and returns all the cookies which were set in it. Since the same cookie name can appear multiple times the returned Values can contain more than one value for a given key. * net/http: The new ParseSetCookie function parses a Set-Cookie header value and returns a cookie. It returns an error on syntax error. * net/http: ServeContent, ServeFile, and ServeFileFS now remove the Cache-Control, Content-Encoding, Etag, and Last-Modified headers when serving an error. These headers usually apply to the non-error content, but not to the text of errors. * net/http: Middleware which wraps a ResponseWriter and applies on-the-fly encoding, such as Content-Encoding: gzip, will not function after this change. The previous behavior of ServeContent, ServeFile, and ServeFileFS may be restored by setting GODEBUG=httpservecontentkeepheaders=1. Note that middleware which changes the size of the served content (such as by compressing it) already does not function properly when ServeContent handles a Range request. On-the-fly compression should use the Transfer-Encoding header instead of Content-Encoding. * net/http: For inbound requests, the new Request.Pattern field contains the ServeMux pattern (if any) that matched the request. This field is not set when GODEBUG=httpmuxgo121=1 is set. * net/http/httptest: The new NewRequestWithContext method creates an incoming request with a context.Context. * net/netip: In Go 1.22 and earlier, using reflect.DeepEqual to compare an Addr holding an IPv4 address to one holding the IPv4-mapped IPv6 form of that address incorrectly returned true, even though the Addr values were different when comparing with == or Addr.Compare. This bug is now fixed and all three approaches now report the same result. * os: The Stat function now sets the ModeSocket bit for files that are Unix sockets on Windows. These files are identified by having a reparse tag set to IO_REPARSE_TAG_AF_UNIX. * os: On Windows, the mode bits reported by Lstat and Stat for reparse points changed. Mount points no longer have ModeSymlink set, and reparse points that are not symlinks, Unix sockets, or dedup files now always have ModeIrregular set. This behavior is controlled by the winsymlink setting. For Go 1.23, it defaults to winsymlink=1. Previous versions default to winsymlink=0. * os: The CopyFS function copies an io/fs.FS into the local filesystem. * os: On Windows, Readlink no longer tries to normalize volumes to drive letters, which was not always even possible. This behavior is controlled by the winreadlinkvolume setting. For Go 1.23, it defaults to winreadlinkvolume=1. Previous versions default to winreadlinkvolume=0. * os: On Linux with pidfd support (generally Linux v5.4+), Process-related functions and methods use pidfd (rather than PID) internally, eliminating potential mistargeting when a PID is reused by the OS. Pidfd support is fully transparent to a user, except for additional process file descriptors that a process may have. * path/filepath: The new Localize function safely converts a slash-separated path into an operating system path. * path/filepath: On Windows, EvalSymlinks no longer evaluates mount points, which was a source of many inconsistencies and bugs. This behavior is controlled by the winsymlink setting. For Go 1.23, it defaults to winsymlink=1. Previous versions default to winsymlink=0. * path/filepath: On Windows, EvalSymlinks no longer tries to normalize volumes to drive letters, which was not always even possible. This behavior is controlled by the winreadlinkvolume setting. For Go 1.23, it defaults to winreadlinkvolume=1. Previous versions default to winreadlinkvolume=0. * reflect: The new methods synonymous with the methods of the same name in Value are added to Type: - Type.OverflowComplex - Type.OverflowFloat - Type.OverflowInt - Type.OverflowUint * reflect: The new SliceAt function is analogous to NewAt, but for slices. * reflect: The Value.Pointer and Value.UnsafePointer methods now support values of kind String. * reflect: The new methods Value.Seq and Value.Seq2 return sequences that iterate over the value as though it were used in a for/range loop. The new methods Type.CanSeq and Type.CanSeq2 report whether calling Value.Seq and Value.Seq2, respectively, will succeed without panicking. * runtime/debug: The SetCrashOutput function allows the user to specify an alternate file to which the runtime should write its fatal crash report. It may be used to construct an automated reporting mechanism for all unexpected crashes, not just those in goroutines that explicitly use recover. * runtime/pprof: The maximum stack depth for alloc, mutex, block, threadcreate and goroutine profiles has been raised from 32 to 128 frames. * runtime/trace: The runtime now explicitly flushes trace data when a program crashes due to an uncaught panic. This means that more complete trace data will be available in a trace if the program crashes while tracing is active. * slices: The Repeat function returns a new slice that repeats the provided slice the given number of times. * sync: The Map.Clear method deletes all the entries, resulting in an empty Map. It is analogous to clear. * sync/atomic: The new And and Or operators apply a bitwise AND or OR to the given input, returning the old value. * syscall: The syscall package now defines WSAENOPROTOOPT on Windows. * syscall: The GetsockoptInt function is now supported on Windows. * testing/fstest: TestFS now returns a structured error that can be unwrapped (via method Unwrap() []error). This allows inspecting errors using errors.Is or errors.As. * text/template: Templates now support the new 'else with' action, which reduces template complexity in some use cases. * time: Parse and ParseInLocation now return an error if the time zone offset is out of range. * unicode/utf16: The RuneLen function returns the number of 16-bit words in the UTF-16 encoding of the rune. It returns -1 if the rune is not a valid value to encode in UTF-16. * Port: Darwin: As announced in the Go 1.22 release notes, Go 1.23 requires macOS 11 Big Sur or later; support for previous versions has been discontinued. * Port: Linux: Go 1.23 is the last release that requires Linux kernel version 2.6.32 or later. Go 1.24 will require Linux kernel version 3.17 or later, with an exception that systems running 3.10 or later will continue to be supported if the kernel has been patched to support the getrandom system call. * Port: OpenBSD: Go 1.23 adds experimental support for OpenBSD on 64-bit RISC-V (GOOS=openbsd, GOARCH=riscv64). * Port: ARM64: Go 1.23 introduces a new GOARM64 environment variable, which specifies the minimum target version of the ARM64 architecture at compile time. Allowed values are v8.{0-9} and v9.{0-5}. This may be followed by an option specifying extensions implemented by target hardware. Valid options are ,lse and ,crypto. The GOARM64 environment variable defaults to v8.0. * Port: RISC-V: Go 1.23 introduces a new GORISCV64 environment variable, which selects the RISC-V user-mode application profile for which to compile. Allowed values are rva20u64 and rva22u64. The GORISCV64 environment variable defaults to rva20u64. * Port: Wasm: The go_wasip1_wasm_exec script in GOROOT/misc/wasm has dropped support for versions of wasmtime < 14.0.0. Important SUSE bug 1229122 SUSE bug 1230252 SUSE bug 1230253 SUSE bug 1230254 CVE-2024-34155 at SUSE CVE-2024-34155 at NVD CVE-2024-34156 at SUSE CVE-2024-34156 at NVD CVE-2024-34158 at SUSE CVE-2024-34158 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.22-openssl (Important) openSUSE Leap 15.6 This update for go1.22-openssl fixes the following issues: This update ships go1.22-openssl 1.22.7.1 (jsc#SLE-18320) - Update to version 1.22.7.1 cut from the go1.22-fips-release branch at the revision tagged go1.22.7-1-openssl-fips. * Update to Go 1.22.7 (#229) - go1.22.7 (released 2024-09-05) includes security fixes to the encoding/gob, go/build/constraint, and go/parser packages, as well as bug fixes to the fix command and the runtime. CVE-2024-34155 CVE-2024-34156 CVE-2024-34158: - go#69142 go#69138 bsc#1230252 security: fix CVE-2024-34155 go/parser: stack exhaustion in all Parse* functions (CVE-2024-34155) - go#69144 go#69139 bsc#1230253 security: fix CVE-2024-34156 encoding/gob: stack exhaustion in Decoder.Decode (CVE-2024-34156) - go#69148 go#69141 bsc#1230254 security: fix CVE-2024-34158 go/build/constraint: stack exhaustion in Parse (CVE-2024-34158) - go#68811 os: TestChtimes failures - go#68825 cmd/fix: fails to run on modules whose go directive value is in '1.n.m' format introduced in Go 1.21.0 - go#68972 cmd/cgo: aix c-archive corrupting stack - go1.22.6 (released 2024-08-06) includes fixes to the go command, the compiler, the linker, the trace command, the covdata command, and the bytes, go/types, and os/exec packages. * go#68594 cmd/compile: internal compiler error with zero-size types * go#68546 cmd/trace/v2: pprof profiles always empty * go#68492 cmd/covdata: too many open files due to defer f.Close() in for loop * go#68475 bytes: IndexByte can return -4294967295 when memory usage is above 2^31 on js/wasm * go#68370 go/types: assertion failure in recent range statement checking logic * go#68331 os/exec: modifications to Path ignored when *Cmd is created using Command with an absolute path on Windows * go#68230 cmd/compile: inconsistent integer arithmetic result on Go 1.22+arm64 with/without -race * go#68222 cmd/go: list with -export and -covermode=atomic fails to build * go#68198 cmd/link: issues with Xcode 16 beta - Update to version 1.22.5.3 cut from the go1.22-fips-release branch at the revision tagged go1.22.5-3-openssl-fips. * Only load openssl if fips == '1' Avoid loading openssl whenever GOLANG_FIPS is not 1. Previously only an unset variable would cause the library load to be skipped, but users may also expect to be able to set eg. GOLANG_FIPS=0 in environments without openssl. - Update to version 1.22.5.2 cut from the go1.22-fips-release branch at the revision tagged go1.22.5-2-openssl-fips. * Only load OpenSSL when in FIPS mode - Update to version 1.22.5.1 cut from the go1.22-fips-release branch at the revision tagged go1.22.5-1-openssl-fips. * Update to go1.22.5 - go1.22.5 (released 2024-07-02) includes security fixes to the net/http package, as well as bug fixes to the compiler, cgo, the go command, the linker, the runtime, and the crypto/tls, go/types, net, net/http, and os/exec packages. CVE-2024-24791: * go#68200 go#67555 bsc#1227314 security: fix CVE CVE-2024-24791 net/http: expect: 100-continue handling is broken in various ways * go#65983 cmd/compile: hash of unhashable type * go#65994 crypto/tls: segfault when calling tlsrsakex.IncNonDefault() * go#66598 os/exec: calling Cmd.Start after setting Cmd.Path manually to absolute path without '.exe' no longer implicitly adds '.exe' in Go 1.22 * go#67298 runtime: 'fatal: morestack on g0' on amd64 after upgrade to Go 1.21, stale bounds * go#67715 cmd/cgo/internal/swig,cmd/go,x/build: swig cgo tests incompatible with C++ toolchain on builders * go#67798 cmd/compile: internal compiler error: unexpected type: <nil> (<nil>) in for-range * go#67820 cmd/compile: package-level variable initialization with constant dependencies doesn't match order specified in Go spec * go#67850 go/internal/gccgoimporter: go building failing with gcc 14.1.0 * go#67934 net: go DNS resolver fails to connect to local DNS server * go#67945 cmd/link: using -fuzz with test that links with cgo on darwin causes linker failure * go#68052 cmd/go: go list -u -m all fails loading module retractions: module requires go >= 1.N+1 (running go 1.N) * go#68122 cmd/link: runtime.mach_vm_region_trampoline: unsupported dynamic relocation for symbol libc_mach_task_self_ (type=29 (R_GOTPCREL) stype=46 (SDYNIMPORT)) - Update to version 1.22.4.1 cut from the go1.22-fips-release branch at the revision tagged go1.22.4-1-openssl-fips. * Update to go1.22.4 - go1.22.4 (released 2024-06-04) includes security fixes to the archive/zip and net/netip packages, as well as bug fixes to the compiler, the go command, the linker, the runtime, and the os package. CVE-2024-24789 CVE-2024-24790: * go#67554 go#66869 bsc#1225973 security: fix CVE-2024-24789 archive/zip: EOCDR comment length handling is inconsistent with other ZIP implementations * go#67682 go#67680 bsc#1225974 security: fix CVE-2024-24790 net/netip: unexpected behavior from Is methods for IPv4-mapped IPv6 addresses * go#67188 runtime/metrics: /memory/classes/heap/unused:bytes spikes * go#67212 cmd/compile: SIGBUS unaligned access on mips64 via qemu-mips64 * go#67236 cmd/go: mod tidy reports toolchain not available with 'go 1.21' * go#67258 runtime: unexpected fault address 0 * go#67311 cmd/go: TestScript/gotoolchain_issue66175 fails on tip locally * go#67314 cmd/go,cmd/link: TestScript/build_issue48319 and TestScript/build_plugin_reproducible failing on LUCI gotip-darwin-amd64-longtest builder due to non-reproducible LC_UUID * go#67352 crypto/x509: TestPlatformVerifier failures on Windows due to broken connections * go#67460 cmd/compile: internal compiler error: panic with range over integer value * go#67527 cmd/link: panic: machorelocsect: size mismatch * go#67650 runtime: SIGSEGV after performing clone(CLONE_PARENT) via C constructor prior to runtime start * go#67696 os: RemoveAll susceptible to symlink race - Update to version 1.22.3.3 cut from the go1.22-fips-release branch at the revision tagged go1.22.3-3-openssl-fips. * config: update openssl backend (#201) - Update to version 1.22.3.2 cut from the go1.22-fips-release branch at the revision tagged go1.22.3-2-openssl-fips. * patches: restore signature of HashSign/HashVerify (#199) - Update to version 1.22.3.1 cut from the go1.22-fips-release branch at the revision tagged go1.22.3-1-openssl-fips. * Update to go1.22.3 * fix: rename patch file * Backport change https://go-review.googlesource.com/c/go/+/554615 to Go1.22 (#193) runtime: crash asap and extend total sleep time for slow machine in test Running with few threads usually does not need 500ms to crash, so let it crash as soon as possible. While the test may caused more time on slow machine, try to expand the sleep time in test. * cmd/go: re-enable CGO for Go toolchain commands (#190) * crypto/ecdsa: Restore HashSign and HashVerify (#189) - go1.22.3 (released 2024-05-07) includes security fixes to the go command and the net package, as well as bug fixes to the compiler, the runtime, and the net/http package. CVE-2024-24787 CVE-2024-24788: * go#67122 go#67119 bsc#1224017 security: fix CVE-2024-24787 cmd/go: arbitrary code execution during build on darwin * go#67040 go#66754 bsc#1224018 security: fix CVE-2024-24788 net: high cpu usage in extractExtendedRCode * go#67018 cmd/compile: Go 1.22.x failed to be bootstrapped from 386 to ppc64le * go#67017 cmd/compile: changing a hot concrete method to interface method triggers a PGO ICE * go#66886 runtime: deterministic fallback hashes across process boundary * go#66698 net/http: TestRequestLimit/h2 becomes significantly more expensive and slower after x/net@v0.23.0 - Update to version 1.22.2.1 cut from the go1.22-fips-release branch at the revision tagged go1.22.2-1-openssl-fips. * Update to go1.22.2 - go1.22.2 (released 2024-04-03) includes a security fix to the net/http package, as well as bug fixes to the compiler, the go command, the linker, and the encoding/gob, go/types, net/http, and runtime/trace packages. CVE-2023-45288: * go#66298 go#65051 bsc#1221400 security: fix CVE-2023-45288 net/http, x/net/http2: close connections when receiving too many headers * go#65858 cmd/compile: unreachable panic with GODEBUG=gotypesalias=1 * go#66060 cmd/link: RISC-V external link, failed to find text symbol for HI20 relocation * go#66076 cmd/compile: out-of-bounds panic with uint32 conversion and modulus operation in Go 1.22.0 on arm64 * go#66134 cmd/compile: go test . results in CLOSURE ... <unknown line number>: internal compiler error: assertion failed * go#66137 cmd/go: go 1.22.0: go test throws errors when processing folders not listed in coverpkg argument * go#66178 cmd/compile: ICE: panic: interface conversion: ir.Node is *ir.ConvExpr, not *ir.IndexExpr * go#66201 runtime/trace: v2 traces contain an incorrect timestamp scaling factor on Windows * go#66255 net/http: http2 round tripper nil pointer dereference causes panic causing deadlock * go#66256 cmd/go: git shallow fetches broken at CL 556358 * go#66273 crypto/x509: Certificate no longer encodable using encoding/gob in Go1.22 * go#66412 cmd/link: bad carrier sym for symbol runtime.elf_savegpr0.args_stackmap on ppc64le - Update to version 1.22.1.2 cut from the go1.22-fips-release branch at the revision tagged go1.22.1-2-openssl-fips. * config: Update openssl v2 module (#178) - Remove subpackage go1.x-openssl-libstd for compiled shared object libstd.so. * Continue to build experimental libstd only on go1.x Tumbleweed. * Removal fixes build errors on go1.x-openssl Factory and ALP. * Use of libstd.so is experimental and not recommended for general use, Go currently has no ABI. * Feature go build -buildmode=shared is deprecated by upstream, but not yet removed. - Initial package go1.22-openssl version 1.22.1.1 cut from the go1.22-fips-release branch at the revision tagged go1.22.1-1-openssl-fips. * Go upstream merged branch dev.boringcrypto in go1.19+. * In go1.x enable BoringCrypto via GOEXPERIMENT=boringcrypto. * In go1.x-openssl enable FIPS mode (or boring mode as the package is named) either via an environment variable GOLANG_FIPS=1 or by virtue of booting the host in FIPS mode. * When the operating system is operating in FIPS mode, Go applications which import crypto/tls/fipsonly limit operations to the FIPS ciphersuite. * go1.x-openssl is delivered as two large patches to go1.x applying necessary modifications from the golang-fips/go GitHub project for the Go crypto library to use OpenSSL as the external cryptographic library in a FIPS compliant way. * go1.x-openssl modifies the crypto/* packages to use OpenSSL for cryptographic operations. * go1.x-openssl uses dlopen() to call into OpenSSL. * SUSE RPM packaging introduces a fourth version digit go1.x.y.z corresponding to the golang-fips/go patchset tagged revision. * Patchset improvements can be updated independently of upstream Go maintenance releases. - go1.22.1 (released 2024-03-05) includes security fixes to the crypto/x509, html/template, net/http, net/http/cookiejar, and net/mail packages, as well as bug fixes to the compiler, the go command, the runtime, the trace command, and the go/types and net/http packages. CVE-2023-45289 CVE-2023-45290 CVE-2024-24783 CVE-2024-24784 CVE-2024-24785: * go#65831 go#65390 bsc#1220999 security: fix CVE-2024-24783 crypto/x509: Verify panics on certificates with an unknown public key algorithm * go#65849 go#65083 bsc#1221002 security: fix CVE-2024-24784 net/mail: comments in display names are incorrectly handled * go#65850 go#65383 bsc#1221001 security: fix CVE-2023-45290 net/http: memory exhaustion in Request.ParseMultipartForm * go#65859 go#65065 bsc#1221000 security: fix CVE-2023-45289 net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect * go#65969 go#65697 bsc#1221003 security: fix CVE-2024-24785 html/template: errors returned from MarshalJSON methods may break template escaping * go#65352 cmd/go: go generate fails silently when run on a package in a nested workspace module * go#65471 internal/testenv: TestHasGoBuild failures on the LUCI noopt builders * go#65474 internal/testenv: support LUCI mobile builders in testenv tests * go#65577 cmd/trace/v2: goroutine analysis page doesn't identify goroutines consistently * go#65618 cmd/compile: Go 1.22 build fails with 1.21 PGO profile on internal/saferio change * go#65619 cmd/compile: Go 1.22 changes support for modules that declare go 1.0 * go#65641 cmd/cgo/internal/testsanitizers,x/build: LUCI clang15 builders failing * go#65644 runtime: crash in race detector when execution tracer reads from CPU profile buffer * go#65728 go/types: nil pointer dereference in Alias.Underlying() * go#65759 net/http: context cancellation can leave HTTP client with deadlocked HTTP/1.1 connections in Go1.22 * go#65760 runtime: Go 1.22.0 fails to build from source on armv7 Alpine Linux * go#65818 runtime: go1.22.0 test with -race will SIGSEGV or SIGBUS or Bad Pointer * go#65852 cmd/go: 'missing ziphash' error with go.work * go#65883 runtime: scheduler sometimes starves a runnable goroutine on wasm platforms * bsc#1219988 ensure VERSION file is present in GOROOT as required by go tool dist and go tool distpack - go1.22 (released 2024-02-06) is a major release of Go. go1.22.x minor releases will be provided through February 2024. https://github.com/golang/go/wiki/Go-Release-Cycle go1.22 arrives six months after go1.21. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. * Language change: go1.22 makes two changes to for loops. Previously, the variables declared by a for loop were created once and updated by each iteration. In go1.22, each iteration of the loop creates new variables, to avoid accidental sharing bugs. The transition support tooling described in the proposal continues to work in the same way it did in Go 1.21. * Language change: For loops may now range over integers * Language change: go1.22 includes a preview of a language change we are considering for a future version of Go: range-over-function iterators. Building with GOEXPERIMENT=rangefunc enables this feature. * go command: Commands in workspaces can now use a vendor directory containing the dependencies of the workspace. The directory is created by go work vendor, and used by build commands when the -mod flag is set to vendor, which is the default when a workspace vendor directory is present. Note that the vendor directory's contents for a workspace are different from those of a single module: if the directory at the root of a workspace also contains one of the modules in the workspace, its vendor directory can contain the dependencies of either the workspace or of the module, but not both. * go get is no longer supported outside of a module in the legacy GOPATH mode (that is, with GO111MODULE=off). Other build commands, such as go build and go test, will continue to work indefinitely for legacy GOPATH programs. * go mod init no longer attempts to import module requirements from configuration files for other vendoring tools (such as Gopkg.lock). * go test -cover now prints coverage summaries for covered packages that do not have their own test files. Prior to Go 1.22 a go test -cover run for such a package would report: ? mymod/mypack [no test files] and now with go1.22, functions in the package are treated as uncovered: mymod/mypack coverage: 0.0% of statements Note that if a package contains no executable code at all, we can't report a meaningful coverage percentage; for such packages the go tool will continue to report that there are no test files. * trace: The trace tool's web UI has been gently refreshed as part of the work to support the new tracer, resolving several issues and improving the readability of various sub-pages. The web UI now supports exploring traces in a thread-oriented view. The trace viewer also now displays the full duration of all system calls. These improvements only apply for viewing traces produced by programs built with go1.22 or newer. A future release will bring some of these improvements to traces produced by older version of Go. * vet: References to loop variables The behavior of the vet tool has changed to match the new semantics (see above) of loop variables in go1.22. When analyzing a file that requires go1.22 or newer (due to its go.mod file or a per-file build constraint), vetcode> no longer reports references to loop variables from within a function literal that might outlive the iteration of the loop. In Go 1.22, loop variables are created anew for each iteration, so such references are no longer at risk of using a variable after it has been updated by the loop. * vet: New warnings for missing values after append The vet tool now reports calls to append that pass no values to be appended to the slice, such as slice = append(slice). Such a statement has no effect, and experience has shown that is nearly always a mistake. * vet: New warnings for deferring time.Since The vet tool now reports a non-deferred call to time.Since(t) within a defer statement. This is equivalent to calling time.Now().Sub(t) before the defer statement, not when the deferred function is called. In nearly all cases, the correct code requires deferring the time.Since call. * vet: New warnings for mismatched key-value pairs in log/slog calls The vet tool now reports invalid arguments in calls to functions and methods in the structured logging package, log/slog, that accept alternating key/value pairs. It reports calls where an argument in a key position is neither a string nor a slog.Attr, and where a final key is missing its value. * runtime: The runtime now keeps type-based garbage collection metadata nearer to each heap object, improving the CPU performance (latency or throughput) of Go programs by 1-3%. This change also reduces the memory overhead of the majority Go programs by approximately 1% by deduplicating redundant metadata. Some programs may see a smaller improvement because this change adjusts the size class boundaries of the memory allocator, so some objects may be moved up a size class. A consequence of this change is that some objects' addresses that were previously always aligned to a 16 byte (or higher) boundary will now only be aligned to an 8 byte boundary. Some programs that use assembly instructions that require memory addresses to be more than 8-byte aligned and rely on the memory allocator's previous alignment behavior may break, but we expect such programs to be rare. Such programs may be built with GOEXPERIMENT=noallocheaders to revert to the old metadata layout and restore the previous alignment behavior, but package owners should update their assembly code to avoid the alignment assumption, as this workaround will be removed in a future release. * runtime: On the windows/amd64 port, programs linking or loading Go libraries built with -buildmode=c-archive or -buildmode=c-shared can now use the SetUnhandledExceptionFilter Win32 function to catch exceptions not handled by the Go runtime. Note that this was already supported on the windows/386 port. * compiler: Profile-guided Optimization (PGO) builds can now devirtualize a higher proportion of calls than previously possible. Most programs from a representative set of Go programs now see between 2 and 14% improvement from enabling PGO. * compiler: The compiler now interleaves devirtualization and inlining, so interface method calls are better optimized. * compiler: go1.22 also includes a preview of an enhanced implementation of the compiler's inlining phase that uses heuristics to boost inlinability at call sites deemed 'important' (for example, in loops) and discourage inlining at call sites deemed 'unimportant' (for example, on panic paths). Building with GOEXPERIMENT=newinliner enables the new call-site heuristics; see issue #61502 for more info and to provide feedback. * linker: The linker's -s and -w flags are now behave more consistently across all platforms. The -w flag suppresses DWARF debug information generation. The -s flag suppresses symbol table generation. The -s flag also implies the -w flag, which can be negated with -w=0. That is, -s -w=0 will generate a binary with DWARF debug information generation but without the symbol table. * linker: On ELF platforms, the -B linker flag now accepts a special form: with -B gobuildid, the linker will generate a GNU build ID (the ELF NT_GNU_BUILD_ID note) derived from the Go build ID. * linker: On Windows, when building with -linkmode=internal, the linker now preserves SEH information from C object files by copying the .pdata and .xdata sections into the final binary. This helps with debugging and profiling binaries using native tools, such as WinDbg. Note that until now, C functions' SEH exception handlers were not being honored, so this change may cause some programs to behave differently. -linkmode=external is not affected by this change, as external linkers already preserve SEH information. * bootstrap: As mentioned in the Go 1.20 release notes, go1.22 now requires the final point release of Go 1.20 or later for bootstrap. We expect that Go 1.24 will require the final point release of go1.22 or later for bootstrap. * core library: New math/rand/v2 package: go1.22 includes the first “v2” package in the standard library, math/rand/v2. The changes compared to math/rand are detailed in proposal go#61716. The most important changes are: - The Read method, deprecated in math/rand, was not carried forward for math/rand/v2. (It remains available in math/rand.) The vast majority of calls to Read should use crypto/rand’s Read instead. Otherwise a custom Read can be constructed using the Uint64 method. - The global generator accessed by top-level functions is unconditionally randomly seeded. Because the API guarantees no fixed sequence of results, optimizations like per-thread random generator states are now possible. - The Source interface now has a single Uint64 method; there is no Source64 interface. - Many methods now use faster algorithms that were not possible to adopt in math/rand because they changed the output streams. - The Intn, Int31, Int31n, Int63, and Int64n top-level functions and methods from math/rand are spelled more idiomatically in math/rand/v2: IntN, Int32, Int32N, Int64, and Int64N. There are also new top-level functions and methods Uint32, Uint32N, Uint64, Uint64N, Uint, and UintN. - The new generic function N is like Int64N or Uint64N but works for any integer type. For example a random duration from 0 up to 5 minutes is rand.N(5*time.Minute). - The Mitchell & Reeds LFSR generator provided by math/rand’s Source has been replaced by two more modern pseudo-random generator sources: ChaCha8 PCG. ChaCha8 is a new, cryptographically strong random number generator roughly similar to PCG in efficiency. ChaCha8 is the algorithm used for the top-level functions in math/rand/v2. As of go1.22, math/rand's top-level functions (when not explicitly seeded) and the Go runtime also use ChaCha8 for randomness. - We plan to include an API migration tool in a future release, likely Go 1.23. * core library: New go/version package: The new go/version package implements functions for validating and comparing Go version strings. * core library: Enhanced routing patterns: HTTP routing in the standard library is now more expressive. The patterns used by net/http.ServeMux have been enhanced to accept methods and wildcards. This change breaks backwards compatibility in small ways, some obvious—patterns with '{' and '}' behave differently— and some less so—treatment of escaped paths has been improved. The change is controlled by a GODEBUG field named httpmuxgo121. Set httpmuxgo121=1 to restore the old behavior. * Minor changes to the library As always, there are various minor changes and updates to the library, made with the Go 1 promise of compatibility in mind. There are also various performance improvements, not enumerated here. * archive/tar: The new method Writer.AddFS adds all of the files from an fs.FS to the archive. * archive/zip: The new method Writer.AddFS adds all of the files from an fs.FS to the archive. * bufio: When a SplitFunc returns ErrFinalToken with a nil token, Scanner will now stop immediately. Previously, it would report a final empty token before stopping, which was usually not desired. Callers that do want to report a final empty token can do so by returning []byte{} rather than nil. * cmp: The new function Or returns the first in a sequence of values that is not the zero value. * crypto/tls: ConnectionState.ExportKeyingMaterial will now return an error unless TLS 1.3 is in use, or the extended_master_secret extension is supported by both the server and client. crypto/tls has supported this extension since Go 1.20. This can be disabled with the tlsunsafeekm=1 GODEBUG setting. * crypto/tls: By default, the minimum version offered by crypto/tls servers is now TLS 1.2 if not specified with config.MinimumVersion, matching the behavior of crypto/tls clients. This change can be reverted with the tls10server=1 GODEBUG setting. * crypto/tls: By default, cipher suites without ECDHE support are no longer offered by either clients or servers during pre-TLS 1.3 handshakes. This change can be reverted with the tlsrsakex=1 GODEBUG setting. * crypto/x509: The new CertPool.AddCertWithConstraint method can be used to add customized constraints to root certificates to be applied during chain building. * crypto/x509: On Android, root certificates will now be loaded from /data/misc/keychain/certs-added as well as /system/etc/security/cacerts. * crypto/x509: A new type, OID, supports ASN.1 Object Identifiers with individual components larger than 31 bits. A new field which uses this type, Policies, is added to the Certificate struct, and is now populated during parsing. Any OIDs which cannot be represented using a asn1.ObjectIdentifier will appear in Policies, but not in the old PolicyIdentifiers field. When calling CreateCertificate, the Policies field is ignored, and policies are taken from the PolicyIdentifiers field. Using the x509usepolicies=1 GODEBUG setting inverts this, populating certificate policies from the Policies field, and ignoring the PolicyIdentifiers field. We may change the default value of x509usepolicies in Go 1.23, making Policies the default field for marshaling. * database/sql: The new Null[T] type provide a way to scan nullable columns for any column types. * debug/elf: Constant R_MIPS_PC32 is defined for use with MIPS64 systems. Additional R_LARCH_* constants are defined for use with LoongArch systems. * encoding: The new methods AppendEncode and AppendDecode added to each of the Encoding types in the packages encoding/base32, encoding/base64, and encoding/hex simplify encoding and decoding from and to byte slices by taking care of byte slice buffer management. * encoding: The methods base32.Encoding.WithPadding and base64.Encoding.WithPadding now panic if the padding argument is a negative value other than NoPadding. * encoding/json: Marshaling and encoding functionality now escapes '\b' and '\f' characters as \b and \f instead of \u0008 and \u000c. * go/ast: The following declarations related to syntactic identifier resolution are now deprecated: Ident.Obj, Object, Scope, File.Scope, File.Unresolved, Importer, Package, NewPackage. In general, identifiers cannot be accurately resolved without type information. Consider, for example, the identifier K in T{K: ''}: it could be the name of a local variable if T is a map type, or the name of a field if T is a struct type. New programs should use the go/types package to resolve identifiers; see Object, Info.Uses, and Info.Defs for details. * go/ast: The new ast.Unparen function removes any enclosing parentheses from an expression. * go/types: The new Alias type represents type aliases. Previously, type aliases were not represented explicitly, so a reference to a type alias was equivalent to spelling out the aliased type, and the name of the alias was lost. The new representation retains the intermediate Alias. This enables improved error reporting (the name of a type alias can be reported), and allows for better handling of cyclic type declarations involving type aliases. In a future release, Alias types will also carry type parameter information. The new function Unalias returns the actual type denoted by an Alias type (or any other Type for that matter). * go/types: Because Alias types may break existing type switches that do not know to check for them, this functionality is controlled by a GODEBUG field named gotypesalias. With gotypesalias=0, everything behaves as before, and Alias types are never created. With gotypesalias=1, Alias types are created and clients must expect them. The default is gotypesalias=0. In a future release, the default will be changed to gotypesalias=1. Clients of go/types are urged to adjust their code as soon as possible to work with gotypesalias=1 to eliminate problems early. * go/types: The Info struct now exports the FileVersions map which provides per-file Go version information. * go/types: The new helper method PkgNameOf returns the local package name for the given import declaration. * go/types: The implementation of SizesFor has been adjusted to compute the same type sizes as the compiler when the compiler argument for SizesFor is 'gc'. The default Sizes implementation used by the type checker is now types.SizesFor('gc', 'amd64'). * go/types: The start position (Pos) of the lexical environment block (Scope) that represents a function body has changed: it used to start at the opening curly brace of the function body, but now starts at the function's func token. * html/template: Javascript template literals may now contain Go template actions, and parsing a template containing one will no longer return ErrJSTemplate. Similarly the GODEBUG setting jstmpllitinterp no longer has any effect. * io: The new SectionReader.Outer method returns the ReaderAt, offset, and size passed to NewSectionReader. * log/slog: The new SetLogLoggerLevel function controls the level for the bridge between the `slog` and `log` packages. It sets the minimum level for calls to the top-level `slog` logging functions, and it sets the level for calls to `log.Logger` that go through `slog`. * math/big: The new method Rat.FloatPrec computes the number of fractional decimal digits required to represent a rational number accurately as a floating-point number, and whether accurate decimal representation is possible in the first place. * net: When io.Copy copies from a TCPConn to a UnixConn, it will now use Linux's splice(2) system call if possible, using the new method TCPConn.WriteTo. * net: The Go DNS Resolver, used when building with '-tags=netgo', now searches for a matching name in the Windows hosts file, located at %SystemRoot%\System32\drivers\etc\hosts, before making a DNS query. * net/http: The new functions ServeFileFS, FileServerFS, and NewFileTransportFS are versions of the existing ServeFile, FileServer, and NewFileTransport, operating on an fs.FS. * net/http: The HTTP server and client now reject requests and responses containing an invalid empty Content-Length header. The previous behavior may be restored by setting GODEBUG field httplaxcontentlength=1. * net/http: The new method Request.PathValue returns path wildcard values from a request and the new method Request.SetPathValue sets path wildcard values on a request. * net/http/cgi: When executing a CGI process, the PATH_INFO variable is now always set to the empty string or a value starting with a / character, as required by RFC 3875. It was previously possible for some combinations of Handler.Root and request URL to violate this requirement. * net/netip: The new AddrPort.Compare method compares two AddrPorts. * os: On Windows, the Stat function now follows all reparse points that link to another named entity in the system. It was previously only following IO_REPARSE_TAG_SYMLINK and IO_REPARSE_TAG_MOUNT_POINT reparse points. * os: On Windows, passing O_SYNC to OpenFile now causes write operations to go directly to disk, equivalent to O_SYNC on Unix platforms. * os: On Windows, the ReadDir, File.ReadDir, File.Readdir, and File.Readdirnames functions now read directory entries in batches to reduce the number of system calls, improving performance up to 30%. * os: When io.Copy copies from a File to a net.UnixConn, it will now use Linux's sendfile(2) system call if possible, using the new method File.WriteTo. * os/exec: On Windows, LookPath now ignores empty entries in %PATH%, and returns ErrNotFound (instead of ErrNotExist) if no executable file extension is found to resolve an otherwise-unambiguous name. * os/exec: On Windows, Command and Cmd.Start no longer call LookPath if the path to the executable is already absolute and has an executable file extension. In addition, Cmd.Start no longer writes the resolved extension back to the Path field, so it is now safe to call the String method concurrently with a call to Start. * reflect: The Value.IsZero method will now return true for a floating-point or complex negative zero, and will return true for a struct value if a blank field (a field named _) somehow has a non-zero value. These changes make IsZero consistent with comparing a value to zero using the language == operator. * reflect: The PtrTo function is deprecated, in favor of PointerTo. * reflect: The new function TypeFor returns the Type that represents the type argument T. Previously, to get the reflect.Type value for a type, one had to use reflect.TypeOf((*T)(nil)).Elem(). This may now be written as reflect.TypeFor[T](). * runtime/metrics: Four new histogram metrics /sched/pauses/stopping/gc:seconds, /sched/pauses/stopping/other:seconds, /sched/pauses/total/gc:seconds, and /sched/pauses/total/other:seconds provide additional details about stop-the-world pauses. The 'stopping' metrics report the time taken from deciding to stop the world until all goroutines are stopped. The 'total' metrics report the time taken from deciding to stop the world until it is started again. * runtime/metrics: The /gc/pauses:seconds metric is deprecated, as it is equivalent to the new /sched/pauses/total/gc:seconds metric. * runtime/metrics: /sync/mutex/wait/total:seconds now includes contention on runtime-internal locks in addition to sync.Mutex and sync.RWMutex. * runtime/pprof: Mutex profiles now scale contention by the number of goroutines blocked on the mutex. This provides a more accurate representation of the degree to which a mutex is a bottleneck in a Go program. For instance, if 100 goroutines are blocked on a mutex for 10 milliseconds, a mutex profile will now record 1 second of delay instead of 10 milliseconds of delay. * runtime/pprof: Mutex profiles also now include contention on runtime-internal locks in addition to sync.Mutex and sync.RWMutex. Contention on runtime-internal locks is always reported at runtime._LostContendedRuntimeLock. A future release will add complete stack traces in these cases. * runtime/pprof: CPU profiles on Darwin platforms now contain the process's memory map, enabling the disassembly view in the pprof tool. * runtime/trace: The execution tracer has been completely overhauled in this release, resolving several long-standing issues and paving the way for new use-cases for execution traces. * runtime/trace: Execution traces now use the operating system's clock on most platforms (Windows excluded) so it is possible to correlate them with traces produced by lower-level components. Execution traces no longer depend on the reliability of the platform's clock to produce a correct trace. Execution traces are now partitioned regularly on-the-fly and as a result may be processed in a streamable way. Execution traces now contain complete durations for all system calls. Execution traces now contain information about the operating system threads that goroutines executed on. The latency impact of starting and stopping execution traces has been dramatically reduced. Execution traces may now begin or end during the garbage collection mark phase. * runtime/trace: To allow Go developers to take advantage of these improvements, an experimental trace reading package is available at golang.org/x/exp/trace. Note that this package only works on traces produced by programs built with go1.22 at the moment. Please try out the package and provide feedback on the corresponding proposal issue. * runtime/trace: If you experience any issues with the new execution tracer implementation, you may switch back to the old implementation by building your Go program with GOEXPERIMENT=noexectracer2. If you do, please file an issue, otherwise this option will be removed in a future release. * slices: The new function Concat concatenates multiple slices. * slices: Functions that shrink the size of a slice (Delete, DeleteFunc, Compact, CompactFunc, and Replace) now zero the elements between the new length and the old length. * slices: Insert now always panics if the argument i is out of range. Previously it did not panic in this situation if there were no elements to be inserted. * syscall: The syscall package has been frozen since Go 1.4 and was marked as deprecated in Go 1.11, causing many editors to warn about any use of the package. However, some non-deprecated functionality requires use of the syscall package, such as the os/exec.Cmd.SysProcAttr field. To avoid unnecessary complaints on such code, the syscall package is no longer marked as deprecated. The package remains frozen to most new functionality, and new code remains encouraged to use golang.org/x/sys/unix or golang.org/x/sys/windows where possible. * syscall: On Linux, the new SysProcAttr.PidFD field allows obtaining a PID FD when starting a child process via StartProcess or os/exec. * syscall: On Windows, passing O_SYNC to Open now causes write operations to go directly to disk, equivalent to O_SYNC on Unix platforms. * testing/slogtest: The new Run function uses sub-tests to run test cases, providing finer-grained control. * Ports: Darwin: On macOS on 64-bit x86 architecture (the darwin/amd64 port), the Go toolchain now generates position-independent executables (PIE) by default. Non-PIE binaries can be generated by specifying the -buildmode=exe build flag. On 64-bit ARM-based macOS (the darwin/arm64 port), the Go toolchain already generates PIE by default. go1.22 is the last release that will run on macOS 10.15 Catalina. Go 1.23 will require macOS 11 Big Sur or later. * Ports: Arm: The GOARM environment variable now allows you to select whether to use software or hardware floating point. Previously, valid GOARM values were 5, 6, or 7. Now those same values can be optionally followed by ,softfloat or ,hardfloat to select the floating-point implementation. This new option defaults to softfloat for version 5 and hardfloat for versions 6 and 7. * Ports: Loong64: The loong64 port now supports passing function arguments and results using registers. The linux/loong64 port now supports the address sanitizer, memory sanitizer, new-style linker relocations, and the plugin build mode. * OpenBSD go1.22 adds an experimental port to OpenBSD on big-endian 64-bit PowerPC (openbsd/ppc64). Important SUSE bug 1218424 SUSE bug 1219988 SUSE bug 1220999 SUSE bug 1221000 SUSE bug 1221001 SUSE bug 1221002 SUSE bug 1221003 SUSE bug 1221400 SUSE bug 1224017 SUSE bug 1224018 SUSE bug 1225973 SUSE bug 1225974 SUSE bug 1227314 SUSE bug 1230252 SUSE bug 1230253 SUSE bug 1230254 CVE-2023-45288 at SUSE CVE-2023-45288 at NVD CVE-2023-45289 at SUSE CVE-2023-45289 at NVD CVE-2023-45290 at SUSE CVE-2023-45290 at NVD CVE-2024-24783 at SUSE CVE-2024-24783 at NVD CVE-2024-24784 at SUSE CVE-2024-24784 at NVD CVE-2024-24785 at SUSE CVE-2024-24785 at NVD CVE-2024-24787 at SUSE CVE-2024-24787 at NVD CVE-2024-24788 at SUSE CVE-2024-24788 at NVD CVE-2024-24789 at SUSE CVE-2024-24789 at NVD CVE-2024-24790 at SUSE CVE-2024-24790 at NVD CVE-2024-24791 at SUSE CVE-2024-24791 at NVD CVE-2024-34155 at SUSE CVE-2024-34155 at NVD CVE-2024-34156 at SUSE CVE-2024-34156 at NVD CVE-2024-34158 at SUSE CVE-2024-34158 at NVD cpe:/o:opensuse:leap:15.6 Security update for libarchive (Important) openSUSE Leap 15.6 This update for libarchive fixes the following issues: - CVE-2024-20697: Fixed Out of bounds Remote Code Execution Vulnerability (bsc#1225972). - CVE-2024-48958: Fixed out-of-bounds access via a crafted archive file in execute_filter_delta function (bsc#1231624). Important SUSE bug 1225972 SUSE bug 1231624 CVE-2024-20697 at SUSE CVE-2024-20697 at NVD CVE-2024-48958 at SUSE CVE-2024-48958 at NVD cpe:/o:opensuse:leap:15.6 Security update for ghostscript (Important) openSUSE Leap 15.6 This update for ghostscript fixes the following issues: - CVE-2024-46951: Fixed arbitrary code execution via unchecked 'Implementation' pointer in 'Pattern' color space (bsc#1232265). - CVE-2024-46953: Fixed integer overflow when parsing the page format results in path truncation, path traversal, code execution (bsc#1232267). - CVE-2024-46956: Fixed arbitrary code execution via out of bounds data access in filenameforall (bsc#1232270). - CVE-2024-46955: Fixed out of bounds read when reading color in 'Indexed' color space (bsc#1232269). Important SUSE bug 1232265 SUSE bug 1232267 SUSE bug 1232269 SUSE bug 1232270 CVE-2024-46951 at SUSE CVE-2024-46951 at NVD CVE-2024-46953 at SUSE CVE-2024-46953 at NVD CVE-2024-46955 at SUSE CVE-2024-46955 at NVD CVE-2024-46956 at SUSE CVE-2024-46956 at NVD cpe:/o:opensuse:leap:15.6 Security update for openssl-3 (Moderate) openSUSE Leap 15.6 This update for openssl-3 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) Moderate SUSE bug 1220262 CVE-2023-50782 at SUSE CVE-2023-50782 at NVD cpe:/o:opensuse:leap:15.6 Security update for python39 (Moderate) openSUSE Leap 15.6 This update for python39 fixes the following issues: - CVE-2024-9287: Fixed quoted path names provided when creating a virtual environment (bsc#1232241). Bug fixes: - Drop .pyc files from docdir for reproducible builds (bsc#1230906). Moderate SUSE bug 1230906 SUSE bug 1232241 CVE-2024-9287 at SUSE CVE-2024-9287 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-21-openjdk (Moderate) openSUSE Leap 15.6 This update for java-21-openjdk fixes the following issues: - Update to upstream tag jdk-21.0.5+13 (October 2024 CPU) * Security fixes + JDK-8307383: Enhance DTLS connections + JDK-8311208: Improve CDS Support + JDK-8328286, CVE-2024-21208, bsc#1231702: Enhance HTTP client + JDK-8328544, CVE-2024-21210, bsc#1231711: Improve handling of vectorization + JDK-8328726: Better Kerberos support + JDK-8331446, CVE-2024-21217, bsc#1231716: Improve deserialization support + JDK-8332644, CVE-2024-21235, bsc#1231719: Improve graph optimizations + JDK-8335713: Enhance vectorization analysis * Other changes + JDK-6355567: AdobeMarkerSegment causes failure to read valid JPEG + JDK-6967482: TAB-key does not work in JTables after selecting details-view in JFileChooser + JDK-7022325: TEST_BUG: test/java/util/zip/ZipFile/ /ReadLongZipFileName.java leaks files if it fails + JDK-8051959: Add thread and timestamp options to java.security.debug system property + JDK-8073061: (fs) Files.copy(foo, bar, REPLACE_EXISTING) deletes bar even if foo is not readable + JDK-8166352: FilePane.createDetailsView() removes JTable TAB, SHIFT-TAB functionality + JDK-8170817: G1: Returning MinTLABSize from unsafe_max_tlab_alloc causes TLAB flapping + JDK-8211847: [aix] java/lang/ProcessHandle/InfoTest.java fails: 'reported cputime less than expected' + JDK-8211854: [aix] java/net/ServerSocket/ /AcceptInheritHandle.java fails: read times out + JDK-8222884: ConcurrentClassDescLookup.java times out intermittently + JDK-8238169: BasicDirectoryModel getDirectories and DoChangeContents.run can deadlock + JDK-8241550: [macOS] SSLSocketImpl/ReuseAddr.java failed due to 'BindException: Address already in use' + JDK-8242564: javadoc crashes:: class cast exception com.sun.tools.javac.code.Symtab$6 + JDK-8260633: [macos] java/awt/dnd/MouseEventAfterStartDragTest/ /MouseEventAfterStartDragTest.html test failed + JDK-8261433: Better pkcs11 performance for libpkcs11:C_EncryptInit/libpkcs11:C_DecryptInit + JDK-8269428: java/util/concurrent/ConcurrentHashMap/ /ToArray.java timed out + JDK-8269657: Test java/nio/channels/DatagramChannel/ /Loopback.java failed: Unexpected message + JDK-8280120: [IR Framework] Add attribute to @IR to enable/disable IR matching based on the architecture + JDK-8280392: java/awt/Focus/NonFocusableWindowTest/ /NonfocusableOwnerTest.java failed with 'RuntimeException: Test failed.' + JDK-8280988: [XWayland] Click on title to request focus test failures + JDK-8280990: [XWayland] XTest emulated mouse click does not bring window to front + JDK-8283223: gc/stringdedup/TestStringDeduplicationFullGC.java #Parallel failed with 'RuntimeException: String verification failed' + JDK-8287325: AArch64: fix virtual threads with -XX:UseBranchProtection=pac-ret + JDK-8291809: Convert compiler/c2/cr7200264/TestSSE2IntVect.java to IR verification test + JDK-8294148: Support JSplitPane for instructions and test UI + JDK-8299058: AssertionError in sun.net.httpserver.ServerImpl when connection is idle + JDK-8299487: Test java/net/httpclient/whitebox/ /SSLTubeTestDriver.java timed out + JDK-8299790: os::print_hex_dump is racy + JDK-8299813: java/nio/channels/DatagramChannel/Disconnect.java fails with jtreg test timeout due to lost datagram + JDK-8301686: TLS 1.3 handshake fails if server_name doesn't match resuming session + JDK-8303920: Avoid calling out to python in DataDescriptorSignatureMissing test + JDK-8305072: Win32ShellFolder2.compareTo is inconsistent + JDK-8305825: getBounds API returns wrong value resulting in multiple Regression Test Failures on Ubuntu 23.04 + JDK-8307193: Several Swing jtreg tests use class.forName on L&F classes + JDK-8307352: AARCH64: Improve itable_stub + JDK-8307778: com/sun/jdi/cds tests fail with jtreg's Virtual test thread factory + JDK-8307788: vmTestbase/gc/gctests/LargeObjects/large003/ /TestDescription.java timed out + JDK-8308286: Fix clang warnings in linux code + JDK-8308660: C2 compilation hits 'node must be dead' assert + JDK-8309067: gtest/AsyncLogGtest.java fails again in stderrOutput_vm + JDK-8309621: [XWayland][Screencast] screen capture failure with sun.java2d.uiScale other than 1 + JDK-8309685: Fix -Wconversion warnings in assembler and register code + JDK-8309894: compiler/vectorapi/ /VectorLogicalOpIdentityTest.java fails on SVE system with UseSVE=0 + JDK-8310072: JComboBox/DisabledComboBoxFontTestAuto: Enabled and disabled ComboBox does not match in these LAFs: GTK+ + JDK-8310108: Skip ReplaceCriticalClassesForSubgraphs when EnableJVMCI is specified + JDK-8310201: Reduce verbose locale output in -XshowSettings launcher option + JDK-8310334: [XWayland][Screencast] screen capture error message in debug + JDK-8310628: GcInfoBuilder.c missing JNI Exception checks + JDK-8310683: Refactor StandardCharset/standard.java to use JUnit + JDK-8310906: Fix -Wconversion warnings in runtime, oops and some code header files. + JDK-8311306: Test com/sun/management/ThreadMXBean/ /ThreadCpuTimeArray.java failed: out of expected range + JDK-8311666: Disabled tests in test/jdk/sun/java2d/marlin + JDK-8311989: Test java/lang/Thread/virtual/Reflection.java timed out + JDK-8312049: runtime/logging/ClassLoadUnloadTest can be improved + JDK-8312111: open/test/jdk/java/awt/Robot/ModifierRobotKey/ /ModifierRobotKeyTest.java fails on ubuntu 23.04 + JDK-8312140: jdk/jshell tests failed with JDI socket timeouts + JDK-8312200: Fix Parse::catch_call_exceptions memory leak + JDK-8312229: Crash involving yield, switch and anonymous classes + JDK-8313674: (fc) java/nio/channels/FileChannel/ /BlockDeviceSize.java should test for more block devices + JDK-8313697: [XWayland][Screencast] consequent getPixelColor calls are slow + JDK-8313983: jmod create --target-platform should replace existing ModuleTarget attribute + JDK-8314163: os::print_hex_dump prints incorrectly for big endian platforms and unit sizes larger than 1 + JDK-8314225: SIGSEGV in JavaThread::is_lock_owned + JDK-8314515: java/util/concurrent/SynchronousQueue/ /Fairness.java failed with 'Error: fair=false i=8 j=0' + JDK-8314614: jdk/jshell/ImportTest.java failed with 'InternalError: Failed remote listen' + JDK-8315024: Vector API FP reduction tests should not test for exact equality + JDK-8315031: YoungPLABSize and OldPLABSize not aligned by ObjectAlignmentInBytes + JDK-8315422: getSoTimeout() would be in try block in SSLSocketImpl + JDK-8315505: CompileTask timestamp printed can overflow + JDK-8315576: compiler/codecache/CodeCacheFullCountTest.java fails after JDK-8314837 + JDK-8315804: Open source several Swing JTabbedPane JTextArea JTextField tests + JDK-8315923: pretouch_memory by atomic-add-0 fragments huge pages unexpectedly + JDK-8315965: Open source various AWT applet tests + JDK-8315969: compiler/rangechecks/ /TestRangeCheckHoistingScaledIV.java: make flagless + JDK-8316104: Open source several Swing SplitPane and RadioButton related tests + JDK-8316131: runtime/cds/appcds/TestParallelGCWithCDS.java fails with JNI error + JDK-8316193: jdk/jfr/event/oldobject/TestListenerLeak.java java.lang.Exception: Could not find leak + JDK-8316211: Open source several manual applet tests + JDK-8316240: Open source several add/remove MenuBar manual tests + JDK-8316285: Opensource JButton manual tests + JDK-8316306: Open source and convert manual Swing test + JDK-8316328: Test jdk/jfr/event/oldobject/ /TestSanityDefault.java times out for some heap sizes + JDK-8316361: C2: assert(!failure) failed: Missed optimization opportunity in PhaseIterGVN with -XX:VerifyIterativeGVN=10 + JDK-8316389: Open source few AWT applet tests + JDK-8316756: C2 EA fails with 'missing memory path' when encountering unsafe_arraycopy stub call + JDK-8317112: Add screenshot for Frame/DefaultSizeTest.java + JDK-8317128: java/nio/file/Files/CopyAndMove.java failed with AccessDeniedException + JDK-8317240: Promptly free OopMapEntry after fail to insert the entry to OopMapCache + JDK-8317288: [macos] java/awt/Window/Grab/GrabTest.java: Press on the outside area didn't cause ungrab + JDK-8317299: safepoint scalarization doesn't keep track of the depth of the JVM state + JDK-8317360: Missing null checks in JfrCheckpointManager and JfrStringPool initialization routines + JDK-8317372: Refactor some NumberFormat tests to use JUnit + JDK-8317446: ProblemList gc/arguments/TestNewSizeFlags.java on macosx-aarch64 in Xcomp + JDK-8317449: ProblemList serviceability/jvmti/stress/ /StackTrace/NotSuspended/ /GetStackTraceNotSuspendedStressTest.java on several platforms + JDK-8317635: Improve GetClassFields test to verify correctness of field order + JDK-8317696: Fix compilation with clang-16 + JDK-8317738: CodeCacheFullCountTest failed with 'VirtualMachineError: Out of space in CodeCache for method handle intrinsic' + JDK-8317831: compiler/codecache/CheckLargePages.java fails on OL 8.8 with unexpected memory string + JDK-8318071: IgnoreUnrecognizedVMOptions flag still causes failure in ArchiveHeapTestClass + JDK-8318479: [jmh] the test security.CacheBench failed for multiple threads run + JDK-8318605: Enable parallelism in vmTestbase/nsk/stress/stack tests + JDK-8319197: Exclude hb-subset and hb-style from compilation + JDK-8319406: x86: Shorter movptr(reg, imm) for 32-bit immediates + JDK-8319773: Avoid inflating monitors when installing hash codes for LM_LIGHTWEIGHT + JDK-8319793: C2 compilation fails with 'Bad graph detected in build_loop_late' after JDK-8279888 + JDK-8319817: Charset constructor should make defensive copy of aliases + JDK-8319818: Address GCC 13.2.0 warnings (stringop-overflow and dangling-pointer) + JDK-8320079: The ArabicBox.java test has no control buttons + JDK-8320212: Disable GCC stringop-overflow warning for affected files + JDK-8320379: C2: Sort spilling/unspilling sequence for better ld/st merging into ldp/stp on AArch64 + JDK-8320602: Lock contention in SchemaDVFactory.getInstance() + JDK-8320608: Many jtreg printing tests are missing the @printer keyword + JDK-8320655: awt screencast robot spin and sync issues with native libpipewire api + JDK-8320675: PrinterJob/SecurityDialogTest.java hangs + JDK-8320945: problemlist tests failing on latest Windows 11 update + JDK-8321025: Enable Neoverse N1 optimizations for Neoverse V2 + JDK-8321176: [Screencast] make a second attempt on screencast failure + JDK-8321206: Make Locale related system properties `StaticProperty` + JDK-8321220: JFR: RecordedClass reports incorrect modifiers + JDK-8321278: C2: Partial peeling fails with assert 'last_peel <- first_not_peeled' + JDK-8321509: False positive in get_trampoline fast path causes crash + JDK-8321933: TestCDSVMCrash.java spawns two processes + JDK-8322008: Exclude some CDS tests from running with -Xshare:off + JDK-8322062: com/sun/jdi/JdwpAllowTest.java does not performs negative testing with prefix length + JDK-8322330: JavadocHelperTest.java OOMEs with Parallel GC and ZGC + JDK-8322726: C2: Unloaded signature class kills argument value + JDK-8322743: C2: prevent lock region elimination in OSR compilation + JDK-8322766: Micro bench SSLHandshake should use default algorithms + JDK-8322881: java/nio/file/Files/CopyMoveVariations.java fails with AccessDeniedException due to permissions of files in /tmp + JDK-8322971: KEM.getInstance() should check if a 3rd-party security provider is signed + JDK-8322996: BoxLockNode creation fails with assert(reg < CHUNK_SIZE) failed: sanity + JDK-8323122: AArch64: Increase itable stub size estimate + JDK-8323196: jdk/jfr/api/consumer/filestream/TestOrdered.java failed with 'Events are not ordered! Reuse = false' + JDK-8323274: C2: array load may float above range check + JDK-8323552: AbstractMemorySegmentImpl#mismatch returns -1 when comparing distinct areas of the same instance of MemorySegment + JDK-8323577: C2 SuperWord: remove AlignVector restrictions on IR tests added in JDK-8305055 + JDK-8323584: AArch64: Unnecessary ResourceMark in NativeCall::set_destination_mt_safe + JDK-8323670: A few client tests intermittently throw ConcurrentModificationException + JDK-8323682: C2: guard check is not generated in Arrays.copyOfRange intrinsic when allocation is eliminated by EA + JDK-8323782: Race: Thread::interrupt vs. AbstractInterruptibleChannel.begin + JDK-8323801: <s> tag doesn't strikethrough the text + JDK-8323972: C2 compilation fails with assert(!x->as_Loop()->is_loop_nest_inner_loop()) failed: loop was transformed + JDK-8324174: assert(m->is_entered(current)) failed: invariant + JDK-8324577: [REDO] - [IMPROVE] OPEN_MAX is no longer the max limit on macOS >= 10.6 for RLIMIT_NOFILE + JDK-8324580: SIGFPE on THP initialization on kernels < 4.10 + JDK-8324641: [IR Framework] Add Setup method to provide custom arguments and set fields + JDK-8324668: JDWP process management needs more efficient file descriptor handling + JDK-8324755: Enable parallelism in vmTestbase/gc/gctests/LargeObjects tests + JDK-8324781: runtime/Thread/TestAlwaysPreTouchStacks.java failed with Expected a higher ratio between stack committed and reserved + JDK-8324808: Manual printer tests have no Pass/Fail buttons, instructions close set 3 + JDK-8324969: C2: prevent elimination of unbalanced coarsened locking regions + JDK-8324983: Race in CompileBroker::possibly_add_compiler_threads + JDK-8325022: Incorrect error message on client authentication + JDK-8325037: x86: enable and fix hotspot/jtreg/compiler/vectorization/TestRoundVectFloat.java + JDK-8325083: jdk/incubator/vector/Double512VectorTests.java crashes in Assembler::vex_prefix_and_encode + JDK-8325179: Race in BasicDirectoryModel.validateFileCache + JDK-8325218: gc/parallel/TestAlwaysPreTouchBehavior.java fails + JDK-8325382: (fc) FileChannel.transferTo throws IOException when position equals size + JDK-8325384: sun/security/ssl/SSLSessionImpl/ /ResumptionUpdateBoundValues.java failing intermittently when main thread is a virtual thread + JDK-8325469: Freeze/Thaw code can crash in the presence of OSR frames + JDK-8325494: C2: Broken graph after not skipping CastII node anymore for Assertion Predicates after JDK-8309902 + JDK-8325520: Vector loads and stores with indices and masks incorrectly compiled + JDK-8325542: CTW: Runner can produce negative StressSeed + JDK-8325587: Shenandoah: ShenandoahLock should allow blocking in VM + JDK-8325616: JFR ZGC Allocation Stall events should record stack traces + JDK-8325620: HTMLReader uses ConvertAction instead of specified CharacterAction for <b>, <i>, <u> + JDK-8325754: Dead AbstractQueuedSynchronizer$ConditionNodes survive minor garbage collections + JDK-8325763: Revert properties: vm.opt.x.* + JDK-8326106: Write and clear stack trace table outside of safepoint + JDK-8326129: Java Record Pattern Match leads to infinite loop + JDK-8326332: Unclosed inline tags cause misalignment in summary tables + JDK-8326717: Disable stringop-overflow in shenandoahLock.cpp + JDK-8326734: text-decoration applied to <span> lost when mixed with <u> or <s> + JDK-8327007: javax/swing/JSpinner/8008657/bug8008657.java fails + JDK-8327040: Problemlist ActionListenerCalledTwiceTest.java test failing in macos14 + JDK-8327137: Add test for ConcurrentModificationException in BasicDirectoryModel + JDK-8327401: Some jtreg tests fail on Wayland without any tracking bug + JDK-8327423: C2 remove_main_post_loops: check if main-loop belongs to pre-loop, not just assert + JDK-8327424: ProblemList serviceability/sa/TestJmapCore.java on all platforms with ZGC + JDK-8327501: Common ForkJoinPool prevents class unloading in some cases + JDK-8327650: Test java/nio/channels/DatagramChannel/ /StressNativeSignal.java timed out + JDK-8327787: Convert javax/swing/border/Test4129681.java applet test to main + JDK-8327840: Automate javax/swing/border/Test4129681.java + JDK-8327990: [macosx-aarch64] Various tests fail with -XX:+AssertWXAtThreadSync + JDK-8328011: Convert java/awt/Frame/GetBoundsResizeTest/ /GetBoundsResizeTest.java applet test to main + JDK-8328075: Shenandoah: Avoid forwarding when objects don't move in full-GC + JDK-8328110: Allow simultaneous use of PassFailJFrame with split UI and additional windows + JDK-8328115: Convert java/awt/font/TextLayout/ /TestJustification.html applet test to main + JDK-8328158: Convert java/awt/Choice/NonFocusablePopupMenuTest to automatic main test + JDK-8328218: Delete test java/awt/Window/FindOwner/FindOwner.html + JDK-8328234: Remove unused nativeUtils files + JDK-8328238: Convert few closed manual applet tests to main + JDK-8328269: NonFocusablePopupMenuTest.java should be marked as headful + JDK-8328273: sun/management/jmxremote/bootstrap/ /RmiRegistrySslTest.java failed with java.rmi.server.ExportException: Port already in use + JDK-8328366: Thread.setContextClassloader from thread in FJP commonPool task no longer works after JDK-8327501 + JDK-8328560: java/awt/event/MouseEvent/ClickDuringKeypress/ /ClickDuringKeypress.java imports Applet + JDK-8328561: test java/awt/Robot/ManualInstructions/ /ManualInstructions.java isn't used + JDK-8328642: Convert applet test MouseDraggedOutCauseScrollingTest.html to main + JDK-8328647: TestGarbageCollectorMXBean.java fails with C1-only and -Xcomp + JDK-8328697: SubMenuShowTest and SwallowKeyEvents tests stabilization + JDK-8328785: IOException: Symbol not found: C_GetInterface for PKCS11 interface prior to V3.0 + JDK-8328896: Fontmetrics for large Fonts has zero width + JDK-8328953: JEditorPane.read throws ChangedCharSetException + JDK-8328999: Update GIFlib to 5.2.2 + JDK-8329004: Update Libpng to 1.6.43 + JDK-8329088: Stack chunk thawing races with concurrent GC stack iteration + JDK-8329103: assert(!thread->in_asgct()) failed during multi-mode profiling + JDK-8329126: No native wrappers generated anymore with -XX:-TieredCompilation after JDK-8251462 + JDK-8329134: Reconsider TLAB zapping + JDK-8329258: TailCall should not use frame pointer register for jump target + JDK-8329510: Update ProblemList for JFileChooser/8194044/FileSystemRootTest.java + JDK-8329559: Test javax/swing/JFrame/bug4419914.java failed because The End and Start buttons are not placed correctly and Tab focus does not move as expected + JDK-8329665: fatal error: memory leak: allocating without ResourceMark + JDK-8329667: [macos] Issue with JTree related fix for JDK-8317771 + JDK-8329995: Restricted access to `/proc` can cause JFR initialization to crash + JDK-8330027: Identity hashes of archived objects must be based on a reproducible random seed + JDK-8330063: Upgrade jQuery to 3.7.1 + JDK-8330133: libj2pkcs11.so crashes on some pkcs#11 v3.0 libraries + JDK-8330146: assert(!_thread->is_in_any_VTMS_transition()) failed + JDK-8330520: linux clang build fails in os_linux.cpp with static_assert with no message is a C++17 extension + JDK-8330576: ZYoungCompactionLimit should have range check + JDK-8330611: AES-CTR vector intrinsic may read out of bounds (x86_64, AVX-512) + JDK-8330748: ByteArrayOutputStream.writeTo(OutputStream) pins carrier + JDK-8330814: Cleanups for KeepAliveCache tests + JDK-8330819: C2 SuperWord: bad dominance after pre-loop limit adjustment with base that has CastLL after pre-loop + JDK-8330849: Add test to verify memory usage with recursive locking + JDK-8330981: ZGC: Should not dedup strings in the finalizer graph + JDK-8331011: [XWayland] TokenStorage fails under Security Manager + JDK-8331063: Some HttpClient tests don't report leaks + JDK-8331077: nroff man page update for jar tool + JDK-8331142: Add test for number of loader threads in BasicDirectoryModel + JDK-8331153: JFR: Improve logging of jdk/jfr/api/consumer/filestream/TestOrdered.java + JDK-8331164: createJMHBundle.sh download jars fail when url needed to be redirected + JDK-8331266: Bump update version for OpenJDK: jdk-21.0.5 + JDK-8331405: Shenandoah: Optimize ShenandoahLock with TTAS + JDK-8331411: Shenandoah: Reconsider spinning duration in ShenandoahLock + JDK-8331421: ubsan: vmreg.cpp checking error member call on misaligned address + JDK-8331495: Limit BasicDirectoryModel/LoaderThreadCount.java to Windows only + JDK-8331518: Tests should not use the 'Classpath' exception form of the legal header + JDK-8331572: Allow using OopMapCache outside of STW GC phases + JDK-8331573: Rename CollectedHeap::is_gc_active to be explicitly about STW GCs + JDK-8331575: C2: crash when ConvL2I is split thru phi at LongCountedLoop + JDK-8331605: jdk/test/lib/TestMutuallyExclusivePlatformPredicates.java test failure + JDK-8331626: unsafe.cpp:162:38: runtime error in index_oop_from_field_offset_long - applying non-zero offset 4563897424 to null pointer + JDK-8331714: Make OopMapCache installation lock-free + JDK-8331731: ubsan: relocInfo.cpp:155:30: runtime error: applying non-zero offset to null pointer + JDK-8331746: Create a test to verify that the cmm id is not ignored + JDK-8331771: ZGC: Remove OopMapCacheAlloc_lock ordering workaround + JDK-8331789: ubsan: deoptimization.cpp:403:29: runtime error: load of value 208, which is not a valid value for type 'bool' + JDK-8331798: Remove unused arg of checkErgonomics() in TestMaxHeapSizeTools.java + JDK-8331854: ubsan: copy.hpp:218:10: runtime error: addition of unsigned offset to 0x7fc2b4024518 overflowed to 0x7fc2b4024510 + JDK-8331863: DUIterator_Fast used before it is constructed + JDK-8331885: C2: meet between unloaded and speculative types is not symmetric + JDK-8331931: JFR: Avoid loading regex classes during startup + JDK-8331999: BasicDirectoryModel/LoaderThreadCount.java frequently fails on Windows in CI + JDK-8332008: Enable issuestitle check + JDK-8332113: Update nsk.share.Log to be always verbose + JDK-8332154: Memory leak in SynchronousQueue + JDK-8332174: Remove 2 (unpaired) RLO Unicode characters in ff_Adlm.xml + JDK-8332248: (fc) java/nio/channels/FileChannel/ /BlockDeviceSize.java failed with RuntimeException + JDK-8332424: Update IANA Language Subtag Registry to Version 2024-05-16 + JDK-8332431: NullPointerException in JTable of SwingSet2 + JDK-8332473: ubsan: growableArray.hpp:290:10: runtime error: null pointer passed as argument 1, which is declared to never be null + JDK-8332490: JMH org.openjdk.bench.java.util.zip .InflaterInputStreams.inflaterInputStreamRead OOM + JDK-8332499: Gtest codestrings.validate_vm fail on linux x64 when hsdis is present + JDK-8332524: Instead of printing 'TLSv1.3,' it is showing 'TLS13' + JDK-8332589: ubsan: unix/native/libjava/ProcessImpl_md.c:562:5: runtime error: null pointer passed as argument 2, which is declared to never be null + JDK-8332675: test/hotspot/jtreg/gc/testlibrary/Helpers.java compileClass javadoc does not match after 8321812 + JDK-8332699: ubsan: jfrEventSetting.inline.hpp:31:43: runtime error: index 163 out of bounds for type 'jfrNativeEventSetting [162]' + JDK-8332717: ZGC: Division by zero in heuristics + JDK-8332720: ubsan: instanceKlass.cpp:3550:76: runtime error: member call on null pointer of type 'struct Array' + JDK-8332818: ubsan: archiveHeapLoader.cpp:70:27: runtime error: applying non-zero offset 18446744073707454464 to null pointer + JDK-8332825: ubsan: guardedMemory.cpp:35:11: runtime error: null pointer passed as argument 2, which is declared to never be null + JDK-8332885: Clarify failure_handler self-tests + JDK-8332894: ubsan: vmError.cpp:2090:26: runtime error: division by zero + JDK-8332898: failure_handler: log directory of commands + JDK-8332903: ubsan: opto/output.cpp:1002:18: runtime error: load of value 171, which is not a valid value for type 'bool' + JDK-8332904: ubsan ppc64le: c1_LIRGenerator_ppc.cpp:581:21: runtime error: signed integer overflow: 9223372036854775807 + 1 cannot be represented in type 'long int' + JDK-8332905: C2 SuperWord: bad AD file, with RotateRightV and first operand not a pack + JDK-8332920: C2: Partial Peeling is wrongly applied for CmpU with negative limit + JDK-8332935: Crash: assert(*lastPtr != 0) failed: Mismatched JNINativeInterface tables, check for new entries + JDK-8332936: Test vmTestbase/metaspace/gc/watermark_70_80/ /TestDescription.java fails with no GC's recorded + JDK-8332959: C2: ZGC fails with 'Incorrect load shift' when invoking Object.clone() reflectively on an array + JDK-8333088: ubsan: shenandoahAdaptiveHeuristics.cpp:245:44: runtime error: division by zero + JDK-8333093: Incorrect comment in zAddress_aarch64.cpp + JDK-8333099: Missing check for is_LoadVector in StoreNode::Identity + JDK-8333149: ubsan : memset on nullptr target detected in jvmtiEnvBase.cpp get_object_monitor_usage + JDK-8333178: ubsan: jvmti_tools.cpp:149:16: runtime error: null pointer passed as argument 2, which is declared to never be null + JDK-8333270: HandlersOnComplexResetUpdate and HandlersOnComplexUpdate tests fail with 'Unexpected reference' if timeoutFactor is less than 1/3 + JDK-8333277: ubsan: mlib_ImageScanPoly.c:292:43: runtime error: division by zero + JDK-8333353: Delete extra empty line in CodeBlob.java + JDK-8333354: ubsan: frame.inline.hpp:91:25: and src/hotspot/share/runtime/frame.inline.hpp:88:29: runtime error: member call on null pointer of type 'const struct SmallRegisterMap' + JDK-8333361: ubsan,test : libHeapMonitorTest.cpp:518:9: runtime error: null pointer passed as argument 2, which is declared to never be null + JDK-8333363: ubsan: instanceKlass.cpp: runtime error: member call on null pointer of type 'struct AnnotationArray' + JDK-8333366: C2: CmpU3Nodes are not pushed back to worklist in PhaseCCP leading to non-fixpoint assertion failure + JDK-8333398: Uncomment the commented test in test/jdk/java/ /util/jar/JarFile/mrjar/MultiReleaseJarAPI.java + JDK-8333462: Performance regression of new DecimalFormat() when compare to jdk11 + JDK-8333477: Delete extra empty spaces in Makefiles + JDK-8333542: Breakpoint in parallel code does not work + JDK-8333622: ubsan: relocInfo_x86.cpp:101:56: runtime error: pointer index expression with base (-1) overflowed + JDK-8333639: ubsan: cppVtables.cpp:81:55: runtime error: index 14 out of bounds for type 'long int [1]' + JDK-8333652: RISC-V: compiler/vectorapi/ /VectorGatherMaskFoldingTest.java fails when using RVV + JDK-8333716: Shenandoah: Check for disarmed method before taking the nmethod lock + JDK-8333724: Problem list security/infra/java/security/cert/ /CertPathValidator/certification/CAInterop.java #teliasonerarootcav1 + JDK-8333804: java/net/httpclient/ForbiddenHeadTest.java threw an exception with 0 failures + JDK-8333887: ubsan: unsafe.cpp:247:13: runtime error: store to null pointer of type 'volatile int' + JDK-8334078: RISC-V: TestIntVect.java fails after JDK-8332153 when running without RVV + JDK-8334123: log the opening of Type 1 fonts + JDK-8334166: Enable binary check + JDK-8334239: Introduce macro for ubsan method/function exclusions + JDK-8334297: (so) java/nio/channels/SocketChannel/OpenLeak.java should not depend on SecurityManager + JDK-8334332: TestIOException.java fails if run by root + JDK-8334333: MissingResourceCauseTestRun.java fails if run by root + JDK-8334339: Test java/nio/file/attribute/ /BasicFileAttributeView/CreationTime.java fails on alinux3 + JDK-8334418: Update IANA Language Subtag Registry to Version 2024-06-14 + JDK-8334421: assert(!oldbox->is_unbalanced()) failed: this should not be called for unbalanced region + JDK-8334482: Shenandoah: Deadlock when safepoint is pending during nmethods iteration + JDK-8334592: ProblemList serviceability/jvmti/stress/ /StackTrace/NotSuspended/ /GetStackTraceNotSuspendedStressTest.java in jdk21 on all platforms + JDK-8334594: Generational ZGC: Deadlock after OopMap rewrites in 8331572 + JDK-8334600: TEST java/net/MulticastSocket/IPMulticastIF.java fails on linux-aarch64 + JDK-8334618: ubsan: support setting additional ubsan check options + JDK-8334653: ISO 4217 Amendment 177 Update + JDK-8334769: Shenandoah: Move CodeCache_lock close to its use in ShenandoahConcurrentNMethodIterator + JDK-8334867: Add back assertion from JDK-8325494 + JDK-8335007: Inline OopMapCache table + JDK-8335134: Test com/sun/jdi/BreakpointOnClassPrepare.java timeout + JDK-8335150: Test LogGeneratedClassesTest.java fails on rpmbuild mock enviroment + JDK-8335237: ubsan: vtableStubs.hpp is_vtable_stub exclude from ubsan checks + JDK-8335283: Build failure due to 'no_sanitize' attribute directive ignored + JDK-8335409: Can't allocate and retain memory from resource area in frame::oops_interpreted_do oop closure after 8329665 + JDK-8335493: check_gc_overhead_limit should reset SoftRefPolicy::_should_clear_all_soft_refs + JDK-8335536: Fix assertion failure in IdealGraphPrinter when append is true + JDK-8335743: jhsdb jstack cannot print some information on the waiting thread + JDK-8335775: Remove extraneous 's' in comment of rawmonitor.cpp test file + JDK-8335904: Fix invalid comment in ShenandoahLock + JDK-8335967: 'text-decoration: none' does not work with 'A' HTML tags + JDK-8336284: Test TestClhsdbJstackLock.java/ TestJhsdbJstackLock.java fails with -Xcomp after JDK-8335743 + JDK-8336301: test/jdk/java/nio/channels/ /AsyncCloseAndInterrupt.java leaves around a FIFO file upon test completion + JDK-8336342: Fix known X11 library locations in sysroot + JDK-8336343: Add more known sysroot library locations for ALSA + JDK-8336926: jdk/internal/util/ReferencedKeyTest.java can fail with ConcurrentModificationException + JDK-8336928: GHA: Bundle artifacts removal broken + JDK-8337038: Test java/nio/file/attribute/ /BasicFileAttributeView/CreationTime.java shoud set as /native + JDK-8337283: configure.log is truncated when build dir is on different filesystem + JDK-8337622: IllegalArgumentException in java.lang.reflect.Field.get + JDK-8337664: Distrust TLS server certificates issued after Oct 2024 and anchored by Entrust Root CAs + JDK-8338139: {ClassLoading,Memory}MXBean::isVerbose methods are inconsistent with their setVerbose methods + JDK-8338286: GHA: Demote x86_32 to hotspot build only + JDK-8338696: (fs) BasicFileAttributes.creationTime() falls back to epoch if birth time is unavailable (Linux) + JDK-8339869: [21u] Test CreationTime.java fails with UnsatisfiedLinkError after 8334339 + JDK-8341057: Add 2 SSL.com TLS roots + JDK-8341059: Change Entrust TLS distrust date to November 12, 2024 + JDK-8341674: [21u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 21.0.5 + JDK-8341989: [21u] Back out JDK-8327501 and JDK-8328366 Moderate SUSE bug 1231702 SUSE bug 1231711 SUSE bug 1231716 SUSE bug 1231719 CVE-2024-21208 at SUSE CVE-2024-21208 at NVD CVE-2024-21210 at SUSE CVE-2024-21210 at NVD CVE-2024-21217 at SUSE CVE-2024-21217 at NVD CVE-2024-21235 at SUSE CVE-2024-21235 at NVD cpe:/o:opensuse:leap:15.6 Security update for python311 (Moderate) openSUSE Leap 15.6 This update for python311 fixes the following issues: - CVE-2024-9287: Fixed quoted path names provided when creating a virtual environment (bsc#1232241). Bug fixes: - Drop .pyc files from docdir for reproducible builds (bsc#1230906). Moderate SUSE bug 1230906 SUSE bug 1232241 CVE-2024-9287 at SUSE CVE-2024-9287 at NVD cpe:/o:opensuse:leap:15.6 Security update for python312 (Moderate) openSUSE Leap 15.6 This update for python312 fixes the following issues: - CVE-2024-9287: Fixed quoted path names provided when creating a virtual environment (bsc#1232241). Bug fixes: - Drop .pyc files from docdir for reproducible builds (bsc#1230906). Moderate SUSE bug 1230906 SUSE bug 1232241 CVE-2024-9287 at SUSE CVE-2024-9287 at NVD cpe:/o:opensuse:leap:15.6 Security update for libheif (Important) openSUSE Leap 15.6 This update for libheif fixes the following issues: - CVE-2024-41311: Fixed out-of-bounds read and write in ImageOverlay:parse() due to decoding a heif file containing an overlay image with forged offsets (bsc#1231714). Important SUSE bug 1231714 CVE-2024-41311 at SUSE CVE-2024-41311 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-17-openjdk (Moderate) openSUSE Leap 15.6 This update for java-17-openjdk fixes the following issues: - Update to upstream tag jdk-17.0.13+11 (October 2024 CPU) * Security fixes + JDK-8307383: Enhance DTLS connections + JDK-8290367, JDK-8332643: Update default value and extend the scope of com.sun.jndi.ldap.object.trustSerialData system property + JDK-8328286, CVE-2024-21208, bsc#1231702: Enhance HTTP client + JDK-8328544, CVE-2024-21210, bsc#1231711: Improve handling of vectorization + JDK-8328726: Better Kerberos support + JDK-8331446, CVE-2024-21217, bsc#1231716: Improve deserialization support + JDK-8332644, CVE-2024-21235, bsc#1231719: Improve graph optimizations + JDK-8335713: Enhance vectorization analysis * Other changes + JDK-7022325: TEST_BUG: test/java/util/zip/ZipFile/ /ReadLongZipFileName.java leaks files if it fails + JDK-7026262: HttpServer: improve handling of finished HTTP exchanges + JDK-7124313: [macosx] Swing Popups should overlap taskbar + JDK-8005885: enhance PrintCodeCache to print more data + JDK-8051959: Add thread and timestamp options to java.security.debug system property + JDK-8170817: G1: Returning MinTLABSize from unsafe_max_tlab_alloc causes TLAB flapping + JDK-8183227: read/write APIs in class os shall return ssize_t + JDK-8193547: Regression automated test '/open/test/jdk/java/ /awt/Toolkit/DesktopProperties/rfe4758438.java' fails + JDK-8222884: ConcurrentClassDescLookup.java times out intermittently + JDK-8233725: ProcessTools.startProcess() has output issues when using an OutputAnalyzer at the same time + JDK-8238169: BasicDirectoryModel getDirectories and DoChangeContents.run can deadlock + JDK-8241550: [macOS] SSLSocketImpl/ReuseAddr.java failed due to 'BindException: Address already in use' + JDK-8255898: Test java/awt/FileDialog/FilenameFilterTest/ /FilenameFilterTest.java fails on Mac OS + JDK-8256291: RunThese30M fails 'assert(_class_unload ? true : ((((JfrTraceIdBits::load(class_loader_klass)) & ((1 << 4) << 8)) != 0))) failed: invariant' + JDK-8257540: javax/swing/JFileChooser/8041694/bug8041694.java failed with 'RuntimeException: The selected directory name is not the expected 'd ' but 'D '.' + JDK-8259866: two java.util tests failed with 'IOException: There is not enough space on the disk' + JDK-8260633: [macos] java/awt/dnd/MouseEventAfterStartDragTest/ /MouseEventAfterStartDragTest.html test failed + JDK-8261433: Better pkcs11 performance for libpkcs11:C_EncryptInit/libpkcs11:C_DecryptInit + JDK-8263031: HttpClient throws Exception if it receives a Push Promise that is too large + JDK-8265919: RunThese30M fails 'assert((!(((((JfrTraceIdBits::load(value)) & ((1 << 4) << 8)) != 0))))) failed: invariant' + JDK-8269428: java/util/concurrent/ConcurrentHashMap/ /ToArray.java timed out + JDK-8269657: Test java/nio/channels/DatagramChannel/ /Loopback.java failed: Unexpected message + JDK-8272232: javax/swing/JTable/4275046/bug4275046.java failed with 'Expected value in the cell: 'rededited' but found 'redEDITED'.' + JDK-8272558: IR Test Framework README misses some flags + JDK-8272777: Clean up remaining AccessController warnings in test library + JDK-8273216: JCMD does not work across container boundaries with Podman + JDK-8273430: Suspicious duplicate condition in java.util.regex.Grapheme#isExcludedSpacingMark + JDK-8273541: Cleaner Thread creates with normal priority instead of MAX_PRIORITY - 2 + JDK-8275851: Deproblemlist open/test/jdk/javax/swing/ /JComponent/6683775/bug6683775.java + JDK-8276660: Scalability bottleneck in java.security.Provider.getService() + JDK-8277042: add test for 8276036 to compiler/codecache + JDK-8279068: IGV: Update to work with JDK 16 and 17 + JDK-8279164: Disable TLS_ECDH_* cipher suites + JDK-8279222: Incorrect legacyMap.get in java.security.Provider after JDK-8276660 + JDK-8279337: The MToolkit is still referenced in a few places + JDK-8279641: Create manual JTReg tests for Swing accessibility + JDK-8279878: java/awt/font/JNICheck/JNICheck.sh test fails on Ubuntu 21.10 + JDK-8280034: ProblemList jdk/jfr/api/consumer/recordingstream/ /TestOnEvent.java on linux-x64 + JDK-8280392: java/awt/Focus/NonFocusableWindowTest/ /NonfocusableOwnerTest.java failed with 'RuntimeException: Test failed.' + JDK-8280970: Cleanup dead code in java.security.Provider + JDK-8280982: [Wayland] [XWayland] java.awt.Robot taking screenshots + JDK-8280988: [XWayland] Click on title to request focus test failures + JDK-8280990: [XWayland] XTest emulated mouse click does not bring window to front + JDK-8280993: [XWayland] Popup is not closed on click outside of area controlled by XWayland + JDK-8280994: [XWayland] Drag and Drop does not work in java -> wayland app direction + JDK-8281944: JavaDoc throws java.lang.IllegalStateException: ERRONEOUS + JDK-8282354: Remove dependancy of TestHttpServer, HttpTransaction, HttpCallback from open/test/jdk/ tests + JDK-8282526: Default icon is not painted properly + JDK-8283728: jdk.hotspot.agent: Wrong location for RISCV64ThreadContext.java + JDK-8284316: Support accessibility ManualTestFrame.java for non SwingSet tests + JDK-8284585: PushPromiseContinuation test fails intermittently in timeout + JDK-8285497: Add system property for Java SE specification maintenance version + JDK-8288568: Reduce runtime of java.security microbenchmarks + JDK-8289182: NMT: MemTracker::baseline should return void + JDK-8290966: G1: Record number of PLAB filled and number of direct allocations + JDK-8291760: PipelineLeaksFD.java still fails: More or fewer pipes than expected + JDK-8292044: HttpClient doesn't handle 102 or 103 properly + JDK-8292739: Invalid legacy entries may be returned by Provider.getServices() call + JDK-8292948: JEditorPane ignores font-size styles in external linked css-file + JDK-8293862: javax/swing/JFileChooser/8046391/bug8046391.java failed with 'Cannot invoke 'java.awt.Image.getWidth(java.awt.image.ImageObserver)' because 'retVal' is null' + JDK-8293872: Make runtime/Thread/ThreadCountLimit.java more robust + JDK-8294148: Support JSplitPane for instructions and test UI + JDK-8294691: dynamicArchive/RelativePath.java is running other test case + JDK-8294994: Update Jarsigner and Keytool i18n tests to validate i18n compliance + JDK-8295111: dpkg appears to have problems resolving symbolically linked native libraries + JDK-8296410: HttpClient throws java.io.IOException: no statuscode in response for HTTP2 + JDK-8296812: sprintf is deprecated in Xcode 14 + JDK-8297878: KEM: Implementation + JDK-8298381: Improve handling of session tickets for multiple SSLContexts + JDK-8298596: vmTestbase/nsk/sysdict/vm/stress/chain/chain008/ /chain008.java fails with 'NoClassDefFoundError: Could not initialize class java.util.concurrent.ThreadLocalRandom' + JDK-8298809: Clean up vm/compiler/InterfaceCalls JMH + JDK-8299058: AssertionError in sun.net.httpserver.ServerImpl when connection is idle + JDK-8299254: Support dealing with standard assert macro + JDK-8299378: sprintf is deprecated in Xcode 14 + JDK-8299395: Remove metaprogramming/removeCV.hpp + JDK-8299396: Remove metaprogramming/removeExtent.hpp + JDK-8299397: Remove metaprogramming/isFloatingPoint.hpp + JDK-8299398: Remove metaprogramming/isConst.hpp + JDK-8299399: Remove metaprogramming/isArray.hpp + JDK-8299402: Remove metaprogramming/isVolatile.hpp + JDK-8299479: Remove metaprogramming/decay.hpp + JDK-8299481: Remove metaprogramming/removePointer.hpp + JDK-8299482: Remove metaprogramming/isIntegral.hpp + JDK-8299487: Test java/net/httpclient/whitebox/ /SSLTubeTestDriver.java timed out + JDK-8299635: Hotspot update for deprecated sprintf in Xcode 14 + JDK-8299779: Test tools/jpackage/share/jdk/jpackage/tests/ /MainClassTest.java timed out + JDK-8299813: java/nio/channels/DatagramChannel/Disconnect.java fails with jtreg test timeout due to lost datagram + JDK-8299971: Remove metaprogramming/conditional.hpp + JDK-8299972: Remove metaprogramming/removeReference.hpp + JDK-8300169: Build failure with clang-15 + JDK-8300260: Remove metaprogramming/isSame.hpp + JDK-8300264: Remove metaprogramming/isPointer.hpp + JDK-8300265: Remove metaprogramming/isSigned.hpp + JDK-8300806: Update googletest to v1.13.0 + JDK-8300910: Remove metaprogramming/integralConstant.hpp + JDK-8301132: Test update for deprecated sprintf in Xcode 14 + JDK-8301200: Don't scale timeout stress with timeout factor + JDK-8301274: update for deprecated sprintf for security components + JDK-8301279: update for deprecated sprintf for management components + JDK-8301686: TLS 1.3 handshake fails if server_name doesn't match resuming session + JDK-8301704: Shorten the number of GCs in UnloadingTest.java to verify a class loader not being unloaded + JDK-8302495: update for deprecated sprintf for java.desktop + JDK-8302800: Augment NaN handling tests of FDLIBM methods + JDK-8303216: Prefer ArrayList to LinkedList in sun.net.httpserver.ServerImpl + JDK-8303466: C2: failed: malformed control flow. Limit type made precise with MaxL/MinL + JDK-8303527: update for deprecated sprintf for jdk.hotspot.agent + JDK-8303617: update for deprecated sprintf for jdk.jdwp.agent + JDK-8303830: update for deprecated sprintf for jdk.accessibility + JDK-8303891: Speed up Zip64SizeTest using a small ZIP64 file + JDK-8303920: Avoid calling out to python in DataDescriptorSignatureMissing test + JDK-8303942: os::write should write completely + JDK-8303965: java.net.http.HttpClient should reset the stream if response headers contain malformed header fields + JDK-8304375: jdk/jfr/api/consumer/filestream/TestOrdered.java failed with 'Expected at least some events to be out of order! Reuse = false' + JDK-8304962: sun/net/www/http/KeepAliveCache/B5045306.java: java.lang.RuntimeException: Failed: Initial Keep Alive Connection is not being reused + JDK-8304963: HttpServer closes connection after processing HEAD after JDK-7026262 + JDK-8305072: Win32ShellFolder2.compareTo is inconsistent + JDK-8305079: Remove finalize() from compiler/c2/Test719030 + JDK-8305081: Remove finalize() from test/hotspot/jtreg/compiler/runtime/Test8168712 + JDK-8305825: getBounds API returns wrong value resulting in multiple Regression Test Failures on Ubuntu 23.04 + JDK-8305959: x86: Improve itable_stub + JDK-8306583: Add JVM crash check in CDSTestUtils.executeAndLog + JDK-8306929: Avoid CleanClassLoaderDataMetaspaces safepoints when previous versions are shared + JDK-8306946: jdk/test/lib/process/ /ProcessToolsStartProcessTest.java fails with 'wrong number of lines in OutputAnalyzer output' + JDK-8307091: A few client tests intermittently throw ConcurrentModificationException + JDK-8307193: Several Swing jtreg tests use class.forName on L&F classes + JDK-8307352: AARCH64: Improve itable_stub + JDK-8307448: Test RedefineSharedClassJFR fail due to wrong assumption + JDK-8307779: Relax the java.awt.Robot specification + JDK-8307848: update for deprecated sprintf for jdk.attach + JDK-8307850: update for deprecated sprintf for jdk.jdi + JDK-8308022: update for deprecated sprintf for java.base + JDK-8308144: Uncontrolled memory consumption in SSLFlowDelegate.Reader + JDK-8308184: Launching java with large number of jars in classpath with java.protocol.handler.pkgs system property set can lead to StackOverflowError + JDK-8308801: update for deprecated sprintf for libnet in java.base + JDK-8308891: TestCDSVMCrash.java needs @requires vm.cds + JDK-8309241: ClassForNameLeak fails intermittently as the class loader hasn't been unloaded + JDK-8309621: [XWayland][Screencast] screen capture failure with sun.java2d.uiScale other than 1 + JDK-8309703: AIX build fails after JDK-8280982 + JDK-8309756: Occasional crashes with pipewire screen capture on Wayland + JDK-8309934: Update GitHub Actions to use JDK 17 for building jtreg + JDK-8310070: Test: javax/net/ssl/DTLS/DTLSWontNegotiateV10.java timed out + JDK-8310108: Skip ReplaceCriticalClassesForSubgraphs when EnableJVMCI is specified + JDK-8310201: Reduce verbose locale output in -XshowSettings launcher option + JDK-8310334: [XWayland][Screencast] screen capture error message in debug + JDK-8310628: GcInfoBuilder.c missing JNI Exception checks + JDK-8310683: Refactor StandardCharset/standard.java to use JUnit + JDK-8311208: Improve CDS Support + JDK-8311666: Disabled tests in test/jdk/sun/java2d/marlin + JDK-8312049: runtime/logging/ClassLoadUnloadTest can be improved + JDK-8312140: jdk/jshell tests failed with JDI socket timeouts + JDK-8312229: Crash involving yield, switch and anonymous classes + JDK-8313256: Exclude failing multicast tests on AIX + JDK-8313394: Array Elements in OldObjectSample event has the incorrect description + JDK-8313674: (fc) java/nio/channels/FileChannel/ /BlockDeviceSize.java should test for more block devices + JDK-8313697: [XWayland][Screencast] consequent getPixelColor calls are slow + JDK-8313873: java/nio/channels/DatagramChannel/ /SendReceiveMaxSize.java fails on AIX due to small default RCVBUF size and different IPv6 Header interpretation + JDK-8313901: [TESTBUG] test/hotspot/jtreg/compiler/codecache/ /CodeCacheFullCountTest.java fails with java.lang.VirtualMachineError + JDK-8314476: TestJstatdPortAndServer.java failed with 'java.rmi.NoSuchObjectException: no such object in table' + JDK-8314614: jdk/jshell/ImportTest.java failed with 'InternalError: Failed remote listen' + JDK-8314837: 5 compiled/codecache tests ignore VM flags + JDK-8315024: Vector API FP reduction tests should not test for exact equality + JDK-8315362: NMT: summary diff reports threads count incorrectly + JDK-8315422: getSoTimeout() would be in try block in SSLSocketImpl + JDK-8315437: Enable parallelism in vmTestbase/nsk/monitoring/stress/classload tests + JDK-8315442: Enable parallelism in vmTestbase/nsk/monitoring/stress/thread tests + JDK-8315559: Delay TempSymbol cleanup to avoid symbol table churn + JDK-8315576: compiler/codecache/CodeCacheFullCountTest.java fails after JDK-8314837 + JDK-8315651: Stop hiding AIX specific multicast socket errors via NetworkConfiguration (aix) + JDK-8315684: Parallelize sun/security/util/math/TestIntegerModuloP.java + JDK-8315774: Enable parallelism in vmTestbase/gc/g1/unloading tests + JDK-8315804: Open source several Swing JTabbedPane JTextArea JTextField tests + JDK-8315936: Parallelize gc/stress/TestStressG1Humongous.java test + JDK-8315965: Open source various AWT applet tests + JDK-8316104: Open source several Swing SplitPane and RadioButton related tests + JDK-8316193: jdk/jfr/event/oldobject/TestListenerLeak.java java.lang.Exception: Could not find leak + JDK-8316211: Open source several manual applet tests + JDK-8316240: Open source several add/remove MenuBar manual tests + JDK-8316285: Opensource JButton manual tests + JDK-8316306: Open source and convert manual Swing test + JDK-8316328: Test jdk/jfr/event/oldobject/ /TestSanityDefault.java times out for some heap sizes + JDK-8316387: Exclude more failing multicast tests on AIX after JDK-8315651 + JDK-8316389: Open source few AWT applet tests + JDK-8316468: os::write incorrectly handles partial write + JDK-8316973: GC: Make TestDisableDefaultGC use createTestJvm + JDK-8317112: Add screenshot for Frame/DefaultSizeTest.java + JDK-8317228: GC: Make TestXXXHeapSizeFlags use createTestJvm + JDK-8317288: [macos] java/awt/Window/Grab/GrabTest.java: Press on the outside area didn't cause ungrab + JDK-8317316: G1: Make TestG1PercentageOptions use createTestJvm + JDK-8317343: GC: Make TestHeapFreeRatio use createTestJvm + JDK-8317358: G1: Make TestMaxNewSize use createTestJvm + JDK-8317360: Missing null checks in JfrCheckpointManager and JfrStringPool initialization routines + JDK-8317372: Refactor some NumberFormat tests to use JUnit + JDK-8317635: Improve GetClassFields test to verify correctness of field order + JDK-8317831: compiler/codecache/CheckLargePages.java fails on OL 8.8 with unexpected memory string + JDK-8318039: GHA: Bump macOS and Xcode versions + JDK-8318089: Class space not marked as such with NMT when CDS is off + JDK-8318474: Fix memory reporter for thread_count + JDK-8318479: [jmh] the test security.CacheBench failed for multiple threads run + JDK-8318605: Enable parallelism in vmTestbase/nsk/stress/stack tests + JDK-8318696: Do not use LFS64 symbols on Linux + JDK-8318986: Improve GenericWaitBarrier performance + JDK-8319103: Popups that request focus are not shown on Linux with Wayland + JDK-8319197: Exclude hb-subset and hb-style from compilation + JDK-8319406: x86: Shorter movptr(reg, imm) for 32-bit immediates + JDK-8319713: Parallel: Remove PSAdaptiveSizePolicy::should_full_GC + JDK-8320079: The ArabicBox.java test has no control buttons + JDK-8320379: C2: Sort spilling/unspilling sequence for better ld/st merging into ldp/stp on AArch64 + JDK-8320602: Lock contention in SchemaDVFactory.getInstance() + JDK-8320608: Many jtreg printing tests are missing the @printer keyword + JDK-8320655: awt screencast robot spin and sync issues with native libpipewire api + JDK-8320692: Null icon returned for .exe without custom icon + JDK-8320945: problemlist tests failing on latest Windows 11 update + JDK-8321025: Enable Neoverse N1 optimizations for Neoverse V2 + JDK-8321176: [Screencast] make a second attempt on screencast failure + JDK-8321220: JFR: RecordedClass reports incorrect modifiers + JDK-8322008: Exclude some CDS tests from running with -Xshare:off + JDK-8322330: JavadocHelperTest.java OOMEs with Parallel GC and ZGC + JDK-8322726: C2: Unloaded signature class kills argument value + JDK-8322971: KEM.getInstance() should check if a 3rd-party security provider is signed + JDK-8323122: AArch64: Increase itable stub size estimate + JDK-8323584: AArch64: Unnecessary ResourceMark in NativeCall::set_destination_mt_safe + JDK-8323670: A few client tests intermittently throw ConcurrentModificationException + JDK-8323801: <s> tag doesn't strikethrough the text + JDK-8324577: [REDO] - [IMPROVE] OPEN_MAX is no longer the max limit on macOS >= 10.6 for RLIMIT_NOFILE + JDK-8324646: Avoid Class.forName in SecureRandom constructor + JDK-8324648: Avoid NoSuchMethodError when instantiating NativePRNG + JDK-8324668: JDWP process management needs more efficient file descriptor handling + JDK-8324753: [AIX] adjust os_posix after JDK-8318696 + JDK-8324755: Enable parallelism in vmTestbase/gc/gctests/LargeObjects tests + JDK-8324933: ConcurrentHashTable::statistics_calculate synchronization is expensive + JDK-8325022: Incorrect error message on client authentication + JDK-8325179: Race in BasicDirectoryModel.validateFileCache + JDK-8325194: GHA: Add macOS M1 testing + JDK-8325384: sun/security/ssl/SSLSessionImpl/ /ResumptionUpdateBoundValues.java failing intermittently when main thread is a virtual thread + JDK-8325444: GHA: JDK-8325194 causes a regression + JDK-8325567: jspawnhelper without args fails with segfault + JDK-8325620: HTMLReader uses ConvertAction instead of specified CharacterAction for <b>, <i>, <u> + JDK-8325621: Improve jspawnhelper version checks + JDK-8325754: Dead AbstractQueuedSynchronizer$ConditionNodes survive minor garbage collections + JDK-8326106: Write and clear stack trace table outside of safepoint + JDK-8326332: Unclosed inline tags cause misalignment in summary tables + JDK-8326446: The User and System of jdk.CPULoad on Apple M1 are inaccurate + JDK-8326734: text-decoration applied to <span> lost when mixed with <u> or <s> + JDK-8327007: javax/swing/JSpinner/8008657/bug8008657.java fails + JDK-8327137: Add test for ConcurrentModificationException in BasicDirectoryModel + JDK-8327312: [17u] Problem list ReflectionCallerCacheTest.java due to 8324978 + JDK-8327424: ProblemList serviceability/sa/TestJmapCore.java on all platforms with ZGC + JDK-8327650: Test java/nio/channels/DatagramChannel/ /StressNativeSignal.java timed out + JDK-8327787: Convert javax/swing/border/Test4129681.java applet test to main + JDK-8327840: Automate javax/swing/border/Test4129681.java + JDK-8328011: Convert java/awt/Frame/GetBoundsResizeTest/ /GetBoundsResizeTest.java applet test to main + JDK-8328075: Shenandoah: Avoid forwarding when objects don't move in full-GC + JDK-8328110: Allow simultaneous use of PassFailJFrame with split UI and additional windows + JDK-8328115: Convert java/awt/font/TextLayout/ /TestJustification.html applet test to main + JDK-8328158: Convert java/awt/Choice/NonFocusablePopupMenuTest to automatic main test + JDK-8328218: Delete test java/awt/Window/FindOwner/FindOwner.html + JDK-8328234: Remove unused nativeUtils files + JDK-8328238: Convert few closed manual applet tests to main + JDK-8328269: NonFocusablePopupMenuTest.java should be marked as headful + JDK-8328273: sun/management/jmxremote/bootstrap/ /RmiRegistrySslTest.java failed with java.rmi.server.ExportException: Port already in use + JDK-8328560: java/awt/event/MouseEvent/ClickDuringKeypress/ /ClickDuringKeypress.java imports Applet + JDK-8328561: test java/awt/Robot/ManualInstructions/ /ManualInstructions.java isn't used + JDK-8328642: Convert applet test MouseDraggedOutCauseScrollingTest.html to main + JDK-8328647: TestGarbageCollectorMXBean.java fails with C1-only and -Xcomp + JDK-8328896: Fontmetrics for large Fonts has zero width + JDK-8328953: JEditorPane.read throws ChangedCharSetException + JDK-8328999: Update GIFlib to 5.2.2 + JDK-8329004: Update Libpng to 1.6.43 + JDK-8329103: assert(!thread->in_asgct()) failed during multi-mode profiling + JDK-8329109: Threads::print_on() tries to print CPU time for terminated GC threads + JDK-8329126: No native wrappers generated anymore with -XX:-TieredCompilation after JDK-8251462 + JDK-8329134: Reconsider TLAB zapping + JDK-8329510: Update ProblemList for JFileChooser/8194044/FileSystemRootTest.java + JDK-8329559: Test javax/swing/JFrame/bug4419914.java failed because The End and Start buttons are not placed correctly and Tab focus does not move as expected + JDK-8329605: hs errfile generic events - move memory protections and nmethod flushes to separate sections + JDK-8329663: hs_err file event log entry for thread adding/removing should print current thread + JDK-8329667: [macos] Issue with JTree related fix for JDK-8317771 + JDK-8329995: Restricted access to `/proc` can cause JFR initialization to crash + JDK-8330063: Upgrade jQuery to 3.7.1 + JDK-8330524: Linux ppc64le compile warning with clang in os_linux_ppc.cpp + JDK-8330611: AES-CTR vector intrinsic may read out of bounds (x86_64, AVX-512) + JDK-8330615: avoid signed integer overflows in zip_util.c readCen / hashN + JDK-8331011: [XWayland] TokenStorage fails under Security Manager + JDK-8331063: Some HttpClient tests don't report leaks + JDK-8331077: nroff man page update for jar tool + JDK-8331164: createJMHBundle.sh download jars fail when url needed to be redirected + JDK-8331265: Bump update version for OpenJDK: jdk-17.0.13 + JDK-8331331: :tier1 target explanation in doc/testing.md is incorrect + JDK-8331466: Problemlist serviceability/dcmd/gc/ /RunFinalizationTest.java on generic-all + JDK-8331605: jdk/test/lib/TestMutuallyExclusivePlatformPredicates.java test failure + JDK-8331746: Create a test to verify that the cmm id is not ignored + JDK-8331798: Remove unused arg of checkErgonomics() in TestMaxHeapSizeTools.java + JDK-8331885: C2: meet between unloaded and speculative types is not symmetric + JDK-8332008: Enable issuestitle check + JDK-8332113: Update nsk.share.Log to be always verbose + JDK-8332174: Remove 2 (unpaired) RLO Unicode characters in ff_Adlm.xml + JDK-8332248: (fc) java/nio/channels/FileChannel/ /BlockDeviceSize.java failed with RuntimeException + JDK-8332424: Update IANA Language Subtag Registry to Version 2024-05-16 + JDK-8332524: Instead of printing 'TLSv1.3,' it is showing 'TLS13' + JDK-8332898: failure_handler: log directory of commands + JDK-8332936: Test vmTestbase/metaspace/gc/watermark_70_80/ /TestDescription.java fails with no GC's recorded + JDK-8333270: HandlersOnComplexResetUpdate and HandlersOnComplexUpdate tests fail with 'Unexpected reference' if timeoutFactor is less than 1/3 + JDK-8333353: Delete extra empty line in CodeBlob.java + JDK-8333398: Uncomment the commented test in test/jdk/java/ /util/jar/JarFile/mrjar/MultiReleaseJarAPI.java + JDK-8333477: Delete extra empty spaces in Makefiles + JDK-8333698: [17u] TestJstatdRmiPort fails after JDK-8333667 + JDK-8333716: Shenandoah: Check for disarmed method before taking the nmethod lock + JDK-8333724: Problem list security/infra/java/security/cert/ /CertPathValidator/certification/CAInterop.java #teliasonerarootcav1 + JDK-8333804: java/net/httpclient/ForbiddenHeadTest.java threw an exception with 0 failures + JDK-8334166: Enable binary check + JDK-8334297: (so) java/nio/channels/SocketChannel/OpenLeak.java should not depend on SecurityManager + JDK-8334332: TestIOException.java fails if run by root + JDK-8334333: MissingResourceCauseTestRun.java fails if run by root + JDK-8334335: [TESTBUG] Backport of 8279164 to 11u & 17u includes elements of JDK-8163327 + JDK-8334339: Test java/nio/file/attribute/ /BasicFileAttributeView/CreationTime.java fails on alinux3 + JDK-8334418: Update IANA Language Subtag Registry to Version 2024-06-14 + JDK-8334482: Shenandoah: Deadlock when safepoint is pending during nmethods iteration + JDK-8334600: TEST java/net/MulticastSocket/IPMulticastIF.java fails on linux-aarch64 + JDK-8334653: ISO 4217 Amendment 177 Update + JDK-8334769: Shenandoah: Move CodeCache_lock close to its use in ShenandoahConcurrentNMethodIterator + JDK-8335536: Fix assertion failure in IdealGraphPrinter when append is true + JDK-8335775: Remove extraneous 's' in comment of rawmonitor.cpp test file + JDK-8335808: update for deprecated sprintf for jfrTypeSetUtils + JDK-8335918: update for deprecated sprintf for jvmti + JDK-8335967: 'text-decoration: none' does not work with 'A' HTML tags + JDK-8336301: test/jdk/java/nio/channels/ /AsyncCloseAndInterrupt.java leaves around a FIFO file upon test completion + JDK-8336928: GHA: Bundle artifacts removal broken + JDK-8337038: Test java/nio/file/attribute/ /BasicFileAttributeView/CreationTime.java shoud set as /native + JDK-8337283: configure.log is truncated when build dir is on different filesystem + JDK-8337664: Distrust TLS server certificates issued after Oct 2024 and anchored by Entrust Root CAs + JDK-8337669: [17u] Backport of JDK-8284047 missed to delete a file + JDK-8338139: {ClassLoading,Memory}MXBean::isVerbose methods are inconsistent with their setVerbose methods + JDK-8338696: (fs) BasicFileAttributes.creationTime() falls back to epoch if birth time is unavailable (Linux) + JDK-8339869: [21u] Test CreationTime.java fails with UnsatisfiedLinkError after 8334339 + JDK-8341057: Add 2 SSL.com TLS roots + JDK-8341059: Change Entrust TLS distrust date to November 12, 2024 + JDK-8341673: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.13 Moderate SUSE bug 1231702 SUSE bug 1231711 SUSE bug 1231716 SUSE bug 1231719 CVE-2024-21208 at SUSE CVE-2024-21208 at NVD CVE-2024-21210 at SUSE CVE-2024-21210 at NVD CVE-2024-21217 at SUSE CVE-2024-21217 at NVD CVE-2024-21235 at SUSE CVE-2024-21235 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-wxPython (Moderate) openSUSE Leap 15.6 This update for python-wxPython fixes the following issues: Security issue fixed: - CVE-2024-50602: Fixed a denial of service in the vendored libexpat's XML_ResumeParser function (bsc#1232590). Non-security issues fixed: - rebuilt for python 3.11 (bsc#1228252). - add repack script, do not include packaging/ dir in sources - Reduce complexity by not rewriting subpackages at all. - Appease factory-auto bot about package src name. - Add additional patches fixing the situation with Python 3.10 compatibility. - Split out the TW python3 flavors into multibuild using the python_subpackage_only mechanism: Multiple python3 flavors sequentially require too much space and time in one build. Moderate SUSE bug 1228252 SUSE bug 1232590 CVE-2024-50602 at SUSE CVE-2024-50602 at NVD cpe:/o:opensuse:leap:15.6 Recommended update for mojo-parent (Moderate) openSUSE Leap 15.6 This update for mojo-parent fixes the following issues: xalan-j2 was updated from version 2.7.2 to 2.7.3: - Security issues fixed: * CVE-2022-34169: Fixed integer truncation issue when processing malicious XSLT stylesheets (bsc#1201684) - Changes and Bugs fixed: * Java 8 is now the minimum requirement * Upgraded to Apache Commons BCEL 6.7.0 * Upgraded to Xerces-J 2.12.2 mojo-parent was updated from version 70 to 82: - Main changes: * Potentially Breaking Changes: + mojo.java.target should be set as '8', without '1.' + spotless plugin must be executed by JDK 11 at least + ossrh-snapshots repository was removed from parent * New features and improvements: + Removed SHA-512 checksum for source release artifact + Use only project version as tag for release + Added space before close empty elements in poms by spotless + Using Checkstyle together with Spotless + Introduce spotless for automatic code formatting + Introduce enforcer rule for minimal version of Java and Maven + Use new Plugin Tools report - maven-plugin-report-plugin + Added sisu-maven-plugin + Introduced maven.version property + Execute spotless by JDK 11 at least + Use release options for m-compiler-p with newer JDKs + Allow override of invoker.streamLogsOnFailures + Require Maven 3.9.x at least for releases + Added maven-wrapper-plugin to pluginManagement + Removed ossrh-snapshots repository from MojoHaus parent + Added build-helper-maven-plugin to pluginManagement + Require Maven 3.6.3+ + Updated palantirJavaFormat for spotless - JDK 21 compatible + Added dependencyManagement for maven-shade-plugin + Dropped recommendedJavaBuildVersion property + Format Markdown files with Spotless Plugin * Bugs fixed: + Restore source release distribution in child projects + Rename property maven.version to mavenVersion + minimalMavenBuildVersion should not be overriding by mavenVersion + Use simple checkstyle rules since spotless is executed by default + Use old spotless version only for JDK < 11 + Fixed spotless configuration for markdown - Other changes: * Removed Google search box due to privacy * Put version for mrm-maven-plugin in property * Added streamLogsOnFailures to m-invoker-p * Added property for maven-fluido-skin version * Setup Apache Matomo analytics * Require Maven 3.2.5 * Added SHA-512 hashes * Extract plugin version as variable so child pom can override if needed * Removed issue-tracking as no longer exists * Removed cim report as no longer exists bcel was updated from version 5.2 to 6.10: - Many APIs have been extended - Added riscv64 support - Various bugs were fixed apache-commons-lang3 was updated to version 3.12.0 to 3.16.0: - Included new APIs that are needed by bcel 6.x - Various minor bugs were fixed xerces-j2: - Improved RPM packaging build instructions netty3: - Generate sources with protobuf instead of using pre-generated ones Moderate CVE-2022-34169 at SUSE CVE-2022-34169 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-36244: net/sched: taprio: extend minimum interval restriction to entire cycle too (bsc#1226797). - CVE-2024-41031: mm/filemap: skip to create PMD-sized page cache if needed (bsc#1228454). - CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620). - CVE-2024-44958: sched/smt: Fix unbalance sched_smt_present dec/inc (bsc#1230179). - CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429). - CVE-2024-45025: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (bsc#1230456). - CVE-2024-46678: bonding: change ipsec_lock from spin lock to mutex (bsc#1230550). - CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710) - CVE-2024-46754: bpf: Remove tst_run from lwt_seg6local_prog_ops (bsc#1230801). - CVE-2024-46766: ice: move netif_queue_set_napi to rtnl-protected sections (bsc#1230762). - CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763). - CVE-2024-46775: drm/amd/display: Validate function returns (bsc#1230774). - CVE-2024-46777: udf: Avoid excessive partition lengths (bsc#1230773). - CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191). - CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197). - CVE-2024-46826: ELF: fix kernel.randomize_va_space double read (bsc#1231115). - CVE-2024-46828: uprobes: fix kernel info leak via '[uprobes]' vma (bsc#1231114). - CVE-2024-46831: net: microchip: vcap: Fix use-after-free error in kunit test (bsc#1231117). - CVE-2024-46834: ethtool: fail closed if we can't get max channel used in indirection tables (bsc#1231096). - CVE-2024-46840: btrfs: clean up our handling of refs == 0 in snapshot delete (bsc#1231105). - CVE-2024-46841: btrfs: do not BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() (bsc#1231094). - CVE-2024-46843: scsi: ufs: core: Remove SCSI host only if added (bsc#1231100). - CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084). - CVE-2024-46855: netfilter: nft_socket: fix sk refcount leaks (bsc#1231085). - CVE-2024-46857: net/mlx5: Fix bridge mode operations when there are no VFs (bsc#1231087). - CVE-2024-46870: drm/amd/display: Disable DMCUB timeout for DCN35 (bsc#1231435). - CVE-2024-47658: crypto: stm32/cryp - call finalize with bh disabled (bsc#1231436). - CVE-2024-47660: fsnotify: clear PARENT_WATCHED flags lazily (bsc#1231439). - CVE-2024-47664: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware (bsc#1231442). - CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673). - CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987). - CVE-2024-47685: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (bsc#1231998). - CVE-2024-47687: vdpa/mlx5: Fix invalid mr resource destroy (bsc#1232003). - CVE-2024-47692: nfsd: return -EINVAL when namelen is 0 (bsc#1231857). - CVE-2024-47704: drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944). - CVE-2024-47705: block: fix potential invalid pointer dereference in blk_add_partition (bsc#1231872). - CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942). - CVE-2024-47707: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (bsc#1231935). - CVE-2024-47710: sock_map: Add a cond_resched() in sock_hash_free() (bsc#1232049). - CVE-2024-47727: x86/tdx: Fix 'in-kernel MMIO' check (bsc#1232116). - CVE-2024-47730: crypto: hisilicon/qm - inject error before stopping queue (bsc#1232075). - CVE-2024-47731: drivers/perf: Fix ali_drw_pmu driver interrupt status clearing (bsc#1232117). - CVE-2024-47739: padata: use integer wrap around to prevent deadlock on seq_nr overflow (bsc#1232124). - CVE-2024-47741: btrfs: fix race setting file private on concurrent lseek using same fd (bsc#1231869). - CVE-2024-47745: mm: split critical region in remap_file_pages() and invoke LSMs in between (bsc#1232135). - CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145). - CVE-2024-47752: media: mediatek: vcodec: Fix H264 stateless decoder smatch warning (bsc#1232130). - CVE-2024-47753: media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning (bsc#1231868). - CVE-2024-47754: media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning (bsc#1232131). - CVE-2024-49852: scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() (bsc#1232819). - CVE-2024-49864: rxrpc: Fix a race between socket set up and I/O thread creation (bsc#1232256). - CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner kthread during umount (bsc#1232262). - CVE-2024-49881: ext4: update orig_path in ext4_find_extent() (bsc#1232201). - CVE-2024-49882: ext4: fix double brelse() the buffer of the extents path (bsc#1232200). - CVE-2024-49883: ext4: aovid use-after-free in ext4_ext_insert_extent() (bsc#1232199). - CVE-2024-49888: bpf: Fix a sdiv overflow issue (bsc#1232208). - CVE-2024-49890: drm/amd/pm: ensure the fw_info is not null before using it (bsc#1232217). - CVE-2024-49892: drm/amd/display: Initialize get_bytes_per_element's default to 1 (bsc#1232220). - CVE-2024-49894: drm/amd/display: Fix index out of bounds in degamma hardware format translation (bsc#1232354). - CVE-2024-49895: drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation (bsc#1232352). - CVE-2024-49896: drm/amd/display: Check stream before comparing them (bsc#1232221). - CVE-2024-49897: drm/amd/display: Check phantom_stream before it is used (bsc#1232355). - CVE-2024-49898: drm/amd/display: Check null-initialized variables (bsc#1232222). - CVE-2024-49901: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs (bsc#1232305). - CVE-2024-49906: drm/amd/display: Check null pointer before try to access it (bsc#1232332). - CVE-2024-49907: drm/amd/display: Check null pointers before using dc->clk_mgr (bsc#1232334). - CVE-2024-49908: drm/amd/display: Add null check for 'afb' in amdgpu_dm_update_cursor (bsc#1232335). - CVE-2024-49909: drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func (bsc#1232337). - CVE-2024-49913: drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream (bsc#1232307). - CVE-2024-49914: drm/amd/display: Add null check for pipe_ctx->plane_state in (bsc#1232369). - CVE-2024-49917: drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw (bsc#1231965). - CVE-2024-49918: drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer (bsc#1231967). - CVE-2024-49919: drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer (bsc#1231968). - CVE-2024-49920: drm/amd/display: Check null pointers before multiple uses (bsc#1232313). - CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424). - CVE-2024-49946: ppp: do not assume bh is held in ppp_channel_bridge_input() (bsc#1232164). - CVE-2024-49949: net: avoid potential underflow in qdisc_pkt_len_init() with UFO (bsc#1232160). - CVE-2024-49950: Bluetooth: L2CAP: Fix uaf in l2cap_connect (bsc#1232159). - CVE-2024-49953: net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice (bsc#1232156). - CVE-2024-49954: static_call: Replace pointless WARN_ON() in static_call_module_notify() (bsc#1232155). - CVE-2024-49958: ocfs2: reserve space for inline xattr before attaching reflink tree (bsc#1232151). - CVE-2024-49959: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (bsc#1232149). - CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395). - CVE-2024-49967: ext4: no need to continue when the number of entries is 1 (bsc#1232140). - CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519). - CVE-2024-49972: drm/amd/display: Deallocate DML memory if allocation fails (bsc#1232315). - CVE-2024-49973: r8169: add tally counter fields added with RTL8125 (bsc#1232105). - CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383). - CVE-2024-49986: platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors (bsc#1232093). - CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282). - CVE-2024-49993: iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count (bsc#1232316). - CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432). - CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089). - CVE-2024-50000: net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (bsc#1232085). - CVE-2024-50001: net/mlx5: Fix error path in multi-packet WQE transmit (bsc#1232084). - CVE-2024-50002: static_call: Handle module init failure correctly in static_call_del_module() (bsc#1232083). - CVE-2024-50015: ext4: dax: fix overflowing extents beyond inode size when partially writing (bsc#1232079). - CVE-2024-50020: ice: Fix improper handling of refcount in ice_sriov_set_msix_vec_count() (bsc#1231989). - CVE-2024-50021: ice: Fix improper handling of refcount in ice_dpll_init_rclk_pins() (bsc#1231957). - CVE-2024-50022: device-dax: correct pgoff align in dax_set_mapping() (bsc#1231956). - CVE-2024-50024: net: Fix an unsafe loop on the list (bsc#1231954). - CVE-2024-50027: thermal: core: Free tzp copy along with the thermal zone (bsc#1231951). - CVE-2024-50028: thermal: core: Reference count the zone in thermal_zone_get_by_id() (bsc#1231950). - CVE-2024-50033: slip: make slhc_remember() more robust against malicious packets (bsc#1231914). - CVE-2024-50035: ppp: fix ppp_async_encode() illegal access (bsc#1232392). - CVE-2024-50040: igb: Do not bring the device up after non-fatal error (bsc#1231908). - CVE-2024-50041: i40e: Fix macvlan leak by synchronizing access to mac_filter_hash (bsc#1231907). - CVE-2024-50042: ice: Fix increasing MSI-X on VF (bsc#1231906). - CVE-2024-50045: netfilter: br_netfilter: fix panic with metadata_dst skb (bsc#1231903). - CVE-2024-50046: kabi fix for NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (bsc#1231902). - CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418). - CVE-2024-50059: ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (bsc#1232345). - CVE-2024-50060: io_uring: check if we need to reschedule during overflow flush (bsc#1232417). - CVE-2024-50063: kABI: bpf: struct bpf_map kABI workaround (bsc#1232435). - CVE-2024-50064: zram: do not free statically defined names (bsc#1231901). - CVE-2024-50080: ublk: do not allow user copy for unprivileged device (bsc#1232502). - CVE-2024-50081: blk-mq: setup queue ->tag_set before initializing hctx (bsc#1232501). The following non-security bugs were fixed: - 9p: explicitly deny setlease attempts (git-fixes). - ACPI: CPPC: Add support for setting EPP register in FFH (stable-fixes). - ACPI: CPPC: Make rmw_lock a raw_spin_lock (git-fixes). - ACPI: EC: Do not release locks during operation region accesses (stable-fixes). - ACPI: PAD: fix crash in exit_round_robin() (stable-fixes). - ACPI: PRM: Clean up guid type in struct prm_handler_info (git-fixes). - ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (git-fixes). - ACPI: battery: Fix possible crash when unregistering a battery hook (git-fixes). - ACPI: battery: Simplify battery hook locking (stable-fixes). - ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue (stable-fixes). - ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] (stable-fixes). - ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] (stable-fixes). - ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[] (stable-fixes). - ACPI: resource: Add another DMI match for the TongFang GMxXGxx (stable-fixes). - ACPI: video: Add force_vendor quirk for Panasonic Toughbook CF-18 (stable-fixes). - ACPICA: Fix memory leak if acpi_ps_get_next_field() fails (stable-fixes). - ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails (stable-fixes). - ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (stable-fixes). - ACPICA: iasl: handle empty connection_node (stable-fixes). - ALSA/hda: intel-sdw-acpi: cleanup sdw_intel_scan_controller (stable-fixes). - ALSA/hda: intel-sdw-acpi: fetch fwnode once in sdw_intel_scan_controller() (stable-fixes). - ALSA/hda: intel-sdw-acpi: simplify sdw-master-count property read (stable-fixes). - ALSA: Reorganize kerneldoc parameter names (stable-fixes). - ALSA: asihpi: Fix potential OOB array access (stable-fixes). - ALSA: core: add isascii() check to card ID generator (stable-fixes). - ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (git-fixes). - ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2 (stable-fixes). - ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2 (git-fixes). - ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin (git-fixes). - ALSA: hda/conexant: fix some typos (stable-fixes). - ALSA: hda/cs8409: Fix possible NULL dereference (git-fixes). - ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs (bsc#1219803). - ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200 (stable-fixes). - ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 (stable-fixes). - ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 (stable-fixes). - ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13 (stable-fixes). - ALSA: hda/realtek: Enable mic on Vaio VJFH52 (stable-fixes). - ALSA: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3 (stable-fixes). - ALSA: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1 (stable-fixes). - ALSA: hda/realtek: Fix the push button function for the ALC257 (git-fixes). - ALSA: hda/realtek: Limit internal Mic boost on Dell platform (stable-fixes). - ALSA: hda/realtek: Refactor and simplify Samsung Galaxy Book init (stable-fixes). - ALSA: hda/realtek: Update default depop procedure (git-fixes). - ALSA: hda/realtek: fix mute/micmute LED for HP mt645 G8 (stable-fixes). - ALSA: hda/realtek: tas2781: Fix ROG ALLY X audio (stable-fixes). - ALSA: hda/tas2781: Add new quirk for Lenovo Y990 Laptop (stable-fixes). - ALSA: hda/tas2781: Add new quirk for Lenovo, ASUS, Dell projects (stable-fixes). - ALSA: hda/tas2781: select CRC32 instead of CRC32_SARWATE (git-fixes). - ALSA: hda: Sound support for HP Spectre x360 16 inch model 2024 (stable-fixes). - ALSA: hda: tas2781: Fix missing setup at runtime PM (bsc#1230132). - ALSA: hdsp: Break infinite MIDI input flush loop (stable-fixes). - ALSA: line6: add hw monitor volume control to POD HD500X (stable-fixes). - ALSA: line6: update contact information (stable-fixes). - ALSA: mixer_oss: Remove some incorrect kfree_const() usages (git-fixes). - ALSA: silence integer wrapping warning (stable-fixes). - ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET (stable-fixes). - ALSA: usb-audio: Add input value sanity checks for standard types (stable-fixes). - ALSA: usb-audio: Add logitech Audio profile quirk (stable-fixes). - ALSA: usb-audio: Add native DSD support for Luxman D-08u (stable-fixes). - ALSA: usb-audio: Add quirk for HP 320 FHD Webcam (bsc#1232768). - ALSA: usb-audio: Add quirks for Dell WD19 dock (stable-fixes). - ALSA: usb-audio: Define macros for quirk table entries (stable-fixes). - ALSA: usb-audio: Replace complex quirk lines with macros (stable-fixes). - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet (stable-fixes). - ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated codec (stable-fixes). - ASoC: Intel: sst: Fix used of uninitialized ctx to log an error (git-fixes). - ASoC: Intel: sst: Support LPE0F28 ACPI HID (stable-fixes). - ASoC: amd: yc: Add quirk for HP Dragonfly pro one (stable-fixes). - ASoC: atmel: mchp-pdmc: Skip ALSA restoration if substream runtime is uninitialized (git-fixes). - ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values (stable-fixes). - ASoC: codecs: rt5640: Always disable IRQs from rt5640_cancel_work() (stable-fixes). - ASoC: codecs: wsa883x: Handle reading version failure (stable-fixes). - ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() (git-fixes). - ASoC: dapm: fix bounds checker error in dapm_widget_list_create (git-fixes). - ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit (stable-fixes). - ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m (git-fixes). - ASoC: max98388: Fix missing increment of variable slot_found (git-fixes). - ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() (git-fixes). - ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string (stable-fixes). - ASoC: tas2781: Use of_property_read_reg() (stable-fixes). - Bluetooth: Call iso_exit() on module unload (git-fixes). - Bluetooth: ISO: Fix multiple init when debugfs is disabled (git-fixes). - Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change (git-fixes). - Bluetooth: Remove debugfs directory on module init failure (git-fixes). - Bluetooth: bnep: fix wild-memory-access in proto_unregister (git-fixes). - Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0489:0xe122 (stable-fixes). - Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 (git-fixes). - Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs (git-fixes). - Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (git-fixes). - HID: Ignore battery for all ELAN I2C-HID devices (stable-fixes). - HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() (git-fixes). - HID: i2c-hid: Remove I2C_HID_QUIRK_SET_PWR_WAKEUP_DEV quirk (stable-fixes). - HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio (stable-fixes). - HID: multitouch: Add support for lenovo Y9000P Touchpad (stable-fixes). - HID: plantronics: Workaround for an unexcepted opposite volume key (stable-fixes). - Input: adp5589-keys - fix NULL pointer dereference (git-fixes). - Input: adp5589-keys - fix adp5589_gpio_get_value() (git-fixes). - Input: edt-ft5x06 - fix regmap leak when probe fails (git-fixes). - Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table (stable-fixes). - Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table (stable-fixes). - Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line (stable-fixes). - KVM: Fix coalesced_mmio_has_room() to avoid premature userspace exit (git-fixes). - KVM: SVM: Disallow guest from changing userspace's MSR_AMD64_DE_CFG value (git-fixes). - KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock (git-fixes). - KVM: VMX: Also clear SGX EDECCSSA in KVM CPU caps when SGX is disabled (git-fixes). - KVM: VMX: Set PFERR_GUEST_{FINAL,PAGE}_MASK if and only if the GVA is valid (git-fixes). - KVM: Write the per-page 'segment' when clearing (part of) a guest page (git-fixes). - KVM: s390: Change virtual to physical address access in diag 0x258 handler (git-fixes bsc#1232626). - KVM: s390: Fix SORTL and DFLTCC instruction format error in __insn32_query (git-fixes bsc#1231276). - KVM: s390: gaccess: Check if guest address is in memslot (git-fixes bsc#1232623). - KVM: x86/mmu: Skip emulation on page fault iff 1+ SPs were unprotected (git-fixes). - KVM: x86/mmu: Trigger unprotect logic only on write-protection page faults (git-fixes). - KVM: x86: Dedup fastpath MSR post-handling logic (git-fixes). - KVM: x86: Enforce x2APIC's must-be-zero reserved ICR bits (git-fixes). - KVM: x86: Exit to userspace if fastpath triggers one on instruction skip (git-fixes). - KVM: x86: Move x2APIC ICR helper above kvm_apic_write_nodecode() (git-fixes). - KVM: x86: Re-enter guest if WRMSR(X2APIC_ICR) fastpath is successful (git-fixes). - KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) (git-fixes). - NFS: Avoid unnecessary rescanning of the per-server delegation list (git-fixes). - NFSD: Fix NFSv4's PUTPUBFH operation (git-fixes). - NFSD: Mark filecache 'down' if init fails (git-fixes). - NFSv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016). - NFSv4: Fix clearing of layout segments in layoutreturn (git-fixes). - PCI: Add ACS quirk for Qualcomm SA8775P (stable-fixes). - PCI: Add function 0 DMA alias quirk for Glenfly Arise chip (stable-fixes). - PCI: Fix pci_enable_acs() support for the ACS quirks (bsc#1229019). - PCI: Mark Creative Labs EMU20k2 INTx masking as broken (stable-fixes). - RAS/AMD/ATL: Add amd_atl pr_fmt() prefix (jsc#PED-10559). - RAS/AMD/ATL: Expand helpers for adding and removing base and hole (jsc#PED-10559). - RAS/AMD/ATL: Implement DF 4.5 NP2 denormalization (jsc#PED-10559). - RAS/AMD/ATL: Read DRAM hole base early (jsc#PED-10559). - RAS/AMD/ATL: Validate address map when information is gathered (jsc#PED-10559). - RDMA/bnxt_re: Add a check for memory allocation (git-fixes) - RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop (git-fixes) - RDMA/bnxt_re: Change the sequence of updating the CQ toggle value (git-fixes) - RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (git-fixes) - RDMA/bnxt_re: Fix a possible memory leak (git-fixes) - RDMA/bnxt_re: Fix incorrect AVID type in WQE structure (git-fixes) - RDMA/bnxt_re: Fix incorrect dereference of srq in async event (git-fixes) - RDMA/bnxt_re: Fix out of bound check (git-fixes) - RDMA/bnxt_re: Fix the GID table length (git-fixes) - RDMA/bnxt_re: Fix the max CQ WQEs for older adapters (git-fixes) - RDMA/bnxt_re: Fix the usage of control path spin locks (git-fixes) - RDMA/bnxt_re: Return more meaningful error (git-fixes) - RDMA/bnxt_re: synchronize the qp-handle table array (git-fixes) - RDMA/core: Fix ENODEV error for iWARP test over vlan (git-fixes) - RDMA/cxgb4: Dump vendor specific QP details (git-fixes) - RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (git-fixes) - RDMA/irdma: Fix misspelling of 'accept*' (git-fixes) - RDMA/mad: Improve handling of timed out WRs of mad agent (git-fixes) - RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page (git-fixes). - RDMA/mana_ib: use the correct page table index based on hardware page size (git-fixes). - RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults (git-fixes) - RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down (git-fixes) - RDMA/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled (git-fixes). - RDMA/rtrs-srv: Avoid null pointer deref during path establishment (git-fixes) - RDMA/srpt: Make slab cache names unique (git-fixes) - SUNRPC: Fix integer overflow in decode_rc_list() (git-fixes). - SUNRPC: Fixup gss_status tracepoint error output (git-fixes). - SUNRPC: clnt.c: Remove misleading comment (git-fixes). - USB: appledisplay: close race between probe and completion handler (git-fixes). - USB: misc: cypress_cy7c63: check for short transfer (git-fixes). - USB: misc: yurex: fix race between read and write (git-fixes). - USB: serial: option: add Telit FN920C04 MBIM compositions (stable-fixes). - USB: serial: option: add support for Quectel EG916Q-GL (stable-fixes). - Update config files: Enable NFSD_V2 (bsc#1230914) - Use pahole -j1 option for reproducible builds (bsc#1230414 bsc#1229450). - accel/qaic: Fix the for loop used to walk SG table (git-fixes). - add bug reference for a mana change (bsc#1229769). - add bug references to existing mana changes (bsc#1232033, bsc#1232034, bsc#1232036). - arm64: Subscribe Microsoft Azure Cobalt 100 to erratum 3194386 (git-fixes) - arm64: cputype: Add Neoverse-N3 definitions (git-fixes) - arm64: errata: Enable the AC03_CPU_38 workaround for ampere1a (git-fixes). - arm64: errata: Expand speculative SSBS workaround once more (git-fixes) - arm64: esr: Define ESR_ELx_EC_* constants as UL (git-fixes) - arm64: fix selection of HAVE_DYNAMIC_FTRACE_WITH_ARGS (git-fixes). - arm64: probes: Fix simulate_ldr*_literal() (git-fixes) - arm64: probes: Fix uprobes for big-endian kernels (git-fixes) - arm64: probes: Remove broken LDR (literal) uprobe support (git-fixes) - ata: libata: Set DID_TIME_OUT for commands that actually timed out (git-fixes). - ata: libata: avoid superfluous disk spin down + spin up during hibernation (git-fixes). - audit: do not WARN_ON_ONCE(!current->mm) in audit_exe_compare() (git-fixes). - audit: do not take task_lock() in audit_exe_compare() code path (git-fixes). - block: print symbolic error name instead of error code (bsc#1231872). - block: sed-opal: add ioctl IOC_OPAL_SET_SID_PW (bsc#1229677). - bnxt_en: Cap the size of HWRM_PORT_PHY_QCFG forwarded response (git-fixes). - bnxt_en: Fix error recovery for 5760X (P7) chips (git-fixes). - bnxt_en: Fix the PCI-AER routines (git-fixes). - bnxt_en: Restore PTP tx_avail count in case of skb_pad() error (git-fixes). - bnxt_en: refactor reset close code (git-fixes). - bpf, lsm: Add disabled BPF LSM hook list (git-fixes). - bpf, net: Fix a potential race in do_sock_getsockopt() (git-fixes). - bpf, verifier: Correct tail_call_reachable for bpf prog (git-fixes). - bpf, x64: Remove tail call detection (git-fixes). - bpf,perf: Fix perf_event_detach_bpf_prog error handling (git-fixes). - bpf: Fail verification for sign-extension of packet data/data_end/data_meta (git-fixes). - bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit (git-fixes). - bpf: Fix error message on kfunc arg type mismatch (git-fixes). - bpf: Fix helper writes to read-only maps (git-fixes). - bpf: Fix tailcall cases in test_bpf (git-fixes). - bpf: Fix truncation bug in coerce_reg_to_size_sx() (git-fixes). - bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types (git-fixes). - bpf: Remove truncation test in bpf_strtol and bpf_strtoul helpers (git-fixes). - bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error (git-fixes). - bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos (git-fixes). - btf, scripts: rust: drop is_rust_module.sh (bsc#1230414 bsc#1229450). - btrfs: send: fix invalid clone operation for file that got its size decreased (git-fixes). - can: netlink: avoid call to do_set_data_bittiming callback with stale can_priv::ctrlmode (stable-fixes). - ceph: fix cap ref leak via netfs init_request (bsc#1231384). - clk: bcm: bcm53573: fix OF node leak in init (stable-fixes). - clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D (stable-fixes). - comedi: ni_routing: tools: Check when the file could not be opened (stable-fixes). - config: Disable LAM on x86 (bsc#1217845) - cpufreq/amd-pstate: Fix amd_pstate mode switch on shared memory systems (git-fixes). - crypto: hisilicon/qm - flush all work before driver removed (bsc#1232075) - crypto: octeontx - Fix authenc setkey (stable-fixes). - crypto: octeontx* - Select CRYPTO_AUTHENC (git-fixes). - crypto: octeontx2 - Fix authenc setkey (stable-fixes). - crypto: powerpc/p10-aes-gcm - Add dependency on CRYPTO_SIMD and re-enable CRYPTO_AES_GCM_P10 (bsc#1230501 ltc#208632) - crypto: powerpc/p10-aes-gcm - Disable CRYPTO_AES_GCM_P10 (bsc#1230501 ltc#208632). - crypto: powerpc/p10-aes-gcm - Re-write AES/GCM stitched implementation (bsc#1230501 ltc#208632). - crypto: powerpc/p10-aes-gcm - Register modules as SIMD (bsc#1230501 ltc#208632). - cxgb4: Properly lock TX queue for the selftest (git-fixes). - cxgb4: add forgotten u64 ivlan cast before shift (git-fixes). - cxgb4: unnecessary check for 0 in the free_sge_txq_uld() function (git-fixes). - dcache: keep dentry_hashtable or d_hash_shift even when not used (git-fixes). - debugfs: fix automount d_fsdata usage (git-fixes). - devlink: Fix command annotation documentation (git-fixes). - dmaengine: sh: rz-dmac: handle configs where one address is zero (git-fixes). - dmaengine: ti: k3-udma: Set EOP for all TRs in cyclic BCDMA transfer (git-fixes). - driver core: bus: Fix double free in driver API bus_register() (stable-fixes). - driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute (stable-fixes). - drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring (git-fixes). - drm/amd/display: Add HDMI DSC native YCbCr422 support (stable-fixes). - drm/amd/display: Add disable timeout option (bsc#1231435) - drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944) - drm/amd/display: Check null pointer before dereferencing se (stable-fixes). - drm/amd/display: Clean up dsc blocks in accelerated mode (stable-fixes). - drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too (stable-fixes). - drm/amd/display: Remove a redundant check in authenticated_dp (stable-fixes). - drm/amd/display: Revert 'Check HDCP returned status' (stable-fixes). - drm/amd/display: Round calculated vtotal (stable-fixes). - drm/amd/display: Skip to enable dsc if it has been off (stable-fixes). - drm/amd/display: Validate backlight caps are sane (stable-fixes). - drm/amd/pm: Vangogh: Fix kernel memory out of bounds write (git-fixes). - drm/amd: Guard against bad data for ATIF ACPI method (git-fixes). - drm/amdgpu/swsmu: Only force workload setup on init (git-fixes). - drm/amdgpu/vcn: enable AV1 on both instances (stable-fixes). - drm/i915/gem: fix bitwise and logical AND mixup (git-fixes). - drm/i915/hdcp: fix connector refcounting (git-fixes). - drm/mediatek: Fix get efuse issue for MT8188 DPTX (git-fixes). - drm/msm/dpu: check for overflow in _dpu_crtc_setup_lm_bounds() (git-fixes). - drm/msm/dpu: do not always program merge_3d block (git-fixes). - drm/msm/dpu: make sure phys resources are properly initialized (git-fixes). - drm/msm/dpu: move CRTC resource assignment to dpu_encoder_virt_atomic_check (git-fixes). - drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation (git-fixes). - drm/msm/dsi: improve/fix dsc pclk calculation (git-fixes). - drm/msm: Allocate memory for disp snapshot with kvzalloc() (git-fixes). - drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() (git-fixes). - drm/radeon: Fix encoder->possible_clones (git-fixes). - drm/sched: Add locking to drm_sched_entity_modify_sched (git-fixes). - drm/sched: Always wake up correct scheduler in drm_sched_entity_push_job (git-fixes). - drm/v3d: Stop the active perfmon before being destroyed (git-fixes). - drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (stable-fixes). - drm/vc4: Stop the active perfmon before being destroyed (git-fixes). - drm/vmwgfx: Handle surface check failure correctly (git-fixes). - drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS (git-fixes). - e1000e: Fix S0ix residency on corporate systems (git-fixes). - e1000e: change I219 (19) devices to ADP (git-fixes). - e1000e: fix force smbus during suspend flow (git-fixes). - e1000e: move force SMBUS near the end of enable_ulp function (git-fixes). - efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (stable-fixes). - eth: bnxt: fix counting packets discarded due to OOM and netpoll (git-fixes). - ext4: do not track ranges in fast_commit if inode has inlined data (bsc#1231635). - ext4: fix fast commit inode enqueueing during a full journal commit (bsc#1231636). - ext4: fix incorrect tid assumption in ext4_fc_mark_ineligible() (bsc#1231637). - ext4: fix possible tid_t sequence overflows (bsc#1231634). - ext4: fix slab-use-after-free in ext4_split_extent_at() (bsc#1232201) - ext4: mark fc as ineligible using an handle in ext4_xattr_set() (bsc#1231640). - ext4: use handle to mark fc as ineligible in __track_dentry_update() (bsc#1231639). - fat: fix uninitialized variable (git-fixes). - fbcon: Fix a NULL pointer dereference issue in fbcon_putcs (stable-fixes). - fbdev: sisfb: Fix strbuf array overflow (stable-fixes). - fgraph: Change the name of cpuhp state to 'fgraph:online' (git-fixes). - fgraph: Fix missing unlock in register_ftrace_graph() (git-fixes). - fgraph: Use CPU hotplug mechanism to initialize idle shadow stacks (git-fixes). - filemap: remove use of wait bookmarks (bsc#1224088). - firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() (git-fixes). - firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup() (git-fixes). - firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() (git-fixes). - fs/9p: drop inodes immediately on non-.L too (git-fixes). - fs/9p: fix the cache always being enabled on files with qid flags (git-fixes). - genirq/msi: Fix off-by-one error in msi_domain_alloc() (git-fixes). - gpio: aspeed: Add the flush write to ensure the write complete (git-fixes). - gpio: aspeed: Use devm_clk api to manage clock source (git-fixes). - gpio: davinci: fix lazy disable (git-fixes). - gve: Fix XDP TX completion handling when counters overflow (git-fixes). - gve: Fix an edge case for TSO skb validity check (git-fixes). - gve: ignore nonrelevant GSO type bits when processing TSO headers (git-fixes). - hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma (git-fixes). - hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (git-fixes). - hwmon: (adm9240) Add missing dependency on REGMAP_I2C (git-fixes). - hwmon: (adt7470) Add missing dependency on REGMAP_I2C (git-fixes). - hwmon: (max16065) Fix alarm attributes (git-fixes). - hwmon: (max16065) Remove use of i2c_match_id() (stable-fixes). - hwmon: (mc34vr500) Add missing dependency on REGMAP_I2C (git-fixes). - hwmon: (nct6775) add G15CF to ASUS WMI monitoring list (stable-fixes). - hwmon: (tmp513) Add missing dependency on REGMAP_I2C (git-fixes). - hwmon: intel-m10-bmc-hwmon: relabel Columbiaville to CVL Die Temperature (git-fixes). - i2c: core: Setup i2c_adapter runtime-pm before calling device_add() (git-fixes). - i2c: core: fix lockdep warning for sparsely nested adapter chain (git-fixes). - i2c: cpm: Remove linux,i2c-index conversion from be32 (git-fixes). - i2c: exynos5: Calculate t_scl_l, t_scl_h according to i2c spec (git-fixes). - i2c: i801: Add lis3lv02d for Dell Precision 3540 (git-fixes). - i2c: i801: Add lis3lv02d for Dell XPS 15 7590 (git-fixes). - i2c: i801: Use a different adapter-name for IDF adapters (stable-fixes). - i2c: i801: add helper i801_restore_regs (git-fixes). - i2c: ismt: kill transaction in hardware on timeout (git-fixes). - i2c: ocores: Move system PM hooks to the NOIRQ phase (git-fixes). - i2c: ocores: Remove #ifdef guards for PM related functions (git-fixes). - i2c: omap: switch to NOIRQ_SYSTEM_SLEEP_PM_OPS() and RUNTIME_PM_OPS() (git-fixes). - i2c: omap: wakeup the controller during suspend() callback (git-fixes). - i2c: rcar: properly format a debug output (git-fixes). - i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume (git-fixes). - i2c: stm32f7: perform most of irq job in threaded handler (git-fixes). - i2c: synquacer: Deal with optional PCLK correctly (git-fixes). - i2c: synquacer: Remove a clk reference from struct synquacer_i2c (stable-fixes). - i2c: xiic: Try re-initialization on bus busy timeout (git-fixes). - i2c: xiic: improve error message when transfer fails to start (stable-fixes). - i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition (stable-fixes). - i40e: Fix XDP program unloading while removing the driver (git-fixes). - i40e: Report MFS in decimal base instead of hex (git-fixes). - iavf: Fix TC config comparison with existing adapter TC config (git-fixes). - ice: Fix VSI list rule with ICE_SW_LKUP_LAST type (git-fixes). - ice: Fix checking for unsupported keys on non-tunnel device (git-fixes). - ice: Fix lldp packets dropping after changing the number of channels (git-fixes). - ice: Fix netif_is_ice() in Safe Mode (git-fixes). - ice: Fix package download algorithm (git-fixes). - ice: Fix recipe read procedure (git-fixes). - ice: Fix reset handler (git-fixes). - ice: Flush FDB entries before reset (git-fixes). - ice: Interpret .set_channels() input differently (git-fixes). - ice: Rebuild TC queues on VSI queue reconfiguration (git-fixes). - ice: Reject pin requests with unsupported flags (git-fixes). - ice: add flag to distinguish reset from .ndo_bpf in XDP rings config (git-fixes). - ice: add missing WRITE_ONCE when clearing ice_rx_ring::xdp_prog (git-fixes). - ice: avoid IRQ collision to fix init failure on ACPI S3 resume (git-fixes). - ice: clear port vlan config during reset (git-fixes). - ice: disallow DPLL_PIN_STATE_SELECTABLE for dpll output pins (git-fixes). - ice: do not bring the VSI up, if it was down before the XDP setup (git-fixes). - ice: do not busy wait for Rx queue disable in ice_qp_dis() (git-fixes). - ice: fix 200G PHY types to link speed mapping (git-fixes). - ice: fix 200G link speed message log (git-fixes). - ice: fix ICE_LAST_OFFSET formula (git-fixes). - ice: fix VLAN replay after reset (git-fixes). - ice: fix VSI lists confusion when adding VLANs (git-fixes). - ice: fix accounting for filters shared by multiple VSIs (git-fixes). - ice: fix accounting if a VLAN already exists (git-fixes). - ice: fix iteration of TLVs in Preserved Fields Area (git-fixes). - ice: fix page reuse when PAGE_SIZE is over 8k (git-fixes). - ice: fix reads from NVM Shadow RAM on E830 and E825-C devices (git-fixes). - ice: fix truesize operations for PAGE_SIZE >= 8192 (git-fixes). - ice: implement AQ download pkg retry (git-fixes). - ice: map XDP queues to vectors in ice_vsi_map_rings_to_vectors() (git-fixes). - ice: remove af_xdp_zc_qps bitmap (git-fixes). - ice: replace synchronize_rcu with synchronize_net (git-fixes). - ice: respect netif readiness in AF_XDP ZC related ndo's (git-fixes). - ice: set correct dst VSI in only LAN filters (git-fixes). - ice: tc: allow zero flags in parsing tc flower (git-fixes). - ice: tc: check src_vsi in case of traffic from VF (git-fixes). - ice: use proper macro for testing bit (git-fixes). - idpf: Interpret .set_channels() input differently (git-fixes). - idpf: avoid bloating &idpf_q_vector with big %NR_CPUS (git-fixes). - idpf: do not enable NAPI and interrupts prior to allocating Rx buffers (git-fixes). - idpf: do not skip over ethtool tcp-data-split setting (git-fixes). - idpf: fix UAFs when destroying the queues (git-fixes). - idpf: fix memleak in vport interrupt configuration (git-fixes). - idpf: fix memory leaks and crashes while performing a soft reset (git-fixes). - ieee802154: Fix build error (git-fixes). - igb: Always call igb_xdp_ring_update_tail() under Tx lock (git-fixes). - igb: Fix not clearing TimeSync interrupts for 82580 (git-fixes). - igc: Fix double reset adapter triggered from a single taprio cmd (git-fixes). - igc: Fix packet still tx after gate close by reducing i226 MAC retry buffer (git-fixes). - igc: Fix qbv tx latency by setting gtxoffset (git-fixes). - igc: Fix qbv_config_change_errors logics (git-fixes). - igc: Fix reset adapter logics when tx mode change (git-fixes). - igc: Unlock on error in igc_io_resume() (git-fixes). - iio: accel: bma400: Fix uninitialized variable field_value in tap event handling (git-fixes). - iio: accel: kx022a: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes). - iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() (git-fixes). - iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes). - iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes). - iio: adc: ti-lmp92064: add missing select REGMAP_SPI in Kconfig (git-fixes). - iio: amplifiers: ada4250: add missing select REGMAP_SPI in Kconfig (git-fixes). - iio: dac: ad3552r: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes). - iio: dac: ad5766: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes). - iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig (git-fixes). - iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig (git-fixes). - iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig (git-fixes). - iio: frequency: adf4377: add missing select REMAP_SPI in Kconfig (git-fixes). - iio: frequency: admv4420: fix missing select REMAP_SPI in Kconfig (git-fixes). - iio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table() (git-fixes). - iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table() (git-fixes). - iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() (git-fixes). - iio: light: opt3001: add missing full-scale range value (git-fixes). - iio: light: veml6030: fix ALS sensor resolution (git-fixes). - iio: light: veml6030: fix IIO device retrieval from embedded device (git-fixes). - iio: light: veml6030: fix microlux value calculation (git-fixes). - iio: magnetometer: ak8975: Convert enum->pointer for data in the match tables (stable-fixes). - iio: magnetometer: ak8975: Fix 'Unexpected device' error (git-fixes). - iio: magnetometer: ak8975: drop incorrect AK09116 compatible (git-fixes). - iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes). - io_uring/eventfd: move to more idiomatic RCU free usage (git-fixes). - io_uring/io-wq: do not allow pinning outside of cpuset (git-fixes). - io_uring/io-wq: inherit cpuset of cgroup in io worker (git-fixes). - io_uring/net: harden multishot termination case for recv (git-fixes). - io_uring/rw: fix cflags posting for single issue multishot read (git-fixes). - io_uring/rw: treat -EOPNOTSUPP for IOCB_NOWAIT like -EAGAIN (git-fixes). - io_uring/sqpoll: do not allow pinning outside of cpuset (git-fixes). - io_uring/sqpoll: do not put cpumask on stack (git-fixes). - io_uring/sqpoll: retain test for whether the CPU is valid (git-fixes). - io_uring: check for presence of task_work rather than TIF_NOTIFY_SIGNAL (git-fixes). - iommu/amd: Allocate the page table root using GFP_KERNEL (git-fixes). - iommu/amd: Do not set the D bit on AMD v2 table entries (git-fixes). - iommu/amd: Fix typo of , instead of ; (git-fixes). - iommu/vt-d: Always reserve a domain ID for identity setup (git-fixes). - iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices (git-fixes). - iommufd: Check the domain owner of the parent before creating a nesting domain (git-fixes). - iommufd: Protect against overflow of ALIGN() during iova allocation (git-fixes). - jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit (bsc#1231638). - jfs: Fix sanity check in dbMount (git-fixes). - jfs: Fix uaf in dbFreeBits (git-fixes). - jfs: Fix uninit-value access of new_ea in ea_buffer (git-fixes). - jfs: UBSAN: shift-out-of-bounds in dbFindBits (git-fixes). - jfs: check if leafidx greater than num leaves per dmap tree (git-fixes). - jump_label: Fix static_key_slow_dec() yet again (git-fixes). - kABI fix of VM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) (git-fixes). - kABI: bpf: enum bpf_{type_flag,arg_type} kABI workaround (git-fixes). - kABI: bpf: struct bpf_insn_acces_aux kABI workaround (git-fixes). - kasan: Fix Software Tag-Based KASAN with GCC (git-fixes). - kbuild, bpf: Use test-ge check for v1.25-only pahole (bsc#1230414 bsc#1229450). - kbuild,bpf: Add module-specific pahole flags for distilled base BTF (bsc#1230414 bsc#1229450). - kbuild,bpf: Switch to using --btf_features for pahole v1.26 and later (bsc#1230414 bsc#1229450). - kbuild: avoid too many execution of scripts/pahole-flags.sh (bsc#1230414 bsc#1229450). - kbuild: bpf: Tell pahole to DECL_TAG kfuncs (bsc#1230414 bsc#1229450). - kconfig: qconf: fix buffer overflow in debug links (git-fixes). - keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry (git-fixes). - keys: Fix overwrite of key expiration on instantiation (git-fixes). - kthread: unpark only parked kthread (git-fixes). - lib/xarray: introduce a new helper xas_get_order (bsc#1231617). - mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING (git-fixes). - macsec: do not increment counters for an unrelated SA (git-fixes). - maple_tree: correct tree corruption on spanning store (git-fixes). - media: bttv: use audio defaults for winfast2000 (git-fixes). - media: core: v4l2-ioctl: check if ioctl is known to avoid NULL name (git-fixes). - media: i2c: imx335: Enable regulator supplies (stable-fixes). - media: imx335: Fix reset-gpio handling (git-fixes). - media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning (git-fixes). - media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() (stable-fixes). - media: videobuf2: fix typo: vb2_dbuf -> vb2_qbuf (git-fixes). - mei: use kvmalloc for read buffer (git-fixes). - mfd: intel_soc_pmic_chtwc: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes). - minmax: avoid overly complex min()/max() macro arguments in xen (git-fixes). - mlx5: avoid truncating error message (git-fixes). - mlx5: stop warning for 64KB pages (git-fixes). - mm/filemap: optimize filemap folio adding (bsc#1231617). - mm/filemap: return early if failed to allocate memory for split (bsc#1231617). - mm: khugepaged: fix the arguments order in khugepaged_collapse_file trace point (git-fixes). - mm: mmap: no need to call khugepaged_enter_vma() for stack (jsc#PED-10978). - modpost: fix acpi MODULE_DEVICE_TABLE built with mismatched endianness (git-fixes). - modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host (git-fixes). - module: abort module loading when sysfs setup suffer errors (git-fixes). - nbd: fix race between timeout and normal completion (bsc#1230918). - net/mlx5: Add missing masks and QoS bit masks for scheduling elements (git-fixes). - net/mlx5: Added cond_resched() to crdump collection (git-fixes). - net/mlx5: Check capability for fw_reset (git-fixes). - net/mlx5: Check for invalid vector index on EQ creation (git-fixes). - net/mlx5: Explicitly set scheduling element and TSAR type (git-fixes). - net/mlx5: Fix command bitmask initialization (git-fixes). - net/mlx5: Fix error handling in irq_pool_request_irq (git-fixes). - net/mlx5: Lag, do bond only if slaves agree on roce state (git-fixes). - net/mlx5: Lag, do not use the hardcoded value of the first port (git-fixes). - net/mlx5: Stop waiting for PCI if pci channel is offline (git-fixes). - net/mlx5: Unregister notifier on eswitch init failure (git-fixes). - net/mlx5: Update the list of the PCI supported devices (git-fixes). - net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (git-fixes). - net/mlx5e: Add missing link mode to ptys2ext_ethtool_map (git-fixes). - net/mlx5e: Add missing link modes to ptys2ethtool_map (git-fixes). - net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup() (git-fixes). - net/mlx5e: Correctly report errors for ethtool rx flows (git-fixes). - net/mlx5e: Do not call cleanup on profile rollback failure (git-fixes). - net/mlx5e: Fix IPsec tunnel mode offload feature check (git-fixes). - net/mlx5e: Fix UDP GSO for encapsulated packets (git-fixes). - net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets (git-fixes). - net/mlx5e: Require mlx5 tc classifier action support for IPsec prio capability (git-fixes). - net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (git-fixes). - net: mana: Implement get_ringparam/set_ringparam for mana (bsc#1229891). - net: mana: Improve mana_set_channels() in low mem conditions (bsc#1230289). - net: phy: Remove LED entry from LEDs list on unregister (git-fixes). - net: phy: bcm84881: Fix some error handling paths (git-fixes). - net: phy: dp83869: fix memory corruption when enabling fiber (git-fixes). - net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() (git-fixes). - net: qede: use return from qede_parse_actions() (git-fixes). - net: qede: use return from qede_parse_flow_attr() for flow_spec (git-fixes). - net: qede: use return from qede_parse_flow_attr() for flower (git-fixes). - net: stmmac: dwmac-tegra: Fix link bring-up sequence (git-fixes) - net: sysfs: Fix /sys/class/net/&lt;iface> path for statistics (git-fixes). - net: test for not too small csum_start in virtio_net_hdr_to_skb() (git-fixes). - net: usb: usbnet: fix name regression (get-fixes). - net: usb: usbnet: fix race in probe failure (git-fixes). - netdevsim: use cond_resched() in nsim_dev_trap_report_work() (git-fixes). - nfs: fix memory leak in error path of nfs4_do_reclaim (git-fixes). - nfsd: call cache_put if xdr_reserve_space returns NULL (git-fixes). - nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net (git-fixes). - nfsd: fix delegation_blocked() to block correctly for at least 30 seconds (git-fixes). - nfsd: fix refcount leak when file is unhashed after being found (git-fixes). - nfsd: map the EBADMSG to nfserr_io to avoid warning (git-fixes). - nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire (git-fixes). - nfsd: return -EINVAL when namelen is 0 (git-fixes). - nilfs2: fix kernel bug due to missing clearing of buffer delay flag (git-fixes). - nouveau/dmem: Fix privileged error in copy engine channel (git-fixes). - nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error (git-fixes). - nouveau/gsp: Avoid addressing beyond end of rpc->entries (stable-fixes). - ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). - nvme-multipath: suppress partition scan until the disk is ready (bsc#1228244). - nvme-pci: fix race condition between reset and nvme_dev_disable() (git-fixes). - nvme-pci: qdepth 1 quirk (git-fixes). - nvme-pci: set doorbell config before unquiescing (git-fixes). - nvme: disable CC.CRIME (NVME_CC_CRIME) (jsc#PED-9901). - nvme: null terminate nvme_tls_attrs (git-fixes). - nvme: re-fix error-handling for io_uring nvme-passthrough (git-fixes). - nvmet-auth: assign dh_key to NULL after kfree_sensitive (git-fixes). - ocfs2: fix the la space leak when unmounting an ocfs2 volume (git-fixes). - ocfs2: fix uninit-value in ocfs2_get_block() (git-fixes). - ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (git-fixes). - parport: Proper fix for array out-of-bounds access (git-fixes). - phy: freescale: imx8m-pcie: Do CMN_RST just before PHY PLL lock check (git-fixes). - phy: qcom: qmp-combo: move driver data initialisation earlier (git-fixes). - phy: qcom: qmp-usb: fix NULL-deref on runtime suspend (git-fixes). - phy: tegra: xusb: Add error pointer check in xusb.c (git-fixes). - phy: ti: phy-j721e-wiz: fix usxgmii configuration (git-fixes). - pinctrl: apple: check devm_kasprintf() returned value (git-fixes). - pinctrl: ocelot: fix system hang on level based interrupts (stable-fixes). - platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug (git-fixes). - platform/x86: dell-sysman: add support for alienware products (stable-fixes). - platform/x86: dell-wmi: Ignore suspend notifications (stable-fixes). - platform/x86: lenovo-ymc: Ignore the 0x0 state (stable-fixes). - platform/x86: touchscreen_dmi: add nanote-next quirk (stable-fixes). - power: reset: brcmstb: Do not go into infinite loop if reset fails (stable-fixes). - powercap: intel_rapl: Fix off by one in get_rpi() (git-fixes). - powerpc/64: Convert patch_instruction() to patch_u32() (bsc#1194869). - powerpc/boot: Handle allocation failure in simple_realloc() (bsc#1194869). - powerpc/boot: Only free if realloc() succeeds (bsc#1194869). - powerpc/code-patching: Add generic memory patching (bsc#1194869). - powerpc/code-patching: Perform hwsync in __patch_instruction() in case of failure (bsc#1194869). - powerpc/crypto: do not build aes-gcm-p10 by default (bsc#1230501 ltc#208632). - powerpc/crypto: fix missing skcipher dependency for aes-gcm-p10 (bsc#1230501 ltc#208632). - powerpc/vdso: Fix VDSO data access when running in a non-root time namespace (bsc#1194869). - powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (bsc#1194869). - powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729). - printk: Add notation to console_srcu locking (bsc#1232183). - qed: avoid truncating work queue length (git-fixes). - rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (bsc#1226631). - rcu: Fix buffer overflow in print_cpu_stall_info() (bsc#1226623). - rpm/check-for-config-changes: add HAVE_RUST and RUSTC_SUPPORTS_ to IGNORED_CONFIGS_RE They depend on SHADOW_CALL_STACK. - rpm/release-projects: Add SLFO projects (bsc#1231293). - rpmsg: glink: Handle rejected intent request better (git-fixes). - runtime constants: add default dummy infrastructure (git-fixes). - runtime constants: add x86 architecture support (git-fixes). - s390/mm: Add cond_resched() to cmm_alloc/free_pages() (bsc#1228747). - s390/pci: Handle PCI error codes other than 0x3a (git-fixes bsc#1232629). - s390/sclp: Deactivate sclp after all its users (git-fixes bsc#1232628). - s390/sclp_vt220: Convert newlines to CRLF instead of LFCR (git-fixes bsc#1232627). - scsi: fnic: Move flush_work initialization out of if block (bsc#1230055). - scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() (bsc#1232757). - scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance (bsc#1232757). - scsi: lpfc: Fix kref imbalance on fabric ndlps from dev_loss_tmo handler (bsc#1232757). - scsi: lpfc: Remove trailing space after \n newline (bsc#1232757). - scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs (bsc#1232757 bsc#1228119). - scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR to KERN_WARNING (bsc#1232757). - scsi: lpfc: Support loopback tests with VMID enabled (bsc#1232757). - scsi: lpfc: Update lpfc version to 14.4.0.5 (bsc#1232757). - scsi: lpfc: Update phba link state conditional before sending CMF_SYNC_WQE (bsc#1232757). - selftests/bpf: Add a test case to write mtu result into .rodata (git-fixes). - selftests/bpf: Add a test case to write strtol result into .rodata (git-fixes). - selftests/bpf: Add test for sign extension in coerce_subreg_to_size_sx() (git-fixes). - selftests/bpf: Add test for truncation after sign extension in coerce_reg_to_size_sx() (git-fixes). - selftests/bpf: Add tests for ldsx of pkt data/data_end/data_meta accesses (git-fixes). - selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test (git-fixes). - selftests/bpf: Rename ARG_PTR_TO_LONG test description (git-fixes). - selftests/bpf: test for malformed BPF_CORE_TYPE_ID_LOCAL relocation (git-fixes). - serial: imx: Update mctrl old_status on RTSD interrupt (git-fixes). - serial: protect uart_port_dtr_rts() in uart_shutdown() too (stable-fixes). - soundwire: intel_bus_common: enable interrupts before exiting reset (stable-fixes). - spi: atmel-quadspi: Fix wrong register value written to MR (git-fixes). - spi: mtk-snfi: fix kerneldoc for mtk_snand_is_page_ops() (git-fixes). - spi: s3c64xx: fix timeout counters in flush_fifo (git-fixes). - spi: spi-fsl-dspi: Fix crash when not using GPIO chip select (git-fixes). - spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes). - splice: always fsnotify_access(in), fsnotify_modify(out) on success (git-fixes). - splice: fsnotify_access(fd)/fsnotify_modify(fd) in vmsplice (git-fixes). - splice: fsnotify_access(in), fsnotify_modify(out) on success in tee (git-fixes). - srcu: Fix callbacks acceleration mishandling (git-fixes). - staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() (git-fixes). - sumversion: Fix a memory leak in get_src_version() (git-fixes). - supported.conf: mark nhpoly1305 module as supported (bsc#1231035) - supported.conf: mark ultravisor userspace access as supported (bsc#1232090) - task_work: add kerneldoc annotation for 'data' argument (git-fixes). - thunderbolt: Improve DisplayPort tunnel setup process to be more robust (stable-fixes). - tools: hv: rm .*.cmd when make clean (git-fixes). - tracing/hwlat: Fix a race during cpuhp processing (git-fixes). - tracing/osnoise: Fix build when timerlat is not enabled (git-fixes). - tracing/osnoise: Skip running osnoise if all instances are off (git-fixes). - tracing/osnoise: Switch from PF_NO_SETAFFINITY to migrate_disable (git-fixes). - tracing/osnoise: Use a cpumask to know what threads are kthreads (git-fixes). - tracing/timerlat: Add interface_lock around clearing of kthread in stop_kthread() (git-fixes). - tracing/timerlat: Add user-space interface (git-fixes). - tracing/timerlat: Drop interface_lock in stop_kthread() (git-fixes). - tracing/timerlat: Fix a race during cpuhp processing (git-fixes). - tracing/timerlat: Fix duplicated kthread creation due to CPU online/offline (git-fixes). - tracing/timerlat: Move hrtimer_init to timerlat_fd open() (git-fixes). - tracing/timerlat: Only clear timer if a kthread exists (git-fixes). - tracing: Consider the NULL character when validating the event length (git-fixes). - tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (stable-fixes). - ubifs: Fix adding orphan entry twice for the same inode (git-fixes). - ubifs: Fix unattached xattr inode if powercut happens after deleting (git-fixes). - ubifs: add check for crypto_shash_tfm_digest (git-fixes). - ubifs: dbg_orphan_check: Fix missed key type checking (git-fixes). - unicode: Do not special case ignorable code points (stable-fixes). - uprobe: avoid out-of-bounds memory access of fetching args (git-fixes). - uprobes: encapsulate preparation of uprobe args buffer (git-fixes). - uprobes: introduce the global struct vm_special_mapping xol_mapping (bsc#1231114). - uprobes: turn xol_area->pages into xol_area->page (bsc#1231114). - usb: chipidea: udc: enable suspend interrupt after usb reset (stable-fixes). - usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario (stable-fixes). - usb: dwc3: Wait for EndXfer completion before restoring GUSB2PHYCFG (git-fixes). - usb: dwc3: core: Stop processing of pending events if controller is halted (git-fixes). - usb: gadget: core: force synchronous registration (git-fixes). - usb: gadget: f_uac2: Replace snprintf() with the safer scnprintf() variant (stable-fixes). - usb: gadget: f_uac2: fix non-newline-terminated function name (stable-fixes). - usb: gadget: f_uac2: fix return value for UAC2_ATTRIBUTE_STRING store (git-fixes). - usb: phy: Fix API devm_usb_put_phy() can not release the phy (git-fixes). - usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip (stable-fixes). - usb: typec: altmode should keep reference to parent (git-fixes). - usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() (git-fixes). - usb: xhci: Fix problem with xhci resume from suspend (stable-fixes). - usb: xhci: fix loss of data on Cadence xHC (git-fixes). - usbip: tools: Fix detach_port() invalid port error path (git-fixes). - usbnet: fix cyclical race on disconnect with work queue (git-fixes). - vdpa: Fix an error handling path in eni_vdpa_probe() (git-fixes). - vdpa_sim_blk: Fix the potential leak of mgmt_dev (git-fixes). - vdpa_sim_blk: allocate the buffer zeroed (git-fixes). - vduse: avoid using __GFP_NOFAIL (git-fixes). - vfs: dcache: move hashlen_hash() from callers into d_hash() (git-fixes). - vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (git-fixes). - vhost_vdpa: assign irq bypass producer token correctly (git-fixes). - virtio_console: fix misc probe bugs (git-fixes). - vmalloc: modify the alloc_vmap_area() error message for better diagnostics (jsc#PED-10978). - vmxnet3: Add XDP support (bsc#1226498). - vmxnet3: Fix missing reserved tailroom (bsc#1226498). - vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame (bsc#1226498). - vmxnet3: add command to allow disabling of offloads (bsc#1226498). - vmxnet3: add latency measurement support in vmxnet3 (bsc#1226498). - vmxnet3: prepare for version 9 changes (bsc#1226498). - vmxnet3: update to version 9 (bsc#1226498). - vt: prevent kernel-infoleak in con_font_get() (git-fixes). - wifi: ath10k: Fix memory leak in management tx (git-fixes). - wifi: ath11k: Fix invalid ring usage in full monitor mode (git-fixes). - wifi: ath11k: fix array out-of-bound access in SoC stats (stable-fixes). - wifi: ath12k: fix array out-of-bound access in SoC stats (stable-fixes). - wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() (stable-fixes). - wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit (stable-fixes). - wifi: brcm80211: BRCM_TRACING should depend on TRACING (git-fixes). - wifi: cfg80211: Set correct chandef when starting CAC (stable-fixes). - wifi: cfg80211: clear wdev->cqm_config pointer on free (git-fixes). - wifi: iwlegacy: Fix 'field-spanning write' warning in il_enqueue_hcmd() (git-fixes). - wifi: iwlwifi: allow only CN mcc from WRDD (stable-fixes). - wifi: iwlwifi: config: label 'gl' devices as discrete (git-fixes). - wifi: iwlwifi: mvm: Fix a race in scan abort flow (stable-fixes). - wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() (git-fixes). - wifi: iwlwifi: mvm: avoid NULL pointer dereference (stable-fixes). - wifi: iwlwifi: mvm: do not add default link in fw restart flow (git-fixes). - wifi: iwlwifi: mvm: do not leak a link on AP removal (git-fixes). - wifi: iwlwifi: mvm: drop wrong STA selection in TX (stable-fixes). - wifi: iwlwifi: mvm: use correct key iteration (stable-fixes). - wifi: iwlwifi: remove AX101, AX201 and AX203 support from LNL (stable-fixes). - wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower (git-fixes). - wifi: mac80211: fix RCU list iterations (stable-fixes). - wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys (git-fixes). - wifi: mt76: mt7915: add dummy HW offload of IEEE 802.11 fragmentation (stable-fixes). - wifi: mt76: mt7915: disable tx worker during tx BA session enable/disable (stable-fixes). - wifi: mt76: mt7915: hold dev->mt76.mutex while disabling tx worker (stable-fixes). - wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() (stable-fixes). - wifi: rtw88: 8821cu: Remove VID/PID 0bda:c82c (stable-fixes). - wifi: rtw88: Fix USB/SDIO devices not transmitting beacons (git-fixes). - wifi: rtw88: select WANT_DEV_COREDUMP (stable-fixes). - wifi: rtw89: avoid reading out of bounds when loading TX power FW elements (stable-fixes). - wifi: rtw89: avoid to add interface to list twice when SER (stable-fixes). - wifi: rtw89: correct base HT rate mask for firmware (stable-fixes). - x86/CPU/AMD: Only apply Zenbleed fix for Zen2 during late microcode load (git-fixes). - x86/Documentation: Indent 'note::' directive for protocol version number note (git-fixes). - x86/PCI: Check pcie_find_root_port() return for NULL (git-fixes). - x86/amd_nb: Add new PCI IDs for AMD family 1Ah model 60h (git-fixes). - x86/apic: Always explicitly disarm TSC-deadline timer (git-fixes). - x86/apic: Make x2apic_disable() work correctly (git-fixes). - x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (git-fixes). - x86/bugs: Skip RSB fill at VMEXIT (git-fixes). - x86/cpufeatures: Add a IBPB_NO_RET BUG flag (git-fixes). - x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (git-fixes). - x86/entry: Have entry_ibpb() invalidate return predictions (git-fixes). - x86/entry: Remove unwanted instrumentation in common_interrupt() (git-fixes). - x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency (git-fixes). - x86/mm: Use IPIs to synchronize LAM enablement (git-fixes). - x86/resctrl: Annotate get_mem_config() functions as __init (git-fixes). - x86/resctrl: Avoid overflow in MB settings in bw_validate() (git-fixes). - x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler (git-fixes). - x86: do the user address masking outside the user access area (git-fixes). - x86: fix user address masking non-canonical speculation issue (git-fixes). - x86: make the masked_user_access_begin() macro use its argument only once (git-fixes). - x86: support user address masking instead of non-speculative conditional (git-fixes). - xfs: check opcode and iovec count match in xlog_recover_attri_commit_pass2 (git-fixes). - xfs: check shortform attr entry flags specifically (git-fixes). - xfs: convert delayed extents to unwritten when zeroing post eof blocks (git-fixes). - xfs: fix finding a last resort AG in xfs_filestream_pick_ag (git-fixes). - xfs: fix freeing speculative preallocations for preallocated files (git-fixes). - xfs: make sure sb_fdblocks is non-negative (git-fixes). - xfs: make the seq argument to xfs_bmapi_convert_delalloc() optional (git-fixes). - xfs: make xfs_bmapi_convert_delalloc() to allocate the target offset (git-fixes). - xfs: remove a racy if_bytes check in xfs_reflink_end_cow_extent (git-fixes). - xfs: validate recovered name buffers when recovering xattr items (git-fixes). - xhci: Add a quirk for writing ERST in high-low order (git-fixes). - xhci: Fix Link TRB DMA in command ring stopped completion event (git-fixes). - xhci: Fix incorrect stream context type macro (git-fixes). - xhci: Mitigate failed set dequeue pointer commands (git-fixes). - xhci: Use pm_runtime_get to prevent RPM on unsupported systems (git-fixes). - xhci: tegra: fix checked USB2 port number (git-fixes). - zonefs: Improve error handling (git-fixes). Important SUSE bug 1065729 SUSE bug 1194869 SUSE bug 1217845 SUSE bug 1218562 SUSE bug 1219596 SUSE bug 1219803 SUSE bug 1220382 SUSE bug 1223384 SUSE bug 1223700 SUSE bug 1223824 SUSE bug 1223848 SUSE bug 1224088 SUSE bug 1224574 SUSE bug 1225611 SUSE bug 1226003 SUSE bug 1226498 SUSE bug 1226623 SUSE bug 1226631 SUSE bug 1226797 SUSE bug 1226848 SUSE bug 1228119 SUSE bug 1228244 SUSE bug 1228269 SUSE bug 1228410 SUSE bug 1228454 SUSE bug 1228537 SUSE bug 1228620 SUSE bug 1228743 SUSE bug 1228747 SUSE bug 1228857 SUSE bug 1229019 SUSE bug 1229429 SUSE bug 1229450 SUSE bug 1229585 SUSE bug 1229677 SUSE bug 1229769 SUSE bug 1229808 SUSE bug 1229891 SUSE bug 1230055 SUSE bug 1230132 SUSE bug 1230179 SUSE bug 1230220 SUSE bug 1230289 SUSE bug 1230295 SUSE bug 1230339 SUSE bug 1230341 SUSE bug 1230375 SUSE bug 1230414 SUSE bug 1230429 SUSE bug 1230456 SUSE bug 1230501 SUSE bug 1230527 SUSE bug 1230550 SUSE bug 1230600 SUSE bug 1230620 SUSE bug 1230710 SUSE bug 1230762 SUSE bug 1230763 SUSE bug 1230773 SUSE bug 1230774 SUSE bug 1230801 SUSE bug 1230831 SUSE bug 1230914 SUSE bug 1230918 SUSE bug 1231016 SUSE bug 1231035 SUSE bug 1231072 SUSE bug 1231073 SUSE bug 1231075 SUSE bug 1231081 SUSE bug 1231082 SUSE bug 1231083 SUSE bug 1231084 SUSE bug 1231085 SUSE bug 1231087 SUSE bug 1231089 SUSE bug 1231092 SUSE bug 1231093 SUSE bug 1231094 SUSE bug 1231096 SUSE bug 1231098 SUSE bug 1231100 SUSE bug 1231101 SUSE bug 1231102 SUSE bug 1231105 SUSE bug 1231108 SUSE bug 1231111 SUSE bug 1231114 SUSE bug 1231115 SUSE bug 1231116 SUSE bug 1231117 SUSE bug 1231131 SUSE bug 1231132 SUSE bug 1231135 SUSE bug 1231136 SUSE bug 1231138 SUSE bug 1231148 SUSE bug 1231169 SUSE bug 1231170 SUSE bug 1231171 SUSE bug 1231178 SUSE bug 1231179 SUSE bug 1231183 SUSE bug 1231187 SUSE bug 1231191 SUSE bug 1231193 SUSE bug 1231195 SUSE bug 1231197 SUSE bug 1231200 SUSE bug 1231202 SUSE bug 1231203 SUSE bug 1231276 SUSE bug 1231293 SUSE bug 1231384 SUSE bug 1231434 SUSE bug 1231435 SUSE bug 1231436 SUSE bug 1231439 SUSE bug 1231440 SUSE bug 1231441 SUSE bug 1231442 SUSE bug 1231452 SUSE bug 1231474 SUSE bug 1231481 SUSE bug 1231496 SUSE bug 1231502 SUSE bug 1231537 SUSE bug 1231539 SUSE bug 1231540 SUSE bug 1231541 SUSE bug 1231617 SUSE bug 1231634 SUSE bug 1231635 SUSE bug 1231636 SUSE bug 1231637 SUSE bug 1231638 SUSE bug 1231639 SUSE bug 1231640 SUSE bug 1231673 SUSE bug 1231828 SUSE bug 1231849 SUSE bug 1231855 SUSE bug 1231856 SUSE bug 1231857 SUSE bug 1231858 SUSE bug 1231859 SUSE bug 1231860 SUSE bug 1231861 SUSE bug 1231864 SUSE bug 1231865 SUSE bug 1231868 SUSE bug 1231869 SUSE bug 1231871 SUSE bug 1231872 SUSE bug 1231901 SUSE bug 1231902 SUSE bug 1231903 SUSE bug 1231904 SUSE bug 1231906 SUSE bug 1231907 SUSE bug 1231908 SUSE bug 1231914 SUSE bug 1231916 SUSE bug 1231924 SUSE bug 1231926 SUSE bug 1231931 SUSE bug 1231935 SUSE bug 1231942 SUSE bug 1231944 SUSE bug 1231947 SUSE bug 1231950 SUSE bug 1231951 SUSE bug 1231953 SUSE bug 1231954 SUSE bug 1231955 SUSE bug 1231956 SUSE bug 1231957 SUSE bug 1231965 SUSE bug 1231967 SUSE bug 1231968 SUSE bug 1231987 SUSE bug 1231988 SUSE bug 1231989 SUSE bug 1231990 SUSE bug 1231998 SUSE bug 1232000 SUSE bug 1232003 SUSE bug 1232009 SUSE bug 1232013 SUSE bug 1232015 SUSE bug 1232016 SUSE bug 1232017 SUSE bug 1232018 SUSE bug 1232033 SUSE bug 1232034 SUSE bug 1232036 SUSE bug 1232043 SUSE bug 1232047 SUSE bug 1232048 SUSE bug 1232049 SUSE bug 1232050 SUSE bug 1232056 SUSE bug 1232075 SUSE bug 1232076 SUSE bug 1232079 SUSE bug 1232080 SUSE bug 1232083 SUSE bug 1232084 SUSE bug 1232085 SUSE bug 1232089 SUSE bug 1232093 SUSE bug 1232094 SUSE bug 1232097 SUSE bug 1232098 SUSE bug 1232105 SUSE bug 1232109 SUSE bug 1232111 SUSE bug 1232114 SUSE bug 1232116 SUSE bug 1232117 SUSE bug 1232124 SUSE bug 1232126 SUSE bug 1232127 SUSE bug 1232129 SUSE bug 1232130 SUSE bug 1232131 SUSE bug 1232132 SUSE bug 1232134 SUSE bug 1232135 SUSE bug 1232140 SUSE bug 1232141 SUSE bug 1232142 SUSE bug 1232145 SUSE bug 1232147 SUSE bug 1232148 SUSE bug 1232149 SUSE bug 1232151 SUSE bug 1232152 SUSE bug 1232154 SUSE bug 1232155 SUSE bug 1232156 SUSE bug 1232159 SUSE bug 1232160 SUSE bug 1232162 SUSE bug 1232164 SUSE bug 1232174 SUSE bug 1232180 SUSE bug 1232182 SUSE bug 1232183 SUSE bug 1232185 SUSE bug 1232187 SUSE bug 1232189 SUSE bug 1232192 SUSE bug 1232195 SUSE bug 1232196 SUSE bug 1232199 SUSE bug 1232200 SUSE bug 1232201 SUSE bug 1232208 SUSE bug 1232217 SUSE bug 1232218 SUSE bug 1232220 SUSE bug 1232221 SUSE bug 1232222 SUSE bug 1232232 SUSE bug 1232250 SUSE bug 1232251 SUSE bug 1232253 SUSE bug 1232254 SUSE bug 1232255 SUSE bug 1232256 SUSE bug 1232259 SUSE bug 1232260 SUSE bug 1232262 SUSE bug 1232263 SUSE bug 1232275 SUSE bug 1232279 SUSE bug 1232282 SUSE bug 1232285 SUSE bug 1232287 SUSE bug 1232295 SUSE bug 1232305 SUSE bug 1232307 SUSE bug 1232309 SUSE bug 1232310 SUSE bug 1232312 SUSE bug 1232313 SUSE bug 1232314 SUSE bug 1232315 SUSE bug 1232316 SUSE bug 1232317 SUSE bug 1232329 SUSE bug 1232332 SUSE bug 1232333 SUSE bug 1232334 SUSE bug 1232335 SUSE bug 1232337 SUSE bug 1232339 SUSE bug 1232340 SUSE bug 1232342 SUSE bug 1232345 SUSE bug 1232349 SUSE bug 1232352 SUSE bug 1232354 SUSE bug 1232355 SUSE bug 1232359 SUSE bug 1232362 SUSE bug 1232369 SUSE bug 1232370 SUSE bug 1232378 SUSE bug 1232381 SUSE bug 1232383 SUSE bug 1232392 SUSE bug 1232394 SUSE bug 1232395 SUSE bug 1232417 SUSE bug 1232418 SUSE bug 1232424 SUSE bug 1232427 SUSE bug 1232432 SUSE bug 1232435 SUSE bug 1232501 SUSE bug 1232502 SUSE bug 1232503 SUSE bug 1232504 SUSE bug 1232505 SUSE bug 1232506 SUSE bug 1232507 SUSE bug 1232511 SUSE bug 1232519 SUSE bug 1232520 SUSE bug 1232529 SUSE bug 1232552 SUSE bug 1232623 SUSE bug 1232626 SUSE bug 1232627 SUSE bug 1232628 SUSE bug 1232629 SUSE bug 1232757 SUSE bug 1232768 SUSE bug 1232819 CVE-2023-52766 at SUSE CVE-2023-52766 at NVD CVE-2023-52800 at SUSE CVE-2023-52800 at NVD CVE-2023-52881 at SUSE CVE-2023-52881 at NVD CVE-2023-52917 at SUSE CVE-2023-52917 at NVD CVE-2023-52918 at SUSE CVE-2023-52918 at NVD CVE-2023-52919 at SUSE CVE-2023-52919 at NVD CVE-2023-6270 at SUSE CVE-2023-6270 at NVD CVE-2024-26758 at SUSE CVE-2024-26758 at NVD CVE-2024-26761 at SUSE CVE-2024-26761 at NVD CVE-2024-26767 at SUSE CVE-2024-26767 at NVD CVE-2024-26943 at SUSE CVE-2024-26943 at NVD CVE-2024-27026 at SUSE CVE-2024-27026 at NVD CVE-2024-27043 at SUSE CVE-2024-27043 at NVD CVE-2024-35980 at SUSE CVE-2024-35980 at NVD CVE-2024-36244 at SUSE CVE-2024-36244 at NVD CVE-2024-38576 at SUSE CVE-2024-38576 at NVD CVE-2024-38577 at SUSE CVE-2024-38577 at NVD CVE-2024-38599 at SUSE CVE-2024-38599 at NVD CVE-2024-41016 at SUSE CVE-2024-41016 at NVD CVE-2024-41031 at SUSE CVE-2024-41031 at NVD CVE-2024-41047 at SUSE CVE-2024-41047 at NVD CVE-2024-41082 at SUSE CVE-2024-41082 at NVD CVE-2024-42145 at SUSE CVE-2024-42145 at NVD CVE-2024-44932 at SUSE CVE-2024-44932 at NVD CVE-2024-44958 at SUSE CVE-2024-44958 at NVD CVE-2024-44964 at SUSE CVE-2024-44964 at NVD CVE-2024-45016 at SUSE CVE-2024-45016 at NVD CVE-2024-45025 at SUSE CVE-2024-45025 at NVD CVE-2024-46678 at SUSE CVE-2024-46678 at NVD CVE-2024-46721 at SUSE CVE-2024-46721 at NVD CVE-2024-46754 at SUSE CVE-2024-46754 at NVD CVE-2024-46766 at SUSE CVE-2024-46766 at NVD CVE-2024-46770 at SUSE CVE-2024-46770 at NVD CVE-2024-46775 at SUSE CVE-2024-46775 at NVD CVE-2024-46777 at SUSE CVE-2024-46777 at NVD CVE-2024-46797 at SUSE CVE-2024-46797 at NVD CVE-2024-46802 at SUSE CVE-2024-46802 at NVD CVE-2024-46803 at SUSE CVE-2024-46803 at NVD CVE-2024-46804 at SUSE CVE-2024-46804 at NVD CVE-2024-46805 at SUSE CVE-2024-46805 at NVD CVE-2024-46806 at SUSE CVE-2024-46806 at NVD CVE-2024-46807 at SUSE CVE-2024-46807 at NVD CVE-2024-46809 at SUSE CVE-2024-46809 at NVD CVE-2024-46810 at SUSE CVE-2024-46810 at NVD CVE-2024-46811 at SUSE CVE-2024-46811 at NVD CVE-2024-46812 at SUSE CVE-2024-46812 at NVD CVE-2024-46813 at SUSE CVE-2024-46813 at NVD CVE-2024-46814 at SUSE CVE-2024-46814 at NVD CVE-2024-46815 at SUSE CVE-2024-46815 at NVD CVE-2024-46816 at SUSE CVE-2024-46816 at NVD CVE-2024-46817 at SUSE CVE-2024-46817 at NVD CVE-2024-46818 at SUSE CVE-2024-46818 at NVD CVE-2024-46819 at SUSE CVE-2024-46819 at NVD CVE-2024-46821 at SUSE CVE-2024-46821 at NVD CVE-2024-46825 at SUSE CVE-2024-46825 at NVD CVE-2024-46826 at SUSE CVE-2024-46826 at NVD CVE-2024-46827 at SUSE CVE-2024-46827 at NVD CVE-2024-46828 at SUSE CVE-2024-46828 at NVD CVE-2024-46830 at SUSE CVE-2024-46830 at NVD CVE-2024-46831 at SUSE CVE-2024-46831 at NVD CVE-2024-46834 at SUSE CVE-2024-46834 at NVD CVE-2024-46835 at SUSE CVE-2024-46835 at NVD CVE-2024-46836 at SUSE CVE-2024-46836 at NVD CVE-2024-46840 at SUSE CVE-2024-46840 at NVD CVE-2024-46841 at SUSE CVE-2024-46841 at NVD CVE-2024-46842 at SUSE CVE-2024-46842 at NVD CVE-2024-46843 at SUSE CVE-2024-46843 at NVD CVE-2024-46846 at SUSE CVE-2024-46846 at NVD CVE-2024-46848 at SUSE CVE-2024-46848 at NVD CVE-2024-46849 at SUSE CVE-2024-46849 at NVD CVE-2024-46851 at SUSE CVE-2024-46851 at NVD CVE-2024-46852 at SUSE CVE-2024-46852 at NVD CVE-2024-46853 at SUSE CVE-2024-46853 at NVD CVE-2024-46854 at SUSE CVE-2024-46854 at NVD CVE-2024-46855 at SUSE CVE-2024-46855 at NVD CVE-2024-46857 at SUSE CVE-2024-46857 at NVD CVE-2024-46859 at SUSE CVE-2024-46859 at NVD CVE-2024-46860 at SUSE CVE-2024-46860 at NVD CVE-2024-46861 at SUSE CVE-2024-46861 at NVD CVE-2024-46864 at SUSE CVE-2024-46864 at NVD CVE-2024-46870 at SUSE CVE-2024-46870 at NVD CVE-2024-46871 at SUSE CVE-2024-46871 at NVD CVE-2024-47658 at SUSE CVE-2024-47658 at NVD CVE-2024-47660 at SUSE CVE-2024-47660 at NVD CVE-2024-47661 at SUSE CVE-2024-47661 at NVD CVE-2024-47662 at SUSE CVE-2024-47662 at NVD CVE-2024-47663 at SUSE CVE-2024-47663 at NVD CVE-2024-47664 at SUSE CVE-2024-47664 at NVD CVE-2024-47665 at SUSE CVE-2024-47665 at NVD CVE-2024-47667 at SUSE CVE-2024-47667 at NVD CVE-2024-47668 at SUSE CVE-2024-47668 at NVD CVE-2024-47669 at SUSE CVE-2024-47669 at NVD CVE-2024-47670 at SUSE CVE-2024-47670 at NVD CVE-2024-47671 at SUSE CVE-2024-47671 at NVD CVE-2024-47672 at SUSE CVE-2024-47672 at NVD CVE-2024-47673 at SUSE CVE-2024-47673 at NVD CVE-2024-47674 at SUSE CVE-2024-47674 at NVD CVE-2024-47675 at SUSE CVE-2024-47675 at NVD CVE-2024-47681 at SUSE CVE-2024-47681 at NVD CVE-2024-47682 at SUSE CVE-2024-47682 at NVD CVE-2024-47684 at SUSE CVE-2024-47684 at NVD CVE-2024-47685 at SUSE CVE-2024-47685 at NVD CVE-2024-47686 at SUSE CVE-2024-47686 at NVD CVE-2024-47687 at SUSE CVE-2024-47687 at NVD CVE-2024-47688 at SUSE CVE-2024-47688 at NVD CVE-2024-47692 at SUSE CVE-2024-47692 at NVD CVE-2024-47693 at SUSE CVE-2024-47693 at NVD CVE-2024-47695 at SUSE CVE-2024-47695 at NVD CVE-2024-47696 at SUSE CVE-2024-47696 at NVD CVE-2024-47697 at SUSE CVE-2024-47697 at NVD CVE-2024-47698 at SUSE CVE-2024-47698 at NVD CVE-2024-47699 at SUSE CVE-2024-47699 at NVD CVE-2024-47702 at SUSE CVE-2024-47702 at NVD CVE-2024-47704 at SUSE CVE-2024-47704 at NVD CVE-2024-47705 at SUSE CVE-2024-47705 at NVD CVE-2024-47706 at SUSE CVE-2024-47706 at NVD CVE-2024-47707 at SUSE CVE-2024-47707 at NVD CVE-2024-47709 at SUSE CVE-2024-47709 at NVD CVE-2024-47710 at SUSE CVE-2024-47710 at NVD CVE-2024-47712 at SUSE CVE-2024-47712 at NVD CVE-2024-47713 at SUSE CVE-2024-47713 at NVD CVE-2024-47714 at SUSE CVE-2024-47714 at NVD CVE-2024-47715 at SUSE CVE-2024-47715 at NVD CVE-2024-47718 at SUSE CVE-2024-47718 at NVD CVE-2024-47719 at SUSE CVE-2024-47719 at NVD CVE-2024-47720 at SUSE CVE-2024-47720 at NVD CVE-2024-47723 at SUSE CVE-2024-47723 at NVD CVE-2024-47727 at SUSE CVE-2024-47727 at NVD CVE-2024-47728 at SUSE CVE-2024-47728 at NVD CVE-2024-47730 at SUSE CVE-2024-47730 at NVD CVE-2024-47731 at SUSE CVE-2024-47731 at NVD CVE-2024-47732 at SUSE CVE-2024-47732 at NVD CVE-2024-47735 at SUSE CVE-2024-47735 at NVD CVE-2024-47737 at SUSE CVE-2024-47737 at NVD CVE-2024-47738 at SUSE CVE-2024-47738 at NVD CVE-2024-47739 at SUSE CVE-2024-47739 at NVD CVE-2024-47741 at SUSE CVE-2024-47741 at NVD CVE-2024-47742 at SUSE CVE-2024-47742 at NVD CVE-2024-47743 at SUSE CVE-2024-47743 at NVD CVE-2024-47744 at SUSE CVE-2024-47744 at NVD CVE-2024-47745 at SUSE CVE-2024-47745 at NVD CVE-2024-47747 at SUSE CVE-2024-47747 at NVD CVE-2024-47748 at SUSE CVE-2024-47748 at NVD CVE-2024-47749 at SUSE CVE-2024-47749 at NVD CVE-2024-47750 at SUSE CVE-2024-47750 at NVD CVE-2024-47751 at SUSE CVE-2024-47751 at NVD CVE-2024-47752 at SUSE CVE-2024-47752 at NVD CVE-2024-47753 at SUSE CVE-2024-47753 at NVD CVE-2024-47754 at SUSE CVE-2024-47754 at NVD CVE-2024-47756 at SUSE CVE-2024-47756 at NVD CVE-2024-47757 at SUSE CVE-2024-47757 at NVD CVE-2024-49850 at SUSE CVE-2024-49850 at NVD CVE-2024-49851 at SUSE CVE-2024-49851 at NVD CVE-2024-49852 at SUSE CVE-2024-49852 at NVD CVE-2024-49853 at SUSE CVE-2024-49853 at NVD CVE-2024-49855 at SUSE CVE-2024-49855 at NVD CVE-2024-49858 at SUSE CVE-2024-49858 at NVD CVE-2024-49860 at SUSE CVE-2024-49860 at NVD CVE-2024-49861 at SUSE CVE-2024-49861 at NVD CVE-2024-49862 at SUSE CVE-2024-49862 at NVD CVE-2024-49863 at SUSE CVE-2024-49863 at NVD CVE-2024-49864 at SUSE CVE-2024-49864 at NVD CVE-2024-49866 at SUSE CVE-2024-49866 at NVD CVE-2024-49867 at SUSE CVE-2024-49867 at NVD CVE-2024-49870 at SUSE CVE-2024-49870 at NVD CVE-2024-49871 at SUSE CVE-2024-49871 at NVD CVE-2024-49874 at SUSE CVE-2024-49874 at NVD CVE-2024-49875 at SUSE CVE-2024-49875 at NVD CVE-2024-49877 at SUSE CVE-2024-49877 at NVD CVE-2024-49878 at SUSE CVE-2024-49878 at NVD CVE-2024-49879 at SUSE CVE-2024-49879 at NVD CVE-2024-49881 at SUSE CVE-2024-49881 at NVD CVE-2024-49882 at SUSE CVE-2024-49882 at NVD CVE-2024-49883 at SUSE CVE-2024-49883 at NVD CVE-2024-49886 at SUSE CVE-2024-49886 at NVD CVE-2024-49888 at SUSE CVE-2024-49888 at NVD CVE-2024-49890 at SUSE CVE-2024-49890 at NVD CVE-2024-49891 at SUSE CVE-2024-49891 at NVD CVE-2024-49892 at SUSE CVE-2024-49892 at NVD CVE-2024-49894 at SUSE CVE-2024-49894 at NVD CVE-2024-49895 at SUSE CVE-2024-49895 at NVD CVE-2024-49896 at SUSE CVE-2024-49896 at NVD CVE-2024-49897 at SUSE CVE-2024-49897 at NVD CVE-2024-49898 at SUSE CVE-2024-49898 at NVD CVE-2024-49900 at SUSE CVE-2024-49900 at NVD CVE-2024-49901 at SUSE CVE-2024-49901 at NVD CVE-2024-49902 at SUSE CVE-2024-49902 at NVD CVE-2024-49903 at SUSE CVE-2024-49903 at NVD CVE-2024-49906 at SUSE CVE-2024-49906 at NVD CVE-2024-49907 at SUSE CVE-2024-49907 at NVD CVE-2024-49908 at SUSE CVE-2024-49908 at NVD CVE-2024-49909 at SUSE CVE-2024-49909 at NVD CVE-2024-49913 at SUSE CVE-2024-49913 at NVD CVE-2024-49914 at SUSE CVE-2024-49914 at NVD CVE-2024-49917 at SUSE CVE-2024-49917 at NVD CVE-2024-49918 at SUSE CVE-2024-49918 at NVD CVE-2024-49919 at SUSE CVE-2024-49919 at NVD CVE-2024-49920 at SUSE CVE-2024-49920 at NVD CVE-2024-49928 at SUSE CVE-2024-49928 at NVD CVE-2024-49929 at SUSE CVE-2024-49929 at NVD CVE-2024-49930 at SUSE CVE-2024-49930 at NVD CVE-2024-49931 at SUSE CVE-2024-49931 at NVD CVE-2024-49935 at SUSE CVE-2024-49935 at NVD CVE-2024-49936 at SUSE CVE-2024-49936 at NVD CVE-2024-49937 at SUSE CVE-2024-49937 at NVD CVE-2024-49938 at SUSE CVE-2024-49938 at NVD CVE-2024-49939 at SUSE CVE-2024-49939 at NVD CVE-2024-49946 at SUSE CVE-2024-49946 at NVD CVE-2024-49947 at SUSE CVE-2024-49947 at NVD CVE-2024-49949 at SUSE CVE-2024-49949 at NVD CVE-2024-49950 at SUSE CVE-2024-49950 at NVD CVE-2024-49953 at SUSE CVE-2024-49953 at NVD CVE-2024-49954 at SUSE CVE-2024-49954 at NVD CVE-2024-49955 at SUSE CVE-2024-49955 at NVD CVE-2024-49957 at SUSE CVE-2024-49957 at NVD CVE-2024-49958 at SUSE CVE-2024-49958 at NVD CVE-2024-49959 at SUSE CVE-2024-49959 at NVD CVE-2024-49960 at SUSE CVE-2024-49960 at NVD CVE-2024-49961 at SUSE CVE-2024-49961 at NVD CVE-2024-49962 at SUSE CVE-2024-49962 at NVD CVE-2024-49963 at SUSE CVE-2024-49963 at NVD CVE-2024-49965 at SUSE CVE-2024-49965 at NVD CVE-2024-49966 at SUSE CVE-2024-49966 at NVD CVE-2024-49967 at SUSE CVE-2024-49967 at NVD CVE-2024-49969 at SUSE CVE-2024-49969 at NVD CVE-2024-49972 at SUSE CVE-2024-49972 at NVD CVE-2024-49973 at SUSE CVE-2024-49973 at NVD CVE-2024-49974 at SUSE CVE-2024-49974 at NVD CVE-2024-49981 at SUSE CVE-2024-49981 at NVD CVE-2024-49982 at SUSE CVE-2024-49982 at NVD CVE-2024-49985 at SUSE CVE-2024-49985 at NVD CVE-2024-49986 at SUSE CVE-2024-49986 at NVD CVE-2024-49991 at SUSE CVE-2024-49991 at NVD CVE-2024-49993 at SUSE CVE-2024-49993 at NVD CVE-2024-49995 at SUSE CVE-2024-49995 at NVD CVE-2024-49996 at SUSE CVE-2024-49996 at NVD CVE-2024-50000 at SUSE CVE-2024-50000 at NVD CVE-2024-50001 at SUSE CVE-2024-50001 at NVD CVE-2024-50002 at SUSE CVE-2024-50002 at NVD CVE-2024-50007 at SUSE CVE-2024-50007 at NVD CVE-2024-50008 at SUSE CVE-2024-50008 at NVD CVE-2024-50013 at SUSE CVE-2024-50013 at NVD CVE-2024-50015 at SUSE CVE-2024-50015 at NVD CVE-2024-50017 at SUSE CVE-2024-50017 at NVD CVE-2024-50019 at SUSE CVE-2024-50019 at NVD CVE-2024-50020 at SUSE CVE-2024-50020 at NVD CVE-2024-50021 at SUSE CVE-2024-50021 at NVD CVE-2024-50022 at SUSE CVE-2024-50022 at NVD CVE-2024-50023 at SUSE CVE-2024-50023 at NVD CVE-2024-50024 at SUSE CVE-2024-50024 at NVD CVE-2024-50025 at SUSE CVE-2024-50025 at NVD CVE-2024-50027 at SUSE CVE-2024-50027 at NVD CVE-2024-50028 at SUSE CVE-2024-50028 at NVD CVE-2024-50031 at SUSE CVE-2024-50031 at NVD CVE-2024-50033 at SUSE CVE-2024-50033 at NVD CVE-2024-50035 at SUSE CVE-2024-50035 at NVD CVE-2024-50040 at SUSE CVE-2024-50040 at NVD CVE-2024-50041 at SUSE CVE-2024-50041 at NVD CVE-2024-50042 at SUSE CVE-2024-50042 at NVD CVE-2024-50044 at SUSE CVE-2024-50044 at NVD CVE-2024-50045 at SUSE CVE-2024-50045 at NVD CVE-2024-50046 at SUSE CVE-2024-50046 at NVD CVE-2024-50047 at SUSE CVE-2024-50047 at NVD CVE-2024-50048 at SUSE CVE-2024-50048 at NVD CVE-2024-50049 at SUSE CVE-2024-50049 at NVD CVE-2024-50055 at SUSE CVE-2024-50055 at NVD CVE-2024-50058 at SUSE CVE-2024-50058 at NVD CVE-2024-50059 at SUSE CVE-2024-50059 at NVD CVE-2024-50060 at SUSE CVE-2024-50060 at NVD CVE-2024-50061 at SUSE CVE-2024-50061 at NVD CVE-2024-50062 at SUSE CVE-2024-50062 at NVD CVE-2024-50063 at SUSE CVE-2024-50063 at NVD CVE-2024-50064 at SUSE CVE-2024-50064 at NVD CVE-2024-50069 at SUSE CVE-2024-50069 at NVD CVE-2024-50073 at SUSE CVE-2024-50073 at NVD CVE-2024-50074 at SUSE CVE-2024-50074 at NVD CVE-2024-50075 at SUSE CVE-2024-50075 at NVD CVE-2024-50076 at SUSE CVE-2024-50076 at NVD CVE-2024-50077 at SUSE CVE-2024-50077 at NVD CVE-2024-50078 at SUSE CVE-2024-50078 at NVD CVE-2024-50080 at SUSE CVE-2024-50080 at NVD CVE-2024-50081 at SUSE CVE-2024-50081 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-36244: net/sched: taprio: extend minimum interval restriction to entire cycle too (bsc#1226797). - CVE-2024-41031: mm/filemap: skip to create PMD-sized page cache if needed (bsc#1228454). - CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620). - CVE-2024-44958: sched/smt: Fix unbalance sched_smt_present dec/inc (bsc#1230179). - CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429). - CVE-2024-45025: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (bsc#1230456). - CVE-2024-46678: bonding: change ipsec_lock from spin lock to mutex (bsc#1230550). - CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710) - CVE-2024-46754: bpf: Remove tst_run from lwt_seg6local_prog_ops (bsc#1230801). - CVE-2024-46766: ice: move netif_queue_set_napi to rtnl-protected sections (bsc#1230762). - CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763). - CVE-2024-46775: drm/amd/display: Validate function returns (bsc#1230774). - CVE-2024-46777: udf: Avoid excessive partition lengths (bsc#1230773). - CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191). - CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197). - CVE-2024-46826: ELF: fix kernel.randomize_va_space double read (bsc#1231115). - CVE-2024-46828: uprobes: fix kernel info leak via '[uprobes]' vma (bsc#1231114). - CVE-2024-46831: net: microchip: vcap: Fix use-after-free error in kunit test (bsc#1231117). - CVE-2024-46834: ethtool: fail closed if we can't get max channel used in indirection tables (bsc#1231096). - CVE-2024-46840: btrfs: clean up our handling of refs == 0 in snapshot delete (bsc#1231105). - CVE-2024-46841: btrfs: do not BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() (bsc#1231094). - CVE-2024-46843: scsi: ufs: core: Remove SCSI host only if added (bsc#1231100). - CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084). - CVE-2024-46855: netfilter: nft_socket: fix sk refcount leaks (bsc#1231085). - CVE-2024-46857: net/mlx5: Fix bridge mode operations when there are no VFs (bsc#1231087). - CVE-2024-46870: drm/amd/display: Disable DMCUB timeout for DCN35 (bsc#1231435). - CVE-2024-47658: crypto: stm32/cryp - call finalize with bh disabled (bsc#1231436). - CVE-2024-47660: fsnotify: clear PARENT_WATCHED flags lazily (bsc#1231439). - CVE-2024-47664: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware (bsc#1231442). - CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673). - CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987). - CVE-2024-47685: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (bsc#1231998). - CVE-2024-47687: vdpa/mlx5: Fix invalid mr resource destroy (bsc#1232003). - CVE-2024-47692: nfsd: return -EINVAL when namelen is 0 (bsc#1231857). - CVE-2024-47704: drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944). - CVE-2024-47705: block: fix potential invalid pointer dereference in blk_add_partition (bsc#1231872). - CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942). - CVE-2024-47707: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (bsc#1231935). - CVE-2024-47710: sock_map: Add a cond_resched() in sock_hash_free() (bsc#1232049). - CVE-2024-47727: x86/tdx: Fix 'in-kernel MMIO' check (bsc#1232116). - CVE-2024-47730: crypto: hisilicon/qm - inject error before stopping queue (bsc#1232075). - CVE-2024-47731: drivers/perf: Fix ali_drw_pmu driver interrupt status clearing (bsc#1232117). - CVE-2024-47739: padata: use integer wrap around to prevent deadlock on seq_nr overflow (bsc#1232124). - CVE-2024-47741: btrfs: fix race setting file private on concurrent lseek using same fd (bsc#1231869). - CVE-2024-47745: mm: split critical region in remap_file_pages() and invoke LSMs in between (bsc#1232135). - CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145). - CVE-2024-47752: media: mediatek: vcodec: Fix H264 stateless decoder smatch warning (bsc#1232130). - CVE-2024-47753: media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning (bsc#1231868). - CVE-2024-47754: media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning (bsc#1232131). - CVE-2024-49864: rxrpc: Fix a race between socket set up and I/O thread creation (bsc#1232256). - CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner kthread during umount (bsc#1232262). - CVE-2024-49882: ext4: fix double brelse() the buffer of the extents path (bsc#1232200). - CVE-2024-49888: bpf: Fix a sdiv overflow issue (bsc#1232208). - CVE-2024-49890: drm/amd/pm: ensure the fw_info is not null before using it (bsc#1232217). - CVE-2024-49892: drm/amd/display: Initialize get_bytes_per_element's default to 1 (bsc#1232220). - CVE-2024-49896: drm/amd/display: Check stream before comparing them (bsc#1232221). - CVE-2024-49898: drm/amd/display: Check null-initialized variables (bsc#1232222). - CVE-2024-49906: drm/amd/display: Check null pointer before try to access it (bsc#1232332). - CVE-2024-49907: drm/amd/display: Check null pointers before using dc->clk_mgr (bsc#1232334). - CVE-2024-49908: drm/amd/display: Add null check for 'afb' in amdgpu_dm_update_cursor (bsc#1232335). - CVE-2024-49914: drm/amd/display: Add null check for pipe_ctx->plane_state in (bsc#1232369). - CVE-2024-49917: drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw (bsc#1231965). - CVE-2024-49918: drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer (bsc#1231967). - CVE-2024-49919: drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer (bsc#1231968). - CVE-2024-49920: drm/amd/display: Check null pointers before multiple uses (bsc#1232313). - CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424). - CVE-2024-49946: ppp: do not assume bh is held in ppp_channel_bridge_input() (bsc#1232164). - CVE-2024-49949: net: avoid potential underflow in qdisc_pkt_len_init() with UFO (bsc#1232160). - CVE-2024-49950: Bluetooth: L2CAP: Fix uaf in l2cap_connect (bsc#1232159). - CVE-2024-49953: net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice (bsc#1232156). - CVE-2024-49954: static_call: Replace pointless WARN_ON() in static_call_module_notify() (bsc#1232155). - CVE-2024-49958: ocfs2: reserve space for inline xattr before attaching reflink tree (bsc#1232151). - CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395). - CVE-2024-49967: ext4: no need to continue when the number of entries is 1 (bsc#1232140). - CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519). - CVE-2024-49972: drm/amd/display: Deallocate DML memory if allocation fails (bsc#1232315). - CVE-2024-49973: r8169: add tally counter fields added with RTL8125 (bsc#1232105). - CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383). - CVE-2024-49986: platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors (bsc#1232093). - CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282). - CVE-2024-49993: iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count (bsc#1232316). - CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432). - CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089). - CVE-2024-50000: net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (bsc#1232085). - CVE-2024-50001: net/mlx5: Fix error path in multi-packet WQE transmit (bsc#1232084). - CVE-2024-50002: static_call: Handle module init failure correctly in static_call_del_module() (bsc#1232083). - CVE-2024-50020: ice: Fix improper handling of refcount in ice_sriov_set_msix_vec_count() (bsc#1231989). - CVE-2024-50021: ice: Fix improper handling of refcount in ice_dpll_init_rclk_pins() (bsc#1231957). - CVE-2024-50022: device-dax: correct pgoff align in dax_set_mapping() (bsc#1231956). - CVE-2024-50024: net: Fix an unsafe loop on the list (bsc#1231954). - CVE-2024-50027: thermal: core: Free tzp copy along with the thermal zone (bsc#1231951). - CVE-2024-50028: thermal: core: Reference count the zone in thermal_zone_get_by_id() (bsc#1231950). - CVE-2024-50033: slip: make slhc_remember() more robust against malicious packets (bsc#1231914). - CVE-2024-50035: ppp: fix ppp_async_encode() illegal access (bsc#1232392). - CVE-2024-50040: igb: Do not bring the device up after non-fatal error (bsc#1231908). - CVE-2024-50041: i40e: Fix macvlan leak by synchronizing access to mac_filter_hash (bsc#1231907). - CVE-2024-50042: ice: Fix increasing MSI-X on VF (bsc#1231906). - CVE-2024-50045: netfilter: br_netfilter: fix panic with metadata_dst skb (bsc#1231903). - CVE-2024-50046: kabi fix for NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (bsc#1231902). - CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418). - CVE-2024-50059: ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (bsc#1232345). - CVE-2024-50060: io_uring: check if we need to reschedule during overflow flush (bsc#1232417). - CVE-2024-50063: kABI: bpf: struct bpf_map kABI workaround (bsc#1232435). - CVE-2024-50064: zram: do not free statically defined names (bsc#1231901). The following non-security bugs were fixed: - 9p: explicitly deny setlease attempts (git-fixes). - ACPI: CPPC: Add support for setting EPP register in FFH (stable-fixes). - ACPI: CPPC: Make rmw_lock a raw_spin_lock (git-fixes). - ACPI: EC: Do not release locks during operation region accesses (stable-fixes). - ACPI: PAD: fix crash in exit_round_robin() (stable-fixes). - ACPI: PRM: Clean up guid type in struct prm_handler_info (git-fixes). - ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (git-fixes). - ACPI: battery: Fix possible crash when unregistering a battery hook (git-fixes). - ACPI: battery: Simplify battery hook locking (stable-fixes). - ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue (stable-fixes). - ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] (stable-fixes). - ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] (stable-fixes). - ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[] (stable-fixes). - ACPI: resource: Add another DMI match for the TongFang GMxXGxx (stable-fixes). - ACPI: video: Add force_vendor quirk for Panasonic Toughbook CF-18 (stable-fixes). - ACPICA: Fix memory leak if acpi_ps_get_next_field() fails (stable-fixes). - ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails (stable-fixes). - ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (stable-fixes). - ACPICA: iasl: handle empty connection_node (stable-fixes). - ALSA/hda: intel-sdw-acpi: cleanup sdw_intel_scan_controller (stable-fixes). - ALSA/hda: intel-sdw-acpi: fetch fwnode once in sdw_intel_scan_controller() (stable-fixes). - ALSA/hda: intel-sdw-acpi: simplify sdw-master-count property read (stable-fixes). - ALSA: Reorganize kerneldoc parameter names (stable-fixes). - ALSA: asihpi: Fix potential OOB array access (stable-fixes). - ALSA: core: add isascii() check to card ID generator (stable-fixes). - ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (git-fixes). - ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2 (stable-fixes). - ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2 (git-fixes). - ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin (git-fixes). - ALSA: hda/conexant: fix some typos (stable-fixes). - ALSA: hda/cs8409: Fix possible NULL dereference (git-fixes). - ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs (bsc#1219803). - ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200 (stable-fixes). - ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 (stable-fixes). - ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 (stable-fixes). - ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13 (stable-fixes). - ALSA: hda/realtek: Enable mic on Vaio VJFH52 (stable-fixes). - ALSA: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3 (stable-fixes). - ALSA: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1 (stable-fixes). - ALSA: hda/realtek: Fix the push button function for the ALC257 (git-fixes). - ALSA: hda/realtek: Limit internal Mic boost on Dell platform (stable-fixes). - ALSA: hda/realtek: Refactor and simplify Samsung Galaxy Book init (stable-fixes). - ALSA: hda/realtek: Update default depop procedure (git-fixes). - ALSA: hda/realtek: fix mute/micmute LED for HP mt645 G8 (stable-fixes). - ALSA: hda/realtek: tas2781: Fix ROG ALLY X audio (stable-fixes). - ALSA: hda/tas2781: Add new quirk for Lenovo Y990 Laptop (stable-fixes). - ALSA: hda/tas2781: Add new quirk for Lenovo, ASUS, Dell projects (stable-fixes). - ALSA: hda/tas2781: select CRC32 instead of CRC32_SARWATE (git-fixes). - ALSA: hda: Sound support for HP Spectre x360 16 inch model 2024 (stable-fixes). - ALSA: hda: tas2781: Fix missing setup at runtime PM (bsc#1230132). - ALSA: hdsp: Break infinite MIDI input flush loop (stable-fixes). - ALSA: line6: add hw monitor volume control to POD HD500X (stable-fixes). - ALSA: line6: update contact information (stable-fixes). - ALSA: mixer_oss: Remove some incorrect kfree_const() usages (git-fixes). - ALSA: silence integer wrapping warning (stable-fixes). - ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET (stable-fixes). - ALSA: usb-audio: Add input value sanity checks for standard types (stable-fixes). - ALSA: usb-audio: Add logitech Audio profile quirk (stable-fixes). - ALSA: usb-audio: Add native DSD support for Luxman D-08u (stable-fixes). - ALSA: usb-audio: Add quirk for HP 320 FHD Webcam (bsc#1232768). - ALSA: usb-audio: Add quirks for Dell WD19 dock (stable-fixes). - ALSA: usb-audio: Define macros for quirk table entries (stable-fixes). - ALSA: usb-audio: Replace complex quirk lines with macros (stable-fixes). - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet (stable-fixes). - ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated codec (stable-fixes). - ASoC: Intel: sst: Fix used of uninitialized ctx to log an error (git-fixes). - ASoC: Intel: sst: Support LPE0F28 ACPI HID (stable-fixes). - ASoC: amd: yc: Add quirk for HP Dragonfly pro one (stable-fixes). - ASoC: atmel: mchp-pdmc: Skip ALSA restoration if substream runtime is uninitialized (git-fixes). - ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values (stable-fixes). - ASoC: codecs: rt5640: Always disable IRQs from rt5640_cancel_work() (stable-fixes). - ASoC: codecs: wsa883x: Handle reading version failure (stable-fixes). - ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() (git-fixes). - ASoC: dapm: fix bounds checker error in dapm_widget_list_create (git-fixes). - ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit (stable-fixes). - ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m (git-fixes). - ASoC: max98388: Fix missing increment of variable slot_found (git-fixes). - ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() (git-fixes). - ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string (stable-fixes). - ASoC: tas2781: Use of_property_read_reg() (stable-fixes). - Bluetooth: Call iso_exit() on module unload (git-fixes). - Bluetooth: ISO: Fix multiple init when debugfs is disabled (git-fixes). - Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change (git-fixes). - Bluetooth: Remove debugfs directory on module init failure (git-fixes). - Bluetooth: bnep: fix wild-memory-access in proto_unregister (git-fixes). - Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0489:0xe122 (stable-fixes). - Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 (git-fixes). - Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs (git-fixes). - Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (git-fixes). - Drop USB dwc2 patch that caused a regression on RPi3 (bsc#1232342) - Drop the previous HD-audio TAS2781 fix (bsc#1230132) The proposed fix turned out to be incorrect - HID: Ignore battery for all ELAN I2C-HID devices (stable-fixes). - HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() (git-fixes). - HID: i2c-hid: Remove I2C_HID_QUIRK_SET_PWR_WAKEUP_DEV quirk (stable-fixes). - HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio (stable-fixes). - HID: multitouch: Add support for lenovo Y9000P Touchpad (stable-fixes). - HID: plantronics: Workaround for an unexcepted opposite volume key (stable-fixes). - Input: adp5589-keys - fix NULL pointer dereference (git-fixes). - Input: adp5589-keys - fix adp5589_gpio_get_value() (git-fixes). - Input: edt-ft5x06 - fix regmap leak when probe fails (git-fixes). - Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table (stable-fixes). - Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table (stable-fixes). - Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line (stable-fixes). - KVM: Fix coalesced_mmio_has_room() to avoid premature userspace exit (git-fixes). - KVM: SVM: Disallow guest from changing userspace's MSR_AMD64_DE_CFG value (git-fixes). - KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock (git-fixes). - KVM: VMX: Also clear SGX EDECCSSA in KVM CPU caps when SGX is disabled (git-fixes). - KVM: VMX: Set PFERR_GUEST_{FINAL,PAGE}_MASK if and only if the GVA is valid (git-fixes). - KVM: Write the per-page 'segment' when clearing (part of) a guest page (git-fixes). - KVM: s390: Change virtual to physical address access in diag 0x258 handler (git-fixes bsc#1232626). - KVM: s390: Fix SORTL and DFLTCC instruction format error in __insn32_query (git-fixes bsc#1231276). - KVM: s390: gaccess: Check if guest address is in memslot (git-fixes bsc#1232623). - KVM: x86/mmu: Skip emulation on page fault iff 1+ SPs were unprotected (git-fixes). - KVM: x86/mmu: Trigger unprotect logic only on write-protection page faults (git-fixes). - KVM: x86: Dedup fastpath MSR post-handling logic (git-fixes). - KVM: x86: Enforce x2APIC's must-be-zero reserved ICR bits (git-fixes). - KVM: x86: Exit to userspace if fastpath triggers one on instruction skip (git-fixes). - KVM: x86: Move x2APIC ICR helper above kvm_apic_write_nodecode() (git-fixes). - KVM: x86: Re-enter guest if WRMSR(X2APIC_ICR) fastpath is successful (git-fixes). - KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) (git-fixes). - NFS: Avoid unnecessary rescanning of the per-server delegation list (git-fixes). - NFSD: Fix NFSv4's PUTPUBFH operation (git-fixes). - NFSD: Mark filecache 'down' if init fails (git-fixes). - NFSv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016). - NFSv4: Fix clearing of layout segments in layoutreturn (git-fixes). - PCI: Add ACS quirk for Qualcomm SA8775P (stable-fixes). - PCI: Add function 0 DMA alias quirk for Glenfly Arise chip (stable-fixes). - PCI: Fix pci_enable_acs() support for the ACS quirks (bsc#1229019). - PCI: Mark Creative Labs EMU20k2 INTx masking as broken (stable-fixes). - RAS/AMD/ATL: Add amd_atl pr_fmt() prefix (jsc#PED-10559). - RAS/AMD/ATL: Expand helpers for adding and removing base and hole (jsc#PED-10559). - RAS/AMD/ATL: Implement DF 4.5 NP2 denormalization (jsc#PED-10559). - RAS/AMD/ATL: Read DRAM hole base early (jsc#PED-10559). - RAS/AMD/ATL: Validate address map when information is gathered (jsc#PED-10559). - RDMA/bnxt_re: Add a check for memory allocation (git-fixes) - RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop (git-fixes) - RDMA/bnxt_re: Change the sequence of updating the CQ toggle value (git-fixes) - RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (git-fixes) - RDMA/bnxt_re: Fix a possible memory leak (git-fixes) - RDMA/bnxt_re: Fix incorrect AVID type in WQE structure (git-fixes) - RDMA/bnxt_re: Fix incorrect dereference of srq in async event (git-fixes) - RDMA/bnxt_re: Fix out of bound check (git-fixes) - RDMA/bnxt_re: Fix the GID table length (git-fixes) - RDMA/bnxt_re: Fix the max CQ WQEs for older adapters (git-fixes) - RDMA/bnxt_re: Fix the usage of control path spin locks (git-fixes) - RDMA/bnxt_re: Return more meaningful error (git-fixes) - RDMA/bnxt_re: synchronize the qp-handle table array (git-fixes) - RDMA/core: Fix ENODEV error for iWARP test over vlan (git-fixes) - RDMA/cxgb4: Dump vendor specific QP details (git-fixes) - RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (git-fixes) - RDMA/irdma: Fix misspelling of 'accept*' (git-fixes) - RDMA/mad: Improve handling of timed out WRs of mad agent (git-fixes) - RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page (git-fixes). - RDMA/mana_ib: use the correct page table index based on hardware page size (git-fixes). - RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults (git-fixes) - RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down (git-fixes) - RDMA/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled (git-fixes). - RDMA/rtrs-srv: Avoid null pointer deref during path establishment (git-fixes) - RDMA/srpt: Make slab cache names unique (git-fixes) - Revert 'ALSA: hda/conexant: Mute speakers at suspend / shutdown' (bsc#1228269). - Revert 'ALSA: hda: Conditionally use snooping for AMD HDMI' (stable-fixes). - Revert 'KEYS: encrypted: Add check for strsep' (git-fixes). - Revert 'driver core: Fix uevent_show() vs driver detach race' (git-fixes). - Revert 'ixgbe: Manual AN-37 for troublesome link partners for X550 SFI' (git-fixes). - Revert 'ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path' (git-fixes). - Revert 'wifi: iwlwifi: remove retry loops in start' (git-fixes). - SUNRPC: Fix integer overflow in decode_rc_list() (git-fixes). - SUNRPC: Fixup gss_status tracepoint error output (git-fixes). - SUNRPC: clnt.c: Remove misleading comment (git-fixes). - USB: appledisplay: close race between probe and completion handler (git-fixes). - USB: misc: cypress_cy7c63: check for short transfer (git-fixes). - USB: misc: yurex: fix race between read and write (git-fixes). - USB: serial: option: add Telit FN920C04 MBIM compositions (stable-fixes). - USB: serial: option: add support for Quectel EG916Q-GL (stable-fixes). - Use pahole -j1 option for reproducible builds (bsc#1230414 bsc#1229450). - accel/qaic: Fix the for loop used to walk SG table (git-fixes). - arm64: Subscribe Microsoft Azure Cobalt 100 to erratum 3194386 (git-fixes) - arm64: cputype: Add Neoverse-N3 definitions (git-fixes) - arm64: errata: Enable the AC03_CPU_38 workaround for ampere1a (git-fixes). - arm64: errata: Expand speculative SSBS workaround once more (git-fixes) - arm64: esr: Define ESR_ELx_EC_* constants as UL (git-fixes) - arm64: fix selection of HAVE_DYNAMIC_FTRACE_WITH_ARGS (git-fixes). - arm64: probes: Fix simulate_ldr*_literal() (git-fixes) - arm64: probes: Fix uprobes for big-endian kernels (git-fixes) - arm64: probes: Remove broken LDR (literal) uprobe support (git-fixes) - ata: libata: Set DID_TIME_OUT for commands that actually timed out (git-fixes). - ata: libata: avoid superfluous disk spin down + spin up during hibernation (git-fixes). - audit: do not WARN_ON_ONCE(!current->mm) in audit_exe_compare() (git-fixes). - audit: do not take task_lock() in audit_exe_compare() code path (git-fixes). - block: print symbolic error name instead of error code (bsc#1231872). - block: sed-opal: add ioctl IOC_OPAL_SET_SID_PW (bsc#1229677). - bnxt_en: Cap the size of HWRM_PORT_PHY_QCFG forwarded response (git-fixes). - bnxt_en: Fix error recovery for 5760X (P7) chips (git-fixes). - bnxt_en: Fix the PCI-AER routines (git-fixes). - bnxt_en: Restore PTP tx_avail count in case of skb_pad() error (git-fixes). - bnxt_en: refactor reset close code (git-fixes). - bpf, lsm: Add disabled BPF LSM hook list (git-fixes). - bpf, net: Fix a potential race in do_sock_getsockopt() (git-fixes). - bpf, verifier: Correct tail_call_reachable for bpf prog (git-fixes). - bpf, x64: Remove tail call detection (git-fixes). - bpf,perf: Fix perf_event_detach_bpf_prog error handling (git-fixes). - bpf: Fail verification for sign-extension of packet data/data_end/data_meta (git-fixes). - bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit (git-fixes). - bpf: Fix error message on kfunc arg type mismatch (git-fixes). - bpf: Fix helper writes to read-only maps (git-fixes). - bpf: Fix tailcall cases in test_bpf (git-fixes). - bpf: Fix truncation bug in coerce_reg_to_size_sx() (git-fixes). - bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types (git-fixes). - bpf: Remove truncation test in bpf_strtol and bpf_strtoul helpers (git-fixes). - bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error (git-fixes). - bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos (git-fixes). - btf, scripts: rust: drop is_rust_module.sh (bsc#1230414 bsc#1229450). - btrfs: send: fix invalid clone operation for file that got its size decreased (git-fixes). - can: netlink: avoid call to do_set_data_bittiming callback with stale can_priv::ctrlmode (stable-fixes). - ceph: fix cap ref leak via netfs init_request (bsc#1231384). - clk: bcm: bcm53573: fix OF node leak in init (stable-fixes). - clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D (stable-fixes). - comedi: ni_routing: tools: Check when the file could not be opened (stable-fixes). - config: Disable LAM on x86 (bsc#1217845) - cpufreq/amd-pstate: Fix amd_pstate mode switch on shared memory systems (git-fixes). - crypto: hisilicon/qm - flush all work before driver removed (bsc#1232075) - crypto: octeontx - Fix authenc setkey (stable-fixes). - crypto: octeontx* - Select CRYPTO_AUTHENC (git-fixes). - crypto: octeontx2 - Fix authenc setkey (stable-fixes). - crypto: powerpc/p10-aes-gcm - Add dependency on CRYPTO_SIMD and re-enable CRYPTO_AES_GCM_P10 (bsc#1230501 ltc#208632). - crypto: powerpc/p10-aes-gcm - Disable CRYPTO_AES_GCM_P10 (bsc#1230501 ltc#208632). - crypto: powerpc/p10-aes-gcm - Re-write AES/GCM stitched implementation (bsc#1230501 ltc#208632). - crypto: powerpc/p10-aes-gcm - Register modules as SIMD (bsc#1230501 ltc#208632). - cxgb4: Properly lock TX queue for the selftest (git-fixes). - cxgb4: add forgotten u64 ivlan cast before shift (git-fixes). - cxgb4: unnecessary check for 0 in the free_sge_txq_uld() function (git-fixes). - dcache: keep dentry_hashtable or d_hash_shift even when not used (git-fixes). - debugfs: fix automount d_fsdata usage (git-fixes). - devlink: Fix command annotation documentation (git-fixes). - dmaengine: sh: rz-dmac: handle configs where one address is zero (git-fixes). - dmaengine: ti: k3-udma: Set EOP for all TRs in cyclic BCDMA transfer (git-fixes). - driver core: bus: Fix double free in driver API bus_register() (stable-fixes). - driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute (stable-fixes). - drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring (git-fixes). - drm/amd/display: Add HDMI DSC native YCbCr422 support (stable-fixes). - drm/amd/display: Add disable timeout option (bsc#1231435) - drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944) - drm/amd/display: Check null pointer before dereferencing se (stable-fixes). - drm/amd/display: Clean up dsc blocks in accelerated mode (stable-fixes). - drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too (stable-fixes). - drm/amd/display: Remove a redundant check in authenticated_dp (stable-fixes). - drm/amd/display: Revert 'Check HDCP returned status' (stable-fixes). - drm/amd/display: Round calculated vtotal (stable-fixes). - drm/amd/display: Skip to enable dsc if it has been off (stable-fixes). - drm/amd/display: Validate backlight caps are sane (stable-fixes). - drm/amd/pm: Vangogh: Fix kernel memory out of bounds write (git-fixes). - drm/amd: Guard against bad data for ATIF ACPI method (git-fixes). - drm/amdgpu/swsmu: Only force workload setup on init (git-fixes). - drm/amdgpu/vcn: enable AV1 on both instances (stable-fixes). - drm/i915/gem: fix bitwise and logical AND mixup (git-fixes). - drm/i915/hdcp: fix connector refcounting (git-fixes). - drm/mediatek: Fix get efuse issue for MT8188 DPTX (git-fixes). - drm/msm/dpu: check for overflow in _dpu_crtc_setup_lm_bounds() (git-fixes). - drm/msm/dpu: do not always program merge_3d block (git-fixes). - drm/msm/dpu: make sure phys resources are properly initialized (git-fixes). - drm/msm/dpu: move CRTC resource assignment to dpu_encoder_virt_atomic_check (git-fixes). - drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation (git-fixes). - drm/msm/dsi: improve/fix dsc pclk calculation (git-fixes). - drm/msm: Allocate memory for disp snapshot with kvzalloc() (git-fixes). - drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() (git-fixes). - drm/radeon: Fix encoder->possible_clones (git-fixes). - drm/sched: Add locking to drm_sched_entity_modify_sched (git-fixes). - drm/sched: Always wake up correct scheduler in drm_sched_entity_push_job (git-fixes). - drm/v3d: Stop the active perfmon before being destroyed (git-fixes). - drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (stable-fixes). - drm/vc4: Stop the active perfmon before being destroyed (git-fixes). - drm/vmwgfx: Handle surface check failure correctly (git-fixes). - drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS (git-fixes). - e1000e: Fix S0ix residency on corporate systems (git-fixes). - e1000e: change I219 (19) devices to ADP (git-fixes). - e1000e: fix force smbus during suspend flow (git-fixes). - e1000e: move force SMBUS near the end of enable_ulp function (git-fixes). - efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (stable-fixes). - eth: bnxt: fix counting packets discarded due to OOM and netpoll (git-fixes). - ext4: do not track ranges in fast_commit if inode has inlined data (bsc#1231635). - ext4: fix fast commit inode enqueueing during a full journal commit (bsc#1231636). - ext4: fix incorrect tid assumption in ext4_fc_mark_ineligible() (bsc#1231637). - ext4: fix possible tid_t sequence overflows (bsc#1231634). - ext4: mark fc as ineligible using an handle in ext4_xattr_set() (bsc#1231640). - ext4: use handle to mark fc as ineligible in __track_dentry_update() (bsc#1231639). - fat: fix uninitialized variable (git-fixes). - fbcon: Fix a NULL pointer dereference issue in fbcon_putcs (stable-fixes). - fbdev: sisfb: Fix strbuf array overflow (stable-fixes). - fgraph: Change the name of cpuhp state to 'fgraph:online' (git-fixes). - fgraph: Fix missing unlock in register_ftrace_graph() (git-fixes). - fgraph: Use CPU hotplug mechanism to initialize idle shadow stacks (git-fixes). - filemap: remove use of wait bookmarks (bsc#1224088). - firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() (git-fixes). - firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup() (git-fixes). - firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() (git-fixes). - fs/9p: drop inodes immediately on non-.L too (git-fixes). - fs/9p: fix the cache always being enabled on files with qid flags (git-fixes). - genirq/msi: Fix off-by-one error in msi_domain_alloc() (git-fixes). - gpio: aspeed: Add the flush write to ensure the write complete (git-fixes). - gpio: aspeed: Use devm_clk api to manage clock source (git-fixes). - gpio: davinci: fix lazy disable (git-fixes). - gve: Fix XDP TX completion handling when counters overflow (git-fixes). - gve: Fix an edge case for TSO skb validity check (git-fixes). - gve: ignore nonrelevant GSO type bits when processing TSO headers (git-fixes). - hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma (git-fixes). - hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (git-fixes). - hwmon: (adm9240) Add missing dependency on REGMAP_I2C (git-fixes). - hwmon: (adt7470) Add missing dependency on REGMAP_I2C (git-fixes). - hwmon: (max16065) Fix alarm attributes (git-fixes). - hwmon: (max16065) Remove use of i2c_match_id() (stable-fixes). - hwmon: (mc34vr500) Add missing dependency on REGMAP_I2C (git-fixes). - hwmon: (nct6775) add G15CF to ASUS WMI monitoring list (stable-fixes). - hwmon: (tmp513) Add missing dependency on REGMAP_I2C (git-fixes). - hwmon: intel-m10-bmc-hwmon: relabel Columbiaville to CVL Die Temperature (git-fixes). - i2c: core: Setup i2c_adapter runtime-pm before calling device_add() (git-fixes). - i2c: core: fix lockdep warning for sparsely nested adapter chain (git-fixes). - i2c: cpm: Remove linux,i2c-index conversion from be32 (git-fixes). - i2c: exynos5: Calculate t_scl_l, t_scl_h according to i2c spec (git-fixes). - i2c: i801: Add lis3lv02d for Dell Precision 3540 (git-fixes). - i2c: i801: Add lis3lv02d for Dell XPS 15 7590 (git-fixes). - i2c: i801: Use a different adapter-name for IDF adapters (stable-fixes). - i2c: i801: add helper i801_restore_regs (git-fixes). - i2c: ismt: kill transaction in hardware on timeout (git-fixes). - i2c: ocores: Move system PM hooks to the NOIRQ phase (git-fixes). - i2c: ocores: Remove #ifdef guards for PM related functions (git-fixes). - i2c: omap: switch to NOIRQ_SYSTEM_SLEEP_PM_OPS() and RUNTIME_PM_OPS() (git-fixes). - i2c: omap: wakeup the controller during suspend() callback (git-fixes). - i2c: rcar: properly format a debug output (git-fixes). - i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume (git-fixes). - i2c: stm32f7: perform most of irq job in threaded handler (git-fixes). - i2c: synquacer: Deal with optional PCLK correctly (git-fixes). - i2c: synquacer: Remove a clk reference from struct synquacer_i2c (stable-fixes). - i2c: xiic: Try re-initialization on bus busy timeout (git-fixes). - i2c: xiic: improve error message when transfer fails to start (stable-fixes). - i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition (stable-fixes). - i40e: Fix XDP program unloading while removing the driver (git-fixes). - i40e: Report MFS in decimal base instead of hex (git-fixes). - iavf: Fix TC config comparison with existing adapter TC config (git-fixes). - ice: Fix VSI list rule with ICE_SW_LKUP_LAST type (git-fixes). - ice: Fix checking for unsupported keys on non-tunnel device (git-fixes). - ice: Fix lldp packets dropping after changing the number of channels (git-fixes). - ice: Fix netif_is_ice() in Safe Mode (git-fixes). - ice: Fix package download algorithm (git-fixes). - ice: Fix recipe read procedure (git-fixes). - ice: Fix reset handler (git-fixes). - ice: Flush FDB entries before reset (git-fixes). - ice: Interpret .set_channels() input differently (git-fixes). - ice: Rebuild TC queues on VSI queue reconfiguration (git-fixes). - ice: Reject pin requests with unsupported flags (git-fixes). - ice: add flag to distinguish reset from .ndo_bpf in XDP rings config (git-fixes). - ice: add missing WRITE_ONCE when clearing ice_rx_ring::xdp_prog (git-fixes). - ice: avoid IRQ collision to fix init failure on ACPI S3 resume (git-fixes). - ice: clear port vlan config during reset (git-fixes). - ice: disallow DPLL_PIN_STATE_SELECTABLE for dpll output pins (git-fixes). - ice: do not bring the VSI up, if it was down before the XDP setup (git-fixes). - ice: do not busy wait for Rx queue disable in ice_qp_dis() (git-fixes). - ice: fix 200G PHY types to link speed mapping (git-fixes). - ice: fix 200G link speed message log (git-fixes). - ice: fix ICE_LAST_OFFSET formula (git-fixes). - ice: fix VLAN replay after reset (git-fixes). - ice: fix VSI lists confusion when adding VLANs (git-fixes). - ice: fix accounting for filters shared by multiple VSIs (git-fixes). - ice: fix accounting if a VLAN already exists (git-fixes). - ice: fix iteration of TLVs in Preserved Fields Area (git-fixes). - ice: fix page reuse when PAGE_SIZE is over 8k (git-fixes). - ice: fix reads from NVM Shadow RAM on E830 and E825-C devices (git-fixes). - ice: fix truesize operations for PAGE_SIZE >= 8192 (git-fixes). - ice: implement AQ download pkg retry (git-fixes). - ice: map XDP queues to vectors in ice_vsi_map_rings_to_vectors() (git-fixes). - ice: remove af_xdp_zc_qps bitmap (git-fixes). - ice: replace synchronize_rcu with synchronize_net (git-fixes). - ice: respect netif readiness in AF_XDP ZC related ndo's (git-fixes). - ice: set correct dst VSI in only LAN filters (git-fixes). - ice: tc: allow zero flags in parsing tc flower (git-fixes). - ice: tc: check src_vsi in case of traffic from VF (git-fixes). - ice: use proper macro for testing bit (git-fixes). - idpf: Interpret .set_channels() input differently (git-fixes). - idpf: avoid bloating &idpf_q_vector with big %NR_CPUS (git-fixes). - idpf: do not enable NAPI and interrupts prior to allocating Rx buffers (git-fixes). - idpf: do not skip over ethtool tcp-data-split setting (git-fixes). - idpf: fix UAFs when destroying the queues (git-fixes). - idpf: fix memleak in vport interrupt configuration (git-fixes). - idpf: fix memory leaks and crashes while performing a soft reset (git-fixes). - ieee802154: Fix build error (git-fixes). - igb: Always call igb_xdp_ring_update_tail() under Tx lock (git-fixes). - igb: Fix not clearing TimeSync interrupts for 82580 (git-fixes). - igc: Fix double reset adapter triggered from a single taprio cmd (git-fixes). - igc: Fix packet still tx after gate close by reducing i226 MAC retry buffer (git-fixes). - igc: Fix qbv tx latency by setting gtxoffset (git-fixes). - igc: Fix qbv_config_change_errors logics (git-fixes). - igc: Fix reset adapter logics when tx mode change (git-fixes). - igc: Unlock on error in igc_io_resume() (git-fixes). - iio: accel: bma400: Fix uninitialized variable field_value in tap event handling (git-fixes). - iio: accel: kx022a: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes). - iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() (git-fixes). - iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes). - iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes). - iio: adc: ti-lmp92064: add missing select REGMAP_SPI in Kconfig (git-fixes). - iio: amplifiers: ada4250: add missing select REGMAP_SPI in Kconfig (git-fixes). - iio: dac: ad3552r: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes). - iio: dac: ad5766: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes). - iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig (git-fixes). - iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig (git-fixes). - iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig (git-fixes). - iio: frequency: adf4377: add missing select REMAP_SPI in Kconfig (git-fixes). - iio: frequency: admv4420: fix missing select REMAP_SPI in Kconfig (git-fixes). - iio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table() (git-fixes). - iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table() (git-fixes). - iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() (git-fixes). - iio: light: opt3001: add missing full-scale range value (git-fixes). - iio: light: veml6030: fix ALS sensor resolution (git-fixes). - iio: light: veml6030: fix IIO device retrieval from embedded device (git-fixes). - iio: light: veml6030: fix microlux value calculation (git-fixes). - iio: magnetometer: ak8975: Convert enum->pointer for data in the match tables (stable-fixes). - iio: magnetometer: ak8975: Fix 'Unexpected device' error (git-fixes). - iio: magnetometer: ak8975: drop incorrect AK09116 compatible (git-fixes). - iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes). - io_uring/eventfd: move to more idiomatic RCU free usage (git-fixes). - io_uring/io-wq: do not allow pinning outside of cpuset (git-fixes). - io_uring/io-wq: inherit cpuset of cgroup in io worker (git-fixes). - io_uring/net: harden multishot termination case for recv (git-fixes). - io_uring/rw: fix cflags posting for single issue multishot read (git-fixes). - io_uring/rw: treat -EOPNOTSUPP for IOCB_NOWAIT like -EAGAIN (git-fixes). - io_uring/sqpoll: do not allow pinning outside of cpuset (git-fixes). - io_uring/sqpoll: do not put cpumask on stack (git-fixes). - io_uring/sqpoll: retain test for whether the CPU is valid (git-fixes). - io_uring: check for presence of task_work rather than TIF_NOTIFY_SIGNAL (git-fixes). - iommu/amd: Allocate the page table root using GFP_KERNEL (git-fixes). - iommu/amd: Do not set the D bit on AMD v2 table entries (git-fixes). - iommu/amd: Fix typo of , instead of ; (git-fixes). - iommu/vt-d: Always reserve a domain ID for identity setup (git-fixes). - iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices (git-fixes). - iommufd: Check the domain owner of the parent before creating a nesting domain (git-fixes). - iommufd: Protect against overflow of ALIGN() during iova allocation (git-fixes). - jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit (bsc#1231638). - jfs: Fix sanity check in dbMount (git-fixes). - jfs: Fix uaf in dbFreeBits (git-fixes). - jfs: Fix uninit-value access of new_ea in ea_buffer (git-fixes). - jfs: UBSAN: shift-out-of-bounds in dbFindBits (git-fixes). - jfs: check if leafidx greater than num leaves per dmap tree (git-fixes). - jump_label: Fix static_key_slow_dec() yet again (git-fixes). - kABI fix of VM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) (git-fixes). - kABI: bpf: enum bpf_{type_flag,arg_type} kABI workaround (git-fixes). - kABI: bpf: struct bpf_insn_acces_aux kABI workaround (git-fixes). - kasan: Fix Software Tag-Based KASAN with GCC (git-fixes). - kbuild, bpf: Use test-ge check for v1.25-only pahole (bsc#1230414 bsc#1229450). - kbuild,bpf: Add module-specific pahole flags for distilled base BTF (bsc#1230414 bsc#1229450). - kbuild,bpf: Switch to using --btf_features for pahole v1.26 and later (bsc#1230414 bsc#1229450). - kbuild: avoid too many execution of scripts/pahole-flags.sh (bsc#1230414 bsc#1229450). - kbuild: bpf: Tell pahole to DECL_TAG kfuncs (bsc#1230414 bsc#1229450). - kconfig: qconf: fix buffer overflow in debug links (git-fixes). - keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry (git-fixes). - keys: Fix overwrite of key expiration on instantiation (git-fixes). - kthread: unpark only parked kthread (git-fixes). - lib/xarray: introduce a new helper xas_get_order (bsc#1231617). - mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING (git-fixes). - macsec: do not increment counters for an unrelated SA (git-fixes). - maple_tree: correct tree corruption on spanning store (git-fixes). - media: i2c: imx335: Enable regulator supplies (stable-fixes). - media: imx335: Fix reset-gpio handling (git-fixes). - media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning (git-fixes). - media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() (stable-fixes). - mei: use kvmalloc for read buffer (git-fixes). - mfd: intel_soc_pmic_chtwc: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes). - minmax: avoid overly complex min()/max() macro arguments in xen (git-fixes). - mlx5: avoid truncating error message (git-fixes). - mlx5: stop warning for 64KB pages (git-fixes). - mm/filemap: optimize filemap folio adding (bsc#1231617). - mm/filemap: return early if failed to allocate memory for split (bsc#1231617). - mm: khugepaged: fix the arguments order in khugepaged_collapse_file trace point (git-fixes). - mm: mmap: no need to call khugepaged_enter_vma() for stack (jsc#PED-10978). - modpost: fix acpi MODULE_DEVICE_TABLE built with mismatched endianness (git-fixes). - modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host (git-fixes). - module: abort module loading when sysfs setup suffer errors (git-fixes). - nbd: fix race between timeout and normal completion (bsc#1230918). - net/mlx5: Add missing masks and QoS bit masks for scheduling elements (git-fixes). - net/mlx5: Added cond_resched() to crdump collection (git-fixes). - net/mlx5: Check capability for fw_reset (git-fixes). - net/mlx5: Check for invalid vector index on EQ creation (git-fixes). - net/mlx5: Explicitly set scheduling element and TSAR type (git-fixes). - net/mlx5: Fix command bitmask initialization (git-fixes). - net/mlx5: Fix error handling in irq_pool_request_irq (git-fixes). - net/mlx5: Lag, do bond only if slaves agree on roce state (git-fixes). - net/mlx5: Lag, do not use the hardcoded value of the first port (git-fixes). - net/mlx5: Stop waiting for PCI if pci channel is offline (git-fixes). - net/mlx5: Unregister notifier on eswitch init failure (git-fixes). - net/mlx5: Update the list of the PCI supported devices (git-fixes). - net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (git-fixes). - net/mlx5e: Add missing link mode to ptys2ext_ethtool_map (git-fixes). - net/mlx5e: Add missing link modes to ptys2ethtool_map (git-fixes). - net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup() (git-fixes). - net/mlx5e: Correctly report errors for ethtool rx flows (git-fixes). - net/mlx5e: Do not call cleanup on profile rollback failure (git-fixes). - net/mlx5e: Fix IPsec tunnel mode offload feature check (git-fixes). - net/mlx5e: Fix UDP GSO for encapsulated packets (git-fixes). - net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets (git-fixes). - net/mlx5e: Require mlx5 tc classifier action support for IPsec prio capability (git-fixes). - net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (git-fixes). - net: mana: Implement get_ringparam/set_ringparam for mana (bsc#1229891). - net: mana: Improve mana_set_channels() in low mem conditions (bsc#1230289). - net: phy: Remove LED entry from LEDs list on unregister (git-fixes). - net: phy: bcm84881: Fix some error handling paths (git-fixes). - net: phy: dp83869: fix memory corruption when enabling fiber (git-fixes). - net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() (git-fixes). - net: qede: use return from qede_parse_actions() (git-fixes). - net: qede: use return from qede_parse_flow_attr() for flow_spec (git-fixes). - net: qede: use return from qede_parse_flow_attr() for flower (git-fixes). - net: stmmac: dwmac-tegra: Fix link bring-up sequence (git-fixes) - net: sysfs: Fix /sys/class/net/&lt;iface> path for statistics (git-fixes). - net: test for not too small csum_start in virtio_net_hdr_to_skb() (git-fixes). - net: usb: usbnet: fix name regression (get-fixes). - net: usb: usbnet: fix race in probe failure (git-fixes). - netdevsim: use cond_resched() in nsim_dev_trap_report_work() (git-fixes). - nfs: fix memory leak in error path of nfs4_do_reclaim (git-fixes). - nfsd: call cache_put if xdr_reserve_space returns NULL (git-fixes). - nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net (git-fixes). - nfsd: fix delegation_blocked() to block correctly for at least 30 seconds (git-fixes). - nfsd: fix refcount leak when file is unhashed after being found (git-fixes). - nfsd: map the EBADMSG to nfserr_io to avoid warning (git-fixes). - nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire (git-fixes). - nfsd: return -EINVAL when namelen is 0 (git-fixes). - nilfs2: fix kernel bug due to missing clearing of buffer delay flag (git-fixes). - nouveau/dmem: Fix privileged error in copy engine channel (git-fixes). - nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error (git-fixes). - nouveau/gsp: Avoid addressing beyond end of rpc->entries (stable-fixes). - ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). - nvme-multipath: suppress partition scan until the disk is ready (bsc#1228244). - nvme-pci: fix race condition between reset and nvme_dev_disable() (git-fixes). - nvme-pci: qdepth 1 quirk (git-fixes). - nvme-pci: set doorbell config before unquiescing (git-fixes). - nvme: disable CC.CRIME (NVME_CC_CRIME) (jsc#PED-9901). - nvme: null terminate nvme_tls_attrs (git-fixes). - nvme: re-fix error-handling for io_uring nvme-passthrough (git-fixes). - nvmet-auth: assign dh_key to NULL after kfree_sensitive (git-fixes). - ocfs2: fix the la space leak when unmounting an ocfs2 volume (git-fixes). - ocfs2: fix uninit-value in ocfs2_get_block() (git-fixes). - ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (git-fixes). - parport: Proper fix for array out-of-bounds access (git-fixes). - phy: freescale: imx8m-pcie: Do CMN_RST just before PHY PLL lock check (git-fixes). - phy: qcom: qmp-combo: move driver data initialisation earlier (git-fixes). - phy: qcom: qmp-usb: fix NULL-deref on runtime suspend (git-fixes). - phy: tegra: xusb: Add error pointer check in xusb.c (git-fixes). - phy: ti: phy-j721e-wiz: fix usxgmii configuration (git-fixes). - pinctrl: apple: check devm_kasprintf() returned value (git-fixes). - pinctrl: ocelot: fix system hang on level based interrupts (stable-fixes). - platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug (git-fixes). - platform/x86: dell-sysman: add support for alienware products (stable-fixes). - platform/x86: dell-wmi: Ignore suspend notifications (stable-fixes). - platform/x86: lenovo-ymc: Ignore the 0x0 state (stable-fixes). - platform/x86: touchscreen_dmi: add nanote-next quirk (stable-fixes). - power: reset: brcmstb: Do not go into infinite loop if reset fails (stable-fixes). - powercap: intel_rapl: Fix off by one in get_rpi() (git-fixes). - powerpc/64: Convert patch_instruction() to patch_u32() (bsc#1194869). - powerpc/boot: Handle allocation failure in simple_realloc() (bsc#1194869). - powerpc/boot: Only free if realloc() succeeds (bsc#1194869). - powerpc/code-patching: Add generic memory patching (bsc#1194869). - powerpc/code-patching: Perform hwsync in __patch_instruction() in case of failure (bsc#1194869). - powerpc/crypto: do not build aes-gcm-p10 by default (bsc#1230501 ltc#208632). - powerpc/crypto: fix missing skcipher dependency for aes-gcm-p10 (bsc#1230501 ltc#208632). - powerpc/vdso: Fix VDSO data access when running in a non-root time namespace (bsc#1194869). - powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (bsc#1194869). - powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729). - printk: Add notation to console_srcu locking (bsc#1232183). - qed: avoid truncating work queue length (git-fixes). - rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (bsc#1226631). - rcu: Fix buffer overflow in print_cpu_stall_info() (bsc#1226623). - rpm/check-for-config-changes: add HAVE_RUST and RUSTC_SUPPORTS_ to IGNORED_CONFIGS_RE They depend on SHADOW_CALL_STACK. - rpm/release-projects: Add SLFO projects (bsc#1231293). - rpmsg: glink: Handle rejected intent request better (git-fixes). - runtime constants: add default dummy infrastructure (git-fixes). - runtime constants: add x86 architecture support (git-fixes). - s390/mm: Add cond_resched() to cmm_alloc/free_pages() (bsc#1228747). - s390/pci: Handle PCI error codes other than 0x3a (git-fixes bsc#1232629). - s390/sclp: Deactivate sclp after all its users (git-fixes bsc#1232628). - s390/sclp_vt220: Convert newlines to CRLF instead of LFCR (git-fixes bsc#1232627). - scsi: fnic: Move flush_work initialization out of if block (bsc#1230055). - scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() (bsc#1232757). - scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance (bsc#1232757). - scsi: lpfc: Fix kref imbalance on fabric ndlps from dev_loss_tmo handler (bsc#1232757). - scsi: lpfc: Remove trailing space after \n newline (bsc#1232757). - scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs (bsc#1232757 bsc#1228119). - scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR to KERN_WARNING (bsc#1232757). - scsi: lpfc: Support loopback tests with VMID enabled (bsc#1232757). - scsi: lpfc: Update lpfc version to 14.4.0.5 (bsc#1232757). - scsi: lpfc: Update phba link state conditional before sending CMF_SYNC_WQE (bsc#1232757). - selftests/bpf: Add a test case to write mtu result into .rodata (git-fixes). - selftests/bpf: Add a test case to write strtol result into .rodata (git-fixes). - selftests/bpf: Add test for sign extension in coerce_subreg_to_size_sx() (git-fixes). - selftests/bpf: Add test for truncation after sign extension in coerce_reg_to_size_sx() (git-fixes). - selftests/bpf: Add tests for ldsx of pkt data/data_end/data_meta accesses (git-fixes). - selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test (git-fixes). - selftests/bpf: Rename ARG_PTR_TO_LONG test description (git-fixes). - selftests/bpf: test for malformed BPF_CORE_TYPE_ID_LOCAL relocation (git-fixes). - serial: imx: Update mctrl old_status on RTSD interrupt (git-fixes). - serial: protect uart_port_dtr_rts() in uart_shutdown() too (stable-fixes). - soundwire: intel_bus_common: enable interrupts before exiting reset (stable-fixes). - spi: atmel-quadspi: Fix wrong register value written to MR (git-fixes). - spi: mtk-snfi: fix kerneldoc for mtk_snand_is_page_ops() (git-fixes). - spi: s3c64xx: fix timeout counters in flush_fifo (git-fixes). - spi: spi-fsl-dspi: Fix crash when not using GPIO chip select (git-fixes). - spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes). - splice: always fsnotify_access(in), fsnotify_modify(out) on success (git-fixes). - splice: fsnotify_access(fd)/fsnotify_modify(fd) in vmsplice (git-fixes). - splice: fsnotify_access(in), fsnotify_modify(out) on success in tee (git-fixes). - srcu: Fix callbacks acceleration mishandling (git-fixes). - staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() (git-fixes). - sumversion: Fix a memory leak in get_src_version() (git-fixes). - supported.conf: mark nhpoly1305 module as supported (bsc#1231035) - supported.conf: mark ultravisor userspace access as supported (bsc#1232090) - task_work: add kerneldoc annotation for 'data' argument (git-fixes). - thunderbolt: Improve DisplayPort tunnel setup process to be more robust (stable-fixes). - tools: hv: rm .*.cmd when make clean (git-fixes). - tracing/hwlat: Fix a race during cpuhp processing (git-fixes). - tracing/osnoise: Fix build when timerlat is not enabled (git-fixes). - tracing/osnoise: Skip running osnoise if all instances are off (git-fixes). - tracing/osnoise: Switch from PF_NO_SETAFFINITY to migrate_disable (git-fixes). - tracing/osnoise: Use a cpumask to know what threads are kthreads (git-fixes). - tracing/timerlat: Add interface_lock around clearing of kthread in stop_kthread() (git-fixes). - tracing/timerlat: Add user-space interface (git-fixes). - tracing/timerlat: Drop interface_lock in stop_kthread() (git-fixes). - tracing/timerlat: Fix a race during cpuhp processing (git-fixes). - tracing/timerlat: Fix duplicated kthread creation due to CPU online/offline (git-fixes). - tracing/timerlat: Move hrtimer_init to timerlat_fd open() (git-fixes). - tracing/timerlat: Only clear timer if a kthread exists (git-fixes). - tracing: Consider the NULL character when validating the event length (git-fixes). - tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (stable-fixes). - ubifs: Fix adding orphan entry twice for the same inode (git-fixes). - ubifs: Fix unattached xattr inode if powercut happens after deleting (git-fixes). - ubifs: add check for crypto_shash_tfm_digest (git-fixes). - ubifs: dbg_orphan_check: Fix missed key type checking (git-fixes). - unicode: Do not special case ignorable code points (stable-fixes). - uprobe: avoid out-of-bounds memory access of fetching args (git-fixes). - uprobes: encapsulate preparation of uprobe args buffer (git-fixes). - uprobes: introduce the global struct vm_special_mapping xol_mapping (bsc#1231114). - uprobes: turn xol_area->pages into xol_area->page (bsc#1231114). - usb: chipidea: udc: enable suspend interrupt after usb reset (stable-fixes). - usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario (stable-fixes). - usb: dwc3: Wait for EndXfer completion before restoring GUSB2PHYCFG (git-fixes). - usb: dwc3: core: Stop processing of pending events if controller is halted (git-fixes). - usb: gadget: core: force synchronous registration (git-fixes). - usb: gadget: f_uac2: Replace snprintf() with the safer scnprintf() variant (stable-fixes). - usb: gadget: f_uac2: fix non-newline-terminated function name (stable-fixes). - usb: gadget: f_uac2: fix return value for UAC2_ATTRIBUTE_STRING store (git-fixes). - usb: phy: Fix API devm_usb_put_phy() can not release the phy (git-fixes). - usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip (stable-fixes). - usb: typec: altmode should keep reference to parent (git-fixes). - usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() (git-fixes). - usb: xhci: Fix problem with xhci resume from suspend (stable-fixes). - usb: xhci: fix loss of data on Cadence xHC (git-fixes). - usbip: tools: Fix detach_port() invalid port error path (git-fixes). - usbnet: fix cyclical race on disconnect with work queue (git-fixes). - vdpa: Fix an error handling path in eni_vdpa_probe() (git-fixes). - vdpa_sim_blk: Fix the potential leak of mgmt_dev (git-fixes). - vdpa_sim_blk: allocate the buffer zeroed (git-fixes). - vduse: avoid using __GFP_NOFAIL (git-fixes). - vfs: dcache: move hashlen_hash() from callers into d_hash() (git-fixes). - vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (git-fixes). - vhost_vdpa: assign irq bypass producer token correctly (git-fixes). - virtio_console: fix misc probe bugs (git-fixes). - vmalloc: modify the alloc_vmap_area() error message for better diagnostics (jsc#PED-10978). - vmxnet3: Add XDP support (bsc#1226498). - vmxnet3: Fix missing reserved tailroom (bsc#1226498). - vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame (bsc#1226498). - vmxnet3: add command to allow disabling of offloads (bsc#1226498). - vmxnet3: add latency measurement support in vmxnet3 (bsc#1226498). - vmxnet3: prepare for version 9 changes (bsc#1226498). - vmxnet3: update to version 9 (bsc#1226498). - vt: prevent kernel-infoleak in con_font_get() (git-fixes). - wifi: ath10k: Fix memory leak in management tx (git-fixes). - wifi: ath11k: Fix invalid ring usage in full monitor mode (git-fixes). - wifi: ath11k: fix array out-of-bound access in SoC stats (stable-fixes). - wifi: ath12k: fix array out-of-bound access in SoC stats (stable-fixes). - wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() (stable-fixes). - wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit (stable-fixes). - wifi: brcm80211: BRCM_TRACING should depend on TRACING (git-fixes). - wifi: cfg80211: Set correct chandef when starting CAC (stable-fixes). - wifi: cfg80211: clear wdev->cqm_config pointer on free (git-fixes). - wifi: iwlegacy: Fix 'field-spanning write' warning in il_enqueue_hcmd() (git-fixes). - wifi: iwlwifi: allow only CN mcc from WRDD (stable-fixes). - wifi: iwlwifi: config: label 'gl' devices as discrete (git-fixes). - wifi: iwlwifi: mvm: Fix a race in scan abort flow (stable-fixes). - wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() (git-fixes). - wifi: iwlwifi: mvm: avoid NULL pointer dereference (stable-fixes). - wifi: iwlwifi: mvm: do not add default link in fw restart flow (git-fixes). - wifi: iwlwifi: mvm: do not leak a link on AP removal (git-fixes). - wifi: iwlwifi: mvm: drop wrong STA selection in TX (stable-fixes). - wifi: iwlwifi: mvm: use correct key iteration (stable-fixes). - wifi: iwlwifi: remove AX101, AX201 and AX203 support from LNL (stable-fixes). - wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower (git-fixes). - wifi: mac80211: fix RCU list iterations (stable-fixes). - wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys (git-fixes). - wifi: mt76: mt7915: add dummy HW offload of IEEE 802.11 fragmentation (stable-fixes). - wifi: mt76: mt7915: disable tx worker during tx BA session enable/disable (stable-fixes). - wifi: mt76: mt7915: hold dev->mt76.mutex while disabling tx worker (stable-fixes). - wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() (stable-fixes). - wifi: rtw88: 8821cu: Remove VID/PID 0bda:c82c (stable-fixes). - wifi: rtw88: Fix USB/SDIO devices not transmitting beacons (git-fixes). - wifi: rtw88: select WANT_DEV_COREDUMP (stable-fixes). - wifi: rtw89: avoid reading out of bounds when loading TX power FW elements (stable-fixes). - wifi: rtw89: avoid to add interface to list twice when SER (stable-fixes). - wifi: rtw89: correct base HT rate mask for firmware (stable-fixes). - x86/CPU/AMD: Only apply Zenbleed fix for Zen2 during late microcode load (git-fixes). - x86/Documentation: Indent 'note::' directive for protocol version number note (git-fixes). - x86/PCI: Check pcie_find_root_port() return for NULL (git-fixes). - x86/amd_nb: Add new PCI IDs for AMD family 1Ah model 60h (git-fixes). - x86/apic: Always explicitly disarm TSC-deadline timer (git-fixes). - x86/apic: Make x2apic_disable() work correctly (git-fixes). - x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (git-fixes). - x86/bugs: Skip RSB fill at VMEXIT (git-fixes). - x86/cpufeatures: Add a IBPB_NO_RET BUG flag (git-fixes). - x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (git-fixes). - x86/entry: Have entry_ibpb() invalidate return predictions (git-fixes). - x86/entry: Remove unwanted instrumentation in common_interrupt() (git-fixes). - x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency (git-fixes). - x86/mm: Use IPIs to synchronize LAM enablement (git-fixes). - x86/resctrl: Annotate get_mem_config() functions as __init (git-fixes). - x86/resctrl: Avoid overflow in MB settings in bw_validate() (git-fixes). - x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler (git-fixes). - x86: do the user address masking outside the user access area (git-fixes). - x86: fix user address masking non-canonical speculation issue (git-fixes). - x86: make the masked_user_access_begin() macro use its argument only once (git-fixes). - x86: support user address masking instead of non-speculative conditional (git-fixes). - xfs: check opcode and iovec count match in xlog_recover_attri_commit_pass2 (git-fixes). - xfs: check shortform attr entry flags specifically (git-fixes). - xfs: convert delayed extents to unwritten when zeroing post eof blocks (git-fixes). - xfs: fix finding a last resort AG in xfs_filestream_pick_ag (git-fixes). - xfs: fix freeing speculative preallocations for preallocated files (git-fixes). - xfs: make sure sb_fdblocks is non-negative (git-fixes). - xfs: make the seq argument to xfs_bmapi_convert_delalloc() optional (git-fixes). - xfs: make xfs_bmapi_convert_delalloc() to allocate the target offset (git-fixes). - xfs: remove a racy if_bytes check in xfs_reflink_end_cow_extent (git-fixes). - xfs: validate recovered name buffers when recovering xattr items (git-fixes). - xhci: Add a quirk for writing ERST in high-low order (git-fixes). - xhci: Fix Link TRB DMA in command ring stopped completion event (git-fixes). - xhci: Fix incorrect stream context type macro (git-fixes). - xhci: Mitigate failed set dequeue pointer commands (git-fixes). - xhci: Use pm_runtime_get to prevent RPM on unsupported systems (git-fixes). - xhci: tegra: fix checked USB2 port number (git-fixes). - zonefs: Improve error handling (git-fixes). Important SUSE bug 1065729 SUSE bug 1194869 SUSE bug 1217845 SUSE bug 1218562 SUSE bug 1219596 SUSE bug 1219803 SUSE bug 1220382 SUSE bug 1223384 SUSE bug 1223700 SUSE bug 1223824 SUSE bug 1223848 SUSE bug 1224088 SUSE bug 1224574 SUSE bug 1225611 SUSE bug 1226003 SUSE bug 1226498 SUSE bug 1226623 SUSE bug 1226631 SUSE bug 1226797 SUSE bug 1226848 SUSE bug 1228119 SUSE bug 1228244 SUSE bug 1228269 SUSE bug 1228410 SUSE bug 1228454 SUSE bug 1228537 SUSE bug 1228620 SUSE bug 1228743 SUSE bug 1228747 SUSE bug 1228857 SUSE bug 1229019 SUSE bug 1229429 SUSE bug 1229450 SUSE bug 1229585 SUSE bug 1229677 SUSE bug 1229769 SUSE bug 1229808 SUSE bug 1229891 SUSE bug 1230055 SUSE bug 1230132 SUSE bug 1230179 SUSE bug 1230220 SUSE bug 1230289 SUSE bug 1230295 SUSE bug 1230339 SUSE bug 1230341 SUSE bug 1230375 SUSE bug 1230414 SUSE bug 1230429 SUSE bug 1230456 SUSE bug 1230501 SUSE bug 1230527 SUSE bug 1230550 SUSE bug 1230600 SUSE bug 1230620 SUSE bug 1230710 SUSE bug 1230762 SUSE bug 1230763 SUSE bug 1230773 SUSE bug 1230774 SUSE bug 1230801 SUSE bug 1230831 SUSE bug 1230914 SUSE bug 1230918 SUSE bug 1231016 SUSE bug 1231035 SUSE bug 1231072 SUSE bug 1231073 SUSE bug 1231075 SUSE bug 1231081 SUSE bug 1231082 SUSE bug 1231083 SUSE bug 1231084 SUSE bug 1231085 SUSE bug 1231087 SUSE bug 1231089 SUSE bug 1231092 SUSE bug 1231093 SUSE bug 1231094 SUSE bug 1231096 SUSE bug 1231098 SUSE bug 1231100 SUSE bug 1231101 SUSE bug 1231102 SUSE bug 1231105 SUSE bug 1231108 SUSE bug 1231111 SUSE bug 1231114 SUSE bug 1231115 SUSE bug 1231116 SUSE bug 1231117 SUSE bug 1231131 SUSE bug 1231132 SUSE bug 1231135 SUSE bug 1231136 SUSE bug 1231138 SUSE bug 1231148 SUSE bug 1231169 SUSE bug 1231170 SUSE bug 1231171 SUSE bug 1231178 SUSE bug 1231179 SUSE bug 1231183 SUSE bug 1231187 SUSE bug 1231191 SUSE bug 1231193 SUSE bug 1231195 SUSE bug 1231197 SUSE bug 1231200 SUSE bug 1231202 SUSE bug 1231203 SUSE bug 1231276 SUSE bug 1231293 SUSE bug 1231384 SUSE bug 1231434 SUSE bug 1231435 SUSE bug 1231436 SUSE bug 1231439 SUSE bug 1231440 SUSE bug 1231441 SUSE bug 1231442 SUSE bug 1231452 SUSE bug 1231474 SUSE bug 1231481 SUSE bug 1231496 SUSE bug 1231502 SUSE bug 1231537 SUSE bug 1231539 SUSE bug 1231540 SUSE bug 1231541 SUSE bug 1231617 SUSE bug 1231634 SUSE bug 1231635 SUSE bug 1231636 SUSE bug 1231637 SUSE bug 1231638 SUSE bug 1231639 SUSE bug 1231640 SUSE bug 1231673 SUSE bug 1231828 SUSE bug 1231849 SUSE bug 1231855 SUSE bug 1231856 SUSE bug 1231857 SUSE bug 1231858 SUSE bug 1231859 SUSE bug 1231860 SUSE bug 1231861 SUSE bug 1231864 SUSE bug 1231865 SUSE bug 1231868 SUSE bug 1231869 SUSE bug 1231871 SUSE bug 1231872 SUSE bug 1231901 SUSE bug 1231902 SUSE bug 1231903 SUSE bug 1231904 SUSE bug 1231906 SUSE bug 1231907 SUSE bug 1231908 SUSE bug 1231914 SUSE bug 1231916 SUSE bug 1231924 SUSE bug 1231926 SUSE bug 1231931 SUSE bug 1231935 SUSE bug 1231942 SUSE bug 1231944 SUSE bug 1231947 SUSE bug 1231950 SUSE bug 1231951 SUSE bug 1231953 SUSE bug 1231954 SUSE bug 1231955 SUSE bug 1231956 SUSE bug 1231957 SUSE bug 1231965 SUSE bug 1231967 SUSE bug 1231968 SUSE bug 1231987 SUSE bug 1231988 SUSE bug 1231989 SUSE bug 1231990 SUSE bug 1231998 SUSE bug 1232000 SUSE bug 1232003 SUSE bug 1232009 SUSE bug 1232013 SUSE bug 1232015 SUSE bug 1232016 SUSE bug 1232017 SUSE bug 1232018 SUSE bug 1232033 SUSE bug 1232034 SUSE bug 1232036 SUSE bug 1232043 SUSE bug 1232047 SUSE bug 1232048 SUSE bug 1232049 SUSE bug 1232050 SUSE bug 1232056 SUSE bug 1232075 SUSE bug 1232076 SUSE bug 1232080 SUSE bug 1232083 SUSE bug 1232084 SUSE bug 1232085 SUSE bug 1232089 SUSE bug 1232090 SUSE bug 1232093 SUSE bug 1232094 SUSE bug 1232097 SUSE bug 1232098 SUSE bug 1232105 SUSE bug 1232109 SUSE bug 1232111 SUSE bug 1232114 SUSE bug 1232116 SUSE bug 1232117 SUSE bug 1232124 SUSE bug 1232126 SUSE bug 1232127 SUSE bug 1232129 SUSE bug 1232130 SUSE bug 1232131 SUSE bug 1232132 SUSE bug 1232134 SUSE bug 1232135 SUSE bug 1232140 SUSE bug 1232141 SUSE bug 1232142 SUSE bug 1232145 SUSE bug 1232147 SUSE bug 1232148 SUSE bug 1232151 SUSE bug 1232152 SUSE bug 1232154 SUSE bug 1232155 SUSE bug 1232156 SUSE bug 1232159 SUSE bug 1232160 SUSE bug 1232162 SUSE bug 1232164 SUSE bug 1232174 SUSE bug 1232180 SUSE bug 1232182 SUSE bug 1232183 SUSE bug 1232185 SUSE bug 1232187 SUSE bug 1232189 SUSE bug 1232192 SUSE bug 1232195 SUSE bug 1232196 SUSE bug 1232200 SUSE bug 1232208 SUSE bug 1232217 SUSE bug 1232218 SUSE bug 1232220 SUSE bug 1232221 SUSE bug 1232222 SUSE bug 1232232 SUSE bug 1232250 SUSE bug 1232251 SUSE bug 1232253 SUSE bug 1232254 SUSE bug 1232255 SUSE bug 1232256 SUSE bug 1232260 SUSE bug 1232262 SUSE bug 1232263 SUSE bug 1232275 SUSE bug 1232279 SUSE bug 1232282 SUSE bug 1232285 SUSE bug 1232287 SUSE bug 1232295 SUSE bug 1232309 SUSE bug 1232310 SUSE bug 1232312 SUSE bug 1232313 SUSE bug 1232314 SUSE bug 1232315 SUSE bug 1232316 SUSE bug 1232317 SUSE bug 1232329 SUSE bug 1232332 SUSE bug 1232333 SUSE bug 1232334 SUSE bug 1232335 SUSE bug 1232339 SUSE bug 1232340 SUSE bug 1232342 SUSE bug 1232345 SUSE bug 1232349 SUSE bug 1232359 SUSE bug 1232362 SUSE bug 1232369 SUSE bug 1232370 SUSE bug 1232378 SUSE bug 1232381 SUSE bug 1232383 SUSE bug 1232392 SUSE bug 1232394 SUSE bug 1232395 SUSE bug 1232417 SUSE bug 1232418 SUSE bug 1232424 SUSE bug 1232427 SUSE bug 1232432 SUSE bug 1232435 SUSE bug 1232503 SUSE bug 1232504 SUSE bug 1232505 SUSE bug 1232506 SUSE bug 1232507 SUSE bug 1232511 SUSE bug 1232519 SUSE bug 1232520 SUSE bug 1232529 SUSE bug 1232552 SUSE bug 1232623 SUSE bug 1232626 SUSE bug 1232627 SUSE bug 1232628 SUSE bug 1232629 SUSE bug 1232757 SUSE bug 1232768 CVE-2023-52766 at SUSE CVE-2023-52766 at NVD CVE-2023-52800 at SUSE CVE-2023-52800 at NVD CVE-2023-52881 at SUSE CVE-2023-52881 at NVD CVE-2023-52917 at SUSE CVE-2023-52917 at NVD CVE-2023-52918 at SUSE CVE-2023-52918 at NVD CVE-2023-52919 at SUSE CVE-2023-52919 at NVD CVE-2023-6270 at SUSE CVE-2023-6270 at NVD CVE-2024-26758 at SUSE CVE-2024-26758 at NVD CVE-2024-26761 at SUSE CVE-2024-26761 at NVD CVE-2024-26767 at SUSE CVE-2024-26767 at NVD CVE-2024-26943 at SUSE CVE-2024-26943 at NVD CVE-2024-27026 at SUSE CVE-2024-27026 at NVD CVE-2024-27043 at SUSE CVE-2024-27043 at NVD CVE-2024-35980 at SUSE CVE-2024-35980 at NVD CVE-2024-36244 at SUSE CVE-2024-36244 at NVD CVE-2024-38576 at SUSE CVE-2024-38576 at NVD CVE-2024-38577 at SUSE CVE-2024-38577 at NVD CVE-2024-38599 at SUSE CVE-2024-38599 at NVD CVE-2024-41016 at SUSE CVE-2024-41016 at NVD CVE-2024-41031 at SUSE CVE-2024-41031 at NVD CVE-2024-41047 at SUSE CVE-2024-41047 at NVD CVE-2024-41082 at SUSE CVE-2024-41082 at NVD CVE-2024-42145 at SUSE CVE-2024-42145 at NVD CVE-2024-44932 at SUSE CVE-2024-44932 at NVD CVE-2024-44958 at SUSE CVE-2024-44958 at NVD CVE-2024-44964 at SUSE CVE-2024-44964 at NVD CVE-2024-45016 at SUSE CVE-2024-45016 at NVD CVE-2024-45025 at SUSE CVE-2024-45025 at NVD CVE-2024-46678 at SUSE CVE-2024-46678 at NVD CVE-2024-46721 at SUSE CVE-2024-46721 at NVD CVE-2024-46754 at SUSE CVE-2024-46754 at NVD CVE-2024-46766 at SUSE CVE-2024-46766 at NVD CVE-2024-46770 at SUSE CVE-2024-46770 at NVD CVE-2024-46775 at SUSE CVE-2024-46775 at NVD CVE-2024-46777 at SUSE CVE-2024-46777 at NVD CVE-2024-46797 at SUSE CVE-2024-46797 at NVD CVE-2024-46802 at SUSE CVE-2024-46802 at NVD CVE-2024-46803 at SUSE CVE-2024-46803 at NVD CVE-2024-46804 at SUSE CVE-2024-46804 at NVD CVE-2024-46805 at SUSE CVE-2024-46805 at NVD CVE-2024-46806 at SUSE CVE-2024-46806 at NVD CVE-2024-46807 at SUSE CVE-2024-46807 at NVD CVE-2024-46809 at SUSE CVE-2024-46809 at NVD CVE-2024-46810 at SUSE CVE-2024-46810 at NVD CVE-2024-46811 at SUSE CVE-2024-46811 at NVD CVE-2024-46812 at SUSE CVE-2024-46812 at NVD CVE-2024-46813 at SUSE CVE-2024-46813 at NVD CVE-2024-46814 at SUSE CVE-2024-46814 at NVD CVE-2024-46815 at SUSE CVE-2024-46815 at NVD CVE-2024-46816 at SUSE CVE-2024-46816 at NVD CVE-2024-46817 at SUSE CVE-2024-46817 at NVD CVE-2024-46818 at SUSE CVE-2024-46818 at NVD CVE-2024-46819 at SUSE CVE-2024-46819 at NVD CVE-2024-46821 at SUSE CVE-2024-46821 at NVD CVE-2024-46825 at SUSE CVE-2024-46825 at NVD CVE-2024-46826 at SUSE CVE-2024-46826 at NVD CVE-2024-46827 at SUSE CVE-2024-46827 at NVD CVE-2024-46828 at SUSE CVE-2024-46828 at NVD CVE-2024-46830 at SUSE CVE-2024-46830 at NVD CVE-2024-46831 at SUSE CVE-2024-46831 at NVD CVE-2024-46834 at SUSE CVE-2024-46834 at NVD CVE-2024-46835 at SUSE CVE-2024-46835 at NVD CVE-2024-46836 at SUSE CVE-2024-46836 at NVD CVE-2024-46840 at SUSE CVE-2024-46840 at NVD CVE-2024-46841 at SUSE CVE-2024-46841 at NVD CVE-2024-46842 at SUSE CVE-2024-46842 at NVD CVE-2024-46843 at SUSE CVE-2024-46843 at NVD CVE-2024-46846 at SUSE CVE-2024-46846 at NVD CVE-2024-46848 at SUSE CVE-2024-46848 at NVD CVE-2024-46849 at SUSE CVE-2024-46849 at NVD CVE-2024-46851 at SUSE CVE-2024-46851 at NVD CVE-2024-46852 at SUSE CVE-2024-46852 at NVD CVE-2024-46853 at SUSE CVE-2024-46853 at NVD CVE-2024-46854 at SUSE CVE-2024-46854 at NVD CVE-2024-46855 at SUSE CVE-2024-46855 at NVD CVE-2024-46857 at SUSE CVE-2024-46857 at NVD CVE-2024-46859 at SUSE CVE-2024-46859 at NVD CVE-2024-46860 at SUSE CVE-2024-46860 at NVD CVE-2024-46861 at SUSE CVE-2024-46861 at NVD CVE-2024-46864 at SUSE CVE-2024-46864 at NVD CVE-2024-46870 at SUSE CVE-2024-46870 at NVD CVE-2024-46871 at SUSE CVE-2024-46871 at NVD CVE-2024-47658 at SUSE CVE-2024-47658 at NVD CVE-2024-47660 at SUSE CVE-2024-47660 at NVD CVE-2024-47661 at SUSE CVE-2024-47661 at NVD CVE-2024-47662 at SUSE CVE-2024-47662 at NVD CVE-2024-47663 at SUSE CVE-2024-47663 at NVD CVE-2024-47664 at SUSE CVE-2024-47664 at NVD CVE-2024-47665 at SUSE CVE-2024-47665 at NVD CVE-2024-47667 at SUSE CVE-2024-47667 at NVD CVE-2024-47668 at SUSE CVE-2024-47668 at NVD CVE-2024-47669 at SUSE CVE-2024-47669 at NVD CVE-2024-47670 at SUSE CVE-2024-47670 at NVD CVE-2024-47671 at SUSE CVE-2024-47671 at NVD CVE-2024-47672 at SUSE CVE-2024-47672 at NVD CVE-2024-47673 at SUSE CVE-2024-47673 at NVD CVE-2024-47674 at SUSE CVE-2024-47674 at NVD CVE-2024-47675 at SUSE CVE-2024-47675 at NVD CVE-2024-47681 at SUSE CVE-2024-47681 at NVD CVE-2024-47682 at SUSE CVE-2024-47682 at NVD CVE-2024-47684 at SUSE CVE-2024-47684 at NVD CVE-2024-47685 at SUSE CVE-2024-47685 at NVD CVE-2024-47686 at SUSE CVE-2024-47686 at NVD CVE-2024-47687 at SUSE CVE-2024-47687 at NVD CVE-2024-47688 at SUSE CVE-2024-47688 at NVD CVE-2024-47692 at SUSE CVE-2024-47692 at NVD CVE-2024-47693 at SUSE CVE-2024-47693 at NVD CVE-2024-47695 at SUSE CVE-2024-47695 at NVD CVE-2024-47696 at SUSE CVE-2024-47696 at NVD CVE-2024-47697 at SUSE CVE-2024-47697 at NVD CVE-2024-47698 at SUSE CVE-2024-47698 at NVD CVE-2024-47699 at SUSE CVE-2024-47699 at NVD CVE-2024-47702 at SUSE CVE-2024-47702 at NVD CVE-2024-47704 at SUSE CVE-2024-47704 at NVD CVE-2024-47705 at SUSE CVE-2024-47705 at NVD CVE-2024-47706 at SUSE CVE-2024-47706 at NVD CVE-2024-47707 at SUSE CVE-2024-47707 at NVD CVE-2024-47709 at SUSE CVE-2024-47709 at NVD CVE-2024-47710 at SUSE CVE-2024-47710 at NVD CVE-2024-47712 at SUSE CVE-2024-47712 at NVD CVE-2024-47713 at SUSE CVE-2024-47713 at NVD CVE-2024-47714 at SUSE CVE-2024-47714 at NVD CVE-2024-47715 at SUSE CVE-2024-47715 at NVD CVE-2024-47718 at SUSE CVE-2024-47718 at NVD CVE-2024-47719 at SUSE CVE-2024-47719 at NVD CVE-2024-47720 at SUSE CVE-2024-47720 at NVD CVE-2024-47723 at SUSE CVE-2024-47723 at NVD CVE-2024-47727 at SUSE CVE-2024-47727 at NVD CVE-2024-47728 at SUSE CVE-2024-47728 at NVD CVE-2024-47730 at SUSE CVE-2024-47730 at NVD CVE-2024-47731 at SUSE CVE-2024-47731 at NVD CVE-2024-47732 at SUSE CVE-2024-47732 at NVD CVE-2024-47735 at SUSE CVE-2024-47735 at NVD CVE-2024-47737 at SUSE CVE-2024-47737 at NVD CVE-2024-47738 at SUSE CVE-2024-47738 at NVD CVE-2024-47739 at SUSE CVE-2024-47739 at NVD CVE-2024-47741 at SUSE CVE-2024-47741 at NVD CVE-2024-47742 at SUSE CVE-2024-47742 at NVD CVE-2024-47743 at SUSE CVE-2024-47743 at NVD CVE-2024-47744 at SUSE CVE-2024-47744 at NVD CVE-2024-47745 at SUSE CVE-2024-47745 at NVD CVE-2024-47747 at SUSE CVE-2024-47747 at NVD CVE-2024-47748 at SUSE CVE-2024-47748 at NVD CVE-2024-47749 at SUSE CVE-2024-47749 at NVD CVE-2024-47750 at SUSE CVE-2024-47750 at NVD CVE-2024-47751 at SUSE CVE-2024-47751 at NVD CVE-2024-47752 at SUSE CVE-2024-47752 at NVD CVE-2024-47753 at SUSE CVE-2024-47753 at NVD CVE-2024-47754 at SUSE CVE-2024-47754 at NVD CVE-2024-47756 at SUSE CVE-2024-47756 at NVD CVE-2024-47757 at SUSE CVE-2024-47757 at NVD CVE-2024-49850 at SUSE CVE-2024-49850 at NVD CVE-2024-49851 at SUSE CVE-2024-49851 at NVD CVE-2024-49853 at SUSE CVE-2024-49853 at NVD CVE-2024-49855 at SUSE CVE-2024-49855 at NVD CVE-2024-49858 at SUSE CVE-2024-49858 at NVD CVE-2024-49860 at SUSE CVE-2024-49860 at NVD CVE-2024-49861 at SUSE CVE-2024-49861 at NVD CVE-2024-49862 at SUSE CVE-2024-49862 at NVD CVE-2024-49863 at SUSE CVE-2024-49863 at NVD CVE-2024-49864 at SUSE CVE-2024-49864 at NVD CVE-2024-49867 at SUSE CVE-2024-49867 at NVD CVE-2024-49870 at SUSE CVE-2024-49870 at NVD CVE-2024-49871 at SUSE CVE-2024-49871 at NVD CVE-2024-49874 at SUSE CVE-2024-49874 at NVD CVE-2024-49875 at SUSE CVE-2024-49875 at NVD CVE-2024-49877 at SUSE CVE-2024-49877 at NVD CVE-2024-49878 at SUSE CVE-2024-49878 at NVD CVE-2024-49879 at SUSE CVE-2024-49879 at NVD CVE-2024-49882 at SUSE CVE-2024-49882 at NVD CVE-2024-49886 at SUSE CVE-2024-49886 at NVD CVE-2024-49888 at SUSE CVE-2024-49888 at NVD CVE-2024-49890 at SUSE CVE-2024-49890 at NVD CVE-2024-49891 at SUSE CVE-2024-49891 at NVD CVE-2024-49892 at SUSE CVE-2024-49892 at NVD CVE-2024-49896 at SUSE CVE-2024-49896 at NVD CVE-2024-49898 at SUSE CVE-2024-49898 at NVD CVE-2024-49900 at SUSE CVE-2024-49900 at NVD CVE-2024-49902 at SUSE CVE-2024-49902 at NVD CVE-2024-49903 at SUSE CVE-2024-49903 at NVD CVE-2024-49906 at SUSE CVE-2024-49906 at NVD CVE-2024-49907 at SUSE CVE-2024-49907 at NVD CVE-2024-49908 at SUSE CVE-2024-49908 at NVD CVE-2024-49914 at SUSE CVE-2024-49914 at NVD CVE-2024-49917 at SUSE CVE-2024-49917 at NVD CVE-2024-49918 at SUSE CVE-2024-49918 at NVD CVE-2024-49919 at SUSE CVE-2024-49919 at NVD CVE-2024-49920 at SUSE CVE-2024-49920 at NVD CVE-2024-49928 at SUSE CVE-2024-49928 at NVD CVE-2024-49929 at SUSE CVE-2024-49929 at NVD CVE-2024-49930 at SUSE CVE-2024-49930 at NVD CVE-2024-49931 at SUSE CVE-2024-49931 at NVD CVE-2024-49935 at SUSE CVE-2024-49935 at NVD CVE-2024-49936 at SUSE CVE-2024-49936 at NVD CVE-2024-49937 at SUSE CVE-2024-49937 at NVD CVE-2024-49938 at SUSE CVE-2024-49938 at NVD CVE-2024-49939 at SUSE CVE-2024-49939 at NVD CVE-2024-49946 at SUSE CVE-2024-49946 at NVD CVE-2024-49947 at SUSE CVE-2024-49947 at NVD CVE-2024-49949 at SUSE CVE-2024-49949 at NVD CVE-2024-49950 at SUSE CVE-2024-49950 at NVD CVE-2024-49953 at SUSE CVE-2024-49953 at NVD CVE-2024-49954 at SUSE CVE-2024-49954 at NVD CVE-2024-49955 at SUSE CVE-2024-49955 at NVD CVE-2024-49957 at SUSE CVE-2024-49957 at NVD CVE-2024-49958 at SUSE CVE-2024-49958 at NVD CVE-2024-49960 at SUSE CVE-2024-49960 at NVD CVE-2024-49961 at SUSE CVE-2024-49961 at NVD CVE-2024-49962 at SUSE CVE-2024-49962 at NVD CVE-2024-49963 at SUSE CVE-2024-49963 at NVD CVE-2024-49965 at SUSE CVE-2024-49965 at NVD CVE-2024-49966 at SUSE CVE-2024-49966 at NVD CVE-2024-49967 at SUSE CVE-2024-49967 at NVD CVE-2024-49969 at SUSE CVE-2024-49969 at NVD CVE-2024-49972 at SUSE CVE-2024-49972 at NVD CVE-2024-49973 at SUSE CVE-2024-49973 at NVD CVE-2024-49974 at SUSE CVE-2024-49974 at NVD CVE-2024-49981 at SUSE CVE-2024-49981 at NVD CVE-2024-49982 at SUSE CVE-2024-49982 at NVD CVE-2024-49985 at SUSE CVE-2024-49985 at NVD CVE-2024-49986 at SUSE CVE-2024-49986 at NVD CVE-2024-49991 at SUSE CVE-2024-49991 at NVD CVE-2024-49993 at SUSE CVE-2024-49993 at NVD CVE-2024-49995 at SUSE CVE-2024-49995 at NVD CVE-2024-49996 at SUSE CVE-2024-49996 at NVD CVE-2024-50000 at SUSE CVE-2024-50000 at NVD CVE-2024-50001 at SUSE CVE-2024-50001 at NVD CVE-2024-50002 at SUSE CVE-2024-50002 at NVD CVE-2024-50007 at SUSE CVE-2024-50007 at NVD CVE-2024-50008 at SUSE CVE-2024-50008 at NVD CVE-2024-50013 at SUSE CVE-2024-50013 at NVD CVE-2024-50017 at SUSE CVE-2024-50017 at NVD CVE-2024-50019 at SUSE CVE-2024-50019 at NVD CVE-2024-50020 at SUSE CVE-2024-50020 at NVD CVE-2024-50021 at SUSE CVE-2024-50021 at NVD CVE-2024-50022 at SUSE CVE-2024-50022 at NVD CVE-2024-50023 at SUSE CVE-2024-50023 at NVD CVE-2024-50024 at SUSE CVE-2024-50024 at NVD CVE-2024-50025 at SUSE CVE-2024-50025 at NVD CVE-2024-50027 at SUSE CVE-2024-50027 at NVD CVE-2024-50028 at SUSE CVE-2024-50028 at NVD CVE-2024-50031 at SUSE CVE-2024-50031 at NVD CVE-2024-50033 at SUSE CVE-2024-50033 at NVD CVE-2024-50035 at SUSE CVE-2024-50035 at NVD CVE-2024-50040 at SUSE CVE-2024-50040 at NVD CVE-2024-50041 at SUSE CVE-2024-50041 at NVD CVE-2024-50042 at SUSE CVE-2024-50042 at NVD CVE-2024-50044 at SUSE CVE-2024-50044 at NVD CVE-2024-50045 at SUSE CVE-2024-50045 at NVD CVE-2024-50046 at SUSE CVE-2024-50046 at NVD CVE-2024-50047 at SUSE CVE-2024-50047 at NVD CVE-2024-50048 at SUSE CVE-2024-50048 at NVD CVE-2024-50049 at SUSE CVE-2024-50049 at NVD CVE-2024-50055 at SUSE CVE-2024-50055 at NVD CVE-2024-50058 at SUSE CVE-2024-50058 at NVD CVE-2024-50059 at SUSE CVE-2024-50059 at NVD CVE-2024-50060 at SUSE CVE-2024-50060 at NVD CVE-2024-50061 at SUSE CVE-2024-50061 at NVD CVE-2024-50062 at SUSE CVE-2024-50062 at NVD CVE-2024-50063 at SUSE CVE-2024-50063 at NVD CVE-2024-50064 at SUSE CVE-2024-50064 at NVD CVE-2024-50069 at SUSE CVE-2024-50069 at NVD CVE-2024-50073 at SUSE CVE-2024-50073 at NVD CVE-2024-50074 at SUSE CVE-2024-50074 at NVD CVE-2024-50075 at SUSE CVE-2024-50075 at NVD CVE-2024-50076 at SUSE CVE-2024-50076 at NVD CVE-2024-50077 at SUSE CVE-2024-50077 at NVD CVE-2024-50078 at SUSE CVE-2024-50078 at NVD cpe:/o:opensuse:leap:15.6 Security update for python3-wxPython (Moderate) openSUSE Leap 15.6 This update for python3-wxPython fixes the following issues: - CVE-2024-50602: Fixed a denial of service in the vendored libexpat's XML_ResumeParser function (bsc#1232590). Moderate SUSE bug 1232590 CVE-2024-50602 at SUSE CVE-2024-50602 at NVD cpe:/o:opensuse:leap:15.6 Security update for SUSE Manager Client Tools (Moderate) openSUSE Leap 15.6 This update fixes the following issues: golang-github-lusitaniae-apache_exporter: - Security issues fixed: * CVE-2023-3978: Fixed security bug in x/net dependency (bsc#1213933) - Other changes and issues fixed: * Delete unpackaged debug files for RHEL * Do not include source files in the package for RHEL 9 * Require Go 1.20 when building for RedHat derivatives * Drop EnvironmentFile from the service definition * Explicitly unset $ARGS environment variable. Setting environment variables should be done in drop-in systemd configuration files. * Drop go_nostrip macro. It is not needed with current binutils and Go. * Migrate from `disabled` to `manual` source service type * Drop BuildRequires: golang-packaging * Upgrade to version 1.0.8 (bsc#1227341) + Update prometheus/client_golang to version 1.19.1 + Update x/net to version 0.23.0 * Upgrade to version 1.0.7 + Update protobuf to version 1.33.0 + Update prometheus/client_golang to version 1.19.0 + Update prometheus/common to version 0.46.0 + Standardize landing page * Upgrade to version 1.0.6 + Update prometheus/exporter-toolkit to version 0.11.0 + Update prometheus/client_golang to version 1.18.0 + Add User-Agent header * Upgrade to version 1.0.4 + Update x/crypto to version 0.17.0 + Update alecthomas/kingpin/v2 to version 2.4.0 + Update prometheus/common to version 0.45.0 * Upgrade to version 1.0.3 + Update prometheus/client_golang to version 1.17.0 + Update x/net 0.17.0 * Upgrade to version 1.0.1 + Update prometheus/exporter-toolkit to version 0.10.0 + Update prometheus/common to version 0.44.0 + Update prometheus/client_golang to version 1.16.0 golang-github-prometheus-promu: - Require Go >= 1.21 for building - Packaging improvements: * Drop export CGO_ENABLED='0'. Use the default unless there is a defined requirement or benefit (bsc#1230623). - Update to version 0.16.0: * Do not discover user/host for reproducible builds * Fix example/prometheus build error - Update to version 0.15.0: * Add linux/riscv64 to default platforms * Use yaml.Unmarshalstrict to validate configuration files spacecmd: - Version 5.0.10-0 * Speed up softwarechannel_removepackages (bsc#1227606) * Fix error in 'kickstart_delete' when using wildcards (bsc#1227578) * Spacecmd bootstrap now works with specified port (bsc#1229437) * Fix sls backup creation as directory with spacecmd (bsc#1230745) uyuni-common-libs: - Version 5.0.5-0 * Enforce directory permissions at repo-sync when creating directories (bsc#1229260) uyuni-tools: - version 0.1.23-0 * Ensure namespace is defined in all kubernetes commands * Use SCC credentials to authenticate against registry.suse.com for kubernetes (bsc#1231157) * Fix namespace usage on mgrctl cp command - version 0.1.22-0 * Set projectId also for test packages/images * mgradm migration should not pull Confidential Computing and Hub image is replicas == 0 (bsc#1229432, bsc#1230136) * Do not allow SUSE Manager downgrade * Prevent completion issue when /var/log/uyuni-tools.log is missing * Fix proxy shared volume flag * During migration, exclude mgr-sync configuration file (bsc#1228685) * Migrate from PostgreSQL 14 to PostgreSQL 16 pg_hba.conf and postgresql.conf files (bsc#1231206) * During migration, handle empty autoinstallation path (bsc#1230285) * During migration, handle symlinks (bsc#1230288) * During migration, trust the remote sender's file list (bsc#1228424) * Use SCC flags during podman pull * Restore SELinux permission after migration (bsc#1229501) * Share volumes between containers (bsc#1223142) * Save supportconfig in current directory (bsc#1226759) * Fix error code handling on reinstallation (bsc#1230139) * Fix creating first user and organization * Add missing variable quotes for install vars (bsc#1229108) * Add API login and logout calls to allow persistent login Changes that only impact SUSE Manager 4.3: mgr-daemon: - Version 4.3.11-0 * Update translation strings spacewalk-client-tools: - Version 4.3.21-0 * Update translation strings Moderate SUSE bug 1213933 SUSE bug 1223142 SUSE bug 1226759 SUSE bug 1227341 SUSE bug 1227578 SUSE bug 1227606 SUSE bug 1228424 SUSE bug 1228685 SUSE bug 1229108 SUSE bug 1229260 SUSE bug 1229432 SUSE bug 1229437 SUSE bug 1229501 SUSE bug 1230136 SUSE bug 1230139 SUSE bug 1230285 SUSE bug 1230288 SUSE bug 1230745 SUSE bug 1231157 SUSE bug 1231206 CVE-2023-3978 at SUSE CVE-2023-3978 at NVD cpe:/o:opensuse:leap:15.6 Security update for expat (Moderate) openSUSE Leap 15.6 This update for expat fixes the following issues: - CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579). Moderate SUSE bug 1232579 CVE-2024-50602 at SUSE CVE-2024-50602 at NVD cpe:/o:opensuse:leap:15.6 Security update for httpcomponents-client, httpcomponents-core (Moderate) openSUSE Leap 15.6 This update for httpcomponents-client, httpcomponents-core fixes the following issues: httpcomponents-client: - Update to version 4.5.14 * HTTPCLIENT-2206: Corrected resource de-allocation by fluent response objects. * HTTPCLIENT-2174: URIBuilder to return a new empty list instead of unmodifiable Collections#emptyList. * Don't retry requests in case of NoRouteToHostException. * HTTPCLIENT-2144: RequestBuilder fails to correctly copy charset of requests with form url-encoded body. * PR #269: 4.5.x use array fill and more. + Use Arrays.fill(). + Remove redundant modifiers. + Use Collections.addAll() and Collection.addAll() APIs instead of loops. + Remove redundant returns. + No need to explicitly declare an array when calling a vararg method. + Remote extra semicolons (;). + Use a 'L' instead of 'l' to make long literals more readable. * PublicSuffixListParser.parseByType(Reader) allocates but does not use a 256 char StringBuilder. * Incorrect handling of malformed authority component by URIUtils#extractHost (bsc#1177488, CVE-2020-13956). * Avoid updating Content-Length header in a 304 response. * Bug fix: BasicExpiresHandler is annotated as immutable but is not (#239) * HTTPCLIENT-2076: Fixed NPE in LaxExpiresHandler. httpcomponents-core: - Upgraded to version 4.4.14 * PR #231: 4.4.x Use better map apis and more. + Remove redundant modifiers. + Use Collections.addAll() API instead of loops. + Remove redundant returns. + No need to explicitly declare an array when calling a vararg method. + Remote extra semicolons (;). * Bug fix: Non-blocking TLSv1.3 connections can end up in an infinite event spin when closed concurrently by the local and the remote endpoints. * HTTPCORE-647: Non-blocking connection terminated due to 'java.io.IOException: Broken pipe' can enter an infinite loop flushing buffered output data. * PR #201, HTTPCORE-634: Fix race condition in AbstractConnPool that can cause internal state corruption when persistent connections are manually removed from the pool. Moderate SUSE bug 1177488 CVE-2020-13956 at SUSE CVE-2020-13956 at NVD cpe:/o:opensuse:leap:15.6 Security update for bea-stax, xstream (Important) openSUSE Leap 15.6 This update for bea-stax, xstream fixes the following issues: - CVE-2024-47072: Fixed possible remote denial-of-service via a stack overflow (bsc#1233085). Important SUSE bug 1233085 CVE-2024-47072 at SUSE CVE-2024-47072 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaThunderbird (Critical) openSUSE Leap 15.6 This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 128.4.3 * fixed: Folder corruption could cause Thunderbird to freeze and become unusable * fixed: Message corruption could be propagated when reading mbox * fixed: Folder compaction was not abandoned on shutdown * fixed: Folder compaction did not clean up on failure * fixed: Collapsed NNTP thread incorrectly indicated there were unread messages * fixed: Navigating to next unread message did not wait for all messages to be loaded * fixed: Applying column view to folder and children could break if folder error occurred * fixed: Remote content notifications were broken with encrypted messages * fixed: Updating criteria of a saved search resulted in poor search performance * fixed: Drop-downs may not work in some places * fixed: Security fixes MFSA 2024-61 (bsc#1233355) * CVE-2024-11159 Potential disclosure of plaintext in OpenPGP encrypted message - Mozilla Thunderbird 128.4.2 * changed: Increased the auto-compaction threshold to reduce frequency of compaction * fixed: New profile creation caused console errors * fixed: Repair folder could result in older messages showing wrong date and time * fixed: Recently deleted messages could become undeleted if message compaction failed * fixed: Visual and UX improvements * fixed: Clicking on an HTML button could cause Thunderbird to freeze * fixed: Messages could not be selected for dragging * fixed: Could not open attached file in a MIME encrypted message * fixed: Account creation 'Setup Documentation' link was broken * fixed: Unable to generate QR codes when exporting to mobile in some cases * fixed: Operating system reauthentication was missing when exporting QR codes for mobile * fixed: Could not drag all-day events from one day to another in week view - Mozilla Thunderbird 128.4.1 * new: Add the 20 year donation appeal - Mozilla Thunderbird 128.4 * new: Export Thunderbird account settings to Thunderbird Mobile via QRCode * fixed: Unable to send an unencrypted response to an OpenPGP encrypted message * fixed: Thunderbird update did not update language pack version until another restart * fixed: Security fixes MFSA 2024-58 (bsc#1231879) * CVE-2024-10458 Permission leak via embed or object elements * CVE-2024-10459 Use-after-free in layout with accessibility * CVE-2024-10460 Confusing display of origin for external protocol handler prompt * CVE-2024-10461 XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response * CVE-2024-10462 Origin of permission prompt could be spoofed by long URL * CVE-2024-10463 Cross origin video frame leak * CVE-2024-10464 History interface could have been used to cause a Denial of Service condition in the browser * CVE-2024-10465 Clipboard 'paste' button persisted across tabs * CVE-2024-10466 DOM push subscription message could hang Firefox * CVE-2024-10467 Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4 Critical SUSE bug 1231879 SUSE bug 1233355 CVE-2024-10458 at SUSE CVE-2024-10458 at NVD CVE-2024-10459 at SUSE CVE-2024-10459 at NVD CVE-2024-10460 at SUSE CVE-2024-10460 at NVD CVE-2024-10461 at SUSE CVE-2024-10461 at NVD CVE-2024-10462 at SUSE CVE-2024-10462 at NVD CVE-2024-10463 at SUSE CVE-2024-10463 at NVD CVE-2024-10464 at SUSE CVE-2024-10464 at NVD CVE-2024-10465 at SUSE CVE-2024-10465 at NVD CVE-2024-10466 at SUSE CVE-2024-10466 at NVD CVE-2024-10467 at SUSE CVE-2024-10467 at NVD CVE-2024-11159 at SUSE CVE-2024-11159 at NVD cpe:/o:opensuse:leap:15.6 Security update for ucode-intel (Important) openSUSE Leap 15.6 This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20241112 release (bsc#1233313) - CVE-2024-21853: Faulty finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel Xeon Processors may allow an authorized user to potentially enable denial of service via local access. - CVE-2024-23918: Improper conditions check in some Intel Xeon processor memory controller configurations when using Intel SGX may allow a privileged user to potentially enable escalation of privilege via local access. - CVE-2024-21820: Incorrect default permissions in some Intel Xeon processor memory controller configurations when using Intel SGX may allow a privileged user to potentially enable escalation of privilege via local access. - CVE-2024-24968: Improper finite state machines (FSMs) in hardware logic in some Intel Processors may allow an privileged user to potentially enable a denial of service via local access. - CVE-2024-23984: Observable discrepancy in RAPL interface for some Intel Processors may allow a privileged user to potentially enable information disclosure via local access. - Update for functional issues. New Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | C0 | 06-97-02/07 | 00000036 | 00000037 | Core Gen12 | ADL | H0 | 06-97-05/07 | 00000036 | 00000037 | Core Gen12 | ADL | L0 | 06-9a-03/80 | 00000434 | 00000435 | Core Gen12 | ADL | R0 | 06-9a-04/80 | 00000434 | 00000435 | Core Gen12 | EMR-SP | A0 | 06-cf-01/87 | 21000230 | 21000283 | Xeon Scalable Gen5 | EMR-SP | A1 | 06-cf-02/87 | 21000230 | 21000283 | Xeon Scalable Gen5 | MTL | C0 | 06-aa-04/e6 | 0000001f | 00000020 | Core™ Ultra Processor | RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004122 | 00004123 | Core Gen13 | RPL-HX/S | C0 | 06-bf-02/07 | 00000036 | 00000037 | Core Gen13/Gen14 | RPL-S | H0 | 06-bf-05/07 | 00000036 | 00000037 | Core Gen13/Gen14 | RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004122 | 00004123 | Core Gen13 | SPR-SP | E3 | 06-8f-06/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4 | SPR-SP | E4/S2 | 06-8f-07/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4 | SPR-SP | E5/S3 | 06-8f-08/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4 New Disclosures Updated in Prior Releases: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ICL-D | B0 | 06-6c-01/10 | 010002b0 | N/A | Xeon D-17xx/D-18xx, D-27xx/D-28xx | ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003e7 | N/A | Xeon Scalable Gen3 - Intel CPU Microcode was updated to the 20241029 release Update for functional issues. Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | RPL-E/HX/S | B0 | 06-b7-01/32 | 00000129 | 0000012b | Core Gen13/Gen14 Important SUSE bug 1233313 CVE-2024-21820 at SUSE CVE-2024-21820 at NVD CVE-2024-21853 at SUSE CVE-2024-21853 at NVD CVE-2024-23918 at SUSE CVE-2024-23918 at NVD CVE-2024-23984 at SUSE CVE-2024-23984 at NVD CVE-2024-24968 at SUSE CVE-2024-24968 at NVD cpe:/o:opensuse:leap:15.6 Security update for javapackages-tools, xmlgraphics-batik, xmlgraphics-commons, xmlgraphics-fop (Moderate) openSUSE Leap 15.6 This update for javapackages-tools, xmlgraphics-batik, xmlgraphics-commons, xmlgraphics-fop fixes the following issues: xmlgraphics-fop was updated from version 2.8 to 2.10: - Security issues fixed: * CVE-2024-28168: Fixed improper restriction of XML External Entity (XXE) reference (bsc#1231428) - Upstream changes and bugs fixed: * Version 2.10: + footnote-body ignores rl-tb writing mode + SVG tspan content is displayed out of place + Added new schema to handle pdf/a and pdfa/ua + Correct fop version at runtime + NoSuchElementException when using font with no family name + Resolve classpath for binary distribution + Switch to spotbugs + Set an automatic module name + Rename packages to avoid conflicts with modules + Resize table only for multicolumn page + Missing jars in servlet + Optimise performance of PNG with alpha using raw loader + basic-link not navigating to corresponding footnote + Added option to sign PDF + Added secure processing for XSL input + Allow sections which need security permissions to be run when AllPermission denied in caller code + Remove unused PDFStructElem + Remove space generated by fo:wrapper + Reset content length for table changing ipd + Added alt text to PDF signature + Allow change of resource level for SVG in AFP + Exclude shape not in clipping path for AFP + Only support 1 column for redo of layout without page pos only + Switch to Jakarta servlet API + NPE when list item is split alongside an ipd change + Added mandatory MODCA triplet to AFP + Redo layout for multipage columns + Added image mask option for AFP + Skip written block ipds inside float + Allow curly braces for src url + Missing content for last page with change ipd + Added warning when different pdf languages are used + Only restart line manager when there is a linebreak for blocklayout * Version 2.9: + Values in PDF Number Trees must be indirect references + Do not delete files on syntax errors using command line + Surrogate pair edge-case causes Exception + Reset character spacing + SVG text containing certain glyphs isn't rendered + Remove duplicate classes from maven classpath + Allow use of page position only on redo of layout + Failure to render multi-block itemBody alongside float + Update to PDFBox 2.0.27 + NPE if link destination is missing with accessibility + Make property cache thread safe + Font size was rounded to 0 for AFP TTF + Cannot process a SVG using mvn jars + Remove serializer jar + Allow creating a PDF 2.0 document + Text missing after page break inside table inline + IllegalArgumentException for list in a table + Table width may be too wide when layout width changes + NPE when using broken link and PDF 1.5 + Allow XMP at PDF page level + Symbol font was not being mapped to unicode + Correct font differences table for Chrome + Link against Java 8 API + Added support for font-selection-strategy=character-by-character + Merge form fields in external PDFs + Fixed test for Java 11 xmlgraphics-batik was updated from version 1.17 to 1.18: - PNG transcoder references nonexistent class - Set offset to 0 if missing in stop tag - Validate throws NPE - Fixed missing arabic characters - Animated rotate tranform ignores y-origin at exactly 270 degrees - Set an automatic module name - Ignore inkscape properties - Switch to spotbugs - Allow source and target resolution configuration xmlgraphics-commons was updated from version 2.8 to 2.10: - Fixed test for Java 11 - Allow XMP at PDF page level - Allow source resolution configuration - Added new schema to handle pdf/a and pdfa/ua - Set an automatic module name - Switch to spotbugs - Do not use a singleton for ImageImplRegistry javapackages-tools was updated from version 6.3.0 to 6.3.4: - Version 6.3.4: * A corner case when which is not present * Remove dependency on which * Simplify after the which -> type -p change * jpackage_script: Remove pointless assignment when %java_home is unset * Don't export JAVA_HOME (bsc#1231347) - Version 6.3.2: * Search for JAVACMD under JAVA_HOME only if it's set * Obsolete set_jvm and set_jvm_dirs functions * Drop unneeded _set_java_home function * Remove JAVA_HOME check from check_java_env function * Bump codecov/codecov-action from 2.0.2 to 4.6.0 * Bump actions/setup-python from 4 to 5 * Bump actions/checkout from 2 to 4 * Added custom dependabot config * Remove the test for JAVA_HOME and error if it is not set * java-functions: Remove unneeded local variables * Fixed build status shield - Version 6.3.1: * Allow missing components with abs2rel * Fixed tests with python 3.4 * Sync spec file from Fedora * Drop default JRE/JDK * Fixed the use of java-functions in scripts * Test that we don't bomb on <relativePath/> * Test variable expansion in artifactId * Interpolate properties also in the current artifact * Rewrite abs2rel in shell * Use asciidoctor instead of asciidoc * Fixed incompatibility with RPM 4.20 * Reproducible exclusions order in maven metadata * Do not bomb on <relativePath/> construct * Make maven_depmap order of aliases reproducible Moderate SUSE bug 1231347 SUSE bug 1231428 CVE-2024-28168 at SUSE CVE-2024-28168 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql, postgresql16, postgresql17 (Important) openSUSE Leap 15.6 This update for postgresql, postgresql16, postgresql17 fixes the following issues: This update ships postgresql17 , and fixes security issues with postgresql16: - bsc#1230423: Relax the dependency of extensions on the server version from exact major.minor to greater or equal, after Tom Lane confirmed on the PostgreSQL packagers list that ABI stability is being taken care of between minor releases. - bsc#1219340: The last fix was not correct. Improve it by removing the dependency again and call fillup only if it is installed. postgresql16 was updated to 16.6: * Repair ABI break for extensions that work with struct ResultRelInfo. * Restore functionality of ALTER {ROLE|DATABASE} SET role. * Fix cases where a logical replication slot's restart_lsn could go backwards. * Avoid deleting still-needed WAL files during pg_rewind. * Fix race conditions associated with dropping shared statistics entries. * Count index scans in contrib/bloom indexes in the statistics views, such as the pg_stat_user_indexes.idx_scan counter. * Fix crash when checking to see if an index's opclass options have changed. * Avoid assertion failure caused by disconnected NFA sub-graphs in regular expression parsing. * https://www.postgresql.org/docs/release/16.6/ postgresql16 was updated to 16.5: * CVE-2024-10976, bsc#1233323: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference. * CVE-2024-10977, bsc#1233325: Make libpq discard error messages received during SSL or GSS protocol negotiation. * CVE-2024-10978, bsc#1233326: Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE * CVE-2024-10979, bsc#1233327: Prevent trusted PL/Perl code from changing environment variables. * https://www.postgresql.org/about/news/p-2955/ * https://www.postgresql.org/docs/release/16.5/ - Don't build the libs and mini flavor anymore to hand over to PostgreSQL 17. * https://www.postgresql.org/about/news/p-2910/ postgresql17 is shipped in version 17.2: * CVE-2024-10976, bsc#1233323: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference. * CVE-2024-10977, bsc#1233325: Make libpq discard error messages received during SSL or GSS protocol negotiation. * CVE-2024-10978, bsc#1233326: Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE * CVE-2024-10979, bsc#1233327: Prevent trusted PL/Perl code from changing environment variables. * https://www.postgresql.org/about/news/p-2955/ * https://www.postgresql.org/docs/release/17.1/ * https://www.postgresql.org/docs/release/17.2/ Upgrade to 17.2: * Repair ABI break for extensions that work with struct ResultRelInfo. * Restore functionality of ALTER {ROLE|DATABASE} SET role. * Fix cases where a logical replication slot's restart_lsn could go backwards. * Avoid deleting still-needed WAL files during pg_rewind. * Fix race conditions associated with dropping shared statistics entries. * Count index scans in contrib/bloom indexes in the statistics views, such as the pg_stat_user_indexes.idx_scan counter. * Fix crash when checking to see if an index's opclass options have changed. * Avoid assertion failure caused by disconnected NFA sub-graphs in regular expression parsing. Upgrade to 17.0: * New memory management system for VACUUM, which reduces memory consumption and can improve overall vacuuming performance. * New SQL/JSON capabilities, including constructors, identity functions, and the JSON_TABLE() function, which converts JSON data into a table representation. * Various query performance improvements, including for sequential reads using streaming I/O, write throughput under high concurrency, and searches over multiple values in a btree index. * Logical replication enhancements, including: + Failover control + pg_createsubscriber, a utility that creates logical replicas from physical standbys + pg_upgrade now preserves replication slots on both publishers and subscribers * New client-side connection option, sslnegotiation=direct, that performs a direct TLS handshake to avoid a round-trip negotiation. * pg_basebackup now supports incremental backup. * COPY adds a new option, ON_ERROR ignore, that allows a copy operation to continue in the event of an error. * https://www.postgresql.org/about/news/p-2936/ * https://www.postgresql.org/docs/17/release-17.html Important SUSE bug 1219340 SUSE bug 1230423 SUSE bug 1233323 SUSE bug 1233325 SUSE bug 1233326 SUSE bug 1233327 CVE-2024-10976 at SUSE CVE-2024-10976 at NVD CVE-2024-10977 at SUSE CVE-2024-10977 at NVD CVE-2024-10978 at SUSE CVE-2024-10978 at NVD CVE-2024-10979 at SUSE CVE-2024-10979 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-aiohttp (Moderate) openSUSE Leap 15.6 This update for python-aiohttp fixes the following issues: - CVE-2024-52304: Fixed request smuggling due to incorrect parsing of chunk extensions (bsc#1233447) Moderate SUSE bug 1233447 CVE-2024-52304 at SUSE CVE-2024-52304 at NVD cpe:/o:opensuse:leap:15.6 Security update for webkit2gtk3 (Important) openSUSE Leap 15.6 This update for webkit2gtk3 fixes the following issues: Update to version 2.46.3 (bsc#1232747): - CVE-2024-44244: Processing maliciously crafted web content may lead to an unexpected process crash. - CVE-2024-44296: Processing maliciously crafted web content may prevent Content Security Policy from being enforced. - CVE-2024-40866: Visiting a malicious website may lead to address bar spoofing. New references to version 2.46.0 (boo#1231039): - CVE-2024-44187: A cross- origin issue existed with “iframe” elements. This was addressed with improved tracking of security origins. - CVE-2024-44185: Processing maliciously crafted web content may lead to an unexpected process crash. Important SUSE bug 1231039 SUSE bug 1232747 CVE-2024-40866 at SUSE CVE-2024-40866 at NVD CVE-2024-44185 at SUSE CVE-2024-44185 at NVD CVE-2024-44187 at SUSE CVE-2024-44187 at NVD CVE-2024-44244 at SUSE CVE-2024-44244 at NVD CVE-2024-44296 at SUSE CVE-2024-44296 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaFirefox (Important) openSUSE Leap 15.6 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 128.5.0 ESR, fixed various security fixes and other quality improvements, MFSA 2024-64 (bsc#1233695): * CVE-2024-11691: Memory corruption in Apple GPU drivers * CVE-2024-11692: Select list elements could be shown over another site * CVE-2024-11693: Download Protections were bypassed by .library-ms files on Windows * CVE-2024-11694: CSP Bypass and XSS Exposure via Web Compatibility Shims * CVE-2024-11695: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters * CVE-2024-11696: Unhandled Exception in Add-on Signature Verification * CVE-2024-11697: Inproper Keypress Handling in Executable File Confirmation Dialog * CVE-2024-11698: Fullscreen Lock-Up When Modal Dialog Interrupts Transition on macOS * CVE-2024-11699: Memory safety bugs fixed in Firefox 133, Firefox ESR 128.5, and Thunderbird 128.5 Important SUSE bug 1233695 CVE-2024-11691 at SUSE CVE-2024-11691 at NVD CVE-2024-11692 at SUSE CVE-2024-11692 at NVD CVE-2024-11693 at SUSE CVE-2024-11693 at NVD CVE-2024-11694 at SUSE CVE-2024-11694 at NVD CVE-2024-11695 at SUSE CVE-2024-11695 at NVD CVE-2024-11696 at SUSE CVE-2024-11696 at NVD CVE-2024-11697 at SUSE CVE-2024-11697 at NVD CVE-2024-11698 at SUSE CVE-2024-11698 at NVD CVE-2024-11699 at SUSE CVE-2024-11699 at NVD cpe:/o:opensuse:leap:15.6 Security update for hplip (Low) openSUSE Leap 15.6 This update for hplip fixes the following issues: - hpmud: sanitize printer serial number (bsc#1209401) Low SUSE bug 1209401 cpe:/o:opensuse:leap:15.6 Security update for frr (Important) openSUSE Leap 15.6 This update for frr fixes the following issues: Update to frr 8.5.6 (jsc#PED-PED-11092) including fixes for: - CVE-2024-44070,CVE-2024-34088,CVE-2024-31951,CVE-2024-31950, CVE-2024-31948,CVE-2024-27913,CVE-2023-47235,CVE-2023-47234, CVE-2023-46753,CVE-2023-46752,CVE-2023-41909,CVE-2023-41360, CVE-2023-41358,CVE-2023-38802,CVE-2023-38407,CVE-2023-38406, CVE-2023-3748,CVE-2023-31490,CVE-2023-31489 and other bugfixes. See https://frrouting.org/release/8.5.6/ for details. The most recent frr 8.x series provides several new features, improvements and bug fixes for various protocols and daemons, especially for PIM/PIMv6/BGP and VRF support. See https://frrouting.org/release/8.5/ for details and links. Important CVE-2023-31489 at SUSE CVE-2023-31489 at NVD CVE-2023-31490 at SUSE CVE-2023-31490 at NVD CVE-2023-3748 at SUSE CVE-2023-3748 at NVD CVE-2023-38406 at SUSE CVE-2023-38406 at NVD CVE-2023-38407 at SUSE CVE-2023-38407 at NVD CVE-2023-38802 at SUSE CVE-2023-38802 at NVD CVE-2023-41358 at SUSE CVE-2023-41358 at NVD CVE-2023-41360 at SUSE CVE-2023-41360 at NVD CVE-2023-41909 at SUSE CVE-2023-41909 at NVD CVE-2023-46752 at SUSE CVE-2023-46752 at NVD CVE-2023-46753 at SUSE CVE-2023-46753 at NVD CVE-2023-47234 at SUSE CVE-2023-47234 at NVD CVE-2023-47235 at SUSE CVE-2023-47235 at NVD CVE-2024-27913 at SUSE CVE-2024-27913 at NVD CVE-2024-31948 at SUSE CVE-2024-31948 at NVD CVE-2024-31950 at SUSE CVE-2024-31950 at NVD CVE-2024-31951 at SUSE CVE-2024-31951 at NVD CVE-2024-34088 at SUSE CVE-2024-34088 at NVD CVE-2024-44070 at SUSE CVE-2024-44070 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-virtualenv (Important) openSUSE Leap 15.6 This update for python-virtualenv fixes the following issues: - CVE-2024-53899: Fixed a command injection through activation scripts (bsc#1233706) Important SUSE bug 1233706 CVE-2024-53899 at SUSE CVE-2024-53899 at NVD cpe:/o:opensuse:leap:15.6 Security update for qemu (Important) openSUSE Leap 15.6 This update for qemu fixes the following issues: Security fixes: - CVE-2024-8354: Fixed assertion failure in usb_ep_get() (bsc#1230834) - CVE-2024-8612: Fixed information leak in virtio devices (bsc#1230915) Update version to 8.2.7: Security fixes: - CVE-2024-7409: Fixed denial of service via improper synchronization in QEMU NBD Server during socket closure (bsc#1229007) - CVE-2024-4693: Fixed improper release of configure vector in virtio-pci that lead to guest triggerable crash (bsc#1224132) Other fixes: - added missing fix for ppc64 emulation that caused corruption in userspace (bsc#1230140) - target/ppc: Fix lxvx/stxvx facility check (bsc#1229929) - accel/kvm: check for KVM_CAP_READONLY_MEM on VM (bsc#1231519) Full changelog here: https://lore.kernel.org/qemu-devel/d9ff276f-f1ba-4e90-8343-a7a0dc2bf305@tls.msk.ru/ Important SUSE bug 1224132 SUSE bug 1229007 SUSE bug 1229929 SUSE bug 1230140 SUSE bug 1230834 SUSE bug 1230915 SUSE bug 1231519 CVE-2024-4693 at SUSE CVE-2024-4693 at NVD CVE-2024-7409 at SUSE CVE-2024-7409 at NVD CVE-2024-8354 at SUSE CVE-2024-8354 at NVD CVE-2024-8612 at SUSE CVE-2024-8612 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql15 (Important) openSUSE Leap 15.6 This update for postgresql15 fixes the following issues: - CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference (bsc#1233323). - CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiation (bsc#1233325). - CVE-2024-10978: Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE (bsc#1233326). - CVE-2024-10979: Prevent trusted PL/Perl code from changing environment variables (bsc#1233327). Important SUSE bug 1233323 SUSE bug 1233325 SUSE bug 1233326 SUSE bug 1233327 CVE-2024-10976 at SUSE CVE-2024-10976 at NVD CVE-2024-10977 at SUSE CVE-2024-10977 at NVD CVE-2024-10978 at SUSE CVE-2024-10978 at NVD CVE-2024-10979 at SUSE CVE-2024-10979 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql12 (Important) openSUSE Leap 15.6 This update for postgresql12 fixes the following issues: - CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference (bsc#1233323). - CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiation (bsc#1233325). - CVE-2024-10978: Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE (bsc#1233326). - CVE-2024-10979: Prevent trusted PL/Perl code from changing environment variables (bsc#1233327). Important SUSE bug 1233323 SUSE bug 1233325 SUSE bug 1233326 SUSE bug 1233327 CVE-2024-10976 at SUSE CVE-2024-10976 at NVD CVE-2024-10977 at SUSE CVE-2024-10977 at NVD CVE-2024-10978 at SUSE CVE-2024-10978 at NVD CVE-2024-10979 at SUSE CVE-2024-10979 at NVD cpe:/o:opensuse:leap:15.6 Security update for tomcat10 (Critical) openSUSE Leap 15.6 This update for tomcat10 fixes the following issues: - Update to Tomcat 10.1.33 * Fixed CVEs: + CVE-2024-52316: If the Jakarta Authentication fails with an exception, set a 500 status (bsc#1233434) * Catalina + Add: Add support for the new Servlet API method HttpServletResponse.sendEarlyHints(). (markt) + Add: 55470: Add debug logging that reports the class path when a ClassNotFoundException occurs in the digester or the web application class loader. Based on a patch by Ralf Hauser. (markt) + Update: 69374: Properly separate between table header and body in DefaultServlet's listing. (michaelo) + Update: 69373: Make DefaultServlet's HTML listing file last modified rendering better (flexible). (michaelo) + Update: Improve HTML output of DefaultServlet. (michaelo) + Code: Refactor RateLimitFilter to use FilterBase as the base class. The primary advantage is less code to process init-param values. (markt) + Update: 69370: DefaultServlet's HTML listing uses incorrect labels. (michaelo) + Fix: Avoid NPE in CrawlerSessionManagerValve for partially mapped requests. (remm) + Fix: Add missing WebDAV Lock-Token header in the response when locking a folder. (remm) + Fix: Invalid WebDAV lock requests should be rejected with 400. (remm) + Fix: Fix regression in WebDAV when attempting to unlock a collection. (remm) + Fix: Verify that destination is not locked for a WebDAV copy operation. (remm) + Fix: Send 415 response to WebDAV MKCOL operations that include a request body since this is optional and unsupported. (remm) + Fix: Enforce DAV: namespace on WebDAV XML elements. (remm) + Fix: Do not allow a new WebDAV lock on a child resource if a parent collection is locked (RFC 4918 section 6.1). (remm) + Fix: WebDAV DELETE should remove any existing lock on successfully deleted resources. (remm) + Update: Remove WebDAV lock null support in accordance with RFC 4918 section 7.3 and annex D. Instead, a lock on a non-existing resource will create an empty file locked with a regular lock. (remm) + Update: Rewrite implementation of WebDAV shared locks to comply with RFC 4918. (remm) + Update: Implement WebDAV If header using code from the Apache Jackrabbit project. (remm) + Add: Add PropertyStore interface in the WebDAV Servlet, to allow implementation of dead properties storage. The store used can be configured using the propertyStore init parameter of the WebDAV servlet by specifying the class name of the store. A simple non-persistent implementation is used if no custom store is configured. (remm) + Update: Implement WebDAV PROPPATCH method using the newly added PropertyStore, and update PROPFIND to support it. (remm) + Fix: Cache not found results when searching for web application class loader resources. This addresses performance problems caused by components such as java.sql.DriverManager, which in some circumstances will search for the same class repeatedly. The size of the cache can be controlled via the new notFoundClassResourceCacheSize on the StandardContext. (markt) + Fix: Stop after INITIALIZED state should be a noop since it is possible for subcomponents to be in FAILED after init. (remm) + Fix: Fix incorrect web resource cache size calculations when there are concurrent PUT and DELETE requests for the same resource. (markt) + Add: Add debug logging for the web resource cache so the current size can be tracked as resources are added and removed. (markt) + Update: Replace legacy WebDAV opaquelocktoken: scheme for lock tokens with urn:uuid: as recommended by RFC 4918, and remove secret init parameter. (remm) + Fix: Concurrent reads and writes (e.g. GET and PUT / DELETE) for the same path caused corruption of the FileResource where some of the fields were set as if the file exists and some as set as if it does not. This resulted in inconsistent metadata. (markt) + Fix: 69415: Ensure that the ExpiresFilter only sets cache headers on GET and HEAD requests. Also, skip requests where the application has set Cache-Control: no-store. (markt) + Fix: 69419: Improve the performance of ServletRequest.getAttribute() when there are multiple levels of nested includes. Based on a patch provided by John Engebretson. (markt) + Add: All applications to send an early hints informational response by calling HttpServletResponse.sendError() with a status code of 103. (schultz) + Fix: Ensure that ServerAuthModule.initialize() is called when a Jakarta Authentication module is configured via registerServerAuthModule(). (markt) + Fix: Ensure that the Jakarta Authentication CallbackHandler only creates one GenericPrincipal in the Subject. (markt) + Fix: If the Jakarta Authentication process fails with an Exception, explicitly set the HTTP response status to 500 as the ServerAuthContext may not have set it. (markt) + Fix: When persisting the Jakarta Authentication provider configuration, create any necessary parent directories that don't already exist. (markt) + Fix: Correct the logic used to detect errors when deleting temporary files associated with persisting the Jakarta Authentication provider configuration. (markt) + Fix: When processing Jakarta Authentication callbacks, don't overwrite a Principal obtained from the PasswordValidationCallback with null if the CallerPrincipalCallback does not provide a Principal. (markt) + Fix: Avoid store config backup loss when storing one configuration more than once per second. (remm) + Fix: 69359: WebdavServlet duplicates getRelativePath() method from super class with incorrect Javadoc. (michaelo) + Fix: 69360: Inconsistent DELETE behavior between WebdavServlet and DefaultServlet. (michaelo) + Fix: Make WebdavServlet properly return the Allow header when deletion of a resource is not allowed. (michaelo) + Fix: Add log warning if non-wildcard mappings are used with the WebdavServlet. (remm) + Fix: 69361: Ensure that the order of entries in a multi-status response to a WebDAV is consistent with the order in which resources were processed. (markt) + Fix: 69362: Provide a better multi-status response when deleting a collection via WebDAV fails. Empty directories that cannot be deleted will now be included in the response. (markt) + Fix: 69363: Use getPathPrefix() consistently in the WebDAV servlet to ensure that the correct path is used when the WebDAV servlet is mounted at a sub-path within the web application. (markt) + Fix 69320, a regression in the fix for 69302 that meant the HTTP/2 processing was likely to be broken for all clients once any client sent an HTTP/2 reset frame. (markt) + Fix: Improve performance of ApplicationHttpRequest.parseParameters(). Based on sample code and test cases provided by John Engebretson. (markt) + Fix: Correct regressions in the refactoring that added recycling of the coyote request and response to the HTTP/2 processing. (markt) + Add: Add support for RFC 8297 (Early Hints). Applications can use this feature by casting the HttpServletResponse to org.apache.catalina.connector. Response and then calling the method void sendEarlyHints(). This method will be added to the Servlet API (removing the need for the cast) in Servlet 6.2 onwards. (markt) + Fix: 69214: Do not reject a CORS request that uses POST but does not include a content-type header. Tomcat now correctly processes this as a simple CORS request. Based on a patch suggested by thebluemountain. (markt) + Fix: Refactor SpnegoAuthenticator so it uses Subject.callAs() rather than Subject.doAs() when available. (markt) + Fix: Allow JAASRealm to use the configuration source to load a configured configFile, for easier use with testing. (remm) + Fix: Add missing algorithm callback to the JAASCallbackHandler. (remm) + Fix: Add the OpenSSL version number on the APR and OpenSSL status classes. (remm) + Fix: 69131: Expand the implementation of the filter value of the Authenticator attribute allowCorsPreflight, so that it applies to all requests that match the configured URL patterns for the CORS filter, rather than only applying if the CORS filter is mapped to /*. (markt) + Fix: Using the OpenSSLListener will now cause the connector to use OpenSSL if available. (remm) * Coyote + Fix: Return null SSL session id on zero-length byte array returned from the SSL implementation. (remm) + Fix: Skip OpenSSLConf with BoringSSL since it is unsupported. (remm) + Fix: Create the HttpParser in Http11Processor if it is not present on the AbstractHttp11Protocol to provide better lifecycle robustness for regular HTTP/1.1. The new behavior was introduced in a previous refactoring to improve HTTP/2 performance. (remm) + Fix: OpenSSLContext will now throw a KeyManagementException if something is known to have gone wrong in the init method, which is the behavior documented by javax.net.ssl.SSLContext.init. This makes error handling more consistent. (remm) + Fix: 69379: The default HEAD response no longer includes the payload HTTP header fields as per section 9.3.2 of RFC 9110. (markt) + Fix: 69316: Ensure that FastHttpDateFormat#getCurrentDate() (used to generate Date headers for HTTP responses) generates the correct string for the given input. Prior to this change, the output may have been wrong by one second in some cases. Pull request #751 provided by Chenjp. (markt) + Fix: Request start time may not have been accurately recorded for HTTP/1.1 requests preceded by a large number of blank lines. (markt) + Add: Add server and serverRemoveAppProvidedValues to the list of attributes the HTTP/2 protocol will inherit from the HTTP/1.1 connector it is nested within. (markt) + Fix: Avoid possible crashes when using Apache Tomcat Native, caused by destroying SSLContext objects through GC after APR has been terminated. (remm) + Fix: Improve HTTP/2 handling of trailer fields for requests. Trailer fields no longer need to be received before the headers of the subsequent stream, nor are trailer fields for an in-progress stream swallowed if the Connector is paused before the trailer fields are received. (markt) + Fix: Ensure the request and response are not recycled too soon for an HTTP/2 stream when a stream-level error is detected during the processing of incoming HTTP/2 frames. This could lead to incorrect processing times appearing in the access log. (markt) + Fix: Correct a regression in the fix for non-blocking reads of chunked request bodies that caused InputStream.available() to return a non-zero value when there was no data to read. In some circumstances this could cause a blocking read to block waiting for more data rather than return the data it had already received. (markt) + Add: Add a new attribute cookiesWithoutEquals to the Rfc6265CookieProcessor. The default behaviour is unchanged. (markt) + Fix: Ensure that Tomcat sends a TLS close_notify message after receiving one from the client when using the OpenSSLImplementation. (markt) + Fix: 69301: Fix trailer headers replacing non-trailer headers when writing response headers to the access log. Based on a patch and test case provided by hypnoce. (markt) + Fix: 69302: If an HTTP/2 client resets a stream before the request body is fully written, ensure that any ReadListener is notified via a call to ReadListener.onError(). (markt) + Fix: Ensure that HTTP/2 stream input buffers are only created when there is a request body to be read. (markt) + Code: Refactor creation of HttpParser instances from the Processor level to the Protocol level since the parser configuration depends on the protocol and the parser is, otherwise, stateless. (markt) + Add: Align HTTP/2 with HTTP/1.1 and recycle the container internal request and response processing objects by default. This behaviour can be controlled via the new discardRequestsAndResponses attribute on the HTTP/2 upgrade protocol. (markt) + Fix: Clean and log OpenSSL errors before processing of OpenSSL conf commands in the FFM code. (remm) + Fix: 69121: Ensure that the onComplete() event is triggered if AsyncListener. onError() dispatches to a target that throws an exception. (markt) + Fix: Following the trailer header field refactoring, -1 is no longer an allowed value for maxTrailerSize. Adjust documentation accordingly. (remm) + Update: Move OpenSSL support using FFM to a separate JAR named tomcat-coyote-ffm. jar that advertises Java 22 in its manifest. (remm) + Fix: Fix search for OpenSSL library for FFM on Mac OS so that java.library.path is searched. (markt) + Update: Add FFM compatibility methods for LibreSSL support. Renegotiation is not supported at the moment. (remm) + Update: Add org.apache.tomcat.util.openssl.LIBRARY_NAME (specifies the name of the library to load) and org.apache.tomcat.util.openssl.USE_SYSTEM_LOAD_LIBRARY (set to true to use System.loadLibrary rather than the FFM library loading code) to configure the OpenSSL library loading using FFM. (remm) + Update: Add FFM compatibility methods for BoringSSL support. Renegotiation is not supported in many cases. (remm) * Jasper + Fix: Add back tag release method as deprecated in the runtime for compatibility with old generated code. (remm) + Fix: 69399: Fix regression caused by improvement 69333, which caused the tag release to be called when using tag pooling, and to be skipped when not using it. Patch submitted by Michal Sobkiewicz. (remm) + Fix: 69381: Improve method lookup performance in expression language. When the required method has no arguments, there is no need to consider casting or coercion, and the method lookup process can be simplified. Based on a pull request by John Engebretson. (markt) + Fix: 69382: Improve the performance of the JSP include action by re-using results of relatively expensive method calls in the generated code rather than repeating them. Patch provided by John Engebretson. (markt) + Fix: 69398: Avoid unnecessary object allocation in PageContextImpl. Based on a suggestion by John Engebretson. (markt) + Fix: 69406: When using StringInterpreterEnum, do not throw an IllegalArgumentException when an invalid Enum is encountered. Instead, resolve the value at runtime. Patch provided by John Engebretson. (markt) + Fix: 69429: Optimize EL evaluation of method parameters for methods that do not accept any parameters. Patch provided by John Engebretson. (markt) + Fix: Further optimize EL evaluation of method parameters. Patch provided by Paolo B. (markt) + Fix: 69333: Remove unnecessary code from generated JSPs. (markt) + Fix: 69338: Improve the performance of processing expressions that include AND or OR operations with more than two operands and expressions that use not empty. (markt) + Fix: 69348: Reduce memory consumption in ELContext by using lazy initialization for the data structure used to track lambda arguments. (markt) + Fix: Switch the TldScanner back to logging detailed scan results at debug level rather than trace level. (markt) + Fix: Update the optimisation in jakarta.el.ImportHandler so it is aware of new classes added to the java.lang package in Java 23. (markt) + Fix: Ensure that an exception in toString() still results in an ELException when an object is coerced to a String using ExpressionFactory.coerceToType(). (markt) + Add: Add support for specifying Java 24 (with the value 24) as the compiler source and/or compiler target for JSP compilation. If used with an Eclipse JDT compiler version that does not support these values, a warning will be logged and the default will be used. (markt) + Fix: 69135: When using include directives in a tag file packaged in a JAR file, ensure that context relative includes are processed correctly. (markt) + Fix: 69135: When using include directives in a tag file packaged in a JAR file, ensure that file relative includes are processed correctly. (markt) + Fix: 69135: When using include directives in a tag file packaged in a JAR file, ensure that file relative includes are not permitted to access files outside of the /META_INF/tags/ directory nor outside of the JAR file. (markt) * WebSocket + Fix: If a blocking message write exceeds the timeout, don't attempt the write again before throwing the exception. (markt) + Fix: An EncodeException being thrown during a message write should not automatically cause the connection to close. The application should handle the exception and make the decision whether or not to close the connection. (markt) * Web applications + Fix: The manager webapp will now be able to access certificates again when OpenSSL is used. (remm) + Fix: Documentation. Align the logging configuration documentation with the current defaults. (markt) + Fix: Fix status servlet detailed view of the connectors when using automatic port. (remm) * jdbc-pool + Fix: 69255: Correct a regression in the fix for 69206 that meant exceptions executing statements were wrapped in a java.lang.reflect.UndeclaredThrowableException rather than the application seeing the original SQLException. Fixed by pull request #744 provided by Michael Clarke. (markt) + Fix: 69279: Correct a regression in the fix for 69206 that meant that methods that previously returned a null ResultSet were returning a proxy with a null delegate. Fixed by pull request #745 provided by Huub de Beer. (markt) + Fix: 69206: Ensure statements returned from Statement methods executeQuery(), getResultSet() and getGeneratedKeys() are correctly wrapped before being returned to the caller. Based on pull request #742 provided by Michael Clarke. (markt) * Other + Update: Switch from DigiCert ONE to ssl.com eSigner for code signing. (markt) + Update: Update Byte Buddy to 1.15.10. (markt) + Update: Update CheckStyle to 10.20.0. (markt) + Add: Improvements to German translations. (remm) + Update: Update Byte Buddy to 1.15.3. (markt) + Update: Update CheckStyle to 10.18.2. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) + Add: Improvements to Chinese translations by Ch_jp. (markt) + Add: Exclude the tomcat-coyote-ffm.jar from JAR scanning by default. (markt) + Fix: Change the default log handler level to ALL so log messages are not dropped by default if a logger is configured to use trace (FINEST) level logging. (markt) + Update: Update Hamcrest to 3.0. (markt) + Update: Update EasyMock to 5.4.0. (markt) + Update: Update Byte Buddy to 1.15.0. (markt) + Update: Update CheckStyle to 10.18.0. (markt) + Update: Update the internal fork of Apache Commons BCEL to 6.10.0. (markt) + Add: Improvements to Spanish translations by Fernando. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) + Fix: Fix packaging regression with missing osgi information following addition of the test-only build target. (remm) + Update: Update Tomcat Native to 2.0.8. (markt) + Update: Update Byte Buddy to 1.14.18. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) + Update: Add test-only build target to allow running only the testsuite, supporting Java versions down to the minimum supported to run Tomcat. (rjung) + Update: Update UnboundID to 7.0.1. (markt) + Update: Update to SpotBugs 4.8.6. (markt) + Update: Remove cglib dependency as it is not required by the version of EasyMock used by the unit tests. (markt) + Update: Update EasyMock to 5.3.0. This adds a test dependency on Byte-Buddy 1.14.17. (markt) + Add: Improvements to Czech translations by Vladim?r Chlup. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) + Add: Improvements to Chinese translations by fangzheng. (markt) Critical SUSE bug 1233434 CVE-2024-52316 at SUSE CVE-2024-52316 at NVD cpe:/o:opensuse:leap:15.6 Security update for tomcat (Critical) openSUSE Leap 15.6 This update for tomcat fixes the following issues: - Update to Tomcat 9.0.97 * Fixed CVEs: + CVE-2024-52316: If the Jakarta Authentication fails with an exception, set a 500 status (bsc#1233434) * Catalina + Add: Add support for the new Servlet API method HttpServletResponse.sendEarlyHints(). (markt) + Add: 55470: Add debug logging that reports the class path when a ClassNotFoundException occurs in the digester or the web application class loader. Based on a patch by Ralf Hauser. (markt) + Update: 69374: Properly separate between table header and body in DefaultServlet's listing. (michaelo) + Update: 69373: Make DefaultServlet's HTML listing file last modified rendering better (flexible). (michaelo) + Update: Improve HTML output of DefaultServlet. (michaelo) + Code: Refactor RateLimitFilter to use FilterBase as the base class. The primary advantage for doing this is less code to process init-param values. (markt) + Update: 69370: DefaultServlet's HTML listing uses incorrect labels. (michaelo) + Fix: Avoid NPE in CrawlerSessionManagerValve for partially mapped requests. (remm) + Fix: Add missing WebDAV Lock-Token header in the response when locking a folder. (remm) + Fix: Invalid WebDAV lock requests should be rejected with 400. (remm) + Fix: Fix regression in WebDAV when attempting to unlock a collection. (remm) + Fix: Verify that destination is not locked for a WebDAV copy operation. (remm) + Fix: Send 415 response to WebDAV MKCOL operations that include a request body since this is optional and unsupported. (remm) + Fix: Enforce DAV: namespace on WebDAV XML elements. (remm) + Fix: Do not allow a new WebDAV lock on a child resource if a parent collection is locked (RFC 4918 section 6.1). (remm) + Fix: WebDAV Delete should remove any existing lock on successfully deleted resources. (remm) + Update: Remove WebDAV lock null support in accordance with RFC 4918 section 7.3 and annex D. Instead, a lock on a non-existing resource will create an empty file locked with a regular lock. (remm) + Update: Rewrite implementation of WebDAV shared locks to comply with RFC 4918. (remm) + Update: Implement WebDAV If header using code from the Apache Jackrabbit project. (remm) + Add: Add PropertyStore interface in the WebDAV Servlet, to allow implementation of dead properties storage. The store used can be configured using the 'propertyStore' init parameter of the WebDAV servlet. A simple non-persistent implementation is used if no custom store is configured. (remm) + Update: Implement WebDAV PROPPATCH method using the newly added PropertyStore. (remm) + Fix: Cache not found results when searching for web application class loader resources. This addresses performance problems caused by components such as java.sql.DriverManager which, in some circumstances, will search for the same class repeatedly. In a large web application this can cause performance problems. The size of the cache can be controlled via the new notFoundClassResourceCacheSize on the StandardContext. (markt) + Fix: Stop after INITIALIZED state should be a noop since it is possible for subcomponents to be in FAILED after init. (remm) + Fix: Fix incorrect web resource cache size calculations when there are concurrent PUT and DELETE requests for the same resource. (markt) + Add: Add debug logging for the web resource cache so the current size can be tracked as resources are added and removed. (markt) + Update: Replace legacy WebDAV opaquelocktoken: scheme for lock tokens with urn:uuid: as recommended by RFC 4918, and remove secret init parameter. (remm) + Fix: Concurrent reads and writes (e.g. GET and PUT / DELETE) for the same path caused corruption of the FileResource where some of the fields were set as if the file exists and some as set as if it does not. This resulted in inconsistent metadata. (markt) + Fix: 69415: Ensure that the ExpiresFilter only sets cache headers on GET and HEAD requests. Also skip requests where the application has set Cache-Control: no-store. (markt) + Fix: 69419: Improve the performance of ServletRequest.getAttribute() when there are multiple levels of nested includes. Based on a patch provided by John Engebretson. (markt) + Add: All applications to send an early hints informational response by calling HttpServletResponse.sendError() with a status code of 103. (schultz) + Fix: Ensure that the Jakarta Authentication CallbackHandler only creates one GenericPrincipal in the Subject. (markt) + Fix: If the Jakarta Authentication process fails with an Exception, explicitly set the HTTP response status to 500 as the ServerAuthContext may not have set it. (markt) + Fix: When persisting the Jakarta Authentication provider configuration, create any necessary parent directories that don't already exist. (markt) + Fix: Correct the logic used to detect errors when deleting temporary files associated with persisting the Jakarta Authentication provider configuration. (markt) + Fix: When processing Jakarta Authentication callbacks, don't overwrite a Principal obtained from the PasswordValidationCallback with null if the CallerPrincipalCallback does not provide a Principal. (markt) + Fix: Avoid store config backup loss when storing one configuration more than once per second. (remm) + Fix: 69359: WebdavServlet duplicates getRelativePath() method from super class with incorrect Javadoc. (michaelo) + Fix: 69360: Inconsistent DELETE behavior between WebdavServlet and DefaultServlet. (michaelo) + Fix: Make WebdavServlet properly return the Allow header when deletion of a resource is not allowed. (michaelo) + Fix: Add log warning if non wildcard mappings are used with the WebdavServlet. (remm) + Fix: 69361: Ensure that the order of entries in a multi-status response to a WebDAV is consistent with the order in which resources were processed. (markt) + Fix: 69362: Provide a better multi-status response when deleting a collection via WebDAV fails. Empty directories that cannot be deleted will now be included in the response. (markt) + Fix: 69363: Use getPathPrefix() consistently in the WebDAV servlet to ensure that the correct path is used when the WebDAV servlet is mounted at a sub-path within the web application. (markt) + Fix: Improve performance of ApplicationHttpRequest.parseParameters(). Based on sample code and test cases provided by John Engebretson. (markt) + Add: Add support for RFC 8297 (Early Hints). Applications can use this feature by casting the HttpServletResponse to org.apache.catalina.connector.Reponse and then calling the method void sendEarlyHints(). This method will be added to the Servlet API (removing the need for the cast) in Servlet 6.2 onwards. (markt) + Fix: 69214: Do not reject a CORS request that uses POST but does not include a content-type header. Tomcat now correctly processes this as a simple CORS request. Based on a patch suggested by thebluemountain. (markt) + Fix: Refactor SpnegoAuthenticator so it uses Subject.callAs() rather than Subject.doAs() when available. (markt) * Coyote + Fix: Return null SSL session id on zero length byte array returned from the SSL implementation. (remm) + Fix: Skip OpenSSLConf with BoringSSL since it is unsupported. (remm) + Fix: Create the HttpParser in Http11Processor if it is not present on the AbstractHttp11Protocol to provide better lifecycle robustness for regular HTTP/1.1. The new behavior was introduced on a previous refactoring to improve HTTP/2 performance. (remm) + Fix: OpenSSLContext will now throw a KeyManagementException if something is known to have gone wrong in the init method, which is the behavior documented by javax.net.ssl.SSLContext.init. This makes error handling more consistent. (remm) + Fix: 69316: Ensure that FastHttpDateFormat#getCurrentDate() (used to generate Date headers for HTTP responses) generates the correct string for the given input. Prior to this change, the output may have been wrong by one second in some cases. Pull request #751 provided by Chenjp. (markt) + Add: Add server and serverRemoveAppProvidedValues to the list of attributes the HTTP/2 protocol will inherit from the HTTP/1.1 connector it is nested within. (markt) + Fix: Avoid possible crashes when using Apache Tomcat Native, caused by destroying SSLContext objects through GC after APR has been terminated. (remm) + Fix: Improve HTTP/2 handling of trailer fields for requests. Trailer fields no longer need to be received before the headers of the subsequent stream nor are trailer fields for an in-progress stream swallowed if the Connector is paused before the trailer fields are received. (markt) + Fix: Ensure the request and response are not recycled too soon for an HTTP/2 stream when a stream level error is detected during the processing of incoming HTTP/2 frames. This could lead to incorrect processing times appearing in the access log. (markt) + Fix: Fix 69320, a regression in the fix for 69302 that meant the HTTP/2 processing was likely to be broken for all clients once any client sent an HTTP/2 reset frame. (markt) + Fix: Correct a regression in the fix for non-blocking reads of chunked request bodies that caused InputStream.available() to return a non-zero value when there was no data to read. In some circumstances this could cause a blocking read to block waiting for more data rather than return the data it had already received. (markt) + Add: Add a new attribute cookiesWithoutEquals to the Rfc6265CookieProcessor. The default behaviour is unchanged. (markt) + Fix: Ensure that Tomcat sends a TLS close_notify message after receiving one from the client when using the OpenSSLImplementation. (markt) + Fix: 69301: Fix trailer headers replacing non-trailer headers when writing response headers to the access log. Based on a patch and test case provided by hypnoce. (markt) + Fix: 69302: If an HTTP/2 client resets a stream before the request body is fully written, ensure that any ReadListener is notified via a call to ReadListener.onErrror(). (markt) + Fix: Correct regressions in the refactoring that added recycling of the coyote request and response to the HTTP/2 processing. (markt) + Add: Add OpenSSL integration using the FFM API rather than Tomcat Native. OpenSSL support may be enabled by adding the org.apache.catalina.core.OpenSSLLifecycleListener listener on the Server element when using Java 22 or later. (remm) + Fix: Ensure that HTTP/2 stream input buffers are only created when there is a request body to be read. (markt) + Code: Refactor creation of HttpParser instances from the Processor level to the Protocol level since the parser configuration depends on the protocol and the parser is, otherwise, stateless. (markt) + Add: Align HTTP/2 with HTTP/1.1 and recycle the container internal request and response processing objects by default. This behaviour can be controlled via the new discardRequestsAndResponses attribute on the HTTP/2 upgrade protocol. (markt) * Jasper + Fix: Add back tag release method as deprecated in the runtime for compatibility with old generated code. (remm) + Fix: 69399: Fix regression caused by the improvement 69333 which caused the tag release to be called when using tag pooling, and to be skipped when not using it. Patch submitted by Michal Sobkiewicz. (remm) + Fix: 69381: Improve method lookup performance in expression language. When the required method has no arguments there is no need to consider casting or coercion and the method lookup process can be simplified. Based on pull request #770 by John Engebretson. + Fix: 69382: Improve the performance of the JSP include action by re-using results of relatively expensive method calls in the generated code rather than repeating them. Patch provided by John Engebretson. (markt) + Fix: 69398: Avoid unnecessary object allocation in PageContextImpl. Based on a suggestion by John Engebretson. (markt) + Fix: 69406: When using StringInterpreterEnum, do not throw an IllegalArgumentException when an invalid Enum is encountered. Instead, resolve the value at runtime. Patch provided by John Engebretson. (markt) + Fix: 69429: Optimise EL evaluation of method parameters for methods that do not accept any parameters. Patch provided by John Engebretson. (markt) + Fix: 69333: Remove unnecessary code from generated JSPs. (markt) + Fix: 69338: Improve the performance of processing expressions that include AND or OR operations with more than two operands and expressions that use not empty. (markt) + Fix: 69348: Reduce memory consumption in ELContext by using lazy initialization for the data structure used to track lambda arguments. (markt) + Fix: Switch the TldScanner back to logging detailed scan results at debug level rather than trace level. (markt) * Web applications + Fix: The manager webapp will now be able to access certificates again when OpenSSL is used. (remm) + Fix: Documentation. Align the logging configuration documentation with the current defaults. (markt) * WebSocket + Fix: If a blocking message write exceeds the timeout, don't attempt the write again before throwing the exception. (markt) + Fix: An EncodeException being thrown during a message write should not automatically cause the connection to close. The application should handle the exception and make the decision whether or not to close the connection. (markt) * jdbc-pool + Fix: 69255: Correct a regression in the fix for 69206 that meant exceptions executing statements were wrapped in a java.lang.reflect.UndeclaredThrowableException rather than the application seeing the original SQLException. Fixed by pull request #744 provided by Michael Clarke. (markt) + Fix: 69279: Correct a regression in the fix for 69206 that meant that methods that previously returned a null ResultSet were returning a proxy with a null delegate. Fixed by pull request #745 provided by Huub de Beer. (markt) + Fix: 69206: Ensure statements returned from Statement methods executeQuery(), getResultSet() and getGeneratedKeys() are correctly wrapped before being returned to the caller. Based on pull request #742 provided by Michael Clarke. * Other + Update: Switch from DigiCert ONE to ssl.com eSigner for code signing. (markt) + Update: Update Byte Buddy to 1.15.10. (markt) + Update: Update CheckStyle to 10.20.0. (markt) + Add: Improvements to German translations. (remm) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) + Add: Improvements to Chinese translations by Ch_jp. (markt) + Add: Exclude the tomcat-coyote-ffm.jar from JAR scanning by default. (markt) + Fix: Change the default log handler level to ALL so log messages are not dropped by default if a logger is configured to use trace (FINEST) level logging. (markt) + Update: Update Hamcrest to 3.0. (markt) + Update: Update EasyMock to 5.4.0. (markt) + Update: Update Byte Buddy to 1.15.0. (markt) + Update: Update CheckStyle to 10.18.0. (markt) + Update: Update the internal fork of Apache Commons BCEL to 6.10.0. (markt) + Add: Improvements to Spanish translations by Fernando. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) + Fix: Fix packaging regression with missing osgi information following addition of the test-only build target. (remm) + Update: Update Tomcat Native to 1.3.1. (markt) + Update: Update Byte Buddy to 1.14.18. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) Critical SUSE bug 1233434 CVE-2024-52316 at SUSE CVE-2024-52316 at NVD cpe:/o:opensuse:leap:15.6 Security update for libuv (Moderate) openSUSE Leap 15.6 This update for libuv fixes the following issues: - CVE-2024-24806: Fixed improper Domain Lookup that potentially leads to SSRF attacks (bsc#1219724) Moderate SUSE bug 1219724 CVE-2024-24806 at SUSE CVE-2024-24806 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql14 (Important) openSUSE Leap 15.6 This update for postgresql14 fixes the following issues: - CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference (bsc#1233323). - CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiation (bsc#1233325). - CVE-2024-10978: Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE (bsc#1233326). - CVE-2024-10979: Prevent trusted PL/Perl code from changing environment variables (bsc#1233327). Important SUSE bug 1233323 SUSE bug 1233325 SUSE bug 1233326 SUSE bug 1233327 CVE-2024-10976 at SUSE CVE-2024-10976 at NVD CVE-2024-10977 at SUSE CVE-2024-10977 at NVD CVE-2024-10978 at SUSE CVE-2024-10978 at NVD CVE-2024-10979 at SUSE CVE-2024-10979 at NVD cpe:/o:opensuse:leap:15.6 Security update for python39 (Moderate) openSUSE Leap 15.6 This update for python39 fixes the following issues: - CVE-2024-11168: Improper validation of IPv6 and IPvFuture addresses (bsc#1233307). Bug fixes: - Remove -IVendor/ from python-config (bsc#1231795). Moderate SUSE bug 1231795 SUSE bug 1233307 CVE-2024-11168 at SUSE CVE-2024-11168 at NVD cpe:/o:opensuse:leap:15.6 Security update for php8 (Moderate) openSUSE Leap 15.6 This update for php8 fixes the following issues: - CVE-2024-11233: Single byte overread with convert.quoted-printable-decode filter (bsc#1233702). - CVE-2024-11234: Configuring a proxy in a stream context might allow for CRLF injection in URIs (bsc#1233703). - CVE-2024-8929: Leak partial content of the heap through heap buffer over-read (bsc#1233651). Moderate SUSE bug 1233651 SUSE bug 1233702 SUSE bug 1233703 CVE-2024-11233 at SUSE CVE-2024-11233 at NVD CVE-2024-11234 at SUSE CVE-2024-11234 at NVD CVE-2024-11236 at SUSE CVE-2024-11236 at NVD CVE-2024-8929 at SUSE CVE-2024-8929 at NVD CVE-2024-8932 at SUSE CVE-2024-8932 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-tornado6 (Moderate) openSUSE Leap 15.6 This update for python-tornado6 fixes the following issues: - CVE-2024-52804: Fixed a denial of service caused by quadratic performance of cookie parsing (bsc#1233668) Moderate SUSE bug 1233668 CVE-2024-52804 at SUSE CVE-2024-52804 at NVD cpe:/o:opensuse:leap:15.6 Security update for wireshark (Important) openSUSE Leap 15.6 This update for wireshark fixes the following issues: - CVE-2024-11595: FiveCo RAP dissector infinite loop (bsc#1233594). - CVE-2024-11596: ECMP dissector crash (bsc#1233593). Important SUSE bug 1233593 SUSE bug 1233594 CVE-2024-11595 at SUSE CVE-2024-11595 at NVD CVE-2024-11596 at SUSE CVE-2024-11596 at NVD cpe:/o:opensuse:leap:15.6 Security update for python3-virtualenv (Important) openSUSE Leap 15.6 This update for python3-virtualenv fixes the following issues: Security issue fixed: - CVE-2024-53899: Fixed a command injection through activation scripts (bsc#1233706) Non-security issue fixed: - Relax version requirements that cannot be provided (bsc#1232072) Important SUSE bug 1232072 SUSE bug 1233706 CVE-2024-53899 at SUSE CVE-2024-53899 at NVD cpe:/o:opensuse:leap:15.6 Security update for wget (Moderate) openSUSE Leap 15.6 This update for wget fixes the following issues: - CVE-2024-10524: Fixed SSRF via shorthand HTTP URL (bsc#1233773) Moderate SUSE bug 1233773 CVE-2024-10524 at SUSE CVE-2024-10524 at NVD cpe:/o:opensuse:leap:15.6 Security update for php7 (Moderate) openSUSE Leap 15.6 This update for php7 fixes the following issues: - CVE-2024-11233: Single byte overread with convert.quoted-printable-decode filter (bsc#1233702). - CVE-2024-11234: Configuring a proxy in a stream context might allow for CRLF injection in URIs (bsc#1233703). - CVE-2024-8929: Leak partial content of the heap through heap buffer over-read (bsc#1233651). Moderate SUSE bug 1233651 SUSE bug 1233702 SUSE bug 1233703 CVE-2024-11233 at SUSE CVE-2024-11233 at NVD CVE-2024-11234 at SUSE CVE-2024-11234 at NVD CVE-2024-8929 at SUSE CVE-2024-8929 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaThunderbird (Important) openSUSE Leap 15.6 This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 128.5 * fixed: IMAP could crash when reading cached messages * fixed: Enabling 'Show Folder Size' on Maildir profile could render Thunderbird unusable * fixed: Messages corrupted by folder compaction were only fixed by user intervention * fixed: Reading a message from past the end of an mbox file did not cause an error * fixed: View -> Folders had duplicate F access keys * fixed: Add-ons adding columns to the message list could fail and cause display issue * fixed: 'Empty trash on exit' and 'Expunge inbox on exit' did not always work * fixed: Selecting a display option in View -> Tasks did not apply in the Task interface * fixed: Security fixes MFSA 2024-68 (bsc#1233695) * CVE-2024-11691 Out-of-bounds write in Apple GPU drivers via WebGL * CVE-2024-11692 Select list elements could be shown over another site * CVE-2024-11693 Download Protections were bypassed by .library-ms files on Windows * CVE-2024-11694 CSP Bypass and XSS Exposure via Web Compatibility Shims * CVE-2024-11695 URL Bar Spoofing via Manipulated Punycode and Whitespace Characters * CVE-2024-11696 Unhandled Exception in Add-on Signature Verification * CVE-2024-11697 Improper Keypress Handling in Executable File Confirmation Dialog * CVE-2024-11698 Fullscreen Lock-Up When Modal Dialog Interrupts Transition on macOS * CVE-2024-11699 Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5 - Handle upstream changes with esr-prefix of desktop-file (bsc#1233650) Important SUSE bug 1233650 SUSE bug 1233695 CVE-2024-11691 at SUSE CVE-2024-11691 at NVD CVE-2024-11692 at SUSE CVE-2024-11692 at NVD CVE-2024-11693 at SUSE CVE-2024-11693 at NVD CVE-2024-11694 at SUSE CVE-2024-11694 at NVD CVE-2024-11695 at SUSE CVE-2024-11695 at NVD CVE-2024-11696 at SUSE CVE-2024-11696 at NVD CVE-2024-11697 at SUSE CVE-2024-11697 at NVD CVE-2024-11698 at SUSE CVE-2024-11698 at NVD CVE-2024-11699 at SUSE CVE-2024-11699 at NVD cpe:/o:opensuse:leap:15.6 Security update for python (Low) openSUSE Leap 15.6 This update for python fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307) Other fixes: - Add ipaddress module from https://github.com/phihag/ipaddress - Remove -IVendor/ from python-config (bsc#1231795) - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). Low SUSE bug 1227378 SUSE bug 1231795 SUSE bug 1233307 CVE-2024-11168 at SUSE CVE-2024-11168 at NVD cpe:/o:opensuse:leap:15.6 Security update for editorconfig-core-c (Important) openSUSE Leap 15.6 This update for editorconfig-core-c fixes the following issues: - CVE-2024-53849: stack buffer overflow and pointer overflow when handling escaped characters. (bsc#1233815) Important SUSE bug 1233815 CVE-2024-53849 at SUSE CVE-2024-53849 at NVD cpe:/o:opensuse:leap:15.6 Security update for python310 (Moderate) openSUSE Leap 15.6 This update for python310 fixes the following issues: - CVE-2024-11168: improper validation of IPv6 and IPvFuture addresses. (bsc#1233307) Bug fixes: - Remove -IVendor/ from python-config. (bsc#1231795) - Include renaming :noindex: option to :no-index: in Sphinx 7.2. (bsc#1232750) Moderate SUSE bug 1231795 SUSE bug 1232750 SUSE bug 1233307 CVE-2024-11168 at SUSE CVE-2024-11168 at NVD cpe:/o:opensuse:leap:15.6 Security update for bpftool (Moderate) openSUSE Leap 15.6 This update for bpftool fixes the following issues: - CVE-2024-49987: Fixed undefined behavior in qsort(NULL, 0, ...) (bsc#1232258) Moderate SUSE bug 1232258 CVE-2024-49987 at SUSE CVE-2024-49987 at NVD cpe:/o:opensuse:leap:15.6 Security update for xen (Important) openSUSE Leap 15.6 This update for xen fixes the following issues: Security issues fixed: - CVE-2024-45818: xen: Deadlock in x86 HVM standard VGA handling (bsc#1232622) - CVE-2024-45819: xen: libxl leaks data to PVH guests via ACPI tables (bsc#1232624) - CVE-2024-45817: xen: x86: Deadlock in vlapic_error() (bsc#1230366) Non-security issues fixed: - Removed usage of net-tools-deprecated from supportconfig plugin (bsc#1232542) - Upstream bug fixes (bsc#1027519) Important SUSE bug 1027519 SUSE bug 1230366 SUSE bug 1232542 SUSE bug 1232622 SUSE bug 1232624 CVE-2024-45817 at SUSE CVE-2024-45817 at NVD CVE-2024-45818 at SUSE CVE-2024-45818 at NVD CVE-2024-45819 at SUSE CVE-2024-45819 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql13 (Important) openSUSE Leap 15.6 This update for postgresql13 fixes the following issues: - CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference (bsc#1233323). - CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiation (bsc#1233325). - CVE-2024-10978: Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE (bsc#1233326). - CVE-2024-10979: Prevent trusted PL/Perl code from changing environment variables (bsc#1233327). Important SUSE bug 1233323 SUSE bug 1233325 SUSE bug 1233326 SUSE bug 1233327 CVE-2024-10976 at SUSE CVE-2024-10976 at NVD CVE-2024-10977 at SUSE CVE-2024-10977 at NVD CVE-2024-10978 at SUSE CVE-2024-10978 at NVD CVE-2024-10979 at SUSE CVE-2024-10979 at NVD cpe:/o:opensuse:leap:15.6 Security update for python3 (Low) openSUSE Leap 15.6 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307) Other fixes: - Remove -IVendor/ from python-config (bsc#1231795) Low SUSE bug 1231795 SUSE bug 1233307 CVE-2024-11168 at SUSE CVE-2024-11168 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-python-multipart (Important) openSUSE Leap 15.6 This update for python-python-multipart fixes the following issues: - CVE-2024-53981: excessive logging for certain inputs when parsing form data. (bsc#1234115) Important SUSE bug 1234115 CVE-2024-53981 at SUSE CVE-2024-53981 at NVD cpe:/o:opensuse:leap:15.6 Security update for avahi (Moderate) openSUSE Leap 15.6 This update for avahi fixes the following issues: - CVE-2024-52616: Fixed Avahi Wide-Area DNS Predictable Transaction IDs (bsc#1233420) Moderate SUSE bug 1233420 CVE-2024-52616 at SUSE CVE-2024-52616 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-1_8_0-openjdk (Moderate) openSUSE Leap 15.6 This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u432 (icedtea-3.33.0): - CVE-2024-21208: Fixed partial DoS in component Networking (bsc#1231702,JDK-8328286) - CVE-2024-21210: Fixed unauthorized update, insert or delete access to some of Oracle Java SE accessible data in component Hotspot (bsc#1231711,JDK-8328544) - CVE-2024-21217: Fixed partial DoS in component Serialization (bsc#1231716,JDK-8331446) - CVE-2024-21235: Fixed unauthorized read/write access to data in component Hotspot (bsc#1231719,JDK-8332644) Moderate SUSE bug 1231702 SUSE bug 1231711 SUSE bug 1231716 SUSE bug 1231719 CVE-2024-21208 at SUSE CVE-2024-21208 at NVD CVE-2024-21210 at SUSE CVE-2024-21210 at NVD CVE-2024-21217 at SUSE CVE-2024-21217 at NVD CVE-2024-21235 at SUSE CVE-2024-21235 at NVD cpe:/o:opensuse:leap:15.6 Security update for docker-stable (Important) openSUSE Leap 15.6 This update for docker-stable fixes the following issues: - CVE-2024-41110: Fixed Authz zero length regression (bsc#1228324). Bug fixes: - Allow users to disable SUSE secrets support by setting DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker (bsc#1231348). - Import specfile changes for docker-buildx as well as the changes to help reduce specfile differences between docker-stable and docker (bsc#1230331, bsc#1230333). - Fix BuildKit's symlink resolution logic to correctly handle non-lexical symlinks (bsc#1221916). - Write volume options atomically so sudden system crashes won't result in future Docker starts failing due to empty files (bsc#1214855). Important SUSE bug 1214855 SUSE bug 1221916 SUSE bug 1228324 SUSE bug 1230331 SUSE bug 1230333 SUSE bug 1231348 CVE-2024-41110 at SUSE CVE-2024-41110 at NVD cpe:/o:opensuse:leap:15.6 Security update for obs-scm-bridge (Important) openSUSE Leap 15.6 This update for obs-scm-bridge fixes the following issues: Updated to version 0.5.4: - CVE-2024-22038: Fixed DoS attacks, information leaks with crafted Git repositories (bnc#1230469) Important SUSE bug 1230469 CVE-2024-22038 at SUSE CVE-2024-22038 at NVD cpe:/o:opensuse:leap:15.6 Recommended update for helm (Moderate) openSUSE Leap 15.6 helm was updated to fix the following issues: Update to version 3.16.3: * fix: fix label name * Fix typo in pkg/lint/rules/chartfile_test.go * Increasing the size of the runner used for releases. * fix(hooks): correct hooks delete order * Bump github.com/containerd/containerd from 1.7.12 to 1.7.23 Update to version 3.16.2: * Revering change unrelated to issue #13176 * adds tests for handling of Helm index with broken chart versions #13176 * improves handling of Helm index with broken helm chart versions #13176 * Bump the k8s-io group with 7 updates * adding check-latest:true * Grammar fixes * Fix typos Update to version 3.16.1: * bumping version to 1.22.7 * Merge pull request #13327 from mattfarina/revert-11726 Update to version 3.16.0: Helm v3.16.0 is a feature release. Users are encouraged to upgrade for the best experience. * Notable Changes - added sha512sum template function - added ActiveHelp for cmds that don't take any more args - drops very old Kubernetes versions support in helm create - add --skip-schema-validation flag to helm 'install', 'upgrade' and 'lint' - fixed bug to now use burst limit setting for discovery - Added windows arm64 support * Full changelog see https://github.com/helm/helm/releases/tag/v3.16.0 Update to version 3.15.4: * Bump the k8s-io group across 1 directory with 7 updates * Bump github.com/docker/docker ------------------------------------------------------------------- Thu Jul 11 05:39:32 UTC 2024 - opensuse_buildservice@ojkastl.de - Update to version 3.15.3: * fix(helm): Use burst limit setting for discovery * fixed dependency_update_test.go * fix(dependencyBuild): prevent race condition in concurrent helm dependency * fix: respect proxy envvars on helm install/upgrade * Merge pull request #13085 from alex-kattathra-johnson/issue-12961 Update to version 3.15.2: * fix: wrong cli description * fix typo in load_plugins.go * fix docs of DeployedAll * Bump github.com/docker/docker * bump oras minor version * feat(load.go): add warning on requirements.lock Update to version 3.15.1: * Fixing build issue where wrong version is used Update to version 3.15.0: Helm v3.15.0 is a feature release. Users are encouraged to upgrade for the best experience. * Updating to k8s 1.30 c4e37b3 (Matt Farina) * bump version to v3.15.0 d7afa3b (Matt Farina) * bump version to 7743467 (Matt Farina) * Fix namespace on kubeconfig error 214fb6e (Calvin Krist) * Update testdata PKI with keys that have validity until 3393 (Fixes #12880) 1b75d48 (Dirk M?ller) * Modified how created annotation is populated based on package creation time 0a69a0d (Andrew Block) * Enabling hide secrets on install and upgrade dry run 25c4738 (Matt Farina) * Fixing all the linting errors d58d7b3 (Robert Sirchia) * Add a note about --dry-run displaying secrets a23dd9e (Matt Farina) * Updating .gitignore 8b424ba (Robert Sirchia) * add error messages 8d19bcb (George Jenkins) * Fix: Ignore alias validation error for index load 68294fd (George Jenkins) * validation fix 8e6a514 (Matt Farina) * bug: add proxy support for oci getter 94c1dea (Ricardo Maraschini) * Update architecture detection method 57a1bb8 (weidongkl) * Improve release action 4790bb9 (George Jenkins) * Fix grammatical error c25736c (Matt Carr) * Updated for review comments d2cf8c6 (MichaelMorris) * Add robustness to wait status checks fc74964 (MichaelMorris) * refactor: create a helper for checking if a release is uninstalled f908379 (Alex Petrov) * fix: reinstall previously uninstalled chart with --keep-history 9e198fa (Alex Petrov) Update to version 3.14.4: Helm v3.14.4 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience. * refactor: create a helper for checking if a release is uninstalled 81c902a (Alex Petrov) * fix: reinstall previously uninstalled chart with --keep-history 5a11c76 (Alex Petrov) * bug: add proxy support for oci getter aa7d953 (Ricardo Maraschini) Update to version 3.14.3: * Add a note about --dry-run displaying secrets * add error messages * Fix: Ignore alias validation error for index load * Update architecture detection method Update to version 3.14.2 (bsc#1220207, CVE-2024-26147): * Fix for uninitialized variable in yaml parsing Update to version 3.14.1 (bsc#1219969, CVE-2024-25620): * validation fix Update to version 3.14.0: * Notable Changes - New helm search flag of --fail-on-no-result - Allow a nested tpl invocation access to defines - Speed up the tpl function - Added qps/HELM_QPS parameter that tells Kubernetes packages how to operate - Added --kube-version to lint command - The ignore pkg is now public * Changelog - Improve release action - Fix issues when verify generation readiness was merged - fix test to use the default code's k8sVersionMinor - lint: Add --kube-version flag to set capabilities and deprecation rules - Removing Asset Transparency - tests(pkg/engine): test RenderWithClientProvider - Make the `ignore` pkg public again - feature(pkg/engine): introduce RenderWithClientProvider - Updating Helm libraries for k8s 1.28.4 - Remove excessive logging - Update CONTRIBUTING.md - Fixing release labelling in rollback - feat: move livenessProbe and readinessProbe values to default values file - Revert 'fix(main): fix basic auth for helm pull or push' - Revert 'fix(registry): address anonymous pull issue' - Update get-helm-3 - Drop filterSystemLabels usage from Query method - Apply review suggestions - Update get-helm-3 to get version through get.helm.sh - feat: print failed hook name - Fixing precedence issue with the import of values. - chore(create): indent to spaces - Allow using label selectors for system labels for sql backend. - Allow using label selectors for system labels for secrets and configmap backends. - remove useless print during prepareUpgrade - Add missing with clause to release gh action - FIX Default ServiceAccount yaml - fix(registry): address anonymous pull issue - fix(registry): unswallow error - Fix missing run statement on release action - Add qps/HELM_QPS parameter - Write latest version to get.helm.sh bucket - Increased release information key name max length. - Pin gox to specific commit - Remove `GoFish` from package managers for installing the binary - Test update for 'Allow a nested `tpl` invocation access to `defines` in a containing one' - Test update for 'Speed up `tpl`' - Add support for RISC-V - lint and validate dependency metadata to reference dependencies with a unique key (name or alias) - Work around template.Clone omitting options - fix: pass 'passCredentialsAll' as env-var to getter - feat: pass basic auth to env-vars when running download plugins - helm search: New CLI Flag --fail-on-no-result - Update pkg/kube/ready.go - fix post install hook deletion due to before-hook-creation policy - Allow a nested `tpl` invocation access to `defines` in a containing one - Remove the 'reference templates' concept - Speed up `tpl` - ready checker- comment update - ready checker- remove duplicate statefulset generational check - Verify generation in readiness checks - feat(helm): add --reset-then-reuse-values flag to 'helm upgrade' Moderate SUSE bug 1219969 SUSE bug 1220207 CVE-2024-25620 at SUSE CVE-2024-25620 at NVD CVE-2024-26147 at SUSE CVE-2024-26147 at NVD cpe:/o:opensuse:leap:15.6 Security update for glib2 (Important) openSUSE Leap 15.6 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). Important SUSE bug 1231463 SUSE bug 1233282 CVE-2024-52533 at SUSE CVE-2024-52533 at NVD cpe:/o:opensuse:leap:15.6 Security update for kernel-firmware (Important) openSUSE Leap 15.6 This update for kernel-firmware fixes the following issues: - Update to version 20241128 (git commit ea71da6f0690): * i915: Update Xe2LPD DMC to v2.24 * cirrus: cs35l56: Add firmware for Cirrus CS35L56 for various Dell laptops * iwlwifi: add Bz-gf FW for core89-91 release * amdgpu: update smu 13.0.10 firmware * amdgpu: update sdma 6.0.3 firmware * amdgpu: update psp 13.0.10 firmware * amdgpu: update gc 11.0.3 firmware * amdgpu: add smu 13.0.14 firmware * amdgpu: add sdma 4.4.5 firmware * amdgpu: add psp 13.0.14 firmware * amdgpu: add gc 9.4.4 firmware * amdgpu: update vcn 3.1.2 firmware * amdgpu: update psp 13.0.5 firmware * amdgpu: update psp 13.0.8 firmware * amdgpu: update vega20 firmware * amdgpu: update vega12 firmware * amdgpu: update psp 14.0.4 firmware * amdgpu: update gc 11.5.2 firmware * amdgpu: update vega10 firmware * amdgpu: update vcn 4.0.0 firmware * amdgpu: update smu 13.0.0 firmware * amdgpu: update psp 13.0.0 firmware * amdgpu: update gc 11.0.0 firmware * amdgpu: update beige goby firmware * amdgpu: update vangogh firmware * amdgpu: update dimgrey cavefish firmware * amdgpu: update navy flounder firmware * amdgpu: update psp 13.0.11 firmware * amdgpu: update gc 11.0.4 firmware * amdgpu: update vcn 4.0.2 firmware * amdgpu: update psp 13.0.4 firmware * amdgpu: update gc 11.0.1 firmware * amdgpu: update sienna cichlid firmware * amdgpu: update vpe 6.1.1 firmware * amdgpu: update vcn 4.0.6 firmware * amdgpu: update psp 14.0.1 firmware * amdgpu: update gc 11.5.1 firmware * amdgpu: update vcn 4.0.5 firmware * amdgpu: update psp 14.0.0 firmware * amdgpu: update gc 11.5.0 firmware * amdgpu: update navi14 firmware * amdgpu: update arcturus firmware * amdgpu: update renoir firmware * amdgpu: update navi12 firmware * amdgpu: update sdma 4.4.2 firmware * amdgpu: update psp 13.0.6 firmware * amdgpu: update gc 9.4.3 firmware * amdgpu: update vcn 4.0.4 firmware * amdgpu: update psp 13.0.7 firmware * amdgpu: update gc 11.0.2 firmware * amdgpu: update navi10 firmware * amdgpu: update aldebaran firmware - Update aliases from 6.13-rc1 - Update to version 20241125 (git commit 508d770ee6f3): * ice: update ice DDP wireless_edge package to 1.3.20.0 * ice: update ice DDP comms package to 1.3.52.0 * ice: update ice DDP package to ice-1.3.41.0 * amdgpu: update DMCUB to v9.0.10.0 for DCN314 * amdgpu: update DMCUB to v9.0.10.0 for DCN351 - Update to version 20241121 (git commit 48bb90cceb88): * linux-firmware: Update AMD cpu microcode * xe: Update GUC to v70.36.0 for BMG, LNL * i915: Update GUC to v70.36.0 for ADL-P, DG1, DG2, MTL, TGL - Update to version 20241119 (git commit 60cdfe1831e8): * iwlwifi: add Bz-gf FW for core91-69 release - Update aliases from 6.12 - Update to version 20241113 (git commit 1727aceef4d2): * qcom: venus-5.4: add venus firmware file for qcs615 * qcom: update venus firmware file for SC7280 * QCA: Add 22 bluetooth firmware nvm files for QCA2066 - Update to version 20241112 (git commit c57a0a42468b): * mediatek MT7922: update bluetooth firmware to 20241106163512 * mediatek MT7921: update bluetooth firmware to 20241106151414 * linux-firmware: update firmware for MT7922 WiFi device * linux-firmware: update firmware for MT7921 WiFi device * qcom: Add QDU100 firmware image files. * qcom: Update aic100 firmware files * dedup-firmware.sh: fix infinite loop for --verbose * rtl_bt: Update RTL8852BT/RTL8852BE-VT BT USB FW to 0x04D7_63F7 * cnm: update chips&media wave521c firmware. * mediatek MT7920: update bluetooth firmware to 20241104091246 * linux-firmware: update firmware for MT7920 WiFi device * copy-firmware.sh: Run check_whence.py only if in a git repo * cirrus: cs35l56: Add firmware for Cirrus CS35L56 for various Dell laptops * amdgpu: update DMCUB to v9.0.10.0 for DCN351 * rtw89: 8852a: update fw to v0.13.36.2 * rtw88: Add firmware v52.14.0 for RTL8812AU * i915: Update Xe2LPD DMC to v2.23 * linux-firmware: update firmware for mediatek bluetooth chip (MT7925) * linux-firmware: update firmware for MT7925 WiFi device * WHENCE: Add sof-tolg for mt8195 * linux-firmware: Update firmware file for Intel BlazarI core * qcom: Add link for QCS6490 GPU firmware * qcom: update gpu firmwares for qcs615 chipset * cirrus: cs35l56: Update firmware for Cirrus Amps for some HP laptops * mediatek: Add sof-tolg for mt8195 - Update to version 20241029 (git commit 048795eef350): * ath11k: move WCN6750 firmware to the device-specific subdir * xe: Update LNL GSC to v104.0.0.1263 * i915: Update MTL/ARL GSC to v102.1.15.1926 - Update to version 20241028 (git commit 987607d681cb): * amdgpu: DMCUB updates for various AMDGPU ASICs * i915: Add Xe3LPD DMC * cnm: update chips&media wave521c firmware. * linux-firmware: Add firmware for Cirrus CS35L41 * linux-firmware: Update firmware file for Intel BlazarU core * Makefile: error out of 'install' if COPYOPTS is set - Update to version 20241018 (git commit 2f0464118f40): * check_whence.py: skip some validation if git ls-files fails * qcom: Add Audio firmware for X1E80100 CRD/QCPs * amdgpu: DMCUB updates forvarious AMDGPU ASICs * brcm: replace NVRAM for Jetson TX1 * rtlwifi: Update firmware for RTL8192FU to v7.3 * make: separate installation and de-duplication targets * check_whence.py: check the permissions * Remove execute bit from firmware files * configure: remove unused file * rtl_nic: add firmware rtl8125d-1 - Update to version 20241014 (git commit 99f9c7ed1f4a): * iwlwifi: add gl/Bz FW for core91-69 release * iwlwifi: update ty/So/Ma firmwares for core91-69 release * iwlwifi: update cc/Qu/QuZ firmwares for core91-69 release * cirrus: cs35l56: Add firmware for Cirrus CS35L56 for a Lenovo Laptop * cirrus: cs35l56: Add firmware for Cirrus CS35L56 for some ASUS laptops * cirrus: cs35l56: Add firmware for Cirrus Amps for some HP laptops * linux-firmware: update firmware for en8811h 2.5G ethernet phy * QCA: Add Bluetooth firmwares for WCN785x with UART transport - Update to version 20241011 (git commit 808cba847c70): * mtk_wed: add firmware for mt7988 Wireless Ethernet Dispatcher * ath12k: WCN7850 hw2.0: update board-2.bin (bsc#1230596) * ath12k: QCN9274 hw2.0: add to WLAN.WBE.1.3.1-00162-QCAHKSWPL_SILICONZ-1 * ath12k: QCN9274 hw2.0: add board-2.bin * copy-firmware.sh: rename variables in symlink hanlding * copy-firmware.sh: remove no longer reachable test -L * copy-firmware.sh: remove no longer reachable test -f * copy-firmware.sh: call ./check_whence.py before parsing the file * copy-firmware.sh: warn if the destination folder is not empty * copy-firmware.sh: add err() helper * copy-firmware.sh: fix indentation * copy-firmware.sh: reset and consistently handle destdir * Revert 'copy-firmware: Support additional compressor options' * copy-firmware.sh: flesh out and fix dedup-firmware.sh * Style update yaml files * editorconfig: add initial config file * check_whence.py: annotate replacement strings as raw * check_whence.py: LC_ALL=C sort -u the filelist * check_whence.py: ban link-to-a-link * check_whence.py: use consistent naming * Add a link from TAS2XXX1EB3.bin -> ti/tas2781/TAS2XXX1EB30.bin * tas2781: Upload dsp firmware for ASUS laptop 1EB30 & 1EB31 - Drop obsoleted --ignore-duplicates option to copy-firmware.sh - Drop the ath12k workaround again - Update to version 20241010 (git commit d4e688aa74a0): * rtlwifi: Add firmware v39.0 for RTL8192DU * Revert 'ath12k: WCN7850 hw2.0: update board-2.bin' (replaced with a newer firmware in this package instead) - update aliases - Update to version 20241004 (git commit bbb77872a8a7): * amdgpu: DMCUB DCN35 update * brcm: Add BCM4354 NVRAM for Jetson TX1 * brcm: Link FriendlyElec NanoPi M4 to AP6356S nvram - Update to version 20241001 (git commit 51e5af813eaf): * linux-firmware: add firmware for MediaTek Bluetooth chip (MT7920) * linux-firmware: add firmware for MT7920 * amdgpu: update raven firmware * amdgpu: update SMU 13.0.10 firmware * amdgpu: update PSP 13.0.10 firmware * amdgpu: update GC 11.0.3 firmware * amdgpu: update VCN 3.1.2 firmware * amdgpu: update PSP 13.0.5 firmware * amdgpu: update PSP 13.0.8 firmware * amdgpu: update vega12 firmware * amdgpu: update PSP 14.0.4 firmware * amdgpu: update GC 11.5.2 firmware * amdgpu: update vega10 firmware * amdgpu: update VCN 4.0.0 firmware * amdgpu: update PSP 13.0.0 firmware * amdgpu: update GC 11.0.0 firmware * amdgpu: update picasso firmware * amdgpu: update beige goby firmware * amdgpu: update vangogh firmware * amdgpu: update dimgrey cavefish firmware * amdgpu: update navy flounder firmware * amdgpu: update green sardine firmware * amdgpu: update VCN 4.0.2 firmware * amdgpu: update PSP 13.0.4 firmware * amdgpu: update GC 11.0.1 firmware * amdgpu: update sienna cichlid firmware * amdgpu: update VCN 4.0.6 firmware * amdgpu: update PSP 14.0.1 firmware * amdgpu: update GC 11.5.1 firmware * amdgpu: update VCN 4.0.5 firmware * amdgpu: update PSP 14.0.0 firmware * amdgpu: update GC 11.5.0 firmware * amdgpu: update navi14 firmware * amdgpu: update renoir firmware * amdgpu: update navi12 firmware * amdgpu: update SMU 13.0.6 firmware * amdgpu: update SDMA 4.4.2 firmware * amdgpu: update PSP 13.0.6 firmware * amdgpu: update GC 9.4.3 firmware * amdgpu: update yellow carp firmware * amdgpu: update VCN 4.0.4 firmware * amdgpu: update PSP 13.0.7 firmware * amdgpu: update GC 11.0.2 firmware * amdgpu: update navi10 firmware * amdgpu: update aldebaran firmware * qcom: update gpu firmwares for qcm6490 chipset * mt76: mt7996: add firmware files for mt7992 chipset * mt76: mt7996: add firmware files for mt7996 chipset variants * qcom: add gpu firmwares for sa8775p chipset * rtw89: 8922a: add fw format-2 v0.35.42.1 - Pick up the fixed ath12k firmware from https://git.codelinaro.org/clo/ath-firmware/ath12k-firmware (bsc#1230596) - Update aliases from 6.11.x and 6.12-rc1 - Update to version 20240913 (git commit bcbdd1670bc3): * amdgpu: update DMCUB to v0.0.233.0 DCN351 * copy-firmware: Handle links to uncompressed files * WHENCE: Fix battmgr.jsn entry type - Temporary revert for ath12k firmware (bsc#1230596) - Update to version 20240912 (git commit 47c72fee8fe3): * amdgpu: Add VPE 6.1.3 microcode * amdgpu: add SDMA 6.1.2 microcode * amdgpu: Add support for PSP 14.0.4 * amdgpu: add GC 11.5.2 microcode * qcom: qcm6490: add ADSP and CDSP firmware * linux-firmware: Update firmware file for Intel Bluetooth Magnetor core * linux-firmware: Update firmware file for Intel BlazarU core * linux-firmware: Update firmware file for Intel Bluetooth Solar core - Update to version 20240911 (git commit 59def907425d): * rtl_bt: Update RTL8852B BT USB FW to 0x0447_9301 (bsc#1229272) - Update to version 20240910 (git commit 2a7b69a3fa30): * realtek: rt1320: Add patch firmware of MCU * i915: Update MTL DMC v2.23 * cirrus: cs35l56: Add firmware for Cirrus CS35L54 for some HP laptops - Update to version 20240903 (git commit 96af55bd3d0b): * amdgpu: Revert sienna cichlid dmcub firmware update (bsc#1230007) * iwlwifi: add Bz FW for core89-58 release * rtl_nic: add firmware rtl8126a-3 * linux-firmware: update firmware for MT7921 WiFi device * linux-firmware: update firmware for mediatek bluetooth chip (MT7921) - Update to version 20240830 (git commit d6c600d46981): * amdgpu: update DMCUB to v0.0.232.0 for DCN314 and DCN351 * qcom: vpu: restore compatibility with kernels before 6.6 - Update to version 20240826 (git commit bec4fd18cc57): (including ath11k f/w updates for bsc#1234027) * amdgpu: DMCUB updates forvarious AMDGPU ASICs * rtw89: 8922a: add fw format-1 v0.35.41.0 * linux-firmware: update firmware for MT7925 WiFi device * linux-firmware: update firmware for mediatek bluetooth chip (MT7925) * rtl_bt: Add firmware and config files for RTL8922A * rtl_bt: Add firmware file for the the RTL8723CS Bluetooth part * rtl_bt: de-dupe identical config.bin files * rename rtl8723bs_config-OBDA8723.bin -> rtl_bt/rtl8723bs_config.bin * linux-firmware: Update AMD SEV firmware * linux-firmware: update firmware for MT7996 * Revert 'i915: Update MTL DMC v2.22' * ath12k: WCN7850 hw2.0: update board-2.bin * ath11k: WCN6855 hw2.0: update to WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41 * ath11k: WCN6855 hw2.0: update board-2.bin * ath11k: QCA2066 hw2.1: add to WLAN.HSP.1.1-03926.13-QCAHSPSWPL_V2_SILICONZ_CE-2.52297.3 * ath11k: QCA2066 hw2.1: add board-2.bin * ath11k: IPQ5018 hw1.0: update to WLAN.HK.2.6.0.1-01291-QCAHKSWPL_SILICONZ-1 * qcom: vpu: add video firmware for sa8775p * amdgpu: DMCUB updates for various AMDGPU ASICs - Update to version 20240809 (git commit 36db650dae03): * qcom: update path for video firmware for vpu-1/2/3.0 * QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00642 * rtw89: 8852c: add fw format-1 v0.27.97.0 * rtw89: 8852bt: add firmware 0.29.91.0 * amdgpu: Update ISP FW for isp v4.1.1 * mediatek: Update mt8195 SOF firmware * amdgpu: DMCUB updates for DCN314 * xe: First GuC release v70.29.2 for BMG * xe: Add GuC v70.29.2 for LNL * i915: Add GuC v70.29.2 for ADL-P, DG1, DG2, MTL, and TGL * i915: Update MTL DMC v2.22 * i915: update MTL GSC to v102.0.10.1878 * xe: Add BMG HuC 8.2.10 * xe: Add GSC 104.0.0.1161 for LNL * xe: Add LNL HuC 9.4.13 * i915: update DG2 HuC to v7.10.16 * amdgpu: Update ISP FW for isp v4.1.1 * QCA: Update Bluetooth QCA2066 firmware to 2.1.0-00641 - Issues already fixed in past releases: * CVE-2023-31315: Fixed improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration (bsc#1229069) Important SUSE bug 1229069 SUSE bug 1229272 SUSE bug 1230007 SUSE bug 1230596 SUSE bug 1234027 CVE-2023-31315 at SUSE CVE-2023-31315 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Django (Critical) openSUSE Leap 15.6 This update for python-Django fixes the following issues: - CVE-2024-53907: Fixed denial-of-service in django.utils.html.strip_tags() (bsc#1234232) - CVE-2024-53908: Fixed SQL injection in HasKey(lhs, rhs) on Oracle (bsc#1234231) Critical SUSE bug 1234231 SUSE bug 1234232 CVE-2024-53907 at SUSE CVE-2024-53907 at NVD CVE-2024-53908 at SUSE CVE-2024-53908 at NVD cpe:/o:opensuse:leap:15.6 Security update for nodejs20 (Moderate) openSUSE Leap 15.6 This update for nodejs20 fixes the following issues: - CVE-2024-21538: Fixed regular expression denial of service in cross-spawn dependency (bsc#1233856) Other fixes: - Updated to 20.18.1: * Experimental Network Inspection Support in Node.js * Exposes X509_V_FLAG_PARTIAL_CHAIN to tls.createSecureContext * New option for vm.createContext() to create a context with a freezable globalThis * buffer: optimize createFromString - Changes in 20.17.0: * module: support require()ing synchronous ESM graphs * path: add matchesGlob method * stream: expose DuplexPair API - Changes in 20.16.0: * process: add process.getBuiltinModule(id) * inspector: fix disable async hooks on Debugger.setAsyncCallStackDepth * buffer: add .bytes() method to Blob Moderate SUSE bug 1233856 CVE-2024-21538 at SUSE CVE-2024-21538 at NVD cpe:/o:opensuse:leap:15.6 Security update for curl (Moderate) openSUSE Leap 15.6 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068) Moderate SUSE bug 1234068 CVE-2024-11053 at SUSE CVE-2024-11053 at NVD cpe:/o:opensuse:leap:15.6 Security update for libsoup2 (Important) openSUSE Leap 15.6 This update for libsoup2 fixes the following issues: - CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names (bsc#1233285) - CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict (bsc#1233292) - CVE-2024-52532: Fixed infinite loop while reading websocket data (bsc#1233287) Important SUSE bug 1233285 SUSE bug 1233287 SUSE bug 1233292 CVE-2024-52530 at SUSE CVE-2024-52530 at NVD CVE-2024-52531 at SUSE CVE-2024-52531 at NVD CVE-2024-52532 at SUSE CVE-2024-52532 at NVD cpe:/o:opensuse:leap:15.6 Security update for python312 (Important) openSUSE Leap 15.6 This update for python312 fixes the following issues: - CVE-2024-12254: Fixed unbounded memory buffering in SelectorSocketTransport.writelines() (bsc#1234290) Other fixes: - Updated to version 3.12.8 - Remove -IVendor/ from python-config (bsc#1231795) Important SUSE bug 1231795 SUSE bug 1234290 CVE-2024-12254 at SUSE CVE-2024-12254 at NVD cpe:/o:opensuse:leap:15.6 Security update for webkit2gtk3 (Important) openSUSE Leap 15.6 This update for webkit2gtk3 fixes the following issues: - CVE-2024-44308: Fixed processing maliciously crafted web content that may lead to arbitrary code execution (bsc#1233631) - CVE-2024-44309: Fixed data isolation bypass vulnerability (bsc#1233632) Important SUSE bug 1233631 SUSE bug 1233632 CVE-2024-44308 at SUSE CVE-2024-44308 at NVD CVE-2024-44309 at SUSE CVE-2024-44309 at NVD cpe:/o:opensuse:leap:15.6 Security update for socat (Moderate) openSUSE Leap 15.6 This update for socat fixes the following issues: - CVE-2024-54661: Fixed arbitrary file overwrite via predictable /tmp directory in socat readline.sh (bsc#1225462) Moderate SUSE bug 1225462 CVE-2024-54661 at SUSE CVE-2024-54661 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-1_8_0-ibm (Moderate) openSUSE Leap 15.6 This update for java-1_8_0-ibm fixes the following issues: Updated to Java 8.0 Service Refresh 8 Fix Pack 35 with Oracle October 15 2024 CPU (bsc#1232064): - CVE-2024-21208: Fixed partial DoS in component Networking (bsc#1231702,JDK-8328286) - CVE-2024-21210: Fixed unauthorized update, insert or delete access to some of Oracle Java SE accessible data in component Hotspot (bsc#1231711,JDK-8328544) - CVE-2024-21217: Fixed partial DoS in component Serialization (bsc#1231716,JDK-8331446) - CVE-2024-21235: Fixed unauthorized read/write access to data in component Hotspot (bsc#1231719,JDK-8332644) Other issues fixed in past releases: - CVE-2024-3933: Fixed evaluate constant byteLenNode of arrayCopyChild (bsc#1225470) Moderate SUSE bug 1225470 SUSE bug 1231702 SUSE bug 1231711 SUSE bug 1231716 SUSE bug 1231719 SUSE bug 1232064 CVE-2024-21208 at SUSE CVE-2024-21208 at NVD CVE-2024-21210 at SUSE CVE-2024-21210 at NVD CVE-2024-21217 at SUSE CVE-2024-21217 at NVD CVE-2024-21235 at SUSE CVE-2024-21235 at NVD CVE-2024-3933 at SUSE CVE-2024-3933 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52778: mptcp: deal with large GSO size (bsc#1224948). - CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking (bsc#1232823). - CVE-2024-26596: net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events (bsc#1220355). - CVE-2024-26741: dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished() (bsc#1222587). - CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590). - CVE-2024-26953: net: esp: fix bad handling of pages from page_pool (bsc#1223656). - CVE-2024-27017: netfilter: nft_set_pipapo: walk over current view on netlink dump (bsc#1223733). - CVE-2024-35888: erspan: make sure erspan_base_hdr is present in skb->head (bsc#1224518). - CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548). - CVE-2024-36883: net: fix out-of-bounds access in ops_init (bsc#1225725). - CVE-2024-36886: tipc: fix UAF in error path (bsc#1225730). - CVE-2024-36905: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (bsc#1225742). - CVE-2024-36927: ipv4: Fix uninit-value access in __ip_make_skb() (bsc#1225813). - CVE-2024-36954: tipc: fix a possible memleak in tipc_buf_append (bsc#1225764). - CVE-2024-36968: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() (bsc#1226130). - CVE-2024-38589: netrom: fix possible dead-lock in nr_rt_ioctl() (bsc#1226748). - CVE-2024-40914: mm/huge_memory: do not unpoison huge_zero_folio (bsc#1227842). - CVE-2024-41023: sched/deadline: Fix task_struct reference leak (bsc#1228430). - CVE-2024-42102: Revert 'mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again' (bsc#1233132). - CVE-2024-44995: net: hns3: fix a deadlock problem when config TC during resetting (bsc#1230231). - CVE-2024-46680: Bluetooth: btnxpuart: Fix random crash seen while removing driver (bsc#1230557). - CVE-2024-46681: pktgen: use cpus_read_lock() in pg_net_init() (bsc#1230558). - CVE-2024-46765: ice: protect XDP configuration with a mutex (bsc#1230807). - CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827). - CVE-2024-47679: vfs: fix race between evice_inodes() and find_inode()&iput() (bsc#1231930). - CVE-2024-47701: ext4: avoid OOB when system.data xattr changes underneath the filesystem (bsc#1231920). - CVE-2024-47703: bpf, lsm: add check for BPF LSM return value (bsc#1231946). - CVE-2024-49852: scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() (bsc#1232819). - CVE-2024-49868: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion (bsc#1232272). - CVE-2024-49881: ext4: update orig_path in ext4_find_extent() (bsc#1232201). - CVE-2024-49883: ext4: aovid use-after-free in ext4_ext_insert_extent() (bsc#1232199). - CVE-2024-49894: drm/amd/display: Fix index out of bounds in degamma hardware format translation (bsc#1232354). - CVE-2024-49895: drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation (bsc#1232352). - CVE-2024-49897: drm/amd/display: Check phantom_stream before it is used (bsc#1232355). - CVE-2024-49899: drm/amd/display: Initialize denominators' default to 1 (bsc#1232358). - CVE-2024-49901: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs (bsc#1232305). - CVE-2024-49909: drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func (bsc#1232337). - CVE-2024-49911: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func (bsc#1232366). - CVE-2024-49912: drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' (bsc#1232367). - CVE-2024-49913: drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream (bsc#1232307). - CVE-2024-49921: drm/amd/display: Check null pointers before used (bsc#1232371). - CVE-2024-49922: drm/amd/display: Check null pointers before using them (bsc#1232374). - CVE-2024-49923: drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags (bsc#1232361). - CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224) - CVE-2024-49933: blk_iocost: fix more out of bound shifts (bsc#1232368). - CVE-2024-49934: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name (bsc#1232387). - CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (bsc#1232166). - CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165). - CVE-2024-49952: netfilter: nf_tables: prevent nf_skb_duplicated corruption (bsc#1232157). - CVE-2024-49959: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (bsc#1232149). - CVE-2024-49968: ext4: filesystems without casefold feature cannot be mounted with siphash (bsc#1232264). - CVE-2024-49983: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free (bsc#1232096). - CVE-2024-49987: bpftool: Fix undefined behavior in qsort(NULL, 0, ...) (bsc#1232258). - CVE-2024-49989: drm/amd/display: fix double free issue during amdgpu module unload (bsc#1232483). - CVE-2024-50003: drm/amd/display: Fix system hang while resume with TBT monitor (bsc#1232385). - CVE-2024-50004: drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35 (bsc#1232396). - CVE-2024-50006: ext4: fix i_data_sem unlock order in ext4_ind_migrate() (bsc#1232442). - CVE-2024-50009: cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value (bsc#1232318). - CVE-2024-50012: cpufreq: Avoid a bad reference count on CPU node (bsc#1232386). - CVE-2024-50014: ext4: fix access to uninitialised lock in fc replay path (bsc#1232446). - CVE-2024-50015: ext4: dax: fix overflowing extents beyond inode size when partially writing (bsc#1232079). - CVE-2024-50080: ublk: do not allow user copy for unprivileged device (bsc#1232502). - CVE-2024-50081: blk-mq: setup queue ->tag_set before initializing hctx (bsc#1232501). - CVE-2024-50082: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (bsc#1232500). - CVE-2024-50084: net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test() (bsc#1232494). - CVE-2024-50087: btrfs: fix uninitialized pointer free on read_alloc_one_name() error (bsc#1232499). - CVE-2024-50088: btrfs: fix uninitialized pointer free in add_inode_ref() (bsc#1232498). - CVE-2024-50098: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down (bsc#1232881). - CVE-2024-50110: xfrm: fix one more kernel-infoleak in algo dumping (bsc#1232885). - CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919). - CVE-2024-50124: Bluetooth: ISO: Fix UAF on iso_sock_timeout (bsc#1232926). - CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928). - CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907). - CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905). - CVE-2024-50130: netfilter: bpf: must hold reference on net namespace (bsc#1232894). - CVE-2024-50138: bpf: Use raw_spinlock_t in ringbuf (bsc#1232935). - CVE-2024-50139: KVM: arm64: Fix shift-out-of-bounds bug (bsc#1233062). - CVE-2024-50145: octeon_ep: add SKB allocation failures handling in __octep_oq_process_rx() (bsc#1233044). - CVE-2024-50153: scsi: target: core: Fix null-ptr-deref in target_alloc_device() (bsc#1233061). - CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070). - CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices (bsc#1233050). - CVE-2024-50167: be2net: fix potential memory leak in be_xmit() (bsc#1233049). - CVE-2024-50169: vsock: Update rx_bytes on read_skb() (bsc#1233320). - CVE-2024-50171: net: systemport: fix potential memory leak in bcm_sysport_xmit() (bsc#1233057). - CVE-2024-50177: drm/amd/display: fix a UBSAN warning in DML2.1 (bsc#1233115). - CVE-2024-50182: secretmem: disable memfd_secret() if arch cannot set direct map (bsc#1233129). - CVE-2024-50184: virtio_pmem: Check device status before requesting flush (bsc#1233135). - CVE-2024-50186: net: explicitly clear the sk pointer, when pf->create fails (bsc#1233110). - CVE-2024-50192: irqchip/gic-v4: Do not allow a VMOVP on a dying VPE (bsc#1233106). - CVE-2024-50225: btrfs: fix error propagation of split bios (bsc#1233193). - CVE-2024-50228: mm: shmem: fix data-race in shmem_getattr() (bsc#1233204). - CVE-2024-50230: nilfs2: fix kernel bug due to missing clearing of checked flag (bsc#1233206). - CVE-2024-50245: fs/ntfs3: Fix possible deadlock in mi_read (bsc#1233203). - CVE-2024-50246: fs/ntfs3: Add rough attr alloc_size check (bsc#1233207). - CVE-2024-50248: ntfs3: add bounds checking to mi_enum_attr() (bsc#1233219). - CVE-2024-50250: fsdax: dax_unshare_iter needs to copy entire blocks (bsc#1233226). - CVE-2024-50252: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address (bsc#1233201). - CVE-2024-50257: netfilter: Fix use-after-free in get_info() (bsc#1233244). - CVE-2024-50261: macsec: Fix use-after-free while sending the offloading packet (bsc#1233253). - CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453). - CVE-2024-50271: signal: restore the override_rlimit logic (bsc#1233460). - CVE-2024-50273: btrfs: reinitialize delayed ref list after deleting it from the list (bsc#1233462). - CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463). - CVE-2024-50275: arm64/sve: Discard stale CPU state when handling SVE traps (bsc#1233464). - CVE-2024-50276: net: vertexcom: mse102x: Fix possible double free of TX skb (bsc#1233465). - CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468). - CVE-2024-50289: media: av7110: fix a spectre vulnerability (bsc#1233478). - CVE-2024-50295: net: arc: fix the device for dma_map_single/dma_unmap_single (bsc#1233484). - CVE-2024-50296: net: hns3: fix kernel crash when uninstalling driver (bsc#1233485). - CVE-2024-50298: net: enetc: allocate vf_state during PF probes (bsc#1233487). - CVE-2024-53042: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() (bsc#1233540). - CVE-2024-53043: mctp i2c: handle NULL header address (bsc#1233523). - CVE-2024-53048: ice: fix crash on probe for DPLL enabled E810 LOM (bsc#1233721). - CVE-2024-53051: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability (bsc#1233547). - CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction (bsc#1233550). - CVE-2024-53056: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() (bsc#1233568). - CVE-2024-53058: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data (bsc#1233552). - CVE-2024-53079: mm/thp: fix deferred split unqueue naming and locking (bsc#1233570). - CVE-2024-53082: virtio_net: Add hash_key_length check (bsc#1233573). - CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642). - CVE-2024-53110: vp_vdpa: fix id_table array not null terminated error (bsc#1234085). - CVE-2024-53121: net/mlx5: fs, lock FTE when checking if active (bsc#1234078). - CVE-2024-53138: net/mlx5e: kTLS, Fix incorrect page refcounting (bsc#1234223). The following non-security bugs were fixed: - Documentation: kgdb: Correct parameter error (git-fixes). - Drop OCFS2 patch causing a regression (bsc#1233255) - Move upstreamed crypto patches into sorted section - Move upstreamed patches into sorted section - Revert 'KVM: PPC: Book3S HV Nested: Stop forwarding all HFUs to L1' (bsc#1215199). - Revert 'RDMA/core: Fix ENODEV error for iWARP test over vlan' (git-fixes) - Revert 'cgroup: Fix memory leak caused by missing cgroup_bpf_offline' (bsc#1234108). - Revert 'cpufreq: brcmstb-avs-cpufreq: Fix initial command check' (stable-fixes). - Revert 'mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K' (git-fixes). - Revert 'usb: gadget: composite: fix OS descriptors w_value logic' (git-fixes). - Update config files (bsc#1218644). LIVEPATCH_IPA_CLONES=n => LIVEPATCH=n - Update config files. Enabled IDPF for ARM64 (bsc#1221309) - accel: Use XArray instead of IDR for minors (jsc#PED-11580). - accel: Use XArray instead of IDR for minors (jsc#PED-11580). - acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() (git-fixes). - acpi: CPPC: Fix _CPC register setting issue (git-fixes). - ad7780: fix division by zero in ad7780_write_raw() (git-fixes). - add bugreference to a hv_netvsc patch (bsc#1232413). - aes-gcm-p10: Use the correct bit to test for P10 (bsc#1232704). - alsa: 6fire: Release resources at card release (git-fixes). - alsa: ac97: bus: Fix the mistake in the comment (git-fixes). - alsa: caiaq: Use snd_card_free_when_closed() at disconnection (git-fixes). - alsa: firewire-lib: fix return value on fail in amdtp_tscm_init() (git-fixes). - alsa: hda/conexant: fix Z60MR100 startup pop issue (stable-fixes). - alsa: hda/realtek - Fixed Clevo platform headset Mic issue (stable-fixes). - alsa: hda/realtek - update set GPIO3 to default for Thinkpad with ALC1318 (git-fixes). - alsa: hda/realtek: Add support for Samsung Galaxy Book3 360 (NP730QFG) (stable-fixes). - alsa: hda/realtek: Apply quirk for Medion E15433 (bsc#1233298). - alsa: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8 (stable-fixes). - alsa: hda/realtek: Enable speaker pins for Medion E15443 platform (bsc#1233298). - alsa: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max (bsc#1233298). - alsa: hda/realtek: Set PCBeep to default value for ALC274 (stable-fixes). - alsa: hda/realtek: Update ALC225 depop procedure (git-fixes). - alsa: hda/realtek: Update ALC256 depop procedure (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10 (stable-fixes). - alsa: hda: Poll jack events for LS7A HD-Audio (stable-fixes). - alsa: hda: Show the codec quirk info at probing (stable-fixes). - alsa: ice1712: Remove redundant code in stac9460_dac_vol_put (stable-fixes). - alsa: pcm: Add sanity NULL check for the default mmap fault handler (stable-fixes). - alsa: ump: Fix evaluation of MIDI 1.0 FB info (git-fixes). - alsa: us122l: Use snd_card_free_when_closed() at disconnection (git-fixes). - alsa: usb-audio: Add Pioneer DJ/AlphaTheta DJM-A9 Mixer (stable-fixes). - alsa: usb-audio: Fix Yamaha P-125 Quirk Entry (stable-fixes). - alsa: usb-audio: Fix a DMA to stack memory bug (git-fixes). - alsa: usb-audio: Fix out of bounds reads when finding clock sources (stable-fixes). - alsa: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (git-fixes). - alsa: usb-audio: Make mic volume workarounds globally applicable (stable-fixes). - alsa: usb-audio: Use snprintf instead of sprintf in build_mixer_unit_ctl (stable-fixes). - alsa: usb-audio: add mixer mapping for Corsair HS80 (stable-fixes). - alsa: usx2y: Use snd_card_free_when_closed() at disconnection (git-fixes). - amd-pstate: Set min_perf to nominal_perf for active mode performance gov (git-fixes). - apparmor: fix 'Do simple duplicate message elimination' (git-fixes). - apparmor: test: Fix memory leak for aa_unpack_strdup() (git-fixes). - apparmor: use kvfree_sensitive to free data->data (git-fixes). - arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer (git-fixes) - arm64: dts: freescale: imx8mm-verdin: Fix SD regulator startup delay (git-fixes) - arm64: dts: freescale: imx8mp-verdin: Fix SD regulator startup delay (git-fixes) - arm64: dts: imx8-ss-vpu: Fix imx8qm VPU IRQs (git-fixes) - arm64: dts: imx8qxp: Add VPU subsystem file (git-fixes) - arm64: dts: imx93: add nvmem property for eqos (git-fixes) - arm64: dts: imx93: add nvmem property for fec1 (git-fixes) - arm64: dts: imx93: add ocotp node (git-fixes) - arm64: dts: rockchip: Add DTS for FriendlyARM NanoPi R2S Plus (git-fixes) - arm64: dts: rockchip: Correct GPIO polarity on brcm BT nodes (git-fixes) - arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc (git-fixes) - arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards (git-fixes) - arm64: dts: rockchip: Fix bluetooth properties on rk3566 box demo (git-fixes) - arm64: dts: rockchip: Fix reset-gpios property on brcm BT nodes (git-fixes) - arm64: dts: rockchip: Fix rt5651 compatible value on (git-fixes) - arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-eaidk-610 (git-fixes) - arm64: dts: rockchip: Fix wakeup prop names on PineNote BT node (git-fixes) - arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma (git-fixes) - arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 (git-fixes) - arm64: dts: rockchip: Remove undocumented supports-emmc property (git-fixes) - arm64: dts: rockchip: fix i2c2 pinctrl-names property on (git-fixes) - arm64: dts: rockchip: remove num-slots property from (git-fixes) - arm64: dts: rockchip: remove orphaned pinctrl-names from pinephone (git-fixes) - arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG (git-fixes) - arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint (git-fixes) - arm64: smccc: replace custom COUNT_ARGS() & CONCATENATE() (git-fixes) - arm64: tegra: Move AGX Orin nodes to correct location (git-fixes) - arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled (git-fixes) - asoc: Intel: avs: da7219: Remove suspend_pre() and resume_post() (stable-fixes). - asoc: SOF: Add i2s bt dai configuration support for AMD platforms (bsc#1233305). - asoc: SOF: Add support for configuring PDM interface from topology (bsc#1233305). - asoc: SOF: Deprecate invalid enums in IPC3 (bsc#1233305). - asoc: SOF: IPC4: get pipeline priority from topology (bsc#1233305). - asoc: SOF: IPC4: synchronize fw_config_params with fw definitions (bsc#1233305). - asoc: SOF: Refactor sof_i2s_tokens reading to update acpbt dai (bsc#1233305). - asoc: SOF: Rename amd_bt sof_dai_type (bsc#1233305). - asoc: SOF: Wire up buffer flags (bsc#1233305). - asoc: SOF: add alignment for topology header file struct definition (bsc#1233305). - asoc: SOF: align topology header file with sof topology header (bsc#1233305). - asoc: SOF: ipc3-topology: Convert the topology pin index to ALH dai index (git-fixes). - asoc: SOF: ipc3-topology: fix resource leaks in sof_ipc3_widget_setup_comp_dai() (git-fixes). - asoc: SOF: ipc4-control: Add support for ALSA enum control (bsc#1233305). - asoc: SOF: ipc4-control: Add support for ALSA switch control (bsc#1233305). - asoc: SOF: ipc4-mtrace: move debug slot related definitions to header.h (bsc#1233305). - asoc: SOF: ipc4-topology: Add deep buffer size to debug prints (bsc#1233305). - asoc: SOF: ipc4-topology: Add definition for generic switch/enum control (bsc#1233305). - asoc: SOF: ipc4-topology: Add module ID print during module set up (bsc#1233305). - asoc: SOF: ipc4-topology: Helper to find an swidget by module/instance id (bsc#1233305). - asoc: SOF: ipc4-topology: Only handle dai_config with HW_PARAMS for ChainDMA (bsc#1233305). - asoc: SOF: ipc4-topology: change chain_dma handling in dai_config (bsc#1233305). - asoc: SOF: ipc4-topology: export sof_ipc4_copier_is_single_format (bsc#1233305). - asoc: SOF: ipc4-topology: set config_length based on device_count (bsc#1233305). - asoc: SOF: ipc4: Add data struct for module notification message from firmware (bsc#1233305). - asoc: SOF: ipc4: Add new message type: SOF_IPC4_GLB_LOAD_LIBRARY_PREPARE (bsc#1233305). - asoc: SOF: sof-client-probes-ipc4: Set param_size extension bits (git-fixes). - asoc: SOF: topology: Parse DAI type token for dspless mode (bsc#1233305). - asoc: SOF: topology: dynamically allocate and store DAI widget->private (bsc#1233305). - asoc: amd: yc: Add quirk for ASUS Vivobook S15 M3502RA (stable-fixes). - asoc: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry (git-fixes). - asoc: amd: yc: Fix non-functional mic on ASUS E1404FA (stable-fixes). - asoc: amd: yc: Support dmic on another model of Lenovo Thinkpad E14 Gen 6 (stable-fixes). - asoc: amd: yc: fix internal mic on Xiaomi Book Pro 14 2022 (stable-fixes). - asoc: audio-graph-card2: Purge absent supplies for device tree nodes (stable-fixes). - asoc: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() (git-fixes). - asoc: fsl_micfil: Add sample rate constraint (stable-fixes). - asoc: fsl_micfil: fix regmap_write_bits usage (git-fixes). - asoc: mediatek: mt8188-mt6359: Remove hardcoded dmic codec (git-fixes). - asoc: rt722-sdca: Remove logically deadcode in rt722-sdca.c (git-fixes). - asoc: rt722-sdca: increase clk_stop_timeout to fix clock stop issue (stable-fixes). - asoc: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove (git-fixes). - asoc: stm: Prevent potential division by zero in stm32_sai_get_clk_div() (stable-fixes). - asoc: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate() (stable-fixes). - asoc: tas2781: Add new driver version for tas2563 & tas2781 qfn chip (stable-fixes). - bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync (git-fixes). - bluetooth: btintel: Direct exception event to bluetooth stack (git-fixes). - bluetooth: btnxpuart: Resolve TX timeout error in power save stress test (bsc#1230557) - bluetooth: fix use-after-free in device_for_each_child() (git-fixes). - bluetooth: hci_core: Fix calling mgmt_device_connected (git-fixes). - bpf, arm64: Fix address emission with tag-based KASAN enabled (git-fixes) - bpf, arm64: Remove garbage frame for struct_ops trampoline (git-fixes) - bpf, sockmap: SK_DROP on attempted redirects of unsupported af_vsock (git-fixes). - bpf, vsock: Drop static vsock_bpf_prot initialization (git-fixes). - btrfs: merge btrfs_orig_bbio_end_io() into btrfs_bio_end_io() (bsc#1233193) - can: c_can: c_can_handle_bus_err(): update statistics if skb allocation fails (git-fixes). - can: c_can: fix {rx,tx}_errors statistics (git-fixes). - can: dev: can_set_termination(): allow sleeping GPIOs (git-fixes). - can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics (git-fixes). - can: hi311x: hi3110_can_ist(): fix potential use-after-free (git-fixes). - can: hi311x: hi3110_can_ist(): fix {rx,tx}_errors statistics (git-fixes). - can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes). - can: j1939: j1939_session_new(): fix skb reference counting (git-fixes). - can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes). - can: mcp251xfd: mcp251xfd_get_tef_len(): fix length calculation (git-fixes). - can: mcp251xfd: mcp251xfd_get_tef_len(): work around erratum DS80000789E 6 (git-fixes). - can: mcp251xfd: mcp251xfd_ring_alloc(): fix coalescing configuration when switching CAN modes (git-fixes). - can: sja1000: sja1000_err(): fix {rx,tx}_errors statistics (git-fixes). - can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL (git-fixes). - can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics (git-fixes). - cgroup/bpf: only cgroup v2 can be attached by bpf programs (bsc#1234108). - clk: clk-apple-nco: Add NULL check in applnco_probe (git-fixes). - clk: clk-axi-clkgen: make sure to enable the AXI bus clock (git-fixes). - clk: imx: clk-scu: fix clk enable state save and restore (git-fixes). - clk: imx: fracn-gppll: correct PLL initialization flow (git-fixes). - clk: imx: fracn-gppll: fix pll power up (git-fixes). - clk: imx: lpcg-scu: SW workaround for errata (e10858) (git-fixes). - clk: qcom: clk-alpha-pll: drop lucid-evo pll enabled warning (git-fixes). - clk: qcom: clk-alpha-pll: fix lucid 5lpe pll enabled check (git-fixes). - clk: qcom: gcc-qcs404: fix initial rate of GPLL3 (git-fixes). - clk: renesas: rzg2l: Fix FOUTPOSTDIV clk (git-fixes). - clk: sunxi-ng: d1: Fix PLL_AUDIO0 preset (git-fixes). - comedi: Flush partial mappings in error case (git-fixes). - cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() (git-fixes). - cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() (git-fixes). - cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_cost() (git-fixes). - cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_power() (git-fixes). - cpufreq: loongson2: Unregister platform_driver on failure (git-fixes). - cpufreq: mediatek-hw: Fix wrong return value in mtk_cpufreq_get_cpu_power() (git-fixes). - crypto: aes-gcm-p10 - Use the correct bit to test for P10 (bsc#1232704). - crypto: api - Fix liveliness check in crypto_alg_tested (stable-fixes). - crypto: bcm - add error check in the ahash_hmac_init function (git-fixes). - crypto: caam - Fix the pointer passed to caam_qi_shutdown() (git-fixes). - crypto: caam - add error check to caam_rsa_set_priv_key_form (git-fixes). - crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() (git-fixes). - crypto: cavium - Fix the if condition to exit loop after timeout (git-fixes). - crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() (git-fixes). - crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (git-fixes). - crypto: qat - remove check after debugfs_create_dir() (git-fixes). - crypto: qat - remove faulty arbiter config reset (git-fixes). - crypto: qat/qat_4xxx - fix off by one in uof_get_name() (git-fixes). - crypto: x86/aegis128 - access 32-bit arguments as 32-bit (git-fixes). - cxl: downgrade a warning message to debug level in cxl_probe_component_regs() (bsc#1229165). - dma-fence: Fix reference leak on fence merge failure path (git-fixes). - dma-fence: Use kernel's sort for merging fences (git-fixes). - doc: rcu: update printed dynticks counter bits (git-fixes). - drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() (git-fixes). - drm/amd/display: Adjust VSDB parser for replay feature (stable-fixes). - drm/amd/display: Fix brightness level not retained over reboot (git-fixes). - drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe (git-fixes). - drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp (git-fixes). - drm/amd: Add some missing straps from NBIO 7.11.0 (git-fixes). - drm/amd: Fix initialization mistake for NBIO 7.7.0 (stable-fixes). - drm/amdgpu: Adjust debugfs eviction and IB access permissions (stable-fixes). - drm/amdgpu: Adjust debugfs register access permissions (stable-fixes). - drm/amdgpu: Fix DPX valid mode check on GC 9.4.3 (git-fixes). - drm/amdgpu: Fix JPEG v4.0.3 register write (git-fixes). - drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() (stable-fixes). - drm/amdgpu: fix check in gmc_v9_0_get_vm_pte() (git-fixes). - drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported (git-fixes). - drm/amdkfd: Accounting pdd vram_usage for svm (stable-fixes). - drm/amdkfd: Fix wrong usage of INIT_WORK() (git-fixes). - drm/bridge: anx7625: Drop EDID cache on bridge power off (git-fixes). - drm/bridge: it6505: Drop EDID cache on bridge power off (git-fixes). - drm/bridge: tc358767: Fix link properties discovery (git-fixes). - drm/bridge: tc358768: Fix DSI command tx (git-fixes). - drm/etnaviv: Request pages from DMA32 zone on addressing_limited (git-fixes). - drm/etnaviv: hold GPU lock across perfmon sampling (git-fixes). - drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - drm/mediatek: Fix child node refcount handling in early exit (git-fixes). - drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused (git-fixes). - drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() (git-fixes). - drm/msm/dpu: drop LM_3 / LM_4 on MSM8998 (git-fixes). - drm/msm/dpu: drop LM_3 / LM_4 on SDM845 (git-fixes). - drm/msm/dpu: on SDM845 move DSPP_3 to LM_5 block (git-fixes). - drm/msm/gpu: Check the status of registration to PM QoS (git-fixes). - drm/msm: Fix some typos in comment (git-fixes). - drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new() (git-fixes). - drm/omap: Fix locking in omap_gem_new_dmabuf() (git-fixes). - drm/omap: Fix possible NULL dereference (git-fixes). - drm/panfrost: Add missing OPP table refcnt decremental (git-fixes). - drm/panfrost: Remove unused id_mask from struct panfrost_model (git-fixes). - drm/rockchip: vop: Fix a dereferenced before check warning (git-fixes). - drm/sti: Add __iomem for mixer_dbg_mxn's parameter (git-fixes). - drm/sti: avoid potential dereference of error pointers (git-fixes). - drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check (git-fixes). - drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check (git-fixes). - drm/v3d: Address race-condition in MMU flush (git-fixes). - drm/v3d: Enable Performance Counters before clearing them (git-fixes). - drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_atomic_flush (git-fixes). - drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_lut_load (git-fixes). - drm/vc4: hdmi: Avoid hang with debug registers when suspended (git-fixes). - drm/vc4: hvs: Correct logic on stopping an HVS channel (git-fixes). - drm/vc4: hvs: Do not write gamma luts on 2711 (git-fixes). - drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer (git-fixes). - drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function (git-fixes). - drm/vkms: Drop unnecessary call to drm_crtc_cleanup() (git-fixes). - drm/vmwgfx: Limit display layout ioctl array size to VMWGFX_NUM_DISPLAY_UNITS (stable-fixes). - drm: Expand max DRM device number to full MINORBITS (jsc#PED-11580). - drm: Expand max DRM device number to full MINORBITS (jsc#PED-11580). - drm: Use XArray instead of IDR for minors (jsc#PED-11580). - drm: Use XArray instead of IDR for minors (jsc#PED-11580). - drm: use ATOMIC64_INIT() for atomic64_t (git-fixes). - drm: xlnx: zynqmp_dpsub: fix hotplug detection (git-fixes). - drm: zynqmp_kms: Unplug DRM device before removal (git-fixes). - e1000e: Remove Meteor Lake SMBUS workarounds (git-fixes). - efi/libstub: Free correct pointer on failure (git-fixes). - efi/libstub: fix efi_parse_options() ignoring the default command line (git-fixes). - efi/libstub: zboot.lds: Discard .discard sections (stable-fixes). - efi/memattr: Ignore table if the size is clearly bogus (bsc#1231465). - ext4: fix slab-use-after-free in ext4_split_extent_at() (bsc#1232201) - ext4: fix unttached inode after power cut with orphan file feature enabled (bsc#1234009). - f2fs: get out of a repeat loop when getting a locked data page (bsc#1234011). - fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() (git-fixes). - firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (git-fixes). - firmware: google: Unregister driver_info on failure (git-fixes). - firmware_loader: Fix possible resource leak in fw_log_firmware_info() (git-fixes). - fs/ntfs3: Add more attributes checks in mi_enum_attr() (bsc#1233207) - fs/ntfs3: Fixed overflow check in mi_enum_attr() (bsc#1233207) - fs/ntfs3: Sequential field availability check in mi_enum_attr() (bsc#1233207) - fs: Fix uninitialized value issue in from_kuid and from_kgid (git-fixes). - goldfish: Fix unused const variable 'goldfish_pipe_acpi_match' (git-fixes). - gpio: exar: set value when external pull-up or pull-down is present (git-fixes). - gpio: zevio: Add missed label initialisation (git-fixes). - hid: core: zero-initialize the report buffer (git-fixes). - hid: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard (stable-fixes). - hid: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad (stable-fixes). - hid: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad (stable-fixes). - hid: multitouch: Add support for B2402FVA track point (stable-fixes). - hid: wacom: Interpret tilt data from Intuos Pro BT as signed values (git-fixes). - hid: wacom: fix when get product name maybe null pointer (git-fixes). - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (git-fixes). - hwmon: (nct6775-core) Fix overflows seen when writing limit attributes (git-fixes). - hwmon: (tps23861) Fix reporting of negative temperatures (git-fixes). - i2c: designware: do not hold SCL low when I2C_DYNAMIC_TAR_UPDATE is not set (git-fixes). - i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() (git-fixes). - i3c: master: svc: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes). - i40e: fix race condition by adding filter's intermediate sync state (git-fixes). - iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call (git-fixes). - igb: Disable threaded IRQ for igb_msix_other (git-fixes). - iio: Fix fwnode_handle in __fwnode_iio_channel_get_by_name() (git-fixes). - iio: accel: kx022a: Fix raw read format (git-fixes). - iio: adc: ad7606: Fix typo in the driver name (git-fixes). - iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer (git-fixes). - iio: gts: Fix uninitialized symbol 'ret' (git-fixes). - iio: gts: fix infinite loop for gain_to_scaletables() (git-fixes). - iio: light: al3010: Fix an error handling path in al3010_probe() (git-fixes). - ima: fix buffer overrun in ima_eventdigest_init_common (git-fixes). - initramfs: avoid filename buffer overrun (bsc#1232436). - input: hideep - add missing dependency on REGMAP_I2C (git-fixes). - input: hycon-hy46xx - add missing dependency on REGMAP_I2C (git-fixes). - input: xpad - add GameSir T4 Kaleid Controller support (git-fixes). - input: xpad - add GameSir VID for Xbox One controllers (git-fixes). - input: xpad - add support for 8BitDo Ultimate 2C Wireless Controller (git-fixes). - input: xpad - add support for MSI Claw A1M (git-fixes). - input: xpad - add support for Machenike G5 Pro Controller (git-fixes). - input: xpad - fix support for some third-party controllers (git-fixes). - input: xpad - sort xpad_device by vendor and product ID (git-fixes). - input: xpad - spelling fixes for 'Xbox' (git-fixes). - intel_idle: add Granite Rapids Xeon support (bsc#1231630). - intel_idle: fix ACPI _CST matching for newer Xeon platforms (bsc#1231630). - io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (git-fixes). - io_uring/sqpoll: close race on waiting for sqring entries (git-fixes). - irqchip/gic-v3-its: Avoid explicit cpumask allocation on stack (git-fixes). - jbd2: Move j_transaction_overhead_buffers into a hole (bsc#1234042). - jbd2: avoid infinite transaction commit loop (bsc#1234039). - jbd2: avoid memleak in jbd2_journal_write_metadata_buffer (bsc#1234043). - jbd2: avoid mount failed when commit block is partial submitted (bsc#1234040). - jbd2: correct the printing of write_flags in jbd2_write_superblock() (bsc#1234045). - jbd2: fix kernel-doc for j_transaction_overhead_buffers (bsc#1234042). - jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev (bsc#1234044). - jbd2: fix soft lockup in journal_finish_inode_data_buffers() (bsc#1234046). - jbd2: make jbd2_journal_get_max_txn_bufs() internal (bsc#1234041). - jbd2: precompute number of transaction descriptor blocks (bsc#1234042). - kABI workaround for ASoC SOF (bsc#1233305). - kABI: Restore exported __arm_smccc_sve_check (git-fixes) - kabi, mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling (git-fixes kabi). - kasan: move checks to do_strncpy_from_user (git-fixes). - kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644). - kexec_file: fix elfcorehdr digest exclusion when CONFIG_CRASH_HOTPLUG=y (git-fixes). - kvm: PPC: Book3S HV: Avoid returning to nested hypervisor on pending doorbells (bsc#1215199). - kvm: PPC: Book3S HV: Stop using vc->dpdes for nested KVM guests (bsc#1215199). - kvm: PPC: Book3S HV: remove unused varible (bsc#1194869). - kvm: SEV-ES: Fix svm_get_msr()/svm_set_msr() for KVM_SEV_ES_INIT guests (bsc#1232207). - kvm: SEV-ES: Prevent MSR access post VMSA encryption (bsc#1232207). - leds: lp55xx: Remove redundant test for invalid channel number (git-fixes). - lib: string_helpers: silence snprintf() output truncation warning (git-fixes). - mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb() (git-fixes). - maple_tree: fix alloc node fail issue (git-fixes). - maple_tree: refine mas_store_root() on storing NULL (git-fixes). - media: adv7604: prevent underflow condition when reporting colorspace (git-fixes). - media: amphion: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes). - media: amphion: Set video drvdata before register video device (git-fixes). - media: ar0521: do not overflow when checking PLL values (git-fixes). - media: atomisp: Add check for rgby_data memory allocation failure (git-fixes). - media: bttv: use audio defaults for winfast2000 (git-fixes). - media: core: v4l2-ioctl: check if ioctl is known to avoid NULL name (git-fixes). - media: cx24116: prevent overflows on SNR calculus (git-fixes). - media: dvb_frontend: do not play tricks with underflow values (git-fixes). - media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set (stable-fixes). - media: dvbdev: prevent the risk of out of memory access (git-fixes). - media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate() (git-fixes). - media: i2c: dw9768: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes). - media: i2c: tc358743: Fix crash in the probe error path when using polling (git-fixes). - media: imx-jpeg: Ensure power suppliers be suspended before detach them (git-fixes). - media: imx-jpeg: Set video drvdata before register video device (git-fixes). - media: mantis: remove orphan mantis_core.h (git-fixes). - media: mtk-jpeg: Fix null-ptr-deref during unload module (git-fixes). - media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() (git-fixes). - media: platform: exynos4-is: Fix an OF node reference leak in fimc_md_is_isp_available (git-fixes). - media: pulse8-cec: fix data timestamp at pulse8_setup() (git-fixes). - media: s5p-jpeg: prevent buffer overflows (git-fixes). - media: stb0899_algo: initialize cfr before using it (git-fixes). - media: ts2020: fix null-ptr-deref in ts2020_probe() (git-fixes). - media: uvcvideo: Require entities to have a non-zero unique ID (git-fixes). - media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (git-fixes). - media: uvcvideo: Stop stream during unregister (git-fixes). - media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl() (git-fixes). - media: v4l2-tpg: prevent the risk of a division by zero (git-fixes). - media: vb2: Fix comment (git-fixes). - media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes). - media: videobuf2: fix typo: vb2_dbuf -> vb2_qbuf (git-fixes). - media: wl128x: Fix atomicity violation in fmc_send_cmd() (git-fixes). - mfd: rt5033: Fix missing regmap_del_irq_chip() (git-fixes). - mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race (git-fixes). - minmax: scsi: fix mis-use of 'clamp()' in sr.c (git-fixes). - misc: apds990x: Fix missing pm_runtime_disable() (git-fixes). - mlxbf_gige: disable RX filters until RX path initialized (git-fixes). - mm/hugetlb: fix nodes huge page allocation when there are surplus pages (bsc#1234012). - mm: avoid unsafe VMA hook invocation when error arises on mmap hook (git-fixes). - mm: move dummy_vm_ops out of a header (git-fixes prerequisity). - mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling (git-fixes). - mm: refactor map_deny_write_exec() (git-fixes). - mm: resolve faulty mmap_region() error path behaviour (git-fixes). - mm: unconditionally close VMAs on error (git-fixes). - mmc: core: Further prevent card detect during shutdown (git-fixes). - mmc: mmc_spi: drop buggy snprintf() (git-fixes). - mmc: sunxi-mmc: Fix A100 compatible description (git-fixes). - modpost: remove incorrect code in do_eisa_entry() (git-fixes). - mtd: rawnand: atmel: Fix possible memory leak (git-fixes). - mtd: spi-nor: core: replace dummy buswidth from addr to data (git-fixes). - net: mdio-ipq4019: add missing error check (git-fixes). - net: phy: dp83822: Fix reset pin definitions (git-fixes). - net: phy: ti: add PHY_RST_AFTER_CLK_EN flag (git-fixes). - net: relax socket state check at accept time (git-fixes). - net: usb: lan78xx: Fix double free issue with interrupt buffer allocation (git-fixes). - net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device (git-fixes). - net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration (git-fixes). - net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition (stable-fixes). - net: wwan: fix global oob in wwan_rtnl_policy (git-fixes). - net: wwan: t7xx: Fix off-by-one error in t7xx_dpmaif_rx_buf_alloc() (git-fixes). - net: xfrm: preserve kabi for xfrm_state (bsc#1233754). - netdevsim: copy addresses for both in and out paths (git-fixes). - netfilter: nf_tables: missing iterator type in lookup walk (git-fixes). - nfs: Fix KMSAN warning in decode_getfattr_attrs() (git-fixes). - nfs: avoid i_lock contention in nfs_clear_invalid_mapping (git-fixes). - nfs: remove revoked delegation from server's delegation list (git-fixes). - nfsd: remove unsafe BUG_ON from set_change_info (bsc#1234121). - nilfs2: fix potential deadlock with newly created symlinks (git-fixes). - nouveau/dp: handle retries for AUX CH transfers with GSP (git-fixes). - nouveau: fw: sync dma after setup is called (git-fixes). - nouveau: handle EBUSY and EAGAIN for GSP aux errors (git-fixes). - ntfs3: Add bounds checking to mi_enum_attr() (bsc#1233207) - nvme-fabrics: fix kernel crash while shutting down controller (git-fixes). - nvme-loop: flush off pending I/O while shutting down loop controller (git-fixes). - nvme-pci: fix freeing of the HMB descriptor table (git-fixes). - nvme-pci: reverse request order in nvme_queue_rqs (git-fixes). - nvme/host: Fix RCU list traversal to use SRCU primitive (git-fixes). - nvme: tcp: avoid race between queue_lock lock and destroy (git-fixes). - ocfs2: fix UBSAN warning in ocfs2_verify_volume() (git-fixes). - ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() (git-fixes). - ocfs2: uncache inode which has failed entering the group (git-fixes). - of: Add cleanup.h based auto release via __free(device_node) markings (bsc#1232386) - pci: Add T_PVPERL macro (git-fixes). - pci: Fix reset_method_store() memory leak (git-fixes). - pci: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf() (git-fixes). - pci: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds (git-fixes). - pci: keystone: Add link up check to ks_pcie_other_map_bus() (git-fixes). - pci: keystone: Set mode as Root Complex for 'ti,keystone-pcie' compatible (git-fixes). - pci: rockchip-ep: Fix address translation unit programming (git-fixes). - pinctrl: k210: Undef K210_PC_DEFAULT (git-fixes). - pinctrl: qcom: spmi: fix debugfs drive strength (git-fixes). - pinctrl: zynqmp: drop excess struct member description (git-fixes). - platform/chrome: cros_ec_typec: fix missing fwnode reference decrement (git-fixes). - platform/x86/amd/pmc: Detect when STB is not available (git-fixes). - platform/x86: panasonic-laptop: Return errno correctly in show callback (git-fixes). - posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone (bsc#1234098). - power: supply: bq27xxx: Fix registers of bq27426 (git-fixes). - power: supply: core: Remove might_sleep() from power_supply_put() (git-fixes). - power: supply: rt9471: Fix wrong WDT function regfield declaration (git-fixes). - power: supply: rt9471: Use IC status regfield to report real charger status (git-fixes). - powerpc/64s: Fix unnecessary copy to 0 when kernel is booted at address 0 (bsc#1215199). - powerpc/atomic: Use YZ constraints for DS-form instructions (bsc#1194869). - powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init() (bsc#1215199). - powerpc/fadump: Refactor and prepare fadump_cma_init for late init (bsc#1215199). - powerpc/kexec: Fix return of uninitialized variable (bsc#1194869). - powerpc/mm/fault: Fix kfence page fault reporting (bsc#1194869). - powerpc/mm: Fix boot crash with FLATMEM (bsc#1194869). - powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL (bsc#1194869). - powerpc/powernv: Free name on error in opal_event_init() (bsc#1194869). - powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector (bsc#1194869). - powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore (bsc#1194869). - powerpc/pseries: Use correct data types from pseries_hp_errorlog struct (bsc#1215199). - powerpc/vdso: Inconditionally use CFUNC macro (bsc#1215199). - pwm: imx-tpm: Use correct MODULO value for EPWM mode (git-fixes). - rdma/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (git-fixes) - rdma/hns: Add mutex_destroy() (git-fixes) - rdma/hns: Disassociate mmap pages for all uctx when HW is being reset (git-fixes) - rdma/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (git-fixes) - rdma/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci (git-fixes) - rdma/hns: Fix cpu stuck caused by printings during reset (git-fixes) - rdma/hns: Fix different dgids mapping to the same dip_idx (git-fixes) - rdma/hns: Fix flush cqe error when racing with destroy qp (git-fixes) - rdma/hns: Fix out-of-order issue of requester when setting FENCE (git-fixes) - rdma/hns: Use dev_* printings in hem code instead of ibdev_* (git-fixes) - rdma/hns: Use macro instead of magic number (git-fixes) - rdma/mlx5: Move events notifier registration to be after device registration (git-fixes) - rdma/rxe: Fix the qp flush warnings in req (git-fixes) - rdma/rxe: Set queue pair cur_qp_state when being queried (git-fixes) - rdma/siw: Add sendpage_ok() check to disable MSG_SPLICE_PAGES (git-fixes) - regmap: detach regmap from dev on regmap_exit (git-fixes). - regmap: irq: Set lockdep class for hierarchical IRQ domains (git-fixes). - rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644) - rtc: ab-eoz9: do not fail temperature reads on undervoltage notification (git-fixes). - rtc: abx80x: Fix WDT bit position of the status register (git-fixes). - rtc: bbnsm: add remove hook (git-fixes). - rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (git-fixes). - rtc: rzn1: fix BCD to rtc_time conversion errors (git-fixes). - rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - scsi: NCR5380: Check for phase match during PDMA fixup (git-fixes). - scsi: NCR5380: Initialize buffer for MSG IN and STATUS transfers (git-fixes). - scsi: Remove scsi device no_start_on_resume flag (git-fixes). - scsi: aacraid: Rearrange order of struct aac_srb_unit (git-fixes). - scsi: cdrom: kABI: fix cdrom_dev_ops change (git-fixes). - scsi: core: Disable CDL by default (git-fixes). - scsi: core: Fix handling of SCMD_FAIL_IF_RECOVERING (git-fixes). - scsi: core: Fix the return value of scsi_logical_block_count() (git-fixes). - scsi: core: Handle devices which return an unusually large VPD page count (git-fixes). - scsi: core: alua: I/O errors for ALUA state transitions (git-fixes). - scsi: hisi_sas: Handle the NCQ error returned by D2H frame (git-fixes). - scsi: hpsa: Fix allocation size for Scsi_Host private data (git-fixes). - scsi: kABI: restore no_start_on_resume to scsi_device (git-fixes). - scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (git-fixes). - scsi: libsas: Fix the failure of adding phy with zero-address to port (git-fixes). - scsi: lpfc: Add cleanup of nvmels_wq after HBA reset (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Add cleanup of nvmels_wq after HBA reset (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod paths (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod paths (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting follow up FDMI (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting follow up FDMI (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Check devloss callbk done flag for potential stale NDLP ptrs (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Check devloss callbk done flag for potential stale NDLP ptrs (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Copyright updates for 14.4.0.6 patches (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Copyright updates for 14.4.0.6 patches (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Modify CGN warning signal calculation based on EDC response (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Modify CGN warning signal calculation based on EDC response (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Prevent NDLP reference count underflow in dev_loss_tmo callback (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Prevent NDLP reference count underflow in dev_loss_tmo callback (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Update lpfc version to 14.4.0.6 (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Update lpfc version to 14.4.0.6 (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Update lpfc_els_flush_cmd() to check for SLI_ACTIVE before BSG flag (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Update lpfc_els_flush_cmd() to check for SLI_ACTIVE before BSG flag (bsc#1233241 jsc#PED-9943). - scsi: mac_scsi: Disallow bus errors during PDMA send (git-fixes). - scsi: mac_scsi: Refactor polling loop (git-fixes). - scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages (git-fixes). - scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES (git-fixes). - scsi: mpi3mr: Avoid memcpy field-spanning write WARNING (git-fixes). - scsi: mpi3mr: Avoid possible run-time warning with long manufacturer strings (git-fixes). - scsi: mpi3mr: Fix ATA NCQ priority support (git-fixes). - scsi: mpi3mr: Validate SAS port assignments (git-fixes). - scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (git-fixes). - scsi: pm8001: Do not overwrite PCI queue mapping (git-fixes). - scsi: pm80xx: Set phy->enable_completion only when we wait for it (git-fixes). - scsi: qedf: Set qed_slowpath_params to zero before use (git-fixes). - scsi: scsi_transport_fc: Allow setting rport state to current state (git-fixes). - scsi: sd: Ignore command SYNCHRONIZE CACHE error if format in progress (git-fixes). - scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer (git-fixes). - scsi: smartpqi: correct stream detection (git-fixes). - scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly (git-fixes). - scsi: spi: Fix sshdr use (git-fixes). - scsi: sr: Fix unintentional arithmetic wraparound (git-fixes). - scsi: wd33c93: Do not use stale scsi_pointer value (git-fixes). - security/keys: fix slab-out-of-bounds in key_task_permission (git-fixes). - serial: 8250: omap: Move pm_runtime_get_sync (git-fixes). - signal: Replace BUG_ON()s (bsc#1234093). - soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting() (git-fixes). - soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (git-fixes). - soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - spi: Fix acpi deferred irq probe (git-fixes). - spi: atmel-quadspi: Fix register name in verbose logging function (git-fixes). - spi: mpc52xx: Add cancel_work_sync before module remove (git-fixes). - spi: tegra210-quad: Avoid shift-out-of-bounds (git-fixes). - sunrpc: Remove BUG_ON call sites (git-fixes). - tcp: Fix refcnt handling in __inet_hash_connect() (git-fixes). - thermal: core: Initialize thermal zones before registering them (git-fixes). - thermal: int3400: Fix reading of current_uuid for active policy (git-fixes). - thermal: intel: int340x: processor: Fix warning during module unload (git-fixes). - thunderbolt: Honor TMU requirements in the domain when setting TMU mode (stable-fixes). - tools/lib/thermal: Fix sampling handler context ptr (git-fixes). - tools/power turbostat: Fix trailing '\n' parsing (git-fixes). - tools/power turbostat: Increase the limit for fd opened (bsc#1233119). - tpm: Lock TPM chip in tpm_pm_suspend() first (bsc#1082555 git-fixes). - tpm: fix signed/unsigned bug when checking event logs (git-fixes). - tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler (git-fixes). - u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file (git-fixes). - ucounts: fix counter leak in inc_rlimit_get_ucounts() (bsc#1233460). - unicode: Fix utf8_load() error path (git-fixes). - usb: chaoskey: Fix possible deadlock chaoskey_list_lock (git-fixes). - usb: chaoskey: fail open after removal (git-fixes). - usb: dwc3: gadget: Add missing check for single port RAM in TxFIFO resizing logic (git-fixes). - usb: dwc3: gadget: Fix checking for number of TRBs left (git-fixes). - usb: dwc3: gadget: Fix looping of queued SG entries (git-fixes). - usb: ehci-spear: fix call balance of sehci clk handling routines (git-fixes). - usb: gadget: dummy-hcd: Fix 'task hung' problem (git-fixes). - usb: gadget: dummy_hcd: Set transfer interval to 1 microframe (stable-fixes). - usb: gadget: dummy_hcd: Switch to hrtimer transfer scheduler (stable-fixes). - usb: gadget: dummy_hcd: execute hrtimer callback in softirq context (git-fixes). - usb: musb: Fix hardware lockup on first Rx endpoint request (git-fixes). - usb: musb: sunxi: Fix accessing an released usb phy (git-fixes). - usb: serial: ftdi_sio: Fix atomicity violation in get_serial_info() (git-fixes). - usb: serial: io_edgeport: fix use after free in debug printk (git-fixes). - usb: serial: option: add Fibocom FG132 0x0112 composition (stable-fixes). - usb: serial: option: add Quectel RG650V (stable-fixes). - usb: serial: qcserial: add support for Sierra Wireless EM86xx (stable-fixes). - usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() (git-fixes). - usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() (git-fixes). - usb: xhci: Fix TD invalidation under pending Set TR Dequeue (git-fixes). - usb: yurex: make waiting on yurex_write interruptible (git-fixes). - vsock: Update msg_count on read_skb() (git-fixes). - watchdog: apple: Actually flush writes after requesting watchdog restart (git-fixes). - watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() (git-fixes). - watchdog: rti: of: honor timeout-sec property (git-fixes). - wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 (git-fixes). - wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 (git-fixes). - wifi: ath11k: Fix CE offset address calculation for WCN6750 in SSR (git-fixes). - wifi: ath12k: Skip Rx TID cleanup for self peer (git-fixes). - wifi: ath12k: fix crash when unbinding (git-fixes). - wifi: ath12k: fix warning when unbinding (git-fixes). - wifi: ath12k: remove msdu_end structure for WCN7850 (git-fixes). - wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (git-fixes). - wifi: brcmfmac: release 'root' node in all execution paths (git-fixes). - wifi: cw1200: Fix potential NULL dereference (git-fixes). - wifi: iwlegacy: Clear stale interrupts before resuming device (stable-fixes). - wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (git-fixes). - wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - wifi: wfx: Fix error handling in wfx_core_init() (git-fixes). - x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client (bsc#1233443). - x86/microcode/intel: Remove unnecessary cache writeback and invalidation (git-fixes). - x86/resctrl: Remove hard-coded memory bandwidth limit (git-fixes). - x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments() (git-fixes). - x86/tdx: Dynamically disable SEPT violations from causing #VEs (git-fixes). - x86/tdx: Enable CPU topology enumeration (git-fixes). - x86/tdx: Introduce wrappers to read and write TD metadata (git-fixes). - x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup() (git-fixes). - x86/traps: move kmsan check after instrumentation_begin (git-fixes). - x86: Increase brk randomness entropy for 64-bit systems (git-fixes). - x86: fix off-by-one in access_ok() (git-fixes). - xfrm: Export symbol xfrm_dev_state_delete (bsc#1233754). - xfrm: Fix unregister netdevice hang on hardware offload (bsc#1233754). Important SUSE bug 1012628 SUSE bug 1082555 SUSE bug 1194869 SUSE bug 1215199 SUSE bug 1218644 SUSE bug 1220355 SUSE bug 1221309 SUSE bug 1222423 SUSE bug 1222587 SUSE bug 1222590 SUSE bug 1223112 SUSE bug 1223656 SUSE bug 1223733 SUSE bug 1224429 SUSE bug 1224518 SUSE bug 1224548 SUSE bug 1224948 SUSE bug 1225713 SUSE bug 1225725 SUSE bug 1225730 SUSE bug 1225742 SUSE bug 1225764 SUSE bug 1225768 SUSE bug 1225813 SUSE bug 1225903 SUSE bug 1226130 SUSE bug 1226748 SUSE bug 1226872 SUSE bug 1227726 SUSE bug 1227842 SUSE bug 1228430 SUSE bug 1228850 SUSE bug 1229165 SUSE bug 1230231 SUSE bug 1230557 SUSE bug 1230558 SUSE bug 1230733 SUSE bug 1230807 SUSE bug 1230817 SUSE bug 1230827 SUSE bug 1230971 SUSE bug 1231076 SUSE bug 1231114 SUSE bug 1231182 SUSE bug 1231453 SUSE bug 1231465 SUSE bug 1231630 SUSE bug 1231920 SUSE bug 1231930 SUSE bug 1231946 SUSE bug 1231952 SUSE bug 1232079 SUSE bug 1232096 SUSE bug 1232103 SUSE bug 1232104 SUSE bug 1232149 SUSE bug 1232157 SUSE bug 1232165 SUSE bug 1232166 SUSE bug 1232198 SUSE bug 1232199 SUSE bug 1232201 SUSE bug 1232207 SUSE bug 1232224 SUSE bug 1232258 SUSE bug 1232259 SUSE bug 1232264 SUSE bug 1232272 SUSE bug 1232305 SUSE bug 1232307 SUSE bug 1232318 SUSE bug 1232335 SUSE bug 1232337 SUSE bug 1232352 SUSE bug 1232354 SUSE bug 1232355 SUSE bug 1232357 SUSE bug 1232358 SUSE bug 1232361 SUSE bug 1232366 SUSE bug 1232367 SUSE bug 1232368 SUSE bug 1232371 SUSE bug 1232374 SUSE bug 1232385 SUSE bug 1232386 SUSE bug 1232387 SUSE bug 1232396 SUSE bug 1232413 SUSE bug 1232416 SUSE bug 1232436 SUSE bug 1232442 SUSE bug 1232446 SUSE bug 1232483 SUSE bug 1232494 SUSE bug 1232498 SUSE bug 1232499 SUSE bug 1232500 SUSE bug 1232501 SUSE bug 1232502 SUSE bug 1232704 SUSE bug 1232757 SUSE bug 1232819 SUSE bug 1232823 SUSE bug 1232860 SUSE bug 1232869 SUSE bug 1232870 SUSE bug 1232873 SUSE bug 1232876 SUSE bug 1232877 SUSE bug 1232878 SUSE bug 1232880 SUSE bug 1232881 SUSE bug 1232884 SUSE bug 1232885 SUSE bug 1232887 SUSE bug 1232888 SUSE bug 1232890 SUSE bug 1232892 SUSE bug 1232894 SUSE bug 1232896 SUSE bug 1232897 SUSE bug 1232905 SUSE bug 1232907 SUSE bug 1232914 SUSE bug 1232919 SUSE bug 1232925 SUSE bug 1232926 SUSE bug 1232928 SUSE bug 1232935 SUSE bug 1233029 SUSE bug 1233032 SUSE bug 1233035 SUSE bug 1233036 SUSE bug 1233041 SUSE bug 1233044 SUSE bug 1233049 SUSE bug 1233050 SUSE bug 1233051 SUSE bug 1233056 SUSE bug 1233057 SUSE bug 1233061 SUSE bug 1233062 SUSE bug 1233063 SUSE bug 1233065 SUSE bug 1233067 SUSE bug 1233070 SUSE bug 1233073 SUSE bug 1233074 SUSE bug 1233088 SUSE bug 1233091 SUSE bug 1233092 SUSE bug 1233097 SUSE bug 1233100 SUSE bug 1233103 SUSE bug 1233104 SUSE bug 1233105 SUSE bug 1233106 SUSE bug 1233107 SUSE bug 1233108 SUSE bug 1233110 SUSE bug 1233111 SUSE bug 1233113 SUSE bug 1233114 SUSE bug 1233115 SUSE bug 1233117 SUSE bug 1233119 SUSE bug 1233123 SUSE bug 1233125 SUSE bug 1233127 SUSE bug 1233129 SUSE bug 1233130 SUSE bug 1233132 SUSE bug 1233135 SUSE bug 1233176 SUSE bug 1233179 SUSE bug 1233185 SUSE bug 1233188 SUSE bug 1233189 SUSE bug 1233191 SUSE bug 1233193 SUSE bug 1233197 SUSE bug 1233201 SUSE bug 1233203 SUSE bug 1233204 SUSE bug 1233205 SUSE bug 1233206 SUSE bug 1233207 SUSE bug 1233208 SUSE bug 1233209 SUSE bug 1233210 SUSE bug 1233211 SUSE bug 1233212 SUSE bug 1233216 SUSE bug 1233217 SUSE bug 1233219 SUSE bug 1233226 SUSE bug 1233238 SUSE bug 1233241 SUSE bug 1233244 SUSE bug 1233253 SUSE bug 1233255 SUSE bug 1233293 SUSE bug 1233298 SUSE bug 1233305 SUSE bug 1233320 SUSE bug 1233350 SUSE bug 1233443 SUSE bug 1233452 SUSE bug 1233453 SUSE bug 1233454 SUSE bug 1233456 SUSE bug 1233457 SUSE bug 1233458 SUSE bug 1233460 SUSE bug 1233462 SUSE bug 1233463 SUSE bug 1233464 SUSE bug 1233465 SUSE bug 1233468 SUSE bug 1233471 SUSE bug 1233476 SUSE bug 1233478 SUSE bug 1233479 SUSE bug 1233481 SUSE bug 1233484 SUSE bug 1233485 SUSE bug 1233487 SUSE bug 1233490 SUSE bug 1233491 SUSE bug 1233523 SUSE bug 1233524 SUSE bug 1233540 SUSE bug 1233547 SUSE bug 1233548 SUSE bug 1233550 SUSE bug 1233552 SUSE bug 1233553 SUSE bug 1233554 SUSE bug 1233555 SUSE bug 1233557 SUSE bug 1233560 SUSE bug 1233561 SUSE bug 1233564 SUSE bug 1233566 SUSE bug 1233567 SUSE bug 1233568 SUSE bug 1233570 SUSE bug 1233572 SUSE bug 1233573 SUSE bug 1233577 SUSE bug 1233580 SUSE bug 1233640 SUSE bug 1233641 SUSE bug 1233642 SUSE bug 1233721 SUSE bug 1233754 SUSE bug 1233756 SUSE bug 1233769 SUSE bug 1233771 SUSE bug 1233977 SUSE bug 1234009 SUSE bug 1234011 SUSE bug 1234012 SUSE bug 1234025 SUSE bug 1234039 SUSE bug 1234040 SUSE bug 1234041 SUSE bug 1234042 SUSE bug 1234043 SUSE bug 1234044 SUSE bug 1234045 SUSE bug 1234046 SUSE bug 1234072 SUSE bug 1234078 SUSE bug 1234081 SUSE bug 1234083 SUSE bug 1234085 SUSE bug 1234087 SUSE bug 1234093 SUSE bug 1234098 SUSE bug 1234108 SUSE bug 1234121 SUSE bug 1234223 CVE-2023-52778 at SUSE CVE-2023-52778 at NVD CVE-2023-52920 at SUSE CVE-2023-52920 at NVD CVE-2023-52921 at SUSE CVE-2023-52921 at NVD CVE-2023-52922 at SUSE CVE-2023-52922 at NVD CVE-2024-26596 at SUSE CVE-2024-26596 at NVD CVE-2024-26703 at SUSE CVE-2024-26703 at NVD CVE-2024-26741 at SUSE CVE-2024-26741 at NVD CVE-2024-26782 at SUSE CVE-2024-26782 at NVD CVE-2024-26864 at SUSE CVE-2024-26864 at NVD CVE-2024-26953 at SUSE CVE-2024-26953 at NVD CVE-2024-27017 at SUSE CVE-2024-27017 at NVD CVE-2024-27407 at SUSE CVE-2024-27407 at NVD CVE-2024-35888 at SUSE CVE-2024-35888 at NVD CVE-2024-36000 at SUSE CVE-2024-36000 at NVD CVE-2024-36031 at SUSE CVE-2024-36031 at NVD CVE-2024-36484 at SUSE CVE-2024-36484 at NVD CVE-2024-36883 at SUSE CVE-2024-36883 at NVD CVE-2024-36886 at SUSE CVE-2024-36886 at NVD CVE-2024-36905 at SUSE CVE-2024-36905 at NVD CVE-2024-36920 at SUSE CVE-2024-36920 at NVD CVE-2024-36927 at SUSE CVE-2024-36927 at NVD CVE-2024-36954 at SUSE CVE-2024-36954 at NVD CVE-2024-36968 at SUSE CVE-2024-36968 at NVD CVE-2024-38589 at SUSE CVE-2024-38589 at NVD CVE-2024-40914 at SUSE CVE-2024-40914 at NVD CVE-2024-41023 at SUSE CVE-2024-41023 at NVD CVE-2024-42102 at SUSE CVE-2024-42102 at NVD CVE-2024-44995 at SUSE CVE-2024-44995 at NVD CVE-2024-46680 at SUSE CVE-2024-46680 at NVD CVE-2024-46681 at SUSE CVE-2024-46681 at NVD CVE-2024-46765 at SUSE CVE-2024-46765 at NVD CVE-2024-46788 at SUSE CVE-2024-46788 at NVD CVE-2024-46800 at SUSE CVE-2024-46800 at NVD CVE-2024-46828 at SUSE CVE-2024-46828 at NVD CVE-2024-46845 at SUSE CVE-2024-46845 at NVD CVE-2024-47666 at SUSE CVE-2024-47666 at NVD CVE-2024-47679 at SUSE CVE-2024-47679 at NVD CVE-2024-47701 at SUSE CVE-2024-47701 at NVD CVE-2024-47703 at SUSE CVE-2024-47703 at NVD CVE-2024-49852 at SUSE CVE-2024-49852 at NVD CVE-2024-49866 at SUSE CVE-2024-49866 at NVD CVE-2024-49868 at SUSE CVE-2024-49868 at NVD CVE-2024-49881 at SUSE CVE-2024-49881 at NVD CVE-2024-49883 at SUSE CVE-2024-49883 at NVD CVE-2024-49884 at SUSE CVE-2024-49884 at NVD CVE-2024-49894 at SUSE CVE-2024-49894 at NVD CVE-2024-49895 at SUSE CVE-2024-49895 at NVD CVE-2024-49897 at SUSE CVE-2024-49897 at NVD CVE-2024-49899 at SUSE CVE-2024-49899 at NVD CVE-2024-49901 at SUSE CVE-2024-49901 at NVD CVE-2024-49905 at SUSE CVE-2024-49905 at NVD CVE-2024-49908 at SUSE CVE-2024-49908 at NVD CVE-2024-49909 at SUSE CVE-2024-49909 at NVD CVE-2024-49911 at SUSE CVE-2024-49911 at NVD CVE-2024-49912 at SUSE CVE-2024-49912 at NVD CVE-2024-49913 at SUSE CVE-2024-49913 at NVD CVE-2024-49921 at SUSE CVE-2024-49921 at NVD CVE-2024-49922 at SUSE CVE-2024-49922 at NVD CVE-2024-49923 at SUSE CVE-2024-49923 at NVD CVE-2024-49925 at SUSE CVE-2024-49925 at NVD CVE-2024-49933 at SUSE CVE-2024-49933 at NVD CVE-2024-49934 at SUSE CVE-2024-49934 at NVD CVE-2024-49944 at SUSE CVE-2024-49944 at NVD CVE-2024-49945 at SUSE CVE-2024-49945 at NVD CVE-2024-49952 at SUSE CVE-2024-49952 at NVD CVE-2024-49959 at SUSE CVE-2024-49959 at NVD CVE-2024-49968 at SUSE CVE-2024-49968 at NVD CVE-2024-49975 at SUSE CVE-2024-49975 at NVD CVE-2024-49976 at SUSE CVE-2024-49976 at NVD CVE-2024-49983 at SUSE CVE-2024-49983 at NVD CVE-2024-49987 at SUSE CVE-2024-49987 at NVD CVE-2024-49989 at SUSE CVE-2024-49989 at NVD CVE-2024-50003 at SUSE CVE-2024-50003 at NVD CVE-2024-50004 at SUSE CVE-2024-50004 at NVD CVE-2024-50006 at SUSE CVE-2024-50006 at NVD CVE-2024-50009 at SUSE CVE-2024-50009 at NVD CVE-2024-50012 at SUSE CVE-2024-50012 at NVD CVE-2024-50014 at SUSE CVE-2024-50014 at NVD CVE-2024-50015 at SUSE CVE-2024-50015 at NVD CVE-2024-50026 at SUSE CVE-2024-50026 at NVD CVE-2024-50067 at SUSE CVE-2024-50067 at NVD CVE-2024-50080 at SUSE CVE-2024-50080 at NVD CVE-2024-50081 at SUSE CVE-2024-50081 at NVD CVE-2024-50082 at SUSE CVE-2024-50082 at NVD CVE-2024-50084 at SUSE CVE-2024-50084 at NVD CVE-2024-50087 at SUSE CVE-2024-50087 at NVD CVE-2024-50088 at SUSE CVE-2024-50088 at NVD CVE-2024-50089 at SUSE CVE-2024-50089 at NVD CVE-2024-50093 at SUSE CVE-2024-50093 at NVD CVE-2024-50095 at SUSE CVE-2024-50095 at NVD CVE-2024-50096 at SUSE CVE-2024-50096 at NVD CVE-2024-50098 at SUSE CVE-2024-50098 at NVD CVE-2024-50099 at SUSE CVE-2024-50099 at NVD CVE-2024-50100 at SUSE CVE-2024-50100 at NVD CVE-2024-50101 at SUSE CVE-2024-50101 at NVD CVE-2024-50102 at SUSE CVE-2024-50102 at NVD CVE-2024-50103 at SUSE CVE-2024-50103 at NVD CVE-2024-50108 at SUSE CVE-2024-50108 at NVD CVE-2024-50110 at SUSE CVE-2024-50110 at NVD CVE-2024-50115 at SUSE CVE-2024-50115 at NVD CVE-2024-50116 at SUSE CVE-2024-50116 at NVD CVE-2024-50117 at SUSE CVE-2024-50117 at NVD CVE-2024-50121 at SUSE CVE-2024-50121 at NVD CVE-2024-50124 at SUSE CVE-2024-50124 at NVD CVE-2024-50125 at SUSE CVE-2024-50125 at NVD CVE-2024-50127 at SUSE CVE-2024-50127 at NVD CVE-2024-50128 at SUSE CVE-2024-50128 at NVD CVE-2024-50130 at SUSE CVE-2024-50130 at NVD CVE-2024-50131 at SUSE CVE-2024-50131 at NVD CVE-2024-50134 at SUSE CVE-2024-50134 at NVD CVE-2024-50135 at SUSE CVE-2024-50135 at NVD CVE-2024-50136 at SUSE CVE-2024-50136 at NVD CVE-2024-50138 at SUSE CVE-2024-50138 at NVD CVE-2024-50139 at SUSE CVE-2024-50139 at NVD CVE-2024-50141 at SUSE CVE-2024-50141 at NVD CVE-2024-50145 at SUSE CVE-2024-50145 at NVD CVE-2024-50146 at SUSE CVE-2024-50146 at NVD CVE-2024-50147 at SUSE CVE-2024-50147 at NVD CVE-2024-50148 at SUSE CVE-2024-50148 at NVD CVE-2024-50150 at SUSE CVE-2024-50150 at NVD CVE-2024-50153 at SUSE CVE-2024-50153 at NVD CVE-2024-50154 at SUSE CVE-2024-50154 at NVD CVE-2024-50155 at SUSE CVE-2024-50155 at NVD CVE-2024-50156 at SUSE CVE-2024-50156 at NVD CVE-2024-50157 at SUSE CVE-2024-50157 at NVD CVE-2024-50158 at SUSE CVE-2024-50158 at NVD CVE-2024-50159 at SUSE CVE-2024-50159 at NVD CVE-2024-50160 at SUSE CVE-2024-50160 at NVD CVE-2024-50166 at SUSE CVE-2024-50166 at NVD CVE-2024-50167 at SUSE CVE-2024-50167 at NVD CVE-2024-50169 at SUSE CVE-2024-50169 at NVD CVE-2024-50171 at SUSE CVE-2024-50171 at NVD CVE-2024-50172 at SUSE CVE-2024-50172 at NVD CVE-2024-50175 at SUSE CVE-2024-50175 at NVD CVE-2024-50176 at SUSE CVE-2024-50176 at NVD CVE-2024-50177 at SUSE CVE-2024-50177 at NVD CVE-2024-50179 at SUSE CVE-2024-50179 at NVD CVE-2024-50180 at SUSE CVE-2024-50180 at NVD CVE-2024-50181 at SUSE CVE-2024-50181 at NVD CVE-2024-50182 at SUSE CVE-2024-50182 at NVD CVE-2024-50183 at SUSE CVE-2024-50183 at NVD CVE-2024-50184 at SUSE CVE-2024-50184 at NVD CVE-2024-50186 at SUSE CVE-2024-50186 at NVD CVE-2024-50187 at SUSE CVE-2024-50187 at NVD CVE-2024-50188 at SUSE CVE-2024-50188 at NVD CVE-2024-50189 at SUSE CVE-2024-50189 at NVD CVE-2024-50192 at SUSE CVE-2024-50192 at NVD CVE-2024-50194 at SUSE CVE-2024-50194 at NVD CVE-2024-50195 at SUSE CVE-2024-50195 at NVD CVE-2024-50196 at SUSE CVE-2024-50196 at NVD CVE-2024-50198 at SUSE CVE-2024-50198 at NVD CVE-2024-50200 at SUSE CVE-2024-50200 at NVD CVE-2024-50201 at SUSE CVE-2024-50201 at NVD CVE-2024-50205 at SUSE CVE-2024-50205 at NVD CVE-2024-50208 at SUSE CVE-2024-50208 at NVD CVE-2024-50209 at SUSE CVE-2024-50209 at NVD CVE-2024-50210 at SUSE CVE-2024-50210 at NVD CVE-2024-50215 at SUSE CVE-2024-50215 at NVD CVE-2024-50216 at SUSE CVE-2024-50216 at NVD CVE-2024-50218 at SUSE CVE-2024-50218 at NVD CVE-2024-50221 at SUSE CVE-2024-50221 at NVD CVE-2024-50224 at SUSE CVE-2024-50224 at NVD CVE-2024-50225 at SUSE CVE-2024-50225 at NVD CVE-2024-50228 at SUSE CVE-2024-50228 at NVD CVE-2024-50229 at SUSE CVE-2024-50229 at NVD CVE-2024-50230 at SUSE CVE-2024-50230 at NVD CVE-2024-50231 at SUSE CVE-2024-50231 at NVD CVE-2024-50232 at SUSE CVE-2024-50232 at NVD CVE-2024-50233 at SUSE CVE-2024-50233 at NVD CVE-2024-50234 at SUSE CVE-2024-50234 at NVD CVE-2024-50235 at SUSE CVE-2024-50235 at NVD CVE-2024-50236 at SUSE CVE-2024-50236 at NVD CVE-2024-50237 at SUSE CVE-2024-50237 at NVD CVE-2024-50240 at SUSE CVE-2024-50240 at NVD CVE-2024-50245 at SUSE CVE-2024-50245 at NVD CVE-2024-50246 at SUSE CVE-2024-50246 at NVD CVE-2024-50248 at SUSE CVE-2024-50248 at NVD CVE-2024-50249 at SUSE CVE-2024-50249 at NVD CVE-2024-50250 at SUSE CVE-2024-50250 at NVD CVE-2024-50252 at SUSE CVE-2024-50252 at NVD CVE-2024-50255 at SUSE CVE-2024-50255 at NVD CVE-2024-50257 at SUSE CVE-2024-50257 at NVD CVE-2024-50261 at SUSE CVE-2024-50261 at NVD CVE-2024-50264 at SUSE CVE-2024-50264 at NVD CVE-2024-50265 at SUSE CVE-2024-50265 at NVD CVE-2024-50267 at SUSE CVE-2024-50267 at NVD CVE-2024-50268 at SUSE CVE-2024-50268 at NVD CVE-2024-50269 at SUSE CVE-2024-50269 at NVD CVE-2024-50271 at SUSE CVE-2024-50271 at NVD CVE-2024-50273 at SUSE CVE-2024-50273 at NVD CVE-2024-50274 at SUSE CVE-2024-50274 at NVD CVE-2024-50275 at SUSE CVE-2024-50275 at NVD CVE-2024-50276 at SUSE CVE-2024-50276 at NVD CVE-2024-50279 at SUSE CVE-2024-50279 at NVD CVE-2024-50282 at SUSE CVE-2024-50282 at NVD CVE-2024-50287 at SUSE CVE-2024-50287 at NVD CVE-2024-50289 at SUSE CVE-2024-50289 at NVD CVE-2024-50290 at SUSE CVE-2024-50290 at NVD CVE-2024-50292 at SUSE CVE-2024-50292 at NVD CVE-2024-50295 at SUSE CVE-2024-50295 at NVD CVE-2024-50296 at SUSE CVE-2024-50296 at NVD CVE-2024-50298 at SUSE CVE-2024-50298 at NVD CVE-2024-50301 at SUSE CVE-2024-50301 at NVD CVE-2024-50302 at SUSE CVE-2024-50302 at NVD CVE-2024-53042 at SUSE CVE-2024-53042 at NVD CVE-2024-53043 at SUSE CVE-2024-53043 at NVD CVE-2024-53045 at SUSE CVE-2024-53045 at NVD CVE-2024-53048 at SUSE CVE-2024-53048 at NVD CVE-2024-53051 at SUSE CVE-2024-53051 at NVD CVE-2024-53052 at SUSE CVE-2024-53052 at NVD CVE-2024-53055 at SUSE CVE-2024-53055 at NVD CVE-2024-53056 at SUSE CVE-2024-53056 at NVD CVE-2024-53058 at SUSE CVE-2024-53058 at NVD CVE-2024-53059 at SUSE CVE-2024-53059 at NVD CVE-2024-53060 at SUSE CVE-2024-53060 at NVD CVE-2024-53061 at SUSE CVE-2024-53061 at NVD CVE-2024-53063 at SUSE CVE-2024-53063 at NVD CVE-2024-53066 at SUSE CVE-2024-53066 at NVD CVE-2024-53068 at SUSE CVE-2024-53068 at NVD CVE-2024-53072 at SUSE CVE-2024-53072 at NVD CVE-2024-53074 at SUSE CVE-2024-53074 at NVD CVE-2024-53076 at SUSE CVE-2024-53076 at NVD CVE-2024-53079 at SUSE CVE-2024-53079 at NVD CVE-2024-53081 at SUSE CVE-2024-53081 at NVD CVE-2024-53082 at SUSE CVE-2024-53082 at NVD CVE-2024-53085 at SUSE CVE-2024-53085 at NVD CVE-2024-53088 at SUSE CVE-2024-53088 at NVD CVE-2024-53093 at SUSE CVE-2024-53093 at NVD CVE-2024-53094 at SUSE CVE-2024-53094 at NVD CVE-2024-53095 at SUSE CVE-2024-53095 at NVD CVE-2024-53096 at SUSE CVE-2024-53096 at NVD CVE-2024-53100 at SUSE CVE-2024-53100 at NVD CVE-2024-53101 at SUSE CVE-2024-53101 at NVD CVE-2024-53104 at SUSE CVE-2024-53104 at NVD CVE-2024-53106 at SUSE CVE-2024-53106 at NVD CVE-2024-53108 at SUSE CVE-2024-53108 at NVD CVE-2024-53110 at SUSE CVE-2024-53110 at NVD CVE-2024-53112 at SUSE CVE-2024-53112 at NVD CVE-2024-53114 at SUSE CVE-2024-53114 at NVD CVE-2024-53121 at SUSE CVE-2024-53121 at NVD CVE-2024-53138 at SUSE CVE-2024-53138 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52778: mptcp: deal with large GSO size (bsc#1224948). - CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking (bsc#1232823). - CVE-2024-26596: net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events (bsc#1220355). - CVE-2024-26741: dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished() (bsc#1222587). - CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590). - CVE-2024-26953: net: esp: fix bad handling of pages from page_pool (bsc#1223656). - CVE-2024-27017: netfilter: nft_set_pipapo: walk over current view on netlink dump (bsc#1223733). - CVE-2024-35888: erspan: make sure erspan_base_hdr is present in skb->head (bsc#1224518). - CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548). - CVE-2024-36883: net: fix out-of-bounds access in ops_init (bsc#1225725). - CVE-2024-36886: tipc: fix UAF in error path (bsc#1225730). - CVE-2024-36905: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (bsc#1225742). - CVE-2024-36927: ipv4: Fix uninit-value access in __ip_make_skb() (bsc#1225813). - CVE-2024-36954: tipc: fix a possible memleak in tipc_buf_append (bsc#1225764). - CVE-2024-36968: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() (bsc#1226130). - CVE-2024-38589: netrom: fix possible dead-lock in nr_rt_ioctl() (bsc#1226748). - CVE-2024-40914: mm/huge_memory: do not unpoison huge_zero_folio (bsc#1227842). - CVE-2024-41023: sched/deadline: Fix task_struct reference leak (bsc#1228430). - CVE-2024-42102: Revert 'mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again' (bsc#1233132). - CVE-2024-44995: net: hns3: fix a deadlock problem when config TC during resetting (bsc#1230231). - CVE-2024-46680: Bluetooth: btnxpuart: Fix random crash seen while removing driver (bsc#1230557). - CVE-2024-46681: pktgen: use cpus_read_lock() in pg_net_init() (bsc#1230558). - CVE-2024-46765: ice: protect XDP configuration with a mutex (bsc#1230807). - CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827). - CVE-2024-47679: vfs: fix race between evice_inodes() and find_inode()&iput() (bsc#1231930). - CVE-2024-47701: ext4: avoid OOB when system.data xattr changes underneath the filesystem (bsc#1231920). - CVE-2024-47703: bpf, lsm: add check for BPF LSM return value (bsc#1231946). - CVE-2024-49868: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion (bsc#1232272). - CVE-2024-49888: bpf: Fix a sdiv overflow issue (bsc#1232208). - CVE-2024-49899: drm/amd/display: Initialize denominators' default to 1 (bsc#1232358). - CVE-2024-49911: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func (bsc#1232366). - CVE-2024-49912: drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' (bsc#1232367). - CVE-2024-49921: drm/amd/display: Check null pointers before used (bsc#1232371). - CVE-2024-49922: drm/amd/display: Check null pointers before using them (bsc#1232374). - CVE-2024-49923: drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags (bsc#1232361). - CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224) - CVE-2024-49933: blk_iocost: fix more out of bound shifts (bsc#1232368). - CVE-2024-49934: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name (bsc#1232387). - CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (bsc#1232166). - CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165). - CVE-2024-49952: netfilter: nf_tables: prevent nf_skb_duplicated corruption (bsc#1232157). - CVE-2024-49968: ext4: filesystems without casefold feature cannot be mounted with siphash (bsc#1232264). - CVE-2024-49983: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free (bsc#1232096). - CVE-2024-49987: bpftool: Fix undefined behavior in qsort(NULL, 0, ...) (bsc#1232258). - CVE-2024-49989: drm/amd/display: fix double free issue during amdgpu module unload (bsc#1232483). - CVE-2024-50003: drm/amd/display: Fix system hang while resume with TBT monitor (bsc#1232385). - CVE-2024-50004: drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35 (bsc#1232396). - CVE-2024-50006: ext4: fix i_data_sem unlock order in ext4_ind_migrate() (bsc#1232442). - CVE-2024-50009: cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value (bsc#1232318). - CVE-2024-50012: cpufreq: Avoid a bad reference count on CPU node (bsc#1232386). - CVE-2024-50014: ext4: fix access to uninitialised lock in fc replay path (bsc#1232446). - CVE-2024-50082: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (bsc#1232500). - CVE-2024-50084: net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test() (bsc#1232494). - CVE-2024-50087: btrfs: fix uninitialized pointer free on read_alloc_one_name() error (bsc#1232499). - CVE-2024-50088: btrfs: fix uninitialized pointer free in add_inode_ref() (bsc#1232498). - CVE-2024-50098: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down (bsc#1232881). - CVE-2024-50110: xfrm: fix one more kernel-infoleak in algo dumping (bsc#1232885). - CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919). - CVE-2024-50124: Bluetooth: ISO: Fix UAF on iso_sock_timeout (bsc#1232926). - CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928). - CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907). - CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905). - CVE-2024-50130: netfilter: bpf: must hold reference on net namespace (bsc#1232894). - CVE-2024-50138: bpf: Use raw_spinlock_t in ringbuf (bsc#1232935). - CVE-2024-50139: KVM: arm64: Fix shift-out-of-bounds bug (bsc#1233062). - CVE-2024-50145: octeon_ep: add SKB allocation failures handling in __octep_oq_process_rx() (bsc#1233044). - CVE-2024-50153: scsi: target: core: Fix null-ptr-deref in target_alloc_device() (bsc#1233061). - CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070). - CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices (bsc#1233050). - CVE-2024-50167: be2net: fix potential memory leak in be_xmit() (bsc#1233049). - CVE-2024-50169: vsock: Update rx_bytes on read_skb() (bsc#1233320). - CVE-2024-50171: net: systemport: fix potential memory leak in bcm_sysport_xmit() (bsc#1233057). - CVE-2024-50177: drm/amd/display: fix a UBSAN warning in DML2.1 (bsc#1233115). - CVE-2024-50182: secretmem: disable memfd_secret() if arch cannot set direct map (bsc#1233129). - CVE-2024-50184: virtio_pmem: Check device status before requesting flush (bsc#1233135). - CVE-2024-50186: net: explicitly clear the sk pointer, when pf->create fails (bsc#1233110). - CVE-2024-50192: irqchip/gic-v4: Do not allow a VMOVP on a dying VPE (bsc#1233106). - CVE-2024-50225: btrfs: fix error propagation of split bios (bsc#1233193). - CVE-2024-50228: mm: shmem: fix data-race in shmem_getattr() (bsc#1233204). - CVE-2024-50230: nilfs2: fix kernel bug due to missing clearing of checked flag (bsc#1233206). - CVE-2024-50245: fs/ntfs3: Fix possible deadlock in mi_read (bsc#1233203). - CVE-2024-50246: fs/ntfs3: Add rough attr alloc_size check (bsc#1233207). - CVE-2024-50248: ntfs3: add bounds checking to mi_enum_attr() (bsc#1233219). - CVE-2024-50250: fsdax: dax_unshare_iter needs to copy entire blocks (bsc#1233226). - CVE-2024-50252: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address (bsc#1233201). - CVE-2024-50257: netfilter: Fix use-after-free in get_info() (bsc#1233244). - CVE-2024-50261: macsec: Fix use-after-free while sending the offloading packet (bsc#1233253). - CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453). - CVE-2024-50271: signal: restore the override_rlimit logic (bsc#1233460). - CVE-2024-50273: btrfs: reinitialize delayed ref list after deleting it from the list (bsc#1233462). - CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463). - CVE-2024-50275: arm64/sve: Discard stale CPU state when handling SVE traps (bsc#1233464). - CVE-2024-50276: net: vertexcom: mse102x: Fix possible double free of TX skb (bsc#1233465). - CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468). - CVE-2024-50289: media: av7110: fix a spectre vulnerability (bsc#1233478). - CVE-2024-50295: net: arc: fix the device for dma_map_single/dma_unmap_single (bsc#1233484). - CVE-2024-50296: net: hns3: fix kernel crash when uninstalling driver (bsc#1233485). - CVE-2024-50298: net: enetc: allocate vf_state during PF probes (bsc#1233487). - CVE-2024-53042: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() (bsc#1233540). - CVE-2024-53043: mctp i2c: handle NULL header address (bsc#1233523). - CVE-2024-53048: ice: fix crash on probe for DPLL enabled E810 LOM (bsc#1233721). - CVE-2024-53051: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability (bsc#1233547). - CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction (bsc#1233550). - CVE-2024-53056: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() (bsc#1233568). - CVE-2024-53058: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data (bsc#1233552). - CVE-2024-53079: mm/thp: fix deferred split unqueue naming and locking (bsc#1233570). - CVE-2024-53082: virtio_net: Add hash_key_length check (bsc#1233573). - CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642). - CVE-2024-53110: vp_vdpa: fix id_table array not null terminated error (bsc#1234085). - CVE-2024-53121: net/mlx5: fs, lock FTE when checking if active (bsc#1234078). - CVE-2024-53138: net/mlx5e: kTLS, Fix incorrect page refcounting (bsc#1234223). The following non-security bugs were fixed: - ACPI: CPPC: Fix _CPC register setting issue (git-fixes). - ALSA: 6fire: Release resources at card release (git-fixes). - ALSA: ac97: bus: Fix the mistake in the comment (git-fixes). - ALSA: caiaq: Use snd_card_free_when_closed() at disconnection (git-fixes). - ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init() (git-fixes). - ALSA: hda/conexant: fix Z60MR100 startup pop issue (stable-fixes). - ALSA: hda/realtek - Fixed Clevo platform headset Mic issue (stable-fixes). - ALSA: hda/realtek - update set GPIO3 to default for Thinkpad with ALC1318 (git-fixes). - ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360 (NP730QFG) (stable-fixes). - ALSA: hda/realtek: Apply quirk for Medion E15433 (bsc#1233298). - ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8 (stable-fixes). - ALSA: hda/realtek: Enable speaker pins for Medion E15443 platform (bsc#1233298). - ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max (bsc#1233298). - ALSA: hda/realtek: Set PCBeep to default value for ALC274 (stable-fixes). - ALSA: hda/realtek: Update ALC225 depop procedure (git-fixes). - ALSA: hda/realtek: Update ALC256 depop procedure (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10 (stable-fixes). - ALSA: hda: Poll jack events for LS7A HD-Audio (stable-fixes). - ALSA: hda: Show the codec quirk info at probing (stable-fixes). - ALSA: ice1712: Remove redundant code in stac9460_dac_vol_put (stable-fixes). - ALSA: pcm: Add sanity NULL check for the default mmap fault handler (stable-fixes). - ALSA: ump: Fix evaluation of MIDI 1.0 FB info (git-fixes). - ALSA: us122l: Use snd_card_free_when_closed() at disconnection (git-fixes). - ALSA: usb-audio: Add Pioneer DJ/AlphaTheta DJM-A9 Mixer (stable-fixes). - ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry (stable-fixes). - ALSA: usb-audio: Fix a DMA to stack memory bug (git-fixes). - ALSA: usb-audio: Fix out of bounds reads when finding clock sources (stable-fixes). - ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (git-fixes). - ALSA: usb-audio: Make mic volume workarounds globally applicable (stable-fixes). - ALSA: usb-audio: Use snprintf instead of sprintf in build_mixer_unit_ctl (stable-fixes). - ALSA: usb-audio: add mixer mapping for Corsair HS80 (stable-fixes). - ALSA: usx2y: Use snd_card_free_when_closed() at disconnection (git-fixes). - ASoC: Intel: avs: da7219: Remove suspend_pre() and resume_post() (stable-fixes). - ASoC: SOF: Add i2s bt dai configuration support for AMD platforms (bsc#1233305). - ASoC: SOF: Add support for configuring PDM interface from topology (bsc#1233305). - ASoC: SOF: Deprecate invalid enums in IPC3 (bsc#1233305). - ASoC: SOF: IPC4: get pipeline priority from topology (bsc#1233305). - ASoC: SOF: IPC4: synchronize fw_config_params with fw definitions (bsc#1233305). - ASoC: SOF: Refactor sof_i2s_tokens reading to update acpbt dai (bsc#1233305). - ASoC: SOF: Rename amd_bt sof_dai_type (bsc#1233305). - ASoC: SOF: Wire up buffer flags (bsc#1233305). - ASoC: SOF: add alignment for topology header file struct definition (bsc#1233305). - ASoC: SOF: align topology header file with sof topology header (bsc#1233305). - ASoC: SOF: ipc3-topology: Convert the topology pin index to ALH dai index (git-fixes). - ASoC: SOF: ipc3-topology: fix resource leaks in sof_ipc3_widget_setup_comp_dai() (git-fixes). - ASoC: SOF: ipc4-control: Add support for ALSA enum control (bsc#1233305). - ASoC: SOF: ipc4-control: Add support for ALSA switch control (bsc#1233305). - ASoC: SOF: ipc4-mtrace: move debug slot related definitions to header.h (bsc#1233305). - ASoC: SOF: ipc4-topology: Add deep buffer size to debug prints (bsc#1233305). - ASoC: SOF: ipc4-topology: Add definition for generic switch/enum control (bsc#1233305). - ASoC: SOF: ipc4-topology: Add module ID print during module set up (bsc#1233305). - ASoC: SOF: ipc4-topology: Helper to find an swidget by module/instance id (bsc#1233305). - ASoC: SOF: ipc4-topology: Only handle dai_config with HW_PARAMS for ChainDMA (bsc#1233305). - ASoC: SOF: ipc4-topology: change chain_dma handling in dai_config (bsc#1233305). - ASoC: SOF: ipc4-topology: export sof_ipc4_copier_is_single_format (bsc#1233305). - ASoC: SOF: ipc4-topology: set config_length based on device_count (bsc#1233305). - ASoC: SOF: ipc4: Add data struct for module notification message from firmware (bsc#1233305). - ASoC: SOF: ipc4: Add new message type: SOF_IPC4_GLB_LOAD_LIBRARY_PREPARE (bsc#1233305). - ASoC: SOF: sof-client-probes-ipc4: Set param_size extension bits (git-fixes). - ASoC: SOF: topology: Parse DAI type token for dspless mode (bsc#1233305). - ASoC: SOF: topology: dynamically allocate and store DAI widget->private (bsc#1233305). - ASoC: amd: yc: Add quirk for ASUS Vivobook S15 M3502RA (stable-fixes). - ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry (git-fixes). - ASoC: amd: yc: Fix non-functional mic on ASUS E1404FA (stable-fixes). - ASoC: amd: yc: Support dmic on another model of Lenovo Thinkpad E14 Gen 6 (stable-fixes). - ASoC: amd: yc: fix internal mic on Xiaomi Book Pro 14 2022 (stable-fixes). - ASoC: audio-graph-card2: Purge absent supplies for device tree nodes (stable-fixes). - ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() (git-fixes). - ASoC: fsl_micfil: Add sample rate constraint (stable-fixes). - ASoC: fsl_micfil: fix regmap_write_bits usage (git-fixes). - ASoC: mediatek: mt8188-mt6359: Remove hardcoded dmic codec (git-fixes). - ASoC: rt722-sdca: Remove logically deadcode in rt722-sdca.c (git-fixes). - ASoC: rt722-sdca: increase clk_stop_timeout to fix clock stop issue (stable-fixes). - ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove (git-fixes). - ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div() (stable-fixes). - ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate() (stable-fixes). - ASoC: tas2781: Add new driver version for tas2563 & tas2781 qfn chip (stable-fixes). - Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync (git-fixes). - Bluetooth: btintel: Direct exception event to bluetooth stack (git-fixes). - Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test (bsc#1230557) - Bluetooth: fix use-after-free in device_for_each_child() (git-fixes). - Bluetooth: hci_core: Fix calling mgmt_device_connected (git-fixes). - Documentation: kgdb: Correct parameter error (git-fixes). - Drop OCFS2 patch causing a regression (bsc#1233255) - HID: core: zero-initialize the report buffer (git-fixes). - HID: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard (stable-fixes). - HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad (stable-fixes). - HID: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad (stable-fixes). - HID: multitouch: Add support for B2402FVA track point (stable-fixes). - HID: wacom: Interpret tilt data from Intuos Pro BT as signed values (git-fixes). - HID: wacom: fix when get product name maybe null pointer (git-fixes). - Input: hideep - add missing dependency on REGMAP_I2C (git-fixes). - Input: hycon-hy46xx - add missing dependency on REGMAP_I2C (git-fixes). - Input: xpad - add GameSir T4 Kaleid Controller support (git-fixes). - Input: xpad - add GameSir VID for Xbox One controllers (git-fixes). - Input: xpad - add support for 8BitDo Ultimate 2C Wireless Controller (git-fixes). - Input: xpad - add support for MSI Claw A1M (git-fixes). - Input: xpad - add support for Machenike G5 Pro Controller (git-fixes). - Input: xpad - fix support for some third-party controllers (git-fixes). - Input: xpad - sort xpad_device by vendor and product ID (git-fixes). - Input: xpad - spelling fixes for 'Xbox' (git-fixes). - KVM: PPC: Book3S HV: Avoid returning to nested hypervisor on pending doorbells (bsc#1215199). - KVM: PPC: Book3S HV: Stop using vc->dpdes for nested KVM guests (bsc#1215199). - KVM: PPC: Book3S HV: remove unused varible (bsc#1194869). - KVM: SEV-ES: Fix svm_get_msr()/svm_set_msr() for KVM_SEV_ES_INIT guests (bsc#1232207). - KVM: SEV-ES: Prevent MSR access post VMSA encryption (bsc#1232207). - Move kabi netfilter fix into patches.kabi - Move upstreamed crypto patches into sorted section - Move upstreamed patches into sorted section - NFS: remove revoked delegation from server's delegation list (git-fixes). - PCI: Add T_PVPERL macro (git-fixes). - PCI: Fix reset_method_store() memory leak (git-fixes). - PCI: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf() (git-fixes). - PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds (git-fixes). - PCI: keystone: Add link up check to ks_pcie_other_map_bus() (git-fixes). - PCI: keystone: Set mode as Root Complex for 'ti,keystone-pcie' compatible (git-fixes). - PCI: rockchip-ep: Fix address translation unit programming (git-fixes). - RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (git-fixes) - RDMA/hns: Add mutex_destroy() (git-fixes) - RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset (git-fixes) - RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (git-fixes) - RDMA/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci (git-fixes) - RDMA/hns: Fix cpu stuck caused by printings during reset (git-fixes) - RDMA/hns: Fix different dgids mapping to the same dip_idx (git-fixes) - RDMA/hns: Fix flush cqe error when racing with destroy qp (git-fixes) - RDMA/hns: Fix out-of-order issue of requester when setting FENCE (git-fixes) - RDMA/hns: Use dev_* printings in hem code instead of ibdev_* (git-fixes) - RDMA/hns: Use macro instead of magic number (git-fixes) - RDMA/mlx5: Move events notifier registration to be after device registration (git-fixes) - RDMA/rxe: Fix the qp flush warnings in req (git-fixes) - RDMA/rxe: Set queue pair cur_qp_state when being queried (git-fixes) - RDMA/siw: Add sendpage_ok() check to disable MSG_SPLICE_PAGES (git-fixes) - Revert 'KVM: PPC: Book3S HV Nested: Stop forwarding all HFUs to L1' (bsc#1215199). - Revert 'RDMA/core: Fix ENODEV error for iWARP test over vlan' (git-fixes) - Revert 'cgroup: Fix memory leak caused by missing cgroup_bpf_offline' (bsc#1234108). - Revert 'cpufreq: brcmstb-avs-cpufreq: Fix initial command check' (stable-fixes). - Revert 'mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K' (git-fixes). - Revert 'usb: gadget: composite: fix OS descriptors w_value logic' (git-fixes). - SUNRPC: Remove BUG_ON call sites (git-fixes). - USB: chaoskey: Fix possible deadlock chaoskey_list_lock (git-fixes). - USB: chaoskey: fail open after removal (git-fixes). - USB: gadget: dummy-hcd: Fix 'task hung' problem (git-fixes). - USB: serial: ftdi_sio: Fix atomicity violation in get_serial_info() (git-fixes). - USB: serial: io_edgeport: fix use after free in debug printk (git-fixes). - USB: serial: option: add Fibocom FG132 0x0112 composition (stable-fixes). - USB: serial: option: add Quectel RG650V (stable-fixes). - USB: serial: qcserial: add support for Sierra Wireless EM86xx (stable-fixes). - Update config files (bsc#1218644). - Update config files. Enabled IDPF for ARM64 (bsc#1221309) - accel: Use XArray instead of IDR for minors (jsc#PED-11580). - acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() (git-fixes). - ad7780: fix division by zero in ad7780_write_raw() (git-fixes). - add bugreference to a hv_netvsc patch (bsc#1232413). - aes-gcm-p10: Use the correct bit to test for P10 (bsc#1232704). - amd-pstate: Set min_perf to nominal_perf for active mode performance gov (git-fixes). - apparmor: fix 'Do simple duplicate message elimination' (git-fixes). - apparmor: test: Fix memory leak for aa_unpack_strdup() (git-fixes). - apparmor: use kvfree_sensitive to free data->data (git-fixes). - arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer (git-fixes) - arm64: dts: freescale: imx8mm-verdin: Fix SD regulator startup delay (git-fixes) - arm64: dts: freescale: imx8mp-verdin: Fix SD regulator startup delay (git-fixes) - arm64: dts: imx8-ss-vpu: Fix imx8qm VPU IRQs (git-fixes) - arm64: dts: imx8qxp: Add VPU subsystem file (git-fixes) - arm64: dts: imx93: add nvmem property for eqos (git-fixes) - arm64: dts: imx93: add nvmem property for fec1 (git-fixes) - arm64: dts: imx93: add ocotp node (git-fixes) - arm64: dts: rockchip: Add DTS for FriendlyARM NanoPi R2S Plus (git-fixes) - arm64: dts: rockchip: Correct GPIO polarity on brcm BT nodes (git-fixes) - arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc (git-fixes) - arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards (git-fixes) - arm64: dts: rockchip: Fix bluetooth properties on rk3566 box demo (git-fixes) - arm64: dts: rockchip: Fix reset-gpios property on brcm BT nodes (git-fixes) - arm64: dts: rockchip: Fix rt5651 compatible value on (git-fixes) - arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-eaidk-610 (git-fixes) - arm64: dts: rockchip: Fix wakeup prop names on PineNote BT node (git-fixes) - arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma (git-fixes) - arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 (git-fixes) - arm64: dts: rockchip: Remove undocumented supports-emmc property (git-fixes) - arm64: dts: rockchip: fix i2c2 pinctrl-names property on (git-fixes) - arm64: dts: rockchip: remove num-slots property from (git-fixes) - arm64: dts: rockchip: remove orphaned pinctrl-names from pinephone (git-fixes) - arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG (git-fixes) - arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint (git-fixes) - arm64: smccc: replace custom COUNT_ARGS() & CONCATENATE() (git-fixes) - arm64: tegra: Move AGX Orin nodes to correct location (git-fixes) - arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled (git-fixes) - bpf, arm64: Fix address emission with tag-based KASAN enabled (git-fixes) - bpf, arm64: Remove garbage frame for struct_ops trampoline (git-fixes) - bpf, sockmap: SK_DROP on attempted redirects of unsupported af_vsock (git-fixes). - bpf, vsock: Drop static vsock_bpf_prot initialization (git-fixes). - btrfs: merge btrfs_orig_bbio_end_io() into btrfs_bio_end_io() (bsc#1233193) - can: c_can: c_can_handle_bus_err(): update statistics if skb allocation fails (git-fixes). - can: c_can: fix {rx,tx}_errors statistics (git-fixes). - can: dev: can_set_termination(): allow sleeping GPIOs (git-fixes). - can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics (git-fixes). - can: hi311x: hi3110_can_ist(): fix potential use-after-free (git-fixes). - can: hi311x: hi3110_can_ist(): fix {rx,tx}_errors statistics (git-fixes). - can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes). - can: j1939: j1939_session_new(): fix skb reference counting (git-fixes). - can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes). - can: mcp251xfd: mcp251xfd_get_tef_len(): fix length calculation (git-fixes). - can: mcp251xfd: mcp251xfd_get_tef_len(): work around erratum DS80000789E 6 (git-fixes). - can: mcp251xfd: mcp251xfd_ring_alloc(): fix coalescing configuration when switching CAN modes (git-fixes). - can: sja1000: sja1000_err(): fix {rx,tx}_errors statistics (git-fixes). - can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL (git-fixes). - can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics (git-fixes). - cgroup/bpf: only cgroup v2 can be attached by bpf programs (bsc#1234108). - clk: clk-apple-nco: Add NULL check in applnco_probe (git-fixes). - clk: clk-axi-clkgen: make sure to enable the AXI bus clock (git-fixes). - clk: imx: clk-scu: fix clk enable state save and restore (git-fixes). - clk: imx: fracn-gppll: correct PLL initialization flow (git-fixes). - clk: imx: fracn-gppll: fix pll power up (git-fixes). - clk: imx: lpcg-scu: SW workaround for errata (e10858) (git-fixes). - clk: qcom: clk-alpha-pll: drop lucid-evo pll enabled warning (git-fixes). - clk: qcom: clk-alpha-pll: fix lucid 5lpe pll enabled check (git-fixes). - clk: qcom: gcc-qcs404: fix initial rate of GPLL3 (git-fixes). - clk: renesas: rzg2l: Fix FOUTPOSTDIV clk (git-fixes). - clk: sunxi-ng: d1: Fix PLL_AUDIO0 preset (git-fixes). - comedi: Flush partial mappings in error case (git-fixes). - cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() (git-fixes). - cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() (git-fixes). - cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_cost() (git-fixes). - cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_power() (git-fixes). - cpufreq: loongson2: Unregister platform_driver on failure (git-fixes). - cpufreq: mediatek-hw: Fix wrong return value in mtk_cpufreq_get_cpu_power() (git-fixes). - crypto: aes-gcm-p10 - Use the correct bit to test for P10 (bsc#1232704). - crypto: api - Fix liveliness check in crypto_alg_tested (stable-fixes). - crypto: bcm - add error check in the ahash_hmac_init function (git-fixes). - crypto: caam - Fix the pointer passed to caam_qi_shutdown() (git-fixes). - crypto: caam - add error check to caam_rsa_set_priv_key_form (git-fixes). - crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() (git-fixes). - crypto: cavium - Fix the if condition to exit loop after timeout (git-fixes). - crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() (git-fixes). - crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (git-fixes). - crypto: qat - remove check after debugfs_create_dir() (git-fixes). - crypto: qat - remove faulty arbiter config reset (git-fixes). - crypto: qat/qat_4xxx - fix off by one in uof_get_name() (git-fixes). - crypto: x86/aegis128 - access 32-bit arguments as 32-bit (git-fixes). - cxl: downgrade a warning message to debug level in cxl_probe_component_regs() (bsc#1229165). - dma-fence: Fix reference leak on fence merge failure path (git-fixes). - dma-fence: Use kernel's sort for merging fences (git-fixes). - doc: rcu: update printed dynticks counter bits (git-fixes). - drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() (git-fixes). - drm/amd/display: Adjust VSDB parser for replay feature (stable-fixes). - drm/amd/display: Fix brightness level not retained over reboot (git-fixes). - drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe (git-fixes). - drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp (git-fixes). - drm/amd: Add some missing straps from NBIO 7.11.0 (git-fixes). - drm/amd: Fix initialization mistake for NBIO 7.7.0 (stable-fixes). - drm/amdgpu: Adjust debugfs eviction and IB access permissions (stable-fixes). - drm/amdgpu: Adjust debugfs register access permissions (stable-fixes). - drm/amdgpu: Fix DPX valid mode check on GC 9.4.3 (git-fixes). - drm/amdgpu: Fix JPEG v4.0.3 register write (git-fixes). - drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() (stable-fixes). - drm/amdgpu: fix check in gmc_v9_0_get_vm_pte() (git-fixes). - drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported (git-fixes). - drm/amdkfd: Accounting pdd vram_usage for svm (stable-fixes). - drm/amdkfd: Fix wrong usage of INIT_WORK() (git-fixes). - drm/bridge: anx7625: Drop EDID cache on bridge power off (git-fixes). - drm/bridge: it6505: Drop EDID cache on bridge power off (git-fixes). - drm/bridge: tc358767: Fix link properties discovery (git-fixes). - drm/bridge: tc358768: Fix DSI command tx (git-fixes). - drm/etnaviv: Request pages from DMA32 zone on addressing_limited (git-fixes). - drm/etnaviv: hold GPU lock across perfmon sampling (git-fixes). - drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - drm/mediatek: Fix child node refcount handling in early exit (git-fixes). - drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused (git-fixes). - drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() (git-fixes). - drm/msm/dpu: drop LM_3 / LM_4 on MSM8998 (git-fixes). - drm/msm/dpu: drop LM_3 / LM_4 on SDM845 (git-fixes). - drm/msm/dpu: on SDM845 move DSPP_3 to LM_5 block (git-fixes). - drm/msm/gpu: Check the status of registration to PM QoS (git-fixes). - drm/msm: Fix some typos in comment (git-fixes). - drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new() (git-fixes). - drm/omap: Fix locking in omap_gem_new_dmabuf() (git-fixes). - drm/omap: Fix possible NULL dereference (git-fixes). - drm/panfrost: Add missing OPP table refcnt decremental (git-fixes). - drm/panfrost: Remove unused id_mask from struct panfrost_model (git-fixes). - drm/rockchip: vop: Fix a dereferenced before check warning (git-fixes). - drm/sti: Add __iomem for mixer_dbg_mxn's parameter (git-fixes). - drm/sti: avoid potential dereference of error pointers (git-fixes). - drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check (git-fixes). - drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check (git-fixes). - drm/v3d: Address race-condition in MMU flush (git-fixes). - drm/v3d: Enable Performance Counters before clearing them (git-fixes). - drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_atomic_flush (git-fixes). - drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_lut_load (git-fixes). - drm/vc4: hdmi: Avoid hang with debug registers when suspended (git-fixes). - drm/vc4: hvs: Correct logic on stopping an HVS channel (git-fixes). - drm/vc4: hvs: Do not write gamma luts on 2711 (git-fixes). - drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer (git-fixes). - drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function (git-fixes). - drm/vkms: Drop unnecessary call to drm_crtc_cleanup() (git-fixes). - drm/vmwgfx: Limit display layout ioctl array size to VMWGFX_NUM_DISPLAY_UNITS (stable-fixes). - drm: Expand max DRM device number to full MINORBITS (jsc#PED-11580). - drm: Use XArray instead of IDR for minors (jsc#PED-11580). - drm: use ATOMIC64_INIT() for atomic64_t (git-fixes). - drm: xlnx: zynqmp_dpsub: fix hotplug detection (git-fixes). - drm: zynqmp_kms: Unplug DRM device before removal (git-fixes). - e1000e: Remove Meteor Lake SMBUS workarounds (git-fixes). - efi/libstub: Free correct pointer on failure (git-fixes). - efi/libstub: fix efi_parse_options() ignoring the default command line (git-fixes). - efi/libstub: zboot.lds: Discard .discard sections (stable-fixes). - efi/memattr: Ignore table if the size is clearly bogus (bsc#1231465). - ext4: fix unttached inode after power cut with orphan file feature enabled (bsc#1234009). - f2fs: get out of a repeat loop when getting a locked data page (bsc#1234011). - fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() (git-fixes). - firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (git-fixes). - firmware: google: Unregister driver_info on failure (git-fixes). - firmware_loader: Fix possible resource leak in fw_log_firmware_info() (git-fixes). - fs/ntfs3: Add more attributes checks in mi_enum_attr() (bsc#1233207) - fs/ntfs3: Fixed overflow check in mi_enum_attr() (bsc#1233207) - fs/ntfs3: Sequential field availability check in mi_enum_attr() (bsc#1233207) - fs: Fix uninitialized value issue in from_kuid and from_kgid (git-fixes). - goldfish: Fix unused const variable 'goldfish_pipe_acpi_match' (git-fixes). - gpio: exar: set value when external pull-up or pull-down is present (git-fixes). - gpio: zevio: Add missed label initialisation (git-fixes). - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (git-fixes). - hwmon: (nct6775-core) Fix overflows seen when writing limit attributes (git-fixes). - hwmon: (tps23861) Fix reporting of negative temperatures (git-fixes). - i2c: designware: do not hold SCL low when I2C_DYNAMIC_TAR_UPDATE is not set (git-fixes). - i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() (git-fixes). - i3c: master: svc: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes). - i40e: fix race condition by adding filter's intermediate sync state (git-fixes). - iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call (git-fixes). - igb: Disable threaded IRQ for igb_msix_other (git-fixes). - iio: Fix fwnode_handle in __fwnode_iio_channel_get_by_name() (git-fixes). - iio: accel: kx022a: Fix raw read format (git-fixes). - iio: adc: ad7606: Fix typo in the driver name (git-fixes). - iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer (git-fixes). - iio: gts: Fix uninitialized symbol 'ret' (git-fixes). - iio: gts: fix infinite loop for gain_to_scaletables() (git-fixes). - iio: light: al3010: Fix an error handling path in al3010_probe() (git-fixes). - ima: fix buffer overrun in ima_eventdigest_init_common (git-fixes). - initramfs: avoid filename buffer overrun (bsc#1232436). - intel_idle: add Granite Rapids Xeon support (bsc#1231630). - intel_idle: fix ACPI _CST matching for newer Xeon platforms (bsc#1231630). - io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (git-fixes). - io_uring/sqpoll: close race on waiting for sqring entries (git-fixes). - irqchip/gic-v3-its: Avoid explicit cpumask allocation on stack (git-fixes). - jbd2: Move j_transaction_overhead_buffers into a hole (bsc#1234042). - jbd2: avoid infinite transaction commit loop (bsc#1234039). - jbd2: avoid memleak in jbd2_journal_write_metadata_buffer (bsc#1234043). - jbd2: avoid mount failed when commit block is partial submitted (bsc#1234040). - jbd2: correct the printing of write_flags in jbd2_write_superblock() (bsc#1234045). - jbd2: fix kernel-doc for j_transaction_overhead_buffers (bsc#1234042). - jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev (bsc#1234044). - jbd2: fix soft lockup in journal_finish_inode_data_buffers() (bsc#1234046). - jbd2: make jbd2_journal_get_max_txn_bufs() internal (bsc#1234041). - jbd2: precompute number of transaction descriptor blocks (bsc#1234042). - kABI workaround for ASoC SOF (bsc#1233305). - kABI: Restore exported __arm_smccc_sve_check (git-fixes) - kabi, mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling (git-fixes kabi). - kasan: move checks to do_strncpy_from_user (git-fixes). - kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644). - kexec_file: fix elfcorehdr digest exclusion when CONFIG_CRASH_HOTPLUG=y (git-fixes). - leds: lp55xx: Remove redundant test for invalid channel number (git-fixes). - lib: string_helpers: silence snprintf() output truncation warning (git-fixes). - mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb() (git-fixes). - maple_tree: fix alloc node fail issue (git-fixes). - maple_tree: refine mas_store_root() on storing NULL (git-fixes). - media: adv7604: prevent underflow condition when reporting colorspace (git-fixes). - media: amphion: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes). - media: amphion: Set video drvdata before register video device (git-fixes). - media: ar0521: do not overflow when checking PLL values (git-fixes). - media: atomisp: Add check for rgby_data memory allocation failure (git-fixes). - media: cx24116: prevent overflows on SNR calculus (git-fixes). - media: dvb_frontend: do not play tricks with underflow values (git-fixes). - media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set (stable-fixes). - media: dvbdev: prevent the risk of out of memory access (git-fixes). - media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate() (git-fixes). - media: i2c: dw9768: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes). - media: i2c: tc358743: Fix crash in the probe error path when using polling (git-fixes). - media: imx-jpeg: Ensure power suppliers be suspended before detach them (git-fixes). - media: imx-jpeg: Set video drvdata before register video device (git-fixes). - media: mantis: remove orphan mantis_core.h (git-fixes). - media: mtk-jpeg: Fix null-ptr-deref during unload module (git-fixes). - media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() (git-fixes). - media: platform: exynos4-is: Fix an OF node reference leak in fimc_md_is_isp_available (git-fixes). - media: pulse8-cec: fix data timestamp at pulse8_setup() (git-fixes). - media: s5p-jpeg: prevent buffer overflows (git-fixes). - media: stb0899_algo: initialize cfr before using it (git-fixes). - media: ts2020: fix null-ptr-deref in ts2020_probe() (git-fixes). - media: uvcvideo: Require entities to have a non-zero unique ID (git-fixes). - media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (git-fixes). - media: uvcvideo: Stop stream during unregister (git-fixes). - media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl() (git-fixes). - media: v4l2-tpg: prevent the risk of a division by zero (git-fixes). - media: vb2: Fix comment (git-fixes). - media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes). - media: wl128x: Fix atomicity violation in fmc_send_cmd() (git-fixes). - mfd: rt5033: Fix missing regmap_del_irq_chip() (git-fixes). - mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race (git-fixes). - minmax: scsi: fix mis-use of 'clamp()' in sr.c (git-fixes). - misc: apds990x: Fix missing pm_runtime_disable() (git-fixes). - mlxbf_gige: disable RX filters until RX path initialized (git-fixes). - mm/hugetlb: fix nodes huge page allocation when there are surplus pages (bsc#1234012). - mm: avoid unsafe VMA hook invocation when error arises on mmap hook (git-fixes). - mm: move dummy_vm_ops out of a header (git-fixes prerequisity). - mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling (git-fixes). - mm: refactor map_deny_write_exec() (git-fixes). - mm: resolve faulty mmap_region() error path behaviour (git-fixes). - mm: unconditionally close VMAs on error (git-fixes). - mmc: core: Further prevent card detect during shutdown (git-fixes). - mmc: mmc_spi: drop buggy snprintf() (git-fixes). - mmc: sunxi-mmc: Fix A100 compatible description (git-fixes). - modpost: remove incorrect code in do_eisa_entry() (git-fixes). - mtd: rawnand: atmel: Fix possible memory leak (git-fixes). - mtd: spi-nor: core: replace dummy buswidth from addr to data (git-fixes). - net: mdio-ipq4019: add missing error check (git-fixes). - net: phy: dp83822: Fix reset pin definitions (git-fixes). - net: phy: ti: add PHY_RST_AFTER_CLK_EN flag (git-fixes). - net: relax socket state check at accept time (git-fixes). - net: usb: lan78xx: Fix double free issue with interrupt buffer allocation (git-fixes). - net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device (git-fixes). - net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration (git-fixes). - net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition (stable-fixes). - net: wwan: fix global oob in wwan_rtnl_policy (git-fixes). - net: wwan: t7xx: Fix off-by-one error in t7xx_dpmaif_rx_buf_alloc() (git-fixes). - net: xfrm: preserve kabi for xfrm_state (bsc#1233754). - netdevsim: copy addresses for both in and out paths (git-fixes). - netfilter: nf_tables: missing iterator type in lookup walk (git-fixes). - nfs: Fix KMSAN warning in decode_getfattr_attrs() (git-fixes). - nfs: avoid i_lock contention in nfs_clear_invalid_mapping (git-fixes). - nfsd: remove unsafe BUG_ON from set_change_info (bsc#1234121). - nilfs2: fix potential deadlock with newly created symlinks (git-fixes). - nouveau/dp: handle retries for AUX CH transfers with GSP (git-fixes). - nouveau: fw: sync dma after setup is called (git-fixes). - nouveau: handle EBUSY and EAGAIN for GSP aux errors (git-fixes). - ntfs3: Add bounds checking to mi_enum_attr() (bsc#1233207) - nvme-fabrics: fix kernel crash while shutting down controller (git-fixes). - nvme-loop: flush off pending I/O while shutting down loop controller (git-fixes). - nvme-pci: fix freeing of the HMB descriptor table (git-fixes). - nvme-pci: reverse request order in nvme_queue_rqs (git-fixes). - nvme/host: Fix RCU list traversal to use SRCU primitive (git-fixes). - nvme: tcp: avoid race between queue_lock lock and destroy (git-fixes). - ocfs2: fix UBSAN warning in ocfs2_verify_volume() (git-fixes). - ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() (git-fixes). - ocfs2: uncache inode which has failed entering the group (git-fixes). - of: Add cleanup.h based auto release via __free(device_node) markings (bsc#1232386) - pinctrl: k210: Undef K210_PC_DEFAULT (git-fixes). - pinctrl: qcom: spmi: fix debugfs drive strength (git-fixes). - pinctrl: zynqmp: drop excess struct member description (git-fixes). - platform/chrome: cros_ec_typec: fix missing fwnode reference decrement (git-fixes). - platform/x86/amd/pmc: Detect when STB is not available (git-fixes). - platform/x86: panasonic-laptop: Return errno correctly in show callback (git-fixes). - posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone (bsc#1234098). - power: supply: bq27xxx: Fix registers of bq27426 (git-fixes). - power: supply: core: Remove might_sleep() from power_supply_put() (git-fixes). - power: supply: rt9471: Fix wrong WDT function regfield declaration (git-fixes). - power: supply: rt9471: Use IC status regfield to report real charger status (git-fixes). - powerpc/64s: Fix unnecessary copy to 0 when kernel is booted at address 0 (bsc#1215199). - powerpc/atomic: Use YZ constraints for DS-form instructions (bsc#1194869). - powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init() (bsc#1215199). - powerpc/fadump: Refactor and prepare fadump_cma_init for late init (bsc#1215199). - powerpc/kexec: Fix return of uninitialized variable (bsc#1194869). - powerpc/mm/fault: Fix kfence page fault reporting (bsc#1194869). - powerpc/mm: Fix boot crash with FLATMEM (bsc#1194869). - powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL (bsc#1194869). - powerpc/powernv: Free name on error in opal_event_init() (bsc#1194869). - powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector (bsc#1194869). - powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore (bsc#1194869). - powerpc/pseries: Use correct data types from pseries_hp_errorlog struct (bsc#1215199). - powerpc/vdso: Inconditionally use CFUNC macro (bsc#1215199). - pwm: imx-tpm: Use correct MODULO value for EPWM mode (git-fixes). - regmap: detach regmap from dev on regmap_exit (git-fixes). - regmap: irq: Set lockdep class for hierarchical IRQ domains (git-fixes). - rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644) - rtc: ab-eoz9: do not fail temperature reads on undervoltage notification (git-fixes). - rtc: abx80x: Fix WDT bit position of the status register (git-fixes). - rtc: bbnsm: add remove hook (git-fixes). - rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (git-fixes). - rtc: rzn1: fix BCD to rtc_time conversion errors (git-fixes). - rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - scsi: NCR5380: Check for phase match during PDMA fixup (git-fixes). - scsi: NCR5380: Initialize buffer for MSG IN and STATUS transfers (git-fixes). - scsi: Remove scsi device no_start_on_resume flag (git-fixes). - scsi: aacraid: Rearrange order of struct aac_srb_unit (git-fixes). - scsi: cdrom: kABI: fix cdrom_dev_ops change (git-fixes). - scsi: core: Disable CDL by default (git-fixes). - scsi: core: Fix handling of SCMD_FAIL_IF_RECOVERING (git-fixes). - scsi: core: Fix the return value of scsi_logical_block_count() (git-fixes). - scsi: core: Handle devices which return an unusually large VPD page count (git-fixes). - scsi: core: alua: I/O errors for ALUA state transitions (git-fixes). - scsi: hisi_sas: Handle the NCQ error returned by D2H frame (git-fixes). - scsi: hpsa: Fix allocation size for Scsi_Host private data (git-fixes). - scsi: kABI: restore no_start_on_resume to scsi_device (git-fixes). - scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (git-fixes). - scsi: libsas: Fix the failure of adding phy with zero-address to port (git-fixes). - scsi: lpfc: Add cleanup of nvmels_wq after HBA reset (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod paths (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting follow up FDMI (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Check devloss callbk done flag for potential stale NDLP ptrs (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Copyright updates for 14.4.0.6 patches (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Modify CGN warning signal calculation based on EDC response (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Prevent NDLP reference count underflow in dev_loss_tmo callback (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Update lpfc version to 14.4.0.6 (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Update lpfc_els_flush_cmd() to check for SLI_ACTIVE before BSG flag (bsc#1233241 jsc#PED-9943). - scsi: mac_scsi: Disallow bus errors during PDMA send (git-fixes). - scsi: mac_scsi: Refactor polling loop (git-fixes). - scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages (git-fixes). - scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES (git-fixes). - scsi: mpi3mr: Avoid memcpy field-spanning write WARNING (git-fixes). - scsi: mpi3mr: Avoid possible run-time warning with long manufacturer strings (git-fixes). - scsi: mpi3mr: Fix ATA NCQ priority support (git-fixes). - scsi: mpi3mr: Validate SAS port assignments (git-fixes). - scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (git-fixes). - scsi: pm8001: Do not overwrite PCI queue mapping (git-fixes). - scsi: pm80xx: Set phy->enable_completion only when we wait for it (git-fixes). - scsi: qedf: Set qed_slowpath_params to zero before use (git-fixes). - scsi: scsi_transport_fc: Allow setting rport state to current state (git-fixes). - scsi: sd: Ignore command SYNCHRONIZE CACHE error if format in progress (git-fixes). - scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer (git-fixes). - scsi: smartpqi: correct stream detection (git-fixes). - scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly (git-fixes). - scsi: spi: Fix sshdr use (git-fixes). - scsi: sr: Fix unintentional arithmetic wraparound (git-fixes). - scsi: wd33c93: Do not use stale scsi_pointer value (git-fixes). - security/keys: fix slab-out-of-bounds in key_task_permission (git-fixes). - serial: 8250: omap: Move pm_runtime_get_sync (git-fixes). - signal: Replace BUG_ON()s (bsc#1234093). - soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting() (git-fixes). - soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (git-fixes). - soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - spi: Fix acpi deferred irq probe (git-fixes). - spi: atmel-quadspi: Fix register name in verbose logging function (git-fixes). - spi: mpc52xx: Add cancel_work_sync before module remove (git-fixes). - spi: tegra210-quad: Avoid shift-out-of-bounds (git-fixes). - tcp: Fix refcnt handling in __inet_hash_connect() (git-fixes). - thermal: core: Initialize thermal zones before registering them (git-fixes). - thermal: int3400: Fix reading of current_uuid for active policy (git-fixes). - thermal: intel: int340x: processor: Fix warning during module unload (git-fixes). - thunderbolt: Honor TMU requirements in the domain when setting TMU mode (stable-fixes). - tools/lib/thermal: Fix sampling handler context ptr (git-fixes). - tools/power turbostat: Fix trailing '\n' parsing (git-fixes). - tools/power turbostat: Increase the limit for fd opened (bsc#1233119). - tpm: Lock TPM chip in tpm_pm_suspend() first (bsc#1082555 git-fixes). - tpm: fix signed/unsigned bug when checking event logs (git-fixes). - tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler (git-fixes). - u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file (git-fixes). - ucounts: fix counter leak in inc_rlimit_get_ucounts() (bsc#1233460). - unicode: Fix utf8_load() error path (git-fixes). - usb: dwc3: gadget: Add missing check for single port RAM in TxFIFO resizing logic (git-fixes). - usb: dwc3: gadget: Fix checking for number of TRBs left (git-fixes). - usb: dwc3: gadget: Fix looping of queued SG entries (git-fixes). - usb: ehci-spear: fix call balance of sehci clk handling routines (git-fixes). - usb: gadget: dummy_hcd: Set transfer interval to 1 microframe (stable-fixes). - usb: gadget: dummy_hcd: Switch to hrtimer transfer scheduler (stable-fixes). - usb: gadget: dummy_hcd: execute hrtimer callback in softirq context (git-fixes). - usb: musb: Fix hardware lockup on first Rx endpoint request (git-fixes). - usb: musb: sunxi: Fix accessing an released usb phy (git-fixes). - usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() (git-fixes). - usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() (git-fixes). - usb: xhci: Fix TD invalidation under pending Set TR Dequeue (git-fixes). - usb: yurex: make waiting on yurex_write interruptible (git-fixes). - vsock: Update msg_count on read_skb() (git-fixes). - watchdog: apple: Actually flush writes after requesting watchdog restart (git-fixes). - watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() (git-fixes). - watchdog: rti: of: honor timeout-sec property (git-fixes). - wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 (git-fixes). - wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 (git-fixes). - wifi: ath11k: Fix CE offset address calculation for WCN6750 in SSR (git-fixes). - wifi: ath12k: Skip Rx TID cleanup for self peer (git-fixes). - wifi: ath12k: fix crash when unbinding (git-fixes). - wifi: ath12k: fix warning when unbinding (git-fixes). - wifi: ath12k: remove msdu_end structure for WCN7850 (git-fixes). - wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (git-fixes). - wifi: brcmfmac: release 'root' node in all execution paths (git-fixes). - wifi: cw1200: Fix potential NULL dereference (git-fixes). - wifi: iwlegacy: Clear stale interrupts before resuming device (stable-fixes). - wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (git-fixes). - wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - wifi: wfx: Fix error handling in wfx_core_init() (git-fixes). - x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client (bsc#1233443). - x86/microcode/intel: Remove unnecessary cache writeback and invalidation (git-fixes). - x86/resctrl: Remove hard-coded memory bandwidth limit (git-fixes). - x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments() (git-fixes). - x86/tdx: Dynamically disable SEPT violations from causing #VEs (git-fixes). - x86/tdx: Enable CPU topology enumeration (git-fixes). - x86/tdx: Introduce wrappers to read and write TD metadata (git-fixes). - x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup() (git-fixes). - x86/traps: move kmsan check after instrumentation_begin (git-fixes). - x86: Increase brk randomness entropy for 64-bit systems (git-fixes). - x86: fix off-by-one in access_ok() (git-fixes). - xfrm: Export symbol xfrm_dev_state_delete (bsc#1233754). - xfrm: Fix unregister netdevice hang on hardware offload (bsc#1233754). - drm: Expand max DRM device number to full MINORBITS (jsc#PED-11580). - accel: Use XArray instead of IDR for minors (jsc#PED-11580). - drm: Use XArray instead of IDR for minors (jsc#PED-11580). - scsi: lpfc: Copyright updates for 14.4.0.6 patches (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Update lpfc version to 14.4.0.6 (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Prevent NDLP reference count underflow in dev_loss_tmo callback (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Add cleanup of nvmels_wq after HBA reset (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting follow up FDMI (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Update lpfc_els_flush_cmd() to check for SLI_ACTIVE before BSG flag (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod paths (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Check devloss callbk done flag for potential stale NDLP ptrs (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Modify CGN warning signal calculation based on EDC response (bsc#1233241 jsc#PED-9943). Important SUSE bug 1012628 SUSE bug 1082555 SUSE bug 1194869 SUSE bug 1215199 SUSE bug 1218644 SUSE bug 1220355 SUSE bug 1221309 SUSE bug 1222423 SUSE bug 1222587 SUSE bug 1222590 SUSE bug 1223112 SUSE bug 1223656 SUSE bug 1223733 SUSE bug 1224429 SUSE bug 1224518 SUSE bug 1224548 SUSE bug 1224948 SUSE bug 1225713 SUSE bug 1225725 SUSE bug 1225730 SUSE bug 1225742 SUSE bug 1225764 SUSE bug 1225768 SUSE bug 1225813 SUSE bug 1225903 SUSE bug 1226130 SUSE bug 1226748 SUSE bug 1226872 SUSE bug 1227726 SUSE bug 1227842 SUSE bug 1228430 SUSE bug 1228850 SUSE bug 1229165 SUSE bug 1230231 SUSE bug 1230557 SUSE bug 1230558 SUSE bug 1230733 SUSE bug 1230807 SUSE bug 1230817 SUSE bug 1230827 SUSE bug 1230971 SUSE bug 1231076 SUSE bug 1231114 SUSE bug 1231182 SUSE bug 1231453 SUSE bug 1231465 SUSE bug 1231630 SUSE bug 1231920 SUSE bug 1231930 SUSE bug 1231946 SUSE bug 1231952 SUSE bug 1232096 SUSE bug 1232103 SUSE bug 1232104 SUSE bug 1232157 SUSE bug 1232165 SUSE bug 1232166 SUSE bug 1232198 SUSE bug 1232201 SUSE bug 1232207 SUSE bug 1232208 SUSE bug 1232224 SUSE bug 1232258 SUSE bug 1232264 SUSE bug 1232272 SUSE bug 1232318 SUSE bug 1232335 SUSE bug 1232357 SUSE bug 1232358 SUSE bug 1232361 SUSE bug 1232366 SUSE bug 1232367 SUSE bug 1232368 SUSE bug 1232371 SUSE bug 1232374 SUSE bug 1232385 SUSE bug 1232386 SUSE bug 1232387 SUSE bug 1232396 SUSE bug 1232413 SUSE bug 1232416 SUSE bug 1232436 SUSE bug 1232442 SUSE bug 1232446 SUSE bug 1232483 SUSE bug 1232494 SUSE bug 1232498 SUSE bug 1232499 SUSE bug 1232500 SUSE bug 1232704 SUSE bug 1232757 SUSE bug 1232823 SUSE bug 1232860 SUSE bug 1232869 SUSE bug 1232870 SUSE bug 1232873 SUSE bug 1232876 SUSE bug 1232877 SUSE bug 1232878 SUSE bug 1232880 SUSE bug 1232881 SUSE bug 1232884 SUSE bug 1232885 SUSE bug 1232887 SUSE bug 1232888 SUSE bug 1232890 SUSE bug 1232892 SUSE bug 1232894 SUSE bug 1232896 SUSE bug 1232897 SUSE bug 1232905 SUSE bug 1232907 SUSE bug 1232914 SUSE bug 1232919 SUSE bug 1232925 SUSE bug 1232926 SUSE bug 1232928 SUSE bug 1232935 SUSE bug 1233029 SUSE bug 1233032 SUSE bug 1233035 SUSE bug 1233036 SUSE bug 1233041 SUSE bug 1233044 SUSE bug 1233049 SUSE bug 1233050 SUSE bug 1233051 SUSE bug 1233056 SUSE bug 1233057 SUSE bug 1233061 SUSE bug 1233062 SUSE bug 1233063 SUSE bug 1233065 SUSE bug 1233067 SUSE bug 1233070 SUSE bug 1233073 SUSE bug 1233074 SUSE bug 1233088 SUSE bug 1233091 SUSE bug 1233092 SUSE bug 1233097 SUSE bug 1233100 SUSE bug 1233103 SUSE bug 1233104 SUSE bug 1233105 SUSE bug 1233106 SUSE bug 1233107 SUSE bug 1233108 SUSE bug 1233110 SUSE bug 1233111 SUSE bug 1233113 SUSE bug 1233114 SUSE bug 1233115 SUSE bug 1233117 SUSE bug 1233119 SUSE bug 1233123 SUSE bug 1233125 SUSE bug 1233127 SUSE bug 1233129 SUSE bug 1233130 SUSE bug 1233132 SUSE bug 1233135 SUSE bug 1233176 SUSE bug 1233179 SUSE bug 1233185 SUSE bug 1233188 SUSE bug 1233189 SUSE bug 1233191 SUSE bug 1233193 SUSE bug 1233197 SUSE bug 1233201 SUSE bug 1233203 SUSE bug 1233204 SUSE bug 1233205 SUSE bug 1233206 SUSE bug 1233207 SUSE bug 1233208 SUSE bug 1233209 SUSE bug 1233210 SUSE bug 1233211 SUSE bug 1233212 SUSE bug 1233216 SUSE bug 1233217 SUSE bug 1233219 SUSE bug 1233226 SUSE bug 1233238 SUSE bug 1233241 SUSE bug 1233244 SUSE bug 1233253 SUSE bug 1233255 SUSE bug 1233293 SUSE bug 1233298 SUSE bug 1233305 SUSE bug 1233320 SUSE bug 1233350 SUSE bug 1233443 SUSE bug 1233452 SUSE bug 1233453 SUSE bug 1233454 SUSE bug 1233456 SUSE bug 1233457 SUSE bug 1233458 SUSE bug 1233460 SUSE bug 1233462 SUSE bug 1233463 SUSE bug 1233464 SUSE bug 1233465 SUSE bug 1233468 SUSE bug 1233471 SUSE bug 1233476 SUSE bug 1233478 SUSE bug 1233479 SUSE bug 1233481 SUSE bug 1233484 SUSE bug 1233485 SUSE bug 1233487 SUSE bug 1233490 SUSE bug 1233491 SUSE bug 1233523 SUSE bug 1233524 SUSE bug 1233540 SUSE bug 1233547 SUSE bug 1233548 SUSE bug 1233550 SUSE bug 1233552 SUSE bug 1233553 SUSE bug 1233554 SUSE bug 1233555 SUSE bug 1233557 SUSE bug 1233560 SUSE bug 1233561 SUSE bug 1233564 SUSE bug 1233566 SUSE bug 1233567 SUSE bug 1233568 SUSE bug 1233570 SUSE bug 1233572 SUSE bug 1233573 SUSE bug 1233577 SUSE bug 1233580 SUSE bug 1233640 SUSE bug 1233641 SUSE bug 1233642 SUSE bug 1233721 SUSE bug 1233754 SUSE bug 1233756 SUSE bug 1233769 SUSE bug 1233771 SUSE bug 1233977 SUSE bug 1234009 SUSE bug 1234011 SUSE bug 1234012 SUSE bug 1234025 SUSE bug 1234039 SUSE bug 1234040 SUSE bug 1234041 SUSE bug 1234042 SUSE bug 1234043 SUSE bug 1234044 SUSE bug 1234045 SUSE bug 1234046 SUSE bug 1234072 SUSE bug 1234078 SUSE bug 1234081 SUSE bug 1234083 SUSE bug 1234085 SUSE bug 1234087 SUSE bug 1234093 SUSE bug 1234098 SUSE bug 1234108 SUSE bug 1234121 SUSE bug 1234223 CVE-2023-52778 at SUSE CVE-2023-52778 at NVD CVE-2023-52920 at SUSE CVE-2023-52920 at NVD CVE-2023-52921 at SUSE CVE-2023-52921 at NVD CVE-2023-52922 at SUSE CVE-2023-52922 at NVD CVE-2024-26596 at SUSE CVE-2024-26596 at NVD CVE-2024-26703 at SUSE CVE-2024-26703 at NVD CVE-2024-26741 at SUSE CVE-2024-26741 at NVD CVE-2024-26782 at SUSE CVE-2024-26782 at NVD CVE-2024-26864 at SUSE CVE-2024-26864 at NVD CVE-2024-26953 at SUSE CVE-2024-26953 at NVD CVE-2024-27017 at SUSE CVE-2024-27017 at NVD CVE-2024-27407 at SUSE CVE-2024-27407 at NVD CVE-2024-35888 at SUSE CVE-2024-35888 at NVD CVE-2024-36000 at SUSE CVE-2024-36000 at NVD CVE-2024-36031 at SUSE CVE-2024-36031 at NVD CVE-2024-36484 at SUSE CVE-2024-36484 at NVD CVE-2024-36883 at SUSE CVE-2024-36883 at NVD CVE-2024-36886 at SUSE CVE-2024-36886 at NVD CVE-2024-36905 at SUSE CVE-2024-36905 at NVD CVE-2024-36920 at SUSE CVE-2024-36920 at NVD CVE-2024-36927 at SUSE CVE-2024-36927 at NVD CVE-2024-36954 at SUSE CVE-2024-36954 at NVD CVE-2024-36968 at SUSE CVE-2024-36968 at NVD CVE-2024-38589 at SUSE CVE-2024-38589 at NVD CVE-2024-40914 at SUSE CVE-2024-40914 at NVD CVE-2024-41023 at SUSE CVE-2024-41023 at NVD CVE-2024-42102 at SUSE CVE-2024-42102 at NVD CVE-2024-44995 at SUSE CVE-2024-44995 at NVD CVE-2024-46680 at SUSE CVE-2024-46680 at NVD CVE-2024-46681 at SUSE CVE-2024-46681 at NVD CVE-2024-46765 at SUSE CVE-2024-46765 at NVD CVE-2024-46788 at SUSE CVE-2024-46788 at NVD CVE-2024-46800 at SUSE CVE-2024-46800 at NVD CVE-2024-46828 at SUSE CVE-2024-46828 at NVD CVE-2024-46845 at SUSE CVE-2024-46845 at NVD CVE-2024-47666 at SUSE CVE-2024-47666 at NVD CVE-2024-47679 at SUSE CVE-2024-47679 at NVD CVE-2024-47701 at SUSE CVE-2024-47701 at NVD CVE-2024-47703 at SUSE CVE-2024-47703 at NVD CVE-2024-49868 at SUSE CVE-2024-49868 at NVD CVE-2024-49884 at SUSE CVE-2024-49884 at NVD CVE-2024-49888 at SUSE CVE-2024-49888 at NVD CVE-2024-49899 at SUSE CVE-2024-49899 at NVD CVE-2024-49905 at SUSE CVE-2024-49905 at NVD CVE-2024-49908 at SUSE CVE-2024-49908 at NVD CVE-2024-49911 at SUSE CVE-2024-49911 at NVD CVE-2024-49912 at SUSE CVE-2024-49912 at NVD CVE-2024-49921 at SUSE CVE-2024-49921 at NVD CVE-2024-49922 at SUSE CVE-2024-49922 at NVD CVE-2024-49923 at SUSE CVE-2024-49923 at NVD CVE-2024-49925 at SUSE CVE-2024-49925 at NVD CVE-2024-49933 at SUSE CVE-2024-49933 at NVD CVE-2024-49934 at SUSE CVE-2024-49934 at NVD CVE-2024-49944 at SUSE CVE-2024-49944 at NVD CVE-2024-49945 at SUSE CVE-2024-49945 at NVD CVE-2024-49952 at SUSE CVE-2024-49952 at NVD CVE-2024-49968 at SUSE CVE-2024-49968 at NVD CVE-2024-49975 at SUSE CVE-2024-49975 at NVD CVE-2024-49976 at SUSE CVE-2024-49976 at NVD CVE-2024-49983 at SUSE CVE-2024-49983 at NVD CVE-2024-49987 at SUSE CVE-2024-49987 at NVD CVE-2024-49989 at SUSE CVE-2024-49989 at NVD CVE-2024-50003 at SUSE CVE-2024-50003 at NVD CVE-2024-50004 at SUSE CVE-2024-50004 at NVD CVE-2024-50006 at SUSE CVE-2024-50006 at NVD CVE-2024-50009 at SUSE CVE-2024-50009 at NVD CVE-2024-50012 at SUSE CVE-2024-50012 at NVD CVE-2024-50014 at SUSE CVE-2024-50014 at NVD CVE-2024-50026 at SUSE CVE-2024-50026 at NVD CVE-2024-50067 at SUSE CVE-2024-50067 at NVD CVE-2024-50082 at SUSE CVE-2024-50082 at NVD CVE-2024-50084 at SUSE CVE-2024-50084 at NVD CVE-2024-50087 at SUSE CVE-2024-50087 at NVD CVE-2024-50088 at SUSE CVE-2024-50088 at NVD CVE-2024-50089 at SUSE CVE-2024-50089 at NVD CVE-2024-50093 at SUSE CVE-2024-50093 at NVD CVE-2024-50095 at SUSE CVE-2024-50095 at NVD CVE-2024-50096 at SUSE CVE-2024-50096 at NVD CVE-2024-50098 at SUSE CVE-2024-50098 at NVD CVE-2024-50099 at SUSE CVE-2024-50099 at NVD CVE-2024-50100 at SUSE CVE-2024-50100 at NVD CVE-2024-50101 at SUSE CVE-2024-50101 at NVD CVE-2024-50102 at SUSE CVE-2024-50102 at NVD CVE-2024-50103 at SUSE CVE-2024-50103 at NVD CVE-2024-50108 at SUSE CVE-2024-50108 at NVD CVE-2024-50110 at SUSE CVE-2024-50110 at NVD CVE-2024-50115 at SUSE CVE-2024-50115 at NVD CVE-2024-50116 at SUSE CVE-2024-50116 at NVD CVE-2024-50117 at SUSE CVE-2024-50117 at NVD CVE-2024-50121 at SUSE CVE-2024-50121 at NVD CVE-2024-50124 at SUSE CVE-2024-50124 at NVD CVE-2024-50125 at SUSE CVE-2024-50125 at NVD CVE-2024-50127 at SUSE CVE-2024-50127 at NVD CVE-2024-50128 at SUSE CVE-2024-50128 at NVD CVE-2024-50130 at SUSE CVE-2024-50130 at NVD CVE-2024-50131 at SUSE CVE-2024-50131 at NVD CVE-2024-50134 at SUSE CVE-2024-50134 at NVD CVE-2024-50135 at SUSE CVE-2024-50135 at NVD CVE-2024-50136 at SUSE CVE-2024-50136 at NVD CVE-2024-50138 at SUSE CVE-2024-50138 at NVD CVE-2024-50139 at SUSE CVE-2024-50139 at NVD CVE-2024-50141 at SUSE CVE-2024-50141 at NVD CVE-2024-50145 at SUSE CVE-2024-50145 at NVD CVE-2024-50146 at SUSE CVE-2024-50146 at NVD CVE-2024-50147 at SUSE CVE-2024-50147 at NVD CVE-2024-50148 at SUSE CVE-2024-50148 at NVD CVE-2024-50150 at SUSE CVE-2024-50150 at NVD CVE-2024-50153 at SUSE CVE-2024-50153 at NVD CVE-2024-50154 at SUSE CVE-2024-50154 at NVD CVE-2024-50155 at SUSE CVE-2024-50155 at NVD CVE-2024-50156 at SUSE CVE-2024-50156 at NVD CVE-2024-50157 at SUSE CVE-2024-50157 at NVD CVE-2024-50158 at SUSE CVE-2024-50158 at NVD CVE-2024-50159 at SUSE CVE-2024-50159 at NVD CVE-2024-50160 at SUSE CVE-2024-50160 at NVD CVE-2024-50166 at SUSE CVE-2024-50166 at NVD CVE-2024-50167 at SUSE CVE-2024-50167 at NVD CVE-2024-50169 at SUSE CVE-2024-50169 at NVD CVE-2024-50171 at SUSE CVE-2024-50171 at NVD CVE-2024-50172 at SUSE CVE-2024-50172 at NVD CVE-2024-50175 at SUSE CVE-2024-50175 at NVD CVE-2024-50176 at SUSE CVE-2024-50176 at NVD CVE-2024-50177 at SUSE CVE-2024-50177 at NVD CVE-2024-50179 at SUSE CVE-2024-50179 at NVD CVE-2024-50180 at SUSE CVE-2024-50180 at NVD CVE-2024-50181 at SUSE CVE-2024-50181 at NVD CVE-2024-50182 at SUSE CVE-2024-50182 at NVD CVE-2024-50183 at SUSE CVE-2024-50183 at NVD CVE-2024-50184 at SUSE CVE-2024-50184 at NVD CVE-2024-50186 at SUSE CVE-2024-50186 at NVD CVE-2024-50187 at SUSE CVE-2024-50187 at NVD CVE-2024-50188 at SUSE CVE-2024-50188 at NVD CVE-2024-50189 at SUSE CVE-2024-50189 at NVD CVE-2024-50192 at SUSE CVE-2024-50192 at NVD CVE-2024-50194 at SUSE CVE-2024-50194 at NVD CVE-2024-50195 at SUSE CVE-2024-50195 at NVD CVE-2024-50196 at SUSE CVE-2024-50196 at NVD CVE-2024-50198 at SUSE CVE-2024-50198 at NVD CVE-2024-50200 at SUSE CVE-2024-50200 at NVD CVE-2024-50201 at SUSE CVE-2024-50201 at NVD CVE-2024-50205 at SUSE CVE-2024-50205 at NVD CVE-2024-50208 at SUSE CVE-2024-50208 at NVD CVE-2024-50209 at SUSE CVE-2024-50209 at NVD CVE-2024-50210 at SUSE CVE-2024-50210 at NVD CVE-2024-50215 at SUSE CVE-2024-50215 at NVD CVE-2024-50216 at SUSE CVE-2024-50216 at NVD CVE-2024-50218 at SUSE CVE-2024-50218 at NVD CVE-2024-50221 at SUSE CVE-2024-50221 at NVD CVE-2024-50224 at SUSE CVE-2024-50224 at NVD CVE-2024-50225 at SUSE CVE-2024-50225 at NVD CVE-2024-50228 at SUSE CVE-2024-50228 at NVD CVE-2024-50229 at SUSE CVE-2024-50229 at NVD CVE-2024-50230 at SUSE CVE-2024-50230 at NVD CVE-2024-50231 at SUSE CVE-2024-50231 at NVD CVE-2024-50232 at SUSE CVE-2024-50232 at NVD CVE-2024-50233 at SUSE CVE-2024-50233 at NVD CVE-2024-50234 at SUSE CVE-2024-50234 at NVD CVE-2024-50235 at SUSE CVE-2024-50235 at NVD CVE-2024-50236 at SUSE CVE-2024-50236 at NVD CVE-2024-50237 at SUSE CVE-2024-50237 at NVD CVE-2024-50240 at SUSE CVE-2024-50240 at NVD CVE-2024-50245 at SUSE CVE-2024-50245 at NVD CVE-2024-50246 at SUSE CVE-2024-50246 at NVD CVE-2024-50248 at SUSE CVE-2024-50248 at NVD CVE-2024-50249 at SUSE CVE-2024-50249 at NVD CVE-2024-50250 at SUSE CVE-2024-50250 at NVD CVE-2024-50252 at SUSE CVE-2024-50252 at NVD CVE-2024-50255 at SUSE CVE-2024-50255 at NVD CVE-2024-50257 at SUSE CVE-2024-50257 at NVD CVE-2024-50261 at SUSE CVE-2024-50261 at NVD CVE-2024-50264 at SUSE CVE-2024-50264 at NVD CVE-2024-50265 at SUSE CVE-2024-50265 at NVD CVE-2024-50267 at SUSE CVE-2024-50267 at NVD CVE-2024-50268 at SUSE CVE-2024-50268 at NVD CVE-2024-50269 at SUSE CVE-2024-50269 at NVD CVE-2024-50271 at SUSE CVE-2024-50271 at NVD CVE-2024-50273 at SUSE CVE-2024-50273 at NVD CVE-2024-50274 at SUSE CVE-2024-50274 at NVD CVE-2024-50275 at SUSE CVE-2024-50275 at NVD CVE-2024-50276 at SUSE CVE-2024-50276 at NVD CVE-2024-50279 at SUSE CVE-2024-50279 at NVD CVE-2024-50282 at SUSE CVE-2024-50282 at NVD CVE-2024-50287 at SUSE CVE-2024-50287 at NVD CVE-2024-50289 at SUSE CVE-2024-50289 at NVD CVE-2024-50290 at SUSE CVE-2024-50290 at NVD CVE-2024-50292 at SUSE CVE-2024-50292 at NVD CVE-2024-50295 at SUSE CVE-2024-50295 at NVD CVE-2024-50296 at SUSE CVE-2024-50296 at NVD CVE-2024-50298 at SUSE CVE-2024-50298 at NVD CVE-2024-50301 at SUSE CVE-2024-50301 at NVD CVE-2024-50302 at SUSE CVE-2024-50302 at NVD CVE-2024-53042 at SUSE CVE-2024-53042 at NVD CVE-2024-53043 at SUSE CVE-2024-53043 at NVD CVE-2024-53045 at SUSE CVE-2024-53045 at NVD CVE-2024-53048 at SUSE CVE-2024-53048 at NVD CVE-2024-53051 at SUSE CVE-2024-53051 at NVD CVE-2024-53052 at SUSE CVE-2024-53052 at NVD CVE-2024-53055 at SUSE CVE-2024-53055 at NVD CVE-2024-53056 at SUSE CVE-2024-53056 at NVD CVE-2024-53058 at SUSE CVE-2024-53058 at NVD CVE-2024-53059 at SUSE CVE-2024-53059 at NVD CVE-2024-53060 at SUSE CVE-2024-53060 at NVD CVE-2024-53061 at SUSE CVE-2024-53061 at NVD CVE-2024-53063 at SUSE CVE-2024-53063 at NVD CVE-2024-53066 at SUSE CVE-2024-53066 at NVD CVE-2024-53068 at SUSE CVE-2024-53068 at NVD CVE-2024-53072 at SUSE CVE-2024-53072 at NVD CVE-2024-53074 at SUSE CVE-2024-53074 at NVD CVE-2024-53076 at SUSE CVE-2024-53076 at NVD CVE-2024-53079 at SUSE CVE-2024-53079 at NVD CVE-2024-53081 at SUSE CVE-2024-53081 at NVD CVE-2024-53082 at SUSE CVE-2024-53082 at NVD CVE-2024-53085 at SUSE CVE-2024-53085 at NVD CVE-2024-53088 at SUSE CVE-2024-53088 at NVD CVE-2024-53093 at SUSE CVE-2024-53093 at NVD CVE-2024-53094 at SUSE CVE-2024-53094 at NVD CVE-2024-53095 at SUSE CVE-2024-53095 at NVD CVE-2024-53096 at SUSE CVE-2024-53096 at NVD CVE-2024-53100 at SUSE CVE-2024-53100 at NVD CVE-2024-53101 at SUSE CVE-2024-53101 at NVD CVE-2024-53104 at SUSE CVE-2024-53104 at NVD CVE-2024-53106 at SUSE CVE-2024-53106 at NVD CVE-2024-53108 at SUSE CVE-2024-53108 at NVD CVE-2024-53110 at SUSE CVE-2024-53110 at NVD CVE-2024-53112 at SUSE CVE-2024-53112 at NVD CVE-2024-53114 at SUSE CVE-2024-53114 at NVD CVE-2024-53121 at SUSE CVE-2024-53121 at NVD CVE-2024-53138 at SUSE CVE-2024-53138 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642). - CVE-2023-52778: mptcp: deal with large GSO size (bsc#1224948). - CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking (bsc#1232823). - CVE-2023-6270: aoe: fix the potential use-after-free problem in more places (bsc#1218562). - CVE-2024-26596: net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events (bsc#1220355). - CVE-2024-26741: dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished() (bsc#1222587). - CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590). - CVE-2024-26953: net: esp: fix bad handling of pages from page_pool (bsc#1223656). - CVE-2024-27017: netfilter: nft_set_pipapo: walk over current view on netlink dump (bsc#1223733). - CVE-2024-35888: erspan: make sure erspan_base_hdr is present in skb->head (bsc#1224518). - CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548). - CVE-2024-36244: net/sched: taprio: extend minimum interval restriction to entire cycle too (bsc#1226797). - CVE-2024-36883: net: fix out-of-bounds access in ops_init (bsc#1225725). - CVE-2024-36886: tipc: fix UAF in error path (bsc#1225730). - CVE-2024-36905: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (bsc#1225742). - CVE-2024-36927: ipv4: Fix uninit-value access in __ip_make_skb() (bsc#1225813). - CVE-2024-36954: tipc: fix a possible memleak in tipc_buf_append (bsc#1225764). - CVE-2024-36968: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() (bsc#1226130). - CVE-2024-38589: netrom: fix possible dead-lock in nr_rt_ioctl() (bsc#1226748). - CVE-2024-40914: mm/huge_memory: do not unpoison huge_zero_folio (bsc#1227842). - CVE-2024-41023: sched/deadline: Fix task_struct reference leak (bsc#1228430). - CVE-2024-41031: mm/filemap: skip to create PMD-sized page cache if needed (bsc#1228454). - CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620). - CVE-2024-42102: Revert 'mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again' (bsc#1233132). - CVE-2024-44958: sched/smt: Fix unbalance sched_smt_present dec/inc (bsc#1230179). - CVE-2024-44995: net: hns3: fix a deadlock problem when config TC during resetting (bsc#1230231). - CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429). - CVE-2024-45025: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (bsc#1230456). - CVE-2024-46678: bonding: change ipsec_lock from spin lock to mutex (bsc#1230550). - CVE-2024-46680: Bluetooth: btnxpuart: Fix random crash seen while removing driver (bsc#1230557). - CVE-2024-46681: pktgen: use cpus_read_lock() in pg_net_init() (bsc#1230558). - CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710) - CVE-2024-46754: bpf: Remove tst_run from lwt_seg6local_prog_ops (bsc#1230801). - CVE-2024-46765: ice: protect XDP configuration with a mutex (bsc#1230807). - CVE-2024-46766: ice: move netif_queue_set_napi to rtnl-protected sections (bsc#1230762). - CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763). - CVE-2024-46775: drm/amd/display: Validate function returns (bsc#1230774). - CVE-2024-46777: udf: Avoid excessive partition lengths (bsc#1230773). - CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827). - CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191). - CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197). - CVE-2024-46826: ELF: fix kernel.randomize_va_space double read (bsc#1231115). - CVE-2024-46828: sched: sch_cake: fix bulk flow accounting logic for host fairness (bsc#1231114). - CVE-2024-46831: net: microchip: vcap: Fix use-after-free error in kunit test (bsc#1231117). - CVE-2024-46834: ethtool: fail closed if we can't get max channel used in indirection tables (bsc#1231096). - CVE-2024-46840: btrfs: clean up our handling of refs == 0 in snapshot delete (bsc#1231105). - CVE-2024-46841: btrfs: do not BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() (bsc#1231094). - CVE-2024-46843: scsi: ufs: core: Remove SCSI host only if added (bsc#1231100). - CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084). - CVE-2024-46855: netfilter: nft_socket: fix sk refcount leaks (bsc#1231085). - CVE-2024-46857: net/mlx5: Fix bridge mode operations when there are no VFs (bsc#1231087). - CVE-2024-46870: drm/amd/display: Disable DMCUB timeout for DCN35 (bsc#1231435). - CVE-2024-47658: crypto: stm32/cryp - call finalize with bh disabled (bsc#1231436). - CVE-2024-47660: fsnotify: clear PARENT_WATCHED flags lazily (bsc#1231439). - CVE-2024-47664: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware (bsc#1231442). - CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673). - CVE-2024-47679: vfs: fix race between evice_inodes() and find_inode()&iput() (bsc#1231930). - CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987). - CVE-2024-47685: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (bsc#1231998). - CVE-2024-47687: vdpa/mlx5: Fix invalid mr resource destroy (bsc#1232003). - CVE-2024-47692: nfsd: return -EINVAL when namelen is 0 (bsc#1231857). - CVE-2024-47701: ext4: avoid OOB when system.data xattr changes underneath the filesystem (bsc#1231920). - CVE-2024-47703: bpf, lsm: add check for BPF LSM return value (bsc#1231946). - CVE-2024-47704: drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944). - CVE-2024-47705: block: fix potential invalid pointer dereference in blk_add_partition (bsc#1231872). - CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942). - CVE-2024-47707: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (bsc#1231935). - CVE-2024-47710: sock_map: Add a cond_resched() in sock_hash_free() (bsc#1232049). - CVE-2024-47727: x86/tdx: Fix 'in-kernel MMIO' check (bsc#1232116). - CVE-2024-47730: crypto: hisilicon/qm - inject error before stopping queue (bsc#1232075). - CVE-2024-47731: drivers/perf: Fix ali_drw_pmu driver interrupt status clearing (bsc#1232117). - CVE-2024-47739: padata: use integer wrap around to prevent deadlock on seq_nr overflow (bsc#1232124). - CVE-2024-47741: btrfs: fix race setting file private on concurrent lseek using same fd (bsc#1231869). - CVE-2024-47745: mm: call the security_mmap_file() LSM hook in remap_file_pages() (bsc#1232135). - CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145). - CVE-2024-47752: media: mediatek: vcodec: Fix H264 stateless decoder smatch warning (bsc#1232130). - CVE-2024-47753: media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning (bsc#1231868). - CVE-2024-47754: media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning (bsc#1232131). - CVE-2024-49852: scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() (bsc#1232819). - CVE-2024-49864: rxrpc: Fix a race between socket set up and I/O thread creation (bsc#1232256). - CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner kthread during umount (bsc#1232262). - CVE-2024-49868: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion (bsc#1232272). - CVE-2024-49881: ext4: update orig_path in ext4_find_extent() (bsc#1232201). - CVE-2024-49882: ext4: fix double brelse() the buffer of the extents path (bsc#1232200). - CVE-2024-49883: ext4: aovid use-after-free in ext4_ext_insert_extent() (bsc#1232199). - CVE-2024-49888: bpf: Fix a sdiv overflow issue (bsc#1232208). - CVE-2024-49890: drm/amd/pm: ensure the fw_info is not null before using it (bsc#1232217). - CVE-2024-49892: drm/amd/display: Initialize get_bytes_per_element's default to 1 (bsc#1232220). - CVE-2024-49894: drm/amd/display: Fix index out of bounds in degamma hardware format translation (bsc#1232354). - CVE-2024-49895: drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation (bsc#1232352). - CVE-2024-49896: drm/amd/display: Check stream before comparing them (bsc#1232221). - CVE-2024-49897: drm/amd/display: Check phantom_stream before it is used (bsc#1232355). - CVE-2024-49898: drm/amd/display: Check null-initialized variables (bsc#1232222). - CVE-2024-49899: drm/amd/display: Initialize denominators' default to 1 (bsc#1232358). - CVE-2024-49901: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs (bsc#1232305). - CVE-2024-49906: drm/amd/display: Check null pointer before try to access it (bsc#1232332). - CVE-2024-49907: drm/amd/display: Check null pointers before using dc->clk_mgr (bsc#1232334). - CVE-2024-49908: drm/amd/display: Add null check for 'afb' in amdgpu_dm_update_cursor (bsc#1232335). - CVE-2024-49909: drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func (bsc#1232337). - CVE-2024-49911: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func (bsc#1232366). - CVE-2024-49912: drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' (bsc#1232367). - CVE-2024-49913: drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream (bsc#1232307). - CVE-2024-49914: drm/amd/display: Add null check for pipe_ctx->plane_state in (bsc#1232369). - CVE-2024-49917: drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw (bsc#1231965). - CVE-2024-49918: drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer (bsc#1231967). - CVE-2024-49919: drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer (bsc#1231968). - CVE-2024-49920: drm/amd/display: Check null pointers before multiple uses (bsc#1232313). - CVE-2024-49921: drm/amd/display: Check null pointers before used (bsc#1232371). - CVE-2024-49922: drm/amd/display: Check null pointers before using them (bsc#1232374). - CVE-2024-49923: drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags (bsc#1232361). - CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224) - CVE-2024-49933: blk_iocost: fix more out of bound shifts (bsc#1232368). - CVE-2024-49934: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name (bsc#1232387). - CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424). - CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (bsc#1232166). - CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165). - CVE-2024-49946: ppp: do not assume bh is held in ppp_channel_bridge_input() (bsc#1232164). - CVE-2024-49949: net: avoid potential underflow in qdisc_pkt_len_init() with UFO (bsc#1232160). - CVE-2024-49950: Bluetooth: L2CAP: Fix uaf in l2cap_connect (bsc#1232159). - CVE-2024-49952: netfilter: nf_tables: prevent nf_skb_duplicated corruption (bsc#1232157). - CVE-2024-49953: net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice (bsc#1232156). - CVE-2024-49954: static_call: Replace pointless WARN_ON() in static_call_module_notify() (bsc#1232155). - CVE-2024-49958: ocfs2: reserve space for inline xattr before attaching reflink tree (bsc#1232151). - CVE-2024-49959: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (bsc#1232149). - CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395). - CVE-2024-49967: ext4: no need to continue when the number of entries is 1 (bsc#1232140). - CVE-2024-49968: ext4: filesystems without casefold feature cannot be mounted with siphash (bsc#1232264). - CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519). - CVE-2024-49972: drm/amd/display: Deallocate DML memory if allocation fails (bsc#1232315). - CVE-2024-49973: r8169: add tally counter fields added with RTL8125 (bsc#1232105). - CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383). - CVE-2024-49983: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free (bsc#1232096). - CVE-2024-49986: platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors (bsc#1232093). - CVE-2024-49987: bpftool: Fix undefined behavior in qsort(NULL, 0, ...) (bsc#1232258). - CVE-2024-49989: drm/amd/display: fix double free issue during amdgpu module unload (bsc#1232483). - CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282). - CVE-2024-49993: iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count (bsc#1232316). - CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432). - CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089). - CVE-2024-50000: net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (bsc#1232085). - CVE-2024-50001: net/mlx5: Fix error path in multi-packet WQE transmit (bsc#1232084). - CVE-2024-50002: static_call: Handle module init failure correctly in static_call_del_module() (bsc#1232083). - CVE-2024-50003: drm/amd/display: Fix system hang while resume with TBT monitor (bsc#1232385). - CVE-2024-50004: drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35 (bsc#1232396). - CVE-2024-50006: ext4: fix i_data_sem unlock order in ext4_ind_migrate() (bsc#1232442). - CVE-2024-50009: cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value (bsc#1232318). - CVE-2024-50012: cpufreq: Avoid a bad reference count on CPU node (bsc#1232386). - CVE-2024-50014: ext4: fix access to uninitialised lock in fc replay path (bsc#1232446). - CVE-2024-50015: ext4: dax: fix overflowing extents beyond inode size when partially writing (bsc#1232079). - CVE-2024-50020: ice: Fix improper handling of refcount in ice_sriov_set_msix_vec_count() (bsc#1231989). - CVE-2024-50021: ice: Fix improper handling of refcount in ice_dpll_init_rclk_pins() (bsc#1231957). - CVE-2024-50022: device-dax: correct pgoff align in dax_set_mapping() (bsc#1231956). - CVE-2024-50024: net: Fix an unsafe loop on the list (bsc#1231954). - CVE-2024-50027: thermal: core: Free tzp copy along with the thermal zone (bsc#1231951). - CVE-2024-50028: thermal: core: Reference count the zone in thermal_zone_get_by_id() (bsc#1231950). - CVE-2024-50033: slip: make slhc_remember() more robust against malicious packets (bsc#1231914). - CVE-2024-50035: ppp: fix ppp_async_encode() illegal access (bsc#1232392). - CVE-2024-50040: igb: Do not bring the device up after non-fatal error (bsc#1231908). - CVE-2024-50041: i40e: Fix macvlan leak by synchronizing access to mac_filter_hash (bsc#1231907). - CVE-2024-50042: ice: Fix increasing MSI-X on VF (bsc#1231906). - CVE-2024-50045: netfilter: br_netfilter: fix panic with metadata_dst skb (bsc#1231903). - CVE-2024-50046: NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (bsc#1231902). - CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418). - CVE-2024-50059: ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (bsc#1232345). - CVE-2024-50060: io_uring: check if we need to reschedule during overflow flush (bsc#1232417). - CVE-2024-50063: bpf: Prevent tail call between progs attached to different hooks (bsc#1232435). - CVE-2024-50064: zram: free secondary algorithms names (bsc#1231901). - CVE-2024-50080: ublk: do not allow user copy for unprivileged device (bsc#1232502). - CVE-2024-50081: blk-mq: setup queue ->tag_set before initializing hctx (bsc#1232501). - CVE-2024-50082: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (bsc#1232500). - CVE-2024-50084: net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test() (bsc#1232494). - CVE-2024-50087: btrfs: fix uninitialized pointer free on read_alloc_one_name() error (bsc#1232499). - CVE-2024-50088: btrfs: fix uninitialized pointer free in add_inode_ref() (bsc#1232498). - CVE-2024-50098: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down (bsc#1232881). - CVE-2024-50110: xfrm: fix one more kernel-infoleak in algo dumping (bsc#1232885). - CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919). - CVE-2024-50124: Bluetooth: ISO: Fix UAF on iso_sock_timeout (bsc#1232926). - CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928). - CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907). - CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905). - CVE-2024-50130: netfilter: bpf: must hold reference on net namespace (bsc#1232894). - CVE-2024-50138: bpf: Use raw_spinlock_t in ringbuf (bsc#1232935). - CVE-2024-50139: KVM: arm64: Fix shift-out-of-bounds bug (bsc#1233062). - CVE-2024-50145: octeon_ep: add SKB allocation failures handling in __octep_oq_process_rx() (bsc#1233044). - CVE-2024-50153: scsi: target: core: Fix null-ptr-deref in target_alloc_device() (bsc#1233061). - CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070). - CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices (bsc#1233050). - CVE-2024-50167: be2net: fix potential memory leak in be_xmit() (bsc#1233049). - CVE-2024-50169: vsock: Update rx_bytes on read_skb() (bsc#1233320). - CVE-2024-50171: net: systemport: fix potential memory leak in bcm_sysport_xmit() (bsc#1233057). - CVE-2024-50177: drm/amd/display: fix a UBSAN warning in DML2.1 (bsc#1233115). - CVE-2024-50182: secretmem: disable memfd_secret() if arch cannot set direct map (bsc#1233129). - CVE-2024-50184: virtio_pmem: Check device status before requesting flush (bsc#1233135). - CVE-2024-50186: net: explicitly clear the sk pointer, when pf->create fails (bsc#1233110). - CVE-2024-50192: irqchip/gic-v4: Do not allow a VMOVP on a dying VPE (bsc#1233106). - CVE-2024-50195: posix-clock: Fix missing timespec64 check in pc_clock_settime() (bsc#1233103). - CVE-2024-50225: btrfs: fix error propagation of split bios (bsc#1233193). - CVE-2024-50230: nilfs2: fix kernel bug due to missing clearing of checked flag (bsc#1233206). - CVE-2024-50245: fs/ntfs3: Fix possible deadlock in mi_read (bsc#1233203). - CVE-2024-50246: fs/ntfs3: Add rough attr alloc_size check (bsc#1233207). - CVE-2024-50250: fsdax: dax_unshare_iter needs to copy entire blocks (bsc#1233226). - CVE-2024-50252: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address (bsc#1233201). - CVE-2024-50257: netfilter: Fix use-after-free in get_info() (bsc#1233244). - CVE-2024-50261: macsec: Fix use-after-free while sending the offloading packet (bsc#1233253). - CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453). - CVE-2024-50271: signal: restore the override_rlimit logic (bsc#1233460). - CVE-2024-50273: btrfs: reinitialize delayed ref list after deleting it from the list (bsc#1233462). - CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463). - CVE-2024-50275: arm64/sve: Discard stale CPU state when handling SVE traps (bsc#1233464). - CVE-2024-50276: net: vertexcom: mse102x: Fix possible double free of TX skb (bsc#1233465). - CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468). - CVE-2024-50289: media: av7110: fix a spectre vulnerability (bsc#1233478). - CVE-2024-50295: net: arc: fix the device for dma_map_single/dma_unmap_single (bsc#1233484). - CVE-2024-50296: net: hns3: fix kernel crash when uninstalling driver (bsc#1233485). - CVE-2024-50298: net: enetc: allocate vf_state during PF probes (bsc#1233487). - CVE-2024-53042: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() (bsc#1233540). - CVE-2024-53043: mctp i2c: handle NULL header address (bsc#1233523). - CVE-2024-53048: ice: fix crash on probe for DPLL enabled E810 LOM (bsc#1233721). - CVE-2024-53051: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability (bsc#1233547). - CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction (bsc#1233550). - CVE-2024-53056: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() (bsc#1233568). - CVE-2024-53058: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data (bsc#1233552). - CVE-2024-53079: mm/thp: fix deferred split unqueue naming and locking (bsc#1233570). - CVE-2024-53082: virtio_net: Add hash_key_length check (bsc#1233573). - CVE-2024-53110: vp_vdpa: fix id_table array not null terminated error (bsc#1234085). - CVE-2024-53121: net/mlx5: fs, lock FTE when checking if active (bsc#1234078). - CVE-2024-53138: net/mlx5e: kTLS, Fix incorrect page refcounting (bsc#1234223). The following non-security bugs were fixed: - 9p: explicitly deny setlease attempts (git-fixes). - ACPI: CPPC: Add support for setting EPP register in FFH (stable-fixes). - ACPI: CPPC: Fix _CPC register setting issue (git-fixes). - ACPI: CPPC: Make rmw_lock a raw_spin_lock (git-fixes). - ACPI: EC: Do not release locks during operation region accesses (stable-fixes). - ACPI: PAD: fix crash in exit_round_robin() (stable-fixes). - ACPI: PRM: Clean up guid type in struct prm_handler_info (git-fixes). - ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (git-fixes). - ACPI: battery: Fix possible crash when unregistering a battery hook (git-fixes). - ACPI: battery: Simplify battery hook locking (stable-fixes). - ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue (stable-fixes). - ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] (stable-fixes). - ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] (stable-fixes). - ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[] (stable-fixes). - ACPI: resource: Add another DMI match for the TongFang GMxXGxx (stable-fixes). - ACPI: video: Add force_vendor quirk for Panasonic Toughbook CF-18 (stable-fixes). - ACPICA: Fix memory leak if acpi_ps_get_next_field() fails (stable-fixes). - ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails (stable-fixes). - ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (stable-fixes). - ACPICA: iasl: handle empty connection_node (stable-fixes). - ALSA/hda: intel-sdw-acpi: cleanup sdw_intel_scan_controller (stable-fixes). - ALSA/hda: intel-sdw-acpi: fetch fwnode once in sdw_intel_scan_controller() (stable-fixes). - ALSA/hda: intel-sdw-acpi: simplify sdw-master-count property read (stable-fixes). - ALSA: 6fire: Release resources at card release (git-fixes). - ALSA: Reorganize kerneldoc parameter names (stable-fixes). - ALSA: ac97: bus: Fix the mistake in the comment (git-fixes). - ALSA: asihpi: Fix potential OOB array access (stable-fixes). - ALSA: caiaq: Use snd_card_free_when_closed() at disconnection (git-fixes). - ALSA: core: add isascii() check to card ID generator (stable-fixes). - ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (git-fixes). - ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init() (git-fixes). - ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2 (stable-fixes). - ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2 (git-fixes). - ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin (git-fixes). - ALSA: hda/conexant: fix Z60MR100 startup pop issue (stable-fixes). - ALSA: hda/conexant: fix some typos (stable-fixes). - ALSA: hda/cs8409: Fix possible NULL dereference (git-fixes). - ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs (bsc#1219803). - ALSA: hda/realtek - Fixed Clevo platform headset Mic issue (stable-fixes). - ALSA: hda/realtek - update set GPIO3 to default for Thinkpad with ALC1318 (git-fixes). - ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200 (stable-fixes). - ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 (stable-fixes). - ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 (stable-fixes). - ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13 (stable-fixes). - ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360 (NP730QFG) (stable-fixes). - ALSA: hda/realtek: Apply quirk for Medion E15433 (bsc#1233298). - ALSA: hda/realtek: Enable mic on Vaio VJFH52 (stable-fixes). - ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8 (stable-fixes). - ALSA: hda/realtek: Enable speaker pins for Medion E15443 platform (bsc#1233298). - ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max (bsc#1233298). - ALSA: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3 (stable-fixes). - ALSA: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1 (stable-fixes). - ALSA: hda/realtek: Fix the push button function for the ALC257 (git-fixes). - ALSA: hda/realtek: Limit internal Mic boost on Dell platform (stable-fixes). - ALSA: hda/realtek: Refactor and simplify Samsung Galaxy Book init (stable-fixes). - ALSA: hda/realtek: Set PCBeep to default value for ALC274 (stable-fixes). - ALSA: hda/realtek: Update ALC225 depop procedure (git-fixes). - ALSA: hda/realtek: Update ALC256 depop procedure (git-fixes). - ALSA: hda/realtek: Update default depop procedure (git-fixes). - ALSA: hda/realtek: fix mute/micmute LED for HP mt645 G8 (stable-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10 (stable-fixes). - ALSA: hda/realtek: tas2781: Fix ROG ALLY X audio (stable-fixes). - ALSA: hda/tas2781: Add new quirk for Lenovo Y990 Laptop (stable-fixes). - ALSA: hda/tas2781: Add new quirk for Lenovo, ASUS, Dell projects (stable-fixes). - ALSA: hda/tas2781: select CRC32 instead of CRC32_SARWATE (git-fixes). - ALSA: hda: Poll jack events for LS7A HD-Audio (stable-fixes). - ALSA: hda: Show the codec quirk info at probing (stable-fixes). - ALSA: hda: Sound support for HP Spectre x360 16 inch model 2024 (stable-fixes). - ALSA: hda: tas2781: Fix missing setup at runtime PM (bsc#1230132). - ALSA: hdsp: Break infinite MIDI input flush loop (stable-fixes). - ALSA: ice1712: Remove redundant code in stac9460_dac_vol_put (stable-fixes). - ALSA: line6: add hw monitor volume control to POD HD500X (stable-fixes). - ALSA: line6: update contact information (stable-fixes). - ALSA: mixer_oss: Remove some incorrect kfree_const() usages (git-fixes). - ALSA: pcm: Add sanity NULL check for the default mmap fault handler (stable-fixes). - ALSA: silence integer wrapping warning (stable-fixes). - ALSA: ump: Fix evaluation of MIDI 1.0 FB info (git-fixes). - ALSA: us122l: Use snd_card_free_when_closed() at disconnection (git-fixes). - ALSA: usb-audio: Add Pioneer DJ/AlphaTheta DJM-A9 Mixer (stable-fixes). - ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET (stable-fixes). - ALSA: usb-audio: Add input value sanity checks for standard types (stable-fixes). - ALSA: usb-audio: Add logitech Audio profile quirk (stable-fixes). - ALSA: usb-audio: Add native DSD support for Luxman D-08u (stable-fixes). - ALSA: usb-audio: Add quirk for HP 320 FHD Webcam (bsc#1232768). - ALSA: usb-audio: Add quirks for Dell WD19 dock (stable-fixes). - ALSA: usb-audio: Define macros for quirk table entries (stable-fixes). - ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry (stable-fixes). - ALSA: usb-audio: Fix a DMA to stack memory bug (git-fixes). - ALSA: usb-audio: Fix out of bounds reads when finding clock sources (stable-fixes). - ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (git-fixes). - ALSA: usb-audio: Make mic volume workarounds globally applicable (stable-fixes). - ALSA: usb-audio: Replace complex quirk lines with macros (stable-fixes). - ALSA: usb-audio: Use snprintf instead of sprintf in build_mixer_unit_ctl (stable-fixes). - ALSA: usb-audio: add mixer mapping for Corsair HS80 (stable-fixes). - ALSA: usx2y: Use snd_card_free_when_closed() at disconnection (git-fixes). - ASoC: Intel: avs: da7219: Remove suspend_pre() and resume_post() (stable-fixes). - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet (stable-fixes). - ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated codec (stable-fixes). - ASoC: Intel: sst: Fix used of uninitialized ctx to log an error (git-fixes). - ASoC: Intel: sst: Support LPE0F28 ACPI HID (stable-fixes). - ASoC: SOF: Add i2s bt dai configuration support for AMD platforms (bsc#1233305). - ASoC: SOF: Add support for configuring PDM interface from topology (bsc#1233305). - ASoC: SOF: Deprecate invalid enums in IPC3 (bsc#1233305). - ASoC: SOF: IPC4: get pipeline priority from topology (bsc#1233305). - ASoC: SOF: IPC4: synchronize fw_config_params with fw definitions (bsc#1233305). - ASoC: SOF: Refactor sof_i2s_tokens reading to update acpbt dai (bsc#1233305). - ASoC: SOF: Rename amd_bt sof_dai_type (bsc#1233305). - ASoC: SOF: Wire up buffer flags (bsc#1233305). - ASoC: SOF: add alignment for topology header file struct definition (bsc#1233305). - ASoC: SOF: align topology header file with sof topology header (bsc#1233305). - ASoC: SOF: ipc3-topology: Convert the topology pin index to ALH dai index (git-fixes). - ASoC: SOF: ipc3-topology: fix resource leaks in sof_ipc3_widget_setup_comp_dai() (git-fixes). - ASoC: SOF: ipc4-control: Add support for ALSA enum control (bsc#1233305). - ASoC: SOF: ipc4-control: Add support for ALSA switch control (bsc#1233305). - ASoC: SOF: ipc4-mtrace: move debug slot related definitions to header.h (bsc#1233305). - ASoC: SOF: ipc4-topology: Add deep buffer size to debug prints (bsc#1233305). - ASoC: SOF: ipc4-topology: Add definition for generic switch/enum control (bsc#1233305). - ASoC: SOF: ipc4-topology: Add module ID print during module set up (bsc#1233305). - ASoC: SOF: ipc4-topology: Helper to find an swidget by module/instance id (bsc#1233305). - ASoC: SOF: ipc4-topology: Only handle dai_config with HW_PARAMS for ChainDMA (bsc#1233305). - ASoC: SOF: ipc4-topology: change chain_dma handling in dai_config (bsc#1233305). - ASoC: SOF: ipc4-topology: export sof_ipc4_copier_is_single_format (bsc#1233305). - ASoC: SOF: ipc4-topology: set config_length based on device_count (bsc#1233305). - ASoC: SOF: ipc4: Add data struct for module notification message from firmware (bsc#1233305). - ASoC: SOF: ipc4: Add new message type: SOF_IPC4_GLB_LOAD_LIBRARY_PREPARE (bsc#1233305). - ASoC: SOF: sof-client-probes-ipc4: Set param_size extension bits (git-fixes). - ASoC: SOF: topology: Parse DAI type token for dspless mode (bsc#1233305). - ASoC: SOF: topology: dynamically allocate and store DAI widget->private (bsc#1233305). - ASoC: amd: yc: Add quirk for ASUS Vivobook S15 M3502RA (stable-fixes). - ASoC: amd: yc: Add quirk for HP Dragonfly pro one (stable-fixes). - ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry (git-fixes). - ASoC: amd: yc: Fix non-functional mic on ASUS E1404FA (stable-fixes). - ASoC: amd: yc: Support dmic on another model of Lenovo Thinkpad E14 Gen 6 (stable-fixes). - ASoC: amd: yc: fix internal mic on Xiaomi Book Pro 14 2022 (stable-fixes). - ASoC: atmel: mchp-pdmc: Skip ALSA restoration if substream runtime is uninitialized (git-fixes). - ASoC: audio-graph-card2: Purge absent supplies for device tree nodes (stable-fixes). - ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() (git-fixes). - ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values (stable-fixes). - ASoC: codecs: rt5640: Always disable IRQs from rt5640_cancel_work() (stable-fixes). - ASoC: codecs: wsa883x: Handle reading version failure (stable-fixes). - ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() (git-fixes). - ASoC: dapm: fix bounds checker error in dapm_widget_list_create (git-fixes). - ASoC: fsl_micfil: Add sample rate constraint (stable-fixes). - ASoC: fsl_micfil: fix regmap_write_bits usage (git-fixes). - ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit (stable-fixes). - ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m (git-fixes). - ASoC: max98388: Fix missing increment of variable slot_found (git-fixes). - ASoC: mediatek: mt8188-mt6359: Remove hardcoded dmic codec (git-fixes). - ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() (git-fixes). - ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string (stable-fixes). - ASoC: rt722-sdca: Remove logically deadcode in rt722-sdca.c (git-fixes). - ASoC: rt722-sdca: increase clk_stop_timeout to fix clock stop issue (stable-fixes). - ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove (git-fixes). - ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div() (stable-fixes). - ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate() (stable-fixes). - ASoC: tas2781: Add new driver version for tas2563 & tas2781 qfn chip (stable-fixes). - ASoC: tas2781: Use of_property_read_reg() (stable-fixes). - Bluetooth: Call iso_exit() on module unload (git-fixes). - Bluetooth: ISO: Fix multiple init when debugfs is disabled (git-fixes). - Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync (git-fixes). - Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change (git-fixes). - Bluetooth: Remove debugfs directory on module init failure (git-fixes). - Bluetooth: bnep: fix wild-memory-access in proto_unregister (git-fixes). - Bluetooth: btintel: Direct exception event to bluetooth stack (git-fixes). - Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test (bsc#1230557) - Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0489:0xe122 (stable-fixes). - Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 (git-fixes). - Bluetooth: fix use-after-free in device_for_each_child() (git-fixes). - Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs (git-fixes). - Bluetooth: hci_core: Fix calling mgmt_device_connected (git-fixes). - Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (git-fixes). - HID: Ignore battery for all ELAN I2C-HID devices (stable-fixes). - HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() (git-fixes). - HID: core: zero-initialize the report buffer (git-fixes). - HID: i2c-hid: Remove I2C_HID_QUIRK_SET_PWR_WAKEUP_DEV quirk (stable-fixes). - HID: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard (stable-fixes). - HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad (stable-fixes). - HID: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad (stable-fixes). - HID: multitouch: Add support for B2402FVA track point (stable-fixes). - HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio (stable-fixes). - HID: multitouch: Add support for lenovo Y9000P Touchpad (stable-fixes). - HID: plantronics: Workaround for an unexcepted opposite volume key (stable-fixes). - HID: wacom: Interpret tilt data from Intuos Pro BT as signed values (git-fixes). - HID: wacom: fix when get product name maybe null pointer (git-fixes). - Input: adp5589-keys - fix NULL pointer dereference (git-fixes). - Input: adp5589-keys - fix adp5589_gpio_get_value() (git-fixes). - Input: edt-ft5x06 - fix regmap leak when probe fails (git-fixes). - Input: hideep - add missing dependency on REGMAP_I2C (git-fixes). - Input: hycon-hy46xx - add missing dependency on REGMAP_I2C (git-fixes). - Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table (stable-fixes). - Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table (stable-fixes). - Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line (stable-fixes). - Input: xpad - add GameSir T4 Kaleid Controller support (git-fixes). - Input: xpad - add GameSir VID for Xbox One controllers (git-fixes). - Input: xpad - add support for 8BitDo Ultimate 2C Wireless Controller (git-fixes). - Input: xpad - add support for MSI Claw A1M (git-fixes). - Input: xpad - add support for Machenike G5 Pro Controller (git-fixes). - Input: xpad - fix support for some third-party controllers (git-fixes). - Input: xpad - sort xpad_device by vendor and product ID (git-fixes). - Input: xpad - spelling fixes for 'Xbox' (git-fixes). - KVM: Fix coalesced_mmio_has_room() to avoid premature userspace exit (git-fixes). - KVM: PPC: Book3S HV: Avoid returning to nested hypervisor on pending doorbells (bsc#1215199). - KVM: PPC: Book3S HV: Stop using vc->dpdes for nested KVM guests (bsc#1215199). - KVM: PPC: Book3S HV: remove unused varible (bsc#1194869). - KVM: SEV-ES: Fix svm_get_msr()/svm_set_msr() for KVM_SEV_ES_INIT guests (bsc#1232207). - KVM: SEV-ES: Prevent MSR access post VMSA encryption (bsc#1232207). - KVM: SVM: Disallow guest from changing userspace's MSR_AMD64_DE_CFG value (git-fixes). - KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock (git-fixes). - KVM: VMX: Also clear SGX EDECCSSA in KVM CPU caps when SGX is disabled (git-fixes). - KVM: VMX: Set PFERR_GUEST_{FINAL,PAGE}_MASK if and only if the GVA is valid (git-fixes). - KVM: Write the per-page 'segment' when clearing (part of) a guest page (git-fixes). - KVM: s390: Change virtual to physical address access in diag 0x258 handler (git-fixes bsc#1232626). - KVM: s390: Fix SORTL and DFLTCC instruction format error in __insn32_query (git-fixes bsc#1231276). - KVM: s390: gaccess: Check if guest address is in memslot (git-fixes bsc#1232623). - KVM: x86/mmu: Skip emulation on page fault iff 1+ SPs were unprotected (git-fixes). - KVM: x86/mmu: Trigger unprotect logic only on write-protection page faults (git-fixes). - KVM: x86: Dedup fastpath MSR post-handling logic (git-fixes). - KVM: x86: Enforce x2APIC's must-be-zero reserved ICR bits (git-fixes). - KVM: x86: Exit to userspace if fastpath triggers one on instruction skip (git-fixes). - KVM: x86: Move x2APIC ICR helper above kvm_apic_write_nodecode() (git-fixes). - KVM: x86: Re-enter guest if WRMSR(X2APIC_ICR) fastpath is successful (git-fixes). - KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) (git-fixes). - NFS: Avoid unnecessary rescanning of the per-server delegation list (git-fixes). - NFS: remove revoked delegation from server's delegation list (git-fixes). - NFSD: Fix NFSv4's PUTPUBFH operation (git-fixes). - NFSD: Mark filecache 'down' if init fails (git-fixes). - NFSv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016). - NFSv4: Fix clearing of layout segments in layoutreturn (git-fixes). - PCI: Add ACS quirk for Qualcomm SA8775P (stable-fixes). - PCI: Add T_PVPERL macro (git-fixes). - PCI: Add function 0 DMA alias quirk for Glenfly Arise chip (stable-fixes). - PCI: Fix pci_enable_acs() support for the ACS quirks (bsc#1229019). - PCI: Fix reset_method_store() memory leak (git-fixes). - PCI: Mark Creative Labs EMU20k2 INTx masking as broken (stable-fixes). - PCI: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf() (git-fixes). - PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds (git-fixes). - PCI: keystone: Add link up check to ks_pcie_other_map_bus() (git-fixes). - PCI: keystone: Set mode as Root Complex for 'ti,keystone-pcie' compatible (git-fixes). - PCI: rockchip-ep: Fix address translation unit programming (git-fixes). - RAS/AMD/ATL: Add amd_atl pr_fmt() prefix (jsc#PED-10559). - RAS/AMD/ATL: Expand helpers for adding and removing base and hole (jsc#PED-10559). - RAS/AMD/ATL: Implement DF 4.5 NP2 denormalization (jsc#PED-10559). - RAS/AMD/ATL: Read DRAM hole base early (jsc#PED-10559). - RAS/AMD/ATL: Validate address map when information is gathered (jsc#PED-10559). - RDMA/bnxt_re: Add a check for memory allocation (git-fixes) - RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop (git-fixes) - RDMA/bnxt_re: Change the sequence of updating the CQ toggle value (git-fixes) - RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (git-fixes) - RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (git-fixes) - RDMA/bnxt_re: Fix a possible memory leak (git-fixes) - RDMA/bnxt_re: Fix incorrect AVID type in WQE structure (git-fixes) - RDMA/bnxt_re: Fix incorrect dereference of srq in async event (git-fixes) - RDMA/bnxt_re: Fix out of bound check (git-fixes) - RDMA/bnxt_re: Fix the GID table length (git-fixes) - RDMA/bnxt_re: Fix the max CQ WQEs for older adapters (git-fixes) - RDMA/bnxt_re: Fix the usage of control path spin locks (git-fixes) - RDMA/bnxt_re: Return more meaningful error (git-fixes) - RDMA/bnxt_re: synchronize the qp-handle table array (git-fixes) - RDMA/core: Fix ENODEV error for iWARP test over vlan (git-fixes) - RDMA/cxgb4: Dump vendor specific QP details (git-fixes) - RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (git-fixes) - RDMA/hns: Add mutex_destroy() (git-fixes) - RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset (git-fixes) - RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (git-fixes) - RDMA/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci (git-fixes) - RDMA/hns: Fix cpu stuck caused by printings during reset (git-fixes) - RDMA/hns: Fix different dgids mapping to the same dip_idx (git-fixes) - RDMA/hns: Fix flush cqe error when racing with destroy qp (git-fixes) - RDMA/hns: Fix out-of-order issue of requester when setting FENCE (git-fixes) - RDMA/hns: Use dev_* printings in hem code instead of ibdev_* (git-fixes) - RDMA/hns: Use macro instead of magic number (git-fixes) - RDMA/irdma: Fix misspelling of 'accept*' (git-fixes) - RDMA/mad: Improve handling of timed out WRs of mad agent (git-fixes) - RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page (git-fixes). - RDMA/mana_ib: use the correct page table index based on hardware page size (git-fixes). - RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults (git-fixes) - RDMA/mlx5: Move events notifier registration to be after device registration (git-fixes) - RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down (git-fixes) - RDMA/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled (git-fixes). - RDMA/rtrs-srv: Avoid null pointer deref during path establishment (git-fixes) - RDMA/rxe: Fix the qp flush warnings in req (git-fixes) - RDMA/rxe: Set queue pair cur_qp_state when being queried (git-fixes) - RDMA/siw: Add sendpage_ok() check to disable MSG_SPLICE_PAGES (git-fixes) - RDMA/srpt: Make slab cache names unique (git-fixes) - Revert 'ALSA: hda/conexant: Mute speakers at suspend / shutdown' (bsc#1228269). - Revert 'ALSA: hda: Conditionally use snooping for AMD HDMI' (stable-fixes). - Revert 'KEYS: encrypted: Add check for strsep' (git-fixes). - Revert 'KVM: PPC: Book3S HV Nested: Stop forwarding all HFUs to L1' (bsc#1215199). - Revert 'RDMA/core: Fix ENODEV error for iWARP test over vlan' (git-fixes) - Revert 'cgroup: Fix memory leak caused by missing cgroup_bpf_offline' (bsc#1234108). - Revert 'cpufreq: brcmstb-avs-cpufreq: Fix initial command check' (stable-fixes). - Revert 'driver core: Fix uevent_show() vs driver detach race' (git-fixes). - Revert 'ixgbe: Manual AN-37 for troublesome link partners for X550 SFI' (git-fixes). - Revert 'mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K' (git-fixes). - Revert 'ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path' (git-fixes). - Revert 'usb: gadget: composite: fix OS descriptors w_value logic' (git-fixes). - Revert 'wifi: iwlwifi: remove retry loops in start' (git-fixes). - SUNRPC: Fix integer overflow in decode_rc_list() (git-fixes). - SUNRPC: Fixup gss_status tracepoint error output (git-fixes). - SUNRPC: Remove BUG_ON call sites (git-fixes). - SUNRPC: clnt.c: Remove misleading comment (git-fixes). - USB: appledisplay: close race between probe and completion handler (git-fixes). - USB: chaoskey: Fix possible deadlock chaoskey_list_lock (git-fixes). - USB: chaoskey: fail open after removal (git-fixes). - USB: gadget: dummy-hcd: Fix 'task hung' problem (git-fixes). - USB: misc: cypress_cy7c63: check for short transfer (git-fixes). - USB: misc: yurex: fix race between read and write (git-fixes). - USB: serial: ftdi_sio: Fix atomicity violation in get_serial_info() (git-fixes). - USB: serial: io_edgeport: fix use after free in debug printk (git-fixes). - USB: serial: option: add Fibocom FG132 0x0112 composition (stable-fixes). - USB: serial: option: add Quectel RG650V (stable-fixes). - USB: serial: option: add Telit FN920C04 MBIM compositions (stable-fixes). - USB: serial: option: add support for Quectel EG916Q-GL (stable-fixes). - USB: serial: qcserial: add support for Sierra Wireless EM86xx (stable-fixes). - accel/qaic: Fix the for loop used to walk SG table (git-fixes). - accel: Use XArray instead of IDR for minors (jsc#PED-11580). - acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() (git-fixes). - ad7780: fix division by zero in ad7780_write_raw() (git-fixes). - aes-gcm-p10: Use the correct bit to test for P10 (bsc#1232704). - amd-pstate: Set min_perf to nominal_perf for active mode performance gov (git-fixes). - apparmor: fix 'Do simple duplicate message elimination' (git-fixes). - apparmor: test: Fix memory leak for aa_unpack_strdup() (git-fixes). - apparmor: use kvfree_sensitive to free data->data (git-fixes). - arm64: Subscribe Microsoft Azure Cobalt 100 to erratum 3194386 (git-fixes) - arm64: cputype: Add Neoverse-N3 definitions (git-fixes) - arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer (git-fixes) - arm64: dts: freescale: imx8mm-verdin: Fix SD regulator startup delay (git-fixes) - arm64: dts: freescale: imx8mp-verdin: Fix SD regulator startup delay (git-fixes) - arm64: dts: imx8-ss-vpu: Fix imx8qm VPU IRQs (git-fixes) - arm64: dts: imx8qxp: Add VPU subsystem file (git-fixes) - arm64: dts: imx93: add nvmem property for eqos (git-fixes) - arm64: dts: imx93: add nvmem property for fec1 (git-fixes) - arm64: dts: imx93: add ocotp node (git-fixes) - arm64: dts: rockchip: Add DTS for FriendlyARM NanoPi R2S Plus (git-fixes) - arm64: dts: rockchip: Correct GPIO polarity on brcm BT nodes (git-fixes) - arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc (git-fixes) - arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards (git-fixes) - arm64: dts: rockchip: Fix bluetooth properties on rk3566 box demo (git-fixes) - arm64: dts: rockchip: Fix reset-gpios property on brcm BT nodes (git-fixes) - arm64: dts: rockchip: Fix rt5651 compatible value on (git-fixes) - arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-eaidk-610 (git-fixes) - arm64: dts: rockchip: Fix wakeup prop names on PineNote BT node (git-fixes) - arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma (git-fixes) - arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 (git-fixes) - arm64: dts: rockchip: Remove undocumented supports-emmc property (git-fixes) - arm64: dts: rockchip: fix i2c2 pinctrl-names property on (git-fixes) - arm64: dts: rockchip: remove num-slots property from (git-fixes) - arm64: dts: rockchip: remove orphaned pinctrl-names from pinephone (git-fixes) - arm64: errata: Enable the AC03_CPU_38 workaround for ampere1a (git-fixes). - arm64: errata: Expand speculative SSBS workaround once more (git-fixes) - arm64: esr: Define ESR_ELx_EC_* constants as UL (git-fixes) - arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG (git-fixes) - arm64: fix selection of HAVE_DYNAMIC_FTRACE_WITH_ARGS (git-fixes). - arm64: probes: Fix simulate_ldr*_literal() (git-fixes) - arm64: probes: Fix uprobes for big-endian kernels (git-fixes) - arm64: probes: Remove broken LDR (literal) uprobe support (git-fixes) - arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint (git-fixes) - arm64: smccc: replace custom COUNT_ARGS() & CONCATENATE() (git-fixes) - arm64: tegra: Move AGX Orin nodes to correct location (git-fixes) - arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled (git-fixes) - ata: libata: Set DID_TIME_OUT for commands that actually timed out (git-fixes). - ata: libata: avoid superfluous disk spin down + spin up during hibernation (git-fixes). - audit: do not WARN_ON_ONCE(!current->mm) in audit_exe_compare() (git-fixes). - audit: do not take task_lock() in audit_exe_compare() code path (git-fixes). - block: print symbolic error name instead of error code (bsc#1231872). - block: sed-opal: add ioctl IOC_OPAL_SET_SID_PW (bsc#1229677). - bnxt_en: Cap the size of HWRM_PORT_PHY_QCFG forwarded response (git-fixes). - bnxt_en: Fix error recovery for 5760X (P7) chips (git-fixes). - bnxt_en: Fix the PCI-AER routines (git-fixes). - bnxt_en: Restore PTP tx_avail count in case of skb_pad() error (git-fixes). - bnxt_en: refactor reset close code (git-fixes). - bpf, arm64: Fix address emission with tag-based KASAN enabled (git-fixes) - bpf, arm64: Remove garbage frame for struct_ops trampoline (git-fixes) - bpf, lsm: Add disabled BPF LSM hook list (git-fixes). - bpf, net: Fix a potential race in do_sock_getsockopt() (git-fixes). - bpf, sockmap: SK_DROP on attempted redirects of unsupported af_vsock (git-fixes). - bpf, verifier: Correct tail_call_reachable for bpf prog (git-fixes). - bpf, vsock: Drop static vsock_bpf_prot initialization (git-fixes). - bpf, x64: Remove tail call detection (git-fixes). - bpf,perf: Fix perf_event_detach_bpf_prog error handling (git-fixes). - bpf: Fail verification for sign-extension of packet data/data_end/data_meta (git-fixes). - bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit (git-fixes). - bpf: Fix error message on kfunc arg type mismatch (git-fixes). - bpf: Fix helper writes to read-only maps (git-fixes). - bpf: Fix tailcall cases in test_bpf (git-fixes). - bpf: Fix truncation bug in coerce_reg_to_size_sx() (git-fixes). - bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types (git-fixes). - bpf: Remove truncation test in bpf_strtol and bpf_strtoul helpers (git-fixes). - bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error (git-fixes). - bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos (git-fixes). - btf, scripts: rust: drop is_rust_module.sh (bsc#1230414 bsc#1229450). - btrfs: merge btrfs_orig_bbio_end_io() into btrfs_bio_end_io() (bsc#1233193) - btrfs: send: fix invalid clone operation for file that got its size decreased (git-fixes). - can: c_can: c_can_handle_bus_err(): update statistics if skb allocation fails (git-fixes). - can: c_can: fix {rx,tx}_errors statistics (git-fixes). - can: dev: can_set_termination(): allow sleeping GPIOs (git-fixes). - can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics (git-fixes). - can: hi311x: hi3110_can_ist(): fix potential use-after-free (git-fixes). - can: hi311x: hi3110_can_ist(): fix {rx,tx}_errors statistics (git-fixes). - can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes). - can: j1939: j1939_session_new(): fix skb reference counting (git-fixes). - can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes). - can: mcp251xfd: mcp251xfd_get_tef_len(): fix length calculation (git-fixes). - can: mcp251xfd: mcp251xfd_get_tef_len(): work around erratum DS80000789E 6 (git-fixes). - can: mcp251xfd: mcp251xfd_ring_alloc(): fix coalescing configuration when switching CAN modes (git-fixes). - can: netlink: avoid call to do_set_data_bittiming callback with stale can_priv::ctrlmode (stable-fixes). - can: sja1000: sja1000_err(): fix {rx,tx}_errors statistics (git-fixes). - can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL (git-fixes). - can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics (git-fixes). - ceph: fix cap ref leak via netfs init_request (bsc#1231384). - cgroup/bpf: only cgroup v2 can be attached by bpf programs (bsc#1234108). - clk: bcm: bcm53573: fix OF node leak in init (stable-fixes). - clk: clk-apple-nco: Add NULL check in applnco_probe (git-fixes). - clk: clk-axi-clkgen: make sure to enable the AXI bus clock (git-fixes). - clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D (stable-fixes). - clk: imx: clk-scu: fix clk enable state save and restore (git-fixes). - clk: imx: fracn-gppll: correct PLL initialization flow (git-fixes). - clk: imx: fracn-gppll: fix pll power up (git-fixes). - clk: imx: lpcg-scu: SW workaround for errata (e10858) (git-fixes). - clk: qcom: clk-alpha-pll: drop lucid-evo pll enabled warning (git-fixes). - clk: qcom: clk-alpha-pll: fix lucid 5lpe pll enabled check (git-fixes). - clk: qcom: gcc-qcs404: fix initial rate of GPLL3 (git-fixes). - clk: renesas: rzg2l: Fix FOUTPOSTDIV clk (git-fixes). - clk: sunxi-ng: d1: Fix PLL_AUDIO0 preset (git-fixes). - comedi: Flush partial mappings in error case (git-fixes). - comedi: ni_routing: tools: Check when the file could not be opened (stable-fixes). - config: Disable LAM on x86 (bsc#1217845). - cpufreq/amd-pstate: Fix amd_pstate mode switch on shared memory systems (git-fixes). - cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() (git-fixes). - cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() (git-fixes). - cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_cost() (git-fixes). - cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_power() (git-fixes). - cpufreq: loongson2: Unregister platform_driver on failure (git-fixes). - cpufreq: mediatek-hw: Fix wrong return value in mtk_cpufreq_get_cpu_power() (git-fixes). - crypto: aes-gcm-p10 - Use the correct bit to test for P10 (bsc#1232704). - crypto: api - Fix liveliness check in crypto_alg_tested (stable-fixes). - crypto: bcm - add error check in the ahash_hmac_init function (git-fixes). - crypto: caam - Fix the pointer passed to caam_qi_shutdown() (git-fixes). - crypto: caam - add error check to caam_rsa_set_priv_key_form (git-fixes). - crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() (git-fixes). - crypto: cavium - Fix the if condition to exit loop after timeout (git-fixes). - crypto: hisilicon/qm - flush all work before driver removed (bsc#1232075) - crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() (git-fixes). - crypto: octeontx - Fix authenc setkey (stable-fixes). - crypto: octeontx* - Select CRYPTO_AUTHENC (git-fixes). - crypto: octeontx2 - Fix authenc setkey (stable-fixes). - crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (git-fixes). - crypto: powerpc/p10-aes-gcm - Add dependency on CRYPTO_SIMD and re-enable CRYPTO_AES_GCM_P10 (bsc#1230501 ltc#208632). - crypto: powerpc/p10-aes-gcm - Disable CRYPTO_AES_GCM_P10 (bsc#1230501 ltc#208632). - crypto: powerpc/p10-aes-gcm - Re-write AES/GCM stitched implementation (bsc#1230501 ltc#208632). - crypto: powerpc/p10-aes-gcm - Register modules as SIMD (bsc#1230501 ltc#208632). - crypto: qat - remove check after debugfs_create_dir() (git-fixes). - crypto: qat - remove faulty arbiter config reset (git-fixes). - crypto: qat/qat_4xxx - fix off by one in uof_get_name() (git-fixes). - crypto: x86/aegis128 - access 32-bit arguments as 32-bit (git-fixes). - cxgb4: Properly lock TX queue for the selftest (git-fixes). - cxgb4: add forgotten u64 ivlan cast before shift (git-fixes). - cxgb4: unnecessary check for 0 in the free_sge_txq_uld() function (git-fixes). - cxl: downgrade a warning message to debug level in cxl_probe_component_regs() (bsc#1229165). - dcache: keep dentry_hashtable or d_hash_shift even when not used (git-fixes). - debugfs: fix automount d_fsdata usage (git-fixes). - devlink: Fix command annotation documentation (git-fixes). - dma-fence: Fix reference leak on fence merge failure path (git-fixes). - dma-fence: Use kernel's sort for merging fences (git-fixes). - dmaengine: sh: rz-dmac: handle configs where one address is zero (git-fixes). - dmaengine: ti: k3-udma: Set EOP for all TRs in cyclic BCDMA transfer (git-fixes). - doc: rcu: update printed dynticks counter bits (git-fixes). - driver core: bus: Fix double free in driver API bus_register() (stable-fixes). - driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute (stable-fixes). - drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() (git-fixes). - drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring (git-fixes). - drm/amd/display: Add HDMI DSC native YCbCr422 support (stable-fixes). - drm/amd/display: Add disable timeout option (bsc#1231435) - drm/amd/display: Adjust VSDB parser for replay feature (stable-fixes). - drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944) - drm/amd/display: Check null pointer before dereferencing se (stable-fixes). - drm/amd/display: Clean up dsc blocks in accelerated mode (stable-fixes). - drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too (stable-fixes). - drm/amd/display: Fix brightness level not retained over reboot (git-fixes). - drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe (git-fixes). - drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp (git-fixes). - drm/amd/display: Remove a redundant check in authenticated_dp (stable-fixes). - drm/amd/display: Revert 'Check HDCP returned status' (stable-fixes). - drm/amd/display: Round calculated vtotal (stable-fixes). - drm/amd/display: Skip to enable dsc if it has been off (stable-fixes). - drm/amd/display: Validate backlight caps are sane (stable-fixes). - drm/amd/pm: Vangogh: Fix kernel memory out of bounds write (git-fixes). - drm/amd: Add some missing straps from NBIO 7.11.0 (git-fixes). - drm/amd: Fix initialization mistake for NBIO 7.7.0 (stable-fixes). - drm/amd: Guard against bad data for ATIF ACPI method (git-fixes). - drm/amdgpu/swsmu: Only force workload setup on init (git-fixes). - drm/amdgpu/vcn: enable AV1 on both instances (stable-fixes). - drm/amdgpu: Adjust debugfs eviction and IB access permissions (stable-fixes). - drm/amdgpu: Adjust debugfs register access permissions (stable-fixes). - drm/amdgpu: Fix DPX valid mode check on GC 9.4.3 (git-fixes). - drm/amdgpu: Fix JPEG v4.0.3 register write (git-fixes). - drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() (stable-fixes). - drm/amdgpu: fix check in gmc_v9_0_get_vm_pte() (git-fixes). - drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported (git-fixes). - drm/amdkfd: Accounting pdd vram_usage for svm (stable-fixes). - drm/amdkfd: Fix wrong usage of INIT_WORK() (git-fixes). - drm/bridge: anx7625: Drop EDID cache on bridge power off (git-fixes). - drm/bridge: it6505: Drop EDID cache on bridge power off (git-fixes). - drm/bridge: tc358767: Fix link properties discovery (git-fixes). - drm/bridge: tc358768: Fix DSI command tx (git-fixes). - drm/etnaviv: Request pages from DMA32 zone on addressing_limited (git-fixes). - drm/etnaviv: hold GPU lock across perfmon sampling (git-fixes). - drm/i915/gem: fix bitwise and logical AND mixup (git-fixes). - drm/i915/hdcp: fix connector refcounting (git-fixes). - drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - drm/mediatek: Fix child node refcount handling in early exit (git-fixes). - drm/mediatek: Fix get efuse issue for MT8188 DPTX (git-fixes). - drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused (git-fixes). - drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() (git-fixes). - drm/msm/dpu: check for overflow in _dpu_crtc_setup_lm_bounds() (git-fixes). - drm/msm/dpu: do not always program merge_3d block (git-fixes). - drm/msm/dpu: drop LM_3 / LM_4 on MSM8998 (git-fixes). - drm/msm/dpu: drop LM_3 / LM_4 on SDM845 (git-fixes). - drm/msm/dpu: make sure phys resources are properly initialized (git-fixes). - drm/msm/dpu: move CRTC resource assignment to dpu_encoder_virt_atomic_check (git-fixes). - drm/msm/dpu: on SDM845 move DSPP_3 to LM_5 block (git-fixes). - drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation (git-fixes). - drm/msm/dsi: improve/fix dsc pclk calculation (git-fixes). - drm/msm/gpu: Check the status of registration to PM QoS (git-fixes). - drm/msm: Allocate memory for disp snapshot with kvzalloc() (git-fixes). - drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() (git-fixes). - drm/msm: Fix some typos in comment (git-fixes). - drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new() (git-fixes). - drm/omap: Fix locking in omap_gem_new_dmabuf() (git-fixes). - drm/omap: Fix possible NULL dereference (git-fixes). - drm/panfrost: Add missing OPP table refcnt decremental (git-fixes). - drm/panfrost: Remove unused id_mask from struct panfrost_model (git-fixes). - drm/radeon: Fix encoder->possible_clones (git-fixes). - drm/rockchip: vop: Fix a dereferenced before check warning (git-fixes). - drm/sched: Add locking to drm_sched_entity_modify_sched (git-fixes). - drm/sched: Always wake up correct scheduler in drm_sched_entity_push_job (git-fixes). - drm/sti: Add __iomem for mixer_dbg_mxn's parameter (git-fixes). - drm/sti: avoid potential dereference of error pointers (git-fixes). - drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check (git-fixes). - drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check (git-fixes). - drm/v3d: Address race-condition in MMU flush (git-fixes). - drm/v3d: Enable Performance Counters before clearing them (git-fixes). - drm/v3d: Stop the active perfmon before being destroyed (git-fixes). - drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (stable-fixes). - drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_atomic_flush (git-fixes). - drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_lut_load (git-fixes). - drm/vc4: Stop the active perfmon before being destroyed (git-fixes). - drm/vc4: hdmi: Avoid hang with debug registers when suspended (git-fixes). - drm/vc4: hvs: Correct logic on stopping an HVS channel (git-fixes). - drm/vc4: hvs: Do not write gamma luts on 2711 (git-fixes). - drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer (git-fixes). - drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function (git-fixes). - drm/vkms: Drop unnecessary call to drm_crtc_cleanup() (git-fixes). - drm/vmwgfx: Handle surface check failure correctly (git-fixes). - drm/vmwgfx: Limit display layout ioctl array size to VMWGFX_NUM_DISPLAY_UNITS (stable-fixes). - drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS (git-fixes). - drm: Expand max DRM device number to full MINORBITS (jsc#PED-11580). - drm: Use XArray instead of IDR for minors (jsc#PED-11580). - drm: use ATOMIC64_INIT() for atomic64_t (git-fixes). - drm: xlnx: zynqmp_dpsub: fix hotplug detection (git-fixes). - drm: zynqmp_kms: Unplug DRM device before removal (git-fixes). - e1000e: Fix S0ix residency on corporate systems (git-fixes). - e1000e: Remove Meteor Lake SMBUS workarounds (git-fixes). - e1000e: change I219 (19) devices to ADP (git-fixes). - e1000e: fix force smbus during suspend flow (git-fixes). - e1000e: move force SMBUS near the end of enable_ulp function (git-fixes). - efi/libstub: Free correct pointer on failure (git-fixes). - efi/libstub: fix efi_parse_options() ignoring the default command line (git-fixes). - efi/libstub: zboot.lds: Discard .discard sections (stable-fixes). - efi/memattr: Ignore table if the size is clearly bogus (bsc#1231465). - efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (stable-fixes). - eth: bnxt: fix counting packets discarded due to OOM and netpoll (git-fixes). - ext4: do not track ranges in fast_commit if inode has inlined data (bsc#1231635). - ext4: fix fast commit inode enqueueing during a full journal commit (bsc#1231636). - ext4: fix incorrect tid assumption in ext4_fc_mark_ineligible() (bsc#1231637). - ext4: fix possible tid_t sequence overflows (bsc#1231634). - ext4: fix slab-use-after-free in ext4_split_extent_at() (bsc#1232201) - ext4: fix unttached inode after power cut with orphan file feature enabled (bsc#1234009). - ext4: mark fc as ineligible using an handle in ext4_xattr_set() (bsc#1231640). - ext4: use handle to mark fc as ineligible in __track_dentry_update() (bsc#1231639). - f2fs: get out of a repeat loop when getting a locked data page (bsc#1234011). - fat: fix uninitialized variable (git-fixes). - fbcon: Fix a NULL pointer dereference issue in fbcon_putcs (stable-fixes). - fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() (git-fixes). - fbdev: sisfb: Fix strbuf array overflow (stable-fixes). - fgraph: Change the name of cpuhp state to 'fgraph:online' (git-fixes). - fgraph: Fix missing unlock in register_ftrace_graph() (git-fixes). - fgraph: Use CPU hotplug mechanism to initialize idle shadow stacks (git-fixes). - filemap: remove use of wait bookmarks (bsc#1224088). - firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() (git-fixes). - firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup() (git-fixes). - firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (git-fixes). - firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() (git-fixes). - firmware: google: Unregister driver_info on failure (git-fixes). - firmware_loader: Fix possible resource leak in fw_log_firmware_info() (git-fixes). - fs/9p: drop inodes immediately on non-.L too (git-fixes). - fs/9p: fix the cache always being enabled on files with qid flags (git-fixes). - fs/ntfs3: Add more attributes checks in mi_enum_attr() (bsc#1233207) - fs/ntfs3: Fixed overflow check in mi_enum_attr() (bsc#1233207) - fs/ntfs3: Sequential field availability check in mi_enum_attr() (bsc#1233207) - fs: Fix uninitialized value issue in from_kuid and from_kgid (git-fixes). - genirq/msi: Fix off-by-one error in msi_domain_alloc() (git-fixes). - goldfish: Fix unused const variable 'goldfish_pipe_acpi_match' (git-fixes). - gpio: aspeed: Add the flush write to ensure the write complete (git-fixes). - gpio: aspeed: Use devm_clk api to manage clock source (git-fixes). - gpio: davinci: fix lazy disable (git-fixes). - gpio: exar: set value when external pull-up or pull-down is present (git-fixes). - gpio: zevio: Add missed label initialisation (git-fixes). - gve: Fix XDP TX completion handling when counters overflow (git-fixes). - gve: Fix an edge case for TSO skb validity check (git-fixes). - gve: ignore nonrelevant GSO type bits when processing TSO headers (git-fixes). - hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma (git-fixes). - hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (git-fixes). - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (git-fixes). - hwmon: (adm9240) Add missing dependency on REGMAP_I2C (git-fixes). - hwmon: (adt7470) Add missing dependency on REGMAP_I2C (git-fixes). - hwmon: (max16065) Fix alarm attributes (git-fixes). - hwmon: (max16065) Remove use of i2c_match_id() (stable-fixes). - hwmon: (mc34vr500) Add missing dependency on REGMAP_I2C (git-fixes). - hwmon: (nct6775) add G15CF to ASUS WMI monitoring list (stable-fixes). - hwmon: (nct6775-core) Fix overflows seen when writing limit attributes (git-fixes). - hwmon: (tmp513) Add missing dependency on REGMAP_I2C (git-fixes). - hwmon: (tps23861) Fix reporting of negative temperatures (git-fixes). - hwmon: intel-m10-bmc-hwmon: relabel Columbiaville to CVL Die Temperature (git-fixes). - i2c: core: Setup i2c_adapter runtime-pm before calling device_add() (git-fixes). - i2c: core: fix lockdep warning for sparsely nested adapter chain (git-fixes). - i2c: cpm: Remove linux,i2c-index conversion from be32 (git-fixes). - i2c: designware: do not hold SCL low when I2C_DYNAMIC_TAR_UPDATE is not set (git-fixes). - i2c: exynos5: Calculate t_scl_l, t_scl_h according to i2c spec (git-fixes). - i2c: i801: Add lis3lv02d for Dell Precision 3540 (git-fixes). - i2c: i801: Add lis3lv02d for Dell XPS 15 7590 (git-fixes). - i2c: i801: Use a different adapter-name for IDF adapters (stable-fixes). - i2c: i801: add helper i801_restore_regs (git-fixes). - i2c: ismt: kill transaction in hardware on timeout (git-fixes). - i2c: ocores: Move system PM hooks to the NOIRQ phase (git-fixes). - i2c: ocores: Remove #ifdef guards for PM related functions (git-fixes). - i2c: omap: switch to NOIRQ_SYSTEM_SLEEP_PM_OPS() and RUNTIME_PM_OPS() (git-fixes). - i2c: omap: wakeup the controller during suspend() callback (git-fixes). - i2c: rcar: properly format a debug output (git-fixes). - i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume (git-fixes). - i2c: stm32f7: perform most of irq job in threaded handler (git-fixes). - i2c: synquacer: Deal with optional PCLK correctly (git-fixes). - i2c: synquacer: Remove a clk reference from struct synquacer_i2c (stable-fixes). - i2c: xiic: Try re-initialization on bus busy timeout (git-fixes). - i2c: xiic: improve error message when transfer fails to start (stable-fixes). - i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() (git-fixes). - i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition (stable-fixes). - i3c: master: svc: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes). - i40e: Fix XDP program unloading while removing the driver (git-fixes). - i40e: Report MFS in decimal base instead of hex (git-fixes). - i40e: fix race condition by adding filter's intermediate sync state (git-fixes). - iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call (git-fixes). - iavf: Fix TC config comparison with existing adapter TC config (git-fixes). - ice: Fix VSI list rule with ICE_SW_LKUP_LAST type (git-fixes). - ice: Fix checking for unsupported keys on non-tunnel device (git-fixes). - ice: Fix lldp packets dropping after changing the number of channels (git-fixes). - ice: Fix netif_is_ice() in Safe Mode (git-fixes). - ice: Fix package download algorithm (git-fixes). - ice: Fix recipe read procedure (git-fixes). - ice: Fix reset handler (git-fixes). - ice: Flush FDB entries before reset (git-fixes). - ice: Interpret .set_channels() input differently (git-fixes). - ice: Rebuild TC queues on VSI queue reconfiguration (git-fixes). - ice: Reject pin requests with unsupported flags (git-fixes). - ice: add flag to distinguish reset from .ndo_bpf in XDP rings config (git-fixes). - ice: add missing WRITE_ONCE when clearing ice_rx_ring::xdp_prog (git-fixes). - ice: avoid IRQ collision to fix init failure on ACPI S3 resume (git-fixes). - ice: clear port vlan config during reset (git-fixes). - ice: disallow DPLL_PIN_STATE_SELECTABLE for dpll output pins (git-fixes). - ice: do not bring the VSI up, if it was down before the XDP setup (git-fixes). - ice: do not busy wait for Rx queue disable in ice_qp_dis() (git-fixes). - ice: fix 200G PHY types to link speed mapping (git-fixes). - ice: fix 200G link speed message log (git-fixes). - ice: fix ICE_LAST_OFFSET formula (git-fixes). - ice: fix VLAN replay after reset (git-fixes). - ice: fix VSI lists confusion when adding VLANs (git-fixes). - ice: fix accounting for filters shared by multiple VSIs (git-fixes). - ice: fix accounting if a VLAN already exists (git-fixes). - ice: fix iteration of TLVs in Preserved Fields Area (git-fixes). - ice: fix page reuse when PAGE_SIZE is over 8k (git-fixes). - ice: fix reads from NVM Shadow RAM on E830 and E825-C devices (git-fixes). - ice: fix truesize operations for PAGE_SIZE >= 8192 (git-fixes). - ice: implement AQ download pkg retry (git-fixes). - ice: map XDP queues to vectors in ice_vsi_map_rings_to_vectors() (git-fixes). - ice: remove af_xdp_zc_qps bitmap (git-fixes). - ice: replace synchronize_rcu with synchronize_net (git-fixes). - ice: respect netif readiness in AF_XDP ZC related ndo's (git-fixes). - ice: set correct dst VSI in only LAN filters (git-fixes). - ice: tc: allow zero flags in parsing tc flower (git-fixes). - ice: tc: check src_vsi in case of traffic from VF (git-fixes). - ice: use proper macro for testing bit (git-fixes). - idpf: Interpret .set_channels() input differently (git-fixes). - idpf: avoid bloating &idpf_q_vector with big %NR_CPUS (git-fixes). - idpf: do not enable NAPI and interrupts prior to allocating Rx buffers (git-fixes). - idpf: do not skip over ethtool tcp-data-split setting (git-fixes). - idpf: fix UAFs when destroying the queues (git-fixes). - idpf: fix memleak in vport interrupt configuration (git-fixes). - idpf: fix memory leaks and crashes while performing a soft reset (git-fixes). - ieee802154: Fix build error (git-fixes). - igb: Always call igb_xdp_ring_update_tail() under Tx lock (git-fixes). - igb: Disable threaded IRQ for igb_msix_other (git-fixes). - igb: Fix not clearing TimeSync interrupts for 82580 (git-fixes). - igc: Fix double reset adapter triggered from a single taprio cmd (git-fixes). - igc: Fix packet still tx after gate close by reducing i226 MAC retry buffer (git-fixes). - igc: Fix qbv tx latency by setting gtxoffset (git-fixes). - igc: Fix qbv_config_change_errors logics (git-fixes). - igc: Fix reset adapter logics when tx mode change (git-fixes). - igc: Unlock on error in igc_io_resume() (git-fixes). - iio: Fix fwnode_handle in __fwnode_iio_channel_get_by_name() (git-fixes). - iio: accel: bma400: Fix uninitialized variable field_value in tap event handling (git-fixes). - iio: accel: kx022a: Fix raw read format (git-fixes). - iio: accel: kx022a: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes). - iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() (git-fixes). - iio: adc: ad7606: Fix typo in the driver name (git-fixes). - iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer (git-fixes). - iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes). - iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes). - iio: adc: ti-lmp92064: add missing select REGMAP_SPI in Kconfig (git-fixes). - iio: amplifiers: ada4250: add missing select REGMAP_SPI in Kconfig (git-fixes). - iio: dac: ad3552r: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes). - iio: dac: ad5766: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes). - iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig (git-fixes). - iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig (git-fixes). - iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig (git-fixes). - iio: frequency: adf4377: add missing select REMAP_SPI in Kconfig (git-fixes). - iio: frequency: admv4420: fix missing select REMAP_SPI in Kconfig (git-fixes). - iio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table() (git-fixes). - iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table() (git-fixes). - iio: gts: Fix uninitialized symbol 'ret' (git-fixes). - iio: gts: fix infinite loop for gain_to_scaletables() (git-fixes). - iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() (git-fixes). - iio: light: al3010: Fix an error handling path in al3010_probe() (git-fixes). - iio: light: opt3001: add missing full-scale range value (git-fixes). - iio: light: veml6030: fix ALS sensor resolution (git-fixes). - iio: light: veml6030: fix IIO device retrieval from embedded device (git-fixes). - iio: light: veml6030: fix microlux value calculation (git-fixes). - iio: magnetometer: ak8975: Convert enum->pointer for data in the match tables (stable-fixes). - iio: magnetometer: ak8975: Fix 'Unexpected device' error (git-fixes). - iio: magnetometer: ak8975: drop incorrect AK09116 compatible (git-fixes). - iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes). - ima: fix buffer overrun in ima_eventdigest_init_common (git-fixes). - initramfs: avoid filename buffer overrun (bsc#1232436). - intel_idle: add Granite Rapids Xeon support (bsc#1231630). - intel_idle: fix ACPI _CST matching for newer Xeon platforms (bsc#1231630). - io_uring/eventfd: move to more idiomatic RCU free usage (git-fixes). - io_uring/io-wq: do not allow pinning outside of cpuset (git-fixes). - io_uring/io-wq: inherit cpuset of cgroup in io worker (git-fixes). - io_uring/net: harden multishot termination case for recv (git-fixes). - io_uring/rw: fix cflags posting for single issue multishot read (git-fixes). - io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (git-fixes). - io_uring/rw: treat -EOPNOTSUPP for IOCB_NOWAIT like -EAGAIN (git-fixes). - io_uring/sqpoll: close race on waiting for sqring entries (git-fixes). - io_uring/sqpoll: do not allow pinning outside of cpuset (git-fixes). - io_uring/sqpoll: do not put cpumask on stack (git-fixes). - io_uring/sqpoll: retain test for whether the CPU is valid (git-fixes). - io_uring: check for presence of task_work rather than TIF_NOTIFY_SIGNAL (git-fixes). - iommu/amd: Allocate the page table root using GFP_KERNEL (git-fixes). - iommu/amd: Do not set the D bit on AMD v2 table entries (git-fixes). - iommu/amd: Fix typo of , instead of ; (git-fixes). - iommu/vt-d: Always reserve a domain ID for identity setup (git-fixes). - iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices (git-fixes). - iommufd: Check the domain owner of the parent before creating a nesting domain (git-fixes). - iommufd: Protect against overflow of ALIGN() during iova allocation (git-fixes). - irqchip/gic-v3-its: Avoid explicit cpumask allocation on stack (git-fixes). - jbd2: Move j_transaction_overhead_buffers into a hole (bsc#1234042). - jbd2: avoid infinite transaction commit loop (bsc#1234039). - jbd2: avoid memleak in jbd2_journal_write_metadata_buffer (bsc#1234043). - jbd2: avoid mount failed when commit block is partial submitted (bsc#1234040). - jbd2: correct the printing of write_flags in jbd2_write_superblock() (bsc#1234045). - jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit (bsc#1231638). - jbd2: fix kernel-doc for j_transaction_overhead_buffers (bsc#1234042). - jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev (bsc#1234044). - jbd2: fix soft lockup in journal_finish_inode_data_buffers() (bsc#1234046). - jbd2: make jbd2_journal_get_max_txn_bufs() internal (bsc#1234041). - jbd2: precompute number of transaction descriptor blocks (bsc#1234042). - jfs: Fix sanity check in dbMount (git-fixes). - jfs: Fix uaf in dbFreeBits (git-fixes). - jfs: Fix uninit-value access of new_ea in ea_buffer (git-fixes). - jfs: UBSAN: shift-out-of-bounds in dbFindBits (git-fixes). - jfs: check if leafidx greater than num leaves per dmap tree (git-fixes). - jump_label: Fix static_key_slow_dec() yet again (git-fixes). - kABI fix of VM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) (git-fixes). - kABI: Restore exported __arm_smccc_sve_check (git-fixes) - kABI: bpf: enum bpf_{type_flag,arg_type} kABI workaround (git-fixes). - kABI: bpf: struct bpf_insn_acces_aux kABI workaround (git-fixes). - kabi, mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling (git-fixes kabi). - kasan: Fix Software Tag-Based KASAN with GCC (git-fixes). - kasan: move checks to do_strncpy_from_user (git-fixes). - kbuild, bpf: Use test-ge check for v1.25-only pahole (bsc#1230414 bsc#1229450). - kbuild,bpf: Add module-specific pahole flags for distilled base BTF (bsc#1230414 bsc#1229450). - kbuild,bpf: Switch to using --btf_features for pahole v1.26 and later (bsc#1230414 bsc#1229450). - kbuild: avoid too many execution of scripts/pahole-flags.sh (bsc#1230414 bsc#1229450). - kbuild: bpf: Tell pahole to DECL_TAG kfuncs (bsc#1230414 bsc#1229450). - kconfig: qconf: fix buffer overflow in debug links (git-fixes). - kernel-binary: Enable livepatch package only when livepatch is enabled (bsc#1218644). - kexec_file: fix elfcorehdr digest exclusion when CONFIG_CRASH_HOTPLUG=y (git-fixes). - keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry (git-fixes). - keys: Fix overwrite of key expiration on instantiation (git-fixes). - kthread: unpark only parked kthread (git-fixes). - leds: lp55xx: Remove redundant test for invalid channel number (git-fixes). - lib/xarray: introduce a new helper xas_get_order (bsc#1231617). - lib: string_helpers: silence snprintf() output truncation warning (git-fixes). - mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING (git-fixes). - macsec: do not increment counters for an unrelated SA (git-fixes). - mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb() (git-fixes). - maple_tree: correct tree corruption on spanning store (git-fixes). - maple_tree: fix alloc node fail issue (git-fixes). - maple_tree: refine mas_store_root() on storing NULL (git-fixes). - media: adv7604: prevent underflow condition when reporting colorspace (git-fixes). - media: amphion: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes). - media: amphion: Set video drvdata before register video device (git-fixes). - media: ar0521: do not overflow when checking PLL values (git-fixes). - media: atomisp: Add check for rgby_data memory allocation failure (git-fixes). - media: bttv: use audio defaults for winfast2000 (git-fixes). - media: core: v4l2-ioctl: check if ioctl is known to avoid NULL name (git-fixes). - media: cx24116: prevent overflows on SNR calculus (git-fixes). - media: dvb_frontend: do not play tricks with underflow values (git-fixes). - media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set (stable-fixes). - media: dvbdev: prevent the risk of out of memory access (git-fixes). - media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate() (git-fixes). - media: i2c: dw9768: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes). - media: i2c: imx335: Enable regulator supplies (stable-fixes). - media: i2c: tc358743: Fix crash in the probe error path when using polling (git-fixes). - media: imx-jpeg: Ensure power suppliers be suspended before detach them (git-fixes). - media: imx-jpeg: Set video drvdata before register video device (git-fixes). - media: imx335: Fix reset-gpio handling (git-fixes). - media: mantis: remove orphan mantis_core.h (git-fixes). - media: mtk-jpeg: Fix null-ptr-deref during unload module (git-fixes). - media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning (git-fixes). - media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() (git-fixes). - media: platform: exynos4-is: Fix an OF node reference leak in fimc_md_is_isp_available (git-fixes). - media: pulse8-cec: fix data timestamp at pulse8_setup() (git-fixes). - media: s5p-jpeg: prevent buffer overflows (git-fixes). - media: stb0899_algo: initialize cfr before using it (git-fixes). - media: ts2020: fix null-ptr-deref in ts2020_probe() (git-fixes). - media: uvcvideo: Require entities to have a non-zero unique ID (git-fixes). - media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (git-fixes). - media: uvcvideo: Stop stream during unregister (git-fixes). - media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl() (git-fixes). - media: v4l2-tpg: prevent the risk of a division by zero (git-fixes). - media: vb2: Fix comment (git-fixes). - media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes). - media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() (stable-fixes). - media: videobuf2: fix typo: vb2_dbuf -> vb2_qbuf (git-fixes). - media: wl128x: Fix atomicity violation in fmc_send_cmd() (git-fixes). - mei: use kvmalloc for read buffer (git-fixes). - mfd: intel_soc_pmic_chtwc: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes). - mfd: rt5033: Fix missing regmap_del_irq_chip() (git-fixes). - mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race (git-fixes). - minmax: avoid overly complex min()/max() macro arguments in xen (git-fixes). - minmax: scsi: fix mis-use of 'clamp()' in sr.c (git-fixes). - misc: apds990x: Fix missing pm_runtime_disable() (git-fixes). - mlx5: avoid truncating error message (git-fixes). - mlx5: stop warning for 64KB pages (git-fixes). - mlxbf_gige: disable RX filters until RX path initialized (git-fixes). - mm/filemap: optimize filemap folio adding (bsc#1231617). - mm/filemap: return early if failed to allocate memory for split (bsc#1231617). - mm/hugetlb: fix nodes huge page allocation when there are surplus pages (bsc#1234012). - mm: avoid unsafe VMA hook invocation when error arises on mmap hook (git-fixes). - mm: khugepaged: fix the arguments order in khugepaged_collapse_file trace point (git-fixes). - mm: mmap: no need to call khugepaged_enter_vma() for stack (jsc#PED-10978). - mm: move dummy_vm_ops out of a header (git-fixes prerequisity). - mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling (git-fixes). - mm: refactor map_deny_write_exec() (git-fixes). - mm: resolve faulty mmap_region() error path behaviour (git-fixes). - mm: unconditionally close VMAs on error (git-fixes). - mmc: core: Further prevent card detect during shutdown (git-fixes). - mmc: mmc_spi: drop buggy snprintf() (git-fixes). - mmc: sunxi-mmc: Fix A100 compatible description (git-fixes). - modpost: fix acpi MODULE_DEVICE_TABLE built with mismatched endianness (git-fixes). - modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host (git-fixes). - modpost: remove incorrect code in do_eisa_entry() (git-fixes). - module: abort module loading when sysfs setup suffer errors (git-fixes). - mtd: rawnand: atmel: Fix possible memory leak (git-fixes). - mtd: spi-nor: core: replace dummy buswidth from addr to data (git-fixes). - nbd: fix race between timeout and normal completion (bsc#1230918). - net/mlx5: Add missing masks and QoS bit masks for scheduling elements (git-fixes). - net/mlx5: Added cond_resched() to crdump collection (git-fixes). - net/mlx5: Check capability for fw_reset (git-fixes). - net/mlx5: Check for invalid vector index on EQ creation (git-fixes). - net/mlx5: Explicitly set scheduling element and TSAR type (git-fixes). - net/mlx5: Fix command bitmask initialization (git-fixes). - net/mlx5: Fix error handling in irq_pool_request_irq (git-fixes). - net/mlx5: Lag, do bond only if slaves agree on roce state (git-fixes). - net/mlx5: Lag, do not use the hardcoded value of the first port (git-fixes). - net/mlx5: Stop waiting for PCI if pci channel is offline (git-fixes). - net/mlx5: Unregister notifier on eswitch init failure (git-fixes). - net/mlx5: Update the list of the PCI supported devices (git-fixes). - net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (git-fixes). - net/mlx5e: Add missing link mode to ptys2ext_ethtool_map (git-fixes). - net/mlx5e: Add missing link modes to ptys2ethtool_map (git-fixes). - net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup() (git-fixes). - net/mlx5e: Correctly report errors for ethtool rx flows (git-fixes). - net/mlx5e: Do not call cleanup on profile rollback failure (git-fixes). - net/mlx5e: Fix IPsec tunnel mode offload feature check (git-fixes). - net/mlx5e: Fix UDP GSO for encapsulated packets (git-fixes). - net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets (git-fixes). - net/mlx5e: Require mlx5 tc classifier action support for IPsec prio capability (git-fixes). - net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (git-fixes). - net: mana: Implement get_ringparam/set_ringparam for mana (bsc#1229891). - net: mana: Improve mana_set_channels() in low mem conditions (bsc#1230289). - net: mdio-ipq4019: add missing error check (git-fixes). - net: phy: Remove LED entry from LEDs list on unregister (git-fixes). - net: phy: bcm84881: Fix some error handling paths (git-fixes). - net: phy: dp83822: Fix reset pin definitions (git-fixes). - net: phy: dp83869: fix memory corruption when enabling fiber (git-fixes). - net: phy: ti: add PHY_RST_AFTER_CLK_EN flag (git-fixes). - net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() (git-fixes). - net: qede: use return from qede_parse_actions() (git-fixes). - net: qede: use return from qede_parse_flow_attr() for flow_spec (git-fixes). - net: qede: use return from qede_parse_flow_attr() for flower (git-fixes). - net: relax socket state check at accept time (git-fixes). - net: stmmac: dwmac-tegra: Fix link bring-up sequence (git-fixes) - net: sysfs: Fix /sys/class/net/&lt;iface> path for statistics (git-fixes). - net: test for not too small csum_start in virtio_net_hdr_to_skb() (git-fixes). - net: usb: lan78xx: Fix double free issue with interrupt buffer allocation (git-fixes). - net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device (git-fixes). - net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration (git-fixes). - net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition (stable-fixes). - net: usb: usbnet: fix name regression (get-fixes). - net: usb: usbnet: fix race in probe failure (git-fixes). - net: wwan: fix global oob in wwan_rtnl_policy (git-fixes). - net: wwan: t7xx: Fix off-by-one error in t7xx_dpmaif_rx_buf_alloc() (git-fixes). - net: xfrm: preserve kabi for xfrm_state (bsc#1233754). - netdevsim: copy addresses for both in and out paths (git-fixes). - netdevsim: use cond_resched() in nsim_dev_trap_report_work() (git-fixes). - netfilter: nf_tables: missing iterator type in lookup walk (git-fixes). - nfs: Fix KMSAN warning in decode_getfattr_attrs() (git-fixes). - nfs: avoid i_lock contention in nfs_clear_invalid_mapping (git-fixes). - nfs: fix memory leak in error path of nfs4_do_reclaim (git-fixes). - nfsd: call cache_put if xdr_reserve_space returns NULL (git-fixes). - nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net (git-fixes). - nfsd: enable NFSv2 caused by upstream commit (bsc#1230914). - nfsd: fix delegation_blocked() to block correctly for at least 30 seconds (git-fixes). - nfsd: fix refcount leak when file is unhashed after being found (git-fixes). - nfsd: map the EBADMSG to nfserr_io to avoid warning (git-fixes). - nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire (git-fixes). - nfsd: remove unsafe BUG_ON from set_change_info (bsc#1234121). - nfsd: return -EINVAL when namelen is 0 (git-fixes). - nilfs2: fix kernel bug due to missing clearing of buffer delay flag (git-fixes). - nilfs2: fix potential deadlock with newly created symlinks (git-fixes). - nouveau/dmem: Fix privileged error in copy engine channel (git-fixes). - nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error (git-fixes). - nouveau/dp: handle retries for AUX CH transfers with GSP (git-fixes). - nouveau/gsp: Avoid addressing beyond end of rpc->entries (stable-fixes). - nouveau: fw: sync dma after setup is called (git-fixes). - nouveau: handle EBUSY and EAGAIN for GSP aux errors (git-fixes). - ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes). - ntfs3: Add bounds checking to mi_enum_attr() (bsc#1233207) - nvme-fabrics: fix kernel crash while shutting down controller (git-fixes). - nvme-loop: flush off pending I/O while shutting down loop controller (git-fixes). - nvme-multipath: suppress partition scan until the disk is ready (bsc#1228244). - nvme-pci: fix freeing of the HMB descriptor table (git-fixes). - nvme-pci: fix race condition between reset and nvme_dev_disable() (git-fixes). - nvme-pci: qdepth 1 quirk (git-fixes). - nvme-pci: reverse request order in nvme_queue_rqs (git-fixes). - nvme-pci: set doorbell config before unquiescing (git-fixes). - nvme/host: Fix RCU list traversal to use SRCU primitive (git-fixes). - nvme: disable CC.CRIME (NVME_CC_CRIME) (jsc#PED-9901). - nvme: null terminate nvme_tls_attrs (git-fixes). - nvme: re-fix error-handling for io_uring nvme-passthrough (git-fixes). - nvme: tcp: avoid race between queue_lock lock and destroy (git-fixes). - nvmet-auth: assign dh_key to NULL after kfree_sensitive (git-fixes). - ocfs2: fix UBSAN warning in ocfs2_verify_volume() (git-fixes). - ocfs2: fix the la space leak when unmounting an ocfs2 volume (git-fixes). - ocfs2: fix uninit-value in ocfs2_get_block() (git-fixes). - ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (git-fixes). - ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() (git-fixes). - ocfs2: uncache inode which has failed entering the group (git-fixes). - of: Add cleanup.h based auto release via __free(device_node) markings (bsc#1232386) - parport: Proper fix for array out-of-bounds access (git-fixes). - phy: freescale: imx8m-pcie: Do CMN_RST just before PHY PLL lock check (git-fixes). - phy: qcom: qmp-combo: move driver data initialisation earlier (git-fixes). - phy: qcom: qmp-usb: fix NULL-deref on runtime suspend (git-fixes). - phy: tegra: xusb: Add error pointer check in xusb.c (git-fixes). - phy: ti: phy-j721e-wiz: fix usxgmii configuration (git-fixes). - pinctrl: apple: check devm_kasprintf() returned value (git-fixes). - pinctrl: k210: Undef K210_PC_DEFAULT (git-fixes). - pinctrl: ocelot: fix system hang on level based interrupts (stable-fixes). - pinctrl: qcom: spmi: fix debugfs drive strength (git-fixes). - pinctrl: zynqmp: drop excess struct member description (git-fixes). - platform/chrome: cros_ec_typec: fix missing fwnode reference decrement (git-fixes). - platform/x86/amd/pmc: Detect when STB is not available (git-fixes). - platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug (git-fixes). - platform/x86: dell-sysman: add support for alienware products (stable-fixes). - platform/x86: dell-wmi: Ignore suspend notifications (stable-fixes). - platform/x86: lenovo-ymc: Ignore the 0x0 state (stable-fixes). - platform/x86: panasonic-laptop: Return errno correctly in show callback (git-fixes). - platform/x86: touchscreen_dmi: add nanote-next quirk (stable-fixes). - posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone (bsc#1234098). - power: reset: brcmstb: Do not go into infinite loop if reset fails (stable-fixes). - power: supply: bq27xxx: Fix registers of bq27426 (git-fixes). - power: supply: core: Remove might_sleep() from power_supply_put() (git-fixes). - power: supply: rt9471: Fix wrong WDT function regfield declaration (git-fixes). - power: supply: rt9471: Use IC status regfield to report real charger status (git-fixes). - powercap: intel_rapl: Fix off by one in get_rpi() (git-fixes). - powerpc/64: Convert patch_instruction() to patch_u32() (bsc#1194869). - powerpc/64s: Fix unnecessary copy to 0 when kernel is booted at address 0 (bsc#1215199). - powerpc/atomic: Use YZ constraints for DS-form instructions (bsc#1194869). - powerpc/boot: Handle allocation failure in simple_realloc() (bsc#1194869). - powerpc/boot: Only free if realloc() succeeds (bsc#1194869). - powerpc/code-patching: Add generic memory patching (bsc#1194869). - powerpc/code-patching: Perform hwsync in __patch_instruction() in case of failure (bsc#1194869). - powerpc/crypto: do not build aes-gcm-p10 by default (bsc#1230501 ltc#208632). - powerpc/crypto: fix missing skcipher dependency for aes-gcm-p10 (bsc#1230501 ltc#208632). - powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init() (bsc#1215199). - powerpc/fadump: Refactor and prepare fadump_cma_init for late init (bsc#1215199). - powerpc/kexec: Fix return of uninitialized variable (bsc#1194869). - powerpc/mm/fault: Fix kfence page fault reporting (bsc#1194869). - powerpc/mm: Fix boot crash with FLATMEM (bsc#1194869). - powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL (bsc#1194869). - powerpc/powernv: Free name on error in opal_event_init() (bsc#1194869). - powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector (bsc#1194869). - powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore (bsc#1194869). - powerpc/pseries: Use correct data types from pseries_hp_errorlog struct (bsc#1215199). - powerpc/vdso: Fix VDSO data access when running in a non-root time namespace (bsc#1194869). - powerpc/vdso: Inconditionally use CFUNC macro (bsc#1215199). - powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (bsc#1194869). - powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729). - printk: Add notation to console_srcu locking (bsc#1232183). - pwm: imx-tpm: Use correct MODULO value for EPWM mode (git-fixes). - qed: avoid truncating work queue length (git-fixes). - rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (bsc#1226631). - rcu: Fix buffer overflow in print_cpu_stall_info() (bsc#1226623). - regmap: detach regmap from dev on regmap_exit (git-fixes). - regmap: irq: Set lockdep class for hierarchical IRQ domains (git-fixes). - rpm/check-for-config-changes: add HAVE_RUST and RUSTC_SUPPORTS_ to IGNORED_CONFIGS_RE They depend on SHADOW_CALL_STACK. - rpm/release-projects: Add SLFO projects (bsc#1231293). - rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation (bsc#1218644). - rpmsg: glink: Handle rejected intent request better (git-fixes). - rtc: ab-eoz9: do not fail temperature reads on undervoltage notification (git-fixes). - rtc: abx80x: Fix WDT bit position of the status register (git-fixes). - rtc: bbnsm: add remove hook (git-fixes). - rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (git-fixes). - rtc: rzn1: fix BCD to rtc_time conversion errors (git-fixes). - rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - runtime constants: add default dummy infrastructure (git-fixes). - runtime constants: add x86 architecture support (git-fixes). - s390/mm: Add cond_resched() to cmm_alloc/free_pages() (bsc#1228747). - s390/pci: Handle PCI error codes other than 0x3a (git-fixes bsc#1232629). - s390/sclp: Deactivate sclp after all its users (git-fixes bsc#1232628). - s390/sclp_vt220: Convert newlines to CRLF instead of LFCR (git-fixes bsc#1232627). - scsi: NCR5380: Check for phase match during PDMA fixup (git-fixes). - scsi: NCR5380: Initialize buffer for MSG IN and STATUS transfers (git-fixes). - scsi: Remove scsi device no_start_on_resume flag (git-fixes). - scsi: aacraid: Rearrange order of struct aac_srb_unit (git-fixes). - scsi: cdrom: kABI: fix cdrom_dev_ops change (git-fixes). - scsi: core: Disable CDL by default (git-fixes). - scsi: core: Fix handling of SCMD_FAIL_IF_RECOVERING (git-fixes). - scsi: core: Fix the return value of scsi_logical_block_count() (git-fixes). - scsi: core: Handle devices which return an unusually large VPD page count (git-fixes). - scsi: core: alua: I/O errors for ALUA state transitions (git-fixes). - scsi: fnic: Move flush_work initialization out of if block (bsc#1230055). - scsi: hisi_sas: Handle the NCQ error returned by D2H frame (git-fixes). - scsi: hpsa: Fix allocation size for Scsi_Host private data (git-fixes). - scsi: kABI: restore no_start_on_resume to scsi_device (git-fixes). - scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (git-fixes). - scsi: libsas: Fix the failure of adding phy with zero-address to port (git-fixes). - scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() (bsc#1232757). - scsi: lpfc: Add cleanup of nvmels_wq after HBA reset (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod paths (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting follow up FDMI (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Check devloss callbk done flag for potential stale NDLP ptrs (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Copyright updates for 14.4.0.6 patches (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance (bsc#1232757). - scsi: lpfc: Fix kref imbalance on fabric ndlps from dev_loss_tmo handler (bsc#1232757). - scsi: lpfc: Modify CGN warning signal calculation based on EDC response (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Prevent NDLP reference count underflow in dev_loss_tmo callback (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Remove trailing space after \n newline (bsc#1232757). - scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs (bsc#1232757 bsc#1228119). - scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR to KERN_WARNING (bsc#1232757). - scsi: lpfc: Support loopback tests with VMID enabled (bsc#1232757). - scsi: lpfc: Update lpfc version to 14.4.0.5 (bsc#1232757). - scsi: lpfc: Update lpfc version to 14.4.0.6 (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Update lpfc_els_flush_cmd() to check for SLI_ACTIVE before BSG flag (bsc#1233241 jsc#PED-9943). - scsi: lpfc: Update phba link state conditional before sending CMF_SYNC_WQE (bsc#1232757). - scsi: mac_scsi: Disallow bus errors during PDMA send (git-fixes). - scsi: mac_scsi: Refactor polling loop (git-fixes). - scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages (git-fixes). - scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES (git-fixes). - scsi: mpi3mr: Avoid memcpy field-spanning write WARNING (git-fixes). - scsi: mpi3mr: Avoid possible run-time warning with long manufacturer strings (git-fixes). - scsi: mpi3mr: Fix ATA NCQ priority support (git-fixes). - scsi: mpi3mr: Validate SAS port assignments (git-fixes). - scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (git-fixes). - scsi: pm8001: Do not overwrite PCI queue mapping (git-fixes). - scsi: pm80xx: Set phy->enable_completion only when we wait for it (git-fixes). - scsi: qedf: Set qed_slowpath_params to zero before use (git-fixes). - scsi: scsi_transport_fc: Allow setting rport state to current state (git-fixes). - scsi: sd: Ignore command SYNCHRONIZE CACHE error if format in progress (git-fixes). - scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer (git-fixes). - scsi: smartpqi: correct stream detection (git-fixes). - scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly (git-fixes). - scsi: spi: Fix sshdr use (git-fixes). - scsi: sr: Fix unintentional arithmetic wraparound (git-fixes). - scsi: wd33c93: Do not use stale scsi_pointer value (git-fixes). - security/keys: fix slab-out-of-bounds in key_task_permission (git-fixes). - selftests/bpf: Add a test case to write mtu result into .rodata (git-fixes). - selftests/bpf: Add a test case to write strtol result into .rodata (git-fixes). - selftests/bpf: Add test for sign extension in coerce_subreg_to_size_sx() (git-fixes). - selftests/bpf: Add test for truncation after sign extension in coerce_reg_to_size_sx() (git-fixes). - selftests/bpf: Add tests for ldsx of pkt data/data_end/data_meta accesses (git-fixes). - selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test (git-fixes). - selftests/bpf: Rename ARG_PTR_TO_LONG test description (git-fixes). - selftests/bpf: test for malformed BPF_CORE_TYPE_ID_LOCAL relocation (git-fixes). - serial: 8250: omap: Move pm_runtime_get_sync (git-fixes). - serial: imx: Update mctrl old_status on RTSD interrupt (git-fixes). - serial: protect uart_port_dtr_rts() in uart_shutdown() too (stable-fixes). - signal: Replace BUG_ON()s (bsc#1234093). - soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting() (git-fixes). - soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (git-fixes). - soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - soundwire: intel_bus_common: enable interrupts before exiting reset (stable-fixes). - spi: Fix acpi deferred irq probe (git-fixes). - spi: atmel-quadspi: Fix register name in verbose logging function (git-fixes). - spi: atmel-quadspi: Fix wrong register value written to MR (git-fixes). - spi: mpc52xx: Add cancel_work_sync before module remove (git-fixes). - spi: mtk-snfi: fix kerneldoc for mtk_snand_is_page_ops() (git-fixes). - spi: s3c64xx: fix timeout counters in flush_fifo (git-fixes). - spi: spi-fsl-dspi: Fix crash when not using GPIO chip select (git-fixes). - spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes). - spi: tegra210-quad: Avoid shift-out-of-bounds (git-fixes). - splice: always fsnotify_access(in), fsnotify_modify(out) on success (git-fixes). - splice: fsnotify_access(fd)/fsnotify_modify(fd) in vmsplice (git-fixes). - splice: fsnotify_access(in), fsnotify_modify(out) on success in tee (git-fixes). - srcu: Fix callbacks acceleration mishandling (git-fixes). - staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() (git-fixes). - sumversion: Fix a memory leak in get_src_version() (git-fixes). - supported.conf: mark nhpoly1305 module as supported (bsc#1231035). - supported.conf: mark ultravisor userspace access as supported (bsc#1232090). - task_work: add kerneldoc annotation for 'data' argument (git-fixes). - tcp: Fix refcnt handling in __inet_hash_connect() (git-fixes). - thermal: core: Initialize thermal zones before registering them (git-fixes). - thermal: int3400: Fix reading of current_uuid for active policy (git-fixes). - thermal: intel: int340x: processor: Fix warning during module unload (git-fixes). - thunderbolt: Honor TMU requirements in the domain when setting TMU mode (stable-fixes). - thunderbolt: Improve DisplayPort tunnel setup process to be more robust (stable-fixes). - tools/lib/thermal: Fix sampling handler context ptr (git-fixes). - tools/power turbostat: Fix trailing '\n' parsing (git-fixes). - tools/power turbostat: Increase the limit for fd opened (bsc#1233119). - tools: hv: rm .*.cmd when make clean (git-fixes). - tpm: Lock TPM chip in tpm_pm_suspend() first (bsc#1082555 git-fixes). - tpm: fix signed/unsigned bug when checking event logs (git-fixes). - tracing/hwlat: Fix a race during cpuhp processing (git-fixes). - tracing/osnoise: Fix build when timerlat is not enabled (git-fixes). - tracing/osnoise: Skip running osnoise if all instances are off (git-fixes). - tracing/osnoise: Switch from PF_NO_SETAFFINITY to migrate_disable (git-fixes). - tracing/osnoise: Use a cpumask to know what threads are kthreads (git-fixes). - tracing/timerlat: Add interface_lock around clearing of kthread in stop_kthread() (git-fixes). - tracing/timerlat: Add user-space interface (git-fixes). - tracing/timerlat: Drop interface_lock in stop_kthread() (git-fixes). - tracing/timerlat: Fix a race during cpuhp processing (git-fixes). - tracing/timerlat: Fix duplicated kthread creation due to CPU online/offline (git-fixes). - tracing/timerlat: Move hrtimer_init to timerlat_fd open() (git-fixes). - tracing/timerlat: Only clear timer if a kthread exists (git-fixes). - tracing: Consider the NULL character when validating the event length (git-fixes). - tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler (git-fixes). - tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (stable-fixes). - u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file (git-fixes). - ubifs: Fix adding orphan entry twice for the same inode (git-fixes). - ubifs: Fix unattached xattr inode if powercut happens after deleting (git-fixes). - ubifs: add check for crypto_shash_tfm_digest (git-fixes). - ubifs: dbg_orphan_check: Fix missed key type checking (git-fixes). - ucounts: fix counter leak in inc_rlimit_get_ucounts() (bsc#1233460). - unicode: Do not special case ignorable code points (stable-fixes). - unicode: Fix utf8_load() error path (git-fixes). - uprobe: avoid out-of-bounds memory access of fetching args (git-fixes). - uprobes: encapsulate preparation of uprobe args buffer (git-fixes). - uprobes: introduce the global struct vm_special_mapping xol_mapping (bsc#1231114). - uprobes: turn xol_area->pages into xol_area->page (bsc#1231114). - usb: chipidea: udc: enable suspend interrupt after usb reset (stable-fixes). - usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario (stable-fixes). - usb: dwc3: Wait for EndXfer completion before restoring GUSB2PHYCFG (git-fixes). - usb: dwc3: core: Stop processing of pending events if controller is halted (git-fixes). - usb: dwc3: gadget: Add missing check for single port RAM in TxFIFO resizing logic (git-fixes). - usb: dwc3: gadget: Fix checking for number of TRBs left (git-fixes). - usb: dwc3: gadget: Fix looping of queued SG entries (git-fixes). - usb: ehci-spear: fix call balance of sehci clk handling routines (git-fixes). - usb: gadget: core: force synchronous registration (git-fixes). - usb: gadget: dummy_hcd: Set transfer interval to 1 microframe (stable-fixes). - usb: gadget: dummy_hcd: Switch to hrtimer transfer scheduler (stable-fixes). - usb: gadget: dummy_hcd: execute hrtimer callback in softirq context (git-fixes). - usb: gadget: f_uac2: Replace snprintf() with the safer scnprintf() variant (stable-fixes). - usb: gadget: f_uac2: fix non-newline-terminated function name (stable-fixes). - usb: gadget: f_uac2: fix return value for UAC2_ATTRIBUTE_STRING store (git-fixes). - usb: musb: Fix hardware lockup on first Rx endpoint request (git-fixes). - usb: musb: sunxi: Fix accessing an released usb phy (git-fixes). - usb: phy: Fix API devm_usb_put_phy() can not release the phy (git-fixes). - usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip (stable-fixes). - usb: typec: altmode should keep reference to parent (git-fixes). - usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() (git-fixes). - usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() (git-fixes). - usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() (git-fixes). - usb: xhci: Fix TD invalidation under pending Set TR Dequeue (git-fixes). - usb: xhci: Fix problem with xhci resume from suspend (stable-fixes). - usb: xhci: fix loss of data on Cadence xHC (git-fixes). - usb: yurex: make waiting on yurex_write interruptible (git-fixes). - usbip: tools: Fix detach_port() invalid port error path (git-fixes). - usbnet: fix cyclical race on disconnect with work queue (git-fixes). - vdpa: Fix an error handling path in eni_vdpa_probe() (git-fixes). - vdpa_sim_blk: Fix the potential leak of mgmt_dev (git-fixes). - vdpa_sim_blk: allocate the buffer zeroed (git-fixes). - vduse: avoid using __GFP_NOFAIL (git-fixes). - vfs: dcache: move hashlen_hash() from callers into d_hash() (git-fixes). - vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (git-fixes). - vhost_vdpa: assign irq bypass producer token correctly (git-fixes). - virtio_console: fix misc probe bugs (git-fixes). - vmalloc: modify the alloc_vmap_area() error message for better diagnostics (jsc#PED-10978). - vmxnet3: Add XDP support (bsc#1226498). - vmxnet3: Fix missing reserved tailroom (bsc#1226498). - vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame (bsc#1226498). - vmxnet3: add command to allow disabling of offloads (bsc#1226498). - vmxnet3: add latency measurement support in vmxnet3 (bsc#1226498). - vmxnet3: prepare for version 9 changes (bsc#1226498). - vmxnet3: update to version 9 (bsc#1226498). - vsock: Update msg_count on read_skb() (git-fixes). - vt: prevent kernel-infoleak in con_font_get() (git-fixes). - watchdog: apple: Actually flush writes after requesting watchdog restart (git-fixes). - watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() (git-fixes). - watchdog: rti: of: honor timeout-sec property (git-fixes). - wifi: ath10k: Fix memory leak in management tx (git-fixes). - wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 (git-fixes). - wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 (git-fixes). - wifi: ath11k: Fix CE offset address calculation for WCN6750 in SSR (git-fixes). - wifi: ath11k: Fix invalid ring usage in full monitor mode (git-fixes). - wifi: ath11k: fix array out-of-bound access in SoC stats (stable-fixes). - wifi: ath12k: Skip Rx TID cleanup for self peer (git-fixes). - wifi: ath12k: fix array out-of-bound access in SoC stats (stable-fixes). - wifi: ath12k: fix crash when unbinding (git-fixes). - wifi: ath12k: fix warning when unbinding (git-fixes). - wifi: ath12k: remove msdu_end structure for WCN7850 (git-fixes). - wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (git-fixes). - wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() (stable-fixes). - wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit (stable-fixes). - wifi: brcm80211: BRCM_TRACING should depend on TRACING (git-fixes). - wifi: brcmfmac: release 'root' node in all execution paths (git-fixes). - wifi: cfg80211: Set correct chandef when starting CAC (stable-fixes). - wifi: cfg80211: clear wdev->cqm_config pointer on free (git-fixes). - wifi: cw1200: Fix potential NULL dereference (git-fixes). - wifi: iwlegacy: Clear stale interrupts before resuming device (stable-fixes). - wifi: iwlegacy: Fix 'field-spanning write' warning in il_enqueue_hcmd() (git-fixes). - wifi: iwlwifi: allow only CN mcc from WRDD (stable-fixes). - wifi: iwlwifi: config: label 'gl' devices as discrete (git-fixes). - wifi: iwlwifi: mvm: Fix a race in scan abort flow (stable-fixes). - wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() (git-fixes). - wifi: iwlwifi: mvm: avoid NULL pointer dereference (stable-fixes). - wifi: iwlwifi: mvm: do not add default link in fw restart flow (git-fixes). - wifi: iwlwifi: mvm: do not leak a link on AP removal (git-fixes). - wifi: iwlwifi: mvm: drop wrong STA selection in TX (stable-fixes). - wifi: iwlwifi: mvm: use correct key iteration (stable-fixes). - wifi: iwlwifi: remove AX101, AX201 and AX203 support from LNL (stable-fixes). - wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower (git-fixes). - wifi: mac80211: fix RCU list iterations (stable-fixes). - wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys (git-fixes). - wifi: mt76: mt7915: add dummy HW offload of IEEE 802.11 fragmentation (stable-fixes). - wifi: mt76: mt7915: disable tx worker during tx BA session enable/disable (stable-fixes). - wifi: mt76: mt7915: hold dev->mt76.mutex while disabling tx worker (stable-fixes). - wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() (stable-fixes). - wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (git-fixes). - wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - wifi: rtw88: 8821cu: Remove VID/PID 0bda:c82c (stable-fixes). - wifi: rtw88: Fix USB/SDIO devices not transmitting beacons (git-fixes). - wifi: rtw88: select WANT_DEV_COREDUMP (stable-fixes). - wifi: rtw89: avoid reading out of bounds when loading TX power FW elements (stable-fixes). - wifi: rtw89: avoid to add interface to list twice when SER (stable-fixes). - wifi: rtw89: correct base HT rate mask for firmware (stable-fixes). - wifi: wfx: Fix error handling in wfx_core_init() (git-fixes). - x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client (bsc#1233443). - x86/CPU/AMD: Only apply Zenbleed fix for Zen2 during late microcode load (git-fixes). - x86/Documentation: Indent 'note::' directive for protocol version number note (git-fixes). - x86/PCI: Check pcie_find_root_port() return for NULL (git-fixes). - x86/amd_nb: Add new PCI IDs for AMD family 1Ah model 60h (git-fixes). - x86/apic: Always explicitly disarm TSC-deadline timer (git-fixes). - x86/apic: Make x2apic_disable() work correctly (git-fixes). - x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (git-fixes). - x86/bugs: Skip RSB fill at VMEXIT (git-fixes). - x86/cpufeatures: Add a IBPB_NO_RET BUG flag (git-fixes). - x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (git-fixes). - x86/entry: Have entry_ibpb() invalidate return predictions (git-fixes). - x86/entry: Remove unwanted instrumentation in common_interrupt() (git-fixes). - x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency (git-fixes). - x86/microcode/intel: Remove unnecessary cache writeback and invalidation (git-fixes). - x86/mm: Use IPIs to synchronize LAM enablement (git-fixes). - x86/resctrl: Annotate get_mem_config() functions as __init (git-fixes). - x86/resctrl: Avoid overflow in MB settings in bw_validate() (git-fixes). - x86/resctrl: Remove hard-coded memory bandwidth limit (git-fixes). - x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler (git-fixes). - x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments() (git-fixes). - x86/tdx: Dynamically disable SEPT violations from causing #VEs (git-fixes). - x86/tdx: Enable CPU topology enumeration (git-fixes). - x86/tdx: Introduce wrappers to read and write TD metadata (git-fixes). - x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup() (git-fixes). - x86/traps: move kmsan check after instrumentation_begin (git-fixes). - x86: Increase brk randomness entropy for 64-bit systems (git-fixes). - x86: do the user address masking outside the user access area (git-fixes). - x86: fix off-by-one in access_ok() (git-fixes). - x86: fix user address masking non-canonical speculation issue (git-fixes). - x86: make the masked_user_access_begin() macro use its argument only once (git-fixes). - x86: support user address masking instead of non-speculative conditional (git-fixes). - xfrm: Export symbol xfrm_dev_state_delete (bsc#1233754). - xfrm: Fix unregister netdevice hang on hardware offload (bsc#1233754). - xfs: check opcode and iovec count match in xlog_recover_attri_commit_pass2 (git-fixes). - xfs: check shortform attr entry flags specifically (git-fixes). - xfs: convert delayed extents to unwritten when zeroing post eof blocks (git-fixes). - xfs: fix finding a last resort AG in xfs_filestream_pick_ag (git-fixes). - xfs: fix freeing speculative preallocations for preallocated files (git-fixes). - xfs: make sure sb_fdblocks is non-negative (git-fixes). - xfs: make the seq argument to xfs_bmapi_convert_delalloc() optional (git-fixes). - xfs: make xfs_bmapi_convert_delalloc() to allocate the target offset (git-fixes). - xfs: remove a racy if_bytes check in xfs_reflink_end_cow_extent (git-fixes). - xfs: validate recovered name buffers when recovering xattr items (git-fixes). - xhci: Add a quirk for writing ERST in high-low order (git-fixes). - xhci: Fix Link TRB DMA in command ring stopped completion event (git-fixes). - xhci: Fix incorrect stream context type macro (git-fixes). - xhci: Mitigate failed set dequeue pointer commands (git-fixes). - xhci: Use pm_runtime_get to prevent RPM on unsupported systems (git-fixes). - xhci: tegra: fix checked USB2 port number (git-fixes). - zonefs: Improve error handling (git-fixes). Important SUSE bug 1012628 SUSE bug 1065729 SUSE bug 1082555 SUSE bug 1194869 SUSE bug 1215199 SUSE bug 1217845 SUSE bug 1218562 SUSE bug 1218644 SUSE bug 1219596 SUSE bug 1219803 SUSE bug 1220355 SUSE bug 1220382 SUSE bug 1221309 SUSE bug 1222423 SUSE bug 1222587 SUSE bug 1222590 SUSE bug 1223112 SUSE bug 1223384 SUSE bug 1223656 SUSE bug 1223700 SUSE bug 1223733 SUSE bug 1223824 SUSE bug 1223848 SUSE bug 1224088 SUSE bug 1224429 SUSE bug 1224518 SUSE bug 1224548 SUSE bug 1224574 SUSE bug 1224948 SUSE bug 1225611 SUSE bug 1225713 SUSE bug 1225725 SUSE bug 1225730 SUSE bug 1225742 SUSE bug 1225764 SUSE bug 1225768 SUSE bug 1225813 SUSE bug 1225903 SUSE bug 1226003 SUSE bug 1226130 SUSE bug 1226498 SUSE bug 1226623 SUSE bug 1226631 SUSE bug 1226748 SUSE bug 1226797 SUSE bug 1226848 SUSE bug 1226872 SUSE bug 1227726 SUSE bug 1227842 SUSE bug 1228119 SUSE bug 1228244 SUSE bug 1228269 SUSE bug 1228410 SUSE bug 1228430 SUSE bug 1228454 SUSE bug 1228537 SUSE bug 1228620 SUSE bug 1228743 SUSE bug 1228747 SUSE bug 1228850 SUSE bug 1228857 SUSE bug 1229019 SUSE bug 1229165 SUSE bug 1229429 SUSE bug 1229450 SUSE bug 1229585 SUSE bug 1229677 SUSE bug 1229769 SUSE bug 1229808 SUSE bug 1229891 SUSE bug 1230055 SUSE bug 1230132 SUSE bug 1230179 SUSE bug 1230220 SUSE bug 1230231 SUSE bug 1230289 SUSE bug 1230295 SUSE bug 1230339 SUSE bug 1230341 SUSE bug 1230375 SUSE bug 1230414 SUSE bug 1230429 SUSE bug 1230456 SUSE bug 1230501 SUSE bug 1230527 SUSE bug 1230550 SUSE bug 1230557 SUSE bug 1230558 SUSE bug 1230600 SUSE bug 1230620 SUSE bug 1230710 SUSE bug 1230733 SUSE bug 1230762 SUSE bug 1230763 SUSE bug 1230773 SUSE bug 1230774 SUSE bug 1230801 SUSE bug 1230807 SUSE bug 1230817 SUSE bug 1230827 SUSE bug 1230831 SUSE bug 1230914 SUSE bug 1230918 SUSE bug 1230971 SUSE bug 1231016 SUSE bug 1231035 SUSE bug 1231072 SUSE bug 1231073 SUSE bug 1231075 SUSE bug 1231076 SUSE bug 1231081 SUSE bug 1231082 SUSE bug 1231083 SUSE bug 1231084 SUSE bug 1231085 SUSE bug 1231087 SUSE bug 1231089 SUSE bug 1231092 SUSE bug 1231093 SUSE bug 1231094 SUSE bug 1231096 SUSE bug 1231098 SUSE bug 1231100 SUSE bug 1231101 SUSE bug 1231102 SUSE bug 1231105 SUSE bug 1231108 SUSE bug 1231111 SUSE bug 1231114 SUSE bug 1231115 SUSE bug 1231116 SUSE bug 1231117 SUSE bug 1231131 SUSE bug 1231132 SUSE bug 1231135 SUSE bug 1231136 SUSE bug 1231138 SUSE bug 1231148 SUSE bug 1231169 SUSE bug 1231170 SUSE bug 1231171 SUSE bug 1231178 SUSE bug 1231179 SUSE bug 1231182 SUSE bug 1231183 SUSE bug 1231187 SUSE bug 1231191 SUSE bug 1231193 SUSE bug 1231195 SUSE bug 1231197 SUSE bug 1231200 SUSE bug 1231202 SUSE bug 1231203 SUSE bug 1231276 SUSE bug 1231293 SUSE bug 1231384 SUSE bug 1231434 SUSE bug 1231435 SUSE bug 1231436 SUSE bug 1231439 SUSE bug 1231440 SUSE bug 1231441 SUSE bug 1231442 SUSE bug 1231452 SUSE bug 1231453 SUSE bug 1231465 SUSE bug 1231474 SUSE bug 1231481 SUSE bug 1231496 SUSE bug 1231502 SUSE bug 1231537 SUSE bug 1231539 SUSE bug 1231540 SUSE bug 1231541 SUSE bug 1231617 SUSE bug 1231630 SUSE bug 1231634 SUSE bug 1231635 SUSE bug 1231636 SUSE bug 1231637 SUSE bug 1231638 SUSE bug 1231639 SUSE bug 1231640 SUSE bug 1231673 SUSE bug 1231828 SUSE bug 1231849 SUSE bug 1231855 SUSE bug 1231856 SUSE bug 1231857 SUSE bug 1231858 SUSE bug 1231859 SUSE bug 1231860 SUSE bug 1231861 SUSE bug 1231864 SUSE bug 1231865 SUSE bug 1231868 SUSE bug 1231869 SUSE bug 1231871 SUSE bug 1231872 SUSE bug 1231901 SUSE bug 1231902 SUSE bug 1231903 SUSE bug 1231904 SUSE bug 1231906 SUSE bug 1231907 SUSE bug 1231908 SUSE bug 1231914 SUSE bug 1231916 SUSE bug 1231920 SUSE bug 1231924 SUSE bug 1231926 SUSE bug 1231930 SUSE bug 1231931 SUSE bug 1231935 SUSE bug 1231942 SUSE bug 1231944 SUSE bug 1231946 SUSE bug 1231947 SUSE bug 1231950 SUSE bug 1231951 SUSE bug 1231952 SUSE bug 1231953 SUSE bug 1231954 SUSE bug 1231955 SUSE bug 1231956 SUSE bug 1231957 SUSE bug 1231965 SUSE bug 1231967 SUSE bug 1231968 SUSE bug 1231987 SUSE bug 1231988 SUSE bug 1231989 SUSE bug 1231990 SUSE bug 1231998 SUSE bug 1232000 SUSE bug 1232003 SUSE bug 1232009 SUSE bug 1232013 SUSE bug 1232015 SUSE bug 1232016 SUSE bug 1232017 SUSE bug 1232018 SUSE bug 1232033 SUSE bug 1232034 SUSE bug 1232036 SUSE bug 1232043 SUSE bug 1232047 SUSE bug 1232048 SUSE bug 1232049 SUSE bug 1232050 SUSE bug 1232056 SUSE bug 1232075 SUSE bug 1232076 SUSE bug 1232079 SUSE bug 1232080 SUSE bug 1232083 SUSE bug 1232084 SUSE bug 1232085 SUSE bug 1232089 SUSE bug 1232090 SUSE bug 1232093 SUSE bug 1232094 SUSE bug 1232096 SUSE bug 1232097 SUSE bug 1232098 SUSE bug 1232103 SUSE bug 1232104 SUSE bug 1232105 SUSE bug 1232109 SUSE bug 1232111 SUSE bug 1232114 SUSE bug 1232116 SUSE bug 1232117 SUSE bug 1232124 SUSE bug 1232126 SUSE bug 1232127 SUSE bug 1232129 SUSE bug 1232130 SUSE bug 1232131 SUSE bug 1232132 SUSE bug 1232134 SUSE bug 1232135 SUSE bug 1232140 SUSE bug 1232141 SUSE bug 1232142 SUSE bug 1232145 SUSE bug 1232147 SUSE bug 1232148 SUSE bug 1232149 SUSE bug 1232151 SUSE bug 1232152 SUSE bug 1232154 SUSE bug 1232155 SUSE bug 1232156 SUSE bug 1232157 SUSE bug 1232159 SUSE bug 1232160 SUSE bug 1232162 SUSE bug 1232164 SUSE bug 1232165 SUSE bug 1232166 SUSE bug 1232174 SUSE bug 1232180 SUSE bug 1232182 SUSE bug 1232183 SUSE bug 1232185 SUSE bug 1232187 SUSE bug 1232189 SUSE bug 1232192 SUSE bug 1232195 SUSE bug 1232196 SUSE bug 1232198 SUSE bug 1232199 SUSE bug 1232200 SUSE bug 1232201 SUSE bug 1232207 SUSE bug 1232208 SUSE bug 1232217 SUSE bug 1232218 SUSE bug 1232220 SUSE bug 1232221 SUSE bug 1232222 SUSE bug 1232224 SUSE bug 1232232 SUSE bug 1232250 SUSE bug 1232251 SUSE bug 1232253 SUSE bug 1232254 SUSE bug 1232255 SUSE bug 1232256 SUSE bug 1232258 SUSE bug 1232259 SUSE bug 1232260 SUSE bug 1232262 SUSE bug 1232263 SUSE bug 1232264 SUSE bug 1232272 SUSE bug 1232275 SUSE bug 1232279 SUSE bug 1232282 SUSE bug 1232285 SUSE bug 1232287 SUSE bug 1232295 SUSE bug 1232305 SUSE bug 1232307 SUSE bug 1232309 SUSE bug 1232310 SUSE bug 1232312 SUSE bug 1232313 SUSE bug 1232314 SUSE bug 1232315 SUSE bug 1232316 SUSE bug 1232317 SUSE bug 1232318 SUSE bug 1232329 SUSE bug 1232332 SUSE bug 1232333 SUSE bug 1232334 SUSE bug 1232335 SUSE bug 1232337 SUSE bug 1232339 SUSE bug 1232340 SUSE bug 1232342 SUSE bug 1232345 SUSE bug 1232349 SUSE bug 1232352 SUSE bug 1232354 SUSE bug 1232355 SUSE bug 1232357 SUSE bug 1232358 SUSE bug 1232359 SUSE bug 1232361 SUSE bug 1232362 SUSE bug 1232366 SUSE bug 1232367 SUSE bug 1232368 SUSE bug 1232369 SUSE bug 1232370 SUSE bug 1232371 SUSE bug 1232374 SUSE bug 1232378 SUSE bug 1232381 SUSE bug 1232383 SUSE bug 1232385 SUSE bug 1232386 SUSE bug 1232387 SUSE bug 1232392 SUSE bug 1232394 SUSE bug 1232395 SUSE bug 1232396 SUSE bug 1232413 SUSE bug 1232416 SUSE bug 1232417 SUSE bug 1232418 SUSE bug 1232424 SUSE bug 1232427 SUSE bug 1232432 SUSE bug 1232435 SUSE bug 1232436 SUSE bug 1232442 SUSE bug 1232446 SUSE bug 1232483 SUSE bug 1232494 SUSE bug 1232498 SUSE bug 1232499 SUSE bug 1232500 SUSE bug 1232501 SUSE bug 1232502 SUSE bug 1232503 SUSE bug 1232504 SUSE bug 1232505 SUSE bug 1232506 SUSE bug 1232507 SUSE bug 1232511 SUSE bug 1232519 SUSE bug 1232520 SUSE bug 1232529 SUSE bug 1232552 SUSE bug 1232623 SUSE bug 1232626 SUSE bug 1232627 SUSE bug 1232628 SUSE bug 1232629 SUSE bug 1232704 SUSE bug 1232757 SUSE bug 1232768 SUSE bug 1232819 SUSE bug 1232823 SUSE bug 1232860 SUSE bug 1232869 SUSE bug 1232870 SUSE bug 1232873 SUSE bug 1232876 SUSE bug 1232877 SUSE bug 1232878 SUSE bug 1232880 SUSE bug 1232881 SUSE bug 1232884 SUSE bug 1232885 SUSE bug 1232887 SUSE bug 1232888 SUSE bug 1232890 SUSE bug 1232892 SUSE bug 1232894 SUSE bug 1232896 SUSE bug 1232897 SUSE bug 1232905 SUSE bug 1232907 SUSE bug 1232914 SUSE bug 1232919 SUSE bug 1232925 SUSE bug 1232926 SUSE bug 1232928 SUSE bug 1232935 SUSE bug 1233029 SUSE bug 1233032 SUSE bug 1233035 SUSE bug 1233036 SUSE bug 1233041 SUSE bug 1233044 SUSE bug 1233049 SUSE bug 1233050 SUSE bug 1233051 SUSE bug 1233056 SUSE bug 1233057 SUSE bug 1233061 SUSE bug 1233062 SUSE bug 1233063 SUSE bug 1233065 SUSE bug 1233067 SUSE bug 1233070 SUSE bug 1233073 SUSE bug 1233074 SUSE bug 1233088 SUSE bug 1233091 SUSE bug 1233092 SUSE bug 1233097 SUSE bug 1233100 SUSE bug 1233103 SUSE bug 1233104 SUSE bug 1233105 SUSE bug 1233106 SUSE bug 1233107 SUSE bug 1233108 SUSE bug 1233110 SUSE bug 1233111 SUSE bug 1233113 SUSE bug 1233114 SUSE bug 1233115 SUSE bug 1233117 SUSE bug 1233119 SUSE bug 1233123 SUSE bug 1233125 SUSE bug 1233127 SUSE bug 1233129 SUSE bug 1233130 SUSE bug 1233132 SUSE bug 1233135 SUSE bug 1233176 SUSE bug 1233179 SUSE bug 1233185 SUSE bug 1233188 SUSE bug 1233189 SUSE bug 1233191 SUSE bug 1233193 SUSE bug 1233197 SUSE bug 1233201 SUSE bug 1233203 SUSE bug 1233205 SUSE bug 1233206 SUSE bug 1233207 SUSE bug 1233208 SUSE bug 1233209 SUSE bug 1233210 SUSE bug 1233211 SUSE bug 1233212 SUSE bug 1233216 SUSE bug 1233217 SUSE bug 1233219 SUSE bug 1233226 SUSE bug 1233238 SUSE bug 1233241 SUSE bug 1233244 SUSE bug 1233253 SUSE bug 1233255 SUSE bug 1233293 SUSE bug 1233298 SUSE bug 1233305 SUSE bug 1233320 SUSE bug 1233350 SUSE bug 1233443 SUSE bug 1233452 SUSE bug 1233453 SUSE bug 1233454 SUSE bug 1233456 SUSE bug 1233457 SUSE bug 1233458 SUSE bug 1233460 SUSE bug 1233462 SUSE bug 1233463 SUSE bug 1233464 SUSE bug 1233465 SUSE bug 1233468 SUSE bug 1233471 SUSE bug 1233476 SUSE bug 1233478 SUSE bug 1233479 SUSE bug 1233481 SUSE bug 1233484 SUSE bug 1233485 SUSE bug 1233487 SUSE bug 1233490 SUSE bug 1233491 SUSE bug 1233523 SUSE bug 1233524 SUSE bug 1233540 SUSE bug 1233547 SUSE bug 1233548 SUSE bug 1233550 SUSE bug 1233552 SUSE bug 1233553 SUSE bug 1233554 SUSE bug 1233555 SUSE bug 1233557 SUSE bug 1233560 SUSE bug 1233561 SUSE bug 1233564 SUSE bug 1233566 SUSE bug 1233567 SUSE bug 1233568 SUSE bug 1233570 SUSE bug 1233572 SUSE bug 1233573 SUSE bug 1233577 SUSE bug 1233580 SUSE bug 1233640 SUSE bug 1233641 SUSE bug 1233642 SUSE bug 1233721 SUSE bug 1233754 SUSE bug 1233756 SUSE bug 1233769 SUSE bug 1233771 SUSE bug 1233977 SUSE bug 1234009 SUSE bug 1234011 SUSE bug 1234012 SUSE bug 1234025 SUSE bug 1234039 SUSE bug 1234040 SUSE bug 1234041 SUSE bug 1234042 SUSE bug 1234043 SUSE bug 1234044 SUSE bug 1234045 SUSE bug 1234046 SUSE bug 1234072 SUSE bug 1234078 SUSE bug 1234081 SUSE bug 1234083 SUSE bug 1234085 SUSE bug 1234087 SUSE bug 1234093 SUSE bug 1234098 SUSE bug 1234108 SUSE bug 1234121 SUSE bug 1234223 CVE-2023-52766 at SUSE CVE-2023-52766 at NVD CVE-2023-52778 at SUSE CVE-2023-52778 at NVD CVE-2023-52800 at SUSE CVE-2023-52800 at NVD CVE-2023-52881 at SUSE CVE-2023-52881 at NVD CVE-2023-52917 at SUSE CVE-2023-52917 at NVD CVE-2023-52918 at SUSE CVE-2023-52918 at NVD CVE-2023-52919 at SUSE CVE-2023-52919 at NVD CVE-2023-52920 at SUSE CVE-2023-52920 at NVD CVE-2023-52921 at SUSE CVE-2023-52921 at NVD CVE-2023-52922 at SUSE CVE-2023-52922 at NVD CVE-2023-6270 at SUSE CVE-2023-6270 at NVD CVE-2024-26596 at SUSE CVE-2024-26596 at NVD CVE-2024-26703 at SUSE CVE-2024-26703 at NVD CVE-2024-26741 at SUSE CVE-2024-26741 at NVD CVE-2024-26758 at SUSE CVE-2024-26758 at NVD CVE-2024-26761 at SUSE CVE-2024-26761 at NVD CVE-2024-26767 at SUSE CVE-2024-26767 at NVD CVE-2024-26782 at SUSE CVE-2024-26782 at NVD CVE-2024-26864 at SUSE CVE-2024-26864 at NVD CVE-2024-26943 at SUSE CVE-2024-26943 at NVD CVE-2024-26953 at SUSE CVE-2024-26953 at NVD CVE-2024-27017 at SUSE CVE-2024-27017 at NVD CVE-2024-27026 at SUSE CVE-2024-27026 at NVD CVE-2024-27043 at SUSE CVE-2024-27043 at NVD CVE-2024-27407 at SUSE CVE-2024-27407 at NVD CVE-2024-35888 at SUSE CVE-2024-35888 at NVD CVE-2024-35980 at SUSE CVE-2024-35980 at NVD CVE-2024-36000 at SUSE CVE-2024-36000 at NVD CVE-2024-36031 at SUSE CVE-2024-36031 at NVD CVE-2024-36244 at SUSE CVE-2024-36244 at NVD CVE-2024-36484 at SUSE CVE-2024-36484 at NVD CVE-2024-36883 at SUSE CVE-2024-36883 at NVD CVE-2024-36886 at SUSE CVE-2024-36886 at NVD CVE-2024-36905 at SUSE CVE-2024-36905 at NVD CVE-2024-36920 at SUSE CVE-2024-36920 at NVD CVE-2024-36927 at SUSE CVE-2024-36927 at NVD CVE-2024-36954 at SUSE CVE-2024-36954 at NVD CVE-2024-36968 at SUSE CVE-2024-36968 at NVD CVE-2024-38576 at SUSE CVE-2024-38576 at NVD CVE-2024-38577 at SUSE CVE-2024-38577 at NVD CVE-2024-38589 at SUSE CVE-2024-38589 at NVD CVE-2024-38599 at SUSE CVE-2024-38599 at NVD CVE-2024-40914 at SUSE CVE-2024-40914 at NVD CVE-2024-41016 at SUSE CVE-2024-41016 at NVD CVE-2024-41023 at SUSE CVE-2024-41023 at NVD CVE-2024-41031 at SUSE CVE-2024-41031 at NVD CVE-2024-41047 at SUSE CVE-2024-41047 at NVD CVE-2024-41082 at SUSE CVE-2024-41082 at NVD CVE-2024-42102 at SUSE CVE-2024-42102 at NVD CVE-2024-42145 at SUSE CVE-2024-42145 at NVD CVE-2024-44932 at SUSE CVE-2024-44932 at NVD CVE-2024-44958 at SUSE CVE-2024-44958 at NVD CVE-2024-44964 at SUSE CVE-2024-44964 at NVD CVE-2024-44995 at SUSE CVE-2024-44995 at NVD CVE-2024-45016 at SUSE CVE-2024-45016 at NVD CVE-2024-45025 at SUSE CVE-2024-45025 at NVD CVE-2024-46678 at SUSE CVE-2024-46678 at NVD CVE-2024-46680 at SUSE CVE-2024-46680 at NVD CVE-2024-46681 at SUSE CVE-2024-46681 at NVD CVE-2024-46721 at SUSE CVE-2024-46721 at NVD CVE-2024-46754 at SUSE CVE-2024-46754 at NVD CVE-2024-46765 at SUSE CVE-2024-46765 at NVD CVE-2024-46766 at SUSE CVE-2024-46766 at NVD CVE-2024-46770 at SUSE CVE-2024-46770 at NVD CVE-2024-46775 at SUSE CVE-2024-46775 at NVD CVE-2024-46777 at SUSE CVE-2024-46777 at NVD CVE-2024-46788 at SUSE CVE-2024-46788 at NVD CVE-2024-46797 at SUSE CVE-2024-46797 at NVD CVE-2024-46800 at SUSE CVE-2024-46800 at NVD CVE-2024-46802 at SUSE CVE-2024-46802 at NVD CVE-2024-46803 at SUSE CVE-2024-46803 at NVD CVE-2024-46804 at SUSE CVE-2024-46804 at NVD CVE-2024-46805 at SUSE CVE-2024-46805 at NVD CVE-2024-46806 at SUSE CVE-2024-46806 at NVD CVE-2024-46807 at SUSE CVE-2024-46807 at NVD CVE-2024-46809 at SUSE CVE-2024-46809 at NVD CVE-2024-46810 at SUSE CVE-2024-46810 at NVD CVE-2024-46811 at SUSE CVE-2024-46811 at NVD CVE-2024-46812 at SUSE CVE-2024-46812 at NVD CVE-2024-46813 at SUSE CVE-2024-46813 at NVD CVE-2024-46814 at SUSE CVE-2024-46814 at NVD CVE-2024-46815 at SUSE CVE-2024-46815 at NVD CVE-2024-46816 at SUSE CVE-2024-46816 at NVD CVE-2024-46817 at SUSE CVE-2024-46817 at NVD CVE-2024-46818 at SUSE CVE-2024-46818 at NVD CVE-2024-46819 at SUSE CVE-2024-46819 at NVD CVE-2024-46821 at SUSE CVE-2024-46821 at NVD CVE-2024-46825 at SUSE CVE-2024-46825 at NVD CVE-2024-46826 at SUSE CVE-2024-46826 at NVD CVE-2024-46827 at SUSE CVE-2024-46827 at NVD CVE-2024-46828 at SUSE CVE-2024-46828 at NVD CVE-2024-46830 at SUSE CVE-2024-46830 at NVD CVE-2024-46831 at SUSE CVE-2024-46831 at NVD CVE-2024-46834 at SUSE CVE-2024-46834 at NVD CVE-2024-46835 at SUSE CVE-2024-46835 at NVD CVE-2024-46836 at SUSE CVE-2024-46836 at NVD CVE-2024-46840 at SUSE CVE-2024-46840 at NVD CVE-2024-46841 at SUSE CVE-2024-46841 at NVD CVE-2024-46842 at SUSE CVE-2024-46842 at NVD CVE-2024-46843 at SUSE CVE-2024-46843 at NVD CVE-2024-46845 at SUSE CVE-2024-46845 at NVD CVE-2024-46846 at SUSE CVE-2024-46846 at NVD CVE-2024-46848 at SUSE CVE-2024-46848 at NVD CVE-2024-46849 at SUSE CVE-2024-46849 at NVD CVE-2024-46851 at SUSE CVE-2024-46851 at NVD CVE-2024-46852 at SUSE CVE-2024-46852 at NVD CVE-2024-46853 at SUSE CVE-2024-46853 at NVD CVE-2024-46854 at SUSE CVE-2024-46854 at NVD CVE-2024-46855 at SUSE CVE-2024-46855 at NVD CVE-2024-46857 at SUSE CVE-2024-46857 at NVD CVE-2024-46859 at SUSE CVE-2024-46859 at NVD CVE-2024-46860 at SUSE CVE-2024-46860 at NVD CVE-2024-46861 at SUSE CVE-2024-46861 at NVD CVE-2024-46864 at SUSE CVE-2024-46864 at NVD CVE-2024-46870 at SUSE CVE-2024-46870 at NVD CVE-2024-46871 at SUSE CVE-2024-46871 at NVD CVE-2024-47658 at SUSE CVE-2024-47658 at NVD CVE-2024-47660 at SUSE CVE-2024-47660 at NVD CVE-2024-47661 at SUSE CVE-2024-47661 at NVD CVE-2024-47662 at SUSE CVE-2024-47662 at NVD CVE-2024-47663 at SUSE CVE-2024-47663 at NVD CVE-2024-47664 at SUSE CVE-2024-47664 at NVD CVE-2024-47665 at SUSE CVE-2024-47665 at NVD CVE-2024-47666 at SUSE CVE-2024-47666 at NVD CVE-2024-47667 at SUSE CVE-2024-47667 at NVD CVE-2024-47668 at SUSE CVE-2024-47668 at NVD CVE-2024-47669 at SUSE CVE-2024-47669 at NVD CVE-2024-47670 at SUSE CVE-2024-47670 at NVD CVE-2024-47671 at SUSE CVE-2024-47671 at NVD CVE-2024-47672 at SUSE CVE-2024-47672 at NVD CVE-2024-47673 at SUSE CVE-2024-47673 at NVD CVE-2024-47674 at SUSE CVE-2024-47674 at NVD CVE-2024-47675 at SUSE CVE-2024-47675 at NVD CVE-2024-47679 at SUSE CVE-2024-47679 at NVD CVE-2024-47681 at SUSE CVE-2024-47681 at NVD CVE-2024-47682 at SUSE CVE-2024-47682 at NVD CVE-2024-47684 at SUSE CVE-2024-47684 at NVD CVE-2024-47685 at SUSE CVE-2024-47685 at NVD CVE-2024-47686 at SUSE CVE-2024-47686 at NVD CVE-2024-47687 at SUSE CVE-2024-47687 at NVD CVE-2024-47688 at SUSE CVE-2024-47688 at NVD CVE-2024-47692 at SUSE CVE-2024-47692 at NVD CVE-2024-47693 at SUSE CVE-2024-47693 at NVD CVE-2024-47695 at SUSE CVE-2024-47695 at NVD CVE-2024-47696 at SUSE CVE-2024-47696 at NVD CVE-2024-47697 at SUSE CVE-2024-47697 at NVD CVE-2024-47698 at SUSE CVE-2024-47698 at NVD CVE-2024-47699 at SUSE CVE-2024-47699 at NVD CVE-2024-47701 at SUSE CVE-2024-47701 at NVD CVE-2024-47702 at SUSE CVE-2024-47702 at NVD CVE-2024-47703 at SUSE CVE-2024-47703 at NVD CVE-2024-47704 at SUSE CVE-2024-47704 at NVD CVE-2024-47705 at SUSE CVE-2024-47705 at NVD CVE-2024-47706 at SUSE CVE-2024-47706 at NVD CVE-2024-47707 at SUSE CVE-2024-47707 at NVD CVE-2024-47709 at SUSE CVE-2024-47709 at NVD CVE-2024-47710 at SUSE CVE-2024-47710 at NVD CVE-2024-47712 at SUSE CVE-2024-47712 at NVD CVE-2024-47713 at SUSE CVE-2024-47713 at NVD CVE-2024-47714 at SUSE CVE-2024-47714 at NVD CVE-2024-47715 at SUSE CVE-2024-47715 at NVD CVE-2024-47718 at SUSE CVE-2024-47718 at NVD CVE-2024-47719 at SUSE CVE-2024-47719 at NVD CVE-2024-47720 at SUSE CVE-2024-47720 at NVD CVE-2024-47723 at SUSE CVE-2024-47723 at NVD CVE-2024-47727 at SUSE CVE-2024-47727 at NVD CVE-2024-47728 at SUSE CVE-2024-47728 at NVD CVE-2024-47730 at SUSE CVE-2024-47730 at NVD CVE-2024-47731 at SUSE CVE-2024-47731 at NVD CVE-2024-47732 at SUSE CVE-2024-47732 at NVD CVE-2024-47735 at SUSE CVE-2024-47735 at NVD CVE-2024-47737 at SUSE CVE-2024-47737 at NVD CVE-2024-47738 at SUSE CVE-2024-47738 at NVD CVE-2024-47739 at SUSE CVE-2024-47739 at NVD CVE-2024-47741 at SUSE CVE-2024-47741 at NVD CVE-2024-47742 at SUSE CVE-2024-47742 at NVD CVE-2024-47743 at SUSE CVE-2024-47743 at NVD CVE-2024-47744 at SUSE CVE-2024-47744 at NVD CVE-2024-47745 at SUSE CVE-2024-47745 at NVD CVE-2024-47747 at SUSE CVE-2024-47747 at NVD CVE-2024-47748 at SUSE CVE-2024-47748 at NVD CVE-2024-47749 at SUSE CVE-2024-47749 at NVD CVE-2024-47750 at SUSE CVE-2024-47750 at NVD CVE-2024-47751 at SUSE CVE-2024-47751 at NVD CVE-2024-47752 at SUSE CVE-2024-47752 at NVD CVE-2024-47753 at SUSE CVE-2024-47753 at NVD CVE-2024-47754 at SUSE CVE-2024-47754 at NVD CVE-2024-47756 at SUSE CVE-2024-47756 at NVD CVE-2024-47757 at SUSE CVE-2024-47757 at NVD CVE-2024-49850 at SUSE CVE-2024-49850 at NVD CVE-2024-49851 at SUSE CVE-2024-49851 at NVD CVE-2024-49852 at SUSE CVE-2024-49852 at NVD CVE-2024-49853 at SUSE CVE-2024-49853 at NVD CVE-2024-49855 at SUSE CVE-2024-49855 at NVD CVE-2024-49858 at SUSE CVE-2024-49858 at NVD CVE-2024-49860 at SUSE CVE-2024-49860 at NVD CVE-2024-49861 at SUSE CVE-2024-49861 at NVD CVE-2024-49862 at SUSE CVE-2024-49862 at NVD CVE-2024-49863 at SUSE CVE-2024-49863 at NVD CVE-2024-49864 at SUSE CVE-2024-49864 at NVD CVE-2024-49866 at SUSE CVE-2024-49866 at NVD CVE-2024-49867 at SUSE CVE-2024-49867 at NVD CVE-2024-49868 at SUSE CVE-2024-49868 at NVD CVE-2024-49870 at SUSE CVE-2024-49870 at NVD CVE-2024-49871 at SUSE CVE-2024-49871 at NVD CVE-2024-49874 at SUSE CVE-2024-49874 at NVD CVE-2024-49875 at SUSE CVE-2024-49875 at NVD CVE-2024-49877 at SUSE CVE-2024-49877 at NVD CVE-2024-49878 at SUSE CVE-2024-49878 at NVD CVE-2024-49879 at SUSE CVE-2024-49879 at NVD CVE-2024-49881 at SUSE CVE-2024-49881 at NVD CVE-2024-49882 at SUSE CVE-2024-49882 at NVD CVE-2024-49883 at SUSE CVE-2024-49883 at NVD CVE-2024-49884 at SUSE CVE-2024-49884 at NVD CVE-2024-49886 at SUSE CVE-2024-49886 at NVD CVE-2024-49888 at SUSE CVE-2024-49888 at NVD CVE-2024-49890 at SUSE CVE-2024-49890 at NVD CVE-2024-49891 at SUSE CVE-2024-49891 at NVD CVE-2024-49892 at SUSE CVE-2024-49892 at NVD CVE-2024-49894 at SUSE CVE-2024-49894 at NVD CVE-2024-49895 at SUSE CVE-2024-49895 at NVD CVE-2024-49896 at SUSE CVE-2024-49896 at NVD CVE-2024-49897 at SUSE CVE-2024-49897 at NVD CVE-2024-49898 at SUSE CVE-2024-49898 at NVD CVE-2024-49899 at SUSE CVE-2024-49899 at NVD CVE-2024-49900 at SUSE CVE-2024-49900 at NVD CVE-2024-49901 at SUSE CVE-2024-49901 at NVD CVE-2024-49902 at SUSE CVE-2024-49902 at NVD CVE-2024-49903 at SUSE CVE-2024-49903 at NVD CVE-2024-49905 at SUSE CVE-2024-49905 at NVD CVE-2024-49906 at SUSE CVE-2024-49906 at NVD CVE-2024-49907 at SUSE CVE-2024-49907 at NVD CVE-2024-49908 at SUSE CVE-2024-49908 at NVD CVE-2024-49909 at SUSE CVE-2024-49909 at NVD CVE-2024-49911 at SUSE CVE-2024-49911 at NVD CVE-2024-49912 at SUSE CVE-2024-49912 at NVD CVE-2024-49913 at SUSE CVE-2024-49913 at NVD CVE-2024-49914 at SUSE CVE-2024-49914 at NVD CVE-2024-49917 at SUSE CVE-2024-49917 at NVD CVE-2024-49918 at SUSE CVE-2024-49918 at NVD CVE-2024-49919 at SUSE CVE-2024-49919 at NVD CVE-2024-49920 at SUSE CVE-2024-49920 at NVD CVE-2024-49921 at SUSE CVE-2024-49921 at NVD CVE-2024-49922 at SUSE CVE-2024-49922 at NVD CVE-2024-49923 at SUSE CVE-2024-49923 at NVD CVE-2024-49925 at SUSE CVE-2024-49925 at NVD CVE-2024-49928 at SUSE CVE-2024-49928 at NVD CVE-2024-49929 at SUSE CVE-2024-49929 at NVD CVE-2024-49930 at SUSE CVE-2024-49930 at NVD CVE-2024-49931 at SUSE CVE-2024-49931 at NVD CVE-2024-49933 at SUSE CVE-2024-49933 at NVD CVE-2024-49934 at SUSE CVE-2024-49934 at NVD CVE-2024-49935 at SUSE CVE-2024-49935 at NVD CVE-2024-49936 at SUSE CVE-2024-49936 at NVD CVE-2024-49937 at SUSE CVE-2024-49937 at NVD CVE-2024-49938 at SUSE CVE-2024-49938 at NVD CVE-2024-49939 at SUSE CVE-2024-49939 at NVD CVE-2024-49944 at SUSE CVE-2024-49944 at NVD CVE-2024-49945 at SUSE CVE-2024-49945 at NVD CVE-2024-49946 at SUSE CVE-2024-49946 at NVD CVE-2024-49947 at SUSE CVE-2024-49947 at NVD CVE-2024-49949 at SUSE CVE-2024-49949 at NVD CVE-2024-49950 at SUSE CVE-2024-49950 at NVD CVE-2024-49952 at SUSE CVE-2024-49952 at NVD CVE-2024-49953 at SUSE CVE-2024-49953 at NVD CVE-2024-49954 at SUSE CVE-2024-49954 at NVD CVE-2024-49955 at SUSE CVE-2024-49955 at NVD CVE-2024-49957 at SUSE CVE-2024-49957 at NVD CVE-2024-49958 at SUSE CVE-2024-49958 at NVD CVE-2024-49959 at SUSE CVE-2024-49959 at NVD CVE-2024-49960 at SUSE CVE-2024-49960 at NVD CVE-2024-49961 at SUSE CVE-2024-49961 at NVD CVE-2024-49962 at SUSE CVE-2024-49962 at NVD CVE-2024-49963 at SUSE CVE-2024-49963 at NVD CVE-2024-49965 at SUSE CVE-2024-49965 at NVD CVE-2024-49966 at SUSE CVE-2024-49966 at NVD CVE-2024-49967 at SUSE CVE-2024-49967 at NVD CVE-2024-49968 at SUSE CVE-2024-49968 at NVD CVE-2024-49969 at SUSE CVE-2024-49969 at NVD CVE-2024-49972 at SUSE CVE-2024-49972 at NVD CVE-2024-49973 at SUSE CVE-2024-49973 at NVD CVE-2024-49974 at SUSE CVE-2024-49974 at NVD CVE-2024-49975 at SUSE CVE-2024-49975 at NVD CVE-2024-49976 at SUSE CVE-2024-49976 at NVD CVE-2024-49981 at SUSE CVE-2024-49981 at NVD CVE-2024-49982 at SUSE CVE-2024-49982 at NVD CVE-2024-49983 at SUSE CVE-2024-49983 at NVD CVE-2024-49985 at SUSE CVE-2024-49985 at NVD CVE-2024-49986 at SUSE CVE-2024-49986 at NVD CVE-2024-49987 at SUSE CVE-2024-49987 at NVD CVE-2024-49989 at SUSE CVE-2024-49989 at NVD CVE-2024-49991 at SUSE CVE-2024-49991 at NVD CVE-2024-49993 at SUSE CVE-2024-49993 at NVD CVE-2024-49995 at SUSE CVE-2024-49995 at NVD CVE-2024-49996 at SUSE CVE-2024-49996 at NVD CVE-2024-50000 at SUSE CVE-2024-50000 at NVD CVE-2024-50001 at SUSE CVE-2024-50001 at NVD CVE-2024-50002 at SUSE CVE-2024-50002 at NVD CVE-2024-50003 at SUSE CVE-2024-50003 at NVD CVE-2024-50004 at SUSE CVE-2024-50004 at NVD CVE-2024-50006 at SUSE CVE-2024-50006 at NVD CVE-2024-50007 at SUSE CVE-2024-50007 at NVD CVE-2024-50008 at SUSE CVE-2024-50008 at NVD CVE-2024-50009 at SUSE CVE-2024-50009 at NVD CVE-2024-50012 at SUSE CVE-2024-50012 at NVD CVE-2024-50013 at SUSE CVE-2024-50013 at NVD CVE-2024-50014 at SUSE CVE-2024-50014 at NVD CVE-2024-50015 at SUSE CVE-2024-50015 at NVD CVE-2024-50017 at SUSE CVE-2024-50017 at NVD CVE-2024-50019 at SUSE CVE-2024-50019 at NVD CVE-2024-50020 at SUSE CVE-2024-50020 at NVD CVE-2024-50021 at SUSE CVE-2024-50021 at NVD CVE-2024-50022 at SUSE CVE-2024-50022 at NVD CVE-2024-50023 at SUSE CVE-2024-50023 at NVD CVE-2024-50024 at SUSE CVE-2024-50024 at NVD CVE-2024-50025 at SUSE CVE-2024-50025 at NVD CVE-2024-50026 at SUSE CVE-2024-50026 at NVD CVE-2024-50027 at SUSE CVE-2024-50027 at NVD CVE-2024-50028 at SUSE CVE-2024-50028 at NVD CVE-2024-50031 at SUSE CVE-2024-50031 at NVD CVE-2024-50033 at SUSE CVE-2024-50033 at NVD CVE-2024-50035 at SUSE CVE-2024-50035 at NVD CVE-2024-50040 at SUSE CVE-2024-50040 at NVD CVE-2024-50041 at SUSE CVE-2024-50041 at NVD CVE-2024-50042 at SUSE CVE-2024-50042 at NVD CVE-2024-50044 at SUSE CVE-2024-50044 at NVD CVE-2024-50045 at SUSE CVE-2024-50045 at NVD CVE-2024-50046 at SUSE CVE-2024-50046 at NVD CVE-2024-50047 at SUSE CVE-2024-50047 at NVD CVE-2024-50048 at SUSE CVE-2024-50048 at NVD CVE-2024-50049 at SUSE CVE-2024-50049 at NVD CVE-2024-50055 at SUSE CVE-2024-50055 at NVD CVE-2024-50058 at SUSE CVE-2024-50058 at NVD CVE-2024-50059 at SUSE CVE-2024-50059 at NVD CVE-2024-50060 at SUSE CVE-2024-50060 at NVD CVE-2024-50061 at SUSE CVE-2024-50061 at NVD CVE-2024-50062 at SUSE CVE-2024-50062 at NVD CVE-2024-50063 at SUSE CVE-2024-50063 at NVD CVE-2024-50064 at SUSE CVE-2024-50064 at NVD CVE-2024-50067 at SUSE CVE-2024-50067 at NVD CVE-2024-50069 at SUSE CVE-2024-50069 at NVD CVE-2024-50073 at SUSE CVE-2024-50073 at NVD CVE-2024-50074 at SUSE CVE-2024-50074 at NVD CVE-2024-50075 at SUSE CVE-2024-50075 at NVD CVE-2024-50076 at SUSE CVE-2024-50076 at NVD CVE-2024-50077 at SUSE CVE-2024-50077 at NVD CVE-2024-50078 at SUSE CVE-2024-50078 at NVD CVE-2024-50080 at SUSE CVE-2024-50080 at NVD CVE-2024-50081 at SUSE CVE-2024-50081 at NVD CVE-2024-50082 at SUSE CVE-2024-50082 at NVD CVE-2024-50084 at SUSE CVE-2024-50084 at NVD CVE-2024-50087 at SUSE CVE-2024-50087 at NVD CVE-2024-50088 at SUSE CVE-2024-50088 at NVD CVE-2024-50089 at SUSE CVE-2024-50089 at NVD CVE-2024-50093 at SUSE CVE-2024-50093 at NVD CVE-2024-50095 at SUSE CVE-2024-50095 at NVD CVE-2024-50096 at SUSE CVE-2024-50096 at NVD CVE-2024-50098 at SUSE CVE-2024-50098 at NVD CVE-2024-50099 at SUSE CVE-2024-50099 at NVD CVE-2024-50100 at SUSE CVE-2024-50100 at NVD CVE-2024-50101 at SUSE CVE-2024-50101 at NVD CVE-2024-50102 at SUSE CVE-2024-50102 at NVD CVE-2024-50103 at SUSE CVE-2024-50103 at NVD CVE-2024-50108 at SUSE CVE-2024-50108 at NVD CVE-2024-50110 at SUSE CVE-2024-50110 at NVD CVE-2024-50115 at SUSE CVE-2024-50115 at NVD CVE-2024-50116 at SUSE CVE-2024-50116 at NVD CVE-2024-50117 at SUSE CVE-2024-50117 at NVD CVE-2024-50121 at SUSE CVE-2024-50121 at NVD CVE-2024-50124 at SUSE CVE-2024-50124 at NVD CVE-2024-50125 at SUSE CVE-2024-50125 at NVD CVE-2024-50127 at SUSE CVE-2024-50127 at NVD CVE-2024-50128 at SUSE CVE-2024-50128 at NVD CVE-2024-50130 at SUSE CVE-2024-50130 at NVD CVE-2024-50131 at SUSE CVE-2024-50131 at NVD CVE-2024-50134 at SUSE CVE-2024-50134 at NVD CVE-2024-50135 at SUSE CVE-2024-50135 at NVD CVE-2024-50136 at SUSE CVE-2024-50136 at NVD CVE-2024-50138 at SUSE CVE-2024-50138 at NVD CVE-2024-50139 at SUSE CVE-2024-50139 at NVD CVE-2024-50141 at SUSE CVE-2024-50141 at NVD CVE-2024-50145 at SUSE CVE-2024-50145 at NVD CVE-2024-50146 at SUSE CVE-2024-50146 at NVD CVE-2024-50147 at SUSE CVE-2024-50147 at NVD CVE-2024-50148 at SUSE CVE-2024-50148 at NVD CVE-2024-50150 at SUSE CVE-2024-50150 at NVD CVE-2024-50153 at SUSE CVE-2024-50153 at NVD CVE-2024-50154 at SUSE CVE-2024-50154 at NVD CVE-2024-50155 at SUSE CVE-2024-50155 at NVD CVE-2024-50156 at SUSE CVE-2024-50156 at NVD CVE-2024-50157 at SUSE CVE-2024-50157 at NVD CVE-2024-50158 at SUSE CVE-2024-50158 at NVD CVE-2024-50159 at SUSE CVE-2024-50159 at NVD CVE-2024-50160 at SUSE CVE-2024-50160 at NVD CVE-2024-50166 at SUSE CVE-2024-50166 at NVD CVE-2024-50167 at SUSE CVE-2024-50167 at NVD CVE-2024-50169 at SUSE CVE-2024-50169 at NVD CVE-2024-50171 at SUSE CVE-2024-50171 at NVD CVE-2024-50172 at SUSE CVE-2024-50172 at NVD CVE-2024-50175 at SUSE CVE-2024-50175 at NVD CVE-2024-50176 at SUSE CVE-2024-50176 at NVD CVE-2024-50177 at SUSE CVE-2024-50177 at NVD CVE-2024-50179 at SUSE CVE-2024-50179 at NVD CVE-2024-50180 at SUSE CVE-2024-50180 at NVD CVE-2024-50181 at SUSE CVE-2024-50181 at NVD CVE-2024-50182 at SUSE CVE-2024-50182 at NVD CVE-2024-50183 at SUSE CVE-2024-50183 at NVD CVE-2024-50184 at SUSE CVE-2024-50184 at NVD CVE-2024-50186 at SUSE CVE-2024-50186 at NVD CVE-2024-50187 at SUSE CVE-2024-50187 at NVD CVE-2024-50188 at SUSE CVE-2024-50188 at NVD CVE-2024-50189 at SUSE CVE-2024-50189 at NVD CVE-2024-50192 at SUSE CVE-2024-50192 at NVD CVE-2024-50194 at SUSE CVE-2024-50194 at NVD CVE-2024-50195 at SUSE CVE-2024-50195 at NVD CVE-2024-50196 at SUSE CVE-2024-50196 at NVD CVE-2024-50198 at SUSE CVE-2024-50198 at NVD CVE-2024-50200 at SUSE CVE-2024-50200 at NVD CVE-2024-50201 at SUSE CVE-2024-50201 at NVD CVE-2024-50205 at SUSE CVE-2024-50205 at NVD CVE-2024-50208 at SUSE CVE-2024-50208 at NVD CVE-2024-50209 at SUSE CVE-2024-50209 at NVD CVE-2024-50210 at SUSE CVE-2024-50210 at NVD CVE-2024-50215 at SUSE CVE-2024-50215 at NVD CVE-2024-50216 at SUSE CVE-2024-50216 at NVD CVE-2024-50218 at SUSE CVE-2024-50218 at NVD CVE-2024-50221 at SUSE CVE-2024-50221 at NVD CVE-2024-50224 at SUSE CVE-2024-50224 at NVD CVE-2024-50225 at SUSE CVE-2024-50225 at NVD CVE-2024-50229 at SUSE CVE-2024-50229 at NVD CVE-2024-50230 at SUSE CVE-2024-50230 at NVD CVE-2024-50231 at SUSE CVE-2024-50231 at NVD CVE-2024-50232 at SUSE CVE-2024-50232 at NVD CVE-2024-50233 at SUSE CVE-2024-50233 at NVD CVE-2024-50234 at SUSE CVE-2024-50234 at NVD CVE-2024-50235 at SUSE CVE-2024-50235 at NVD CVE-2024-50236 at SUSE CVE-2024-50236 at NVD CVE-2024-50237 at SUSE CVE-2024-50237 at NVD CVE-2024-50240 at SUSE CVE-2024-50240 at NVD CVE-2024-50245 at SUSE CVE-2024-50245 at NVD CVE-2024-50246 at SUSE CVE-2024-50246 at NVD CVE-2024-50248 at SUSE CVE-2024-50248 at NVD CVE-2024-50249 at SUSE CVE-2024-50249 at NVD CVE-2024-50250 at SUSE CVE-2024-50250 at NVD CVE-2024-50252 at SUSE CVE-2024-50252 at NVD CVE-2024-50255 at SUSE CVE-2024-50255 at NVD CVE-2024-50257 at SUSE CVE-2024-50257 at NVD CVE-2024-50261 at SUSE CVE-2024-50261 at NVD CVE-2024-50264 at SUSE CVE-2024-50264 at NVD CVE-2024-50265 at SUSE CVE-2024-50265 at NVD CVE-2024-50267 at SUSE CVE-2024-50267 at NVD CVE-2024-50268 at SUSE CVE-2024-50268 at NVD CVE-2024-50269 at SUSE CVE-2024-50269 at NVD CVE-2024-50271 at SUSE CVE-2024-50271 at NVD CVE-2024-50273 at SUSE CVE-2024-50273 at NVD CVE-2024-50274 at SUSE CVE-2024-50274 at NVD CVE-2024-50275 at SUSE CVE-2024-50275 at NVD CVE-2024-50276 at SUSE CVE-2024-50276 at NVD CVE-2024-50279 at SUSE CVE-2024-50279 at NVD CVE-2024-50282 at SUSE CVE-2024-50282 at NVD CVE-2024-50287 at SUSE CVE-2024-50287 at NVD CVE-2024-50289 at SUSE CVE-2024-50289 at NVD CVE-2024-50290 at SUSE CVE-2024-50290 at NVD CVE-2024-50292 at SUSE CVE-2024-50292 at NVD CVE-2024-50295 at SUSE CVE-2024-50295 at NVD CVE-2024-50296 at SUSE CVE-2024-50296 at NVD CVE-2024-50298 at SUSE CVE-2024-50298 at NVD CVE-2024-50301 at SUSE CVE-2024-50301 at NVD CVE-2024-50302 at SUSE CVE-2024-50302 at NVD CVE-2024-53042 at SUSE CVE-2024-53042 at NVD CVE-2024-53043 at SUSE CVE-2024-53043 at NVD CVE-2024-53045 at SUSE CVE-2024-53045 at NVD CVE-2024-53048 at SUSE CVE-2024-53048 at NVD CVE-2024-53051 at SUSE CVE-2024-53051 at NVD CVE-2024-53052 at SUSE CVE-2024-53052 at NVD CVE-2024-53055 at SUSE CVE-2024-53055 at NVD CVE-2024-53056 at SUSE CVE-2024-53056 at NVD CVE-2024-53058 at SUSE CVE-2024-53058 at NVD CVE-2024-53059 at SUSE CVE-2024-53059 at NVD CVE-2024-53060 at SUSE CVE-2024-53060 at NVD CVE-2024-53061 at SUSE CVE-2024-53061 at NVD CVE-2024-53063 at SUSE CVE-2024-53063 at NVD CVE-2024-53066 at SUSE CVE-2024-53066 at NVD CVE-2024-53068 at SUSE CVE-2024-53068 at NVD CVE-2024-53072 at SUSE CVE-2024-53072 at NVD CVE-2024-53074 at SUSE CVE-2024-53074 at NVD CVE-2024-53076 at SUSE CVE-2024-53076 at NVD CVE-2024-53079 at SUSE CVE-2024-53079 at NVD CVE-2024-53081 at SUSE CVE-2024-53081 at NVD CVE-2024-53082 at SUSE CVE-2024-53082 at NVD CVE-2024-53085 at SUSE CVE-2024-53085 at NVD CVE-2024-53088 at SUSE CVE-2024-53088 at NVD CVE-2024-53093 at SUSE CVE-2024-53093 at NVD CVE-2024-53094 at SUSE CVE-2024-53094 at NVD CVE-2024-53095 at SUSE CVE-2024-53095 at NVD CVE-2024-53096 at SUSE CVE-2024-53096 at NVD CVE-2024-53100 at SUSE CVE-2024-53100 at NVD CVE-2024-53101 at SUSE CVE-2024-53101 at NVD CVE-2024-53104 at SUSE CVE-2024-53104 at NVD CVE-2024-53106 at SUSE CVE-2024-53106 at NVD CVE-2024-53108 at SUSE CVE-2024-53108 at NVD CVE-2024-53110 at SUSE CVE-2024-53110 at NVD CVE-2024-53112 at SUSE CVE-2024-53112 at NVD CVE-2024-53114 at SUSE CVE-2024-53114 at NVD CVE-2024-53121 at SUSE CVE-2024-53121 at NVD CVE-2024-53138 at SUSE CVE-2024-53138 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaFirefox (Important) openSUSE Leap 15.6 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 128.5.1 ESR (bsc#1234326): - Fixed an issue that prevented some websites from loading when using SSL Inspection. (bmo#1933747) Important SUSE bug 1234326 cpe:/o:opensuse:leap:15.6 Security update for MozillaThunderbird (Moderate) openSUSE Leap 15.6 This update for MozillaThunderbird fixes the following issues: - CVE-2024-50336: Fixed insufficient MXC URI validation which could allow client-side path traversal (bsc#1234413) Other fixes: - Updated to Mozilla Thunderbird 128.5.2i (bsc#1234413): * fixed: Large virtual folders could be very slow * fixed: Message could disappear after moving from IMAP folder followed by Undo and Redo * fixed: XMPP chat did not display messages sent inside a CDATA element * fixed: Selected calendar day did not move forward at midnight * fixed: Today pane agenda sometimes scrolled for no apparent reason * fixed: CalDAV calendars without offline support could degrade start-up performance * fixed: Visual and UX improvements * fixed: Security fixes - Updated to Mozilla Thunderbird 128.5.1: * new: Add end of year donation appeal * fixed: Total message count for favorite folders did not work consistently Moderate SUSE bug 1234413 CVE-2024-50336 at SUSE CVE-2024-50336 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-aiohttp (Important) openSUSE Leap 15.6 This update for python-aiohttp fixes the following issues: - CVE-2024-30251: Fixed infinite loop on specially crafted POST request (bsc#1223726). Important SUSE bug 1223726 CVE-2024-30251 at SUSE CVE-2024-30251 at NVD cpe:/o:opensuse:leap:15.6 Security update for aws-iam-authenticator (Critical) openSUSE Leap 15.6 This update for aws-iam-authenticator fixes the following issues: - CVE-2022-1996: Fixed CORS bypass (bsc#1200528). Critical SUSE bug 1200528 CVE-2022-1996 at SUSE CVE-2022-1996 at NVD cpe:/o:opensuse:leap:15.6 Security update for vim (Low) openSUSE Leap 15.6 This update for vim fixes the following issues: - CVE-2024-47814: Fixed use-after-free when closing buffers in Vim (bsc#1231373) - CVE-2024-43374: Fixed use-after-free in alist_add() (bsc#1229238) Other fixes: - Updated to version 9.1.0836 Low SUSE bug 1229238 SUSE bug 1231373 CVE-2024-43374 at SUSE CVE-2024-43374 at NVD CVE-2024-47814 at SUSE CVE-2024-47814 at NVD cpe:/o:opensuse:leap:15.6 Security update for libsoup (Important) openSUSE Leap 15.6 This update for libsoup fixes the following issues: - CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names (bsc#1233285) - CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict (bsc#1233292) - CVE-2024-52532: Fixed infinite loop while reading websocket data (bsc#1233287) Other fixes: - websocket-test: disconnect error copy after the test ends (glgo#GNOME/libsoup#391). - fix an intermittent test failure (glgo#GNOME/soup#399). Important SUSE bug 1233285 SUSE bug 1233287 SUSE bug 1233292 CVE-2024-52530 at SUSE CVE-2024-52530 at NVD CVE-2024-52531 at SUSE CVE-2024-52531 at NVD CVE-2024-52532 at SUSE CVE-2024-52532 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-urllib3_1 (Moderate) openSUSE Leap 15.6 This update for python-urllib3_1 fixes the following issues: - CVE-2024-37891: Fixed proxy-authorization request header not stripped during cross-origin redirects (bsc#1226469) Moderate SUSE bug 1226469 CVE-2024-37891 at SUSE CVE-2024-37891 at NVD cpe:/o:opensuse:leap:15.6 Security update for docker (Important) openSUSE Leap 15.6 This update for docker fixes the following issues: - Update docker-buildx to v0.19.2. See upstream changelog online at <https://github.com/docker/buildx/releases/tag/v0.19.2>. Some notable changelogs from the last update: * <https://github.com/docker/buildx/releases/tag/v0.19.0> * <https://github.com/docker/buildx/releases/tag/v0.18.0> - Add a new toggle file /etc/docker/suse-secrets-enable which allows users to disable the SUSEConnect integration with Docker (which creates special mounts in /run/secrets to allow container-suseconnect to authenticate containers with registries on registered hosts). bsc#1231348 bsc#1232999 In order to disable these mounts, just do echo 0 > /etc/docker/suse-secrets-enable and restart Docker. In order to re-enable them, just do echo 1 > /etc/docker/suse-secrets-enable and restart Docker. Docker will output information on startup to tell you whether the SUSE secrets feature is enabled or not. - Disable docker-buildx builds for SLES. It turns out that build containers with docker-buildx don't currently get the SUSE secrets mounts applied, meaning that container-suseconnect doesn't work when building images. bsc#1233819 - Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from sysconfig a long time ago, and apparently this causes issues with systemd in some cases. - Allow a parallel docker-stable RPM to exists in repositories. - Update to docker-buildx v0.17.1 to match standalone docker-buildx package we are replacing. See upstream changelog online at <https://github.com/docker/buildx/releases/tag/v0.17.1> - Allow users to disable SUSE secrets support by setting DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. (bsc#1231348) - Mark docker-buildx as required since classic 'docker build' has been deprecated since Docker 23.0. (bsc#1230331) - Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate package, but with docker-stable it will be necessary to maintain the packages together and it makes more sense to have them live in the same OBS package. (bsc#1230333) - Update to Docker 26.1.5-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/26.1/#2615> bsc#1230294 - This update includes fixes for: * CVE-2024-41110. bsc#1228324 * CVE-2023-47108. bsc#1217070 bsc#1229806 * CVE-2023-45142. bsc#1228553 bsc#1229806 - Update to Docker 26.1.4-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/26.1/#2614> - Update to Docker 26.1.0-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/26.1/#2610> - Update --add-runtime to point to correct binary path. Important SUSE bug 1217070 SUSE bug 1228324 SUSE bug 1228553 SUSE bug 1229806 SUSE bug 1230294 SUSE bug 1230331 SUSE bug 1230333 SUSE bug 1231348 SUSE bug 1232999 SUSE bug 1233819 CVE-2023-45142 at SUSE CVE-2023-45142 at NVD CVE-2023-47108 at SUSE CVE-2023-47108 at NVD CVE-2024-41110 at SUSE CVE-2024-41110 at NVD cpe:/o:opensuse:leap:15.6 Security update for subversion (Moderate) openSUSE Leap 15.6 This update for subversion fixes the following issues: - CVE-2024-46901: Fixed denial-of-service via control characters in paths in mod_dav_svn (bsc#1234317) Moderate SUSE bug 1234317 CVE-2024-46901 at SUSE CVE-2024-46901 at NVD cpe:/o:opensuse:leap:15.6 Security update for haproxy (Moderate) openSUSE Leap 15.6 This update for haproxy fixes the following issues: - CVE-2024-53008: Fixed HTTP/3 request smuggling via malformed HTTP headers forwarded to a HTTP/1.1 non-compliant back-end server (bsc#1233973) Other fixes: - Update to version 2.8.11 Moderate SUSE bug 1233973 CVE-2024-53008 at SUSE CVE-2024-53008 at NVD cpe:/o:opensuse:leap:15.6 Recommended update for docker-stable (Moderate) openSUSE Leap 15.6 This update for docker-stable fixes the following issues: - Update docker-buildx to v0.19.2. See upstream changelog online at <https://github.com/docker/buildx/releases/tag/v0.19.2>. Some notable changelogs from the last update: * <https://github.com/docker/buildx/releases/tag/v0.19.0> * <https://github.com/docker/buildx/releases/tag/v0.18.0> - Add a new toggle file /etc/docker/suse-secrets-enable which allows users to disable the SUSEConnect integration with Docker (which creates special mounts in /run/secrets to allow container-suseconnect to authenticate containers with registries on registered hosts). bsc#1231348 bsc#1232999 In order to disable these mounts, just do echo 0 > /etc/docker/suse-secrets-enable and restart Docker. In order to re-enable them, just do echo 1 > /etc/docker/suse-secrets-enable and restart Docker. Docker will output information on startup to tell you whether the SUSE secrets feature is enabled or not. Moderate SUSE bug 1231348 SUSE bug 1232999 CVE-2024-23653 at SUSE CVE-2024-23653 at NVD CVE-2024-41110 at SUSE CVE-2024-41110 at NVD cpe:/o:opensuse:leap:15.6 Security update for emacs (Important) openSUSE Leap 15.6 This update for emacs fixes the following issues: - CVE-2024-53920: Fixed arbitrary code execution via Lisp macro expansion (bsc#1233894) Important SUSE bug 1233894 CVE-2024-53920 at SUSE CVE-2024-53920 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-grpcio (Moderate) openSUSE Leap 15.6 This update for python-grpcio fixes the following issues: - CVE-2024-11407: data corruption on servers with transmit zero copy enabled. (bsc#1233821) - CVE-2024-7246: HPACK table poisoning by gRPC clients communicating with a HTTP/2 proxy. (bsc#1228919) Moderate SUSE bug 1228919 SUSE bug 1233821 CVE-2024-11407 at SUSE CVE-2024-11407 at NVD CVE-2024-7246 at SUSE CVE-2024-7246 at NVD cpe:/o:opensuse:leap:15.6 Security update for grpc (Moderate) openSUSE Leap 15.6 This update for grpc fixes the following issues: - CVE-2024-7246: HPACK table poisoning by gRPC clients communicating with a HTTP/2 proxy. (bsc#1228919) - CVE-2024-11407: data corruption on servers with transmit zero copy enabled. (bsc#1233821) Moderate SUSE bug 1228919 SUSE bug 1233821 CVE-2024-11407 at SUSE CVE-2024-11407 at NVD CVE-2024-7246 at SUSE CVE-2024-7246 at NVD cpe:/o:opensuse:leap:15.6 Security update for aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative (Moderate) openSUSE Leap 15.6 This update for aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative fixes the following issues: - CVE-2024-47535: Fixed unsafe reading of large environment files when Netty is loaded by a java application can lead to a crash due to the JVM memory limit being exceeded in netty (bsc#1233297) Other fixes: - Upgraded netty to upstream version 4.1.115 - Upgraded netty-tcnative to version 2.0.69 Final - Updated jctools to version 4.0.5 - Updated aalto-xml to version 1.3.3 - Updated moditect to version 1.2.2 - Updated flatten-maven-plugin to version 1.6.0 Moderate SUSE bug 1047218 SUSE bug 1233297 CVE-2024-47535 at SUSE CVE-2024-47535 at NVD cpe:/o:opensuse:leap:15.6 Security update for mozjs115 (Moderate) openSUSE Leap 15.6 This update for mozjs115 fixes the following issues: - CVE-2024-11498: Fixed resource exhaustion via Stack overflow in libjxl (bsc#1233786) - CVE-2024-11403: Fixed out of Bounds Memory Read/Write in libjxl (bsc#1233766) - CVE-2024-50602: Fixed DoS via XML_ResumeParser in libexpat (bsc#1232602) Moderate SUSE bug 1232599 SUSE bug 1232602 SUSE bug 1233766 SUSE bug 1233786 CVE-2024-11403 at SUSE CVE-2024-11403 at NVD CVE-2024-11498 at SUSE CVE-2024-11498 at NVD CVE-2024-50602 at SUSE CVE-2024-50602 at NVD cpe:/o:opensuse:leap:15.6 Security update for mozjs78 (Moderate) openSUSE Leap 15.6 This update for mozjs78 fixes the following issues: - CVE-2024-50602: Fixed DoS via XML_ResumeParser (bsc#1232599) Moderate SUSE bug 1232599 CVE-2024-50602 at SUSE CVE-2024-50602 at NVD cpe:/o:opensuse:leap:15.6 Security update for gdb (Moderate) openSUSE Leap 15.6 This update for gdb fixes the following issues: Mention changes in GDB 14: * GDB now supports the AArch64 Scalable Matrix Extension 2 (SME2), which includes a new 512 bit lookup table register named ZT0. * GDB now supports the AArch64 Scalable Matrix Extension (SME), which includes a new matrix register named ZA, a new thread register TPIDR2 and a new vector length register SVG (streaming vector granule). GDB also supports tracking ZA state across signal frames. Some features are still under development or are dependent on ABI specs that are still in alpha stage. For example, manual function calls with ZA state don't have any special handling, and tracking of SVG changes based on DWARF information is still not implemented, but there are plans to do so in the future. * GDB now recognizes the NO_COLOR environment variable and disables styling according to the spec. See https://no-color.org/. Styling can be re-enabled with 'set style enabled on'. * The AArch64 'org.gnu.gdb.aarch64.pauth' Pointer Authentication feature string has been deprecated in favor of the 'org.gnu.gdb.aarch64.pauth_v2' feature string. * GDB now has some support for integer types larger than 64 bits. * Multi-target feature configuration. GDB now supports the individual configuration of remote targets' feature sets. Based on the current selection of a target, the commands 'set remote <name>-packet (on|off|auto)' and 'show remote <name>-packet' can be used to configure a target's feature packet and to display its configuration, respectively. * GDB has initial built-in support for the Debugger Adapter Protocol. * For the break command, multiple uses of the 'thread' or 'task' keywords will now give an error instead of just using the thread or task id from the last instance of the keyword. E.g.: break foo thread 1 thread 2 will now give an error rather than using 'thread 2'. * For the watch command, multiple uses of the 'task' keyword will now give an error instead of just using the task id from the last instance of the keyword. E.g.: watch my_var task 1 task 2 will now give an error rather than using 'task 2'. The 'thread' keyword already gave an error when used multiple times with the watch command, this remains unchanged. * The 'set print elements' setting now helps when printing large arrays. If an array would otherwise exceed max-value-size, but 'print elements' is set such that the size of elements to print is less than or equal to 'max-value-size', GDB will now still print the array, however only 'max-value-size' worth of data will be added into the value history. * For both the break and watch commands, it is now invalid to use both the 'thread' and 'task' keywords within the same command. For example the following commnds will now give an error: break foo thread 1 task 1 watch var thread 2 task 3 * The printf command now accepts a '%V' output format which will format an expression just as the 'print' command would. Print options can be placed withing '[...]' after the '%V' to modify how the value is printed. E.g: printf '%V', some_array printf '%V[-array-indexes on]', some_array will print the array without, or with array indexes included, just as the array would be printed by the 'print' command. This functionality is also available for dprintf when dprintf-style is 'gdb'. * When the printf command requires a string to be fetched from the inferior, GDB now uses the existing 'max-value-size' setting to the limit the memory allocated within GDB. The default 'max-value-size' is 64k. To print longer strings you should increase 'max-value-size'. * The Ada 2022 Enum_Rep and Enum_Val attributes are now supported. * The Ada 2022 target name symbol ('@') is now supported by the Ada expression parser. * The 'list' command now accepts '.' as an argument, which tells GDB to print the location around the point of execution within the current frame. If the inferior hasn't started yet, the command will print around the beginning of the 'main' function. * Using the 'list' command with no arguments in a situation where the command would attempt to list past the end of the file now warns the user that the end of file has been reached, refers the user to the newly added '.' argument * Breakpoints can now be inferior-specific. This is similar to the existing thread-specific breakpoint support. Breakpoint conditions can include the 'inferior' keyword followed by an inferior id (as displayed in the 'info inferiors' output). It is invalid to use the 'inferior' keyword with either the 'thread' or 'task' keywords when creating a breakpoint. * New convenience function '$_shell', to execute a shell command and return the result. This lets you run shell commands in expressions. Some examples: (gdb) p $_shell('true') $1 = 0 (gdb) p $_shell('false') $2 = 1 (gdb) break func if $_shell('some command') == 0 * New commands: * set debug breakpoint on|off show debug breakpoint Print additional debug messages about breakpoint insertion and removal. * maintenance print record-instruction [ N ] Print the recorded information for a given instruction. If N is not given prints how GDB would undo the last instruction executed. If N is negative, prints how GDB would undo the N-th previous instruction, and if N is positive, it prints how GDB will redo the N-th following instruction. * maintenance info frame-unwinders List the frame unwinders currently in effect, starting with the highest priority. * maintenance wait-for-index-cache Wait until all pending writes to the index cache have completed. * set always-read-ctf on|off show always-read-ctf When off, CTF is only read if DWARF is not present. When on, CTF is read regardless of whether DWARF is present. Off by default. * info main Get main symbol to identify entry point into program. * set tui mouse-events [on|off] show tui mouse-events When on (default), mouse clicks control the TUI and can be accessed by Python extensions. When off, mouse clicks are handled by the terminal, enabling terminal-native text selection. * MI changes: * MI version 1 has been removed. * mi now reports 'no-history' as a stop reason when hitting the end of the reverse execution history. * When creating a thread-specific breakpoint using the '-p' option, the -break-insert command would report the 'thread' field twice in the reply. The content of both fields was always identical. This has now been fixed; the 'thread' field will be reported just once for thread-specific breakpoints, or not at all for breakpoints without a thread restriction. The same is also true for the 'task' field of an Ada task-specific breakpoint. * It is no longer possible to create a thread-specific breakpoint for a thread that doesn't exist using '-break-insert -p ID'. Creating breakpoints for non-existent threads is not allowed when using the CLI, that the MI allowed it was a long standing bug, which has now been fixed. * The '--simple-values' argument to the '-stack-list-arguments','-stack-list-locals', '-stack-list-variables', and '-var-list-children' commands now takes reference types into account: that is, a value is now considered simple if it is neither an array, structure, or union, nor a reference to an array, structure, or union. (Previously all references were considered simple.) Support for this feature can be verified by using the '-list-features' command, which should contain 'simple-values-ref-types'. * The -break-insert command now accepts a '-g thread-group-id' option to allow for the creation of inferior-specific breakpoints. * The bkpt tuple, which appears in breakpoint-created notifications, and in the result of the -break-insert command can now include an optional 'inferior' field for both the main breakpoint, and each location, when the breakpoint is inferior-specific. * Python API: * gdb.ThreadExitedEvent added. Emits a ThreadEvent. * The gdb.unwinder.Unwinder.name attribute is now read-only. * The name argument passed to gdb.unwinder.Unwinder.__init__ must now be of type 'str' otherwise a TypeError will be raised. * The gdb.unwinder.Unwinder.enabled attribute can now only accept values of type 'bool'. Changing this attribute will now invalidate GDB's frame-cache, which means GDB will need to rebuild its frame-cache when next required - either with, or without the particular unwinder, depending on how 'enabled' was changed. * New methods added to the gdb.PendingFrame class. These methods have the same behaviour as the corresponding methods on gdb.Frame. The new methods are: * gdb.PendingFrame.name: Return the name for the frame's function, or None. * gdb.PendingFrame.is_valid: Return True if the pending frame object is valid. * gdb.PendingFrame.pc: Return the $pc register value for this frame. * gdb.PendingFrame.language: Return a string containing the language for this frame, or None. * gdb.PendingFrame.find_sal: Return a gdb.Symtab_and_line object for the current location within the pending frame, or None. * gdb.PendingFrame.block: Return a gdb.Block for the current pending frame, or None. * gdb.PendingFrame.function: Return a gdb.Symbol for the current pending frame, or None. * The frame-id passed to gdb.PendingFrame.create_unwind_info can now use either an integer or a gdb.Value object for each of its 'sp', 'pc', and 'special' attributes. * A new class gdb.unwinder.FrameId has been added. Instances of this class are constructed with 'sp' (stack-pointer) and 'pc' (program-counter) values, and can be used as the frame-id when calling gdb.PendingFrame.create_unwind_info. * It is now no longer possible to sub-class the gdb.disassembler.DisassemblerResult type. * The Disassembler API from the gdb.disassembler module has been extended to include styling support: * The DisassemblerResult class can now be initialized with a list of parts. Each part represents part of the disassembled instruction along with the associated style information. This list of parts can be accessed with the new DisassemblerResult.parts property. * New constants gdb.disassembler.STYLE_* representing all the different styles part of an instruction might have. * New methods DisassembleInfo.text_part and DisassembleInfo.address_part which are used to create the new styled parts of a disassembled instruction. * Changes are backwards compatible, the older API can still be used to disassemble instructions without styling. * New function gdb.execute_mi(COMMAND, [ARG]...), that invokes a GDB/MI command and returns the output as a Python dictionary. * New function gdb.block_signals(). This returns a context manager that blocks any signals that GDB needs to handle itself. * New class gdb.Thread. This is a subclass of threading.Thread that calls gdb.block_signals in its 'start' method. * gdb.parse_and_eval now has a new 'global_context' parameter. This can be used to request that the parse only examine global symbols. * gdb.Inferior now has a new 'arguments' attribute. This holds the command-line arguments to the inferior, if known. * gdb.Inferior now has a new 'main_name' attribute. This holds the name of the inferior's 'main', if known. * gdb.Inferior now has new methods 'clear_env', 'set_env', and 'unset_env'. These can be used to modify the inferior's environment before it is started. * gdb.Value now has the 'assign' method. * gdb.Value now has the 'to_array' method. This converts an array-like Value to an array. * gdb.Progspace now has the new method 'objfile_for_address'. This returns the gdb.Objfile, if any, that covers a given address. * gdb.Breakpoint now has an 'inferior' attribute. If the Breakpoint object is inferior specific then this attribute holds the inferior-id (an integer). If the Breakpoint object is not inferior specific, then this field contains None. This field can be written too. * gdb.Type now has the 'is_array_like' and 'is_string_like' methods. These reflect GDB's internal idea of whether a type might be array- or string-like, even if they do not have the corresponding type code. * gdb.ValuePrinter is a new class that can be used as the base class for the result of applying a pretty-printer. As a base class, it signals to gdb that the printer may implement new pretty-printer methods. * New attribute Progspace.symbol_file. This attribute holds the gdb.Objfile that corresponds to Progspace.filename (when Progspace.filename is not None), otherwise, this attribute is itself None. * New attribute Progspace.executable_filename. This attribute holds a string containing a file name set by the 'exec-file' or 'file' commands, or None if no executable file is set. This isn't the exact string passed by the user to these commands; the file name will have been partially resolved to an absolute file name. * A new executable_changed event registry is available. This event emits ExecutableChangedEvent objects, which have 'progspace' (a gdb.Progspace) and 'reload' (a Boolean) attributes. This event is emitted when gdb.Progspace.executable_filename changes. * New event registries gdb.events.new_progspace and gdb.events.free_progspace, these emit NewProgspaceEvent and FreeProgspaceEvent event types respectively. Both of these event types have a single 'progspace' attribute, which is the gdb.Progspace that is either being added to GDB, or removed from GDB. * gdb.LazyString now implements the __str__ method. * New method gdb.Frame.static_link that returns the outer frame of a nested function frame. Moderate SUSE bug 1220490 CVE-2022-48064 at SUSE CVE-2022-48064 at NVD cpe:/o:opensuse:leap:15.6 Security update for vhostmd (Moderate) openSUSE Leap 15.6 This update for vhostmd fixes the following issues: Updated to version 1.2 - Fix actions using the 'free' command - Fix buffer accounting when generating metric XML - Change actions to retrieve vendor and product info - Add a 'unit' attribute to the metrics element - vif-stats.py: convert to Python3 - conf: Update the 'VirtualizationVendor' action to strip any URLs that may follow the vendor name (bsc#1230961) - Fix virtio transport to work with libvirt >= 9.7.0 - Added hardening to systemd service (bsc#1181400) - spec: Don't replace user-modified dtd in /etc/vhostmd/ (bsc#1154838) - Relax virtio requirement in config file (bsc#1152803) Updated to version 1.1 (bsc#1129772) - Merge libserialclient with libmetrics - Misc bug fixes and improvements Moderate SUSE bug 1129772 SUSE bug 1152803 SUSE bug 1154838 SUSE bug 1181400 SUSE bug 1230961 cpe:/o:opensuse:leap:15.6 Security update for poppler (Moderate) openSUSE Leap 15.6 This update for poppler fixes the following issues: - CVE-2024-56378: out-of-bounds read within JBIG2Bitmap::combine, which can lead to an application crash. (bsc#1234795) Moderate SUSE bug 1234795 CVE-2024-56378 at SUSE CVE-2024-56378 at NVD cpe:/o:opensuse:leap:15.6 Security update for libxslt (Important) openSUSE Leap 15.6 This update for libxslt fixes the following issues: - CVE-2023-40403: Fixed sensitive information disclosure during processing web content (bsc#1238591) - CVE-2024-55549: Fixed use-after-free in xsltGetInheritedNsList (bsc#1239637) - CVE-2025-24855: Fixed use-after-free in numbers.c (bsc#1239625) Important SUSE bug 1238591 SUSE bug 1239625 SUSE bug 1239637 CVE-2023-40403 at SUSE CVE-2023-40403 at NVD CVE-2024-55549 at SUSE CVE-2024-55549 at NVD CVE-2025-24855 at SUSE CVE-2025-24855 at NVD cpe:/o:opensuse:leap:15.6 Security update for google-guest-agent (Important) openSUSE Leap 15.6 This update for google-guest-agent fixes the following issues: - CVE-2025-22868: golang.org/x/oauth2/jws: Fixed unexpected memory consumption during token parsing (bsc#1239197) Important SUSE bug 1239197 CVE-2025-22868 at SUSE CVE-2025-22868 at NVD cpe:/o:opensuse:leap:15.6 Security update for google-osconfig-agent (Important) openSUSE Leap 15.6 This update for google-osconfig-agent fixes the following issues: - CVE-2025-22868: golang.org/x/oauth2/jws: Fixed unexpected memory consumption during token parsing (bsc#1239197) Important SUSE bug 1239197 CVE-2025-22868 at SUSE CVE-2025-22868 at NVD cpe:/o:opensuse:leap:15.6 Security update for helm (Moderate) openSUSE Leap 15.6 This update for helm fixes the following issues: - CVE-2025-22870: Fixed proxy bypass using IPv6 zone IDs (bsc#1238688). Other fixes: - Updated to version 3.17.2 - Updated to 0.37.0 for x/net Moderate SUSE bug 1238688 CVE-2025-22870 at SUSE CVE-2025-22870 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-gunicorn (Important) openSUSE Leap 15.6 This update for python-gunicorn fixes the following issues: - CVE-2024-6827: Fixed improper validation of the 'Transfer-Encoding' header value can allow for HTTP request smuggling attacks (bsc#1239830) Important SUSE bug 1239830 CVE-2024-6827 at SUSE CVE-2024-6827 at NVD cpe:/o:opensuse:leap:15.6 Security update for grafana (Important) openSUSE Leap 15.6 This update for grafana fixes the following issues: - CVE-2025-27144: Fixed Go JOSE's Parsing Vulnerability (bsc#1237671) Important SUSE bug 1237671 CVE-2025-27144 at SUSE CVE-2025-27144 at NVD cpe:/o:opensuse:leap:15.6 Security update for php8 (Important) openSUSE Leap 15.6 This update for php8 fixes the following issues: - CVE-2025-1217: Fixed header parser of `http` stream wrapper not handling folded headers (bsc#1239664) - CVE-2024-11235: Fixed reference counting in php_request_shutdown causing Use-After-Free (bsc#1239666) - CVE-2025-1219: Fixed libxml streams using wrong `content-type` header when requesting a redirected resource (bsc#1239667) - CVE-2025-1734: Fixed streams HTTP wrapper not failing for headers with invalid name and no colon (bsc#1239668) - CVE-2025-1861: Fixed stream HTTP wrapper truncate redirect location to 1024 bytes (bsc#1239669) - CVE-2025-1736: Fixed stream HTTP wrapper header check might omitting basic auth header (bsc#1239670) Version update to 8.2.28: Core: Fixed bug GH-17211 (observer segfault on function loaded with dl()). LibXML: Fixed GHSA-wg4p-4hqh-c3g9. Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong `content-type` header when requesting a redirected resource). Streams: Fixed GHSA-hgf5-96fm-v528 (Stream HTTP wrapper header check might omit basic auth header). Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location to 1024 bytes). Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers without colon). Fixed GHSA-v8xr-gpvj-cx9g (Header parser of `http` stream wrapper does not handle folded headers). Version update version 8.2.27 Calendar: Fixed jdtogregorian overflow. Fixed cal_to_jd julian_days argument overflow. COM: Fixed bug GH-16991 (Getting typeinfo of non DISPATCH variant segfaults). Core: Fail early in *nix configuration build script. Fixed bug GH-16727 (Opcache bad signal 139 crash in ZTS bookworm (frankenphp)). Fixed bug GH-16799 (Assertion failure at Zend/zend_vm_execute.h:7469). Fixed bug GH-16630 (UAF in lexer with encoding translation and heredocs). Fix is_zend_ptr() huge block comparison. Fixed potential OOB read in zend_dirname() on Windows. Curl: Fix various memory leaks in curl mime handling. FPM: Fixed GH-16432 (PHP-FPM 8.2 SIGSEGV in fpm_get_status). GD: Fixed GH-16776 (imagecreatefromstring overflow). GMP: Revert gmp_pow() overly restrictive overflow checks. Hash: Fixed GH-16711: Segfault in mhash(). Opcache: Fixed bug GH-16770 (Tracing JIT type mismatch when returning UNDEF). Fixed bug GH-16851 (JIT_G(enabled) not set correctly on other threads). Fixed bug GH-16902 (Set of opcache tests fail zts+aarch64). OpenSSL: Prevent unexpected array entry conversion when reading key. Fix various memory leaks related to openssl exports. Fix memory leak in php_openssl_pkey_from_zval(). PDO: Fixed memory leak of `setFetchMode()`. Phar: Fixed bug GH-16695 (phar:// tar parser and zero-length file header blocks). PHPDBG: Fixed bug GH-15208 (Segfault with breakpoint map and phpdbg_clear()). SAPI: Fixed bug GH-16998 (UBSAN warning in rfc1867). SimpleXML: Fixed bug GH-16808 (Segmentation fault in RecursiveIteratorIterator ->current() with a xml element input). SNMP: Fixed bug GH-16959 (snmget modifies the object_id array). Standard: Fixed bug GH-16905 (Internal iterator functions can't handle UNDEF properties). Streams: Fixed network connect poll interuption handling. Important SUSE bug 1239664 SUSE bug 1239666 SUSE bug 1239667 SUSE bug 1239668 SUSE bug 1239669 SUSE bug 1239670 CVE-2024-11235 at SUSE CVE-2024-11235 at NVD CVE-2025-1217 at SUSE CVE-2025-1217 at NVD CVE-2025-1219 at SUSE CVE-2025-1219 at NVD CVE-2025-1734 at SUSE CVE-2025-1734 at NVD CVE-2025-1736 at SUSE CVE-2025-1736 at NVD CVE-2025-1861 at SUSE CVE-2025-1861 at NVD cpe:/o:opensuse:leap:15.6 Security update for buildah (Important) openSUSE Leap 15.6 This update for buildah fixes the following issues: - CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239339). Important SUSE bug 1239339 CVE-2025-22869 at SUSE CVE-2025-22869 at NVD CVE-2025-27144 at SUSE CVE-2025-27144 at NVD cpe:/o:opensuse:leap:15.6 Security update for azure-cli-core (Important) openSUSE Leap 15.6 This update for azure-cli-core fixes the following issues: - CVE-2025-24049: Fixed improper neutralization of special elements used in a command allows an unauthorized attacker to elevate privileges locally (bsc#1239460). Important SUSE bug 1239460 CVE-2025-24049 at SUSE CVE-2025-24049 at NVD cpe:/o:opensuse:leap:15.6 Security update for apache2-mod_jk (Moderate) openSUSE Leap 15.6 This update for apache2-mod_jk fixes the following issues: - Update to version 1.2.50: - CVE-2024-46544: Fixed incorrect default permissions vulnerabilitymay that could lead to information disclosure and/or denial of service. (bsc#1230916) - CVE-2023-41081: Fixed information disclosure in mod_jk. (bsc#1215301) Moderate SUSE bug 1215301 SUSE bug 1230916 CVE-2023-41081 at SUSE CVE-2023-41081 at NVD CVE-2024-46544 at SUSE CVE-2024-46544 at NVD cpe:/o:opensuse:leap:15.6 Security update for apache-commons-vfs2 (Important) openSUSE Leap 15.6 This update for apache-commons-vfs2 fixes the following issues: - CVE-2025-27553: Fixed possible path traversal issue when using NameScope.DESCENDENT (bsc#1239973) - CVE-2025-30474: Fixed information disclosure due to failing to find an FTP file reveal the URI's password in an error message (bsc#1239974) Other fixes: - Upgrade to upstream version 2.10.0 Important SUSE bug 1239973 SUSE bug 1239974 CVE-2025-27553 at SUSE CVE-2025-27553 at NVD CVE-2025-30474 at SUSE CVE-2025-30474 at NVD cpe:/o:opensuse:leap:15.6 Security update for tomcat10 (Important) openSUSE Leap 15.6 This update for tomcat10 fixes the following issues: - CVE-2025-24813: Fixed potential RCE and/or information disclosure/corruption with partial PUT (bsc#1239302) Other fixes: - Update to Tomcat 10.1.39 * Fixes: + launch with java 17 (bsc#1239676) * Catalina + Fix: 69602: Fix regression in releases from 12-2024 that were too strict and rejected weak etags in the If-Range header with a 400 response. Instead will consider it as a failed match since strong etags are required for If-Range. (remm) + Fix: When looking up class loader resources by resource name, the resource name should not start with '/'. If the resource name does start with '/', Tomcat is lenient and looks it up as if the '/' was not present. When the web application class loader was configured with external repositories and names starting with '/' were used for lookups, it was possible that cached 'not found' results could effectively hide lookup results using the correct resource name. (markt) + Fix: Enable the JNDIRealm to validate credentials provided to HttpServletRequest.login(String username, String password) when the realm is configured to use GSSAPI authentication. (markt) + Fix: Fix a bug in the JRE compatibility detection that incorrectly identified Java 19 and Java 20 as supporting Java 21 features. (markt) + Fix: Improve the checks for exposure to and protection against CVE-2024-56337 so that reflection is not used unless required. The checks for whether the file system is case sensitive or not have been removed. (markt) + Add: Add support for logging the connection ID (as returned by ServletRequest.getServletConnection().getConnectionId()) with the AccessLogValve and ExtendedAccessLogValve. Based on pull request #814 by Dmole. (markt) + Fix: Avoid scenarios where temporary files used for partial PUT would not be deleted. (remm) + Fix: 69576: Avoid possible failure initializing JreCompat due to uncaught exception introduced for the check for CVE-2024-56337. (remm) * Cluster + Add: 69598: Add detection of service account token changes to the KubernetesMembershipProvider implementation and reload the token if it changes. Based on a patch by Miroslav Jezbera. (markt) * Coyote + Fix: 69575: Avoid using compression if a response is already compressed using compress, deflate or zstd. (remm) + Update: Use Transfer-Encoding for compression rather than Content-Encoding if the client submits a TE header containing gzip. (remm) + Fix: Fix a race condition in the handling of HTTP/2 stream reset that could cause unexpected 500 responses. (markt) * Other + Add: Add makensis as an option for building the Installer for Windows on non-Windows platforms. (rjung/markt) + Update: Update Byte Buddy to 1.17.1. (markt) + Update: Update Checkstyle to 10.21.3. (markt) + Update: Update SpotBugs to 4.9.1. (markt) + Update: Update JSign to 7.1. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) + Add: Add org.apache.juli.JsonFormatter to format log as one line JSON documents. (remm) - Update to Tomcat 10.1.35 * Catalina + Update: Add tableName configuration on the DataSourcePropertyStore that may be used by the WebDAV Servlet. (remm) + Update: Improve HTTP If headers processing according to RFC 9110. Based on pull request #796 by Chenjp. (remm/markt) + Update: Allow readOnly attribute configuration on the Resources element and allow configure the readOnly attribute value of the main resources. The attribute value will also be used by the default and WebDAV Servlets. (remm) + Fix: 69285: Optimise the creation of the parameter map for included requests. Based on sample code and test cases provided by John Engebretson. (markt) + Fix: 69527: Avoid rare cases where a cached resource could be set with 0 content length, or could be evicted immediately. (remm) + Fix: Fix possible edge cases (such as HTTP/1.0) with trying to detect requests without body for WebDAV LOCK and PROPFIND. (remm) + Fix: 69528: Add multi-release JAR support for the bloom archiveIndexStrategy of the Resources. (remm) + Fix: Improve checks for WEB-INF and META-INF in the WebDAV servlet. Based on a patch submitted by Chenjp. (remm) + Fix: Remove unused session to client map from CrawlerSessionManagerValve. Submitted by Brian Matzon. (remm) + Add: Add a check to ensure that, if one or more web applications are potentially vulnerable to CVE-2024-56337, the JVM has been configured to protect against the vulnerability and to configure the JVM correctly if not. Where one or more web applications are potentially vulnerable to CVE-2024-56337 and the JVM cannot be correctly configured or it cannot be confirmed that the JVM has been correctly configured, prevent the impacted web applications from starting. (markt) + Fix: When using the WebDAV servlet with serveSubpathOnly set to true, ensure that the destination for any requested WebDAV operation is also restricted to the sub-path. (markt) + Fix: Generate an appropriate Allow HTTP header when the Default servlet returns a 405 (method not allowed) response in response to a DELETE request because the target resource cannot be deleted. Pull request #802 provided by Chenjp. (markt) + Code: Refactor creation of RequestDispatcher instances so that the processing of the provided path is consistent with normal request processing. (markt) + Add: Add encodedReverseSolidusHandling and encodedSolidusHandling attributes to Context to provide control over the handling of the path used to created a RequestDispatcher. (markt) + Fix: Handle a potential NullPointerException after an IOException occurs on a non-container thread during asynchronous processing. (markt) + Fix: Enhance lifecycle of temporary files used by partial PUT. (remm) * Coyote + Fix: Don't log warnings for registered HTTP/2 settings that Tomcat does not support. These settings are now silently ignored. (markt) + Fix: Avoid a rare NullPointerException when recycling the Http11InputBuffer. (markt) + Fix: Lower the log level to debug for logging an invalid socket channel when processing poller events for the NIO Connector as this may occur in normal usage. (markt) + Code: Clean-up references to the HTTP/2 stream once request processing has completed to aid GC and reduce the size of the HTTP/2 recycled request and response cache. (markt) + Add: Add a new Connector configuration attribute, encodedReverseSolidusHandling, to control how %5c sequences in URLs are handled. The default behaviour is unchanged (decode) keeping in mind that the allowBackslash attribute determines how the decoded URI is processed. (markt) + Fix: 69545: Improve CRLF skipping for the available method of the ChunkedInputFilter. (remm) + Fix: Improve the performance of repeated calls to getHeader(). Pull request #813 provided by Adwait Kumar Singh. (markt) + Fix: 69559: Ensure that the Java 24 warning regarding the use of sun.misc.Unsafe::invokeCleaner is only reported by the JRE when the code will be used. (markt) * Jasper + Fix: 69508: Correct a regression in the fix for 69382 that broke JSP include actions if both the page attribute and the body contained parameters. Pull request #803 provided by Chenjp. (markt) + Fix: Update the identifier validation in the Expression Language parser to reflect that, as of Java 9, _ is also a Java keyword and may not be used as an identifier. (markt) + Fix: 69521: Update the EL Parser to allow the full range of valid characters in an EL identifier as defined by the Java Language Specification. (markt) + Fix: 69532: Optimise the creation of ExpressionFactory instances. Patch provided by John Engebretson. (markt) * Web applications + Add: Documentation. Expand the description of the security implications of setting mapperContextRootRedirectEnabled and/or mapperDirectoryRedirectEnabled to true. (markt) + Fix: Documentation. Better document the default for the truststoreProvider attribute of a SSLHostConfig element. (markt) * Other + Update: Update to Commons Daemon 1.4.1. (markt) + Update: Update the packaged version of the Tomcat Migration Tool for Jakarta EE to 1.0.9. (markt) + Update: Update the internal fork of Commons Pool to 2.12.1. (markt) + Update: Update Byte Buddy to 1.16.1. (markt) + Update: Update UnboundID to 7.0.2. (markt) + Update: Update Checkstyle to 10.21.2. (markt) + Update: Update SpotBugs to 4.9.0. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Chinese translations by leeyazhou. (markt) + Add: Improvements to Japanese translations by tak7iji. (markt) + Add: Improvements to Japanese translations by tak7iji. (markt) Important SUSE bug 1239302 SUSE bug 1239676 CVE-2024-56337 at SUSE CVE-2024-56337 at NVD CVE-2025-24813 at SUSE CVE-2025-24813 at NVD cpe:/o:opensuse:leap:15.6 Security update for php7 (Important) openSUSE Leap 15.6 This update for php7 fixes the following issues: - CVE-2024-11235: Fixed reference counting in php_request_shutdown causing Use-After-Free (bsc#1239666) - CVE-2025-1217: Fixed header parser of http stream wrapper not handling folded headers (bsc#1239664) - CVE-2025-1219: Fixed libxml streams using wrong content-type header when requesting a redirected resource (bsc#1239667) - CVE-2025-1734: Fixed streams HTTP wrapper not failing for headers with invalid name and no colon (bsc#1239668) - CVE-2025-1736: Fixed stream HTTP wrapper header check might omitting basic auth header (bsc#1239670) - CVE-2025-1861: Fixed stream HTTP wrapper truncate redirect location to 1024 bytes (bsc#1239669) Important SUSE bug 1239664 SUSE bug 1239666 SUSE bug 1239667 SUSE bug 1239668 SUSE bug 1239669 SUSE bug 1239670 CVE-2024-11235 at SUSE CVE-2024-11235 at NVD CVE-2025-1217 at SUSE CVE-2025-1217 at NVD CVE-2025-1219 at SUSE CVE-2025-1219 at NVD CVE-2025-1734 at SUSE CVE-2025-1734 at NVD CVE-2025-1736 at SUSE CVE-2025-1736 at NVD CVE-2025-1861 at SUSE CVE-2025-1861 at NVD cpe:/o:opensuse:leap:15.6 Security update for proftpd (Important) openSUSE Leap 15.6 This update for proftpd fixes the following issues: - CVE-2024-57392: Fixed null pointer dereference vulnerability by sending a maliciously crafted message (bsc#1238143). - CVE-2024-48651: Fixed supplemental group inheritance granting unintended access to GID 0 (bsc#1238141). Important SUSE bug 1238141 SUSE bug 1238143 CVE-2024-48651 at SUSE CVE-2024-48651 at NVD CVE-2024-57392 at SUSE CVE-2024-57392 at NVD cpe:/o:opensuse:leap:15.6 Security update for ed25519-java (Important) openSUSE Leap 15.6 This update for ed25519-java fixes the following issues: - CVE-2020-36843: Fixed no check performed on scalar to avoid signature malleability (bsc#1239551) Important SUSE bug 1239551 CVE-2020-36843 at SUSE CVE-2020-36843 at NVD cpe:/o:opensuse:leap:15.6 Security update for podman (Important) openSUSE Leap 15.6 This update for podman fixes the following issues: - CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239330). Important SUSE bug 1239330 CVE-2024-6104 at SUSE CVE-2024-6104 at NVD CVE-2025-22869 at SUSE CVE-2025-22869 at NVD CVE-2025-27144 at SUSE CVE-2025-27144 at NVD cpe:/o:opensuse:leap:15.6 Security update for erlang26 (Important) openSUSE Leap 15.6 This update for erlang26 fixes the following issues: - CVE-2025-26618: Fixed incorrect verification of SSH SFTP packet size in Erlang OTP (bsc#1237467) Important SUSE bug 1237467 CVE-2025-26618 at SUSE CVE-2025-26618 at NVD cpe:/o:opensuse:leap:15.6 Security update for mercurial (Important) openSUSE Leap 15.6 This update for mercurial fixes the following issues: - CVE-2025-2361: Fixed improper sanitization of user-controlled input passed via the cmd parameter in the Mercurial SCM Web Interface (bsc#1239685) Important SUSE bug 1239685 CVE-2025-2361 at SUSE CVE-2025-2361 at NVD cpe:/o:opensuse:leap:15.6 Security update for skopeo (Moderate) openSUSE Leap 15.6 This update for skopeo fixes the following issues: - CVE-2025-22870: Fixed proxy bypass using IPv6 zone IDs (bsc#1238685). Moderate SUSE bug 1238685 CVE-2025-22870 at SUSE CVE-2025-22870 at NVD cpe:/o:opensuse:leap:15.6 Security update for python3 (Moderate) openSUSE Leap 15.6 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). Moderate SUSE bug 1233307 CVE-2024-11168 at SUSE CVE-2024-11168 at NVD cpe:/o:opensuse:leap:15.6 Security update for docker, docker-stable (Important) openSUSE Leap 15.6 This update for docker, docker-stable fixes the following issues: - CVE-2025-22868: Fixed unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239185). - CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239322). Other fixes: - Make container-selinux requirement conditional on selinux-policy (bsc#1237367) Important SUSE bug 1237367 SUSE bug 1239185 SUSE bug 1239322 CVE-2024-23650 at SUSE CVE-2024-23650 at NVD CVE-2024-29018 at SUSE CVE-2024-29018 at NVD CVE-2024-41110 at SUSE CVE-2024-41110 at NVD CVE-2025-22868 at SUSE CVE-2025-22868 at NVD CVE-2025-22869 at SUSE CVE-2025-22869 at NVD cpe:/o:opensuse:leap:15.6 Security update for corosync (Critical) openSUSE Leap 15.6 This update for corosync fixes the following issues: - CVE-2025-30472: Fixed stack buffer overflow from 'orf_token_endian_convert' (bsc#1239987) Critical SUSE bug 1239987 CVE-2025-30472 at SUSE CVE-2025-30472 at NVD cpe:/o:opensuse:leap:15.6 Security update for warewulf4 (Important) openSUSE Leap 15.6 This update for warewulf4 fixes the following issues: warewulf4 was updated from version 4.5.8 to 4.6.0: - Security issues fixed for version 4.6.0: * CVE-2025-22869: Fixed Denial of Service vulnerability in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239322) * CVE-2025-22870: Fixed proxy bypass using IPv6 zone IDs (bsc#1238611) - User visible changes: * Default values `nodes.conf`: + The default values for `kernel command line`, `init parameters` and `root` are now set in the `default` profile and this profileshould be included in every profile. During the installation of an update an upgrade is done to `nodes.conf` which updates the database accordingly. * Overlay split up: + The overlays `wwinit` and `runtime` are now split up in different overlays named according to their role. The upgrade process will update the node database and replace the overlays `wwinit` and `runtime` with a list of overlays with same role. * Site and distribution overlays: + The overlays in `/var/lib/warewulf/overlays` should not be changed by the user any more. Site specific overlays are now sorted under `/etc/warewulf/overlays`. On upgrade, changed overlays are stored with the `rpmsave` suffix and move to `/etc/warewulf/overlays/$OVERLAYNAME`. - Other changes and bugs fixed: * Fixed udev issue with assigning device names (bsc#1226654) * Implemented new package `warewulf-reference-doc` with the reference documentation for Warewulf 4 as PDF * The configuation files nodes.conf and warewulf.conf will be updated on upgrade and the unmodified configuration files will be saved as nodes.conf.4.5.x and warewulf.conf.4.5.x - Summary of upstream changes: * New configuration upgrade system * Changes to the default profile * Renamed containers to (node) images * New kernel management system * Parallel overlay builds * Sprig functions in overlay templates * Improved network overlays * Nested profiles * Arbitrary 'resources' data in nodes.conf * NFS client configuration in nodes.conf * Emphatically optional syncuser * Improved network boot observability * Particularly significant changes, especially those affecting the user interface, are described in the release notes: + https://warewulf.org/docs/v4.6.x/release/v4.6.0.html Important SUSE bug 1226654 SUSE bug 1238611 SUSE bug 1239322 CVE-2025-22869 at SUSE CVE-2025-22869 at NVD CVE-2025-22870 at SUSE CVE-2025-22870 at NVD cpe:/o:opensuse:leap:15.6 Security update for libxslt (Important) openSUSE Leap 15.6 This update for libxslt fixes the following issues: - CVE-2023-40403: Fixed sensitive information disclosure during processing web content (bsc#1238591) - CVE-2024-55549: Fixed use-after-free in xsltGetInheritedNsList (bsc#1239637) - CVE-2025-24855: Fixed use-after-free in numbers.c (bsc#1239625) Important SUSE bug 1238591 SUSE bug 1239625 SUSE bug 1239637 CVE-2023-40403 at SUSE CVE-2023-40403 at NVD CVE-2024-55549 at SUSE CVE-2024-55549 at NVD CVE-2025-24855 at SUSE CVE-2025-24855 at NVD cpe:/o:opensuse:leap:15.6 Security update for tomcat (Important) openSUSE Leap 15.6 This update for tomcat fixes the following issues: - CVE-2025-24813: Fixed potential RCE and/or information disclosure/corruption with partial PUT (bsc#1239302) - Update to Tomcat 9.0.102 * Fixes: + launch with java 17 (bsc#1239676) * Catalina + Fix: Weak etags in the If-Range header should not match as strong etags are required. (remm) + Fix: When looking up class loader resources by resource name, the resource name should not start with '/'. If the resource name does start with '/', Tomcat is lenient and looks it up as if the '/' was not present. When the web application class loader was configured with external repositories and names starting with '/' were used for lookups, it was possible that cached 'not found' results could effectively hide lookup results using the correct resource name. (markt) + Fix: Enable the JNDIRealm to validate credentials provided to HttpServletRequest.login(String username, String password) when the realm is configured to use GSSAPI authentication. (markt) + Fix: Fix a bug in the JRE compatibility detection that incorrectly identified Java 19 and Java 20 as supporting Java 21 features. (markt) + Fix: Improve the checks for exposure to and protection against CVE-2024-56337 so that reflection is not used unless required. The checks for whether the file system is case sensitive or not have been removed. (markt) + Fix: Avoid scenarios where temporary files used for partial PUT would not be deleted. (remm) + Fix: 69602: Fix regression in releases from 12-2024 that were too strict and rejected weak etags in the If-Range header. (remm) + Fix: 69576: Avoid possible failure initializing JreCompat due to uncaught exception introduced for the check for CVE-2024-56337. (remm) * Cluster + Add: 69598: Add detection of service account token changes to the KubernetesMembershipProvider implementation and reload the token if it changes. Based on a patch by Miroslav Jezbera. (markt) * Coyote + Fix: 69575: Avoid using compression if a response is already compressed using compress, deflate or zstd. (remm) + Update: Use Transfer-Encoding for compression rather than Content-Encoding if the client submits a TE header containing gzip. (remm) + Fix: Fix a race condition in the handling of HTTP/2 stream reset that could cause unexpected 500 responses. (markt) * Other + Add: Add makensis as an option for building the Installer for Windows on non-Windows platforms. (rjung/markt) + Update: Update Byte Buddy to 1.17.1. (markt) + Update: Update Checkstyle to 10.21.3. (markt) + Update: Update SpotBugs to 4.9.1. (markt) + Update: Update JSign to 7.1. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) + Add: Add org.apache.juli.JsonFormatter to format log as one line JSON documents. (remm) - Update to Tomcat 9.0.99 * Catalina + Update: Add tableName configuration on the DataSourcePropertyStore that may be used by the WebDAV Servlet. (remm) + Update: Improve HTTP If headers processing according to RFC 9110. Based on pull request #796 by Chenjp. (remm/markt) + Update: Allow readOnly attribute configuration on the Resources element and allow configure the readOnly attribute value of the main resources. The attribute value will also be used by the default and WebDAV Servlets. (remm) + Fix: 69285: Optimise the creation of the parameter map for included requests. Based on sample code and test cases provided by John Engebretson. (markt) + Fix: 69527: Avoid rare cases where a cached resource could be set with 0 content length, or could be evicted immediately. (remm) + Fix: Fix possible edge cases (such as HTTP/1.0) with trying to detect requests without body for WebDAV LOCK and PROPFIND. (remm) + Fix: 69528: Add multi-release JAR support for the bloom archiveIndexStrategy of the Resources. (remm) + Fix: Improve checks for WEB-INF and META-INF in the WebDAV servlet. Based on a patch submitted by Chenjp. (remm) + Add: Add a check to ensure that, if one or more web applications are potentially vulnerable to CVE-2024-56337, the JVM has been configured to protect against the vulnerability and to configure the JVM correctly if not. Where one or more web applications are potentially vulnerable to CVE-2024-56337 and the JVM cannot be correctly configured or it cannot be confirmed that the JVM has been correctly configured, prevent the impacted web applications from starting. (markt) + Fix: Remove unused session to client map from CrawlerSessionManagerValve. Submitted by Brian Matzon. (remm) + Fix: When using the WebDAV servlet with serveSubpathOnly set to true, ensure that the destination for any requested WebDAV operation is also restricted to the sub-path. (markt) + Fix: Generate an appropriate Allow HTTP header when the Default servlet returns a 405 (method not allowed) response in response to a DELETE request because the target resource cannot be deleted. Pull request #802 provided by Chenjp. (markt) + Code: Refactor creation of RequestDispatcher instances so that the processing of the provided path is consistent with normal request processing. (markt) + Add: Add encodedReverseSolidusHandling and encodedSolidusHandling attributes to Context to provide control over the handling of the path used to created a RequestDispatcher. (markt) + Fix: Handle a potential NullPointerException after an IOException occurs on a non-container thread during asynchronous processing. (markt) + Fix: Enhance lifecycle of temporary files used by partial PUT. (remm) * Coyote + Fix: Don't log warnings for registered HTTP/2 settings that Tomcat does not support. These settings are now silently ignored. (markt) + Fix: Avoid a rare NullPointerException when recycling the Http11InputBuffer. (markt) + Fix: Lower the log level to debug for logging an invalid socket channel when processing poller events for the NIO Connector as this may occur in normal usage. (markt) + Code: Clean-up references to the HTTP/2 stream once request processing has completed to aid GC and reduce the size of the HTTP/2 recycled request and response cache. (markt) + Add: Add a new Connector configuration attribute, encodedReverseSolidusHandling, to control how %5c sequences in URLs are handled. The default behaviour is unchanged (decode) keeping in mind that the allowBackslash attribute determines how the decoded URI is processed. (markt) + Fix: 69545: Improve CRLF skipping for the available method of the ChunkedInputFilter. (remm) + Fix: Improve the performance of repeated calls to getHeader(). Pull request #813 provided by Adwait Kumar Singh. (markt) + Fix: 69559: Ensure that the Java 24 warning regarding the use of sun.misc.Unsafe::invokeCleaner is only reported by the JRE when the code will be used. (markt) * Jasper + Fix: 69508: Correct a regression in the fix for 69382 that broke JSP include actions if both the page attribute and the body contained parameters. Pull request #803 provided by Chenjp. (markt) + Fix: 69521: Update the EL Parser to allow the full range of valid characters in an EL identifier as defined by the Java Language Specification. (markt) + Fix: 69532: Optimise the creation of ExpressionFactory instances. Patch provided by John Engebretson. (markt) * Web applications + Add: Documentation. Expand the description of the security implications of setting mapperContextRootRedirectEnabled and/or mapperDirectoryRedirectEnabled to true. (markt) + Fix: Documentation. Better document the default for the truststoreProvider attribute of a SSLHostConfig element. (markt) * Other + Update: Update to Commons Daemon 1.4.1. (markt) + Update: Update the internal fork of Commons Pool to 2.12.1. (markt) + Update: Update Byte Buddy to 1.16.1. (markt) + Update: Update UnboundID to 7.0.2. (markt) + Update: Update Checkstyle to 10.21.2. (markt) + Update: Update SpotBugs to 4.9.0. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Chinese translations by leeyazhou. (markt) + Add: Improvements to Japanese translations by tak7iji. (markt) Important SUSE bug 1239302 SUSE bug 1239676 CVE-2024-56337 at SUSE CVE-2024-56337 at NVD CVE-2025-24813 at SUSE CVE-2025-24813 at NVD cpe:/o:opensuse:leap:15.6 Security update for ghostscript (Important) openSUSE Leap 15.6 This update for ghostscript fixes the following issues: - CVE-2025-27831: Fixed text buffer overflow in DOCXWRITE TXTWRITE device via long characters to devices/vector/doc_common.c (bsc#1240075) - CVE-2025-27832: Fixed compression buffer overflow in NPDL device for contrib/japanese/gdevnpdl.c (bsc#1240077) - CVE-2025-27835: Fixed buffer overflow occurs when converting glyphs to Unicode in psi/zbfont.c (bsc#1240080) - CVE-2025-27836: Fixed Print buffer overflow in BJ10V device in contrib/japanese/gdev10v.c (bsc#1240081) Important SUSE bug 1240075 SUSE bug 1240077 SUSE bug 1240080 SUSE bug 1240081 CVE-2025-27831 at SUSE CVE-2025-27831 at NVD CVE-2025-27832 at SUSE CVE-2025-27832 at NVD CVE-2025-27835 at SUSE CVE-2025-27835 at NVD CVE-2025-27836 at SUSE CVE-2025-27836 at NVD cpe:/o:opensuse:leap:15.6 Security update for GraphicsMagick (Moderate) openSUSE Leap 15.6 This update for GraphicsMagick fixes the following issues: - CVE-2025-27795: Fixed missing image dimension resource limits in JXL (bsc#1239044) Moderate SUSE bug 1239044 CVE-2025-27795 at SUSE CVE-2025-27795 at NVD cpe:/o:opensuse:leap:15.6 Security update for apparmor (Moderate) openSUSE Leap 15.6 This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452). Moderate SUSE bug 1234452 cpe:/o:opensuse:leap:15.6 Security update for xz (Important) openSUSE Leap 15.6 This update for xz fixes the following issues: - CVE-2025-31115: Fixed heap use after free and writing to an address based on the null pointer plus an offset (bsc#1240414) Important SUSE bug 1240414 CVE-2025-31115 at SUSE CVE-2025-31115 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaFirefox (Important) openSUSE Leap 15.6 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 128.9.0 ESR MFSA 2025-22 (bsc#1240083): * CVE-2025-3028: Use-after-free triggered by XSLTProcessor * CVE-2025-3029: URL Bar Spoofing via non-BMP Unicode characters * CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9 Important SUSE bug 1240083 CVE-2025-3028 at SUSE CVE-2025-3028 at NVD CVE-2025-3029 at SUSE CVE-2025-3029 at NVD CVE-2025-3030 at SUSE CVE-2025-3030 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.23 (Important) openSUSE Leap 15.6 This update for go1.23 fixes the following issues: - Update to go1.23.8 - CVE-2025-22871: Fix an issue with request smuggling through invalid chunked data. (bsc#1240550) Important SUSE bug 1229122 SUSE bug 1240550 CVE-2025-22871 at SUSE CVE-2025-22871 at NVD cpe:/o:opensuse:leap:15.6 Security update for google-guest-agent (Important) openSUSE Leap 15.6 This update for google-guest-agent fixes the following issues: - CVE-2024-45337: golang.org/x/crypto/ssh: Fixed misuse of ServerConfig.PublicKeyCallback leading to authorization bypass (bsc#1234563). Other fixes: - Updated to version 20250327.01 (bsc#1239763, bsc#1239866) * Remove error messages from gce_workload_cert_refresh and metadata script runner (#527) - from version 20250327.00 * Update guest-logging-go dependency (#526) * Add 'created-by' metadata, and pass it as option to logging library (#508) * Revert 'oslogin: Correctly handle newlines at the end of modified files (#520)' (#523) * Re-enable disabled services if the core plugin was enabled (#522) * Enable guest services on package upgrade (#519) * oslogin: Correctly handle newlines at the end of modified files (#520) * Fix core plugin path (#518) * Fix package build issues (#517) * Fix dependencies ran go mod tidy -v (#515) * Fix debian build path (#514) * Bundle compat metadata script runner binary in package (#513) * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512) * Update startup/shutdown services to launch compat manager (#503) * Bundle new gce metadata script runner binary in agent package (#502) * Revert 'Revert bundling new binaries in the package (#509)' (#511) - from version 20250326.00 * Re-enable disabled services if the core plugin was enabled (#521) - from version 20250324.00 * Enable guest services on package upgrade (#519) * oslogin: Correctly handle newlines at the end of modified files (#520) * Fix core plugin path (#518) * Fix package build issues (#517) * Fix dependencies ran go mod tidy -v (#515) * Fix debian build path (#514) * Bundle compat metadata script runner binary in package (#513) * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512) * Update startup/shutdown services to launch compat manager (#503) * Bundle new gce metadata script runner binary in agent package (#502) * Revert 'Revert bundling new binaries in the package (#509)' (#511) * Revert bundling new binaries in the package (#509) * Fix typo in windows build script (#501) * Include core plugin binary for all packages (#500) * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) - from version 20250317.00 * Revert 'Revert bundling new binaries in the package (#509)' (#511) * Revert bundling new binaries in the package (#509) * Fix typo in windows build script (#501) * Include core plugin binary for all packages (#500) * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) - from version 20250312.00 * Revert bundling new binaries in the package (#509) * Fix typo in windows build script (#501) * Include core plugin binary for all packages (#500) * Update crypto library to fix CVE-2024-45337 (#499) * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) - from version 20250305.00 * Revert bundling new binaries in the package (#509) * Fix typo in windows build script (#501) * Include core plugin binary for all packages (#500) * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) - from version 20250304.01 * Fix typo in windows build script (#501) - from version 20250214.01 * Include core plugin binary for all packages (#500) - from version 20250214.00 * Update crypto library to fix CVE-2024-45337 (#499) - from version 20250212.00 * Start packaging compat manager (#498) * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492) - from version 20250211.00 * scripts: introduce a wrapper to locally build deb package (#490) * Introduce compat-manager systemd unit (#497) - from version 20250207.00 * vlan: toggle vlan configuration in debian packaging (#495) * vlan: move config out of unstable section (#494) * Add clarification to comments regarding invalid NICs and the `invalid` tag. (#493) * Include interfaces in lists even if it has an invalid MAC. (#489) * Fix windows package build failures (#491) * vlan: don't index based on the vlan ID (#486) * Revert PR #482 (#488) * Remove Amy and Zach from OWNERS (#487) * Skip interfaces in interfaceNames() instead of erroring if there is an (#482) * Fix Debian packaging if guest agent manager is not checked out (#485) - from version 20250204.02 * force concourse to move version forward. - from version 20250204.01 * vlan: toggle vlan configuration in debian packaging (#495) - from version 20250204.00 * vlan: move config out of unstable section (#494) * Add clarification to comments regarding invalid NICs and the `invalid` tag. (#493) - from version 20250203.01 * Include interfaces in lists even if it has an invalid MAC. (#489) - from version 20250203.00 * Fix windows package build failures (#491) * vlan: don't index based on the vlan ID (#486) * Revert PR #482 (#488) * Remove Amy and Zach from OWNERS (#487) * Skip interfaces in interfaceNames() instead of erroring if there is an (#482) * Fix Debian packaging if guest agent manager is not checked out (#485) - from version 20250122.00 * networkd(vlan): remove the interface in addition to config (#468) * Implement support for vlan dynamic removal, update dhclient to remove only if configured (#465) * Update logging library (#479) * Remove Pat from owners file. (#478) Important SUSE bug 1234563 SUSE bug 1239763 SUSE bug 1239866 CVE-2024-45337 at SUSE CVE-2024-45337 at NVD cpe:/o:opensuse:leap:15.6 Security update for webkit2gtk3 (Moderate) openSUSE Leap 15.6 This update for webkit2gtk3 fixes the following issues: - CVE-2024-44192: Fixed unexpected process crash due to processing maliciously crafted web content (bsc#1239863) - CVE-2024-54467: Fixed information disclosure via data cross-origin exfiltration due to a cookie management issue (bsc#1239864) Other fixes: - Update to version 2.48.0: + Move tiles rendering to worker threads when rendering with the GPU. + Fix preserve-3D intersection rendering. + Added new function for creating Promise objects to JavaScripotCore GLib API. + The MediaRecorder backend gained WebM support (requires at least GStreamer 1.24.9) and audio bitrate configuration support. + Fix invalid DPI-aware font size conversion. + Bring back support for OpenType-SVG fonts using Skia SVG module. + Add metadata (title and creation/modification date) to the PDF document generated for printing. + Propagate the font’s computed locale to HarfBuzz. + The GPU process build is now enabled for WebGL, but the web process is still used by default. The runtime flag UseGPUProcessForWebGL can be used to use the GPU process for WebGL. + Security fixes: CVE-2024-44192, CVE-2024-54467, CVE-2025-24201. - Disable speech synthesis. It has been disabled until now, and we don't have flite or spiel in SLE. - Add gcc13-PIE to BuildRequires (bsc#1239950). - Backport upstream patch to stop using IOChannel in NetworkCache: hopefully fixes crashes in the network process. Moderate SUSE bug 1239863 SUSE bug 1239864 SUSE bug 1239950 CVE-2024-44192 at SUSE CVE-2024-44192 at NVD CVE-2024-54467 at SUSE CVE-2024-54467 at NVD CVE-2025-24201 at SUSE CVE-2025-24201 at NVD cpe:/o:opensuse:leap:15.6 Recommended update for apache-commons-io (Moderate) openSUSE Leap 15.6 This update for apache-commons-io fixes the following issues: apache-commons-io was updated from version 2.15.1 to 2.18.0: - Key changes across versions: * Cleaner code and updated dependencies * Improved security when handling serialized data with the new safe deserialization feature * New features for advanced file and stream operations * Various bugs were fixed to improve reliability with fewer crashes and unexpected errors * For the full list of changes please consult the packaged RELEASE-NOTES.txt - Already fixed in previous version: * CVE-2024-47554: Untrusted input to XmlStreamReader can lead to uncontrolled resource consumption (bsc#1231298) Moderate SUSE bug 1231298 CVE-2024-47554 at SUSE CVE-2024-47554 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.24 (Important) openSUSE Leap 15.6 This update for go1.24 fixes the following issues: - Update to go1.24.2 - CVE-2025-22871: Fix an issue with request smuggling through invalid chunked data. (bsc#1240550) Important SUSE bug 1236217 SUSE bug 1239182 SUSE bug 1240550 CVE-2025-22871 at SUSE CVE-2025-22871 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaThunderbird (Important) openSUSE Leap 15.6 This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird ESR 128.9 MFSA 2025-24 (bsc#1240083) * CVE-2025-3028: Use-after-free triggered by XSLTProcessor * CVE-2025-3029: URL Bar Spoofing via non-BMP Unicode characters * CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9 Other fixes: * new: Thunderbird now has a notification system for real-time desktop alerts * fixed: Data corruption occurred when compacting IMAP Drafts folder after saving a message * fixed: Right-clicking 'Decrypt and Save As...' on an attachment file failed. * fixed: Thunderbird could crash when importing mail * fixed: Sort indicators were missing on the calendar events list. Important SUSE bug 1240083 CVE-2025-3028 at SUSE CVE-2025-3028 at NVD CVE-2025-3029 at SUSE CVE-2025-3029 at NVD CVE-2025-3030 at SUSE CVE-2025-3030 at NVD cpe:/o:opensuse:leap:15.6 Security update for git (Important) openSUSE Leap 15.6 This update for git fixes the following issues: - CVE-2024-50349: Passwords for trusted sites could be sent to untrusted sites (bsc#1235600). - CVE-2024-52006: Carriage Returns via the credential protocol to credential helpers (bsc#1235601). Important SUSE bug 1235600 SUSE bug 1235601 CVE-2024-50349 at SUSE CVE-2024-50349 at NVD CVE-2024-52006 at SUSE CVE-2024-52006 at NVD cpe:/o:opensuse:leap:15.6 Security update for xen (Moderate) openSUSE Leap 15.6 This update for xen fixes the following issues: - CVE-2025-1713: Fixed potential deadlock with VT-d and legacy PCI device pass-through (bsc#1238043) Other fixes: - Xen channels and domU console (bsc#1219354) - Fixed attempting to start guest vm's libxl fills disk with errors (bsc#1237692) - Xen call trace and APIC Error found after reboot operation on AMD machines (bsc#1233796). - Upstream bug fixes (bsc#1027519). Moderate SUSE bug 1027519 SUSE bug 1219354 SUSE bug 1233796 SUSE bug 1237692 SUSE bug 1238043 CVE-2025-1713 at SUSE CVE-2025-1713 at NVD cpe:/o:opensuse:leap:15.6 Security update for giflib (Important) openSUSE Leap 15.6 This update for giflib fixes the following issues: - CVE-2025-31344: Fixed a buffer overflow in function DumpScreen2RGB (bsc#1240416) Important SUSE bug 1240416 CVE-2025-31344 at SUSE CVE-2025-31344 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820). - CVE-2024-27397: netfilter: nf_tables: use timestamp to check for set element timeout (bsc#1224095). - CVE-2024-35839: kABI fix for netfilter: bridge: replace physindev with physinif in nf_bridge_info (bsc#1224726). - CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758). - CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526). - CVE-2024-44934: net: bridge: mcast: wait for previous gc cycles when removing port (bsc#1229809). - CVE-2024-44996: vsock: fix recursive ->recvmsg calls (bsc#1230205). - CVE-2024-47678: icmp: change the order of rate limits (bsc#1231854). - CVE-2024-50018: net: napi: Prevent overflow of napi_defer_hard_irqs (bsc#1232419). - CVE-2024-50039: kABI: Restore deleted EXPORT_SYMBOL(__qdisc_calculate_pkt_len) (bsc#1231909). - CVE-2024-50202: nilfs2: propagate directory read errors from nilfs_find_entry() (bsc#1233324). - CVE-2024-50256: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (bsc#1233200). - CVE-2024-50262: bpf: Fix out-of-bounds write in trie_get_next_key() (bsc#1233239). - CVE-2024-50278, CVE-2024-50280: dm cache: fix flushing uninitialized delayed_work on cache_ctr error (bsc#1233467). - CVE-2024-50278: dm cache: fix potential out-of-bounds access on the first resume (bsc#1233467). - CVE-2024-53050: drm/i915/hdcp: Add encoder check in hdcp2_get_capability (bsc#1233546). - CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558). - CVE-2024-53090: afs: Fix lock recursion (bsc#1233637). - CVE-2024-53099: bpf: Check validity of link->type in bpf_link_show_fdinfo() (bsc#1233772). - CVE-2024-53105: mm: page_alloc: move mlocked flag clearance into free_pages_prepare() (bsc#1234069). - CVE-2024-53111: mm/mremap: fix address wraparound in move_page_tables() (bsc#1234086). - CVE-2024-53113: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (bsc#1234077). - CVE-2024-53117: virtio/vsock: Improve MSG_ZEROCOPY error handling (bsc#1234079). - CVE-2024-53118: vsock: Fix sk_error_queue memory leak (bsc#1234071). - CVE-2024-53119: virtio/vsock: Fix accept_queue memory leak (bsc#1234073). - CVE-2024-53122: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (bsc#1234076). - CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156). - CVE-2024-53130: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (bsc#1234219). - CVE-2024-53131: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (bsc#1234220). - CVE-2024-53133: drm/amd/display: Handle dml allocation failure to avoid crash (bsc#1234221) - CVE-2024-53134: pmdomain: imx93-blk-ctrl: correct remove path (bsc#1234159). - CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381). - CVE-2024-53160: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu (bsc#1234810). - CVE-2024-53161: EDAC/bluefield: Fix potential integer overflow (bsc#1234856). - CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921). - CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004). - CVE-2024-53216: nfsd: fix UAF when access ex_uuid or ex_stats (bsc#1235003). - CVE-2024-53222: zram: fix NULL pointer in comp_algorithm_show() (bsc#1234974). - CVE-2024-53234: erofs: handle NONHEAD !delta[1] lclusters gracefully (bsc#1235045). - CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281). - CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (bsc#1234282). - CVE-2024-56549: cachefiles: Fix NULL pointer dereference in object->file (bsc#1234912). - CVE-2024-56566: mm/slub: Avoid list corruption when removing a slab from the full list (bsc#1235033). - CVE-2024-56582: btrfs: fix use-after-free in btrfs_encoded_read_endio() (bsc#1235128). - CVE-2024-56599: wifi: ath10k: avoid NULL pointer error during sdio remove (bsc#1235138). - CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056). - CVE-2024-56755: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING (bsc#1234920). The following non-security bugs were fixed: - 9p: v9fs_fid_find: also lookup by inode if not found dentry (git-fixes). - accel/habanalabs: export dma-buf only if size/offset multiples of PAGE_SIZE (stable-fixes). - accel/habanalabs: fix debugfs files permissions (stable-fixes). - accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings (stable-fixes). - accel/habanalabs/gaudi2: unsecure tpc count registers (stable-fixes). - acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl (git-fixes). - ACPI: PRM: Add PRM handler direct call support (jsc#PED-10467). - ACPI: resource: Fix memory resource type union access (git-fixes). - ACPI: x86: Add skip i2c clients quirk for Acer Iconia One 8 A1-840 (stable-fixes). - ACPI: x86: Clean up Asus entries in acpi_quirk_skip_dmi_ids[] (stable-fixes). - ACPI: x86: Make UART skip quirks work on PCI UARTs without an UID (stable-fixes). - ACPI/HMAT: Move HMAT messages to pr_debug() (bsc#1234294) - ACPICA: events/evxfregn: do not release the ContextMutex that was never acquired (git-fixes). - af_unix: Call manage_oob() for every skb in unix_stream_read_generic() (bsc#1234725). - afs: Automatically generate trace tag enums (git-fixes). - afs: Fix missing subdir edit when renamed between parent dirs (git-fixes). - ALSA hda/realtek: Add quirk for Framework F111:000C (stable-fixes). - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes). - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes). - ALSA: hda/realtek: Fix headset mic on Acer Nitro 5 (stable-fixes). - ALSA: line6: Fix racy access to midibuf (stable-fixes). - ALSA: seq: Check UMP support for midi_version change (git-fixes). - ALSA: seq: oss: Fix races at processing SysEx messages (stable-fixes). - ALSA: seq: ump: Fix seq port updates per FB info notify (git-fixes). - ALSA: seq: ump: Use automatic cleanup of kfree() (stable-fixes). - ALSA: seq: ump: Use guard() for locking (stable-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Yamaha THR5 (stable-fixes). - ALSA: usb-audio: Notify xrun for low-latency mode (git-fixes). - ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes). - ALSA: usb-audio: US16x08: Initialize array before use (git-fixes). - amdgpu/uvd: get ring reference from rq scheduler (git-fixes). - arch: consolidate arch_irq_work_raise prototypes (git-fixes). - arch: Introduce arch_{,try_}_cmpxchg128{,_local}() (bsc#1220773). - arch: Remove cmpxchg_double (bsc#1220773). - arm64: dts: imx8mp: correct sdhc ipg clk (git-fixes). - arm64: Ensure bits ASID[15:8] are masked out when the kernel uses (bsc#1234605) - arm64: Force position-independent veneers (git-fixes). - ASoC: amd: yc: Add a quirk for microfone on Lenovo ThinkPad P14s Gen 5 21MES00B00 (stable-fixes). - ASoC: amd: yc: Add quirk for microphone on Lenovo Thinkpad T14s Gen 6 21M1CTO1WW (stable-fixes). - ASoC: amd: yc: fix internal mic on Redmi G 2022 (stable-fixes). - ASoC: amd: yc: Fix the wrong return value (git-fixes). - ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes). - ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes). - ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes). - ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes). - ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes). - ASoC: hdmi-codec: reorder channel allocation list (stable-fixes). - ASoC: Intel: sof_sdw: add quirk for Dell SKU 0B8C (stable-fixes). - ASoC: Intel: sof_sdw: fix jack detection on ADL-N variant RVP (stable-fixes). - ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes). - ASoC: nau8822: Lower debug print priority (stable-fixes). - ASoC: SOF: Remove libraries from topology lookups (git-fixes). - autofs: fix memory leak of waitqueues in autofs_catatonic_mode (git-fixes). - batman-adv: Do not let TT changes list grows indefinitely (git-fixes). - batman-adv: Do not send uninitialized TT changes (git-fixes). - batman-adv: Remove uninitialized data in full table TT response (git-fixes). - blk-cgroup: Fix UAF in blkcg_unpin_online() (bsc#1234726). - blk-core: use pr_warn_ratelimited() in bio_check_ro() (bsc#1234139). - blk-iocost: do not WARN if iocg was already offlined (bsc#1234147). - blk-iocost: Fix an UBSAN shift-out-of-bounds warning (bsc#1234144). - blk-throttle: fix lockdep warning of 'cgroup_mutex or RCU read lock required!' (bsc#1234140). - block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator() (bsc#1234149). - block, bfq: do not break merge chain in bfq_split_bfqq() (bsc#1234150). - block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234160). - block, bfq: fix procress reference leakage for bfqq in merge chain (bsc#1234280). - block, bfq: fix uaf for accessing waker_bfqq after splitting (bsc#1234279). - block: Call .limit_depth() after .hctx has been set (bsc#1234148). - block: Fix where bio IO priority gets set (bsc#1234145). - block: prevent an integer overflow in bvec_try_merge_hw_page (bsc#1234142). - block: update the stable_writes flag in bdev_add (bsc#1234141). - block/mq-deadline: Fix the tag reservation code (bsc#1234148). - Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables (stable-fixes). - Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() (stable-fixes). - Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet (stable-fixes). - Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating (git-fixes). - Bluetooth: iso: Fix recursive locking warning (git-fixes). - Bluetooth: ISO: Reassociate a socket with an active BIS (stable-fixes). - Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (stable-fixes). - Bluetooth: MGMT: Fix possible deadlocks (git-fixes). - Bluetooth: SCO: Add support for 16 bits transparent voice setting (git-fixes). - bnxt_en: Fix receive ring space parameters when XDP is active (git-fixes). - bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down (git-fixes). - bnxt_en: Set backplane link modes correctly for ethtool (git-fixes). - bpf, x86: Fix PROBE_MEM runtime load check (git-fixes). - bpf: verifier: prevent userspace memory access (git-fixes). - btrfs: fix use-after-free waiting for encoded read endios (bsc#1235128) - can: gs_usb: add VID/PID for Xylanta SAINT3 product family (stable-fixes). - can: j1939: fix error in J1939 documentation (stable-fixes). - checkpatch: always parse orig_commit in fixes tag (git-fixes). - checkpatch: check for missing Fixes tags (stable-fixes). - clocksource/drivers:sp804: Make user selectable (git-fixes). - clocksource/drivers/timer-ti-dm: Fix child node refcount handling (git-fixes). - counter: stm32-timer-cnt: Add check for clk_enable() (git-fixes). - counter: ti-ecap-capture: Add check for clk_enable() (git-fixes). - crypto: qat - disable IOV in adf_dev_stop() (git-fixes). - crypto: x86/sha256 - Add parentheses around macros' single arguments (stable-fixes). - cyrpto/b128ops: Remove struct u128 (bsc#1220773). - devlink: Fix length of eswitch inline-mode (git-fixes). - dma-buf: fix dma_fence_array_signaled v4 (stable-fixes). - dma-debug: fix a possible deadlock on radix_lock (stable-fixes). - dmaengine: apple-admac: Avoid accessing registers in probe (git-fixes). - dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset (git-fixes). - dmaengine: dw: Select only supported masters for ACPI devices (git-fixes). - dmaengine: idxd: Check for driver name match before sva user feature (bsc#1234357). - dmaengine: mv_xor: fix child node refcount handling in early exit (git-fixes). - dmaengine: tegra: Return correct DMA status when paused (git-fixes). - Documentation: PM: Clarify pm_runtime_resume_and_get() return value (git-fixes). - driver core: Add FWLINK_FLAG_IGNORE to completely ignore a fwnode link (stable-fixes). - driver core: fw_devlink: Improve logs for cycle detection (stable-fixes). - driver core: fw_devlink: Stop trying to optimize cycle detection logic (git-fixes). - Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (git-fixes). - drivers: net: ionic: add missed debugfs cleanup to ionic_probe() error path (git-fixes). - drm: adv7511: Drop dsi single lane support (git-fixes). - drm: adv7511: Fix use-after-free in adv7533_attach_dsi() (git-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model (stable-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO Founder edition (stable-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO GEEK (stable-fixes). - drm: panel-orientation-quirks: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes). - drm/amd/display: Add HDR workaround for specific eDP (stable-fixes). - drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw (stable-fixes). - drm/amd/display: Allow backlight to go below `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT` (stable-fixes). - drm/amd/display: Avoid overflow assignment in link_dp_cts (stable-fixes). - drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination (stable-fixes). - drm/amd/display: Revert Avoid overflow assignment (stable-fixes). - drm/amd/display: Use gpuvm_min_page_size_kbytes for DML2 surfaces (stable-fixes). - drm/amd/pm: fix the high voltage issue after unload (stable-fixes). - drm/amd/pm: update current_socclk and current_uclk in gpu_metrics on smu v13.0.7 (stable-fixes). - drm/amdgpu: add raven1 gfxoff quirk (stable-fixes). - drm/amdgpu: add smu 14.0.1 discovery support (stable-fixes). - drm/amdgpu: Block MMR_READ IOCTL in reset (stable-fixes). - drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts for vega20_ih (stable-fixes). - drm/amdgpu: Dereference the ATCS ACPI buffer (stable-fixes). - drm/amdgpu: differentiate external rev id for gfx 11.5.0 (stable-fixes). - drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit (stable-fixes). - drm/amdgpu: do not access invalid sched (git-fixes). - drm/amdgpu: enable gfxoff quirk on HP 705G4 (stable-fixes). - drm/amdgpu: fix unchecked return value warning for amdgpu_gfx (stable-fixes). - drm/amdgpu: fix usage slab after free (stable-fixes). - drm/amdgpu: prevent BO_HANDLES error from being overwritten (git-fixes). - drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr (stable-fixes). - drm/amdgpu: set the right AMDGPU sg segment limitation (stable-fixes). - drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov (stable-fixes). - drm/amdgpu/gfx10: use rlc safe mode for soft recovery (stable-fixes). - drm/amdgpu/gfx11: use rlc safe mode for soft recovery (stable-fixes). - drm/amdgpu/gfx9: properly handle error ints on all pipes (stable-fixes). - drm/amdgpu/gfx9: use rlc safe mode for soft recovery (stable-fixes). - drm/amdgpu/hdp5.2: do a posting read when flushing HDP (stable-fixes). - drm/amdgpu/pm: Remove gpu_od if it's an empty directory (stable-fixes). - drm/amdgpu/umsch: do not execute umsch test when GPU is in reset/suspend (stable-fixes). - drm/amdgpu/umsch: reinitialize write pointer in hw init (stable-fixes). - drm/amdgpu/vcn: reset fw_shared when VCPU buffers corrupted on vcn v4.0.3 (stable-fixes). - drm/amdkfd: Fix resource leak in criu restore queue (stable-fixes). - drm/amdkfd: pause autosuspend when creating pdd (stable-fixes). - drm/amdkfd: Use device based logging for errors (stable-fixes). - drm/amdkfd: Use the correct wptr size (stable-fixes). - drm/bridge: adv7511_audio: Update Audio InfoFrame properly (git-fixes). - drm/bridge: it6505: Enable module autoloading (stable-fixes). - drm/bridge: it6505: Fix inverted reset polarity (git-fixes). - drm/bridge: it6505: update usleep_range for RC circuit charge time (stable-fixes). - drm/display: Fix building with GCC 15 (stable-fixes). - drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (stable-fixes). - drm/dp_mst: Fix MST sideband message body length check (stable-fixes). - drm/dp_mst: Fix resetting msg rx state after topology removal (git-fixes). - drm/dp_mst: Verify request type in the corresponding down message reply (stable-fixes). - drm/etnaviv: flush shader L1 cache after user commandstream (stable-fixes). - drm/i915: Fix memory leak by correcting cache object name in error handler (git-fixes). - drm/i915: Fix NULL pointer dereference in capture_engine (git-fixes). - drm/i915/dg1: Fix power gate sequence (git-fixes). - drm/mcde: Enable module autoloading (stable-fixes). - drm/modes: Avoid divide by zero harder in drm_mode_vrefresh() (stable-fixes). - drm/nouveau/gsp: Use the sg allocator for level 2 of radix3 (stable-fixes). - drm/panel: novatek-nt35950: fix return value check in nt35950_probe() (git-fixes). - drm/panel: simple: Add Microchip AC69T88A LVDS Display panel (stable-fixes). - drm/printer: Allow NULL data in devcoredump printer (stable-fixes). - drm/radeon: add helper rdev_to_drm(rdev) (stable-fixes). - drm/radeon: change rdev->ddev to rdev_to_drm(rdev) (stable-fixes). - drm/radeon: Fix spurious unplug event on radeon HDMI (git-fixes). - drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() (stable-fixes). - drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check() (stable-fixes). - drm/sched: memset() 'job' in drm_sched_job_init() (stable-fixes). - drm/vc4: hdmi: Avoid log spam for audio start failure (stable-fixes). - drm/vc4: hvs: Set AXI panic modes for the HVS (stable-fixes). - erofs: avoid debugging output for (de)compressed data (git-fixes). - exfat: fix uninit-value in __exfat_get_dentry_set (git-fixes). - ext4: add a new helper to check if es must be kept (bsc#1234170). - ext4: add correct group descriptors and reserved GDT blocks to system zone (bsc#1234164). - ext4: add missed brelse in update_backups (bsc#1234171). - ext4: allow for the last group to be marked as trimmed (bsc#1234278). - ext4: avoid buffer_head leak in ext4_mark_inode_used() (bsc#1234191). - ext4: avoid excessive credit estimate in ext4_tmpfile() (bsc#1234180). - ext4: avoid negative min_clusters in find_group_orlov() (bsc#1234193). - ext4: avoid overlapping preallocations due to overflow (bsc#1234162). - ext4: avoid potential buffer_head leak in __ext4_new_inode() (bsc#1234192). - ext4: avoid writing unitialized memory to disk in EA inodes (bsc#1234187). - ext4: check the extent status again before inserting delalloc block (bsc#1234186). - ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard (bsc#1234190). - ext4: convert to exclusive lock while inserting delalloc extents (bsc#1234178). - ext4: correct best extent lstart adjustment logic (bsc#1234179). - ext4: correct grp validation in ext4_mb_good_group (bsc#1234163). - ext4: correct return value of ext4_convert_meta_bg (bsc#1234172). - ext4: correct the hole length returned by ext4_map_blocks() (bsc#1234178). - ext4: correct the start block of counting reserved clusters (bsc#1234169). - ext4: do not let fstrim block system suspend (https://bugzilla.kernel.org/show_bug.cgi?id=216322 bsc#1234166). - ext4: do not trim the group with corrupted block bitmap (bsc#1234177). - ext4: factor out __es_alloc_extent() and __es_free_extent() (bsc#1234170). - ext4: factor out a common helper to query extent map (bsc#1234186). - ext4: fix inconsistent between segment fstrim and full fstrim (bsc#1234176). - ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space() (bsc#1234188). - ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit() (bsc#1234188). - ext4: fix incorrect tid assumption in jbd2_journal_shrink_checkpoint_list() (bsc#1234188). - ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). - ext4: fix potential unnitialized variable (bsc#1234183). - ext4: fix race between writepages and remount (bsc#1234168). - ext4: fix rec_len verify error (bsc#1234167). - ext4: fix slab-use-after-free in ext4_es_insert_extent() (bsc#1234170). - ext4: fix uninitialized variable in ext4_inlinedir_to_tree (bsc#1234185). - ext4: forbid commit inconsistent quota data when errors=remount-ro (bsc#1234178). - ext4: make ext4_es_insert_delayed_block() return void (bsc#1234170). - ext4: make ext4_es_insert_extent() return void (bsc#1234170). - ext4: make ext4_es_remove_extent() return void (bsc#1234170). - ext4: make ext4_zeroout_es() return void (bsc#1234170). - ext4: make sure allocate pending entry not fail (bsc#1234170). - ext4: mark buffer new if it is unwritten to avoid stale data exposure (bsc#1234175). - ext4: move 'ix' sanity check to corrent position (bsc#1234174). - ext4: move setting of trimmed bit into ext4_try_to_trim_range() (bsc#1234165). - ext4: nested locking for xattr inode (bsc#1234189). - ext4: propagate errors from ext4_find_extent() in ext4_insert_range() (bsc#1234194). - ext4: refactor ext4_da_map_blocks() (bsc#1234178). - ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks (bsc#1234173). - ext4: remove the redundant folio_wait_stable() (bsc#1234184). - ext4: set the type of max_zeroout to unsigned int to avoid overflow (bsc#1234182). - ext4: set type of ac_groups_linear_remaining to __u32 to avoid overflow (bsc#1234181). - ext4: use pre-allocated es in __es_insert_extent() (bsc#1234170). - ext4: use pre-allocated es in __es_remove_extent() (bsc#1234170). - ext4: using nofail preallocation in ext4_es_insert_delayed_block() (bsc#1234170). - ext4: using nofail preallocation in ext4_es_insert_extent() (bsc#1234170). - ext4: using nofail preallocation in ext4_es_remove_extent() (bsc#1234170). - filemap: add a per-mapping stable writes flag (bsc#1234141). - filemap: Fix bounds checking in filemap_read() (bsc#1234209). - firmware: arm_scmi: Reject clear channel request on A2P (stable-fixes). - fs-writeback: do not requeue a clean inode having skipped pages (bsc#1234200). - fs/writeback: bail out if there is no more inodes for IO and queued once (bsc#1234207). - fsnotify: fix sending inotify event with unexpected filename (bsc#1234198). - genirq/cpuhotplug: Retry with cpu_online_mask when migration fails (git-fixes). - genirq/cpuhotplug: Skip suspended interrupts when restoring affinity (git-fixes). - genirq/irqdesc: Honor caller provided affinity in alloc_desc() (git-fixes). - gpio: grgpio: Add NULL check in grgpio_probe (git-fixes). - gpio: grgpio: use a helper variable to store the address of ofdev->dev (stable-fixes). - hfsplus: do not query the device logical block size multiple times (git-fixes). - HID: magicmouse: Apple Magic Trackpad 2 USB-C driver support (stable-fixes). - hvc/xen: fix console unplug (git-fixes). - hvc/xen: fix error path in xen_hvc_init() to always register frontend driver (git-fixes). - hvc/xen: fix event channel handling for secondary consoles (git-fixes). - hwmon: (nct6775) Add 665-ACE/600M-CL to ASUS WMI monitoring list (stable-fixes). - hwmon: (pmbus_core) Allow to hook PMBUS_SMBALERT_MASK (stable-fixes). - hwmon: (pmbus/core) clear faults after setting smbalert mask (git-fixes). - hwmon: (tmp513) Do not use 'proxy' headers (stable-fixes). - hwmon: (tmp513) Fix Current Register value interpretation (git-fixes). - hwmon: (tmp513) Fix interpretation of values of Shunt Voltage and Limit Registers (git-fixes). - hwmon: (tmp513) Fix interpretation of values of Temperature Result and Limit Registers (git-fixes). - hwmon: (tmp513) Simplify with dev_err_probe() (stable-fixes). - hwmon: (tmp513) Use SI constants from units.h (stable-fixes). - i2c: imx: add imx7d compatible string for applying erratum ERR007805 (git-fixes). - i2c: microchip-core: actually use repeated sends (git-fixes). - i2c: microchip-core: fix 'ghost' detections (git-fixes). - i2c: pnx: Fix timeout in wait functions (git-fixes). - i2c: riic: Always round-up when calculating bus period (git-fixes). - i40e: Fix handling changed priv flags (git-fixes). - i915/guc: Accumulate active runtime on gt reset (git-fixes). - i915/guc: Ensure busyness counter increases motonically (git-fixes). - i915/guc: Reset engine utilization buffer before registration (git-fixes). - ice: change q_index variable type to s16 to store -1 value (git-fixes). - ice: consistently use q_idx in ice_vc_cfg_qs_msg() (git-fixes). - ice: fix PHY Clock Recovery availability check (git-fixes). - ice: Unbind the workqueue (bsc#1234989) - idpf: add support for SW triggered interrupts (bsc#1235507). - idpf: enable WB_ON_ITR (bsc#1235507). - idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507). - igb: Fix potential invalid memory access in igb_init_module() (git-fixes). - iio: magnetometer: yas530: use signed integer type for clamp limits (git-fixes). - instrumentation: Wire up cmpxchg128() (bsc#1220773). - io_uring: always lock __io_cqring_overflow_flush (git-fixes). - io_uring: check if iowq is killed before queuing (git-fixes). - io_uring: Fix registered ring file refcount leak (git-fixes). - io_uring/rw: avoid punting to io-wq directly (git-fixes). - io_uring/tctx: work around xa_store() allocation error issue (git-fixes). - iommu/io-pgtable-arm: Fix stage-2 map/unmap for concatenated tables (git-fixes). - irqflags: Explicitly ignore lockdep_hrtimer_exit() argument (git-fixes). - isofs: handle CDs with bad root inode but good Joliet root directory (bsc#1234199). - ixgbe: downgrade logging of unsupported VF API version to debug (git-fixes). - ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5 (git-fixes). - jffs2: Fix rtime decompressor (git-fixes). - jffs2: fix use of uninitialized variable (git-fixes). - jffs2: Prevent rtime decompress memory corruption (git-fixes). - jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree (git-fixes). - jfs: array-index-out-of-bounds fix in dtReadFirst (git-fixes). - jfs: fix array-index-out-of-bounds in jfs_readdir (git-fixes). - jfs: fix shift-out-of-bounds in dbSplit (git-fixes). - jfs: xattr: check invalid xattr size more strictly (git-fixes). - kasan: make report_lock a raw spinlock (git-fixes). - kdb: address -Wformat-security warnings (bsc#1234659). - kdb: Fix buffer overflow during tab-complete (bsc#1234652). - kdb: Fix console handling when editing and tab-completing commands (bsc#1234655). - kdb: Merge identical case statements in kdb_read() (bsc#1234657). - kdb: Use format-specifiers rather than memset() for padding in kdb_read() (bsc#1234658). - kdb: Use format-strings rather than '\0' injection in kdb_read() (bsc#1234654). - kdb: Use the passed prompt in kdb_position_cursor() (bsc#1234654). - kgdb: Flush console before entering kgdb on panic (bsc#1234651). - leds: class: Protect brightness_show() with led_cdev->led_access mutex (stable-fixes). - linux/dmaengine.h: fix a few kernel-doc warnings (git-fixes). - locking/atomic/x86: Correct the definition of __arch_try_cmpxchg128() (bsc#1220773 git-fix). - loop: fix the the direct I/O support check when used on top of block devices (bsc#1234143). - mac80211: fix user-power when emulating chanctx (stable-fixes). - media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108 (stable-fixes). - media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg (git-fixes). - media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera (stable-fixes). - media: uvcvideo: RealSense D421 Depth module metadata (stable-fixes). - mfd: da9052-spi: Change read-mask to write-mask (git-fixes). - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices (git-fixes). - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device (git-fixes). - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device (git-fixes). - mm/filemap: avoid buffered read/write race to read inconsistent data (bsc#1234204). - mm/readahead: do not allow order-1 folio (bsc#1234205). - mm/readahead: limit page cache size in page_cache_ra_order() (bsc#1234208). - mmc: core: Add SD card quirk for broken poweroff notification (stable-fixes). - mmc: mtk-sd: fix devm_clk_get_optional usage (stable-fixes). - mmc: mtk-sd: Fix MMC_CAP2_CRYPTO flag setting (git-fixes). - mmc: sdhci-esdhc-imx: enable quirks SDHCI_QUIRK_NO_LED (stable-fixes). - mmc: sdhci-pci: Add DMI quirk for missing CD GPIO on Vexia Edu Atla 10 tablet (stable-fixes). - mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk (git-fixes). - mtd: diskonchip: Cast an operand to prevent potential overflow (git-fixes). - mtd: hyperbus: rpc-if: Add missing MODULE_DEVICE_TABLE (git-fixes). - mtd: hyperbus: rpc-if: Convert to platform remove callback returning void (stable-fixes). - mtd: rawnand: arasan: Fix double assertion of chip-select (git-fixes). - mtd: rawnand: arasan: Fix missing de-registration of NAND (git-fixes). - mtd: rawnand: fix double free in atmel_pmecc_create_user() (git-fixes). - net :mana :Request a V2 response version for MANA_QUERY_GF_STAT (git-fixes). - net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246). - net: Return error from sk_stream_wait_connect() if sk_wait_event() fails (git-fixes). - net: usb: qmi_wwan: add Quectel RG650V (stable-fixes). - net/ipv6: release expired exception dst cached in socket (bsc#1216813). - net/mlx5e: clear xdp features on non-uplink representors (git-fixes). - net/mlx5e: CT: Fix null-ptr-deref in add rule err flow (git-fixes). - net/mlx5e: Remove workaround to avoid syndrome for internal port (git-fixes). - net/qed: allow old cards not supporting 'num_images' to work (git-fixes). - nfs: ignore SB_RDONLY when mounting nfs (git-fixes). - NFS/pnfs: Fix a live lock between recalled layouts and layoutget (git-fixes). - NFSD: Async COPY result needs to return a write verifier (git-fixes). - NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() (git-fixes). - nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur (git-fixes). - NFSD: Fix nfsd4_shutdown_copy() (git-fixes). - NFSD: initialize copy->cp_clp early in nfsd4_copy for use by trace point (git-fixes). - nfsd: make sure exp active before svc_export_show (git-fixes). - NFSD: Prevent a potential integer overflow (git-fixes). - NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (git-fixes). - nfsd: release svc_expkey/svc_export with rcu_work (git-fixes). - NFSD: Remove a never-true comparison (git-fixes). - nfsd: restore callback functionality for NFSv4.0 (git-fixes). - NFSv4.0: Fix a use-after-free problem in the asynchronous open() (git-fixes). - nilfs2: fix buffer head leaks in calls to truncate_inode_pages() (git-fixes). - nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (git-fixes). - nilfs2: prevent use of deleted inode (git-fixes). - nvme-pci: 512 byte aligned dma pool segment quirk (git-fixes). - nvme-rdma: unquiesce admin_q before destroy it (git-fixes). - nvme-tcp: fix the memleak while create new ctrl failed (git-fixes). - nvme: apple: fix device reference counting (git-fixes). - nvme: fix metadata handling in nvme-passthrough (git-fixes). - nvme/multipath: Fix RCU list traversal to use SRCU primitive (git-fixes). - nvmet-loop: avoid using mutex in IO hotpath (git-fixes). - ocfs2: fix uninitialized value in ocfs2_file_read_iter() (git-fixes). - ocfs2: free inode when ocfs2_get_init_inode() fails (git-fixes). - Octeontx2-pf: Free send queue buffers incase of leaf to inner (git-fixes). - of: address: Report error on resource bounds overflow (stable-fixes). - of: Fix error path in of_parse_phandle_with_args_map() (git-fixes). - of: Fix refcount leakage for OF node returned by __of_get_dma_parent() (git-fixes). - of/irq: Fix using uninitialized variable @addr_len in API of_irq_parse_one() (git-fixes). - parisc: Raise minimal GCC version (bsc#1220773). - parisc: Raise minimal GCC version to 12.0.0 (bsc#1220773 git-fix). - PCI: Add 'reset_subordinate' to reset hierarchy below bridge (stable-fixes). - PCI: Add ACS quirk for Broadcom BCM5760X NIC (stable-fixes). - PCI: Add ACS quirk for Wangxun FF5xxx NICs (stable-fixes). - PCI: Add T_PERST_CLK_US macro (git-fixes). - PCI: cadence: Extract link setup sequence from cdns_pcie_host_setup() (stable-fixes). - PCI: cadence: Set cdns_pcie_host_init() global (stable-fixes). - PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads (stable-fixes). - PCI: Detect and trust built-in Thunderbolt chips (stable-fixes). - PCI: Fix use-after-free of slot->bus on hot remove (stable-fixes). - PCI: j721e: Add PCIe 4x lane selection support (stable-fixes). - PCI: j721e: Add per platform maximum lane settings (stable-fixes). - PCI: j721e: Add reset GPIO to struct j721e_pcie (stable-fixes). - PCI: j721e: Add suspend and resume support (git-fixes). - PCI: j721e: Use T_PERST_CLK_US macro (git-fixes). - PCI: qcom: Add support for IPQ9574 (stable-fixes). - PCI: Use preserve_config in place of pci_flags (stable-fixes). - PCI: vmd: Add DID 8086:B06F and 8086:B60B for Intel client SKUs (stable-fixes). - PCI: vmd: Set devices to D0 before enabling PM L1 Substates (stable-fixes). - PCI/AER: Disable AER service on suspend (stable-fixes). - PCI/MSI: Handle lack of irqdomain gracefully (git-fixes). - percpu: Add {raw,this}_cpu_try_cmpxchg() (bsc#1220773). - percpu: Fix self-assignment of __old in raw_cpu_generic_try_cmpxchg() (bsc#1220773 git-fix). - percpu: Wire up cmpxchg128 (bsc#1220773). - phy: core: Fix an OF node refcount leakage in _of_phy_get() (git-fixes). - phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup() (git-fixes). - phy: core: Fix that API devm_of_phy_provider_unregister() fails to unregister the phy provider (git-fixes). - phy: core: Fix that API devm_phy_destroy() fails to destroy the phy (git-fixes). - phy: core: Fix that API devm_phy_put() fails to release the phy (git-fixes). - phy: qcom-qmp: Fix register name in RX Lane config of SC8280XP (git-fixes). - phy: rockchip: naneng-combphy: fix phy reset (git-fixes). - phy: usb: Toggle the PHY power during init (git-fixes). - pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking (git-fixes). - pinctrl: qcom-pmic-gpio: add support for PM8937 (stable-fixes). - pinctrl: qcom: spmi-mpp: Add PM8937 compatible (stable-fixes). - pinmux: Use sequential access to access desc->pinmux data (stable-fixes). - platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes). - platform/x86: asus-nb-wmi: Ignore unknown event 0xCF (stable-fixes). - platform/x86: dell-smbios-base: Extends support to Alienware products (stable-fixes). - platform/x86: dell-wmi-base: Handle META key Lock/Unlock events (stable-fixes). - platform/x86: thinkpad_acpi: Fix for ThinkPad's with ECFW showing incorrect fan speed (stable-fixes). - power: supply: gpio-charger: Fix set charge current limits (git-fixes). - powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active (bsc#1235108). - proc/softirqs: replace seq_printf with seq_put_decimal_ull_width (git-fixes). - quota: explicitly forbid quota files from being encrypted (bsc#1234196). - quota: Fix rcu annotations of inode dquot pointers (bsc#1234197). - quota: flush quota_release_work upon quota writeback (bsc#1234195). - quota: simplify drop_dquot_ref() (bsc#1234197). - RAS/AMD/ATL: Translate normalized to system physical addresses using PRM (jsc#PED-10467). - RDMA/bnxt_re: Add check for path mtu in modify_qp (git-fixes) - RDMA/bnxt_re: Avoid initializing the software queue for user queues (git-fixes) - RDMA/bnxt_re: Avoid sending the modify QP workaround for latest adapters (git-fixes) - RDMA/bnxt_re: Disable use of reserved wqes (git-fixes) - RDMA/bnxt_re: Fix max_qp_wrs reported (git-fixes) - RDMA/bnxt_re: Fix reporting hw_ver in query_device (git-fixes) - RDMA/bnxt_re: Fix the check for 9060 condition (git-fixes) - RDMA/bnxt_re: Fix the locking while accessing the QP table (git-fixes) - RDMA/bnxt_re: Remove always true dattr validity check (git-fixes) - RDMA/core: Fix ENODEV error for iWARP test over vlan (git-fixes) - RDMA/hns: Fix accessing invalid dip_ctx during destroying QP (git-fixes) - RDMA/hns: Fix mapping error of zero-hop WQE buffer (git-fixes) - RDMA/hns: Fix missing flush CQE for DWQE (git-fixes) - RDMA/hns: Fix warning storm caused by invalid input in IO path (git-fixes) - RDMA/mlx5: Enforce same type port association for multiport RoCE (git-fixes) - RDMA/rtrs: Ensure 'ib_sge list' is accessible (git-fixes) - RDMA/uverbs: Prevent integer overflow issue (git-fixes) - readahead: use ilog2 instead of a while loop in page_cache_ra_order() (bsc#1234208). - regmap: Use correct format specifier for logging range errors (stable-fixes). - regulator: rk808: Add apply_bit for BUCK3 on RK809 (stable-fixes). - rtc: cmos: avoid taking rtc_lock for extended period of time (stable-fixes). - s390/cio: Do not unregister the subchannel based on DNV (git-fixes). - s390/cpum_sf: Convert to cmpxchg128() (bsc#1220773). - s390/cpum_sf: Handle CPU hotplug remove during sampling (git-fixes). - s390/cpum_sf: Remove WARN_ON_ONCE statements (git-fixes). - s390/facility: Disable compile time optimization for decompressor code (git-fixes). - s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() (git-fixes). - s390/pageattr: Implement missing kernel_page_present() (git-fixes). - scatterlist: fix incorrect func name in kernel-doc (git-fixes). - sched/numa: fix memory leak due to the overwritten vma->numab_state (git fixes (sched/numa)). - scsi: lpfc: Add handling for LS_RJT reason explanation authentication required (bsc#1235409). - scsi: lpfc: Add support for large fw object application layer reads (bsc#1235409). - scsi: lpfc: Change lpfc_nodelist save_flags member into a bitmask (bsc#1235409). - scsi: lpfc: Copyright updates for 14.4.0.7 patches (bsc#1235409). - scsi: lpfc: Delete NLP_TARGET_REMOVE flag due to obsolete usage (bsc#1235409). - scsi: lpfc: Modify handling of ADISC based on ndlp state and RPI registration (bsc#1235409). - scsi: lpfc: Redefine incorrect type in lpfc_create_device_data() (bsc#1235409). - scsi: lpfc: Restrict the REG_FCFI MAM field to FCoE adapters only (bsc#1235409). - scsi: lpfc: Update definition of firmware configuration mbox cmds (bsc#1235409). - scsi: lpfc: Update lpfc version to 14.4.0.7 (bsc#1235409). - scsi: qla2xxx: Fix abort in bsg timeout (bsc#1235406). - scsi: qla2xxx: Fix NVMe and NPIV connect issue (bsc#1235406). - scsi: qla2xxx: Fix use after free on unload (bsc#1235406). - scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt (bsc#1235406). - scsi: qla2xxx: Remove the unused 'del_list_entry' field in struct fc_port (bsc#1235406). - scsi: qla2xxx: Supported speed displayed incorrectly for VPorts (bsc#1235406). - scsi: qla2xxx: Update version to 10.02.09.400-k (bsc#1235406). - scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes). - selftests/bpf: Test PROBE_MEM of VSYSCALL_ADDR on x86-64 (git-fixes). - serial: 8250_dw: Add Sophgo SG2044 quirk (stable-fixes). - serial: 8250_dw: Do not use struct dw8250_data outside of 8250_dw (git-fixes). - serial: 8250_dw: Replace ACPI device check by a quirk (git-fixes). - serial: 8250_fintek: Add support for F81216E (stable-fixes). - serial: amba-pl011: fix build regression (git-fixes). - serial: amba-pl011: Fix RX stall when DMA is used (git-fixes). - serial: amba-pl011: Use port lock wrappers (stable-fixes). - serial: Do not hold the port lock when setting rx-during-tx GPIO (git-fixes). - serial: do not use uninitialized value in uart_poll_init() (git-fixes). - serial: imx: only set receiver level if it is zero (git-fixes). - serial: imx: set receiver level before starting uart (git-fixes). - serial: qcom-geni: disable interrupts during console writes (git-fixes). - serial: qcom-geni: Do not cancel/abort if we can't get the port lock (git-fixes). - serial: qcom-geni: fix arg types for qcom_geni_serial_poll_bit() (git-fixes). - serial: qcom-geni: fix console corruption (git-fixes). - serial: qcom-geni: fix dma rx cancellation (git-fixes). - serial: qcom-geni: fix false console tx restart (git-fixes). - serial: qcom-geni: fix fifo polling timeout (git-fixes). - serial: qcom-geni: fix hard lockup on buffer flush (git-fixes). - serial: qcom-geni: fix polled console corruption (git-fixes). - serial: qcom-geni: fix polled console initialisation (git-fixes). - serial: qcom-geni: fix receiver enable (git-fixes). - serial: qcom-geni: fix shutdown race (git-fixes). - serial: qcom-geni: fix soft lockup on sw flow control and suspend (git-fixes). - serial: qcom-geni: introduce qcom_geni_serial_poll_bitfield() (git-fixes). - serial: qcom-geni: revert broken hibernation support (git-fixes). - serial: stm32: do not always set SER_RS485_RX_DURING_TX if RS485 is enabled (git-fixes). - serial: stm32: Return IRQ_NONE in the ISR if no handling happend (git-fixes). - slub: Replace cmpxchg_double() - KABI fix (bsc#1220773). - slub: Replace cmpxchg_double() (bsc#1220773). - smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: fix issue described in bsc#1233642] - soc: fsl: cpm1: qmc: Fix blank line and spaces (stable-fixes). - soc: fsl: cpm1: qmc: Introduce qmc_{init,exit}_xcc() and their CPM1 version (stable-fixes). - soc: fsl: cpm1: qmc: Introduce qmc_init_resource() and its CPM1 version (stable-fixes). - soc: fsl: cpm1: qmc: Re-order probe() operations (stable-fixes). - soc: fsl: cpm1: qmc: Set the ret error code on platform_get_irq() failure (git-fixes). - soc: imx8m: Probe the SoC driver as platform driver (stable-fixes). - soc: qcom: Add check devm_kasprintf() returned value (stable-fixes). - soc: qcom: geni-se: add GP_LENGTH/IRQ_EN_SET/IRQ_EN_CLEAR registers (git-fixes). - soc: qcom: geni-se: Add M_TX_FIFO_NOT_EMPTY bit definition (git-fixes). - soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() (git-fixes). - soc/fsl: cpm: qmc: Convert to platform remove callback returning void (stable-fixes). - spi: aspeed: Fix an error handling path in aspeed_spi_[read|write]_user() (git-fixes). - sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport (git-fixes). - sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (git-fixes). - sunrpc: handle -ENOTCONN in xs_tcp_setup_socket() (git-fixes). - SUNRPC: make sure cache entry active before cache_show (git-fixes). - SUNRPC: timeout and cancel TLS handshake with -ETIMEDOUT (git-fixes). - svcrdma: Address an integer overflow (git-fixes). - svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() (git-fixes). - swiotlb: Enforce page alignment in swiotlb_alloc() (git-fixes). - swiotlb: Reinstate page-alignment for mappings >= PAGE_SIZE (git-fixes). - thermal/drivers/qcom/tsens-v1: Add support for MSM8937 tsens (stable-fixes). - tools: hv: change permissions of NetworkManager configuration file (git-fixes). - tpm_tis_spi: Release chip select when flow control fails (bsc#1234338) - tpm/eventlog: Limit memory allocations for event logs with excessive size (bsc#1233260 bsc#1233259 bsc#1232421). - tty: serial: kgdboc: Fix 8250_* kgdb over serial (git-fixes). - types: Introduce [us]128 (bsc#1220773). - ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit (git-fixes). - ubifs: Correct the total block count by deducting journal reservation (git-fixes). - udf: Fix lock ordering in udf_evict_inode() (bsc#1234238). - udf: fix uninit-value use in udf_get_fileshortad (bsc#1234243). - udf: prevent integer overflow in udf_bitmap_free_blocks() (bsc#1234239). - udf: refactor inode_bmap() to handle error (bsc#1234242). - udf: refactor udf_current_aext() to handle error (bsc#1234240). - udf: refactor udf_next_aext() to handle error (bsc#1234241). - udf: udftime: prevent overflow in udf_disk_stamp_to_time() (bsc#1234237). - usb: add support for new USB device ID 0x17EF:0x3098 for the r8152 driver (stable-fixes). - usb: cdns3-ti: Add workaround for Errata i2409 (stable-fixes). - usb: cdns3: Add quirk flag to enable suspend residency (stable-fixes). - usb: chipidea: udc: handle USB Error Interrupt if IOC not set (stable-fixes). - usb: dwc2: Fix HCD port connection race (git-fixes). - usb: dwc2: Fix HCD resume (git-fixes). - usb: dwc2: gadget: Do not write invalid mapped sg entries into dma_desc with iommu enabled (stable-fixes). - usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature (git-fixes). - usb: dwc3: ep0: Do not clear ep0 DWC3_EP_TRANSFER_STARTED (git-fixes). - usb: dwc3: ep0: Do not reset resource alloc flag (git-fixes). - usb: dwc3: ep0: Do not reset resource alloc flag (including ep0) (git-fixes). - usb: dwc3: gadget: Rewrite endpoint allocation flow (stable-fixes). - usb: dwc3: xilinx: make sure pipe clock is deselected in usb2 only mode (git-fixes). - usb: ehci-hcd: fix call balance of clocks handling routines (git-fixes). - usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer (git-fixes). - usb: host: max3421-hcd: Correctly abort a USB request (git-fixes). - USB: serial: option: add MediaTek T7XX compositions (stable-fixes). - USB: serial: option: add MeiG Smart SLM770A (stable-fixes). - USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready (stable-fixes). - USB: serial: option: add TCL IK512 MBIM & ECM (stable-fixes). - USB: serial: option: add Telit FE910C04 rmnet compositions (stable-fixes). - usb: typec: anx7411: fix fwnode_handle reference leak (git-fixes). - usb: typec: anx7411: fix OF node reference leaks in anx7411_typec_switch_probe() (git-fixes). - usb: typec: use cleanup facility for 'altmodes_node' (stable-fixes). - vdpa: solidrun: Fix UB bug with devres (git-fixes). - vDPA/ifcvf: Fix pci_read_config_byte() return code handling (git-fixes). - vdpa/mlx5: Fix PA offset with unaligned starting iotlb map (git-fixes). - vdpa/mlx5: Fix suboptimal range on iotlb iteration (git-fixes). - vfs: fix readahead(2) on block devices (bsc#1234201). - wifi: ath5k: add PCI ID for Arcadyan devices (git-fixes). - wifi: ath5k: add PCI ID for SX76X (git-fixes). - wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() (stable-fixes). - wifi: cfg80211: sme: init n_channels before channels[] access (git-fixes). - wifi: cw1200: Fix potential NULL dereference (git-fixes). - wifi: ipw2x00: libipw_rx_any(): fix bad alignment (stable-fixes). - wifi: iwlwifi: mvm: Use the sync timepoint API in suspend (stable-fixes). - wifi: mac80211: clean up 'ret' in sta_link_apply_parameters() (stable-fixes). - wifi: mac80211: fix station NSS capability initialization order (git-fixes). - wifi: mac80211: init cnt before accessing elem in ieee80211_copy_mbssid_beacon (git-fixes). - wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one (git-fixes). - wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures (stable-fixes). - wifi: rtw89: check return value of ieee80211_probereq_get() for RNR (stable-fixes). - workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker (bsc#1235416). - writeback, cgroup: switch inodes with dirty timestamps to release dying cgwbs (bsc#1234203). - x86,amd_iommu: Replace cmpxchg_double() (bsc#1220773). - x86,intel_iommu: Replace cmpxchg_double() (bsc#1220773). - x86/hyperv: Fix hv tsc page based sched_clock for hibernation (git-fixes). - xfs: do not allocate COW extents when unsharing a hole (git-fixes). - xfs: fix sb_spino_align checks for large fsblock sizes (git-fixes). - xfs: remove unknown compat feature check in superblock write validation (git-fixes). - xfs: return from xfs_symlink_verify early on V4 filesystems (git-fixes). - xfs: sb_spino_align is not verified (git-fixes). - xhci: Add usb cold attach (CAS) as a reason to resume root hub (git-fixes). - xhci: Allow RPM on the USB controller (1022:43f7) by default (stable-fixes). - xhci: fix possible null pointer deref during xhci urb enqueue (git-fixes). Important SUSE bug 1214954 SUSE bug 1216813 SUSE bug 1220773 SUSE bug 1224095 SUSE bug 1224726 SUSE bug 1225743 SUSE bug 1225758 SUSE bug 1225820 SUSE bug 1227445 SUSE bug 1228526 SUSE bug 1229809 SUSE bug 1230205 SUSE bug 1230413 SUSE bug 1230697 SUSE bug 1231854 SUSE bug 1231909 SUSE bug 1231963 SUSE bug 1232193 SUSE bug 1232198 SUSE bug 1232201 SUSE bug 1232418 SUSE bug 1232419 SUSE bug 1232420 SUSE bug 1232421 SUSE bug 1232436 SUSE bug 1233038 SUSE bug 1233070 SUSE bug 1233096 SUSE bug 1233200 SUSE bug 1233204 SUSE bug 1233239 SUSE bug 1233259 SUSE bug 1233260 SUSE bug 1233324 SUSE bug 1233328 SUSE bug 1233461 SUSE bug 1233467 SUSE bug 1233468 SUSE bug 1233469 SUSE bug 1233546 SUSE bug 1233558 SUSE bug 1233637 SUSE bug 1233642 SUSE bug 1233772 SUSE bug 1233837 SUSE bug 1234024 SUSE bug 1234069 SUSE bug 1234071 SUSE bug 1234073 SUSE bug 1234075 SUSE bug 1234076 SUSE bug 1234077 SUSE bug 1234079 SUSE bug 1234086 SUSE bug 1234139 SUSE bug 1234140 SUSE bug 1234141 SUSE bug 1234142 SUSE bug 1234143 SUSE bug 1234144 SUSE bug 1234145 SUSE bug 1234146 SUSE bug 1234147 SUSE bug 1234148 SUSE bug 1234149 SUSE bug 1234150 SUSE bug 1234153 SUSE bug 1234155 SUSE bug 1234156 SUSE bug 1234158 SUSE bug 1234159 SUSE bug 1234160 SUSE bug 1234161 SUSE bug 1234162 SUSE bug 1234163 SUSE bug 1234164 SUSE bug 1234165 SUSE bug 1234166 SUSE bug 1234167 SUSE bug 1234168 SUSE bug 1234169 SUSE bug 1234170 SUSE bug 1234171 SUSE bug 1234172 SUSE bug 1234173 SUSE bug 1234174 SUSE bug 1234175 SUSE bug 1234176 SUSE bug 1234177 SUSE bug 1234178 SUSE bug 1234179 SUSE bug 1234180 SUSE bug 1234181 SUSE bug 1234182 SUSE bug 1234183 SUSE bug 1234184 SUSE bug 1234185 SUSE bug 1234186 SUSE bug 1234187 SUSE bug 1234188 SUSE bug 1234189 SUSE bug 1234190 SUSE bug 1234191 SUSE bug 1234192 SUSE bug 1234193 SUSE bug 1234194 SUSE bug 1234195 SUSE bug 1234196 SUSE bug 1234197 SUSE bug 1234198 SUSE bug 1234199 SUSE bug 1234200 SUSE bug 1234201 SUSE bug 1234203 SUSE bug 1234204 SUSE bug 1234205 SUSE bug 1234207 SUSE bug 1234208 SUSE bug 1234209 SUSE bug 1234219 SUSE bug 1234220 SUSE bug 1234221 SUSE bug 1234237 SUSE bug 1234238 SUSE bug 1234239 SUSE bug 1234240 SUSE bug 1234241 SUSE bug 1234242 SUSE bug 1234243 SUSE bug 1234278 SUSE bug 1234279 SUSE bug 1234280 SUSE bug 1234281 SUSE bug 1234282 SUSE bug 1234294 SUSE bug 1234338 SUSE bug 1234357 SUSE bug 1234381 SUSE bug 1234454 SUSE bug 1234464 SUSE bug 1234605 SUSE bug 1234651 SUSE bug 1234652 SUSE bug 1234654 SUSE bug 1234655 SUSE bug 1234657 SUSE bug 1234658 SUSE bug 1234659 SUSE bug 1234668 SUSE bug 1234690 SUSE bug 1234725 SUSE bug 1234726 SUSE bug 1234810 SUSE bug 1234811 SUSE bug 1234826 SUSE bug 1234827 SUSE bug 1234829 SUSE bug 1234832 SUSE bug 1234834 SUSE bug 1234843 SUSE bug 1234846 SUSE bug 1234848 SUSE bug 1234853 SUSE bug 1234855 SUSE bug 1234856 SUSE bug 1234884 SUSE bug 1234889 SUSE bug 1234891 SUSE bug 1234899 SUSE bug 1234900 SUSE bug 1234905 SUSE bug 1234907 SUSE bug 1234909 SUSE bug 1234911 SUSE bug 1234912 SUSE bug 1234916 SUSE bug 1234918 SUSE bug 1234920 SUSE bug 1234921 SUSE bug 1234922 SUSE bug 1234929 SUSE bug 1234930 SUSE bug 1234937 SUSE bug 1234948 SUSE bug 1234950 SUSE bug 1234952 SUSE bug 1234960 SUSE bug 1234962 SUSE bug 1234963 SUSE bug 1234968 SUSE bug 1234969 SUSE bug 1234970 SUSE bug 1234971 SUSE bug 1234973 SUSE bug 1234974 SUSE bug 1234989 SUSE bug 1234999 SUSE bug 1235002 SUSE bug 1235003 SUSE bug 1235004 SUSE bug 1235007 SUSE bug 1235009 SUSE bug 1235016 SUSE bug 1235019 SUSE bug 1235033 SUSE bug 1235045 SUSE bug 1235056 SUSE bug 1235061 SUSE bug 1235075 SUSE bug 1235108 SUSE bug 1235128 SUSE bug 1235134 SUSE bug 1235138 SUSE bug 1235246 SUSE bug 1235406 SUSE bug 1235409 SUSE bug 1235416 SUSE bug 1235507 SUSE bug 1235550 CVE-2024-26924 at SUSE CVE-2024-26924 at NVD CVE-2024-27397 at SUSE CVE-2024-27397 at NVD CVE-2024-35839 at SUSE CVE-2024-35839 at NVD CVE-2024-36908 at SUSE CVE-2024-36908 at NVD CVE-2024-36915 at SUSE CVE-2024-36915 at NVD CVE-2024-39480 at SUSE CVE-2024-39480 at NVD CVE-2024-41042 at SUSE CVE-2024-41042 at NVD CVE-2024-44934 at SUSE CVE-2024-44934 at NVD CVE-2024-44996 at SUSE CVE-2024-44996 at NVD CVE-2024-47678 at SUSE CVE-2024-47678 at NVD CVE-2024-49854 at SUSE CVE-2024-49854 at NVD CVE-2024-49884 at SUSE CVE-2024-49884 at NVD CVE-2024-49915 at SUSE CVE-2024-49915 at NVD CVE-2024-50016 at SUSE CVE-2024-50016 at NVD CVE-2024-50018 at SUSE CVE-2024-50018 at NVD CVE-2024-50039 at SUSE CVE-2024-50039 at NVD CVE-2024-50047 at SUSE CVE-2024-50047 at NVD CVE-2024-50143 at SUSE CVE-2024-50143 at NVD CVE-2024-50154 at SUSE CVE-2024-50154 at NVD CVE-2024-50202 at SUSE CVE-2024-50202 at NVD CVE-2024-50203 at SUSE CVE-2024-50203 at NVD CVE-2024-50211 at SUSE CVE-2024-50211 at NVD CVE-2024-50228 at SUSE CVE-2024-50228 at NVD CVE-2024-50256 at SUSE CVE-2024-50256 at NVD CVE-2024-50262 at SUSE CVE-2024-50262 at NVD CVE-2024-50272 at SUSE CVE-2024-50272 at NVD CVE-2024-50278 at SUSE CVE-2024-50278 at NVD CVE-2024-50279 at SUSE CVE-2024-50279 at NVD CVE-2024-50280 at SUSE CVE-2024-50280 at NVD CVE-2024-53050 at SUSE CVE-2024-53050 at NVD CVE-2024-53064 at SUSE CVE-2024-53064 at NVD CVE-2024-53090 at SUSE CVE-2024-53090 at NVD CVE-2024-53099 at SUSE CVE-2024-53099 at NVD CVE-2024-53103 at SUSE CVE-2024-53103 at NVD CVE-2024-53105 at SUSE CVE-2024-53105 at NVD CVE-2024-53111 at SUSE CVE-2024-53111 at NVD CVE-2024-53113 at SUSE CVE-2024-53113 at NVD CVE-2024-53117 at SUSE CVE-2024-53117 at NVD CVE-2024-53118 at SUSE CVE-2024-53118 at NVD CVE-2024-53119 at SUSE CVE-2024-53119 at NVD CVE-2024-53120 at SUSE CVE-2024-53120 at NVD CVE-2024-53122 at SUSE CVE-2024-53122 at NVD CVE-2024-53125 at SUSE CVE-2024-53125 at NVD CVE-2024-53126 at SUSE CVE-2024-53126 at NVD CVE-2024-53127 at SUSE CVE-2024-53127 at NVD CVE-2024-53129 at SUSE CVE-2024-53129 at NVD CVE-2024-53130 at SUSE CVE-2024-53130 at NVD CVE-2024-53131 at SUSE CVE-2024-53131 at NVD CVE-2024-53133 at SUSE CVE-2024-53133 at NVD CVE-2024-53134 at SUSE CVE-2024-53134 at NVD CVE-2024-53136 at SUSE CVE-2024-53136 at NVD CVE-2024-53141 at SUSE CVE-2024-53141 at NVD CVE-2024-53142 at SUSE CVE-2024-53142 at NVD CVE-2024-53144 at SUSE CVE-2024-53144 at NVD CVE-2024-53146 at SUSE CVE-2024-53146 at NVD CVE-2024-53148 at SUSE CVE-2024-53148 at NVD CVE-2024-53150 at SUSE CVE-2024-53150 at NVD CVE-2024-53151 at SUSE CVE-2024-53151 at NVD CVE-2024-53154 at SUSE CVE-2024-53154 at NVD CVE-2024-53155 at SUSE CVE-2024-53155 at NVD CVE-2024-53156 at SUSE CVE-2024-53156 at NVD CVE-2024-53157 at SUSE CVE-2024-53157 at NVD CVE-2024-53158 at SUSE CVE-2024-53158 at NVD CVE-2024-53159 at SUSE CVE-2024-53159 at NVD CVE-2024-53160 at SUSE CVE-2024-53160 at NVD CVE-2024-53161 at SUSE CVE-2024-53161 at NVD CVE-2024-53162 at SUSE CVE-2024-53162 at NVD CVE-2024-53166 at SUSE CVE-2024-53166 at NVD CVE-2024-53169 at SUSE CVE-2024-53169 at NVD CVE-2024-53171 at SUSE CVE-2024-53171 at NVD CVE-2024-53173 at SUSE CVE-2024-53173 at NVD CVE-2024-53174 at SUSE CVE-2024-53174 at NVD CVE-2024-53179 at SUSE CVE-2024-53179 at NVD CVE-2024-53180 at SUSE CVE-2024-53180 at NVD CVE-2024-53188 at SUSE CVE-2024-53188 at NVD CVE-2024-53190 at SUSE CVE-2024-53190 at NVD CVE-2024-53191 at SUSE CVE-2024-53191 at NVD CVE-2024-53200 at SUSE CVE-2024-53200 at NVD CVE-2024-53201 at SUSE CVE-2024-53201 at NVD CVE-2024-53202 at SUSE CVE-2024-53202 at NVD CVE-2024-53206 at SUSE CVE-2024-53206 at NVD CVE-2024-53207 at SUSE CVE-2024-53207 at NVD CVE-2024-53208 at SUSE CVE-2024-53208 at NVD CVE-2024-53209 at SUSE CVE-2024-53209 at NVD CVE-2024-53210 at SUSE CVE-2024-53210 at NVD CVE-2024-53213 at SUSE CVE-2024-53213 at NVD CVE-2024-53214 at SUSE CVE-2024-53214 at NVD CVE-2024-53215 at SUSE CVE-2024-53215 at NVD CVE-2024-53216 at SUSE CVE-2024-53216 at NVD CVE-2024-53217 at SUSE CVE-2024-53217 at NVD CVE-2024-53222 at SUSE CVE-2024-53222 at NVD CVE-2024-53224 at SUSE CVE-2024-53224 at NVD CVE-2024-53229 at SUSE CVE-2024-53229 at NVD CVE-2024-53234 at SUSE CVE-2024-53234 at NVD CVE-2024-53237 at SUSE CVE-2024-53237 at NVD CVE-2024-53240 at SUSE CVE-2024-53240 at NVD CVE-2024-53241 at SUSE CVE-2024-53241 at NVD CVE-2024-56536 at SUSE CVE-2024-56536 at NVD CVE-2024-56539 at SUSE CVE-2024-56539 at NVD CVE-2024-56549 at SUSE CVE-2024-56549 at NVD CVE-2024-56551 at SUSE CVE-2024-56551 at NVD CVE-2024-56562 at SUSE CVE-2024-56562 at NVD CVE-2024-56566 at SUSE CVE-2024-56566 at NVD CVE-2024-56567 at SUSE CVE-2024-56567 at NVD CVE-2024-56576 at SUSE CVE-2024-56576 at NVD CVE-2024-56582 at SUSE CVE-2024-56582 at NVD CVE-2024-56599 at SUSE CVE-2024-56599 at NVD CVE-2024-56604 at SUSE CVE-2024-56604 at NVD CVE-2024-56605 at SUSE CVE-2024-56605 at NVD CVE-2024-56645 at SUSE CVE-2024-56645 at NVD CVE-2024-56667 at SUSE CVE-2024-56667 at NVD CVE-2024-56752 at SUSE CVE-2024-56752 at NVD CVE-2024-56754 at SUSE CVE-2024-56754 at NVD CVE-2024-56755 at SUSE CVE-2024-56755 at NVD CVE-2024-56756 at SUSE CVE-2024-56756 at NVD CVE-2024-8805 at SUSE CVE-2024-8805 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2024-35910: tcp: properly terminate timers for kernel sockets (bsc#1224489). - CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858). - CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769). - CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711). - CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712). - CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733). - CVE-2024-49940: kABI fix for l2tp: prevent possible tunnel refcount underflow (bsc#1232812). - CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389). - CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222). - CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715). - CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729). - CVE-2024-56638: kABI fix for 'netfilter: nft_inner: incorrect percpu area handling under softirq' (bsc#1235524). - CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436). - CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501). - CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455). - CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589). - CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591). - CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936). - CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621). - CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637). - CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973). - CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333). - CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532). - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076). - CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104). - CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997). - CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036). - CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy (bsc#1236111). - CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206). - CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029). - CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164). - CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313). - CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528). - CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506). - CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875). - CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738). - CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763). - CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775). - CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780). - CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897). - CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906). - CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754). - CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512). - CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971). - CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512). - CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479). - CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486). - CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478). - CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483). - CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474). - CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482). - CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481). - CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191). - CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183). - CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189). - CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173). - CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186). The following non-security bugs were fixed: - Move upstreamed PCI and initramfs patches into sorted section - Move upstreamed nfsd and sunrpc patches into sorted section - Move upstreamed powerpc and SCSI patches into sorted section - Reapply 'wifi: ath11k: restore country code during resume' (bsc#1207948). - Revert 'dm: requeue IO if mapping table not yet available' (git-fixes). - Revert 'drivers/card_reader/rtsx_usb: Restore interrupt based detection' (git-fixes). - Revert 'leds-pca955x: Remove the unused function pca95xx_num_led_regs()' (stable-fixes). - Revert 'wifi: ath11k: restore country code during resume' (bsc#1207948). - Revert 'wifi: ath11k: support hibernation' (bsc#1207948). - accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes). - accel/qaic: Fix possible data corruption in BOs > 2G (git-fixes). - acpi: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530). - acpi: resource: IRQ override for Eluktronics MECH-17 (stable-fixes). - af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb() (bsc#1239435). - af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435). - af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334). - alsa: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes). - alsa: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes). - alsa: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Always honor no_shutup_pins (git-fixes). - alsa: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes). - alsa: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes). - alsa: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes). - alsa: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes). - alsa: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes). - alsa: hda/realtek: update ALC222 depop optimize (stable-fixes). - alsa: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes). - alsa: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes). - alsa: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes). - alsa: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes). - alsa: seq: Avoid module auto-load handling at event delivery (stable-fixes). - alsa: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes). - alsa: usb-audio: separate DJM-A9 cap lvl options (git-fixes). - alsa: usx2y: validate nrpacks module parameter on probe (git-fixes). - arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes) - arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes) - arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes) - arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes) - arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes) - arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes) - arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes) - arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes) - arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes) - arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes) - arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes) - arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes) - arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes) - arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes) - arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes) - arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes) - arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes) - asoc: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes). - asoc: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes). - asoc: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes). - asoc: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes). - asoc: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes). - asoc: cs35l41: check the return value from spi_setup() (git-fixes). - asoc: ops: Consistently treat platform_max as control value (git-fixes). - asoc: rt722-sdca: add missing readable registers (git-fixes). - asoc: tas2764: Fix power control mask (stable-fixes). - asoc: tas2764: Set the SDOUT polarity correctly (stable-fixes). - asoc: tas2770: Fix volume scale (stable-fixes). - asoc: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes). - ata: ahci: Add mask_port_map module parameter (git-fixes). - ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes). - ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes). - ata: libata: Fix NCQ Non-Data log not supported print (git-fixes). - ata: pata_parport: add custom version of wait_after_reset (git-fixes). - ata: pata_parport: fit3: implement IDE command set registers (git-fixes). - ata: pata_serverworks: Do not use the term blacklist (git-fixes). - ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes). - ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes). - auxdisplay: panel: Fix an API misuse in panel.c (git-fixes). - backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes). - batman-adv: Ignore own maximum aggregation size during RX (git-fixes). - bitmap: introduce generic optimized bitmap_size() (git-fixes). - block: cleanup and fix batch completion adding conditions (git-fixes). - block: do not revert iter for -EIOCBQUEUED (git-fixes). - bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes). - bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes). - bluetooth: Improve setsockopt() handling of malformed user input (git-fixes). - bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes). - bluetooth: hci_event: Fix enabling passive scanning (git-fixes). - bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes). - bpf: Fix a verifier verbose message (git-fixes). - bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes). - bpf: Use -Wno-error in certain tests when building with GCC (git-fixes). - bpf: prevent r10 register from being marked as precise (git-fixes). - broadcom: fix supported flag check in periodic output function (git-fixes). - btrfs: check delayed refs when we're checking if a ref exists (bsc#1239605). - btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045). - btrfs: drop the backref cache during relocation if we commit (bsc#1239605). - btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045). - btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045). - btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045). - bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes). - bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes). - bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes). - bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes). - bus: simple-pm-bus: fix forced runtime PM use (git-fixes). - can: flexcan: disable transceiver during system PM (git-fixes). - can: flexcan: only change CAN state when link up in system PM (git-fixes). - can: rcar_canfd: Fix page entries in the AFL list (git-fixes). - can: ucan: fix out of bound read in strscpy() source (git-fixes). - cdx: Fix possible UAF error in driver_override_show() (git-fixes). - char: misc: deallocate static minor in error path (git-fixes). - clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes). - coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes). - cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856) - cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707). - cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856) - cpufreq/cppc: Move and rename (bsc#1237856) - cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856) - cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856) - cpumask: add cpumask_weight_andnot() (bsc#1239015). - cpumask: define cleanup function for cpumasks (bsc#1239015). - crypto: ccp - Fix check for the primary ASP device (git-fixes). - crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes). - crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes). - crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes). - crypto: hisilicon/sec2 - fix for sec spec check (git-fixes). - crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416). - crypto: iaa - Change desc->priv to 0 (jsc#PED-12416). - crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416). - crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove header table code (jsc#PED-12416). - crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416). - crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (jsc#PED-12416). - crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416). - crypto: iaa - Test the correct request flag (git-fixes). - crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416). - crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416). - crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416). - crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416). - crypto: iaa - remove unneeded semicolon (jsc#PED-12416). - crypto: nx - Fix uninitialised hv_nxc on error (git-fixes). - crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416). - crypto: qat - Constify struct pm_status_row (jsc#PED-12416). - crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416). - crypto: qat - Fix spelling mistake 'Invalide' -> 'Invalid' (jsc#PED-12416). - crypto: qat - Fix typo 'accelaration' (jsc#PED-12416). - crypto: qat - Fix typo (jsc#PED-12416). - crypto: qat - Remove trailing space after \n newline (jsc#PED-12416). - crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416). - crypto: qat - add admin msgs for telemetry (jsc#PED-12416). - crypto: qat - add auto reset on error (jsc#PED-12416). - crypto: qat - add bank save and restore flows (jsc#PED-12416). - crypto: qat - add fatal error notification (jsc#PED-12416). - crypto: qat - add fatal error notify method (jsc#PED-12416). - crypto: qat - add heartbeat error simulator (jsc#PED-12416). - crypto: qat - add interface for live migration (jsc#PED-12416). - crypto: qat - add support for 420xx devices (jsc#PED-12416). - crypto: qat - add support for device telemetry (jsc#PED-12416). - crypto: qat - add support for device telemetry (jsc#PED-12416). - crypto: qat - add support for ring pair level telemetry (jsc#PED-12416). - crypto: qat - adf_get_etr_base() helper (jsc#PED-12416). - crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416). - crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416). - crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416). - crypto: qat - disable arbitration before reset (jsc#PED-12416). - crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416). - crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416). - crypto: qat - fix 'Full Going True' macro definition (jsc#PED-12416). - crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416). - crypto: qat - fix comment structure (jsc#PED-12416). - crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416). - crypto: qat - fix recovery flow for VFs (jsc#PED-12416). - crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416). - crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416). - crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416). - crypto: qat - implement interface for live migration (jsc#PED-12416). - crypto: qat - improve aer error reset handling (jsc#PED-12416). - crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416). - crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416). - crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416). - crypto: qat - limit heartbeat notifications (jsc#PED-12416). - crypto: qat - make adf_ctl_class constant (jsc#PED-12416). - crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416). - crypto: qat - move PFVF compat checker to a function (jsc#PED-12416). - crypto: qat - move fw config related structures (jsc#PED-12416). - crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416). - crypto: qat - re-enable sriov after pf reset (jsc#PED-12416). - crypto: qat - relocate CSR access code (jsc#PED-12416). - crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416). - crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416). - crypto: qat - remove access to parity register for QAT GEN4 (git-fixes). - crypto: qat - remove unnecessary description from comment (jsc#PED-12416). - crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416). - crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416). - crypto: qat - set parity error mask for qat_420xx (git-fixes). - crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416). - crypto: qat - update PFVF protocol for recovery (jsc#PED-12416). - crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416). - crypto: qat - validate slices count returned by FW (jsc#PED-12416). - crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416). - disable CRYPTO_DEV_QAT_420XX - dlm: prevent NPD when writing a positive value to event_done (git-fixes). - dm array: fix cursor index when skipping across block boundaries (git-fixes). - dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes). - dm init: Handle minors larger than 255 (git-fixes). - dm integrity: fix out-of-range warning (git-fixes). - dm persistent data: fix memory allocation failure (git-fixes). - dm resume: do not return EINVAL when signalled (git-fixes). - dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes). - dm thin: Add missing destroy_work_on_stack() (git-fixes). - dm-crypt: do not update io->sector after kcryptd_crypt_write_io_submit() (git-fixes). - dm-crypt: track tag_offset in convert_context (git-fixes). - dm-delay: fix hung task introduced by kthread mode (git-fixes). - dm-delay: fix max_delay calculations (git-fixes). - dm-delay: fix workqueue delay_timer race (git-fixes). - dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes). - dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes). - dm-integrity: align the outgoing bio in integrity_recheck (git-fixes). - dm-integrity: fix a race condition when accessing recalc_sector (git-fixes). - dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes). - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes). - dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes). mwilck: some hand editing because d95e2c34a3ca ('dm verity: Fix IO priority lost when reading FEC and hash') is missing - dm: Fix typo in error message (git-fixes). - dma: kmsan: export kmsan_handle_dma() for modules (git-fixes). - documentation: qat: fix auto_reset attribute details (git-fixes). - documentation: qat: fix auto_reset section (git-fixes). - driver core: Remove needless return in void API device_remove_group() (git-fixes). - drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes). - drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes). - drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes). - drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes). - drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes). - drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes). - drm/amd/display: Fix HPD after gpu reset (stable-fixes). - drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes). - drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes). - drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes). - drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes). - drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes). - drm/amdgpu/umsch: declare umsch firmware (git-fixes). - drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes). - drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes). - drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes). - drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes). - drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' (git-fixes). - drm/atomic: Filter out redundant DPMS calls (stable-fixes). - drm/bridge: Fix spelling mistake 'gettin' -> 'getting' (git-fixes). - drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes). - drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes). - drm/dp_mst: Fix drm RAD print (git-fixes). - drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes). - drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes). - drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes). - drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes). - drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes). - drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro (git-fixes). - drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes). - drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr (git-fixes). - drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes). - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes). - drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes). - drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes). - drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes). - drm/msm/dpu: do not use active in atomic_check() (git-fixes). - drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes). - drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes). - drm/nouveau: Do not override forced connector status (stable-fixes). - drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes). - drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes). - drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes). - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes). - drm/repaper: fix integer overflows in repeat functions (git-fixes). - drm/sched: Fix fence reference count leak (git-fixes). - drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes). - drm/ssd130x: ensure ssd132x pitch is correct (git-fixes). - drm/ssd130x: fix ssd132x encoding (git-fixes). - drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes). - drm/vkms: Fix use after free and double free on init error (git-fixes). - drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes). - drm: xlnx: zynqmp: Fix max dma segment size (git-fixes). - dummycon: fix default rows/cols (git-fixes). - eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes). - efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349). - fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes). - fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes). - fbdev: sm501fb: Add some geometry checks (git-fixes). - firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes). - firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes). - firmware: cs_dsp: Remove async regmap writes (git-fixes). - firmware: imx-scu: fix OF node leak in .probe() (git-fixes). - flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994). - gpio: aggregator: protect driver attr handlers against module unload (git-fixes). - gpio: rcar: Fix missing of_node_put() call (git-fixes). - gpio: rcar: Use raw_spinlock to protect register access (stable-fixes). - gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes). - hid: Enable playstation driver independently of sony driver (git-fixes). - hid: apple: disable Fn key handling on the Omoton KB066 (git-fixes). - hid: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes). - hid: appleir: Fix potential NULL dereference at raw event handle (git-fixes). - hid: google: fix unused variable warning under !CONFIG_ACPI (git-fixes). - hid: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes). - hid: hid-steam: Fix use-after-free when detaching device (git-fixes). - hid: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes). - hid: ignore non-functional sensor in HP 5MP Camera (stable-fixes). - hid: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes). - hid: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes). - hid: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes). - hid: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes). - hid: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes). - hwmon: (ad7314) Validate leading zero bits and return error (git-fixes). - hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes). - hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes). - hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes). - i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes). - i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes). - i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes). - i2c: omap: fix IRQ storms (git-fixes). - i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes). - i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes). - i3c: master: svc: Fix missing the IBI rules (git-fixes). - i3c: master: svc: Use readsb helper for reading MDB (git-fixes). - ib/mad: Check available slots before posting receive WRs (git-fixes) - ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518). - iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes). - iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes). - iio: adc: ad4130: Fix comparison of channel setups (git-fixes). - iio: adc: ad7124: Fix comparison of channel configs (git-fixes). - iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes). - iio: dac: ad3552r: clear reset status flag (git-fixes). - iio: filter: admv8818: Force initialization of SDO (git-fixes). - include/linux/mmzone.h: clean up watermark accessors (bsc#1239600). - include: net: add static inline dst_dev_overhead() to dst.h (git-fixes). - init: add initramfs_internal.h (bsc#1232848). - initramfs: allocate heap buffers together (bsc#1232848). - initramfs: fix hardlink hash leak without TRAILER (bsc#1232848). - input: ads7846 - fix gpiod allocation (git-fixes). - input: i8042 - add required quirks for missing old boardnames (stable-fixes). - input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes). - input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes). - input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes). - input: iqs7222 - add support for Azoteq IQS7222D (git-fixes). - input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes). - input: iqs7222 - preserve system status register (git-fixes). - input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes). - input: xpad - add multiple supported devices (stable-fixes). - input: xpad - add support for TECNO Pocket Go (stable-fixes). - input: xpad - add support for ZOTAC Gaming Zone (stable-fixes). - input: xpad - rename QH controller to Legion Go S (stable-fixes). - intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes). - intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes). - intel_th: pci: Add Arrow Lake support (stable-fixes). - intel_th: pci: Add Panther Lake-H support (stable-fixes). - intel_th: pci: Add Panther Lake-P/U support (stable-fixes). - ioam6: improve checks on user data (git-fixes). - iommu/vt-d: Fix suspicious RCU usage (git-fixes). - ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994). - ipv4: use RCU protection in inet_select_addr() (bsc#1239994). - ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994). - ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994). - ipv4: use RCU protection in rt_is_expired() (bsc#1239994). - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes). - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes). - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes). - ipv6: Use RCU in ip6_input() (bsc#1239994). - ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes). - ipv6: avoid atomic fragment on GSO packets (git-fixes). - ipv6: fib6_rules: flush route cache when rule is changed (git-fixes). - ipv6: fib: hide unused 'pn' variable (git-fixes). - ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes). - ipv6: fix potential NULL deref in fib6_add() (git-fixes). - ipv6: icmp: convert to dev_net_rcu() (bsc#1239994). - ipv6: introduce dst_rt6_info() helper (git-fixes). - ipv6: ioam: block BH from ioam6_output() (git-fixes). - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes). - ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - ipv6: sr: add missing seg6_local_exit (git-fixes). - ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes). - ipv6: take care of scope when choosing the src addr (git-fixes). - jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes). - jfs: add check read-only before txBeginAnon() call (git-fixes). - jfs: add index corruption check to DT_GETPAGE() (git-fixes). - jfs: fix slab-out-of-bounds read in ea_get() (git-fixes). - jfs: reject on-disk inodes of an unsupported type (git-fixes). - kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes) - kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - kABI fix for netlink: terminate outstanding dump on socket close (git-fixes). - kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes). - kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes). - kABI workaround for intel-ish-hid (git-fixes). - kABI workaround for soc_mixer_control changes (git-fixes). - kbuild: hdrcheck: fix cross build with clang (git-fixes). - kunit: qemu_configs: sparc: use Zilog console (git-fixes). - l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes). - l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes). - l2tp: fix lockdep splat (git-fixes). - leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes). - leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes). - lib: 842: Improve error handling in sw842_compress() (git-fixes). - lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes). - mdacon: rework dependency list (git-fixes). - media: i2c: adv748x: Fix test pattern selection mask (git-fixes). - media: i2c: ccs: Set the device's runtime PM status correctly in remove (git-fixes). - media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes). - media: i2c: ov7251: Set enable GPIO low in probe (git-fixes). - media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes). - media: platform: stm32: Add check for clk_enable() (git-fixes). - media: siano: Fix error handling in smsdvb_module_init() (git-fixes). - media: streamzap: fix race between device disconnection and urb callback (git-fixes). - media: streamzap: prevent processing IR data on URB failure (git-fixes). - media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes). - media: venus: hfi: add a check to handle OOB in sfr region (git-fixes). - media: venus: hfi: add check to handle incorrect queue size (git-fixes). - media: venus: hfi_parser: add check to avoid out of bound access (git-fixes). - media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes). - media: verisilicon: HEVC: Initialize start_bit field (git-fixes). - media: vim2m: print device name after registering device (git-fixes). - media: visl: Fix ERANGE error when setting enum controls (git-fixes). - mei: me: add panther lake P DID (stable-fixes). - memblock tests: fix warning: '__ALIGN_KERNEL' redefined (git-fixes). - memory: mtk-smi: Add ostd setting for mt8192 (git-fixes). - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes). - mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes). - mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes). - mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes). - mfd: syscon: Fix race in device_node_get_regmap() (git-fixes). - mfd: syscon: Remove extern from function prototypes (stable-fixes). - mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes). - mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600). - mm: accept to promo watermark (bsc#1239600). - mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600). - mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600). - mm: zswap: move allocations during CPU init outside the lock (git-fixes). - mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes). - mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes). - mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes). - mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes). - mtd: Add check for devm_kcalloc() (git-fixes). - mtd: Replace kcalloc() with devm_kcalloc() (git-fixes). - mtd: nand: Fix a kdoc comment (git-fixes). - mtd: rawnand: brcmnand: fix PM resume warning (git-fixes). - ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994). - ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994). - net l2tp: drop flow hash on forward (git-fixes). - net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes). - net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes). - net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes). - net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes). - net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes). - net/sched: flower: Add lock protection when remove filter handle (git-fixes). - net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (git-fixes). - net/sched: tbf: correct backlog statistic for GSO packets (git-fixes). - net: add dev_net_rcu() helper (bsc#1239994). - net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes). - net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes). - net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes). - net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes). - net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes). - net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes). - net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes). - net: ipv6: ioam6: code alignment (git-fixes). - net: ipv6: ioam6: new feature tunsrc (git-fixes). - net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes). - net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes). - net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes). - net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016). - net: mana: Allow variable size indirection table (bsc#1239016). - net: mana: Assigning IRQ affinity on HT cores (bsc#1239015). - net: mana: Avoid open coded arithmetic (bsc#1239016). - net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Support holes in device list reply msg (git-fixes). - net: mana: add a function to spread IRQs per CPUs (bsc#1239015). - net: mana: cleanup mana struct after debugfs_remove() (git-fixes). - net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480). - net: use unrcu_pointer() helper (git-fixes). - net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes). - net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes). - net_sched: sch_sfq: annotate data-races around q->perturb_period (git-fixes). - net_sched: sch_sfq: handle bigger packets (git-fixes). - nfsd: clear acl_access/acl_default after releasing them (git-fixes). - nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649). - nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649). - nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649). - nvme-ioctl: fix leaked requests on mapping error (git-fixes). - nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes). - nvme-pci: remove stale comment (git-fixes). - nvme-tcp: Fix a C2HTermReq error message (git-fixes). - nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes). - nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes). - nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes). - nvme: introduce nvme_disk_is_ns_head helper (git-fixes). - nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes). - nvme: move passthrough logging attribute to head (git-fixes). - nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649). - nvmet-fc: Remove unused functions (git-fixes). - nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes). - nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes). - nvmet: remove old function prototype (git-fixes). - ocfs2: check dir i_size in ocfs2_find_entry (git-fixes). - ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes). - ocfs2: handle a symlink read error correctly (git-fixes). - ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes). - ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes). - orangefs: fix a oob in orangefs_debug_write (git-fixes). - packaging: Patch Makefile to pre-select gcc version (jsc#PED-12251). - packaging: Patch Makefile to pre-select gcc version (jsc#PED-12251). - padata: fix sysfs store callback check (git-fixes). - partitions: mac: fix handling of bogus partition table (git-fixes). - pci/acs: Fix 'pci=config_acs=' parameter (git-fixes). - pci/aspm: Fix link state exit during switch upstream function removal (git-fixes). - pci/doe: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853) - pci/doe: Support discovery version 2 (bsc#1237853) - pci/portdrv: Only disable pciehp interrupts early when needed (git-fixes). - pci: Avoid reset when disabled via sysfs (git-fixes). - pci: Fix reference leak in pci_alloc_child_bus() (git-fixes). - pci: Remove stray put_device() in pci_register_host_bridge() (git-fixes). - pci: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes). - pci: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes). - pci: brcmstb: Fix potential premature regulator disabling (git-fixes). - pci: brcmstb: Set generation limit before PCIe link up (git-fixes). - pci: brcmstb: Use internal register to change link capability (git-fixes). - pci: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes). - pci: dwc: ep: Return -ENOMEM for allocation failures (git-fixes). - pci: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes). - pci: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes). - pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes). - pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes). - pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes). - pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes). - pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes). - pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes). - platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes). - platform/x86: dell-ddv: Fix temperature calculation (git-fixes). - platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes). - platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes). - platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes). - pm: sleep: Adjust check before setting power.must_resume (git-fixes). - pm: sleep: Fix handling devices with direct_complete set on errors (git-fixes). - pnfs/flexfiles: retry getting layout segment for reads (git-fixes). - power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes). - powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573). - powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573). - powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055). - powerpc: Stop using no_llseek (bsc#1239573). - rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes). - rapidio: fix an API misues when rio_add_net() fails (git-fixes). - ras: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619). - ras: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619). - rdma/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes) - rdma/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes) - rdma/core: Do not expose hw_counters outside of init net namespace (git-fixes) - rdma/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes) - rdma/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes) - rdma/hns: Fix missing xa_destroy() (git-fixes) - rdma/hns: Fix soft lockup during bt pages loop (git-fixes) - rdma/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes) - rdma/hns: Fix wrong value of max_sge_rd (git-fixes) - rdma/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016). - rdma/mlx5: Fix MR cache initialization error flow (git-fixes) - rdma/mlx5: Fix cache entry update on dereg error (git-fixes) - rdma/mlx5: Fix calculation of total invalidated pages (git-fixes) - rdma/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes) - rdma/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes) - rdma/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes) - regulator: check that dummy regulator has been probed before using it (stable-fixes). - regulator: core: Fix deadlock in create_regulator() (git-fixes). - regulator: dummy: force synchronous probing (git-fixes). - rndis_host: Flag RNDIS modems as WWAN devices (git-fixes). - rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986) sle_version was obsoleted for SLE16. It has to be combined with suse_version check. - rpm/release-projects: Update the ALP projects again (bsc#1231293). - s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594). - s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595). - sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743). - selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes). - selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes). - selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes). - selftests/bpf: add fp-leaking precise subprog result tests (git-fixes). - selftests/mm/cow: fix the incorrect error handling (git-fixes). - selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes). - selftests: mptcp: close fd_in before returning in main_loop (git-fixes). - selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes). - seq_file: add helper macro to define attribute for rw file (jsc#PED-12416). - slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes). - smb: client: destroy cfid_put_wq on module exit (git-fixes). - soc: imx8m: Remove global soc_uid (stable-fixes). - soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes). - soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes). - soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes). - soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes). - soc: qcom: pdr: Fix the potential deadlock (git-fixes). - soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes). - soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes). - spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes). - spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes). - spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes). - splice: do not checksum AF_UNIX sockets (bsc#1240333). - sunrpc: Handle -ETIMEDOUT return from tlshd (git-fixes). - sunrpc: Prevent looping due to rpc_signal_task() races (git-fixes). - sunrpc: convert RPC_TASK_* constants to enum (git-fixes). - sunrpc: suppress warnings for unused procfs functions (git-fixes). - supported.conf: add now-included qat_420xx (external, intel) - tcp: Add memory barrier to tcp_push() (git-fixes). - tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes). - tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset (git-fixes). - tcp: Defer ts_recent changes until req is owned (git-fixes). - tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes). - tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes). - tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes). - tcp: Update window clamping condition (git-fixes). - tcp: add tcp_done_with_error() helper (git-fixes). - tcp: adjust rcvq_space after updating scaling ratio (git-fixes). - tcp: annotate data-races around tp->window_clamp (git-fixes). - tcp: avoid premature drops in tcp_add_backlog() (git-fixes). - tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes). - tcp: check mptcp-level constraints for backlog coalescing (git-fixes). - tcp: check space before adding MPTCP SYN options (git-fixes). - tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (git-fixes). - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes). - tcp: define initial scaling factor value as a macro (git-fixes). - tcp: derive delack_max from rto_min (git-fixes). - tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes). - tcp: fix cookie_init_timestamp() overflows (git-fixes). - tcp: fix forever orphan socket caused by tcp_abort (git-fixes). - tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes). - tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes). - tcp: fix mid stream window clamp (git-fixes). - tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes). - tcp: fix race in tcp_write_err() (git-fixes). - tcp: fix races in tcp_abort() (git-fixes). - tcp: fix races in tcp_v_err() (git-fixes). - tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (git-fixes). - tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes). - tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes). - tcp: increase the default TCP scaling ratio (git-fixes). - tcp: introduce tcp_clock_ms() (git-fixes). - tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes). - tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes). - tcp: remove 64 KByte limit for initial tp->rcv_wnd value (git-fixes). - tcp: replace tcp_time_stamp_raw() (git-fixes). - thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes). - thermal: int340x: Add NULL check for adev (git-fixes). - tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes). - tools: move alignment-related macros to new &lt;linux/align.h> (git-fixes). - tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes). - tpm: do not start chip while suspended (git-fixes). - tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870). - ubi: Add a check for ubi_num (git-fixes). - ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes). - ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes). - ubi: correct the calculation of fastmap size (stable-fixes). - ubi: eba: properly rollback inside self_check_eba (git-fixes). - ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes). - ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes). - ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes). - ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes). - upstream: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes). - usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes). - usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes). - usb: gadget: Check bmAttributes only if configuration is valid (git-fixes). - usb: gadget: Fix setting self-powered state on suspend (git-fixes). - usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes). - usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes). - usb: hub: lack of clearing xHC resources (git-fixes). - usb: phy: generic: Use proper helper for property detection (stable-fixes). - usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes). - usb: renesas_usbhs: Call clk_put() (git-fixes). - usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes). - usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes). - usb: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes). - usb: serial: option: add Telit Cinterion FE990B compositions (stable-fixes). - usb: serial: option: fix Telit Cinterion FE990A name (stable-fixes). - usb: serial: option: match on interface class for Telit FN990B (stable-fixes). - usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes). - usb: typec: ucsi: Fix NULL pointer access (git-fixes). - usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes). - usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes). - usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes). - usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes). - vboxsf: fix building with GCC 15 (stable-fixes). - wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes). - wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (git-fixes). - wifi: ath11k: choose default PM policy for hibernation (bsc#1207948). - wifi: ath11k: determine PM policy based on machine model (bsc#1207948). - wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes). - wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes). - wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948). - wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948). - wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948). - wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes). - wifi: ath12k: encode max Tx power in scan channel list command (git-fixes). - wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes). - wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes). - wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes). - wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes). - wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes). - wifi: mt76: Add check for devm_kstrdup() (git-fixes). - wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes). - wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes). - wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes). - wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes). - wifi: mwifiex: Fix premature release of RF calibration data (git-fixes). - wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes). - wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes). - wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes). - x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes). - x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Temporarily map initrd for microcode loading (git-fixes). - x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes). - x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes). - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes). - x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes). - x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes). - x86/fpu: Fix guest FPU state buffer allocation size (git-fixes). - x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes). - x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes). - x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes). - x86/microcode/32: Move early loading after paging enable (git-fixes). - x86/microcode/amd: Cache builtin microcode too (git-fixes). - x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes). - x86/microcode/amd: Use cached microcode for AP load (git-fixes). - x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes). - x86/microcode/intel: Add a minimum required revision for late loading (git-fixes). - x86/microcode/intel: Cleanup code further (git-fixes). - x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes). - x86/microcode/intel: Remove debug code (git-fixes). - x86/microcode/intel: Remove pointless mutex (git-fixes). - x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes). - x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes). - x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes). - x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes). - x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes). - x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes). - x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes). - x86/microcode/intel: Simplify early loading (git-fixes). - x86/microcode/intel: Simplify scan_microcode() (git-fixes). - x86/microcode/intel: Switch to kvmalloc() (git-fixes). - x86/microcode/intel: Unify microcode apply() functions (git-fixes). - x86/microcode: Add per CPU control field (git-fixes). - x86/microcode: Add per CPU result state (git-fixes). - x86/microcode: Clarify the late load logic (git-fixes). - x86/microcode: Clean up mc_cpu_down_prep() (git-fixes). - x86/microcode: Get rid of the schedule work indirection (git-fixes). - x86/microcode: Handle 'nosmt' correctly (git-fixes). - x86/microcode: Handle 'offline' CPUs correctly (git-fixes). - x86/microcode: Hide the config knob (git-fixes). - x86/microcode: Include vendor headers into microcode.h (git-fixes). - x86/microcode: Make reload_early_microcode() static (git-fixes). - x86/microcode: Mop up early loading leftovers (git-fixes). - x86/microcode: Move core specific defines to local header (git-fixes). - x86/microcode: Prepare for minimal revision check (git-fixes). - x86/microcode: Protect against instrumentation (git-fixes). - x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes). - x86/microcode: Provide new control functions (git-fixes). - x86/microcode: Remove microcode_mutex (git-fixes). - x86/microcode: Remove pointless apply() invocation (git-fixes). - x86/microcode: Rendezvous and load in NMI (git-fixes). - x86/microcode: Replace the all-in-one rendevous handler (git-fixes). - x86/microcode: Sanitize __wait_for_cpus() (git-fixes). - x86/mm: Remove unused microcode.h include (git-fixes). - x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes). - x86/speculation: Add __update_spec_ctrl() helper (git-fixes). - x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes). - xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes). - xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701). - xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701). - xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701). - xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701). - xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes). - xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes). - xhci: dbc: Convert to use sysfs_streq() (git-fixes). - xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes). - xhci: dbc: Fix STALL transfer event handling (git-fixes). - xhci: dbc: Replace custom return value with proper Linux error code (git-fixes). - xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes). - xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes). - xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes). - xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes). - xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes). - xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes). - xhci: pci: Use standard pattern for device IDs (git-fixes). Important SUSE bug 1207948 SUSE bug 1215199 SUSE bug 1215211 SUSE bug 1218470 SUSE bug 1221651 SUSE bug 1222649 SUSE bug 1223047 SUSE bug 1224489 SUSE bug 1224610 SUSE bug 1225533 SUSE bug 1225742 SUSE bug 1225770 SUSE bug 1226871 SUSE bug 1227858 SUSE bug 1228653 SUSE bug 1229311 SUSE bug 1229361 SUSE bug 1230497 SUSE bug 1230728 SUSE bug 1230769 SUSE bug 1230832 SUSE bug 1231293 SUSE bug 1231432 SUSE bug 1232364 SUSE bug 1232389 SUSE bug 1232421 SUSE bug 1232743 SUSE bug 1232812 SUSE bug 1232848 SUSE bug 1232895 SUSE bug 1233033 SUSE bug 1233060 SUSE bug 1233259 SUSE bug 1233260 SUSE bug 1233479 SUSE bug 1233551 SUSE bug 1233557 SUSE bug 1233749 SUSE bug 1234222 SUSE bug 1234480 SUSE bug 1234828 SUSE bug 1234936 SUSE bug 1235436 SUSE bug 1235455 SUSE bug 1235501 SUSE bug 1235524 SUSE bug 1235589 SUSE bug 1235591 SUSE bug 1235621 SUSE bug 1235637 SUSE bug 1235698 SUSE bug 1235711 SUSE bug 1235712 SUSE bug 1235715 SUSE bug 1235729 SUSE bug 1235733 SUSE bug 1235761 SUSE bug 1235870 SUSE bug 1235973 SUSE bug 1236099 SUSE bug 1236111 SUSE bug 1236206 SUSE bug 1236333 SUSE bug 1236692 SUSE bug 1237029 SUSE bug 1237164 SUSE bug 1237313 SUSE bug 1237530 SUSE bug 1237558 SUSE bug 1237562 SUSE bug 1237565 SUSE bug 1237571 SUSE bug 1237853 SUSE bug 1237856 SUSE bug 1237873 SUSE bug 1237875 SUSE bug 1237876 SUSE bug 1237877 SUSE bug 1237881 SUSE bug 1237885 SUSE bug 1237890 SUSE bug 1237894 SUSE bug 1237897 SUSE bug 1237900 SUSE bug 1237906 SUSE bug 1237907 SUSE bug 1237911 SUSE bug 1237912 SUSE bug 1237950 SUSE bug 1238212 SUSE bug 1238474 SUSE bug 1238475 SUSE bug 1238479 SUSE bug 1238497 SUSE bug 1238500 SUSE bug 1238501 SUSE bug 1238502 SUSE bug 1238503 SUSE bug 1238506 SUSE bug 1238507 SUSE bug 1238510 SUSE bug 1238511 SUSE bug 1238512 SUSE bug 1238523 SUSE bug 1238526 SUSE bug 1238528 SUSE bug 1238529 SUSE bug 1238531 SUSE bug 1238532 SUSE bug 1238715 SUSE bug 1238716 SUSE bug 1238734 SUSE bug 1238735 SUSE bug 1238736 SUSE bug 1238738 SUSE bug 1238747 SUSE bug 1238754 SUSE bug 1238757 SUSE bug 1238760 SUSE bug 1238762 SUSE bug 1238763 SUSE bug 1238767 SUSE bug 1238768 SUSE bug 1238771 SUSE bug 1238772 SUSE bug 1238773 SUSE bug 1238775 SUSE bug 1238780 SUSE bug 1238781 SUSE bug 1238785 SUSE bug 1238864 SUSE bug 1238865 SUSE bug 1238876 SUSE bug 1238903 SUSE bug 1238904 SUSE bug 1238905 SUSE bug 1238909 SUSE bug 1238911 SUSE bug 1238917 SUSE bug 1238958 SUSE bug 1238959 SUSE bug 1238963 SUSE bug 1238964 SUSE bug 1238969 SUSE bug 1238971 SUSE bug 1238973 SUSE bug 1238975 SUSE bug 1238978 SUSE bug 1238979 SUSE bug 1238981 SUSE bug 1238984 SUSE bug 1238986 SUSE bug 1238993 SUSE bug 1238994 SUSE bug 1238997 SUSE bug 1239015 SUSE bug 1239016 SUSE bug 1239027 SUSE bug 1239029 SUSE bug 1239030 SUSE bug 1239033 SUSE bug 1239034 SUSE bug 1239036 SUSE bug 1239037 SUSE bug 1239038 SUSE bug 1239039 SUSE bug 1239045 SUSE bug 1239065 SUSE bug 1239068 SUSE bug 1239073 SUSE bug 1239076 SUSE bug 1239080 SUSE bug 1239085 SUSE bug 1239087 SUSE bug 1239095 SUSE bug 1239104 SUSE bug 1239105 SUSE bug 1239109 SUSE bug 1239112 SUSE bug 1239114 SUSE bug 1239115 SUSE bug 1239117 SUSE bug 1239167 SUSE bug 1239174 SUSE bug 1239346 SUSE bug 1239349 SUSE bug 1239435 SUSE bug 1239467 SUSE bug 1239468 SUSE bug 1239471 SUSE bug 1239473 SUSE bug 1239474 SUSE bug 1239477 SUSE bug 1239478 SUSE bug 1239479 SUSE bug 1239481 SUSE bug 1239482 SUSE bug 1239483 SUSE bug 1239484 SUSE bug 1239486 SUSE bug 1239508 SUSE bug 1239512 SUSE bug 1239518 SUSE bug 1239573 SUSE bug 1239594 SUSE bug 1239595 SUSE bug 1239600 SUSE bug 1239605 SUSE bug 1239615 SUSE bug 1239644 SUSE bug 1239707 SUSE bug 1239986 SUSE bug 1239994 SUSE bug 1240169 SUSE bug 1240172 SUSE bug 1240173 SUSE bug 1240175 SUSE bug 1240177 SUSE bug 1240179 SUSE bug 1240182 SUSE bug 1240183 SUSE bug 1240186 SUSE bug 1240188 SUSE bug 1240189 SUSE bug 1240191 SUSE bug 1240192 SUSE bug 1240333 SUSE bug 1240334 CVE-2023-52831 at SUSE CVE-2023-52831 at NVD CVE-2023-52926 at SUSE CVE-2023-52926 at NVD CVE-2023-52927 at SUSE CVE-2023-52927 at NVD CVE-2024-26634 at SUSE CVE-2024-26634 at NVD CVE-2024-26873 at SUSE CVE-2024-26873 at NVD CVE-2024-35826 at SUSE CVE-2024-35826 at NVD CVE-2024-35910 at SUSE CVE-2024-35910 at NVD CVE-2024-38606 at SUSE CVE-2024-38606 at NVD CVE-2024-41005 at SUSE CVE-2024-41005 at NVD CVE-2024-41077 at SUSE CVE-2024-41077 at NVD CVE-2024-41149 at SUSE CVE-2024-41149 at NVD CVE-2024-42307 at SUSE CVE-2024-42307 at NVD CVE-2024-43820 at SUSE CVE-2024-43820 at NVD CVE-2024-46736 at SUSE CVE-2024-46736 at NVD CVE-2024-46782 at SUSE CVE-2024-46782 at NVD CVE-2024-46796 at SUSE CVE-2024-46796 at NVD CVE-2024-47408 at SUSE CVE-2024-47408 at NVD CVE-2024-47794 at SUSE CVE-2024-47794 at NVD CVE-2024-49571 at SUSE CVE-2024-49571 at NVD CVE-2024-49924 at SUSE CVE-2024-49924 at NVD CVE-2024-49940 at SUSE CVE-2024-49940 at NVD CVE-2024-49994 at SUSE CVE-2024-49994 at NVD CVE-2024-50056 at SUSE CVE-2024-50056 at NVD CVE-2024-50126 at SUSE CVE-2024-50126 at NVD CVE-2024-50140 at SUSE CVE-2024-50140 at NVD CVE-2024-50152 at SUSE CVE-2024-50152 at NVD CVE-2024-50290 at SUSE CVE-2024-50290 at NVD CVE-2024-52559 at SUSE CVE-2024-52559 at NVD CVE-2024-53057 at SUSE CVE-2024-53057 at NVD CVE-2024-53063 at SUSE CVE-2024-53063 at NVD CVE-2024-53140 at SUSE CVE-2024-53140 at NVD CVE-2024-53163 at SUSE CVE-2024-53163 at NVD CVE-2024-53680 at SUSE CVE-2024-53680 at NVD CVE-2024-54683 at SUSE CVE-2024-54683 at NVD CVE-2024-56638 at SUSE CVE-2024-56638 at NVD CVE-2024-56640 at SUSE CVE-2024-56640 at NVD CVE-2024-56702 at SUSE CVE-2024-56702 at NVD CVE-2024-56703 at SUSE CVE-2024-56703 at NVD CVE-2024-56718 at SUSE CVE-2024-56718 at NVD CVE-2024-56719 at SUSE CVE-2024-56719 at NVD CVE-2024-56751 at SUSE CVE-2024-56751 at NVD CVE-2024-56758 at SUSE CVE-2024-56758 at NVD CVE-2024-56770 at SUSE CVE-2024-56770 at NVD CVE-2024-57807 at SUSE CVE-2024-57807 at NVD CVE-2024-57834 at SUSE CVE-2024-57834 at NVD CVE-2024-57900 at SUSE CVE-2024-57900 at NVD CVE-2024-57947 at SUSE CVE-2024-57947 at NVD CVE-2024-57973 at SUSE CVE-2024-57973 at NVD CVE-2024-57974 at SUSE CVE-2024-57974 at NVD CVE-2024-57978 at SUSE CVE-2024-57978 at NVD CVE-2024-57980 at SUSE CVE-2024-57980 at NVD CVE-2024-57981 at SUSE CVE-2024-57981 at NVD CVE-2024-57986 at SUSE CVE-2024-57986 at NVD CVE-2024-57990 at SUSE CVE-2024-57990 at NVD CVE-2024-57993 at SUSE CVE-2024-57993 at NVD CVE-2024-57996 at SUSE CVE-2024-57996 at NVD CVE-2024-57997 at SUSE CVE-2024-57997 at NVD CVE-2024-57999 at SUSE CVE-2024-57999 at NVD CVE-2024-58002 at SUSE CVE-2024-58002 at NVD CVE-2024-58005 at SUSE CVE-2024-58005 at NVD CVE-2024-58006 at SUSE CVE-2024-58006 at NVD CVE-2024-58007 at SUSE CVE-2024-58007 at NVD CVE-2024-58009 at SUSE CVE-2024-58009 at NVD CVE-2024-58011 at SUSE CVE-2024-58011 at NVD CVE-2024-58012 at SUSE CVE-2024-58012 at NVD CVE-2024-58013 at SUSE CVE-2024-58013 at NVD CVE-2024-58014 at SUSE CVE-2024-58014 at NVD CVE-2024-58017 at SUSE CVE-2024-58017 at NVD CVE-2024-58019 at SUSE CVE-2024-58019 at NVD CVE-2024-58020 at SUSE CVE-2024-58020 at NVD CVE-2024-58034 at SUSE CVE-2024-58034 at NVD CVE-2024-58051 at SUSE CVE-2024-58051 at NVD CVE-2024-58052 at SUSE CVE-2024-58052 at NVD CVE-2024-58054 at SUSE CVE-2024-58054 at NVD CVE-2024-58055 at SUSE CVE-2024-58055 at NVD CVE-2024-58056 at SUSE CVE-2024-58056 at NVD CVE-2024-58057 at SUSE CVE-2024-58057 at NVD CVE-2024-58058 at SUSE CVE-2024-58058 at NVD CVE-2024-58061 at SUSE CVE-2024-58061 at NVD CVE-2024-58063 at SUSE CVE-2024-58063 at NVD CVE-2024-58069 at SUSE CVE-2024-58069 at NVD CVE-2024-58072 at SUSE CVE-2024-58072 at NVD CVE-2024-58076 at SUSE CVE-2024-58076 at NVD CVE-2024-58078 at SUSE CVE-2024-58078 at NVD CVE-2024-58079 at SUSE CVE-2024-58079 at NVD CVE-2024-58080 at SUSE CVE-2024-58080 at NVD CVE-2024-58083 at SUSE CVE-2024-58083 at NVD CVE-2024-58085 at SUSE CVE-2024-58085 at NVD CVE-2024-58086 at SUSE CVE-2024-58086 at NVD CVE-2025-21631 at SUSE CVE-2025-21631 at NVD CVE-2025-21635 at SUSE CVE-2025-21635 at NVD CVE-2025-21659 at SUSE CVE-2025-21659 at NVD CVE-2025-21671 at SUSE CVE-2025-21671 at NVD CVE-2025-21693 at SUSE CVE-2025-21693 at NVD CVE-2025-21701 at SUSE CVE-2025-21701 at NVD CVE-2025-21703 at SUSE CVE-2025-21703 at NVD CVE-2025-21704 at SUSE CVE-2025-21704 at NVD CVE-2025-21706 at SUSE CVE-2025-21706 at NVD CVE-2025-21708 at SUSE CVE-2025-21708 at NVD CVE-2025-21711 at SUSE CVE-2025-21711 at NVD CVE-2025-21714 at SUSE CVE-2025-21714 at NVD CVE-2025-21718 at SUSE CVE-2025-21718 at NVD CVE-2025-21723 at SUSE CVE-2025-21723 at NVD CVE-2025-21726 at SUSE CVE-2025-21726 at NVD CVE-2025-21727 at SUSE CVE-2025-21727 at NVD CVE-2025-21731 at SUSE CVE-2025-21731 at NVD CVE-2025-21732 at SUSE CVE-2025-21732 at NVD CVE-2025-21734 at SUSE CVE-2025-21734 at NVD CVE-2025-21735 at SUSE CVE-2025-21735 at NVD CVE-2025-21736 at SUSE CVE-2025-21736 at NVD CVE-2025-21738 at SUSE CVE-2025-21738 at NVD CVE-2025-21739 at SUSE CVE-2025-21739 at NVD CVE-2025-21741 at SUSE CVE-2025-21741 at NVD CVE-2025-21742 at SUSE CVE-2025-21742 at NVD CVE-2025-21743 at SUSE CVE-2025-21743 at NVD CVE-2025-21744 at SUSE CVE-2025-21744 at NVD CVE-2025-21745 at SUSE CVE-2025-21745 at NVD CVE-2025-21749 at SUSE CVE-2025-21749 at NVD CVE-2025-21750 at SUSE CVE-2025-21750 at NVD CVE-2025-21753 at SUSE CVE-2025-21753 at NVD CVE-2025-21756 at SUSE CVE-2025-21756 at NVD CVE-2025-21759 at SUSE CVE-2025-21759 at NVD CVE-2025-21760 at SUSE CVE-2025-21760 at NVD CVE-2025-21761 at SUSE CVE-2025-21761 at NVD CVE-2025-21762 at SUSE CVE-2025-21762 at NVD CVE-2025-21763 at SUSE CVE-2025-21763 at NVD CVE-2025-21764 at SUSE CVE-2025-21764 at NVD CVE-2025-21765 at SUSE CVE-2025-21765 at NVD CVE-2025-21766 at SUSE CVE-2025-21766 at NVD CVE-2025-21772 at SUSE CVE-2025-21772 at NVD CVE-2025-21773 at SUSE CVE-2025-21773 at NVD CVE-2025-21775 at SUSE CVE-2025-21775 at NVD CVE-2025-21776 at SUSE CVE-2025-21776 at NVD CVE-2025-21779 at SUSE CVE-2025-21779 at NVD CVE-2025-21780 at SUSE CVE-2025-21780 at NVD CVE-2025-21781 at SUSE CVE-2025-21781 at NVD CVE-2025-21782 at SUSE CVE-2025-21782 at NVD CVE-2025-21784 at SUSE CVE-2025-21784 at NVD CVE-2025-21785 at SUSE CVE-2025-21785 at NVD CVE-2025-21791 at SUSE CVE-2025-21791 at NVD CVE-2025-21793 at SUSE CVE-2025-21793 at NVD CVE-2025-21794 at SUSE CVE-2025-21794 at NVD CVE-2025-21796 at SUSE CVE-2025-21796 at NVD CVE-2025-21804 at SUSE CVE-2025-21804 at NVD CVE-2025-21810 at SUSE CVE-2025-21810 at NVD CVE-2025-21815 at SUSE CVE-2025-21815 at NVD CVE-2025-21819 at SUSE CVE-2025-21819 at NVD CVE-2025-21820 at SUSE CVE-2025-21820 at NVD CVE-2025-21821 at SUSE CVE-2025-21821 at NVD CVE-2025-21823 at SUSE CVE-2025-21823 at NVD CVE-2025-21825 at SUSE CVE-2025-21825 at NVD CVE-2025-21828 at SUSE CVE-2025-21828 at NVD CVE-2025-21829 at SUSE CVE-2025-21829 at NVD CVE-2025-21830 at SUSE CVE-2025-21830 at NVD CVE-2025-21831 at SUSE CVE-2025-21831 at NVD CVE-2025-21832 at SUSE CVE-2025-21832 at NVD CVE-2025-21835 at SUSE CVE-2025-21835 at NVD CVE-2025-21838 at SUSE CVE-2025-21838 at NVD CVE-2025-21844 at SUSE CVE-2025-21844 at NVD CVE-2025-21846 at SUSE CVE-2025-21846 at NVD CVE-2025-21847 at SUSE CVE-2025-21847 at NVD CVE-2025-21848 at SUSE CVE-2025-21848 at NVD CVE-2025-21850 at SUSE CVE-2025-21850 at NVD CVE-2025-21855 at SUSE CVE-2025-21855 at NVD CVE-2025-21856 at SUSE CVE-2025-21856 at NVD CVE-2025-21857 at SUSE CVE-2025-21857 at NVD CVE-2025-21858 at SUSE CVE-2025-21858 at NVD CVE-2025-21859 at SUSE CVE-2025-21859 at NVD CVE-2025-21861 at SUSE CVE-2025-21861 at NVD CVE-2025-21862 at SUSE CVE-2025-21862 at NVD CVE-2025-21864 at SUSE CVE-2025-21864 at NVD CVE-2025-21865 at SUSE CVE-2025-21865 at NVD CVE-2025-21866 at SUSE CVE-2025-21866 at NVD CVE-2025-21869 at SUSE CVE-2025-21869 at NVD CVE-2025-21870 at SUSE CVE-2025-21870 at NVD CVE-2025-21871 at SUSE CVE-2025-21871 at NVD CVE-2025-21876 at SUSE CVE-2025-21876 at NVD CVE-2025-21877 at SUSE CVE-2025-21877 at NVD CVE-2025-21878 at SUSE CVE-2025-21878 at NVD CVE-2025-21883 at SUSE CVE-2025-21883 at NVD CVE-2025-21885 at SUSE CVE-2025-21885 at NVD CVE-2025-21886 at SUSE CVE-2025-21886 at NVD CVE-2025-21888 at SUSE CVE-2025-21888 at NVD CVE-2025-21890 at SUSE CVE-2025-21890 at NVD CVE-2025-21891 at SUSE CVE-2025-21891 at NVD CVE-2025-21892 at SUSE CVE-2025-21892 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2024-35910: tcp: properly terminate timers for kernel sockets (bsc#1224489). - CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858). - CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769). - CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711). - CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712). - CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733). - CVE-2024-49940: kABI fix for l2tp: prevent possible tunnel refcount underflow (bsc#1232812). - CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389). - CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222). - CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715). - CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729). - CVE-2024-56638: kABI fix for 'netfilter: nft_inner: incorrect percpu area handling under softirq' (bsc#1235524). - CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436). - CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501). - CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455). - CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589). - CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591). - CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936). - CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621). - CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637). - CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973). - CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333). - CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532). - CVE-2024-57979: kABI workaround for pps changes (bsc#1238521). - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076). - CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104). - CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997). - CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036). - CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy (bsc#1236111). - CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206). - CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029). - CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164). - CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313). - CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528). - CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494). - CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506). - CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875). - CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496). - CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738). - CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763). - CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775). - CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780). - CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897). - CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906). - CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754). - CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512). - CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971). - CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512). - CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479). - CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486). - CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478). - CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483). - CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474). - CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482). - CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481). - CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191). - CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183). - CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189). - CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173). - CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186). The following non-security bugs were fixed: - accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes). - accel/qaic: Fix possible data corruption in BOs > 2G (git-fixes). - acpi: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530). - acpi: resource: IRQ override for Eluktronics MECH-17 (stable-fixes). - af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb() (bsc#1239435). - af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435). - af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334). - alsa: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes). - alsa: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes). - alsa: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes). - alsa: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes). - alsa: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes). - alsa: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Always honor no_shutup_pins (git-fixes). - alsa: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes). - alsa: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes). - alsa: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes). - alsa: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes). - alsa: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes). - alsa: hda/realtek: update ALC222 depop optimize (stable-fixes). - alsa: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes). - alsa: seq: Avoid module auto-load handling at event delivery (stable-fixes). - alsa: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes). - alsa: usb-audio: separate DJM-A9 cap lvl options (git-fixes). - alsa: usx2y: validate nrpacks module parameter on probe (git-fixes). - arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes) - arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes) - arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes) - arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes) - arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes) - arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes) - arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes) - arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes) - arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes) - arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes) - arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes) - arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes) - arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes) - arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes) - arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes) - arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes) - arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes) - asoc: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes). - asoc: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes). - asoc: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes). - asoc: cs35l41: check the return value from spi_setup() (git-fixes). - asoc: ops: Consistently treat platform_max as control value (git-fixes). - asoc: rt722-sdca: add missing readable registers (git-fixes). - asoc: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes). - asoc: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes). - asoc: tas2764: Fix power control mask (stable-fixes). - asoc: tas2764: Set the SDOUT polarity correctly (stable-fixes). - asoc: tas2770: Fix volume scale (stable-fixes). - asoc: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes). - ata: ahci: Add mask_port_map module parameter (git-fixes). - ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes). - ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes). - ata: libata: Fix NCQ Non-Data log not supported print (git-fixes). - ata: pata_parport: add custom version of wait_after_reset (git-fixes). - ata: pata_parport: fit3: implement IDE command set registers (git-fixes). - ata: pata_serverworks: Do not use the term blacklist (git-fixes). - ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes). - ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes). - auxdisplay: panel: Fix an API misuse in panel.c (git-fixes). - backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes). - batman-adv: Ignore own maximum aggregation size during RX (git-fixes). - bitmap: introduce generic optimized bitmap_size() (git-fixes). - block: cleanup and fix batch completion adding conditions (git-fixes). - block: do not revert iter for -EIOCBQUEUED (git-fixes). - bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes). - bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes). - bluetooth: hci_event: Fix enabling passive scanning (git-fixes). - bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes). - bluetooth: Improve setsockopt() handling of malformed user input (git-fixes). - bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes). - bpf: Fix a verifier verbose message (git-fixes). - bpf: prevent r10 register from being marked as precise (git-fixes). - bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes). - bpf: Use -Wno-error in certain tests when building with GCC (git-fixes). - broadcom: fix supported flag check in periodic output function (git-fixes). - btrfs: check delayed refs when we're checking if a ref exists (bsc#1239605). - btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045). - btrfs: drop the backref cache during relocation if we commit (bsc#1239605). - btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045). - btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045). - btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045). - bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes). - bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes). - bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes). - bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes). - bus: simple-pm-bus: fix forced runtime PM use (git-fixes). - can: flexcan: disable transceiver during system PM (git-fixes). - can: flexcan: only change CAN state when link up in system PM (git-fixes). - can: rcar_canfd: Fix page entries in the AFL list (git-fixes). - can: ucan: fix out of bound read in strscpy() source (git-fixes). - cdx: Fix possible UAF error in driver_override_show() (git-fixes). - char: misc: deallocate static minor in error path (git-fixes). - clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes). - coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes). - cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856) - cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856) - cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856) - cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707). - cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856) - cpufreq/cppc: Move and rename (bsc#1237856) - cpumask: add cpumask_weight_andnot() (bsc#1239015). - cpumask: define cleanup function for cpumasks (bsc#1239015). - crypto: ccp - Fix check for the primary ASP device (git-fixes). - crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes). - crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes). - crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes). - crypto: hisilicon/sec2 - fix for sec spec check (git-fixes). - crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416). - crypto: iaa - Change desc->priv to 0 (jsc#PED-12416). - crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416). - crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416). - crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416). - crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove header table code (jsc#PED-12416). - crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416). - crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (jsc#PED-12416). - crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416). - crypto: iaa - remove unneeded semicolon (jsc#PED-12416). - crypto: iaa - Test the correct request flag (git-fixes). - crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416). - crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416). - crypto: nx - Fix uninitialised hv_nxc on error (git-fixes). - crypto: qat - add admin msgs for telemetry (jsc#PED-12416). - crypto: qat - add auto reset on error (jsc#PED-12416). - crypto: qat - add bank save and restore flows (jsc#PED-12416). - crypto: qat - add fatal error notification (jsc#PED-12416). - crypto: qat - add fatal error notify method (jsc#PED-12416). - crypto: qat - add heartbeat error simulator (jsc#PED-12416). - crypto: qat - add interface for live migration (jsc#PED-12416). - crypto: qat - add support for 420xx devices (jsc#PED-12416). - crypto: qat - add support for device telemetry (jsc#PED-12416). - crypto: qat - add support for ring pair level telemetry (jsc#PED-12416). - crypto: qat - adf_get_etr_base() helper (jsc#PED-12416). - crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416). - crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416). - crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416). - crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416). - crypto: qat - Constify struct pm_status_row (jsc#PED-12416). - crypto: qat - disable arbitration before reset (jsc#PED-12416). - crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416). - crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416). - crypto: qat - fix 'Full Going True' macro definition (jsc#PED-12416). - crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416). - crypto: qat - fix comment structure (jsc#PED-12416). - crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416). - crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416). - crypto: qat - fix recovery flow for VFs (jsc#PED-12416). - crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416). - crypto: qat - Fix spelling mistake 'Invalide' -> 'Invalid' (jsc#PED-12416). - crypto: qat - Fix typo 'accelaration' (jsc#PED-12416). - crypto: qat - Fix typo (jsc#PED-12416). - crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416). - crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416). - crypto: qat - implement interface for live migration (jsc#PED-12416). - crypto: qat - improve aer error reset handling (jsc#PED-12416). - crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416). - crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416). - crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416). - crypto: qat - limit heartbeat notifications (jsc#PED-12416). - crypto: qat - make adf_ctl_class constant (jsc#PED-12416). - crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416). - crypto: qat - move fw config related structures (jsc#PED-12416). - crypto: qat - move PFVF compat checker to a function (jsc#PED-12416). - crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416). - crypto: qat - re-enable sriov after pf reset (jsc#PED-12416). - crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416). - crypto: qat - relocate CSR access code (jsc#PED-12416). - crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416). - crypto: qat - remove access to parity register for QAT GEN4 (git-fixes). - crypto: qat - Remove trailing space after \n newline (jsc#PED-12416). - crypto: qat - remove unnecessary description from comment (jsc#PED-12416). - crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416). - crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416). - crypto: qat - set parity error mask for qat_420xx (git-fixes). - crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416). - crypto: qat - update PFVF protocol for recovery (jsc#PED-12416). - crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416). - crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416). - crypto: qat - validate slices count returned by FW (jsc#PED-12416). - crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416). - dlm: prevent NPD when writing a positive value to event_done (git-fixes). - dm array: fix cursor index when skipping across block boundaries (git-fixes). - dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes). - dm init: Handle minors larger than 255 (git-fixes). - dm integrity: fix out-of-range warning (git-fixes). - dm persistent data: fix memory allocation failure (git-fixes). - dm resume: do not return EINVAL when signalled (git-fixes). - dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes). - dm thin: Add missing destroy_work_on_stack() (git-fixes). - dm-crypt: do not update io->sector after kcryptd_crypt_write_io_submit() (git-fixes). - dm-crypt: track tag_offset in convert_context (git-fixes). - dm-delay: fix hung task introduced by kthread mode (git-fixes). - dm-delay: fix max_delay calculations (git-fixes). - dm-delay: fix workqueue delay_timer race (git-fixes). - dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes). - dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes). - dm-integrity: align the outgoing bio in integrity_recheck (git-fixes). - dm-integrity: fix a race condition when accessing recalc_sector (git-fixes). - dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes). - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes). - dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes). mwilck: some hand editing because d95e2c34a3ca ('dm verity: Fix IO priority lost when reading FEC and hash') is missing - dm: Fix typo in error message (git-fixes). - dma: kmsan: export kmsan_handle_dma() for modules (git-fixes). - documentation: qat: fix auto_reset attribute details (git-fixes). - documentation: qat: fix auto_reset section (git-fixes). - driver core: Remove needless return in void API device_remove_group() (git-fixes). - drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes). - drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes). - drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes). - drm: xlnx: zynqmp: Fix max dma segment size (git-fixes). - drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes). - drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes). - drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes). - drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes). - drm/amd/display: Fix HPD after gpu reset (stable-fixes). - drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes). - drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes). - drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes). - drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes). - drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes). - drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes). - drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes). - drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes). - drm/amdgpu/umsch: declare umsch firmware (git-fixes). - drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' (git-fixes). - drm/atomic: Filter out redundant DPMS calls (stable-fixes). - drm/bridge: Fix spelling mistake 'gettin' -> 'getting' (git-fixes). - drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes). - drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes). - drm/dp_mst: Fix drm RAD print (git-fixes). - drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes). - drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes). - drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes). - drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes). - drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes). - drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro (git-fixes). - drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes). - drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr (git-fixes). - drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes). - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes). - drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes). - drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes). - drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes). - drm/msm/dpu: do not use active in atomic_check() (git-fixes). - drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes). - drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes). - drm/nouveau: Do not override forced connector status (stable-fixes). - drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes). - drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes). - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes). - drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes). - drm/repaper: fix integer overflows in repeat functions (git-fixes). - drm/sched: Fix fence reference count leak (git-fixes). - drm/ssd130x: ensure ssd132x pitch is correct (git-fixes). - drm/ssd130x: fix ssd132x encoding (git-fixes). - drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes). - drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes). - drm/vkms: Fix use after free and double free on init error (git-fixes). - drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes). - dummycon: fix default rows/cols (git-fixes). - eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes). - efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349). - fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes). - fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes). - fbdev: sm501fb: Add some geometry checks (git-fixes). - firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes). - firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes). - firmware: cs_dsp: Remove async regmap writes (git-fixes). - firmware: imx-scu: fix OF node leak in .probe() (git-fixes). - flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994). - gpio: aggregator: protect driver attr handlers against module unload (git-fixes). - gpio: rcar: Fix missing of_node_put() call (git-fixes). - gpio: rcar: Use raw_spinlock to protect register access (stable-fixes). - gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes). - hid: apple: disable Fn key handling on the Omoton KB066 (git-fixes). - hid: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes). - hid: appleir: Fix potential NULL dereference at raw event handle (git-fixes). - hid: Enable playstation driver independently of sony driver (git-fixes). - hid: google: fix unused variable warning under !CONFIG_ACPI (git-fixes). - hid: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes). - hid: hid-steam: Fix use-after-free when detaching device (git-fixes). - hid: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes). - hid: ignore non-functional sensor in HP 5MP Camera (stable-fixes). - hid: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes). - hid: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes). - hid: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes). - hid: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes). - hid: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes). - hwmon: (ad7314) Validate leading zero bits and return error (git-fixes). - hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes). - hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes). - hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes). - i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes). - i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes). - i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes). - i2c: omap: fix IRQ storms (git-fixes). - i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes). - i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes). - i3c: master: svc: Fix missing the IBI rules (git-fixes). - i3c: master: svc: Use readsb helper for reading MDB (git-fixes). - ib/mad: Check available slots before posting receive WRs (git-fixes) - ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518). - iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes). - iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes). - iio: adc: ad4130: Fix comparison of channel setups (git-fixes). - iio: adc: ad7124: Fix comparison of channel configs (git-fixes). - iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes). - iio: dac: ad3552r: clear reset status flag (git-fixes). - iio: filter: admv8818: Force initialization of SDO (git-fixes). - include: net: add static inline dst_dev_overhead() to dst.h (git-fixes). - include/linux/mmzone.h: clean up watermark accessors (bsc#1239600). - init: add initramfs_internal.h (bsc#1232848). - initramfs: allocate heap buffers together (bsc#1232848). - initramfs: fix hardlink hash leak without TRAILER (bsc#1232848). - input: ads7846 - fix gpiod allocation (git-fixes). - input: i8042 - add required quirks for missing old boardnames (stable-fixes). - input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes). - input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes). - input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes). - input: iqs7222 - add support for Azoteq IQS7222D (git-fixes). - input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes). - input: iqs7222 - preserve system status register (git-fixes). - input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes). - input: xpad - add multiple supported devices (stable-fixes). - input: xpad - add support for TECNO Pocket Go (stable-fixes). - input: xpad - add support for ZOTAC Gaming Zone (stable-fixes). - input: xpad - rename QH controller to Legion Go S (stable-fixes). - intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes). - intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes). - intel_th: pci: Add Arrow Lake support (stable-fixes). - intel_th: pci: Add Panther Lake-H support (stable-fixes). - intel_th: pci: Add Panther Lake-P/U support (stable-fixes). - ioam6: improve checks on user data (git-fixes). - iommu/vt-d: Fix suspicious RCU usage (git-fixes). - ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994). - ipv4: use RCU protection in inet_select_addr() (bsc#1239994). - ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994). - ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994). - ipv4: use RCU protection in rt_is_expired() (bsc#1239994). - ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes). - ipv6: avoid atomic fragment on GSO packets (git-fixes). - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes). - ipv6: fib: hide unused 'pn' variable (git-fixes). - ipv6: fib6_rules: flush route cache when rule is changed (git-fixes). - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes). - ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes). - ipv6: fix potential NULL deref in fib6_add() (git-fixes). - ipv6: icmp: convert to dev_net_rcu() (bsc#1239994). - ipv6: introduce dst_rt6_info() helper (git-fixes). - ipv6: ioam: block BH from ioam6_output() (git-fixes). - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes). - ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes). - ipv6: sr: add missing seg6_local_exit (git-fixes). - ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes). - ipv6: take care of scope when choosing the src addr (git-fixes). - ipv6: Use RCU in ip6_input() (bsc#1239994). - jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes). - jfs: add check read-only before txBeginAnon() call (git-fixes). - jfs: add index corruption check to DT_GETPAGE() (git-fixes). - jfs: fix slab-out-of-bounds read in ea_get() (git-fixes). - jfs: reject on-disk inodes of an unsupported type (git-fixes). - kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - kABI fix for netlink: terminate outstanding dump on socket close (git-fixes). - kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes) - kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes). - kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes). - kABI workaround for intel-ish-hid (git-fixes). - kABI workaround for soc_mixer_control changes (git-fixes). - kbuild: hdrcheck: fix cross build with clang (git-fixes). - kunit: qemu_configs: sparc: use Zilog console (git-fixes). - l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes). - l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes). - l2tp: fix lockdep splat (git-fixes). - leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes). - leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes). - lib: 842: Improve error handling in sw842_compress() (git-fixes). - lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes). - mdacon: rework dependency list (git-fixes). - media: i2c: adv748x: Fix test pattern selection mask (git-fixes). - media: i2c: ccs: Set the device's runtime PM status correctly in remove (git-fixes). - media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes). - media: i2c: ov7251: Set enable GPIO low in probe (git-fixes). - media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes). - media: platform: stm32: Add check for clk_enable() (git-fixes). - media: siano: Fix error handling in smsdvb_module_init() (git-fixes). - media: streamzap: fix race between device disconnection and urb callback (git-fixes). - media: streamzap: prevent processing IR data on URB failure (git-fixes). - media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes). - media: venus: hfi_parser: add check to avoid out of bound access (git-fixes). - media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes). - media: venus: hfi: add a check to handle OOB in sfr region (git-fixes). - media: venus: hfi: add check to handle incorrect queue size (git-fixes). - media: verisilicon: HEVC: Initialize start_bit field (git-fixes). - media: vim2m: print device name after registering device (git-fixes). - media: visl: Fix ERANGE error when setting enum controls (git-fixes). - mei: me: add panther lake P DID (stable-fixes). - memblock tests: fix warning: '__ALIGN_KERNEL' redefined (git-fixes). Fix tools/ build breakage introduced by suse commit 3d6cb93162fd 'bitmap: introduce generic optimized bitmap_size() (git-fixes)' - memory: mtk-smi: Add ostd setting for mt8192 (git-fixes). - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes). - mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes). - mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes). - mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes). - mfd: syscon: Fix race in device_node_get_regmap() (git-fixes). - mfd: syscon: Remove extern from function prototypes (stable-fixes). - mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes). - mm: accept to promo watermark (bsc#1239600). - mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600). - mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600). - mm: zswap: move allocations during CPU init outside the lock (git-fixes). - mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600). - mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes). - mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes). - mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes). - mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes). - Move upstreamed nfsd and sunrpc patches into sorted section - Move upstreamed PCI and initramfs patches into sorted section - Move upstreamed powerpc and SCSI patches into sorted section - mtd: Add check for devm_kcalloc() (git-fixes). - mtd: nand: Fix a kdoc comment (git-fixes). - mtd: rawnand: brcmnand: fix PM resume warning (git-fixes). - mtd: Replace kcalloc() with devm_kcalloc() (git-fixes). - ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994). - ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994). - net l2tp: drop flow hash on forward (git-fixes). - net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes). - net_sched: sch_sfq: annotate data-races around q->perturb_period (git-fixes). - net_sched: sch_sfq: handle bigger packets (git-fixes). - net: add dev_net_rcu() helper (bsc#1239994). - net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes). - net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes). - net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes). - net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes). - net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes). - net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes). - net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes). - net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: ioam6: code alignment (git-fixes). - net: ipv6: ioam6: new feature tunsrc (git-fixes). - net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes). - net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes). - net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes). - net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - net: mana: add a function to spread IRQs per CPUs (bsc#1239015). - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016). - net: mana: Allow variable size indirection table (bsc#1239016). - net: mana: Assigning IRQ affinity on HT cores (bsc#1239015). - net: mana: Avoid open coded arithmetic (bsc#1239016). - net: mana: cleanup mana struct after debugfs_remove() (git-fixes). - net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Support holes in device list reply msg (git-fixes). - net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480). - net: use unrcu_pointer() helper (git-fixes). - net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes). - net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes). - net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes). - net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes). - net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes). - net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes). - net/sched: flower: Add lock protection when remove filter handle (git-fixes). - net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (git-fixes). - net/sched: tbf: correct backlog statistic for GSO packets (git-fixes). - nfsd: clear acl_access/acl_default after releasing them (git-fixes). - nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649). - nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649). - nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649). - nvme-ioctl: fix leaked requests on mapping error (git-fixes). - nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes). - nvme-pci: remove stale comment (git-fixes). - nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes). - nvme-tcp: Fix a C2HTermReq error message (git-fixes). - nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes). - nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes). - nvme: introduce nvme_disk_is_ns_head helper (git-fixes). - nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes). - nvme: move passthrough logging attribute to head (git-fixes). - nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649). - nvmet-fc: Remove unused functions (git-fixes). - nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes). - nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes). - nvmet: remove old function prototype (git-fixes). - ocfs2: check dir i_size in ocfs2_find_entry (git-fixes). - ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes). - ocfs2: handle a symlink read error correctly (git-fixes). - ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes). - ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes). - orangefs: fix a oob in orangefs_debug_write (git-fixes). - packaging: Patch Makefile to pre-select gcc version (jsc#PED-12251). - packaging: Patch Makefile to pre-select gcc version (jsc#PED-12251). - padata: fix sysfs store callback check (git-fixes). - partitions: mac: fix handling of bogus partition table (git-fixes). - pci: Avoid reset when disabled via sysfs (git-fixes). - pci: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes). - pci: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes). - pci: brcmstb: Fix potential premature regulator disabling (git-fixes). - pci: brcmstb: Set generation limit before PCIe link up (git-fixes). - pci: brcmstb: Use internal register to change link capability (git-fixes). - pci: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes). - pci: dwc: ep: Return -ENOMEM for allocation failures (git-fixes). - pci: Fix reference leak in pci_alloc_child_bus() (git-fixes). - pci: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes). - pci: Remove stray put_device() in pci_register_host_bridge() (git-fixes). - pci: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes). - pci/acs: Fix 'pci=config_acs=' parameter (git-fixes). - pci/aspm: Fix link state exit during switch upstream function removal (git-fixes). - pci/doe: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853) - pci/doe: Support discovery version 2 (bsc#1237853) - pci/portdrv: Only disable pciehp interrupts early when needed (git-fixes). - pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes). - pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes). - pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes). - pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes). - pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes). - pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes). - platform/x86: dell-ddv: Fix temperature calculation (git-fixes). - platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes). - platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes). - platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes). - platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes). - pm: sleep: Adjust check before setting power.must_resume (git-fixes). - pm: sleep: Fix handling devices with direct_complete set on errors (git-fixes). - pnfs/flexfiles: retry getting layout segment for reads (git-fixes). - power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes). - powerpc: Stop using no_llseek (bsc#1239573). - powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573). - powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573). - powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055). - rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes). - rapidio: fix an API misues when rio_add_net() fails (git-fixes). - ras: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619). - rdma/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes) - rdma/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes) - rdma/core: Do not expose hw_counters outside of init net namespace (git-fixes) - rdma/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes) - rdma/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes) - rdma/hns: Fix missing xa_destroy() (git-fixes) - rdma/hns: Fix soft lockup during bt pages loop (git-fixes) - rdma/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes) - rdma/hns: Fix wrong value of max_sge_rd (git-fixes) - rdma/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016). - rdma/mlx5: Fix cache entry update on dereg error (git-fixes) - rdma/mlx5: Fix calculation of total invalidated pages (git-fixes) - rdma/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes) - rdma/mlx5: Fix MR cache initialization error flow (git-fixes) - rdma/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes) - rdma/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes) - Reapply 'wifi: ath11k: restore country code during resume' (bsc#1207948). - regulator: check that dummy regulator has been probed before using it (stable-fixes). - regulator: core: Fix deadlock in create_regulator() (git-fixes). - regulator: dummy: force synchronous probing (git-fixes). - Revert 'dm: requeue IO if mapping table not yet available' (git-fixes). - Revert 'drivers/card_reader/rtsx_usb: Restore interrupt based detection' (git-fixes). - Revert 'leds-pca955x: Remove the unused function pca95xx_num_led_regs()' (stable-fixes). - Revert 'wifi: ath11k: restore country code during resume' (bsc#1207948). - Revert 'wifi: ath11k: support hibernation' (bsc#1207948). - rndis_host: Flag RNDIS modems as WWAN devices (git-fixes). - rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986) sle_version was obsoleted for SLE16. It has to be combined with suse_version check. - rpm/release-projects: Update the ALP projects again (bsc#1231293). - s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594). - s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595). - sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743). - selftests: mptcp: close fd_in before returning in main_loop (git-fixes). - selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes). - selftests/bpf: add fp-leaking precise subprog result tests (git-fixes). - selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes). - selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes). - selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes). - selftests/mm/cow: fix the incorrect error handling (git-fixes). - selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes). - seq_file: add helper macro to define attribute for rw file (jsc#PED-12416). - slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes). - smb: client: destroy cfid_put_wq on module exit (git-fixes). - soc: imx8m: Remove global soc_uid (stable-fixes). - soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes). - soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes). - soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes). - soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes). - soc: qcom: pdr: Fix the potential deadlock (git-fixes). - soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes). - soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes). - spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes). - spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes). - spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes). - splice: do not checksum AF_UNIX sockets (bsc#1240333). - sunrpc: convert RPC_TASK_* constants to enum (git-fixes). - sunrpc: Handle -ETIMEDOUT return from tlshd (git-fixes). - sunrpc: Prevent looping due to rpc_signal_task() races (git-fixes). - sunrpc: suppress warnings for unused procfs functions (git-fixes). - supported.conf: add now-included qat_420xx (external, intel) - tcp: Add memory barrier to tcp_push() (git-fixes). - tcp: add tcp_done_with_error() helper (git-fixes). - tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes). - tcp: adjust rcvq_space after updating scaling ratio (git-fixes). - tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset (git-fixes). - tcp: annotate data-races around tp->window_clamp (git-fixes). - tcp: avoid premature drops in tcp_add_backlog() (git-fixes). - tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes). - tcp: check mptcp-level constraints for backlog coalescing (git-fixes). - tcp: check space before adding MPTCP SYN options (git-fixes). - tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (git-fixes). - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes). - tcp: Defer ts_recent changes until req is owned (git-fixes). - tcp: define initial scaling factor value as a macro (git-fixes). - tcp: derive delack_max from rto_min (git-fixes). - tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes). - tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes). - tcp: fix cookie_init_timestamp() overflows (git-fixes). - tcp: fix forever orphan socket caused by tcp_abort (git-fixes). - tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes). - tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes). - tcp: fix mid stream window clamp (git-fixes). - tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes). - tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes). - tcp: fix race in tcp_write_err() (git-fixes). - tcp: fix races in tcp_abort() (git-fixes). - tcp: fix races in tcp_v_err() (git-fixes). - tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (git-fixes). - tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes). - tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes). - tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes). - tcp: increase the default TCP scaling ratio (git-fixes). - tcp: introduce tcp_clock_ms() (git-fixes). - tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes). - tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes). - tcp: remove 64 KByte limit for initial tp->rcv_wnd value (git-fixes). - tcp: replace tcp_time_stamp_raw() (git-fixes). - tcp: Update window clamping condition (git-fixes). - thermal: int340x: Add NULL check for adev (git-fixes). - thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes). - tools: move alignment-related macros to new &lt;linux/align.h> (git-fixes). Fix tools/ build breakage introduced by suse commit 3d6cb93162fd 'bitmap: introduce generic optimized bitmap_size() (git-fixes)' - tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes). - tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes). - tpm: do not start chip while suspended (git-fixes). - tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870). - ubi: Add a check for ubi_num (git-fixes). - ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes). - ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes). - ubi: correct the calculation of fastmap size (stable-fixes). - ubi: eba: properly rollback inside self_check_eba (git-fixes). - ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes). - ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes). - ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes). - ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes). - upstream: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes). - usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes). - usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes). - usb: gadget: Check bmAttributes only if configuration is valid (git-fixes). - usb: gadget: Fix setting self-powered state on suspend (git-fixes). - usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes). - usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes). - usb: hub: lack of clearing xHC resources (git-fixes). - usb: phy: generic: Use proper helper for property detection (stable-fixes). - usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes). - usb: renesas_usbhs: Call clk_put() (git-fixes). - usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes). - usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes). - usb: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes). - usb: serial: option: add Telit Cinterion FE990B compositions (stable-fixes). - usb: serial: option: fix Telit Cinterion FE990A name (stable-fixes). - usb: serial: option: match on interface class for Telit FN990B (stable-fixes). - usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes). - usb: typec: ucsi: Fix NULL pointer access (git-fixes). - usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes). - usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes). - usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes). - usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes). - vboxsf: fix building with GCC 15 (stable-fixes). - wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (git-fixes). - wifi: ath11k: choose default PM policy for hibernation (bsc#1207948). - wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes). - wifi: ath11k: determine PM policy based on machine model (bsc#1207948). - wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes). - wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes). - wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948). - wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948). - wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948). - wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes). - wifi: ath12k: encode max Tx power in scan channel list command (git-fixes). - wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes). - wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes). - wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes). - wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes). - wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes). - wifi: mt76: Add check for devm_kstrdup() (git-fixes). - wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes). - wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes). - wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes). - wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes). - wifi: mwifiex: Fix premature release of RF calibration data (git-fixes). - wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes). - wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes). - wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes). - x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes). - x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes). - x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Temporarily map initrd for microcode loading (git-fixes). - x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes). - x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes). - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes). - x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes). - x86/fpu: Fix guest FPU state buffer allocation size (git-fixes). - x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes). - x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes). - x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes). - x86/microcode: Add per CPU control field (git-fixes). - x86/microcode: Add per CPU result state (git-fixes). - x86/microcode: Clarify the late load logic (git-fixes). - x86/microcode: Clean up mc_cpu_down_prep() (git-fixes). - x86/microcode: Get rid of the schedule work indirection (git-fixes). - x86/microcode: Handle 'nosmt' correctly (git-fixes). - x86/microcode: Handle 'offline' CPUs correctly (git-fixes). - x86/microcode: Hide the config knob (git-fixes). - x86/microcode: Include vendor headers into microcode.h (git-fixes). - x86/microcode: Make reload_early_microcode() static (git-fixes). - x86/microcode: Mop up early loading leftovers (git-fixes). - x86/microcode: Move core specific defines to local header (git-fixes). - x86/microcode: Prepare for minimal revision check (git-fixes). - x86/microcode: Protect against instrumentation (git-fixes). - x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes). - x86/microcode: Provide new control functions (git-fixes). - x86/microcode: Remove microcode_mutex (git-fixes). - x86/microcode: Remove pointless apply() invocation (git-fixes). - x86/microcode: Rendezvous and load in NMI (git-fixes). - x86/microcode: Replace the all-in-one rendevous handler (git-fixes). - x86/microcode: Sanitize __wait_for_cpus() (git-fixes). - x86/microcode/32: Move early loading after paging enable (git-fixes). - x86/microcode/amd: Cache builtin microcode too (git-fixes). - x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes). - x86/microcode/amd: Use cached microcode for AP load (git-fixes). - x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes). - x86/microcode/intel: Add a minimum required revision for late loading (git-fixes). - x86/microcode/intel: Cleanup code further (git-fixes). - x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes). - x86/microcode/intel: Remove debug code (git-fixes). - x86/microcode/intel: Remove pointless mutex (git-fixes). - x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes). - x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes). - x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes). - x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes). - x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes). - x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes). - x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes). - x86/microcode/intel: Simplify early loading (git-fixes). - x86/microcode/intel: Simplify scan_microcode() (git-fixes). - x86/microcode/intel: Switch to kvmalloc() (git-fixes). - x86/microcode/intel: Unify microcode apply() functions (git-fixes). - x86/mm: Remove unused microcode.h include (git-fixes). - x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes). - x86/speculation: Add __update_spec_ctrl() helper (git-fixes). - x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes). - xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes). - xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701). - xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701). - xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes). - xhci: dbc: Convert to use sysfs_streq() (git-fixes). - xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes). - xhci: dbc: Fix STALL transfer event handling (git-fixes). - xhci: dbc: Replace custom return value with proper Linux error code (git-fixes). - xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes). - xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes). - xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701). - xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701). - xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes). - xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes). - xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes). - xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes). - xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes). - xhci: pci: Use standard pattern for device IDs (git-fixes). Important SUSE bug 1207948 SUSE bug 1215199 SUSE bug 1215211 SUSE bug 1218470 SUSE bug 1221651 SUSE bug 1222649 SUSE bug 1223047 SUSE bug 1224489 SUSE bug 1224610 SUSE bug 1225533 SUSE bug 1225742 SUSE bug 1225770 SUSE bug 1226871 SUSE bug 1227858 SUSE bug 1228653 SUSE bug 1229311 SUSE bug 1229361 SUSE bug 1230497 SUSE bug 1230728 SUSE bug 1230769 SUSE bug 1230832 SUSE bug 1231293 SUSE bug 1231432 SUSE bug 1232364 SUSE bug 1232389 SUSE bug 1232421 SUSE bug 1232743 SUSE bug 1232812 SUSE bug 1232848 SUSE bug 1232895 SUSE bug 1233033 SUSE bug 1233060 SUSE bug 1233259 SUSE bug 1233260 SUSE bug 1233479 SUSE bug 1233551 SUSE bug 1233557 SUSE bug 1233749 SUSE bug 1234222 SUSE bug 1234480 SUSE bug 1234828 SUSE bug 1234936 SUSE bug 1235436 SUSE bug 1235455 SUSE bug 1235501 SUSE bug 1235524 SUSE bug 1235589 SUSE bug 1235591 SUSE bug 1235621 SUSE bug 1235637 SUSE bug 1235698 SUSE bug 1235711 SUSE bug 1235712 SUSE bug 1235715 SUSE bug 1235729 SUSE bug 1235733 SUSE bug 1235761 SUSE bug 1235870 SUSE bug 1235973 SUSE bug 1236099 SUSE bug 1236111 SUSE bug 1236206 SUSE bug 1236333 SUSE bug 1236692 SUSE bug 1237029 SUSE bug 1237164 SUSE bug 1237313 SUSE bug 1237530 SUSE bug 1237558 SUSE bug 1237562 SUSE bug 1237565 SUSE bug 1237571 SUSE bug 1237853 SUSE bug 1237856 SUSE bug 1237873 SUSE bug 1237875 SUSE bug 1237876 SUSE bug 1237877 SUSE bug 1237881 SUSE bug 1237885 SUSE bug 1237890 SUSE bug 1237894 SUSE bug 1237897 SUSE bug 1237900 SUSE bug 1237906 SUSE bug 1237907 SUSE bug 1237911 SUSE bug 1237912 SUSE bug 1237950 SUSE bug 1238212 SUSE bug 1238474 SUSE bug 1238475 SUSE bug 1238479 SUSE bug 1238494 SUSE bug 1238496 SUSE bug 1238497 SUSE bug 1238500 SUSE bug 1238501 SUSE bug 1238502 SUSE bug 1238503 SUSE bug 1238506 SUSE bug 1238507 SUSE bug 1238510 SUSE bug 1238511 SUSE bug 1238512 SUSE bug 1238521 SUSE bug 1238523 SUSE bug 1238526 SUSE bug 1238528 SUSE bug 1238529 SUSE bug 1238531 SUSE bug 1238532 SUSE bug 1238715 SUSE bug 1238716 SUSE bug 1238734 SUSE bug 1238735 SUSE bug 1238736 SUSE bug 1238738 SUSE bug 1238747 SUSE bug 1238754 SUSE bug 1238757 SUSE bug 1238760 SUSE bug 1238762 SUSE bug 1238763 SUSE bug 1238767 SUSE bug 1238768 SUSE bug 1238771 SUSE bug 1238772 SUSE bug 1238773 SUSE bug 1238775 SUSE bug 1238780 SUSE bug 1238781 SUSE bug 1238785 SUSE bug 1238864 SUSE bug 1238865 SUSE bug 1238876 SUSE bug 1238903 SUSE bug 1238904 SUSE bug 1238905 SUSE bug 1238909 SUSE bug 1238911 SUSE bug 1238917 SUSE bug 1238958 SUSE bug 1238959 SUSE bug 1238963 SUSE bug 1238964 SUSE bug 1238969 SUSE bug 1238971 SUSE bug 1238973 SUSE bug 1238975 SUSE bug 1238978 SUSE bug 1238979 SUSE bug 1238981 SUSE bug 1238984 SUSE bug 1238986 SUSE bug 1238993 SUSE bug 1238994 SUSE bug 1238997 SUSE bug 1239015 SUSE bug 1239016 SUSE bug 1239027 SUSE bug 1239029 SUSE bug 1239030 SUSE bug 1239033 SUSE bug 1239034 SUSE bug 1239036 SUSE bug 1239037 SUSE bug 1239038 SUSE bug 1239039 SUSE bug 1239045 SUSE bug 1239065 SUSE bug 1239068 SUSE bug 1239073 SUSE bug 1239076 SUSE bug 1239080 SUSE bug 1239085 SUSE bug 1239087 SUSE bug 1239095 SUSE bug 1239104 SUSE bug 1239105 SUSE bug 1239109 SUSE bug 1239112 SUSE bug 1239114 SUSE bug 1239115 SUSE bug 1239117 SUSE bug 1239167 SUSE bug 1239174 SUSE bug 1239346 SUSE bug 1239349 SUSE bug 1239435 SUSE bug 1239467 SUSE bug 1239468 SUSE bug 1239471 SUSE bug 1239473 SUSE bug 1239474 SUSE bug 1239477 SUSE bug 1239478 SUSE bug 1239479 SUSE bug 1239481 SUSE bug 1239482 SUSE bug 1239483 SUSE bug 1239484 SUSE bug 1239486 SUSE bug 1239508 SUSE bug 1239512 SUSE bug 1239518 SUSE bug 1239573 SUSE bug 1239594 SUSE bug 1239595 SUSE bug 1239600 SUSE bug 1239605 SUSE bug 1239615 SUSE bug 1239644 SUSE bug 1239707 SUSE bug 1239986 SUSE bug 1239994 SUSE bug 1240169 SUSE bug 1240172 SUSE bug 1240173 SUSE bug 1240175 SUSE bug 1240177 SUSE bug 1240179 SUSE bug 1240182 SUSE bug 1240183 SUSE bug 1240186 SUSE bug 1240188 SUSE bug 1240189 SUSE bug 1240191 SUSE bug 1240192 SUSE bug 1240333 SUSE bug 1240334 CVE-2023-52831 at SUSE CVE-2023-52831 at NVD CVE-2023-52926 at SUSE CVE-2023-52926 at NVD CVE-2023-52927 at SUSE CVE-2023-52927 at NVD CVE-2024-26634 at SUSE CVE-2024-26634 at NVD CVE-2024-26873 at SUSE CVE-2024-26873 at NVD CVE-2024-35826 at SUSE CVE-2024-35826 at NVD CVE-2024-35910 at SUSE CVE-2024-35910 at NVD CVE-2024-38606 at SUSE CVE-2024-38606 at NVD CVE-2024-41005 at SUSE CVE-2024-41005 at NVD CVE-2024-41077 at SUSE CVE-2024-41077 at NVD CVE-2024-41149 at SUSE CVE-2024-41149 at NVD CVE-2024-42307 at SUSE CVE-2024-42307 at NVD CVE-2024-43820 at SUSE CVE-2024-43820 at NVD CVE-2024-46736 at SUSE CVE-2024-46736 at NVD CVE-2024-46782 at SUSE CVE-2024-46782 at NVD CVE-2024-46796 at SUSE CVE-2024-46796 at NVD CVE-2024-47408 at SUSE CVE-2024-47408 at NVD CVE-2024-47794 at SUSE CVE-2024-47794 at NVD CVE-2024-49571 at SUSE CVE-2024-49571 at NVD CVE-2024-49924 at SUSE CVE-2024-49924 at NVD CVE-2024-49940 at SUSE CVE-2024-49940 at NVD CVE-2024-49994 at SUSE CVE-2024-49994 at NVD CVE-2024-50056 at SUSE CVE-2024-50056 at NVD CVE-2024-50126 at SUSE CVE-2024-50126 at NVD CVE-2024-50140 at SUSE CVE-2024-50140 at NVD CVE-2024-50152 at SUSE CVE-2024-50152 at NVD CVE-2024-50290 at SUSE CVE-2024-50290 at NVD CVE-2024-52559 at SUSE CVE-2024-52559 at NVD CVE-2024-53057 at SUSE CVE-2024-53057 at NVD CVE-2024-53063 at SUSE CVE-2024-53063 at NVD CVE-2024-53140 at SUSE CVE-2024-53140 at NVD CVE-2024-53163 at SUSE CVE-2024-53163 at NVD CVE-2024-53680 at SUSE CVE-2024-53680 at NVD CVE-2024-54683 at SUSE CVE-2024-54683 at NVD CVE-2024-56638 at SUSE CVE-2024-56638 at NVD CVE-2024-56640 at SUSE CVE-2024-56640 at NVD CVE-2024-56702 at SUSE CVE-2024-56702 at NVD CVE-2024-56703 at SUSE CVE-2024-56703 at NVD CVE-2024-56718 at SUSE CVE-2024-56718 at NVD CVE-2024-56719 at SUSE CVE-2024-56719 at NVD CVE-2024-56751 at SUSE CVE-2024-56751 at NVD CVE-2024-56758 at SUSE CVE-2024-56758 at NVD CVE-2024-56770 at SUSE CVE-2024-56770 at NVD CVE-2024-57807 at SUSE CVE-2024-57807 at NVD CVE-2024-57834 at SUSE CVE-2024-57834 at NVD CVE-2024-57900 at SUSE CVE-2024-57900 at NVD CVE-2024-57947 at SUSE CVE-2024-57947 at NVD CVE-2024-57973 at SUSE CVE-2024-57973 at NVD CVE-2024-57974 at SUSE CVE-2024-57974 at NVD CVE-2024-57978 at SUSE CVE-2024-57978 at NVD CVE-2024-57979 at SUSE CVE-2024-57979 at NVD CVE-2024-57980 at SUSE CVE-2024-57980 at NVD CVE-2024-57981 at SUSE CVE-2024-57981 at NVD CVE-2024-57986 at SUSE CVE-2024-57986 at NVD CVE-2024-57990 at SUSE CVE-2024-57990 at NVD CVE-2024-57993 at SUSE CVE-2024-57993 at NVD CVE-2024-57996 at SUSE CVE-2024-57996 at NVD CVE-2024-57997 at SUSE CVE-2024-57997 at NVD CVE-2024-57999 at SUSE CVE-2024-57999 at NVD CVE-2024-58002 at SUSE CVE-2024-58002 at NVD CVE-2024-58005 at SUSE CVE-2024-58005 at NVD CVE-2024-58006 at SUSE CVE-2024-58006 at NVD CVE-2024-58007 at SUSE CVE-2024-58007 at NVD CVE-2024-58009 at SUSE CVE-2024-58009 at NVD CVE-2024-58011 at SUSE CVE-2024-58011 at NVD CVE-2024-58012 at SUSE CVE-2024-58012 at NVD CVE-2024-58013 at SUSE CVE-2024-58013 at NVD CVE-2024-58014 at SUSE CVE-2024-58014 at NVD CVE-2024-58017 at SUSE CVE-2024-58017 at NVD CVE-2024-58019 at SUSE CVE-2024-58019 at NVD CVE-2024-58020 at SUSE CVE-2024-58020 at NVD CVE-2024-58034 at SUSE CVE-2024-58034 at NVD CVE-2024-58051 at SUSE CVE-2024-58051 at NVD CVE-2024-58052 at SUSE CVE-2024-58052 at NVD CVE-2024-58054 at SUSE CVE-2024-58054 at NVD CVE-2024-58055 at SUSE CVE-2024-58055 at NVD CVE-2024-58056 at SUSE CVE-2024-58056 at NVD CVE-2024-58057 at SUSE CVE-2024-58057 at NVD CVE-2024-58058 at SUSE CVE-2024-58058 at NVD CVE-2024-58061 at SUSE CVE-2024-58061 at NVD CVE-2024-58063 at SUSE CVE-2024-58063 at NVD CVE-2024-58069 at SUSE CVE-2024-58069 at NVD CVE-2024-58072 at SUSE CVE-2024-58072 at NVD CVE-2024-58076 at SUSE CVE-2024-58076 at NVD CVE-2024-58078 at SUSE CVE-2024-58078 at NVD CVE-2024-58079 at SUSE CVE-2024-58079 at NVD CVE-2024-58080 at SUSE CVE-2024-58080 at NVD CVE-2024-58083 at SUSE CVE-2024-58083 at NVD CVE-2024-58085 at SUSE CVE-2024-58085 at NVD CVE-2024-58086 at SUSE CVE-2024-58086 at NVD CVE-2025-21631 at SUSE CVE-2025-21631 at NVD CVE-2025-21635 at SUSE CVE-2025-21635 at NVD CVE-2025-21659 at SUSE CVE-2025-21659 at NVD CVE-2025-21671 at SUSE CVE-2025-21671 at NVD CVE-2025-21693 at SUSE CVE-2025-21693 at NVD CVE-2025-21701 at SUSE CVE-2025-21701 at NVD CVE-2025-21703 at SUSE CVE-2025-21703 at NVD CVE-2025-21704 at SUSE CVE-2025-21704 at NVD CVE-2025-21706 at SUSE CVE-2025-21706 at NVD CVE-2025-21708 at SUSE CVE-2025-21708 at NVD CVE-2025-21711 at SUSE CVE-2025-21711 at NVD CVE-2025-21714 at SUSE CVE-2025-21714 at NVD CVE-2025-21718 at SUSE CVE-2025-21718 at NVD CVE-2025-21723 at SUSE CVE-2025-21723 at NVD CVE-2025-21726 at SUSE CVE-2025-21726 at NVD CVE-2025-21727 at SUSE CVE-2025-21727 at NVD CVE-2025-21731 at SUSE CVE-2025-21731 at NVD CVE-2025-21732 at SUSE CVE-2025-21732 at NVD CVE-2025-21733 at SUSE CVE-2025-21733 at NVD CVE-2025-21734 at SUSE CVE-2025-21734 at NVD CVE-2025-21735 at SUSE CVE-2025-21735 at NVD CVE-2025-21736 at SUSE CVE-2025-21736 at NVD CVE-2025-21738 at SUSE CVE-2025-21738 at NVD CVE-2025-21739 at SUSE CVE-2025-21739 at NVD CVE-2025-21741 at SUSE CVE-2025-21741 at NVD CVE-2025-21742 at SUSE CVE-2025-21742 at NVD CVE-2025-21743 at SUSE CVE-2025-21743 at NVD CVE-2025-21744 at SUSE CVE-2025-21744 at NVD CVE-2025-21745 at SUSE CVE-2025-21745 at NVD CVE-2025-21749 at SUSE CVE-2025-21749 at NVD CVE-2025-21750 at SUSE CVE-2025-21750 at NVD CVE-2025-21753 at SUSE CVE-2025-21753 at NVD CVE-2025-21754 at SUSE CVE-2025-21754 at NVD CVE-2025-21756 at SUSE CVE-2025-21756 at NVD CVE-2025-21759 at SUSE CVE-2025-21759 at NVD CVE-2025-21760 at SUSE CVE-2025-21760 at NVD CVE-2025-21761 at SUSE CVE-2025-21761 at NVD CVE-2025-21762 at SUSE CVE-2025-21762 at NVD CVE-2025-21763 at SUSE CVE-2025-21763 at NVD CVE-2025-21764 at SUSE CVE-2025-21764 at NVD CVE-2025-21765 at SUSE CVE-2025-21765 at NVD CVE-2025-21766 at SUSE CVE-2025-21766 at NVD CVE-2025-21772 at SUSE CVE-2025-21772 at NVD CVE-2025-21773 at SUSE CVE-2025-21773 at NVD CVE-2025-21775 at SUSE CVE-2025-21775 at NVD CVE-2025-21776 at SUSE CVE-2025-21776 at NVD CVE-2025-21779 at SUSE CVE-2025-21779 at NVD CVE-2025-21780 at SUSE CVE-2025-21780 at NVD CVE-2025-21781 at SUSE CVE-2025-21781 at NVD CVE-2025-21782 at SUSE CVE-2025-21782 at NVD CVE-2025-21784 at SUSE CVE-2025-21784 at NVD CVE-2025-21785 at SUSE CVE-2025-21785 at NVD CVE-2025-21791 at SUSE CVE-2025-21791 at NVD CVE-2025-21793 at SUSE CVE-2025-21793 at NVD CVE-2025-21794 at SUSE CVE-2025-21794 at NVD CVE-2025-21796 at SUSE CVE-2025-21796 at NVD CVE-2025-21804 at SUSE CVE-2025-21804 at NVD CVE-2025-21810 at SUSE CVE-2025-21810 at NVD CVE-2025-21815 at SUSE CVE-2025-21815 at NVD CVE-2025-21819 at SUSE CVE-2025-21819 at NVD CVE-2025-21820 at SUSE CVE-2025-21820 at NVD CVE-2025-21821 at SUSE CVE-2025-21821 at NVD CVE-2025-21823 at SUSE CVE-2025-21823 at NVD CVE-2025-21825 at SUSE CVE-2025-21825 at NVD CVE-2025-21828 at SUSE CVE-2025-21828 at NVD CVE-2025-21829 at SUSE CVE-2025-21829 at NVD CVE-2025-21830 at SUSE CVE-2025-21830 at NVD CVE-2025-21831 at SUSE CVE-2025-21831 at NVD CVE-2025-21832 at SUSE CVE-2025-21832 at NVD CVE-2025-21835 at SUSE CVE-2025-21835 at NVD CVE-2025-21838 at SUSE CVE-2025-21838 at NVD CVE-2025-21844 at SUSE CVE-2025-21844 at NVD CVE-2025-21846 at SUSE CVE-2025-21846 at NVD CVE-2025-21847 at SUSE CVE-2025-21847 at NVD CVE-2025-21848 at SUSE CVE-2025-21848 at NVD CVE-2025-21850 at SUSE CVE-2025-21850 at NVD CVE-2025-21855 at SUSE CVE-2025-21855 at NVD CVE-2025-21856 at SUSE CVE-2025-21856 at NVD CVE-2025-21857 at SUSE CVE-2025-21857 at NVD CVE-2025-21858 at SUSE CVE-2025-21858 at NVD CVE-2025-21859 at SUSE CVE-2025-21859 at NVD CVE-2025-21861 at SUSE CVE-2025-21861 at NVD CVE-2025-21862 at SUSE CVE-2025-21862 at NVD CVE-2025-21864 at SUSE CVE-2025-21864 at NVD CVE-2025-21865 at SUSE CVE-2025-21865 at NVD CVE-2025-21866 at SUSE CVE-2025-21866 at NVD CVE-2025-21869 at SUSE CVE-2025-21869 at NVD CVE-2025-21870 at SUSE CVE-2025-21870 at NVD CVE-2025-21871 at SUSE CVE-2025-21871 at NVD CVE-2025-21876 at SUSE CVE-2025-21876 at NVD CVE-2025-21877 at SUSE CVE-2025-21877 at NVD CVE-2025-21878 at SUSE CVE-2025-21878 at NVD CVE-2025-21883 at SUSE CVE-2025-21883 at NVD CVE-2025-21885 at SUSE CVE-2025-21885 at NVD CVE-2025-21886 at SUSE CVE-2025-21886 at NVD CVE-2025-21888 at SUSE CVE-2025-21888 at NVD CVE-2025-21890 at SUSE CVE-2025-21890 at NVD CVE-2025-21891 at SUSE CVE-2025-21891 at NVD CVE-2025-21892 at SUSE CVE-2025-21892 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644). - CVE-2024-35910: tcp: properly terminate timers for kernel sockets (bsc#1224489). - CVE-2024-41005: netpoll: Fix race condition in netpoll_owner_active (bsc#1227858). - CVE-2024-46782: ila: call nf_unregister_net_hooks() sooner (bsc#1230769). - CVE-2024-47408: net/smc: check smcd_v2_ext_offset when receiving proposal msg (bsc#1235711). - CVE-2024-47794: kABI: bpf: Prevent tailcall infinite loop caused by freplace kABI workaround (bsc#1235712). - CVE-2024-49571: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg (bsc#1235733). - CVE-2024-49940: kABI fix for l2tp: prevent possible tunnel refcount underflow (bsc#1232812). - CVE-2024-50056: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c (bsc#1232389). - CVE-2024-50140: net: sched: use RCU read-side critical section in taprio_dump() (bsc#1233060). - CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551). - CVE-2024-53140: netlink: terminate outstanding dump on socket close (bsc#1234222). - CVE-2024-53680: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (bsc#1235715). - CVE-2024-54683: netfilter: IDLETIMER: Fix for possible ABBA deadlock (bsc#1235729). - CVE-2024-56638: kABI fix for 'netfilter: nft_inner: incorrect percpu area handling under softirq' (bsc#1235524). - CVE-2024-56640: net/smc: fix LGR and link use-after-free issue (bsc#1235436). - CVE-2024-56702: bpf: Add tracepoints with null-able arguments (bsc#1235501). - CVE-2024-56703: ipv6: Fix soft lockups in fib6_select_path under high next hop churn (bsc#1235455). - CVE-2024-56718: net/smc: protect link down work from execute after lgr freed (bsc#1235589). - CVE-2024-56719: net: stmmac: fix TSO DMA API usage causing oops (bsc#1235591). - CVE-2024-56751: ipv6: release nexthop on device removal (bsc#1234936). - CVE-2024-56758: btrfs: check folio mapping after unlock in relocate_one_folio() (bsc#1235621). - CVE-2024-56770: net/sched: netem: account for backlog updates from child qdisc (bsc#1235637). - CVE-2024-57900: ila: serialize calls to nf_register_net_hooks() (bsc#1235973). - CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333). - CVE-2024-57974: udp: Deal with race between UDP socket address change and rehash (bsc#1238532). - CVE-2024-57979: kABI workaround for pps changes (bsc#1238521). - CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076). - CVE-2024-58012: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (bsc#1239104). - CVE-2024-58019: nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997). - CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036). - CVE-2025-21635: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy (bsc#1236111). - CVE-2025-21659: netdev: prevent accessing NAPI instances from another namespace (bsc#1236206). - CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029). - CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164). - CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313). - CVE-2025-21706: mptcp: pm: only set fullmesh for subflow endp (bsc#1238528). - CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494). - CVE-2025-21739: kABI: ufshcd: add ufshcd_dealloc_host back (bsc#1238506). - CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875). - CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496). - CVE-2025-21759: ipv6: mcast: extend RCU protection in igmp6_send() (bsc#1238738). - CVE-2025-21760: ndisc: extend RCU protection in ndisc_send_skb() (bsc#1238763). - CVE-2025-21761: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (bsc#1238775). - CVE-2025-21762: arp: use RCU protection in arp_xmit() (bsc#1238780). - CVE-2025-21763: neighbour: use RCU protection in __neigh_notify() (bsc#1237897). - CVE-2025-21765: ipv6: use RCU protection in ip6_default_advmss() (bsc#1237906). - CVE-2025-21766: ipv4: use RCU protection in __ip_rt_update_pmtu() (bsc#1238754). - CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512). - CVE-2025-21825: selftests/bpf: Add test case for the freeing of bpf_timer (bsc#1238971). - CVE-2025-21844: smb: client: Add check for next_buffer in receive_encrypted_standard() (bsc#1239512). - CVE-2025-21848: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (bsc#1239479). - CVE-2025-21856: s390/ism: add release function for struct device (bsc#1239486). - CVE-2025-21857: net/sched: cls_api: fix error handling causing NULL dereference (bsc#1239478). - CVE-2025-21861: mm/migrate_device: do not add folio to be freed to LRU in migrate_device_finalize() (bsc#1239483). - CVE-2025-21862: drop_monitor: fix incorrect initialization order (bsc#1239474). - CVE-2025-21864: kABI fix for tcp: drop secpath at the same time as we currently drop (bsc#1239482). - CVE-2025-21865: gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl() (bsc#1239481). - CVE-2025-21870: ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers (bsc#1240191). - CVE-2025-21871: tee: optee: Fix supplicant wait loop (bsc#1240183). - CVE-2025-21883: ice: Fix deinitializing VF in error path (bsc#1240189). - CVE-2025-21890: idpf: fix checksums set in idpf_rx_rsc() (bsc#1240173). - CVE-2025-21891: ipvlan: ensure network headers are in skb linear part (bsc#1240186). The following non-security bugs were fixed: - accel/qaic: Fix integer overflow in qaic_validate_req() (git-fixes). - accel/qaic: Fix possible data corruption in BOs > 2G (git-fixes). - acpi: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530). - acpi: resource: IRQ override for Eluktronics MECH-17 (stable-fixes). - af_unix: Annotate data-race of sk->sk_state in unix_stream_read_skb() (bsc#1239435). - af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash (bsc#1239435). - af_unix: Remove put_pid()/put_cred() in copy_peercred() (bsc#1240334). - alsa: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0 (stable-fixes). - alsa: hda: intel: Add Dell ALC3271 to power_save denylist (stable-fixes). - alsa: hda: realtek: fix incorrect IS_REACHABLE() usage (git-fixes). - alsa: hda/realtek - add supported Mic Mute LED for Lenovo platform (stable-fixes). - alsa: hda/realtek: Add mute LED quirk for HP Pavilion x360 14-dy1xxx (stable-fixes). - alsa: hda/realtek: Add support for ASUS B3405 and B3605 Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS B5405 and B5605 Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS ROG Strix G614 Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS ROG Strix G814 Laptop using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for ASUS Zenbook UM3406KA Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for various ASUS Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Add support for various HP Laptops using CS35L41 HDA (stable-fixes). - alsa: hda/realtek: Always honor no_shutup_pins (git-fixes). - alsa: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes). - alsa: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA (git-fixes). - alsa: hda/realtek: Limit mic boost on Positivo ARN50 (stable-fixes). - alsa: hda/realtek: Remove (revert) duplicate Ally X config (git-fixes). - alsa: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx (stable-fixes). - alsa: hda/realtek: update ALC222 depop optimize (stable-fixes). - alsa: pcm: Drop superfluous NULL check in snd_pcm_format_set_silence() (git-fixes). - alsa: seq: Avoid module auto-load handling at event delivery (stable-fixes). - alsa: usb-audio: Add quirk for Plantronics headsets to fix control names (stable-fixes). - alsa: usb-audio: separate DJM-A9 cap lvl options (git-fixes). - alsa: usx2y: validate nrpacks module parameter on probe (git-fixes). - arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes) - arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes) - arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes) - arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes) - arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes) - arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes) - arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes) - arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes) - arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes) - arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes) - arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes) - arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes) - arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes) - arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes) - arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes) - arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes) - arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes) - asoc: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen 2 model (stable-fixes). - asoc: arizona/madera: use fsleep() in up/down DAPM event delays (stable-fixes). - asoc: codecs: wm0010: Fix error handling path in wm0010_spi_probe() (git-fixes). - asoc: cs35l41: check the return value from spi_setup() (git-fixes). - asoc: ops: Consistently treat platform_max as control value (git-fixes). - asoc: rt722-sdca: add missing readable registers (git-fixes). - asoc: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE (stable-fixes). - asoc: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi module (stable-fixes). - asoc: tas2764: Fix power control mask (stable-fixes). - asoc: tas2764: Set the SDOUT polarity correctly (stable-fixes). - asoc: tas2770: Fix volume scale (stable-fixes). - asoc: ti: j721e-evm: Fix clock configuration for ti,j7200-cpb-audio compatible (git-fixes). - ata: ahci: Add mask_port_map module parameter (git-fixes). - ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using result_tf (git-fixes). - ata: libata-scsi: Remove redundant sense_buffer memsets (git-fixes). - ata: libata: Fix NCQ Non-Data log not supported print (git-fixes). - ata: pata_parport: add custom version of wait_after_reset (git-fixes). - ata: pata_parport: fit3: implement IDE command set registers (git-fixes). - ata: pata_serverworks: Do not use the term blacklist (git-fixes). - ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() (git-fixes). - ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes). - auxdisplay: panel: Fix an API misuse in panel.c (git-fixes). - backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() (git-fixes). - batman-adv: Ignore own maximum aggregation size during RX (git-fixes). - bitmap: introduce generic optimized bitmap_size() (git-fixes). - block: cleanup and fix batch completion adding conditions (git-fixes). - block: do not revert iter for -EIOCBQUEUED (git-fixes). - bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes). - bluetooth: hci_event: Fix connection regression between LE and non-LE adapters (git-fixes). - bluetooth: hci_event: Fix enabling passive scanning (git-fixes). - bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel (git-fixes). - bluetooth: Improve setsockopt() handling of malformed user input (git-fixes). - bpf: Avoid kfree_rcu() under lock in bpf_lpm_trie (git-fixes). - bpf: Fix a verifier verbose message (git-fixes). - bpf: prevent r10 register from being marked as precise (git-fixes). - bpf: Replace bpf_lpm_trie_key 0-length array with flexible array (git-fixes). - bpf: Use -Wno-error in certain tests when building with GCC (git-fixes). - broadcom: fix supported flag check in periodic output function (git-fixes). - btrfs: check delayed refs when we're checking if a ref exists (bsc#1239605). - btrfs: do not use btrfs_bio_ctrl for extent buffer writing (bsc#1239045). - btrfs: drop the backref cache during relocation if we commit (bsc#1239605). - btrfs: remove the mirror_num argument to btrfs_submit_compressed_read (bsc#1239045). - btrfs: subpage: fix error handling in end_bio_subpage_eb_writepage (bsc#1239045). - btrfs: use a separate end_io handler for extent_buffer writing (bsc#1239045). - bus: mhi: host: Fix race between unprepare and queue_buf (git-fixes). - bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock (git-fixes). - bus: qcom-ssc-block-bus: Fix the error handling path of qcom_ssc_block_bus_probe() (git-fixes). - bus: qcom-ssc-block-bus: Remove some duplicated iounmap() calls (git-fixes). - bus: simple-pm-bus: fix forced runtime PM use (git-fixes). - can: flexcan: disable transceiver during system PM (git-fixes). - can: flexcan: only change CAN state when link up in system PM (git-fixes). - can: rcar_canfd: Fix page entries in the AFL list (git-fixes). - can: ucan: fix out of bound read in strscpy() source (git-fixes). - cdx: Fix possible UAF error in driver_override_show() (git-fixes). - char: misc: deallocate static minor in error path (git-fixes). - clockevents/drivers/i8253: Fix stop sequence for timer 0 (git-fixes). - coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes). - cppc_cpufreq: Use desired perf if feedback ctrs are 0 or unchanged (bsc#1237856) - cpufreq: cppc: cppc_cpufreq_get_rate() returns zero in all error (bsc#1237856) - cpufreq: cppc: Set fie_disabled to FIE_DISABLED if fails to create (bsc#1237856) - cpufreq/amd-pstate: Fix max_perf updation with schedutil (bsc#1239707). - cpufreq/cppc: Do not compare desired_perf in target() (bsc#1237856) - cpufreq/cppc: Move and rename (bsc#1237856) - cpumask: add cpumask_weight_andnot() (bsc#1239015). - cpumask: define cleanup function for cpumasks (bsc#1239015). - crypto: ccp - Fix check for the primary ASP device (git-fixes). - crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes). - crypto: hisilicon/sec2 - fix for aead auth key length (git-fixes). - crypto: hisilicon/sec2 - fix for aead authsize alignment (git-fixes). - crypto: hisilicon/sec2 - fix for sec spec check (git-fixes). - crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416). - crypto: iaa - Change desc->priv to 0 (jsc#PED-12416). - crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416). - crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416). - crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416). - crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416). - crypto: iaa - Remove header table code (jsc#PED-12416). - crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416). - crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (jsc#PED-12416). - crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416). - crypto: iaa - remove unneeded semicolon (jsc#PED-12416). - crypto: iaa - Test the correct request flag (git-fixes). - crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416). - crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416). - crypto: nx - Fix uninitialised hv_nxc on error (git-fixes). - crypto: qat - add admin msgs for telemetry (jsc#PED-12416). - crypto: qat - add auto reset on error (jsc#PED-12416). - crypto: qat - add bank save and restore flows (jsc#PED-12416). - crypto: qat - add fatal error notification (jsc#PED-12416). - crypto: qat - add fatal error notify method (jsc#PED-12416). - crypto: qat - add heartbeat error simulator (jsc#PED-12416). - crypto: qat - add interface for live migration (jsc#PED-12416). - crypto: qat - add support for 420xx devices (jsc#PED-12416). - crypto: qat - add support for device telemetry (jsc#PED-12416). - crypto: qat - add support for ring pair level telemetry (jsc#PED-12416). - crypto: qat - adf_get_etr_base() helper (jsc#PED-12416). - crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416). - crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416). - crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416). - crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416). - crypto: qat - Constify struct pm_status_row (jsc#PED-12416). - crypto: qat - disable arbitration before reset (jsc#PED-12416). - crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416). - crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416). - crypto: qat - fix 'Full Going True' macro definition (jsc#PED-12416). - crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416). - crypto: qat - fix comment structure (jsc#PED-12416). - crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416). - crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416). - crypto: qat - fix recovery flow for VFs (jsc#PED-12416). - crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416). - crypto: qat - Fix spelling mistake 'Invalide' -> 'Invalid' (jsc#PED-12416). - crypto: qat - Fix typo 'accelaration' (jsc#PED-12416). - crypto: qat - Fix typo (jsc#PED-12416). - crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416). - crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416). - crypto: qat - implement interface for live migration (jsc#PED-12416). - crypto: qat - improve aer error reset handling (jsc#PED-12416). - crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416). - crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416). - crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416). - crypto: qat - limit heartbeat notifications (jsc#PED-12416). - crypto: qat - make adf_ctl_class constant (jsc#PED-12416). - crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416). - crypto: qat - move fw config related structures (jsc#PED-12416). - crypto: qat - move PFVF compat checker to a function (jsc#PED-12416). - crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416). - crypto: qat - re-enable sriov after pf reset (jsc#PED-12416). - crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416). - crypto: qat - relocate CSR access code (jsc#PED-12416). - crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416). - crypto: qat - remove access to parity register for QAT GEN4 (git-fixes). - crypto: qat - Remove trailing space after \n newline (jsc#PED-12416). - crypto: qat - remove unnecessary description from comment (jsc#PED-12416). - crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416). - crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416). - crypto: qat - set parity error mask for qat_420xx (git-fixes). - crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416). - crypto: qat - update PFVF protocol for recovery (jsc#PED-12416). - crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416). - crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416). - crypto: qat - validate slices count returned by FW (jsc#PED-12416). - crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416). - dlm: prevent NPD when writing a positive value to event_done (git-fixes). - dm array: fix cursor index when skipping across block boundaries (git-fixes). - dm array: fix unreleased btree blocks on closing a faulty array cursor (git-fixes). - dm init: Handle minors larger than 255 (git-fixes). - dm integrity: fix out-of-range warning (git-fixes). - dm persistent data: fix memory allocation failure (git-fixes). - dm resume: do not return EINVAL when signalled (git-fixes). - dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes). - dm thin: Add missing destroy_work_on_stack() (git-fixes). - dm-crypt: do not update io->sector after kcryptd_crypt_write_io_submit() (git-fixes). - dm-crypt: track tag_offset in convert_context (git-fixes). - dm-delay: fix hung task introduced by kthread mode (git-fixes). - dm-delay: fix max_delay calculations (git-fixes). - dm-delay: fix workqueue delay_timer race (git-fixes). - dm-ebs: do not set the flag DM_TARGET_PASSES_INTEGRITY (git-fixes). - dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (git-fixes). - dm-integrity: align the outgoing bio in integrity_recheck (git-fixes). - dm-integrity: fix a race condition when accessing recalc_sector (git-fixes). - dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume (git-fixes). - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow (git-fixes). - dm-verity FEC: Fix RS FEC repair for roots unaligned to block size (take 2) (git-fixes). - dm: Fix typo in error message (git-fixes). - dma: kmsan: export kmsan_handle_dma() for modules (git-fixes). - documentation: qat: fix auto_reset attribute details (git-fixes). - documentation: qat: fix auto_reset section (git-fixes). - driver core: Remove needless return in void API device_remove_group() (git-fixes). - drivers: core: fix device leak in __fw_devlink_relax_cycles() (git-fixes). - drivers: hv: vmbus: Do not release fb_mmio resource in vmbus_free_mmio() (git-fixes). - drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in pmcmd_ioctl (git-fixes). - drm: xlnx: zynqmp: Fix max dma segment size (git-fixes). - drm/amd/display: Assign normalized_pix_clk when color depth = 14 (stable-fixes). - drm/amd/display: avoid NPD when ASIC does not support DMUB (git-fixes). - drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes). - drm/amd/display: Disable unneeded hpd interrupts during dm_init (stable-fixes). - drm/amd/display: Fix HPD after gpu reset (stable-fixes). - drm/amd/display: Fix slab-use-after-free on hdcp_work (git-fixes). - drm/amd/display: fix type mismatch in CalculateDynamicMetadataParameters() (git-fixes). - drm/amd/display: Restore correct backlight brightness after a GPU reset (stable-fixes). - drm/amd/display: Use HW lock mgr for PSR1 when only one eDP (git-fixes). - drm/amdgpu: Check extended configuration space register when system uses large bar (stable-fixes). - drm/amdgpu: Fix JPEG video caps max size for navi1x and raven (stable-fixes). - drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size (stable-fixes). - drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (git-fixes). - drm/amdgpu/umsch: declare umsch firmware (git-fixes). - drm/amdkfd: Fix Circular Locking Dependency in 'svm_range_cpu_invalidate_pagetables' (git-fixes). - drm/atomic: Filter out redundant DPMS calls (stable-fixes). - drm/bridge: Fix spelling mistake 'gettin' -> 'getting' (git-fixes). - drm/bridge: it6505: fix HDCP V match check is not performed correctly (git-fixes). - drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes). - drm/dp_mst: Fix drm RAD print (git-fixes). - drm/dp_mst: Fix locking when skipping CSN before topology probing (git-fixes). - drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() (git-fixes). - drm/hyperv: Fix address space leak when Hyper-V DRM device is removed (git-fixes). - drm/i915/cdclk: Do cdclk post plane programming later (stable-fixes). - drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL (git-fixes). - drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro (git-fixes). - drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes). - drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr (git-fixes). - drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer() (git-fixes). - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member (git-fixes). - drm/mediatek: mtk_hdmi: Unregister audio platform device on failure (git-fixes). - drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes). - drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes). - drm/msm/dpu: do not use active in atomic_check() (git-fixes). - drm/msm/dsi: Set PHY usescase (and mode) before registering DSI host (git-fixes). - drm/msm/dsi: Use existing per-interface slice count in DSC timing (git-fixes). - drm/nouveau: Do not override forced connector status (stable-fixes). - drm/panel: ilitek-ili9882t: fix GPIO name in error message (git-fixes). - drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M (stable-fixes). - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (git-fixes). - drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables (git-fixes). - drm/repaper: fix integer overflows in repeat functions (git-fixes). - drm/sched: Fix fence reference count leak (git-fixes). - drm/ssd130x: ensure ssd132x pitch is correct (git-fixes). - drm/ssd130x: fix ssd132x encoding (git-fixes). - drm/ssd130x: Set SPI .id_table to prevent an SPI core warning (git-fixes). - drm/v3d: Do not run jobs that have errors flagged in its fence (git-fixes). - drm/vkms: Fix use after free and double free on init error (git-fixes). - drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes). - dummycon: fix default rows/cols (git-fixes). - eeprom: digsy_mtc: Make GPIO lookup table match the device (git-fixes). - efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32 (bsc#1239349). - fbdev: au1100fb: Move a variable assignment behind a null pointer check (git-fixes). - fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes). - fbdev: sm501fb: Add some geometry checks (git-fixes). - firmware: arm_ffa: Explicitly cast return value from FFA_VERSION before comparison (git-fixes). - firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo() (git-fixes). - firmware: cs_dsp: Remove async regmap writes (git-fixes). - firmware: imx-scu: fix OF node leak in .probe() (git-fixes). - flow_dissector: use RCU protection to fetch dev_net() (bsc#1239994). - gpio: aggregator: protect driver attr handlers against module unload (git-fixes). - gpio: rcar: Fix missing of_node_put() call (git-fixes). - gpio: rcar: Use raw_spinlock to protect register access (stable-fixes). - gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU (git-fixes). - hid: apple: disable Fn key handling on the Omoton KB066 (git-fixes). - hid: apple: fix up the F6 key on the Omoton KB066 keyboard (stable-fixes). - hid: appleir: Fix potential NULL dereference at raw event handle (git-fixes). - hid: Enable playstation driver independently of sony driver (git-fixes). - hid: google: fix unused variable warning under !CONFIG_ACPI (git-fixes). - hid: hid-apple: Apple Magic Keyboard a3203 USB-C support (stable-fixes). - hid: hid-steam: Fix use-after-free when detaching device (git-fixes). - hid: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on system suspend (stable-fixes). - hid: ignore non-functional sensor in HP 5MP Camera (stable-fixes). - hid: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell (stable-fixes). - hid: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (git-fixes). - hid: intel-ish-hid: Send clock sync message immediately after reset (stable-fixes). - hid: remove superfluous (and wrong) Makefile entry for CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes). - hid: topre: Fix n-key rollover on Realforce R3S TKL boards (stable-fixes). - hwmon: (ad7314) Validate leading zero bits and return error (git-fixes). - hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table (git-fixes). - hwmon: (pmbus) Initialise page count in pmbus_identify() (git-fixes). - hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() (git-fixes). - i2c: ali1535: Fix an error handling path in ali1535_probe() (git-fixes). - i2c: ali15x3: Fix an error handling path in ali15x3_probe() (git-fixes). - i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated irq (git-fixes). - i2c: omap: fix IRQ storms (git-fixes). - i2c: sis630: Fix an error handling path in sis630_probe() (git-fixes). - i3c: Add NULL pointer check in i3c_master_queue_ibi() (git-fixes). - i3c: master: svc: Fix missing the IBI rules (git-fixes). - i3c: master: svc: Use readsb helper for reading MDB (git-fixes). - ib/mad: Check available slots before posting receive WRs (git-fixes) - ice: Remove and readd netdev during devlink reload (bsc#1230497 bsc#1239518). - iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio (git-fixes). - iio: accel: msa311: Fix failure to release runtime pm if direct mode claim fails (git-fixes). - iio: adc: ad4130: Fix comparison of channel setups (git-fixes). - iio: adc: ad7124: Fix comparison of channel configs (git-fixes). - iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value (git-fixes). - iio: dac: ad3552r: clear reset status flag (git-fixes). - iio: filter: admv8818: Force initialization of SDO (git-fixes). - include: net: add static inline dst_dev_overhead() to dst.h (git-fixes). - include/linux/mmzone.h: clean up watermark accessors (bsc#1239600). - init: add initramfs_internal.h (bsc#1232848). - initramfs: allocate heap buffers together (bsc#1232848). - initramfs: fix hardlink hash leak without TRAILER (bsc#1232848). - input: ads7846 - fix gpiod allocation (git-fixes). - input: i8042 - add required quirks for missing old boardnames (stable-fixes). - input: i8042 - swap old quirk combination with new quirk for more devices (stable-fixes). - input: i8042 - swap old quirk combination with new quirk for NHxxRZQ (stable-fixes). - input: i8042 - swap old quirk combination with new quirk for several devices (stable-fixes). - input: iqs7222 - add support for Azoteq IQS7222D (git-fixes). - input: iqs7222 - add support for IQS7222D v1.1 and v1.2 (git-fixes). - input: iqs7222 - preserve system status register (git-fixes). - input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir G7 SE controllers (stable-fixes). - input: xpad - add multiple supported devices (stable-fixes). - input: xpad - add support for TECNO Pocket Go (stable-fixes). - input: xpad - add support for ZOTAC Gaming Zone (stable-fixes). - input: xpad - rename QH controller to Legion Go S (stable-fixes). - intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes). - intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes). - intel_th: pci: Add Arrow Lake support (stable-fixes). - intel_th: pci: Add Panther Lake-H support (stable-fixes). - intel_th: pci: Add Panther Lake-P/U support (stable-fixes). - ioam6: improve checks on user data (git-fixes). - iommu/vt-d: Fix suspicious RCU usage (git-fixes). - ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994). - ipv4: use RCU protection in inet_select_addr() (bsc#1239994). - ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (bsc#1239994). - ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994). - ipv4: use RCU protection in rt_is_expired() (bsc#1239994). - ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes). - ipv6: avoid atomic fragment on GSO packets (git-fixes). - ipv6: Ensure natural alignment of const ipv6 loopback and router addresses (git-fixes). - ipv6: fib: hide unused 'pn' variable (git-fixes). - ipv6: fib6_rules: flush route cache when rule is changed (git-fixes). - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw() (git-fixes). - ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes). - ipv6: fix potential NULL deref in fib6_add() (git-fixes). - ipv6: icmp: convert to dev_net_rcu() (bsc#1239994). - ipv6: introduce dst_rt6_info() helper (git-fixes). - ipv6: ioam: block BH from ioam6_output() (git-fixes). - ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid (git-fixes). - ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create() (git-fixes). - ipv6: sr: add missing seg6_local_exit (git-fixes). - ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (git-fixes). - ipv6: take care of scope when choosing the src addr (git-fixes). - ipv6: Use RCU in ip6_input() (bsc#1239994). - jfs: add check read-only before truncation in jfs_truncate_nolock() (git-fixes). - jfs: add check read-only before txBeginAnon() call (git-fixes). - jfs: add index corruption check to DT_GETPAGE() (git-fixes). - jfs: fix slab-out-of-bounds read in ea_get() (git-fixes). - jfs: reject on-disk inodes of an unsupported type (git-fixes). - kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes). - kABI fix for net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - kABI fix for netlink: terminate outstanding dump on socket close (git-fixes). - kABI fix for RDMA/core: Do not expose hw_counters outside (git-fixes) - kABI fix for tcp: fix cookie_init_timestamp() overflows (git-fixes). - kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes). - kABI workaround for intel-ish-hid (git-fixes). - kABI workaround for soc_mixer_control changes (git-fixes). - kbuild: hdrcheck: fix cross build with clang (git-fixes). - kunit: qemu_configs: sparc: use Zilog console (git-fixes). - l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes). - l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function (git-fixes). - l2tp: fix lockdep splat (git-fixes). - leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res PWMs (git-fixes). - leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs (git-fixes). - lib: 842: Improve error handling in sw842_compress() (git-fixes). - lockdep: Do not disable interrupts on RT in disable_irq_nosync_lockdep.*() (git-fixes). - mdacon: rework dependency list (git-fixes). - media: i2c: adv748x: Fix test pattern selection mask (git-fixes). - media: i2c: ccs: Set the device's runtime PM status correctly in remove (git-fixes). - media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO (git-fixes). - media: i2c: ov7251: Set enable GPIO low in probe (git-fixes). - media: platform: allgro-dvt: unregister v4l2_device on the error path (git-fixes). - media: platform: stm32: Add check for clk_enable() (git-fixes). - media: siano: Fix error handling in smsdvb_module_init() (git-fixes). - media: streamzap: fix race between device disconnection and urb callback (git-fixes). - media: streamzap: prevent processing IR data on URB failure (git-fixes). - media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (git-fixes). - media: venus: hfi_parser: add check to avoid out of bound access (git-fixes). - media: venus: hfi_parser: refactor hfi packet parsing logic (git-fixes). - media: venus: hfi: add a check to handle OOB in sfr region (git-fixes). - media: venus: hfi: add check to handle incorrect queue size (git-fixes). - media: verisilicon: HEVC: Initialize start_bit field (git-fixes). - media: vim2m: print device name after registering device (git-fixes). - media: visl: Fix ERANGE error when setting enum controls (git-fixes). - mei: me: add panther lake P DID (stable-fixes). - memblock tests: fix warning: '__ALIGN_KERNEL' redefined (git-fixes). - memory: mtk-smi: Add ostd setting for mt8192 (git-fixes). - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (git-fixes). - mfd: ene-kb3930: Fix a potential NULL pointer dereference (git-fixes). - mfd: sm501: Switch to BIT() to mitigate integer overflows (git-fixes). - mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes). - mfd: syscon: Fix race in device_node_get_regmap() (git-fixes). - mfd: syscon: Remove extern from function prototypes (stable-fixes). - mfd: syscon: Use scoped variables with memory allocators to simplify error paths (stable-fixes). - mm: accept to promo watermark (bsc#1239600). - mm: create promo_wmark_pages and clean up open-coded sites (bsc#1239600). - mm: fix endless reclaim on machines with unaccepted memory (bsc#1239600). - mm: zswap: move allocations during CPU init outside the lock (git-fixes). - mm/page_alloc: fix memory accept before watermarks gets initialized (bsc#1239600). - mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes). - mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes). - mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops (git-fixes). - mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD (git-fixes). - mtd: Add check for devm_kcalloc() (git-fixes). - mtd: nand: Fix a kdoc comment (git-fixes). - mtd: rawnand: brcmnand: fix PM resume warning (git-fixes). - mtd: Replace kcalloc() with devm_kcalloc() (git-fixes). - ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() (bsc#1239994). - ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994). - net l2tp: drop flow hash on forward (git-fixes). - net_sched: Prevent creation of classes with TC_H_ROOT (git-fixes). - net_sched: sch_sfq: annotate data-races around q->perturb_period (git-fixes). - net_sched: sch_sfq: handle bigger packets (git-fixes). - net: add dev_net_rcu() helper (bsc#1239994). - net: constify sk_dst_get() and __sk_dst_get() argument (git-fixes). - net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes). - net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes). - net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes). - net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels (git-fixes). - net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes). - net: ipv6: fix wrong start position when receive hop-by-hop fragment (git-fixes). - net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: ioam6: code alignment (git-fixes). - net: ipv6: ioam6: new feature tunsrc (git-fixes). - net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() (git-fixes). - net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input (git-fixes). - net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes). - net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes). - net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX (git-fixes). - net: mana: add a function to spread IRQs per CPUs (bsc#1239015). - net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016). - net: mana: Allow variable size indirection table (bsc#1239016). - net: mana: Assigning IRQ affinity on HT cores (bsc#1239015). - net: mana: Avoid open coded arithmetic (bsc#1239016). - net: mana: cleanup mana struct after debugfs_remove() (git-fixes). - net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015). - net: mana: Support holes in device list reply msg (git-fixes). - net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480). - net: use unrcu_pointer() helper (git-fixes). - net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors (stable-fixes). - net/sched: act_api: deny mismatched skip_sw/skip_hw flags for actions created by classifiers (git-fixes). - net/sched: act_api: rely on rcu in tcf_idr_check_alloc (git-fixes). - net/sched: adjust device watchdog timer to detect stopped queue at right time (git-fixes). - net/sched: cbs: Fix integer overflow in cbs_set_port_rate() (git-fixes). - net/sched: cls_u32: replace int refcounts with proper refcounts (git-fixes). - net/sched: flower: Add lock protection when remove filter handle (git-fixes). - net/sched: taprio: make q->picos_per_byte available to fill_sched_entry() (git-fixes). - net/sched: tbf: correct backlog statistic for GSO packets (git-fixes). - nfsd: clear acl_access/acl_default after releasing them (git-fixes). - nvme-fc: do not ignore connectivity loss during connecting (git-fixes bsc#1222649). Refresh: - patches.suse/nvme-fc-use-ctrl-state-getter.patch - nvme-fc: go straight to connecting state when initializing (git-fixes bsc#1222649). - nvme-fc: rely on state transitions to handle connectivity loss (git-fixes bsc#1222649). - nvme-ioctl: fix leaked requests on mapping error (git-fixes). - nvme-pci: quirk Acer FA100 for non-uniqueue identifiers (git-fixes). - nvme-pci: remove stale comment (git-fixes). - nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes). - nvme-tcp: Fix a C2HTermReq error message (git-fixes). - nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (git-fixes). - nvme-tcp: fix signedness bug in nvme_tcp_init_connection() (git-fixes). - nvme: introduce nvme_disk_is_ns_head helper (git-fixes). - nvme: move error logging from nvme_end_req() to __nvme_end_req() (git-fixes). - nvme: move passthrough logging attribute to head (git-fixes). - nvme: only allow entering LIVE from CONNECTING state (git-fixes bsc#1222649). - nvmet-fc: Remove unused functions (git-fixes). - nvmet-rdma: recheck queue state is LIVE in state lock in recv done (git-fixes). - nvmet-tcp: Fix a possible sporadic response drops in weakly ordered arch (git-fixes). - nvmet: remove old function prototype (git-fixes). - ocfs2: check dir i_size in ocfs2_find_entry (git-fixes). - ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes). - ocfs2: handle a symlink read error correctly (git-fixes). - ocfs2: mark dquot as inactive if failed to start trans while releasing dquot (git-fixes). - ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes). - orangefs: fix a oob in orangefs_debug_write (git-fixes). - packaging: Patch Makefile to pre-select gcc version (jsc#PED-12251). - padata: fix sysfs store callback check (git-fixes). - partitions: mac: fix handling of bogus partition table (git-fixes). - pci: Avoid reset when disabled via sysfs (git-fixes). - pci: brcmstb: Fix error path after a call to regulator_bulk_get() (git-fixes). - pci: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() (git-fixes). - pci: brcmstb: Fix potential premature regulator disabling (git-fixes). - pci: brcmstb: Set generation limit before PCIe link up (git-fixes). - pci: brcmstb: Use internal register to change link capability (git-fixes). - pci: cadence-ep: Fix the driver to send MSG TLP for INTx without data payload (git-fixes). - pci: dwc: ep: Return -ENOMEM for allocation failures (git-fixes). - pci: Fix reference leak in pci_alloc_child_bus() (git-fixes). - pci: pciehp: Do not enable HPIE when resuming in poll mode (git-fixes). - pci: Remove stray put_device() in pci_register_host_bridge() (git-fixes). - pci: xilinx-cpm: Fix IRQ domain leak in error path of probe (git-fixes). - pci/ACS: Fix 'pci=config_acs=' parameter (git-fixes). - pci/ASPM: Fix link state exit during switch upstream function removal (git-fixes). - pci/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1237853) - pci/DOE: Support discovery version 2 (bsc#1237853) - pci/portdrv: Only disable pciehp interrupts early when needed (git-fixes). - pinctrl: bcm281xx: Fix incorrect regmap max_registers value (git-fixes). - pinctrl: intel: Fix wrong bypass assignment in intel_pinctrl_probe_pwm() (git-fixes). - pinctrl: qcom: Clear latched interrupt status when changing IRQ type (git-fixes). - pinctrl: renesas: rza2: Fix missing of_node_put() call (git-fixes). - pinctrl: renesas: rzv2m: Fix missing of_node_put() call (git-fixes). - pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes). - platform/x86: dell-ddv: Fix temperature calculation (git-fixes). - platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e (stable-fixes). - platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad X120e (stable-fixes). - platform/x86: thinkpad_acpi: Support for V9 DYTC platform profiles (stable-fixes). - platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show() (stable-fixes). - pm: sleep: Adjust check before setting power.must_resume (git-fixes). - pm: sleep: Fix handling devices with direct_complete set on errors (git-fixes). - pnfs/flexfiles: retry getting layout segment for reads (git-fixes). - power: supply: max77693: Fix wrong conversion of charge input threshold value (git-fixes). - powerpc: Stop using no_llseek (bsc#1239573). - powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573). - powerpc/pseries/eeh: move pseries_eeh_err_inject() outside CONFIG_DEBUG_FS block (bsc#1239573). - powerpc/pseries/iommu: memory notifier incorrectly adds TCEs for pmemory (bsc#1239167 ltc#211055). - rapidio: add check for rio_add_net() in rio_scan_alloc_net() (git-fixes). - rapidio: fix an API misues when rio_add_net() fails (git-fixes). - ras: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619). Replace our patch with the upstream version. - rdma/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes) - rdma/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes) - rdma/core: Do not expose hw_counters outside of init net namespace (git-fixes) - rdma/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes) - rdma/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes) - rdma/hns: Fix missing xa_destroy() (git-fixes) - rdma/hns: Fix soft lockup during bt pages loop (git-fixes) - rdma/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes) - rdma/hns: Fix wrong value of max_sge_rd (git-fixes) - rdma/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016). - rdma/mlx5: Fix cache entry update on dereg error (git-fixes) - rdma/mlx5: Fix calculation of total invalidated pages (git-fixes) - rdma/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes) - rdma/mlx5: Fix MR cache initialization error flow (git-fixes) - rdma/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes) - rdma/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes) - reapply 'wifi: ath11k: restore country code during resume' (bsc#1207948). - regulator: check that dummy regulator has been probed before using it (stable-fixes). - regulator: core: Fix deadlock in create_regulator() (git-fixes). - regulator: dummy: force synchronous probing (git-fixes). - revert 'dm: requeue IO if mapping table not yet available' (git-fixes). - revert 'drivers/card_reader/rtsx_usb: Restore interrupt based detection' (git-fixes). - revert 'leds-pca955x: Remove the unused function pca95xx_num_led_regs()' (stable-fixes). - revert 'wifi: ath11k: restore country code during resume' (bsc#1207948). - revert 'wifi: ath11k: support hibernation' (bsc#1207948). - rndis_host: Flag RNDIS modems as WWAN devices (git-fixes). - rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986) - rpm/release-projects: Update the ALP projects again (bsc#1231293). - s390/stackleak: Use exrl instead of ex in __stackleak_poison() (git-fixes bsc#1239594). - s390/traps: Fix test_monitor_call() inline assembly (git-fixes bsc#1239595). - sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743). - selftests: mptcp: close fd_in before returning in main_loop (git-fixes). - selftests: mptcp: fix incorrect fd checks in main_loop (git-fixes). - selftests/bpf: add fp-leaking precise subprog result tests (git-fixes). - selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute (git-fixes). - selftests/bpf: Fix flaky test btf_map_in_map/lookup_update (git-fixes). - selftests/bpf: Prevent client connect before server bind in test_tc_tunnel.sh (git-fixes). - selftests/mm/cow: fix the incorrect error handling (git-fixes). - selftests/x86/syscall: Fix coccinelle WARNING recommending the use of ARRAY_SIZE() (git-fixes). - seq_file: add helper macro to define attribute for rw file (jsc#PED-12416). - slimbus: messaging: Free transaction ID in delayed interrupt scenario (git-fixes). - smb: client: destroy cfid_put_wq on module exit (git-fixes). - soc: imx8m: Remove global soc_uid (stable-fixes). - soc: imx8m: Unregister cpufreq and soc dev in cleanup path (git-fixes). - soc: imx8m: Use devm_* to simplify probe failure handling (stable-fixes). - soc: mediatek: mt8167-mmsys: Fix missing regval in all entries (git-fixes). - soc: mediatek: mt8365-mmsys: Fix routing table masks and values (git-fixes). - soc: qcom: pdr: Fix the potential deadlock (git-fixes). - soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() (git-fixes). - soundwire: slave: fix an OF node reference leak in soundwire slave device (git-fixes). - spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes). - spi: microchip-core: Clean up redundant dev_err_probe() (git-fixes). - spi: microchip-core: Use helper function devm_clk_get_enabled() (git-fixes). - splice: do not checksum AF_UNIX sockets (bsc#1240333). - sunrpc: convert RPC_TASK_* constants to enum (git-fixes). - sunrpc: Handle -ETIMEDOUT return from tlshd (git-fixes). - sunrpc: Prevent looping due to rpc_signal_task() races (git-fixes). - sunrpc: suppress warnings for unused procfs functions (git-fixes). - supported.conf: add now-included qat_420xx (external, intel) - tcp: Add memory barrier to tcp_push() (git-fixes). - tcp: add tcp_done_with_error() helper (git-fixes). - tcp: Adjust clamping window for applications specifying SO_RCVBUF (git-fixes). - tcp: adjust rcvq_space after updating scaling ratio (git-fixes). - tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset (git-fixes). - tcp: annotate data-races around tp->window_clamp (git-fixes). - tcp: avoid premature drops in tcp_add_backlog() (git-fixes). - tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process (git-fixes). - tcp: check mptcp-level constraints for backlog coalescing (git-fixes). - tcp: check space before adding MPTCP SYN options (git-fixes). - tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack() (git-fixes). - tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes). - tcp: Defer ts_recent changes until req is owned (git-fixes). - tcp: define initial scaling factor value as a macro (git-fixes). - tcp: derive delack_max from rto_min (git-fixes). - tcp: Do not drop SYN+ACK for simultaneous connect() (git-fixes). - tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses (git-fixes). - tcp: fix cookie_init_timestamp() overflows (git-fixes). - tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (git-fixes). - tcp: fix forever orphan socket caused by tcp_abort (git-fixes). - tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function (git-fixes). - tcp: fix incorrect undo caused by DSACK of TLP retransmit (git-fixes). - tcp: fix mid stream window clamp (git-fixes). - tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes). - tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes). - tcp: fix race in tcp_write_err() (git-fixes). - tcp: fix races in tcp_abort() (git-fixes). - tcp: fix races in tcp_v_err() (git-fixes). - tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe (git-fixes). - tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for failed TFO (git-fixes). - tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits out (git-fixes). - tcp: fix to allow timestamp undo if no retransmits were sent (git-fixes). - tcp: increase the default TCP scaling ratio (git-fixes). - tcp: introduce tcp_clock_ms() (git-fixes). - tcp: process the 3rd ACK with sk_socket for TFO/MPTCP (git-fixes). - tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes). - tcp: remove 64 KByte limit for initial tp->rcv_wnd value (git-fixes). - tcp: replace tcp_time_stamp_raw() (git-fixes). - tcp: Update window clamping condition (git-fixes). - thermal: int340x: Add NULL check for adev (git-fixes). - thermal/drivers/rockchip: Add missing rk3328 mapping entry (git-fixes). - tools: move alignment-related macros to new &lt;linux/align.h> (git-fixes). - tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (git-fixes). - tpm, tpm_tis: Fix timeout handling when waiting for TPM status (git-fixes). - tpm: do not start chip while suspended (git-fixes). - tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870). - ubi: Add a check for ubi_num (git-fixes). - ubi: block: fix null-pointer-dereference in ubiblock_create() (git-fixes). - ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes). - ubi: correct the calculation of fastmap size (stable-fixes). - ubi: eba: properly rollback inside self_check_eba (git-fixes). - ubi: fastmap: Fix missed ec updating after erasing old fastmap data block (git-fixes). - ubi: fastmap: may_reserve_for_fm: Do not reserve PEB if fm_anchor exists (git-fixes). - ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is empty (git-fixes). - ubi: wl: Put source PEB into correct list if trying locking LEB failed (git-fixes). - usb: atm: cxacru: fix a flaw in existing endpoint checks (git-fixes). - usb: dwc3: gadget: Prevent irq storm when TH re-executes (git-fixes). - usb: gadget: Check bmAttributes only if configuration is valid (git-fixes). - usb: gadget: Fix setting self-powered state on suspend (git-fixes). - usb: gadget: Set self-powered based on MaxPower and bmAttributes (git-fixes). - usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails (git-fixes). - usb: hub: lack of clearing xHC resources (git-fixes). - usb: phy: generic: Use proper helper for property detection (stable-fixes). - usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader (stable-fixes). - usb: renesas_usbhs: Call clk_put() (git-fixes). - usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes). - usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes). - usb: serial: ftdi_sio: add support for Altera USB Blaster 3 (stable-fixes). - usb: serial: option: add Telit Cinterion FE990B compositions (stable-fixes). - usb: serial: option: fix Telit Cinterion FE990A name (stable-fixes). - usb: serial: option: match on interface class for Telit FN990B (stable-fixes). - usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality (git-fixes). - usb: typec: ucsi: Fix NULL pointer access (git-fixes). - usb: typec: ucsi: increase timeout for PPM reset operations (git-fixes). - usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host (git-fixes). - usb: xhci: Enable the TRB overfetch quirk on VIA VL805 (git-fixes). - usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes). - vboxsf: fix building with GCC 15 (stable-fixes). - wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (git-fixes). - wifi: ath11k: choose default PM policy for hibernation (bsc#1207948). - wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path (git-fixes). - wifi: ath11k: determine PM policy based on machine model (bsc#1207948). - wifi: ath11k: fix RCU stall while reaping monitor destination ring (git-fixes). - wifi: ath11k: fix wrong overriding for VHT Beamformee STS Capability (git-fixes). - wifi: ath11k: introduce ath11k_core_continue_suspend_resume() (bsc#1207948). - wifi: ath11k: refactor ath11k_core_suspend/_resume() (bsc#1207948). - wifi: ath11k: support non-WoWLAN mode suspend as well (bsc#1207948). - wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path (git-fixes). - wifi: ath12k: encode max Tx power in scan channel list command (git-fixes). - wifi: ath9k: do not submit zero bytes to the entropy pool (git-fixes). - wifi: cfg80211: cancel wiphy_work before freeing wiphy (git-fixes). - wifi: cfg80211: init wiphy_work before allocating rfkill fails (git-fixes). - wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms (git-fixes). - wifi: mac80211: fix integer overflow in hwmp_route_info_get() (git-fixes). - wifi: mt76: Add check for devm_kstrdup() (git-fixes). - wifi: mt76: mt7915: fix possible integer overflows in mt7915_muru_stats_show() (git-fixes). - wifi: mt76: mt7925: ensure wow pattern command align fw format (git-fixes). - wifi: mt76: mt7925: fix country count limitation for CLC (git-fixes). - wifi: mt76: mt7925: remove unused acpi function for clc (git-fixes). - wifi: mwifiex: Fix premature release of RF calibration data (git-fixes). - wifi: rtl8xxxu: Perform update_beacon_work when beaconing is enabled (git-fixes). - wifi: rtw89: fw: correct debug message format in rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes). - wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes). - x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes). - x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes). - x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes). - x86/boot/32: Temporarily map initrd for microcode loading (git-fixes). - x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes). - x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes). - x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes). - x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes). - x86/fpu: Fix guest FPU state buffer allocation size (git-fixes). - x86/hyperv: Fix output argument to hypercall that changes page visibility (git-fixes). - x86/hyperv/vtl: Stop kernel from probing VTL0 low memory (git-fixes). - x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes). - x86/microcode: Add per CPU control field (git-fixes). - x86/microcode: Add per CPU result state (git-fixes). - x86/microcode: Clarify the late load logic (git-fixes). - x86/microcode: Clean up mc_cpu_down_prep() (git-fixes). - x86/microcode: Get rid of the schedule work indirection (git-fixes). - x86/microcode: Handle 'nosmt' correctly (git-fixes). - x86/microcode: Handle 'offline' CPUs correctly (git-fixes). - x86/microcode: Hide the config knob (git-fixes). - x86/microcode: Include vendor headers into microcode.h (git-fixes). - x86/microcode: Make reload_early_microcode() static (git-fixes). - x86/microcode: Mop up early loading leftovers (git-fixes). - x86/microcode: Move core specific defines to local header (git-fixes). - x86/microcode: Prepare for minimal revision check (git-fixes). - x86/microcode: Protect against instrumentation (git-fixes). - x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes). - x86/microcode: Provide new control functions (git-fixes). - x86/microcode: Remove microcode_mutex (git-fixes). - x86/microcode: Remove pointless apply() invocation (git-fixes). - x86/microcode: Rendezvous and load in NMI (git-fixes). - x86/microcode: Replace the all-in-one rendevous handler (git-fixes). - x86/microcode: Sanitize __wait_for_cpus() (git-fixes). - x86/microcode/32: Move early loading after paging enable (git-fixes). - x86/microcode/amd: Cache builtin microcode too (git-fixes). - x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes). - x86/microcode/amd: Use cached microcode for AP load (git-fixes). - x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes). - x86/microcode/intel: Add a minimum required revision for late loading (git-fixes). - x86/microcode/intel: Cleanup code further (git-fixes). - x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes). - x86/microcode/intel: Remove debug code (git-fixes). - x86/microcode/intel: Remove pointless mutex (git-fixes). - x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes). - x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes). - x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes). - x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes). - x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes). - x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes). - x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes). - x86/microcode/intel: Simplify early loading (git-fixes). - x86/microcode/intel: Simplify scan_microcode() (git-fixes). - x86/microcode/intel: Switch to kvmalloc() (git-fixes). - x86/microcode/intel: Unify microcode apply() functions (git-fixes). - x86/mm: Remove unused microcode.h include (git-fixes). - x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes). - x86/speculation: Add __update_spec_ctrl() helper (git-fixes). - x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes). - xhci: Cleanup Candence controller PCI device and vendor ID usage (git-fixes). - xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701). - xhci: Combine two if statements for Etron xHCI host (jsc#PED-10701). - xhci: dbc: Check for errors first in xhci_dbc_stop() (git-fixes). - xhci: dbc: Convert to use sysfs_streq() (git-fixes). - xhci: dbc: Drop duplicate checks for dma_free_coherent() (git-fixes). - xhci: dbc: Fix STALL transfer event handling (git-fixes). - xhci: dbc: Replace custom return value with proper Linux error code (git-fixes). - xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes). - xhci: dbc: Use sysfs_emit() to instead of scnprintf() (git-fixes). - xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701). - xhci: Do not issue Reset Device command to Etron xHCI host (jsc#PED-10701). - xhci: Do not perform Soft Retry for Etron xHCI host (git-fixes). - xhci: pci: Fix indentation in the PCI device ID definitions (stable-fixes). - xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes). - xhci: pci: Use full names in PCI IDs for Intel platforms (git-fixes). - xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes). - xhci: pci: Use standard pattern for device IDs (git-fixes). Important SUSE bug 1207948 SUSE bug 1215199 SUSE bug 1215211 SUSE bug 1218470 SUSE bug 1221651 SUSE bug 1222649 SUSE bug 1223047 SUSE bug 1224489 SUSE bug 1224610 SUSE bug 1225533 SUSE bug 1225742 SUSE bug 1225770 SUSE bug 1226871 SUSE bug 1227858 SUSE bug 1228653 SUSE bug 1229311 SUSE bug 1229361 SUSE bug 1230497 SUSE bug 1230728 SUSE bug 1230769 SUSE bug 1230832 SUSE bug 1231293 SUSE bug 1231432 SUSE bug 1232364 SUSE bug 1232389 SUSE bug 1232421 SUSE bug 1232743 SUSE bug 1232812 SUSE bug 1232848 SUSE bug 1232895 SUSE bug 1233033 SUSE bug 1233060 SUSE bug 1233259 SUSE bug 1233260 SUSE bug 1233479 SUSE bug 1233551 SUSE bug 1233557 SUSE bug 1233749 SUSE bug 1234222 SUSE bug 1234480 SUSE bug 1234828 SUSE bug 1234936 SUSE bug 1235436 SUSE bug 1235455 SUSE bug 1235501 SUSE bug 1235524 SUSE bug 1235589 SUSE bug 1235591 SUSE bug 1235621 SUSE bug 1235637 SUSE bug 1235698 SUSE bug 1235711 SUSE bug 1235712 SUSE bug 1235715 SUSE bug 1235729 SUSE bug 1235733 SUSE bug 1235761 SUSE bug 1235870 SUSE bug 1235973 SUSE bug 1236099 SUSE bug 1236111 SUSE bug 1236206 SUSE bug 1236333 SUSE bug 1236692 SUSE bug 1237029 SUSE bug 1237164 SUSE bug 1237313 SUSE bug 1237530 SUSE bug 1237558 SUSE bug 1237562 SUSE bug 1237565 SUSE bug 1237571 SUSE bug 1237853 SUSE bug 1237856 SUSE bug 1237873 SUSE bug 1237875 SUSE bug 1237876 SUSE bug 1237877 SUSE bug 1237881 SUSE bug 1237885 SUSE bug 1237890 SUSE bug 1237894 SUSE bug 1237897 SUSE bug 1237900 SUSE bug 1237906 SUSE bug 1237907 SUSE bug 1237911 SUSE bug 1237912 SUSE bug 1237950 SUSE bug 1238212 SUSE bug 1238474 SUSE bug 1238475 SUSE bug 1238479 SUSE bug 1238494 SUSE bug 1238496 SUSE bug 1238497 SUSE bug 1238500 SUSE bug 1238501 SUSE bug 1238502 SUSE bug 1238503 SUSE bug 1238506 SUSE bug 1238507 SUSE bug 1238510 SUSE bug 1238511 SUSE bug 1238512 SUSE bug 1238521 SUSE bug 1238523 SUSE bug 1238526 SUSE bug 1238528 SUSE bug 1238529 SUSE bug 1238531 SUSE bug 1238532 SUSE bug 1238715 SUSE bug 1238716 SUSE bug 1238734 SUSE bug 1238735 SUSE bug 1238736 SUSE bug 1238738 SUSE bug 1238747 SUSE bug 1238754 SUSE bug 1238757 SUSE bug 1238760 SUSE bug 1238762 SUSE bug 1238763 SUSE bug 1238767 SUSE bug 1238768 SUSE bug 1238771 SUSE bug 1238772 SUSE bug 1238773 SUSE bug 1238775 SUSE bug 1238780 SUSE bug 1238781 SUSE bug 1238785 SUSE bug 1238864 SUSE bug 1238865 SUSE bug 1238876 SUSE bug 1238903 SUSE bug 1238904 SUSE bug 1238905 SUSE bug 1238909 SUSE bug 1238911 SUSE bug 1238917 SUSE bug 1238958 SUSE bug 1238959 SUSE bug 1238963 SUSE bug 1238964 SUSE bug 1238969 SUSE bug 1238971 SUSE bug 1238973 SUSE bug 1238975 SUSE bug 1238978 SUSE bug 1238979 SUSE bug 1238981 SUSE bug 1238984 SUSE bug 1238986 SUSE bug 1238993 SUSE bug 1238994 SUSE bug 1238997 SUSE bug 1239015 SUSE bug 1239016 SUSE bug 1239027 SUSE bug 1239029 SUSE bug 1239030 SUSE bug 1239033 SUSE bug 1239034 SUSE bug 1239036 SUSE bug 1239037 SUSE bug 1239038 SUSE bug 1239039 SUSE bug 1239045 SUSE bug 1239065 SUSE bug 1239068 SUSE bug 1239073 SUSE bug 1239076 SUSE bug 1239080 SUSE bug 1239085 SUSE bug 1239087 SUSE bug 1239095 SUSE bug 1239104 SUSE bug 1239105 SUSE bug 1239109 SUSE bug 1239112 SUSE bug 1239114 SUSE bug 1239115 SUSE bug 1239117 SUSE bug 1239167 SUSE bug 1239174 SUSE bug 1239346 SUSE bug 1239349 SUSE bug 1239435 SUSE bug 1239467 SUSE bug 1239468 SUSE bug 1239471 SUSE bug 1239473 SUSE bug 1239474 SUSE bug 1239477 SUSE bug 1239478 SUSE bug 1239479 SUSE bug 1239481 SUSE bug 1239482 SUSE bug 1239483 SUSE bug 1239484 SUSE bug 1239486 SUSE bug 1239508 SUSE bug 1239512 SUSE bug 1239518 SUSE bug 1239573 SUSE bug 1239594 SUSE bug 1239595 SUSE bug 1239600 SUSE bug 1239605 SUSE bug 1239615 SUSE bug 1239644 SUSE bug 1239707 SUSE bug 1239986 SUSE bug 1239994 SUSE bug 1240169 SUSE bug 1240172 SUSE bug 1240173 SUSE bug 1240175 SUSE bug 1240177 SUSE bug 1240179 SUSE bug 1240182 SUSE bug 1240183 SUSE bug 1240186 SUSE bug 1240188 SUSE bug 1240189 SUSE bug 1240191 SUSE bug 1240192 SUSE bug 1240333 SUSE bug 1240334 CVE-2023-52831 at SUSE CVE-2023-52831 at NVD CVE-2023-52926 at SUSE CVE-2023-52926 at NVD CVE-2023-52927 at SUSE CVE-2023-52927 at NVD CVE-2024-26634 at SUSE CVE-2024-26634 at NVD CVE-2024-26873 at SUSE CVE-2024-26873 at NVD CVE-2024-35826 at SUSE CVE-2024-35826 at NVD CVE-2024-35910 at SUSE CVE-2024-35910 at NVD CVE-2024-38606 at SUSE CVE-2024-38606 at NVD CVE-2024-41005 at SUSE CVE-2024-41005 at NVD CVE-2024-41077 at SUSE CVE-2024-41077 at NVD CVE-2024-41149 at SUSE CVE-2024-41149 at NVD CVE-2024-42307 at SUSE CVE-2024-42307 at NVD CVE-2024-43820 at SUSE CVE-2024-43820 at NVD CVE-2024-46736 at SUSE CVE-2024-46736 at NVD CVE-2024-46782 at SUSE CVE-2024-46782 at NVD CVE-2024-46796 at SUSE CVE-2024-46796 at NVD CVE-2024-47408 at SUSE CVE-2024-47408 at NVD CVE-2024-47794 at SUSE CVE-2024-47794 at NVD CVE-2024-49571 at SUSE CVE-2024-49571 at NVD CVE-2024-49924 at SUSE CVE-2024-49924 at NVD CVE-2024-49940 at SUSE CVE-2024-49940 at NVD CVE-2024-49994 at SUSE CVE-2024-49994 at NVD CVE-2024-50056 at SUSE CVE-2024-50056 at NVD CVE-2024-50126 at SUSE CVE-2024-50126 at NVD CVE-2024-50140 at SUSE CVE-2024-50140 at NVD CVE-2024-50152 at SUSE CVE-2024-50152 at NVD CVE-2024-50290 at SUSE CVE-2024-50290 at NVD CVE-2024-52559 at SUSE CVE-2024-52559 at NVD CVE-2024-53057 at SUSE CVE-2024-53057 at NVD CVE-2024-53063 at SUSE CVE-2024-53063 at NVD CVE-2024-53140 at SUSE CVE-2024-53140 at NVD CVE-2024-53163 at SUSE CVE-2024-53163 at NVD CVE-2024-53680 at SUSE CVE-2024-53680 at NVD CVE-2024-54683 at SUSE CVE-2024-54683 at NVD CVE-2024-56638 at SUSE CVE-2024-56638 at NVD CVE-2024-56640 at SUSE CVE-2024-56640 at NVD CVE-2024-56702 at SUSE CVE-2024-56702 at NVD CVE-2024-56703 at SUSE CVE-2024-56703 at NVD CVE-2024-56718 at SUSE CVE-2024-56718 at NVD CVE-2024-56719 at SUSE CVE-2024-56719 at NVD CVE-2024-56751 at SUSE CVE-2024-56751 at NVD CVE-2024-56758 at SUSE CVE-2024-56758 at NVD CVE-2024-56770 at SUSE CVE-2024-56770 at NVD CVE-2024-57807 at SUSE CVE-2024-57807 at NVD CVE-2024-57834 at SUSE CVE-2024-57834 at NVD CVE-2024-57900 at SUSE CVE-2024-57900 at NVD CVE-2024-57947 at SUSE CVE-2024-57947 at NVD CVE-2024-57973 at SUSE CVE-2024-57973 at NVD CVE-2024-57974 at SUSE CVE-2024-57974 at NVD CVE-2024-57978 at SUSE CVE-2024-57978 at NVD CVE-2024-57979 at SUSE CVE-2024-57979 at NVD CVE-2024-57980 at SUSE CVE-2024-57980 at NVD CVE-2024-57981 at SUSE CVE-2024-57981 at NVD CVE-2024-57986 at SUSE CVE-2024-57986 at NVD CVE-2024-57990 at SUSE CVE-2024-57990 at NVD CVE-2024-57993 at SUSE CVE-2024-57993 at NVD CVE-2024-57996 at SUSE CVE-2024-57996 at NVD CVE-2024-57997 at SUSE CVE-2024-57997 at NVD CVE-2024-57999 at SUSE CVE-2024-57999 at NVD CVE-2024-58002 at SUSE CVE-2024-58002 at NVD CVE-2024-58005 at SUSE CVE-2024-58005 at NVD CVE-2024-58006 at SUSE CVE-2024-58006 at NVD CVE-2024-58007 at SUSE CVE-2024-58007 at NVD CVE-2024-58009 at SUSE CVE-2024-58009 at NVD CVE-2024-58011 at SUSE CVE-2024-58011 at NVD CVE-2024-58012 at SUSE CVE-2024-58012 at NVD CVE-2024-58013 at SUSE CVE-2024-58013 at NVD CVE-2024-58014 at SUSE CVE-2024-58014 at NVD CVE-2024-58017 at SUSE CVE-2024-58017 at NVD CVE-2024-58019 at SUSE CVE-2024-58019 at NVD CVE-2024-58020 at SUSE CVE-2024-58020 at NVD CVE-2024-58034 at SUSE CVE-2024-58034 at NVD CVE-2024-58051 at SUSE CVE-2024-58051 at NVD CVE-2024-58052 at SUSE CVE-2024-58052 at NVD CVE-2024-58054 at SUSE CVE-2024-58054 at NVD CVE-2024-58055 at SUSE CVE-2024-58055 at NVD CVE-2024-58056 at SUSE CVE-2024-58056 at NVD CVE-2024-58057 at SUSE CVE-2024-58057 at NVD CVE-2024-58058 at SUSE CVE-2024-58058 at NVD CVE-2024-58061 at SUSE CVE-2024-58061 at NVD CVE-2024-58063 at SUSE CVE-2024-58063 at NVD CVE-2024-58069 at SUSE CVE-2024-58069 at NVD CVE-2024-58072 at SUSE CVE-2024-58072 at NVD CVE-2024-58076 at SUSE CVE-2024-58076 at NVD CVE-2024-58078 at SUSE CVE-2024-58078 at NVD CVE-2024-58079 at SUSE CVE-2024-58079 at NVD CVE-2024-58080 at SUSE CVE-2024-58080 at NVD CVE-2024-58083 at SUSE CVE-2024-58083 at NVD CVE-2024-58085 at SUSE CVE-2024-58085 at NVD CVE-2024-58086 at SUSE CVE-2024-58086 at NVD CVE-2025-21631 at SUSE CVE-2025-21631 at NVD CVE-2025-21635 at SUSE CVE-2025-21635 at NVD CVE-2025-21659 at SUSE CVE-2025-21659 at NVD CVE-2025-21671 at SUSE CVE-2025-21671 at NVD CVE-2025-21693 at SUSE CVE-2025-21693 at NVD CVE-2025-21701 at SUSE CVE-2025-21701 at NVD CVE-2025-21703 at SUSE CVE-2025-21703 at NVD CVE-2025-21704 at SUSE CVE-2025-21704 at NVD CVE-2025-21706 at SUSE CVE-2025-21706 at NVD CVE-2025-21708 at SUSE CVE-2025-21708 at NVD CVE-2025-21711 at SUSE CVE-2025-21711 at NVD CVE-2025-21714 at SUSE CVE-2025-21714 at NVD CVE-2025-21718 at SUSE CVE-2025-21718 at NVD CVE-2025-21723 at SUSE CVE-2025-21723 at NVD CVE-2025-21726 at SUSE CVE-2025-21726 at NVD CVE-2025-21727 at SUSE CVE-2025-21727 at NVD CVE-2025-21731 at SUSE CVE-2025-21731 at NVD CVE-2025-21732 at SUSE CVE-2025-21732 at NVD CVE-2025-21733 at SUSE CVE-2025-21733 at NVD CVE-2025-21734 at SUSE CVE-2025-21734 at NVD CVE-2025-21735 at SUSE CVE-2025-21735 at NVD CVE-2025-21736 at SUSE CVE-2025-21736 at NVD CVE-2025-21738 at SUSE CVE-2025-21738 at NVD CVE-2025-21739 at SUSE CVE-2025-21739 at NVD CVE-2025-21741 at SUSE CVE-2025-21741 at NVD CVE-2025-21742 at SUSE CVE-2025-21742 at NVD CVE-2025-21743 at SUSE CVE-2025-21743 at NVD CVE-2025-21744 at SUSE CVE-2025-21744 at NVD CVE-2025-21745 at SUSE CVE-2025-21745 at NVD CVE-2025-21749 at SUSE CVE-2025-21749 at NVD CVE-2025-21750 at SUSE CVE-2025-21750 at NVD CVE-2025-21753 at SUSE CVE-2025-21753 at NVD CVE-2025-21754 at SUSE CVE-2025-21754 at NVD CVE-2025-21756 at SUSE CVE-2025-21756 at NVD CVE-2025-21759 at SUSE CVE-2025-21759 at NVD CVE-2025-21760 at SUSE CVE-2025-21760 at NVD CVE-2025-21761 at SUSE CVE-2025-21761 at NVD CVE-2025-21762 at SUSE CVE-2025-21762 at NVD CVE-2025-21763 at SUSE CVE-2025-21763 at NVD CVE-2025-21764 at SUSE CVE-2025-21764 at NVD CVE-2025-21765 at SUSE CVE-2025-21765 at NVD CVE-2025-21766 at SUSE CVE-2025-21766 at NVD CVE-2025-21772 at SUSE CVE-2025-21772 at NVD CVE-2025-21773 at SUSE CVE-2025-21773 at NVD CVE-2025-21775 at SUSE CVE-2025-21775 at NVD CVE-2025-21776 at SUSE CVE-2025-21776 at NVD CVE-2025-21779 at SUSE CVE-2025-21779 at NVD CVE-2025-21780 at SUSE CVE-2025-21780 at NVD CVE-2025-21781 at SUSE CVE-2025-21781 at NVD CVE-2025-21782 at SUSE CVE-2025-21782 at NVD CVE-2025-21784 at SUSE CVE-2025-21784 at NVD CVE-2025-21785 at SUSE CVE-2025-21785 at NVD CVE-2025-21791 at SUSE CVE-2025-21791 at NVD CVE-2025-21793 at SUSE CVE-2025-21793 at NVD CVE-2025-21794 at SUSE CVE-2025-21794 at NVD CVE-2025-21796 at SUSE CVE-2025-21796 at NVD CVE-2025-21804 at SUSE CVE-2025-21804 at NVD CVE-2025-21810 at SUSE CVE-2025-21810 at NVD CVE-2025-21815 at SUSE CVE-2025-21815 at NVD CVE-2025-21819 at SUSE CVE-2025-21819 at NVD CVE-2025-21820 at SUSE CVE-2025-21820 at NVD CVE-2025-21821 at SUSE CVE-2025-21821 at NVD CVE-2025-21823 at SUSE CVE-2025-21823 at NVD CVE-2025-21825 at SUSE CVE-2025-21825 at NVD CVE-2025-21828 at SUSE CVE-2025-21828 at NVD CVE-2025-21829 at SUSE CVE-2025-21829 at NVD CVE-2025-21830 at SUSE CVE-2025-21830 at NVD CVE-2025-21831 at SUSE CVE-2025-21831 at NVD CVE-2025-21832 at SUSE CVE-2025-21832 at NVD CVE-2025-21835 at SUSE CVE-2025-21835 at NVD CVE-2025-21838 at SUSE CVE-2025-21838 at NVD CVE-2025-21844 at SUSE CVE-2025-21844 at NVD CVE-2025-21846 at SUSE CVE-2025-21846 at NVD CVE-2025-21847 at SUSE CVE-2025-21847 at NVD CVE-2025-21848 at SUSE CVE-2025-21848 at NVD CVE-2025-21850 at SUSE CVE-2025-21850 at NVD CVE-2025-21855 at SUSE CVE-2025-21855 at NVD CVE-2025-21856 at SUSE CVE-2025-21856 at NVD CVE-2025-21857 at SUSE CVE-2025-21857 at NVD CVE-2025-21858 at SUSE CVE-2025-21858 at NVD CVE-2025-21859 at SUSE CVE-2025-21859 at NVD CVE-2025-21861 at SUSE CVE-2025-21861 at NVD CVE-2025-21862 at SUSE CVE-2025-21862 at NVD CVE-2025-21864 at SUSE CVE-2025-21864 at NVD CVE-2025-21865 at SUSE CVE-2025-21865 at NVD CVE-2025-21866 at SUSE CVE-2025-21866 at NVD CVE-2025-21869 at SUSE CVE-2025-21869 at NVD CVE-2025-21870 at SUSE CVE-2025-21870 at NVD CVE-2025-21871 at SUSE CVE-2025-21871 at NVD CVE-2025-21876 at SUSE CVE-2025-21876 at NVD CVE-2025-21877 at SUSE CVE-2025-21877 at NVD CVE-2025-21878 at SUSE CVE-2025-21878 at NVD CVE-2025-21883 at SUSE CVE-2025-21883 at NVD CVE-2025-21885 at SUSE CVE-2025-21885 at NVD CVE-2025-21886 at SUSE CVE-2025-21886 at NVD CVE-2025-21888 at SUSE CVE-2025-21888 at NVD CVE-2025-21890 at SUSE CVE-2025-21890 at NVD CVE-2025-21891 at SUSE CVE-2025-21891 at NVD CVE-2025-21892 at SUSE CVE-2025-21892 at NVD cpe:/o:opensuse:leap:15.6 Security update for fontforge (Moderate) openSUSE Leap 15.6 This update for fontforge fixes the following issues: - CVE-2017-17521: Fixed command injection in help function uiutil.c (bsc#1073014) Moderate SUSE bug 1073014 CVE-2017-17521 at SUSE CVE-2017-17521 at NVD cpe:/o:opensuse:leap:15.6 Security update for expat (Important) openSUSE Leap 15.6 This update for expat fixes the following issues: - CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused by stack overflow by resolving use of recursion (bsc#1239618) Other fixes: - version update to 2.7.1 (jsc#PED-12500) Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}' with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives - version update to 2.7.0 #935 #937 Autotools: Make generated CMake files look for libexpat.@SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do Important SUSE bug 1239618 CVE-2024-8176 at SUSE CVE-2024-8176 at NVD cpe:/o:opensuse:leap:15.6 Security update for pgadmin4 (Important) openSUSE Leap 15.6 This update for pgadmin4 fixes the following issues: - CVE-2025-27152: axios: Fixed SSRF and creadential leakage due to requests sent to absolute URL even when baseURL is set (bsc#1239308) Important SUSE bug 1239308 CVE-2025-27152 at SUSE CVE-2025-27152 at NVD cpe:/o:opensuse:leap:15.6 Security update for haproxy (Moderate) openSUSE Leap 15.6 This update for haproxy fixes the following issues: - CVE-2025-32464: Fixed heap-based buffer overflow in sample_conv_regsub. (bsc#1240971) Moderate SUSE bug 1240971 CVE-2025-32464 at SUSE CVE-2025-32464 at NVD cpe:/o:opensuse:leap:15.6 Security update for etcd (Important) openSUSE Leap 15.6 This update for etcd fixes the following issues: - Update to version 3.5.21: - CVE-2025-30204: Fixed a bug that could allow excessive memory allocation during header parsing in jwt-go. (bsc#1240515) Important SUSE bug 1240515 CVE-2025-30204 at SUSE CVE-2025-30204 at NVD cpe:/o:opensuse:leap:15.6 Security update for apache2-mod_auth_openidc (Important) openSUSE Leap 15.6 This update for apache2-mod_auth_openidc fixes the following issues: - CVE-2025-31492: Fixed a bug where OIDCProviderAuthRequestMethod POSTs can leak protected data. (bsc#1240893) Important SUSE bug 1240893 CVE-2025-31492 at SUSE CVE-2025-31492 at NVD cpe:/o:opensuse:leap:15.6 Security update for mozjs52 (Moderate) openSUSE Leap 15.6 This update for mozjs52 fixes the following issues: - CVE-2024-56431: Fixed a negative shift in huffdec.c (bsc#1234837). Moderate SUSE bug 1234837 CVE-2024-56431 at SUSE CVE-2024-56431 at NVD cpe:/o:opensuse:leap:15.6 Security update for mozjs52 (Moderate) openSUSE Leap 15.6 This update for mozjs52 fixes the following issues: - CVE-2024-56431: Fixed a negative shift in huffdec.c (bsc#1234837). Moderate SUSE bug 1234837 CVE-2024-56431 at SUSE CVE-2024-56431 at NVD cpe:/o:opensuse:leap:15.6 Security update for rubygem-bundler (Important) openSUSE Leap 15.6 This update for rubygem-bundler fixes the following issues: - CVE-2020-36327: Fixed bundler choosing a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen (bsc#1185842) Other fixes: - Updated to version 2.2.34 Important SUSE bug 1185842 CVE-2020-36327 at SUSE CVE-2020-36327 at NVD cpe:/o:opensuse:leap:15.6 Security update for webkit2gtk3 (Important) openSUSE Leap 15.6 This update for webkit2gtk3 fixes the following issues: - Update to version 2.48.1 - CVE-2024-54551: improper memory handling may lead to a denial-of-service when processing certain web content (bsc#1240962) - CVE-2025-24208: permissions issue may lead to a cross-site scripting attack when loading a malicious iframe (bsc#1240961) - CVE-2025-24209: buffer overflow may lead to crash when processing maliciously crafted web content (bsc#1240964) - CVE-2025-24213: type confusion issue may lead to memory corruption (bsc#1240963) - CVE-2025-24216: improper memory handling may lead to an unexpected crash when processing certain web content (bsc#1240986) - CVE-2025-24264: improper memory handling may lead to unexpected crash when processing certain web content (bsc#1240987) - CVE-2025-30427: use-after-free issue may lead to an unexpected Safari crash when processing maliciously crafted web content (bsc#1240958) Important SUSE bug 1240958 SUSE bug 1240961 SUSE bug 1240962 SUSE bug 1240963 SUSE bug 1240964 SUSE bug 1240986 SUSE bug 1240987 CVE-2024-54551 at SUSE CVE-2024-54551 at NVD CVE-2025-24208 at SUSE CVE-2025-24208 at NVD CVE-2025-24209 at SUSE CVE-2025-24209 at NVD CVE-2025-24213 at SUSE CVE-2025-24213 at NVD CVE-2025-24216 at SUSE CVE-2025-24216 at NVD CVE-2025-24264 at SUSE CVE-2025-24264 at NVD CVE-2025-30427 at SUSE CVE-2025-30427 at NVD cpe:/o:opensuse:leap:15.6 Security update for rekor (Important) openSUSE Leap 15.6 This update for rekor fixes the following issues: - CVE-2023-45288: rekor: golang.org/x/net/http2: Fixed close connections when receiving too many headers (bsc#1236519) - CVE-2024-6104: rekor: hashicorp/go-retryablehttp: Fixed sensitive information disclosure inside log file (bsc#1227053) - CVE-2025-22868: rekor: golang.org/x/oauth2/jws: Fixed unexpected memory consumption during token parsing (bsc#1239191) - CVE-2025-22869: rekor: golang.org/x/crypto/ssh: Fixed denial of service in the Key Exchange (bsc#1239327) - CVE-2025-27144: rekor: gopkg.in/go-jose/go-jose.v2,github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: Fixed denial of service in Go JOSE's parsing (bsc#1237638) - CVE-2025-30204: rekor: github.com/golang-jwt/jwt/v5: Fixed jwt-go allowing excessive memory allocation during header parsing (bsc#1240468) Other fixes: - Update to version 1.3.10: * Features - Added --client-signing-algorithms flag (#1974) * Fixes / Misc - emit unpopulated values when marshalling (#2438) - pkg/api: better logs when algorithm registry rejects a key (#2429) - chore: improve mysql readiness checks (#2397) - Added --client-signing-algorithms flag (#1974) - Update to version 1.3.9 (jsc#SLE-23476): * Cache checkpoint for inactive shards (#2332) * Support per-shard signing keys (#2330) - Update to version 1.3.8: * Bug Fixes - fix zizmor issues (#2298) - remove unneeded value in log message (#2282) * Quality Enhancements - chore: relax go directive to permit 1.22.x - fetch minisign from homebrew instead of custom ppa (#2329) - fix(ci): simplify GOVERSION extraction - chore(deps): bump actions pins to latest - Updates go and golangci-lint (#2302) - update builder to use go1.23.4 (#2301) - clean up spaces - log request body on 500 error to aid debugging (#2283) - Update to version 1.3.7: * New Features - log request body on 500 error to aid debugging (#2283) - Add support for signing with Tink keyset (#2228) - Add public key hash check in Signed Note verification (#2214) - update Trillian TLS configuration (#2202) - Add TLS support for Trillian server (#2164) - Replace docker-compose with plugin if available (#2153) - Add flags to backfill script (#2146) - Unset DisableKeepalive for backfill HTTP client (#2137) - Add script to delete indexes from Redis (#2120) - Run CREATE statement in backfill script (#2109) - Add MySQL support to backfill script (#2081) - Run e2e tests on mysql and redis index backends (#2079) * Bug Fixes - remove unneeded value in log message (#2282) - Add error message when computing consistency proof (#2278) - fix validation error handling on API (#2217) - fix error in pretty-printed inclusion proof from verify subcommand (#2210) - Fix index scripts (#2203) - fix failing sharding test - Better error handling in backfill script (#2148) - Batch entries in cleanup script (#2158) - Add missing workflow for index cleanup test (#2121) - hashedrekord: fix schema $id (#2092) Important SUSE bug 1227053 SUSE bug 1236519 SUSE bug 1237638 SUSE bug 1239191 SUSE bug 1239327 SUSE bug 1240468 CVE-2023-45288 at SUSE CVE-2023-45288 at NVD CVE-2024-6104 at SUSE CVE-2024-6104 at NVD CVE-2025-22868 at SUSE CVE-2025-22868 at NVD CVE-2025-22869 at SUSE CVE-2025-22869 at NVD CVE-2025-27144 at SUSE CVE-2025-27144 at NVD CVE-2025-30204 at SUSE CVE-2025-30204 at NVD cpe:/o:opensuse:leap:15.6 Security update for cosign (Important) openSUSE Leap 15.6 This update for cosign fixes the following issues: - CVE-2024-6104: cosign: hashicorp/go-retryablehttp: Fixed sensitive information disclosure to log file (bsc#1227031) - CVE-2024-51744: cosign: github.com/golang-jwt/jwt/v4: Fixed bad documentation of error handling in ParseWithClaims leading to potentially dangerous situations (bsc#1232985) - CVE-2025-27144: cosign: github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: Fixed denial of service in Go JOSE's Parsing (bsc#1237682) - CVE-2025-22870: cosign: golang.org/x/net/proxy: Fixed proxy bypass using IPv6 zone IDs (bsc#1238693) - CVE-2025-22868: cosign: golang.org/x/oauth2/jws: Fixed unexpected memory consumption during token parsing (bsc#1239204) - CVE-2025-22869: cosign: golang.org/x/crypto/ssh: Fixed denial of service in the Key Exchange (bsc#1239337) Other fixes: - Update to version 2.5.0 (jsc#SLE-23476): * Update sigstore-go to pick up bug fixes (#4150) * Update golangci-lint to v2, update golangci-lint-action (#4143) * Feat/non filename completions (#4115) * update builder to use go1.24.1 (#4116) * Add support for new bundle specification for attesting/verifying OCI image attestations (#3889) * Remove cert log line (#4113) * cmd/cosign/cli: fix typo in ignoreTLogMessage (#4111) * bump to latest scaffolding release for testing (#4099) * increase 2e2_test docker compose tiemout to 180s (#4091) * Fix replace with compliant image mediatype (#4077) * Add TSA certificate related flags and fields for cosign attest (#4079) - Update to version 2.4.3 (jsc#SLE-23476): * Enable fetching signatures without remote get. (#4047) * Bump sigstore/sigstore to support KMS plugins (#4073) * sort properly Go imports (#4071) * sync comment with parameter name in function signature (#4063) * fix go imports order to be alphabetical (#4062) * fix comment typo and imports order (#4061) * Feat/file flag completion improvements (#4028) * Udpate builder to use go1.23.6 (#4052) * Refactor verifyNewBundle into library function (#4013) * fix parsing error in --only for cosign copy (#4049) * Fix codeowners syntax, add dep-maintainers (#4046) - Update to version 2.4.2 (jsc#SLE-23476): - Updated open-policy-agent to 1.1.0 library (#4036) - Note that only Rego v0 policies are supported at this time - Add UseSignedTimestamps to CheckOpts, refactor TSA options (#4006) - Add support for verifying root checksum in cosign initialize (#3953) - Detect if user supplied a valid protobuf bundle (#3931) - Add a log message if user doesn't provide --trusted-root (#3933) - Support mTLS towards container registry (#3922) - Add bundle create helper command (#3901) - Add trusted-root create helper command (#3876) Bug Fixes: - fix: set tls config while retaining other fields from default http transport (#4007) - policy fuzzer: ignore known panics (#3993) - Fix for multiple WithRemote options (#3982) - Add nightly conformance test workflow (#3979) - Fix copy --only for signatures + update/align docs (#3904) Important SUSE bug 1227031 SUSE bug 1232985 SUSE bug 1237682 SUSE bug 1238693 SUSE bug 1239204 SUSE bug 1239337 CVE-2024-51744 at SUSE CVE-2024-51744 at NVD CVE-2024-6104 at SUSE CVE-2024-6104 at NVD CVE-2025-22868 at SUSE CVE-2025-22868 at NVD CVE-2025-22869 at SUSE CVE-2025-22869 at NVD CVE-2025-22870 at SUSE CVE-2025-22870 at NVD CVE-2025-27144 at SUSE CVE-2025-27144 at NVD cpe:/o:opensuse:leap:15.6 Security update for pam (Moderate) openSUSE Leap 15.6 This update for pam fixes the following issues: - CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234) Moderate SUSE bug 1232234 CVE-2024-10041 at SUSE CVE-2024-10041 at NVD cpe:/o:opensuse:leap:15.6 Security update for mozjs52 (Moderate) openSUSE Leap 15.6 This update for mozjs52 fixes the following issues: - CVE-2024-56431: Fixed a negative shift in huffdec.c (bsc#1234837). Moderate SUSE bug 1234837 CVE-2024-56431 at SUSE CVE-2024-56431 at NVD cpe:/o:opensuse:leap:15.6 Security update for poppler (Moderate) openSUSE Leap 15.6 This update for poppler fixes the following issues: - CVE-2025-32364: Fixed a floating point exception. (bsc#1240880) - CVE-2025-32365: Fixed the isOk check in JBIG2Bitmap::combine function in JBIG2Stream.cc. (bsc#1240881) - Adding -fpie compile flag to GCC for Position Independent Executable (PIE) support (bsc#1239939). Moderate SUSE bug 1239939 SUSE bug 1240880 SUSE bug 1240881 CVE-2025-32364 at SUSE CVE-2025-32364 at NVD CVE-2025-32365 at SUSE CVE-2025-32365 at NVD cpe:/o:opensuse:leap:15.6 Security update for containerd (Moderate) openSUSE Leap 15.6 This update for containerd fixes the following issues: - CVE-2024-40635: Fixed integer overflow in User ID handling (bsc#1239749) Other fixes: - Update to containerd v1.7.27. Moderate SUSE bug 1239749 CVE-2024-40635 at SUSE CVE-2024-40635 at NVD cpe:/o:opensuse:leap:15.6 Security update for GraphicsMagick (Moderate) openSUSE Leap 15.6 This update for GraphicsMagick fixes the following issues: - CVE-2025-32460: Fixed a heap-based buffer over-read in ReadJXLImage. (bsc#1241150) Moderate SUSE bug 1241150 CVE-2025-32460 at SUSE CVE-2025-32460 at NVD cpe:/o:opensuse:leap:15.6 Security update for erlang26 (Critical) openSUSE Leap 15.6 This update for erlang26 fixes the following issues: - CVE-2025-30211: Fixed KEX init error results with excessive memory usage (bsc#1240390) - CVE-2025-32433: Fixed unauthenticated remote code execution in Erlang/OTP SSH (bsc#1241300) Critical SUSE bug 1240390 SUSE bug 1241300 CVE-2025-30211 at SUSE CVE-2025-30211 at NVD CVE-2025-32433 at SUSE CVE-2025-32433 at NVD cpe:/o:opensuse:leap:15.6 Security update for erlang (Critical) openSUSE Leap 15.6 This update for erlang fixes the following issues: - CVE-2025-32433: Fixed unauthenticated remote code execution in Erlang/OTP SSH (bsc#1241300) Critical SUSE bug 1241300 CVE-2025-32433 at SUSE CVE-2025-32433 at NVD cpe:/o:opensuse:leap:15.6 Security update for mozjs60 (Moderate) openSUSE Leap 15.6 This update for mozjs60 fixes the following issues: - CVE-2024-56431: Fixed a negative shift in huffdec.c (bsc#1234837). Moderate SUSE bug 1234837 CVE-2024-56431 at SUSE CVE-2024-56431 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaThunderbird (Important) openSUSE Leap 15.6 This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 128.9.2 (bsc#1241277) - CVE-2025-3522: Leak of hashed Window credentials via crafted attachment URL - CVE-2025-2830: Information Disclosure of /tmp directory listing - CVE-2025-3523: User Interface (UI) Misrepresentation of attachment URL Important SUSE bug 1241277 CVE-2025-2830 at SUSE CVE-2025-2830 at NVD CVE-2025-3522 at SUSE CVE-2025-3522 at NVD CVE-2025-3523 at SUSE CVE-2025-3523 at NVD cpe:/o:opensuse:leap:15.6 Security update for glib2 (Moderate) openSUSE Leap 15.6 This update for glib2 fixes the following issues: - CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897) Moderate SUSE bug 1240897 CVE-2025-3360 at SUSE CVE-2025-3360 at NVD cpe:/o:opensuse:leap:15.6 Security update for ruby2.5 (Important) openSUSE Leap 15.6 This update for ruby2.5 fixes the following issues: - CVE-2025-27219: Fixed denial of service in CGI::Cookie.parse (bsc#1237804) - CVE-2025-27220: Fixed ReDoS in CGI::Util#escapeElement (bsc#1237806) Other fixes: - Improved fix for CVE-2024-47220 (bsc#1230930, bsc#1235773) Important SUSE bug 1230930 SUSE bug 1235773 SUSE bug 1237804 SUSE bug 1237806 CVE-2024-47220 at SUSE CVE-2024-47220 at NVD CVE-2025-27219 at SUSE CVE-2025-27219 at NVD CVE-2025-27220 at SUSE CVE-2025-27220 at NVD cpe:/o:opensuse:leap:15.6 Security update for cifs-utils (Moderate) openSUSE Leap 15.6 This update for cifs-utils fixes the following issues: - CVE-2025-2312: Fixed cifs.upcall making an upcall to the wrong namespace in containerized environments while trying to get Kerberos credentials (bsc#1239680) Moderate SUSE bug 1239680 CVE-2025-2312 at SUSE CVE-2025-2312 at NVD cpe:/o:opensuse:leap:15.6 Security update for xen (Moderate) openSUSE Leap 15.6 This update for xen fixes the following issues: - CVE-2024-53241: Xen hypercall page unsafe against speculative attacks (bsc#1234282). Bug fixes: - Update to Xen 4.18.4 security bug fix release (bsc#1027519) * x86: Prefer ACPI reboot over UEFI ResetSystem() run time service call * No other changes mentioned in upstream changelog, sources, or webpage Moderate SUSE bug 1027519 SUSE bug 1234282 CVE-2024-53241 at SUSE CVE-2024-53241 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-21-openjdk (Important) openSUSE Leap 15.6 This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.7+6 (April 2025 CPU) CVEs fixed: + CVE-2025-21587: Fixed JSSE unauthorized access, deletion or modification of critical data (bsc#1241274) + CVE-2025-30691: Fixed Oracle Java SE Compiler Unauthorized Data Access (bsc#1241275) + CVE-2025-30698: Fixed Oracle Java 2D unauthorized data access and DoS (bsc#1241276) Changes: + JDK-8198237: [macos] Test java/awt/Frame/ /ExceptionOnSetExtendedStateTest/ /ExceptionOnSetExtendedStateTest.java fails + JDK-8211851: (ch) java/nio/channels/AsynchronousSocketChannel/ /StressLoopback.java times out (aix) + JDK-8226933: [TEST_BUG]GTK L&F: There is no swatches or RGB tab in JColorChooser + JDK-8226938: [TEST_BUG]GTK L&F: There is no Details button in FileChooser Dialog + JDK-8227529: With malformed --app-image the error messages are awful + JDK-8277240: java/awt/Graphics2D/ScaledTransform/ /ScaledTransform.java dialog does not get disposed + JDK-8283664: Remove jtreg tag manual=yesno for java/awt/print/PrinterJob/PrintTextTest.java + JDK-8286875: ProgrammableUpcallHandler::on_entry/on_exit access thread fields from native + JDK-8293345: SunPKCS11 provider checks on PKCS11 Mechanism are problematic + JDK-8294316: SA core file support is broken on macosx-x64 starting with macOS 12.x + JDK-8295159: DSO created with -ffast-math breaks Java floating-point arithmetic + JDK-8302111: Serialization considerations + JDK-8304701: Request with timeout aborts later in-flight request on HTTP/1.1 cxn + JDK-8309841: Jarsigner should print a warning if an entry is removed + JDK-8311546: Certificate name constraints improperly validated with leading period + JDK-8312570: [TESTBUG] Jtreg compiler/loopopts/superword/ /TestDependencyOffsets.java fails on 512-bit SVE + JDK-8313633: [macOS] java/awt/dnd/NextDropActionTest/ /NextDropActionTest.java fails with java.lang.RuntimeException: wrong next drop action! + JDK-8313905: Checked_cast assert in CDS compare_by_loader + JDK-8314752: Use google test string comparison macros + JDK-8314909: tools/jpackage/windows/Win8282351Test.java fails with java.lang.AssertionError: Expected [0]. Actual [1618]: + JDK-8315486: vmTestbase/nsk/jdwp/ThreadReference/ /ForceEarlyReturn/forceEarlyReturn002/forceEarlyReturn002.java timed out + JDK-8315825: Open some swing tests + JDK-8315882: Open some swing tests 2 + JDK-8315883: Open source several Swing JToolbar tests + JDK-8315952: Open source several Swing JToolbar JTooltip JTree tests + JDK-8316056: Open source several Swing JTree tests + JDK-8316146: Open some swing tests 4 + JDK-8316149: Open source several Swing JTree JViewport KeyboardManager tests + JDK-8316218: Open some swing tests 5 + JDK-8316371: Open some swing tests 6 + JDK-8316627: JViewport Test headless failure + JDK-8316885: jcmd: Compiler.CodeHeap_Analytics cmd does not inform about missing aggregate + JDK-8317283: jpackage tests run osx-specific checks on windows and linux + JDK-8317636: Improve heap walking API tests to verify correctness of field indexes + JDK-8317808: HTTP/2 stream cancelImpl may leave subscriber registered + JDK-8317919: pthread_attr_init handle return value and destroy pthread_attr_t object + JDK-8319233: AArch64: Build failure with clang due to -Wformat-nonliteral warning + JDK-8320372: test/jdk/sun/security/x509/DNSName/ /LeadingPeriod.java validity check failed + JDK-8320676: Manual printer tests have no Pass/Fail buttons, instructions close set 1 + JDK-8320691: Timeout handler on Windows takes 2 hours to complete + JDK-8320706: RuntimePackageTest.testUsrInstallDir test fails on Linux + JDK-8320916: jdk/jfr/event/gc/stacktrace/ /TestParallelMarkSweepAllocationPendingStackTrace.java failed with 'OutOfMemoryError: GC overhead limit exceeded' + JDK-8321818: vmTestbase/nsk/stress/strace/strace015.java failed with 'Cannot read the array length because '<local4>' is null' + JDK-8322983: Virtual Threads: exclude 2 tests + JDK-8324672: Update jdk/java/time/tck/java/time/ /TCKInstant.java now() to be more robust + JDK-8324807: Manual printer tests have no Pass/Fail buttons, instructions close set 2 + JDK-8324838: test_nmt_locationprinting.cpp broken in the gcc windows build + JDK-8325042: Remove unused JVMDITools test files + JDK-8325529: Remove unused imports from `ModuleGenerator` test file + JDK-8325659: Normalize Random usage by incubator vector tests + JDK-8325937: runtime/handshake/HandshakeDirectTest.java causes 'monitor end should be strictly below the frame pointer' assertion failure on AArch64 + JDK-8326421: Add jtreg test for large arrayCopy disjoint case. + JDK-8326525: com/sun/tools/attach/BasicTests.java does not verify AgentLoadException case + JDK-8327098: GTest needs larger combination limit + JDK-8327390: JitTester: Implement temporary folder functionality + JDK-8327460: Compile tests with the same visibility rules as product code + JDK-8327476: Upgrade JLine to 3.26.1 + JDK-8327505: Test com/sun/jmx/remote/ /NotificationMarshalVersions/TestSerializationMismatch.java fails + JDK-8327857: Remove applet usage from JColorChooser tests Test4222508 + JDK-8327859: Remove applet usage from JColorChooser tests Test4319113 + JDK-8327986: ASAN reports use-after-free in DirectivesParserTest.empty_object_vm + JDK-8327994: Update code gen in CallGeneratorHelper + JDK-8328005: Convert java/awt/im/JTextFieldTest.java applet test to main + JDK-8328085: C2: Use after free in PhaseChaitin::Register_Allocate() + JDK-8328121: Remove applet usage from JColorChooser tests Test4759306 + JDK-8328130: Remove applet usage from JColorChooser tests Test4759934 + JDK-8328185: Convert java/awt/image/MemoryLeakTest/ /MemoryLeakTest.java applet test to main + JDK-8328227: Remove applet usage from JColorChooser tests Test4887836 + JDK-8328368: Convert java/awt/image/multiresolution/ /MultiDisplayTest/MultiDisplayTest.java applet test to main + JDK-8328370: Convert java/awt/print/Dialog/PrintApplet.java applet test to main + JDK-8328380: Remove applet usage from JColorChooser tests Test6348456 + JDK-8328387: Convert java/awt/Frame/FrameStateTest/ /FrameStateTest.html applet test to main + JDK-8328403: Remove applet usage from JColorChooser tests Test6977726 + JDK-8328553: Get rid of JApplet in test/jdk/sanity/client/lib/ /SwingSet2/src/DemoModule.java + JDK-8328558: Convert javax/swing/JCheckBox/8032667/ /bug8032667.java applet test to main + JDK-8328717: Convert javax/swing/JColorChooser/8065098/ /bug8065098.java applet test to main + JDK-8328719: Convert java/awt/print/PageFormat/SetOrient.html applet test to main + JDK-8328730: Convert java/awt/print/bug8023392/bug8023392.html applet test to main + JDK-8328753: Open source few Undecorated Frame tests + JDK-8328819: Remove applet usage from JFileChooser tests bug6698013 + JDK-8328827: Convert java/awt/print/PrinterJob/ /PrinterDialogsModalityTest/PrinterDialogsModalityTest.html applet test to main + JDK-8329210: Delete Redundant Printer Dialog Modality Test + JDK-8329320: Simplify awt/print/PageFormat/NullPaper.java test + JDK-8329322: Convert PageFormat/Orient.java to use PassFailJFrame + JDK-8329692: Add more details to FrameStateTest.java test instructions + JDK-8330647: Two CDS tests fail with -UseCompressedOops and UseSerialGC/UseParallelGC + JDK-8330702: Update failure handler to don't generate Error message if cores actions are empty + JDK-8331735: UpcallLinker::on_exit races with GC when copying frame anchor + JDK-8331959: Update PKCS#11 Cryptographic Token Interface to v3.1 + JDK-8331977: Crash: SIGSEGV in dlerror() + JDK-8331993: Add counting leading/trailing zero tests for Integer + JDK-8332158: [XWayland] test/jdk/java/awt/Mouse/ /EnterExitEvents/ResizingFrameTest.java + JDK-8332494: java/util/zip/EntryCount64k.java failing with java.lang.RuntimeException: '\\A\\Z' missing from stderr + JDK-8332917: failure_handler should execute gdb 'info threads' command on linux + JDK-8333116: test/jdk/tools/jpackage/share/ServiceTest.java test fails + JDK-8333360: PrintNullString.java doesn't use float arguments + JDK-8333391: Test com/sun/jdi/InterruptHangTest.java failed: Thread was never interrupted during sleep + JDK-8333403: Write a test to check various components events are triggered properly + JDK-8333647: C2 SuperWord: some additional PopulateIndex tests + JDK-8334305: Remove all code for nsk.share.Log verbose mode + JDK-8334371: [AIX] Beginning with AIX 7.3 TL1 mmap() supports 64K memory pages + JDK-8334490: Normalize string with locale invariant `toLowerCase()` + JDK-8334777: Test javax/management/remote/mandatory/notif/ /NotifReconnectDeadlockTest.java failed with NullPointerException + JDK-8335288: SunPKCS11 initialization will call C_GetMechanismInfo on unsupported mechanisms + JDK-8335468: [XWayland] JavaFX hangs when calling java.awt.Robot.getPixelColor + JDK-8335789: [TESTBUG] XparColor.java test fails with Error. Parse Exception: Invalid or unrecognized bugid: @ + JDK-8336012: Fix usages of jtreg-reserved properties + JDK-8336498: [macos] [build]: install-file macro may run into permission denied error + JDK-8336692: Redo fix for JDK-8284620 + JDK-8336942: Improve test coverage for class loading elements with annotations of different retentions + JDK-8337222: gc/TestDisableExplicitGC.java fails due to unexpected CodeCache GC + JDK-8337494: Clarify JarInputStream behavior + JDK-8337660: C2: basic blocks with only BoxLock nodes are wrongly treated as empty + JDK-8337692: Better TLS connection support + JDK-8337886: java/awt/Frame/MaximizeUndecoratedTest.java fails in OEL due to a slight color difference + JDK-8337951: Test sun/security/validator/samedn.sh CertificateNotYetValidException: NotBefore validation + JDK-8337994: [REDO] Native memory leak when not recording any events + JDK-8338100: C2: assert(!n_loop->is_member(get_loop(lca))) failed: control must not be back in the loop + JDK-8338303: Linux ppc64le with toolchain clang - detection failure in early JVM startup + JDK-8338426: Test java/nio/channels/Selector/WakeupNow.java failed + JDK-8338430: Improve compiler transformations + JDK-8338571: [TestBug] DefaultCloseOperation.java test not working as expected wrt instruction after JDK-8325851 fix + JDK-8338595: Add more linesize for MIME decoder in macro bench test Base64Decode + JDK-8338668: Test javax/swing/JFileChooser/8080628/ /bug8080628.java doesn't test for GTK L&F + JDK-8339154: Cleanups and JUnit conversion of test/jdk/java/util/zip/Available.java + JDK-8339261: Logs truncated in test javax/net/ssl/DTLS/DTLSRehandshakeTest.java + JDK-8339356: Test javax/net/ssl/SSLSocket/Tls13PacketSize.java failed with java.net.SocketException: An established connection was aborted by the software in your host machine + JDK-8339475: Clean up return code handling for pthread calls in library coding + JDK-8339524: Clean up a few ExtendedRobot tests + JDK-8339542: compiler/codecache/CheckSegmentedCodeCache.java fails + JDK-8339687: Rearrange reachabilityFence()s in jdk.test.lib.util.ForceGC + JDK-8339728: [Accessibility,Windows,JAWS] Bug in the getKeyChar method of the AccessBridge class + JDK-8339810: Clean up the code in sun.tools.jar.Main to properly close resources and use ZipFile during extract + JDK-8339834: Replace usages of -mx and -ms in some tests + JDK-8339883: Open source several AWT/2D related tests + JDK-8339902: Open source couple TextField related tests + JDK-8339943: Frame not disposed in java/awt/dnd/DropActionChangeTest.java + JDK-8340078: Open source several 2D tests + JDK-8340116: test/jdk/sun/security/tools/jarsigner/ /PreserveRawManifestEntryAndDigest.java can fail due to regex + JDK-8340313: Crash due to invalid oop in nmethod after C1 patching + JDK-8340411: open source several 2D imaging tests + JDK-8340480: Bad copyright notices in changes from JDK-8339902 + JDK-8340687: Open source closed frame tests #1 + JDK-8340719: Open source AWT List tests + JDK-8340824: C2: Memory for TypeInterfaces not reclaimed by hashcons() + JDK-8340969: jdk/jfr/startupargs/TestStartDuration.java should be marked as flagless + JDK-8341037: Use standard layouts in DefaultFrameIconTest.java and MenuCrash.java + JDK-8341111: open source several AWT tests including menu shortcut tests + JDK-8341135: Incorrect format string after JDK-8339475 + JDK-8341194: [REDO] Implement C2 VectorizedHashCode on AArch64 + JDK-8341316: [macos] javax/swing/ProgressMonitor/ /ProgressMonitorEscapeKeyPress.java fails sometimes in macos + JDK-8341412: Various test failures after JDK-8334305 + JDK-8341424: GHA: Collect hs_errs from build time failures + JDK-8341453: java/awt/a11y/AccessibleJTableTest.java fails in some cases where the test tables are not visible + JDK-8341715: PPC64: ObjectMonitor::_owner should be reset unconditionally in nmethod unlocking + JDK-8341820: Check return value of hcreate_r + JDK-8341862: PPC64: C1 unwind_handler fails to unlock synchronized methods with LM_MONITOR + JDK-8341881: [REDO] java/nio/file/attribute/ /BasicFileAttributeView/CreationTime.java#tmp fails on alinux3 + JDK-8341978: Improve JButton/bug4490179.java + JDK-8341982: Simplify JButton/bug4323121.java + JDK-8342098: Write a test to compare the images + JDK-8342145: File libCreationTimeHelper.c compile fails on Alpine + JDK-8342270: Test sun/security/pkcs11/Provider/ /RequiredMechCheck.java needs write access to src tree + JDK-8342498: Add test for Allocation elimination after use as alignment reference by SuperWord + JDK-8342508: Use latch in BasicMenuUI/bug4983388.java instead of delay + JDK-8342541: Exclude List/KeyEventsTest/KeyEventsTest.java from running on macOS + JDK-8342562: Enhance Deflater operations + JDK-8342602: Remove JButton/PressedButtonRightClickTest test + JDK-8342609: jpackage test helper function incorrectly removes a directory instead of its contents only + JDK-8342634: javax/imageio/plugins/wbmp/ /WBMPStreamTruncateTest.java creates temp file in src dir + JDK-8342635: javax/swing/JFileChooser/FileSystemView/ /WindowsDefaultIconSizeTest.java creates tmp file in src dir + JDK-8342704: GHA: Report truncation is broken after JDK-8341424 + JDK-8342811: java/net/httpclient/PlainProxyConnectionTest.java failed: Unexpected connection count: 5 + JDK-8342858: Make target mac-jdk-bundle fails on chmod command + JDK-8342988: GHA: Build JTReg in single step + JDK-8343007: Enhance Buffered Image handling + JDK-8343100: Consolidate EmptyFolderTest and EmptyFolderPackageTest jpackage tests into single java file + JDK-8343101: Rework BasicTest.testTemp test cases + JDK-8343102: Remove `--compress` from jlink command lines from jpackage tests + JDK-8343118: [TESTBUG] java/awt/PrintJob/PrintCheckboxTest/ /PrintCheckboxManualTest.java fails with Error. Can't find HTML file PrintCheckboxManualTest.html + JDK-8343128: PassFailJFrame.java test result: Error. Bad action for script: build} + JDK-8343129: Disable unstable check of ThreadsListHandle.sanity_vm ThreadList values + JDK-8343144: UpcallLinker::on_entry racingly clears pending exception with GC safepoints + JDK-8343149: Cleanup os::print_tos_pc on AIX + JDK-8343178: Test BasicTest.java javac compile fails cannot find symbol + JDK-8343205: CompileBroker::possibly_add_compiler_threads excessively polls available memory + JDK-8343314: Move common properties from jpackage jtreg test declarations to TEST.properties file + JDK-8343343: Misc crash dump improvements on more platforms after JDK-8294160 + JDK-8343378: Exceptions in javax/management DeadLockTest.java do not cause test failure + JDK-8343396: Use OperatingSystem, Architecture, and OSVersion in jpackage tests + JDK-8343491: javax/management/remote/mandatory/connection/ /DeadLockTest.java failing with NoSuchObjectException: no such object in table + JDK-8343599: Kmem limit and max values swapped when printing container information + JDK-8343882: BasicAnnoTests doesn't handle multiple annotations at the same position + JDK-8344275: tools/jpackage/windows/Win8301247Test.java fails on localized Windows platform + JDK-8344326: Move jpackage tests from 'jdk.jpackage.tests' package to the default package + JDK-8344581: [TESTBUG] java/awt/Robot/ /ScreenCaptureRobotTest.java failing on macOS + JDK-8344589: Update IANA Language Subtag Registry to Version 2024-11-19 + JDK-8344646: The libjsig deprecation warning should go to stderr not stdout + JDK-8345296: AArch64: VM crashes with SIGILL when prctl is disallowed + JDK-8345368: java/io/File/createTempFile/SpecialTempFile.java fails on Windows Server 2025 + JDK-8345370: Bump update version for OpenJDK: jdk-21.0.7 + JDK-8345375: Improve debuggability of test/jdk/java/net/Socket/CloseAvailable.java + JDK-8345414: Google CAInterop test failures + JDK-8345468: test/jdk/javax/swing/JScrollBar/4865918/ /bug4865918.java fails in ubuntu22.04 + JDK-8345569: [ubsan] adjustments to filemap.cpp and virtualspace.cpp for macOS aarch64 + JDK-8345614: Improve AnnotationFormatError message for duplicate annotation interfaces + JDK-8345676: [ubsan] ProcessImpl_md.c:561:40: runtime error: applying zero offset to null pointer on macOS aarch64 + JDK-8345684: OperatingSystemMXBean.getSystemCpuLoad() throws NPE + JDK-8345750: Shenandoah: Test TestJcmdHeapDump.java#aggressive intermittent assert(gc_cause() == GCCause::_no_gc) failed: Over-writing cause + JDK-8346055: javax/swing/text/StyledEditorKit/4506788/ /bug4506788.java fails in ubuntu22.04 + JDK-8346108: [21u][BACKOUT] 8337994: [REDO] Native memory leak when not recording any events + JDK-8346324: javax/swing/JScrollBar/4865918/bug4865918.java fails in CI + JDK-8346587: Distrust TLS server certificates anchored by Camerfirma Root CAs + JDK-8346671: java/nio/file/Files/probeContentType/Basic.java fails on Windows 2025 + JDK-8346713: [testsuite] NeverActAsServerClassMachine breaks TestPLABAdaptToMinTLABSize.java TestPinnedHumongousFragmentation.java TestPinnedObjectContents.java + JDK-8346828: javax/swing/JScrollBar/4865918/bug4865918.java still fails in CI + JDK-8346847: [s390x] minimal build failure + JDK-8346880: [aix] java/lang/ProcessHandle/InfoTest.java still fails: 'reported cputime less than expected' + JDK-8346881: [ubsan] logSelection.cpp:154:24 / logSelectionList.cpp:72:94 : runtime error: applying non-zero offset 1 to null pointer + JDK-8346887: DrawFocusRect() may cause an assertion failure + JDK-8346972: Test java/nio/channels/FileChannel/ /LoopingTruncate.java fails sometimes with IOException: There is not enough space on the disk + JDK-8347038: [JMH] jdk.incubator.vector.SpiltReplicate fails NoClassDefFoundError + JDK-8347129: cpuset cgroups controller is required for no good reason + JDK-8347171: (dc) java/nio/channels/DatagramChannel/ /InterruptibleOrNot.java fails with virtual thread factory + JDK-8347256: Epsilon: Demote heap size and AlwaysPreTouch warnings to info level + JDK-8347267: [macOS]: UnixOperatingSystem.c:67:40: runtime error: division by zero + JDK-8347268: [ubsan] logOutput.cpp:357:21: runtime error: applying non-zero offset 1 to null pointer + JDK-8347424: Fix and rewrite sun/security/x509/DNSName/LeadingPeriod.java test + JDK-8347427: JTabbedPane/8134116/Bug8134116.java has no license header + JDK-8347576: Error output in libjsound has non matching format strings + JDK-8347740: java/io/File/createTempFile/SpecialTempFile.java failing + JDK-8347847: Enhance jar file support + JDK-8347911: Limit the length of inflated text chunks + JDK-8347965: (tz) Update Timezone Data to 2025a + JDK-8348562: ZGC: segmentation fault due to missing node type check in barrier elision analysis + JDK-8348625: [21u, 17u] Revert JDK-8185862 to restore old java.awt.headless behavior on Windows + JDK-8348675: TrayIcon tests fail in Ubuntu 24.10 Wayland + JDK-8349039: Adjust exception No type named <ThreadType> in database + JDK-8349603: [21u, 17u, 11u] Update GHA JDKs after Jan/25 updates + JDK-8349729: [21u] AIX jtreg tests fail to compile with qvisibility=hidden + JDK-8352097: (tz) zone.tab update missed in 2025a backport + JDK-8353904: [21u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 21.0.7 - Update to upstream tag jdk-21.0.6+7 (January 2025 CPU) Important SUSE bug 1241274 SUSE bug 1241275 SUSE bug 1241276 CVE-2025-21587 at SUSE CVE-2025-21587 at NVD CVE-2025-30691 at SUSE CVE-2025-30691 at NVD CVE-2025-30698 at SUSE CVE-2025-30698 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-h11 (Critical) openSUSE Leap 15.6 This update for python-h11 fixes the following issues: - CVE-2025-43859: leniency when parsing of line terminators in chunked-coding message bodies can lead to request smuggling. (bsc#1241872) Critical SUSE bug 1241872 CVE-2025-43859 at SUSE CVE-2025-43859 at NVD cpe:/o:opensuse:leap:15.6 Security update for redis (Important) openSUSE Leap 15.6 This update for redis fixes the following issues: - CVE-2025-21605: Fixed an output buffer denial of service. (bsc#1241708) Important SUSE bug 1241708 CVE-2025-21605 at SUSE CVE-2025-21605 at NVD cpe:/o:opensuse:leap:15.6 Security update for redis (Important) openSUSE Leap 15.6 This update for redis fixes the following issues: - CVE-2025-21605: Fixed an output buffer denial of service. (bsc#1241708) Important SUSE bug 1241708 CVE-2025-21605 at SUSE CVE-2025-21605 at NVD cpe:/o:opensuse:leap:15.6 Security update for poppler (Moderate) openSUSE Leap 15.6 This update for poppler fixes the following issues: - CVE-2025-43903: improper verification of adbe.pkcs7.sha1 signatures allows for signature forgeries. (bsc#1241620) Moderate SUSE bug 1241620 CVE-2025-43903 at SUSE CVE-2025-43903 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaFirefox (Important) openSUSE Leap 15.6 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 128.10.0 ESR MFSA 2025-29 (bsc#1241621): * CVE-2025-2817: Potential privilege escalation in Firefox Updater * CVE-2025-4082: WebGL shader attribute memory corruption in Firefox for macOS * CVE-2025-4083: Process isolation bypass using `javascript:` URI links in cross-origin frames * CVE-2025-4084: Potential local code execution in 'copy as cURL' command * CVE-2025-4087: Unsafe attribute access during XPath parsing * CVE-2025-4091: Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10 * CVE-2025-4093: Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird 128.10 Important SUSE bug 1241621 CVE-2025-2817 at SUSE CVE-2025-2817 at NVD CVE-2025-4082 at SUSE CVE-2025-4082 at NVD CVE-2025-4083 at SUSE CVE-2025-4083 at NVD CVE-2025-4084 at SUSE CVE-2025-4084 at NVD CVE-2025-4087 at SUSE CVE-2025-4087 at NVD CVE-2025-4091 at SUSE CVE-2025-4091 at NVD CVE-2025-4093 at SUSE CVE-2025-4093 at NVD cpe:/o:opensuse:leap:15.6 Security update for libxml2 (Moderate) openSUSE Leap 15.6 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) Moderate SUSE bug 1241453 SUSE bug 1241551 CVE-2025-32414 at SUSE CVE-2025-32414 at NVD CVE-2025-32415 at SUSE CVE-2025-32415 at NVD cpe:/o:opensuse:leap:15.6 Security update for libxml2 (Moderate) openSUSE Leap 15.6 This update for libxml2 fixes the following issues: - CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551) - CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453) Moderate SUSE bug 1241453 SUSE bug 1241551 CVE-2025-32414 at SUSE CVE-2025-32414 at NVD CVE-2025-32415 at SUSE CVE-2025-32415 at NVD cpe:/o:opensuse:leap:15.6 Recommended update for bubblewrap, flatpak, wayland-protocols (Moderate) openSUSE Leap 15.6 This update for bubblewrap, flatpak updates flatpak to 1.16.0. flatpak changes: - Update to version 1.16.0: + Bug fixes: - Update libglnx to 2024-12-06: . Fix an assertion failure if creating a parent directory encounters a dangling symlink. . Fix a Meson warning. . Don't emit terminal progress indicator escape sequences by default. They are interpreted as notifications by some terminal emulators. - Fix introspection annotations in libflatpak. + Enhancements: - Add the FLATPAK_TTY_PROGRESS environment variable, which re-enables the terminal progress indicator escape sequences added in 1.15.91. - Document the FLATPAK_FANCY_OUTPUT environment variable, which allows disabling the fancy formatting when outputting to a terminal. Update to version 1.15.91 (unstable): + Enhancements: - Add the FLATPAK_DATA_DIR environment variable, which allows overriding at runtime the data directory location that Flatpak uses to search for configuration files such as remotes. This is useful for running tests, and for when installing using Flatpak in a chroot. - Add a FLATPAK_DOWNLOAD_TMPDIR variable. This allows using download directories other than /var/tmp. - Emit progress escape sequence. This can be used by terminal emulators to detect and display progress of Flatpak operations on their graphical user interfaces. + Bug fixes: - Install missing test data. This should fix 'as-installed' tests via ginsttest-runner, used for example in Debian's autopkgtest framework. - Unify and improve how the Wayland socket is passed to the sandboxed app. This should fix a regression that is triggered by compositors that both implement the security-context-v1 protocol, and sets the WAYLAND_DISPLAY environment variable when launching Flatpak apps. - Fix the plural form of a translatable string. Update to version 1.15.12: + Return to using the process ID of the Flatpak app in the cgroup name. Using the instance ID in 1.15.11 caused crashes when installing apps, extensions or runtimes that use the 'extra data' mechanism, which does not set up an instance ID. Changes from version 1.15.11: + Dependencies: - In distributions that compile Flatpak to use a separate xdg-dbus-proxy executable, version 0.1.6 is recommended (but not required). - The minimum xdg-dbus-proxy continues to be 0.1.0. + Enhancements: - Allow applications like WebKit to connect the AT-SPI accessibility tree of processes in a sub-sandbox with the tree in the main process. . New sandboxing parameter flatpak run --a11y-own-name, which is like --own-name but for the accessibility bus. . flatpak-portal API v7: add new sandbox-a11y-own-names option, which accepts names matching ${FLATPAK_ID}.* . Apps may call the org.a11y.atspi.Socket.Embedded method on names matching ${FLATPAK_ID}.Sandboxed.* by default . flatpak run -vv $app_id shows all applicable sandboxing parameters and their source, including overrides, as debug messages - Introduce USB device listing . Apps can list which USB devices they want to access ahead of time by using the --usb parameter. Check the manpages for the more information about the accepted syntax. . Denying access to USB devices is also possible with the --no-usb parameter. The syntax is equal to --usb. . Both options merely store metadata, and aren't used by Flatpak itself. This metadata is intended to be used by the (as of now, still in progress) USB portal to decide which devices the app can enumerate and request access. - Add support for KDE search completion - Use the instance id of the Flatpak app as part of the cgroup name. This better matches the naming conventions for cgroup. + Bug fixes: - Update libglnx to 2024-08-23 - fix build in environments that use -Werror=return-type, such as openSUSE Tumbleweed - add a fallback definition for G_PID_FORMAT with older GLib - avoid warnings for g_steal_fd() with newer GLib - improve compatibility of g_closefrom() backport with newer GLib - Update meson wrap file for xdg-dbus-proxy to version 0.1.6: - compatibility with D-Bus implementations that pipeline the authentication handshake, such as sd-bus and zbus - compatibility with D-Bus implementations that use non-consecutive serial numbers, such as godbus and zbus - broadcast signals can be allowed without having to add TALK permission - fix memory leaks + Internal changes: - Better const-correctness - Fix a shellcheck warning in the tests - add weak dep on p11-kit-server for certificate transfer (boo#1188902) - disable parental controls for now by using '-Dmalcontent=disabled', to work around issues with xdg-desktop-portal Update to version 1.14.10: + Dependencies: In distributions that compile Flatpak to use a separate bubblewrap (bwrap) executable, either version 0.10.0, version 0.6.x ≥ 0.6.3, or a version with a backport of the --bind-fd option is required. These versions add a new feature which is required by the security fix in this release. + Security fixes: Don't follow symbolic links when mounting persistent directories (--persist option). This prevents a sandbox escape where a malicious or compromised app could edit the symlink to point to a directory that the app should not have been allowed to read or write. (bsc#1229157, CVE-2024-42472, GHSA-7hgv-f2j8-xw87) + Documentation: Mark the 1.12.x and 1.10.x branches as end-of-life (#5352) + Version 1.14.9 was not released due to an incompatibility with older versions of GLib. Version 1.14.10 replaces it. Update to version 1.14.8: + No changes. This release is rolling out to correct mismatching submodule versions in the release tarball. Update to version 1.14.7: + New features: Automatically reload D-Bus session bus configuration after installing or upgrading apps, to pick up any exported D-Bus services (#3342) + Bug fixes: - Expand the list of environment variables that Flatpak apps do not inherit from the host system (#5765, #5785) - Don't refuse to start apps when there is no D-Bus system bus available (#5076) - Don't try to repeat migration of apps whose data was migrated to a new name and then deleted (#5668) - Fix warnings from newer GLib versions (#5660) - Always set the container environment variable (#5610) - In flatpak ps, add xdg-desktop-portal-gnome to the list of backends we'll use to learn which apps are running in the background (#5729) - Avoid leaking a temporary variable from /etc/profile.d/flatpak.sh into the shell environment (#5574) - Avoid undefined behaviour of signed left-shift when storing object IDs in a hash table (#5738) - Fix Docbook validity in documentation (#5719) - Skip more tests when FUSE isn't available (#5611) - Fix a misleading comment in the test for CVE-2024-32462 (#5779) + Internal changes: - Fix Github Workflows recipes Update to version 1.14.6: + Security fixes: - Don't allow an executable name to be misinterpreted as a command-line option for bwrap(1). This prevents a sandbox escape where a malicious or compromised app could ask xdg-desktop-portal to generate a .desktop file with access to files outside the sandbox. (CVE-2024-32462, bsc#1223110) + Other bug fixes: - Don't parse <developer><name/></developer> as the application name (#5700) bubblewrap changes: Update to 0.11.0: * New --overlay, --tmp-overlay, --ro-overlay and --overlay-src options allow creation of overlay mounts. This feature is not available when bubblewrap is installed setuid. * New --level-prefix option produces output that can be parsed by tools like logger --prio-prefix and systemd-cat --level-prefix=1 * bug fixes and developer visible changes Update to version v0.10.0: * New features: Add the --[ro-]bind-fd option, which can be used to mount a filesystem represented by a file descriptor without time-of-check/time-of-use attacks. This is needed when resolving security issue in Flatpak. (CVE-2024-42472, bsc#1229157) * Other changes: Fix some confusing syntax in SetupOpFlag (no functional change). Update to v0.9.0: * Build system changed to Meson from Autotools * Add --argv0 https://github.com/containers/bubblewrap/issues/91 * --symlink is now idempotent, meaning it succeeds if the symlink already exists and already has the desired target * Clarify security considerations in documentation * Clarify documentation for --cap-add * Report a better error message if mount(2) fails with ENOSPC * Fix a double-close on error reading from --args, --seccomp or --add-seccomp-fd argument * Improve memory allocation behaviour wayland-protocols was changed: Update to version 1.36: * xdg-dialog: fix missing namespace in protocol name Changes from version 1.35: * cursor-shape-v1: Does not advertises the list of supported cursors * xdg-shell: add missing enum attribute to set_constraint_adjustment * xdg-shell: recommend against drawing decorations when tiled * tablet-v2: mark as stable * staging: add alpha-modifier protocol Update to 1.36: * Fix to the xdg dialog protocol * tablet-v2 protocol is now stable * alpha-modifier: new protocol * Bug fix to the cursor shape documentation * The xdg-shell protocol now also explicitly recommends against drawing decorations outside of the window geometry when tiled Update to 1.34: * xdg-dialog: new protocol * xdg-toplevel-drag: new protocol * Fix typo in ext-foreign-toplevel-list-v1 * tablet-v2: clarify that name/id events are optional * linux-drm-syncobj-v1: new protocol * linux-explicit-synchronization-v1: add linux-drm-syncobj note Update to version 1.33: * xdg-shell: Clarify what a toplevel by default includes * linux-dmabuf: sync changes from unstable to stable * linux-dmabuf: require all planes to use the same modifier * presentation-time: stop referring to Linux/glibc * security-context-v1: Make sandbox engine names use reverse-DNS * xdg-decoration: remove ambiguous wording in configure event * xdg-decoration: fix configure event summary * linux-dmabuf: mark as stable * linux-dmabuf: add note about implicit sync * security-context-v1: Document what can be done with the open sockets * security-context-v1: Document out of band metadata for flatpak - Use gcc11 in SLE15 in order to fix a ppc64le test that was failing when built with gcc7 (boo#1216320) Update to version 1.32: * ext-foreign-toplevel-list: new protocol * cursor-shape-v1: new protocol * security-context-v1: new protocol * xdg-shell: add suspended toplevel state * Apart from these new additions, this release also brings the usual clarifications, cleanups and fixes. Moderate SUSE bug 1188902 SUSE bug 1212476 SUSE bug 1216320 CVE-2024-32462 at SUSE CVE-2024-32462 at NVD CVE-2024-42472 at SUSE CVE-2024-42472 at NVD cpe:/o:opensuse:leap:15.6 Security update for ffmpeg (Important) openSUSE Leap 15.6 This update for ffmpeg fixes the following issues: - CVE-2025-22921: Clear array length when freeing it. (bsc#1237382) - CVE-2025-0518: Fix memory data leak when use sscanf(). (bsc#1236007) - CVE-2025-22919: Check for valid sample rate, to fix the invalid sample rate >= 0. (bsc#1237371) - CVE-2024-12361: Add check for av_packet_new_side_data() to avoid null pointer dereference if allocation fails. (bsc#1237358) - CVE-2024-36613: Adjust order of operations around block align. (bsc#1235092) - CVE-2024-35365: Fix double-free on error. (bsc#1235091) - CVE-2024-35368: Fix double-free on the AVFrame is unreferenced. (bsc#1234028) - CVE-2023-51793: Fix out of array access. (bsc#1223272). - CVE-2023-51793: Fixed a heap buffer overflow in the image_copy_plane function in libavutil/imgutils.c (bsc#1223272). Important SUSE bug 1223272 SUSE bug 1234028 SUSE bug 1235091 SUSE bug 1235092 SUSE bug 1236007 SUSE bug 1237358 SUSE bug 1237371 SUSE bug 1237382 CVE-2023-51793 at SUSE CVE-2023-51793 at NVD CVE-2024-12361 at SUSE CVE-2024-12361 at NVD CVE-2024-35365 at SUSE CVE-2024-35365 at NVD CVE-2024-35368 at SUSE CVE-2024-35368 at NVD CVE-2024-36613 at SUSE CVE-2024-36613 at NVD CVE-2025-0518 at SUSE CVE-2025-0518 at NVD CVE-2025-22919 at SUSE CVE-2025-22919 at NVD CVE-2025-22921 at SUSE CVE-2025-22921 at NVD cpe:/o:opensuse:leap:15.6 Security update for sqlite3 (Moderate) openSUSE Leap 15.6 This update for sqlite3 fixes the following issues: - CVE-2025-29087,CVE-2025-3277: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) Moderate SUSE bug 1241020 SUSE bug 1241078 SUSE bug 1241189 CVE-2025-29087 at SUSE CVE-2025-29087 at NVD CVE-2025-29088 at SUSE CVE-2025-29088 at NVD CVE-2025-3277 at SUSE CVE-2025-3277 at NVD cpe:/o:opensuse:leap:15.6 Security update for rabbitmq-server (Moderate) openSUSE Leap 15.6 This update for rabbitmq-server fixes the following issues: - CVE-2025-30219: Fixed XSS in an error message in Management UI (bsc#1240071) Other fixes: - Disable parallel make, this causes build failures Moderate SUSE bug 1240071 CVE-2025-30219 at SUSE CVE-2025-30219 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-11-openjdk (Important) openSUSE Leap 15.6 This update for java-11-openjdk fixes the following issues: Upgrade to upstream tag jdk-11.0.27+6 (April 2025 CPU) CVEs: + CVE-2025-21587: Fixed JSSE unauthorized access, deletion or modification of critical data (bsc#1241274) + CVE-2025-30691: Fixed Oracle Java SE Compiler Unauthorized Data Access (bsc#1241275) + CVE-2025-30698: Fixed Oracle Java 2D unauthorized data access and DoS (bsc#1241276) Changes: + JDK-8195675: Call to insertText with single character from custom Input Method ignored + JDK-8202926: Test java/awt/Focus/ /WindowUpdateFocusabilityTest/ /WindowUpdateFocusabilityTest.html fails + JDK-8216539: tools/jar/modularJar/Basic.java timed out + JDK-8268364: jmethod clearing should be done during unloading + JDK-8273914: Indy string concat changes order of operations + JDK-8294316: SA core file support is broken on macosx-x64 starting with macOS 12.x + JDK-8306408: Fix the format of several tables in building.md + JDK-8309841: Jarsigner should print a warning if an entry is removed + JDK-8312049: runtime/logging/ClassLoadUnloadTest can be improved + JDK-8320916: jdk/jfr/event/gc/stacktrace/ /TestParallelMarkSweepAllocationPendingStackTrace.java failed with 'OutOfMemoryError: GC overhead limit exceeded' + JDK-8327650: Test java/nio/channels/DatagramChannel/ /StressNativeSignal.java timed out + JDK-8328242: Add a log area to the PassFailJFrame + JDK-8331863: DUIterator_Fast used before it is constructed + JDK-8336012: Fix usages of jtreg-reserved properties + JDK-8337494: Clarify JarInputStream behavior + JDK-8337692: Better TLS connection support + JDK-8338430: Improve compiler transformations + JDK-8339560: Unaddressed comments during code review of JDK-8337664 + JDK-8339810: Clean up the code in sun.tools.jar.Main to properly close resources and use ZipFile during extract + JDK-8339931: Update problem list for WindowUpdateFocusabilityTest.java + JDK-8340387: Update OS detection code to recognize Windows Server 2025 + JDK-8341424: GHA: Collect hs_errs from build time failures + JDK-8342562: Enhance Deflater operations + JDK-8342704: GHA: Report truncation is broken after JDK-8341424 + JDK-8343007: Enhance Buffered Image handling + JDK-8343474: [updates] Customize README.md to specifics of update project + JDK-8343599: Kmem limit and max values swapped when printing container information + JDK-8343786: [11u] GHA: Bump macOS and Xcode versions to macos-13 and XCode 14.3.1 + JDK-8344589: Update IANA Language Subtag Registry to Version 2024-11-19 + JDK-8345509: Bump update version of OpenJDK: 11.0.27 + JDK-8346587: Distrust TLS server certificates anchored by Camerfirma Root CAs + JDK-8347427: JTabbedPane/8134116/Bug8134116.java has no license header + JDK-8347847: Enhance jar file support + JDK-8347965: (tz) Update Timezone Data to 2025a + JDK-8349603: [21u, 17u, 11u] Update GHA JDKs after Jan/25 updates + JDK-8352097: (tz) zone.tab update missed in 2025a backport + JDK-8354087: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.27 Important SUSE bug 1241274 SUSE bug 1241275 SUSE bug 1241276 CVE-2025-21587 at SUSE CVE-2025-21587 at NVD CVE-2025-30691 at SUSE CVE-2025-30691 at NVD CVE-2025-30698 at SUSE CVE-2025-30698 at NVD cpe:/o:opensuse:leap:15.6 Security update for ImageMagick (Moderate) openSUSE Leap 15.6 This update for ImageMagick fixes the following issues: - CVE-2025-43965: mishandling of image depth after SetQuantumFormat is used in MIFF image processing. (bsc#1241659) - CVE-2025-46393: mishandling of packet_size leads to rendering of channels in arbitrary order in multispectral MIFF image processing. (bsc#1241658) Moderate SUSE bug 1241658 SUSE bug 1241659 CVE-2025-43965 at SUSE CVE-2025-43965 at NVD CVE-2025-46393 at SUSE CVE-2025-46393 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Django (Important) openSUSE Leap 15.6 This update for python-Django fixes the following issues: - CVE-2024-56374: Fixed lack of upper bound limit enforcement in strings when performing IPv6 validation that could lead to denial of service (bsc#1235856) Important SUSE bug 1235856 CVE-2024-56374 at SUSE CVE-2024-56374 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-17-openjdk (Important) openSUSE Leap 15.6 This update for java-17-openjdk fixes the following issues: Update to upstream tag jdk-17.0.15+6 (April 2025 CPU) CVEs: + CVE-2025-21587: Fixed JSSE unauthorized access, deletion or modification of critical data (bsc#1241274) + CVE-2025-30691: Fixed Oracle Java SE Compiler Unauthorized Data Access (bsc#1241275) + CVE-2025-30698: Fixed Oracle Java 2D unauthorized data access and DoS (bsc#1241276) Changes: + JDK-6355567: AdobeMarkerSegment causes failure to read valid JPEG + JDK-8065099: [macos] javax/swing/PopupFactory/6276087/ /NonOpaquePopupMenuTest.java fails: no background shine through + JDK-8179502: Enhance OCSP, CRL and Certificate Fetch Timeouts + JDK-8198237: [macos] Test java/awt/Frame/ /ExceptionOnSetExtendedStateTest/ /ExceptionOnSetExtendedStateTest.java fails + JDK-8198666: Many java/awt/Modal/OnTop/ test fails on mac + JDK-8208565: [TEST_BUG] javax/swing/PopupFactory/6276087/ /NonOpaquePopupMenuTest.java throws NPE + JDK-8226933: [TEST_BUG]GTK L&F: There is no swatches or RGB tab in JColorChooser + JDK-8226938: [TEST_BUG]GTK L&F: There is no Details button in FileChooser Dialog + JDK-8266435: WBMPImageReader.read() should not truncate the input stream + JDK-8267893: Improve jtreg test failure handler do get native/mixed stack traces for cores and live processes + JDK-8270961: [TESTBUG] Move GotWrongOOMEException into vm.share.gc package + JDK-8274893: Update java.desktop classes to use try-with-resources + JDK-8276202: LogFileOutput.invalid_file_vm asserts when being executed from a read only working directory + JDK-8277240: java/awt/Graphics2D/ScaledTransform/ /ScaledTransform.java dialog does not get disposed + JDK-8281234: The -protected option is not always checked in keytool and jarsigner + JDK-8282314: nsk/jvmti/SuspendThread/suspendthrd003 may leak memory + JDK-8283387: [macos] a11y : Screen magnifier does not show selected Tab + JDK-8283404: [macos] a11y : Screen magnifier does not show JMenu name + JDK-8283664: Remove jtreg tag manual=yesno for java/awt/print/PrinterJob/PrintTextTest.java + JDK-8286779: javax.crypto.CryptoPolicyParser#isConsistent always returns 'true' + JDK-8286875: ProgrammableUpcallHandler::on_entry/on_exit access thread fields from native + JDK-8290400: Must run exe installers in jpackage jtreg tests without UI + JDK-8292588: [macos] Multiscreen/MultiScreenLocationTest/ /MultiScreenLocationTest.java: Robot.mouseMove test failed on Screen #0 + JDK-8292704: sun/security/tools/jarsigner/compatibility/ /Compatibility.java use wrong key size for EC + JDK-8292848: AWT_Mixing and TrayIcon tests fail on el8 with hard-coded isOel7 + JDK-8293345: SunPKCS11 provider checks on PKCS11 Mechanism are problematic + JDK-8293412: Remove unnecessary java.security.egd overrides + JDK-8294067: [macOS] javax/swing/JComboBox/6559152/ /bug6559152.java Cannot select an item from popup with the ENTER key. + JDK-8294316: SA core file support is broken on macosx-x64 starting with macOS 12.x + JDK-8295087: Manual Test to Automated Test Conversion + JDK-8295176: some langtools test pollutes source tree + JDK-8296591: Signature benchmark + JDK-8296818: Enhance JMH tests java/security/Signatures.java + JDK-8299077: [REDO] JDK-4512626 Non-editable JTextArea provides no visual indication of keyboard focus + JDK-8299127: [REDO] JDK-8194048 Regression automated test '/open/test/jdk/javax/swing/text/DefaultCaret/HidingSelection/ /HidingSelectionTest.java' fails + JDK-8299128: [REDO] JDK-8213562 Test javax/swing/text/ /DefaultCaret/HidingSelection/MultiSelectionTest.java fails + JDK-8299739: HashedPasswordFileTest.java and ExceptionTest.java can fail with java.lang.NullPointerException + JDK-8299994: java/security/Policy/Root/Root.java fails when home directory is read-only + JDK-8301989: new javax.swing.text.DefaultCaret().setBlinkRate(N) results in NPE + JDK-8302111: Serialization considerations + JDK-8305853: java/text/Format/DateFormat/ /DateFormatRegression.java fails with 'Uncaught exception thrown in test method Test4089106' + JDK-8306711: Improve diagnosis of `IntlTest` framework + JDK-8308341: JNI_GetCreatedJavaVMs returns a partially initialized JVM + JDK-8309171: Test vmTestbase/nsk/jvmti/scenarios/ /jni_interception/JI05/ji05t001/TestDescription.java fails after JDK-8308341 + JDK-8309231: ProblemList vmTestbase/nsk/jvmti/scenarios/ /jni_interception/JI05/ji05t001/TestDescription.java + JDK-8309740: Expand timeout windows for tests in JDK-8179502 + JDK-8309841: Jarsigner should print a warning if an entry is removed + JDK-8310234: Refactor Locale tests to use JUnit + JDK-8310629: java/security/cert/CertPathValidator/OCSP/ /OCSPTimeout.java fails with RuntimeException: Server not ready + JDK-8311306: Test com/sun/management/ThreadMXBean/ /ThreadCpuTimeArray.java failed: out of expected range + JDK-8311546: Certificate name constraints improperly validated with leading period + JDK-8311663: Additional refactoring of Locale tests to JUnit + JDK-8312416: Tests in Locale should have more descriptive names + JDK-8312518: [macos13] setFullScreenWindow() shows black screen on macOS 13 & above + JDK-8313633: [macOS] java/awt/dnd/NextDropActionTest/ /NextDropActionTest.java fails with java.lang.RuntimeException: wrong next drop action! + JDK-8313710: jcmd: typo in the documentation of JFR.start and JFR.dump + JDK-8314225: SIGSEGV in JavaThread::is_lock_owned + JDK-8314610: hotspot can't compile with the latest of gtest because of <iomanip> + JDK-8314752: Use google test string comparison macros + JDK-8314909: tools/jpackage/windows/Win8282351Test.java fails with java.lang.AssertionError: Expected [0]. Actual [1618]: + JDK-8314975: JavadocTester should set source path if not specified + JDK-8315486: vmTestbase/nsk/jdwp/ThreadReference/ /ForceEarlyReturn/forceEarlyReturn002/forceEarlyReturn002.java timed out + JDK-8315825: Open some swing tests + JDK-8315882: Open some swing tests 2 + JDK-8315883: Open source several Swing JToolbar tests + JDK-8315952: Open source several Swing JToolbar JTooltip JTree tests + JDK-8316056: Open source several Swing JTree tests + JDK-8316146: Open some swing tests 4 + JDK-8316149: Open source several Swing JTree JViewport KeyboardManager tests + JDK-8316218: Open some swing tests 5 + JDK-8316371: Open some swing tests 6 + JDK-8316559: Refactor some util/Calendar tests to JUnit + JDK-8316627: JViewport Test headless failure + JDK-8316696: Remove the testing base classes: IntlTest and CollatorTest + JDK-8317631: Refactor ChoiceFormat tests to use JUnit + JDK-8317636: Improve heap walking API tests to verify correctness of field indexes + JDK-8318442: java/net/httpclient/ManyRequests2.java fails intermittently on Linux + JDK-8319567: Update java/lang/invoke tests to support vm flags + JDK-8319568: Update java/lang/reflect/exeCallerAccessTest/ /CallerAccessTest.java to accept vm flags + JDK-8319569: Several java/util tests should be updated to accept VM flags + JDK-8319647: Few java/lang/System/LoggerFinder/modules tests ignore vm flags + JDK-8319648: java/lang/SecurityManager tests ignore vm flags + JDK-8319672: Several classloader tests ignore VM flags + JDK-8319673: Few security tests ignore VM flags + JDK-8319676: A couple of jdk/modules/incubator/ tests ignore VM flags + JDK-8319677: Test jdk/internal/misc/VM/RuntimeArguments.java should be marked as flagless + JDK-8319818: Address GCC 13.2.0 warnings (stringop-overflow and dangling-pointer) + JDK-8320372: test/jdk/sun/security/x509/DNSName/ /LeadingPeriod.java validity check failed + JDK-8320676: Manual printer tests have no Pass/Fail buttons, instructions close set 1 + JDK-8320691: Timeout handler on Windows takes 2 hours to complete + JDK-8320714: java/util/Locale/LocaleProvidersRun.java and java/util/ResourceBundle/modules/visibility/ /VisibilityTest.java timeout after passing + JDK-8320916: jdk/jfr/event/gc/stacktrace/ /TestParallelMarkSweepAllocationPendingStackTrace.java failed with 'OutOfMemoryError: GC overhead limit exceeded' + JDK-8321818: vmTestbase/nsk/stress/strace/strace015.java failed with 'Cannot read the array length because '<local4>' is null' + JDK-8323196: jdk/jfr/api/consumer/filestream/TestOrdered.java failed with 'Events are not ordered! Reuse = false' + JDK-8324672: Update jdk/java/time/tck/java/time/TCKInstant.java now() to be more robust + JDK-8324807: Manual printer tests have no Pass/Fail buttons, instructions close set 2 + JDK-8325024: java/security/cert/CertPathValidator/OCSP( /OCSPTimeout.java incorrect comment information + JDK-8325042: Remove unused JVMDITools test files + JDK-8325529: Remove unused imports from `ModuleGenerator` test file + JDK-8325659: Normalize Random usage by incubator vector tests + JDK-8325906: Problemlist vmTestbase/vm/mlvm/meth/stress/ /compiler/deoptimize/Test.java#id1 until JDK-8320865 is fixed + JDK-8325908: Finish removal of IntlTest and CollatorTest + JDK-8325937: runtime/handshake/HandshakeDirectTest.java causes 'monitor end should be strictly below the frame pointer' assertion failure on AArch64 + JDK-8326421: Add jtreg test for large arrayCopy disjoint case. + JDK-8326525: com/sun/tools/attach/BasicTests.java does not verify AgentLoadException case + JDK-8327098: GTest needs larger combination limit + JDK-8327476: Upgrade JLine to 3.26.1 + JDK-8327505: Test com/sun/jmx/remote/ /NotificationMarshalVersions/TestSerializationMismatch.java fails + JDK-8327857: Remove applet usage from JColorChooser tests Test4222508 + JDK-8327859: Remove applet usage from JColorChooser tests Test4319113 + JDK-8327986: ASAN reports use-after-free in DirectivesParserTest.empty_object_vm + JDK-8328005: Convert java/awt/im/JTextFieldTest.java applet test to main + JDK-8328085: C2: Use after free in PhaseChaitin::Register_Allocate() + JDK-8328121: Remove applet usage from JColorChooser tests Test4759306 + JDK-8328130: Remove applet usage from JColorChooser tests Test4759934 + JDK-8328185: Convert java/awt/image/MemoryLeakTest/ /MemoryLeakTest.java applet test to main + JDK-8328227: Remove applet usage from JColorChooser tests Test4887836 + JDK-8328368: Convert java/awt/image/multiresolution/ /MultiDisplayTest/MultiDisplayTest.java applet test to main + JDK-8328370: Convert java/awt/print/Dialog/PrintApplet.java applet test to main + JDK-8328380: Remove applet usage from JColorChooser tests Test6348456 + JDK-8328387: Convert java/awt/Frame/FrameStateTest/ /FrameStateTest.html applet test to main + JDK-8328403: Remove applet usage from JColorChooser tests Test6977726 + JDK-8328553: Get rid of JApplet in test/jdk/sanity/client/lib/SwingSet2/src/DemoModule.java + JDK-8328558: Convert javax/swing/JCheckBox/8032667/ /bug8032667.java applet test to main + JDK-8328717: Convert javax/swing/JColorChooser/8065098/ /bug8065098.java applet test to main + JDK-8328719: Convert java/awt/print/PageFormat/SetOrient.html applet test to main + JDK-8328730: Convert java/awt/print/bug8023392/bug8023392.html applet test to main + JDK-8328753: Open source few Undecorated Frame tests + JDK-8328819: Remove applet usage from JFileChooser tests bug6698013 + JDK-8328827: Convert java/awt/print/PrinterJob/ /PrinterDialogsModalityTest/PrinterDialogsModalityTest.html applet test to main + JDK-8329210: Delete Redundant Printer Dialog Modality Test + JDK-8329320: Simplify awt/print/PageFormat/NullPaper.java test + JDK-8329322: Convert PageFormat/Orient.java to use PassFailJFrame + JDK-8329692: Add more details to FrameStateTest.java test instructions + JDK-8330702: Update failure handler to don't generate Error message if cores actions are empty + JDK-8331153: JFR: Improve logging of jdk/jfr/api/consumer/filestream/TestOrdered.java + JDK-8331735: UpcallLinker::on_exit races with GC when copying frame anchor + JDK-8331959: Update PKCS#11 Cryptographic Token Interface to v3.1 + JDK-8332158: [XWayland] test/jdk/java/awt/Mouse/ /EnterExitEvents/ResizingFrameTest.java + JDK-8332917: failure_handler should execute gdb 'info threads' command on linux + JDK-8333360: PrintNullString.java doesn't use float arguments + JDK-8333391: Test com/sun/jdi/InterruptHangTest.java failed: Thread was never interrupted during sleep + JDK-8333403: Write a test to check various components events are triggered properly + JDK-8333427: langtools/tools/javac/newlines/NewLineTest.java is failing on Japanese Windows + JDK-8334305: Remove all code for nsk.share.Log verbose mode + JDK-8334490: Normalize string with locale invariant `toLowerCase()` + JDK-8334777: Test javax/management/remote/mandatory/notif/ /NotifReconnectDeadlockTest.java failed with NullPointerException + JDK-8335150: Test LogGeneratedClassesTest.java fails on rpmbuild mock enviroment + JDK-8335172: Add manual steps to run security/auth/callback/ /TextCallbackHandler/Password.java test + JDK-8335789: [TESTBUG] XparColor.java test fails with Error. Parse Exception: Invalid or unrecognized bugid: @ + JDK-8336012: Fix usages of jtreg-reserved properties + JDK-8336498: [macos] [build]: install-file macro may run into permission denied error + JDK-8336692: Redo fix for JDK-8284620 + JDK-8336942: Improve test coverage for class loading elements with annotations of different retentions + JDK-8337222: gc/TestDisableExplicitGC.java fails due to unexpected CodeCache GC + JDK-8337494: Clarify JarInputStream behavior + JDK-8337692: Better TLS connection support + JDK-8337826: Improve logging in OCSPTimeout and SimpleOCSPResponder to help diagnose JDK-8309754 + JDK-8337886: java/awt/Frame/MaximizeUndecoratedTest.java fails in OEL due to a slight color difference + JDK-8337951: Test sun/security/validator/samedn.sh CertificateNotYetValidException: NotBefore validation + JDK-8338100: C2: assert(!n_loop->is_member(get_loop(lca))) failed: control must not be back in the loop + JDK-8338426: Test java/nio/channels/Selector/WakeupNow.java failed + JDK-8338430: Improve compiler transformations + JDK-8338571: [TestBug] DefaultCloseOperation.java test not working as expected wrt instruction after JDK-8325851 fix + JDK-8338595: Add more linesize for MIME decoder in macro bench test Base64Decode + JDK-8338668: Test javax/swing/JFileChooser/8080628/ /bug8080628.java doesn't test for GTK L&F + JDK-8339154: Cleanups and JUnit conversion of test/jdk/java/util/zip/Available.java + JDK-8339261: Logs truncated in test javax/net/ssl/DTLS/DTLSRehandshakeTest.java + JDK-8339356: Test javax/net/ssl/SSLSocket/Tls13PacketSize.java failed with java.net.SocketException: An established connection was aborted by the software in your host machine + JDK-8339524: Clean up a few ExtendedRobot tests + JDK-8339687: Rearrange reachabilityFence()s in jdk.test.lib.util.ForceGC + JDK-8339728: [Accessibility,Windows,JAWS] Bug in the getKeyChar method of the AccessBridge class + JDK-8339810: Clean up the code in sun.tools.jar.Main to properly close resources and use ZipFile during extract + JDK-8339883: Open source several AWT/2D related tests + JDK-8339902: Open source couple TextField related tests + JDK-8339943: Frame not disposed in java/awt/dnd/DropActionChangeTest.java + JDK-8340078: Open source several 2D tests + JDK-8340116: test/jdk/sun/security/tools/jarsigner/ /PreserveRawManifestEntryAndDigest.java can fail due to regex + JDK-8340411: open source several 2D imaging tests + JDK-8340480: Bad copyright notices in changes from JDK-8339902 + JDK-8340687: Open source closed frame tests #1 + JDK-8340719: Open source AWT List tests + JDK-8340969: jdk/jfr/startupargs/TestStartDuration.java should be marked as flagless + JDK-8341037: Use standard layouts in DefaultFrameIconTest.java and MenuCrash.java + JDK-8341111: open source several AWT tests including menu shortcut tests + JDK-8341316: [macos] javax/swing/ProgressMonitor/ /ProgressMonitorEscapeKeyPress.java fails sometimes in macos + JDK-8341412: Various test failures after JDK-8334305 + JDK-8341424: GHA: Collect hs_errs from build time failures + JDK-8341453: java/awt/a11y/AccessibleJTableTest.java fails in some cases where the test tables are not visible + JDK-8341722: Fix some warnings as errors when building on Linux with toolchain clang + JDK-8341881: [REDO] java/nio/file/attribute/ /BasicFileAttributeView/CreationTime.java#tmp fails on alinux3 + JDK-8341978: Improve JButton/bug4490179.java + JDK-8341982: Simplify JButton/bug4323121.java + JDK-8342098: Write a test to compare the images + JDK-8342145: File libCreationTimeHelper.c compile fails on Alpine + JDK-8342270: Test sun/security/pkcs11/Provider/ /RequiredMechCheck.java needs write access to src tree + JDK-8342498: Add test for Allocation elimination after use as alignment reference by SuperWord + JDK-8342508: Use latch in BasicMenuUI/bug4983388.java instead of delay + JDK-8342541: Exclude List/KeyEventsTest/KeyEventsTest.java from running on macOS + JDK-8342562: Enhance Deflater operations + JDK-8342602: Remove JButton/PressedButtonRightClickTest test + JDK-8342607: Enhance register printing on x86_64 platforms + JDK-8342609: jpackage test helper function incorrectly removes a directory instead of its contents only + JDK-8342634: javax/imageio/plugins/wbmp/ /WBMPStreamTruncateTest.java creates temp file in src dir + JDK-8342635: javax/swing/JFileChooser/FileSystemView/ /WindowsDefaultIconSizeTest.java creates tmp file in src dir + JDK-8342704: GHA: Report truncation is broken after JDK-8341424 + JDK-8342811: java/net/httpclient/PlainProxyConnectionTest.java failed: Unexpected connection count: 5 + JDK-8342858: Make target mac-jdk-bundle fails on chmod command + JDK-8342988: GHA: Build JTReg in single step + JDK-8343007: Enhance Buffered Image handling + JDK-8343100: Consolidate EmptyFolderTest and EmptyFolderPackageTest jpackage tests into single java file + JDK-8343101: Rework BasicTest.testTemp test cases + JDK-8343118: [TESTBUG] java/awt/PrintJob/PrintCheckboxTest/ /PrintCheckboxManualTest.java fails with Error. Can't find HTML file PrintCheckboxManualTest.html + JDK-8343128: PassFailJFrame.java test result: Error. Bad action for script: build} + JDK-8343129: Disable unstable check of ThreadsListHandle.sanity_vm ThreadList values + JDK-8343178: Test BasicTest.java javac compile fails cannot find symbol + JDK-8343378: Exceptions in javax/management DeadLockTest.java do not cause test failure + JDK-8343491: javax/management/remote/mandatory/connection/ /DeadLockTest.java failing with NoSuchObjectException: no such object in table + JDK-8343599: Kmem limit and max values swapped when printing container information + JDK-8343724: [PPC64] Disallow OptoScheduling + JDK-8343882: BasicAnnoTests doesn't handle multiple annotations at the same position + JDK-8344581: [TESTBUG] java/awt/Robot/ /ScreenCaptureRobotTest.java failing on macOS + JDK-8344589: Update IANA Language Subtag Registry to Version 2024-11-19 + JDK-8344646: The libjsig deprecation warning should go to stderr not stdout + JDK-8345296: AArch64: VM crashes with SIGILL when prctl is disallowed + JDK-8345368: java/io/File/createTempFile/SpecialTempFile.java fails on Windows Server 2025 + JDK-8345371: Bump update version for OpenJDK: jdk-17.0.15 + JDK-8345375: Improve debuggability of test/jdk/java/net/Socket/CloseAvailable.java + JDK-8345414: Google CAInterop test failures + JDK-8345468: test/jdk/javax/swing/JScrollBar/4865918/ /bug4865918.java fails in ubuntu22.04 + JDK-8346055: javax/swing/text/StyledEditorKit/4506788/ /bug4506788.java fails in ubuntu22.04 + JDK-8346324: javax/swing/JScrollBar/4865918/bug4865918.java fails in CI + JDK-8346587: Distrust TLS server certificates anchored by Camerfirma Root CAs + JDK-8346671: java/nio/file/Files/probeContentType/Basic.java fails on Windows 2025 + JDK-8346828: javax/swing/JScrollBar/4865918/bug4865918.java still fails in CI + JDK-8346887: DrawFocusRect() may cause an assertion failure + JDK-8346908: Update JDK 17 javadoc man page + JDK-8346972: Test java/nio/channels/FileChannel/ /LoopingTruncate.java fails sometimes with IOException: There is not enough space on the disk + JDK-8347424: Fix and rewrite sun/security/x509/DNSName/LeadingPeriod.java test + JDK-8347427: JTabbedPane/8134116/Bug8134116.java has no license header + JDK-8347740: java/io/File/createTempFile/SpecialTempFile.java failing + JDK-8347847: Enhance jar file support + JDK-8347965: (tz) Update Timezone Data to 2025a + JDK-8348625: [21u, 17u] Revert JDK-8185862 to restore old java.awt.headless behavior on Windows + JDK-8348675: TrayIcon tests fail in Ubuntu 24.10 Wayland + JDK-8349603: [21u, 17u, 11u] Update GHA JDKs after Jan/25 updates + JDK-8352097: (tz) zone.tab update missed in 2025a backport + JDK-8353905: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.15 Important SUSE bug 1241274 SUSE bug 1241275 SUSE bug 1241276 CVE-2025-21587 at SUSE CVE-2025-21587 at NVD CVE-2025-30691 at SUSE CVE-2025-30691 at NVD CVE-2025-30698 at SUSE CVE-2025-30698 at NVD cpe:/o:opensuse:leap:15.6 Security update for rubygem-rack-1_6 (Moderate) openSUSE Leap 15.6 This update for rubygem-rack-1_6 fixes the following issues: - CVE-2025-27111: Fixed Escape Sequence Injection vulnerability (bsc#1238607) Moderate SUSE bug 1238607 CVE-2025-27111 at SUSE CVE-2025-27111 at NVD cpe:/o:opensuse:leap:15.6 Security update for opensaml (Moderate) openSUSE Leap 15.6 This update for opensaml fixes the following issues: - CVE-2025-31335: Fixed a bug where parameter manipulation allows the forging of signed SAML messages. (bsc#1239889) Moderate SUSE bug 1239889 CVE-2025-31335 at SUSE CVE-2025-31335 at NVD cpe:/o:opensuse:leap:15.6 Security update for libsoup2 (Important) openSUSE Leap 15.6 This update for libsoup2 fixes the following issues: - CVE-2025-2784: Fixed heap buffer over-read in `skip_insignificant_space` when sniffing conten (bsc#1240750) - CVE-2025-32050: Fixed integer overflow in append_param_quoted (bsc#1240752) - CVE-2025-32052: Fixed heap buffer overflow in sniff_unknown() (bsc#1240756) - CVE-2025-32053: Fixed heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() (bsc#1240757) - CVE-2025-32907: Fixed excessive memory consumption in server when client requests a large amount of overlapping ranges in a single HTTP request (bsc#1241222) - CVE-2025-32914: Fixed out of bounds read in `soup_multipart_new_from_message()` (bsc#1241164) - CVE-2025-46420: Fixed memory leak on soup_header_parse_quality_list() via soup-headers.c (bsc#1241686) - CVE-2025-46421: Fixed HTTP Authorization Header leak via an HTTP redirect (bsc#1241688) Important SUSE bug 1240750 SUSE bug 1240752 SUSE bug 1240756 SUSE bug 1240757 SUSE bug 1241164 SUSE bug 1241222 SUSE bug 1241686 SUSE bug 1241688 CVE-2025-2784 at SUSE CVE-2025-2784 at NVD CVE-2025-32050 at SUSE CVE-2025-32050 at NVD CVE-2025-32052 at SUSE CVE-2025-32052 at NVD CVE-2025-32053 at SUSE CVE-2025-32053 at NVD CVE-2025-32907 at SUSE CVE-2025-32907 at NVD CVE-2025-32914 at SUSE CVE-2025-32914 at NVD CVE-2025-46420 at SUSE CVE-2025-46420 at NVD CVE-2025-46421 at SUSE CVE-2025-46421 at NVD cpe:/o:opensuse:leap:15.6 Security update for libsoup (Important) openSUSE Leap 15.6 This update for libsoup fixes the following issues: - CVE-2025-2784: Fixed heap buffer over-read in `skip_insignificant_space` when sniffing conten (bsc#1240750) - CVE-2025-32050: Fixed integer overflow in append_param_quoted (bsc#1240752) - CVE-2025-32051: Fixed segmentation fault when parsing malformed data URI (bsc#1240754) - CVE-2025-32052: Fixed heap buffer overflow in sniff_unknown() (bsc#1240756) - CVE-2025-32053: Fixed heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() (bsc#1240757) - CVE-2025-32906: Fixed out of bounds reads in soup_headers_parse_request() (bsc#1241263) - CVE-2025-32907: Fixed excessive memory consumption in server when client requests a large amount of overlapping ranges in a single HTTP request (bsc#1241222) - CVE-2025-32908: Fixed HTTP request may lead to server crash due to HTTP/2 server not fully validating the values of pseudo-headers (bsc#1241223) - CVE-2025-32909: Fixed NULL pointer dereference in the sniff_mp4 function in soup-content-sniffer.c (bsc#1241226) - CVE-2025-32910: Fixed NULL pointer deference on client when server omits the realm parameter in an Unauthorized response with Digest authentication (bsc#1241252) - CVE-2025-32911: Fixed double free on soup_message_headers_get_content_disposition() via 'params' (bsc#1241238) - CVE-2025-32912: Fixed NULL pointer dereference in SoupAuthDigest (bsc#1241214) - CVE-2025-32913: Fixed NULL pointer dereference in soup_message_headers_get_content_disposition (bsc#1241162) - CVE-2025-32914: Fixed out of bounds read in `soup_multipart_new_from_message()` (bsc#1241164) - CVE-2025-46420: Fixed memory leak on soup_header_parse_quality_list() via soup-headers.c (bsc#1241686) - CVE-2025-46421: Fixed HTTP Authorization Header leak via an HTTP redirect (bsc#1241688) Important SUSE bug 1240750 SUSE bug 1240752 SUSE bug 1240754 SUSE bug 1240756 SUSE bug 1240757 SUSE bug 1241162 SUSE bug 1241164 SUSE bug 1241214 SUSE bug 1241222 SUSE bug 1241223 SUSE bug 1241226 SUSE bug 1241238 SUSE bug 1241252 SUSE bug 1241263 SUSE bug 1241686 SUSE bug 1241688 CVE-2025-2784 at SUSE CVE-2025-2784 at NVD CVE-2025-32050 at SUSE CVE-2025-32050 at NVD CVE-2025-32051 at SUSE CVE-2025-32051 at NVD CVE-2025-32052 at SUSE CVE-2025-32052 at NVD CVE-2025-32053 at SUSE CVE-2025-32053 at NVD CVE-2025-32906 at SUSE CVE-2025-32906 at NVD CVE-2025-32907 at SUSE CVE-2025-32907 at NVD CVE-2025-32908 at SUSE CVE-2025-32908 at NVD CVE-2025-32909 at SUSE CVE-2025-32909 at NVD CVE-2025-32910 at SUSE CVE-2025-32910 at NVD CVE-2025-32911 at SUSE CVE-2025-32911 at NVD CVE-2025-32912 at SUSE CVE-2025-32912 at NVD CVE-2025-32913 at SUSE CVE-2025-32913 at NVD CVE-2025-32914 at SUSE CVE-2025-32914 at NVD CVE-2025-46420 at SUSE CVE-2025-46420 at NVD CVE-2025-46421 at SUSE CVE-2025-46421 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaThunderbird (Important) openSUSE Leap 15.6 This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird ESR 128.10 update (bsc#1241621): - CVE-2025-4082: WebGL shader attribute memory corruption in Thunderbird for macOS. - CVE-2025-4087: Unsafe attribute access during XPath parsing. - CVE-2025-4093: Memory safety bug fixed in Firefox ESR 128.10 and Thunderbird. - CVE-2025-4091: Memory safety bugs fixed in Firefox 138, Thunderbird 138, Firefox ESR 128.10, and Thunderbird 128.10. - CVE-2025-4083: Process isolation bypass using 'javascript:' URI links in cross-origin frames. - CVE-2025-4084: Potential local code execution in 'copy as cURL' command. - CVE-2025-2817: Privilege escalation in Thunderbird Updater. Important SUSE bug 1241621 CVE-2025-2817 at SUSE CVE-2025-2817 at NVD CVE-2025-4082 at SUSE CVE-2025-4082 at NVD CVE-2025-4083 at SUSE CVE-2025-4083 at NVD CVE-2025-4084 at SUSE CVE-2025-4084 at NVD CVE-2025-4087 at SUSE CVE-2025-4087 at NVD CVE-2025-4091 at SUSE CVE-2025-4091 at NVD CVE-2025-4093 at SUSE CVE-2025-4093 at NVD cpe:/o:opensuse:leap:15.6 Security update for openvpn (Moderate) openSUSE Leap 15.6 This update for openvpn fixes the following issues: - CVE-2025-2704: Fixed remote DoS due to possible ASSERT() on OpenVPN servers using --tls-crypt-v2 (bsc#1240392) Moderate SUSE bug 1240392 CVE-2025-2704 at SUSE CVE-2025-2704 at NVD cpe:/o:opensuse:leap:15.6 Security update for apparmor (Moderate) openSUSE Leap 15.6 This update for apparmor fixes the following issues: - Add dac_read_search capability for unix_chkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. (bsc#1241678) Moderate SUSE bug 1241678 CVE-2024-10041 at SUSE CVE-2024-10041 at NVD cpe:/o:opensuse:leap:15.6 Security update for tomcat (Important) openSUSE Leap 15.6 This update for tomcat fixes the following issues: Update to Tomcat 9.0.104 - CVE-2025-31650: invalid priority field values should be ignored (bsc#1242008) - CVE-2025-31651: Better handling of URLs with literal ';' and '?' (bsc#1242009) Full changelog: https://tomcat.apache.org/tomcat-9.0-doc/changelog.htm Important SUSE bug 1242008 SUSE bug 1242009 CVE-2025-31650 at SUSE CVE-2025-31650 at NVD CVE-2025-31651 at SUSE CVE-2025-31651 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Django (Moderate) openSUSE Leap 15.6 This update for python-Django fixes the following issues: - CVE-2025-32873: Fixed denial-of-service possibility in `strip_tags()` (bsc#1242210) Moderate SUSE bug 1242210 CVE-2025-32873 at SUSE CVE-2025-32873 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-1_8_0-openjdk (Important) openSUSE Leap 15.6 This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u452 (icedtea-3.35.0) Security issues fixed: - CVE-2025-21587: unauthorized creation, deletion or modification of critical data through the JSSE component. (bsc#1241274) - CVE-2025-30691: unauthorized update, insert or delete access to a subset of Oracle Java SE data through the Compiler component. (bsc#1241275) - CVE-2025-30698: unauthorized access to Oracle Java SE data and unauthorized ability to cause partial DoS through the 2D component. (bsc#1241276) Non-security issues fixed: - JDK-8212096: javax/net/ssl/ServerName/SSLEngineExplorerMatchedSNI.java failed intermittently due to SSLException: Tag mismatch. - JDK-8261020: wrong format parameter in create_emergency_chunk_path. - JDK-8266881: enable debug log for SSLEngineExplorerMatchedSNI.java. - JDK-8268457: XML Transformer outputs Unicode supplementary character incorrectly to HTML. - JDK-8309841: Jarsigner should print a warning if an entry is removed. - JDK-8337494: clarify JarInputStream behavior. - JDK-8339637: (tz) update Timezone Data to 2024b. - JDK-8339644: improve parsing of Day/Month in tzdata rules - JDK-8339810: clean up the code in sun.tools.jar.Main to properly close resources and use ZipFile during extract. - JDK-8340552: harden TzdbZoneRulesCompiler against missing zone names. - JDK-8342562: enhance Deflater operations. - JDK-8346587: distrust TLS server certificates anchored by Camerfirma Root CAs. - JDK-8347847: enhance jar file support. - JDK-8347965: (tz) update Timezone Data to 2025a. - JDK-8348211: [8u] sun/management/jmxremote/startstop/JMXStartStopTest.java fails after backport of JDK-8066708. - JDK-8350816: [8u] update TzdbZoneRulesCompiler to ignore HST/EST/MST links. - JDK-8352097: (tz) zone.tab update missed in 2025a backport. - JDK-8353433: XCG currency code not recognized in JDK 8u. Important SUSE bug 1241274 SUSE bug 1241275 SUSE bug 1241276 CVE-2025-21587 at SUSE CVE-2025-21587 at NVD CVE-2025-30691 at SUSE CVE-2025-30691 at NVD CVE-2025-30698 at SUSE CVE-2025-30698 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820). - CVE-2024-27397: netfilter: nf_tables: use timestamp to check for set element timeout (bsc#1224095). - CVE-2024-35839: kABI fix for netfilter: bridge: replace physindev with physinif in nf_bridge_info (bsc#1224726). - CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526). - CVE-2024-44934: net: bridge: mcast: wait for previous gc cycles when removing port (bsc#1229809). - CVE-2024-44996: vsock: fix recursive ->recvmsg calls (bsc#1230205). - CVE-2024-47678: icmp: change the order of rate limits (bsc#1231854). - CVE-2024-50018: net: napi: Prevent overflow of napi_defer_hard_irqs (bsc#1232419). - CVE-2024-50039: kABI: Restore deleted EXPORT_SYMBOL(__qdisc_calculate_pkt_len) (bsc#1231909). - CVE-2024-50143: udf: fix uninit-value use in udf_get_fileshortad (bsc#1233038). - CVE-2024-50202: nilfs2: propagate directory read errors from nilfs_find_entry() (bsc#1233324). - CVE-2024-50256: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (bsc#1233200). - CVE-2024-50262: bpf: Fix out-of-bounds write in trie_get_next_key() (bsc#1233239). - CVE-2024-50278, CVE-2024-50280: dm cache: fix flushing uninitialized delayed_work on cache_ctr error (bsc#1233467 bsc#1233469). - CVE-2024-50278: dm cache: fix potential out-of-bounds access on the first resume (bsc#1233467). - CVE-2024-53050: drm/i915/hdcp: Add encoder check in hdcp2_get_capability (bsc#1233546). - CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558 bsc#1234464). - CVE-2024-53090: afs: Fix lock recursion (bsc#1233637). - CVE-2024-53099: bpf: Check validity of link->type in bpf_link_show_fdinfo() (bsc#1233772). - CVE-2024-53105: mm: page_alloc: move mlocked flag clearance into free_pages_prepare() (bsc#1234069). - CVE-2024-53111: mm/mremap: fix address wraparound in move_page_tables() (bsc#1234086). - CVE-2024-53113: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (bsc#1234077). - CVE-2024-53117: virtio/vsock: Improve MSG_ZEROCOPY error handling (bsc#1234079). - CVE-2024-53118: vsock: Fix sk_error_queue memory leak (bsc#1234071). - CVE-2024-53119: virtio/vsock: Fix accept_queue memory leak (bsc#1234073). - CVE-2024-53122: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (bsc#1234076). - CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156). - CVE-2024-53130: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (bsc#1234219). - CVE-2024-53131: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (bsc#1234220). - CVE-2024-53133: drm/amd/display: Handle dml allocation failure to avoid crash (bsc#1234221) - CVE-2024-53134: pmdomain: imx93-blk-ctrl: correct remove path (bsc#1234159). - CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381). - CVE-2024-53160: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu (bsc#1234810). - CVE-2024-53161: EDAC/bluefield: Fix potential integer overflow (bsc#1234856). - CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921). - CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004). - CVE-2024-53216: nfsd: fix UAF when access ex_uuid or ex_stats (bsc#1235003). - CVE-2024-53222: zram: fix NULL pointer in comp_algorithm_show() (bsc#1234974). - CVE-2024-53234: erofs: handle NONHEAD !delta[1] lclusters gracefully (bsc#1235045). - CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281). - CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282). - CVE-2024-56549: cachefiles: Fix NULL pointer dereference in object->file (bsc#1234912). - CVE-2024-56566: mm/slub: Avoid list corruption when removing a slab from the full list (bsc#1235033). - CVE-2024-56582: btrfs: fix use-after-free in btrfs_encoded_read_endio() (bsc#1235128). - CVE-2024-56599: wifi: ath10k: avoid NULL pointer error during sdio remove (bsc#1235138). - CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056). - CVE-2024-56755: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING (bsc#1234920). The following non-security bugs were fixed: - 9p: v9fs_fid_find: also lookup by inode if not found dentry (git-fixes). - ACPI/HMAT: Move HMAT messages to pr_debug() (bsc#1234294) - ACPI: PRM: Add PRM handler direct call support (jsc#PED-10467). - ACPI: resource: Fix memory resource type union access (git-fixes). - ACPI: x86: Add skip i2c clients quirk for Acer Iconia One 8 A1-840 (stable-fixes). - ACPI: x86: Clean up Asus entries in acpi_quirk_skip_dmi_ids[] (stable-fixes). - ACPI: x86: Make UART skip quirks work on PCI UARTs without an UID (stable-fixes). - ACPICA: events/evxfregn: do not release the ContextMutex that was never acquired (git-fixes). - ALSA hda/realtek: Add quirk for Framework F111:000C (stable-fixes). - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes). - ALSA: hda/realtek: Fix headset mic on Acer Nitro 5 (stable-fixes). - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes). - ALSA: line6: Fix racy access to midibuf (stable-fixes). - ALSA: seq: Check UMP support for midi_version change (git-fixes). - ALSA: seq: oss: Fix races at processing SysEx messages (stable-fixes). - ALSA: seq: ump: Fix seq port updates per FB info notify (git-fixes). - ALSA: seq: ump: Use automatic cleanup of kfree() (stable-fixes). - ALSA: seq: ump: Use guard() for locking (stable-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Yamaha THR5 (stable-fixes). - ALSA: usb-audio: Notify xrun for low-latency mode (git-fixes). - ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes). - ALSA: usb-audio: US16x08: Initialize array before use (git-fixes). - ASoC: Intel: sof_sdw: add quirk for Dell SKU 0B8C (stable-fixes). - ASoC: Intel: sof_sdw: fix jack detection on ADL-N variant RVP (stable-fixes). - ASoC: SOF: Remove libraries from topology lookups (git-fixes). - ASoC: amd: yc: Add a quirk for microfone on Lenovo ThinkPad P14s Gen 5 21MES00B00 (stable-fixes). - ASoC: amd: yc: Add quirk for microphone on Lenovo Thinkpad T14s Gen 6 21M1CTO1WW (stable-fixes). - ASoC: amd: yc: Fix the wrong return value (git-fixes). - ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes). - ASoC: amd: yc: fix internal mic on Redmi G 2022 (stable-fixes). - ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes). - ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes). - ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes). - ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes). - ASoC: hdmi-codec: reorder channel allocation list (stable-fixes). - ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes). - ASoC: nau8822: Lower debug print priority (stable-fixes). - Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() (stable-fixes). - Bluetooth: ISO: Reassociate a socket with an active BIS (stable-fixes). - Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (stable-fixes). - Bluetooth: MGMT: Fix possible deadlocks (git-fixes). - Bluetooth: SCO: Add support for 16 bits transparent voice setting (git-fixes). - Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables (stable-fixes). - Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet (stable-fixes). - Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating (git-fixes). - Bluetooth: iso: Fix recursive locking warning (git-fixes). - Documentation: PM: Clarify pm_runtime_resume_and_get() return value (git-fixes). - Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (git-fixes). - HID: magicmouse: Apple Magic Trackpad 2 USB-C driver support (stable-fixes). - NFS/pnfs: Fix a live lock between recalled layouts and layoutget (git-fixes). - NFSD: Async COPY result needs to return a write verifier (git-fixes). - NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() (git-fixes). - NFSD: Fix nfsd4_shutdown_copy() (git-fixes). - NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (git-fixes). - NFSD: Prevent a potential integer overflow (git-fixes). - NFSD: Remove a never-true comparison (git-fixes). - NFSD: initialize copy->cp_clp early in nfsd4_copy for use by trace point (git-fixes). - NFSv4.0: Fix a use-after-free problem in the asynchronous open() (git-fixes). - Octeontx2-pf: Free send queue buffers incase of leaf to inner (git-fixes). - PCI/AER: Disable AER service on suspend (stable-fixes). - PCI/MSI: Handle lack of irqdomain gracefully (git-fixes). - PCI: Add 'reset_subordinate' to reset hierarchy below bridge (stable-fixes). - PCI: Add ACS quirk for Broadcom BCM5760X NIC (stable-fixes). - PCI: Add ACS quirk for Wangxun FF5xxx NICs (stable-fixes). - PCI: Add T_PERST_CLK_US macro (git-fixes). - PCI: Detect and trust built-in Thunderbolt chips (stable-fixes). - PCI: Fix use-after-free of slot->bus on hot remove (stable-fixes). - PCI: Use preserve_config in place of pci_flags (stable-fixes). - PCI: cadence: Extract link setup sequence from cdns_pcie_host_setup() (stable-fixes). - PCI: cadence: Set cdns_pcie_host_init() global (stable-fixes). - PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads (stable-fixes). - PCI: j721e: Add PCIe 4x lane selection support (stable-fixes). - PCI: j721e: Add per platform maximum lane settings (stable-fixes). - PCI: j721e: Add reset GPIO to struct j721e_pcie (stable-fixes). - PCI: j721e: Add suspend and resume support (git-fixes). - PCI: j721e: Use T_PERST_CLK_US macro (git-fixes). - PCI: qcom: Add support for IPQ9574 (stable-fixes). - PCI: vmd: Add DID 8086:B06F and 8086:B60B for Intel client SKUs (stable-fixes). - PCI: vmd: Set devices to D0 before enabling PM L1 Substates (stable-fixes). - RAS/AMD/ATL: Translate normalized to system physical addresses using PRM (jsc#PED-10467). - RDMA/bnxt_re: Add check for path mtu in modify_qp (git-fixes) - RDMA/bnxt_re: Avoid initializing the software queue for user queues (git-fixes) - RDMA/bnxt_re: Avoid sending the modify QP workaround for latest adapters (git-fixes) - RDMA/bnxt_re: Disable use of reserved wqes (git-fixes) - RDMA/bnxt_re: Fix max_qp_wrs reported (git-fixes) - RDMA/bnxt_re: Fix reporting hw_ver in query_device (git-fixes) - RDMA/bnxt_re: Fix the check for 9060 condition (git-fixes) - RDMA/bnxt_re: Fix the locking while accessing the QP table (git-fixes) - RDMA/bnxt_re: Remove always true dattr validity check (git-fixes) - RDMA/core: Fix ENODEV error for iWARP test over vlan (git-fixes) - RDMA/hns: Fix accessing invalid dip_ctx during destroying QP (git-fixes) - RDMA/hns: Fix mapping error of zero-hop WQE buffer (git-fixes) - RDMA/hns: Fix missing flush CQE for DWQE (git-fixes) - RDMA/hns: Fix warning storm caused by invalid input in IO path (git-fixes) - RDMA/mlx5: Enforce same type port association for multiport RoCE (git-fixes) - RDMA/rtrs: Ensure 'ib_sge list' is accessible (git-fixes) - RDMA/uverbs: Prevent integer overflow issue (git-fixes) - Revert 'block/mq-deadline: use correct way to throttling write requests' (bsc#1234146). - Revert 'btrfs: fix use-after-free waiting for encoded read endios (bsc#1235128)' - Revert 'igb: Disable threaded IRQ for igb_msix_other' (git-fixes). - Revert 'unicode: Do not special case ignorable code points' (stable-fixes). - SUNRPC: make sure cache entry active before cache_show (git-fixes). - SUNRPC: timeout and cancel TLS handshake with -ETIMEDOUT (git-fixes). - USB: serial: option: add MediaTek T7XX compositions (stable-fixes). - USB: serial: option: add MeiG Smart SLM770A (stable-fixes). - USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready (stable-fixes). - USB: serial: option: add TCL IK512 MBIM & ECM (stable-fixes). - USB: serial: option: add Telit FE910C04 rmnet compositions (stable-fixes). - accel/habanalabs/gaudi2: unsecure tpc count registers (stable-fixes). - accel/habanalabs: export dma-buf only if size/offset multiples of PAGE_SIZE (stable-fixes). - accel/habanalabs: fix debugfs files permissions (stable-fixes). - accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings (stable-fixes). - acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl (git-fixes). - af_unix: Call manage_oob() for every skb in unix_stream_read_generic() (bsc#1234725). - afs: Automatically generate trace tag enums (git-fixes). - afs: Fix missing subdir edit when renamed between parent dirs (git-fixes). - amdgpu/uvd: get ring reference from rq scheduler (git-fixes). - arch: Introduce arch_{,try_}_cmpxchg128{,_local}() (bsc#1220773). - arch: Remove cmpxchg_double (bsc#1220773). - arch: consolidate arch_irq_work_raise prototypes (git-fixes). - arm64: Ensure bits ASID[15:8] are masked out when the kernel uses (bsc#1234605) - arm64: Force position-independent veneers (git-fixes). - arm64: dts: imx8mp: correct sdhc ipg clk (git-fixes). - autofs: fix memory leak of waitqueues in autofs_catatonic_mode (git-fixes). - batman-adv: Do not let TT changes list grows indefinitely (git-fixes). - batman-adv: Do not send uninitialized TT changes (git-fixes). - batman-adv: Remove uninitialized data in full table TT response (git-fixes). - blk-cgroup: Fix UAF in blkcg_unpin_online() (bsc#1234726). - blk-core: use pr_warn_ratelimited() in bio_check_ro() (bsc#1234139). - blk-iocost: Fix an UBSAN shift-out-of-bounds warning (bsc#1234144). - blk-iocost: do not WARN if iocg was already offlined (bsc#1234147). - blk-throttle: fix lockdep warning of 'cgroup_mutex or RCU read lock required!' (bsc#1234140). - block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator() (bsc#1234149). - block, bfq: do not break merge chain in bfq_split_bfqq() (bsc#1234150). - block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234160). - block, bfq: fix procress reference leakage for bfqq in merge chain (bsc#1234280). - block, bfq: fix uaf for accessing waker_bfqq after splitting (bsc#1234279). - block/mq-deadline: Fix the tag reservation code (bsc#1234148). - block: Call .limit_depth() after .hctx has been set (bsc#1234148). - block: Fix where bio IO priority gets set (bsc#1234145). - block: prevent an integer overflow in bvec_try_merge_hw_page (bsc#1234142). - block: update the stable_writes flag in bdev_add (bsc#1234141). - bnxt_en: Fix receive ring space parameters when XDP is active (git-fixes). - bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down (git-fixes). - bnxt_en: Set backplane link modes correctly for ethtool (git-fixes). - bpf, x86: Fix PROBE_MEM runtime load check (git-fixes). - bpf: verifier: prevent userspace memory access (git-fixes). - btrfs: fix use-after-free waiting for encoded read endios (bsc#1235128) - can: gs_usb: add VID/PID for Xylanta SAINT3 product family (stable-fixes). - can: j1939: fix error in J1939 documentation (stable-fixes). - clocksource/drivers/timer-ti-dm: Fix child node refcount handling (git-fixes). - clocksource/drivers:sp804: Make user selectable (git-fixes). - counter: stm32-timer-cnt: Add check for clk_enable() (git-fixes). - counter: ti-ecap-capture: Add check for clk_enable() (git-fixes). - crypto: qat - disable IOV in adf_dev_stop() (git-fixes). - crypto: x86/sha256 - Add parentheses around macros' single arguments (stable-fixes). - cyrpto/b128ops: Remove struct u128 (bsc#1220773). - devlink: Fix length of eswitch inline-mode (git-fixes). - dma-buf: fix dma_fence_array_signaled v4 (stable-fixes). - dma-debug: fix a possible deadlock on radix_lock (stable-fixes). - dmaengine: apple-admac: Avoid accessing registers in probe (git-fixes). - dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset (git-fixes). - dmaengine: dw: Select only supported masters for ACPI devices (git-fixes). - dmaengine: idxd: Check for driver name match before sva user feature (bsc#1234357). - dmaengine: mv_xor: fix child node refcount handling in early exit (git-fixes). - dmaengine: tegra: Return correct DMA status when paused (git-fixes). - driver core: Add FWLINK_FLAG_IGNORE to completely ignore a fwnode link (stable-fixes). - driver core: fw_devlink: Improve logs for cycle detection (stable-fixes). - driver core: fw_devlink: Stop trying to optimize cycle detection logic (git-fixes). - drivers: net: ionic: add missed debugfs cleanup to ionic_probe() error path (git-fixes). - drm/amd/display: Add HDR workaround for specific eDP (stable-fixes). - drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw (stable-fixes). - drm/amd/display: Allow backlight to go below `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT` (stable-fixes). - drm/amd/display: Avoid overflow assignment in link_dp_cts (stable-fixes). - drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination (stable-fixes). - drm/amd/display: Revert Avoid overflow assignment (stable-fixes). - drm/amd/display: Use gpuvm_min_page_size_kbytes for DML2 surfaces (stable-fixes). - drm/amd/pm: fix the high voltage issue after unload (stable-fixes). - drm/amd/pm: update current_socclk and current_uclk in gpu_metrics on smu v13.0.7 (stable-fixes). - drm/amdgpu/gfx10: use rlc safe mode for soft recovery (stable-fixes). - drm/amdgpu/gfx11: use rlc safe mode for soft recovery (stable-fixes). - drm/amdgpu/gfx9: properly handle error ints on all pipes (stable-fixes). - drm/amdgpu/gfx9: use rlc safe mode for soft recovery (stable-fixes). - drm/amdgpu/hdp5.2: do a posting read when flushing HDP (stable-fixes). - drm/amdgpu/pm: Remove gpu_od if it's an empty directory (stable-fixes). - drm/amdgpu/umsch: do not execute umsch test when GPU is in reset/suspend (stable-fixes). - drm/amdgpu/umsch: reinitialize write pointer in hw init (stable-fixes). - drm/amdgpu/vcn: reset fw_shared when VCPU buffers corrupted on vcn v4.0.3 (stable-fixes). - drm/amdgpu: Block MMR_READ IOCTL in reset (stable-fixes). - drm/amdgpu: Dereference the ATCS ACPI buffer (stable-fixes). - drm/amdgpu: add raven1 gfxoff quirk (stable-fixes). - drm/amdgpu: add smu 14.0.1 discovery support (stable-fixes). - drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts for vega20_ih (stable-fixes). - drm/amdgpu: differentiate external rev id for gfx 11.5.0 (stable-fixes). - drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit (stable-fixes). - drm/amdgpu: do not access invalid sched (git-fixes). - drm/amdgpu: enable gfxoff quirk on HP 705G4 (stable-fixes). - drm/amdgpu: fix unchecked return value warning for amdgpu_gfx (stable-fixes). - drm/amdgpu: fix usage slab after free (stable-fixes). - drm/amdgpu: prevent BO_HANDLES error from being overwritten (git-fixes). - drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr (stable-fixes). - drm/amdgpu: set the right AMDGPU sg segment limitation (stable-fixes). - drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov (stable-fixes). - drm/amdkfd: Fix resource leak in criu restore queue (stable-fixes). - drm/amdkfd: Use device based logging for errors (stable-fixes). - drm/amdkfd: Use the correct wptr size (stable-fixes). - drm/amdkfd: pause autosuspend when creating pdd (stable-fixes). - drm/bridge: adv7511_audio: Update Audio InfoFrame properly (git-fixes). - drm/bridge: it6505: Enable module autoloading (stable-fixes). - drm/bridge: it6505: Fix inverted reset polarity (git-fixes). - drm/bridge: it6505: update usleep_range for RC circuit charge time (stable-fixes). - drm/display: Fix building with GCC 15 (stable-fixes). - drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (stable-fixes). - drm/dp_mst: Fix MST sideband message body length check (stable-fixes). - drm/dp_mst: Fix resetting msg rx state after topology removal (git-fixes). - drm/dp_mst: Verify request type in the corresponding down message reply (stable-fixes). - drm/etnaviv: flush shader L1 cache after user commandstream (stable-fixes). - drm/i915/dg1: Fix power gate sequence (git-fixes). - drm/i915: Fix NULL pointer dereference in capture_engine (git-fixes). - drm/i915: Fix memory leak by correcting cache object name in error handler (git-fixes). - drm/mcde: Enable module autoloading (stable-fixes). - drm/modes: Avoid divide by zero harder in drm_mode_vrefresh() (stable-fixes). - drm/nouveau/gsp: Use the sg allocator for level 2 of radix3 (stable-fixes). - drm/panel: novatek-nt35950: fix return value check in nt35950_probe() (git-fixes). - drm/panel: simple: Add Microchip AC69T88A LVDS Display panel (stable-fixes). - drm/printer: Allow NULL data in devcoredump printer (stable-fixes). - drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() (stable-fixes). - drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check() (stable-fixes). - drm/radeon: Fix spurious unplug event on radeon HDMI (git-fixes). - drm/radeon: add helper rdev_to_drm(rdev) (stable-fixes). - drm/radeon: change rdev->ddev to rdev_to_drm(rdev) (stable-fixes). - drm/sched: memset() 'job' in drm_sched_job_init() (stable-fixes). - drm/vc4: hdmi: Avoid log spam for audio start failure (stable-fixes). - drm/vc4: hvs: Set AXI panic modes for the HVS (stable-fixes). - drm: adv7511: Drop dsi single lane support (git-fixes). - drm: adv7511: Fix use-after-free in adv7533_attach_dsi() (git-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model (stable-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO Founder edition (stable-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO GEEK (stable-fixes). - drm: panel-orientation-quirks: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes). - erofs: avoid debugging output for (de)compressed data (git-fixes). - exfat: fix uninit-value in __exfat_get_dentry_set (git-fixes). - ext4: add a new helper to check if es must be kept (bsc#1234170). - ext4: add correct group descriptors and reserved GDT blocks to system zone (bsc#1234164). - ext4: add missed brelse in update_backups (bsc#1234171). - ext4: allow for the last group to be marked as trimmed (bsc#1234278). - ext4: avoid buffer_head leak in ext4_mark_inode_used() (bsc#1234191). - ext4: avoid excessive credit estimate in ext4_tmpfile() (bsc#1234180). - ext4: avoid negative min_clusters in find_group_orlov() (bsc#1234193). - ext4: avoid overlapping preallocations due to overflow (bsc#1234162). - ext4: avoid potential buffer_head leak in __ext4_new_inode() (bsc#1234192). - ext4: avoid writing unitialized memory to disk in EA inodes (bsc#1234187). - ext4: check the extent status again before inserting delalloc block (bsc#1234186). - ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard (bsc#1234190). - ext4: convert to exclusive lock while inserting delalloc extents (bsc#1234178). - ext4: correct best extent lstart adjustment logic (bsc#1234179). - ext4: correct grp validation in ext4_mb_good_group (bsc#1234163). - ext4: correct return value of ext4_convert_meta_bg (bsc#1234172). - ext4: correct the hole length returned by ext4_map_blocks() (bsc#1234178). - ext4: correct the start block of counting reserved clusters (bsc#1234169). - ext4: do not let fstrim block system suspend (https://bugzilla.kernel.org/show_bug.cgi?id=216322 bsc#1234166). - ext4: do not trim the group with corrupted block bitmap (bsc#1234177). - ext4: factor out __es_alloc_extent() and __es_free_extent() (bsc#1234170). - ext4: factor out a common helper to query extent map (bsc#1234186). - ext4: fix inconsistent between segment fstrim and full fstrim (bsc#1234176). - ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space() (bsc#1234188). - ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit() (bsc#1234188). - ext4: fix incorrect tid assumption in jbd2_journal_shrink_checkpoint_list() (bsc#1234188). - ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). - ext4: fix potential unnitialized variable (bsc#1234183). - ext4: fix race between writepages and remount (bsc#1234168). - ext4: fix rec_len verify error (bsc#1234167). - ext4: fix slab-use-after-free in ext4_es_insert_extent() (bsc#1234170). - ext4: fix uninitialized variable in ext4_inlinedir_to_tree (bsc#1234185). - ext4: forbid commit inconsistent quota data when errors=remount-ro (bsc#1234178). - ext4: make ext4_es_insert_delayed_block() return void (bsc#1234170). - ext4: make ext4_es_insert_extent() return void (bsc#1234170). - ext4: make ext4_es_remove_extent() return void (bsc#1234170). - ext4: make ext4_zeroout_es() return void (bsc#1234170). - ext4: make sure allocate pending entry not fail (bsc#1234170). - ext4: mark buffer new if it is unwritten to avoid stale data exposure (bsc#1234175). - ext4: move 'ix' sanity check to corrent position (bsc#1234174). - ext4: move setting of trimmed bit into ext4_try_to_trim_range() (bsc#1234165). - ext4: nested locking for xattr inode (bsc#1234189). - ext4: propagate errors from ext4_find_extent() in ext4_insert_range() (bsc#1234194). - ext4: refactor ext4_da_map_blocks() (bsc#1234178). - ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks (bsc#1234173). - ext4: remove the redundant folio_wait_stable() (bsc#1234184). - ext4: set the type of max_zeroout to unsigned int to avoid overflow (bsc#1234182). - ext4: set type of ac_groups_linear_remaining to __u32 to avoid overflow (bsc#1234181). - ext4: use pre-allocated es in __es_insert_extent() (bsc#1234170). - ext4: use pre-allocated es in __es_remove_extent() (bsc#1234170). - ext4: using nofail preallocation in ext4_es_insert_delayed_block() (bsc#1234170). - ext4: using nofail preallocation in ext4_es_insert_extent() (bsc#1234170). - ext4: using nofail preallocation in ext4_es_remove_extent() (bsc#1234170). - filemap: Fix bounds checking in filemap_read() (bsc#1234209). - filemap: add a per-mapping stable writes flag (bsc#1234141). - firmware: arm_scmi: Reject clear channel request on A2P (stable-fixes). - fs-writeback: do not requeue a clean inode having skipped pages (bsc#1234200). - fs/writeback: bail out if there is no more inodes for IO and queued once (bsc#1234207). - fsnotify: fix sending inotify event with unexpected filename (bsc#1234198). - genirq/cpuhotplug: Retry with cpu_online_mask when migration fails (git-fixes). - genirq/cpuhotplug: Skip suspended interrupts when restoring affinity (git-fixes). - genirq/irqdesc: Honor caller provided affinity in alloc_desc() (git-fixes). - gpio: grgpio: Add NULL check in grgpio_probe (git-fixes). - gpio: grgpio: use a helper variable to store the address of ofdev->dev (stable-fixes). - hfsplus: do not query the device logical block size multiple times (git-fixes). - hvc/xen: fix console unplug (git-fixes). - hvc/xen: fix error path in xen_hvc_init() to always register frontend driver (git-fixes). - hvc/xen: fix event channel handling for secondary consoles (git-fixes). - hwmon: (nct6775) Add 665-ACE/600M-CL to ASUS WMI monitoring list (stable-fixes). - hwmon: (pmbus/core) clear faults after setting smbalert mask (git-fixes). - hwmon: (pmbus_core) Allow to hook PMBUS_SMBALERT_MASK (stable-fixes). - hwmon: (tmp513) Do not use 'proxy' headers (stable-fixes). - hwmon: (tmp513) Fix Current Register value interpretation (git-fixes). - hwmon: (tmp513) Fix interpretation of values of Shunt Voltage and Limit Registers (git-fixes). - hwmon: (tmp513) Fix interpretation of values of Temperature Result and Limit Registers (git-fixes). - hwmon: (tmp513) Simplify with dev_err_probe() (stable-fixes). - hwmon: (tmp513) Use SI constants from units.h (stable-fixes). - i2c: imx: add imx7d compatible string for applying erratum ERR007805 (git-fixes). - i2c: microchip-core: actually use repeated sends (git-fixes). - i2c: microchip-core: fix 'ghost' detections (git-fixes). - i2c: pnx: Fix timeout in wait functions (git-fixes). - i2c: riic: Always round-up when calculating bus period (git-fixes). - i40e: Fix handling changed priv flags (git-fixes). - i915/guc: Accumulate active runtime on gt reset (git-fixes). - i915/guc: Ensure busyness counter increases motonically (git-fixes). - i915/guc: Reset engine utilization buffer before registration (git-fixes). - ice: Unbind the workqueue (bsc#1234989) - ice: change q_index variable type to s16 to store -1 value (git-fixes). - ice: consistently use q_idx in ice_vc_cfg_qs_msg() (git-fixes). - ice: fix PHY Clock Recovery availability check (git-fixes). - idpf: add support for SW triggered interrupts (bsc#1235507). - idpf: enable WB_ON_ITR (bsc#1235507). - idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507). - igb: Fix potential invalid memory access in igb_init_module() (git-fixes). - iio: magnetometer: yas530: use signed integer type for clamp limits (git-fixes). - instrumentation: Wire up cmpxchg128() (bsc#1220773). - io_uring/rw: avoid punting to io-wq directly (git-fixes). - io_uring/tctx: work around xa_store() allocation error issue (git-fixes). - io_uring: Fix registered ring file refcount leak (git-fixes). - io_uring: always lock __io_cqring_overflow_flush (git-fixes). - io_uring: check if iowq is killed before queuing (git-fixes). - iommu/io-pgtable-arm: Fix stage-2 map/unmap for concatenated tables (git-fixes). - irqflags: Explicitly ignore lockdep_hrtimer_exit() argument (git-fixes). - isofs: handle CDs with bad root inode but good Joliet root directory (bsc#1234199). - ixgbe: downgrade logging of unsupported VF API version to debug (git-fixes). - ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5 (git-fixes). - jffs2: Fix rtime decompressor (git-fixes). - jffs2: Prevent rtime decompress memory corruption (git-fixes). - jffs2: fix use of uninitialized variable (git-fixes). - jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree (git-fixes). - jfs: array-index-out-of-bounds fix in dtReadFirst (git-fixes). - jfs: fix array-index-out-of-bounds in jfs_readdir (git-fixes). - jfs: fix shift-out-of-bounds in dbSplit (git-fixes). - jfs: xattr: check invalid xattr size more strictly (git-fixes). - kABI workaround for struct drm_dp_mst_topology_mgr (git-fixes). - kabi/severities: make vcap_find_actionfield PASS (bsc#1220773) - kasan: make report_lock a raw spinlock (git-fixes). - kdb: Fix buffer overflow during tab-complete (bsc#1234652). - kdb: Fix console handling when editing and tab-completing commands (bsc#1234655). - kdb: Merge identical case statements in kdb_read() (bsc#1234657). - kdb: Use format-specifiers rather than memset() for padding in kdb_read() (bsc#1234658). - kdb: Use format-strings rather than '\0' injection in kdb_read() (bsc#1234654). - kdb: Use the passed prompt in kdb_position_cursor() (bsc#1234654). - kdb: address -Wformat-security warnings (bsc#1234659). - kgdb: Flush console before entering kgdb on panic (bsc#1234651). - leds: class: Protect brightness_show() with led_cdev->led_access mutex (stable-fixes). - linux/dmaengine.h: fix a few kernel-doc warnings (git-fixes). - locking/atomic/x86: Correct the definition of __arch_try_cmpxchg128() (bsc#1220773 git-fix). - loop: fix the the direct I/O support check when used on top of block devices (bsc#1234143). - mac80211: fix user-power when emulating chanctx (stable-fixes). - media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108 (stable-fixes). - media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg (git-fixes). - media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera (stable-fixes). - media: uvcvideo: RealSense D421 Depth module metadata (stable-fixes). - mfd: da9052-spi: Change read-mask to write-mask (git-fixes). - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices (git-fixes). - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device (git-fixes). - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device (git-fixes). - mm/filemap: avoid buffered read/write race to read inconsistent data (bsc#1234204). - mm/readahead: do not allow order-1 folio (bsc#1234205). - mm/readahead: limit page cache size in page_cache_ra_order() (bsc#1234208). - mmc: core: Add SD card quirk for broken poweroff notification (stable-fixes). - mmc: mtk-sd: Fix MMC_CAP2_CRYPTO flag setting (git-fixes). - mmc: mtk-sd: fix devm_clk_get_optional usage (stable-fixes). - mmc: sdhci-esdhc-imx: enable quirks SDHCI_QUIRK_NO_LED (stable-fixes). - mmc: sdhci-pci: Add DMI quirk for missing CD GPIO on Vexia Edu Atla 10 tablet (stable-fixes). - mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk (git-fixes). - mtd: diskonchip: Cast an operand to prevent potential overflow (git-fixes). - mtd: hyperbus: rpc-if: Add missing MODULE_DEVICE_TABLE (git-fixes). - mtd: hyperbus: rpc-if: Convert to platform remove callback returning void (stable-fixes). - mtd: rawnand: arasan: Fix double assertion of chip-select (git-fixes). - mtd: rawnand: arasan: Fix missing de-registration of NAND (git-fixes). - mtd: rawnand: fix double free in atmel_pmecc_create_user() (git-fixes). - net :mana :Request a V2 response version for MANA_QUERY_GF_STAT (git-fixes). - net/ipv6: release expired exception dst cached in socket (bsc#1216813). - net/mlx5e: CT: Fix null-ptr-deref in add rule err flow (git-fixes). - net/mlx5e: Remove workaround to avoid syndrome for internal port (git-fixes). - net/mlx5e: clear xdp features on non-uplink representors (git-fixes). - net/qed: allow old cards not supporting 'num_images' to work (git-fixes). - net: Return error from sk_stream_wait_connect() if sk_wait_event() fails (git-fixes). - net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246). - net: usb: qmi_wwan: add Quectel RG650V (stable-fixes). - nfs: ignore SB_RDONLY when mounting nfs (git-fixes). - nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur (git-fixes). - nfsd: make sure exp active before svc_export_show (git-fixes). - nfsd: release svc_expkey/svc_export with rcu_work (git-fixes). - nfsd: restore callback functionality for NFSv4.0 (git-fixes). - nilfs2: fix buffer head leaks in calls to truncate_inode_pages() (git-fixes). - nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (git-fixes). - nilfs2: prevent use of deleted inode (git-fixes). - nvme-pci: 512 byte aligned dma pool segment quirk (git-fixes). - nvme-rdma: unquiesce admin_q before destroy it (git-fixes). - nvme-tcp: fix the memleak while create new ctrl failed (git-fixes). - nvme/multipath: Fix RCU list traversal to use SRCU primitive (git-fixes). - nvme: apple: fix device reference counting (git-fixes). - nvme: fix metadata handling in nvme-passthrough (git-fixes). - nvmet-loop: avoid using mutex in IO hotpath (git-fixes). - ocfs2: fix uninitialized value in ocfs2_file_read_iter() (git-fixes). - ocfs2: free inode when ocfs2_get_init_inode() fails (git-fixes). - of/irq: Fix using uninitialized variable @addr_len in API of_irq_parse_one() (git-fixes). - of: Fix error path in of_parse_phandle_with_args_map() (git-fixes). - of: Fix refcount leakage for OF node returned by __of_get_dma_parent() (git-fixes). - of: address: Report error on resource bounds overflow (stable-fixes). - parisc: Raise minimal GCC version (bsc#1220773). - parisc: Raise minimal GCC version to 12.0.0 (bsc#1220773 git-fix). - percpu: Add {raw,this}_cpu_try_cmpxchg() (bsc#1220773). - percpu: Fix self-assignment of __old in raw_cpu_generic_try_cmpxchg() (bsc#1220773 git-fix). - percpu: Wire up cmpxchg128 (bsc#1220773). - phy: core: Fix an OF node refcount leakage in _of_phy_get() (git-fixes). - phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup() (git-fixes). - phy: core: Fix that API devm_of_phy_provider_unregister() fails to unregister the phy provider (git-fixes). - phy: core: Fix that API devm_phy_destroy() fails to destroy the phy (git-fixes). - phy: core: Fix that API devm_phy_put() fails to release the phy (git-fixes). - phy: qcom-qmp: Fix register name in RX Lane config of SC8280XP (git-fixes). - phy: rockchip: naneng-combphy: fix phy reset (git-fixes). - phy: usb: Toggle the PHY power during init (git-fixes). - pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking (git-fixes). - pinctrl: qcom-pmic-gpio: add support for PM8937 (stable-fixes). - pinctrl: qcom: spmi-mpp: Add PM8937 compatible (stable-fixes). - pinmux: Use sequential access to access desc->pinmux data (stable-fixes). - platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes). - platform/x86: asus-nb-wmi: Ignore unknown event 0xCF (stable-fixes). - platform/x86: dell-smbios-base: Extends support to Alienware products (stable-fixes). - platform/x86: dell-wmi-base: Handle META key Lock/Unlock events (stable-fixes). - platform/x86: thinkpad_acpi: Fix for ThinkPad's with ECFW showing incorrect fan speed (stable-fixes). - power: supply: gpio-charger: Fix set charge current limits (git-fixes). - powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active (bsc#1235108). - proc/softirqs: replace seq_printf with seq_put_decimal_ull_width (git-fixes). - quota: Fix rcu annotations of inode dquot pointers (bsc#1234197). - quota: explicitly forbid quota files from being encrypted (bsc#1234196). - quota: flush quota_release_work upon quota writeback (bsc#1234195). - quota: simplify drop_dquot_ref() (bsc#1234197). - readahead: use ilog2 instead of a while loop in page_cache_ra_order() (bsc#1234208). - regmap: Use correct format specifier for logging range errors (stable-fixes). - regulator: rk808: Add apply_bit for BUCK3 on RK809 (stable-fixes). - rtc: cmos: avoid taking rtc_lock for extended period of time (stable-fixes). - s390/cio: Do not unregister the subchannel based on DNV (git-fixes). - s390/cpum_sf: Convert to cmpxchg128() (bsc#1220773). - s390/cpum_sf: Handle CPU hotplug remove during sampling (git-fixes). - s390/cpum_sf: Remove WARN_ON_ONCE statements (git-fixes). - s390/facility: Disable compile time optimization for decompressor code (git-fixes). - s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() (git-fixes). - s390/pageattr: Implement missing kernel_page_present() (git-fixes). - scatterlist: fix incorrect func name in kernel-doc (git-fixes). - sched/numa: fix memory leak due to the overwritten vma->numab_state (git fixes (sched/numa)). - scsi: lpfc: Add handling for LS_RJT reason explanation authentication required (bsc#1235409). - scsi: lpfc: Add support for large fw object application layer reads (bsc#1235409). - scsi: lpfc: Change lpfc_nodelist save_flags member into a bitmask (bsc#1235409). - scsi: lpfc: Copyright updates for 14.4.0.7 patches (bsc#1235409). - scsi: lpfc: Delete NLP_TARGET_REMOVE flag due to obsolete usage (bsc#1235409). - scsi: lpfc: Modify handling of ADISC based on ndlp state and RPI registration (bsc#1235409). - scsi: lpfc: Redefine incorrect type in lpfc_create_device_data() (bsc#1235409). - scsi: lpfc: Restrict the REG_FCFI MAM field to FCoE adapters only (bsc#1235409). - scsi: lpfc: Update definition of firmware configuration mbox cmds (bsc#1235409). - scsi: lpfc: Update lpfc version to 14.4.0.7 (bsc#1235409). - scsi: qla2xxx: Fix NVMe and NPIV connect issue (bsc#1235406). - scsi: qla2xxx: Fix abort in bsg timeout (bsc#1235406). - scsi: qla2xxx: Fix use after free on unload (bsc#1235406). - scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt (bsc#1235406). - scsi: qla2xxx: Remove the unused 'del_list_entry' field in struct fc_port (bsc#1235406). - scsi: qla2xxx: Supported speed displayed incorrectly for VPorts (bsc#1235406). - scsi: qla2xxx: Update version to 10.02.09.400-k (bsc#1235406). - scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes). - selftests/bpf: Test PROBE_MEM of VSYSCALL_ADDR on x86-64 (git-fixes). - serial: 8250_dw: Add Sophgo SG2044 quirk (stable-fixes). - serial: 8250_dw: Do not use struct dw8250_data outside of 8250_dw (git-fixes). - serial: 8250_dw: Replace ACPI device check by a quirk (git-fixes). - serial: 8250_fintek: Add support for F81216E (stable-fixes). - serial: Do not hold the port lock when setting rx-during-tx GPIO (git-fixes). - serial: amba-pl011: Fix RX stall when DMA is used (git-fixes). - serial: amba-pl011: Use port lock wrappers (stable-fixes). - serial: amba-pl011: fix build regression (git-fixes). - serial: do not use uninitialized value in uart_poll_init() (git-fixes). - serial: imx: only set receiver level if it is zero (git-fixes). - serial: imx: set receiver level before starting uart (git-fixes). - serial: qcom-geni: Do not cancel/abort if we can't get the port lock (git-fixes). - serial: qcom-geni: disable interrupts during console writes (git-fixes). - serial: qcom-geni: fix arg types for qcom_geni_serial_poll_bit() (git-fixes). - serial: qcom-geni: fix console corruption (git-fixes). - serial: qcom-geni: fix dma rx cancellation (git-fixes). - serial: qcom-geni: fix false console tx restart (git-fixes). - serial: qcom-geni: fix fifo polling timeout (git-fixes). - serial: qcom-geni: fix hard lockup on buffer flush (git-fixes). - serial: qcom-geni: fix polled console corruption (git-fixes). - serial: qcom-geni: fix polled console initialisation (git-fixes). - serial: qcom-geni: fix receiver enable (git-fixes). - serial: qcom-geni: fix shutdown race (git-fixes). - serial: qcom-geni: fix soft lockup on sw flow control and suspend (git-fixes). - serial: qcom-geni: introduce qcom_geni_serial_poll_bitfield() (git-fixes). - serial: qcom-geni: revert broken hibernation support (git-fixes). - serial: stm32: Return IRQ_NONE in the ISR if no handling happend (git-fixes). - serial: stm32: do not always set SER_RS485_RX_DURING_TX if RS485 is enabled (git-fixes). - slub: Replace cmpxchg_double() (bsc#1220773). - slub: Replace cmpxchg_double() - KABI fix (bsc#1220773). - smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: fix issue described in bsc#1233642] - soc/fsl: cpm: qmc: Convert to platform remove callback returning void (stable-fixes). - soc: fsl: cpm1: qmc: Fix blank line and spaces (stable-fixes). - soc: fsl: cpm1: qmc: Introduce qmc_init_resource() and its CPM1 version (stable-fixes). - soc: fsl: cpm1: qmc: Introduce qmc_{init,exit}_xcc() and their CPM1 version (stable-fixes). - soc: fsl: cpm1: qmc: Re-order probe() operations (stable-fixes). - soc: fsl: cpm1: qmc: Set the ret error code on platform_get_irq() failure (git-fixes). - soc: imx8m: Probe the SoC driver as platform driver (stable-fixes). - soc: qcom: Add check devm_kasprintf() returned value (stable-fixes). - soc: qcom: geni-se: Add M_TX_FIFO_NOT_EMPTY bit definition (git-fixes). - soc: qcom: geni-se: add GP_LENGTH/IRQ_EN_SET/IRQ_EN_CLEAR registers (git-fixes). - soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() (git-fixes). - spi: aspeed: Fix an error handling path in aspeed_spi_[read|write]_user() (git-fixes). - sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport (git-fixes). - sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (git-fixes). - sunrpc: handle -ENOTCONN in xs_tcp_setup_socket() (git-fixes). - svcrdma: Address an integer overflow (git-fixes). - svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() (git-fixes). - swiotlb: Enforce page alignment in swiotlb_alloc() (git-fixes). - swiotlb: Reinstate page-alignment for mappings >= PAGE_SIZE (git-fixes). - thermal/drivers/qcom/tsens-v1: Add support for MSM8937 tsens (stable-fixes). - tools: hv: change permissions of NetworkManager configuration file (git-fixes). - tpm/eventlog: Limit memory allocations for event logs with excessive size (bsc#1233260 bsc#1233259 bsc#1232421). - tpm_tis_spi: Release chip select when flow control fails (bsc#1234338) - tty: serial: kgdboc: Fix 8250_* kgdb over serial (git-fixes). - types: Introduce [us]128 (bsc#1220773). - ubifs: Correct the total block count by deducting journal reservation (git-fixes). - ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit (git-fixes). - udf: Fix lock ordering in udf_evict_inode() (bsc#1234238). - udf: fix uninit-value use in udf_get_fileshortad (bsc#1234243). - udf: prevent integer overflow in udf_bitmap_free_blocks() (bsc#1234239). - udf: refactor inode_bmap() to handle error (bsc#1234242). - udf: refactor udf_current_aext() to handle error (bsc#1234240). - udf: refactor udf_next_aext() to handle error (bsc#1234241). - udf: udftime: prevent overflow in udf_disk_stamp_to_time() (bsc#1234237). - usb: add support for new USB device ID 0x17EF:0x3098 for the r8152 driver (stable-fixes). - usb: cdns3-ti: Add workaround for Errata i2409 (stable-fixes). - usb: cdns3: Add quirk flag to enable suspend residency (stable-fixes). - usb: chipidea: udc: handle USB Error Interrupt if IOC not set (stable-fixes). - usb: dwc2: Fix HCD port connection race (git-fixes). - usb: dwc2: Fix HCD resume (git-fixes). - usb: dwc2: gadget: Do not write invalid mapped sg entries into dma_desc with iommu enabled (stable-fixes). - usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature (git-fixes). - usb: dwc3: ep0: Do not clear ep0 DWC3_EP_TRANSFER_STARTED (git-fixes). - usb: dwc3: ep0: Do not reset resource alloc flag (git-fixes). - usb: dwc3: ep0: Do not reset resource alloc flag (including ep0) (git-fixes). - usb: dwc3: gadget: Rewrite endpoint allocation flow (stable-fixes). - usb: dwc3: xilinx: make sure pipe clock is deselected in usb2 only mode (git-fixes). - usb: ehci-hcd: fix call balance of clocks handling routines (git-fixes). - usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer (git-fixes). - usb: host: max3421-hcd: Correctly abort a USB request (git-fixes). - usb: typec: anx7411: fix OF node reference leaks in anx7411_typec_switch_probe() (git-fixes). - usb: typec: anx7411: fix fwnode_handle reference leak (git-fixes). - usb: typec: use cleanup facility for 'altmodes_node' (stable-fixes). - vDPA/ifcvf: Fix pci_read_config_byte() return code handling (git-fixes). - vdpa/mlx5: Fix PA offset with unaligned starting iotlb map (git-fixes). - vdpa/mlx5: Fix suboptimal range on iotlb iteration (git-fixes). - vdpa: solidrun: Fix UB bug with devres (git-fixes). - vfs: fix readahead(2) on block devices (bsc#1234201). - wifi: ath5k: add PCI ID for Arcadyan devices (git-fixes). - wifi: ath5k: add PCI ID for SX76X (git-fixes). - wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() (stable-fixes). - wifi: cfg80211: sme: init n_channels before channels[] access (git-fixes). - wifi: cw1200: Fix potential NULL dereference (git-fixes). - wifi: ipw2x00: libipw_rx_any(): fix bad alignment (stable-fixes). - wifi: iwlwifi: mvm: Use the sync timepoint API in suspend (stable-fixes). - wifi: mac80211: clean up 'ret' in sta_link_apply_parameters() (stable-fixes). - wifi: mac80211: fix station NSS capability initialization order (git-fixes). - wifi: mac80211: init cnt before accessing elem in ieee80211_copy_mbssid_beacon (git-fixes). - wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one (git-fixes). - wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures (stable-fixes). - wifi: rtw89: check return value of ieee80211_probereq_get() for RNR (stable-fixes). - workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker (bsc#1235416). - writeback, cgroup: switch inodes with dirty timestamps to release dying cgwbs (bsc#1234203). - x86,amd_iommu: Replace cmpxchg_double() (bsc#1220773). - x86,intel_iommu: Replace cmpxchg_double() (bsc#1220773). - x86/hyperv: Fix hv tsc page based sched_clock for hibernation (git-fixes). - xfs: do not allocate COW extents when unsharing a hole (git-fixes). - xfs: fix sb_spino_align checks for large fsblock sizes (git-fixes). - xfs: remove unknown compat feature check in superblock write validation (git-fixes). - xfs: return from xfs_symlink_verify early on V4 filesystems (git-fixes). - xfs: sb_spino_align is not verified (git-fixes). - xhci: Add usb cold attach (CAS) as a reason to resume root hub (git-fixes). - xhci: Allow RPM on the USB controller (1022:43f7) by default (stable-fixes). - xhci: fix possible null pointer deref during xhci urb enqueue (git-fixes). Important SUSE bug 1214954 SUSE bug 1216813 SUSE bug 1220773 SUSE bug 1224095 SUSE bug 1224726 SUSE bug 1225743 SUSE bug 1225820 SUSE bug 1227445 SUSE bug 1228526 SUSE bug 1229809 SUSE bug 1230205 SUSE bug 1230697 SUSE bug 1231854 SUSE bug 1231909 SUSE bug 1231963 SUSE bug 1232193 SUSE bug 1232198 SUSE bug 1232201 SUSE bug 1232418 SUSE bug 1232419 SUSE bug 1232420 SUSE bug 1232421 SUSE bug 1232436 SUSE bug 1233038 SUSE bug 1233070 SUSE bug 1233096 SUSE bug 1233200 SUSE bug 1233204 SUSE bug 1233239 SUSE bug 1233259 SUSE bug 1233260 SUSE bug 1233324 SUSE bug 1233328 SUSE bug 1233461 SUSE bug 1233467 SUSE bug 1233469 SUSE bug 1233546 SUSE bug 1233558 SUSE bug 1233637 SUSE bug 1233642 SUSE bug 1233772 SUSE bug 1233837 SUSE bug 1234024 SUSE bug 1234069 SUSE bug 1234071 SUSE bug 1234073 SUSE bug 1234075 SUSE bug 1234076 SUSE bug 1234077 SUSE bug 1234079 SUSE bug 1234086 SUSE bug 1234139 SUSE bug 1234140 SUSE bug 1234141 SUSE bug 1234142 SUSE bug 1234143 SUSE bug 1234144 SUSE bug 1234145 SUSE bug 1234146 SUSE bug 1234147 SUSE bug 1234148 SUSE bug 1234149 SUSE bug 1234150 SUSE bug 1234153 SUSE bug 1234155 SUSE bug 1234156 SUSE bug 1234158 SUSE bug 1234159 SUSE bug 1234160 SUSE bug 1234161 SUSE bug 1234162 SUSE bug 1234163 SUSE bug 1234164 SUSE bug 1234165 SUSE bug 1234166 SUSE bug 1234167 SUSE bug 1234168 SUSE bug 1234169 SUSE bug 1234170 SUSE bug 1234171 SUSE bug 1234172 SUSE bug 1234173 SUSE bug 1234174 SUSE bug 1234175 SUSE bug 1234176 SUSE bug 1234177 SUSE bug 1234178 SUSE bug 1234179 SUSE bug 1234180 SUSE bug 1234181 SUSE bug 1234182 SUSE bug 1234183 SUSE bug 1234184 SUSE bug 1234185 SUSE bug 1234186 SUSE bug 1234187 SUSE bug 1234188 SUSE bug 1234189 SUSE bug 1234190 SUSE bug 1234191 SUSE bug 1234192 SUSE bug 1234193 SUSE bug 1234194 SUSE bug 1234195 SUSE bug 1234196 SUSE bug 1234197 SUSE bug 1234198 SUSE bug 1234199 SUSE bug 1234200 SUSE bug 1234201 SUSE bug 1234203 SUSE bug 1234204 SUSE bug 1234205 SUSE bug 1234207 SUSE bug 1234208 SUSE bug 1234209 SUSE bug 1234219 SUSE bug 1234220 SUSE bug 1234221 SUSE bug 1234237 SUSE bug 1234238 SUSE bug 1234239 SUSE bug 1234240 SUSE bug 1234241 SUSE bug 1234242 SUSE bug 1234243 SUSE bug 1234278 SUSE bug 1234279 SUSE bug 1234280 SUSE bug 1234281 SUSE bug 1234282 SUSE bug 1234294 SUSE bug 1234338 SUSE bug 1234357 SUSE bug 1234381 SUSE bug 1234454 SUSE bug 1234464 SUSE bug 1234605 SUSE bug 1234651 SUSE bug 1234652 SUSE bug 1234654 SUSE bug 1234655 SUSE bug 1234657 SUSE bug 1234658 SUSE bug 1234659 SUSE bug 1234668 SUSE bug 1234690 SUSE bug 1234725 SUSE bug 1234726 SUSE bug 1234810 SUSE bug 1234811 SUSE bug 1234826 SUSE bug 1234827 SUSE bug 1234829 SUSE bug 1234832 SUSE bug 1234834 SUSE bug 1234843 SUSE bug 1234846 SUSE bug 1234848 SUSE bug 1234853 SUSE bug 1234855 SUSE bug 1234856 SUSE bug 1234884 SUSE bug 1234889 SUSE bug 1234891 SUSE bug 1234899 SUSE bug 1234900 SUSE bug 1234905 SUSE bug 1234907 SUSE bug 1234909 SUSE bug 1234911 SUSE bug 1234912 SUSE bug 1234916 SUSE bug 1234918 SUSE bug 1234920 SUSE bug 1234921 SUSE bug 1234922 SUSE bug 1234929 SUSE bug 1234930 SUSE bug 1234937 SUSE bug 1234948 SUSE bug 1234950 SUSE bug 1234952 SUSE bug 1234960 SUSE bug 1234962 SUSE bug 1234963 SUSE bug 1234968 SUSE bug 1234969 SUSE bug 1234970 SUSE bug 1234971 SUSE bug 1234973 SUSE bug 1234974 SUSE bug 1234989 SUSE bug 1234999 SUSE bug 1235002 SUSE bug 1235003 SUSE bug 1235004 SUSE bug 1235007 SUSE bug 1235009 SUSE bug 1235016 SUSE bug 1235019 SUSE bug 1235033 SUSE bug 1235045 SUSE bug 1235056 SUSE bug 1235061 SUSE bug 1235075 SUSE bug 1235108 SUSE bug 1235128 SUSE bug 1235134 SUSE bug 1235138 SUSE bug 1235246 SUSE bug 1235406 SUSE bug 1235409 SUSE bug 1235416 SUSE bug 1235507 SUSE bug 1235550 CVE-2024-26924 at SUSE CVE-2024-26924 at NVD CVE-2024-27397 at SUSE CVE-2024-27397 at NVD CVE-2024-35839 at SUSE CVE-2024-35839 at NVD CVE-2024-36908 at SUSE CVE-2024-36908 at NVD CVE-2024-39480 at SUSE CVE-2024-39480 at NVD CVE-2024-41042 at SUSE CVE-2024-41042 at NVD CVE-2024-44934 at SUSE CVE-2024-44934 at NVD CVE-2024-44996 at SUSE CVE-2024-44996 at NVD CVE-2024-47678 at SUSE CVE-2024-47678 at NVD CVE-2024-49854 at SUSE CVE-2024-49854 at NVD CVE-2024-49884 at SUSE CVE-2024-49884 at NVD CVE-2024-49915 at SUSE CVE-2024-49915 at NVD CVE-2024-50016 at SUSE CVE-2024-50016 at NVD CVE-2024-50018 at SUSE CVE-2024-50018 at NVD CVE-2024-50039 at SUSE CVE-2024-50039 at NVD CVE-2024-50047 at SUSE CVE-2024-50047 at NVD CVE-2024-50143 at SUSE CVE-2024-50143 at NVD CVE-2024-50154 at SUSE CVE-2024-50154 at NVD CVE-2024-50202 at SUSE CVE-2024-50202 at NVD CVE-2024-50203 at SUSE CVE-2024-50203 at NVD CVE-2024-50211 at SUSE CVE-2024-50211 at NVD CVE-2024-50228 at SUSE CVE-2024-50228 at NVD CVE-2024-50256 at SUSE CVE-2024-50256 at NVD CVE-2024-50262 at SUSE CVE-2024-50262 at NVD CVE-2024-50272 at SUSE CVE-2024-50272 at NVD CVE-2024-50278 at SUSE CVE-2024-50278 at NVD CVE-2024-50280 at SUSE CVE-2024-50280 at NVD CVE-2024-53050 at SUSE CVE-2024-53050 at NVD CVE-2024-53064 at SUSE CVE-2024-53064 at NVD CVE-2024-53090 at SUSE CVE-2024-53090 at NVD CVE-2024-53099 at SUSE CVE-2024-53099 at NVD CVE-2024-53103 at SUSE CVE-2024-53103 at NVD CVE-2024-53105 at SUSE CVE-2024-53105 at NVD CVE-2024-53111 at SUSE CVE-2024-53111 at NVD CVE-2024-53113 at SUSE CVE-2024-53113 at NVD CVE-2024-53117 at SUSE CVE-2024-53117 at NVD CVE-2024-53118 at SUSE CVE-2024-53118 at NVD CVE-2024-53119 at SUSE CVE-2024-53119 at NVD CVE-2024-53120 at SUSE CVE-2024-53120 at NVD CVE-2024-53122 at SUSE CVE-2024-53122 at NVD CVE-2024-53125 at SUSE CVE-2024-53125 at NVD CVE-2024-53126 at SUSE CVE-2024-53126 at NVD CVE-2024-53127 at SUSE CVE-2024-53127 at NVD CVE-2024-53129 at SUSE CVE-2024-53129 at NVD CVE-2024-53130 at SUSE CVE-2024-53130 at NVD CVE-2024-53131 at SUSE CVE-2024-53131 at NVD CVE-2024-53133 at SUSE CVE-2024-53133 at NVD CVE-2024-53134 at SUSE CVE-2024-53134 at NVD CVE-2024-53136 at SUSE CVE-2024-53136 at NVD CVE-2024-53141 at SUSE CVE-2024-53141 at NVD CVE-2024-53142 at SUSE CVE-2024-53142 at NVD CVE-2024-53144 at SUSE CVE-2024-53144 at NVD CVE-2024-53146 at SUSE CVE-2024-53146 at NVD CVE-2024-53148 at SUSE CVE-2024-53148 at NVD CVE-2024-53150 at SUSE CVE-2024-53150 at NVD CVE-2024-53151 at SUSE CVE-2024-53151 at NVD CVE-2024-53154 at SUSE CVE-2024-53154 at NVD CVE-2024-53155 at SUSE CVE-2024-53155 at NVD CVE-2024-53156 at SUSE CVE-2024-53156 at NVD CVE-2024-53157 at SUSE CVE-2024-53157 at NVD CVE-2024-53158 at SUSE CVE-2024-53158 at NVD CVE-2024-53159 at SUSE CVE-2024-53159 at NVD CVE-2024-53160 at SUSE CVE-2024-53160 at NVD CVE-2024-53161 at SUSE CVE-2024-53161 at NVD CVE-2024-53162 at SUSE CVE-2024-53162 at NVD CVE-2024-53166 at SUSE CVE-2024-53166 at NVD CVE-2024-53169 at SUSE CVE-2024-53169 at NVD CVE-2024-53171 at SUSE CVE-2024-53171 at NVD CVE-2024-53173 at SUSE CVE-2024-53173 at NVD CVE-2024-53174 at SUSE CVE-2024-53174 at NVD CVE-2024-53179 at SUSE CVE-2024-53179 at NVD CVE-2024-53180 at SUSE CVE-2024-53180 at NVD CVE-2024-53188 at SUSE CVE-2024-53188 at NVD CVE-2024-53190 at SUSE CVE-2024-53190 at NVD CVE-2024-53191 at SUSE CVE-2024-53191 at NVD CVE-2024-53200 at SUSE CVE-2024-53200 at NVD CVE-2024-53201 at SUSE CVE-2024-53201 at NVD CVE-2024-53202 at SUSE CVE-2024-53202 at NVD CVE-2024-53206 at SUSE CVE-2024-53206 at NVD CVE-2024-53207 at SUSE CVE-2024-53207 at NVD CVE-2024-53208 at SUSE CVE-2024-53208 at NVD CVE-2024-53209 at SUSE CVE-2024-53209 at NVD CVE-2024-53210 at SUSE CVE-2024-53210 at NVD CVE-2024-53213 at SUSE CVE-2024-53213 at NVD CVE-2024-53214 at SUSE CVE-2024-53214 at NVD CVE-2024-53215 at SUSE CVE-2024-53215 at NVD CVE-2024-53216 at SUSE CVE-2024-53216 at NVD CVE-2024-53217 at SUSE CVE-2024-53217 at NVD CVE-2024-53222 at SUSE CVE-2024-53222 at NVD CVE-2024-53224 at SUSE CVE-2024-53224 at NVD CVE-2024-53229 at SUSE CVE-2024-53229 at NVD CVE-2024-53234 at SUSE CVE-2024-53234 at NVD CVE-2024-53237 at SUSE CVE-2024-53237 at NVD CVE-2024-53240 at SUSE CVE-2024-53240 at NVD CVE-2024-53241 at SUSE CVE-2024-53241 at NVD CVE-2024-56536 at SUSE CVE-2024-56536 at NVD CVE-2024-56539 at SUSE CVE-2024-56539 at NVD CVE-2024-56549 at SUSE CVE-2024-56549 at NVD CVE-2024-56551 at SUSE CVE-2024-56551 at NVD CVE-2024-56562 at SUSE CVE-2024-56562 at NVD CVE-2024-56566 at SUSE CVE-2024-56566 at NVD CVE-2024-56567 at SUSE CVE-2024-56567 at NVD CVE-2024-56576 at SUSE CVE-2024-56576 at NVD CVE-2024-56582 at SUSE CVE-2024-56582 at NVD CVE-2024-56599 at SUSE CVE-2024-56599 at NVD CVE-2024-56604 at SUSE CVE-2024-56604 at NVD CVE-2024-56605 at SUSE CVE-2024-56605 at NVD CVE-2024-56645 at SUSE CVE-2024-56645 at NVD CVE-2024-56667 at SUSE CVE-2024-56667 at NVD CVE-2024-56752 at SUSE CVE-2024-56752 at NVD CVE-2024-56754 at SUSE CVE-2024-56754 at NVD CVE-2024-56755 at SUSE CVE-2024-56755 at NVD CVE-2024-56756 at SUSE CVE-2024-56756 at NVD CVE-2024-8805 at SUSE CVE-2024-8805 at NVD cpe:/o:opensuse:leap:15.6 Security update for augeas (Low) openSUSE Leap 15.6 This update for augeas fixes the following issues: - CVE-2025-2588: Check for NULL pointers when calling re_case_expand in function fa_expand_nocase. (bsc#1239909) Low SUSE bug 1239909 CVE-2025-2588 at SUSE CVE-2025-2588 at NVD cpe:/o:opensuse:leap:15.6 Security update for tomcat10 (Important) openSUSE Leap 15.6 This update for tomcat10 fixes the following issues: Update to Tomcat 10.1.40 - CVE-2025-31650: invalid priority field values should be ignored (bsc#1242008) - CVE-2025-31651: Better handling of URLs with literal ';' and '?' (bsc#1242009) Full changelog: https://tomcat.apache.org/tomcat-10.1-doc/changelog.html Important SUSE bug 1242008 SUSE bug 1242009 CVE-2025-31650 at SUSE CVE-2025-31650 at NVD CVE-2025-31651 at SUSE CVE-2025-31651 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820). - CVE-2024-27397: netfilter: nf_tables: use timestamp to check for set element timeout (bsc#1224095). - CVE-2024-35839: kABI fix for netfilter: bridge: replace physindev with physinif in nf_bridge_info (bsc#1224726). - CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758). - CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526). - CVE-2024-44934: net: bridge: mcast: wait for previous gc cycles when removing port (bsc#1229809). - CVE-2024-44996: vsock: fix recursive ->recvmsg calls (bsc#1230205). - CVE-2024-47678: icmp: change the order of rate limits (bsc#1231854). - CVE-2024-50018: net: napi: Prevent overflow of napi_defer_hard_irqs (bsc#1232419). - CVE-2024-50039: kABI: Restore deleted EXPORT_SYMBOL(__qdisc_calculate_pkt_len) (bsc#1231909). - CVE-2024-50202: nilfs2: propagate directory read errors from nilfs_find_entry() (bsc#1233324). - CVE-2024-50256: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (bsc#1233200). - CVE-2024-50262: bpf: Fix out-of-bounds write in trie_get_next_key() (bsc#1233239). - CVE-2024-50278, CVE-2024-50280: dm cache: fix flushing uninitialized delayed_work on cache_ctr error (bsc#1233467 bsc#1233469). - CVE-2024-50278: dm cache: fix potential out-of-bounds access on the first resume (bsc#1233467). - CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468). - CVE-2024-53050: drm/i915/hdcp: Add encoder check in hdcp2_get_capability (bsc#1233546). - CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558 bsc#1234464). - CVE-2024-53090: afs: Fix lock recursion (bsc#1233637). - CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642). - CVE-2024-53099: bpf: Check validity of link->type in bpf_link_show_fdinfo() (bsc#1233772). - CVE-2024-53105: mm: page_alloc: move mlocked flag clearance into free_pages_prepare() (bsc#1234069). - CVE-2024-53111: mm/mremap: fix address wraparound in move_page_tables() (bsc#1234086). - CVE-2024-53113: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (bsc#1234077). - CVE-2024-53117: virtio/vsock: Improve MSG_ZEROCOPY error handling (bsc#1234079). - CVE-2024-53118: vsock: Fix sk_error_queue memory leak (bsc#1234071). - CVE-2024-53119: virtio/vsock: Fix accept_queue memory leak (bsc#1234073). - CVE-2024-53122: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (bsc#1234076). - CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156). - CVE-2024-53130: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (bsc#1234219). - CVE-2024-53131: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (bsc#1234220). - CVE-2024-53133: drm/amd/display: Handle dml allocation failure to avoid crash (bsc#1234221) - CVE-2024-53134: pmdomain: imx93-blk-ctrl: correct remove path (bsc#1234159). - CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381). - CVE-2024-53160: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu (bsc#1234810). - CVE-2024-53161: EDAC/bluefield: Fix potential integer overflow (bsc#1234856). - CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921). - CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004). - CVE-2024-53216: nfsd: fix UAF when access ex_uuid or ex_stats (bsc#1235003). - CVE-2024-53222: zram: fix NULL pointer in comp_algorithm_show() (bsc#1234974). - CVE-2024-53234: erofs: handle NONHEAD !delta[1] lclusters gracefully (bsc#1235045). - CVE-2024-53240: xen/netfront: fix crash when removing device (XSA-465 bsc#1234281). - CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282). - CVE-2024-56549: cachefiles: Fix NULL pointer dereference in object->file (bsc#1234912). - CVE-2024-56566: mm/slub: Avoid list corruption when removing a slab from the full list (bsc#1235033). - CVE-2024-56582: btrfs: fix use-after-free in btrfs_encoded_read_endio() (bsc#1235128). - CVE-2024-56599: wifi: ath10k: avoid NULL pointer error during sdio remove (bsc#1235138). - CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056). - CVE-2024-56755: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING (bsc#1234920). The following non-security bugs were fixed: - 9p: v9fs_fid_find: also lookup by inode if not found dentry (git-fixes). - ACPI/HMAT: Move HMAT messages to pr_debug() (bsc#1234294) - ACPI: PRM: Add PRM handler direct call support (jsc#PED-10467). - ACPI: resource: Fix memory resource type union access (git-fixes). - ACPI: x86: Add skip i2c clients quirk for Acer Iconia One 8 A1-840 (stable-fixes). - ACPI: x86: Clean up Asus entries in acpi_quirk_skip_dmi_ids[] (stable-fixes). - ACPI: x86: Make UART skip quirks work on PCI UARTs without an UID (stable-fixes). - ACPICA: events/evxfregn: do not release the ContextMutex that was never acquired (git-fixes). - ALSA hda/realtek: Add quirk for Framework F111:000C (stable-fixes). - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes). - ALSA: hda/realtek: Fix headset mic on Acer Nitro 5 (stable-fixes). - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes). - ALSA: line6: Fix racy access to midibuf (stable-fixes). - ALSA: seq: Check UMP support for midi_version change (git-fixes). - ALSA: seq: oss: Fix races at processing SysEx messages (stable-fixes). - ALSA: seq: ump: Fix seq port updates per FB info notify (git-fixes). - ALSA: seq: ump: Use automatic cleanup of kfree() (stable-fixes). - ALSA: seq: ump: Use guard() for locking (stable-fixes). - ALSA: usb-audio: Add implicit feedback quirk for Yamaha THR5 (stable-fixes). - ALSA: usb-audio: Notify xrun for low-latency mode (git-fixes). - ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes). - ALSA: usb-audio: US16x08: Initialize array before use (git-fixes). - ASoC: Intel: sof_sdw: add quirk for Dell SKU 0B8C (stable-fixes). - ASoC: Intel: sof_sdw: fix jack detection on ADL-N variant RVP (stable-fixes). - ASoC: SOF: Remove libraries from topology lookups (git-fixes). - ASoC: amd: yc: Add a quirk for microfone on Lenovo ThinkPad P14s Gen 5 21MES00B00 (stable-fixes). - ASoC: amd: yc: Add quirk for microphone on Lenovo Thinkpad T14s Gen 6 21M1CTO1WW (stable-fixes). - ASoC: amd: yc: Fix the wrong return value (git-fixes). - ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes). - ASoC: amd: yc: fix internal mic on Redmi G 2022 (stable-fixes). - ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes). - ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes). - ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes). - ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes). - ASoC: hdmi-codec: reorder channel allocation list (stable-fixes). - ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes). - ASoC: nau8822: Lower debug print priority (stable-fixes). - Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() (stable-fixes). - Bluetooth: ISO: Reassociate a socket with an active BIS (stable-fixes). - Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (stable-fixes). - Bluetooth: MGMT: Fix possible deadlocks (git-fixes). - Bluetooth: SCO: Add support for 16 bits transparent voice setting (git-fixes). - Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables (stable-fixes). - Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet (stable-fixes). - Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating (git-fixes). - Bluetooth: iso: Fix recursive locking warning (git-fixes). - Documentation: PM: Clarify pm_runtime_resume_and_get() return value (git-fixes). - Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (git-fixes). - HID: magicmouse: Apple Magic Trackpad 2 USB-C driver support (stable-fixes). - NFS/pnfs: Fix a live lock between recalled layouts and layoutget (git-fixes). - NFSD: Async COPY result needs to return a write verifier (git-fixes). - NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() (git-fixes). - NFSD: Fix nfsd4_shutdown_copy() (git-fixes). - NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (git-fixes). - NFSD: Prevent a potential integer overflow (git-fixes). - NFSD: Remove a never-true comparison (git-fixes). - NFSD: initialize copy->cp_clp early in nfsd4_copy for use by trace point (git-fixes). - NFSv4.0: Fix a use-after-free problem in the asynchronous open() (git-fixes). - Octeontx2-pf: Free send queue buffers incase of leaf to inner (git-fixes). - PCI/AER: Disable AER service on suspend (stable-fixes). - PCI/MSI: Handle lack of irqdomain gracefully (git-fixes). - PCI: Add 'reset_subordinate' to reset hierarchy below bridge (stable-fixes). - PCI: Add ACS quirk for Broadcom BCM5760X NIC (stable-fixes). - PCI: Add ACS quirk for Wangxun FF5xxx NICs (stable-fixes). - PCI: Add T_PERST_CLK_US macro (git-fixes). - PCI: Detect and trust built-in Thunderbolt chips (stable-fixes). - PCI: Fix use-after-free of slot->bus on hot remove (stable-fixes). - PCI: Use preserve_config in place of pci_flags (stable-fixes). - PCI: cadence: Extract link setup sequence from cdns_pcie_host_setup() (stable-fixes). - PCI: cadence: Set cdns_pcie_host_init() global (stable-fixes). - PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads (stable-fixes). - PCI: j721e: Add PCIe 4x lane selection support (stable-fixes). - PCI: j721e: Add per platform maximum lane settings (stable-fixes). - PCI: j721e: Add reset GPIO to struct j721e_pcie (stable-fixes). - PCI: j721e: Add suspend and resume support (git-fixes). - PCI: j721e: Use T_PERST_CLK_US macro (git-fixes). - PCI: qcom: Add support for IPQ9574 (stable-fixes). - PCI: vmd: Add DID 8086:B06F and 8086:B60B for Intel client SKUs (stable-fixes). - PCI: vmd: Set devices to D0 before enabling PM L1 Substates (stable-fixes). - RAS/AMD/ATL: Translate normalized to system physical addresses using PRM (jsc#PED-10467). - RDMA/bnxt_re: Add check for path mtu in modify_qp (git-fixes) - RDMA/bnxt_re: Avoid initializing the software queue for user queues (git-fixes) - RDMA/bnxt_re: Avoid sending the modify QP workaround for latest adapters (git-fixes) - RDMA/bnxt_re: Disable use of reserved wqes (git-fixes) - RDMA/bnxt_re: Fix max_qp_wrs reported (git-fixes) - RDMA/bnxt_re: Fix reporting hw_ver in query_device (git-fixes) - RDMA/bnxt_re: Fix the check for 9060 condition (git-fixes) - RDMA/bnxt_re: Fix the locking while accessing the QP table (git-fixes) - RDMA/bnxt_re: Remove always true dattr validity check (git-fixes) - RDMA/core: Fix ENODEV error for iWARP test over vlan (git-fixes) - RDMA/hns: Fix accessing invalid dip_ctx during destroying QP (git-fixes) - RDMA/hns: Fix mapping error of zero-hop WQE buffer (git-fixes) - RDMA/hns: Fix missing flush CQE for DWQE (git-fixes) - RDMA/hns: Fix warning storm caused by invalid input in IO path (git-fixes) - RDMA/mlx5: Enforce same type port association for multiport RoCE (git-fixes) - RDMA/rtrs: Ensure 'ib_sge list' is accessible (git-fixes) - RDMA/uverbs: Prevent integer overflow issue (git-fixes) - Revert 'block/mq-deadline: use correct way to throttling write requests' (bsc#1234146). - Revert 'btrfs: fix use-after-free waiting for encoded read endios (bsc#1235128)' - Revert 'igb: Disable threaded IRQ for igb_msix_other' (git-fixes). - Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' (bsc#1230413) - Revert 'mm/sparsemem: fix race in accessing memory_section->usage' (bsc#1230413) - Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' (bsc#1230413) - Revert 'unicode: Do not special case ignorable code points' (stable-fixes). - SUNRPC: make sure cache entry active before cache_show (git-fixes). - SUNRPC: timeout and cancel TLS handshake with -ETIMEDOUT (git-fixes). - USB: serial: option: add MediaTek T7XX compositions (stable-fixes). - USB: serial: option: add MeiG Smart SLM770A (stable-fixes). - USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready (stable-fixes). - USB: serial: option: add TCL IK512 MBIM & ECM (stable-fixes). - USB: serial: option: add Telit FE910C04 rmnet compositions (stable-fixes). - accel/habanalabs/gaudi2: unsecure tpc count registers (stable-fixes). - accel/habanalabs: export dma-buf only if size/offset multiples of PAGE_SIZE (stable-fixes). - accel/habanalabs: fix debugfs files permissions (stable-fixes). - accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings (stable-fixes). - acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl (git-fixes). - af_unix: Call manage_oob() for every skb in unix_stream_read_generic() (bsc#1234725). - afs: Automatically generate trace tag enums (git-fixes). - afs: Fix missing subdir edit when renamed between parent dirs (git-fixes). - amdgpu/uvd: get ring reference from rq scheduler (git-fixes). - arch: Introduce arch_{,try_}_cmpxchg128{,_local}() (bsc#1220773). - arch: Remove cmpxchg_double (bsc#1220773). - arch: consolidate arch_irq_work_raise prototypes (git-fixes). - arm64: Ensure bits ASID[15:8] are masked out when the kernel uses (bsc#1234605) - arm64: Force position-independent veneers (git-fixes). - arm64: dts: imx8mp: correct sdhc ipg clk (git-fixes). - autofs: fix memory leak of waitqueues in autofs_catatonic_mode (git-fixes). - batman-adv: Do not let TT changes list grows indefinitely (git-fixes). - batman-adv: Do not send uninitialized TT changes (git-fixes). - batman-adv: Remove uninitialized data in full table TT response (git-fixes). - blk-cgroup: Fix UAF in blkcg_unpin_online() (bsc#1234726). - blk-core: use pr_warn_ratelimited() in bio_check_ro() (bsc#1234139). - blk-iocost: Fix an UBSAN shift-out-of-bounds warning (bsc#1234144). - blk-iocost: do not WARN if iocg was already offlined (bsc#1234147). - blk-throttle: fix lockdep warning of 'cgroup_mutex or RCU read lock required!' (bsc#1234140). - block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator() (bsc#1234149). - block, bfq: do not break merge chain in bfq_split_bfqq() (bsc#1234150). - block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234160). - block, bfq: fix procress reference leakage for bfqq in merge chain (bsc#1234280). - block, bfq: fix uaf for accessing waker_bfqq after splitting (bsc#1234279). - block/mq-deadline: Fix the tag reservation code (bsc#1234148). - block: Call .limit_depth() after .hctx has been set (bsc#1234148). - block: Fix where bio IO priority gets set (bsc#1234145). - block: prevent an integer overflow in bvec_try_merge_hw_page (bsc#1234142). - block: update the stable_writes flag in bdev_add (bsc#1234141). - bnxt_en: Fix receive ring space parameters when XDP is active (git-fixes). - bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down (git-fixes). - bnxt_en: Set backplane link modes correctly for ethtool (git-fixes). - bpf, x86: Fix PROBE_MEM runtime load check (git-fixes). - bpf: verifier: prevent userspace memory access (git-fixes). - btrfs: fix use-after-free waiting for encoded read endios (bsc#1235128) - can: gs_usb: add VID/PID for Xylanta SAINT3 product family (stable-fixes). - can: j1939: fix error in J1939 documentation (stable-fixes). - checkpatch: always parse orig_commit in fixes tag (git-fixes). - checkpatch: check for missing Fixes tags (stable-fixes). - clocksource/drivers/timer-ti-dm: Fix child node refcount handling (git-fixes). - clocksource/drivers:sp804: Make user selectable (git-fixes). - counter: stm32-timer-cnt: Add check for clk_enable() (git-fixes). - counter: ti-ecap-capture: Add check for clk_enable() (git-fixes). - crypto: qat - disable IOV in adf_dev_stop() (git-fixes). - crypto: x86/sha256 - Add parentheses around macros' single arguments (stable-fixes). - cyrpto/b128ops: Remove struct u128 (bsc#1220773). - devlink: Fix length of eswitch inline-mode (git-fixes). - dma-buf: fix dma_fence_array_signaled v4 (stable-fixes). - dma-debug: fix a possible deadlock on radix_lock (stable-fixes). - dmaengine: apple-admac: Avoid accessing registers in probe (git-fixes). - dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset (git-fixes). - dmaengine: dw: Select only supported masters for ACPI devices (git-fixes). - dmaengine: idxd: Check for driver name match before sva user feature (bsc#1234357). - dmaengine: mv_xor: fix child node refcount handling in early exit (git-fixes). - dmaengine: tegra: Return correct DMA status when paused (git-fixes). - driver core: Add FWLINK_FLAG_IGNORE to completely ignore a fwnode link (stable-fixes). - driver core: fw_devlink: Improve logs for cycle detection (stable-fixes). - driver core: fw_devlink: Stop trying to optimize cycle detection logic (git-fixes). - drivers: net: ionic: add missed debugfs cleanup to ionic_probe() error path (git-fixes). - drm/amd/display: Add HDR workaround for specific eDP (stable-fixes). - drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw (stable-fixes). - drm/amd/display: Allow backlight to go below `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT` (stable-fixes). - drm/amd/display: Avoid overflow assignment in link_dp_cts (stable-fixes). - drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination (stable-fixes). - drm/amd/display: Revert Avoid overflow assignment (stable-fixes). - drm/amd/display: Use gpuvm_min_page_size_kbytes for DML2 surfaces (stable-fixes). - drm/amd/pm: fix the high voltage issue after unload (stable-fixes). - drm/amd/pm: update current_socclk and current_uclk in gpu_metrics on smu v13.0.7 (stable-fixes). - drm/amdgpu/gfx10: use rlc safe mode for soft recovery (stable-fixes). - drm/amdgpu/gfx11: use rlc safe mode for soft recovery (stable-fixes). - drm/amdgpu/gfx9: properly handle error ints on all pipes (stable-fixes). - drm/amdgpu/gfx9: use rlc safe mode for soft recovery (stable-fixes). - drm/amdgpu/hdp5.2: do a posting read when flushing HDP (stable-fixes). - drm/amdgpu/pm: Remove gpu_od if it's an empty directory (stable-fixes). - drm/amdgpu/umsch: do not execute umsch test when GPU is in reset/suspend (stable-fixes). - drm/amdgpu/umsch: reinitialize write pointer in hw init (stable-fixes). - drm/amdgpu/vcn: reset fw_shared when VCPU buffers corrupted on vcn v4.0.3 (stable-fixes). - drm/amdgpu: Block MMR_READ IOCTL in reset (stable-fixes). - drm/amdgpu: Dereference the ATCS ACPI buffer (stable-fixes). - drm/amdgpu: add raven1 gfxoff quirk (stable-fixes). - drm/amdgpu: add smu 14.0.1 discovery support (stable-fixes). - drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts for vega20_ih (stable-fixes). - drm/amdgpu: differentiate external rev id for gfx 11.5.0 (stable-fixes). - drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit (stable-fixes). - drm/amdgpu: do not access invalid sched (git-fixes). - drm/amdgpu: enable gfxoff quirk on HP 705G4 (stable-fixes). - drm/amdgpu: fix unchecked return value warning for amdgpu_gfx (stable-fixes). - drm/amdgpu: fix usage slab after free (stable-fixes). - drm/amdgpu: prevent BO_HANDLES error from being overwritten (git-fixes). - drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr (stable-fixes). - drm/amdgpu: set the right AMDGPU sg segment limitation (stable-fixes). - drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov (stable-fixes). - drm/amdkfd: Fix resource leak in criu restore queue (stable-fixes). - drm/amdkfd: Use device based logging for errors (stable-fixes). - drm/amdkfd: Use the correct wptr size (stable-fixes). - drm/amdkfd: pause autosuspend when creating pdd (stable-fixes). - drm/bridge: adv7511_audio: Update Audio InfoFrame properly (git-fixes). - drm/bridge: it6505: Enable module autoloading (stable-fixes). - drm/bridge: it6505: Fix inverted reset polarity (git-fixes). - drm/bridge: it6505: update usleep_range for RC circuit charge time (stable-fixes). - drm/display: Fix building with GCC 15 (stable-fixes). - drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (stable-fixes). - drm/dp_mst: Fix MST sideband message body length check (stable-fixes). - drm/dp_mst: Fix resetting msg rx state after topology removal (git-fixes). - drm/dp_mst: Verify request type in the corresponding down message reply (stable-fixes). - drm/etnaviv: flush shader L1 cache after user commandstream (stable-fixes). - drm/i915/dg1: Fix power gate sequence (git-fixes). - drm/i915: Fix NULL pointer dereference in capture_engine (git-fixes). - drm/i915: Fix memory leak by correcting cache object name in error handler (git-fixes). - drm/mcde: Enable module autoloading (stable-fixes). - drm/modes: Avoid divide by zero harder in drm_mode_vrefresh() (stable-fixes). - drm/nouveau/gsp: Use the sg allocator for level 2 of radix3 (stable-fixes). - drm/panel: novatek-nt35950: fix return value check in nt35950_probe() (git-fixes). - drm/panel: simple: Add Microchip AC69T88A LVDS Display panel (stable-fixes). - drm/printer: Allow NULL data in devcoredump printer (stable-fixes). - drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() (stable-fixes). - drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check() (stable-fixes). - drm/radeon: Fix spurious unplug event on radeon HDMI (git-fixes). - drm/radeon: add helper rdev_to_drm(rdev) (stable-fixes). - drm/radeon: change rdev->ddev to rdev_to_drm(rdev) (stable-fixes). - drm/sched: memset() 'job' in drm_sched_job_init() (stable-fixes). - drm/vc4: hdmi: Avoid log spam for audio start failure (stable-fixes). - drm/vc4: hvs: Set AXI panic modes for the HVS (stable-fixes). - drm: adv7511: Drop dsi single lane support (git-fixes). - drm: adv7511: Fix use-after-free in adv7533_attach_dsi() (git-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model (stable-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO Founder edition (stable-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO GEEK (stable-fixes). - drm: panel-orientation-quirks: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes). - erofs: avoid debugging output for (de)compressed data (git-fixes). - exfat: fix uninit-value in __exfat_get_dentry_set (git-fixes). - ext4: add a new helper to check if es must be kept (bsc#1234170). - ext4: add correct group descriptors and reserved GDT blocks to system zone (bsc#1234164). - ext4: add missed brelse in update_backups (bsc#1234171). - ext4: allow for the last group to be marked as trimmed (bsc#1234278). - ext4: avoid buffer_head leak in ext4_mark_inode_used() (bsc#1234191). - ext4: avoid excessive credit estimate in ext4_tmpfile() (bsc#1234180). - ext4: avoid negative min_clusters in find_group_orlov() (bsc#1234193). - ext4: avoid overlapping preallocations due to overflow (bsc#1234162). - ext4: avoid potential buffer_head leak in __ext4_new_inode() (bsc#1234192). - ext4: avoid writing unitialized memory to disk in EA inodes (bsc#1234187). - ext4: check the extent status again before inserting delalloc block (bsc#1234186). - ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard (bsc#1234190). - ext4: convert to exclusive lock while inserting delalloc extents (bsc#1234178). - ext4: correct best extent lstart adjustment logic (bsc#1234179). - ext4: correct grp validation in ext4_mb_good_group (bsc#1234163). - ext4: correct return value of ext4_convert_meta_bg (bsc#1234172). - ext4: correct the hole length returned by ext4_map_blocks() (bsc#1234178). - ext4: correct the start block of counting reserved clusters (bsc#1234169). - ext4: do not let fstrim block system suspend (https://bugzilla.kernel.org/show_bug.cgi?id=216322 bsc#1234166). - ext4: do not trim the group with corrupted block bitmap (bsc#1234177). - ext4: factor out __es_alloc_extent() and __es_free_extent() (bsc#1234170). - ext4: factor out a common helper to query extent map (bsc#1234186). - ext4: fix inconsistent between segment fstrim and full fstrim (bsc#1234176). - ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space() (bsc#1234188). - ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit() (bsc#1234188). - ext4: fix incorrect tid assumption in jbd2_journal_shrink_checkpoint_list() (bsc#1234188). - ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954). - ext4: fix potential unnitialized variable (bsc#1234183). - ext4: fix race between writepages and remount (bsc#1234168). - ext4: fix rec_len verify error (bsc#1234167). - ext4: fix slab-use-after-free in ext4_es_insert_extent() (bsc#1234170). - ext4: fix uninitialized variable in ext4_inlinedir_to_tree (bsc#1234185). - ext4: forbid commit inconsistent quota data when errors=remount-ro (bsc#1234178). - ext4: make ext4_es_insert_delayed_block() return void (bsc#1234170). - ext4: make ext4_es_insert_extent() return void (bsc#1234170). - ext4: make ext4_es_remove_extent() return void (bsc#1234170). - ext4: make ext4_zeroout_es() return void (bsc#1234170). - ext4: make sure allocate pending entry not fail (bsc#1234170). - ext4: mark buffer new if it is unwritten to avoid stale data exposure (bsc#1234175). - ext4: move 'ix' sanity check to corrent position (bsc#1234174). - ext4: move setting of trimmed bit into ext4_try_to_trim_range() (bsc#1234165). - ext4: nested locking for xattr inode (bsc#1234189). - ext4: propagate errors from ext4_find_extent() in ext4_insert_range() (bsc#1234194). - ext4: refactor ext4_da_map_blocks() (bsc#1234178). - ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks (bsc#1234173). - ext4: remove the redundant folio_wait_stable() (bsc#1234184). - ext4: set the type of max_zeroout to unsigned int to avoid overflow (bsc#1234182). - ext4: set type of ac_groups_linear_remaining to __u32 to avoid overflow (bsc#1234181). - ext4: use pre-allocated es in __es_insert_extent() (bsc#1234170). - ext4: use pre-allocated es in __es_remove_extent() (bsc#1234170). - ext4: using nofail preallocation in ext4_es_insert_delayed_block() (bsc#1234170). - ext4: using nofail preallocation in ext4_es_insert_extent() (bsc#1234170). - ext4: using nofail preallocation in ext4_es_remove_extent() (bsc#1234170). - filemap: Fix bounds checking in filemap_read() (bsc#1234209). - filemap: add a per-mapping stable writes flag (bsc#1234141). - firmware: arm_scmi: Reject clear channel request on A2P (stable-fixes). - fs-writeback: do not requeue a clean inode having skipped pages (bsc#1234200). - fs/writeback: bail out if there is no more inodes for IO and queued once (bsc#1234207). - fsnotify: fix sending inotify event with unexpected filename (bsc#1234198). - genirq/cpuhotplug: Retry with cpu_online_mask when migration fails (git-fixes). - genirq/cpuhotplug: Skip suspended interrupts when restoring affinity (git-fixes). - genirq/irqdesc: Honor caller provided affinity in alloc_desc() (git-fixes). - gpio: grgpio: Add NULL check in grgpio_probe (git-fixes). - gpio: grgpio: use a helper variable to store the address of ofdev->dev (stable-fixes). - hfsplus: do not query the device logical block size multiple times (git-fixes). - hvc/xen: fix console unplug (git-fixes). - hvc/xen: fix error path in xen_hvc_init() to always register frontend driver (git-fixes). - hvc/xen: fix event channel handling for secondary consoles (git-fixes). - hwmon: (nct6775) Add 665-ACE/600M-CL to ASUS WMI monitoring list (stable-fixes). - hwmon: (pmbus/core) clear faults after setting smbalert mask (git-fixes). - hwmon: (pmbus_core) Allow to hook PMBUS_SMBALERT_MASK (stable-fixes). - hwmon: (tmp513) Do not use 'proxy' headers (stable-fixes). - hwmon: (tmp513) Fix Current Register value interpretation (git-fixes). - hwmon: (tmp513) Fix interpretation of values of Shunt Voltage and Limit Registers (git-fixes). - hwmon: (tmp513) Fix interpretation of values of Temperature Result and Limit Registers (git-fixes). - hwmon: (tmp513) Simplify with dev_err_probe() (stable-fixes). - hwmon: (tmp513) Use SI constants from units.h (stable-fixes). - i2c: imx: add imx7d compatible string for applying erratum ERR007805 (git-fixes). - i2c: microchip-core: actually use repeated sends (git-fixes). - i2c: microchip-core: fix 'ghost' detections (git-fixes). - i2c: pnx: Fix timeout in wait functions (git-fixes). - i2c: riic: Always round-up when calculating bus period (git-fixes). - i40e: Fix handling changed priv flags (git-fixes). - i915/guc: Accumulate active runtime on gt reset (git-fixes). - i915/guc: Ensure busyness counter increases motonically (git-fixes). - i915/guc: Reset engine utilization buffer before registration (git-fixes). - ice: Unbind the workqueue (bsc#1234989) - ice: change q_index variable type to s16 to store -1 value (git-fixes). - ice: consistently use q_idx in ice_vc_cfg_qs_msg() (git-fixes). - ice: fix PHY Clock Recovery availability check (git-fixes). - idpf: add support for SW triggered interrupts (bsc#1235507). - idpf: enable WB_ON_ITR (bsc#1235507). - idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507). - igb: Fix potential invalid memory access in igb_init_module() (git-fixes). - iio: magnetometer: yas530: use signed integer type for clamp limits (git-fixes). - instrumentation: Wire up cmpxchg128() (bsc#1220773). - io_uring/rw: avoid punting to io-wq directly (git-fixes). - io_uring/tctx: work around xa_store() allocation error issue (git-fixes). - io_uring: Fix registered ring file refcount leak (git-fixes). - io_uring: always lock __io_cqring_overflow_flush (git-fixes). - io_uring: check if iowq is killed before queuing (git-fixes). - iommu/io-pgtable-arm: Fix stage-2 map/unmap for concatenated tables (git-fixes). - irqflags: Explicitly ignore lockdep_hrtimer_exit() argument (git-fixes). - isofs: handle CDs with bad root inode but good Joliet root directory (bsc#1234199). - ixgbe: downgrade logging of unsupported VF API version to debug (git-fixes). - ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5 (git-fixes). - jffs2: Fix rtime decompressor (git-fixes). - jffs2: Prevent rtime decompress memory corruption (git-fixes). - jffs2: fix use of uninitialized variable (git-fixes). - jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree (git-fixes). - jfs: array-index-out-of-bounds fix in dtReadFirst (git-fixes). - jfs: fix array-index-out-of-bounds in jfs_readdir (git-fixes). - jfs: fix shift-out-of-bounds in dbSplit (git-fixes). - jfs: xattr: check invalid xattr size more strictly (git-fixes). - kABI workaround for struct drm_dp_mst_topology_mgr (git-fixes). - kabi/severities: make vcap_find_actionfield PASS (bsc#1220773) - kasan: make report_lock a raw spinlock (git-fixes). - kdb: Fix buffer overflow during tab-complete (bsc#1234652). - kdb: Fix console handling when editing and tab-completing commands (bsc#1234655). - kdb: Merge identical case statements in kdb_read() (bsc#1234657). - kdb: Use format-specifiers rather than memset() for padding in kdb_read() (bsc#1234658). - kdb: Use format-strings rather than '\0' injection in kdb_read() (bsc#1234654). - kdb: Use the passed prompt in kdb_position_cursor() (bsc#1234654). - kdb: address -Wformat-security warnings (bsc#1234659). - kgdb: Flush console before entering kgdb on panic (bsc#1234651). - leds: class: Protect brightness_show() with led_cdev->led_access mutex (stable-fixes). - linux/dmaengine.h: fix a few kernel-doc warnings (git-fixes). - locking/atomic/x86: Correct the definition of __arch_try_cmpxchg128() (bsc#1220773 git-fix). - loop: fix the the direct I/O support check when used on top of block devices (bsc#1234143). - mac80211: fix user-power when emulating chanctx (stable-fixes). - media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108 (stable-fixes). - media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg (git-fixes). - media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera (stable-fixes). - media: uvcvideo: RealSense D421 Depth module metadata (stable-fixes). - mfd: da9052-spi: Change read-mask to write-mask (git-fixes). - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices (git-fixes). - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device (git-fixes). - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device (git-fixes). - mm/filemap: avoid buffered read/write race to read inconsistent data (bsc#1234204). - mm/readahead: do not allow order-1 folio (bsc#1234205). - mm/readahead: limit page cache size in page_cache_ra_order() (bsc#1234208). - mmc: core: Add SD card quirk for broken poweroff notification (stable-fixes). - mmc: mtk-sd: Fix MMC_CAP2_CRYPTO flag setting (git-fixes). - mmc: mtk-sd: fix devm_clk_get_optional usage (stable-fixes). - mmc: sdhci-esdhc-imx: enable quirks SDHCI_QUIRK_NO_LED (stable-fixes). - mmc: sdhci-pci: Add DMI quirk for missing CD GPIO on Vexia Edu Atla 10 tablet (stable-fixes). - mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk (git-fixes). - mtd: diskonchip: Cast an operand to prevent potential overflow (git-fixes). - mtd: hyperbus: rpc-if: Add missing MODULE_DEVICE_TABLE (git-fixes). - mtd: hyperbus: rpc-if: Convert to platform remove callback returning void (stable-fixes). - mtd: rawnand: arasan: Fix double assertion of chip-select (git-fixes). - mtd: rawnand: arasan: Fix missing de-registration of NAND (git-fixes). - mtd: rawnand: fix double free in atmel_pmecc_create_user() (git-fixes). - net :mana :Request a V2 response version for MANA_QUERY_GF_STAT (git-fixes). - net/ipv6: release expired exception dst cached in socket (bsc#1216813). - net/mlx5e: CT: Fix null-ptr-deref in add rule err flow (git-fixes). - net/mlx5e: Remove workaround to avoid syndrome for internal port (git-fixes). - net/mlx5e: clear xdp features on non-uplink representors (git-fixes). - net/qed: allow old cards not supporting 'num_images' to work (git-fixes). - net: Return error from sk_stream_wait_connect() if sk_wait_event() fails (git-fixes). - net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246). - net: usb: qmi_wwan: add Quectel RG650V (stable-fixes). - nfs: ignore SB_RDONLY when mounting nfs (git-fixes). - nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur (git-fixes). - nfsd: make sure exp active before svc_export_show (git-fixes). - nfsd: release svc_expkey/svc_export with rcu_work (git-fixes). - nfsd: restore callback functionality for NFSv4.0 (git-fixes). - nilfs2: fix buffer head leaks in calls to truncate_inode_pages() (git-fixes). - nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (git-fixes). - nilfs2: prevent use of deleted inode (git-fixes). - nvme-pci: 512 byte aligned dma pool segment quirk (git-fixes). - nvme-rdma: unquiesce admin_q before destroy it (git-fixes). - nvme-tcp: fix the memleak while create new ctrl failed (git-fixes). - nvme/multipath: Fix RCU list traversal to use SRCU primitive (git-fixes). - nvme: apple: fix device reference counting (git-fixes). - nvme: fix metadata handling in nvme-passthrough (git-fixes). - nvmet-loop: avoid using mutex in IO hotpath (git-fixes). - ocfs2: fix uninitialized value in ocfs2_file_read_iter() (git-fixes). - ocfs2: free inode when ocfs2_get_init_inode() fails (git-fixes). - of/irq: Fix using uninitialized variable @addr_len in API of_irq_parse_one() (git-fixes). - of: Fix error path in of_parse_phandle_with_args_map() (git-fixes). - of: Fix refcount leakage for OF node returned by __of_get_dma_parent() (git-fixes). - of: address: Report error on resource bounds overflow (stable-fixes). - parisc: Raise minimal GCC version (bsc#1220773). - parisc: Raise minimal GCC version to 12.0.0 (bsc#1220773 git-fix). - percpu: Add {raw,this}_cpu_try_cmpxchg() (bsc#1220773). - percpu: Fix self-assignment of __old in raw_cpu_generic_try_cmpxchg() (bsc#1220773 git-fix). - percpu: Wire up cmpxchg128 (bsc#1220773). - phy: core: Fix an OF node refcount leakage in _of_phy_get() (git-fixes). - phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup() (git-fixes). - phy: core: Fix that API devm_of_phy_provider_unregister() fails to unregister the phy provider (git-fixes). - phy: core: Fix that API devm_phy_destroy() fails to destroy the phy (git-fixes). - phy: core: Fix that API devm_phy_put() fails to release the phy (git-fixes). - phy: qcom-qmp: Fix register name in RX Lane config of SC8280XP (git-fixes). - phy: rockchip: naneng-combphy: fix phy reset (git-fixes). - phy: usb: Toggle the PHY power during init (git-fixes). - pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking (git-fixes). - pinctrl: qcom-pmic-gpio: add support for PM8937 (stable-fixes). - pinctrl: qcom: spmi-mpp: Add PM8937 compatible (stable-fixes). - pinmux: Use sequential access to access desc->pinmux data (stable-fixes). - platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes). - platform/x86: asus-nb-wmi: Ignore unknown event 0xCF (stable-fixes). - platform/x86: dell-smbios-base: Extends support to Alienware products (stable-fixes). - platform/x86: dell-wmi-base: Handle META key Lock/Unlock events (stable-fixes). - platform/x86: thinkpad_acpi: Fix for ThinkPad's with ECFW showing incorrect fan speed (stable-fixes). - power: supply: gpio-charger: Fix set charge current limits (git-fixes). - powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active (bsc#1235108). - proc/softirqs: replace seq_printf with seq_put_decimal_ull_width (git-fixes). - quota: Fix rcu annotations of inode dquot pointers (bsc#1234197). - quota: explicitly forbid quota files from being encrypted (bsc#1234196). - quota: flush quota_release_work upon quota writeback (bsc#1234195). - quota: simplify drop_dquot_ref() (bsc#1234197). - readahead: use ilog2 instead of a while loop in page_cache_ra_order() (bsc#1234208). - regmap: Use correct format specifier for logging range errors (stable-fixes). - regulator: rk808: Add apply_bit for BUCK3 on RK809 (stable-fixes). - rpm/kernel-binary.spec.in: fix KMPs build on 6.13+ (bsc#1234454) - rtc: cmos: avoid taking rtc_lock for extended period of time (stable-fixes). - s390/cio: Do not unregister the subchannel based on DNV (git-fixes). - s390/cpum_sf: Convert to cmpxchg128() (bsc#1220773). - s390/cpum_sf: Handle CPU hotplug remove during sampling (git-fixes). - s390/cpum_sf: Remove WARN_ON_ONCE statements (git-fixes). - s390/facility: Disable compile time optimization for decompressor code (git-fixes). - s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() (git-fixes). - s390/pageattr: Implement missing kernel_page_present() (git-fixes). - scatterlist: fix incorrect func name in kernel-doc (git-fixes). - sched/numa: fix memory leak due to the overwritten vma->numab_state (git fixes (sched/numa)). - scsi: lpfc: Add handling for LS_RJT reason explanation authentication required (bsc#1235409). - scsi: lpfc: Add support for large fw object application layer reads (bsc#1235409). - scsi: lpfc: Change lpfc_nodelist save_flags member into a bitmask (bsc#1235409). - scsi: lpfc: Copyright updates for 14.4.0.7 patches (bsc#1235409). - scsi: lpfc: Delete NLP_TARGET_REMOVE flag due to obsolete usage (bsc#1235409). - scsi: lpfc: Modify handling of ADISC based on ndlp state and RPI registration (bsc#1235409). - scsi: lpfc: Redefine incorrect type in lpfc_create_device_data() (bsc#1235409). - scsi: lpfc: Restrict the REG_FCFI MAM field to FCoE adapters only (bsc#1235409). - scsi: lpfc: Update definition of firmware configuration mbox cmds (bsc#1235409). - scsi: lpfc: Update lpfc version to 14.4.0.7 (bsc#1235409). - scsi: qla2xxx: Fix NVMe and NPIV connect issue (bsc#1235406). - scsi: qla2xxx: Fix abort in bsg timeout (bsc#1235406). - scsi: qla2xxx: Fix use after free on unload (bsc#1235406). - scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt (bsc#1235406). - scsi: qla2xxx: Remove the unused 'del_list_entry' field in struct fc_port (bsc#1235406). - scsi: qla2xxx: Supported speed displayed incorrectly for VPorts (bsc#1235406). - scsi: qla2xxx: Update version to 10.02.09.400-k (bsc#1235406). - scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes). - selftests/bpf: Test PROBE_MEM of VSYSCALL_ADDR on x86-64 (git-fixes). - serial: 8250_dw: Add Sophgo SG2044 quirk (stable-fixes). - serial: 8250_dw: Do not use struct dw8250_data outside of 8250_dw (git-fixes). - serial: 8250_dw: Replace ACPI device check by a quirk (git-fixes). - serial: 8250_fintek: Add support for F81216E (stable-fixes). - serial: Do not hold the port lock when setting rx-during-tx GPIO (git-fixes). - serial: amba-pl011: Fix RX stall when DMA is used (git-fixes). - serial: amba-pl011: Use port lock wrappers (stable-fixes). - serial: amba-pl011: fix build regression (git-fixes). - serial: do not use uninitialized value in uart_poll_init() (git-fixes). - serial: imx: only set receiver level if it is zero (git-fixes). - serial: imx: set receiver level before starting uart (git-fixes). - serial: qcom-geni: Do not cancel/abort if we can't get the port lock (git-fixes). - serial: qcom-geni: disable interrupts during console writes (git-fixes). - serial: qcom-geni: fix arg types for qcom_geni_serial_poll_bit() (git-fixes). - serial: qcom-geni: fix console corruption (git-fixes). - serial: qcom-geni: fix dma rx cancellation (git-fixes). - serial: qcom-geni: fix false console tx restart (git-fixes). - serial: qcom-geni: fix fifo polling timeout (git-fixes). - serial: qcom-geni: fix hard lockup on buffer flush (git-fixes). - serial: qcom-geni: fix polled console corruption (git-fixes). - serial: qcom-geni: fix polled console initialisation (git-fixes). - serial: qcom-geni: fix receiver enable (git-fixes). - serial: qcom-geni: fix shutdown race (git-fixes). - serial: qcom-geni: fix soft lockup on sw flow control and suspend (git-fixes). - serial: qcom-geni: introduce qcom_geni_serial_poll_bitfield() (git-fixes). - serial: qcom-geni: revert broken hibernation support (git-fixes). - serial: stm32: Return IRQ_NONE in the ISR if no handling happend (git-fixes). - serial: stm32: do not always set SER_RS485_RX_DURING_TX if RS485 is enabled (git-fixes). - slub: Replace cmpxchg_double() (bsc#1220773). - slub: Replace cmpxchg_double() - KABI fix (bsc#1220773). - smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: fix issue described in bsc#1233642] - soc/fsl: cpm: qmc: Convert to platform remove callback returning void (stable-fixes). - soc: fsl: cpm1: qmc: Fix blank line and spaces (stable-fixes). - soc: fsl: cpm1: qmc: Introduce qmc_init_resource() and its CPM1 version (stable-fixes). - soc: fsl: cpm1: qmc: Introduce qmc_{init,exit}_xcc() and their CPM1 version (stable-fixes). - soc: fsl: cpm1: qmc: Re-order probe() operations (stable-fixes). - soc: fsl: cpm1: qmc: Set the ret error code on platform_get_irq() failure (git-fixes). - soc: imx8m: Probe the SoC driver as platform driver (stable-fixes). - soc: qcom: Add check devm_kasprintf() returned value (stable-fixes). - soc: qcom: geni-se: Add M_TX_FIFO_NOT_EMPTY bit definition (git-fixes). - soc: qcom: geni-se: add GP_LENGTH/IRQ_EN_SET/IRQ_EN_CLEAR registers (git-fixes). - soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() (git-fixes). - spi: aspeed: Fix an error handling path in aspeed_spi_[read|write]_user() (git-fixes). - sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport (git-fixes). - sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (git-fixes). - sunrpc: handle -ENOTCONN in xs_tcp_setup_socket() (git-fixes). - svcrdma: Address an integer overflow (git-fixes). - svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() (git-fixes). - swiotlb: Enforce page alignment in swiotlb_alloc() (git-fixes). - swiotlb: Reinstate page-alignment for mappings >= PAGE_SIZE (git-fixes). - thermal/drivers/qcom/tsens-v1: Add support for MSM8937 tsens (stable-fixes). - tools: hv: change permissions of NetworkManager configuration file (git-fixes). - tpm/eventlog: Limit memory allocations for event logs with excessive size (bsc#1233260 bsc#1233259 bsc#1232421). - tpm_tis_spi: Release chip select when flow control fails (bsc#1234338) - tty: serial: kgdboc: Fix 8250_* kgdb over serial (git-fixes). - types: Introduce [us]128 (bsc#1220773). - ubifs: Correct the total block count by deducting journal reservation (git-fixes). - ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit (git-fixes). - udf: Fix lock ordering in udf_evict_inode() (bsc#1234238). - udf: fix uninit-value use in udf_get_fileshortad (bsc#1234243). - udf: prevent integer overflow in udf_bitmap_free_blocks() (bsc#1234239). - udf: refactor inode_bmap() to handle error (bsc#1234242). - udf: refactor udf_current_aext() to handle error (bsc#1234240). - udf: refactor udf_next_aext() to handle error (bsc#1234241). - udf: udftime: prevent overflow in udf_disk_stamp_to_time() (bsc#1234237). - usb: add support for new USB device ID 0x17EF:0x3098 for the r8152 driver (stable-fixes). - usb: cdns3-ti: Add workaround for Errata i2409 (stable-fixes). - usb: cdns3: Add quirk flag to enable suspend residency (stable-fixes). - usb: chipidea: udc: handle USB Error Interrupt if IOC not set (stable-fixes). - usb: dwc2: Fix HCD port connection race (git-fixes). - usb: dwc2: Fix HCD resume (git-fixes). - usb: dwc2: gadget: Do not write invalid mapped sg entries into dma_desc with iommu enabled (stable-fixes). - usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature (git-fixes). - usb: dwc3: ep0: Do not clear ep0 DWC3_EP_TRANSFER_STARTED (git-fixes). - usb: dwc3: ep0: Do not reset resource alloc flag (git-fixes). - usb: dwc3: ep0: Do not reset resource alloc flag (including ep0) (git-fixes). - usb: dwc3: gadget: Rewrite endpoint allocation flow (stable-fixes). - usb: dwc3: xilinx: make sure pipe clock is deselected in usb2 only mode (git-fixes). - usb: ehci-hcd: fix call balance of clocks handling routines (git-fixes). - usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer (git-fixes). - usb: host: max3421-hcd: Correctly abort a USB request (git-fixes). - usb: typec: anx7411: fix OF node reference leaks in anx7411_typec_switch_probe() (git-fixes). - usb: typec: anx7411: fix fwnode_handle reference leak (git-fixes). - usb: typec: use cleanup facility for 'altmodes_node' (stable-fixes). - vDPA/ifcvf: Fix pci_read_config_byte() return code handling (git-fixes). - vdpa/mlx5: Fix PA offset with unaligned starting iotlb map (git-fixes). - vdpa/mlx5: Fix suboptimal range on iotlb iteration (git-fixes). - vdpa: solidrun: Fix UB bug with devres (git-fixes). - vfs: fix readahead(2) on block devices (bsc#1234201). - wifi: ath5k: add PCI ID for Arcadyan devices (git-fixes). - wifi: ath5k: add PCI ID for SX76X (git-fixes). - wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() (stable-fixes). - wifi: cfg80211: sme: init n_channels before channels[] access (git-fixes). - wifi: cw1200: Fix potential NULL dereference (git-fixes). - wifi: ipw2x00: libipw_rx_any(): fix bad alignment (stable-fixes). - wifi: iwlwifi: mvm: Use the sync timepoint API in suspend (stable-fixes). - wifi: mac80211: clean up 'ret' in sta_link_apply_parameters() (stable-fixes). - wifi: mac80211: fix station NSS capability initialization order (git-fixes). - wifi: mac80211: init cnt before accessing elem in ieee80211_copy_mbssid_beacon (git-fixes). - wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one (git-fixes). - wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures (stable-fixes). - wifi: rtw89: check return value of ieee80211_probereq_get() for RNR (stable-fixes). - workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker (bsc#1235416). - writeback, cgroup: switch inodes with dirty timestamps to release dying cgwbs (bsc#1234203). - x86,amd_iommu: Replace cmpxchg_double() (bsc#1220773). - x86,intel_iommu: Replace cmpxchg_double() (bsc#1220773). - x86/hyperv: Fix hv tsc page based sched_clock for hibernation (git-fixes). - xfs: do not allocate COW extents when unsharing a hole (git-fixes). - xfs: fix sb_spino_align checks for large fsblock sizes (git-fixes). - xfs: remove unknown compat feature check in superblock write validation (git-fixes). - xfs: return from xfs_symlink_verify early on V4 filesystems (git-fixes). - xfs: sb_spino_align is not verified (git-fixes). - xhci: Add usb cold attach (CAS) as a reason to resume root hub (git-fixes). - xhci: Allow RPM on the USB controller (1022:43f7) by default (stable-fixes). - xhci: fix possible null pointer deref during xhci urb enqueue (git-fixes). Important SUSE bug 1214954 SUSE bug 1216813 SUSE bug 1220773 SUSE bug 1224095 SUSE bug 1224726 SUSE bug 1225743 SUSE bug 1225758 SUSE bug 1225820 SUSE bug 1227445 SUSE bug 1228526 SUSE bug 1229809 SUSE bug 1230205 SUSE bug 1230413 SUSE bug 1230697 SUSE bug 1231854 SUSE bug 1231909 SUSE bug 1231963 SUSE bug 1232193 SUSE bug 1232198 SUSE bug 1232201 SUSE bug 1232418 SUSE bug 1232419 SUSE bug 1232420 SUSE bug 1232421 SUSE bug 1232436 SUSE bug 1233038 SUSE bug 1233070 SUSE bug 1233096 SUSE bug 1233200 SUSE bug 1233204 SUSE bug 1233239 SUSE bug 1233259 SUSE bug 1233260 SUSE bug 1233324 SUSE bug 1233328 SUSE bug 1233461 SUSE bug 1233467 SUSE bug 1233468 SUSE bug 1233469 SUSE bug 1233546 SUSE bug 1233558 SUSE bug 1233637 SUSE bug 1233642 SUSE bug 1233772 SUSE bug 1233837 SUSE bug 1234024 SUSE bug 1234069 SUSE bug 1234071 SUSE bug 1234073 SUSE bug 1234075 SUSE bug 1234076 SUSE bug 1234077 SUSE bug 1234079 SUSE bug 1234086 SUSE bug 1234139 SUSE bug 1234140 SUSE bug 1234141 SUSE bug 1234142 SUSE bug 1234143 SUSE bug 1234144 SUSE bug 1234145 SUSE bug 1234146 SUSE bug 1234147 SUSE bug 1234148 SUSE bug 1234149 SUSE bug 1234150 SUSE bug 1234153 SUSE bug 1234155 SUSE bug 1234156 SUSE bug 1234158 SUSE bug 1234159 SUSE bug 1234160 SUSE bug 1234161 SUSE bug 1234162 SUSE bug 1234163 SUSE bug 1234164 SUSE bug 1234165 SUSE bug 1234166 SUSE bug 1234167 SUSE bug 1234168 SUSE bug 1234169 SUSE bug 1234170 SUSE bug 1234171 SUSE bug 1234172 SUSE bug 1234173 SUSE bug 1234174 SUSE bug 1234175 SUSE bug 1234176 SUSE bug 1234177 SUSE bug 1234178 SUSE bug 1234179 SUSE bug 1234180 SUSE bug 1234181 SUSE bug 1234182 SUSE bug 1234183 SUSE bug 1234184 SUSE bug 1234185 SUSE bug 1234186 SUSE bug 1234187 SUSE bug 1234188 SUSE bug 1234189 SUSE bug 1234190 SUSE bug 1234191 SUSE bug 1234192 SUSE bug 1234193 SUSE bug 1234194 SUSE bug 1234195 SUSE bug 1234196 SUSE bug 1234197 SUSE bug 1234198 SUSE bug 1234199 SUSE bug 1234200 SUSE bug 1234201 SUSE bug 1234203 SUSE bug 1234204 SUSE bug 1234205 SUSE bug 1234207 SUSE bug 1234208 SUSE bug 1234209 SUSE bug 1234219 SUSE bug 1234220 SUSE bug 1234221 SUSE bug 1234237 SUSE bug 1234238 SUSE bug 1234239 SUSE bug 1234240 SUSE bug 1234241 SUSE bug 1234242 SUSE bug 1234243 SUSE bug 1234278 SUSE bug 1234279 SUSE bug 1234280 SUSE bug 1234281 SUSE bug 1234282 SUSE bug 1234294 SUSE bug 1234338 SUSE bug 1234357 SUSE bug 1234381 SUSE bug 1234454 SUSE bug 1234464 SUSE bug 1234605 SUSE bug 1234651 SUSE bug 1234652 SUSE bug 1234654 SUSE bug 1234655 SUSE bug 1234657 SUSE bug 1234658 SUSE bug 1234659 SUSE bug 1234668 SUSE bug 1234690 SUSE bug 1234725 SUSE bug 1234726 SUSE bug 1234810 SUSE bug 1234811 SUSE bug 1234826 SUSE bug 1234827 SUSE bug 1234829 SUSE bug 1234832 SUSE bug 1234834 SUSE bug 1234843 SUSE bug 1234846 SUSE bug 1234848 SUSE bug 1234853 SUSE bug 1234855 SUSE bug 1234856 SUSE bug 1234884 SUSE bug 1234889 SUSE bug 1234891 SUSE bug 1234899 SUSE bug 1234900 SUSE bug 1234905 SUSE bug 1234907 SUSE bug 1234909 SUSE bug 1234911 SUSE bug 1234912 SUSE bug 1234916 SUSE bug 1234918 SUSE bug 1234920 SUSE bug 1234921 SUSE bug 1234922 SUSE bug 1234929 SUSE bug 1234930 SUSE bug 1234937 SUSE bug 1234948 SUSE bug 1234950 SUSE bug 1234952 SUSE bug 1234960 SUSE bug 1234962 SUSE bug 1234963 SUSE bug 1234968 SUSE bug 1234969 SUSE bug 1234970 SUSE bug 1234971 SUSE bug 1234973 SUSE bug 1234974 SUSE bug 1234989 SUSE bug 1234999 SUSE bug 1235002 SUSE bug 1235003 SUSE bug 1235004 SUSE bug 1235007 SUSE bug 1235009 SUSE bug 1235016 SUSE bug 1235019 SUSE bug 1235033 SUSE bug 1235045 SUSE bug 1235056 SUSE bug 1235061 SUSE bug 1235075 SUSE bug 1235108 SUSE bug 1235128 SUSE bug 1235134 SUSE bug 1235138 SUSE bug 1235246 SUSE bug 1235406 SUSE bug 1235409 SUSE bug 1235416 SUSE bug 1235507 SUSE bug 1235550 CVE-2024-26924 at SUSE CVE-2024-26924 at NVD CVE-2024-27397 at SUSE CVE-2024-27397 at NVD CVE-2024-35839 at SUSE CVE-2024-35839 at NVD CVE-2024-36908 at SUSE CVE-2024-36908 at NVD CVE-2024-36915 at SUSE CVE-2024-36915 at NVD CVE-2024-39480 at SUSE CVE-2024-39480 at NVD CVE-2024-41042 at SUSE CVE-2024-41042 at NVD CVE-2024-44934 at SUSE CVE-2024-44934 at NVD CVE-2024-44996 at SUSE CVE-2024-44996 at NVD CVE-2024-47678 at SUSE CVE-2024-47678 at NVD CVE-2024-49854 at SUSE CVE-2024-49854 at NVD CVE-2024-49884 at SUSE CVE-2024-49884 at NVD CVE-2024-49915 at SUSE CVE-2024-49915 at NVD CVE-2024-50016 at SUSE CVE-2024-50016 at NVD CVE-2024-50018 at SUSE CVE-2024-50018 at NVD CVE-2024-50039 at SUSE CVE-2024-50039 at NVD CVE-2024-50047 at SUSE CVE-2024-50047 at NVD CVE-2024-50143 at SUSE CVE-2024-50143 at NVD CVE-2024-50154 at SUSE CVE-2024-50154 at NVD CVE-2024-50202 at SUSE CVE-2024-50202 at NVD CVE-2024-50203 at SUSE CVE-2024-50203 at NVD CVE-2024-50211 at SUSE CVE-2024-50211 at NVD CVE-2024-50228 at SUSE CVE-2024-50228 at NVD CVE-2024-50256 at SUSE CVE-2024-50256 at NVD CVE-2024-50262 at SUSE CVE-2024-50262 at NVD CVE-2024-50272 at SUSE CVE-2024-50272 at NVD CVE-2024-50278 at SUSE CVE-2024-50278 at NVD CVE-2024-50279 at SUSE CVE-2024-50279 at NVD CVE-2024-50280 at SUSE CVE-2024-50280 at NVD CVE-2024-53050 at SUSE CVE-2024-53050 at NVD CVE-2024-53064 at SUSE CVE-2024-53064 at NVD CVE-2024-53090 at SUSE CVE-2024-53090 at NVD CVE-2024-53095 at SUSE CVE-2024-53095 at NVD CVE-2024-53099 at SUSE CVE-2024-53099 at NVD CVE-2024-53103 at SUSE CVE-2024-53103 at NVD CVE-2024-53105 at SUSE CVE-2024-53105 at NVD CVE-2024-53111 at SUSE CVE-2024-53111 at NVD CVE-2024-53113 at SUSE CVE-2024-53113 at NVD CVE-2024-53117 at SUSE CVE-2024-53117 at NVD CVE-2024-53118 at SUSE CVE-2024-53118 at NVD CVE-2024-53119 at SUSE CVE-2024-53119 at NVD CVE-2024-53120 at SUSE CVE-2024-53120 at NVD CVE-2024-53122 at SUSE CVE-2024-53122 at NVD CVE-2024-53125 at SUSE CVE-2024-53125 at NVD CVE-2024-53126 at SUSE CVE-2024-53126 at NVD CVE-2024-53127 at SUSE CVE-2024-53127 at NVD CVE-2024-53129 at SUSE CVE-2024-53129 at NVD CVE-2024-53130 at SUSE CVE-2024-53130 at NVD CVE-2024-53131 at SUSE CVE-2024-53131 at NVD CVE-2024-53133 at SUSE CVE-2024-53133 at NVD CVE-2024-53134 at SUSE CVE-2024-53134 at NVD CVE-2024-53136 at SUSE CVE-2024-53136 at NVD CVE-2024-53141 at SUSE CVE-2024-53141 at NVD CVE-2024-53142 at SUSE CVE-2024-53142 at NVD CVE-2024-53144 at SUSE CVE-2024-53144 at NVD CVE-2024-53146 at SUSE CVE-2024-53146 at NVD CVE-2024-53148 at SUSE CVE-2024-53148 at NVD CVE-2024-53150 at SUSE CVE-2024-53150 at NVD CVE-2024-53151 at SUSE CVE-2024-53151 at NVD CVE-2024-53154 at SUSE CVE-2024-53154 at NVD CVE-2024-53155 at SUSE CVE-2024-53155 at NVD CVE-2024-53156 at SUSE CVE-2024-53156 at NVD CVE-2024-53157 at SUSE CVE-2024-53157 at NVD CVE-2024-53158 at SUSE CVE-2024-53158 at NVD CVE-2024-53159 at SUSE CVE-2024-53159 at NVD CVE-2024-53160 at SUSE CVE-2024-53160 at NVD CVE-2024-53161 at SUSE CVE-2024-53161 at NVD CVE-2024-53162 at SUSE CVE-2024-53162 at NVD CVE-2024-53166 at SUSE CVE-2024-53166 at NVD CVE-2024-53169 at SUSE CVE-2024-53169 at NVD CVE-2024-53171 at SUSE CVE-2024-53171 at NVD CVE-2024-53173 at SUSE CVE-2024-53173 at NVD CVE-2024-53174 at SUSE CVE-2024-53174 at NVD CVE-2024-53179 at SUSE CVE-2024-53179 at NVD CVE-2024-53180 at SUSE CVE-2024-53180 at NVD CVE-2024-53188 at SUSE CVE-2024-53188 at NVD CVE-2024-53190 at SUSE CVE-2024-53190 at NVD CVE-2024-53191 at SUSE CVE-2024-53191 at NVD CVE-2024-53200 at SUSE CVE-2024-53200 at NVD CVE-2024-53201 at SUSE CVE-2024-53201 at NVD CVE-2024-53202 at SUSE CVE-2024-53202 at NVD CVE-2024-53206 at SUSE CVE-2024-53206 at NVD CVE-2024-53207 at SUSE CVE-2024-53207 at NVD CVE-2024-53208 at SUSE CVE-2024-53208 at NVD CVE-2024-53209 at SUSE CVE-2024-53209 at NVD CVE-2024-53210 at SUSE CVE-2024-53210 at NVD CVE-2024-53213 at SUSE CVE-2024-53213 at NVD CVE-2024-53214 at SUSE CVE-2024-53214 at NVD CVE-2024-53215 at SUSE CVE-2024-53215 at NVD CVE-2024-53216 at SUSE CVE-2024-53216 at NVD CVE-2024-53217 at SUSE CVE-2024-53217 at NVD CVE-2024-53222 at SUSE CVE-2024-53222 at NVD CVE-2024-53224 at SUSE CVE-2024-53224 at NVD CVE-2024-53229 at SUSE CVE-2024-53229 at NVD CVE-2024-53234 at SUSE CVE-2024-53234 at NVD CVE-2024-53237 at SUSE CVE-2024-53237 at NVD CVE-2024-53240 at SUSE CVE-2024-53240 at NVD CVE-2024-53241 at SUSE CVE-2024-53241 at NVD CVE-2024-56536 at SUSE CVE-2024-56536 at NVD CVE-2024-56539 at SUSE CVE-2024-56539 at NVD CVE-2024-56549 at SUSE CVE-2024-56549 at NVD CVE-2024-56551 at SUSE CVE-2024-56551 at NVD CVE-2024-56562 at SUSE CVE-2024-56562 at NVD CVE-2024-56566 at SUSE CVE-2024-56566 at NVD CVE-2024-56567 at SUSE CVE-2024-56567 at NVD CVE-2024-56576 at SUSE CVE-2024-56576 at NVD CVE-2024-56582 at SUSE CVE-2024-56582 at NVD CVE-2024-56599 at SUSE CVE-2024-56599 at NVD CVE-2024-56604 at SUSE CVE-2024-56604 at NVD CVE-2024-56605 at SUSE CVE-2024-56605 at NVD CVE-2024-56645 at SUSE CVE-2024-56645 at NVD CVE-2024-56667 at SUSE CVE-2024-56667 at NVD CVE-2024-56752 at SUSE CVE-2024-56752 at NVD CVE-2024-56754 at SUSE CVE-2024-56754 at NVD CVE-2024-56755 at SUSE CVE-2024-56755 at NVD CVE-2024-56756 at SUSE CVE-2024-56756 at NVD CVE-2024-8805 at SUSE CVE-2024-8805 at NVD cpe:/o:opensuse:leap:15.6 Security update for rabbitmq-server313 (Moderate) openSUSE Leap 15.6 This update for rabbitmq-server313 fixes the following issues: - CVE-2025-30219: incorrectly escaped virtual hostname present in error message could lead to XSS attack. (bsc#1240071) Non-security fixes: - Require rabbitmq-server313-plugins rather then rabbitmq-server-plugins. (bsc#1231656, bsc#1234763) Moderate SUSE bug 1231656 SUSE bug 1234763 SUSE bug 1240071 CVE-2025-30219 at SUSE CVE-2025-30219 at NVD cpe:/o:opensuse:leap:15.6 Security update for openssl-3 (Moderate) openSUSE Leap 15.6 This update for openssl-3 fixes the following issues: Security: - CVE-2025-27587: Timing side channel vulnerability in the P-384 implementation when used with ECDSA in the PPC architecture (bsc#1240366). - Missing null pointer check before accessing handshake_func in ssl_lib.c (bsc#1240607). FIPS: - Disabling EMS in OpenSSL configuration prevents sshd from starting (bsc#1230959, bsc#1232326, bsc#1231748). Moderate SUSE bug 1230959 SUSE bug 1231748 SUSE bug 1232326 SUSE bug 1240366 SUSE bug 1240607 CVE-2025-27587 at SUSE CVE-2025-27587 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.24 (Moderate) openSUSE Leap 15.6 This update for go1.24 fixes the following issues: Update to go1.24.3 (bsc#1236217): Security fixes: - CVE-2025-22873: Fixed os.Root permits access to parent directory (bsc#1242715) Changelog: * go#73556 go#73555 security: fix CVE-2025-22873 os: Root permits access to parent directory * go#73082 os: Root.Open panics when opening a symlink referencing the root * go#73092 cmd/link: linkname directive on userspace variable can override runtime variable * go#73118 crypto/tls: ECH decodeInnerClientHello incorrectly rejects ClientHello with GREASE values in supportedVersions * go#73144 runtime: segmentation fault from vgetrandomPutState and runtime.growslice w/ runtime.OSLockThread * go#73192 runtime: -race data race map traceback report incorrect functions * go#73281 cmd/compile: program compiles to wasm but is invalid: go:wasmexport: integer too large * go#73379 runtime, x/sys/unix: Connectx is broken on darwin/amd64 * go#73440 cmd/compile: infinite loop in the inliner * go#73500 cmd/go: +dirty in version stamping doesn't combine well with +incompatible Moderate SUSE bug 1236217 SUSE bug 1242715 CVE-2025-22873 at SUSE CVE-2025-22873 at NVD cpe:/o:opensuse:leap:15.6 Security update for audiofile (Moderate) openSUSE Leap 15.6 This update for audiofile fixes the following issues: - CVE-2019-13147: Fixed NULL pointer dereference in ulaw2linear_buf that could lead to DOS (bsc#1140031). - CVE-2022-24599: unverified user input when processing audio files can lead to information leak (bsc#1196487). Moderate SUSE bug 1140031 SUSE bug 1196487 CVE-2019-13147 at SUSE CVE-2019-13147 at NVD CVE-2022-24599 at SUSE CVE-2022-24599 at NVD cpe:/o:opensuse:leap:15.6 Security update for rsync (Important) openSUSE Leap 15.6 This update for rsync fixes the following issues: - CVE-2024-12084: heap buffer overflow in checksum parsing. (bsc#1234100) - CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. (bsc#1234101) - CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. (bsc#1234102) - CVE-2024-12087: arbitrary file overwrite possible on clients when symlink syncing is enabled. (bsc#1234103) - CVE-2024-12088: bypass of the --safe-links flag may allow the placement of unsafe symlinks in a client. (bsc#1234104) - CVE-2024-12747: race condition in rsync handling symbolic links (bsc#1235475) Important SUSE bug 1234100 SUSE bug 1234101 SUSE bug 1234102 SUSE bug 1234103 SUSE bug 1234104 SUSE bug 1235475 SUSE bug 1235895 CVE-2024-12084 at SUSE CVE-2024-12084 at NVD CVE-2024-12085 at SUSE CVE-2024-12085 at NVD CVE-2024-12086 at SUSE CVE-2024-12086 at NVD CVE-2024-12087 at SUSE CVE-2024-12087 at NVD CVE-2024-12088 at SUSE CVE-2024-12088 at NVD CVE-2024-12747 at SUSE CVE-2024-12747 at NVD cpe:/o:opensuse:leap:15.6 Security update for open-vm-tools (Moderate) openSUSE Leap 15.6 This update for open-vm-tools fixes the following issues: Update to 12.5.2: Security fixes: - CVE-2025-22247: Fixed Insecure file handling (bsc#1243106) Other fixes: - Fixed GCC 15 compile time error (bsc#1241938) - Fix building with containerd 1.7.25+ (bsc#1237147) Full changelog: https://github.com/vmware/open-vm-tools/blob/stable-12.5.2/ReleaseNotes.md https://github.com/vmware/open-vm-tools/blob/stable-12.5.2/open-vm-tools/ChangeLog Moderate SUSE bug 1237147 SUSE bug 1241938 SUSE bug 1243106 CVE-2025-22247 at SUSE CVE-2025-22247 at NVD cpe:/o:opensuse:leap:15.6 Security update for valkey (Important) openSUSE Leap 15.6 This update for valkey fixes the following issues: - CVE-2025-21605: Fixed output buffer denial of service (bsc#1241708) Important SUSE bug 1241708 CVE-2025-21605 at SUSE CVE-2025-21605 at NVD cpe:/o:opensuse:leap:15.6 Security update for cargo-c (Low) openSUSE Leap 15.6 This update for cargo-c fixes the following issues: - CVE-2025-3416: use-after-free in Md::fetch and Cipher::fetch of rust-openssl crate (bsc#1242675). Low SUSE bug 1242675 CVE-2025-3416 at SUSE CVE-2025-3416 at NVD cpe:/o:opensuse:leap:15.6 Security update for gimp (Moderate) openSUSE Leap 15.6 This update for gimp fixes the following issues: - CVE-2025-2761: unvalidated user input in FLI file parsing may lead to an out-of-bounds write (bsc#1241691). Moderate SUSE bug 1241691 CVE-2025-2761 at SUSE CVE-2025-2761 at NVD cpe:/o:opensuse:leap:15.6 Security update for libraw (Moderate) openSUSE Leap 15.6 This update for libraw fixes the following issues: - CVE-2025-43961: Fixed out-of-bounds read in the Fujifilm 0xf00c tag parser in metadata/tiff.cpp (bsc#1241643) - CVE-2025-43962: Fixed out-of-bounds read when tag 0x412 processing in phase_one_correct function (bsc#1241585) - CVE-2025-43963: Fixed out-of-buffer access during phase_one_correct in decoders/load_mfbacks.cpp (bsc#1241642) - CVE-2025-43964: Fixed tag 0x412 processing in phase_one_correct does not enforce minimum w0 and w1 values (bsc#1241584) Moderate SUSE bug 1241584 SUSE bug 1241585 SUSE bug 1241642 SUSE bug 1241643 CVE-2025-43961 at SUSE CVE-2025-43961 at NVD CVE-2025-43962 at SUSE CVE-2025-43962 at NVD CVE-2025-43963 at SUSE CVE-2025-43963 at NVD CVE-2025-43964 at SUSE CVE-2025-43964 at NVD cpe:/o:opensuse:leap:15.6 Security update for brltty (Moderate) openSUSE Leap 15.6 This update for brltty fixes the following issues: - Avoid having brlapi.key temporarily world-readable during creation (bsc#1235438). Moderate SUSE bug 1235438 cpe:/o:opensuse:leap:15.6 Security update for rubygem-rack (Important) openSUSE Leap 15.6 This update for rubygem-rack fixes the following issues: - CVE-2025-46727: possible memory exhaustion due to unbounded parameter parsing in Rack::QueryParser (bsc#1242894). - CVE-2025-32441: deleted sessions can be restored and occupied by unauthenticated users when the Rack::Session::Pool middleware is being used (bsc#1242899). Important SUSE bug 1242894 SUSE bug 1242899 CVE-2025-32441 at SUSE CVE-2025-32441 at NVD CVE-2025-46727 at SUSE CVE-2025-46727 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-maturin (Moderate) openSUSE Leap 15.6 This update for python-maturin fixes the following issues: - CVE-2025-3416: openssl: use-after-free in `Md::fetch` and `Cipher::fetch` when `Some(...)` value passed as `properties` argument to either function (bsc#1242631). - CVE-2025-4574: crossbeam-channel: double-free leading to possible memory corruption in `Channel::drop` when dropping a channel (bsc#1243177). Moderate SUSE bug 1242631 SUSE bug 1243177 CVE-2025-3416 at SUSE CVE-2025-3416 at NVD CVE-2025-4574 at SUSE CVE-2025-4574 at NVD cpe:/o:opensuse:leap:15.6 Security update for helm (Moderate) openSUSE Leap 15.6 This update for helm fixes the following issues: help was updated to version 3.17.3: Helm v3.17.3 is a security (patch) release. Users are strongly recommended to update to this release. * Changelog - Unarchiving fix e4da497 (Matt Farina) Moderate cpe:/o:opensuse:leap:15.6 Security update for redis7 (Important) openSUSE Leap 15.6 This update for redis7 fixes the following issues: - CVE-2024-51741: Fixed a bug where malformed ACL selectors can trigger a server panic when accessed. (bsc#1235386) - CVE-2024-46981: Fixed a bug where lua scripts can be used to manipulate the garbage collector, leading to remote code execution. (bsc#1235387) Important SUSE bug 1235386 SUSE bug 1235387 CVE-2024-46981 at SUSE CVE-2024-46981 at NVD CVE-2024-51741 at SUSE CVE-2024-51741 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching (bsc#1242006). - CVE-2024-35840: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() (bsc#1224597). - CVE-2024-50038: netfilter: xtables: fix typo causing some targets not to load on IPv6 (bsc#1231910). - CVE-2024-50162: bpf: selftests: send packet to devmap redirect XDP (bsc#1233075). - CVE-2024-50163: bpf: Make sure internal and UAPI bpf_redirect flags do not overlap (bsc#1233098). - CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074). - CVE-2024-53139: sctp: fix possible UAF in sctp_v6_available() (bsc#1234157). - CVE-2024-57924: fs: relax assertions on failure to encode file handles (bsc#1236086). - CVE-2024-58018: nvkm: correctly calculate the available space of the GSP cmdq buffer (bsc#1238990). - CVE-2024-58068: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized (bsc#1238961). - CVE-2024-58070: bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT (bsc#1238983). - CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970). - CVE-2024-58088: bpf: Fix deadlock when freeing cgroup storage (bsc#1239510). - CVE-2025-21683: bpf: Fix bpf_sk_select_reuseport() memory leak (bsc#1236704). - CVE-2025-21696: mm: clear uffd-wp PTE/PMD state on mremap() (bsc#1237111). - CVE-2025-21707: mptcp: consolidate suboption status (bsc#1238862). - CVE-2025-21729: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (bsc#1237874). - CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882). - CVE-2025-21758: ipv6: mcast: add RCU protection to mld_newpack() (bsc#1238737). - CVE-2025-21768: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels (bsc#1238714). - CVE-2025-21792: ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt (bsc#1238745). - CVE-2025-21806: net: let net.core.dev_weight always be non-zero (bsc#1238746). - CVE-2025-21808: net: xdp: Disallow attaching device-bound programs in generic mode (bsc#1238742). - CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471). - CVE-2025-21833: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE (bsc#1239108). - CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade (bsc#1239066). - CVE-2025-21854: selftest/bpf: Add vsock test for sockmap rejecting unconnected (bsc#1239470). - CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475). - CVE-2025-21867: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() (bsc#1240181). - CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails (bsc#1240184). - CVE-2025-21875: mptcp: always handle address removal under msk socket lock (bsc#1240168). - CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185). - CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171). - CVE-2025-21887: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (bsc#1240176). - CVE-2025-21889: perf/core: Add RCU read lock protection to perf_iterate_ctx() (bsc#1240167). - CVE-2025-21894: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC (bsc#1240581). - CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list (bsc#1240585). - CVE-2025-21904: caif_virtio: fix wrong pointer check in cfv_probe() (bsc#1240576). - CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587). - CVE-2025-21908: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback (bsc#1240600). - CVE-2025-21913: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() (bsc#1240591). - CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639). - CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error (bsc#1240720). - CVE-2025-21925: llc: do not use skb_get() before dev_queue_xmit() (bsc#1240713). - CVE-2025-21926: net: gso: fix ownership in __udp_gso_segment (bsc#1240712). - CVE-2025-21931: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio (bsc#1240709). - CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level > 2 (bsc#1240742). - CVE-2025-21960: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() (bsc#1240815). - CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816). - CVE-2025-21962: cifs: Fix integer overflow while processing closetimeo mount option (bsc#1240655). - CVE-2025-21963: cifs: Fix integer overflow while processing acdirmax mount option (bsc#1240717). - CVE-2025-21964: cifs: Fix integer overflow while processing acregmax mount option (bsc#1240740). - CVE-2025-21969: kABI workaround for l2cap_conn changes (bsc#1240784). - CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check (bsc#1240819). - CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813). - CVE-2025-21975: net/mlx5: handle errors in mlx5_chains_create_table() (bsc#1240812). - CVE-2025-21980: sched: address a potential NULL pointer dereference in the GRED scheduler (bsc#1240809). - CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612). - CVE-2025-21985: drm/amd/display: Fix out-of-bound accesses (bsc#1240811). - CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (bsc#1240795). - CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (bsc#1240797). - CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802). - CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835). - CVE-2025-22015: mm/migrate: fix shmem xarray update during migration (bsc#1240944). - CVE-2025-22016: dpll: fix xa_alloc_cyclic() error handling (bsc#1240934). - CVE-2025-22017: devlink: fix xa_alloc_cyclic() error handling (bsc#1240936). - CVE-2025-22018: atm: Fix NULL pointer dereference (bsc#1241266). - CVE-2025-22029: exec: fix the racy usage of fs_struct->in_exec (bsc#1241378). - CVE-2025-22036: exfat: fix random stack corruption after get_block (bsc#1241426). - CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433). - CVE-2025-22053: net: ibmveth: make veth_pool_store stop hanging (bsc#1241373). - CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371). - CVE-2025-22058: udp: Fix memory accounting leak (bsc#1241332). - CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526). - CVE-2025-22064: netfilter: nf_tables: do not unregister hook when table is dormant (bsc#1241413). - CVE-2025-22080: fs/ntfs3: Prevent integer overflow in hdr_first_de() (bsc#1241416). - CVE-2025-22090: mm: (un)track_pfn_copy() fix + doc improvements (bsc#1241537). - CVE-2025-22102: Bluetooth: btnxpuart: Fix kernel panic during FW release (bsc#1241456). - CVE-2025-22104: ibmvnic: Use kernel helpers for hex dumps (bsc#1241550). - CVE-2025-22105, CVE-2025-37860: Add missing bugzilla references (bsc#1241452 bsc#1241548). - CVE-2025-22107: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() (bsc#1241575). - CVE-2025-22109: ax25: Remove broken autobind (bsc#1241573). - CVE-2025-22115: btrfs: fix block group refcount race in btrfs_create_pending_block_groups() (bsc#1241578). - CVE-2025-22121: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (bsc#1241593). - CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684). - CVE-2025-23133: wifi: ath11k: update channel list in reg notifier instead reg worker (bsc#1241451). - CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648). - CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596). - CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640). - CVE-2025-37798: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (bsc#1242414). - CVE-2025-37799: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp (bsc#1242283). - CVE-2025-39728: clk: samsung: Fix UBSAN panic in samsung_clk_init() (bsc#1241626). The following non-security bugs were fixed: - ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls (stable-fixes). - ACPI: EC: Set ec_no_wakeup for Lenovo Go S (stable-fixes). - ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (stable-fixes). - ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers (git-fixes). - ALSA: hda/realtek - Enable speaker for HP platform (git-fixes). - ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes). - ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA (git-fixes). - ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model (git-fixes). - ALSA: hda/realtek: Fix built-mic regression on other ASUS models (git-fixes). - ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist (stable-fixes). - ALSA: hda: intel: Fix Optimus when GPU has no sound (stable-fixes). - ALSA: ump: Fix buffer overflow at UMP SysEx message conversion (bsc#1242044). - ALSA: usb-audio: Fix CME quirk for UF series keyboards (stable-fixes). - ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() (git-fixes). - ASoC: SOF: topology: Use krealloc_array() to replace krealloc() (stable-fixes). - ASoC: amd: Add DMI quirk for ACP6X mic support (stable-fixes). - ASoC: amd: yc: update quirk data for new Lenovo model (stable-fixes). - ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels (git-fixes). - ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate (git-fixes). - ASoC: fsl_audmix: register card device depends on 'dais' property (stable-fixes). - ASoC: imx-card: Add NULL check in imx_card_probe() (git-fixes). - ASoC: qcom: Fix sc7280 lpass potential buffer overflow (git-fixes). - ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns (git-fixes). - ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment (git-fixes). - ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (git-fixes). - ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence (git-fixes). - Bluetooth: btrtl: Prevent potential NULL dereference (git-fixes). - Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() (git-fixes). - Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address (git-fixes). - Bluetooth: hci_uart: Fix another race during initialization (git-fixes). - Bluetooth: hci_uart: fix race during initialization (stable-fixes). - Bluetooth: l2cap: Check encryption key size on incoming connection (git-fixes). - Bluetooth: l2cap: Process valid commands in too long frame (stable-fixes). - Bluetooth: vhci: Avoid needless snprintf() calls (git-fixes). - HID: hid-plantronics: Add mic mute mapping and generalize quirks (stable-fixes). - HID: i2c-hid: improve i2c_hid_get_report error message (stable-fixes). - Input: pm8941-pwrkey - fix dev_dbg() output in pm8941_pwrkey_irq() (git-fixes). - Input: synaptics - hide unused smbus_pnp_ids[] array (git-fixes). - OPP: add index check to assert to avoid buffer overflow in _read_freq() (bsc#1238961) - PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads (git-fixes). - PCI: Fix BAR resizing when VF BARs are assigned (git-fixes). - PCI: Fix reference leak in pci_register_host_bridge() (git-fixes). - PCI: histb: Fix an error handling path in histb_pcie_probe() (git-fixes). - PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type (stable-fixes). - RDMA/cma: Fix workqueue crash in cma_netevent_work_handler (git-fixes) - RDMA/core: Silence oversized kvmalloc() warning (git-fixes) - RDMA/hns: Fix wrong maximum DMA segment size (git-fixes) - RDMA/mana_ib: Ensure variable err is initialized (git-fixes). - RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() (git-fixes) - Reapply 'Merge remote-tracking branch 'origin/users/sjaeckel/SLE15-SP6/for-next' into SLE15-SP6'. - Require zstd in kernel-default-devel when module compression is zstd To use ksym-provides tool modules need to be uncompressed. Without zstd at least kernel-default-base does not have provides. Link: https://github.com/openSUSE/rpm-config-SUSE/pull/82 - Revert 'drivers: core: synchronize really_probe() and dev_uevent()' (stable-fixes). - Revert 'drm/meson: vclk: fix calculation of 59.94 fractional rates' (git-fixes). - Revert 'tcp: Fix bind() regression for v6-only wildcard and'. - Revert 'wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()' (git-fixes). - Test the correct macro to detect RT kernel build Fixes: 470cd1a41502 ('kernel-binary: Support livepatch_rt with merged RT branch') - USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) (stable-fixes). - USB: VLI disk crashes if LPM is used (stable-fixes). - USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe (stable-fixes). - USB: serial: option: add Sierra Wireless EM9291 (stable-fixes). - USB: serial: simple: add OWON HDS200 series oscilloscope support (stable-fixes). - USB: storage: quirk for ADATA Portable HDD CH94 (stable-fixes). - USB: wdm: add annotation (git-fixes). - USB: wdm: close race between wdm_open and wdm_wwan_port_stop (git-fixes). - USB: wdm: handle IO errors in wdm_wwan_port_start (git-fixes). - USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context (git-fixes). - acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (git-fixes). - affs: do not write overlarge OFS data block size fields (git-fixes). - affs: generate OFS sequence numbers starting at 1 (git-fixes). - ahci: add PCI ID for Marvell 88SE9215 SATA Controller (stable-fixes). - arch_topology: Make register_cpu_capacity_sysctl() tolerant to late (bsc#1238052) - arch_topology: init capacity_freq_ref to 0 (bsc#1238052) - arm64/amu: Use capacity_ref_freq() to set AMU ratio (bsc#1238052) - arm64: Do not call NULL in do_compat_alignment_fixup() (git-fixes) - arm64: Provide an AMU-based version of arch_freq_get_on_cpu (bsc#1238052) - arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052) - arm64: Utilize for_each_cpu_wrap for reference lookup (bsc#1238052) - arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052) - arm64: mm: Correct the update of max_pfn (git-fixes) - asus-laptop: Fix an uninitialized variable (git-fixes). - ata: libata-sata: Save all fields from sense data descriptor (git-fixes). - ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type (git-fixes). - ata: libata-scsi: Fix ata_msense_control_ata_feature() (git-fixes). - ata: libata-scsi: Improve CDL control (git-fixes). - ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() (git-fixes). - ata: sata_sx4: Add error handling in pdc20621_i2c_read() (git-fixes). - auxdisplay: hd44780: Convert to platform remove callback returning void (stable-fixes). - auxdisplay: hd44780: Fix an API misuse in hd44780.c (git-fixes). - badblocks: Fix error shitf ops (git-fixes). - badblocks: fix merge issue when new badblocks align with pre+1 (git-fixes). - badblocks: fix missing bad blocks on retry in _badblocks_check() (git-fixes). - badblocks: fix the using of MAX_BADBLOCKS (git-fixes). - badblocks: return error directly when setting badblocks exceeds 512 (git-fixes). - badblocks: return error if any badblock set fails (git-fixes). - blk-throttle: fix lower bps rate by throtl_trim_slice() (git-fixes). - block: change blk_mq_add_to_batch() third argument type to bool (git-fixes). - block: fix 'kmem_cache of name 'bio-108' already exists' (git-fixes). - block: fix conversion of GPT partition name to 7-bit (git-fixes). - block: fix resource leak in blk_register_queue() error path (git-fixes). - block: integrity: Do not call set_page_dirty_lock() (git-fixes). - block: make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone (git-fixes). - bnxt_en: Linearize TX SKB if the fragments exceed the max (git-fixes). - bnxt_en: Mask the bd_cnt field in the TX BD properly (git-fixes). - bpf: Add missed var_off setting in coerce_subreg_to_size_sx() (git-fixes). - bpf: Add missed var_off setting in set_sext32_default_val() (git-fixes). - bpf: Check size for BTF-based ctx access of pointer members (git-fixes). - bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() (git-fixes). - bpf: add find_containing_subprog() utility function (bsc#1241590). - bpf: avoid holding freeze_mutex during mmap operation (git-fixes). - bpf: check changes_pkt_data property for extension programs (bsc#1241590). - bpf: consider that tail calls invalidate packet pointers (bsc#1241590). - bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs (bsc#1241590). - bpf: fix potential error return (git-fixes). - bpf: refactor bpf_helper_changes_pkt_data to use helper number (bsc#1241590). - bpf: track changes_pkt_data property for global functions (bsc#1241590). - bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic (git-fixes). - btrfs: add and use helper to verify the calling task has locked the inode (bsc#1241204). - btrfs: always fallback to buffered write if the inode requires checksum (bsc#1242831 bsc#1242710). - btrfs: fix hole expansion when writing at an offset beyond EOF (bsc#1241151). - btrfs: fix missing snapshot drew unlock when root is dead during swap activation (bsc#1241204). - btrfs: fix race with memory mapped writes when activating swap file (bsc#1241204). - btrfs: fix swap file activation failure due to extents that used to be shared (bsc#1241204). - cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk (stable-fixes). - char: misc: register chrdev region with all possible minors (git-fixes). - cifs: Fix integer overflow while processing actimeo mount option (git-fixes). - counter: fix privdata alignment (git-fixes). - counter: microchip-tcb-capture: Fix undefined counter channel state on probe (git-fixes). - counter: stm32-lptimer-cnt: fix error handling when enabling (git-fixes). - cpufreq/cppc: Set the frequency used for computing the capacity (bsc#1238052) - cpufreq: Allow arch_freq_get_on_cpu to return an error (bsc#1238052) - cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (bsc#1238052) Keep the feature disabled by default on x86_64 - crypto: atmel-sha204a - Set hwrng quality to lowest possible (git-fixes). - crypto: caam/qi - Fix drv_ctx refcount bug (git-fixes). - crypto: ccp - Add support for PCI device 0x1134 (stable-fixes). - cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path (git-fixes). - dm-bufio: do not schedule in atomic context (git-fixes). - dm-ebs: fix prefetch-vs-suspend race (git-fixes). - dm-integrity: set ti->error on memory allocation failure (git-fixes). - dm-verity: fix prefetch-vs-suspend race (git-fixes). - dm: add missing unlock on in dm_keyslot_evict() (git-fixes). - dm: always update the array size in realloc_argv on success (git-fixes). - dm: fix copying after src array boundaries (git-fixes). - dmaengine: dmatest: Fix dmatest waiting less when interrupted (stable-fixes). - drivers: base: devres: Allow to release group on device release (stable-fixes). - drm/amd/display: Fix gpu reset in multidisplay config (git-fixes). - drm/amd/display: Force full update in gpu reset (stable-fixes). - drm/amd/display: add workaround flag to link to force FFE preset (stable-fixes). - drm/amd/pm/smu11: Prevent division by zero (git-fixes). - drm/amd/pm: Prevent division by zero (git-fixes). - drm/amd: Handle being compiled without SI or CIK support better (stable-fixes). - drm/amd: Keep display off while going into S4 (stable-fixes). - drm/amdgpu/dma_buf: fix page_link check (git-fixes). - drm/amdgpu/gfx11: fix num_mec (git-fixes). - drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() (stable-fixes). - drm/amdkfd: Fix mode1 reset crash issue (stable-fixes). - drm/amdkfd: Fix pqm_destroy_queue race with GPU reset (stable-fixes). - drm/amdkfd: clamp queue size to minimum (stable-fixes). - drm/amdkfd: debugfs hang_hws skip GPU with MES (stable-fixes). - drm/bridge: panel: forbid initializing a panel with unknown connector type (stable-fixes). - drm/dp_mst: Add a helper to queue a topology probe (stable-fixes). - drm/dp_mst: Factor out function to queue a topology probe work (stable-fixes). - drm/fdinfo: Protect against driver unbind (git-fixes). - drm/i915/dg2: wait for HuC load completion before running selftests (stable-fixes). - drm/i915/gvt: fix unterminated-string-initialization warning (stable-fixes). - drm/i915/huc: Fix fence not released on early probe errors (git-fixes). - drm/i915/pxp: fix undefined reference to `intel_pxp_gsccs_is_ready_for_sessions' (git-fixes). - drm/i915/xelpg: Extend driver code of Xe_LPG to Xe_LPG+ (stable-fixes). - drm/i915: Disable RPG during live selftest (git-fixes). - drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off (stable-fixes). - drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data (stable-fixes). - drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() (git-fixes). - drm/nouveau: prime: fix ttm_bo_delayed_delete oops (git-fixes). - drm/sti: remove duplicate object names (git-fixes). - drm/tests: Add helper to create mock crtc (stable-fixes). - drm/tests: Add helper to create mock plane (stable-fixes). - drm/tests: Build KMS helpers when DRM_KUNIT_TEST_HELPERS is enabled (git-fixes). - drm/tests: cmdline: Fix drm_display_mode memory leak (git-fixes). - drm/tests: helpers: Add atomic helpers (stable-fixes). - drm/tests: helpers: Add helper for drm_display_mode_from_cea_vic() (stable-fixes). - drm/tests: helpers: Create kunit helper to destroy a drm_display_mode (stable-fixes). - drm/tests: helpers: Fix compiler warning (git-fixes). - drm/tests: modes: Fix drm_display_mode memory leak (git-fixes). - drm/tests: probe-helper: Fix drm_display_mode memory leak (git-fixes). - drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS (git-fixes). - drm: allow encoder mode_set even when connectors change for crtc (stable-fixes). - drm: panel-orientation-quirks: Add new quirk for GPD Win 2 (stable-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO Slide (stable-fixes). - drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel) (stable-fixes). - drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB (stable-fixes). - drm: panel-orientation-quirks: Add support for AYANEO 2S (stable-fixes). - e1000e: change k1 configuration on MTP and later platforms (git-fixes). - eth: bnxt: fix missing ring index trim on error path (git-fixes). - ethtool: Fix context creation with no parameters (git-fixes). - ethtool: Fix set RXNFC command with symmetric RSS hash (git-fixes). - ethtool: Fix wrong mod state in case of verbose and no_mask bitset (git-fixes). - ethtool: do not propagate EOPNOTSUPP from dumps (git-fixes). - ethtool: fix setting key and resetting indir at once (git-fixes). - ethtool: netlink: Add missing ethnl_ops_begin/complete (git-fixes). - ethtool: netlink: do not return SQI value if link is down (git-fixes). - ethtool: plca: fix plca enable data type while parsing the value (git-fixes). - ethtool: rss: echo the context number back (git-fixes). - exfat: do not fallback to buffered write (git-fixes). - exfat: drop ->i_size_ondisk (git-fixes). - exfat: fix soft lockup in exfat_clear_bitmap (git-fixes). - exfat: fix the infinite loop in exfat_find_last_cluster() (git-fixes). - exfat: short-circuit zero-byte writes in exfat_file_write_iter (git-fixes). - ext4: add missing brelse() for bh2 in ext4_dx_add_entry() (bsc#1242342). - ext4: correct encrypted dentry name hash when not casefolded (bsc#1242540). - ext4: do not over-report free space or inodes in statvfs (bsc#1242345). - ext4: do not treat fhandle lookup of ea_inode as FS corruption (bsc#1242347). - ext4: fix FS_IOC_GETFSMAP handling (bsc#1240557). - ext4: goto right label 'out_mmap_sem' in ext4_setattr() (bsc#1242556). - ext4: make block validity check resistent to sb bh corruption (bsc#1242348). - ext4: partial zero eof block on unaligned inode size extension (bsc#1242336). - ext4: protect ext4_release_dquot against freezing (bsc#1242335). - ext4: replace the traditional ternary conditional operator with with max()/min() (bsc#1242536). - ext4: treat end of range as exclusive in ext4_zero_range() (bsc#1242539). - ext4: unify the type of flexbg_size to unsigned int (bsc#1242538). - fbdev: omapfb: Add 'plane' value check (stable-fixes). - firmware: arm_ffa: Skip Rx buffer ownership release if not acquired (git-fixes). - firmware: arm_scmi: Balance device refcount when destroying devices (git-fixes). - firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success (git-fixes). - fs/jfs: Prevent integer overflow in AG size calculation (git-fixes). - fs/jfs: cast inactags to s64 to prevent potential overflow (git-fixes). - fs/ntfs3: add prefix to bitmap_size() and use BITS_TO_U64() (bsc#1241250). - fs: better handle deep ancestor chains in is_subdir() (bsc#1242528). - fs: consistently deref the files table with rcu_dereference_raw() (bsc#1242535). - fs: do not allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT (bsc#1242526). - fs: support relative paths with FSCONFIG_SET_STRING (git-fixes). - gpio: tegra186: fix resource handling in ACPI probe path (git-fixes). - gpio: zynq: Fix wakeup source leaks on device unbind (stable-fixes). - gve: handle overflow when reporting TX consumed descriptors (git-fixes). - gve: set xdp redirect target only when it is available (git-fixes). - hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key (git-fixes). - hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (stable-fixes). - i2c: cros-ec-tunnel: defer probe if parent EC is not present (git-fixes). - i2c: imx-lpi2c: Fix clock count when probe defers (git-fixes). - ice: Add check for devm_kzalloc() (git-fixes). - ice: fix reservation of resources for RDMA when disabled (git-fixes). - ice: stop truncating queue ids when checking (git-fixes). - idpf: check error for register_netdev() on init (git-fixes). - idpf: fix adapter NULL pointer dereference on reboot (git-fixes). - igb: reject invalid external timestamp requests for 82580-based HW (git-fixes). - igc: add lock preventing multiple simultaneous PTM transactions (git-fixes). - igc: cleanup PTP module if probe fails (git-fixes). - igc: fix PTM cycle trigger logic (git-fixes). - igc: handle the IGC_PTP_ENABLED flag correctly (git-fixes). - igc: increase wait time before retrying PTM (git-fixes). - igc: move ktime snapshot into PTM retry loop (git-fixes). - iio: adc: ad7768-1: Fix conversion result sign (git-fixes). - iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check (stable-fixes). - iommu: Fix two issues in iommu_copy_struct_from_user() (git-fixes). - ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr (git-fixes). - irqchip/davinci: Remove leftover header (git-fixes). - irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (git-fixes). - isofs: fix KMSAN uninit-value bug in do_isofs_readdir() (bsc#1242307). - jbd2: add a missing data flush during file and fs synchronization (bsc#1242346). - jbd2: fix off-by-one while erasing journal (bsc#1242344). - jbd2: flush filesystem device before updating tail sequence (bsc#1242333). - jbd2: increase IO priority for writing revoke records (bsc#1242332). - jbd2: increase the journal IO's priority (bsc#1242537). - jbd2: remove wrong sb->s_sequence check (bsc#1242343). - jfs: Fix uninit-value access of imap allocated in the diMount() function (git-fixes). - jfs: Prevent copying of nlink with value 0 from disk inode (git-fixes). - jfs: add sanity check for agwidth in dbMount (git-fixes). - kABI fix for sctp: detect and prevent references to a freed transport in sendmsg (git-fixes). - kABI workaround for powercap update (bsc#1241010). - kernel-binary: Support livepatch_rt with merged RT branch - kernel-source: Also update the search to match bin/env Fixes: dc2037cd8f94 ('kernel-source: Also replace bin/env' - ktest: Fix Test Failures Due to Missing LOG_FILE Directories (stable-fixes). - kunit: qemu_configs: SH: Respect kunit cmdline (git-fixes). - lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (git-fixes). - libperf cpumap: Be tolerant of newline at the end of a cpumask (bsc#1234698 jsc#PED-12309). - libperf cpumap: Ensure empty cpumap is NULL from alloc (bsc#1234698 jsc#PED-12309). - libperf cpumap: Grow array of read CPUs in smaller increments (bsc#1234698 jsc#PED-12309). - libperf cpumap: Hide/reduce scope of MAX_NR_CPUS (bsc#1234698 jsc#PED-12309). - libperf cpumap: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__default_new() to perf_cpu_map__new_online_cpus() and prefer sysfs (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__dummy_new() to perf_cpu_map__new_any_cpu() (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__empty() to perf_cpu_map__has_any_cpu_or_is_empty() (bsc#1234698 jsc#PED-12309). - loop: LOOP_SET_FD: send uevents for partitions (git-fixes). - loop: properly send KOBJ_CHANGED uevent for disk device (git-fixes). - loop: stop using vfs_iter_{read,write} for buffered I/O (git-fixes). - md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb (bsc#1238212) - media: uvcvideo: Add quirk for Actions UVC05 (stable-fixes). - mei: me: add panther lake H DID (stable-fixes). - misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration (git-fixes). - misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack (git-fixes). - mm/readahead: fix large folio support in async readahead (bsc#1242321). - mm: fix error handling in __filemap_get_folio() with FGP_NOWAIT (bsc#1242326). - mm: fix filemap_get_folios_contig returning batches of identical folios (bsc#1242327). - mm: fix oops when filemap_map_pmd() without prealloc_pte (bsc#1242546). - mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves (stable-fixes). - mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe (git-fixes). - mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (stable-fixes). - mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN (git-fixes). - mptcp: refine opt_mp_capable determination (git-fixes). - mptcp: relax check on MPC passive fallback (git-fixes). - mptcp: strict validation before using mp_opt->hmac (git-fixes). - mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req() (git-fixes). - mtd: inftlcore: Add error check for inftl_read_oob() (git-fixes). - mtd: rawnand: Add status chack in r852_ready() (git-fixes). - net/mlx5: Fill out devlink dev info only for PFs (git-fixes). - net/mlx5: IRQ, Fix null string in debug print (git-fixes). - net/mlx5: Lag, Check shared fdb before creating MultiPort E-Switch (git-fixes). - net/mlx5: Start health poll after enable hca (git-fixes). - net/mlx5e: Fix ethtool -N flow-type ip4 to RSS context (git-fixes). - net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices (git-fixes). - net/mlx5e: SHAMPO, Make reserved size independent of page size (git-fixes). - net/tcp: refactor tcp_inet6_sk() (git-fixes). - net: annotate data-races around sk->sk_dst_pending_confirm (git-fixes). - net: annotate data-races around sk->sk_tx_queue_mapping (git-fixes). - net: blackhole_dev: fix build warning for ethh set but not used (git-fixes). - net: ethtool: Do not call .cleanup_data when prepare_data fails (git-fixes). - net: ethtool: Fix RSS setting (git-fixes). - net: ipv6: fix UDPv6 GSO segmentation with NAT (git-fixes). - net: mana: Switch to page pool for jumbo frames (git-fixes). - net: mark racy access on sk->sk_rcvbuf (git-fixes). - net: phy: leds: fix memory leak (git-fixes). - net: phy: microchip: force IRQ polling mode for lan88xx (git-fixes). - net: sctp: fix skb leak in sctp_inq_free() (git-fixes). - net: set SOCK_RCU_FREE before inserting socket into hashtable (git-fixes). - net: usb: asix_devices: add FiberGecko DeviceID (stable-fixes). - net: usb: qmi_wwan: add Telit Cinterion FE990B composition (stable-fixes). - net: usb: qmi_wwan: add Telit Cinterion FN990B composition (stable-fixes). - net_sched: drr: Fix double list add in class with netem as child qdisc (git-fixes). - net_sched: ets: Fix double list add in class with netem as child qdisc (git-fixes). - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (git-fixes). - net_sched: qfq: Fix double list add in class with netem as child qdisc (git-fixes). - netpoll: Use rcu_access_pointer() in netpoll_poll_lock (git-fixes). - nfs: add missing selections of CONFIG_CRC32 (git-fixes). - nfs: clear SB_RDONLY before getting superblock (bsc#1238565). - nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565). - nfsd: decrease sc_count directly if fail to queue dl_recall (git-fixes). - nfsd: put dl_stid if fail to queue dl_recall (git-fixes). - ntb: Force physically contiguous allocation of rx ring buffers (git-fixes). - ntb: intel: Fix using link status DB's (git-fixes). - ntb: reduce stack usage in idt_scan_mws (stable-fixes). - ntb: use 64-bit arithmetic for the MSI doorbell mask (git-fixes). - ntb_hw_amd: Add NTB PCI ID for new gen CPU (stable-fixes). - ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (git-fixes). - ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (git-fixes). - ntb_perf: Fix printk format (git-fixes). - nvme-pci: clean up CMBMSC when registering CMB fails (git-fixes). - nvme-pci: fix stuck reset on concurrent DPC and HP (git-fixes). - nvme-pci: skip CMB blocks incompatible with PCI P2P DMA (git-fixes). - nvme-pci: skip nvme_write_sq_db on empty rqlist (git-fixes). - nvme-tcp: fix possible UAF in nvme_tcp_poll (git-fixes). - nvme/ioctl: do not warn on vectorized uring_cmd with fixed buffer (git-fixes). - nvmet-fcloop: swap list_add_tail arguments (git-fixes). - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (git-fixes). - objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() (git-fixes). - objtool: Fix segfault in ignore_unreachable_insn() (git-fixes). - perf cpumap: Reduce transitive dependencies on libperf MAX_NR_CPUS (bsc#1234698 jsc#PED-12309). - perf pmu: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309). - perf tools: annotate asm_pure_loop.S (bsc#1239906). - perf: Increase MAX_NR_CPUS to 4096 (bsc#1234698 jsc#PED-12309). - perf: arm_cspmu: nvidia: enable NVLINK-C2C port filtering (bsc#1242172) - perf: arm_cspmu: nvidia: fix sysfs path in the kernel doc (bsc#1242172) - perf: arm_cspmu: nvidia: monitor all ports by default (bsc#1242172) - perf: arm_cspmu: nvidia: remove unsupported SCF events (bsc#1242172) - phy: freescale: imx8m-pcie: assert phy reset and perst in power off (git-fixes). - pinctrl: renesas: rza2: Fix potential NULL pointer dereference (stable-fixes). - platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug (git-fixes). - platform/x86/intel/vsec: Add Diamond Rapids support (stable-fixes). - platform/x86: ISST: Correct command storage data length (git-fixes). - platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet (stable-fixes). - pm: cpupower: bench: Prevent NULL dereference on malloc failure (stable-fixes). - powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request() (git-fixes). - powercap: intel_rapl: Introduce APIs for PMU support (bsc#1241010). - powercap: intel_rapl_tpmi: Enable PMU support (bsc#1241010). - powercap: intel_rapl_tpmi: Fix System Domain probing (git-fixes). - powercap: intel_rapl_tpmi: Fix bogus register reading (git-fixes). - powercap: intel_rapl_tpmi: Ignore minor version change (git-fixes). - powerpc/boot: Check for ld-option support (bsc#1215199). - powerpc/boot: Fix dash warning (bsc#1215199). - powerpc: Do not use --- in kernel logs (git-fixes). - pwm: fsl-ftm: Handle clk_get_rate() returning 0 (git-fixes). - pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() (git-fixes). - pwm: rcar: Improve register calculation (git-fixes). - rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN - rpm/check-for-config-changes: add LD_CAN_ to IGNORED_CONFIGS_RE We now have LD_CAN_USE_KEEP_IN_OVERLAY since commit: e7607f7d6d81 ARM: 9443/1: Require linker to support KEEP within OVERLAY for DCE - rpm/check-for-config-changes: ignore DRM_MSM_VALIDATE_XML This option is dynamically enabled to build-test different configurations. This makes run_oldconfig.sh complain sporadically for arm64. - rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038). - rpm/kernel-binary.spec.in: Use OrderWithRequires (boo#1228659 boo#1241038). OrderWithRequires was introduced in rpm 4.9 (ie. SLE12+) to allow a package to inform the order of installation of other package without hard requiring that package. This means our kernel-binary packages no longer need to hard require perl-Bootloader or dracut, resolving the long-commented issue there. This is also needed for udev & systemd-boot to ensure those packages are installed before being called by dracut (boo#1228659) - rpm/kernel-binary.spec.in: revert the revert change with OrderWithRequires The recent change using OrderWithRequires addresses the known issues, but also caused regressions for the existing image or package builds. For SLE15-SPx, better to be conservative and stick with the older way. - rpm/package-descriptions: Add rt and rt_debug descriptions - rtc: pcf85063: do a SW reset if POR failed (stable-fixes). - rtnetlink: Allocate vfinfo size for VF GUIDs when supported (bsc#1224013). - s390/cio: Fix CHPID 'configure' attribute caching (git-fixes bsc#1240979). - s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (git-fixes bsc#1240978). - sched/topology: Add a new arch_scale_freq_ref() method (bsc#1238052) - scsi: core: Use GFP_NOIO to avoid circular locking dependency (git-fixes). - scsi: hisi_sas: Enable force phy when SATA disk directly connected (git-fixes). - scsi: iscsi: Fix missing scsi_host_put() in error path (git-fixes). - scsi: lpfc: Restore clearing of NLP_UNREG_INP in ndlp->nlp_flag (git-fixes). - scsi: mpi3mr: Fix locking in an error path (git-fixes). - scsi: mpt3sas: Fix a locking bug in an error path (git-fixes). - scsi: mpt3sas: Reduce log level of ignore_delay_remove message to KERN_INFO (git-fixes). - scsi: scsi_debug: Remove a reference to in_use_bm (git-fixes). - sctp: Fix undefined behavior in left shift operation (git-fixes). - sctp: add mutual exclusion in proc_sctp_do_udp_port() (git-fixes). - sctp: detect and prevent references to a freed transport in sendmsg (git-fixes). - sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start (git-fixes). - sctp: fix association labeling in the duplicate COOKIE-ECHO case (git-fixes). - sctp: fix busy polling (git-fixes). - sctp: prefer struct_size over open coded arithmetic (git-fixes). - sctp: support MSG_ERRQUEUE flag in recvmsg() (git-fixes). - security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375). - selftests/bpf: Add a few tests to cover (git-fixes). - selftests/bpf: Add test for narrow ctx load for pointer args (git-fixes). - selftests/bpf: extend changes_pkt_data with cases w/o subprograms (bsc#1241590). - selftests/bpf: freplace tests for tracking of changes_packet_data (bsc#1241590). - selftests/bpf: test for changing packet data from global functions (bsc#1241590). - selftests/bpf: validate that tail call invalidates packet pointers (bsc#1241590). - selftests/futex: futex_waitv wouldblock test should fail (git-fixes). - selftests/mm: generate a temporary mountpoint for cgroup filesystem (git-fixes). - selinux: Implement mptcp_add_subflow hook (bsc#1240375). - serial: 8250_dma: terminate correct DMA in tx_dma_flush() (git-fixes). - serial: msm: Configure correct working mode before starting earlycon (git-fixes). - serial: sifive: lock port in startup()/shutdown() callbacks (git-fixes). - smb: client: fix folio leaks and perf improvements (bsc#1239997, bsc1241265). - smb: client: fix open_cached_dir retries with 'hard' mount option (bsc#1240616). - sound/virtio: Fix cancel_sync warnings on uninitialized work_structs (stable-fixes). - spi: tegra114: Do not fail set_cs_timing when delays are zero (git-fixes). - spi: tegra210-quad: add rate limiting and simplify timeout error message (stable-fixes). - spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts (stable-fixes). - splice: remove duplicate noinline from pipe_clear_nowait (bsc#1242328). - staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES (git-fixes). - string: Add load_unaligned_zeropad() code path to sized_strscpy() (git-fixes). - tcp: fix mptcp DSS corruption due to large pmtu xmit (git-fixes). - thunderbolt: Scan retimers after device router has been enumerated (stable-fixes). - tools/hv: update route parsing in kvp daemon (git-fixes). - tools/power turbostat: Increase CPU_SUBSET_MAXCPUS to 8192 (bsc#1241175). - tools/power turbostat: report CoreThr per measurement interval (git-fixes). - topology: Set capacity_freq_ref in all cases (bsc#1238052) - tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870). - tpm: tis: Double the timeout B to 4s (bsc#1235870). - tpm_tis: Move CRC check to generic send routine (bsc#1235870). - tpm_tis: Use responseRetry to recover from data transfer errors (bsc#1235870). - tty: n_tty: use uint for space returned by tty_write_room() (git-fixes). - tty: serial: 8250: Add Brainboxes XC devices (stable-fixes). - tty: serial: 8250: Add some more device IDs (stable-fixes). - tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (git-fixes). - tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register (git-fixes). - ublk: set_params: properly check if parameters can be applied (git-fixes). - ucsi_ccg: Do not show failed to get FW build information error (git-fixes). - udf: Fix inode_getblk() return value (bsc#1242313). - udf: Skip parent dir link count update if corrupted (bsc#1242315). - udf: Verify inode link counts before performing rename (bsc#1242314). - usb: cdns3: Fix deadlock when using NCM gadget (git-fixes). - usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines (git-fixes). - usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling (git-fixes). - usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes). - usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield (stable-fixes). - usb: dwc3: gadget: Refactor loop to avoid NULL endpoints (stable-fixes). - usb: dwc3: gadget: check that event count does not exceed event buffer length (git-fixes). - usb: dwc3: xilinx: Prevent spike in reset signal (git-fixes). - usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() (stable-fixes). - usb: host: max3421-hcd: Add missing spi_device_id table (stable-fixes). - usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func (stable-fixes). - usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive (stable-fixes). - usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive (stable-fixes). - usb: xhci: correct debug message page size calculation (git-fixes). - usbnet:fix NPE during rx_complete (git-fixes). - vdpa/mlx5: Fix oversized null mkey longer than 32bit (git-fixes). - vfs: do not mod negative dentry count when on shrinker list (bsc#1242534). - virtchnl: make proto and filter action count unsigned (git-fixes). - vmxnet3: Fix tx queue race condition with XDP (bsc#1241394). - vmxnet3: unregister xdp rxq info in the reset path (bsc#1241394). - wifi: at76c50x: fix use after free access in at76_disconnect (git-fixes). - wifi: ath11k: fix memory leak in ath11k_xxx_remove() (git-fixes). - wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi (stable-fixes). - wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process (stable-fixes). - wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() (git-fixes). - wifi: brcmfmac: keep power during suspend if board requires it (stable-fixes). - wifi: iwlwifi: fw: allocate chained SG tables for dump (stable-fixes). - wifi: iwlwifi: mvm: use the right version of the rate API (stable-fixes). - wifi: mac80211: Purge vif txq in ieee80211_do_stop() (git-fixes). - wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() (git-fixes). - wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state (stable-fixes). - wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table (stable-fixes). - wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release (git-fixes). - wifi: wl1251: fix memory leak in wl1251_tx_work (git-fixes). - x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778). - x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778). - x86/bpf: Call branch history clearing sequence on exit (bsc#1242778). - x86/bugs: Add RSB mitigation document (git-fixes). - x86/bugs: Do not fill RSB on VMEXIT with eIBRS+retpoline (git-fixes). - x86/bugs: Do not fill RSB on context switch with eIBRS (git-fixes). - x86/bugs: Fix RSB clearing in indirect_branch_prediction_barrier() (git-fixes). - x86/bugs: Rename entry_ibpb() to write_ibpb() (git-fixes). - x86/bugs: Use SBPB in write_ibpb() if applicable (git-fixes). - x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment (git-fixes). - x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (git-fixes). - x86/hyperv: Fix check of return value from snp_set_vmsa() (git-fixes). - x86/microcode/AMD: Fix a -Wsometimes-uninitialized clang false positive (git-fixes). - x86/microcode/AMD: Flush patch buffer mapping after application (git-fixes). - x86/microcode/AMD: Pay attention to the stepping dynamically (git-fixes). - x86/microcode/AMD: Split load_microcode_amd() (git-fixes). - x86/microcode/AMD: Use the family,model,stepping encoded in the patch ID (git-fixes). - x86/microcode/intel: Set new revision only after a successful update (git-fixes). - x86/microcode: Remove the driver announcement and version (git-fixes). - x86/microcode: Rework early revisions reporting (git-fixes). - x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT (git-fixes). - x86/tdx: Emit warning if IRQs are enabled during HLT #VE handling (git-fixes). - x86/tdx: Fix arch_safe_halt() execution for TDX VMs (git-fixes). - x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs (git-fixes). - xfs: flush inodegc before swapon (git-fixes). - xhci: Fix null pointer dereference during S4 resume when resetting ep0 (bsc#1235550). - xhci: Reconfigure endpoint 0 max packet size only during endpoint reset (bsc#1235550). - xhci: fix possible null pointer deref during xhci urb enqueue (bsc#1235550). - zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING (bsc#1241167). Important SUSE bug 1215199 SUSE bug 1223809 SUSE bug 1224013 SUSE bug 1224597 SUSE bug 1224757 SUSE bug 1228659 SUSE bug 1230764 SUSE bug 1231103 SUSE bug 1231910 SUSE bug 1232493 SUSE bug 1233075 SUSE bug 1233098 SUSE bug 1234074 SUSE bug 1234157 SUSE bug 1234698 SUSE bug 1235501 SUSE bug 1235526 SUSE bug 1235550 SUSE bug 1235870 SUSE bug 1236086 SUSE bug 1236704 SUSE bug 1237111 SUSE bug 1237874 SUSE bug 1237882 SUSE bug 1238052 SUSE bug 1238212 SUSE bug 1238471 SUSE bug 1238527 SUSE bug 1238565 SUSE bug 1238714 SUSE bug 1238737 SUSE bug 1238742 SUSE bug 1238745 SUSE bug 1238746 SUSE bug 1238862 SUSE bug 1238961 SUSE bug 1238970 SUSE bug 1238983 SUSE bug 1238990 SUSE bug 1239066 SUSE bug 1239079 SUSE bug 1239108 SUSE bug 1239470 SUSE bug 1239475 SUSE bug 1239476 SUSE bug 1239487 SUSE bug 1239510 SUSE bug 1239684 SUSE bug 1239906 SUSE bug 1239925 SUSE bug 1239997 SUSE bug 1240167 SUSE bug 1240168 SUSE bug 1240171 SUSE bug 1240176 SUSE bug 1240181 SUSE bug 1240184 SUSE bug 1240185 SUSE bug 1240375 SUSE bug 1240557 SUSE bug 1240575 SUSE bug 1240576 SUSE bug 1240581 SUSE bug 1240582 SUSE bug 1240583 SUSE bug 1240584 SUSE bug 1240585 SUSE bug 1240587 SUSE bug 1240590 SUSE bug 1240591 SUSE bug 1240592 SUSE bug 1240594 SUSE bug 1240595 SUSE bug 1240596 SUSE bug 1240600 SUSE bug 1240612 SUSE bug 1240616 SUSE bug 1240639 SUSE bug 1240643 SUSE bug 1240647 SUSE bug 1240655 SUSE bug 1240691 SUSE bug 1240700 SUSE bug 1240701 SUSE bug 1240703 SUSE bug 1240708 SUSE bug 1240709 SUSE bug 1240712 SUSE bug 1240713 SUSE bug 1240714 SUSE bug 1240715 SUSE bug 1240716 SUSE bug 1240717 SUSE bug 1240718 SUSE bug 1240719 SUSE bug 1240720 SUSE bug 1240722 SUSE bug 1240727 SUSE bug 1240739 SUSE bug 1240740 SUSE bug 1240742 SUSE bug 1240779 SUSE bug 1240783 SUSE bug 1240784 SUSE bug 1240785 SUSE bug 1240795 SUSE bug 1240796 SUSE bug 1240797 SUSE bug 1240799 SUSE bug 1240801 SUSE bug 1240802 SUSE bug 1240806 SUSE bug 1240808 SUSE bug 1240809 SUSE bug 1240811 SUSE bug 1240812 SUSE bug 1240813 SUSE bug 1240815 SUSE bug 1240816 SUSE bug 1240819 SUSE bug 1240821 SUSE bug 1240825 SUSE bug 1240829 SUSE bug 1240835 SUSE bug 1240873 SUSE bug 1240934 SUSE bug 1240936 SUSE bug 1240937 SUSE bug 1240938 SUSE bug 1240940 SUSE bug 1240942 SUSE bug 1240943 SUSE bug 1240944 SUSE bug 1240978 SUSE bug 1240979 SUSE bug 1241010 SUSE bug 1241038 SUSE bug 1241051 SUSE bug 1241123 SUSE bug 1241151 SUSE bug 1241167 SUSE bug 1241175 SUSE bug 1241204 SUSE bug 1241250 SUSE bug 1241265 SUSE bug 1241266 SUSE bug 1241280 SUSE bug 1241332 SUSE bug 1241333 SUSE bug 1241341 SUSE bug 1241343 SUSE bug 1241344 SUSE bug 1241347 SUSE bug 1241357 SUSE bug 1241361 SUSE bug 1241369 SUSE bug 1241371 SUSE bug 1241373 SUSE bug 1241378 SUSE bug 1241394 SUSE bug 1241402 SUSE bug 1241412 SUSE bug 1241413 SUSE bug 1241416 SUSE bug 1241424 SUSE bug 1241426 SUSE bug 1241433 SUSE bug 1241436 SUSE bug 1241441 SUSE bug 1241442 SUSE bug 1241443 SUSE bug 1241451 SUSE bug 1241452 SUSE bug 1241456 SUSE bug 1241458 SUSE bug 1241459 SUSE bug 1241526 SUSE bug 1241528 SUSE bug 1241537 SUSE bug 1241541 SUSE bug 1241545 SUSE bug 1241547 SUSE bug 1241548 SUSE bug 1241550 SUSE bug 1241573 SUSE bug 1241574 SUSE bug 1241575 SUSE bug 1241578 SUSE bug 1241590 SUSE bug 1241593 SUSE bug 1241598 SUSE bug 1241599 SUSE bug 1241601 SUSE bug 1241626 SUSE bug 1241640 SUSE bug 1241648 SUSE bug 1242006 SUSE bug 1242044 SUSE bug 1242172 SUSE bug 1242283 SUSE bug 1242307 SUSE bug 1242313 SUSE bug 1242314 SUSE bug 1242315 SUSE bug 1242321 SUSE bug 1242326 SUSE bug 1242327 SUSE bug 1242328 SUSE bug 1242332 SUSE bug 1242333 SUSE bug 1242335 SUSE bug 1242336 SUSE bug 1242342 SUSE bug 1242343 SUSE bug 1242344 SUSE bug 1242345 SUSE bug 1242346 SUSE bug 1242347 SUSE bug 1242348 SUSE bug 1242414 SUSE bug 1242526 SUSE bug 1242528 SUSE bug 1242534 SUSE bug 1242535 SUSE bug 1242536 SUSE bug 1242537 SUSE bug 1242538 SUSE bug 1242539 SUSE bug 1242540 SUSE bug 1242546 SUSE bug 1242556 SUSE bug 1242596 SUSE bug 1242710 SUSE bug 1242778 SUSE bug 1242831 SUSE bug 1242985 CVE-2023-53034 at SUSE CVE-2023-53034 at NVD CVE-2024-27018 at SUSE CVE-2024-27018 at NVD CVE-2024-27415 at SUSE CVE-2024-27415 at NVD CVE-2024-28956 at SUSE CVE-2024-28956 at NVD CVE-2024-35840 at SUSE CVE-2024-35840 at NVD CVE-2024-46763 at SUSE CVE-2024-46763 at NVD CVE-2024-46865 at SUSE CVE-2024-46865 at NVD CVE-2024-50038 at SUSE CVE-2024-50038 at NVD CVE-2024-50083 at SUSE CVE-2024-50083 at NVD CVE-2024-50162 at SUSE CVE-2024-50162 at NVD CVE-2024-50163 at SUSE CVE-2024-50163 at NVD CVE-2024-53124 at SUSE CVE-2024-53124 at NVD CVE-2024-53139 at SUSE CVE-2024-53139 at NVD CVE-2024-56641 at SUSE CVE-2024-56641 at NVD CVE-2024-56702 at SUSE CVE-2024-56702 at NVD CVE-2024-57924 at SUSE CVE-2024-57924 at NVD CVE-2024-57998 at SUSE CVE-2024-57998 at NVD CVE-2024-58001 at SUSE CVE-2024-58001 at NVD CVE-2024-58018 at SUSE CVE-2024-58018 at NVD CVE-2024-58068 at SUSE CVE-2024-58068 at NVD CVE-2024-58070 at SUSE CVE-2024-58070 at NVD CVE-2024-58071 at SUSE CVE-2024-58071 at NVD CVE-2024-58088 at SUSE CVE-2024-58088 at NVD CVE-2024-58093 at SUSE CVE-2024-58093 at NVD CVE-2024-58094 at SUSE CVE-2024-58094 at NVD CVE-2024-58095 at SUSE CVE-2024-58095 at NVD CVE-2024-58096 at SUSE CVE-2024-58096 at NVD CVE-2024-58097 at SUSE CVE-2024-58097 at NVD CVE-2025-21683 at SUSE CVE-2025-21683 at NVD CVE-2025-21696 at SUSE CVE-2025-21696 at NVD CVE-2025-21707 at SUSE CVE-2025-21707 at NVD CVE-2025-21729 at SUSE CVE-2025-21729 at NVD CVE-2025-21755 at SUSE CVE-2025-21755 at NVD CVE-2025-21758 at SUSE CVE-2025-21758 at NVD CVE-2025-21768 at SUSE CVE-2025-21768 at NVD CVE-2025-21792 at SUSE CVE-2025-21792 at NVD CVE-2025-21806 at SUSE CVE-2025-21806 at NVD CVE-2025-21808 at SUSE CVE-2025-21808 at NVD CVE-2025-21812 at SUSE CVE-2025-21812 at NVD CVE-2025-21833 at SUSE CVE-2025-21833 at NVD CVE-2025-21836 at SUSE CVE-2025-21836 at NVD CVE-2025-21852 at SUSE CVE-2025-21852 at NVD CVE-2025-21853 at SUSE CVE-2025-21853 at NVD CVE-2025-21854 at SUSE CVE-2025-21854 at NVD CVE-2025-21863 at SUSE CVE-2025-21863 at NVD CVE-2025-21867 at SUSE CVE-2025-21867 at NVD CVE-2025-21873 at SUSE CVE-2025-21873 at NVD CVE-2025-21875 at SUSE CVE-2025-21875 at NVD CVE-2025-21881 at SUSE CVE-2025-21881 at NVD CVE-2025-21884 at SUSE CVE-2025-21884 at NVD CVE-2025-21887 at SUSE CVE-2025-21887 at NVD CVE-2025-21889 at SUSE CVE-2025-21889 at NVD CVE-2025-21894 at SUSE CVE-2025-21894 at NVD CVE-2025-21895 at SUSE CVE-2025-21895 at NVD CVE-2025-21904 at SUSE CVE-2025-21904 at NVD CVE-2025-21905 at SUSE CVE-2025-21905 at NVD CVE-2025-21906 at SUSE CVE-2025-21906 at NVD CVE-2025-21908 at SUSE CVE-2025-21908 at NVD CVE-2025-21909 at SUSE CVE-2025-21909 at NVD CVE-2025-21910 at SUSE CVE-2025-21910 at NVD CVE-2025-21912 at SUSE CVE-2025-21912 at NVD CVE-2025-21913 at SUSE CVE-2025-21913 at NVD CVE-2025-21914 at SUSE CVE-2025-21914 at NVD CVE-2025-21915 at SUSE CVE-2025-21915 at NVD CVE-2025-21916 at SUSE CVE-2025-21916 at NVD CVE-2025-21917 at SUSE CVE-2025-21917 at NVD CVE-2025-21918 at SUSE CVE-2025-21918 at NVD CVE-2025-21922 at SUSE CVE-2025-21922 at NVD CVE-2025-21923 at SUSE CVE-2025-21923 at NVD CVE-2025-21924 at SUSE CVE-2025-21924 at NVD CVE-2025-21925 at SUSE CVE-2025-21925 at NVD CVE-2025-21926 at SUSE CVE-2025-21926 at NVD CVE-2025-21927 at SUSE CVE-2025-21927 at NVD CVE-2025-21928 at SUSE CVE-2025-21928 at NVD CVE-2025-21930 at SUSE CVE-2025-21930 at NVD CVE-2025-21931 at SUSE CVE-2025-21931 at NVD CVE-2025-21934 at SUSE CVE-2025-21934 at NVD CVE-2025-21935 at SUSE CVE-2025-21935 at NVD CVE-2025-21936 at SUSE CVE-2025-21936 at NVD CVE-2025-21937 at SUSE CVE-2025-21937 at NVD CVE-2025-21941 at SUSE CVE-2025-21941 at NVD CVE-2025-21943 at SUSE CVE-2025-21943 at NVD CVE-2025-21948 at SUSE CVE-2025-21948 at NVD CVE-2025-21950 at SUSE CVE-2025-21950 at NVD CVE-2025-21951 at SUSE CVE-2025-21951 at NVD CVE-2025-21953 at SUSE CVE-2025-21953 at NVD CVE-2025-21956 at SUSE CVE-2025-21956 at NVD CVE-2025-21957 at SUSE CVE-2025-21957 at NVD CVE-2025-21960 at SUSE CVE-2025-21960 at NVD CVE-2025-21961 at SUSE CVE-2025-21961 at NVD CVE-2025-21962 at SUSE CVE-2025-21962 at NVD CVE-2025-21963 at SUSE CVE-2025-21963 at NVD CVE-2025-21964 at SUSE CVE-2025-21964 at NVD CVE-2025-21966 at SUSE CVE-2025-21966 at NVD CVE-2025-21968 at SUSE CVE-2025-21968 at NVD CVE-2025-21969 at SUSE CVE-2025-21969 at NVD CVE-2025-21970 at SUSE CVE-2025-21970 at NVD CVE-2025-21971 at SUSE CVE-2025-21971 at NVD CVE-2025-21972 at SUSE CVE-2025-21972 at NVD CVE-2025-21975 at SUSE CVE-2025-21975 at NVD CVE-2025-21978 at SUSE CVE-2025-21978 at NVD CVE-2025-21979 at SUSE CVE-2025-21979 at NVD CVE-2025-21980 at SUSE CVE-2025-21980 at NVD CVE-2025-21981 at SUSE CVE-2025-21981 at NVD CVE-2025-21985 at SUSE CVE-2025-21985 at NVD CVE-2025-21991 at SUSE CVE-2025-21991 at NVD CVE-2025-21992 at SUSE CVE-2025-21992 at NVD CVE-2025-21993 at SUSE CVE-2025-21993 at NVD CVE-2025-21995 at SUSE CVE-2025-21995 at NVD CVE-2025-21996 at SUSE CVE-2025-21996 at NVD CVE-2025-21999 at SUSE CVE-2025-21999 at NVD CVE-2025-22001 at SUSE CVE-2025-22001 at NVD CVE-2025-22003 at SUSE CVE-2025-22003 at NVD CVE-2025-22004 at SUSE CVE-2025-22004 at NVD CVE-2025-22007 at SUSE CVE-2025-22007 at NVD CVE-2025-22008 at SUSE CVE-2025-22008 at NVD CVE-2025-22009 at SUSE CVE-2025-22009 at NVD CVE-2025-22010 at SUSE CVE-2025-22010 at NVD CVE-2025-22013 at SUSE CVE-2025-22013 at NVD CVE-2025-22014 at SUSE CVE-2025-22014 at NVD CVE-2025-22015 at SUSE CVE-2025-22015 at NVD CVE-2025-22016 at SUSE CVE-2025-22016 at NVD CVE-2025-22017 at SUSE CVE-2025-22017 at NVD CVE-2025-22018 at SUSE CVE-2025-22018 at NVD CVE-2025-22020 at SUSE CVE-2025-22020 at NVD CVE-2025-22025 at SUSE CVE-2025-22025 at NVD CVE-2025-22027 at SUSE CVE-2025-22027 at NVD CVE-2025-22029 at SUSE CVE-2025-22029 at NVD CVE-2025-22033 at SUSE CVE-2025-22033 at NVD CVE-2025-22036 at SUSE CVE-2025-22036 at NVD CVE-2025-22044 at SUSE CVE-2025-22044 at NVD CVE-2025-22045 at SUSE CVE-2025-22045 at NVD CVE-2025-22050 at SUSE CVE-2025-22050 at NVD CVE-2025-22053 at SUSE CVE-2025-22053 at NVD CVE-2025-22055 at SUSE CVE-2025-22055 at NVD CVE-2025-22058 at SUSE CVE-2025-22058 at NVD CVE-2025-22060 at SUSE CVE-2025-22060 at NVD CVE-2025-22062 at SUSE CVE-2025-22062 at NVD CVE-2025-22064 at SUSE CVE-2025-22064 at NVD CVE-2025-22065 at SUSE CVE-2025-22065 at NVD CVE-2025-22075 at SUSE CVE-2025-22075 at NVD CVE-2025-22080 at SUSE CVE-2025-22080 at NVD CVE-2025-22086 at SUSE CVE-2025-22086 at NVD CVE-2025-22088 at SUSE CVE-2025-22088 at NVD CVE-2025-22090 at SUSE CVE-2025-22090 at NVD CVE-2025-22093 at SUSE CVE-2025-22093 at NVD CVE-2025-22097 at SUSE CVE-2025-22097 at NVD CVE-2025-22102 at SUSE CVE-2025-22102 at NVD CVE-2025-22104 at SUSE CVE-2025-22104 at NVD CVE-2025-22105 at SUSE CVE-2025-22105 at NVD CVE-2025-22106 at SUSE CVE-2025-22106 at NVD CVE-2025-22107 at SUSE CVE-2025-22107 at NVD CVE-2025-22108 at SUSE CVE-2025-22108 at NVD CVE-2025-22109 at SUSE CVE-2025-22109 at NVD CVE-2025-22115 at SUSE CVE-2025-22115 at NVD CVE-2025-22116 at SUSE CVE-2025-22116 at NVD CVE-2025-22121 at SUSE CVE-2025-22121 at NVD CVE-2025-22128 at SUSE CVE-2025-22128 at NVD CVE-2025-2312 at SUSE CVE-2025-2312 at NVD CVE-2025-23129 at SUSE CVE-2025-23129 at NVD CVE-2025-23131 at SUSE CVE-2025-23131 at NVD CVE-2025-23133 at SUSE CVE-2025-23133 at NVD CVE-2025-23136 at SUSE CVE-2025-23136 at NVD CVE-2025-23138 at SUSE CVE-2025-23138 at NVD CVE-2025-23145 at SUSE CVE-2025-23145 at NVD CVE-2025-37785 at SUSE CVE-2025-37785 at NVD CVE-2025-37798 at SUSE CVE-2025-37798 at NVD CVE-2025-37799 at SUSE CVE-2025-37799 at NVD CVE-2025-37860 at SUSE CVE-2025-37860 at NVD CVE-2025-39728 at SUSE CVE-2025-39728 at NVD cpe:/o:opensuse:leap:15.6 Security update for grub2 (Moderate) openSUSE Leap 15.6 This update for grub2 rebuilds the existing package with the new 4k RSA secure boot key for IBM Power and Z. Note: the signing key of x86 / x86_64 and aarch64 architectures are unchanged. Also the following issue were fixed: - CVE-2025-4382: TPM auto-decryption data exposure (bsc#1242971) - Fix segmentation fault error in grub2-probe with target=hints_string (bsc#1235971) (bsc#1235958) (bsc#1239651) Moderate SUSE bug 1235958 SUSE bug 1235971 SUSE bug 1239651 SUSE bug 1242971 CVE-2025-4382 at SUSE CVE-2025-4382 at NVD cpe:/o:opensuse:leap:15.6 Security update for s390-tools (Moderate) openSUSE Leap 15.6 This update for s390-tools rebuilds the existing package with the new 4k RSA secure boot key. Security issues fixed: - CVE-2025-3416: Fixed Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate. (bsc#1242622) Other issues: - Added the new IBM z17 (9175) processor type Moderate SUSE bug 1242622 CVE-2025-3416 at SUSE CVE-2025-3416 at NVD cpe:/o:opensuse:leap:15.6 Security update for redis (Important) openSUSE Leap 15.6 This update for redis fixes the following issues: - CVE-2024-51741: Fixed a bug where malformed ACL selectors can trigger a server panic when accessed. (bsc#1235386) - CVE-2024-46981: Fixed a bug where lua scripts can be used to manipulate the garbage collector, leading to remote code execution. (bsc#1235387) Important SUSE bug 1235386 SUSE bug 1235387 CVE-2024-46981 at SUSE CVE-2024-46981 at NVD CVE-2024-51741 at SUSE CVE-2024-51741 at NVD cpe:/o:opensuse:leap:15.6 Security update for openssh (Moderate) openSUSE Leap 15.6 This update for openssh fixes the following issue: Security fixes: - CVE-2025-32728: Fixed logic error in DisableForwarding option (bsc#1241012) Other fixes: - Fix ssh client segfault with GSSAPIKeyExchange=yes in ssh_kex2 due to gssapi proposal not being correctly initialized (bsc#1236826). The problem was introduced in the rebase of the patch for 9.6p1 - Enable --with-logind to call the SetTTY dbus method in systemd. This allows 'wall' to print messages in ssh ttys (bsc#1239671) Moderate SUSE bug 1236826 SUSE bug 1239671 SUSE bug 1241012 CVE-2025-32728 at SUSE CVE-2025-32728 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql17 (Moderate) openSUSE Leap 15.6 This update for postgresql17 fixes the following issues: Upgrade to 17.5: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation (bsc#1242931) Changelog: https://www.postgresql.org/docs/release/17.5/ Moderate SUSE bug 1242931 CVE-2025-4207 at SUSE CVE-2025-4207 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-tornado6 (Important) openSUSE Leap 15.6 This update for python-tornado6 fixes the following issues: - CVE-2025-47287: excessive logging when parsing malformed `multipart/form-data` can lead to a denial-of-service (bsc#1243268). Important SUSE bug 1243268 CVE-2025-47287 at SUSE CVE-2025-47287 at NVD cpe:/o:opensuse:leap:15.6 Security update for ucode-intel (Moderate) openSUSE Leap 15.6 This update for ucode-intel fixes the following issues: Intel CPU Microcode was updated to the 20250512 release (bsc#1243123) - CVE-2024-28956: Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access. - CVE-2025-20103: Insufficient resource pool in the core management mechanism for some Intel Processors may allow an authenticated user to potentially enable denial of service via local access. - CVE-2025-20054: Uncaught exception in the core management mechanism for some Intel Processors may allow an authenticated user to potentially enable denial of service via local access. - CVE-2024-43420: Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom processors may allow an authenticated user to potentially enable information disclosure via local access. - CVE-2025-20623: Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Core processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access. - CVE-2024-45332: Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access. - CVE-2025-24495: Incorrect initialization of resource in the branch prediction unit for some Intel Core Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access. - CVE-2025-20012: Incorrect behavior order for some Intel Core Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access. - Updates for functional issues. - New Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ARL-U | A1 | 06-b5-00/80 | | 0000000a | Core Ultra Processor (Series2) | ARL-S/HX (8P) | B0 | 06-c6-02/82 | | 00000118 | Core Ultra Processor (Series2) | ARL-H | A1 | 06-c5-02/82 | | 00000118 | Core Ultra Processor (Series2) | GNR-AP/SP | B0 | 06-ad-01/95 | | 010003a2 | Xeon Scalable Gen6 | GNR-AP/SP | H0 | 06-ad-01/20 | | 0a0000d1 | Xeon Scalable Gen6 | LNL | B0 | 06-bd-01/80 | | 0000011f | Core Ultra 200 V Series Processor - Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | C0 | 06-97-02/07 | 00000038 | 0000003a | Core Gen12 | ADL | H0 | 06-97-05/07 | 00000038 | 0000003a | Core Gen12 | ADL | L0 | 06-9a-03/80 | 00000436 | 00000437 | Core Gen12 | ADL | R0 | 06-9a-04/80 | 00000436 | 00000437 | Core Gen12 | ADL-N | N0 | 06-be-00/19 | 0000001c | 0000001d | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E | AML-Y42 | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen10 Mobile | AZB | A0/R0 | 06-9a-04/40 | 00000009 | 0000000a | Intel(R) Atom(R) C1100 | CFL-H | R0 | 06-9e-0d/22 | 00000102 | 00000104 | Core Gen9 Mobile | CLX-SP | B1 | 06-55-07/bf | 05003707 | 05003901 | Xeon Scalable Gen2 | CML-H | R1 | 06-a5-02/20 | 000000fc | 00000100 | Core Gen10 Mobile | CML-S102 | Q0 | 06-a5-05/22 | 000000fc | 00000100 | Core Gen10 | CML-S62 | G1 | 06-a5-03/22 | 000000fc | 00000100 | Core Gen10 | CML-U42 | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen10 Mobile | CML-U62 V1 | A0 | 06-a6-00/80 | 000000fe | 00000102 | Core Gen10 Mobile | CML-U62 V2 | K1 | 06-a6-01/80 | 000000fc | 00000100 | Core Gen10 Mobile | CML-Y42 | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen10 Mobile | CPX-SP | A1 | 06-55-0b/bf | 07002904 | 07002b01 | Xeon Scalable Gen3 | EMR-SP | A1 | 06-cf-02/87 | 21000291 | 210002a9 | Xeon Scalable Gen5 | GLK-R | R0 | 06-7a-08/01 | 00000024 | 00000026 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-D | B0 | 06-6c-01/10 | 010002c0 | 010002d0 | Xeon D-17xx, D-27xx | ICL-U/Y | D1 | 06-7e-05/80 | 000000c6 | 000000ca | Core Gen10 Mobile | ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003f5 | 0d000404 | Xeon Scalable Gen3 | MTL | C0 | 06-aa-04/e6 | 00000020 | 00000024 | Core Ultra Processor | RKL-S | B0 | 06-a7-01/02 | 00000063 | 00000064 | Core Gen11 | RPL-E/HX/S | B0 | 06-b7-01/32 | 0000012c | 0000012f | Core Gen13/Gen14 | RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004124 | 00004128 | Core Gen13 | RPL-HX/S | C0 | 06-bf-02/07 | 00000038 | 0000003a | Core Gen13/Gen14 | RPL-S | H0 | 06-bf-05/07 | 00000038 | 0000003a | Core Gen13/Gen14 | RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004124 | 00004128 | Core Gen13 | SPR-HBM | Bx | 06-8f-08/10 | 2c0003e0 | 2c0003f7 | Xeon Max | SPR-SP | E4/S2 | 06-8f-07/87 | 2b000620 | 2b000639 | Xeon Scalable Gen4 | SPR-SP | E5/S3 | 06-8f-08/87 | 2b000620 | 2b000639 | Xeon Scalable Gen4 | SRF-SP | C0 | 06-af-03/01 | 03000330 | 03000341 | Xeon 6700-Series Processors with E-Cores | TGL | B0/B1 | 06-8c-01/80 | 000000b8 | 000000bc | Core Gen11 Mobile | TGL-H | R0 | 06-8d-01/c2 | 00000052 | 00000056 | Core Gen11 Mobile | TGL-R | C0 | 06-8c-02/c2 | 00000038 | 0000003c | Core Gen11 Mobile | TWL | N0 | 06-be-00/19 | 0000001c | 0000001d | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E | WHL-U | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen8 Mobile Moderate SUSE bug 1243123 CVE-2024-28956 at SUSE CVE-2024-28956 at NVD CVE-2024-43420 at SUSE CVE-2024-43420 at NVD CVE-2024-45332 at SUSE CVE-2024-45332 at NVD CVE-2025-20012 at SUSE CVE-2025-20012 at NVD CVE-2025-20054 at SUSE CVE-2025-20054 at NVD CVE-2025-20103 at SUSE CVE-2025-20103 at NVD CVE-2025-20623 at SUSE CVE-2025-20623 at NVD CVE-2025-24495 at SUSE CVE-2025-24495 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql13 (Moderate) openSUSE Leap 15.6 This update for postgresql13 fixes the following issues: Upgrade to 13.21: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation (bsc#1242931) Changelog: https://www.postgresql.org/docs/release/13.21/ Moderate SUSE bug 1242931 CVE-2025-4207 at SUSE CVE-2025-4207 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaThunderbird (Important) openSUSE Leap 15.6 This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.10.1. Security fixes: - MFSA 2025-34 (bsc#1243216) * CVE-2025-3875: Sender Spoofing via Malformed From Header in Thunderbird. * CVE-2025-3877: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links. * CVE-2025-3909: JavaScript Execution via Spoofed PDF Attachment and file:/// Link. * CVE-2025-3932: Tracking Links in Attachments Bypassed Remote Content Blocking. Other bug fixes: - Fixed: standalone message windows/tabs that no longer responded after folder compaction. - Fixed: Thunderbird could crash when importing Outlook messages. - Visual and UX improvements. Important SUSE bug 1243216 CVE-2025-3875 at SUSE CVE-2025-3875 at NVD CVE-2025-3877 at SUSE CVE-2025-3877 at NVD CVE-2025-3909 at SUSE CVE-2025-3909 at NVD CVE-2025-3932 at SUSE CVE-2025-3932 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql14 (Moderate) openSUSE Leap 15.6 This update for postgresql14 fixes the following issues: Upgrade to 14.18: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation (bsc#1242931) Moderate SUSE bug 1242931 CVE-2025-4207 at SUSE CVE-2025-4207 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-cryptography (Low) openSUSE Leap 15.6 This update for python-cryptography fixes the following issues: - CVE-2025-3416: openssl: use-after-free in `Md::fetch` and `Cipher::fetch` when `Some(...)` value passed as `properties` argument to either function (bsc#1242631). Low SUSE bug 1242631 CVE-2025-3416 at SUSE CVE-2025-3416 at NVD cpe:/o:opensuse:leap:15.6 Security update for pam_u2f (Important) openSUSE Leap 15.6 This update for pam_u2f fixes the following issues: - CVE-2025-23013: Fixed problematic PAM_IGNORE return values in `pam_sm_authenticate()` (bsc#1233517) Important SUSE bug 1233517 SUSE bug 1235961 CVE-2025-23013 at SUSE CVE-2025-23013 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaFirefox (Important) openSUSE Leap 15.6 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 128.10.1 ESR. - MFSA 2025-37 (bsc#1243303) * CVE-2025-4918: Out-of-bounds access when resolving Promise objects * CVE-2025-4919: Out-of-bounds access when optimizing linear sums Important SUSE bug 1243303 CVE-2025-4918 at SUSE CVE-2025-4918 at NVD CVE-2025-4919 at SUSE CVE-2025-4919 at NVD cpe:/o:opensuse:leap:15.6 Security update for glibc (Important) openSUSE Leap 15.6 This update for glibc fixes the following issues: - CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LD_LIBRARY_PATH (bsc#1243317). Important SUSE bug 1243317 CVE-2025-4802 at SUSE CVE-2025-4802 at NVD cpe:/o:opensuse:leap:15.6 Security update for xen (Moderate) openSUSE Leap 15.6 This update for xen fixes the following issues: Update to Xen 4.18.5: Security fixes: - CVE-2024-28956: Fixed Intel CPU Indirect Target Selection (ITS) (bsc#1243117) Other fixes: - Fixed boot failing with XEN kernel on DL580 Gen12 (bsc#1242490) - Added missing upstream bug fixes (bsc#1027519) Moderate SUSE bug 1027519 SUSE bug 1242490 SUSE bug 1243117 CVE-2024-28956 at SUSE CVE-2024-28956 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-setuptools (Important) openSUSE Leap 15.6 This update for python-setuptools fixes the following issues: - CVE-2025-47273: path traversal in PackageIndex.download may lead to an arbitrary file write (bsc#1243313). Important SUSE bug 1243313 CVE-2025-47273 at SUSE CVE-2025-47273 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-27415: netfilter: bridge: confirm multicast packets before passing them up the stack (bsc#1224757). - CVE-2024-28956: Intel CPU: Indirect Target Selection (ITS) (bsc#1242006). - CVE-2024-35840: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() (bsc#1224597). - CVE-2024-46763: fou: Fix null-ptr-deref in GRO (bsc#1230764). - CVE-2024-50038: netfilter: xtables: avoid NFPROTO_UNSPEC where needed (bsc#1231910). - CVE-2024-50162: bpf: devmap: provide rxq after redirect (bsc#1233075). - CVE-2024-50163: bpf: Make sure internal and UAPI bpf_redirect flags do not overlap (bsc#1233098). - CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074). - CVE-2024-53139: sctp: fix possible UAF in sctp_v6_available() (bsc#1234157). - CVE-2024-57924: fs: relax assertions on failure to encode file handles (bsc#1236086). - CVE-2024-58018: nvkm: correctly calculate the available space of the GSP cmdq buffer (bsc#1238990). - CVE-2024-58068: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized (bsc#1238961). - CVE-2024-58070: bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT (bsc#1238983). - CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970). - CVE-2024-58088: bpf: Fix deadlock when freeing cgroup storage (bsc#1239510). - CVE-2025-21683: bpf: Fix bpf_sk_select_reuseport() memory leak (bsc#1236704). - CVE-2025-21696: mm: clear uffd-wp PTE/PMD state on mremap() (bsc#1237111). - CVE-2025-21707: mptcp: consolidate suboption status (bsc#1238862). - CVE-2025-21729: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (bsc#1237874). - CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882). - CVE-2025-21758: ipv6: mcast: add RCU protection to mld_newpack() (bsc#1238737). - CVE-2025-21768: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels (bsc#1238714). - CVE-2025-21792: ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt (bsc#1238745). - CVE-2025-21806: net: let net.core.dev_weight always be non-zero (bsc#1238746). - CVE-2025-21808: net: xdp: Disallow attaching device-bound programs in generic mode (bsc#1238742). - CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471). - CVE-2025-21833: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE (bsc#1239108). - CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade (bsc#1239066). - CVE-2025-21854: sockmap, vsock: For connectible sockets allow only connected (bsc#1239470). - CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475). - CVE-2025-21867: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() (bsc#1240181). - CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails (bsc#1240184). - CVE-2025-21875: mptcp: always handle address removal under msk socket lock (bsc#1240168). - CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185). - CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171). - CVE-2025-21887: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (bsc#1240176). - CVE-2025-21889: perf/core: Add RCU read lock protection to perf_iterate_ctx() (bsc#1240167). - CVE-2025-21894: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC (bsc#1240581). - CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list (bsc#1240585). - CVE-2025-21904: caif_virtio: fix wrong pointer check in cfv_probe() (bsc#1240576). - CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587). - CVE-2025-21908: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback (bsc#1240600). - CVE-2025-21913: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() (bsc#1240591). - CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639). - CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error (bsc#1240720). - CVE-2025-21925: llc: do not use skb_get() before dev_queue_xmit() (bsc#1240713). - CVE-2025-21926: net: gso: fix ownership in __udp_gso_segment (bsc#1240712). - CVE-2025-21931: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio (bsc#1240709). - CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level > 2 (bsc#1240742). - CVE-2025-21960: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() (bsc#1240815). - CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816). - CVE-2025-21962: cifs: Fix integer overflow while processing closetimeo mount option (bsc#1240655). - CVE-2025-21963: cifs: Fix integer overflow while processing acdirmax mount option (bsc#1240717). - CVE-2025-21964: cifs: Fix integer overflow while processing acregmax mount option (bsc#1240740). - CVE-2025-21969: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd (bsc#1240784). - CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check (bsc#1240819). - CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813). - CVE-2025-21975: net/mlx5: handle errors in mlx5_chains_create_table() (bsc#1240812). - CVE-2025-21980: sched: address a potential NULL pointer dereference in the GRED scheduler (bsc#1240809). - CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612). - CVE-2025-21985: drm/amd/display: Fix out-of-bound accesses (bsc#1240811). - CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (bsc#1240795). - CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (bsc#1240797). - CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802). - CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835). - CVE-2025-22015: mm/migrate: fix shmem xarray update during migration (bsc#1240944). - CVE-2025-22016: dpll: fix xa_alloc_cyclic() error handling (bsc#1240934). - CVE-2025-22017: devlink: fix xa_alloc_cyclic() error handling (bsc#1240936). - CVE-2025-22018: atm: Fix NULL pointer dereference (bsc#1241266). - CVE-2025-22029: exec: fix the racy usage of fs_struct->in_exec (bsc#1241378). - CVE-2025-22036: exfat: fix random stack corruption after get_block (bsc#1241426). - CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433). - CVE-2025-22053: net: ibmveth: make veth_pool_store stop hanging (bsc#1241373). - CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371). - CVE-2025-22058: udp: Fix memory accounting leak (bsc#1241332). - CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526). - CVE-2025-22064: netfilter: nf_tables: do not unregister hook when table is dormant (bsc#1241413). - CVE-2025-22080: fs/ntfs3: Prevent integer overflow in hdr_first_de() (bsc#1241416). - CVE-2025-22090: x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range() (bsc#1241537). - CVE-2025-22102: Bluetooth: btnxpuart: Fix kernel panic during FW release (bsc#1241456). - CVE-2025-22104: ibmvnic: Use kernel helpers for hex dumps (bsc#1241550). - CVE-2025-22105: bonding: check xdp prog when set bond mode (bsc#1241548). - CVE-2025-22107: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() (bsc#1241575). - CVE-2025-22109: ax25: Remove broken autobind (bsc#1241573). - CVE-2025-22115: btrfs: fix block group refcount race in btrfs_create_pending_block_groups() (bsc#1241578). - CVE-2025-22121: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (bsc#1241593). - CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684). - CVE-2025-23133: wifi: ath11k: update channel list in reg notifier instead reg worker (bsc#1241451). - CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648). - CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596). - CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640). - CVE-2025-37798: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (bsc#1242414). - CVE-2025-37799: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp (bsc#1242283). - CVE-2025-37860: sfc: fix NULL dereferences in ef100_process_design_param() (bsc#1241452). - CVE-2025-39728: clk: samsung: Fix UBSAN panic in samsung_clk_init() (bsc#1241626). The following non-security bugs were fixed: - ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls (stable-fixes). - ACPI: EC: Set ec_no_wakeup for Lenovo Go S (stable-fixes). - ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (stable-fixes). - ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers (git-fixes). - ALSA: hda/realtek - Enable speaker for HP platform (git-fixes). - ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes). - ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA (git-fixes). - ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model (git-fixes). - ALSA: hda/realtek: Fix built-mic regression on other ASUS models (git-fixes). - ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist (stable-fixes). - ALSA: hda: intel: Fix Optimus when GPU has no sound (stable-fixes). - ALSA: ump: Fix buffer overflow at UMP SysEx message conversion (bsc#1242044). - ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() (stable-fixes). - ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset (stable-fixes). - ALSA: usb-audio: Fix CME quirk for UF series keyboards (stable-fixes). - ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() (git-fixes). - ASoC: SOF: topology: Use krealloc_array() to replace krealloc() (stable-fixes). - ASoC: Use of_property_read_bool() (stable-fixes). - ASoC: amd: Add DMI quirk for ACP6X mic support (stable-fixes). - ASoC: amd: yc: update quirk data for new Lenovo model (stable-fixes). - ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels (git-fixes). - ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate (git-fixes). - ASoC: fsl_audmix: register card device depends on 'dais' property (stable-fixes). - ASoC: imx-card: Add NULL check in imx_card_probe() (git-fixes). - ASoC: qcom: Fix sc7280 lpass potential buffer overflow (git-fixes). - ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns (git-fixes). - ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment (git-fixes). - ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (git-fixes). - ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties (stable-fixes). - ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence (git-fixes). - Bluetooth: btrtl: Prevent potential NULL dereference (git-fixes). - Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() (git-fixes). - Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address (git-fixes). - Bluetooth: hci_uart: Fix another race during initialization (git-fixes). - Bluetooth: hci_uart: fix race during initialization (stable-fixes). - Bluetooth: l2cap: Check encryption key size on incoming connection (git-fixes). - Bluetooth: l2cap: Process valid commands in too long frame (stable-fixes). - Bluetooth: vhci: Avoid needless snprintf() calls (git-fixes). - HID: hid-plantronics: Add mic mute mapping and generalize quirks (stable-fixes). - HID: i2c-hid: improve i2c_hid_get_report error message (stable-fixes). - Input: cyttsp5 - ensure minimum reset pulse width (git-fixes). - Input: mtk-pmic-keys - fix possible null pointer dereference (git-fixes). - Input: pm8941-pwrkey - fix dev_dbg() output in pm8941_pwrkey_irq() (git-fixes). - Input: synaptics - hide unused smbus_pnp_ids[] array (git-fixes). - Input: xpad - fix two controller table values (git-fixes). - OPP: add index check to assert to avoid buffer overflow in _read_freq() (bsc#1238961) - PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads (git-fixes). - PCI: Fix BAR resizing when VF BARs are assigned (git-fixes). - PCI: Fix reference leak in pci_register_host_bridge() (git-fixes). - PCI: histb: Fix an error handling path in histb_pcie_probe() (git-fixes). - PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type (stable-fixes). - RDMA/cma: Fix workqueue crash in cma_netevent_work_handler (git-fixes) - RDMA/core: Silence oversized kvmalloc() warning (git-fixes) - RDMA/hns: Fix wrong maximum DMA segment size (git-fixes) - RDMA/mana_ib: Ensure variable err is initialized (git-fixes). - RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() (git-fixes) - Drop 'PCI: Avoid reset when disabled via sysfs' patch due to regression (bsc#1241123). - Revert 'drivers: core: synchronize really_probe() and dev_uevent()' (stable-fixes). - Revert 'drm/meson: vclk: fix calculation of 59.94 fractional rates' (git-fixes). - Revert 'tcp: Fix bind() regression for v6-only wildcard and' to avoid kABI breakage. - Revert 'wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()' (git-fixes). - Revert 'mm/various: give up if pte_offset_map[_lock]() fails' (bsc#1241051). - USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) (stable-fixes). - USB: VLI disk crashes if LPM is used (stable-fixes). - USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe (stable-fixes). - USB: serial: option: add Sierra Wireless EM9291 (stable-fixes). - USB: serial: simple: add OWON HDS200 series oscilloscope support (stable-fixes). - USB: storage: quirk for ADATA Portable HDD CH94 (stable-fixes). - USB: usbtmc: use interruptible sleep in usbtmc_read (git-fixes). - USB: wdm: add annotation (git-fixes). - USB: wdm: close race between wdm_open and wdm_wwan_port_stop (git-fixes). - USB: wdm: handle IO errors in wdm_wwan_port_start (git-fixes). - USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context (git-fixes). - acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (git-fixes). - affs: do not write overlarge OFS data block size fields (git-fixes). - affs: generate OFS sequence numbers starting at 1 (git-fixes). - ahci: add PCI ID for Marvell 88SE9215 SATA Controller (stable-fixes). - arch_topology: Make register_cpu_capacity_sysctl() tolerant to late (bsc#1238052). - arch_topology: init capacity_freq_ref to 0 (bsc#1238052). - arm64/amu: Use capacity_ref_freq() to set AMU ratio (bsc#1238052). - arm64: Do not call NULL in do_compat_alignment_fixup() (git-fixes). - arm64: Provide an AMU-based version of arch_freq_get_on_cpu (bsc#1238052). - arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052). - arm64: Utilize for_each_cpu_wrap for reference lookup (bsc#1238052). - arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052). - arm64: mm: Correct the update of max_pfn (git-fixes). - asus-laptop: Fix an uninitialized variable (git-fixes). - ata: libata-sata: Save all fields from sense data descriptor (git-fixes). - ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type (git-fixes). - ata: libata-scsi: Fix ata_msense_control_ata_feature() (git-fixes). - ata: libata-scsi: Improve CDL control (git-fixes). - ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() (git-fixes). - ata: sata_sx4: Add error handling in pdc20621_i2c_read() (git-fixes). - auxdisplay: hd44780: Convert to platform remove callback returning void (stable-fixes). - auxdisplay: hd44780: Fix an API misuse in hd44780.c (git-fixes). - badblocks: Fix error shitf ops (git-fixes). - badblocks: fix merge issue when new badblocks align with pre+1 (git-fixes). - badblocks: fix missing bad blocks on retry in _badblocks_check() (git-fixes). - badblocks: fix the using of MAX_BADBLOCKS (git-fixes). - badblocks: return error directly when setting badblocks exceeds 512 (git-fixes). - badblocks: return error if any badblock set fails (git-fixes). - blk-throttle: fix lower bps rate by throtl_trim_slice() (git-fixes). - block: change blk_mq_add_to_batch() third argument type to bool (git-fixes). - block: fix 'kmem_cache of name 'bio-108' already exists' (git-fixes). - block: fix conversion of GPT partition name to 7-bit (git-fixes). - block: fix resource leak in blk_register_queue() error path (git-fixes). - block: integrity: Do not call set_page_dirty_lock() (git-fixes). - block: make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone (git-fixes). - bnxt_en: Linearize TX SKB if the fragments exceed the max (git-fixes). - bnxt_en: Mask the bd_cnt field in the TX BD properly (git-fixes). - bpf: Add missed var_off setting in coerce_subreg_to_size_sx() (git-fixes). - bpf: Add missed var_off setting in set_sext32_default_val() (git-fixes). - bpf: Check size for BTF-based ctx access of pointer members (git-fixes). - bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() (git-fixes). - bpf: add find_containing_subprog() utility function (bsc#1241590). - bpf: avoid holding freeze_mutex during mmap operation (git-fixes). - bpf: check changes_pkt_data property for extension programs (bsc#1241590). - bpf: consider that tail calls invalidate packet pointers (bsc#1241590). - bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs (bsc#1241590). - bpf: fix potential error return (git-fixes). - bpf: refactor bpf_helper_changes_pkt_data to use helper number (bsc#1241590). - bpf: track changes_pkt_data property for global functions (bsc#1241590). - bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic (git-fixes). - btrfs: add and use helper to verify the calling task has locked the inode (bsc#1241204). - btrfs: always fallback to buffered write if the inode requires checksum (bsc#1242831 bsc#1242710). - btrfs: fix hole expansion when writing at an offset beyond EOF (bsc#1241151). - btrfs: fix missing snapshot drew unlock when root is dead during swap activation (bsc#1241204). - btrfs: fix race with memory mapped writes when activating swap file (bsc#1241204). - btrfs: fix swap file activation failure due to extents that used to be shared (bsc#1241204). - can: gw: fix RCU/BH usage in cgw_create_job() (git-fixes). - can: mcan: m_can_class_unregister(): fix order of unregistration calls (git-fixes). - can: mcp251xfd: fix TDC setting for low data bit rates (git-fixes). - can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls (git-fixes). - cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk (stable-fixes). - char: misc: register chrdev region with all possible minors (git-fixes). - cifs: Fix integer overflow while processing actimeo mount option (git-fixes). - counter: fix privdata alignment (git-fixes). - counter: microchip-tcb-capture: Fix undefined counter channel state on probe (git-fixes). - counter: stm32-lptimer-cnt: fix error handling when enabling (git-fixes). - cpufreq/cppc: Set the frequency used for computing the capacity (bsc#1238052). - cpufreq: Allow arch_freq_get_on_cpu to return an error (bsc#1238052). - cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (bsc#1238052). - crypto: atmel-sha204a - Set hwrng quality to lowest possible (git-fixes). - crypto: caam/qi - Fix drv_ctx refcount bug (git-fixes). - crypto: ccp - Add support for PCI device 0x1134 (stable-fixes). - cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path (git-fixes). - dm-bufio: do not schedule in atomic context (git-fixes). - dm-ebs: fix prefetch-vs-suspend race (git-fixes). - dm-integrity: set ti->error on memory allocation failure (git-fixes). - dm-verity: fix prefetch-vs-suspend race (git-fixes). - dm: add missing unlock on in dm_keyslot_evict() (git-fixes). - dm: always update the array size in realloc_argv on success (git-fixes). - dm: fix copying after src array boundaries (git-fixes). - dmaengine: dmatest: Fix dmatest waiting less when interrupted (stable-fixes). - drivers: base: devres: Allow to release group on device release (stable-fixes). - drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp (stable-fixes). - drm/amd/display: Copy AUX read reply data whenever length > 0 (git-fixes). - drm/amd/display: Fix gpu reset in multidisplay config (git-fixes). - drm/amd/display: Fix slab-use-after-free in hdcp (git-fixes). - drm/amd/display: Fix wrong handling for AUX_DEFER case (git-fixes). - drm/amd/display: Force full update in gpu reset (stable-fixes). - drm/amd/display: Remove incorrect checking in dmub aux handler (git-fixes). - drm/amd/display: Shift DMUB AUX reply command if necessary (git-fixes). - drm/amd/display: add workaround flag to link to force FFE preset (stable-fixes). - drm/amd/pm/smu11: Prevent division by zero (git-fixes). - drm/amd/pm: Prevent division by zero (git-fixes). - drm/amd: Handle being compiled without SI or CIK support better (stable-fixes). - drm/amd: Keep display off while going into S4 (stable-fixes). - drm/amdgpu/dma_buf: fix page_link check (git-fixes). - drm/amdgpu/gfx11: fix num_mec (git-fixes). - drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush (git-fixes). - drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() (stable-fixes). - drm/amdkfd: Fix mode1 reset crash issue (stable-fixes). - drm/amdkfd: Fix pqm_destroy_queue race with GPU reset (stable-fixes). - drm/amdkfd: clamp queue size to minimum (stable-fixes). - drm/amdkfd: debugfs hang_hws skip GPU with MES (stable-fixes). - drm/bridge: panel: forbid initializing a panel with unknown connector type (stable-fixes). - drm/dp_mst: Add a helper to queue a topology probe (stable-fixes). - drm/dp_mst: Factor out function to queue a topology probe work (stable-fixes). - drm/fdinfo: Protect against driver unbind (git-fixes). - drm/i915/dg2: wait for HuC load completion before running selftests (stable-fixes). - drm/i915/gvt: fix unterminated-string-initialization warning (stable-fixes). - drm/i915/huc: Fix fence not released on early probe errors (git-fixes). - drm/i915/pxp: fix undefined reference to `intel_pxp_gsccs_is_ready_for_sessions' (git-fixes). - drm/i915/xelpg: Extend driver code of Xe_LPG to Xe_LPG+ (stable-fixes). - drm/i915: Disable RPG during live selftest (git-fixes). - drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off (stable-fixes). - drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data (stable-fixes). - drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() (git-fixes). - drm/nouveau: prime: fix ttm_bo_delayed_delete oops (git-fixes). - drm/panel: simple: Update timings for AUO G101EVN010 (git-fixes). - drm/sti: remove duplicate object names (git-fixes). - drm/tests: Add helper to create mock crtc (stable-fixes). - drm/tests: Add helper to create mock plane (stable-fixes). - drm/tests: Build KMS helpers when DRM_KUNIT_TEST_HELPERS is enabled (git-fixes). - drm/tests: cmdline: Fix drm_display_mode memory leak (git-fixes). - drm/tests: helpers: Add atomic helpers (stable-fixes). - drm/tests: helpers: Add helper for drm_display_mode_from_cea_vic() (stable-fixes). - drm/tests: helpers: Create kunit helper to destroy a drm_display_mode (stable-fixes). - drm/tests: helpers: Fix compiler warning (git-fixes). - drm/tests: modes: Fix drm_display_mode memory leak (git-fixes). - drm/tests: probe-helper: Fix drm_display_mode memory leak (git-fixes). - drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS (git-fixes). - drm: allow encoder mode_set even when connectors change for crtc (stable-fixes). - drm: panel-orientation-quirks: Add new quirk for GPD Win 2 (stable-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO Slide (stable-fixes). - drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel) (stable-fixes). - drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB (stable-fixes). - drm: panel-orientation-quirks: Add support for AYANEO 2S (stable-fixes). - e1000e: change k1 configuration on MTP and later platforms (git-fixes). - Enable IMA (bsc#1240617). - eth: bnxt: fix missing ring index trim on error path (git-fixes). - ethtool: Fix context creation with no parameters (git-fixes). - ethtool: Fix set RXNFC command with symmetric RSS hash (git-fixes). - ethtool: Fix wrong mod state in case of verbose and no_mask bitset (git-fixes). - ethtool: do not propagate EOPNOTSUPP from dumps (git-fixes). - ethtool: fix setting key and resetting indir at once (git-fixes). - ethtool: netlink: Add missing ethnl_ops_begin/complete (git-fixes). - ethtool: netlink: do not return SQI value if link is down (git-fixes). - ethtool: plca: fix plca enable data type while parsing the value (git-fixes). - ethtool: rss: echo the context number back (git-fixes). - exfat: do not fallback to buffered write (git-fixes). - exfat: drop ->i_size_ondisk (git-fixes). - exfat: fix soft lockup in exfat_clear_bitmap (git-fixes). - exfat: fix the infinite loop in exfat_find_last_cluster() (git-fixes). - exfat: short-circuit zero-byte writes in exfat_file_write_iter (git-fixes). - ext4: add missing brelse() for bh2 in ext4_dx_add_entry() (bsc#1242342). - ext4: correct encrypted dentry name hash when not casefolded (bsc#1242540). - ext4: do not over-report free space or inodes in statvfs (bsc#1242345). - ext4: do not treat fhandle lookup of ea_inode as FS corruption (bsc#1242347). - ext4: fix FS_IOC_GETFSMAP handling (bsc#1240557). - ext4: goto right label 'out_mmap_sem' in ext4_setattr() (bsc#1242556). - ext4: make block validity check resistent to sb bh corruption (bsc#1242348). - ext4: partial zero eof block on unaligned inode size extension (bsc#1242336). - ext4: protect ext4_release_dquot against freezing (bsc#1242335). - ext4: replace the traditional ternary conditional operator with with max()/min() (bsc#1242536). - ext4: treat end of range as exclusive in ext4_zero_range() (bsc#1242539). - ext4: unify the type of flexbg_size to unsigned int (bsc#1242538). - fbdev: omapfb: Add 'plane' value check (stable-fixes). - firmware: arm_ffa: Skip Rx buffer ownership release if not acquired (git-fixes). - firmware: arm_scmi: Balance device refcount when destroying devices (git-fixes). - firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success (git-fixes). - fs/jfs: Prevent integer overflow in AG size calculation (git-fixes). - fs/jfs: cast inactags to s64 to prevent potential overflow (git-fixes). - fs/ntfs3: add prefix to bitmap_size() and use BITS_TO_U64() (bsc#1241250). - fs: better handle deep ancestor chains in is_subdir() (bsc#1242528). - fs: consistently deref the files table with rcu_dereference_raw() (bsc#1242535). - fs: do not allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT (bsc#1242526). - fs: support relative paths with FSCONFIG_SET_STRING (git-fixes). - gpio: tegra186: fix resource handling in ACPI probe path (git-fixes). - gpio: zynq: Fix wakeup source leaks on device unbind (stable-fixes). - gve: handle overflow when reporting TX consumed descriptors (git-fixes). - gve: set xdp redirect target only when it is available (git-fixes). - hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key (git-fixes). - hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (stable-fixes). - i2c: cros-ec-tunnel: defer probe if parent EC is not present (git-fixes). - i2c: imx-lpi2c: Fix clock count when probe defers (git-fixes). - ice: Add check for devm_kzalloc() (git-fixes). - ice: fix reservation of resources for RDMA when disabled (git-fixes). - ice: stop truncating queue ids when checking (git-fixes). - idpf: check error for register_netdev() on init (git-fixes). - idpf: fix adapter NULL pointer dereference on reboot (git-fixes). - igb: reject invalid external timestamp requests for 82580-based HW (git-fixes). - igc: add lock preventing multiple simultaneous PTM transactions (git-fixes). - igc: cleanup PTP module if probe fails (git-fixes). - igc: fix PTM cycle trigger logic (git-fixes). - igc: handle the IGC_PTP_ENABLED flag correctly (git-fixes). - igc: increase wait time before retrying PTM (git-fixes). - igc: move ktime snapshot into PTM retry loop (git-fixes). - iio: accel: adxl367: fix setting odr for activity time update (git-fixes). - iio: adc: ad7606: fix serial register access (git-fixes). - iio: adc: ad7768-1: Fix conversion result sign (git-fixes). - iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check (stable-fixes). - iio: adis16201: Correct inclinometer channel resolution (git-fixes). - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo (git-fixes). - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo (git-fixes). - iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer (git-fixes). - iommu: Fix two issues in iommu_copy_struct_from_user() (git-fixes). - ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr (git-fixes). - irqchip/davinci: Remove leftover header (git-fixes). - irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (git-fixes). - irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs (git-fixes). - isofs: fix KMSAN uninit-value bug in do_isofs_readdir() (bsc#1242307). - jbd2: add a missing data flush during file and fs synchronization (bsc#1242346). - jbd2: fix off-by-one while erasing journal (bsc#1242344). - jbd2: flush filesystem device before updating tail sequence (bsc#1242333). - jbd2: increase IO priority for writing revoke records (bsc#1242332). - jbd2: increase the journal IO's priority (bsc#1242537). - jbd2: remove wrong sb->s_sequence check (bsc#1242343). - jfs: Fix uninit-value access of imap allocated in the diMount() function (git-fixes). - jfs: Prevent copying of nlink with value 0 from disk inode (git-fixes). - jfs: add sanity check for agwidth in dbMount (git-fixes). - kABI fix for sctp: detect and prevent references to a freed transport in sendmsg (git-fixes). - kABI workaround for powercap update (bsc#1241010). - ktest: Fix Test Failures Due to Missing LOG_FILE Directories (stable-fixes). - kunit: qemu_configs: SH: Respect kunit cmdline (git-fixes). - lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (git-fixes). - libperf cpumap: Be tolerant of newline at the end of a cpumask (bsc#1234698 jsc#PED-12309). - libperf cpumap: Ensure empty cpumap is NULL from alloc (bsc#1234698 jsc#PED-12309). - libperf cpumap: Grow array of read CPUs in smaller increments (bsc#1234698 jsc#PED-12309). - libperf cpumap: Hide/reduce scope of MAX_NR_CPUS (bsc#1234698 jsc#PED-12309). - libperf cpumap: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__default_new() to perf_cpu_map__new_online_cpus() and prefer sysfs (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__dummy_new() to perf_cpu_map__new_any_cpu() (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__empty() to perf_cpu_map__has_any_cpu_or_is_empty() (bsc#1234698 jsc#PED-12309). - loop: LOOP_SET_FD: send uevents for partitions (git-fixes). - loop: properly send KOBJ_CHANGED uevent for disk device (git-fixes). - loop: stop using vfs_iter_{read,write} for buffered I/O (git-fixes). - md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb (bsc#1238212). - media: uvcvideo: Add quirk for Actions UVC05 (stable-fixes). - mei: me: add panther lake H DID (stable-fixes). - misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration (git-fixes). - misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack (git-fixes). - mm/readahead: fix large folio support in async readahead (bsc#1242321). - mm: fix error handling in __filemap_get_folio() with FGP_NOWAIT (bsc#1242326). - mm: fix filemap_get_folios_contig returning batches of identical folios (bsc#1242327). - mm: fix oops when filemap_map_pmd() without prealloc_pte (bsc#1242546). - mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves (stable-fixes). - mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe (git-fixes). - mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (stable-fixes). - mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN (git-fixes). - mptcp: refine opt_mp_capable determination (git-fixes). - mptcp: relax check on MPC passive fallback (git-fixes). - mptcp: strict validation before using mp_opt->hmac (git-fixes). - mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req() (git-fixes). - mtd: inftlcore: Add error check for inftl_read_oob() (git-fixes). - mtd: rawnand: Add status chack in r852_ready() (git-fixes). - net/mlx5: Fill out devlink dev info only for PFs (git-fixes). - net/mlx5: IRQ, Fix null string in debug print (git-fixes). - net/mlx5: Lag, Check shared fdb before creating MultiPort E-Switch (git-fixes). - net/mlx5: Start health poll after enable hca (git-fixes). - net/mlx5e: Fix ethtool -N flow-type ip4 to RSS context (git-fixes). - net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices (git-fixes). - net/mlx5e: SHAMPO, Make reserved size independent of page size (git-fixes). - net/tcp: refactor tcp_inet6_sk() (git-fixes). - net: annotate data-races around sk->sk_dst_pending_confirm (git-fixes). - net: annotate data-races around sk->sk_tx_queue_mapping (git-fixes). - net: blackhole_dev: fix build warning for ethh set but not used (git-fixes). - net: ethtool: Do not call .cleanup_data when prepare_data fails (git-fixes). - net: ethtool: Fix RSS setting (git-fixes). - net: ipv6: fix UDPv6 GSO segmentation with NAT (git-fixes). - net: mana: Switch to page pool for jumbo frames (git-fixes). - net: mark racy access on sk->sk_rcvbuf (git-fixes). - net: phy: leds: fix memory leak (git-fixes). - net: phy: microchip: force IRQ polling mode for lan88xx (git-fixes). - net: sctp: fix skb leak in sctp_inq_free() (git-fixes). - net: set SOCK_RCU_FREE before inserting socket into hashtable (git-fixes). - net: usb: asix_devices: add FiberGecko DeviceID (stable-fixes). - net: usb: qmi_wwan: add Telit Cinterion FE990B composition (stable-fixes). - net: usb: qmi_wwan: add Telit Cinterion FN990B composition (stable-fixes). - net_sched: drr: Fix double list add in class with netem as child qdisc (git-fixes). - net_sched: ets: Fix double list add in class with netem as child qdisc (git-fixes). - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (git-fixes). - net_sched: qfq: Fix double list add in class with netem as child qdisc (git-fixes). - netpoll: Use rcu_access_pointer() in netpoll_poll_lock (git-fixes). - nfs: add missing selections of CONFIG_CRC32 (git-fixes). - nfs: clear SB_RDONLY before getting superblock (bsc#1238565). - nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565). - nfsd: decrease sc_count directly if fail to queue dl_recall (git-fixes). - nfsd: put dl_stid if fail to queue dl_recall (git-fixes). - ntb: Force physically contiguous allocation of rx ring buffers (git-fixes). - ntb: intel: Fix using link status DB's (git-fixes). - ntb: reduce stack usage in idt_scan_mws (stable-fixes). - ntb: use 64-bit arithmetic for the MSI doorbell mask (git-fixes). - ntb_hw_amd: Add NTB PCI ID for new gen CPU (stable-fixes). - ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (git-fixes). - ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (git-fixes). - ntb_perf: Fix printk format (git-fixes). - nvme-pci: clean up CMBMSC when registering CMB fails (git-fixes). - nvme-pci: fix stuck reset on concurrent DPC and HP (git-fixes). - nvme-pci: skip CMB blocks incompatible with PCI P2P DMA (git-fixes). - nvme-pci: skip nvme_write_sq_db on empty rqlist (git-fixes). - nvme-tcp: fix possible UAF in nvme_tcp_poll (git-fixes). - nvme/ioctl: do not warn on vectorized uring_cmd with fixed buffer (git-fixes). - nvmet-fcloop: swap list_add_tail arguments (git-fixes). - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (git-fixes). - objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() (git-fixes). - objtool: Fix segfault in ignore_unreachable_insn() (git-fixes). - perf cpumap: Reduce transitive dependencies on libperf MAX_NR_CPUS (bsc#1234698 jsc#PED-12309). - perf pmu: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309). - perf tools: annotate asm_pure_loop.S (bsc#1239906). - perf: Increase MAX_NR_CPUS to 4096 (bsc#1234698 jsc#PED-12309). - perf: arm_cspmu: nvidia: enable NVLINK-C2C port filtering (bsc#1242172). - perf: arm_cspmu: nvidia: fix sysfs path in the kernel doc (bsc#1242172). - perf: arm_cspmu: nvidia: monitor all ports by default (bsc#1242172). - perf: arm_cspmu: nvidia: remove unsupported SCF events (bsc#1242172). - phy: freescale: imx8m-pcie: assert phy reset and perst in power off (git-fixes). - pinctrl: renesas: rza2: Fix potential NULL pointer dereference (stable-fixes). - platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) (git-fixes). - platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles (stable-fixes). - platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug (git-fixes). - platform/x86/intel/vsec: Add Diamond Rapids support (stable-fixes). - platform/x86: ISST: Correct command storage data length (git-fixes). - platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection (git-fixes). - platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet (stable-fixes). - pm: cpupower: bench: Prevent NULL dereference on malloc failure (stable-fixes). - powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request() (git-fixes). - powercap: intel_rapl: Introduce APIs for PMU support (bsc#1241010). - powercap: intel_rapl_tpmi: Enable PMU support (bsc#1241010). - powercap: intel_rapl_tpmi: Fix System Domain probing (git-fixes). - powercap: intel_rapl_tpmi: Fix bogus register reading (git-fixes). - powercap: intel_rapl_tpmi: Ignore minor version change (git-fixes). - powerpc/boot: Check for ld-option support (bsc#1215199). - powerpc/boot: Fix dash warning (bsc#1215199). - powerpc: Do not use --- in kernel logs (git-fixes). - pwm: fsl-ftm: Handle clk_get_rate() returning 0 (git-fixes). - pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() (git-fixes). - pwm: rcar: Improve register calculation (git-fixes). - rtc: pcf85063: do a SW reset if POR failed (stable-fixes). - rtnetlink: Allocate vfinfo size for VF GUIDs when supported (bsc#1224013). - s390/cio: Fix CHPID 'configure' attribute caching (git-fixes bsc#1240979). - s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (git-fixes bsc#1240978). - sched/topology: Add a new arch_scale_freq_ref() method (bsc#1238052) - scsi: core: Use GFP_NOIO to avoid circular locking dependency (git-fixes). - scsi: hisi_sas: Enable force phy when SATA disk directly connected (git-fixes). - scsi: iscsi: Fix missing scsi_host_put() in error path (git-fixes). - scsi: lpfc: Restore clearing of NLP_UNREG_INP in ndlp->nlp_flag (git-fixes). - scsi: mpi3mr: Fix locking in an error path (git-fixes). - scsi: mpt3sas: Fix a locking bug in an error path (git-fixes). - scsi: mpt3sas: Reduce log level of ignore_delay_remove message to KERN_INFO (git-fixes). - scsi: scsi_debug: Remove a reference to in_use_bm (git-fixes). - sctp: Fix undefined behavior in left shift operation (git-fixes). - sctp: add mutual exclusion in proc_sctp_do_udp_port() (git-fixes). - sctp: detect and prevent references to a freed transport in sendmsg (git-fixes). - sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start (git-fixes). - sctp: fix association labeling in the duplicate COOKIE-ECHO case (git-fixes). - sctp: fix busy polling (git-fixes). - sctp: prefer struct_size over open coded arithmetic (git-fixes). - sctp: support MSG_ERRQUEUE flag in recvmsg() (git-fixes). - security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375). - selftests/bpf: Add a few tests to cover (git-fixes). - selftests/bpf: Add test for narrow ctx load for pointer args (git-fixes). - selftests/bpf: extend changes_pkt_data with cases w/o subprograms (bsc#1241590). - selftests/bpf: freplace tests for tracking of changes_packet_data (bsc#1241590). - selftests/bpf: test for changing packet data from global functions (bsc#1241590). - selftests/bpf: validate that tail call invalidates packet pointers (bsc#1241590). - selftests/futex: futex_waitv wouldblock test should fail (git-fixes). - selftests/mm: generate a temporary mountpoint for cgroup filesystem (git-fixes). - selinux: Implement mptcp_add_subflow hook (bsc#1240375). - serial: 8250_dma: terminate correct DMA in tx_dma_flush() (git-fixes). - serial: msm: Configure correct working mode before starting earlycon (git-fixes). - serial: sifive: lock port in startup()/shutdown() callbacks (git-fixes). - smb: client: fix folio leaks and perf improvements (bsc#1239997, bsc1241265). - smb: client: fix open_cached_dir retries with 'hard' mount option (bsc#1240616). - sound/virtio: Fix cancel_sync warnings on uninitialized work_structs (stable-fixes). - spi: tegra114: Do not fail set_cs_timing when delays are zero (git-fixes). - spi: tegra210-quad: add rate limiting and simplify timeout error message (stable-fixes). - spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts (stable-fixes). - splice: remove duplicate noinline from pipe_clear_nowait (bsc#1242328). - staging: axis-fifo: Correct handling of tx_fifo_depth for size validation (git-fixes). - staging: axis-fifo: Remove hardware resets for user errors (git-fixes). - staging: iio: adc: ad7816: Correct conditional logic for store mode (git-fixes). - staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES (git-fixes). - string: Add load_unaligned_zeropad() code path to sized_strscpy() (git-fixes). - tcp: fix mptcp DSS corruption due to large pmtu xmit (git-fixes). - thunderbolt: Scan retimers after device router has been enumerated (stable-fixes). - tools/hv: update route parsing in kvp daemon (git-fixes). - tools/power turbostat: Increase CPU_SUBSET_MAXCPUS to 8192 (bsc#1241175). - tools/power turbostat: report CoreThr per measurement interval (git-fixes). - topology: Set capacity_freq_ref in all cases (bsc#1238052) - tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870). - tpm: tis: Double the timeout B to 4s (bsc#1235870). - tpm_tis: Move CRC check to generic send routine (bsc#1235870). - tpm_tis: Use responseRetry to recover from data transfer errors (bsc#1235870). - tty: n_tty: use uint for space returned by tty_write_room() (git-fixes). - tty: serial: 8250: Add Brainboxes XC devices (stable-fixes). - tty: serial: 8250: Add some more device IDs (stable-fixes). - tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (git-fixes). - tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register (git-fixes). - ublk: set_params: properly check if parameters can be applied (git-fixes). - ucsi_ccg: Do not show failed to get FW build information error (git-fixes). - udf: Fix inode_getblk() return value (bsc#1242313). - udf: Skip parent dir link count update if corrupted (bsc#1242315). - udf: Verify inode link counts before performing rename (bsc#1242314). - usb: cdns3: Fix deadlock when using NCM gadget (git-fixes). - usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version (git-fixes). - usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines (git-fixes). - usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling (git-fixes). - usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes). - usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield (stable-fixes). - usb: dwc3: gadget: Refactor loop to avoid NULL endpoints (stable-fixes). - usb: dwc3: gadget: check that event count does not exceed event buffer length (git-fixes). - usb: dwc3: xilinx: Prevent spike in reset signal (git-fixes). - usb: gadget: Use get_status callback to set remote wakeup capability (git-fixes). - usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() (stable-fixes). - usb: gadget: f_ecm: Add get_status callback (git-fixes). - usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN (git-fixes). - usb: host: max3421-hcd: Add missing spi_device_id table (stable-fixes). - usb: host: tegra: Prevent host controller crash when OTG port is used (git-fixes). - usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func (stable-fixes). - usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive (stable-fixes). - usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive (stable-fixes). - usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition (git-fixes). - usb: typec: ucsi: displayport: Fix NULL pointer access (git-fixes). - usb: uhci-platform: Make the clock really optional (git-fixes). - usb: usbtmc: Fix erroneous generic_read ioctl return (git-fixes). - usb: usbtmc: Fix erroneous get_stb ioctl error returns (git-fixes). - usb: usbtmc: Fix erroneous wait_srq ioctl return (git-fixes). - usb: xhci: correct debug message page size calculation (git-fixes). - usbnet:fix NPE during rx_complete (git-fixes). - vdpa/mlx5: Fix oversized null mkey longer than 32bit (git-fixes). - vfs: do not mod negative dentry count when on shrinker list (bsc#1242534). - virtchnl: make proto and filter action count unsigned (git-fixes). - vmxnet3: Fix tx queue race condition with XDP (bsc#1241394). - vmxnet3: unregister xdp rxq info in the reset path (bsc#1241394). - wifi: at76c50x: fix use after free access in at76_disconnect (git-fixes). - wifi: ath11k: fix memory leak in ath11k_xxx_remove() (git-fixes). - wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi (stable-fixes). - wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process (stable-fixes). - wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() (git-fixes). - wifi: brcmfmac: keep power during suspend if board requires it (stable-fixes). - wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation (git-fixes). - wifi: iwlwifi: fw: allocate chained SG tables for dump (stable-fixes). - wifi: iwlwifi: mvm: use the right version of the rate API (stable-fixes). - wifi: mac80211: Purge vif txq in ieee80211_do_stop() (git-fixes). - wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() (git-fixes). - wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state (stable-fixes). - wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table (stable-fixes). - wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release (git-fixes). - wifi: wl1251: fix memory leak in wl1251_tx_work (git-fixes). - x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778). - x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778). - x86/bpf: Call branch history clearing sequence on exit (bsc#1242778). - x86/bugs: Add RSB mitigation document (git-fixes). - x86/bugs: Do not fill RSB on VMEXIT with eIBRS+retpoline (git-fixes). - x86/bugs: Do not fill RSB on context switch with eIBRS (git-fixes). - x86/bugs: Fix RSB clearing in indirect_branch_prediction_barrier() (git-fixes). - x86/bugs: Rename entry_ibpb() to write_ibpb() (git-fixes). - x86/bugs: Use SBPB in write_ibpb() if applicable (git-fixes). - x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment (git-fixes). - x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (git-fixes). - x86/hyperv: Fix check of return value from snp_set_vmsa() (git-fixes). - x86/microcode/AMD: Fix a -Wsometimes-uninitialized clang false positive (git-fixes). - x86/microcode/AMD: Flush patch buffer mapping after application (git-fixes). - x86/microcode/AMD: Pay attention to the stepping dynamically (git-fixes). - x86/microcode/AMD: Split load_microcode_amd() (git-fixes). - x86/microcode/AMD: Use the family,model,stepping encoded in the patch ID (git-fixes). - x86/microcode/intel: Set new revision only after a successful update (git-fixes). - x86/microcode: Remove the driver announcement and version (git-fixes). - x86/microcode: Rework early revisions reporting (git-fixes). - x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT (git-fixes). - x86/tdx: Emit warning if IRQs are enabled during HLT #VE handling (git-fixes). - x86/tdx: Fix arch_safe_halt() execution for TDX VMs (git-fixes). - x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs (git-fixes). - xfs: flush inodegc before swapon (git-fixes). - xhci: Clean up stale comment on ERST_SIZE macro (stable-fixes). - xhci: Fix null pointer dereference during S4 resume when resetting ep0 (bsc#1235550). - xhci: Reconfigure endpoint 0 max packet size only during endpoint reset (bsc#1235550). - xhci: fix possible null pointer deref during xhci urb enqueue (bsc#1235550). - zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING (bsc#1241167). Important SUSE bug 1215199 SUSE bug 1223809 SUSE bug 1224013 SUSE bug 1224597 SUSE bug 1224757 SUSE bug 1228659 SUSE bug 1230764 SUSE bug 1231103 SUSE bug 1231910 SUSE bug 1232493 SUSE bug 1233075 SUSE bug 1233098 SUSE bug 1234074 SUSE bug 1234157 SUSE bug 1234698 SUSE bug 1235501 SUSE bug 1235526 SUSE bug 1235550 SUSE bug 1235870 SUSE bug 1236086 SUSE bug 1236704 SUSE bug 1237111 SUSE bug 1237874 SUSE bug 1237882 SUSE bug 1238052 SUSE bug 1238212 SUSE bug 1238471 SUSE bug 1238527 SUSE bug 1238565 SUSE bug 1238714 SUSE bug 1238737 SUSE bug 1238742 SUSE bug 1238745 SUSE bug 1238746 SUSE bug 1238862 SUSE bug 1238961 SUSE bug 1238970 SUSE bug 1238983 SUSE bug 1238990 SUSE bug 1239066 SUSE bug 1239079 SUSE bug 1239108 SUSE bug 1239470 SUSE bug 1239475 SUSE bug 1239476 SUSE bug 1239487 SUSE bug 1239510 SUSE bug 1239684 SUSE bug 1239906 SUSE bug 1239925 SUSE bug 1239997 SUSE bug 1240167 SUSE bug 1240168 SUSE bug 1240171 SUSE bug 1240176 SUSE bug 1240181 SUSE bug 1240184 SUSE bug 1240185 SUSE bug 1240375 SUSE bug 1240557 SUSE bug 1240575 SUSE bug 1240576 SUSE bug 1240581 SUSE bug 1240582 SUSE bug 1240583 SUSE bug 1240584 SUSE bug 1240585 SUSE bug 1240587 SUSE bug 1240590 SUSE bug 1240591 SUSE bug 1240592 SUSE bug 1240594 SUSE bug 1240595 SUSE bug 1240596 SUSE bug 1240600 SUSE bug 1240612 SUSE bug 1240616 SUSE bug 1240617 SUSE bug 1240639 SUSE bug 1240643 SUSE bug 1240647 SUSE bug 1240655 SUSE bug 1240691 SUSE bug 1240700 SUSE bug 1240701 SUSE bug 1240703 SUSE bug 1240708 SUSE bug 1240709 SUSE bug 1240712 SUSE bug 1240713 SUSE bug 1240714 SUSE bug 1240715 SUSE bug 1240716 SUSE bug 1240717 SUSE bug 1240718 SUSE bug 1240719 SUSE bug 1240720 SUSE bug 1240722 SUSE bug 1240727 SUSE bug 1240739 SUSE bug 1240740 SUSE bug 1240742 SUSE bug 1240779 SUSE bug 1240783 SUSE bug 1240784 SUSE bug 1240785 SUSE bug 1240795 SUSE bug 1240796 SUSE bug 1240797 SUSE bug 1240799 SUSE bug 1240801 SUSE bug 1240802 SUSE bug 1240806 SUSE bug 1240808 SUSE bug 1240809 SUSE bug 1240811 SUSE bug 1240812 SUSE bug 1240813 SUSE bug 1240815 SUSE bug 1240816 SUSE bug 1240819 SUSE bug 1240821 SUSE bug 1240825 SUSE bug 1240829 SUSE bug 1240835 SUSE bug 1240873 SUSE bug 1240934 SUSE bug 1240936 SUSE bug 1240937 SUSE bug 1240938 SUSE bug 1240940 SUSE bug 1240942 SUSE bug 1240943 SUSE bug 1240944 SUSE bug 1240978 SUSE bug 1240979 SUSE bug 1241010 SUSE bug 1241038 SUSE bug 1241051 SUSE bug 1241123 SUSE bug 1241151 SUSE bug 1241167 SUSE bug 1241175 SUSE bug 1241204 SUSE bug 1241250 SUSE bug 1241265 SUSE bug 1241266 SUSE bug 1241280 SUSE bug 1241332 SUSE bug 1241333 SUSE bug 1241341 SUSE bug 1241343 SUSE bug 1241344 SUSE bug 1241347 SUSE bug 1241357 SUSE bug 1241361 SUSE bug 1241369 SUSE bug 1241371 SUSE bug 1241373 SUSE bug 1241378 SUSE bug 1241394 SUSE bug 1241402 SUSE bug 1241412 SUSE bug 1241413 SUSE bug 1241416 SUSE bug 1241424 SUSE bug 1241426 SUSE bug 1241433 SUSE bug 1241436 SUSE bug 1241441 SUSE bug 1241442 SUSE bug 1241443 SUSE bug 1241451 SUSE bug 1241452 SUSE bug 1241456 SUSE bug 1241458 SUSE bug 1241459 SUSE bug 1241526 SUSE bug 1241528 SUSE bug 1241537 SUSE bug 1241541 SUSE bug 1241545 SUSE bug 1241547 SUSE bug 1241548 SUSE bug 1241550 SUSE bug 1241573 SUSE bug 1241574 SUSE bug 1241575 SUSE bug 1241578 SUSE bug 1241590 SUSE bug 1241593 SUSE bug 1241598 SUSE bug 1241599 SUSE bug 1241601 SUSE bug 1241626 SUSE bug 1241640 SUSE bug 1241648 SUSE bug 1242006 SUSE bug 1242044 SUSE bug 1242172 SUSE bug 1242283 SUSE bug 1242307 SUSE bug 1242313 SUSE bug 1242314 SUSE bug 1242315 SUSE bug 1242321 SUSE bug 1242326 SUSE bug 1242327 SUSE bug 1242328 SUSE bug 1242332 SUSE bug 1242333 SUSE bug 1242335 SUSE bug 1242336 SUSE bug 1242342 SUSE bug 1242343 SUSE bug 1242344 SUSE bug 1242345 SUSE bug 1242346 SUSE bug 1242347 SUSE bug 1242348 SUSE bug 1242414 SUSE bug 1242526 SUSE bug 1242528 SUSE bug 1242534 SUSE bug 1242535 SUSE bug 1242536 SUSE bug 1242537 SUSE bug 1242538 SUSE bug 1242539 SUSE bug 1242540 SUSE bug 1242546 SUSE bug 1242556 SUSE bug 1242596 SUSE bug 1242710 SUSE bug 1242778 SUSE bug 1242831 SUSE bug 1242985 CVE-2023-53034 at SUSE CVE-2023-53034 at NVD CVE-2024-27018 at SUSE CVE-2024-27018 at NVD CVE-2024-27415 at SUSE CVE-2024-27415 at NVD CVE-2024-28956 at SUSE CVE-2024-28956 at NVD CVE-2024-35840 at SUSE CVE-2024-35840 at NVD CVE-2024-46763 at SUSE CVE-2024-46763 at NVD CVE-2024-46865 at SUSE CVE-2024-46865 at NVD CVE-2024-50038 at SUSE CVE-2024-50038 at NVD CVE-2024-50083 at SUSE CVE-2024-50083 at NVD CVE-2024-50162 at SUSE CVE-2024-50162 at NVD CVE-2024-50163 at SUSE CVE-2024-50163 at NVD CVE-2024-53124 at SUSE CVE-2024-53124 at NVD CVE-2024-53139 at SUSE CVE-2024-53139 at NVD CVE-2024-56641 at SUSE CVE-2024-56641 at NVD CVE-2024-56702 at SUSE CVE-2024-56702 at NVD CVE-2024-57924 at SUSE CVE-2024-57924 at NVD CVE-2024-57998 at SUSE CVE-2024-57998 at NVD CVE-2024-58001 at SUSE CVE-2024-58001 at NVD CVE-2024-58018 at SUSE CVE-2024-58018 at NVD CVE-2024-58068 at SUSE CVE-2024-58068 at NVD CVE-2024-58070 at SUSE CVE-2024-58070 at NVD CVE-2024-58071 at SUSE CVE-2024-58071 at NVD CVE-2024-58088 at SUSE CVE-2024-58088 at NVD CVE-2024-58093 at SUSE CVE-2024-58093 at NVD CVE-2024-58094 at SUSE CVE-2024-58094 at NVD CVE-2024-58095 at SUSE CVE-2024-58095 at NVD CVE-2024-58096 at SUSE CVE-2024-58096 at NVD CVE-2024-58097 at SUSE CVE-2024-58097 at NVD CVE-2025-21683 at SUSE CVE-2025-21683 at NVD CVE-2025-21696 at SUSE CVE-2025-21696 at NVD CVE-2025-21707 at SUSE CVE-2025-21707 at NVD CVE-2025-21729 at SUSE CVE-2025-21729 at NVD CVE-2025-21755 at SUSE CVE-2025-21755 at NVD CVE-2025-21758 at SUSE CVE-2025-21758 at NVD CVE-2025-21768 at SUSE CVE-2025-21768 at NVD CVE-2025-21792 at SUSE CVE-2025-21792 at NVD CVE-2025-21806 at SUSE CVE-2025-21806 at NVD CVE-2025-21808 at SUSE CVE-2025-21808 at NVD CVE-2025-21812 at SUSE CVE-2025-21812 at NVD CVE-2025-21833 at SUSE CVE-2025-21833 at NVD CVE-2025-21836 at SUSE CVE-2025-21836 at NVD CVE-2025-21852 at SUSE CVE-2025-21852 at NVD CVE-2025-21853 at SUSE CVE-2025-21853 at NVD CVE-2025-21854 at SUSE CVE-2025-21854 at NVD CVE-2025-21863 at SUSE CVE-2025-21863 at NVD CVE-2025-21867 at SUSE CVE-2025-21867 at NVD CVE-2025-21873 at SUSE CVE-2025-21873 at NVD CVE-2025-21875 at SUSE CVE-2025-21875 at NVD CVE-2025-21881 at SUSE CVE-2025-21881 at NVD CVE-2025-21884 at SUSE CVE-2025-21884 at NVD CVE-2025-21887 at SUSE CVE-2025-21887 at NVD CVE-2025-21889 at SUSE CVE-2025-21889 at NVD CVE-2025-21894 at SUSE CVE-2025-21894 at NVD CVE-2025-21895 at SUSE CVE-2025-21895 at NVD CVE-2025-21904 at SUSE CVE-2025-21904 at NVD CVE-2025-21905 at SUSE CVE-2025-21905 at NVD CVE-2025-21906 at SUSE CVE-2025-21906 at NVD CVE-2025-21908 at SUSE CVE-2025-21908 at NVD CVE-2025-21909 at SUSE CVE-2025-21909 at NVD CVE-2025-21910 at SUSE CVE-2025-21910 at NVD CVE-2025-21912 at SUSE CVE-2025-21912 at NVD CVE-2025-21913 at SUSE CVE-2025-21913 at NVD CVE-2025-21914 at SUSE CVE-2025-21914 at NVD CVE-2025-21915 at SUSE CVE-2025-21915 at NVD CVE-2025-21916 at SUSE CVE-2025-21916 at NVD CVE-2025-21917 at SUSE CVE-2025-21917 at NVD CVE-2025-21918 at SUSE CVE-2025-21918 at NVD CVE-2025-21922 at SUSE CVE-2025-21922 at NVD CVE-2025-21923 at SUSE CVE-2025-21923 at NVD CVE-2025-21924 at SUSE CVE-2025-21924 at NVD CVE-2025-21925 at SUSE CVE-2025-21925 at NVD CVE-2025-21926 at SUSE CVE-2025-21926 at NVD CVE-2025-21927 at SUSE CVE-2025-21927 at NVD CVE-2025-21928 at SUSE CVE-2025-21928 at NVD CVE-2025-21930 at SUSE CVE-2025-21930 at NVD CVE-2025-21931 at SUSE CVE-2025-21931 at NVD CVE-2025-21934 at SUSE CVE-2025-21934 at NVD CVE-2025-21935 at SUSE CVE-2025-21935 at NVD CVE-2025-21936 at SUSE CVE-2025-21936 at NVD CVE-2025-21937 at SUSE CVE-2025-21937 at NVD CVE-2025-21941 at SUSE CVE-2025-21941 at NVD CVE-2025-21943 at SUSE CVE-2025-21943 at NVD CVE-2025-21948 at SUSE CVE-2025-21948 at NVD CVE-2025-21950 at SUSE CVE-2025-21950 at NVD CVE-2025-21951 at SUSE CVE-2025-21951 at NVD CVE-2025-21953 at SUSE CVE-2025-21953 at NVD CVE-2025-21956 at SUSE CVE-2025-21956 at NVD CVE-2025-21957 at SUSE CVE-2025-21957 at NVD CVE-2025-21960 at SUSE CVE-2025-21960 at NVD CVE-2025-21961 at SUSE CVE-2025-21961 at NVD CVE-2025-21962 at SUSE CVE-2025-21962 at NVD CVE-2025-21963 at SUSE CVE-2025-21963 at NVD CVE-2025-21964 at SUSE CVE-2025-21964 at NVD CVE-2025-21966 at SUSE CVE-2025-21966 at NVD CVE-2025-21968 at SUSE CVE-2025-21968 at NVD CVE-2025-21969 at SUSE CVE-2025-21969 at NVD CVE-2025-21970 at SUSE CVE-2025-21970 at NVD CVE-2025-21971 at SUSE CVE-2025-21971 at NVD CVE-2025-21972 at SUSE CVE-2025-21972 at NVD CVE-2025-21975 at SUSE CVE-2025-21975 at NVD CVE-2025-21978 at SUSE CVE-2025-21978 at NVD CVE-2025-21979 at SUSE CVE-2025-21979 at NVD CVE-2025-21980 at SUSE CVE-2025-21980 at NVD CVE-2025-21981 at SUSE CVE-2025-21981 at NVD CVE-2025-21985 at SUSE CVE-2025-21985 at NVD CVE-2025-21991 at SUSE CVE-2025-21991 at NVD CVE-2025-21992 at SUSE CVE-2025-21992 at NVD CVE-2025-21993 at SUSE CVE-2025-21993 at NVD CVE-2025-21995 at SUSE CVE-2025-21995 at NVD CVE-2025-21996 at SUSE CVE-2025-21996 at NVD CVE-2025-21999 at SUSE CVE-2025-21999 at NVD CVE-2025-22001 at SUSE CVE-2025-22001 at NVD CVE-2025-22003 at SUSE CVE-2025-22003 at NVD CVE-2025-22004 at SUSE CVE-2025-22004 at NVD CVE-2025-22007 at SUSE CVE-2025-22007 at NVD CVE-2025-22008 at SUSE CVE-2025-22008 at NVD CVE-2025-22009 at SUSE CVE-2025-22009 at NVD CVE-2025-22010 at SUSE CVE-2025-22010 at NVD CVE-2025-22013 at SUSE CVE-2025-22013 at NVD CVE-2025-22014 at SUSE CVE-2025-22014 at NVD CVE-2025-22015 at SUSE CVE-2025-22015 at NVD CVE-2025-22016 at SUSE CVE-2025-22016 at NVD CVE-2025-22017 at SUSE CVE-2025-22017 at NVD CVE-2025-22018 at SUSE CVE-2025-22018 at NVD CVE-2025-22020 at SUSE CVE-2025-22020 at NVD CVE-2025-22025 at SUSE CVE-2025-22025 at NVD CVE-2025-22027 at SUSE CVE-2025-22027 at NVD CVE-2025-22029 at SUSE CVE-2025-22029 at NVD CVE-2025-22033 at SUSE CVE-2025-22033 at NVD CVE-2025-22036 at SUSE CVE-2025-22036 at NVD CVE-2025-22044 at SUSE CVE-2025-22044 at NVD CVE-2025-22045 at SUSE CVE-2025-22045 at NVD CVE-2025-22050 at SUSE CVE-2025-22050 at NVD CVE-2025-22053 at SUSE CVE-2025-22053 at NVD CVE-2025-22055 at SUSE CVE-2025-22055 at NVD CVE-2025-22058 at SUSE CVE-2025-22058 at NVD CVE-2025-22060 at SUSE CVE-2025-22060 at NVD CVE-2025-22062 at SUSE CVE-2025-22062 at NVD CVE-2025-22064 at SUSE CVE-2025-22064 at NVD CVE-2025-22065 at SUSE CVE-2025-22065 at NVD CVE-2025-22075 at SUSE CVE-2025-22075 at NVD CVE-2025-22080 at SUSE CVE-2025-22080 at NVD CVE-2025-22086 at SUSE CVE-2025-22086 at NVD CVE-2025-22088 at SUSE CVE-2025-22088 at NVD CVE-2025-22090 at SUSE CVE-2025-22090 at NVD CVE-2025-22093 at SUSE CVE-2025-22093 at NVD CVE-2025-22097 at SUSE CVE-2025-22097 at NVD CVE-2025-22102 at SUSE CVE-2025-22102 at NVD CVE-2025-22104 at SUSE CVE-2025-22104 at NVD CVE-2025-22105 at SUSE CVE-2025-22105 at NVD CVE-2025-22106 at SUSE CVE-2025-22106 at NVD CVE-2025-22107 at SUSE CVE-2025-22107 at NVD CVE-2025-22108 at SUSE CVE-2025-22108 at NVD CVE-2025-22109 at SUSE CVE-2025-22109 at NVD CVE-2025-22115 at SUSE CVE-2025-22115 at NVD CVE-2025-22116 at SUSE CVE-2025-22116 at NVD CVE-2025-22121 at SUSE CVE-2025-22121 at NVD CVE-2025-22128 at SUSE CVE-2025-22128 at NVD CVE-2025-2312 at SUSE CVE-2025-2312 at NVD CVE-2025-23129 at SUSE CVE-2025-23129 at NVD CVE-2025-23131 at SUSE CVE-2025-23131 at NVD CVE-2025-23133 at SUSE CVE-2025-23133 at NVD CVE-2025-23136 at SUSE CVE-2025-23136 at NVD CVE-2025-23138 at SUSE CVE-2025-23138 at NVD CVE-2025-23145 at SUSE CVE-2025-23145 at NVD CVE-2025-37785 at SUSE CVE-2025-37785 at NVD CVE-2025-37798 at SUSE CVE-2025-37798 at NVD CVE-2025-37799 at SUSE CVE-2025-37799 at NVD CVE-2025-37860 at SUSE CVE-2025-37860 at NVD CVE-2025-39728 at SUSE CVE-2025-39728 at NVD cpe:/o:opensuse:leap:15.6 Security update for python310-setuptools (Important) openSUSE Leap 15.6 This update for python310-setuptools fixes the following issues: - CVE-2025-47273: path traversal in PackageIndex.download may lead to an arbitrary file write (bsc#1243313). Important SUSE bug 1243313 CVE-2025-47273 at SUSE CVE-2025-47273 at NVD cpe:/o:opensuse:leap:15.6 Security update for mariadb (Moderate) openSUSE Leap 15.6 This update for mariadb fixes the following issues: Update to version 10.11.11. - CVE-2025-21490: vulnerability allows high privileged attacker with network access to cause hangs and frequent crashes on affected servers (bsc#1243356). Moderate SUSE bug 1243356 CVE-2025-21490 at SUSE CVE-2025-21490 at NVD cpe:/o:opensuse:leap:15.6 Security update for python39-setuptools (Important) openSUSE Leap 15.6 This update for python39-setuptools fixes the following issues: - CVE-2025-47273: path traversal in PackageIndex.download may lead to an arbitrary file write (bsc#1243313). Important SUSE bug 1243313 CVE-2025-47273 at SUSE CVE-2025-47273 at NVD cpe:/o:opensuse:leap:15.6 Security update for wxWidgets-3_2 (Low) openSUSE Leap 15.6 This update for wxWidgets-3_2 fixes the following issues: - CVE-2024-58249: Fixed crash when connection is refused in wxWebRequestCURL (bsc#1239902) Low SUSE bug 1239902 CVE-2024-58249 at SUSE CVE-2024-58249 at NVD cpe:/o:opensuse:leap:15.6 Security update for jetty-minimal (Important) openSUSE Leap 15.6 This update for jetty-minimal fixes the following issues: Upgrade to version 9.4.57.v20241219 - CVE-2024-6763: the HttpURI class does insufficient validation on the authority segment of a URI (bsc#1231652) - CVE-2024-13009: Gzip Request Body Buffer (bsc#1243271) Important SUSE bug 1231652 SUSE bug 1243271 CVE-2024-13009 at SUSE CVE-2024-13009 at NVD CVE-2024-6763 at SUSE CVE-2024-6763 at NVD cpe:/o:opensuse:leap:15.6 Security update for dnsdist (Important) openSUSE Leap 15.6 This update for dnsdist fixes the following issues: - CVE-2025-30193: stack exhaustion when processing too many queries on incoming TCP connections leads to a denial-of-service (bsc#1243378). Important SUSE bug 1243378 CVE-2025-30193 at SUSE CVE-2025-30193 at NVD cpe:/o:opensuse:leap:15.6 Security update for webkit2gtk3 (Important) openSUSE Leap 15.6 This update for webkit2gtk3 fixes the following issues: Update to version 2.48.2. Security issues fixed: - CVE-2025-31205: lack of checks may lead to cross-origin data exfiltration through a malicious website (bsc#1243282). - CVE-2025-31204: improper memory handling when processing certain web content may lead to memory corruption (bsc#1243286). - CVE-2025-31206: type confusion issue when processing certain web content may lead to an unexpected crash (bsc#1243288). - CVE-2025-31215: lack of checks when processing certain web content may lead to an unexpected crash (bsc#1243289). - CVE-2025-31257: improper memory handling when processing certain web content may lead to an unexpected crash (bsc#1243596). - CVE-2025-24223: improper memory handling when processing certain web content may lead to memory corruption (bsc#1243424). Other changes and issues fixed: - Enable CSS overscroll behavior by default. - Change threaded rendering implementation to use Skia API instead of WebCore display list that is not thread safe. - Fix rendering when device scale factor change comes before the web view geometry update. - Fix network process crash on exit. - Fix the build with ENABLE_RESOURCE_USAGE=OFF. - Fix several crashes and rendering issues. Important SUSE bug 1222905 SUSE bug 1241158 SUSE bug 1241160 SUSE bug 1243282 SUSE bug 1243286 SUSE bug 1243288 SUSE bug 1243289 SUSE bug 1243424 SUSE bug 1243596 CVE-2023-42875 at SUSE CVE-2023-42875 at NVD CVE-2023-42970 at SUSE CVE-2023-42970 at NVD CVE-2024-23226 at SUSE CVE-2024-23226 at NVD CVE-2025-24223 at SUSE CVE-2025-24223 at NVD CVE-2025-31204 at SUSE CVE-2025-31204 at NVD CVE-2025-31205 at SUSE CVE-2025-31205 at NVD CVE-2025-31206 at SUSE CVE-2025-31206 at NVD CVE-2025-31215 at SUSE CVE-2025-31215 at NVD CVE-2025-31257 at SUSE CVE-2025-31257 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql15 (Moderate) openSUSE Leap 15.6 This update for postgresql15 fixes the following issues: Upgrade to 15.13: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation (bsc#1242931) Changelog: https://www.postgresql.org/docs/release/15.13/ Moderate SUSE bug 1242931 CVE-2025-4207 at SUSE CVE-2025-4207 at NVD cpe:/o:opensuse:leap:15.6 Security update for slurm_22_05 (Important) openSUSE Leap 15.6 This update for slurm_22_05 fixes the following issues: - CVE-2025-43904: an issue with permission handling for Coordinators within the accounting system allowed Coordinators to promote a user to Administrator (bsc#1243666). Important SUSE bug 1243666 CVE-2025-43904 at SUSE CVE-2025-43904 at NVD cpe:/o:opensuse:leap:15.6 Security update for slurm_23_02 (Important) openSUSE Leap 15.6 This update for slurm_23_02 fixes the following issues: - CVE-2025-43904: an issue with permission handling for Coordinators within the accounting system allowed Coordinators to promote a user to Administrator (bsc#1243666). Important SUSE bug 1243666 CVE-2025-43904 at SUSE CVE-2025-43904 at NVD cpe:/o:opensuse:leap:15.6 Security update for slurm (Important) openSUSE Leap 15.6 This update for slurm fixes the following issues: - CVE-2025-43904: an issue with permission handling for Coordinators within the accounting system allowed Coordinators to promote a user to Administrator (bsc#1243666). Important SUSE bug 1243666 CVE-2025-43904 at SUSE CVE-2025-43904 at NVD cpe:/o:opensuse:leap:15.6 Security update for slurm_24_11 (Important) openSUSE Leap 15.6 This update for slurm_24_11 fixes the following issues: Update to version 24.11.5. Security issues fixed: - CVE-2025-43904: an issue with permission handling for Coordinators within the accounting system allowed Coordinators to promote a user to Administrator (bsc#1243666). Other changes and issues fixed: - Changes from version 24.11.5 * Return error to `scontrol` reboot on bad nodelists. * `slurmrestd` - Report an error when QOS resolution fails for v0.0.40 endpoints. * `slurmrestd` - Report an error when QOS resolution fails for v0.0.41 endpoints. * `slurmrestd` - Report an error when QOS resolution fails for v0.0.42 endpoints. * `data_parser/v0.0.42` - Added `+inline_enums` flag which modifies the output when generating OpenAPI specification. It causes enum arrays to not be defined in their own schema with references (`$ref`) to them. Instead they will be dumped inline. * Fix binding error with `tres-bind map/mask` on partial node allocations. * Fix `stepmgr` enabled steps being able to request features. * Reject step creation if requested feature is not available in job. * `slurmd` - Restrict listening for new incoming RPC requests further into startup. * `slurmd` - Avoid `auth/slurm` related hangs of CLI commands during startup and shutdown. * `slurmctld` - Restrict processing new incoming RPC requests further into startup. Stop processing requests sooner during shutdown. * `slurmcltd` - Avoid auth/slurm related hangs of CLI commands during startup and shutdown. * `slurmctld` - Avoid race condition during shutdown or ereconfigure that could result in a crash due delayed processing of a connection while plugins are unloaded. * Fix small memleak when getting the job list from the database. * Fix incorrect printing of `%` escape characters when printing stdio fields for jobs. * Fix padding parsing when printing stdio fields for jobs. * Fix printing `%A` array job id when expanding patterns. * Fix reservations causing jobs to be held for `Bad Constraints`. * `switch/hpe_slingshot` - Prevent potential segfault on failed curl request to the fabric manager. * Fix printing incorrect array job id when expanding stdio file names. The `%A` will now be substituted by the correct value. * Fix printing incorrect array job id when expanding stdio file names. The `%A` will now be substituted by the correct value. * `switch/hpe_slingshot` - Fix VNI range not updating on slurmctld restart or reconfigre. * Fix steps not being created when using certain combinations of `-c` and `-n` inferior to the jobs requested resources, when using stepmgr and nodes are configured with `CPUs == Sockets*CoresPerSocket`. * Permit configuring the number of retry attempts to destroy CXI service via the new destroy_retries `SwitchParameter`. * Do not reset `memory.high` and `memory.swap.max` in slurmd startup or reconfigure as we are never really touching this in `slurmd`. * Fix reconfigure failure of slurmd when it has been started manually and the `CoreSpecLimits` have been removed from `slurm.conf`. * Set or reset CoreSpec limits when slurmd is reconfigured and it was started with systemd. * `switch/hpe-slingshot` - Make sure the slurmctld can free step VNIs after the controller restarts or reconfigures while the job is running. * Fix backup `slurmctld` failure on 2nd takeover. - Changes from version 24.11.4 * `slurmctld`,`slurmrestd` - Avoid possible race condition that could have caused process to crash when listener socket was closed while accepting a new connection. * `slurmrestd` - Avoid race condition that could have resulted in address logged for a UNIX socket to be incorrect. * `slurmrestd` - Fix parameters in OpenAPI specification for the following endpoints to have `job_id` field: ``` GET /slurm/v0.0.40/jobs/state/ GET /slurm/v0.0.41/jobs/state/ GET /slurm/v0.0.42/jobs/state/ GET /slurm/v0.0.43/jobs/state/ ``` * `slurmd` - Fix tracking of thread counts that could cause incoming connections to be ignored after burst of simultaneous incoming connections that trigger delayed response logic. * Avoid unnecessary `SRUN_TIMEOUT` forwarding to `stepmgr`. * Fix jobs being scheduled on higher weighted powered down nodes. * Fix how backfill scheduler filters nodes from the available nodes based on exclusive user and `mcs_label` requirements. * `acct_gather_energy/{gpu,ipmi}` - Fix potential energy consumption adjustment calculation underflow. * `acct_gather_energy/ipmi` - Fix regression introduced in 24.05.5 (which introduced the new way of preserving energy measurements through slurmd restarts) when `EnergyIPMICalcAdjustment=yes`. * Prevent `slurmctld` deadlock in the assoc mgr. * Fix memory leak when `RestrictedCoresPerGPU` is enabled. * Fix preemptor jobs not entering execution due to wrong calculation of accounting policy limits. * Fix certain job requests that were incorrectly denied with node configuration unavailable error. * `slurmd` - Avoid crash due when slurmd has a communications failure with `slurmstepd`. * Fix memory leak when parsing yaml input. * Prevent `slurmctld` from showing error message about `PreemptMode=GANG` being a cluster-wide option for `scontrol update part` calls that don't attempt to modify partition PreemptMode. * Fix setting `GANG` preemption on partition when updating `PreemptMode` with `scontrol`. * Fix `CoreSpec` and `MemSpec` limits not being removed from previously configured slurmd. * Avoid race condition that could lead to a deadlock when `slurmd`, `slurmstepd`, `slurmctld`, `slurmrestd` or `sackd` have a fatal event. * Fix jobs using `--ntasks-per-node` and `--mem` keep pending forever when the requested mem divided by the number of CPUs will surpass the configured `MaxMemPerCPU`. * `slurmd` - Fix address logged upon new incoming RPC connection from `INVALID` to IP address. * Fix memory leak when retrieving reservations. This affects `scontrol`, `sinfo`, `sview`, and the following `slurmrestd` endpoints: `GET /slurm/{any_data_parser}/reservation/{reservation_name}` `GET /slurm/{any_data_parser}/reservations` * Log warning instead of `debuflags=conmgr` gated log when deferring new incoming connections when number of active connections exceed `conmgr_max_connections`. * Avoid race condition that could result in worker thread pool not activating all threads at once after a reconfigure resulting in lower utilization of available CPU threads until enough internal activity wakes up all threads in the worker pool. * Avoid theoretical race condition that could result in new incoming RPC socket connections being ignored after reconfigure. * slurmd - Avoid race condition that could result in a state where new incoming RPC connections will always be ignored. * Add ReconfigFlags=KeepNodeStateFuture to restore saved `FUTURE` node state on restart and reconfig instead of reverting to `FUTURE` state. This will be made the default in 25.05. * Fix case where hetjob submit would cause `slurmctld` to crash. * Fix jobs using `--cpus-per-gpu` and `--mem` keep pending forever when the requested mem divided by the number of CPUs will surpass the configured `MaxMemPerCPU`. * Enforce that jobs using `--mem` and several `--*-per-*` options do not violate the `MaxMemPerCPU` in place. * `slurmctld` - Fix use-cases of jobs incorrectly pending held when `--prefer` features are not initially satisfied. * `slurmctld` - Fix jobs incorrectly held when `--prefer` not satisfied in some use-cases. * Ensure `RestrictedCoresPerGPU` and `CoreSpecCount` don't overlap. - Changes from version 24.11.3 * Fix database cluster ID generation not being random. * Fix a regression in which `slurmd -G` gave no output. * Fix a long-standing crash in `slurmctld` after updating a reservation with an empty nodelist. The crash could occur after restarting slurmctld, or if downing/draining a node in the reservation with the `REPLACE` or `REPLACE_DOWN` flag. * Avoid changing process name to '`watch`' from original daemon name. This could potentially breaking some monitoring scripts. * Avoid `slurmctld` being killed by `SIGALRM` due to race condition at startup. * Fix race condition in slurmrestd that resulted in '`Requested data_parser plugin does not support OpenAPI plugin`' error being returned for valid endpoints. * Fix race between `task/cgroup` CPUset and `jobacctgather/cgroup`. The first was removing the pid from `task_X` cgroup directory causing memory limits to not being applied. * If multiple partitions are requested, set the `SLURM_JOB_PARTITION` output environment variable to the partition in which the job is running for `salloc` and `srun` in order to match the documentation and the behavior of `sbatch`. * `srun` - Fixed wrongly constructed `SLURM_CPU_BIND` env variable that could get propagated to downward srun calls in certain mpi environments, causing launch failures. * Don't print misleading errors for stepmgr enabled steps. * `slurmrestd` - Avoid connection to slurmdbd for the following endpoints: ``` GET /slurm/v0.0.41/jobs GET /slurm/v0.0.41/job/{job_id} ``` * `slurmrestd` - Avoid connection to slurmdbd for the following endpoints: ``` GET /slurm/v0.0.40/jobs GET /slurm/v0.0.40/job/{job_id} ``` * `slurmrestd` - Fix possible memory leak when parsing arrays with `data_parser/v0.0.40`. * `slurmrestd` - Fix possible memory leak when parsing arrays with `data_parser/v0.0.41`. * `slurmrestd` - Fix possible memory leak when parsing arrays with `data_parser/v0.0.42`. - Changes from version 24.11.2 * Fix segfault when submitting `--test-only` jobs that can preempt. * Fix regression introduced in 23.11 that prevented the following flags from being added to a reservation on an update: `DAILY`, `HOURLY`, `WEEKLY`, `WEEKDAY`, and `WEEKEND`. * Fix crash and issues evaluating job's suitability for running in nodes with already suspended job(s) there. * `slurmctld` will ensure that healthy nodes are not reported as `UnavailableNodes` in job reason codes. * Fix handling of jobs submitted to a current reservation with flags `OVERLAP,FLEX` or `OVERLAP,ANY_NODES` when it overlaps nodes with a future maintenance reservation. When a job submission had a time limit that overlapped with the future maintenance reservation, it was rejected. Now the job is accepted but stays pending with the reason '`ReqNodeNotAvail, Reserved for maintenance`'. * `pam_slurm_adopt` - avoid errors when explicitly setting some arguments to the default value. * Fix QOS preemption with `PreemptMode=SUSPEND`. * `slurmdbd` - When changing a user's name update lineage at the same time. * Fix regression in 24.11 in which `burst_buffer.lua` does not inherit the `SLURM_CONF` environment variable from `slurmctld` and fails to run if slurm.conf is in a non-standard location. * Fix memory leak in slurmctld if `select/linear` and the `PreemptParameters=reclaim_licenses` options are both set in `slurm.conf`. Regression in 24.11.1. * Fix running jobs, that requested multiple partitions, from potentially being set to the wrong partition on restart. * `switch/hpe_slingshot` - Fix compatibility with newer cxi drivers, specifically when specifying `disable_rdzv_get`. * Add `ABORT_ON_FATAL` environment variable to capture a backtrace from any `fatal()` message. * Fix printing invalid address in rate limiting log statement. * `sched/backfill` - Fix node state `PLANNED` not being cleared from fully allocated nodes during a backfill cycle. * `select/cons_tres` - Fix future planning of jobs with `bf_licenses`. * Prevent redundant '`on_data returned rc: Rate limit exceeded, please retry momentarily`' error message from being printed in slurmctld logs. * Fix loading non-default QOS on pending jobs from pre-24.11 state. * Fix pending jobs displaying `QOS=(null)` when not explicitly requesting a QOS. * Fix segfault issue from job record with no `job_resrcs`. * Fix failing `sacctmgr delete/modify/show` account operations with `where` clauses. * Fix regression in 24.11 in which Slurm daemons started catching several `SIGTSTP`, `SIGTTIN` and `SIGUSR1` signals and ignored them, while before they were not ignoring them. This also caused slurmctld to not being able to shutdown after a `SIGTSTP` because slurmscriptd caught the signal and stopped while slurmctld ignored it. Unify and fix these situations and get back to the previous behavior for these signals. * Document that `SIGQUIT` is no longer ignored by `slurmctld`, `slurmdbd`, and slurmd in 24.11. As of 24.11.0rc1, `SIGQUIT` is identical to `SIGINT` and `SIGTERM` for these daemons, but this change was not documented. * Fix not considering nodes marked for reboot without ASAP in the scheduler. * Remove the `boot^` state on unexpected node reboot after return to service. * Do not allow new jobs to start on a node which is being rebooted with the flag `nextstate=resume`. * Prevent lower priority job running after cancelling an ASAP reboot. * Fix srun jobs starting on `nextstate=resume` rebooting nodes. Important SUSE bug 1243666 CVE-2025-43904 at SUSE CVE-2025-43904 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql16 (Moderate) openSUSE Leap 15.6 This update for postgresql16 fixes the following issues: Upgrade to 16.9: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation (bsc#1242931) Changelog: https://www.postgresql.org/docs/release/16.9/ Moderate SUSE bug 1242931 CVE-2025-4207 at SUSE CVE-2025-4207 at NVD cpe:/o:opensuse:leap:15.6 Security update for python312-setuptools (Important) openSUSE Leap 15.6 This update for python312-setuptools fixes the following issues: - CVE-2025-47273: path traversal in PackageIndex.download may lead to an arbitrary file write (bsc#1243313). Important SUSE bug 1243313 CVE-2025-47273 at SUSE CVE-2025-47273 at NVD cpe:/o:opensuse:leap:15.6 Security update for iputils (Moderate) openSUSE Leap 15.6 This update for iputils fixes the following issues: - CVE-2025-47268: Fixed integer overflow in RTT calculation can lead to undefined behavior (bsc#1242300) Moderate SUSE bug 1242300 CVE-2025-47268 at SUSE CVE-2025-47268 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-1_8_0-ibm (Important) openSUSE Leap 15.6 This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 45. Security issues fixed: - Oracle April 15 2025 CPU (bsc#1242208) * CVE-2025-21587: unauthorized access, deletion and modification of critical data via the JSSE component (bsc#1241274). * CVE-2025-30691: unauthorized access to data via the Compiler component (bsc#1241275). * CVE-2025-30698: unauthorized access to data and ability to cause a partial DoS via the 2D component (bsc#1241276). - IBM Security Update May 2025 * CVE-2025-4447: stack based buffer overflow in Eclipse OpenJ9 through modification of file that is read when the JVM starts (bsc#1243429). Other changes and issues fixed: - Security: * Avoid memory leak during aes cipher initialization operations for IBMJCEPlus and IBMJCEPlusProviders provider. * Changing the default of the com.ibm.security.spnego.msinterop property from true to false. * Deserializing a com.ibm.crypto.provider.rsaprivatecrtkey object causes a java.io.invalidobjectexception to be thrown. * Failed to read private key from a JKS keystore, specified as JCEKS keystore. * HTTPS channel binding support. * Keytool listing PKCS12 keystore issue. * On Linux systems, use gcc11.2 to compile IBM PKCS11 library. * Support has been added to the IBM Java XMLDSigRI security provider for the EdDSA (Edwards-curve Digital Signature Algorithm). * Updates to XDH Key Agreement, AESGCM Algorithms in IBMJCEPlus and IBMJCEPlusFIPS providers. - Class Libraries: * Update timezone information to the latest tzdata2025a. - Java Virtual Machine: * A SIGSEGV/GPF event received while processing verifyerror. * Crash while resolving MethodHandleNatives. * NoSuchMethodException or NoClassDefFoundError when loading classes. - JIT Compiler: * Assert in the JIT Compiler, badILOp. * Reduced MD5 performance. Important SUSE bug 1241274 SUSE bug 1241275 SUSE bug 1241276 SUSE bug 1242208 SUSE bug 1243429 CVE-2025-21587 at SUSE CVE-2025-21587 at NVD CVE-2025-30691 at SUSE CVE-2025-30691 at NVD CVE-2025-30698 at SUSE CVE-2025-30698 at NVD CVE-2025-4447 at SUSE CVE-2025-4447 at NVD cpe:/o:opensuse:leap:15.6 Security update for dpdk (Important) openSUSE Leap 15.6 This update for dpdk fixes the following issues: - CVE-2024-11614: Fixed Denial Of Service from malicious guest on hypervisors using DPDK Vhost library (bsc#1234718) Important SUSE bug 1234718 CVE-2024-11614 at SUSE CVE-2024-11614 at NVD cpe:/o:opensuse:leap:15.6 Security update for libsoup2 (Important) openSUSE Leap 15.6 This update for libsoup2 fixes the following issues: - CVE-2025-4948: Fixed integer underflow in soup_multipart_new_from_message() leading to denial of service (bsc#1243332) - CVE-2025-4969: Fixed off-by-one out-of-bounds read may lead to infoleak (bsc#1243423) - CVE-2025-32906: Fixed out of bounds reads in soup_headers_parse_request() (bsc#1241263) - CVE-2025-32909: Fixed NULL pointer dereference in the sniff_mp4 function in soup-content-sniffer.c (bsc#1241226) - CVE-2025-32910: Fixed null pointer deference on client when server omits the realm parameter in an Unauthorized response with Digest authentication (bsc#1241252) - CVE-2025-32911: Fixed double free on soup_message_headers_get_content_disposition() via 'params'. (bsc#1241238) - CVE-2025-32912: Fixed NULL pointer dereference in SoupAuthDigest (bsc#1241214) - CVE-2025-32913: Fixed NULL pointer dereference in soup_message_headers_get_content_disposition (bsc#1241162) Important SUSE bug 1241162 SUSE bug 1241214 SUSE bug 1241226 SUSE bug 1241238 SUSE bug 1241252 SUSE bug 1241263 SUSE bug 1243332 SUSE bug 1243423 CVE-2025-32906 at SUSE CVE-2025-32906 at NVD CVE-2025-32909 at SUSE CVE-2025-32909 at NVD CVE-2025-32910 at SUSE CVE-2025-32910 at NVD CVE-2025-32911 at SUSE CVE-2025-32911 at NVD CVE-2025-32912 at SUSE CVE-2025-32912 at NVD CVE-2025-32913 at SUSE CVE-2025-32913 at NVD CVE-2025-4948 at SUSE CVE-2025-4948 at NVD CVE-2025-4969 at SUSE CVE-2025-4969 at NVD cpe:/o:opensuse:leap:15.6 Security update for 389-ds (Moderate) openSUSE Leap 15.6 This update for 389-ds fixes the following issues: Security fixes: - CVE-2025-3416: Fixed use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242666) Other fixes: - Enable memory accounting as SUSE disables it by default (bsc#1241016). - Fix dsidm service get_dn option failing (bsc#1241988) - Version update 2.2.10~git99.aa5d0ecbf Various fixes and solved issues from github repository Moderate SUSE bug 1241016 SUSE bug 1241988 SUSE bug 1242666 CVE-2025-3416 at SUSE CVE-2025-3416 at NVD cpe:/o:opensuse:leap:15.6 Security update for python3-setuptools (Important) openSUSE Leap 15.6 This update for python3-setuptools fixes the following issues: - CVE-2025-47273: path traversal in PackageIndex.download may lead to an arbitrary file write (bsc#1243313). Important SUSE bug 1243313 CVE-2025-47273 at SUSE CVE-2025-47273 at NVD cpe:/o:opensuse:leap:15.6 Security update for gnuplot (Moderate) openSUSE Leap 15.6 This update for gnuplot fixes the following issues: - CVE-2025-31176: invalid read leads to segmentation fault on plot3d_points (bsc#1240325). - CVE-2025-31177: improper bounds check leads to heap-buffer overflow on utf8_copy_one (bsc#1240326). - CVE-2025-31178: unvalidated user input leads to segmentation fault on GetAnnotateString (bsc#1240327). - CVE-2025-31179: improper verification of time values leads to segmentation fault on xstrftime (bsc#1240328). - CVE-2025-31180: unchecked invalid pointer access leads to segmentation fault on CANVAS_text (bsc#1240329). - CVE-2025-31181: double fclose() call leads to segmentation fault on X11_graphics (bsc#1240330). - CVE-2025-3359: out-of-bounds read when parsing font names may lead to a segmentation fault (bsc#1241684). Moderate SUSE bug 1240325 SUSE bug 1240326 SUSE bug 1240327 SUSE bug 1240328 SUSE bug 1240329 SUSE bug 1240330 SUSE bug 1241684 CVE-2025-31176 at SUSE CVE-2025-31176 at NVD CVE-2025-31177 at SUSE CVE-2025-31177 at NVD CVE-2025-31178 at SUSE CVE-2025-31178 at NVD CVE-2025-31179 at SUSE CVE-2025-31179 at NVD CVE-2025-31180 at SUSE CVE-2025-31180 at NVD CVE-2025-31181 at SUSE CVE-2025-31181 at NVD CVE-2025-3359 at SUSE CVE-2025-3359 at NVD cpe:/o:opensuse:leap:15.6 Security update for libsoup (Important) openSUSE Leap 15.6 This update for libsoup fixes the following issues: - CVE-2025-4969: Fixed off-by-one out-of-bounds read may lead to infoleak (bsc#1243423) - CVE-2025-4948: Fixed integer underflow in soup_multipart_new_from_message() leading to denial of service (bsc#1243332) - CVE-2025-4476: Fixed NULL pointer dereference may lead to denial of service (bsc#1243422) Important SUSE bug 1243332 SUSE bug 1243422 SUSE bug 1243423 CVE-2025-4476 at SUSE CVE-2025-4476 at NVD CVE-2025-4948 at SUSE CVE-2025-4948 at NVD CVE-2025-4969 at SUSE CVE-2025-4969 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaThunderbird (Important) openSUSE Leap 15.6 This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.10.2 (MFSA 2025-40, bsc#1243303): Security fixes: - CVE-2025-4918: Out-of-bounds access when resolving Promise objects (bmo#1966612) - CVE-2025-4919: Out-of-bounds access when optimizing linear sums (bmo#1966614) Other fixes: - Messages could not be viewed if the profile used a UNC path (bmo#1966256) - Visual and UX improvements (bmo#1964156) Important SUSE bug 1243303 CVE-2025-4918 at SUSE CVE-2025-4918 at NVD CVE-2025-4919 at SUSE CVE-2025-4919 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaFirefox (Important) openSUSE Leap 15.6 This update for MozillaFirefox fixes the following issues: Update to Mozilla Firefox ESR 128.11 (MFSA 2025-44, bsc#1243353): - MFSA-TMP-2025-0001: Double-free in libvpx encoder (bmo#1962421) - CVE-2025-5263: Error handling for script execution was incorrectly isolated from web content (bmo#1960745) - CVE-2025-5264: Potential local code execution in 'Copy as cURL' command (bmo#1950001) - CVE-2025-5265: Potential local code execution in 'Copy as cURL' command (bmo#1962301) - CVE-2025-5266: Script element events leaked cross-origin resource status (bmo#1965628) - CVE-2025-5267: Clickjacking vulnerability could have led to leaking saved payment card details (bmo#1954137) - CVE-2025-5268: Memory safety bugs fixed in Firefox 139, Thunderbird 139, Firefox ESR 128.11, and Thunderbird 128.11 (bmo#1950136, bmo#1958121, bmo#1960499, bmo#1962634) - CVE-2025-5269: Memory safety bug fixed in Firefox ESR 128.11 and Thunderbird 128.11 (bmo#1924108) Important SUSE bug 1243353 CVE-2025-5263 at SUSE CVE-2025-5263 at NVD CVE-2025-5264 at SUSE CVE-2025-5264 at NVD CVE-2025-5265 at SUSE CVE-2025-5265 at NVD CVE-2025-5266 at SUSE CVE-2025-5266 at NVD CVE-2025-5267 at SUSE CVE-2025-5267 at NVD CVE-2025-5268 at SUSE CVE-2025-5268 at NVD CVE-2025-5269 at SUSE CVE-2025-5269 at NVD cpe:/o:opensuse:leap:15.6 Security update for apache-commons-beanutils (Important) openSUSE Leap 15.6 This update for apache-commons-beanutils fixes the following issues: Update to 1.11.0 - CVE-2025-48734: Fixed possible arbitrary code execution vulnerability (bsc#1243793) Full changelog: https://commons.apache.org/proper/commons-beanutils/changes.html#a1.11.0 Important SUSE bug 1243793 CVE-2025-48734 at SUSE CVE-2025-48734 at NVD cpe:/o:opensuse:leap:15.6 Security update for libcryptopp (Important) openSUSE Leap 15.6 This update for libcryptopp fixes the following issues: - CVE-2024-28285: Fixed potential leak of secret key of ElGamal encryption via fault injection (bsc#1224280) Important SUSE bug 1224280 CVE-2024-28285 at SUSE CVE-2024-28285 at NVD cpe:/o:opensuse:leap:15.6 Security update for helm-mirror (Moderate) openSUSE Leap 15.6 This update for helm-mirror fixes the following issues: - CVE-2025-32386: Fixed denial of service due to memory exhaustion after loading a specially crafter chart (bsc#1241028) - CVE-2025-32387: Fixed stack overflow due to parser recursion that can exceed the stack size limit (bsc#1241031) Moderate SUSE bug 1241028 SUSE bug 1241031 CVE-2025-32386 at SUSE CVE-2025-32386 at NVD CVE-2025-32387 at SUSE CVE-2025-32387 at NVD cpe:/o:opensuse:leap:15.6 Security update for transfig (Moderate) openSUSE Leap 15.6 This update for transfig fixes the following issues: Update to fig2dev version 3.2.9a - CVE-2025-31162: Fixed a floating point exception in fig2dev in get_slope function (bsc#1240380). - CVE-2025-31163: Fixed a segmentation fault in fig2dev in put_patternarc function (bsc#1240381). - CVE-2025-31164: Fixed a heap buffer overflow in fig2dev in create_line_with_spline function (bsc#1240379). - CVE-2025-46397: Fixed a stack buffer overflow in fig2dev in bezier_spline function (bsc#1243260). - CVE-2025-46398: Fixed a stack buffer overflow in fig2dev in read_objects function (bsc#1243262). - CVE-2025-46399: Fixed a segmentation fault in fig2dev in genge_itp_spline function (bsc#1243263). - CVE-2025-46400: Fixed a segmentation fault in fig2dev in read_arcobject function (bsc#1243261). Moderate SUSE bug 1225947 SUSE bug 1230427 SUSE bug 1240379 SUSE bug 1240380 SUSE bug 1240381 SUSE bug 1243260 SUSE bug 1243261 SUSE bug 1243262 SUSE bug 1243263 CVE-2025-31162 at SUSE CVE-2025-31162 at NVD CVE-2025-31163 at SUSE CVE-2025-31163 at NVD CVE-2025-31164 at SUSE CVE-2025-31164 at NVD CVE-2025-46397 at SUSE CVE-2025-46397 at NVD CVE-2025-46398 at SUSE CVE-2025-46398 at NVD CVE-2025-46399 at SUSE CVE-2025-46399 at NVD CVE-2025-46400 at SUSE CVE-2025-46400 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.24 (Important) openSUSE Leap 15.6 This update for go1.24 fixes the following issues: go1.24.4 (released 2025-06-05) includes security fixes to the crypto/x509, net/http, and os packages, as well as bug fixes to the linker, the go command, and the hash/maphash and os packages. ( bsc#1236217 go1.24 release tracking CVE-2025-22874 CVE-2025-0913 CVE-2025-4673) * CVE-2025-22874: crypto/x509: ExtKeyUsageAny bypasses policy validation (bsc#1244158) * CVE-2025-0913: os: inconsistent handling of O_CREATE|O_EXCL on Unix and Windows (bsc#1244157) * CVE-2025-4673: net/http: sensitive headers not cleared on cross-origin redirect (bsc#1244156) * os: Root.Mkdir creates directories with zero permissions on OpenBSD * hash/maphash: hashing channels with purego impl. of maphash.Comparable panics * runtime/debug: BuildSetting does not document DefaultGODEBUG * cmd/go: add fips140 module selection mechanism * cmd/link: Go 1.24.3 and 1.23.9 regression - duplicated definition of symbol dlopen * CVE-2025-22873: os: Root permits access to parent directory Important SUSE bug 1236217 SUSE bug 1242715 SUSE bug 1244156 SUSE bug 1244157 SUSE bug 1244158 CVE-2025-0913 at SUSE CVE-2025-0913 at NVD CVE-2025-22873 at SUSE CVE-2025-22873 at NVD CVE-2025-22874 at SUSE CVE-2025-22874 at NVD CVE-2025-4673 at SUSE CVE-2025-4673 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.23 (Important) openSUSE Leap 15.6 This update for go1.23 fixes the following issues: go1.23.10 (released 2025-06-05) includes security fixes to the /http and os packages, as well as bug fixes to the linker. (bsc#1229122 go1.23 release tracking CVE-2025-0913 CVE-2025-4673) * CVE-2025-0913: os: inconsistent handling of O_CREATE|O_EXCL on Unix and Windows (bsc#1244157) * CVE-2025-4673: net/http: sensitive headers not cleared on cross-origin redirect (bsc#1244156) * runtime/debug: BuildSetting does not document DefaultGODEBUG * cmd/link: Go 1.24.3 and 1.23.9 regression - duplicated definition of symbol dlopen Important SUSE bug 1229122 SUSE bug 1244156 SUSE bug 1244157 CVE-2025-0913 at SUSE CVE-2025-0913 at NVD CVE-2025-4673 at SUSE CVE-2025-4673 at NVD cpe:/o:opensuse:leap:15.6 Security update for nodejs22 (Important) openSUSE Leap 15.6 This update for nodejs22 fixes the following issues: Update to version 22.15.1. Security issues fixed: - CVE-2025-23166: remotely triggerable process crash due to improper error handling in async cryptographic operations (bsc#1243218). - CVE-2025-23165: memory leak and unbounded memory growth due to corrupted pointer in `node::fs::ReadFileUtf8(const FunctionCallbackInfo<Value>& args)` when `args[0]` is a string (bsc#1243217). Other changes and issues fixed: - Changes from version 22.15.0 * dns: add TLSA record query and parsing * assert: improve partialDeepStrictEqual * process: add execve * tls: implement tls.getCACertificates() * v8: add v8.getCppHeapStatistics() method - Changes from version 22.14.0 * fs: allow exclude option in globs to accept glob patterns * lib: add typescript support to STDIN eval * module: add ERR_UNSUPPORTED_TYPESCRIPT_SYNTAX * module: add findPackageJSON util * process: add process.ref() and process.unref() methods * sqlite: support TypedArray and DataView in StatementSync * src: add --disable-sigusr1 to prevent signal i/o thread * src,worker: add isInternalWorker * test_runner: add TestContext.prototype.waitFor() * test_runner: add t.assert.fileSnapshot() * test_runner: add assert.register() API * worker: add eval ts input - Build with PIE (bsc#1239949). - Fix builds with OpenSSL 3.5.0 (bsc#1241050). Important SUSE bug 1239949 SUSE bug 1241050 SUSE bug 1243217 SUSE bug 1243218 CVE-2025-23165 at SUSE CVE-2025-23165 at NVD CVE-2025-23166 at SUSE CVE-2025-23166 at NVD cpe:/o:opensuse:leap:15.6 Security update for perl-Crypt-OpenSSL-RSA (Moderate) openSUSE Leap 15.6 This update for perl-Crypt-OpenSSL-RSA fixes the following issues: - CVE-2024-2467: Side-channel attack in PKCS#1 v1.5 padding mode (Marvin Attack) (bsc#1221446) Moderate SUSE bug 1221446 CVE-2024-2467 at SUSE CVE-2024-2467 at NVD cpe:/o:opensuse:leap:15.6 Security update for perl-YAML-LibYAML (Important) openSUSE Leap 15.6 This update for perl-YAML-LibYAML fixes the following issues: - CVE-2025-40908: YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified (bsc#1243902) Important SUSE bug 1243902 CVE-2025-40908 at SUSE CVE-2025-40908 at NVD cpe:/o:opensuse:leap:15.6 Security update for nbdkit (Moderate) openSUSE Leap 15.6 This update for nbdkit fixes the following issues: Update to version 1.36.5. Security fixes: - CVE-2025-47712: integer overflow in blocksize filter when processing client block status requests larger than 2**32 will trigger an assertion failure and cause a denial-of-service. (bsc#1243108). - CVE-2025-47711: off-by-one error when processing block status results from plugins on behalf of an NBD client may trigger an assertion failure and cause a denial of service (bsc#1243110). Other fixes and changes: - tests: Add test-blkio.sh to unconditional EXTRA_DIST rule. - Revert 'valgrind: Add suppression for liblzma bug'. - vddk: Move 'Unknown error' information to the manual. - ocaml Add better comments to the example plugin. - ocaml: Simplify pread operation. - ocaml: Define a struct handle to hold the OCaml handle. - ocaml: Add OCaml version to --dump-plugin output. - ocaml: Print callback name when an exception is printed. - ocaml: Combine all exception printing into a single macro. Moderate SUSE bug 1243108 SUSE bug 1243110 CVE-2025-47711 at SUSE CVE-2025-47711 at NVD CVE-2025-47712 at SUSE CVE-2025-47712 at NVD cpe:/o:opensuse:leap:15.6 Security update for sysstat (Moderate) openSUSE Leap 15.6 This update for sysstat fixes the following issues: - CVE-2023-33204: Fixed a multiplication integer overflow in check_overflow in common.c (bsc#1211507) - CVE-2022-39377: Fixed arithmetic overflow in allocate_structures() (bsc#1205224) Moderate SUSE bug 1202473 SUSE bug 1205224 SUSE bug 1211507 CVE-2022-39377 at SUSE CVE-2022-39377 at NVD CVE-2023-33204 at SUSE CVE-2023-33204 at NVD cpe:/o:opensuse:leap:15.6 Security update for kubernetes1.23 (Moderate) openSUSE Leap 15.6 This update for kubernetes1.23 fixes the following issues: - CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content (bsc#1241865). Moderate SUSE bug 1241865 CVE-2025-22872 at SUSE CVE-2025-22872 at NVD cpe:/o:opensuse:leap:15.6 Security update for kubernetes1.24 (Moderate) openSUSE Leap 15.6 This update for kubernetes1.24 fixes the following issues: - CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content (bsc#1241865). Moderate SUSE bug 1241865 CVE-2025-22872 at SUSE CVE-2025-22872 at NVD cpe:/o:opensuse:leap:15.6 Security update for kubernetes-old (Moderate) openSUSE Leap 15.6 This update for kubernetes-old fixes the following issues: - CVE-2025-22872: Fixed golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction (bsc#1241781) This update to version 1.31.9 (jsc#PED-11105) * Find full changelog https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.31.md#v1319 Moderate SUSE bug 1241781 CVE-2025-22872 at SUSE CVE-2025-22872 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaThunderbird (Important) openSUSE Leap 15.6 This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.11 (MFSA 2025-46, bsc#1243353): - CVE-2025-5262: Double-free in libvpx encoder (bmo#1962421) - CVE-2025-5263: Error handling for script execution was incorrectly isolated from web content (bmo#1960745) - CVE-2025-5264: Potential local code execution in 'Copy as cURL' command (bmo#1950001) - CVE-2025-5265: Potential local code execution in 'Copy as cURL' command (bmo#1962301) - CVE-2025-5266: Script element events leaked cross-origin resource status (bmo#1965628) - CVE-2025-5267: Clickjacking vulnerability could have led to leaking saved payment card details (bmo#1954137) - CVE-2025-5268: Memory safety bugs fixed in Firefox 139, Thunderbird 139, Firefox ESR 128.11, and Thunderbird 128.11 (bmo#1950136, bmo#1958121, bmo#1960499, bmo#1962634) - CVE-2025-5269: Memory safety bug fixed in Firefox ESR 128.11 and Thunderbird 128.11 (bmo#1924108) Important SUSE bug 1243353 CVE-2025-5262 at SUSE CVE-2025-5262 at NVD CVE-2025-5263 at SUSE CVE-2025-5263 at NVD CVE-2025-5264 at SUSE CVE-2025-5264 at NVD CVE-2025-5265 at SUSE CVE-2025-5265 at NVD CVE-2025-5266 at SUSE CVE-2025-5266 at NVD CVE-2025-5267 at SUSE CVE-2025-5267 at NVD CVE-2025-5268 at SUSE CVE-2025-5268 at NVD CVE-2025-5269 at SUSE CVE-2025-5269 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Django (Moderate) openSUSE Leap 15.6 This update for python-Django fixes the following issues: - CVE-2025-48432: log injection or forgery due to unescaped control characters being added into logs (bsc#1244095). Moderate SUSE bug 1244095 CVE-2025-48432 at SUSE CVE-2025-48432 at NVD cpe:/o:opensuse:leap:15.6 Security update for apache2-mod_auth_openidc (Important) openSUSE Leap 15.6 This update for apache2-mod_auth_openidc fixes the following issues: - CVE-2025-3891: Fixed denial of service via an empty POST request when OIDCPreservePost is enabled (bsc#1242015). Important SUSE bug 1242015 CVE-2025-3891 at SUSE CVE-2025-3891 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-1_8_0-openj9 (Important) openSUSE Leap 15.6 This update for java-1_8_0-openj9 fixes the following issues: - CVE-2025-4447: Fixed buffer overflow in Eclipse OpenJ9 (bsc#1243429). - CVE-2025-30698: Fixed 2D unauthorized data access and DoS (bsc#1241276). - CVE-2025-30691: Fixed Compiler Unauthorized Data Access (bsc#1241275). - CVE-2025-21587: Fixed unauthorized access, deletion or modification of critical data (bsc#1241274). Other bugfixes: - Fixed wrong execstack flag in libj9jit (bsc#1235844) Important SUSE bug 1235844 SUSE bug 1241274 SUSE bug 1241275 SUSE bug 1241276 SUSE bug 1243429 CVE-2025-21587 at SUSE CVE-2025-21587 at NVD CVE-2025-30691 at SUSE CVE-2025-30691 at NVD CVE-2025-30698 at SUSE CVE-2025-30698 at NVD CVE-2025-4447 at SUSE CVE-2025-4447 at NVD cpe:/o:opensuse:leap:15.6 Security update for dhcp (Moderate) openSUSE Leap 15.6 This update for dhcp fixes the following issues: - Fixed dhcp not starting in case group nogroup is missing (bsc#1192020) Moderate SUSE bug 1192020 cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching (bsc#1242006). - CVE-2024-35840: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() (bsc#1224597). - CVE-2024-46713: kabi fix for perf/aux: Fix AUX buffer serialization (bsc#1230581). - CVE-2024-50038: netfilter: xtables: fix typo causing some targets not to load on IPv6 (bsc#1231910). - CVE-2024-50162: bpf: selftests: send packet to devmap redirect XDP (bsc#1233075). - CVE-2024-50163: bpf: Make sure internal and UAPI bpf_redirect flags do not overlap (bsc#1233098). - CVE-2024-50223: sched/numa: Fix the potential null pointer dereference in (bsc#1233192). - CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074). - CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154). - CVE-2024-53139: sctp: fix possible UAF in sctp_v6_available() (bsc#1234157). - CVE-2024-54458: scsi: ufs: bsg: Set bsg_queue to NULL after removal (bsc#1238992). - CVE-2024-57924: fs: relax assertions on failure to encode file handles (bsc#1236086). - CVE-2024-58018: nvkm: correctly calculate the available space of the GSP cmdq buffer (bsc#1238990). - CVE-2024-58068: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized (bsc#1238961). - CVE-2024-58070: bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT (bsc#1238983). - CVE-2024-58071: team: prevent adding a device which is already a team device lower (bsc#1238970). - CVE-2024-58088: bpf: Fix deadlock when freeing cgroup storage (bsc#1239510). - CVE-2025-21648: netfilter: conntrack: clamp maximum hashtable size to INT_MAX (bsc#1236142). - CVE-2025-21683: bpf: Fix bpf_sk_select_reuseport() memory leak (bsc#1236704). - CVE-2025-21696: mm: clear uffd-wp PTE/PMD state on mremap() (bsc#1237111). - CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312). - CVE-2025-21707: mptcp: consolidate suboption status (bsc#1238862). - CVE-2025-21729: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (bsc#1237874). - CVE-2025-21755: vsock: Orphan socket after transport release (bsc#1237882). - CVE-2025-21758: ipv6: mcast: add RCU protection to mld_newpack() (bsc#1238737). - CVE-2025-21768: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels (bsc#1238714). - CVE-2025-21787: team: better TEAM_OPTION_TYPE_STRING validation (bsc#1238774). - CVE-2025-21792: ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt (bsc#1238745). - CVE-2025-21806: net: let net.core.dev_weight always be non-zero (bsc#1238746). - CVE-2025-21808: net: xdp: Disallow attaching device-bound programs in generic mode (bsc#1238742). - CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471). - CVE-2025-21814: ptp: Ensure info->enable callback is always set (bsc#1238473). - CVE-2025-21833: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE (bsc#1239108). - CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade (bsc#1239066). - CVE-2025-21854: selftest/bpf: Add vsock test for sockmap rejecting unconnected (bsc#1239470). - CVE-2025-21863: io_uring: prevent opcode speculation (bsc#1239475). - CVE-2025-21867: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() (bsc#1240181). - CVE-2025-21873: scsi: ufs: core: bsg: Fix crash when arpmb command fails (bsc#1240184). - CVE-2025-21875: mptcp: always handle address removal under msk socket lock (bsc#1240168). - CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185). - CVE-2025-21884: net: better track kernel sockets lifetime (bsc#1240171). - CVE-2025-21887: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (bsc#1240176). - CVE-2025-21889: perf/core: Add RCU read lock protection to perf_iterate_ctx() (bsc#1240167). - CVE-2025-21894: net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC (bsc#1240581). - CVE-2025-21895: perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list (bsc#1240585). - CVE-2025-21904: caif_virtio: fix wrong pointer check in cfv_probe() (bsc#1240576). - CVE-2025-21906: wifi: iwlwifi: mvm: clean up ROC on failure (bsc#1240587). - CVE-2025-21908: NFS: fix nfs_release_folio() to not deadlock via kcompactd writeback (bsc#1240600). - CVE-2025-21913: x86/amd_nb: Use rdmsr_safe() in amd_get_mmconfig_range() (bsc#1240591). - CVE-2025-21919: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list (bsc#1240593). - CVE-2025-21922: ppp: Fix KMSAN uninit-value warning with bpf (bsc#1240639). - CVE-2025-21924: net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an error (bsc#1240720). - CVE-2025-21925: llc: do not use skb_get() before dev_queue_xmit() (bsc#1240713). - CVE-2025-21926: net: gso: fix ownership in __udp_gso_segment (bsc#1240712). - CVE-2025-21931: hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio (bsc#1240709). - CVE-2025-21957: scsi: qla1280: Fix kernel oops when debug level > 2 (bsc#1240742). - CVE-2025-21960: eth: bnxt: do not update checksum in bnxt_xdp_build_skb() (bsc#1240815). - CVE-2025-21961: eth: bnxt: fix truesize for mb-xdp-pass case (bsc#1240816). - CVE-2025-21962: cifs: Fix integer overflow while processing closetimeo mount option (bsc#1240655). - CVE-2025-21963: cifs: Fix integer overflow while processing acdirmax mount option (bsc#1240717). - CVE-2025-21964: cifs: Fix integer overflow while processing acregmax mount option (bsc#1240740). - CVE-2025-21969: kABI workaround for l2cap_conn changes (bsc#1240784). - CVE-2025-21970: net/mlx5: Bridge, fix the crash caused by LAG state check (bsc#1240819). - CVE-2025-21972: net: mctp: unshare packets when reassembling (bsc#1240813). - CVE-2025-21975: net/mlx5: handle errors in mlx5_chains_create_table() (bsc#1240812). - CVE-2025-21980: sched: address a potential NULL pointer dereference in the GRED scheduler (bsc#1240809). - CVE-2025-21981: ice: fix memory leak in aRFS after reset (bsc#1240612). - CVE-2025-21985: drm/amd/display: Fix out-of-bound accesses (bsc#1240811). - CVE-2025-21991: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (bsc#1240795). - CVE-2025-21993: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (bsc#1240797). - CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802). - CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835). - CVE-2025-22015: mm/migrate: fix shmem xarray update during migration (bsc#1240944). - CVE-2025-22016: dpll: fix xa_alloc_cyclic() error handling (bsc#1240934). - CVE-2025-22017: devlink: fix xa_alloc_cyclic() error handling (bsc#1240936). - CVE-2025-22018: atm: Fix NULL pointer dereference (bsc#1241266). - CVE-2025-22021: netfilter: socket: Lookup orig tuple for IPv6 SNAT (bsc#1241282). - CVE-2025-22029: exec: fix the racy usage of fs_struct->in_exec (bsc#1241378). - CVE-2025-22030: mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() (bsc#1241376). - CVE-2025-22036: exfat: fix random stack corruption after get_block (bsc#1241426). - CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433). - CVE-2025-22053: net: ibmveth: make veth_pool_store stop hanging (bsc#1241373). - CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371). - CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525). - CVE-2025-22057: net: decrease cached dst counters in dst_release (bsc#1241533). - CVE-2025-22058: udp: Fix memory accounting leak (bsc#1241332). - CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526). - CVE-2025-22063: netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (bsc#1241351). - CVE-2025-22064: netfilter: nf_tables: do not unregister hook when table is dormant (bsc#1241413). - CVE-2025-22070: fs/9p: fix NULL pointer dereference on mkdir (bsc#1241305). - CVE-2025-22080: fs/ntfs3: Prevent integer overflow in hdr_first_de() (bsc#1241416). - CVE-2025-22090: mm: (un)track_pfn_copy() fix + doc improvements (bsc#1241537). - CVE-2025-22102: Bluetooth: btnxpuart: Fix kernel panic during FW release (bsc#1241456). - CVE-2025-22103: net: fix NULL pointer dereference in l3mdev_l3_rcv (bsc#1241448). - CVE-2025-22104: ibmvnic: Use kernel helpers for hex dumps (bsc#1241550). - CVE-2025-22105, CVE-2025-37860: Add missing bugzilla references (bsc#1241452 bsc#1241548). - CVE-2025-22107: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() (bsc#1241575). - CVE-2025-22109: ax25: Remove broken autobind (bsc#1241573). - CVE-2025-22115: btrfs: fix block group refcount race in btrfs_create_pending_block_groups() (bsc#1241578). - CVE-2025-22121: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (bsc#1241593). - CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684). - CVE-2025-23133: wifi: ath11k: update channel list in reg notifier instead reg worker (bsc#1241451). - CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648). - CVE-2025-23140: misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error (bsc#1242763). - CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596). - CVE-2025-23150: ext4: fix off-by-one error in do_split (bsc#1242513). - CVE-2025-23160: media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization (bsc#1242507). - CVE-2025-37748: iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group (bsc#1242523). - CVE-2025-37749: net: ppp: Add bound checking for skb data on ppp_sync_txmung (bsc#1242859). - CVE-2025-37750: smb: client: fix UAF in decryption with multichannel (bsc#1242510). - CVE-2025-37755: net: libwx: handle page_pool_dev_alloc_pages error (bsc#1242506). - CVE-2025-37773: virtiofs: add filesystem context source name check (bsc#1242502). - CVE-2025-37780: isofs: Prevent the use of too small fid (bsc#1242786). - CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640). - CVE-2025-37787: net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered (bsc#1242585). - CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762). - CVE-2025-37790: net: mctp: Set SOCK_RCU_FREE (bsc#1242509). - CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417). - CVE-2025-37799: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp (bsc#1242283). - CVE-2025-37803: udmabuf: fix a buf size overflow issue during udmabuf creation (bsc#1242852). - CVE-2025-37804: io_uring: always do atomic put from iowq (bsc#1242854). - CVE-2025-37809: usb: typec: class: Unlocked on error in typec_register_partner() (bsc#1242856). - CVE-2025-37820: xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() (bsc#1242866). - CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924). - CVE-2025-37824: tipc: fix NULL pointer dereference in tipc_mon_reinit_self() (bsc#1242867). - CVE-2025-37829: cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() (bsc#1242875). - CVE-2025-37830: cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() (bsc#1242860). - CVE-2025-37831: cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() (bsc#1242861). - CVE-2025-37833: net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads (bsc#1242868). - CVE-2025-37842: spi: fsl-qspi: Fix double cleanup in probe error path (bsc#1242951). - CVE-2025-37870: drm/amd/display: prevent hang on link training fail (bsc#1243056). - CVE-2025-37879: 9p/net: fix improper handling of bogus negative read/write replies (bsc#1243077). - CVE-2025-37886: pds_core: make wait_context part of q_info (bsc#1242944). - CVE-2025-37887: pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result (bsc#1242962). - CVE-2025-37949: xenbus: Use kref to track req lifetime (bsc#1243541). - CVE-2025-37954: smb: client: Avoid race in open_cached_dir with lease breaks (bsc#1243664). - CVE-2025-37957: KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception (bsc#1243513). - CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539). - CVE-2025-37960: memblock: Accept allocated memory before use in memblock_double_array() (bsc#1243519). - CVE-2025-37974: s390/pci: Fix missing check for zpci_create_device() error return (bsc#1243547). - CVE-2025-38152: remoteproc: core: Clear table_sz when rproc_shutdown (bsc#1241627). - CVE-2025-38637: net_sched: skbprio: Remove overly strict queue assertions (bsc#1241657). - CVE-2025-39728: clk: samsung: Fix UBSAN panic in samsung_clk_init() (bsc#1241626). The following non-security bugs were fixed: - ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls (stable-fixes). - ACPI: EC: Set ec_no_wakeup for Lenovo Go S (stable-fixes). - ACPI: PPTT: Fix processor subtable walk (git-fixes). - ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP (stable-fixes). - ACPI: x86: Extend Lenovo Yoga Tab 3 quirk with skip GPIO event-handlers (git-fixes). - ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() (git-fixes). - ALSA: hda/realtek - Enable speaker for HP platform (git-fixes). - ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes). - ALSA: hda/realtek: Fix built-in mic breakage on ASUS VivoBook X515JA (git-fixes). - ALSA: hda/realtek: Fix built-in mic on another ASUS VivoBook model (git-fixes). - ALSA: hda/realtek: Fix built-mic regression on other ASUS models (git-fixes). - ALSA: hda: intel: Add Lenovo IdeaPad Z570 to probe denylist (stable-fixes). - ALSA: hda: intel: Fix Optimus when GPU has no sound (stable-fixes). - ALSA: seq: Fix delivery of UMP events to group ports (git-fixes). - ALSA: sh: SND_AICA should depend on SH_DMA_API (git-fixes). - ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info (git-fixes). - ALSA: ump: Fix buffer overflow at UMP SysEx message conversion (bsc#1242044). - ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() (stable-fixes). - ALSA: usb-audio: Add sample rate quirk for Audioengine D1 (git-fixes). - ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera (stable-fixes). - ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset (stable-fixes). - ALSA: usb-audio: Fix CME quirk for UF series keyboards (stable-fixes). - ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() (git-fixes). - ASoC: SOF: ipc4-control: Use SOF_CTRL_CMD_BINARY as numid for bytes_ext (git-fixes). - ASoC: SOF: ipc4-pcm: Delay reporting is only supported for playback direction (git-fixes). - ASoC: SOF: topology: Use krealloc_array() to replace krealloc() (stable-fixes). - ASoC: Use of_property_read_bool() (stable-fixes). - ASoC: amd: Add DMI quirk for ACP6X mic support (stable-fixes). - ASoC: amd: yc: update quirk data for new Lenovo model (stable-fixes). - ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels (git-fixes). - ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate (git-fixes). - ASoC: fsl_audmix: register card device depends on 'dais' property (stable-fixes). - ASoC: imx-card: Add NULL check in imx_card_probe() (git-fixes). - ASoC: qcom: Fix sc7280 lpass potential buffer overflow (git-fixes). - ASoC: qdsp6: q6apm-dai: fix capture pipeline overruns (git-fixes). - ASoC: qdsp6: q6apm-dai: set 10 ms period and buffer alignment (git-fixes). - ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path (git-fixes). - ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties (stable-fixes). - ASoC: soc-pcm: Fix hw_params() and DAPM widget sequence (git-fixes). - ASoc: SOF: topology: connect DAI to a single DAI link (git-fixes). - Bluetooth: L2CAP: Fix not checking l2cap_chan security level (git-fixes). - Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags (git-fixes). - Bluetooth: btrtl: Prevent potential NULL dereference (git-fixes). - Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() (git-fixes). - Bluetooth: btusb: use skb_pull to avoid unsafe access in QCA dump handling (git-fixes). - Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address (git-fixes). - Bluetooth: hci_uart: Fix another race during initialization (git-fixes). - Bluetooth: hci_uart: fix race during initialization (stable-fixes). - Bluetooth: l2cap: Check encryption key size on incoming connection (git-fixes). - Bluetooth: l2cap: Process valid commands in too long frame (stable-fixes). - Bluetooth: vhci: Avoid needless snprintf() calls (git-fixes). - pci: Drop PCI patch that caused a regression (bsc#1241123) - Fix write to cloned skb in ipv6_hop_ioam() (git-fixes). - HID: hid-plantronics: Add mic mute mapping and generalize quirks (stable-fixes). - HID: i2c-hid: improve i2c_hid_get_report error message (stable-fixes). - HID: thrustmaster: fix memory leak in thrustmaster_interrupts() (git-fixes). - HID: uclogic: Add NULL check in uclogic_input_configured() (git-fixes). - IB/cm: use rwlock for MAD agent lock (git-fixes) - Input: cyttsp5 - ensure minimum reset pulse width (git-fixes). - Input: mtk-pmic-keys - fix possible null pointer dereference (git-fixes). - Input: pm8941-pwrkey - fix dev_dbg() output in pm8941_pwrkey_irq() (git-fixes). - Input: synaptics - enable InterTouch on Dell Precision M3800 (stable-fixes). - Input: synaptics - enable InterTouch on Dynabook Portege X30-D (stable-fixes). - Input: synaptics - enable InterTouch on Dynabook Portege X30L-G (stable-fixes). - Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 (stable-fixes). - Input: synaptics - enable SMBus for HP Elitebook 850 G1 (stable-fixes). - Input: synaptics - hide unused smbus_pnp_ids[] array (git-fixes). - Input: synaptics-rmi - fix crash with unsupported versions of F34 (git-fixes). - Input: xpad - add support for 8BitDo Ultimate 2 Wireless Controller (stable-fixes). - Input: xpad - fix Share button on Xbox One controllers (stable-fixes). - Input: xpad - fix two controller table values (git-fixes). - KVM: SVM: Allocate IR data using atomic allocation (git-fixes). - KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value (git-fixes). - KVM: SVM: Suppress DEBUGCTL.BTF on AMD (git-fixes). - KVM: SVM: Update dump_ghcb() to use the GHCB snapshot fields (git-fixes). - KVM: VMX: Do not modify guest XFD_ERR if CR0.TS=1 (git-fixes). - KVM: arm64: Change kvm_handle_mmio_return() return polarity (git-fixes). - KVM: arm64: Fix RAS trapping in pKVM for protected VMs (git-fixes). - KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status (git-fixes). - KVM: arm64: Mark some header functions as inline (git-fixes). - KVM: arm64: Tear down vGIC on failed vCPU creation (git-fixes). - KVM: arm64: timer: Always evaluate the need for a soft timer (git-fixes). - KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* (git-fixes). - KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device (git-fixes). - KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE (git-fixes). - KVM: arm64: vgic-v4: Fall back to software irqbypass if LPI not found (git-fixes). - KVM: arm64: vgic-v4: Only attempt vLPI mapping for actual MSIs (git-fixes). - KVM: nSVM: Pass next RIP, not current RIP, for nested VM-Exit on emulation (git-fixes). - KVM: nVMX: Allow emulating RDPID on behalf of L2 (git-fixes). - KVM: nVMX: Check PAUSE_EXITING, not BUS_LOCK_DETECTION, on PAUSE emulation (git-fixes). - KVM: s390: Do not use %pK through debug printing (git-fixes bsc#1243657). - KVM: s390: Do not use %pK through tracepoints (git-fixes bsc#1243658). - KVM: x86/xen: Use guest's copy of pvclock when starting timer (git-fixes). - KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (git-fixes). - KVM: x86: Do not take kvm->lock when iterating over vCPUs in suspend notifier (git-fixes). - KVM: x86: Explicitly treat routing entry type changes as changes (git-fixes). - KVM: x86: Explicitly zero EAX and EBX when PERFMON_V2 isn't supported by KVM (git-fixes). - KVM: x86: Explicitly zero-initialize on-stack CPUID unions (git-fixes). - KVM: x86: Make x2APIC ID 100% readonly (git-fixes). - KVM: x86: Reject disabling of MWAIT/HLT interception when not allowed (git-fixes). - KVM: x86: Remove the unreachable case for 0x80000022 leaf in __do_cpuid_func() (git-fixes). - KVM: x86: Wake vCPU for PIC interrupt injection iff a valid IRQ was found (git-fixes). - NFS: O_DIRECT writes must check and adjust the file length (git-fixes). - NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up (git-fixes). - NFSv4/pnfs: Reset the layout state after a layoutreturn (git-fixes). - NFSv4: Do not trigger uneccessary scans for return-on-close delegations (git-fixes). - OPP: add index check to assert to avoid buffer overflow in _read_freq() (bsc#1238961) - PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads (git-fixes). - PCI: Fix BAR resizing when VF BARs are assigned (git-fixes). - PCI: Fix reference leak in pci_register_host_bridge() (git-fixes). - PCI: histb: Fix an error handling path in histb_pcie_probe() (git-fixes). - PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type (stable-fixes). - RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work (git-fixes) - RDMA/cma: Fix workqueue crash in cma_netevent_work_handler (git-fixes) - RDMA/core: Fix 'KASAN: slab-use-after-free Read in ib_register_device' problem (git-fixes) - RDMA/core: Silence oversized kvmalloc() warning (git-fixes) - RDMA/hns: Fix wrong maximum DMA segment size (git-fixes) - RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h (git-fixes) - RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (git-fixes) - RDMA/mana_ib: Ensure variable err is initialized (git-fixes). - RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction (git-fixes) - RDMA/rxe: Fix 'trying to register non-static key in rxe_qp_do_cleanup' bug (git-fixes) - RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (git-fixes) - RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() (git-fixes) - mm: Revert commit (bsc#1241051) - Squashfs: check return result of sb_min_blocksize (git-fixes). - USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) (stable-fixes). - USB: VLI disk crashes if LPM is used (stable-fixes). - USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe (stable-fixes). - USB: serial: option: add Sierra Wireless EM9291 (stable-fixes). - USB: serial: simple: add OWON HDS200 series oscilloscope support (stable-fixes). - USB: storage: quirk for ADATA Portable HDD CH94 (stable-fixes). - USB: usbtmc: use interruptible sleep in usbtmc_read (git-fixes). - USB: wdm: add annotation (git-fixes). - USB: wdm: close race between wdm_open and wdm_wwan_port_stop (git-fixes). - USB: wdm: handle IO errors in wdm_wwan_port_start (git-fixes). - USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context (git-fixes). - RDMA: Update patch RDMA-core-Don-t-expose-hw_counters-outside-of-init-n.patch (git-fixes bsc#1239925). - kABI: Update patch kABI-fix-for-RDMA-core-Don-t-expose-hw_counters-outs.patch (git-fixes bsc#1239925). - nvme: Update patch nvme-fixup-scan-failure-for-non-ANA-multipath-contro.patch (git-fixes bsc#1235149). - Xen/swiotlb: mark xen_swiotlb_fixup() __init (git-fixes). - acpi: nfit: fix narrowing conversion in acpi_nfit_ctl (git-fixes). - add bug reference for an existing hv_netvsc change (bsc#1243737). - affs: do not write overlarge OFS data block size fields (git-fixes). - affs: generate OFS sequence numbers starting at 1 (git-fixes). - afs: Fix the server_list to unuse a displaced server rather than putting it (git-fixes). - afs: Make it possible to find the volumes that are using a server (git-fixes). - ahci: add PCI ID for Marvell 88SE9215 SATA Controller (stable-fixes). - arch_topology: Make register_cpu_capacity_sysctl() tolerant to late (bsc#1238052) - arch_topology: init capacity_freq_ref to 0 (bsc#1238052) - arm64/amu: Use capacity_ref_freq() to set AMU ratio (bsc#1238052) - arm64: Do not call NULL in do_compat_alignment_fixup() (git-fixes) - arm64: Provide an AMU-based version of arch_freq_get_on_cpu (bsc#1238052) - arm64: Update AMU-based freq scale factor on entering idle (bsc#1238052) - arm64: Utilize for_each_cpu_wrap for reference lookup (bsc#1238052) - arm64: amu: Delay allocating cpumask for AMU FIE support (bsc#1238052) - arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (git-fixes) - arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (git-fixes) - arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD (git-fixes) - arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2 (git-fixes) - arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays (git-fixes) - arm64: insn: Add support for encoding DSB (git-fixes) - arm64: mm: Correct the update of max_pfn (git-fixes) - arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (git-fixes) - arm64: proton-pack: Expose whether the branchy loop k value (git-fixes) - arm64: proton-pack: Expose whether the platform is mitigated by (git-fixes) - arp: switch to dev_getbyhwaddr() in arp_req_set_public() (git-fixes). - asus-laptop: Fix an uninitialized variable (git-fixes). - ata: libata-sata: Save all fields from sense data descriptor (git-fixes). - ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type (git-fixes). - ata: libata-scsi: Fix ata_msense_control_ata_feature() (git-fixes). - ata: libata-scsi: Improve CDL control (git-fixes). - ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() (git-fixes). - ata: sata_sx4: Add error handling in pdc20621_i2c_read() (git-fixes). - auxdisplay: hd44780: Convert to platform remove callback returning void (stable-fixes). - auxdisplay: hd44780: Fix an API misuse in hd44780.c (git-fixes). - badblocks: Fix error shitf ops (git-fixes). - badblocks: fix merge issue when new badblocks align with pre+1 (git-fixes). - badblocks: fix missing bad blocks on retry in _badblocks_check() (git-fixes). - badblocks: fix the using of MAX_BADBLOCKS (git-fixes). - badblocks: return error directly when setting badblocks exceeds 512 (git-fixes). - badblocks: return error if any badblock set fails (git-fixes). - blk-throttle: fix lower bps rate by throtl_trim_slice() (git-fixes). - block: change blk_mq_add_to_batch() third argument type to bool (git-fixes). - block: fix 'kmem_cache of name 'bio-108' already exists' (git-fixes). - block: fix conversion of GPT partition name to 7-bit (git-fixes). - block: fix resource leak in blk_register_queue() error path (git-fixes). - block: integrity: Do not call set_page_dirty_lock() (git-fixes). - block: make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone (git-fixes). - bnxt_en: Add missing skb_mark_for_recycle() in bnxt_rx_vlan() (git-fixes). - bnxt_en: Fix coredump logic to free allocated buffer (git-fixes). - bnxt_en: Fix ethtool -d byte order for 32-bit values (git-fixes). - bnxt_en: Fix out-of-bound memcpy() during ethtool -w (git-fixes). - bnxt_en: Linearize TX SKB if the fragments exceed the max (git-fixes). - bnxt_en: Mask the bd_cnt field in the TX BD properly (git-fixes). - bpf: Add missed var_off setting in coerce_subreg_to_size_sx() (git-fixes). - bpf: Add missed var_off setting in set_sext32_default_val() (git-fixes). - bpf: Check size for BTF-based ctx access of pointer members (git-fixes). - bpf: Fix mismatched RCU unlock flavour in bpf_out_neigh_v6 (git-fixes). - bpf: Fix theoretical prog_array UAF in __uprobe_perf_func() (git-fixes). - bpf: Scrub packet on bpf_redirect_peer (git-fixes). - bpf: add find_containing_subprog() utility function (bsc#1241590). - bpf: avoid holding freeze_mutex during mmap operation (git-fixes). - bpf: check changes_pkt_data property for extension programs (bsc#1241590). - bpf: consider that tail calls invalidate packet pointers (bsc#1241590). - bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs (bsc#1241590). - bpf: fix potential error return (git-fixes). - bpf: refactor bpf_helper_changes_pkt_data to use helper number (bsc#1241590). - bpf: track changes_pkt_data property for global functions (bsc#1241590). - bpf: unify VM_WRITE vs VM_MAYWRITE use in BPF map mmaping logic (git-fixes). - btrfs: add and use helper to verify the calling task has locked the inode (bsc#1241204). - btrfs: adjust subpage bit start based on sectorsize (bsc#1241492). - btrfs: always fallback to buffered write if the inode requires checksum (bsc#1242831 bsc#1242710). - btrfs: avoid NULL pointer dereference if no valid csum tree (bsc#1243342). - btrfs: avoid NULL pointer dereference if no valid extent tree (bsc#1236208). - btrfs: avoid monopolizing a core when activating a swap file (git-fixes). - btrfs: do not loop for nowait writes when checking for cross references (git-fixes). - btrfs: fix a leaked chunk map issue in read_one_chunk() (git-fixes). - btrfs: fix discard worker infinite loop after disabling discard (bsc#1242012). - btrfs: fix hole expansion when writing at an offset beyond EOF (bsc#1241151). - btrfs: fix missing snapshot drew unlock when root is dead during swap activation (bsc#1241204). - btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers (git-fixes). - btrfs: fix race with memory mapped writes when activating swap file (bsc#1241204). - btrfs: fix swap file activation failure due to extents that used to be shared (bsc#1241204). - can: bcm: add locking for bcm_op runtime updates (git-fixes). - can: bcm: add missing rcu read protection for procfs content (git-fixes). - can: gw: fix RCU/BH usage in cgw_create_job() (git-fixes). - can: mcan: m_can_class_unregister(): fix order of unregistration calls (git-fixes). - can: mcp251xfd: fix TDC setting for low data bit rates (git-fixes). - can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls (git-fixes). - can: slcan: allow reception of short error messages (git-fixes). - cdc_ether|r8152: ThinkPad Hybrid USB-C/A Dock quirk (stable-fixes). - char: misc: register chrdev region with all possible minors (git-fixes). - check-for-config-changes: Fix flag name typo - cifs: Fix integer overflow while processing actimeo mount option (git-fixes). - cifs: change tcon status when need_reconnect is set on it (git-fixes). - cifs: reduce warning log level for server not advertising interfaces (git-fixes). - counter: fix privdata alignment (git-fixes). - counter: microchip-tcb-capture: Fix undefined counter channel state on probe (git-fixes). - counter: stm32-lptimer-cnt: fix error handling when enabling (git-fixes). - cpufreq/cppc: Set the frequency used for computing the capacity (bsc#1238052) - cpufreq: Allow arch_freq_get_on_cpu to return an error (bsc#1238052) - cpufreq: Introduce an optional cpuinfo_avg_freq sysfs entry (bsc#1238052) - crypto: algif_hash - fix double free in hash_accept (git-fixes). - crypto: atmel-sha204a - Set hwrng quality to lowest possible (git-fixes). - crypto: caam/qi - Fix drv_ctx refcount bug (git-fixes). - crypto: ccp - Add support for PCI device 0x1134 (stable-fixes). - cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path (git-fixes). - devlink: fix port new reply cmd type (git-fixes). - dm-bufio: do not schedule in atomic context (git-fixes). - dm-ebs: fix prefetch-vs-suspend race (git-fixes). - dm-integrity: fix a warning on invalid table line (git-fixes). - dm-integrity: set ti->error on memory allocation failure (git-fixes). - dm-verity: fix prefetch-vs-suspend race (git-fixes). - dm: add missing unlock on in dm_keyslot_evict() (git-fixes). - dm: always update the array size in realloc_argv on success (git-fixes). - dm: fix copying after src array boundaries (git-fixes). - dma-buf: insert memory barrier before updating num_fences (git-fixes). - dmaengine: Revert 'dmaengine: dmatest: Fix dmatest waiting less when interrupted' (git-fixes). - dmaengine: dmatest: Fix dmatest waiting less when interrupted (stable-fixes). - dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals (git-fixes). - dmaengine: idxd: Add missing cleanups in cleanup internals (git-fixes). - dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call (git-fixes). - dmaengine: idxd: Fix ->poll() return value (git-fixes). - dmaengine: idxd: Fix allowing write() from different address spaces (git-fixes). - dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_alloc (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs (git-fixes). - dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status() (git-fixes). - dmaengine: mediatek: drop unused variable (git-fixes). - dmaengine: ti: k3-udma: Add missing locking (git-fixes). - dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy (git-fixes). - drivers: base: devres: Allow to release group on device release (stable-fixes). - drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp (stable-fixes). - drm/amd/display: Avoid flooding unnecessary info messages (git-fixes). - drm/amd/display: Copy AUX read reply data whenever length > 0 (git-fixes). - drm/amd/display: Correct the reply value when AUX write incomplete (git-fixes). - drm/amd/display: Fix gpu reset in multidisplay config (git-fixes). - drm/amd/display: Fix slab-use-after-free in hdcp (git-fixes). - drm/amd/display: Fix the checking condition in dmub aux handling (stable-fixes). - drm/amd/display: Fix wrong handling for AUX_DEFER case (git-fixes). - drm/amd/display: Force full update in gpu reset (stable-fixes). - drm/amd/display: Remove incorrect checking in dmub aux handler (git-fixes). - drm/amd/display: Shift DMUB AUX reply command if necessary (git-fixes). - drm/amd/display: add workaround flag to link to force FFE preset (stable-fixes). - drm/amd/display: more liberal vmin/vmax update for freesync (stable-fixes). - drm/amd/pm/smu11: Prevent division by zero (git-fixes). - drm/amd/pm: Prevent division by zero (git-fixes). - drm/amd: Add Suspend/Hibernate notification callback support (stable-fixes). - drm/amd: Handle being compiled without SI or CIK support better (stable-fixes). - drm/amd: Keep display off while going into S4 (stable-fixes). - drm/amdgpu/dma_buf: fix page_link check (git-fixes). - drm/amdgpu/gfx11: fix num_mec (git-fixes). - drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush (git-fixes). - drm/amdgpu: Queue KFD reset workitem in VF FED (stable-fixes). - drm/amdgpu: fix pm notifier handling (git-fixes). - drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() (stable-fixes). - drm/amdgpu: trigger flr_work if reading pf2vf data failed (stable-fixes). - drm/amdkfd: Fix mode1 reset crash issue (stable-fixes). - drm/amdkfd: Fix pqm_destroy_queue race with GPU reset (stable-fixes). - drm/amdkfd: clamp queue size to minimum (stable-fixes). - drm/amdkfd: debugfs hang_hws skip GPU with MES (stable-fixes). - drm/bridge: panel: forbid initializing a panel with unknown connector type (stable-fixes). - drm/dp_mst: Add a helper to queue a topology probe (stable-fixes). - drm/dp_mst: Factor out function to queue a topology probe work (stable-fixes). - drm/edid: fixed the bug that hdr metadata was not reset (git-fixes). - drm/fdinfo: Protect against driver unbind (git-fixes). - drm/i915/dg2: wait for HuC load completion before running selftests (stable-fixes). - drm/i915/gvt: fix unterminated-string-initialization warning (stable-fixes). - drm/i915/huc: Fix fence not released on early probe errors (git-fixes). - drm/i915/pxp: fix undefined reference to `intel_pxp_gsccs_is_ready_for_sessions' (git-fixes). - drm/i915/xelpg: Extend driver code of Xe_LPG to Xe_LPG+ (stable-fixes). - drm/i915: Disable RPG during live selftest (git-fixes). - drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off (stable-fixes). - drm/mediatek: mtk_dpi: Move the input_2p_en bit to platform data (stable-fixes). - drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill() (git-fixes). - drm/nouveau: prime: fix ttm_bo_delayed_delete oops (git-fixes). - drm/panel: simple: Update timings for AUO G101EVN010 (git-fixes). - drm/sti: remove duplicate object names (git-fixes). - drm/tests: Add helper to create mock crtc (stable-fixes). - drm/tests: Add helper to create mock plane (stable-fixes). - drm/tests: Build KMS helpers when DRM_KUNIT_TEST_HELPERS is enabled (git-fixes). - drm/tests: cmdline: Fix drm_display_mode memory leak (git-fixes). - drm/tests: helpers: Add atomic helpers (stable-fixes). - drm/tests: helpers: Add helper for drm_display_mode_from_cea_vic() (stable-fixes). - drm/tests: helpers: Create kunit helper to destroy a drm_display_mode (stable-fixes). - drm/tests: helpers: Fix compiler warning (git-fixes). - drm/tests: modes: Fix drm_display_mode memory leak (git-fixes). - drm/tests: probe-helper: Fix drm_display_mode memory leak (git-fixes). - drm/v3d: Add job to pending list if the reset was skipped (stable-fixes). - drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS (git-fixes). - drm: allow encoder mode_set even when connectors change for crtc (stable-fixes). - drm: panel-orientation-quirks: Add new quirk for GPD Win 2 (stable-fixes). - drm: panel-orientation-quirks: Add quirk for AYA NEO Slide (stable-fixes). - drm: panel-orientation-quirks: Add quirk for OneXPlayer Mini (Intel) (stable-fixes). - drm: panel-orientation-quirks: Add quirks for AYA NEO Flip DS and KB (stable-fixes). - drm: panel-orientation-quirks: Add support for AYANEO 2S (stable-fixes). - e1000e: change k1 configuration on MTP and later platforms (git-fixes). - eth: bnxt: fix missing ring index trim on error path (git-fixes). - ethtool: Fix context creation with no parameters (git-fixes). - ethtool: Fix set RXNFC command with symmetric RSS hash (git-fixes). - ethtool: Fix wrong mod state in case of verbose and no_mask bitset (git-fixes). - ethtool: do not propagate EOPNOTSUPP from dumps (git-fixes). - ethtool: fix setting key and resetting indir at once (git-fixes). - ethtool: netlink: Add missing ethnl_ops_begin/complete (git-fixes). - ethtool: netlink: do not return SQI value if link is down (git-fixes). - ethtool: plca: fix plca enable data type while parsing the value (git-fixes). - ethtool: rss: echo the context number back (git-fixes). - exfat: do not fallback to buffered write (git-fixes). - exfat: drop ->i_size_ondisk (git-fixes). - exfat: fix potential wrong error return from get_block (git-fixes). - exfat: fix soft lockup in exfat_clear_bitmap (git-fixes). - exfat: fix the infinite loop in exfat_find_last_cluster() (git-fixes). - exfat: short-circuit zero-byte writes in exfat_file_write_iter (git-fixes). - ext4: add missing brelse() for bh2 in ext4_dx_add_entry() (bsc#1242342). - ext4: correct encrypted dentry name hash when not casefolded (bsc#1242540). - ext4: do not over-report free space or inodes in statvfs (bsc#1242345). - ext4: do not treat fhandle lookup of ea_inode as FS corruption (bsc#1242347). - ext4: fix FS_IOC_GETFSMAP handling (bsc#1240557). - ext4: goto right label 'out_mmap_sem' in ext4_setattr() (bsc#1242556). - ext4: make block validity check resistent to sb bh corruption (bsc#1242348). - ext4: partial zero eof block on unaligned inode size extension (bsc#1242336). - ext4: protect ext4_release_dquot against freezing (bsc#1242335). - ext4: replace the traditional ternary conditional operator with with max()/min() (bsc#1242536). - ext4: treat end of range as exclusive in ext4_zero_range() (bsc#1242539). - ext4: unify the type of flexbg_size to unsigned int (bsc#1242538). - fbdev: omapfb: Add 'plane' value check (stable-fixes). - firmware: arm_ffa: Skip Rx buffer ownership release if not acquired (git-fixes). - firmware: arm_scmi: Balance device refcount when destroying devices (git-fixes). - firmware: cs_dsp: Ensure cs_dsp_load[_coeff]() returns 0 on success (git-fixes). - fs/jfs: Prevent integer overflow in AG size calculation (git-fixes). - fs/jfs: cast inactags to s64 to prevent potential overflow (git-fixes). - fs/ntfs3: add prefix to bitmap_size() and use BITS_TO_U64() (bsc#1241250). - fs: better handle deep ancestor chains in is_subdir() (bsc#1242528). - fs: consistently deref the files table with rcu_dereference_raw() (bsc#1242535). - fs: do not allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT (bsc#1242526). - fs: support relative paths with FSCONFIG_SET_STRING (git-fixes). - gpio: tegra186: fix resource handling in ACPI probe path (git-fixes). - gpio: zynq: Fix wakeup source leaks on device unbind (stable-fixes). - gve: handle overflow when reporting TX consumed descriptors (git-fixes). - gve: set xdp redirect target only when it is available (git-fixes). - hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key (git-fixes). - hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (git-fixes). - hv_netvsc: Remove rmsg_pgcnt (git-fixes). - hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages (git-fixes). - hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} (stable-fixes). - i2c: cros-ec-tunnel: defer probe if parent EC is not present (git-fixes). - i2c: designware: Fix an error handling path in i2c_dw_pci_probe() (git-fixes). - i2c: imx-lpi2c: Fix clock count when probe defers (git-fixes). - ice: Add check for devm_kzalloc() (git-fixes). - ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() (git-fixes). - ice: fix reservation of resources for RDMA when disabled (git-fixes). - ice: stop truncating queue ids when checking (git-fixes). - idpf: check error for register_netdev() on init (git-fixes). - idpf: fix adapter NULL pointer dereference on reboot (git-fixes). - idpf: fix offloads support for encapsulated packets (git-fixes). - idpf: fix potential memory leak on kcalloc() failure (git-fixes). - idpf: protect shutdown from reset (git-fixes). - igb: reject invalid external timestamp requests for 82580-based HW (git-fixes). - igc: add lock preventing multiple simultaneous PTM transactions (git-fixes). - igc: cleanup PTP module if probe fails (git-fixes). - igc: fix PTM cycle trigger logic (git-fixes). - igc: fix lock order in igc_ptp_reset (git-fixes). - igc: handle the IGC_PTP_ENABLED flag correctly (git-fixes). - igc: increase wait time before retrying PTM (git-fixes). - igc: move ktime snapshot into PTM retry loop (git-fixes). - iio: accel: adxl367: fix setting odr for activity time update (git-fixes). - iio: adc: ad7606: fix serial register access (git-fixes). - iio: adc: ad7768-1: Fix conversion result sign (git-fixes). - iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check (stable-fixes). - iio: adis16201: Correct inclinometer channel resolution (git-fixes). - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo (git-fixes). - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo (git-fixes). - iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer (git-fixes). - inetpeer: remove create argument of inet_getpeer_v() (git-fixes). - inetpeer: update inetpeer timestamp in inet_getpeer() (git-fixes). - iommu: Fix two issues in iommu_copy_struct_from_user() (git-fixes). - ipv4/route: avoid unused-but-set-variable warning (git-fixes). - ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR) (git-fixes). - ipv4: Convert icmp_route_lookup() to dscp_t (git-fixes). - ipv4: Fix incorrect source address in Record Route option (git-fixes). - ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family (git-fixes). - ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr (git-fixes). - ipv4: fix source address selection with route leak (git-fixes). - ipv4: give an IPv4 dev to blackhole_netdev (git-fixes). - ipv4: icmp: Pass full DS field to ip_route_input() (git-fixes). - ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() (git-fixes). - ipv4: ip_gre: Fix drops of small packets in ipgre_xmit (git-fixes). - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_md_tunnel_xmit() (git-fixes). - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev() (git-fixes). - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_xmit() (git-fixes). - ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid (git-fixes). - ipv4: raw: Fix sending packets from raw sockets via IPsec tunnels (git-fixes). - ipv6: Align behavior across nexthops during path selection (git-fixes). - ipv6: Do not consider link down nexthops in path selection (git-fixes). - ipv6: Start path selection from the first nexthop (git-fixes). - ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS (git-fixes). - irqchip/davinci: Remove leftover header (git-fixes). - irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() (git-fixes). - irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs (git-fixes). - isofs: fix KMSAN uninit-value bug in do_isofs_readdir() (bsc#1242307). - jbd2: add a missing data flush during file and fs synchronization (bsc#1242346). - jbd2: fix off-by-one while erasing journal (bsc#1242344). - jbd2: flush filesystem device before updating tail sequence (bsc#1242333). - jbd2: increase IO priority for writing revoke records (bsc#1242332). - jbd2: increase the journal IO's priority (bsc#1242537). - jbd2: remove wrong sb->s_sequence check (bsc#1242343). - jfs: Fix uninit-value access of imap allocated in the diMount() function (git-fixes). - jfs: Prevent copying of nlink with value 0 from disk inode (git-fixes). - jfs: add sanity check for agwidth in dbMount (git-fixes). - jiffies: Cast to unsigned long in secs_to_jiffies() conversion (bsc#1242993). - jiffies: Define secs_to_jiffies() (bsc#1242993). - kABI fix for sctp: detect and prevent references to a freed transport in sendmsg (git-fixes). - kABI workaround for powercap update (bsc#1241010). - kernel-binary: Support livepatch_rt with merged RT branch - kernel-obs-qa: Use srchash for dependency as well - ktest: Fix Test Failures Due to Missing LOG_FILE Directories (stable-fixes). - kunit: qemu_configs: SH: Respect kunit cmdline (git-fixes). - lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets (git-fixes). - libperf cpumap: Be tolerant of newline at the end of a cpumask (bsc#1234698 jsc#PED-12309). - libperf cpumap: Ensure empty cpumap is NULL from alloc (bsc#1234698 jsc#PED-12309). - libperf cpumap: Grow array of read CPUs in smaller increments (bsc#1234698 jsc#PED-12309). - libperf cpumap: Hide/reduce scope of MAX_NR_CPUS (bsc#1234698 jsc#PED-12309). - libperf cpumap: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__default_new() to perf_cpu_map__new_online_cpus() and prefer sysfs (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__dummy_new() to perf_cpu_map__new_any_cpu() (bsc#1234698 jsc#PED-12309). - libperf cpumap: Rename perf_cpu_map__empty() to perf_cpu_map__has_any_cpu_or_is_empty() (bsc#1234698 jsc#PED-12309). - loop: Add sanity check for read/write_iter (git-fixes). - loop: LOOP_SET_FD: send uevents for partitions (git-fixes). - loop: aio inherit the ioprio of original request (git-fixes). - loop: do not require ->write_iter for writable files in loop_configure (git-fixes). - loop: properly send KOBJ_CHANGED uevent for disk device (git-fixes). - loop: stop using vfs_iter_{read,write} for buffered I/O (git-fixes). - md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb (bsc#1238212) - md/raid1,raid10: do not ignore IO flags (git-fixes). - md/raid10: fix missing discard IO accounting (git-fixes). - md/raid10: wait barrier before returning discard request with REQ_NOWAIT (git-fixes). - md/raid1: Add check for missing source disk in process_checks() (git-fixes). - md/raid1: fix memory leak in raid1_run() if no active rdev (git-fixes). - md/raid5: implement pers->bitmap_sector() (git-fixes). - md: add a new callback pers->bitmap_sector() (git-fixes). - md: ensure resync is prioritized over recovery (git-fixes). - md: fix mddev uaf while iterating all_mddevs list (git-fixes). - md: preserve KABI in struct md_personality v2 (git-fixes). - media: uvcvideo: Add quirk for Actions UVC05 (stable-fixes). - media: videobuf2: Add missing doc comment for waiting_in_dqbuf (git-fixes). - mei: me: add panther lake H DID (stable-fixes). - misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration (git-fixes). - misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack (git-fixes). - mm/readahead: fix large folio support in async readahead (bsc#1242321). - mm: fix error handling in __filemap_get_folio() with FGP_NOWAIT (bsc#1242326). - mm: fix filemap_get_folios_contig returning batches of identical folios (bsc#1242327). - mm: fix oops when filemap_map_pmd() without prealloc_pte (bsc#1242546). - mmc: dw_mmc: add a quirk for accessing 64-bit FIFOs in two halves (stable-fixes). - mmc: renesas_sdhi: Fix error handling in renesas_sdhi_probe (git-fixes). - mmc: sdhci-pxav3: set NEED_RSP_BUSY capability (stable-fixes). - mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN (git-fixes). - mptcp: refine opt_mp_capable determination (git-fixes). - mptcp: relax check on MPC passive fallback (git-fixes). - mptcp: strict validation before using mp_opt->hmac (git-fixes). - mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req() (git-fixes). - mtd: inftlcore: Add error check for inftl_read_oob() (git-fixes). - mtd: phram: Add the kernel lock down check (bsc#1232649). - mtd: rawnand: Add status chack in r852_ready() (git-fixes). - neighbour: delete redundant judgment statements (git-fixes). - net/handshake: Fix handshake_req_destroy_test1 (git-fixes). - net/handshake: Fix memory leak in __sock_create() and sock_alloc_file() (git-fixes). - net/ipv6: Fix route deleting failure when metric equals 0 (git-fixes). - net/ipv6: Fix the RT cache flush via sysctl using a previous delay (git-fixes). - net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged (git-fixes). - net/mlx5: E-Switch, Initialize MAC Address for Default GID (git-fixes). - net/mlx5: E-switch, Fix error handling for enabling roce (git-fixes). - net/mlx5: Fill out devlink dev info only for PFs (git-fixes). - net/mlx5: IRQ, Fix null string in debug print (git-fixes). - net/mlx5: Lag, Check shared fdb before creating MultiPort E-Switch (git-fixes). - net/mlx5: Start health poll after enable hca (git-fixes). - net/mlx5e: Disable MACsec offload for uplink representor profile (git-fixes). - net/mlx5e: Fix ethtool -N flow-type ip4 to RSS context (git-fixes). - net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices (git-fixes). - net/mlx5e: SHAMPO, Make reserved size independent of page size (git-fixes). - net/tcp: refactor tcp_inet6_sk() (git-fixes). - net: Add non-RCU dev_getbyhwaddr() helper (git-fixes). - net: Clear old fragment checksum value in napi_reuse_skb (git-fixes). - net: Handle napi_schedule() calls from non-interrupt (git-fixes). - net: Implement missing SO_TIMESTAMPING_NEW cmsg support (git-fixes). - net: Remove acked SYN flag from packet in the transmit queue correctly (git-fixes). - net: annotate data-races around sk->sk_dst_pending_confirm (git-fixes). - net: annotate data-races around sk->sk_tx_queue_mapping (git-fixes). - net: blackhole_dev: fix build warning for ethh set but not used (git-fixes). - net: do not dump stack on queue timeout (git-fixes). - net: ethtool: Do not call .cleanup_data when prepare_data fails (git-fixes). - net: ethtool: Fix RSS setting (git-fixes). - net: gro: parse ipv6 ext headers without frag0 invalidation (git-fixes). - net: ipv6: fix UDPv6 GSO segmentation with NAT (git-fixes). - net: ipv6: ioam6: fix lwtunnel_output() loop (git-fixes). - net: loopback: Avoid sending IP packets without an Ethernet header (git-fixes). - net: mana: Switch to page pool for jumbo frames (git-fixes). - net: mark racy access on sk->sk_rcvbuf (git-fixes). - net: phy: leds: fix memory leak (git-fixes). - net: phy: microchip: force IRQ polling mode for lan88xx (git-fixes). - net: qede: Initialize qede_ll_ops with designated initializer (git-fixes). - net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets (git-fixes). - net: sctp: fix skb leak in sctp_inq_free() (git-fixes). - net: set SOCK_RCU_FREE before inserting socket into hashtable (git-fixes). - net: set the minimum for net_hotdata.netdev_budget_usecs (git-fixes). - net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension (git-fixes). - net: usb: asix_devices: add FiberGecko DeviceID (stable-fixes). - net: usb: qmi_wwan: add Telit Cinterion FE990B composition (stable-fixes). - net: usb: qmi_wwan: add Telit Cinterion FN990B composition (stable-fixes). - net_sched: drr: Fix double list add in class with netem as child qdisc (git-fixes). - net_sched: ets: Fix double list add in class with netem as child qdisc (git-fixes). - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (git-fixes). - net_sched: qfq: Fix double list add in class with netem as child qdisc (git-fixes). - netdev-genl: avoid empty messages in queue dump (git-fixes). - netdev: fix repeated netlink messages in queue dump (git-fixes). - netlink: annotate data-races around sk->sk_err (git-fixes). - netpoll: Ensure clean state on setup failures (git-fixes). - netpoll: Use rcu_access_pointer() in netpoll_poll_lock (git-fixes). - nfs: add missing selections of CONFIG_CRC32 (git-fixes). - nfs: clear SB_RDONLY before getting superblock (bsc#1238565). - nfs: handle failure of nfs_get_lock_context in unlock path (git-fixes). - nfs: ignore SB_RDONLY when remounting nfs (bsc#1238565). - nfsd: add list_head nf_gc to struct nfsd_file (git-fixes). - nfsd: decrease sc_count directly if fail to queue dl_recall (git-fixes). - nfsd: put dl_stid if fail to queue dl_recall (git-fixes). - nilfs2: add pointer check for nilfs_direct_propagate() (git-fixes). - nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() (git-fixes). - ntb: Force physically contiguous allocation of rx ring buffers (git-fixes). - ntb: intel: Fix using link status DB's (git-fixes). - ntb: reduce stack usage in idt_scan_mws (stable-fixes). - ntb: use 64-bit arithmetic for the MSI doorbell mask (git-fixes). - ntb_hw_amd: Add NTB PCI ID for new gen CPU (stable-fixes). - ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (git-fixes). - ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() (git-fixes). - ntb_perf: Fix printk format (git-fixes). - nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable (git-fixes bsc#1223096). - nvme-pci: add quirk for Samsung PM173x/PM173xa disk (bsc#1241148). - nvme-pci: clean up CMBMSC when registering CMB fails (git-fixes). - nvme-pci: fix queue unquiesce check on slot_reset (git-fixes). - nvme-pci: fix stuck reset on concurrent DPC and HP (git-fixes). - nvme-pci: make nvme_pci_npages_prp() __always_inline (git-fixes). - nvme-pci: skip CMB blocks incompatible with PCI P2P DMA (git-fixes). - nvme-pci: skip nvme_write_sq_db on empty rqlist (git-fixes). - nvme-tcp: fix possible UAF in nvme_tcp_poll (git-fixes). - nvme-tcp: fix premature queue removal and I/O failover (git-fixes). - nvme-tcp: select CONFIG_TLS from CONFIG_NVME_TCP_TLS (git-fixes). - nvme/ioctl: do not warn on vectorized uring_cmd with fixed buffer (git-fixes). - nvme: Add 'partial_nid' quirk (bsc#1241148). - nvme: Add warning when a partiually unique NID is detected (bsc#1241148). - nvme: fixup scan failure for non-ANA multipath controllers (git-fixes). - nvme: multipath: fix return value of nvme_available_path (git-fixes). - nvme: re-read ANA log page after ns scan completes (git-fixes). - nvme: requeue namespace scan on missed AENs (git-fixes). - nvme: unblock ctrl state transition for firmware update (git-fixes). - nvmet-fc: inline nvmet_fc_delete_assoc (git-fixes). - nvmet-fc: inline nvmet_fc_free_hostport (git-fixes). - nvmet-fc: put ref when assoc->del_work is already scheduled (git-fixes). - nvmet-fc: take tgtport reference only once (git-fixes). - nvmet-fc: update tgtport ref per assoc (git-fixes). - nvmet-fcloop: Remove remote port from list when unlinking (git-fixes). - nvmet-fcloop: add ref counting to lport (git-fixes). - nvmet-fcloop: replace kref with refcount (git-fixes). - nvmet-fcloop: swap list_add_tail arguments (git-fixes). - nvmet-tcp: select CONFIG_TLS from CONFIG_NVME_TARGET_TCP_TLS (git-fixes). - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (git-fixes). - objtool, panic: Disable SMAP in __stack_chk_fail() (bsc#1243963). - objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() (git-fixes). - objtool: Fix segfault in ignore_unreachable_insn() (git-fixes). - ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes). - octeontx2-pf: qos: fix VF root node parent queue index (git-fixes). - padata: do not leak refcount in reorder_work (git-fixes). - perf cpumap: Reduce transitive dependencies on libperf MAX_NR_CPUS (bsc#1234698 jsc#PED-12309). - perf pmu: Remove use of perf_cpu_map__read() (bsc#1234698 jsc#PED-12309). - perf tools: annotate asm_pure_loop.S (bsc#1239906). - perf: Increase MAX_NR_CPUS to 4096 (bsc#1234698 jsc#PED-12309). - perf: arm_cspmu: nvidia: enable NVLINK-C2C port filtering (bsc#1242172) - perf: arm_cspmu: nvidia: fix sysfs path in the kernel doc (bsc#1242172) - perf: arm_cspmu: nvidia: monitor all ports by default (bsc#1242172) - perf: arm_cspmu: nvidia: remove unsupported SCF events (bsc#1242172) - phy: Fix error handling in tegra_xusb_port_init (git-fixes). - phy: freescale: imx8m-pcie: assert phy reset and perst in power off (git-fixes). - phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind (git-fixes). - phy: renesas: rcar-gen3-usb2: Set timing registers only once (git-fixes). - phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking (git-fixes). - phy: tegra: xusb: remove a stray unlock (git-fixes). - pinctrl: renesas: rza2: Fix potential NULL pointer dereference (stable-fixes). - platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) (git-fixes). - platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles (stable-fixes). - platform/x86/intel-uncore-freq: Fix missing uncore sysfs during CPU hotplug (git-fixes). - platform/x86/intel/vsec: Add Diamond Rapids support (stable-fixes). - platform/x86: ISST: Correct command storage data length (git-fixes). - platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection (git-fixes). - platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() (git-fixes). - platform/x86: intel-hid: fix volume buttons on Microsoft Surface Go 4 tablet (stable-fixes). - pm: cpupower: bench: Prevent NULL dereference on malloc failure (stable-fixes). - powercap: dtpm_devfreq: Fix error check against dev_pm_qos_add_request() (git-fixes). - powercap: intel_rapl: Fix locking in TPMI RAPL (git-fixes). - powercap: intel_rapl: Introduce APIs for PMU support (bsc#1241010). - powercap: intel_rapl_tpmi: Enable PMU support (bsc#1241010). - powercap: intel_rapl_tpmi: Fix System Domain probing (git-fixes). - powercap: intel_rapl_tpmi: Fix bogus register reading (git-fixes). - powercap: intel_rapl_tpmi: Ignore minor version change (git-fixes). - powerpc/boot: Check for ld-option support (bsc#1215199). - powerpc/boot: Fix dash warning (bsc#1215199). - powerpc/pseries/iommu: create DDW for devices with DMA mask less than 64-bits (bsc#1239691 bsc#1243044 ltc#212555). - pwm: fsl-ftm: Handle clk_get_rate() returning 0 (git-fixes). - pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() (git-fixes). - pwm: rcar: Improve register calculation (git-fixes). - qibfs: fix _another_ leak (git-fixes) - rcu/tasks-trace: Handle new PF_IDLE semantics (git-fixes) - rcu/tasks: Handle new PF_IDLE semantics (git-fixes) - rcu: Break rcu_node_0 --> &rq->__lock order (git-fixes) - rcu: Introduce rcu_cpu_online() (git-fixes) - regulator: max20086: fix invalid memory access (git-fixes). - rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038). - rtc: pcf85063: do a SW reset if POR failed (stable-fixes). - rtnetlink: Allocate vfinfo size for VF GUIDs when supported (bsc#1224013). - s390/bpf: Store backchain even for leaf progs (git-fixes bsc#1243805). - s390/cio: Fix CHPID 'configure' attribute caching (git-fixes bsc#1240979). - s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (git-fixes bsc#1240978). - sched/topology: Add a new arch_scale_freq_ref() method (bsc#1238052) - scsi: Improve CDL control (git-fixes). - scsi: core: Clear flags for scsi_cmnd that did not complete (git-fixes). - scsi: core: Use GFP_NOIO to avoid circular locking dependency (git-fixes). - scsi: hisi_sas: Enable force phy when SATA disk directly connected (git-fixes). - scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes (git-fixes). - scsi: iscsi: Fix missing scsi_host_put() in error path (git-fixes). - scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk (bsc#1242993). - scsi: lpfc: Convert timeouts to secs_to_jiffies() (bsc#1242993). - scsi: lpfc: Copyright updates for 14.4.0.9 patches (bsc#1242993). - scsi: lpfc: Create lpfc_vmid_info sysfs entry (bsc#1242993). - scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands (bsc#1242993). - scsi: lpfc: Fix spelling mistake 'Toplogy' -> 'Topology' (bsc#1242993). - scsi: lpfc: Notify FC transport of rport disappearance during PCI fcn reset (bsc#1242993). - scsi: lpfc: Prevent failure to reregister with NVMe transport after PRLI retry (bsc#1242993). - scsi: lpfc: Restart eratt_poll timer if HBA_SETUP flag still unset (bsc#1242993). - scsi: lpfc: Restore clearing of NLP_UNREG_INP in ndlp->nlp_flag (git-fixes). - scsi: lpfc: Update lpfc version to 14.4.0.9 (bsc#1242993). - scsi: lpfc: Use memcpy() for BIOS version (bsc#1240966). - scsi: lpfc: convert timeouts to secs_to_jiffies() (bsc#1242993). - scsi: megaraid_sas: Block zero-length ATA VPD inquiry (git-fixes). - scsi: mpi3mr: Fix locking in an error path (git-fixes). - scsi: mpt3sas: Fix a locking bug in an error path (git-fixes). - scsi: mpt3sas: Reduce log level of ignore_delay_remove message to KERN_INFO (git-fixes). - scsi: pm80xx: Set phy_attached to zero when device is gone (git-fixes). - scsi: qla2xxx: Fix typos in a comment (bsc#1243090). - scsi: qla2xxx: Mark device strings as nonstring (bsc#1243090). - scsi: qla2xxx: Remove duplicate struct crb_addr_pair (bsc#1243090). - scsi: qla2xxx: Remove unused module parameters (bsc#1243090). - scsi: qla2xxx: Remove unused ql_log_qp (bsc#1243090). - scsi: qla2xxx: Remove unused qla2x00_gpsc() (bsc#1243090). - scsi: qla2xxx: Remove unused qla82xx_pci_region_offset() (bsc#1243090). - scsi: qla2xxx: Remove unused qla82xx_wait_for_state_change() (bsc#1243090). - scsi: qla2xxx: Remove unused qlt_83xx_iospace_config() (bsc#1243090). - scsi: qla2xxx: Remove unused qlt_fc_port_deleted() (bsc#1243090). - scsi: qla2xxx: Remove unused qlt_free_qfull_cmds() (bsc#1243090). - scsi: scsi_debug: Remove a reference to in_use_bm (git-fixes). - sctp: Fix undefined behavior in left shift operation (git-fixes). - sctp: add mutual exclusion in proc_sctp_do_udp_port() (git-fixes). - sctp: detect and prevent references to a freed transport in sendmsg (git-fixes). - sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start (git-fixes). - sctp: fix association labeling in the duplicate COOKIE-ECHO case (git-fixes). - sctp: fix busy polling (git-fixes). - sctp: prefer struct_size over open coded arithmetic (git-fixes). - sctp: support MSG_ERRQUEUE flag in recvmsg() (git-fixes). - security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375). - selftests/bpf: Add a few tests to cover (git-fixes). - selftests/bpf: Add test for narrow ctx load for pointer args (git-fixes). - selftests/bpf: extend changes_pkt_data with cases w/o subprograms (bsc#1241590). - selftests/bpf: freplace tests for tracking of changes_packet_data (bsc#1241590). - selftests/bpf: test for changing packet data from global functions (bsc#1241590). - selftests/bpf: validate that tail call invalidates packet pointers (bsc#1241590). - selftests/futex: futex_waitv wouldblock test should fail (git-fixes). - selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test (bsc#1242203). - selftests/mm: generate a temporary mountpoint for cgroup filesystem (git-fixes). - selinux: Implement mptcp_add_subflow hook (bsc#1240375). - serial: 8250_dma: terminate correct DMA in tx_dma_flush() (git-fixes). - serial: msm: Configure correct working mode before starting earlycon (git-fixes). - serial: sifive: lock port in startup()/shutdown() callbacks (git-fixes). - smb3: fix Open files on server counter going negative (git-fixes). - smb: client: Use str_yes_no() helper function (git-fixes). - smb: client: allow more DFS referrals to be cached (git-fixes). - smb: client: avoid unnecessary reconnects when refreshing referrals (git-fixes). - smb: client: change return value in open_cached_dir_by_dentry() if !cfids (git-fixes). - smb: client: do not retry DFS targets on server shutdown (git-fixes). - smb: client: do not trust DFSREF_STORAGE_SERVER bit (git-fixes). - smb: client: do not try following DFS links in cifs_tree_connect() (git-fixes). - smb: client: fix DFS interlink failover (git-fixes). - smb: client: fix DFS mount against old servers with NTLMSSP (git-fixes). - smb: client: fix folio leaks and perf improvements (bsc#1239997, bsc1241265). - smb: client: fix hang in wait_for_response() for negproto (bsc#1242709). - smb: client: fix open_cached_dir retries with 'hard' mount option (bsc#1240616). - smb: client: fix potential race in cifs_put_tcon() (git-fixes). - smb: client: fix return value of parse_dfs_referrals() (git-fixes). - smb: client: get rid of @nlsc param in cifs_tree_connect() (git-fixes). - smb: client: get rid of TCP_Server_Info::refpath_lock (git-fixes). - smb: client: get rid of kstrdup() in get_ses_refpath() (git-fixes). - smb: client: improve purging of cached referrals (git-fixes). - smb: client: introduce av_for_each_entry() helper (git-fixes). - smb: client: optimize referral walk on failed link targets (git-fixes). - smb: client: parse DNS domain name from domain= option (git-fixes). - smb: client: parse av pair type 4 in CHALLENGE_MESSAGE (git-fixes). - smb: client: provide dns_resolve_{unc,name} helpers (git-fixes). - smb: client: refresh referral without acquiring refpath_lock (git-fixes). - smb: client: remove unnecessary checks in open_cached_dir() (git-fixes). - sound/virtio: Fix cancel_sync warnings on uninitialized work_structs (stable-fixes). - spi: loopback-test: Do not split 1024-byte hexdumps (git-fixes). - spi: spi-fsl-dspi: Halt the module after a new message transfer (git-fixes). - spi: spi-fsl-dspi: Reset SR flags before sending a new message (git-fixes). - spi: spi-fsl-dspi: restrict register range for regmap access (git-fixes). - spi: tegra114: Do not fail set_cs_timing when delays are zero (git-fixes). - spi: tegra114: Use value to check for invalid delays (git-fixes). - spi: tegra210-quad: add rate limiting and simplify timeout error message (stable-fixes). - spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts (stable-fixes). - splice: remove duplicate noinline from pipe_clear_nowait (bsc#1242328). - staging: axis-fifo: Correct handling of tx_fifo_depth for size validation (git-fixes). - staging: axis-fifo: Remove hardware resets for user errors (git-fixes). - staging: iio: adc: ad7816: Correct conditional logic for store mode (git-fixes). - staging: rtl8723bs: select CONFIG_CRYPTO_LIB_AES (git-fixes). - string: Add load_unaligned_zeropad() code path to sized_strscpy() (git-fixes). - tcp: fix mptcp DSS corruption due to large pmtu xmit (git-fixes). - tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress() (git-fixes). - tcp_cubic: fix incorrect HyStart round start detection (git-fixes). - thermal: intel: x86_pkg_temp_thermal: Fix bogus trip temperature (git-fixes). - thunderbolt: Scan retimers after device router has been enumerated (stable-fixes). - tools/hv: update route parsing in kvp daemon (git-fixes). - tools/power turbostat: Increase CPU_SUBSET_MAXCPUS to 8192 (bsc#1241175). - tools/power turbostat: report CoreThr per measurement interval (git-fixes). - topology: Set capacity_freq_ref in all cases (bsc#1238052) - tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870). - tpm: tis: Double the timeout B to 4s (bsc#1235870). - tpm_tis: Move CRC check to generic send routine (bsc#1235870). - tpm_tis: Use responseRetry to recover from data transfer errors (bsc#1235870). - tty: n_tty: use uint for space returned by tty_write_room() (git-fixes). - tty: serial: 8250: Add Brainboxes XC devices (stable-fixes). - tty: serial: 8250: Add some more device IDs (stable-fixes). - tty: serial: fsl_lpuart: disable transmitter before changing RS485 related registers (git-fixes). - tty: serial: lpuart: only disable CTS instead of overwriting the whole UARTMODIR register (git-fixes). - ublk: set_params: properly check if parameters can be applied (git-fixes). - ucsi_ccg: Do not show failed to get FW build information error (git-fixes). - udf: Fix inode_getblk() return value (bsc#1242313). - udf: Skip parent dir link count update if corrupted (bsc#1242315). - udf: Verify inode link counts before performing rename (bsc#1242314). - usb: cdns3: Fix deadlock when using NCM gadget (git-fixes). - usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version (git-fixes). - usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines (git-fixes). - usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling (git-fixes). - usb: dwc3: Set SUSPENDENABLE soon after phy init (git-fixes). - usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield (stable-fixes). - usb: dwc3: gadget: Refactor loop to avoid NULL endpoints (stable-fixes). - usb: dwc3: gadget: check that event count does not exceed event buffer length (git-fixes). - usb: dwc3: xilinx: Prevent spike in reset signal (git-fixes). - usb: gadget: Use get_status callback to set remote wakeup capability (git-fixes). - usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() (stable-fixes). - usb: gadget: f_ecm: Add get_status callback (git-fixes). - usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN (git-fixes). - usb: host: max3421-hcd: Add missing spi_device_id table (stable-fixes). - usb: host: tegra: Prevent host controller crash when OTG port is used (git-fixes). - usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func (stable-fixes). - usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive (stable-fixes). - usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive (stable-fixes). - usb: typec: class: Invalidate USB device pointers on partner unregistration (git-fixes). - usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition (git-fixes). - usb: typec: ucsi: displayport: Fix NULL pointer access (git-fixes). - usb: uhci-platform: Make the clock really optional (git-fixes). - usb: usbtmc: Fix erroneous generic_read ioctl return (git-fixes). - usb: usbtmc: Fix erroneous get_stb ioctl error returns (git-fixes). - usb: usbtmc: Fix erroneous wait_srq ioctl return (git-fixes). - usb: xhci: correct debug message page size calculation (git-fixes). - usbnet:fix NPE during rx_complete (git-fixes). - vdpa/mlx5: Fix oversized null mkey longer than 32bit (git-fixes). - vfs: do not mod negative dentry count when on shrinker list (bsc#1242534). - vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint (git-fixes). - virtchnl: make proto and filter action count unsigned (git-fixes). - virtio_console: fix missing byte order handling for cols and rows (git-fixes). - vmxnet3: Fix tx queue race condition with XDP (bsc#1241394). - vmxnet3: unregister xdp rxq info in the reset path (bsc#1241394). - wifi: at76c50x: fix use after free access in at76_disconnect (git-fixes). - wifi: ath11k: fix memory leak in ath11k_xxx_remove() (git-fixes). - wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi (stable-fixes). - wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process (stable-fixes). - wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() (git-fixes). - wifi: brcmfmac: keep power during suspend if board requires it (stable-fixes). - wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation (git-fixes). - wifi: iwlwifi: fw: allocate chained SG tables for dump (stable-fixes). - wifi: iwlwifi: mvm: use the right version of the rate API (stable-fixes). - wifi: mac80211: Purge vif txq in ieee80211_do_stop() (git-fixes). - wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request (git-fixes). - wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() (git-fixes). - wifi: mac80211: flush the station before moving it to UN-AUTHORIZED state (stable-fixes). - wifi: mt76: disable napi on driver removal (git-fixes). - wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table (stable-fixes). - wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release (git-fixes). - wifi: wl1251: fix memory leak in wl1251_tx_work (git-fixes). - x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778). - x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778). - x86/bpf: Call branch history clearing sequence on exit (bsc#1242778). - x86/bugs: Add RSB mitigation document (git-fixes). - x86/bugs: Do not fill RSB on VMEXIT with eIBRS+retpoline (git-fixes). - x86/bugs: Do not fill RSB on context switch with eIBRS (git-fixes). - x86/bugs: Fix RSB clearing in indirect_branch_prediction_barrier() (git-fixes). - x86/bugs: Rename entry_ibpb() to write_ibpb() (git-fixes). - x86/bugs: Use SBPB in write_ibpb() if applicable (git-fixes). - x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment (git-fixes). - x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (git-fixes). - x86/hyperv: Fix check of return value from snp_set_vmsa() (git-fixes). - x86/its: Fix build errors when CONFIG_MODULES=n (git-fixes). - x86/microcode/AMD: Fix a -Wsometimes-uninitialized clang false positive (git-fixes). - x86/microcode/AMD: Flush patch buffer mapping after application (git-fixes). - x86/microcode/AMD: Pay attention to the stepping dynamically (git-fixes). - x86/microcode/AMD: Split load_microcode_amd() (git-fixes). - x86/microcode/AMD: Use the family,model,stepping encoded in the patch ID (git-fixes). - x86/microcode/intel: Set new revision only after a successful update (git-fixes). - x86/microcode: Remove the driver announcement and version (git-fixes). - x86/microcode: Rework early revisions reporting (git-fixes). - x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT (git-fixes). - x86/tdx: Emit warning if IRQs are enabled during HLT #VE handling (git-fixes). - x86/tdx: Fix arch_safe_halt() execution for TDX VMs (git-fixes). - x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs (git-fixes). - x86/xen: move xen_reserve_extra_memory() (git-fixes). - xen/mcelog: Add __nonstring annotations for unterminated strings (git-fixes). - xen: Change xen-acpi-processor dom0 dependency (git-fixes). - xenfs/xensyms: respect hypervisor's 'next' indication (git-fixes). - xfs: flush inodegc before swapon (git-fixes). - xhci: Add helper to set an interrupters interrupt moderation interval (git-fixes). - xhci: Clean up stale comment on ERST_SIZE macro (stable-fixes). - xhci: Fix null pointer dereference during S4 resume when resetting ep0 (bsc#1235550). - xhci: Reconfigure endpoint 0 max packet size only during endpoint reset (bsc#1235550). - xhci: fix possible null pointer deref during xhci urb enqueue (bsc#1235550). - xhci: split free interrupter into separate remove and free parts (git-fixes). - xsk: Add truesize to skb_add_rx_frag() (git-fixes). - xsk: Do not assume metadata is always requested in TX completion (git-fixes). - zap_pid_ns_processes: clear TIF_NOTIFY_SIGNAL along with TIF_SIGPENDING (bsc#1241167). Important SUSE bug 1215199 SUSE bug 1220112 SUSE bug 1223096 SUSE bug 1223809 SUSE bug 1224013 SUSE bug 1224597 SUSE bug 1224757 SUSE bug 1226498 SUSE bug 1228659 SUSE bug 1229491 SUSE bug 1230581 SUSE bug 1230764 SUSE bug 1231016 SUSE bug 1231103 SUSE bug 1231910 SUSE bug 1232493 SUSE bug 1232649 SUSE bug 1232882 SUSE bug 1233075 SUSE bug 1233098 SUSE bug 1233192 SUSE bug 1234074 SUSE bug 1234154 SUSE bug 1234157 SUSE bug 1234698 SUSE bug 1235149 SUSE bug 1235501 SUSE bug 1235526 SUSE bug 1235550 SUSE bug 1235870 SUSE bug 1235968 SUSE bug 1236086 SUSE bug 1236142 SUSE bug 1236208 SUSE bug 1236704 SUSE bug 1237111 SUSE bug 1237312 SUSE bug 1237874 SUSE bug 1237882 SUSE bug 1238052 SUSE bug 1238212 SUSE bug 1238471 SUSE bug 1238473 SUSE bug 1238527 SUSE bug 1238565 SUSE bug 1238714 SUSE bug 1238737 SUSE bug 1238742 SUSE bug 1238745 SUSE bug 1238746 SUSE bug 1238774 SUSE bug 1238862 SUSE bug 1238961 SUSE bug 1238970 SUSE bug 1238983 SUSE bug 1238990 SUSE bug 1238992 SUSE bug 1239066 SUSE bug 1239079 SUSE bug 1239108 SUSE bug 1239470 SUSE bug 1239475 SUSE bug 1239476 SUSE bug 1239487 SUSE bug 1239510 SUSE bug 1239684 SUSE bug 1239691 SUSE bug 1239906 SUSE bug 1239925 SUSE bug 1239997 SUSE bug 1240167 SUSE bug 1240168 SUSE bug 1240171 SUSE bug 1240176 SUSE bug 1240181 SUSE bug 1240184 SUSE bug 1240185 SUSE bug 1240375 SUSE bug 1240557 SUSE bug 1240575 SUSE bug 1240576 SUSE bug 1240581 SUSE bug 1240582 SUSE bug 1240583 SUSE bug 1240584 SUSE bug 1240585 SUSE bug 1240587 SUSE bug 1240590 SUSE bug 1240591 SUSE bug 1240592 SUSE bug 1240593 SUSE bug 1240594 SUSE bug 1240595 SUSE bug 1240596 SUSE bug 1240600 SUSE bug 1240612 SUSE bug 1240616 SUSE bug 1240639 SUSE bug 1240643 SUSE bug 1240647 SUSE bug 1240655 SUSE bug 1240691 SUSE bug 1240700 SUSE bug 1240701 SUSE bug 1240703 SUSE bug 1240708 SUSE bug 1240709 SUSE bug 1240712 SUSE bug 1240713 SUSE bug 1240714 SUSE bug 1240715 SUSE bug 1240716 SUSE bug 1240717 SUSE bug 1240718 SUSE bug 1240719 SUSE bug 1240720 SUSE bug 1240722 SUSE bug 1240727 SUSE bug 1240739 SUSE bug 1240740 SUSE bug 1240742 SUSE bug 1240779 SUSE bug 1240783 SUSE bug 1240784 SUSE bug 1240785 SUSE bug 1240795 SUSE bug 1240796 SUSE bug 1240797 SUSE bug 1240799 SUSE bug 1240801 SUSE bug 1240802 SUSE bug 1240806 SUSE bug 1240808 SUSE bug 1240809 SUSE bug 1240811 SUSE bug 1240812 SUSE bug 1240813 SUSE bug 1240815 SUSE bug 1240816 SUSE bug 1240819 SUSE bug 1240821 SUSE bug 1240825 SUSE bug 1240829 SUSE bug 1240835 SUSE bug 1240866 SUSE bug 1240873 SUSE bug 1240934 SUSE bug 1240936 SUSE bug 1240937 SUSE bug 1240938 SUSE bug 1240940 SUSE bug 1240942 SUSE bug 1240943 SUSE bug 1240944 SUSE bug 1240966 SUSE bug 1240978 SUSE bug 1240979 SUSE bug 1241010 SUSE bug 1241038 SUSE bug 1241051 SUSE bug 1241123 SUSE bug 1241148 SUSE bug 1241151 SUSE bug 1241167 SUSE bug 1241175 SUSE bug 1241204 SUSE bug 1241250 SUSE bug 1241265 SUSE bug 1241266 SUSE bug 1241280 SUSE bug 1241282 SUSE bug 1241305 SUSE bug 1241332 SUSE bug 1241333 SUSE bug 1241340 SUSE bug 1241341 SUSE bug 1241343 SUSE bug 1241344 SUSE bug 1241347 SUSE bug 1241351 SUSE bug 1241357 SUSE bug 1241361 SUSE bug 1241369 SUSE bug 1241371 SUSE bug 1241373 SUSE bug 1241376 SUSE bug 1241378 SUSE bug 1241394 SUSE bug 1241402 SUSE bug 1241412 SUSE bug 1241413 SUSE bug 1241416 SUSE bug 1241424 SUSE bug 1241426 SUSE bug 1241433 SUSE bug 1241436 SUSE bug 1241441 SUSE bug 1241442 SUSE bug 1241443 SUSE bug 1241448 SUSE bug 1241451 SUSE bug 1241452 SUSE bug 1241456 SUSE bug 1241457 SUSE bug 1241458 SUSE bug 1241459 SUSE bug 1241492 SUSE bug 1241519 SUSE bug 1241525 SUSE bug 1241526 SUSE bug 1241528 SUSE bug 1241533 SUSE bug 1241537 SUSE bug 1241538 SUSE bug 1241541 SUSE bug 1241545 SUSE bug 1241547 SUSE bug 1241548 SUSE bug 1241550 SUSE bug 1241573 SUSE bug 1241574 SUSE bug 1241575 SUSE bug 1241576 SUSE bug 1241578 SUSE bug 1241590 SUSE bug 1241593 SUSE bug 1241595 SUSE bug 1241596 SUSE bug 1241597 SUSE bug 1241598 SUSE bug 1241599 SUSE bug 1241601 SUSE bug 1241625 SUSE bug 1241626 SUSE bug 1241627 SUSE bug 1241635 SUSE bug 1241638 SUSE bug 1241640 SUSE bug 1241644 SUSE bug 1241648 SUSE bug 1241654 SUSE bug 1241657 SUSE bug 1242006 SUSE bug 1242012 SUSE bug 1242035 SUSE bug 1242044 SUSE bug 1242172 SUSE bug 1242203 SUSE bug 1242283 SUSE bug 1242307 SUSE bug 1242313 SUSE bug 1242314 SUSE bug 1242315 SUSE bug 1242321 SUSE bug 1242326 SUSE bug 1242327 SUSE bug 1242328 SUSE bug 1242332 SUSE bug 1242333 SUSE bug 1242335 SUSE bug 1242336 SUSE bug 1242342 SUSE bug 1242343 SUSE bug 1242344 SUSE bug 1242345 SUSE bug 1242346 SUSE bug 1242347 SUSE bug 1242348 SUSE bug 1242414 SUSE bug 1242417 SUSE bug 1242501 SUSE bug 1242502 SUSE bug 1242506 SUSE bug 1242507 SUSE bug 1242509 SUSE bug 1242510 SUSE bug 1242512 SUSE bug 1242513 SUSE bug 1242514 SUSE bug 1242520 SUSE bug 1242523 SUSE bug 1242524 SUSE bug 1242526 SUSE bug 1242528 SUSE bug 1242529 SUSE bug 1242530 SUSE bug 1242531 SUSE bug 1242532 SUSE bug 1242534 SUSE bug 1242535 SUSE bug 1242536 SUSE bug 1242537 SUSE bug 1242538 SUSE bug 1242539 SUSE bug 1242540 SUSE bug 1242546 SUSE bug 1242556 SUSE bug 1242559 SUSE bug 1242563 SUSE bug 1242564 SUSE bug 1242565 SUSE bug 1242566 SUSE bug 1242567 SUSE bug 1242568 SUSE bug 1242569 SUSE bug 1242574 SUSE bug 1242575 SUSE bug 1242578 SUSE bug 1242584 SUSE bug 1242585 SUSE bug 1242587 SUSE bug 1242591 SUSE bug 1242596 SUSE bug 1242709 SUSE bug 1242710 SUSE bug 1242727 SUSE bug 1242758 SUSE bug 1242760 SUSE bug 1242761 SUSE bug 1242762 SUSE bug 1242763 SUSE bug 1242764 SUSE bug 1242766 SUSE bug 1242770 SUSE bug 1242778 SUSE bug 1242781 SUSE bug 1242782 SUSE bug 1242785 SUSE bug 1242786 SUSE bug 1242792 SUSE bug 1242831 SUSE bug 1242852 SUSE bug 1242854 SUSE bug 1242856 SUSE bug 1242859 SUSE bug 1242860 SUSE bug 1242861 SUSE bug 1242866 SUSE bug 1242867 SUSE bug 1242868 SUSE bug 1242871 SUSE bug 1242873 SUSE bug 1242875 SUSE bug 1242906 SUSE bug 1242908 SUSE bug 1242924 SUSE bug 1242930 SUSE bug 1242944 SUSE bug 1242945 SUSE bug 1242948 SUSE bug 1242949 SUSE bug 1242951 SUSE bug 1242953 SUSE bug 1242955 SUSE bug 1242957 SUSE bug 1242959 SUSE bug 1242961 SUSE bug 1242962 SUSE bug 1242973 SUSE bug 1242974 SUSE bug 1242977 SUSE bug 1242985 SUSE bug 1242990 SUSE bug 1242993 SUSE bug 1243000 SUSE bug 1243006 SUSE bug 1243011 SUSE bug 1243015 SUSE bug 1243044 SUSE bug 1243049 SUSE bug 1243056 SUSE bug 1243074 SUSE bug 1243076 SUSE bug 1243077 SUSE bug 1243082 SUSE bug 1243090 SUSE bug 1243330 SUSE bug 1243342 SUSE bug 1243456 SUSE bug 1243469 SUSE bug 1243470 SUSE bug 1243471 SUSE bug 1243472 SUSE bug 1243473 SUSE bug 1243476 SUSE bug 1243509 SUSE bug 1243511 SUSE bug 1243513 SUSE bug 1243515 SUSE bug 1243516 SUSE bug 1243517 SUSE bug 1243519 SUSE bug 1243522 SUSE bug 1243524 SUSE bug 1243528 SUSE bug 1243529 SUSE bug 1243530 SUSE bug 1243534 SUSE bug 1243536 SUSE bug 1243539 SUSE bug 1243540 SUSE bug 1243541 SUSE bug 1243543 SUSE bug 1243545 SUSE bug 1243547 SUSE bug 1243559 SUSE bug 1243560 SUSE bug 1243562 SUSE bug 1243567 SUSE bug 1243573 SUSE bug 1243574 SUSE bug 1243575 SUSE bug 1243589 SUSE bug 1243621 SUSE bug 1243624 SUSE bug 1243625 SUSE bug 1243626 SUSE bug 1243627 SUSE bug 1243649 SUSE bug 1243657 SUSE bug 1243658 SUSE bug 1243659 SUSE bug 1243660 SUSE bug 1243664 SUSE bug 1243737 SUSE bug 1243805 SUSE bug 1243963 CVE-2023-53034 at SUSE CVE-2023-53034 at NVD CVE-2023-53146 at SUSE CVE-2023-53146 at NVD CVE-2024-27018 at SUSE CVE-2024-27018 at NVD CVE-2024-27415 at SUSE CVE-2024-27415 at NVD CVE-2024-28956 at SUSE CVE-2024-28956 at NVD CVE-2024-35840 at SUSE CVE-2024-35840 at NVD CVE-2024-43869 at SUSE CVE-2024-43869 at NVD CVE-2024-46713 at SUSE CVE-2024-46713 at NVD CVE-2024-46763 at SUSE CVE-2024-46763 at NVD CVE-2024-46865 at SUSE CVE-2024-46865 at NVD CVE-2024-50038 at SUSE CVE-2024-50038 at NVD CVE-2024-50083 at SUSE CVE-2024-50083 at NVD CVE-2024-50106 at SUSE CVE-2024-50106 at NVD CVE-2024-50162 at SUSE CVE-2024-50162 at NVD CVE-2024-50163 at SUSE CVE-2024-50163 at NVD CVE-2024-50223 at SUSE CVE-2024-50223 at NVD CVE-2024-53124 at SUSE CVE-2024-53124 at NVD CVE-2024-53135 at SUSE CVE-2024-53135 at NVD CVE-2024-53139 at SUSE CVE-2024-53139 at NVD CVE-2024-54458 at SUSE CVE-2024-54458 at NVD CVE-2024-56641 at SUSE CVE-2024-56641 at NVD CVE-2024-56702 at SUSE CVE-2024-56702 at NVD CVE-2024-57924 at SUSE CVE-2024-57924 at NVD CVE-2024-57998 at SUSE CVE-2024-57998 at NVD CVE-2024-58001 at SUSE CVE-2024-58001 at NVD CVE-2024-58018 at SUSE CVE-2024-58018 at NVD CVE-2024-58068 at SUSE CVE-2024-58068 at NVD CVE-2024-58070 at SUSE CVE-2024-58070 at NVD CVE-2024-58071 at SUSE CVE-2024-58071 at NVD CVE-2024-58088 at SUSE CVE-2024-58088 at NVD CVE-2024-58093 at SUSE CVE-2024-58093 at NVD CVE-2024-58094 at SUSE CVE-2024-58094 at NVD CVE-2024-58095 at SUSE CVE-2024-58095 at NVD CVE-2024-58096 at SUSE CVE-2024-58096 at NVD CVE-2024-58097 at SUSE CVE-2024-58097 at NVD CVE-2024-58098 at SUSE CVE-2024-58098 at NVD CVE-2024-58099 at SUSE CVE-2024-58099 at NVD CVE-2024-58100 at SUSE CVE-2024-58100 at NVD CVE-2024-58237 at SUSE CVE-2024-58237 at NVD CVE-2025-21629 at SUSE CVE-2025-21629 at NVD CVE-2025-21648 at SUSE CVE-2025-21648 at NVD CVE-2025-21683 at SUSE CVE-2025-21683 at NVD CVE-2025-21696 at SUSE CVE-2025-21696 at NVD CVE-2025-21702 at SUSE CVE-2025-21702 at NVD CVE-2025-21707 at SUSE CVE-2025-21707 at NVD CVE-2025-21729 at SUSE CVE-2025-21729 at NVD CVE-2025-21755 at SUSE CVE-2025-21755 at NVD CVE-2025-21758 at SUSE CVE-2025-21758 at NVD CVE-2025-21768 at SUSE CVE-2025-21768 at NVD CVE-2025-21787 at SUSE CVE-2025-21787 at NVD CVE-2025-21792 at SUSE CVE-2025-21792 at NVD CVE-2025-21806 at SUSE CVE-2025-21806 at NVD CVE-2025-21808 at SUSE CVE-2025-21808 at NVD CVE-2025-21812 at SUSE CVE-2025-21812 at NVD CVE-2025-21814 at SUSE CVE-2025-21814 at NVD CVE-2025-21833 at SUSE CVE-2025-21833 at NVD CVE-2025-21836 at SUSE CVE-2025-21836 at NVD CVE-2025-21852 at SUSE CVE-2025-21852 at NVD CVE-2025-21853 at SUSE CVE-2025-21853 at NVD CVE-2025-21854 at SUSE CVE-2025-21854 at NVD CVE-2025-21863 at SUSE CVE-2025-21863 at NVD CVE-2025-21867 at SUSE CVE-2025-21867 at NVD CVE-2025-21873 at SUSE CVE-2025-21873 at NVD CVE-2025-21875 at SUSE CVE-2025-21875 at NVD CVE-2025-21881 at SUSE CVE-2025-21881 at NVD CVE-2025-21884 at SUSE CVE-2025-21884 at NVD CVE-2025-21887 at SUSE CVE-2025-21887 at NVD CVE-2025-21889 at SUSE CVE-2025-21889 at NVD CVE-2025-21894 at SUSE CVE-2025-21894 at NVD CVE-2025-21895 at SUSE CVE-2025-21895 at NVD CVE-2025-21904 at SUSE CVE-2025-21904 at NVD CVE-2025-21905 at SUSE CVE-2025-21905 at NVD CVE-2025-21906 at SUSE CVE-2025-21906 at NVD CVE-2025-21908 at SUSE CVE-2025-21908 at NVD CVE-2025-21909 at SUSE CVE-2025-21909 at NVD CVE-2025-21910 at SUSE CVE-2025-21910 at NVD CVE-2025-21912 at SUSE CVE-2025-21912 at NVD CVE-2025-21913 at SUSE CVE-2025-21913 at NVD CVE-2025-21914 at SUSE CVE-2025-21914 at NVD CVE-2025-21915 at SUSE CVE-2025-21915 at NVD CVE-2025-21916 at SUSE CVE-2025-21916 at NVD CVE-2025-21917 at SUSE CVE-2025-21917 at NVD CVE-2025-21918 at SUSE CVE-2025-21918 at NVD CVE-2025-21919 at SUSE CVE-2025-21919 at NVD CVE-2025-21922 at SUSE CVE-2025-21922 at NVD CVE-2025-21923 at SUSE CVE-2025-21923 at NVD CVE-2025-21924 at SUSE CVE-2025-21924 at NVD CVE-2025-21925 at SUSE CVE-2025-21925 at NVD CVE-2025-21926 at SUSE CVE-2025-21926 at NVD CVE-2025-21927 at SUSE CVE-2025-21927 at NVD CVE-2025-21928 at SUSE CVE-2025-21928 at NVD CVE-2025-21930 at SUSE CVE-2025-21930 at NVD CVE-2025-21931 at SUSE CVE-2025-21931 at NVD CVE-2025-21934 at SUSE CVE-2025-21934 at NVD CVE-2025-21935 at SUSE CVE-2025-21935 at NVD CVE-2025-21936 at SUSE CVE-2025-21936 at NVD CVE-2025-21937 at SUSE CVE-2025-21937 at NVD CVE-2025-21941 at SUSE CVE-2025-21941 at NVD CVE-2025-21943 at SUSE CVE-2025-21943 at NVD CVE-2025-21948 at SUSE CVE-2025-21948 at NVD CVE-2025-21950 at SUSE CVE-2025-21950 at NVD CVE-2025-21951 at SUSE CVE-2025-21951 at NVD CVE-2025-21953 at SUSE CVE-2025-21953 at NVD CVE-2025-21956 at SUSE CVE-2025-21956 at NVD CVE-2025-21957 at SUSE CVE-2025-21957 at NVD CVE-2025-21960 at SUSE CVE-2025-21960 at NVD CVE-2025-21961 at SUSE CVE-2025-21961 at NVD CVE-2025-21962 at SUSE CVE-2025-21962 at NVD CVE-2025-21963 at SUSE CVE-2025-21963 at NVD CVE-2025-21964 at SUSE CVE-2025-21964 at NVD CVE-2025-21966 at SUSE CVE-2025-21966 at NVD CVE-2025-21968 at SUSE CVE-2025-21968 at NVD CVE-2025-21969 at SUSE CVE-2025-21969 at NVD CVE-2025-21970 at SUSE CVE-2025-21970 at NVD CVE-2025-21971 at SUSE CVE-2025-21971 at NVD CVE-2025-21972 at SUSE CVE-2025-21972 at NVD CVE-2025-21975 at SUSE CVE-2025-21975 at NVD CVE-2025-21978 at SUSE CVE-2025-21978 at NVD CVE-2025-21979 at SUSE CVE-2025-21979 at NVD CVE-2025-21980 at SUSE CVE-2025-21980 at NVD CVE-2025-21981 at SUSE CVE-2025-21981 at NVD CVE-2025-21985 at SUSE CVE-2025-21985 at NVD CVE-2025-21991 at SUSE CVE-2025-21991 at NVD CVE-2025-21992 at SUSE CVE-2025-21992 at NVD CVE-2025-21993 at SUSE CVE-2025-21993 at NVD CVE-2025-21995 at SUSE CVE-2025-21995 at NVD CVE-2025-21996 at SUSE CVE-2025-21996 at NVD CVE-2025-21999 at SUSE CVE-2025-21999 at NVD CVE-2025-22001 at SUSE CVE-2025-22001 at NVD CVE-2025-22003 at SUSE CVE-2025-22003 at NVD CVE-2025-22004 at SUSE CVE-2025-22004 at NVD CVE-2025-22005 at SUSE CVE-2025-22005 at NVD CVE-2025-22007 at SUSE CVE-2025-22007 at NVD CVE-2025-22008 at SUSE CVE-2025-22008 at NVD CVE-2025-22009 at SUSE CVE-2025-22009 at NVD CVE-2025-22010 at SUSE CVE-2025-22010 at NVD CVE-2025-22013 at SUSE CVE-2025-22013 at NVD CVE-2025-22014 at SUSE CVE-2025-22014 at NVD CVE-2025-22015 at SUSE CVE-2025-22015 at NVD CVE-2025-22016 at SUSE CVE-2025-22016 at NVD CVE-2025-22017 at SUSE CVE-2025-22017 at NVD CVE-2025-22018 at SUSE CVE-2025-22018 at NVD CVE-2025-22020 at SUSE CVE-2025-22020 at NVD CVE-2025-22021 at SUSE CVE-2025-22021 at NVD CVE-2025-22025 at SUSE CVE-2025-22025 at NVD CVE-2025-22027 at SUSE CVE-2025-22027 at NVD CVE-2025-22029 at SUSE CVE-2025-22029 at NVD CVE-2025-22030 at SUSE CVE-2025-22030 at NVD CVE-2025-22033 at SUSE CVE-2025-22033 at NVD CVE-2025-22036 at SUSE CVE-2025-22036 at NVD CVE-2025-22044 at SUSE CVE-2025-22044 at NVD CVE-2025-22045 at SUSE CVE-2025-22045 at NVD CVE-2025-22050 at SUSE CVE-2025-22050 at NVD CVE-2025-22053 at SUSE CVE-2025-22053 at NVD CVE-2025-22055 at SUSE CVE-2025-22055 at NVD CVE-2025-22056 at SUSE CVE-2025-22056 at NVD CVE-2025-22057 at SUSE CVE-2025-22057 at NVD CVE-2025-22058 at SUSE CVE-2025-22058 at NVD CVE-2025-22060 at SUSE CVE-2025-22060 at NVD CVE-2025-22062 at SUSE CVE-2025-22062 at NVD CVE-2025-22063 at SUSE CVE-2025-22063 at NVD CVE-2025-22064 at SUSE CVE-2025-22064 at NVD CVE-2025-22065 at SUSE CVE-2025-22065 at NVD CVE-2025-22066 at SUSE CVE-2025-22066 at NVD CVE-2025-22070 at SUSE CVE-2025-22070 at NVD CVE-2025-22075 at SUSE CVE-2025-22075 at NVD CVE-2025-22080 at SUSE CVE-2025-22080 at NVD CVE-2025-22086 at SUSE CVE-2025-22086 at NVD CVE-2025-22088 at SUSE CVE-2025-22088 at NVD CVE-2025-22089 at SUSE CVE-2025-22089 at NVD CVE-2025-22090 at SUSE CVE-2025-22090 at NVD CVE-2025-22093 at SUSE CVE-2025-22093 at NVD CVE-2025-22095 at SUSE CVE-2025-22095 at NVD CVE-2025-22097 at SUSE CVE-2025-22097 at NVD CVE-2025-22102 at SUSE CVE-2025-22102 at NVD CVE-2025-22103 at SUSE CVE-2025-22103 at NVD CVE-2025-22104 at SUSE CVE-2025-22104 at NVD CVE-2025-22105 at SUSE CVE-2025-22105 at NVD CVE-2025-22106 at SUSE CVE-2025-22106 at NVD CVE-2025-22107 at SUSE CVE-2025-22107 at NVD CVE-2025-22108 at SUSE CVE-2025-22108 at NVD CVE-2025-22109 at SUSE CVE-2025-22109 at NVD CVE-2025-22115 at SUSE CVE-2025-22115 at NVD CVE-2025-22116 at SUSE CVE-2025-22116 at NVD CVE-2025-22119 at SUSE CVE-2025-22119 at NVD CVE-2025-22121 at SUSE CVE-2025-22121 at NVD CVE-2025-22124 at SUSE CVE-2025-22124 at NVD CVE-2025-22125 at SUSE CVE-2025-22125 at NVD CVE-2025-22126 at SUSE CVE-2025-22126 at NVD CVE-2025-22128 at SUSE CVE-2025-22128 at NVD CVE-2025-2312 at SUSE CVE-2025-2312 at NVD CVE-2025-23129 at SUSE CVE-2025-23129 at NVD CVE-2025-23131 at SUSE CVE-2025-23131 at NVD CVE-2025-23133 at SUSE CVE-2025-23133 at NVD CVE-2025-23136 at SUSE CVE-2025-23136 at NVD CVE-2025-23138 at SUSE CVE-2025-23138 at NVD CVE-2025-23140 at SUSE CVE-2025-23140 at NVD CVE-2025-23141 at SUSE CVE-2025-23141 at NVD CVE-2025-23142 at SUSE CVE-2025-23142 at NVD CVE-2025-23144 at SUSE CVE-2025-23144 at NVD CVE-2025-23145 at SUSE CVE-2025-23145 at NVD CVE-2025-23146 at SUSE CVE-2025-23146 at NVD CVE-2025-23147 at SUSE CVE-2025-23147 at NVD CVE-2025-23148 at SUSE CVE-2025-23148 at NVD CVE-2025-23149 at SUSE CVE-2025-23149 at NVD CVE-2025-23150 at SUSE CVE-2025-23150 at NVD CVE-2025-23151 at SUSE CVE-2025-23151 at NVD CVE-2025-23156 at SUSE CVE-2025-23156 at NVD CVE-2025-23157 at SUSE CVE-2025-23157 at NVD CVE-2025-23158 at SUSE CVE-2025-23158 at NVD CVE-2025-23159 at SUSE CVE-2025-23159 at NVD CVE-2025-23160 at SUSE CVE-2025-23160 at NVD CVE-2025-23161 at SUSE CVE-2025-23161 at NVD CVE-2025-37740 at SUSE CVE-2025-37740 at NVD CVE-2025-37741 at SUSE CVE-2025-37741 at NVD CVE-2025-37742 at SUSE CVE-2025-37742 at NVD CVE-2025-37747 at SUSE CVE-2025-37747 at NVD CVE-2025-37748 at SUSE CVE-2025-37748 at NVD CVE-2025-37749 at SUSE CVE-2025-37749 at NVD CVE-2025-37750 at SUSE CVE-2025-37750 at NVD CVE-2025-37754 at SUSE CVE-2025-37754 at NVD CVE-2025-37755 at SUSE CVE-2025-37755 at NVD CVE-2025-37758 at SUSE CVE-2025-37758 at NVD CVE-2025-37765 at SUSE CVE-2025-37765 at NVD CVE-2025-37766 at SUSE CVE-2025-37766 at NVD CVE-2025-37767 at SUSE CVE-2025-37767 at NVD CVE-2025-37768 at SUSE CVE-2025-37768 at NVD CVE-2025-37769 at SUSE CVE-2025-37769 at NVD CVE-2025-37770 at SUSE CVE-2025-37770 at NVD CVE-2025-37771 at SUSE CVE-2025-37771 at NVD CVE-2025-37772 at SUSE CVE-2025-37772 at NVD CVE-2025-37773 at SUSE CVE-2025-37773 at NVD CVE-2025-37780 at SUSE CVE-2025-37780 at NVD CVE-2025-37781 at SUSE CVE-2025-37781 at NVD CVE-2025-37782 at SUSE CVE-2025-37782 at NVD CVE-2025-37785 at SUSE CVE-2025-37785 at NVD CVE-2025-37787 at SUSE CVE-2025-37787 at NVD CVE-2025-37788 at SUSE CVE-2025-37788 at NVD CVE-2025-37789 at SUSE CVE-2025-37789 at NVD CVE-2025-37790 at SUSE CVE-2025-37790 at NVD CVE-2025-37792 at SUSE CVE-2025-37792 at NVD CVE-2025-37793 at SUSE CVE-2025-37793 at NVD CVE-2025-37794 at SUSE CVE-2025-37794 at NVD CVE-2025-37796 at SUSE CVE-2025-37796 at NVD CVE-2025-37797 at SUSE CVE-2025-37797 at NVD CVE-2025-37798 at SUSE CVE-2025-37798 at NVD CVE-2025-37799 at SUSE CVE-2025-37799 at NVD CVE-2025-37803 at SUSE CVE-2025-37803 at NVD CVE-2025-37804 at SUSE CVE-2025-37804 at NVD CVE-2025-37805 at SUSE CVE-2025-37805 at NVD CVE-2025-37809 at SUSE CVE-2025-37809 at NVD CVE-2025-37810 at SUSE CVE-2025-37810 at NVD CVE-2025-37812 at SUSE CVE-2025-37812 at NVD CVE-2025-37815 at SUSE CVE-2025-37815 at NVD CVE-2025-37819 at SUSE CVE-2025-37819 at NVD CVE-2025-37820 at SUSE CVE-2025-37820 at NVD CVE-2025-37823 at SUSE CVE-2025-37823 at NVD CVE-2025-37824 at SUSE CVE-2025-37824 at NVD CVE-2025-37829 at SUSE CVE-2025-37829 at NVD CVE-2025-37830 at SUSE CVE-2025-37830 at NVD CVE-2025-37831 at SUSE CVE-2025-37831 at NVD CVE-2025-37833 at SUSE CVE-2025-37833 at NVD CVE-2025-37836 at SUSE CVE-2025-37836 at NVD CVE-2025-37839 at SUSE CVE-2025-37839 at NVD CVE-2025-37840 at SUSE CVE-2025-37840 at NVD CVE-2025-37841 at SUSE CVE-2025-37841 at NVD CVE-2025-37842 at SUSE CVE-2025-37842 at NVD CVE-2025-37849 at SUSE CVE-2025-37849 at NVD CVE-2025-37850 at SUSE CVE-2025-37850 at NVD CVE-2025-37851 at SUSE CVE-2025-37851 at NVD CVE-2025-37852 at SUSE CVE-2025-37852 at NVD CVE-2025-37853 at SUSE CVE-2025-37853 at NVD CVE-2025-37854 at SUSE CVE-2025-37854 at NVD CVE-2025-37858 at SUSE CVE-2025-37858 at NVD CVE-2025-37860 at SUSE CVE-2025-37860 at NVD CVE-2025-37867 at SUSE CVE-2025-37867 at NVD CVE-2025-37870 at SUSE CVE-2025-37870 at NVD CVE-2025-37871 at SUSE CVE-2025-37871 at NVD CVE-2025-37873 at SUSE CVE-2025-37873 at NVD CVE-2025-37875 at SUSE CVE-2025-37875 at NVD CVE-2025-37879 at SUSE CVE-2025-37879 at NVD CVE-2025-37881 at SUSE CVE-2025-37881 at NVD CVE-2025-37886 at SUSE CVE-2025-37886 at NVD CVE-2025-37887 at SUSE CVE-2025-37887 at NVD CVE-2025-37889 at SUSE CVE-2025-37889 at NVD CVE-2025-37890 at SUSE CVE-2025-37890 at NVD CVE-2025-37891 at SUSE CVE-2025-37891 at NVD CVE-2025-37892 at SUSE CVE-2025-37892 at NVD CVE-2025-37897 at SUSE CVE-2025-37897 at NVD CVE-2025-37900 at SUSE CVE-2025-37900 at NVD CVE-2025-37901 at SUSE CVE-2025-37901 at NVD CVE-2025-37903 at SUSE CVE-2025-37903 at NVD CVE-2025-37905 at SUSE CVE-2025-37905 at NVD CVE-2025-37911 at SUSE CVE-2025-37911 at NVD CVE-2025-37912 at SUSE CVE-2025-37912 at NVD CVE-2025-37913 at SUSE CVE-2025-37913 at NVD CVE-2025-37914 at SUSE CVE-2025-37914 at NVD CVE-2025-37915 at SUSE CVE-2025-37915 at NVD CVE-2025-37918 at SUSE CVE-2025-37918 at NVD CVE-2025-37925 at SUSE CVE-2025-37925 at NVD CVE-2025-37928 at SUSE CVE-2025-37928 at NVD CVE-2025-37929 at SUSE CVE-2025-37929 at NVD CVE-2025-37930 at SUSE CVE-2025-37930 at NVD CVE-2025-37931 at SUSE CVE-2025-37931 at NVD CVE-2025-37932 at SUSE CVE-2025-37932 at NVD CVE-2025-37937 at SUSE CVE-2025-37937 at NVD CVE-2025-37943 at SUSE CVE-2025-37943 at NVD CVE-2025-37944 at SUSE CVE-2025-37944 at NVD CVE-2025-37948 at SUSE CVE-2025-37948 at NVD CVE-2025-37949 at SUSE CVE-2025-37949 at NVD CVE-2025-37951 at SUSE CVE-2025-37951 at NVD CVE-2025-37953 at SUSE CVE-2025-37953 at NVD CVE-2025-37954 at SUSE CVE-2025-37954 at NVD CVE-2025-37957 at SUSE CVE-2025-37957 at NVD CVE-2025-37958 at SUSE CVE-2025-37958 at NVD CVE-2025-37959 at SUSE CVE-2025-37959 at NVD CVE-2025-37960 at SUSE CVE-2025-37960 at NVD CVE-2025-37963 at SUSE CVE-2025-37963 at NVD CVE-2025-37969 at SUSE CVE-2025-37969 at NVD CVE-2025-37970 at SUSE CVE-2025-37970 at NVD CVE-2025-37972 at SUSE CVE-2025-37972 at NVD CVE-2025-37974 at SUSE CVE-2025-37974 at NVD CVE-2025-37978 at SUSE CVE-2025-37978 at NVD CVE-2025-37979 at SUSE CVE-2025-37979 at NVD CVE-2025-37980 at SUSE CVE-2025-37980 at NVD CVE-2025-37982 at SUSE CVE-2025-37982 at NVD CVE-2025-37983 at SUSE CVE-2025-37983 at NVD CVE-2025-37985 at SUSE CVE-2025-37985 at NVD CVE-2025-37986 at SUSE CVE-2025-37986 at NVD CVE-2025-37989 at SUSE CVE-2025-37989 at NVD CVE-2025-37990 at SUSE CVE-2025-37990 at NVD CVE-2025-38104 at SUSE CVE-2025-38104 at NVD CVE-2025-38152 at SUSE CVE-2025-38152 at NVD CVE-2025-38240 at SUSE CVE-2025-38240 at NVD CVE-2025-38637 at SUSE CVE-2025-38637 at NVD CVE-2025-39728 at SUSE CVE-2025-39728 at NVD CVE-2025-39735 at SUSE CVE-2025-39735 at NVD CVE-2025-40014 at SUSE CVE-2025-40014 at NVD CVE-2025-40325 at SUSE CVE-2025-40325 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching (bsc#1242006). - CVE-2024-46713: kabi fix for perf/aux: Fix AUX buffer serialization (bsc#1230581). - CVE-2024-50223: sched/numa: Fix the potential null pointer dereference in (bsc#1233192). - CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154). - CVE-2024-54458: scsi: ufs: bsg: Set bsg_queue to NULL after removal (bsc#1238992). - CVE-2025-21648: netfilter: conntrack: clamp maximum hashtable size to INT_MAX (bsc#1236142). - CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312). - CVE-2025-21787: team: better TEAM_OPTION_TYPE_STRING validation (bsc#1238774). - CVE-2025-21814: ptp: Ensure info->enable callback is always set (bsc#1238473). - CVE-2025-21919: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list (bsc#1240593). - CVE-2025-22021: netfilter: socket: Lookup orig tuple for IPv6 SNAT (bsc#1241282). - CVE-2025-22030: mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() (bsc#1241376). - CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525). - CVE-2025-22057: net: decrease cached dst counters in dst_release (bsc#1241533). - CVE-2025-22063: netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (bsc#1241351). - CVE-2025-22070: fs/9p: fix NULL pointer dereference on mkdir (bsc#1241305). - CVE-2025-22103: net: fix NULL pointer dereference in l3mdev_l3_rcv (bsc#1241448). - CVE-2025-23140: misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error (bsc#1242763). - CVE-2025-23150: ext4: fix off-by-one error in do_split (bsc#1242513). - CVE-2025-23160: media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization (bsc#1242507). - CVE-2025-37748: iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group (bsc#1242523). - CVE-2025-37749: net: ppp: Add bound checking for skb data on ppp_sync_txmung (bsc#1242859). - CVE-2025-37750: smb: client: fix UAF in decryption with multichannel (bsc#1242510). - CVE-2025-37755: net: libwx: handle page_pool_dev_alloc_pages error (bsc#1242506). - CVE-2025-37773: virtiofs: add filesystem context source name check (bsc#1242502). - CVE-2025-37780: isofs: Prevent the use of too small fid (bsc#1242786). - CVE-2025-37787: net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered (bsc#1242585). - CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762). - CVE-2025-37790: net: mctp: Set SOCK_RCU_FREE (bsc#1242509). - CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417). - CVE-2025-37803: udmabuf: fix a buf size overflow issue during udmabuf creation (bsc#1242852). - CVE-2025-37804: io_uring: always do atomic put from iowq (bsc#1242854). - CVE-2025-37809: usb: typec: class: Unlocked on error in typec_register_partner() (bsc#1242856). - CVE-2025-37820: xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() (bsc#1242866). - CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924). - CVE-2025-37824: tipc: fix NULL pointer dereference in tipc_mon_reinit_self() (bsc#1242867). - CVE-2025-37829: cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() (bsc#1242875). - CVE-2025-37830: cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() (bsc#1242860). - CVE-2025-37831: cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() (bsc#1242861). - CVE-2025-37833: net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads (bsc#1242868). - CVE-2025-37842: spi: fsl-qspi: Fix double cleanup in probe error path (bsc#1242951). - CVE-2025-37870: drm/amd/display: prevent hang on link training fail (bsc#1243056). - CVE-2025-37879: 9p/net: fix improper handling of bogus negative read/write replies (bsc#1243077). - CVE-2025-37886: pds_core: make wait_context part of q_info (bsc#1242944). - CVE-2025-37887: pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result (bsc#1242962). - CVE-2025-37949: xenbus: Use kref to track req lifetime (bsc#1243541). - CVE-2025-37954: smb: client: Avoid race in open_cached_dir with lease breaks (bsc#1243664). - CVE-2025-37957: KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception (bsc#1243513). - CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539). - CVE-2025-37960: memblock: Accept allocated memory before use in memblock_double_array() (bsc#1243519). - CVE-2025-37974: s390/pci: Fix missing check for zpci_create_device() error return (bsc#1243547). - CVE-2025-38152: remoteproc: core: Clear table_sz when rproc_shutdown (bsc#1241627). - CVE-2025-38637: net_sched: skbprio: Remove overly strict queue assertions (bsc#1241657). The following non-security bugs were fixed: - ACPI: PPTT: Fix processor subtable walk (git-fixes). - ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() (git-fixes). - ALSA: seq: Fix delivery of UMP events to group ports (git-fixes). - ALSA: sh: SND_AICA should depend on SH_DMA_API (git-fixes). - ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info (git-fixes). - ALSA: usb-audio: Add sample rate quirk for Audioengine D1 (git-fixes). - ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera (stable-fixes). - ASoC: SOF: ipc4-control: Use SOF_CTRL_CMD_BINARY as numid for bytes_ext (git-fixes). - ASoC: SOF: ipc4-pcm: Delay reporting is only supported for playback direction (git-fixes). - ASoc: SOF: topology: connect DAI to a single DAI link (git-fixes). - Bluetooth: L2CAP: Fix not checking l2cap_chan security level (git-fixes). - Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags (git-fixes). - Bluetooth: btusb: use skb_pull to avoid unsafe access in QCA dump handling (git-fixes). - Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges (git-fixes). - Fix write to cloned skb in ipv6_hop_ioam() (git-fixes). - HID: thrustmaster: fix memory leak in thrustmaster_interrupts() (git-fixes). - HID: uclogic: Add NULL check in uclogic_input_configured() (git-fixes). - IB/cm: use rwlock for MAD agent lock (git-fixes) - Input: synaptics - enable InterTouch on Dell Precision M3800 (stable-fixes). - Input: synaptics - enable InterTouch on Dynabook Portege X30-D (stable-fixes). - Input: synaptics - enable InterTouch on Dynabook Portege X30L-G (stable-fixes). - Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 (stable-fixes). - Input: synaptics - enable SMBus for HP Elitebook 850 G1 (stable-fixes). - Input: synaptics-rmi - fix crash with unsupported versions of F34 (git-fixes). - Input: xpad - add support for 8BitDo Ultimate 2 Wireless Controller (stable-fixes). - Input: xpad - fix Share button on Xbox One controllers (stable-fixes). - KVM: SVM: Allocate IR data using atomic allocation (git-fixes). - KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value (git-fixes). - KVM: SVM: Suppress DEBUGCTL.BTF on AMD (git-fixes). - KVM: SVM: Update dump_ghcb() to use the GHCB snapshot fields (git-fixes). - KVM: VMX: Do not modify guest XFD_ERR if CR0.TS=1 (git-fixes). - KVM: arm64: Change kvm_handle_mmio_return() return polarity (git-fixes). - KVM: arm64: Fix RAS trapping in pKVM for protected VMs (git-fixes). - KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status (git-fixes). - KVM: arm64: Mark some header functions as inline (git-fixes). - KVM: arm64: Tear down vGIC on failed vCPU creation (git-fixes). - KVM: arm64: timer: Always evaluate the need for a soft timer (git-fixes). - KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* (git-fixes). - KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device (git-fixes). - KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE (git-fixes). - KVM: arm64: vgic-v4: Fall back to software irqbypass if LPI not found (git-fixes). - KVM: arm64: vgic-v4: Only attempt vLPI mapping for actual MSIs (git-fixes). - KVM: nSVM: Pass next RIP, not current RIP, for nested VM-Exit on emulation (git-fixes). - KVM: nVMX: Allow emulating RDPID on behalf of L2 (git-fixes). - KVM: nVMX: Check PAUSE_EXITING, not BUS_LOCK_DETECTION, on PAUSE emulation (git-fixes). - KVM: s390: Do not use %pK through debug printing (git-fixes bsc#1243657). - KVM: s390: Do not use %pK through tracepoints (git-fixes bsc#1243658). - KVM: x86/xen: Use guest's copy of pvclock when starting timer (git-fixes). - KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (git-fixes). - KVM: x86: Do not take kvm->lock when iterating over vCPUs in suspend notifier (git-fixes). - KVM: x86: Explicitly treat routing entry type changes as changes (git-fixes). - KVM: x86: Explicitly zero EAX and EBX when PERFMON_V2 isn't supported by KVM (git-fixes). - KVM: x86: Explicitly zero-initialize on-stack CPUID unions (git-fixes). - KVM: x86: Make x2APIC ID 100% readonly (git-fixes). - KVM: x86: Reject disabling of MWAIT/HLT interception when not allowed (git-fixes). - KVM: x86: Remove the unreachable case for 0x80000022 leaf in __do_cpuid_func() (git-fixes). - KVM: x86: Wake vCPU for PIC interrupt injection iff a valid IRQ was found (git-fixes). - NFS: O_DIRECT writes must check and adjust the file length (git-fixes). - NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up (git-fixes). - NFSv4/pnfs: Reset the layout state after a layoutreturn (git-fixes). - NFSv4: Do not trigger uneccessary scans for return-on-close delegations (git-fixes). - RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work (git-fixes) - RDMA/core: Fix 'KASAN: slab-use-after-free Read in ib_register_device' problem (git-fixes) - RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h (git-fixes) - RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (git-fixes) - RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction (git-fixes) - RDMA/rxe: Fix 'trying to register non-static key in rxe_qp_do_cleanup' bug (git-fixes) - RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (git-fixes) - cBPF: Refresh fixes for cBPF issue (bsc#1242778) - Squashfs: check return result of sb_min_blocksize (git-fixes). - Update patches.suse/nvme-fixup-scan-failure-for-non-ANA-multipath-contro.patch (git-fixes bsc#1235149). - Update patches.suse/nvme-re-read-ANA-log-page-after-ns-scan-completes.patch (git-fixes bsc#1235149). - Xen/swiotlb: mark xen_swiotlb_fixup() __init (git-fixes). - add bug reference for an existing hv_netvsc change (bsc#1243737). - afs: Fix the server_list to unuse a displaced server rather than putting it (git-fixes). - afs: Make it possible to find the volumes that are using a server (git-fixes). - arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (git-fixes) - arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (git-fixes) - arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD (git-fixes) - arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2 (git-fixes) - arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays (git-fixes) - arm64: insn: Add support for encoding DSB (git-fixes) - arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (git-fixes) - arm64: proton-pack: Expose whether the branchy loop k value (git-fixes) - arm64: proton-pack: Expose whether the platform is mitigated by (git-fixes) - arp: switch to dev_getbyhwaddr() in arp_req_set_public() (git-fixes). - bnxt_en: Add missing skb_mark_for_recycle() in bnxt_rx_vlan() (git-fixes). - bnxt_en: Fix coredump logic to free allocated buffer (git-fixes). - bnxt_en: Fix ethtool -d byte order for 32-bit values (git-fixes). - bnxt_en: Fix out-of-bound memcpy() during ethtool -w (git-fixes). - bpf: Fix mismatched RCU unlock flavour in bpf_out_neigh_v6 (git-fixes). - bpf: Scrub packet on bpf_redirect_peer (git-fixes). - btrfs: adjust subpage bit start based on sectorsize (bsc#1241492). - btrfs: avoid NULL pointer dereference if no valid csum tree (bsc#1243342). - btrfs: avoid NULL pointer dereference if no valid extent tree (bsc#1236208). - btrfs: avoid monopolizing a core when activating a swap file (git-fixes). - btrfs: do not loop for nowait writes when checking for cross references (git-fixes). - btrfs: fix a leaked chunk map issue in read_one_chunk() (git-fixes). - btrfs: fix discard worker infinite loop after disabling discard (bsc#1242012). - btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers (git-fixes). - can: bcm: add locking for bcm_op runtime updates (git-fixes). - can: bcm: add missing rcu read protection for procfs content (git-fixes). - can: slcan: allow reception of short error messages (git-fixes). - cifs: change tcon status when need_reconnect is set on it (git-fixes). - cifs: reduce warning log level for server not advertising interfaces (git-fixes). - crypto: algif_hash - fix double free in hash_accept (git-fixes). - devlink: fix port new reply cmd type (git-fixes). - dm-integrity: fix a warning on invalid table line (git-fixes). - dma-buf: insert memory barrier before updating num_fences (git-fixes). - dmaengine: Revert 'dmaengine: dmatest: Fix dmatest waiting less when interrupted' (git-fixes). - dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals (git-fixes). - dmaengine: idxd: Add missing cleanups in cleanup internals (git-fixes). - dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call (git-fixes). - dmaengine: idxd: Fix ->poll() return value (git-fixes). - dmaengine: idxd: Fix allowing write() from different address spaces (git-fixes). - dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_alloc (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs (git-fixes). - dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status() (git-fixes). - dmaengine: mediatek: drop unused variable (git-fixes). - dmaengine: ti: k3-udma: Add missing locking (git-fixes). - dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy (git-fixes). - drm/amd/display: Avoid flooding unnecessary info messages (git-fixes). - drm/amd/display: Correct the reply value when AUX write incomplete (git-fixes). - drm/amd/display: Fix the checking condition in dmub aux handling (stable-fixes). - drm/amd/display: more liberal vmin/vmax update for freesync (stable-fixes). - drm/amd: Add Suspend/Hibernate notification callback support (stable-fixes). - drm/amdgpu: Queue KFD reset workitem in VF FED (stable-fixes). - drm/amdgpu: fix pm notifier handling (git-fixes). - drm/amdgpu: trigger flr_work if reading pf2vf data failed (stable-fixes). - drm/edid: fixed the bug that hdr metadata was not reset (git-fixes). - drm/v3d: Add job to pending list if the reset was skipped (stable-fixes). - exfat: fix potential wrong error return from get_block (git-fixes). - hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (git-fixes). - hv_netvsc: Remove rmsg_pgcnt (git-fixes). - hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages (git-fixes). - i2c: designware: Fix an error handling path in i2c_dw_pci_probe() (git-fixes). - ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() (git-fixes). - idpf: fix offloads support for encapsulated packets (git-fixes). - idpf: fix potential memory leak on kcalloc() failure (git-fixes). - idpf: protect shutdown from reset (git-fixes). - igc: fix lock order in igc_ptp_reset (git-fixes). - inetpeer: remove create argument of inet_getpeer_v() (git-fixes). - inetpeer: update inetpeer timestamp in inet_getpeer() (git-fixes). - ipv4/route: avoid unused-but-set-variable warning (git-fixes). - ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR) (git-fixes). - ipv4: Convert icmp_route_lookup() to dscp_t (git-fixes). - ipv4: Fix incorrect source address in Record Route option (git-fixes). - ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family (git-fixes). - ipv4: fix source address selection with route leak (git-fixes). - ipv4: give an IPv4 dev to blackhole_netdev (git-fixes). - ipv4: icmp: Pass full DS field to ip_route_input() (git-fixes). - ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() (git-fixes). - ipv4: ip_gre: Fix drops of small packets in ipgre_xmit (git-fixes). - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_md_tunnel_xmit() (git-fixes). - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev() (git-fixes). - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_xmit() (git-fixes). - ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid (git-fixes). - ipv4: raw: Fix sending packets from raw sockets via IPsec tunnels (git-fixes). - ipv6: Align behavior across nexthops during path selection (git-fixes). - ipv6: Do not consider link down nexthops in path selection (git-fixes). - ipv6: Start path selection from the first nexthop (git-fixes). - ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS (git-fixes). - jiffies: Cast to unsigned long in secs_to_jiffies() conversion (bsc#1242993). - jiffies: Define secs_to_jiffies() (bsc#1242993). - kernel-obs-qa: Use srchash for dependency as well - loop: Add sanity check for read/write_iter (git-fixes). - loop: aio inherit the ioprio of original request (git-fixes). - loop: do not require ->write_iter for writable files in loop_configure (git-fixes). - md/raid1,raid10: do not ignore IO flags (git-fixes). - md/raid10: fix missing discard IO accounting (git-fixes). - md/raid10: wait barrier before returning discard request with REQ_NOWAIT (git-fixes). - md/raid1: Add check for missing source disk in process_checks() (git-fixes). - md/raid1: fix memory leak in raid1_run() if no active rdev (git-fixes). - md/raid5: implement pers->bitmap_sector() (git-fixes). - md: add a new callback pers->bitmap_sector() (git-fixes). - md: ensure resync is prioritized over recovery (git-fixes). - md: fix mddev uaf while iterating all_mddevs list (git-fixes). - md: preserve KABI in struct md_personality v2 (git-fixes). - media: videobuf2: Add missing doc comment for waiting_in_dqbuf (git-fixes). - mtd: phram: Add the kernel lock down check (bsc#1232649). - neighbour: delete redundant judgment statements (git-fixes). - net/handshake: Fix handshake_req_destroy_test1 (git-fixes). - net/handshake: Fix memory leak in __sock_create() and sock_alloc_file() (git-fixes). - net/ipv6: Fix route deleting failure when metric equals 0 (git-fixes). - net/ipv6: Fix the RT cache flush via sysctl using a previous delay (git-fixes). - net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged (git-fixes). - net/mlx5: E-Switch, Initialize MAC Address for Default GID (git-fixes). - net/mlx5: E-switch, Fix error handling for enabling roce (git-fixes). - net/mlx5e: Disable MACsec offload for uplink representor profile (git-fixes). - net: Add non-RCU dev_getbyhwaddr() helper (git-fixes). - net: Clear old fragment checksum value in napi_reuse_skb (git-fixes). - net: Handle napi_schedule() calls from non-interrupt (git-fixes). - net: Implement missing SO_TIMESTAMPING_NEW cmsg support (git-fixes). - net: Remove acked SYN flag from packet in the transmit queue correctly (git-fixes). - net: do not dump stack on queue timeout (git-fixes). - net: gro: parse ipv6 ext headers without frag0 invalidation (git-fixes). - net: ipv6: ioam6: fix lwtunnel_output() loop (git-fixes). - net: loopback: Avoid sending IP packets without an Ethernet header (git-fixes). - net: qede: Initialize qede_ll_ops with designated initializer (git-fixes). - net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets (git-fixes). - net: set the minimum for net_hotdata.netdev_budget_usecs (git-fixes). - net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension (git-fixes). - netdev-genl: avoid empty messages in queue dump (git-fixes). - netdev: fix repeated netlink messages in queue dump (git-fixes). - netlink: annotate data-races around sk->sk_err (git-fixes). - netpoll: Ensure clean state on setup failures (git-fixes). - nfs: handle failure of nfs_get_lock_context in unlock path (git-fixes). - nfsd: add list_head nf_gc to struct nfsd_file (git-fixes). - nilfs2: add pointer check for nilfs_direct_propagate() (git-fixes). - nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() (git-fixes). - nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable (git-fixes bsc#1223096). - nvme-pci: add quirk for Samsung PM173x/PM173xa disk (bsc#1241148). - nvme-pci: fix queue unquiesce check on slot_reset (git-fixes). - nvme-pci: make nvme_pci_npages_prp() __always_inline (git-fixes). - nvme-tcp: fix premature queue removal and I/O failover (git-fixes). - nvme-tcp: select CONFIG_TLS from CONFIG_NVME_TCP_TLS (git-fixes). - nvme: Add 'partial_nid' quirk (bsc#1241148). - nvme: Add warning when a partiually unique NID is detected (bsc#1241148). - nvme: fixup scan failure for non-ANA multipath controllers (git-fixes). - nvme: multipath: fix return value of nvme_available_path (git-fixes). - nvme: re-read ANA log page after ns scan completes (git-fixes). - nvme: requeue namespace scan on missed AENs (git-fixes). - nvme: unblock ctrl state transition for firmware update (git-fixes). - nvmet-fc: inline nvmet_fc_delete_assoc (git-fixes). - nvmet-fc: inline nvmet_fc_free_hostport (git-fixes). - nvmet-fc: put ref when assoc->del_work is already scheduled (git-fixes). - nvmet-fc: take tgtport reference only once (git-fixes). - nvmet-fc: update tgtport ref per assoc (git-fixes). - nvmet-fcloop: Remove remote port from list when unlinking (git-fixes). - nvmet-fcloop: add ref counting to lport (git-fixes). - nvmet-fcloop: replace kref with refcount (git-fixes). - nvmet-tcp: select CONFIG_TLS from CONFIG_NVME_TARGET_TCP_TLS (git-fixes). - objtool, panic: Disable SMAP in __stack_chk_fail() (bsc#1243963). - ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes). - octeontx2-pf: qos: fix VF root node parent queue index (git-fixes). - padata: do not leak refcount in reorder_work (git-fixes). - phy: Fix error handling in tegra_xusb_port_init (git-fixes). - phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind (git-fixes). - phy: renesas: rcar-gen3-usb2: Set timing registers only once (git-fixes). - phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking (git-fixes). - phy: tegra: xusb: remove a stray unlock (git-fixes). - platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() (git-fixes). - powercap: intel_rapl: Fix locking in TPMI RAPL (git-fixes). - powerpc/pseries/iommu: create DDW for devices with DMA mask less than 64-bits (bsc#1239691 bsc#1243044 ltc#212555). - qibfs: fix _another_ leak (git-fixes) - rcu/tasks-trace: Handle new PF_IDLE semantics (git-fixes) - rcu/tasks: Handle new PF_IDLE semantics (git-fixes) - rcu: Break rcu_node_0 --> &rq->__lock order (git-fixes) - rcu: Introduce rcu_cpu_online() (git-fixes) - regulator: max20086: fix invalid memory access (git-fixes). - s390/bpf: Store backchain even for leaf progs (git-fixes bsc#1243805). - scsi: Improve CDL control (git-fixes). - scsi: core: Clear flags for scsi_cmnd that did not complete (git-fixes). - scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes (git-fixes). - scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk (bsc#1242993). - scsi: lpfc: Convert timeouts to secs_to_jiffies() (bsc#1242993). - scsi: lpfc: Copyright updates for 14.4.0.9 patches (bsc#1242993). - scsi: lpfc: Create lpfc_vmid_info sysfs entry (bsc#1242993). - scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands (bsc#1242993). - scsi: lpfc: Fix spelling mistake 'Toplogy' -> 'Topology' (bsc#1242993). - scsi: lpfc: Notify FC transport of rport disappearance during PCI fcn reset (bsc#1242993). - scsi: lpfc: Prevent failure to reregister with NVMe transport after PRLI retry (bsc#1242993). - scsi: lpfc: Restart eratt_poll timer if HBA_SETUP flag still unset (bsc#1242993). - scsi: lpfc: Update lpfc version to 14.4.0.9 (bsc#1242993). - scsi: lpfc: Use memcpy() for BIOS version (bsc#1240966). - scsi: lpfc: convert timeouts to secs_to_jiffies() (bsc#1242993). - scsi: megaraid_sas: Block zero-length ATA VPD inquiry (git-fixes). - scsi: pm80xx: Set phy_attached to zero when device is gone (git-fixes). - scsi: qla2xxx: Fix typos in a comment (bsc#1243090). - scsi: qla2xxx: Mark device strings as nonstring (bsc#1243090). - scsi: qla2xxx: Remove duplicate struct crb_addr_pair (bsc#1243090). - scsi: qla2xxx: Remove unused module parameters (bsc#1243090). - scsi: qla2xxx: Remove unused ql_log_qp (bsc#1243090). - scsi: qla2xxx: Remove unused qla2x00_gpsc() (bsc#1243090). - scsi: qla2xxx: Remove unused qla82xx_pci_region_offset() (bsc#1243090). - scsi: qla2xxx: Remove unused qla82xx_wait_for_state_change() (bsc#1243090). - scsi: qla2xxx: Remove unused qlt_83xx_iospace_config() (bsc#1243090). - scsi: qla2xxx: Remove unused qlt_fc_port_deleted() (bsc#1243090). - scsi: qla2xxx: Remove unused qlt_free_qfull_cmds() (bsc#1243090). - selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test (bsc#1242203). - smb3: fix Open files on server counter going negative (git-fixes). - smb: client: Use str_yes_no() helper function (git-fixes). - smb: client: allow more DFS referrals to be cached (git-fixes). - smb: client: avoid unnecessary reconnects when refreshing referrals (git-fixes). - smb: client: change return value in open_cached_dir_by_dentry() if !cfids (git-fixes). - smb: client: do not retry DFS targets on server shutdown (git-fixes). - smb: client: do not trust DFSREF_STORAGE_SERVER bit (git-fixes). - smb: client: do not try following DFS links in cifs_tree_connect() (git-fixes). - smb: client: fix DFS interlink failover (git-fixes). - smb: client: fix DFS mount against old servers with NTLMSSP (git-fixes). - smb: client: fix hang in wait_for_response() for negproto (bsc#1242709). - smb: client: fix potential race in cifs_put_tcon() (git-fixes). - smb: client: fix return value of parse_dfs_referrals() (git-fixes). - smb: client: get rid of @nlsc param in cifs_tree_connect() (git-fixes). - smb: client: get rid of TCP_Server_Info::refpath_lock (git-fixes). - smb: client: get rid of kstrdup() in get_ses_refpath() (git-fixes). - smb: client: improve purging of cached referrals (git-fixes). - smb: client: introduce av_for_each_entry() helper (git-fixes). - smb: client: optimize referral walk on failed link targets (git-fixes). - smb: client: parse DNS domain name from domain= option (git-fixes). - smb: client: parse av pair type 4 in CHALLENGE_MESSAGE (git-fixes). - smb: client: provide dns_resolve_{unc,name} helpers (git-fixes). - smb: client: refresh referral without acquiring refpath_lock (git-fixes). - smb: client: remove unnecessary checks in open_cached_dir() (git-fixes). - spi: loopback-test: Do not split 1024-byte hexdumps (git-fixes). - spi: spi-fsl-dspi: Halt the module after a new message transfer (git-fixes). - spi: spi-fsl-dspi: Reset SR flags before sending a new message (git-fixes). - spi: spi-fsl-dspi: restrict register range for regmap access (git-fixes). - spi: tegra114: Use value to check for invalid delays (git-fixes). - tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress() (git-fixes). - tcp_cubic: fix incorrect HyStart round start detection (git-fixes). - thermal: intel: x86_pkg_temp_thermal: Fix bogus trip temperature (git-fixes). - usb: typec: class: Invalidate USB device pointers on partner unregistration (git-fixes). - vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint (git-fixes). - virtio_console: fix missing byte order handling for cols and rows (git-fixes). - wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request (git-fixes). - wifi: mt76: disable napi on driver removal (git-fixes). - x86/its: Fix build errors when CONFIG_MODULES=n (git-fixes). - x86/xen: move xen_reserve_extra_memory() (git-fixes). - xen/mcelog: Add __nonstring annotations for unterminated strings (git-fixes). - xen: Change xen-acpi-processor dom0 dependency (git-fixes). - xenfs/xensyms: respect hypervisor's 'next' indication (git-fixes). - xhci: Add helper to set an interrupters interrupt moderation interval (git-fixes). - xhci: split free interrupter into separate remove and free parts (git-fixes). - xsk: Add truesize to skb_add_rx_frag() (git-fixes). - xsk: Do not assume metadata is always requested in TX completion (git-fixes). Important SUSE bug 1220112 SUSE bug 1223096 SUSE bug 1226498 SUSE bug 1229491 SUSE bug 1230581 SUSE bug 1231016 SUSE bug 1232649 SUSE bug 1232882 SUSE bug 1233192 SUSE bug 1234154 SUSE bug 1235149 SUSE bug 1235968 SUSE bug 1236142 SUSE bug 1236208 SUSE bug 1237312 SUSE bug 1238212 SUSE bug 1238473 SUSE bug 1238774 SUSE bug 1238992 SUSE bug 1239691 SUSE bug 1239925 SUSE bug 1240593 SUSE bug 1240866 SUSE bug 1240966 SUSE bug 1241148 SUSE bug 1241282 SUSE bug 1241305 SUSE bug 1241340 SUSE bug 1241351 SUSE bug 1241376 SUSE bug 1241448 SUSE bug 1241457 SUSE bug 1241492 SUSE bug 1241519 SUSE bug 1241525 SUSE bug 1241533 SUSE bug 1241538 SUSE bug 1241576 SUSE bug 1241590 SUSE bug 1241595 SUSE bug 1241596 SUSE bug 1241597 SUSE bug 1241625 SUSE bug 1241627 SUSE bug 1241635 SUSE bug 1241638 SUSE bug 1241644 SUSE bug 1241654 SUSE bug 1241657 SUSE bug 1242006 SUSE bug 1242012 SUSE bug 1242035 SUSE bug 1242044 SUSE bug 1242203 SUSE bug 1242343 SUSE bug 1242414 SUSE bug 1242417 SUSE bug 1242501 SUSE bug 1242502 SUSE bug 1242506 SUSE bug 1242507 SUSE bug 1242509 SUSE bug 1242510 SUSE bug 1242512 SUSE bug 1242513 SUSE bug 1242514 SUSE bug 1242520 SUSE bug 1242523 SUSE bug 1242524 SUSE bug 1242529 SUSE bug 1242530 SUSE bug 1242531 SUSE bug 1242532 SUSE bug 1242559 SUSE bug 1242563 SUSE bug 1242564 SUSE bug 1242565 SUSE bug 1242566 SUSE bug 1242567 SUSE bug 1242568 SUSE bug 1242569 SUSE bug 1242574 SUSE bug 1242575 SUSE bug 1242578 SUSE bug 1242584 SUSE bug 1242585 SUSE bug 1242587 SUSE bug 1242591 SUSE bug 1242709 SUSE bug 1242727 SUSE bug 1242758 SUSE bug 1242760 SUSE bug 1242761 SUSE bug 1242762 SUSE bug 1242763 SUSE bug 1242764 SUSE bug 1242766 SUSE bug 1242770 SUSE bug 1242778 SUSE bug 1242781 SUSE bug 1242782 SUSE bug 1242785 SUSE bug 1242786 SUSE bug 1242792 SUSE bug 1242852 SUSE bug 1242854 SUSE bug 1242856 SUSE bug 1242859 SUSE bug 1242860 SUSE bug 1242861 SUSE bug 1242866 SUSE bug 1242867 SUSE bug 1242868 SUSE bug 1242871 SUSE bug 1242873 SUSE bug 1242875 SUSE bug 1242906 SUSE bug 1242908 SUSE bug 1242924 SUSE bug 1242930 SUSE bug 1242944 SUSE bug 1242945 SUSE bug 1242948 SUSE bug 1242949 SUSE bug 1242951 SUSE bug 1242953 SUSE bug 1242955 SUSE bug 1242957 SUSE bug 1242959 SUSE bug 1242961 SUSE bug 1242962 SUSE bug 1242973 SUSE bug 1242974 SUSE bug 1242977 SUSE bug 1242990 SUSE bug 1242993 SUSE bug 1243000 SUSE bug 1243006 SUSE bug 1243011 SUSE bug 1243015 SUSE bug 1243044 SUSE bug 1243049 SUSE bug 1243056 SUSE bug 1243074 SUSE bug 1243076 SUSE bug 1243077 SUSE bug 1243082 SUSE bug 1243090 SUSE bug 1243330 SUSE bug 1243342 SUSE bug 1243456 SUSE bug 1243469 SUSE bug 1243470 SUSE bug 1243471 SUSE bug 1243472 SUSE bug 1243473 SUSE bug 1243476 SUSE bug 1243509 SUSE bug 1243511 SUSE bug 1243513 SUSE bug 1243515 SUSE bug 1243516 SUSE bug 1243517 SUSE bug 1243519 SUSE bug 1243522 SUSE bug 1243524 SUSE bug 1243528 SUSE bug 1243529 SUSE bug 1243530 SUSE bug 1243534 SUSE bug 1243536 SUSE bug 1243539 SUSE bug 1243540 SUSE bug 1243541 SUSE bug 1243543 SUSE bug 1243545 SUSE bug 1243547 SUSE bug 1243559 SUSE bug 1243560 SUSE bug 1243562 SUSE bug 1243567 SUSE bug 1243573 SUSE bug 1243574 SUSE bug 1243575 SUSE bug 1243589 SUSE bug 1243621 SUSE bug 1243624 SUSE bug 1243625 SUSE bug 1243626 SUSE bug 1243627 SUSE bug 1243649 SUSE bug 1243657 SUSE bug 1243658 SUSE bug 1243659 SUSE bug 1243660 SUSE bug 1243664 SUSE bug 1243737 SUSE bug 1243805 SUSE bug 1243963 CVE-2023-53146 at SUSE CVE-2023-53146 at NVD CVE-2024-28956 at SUSE CVE-2024-28956 at NVD CVE-2024-43869 at SUSE CVE-2024-43869 at NVD CVE-2024-46713 at SUSE CVE-2024-46713 at NVD CVE-2024-50106 at SUSE CVE-2024-50106 at NVD CVE-2024-50223 at SUSE CVE-2024-50223 at NVD CVE-2024-53135 at SUSE CVE-2024-53135 at NVD CVE-2024-54458 at SUSE CVE-2024-54458 at NVD CVE-2024-58098 at SUSE CVE-2024-58098 at NVD CVE-2024-58099 at SUSE CVE-2024-58099 at NVD CVE-2024-58100 at SUSE CVE-2024-58100 at NVD CVE-2024-58237 at SUSE CVE-2024-58237 at NVD CVE-2025-21629 at SUSE CVE-2025-21629 at NVD CVE-2025-21648 at SUSE CVE-2025-21648 at NVD CVE-2025-21702 at SUSE CVE-2025-21702 at NVD CVE-2025-21787 at SUSE CVE-2025-21787 at NVD CVE-2025-21814 at SUSE CVE-2025-21814 at NVD CVE-2025-21919 at SUSE CVE-2025-21919 at NVD CVE-2025-22005 at SUSE CVE-2025-22005 at NVD CVE-2025-22021 at SUSE CVE-2025-22021 at NVD CVE-2025-22030 at SUSE CVE-2025-22030 at NVD CVE-2025-22056 at SUSE CVE-2025-22056 at NVD CVE-2025-22057 at SUSE CVE-2025-22057 at NVD CVE-2025-22063 at SUSE CVE-2025-22063 at NVD CVE-2025-22066 at SUSE CVE-2025-22066 at NVD CVE-2025-22070 at SUSE CVE-2025-22070 at NVD CVE-2025-22089 at SUSE CVE-2025-22089 at NVD CVE-2025-22095 at SUSE CVE-2025-22095 at NVD CVE-2025-22103 at SUSE CVE-2025-22103 at NVD CVE-2025-22119 at SUSE CVE-2025-22119 at NVD CVE-2025-22124 at SUSE CVE-2025-22124 at NVD CVE-2025-22125 at SUSE CVE-2025-22125 at NVD CVE-2025-22126 at SUSE CVE-2025-22126 at NVD CVE-2025-23140 at SUSE CVE-2025-23140 at NVD CVE-2025-23141 at SUSE CVE-2025-23141 at NVD CVE-2025-23142 at SUSE CVE-2025-23142 at NVD CVE-2025-23144 at SUSE CVE-2025-23144 at NVD CVE-2025-23146 at SUSE CVE-2025-23146 at NVD CVE-2025-23147 at SUSE CVE-2025-23147 at NVD CVE-2025-23148 at SUSE CVE-2025-23148 at NVD CVE-2025-23149 at SUSE CVE-2025-23149 at NVD CVE-2025-23150 at SUSE CVE-2025-23150 at NVD CVE-2025-23151 at SUSE CVE-2025-23151 at NVD CVE-2025-23156 at SUSE CVE-2025-23156 at NVD CVE-2025-23157 at SUSE CVE-2025-23157 at NVD CVE-2025-23158 at SUSE CVE-2025-23158 at NVD CVE-2025-23159 at SUSE CVE-2025-23159 at NVD CVE-2025-23160 at SUSE CVE-2025-23160 at NVD CVE-2025-23161 at SUSE CVE-2025-23161 at NVD CVE-2025-37740 at SUSE CVE-2025-37740 at NVD CVE-2025-37741 at SUSE CVE-2025-37741 at NVD CVE-2025-37742 at SUSE CVE-2025-37742 at NVD CVE-2025-37747 at SUSE CVE-2025-37747 at NVD CVE-2025-37748 at SUSE CVE-2025-37748 at NVD CVE-2025-37749 at SUSE CVE-2025-37749 at NVD CVE-2025-37750 at SUSE CVE-2025-37750 at NVD CVE-2025-37754 at SUSE CVE-2025-37754 at NVD CVE-2025-37755 at SUSE CVE-2025-37755 at NVD CVE-2025-37758 at SUSE CVE-2025-37758 at NVD CVE-2025-37765 at SUSE CVE-2025-37765 at NVD CVE-2025-37766 at SUSE CVE-2025-37766 at NVD CVE-2025-37767 at SUSE CVE-2025-37767 at NVD CVE-2025-37768 at SUSE CVE-2025-37768 at NVD CVE-2025-37769 at SUSE CVE-2025-37769 at NVD CVE-2025-37770 at SUSE CVE-2025-37770 at NVD CVE-2025-37771 at SUSE CVE-2025-37771 at NVD CVE-2025-37772 at SUSE CVE-2025-37772 at NVD CVE-2025-37773 at SUSE CVE-2025-37773 at NVD CVE-2025-37780 at SUSE CVE-2025-37780 at NVD CVE-2025-37781 at SUSE CVE-2025-37781 at NVD CVE-2025-37782 at SUSE CVE-2025-37782 at NVD CVE-2025-37787 at SUSE CVE-2025-37787 at NVD CVE-2025-37788 at SUSE CVE-2025-37788 at NVD CVE-2025-37789 at SUSE CVE-2025-37789 at NVD CVE-2025-37790 at SUSE CVE-2025-37790 at NVD CVE-2025-37792 at SUSE CVE-2025-37792 at NVD CVE-2025-37793 at SUSE CVE-2025-37793 at NVD CVE-2025-37794 at SUSE CVE-2025-37794 at NVD CVE-2025-37796 at SUSE CVE-2025-37796 at NVD CVE-2025-37797 at SUSE CVE-2025-37797 at NVD CVE-2025-37798 at SUSE CVE-2025-37798 at NVD CVE-2025-37803 at SUSE CVE-2025-37803 at NVD CVE-2025-37804 at SUSE CVE-2025-37804 at NVD CVE-2025-37805 at SUSE CVE-2025-37805 at NVD CVE-2025-37809 at SUSE CVE-2025-37809 at NVD CVE-2025-37810 at SUSE CVE-2025-37810 at NVD CVE-2025-37812 at SUSE CVE-2025-37812 at NVD CVE-2025-37815 at SUSE CVE-2025-37815 at NVD CVE-2025-37819 at SUSE CVE-2025-37819 at NVD CVE-2025-37820 at SUSE CVE-2025-37820 at NVD CVE-2025-37823 at SUSE CVE-2025-37823 at NVD CVE-2025-37824 at SUSE CVE-2025-37824 at NVD CVE-2025-37829 at SUSE CVE-2025-37829 at NVD CVE-2025-37830 at SUSE CVE-2025-37830 at NVD CVE-2025-37831 at SUSE CVE-2025-37831 at NVD CVE-2025-37833 at SUSE CVE-2025-37833 at NVD CVE-2025-37836 at SUSE CVE-2025-37836 at NVD CVE-2025-37839 at SUSE CVE-2025-37839 at NVD CVE-2025-37840 at SUSE CVE-2025-37840 at NVD CVE-2025-37841 at SUSE CVE-2025-37841 at NVD CVE-2025-37842 at SUSE CVE-2025-37842 at NVD CVE-2025-37849 at SUSE CVE-2025-37849 at NVD CVE-2025-37850 at SUSE CVE-2025-37850 at NVD CVE-2025-37851 at SUSE CVE-2025-37851 at NVD CVE-2025-37852 at SUSE CVE-2025-37852 at NVD CVE-2025-37853 at SUSE CVE-2025-37853 at NVD CVE-2025-37854 at SUSE CVE-2025-37854 at NVD CVE-2025-37858 at SUSE CVE-2025-37858 at NVD CVE-2025-37867 at SUSE CVE-2025-37867 at NVD CVE-2025-37870 at SUSE CVE-2025-37870 at NVD CVE-2025-37871 at SUSE CVE-2025-37871 at NVD CVE-2025-37873 at SUSE CVE-2025-37873 at NVD CVE-2025-37875 at SUSE CVE-2025-37875 at NVD CVE-2025-37879 at SUSE CVE-2025-37879 at NVD CVE-2025-37881 at SUSE CVE-2025-37881 at NVD CVE-2025-37886 at SUSE CVE-2025-37886 at NVD CVE-2025-37887 at SUSE CVE-2025-37887 at NVD CVE-2025-37889 at SUSE CVE-2025-37889 at NVD CVE-2025-37890 at SUSE CVE-2025-37890 at NVD CVE-2025-37891 at SUSE CVE-2025-37891 at NVD CVE-2025-37892 at SUSE CVE-2025-37892 at NVD CVE-2025-37897 at SUSE CVE-2025-37897 at NVD CVE-2025-37900 at SUSE CVE-2025-37900 at NVD CVE-2025-37901 at SUSE CVE-2025-37901 at NVD CVE-2025-37903 at SUSE CVE-2025-37903 at NVD CVE-2025-37905 at SUSE CVE-2025-37905 at NVD CVE-2025-37911 at SUSE CVE-2025-37911 at NVD CVE-2025-37912 at SUSE CVE-2025-37912 at NVD CVE-2025-37913 at SUSE CVE-2025-37913 at NVD CVE-2025-37914 at SUSE CVE-2025-37914 at NVD CVE-2025-37915 at SUSE CVE-2025-37915 at NVD CVE-2025-37918 at SUSE CVE-2025-37918 at NVD CVE-2025-37925 at SUSE CVE-2025-37925 at NVD CVE-2025-37928 at SUSE CVE-2025-37928 at NVD CVE-2025-37929 at SUSE CVE-2025-37929 at NVD CVE-2025-37930 at SUSE CVE-2025-37930 at NVD CVE-2025-37931 at SUSE CVE-2025-37931 at NVD CVE-2025-37932 at SUSE CVE-2025-37932 at NVD CVE-2025-37937 at SUSE CVE-2025-37937 at NVD CVE-2025-37943 at SUSE CVE-2025-37943 at NVD CVE-2025-37944 at SUSE CVE-2025-37944 at NVD CVE-2025-37948 at SUSE CVE-2025-37948 at NVD CVE-2025-37949 at SUSE CVE-2025-37949 at NVD CVE-2025-37951 at SUSE CVE-2025-37951 at NVD CVE-2025-37953 at SUSE CVE-2025-37953 at NVD CVE-2025-37954 at SUSE CVE-2025-37954 at NVD CVE-2025-37957 at SUSE CVE-2025-37957 at NVD CVE-2025-37958 at SUSE CVE-2025-37958 at NVD CVE-2025-37959 at SUSE CVE-2025-37959 at NVD CVE-2025-37960 at SUSE CVE-2025-37960 at NVD CVE-2025-37963 at SUSE CVE-2025-37963 at NVD CVE-2025-37969 at SUSE CVE-2025-37969 at NVD CVE-2025-37970 at SUSE CVE-2025-37970 at NVD CVE-2025-37972 at SUSE CVE-2025-37972 at NVD CVE-2025-37974 at SUSE CVE-2025-37974 at NVD CVE-2025-37978 at SUSE CVE-2025-37978 at NVD CVE-2025-37979 at SUSE CVE-2025-37979 at NVD CVE-2025-37980 at SUSE CVE-2025-37980 at NVD CVE-2025-37982 at SUSE CVE-2025-37982 at NVD CVE-2025-37983 at SUSE CVE-2025-37983 at NVD CVE-2025-37985 at SUSE CVE-2025-37985 at NVD CVE-2025-37986 at SUSE CVE-2025-37986 at NVD CVE-2025-37989 at SUSE CVE-2025-37989 at NVD CVE-2025-37990 at SUSE CVE-2025-37990 at NVD CVE-2025-38104 at SUSE CVE-2025-38104 at NVD CVE-2025-38152 at SUSE CVE-2025-38152 at NVD CVE-2025-38240 at SUSE CVE-2025-38240 at NVD CVE-2025-38637 at SUSE CVE-2025-38637 at NVD CVE-2025-39735 at SUSE CVE-2025-39735 at NVD CVE-2025-40014 at SUSE CVE-2025-40014 at NVD CVE-2025-40325 at SUSE CVE-2025-40325 at NVD cpe:/o:opensuse:leap:15.6 Security update for wireshark (Moderate) openSUSE Leap 15.6 This update for wireshark fixes the following issues: - CVE-2025-5601: Dissection engine crash (bsc#1244081). Moderate SUSE bug 1244081 CVE-2025-5601 at SUSE CVE-2025-5601 at NVD cpe:/o:opensuse:leap:15.6 Security update for xwayland (Important) openSUSE Leap 15.6 This update for xwayland fixes the following issues: - CVE-2025-49175: Out-of-bounds access in X Rendering extension (Animated cursors) (bsc#1244082). - CVE-2025-49176: Integer overflow in Big Requests Extension (bsc#1244084). - CVE-2025-49177: Data leak in XFIXES Extension 6 (XFixesSetClientDisconnectMode) (bsc#1244085). - CVE-2025-49178: Unprocessed client request via bytes to ignore (bsc#1244087). - CVE-2025-49179: Integer overflow in X Record extension (bsc#1244089). - CVE-2025-49180: Integer overflow in RandR extension (RRChangeProviderProperty) (bsc#1244090). Important SUSE bug 1244082 SUSE bug 1244084 SUSE bug 1244085 SUSE bug 1244087 SUSE bug 1244089 SUSE bug 1244090 CVE-2025-49175 at SUSE CVE-2025-49175 at NVD CVE-2025-49176 at SUSE CVE-2025-49176 at NVD CVE-2025-49177 at SUSE CVE-2025-49177 at NVD CVE-2025-49178 at SUSE CVE-2025-49178 at NVD CVE-2025-49179 at SUSE CVE-2025-49179 at NVD CVE-2025-49180 at SUSE CVE-2025-49180 at NVD cpe:/o:opensuse:leap:15.6 Security update for xorg-x11-server (Important) openSUSE Leap 15.6 This update for xorg-x11-server fixes the following issues: - CVE-2025-49175: Out-of-bounds access in X Rendering extension (Animated cursors) (bsc#1244082). - CVE-2025-49176: Integer overflow in Big Requests Extension (bsc#1244084). - CVE-2025-49177: Data leak in XFIXES Extension 6 (XFixesSetClientDisconnectMode) (bsc#1244085). - CVE-2025-49178: Unprocessed client request via bytes to ignore (bsc#1244087). - CVE-2025-49179: Integer overflow in X Record extension (bsc#1244089). - CVE-2025-49180: Integer overflow in RandR extension (RRChangeProviderProperty) (bsc#1244090). Important SUSE bug 1244082 SUSE bug 1244084 SUSE bug 1244085 SUSE bug 1244087 SUSE bug 1244089 SUSE bug 1244090 CVE-2025-49175 at SUSE CVE-2025-49175 at NVD CVE-2025-49176 at SUSE CVE-2025-49176 at NVD CVE-2025-49177 at SUSE CVE-2025-49177 at NVD CVE-2025-49178 at SUSE CVE-2025-49178 at NVD CVE-2025-49179 at SUSE CVE-2025-49179 at NVD CVE-2025-49180 at SUSE CVE-2025-49180 at NVD cpe:/o:opensuse:leap:15.6 Security update for golang-github-prometheus-node_exporter (Moderate) openSUSE Leap 15.6 This update for golang-github-prometheus-node_exporter fixes the following issues: golang-github-prometheus-node_exporter was updated to version 1.9.1: - Security issues fixed: * CVE-2025-22870: Bumped golang.org/x/net to version 0.37.0 (bsc#1238686) - Other bugs fixed: * pressure: Fixed missing IRQ on older kernels * Fix Darwin memory leak Moderate SUSE bug 1236516 SUSE bug 1238686 CVE-2023-45288 at SUSE CVE-2023-45288 at NVD CVE-2025-22870 at SUSE CVE-2025-22870 at NVD cpe:/o:opensuse:leap:15.6 Security update for Multi-Linux Manager Client Tools (Moderate) openSUSE Leap 15.6 This update fixes the following issues: golang-github-prometheus-prometheus was updated to version 2.53.4: - Security issues fixed: * CVE-2023-45288: Require Go >= 1.23 for building (bsc#1236516) * CVE-2025-22870: Bumped golang.org/x/net to version 0.39.0 (bsc#1238686) - Other bugs fixes from version 2.53.4: * Runtime: fixed GOGC being set to 0 when installed with empty prometheus.yml file resulting high cpu usage * Scrape: fixed dropping valid metrics after previous scrape failed prometheus-blackbox_exporter was updated from version 0.24.0 to 0.26.0 (jsc#PED-12872): - Security issues fixed: * CVE-2025-22870: Fixed proxy bypassing using IPv6 zone IDs (bsc#1238680) * CVE-2023-45288: Fixed closing connections when receiving too many headers (bsc#1236515) - Other changes from version 0.26.0: * Changes: + Replace go-kit/log with log/slog module. * Features: + Add metric to record tls ciphersuite negotiated during handshake. + Add a way to export labels with content matched by the probe. Reports Certificate Serial number. * Enhancement: + Add stale workflow to start sync with stale.yaml in Prometheus. * Bug fixes: + Only register grpc TLS metrics on successful handshake. - Other changes from version 0.25.0: * Features: + Allow to get Probe logs by target. + Log errors from probe. * Bug fixes: + Prevent logging confusing error message. + Explicit registration of internal exporter metrics. grafana was updated from version 10.4.15 to 11.5.5 (jsc#PED-12918): - Security issues fixed: * CVE-2025-4123: Fix cross-site scripting vulnerability (bsc#1243714). * CVE-2025-22872: Bump golang.org/x/net/html (bsc#1241809) * CVE-2025-3580: Prevent unauthorized server admin deletion (bsc#1243672). * CVE-2025-29923: Bump github.com/redis/go-redis/v9 to 9.6.3. * CVE-2025-3454: Sanitize paths before evaluating access to route (bsc#1241683). * CVE-2025-2703: Fix built-in XY Chart plugin (bsc#1241687). * CVE-2025-22870: Bump golang.org/x/net (bsc#1238703). * CVE-2024-9476: Fix Migration Assistant issue (bsc#1233343) * CVE-2024-9264: SQL Expressions (bsc#1231844) * CVE-2023-45288: Bump golang.org/x/net (bsc#1236510) * CVE-2025-22870: Bump golang.org/x/net to version 0.37.0 (bsc#1238686) - Potential breaking changes in version 11.5.0: * Loki: Default to /labels API with query param instead of /series API. - Potential breaking changes in version 11.0.1: * If you had selected your language as 'Portugu?s Brasileiro' previously, this will be reset. You have to select it again in your Preferences for the fix to be applied and the translations will then be shown. - Potential breaking changes in version 11.0.0: * AngularJS support is turned off by default. * Legacy alerting is entirely removed. * Subfolders cause very rare issues with folders which have slashes in their names. * The input data source is removed. * Data sources: Responses which are associated with hidden queries will be removed (filtered) by Grafana. * The URL which is generated when viewing an individual repeated panel has changed. * React Router is deprecated. * The grafana/e2e testing tool is deprecated. - This update brings many new features, enhancements and fixes highlighted at: * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v11-5/ * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v11-4/ * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v11-3/ * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v11-2/ * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v11-1/ * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v11-0/ Moderate SUSE bug 1208752 SUSE bug 1231844 SUSE bug 1233343 SUSE bug 1236510 SUSE bug 1236515 SUSE bug 1236516 SUSE bug 1238680 SUSE bug 1238686 SUSE bug 1238703 SUSE bug 1241683 SUSE bug 1241687 SUSE bug 1241809 SUSE bug 1243672 SUSE bug 1243714 CVE-2023-45288 at SUSE CVE-2023-45288 at NVD CVE-2024-9264 at SUSE CVE-2024-9264 at NVD CVE-2024-9476 at SUSE CVE-2024-9476 at NVD CVE-2025-22870 at SUSE CVE-2025-22870 at NVD CVE-2025-22872 at SUSE CVE-2025-22872 at NVD CVE-2025-2703 at SUSE CVE-2025-2703 at NVD CVE-2025-29923 at SUSE CVE-2025-29923 at NVD CVE-2025-3454 at SUSE CVE-2025-3454 at NVD cpe:/o:opensuse:leap:15.6 Security update for golang-github-prometheus-prometheus (Moderate) openSUSE Leap 15.6 This update for golang-github-prometheus-prometheus fixes the following issues: - Security issues fixed: * CVE-2023-45288: Require Go >= 1.23 for building (bsc#1236516) * CVE-2025-22870: Bump golang.org/x/net to version 0.39.0 (bsc#1238686) - Version was updated to 2.53.4 with the following bug fixes: * Runtime: fix GOGC is being set to 0 when installed with empty prometheus.yml file resulting high cpu usage * Scrape: fix dropping valid metrics after previous scrape failed Moderate SUSE bug 1208752 SUSE bug 1236516 SUSE bug 1238686 CVE-2023-45288 at SUSE CVE-2023-45288 at NVD CVE-2025-22870 at SUSE CVE-2025-22870 at NVD cpe:/o:opensuse:leap:15.6 Security update for grafana (Moderate) openSUSE Leap 15.6 This update for grafana fixes the following issues: grafana was updated from version 10.4.15 to 11.5.5 (jsc#PED-12918): - Security issues fixed: * CVE-2025-4123: Fix cross-site scripting vulnerability (bsc#1243714). * CVE-2025-22872: Bump golang.org/x/net/html (bsc#1241809) * CVE-2025-3580: Prevent unauthorized server admin deletion (bsc#1243672). * CVE-2025-29923: Bump github.com/redis/go-redis/v9 to 9.6.3. * CVE-2025-3454: Sanitize paths before evaluating access to route (bsc#1241683). * CVE-2025-2703: Fix built-in XY Chart plugin (bsc#1241687). * CVE-2025-22870: Bump golang.org/x/net (bsc#1238703). * CVE-2024-9476: Fix Migration Assistant issue (bsc#1233343) * CVE-2024-9264: SQL Expressions (bsc#1231844) * CVE-2023-45288: Bump golang.org/x/net (bsc#1236510) * CVE-2025-22870: Bump golang.org/x/net to version 0.37.0 (bsc#1238686) - Potential breaking changes in version 11.5.0: * Loki: Default to /labels API with query param instead of /series API. - Potential breaking changes in version 11.0.1: * If you had selected your language as 'Portugu?s Brasileiro' previously, this will be reset. You have to select it again in your Preferences for the fix to be applied and the translations will then be shown. - Potential breaking changes in version 11.0.0: * AngularJS support is turned off by default. * Legacy alerting is entirely removed. * Subfolders cause very rare issues with folders which have slashes in their names. * The input data source is removed. * Data sources: Responses which are associated with hidden queries will be removed (filtered) by Grafana. * The URL which is generated when viewing an individual repeated panel has changed. * React Router is deprecated. * The grafana/e2e testing tool is deprecated. - This update brings many new features, enhancements and fixes highlighted at: * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v11-5/ * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v11-4/ * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v11-3/ * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v11-2/ * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v11-1/ * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v11-0/ Moderate SUSE bug 1231844 SUSE bug 1233343 SUSE bug 1236510 SUSE bug 1236516 SUSE bug 1238686 SUSE bug 1238703 SUSE bug 1241683 SUSE bug 1241687 SUSE bug 1241809 SUSE bug 1243672 SUSE bug 1243714 CVE-2023-45288 at SUSE CVE-2023-45288 at NVD CVE-2024-9264 at SUSE CVE-2024-9264 at NVD CVE-2024-9476 at SUSE CVE-2024-9476 at NVD CVE-2025-22870 at SUSE CVE-2025-22870 at NVD CVE-2025-22872 at SUSE CVE-2025-22872 at NVD CVE-2025-2703 at SUSE CVE-2025-2703 at NVD CVE-2025-29923 at SUSE CVE-2025-29923 at NVD CVE-2025-3454 at SUSE CVE-2025-3454 at NVD cpe:/o:opensuse:leap:15.6 Security update for golang-github-prometheus-alertmanager (Moderate) openSUSE Leap 15.6 This update for golang-github-prometheus-alertmanager fixes the following issues: - Security: * CVE-2025-22870: Fix proxy bypassing using IPv6 zone IDs (bsc#1238686) * CVE-2023-45288: Fix HTTP/2 CONTINUATION flood in net/http (bsc#1236516) Moderate SUSE bug 1236516 SUSE bug 1238686 CVE-2023-45288 at SUSE CVE-2023-45288 at NVD CVE-2025-22870 at SUSE CVE-2025-22870 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-28956: x86/ibt: Keep IBT disabled during alternative patching (bsc#1242006). - CVE-2024-46713: kabi fix for perf/aux: Fix AUX buffer serialization (bsc#1230581). - CVE-2024-50223: sched/numa: Fix the potential null pointer dereference in (bsc#1233192). - CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154). - CVE-2024-54458: scsi: ufs: bsg: Set bsg_queue to NULL after removal (bsc#1238992). - CVE-2025-21648: netfilter: conntrack: clamp maximum hashtable size to INT_MAX (bsc#1236142). - CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312). - CVE-2025-21787: team: better TEAM_OPTION_TYPE_STRING validation (bsc#1238774). - CVE-2025-21814: ptp: Ensure info->enable callback is always set (bsc#1238473). - CVE-2025-21919: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list (bsc#1240593). - CVE-2025-22021: netfilter: socket: Lookup orig tuple for IPv6 SNAT (bsc#1241282). - CVE-2025-22030: mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() (bsc#1241376). - CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525). - CVE-2025-22057: net: decrease cached dst counters in dst_release (bsc#1241533). - CVE-2025-22063: netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (bsc#1241351). - CVE-2025-22070: fs/9p: fix NULL pointer dereference on mkdir (bsc#1241305). - CVE-2025-22103: net: fix NULL pointer dereference in l3mdev_l3_rcv (bsc#1241448). - CVE-2025-23140: misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error (bsc#1242763). - CVE-2025-23150: ext4: fix off-by-one error in do_split (bsc#1242513). - CVE-2025-23160: media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization (bsc#1242507). - CVE-2025-37748: iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group (bsc#1242523). - CVE-2025-37749: net: ppp: Add bound checking for skb data on ppp_sync_txmung (bsc#1242859). - CVE-2025-37750: smb: client: fix UAF in decryption with multichannel (bsc#1242510). - CVE-2025-37755: net: libwx: handle page_pool_dev_alloc_pages error (bsc#1242506). - CVE-2025-37773: virtiofs: add filesystem context source name check (bsc#1242502). - CVE-2025-37780: isofs: Prevent the use of too small fid (bsc#1242786). - CVE-2025-37787: net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered (bsc#1242585). - CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762). - CVE-2025-37790: net: mctp: Set SOCK_RCU_FREE (bsc#1242509). - CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417). - CVE-2025-37803: udmabuf: fix a buf size overflow issue during udmabuf creation (bsc#1242852). - CVE-2025-37804: io_uring: always do atomic put from iowq (bsc#1242854). - CVE-2025-37809: usb: typec: class: Unlocked on error in typec_register_partner() (bsc#1242856). - CVE-2025-37820: xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() (bsc#1242866). - CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924). - CVE-2025-37824: tipc: fix NULL pointer dereference in tipc_mon_reinit_self() (bsc#1242867). - CVE-2025-37829: cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() (bsc#1242875). - CVE-2025-37830: cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() (bsc#1242860). - CVE-2025-37831: cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() (bsc#1242861). - CVE-2025-37833: net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads (bsc#1242868). - CVE-2025-37842: spi: fsl-qspi: Fix double cleanup in probe error path (bsc#1242951). - CVE-2025-37870: drm/amd/display: prevent hang on link training fail (bsc#1243056). - CVE-2025-37879: 9p/net: fix improper handling of bogus negative read/write replies (bsc#1243077). - CVE-2025-37886: pds_core: make wait_context part of q_info (bsc#1242944). - CVE-2025-37887: pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result (bsc#1242962). - CVE-2025-37949: xenbus: Use kref to track req lifetime (bsc#1243541). - CVE-2025-37954: smb: client: Avoid race in open_cached_dir with lease breaks (bsc#1243664). - CVE-2025-37957: KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception (bsc#1243513). - CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539). - CVE-2025-37960: memblock: Accept allocated memory before use in memblock_double_array() (bsc#1243519). - CVE-2025-37974: s390/pci: Fix missing check for zpci_create_device() error return (bsc#1243547). - CVE-2025-38152: remoteproc: core: Clear table_sz when rproc_shutdown (bsc#1241627). - CVE-2025-38637: net_sched: skbprio: Remove overly strict queue assertions (bsc#1241657). The following non-security bugs were fixed: - ACPI: PPTT: Fix processor subtable walk (git-fixes). - ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() (git-fixes). - ALSA: seq: Fix delivery of UMP events to group ports (git-fixes). - ALSA: sh: SND_AICA should depend on SH_DMA_API (git-fixes). - ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info (git-fixes). - ALSA: usb-audio: Add retry on -EPROTO from usb_set_interface() (stable-fixes). - ALSA: usb-audio: Add sample rate quirk for Audioengine D1 (git-fixes). - ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera (stable-fixes). - ALSA: usb-audio: Add second USB ID for Jabra Evolve 65 headset (stable-fixes). - ASoC: SOF: ipc4-control: Use SOF_CTRL_CMD_BINARY as numid for bytes_ext (git-fixes). - ASoC: SOF: ipc4-pcm: Delay reporting is only supported for playback direction (git-fixes). - ASoC: Use of_property_read_bool() (stable-fixes). - ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties (stable-fixes). - ASoc: SOF: topology: connect DAI to a single DAI link (git-fixes). - Bluetooth: L2CAP: Fix not checking l2cap_chan security level (git-fixes). - Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags (git-fixes). - Bluetooth: btusb: use skb_pull to avoid unsafe access in QCA dump handling (git-fixes). - Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges (git-fixes). - Fix write to cloned skb in ipv6_hop_ioam() (git-fixes). - HID: thrustmaster: fix memory leak in thrustmaster_interrupts() (git-fixes). - HID: uclogic: Add NULL check in uclogic_input_configured() (git-fixes). - IB/cm: use rwlock for MAD agent lock (git-fixes) - Input: cyttsp5 - ensure minimum reset pulse width (git-fixes). - Input: mtk-pmic-keys - fix possible null pointer dereference (git-fixes). - Input: synaptics - enable InterTouch on Dell Precision M3800 (stable-fixes). - Input: synaptics - enable InterTouch on Dynabook Portege X30-D (stable-fixes). - Input: synaptics - enable InterTouch on Dynabook Portege X30L-G (stable-fixes). - Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 (stable-fixes). - Input: synaptics - enable SMBus for HP Elitebook 850 G1 (stable-fixes). - Input: synaptics-rmi - fix crash with unsupported versions of F34 (git-fixes). - Input: xpad - add support for 8BitDo Ultimate 2 Wireless Controller (stable-fixes). - Input: xpad - fix Share button on Xbox One controllers (stable-fixes). - Input: xpad - fix two controller table values (git-fixes). - KVM: SVM: Allocate IR data using atomic allocation (git-fixes). - KVM: SVM: Drop DEBUGCTL[5:2] from guest's effective value (git-fixes). - KVM: SVM: Suppress DEBUGCTL.BTF on AMD (git-fixes). - KVM: SVM: Update dump_ghcb() to use the GHCB snapshot fields (git-fixes). - KVM: VMX: Do not modify guest XFD_ERR if CR0.TS=1 (git-fixes). - KVM: arm64: Change kvm_handle_mmio_return() return polarity (git-fixes). - KVM: arm64: Fix RAS trapping in pKVM for protected VMs (git-fixes). - KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status (git-fixes). - KVM: arm64: Mark some header functions as inline (git-fixes). - KVM: arm64: Tear down vGIC on failed vCPU creation (git-fixes). - KVM: arm64: timer: Always evaluate the need for a soft timer (git-fixes). - KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* (git-fixes). - KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device (git-fixes). - KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE (git-fixes). - KVM: arm64: vgic-v4: Fall back to software irqbypass if LPI not found (git-fixes). - KVM: arm64: vgic-v4: Only attempt vLPI mapping for actual MSIs (git-fixes). - KVM: nSVM: Pass next RIP, not current RIP, for nested VM-Exit on emulation (git-fixes). - KVM: nVMX: Allow emulating RDPID on behalf of L2 (git-fixes). - KVM: nVMX: Check PAUSE_EXITING, not BUS_LOCK_DETECTION, on PAUSE emulation (git-fixes). - KVM: s390: Do not use %pK through debug printing (git-fixes bsc#1243657). - KVM: s390: Do not use %pK through tracepoints (git-fixes bsc#1243658). - KVM: x86/xen: Use guest's copy of pvclock when starting timer (git-fixes). - KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (git-fixes). - KVM: x86: Do not take kvm->lock when iterating over vCPUs in suspend notifier (git-fixes). - KVM: x86: Explicitly treat routing entry type changes as changes (git-fixes). - KVM: x86: Explicitly zero EAX and EBX when PERFMON_V2 isn't supported by KVM (git-fixes). - KVM: x86: Explicitly zero-initialize on-stack CPUID unions (git-fixes). - KVM: x86: Make x2APIC ID 100% readonly (git-fixes). - KVM: x86: Reject disabling of MWAIT/HLT interception when not allowed (git-fixes). - KVM: x86: Remove the unreachable case for 0x80000022 leaf in __do_cpuid_func() (git-fixes). - KVM: x86: Wake vCPU for PIC interrupt injection iff a valid IRQ was found (git-fixes). - NFS: O_DIRECT writes must check and adjust the file length (git-fixes). - NFSD: Skip sending CB_RECALL_ANY when the backchannel isn't up (git-fixes). - NFSv4/pnfs: Reset the layout state after a layoutreturn (git-fixes). - NFSv4: Do not trigger uneccessary scans for return-on-close delegations (git-fixes). - RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work (git-fixes) - RDMA/core: Fix 'KASAN: slab-use-after-free Read in ib_register_device' problem (git-fixes) - RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h (git-fixes) - RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (git-fixes) - RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction (git-fixes) - RDMA/rxe: Fix 'trying to register non-static key in rxe_qp_do_cleanup' bug (git-fixes) - RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (git-fixes) - Squashfs: check return result of sb_min_blocksize (git-fixes). - USB: usbtmc: use interruptible sleep in usbtmc_read (git-fixes). - Xen/swiotlb: mark xen_swiotlb_fixup() __init (git-fixes). - add bug reference for an existing hv_netvsc change (bsc#1243737). - afs: Fix the server_list to unuse a displaced server rather than putting it (git-fixes). - afs: Make it possible to find the volumes that are using a server (git-fixes). - arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (git-fixes) - arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (git-fixes) - arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD (git-fixes) - arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2 (git-fixes) - arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays (git-fixes) - arm64: insn: Add support for encoding DSB (git-fixes) - arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (git-fixes) - arm64: proton-pack: Expose whether the branchy loop k value (git-fixes) - arm64: proton-pack: Expose whether the platform is mitigated by (git-fixes) - arp: switch to dev_getbyhwaddr() in arp_req_set_public() (git-fixes). - bnxt_en: Add missing skb_mark_for_recycle() in bnxt_rx_vlan() (git-fixes). - bnxt_en: Fix coredump logic to free allocated buffer (git-fixes). - bnxt_en: Fix ethtool -d byte order for 32-bit values (git-fixes). - bnxt_en: Fix out-of-bound memcpy() during ethtool -w (git-fixes). - bpf: Fix mismatched RCU unlock flavour in bpf_out_neigh_v6 (git-fixes). - bpf: Scrub packet on bpf_redirect_peer (git-fixes). - btrfs: adjust subpage bit start based on sectorsize (bsc#1241492). - btrfs: avoid NULL pointer dereference if no valid csum tree (bsc#1243342). - btrfs: avoid NULL pointer dereference if no valid extent tree (bsc#1236208). - btrfs: avoid monopolizing a core when activating a swap file (git-fixes). - btrfs: do not loop for nowait writes when checking for cross references (git-fixes). - btrfs: fix a leaked chunk map issue in read_one_chunk() (git-fixes). - btrfs: fix discard worker infinite loop after disabling discard (bsc#1242012). - btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers (git-fixes). - cBPF: Refresh fixes for cBPF issue (bsc#1242778) - can: bcm: add locking for bcm_op runtime updates (git-fixes). - can: bcm: add missing rcu read protection for procfs content (git-fixes). - can: gw: fix RCU/BH usage in cgw_create_job() (git-fixes). - can: mcan: m_can_class_unregister(): fix order of unregistration calls (git-fixes). - can: mcp251xfd: fix TDC setting for low data bit rates (git-fixes). - can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls (git-fixes). - can: slcan: allow reception of short error messages (git-fixes). - check-for-config-changes: Fix flag name typo - cifs: change tcon status when need_reconnect is set on it (git-fixes). - cifs: reduce warning log level for server not advertising interfaces (git-fixes). - crypto: algif_hash - fix double free in hash_accept (git-fixes). - devlink: fix port new reply cmd type (git-fixes). - dm-integrity: fix a warning on invalid table line (git-fixes). - dma-buf: insert memory barrier before updating num_fences (git-fixes). - dmaengine: Revert 'dmaengine: dmatest: Fix dmatest waiting less when interrupted' (git-fixes). - dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals (git-fixes). - dmaengine: idxd: Add missing cleanups in cleanup internals (git-fixes). - dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call (git-fixes). - dmaengine: idxd: Fix ->poll() return value (git-fixes). - dmaengine: idxd: Fix allowing write() from different address spaces (git-fixes). - dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_alloc (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups (git-fixes). - dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs (git-fixes). - dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status() (git-fixes). - dmaengine: mediatek: drop unused variable (git-fixes). - dmaengine: ti: k3-udma: Add missing locking (git-fixes). - dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy (git-fixes). - drm/amd/display: Add scoped mutexes for amdgpu_dm_dhcp (stable-fixes). - drm/amd/display: Avoid flooding unnecessary info messages (git-fixes). - drm/amd/display: Copy AUX read reply data whenever length > 0 (git-fixes). - drm/amd/display: Correct the reply value when AUX write incomplete (git-fixes). - drm/amd/display: Fix slab-use-after-free in hdcp (git-fixes). - drm/amd/display: Fix the checking condition in dmub aux handling (stable-fixes). - drm/amd/display: Fix wrong handling for AUX_DEFER case (git-fixes). - drm/amd/display: Remove incorrect checking in dmub aux handler (git-fixes). - drm/amd/display: Shift DMUB AUX reply command if necessary (git-fixes). - drm/amd/display: more liberal vmin/vmax update for freesync (stable-fixes). - drm/amd: Add Suspend/Hibernate notification callback support (stable-fixes). - drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush (git-fixes). - drm/amdgpu: Queue KFD reset workitem in VF FED (stable-fixes). - drm/amdgpu: fix pm notifier handling (git-fixes). - drm/amdgpu: trigger flr_work if reading pf2vf data failed (stable-fixes). - drm/edid: fixed the bug that hdr metadata was not reset (git-fixes). - drm/panel: simple: Update timings for AUO G101EVN010 (git-fixes). - drm/v3d: Add job to pending list if the reset was skipped (stable-fixes). - exfat: fix potential wrong error return from get_block (git-fixes). - hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (git-fixes). - hv_netvsc: Remove rmsg_pgcnt (git-fixes). - hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages (git-fixes). - i2c: designware: Fix an error handling path in i2c_dw_pci_probe() (git-fixes). - ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr() (git-fixes). - idpf: fix offloads support for encapsulated packets (git-fixes). - idpf: fix potential memory leak on kcalloc() failure (git-fixes). - idpf: protect shutdown from reset (git-fixes). - igc: fix lock order in igc_ptp_reset (git-fixes). - iio: accel: adxl367: fix setting odr for activity time update (git-fixes). - iio: adc: ad7606: fix serial register access (git-fixes). - iio: adis16201: Correct inclinometer channel resolution (git-fixes). - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo (git-fixes). - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo (git-fixes). - iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer (git-fixes). - inetpeer: remove create argument of inet_getpeer_v() (git-fixes). - inetpeer: update inetpeer timestamp in inet_getpeer() (git-fixes). - ipv4/route: avoid unused-but-set-variable warning (git-fixes). - ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR) (git-fixes). - ipv4: Convert icmp_route_lookup() to dscp_t (git-fixes). - ipv4: Fix incorrect source address in Record Route option (git-fixes). - ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family (git-fixes). - ipv4: fix source address selection with route leak (git-fixes). - ipv4: give an IPv4 dev to blackhole_netdev (git-fixes). - ipv4: icmp: Pass full DS field to ip_route_input() (git-fixes). - ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() (git-fixes). - ipv4: ip_gre: Fix drops of small packets in ipgre_xmit (git-fixes). - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_md_tunnel_xmit() (git-fixes). - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_bind_dev() (git-fixes). - ipv4: ip_tunnel: Unmask upper DSCP bits in ip_tunnel_xmit() (git-fixes). - ipv4: properly combine dev_base_seq and ipv4.dev_addr_genid (git-fixes). - ipv4: raw: Fix sending packets from raw sockets via IPsec tunnels (git-fixes). - ipv6: Align behavior across nexthops during path selection (git-fixes). - ipv6: Do not consider link down nexthops in path selection (git-fixes). - ipv6: Start path selection from the first nexthop (git-fixes). - ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS (git-fixes). - irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs (git-fixes). - jiffies: Cast to unsigned long in secs_to_jiffies() conversion (bsc#1242993). - jiffies: Define secs_to_jiffies() (bsc#1242993). - kernel-obs-qa: Use srchash for dependency as well - loop: Add sanity check for read/write_iter (git-fixes). - loop: aio inherit the ioprio of original request (git-fixes). - loop: do not require ->write_iter for writable files in loop_configure (git-fixes). - md/raid1,raid10: do not ignore IO flags (git-fixes). - md/raid10: fix missing discard IO accounting (git-fixes). - md/raid10: wait barrier before returning discard request with REQ_NOWAIT (git-fixes). - md/raid1: Add check for missing source disk in process_checks() (git-fixes). - md/raid1: fix memory leak in raid1_run() if no active rdev (git-fixes). - md/raid5: implement pers->bitmap_sector() (git-fixes). - md: add a new callback pers->bitmap_sector() (git-fixes). - md: ensure resync is prioritized over recovery (git-fixes). - md: fix mddev uaf while iterating all_mddevs list (git-fixes). - md: preserve KABI in struct md_personality v2 (git-fixes). - media: videobuf2: Add missing doc comment for waiting_in_dqbuf (git-fixes). - mtd: phram: Add the kernel lock down check (bsc#1232649). - neighbour: delete redundant judgment statements (git-fixes). - net/handshake: Fix handshake_req_destroy_test1 (git-fixes). - net/handshake: Fix memory leak in __sock_create() and sock_alloc_file() (git-fixes). - net/ipv6: Fix route deleting failure when metric equals 0 (git-fixes). - net/ipv6: Fix the RT cache flush via sysctl using a previous delay (git-fixes). - net/ipv6: delete temporary address if mngtmpaddr is removed or unmanaged (git-fixes). - net/mlx5: E-Switch, Initialize MAC Address for Default GID (git-fixes). - net/mlx5: E-switch, Fix error handling for enabling roce (git-fixes). - net/mlx5e: Disable MACsec offload for uplink representor profile (git-fixes). - net: Add non-RCU dev_getbyhwaddr() helper (git-fixes). - net: Clear old fragment checksum value in napi_reuse_skb (git-fixes). - net: Handle napi_schedule() calls from non-interrupt (git-fixes). - net: Implement missing SO_TIMESTAMPING_NEW cmsg support (git-fixes). - net: Remove acked SYN flag from packet in the transmit queue correctly (git-fixes). - net: do not dump stack on queue timeout (git-fixes). - net: gro: parse ipv6 ext headers without frag0 invalidation (git-fixes). - net: ipv6: ioam6: fix lwtunnel_output() loop (git-fixes). - net: loopback: Avoid sending IP packets without an Ethernet header (git-fixes). - net: qede: Initialize qede_ll_ops with designated initializer (git-fixes). - net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets (git-fixes). - net: set the minimum for net_hotdata.netdev_budget_usecs (git-fixes). - net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension (git-fixes). - netdev-genl: avoid empty messages in queue dump (git-fixes). - netdev: fix repeated netlink messages in queue dump (git-fixes). - netlink: annotate data-races around sk->sk_err (git-fixes). - netpoll: Ensure clean state on setup failures (git-fixes). - nfs: handle failure of nfs_get_lock_context in unlock path (git-fixes). - nfsd: add list_head nf_gc to struct nfsd_file (git-fixes). - nilfs2: add pointer check for nilfs_direct_propagate() (git-fixes). - nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() (git-fixes). - nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable (git-fixes bsc#1223096). - nvme-pci: add quirk for Samsung PM173x/PM173xa disk (bsc#1241148). - nvme-pci: fix queue unquiesce check on slot_reset (git-fixes). - nvme-pci: make nvme_pci_npages_prp() __always_inline (git-fixes). - nvme-tcp: fix premature queue removal and I/O failover (git-fixes). - nvme-tcp: select CONFIG_TLS from CONFIG_NVME_TCP_TLS (git-fixes). - nvme: Add 'partial_nid' quirk (bsc#1241148). - nvme: Add warning when a partiually unique NID is detected (bsc#1241148). - nvme: Update patch nvme-fixup-scan-failure-for-non-ANA-multipath-contro.patch (git-fixes bsc#1235149). - nvme: Update patch nvme-re-read-ANA-log-page-after-ns-scan-completes.patch (git-fixes bsc#1235149). - nvme: fixup scan failure for non-ANA multipath controllers (git-fixes). - nvme: multipath: fix return value of nvme_available_path (git-fixes). - nvme: re-read ANA log page after ns scan completes (git-fixes). - nvme: requeue namespace scan on missed AENs (git-fixes). - nvme: unblock ctrl state transition for firmware update (git-fixes). - nvmet-fc: inline nvmet_fc_delete_assoc (git-fixes). - nvmet-fc: inline nvmet_fc_free_hostport (git-fixes). - nvmet-fc: put ref when assoc->del_work is already scheduled (git-fixes). - nvmet-fc: take tgtport reference only once (git-fixes). - nvmet-fc: update tgtport ref per assoc (git-fixes). - nvmet-fcloop: Remove remote port from list when unlinking (git-fixes). - nvmet-fcloop: add ref counting to lport (git-fixes). - nvmet-fcloop: replace kref with refcount (git-fixes). - nvmet-tcp: select CONFIG_TLS from CONFIG_NVME_TARGET_TCP_TLS (git-fixes). - objtool, panic: Disable SMAP in __stack_chk_fail() (bsc#1243963). - ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes). - octeontx2-pf: qos: fix VF root node parent queue index (git-fixes). - padata: do not leak refcount in reorder_work (git-fixes). - phy: Fix error handling in tegra_xusb_port_init (git-fixes). - phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind (git-fixes). - phy: renesas: rcar-gen3-usb2: Set timing registers only once (git-fixes). - phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking (git-fixes). - phy: tegra: xusb: remove a stray unlock (git-fixes). - platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) (git-fixes). - platform/x86/amd: pmc: Require at least 2.5 seconds between HW sleep cycles (stable-fixes). - platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection (git-fixes). - platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() (git-fixes). - powercap: intel_rapl: Fix locking in TPMI RAPL (git-fixes). - powerpc/pseries/iommu: create DDW for devices with DMA mask less than 64-bits (bsc#1239691 bsc#1243044 ltc#212555). - qibfs: fix _another_ leak (git-fixes) - rcu/tasks-trace: Handle new PF_IDLE semantics (git-fixes) - rcu/tasks: Handle new PF_IDLE semantics (git-fixes) - rcu: Break rcu_node_0 --> &rq->__lock order (git-fixes) - rcu: Introduce rcu_cpu_online() (git-fixes) - regulator: max20086: fix invalid memory access (git-fixes). - rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN - s390/bpf: Store backchain even for leaf progs (git-fixes bsc#1243805). - scsi: Improve CDL control (git-fixes). - scsi: core: Clear flags for scsi_cmnd that did not complete (git-fixes). - scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes (git-fixes). - scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk (bsc#1242993). - scsi: lpfc: Convert timeouts to secs_to_jiffies() (bsc#1242993). - scsi: lpfc: Copyright updates for 14.4.0.9 patches (bsc#1242993). - scsi: lpfc: Create lpfc_vmid_info sysfs entry (bsc#1242993). - scsi: lpfc: Fix lpfc_check_sli_ndlp() handling for GEN_REQUEST64 commands (bsc#1242993). - scsi: lpfc: Fix spelling mistake 'Toplogy' -> 'Topology' (bsc#1242993). - scsi: lpfc: Notify FC transport of rport disappearance during PCI fcn reset (bsc#1242993). - scsi: lpfc: Prevent failure to reregister with NVMe transport after PRLI retry (bsc#1242993). - scsi: lpfc: Restart eratt_poll timer if HBA_SETUP flag still unset (bsc#1242993). - scsi: lpfc: Update lpfc version to 14.4.0.9 (bsc#1242993). - scsi: lpfc: Use memcpy() for BIOS version (bsc#1240966). - scsi: lpfc: convert timeouts to secs_to_jiffies() (bsc#1242993). - scsi: megaraid_sas: Block zero-length ATA VPD inquiry (git-fixes). - scsi: pm80xx: Set phy_attached to zero when device is gone (git-fixes). - scsi: qla2xxx: Fix typos in a comment (bsc#1243090). - scsi: qla2xxx: Mark device strings as nonstring (bsc#1243090). - scsi: qla2xxx: Remove duplicate struct crb_addr_pair (bsc#1243090). - scsi: qla2xxx: Remove unused module parameters (bsc#1243090). - scsi: qla2xxx: Remove unused ql_log_qp (bsc#1243090). - scsi: qla2xxx: Remove unused qla2x00_gpsc() (bsc#1243090). - scsi: qla2xxx: Remove unused qla82xx_pci_region_offset() (bsc#1243090). - scsi: qla2xxx: Remove unused qla82xx_wait_for_state_change() (bsc#1243090). - scsi: qla2xxx: Remove unused qlt_83xx_iospace_config() (bsc#1243090). - scsi: qla2xxx: Remove unused qlt_fc_port_deleted() (bsc#1243090). - scsi: qla2xxx: Remove unused qlt_free_qfull_cmds() (bsc#1243090). - selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test (bsc#1242203). - smb3: fix Open files on server counter going negative (git-fixes). - smb: client: Use str_yes_no() helper function (git-fixes). - smb: client: allow more DFS referrals to be cached (git-fixes). - smb: client: avoid unnecessary reconnects when refreshing referrals (git-fixes). - smb: client: change return value in open_cached_dir_by_dentry() if !cfids (git-fixes). - smb: client: do not retry DFS targets on server shutdown (git-fixes). - smb: client: do not trust DFSREF_STORAGE_SERVER bit (git-fixes). - smb: client: do not try following DFS links in cifs_tree_connect() (git-fixes). - smb: client: fix DFS interlink failover (git-fixes). - smb: client: fix DFS mount against old servers with NTLMSSP (git-fixes). - smb: client: fix hang in wait_for_response() for negproto (bsc#1242709). - smb: client: fix potential race in cifs_put_tcon() (git-fixes). - smb: client: fix return value of parse_dfs_referrals() (git-fixes). - smb: client: get rid of @nlsc param in cifs_tree_connect() (git-fixes). - smb: client: get rid of TCP_Server_Info::refpath_lock (git-fixes). - smb: client: get rid of kstrdup() in get_ses_refpath() (git-fixes). - smb: client: improve purging of cached referrals (git-fixes). - smb: client: introduce av_for_each_entry() helper (git-fixes). - smb: client: optimize referral walk on failed link targets (git-fixes). - smb: client: parse DNS domain name from domain= option (git-fixes). - smb: client: parse av pair type 4 in CHALLENGE_MESSAGE (git-fixes). - smb: client: provide dns_resolve_{unc,name} helpers (git-fixes). - smb: client: refresh referral without acquiring refpath_lock (git-fixes). - smb: client: remove unnecessary checks in open_cached_dir() (git-fixes). - spi: loopback-test: Do not split 1024-byte hexdumps (git-fixes). - spi: spi-fsl-dspi: Halt the module after a new message transfer (git-fixes). - spi: spi-fsl-dspi: Reset SR flags before sending a new message (git-fixes). - spi: spi-fsl-dspi: restrict register range for regmap access (git-fixes). - spi: tegra114: Use value to check for invalid delays (git-fixes). - staging: axis-fifo: Correct handling of tx_fifo_depth for size validation (git-fixes). - staging: axis-fifo: Remove hardware resets for user errors (git-fixes). - staging: iio: adc: ad7816: Correct conditional logic for store mode (git-fixes). - tcp_bpf: Charge receive socket buffer in bpf_tcp_ingress() (git-fixes). - tcp_cubic: fix incorrect HyStart round start detection (git-fixes). - thermal: intel: x86_pkg_temp_thermal: Fix bogus trip temperature (git-fixes). - usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version (git-fixes). - usb: gadget: Use get_status callback to set remote wakeup capability (git-fixes). - usb: gadget: f_ecm: Add get_status callback (git-fixes). - usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN (git-fixes). - usb: host: tegra: Prevent host controller crash when OTG port is used (git-fixes). - usb: typec: class: Invalidate USB device pointers on partner unregistration (git-fixes). - usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition (git-fixes). - usb: typec: ucsi: displayport: Fix NULL pointer access (git-fixes). - usb: uhci-platform: Make the clock really optional (git-fixes). - usb: usbtmc: Fix erroneous generic_read ioctl return (git-fixes). - usb: usbtmc: Fix erroneous get_stb ioctl error returns (git-fixes). - usb: usbtmc: Fix erroneous wait_srq ioctl return (git-fixes). - vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint (git-fixes). - virtio_console: fix missing byte order handling for cols and rows (git-fixes). - wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation (git-fixes). - wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request (git-fixes). - wifi: mt76: disable napi on driver removal (git-fixes). - x86/its: Fix build errors when CONFIG_MODULES=n (git-fixes). - x86/xen: move xen_reserve_extra_memory() (git-fixes). - xen/mcelog: Add __nonstring annotations for unterminated strings (git-fixes). - xen: Change xen-acpi-processor dom0 dependency (git-fixes). - xenfs/xensyms: respect hypervisor's 'next' indication (git-fixes). - xhci: Add helper to set an interrupters interrupt moderation interval (git-fixes). - xhci: Clean up stale comment on ERST_SIZE macro (stable-fixes). - xhci: split free interrupter into separate remove and free parts (git-fixes). - xsk: Add truesize to skb_add_rx_frag() (git-fixes). - xsk: Do not assume metadata is always requested in TX completion (git-fixes). Important SUSE bug 1220112 SUSE bug 1223096 SUSE bug 1226498 SUSE bug 1229491 SUSE bug 1230581 SUSE bug 1231016 SUSE bug 1232649 SUSE bug 1232882 SUSE bug 1233192 SUSE bug 1234154 SUSE bug 1235149 SUSE bug 1235968 SUSE bug 1236142 SUSE bug 1236208 SUSE bug 1237312 SUSE bug 1238212 SUSE bug 1238473 SUSE bug 1238774 SUSE bug 1238992 SUSE bug 1239691 SUSE bug 1239925 SUSE bug 1240593 SUSE bug 1240866 SUSE bug 1240966 SUSE bug 1241148 SUSE bug 1241282 SUSE bug 1241305 SUSE bug 1241340 SUSE bug 1241351 SUSE bug 1241376 SUSE bug 1241448 SUSE bug 1241457 SUSE bug 1241492 SUSE bug 1241519 SUSE bug 1241525 SUSE bug 1241533 SUSE bug 1241538 SUSE bug 1241576 SUSE bug 1241590 SUSE bug 1241595 SUSE bug 1241596 SUSE bug 1241597 SUSE bug 1241625 SUSE bug 1241627 SUSE bug 1241635 SUSE bug 1241638 SUSE bug 1241644 SUSE bug 1241654 SUSE bug 1241657 SUSE bug 1242006 SUSE bug 1242012 SUSE bug 1242035 SUSE bug 1242044 SUSE bug 1242203 SUSE bug 1242343 SUSE bug 1242414 SUSE bug 1242417 SUSE bug 1242501 SUSE bug 1242502 SUSE bug 1242506 SUSE bug 1242507 SUSE bug 1242509 SUSE bug 1242510 SUSE bug 1242512 SUSE bug 1242513 SUSE bug 1242514 SUSE bug 1242520 SUSE bug 1242523 SUSE bug 1242524 SUSE bug 1242529 SUSE bug 1242530 SUSE bug 1242531 SUSE bug 1242532 SUSE bug 1242559 SUSE bug 1242563 SUSE bug 1242564 SUSE bug 1242565 SUSE bug 1242566 SUSE bug 1242567 SUSE bug 1242568 SUSE bug 1242569 SUSE bug 1242574 SUSE bug 1242575 SUSE bug 1242578 SUSE bug 1242584 SUSE bug 1242585 SUSE bug 1242587 SUSE bug 1242591 SUSE bug 1242709 SUSE bug 1242727 SUSE bug 1242758 SUSE bug 1242760 SUSE bug 1242761 SUSE bug 1242762 SUSE bug 1242763 SUSE bug 1242764 SUSE bug 1242766 SUSE bug 1242770 SUSE bug 1242778 SUSE bug 1242781 SUSE bug 1242782 SUSE bug 1242785 SUSE bug 1242786 SUSE bug 1242792 SUSE bug 1242852 SUSE bug 1242854 SUSE bug 1242856 SUSE bug 1242859 SUSE bug 1242860 SUSE bug 1242861 SUSE bug 1242866 SUSE bug 1242867 SUSE bug 1242868 SUSE bug 1242871 SUSE bug 1242873 SUSE bug 1242875 SUSE bug 1242906 SUSE bug 1242908 SUSE bug 1242924 SUSE bug 1242930 SUSE bug 1242944 SUSE bug 1242945 SUSE bug 1242948 SUSE bug 1242949 SUSE bug 1242951 SUSE bug 1242953 SUSE bug 1242955 SUSE bug 1242957 SUSE bug 1242959 SUSE bug 1242961 SUSE bug 1242962 SUSE bug 1242973 SUSE bug 1242974 SUSE bug 1242977 SUSE bug 1242990 SUSE bug 1242993 SUSE bug 1243000 SUSE bug 1243006 SUSE bug 1243011 SUSE bug 1243015 SUSE bug 1243044 SUSE bug 1243049 SUSE bug 1243056 SUSE bug 1243074 SUSE bug 1243076 SUSE bug 1243077 SUSE bug 1243082 SUSE bug 1243090 SUSE bug 1243330 SUSE bug 1243342 SUSE bug 1243456 SUSE bug 1243469 SUSE bug 1243470 SUSE bug 1243471 SUSE bug 1243472 SUSE bug 1243473 SUSE bug 1243476 SUSE bug 1243509 SUSE bug 1243511 SUSE bug 1243513 SUSE bug 1243515 SUSE bug 1243516 SUSE bug 1243517 SUSE bug 1243519 SUSE bug 1243522 SUSE bug 1243524 SUSE bug 1243528 SUSE bug 1243529 SUSE bug 1243530 SUSE bug 1243534 SUSE bug 1243536 SUSE bug 1243539 SUSE bug 1243540 SUSE bug 1243541 SUSE bug 1243543 SUSE bug 1243545 SUSE bug 1243547 SUSE bug 1243559 SUSE bug 1243560 SUSE bug 1243562 SUSE bug 1243567 SUSE bug 1243573 SUSE bug 1243574 SUSE bug 1243575 SUSE bug 1243589 SUSE bug 1243621 SUSE bug 1243624 SUSE bug 1243625 SUSE bug 1243626 SUSE bug 1243627 SUSE bug 1243649 SUSE bug 1243657 SUSE bug 1243658 SUSE bug 1243659 SUSE bug 1243660 SUSE bug 1243664 SUSE bug 1243737 SUSE bug 1243805 SUSE bug 1243963 CVE-2023-53146 at SUSE CVE-2023-53146 at NVD CVE-2024-28956 at SUSE CVE-2024-28956 at NVD CVE-2024-43869 at SUSE CVE-2024-43869 at NVD CVE-2024-46713 at SUSE CVE-2024-46713 at NVD CVE-2024-50106 at SUSE CVE-2024-50106 at NVD CVE-2024-50223 at SUSE CVE-2024-50223 at NVD CVE-2024-53135 at SUSE CVE-2024-53135 at NVD CVE-2024-54458 at SUSE CVE-2024-54458 at NVD CVE-2024-58098 at SUSE CVE-2024-58098 at NVD CVE-2024-58099 at SUSE CVE-2024-58099 at NVD CVE-2024-58100 at SUSE CVE-2024-58100 at NVD CVE-2024-58237 at SUSE CVE-2024-58237 at NVD CVE-2025-21629 at SUSE CVE-2025-21629 at NVD CVE-2025-21648 at SUSE CVE-2025-21648 at NVD CVE-2025-21702 at SUSE CVE-2025-21702 at NVD CVE-2025-21787 at SUSE CVE-2025-21787 at NVD CVE-2025-21814 at SUSE CVE-2025-21814 at NVD CVE-2025-21919 at SUSE CVE-2025-21919 at NVD CVE-2025-22005 at SUSE CVE-2025-22005 at NVD CVE-2025-22021 at SUSE CVE-2025-22021 at NVD CVE-2025-22030 at SUSE CVE-2025-22030 at NVD CVE-2025-22056 at SUSE CVE-2025-22056 at NVD CVE-2025-22057 at SUSE CVE-2025-22057 at NVD CVE-2025-22063 at SUSE CVE-2025-22063 at NVD CVE-2025-22066 at SUSE CVE-2025-22066 at NVD CVE-2025-22070 at SUSE CVE-2025-22070 at NVD CVE-2025-22089 at SUSE CVE-2025-22089 at NVD CVE-2025-22095 at SUSE CVE-2025-22095 at NVD CVE-2025-22103 at SUSE CVE-2025-22103 at NVD CVE-2025-22119 at SUSE CVE-2025-22119 at NVD CVE-2025-22124 at SUSE CVE-2025-22124 at NVD CVE-2025-22125 at SUSE CVE-2025-22125 at NVD CVE-2025-22126 at SUSE CVE-2025-22126 at NVD CVE-2025-23140 at SUSE CVE-2025-23140 at NVD CVE-2025-23141 at SUSE CVE-2025-23141 at NVD CVE-2025-23142 at SUSE CVE-2025-23142 at NVD CVE-2025-23144 at SUSE CVE-2025-23144 at NVD CVE-2025-23146 at SUSE CVE-2025-23146 at NVD CVE-2025-23147 at SUSE CVE-2025-23147 at NVD CVE-2025-23148 at SUSE CVE-2025-23148 at NVD CVE-2025-23149 at SUSE CVE-2025-23149 at NVD CVE-2025-23150 at SUSE CVE-2025-23150 at NVD CVE-2025-23151 at SUSE CVE-2025-23151 at NVD CVE-2025-23156 at SUSE CVE-2025-23156 at NVD CVE-2025-23157 at SUSE CVE-2025-23157 at NVD CVE-2025-23158 at SUSE CVE-2025-23158 at NVD CVE-2025-23159 at SUSE CVE-2025-23159 at NVD CVE-2025-23160 at SUSE CVE-2025-23160 at NVD CVE-2025-23161 at SUSE CVE-2025-23161 at NVD CVE-2025-37740 at SUSE CVE-2025-37740 at NVD CVE-2025-37741 at SUSE CVE-2025-37741 at NVD CVE-2025-37742 at SUSE CVE-2025-37742 at NVD CVE-2025-37747 at SUSE CVE-2025-37747 at NVD CVE-2025-37748 at SUSE CVE-2025-37748 at NVD CVE-2025-37749 at SUSE CVE-2025-37749 at NVD CVE-2025-37750 at SUSE CVE-2025-37750 at NVD CVE-2025-37754 at SUSE CVE-2025-37754 at NVD CVE-2025-37755 at SUSE CVE-2025-37755 at NVD CVE-2025-37758 at SUSE CVE-2025-37758 at NVD CVE-2025-37765 at SUSE CVE-2025-37765 at NVD CVE-2025-37766 at SUSE CVE-2025-37766 at NVD CVE-2025-37767 at SUSE CVE-2025-37767 at NVD CVE-2025-37768 at SUSE CVE-2025-37768 at NVD CVE-2025-37769 at SUSE CVE-2025-37769 at NVD CVE-2025-37770 at SUSE CVE-2025-37770 at NVD CVE-2025-37771 at SUSE CVE-2025-37771 at NVD CVE-2025-37772 at SUSE CVE-2025-37772 at NVD CVE-2025-37773 at SUSE CVE-2025-37773 at NVD CVE-2025-37780 at SUSE CVE-2025-37780 at NVD CVE-2025-37781 at SUSE CVE-2025-37781 at NVD CVE-2025-37782 at SUSE CVE-2025-37782 at NVD CVE-2025-37787 at SUSE CVE-2025-37787 at NVD CVE-2025-37788 at SUSE CVE-2025-37788 at NVD CVE-2025-37789 at SUSE CVE-2025-37789 at NVD CVE-2025-37790 at SUSE CVE-2025-37790 at NVD CVE-2025-37792 at SUSE CVE-2025-37792 at NVD CVE-2025-37793 at SUSE CVE-2025-37793 at NVD CVE-2025-37794 at SUSE CVE-2025-37794 at NVD CVE-2025-37796 at SUSE CVE-2025-37796 at NVD CVE-2025-37797 at SUSE CVE-2025-37797 at NVD CVE-2025-37798 at SUSE CVE-2025-37798 at NVD CVE-2025-37803 at SUSE CVE-2025-37803 at NVD CVE-2025-37804 at SUSE CVE-2025-37804 at NVD CVE-2025-37805 at SUSE CVE-2025-37805 at NVD CVE-2025-37809 at SUSE CVE-2025-37809 at NVD CVE-2025-37810 at SUSE CVE-2025-37810 at NVD CVE-2025-37812 at SUSE CVE-2025-37812 at NVD CVE-2025-37815 at SUSE CVE-2025-37815 at NVD CVE-2025-37819 at SUSE CVE-2025-37819 at NVD CVE-2025-37820 at SUSE CVE-2025-37820 at NVD CVE-2025-37823 at SUSE CVE-2025-37823 at NVD CVE-2025-37824 at SUSE CVE-2025-37824 at NVD CVE-2025-37829 at SUSE CVE-2025-37829 at NVD CVE-2025-37830 at SUSE CVE-2025-37830 at NVD CVE-2025-37831 at SUSE CVE-2025-37831 at NVD CVE-2025-37833 at SUSE CVE-2025-37833 at NVD CVE-2025-37836 at SUSE CVE-2025-37836 at NVD CVE-2025-37839 at SUSE CVE-2025-37839 at NVD CVE-2025-37840 at SUSE CVE-2025-37840 at NVD CVE-2025-37841 at SUSE CVE-2025-37841 at NVD CVE-2025-37842 at SUSE CVE-2025-37842 at NVD CVE-2025-37849 at SUSE CVE-2025-37849 at NVD CVE-2025-37850 at SUSE CVE-2025-37850 at NVD CVE-2025-37851 at SUSE CVE-2025-37851 at NVD CVE-2025-37852 at SUSE CVE-2025-37852 at NVD CVE-2025-37853 at SUSE CVE-2025-37853 at NVD CVE-2025-37854 at SUSE CVE-2025-37854 at NVD CVE-2025-37858 at SUSE CVE-2025-37858 at NVD CVE-2025-37867 at SUSE CVE-2025-37867 at NVD CVE-2025-37870 at SUSE CVE-2025-37870 at NVD CVE-2025-37871 at SUSE CVE-2025-37871 at NVD CVE-2025-37873 at SUSE CVE-2025-37873 at NVD CVE-2025-37875 at SUSE CVE-2025-37875 at NVD CVE-2025-37879 at SUSE CVE-2025-37879 at NVD CVE-2025-37881 at SUSE CVE-2025-37881 at NVD CVE-2025-37886 at SUSE CVE-2025-37886 at NVD CVE-2025-37887 at SUSE CVE-2025-37887 at NVD CVE-2025-37889 at SUSE CVE-2025-37889 at NVD CVE-2025-37890 at SUSE CVE-2025-37890 at NVD CVE-2025-37891 at SUSE CVE-2025-37891 at NVD CVE-2025-37892 at SUSE CVE-2025-37892 at NVD CVE-2025-37897 at SUSE CVE-2025-37897 at NVD CVE-2025-37900 at SUSE CVE-2025-37900 at NVD CVE-2025-37901 at SUSE CVE-2025-37901 at NVD CVE-2025-37903 at SUSE CVE-2025-37903 at NVD CVE-2025-37905 at SUSE CVE-2025-37905 at NVD CVE-2025-37911 at SUSE CVE-2025-37911 at NVD CVE-2025-37912 at SUSE CVE-2025-37912 at NVD CVE-2025-37913 at SUSE CVE-2025-37913 at NVD CVE-2025-37914 at SUSE CVE-2025-37914 at NVD CVE-2025-37915 at SUSE CVE-2025-37915 at NVD CVE-2025-37918 at SUSE CVE-2025-37918 at NVD CVE-2025-37925 at SUSE CVE-2025-37925 at NVD CVE-2025-37928 at SUSE CVE-2025-37928 at NVD CVE-2025-37929 at SUSE CVE-2025-37929 at NVD CVE-2025-37930 at SUSE CVE-2025-37930 at NVD CVE-2025-37931 at SUSE CVE-2025-37931 at NVD CVE-2025-37932 at SUSE CVE-2025-37932 at NVD CVE-2025-37937 at SUSE CVE-2025-37937 at NVD CVE-2025-37943 at SUSE CVE-2025-37943 at NVD CVE-2025-37944 at SUSE CVE-2025-37944 at NVD CVE-2025-37948 at SUSE CVE-2025-37948 at NVD CVE-2025-37949 at SUSE CVE-2025-37949 at NVD CVE-2025-37951 at SUSE CVE-2025-37951 at NVD CVE-2025-37953 at SUSE CVE-2025-37953 at NVD CVE-2025-37954 at SUSE CVE-2025-37954 at NVD CVE-2025-37957 at SUSE CVE-2025-37957 at NVD CVE-2025-37958 at SUSE CVE-2025-37958 at NVD CVE-2025-37959 at SUSE CVE-2025-37959 at NVD CVE-2025-37960 at SUSE CVE-2025-37960 at NVD CVE-2025-37963 at SUSE CVE-2025-37963 at NVD CVE-2025-37969 at SUSE CVE-2025-37969 at NVD CVE-2025-37970 at SUSE CVE-2025-37970 at NVD CVE-2025-37972 at SUSE CVE-2025-37972 at NVD CVE-2025-37974 at SUSE CVE-2025-37974 at NVD CVE-2025-37978 at SUSE CVE-2025-37978 at NVD CVE-2025-37979 at SUSE CVE-2025-37979 at NVD CVE-2025-37980 at SUSE CVE-2025-37980 at NVD CVE-2025-37982 at SUSE CVE-2025-37982 at NVD CVE-2025-37983 at SUSE CVE-2025-37983 at NVD CVE-2025-37985 at SUSE CVE-2025-37985 at NVD CVE-2025-37986 at SUSE CVE-2025-37986 at NVD CVE-2025-37989 at SUSE CVE-2025-37989 at NVD CVE-2025-37990 at SUSE CVE-2025-37990 at NVD CVE-2025-38104 at SUSE CVE-2025-38104 at NVD CVE-2025-38152 at SUSE CVE-2025-38152 at NVD CVE-2025-38240 at SUSE CVE-2025-38240 at NVD CVE-2025-38637 at SUSE CVE-2025-38637 at NVD CVE-2025-39735 at SUSE CVE-2025-39735 at NVD CVE-2025-40014 at SUSE CVE-2025-40014 at NVD CVE-2025-40325 at SUSE CVE-2025-40325 at NVD cpe:/o:opensuse:leap:15.6 Security update for gdm (Important) openSUSE Leap 15.6 This update for gdm fixes the following issues: - CVE-2025-6018: Removes pam_env from auth stack for security reason (bsc#1243226). Important SUSE bug 1243226 CVE-2025-6018 at SUSE CVE-2025-6018 at NVD cpe:/o:opensuse:leap:15.6 Security update for pam (Important) openSUSE Leap 15.6 This update for pam fixes the following issues: - CVE-2025-6018: pam_env: Change the default to not read the user .pam_environment file (bsc#1243226). - CVE-2025-6020: pam_namespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path (bsc#1244509). Important SUSE bug 1243226 SUSE bug 1244509 CVE-2025-6018 at SUSE CVE-2025-6018 at NVD CVE-2025-6020 at SUSE CVE-2025-6020 at NVD cpe:/o:opensuse:leap:15.6 Security update for ignition (Important) openSUSE Leap 15.6 This update for ignition fixes the following issues: - CVE-2025-22870: golang.org/x/net/http/httpproxy: proxy bypass using IPv6 zone IDs (bsc#1238681). - CVE-2025-22868: golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239192). Important SUSE bug 1238681 SUSE bug 1239192 CVE-2025-22868 at SUSE CVE-2025-22868 at NVD CVE-2025-22870 at SUSE CVE-2025-22870 at NVD cpe:/o:opensuse:leap:15.6 Security update for screen (Moderate) openSUSE Leap 15.6 This update for screen fixes the following issues: Security issues fixed: - CVE-2025-46802: temporary `chmod` of a user's TTY to mode 0666 when attempting to attach to a multi-user session allows for TTY hijacking (bsc#1242269). Other issues fixed: - Use TTY file descriptor passing after a suspend (`MSG_CONT`). - Fix resume after suspend in multi-user mode. Moderate SUSE bug 1242269 CVE-2025-46802 at SUSE CVE-2025-46802 at NVD cpe:/o:opensuse:leap:15.6 Security update for pam_pkcs11 (Important) openSUSE Leap 15.6 This update for pam_pkcs11 fixes the following issues: - CVE-2025-6018: Removes pam_env from auth stack for security reason (bsc#1243226). Important SUSE bug 1243226 CVE-2025-6018 at SUSE CVE-2025-6018 at NVD cpe:/o:opensuse:leap:15.6 Security update for perl (Moderate) openSUSE Leap 15.6 This update for perl fixes the following issues: - CVE-2025-40909: Do not change the current directory when cloning an open directory handle (bsc#1244079). Moderate SUSE bug 1244079 CVE-2025-40909 at SUSE CVE-2025-40909 at NVD cpe:/o:opensuse:leap:15.6 Security update for apache2-mod_security2 (Important) openSUSE Leap 15.6 This update for apache2-mod_security2 fixes the following issues: - CVE-2025-47947: Fixed denial of service through sanitiseMatchedBytes (bsc#1243978). - CVE-2025-48866: Fixed denial of service via excessive number of arguments in sanitiseArg (bsc#1243976). Important SUSE bug 1243976 SUSE bug 1243978 CVE-2025-47947 at SUSE CVE-2025-47947 at NVD CVE-2025-48866 at SUSE CVE-2025-48866 at NVD cpe:/o:opensuse:leap:15.6 Security update for ghc-pandoc (Important) openSUSE Leap 15.6 This update for ghc-pandoc fixes the following issues: - CVE-2024-38526: Fixed Polyfill Supply Chain Attack (bsc#1227690). Important SUSE bug 1227690 CVE-2024-38526 at SUSE CVE-2024-38526 at NVD cpe:/o:opensuse:leap:15.6 Security update for libblockdev (Important) openSUSE Leap 15.6 This update for libblockdev fixes the following issues: - CVE-2025-6019: Suppress privilege escalation during xfs fs resize (bsc#1243285). Important SUSE bug 1243285 CVE-2025-6019 at SUSE CVE-2025-6019 at NVD cpe:/o:opensuse:leap:15.6 Security update for nodejs20 (Important) openSUSE Leap 15.6 This update for nodejs20 fixes the following issues: Update to 20.19.2: - CVE-2025-23166: improper error handling in async cryptographic operations crashes process (bsc#1243218). - CVE-2025-23167: improper HTTP header block termination in llhttp (bsc#1243220). - CVE-2025-23165: add missing call to uv_fs_req_cleanup (bsc#1243217). Other bugfixes: - Build with PIE (bsc#1239949) Important SUSE bug 1239949 SUSE bug 1243217 SUSE bug 1243218 SUSE bug 1243220 CVE-2025-23165 at SUSE CVE-2025-23165 at NVD CVE-2025-23166 at SUSE CVE-2025-23166 at NVD CVE-2025-23167 at SUSE CVE-2025-23167 at NVD cpe:/o:opensuse:leap:15.6 Security update for python310 (Important) openSUSE Leap 15.6 This update for python310 fixes the following issues: python310 was updated from version 3.10.16 to 3.10.18: - Security issues fixed: * CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS (bsc#1243273) * CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517: Fixed multiple issues that allowed tarfile extraction filters to be bypassed using crafted symlinks and hard links (bsc#1244056, bsc#1244059, bsc#1244060, bsc#1244032) - Other changes and bugs fixed: * Improved handling of system call failures that OpenSSL reports (bsc#1241067) * Fixed issue with test_ssl pass with OpenSSL 3.5 (bsc#1241067) * Fixed issue with reproducible builds (bsc#1239210) * Fixed a potential denial of service vulnerability in the imaplib module. * Fixed bugs in the in the folding of rfc2047 encoded-words and in the folding of quoted strings when flattening an email message using a modern email policy. * Fixed parsing long IPv6 addresses with embedded IPv4 address. * Fixed ipaddress.IPv6Address.reverse_pointer output according to RFC 3596 * Improved handling of system call failures that OpenSSL reports * Improved the textual representation of IPv4-mapped IPv6 addresses in ipaddress. * ipaddress: fixed hash collisions for IPv4Network and IPv6Network objects * os.path.realpath() now accepts a strict keyword-only argument. * Stop the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor denial-of-service. * Updated bundled libexpat to 2.7.1 * Writers of documentation can now use next as the version for the versionchanged, versionadded, deprecated directives. Important SUSE bug 1239210 SUSE bug 1241067 SUSE bug 1243273 SUSE bug 1244032 SUSE bug 1244056 SUSE bug 1244059 SUSE bug 1244060 CVE-2024-12718 at SUSE CVE-2024-12718 at NVD CVE-2025-4138 at SUSE CVE-2025-4138 at NVD CVE-2025-4330 at SUSE CVE-2025-4330 at NVD CVE-2025-4516 at SUSE CVE-2025-4516 at NVD CVE-2025-4517 at SUSE CVE-2025-4517 at NVD cpe:/o:opensuse:leap:15.6 Security update for python312 (Important) openSUSE Leap 15.6 This update for python312 fixes the following issues: python312 was updated from version 3.12.9 to 3.12.11: - Security issues fixed: * CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS (bsc#1243273) * CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517: Fixed multiple issues that allowed tarfile extraction filters to be bypassed using crafted symlinks and hard links (bsc#1244056, bsc#1244059, bsc#1244060, bsc#1244032) - Other changes and bugs fixed: * Added --single-process option to the Python test runner (regrtest). * Added support for text/x-rst MIME type. * Corrected issues in various modules. * Fixed bugs in the in the folding of rfc2047 encoded-words and in the folding of quoted strings when flattening an email message using a modern email policy. * Fixed f-string handling of lambda expressions with non-ASCII characters. * Fixed ipaddress.IPv6Address.reverse_pointer output according to RFC 3596. * Fixed parsing long IPv6 addresses with embedded IPv4 address. * Fixed resource leaks in gzip and multiprocessing Resource Tracker. * Improved IDLE's documentation display. * Improved the textual representation of IPv4-mapped IPv6 addresses in ipaddress. * ipaddress: fixed hash collisions for IPv4Network and IPv6Network objects * Made from __future__ import barry_as_FLUFL work in more contexts. * Resolved potential crashes in contextvars, xml.etree.ElementTree, sqlite3, and the sys module. * Scheduled deprecation of the check_home argument in sysconfig.is_python_build() for Python 3.15. * Stop the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor denial-of-service. * Undeprecated functional API for importlib.resources and added Anchor. * Updated bundled libexpat to 2.7.1 * Updated bundled pip to version 25.0.1. * Updated documentation for generic classes, wheel tags, and the C API. Important SUSE bug 1243273 SUSE bug 1244032 SUSE bug 1244056 SUSE bug 1244059 SUSE bug 1244060 CVE-2024-12718 at SUSE CVE-2024-12718 at NVD CVE-2025-4138 at SUSE CVE-2025-4138 at NVD CVE-2025-4330 at SUSE CVE-2025-4330 at NVD CVE-2025-4516 at SUSE CVE-2025-4516 at NVD CVE-2025-4517 at SUSE CVE-2025-4517 at NVD cpe:/o:opensuse:leap:15.6 Security update for python39 (Important) openSUSE Leap 15.6 This update for python39 fixes the following issues: python39 was updated from version 3.9.21 to version 3.9.23: - Security issues fixed: * CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS (bsc#1243273) * CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517: Fixed multiple issues that allowed tarfile extraction filters to be bypassed using crafted symlinks and hard links (bsc#1244056, bsc#1244059, bsc#1244060, bsc#1244032) - Other changes and bugs fixed: * Fixed issue with reproducible builds (bsc#1239210) * Fixed a potential denial of service vulnerability in the imaplib module. * Fixed bugs in the in the folding of rfc2047 encoded-words and in the folding of quoted strings when flattening an email message using a modern email policy. * Fixed parsing long IPv6 addresses with embedded IPv4 address. * Fixed ipaddress.IPv6Address.reverse_pointer output according to RFC 3596, ?2.5. * Improved the textual representation of IPv4-mapped IPv6 addresses in ipaddress. * ipaddress: fixed hash collisions for IPv4Network and IPv6Network objects * os.path.realpath() now accepts a strict keyword-only argument. * Stop the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor denial-of-service. * Updated bundled libexpat to 2.7.1 * Writers of CPython’s documentation can now use next as the version for the versionchanged, versionadded, deprecated directives. Important SUSE bug 1239210 SUSE bug 1241067 SUSE bug 1243273 SUSE bug 1244032 SUSE bug 1244056 SUSE bug 1244059 SUSE bug 1244060 CVE-2024-12718 at SUSE CVE-2024-12718 at NVD CVE-2025-4138 at SUSE CVE-2025-4138 at NVD CVE-2025-4330 at SUSE CVE-2025-4330 at NVD CVE-2025-4516 at SUSE CVE-2025-4516 at NVD CVE-2025-4517 at SUSE CVE-2025-4517 at NVD cpe:/o:opensuse:leap:15.6 Security update for python311 (Important) openSUSE Leap 15.6 This update for python311 fixes the following issues: python311 was updated from version 3.11.10 to 3.11.13: - Security issues fixed: * CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS (bsc#1243273). * CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517: Fixed multiple issues that allowed tarfile extraction filters to be bypassed using crafted symlinks and hard links (bsc#1244056, bsc#1244059, bsc#1244060, bsc#1244032) - Other changes and bugs fixed: * Improved handling of system call failures that OpenSSL reports (bsc#1241067) * Disable GC during thread operations to prevent deadlocks. * Fixed a potential denial of service vulnerability in the imaplib module. * Fixed bugs in the in the folding of rfc2047 encoded-words and in the folding of quoted strings when flattening an email message using a modern email policy. * Fixed parsing long IPv6 addresses with embedded IPv4 address. * Fixed ipaddress.IPv6Address.reverse_pointer output according to RFC 3596 * Improved the textual representation of IPv4-mapped IPv6 addresses in ipaddress. * ipaddress: fixed hash collisions for IPv4Network and IPv6Network objects * os.path.realpath() now accepts a strict keyword-only argument. * Stop the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor denial-of-service. * Updated bundled libexpat to 2.7.1 * Writers of CPython documentation can now use next as the version for the versionchanged, versionadded, deprecated directives. Important SUSE bug 1241067 SUSE bug 1243273 SUSE bug 1244032 SUSE bug 1244056 SUSE bug 1244059 SUSE bug 1244060 CVE-2024-12718 at SUSE CVE-2024-12718 at NVD CVE-2025-4138 at SUSE CVE-2025-4138 at NVD CVE-2025-4330 at SUSE CVE-2025-4330 at NVD CVE-2025-4516 at SUSE CVE-2025-4516 at NVD CVE-2025-4517 at SUSE CVE-2025-4517 at NVD cpe:/o:opensuse:leap:15.6 Security update for gstreamer-plugins-good (Important) openSUSE Leap 15.6 This update for gstreamer-plugins-good fixes the following issues: - CVE-2025-47183: Fixed out-of-bounds read in MOV/MP4 demuxer (bsc#1244406). - CVE-2025-47219: Fixed out-of-bounds read in MOV/MP4 demuxer (bsc#1244405). - CVE-2024-47540: Fixed uninitialized stack memory in Matroska/WebM demuxer (bsc#1234421). Important SUSE bug 1234421 SUSE bug 1244405 SUSE bug 1244406 CVE-2024-47540 at SUSE CVE-2024-47540 at NVD CVE-2025-47183 at SUSE CVE-2025-47183 at NVD CVE-2025-47219 at SUSE CVE-2025-47219 at NVD cpe:/o:opensuse:leap:15.6 Security update for distribution (Important) openSUSE Leap 15.6 This update for distribution fixes the following issues: The package is rebuild with more recent go go1.24, fixing respective security issues (bsc#1244471) Important SUSE bug 1244471 cpe:/o:opensuse:leap:15.6 Security update for nvidia-open-driver-G06-signed (Important) openSUSE Leap 15.6 This update for nvidia-open-driver-G06-signed fixes the following issues: - Update to 550.144.03 (bsc#1235461, bsc#1235871) * fixes CVE-2024-0131, CVE-2024-0147, CVE-2024-0149, CVE-2024-0150, CVE-2024-53869 Important SUSE bug 1235461 SUSE bug 1235871 CVE-2024-0131 at SUSE CVE-2024-0131 at NVD CVE-2024-0147 at SUSE CVE-2024-0147 at NVD CVE-2024-0149 at SUSE CVE-2024-0149 at NVD CVE-2024-0150 at SUSE CVE-2024-0150 at NVD CVE-2024-53869 at SUSE CVE-2024-53869 at NVD cpe:/o:opensuse:leap:15.6 Security update for icu (Important) openSUSE Leap 15.6 This update for icu fixes the following issues: - CVE-2025-5222: Stack buffer overflow in the SRBRoot:addTag function (bsc#1243721). Important SUSE bug 1161007 SUSE bug 1167603 SUSE bug 1193951 SUSE bug 1243721 CVE-2020-21913 at SUSE CVE-2020-21913 at NVD CVE-2025-5222 at SUSE CVE-2025-5222 at NVD cpe:/o:opensuse:leap:15.6 Security update for pam-config (Important) openSUSE Leap 15.6 This update for pam-config fixes the following issues: - CVE-2025-6018: Stop adding pam_env in AUTH stack, and be sure to put this module at the really end of the SESSION stack (bsc#1243226). Important SUSE bug 1243226 CVE-2025-6018 at SUSE CVE-2025-6018 at NVD cpe:/o:opensuse:leap:15.6 Security update for python311 (Important) openSUSE Leap 15.6 This update for python311 fixes the following issues: Security issues fixed: - CVE-2024-6923: Fixed email header injection due to unquoted newlines (bsc#1228780) - CVE-2024-0397: Fixed memory race condition in ssl.SSLContext certificate store methods (bsc#1226447) - CVE-2024-4032: Fixed incorrect IPv4 and IPv6 private ranges (bsc#1226448) Non-security issues fixed: - Fixed executable bits for /usr/bin/idle* (bsc#1227378). - Improve python reproducible builds (bsc#1227999) - Make pip and modern tools install directly in /usr/local when used by the user (bsc#1225660) - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999) Important SUSE bug 1225660 SUSE bug 1226447 SUSE bug 1226448 SUSE bug 1227378 SUSE bug 1227999 SUSE bug 1228780 CVE-2024-0397 at SUSE CVE-2024-0397 at NVD CVE-2024-4032 at SUSE CVE-2024-4032 at NVD CVE-2024-6923 at SUSE CVE-2024-6923 at NVD cpe:/o:opensuse:leap:15.6 Recommended update for podman (Moderate) openSUSE Leap 15.6 This update for podman fixes the following issues: - Added patch to remove using rw as a default mount option (bsc#1239776) Moderate SUSE bug 1239776 CVE-2024-6104 at SUSE CVE-2024-6104 at NVD CVE-2025-22869 at SUSE CVE-2025-22869 at NVD CVE-2025-27144 at SUSE CVE-2025-27144 at NVD cpe:/o:opensuse:leap:15.6 Security update for gimp (Important) openSUSE Leap 15.6 This update for gimp fixes the following issues: - CVE-2025-5473: Fix exceed the maximum allowed size (bsc#1244058). Important SUSE bug 1244058 CVE-2025-5473 at SUSE CVE-2025-5473 at NVD cpe:/o:opensuse:leap:15.6 Security update for perl-File-Find-Rule (Important) openSUSE Leap 15.6 This update for perl-File-Find-Rule fixes the following issues: - CVE-2011-10007: Fixed arbitrary code execution when `grep()` encounters a crafted filename (bsc#1244148). Important SUSE bug 1244148 CVE-2011-10007 at SUSE CVE-2011-10007 at NVD cpe:/o:opensuse:leap:15.6 Security update for helm (Important) openSUSE Leap 15.6 This update for helm fixes the following issues: Update to version 3.18.3: * build(deps): bump golang.org/x/crypto from 0.38.0 to 0.39.0 6838ebc (dependabot[bot]) * fix: user username password for login 5b9e2f6 (Terry Howe) * Update pkg/registry/transport.go 2782412 (Terry Howe) * Update pkg/registry/transport.go e66cf6a (Terry Howe) * fix: add debug logging to oci transport 191f05c (Terry Howe) Update to version 3.18.2: * fix: legacy docker support broken for login 04cad46 (Terry Howe) * Handle an empty registry config file. bc9f8a2 (Matt Farina) Update to version 3.18.1: * Notes: - This release fixes regressions around template generation and OCI registry interaction in 3.18.0 - There are at least 2 known regressions unaddressed in this release. They are being worked on. - Empty registry configuration files. When the file exists but it is empty. - Login to Docker Hub on some domains fails. * Changelog - fix(client): skipnode utilization for PreCopy - fix(client): layers now returns manifest - remove duplicate from descriptors - fix(client): return nil on non-allowed media types - Prevent fetching newReference again as we have in calling method - Prevent failure when resolving version tags in oras memory store - Update pkg/plugin/plugin.go - Update pkg/plugin/plugin.go - Wait for Helm v4 before raising when platformCommand and Command are set - Fix 3.18.0 regression: registry login with scheme - Revert 'fix (helm) : toToml` renders int as float [ backport to v3 ]' Update to version 3.18.0 (bsc#1241802, CVE-2025-22872): * Notable Changes - Add support for JSON Schema 2020 - Enabled cpu and memory profiling - Add hook annotation to output hook logs to client on error * Changelog - build(deps): bump the k8s-io group with 7 updates - fix: govulncheck workflow - bump version to v3.18.0 - fix:add proxy support when mTLS configured - docs: Note about http fallback for OCI registries - Bump net package to avoid CVE on dev-v3 - Bump toml - backport #30677to dev3 - build(deps): bump github.com/rubenv/sql-migrate from 1.7.2 to 1.8.0 - Add install test for TakeOwnership flag - Fix --take-ownership - build(deps): bump github.com/rubenv/sql-migrate from 1.7.1 to 1.7.2 - build(deps): bump golang.org/x/crypto from 0.36.0 to 0.37.0 - build(deps): bump golang.org/x/term from 0.30.0 to 0.31.0 - Testing text bump - Permit more Go version and not only 1.23.8 - Bumps github.com/distribution/distribution/v3 from 3.0.0-rc.3 to 3.0.0 - Unarchiving fix - Fix typo - Report as debug log, the time spent waiting for resources - build(deps): bump github.com/containerd/containerd from 1.7.26 to 1.7.27 - Update pkg/registry/fallback.go - automatic fallback to http - chore(oci): upgrade to ORAS v2 - Updating to 0.37.0 for x/net - build(deps): bump the k8s-io group with 7 updates - build(deps): bump golang.org/x/crypto from 0.35.0 to 0.36.0 - build(deps): bump github.com/opencontainers/image-spec - build(deps): bump github.com/containerd/containerd from 1.7.25 to 1.7.26 - build(deps): bump golang.org/x/crypto from 0.33.0 to 0.35.0 - Fix cherry-pick helm.sh/helm/v4 -> helm.sh/helm/v3 - Add HookOutputFunc and generic yaml unmarshaller - clarify fix error message - fix err check - add short circuit return - Add hook annotations to output pod logs to client on success and fail - chore: use []error instead of []string - Update cmd/helm/profiling.go - chore: update profiling doc in CONTRIBUTING.md - Update CONTRIBUTING guide - Prefer environment variables to CLI flags - Move pprof paths to HELM_PPROF env variable - feat: Add flags to enable CPU and memory profiling - build(deps): bump github.com/distribution/distribution/v3 - build(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 - Moving to SetOut and SetErr for Cobra - build(deps): bump the k8s-io group with 7 updates - build(deps): bump golang.org/x/crypto from 0.32.0 to 0.33.0 - build(deps): bump golang.org/x/term from 0.28.0 to 0.29.0 - build(deps): bump golang.org/x/text from 0.21.0 to 0.22.0 - build(deps): bump github.com/spf13/pflag from 1.0.5 to 1.0.6 - build(deps): bump github.com/cyphar/filepath-securejoin - build(deps): bump github.com/evanphx/json-patch - build(deps): bump the k8s-io group with 7 updates - fix: check group for resource info match - Bump github.com/cyphar/filepath-securejoin from 0.3.6 to 0.4.0 - add test for nullifying nested global value - Ensuring the file paths are clean prior to passing to securejoin - Bump github.com/containerd/containerd from 1.7.24 to 1.7.25 - Bump golang.org/x/crypto from 0.31.0 to 0.32.0 - Bump golang.org/x/term from 0.27.0 to 0.28.0 - bump version to v3.17.0 - Bump github.com/moby/term from 0.5.0 to 0.5.2 - Add test case for removing an entire object - Tests for bugfix: Override subcharts with null values #12879 - feat: Added multi-platform plugin hook support to v3 - This commit fixes the issue where the yaml.Unmarshaller converts all int values into float64, this passes in option to decoder, which enables conversion of int into . - merge null child chart objects Important SUSE bug 1241802 CVE-2025-22872 at SUSE CVE-2025-22872 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaFirefox (Important) openSUSE Leap 15.6 This update for MozillaFirefox fixes the following issues: Update to MozillaFirefox 128.12.0 (MFSA 2025-23, bsc#1244670): - CVE-2025-6424: Use-after-free in FontFaceSet - CVE-2025-6425: The WebCompat WebExtension shipped with Firefox exposed a persistent UUID - CVE-2025-6426: No warning when opening executable terminal files on macOS - CVE-2025-6429: Incorrect parsing of URLs could have allowed embedding of youtube.com - CVE-2025-6430: Content-Disposition header ignored when a file is included in an embed or object tag Important SUSE bug 1244670 CVE-2025-6424 at SUSE CVE-2025-6424 at NVD CVE-2025-6425 at SUSE CVE-2025-6425 at NVD CVE-2025-6426 at SUSE CVE-2025-6426 at NVD CVE-2025-6429 at SUSE CVE-2025-6429 at NVD CVE-2025-6430 at SUSE CVE-2025-6430 at NVD cpe:/o:opensuse:leap:15.6 Security update for google-osconfig-agent (Important) openSUSE Leap 15.6 This update for google-osconfig-agent fixes the following issues: - Update to version 20250416.02 (bsc#1244304, bsc#1244503) * defaultSleeper: tolerate 10% difference to reduce test flakiness * Add output of some packagemanagers to the testdata - from version 20250416.01 * Refactor OS Info package - from version 20250416.00 * Report RPM inventory as YUM instead of empty SoftwarePackage when neither Zypper nor YUM are installed. - from version 20250414.00 * Update hash computation algorithm - Update to version 20250320.00 * Bump github.com/envoyproxy/protoc-gen-validate from 1.1.0 to 1.2.1 - from version 20250318.00 * Bump go.opentelemetry.io/otel/sdk/metric from 1.32.0 to 1.35.0 - from version 20250317.02 * Bump cel.dev/expr from 0.18.0 to 0.22.0 * Bump github.com/golang/glog from 1.2.3 to 1.2.4 in the go_modules group - from version 20250317.01 * Bump cloud.google.com/go/logging from 1.12.0 to 1.13.0 - from version 20250317.00 * Add tests for retryutil package. - from version 20250306.00 * Update OWNERS - from version 20250206.01 * Use separate counters for pre- and post-patch reboots. - from version 20250206.00 * Update owners - from version 20250203.00 * Fix the vet errors for contants in logging - from version 20250122.00 * change available package check - from version 20250121.00 * Fix Inventory reporting e2e tests. - from version 20250120.00 * fix e2e tests - Add -buildmode=pie to go build command line (bsc#1239948) - merged upstream - Renumber patches Important SUSE bug 1239948 SUSE bug 1244304 SUSE bug 1244503 CVE-2024-45339 at SUSE CVE-2024-45339 at NVD cpe:/o:opensuse:leap:15.6 Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container (Moderate) openSUSE Leap 15.6 This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues: Update to version 1.4.0 - Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.4.0 - Enable aarch64 build for SLE and mark it as techpreview (jsc#PED-10545) - Drop packages: iptables, lsscsi, and socat - Fix ovmf firmware path for SEV(ES) VMs (bsc#1232762) Moderate SUSE bug 1232762 cpe:/o:opensuse:leap:15.6 Security update for MozillaThunderbird (Important) openSUSE Leap 15.6 This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 128.11.1 - CVE-2025-5986: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links (MFSA 2025-49) (bsc#1244468). Important SUSE bug 1244468 CVE-2025-5986 at SUSE CVE-2025-5986 at NVD cpe:/o:opensuse:leap:15.6 Security update for apache-commons-fileupload (Important) openSUSE Leap 15.6 This update for apache-commons-fileupload fixes the following issues: Upgrade to upstream version 1.6.0 - CVE-2025-48976: Fixed allocation of resources for multipart headers with insufficient limits can lead to a DoS (bsc#1244657). Full changelog: https://commons.apache.org/proper/commons-fileupload/changes.html#a1.6.0 Important SUSE bug 1244657 CVE-2025-48976 at SUSE CVE-2025-48976 at NVD cpe:/o:opensuse:leap:15.6 Security update for gimp (Important) openSUSE Leap 15.6 This update for gimp fixes the following issues: - CVE-2025-48797: Fixed two buffer over-reads and one heap-based buffer overflow in its TGA parser (bsc#1243711). - CVE-2025-48798: Fixed two use-after-free bugs and one double free bug in its XCF parser (bsc#1243712). Important SUSE bug 1243711 SUSE bug 1243712 CVE-2025-48797 at SUSE CVE-2025-48797 at NVD CVE-2025-48798 at SUSE CVE-2025-48798 at NVD cpe:/o:opensuse:leap:15.6 Security update for glib2 (Important) openSUSE Leap 15.6 This update for glib2 fixes the following issues: - CVE-2025-6052: Fixed integer overflow in g_string_maybe_expand() leads to potential buffer overflow in GString (bsc#1244596). - CVE-2025-4373: Fixed buffer underflow through glib/gstring.c via function g_string_insert_unichar (bsc#1242844). Important SUSE bug 1242844 SUSE bug 1244596 CVE-2025-4373 at SUSE CVE-2025-4373 at NVD CVE-2025-6052 at SUSE CVE-2025-6052 at NVD cpe:/o:opensuse:leap:15.6 Security update for yelp-xsl (Moderate) openSUSE Leap 15.6 This update for yelp-xsl fixes the following issues: - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs (bsc#1240688). Moderate SUSE bug 1240688 CVE-2025-3155 at SUSE CVE-2025-3155 at NVD cpe:/o:opensuse:leap:15.6 Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (Moderate) openSUSE Leap 15.6 This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues: Update to version 1.61.0: * Release notes - https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.61.0 - https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.60.4 - https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.60.3 - https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.60.2 - Enable aarch64 build for SLE and mark it as techpreview (jsc#PED-10545) - Install nbdkit-server to avoid pulling unneeded dependencies Moderate cpe:/o:opensuse:leap:15.6 Security update for yelp (Moderate) openSUSE Leap 15.6 This update for yelp fixes the following issues: - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs (bsc#1240688). Moderate SUSE bug 1240688 CVE-2025-3155 at SUSE CVE-2025-3155 at NVD cpe:/o:opensuse:leap:15.6 Security update for sudo (Important) openSUSE Leap 15.6 This update for sudo fixes the following issues: - CVE-2025-32462: Fixed a possible local privilege escalation via the --host option (bsc#1245274). - CVE-2025-32463: Fixed a possible local privilege Escalation via chroot option (bsc#1245275). Important SUSE bug 1245274 SUSE bug 1245275 CVE-2025-32462 at SUSE CVE-2025-32462 at NVD CVE-2025-32463 at SUSE CVE-2025-32463 at NVD cpe:/o:opensuse:leap:15.6 Security update for ImageMagick (Moderate) openSUSE Leap 15.6 This update for ImageMagick fixes the following issues: - Restore SUSE specific hardening config policies that got lost in refactoring (bsc#1243622). - Fix issues leading to `magick -gamma` not producing expected image results (bsc#1235113). Moderate SUSE bug 1235113 SUSE bug 1243622 cpe:/o:opensuse:leap:15.6 Security update for redis (Moderate) openSUSE Leap 15.6 This update for redis fixes the following issues: - CVE-2025-27151: Absence of filename size check may cause a stack overflow (bsc#1243804) Moderate SUSE bug 1243804 CVE-2025-27151 at SUSE CVE-2025-27151 at NVD cpe:/o:opensuse:leap:15.6 Security update for xwayland (Important) openSUSE Leap 15.6 This update for xwayland fixes the following issues: - CVE-2025-49176: Fixed the integer overflow in Big Requests Extension (bsc#1244084). Important SUSE bug 1244084 CVE-2025-49176 at SUSE CVE-2025-49176 at NVD cpe:/o:opensuse:leap:15.6 Security update for runc (Low) openSUSE Leap 15.6 This update for runc fixes the following issues: - CVE-2024-45310: Fixed unintentional creation of empty files/directories on host (bsc#1230092) Other fixes: - Update to runc v1.2.6. Low SUSE bug 1230092 CVE-2024-45310 at SUSE CVE-2024-45310 at NVD cpe:/o:opensuse:leap:15.6 Security update for clamav (Important) openSUSE Leap 15.6 This update for clamav fixes the following issues: ClamAV version 1.4.3: - CVE-2025-20260: PDF Scanning Buffer Overflow Vulnerability (bsc#1245054). - CVE-2025-20234: Vulnerability in Universal Disk Format (UDF) processing (bsc#1245055). Important SUSE bug 1245054 SUSE bug 1245055 CVE-2025-20234 at SUSE CVE-2025-20234 at NVD CVE-2025-20260 at SUSE CVE-2025-20260 at NVD cpe:/o:opensuse:leap:15.6 Recommended update for aws-nitro-enclaves-cli (Moderate) openSUSE Leap 15.6 This update for aws-nitro-enclaves-cli fixes the following issues: - Fix idna accepts Punycode labels that do not produce any non-ASCII when decoded (bsc#1243859) - Update to version 1.4.2 - Update aws-nitro-enclaves-sdk-bootstrap to version f718dea6 - Update to version 1.3.3~git0.afb7264 - Update aws-nitro-enclaves-sdk-bootstrap to version 7797d39a Moderate SUSE bug 1243859 CVE-2024-12224 at SUSE CVE-2024-12224 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-requests (Moderate) openSUSE Leap 15.6 This update for python-requests fixes the following issues: - CVE-2024-47081: fixes netrc credential leak (bsc#1244039). Moderate SUSE bug 1244039 CVE-2024-47081 at SUSE CVE-2024-47081 at NVD cpe:/o:opensuse:leap:15.6 Security update for libgepub (Moderate) openSUSE Leap 15.6 This update for libgepub fixes the following issues: - CVE-2025-6196: Fixed an integer overflow in the EPUB archive handling code that can leads to massive memory allocation and application crash. (bsc#1244704) Moderate SUSE bug 1244704 CVE-2025-6196 at SUSE CVE-2025-6196 at NVD cpe:/o:opensuse:leap:15.6 Security update for xorg-x11-server (Important) openSUSE Leap 15.6 This update for xorg-x11-server fixes the following issues: - CVE-2025-49176: Fixed the integer overflow in Big Requests Extension (bsc#1244084). Important SUSE bug 1244084 CVE-2025-49176 at SUSE CVE-2025-49176 at NVD cpe:/o:opensuse:leap:15.6 Security update for vim (Moderate) openSUSE Leap 15.6 This update for vim fixes the following issues: - CVE-2024-41965: Fixed improper neutralization of argument delimiters in zip.vim that could have led to data loss (bsc#1228776). - CVE-2025-29768: Fixed double-free in dialog_changed() (bsc#1239602). Moderate SUSE bug 1228776 SUSE bug 1239602 CVE-2024-41965 at SUSE CVE-2024-41965 at NVD CVE-2025-29768 at SUSE CVE-2025-29768 at NVD cpe:/o:opensuse:leap:15.6 Security update for libssh (Important) openSUSE Leap 15.6 This update for libssh fixes the following issues: - CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311). - CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309). - CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310). - CVE-2025-5372: Fixed cases where ssh_kdf() returns a success code on certain failures (bsc#1245314). Important SUSE bug 1245309 SUSE bug 1245310 SUSE bug 1245311 SUSE bug 1245314 CVE-2025-4877 at SUSE CVE-2025-4877 at NVD CVE-2025-4878 at SUSE CVE-2025-4878 at NVD CVE-2025-5318 at SUSE CVE-2025-5318 at NVD CVE-2025-5372 at SUSE CVE-2025-5372 at NVD cpe:/o:opensuse:leap:15.6 Security update for valkey (Moderate) openSUSE Leap 15.6 This update for valkey fixes the following issues: - CVE-2025-27151: Absence of filename size check may cause a stack overflow (bsc#1243804). - CVE-2025-49112: setDeferredReply integer underflow (bsc#1243913). Moderate SUSE bug 1243061 SUSE bug 1243804 SUSE bug 1243913 CVE-2025-27151 at SUSE CVE-2025-27151 at NVD CVE-2025-49112 at SUSE CVE-2025-49112 at NVD cpe:/o:opensuse:leap:15.6 Security update for python39 (Moderate) openSUSE Leap 15.6 This update for python39 fixes the following issues: - CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705). Moderate SUSE bug 1244705 CVE-2025-6069 at SUSE CVE-2025-6069 at NVD cpe:/o:opensuse:leap:15.6 Security update for systemd (Moderate) openSUSE Leap 15.6 This update for systemd fixes the following issues: - CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935). Other bugfixes: - logs-show: get timestamp and boot ID only when necessary (bsc#1242827). Moderate SUSE bug 1242827 SUSE bug 1243935 CVE-2025-4598 at SUSE CVE-2025-4598 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Django (Moderate) openSUSE Leap 15.6 This update for python-Django fixes the following issues: - CVE-2025-48432: Add an additional hardening for CVE-2025-48432 (bsc#1244095) Moderate SUSE bug 1244095 CVE-2025-48432 at SUSE CVE-2025-48432 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52888: media: mediatek: vcodec: Only free buffer VA that is not NULL (bsc#1228557). - CVE-2024-49568: net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg (bsc#1235728). - CVE-2024-57982: xfrm: state: fix out-of-bounds read during lookup (bsc#1237913). - CVE-2024-58053: rxrpc: Fix handling of received connection abort (bsc#1238982). - CVE-2025-21720: xfrm: delete intermediate secpath entry in packet offload mode (bsc#1238859). - CVE-2025-21868: kABI workaround for adding an header (bsc#1240180). - CVE-2025-21898: ftrace: Avoid potential division by zero in function_stat_show() (bsc#1240610). - CVE-2025-21899: tracing: Fix bad hist from corrupting named_triggers list (bsc#1240577). - CVE-2025-21920: vlan: enforce underlying device type (bsc#1240686). - CVE-2025-21938: mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr (bsc#1240723). - CVE-2025-21959: netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() (bsc#1240814). - CVE-2025-21997: xsk: fix an integer overflow in xp_create_and_assign_umem() (bsc#1240823). - CVE-2025-22035: tracing: Fix use-after-free in print_graph_function_flags during tracer switching (bsc#1241544). - CVE-2025-22111: kABI fix for net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF (bsc#1241572). - CVE-2025-22113: ext4: define ext4_journal_destroy wrapper (bsc#1241617). - CVE-2025-23155: net: stmmac: Fix accessing freed irq affinity_hint (bsc#1242573). - CVE-2025-37738: ext4: ignore xattrs past end (bsc#1242846). - CVE-2025-37743: wifi: ath12k: Avoid memory leak while enabling statistics (bsc#1242163). - CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504). - CVE-2025-37756: net: tls: explicitly disallow disconnect (bsc#1242515). - CVE-2025-37757: tipc: fix memory leak in tipc_link_xmit (bsc#1242521). - CVE-2025-37786: net: dsa: free routing table on probe failure (bsc#1242725). - CVE-2025-37800: driver core: fix potential NULL pointer dereference in dev_uevent() (bsc#1242849). - CVE-2025-37801: spi: spi-imx: Add check for spi_imx_setupxfer() (bsc#1242850). - CVE-2025-37811: usb: chipidea: ci_hdrc_imx: fix usbmisc handling (bsc#1242907). - CVE-2025-37844: cifs: avoid NULL pointer dereference in dbg call (bsc#1242946). - CVE-2025-37859: page_pool: avoid infinite loop to schedule delayed worker (bsc#1243051). - CVE-2025-37862: HID: pidff: Fix null pointer dereference in pidff_find_fields (bsc#1242982). - CVE-2025-37865: net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported (bsc#1242954). - CVE-2025-37874: net: ngbe: fix memory leak in ngbe_probe() error path (bsc#1242940). - CVE-2025-37884: bpf: Fix deadlock between rcu_tasks_trace and event_mutex (bsc#1243060). - CVE-2025-37909: net: lan743x: Fix memleak issue when GSO enabled (bsc#1243467). - CVE-2025-37917: net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll (bsc#1243475). - CVE-2025-37921: vxlan: vnifilter: Fix unlocked deletion of default FDB entry (bsc#1243480). - CVE-2025-37923: tracing: Fix oob write in trace_seq_to_buffer() (bsc#1243551). - CVE-2025-37927: iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid (bsc#1243620). - CVE-2025-37933: octeon_ep: Fix host hang issue during device reboot (bsc#1243628). - CVE-2025-37936: perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value (bsc#1243537). - CVE-2025-37938: tracing: Verify event formats that have '%*p..' (bsc#1243544). - CVE-2025-37945: net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY (bsc#1243538). - CVE-2025-37961: ipvs: fix uninit-value for saddr in do_output_route4 (bsc#1243523). - CVE-2025-37967: usb: typec: ucsi: displayport: Fix deadlock (bsc#1243572). - CVE-2025-37968: iio: light: opt3001: fix deadlock due to concurrent flag access (bsc#1243571). - CVE-2025-37987: pds_core: Prevent possible adminq overflow/stuck condition (bsc#1243542). - CVE-2025-37992: net_sched: Flush gso_skb list too during ->change() (bsc#1243698). - CVE-2025-37995: module: ensure that kobject_put() is safe for module type kobjects (bsc#1243827). - CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832). - CVE-2025-37998: openvswitch: Fix unsafe attribute parsing in output_userspace() (bsc#1243836). - CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277). - CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234). - CVE-2025-38011: drm/amdgpu: csa unmap use uninterruptible lock (bsc#1244729). - CVE-2025-38018: net/tls: fix kernel panic when alloc_page failed (bsc#1244999). - CVE-2025-38053: idpf: fix null-ptr-deref in idpf_features_check (bsc#1244746). - CVE-2025-38057: espintcp: fix skb leaks (bsc#1244862). - CVE-2025-38060: bpf: abort verification if env->cur_state->loop_entry != NULL (bsc#1245155). - CVE-2025-38072: libnvdimm/labels: Fix divide error in nd_label_data_init() (bsc#1244743). The following non-security bugs were fixed: - accel/qaic: Mask out SR-IOV PCI resources (stable-fixes). - acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio() (git-fixes). - ACPI: battery: negate current when discharging (stable-fixes). - ACPI: bus: Bail out if acpi_kobj registration fails (stable-fixes). - ACPI: CPPC: Fix NULL pointer dereference when nosmp is used (git-fixes). - ACPI: HED: Always initialize before evged (stable-fixes). - ACPI: OSI: Stop advertising support for '3.0 _SCP Extensions' (git-fixes). - ACPI: PNP: Add Intel OC Watchdog IDs to non-PNP device list (stable-fixes). - ACPICA: Avoid sequence overread in call to strncmp() (stable-fixes). - ACPICA: exserial: do not forget to handle FFixedHW opregions for reading (git-fixes). - ACPICA: fix acpi operand cache leak in dswstate.c (stable-fixes). - ACPICA: fix acpi parse and parseext cache leaks (stable-fixes). - ACPICA: utilities: Fix overflow check in vsnprintf() (stable-fixes). - ACPICA: Utilities: Fix spelling mistake 'Incremement' -> 'Increment' (git-fixes). - ALSA: hda/intel: Add Thinkpad E15 to PM deny list (stable-fixes). - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-df1xxx (stable-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14ASP10 (stable-fixes). - ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged (stable-fixes). - ALSA: hda/realtek: Enable PC beep passthrough for HP EliteBook 855 G7 (stable-fixes). - ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X507UAR (git-fixes). - ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X513EA (git-fixes). - ALSA: pcm: Fix race of buffer access at PCM OSS layer (stable-fixes). - ALSA: seq: Improve data consistency at polling (stable-fixes). - ALSA: usb-audio: Accept multiple protocols in GTBs (stable-fixes). - ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock (stable-fixes). - ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 (stable-fixes). - ALSA: usb-audio: Add name for HP Engage Go dock (stable-fixes). - ALSA: usb-audio: Add Pioneer DJ DJM-V10 support (stable-fixes). - ALSA: usb-audio: Check shutdown at endpoint_set_interface() (stable-fixes). - ALSA: usb-audio: enable support for Presonus Studio 1824c within 1810c file (stable-fixes). - ALSA: usb-audio: Fix duplicated name in MIDI substream names (stable-fixes). - ALSA: usb-audio: Fix NULL pointer deref in snd_usb_power_domain_set() (git-fixes). - ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() (git-fixes). - ALSA: usb-audio: mixer: Remove temporary string use in parse_clock_source_unit (stable-fixes). - ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound card (stable-fixes). - ALSA: usb-audio: Rename Pioneer mixer channel controls (git-fixes). - ALSA: usb-audio: Set MIDI1 flag appropriately for GTB MIDI 1.0 entry (stable-fixes). - ALSA: usb-audio: Skip setting clock selector for single connections (stable-fixes). - ALSA: usb-audio: Support multiple control interfaces (stable-fixes). - ALSA: usb-audio: Support read-only clock selector control (stable-fixes). - arm64: dts: marvell: uDPU: define pinctrl state for alarm LEDs (git-fixes) - ASoC: amd: yc: Add quirk for Lenovo Yoga Pro 7 14ASP9 (stable-fixes). - ASoC: apple: mca: Constrain channels according to TDM mask (git-fixes). - ASoC: codecs: hda: Fix RPM usage count underflow (git-fixes). - ASoC: codecs: pcm3168a: Allow for 24-bit in provider mode (stable-fixes). - ASoC: imx-card: Adjust over allocation of memory in imx_card_parse_of() (stable-fixes). - ASoC: Intel: avs: Fix deadlock when the failing IPC is SET_D0IX (git-fixes). - ASoC: Intel: avs: Verify content returned by parse_int_array() (git-fixes). - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Acer Aspire SW3-013 (stable-fixes). - ASoC: mediatek: mt6359: Add stub for mt6359_accdet_enable_jack_detect (stable-fixes). - ASoC: mediatek: mt8188: Add reference for dmic clocks (stable-fixes). - ASoC: mediatek: mt8188: Treat DMIC_GAINx_CUR as non-volatile (stable-fixes). - ASoC: meson: meson-card-utils: use of_property_present() for DT parsing (git-fixes). - ASoC: ops: Enforce platform maximum on initial value (stable-fixes). - ASoC: qcom: sdm845: Add error handling in sdm845_slim_snd_hw_params() (git-fixes). - ASoC: qcom: sm8250: explicitly set format in sm8250_be_hw_params_fixup() (stable-fixes). - ASoC: rt722-sdca: Add some missing readable registers (stable-fixes). - ASoC: soc-dai: check return value at snd_soc_dai_set_tdm_slot() (stable-fixes). - ASoC: SOF: ipc4-pcm: Adjust pipeline_list->pipelines allocation type (git-fixes). - ASoC: sun4i-codec: support hp-det-gpios property (stable-fixes). - ASoC: tas2764: Add reg defaults for TAS2764_INT_CLK_CFG (stable-fixes). - ASoC: tas2764: Enable main IRQs (git-fixes). - ASoC: tas2764: Mark SW_RESET as volatile (stable-fixes). - ASoC: tas2764: Power up/down amp on mute ops (stable-fixes). - ASoC: tas2764: Reinit cache on part reset (git-fixes). - ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change (stable-fixes). - ASoC: tegra210_ahub: Add check to of_device_get_match_data() (stable-fixes). - ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode (stable-fixes). - ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 (stable-fixes). - ath10k: snoc: fix unbalanced IRQ enable in crash recovery (git-fixes). - backlight: pm8941: Add NULL check in wled_configure() (git-fixes). - Bluetooth: Fix NULL pointer deference on eir_get_service_data (git-fixes). - Bluetooth: hci_conn: Fix UAF Write in __hci_acl_create_connection_sync (git-fixes). - Bluetooth: hci_conn: Only do ACL connections sequentially (stable-fixes). - Bluetooth: hci_core: fix list_for_each_entry_rcu usage (git-fixes). - Bluetooth: hci_event: Fix not using key encryption size when its known (git-fixes). - Bluetooth: hci_qca: move the SoC type check to the right place (git-fixes). - Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance (git-fixes). - Bluetooth: hci_sync: Fix UAF in hci_acl_create_conn_sync (git-fixes). - Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync (git-fixes). - Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION (git-fixes). - Bluetooth: MGMT: Fix sparse errors (git-fixes). - Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete (git-fixes). - Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach() (git-fixes). - Bluetooth: MGMT: Remove unused mgmt_pending_find_data (stable-fixes). - Bluetooth: Remove pending ACL connection attempts (stable-fixes). - bnxt: properly flush XDP redirect lists (git-fixes). - bpf: Force uprobe bpf program to always return 0 (git-fixes). - btrfs: fix fsync of files with no hard links not persisting deletion (git-fixes). - btrfs: fix invalid data space release when truncating block in NOCOW mode (git-fixes). - btrfs: fix qgroup reservation leak on failure to allocate ordered extent (git-fixes). - btrfs: fix wrong start offset for delalloc space release during mmap write (git-fixes). - btrfs: remove end_no_trans label from btrfs_log_inode_parent() (git-fixes). - btrfs: simplify condition for logging new dentries at btrfs_log_inode_parent() (git-fixes). - bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device (git-fixes). - bus: fsl-mc: fix double-free on mc_dev (git-fixes). - bus: fsl-mc: fix GET/SET_TAILDROP command ids (git-fixes). - bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value (stable-fixes). - bus: mhi: host: Fix conflict between power_up and SYSERR (git-fixes). - calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (git-fixes). - can: c_can: Use of_property_present() to test existence of DT property (stable-fixes). - can: tcan4x5x: fix power regulator retrieval during probe (git-fixes). - ceph: allocate sparse_ext map only for sparse reads (git-fixes). - ceph: Fix incorrect flush end position calculation (git-fixes). - ceph: fix memory leaks in __ceph_sync_read() (git-fixes). - cgroup/cpuset: Fix race between newly created partition and dying one (bsc#1241166). - clocksource: Fix brown-bag boolean thinko in (git-fixes) - clocksource: Make watchdog and suspend-timing multiplication (git-fixes) - crypto: lrw - Only add ecb if it is not already there (git-fixes). - crypto: lzo - Fix compression buffer overrun (stable-fixes). - crypto: marvell/cesa - Avoid empty transfer descriptor (git-fixes). - crypto: marvell/cesa - Do not chain submitted requests (git-fixes). - crypto: marvell/cesa - Handle zero-length skcipher requests (git-fixes). - crypto: octeontx2 - suppress auth failure screaming due to negative tests (stable-fixes). - crypto: qat - add shutdown handler to qat_420xx (git-fixes). - crypto: qat - add shutdown handler to qat_4xxx (git-fixes). - crypto: skcipher - Zap type in crypto_alloc_sync_skcipher (stable-fixes). - crypto: sun8i-ce - move fallback ahash_request to the end of the struct (git-fixes). - crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare() (git-fixes). - crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions (git-fixes). - crypto: xts - Only add ecb if it is not already there (git-fixes). - devlink: fix port dump cmd type (git-fixes). - devlink: Fix referring to hw_addr attribute during state validation (git-fixes). - dlm: mask sk_shutdown value (bsc#1228854). - dlm: use SHUT_RDWR for SCTP shutdown (bsc#1228854). - dmaengine: idxd: cdev: Fix uninitialized use of sva in idxd_cdev_open (stable-fixes). - dmaengine: ti: Add NULL check in udma_probe() (git-fixes). - drivers/rapidio/rio_cm.c: prevent possible heap overwrite (stable-fixes). - drm: Add valid clones check (stable-fixes). - drm: bridge: adv7511: fill stream capabilities (stable-fixes). - drm: rcar-du: Fix memory leak in rcar_du_vsps_init() (git-fixes). - drm/amd/display: Add null pointer check for get_first_active_display() (git-fixes). - drm/amd/display: Do not try AUX transactions on disconnected link (stable-fixes). - drm/amd/display: Fix incorrect DPCD configs while Replay/PSR switch (stable-fixes). - drm/amd/display: fix link_set_dpms_off multi-display MST corner case (stable-fixes). - drm/amd/display: Guard against setting dispclk low for dcn31x (stable-fixes). - drm/amd/display: Increase block_sequence array size (stable-fixes). - drm/amd/display: Initial psr_version with correct setting (stable-fixes). - drm/amd/display: remove minimum Dispclk and apply oem panel timing (stable-fixes). - drm/amd/display: Skip checking FRL_MODE bit for PCON BW determination (stable-fixes). - drm/amd/display: Update CR AUX RD interval interpretation (stable-fixes). - drm/amd/display/dm: drop hw_support check in amdgpu_dm_i2c_xfer() (stable-fixes). - drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table (git-fixes). - drm/amdgpu: Do not program AGP BAR regs under SRIOV in gfxhub_v1_0.c (stable-fixes). - drm/amdgpu: enlarge the VBIOS binary size limit (stable-fixes). - drm/amdgpu: reset psp->cmd to NULL after releasing the buffer (stable-fixes). - drm/amdgpu: Set snoop bit for SDMA for MI series (stable-fixes). - drm/amdgpu: switch job hw_fence to amdgpu_fence (git-fixes). - drm/amdgpu: Update SRIOV video codec caps (stable-fixes). - drm/amdkfd: KFD release_work possible circular locking (stable-fixes). - drm/amdkfd: Set per-process flags only once cik/vi (stable-fixes). - drm/ast: Find VBIOS mode from regular display size (stable-fixes). - drm/ast: Fix comment on modeset lock (git-fixes). - drm/atomic: clarify the rules around drm_atomic_state->allow_modeset (stable-fixes). - drm/bridge: cdns-dsi: Check return value when getting default PHY config (git-fixes). - drm/bridge: cdns-dsi: Fix connecting to next bridge (git-fixes). - drm/bridge: cdns-dsi: Fix phy de-init and flag it so (git-fixes). - drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() (git-fixes). - drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready (git-fixes). - drm/bridge: lt9611uxc: Fix an error handling path in lt9611uxc_probe() (git-fixes). - drm/etnaviv: Protect the scheduler's pending list with its lock (git-fixes). - drm/i915: fix build error some more (git-fixes). - drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1 (git-fixes). - drm/i915/pmu: Fix build error with GCOV and AutoFDO enabled (git-fixes). - drm/mediatek: Fix kobject put for component sub-drivers (git-fixes). - drm/mediatek: mtk_dpi: Add checks for reg_h_fre_con existence (stable-fixes). - drm/mediatek: mtk_drm_drv: Fix kobject put for mtk_mutex device ptr (git-fixes). - drm/mediatek: mtk_drm_drv: Unbind secondary mmsys components on err (git-fixes). - drm/msm/disp: Correct porch timing for SDM845 (git-fixes). - drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate (git-fixes). - drm/msm/gpu: Fix crash when throttling GPU immediately during boot (git-fixes). - drm/nouveau/bl: increase buffer size to avoid truncate warning (git-fixes). - drm/panel-edp: Add Starry 116KHD024006 (stable-fixes). - drm/panel: samsung-sofef00: Drop s6e3fc2x01 support (git-fixes). - drm/rockchip: vop2: Add uv swap for cluster window (stable-fixes). - drm/ssd130x: fix ssd132x_clear_screen() columns (git-fixes). - drm/tegra: Assign plane type before registration (git-fixes). - drm/tegra: Fix a possible null pointer dereference (git-fixes). - drm/tegra: rgb: Fix the unbound reference count (git-fixes). - drm/udl: Unregister device before cleaning up on disconnect (git-fixes). - drm/v3d: Add clock handling (stable-fixes). - drm/vc4: tests: Use return instead of assert (git-fixes). - drm/vkms: Adjust vkms_state->active_planes allocation type (git-fixes). - drm/vmwgfx: Add seqno waiter for sync_files (git-fixes). - e1000e: set fixed clock frequency indication for Nahum 11 and Nahum 13 (git-fixes). - fbcon: Make sure modelist not set on unregistered console (stable-fixes). - fbcon: Use correct erase colour for clearing in fbcon (stable-fixes). - fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() (git-fixes). - fbdev: core: tileblit: Implement missing margin clearing for tileblit (stable-fixes). - fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var (git-fixes). - fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var (git-fixes). - fbdev: fsl-diu-fb: add missing device_remove_file() (stable-fixes). - fbdev/efifb: Remove PM for parent device (bsc#1244261). - fgraph: Still initialize idle shadow stacks when starting (git-fixes). - firmware: arm_ffa: Reject higher major version as incompatible (stable-fixes). - firmware: arm_ffa: Set dma_mask for ffa devices (stable-fixes). - firmware: arm_scmi: Relax duplicate name constraint across protocol ids (stable-fixes). - firmware: psci: Fix refcount leak in psci_dt_init (git-fixes). - firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES (git-fixes). - fpga: altera-cvp: Increase credit timeout (stable-fixes). - fs/nfs/read: fix double-unlock bug in nfs_return_empty_folio() (git-fixes). - gpio: mlxbf3: only get IRQ for device instance 0 (git-fixes). - gpio: pca953x: fix IRQ storm on system wake up (git-fixes). - gpio: pca953x: Simplify code with cleanup helpers (stable-fixes). - gpio: pca953x: Split pca953x_restore_context() and pca953x_save_context() (stable-fixes). - gpiolib: Revert 'Do not WARN on gpiod_put() for optional GPIO' (stable-fixes). - gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO (git-fixes). - gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt (git-fixes). - HID: lenovo: Restrict F7/9/11 mode to compact keyboards only (git-fixes). - HID: quirks: Add ADATA XPG alpha wireless mouse support (stable-fixes). - HID: usbkbd: Fix the bit shift number for LED_KANA (stable-fixes). - HID: wacom: fix kobject reference count leak (git-fixes). - HID: wacom: fix memory leak on kobject creation failure (git-fixes). - HID: wacom: fix memory leak on sysfs attribute creation failure (git-fixes). - hwmon: (asus-ec-sensors) check sensor index in read_string() (git-fixes). - hwmon: (dell-smm) Increment the number of fans (stable-fixes). - hwmon: (ftsteutates) Fix TOCTOU race in fts_read() (git-fixes). - hwmon: (gpio-fan) Add missing mutex locks (stable-fixes). - hwmon: (nct6775): Actually make use of the HWMON_NCT6775 symbol namespace (git-fixes). - hwmon: (occ) fix unaligned accesses (git-fixes). - hwmon: (occ) Rework attribute registration for stack usage (git-fixes). - hwmon: (peci/dimmtemp) Do not provide fake thresholds data (git-fixes). - hwmon: (xgene-hwmon) use appropriate type for the latency value (stable-fixes). - hwmon: corsair-psu: add USB id of HX1200i Series 2023 psu (git-fixes). - i2c: designware: Invoke runtime suspend on quick slave re-registration (stable-fixes). - i2c: npcm: Add clock toggle recovery (stable-fixes). - i2c: pxa: fix call balance of i2c->clk handling routines (stable-fixes). - i2c: qup: Vote for interconnect bandwidth to DRAM (stable-fixes). - i2c: robotfuzz-osif: disable zero-length read messages (git-fixes). - i2c: tegra: check msg length in SMBUS block read (bsc#1242086) - i2c: tiny-usb: disable zero-length read messages (git-fixes). - i3c: master: svc: Fix implicit fallthrough in svc_i3c_master_ibi_work() (git-fixes). - i3c: master: svc: Fix missing STOP for master request (stable-fixes). - i3c: master: svc: Flush FIFO before sending Dynamic Address Assignment(DAA) (stable-fixes). - i40e: retry VFLR handling if there is ongoing VF reset (git-fixes). - i40e: return false from i40e_reset_vf if reset is in progress (git-fixes). - ice: create new Tx scheduler nodes for new queues only (git-fixes). - ice: Fix LACP bonds without SRIOV environment (git-fixes). - ice: fix rebuilding the Tx scheduler tree for large queue counts (git-fixes). - ice: fix Tx scheduler error handling in XDP callback (git-fixes). - ice: fix vf->num_mac count with port representors (git-fixes). - ieee802154: ca8210: Use proper setters and getters for bitwise types (stable-fixes). - iio: accel: fxls8962af: Fix temperature scan element sign (git-fixes). - iio: adc: ad7124: Fix 3dB filter frequency reading (git-fixes). - iio: adc: ad7606_spi: fix reg write value mask (git-fixes). - iio: filter: admv8818: fix band 4, state 15 (git-fixes). - iio: filter: admv8818: fix integer overflow (git-fixes). - iio: filter: admv8818: fix range calculation (git-fixes). - iio: filter: admv8818: Support frequencies >= 2^32 (git-fixes). - iio: imu: inv_icm42600: Fix temperature calculation (git-fixes). - ima: process_measurement() needlessly takes inode_lock() on MAY_READ (stable-fixes). - ima: Suspend PCR extends and log appends when rebooting (bsc#1210025 ltc#196650). - Input: gpio-keys - fix possible concurrent access in gpio_keys_irq_timer() (git-fixes). - Input: ims-pcu - check record size in ims_pcu_flash_firmware() (git-fixes). - Input: sparcspkr - avoid unannotated fall-through (stable-fixes). - Input: xpad - add more controllers (stable-fixes). - intel_th: avoid using deprecated page->mapping, index fields (stable-fixes). - iommu: Protect against overflow in iommu_pgsize() (git-fixes). - iommu: Skip PASID validation for devices without PASID capability (bsc#1244100) - iommu: Validate the PASID in iommu_attach_device_pasid() (bsc#1244100) - ip_tunnel: annotate data-races around t->parms.link (git-fixes). - ip6mr: fix tables suspicious RCU usage (git-fixes). - ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt() function (git-fixes). - ipmr: fix tables suspicious RCU usage (git-fixes). - ipv4: Convert ip_route_input() to dscp_t (git-fixes). - ipv4: Correct/silence an endian warning in __ip_do_redirect (git-fixes). - ipv6: save dontfrag in cork (git-fixes). - ipvs: Always clear ipvs_property flag in skb_scrub_packet() (git-fixes). - isolcpus: fix bug in returning number of allocated cpumask (bsc#1243774). - jffs2: check jffs2_prealloc_raw_node_refs() result in few other places (git-fixes). - jffs2: check that raw node were preallocated before writing summary (git-fixes). - KVM: powerpc: Enable commented out BUILD_BUG_ON() assertion (bsc#1215199). - KVM: s390: rename PROT_NONE to PROT_TYPE_DUMMY (git-fixes bsc#1245225). - leds: pwm-multicolor: Add check for fwnode_property_read_u32 (stable-fixes). - loop: add file_start_write() and file_end_write() (git-fixes). - mailbox: use error ret code of of_parse_phandle_with_args() (stable-fixes). - md/raid1,raid10: do not handle IO error for REQ_RAHEAD and REQ_NOWAIT (git-fixes). - media: adv7180: Disable test-pattern control on adv7180 (stable-fixes). - media: c8sectpfe: Call of_node_put(i2c_bus) only once in c8sectpfe_probe() (stable-fixes). - media: ccs-pll: Check for too high VT PLL multiplier in dual PLL case (git-fixes). - media: ccs-pll: Correct the upper limit of maximum op_pre_pll_clk_div (git-fixes). - media: ccs-pll: Start OP pre-PLL multiplier search from correct value (git-fixes). - media: ccs-pll: Start VT pre-PLL multiplier search from correct value (git-fixes). - media: cx231xx: set device_caps for 417 (stable-fixes). - media: cxusb: no longer judge rbuf when the write fails (git-fixes). - media: davinci: vpif: Fix memory leak in probe error path (git-fixes). - media: gspca: Add error handling for stv06xx_read_sensor() (git-fixes). - media: i2c: imx219: Correct the minimum vblanking value (stable-fixes). - media: imx-jpeg: Cleanup after an allocation error (git-fixes). - media: imx-jpeg: Drop the first error frames (git-fixes). - media: imx-jpeg: Move mxc_jpeg_free_slot_data() ahead (git-fixes). - media: imx-jpeg: Reset slot data pointers when freed (git-fixes). - media: nxp: imx8-isi: better handle the m2m usage_count (git-fixes). - media: omap3isp: use sgtable-based scatterlist wrappers (git-fixes). - media: ov5675: suppress probe deferral errors (git-fixes). - media: ov8856: suppress probe deferral errors (git-fixes). - media: qcom: camss: csid: Only add TPG v4l2 ctrl if TPG hardware is available (stable-fixes). - media: rkvdec: Fix frame size enumeration (git-fixes). - media: tc358746: improve calculation of the D-PHY timing registers (stable-fixes). - media: test-drivers: vivid: do not call schedule in loop (stable-fixes). - media: uvcvideo: Add sanity check to uvc_ioctl_xu_ctrl_map (stable-fixes). - media: uvcvideo: Fix deferred probing error (git-fixes). - media: uvcvideo: Handle uvc menu translation inside uvc_get_le_value (stable-fixes). - media: uvcvideo: Return the number of processed controls (git-fixes). - media: v4l: Memset argument to 0 before calling get_mbus_config pad op (stable-fixes). - media: v4l2-dev: fix error handling in __video_register_device() (git-fixes). - media: venus: Fix probe error handling (git-fixes). - media: videobuf2: use sgtable-based scatterlist wrappers (git-fixes). - media: vidtv: Terminating the subsequent process of initialization failure (git-fixes). - media: vivid: Change the siize of the composing (git-fixes). - mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() (git-fixes). - mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE (git-fixes). - mfd: tps65219: Remove TPS65219_REG_TI_DEV_ID check (stable-fixes). - mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337). - mm, memcg: cg2 memory{.swap,}.peak write handlers (jsc#PED-12551). - mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431). - mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245431). - mm/memcontrol: export memcg.swap watermark via sysfs for v2 memcg (jsc#PED-12551). - mmc: Add quirk to disable DDR50 tuning (stable-fixes). - mmc: dw_mmc: add exynos7870 DW MMC support (stable-fixes). - mmc: host: Wait for Vdd to settle on card power off (stable-fixes). - mmc: sdhci: Disable SD card clock before changing parameters (stable-fixes). - mtd: nand: ecc-mxic: Fix use of uninitialized variable ret (git-fixes). - mtd: nand: sunxi: Add randomizer configuration before randomizer enable (git-fixes). - mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk (git-fixes). - MyBS: Correctly generate build flags for non-multibuild package limit (bsc# 1244241) Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') - MyBS: Do not build kernel-obs-qa with limit_packages Fixes: 58e3f8c34b2b ('bs-upload-kernel: Pass limit_packages also on multibuild') - MyBS: Simplify qa_expr generation Start with a 0 which makes the expression valid even if there are no QA repositories (currently does not happen). Then separator is always needed. - neighbour: Do not let neigh_forced_gc() disable preemption for long (git-fixes). - net_sched: ets: fix a race in ets_qdisc_change() (git-fixes). - net_sched: prio: fix a race in prio_tune() (git-fixes). - net_sched: red: fix a race in __red_change() (git-fixes). - net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312) - net_sched: sch_sfq: reject invalid perturb period (git-fixes). - net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504) - net_sched: tbf: fix a race in tbf_change() (git-fixes). - net: add rcu safety to rtnl_prop_list_size() (git-fixes). - net: Fix TOCTOU issue in sk_is_readable() (git-fixes). - net: fix udp gso skb_segment after pull from frag_list (git-fixes). - net: give more chances to rcu in netdev_wait_allrefs_any() (git-fixes). - net: ice: Perform accurate aRFS flow match (git-fixes). - net: Implement missing getsockopt(SO_TIMESTAMPING_NEW) (git-fixes). - net: ipv4: fix a memleak in ip_setup_cork (git-fixes). - net: linkwatch: use system_unbound_wq (git-fixes). - net: mana: Add support for Multi Vports on Bare metal (bsc#1244229). - net: mana: Record doorbell physical address in PF mode (bsc#1244229). - net: page_pool: fix warning code (git-fixes). - net: phy: clear phydev->devlink when the link is deleted (git-fixes). - net: phy: fix up const issues in to_mdio_device() and to_phy_device() (git-fixes). - net: phy: move phy_link_change() prior to mdio_bus_phy_may_suspend() (bsc#1243538) - net: phy: mscc: Fix memory leak when using one step timestamping (git-fixes). - net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames (git-fixes). - net: sched: cls_u32: Fix allocation size in u32_init() (git-fixes). - net: sched: consistently use rcu_replace_pointer() in taprio_change() (git-fixes). - net: sched: em_text: fix possible memory leak in em_text_destroy() (git-fixes). - net: sched: fix erspan_opt settings in cls_flower (git-fixes). - net: usb: aqc111: debug info before sanitation (git-fixes). - net: usb: aqc111: fix error handling of usbnet read calls (git-fixes). - net: wwan: t7xx: Fix napi rx poll issue (git-fixes). - net/mdiobus: Fix potential out-of-bounds clause 45 read/write access (git-fixes). - net/mdiobus: Fix potential out-of-bounds read/write access (git-fixes). - net/mlx4_en: Prevent potential integer overflow calculating Hz (git-fixes). - net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr() (git-fixes). - net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid() (git-fixes). - net/mlx5: Ensure fw pages are always allocated on same NUMA (git-fixes). - net/mlx5: Fix ECVF vports unload on shutdown flow (git-fixes). - net/mlx5: Fix return value when searching for existing flow group (git-fixes). - net/mlx5e: Fix leak of Geneve TLV option object (git-fixes). - net/neighbor: clear error in case strict check is not set (git-fixes). - net/sched: fix use-after-free in taprio_dev_notifier (git-fixes). - netdev-genl: Hold rcu_read_lock in napi_get (git-fixes). - netlink: fix potential sleeping issue in mqueue_flush_file (git-fixes). - netlink: specs: dpll: replace underscores with dashes in names (git-fixes). - netpoll: hold rcu read lock in __netpoll_send_skb() (git-fixes). - netpoll: Use rcu_access_pointer() in __netpoll_setup (git-fixes). - NFC: nci: uart: Set tty->disc_data only in success path (git-fixes). - NFS: Do not allow waiting for exiting tasks (git-fixes). - nfsd: Initialize ssc before laundromat_work to prevent NULL dereference (git-fixes). - nfsd: Insulate nfsd4_encode_read_plus() from page boundaries in the encode buffer (git-fixes). - nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request (git-fixes). - nfsd: validate the nfsd_serv pointer before calling svc_wake_up (git-fixes). - NFSv4: Check for delegation validity in nfs_start_delegation_return_locked() (git-fixes). - NFSv4: Treat ENETUNREACH errors as fatal for state recovery (git-fixes). - ntp: Clamp maxerror and esterror to operating range (git-fixes) - ntp: Remove invalid cast in time offset math (git-fixes) - ntp: Safeguard against time_constant overflow (git-fixes) - nvme-fc: do not reference lsrsp after failure (bsc#1245193). - nvme-pci: add NVME_QUIRK_NO_DEEPEST_PS quirk for SOLIDIGM P44 Pro (git-fixes). - nvme-pci: add quirks for device 126f:1001 (git-fixes). - nvme-pci: add quirks for WDC Blue SN550 15b7:5009 (git-fixes). - nvme: always punt polled uring_cmd end_io work to task_work (git-fixes). - nvme: fix command limits status code (git-fixes). - nvme: fix implicit bool to flags conversion (git-fixes). - nvmet-fc: free pending reqs on tgtport unregister (bsc#1245193). - nvmet-fc: take tgtport refs for portentry (bsc#1245193). - nvmet-fcloop: access fcpreq only when holding reqlock (bsc#1245193). - nvmet-fcloop: add missing fcloop_callback_host_done (bsc#1245193). - nvmet-fcloop: allocate/free fcloop_lsreq directly (bsc#1245193). - nvmet-fcloop: do not wait for lport cleanup (bsc#1245193). - nvmet-fcloop: drop response if targetport is gone (bsc#1245193). - nvmet-fcloop: prevent double port deletion (bsc#1245193). - nvmet-fcloop: refactor fcloop_delete_local_port (bsc#1245193). - nvmet-fcloop: refactor fcloop_nport_alloc and track lport (bsc#1245193). - nvmet-fcloop: remove nport from list on last user (bsc#1245193). - nvmet-fcloop: track ref counts for nports (bsc#1245193). - nvmet-fcloop: update refs on tfcp_req (bsc#1245193). - orangefs: Do not truncate file size (git-fixes). - page_pool: Fix use-after-free in page_pool_recycle_in_ring (git-fixes). - PCI: apple: Set only available ports up (git-fixes). - PCI: apple: Use gpiod_set_value_cansleep in probe flow (git-fixes). - PCI: brcmstb: Add a softdep to MIP MSI-X driver (stable-fixes). - PCI: brcmstb: Expand inbound window size up to 64GB (stable-fixes). - PCI: cadence-ep: Correct PBA offset in .set_msix() callback (git-fixes). - PCI: cadence: Fix runtime atomic count underflow (git-fixes). - PCI: dw-rockchip: Fix PHY function call sequence in rockchip_pcie_phy_deinit() (git-fixes). - PCI: dw-rockchip: Remove PCIE_L0S_ENTRY check from rockchip_pcie_link_up() (git-fixes). - PCI: dwc: ep: Correct PBA offset in .set_msix() callback (git-fixes). - PCI: dwc: ep: Ensure proper iteration over outbound map windows (stable-fixes). - PCI: endpoint: Retain fixed-size BAR size as well as aligned size (git-fixes). - PCI: Explicitly put devices into D0 when initializing (git-fixes). - PCI: Fix lock symmetry in pci_slot_unlock() (git-fixes). - PCI: Fix old_size lower bound in calculate_iosize() too (stable-fixes). - PCI: vmd: Disable MSI remapping bypass under Xen (stable-fixes). - PCI/DPC: Initialize aer_err_info before using it (git-fixes). - PCI/DPC: Log Error Source ID only when valid (git-fixes). - PCI/DPC: Use defines with DPC reason fields (git-fixes). - PCI/MSI: Size device MSI domain with the maximum number of vectors (git-fixes). - PCI/PM: Set up runtime PM even for devices without PCI PM (git-fixes). - phy: core: do not require set_mode() callback for phy_get_mode() to work (stable-fixes). - phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug (git-fixes). - phy: renesas: rcar-gen3-usb2: Add support to initialize the bus (stable-fixes). - phy: renesas: rcar-gen3-usb2: Assert PLL reset on PHY power off (git-fixes). - phy: renesas: rcar-gen3-usb2: Lock around hardware registers and driver data (git-fixes). - phy: renesas: rcar-gen3-usb2: Move IRQ request in probe (stable-fixes). - pinctrl-tegra: Restore SFSEL bit when freeing pins (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() (stable-fixes). - pinctrl: armada-37xx: set GPIO output value before setting direction (git-fixes). - pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 (git-fixes). - pinctrl: at91: Fix possible out-of-boundary access (git-fixes). - pinctrl: bcm281xx: Use 'unsigned int' instead of bare 'unsigned' (stable-fixes). - pinctrl: devicetree: do not goto err when probing hogs in pinctrl_dt_to_map (stable-fixes). - pinctrl: mcp23s08: Reset all pins to input at probe (stable-fixes). - pinctrl: meson: define the pull up/down resistor value as 60 kOhm (stable-fixes). - pinctrl: qcom: pinctrl-qcm2290: Add missing pins (git-fixes). - pinctrl: st: Drop unused st_gpio_bank() function (git-fixes). - pinctrl: tegra: Fix off by one in tegra_pinctrl_get_group() (git-fixes). - platform/x86: dell_rbu: Fix list usage (git-fixes). - platform/x86: dell_rbu: Stop overwriting data buffer (git-fixes). - platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys (git-fixes). - platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys (stable-fixes). - platform/x86: ideapad-laptop: use usleep_range() for EC polling (git-fixes). - platform/x86: thinkpad_acpi: Ignore battery threshold change event notification (stable-fixes). - platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS (git-fixes). - platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS (stable-fixes). - platform/x86/amd: pmc: Clear metrics table at start of cycle (git-fixes). - platform/x86/intel-uncore-freq: Fail module load when plat_info is NULL (git-fixes). - PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() (stable-fixes). - PM: sleep: Fix power.is_suspended cleanup for direct-complete devices (git-fixes). - PM: sleep: Print PM debug messages during hibernation (git-fixes). - PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() (git-fixes). - pNFS/flexfiles: Report ENETDOWN as a connection error (git-fixes). - power: reset: at91-reset: Optimize at91_reset() (git-fixes). - power: supply: bq27xxx: Retrieve again when busy (stable-fixes). - power: supply: collie: Fix wakeup source leaks on device unbind (stable-fixes). - powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery (bsc#1215199). - powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (bsc#1244309 ltc#213790). - powerpc/pseries/msi: Avoid reading PCI device registers in reduced power states (bsc#1215199). - powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() (bsc#1244309 ltc#213790). - pstore: Change kmsg_bytes storage size to u32 (git-fixes). - ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() (git-fixes). - r8152: add vendor/device ID pair for Dell Alienware AW1022z (git-fixes). - RDMA/core: Fix best page size finding when it can cross SG entries (git-fixes) - RDMA/uverbs: Propagate errors from rdma_lookup_get_uobject() (git-fixes) - regulator: ad5398: Add device tree support (stable-fixes). - regulator: max14577: Add error check for max14577_read_reg() (git-fixes). - regulator: max20086: Change enable gpio to optional (git-fixes). - regulator: max20086: Fix MAX200086 chip id (git-fixes). - regulator: max20086: Fix refcount leak in max20086_parse_regulators_dt() (git-fixes). - rtc: at91rm9200: drop unused module alias (git-fixes). - rtc: cmos: use spin_lock_irqsave in cmos_interrupt (git-fixes). - rtc: cpcap: drop unused module alias (git-fixes). - rtc: da9063: drop unused module alias (git-fixes). - rtc: ds1307: stop disabling alarms on probe (stable-fixes). - rtc: Fix offset calculation for .start_secs &lt; 0 (git-fixes). - rtc: jz4740: drop unused module alias (git-fixes). - rtc: Make rtc_time64_to_tm() support dates before 1970 (stable-fixes). - rtc: pm8xxx: drop unused module alias (git-fixes). - rtc: rv3032: fix EERD location (stable-fixes). - rtc: s3c: drop unused module alias (git-fixes). - rtc: sh: assign correct interrupts with DT (git-fixes). - rtc: stm32: drop unused module alias (git-fixes). - s390/pci: Allow re-add of a reserved but not yet removed device (bsc#1244145). - s390/pci: Fix __pcilg_mio_inuser() inline assembly (git-fixes bsc#1245226). - s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs (git-fixes bsc#1244145). - s390/pci: Fix potential double remove of hotplug slot (bsc#1244145). - s390/pci: introduce lock to synchronize state of zpci_dev's (jsc#PED-10253 bsc#1244145). - s390/pci: Prevent self deletion in disable_slot() (bsc#1244145). - s390/pci: remove hotplug slot when releasing the device (bsc#1244145). - s390/pci: Remove redundant bus removal and disable from zpci_release_device() (bsc#1244145). - s390/pci: rename lock member in struct zpci_dev (jsc#PED-10253 bsc#1244145). - s390/pci: Serialize device addition and removal (bsc#1244145). - s390/tty: Fix a potential memory leak bug (git-fixes bsc#1245228). - scsi: dc395x: Remove DEBUG conditional compilation (git-fixes). - scsi: dc395x: Remove leftover if statement in reselect() (git-fixes). - scsi: elx: efct: Fix memory leak in efct_hw_parse_filter() (git-fixes). - scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk (git-fixes). - scsi: iscsi: Fix incorrect error path labels for flashnode operations (git-fixes). - scsi: mpi3mr: Add level check to control event logging (git-fixes). - scsi: mpt3sas: Send a diag reset if target reset fails (git-fixes). - scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops (git-fixes). - scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer (git-fixes). - scsi: st: ERASE does not change tape location (git-fixes). - scsi: st: Restore some drive settings after reset (git-fixes). - scsi: st: Tighten the page format heuristics with MODE SELECT (git-fixes). - scsi: storvsc: Do not report the host packet status as the hv status (git-fixes). - scsi: storvsc: Increase the timeouts to storvsc_timeout (git-fixes). - selftests/bpf: Fix bpf_nf selftest failure (git-fixes). - selftests/mm: restore default nr_hugepages value during cleanup in hugetlb_reparenting_test.sh (git-fixes). - selftests/net: have `gro.sh -t` return a correct exit code (stable-fixes). - selftests/seccomp: fix syscall_restart test for arm compat (git-fixes). - serial: Fix potential null-ptr-deref in mlb_usio_probe() (git-fixes). - serial: imx: Restore original RXTL for console to fix data loss (git-fixes). - serial: mctrl_gpio: split disable_ms into sync and no_sync APIs (git-fixes). - serial: sh-sci: Move runtime PM enable to sci_probe_single() (stable-fixes). - serial: sh-sci: Save and restore more registers (git-fixes). - serial: sh-sci: Update the suspend/resume support (stable-fixes). - soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() (git-fixes). - soc: aspeed: lpc: Fix impossible judgment condition (git-fixes). - soc: qcom: smp2p: Fix fallback to qcom,ipc parse (git-fixes). - soc: ti: k3-socinfo: Do not use syscon helper to build regmap (stable-fixes). - soundwire: amd: change the soundwire wake enable/disable sequence (stable-fixes). - spi-rockchip: Fix register out of bounds access (stable-fixes). - spi: bcm63xx-hsspi: fix shared reset (git-fixes). - spi: bcm63xx-spi: fix shared reset (git-fixes). - spi: sh-msiof: Fix maximum DMA transfer size (git-fixes). - spi: spi-sun4i: fix early activation (stable-fixes). - spi: tegra210-quad: Fix X1_X2_X4 encoding and support x4 transfers (git-fixes). - spi: tegra210-quad: modify chip select (CS) deactivation (git-fixes). - spi: tegra210-quad: remove redundant error handling code (git-fixes). - spi: zynqmp-gqspi: Always acknowledge interrupts (stable-fixes). - staging: iio: ad5933: Correct settling cycles encoding per datasheet (git-fixes). - staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() (git-fixes). - struct usci: hide additional member (git-fixes). - SUNRPC: Do not allow waiting for exiting tasks (git-fixes). - SUNRPC: handle SVC_GARBAGE during svc auth processing as auth error (git-fixes). - SUNRPC: Prevent hang on NFS mount with xprtsec=[m]tls (git-fixes). - SUNRPC: rpc_clnt_set_transport() must not change the autobind setting (git-fixes). - SUNRPC: rpcbind should never reset the port to the value '0' (git-fixes). - tcp_metrics: optimize tcp_metrics_flush_all() (git-fixes). - tcp: bring back NUMA dispersion in inet_ehash_locks_alloc() (git-fixes). - tcp/dccp: allow a connection when sk_max_ack_backlog is zero (git-fixes). - tcp/dccp: bypass empty buckets in inet_twsk_purge() (git-fixes). - tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog (git-fixes). - thermal/drivers/qoriq: Power down TMU on system suspend (stable-fixes). - thunderbolt: Do not add non-active NVM if NVM upgrade is disabled for retimer (stable-fixes). - thunderbolt: Do not double dequeue a configuration request (stable-fixes). - thunderbolt: Fix a logic error in wake on connect (git-fixes). - timekeeping: Fix bogus clock_was_set() invocation in (git-fixes) - timekeeping: Fix cross-timestamp interpolation corner case (git-fixes) - timekeeping: Fix cross-timestamp interpolation for non-x86 (git-fixes) - timekeeping: Fix cross-timestamp interpolation on counter (git-fixes) - trace/trace_event_perf: remove duplicate samples on the first tracepoint event (git-fixes). - tracing: Add __print_dynamic_array() helper (bsc#1243544). - tracing: Add __string_len() example (bsc#1243544). - tracing: Fix cmp_entries_dup() to respect sort() comparison rules (git-fixes). - tracing: Fix compilation warning on arm32 (bsc#1243551). - tracing: Use atomic64_inc_return() in trace_clock_counter() (git-fixes). - tracing/eprobe: Fix to release eprobe when failed to add dyn_event (git-fixes). - ucsi_debugfs_entry: hide signedness change (git-fixes). - udp: annotate data-races around up->pending (git-fixes). - udp: fix incorrect parameter validation in the udp_lib_getsockopt() function (git-fixes). - udp: fix receiving fraglist GSO packets (git-fixes). - udp: preserve the connected status if only UDP cmsg (git-fixes). - uprobes: Use kzalloc to allocate xol area (git-fixes). - usb: cdnsp: Fix issue with detecting command completion event (git-fixes). - usb: cdnsp: Fix issue with detecting USB 3.2 speed (git-fixes). - usb: dwc3: gadget: Make gadget_wakeup asynchronous (git-fixes). - usb: Flush altsetting 0 endpoints before reinitializating them after reset (git-fixes). - usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE (stable-fixes). - usb: renesas_usbhs: Reorder clock handling and power management in probe (git-fixes). - usb: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB (stable-fixes). - usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device (stable-fixes). - usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() (git-fixes). - usb: typec: ucsi: allow non-partner GET_PDOS for Qualcomm devices (git-fixes). - usb: typec: ucsi: fix Clang -Wsign-conversion warning (git-fixes). - usb: typec: ucsi: fix UCSI on buggy Qualcomm devices (git-fixes). - usb: typec: ucsi: limit the UCSI_NO_PARTNER_PDOS even further (git-fixes). - usb: typec: ucsi: Only enable supported notifications (git-fixes). - usb: usbtmc: Fix read_stb function and get_stb ioctl (git-fixes). - usb: usbtmc: Fix timeout value in get_stb (git-fixes). - usb: xhci: Do not change the status of stalled TDs on failed Stop EP (stable-fixes). - usbnet: asix AX88772: leave the carrier control to phylink (stable-fixes). - vgacon: Add check for vc_origin address range in vgacon_scroll() (git-fixes). - VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify (git-fixes). - vmxnet3: correctly report gso type for UDP tunnels (bsc#1244626). - vmxnet3: support higher link speeds from vmxnet3 v9 (bsc#1244626). - vmxnet3: update MTU after device quiesce (bsc#1244626). - vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() (git-fixes). - watchdog: da9052_wdt: respect TWDMIN (stable-fixes). - watchdog: exar: Shorten identity name to fit correctly (git-fixes). - watchdog: fix watchdog may detect false positive of softlockup (stable-fixes). - watchdog: it87_wdt: add PWRGD enable quirk for Qotom QCML04 (git-fixes). - watchdog: mediatek: Add support for MT6735 TOPRGU/WDT (git-fixes). - wifi: ath11k: avoid burning CPU in ath11k_debugfs_fw_stats_request() (git-fixes). - wifi: ath11k: convert timeouts to secs_to_jiffies() (stable-fixes). - wifi: ath11k: do not use static variables in ath11k_debugfs_fw_stats_process() (git-fixes). - wifi: ath11k: do not wait when there is no vdev started (git-fixes). - wifi: ath11k: fix node corruption in ar->arvifs list (git-fixes). - wifi: ath11k: Fix QMI memory reuse logic (stable-fixes). - wifi: ath11k: fix ring-buffer corruption (git-fixes). - wifi: ath11k: fix rx completion meta data corruption (git-fixes). - wifi: ath11k: fix soc_dp_stats debugfs file permission (stable-fixes). - wifi: ath11k: move some firmware stats related functions outside of debugfs (git-fixes). - wifi: ath11k: update channel list in worker when wait flag is set (bsc#1243847). - wifi: ath11k: validate ath11k_crypto_mode on top of ath11k_core_qmi_firmware_ready (git-fixes). - wifi: ath12k: Add MSDU length validation for TKIP MIC error (git-fixes). - wifi: ath12k: Avoid napi_sync() before napi_enable() (stable-fixes). - wifi: ath12k: fix a possible dead lock caused by ab->base_lock (stable-fixes). - wifi: ath12k: fix ath12k_hal_tx_cmd_ext_desc_setup() info1 override (stable-fixes). - wifi: ath12k: fix cleanup path after mhi init (git-fixes). - wifi: ath12k: Fix end offset bit definition in monitor ring descriptor (stable-fixes). - wifi: ath12k: fix failed to set mhi state error during reboot with hardware grouping (stable-fixes). - wifi: ath12k: fix incorrect CE addresses (stable-fixes). - wifi: ath12k: fix invalid access to memory (git-fixes). - wifi: ath12k: Fix invalid memory access while forming 802.11 header (git-fixes). - wifi: ath12k: fix link valid field initialization in the monitor Rx (stable-fixes). - wifi: ath12k: fix macro definition HAL_RX_MSDU_PKT_LENGTH_GET (stable-fixes). - wifi: ath12k: Fix memory leak during vdev_id mismatch (git-fixes). - wifi: ath12k: fix node corruption in ar->arvifs list (git-fixes). - wifi: ath12k: fix ring-buffer corruption (git-fixes). - wifi: ath12k: Fix the QoS control field offset to build QoS header (git-fixes). - wifi: ath12k: Fix WMI tag for EHT rate in peer assoc (git-fixes). - wifi: ath12k: Improve BSS discovery with hidden SSID in 6 GHz band (stable-fixes). - wifi: ath12k: Pass correct values of center freq1 and center freq2 for 160 MHz (stable-fixes). - wifi: ath12k: Report proper tx completion status to mac80211 (stable-fixes). - wifi: ath9k_htc: Abort software beacon handling if disabled (git-fixes). - wifi: ath9k: return by of_get_mac_address (stable-fixes). - wifi: carl9170: do not ping device which has failed to load firmware (git-fixes). - wifi: iwlfiwi: mvm: Fix the rate reporting (git-fixes). - wifi: iwlwifi: Add missing MODULE_FIRMWARE for Qu-c0-jf-b0 (stable-fixes). - wifi: iwlwifi: add support for Killer on MTL (stable-fixes). - wifi: iwlwifi: fix debug actions order (stable-fixes). - wifi: iwlwifi: pcie: make sure to lock rxq->read (stable-fixes). - wifi: mac80211_hwsim: Prevent tsf from setting if beacon is disabled (stable-fixes). - wifi: mac80211: do not offer a mesh path if forwarding is disabled (stable-fixes). - wifi: mac80211: do not unconditionally call drv_mgd_complete_tx() (stable-fixes). - wifi: mac80211: fix beacon interval calculation overflow (git-fixes). - wifi: mac80211: remove misplaced drv_mgd_complete_tx() call (stable-fixes). - wifi: mac80211: VLAN traffic in multicast path (stable-fixes). - wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R (stable-fixes). - wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init() (git-fixes). - wifi: mt76: mt7921: add 160 MHz AP for mt7922 device (stable-fixes). - wifi: mt76: mt7925: ensure all MCU commands wait for response (git-fixes). - wifi: mt76: mt7925: fix host interrupt register initialization (git-fixes). - wifi: mt76: mt7925: prevent multiple scan commands (git-fixes). - wifi: mt76: mt7925: refine the sniffer commnad (git-fixes). - wifi: mt76: mt7996: drop fragments with multicast or broadcast RA (stable-fixes). - wifi: mt76: mt7996: fix RX buffer size of MCU event (git-fixes). - wifi: mt76: mt7996: revise TXS size (stable-fixes). - wifi: mt76: mt7996: set EHT max ampdu length capability (git-fixes). - wifi: mt76: only mark tx-status-failed frames as ACKed on mt76x0/2 (stable-fixes). - wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() (git-fixes). - wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 (git-fixes). - wifi: rtw88: do not ignore hardware read error during DPK (git-fixes). - wifi: rtw88: Do not use static local variable in rtw8822b_set_tx_power_index_by_rate (stable-fixes). - wifi: rtw88: Fix __rtw_download_firmware() for RTL8814AU (stable-fixes). - wifi: rtw88: Fix download_firmware_validate() for RTL8814AU (stable-fixes). - wifi: rtw88: Fix rtw_desc_to_mcsrate() to handle MCS16-31 (stable-fixes). - wifi: rtw88: Fix rtw_init_ht_cap() for RTL8814AU (stable-fixes). - wifi: rtw88: Fix rtw_init_vht_cap() for RTL8814AU (stable-fixes). - wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (git-fixes). - wifi: rtw88: sdio: call rtw_sdio_indicate_tx_status unconditionally (git-fixes). - wifi: rtw88: sdio: map mgmt frames to queue TX_DESC_QSEL_MGMT (git-fixes). - wifi: rtw88: usb: Reduce control message timeout to 500 ms (git-fixes). - wifi: rtw89: add wiphy_lock() to work that isn't held wiphy_lock() yet (stable-fixes). - wifi: rtw89: fw: propagate error code from rtw89_h2c_tx() (stable-fixes). - wifi: rtw89: leave idle mode when setting WEP encryption for AP mode (stable-fixes). - wifi: rtw89: pci: enlarge retry times of RX tag to 1000 (git-fixes). - x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt() (git-fixes). - x86/kaslr: Reduce KASLR entropy on most x86 systems (git-fixes). - x86/microcode: Consolidate the loader enablement checking (git-fixes). - x86/microcode/AMD: Add get_patch_level() (git-fixes). - x86/microcode/AMD: Get rid of the _load_microcode_amd() forward declaration (git-fixes). - x86/microcode/AMD: Have __apply_microcode_amd() return bool (git-fixes). - x86/microcode/AMD: Make __verify_patch_size() return bool (git-fixes). - x86/microcode/AMD: Merge early_apply_microcode() into its single callsite (git-fixes). - x86/microcode/AMD: Remove ugly linebreak in __verify_patch_section() signature (git-fixes). - x86/microcode/AMD: Return bool from find_blobs_in_containers() (git-fixes). - x86/mm/init: Handle the special case of device private pages in add_pages(), to not increase max_pfn and trigger dma_addressing_limited() bounce buffers (git-fixes). - x86/xen: fix balloon target initialization for PVH dom0 (git-fixes). - xen/arm: call uaccess_ttbr0_enable for dm_op hypercall (git-fixes) - xen/x86: fix initial memory balloon target (git-fixes). - xsk: always clear DMA mapping information when unmapping the pool (git-fixes). Important SUSE bug 1151679 SUSE bug 1151680 SUSE bug 1151794 SUSE bug 1151927 SUSE bug 1210025 SUSE bug 1211226 SUSE bug 1215199 SUSE bug 1218184 SUSE bug 1223008 SUSE bug 1228557 SUSE bug 1228854 SUSE bug 1232504 SUSE bug 1232882 SUSE bug 1235490 SUSE bug 1235728 SUSE bug 1236208 SUSE bug 1237312 SUSE bug 1237913 SUSE bug 1238859 SUSE bug 1238982 SUSE bug 1240180 SUSE bug 1240577 SUSE bug 1240610 SUSE bug 1240686 SUSE bug 1240723 SUSE bug 1240814 SUSE bug 1240823 SUSE bug 1241166 SUSE bug 1241278 SUSE bug 1241414 SUSE bug 1241544 SUSE bug 1241572 SUSE bug 1241592 SUSE bug 1241617 SUSE bug 1242086 SUSE bug 1242163 SUSE bug 1242504 SUSE bug 1242515 SUSE bug 1242521 SUSE bug 1242556 SUSE bug 1242573 SUSE bug 1242725 SUSE bug 1242846 SUSE bug 1242849 SUSE bug 1242850 SUSE bug 1242907 SUSE bug 1242940 SUSE bug 1242946 SUSE bug 1242954 SUSE bug 1242982 SUSE bug 1243051 SUSE bug 1243060 SUSE bug 1243342 SUSE bug 1243467 SUSE bug 1243475 SUSE bug 1243480 SUSE bug 1243506 SUSE bug 1243523 SUSE bug 1243537 SUSE bug 1243538 SUSE bug 1243542 SUSE bug 1243544 SUSE bug 1243551 SUSE bug 1243571 SUSE bug 1243572 SUSE bug 1243620 SUSE bug 1243628 SUSE bug 1243698 SUSE bug 1243774 SUSE bug 1243782 SUSE bug 1243823 SUSE bug 1243827 SUSE bug 1243832 SUSE bug 1243836 SUSE bug 1243847 SUSE bug 1244100 SUSE bug 1244145 SUSE bug 1244172 SUSE bug 1244176 SUSE bug 1244229 SUSE bug 1244234 SUSE bug 1244241 SUSE bug 1244261 SUSE bug 1244274 SUSE bug 1244275 SUSE bug 1244277 SUSE bug 1244309 SUSE bug 1244313 SUSE bug 1244337 SUSE bug 1244626 SUSE bug 1244725 SUSE bug 1244727 SUSE bug 1244729 SUSE bug 1244731 SUSE bug 1244732 SUSE bug 1244736 SUSE bug 1244737 SUSE bug 1244738 SUSE bug 1244739 SUSE bug 1244743 SUSE bug 1244746 SUSE bug 1244759 SUSE bug 1244789 SUSE bug 1244862 SUSE bug 1244906 SUSE bug 1244938 SUSE bug 1244995 SUSE bug 1244996 SUSE bug 1244999 SUSE bug 1245001 SUSE bug 1245003 SUSE bug 1245004 SUSE bug 1245025 SUSE bug 1245042 SUSE bug 1245046 SUSE bug 1245078 SUSE bug 1245081 SUSE bug 1245082 SUSE bug 1245083 SUSE bug 1245155 SUSE bug 1245183 SUSE bug 1245193 SUSE bug 1245210 SUSE bug 1245217 SUSE bug 1245225 SUSE bug 1245226 SUSE bug 1245228 SUSE bug 1245431 SUSE bug 1245455 CVE-2023-52888 at SUSE CVE-2023-52888 at NVD CVE-2024-26831 at SUSE CVE-2024-26831 at NVD CVE-2024-49568 at SUSE CVE-2024-49568 at NVD CVE-2024-50106 at SUSE CVE-2024-50106 at NVD CVE-2024-56613 at SUSE CVE-2024-56613 at NVD CVE-2024-56699 at SUSE CVE-2024-56699 at NVD CVE-2024-57982 at SUSE CVE-2024-57982 at NVD CVE-2024-58053 at SUSE CVE-2024-58053 at NVD CVE-2025-21658 at SUSE CVE-2025-21658 at NVD CVE-2025-21720 at SUSE CVE-2025-21720 at NVD CVE-2025-21868 at SUSE CVE-2025-21868 at NVD CVE-2025-21898 at SUSE CVE-2025-21898 at NVD CVE-2025-21899 at SUSE CVE-2025-21899 at NVD CVE-2025-21920 at SUSE CVE-2025-21920 at NVD CVE-2025-21938 at SUSE CVE-2025-21938 at NVD CVE-2025-21959 at SUSE CVE-2025-21959 at NVD CVE-2025-21997 at SUSE CVE-2025-21997 at NVD CVE-2025-22035 at SUSE CVE-2025-22035 at NVD CVE-2025-22083 at SUSE CVE-2025-22083 at NVD CVE-2025-22111 at SUSE CVE-2025-22111 at NVD CVE-2025-22113 at SUSE CVE-2025-22113 at NVD CVE-2025-22120 at SUSE CVE-2025-22120 at NVD CVE-2025-23155 at SUSE CVE-2025-23155 at NVD CVE-2025-37738 at SUSE CVE-2025-37738 at NVD CVE-2025-37743 at SUSE CVE-2025-37743 at NVD CVE-2025-37752 at SUSE CVE-2025-37752 at NVD CVE-2025-37756 at SUSE CVE-2025-37756 at NVD CVE-2025-37757 at SUSE CVE-2025-37757 at NVD CVE-2025-37786 at SUSE CVE-2025-37786 at NVD CVE-2025-37800 at SUSE CVE-2025-37800 at NVD CVE-2025-37801 at SUSE CVE-2025-37801 at NVD CVE-2025-37811 at SUSE CVE-2025-37811 at NVD CVE-2025-37844 at SUSE CVE-2025-37844 at NVD CVE-2025-37859 at SUSE CVE-2025-37859 at NVD CVE-2025-37862 at SUSE CVE-2025-37862 at NVD CVE-2025-37865 at SUSE CVE-2025-37865 at NVD CVE-2025-37874 at SUSE CVE-2025-37874 at NVD CVE-2025-37884 at SUSE CVE-2025-37884 at NVD CVE-2025-37909 at SUSE CVE-2025-37909 at NVD CVE-2025-37917 at SUSE CVE-2025-37917 at NVD CVE-2025-37921 at SUSE CVE-2025-37921 at NVD CVE-2025-37923 at SUSE CVE-2025-37923 at NVD CVE-2025-37927 at SUSE CVE-2025-37927 at NVD CVE-2025-37933 at SUSE CVE-2025-37933 at NVD CVE-2025-37936 at SUSE CVE-2025-37936 at NVD CVE-2025-37938 at SUSE CVE-2025-37938 at NVD CVE-2025-37945 at SUSE CVE-2025-37945 at NVD CVE-2025-37946 at SUSE CVE-2025-37946 at NVD CVE-2025-37961 at SUSE CVE-2025-37961 at NVD CVE-2025-37967 at SUSE CVE-2025-37967 at NVD CVE-2025-37968 at SUSE CVE-2025-37968 at NVD CVE-2025-37973 at SUSE CVE-2025-37973 at NVD CVE-2025-37987 at SUSE CVE-2025-37987 at NVD CVE-2025-37992 at SUSE CVE-2025-37992 at NVD CVE-2025-37994 at SUSE CVE-2025-37994 at NVD CVE-2025-37995 at SUSE CVE-2025-37995 at NVD CVE-2025-37997 at SUSE CVE-2025-37997 at NVD CVE-2025-37998 at SUSE CVE-2025-37998 at NVD CVE-2025-38000 at SUSE CVE-2025-38000 at NVD CVE-2025-38001 at SUSE CVE-2025-38001 at NVD CVE-2025-38003 at SUSE CVE-2025-38003 at NVD CVE-2025-38004 at SUSE CVE-2025-38004 at NVD CVE-2025-38005 at SUSE CVE-2025-38005 at NVD CVE-2025-38007 at SUSE CVE-2025-38007 at NVD CVE-2025-38009 at SUSE CVE-2025-38009 at NVD CVE-2025-38010 at SUSE CVE-2025-38010 at NVD CVE-2025-38011 at SUSE CVE-2025-38011 at NVD CVE-2025-38013 at SUSE CVE-2025-38013 at NVD CVE-2025-38014 at SUSE CVE-2025-38014 at NVD CVE-2025-38015 at SUSE CVE-2025-38015 at NVD CVE-2025-38018 at SUSE CVE-2025-38018 at NVD CVE-2025-38020 at SUSE CVE-2025-38020 at NVD CVE-2025-38022 at SUSE CVE-2025-38022 at NVD CVE-2025-38023 at SUSE CVE-2025-38023 at NVD CVE-2025-38024 at SUSE CVE-2025-38024 at NVD CVE-2025-38027 at SUSE CVE-2025-38027 at NVD CVE-2025-38031 at SUSE CVE-2025-38031 at NVD CVE-2025-38040 at SUSE CVE-2025-38040 at NVD CVE-2025-38043 at SUSE CVE-2025-38043 at NVD CVE-2025-38044 at SUSE CVE-2025-38044 at NVD CVE-2025-38045 at SUSE CVE-2025-38045 at NVD CVE-2025-38053 at SUSE CVE-2025-38053 at NVD CVE-2025-38057 at SUSE CVE-2025-38057 at NVD CVE-2025-38059 at SUSE CVE-2025-38059 at NVD CVE-2025-38060 at SUSE CVE-2025-38060 at NVD CVE-2025-38065 at SUSE CVE-2025-38065 at NVD CVE-2025-38068 at SUSE CVE-2025-38068 at NVD CVE-2025-38072 at SUSE CVE-2025-38072 at NVD CVE-2025-38077 at SUSE CVE-2025-38077 at NVD CVE-2025-38078 at SUSE CVE-2025-38078 at NVD CVE-2025-38079 at SUSE CVE-2025-38079 at NVD CVE-2025-38080 at SUSE CVE-2025-38080 at NVD CVE-2025-38081 at SUSE CVE-2025-38081 at NVD CVE-2025-38083 at SUSE CVE-2025-38083 at NVD cpe:/o:opensuse:leap:15.6 Recommended update for gpg2 (Low) openSUSE Leap 15.6 This update for gpg2 fixes the following issues: - CVE-2025-30258: Fixed DoS due to a malicious subkey in the keyring (bsc#1239119). Other bugfixes: - Do not install expired sks certificate (bsc#1243069). - gpg hangs when importing a key (bsc#1236931). Low SUSE bug 1236931 SUSE bug 1239119 SUSE bug 1239817 CVE-2025-30258 at SUSE CVE-2025-30258 at NVD cpe:/o:opensuse:leap:15.6 Security update for docker-stable (Moderate) openSUSE Leap 15.6 This update for docker-stable fixes the following issues: - CVE-2024-29018: Fixed external DNS request handling from 'internal' networks that could have led to data exfiltration (bsc#1234089). - CVE-2024-23650: Fixed possibile BuildKit daemon crash via malicious BuildKit client or frontend request (bsc#1219437). Moderate SUSE bug 1219437 SUSE bug 1234089 CVE-2024-23650 at SUSE CVE-2024-23650 at NVD CVE-2024-23653 at SUSE CVE-2024-23653 at NVD CVE-2024-29018 at SUSE CVE-2024-29018 at NVD CVE-2024-41110 at SUSE CVE-2024-41110 at NVD cpe:/o:opensuse:leap:15.6 Security update for tomcat10 (Important) openSUSE Leap 15.6 This update for tomcat10 fixes the following issues: - Fixed refactor CGI servlet to access resources via WebResources (bsc#1243815). - Fixed limits the total number of parts in a multi-part request and limits the size of the headers provided with each part (bsc#1244656). - Fixed expand checks for webAppMount (bsc#1244649). - Hardening permissions (bsc#1242722) Update to Tomcat 10.1.42: * Fixed CVEs: + CVE-2025-46701: refactor CGI servlet to access resources via WebResources (bsc#1243815) + CVE-2025-48988: limits the total number of parts in a multi-part request and limits the size of the headers provided with each part (bsc#1244656) + CVE-2025-49125: Expand checks for webAppMount (bsc#1244649) * Catalina: + Add: Support for the java:module namespace which mirrors the java:comp namespace. + Add: Support parsing of multiple path parameters separated by ; in a single URL segment. Based on pull request #860 by Chenjp. + Add: Support for limiting the number of parameters in HTTP requests through the new ParameterLimitValve. The valve allows configurable URL-specific limits on the number of parameters. + Fix: 69699: Encode redirect URL used by the rewrite valve with the session id if appropriate, and handle cross context with different session configuration when using rewrite. + Add: #863: Support for comments at the end of lines in text rewrite map files to align behaviour with Apache httpd. Pull request provided by Chenjp. + Fix: 69706: Saved request serialization issue in FORM introduced when allowing infinite session timeouts. + Fix: Expand the path checks for Pre-Resources and Post-Resources mounted at a path within the web application. + Fix: Use of SSS in SimpleDateFormat pattern for AccessLogValve. + Fix: Process possible path parameters rewrite production in the rewrite valve. + Fix: 69588: Enable allowLinking to be set on PreResources, JarResources and PostResources. If not set explicitly, the setting will be inherited from the Resources. + Add: 69633: Support for Filters using context root mappings. + Fix: 69643: Optimize directory listing for large amount of files. Patch submitted by Loic de l'Eprevier. + Fix: #843: Off by one validation logic for partial PUT ranges and associated test case. Submitted by Chenjp. + Refactor: Replace the unused buffer in org.apache.catalina.connector.InputBuffer with a static, zero length buffer. + Refactor: GCI servlet to access resources via the WebResource API. + Fix: 69662: Report name in exception message when a naming lookup failure occurs. Based on code submitted by Donald Smith. + Fix: Ensure that the FORM authentication attribute authenticationSessionTimeout works correctly when sessions have an infinite timeout when authentication starts. + Add: Provide a content type based on file extension when web application resources are accessed via a URL. * Coyote + Refactor: #861: TaskQueue to use the new interface RetryableQueue which enables better integration of custom Executors which provide their own BlockingQueue implementation. Pull request provided by Paulo Almeida. + Add: Finer grained control of multi-part request processing via two new attributes on the Connector element. maxPartCount limits the total number of parts in a multi-part request and maxPartHeaderSize limits the size of the headers provided with each part. Add support for these new attributes to the ParameterLimitValve. + Refactor: The SavedRequestInputFilter so the buffered data is used directly rather than copied. * Jasper: + Fix: 69696: Mark the JSP wrapper for reload after a failed compilation. + Fix: 69635: Add support to jakarta.el.ImportHandler for resolving inner classes. + Add: #842: Support for optimized execution of c:set and c:remove tags, when activated via JSP servlet param useNonstandardTagOptimizations. + Fix: An edge case compilation bug for JSP and tag files on case insensitive file systems that was exposed by the test case for 69635. * Web applications: + Fix: 69694: Improve error reporting of deployment tasks done using the manager webapp when a copy operation fails. + Add: 68876: Documentation. Update the UML diagrams for server start-up, request processing and authentication using PlantUML and include the source files for each diagram. * Other: + Add: Thread name to webappClassLoader.stackTraceRequestThread message. Patch provided by Felix Zhang. + Update: Tomcat Native to 2.0.9. + Update: The internal fork of Apache Commons FileUpload to 1.6.0-RC1 (2025-06-05). + Update: EasyMock to 5.6.0. + Update: Checkstyle to 10.25.0. + Fix: Use the full path when the installer for Windows sets calls icacls.exe to set file permissions. + Update: Improvements to Japanese translations provided by tak7iji. + Fix: Set sun.io.useCanonCaches in service.bat Based on pull request #841 by Paul Lodge. + Update: Jacoco to 0.8.13. + Code: Explicitly set the locale to be used for Javadoc. For official releases, this locale will be English (US) to support reproducible builds. + Update: Byte Buddy to 1.17.5. + Update: Checkstyle to 10.23.1. + Update: File extension to media type mappings to align with the current list used by the Apache Web Server (httpd). + Update: Improvements to French translations. + Update: Improvements to Japanese translations provided by tak7iji. Important SUSE bug 1242722 SUSE bug 1243815 SUSE bug 1244649 SUSE bug 1244656 CVE-2025-46701 at SUSE CVE-2025-46701 at NVD CVE-2025-48988 at SUSE CVE-2025-48988 at NVD CVE-2025-49125 at SUSE CVE-2025-49125 at NVD cpe:/o:opensuse:leap:15.6 Security update for libxml2 (Important) openSUSE Leap 15.6 This update for libxml2 fixes the following issues: - CVE-2025-49794: Fixed a heap use after free which could lead to denial of service. (bsc#1244554) - CVE-2025-49796: Fixed type confusion which could lead to denial of service. (bsc#1244557) - CVE-2025-6170: Fixed a stack buffer overflow which could lead to a crash. (bsc#1244700) - CVE-2025-6021: Fixed an integer overflow in xmlBuildQName() which could lead to stack buffer overflow. (bsc#1244590) Important SUSE bug 1244554 SUSE bug 1244557 SUSE bug 1244590 SUSE bug 1244700 CVE-2025-49794 at SUSE CVE-2025-49794 at NVD CVE-2025-49796 at SUSE CVE-2025-49796 at NVD CVE-2025-6021 at SUSE CVE-2025-6021 at NVD CVE-2025-6170 at SUSE CVE-2025-6170 at NVD cpe:/o:opensuse:leap:15.6 Security update for libsoup (Low) openSUSE Leap 15.6 This update for libsoup fixes the following issues: - CVE-2025-4945: Add value checks for date/time parsing (bsc#1243314). Low SUSE bug 1243314 CVE-2025-4945 at SUSE CVE-2025-4945 at NVD cpe:/o:opensuse:leap:15.6 Security update for libsoup2 (Low) openSUSE Leap 15.6 This update for libsoup2 fixes the following issues: - CVE-2025-4945: Add value checks for date/time parsing (bsc#1243314). Low SUSE bug 1243314 CVE-2025-4945 at SUSE CVE-2025-4945 at NVD cpe:/o:opensuse:leap:15.6 Security update for tomcat (Important) openSUSE Leap 15.6 This update for tomcat fixes the following issues: - CVE-2025-46701: Fixed refactor CGI servlet to access resources via WebResources (bsc#1243815). - CVE-2025-48988: Fixed limits the total number of parts in a multi-part request and limits the size of the headers provided with each part (bsc#1244656). - CVE-2025-49125: Fixed expand checks for webAppMount (bsc#1244649). Other bugfixes: - Made permissions more secure (bsc#1242722) Important SUSE bug 1242722 SUSE bug 1243815 SUSE bug 1244649 SUSE bug 1244656 CVE-2025-46701 at SUSE CVE-2025-46701 at NVD CVE-2025-48988 at SUSE CVE-2025-48988 at NVD CVE-2025-49125 at SUSE CVE-2025-49125 at NVD cpe:/o:opensuse:leap:15.6 Security update for umoci (Moderate) openSUSE Leap 15.6 This update for umoci fixes the following issues: Update to umoci v0.5.0. Upstream changelog is available from <https://github.com/opencontainers/umoci/releases/tag/v0.5.0> bsc#1243388 A security flaw was found in the OCI image-spec, where it is possible to cause a blob with one media-type to be interpreted as a different media-type. As umoci is not a registry nor does it handle signatures, this vulnerability had no real impact on umoci but for safety we implemented the now-recommended media-type embedding and verification. CVE-2021-41190 Other changes in this release: * Several large reworks and API-related changes to the umoci's overlayfs support. This is only available to Go API users. * The runtime-spec config.json generated by umoci is updated to be more modern and work properly with modern runc versions. * The default gzip compression blocksize has been adjusted to match Docker. * zstd-compressed images are now fully supported. Users can explcitily request the compression algorithm for newly-generated layers with the --compress option. Moderate SUSE bug 1243388 CVE-2021-41190 at SUSE CVE-2021-41190 at NVD cpe:/o:opensuse:leap:15.6 Security update for docker (Moderate) openSUSE Leap 15.6 This update for docker fixes the following issues: Update to Docker 28.2.2-ce (bsc#1243833, bsc#1242114): - CVE-2025-0495: Fixed credential leakage to telemetry endpoints when credentials allowed to be set as attribute values in cache-to/cache-from configuration.(bsc#1239765) - CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction (bsc#1241830). Other fixes: - Update to docker-buildx v0.22.0. - Always clear SUSEConnect suse_* secrets when starting containers (bsc#1244035). - Disable transparent SUSEConnect support for SLE-16. (jsc#PED-12534) - Now that the only blocker for docker-buildx support was removed for SLE-16, enable docker-buildx for SLE-16 as well. (jsc#PED-8905) - SUSEConnect secrets fails in SLES rootless docker containers (bsc#1240150). Moderate SUSE bug 1239765 SUSE bug 1240150 SUSE bug 1241830 SUSE bug 1242114 SUSE bug 1243833 SUSE bug 1244035 CVE-2025-0495 at SUSE CVE-2025-0495 at NVD CVE-2025-22872 at SUSE CVE-2025-22872 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.24 (Important) openSUSE Leap 15.6 This update for go1.24 fixes the following issues: - Update to version go1.24.5 - CVE-2025-4674: Fixed potential command execution in untrusted VCS repositories. (bsc#1246118) Important SUSE bug 1236217 SUSE bug 1246118 CVE-2025-4674 at SUSE CVE-2025-4674 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.23 (Important) openSUSE Leap 15.6 This update for go1.23 fixes the following issues: - Update to version go1.23.11 - CVE-2025-4674: Fixed potential command execution in untrusted VCS repositories. (bsc#1246118) Important SUSE bug 1229122 SUSE bug 1246118 CVE-2025-4674 at SUSE CVE-2025-4674 at NVD cpe:/o:opensuse:leap:15.6 Security update for gstreamer-plugins-base (Moderate) openSUSE Leap 15.6 This update for gstreamer-plugins-base fixes the following issues: - CVE-2025-47808: Fixed NULL-pointer dereference in TMPlayer subtitle parser (bsc#1244404). - CVE-2025-47807: Fixed NULL-pointer dereference in SubRip subtitle parser (bsc#1244403). - CVE-2025-47806: Fixed stack buffer overflow in SubRip subtitle parser (bsc#1244407). Moderate SUSE bug 1244403 SUSE bug 1244404 SUSE bug 1244407 CVE-2025-47806 at SUSE CVE-2025-47806 at NVD CVE-2025-47807 at SUSE CVE-2025-47807 at NVD CVE-2025-47808 at SUSE CVE-2025-47808 at NVD cpe:/o:opensuse:leap:15.6 Security update for protobuf (Moderate) openSUSE Leap 15.6 This update for protobuf fixes the following issues: - CVE-2025-4565: Fix parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or messages that can lead to crash due to RecursionError (bsc#1244663). Moderate SUSE bug 1244663 CVE-2025-4565 at SUSE CVE-2025-4565 at NVD cpe:/o:opensuse:leap:15.6 Security update for libxml2 (Important) openSUSE Leap 15.6 This update for libxml2 fixes the following issues: - CVE-2025-49794: Fixed a heap use after free which could lead to denial of service. (bsc#1244554) - CVE-2025-49796: Fixed type confusion which could lead to denial of service. (bsc#1244557) - CVE-2025-49795: Fixed a null pointer dereference which could lead to denial of service. (bsc#1244555) - CVE-2025-6170: Fixed a stack buffer overflow which could lead to a crash. (bsc#1244700) - CVE-2025-6021: Fixed an integer overflow in xmlBuildQName() which could lead to stack buffer overflow. (bsc#1244590) Important SUSE bug 1244554 SUSE bug 1244555 SUSE bug 1244557 SUSE bug 1244590 SUSE bug 1244700 CVE-2025-49794 at SUSE CVE-2025-49794 at NVD CVE-2025-49795 at SUSE CVE-2025-49795 at NVD CVE-2025-49796 at SUSE CVE-2025-49796 at NVD CVE-2025-6021 at SUSE CVE-2025-6021 at NVD CVE-2025-6170 at SUSE CVE-2025-6170 at NVD cpe:/o:opensuse:leap:15.6 Security update for xen (Important) openSUSE Leap 15.6 This update for xen fixes the following issues: - CVE-2024-36350, CVE-2024-36357: More AMD transient execution attacks (bsc#1246112, XSA-471) - CVE-2025-27465: Incorrect stubs exception handling for flags recovery (bsc#1244644, XSA-470) Important SUSE bug 1238896 SUSE bug 1244644 SUSE bug 1246112 CVE-2024-36350 at SUSE CVE-2024-36350 at NVD CVE-2024-36357 at SUSE CVE-2024-36357 at NVD CVE-2025-27465 at SUSE CVE-2025-27465 at NVD cpe:/o:opensuse:leap:15.6 Security update for poppler (Important) openSUSE Leap 15.6 This update for poppler fixes the following issues: - CVE-2025-52886: Fixed an integer overflow that can lead to a use-after-free. (bsc#1245625) Important SUSE bug 1245625 CVE-2025-52886 at SUSE CVE-2025-52886 at NVD cpe:/o:opensuse:leap:15.6 Security update for erlang26 (Moderate) openSUSE Leap 15.6 This update for erlang26 fixes the following issues: - CVE-2025-4748: Fixed improper limitation of a pathname to a restricted directory vulnerability in Erlang OTP (stdlib modules) that allowed absolute path traversal (bsc#1244642) Moderate SUSE bug 1244642 CVE-2025-4748 at SUSE CVE-2025-4748 at NVD cpe:/o:opensuse:leap:15.6 Security update for erlang (Moderate) openSUSE Leap 15.6 This update for erlang fixes the following issues: - CVE-2025-4748: Fixed improper limitation of a pathname to a restricted directory vulnerability in Erlang OTP (stdlib modules) that allowed absolute path traversal (bsc#1244642) Moderate SUSE bug 1244642 CVE-2025-4748 at SUSE CVE-2025-4748 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52888: media: mediatek: vcodec: Only free buffer VA that is not NULL (bsc#1228557). - CVE-2024-49568: net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg (bsc#1235728). - CVE-2024-57982: xfrm: state: fix out-of-bounds read during lookup (bsc#1237913). - CVE-2024-58053: rxrpc: Fix handling of received connection abort (bsc#1238982). - CVE-2025-21720: xfrm: delete intermediate secpath entry in packet offload mode (bsc#1238859). - CVE-2025-21868: kABI workaround for adding an header (bsc#1240180). - CVE-2025-21898: ftrace: Avoid potential division by zero in function_stat_show() (bsc#1240610). - CVE-2025-21899: tracing: Fix bad hist from corrupting named_triggers list (bsc#1240577). - CVE-2025-21920: vlan: enforce underlying device type (bsc#1240686). - CVE-2025-21938: mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr (bsc#1240723). - CVE-2025-21959: netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() (bsc#1240814). - CVE-2025-21997: xsk: fix an integer overflow in xp_create_and_assign_umem() (bsc#1240823). - CVE-2025-22035: tracing: Fix use-after-free in print_graph_function_flags during tracer switching (bsc#1241544). - CVE-2025-22111: kABI fix for net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF (bsc#1241572). - CVE-2025-22113: ext4: define ext4_journal_destroy wrapper (bsc#1241617). - CVE-2025-23155: net: stmmac: Fix accessing freed irq affinity_hint (bsc#1242573). - CVE-2025-37738: ext4: ignore xattrs past end (bsc#1242846). - CVE-2025-37743: wifi: ath12k: Avoid memory leak while enabling statistics (bsc#1242163). - CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504). - CVE-2025-37756: net: tls: explicitly disallow disconnect (bsc#1242515). - CVE-2025-37757: tipc: fix memory leak in tipc_link_xmit (bsc#1242521). - CVE-2025-37786: net: dsa: free routing table on probe failure (bsc#1242725). - CVE-2025-37800: driver core: fix potential NULL pointer dereference in dev_uevent() (bsc#1242849). - CVE-2025-37801: spi: spi-imx: Add check for spi_imx_setupxfer() (bsc#1242850). - CVE-2025-37811: usb: chipidea: ci_hdrc_imx: fix usbmisc handling (bsc#1242907). - CVE-2025-37844: cifs: avoid NULL pointer dereference in dbg call (bsc#1242946). - CVE-2025-37859: page_pool: avoid infinite loop to schedule delayed worker (bsc#1243051). - CVE-2025-37862: HID: pidff: Fix null pointer dereference in pidff_find_fields (bsc#1242982). - CVE-2025-37865: net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported (bsc#1242954). - CVE-2025-37874: net: ngbe: fix memory leak in ngbe_probe() error path (bsc#1242940). - CVE-2025-37884: bpf: Fix deadlock between rcu_tasks_trace and event_mutex (bsc#1243060). - CVE-2025-37909: net: lan743x: Fix memleak issue when GSO enabled (bsc#1243467). - CVE-2025-37917: net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll (bsc#1243475). - CVE-2025-37921: vxlan: vnifilter: Fix unlocked deletion of default FDB entry (bsc#1243480). - CVE-2025-37923: tracing: Fix oob write in trace_seq_to_buffer() (bsc#1243551). - CVE-2025-37927: iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid (bsc#1243620). - CVE-2025-37933: octeon_ep: Fix host hang issue during device reboot (bsc#1243628). - CVE-2025-37936: perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value (bsc#1243537). - CVE-2025-37938: tracing: Verify event formats that have '%*p..' (bsc#1243544). - CVE-2025-37945: net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY (bsc#1243538). - CVE-2025-37961: ipvs: fix uninit-value for saddr in do_output_route4 (bsc#1243523). - CVE-2025-37967: usb: typec: ucsi: displayport: Fix deadlock (bsc#1243572). - CVE-2025-37968: iio: light: opt3001: fix deadlock due to concurrent flag access (bsc#1243571). - CVE-2025-37987: pds_core: Prevent possible adminq overflow/stuck condition (bsc#1243542). - CVE-2025-37992: net_sched: Flush gso_skb list too during ->change() (bsc#1243698). - CVE-2025-37995: module: ensure that kobject_put() is safe for module type kobjects (bsc#1243827). - CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832). - CVE-2025-37998: openvswitch: Fix unsafe attribute parsing in output_userspace() (bsc#1243836). - CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277). - CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234). - CVE-2025-38011: drm/amdgpu: csa unmap use uninterruptible lock (bsc#1244729). - CVE-2025-38018: net/tls: fix kernel panic when alloc_page failed (bsc#1244999). - CVE-2025-38053: idpf: fix null-ptr-deref in idpf_features_check (bsc#1244746). - CVE-2025-38057: espintcp: fix skb leaks (bsc#1244862). - CVE-2025-38060: bpf: abort verification if env->cur_state->loop_entry != NULL (bsc#1245155). - CVE-2025-38072: libnvdimm/labels: Fix divide error in nd_label_data_init() (bsc#1244743). The following non-security bugs were fixed: - ACPI: CPPC: Fix NULL pointer dereference when nosmp is used (git-fixes). - ACPI: HED: Always initialize before evged (stable-fixes). - ACPI: OSI: Stop advertising support for '3.0 _SCP Extensions' (git-fixes). - ACPI: PNP: Add Intel OC Watchdog IDs to non-PNP device list (stable-fixes). - ACPI: battery: negate current when discharging (stable-fixes). - ACPI: bus: Bail out if acpi_kobj registration fails (stable-fixes). - ACPICA: Avoid sequence overread in call to strncmp() (stable-fixes). - ACPICA: Utilities: Fix spelling mistake 'Incremement' -> 'Increment' (git-fixes). - ACPICA: exserial: do not forget to handle FFixedHW opregions for reading (git-fixes). - ACPICA: fix acpi operand cache leak in dswstate.c (stable-fixes). - ACPICA: fix acpi parse and parseext cache leaks (stable-fixes). - ACPICA: utilities: Fix overflow check in vsnprintf() (stable-fixes). - ALSA: hda/intel: Add Thinkpad E15 to PM deny list (stable-fixes). - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-df1xxx (stable-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14ASP10 (stable-fixes). - ALSA: hda/realtek: Enable PC beep passthrough for HP EliteBook 855 G7 (stable-fixes). - ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X507UAR (git-fixes). - ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X513EA (git-fixes). - ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged (stable-fixes). - ALSA: pcm: Fix race of buffer access at PCM OSS layer (stable-fixes). - ALSA: seq: Improve data consistency at polling (stable-fixes). - ALSA: usb-audio: Accept multiple protocols in GTBs (stable-fixes). - ALSA: usb-audio: Add Pioneer DJ DJM-V10 support (stable-fixes). - ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock (stable-fixes). - ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 (stable-fixes). - ALSA: usb-audio: Add name for HP Engage Go dock (stable-fixes). - ALSA: usb-audio: Check shutdown at endpoint_set_interface() (stable-fixes). - ALSA: usb-audio: Fix NULL pointer deref in snd_usb_power_domain_set() (git-fixes). - ALSA: usb-audio: Fix duplicated name in MIDI substream names (stable-fixes). - ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() (git-fixes). - ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound card (stable-fixes). - ALSA: usb-audio: Rename Pioneer mixer channel controls (git-fixes). - ALSA: usb-audio: Set MIDI1 flag appropriately for GTB MIDI 1.0 entry (stable-fixes). - ALSA: usb-audio: Skip setting clock selector for single connections (stable-fixes). - ALSA: usb-audio: Support multiple control interfaces (stable-fixes). - ALSA: usb-audio: Support read-only clock selector control (stable-fixes). - ALSA: usb-audio: enable support for Presonus Studio 1824c within 1810c file (stable-fixes). - ALSA: usb-audio: mixer: Remove temporary string use in parse_clock_source_unit (stable-fixes). - ASoC: Intel: avs: Fix deadlock when the failing IPC is SET_D0IX (git-fixes). - ASoC: Intel: avs: Verify content returned by parse_int_array() (git-fixes). - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Acer Aspire SW3-013 (stable-fixes). - ASoC: SOF: ipc4-pcm: Adjust pipeline_list->pipelines allocation type (git-fixes). - ASoC: amd: yc: Add quirk for Lenovo Yoga Pro 7 14ASP9 (stable-fixes). - ASoC: apple: mca: Constrain channels according to TDM mask (git-fixes). - ASoC: codecs: hda: Fix RPM usage count underflow (git-fixes). - ASoC: codecs: pcm3168a: Allow for 24-bit in provider mode (stable-fixes). - ASoC: imx-card: Adjust over allocation of memory in imx_card_parse_of() (stable-fixes). - ASoC: mediatek: mt6359: Add stub for mt6359_accdet_enable_jack_detect (stable-fixes). - ASoC: mediatek: mt8188: Add reference for dmic clocks (stable-fixes). - ASoC: mediatek: mt8188: Treat DMIC_GAINx_CUR as non-volatile (stable-fixes). - ASoC: meson: meson-card-utils: use of_property_present() for DT parsing (git-fixes). - ASoC: ops: Enforce platform maximum on initial value (stable-fixes). - ASoC: qcom: sdm845: Add error handling in sdm845_slim_snd_hw_params() (git-fixes). - ASoC: qcom: sm8250: explicitly set format in sm8250_be_hw_params_fixup() (stable-fixes). - ASoC: rt722-sdca: Add some missing readable registers (stable-fixes). - ASoC: soc-dai: check return value at snd_soc_dai_set_tdm_slot() (stable-fixes). - ASoC: sun4i-codec: support hp-det-gpios property (stable-fixes). - ASoC: tas2764: Add reg defaults for TAS2764_INT_CLK_CFG (stable-fixes). - ASoC: tas2764: Enable main IRQs (git-fixes). - ASoC: tas2764: Mark SW_RESET as volatile (stable-fixes). - ASoC: tas2764: Power up/down amp on mute ops (stable-fixes). - ASoC: tas2764: Reinit cache on part reset (git-fixes). - ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change (stable-fixes). - ASoC: tegra210_ahub: Add check to of_device_get_match_data() (stable-fixes). - Bluetooth: Fix NULL pointer deference on eir_get_service_data (git-fixes). - Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION (git-fixes). - Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete (git-fixes). - Bluetooth: MGMT: Fix sparse errors (git-fixes). - Bluetooth: MGMT: Remove unused mgmt_pending_find_data (stable-fixes). - Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach() (git-fixes). - Bluetooth: Remove pending ACL connection attempts (stable-fixes). - Bluetooth: hci_conn: Fix UAF Write in __hci_acl_create_connection_sync (git-fixes). - Bluetooth: hci_conn: Only do ACL connections sequentially (stable-fixes). - Bluetooth: hci_core: fix list_for_each_entry_rcu usage (git-fixes). - Bluetooth: hci_event: Fix not using key encryption size when its known (git-fixes). - Bluetooth: hci_qca: move the SoC type check to the right place (git-fixes). - Bluetooth: hci_sync: Fix UAF in hci_acl_create_conn_sync (git-fixes). - Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync (git-fixes). - Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance (git-fixes). - Documentation/rtla: Fix duplicate text about timerlat tracer (git-fixes). - Documentation/rtla: Fix typo in common_timerlat_description.rst (git-fixes). - Documentation/rtla: Fix typo in rtla-timerlat.rst (git-fixes). - Documentation: fix typo in root= kernel parameter description (git-fixes). - HID: lenovo: Restrict F7/9/11 mode to compact keyboards only (git-fixes). - HID: quirks: Add ADATA XPG alpha wireless mouse support (stable-fixes). - HID: usbkbd: Fix the bit shift number for LED_KANA (stable-fixes). - HID: wacom: fix kobject reference count leak (git-fixes). - HID: wacom: fix memory leak on kobject creation failure (git-fixes). - HID: wacom: fix memory leak on sysfs attribute creation failure (git-fixes). - Input: gpio-keys - fix possible concurrent access in gpio_keys_irq_timer() (git-fixes). - Input: ims-pcu - check record size in ims_pcu_flash_firmware() (git-fixes). - Input: sparcspkr - avoid unannotated fall-through (stable-fixes). - Input: xpad - add more controllers (stable-fixes). - KVM: powerpc: Enable commented out BUILD_BUG_ON() assertion (bsc#1215199). - KVM: s390: rename PROT_NONE to PROT_TYPE_DUMMY (git-fixes bsc#1245225). - Merge branch 'SLE15-SP6' (dee422c0c737) into 'SLE15-SP6-RT' - MyBS: Correctly generate build flags for non-multibuild package limit (bsc# 1244241) Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') - MyBS: Do not build kernel-obs-qa with limit_packages Fixes: 58e3f8c34b2b ('bs-upload-kernel: Pass limit_packages also on multibuild') - MyBS: Simplify qa_expr generation Start with a 0 which makes the expression valid even if there are no QA repositories (currently does not happen). Then separator is always needed. - NFC: nci: uart: Set tty->disc_data only in success path (git-fixes). - NFS: Do not allow waiting for exiting tasks (git-fixes). - NFSD: Insulate nfsd4_encode_read_plus() from page boundaries in the encode buffer (git-fixes). - NFSv4: Check for delegation validity in nfs_start_delegation_return_locked() (git-fixes). - NFSv4: Treat ENETUNREACH errors as fatal for state recovery (git-fixes). - No -rt specific changes this merge. - PCI/DPC: Initialize aer_err_info before using it (git-fixes). - PCI/DPC: Log Error Source ID only when valid (git-fixes). - PCI/DPC: Use defines with DPC reason fields (git-fixes). - PCI/MSI: Size device MSI domain with the maximum number of vectors (git-fixes). - PCI/PM: Set up runtime PM even for devices without PCI PM (git-fixes). - PCI: Explicitly put devices into D0 when initializing (git-fixes). - PCI: Fix lock symmetry in pci_slot_unlock() (git-fixes). - PCI: Fix old_size lower bound in calculate_iosize() too (stable-fixes). - PCI: apple: Set only available ports up (git-fixes). - PCI: apple: Use gpiod_set_value_cansleep in probe flow (git-fixes). - PCI: brcmstb: Add a softdep to MIP MSI-X driver (stable-fixes). - PCI: brcmstb: Expand inbound window size up to 64GB (stable-fixes). - PCI: cadence-ep: Correct PBA offset in .set_msix() callback (git-fixes). - PCI: cadence: Fix runtime atomic count underflow (git-fixes). - PCI: dw-rockchip: Fix PHY function call sequence in rockchip_pcie_phy_deinit() (git-fixes). - PCI: dw-rockchip: Remove PCIE_L0S_ENTRY check from rockchip_pcie_link_up() (git-fixes). - PCI: dwc: ep: Correct PBA offset in .set_msix() callback (git-fixes). - PCI: dwc: ep: Ensure proper iteration over outbound map windows (stable-fixes). - PCI: endpoint: Retain fixed-size BAR size as well as aligned size (git-fixes). - PCI: vmd: Disable MSI remapping bypass under Xen (stable-fixes). - PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() (stable-fixes). - PM: sleep: Fix power.is_suspended cleanup for direct-complete devices (git-fixes). - PM: sleep: Print PM debug messages during hibernation (git-fixes). - PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() (git-fixes). - RDMA/core: Fix best page size finding when it can cross SG entries (git-fixes) - RDMA/uverbs: Propagate errors from rdma_lookup_get_uobject() (git-fixes) - Remove compress-vmlinux.sh /usr/lib/rpm/brp-suse.d/brp-99-compress-vmlinux was added in pesign-obs-integration during SLE12 RC. This workaround can be removed. - Remove host-memcpy-hack.h This might have been usefult at some point but we have more things that depend on specific library versions today. - Remove try-disable-staging-driver The config for linux-next is autogenerated from master config, and defaults filled for missing options. This is unlikely to enable any staging driver in the first place. - Revert 'ALSA: usb-audio: Skip setting clock selector for single connections' (stable-fixes). - Revert 'arm64: dts: allwinner: h6: Use RSB for AXP805 PMIC (git-fixes) - Revert 'bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first' (stable-fixes). - Revert 'drm/amdgpu: do not allow userspace to create a doorbell BO' (stable-fixes). - Revert 'ipv6: save dontfrag in cork (git-fixes).' - Revert 'kABI: ipv6: save dontfrag in cork (git-fixes).' - Revert 'wifi: mt76: mt7996: fill txd by host driver' (stable-fixes). - SUNRPC: Do not allow waiting for exiting tasks (git-fixes). - SUNRPC: Prevent hang on NFS mount with xprtsec=[m]tls (git-fixes). - SUNRPC: rpc_clnt_set_transport() must not change the autobind setting (git-fixes). - SUNRPC: rpcbind should never reset the port to the value '0' (git-fixes). - USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB (stable-fixes). - VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify (git-fixes). - accel/qaic: Mask out SR-IOV PCI resources (stable-fixes). - acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio() (git-fixes). - add bug reference to existing hv_storvsc change (bsc#1245455). - arm64: dts: marvell: uDPU: define pinctrl state for alarm LEDs (git-fixes) - ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode (stable-fixes). - ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 (stable-fixes). - ath10k: snoc: fix unbalanced IRQ enable in crash recovery (git-fixes). - backlight: pm8941: Add NULL check in wled_configure() (git-fixes). - bnxt: properly flush XDP redirect lists (git-fixes). - bpf: Force uprobe bpf program to always return 0 (git-fixes). - bs-upload-kernel: Pass limit_packages also on multibuild Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') Fixes: 747f601d4156 ('bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)') - btrfs: fix fsync of files with no hard links not persisting deletion (git-fixes). - btrfs: fix invalid data space release when truncating block in NOCOW mode (git-fixes). - btrfs: fix qgroup reservation leak on failure to allocate ordered extent (git-fixes). - btrfs: fix wrong start offset for delalloc space release during mmap write (git-fixes). - btrfs: remove end_no_trans label from btrfs_log_inode_parent() (git-fixes). - btrfs: simplify condition for logging new dentries at btrfs_log_inode_parent() (git-fixes). - bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device (git-fixes). - bus: fsl-mc: fix GET/SET_TAILDROP command ids (git-fixes). - bus: fsl-mc: fix double-free on mc_dev (git-fixes). - bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value (stable-fixes). - bus: mhi: host: Fix conflict between power_up and SYSERR (git-fixes). - calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (git-fixes). - can: c_can: Use of_property_present() to test existence of DT property (stable-fixes). - can: tcan4x5x: fix power regulator retrieval during probe (git-fixes). - ceph: Fix incorrect flush end position calculation (git-fixes). - ceph: allocate sparse_ext map only for sparse reads (git-fixes). - ceph: fix memory leaks in __ceph_sync_read() (git-fixes). - cgroup/cpuset: Fix race between newly created partition and dying one (bsc#1241166). - clocksource: Fix brown-bag boolean thinko in (git-fixes) - clocksource: Make watchdog and suspend-timing multiplication (git-fixes) - crypto: lrw - Only add ecb if it is not already there (git-fixes). - crypto: lzo - Fix compression buffer overrun (stable-fixes). - crypto: marvell/cesa - Avoid empty transfer descriptor (git-fixes). - crypto: marvell/cesa - Do not chain submitted requests (git-fixes). - crypto: marvell/cesa - Handle zero-length skcipher requests (git-fixes). - crypto: octeontx2 - suppress auth failure screaming due to negative tests (stable-fixes). - crypto: qat - add shutdown handler to qat_420xx (git-fixes). - crypto: qat - add shutdown handler to qat_4xxx (git-fixes). - crypto: skcipher - Zap type in crypto_alloc_sync_skcipher (stable-fixes). - crypto: sun8i-ce - move fallback ahash_request to the end of the struct (git-fixes). - crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare() (git-fixes). - crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions (git-fixes). - crypto: xts - Only add ecb if it is not already there (git-fixes). - devlink: Fix referring to hw_addr attribute during state validation (git-fixes). - devlink: fix port dump cmd type (git-fixes). - dlm: mask sk_shutdown value (bsc#1228854). - dlm: use SHUT_RDWR for SCTP shutdown (bsc#1228854). - dmaengine: idxd: cdev: Fix uninitialized use of sva in idxd_cdev_open (stable-fixes). - dmaengine: ti: Add NULL check in udma_probe() (git-fixes). - drivers/rapidio/rio_cm.c: prevent possible heap overwrite (stable-fixes). - drm/amd/display/dm: drop hw_support check in amdgpu_dm_i2c_xfer() (stable-fixes). - drm/amd/display: Add null pointer check for get_first_active_display() (git-fixes). - drm/amd/display: Do not try AUX transactions on disconnected link (stable-fixes). - drm/amd/display: Fix incorrect DPCD configs while Replay/PSR switch (stable-fixes). - drm/amd/display: Guard against setting dispclk low for dcn31x (stable-fixes). - drm/amd/display: Increase block_sequence array size (stable-fixes). - drm/amd/display: Initial psr_version with correct setting (stable-fixes). - drm/amd/display: Skip checking FRL_MODE bit for PCON BW determination (stable-fixes). - drm/amd/display: Update CR AUX RD interval interpretation (stable-fixes). - drm/amd/display: fix link_set_dpms_off multi-display MST corner case (stable-fixes). - drm/amd/display: remove minimum Dispclk and apply oem panel timing (stable-fixes). - drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table (git-fixes). - drm/amdgpu: Do not program AGP BAR regs under SRIOV in gfxhub_v1_0.c (stable-fixes). - drm/amdgpu: Set snoop bit for SDMA for MI series (stable-fixes). - drm/amdgpu: Update SRIOV video codec caps (stable-fixes). - drm/amdgpu: enlarge the VBIOS binary size limit (stable-fixes). - drm/amdgpu: reset psp->cmd to NULL after releasing the buffer (stable-fixes). - drm/amdgpu: switch job hw_fence to amdgpu_fence (git-fixes). - drm/amdkfd: KFD release_work possible circular locking (stable-fixes). - drm/amdkfd: Set per-process flags only once cik/vi (stable-fixes). - drm/ast: Find VBIOS mode from regular display size (stable-fixes). - drm/ast: Fix comment on modeset lock (git-fixes). - drm/atomic: clarify the rules around drm_atomic_state->allow_modeset (stable-fixes). - drm/bridge: cdns-dsi: Check return value when getting default PHY config (git-fixes). - drm/bridge: cdns-dsi: Fix connecting to next bridge (git-fixes). - drm/bridge: cdns-dsi: Fix phy de-init and flag it so (git-fixes). - drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() (git-fixes). - drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready (git-fixes). - drm/bridge: lt9611uxc: Fix an error handling path in lt9611uxc_probe() (git-fixes). - drm/etnaviv: Protect the scheduler's pending list with its lock (git-fixes). - drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1 (git-fixes). - drm/i915/pmu: Fix build error with GCOV and AutoFDO enabled (git-fixes). - drm/i915: fix build error some more (git-fixes). - drm/mediatek: Fix kobject put for component sub-drivers (git-fixes). - drm/mediatek: mtk_dpi: Add checks for reg_h_fre_con existence (stable-fixes). - drm/mediatek: mtk_drm_drv: Fix kobject put for mtk_mutex device ptr (git-fixes). - drm/mediatek: mtk_drm_drv: Unbind secondary mmsys components on err (git-fixes). - drm/msm/disp: Correct porch timing for SDM845 (git-fixes). - drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate (git-fixes). - drm/msm/gpu: Fix crash when throttling GPU immediately during boot (git-fixes). - drm/nouveau/bl: increase buffer size to avoid truncate warning (git-fixes). - drm/panel-edp: Add Starry 116KHD024006 (stable-fixes). - drm/panel: samsung-sofef00: Drop s6e3fc2x01 support (git-fixes). - drm/rockchip: vop2: Add uv swap for cluster window (stable-fixes). - drm/ssd130x: fix ssd132x_clear_screen() columns (git-fixes). - drm/tegra: Assign plane type before registration (git-fixes). - drm/tegra: Fix a possible null pointer dereference (git-fixes). - drm/tegra: rgb: Fix the unbound reference count (git-fixes). - drm/udl: Unregister device before cleaning up on disconnect (git-fixes). - drm/v3d: Add clock handling (stable-fixes). - drm/vc4: tests: Use return instead of assert (git-fixes). - drm/vkms: Adjust vkms_state->active_planes allocation type (git-fixes). - drm/vmwgfx: Add seqno waiter for sync_files (git-fixes). - drm: Add valid clones check (stable-fixes). - drm: bridge: adv7511: fill stream capabilities (stable-fixes). - drm: rcar-du: Fix memory leak in rcar_du_vsps_init() (git-fixes). - e1000e: set fixed clock frequency indication for Nahum 11 and Nahum 13 (git-fixes). - fbcon: Make sure modelist not set on unregistered console (stable-fixes). - fbcon: Use correct erase colour for clearing in fbcon (stable-fixes). - fbdev/efifb: Remove PM for parent device (bsc#1244261). - fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var (git-fixes). - fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var (git-fixes). - fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() (git-fixes). - fbdev: core: tileblit: Implement missing margin clearing for tileblit (stable-fixes). - fbdev: fsl-diu-fb: add missing device_remove_file() (stable-fixes). - fgraph: Still initialize idle shadow stacks when starting (git-fixes). - firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES (git-fixes). - firmware: arm_ffa: Reject higher major version as incompatible (stable-fixes). - firmware: arm_ffa: Set dma_mask for ffa devices (stable-fixes). - firmware: arm_scmi: Relax duplicate name constraint across protocol ids (stable-fixes). - firmware: psci: Fix refcount leak in psci_dt_init (git-fixes). - fpga: altera-cvp: Increase credit timeout (stable-fixes). - fs/nfs/read: fix double-unlock bug in nfs_return_empty_folio() (git-fixes). - gpio: mlxbf3: only get IRQ for device instance 0 (git-fixes). - gpio: pca953x: Simplify code with cleanup helpers (stable-fixes). - gpio: pca953x: Split pca953x_restore_context() and pca953x_save_context() (stable-fixes). - gpio: pca953x: fix IRQ storm on system wake up (git-fixes). - gpiolib: Revert 'Do not WARN on gpiod_put() for optional GPIO' (stable-fixes). - gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt (git-fixes). - gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO (git-fixes). - hwmon: (asus-ec-sensors) check sensor index in read_string() (git-fixes). - hwmon: (dell-smm) Increment the number of fans (stable-fixes). - hwmon: (ftsteutates) Fix TOCTOU race in fts_read() (git-fixes). - hwmon: (gpio-fan) Add missing mutex locks (stable-fixes). - hwmon: (nct6775): Actually make use of the HWMON_NCT6775 symbol namespace (git-fixes). - hwmon: (occ) Rework attribute registration for stack usage (git-fixes). - hwmon: (occ) fix unaligned accesses (git-fixes). - hwmon: (peci/dimmtemp) Do not provide fake thresholds data (git-fixes). - hwmon: (xgene-hwmon) use appropriate type for the latency value (stable-fixes). - hwmon: corsair-psu: add USB id of HX1200i Series 2023 psu (git-fixes). - i2c: designware: Invoke runtime suspend on quick slave re-registration (stable-fixes). - i2c: npcm: Add clock toggle recovery (stable-fixes). - i2c: pxa: fix call balance of i2c->clk handling routines (stable-fixes). - i2c: qup: Vote for interconnect bandwidth to DRAM (stable-fixes). - i2c: robotfuzz-osif: disable zero-length read messages (git-fixes). - i2c: tegra: check msg length in SMBUS block read (bsc#1242086) - i2c: tiny-usb: disable zero-length read messages (git-fixes). - i3c: master: svc: Fix implicit fallthrough in svc_i3c_master_ibi_work() (git-fixes). - i3c: master: svc: Fix missing STOP for master request (stable-fixes). - i3c: master: svc: Flush FIFO before sending Dynamic Address Assignment(DAA) (stable-fixes). - i40e: retry VFLR handling if there is ongoing VF reset (git-fixes). - i40e: return false from i40e_reset_vf if reset is in progress (git-fixes). - ice: Fix LACP bonds without SRIOV environment (git-fixes). - ice: create new Tx scheduler nodes for new queues only (git-fixes). - ice: fix Tx scheduler error handling in XDP callback (git-fixes). - ice: fix rebuilding the Tx scheduler tree for large queue counts (git-fixes). - ice: fix vf->num_mac count with port representors (git-fixes). - ieee802154: ca8210: Use proper setters and getters for bitwise types (stable-fixes). - iio: accel: fxls8962af: Fix temperature scan element sign (git-fixes). - iio: adc: ad7124: Fix 3dB filter frequency reading (git-fixes). - iio: adc: ad7606_spi: fix reg write value mask (git-fixes). - iio: filter: admv8818: Support frequencies >= 2^32 (git-fixes). - iio: filter: admv8818: fix band 4, state 15 (git-fixes). - iio: filter: admv8818: fix integer overflow (git-fixes). - iio: filter: admv8818: fix range calculation (git-fixes). - iio: imu: inv_icm42600: Fix temperature calculation (git-fixes). - ima: Suspend PCR extends and log appends when rebooting (bsc#1210025 ltc#196650). - ima: process_measurement() needlessly takes inode_lock() on MAY_READ (stable-fixes). - intel_th: avoid using deprecated page->mapping, index fields (stable-fixes). - iommu: Protect against overflow in iommu_pgsize() (git-fixes). - iommu: Skip PASID validation for devices without PASID capability (bsc#1244100) - iommu: Validate the PASID in iommu_attach_device_pasid() (bsc#1244100) - ip6mr: fix tables suspicious RCU usage (git-fixes). - ip_tunnel: annotate data-races around t->parms.link (git-fixes). - ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt() function (git-fixes). - ipmr: fix tables suspicious RCU usage (git-fixes). - ipv4: Convert ip_route_input() to dscp_t (git-fixes). - ipv4: Correct/silence an endian warning in __ip_do_redirect (git-fixes). - ipv6: save dontfrag in cork (git-fixes). - ipvs: Always clear ipvs_property flag in skb_scrub_packet() (git-fixes). - isolcpus: fix bug in returning number of allocated cpumask (bsc#1243774). - jffs2: check jffs2_prealloc_raw_node_refs() result in few other places (git-fixes). - jffs2: check that raw node were preallocated before writing summary (git-fixes). - kABI workaround for hda_codec.beep_just_power_on flag (git-fixes). - kABI: PCI: endpoint: Retain fixed-size BAR size as well as aligned size (git-fixes). - kABI: ipv6: save dontfrag in cork (git-fixes). - kABI: serial: mctrl_gpio: split disable_ms into sync and no_sync APIs (git-fixes). - kabi: restore layout of struct cgroup_subsys (bsc#1241166). - kabi: restore layout of struct mem_control (jsc#PED-12551). - kabi: restore layout of struct page_counter (jsc#PED-12551). - kernel-source: Remove log.sh from sources - leds: pwm-multicolor: Add check for fwnode_property_read_u32 (stable-fixes). - loop: add file_start_write() and file_end_write() (git-fixes). - mailbox: use error ret code of of_parse_phandle_with_args() (stable-fixes). - md/raid1,raid10: do not handle IO error for REQ_RAHEAD and REQ_NOWAIT (git-fixes). - media: adv7180: Disable test-pattern control on adv7180 (stable-fixes). - media: c8sectpfe: Call of_node_put(i2c_bus) only once in c8sectpfe_probe() (stable-fixes). - media: ccs-pll: Check for too high VT PLL multiplier in dual PLL case (git-fixes). - media: ccs-pll: Correct the upper limit of maximum op_pre_pll_clk_div (git-fixes). - media: ccs-pll: Start OP pre-PLL multiplier search from correct value (git-fixes). - media: ccs-pll: Start VT pre-PLL multiplier search from correct value (git-fixes). - media: cx231xx: set device_caps for 417 (stable-fixes). - media: cxusb: no longer judge rbuf when the write fails (git-fixes). - media: davinci: vpif: Fix memory leak in probe error path (git-fixes). - media: gspca: Add error handling for stv06xx_read_sensor() (git-fixes). - media: i2c: imx219: Correct the minimum vblanking value (stable-fixes). - media: imx-jpeg: Cleanup after an allocation error (git-fixes). - media: imx-jpeg: Drop the first error frames (git-fixes). - media: imx-jpeg: Move mxc_jpeg_free_slot_data() ahead (git-fixes). - media: imx-jpeg: Reset slot data pointers when freed (git-fixes). - media: nxp: imx8-isi: better handle the m2m usage_count (git-fixes). - media: omap3isp: use sgtable-based scatterlist wrappers (git-fixes). - media: ov5675: suppress probe deferral errors (git-fixes). - media: ov8856: suppress probe deferral errors (git-fixes). - media: qcom: camss: csid: Only add TPG v4l2 ctrl if TPG hardware is available (stable-fixes). - media: rkvdec: Fix frame size enumeration (git-fixes). - media: tc358746: improve calculation of the D-PHY timing registers (stable-fixes). - media: test-drivers: vivid: do not call schedule in loop (stable-fixes). - media: uvcvideo: Add sanity check to uvc_ioctl_xu_ctrl_map (stable-fixes). - media: uvcvideo: Fix deferred probing error (git-fixes). - media: uvcvideo: Handle uvc menu translation inside uvc_get_le_value (stable-fixes). - media: uvcvideo: Return the number of processed controls (git-fixes). - media: v4l2-dev: fix error handling in __video_register_device() (git-fixes). - media: v4l: Memset argument to 0 before calling get_mbus_config pad op (stable-fixes). - media: venus: Fix probe error handling (git-fixes). - media: videobuf2: use sgtable-based scatterlist wrappers (git-fixes). - media: vidtv: Terminating the subsequent process of initialization failure (git-fixes). - media: vivid: Change the siize of the composing (git-fixes). - mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() (git-fixes). - mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE (git-fixes). - mfd: tps65219: Remove TPS65219_REG_TI_DEV_ID check (stable-fixes). - mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337). - mm, memcg: cg2 memory{.swap,}.peak write handlers (jsc#PED-12551). - mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431). - mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245431). - mm/memcontrol: export memcg.swap watermark via sysfs for v2 memcg (jsc#PED-12551). - mmc: Add quirk to disable DDR50 tuning (stable-fixes). - mmc: dw_mmc: add exynos7870 DW MMC support (stable-fixes). - mmc: host: Wait for Vdd to settle on card power off (stable-fixes). - mmc: sdhci: Disable SD card clock before changing parameters (stable-fixes). - mtd: nand: ecc-mxic: Fix use of uninitialized variable ret (git-fixes). - mtd: nand: sunxi: Add randomizer configuration before randomizer enable (git-fixes). - mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk (git-fixes). - neighbour: Do not let neigh_forced_gc() disable preemption for long (git-fixes). - net/mdiobus: Fix potential out-of-bounds clause 45 read/write access (git-fixes). - net/mdiobus: Fix potential out-of-bounds read/write access (git-fixes). - net/mlx4_en: Prevent potential integer overflow calculating Hz (git-fixes). - net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid() (git-fixes). - net/mlx5: Ensure fw pages are always allocated on same NUMA (git-fixes). - net/mlx5: Fix ECVF vports unload on shutdown flow (git-fixes). - net/mlx5: Fix return value when searching for existing flow group (git-fixes). - net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr() (git-fixes). - net/mlx5e: Fix leak of Geneve TLV option object (git-fixes). - net/neighbor: clear error in case strict check is not set (git-fixes). - net/sched: fix use-after-free in taprio_dev_notifier (git-fixes). - net: Fix TOCTOU issue in sk_is_readable() (git-fixes). - net: Implement missing getsockopt(SO_TIMESTAMPING_NEW) (git-fixes). - net: add rcu safety to rtnl_prop_list_size() (git-fixes). - net: fix udp gso skb_segment after pull from frag_list (git-fixes). - net: give more chances to rcu in netdev_wait_allrefs_any() (git-fixes). - net: ice: Perform accurate aRFS flow match (git-fixes). - net: ipv4: fix a memleak in ip_setup_cork (git-fixes). - net: linkwatch: use system_unbound_wq (git-fixes). - net: mana: Add support for Multi Vports on Bare metal (bsc#1244229). - net: mana: Record doorbell physical address in PF mode (bsc#1244229). - net: page_pool: fix warning code (git-fixes). - net: phy: clear phydev->devlink when the link is deleted (git-fixes). - net: phy: fix up const issues in to_mdio_device() and to_phy_device() (git-fixes). - net: phy: move phy_link_change() prior to mdio_bus_phy_may_suspend() (bsc#1243538) - net: phy: mscc: Fix memory leak when using one step timestamping (git-fixes). - net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames (git-fixes). - net: sched: cls_u32: Fix allocation size in u32_init() (git-fixes). - net: sched: consistently use rcu_replace_pointer() in taprio_change() (git-fixes). - net: sched: em_text: fix possible memory leak in em_text_destroy() (git-fixes). - net: sched: fix erspan_opt settings in cls_flower (git-fixes). - net: usb: aqc111: debug info before sanitation (git-fixes). - net: usb: aqc111: fix error handling of usbnet read calls (git-fixes). - net: wwan: t7xx: Fix napi rx poll issue (git-fixes). - net_sched: ets: fix a race in ets_qdisc_change() (git-fixes). - net_sched: prio: fix a race in prio_tune() (git-fixes). - net_sched: red: fix a race in __red_change() (git-fixes). - net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312) - net_sched: sch_sfq: reject invalid perturb period (git-fixes). - net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504) - net_sched: tbf: fix a race in tbf_change() (git-fixes). - netdev-genl: Hold rcu_read_lock in napi_get (git-fixes). - netlink: fix potential sleeping issue in mqueue_flush_file (git-fixes). - netlink: specs: dpll: replace underscores with dashes in names (git-fixes). - netpoll: Use rcu_access_pointer() in __netpoll_setup (git-fixes). - netpoll: hold rcu read lock in __netpoll_send_skb() (git-fixes). - nfsd: Initialize ssc before laundromat_work to prevent NULL dereference (git-fixes). - nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request (git-fixes). - nfsd: validate the nfsd_serv pointer before calling svc_wake_up (git-fixes). - ntp: Clamp maxerror and esterror to operating range (git-fixes) - ntp: Remove invalid cast in time offset math (git-fixes) - ntp: Safeguard against time_constant overflow (git-fixes) - nvme-fc: do not reference lsrsp after failure (bsc#1245193). - nvme-pci: add NVME_QUIRK_NO_DEEPEST_PS quirk for SOLIDIGM P44 Pro (git-fixes). - nvme-pci: add quirks for WDC Blue SN550 15b7:5009 (git-fixes). - nvme-pci: add quirks for device 126f:1001 (git-fixes). - nvme: always punt polled uring_cmd end_io work to task_work (git-fixes). - nvme: fix command limits status code (git-fixes). - nvme: fix implicit bool to flags conversion (git-fixes). - nvmet-fc: free pending reqs on tgtport unregister (bsc#1245193). - nvmet-fc: take tgtport refs for portentry (bsc#1245193). - nvmet-fcloop: access fcpreq only when holding reqlock (bsc#1245193). - nvmet-fcloop: add missing fcloop_callback_host_done (bsc#1245193). - nvmet-fcloop: allocate/free fcloop_lsreq directly (bsc#1245193). - nvmet-fcloop: do not wait for lport cleanup (bsc#1245193). - nvmet-fcloop: drop response if targetport is gone (bsc#1245193). - nvmet-fcloop: prevent double port deletion (bsc#1245193). - nvmet-fcloop: refactor fcloop_delete_local_port (bsc#1245193). - nvmet-fcloop: refactor fcloop_nport_alloc and track lport (bsc#1245193). - nvmet-fcloop: remove nport from list on last user (bsc#1245193). - nvmet-fcloop: track ref counts for nports (bsc#1245193). - nvmet-fcloop: update refs on tfcp_req (bsc#1245193). - orangefs: Do not truncate file size (git-fixes). - pNFS/flexfiles: Report ENETDOWN as a connection error (git-fixes). - page_pool: Fix use-after-free in page_pool_recycle_in_ring (git-fixes). - phy: core: do not require set_mode() callback for phy_get_mode() to work (stable-fixes). - phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug (git-fixes). - phy: renesas: rcar-gen3-usb2: Add support to initialize the bus (stable-fixes). - phy: renesas: rcar-gen3-usb2: Assert PLL reset on PHY power off (git-fixes). - phy: renesas: rcar-gen3-usb2: Lock around hardware registers and driver data (git-fixes). - phy: renesas: rcar-gen3-usb2: Move IRQ request in probe (stable-fixes). - pinctrl-tegra: Restore SFSEL bit when freeing pins (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() (stable-fixes). - pinctrl: armada-37xx: set GPIO output value before setting direction (git-fixes). - pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 (git-fixes). - pinctrl: at91: Fix possible out-of-boundary access (git-fixes). - pinctrl: bcm281xx: Use 'unsigned int' instead of bare 'unsigned' (stable-fixes). - pinctrl: devicetree: do not goto err when probing hogs in pinctrl_dt_to_map (stable-fixes). - pinctrl: mcp23s08: Reset all pins to input at probe (stable-fixes). - pinctrl: meson: define the pull up/down resistor value as 60 kOhm (stable-fixes). - pinctrl: qcom: pinctrl-qcm2290: Add missing pins (git-fixes). - pinctrl: st: Drop unused st_gpio_bank() function (git-fixes). - pinctrl: tegra: Fix off by one in tegra_pinctrl_get_group() (git-fixes). - platform/x86/amd: pmc: Clear metrics table at start of cycle (git-fixes). - platform/x86/intel-uncore-freq: Fail module load when plat_info is NULL (git-fixes). - platform/x86: dell_rbu: Fix list usage (git-fixes). - platform/x86: dell_rbu: Stop overwriting data buffer (git-fixes). - platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys (git-fixes). - platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys (stable-fixes). - platform/x86: ideapad-laptop: use usleep_range() for EC polling (git-fixes). - platform/x86: thinkpad_acpi: Ignore battery threshold change event notification (stable-fixes). - platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS (git-fixes). - platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS (stable-fixes). - power: reset: at91-reset: Optimize at91_reset() (git-fixes). - power: supply: bq27xxx: Retrieve again when busy (stable-fixes). - power: supply: collie: Fix wakeup source leaks on device unbind (stable-fixes). - powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery (bsc#1215199). - powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (bsc#1244309 ltc#213790). - powerpc/pseries/msi: Avoid reading PCI device registers in reduced power states (bsc#1215199). - powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() (bsc#1244309 ltc#213790). - pstore: Change kmsg_bytes storage size to u32 (git-fixes). - ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() (git-fixes). - r8152: add vendor/device ID pair for Dell Alienware AW1022z (git-fixes). - regulator: ad5398: Add device tree support (stable-fixes). - regulator: max14577: Add error check for max14577_read_reg() (git-fixes). - regulator: max20086: Change enable gpio to optional (git-fixes). - regulator: max20086: Fix MAX200086 chip id (git-fixes). - regulator: max20086: Fix refcount leak in max20086_parse_regulators_dt() (git-fixes). - rpm/check-for-config-changes: add more to IGNORED_CONFIGS_RE Useful when someone tries (needs) to build the kernel with clang. - rpm/kernel-source.changes.old: Drop bogus bugzilla reference (bsc#1244725) - rpm: Stop using is_kotd_qa macro This macro is set by bs-upload-kernel, and a conditional in each spec file is used to determine when to build the spec file. This logic should not really be in the spec file. Previously this was done with package links and package meta for the individula links. However, the use of package links is rejected for packages in git based release projects (nothing to do with git actually, new policy). An alternative to package links is multibuild. However, for multibuild packages package meta cannot be used to set which spec file gets built. Use prjcon buildflags instead, and remove this conditional. Depends on bs-upload-kernel adding the build flag. - rtc: Fix offset calculation for .start_secs &lt; 0 (git-fixes). - rtc: Make rtc_time64_to_tm() support dates before 1970 (stable-fixes). - rtc: at91rm9200: drop unused module alias (git-fixes). - rtc: cmos: use spin_lock_irqsave in cmos_interrupt (git-fixes). - rtc: cpcap: drop unused module alias (git-fixes). - rtc: da9063: drop unused module alias (git-fixes). - rtc: ds1307: stop disabling alarms on probe (stable-fixes). - rtc: jz4740: drop unused module alias (git-fixes). - rtc: pm8xxx: drop unused module alias (git-fixes). - rtc: rv3032: fix EERD location (stable-fixes). - rtc: s3c: drop unused module alias (git-fixes). - rtc: sh: assign correct interrupts with DT (git-fixes). - rtc: stm32: drop unused module alias (git-fixes). - s390/pci: Allow re-add of a reserved but not yet removed device (bsc#1244145). - s390/pci: Fix __pcilg_mio_inuser() inline assembly (git-fixes bsc#1245226). - s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs (git-fixes bsc#1244145). - s390/pci: Fix potential double remove of hotplug slot (bsc#1244145). - s390/pci: Prevent self deletion in disable_slot() (bsc#1244145). - s390/pci: Remove redundant bus removal and disable from zpci_release_device() (bsc#1244145). - s390/pci: Serialize device addition and removal (bsc#1244145). - s390/pci: introduce lock to synchronize state of zpci_dev's (jsc#PED-10253 bsc#1244145). - s390/pci: remove hotplug slot when releasing the device (bsc#1244145). - s390/pci: rename lock member in struct zpci_dev (jsc#PED-10253 bsc#1244145). - s390/tty: Fix a potential memory leak bug (git-fixes bsc#1245228). - scsi: dc395x: Remove DEBUG conditional compilation (git-fixes). - scsi: dc395x: Remove leftover if statement in reselect() (git-fixes). - scsi: elx: efct: Fix memory leak in efct_hw_parse_filter() (git-fixes). - scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk (git-fixes). - scsi: iscsi: Fix incorrect error path labels for flashnode operations (git-fixes). - scsi: mpi3mr: Add level check to control event logging (git-fixes). - scsi: mpt3sas: Send a diag reset if target reset fails (git-fixes). - scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops (git-fixes). - scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer (git-fixes). - scsi: st: ERASE does not change tape location (git-fixes). - scsi: st: Restore some drive settings after reset (git-fixes). - scsi: st: Tighten the page format heuristics with MODE SELECT (git-fixes). - scsi: storvsc: Do not report the host packet status as the hv status (git-fixes). - scsi: storvsc: Increase the timeouts to storvsc_timeout (git-fixes). - selftests/bpf: Fix bpf_nf selftest failure (git-fixes). - selftests/mm: restore default nr_hugepages value during cleanup in hugetlb_reparenting_test.sh (git-fixes). - selftests/net: have `gro.sh -t` return a correct exit code (stable-fixes). - selftests/seccomp: fix syscall_restart test for arm compat (git-fixes). - serial: Fix potential null-ptr-deref in mlb_usio_probe() (git-fixes). - serial: imx: Restore original RXTL for console to fix data loss (git-fixes). - serial: mctrl_gpio: split disable_ms into sync and no_sync APIs (git-fixes). - serial: sh-sci: Move runtime PM enable to sci_probe_single() (stable-fixes). - serial: sh-sci: Save and restore more registers (git-fixes). - serial: sh-sci: Update the suspend/resume support (stable-fixes). - soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() (git-fixes). - soc: aspeed: lpc: Fix impossible judgment condition (git-fixes). - soc: qcom: smp2p: Fix fallback to qcom,ipc parse (git-fixes). - soc: ti: k3-socinfo: Do not use syscon helper to build regmap (stable-fixes). - software node: Correct a OOB check in software_node_get_reference_args() (stable-fixes). - soundwire: amd: change the soundwire wake enable/disable sequence (stable-fixes). - spi-rockchip: Fix register out of bounds access (stable-fixes). - spi: bcm63xx-hsspi: fix shared reset (git-fixes). - spi: bcm63xx-spi: fix shared reset (git-fixes). - spi: sh-msiof: Fix maximum DMA transfer size (git-fixes). - spi: spi-sun4i: fix early activation (stable-fixes). - spi: tegra210-quad: Fix X1_X2_X4 encoding and support x4 transfers (git-fixes). - spi: tegra210-quad: modify chip select (CS) deactivation (git-fixes). - spi: tegra210-quad: remove redundant error handling code (git-fixes). - spi: zynqmp-gqspi: Always acknowledge interrupts (stable-fixes). - staging: iio: ad5933: Correct settling cycles encoding per datasheet (git-fixes). - staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() (git-fixes). - struct usci: hide additional member (git-fixes). - sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (git-fixes). - tcp/dccp: allow a connection when sk_max_ack_backlog is zero (git-fixes). - tcp/dccp: bypass empty buckets in inet_twsk_purge() (git-fixes). - tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog (git-fixes). - tcp: bring back NUMA dispersion in inet_ehash_locks_alloc() (git-fixes). - tcp_metrics: optimize tcp_metrics_flush_all() (git-fixes). - thermal/drivers/qoriq: Power down TMU on system suspend (stable-fixes). - thunderbolt: Do not add non-active NVM if NVM upgrade is disabled for retimer (stable-fixes). - thunderbolt: Do not double dequeue a configuration request (stable-fixes). - thunderbolt: Fix a logic error in wake on connect (git-fixes). - timekeeping: Fix bogus clock_was_set() invocation in (git-fixes) - timekeeping: Fix cross-timestamp interpolation corner case (git-fixes) - timekeeping: Fix cross-timestamp interpolation for non-x86 (git-fixes) - timekeeping: Fix cross-timestamp interpolation on counter (git-fixes) - trace/trace_event_perf: remove duplicate samples on the first tracepoint event (git-fixes). - tracing/eprobe: Fix to release eprobe when failed to add dyn_event (git-fixes). - tracing: Add __print_dynamic_array() helper (bsc#1243544). - tracing: Add __string_len() example (bsc#1243544). - tracing: Fix cmp_entries_dup() to respect sort() comparison rules (git-fixes). - tracing: Fix compilation warning on arm32 (bsc#1243551). - tracing: Use atomic64_inc_return() in trace_clock_counter() (git-fixes). - truct dwc3 hide new member wakeup_pending_funcs (git-fixes). - ucsi_debugfs_entry: hide signedness change (git-fixes). - udp: annotate data-races around up->pending (git-fixes). - udp: fix incorrect parameter validation in the udp_lib_getsockopt() function (git-fixes). - udp: fix receiving fraglist GSO packets (git-fixes). - udp: preserve the connected status if only UDP cmsg (git-fixes). - uprobes: Use kzalloc to allocate xol area (git-fixes). - usb: Flush altsetting 0 endpoints before reinitializating them after reset (git-fixes). - usb: cdnsp: Fix issue with detecting USB 3.2 speed (git-fixes). - usb: cdnsp: Fix issue with detecting command completion event (git-fixes). - usb: dwc3: gadget: Make gadget_wakeup asynchronous (git-fixes). - usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE (stable-fixes). - usb: renesas_usbhs: Reorder clock handling and power management in probe (git-fixes). - usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device (stable-fixes). - usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() (git-fixes). - usb: typec: ucsi: Only enable supported notifications (git-fixes). - usb: typec: ucsi: allow non-partner GET_PDOS for Qualcomm devices (git-fixes). - usb: typec: ucsi: fix Clang -Wsign-conversion warning (git-fixes). - usb: typec: ucsi: fix UCSI on buggy Qualcomm devices (git-fixes). - usb: typec: ucsi: limit the UCSI_NO_PARTNER_PDOS even further (git-fixes). - usb: usbtmc: Fix read_stb function and get_stb ioctl (git-fixes). - usb: usbtmc: Fix timeout value in get_stb (git-fixes). - usb: xhci: Do not change the status of stalled TDs on failed Stop EP (stable-fixes). - usbnet: asix AX88772: leave the carrier control to phylink (stable-fixes). - vgacon: Add check for vc_origin address range in vgacon_scroll() (git-fixes). - vmxnet3: correctly report gso type for UDP tunnels (bsc#1244626). - vmxnet3: support higher link speeds from vmxnet3 v9 (bsc#1244626). - vmxnet3: update MTU after device quiesce (bsc#1244626). - vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() (git-fixes). - watchdog: da9052_wdt: respect TWDMIN (stable-fixes). - watchdog: exar: Shorten identity name to fit correctly (git-fixes). - watchdog: fix watchdog may detect false positive of softlockup (stable-fixes). - watchdog: it87_wdt: add PWRGD enable quirk for Qotom QCML04 (git-fixes). - watchdog: mediatek: Add support for MT6735 TOPRGU/WDT (git-fixes). - wifi: ath11k: Fix QMI memory reuse logic (stable-fixes). - wifi: ath11k: avoid burning CPU in ath11k_debugfs_fw_stats_request() (git-fixes). - wifi: ath11k: convert timeouts to secs_to_jiffies() (stable-fixes). - wifi: ath11k: do not use static variables in ath11k_debugfs_fw_stats_process() (git-fixes). - wifi: ath11k: do not wait when there is no vdev started (git-fixes). - wifi: ath11k: fix node corruption in ar->arvifs list (git-fixes). - wifi: ath11k: fix ring-buffer corruption (git-fixes). - wifi: ath11k: fix rx completion meta data corruption (git-fixes). - wifi: ath11k: fix soc_dp_stats debugfs file permission (stable-fixes). - wifi: ath11k: move some firmware stats related functions outside of debugfs (git-fixes). - wifi: ath11k: update channel list in worker when wait flag is set (bsc#1243847). - wifi: ath11k: validate ath11k_crypto_mode on top of ath11k_core_qmi_firmware_ready (git-fixes). - wifi: ath12k: Add MSDU length validation for TKIP MIC error (git-fixes). - wifi: ath12k: Avoid napi_sync() before napi_enable() (stable-fixes). - wifi: ath12k: Fix WMI tag for EHT rate in peer assoc (git-fixes). - wifi: ath12k: Fix end offset bit definition in monitor ring descriptor (stable-fixes). - wifi: ath12k: Fix invalid memory access while forming 802.11 header (git-fixes). - wifi: ath12k: Fix memory leak during vdev_id mismatch (git-fixes). - wifi: ath12k: Fix the QoS control field offset to build QoS header (git-fixes). - wifi: ath12k: Improve BSS discovery with hidden SSID in 6 GHz band (stable-fixes). - wifi: ath12k: Pass correct values of center freq1 and center freq2 for 160 MHz (stable-fixes). - wifi: ath12k: Report proper tx completion status to mac80211 (stable-fixes). - wifi: ath12k: fix a possible dead lock caused by ab->base_lock (stable-fixes). - wifi: ath12k: fix ath12k_hal_tx_cmd_ext_desc_setup() info1 override (stable-fixes). - wifi: ath12k: fix cleanup path after mhi init (git-fixes). - wifi: ath12k: fix failed to set mhi state error during reboot with hardware grouping (stable-fixes). - wifi: ath12k: fix incorrect CE addresses (stable-fixes). - wifi: ath12k: fix invalid access to memory (git-fixes). - wifi: ath12k: fix link valid field initialization in the monitor Rx (stable-fixes). - wifi: ath12k: fix macro definition HAL_RX_MSDU_PKT_LENGTH_GET (stable-fixes). - wifi: ath12k: fix node corruption in ar->arvifs list (git-fixes). - wifi: ath12k: fix ring-buffer corruption (git-fixes). - wifi: ath9k: return by of_get_mac_address (stable-fixes). - wifi: ath9k_htc: Abort software beacon handling if disabled (git-fixes). - wifi: carl9170: do not ping device which has failed to load firmware (git-fixes). - wifi: iwlfiwi: mvm: Fix the rate reporting (git-fixes). - wifi: iwlwifi: Add missing MODULE_FIRMWARE for Qu-c0-jf-b0 (stable-fixes). - wifi: iwlwifi: add support for Killer on MTL (stable-fixes). - wifi: iwlwifi: fix debug actions order (stable-fixes). - wifi: iwlwifi: pcie: make sure to lock rxq->read (stable-fixes). - wifi: mac80211: VLAN traffic in multicast path (stable-fixes). - wifi: mac80211: do not offer a mesh path if forwarding is disabled (stable-fixes). - wifi: mac80211: do not unconditionally call drv_mgd_complete_tx() (stable-fixes). - wifi: mac80211: fix beacon interval calculation overflow (git-fixes). - wifi: mac80211: remove misplaced drv_mgd_complete_tx() call (stable-fixes). - wifi: mac80211_hwsim: Prevent tsf from setting if beacon is disabled (stable-fixes). - wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R (stable-fixes). - wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init() (git-fixes). - wifi: mt76: mt7921: add 160 MHz AP for mt7922 device (stable-fixes). - wifi: mt76: mt7925: ensure all MCU commands wait for response (git-fixes). - wifi: mt76: mt7925: fix host interrupt register initialization (git-fixes). - wifi: mt76: mt7925: prevent multiple scan commands (git-fixes). - wifi: mt76: mt7925: refine the sniffer commnad (git-fixes). - wifi: mt76: mt7996: drop fragments with multicast or broadcast RA (stable-fixes). - wifi: mt76: mt7996: fix RX buffer size of MCU event (git-fixes). - wifi: mt76: mt7996: revise TXS size (stable-fixes). - wifi: mt76: mt7996: set EHT max ampdu length capability (git-fixes). - wifi: mt76: only mark tx-status-failed frames as ACKed on mt76x0/2 (stable-fixes). - wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() (git-fixes). - wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 (git-fixes). - wifi: rtw88: Do not use static local variable in rtw8822b_set_tx_power_index_by_rate (stable-fixes). - wifi: rtw88: Fix __rtw_download_firmware() for RTL8814AU (stable-fixes). - wifi: rtw88: Fix download_firmware_validate() for RTL8814AU (stable-fixes). - wifi: rtw88: Fix rtw_desc_to_mcsrate() to handle MCS16-31 (stable-fixes). - wifi: rtw88: Fix rtw_init_ht_cap() for RTL8814AU (stable-fixes). - wifi: rtw88: Fix rtw_init_vht_cap() for RTL8814AU (stable-fixes). - wifi: rtw88: do not ignore hardware read error during DPK (git-fixes). - wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (git-fixes). - wifi: rtw88: sdio: call rtw_sdio_indicate_tx_status unconditionally (git-fixes). - wifi: rtw88: sdio: map mgmt frames to queue TX_DESC_QSEL_MGMT (git-fixes). - wifi: rtw88: usb: Reduce control message timeout to 500 ms (git-fixes). - wifi: rtw89: add wiphy_lock() to work that isn't held wiphy_lock() yet (stable-fixes). - wifi: rtw89: fw: propagate error code from rtw89_h2c_tx() (stable-fixes). - wifi: rtw89: leave idle mode when setting WEP encryption for AP mode (stable-fixes). - wifi: rtw89: pci: enlarge retry times of RX tag to 1000 (git-fixes). - x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt() (git-fixes). - x86/kaslr: Reduce KASLR entropy on most x86 systems (git-fixes). - x86/microcode/AMD: Add get_patch_level() (git-fixes). - x86/microcode/AMD: Do not return error when microcode update is not necessary (git-fixes). - x86/microcode/AMD: Get rid of the _load_microcode_amd() forward declaration (git-fixes). - x86/microcode/AMD: Have __apply_microcode_amd() return bool (git-fixes). - x86/microcode/AMD: Make __verify_patch_size() return bool (git-fixes). - x86/microcode/AMD: Merge early_apply_microcode() into its single callsite (git-fixes). - x86/microcode/AMD: Remove ugly linebreak in __verify_patch_section() signature (git-fixes). - x86/microcode/AMD: Return bool from find_blobs_in_containers() (git-fixes). - x86/microcode: Consolidate the loader enablement checking (git-fixes). - x86/mm/init: Handle the special case of device private pages in add_pages(), to not increase max_pfn and trigger dma_addressing_limited() bounce buffers (git-fixes). - x86/xen: fix balloon target initialization for PVH dom0 (git-fixes). - xen/arm: call uaccess_ttbr0_enable for dm_op hypercall (git-fixes) - xen/x86: fix initial memory balloon target (git-fixes). - xsk: always clear DMA mapping information when unmapping the pool (git-fixes). Important SUSE bug 1012628 SUSE bug 1210025 SUSE bug 1211226 SUSE bug 1215199 SUSE bug 1218184 SUSE bug 1223008 SUSE bug 1228557 SUSE bug 1228854 SUSE bug 1232504 SUSE bug 1232882 SUSE bug 1235490 SUSE bug 1235728 SUSE bug 1236208 SUSE bug 1237312 SUSE bug 1237913 SUSE bug 1238859 SUSE bug 1238982 SUSE bug 1240180 SUSE bug 1240577 SUSE bug 1240610 SUSE bug 1240686 SUSE bug 1240723 SUSE bug 1240814 SUSE bug 1240823 SUSE bug 1241166 SUSE bug 1241278 SUSE bug 1241414 SUSE bug 1241544 SUSE bug 1241572 SUSE bug 1241592 SUSE bug 1241617 SUSE bug 1242086 SUSE bug 1242163 SUSE bug 1242504 SUSE bug 1242515 SUSE bug 1242521 SUSE bug 1242556 SUSE bug 1242573 SUSE bug 1242725 SUSE bug 1242846 SUSE bug 1242849 SUSE bug 1242850 SUSE bug 1242907 SUSE bug 1242940 SUSE bug 1242946 SUSE bug 1242954 SUSE bug 1242982 SUSE bug 1243051 SUSE bug 1243060 SUSE bug 1243342 SUSE bug 1243467 SUSE bug 1243475 SUSE bug 1243480 SUSE bug 1243506 SUSE bug 1243523 SUSE bug 1243537 SUSE bug 1243538 SUSE bug 1243542 SUSE bug 1243544 SUSE bug 1243551 SUSE bug 1243571 SUSE bug 1243572 SUSE bug 1243620 SUSE bug 1243628 SUSE bug 1243698 SUSE bug 1243774 SUSE bug 1243782 SUSE bug 1243823 SUSE bug 1243827 SUSE bug 1243832 SUSE bug 1243836 SUSE bug 1243847 SUSE bug 1244100 SUSE bug 1244145 SUSE bug 1244172 SUSE bug 1244176 SUSE bug 1244229 SUSE bug 1244234 SUSE bug 1244241 SUSE bug 1244261 SUSE bug 1244274 SUSE bug 1244275 SUSE bug 1244277 SUSE bug 1244309 SUSE bug 1244313 SUSE bug 1244337 SUSE bug 1244626 SUSE bug 1244725 SUSE bug 1244727 SUSE bug 1244729 SUSE bug 1244731 SUSE bug 1244732 SUSE bug 1244736 SUSE bug 1244737 SUSE bug 1244738 SUSE bug 1244739 SUSE bug 1244743 SUSE bug 1244746 SUSE bug 1244759 SUSE bug 1244789 SUSE bug 1244862 SUSE bug 1244906 SUSE bug 1244938 SUSE bug 1244995 SUSE bug 1244996 SUSE bug 1244999 SUSE bug 1245001 SUSE bug 1245003 SUSE bug 1245004 SUSE bug 1245025 SUSE bug 1245042 SUSE bug 1245046 SUSE bug 1245078 SUSE bug 1245081 SUSE bug 1245082 SUSE bug 1245083 SUSE bug 1245155 SUSE bug 1245183 SUSE bug 1245193 SUSE bug 1245210 SUSE bug 1245217 SUSE bug 1245225 SUSE bug 1245226 SUSE bug 1245228 SUSE bug 1245431 SUSE bug 1245455 CVE-2023-52888 at SUSE CVE-2023-52888 at NVD CVE-2024-26831 at SUSE CVE-2024-26831 at NVD CVE-2024-49568 at SUSE CVE-2024-49568 at NVD CVE-2024-50106 at SUSE CVE-2024-50106 at NVD CVE-2024-56613 at SUSE CVE-2024-56613 at NVD CVE-2024-56699 at SUSE CVE-2024-56699 at NVD CVE-2024-57982 at SUSE CVE-2024-57982 at NVD CVE-2024-58053 at SUSE CVE-2024-58053 at NVD CVE-2025-21658 at SUSE CVE-2025-21658 at NVD CVE-2025-21720 at SUSE CVE-2025-21720 at NVD CVE-2025-21868 at SUSE CVE-2025-21868 at NVD CVE-2025-21898 at SUSE CVE-2025-21898 at NVD CVE-2025-21899 at SUSE CVE-2025-21899 at NVD CVE-2025-21920 at SUSE CVE-2025-21920 at NVD CVE-2025-21938 at SUSE CVE-2025-21938 at NVD CVE-2025-21959 at SUSE CVE-2025-21959 at NVD CVE-2025-21997 at SUSE CVE-2025-21997 at NVD CVE-2025-22035 at SUSE CVE-2025-22035 at NVD CVE-2025-22083 at SUSE CVE-2025-22083 at NVD CVE-2025-22111 at SUSE CVE-2025-22111 at NVD CVE-2025-22113 at SUSE CVE-2025-22113 at NVD CVE-2025-22120 at SUSE CVE-2025-22120 at NVD CVE-2025-23155 at SUSE CVE-2025-23155 at NVD CVE-2025-37738 at SUSE CVE-2025-37738 at NVD CVE-2025-37743 at SUSE CVE-2025-37743 at NVD CVE-2025-37752 at SUSE CVE-2025-37752 at NVD CVE-2025-37756 at SUSE CVE-2025-37756 at NVD CVE-2025-37757 at SUSE CVE-2025-37757 at NVD CVE-2025-37786 at SUSE CVE-2025-37786 at NVD CVE-2025-37800 at SUSE CVE-2025-37800 at NVD CVE-2025-37801 at SUSE CVE-2025-37801 at NVD CVE-2025-37811 at SUSE CVE-2025-37811 at NVD CVE-2025-37844 at SUSE CVE-2025-37844 at NVD CVE-2025-37859 at SUSE CVE-2025-37859 at NVD CVE-2025-37862 at SUSE CVE-2025-37862 at NVD CVE-2025-37865 at SUSE CVE-2025-37865 at NVD CVE-2025-37874 at SUSE CVE-2025-37874 at NVD CVE-2025-37884 at SUSE CVE-2025-37884 at NVD CVE-2025-37909 at SUSE CVE-2025-37909 at NVD CVE-2025-37917 at SUSE CVE-2025-37917 at NVD CVE-2025-37921 at SUSE CVE-2025-37921 at NVD CVE-2025-37923 at SUSE CVE-2025-37923 at NVD CVE-2025-37927 at SUSE CVE-2025-37927 at NVD CVE-2025-37933 at SUSE CVE-2025-37933 at NVD CVE-2025-37936 at SUSE CVE-2025-37936 at NVD CVE-2025-37938 at SUSE CVE-2025-37938 at NVD CVE-2025-37945 at SUSE CVE-2025-37945 at NVD CVE-2025-37946 at SUSE CVE-2025-37946 at NVD CVE-2025-37961 at SUSE CVE-2025-37961 at NVD CVE-2025-37967 at SUSE CVE-2025-37967 at NVD CVE-2025-37968 at SUSE CVE-2025-37968 at NVD CVE-2025-37973 at SUSE CVE-2025-37973 at NVD CVE-2025-37987 at SUSE CVE-2025-37987 at NVD CVE-2025-37992 at SUSE CVE-2025-37992 at NVD CVE-2025-37994 at SUSE CVE-2025-37994 at NVD CVE-2025-37995 at SUSE CVE-2025-37995 at NVD CVE-2025-37997 at SUSE CVE-2025-37997 at NVD CVE-2025-37998 at SUSE CVE-2025-37998 at NVD CVE-2025-38000 at SUSE CVE-2025-38000 at NVD CVE-2025-38001 at SUSE CVE-2025-38001 at NVD CVE-2025-38003 at SUSE CVE-2025-38003 at NVD CVE-2025-38004 at SUSE CVE-2025-38004 at NVD CVE-2025-38005 at SUSE CVE-2025-38005 at NVD CVE-2025-38007 at SUSE CVE-2025-38007 at NVD CVE-2025-38009 at SUSE CVE-2025-38009 at NVD CVE-2025-38010 at SUSE CVE-2025-38010 at NVD CVE-2025-38011 at SUSE CVE-2025-38011 at NVD CVE-2025-38013 at SUSE CVE-2025-38013 at NVD CVE-2025-38014 at SUSE CVE-2025-38014 at NVD CVE-2025-38015 at SUSE CVE-2025-38015 at NVD CVE-2025-38018 at SUSE CVE-2025-38018 at NVD CVE-2025-38020 at SUSE CVE-2025-38020 at NVD CVE-2025-38022 at SUSE CVE-2025-38022 at NVD CVE-2025-38023 at SUSE CVE-2025-38023 at NVD CVE-2025-38024 at SUSE CVE-2025-38024 at NVD CVE-2025-38027 at SUSE CVE-2025-38027 at NVD CVE-2025-38031 at SUSE CVE-2025-38031 at NVD CVE-2025-38040 at SUSE CVE-2025-38040 at NVD CVE-2025-38043 at SUSE CVE-2025-38043 at NVD CVE-2025-38044 at SUSE CVE-2025-38044 at NVD CVE-2025-38045 at SUSE CVE-2025-38045 at NVD CVE-2025-38053 at SUSE CVE-2025-38053 at NVD CVE-2025-38057 at SUSE CVE-2025-38057 at NVD CVE-2025-38059 at SUSE CVE-2025-38059 at NVD CVE-2025-38060 at SUSE CVE-2025-38060 at NVD CVE-2025-38065 at SUSE CVE-2025-38065 at NVD CVE-2025-38068 at SUSE CVE-2025-38068 at NVD CVE-2025-38072 at SUSE CVE-2025-38072 at NVD CVE-2025-38077 at SUSE CVE-2025-38077 at NVD CVE-2025-38078 at SUSE CVE-2025-38078 at NVD CVE-2025-38079 at SUSE CVE-2025-38079 at NVD CVE-2025-38080 at SUSE CVE-2025-38080 at NVD CVE-2025-38081 at SUSE CVE-2025-38081 at NVD CVE-2025-38083 at SUSE CVE-2025-38083 at NVD cpe:/o:opensuse:leap:15.6 Security update for kubernetes1.27 (Moderate) openSUSE Leap 15.6 This update for kubernetes1.27 fixes the following issues: - CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content (bsc#1241865). Moderate SUSE bug 1241865 CVE-2025-22872 at SUSE CVE-2025-22872 at NVD cpe:/o:opensuse:leap:15.6 Security update for kubernetes1.25 (Moderate) openSUSE Leap 15.6 This update for kubernetes1.25 fixes the following issues: - CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content (bsc#1241865). Moderate SUSE bug 1241865 CVE-2025-22872 at SUSE CVE-2025-22872 at NVD cpe:/o:opensuse:leap:15.6 Security update for ffmpeg (Moderate) openSUSE Leap 15.6 This update for ffmpeg fixes the following issues: - CVE-2022-1475: Fixed integer overflow in g729_parse() in llibavcodec/g729_parser.c (bsc#1198898). - CVE-2024-36616: Fixed integer overflow in the component libavformat/westwood_vqa.c (bsc#1234018). - CVE-2024-36617: Fixed integer overflow vulnerability in the FFmpeg CAF decoder (bsc#1234019). - CVE-2024-36618: Fixed vulnerability in the AVI demuxer of the libavformat library (bsc#1234020). Moderate SUSE bug 1198898 SUSE bug 1234018 SUSE bug 1234019 SUSE bug 1234020 CVE-2022-1475 at SUSE CVE-2022-1475 at NVD CVE-2024-36616 at SUSE CVE-2024-36616 at NVD CVE-2024-36617 at SUSE CVE-2024-36617 at NVD CVE-2024-36618 at SUSE CVE-2024-36618 at NVD cpe:/o:opensuse:leap:15.6 Security update for python312 (Important) openSUSE Leap 15.6 This update for python312 fixes the following issues: - CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705). - CVE-2025-4435: Fixed that Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) Important SUSE bug 1244061 SUSE bug 1244705 CVE-2025-4435 at SUSE CVE-2025-4435 at NVD CVE-2025-6069 at SUSE CVE-2025-6069 at NVD cpe:/o:opensuse:leap:15.6 Security update for coreutils (Moderate) openSUSE Leap 15.6 This update for coreutils fixes the following issues: - CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data (bsc#1243767) Moderate SUSE bug 1243767 CVE-2025-5278 at SUSE CVE-2025-5278 at NVD cpe:/o:opensuse:leap:15.6 Security update for gimp (Important) openSUSE Leap 15.6 This update for gimp fixes the following issues: - CVE-2025-6035: Fixed Integer Overflow or Wraparound in GIMP Despeckle Filter (bsc#1244536). Important SUSE bug 1244536 CVE-2025-6035 at SUSE CVE-2025-6035 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaThunderbird (Important) openSUSE Leap 15.6 This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.12 (MFSA 2025-55, bsc#1244670): - CVE-2025-6424: Use-after-free in FontFaceSet (bmo#1966423) - CVE-2025-6425: The WebCompat WebExtension shipped exposed a persistent UUID (bmo#1717672) - CVE-2025-6426: No warning when opening executable terminal files on macOS (bmo#1964385) - CVE-2025-6429: Incorrect parsing of URLs could have allowed embedding of youtube.com (bmo#1970658) - CVE-2025-6430: Content-Disposition header ignored when a file is included in an embed or object tag (bmo#1971140) Important SUSE bug 1244670 CVE-2025-6424 at SUSE CVE-2025-6424 at NVD CVE-2025-6425 at SUSE CVE-2025-6425 at NVD CVE-2025-6426 at SUSE CVE-2025-6426 at NVD CVE-2025-6429 at SUSE CVE-2025-6429 at NVD CVE-2025-6430 at SUSE CVE-2025-6430 at NVD cpe:/o:opensuse:leap:15.6 Security update for nodejs20 (Important) openSUSE Leap 15.6 This update for nodejs20 fixes the following issues: Update to 20.18.2: - CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics (bsc#1236251) - CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERR_PROTO (bsc#1236250) - CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici (bsc#1236258) Important SUSE bug 1236250 SUSE bug 1236251 SUSE bug 1236258 CVE-2025-22150 at SUSE CVE-2025-22150 at NVD CVE-2025-23083 at SUSE CVE-2025-23083 at NVD CVE-2025-23085 at SUSE CVE-2025-23085 at NVD cpe:/o:opensuse:leap:15.6 Security update for FastCGI (Important) openSUSE Leap 15.6 This update for FastCGI fixes the following issues: - CVE-2025-23016: Fixed integer overflow in FastCGI fcgi2 library (bsc#1243325) Important SUSE bug 1243325 CVE-2025-23016 at SUSE CVE-2025-23016 at NVD cpe:/o:opensuse:leap:15.6 Security update for ffmpeg-4 (Moderate) openSUSE Leap 15.6 This update for ffmpeg-4 fixes the following issues: - CVE-2024-36618: Fixed integer overflow iff ULONG_MAX < INT64_MAX (bsc#1234020). New CVE references, fixed in previous release: - CVE-2024-36617: avformat/cafdec: dont seek beyond 64bit (bsc#1234019). - CVE-2024-36616: avformat/westwood_vqa: Fix 2g packets (bsc#1234018). Moderate SUSE bug 1234018 SUSE bug 1234019 SUSE bug 1234020 CVE-2024-36616 at SUSE CVE-2024-36616 at NVD CVE-2024-36617 at SUSE CVE-2024-36617 at NVD CVE-2024-36618 at SUSE CVE-2024-36618 at NVD cpe:/o:opensuse:leap:15.6 Security update for kubernetes1.26 (Moderate) openSUSE Leap 15.6 This update for kubernetes1.26 fixes the following issues: - CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content (bsc#1241865). Moderate SUSE bug 1229008 SUSE bug 1241865 SUSE bug 1245087 CVE-2025-22872 at SUSE CVE-2025-22872 at NVD cpe:/o:opensuse:leap:15.6 Security update for jq (Moderate) openSUSE Leap 15.6 This update for jq fixes the following issues: - CVE-2024-23337: Fixed signed integer overflow in jv.c:jvp_array_write (bsc#1243450). Moderate SUSE bug 1243450 CVE-2024-23337 at SUSE CVE-2024-23337 at NVD cpe:/o:opensuse:leap:15.6 Security update for iputils (Moderate) openSUSE Leap 15.6 This update for iputils fixes the following issues: - CVE-2025-48964: Fixed integer overflow in ping statistics via zero timestamp (bsc#1243772). Moderate SUSE bug 1243772 CVE-2025-48964 at SUSE CVE-2025-48964 at NVD cpe:/o:opensuse:leap:15.6 Security update for libgcrypt (Moderate) openSUSE Leap 15.6 This update for libgcrypt fixes the following issues: - CVE-2024-2236: Fixed timing based side-channel in RSA implementation. (bsc#1221107) Moderate SUSE bug 1221107 CVE-2024-2236 at SUSE CVE-2024-2236 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-oslo.utils (Moderate) openSUSE Leap 15.6 This update for python-oslo.utils fixes the following issues: - CVE-2022-0718: Fixed incorrect password masking in debug output. (bsc#1196454) Moderate SUSE bug 1196454 CVE-2022-0718 at SUSE CVE-2022-0718 at NVD cpe:/o:opensuse:leap:15.6 Security update for python (Moderate) openSUSE Leap 15.6 This update for python fixes the following issues: - CVE-2025-6069: Fixed worst case quadratic complexity that can lead to amplified DoS. (bsc#1244705) Moderate SUSE bug 1244705 CVE-2025-6069 at SUSE CVE-2025-6069 at NVD cpe:/o:opensuse:leap:15.6 Security update for php7 (Important) openSUSE Leap 15.6 This update for php7 fixes the following issues: - CVE-2025-1220: Fixed null byte termination in hostnames (bsc#1246167) - CVE-2025-1735: Fixed pgsql extension does not check for errors during escaping (bsc#1246146) - CVE-2025-6491: Fixed NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix (bsc#1246148) Important SUSE bug 1246146 SUSE bug 1246148 SUSE bug 1246167 CVE-2025-1220 at SUSE CVE-2025-1220 at NVD CVE-2025-1735 at SUSE CVE-2025-1735 at NVD CVE-2025-6491 at SUSE CVE-2025-6491 at NVD cpe:/o:opensuse:leap:15.6 Security update for php8 (Important) openSUSE Leap 15.6 This update for php8 fixes the following issues: Version update to 8.2.29: - CVE-2025-1220: Fixed null byte termination in hostnames (bsc#1246167) - CVE-2025-1735: Fixed pgsql extension does not check for errors during escaping (bsc#1246146) - CVE-2025-6491: Fixed NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix (bsc#1246148) Important SUSE bug 1246146 SUSE bug 1246148 SUSE bug 1246167 CVE-2025-1220 at SUSE CVE-2025-1220 at NVD CVE-2025-1735 at SUSE CVE-2025-1735 at NVD CVE-2025-6491 at SUSE CVE-2025-6491 at NVD cpe:/o:opensuse:leap:15.6 Security update for salt (Important) openSUSE Leap 15.6 This update for salt fixes the following issues: - Security issues fixed: - CVE-2024-38822: Fixed Minion token validation (bsc#1244561) - CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport (bsc#1244564) - CVE-2024-38824: Fixed directory traversal vulnerability in recv_file method (bsc#1244565) - CVE-2024-38825: Fixed salt.auth.pki module authentication issue (bsc#1244566) - CVE-2025-22240: Fixed arbitrary directory creation or file deletion with GitFS (bsc#1244567) - CVE-2025-22236: Fixed Minion event bus authorization bypass (bsc#1244568) - CVE-2025-22241: Fixed the use of un-validated input in the VirtKey class (bsc#1244570) - CVE-2025-22237: Fixed exploitation of the 'on demand' pillar functionality (bsc#1244571) - CVE-2025-22238: Fixed the master's default cache vulnerability to a directory traversal attack (bsc#1244572) - CVE-2025-22239: Fixed the arbitrary event injection on the Salt Master (bsc#1244574) - CVE-2025-22242: Fixed a Denial of Service vulnerability through file read operation (bsc#1244575) - CVE-2025-47287: Fixed a Denial of Service vulnerability in Tornado logging behavior (bsc#1243268) - Other bugs fixed: - Added subsystem filter to udev.exportdb (bsc#1236621) - Fixed Ubuntu 24.04 test failures - Fixed refresh of osrelease and related grains on Python 3.10+ - Fixed issue requiring proper Python flavor for dependencies Important SUSE bug 1236621 SUSE bug 1243268 SUSE bug 1244561 SUSE bug 1244564 SUSE bug 1244565 SUSE bug 1244566 SUSE bug 1244567 SUSE bug 1244568 SUSE bug 1244570 SUSE bug 1244571 SUSE bug 1244572 SUSE bug 1244574 SUSE bug 1244575 CVE-2024-38822 at SUSE CVE-2024-38822 at NVD CVE-2024-38823 at SUSE CVE-2024-38823 at NVD CVE-2024-38824 at SUSE CVE-2024-38824 at NVD CVE-2024-38825 at SUSE CVE-2024-38825 at NVD CVE-2025-22236 at SUSE CVE-2025-22236 at NVD CVE-2025-22237 at SUSE CVE-2025-22237 at NVD CVE-2025-22238 at SUSE CVE-2025-22238 at NVD CVE-2025-22239 at SUSE CVE-2025-22239 at NVD CVE-2025-22240 at SUSE CVE-2025-22240 at NVD CVE-2025-22241 at SUSE CVE-2025-22241 at NVD CVE-2025-22242 at SUSE CVE-2025-22242 at NVD CVE-2025-47287 at SUSE CVE-2025-47287 at NVD cpe:/o:opensuse:leap:15.6 Security update for ImageMagick (Important) openSUSE Leap 15.6 This update for ImageMagick fixes the following issues: - CVE-2025-53014: Fixed an off-by-one error may cause an out-of-bounds memory access (bsc#1246530) - CVE-2025-53015: Fixed specific XMP file conversion may cause an infinite loop (bsc#1246531) - CVE-2025-53019: Fixed format specifiers in a filename template may cause a memory leak (bsc#1246534) - CVE-2025-53101: Fixed input manipulation may lead to an out-of-bound write (bsc#1246529) Changed policies: * allow ImageMagick to read it's own files again (bsc#1246065) Important SUSE bug 1246065 SUSE bug 1246529 SUSE bug 1246530 SUSE bug 1246531 SUSE bug 1246534 CVE-2025-53014 at SUSE CVE-2025-53014 at NVD CVE-2025-53015 at SUSE CVE-2025-53015 at NVD CVE-2025-53019 at SUSE CVE-2025-53019 at NVD CVE-2025-53101 at SUSE CVE-2025-53101 at NVD cpe:/o:opensuse:leap:15.6 Security update for ovmf (Moderate) openSUSE Leap 15.6 This update for ovmf fixes the following issues: - CVE-2024-1298: Fixed potential UINT32 overflow in S3 ResumeCount (bsc#1225889). Other fixes: - Fixed Kubevirt GPU passthrough failure (bsc#1245542) Moderate SUSE bug 1225889 SUSE bug 1245542 CVE-2024-1298 at SUSE CVE-2024-1298 at NVD cpe:/o:opensuse:leap:15.6 Security update for polkit (Important) openSUSE Leap 15.6 This update for polkit fixes the following issues: - CVE-2025-7519: Fixed a XML policy file with a large number of nested elements that may lead to out-of-bounds write. (bsc#1246472) Important SUSE bug 1246472 CVE-2025-7519 at SUSE CVE-2025-7519 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaFirefox, MozillaFirefox-branding-SLE (Important) openSUSE Leap 15.6 This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: MozillaFirefox is updated to the 140ESR series. Firefox Extended Support Release 140.0esr ESR: * General - Reader View now has an enhanced Text and Layout menu with new options for character spacing, word spacing, and text alignment. These changes offer a more accessible reading experience. - Reader View now has a Theme menu with additional Contrast and Gray options. You can also select custom colors for text, background, and links from the Custom tab. - Firefox will now offer to temporarily remember when users grant permissions to sites (e.g. geolocation). Temporary permissions will be removed either after one hour or when the tab is closed. - Firefox now includes safeguards to prevent sites from abusing the history API by generating excessive history entries, which can make navigating with the back and forward buttons difficult by cluttering the history. This intervention ensures that such entries, unless interacted with by the user, are skipped when using the back and forward buttons. - Firefox now identifies all links in PDFs and turns them into hyperlinks. - You can now copy links from background tabs using the tabstrip context menu on macOS and Linux. - Users on macOS and Linux are now given the option to close only the current tab if the Quit keyboard shortcut is used while multiple tabs are open in the window. (bmo#None) * Sidebar and Tabs - You can now enable the updated Firefox sidebar in Settings > General > Browser Layout to quickly access multiple tools in one click, without leaving your main view. Sidebar tools include an AI chatbot of your choice, bookmarks, history, and tabs from devices you sync with your Mozilla account. - Keep a lot of tabs open? Try our new vertical tabs layout to quickly scan your list of tabs. With vertical tabs, your open and pinned tabs appear in the sidebar instead of along the top of the browser. To turn on vertical tabs, right-click on the toolbar near the top of the browser and select Turn on Vertical Tabs. If you’ve enabled the updated sidebar, you can also go to Customize sidebar and check Vertical tabs. Early testers report feeling more organized after using vertical tabs for a few days. - Stay productive and organized with less effort by grouping related tabs together. One simple way to create a group is to drag a tab onto another, pause until you see a highlight, then drop to create the group. Tab groups can be named, color-coded, and are always saved. You can close a group and reopen it later. - A tab preview is now displayed when hovering the mouse over background tabs, making it easier to locate the desired tab without needing to switch tabs. - The sidebar to view tabs from other devices can now be opened via the Tab overview menu. * Security & Privacy - HTTPS is replacing HTTP as the default protocol in the address bar on non-local sites. If a site is not available via HTTPS, Firefox will fall back to HTTP. - Firefox now blocks third-party cookie access when Enhanced Tracking Protection's Strict mode is enabled. - Firefox now has a new anti-tracking feature, Bounce Tracking Protection, which is now available in Enhanced Tracking Protection's 'Strict' mode. This feature detects bounce trackers based on their redirect behavior and periodically purges their cookies and site data to block tracking. - Firefox now enforces certificate transparency, requiring web servers to provide sufficient proof that their certificates were publicly disclosed before they will be trusted. This only affects servers using certificates issued by a certificate authority in Mozilla's Root CA Program. - Smartblock Embeds allows users to selectively unblock certain social media embeds that are blocked in ETP Strict and Private Browsing modes. Currently, support is limited to a few embed types, with more to be added in future updates. - Firefox now upgrades page loads to HTTPS by default and gracefully falls back to HTTP if the secure connection fails. This behavior is known as HTTPS-First. - The 'Copy Without Site Tracking' menu item was renamed to 'Copy Clean Link' to help clarify expectations around what the feature does. 'Copy Clean Link' is a list based approach to remove - known tracking parameters from links. This option can also now be used on plain text links. - The Clear browsing data and cookies dialog now allows clearing saved form info separately from browsing history. * Translations - Firefox now allows translating selected text portions to different languages after a full-page translation. - Full-Page Translations are now available within Firefox extension pages that start with the moz-extension:// URL scheme. - When suggesting a default translation language, Firefox will now take into consideration languages you have previously used for translations. - Added support for many new languages in Firefox translation. * Linux - Firefox now supports touchpad hold gestures on Linux. This means that kinetic (momentum) scrolling can now be interrupted by placing two fingers on the touchpad. * Developer: - Firefox now supports text fragments, which allows users to link directly to a specific portion of text in a web document via a special URL fragment. - Debugger log-point values are now automatically converted into profiler markers, making it easy to add information to the marker timeline directly from the Debugger. - The Debugger's directory root is now scoped to the specific domain where it was set, which aligns with typical usage and avoids applying it across unrelated domains. This builds on previous improvements such as a redesigned UI and easier removal of the root setting. Setting a directory root updates the Source List to show only the selected directory and its children. (Learn more) - The Network Blocking feature in the Network panel now blocks HTTP requests in addition to blocking responses. - The Network panel displays information about Early Hints, including a dedicated indicator for the 103 HTTP status code in the user interface. - The Network panel now allows overriding network request responses with local files. - The filter setting in the Network panel is now preserved across DevTools Toolbox sessions. - A new column has been added to the Network panel to display the full path of the request URL. This enhancement makes helps developers quickly view and analyze complete request paths. - Introduced a new console command `$$$` that allows searching the page, including within shadow roots. - Improved support for debugging web extensions, such as automatically reloading the web extension's source code in the Debugger when the extension is reloaded. Workers are now available in the Console panel’s context selector and breakpoints function correctly in content scripts. - In the Inspector Fonts panel, we now display fonts metadata, like the font version, designer, vendor, license, etc. - Added support for the import map integrity field, allowing you to ensure the integrity of dynamically or statically imported modules. - Implemented support for `Error.isError`, enabling brand checks to determine whether an object is an instance of Error. (Learn more) - Added support for the `error.captureStackTrace` extension to improve compatibility with other browsers. (Learn more: http://github.com/tc39/proposal-error-capturestacktrace) * Enterprise: - The UserMessaging policy has been updated with a new option to allow disabling Firefox Labs in preferences. - The Preferences policy has been updated to allow setting the preference security.pki.certificate_transparency.mode. - HTTPS-First is now on by default. You can manage this behavior using the HttpsOnlyMode and HttpAllowlist policies. - An internal change has been made to Firefox that removes `XPCOMUtils.defineLazyGetter`. For most people, this shouldn't matter, but if you encounter problems with AutoConfig or third party software like PolicyPak, this might be the cause. You'll need to reach out to your provider. - Firefox now supports the Content Analysis SDK for integrating DLP software. For more information, see this post. - The SearchEngines policy is now available on all versions of Firefox (not just the ESR). Various security fixes MFSA 2025-51 (bsc#1244670): * CVE-2025-6424 (bmo#1966423) Use-after-free in FontFaceSet * CVE-2025-6425 (bmo#1717672) The WebCompat WebExtension shipped with Firefox exposed a persistent UUID * CVE-2025-6426 (bmo#1964385) No warning when opening executable terminal files on macOS * CVE-2025-6427 (bmo#1966927) connect-src Content Security Policy restriction could be bypassed * CVE-2025-6428 (bmo#1970151) Firefox for Android opened URLs specified in a link querystring parameter * CVE-2025-6429 (bmo#1970658) Incorrect parsing of URLs could have allowed embedding of youtube.com * CVE-2025-6430 (bmo#1971140) Content-Disposition header ignored when a file is included in an embed or object tag * CVE-2025-6431 (bmo#1942716) The prompt in Firefox for Android that asks before opening a link in an external application could be bypassed * CVE-2025-6432 (bmo#1943804) DNS Requests leaked outside of a configured SOCKS proxy * CVE-2025-6433 (bmo#1954033) WebAuthn would allow a user to sign a challenge on a webpage with an invalid TLS certificate * CVE-2025-6434 (bmo#1955182) HTTPS-Only exception screen lacked anti-clickjacking delay * CVE-2025-6435 (bmo#1950056, bmo#1961777) Save as in Devtools could download files without sanitizing the extension * CVE-2025-6436 (bmo#1941377, bmo#1960948, bmo#1966187, bmo#1966505, bmo#1970764) Memory safety bugs fixed in Firefox 140 and Thunderbird 140 Various security fixes MFSA 2025-59 (bsc#1246664): - CVE-2025-8027: JavaScript engine only wrote partial return value to stack - CVE-2025-8028: Large branch table could lead to truncated instruction - CVE-2025-8029: javascript: URLs executed on object and embed tags - CVE-2025-8036: DNS rebinding circumvents CORS - CVE-2025-8037: Nameless cookies shadow secure cookies - CVE-2025-8030: Potential user-assisted code execution in “Copy as cURL” command - CVE-2025-8031: Incorrect URL stripping in CSP reports - CVE-2025-8032: XSLT documents could bypass CSP - CVE-2025-8038: CSP frame-src was not correctly enforced for paths - CVE-2025-8039: Search terms persisted in URL bar - CVE-2025-8033: Incorrect JavaScript state machine for generators - CVE-2025-8034: Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 - CVE-2025-8040: Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 - CVE-2025-8035: Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 Important SUSE bug 1237231 SUSE bug 1244670 SUSE bug 1246664 CVE-2025-6424 at SUSE CVE-2025-6424 at NVD CVE-2025-6425 at SUSE CVE-2025-6425 at NVD CVE-2025-6426 at SUSE CVE-2025-6426 at NVD CVE-2025-6427 at SUSE CVE-2025-6427 at NVD CVE-2025-6428 at SUSE CVE-2025-6428 at NVD CVE-2025-6429 at SUSE CVE-2025-6429 at NVD CVE-2025-6430 at SUSE CVE-2025-6430 at NVD CVE-2025-6431 at SUSE CVE-2025-6431 at NVD CVE-2025-6432 at SUSE CVE-2025-6432 at NVD CVE-2025-6433 at SUSE CVE-2025-6433 at NVD CVE-2025-6434 at SUSE CVE-2025-6434 at NVD CVE-2025-6435 at SUSE CVE-2025-6435 at NVD CVE-2025-6436 at SUSE CVE-2025-6436 at NVD CVE-2025-8027 at SUSE CVE-2025-8027 at NVD CVE-2025-8028 at SUSE CVE-2025-8028 at NVD CVE-2025-8029 at SUSE CVE-2025-8029 at NVD CVE-2025-8030 at SUSE CVE-2025-8030 at NVD CVE-2025-8031 at SUSE CVE-2025-8031 at NVD CVE-2025-8032 at SUSE CVE-2025-8032 at NVD CVE-2025-8033 at SUSE CVE-2025-8033 at NVD CVE-2025-8034 at SUSE CVE-2025-8034 at NVD CVE-2025-8035 at SUSE CVE-2025-8035 at NVD CVE-2025-8036 at SUSE CVE-2025-8036 at NVD CVE-2025-8037 at SUSE CVE-2025-8037 at NVD CVE-2025-8038 at SUSE CVE-2025-8038 at NVD CVE-2025-8039 at SUSE CVE-2025-8039 at NVD CVE-2025-8040 at SUSE CVE-2025-8040 at NVD cpe:/o:opensuse:leap:15.6 Security update for boost (Important) openSUSE Leap 15.6 This update for boost fixes the following issues: - CVE-2016-9840: Fixed out-of-bounds pointer arithmetic in zlib in beast (bsc#1245936) Important SUSE bug 1245936 CVE-2016-9840 at SUSE CVE-2016-9840 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52888: media: mediatek: vcodec: Only free buffer VA that is not NULL (bsc#1228557). - CVE-2024-49568: net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg (bsc#1235728). - CVE-2024-57982: xfrm: state: fix out-of-bounds read during lookup (bsc#1237913). - CVE-2024-58053: rxrpc: Fix handling of received connection abort (bsc#1238982). - CVE-2025-21720: xfrm: delete intermediate secpath entry in packet offload mode (bsc#1238859). - CVE-2025-21868: kABI workaround for adding an header (bsc#1240180). - CVE-2025-21898: ftrace: Avoid potential division by zero in function_stat_show() (bsc#1240610). - CVE-2025-21899: tracing: Fix bad hist from corrupting named_triggers list (bsc#1240577). - CVE-2025-21920: vlan: enforce underlying device type (bsc#1240686). - CVE-2025-21938: mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr (bsc#1240723). - CVE-2025-21959: netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() (bsc#1240814). - CVE-2025-21997: xsk: fix an integer overflow in xp_create_and_assign_umem() (bsc#1240823). - CVE-2025-22035: tracing: Fix use-after-free in print_graph_function_flags during tracer switching (bsc#1241544). - CVE-2025-22111: kABI fix for net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF (bsc#1241572). - CVE-2025-22113: ext4: define ext4_journal_destroy wrapper (bsc#1241617). - CVE-2025-23155: net: stmmac: Fix accessing freed irq affinity_hint (bsc#1242573). - CVE-2025-37738: ext4: ignore xattrs past end (bsc#1242846). - CVE-2025-37743: wifi: ath12k: Avoid memory leak while enabling statistics (bsc#1242163). - CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504). - CVE-2025-37756: net: tls: explicitly disallow disconnect (bsc#1242515). - CVE-2025-37757: tipc: fix memory leak in tipc_link_xmit (bsc#1242521). - CVE-2025-37786: net: dsa: free routing table on probe failure (bsc#1242725). - CVE-2025-37800: driver core: fix potential NULL pointer dereference in dev_uevent() (bsc#1242849). - CVE-2025-37801: spi: spi-imx: Add check for spi_imx_setupxfer() (bsc#1242850). - CVE-2025-37811: usb: chipidea: ci_hdrc_imx: fix usbmisc handling (bsc#1242907). - CVE-2025-37844: cifs: avoid NULL pointer dereference in dbg call (bsc#1242946). - CVE-2025-37859: page_pool: avoid infinite loop to schedule delayed worker (bsc#1243051). - CVE-2025-37862: HID: pidff: Fix null pointer dereference in pidff_find_fields (bsc#1242982). - CVE-2025-37865: net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported (bsc#1242954). - CVE-2025-37874: net: ngbe: fix memory leak in ngbe_probe() error path (bsc#1242940). - CVE-2025-37884: bpf: Fix deadlock between rcu_tasks_trace and event_mutex (bsc#1243060). - CVE-2025-37909: net: lan743x: Fix memleak issue when GSO enabled (bsc#1243467). - CVE-2025-37917: net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll (bsc#1243475). - CVE-2025-37921: vxlan: vnifilter: Fix unlocked deletion of default FDB entry (bsc#1243480). - CVE-2025-37923: tracing: Fix oob write in trace_seq_to_buffer() (bsc#1243551). - CVE-2025-37927: iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid (bsc#1243620). - CVE-2025-37933: octeon_ep: Fix host hang issue during device reboot (bsc#1243628). - CVE-2025-37936: perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value (bsc#1243537). - CVE-2025-37938: tracing: Verify event formats that have '%*p..' (bsc#1243544). - CVE-2025-37945: net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY (bsc#1243538). - CVE-2025-37961: ipvs: fix uninit-value for saddr in do_output_route4 (bsc#1243523). - CVE-2025-37967: usb: typec: ucsi: displayport: Fix deadlock (bsc#1243572). - CVE-2025-37968: iio: light: opt3001: fix deadlock due to concurrent flag access (bsc#1243571). - CVE-2025-37987: pds_core: Prevent possible adminq overflow/stuck condition (bsc#1243542). - CVE-2025-37992: net_sched: Flush gso_skb list too during ->change() (bsc#1243698). - CVE-2025-37995: module: ensure that kobject_put() is safe for module type kobjects (bsc#1243827). - CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832). - CVE-2025-37998: openvswitch: Fix unsafe attribute parsing in output_userspace() (bsc#1243836). - CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277). - CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234). - CVE-2025-38011: drm/amdgpu: csa unmap use uninterruptible lock (bsc#1244729). - CVE-2025-38018: net/tls: fix kernel panic when alloc_page failed (bsc#1244999). - CVE-2025-38053: idpf: fix null-ptr-deref in idpf_features_check (bsc#1244746). - CVE-2025-38057: espintcp: fix skb leaks (bsc#1244862). - CVE-2025-38060: bpf: abort verification if env->cur_state->loop_entry != NULL (bsc#1245155). - CVE-2025-38072: libnvdimm/labels: Fix divide error in nd_label_data_init() (bsc#1244743). The following non-security bugs were fixed: - ACPI: CPPC: Fix NULL pointer dereference when nosmp is used (git-fixes). - ACPI: HED: Always initialize before evged (stable-fixes). - ACPI: OSI: Stop advertising support for '3.0 _SCP Extensions' (git-fixes). - ACPI: PNP: Add Intel OC Watchdog IDs to non-PNP device list (stable-fixes). - ACPI: battery: negate current when discharging (stable-fixes). - ACPI: bus: Bail out if acpi_kobj registration fails (stable-fixes). - ACPICA: Avoid sequence overread in call to strncmp() (stable-fixes). - ACPICA: Utilities: Fix spelling mistake 'Incremement' -> 'Increment' (git-fixes). - ACPICA: exserial: do not forget to handle FFixedHW opregions for reading (git-fixes). - ACPICA: fix acpi operand cache leak in dswstate.c (stable-fixes). - ACPICA: fix acpi parse and parseext cache leaks (stable-fixes). - ACPICA: utilities: Fix overflow check in vsnprintf() (stable-fixes). - ALSA: hda/intel: Add Thinkpad E15 to PM deny list (stable-fixes). - ALSA: hda/realtek: Add quirk for HP Spectre x360 15-df1xxx (stable-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14ASP10 (stable-fixes). - ALSA: hda/realtek: Enable PC beep passthrough for HP EliteBook 855 G7 (stable-fixes). - ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X507UAR (git-fixes). - ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X513EA (git-fixes). - ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged (stable-fixes). - ALSA: pcm: Fix race of buffer access at PCM OSS layer (stable-fixes). - ALSA: seq: Improve data consistency at polling (stable-fixes). - ALSA: usb-audio: Accept multiple protocols in GTBs (stable-fixes). - ALSA: usb-audio: Add Pioneer DJ DJM-V10 support (stable-fixes). - ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock (stable-fixes). - ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 (stable-fixes). - ALSA: usb-audio: Add name for HP Engage Go dock (stable-fixes). - ALSA: usb-audio: Check shutdown at endpoint_set_interface() (stable-fixes). - ALSA: usb-audio: Fix NULL pointer deref in snd_usb_power_domain_set() (git-fixes). - ALSA: usb-audio: Fix duplicated name in MIDI substream names (stable-fixes). - ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() (git-fixes). - ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound card (stable-fixes). - ALSA: usb-audio: Rename Pioneer mixer channel controls (git-fixes). - ALSA: usb-audio: Set MIDI1 flag appropriately for GTB MIDI 1.0 entry (stable-fixes). - ALSA: usb-audio: Skip setting clock selector for single connections (stable-fixes). - ALSA: usb-audio: Support multiple control interfaces (stable-fixes). - ALSA: usb-audio: Support read-only clock selector control (stable-fixes). - ALSA: usb-audio: enable support for Presonus Studio 1824c within 1810c file (stable-fixes). - ALSA: usb-audio: mixer: Remove temporary string use in parse_clock_source_unit (stable-fixes). - ASoC: Intel: avs: Fix deadlock when the failing IPC is SET_D0IX (git-fixes). - ASoC: Intel: avs: Verify content returned by parse_int_array() (git-fixes). - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Acer Aspire SW3-013 (stable-fixes). - ASoC: SOF: ipc4-pcm: Adjust pipeline_list->pipelines allocation type (git-fixes). - ASoC: amd: yc: Add quirk for Lenovo Yoga Pro 7 14ASP9 (stable-fixes). - ASoC: apple: mca: Constrain channels according to TDM mask (git-fixes). - ASoC: codecs: hda: Fix RPM usage count underflow (git-fixes). - ASoC: codecs: pcm3168a: Allow for 24-bit in provider mode (stable-fixes). - ASoC: imx-card: Adjust over allocation of memory in imx_card_parse_of() (stable-fixes). - ASoC: mediatek: mt6359: Add stub for mt6359_accdet_enable_jack_detect (stable-fixes). - ASoC: mediatek: mt8188: Add reference for dmic clocks (stable-fixes). - ASoC: mediatek: mt8188: Treat DMIC_GAINx_CUR as non-volatile (stable-fixes). - ASoC: meson: meson-card-utils: use of_property_present() for DT parsing (git-fixes). - ASoC: ops: Enforce platform maximum on initial value (stable-fixes). - ASoC: qcom: sdm845: Add error handling in sdm845_slim_snd_hw_params() (git-fixes). - ASoC: qcom: sm8250: explicitly set format in sm8250_be_hw_params_fixup() (stable-fixes). - ASoC: rt722-sdca: Add some missing readable registers (stable-fixes). - ASoC: soc-dai: check return value at snd_soc_dai_set_tdm_slot() (stable-fixes). - ASoC: sun4i-codec: support hp-det-gpios property (stable-fixes). - ASoC: tas2764: Add reg defaults for TAS2764_INT_CLK_CFG (stable-fixes). - ASoC: tas2764: Enable main IRQs (git-fixes). - ASoC: tas2764: Mark SW_RESET as volatile (stable-fixes). - ASoC: tas2764: Power up/down amp on mute ops (stable-fixes). - ASoC: tas2764: Reinit cache on part reset (git-fixes). - ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change (stable-fixes). - ASoC: tegra210_ahub: Add check to of_device_get_match_data() (stable-fixes). - Bluetooth: Fix NULL pointer deference on eir_get_service_data (git-fixes). - Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION (git-fixes). - Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete (git-fixes). - Bluetooth: MGMT: Fix sparse errors (git-fixes). - Bluetooth: MGMT: Remove unused mgmt_pending_find_data (stable-fixes). - Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach() (git-fixes). - Bluetooth: Remove pending ACL connection attempts (stable-fixes). - Bluetooth: hci_conn: Fix UAF Write in __hci_acl_create_connection_sync (git-fixes). - Bluetooth: hci_conn: Only do ACL connections sequentially (stable-fixes). - Bluetooth: hci_core: fix list_for_each_entry_rcu usage (git-fixes). - Bluetooth: hci_event: Fix not using key encryption size when its known (git-fixes). - Bluetooth: hci_qca: move the SoC type check to the right place (git-fixes). - Bluetooth: hci_sync: Fix UAF in hci_acl_create_conn_sync (git-fixes). - Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync (git-fixes). - Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance (git-fixes). - Documentation/rtla: Fix duplicate text about timerlat tracer (git-fixes). - Documentation/rtla: Fix typo in common_timerlat_description.rst (git-fixes). - Documentation/rtla: Fix typo in rtla-timerlat.rst (git-fixes). - Documentation: fix typo in root= kernel parameter description (git-fixes). - HID: lenovo: Restrict F7/9/11 mode to compact keyboards only (git-fixes). - HID: quirks: Add ADATA XPG alpha wireless mouse support (stable-fixes). - HID: usbkbd: Fix the bit shift number for LED_KANA (stable-fixes). - HID: wacom: fix kobject reference count leak (git-fixes). - HID: wacom: fix memory leak on kobject creation failure (git-fixes). - HID: wacom: fix memory leak on sysfs attribute creation failure (git-fixes). - Input: gpio-keys - fix possible concurrent access in gpio_keys_irq_timer() (git-fixes). - Input: ims-pcu - check record size in ims_pcu_flash_firmware() (git-fixes). - Input: sparcspkr - avoid unannotated fall-through (stable-fixes). - Input: xpad - add more controllers (stable-fixes). - KVM: powerpc: Enable commented out BUILD_BUG_ON() assertion (bsc#1215199). - KVM: s390: rename PROT_NONE to PROT_TYPE_DUMMY (git-fixes bsc#1245225). - MyBS: Correctly generate build flags for non-multibuild package limit (bsc# 1244241) Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') - MyBS: Do not build kernel-obs-qa with limit_packages Fixes: 58e3f8c34b2b ('bs-upload-kernel: Pass limit_packages also on multibuild') - MyBS: Simplify qa_expr generation Start with a 0 which makes the expression valid even if there are no QA repositories (currently does not happen). Then separator is always needed. - NFC: nci: uart: Set tty->disc_data only in success path (git-fixes). - NFS: Do not allow waiting for exiting tasks (git-fixes). - NFSD: Insulate nfsd4_encode_read_plus() from page boundaries in the encode buffer (git-fixes). - NFSv4: Check for delegation validity in nfs_start_delegation_return_locked() (git-fixes). - NFSv4: Treat ENETUNREACH errors as fatal for state recovery (git-fixes). - PCI/DPC: Initialize aer_err_info before using it (git-fixes). - PCI/DPC: Log Error Source ID only when valid (git-fixes). - PCI/DPC: Use defines with DPC reason fields (git-fixes). - PCI/MSI: Size device MSI domain with the maximum number of vectors (git-fixes). - PCI/PM: Set up runtime PM even for devices without PCI PM (git-fixes). - PCI: Explicitly put devices into D0 when initializing (git-fixes). - PCI: Fix lock symmetry in pci_slot_unlock() (git-fixes). - PCI: Fix old_size lower bound in calculate_iosize() too (stable-fixes). - PCI: apple: Set only available ports up (git-fixes). - PCI: apple: Use gpiod_set_value_cansleep in probe flow (git-fixes). - PCI: brcmstb: Add a softdep to MIP MSI-X driver (stable-fixes). - PCI: brcmstb: Expand inbound window size up to 64GB (stable-fixes). - PCI: cadence-ep: Correct PBA offset in .set_msix() callback (git-fixes). - PCI: cadence: Fix runtime atomic count underflow (git-fixes). - PCI: dw-rockchip: Fix PHY function call sequence in rockchip_pcie_phy_deinit() (git-fixes). - PCI: dw-rockchip: Remove PCIE_L0S_ENTRY check from rockchip_pcie_link_up() (git-fixes). - PCI: dwc: ep: Correct PBA offset in .set_msix() callback (git-fixes). - PCI: dwc: ep: Ensure proper iteration over outbound map windows (stable-fixes). - PCI: endpoint: Retain fixed-size BAR size as well as aligned size (git-fixes). - PCI: vmd: Disable MSI remapping bypass under Xen (stable-fixes). - PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() (stable-fixes). - PM: sleep: Fix power.is_suspended cleanup for direct-complete devices (git-fixes). - PM: sleep: Print PM debug messages during hibernation (git-fixes). - PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() (git-fixes). - RDMA/core: Fix best page size finding when it can cross SG entries (git-fixes) - RDMA/uverbs: Propagate errors from rdma_lookup_get_uobject() (git-fixes) - Remove compress-vmlinux.sh /usr/lib/rpm/brp-suse.d/brp-99-compress-vmlinux was added in pesign-obs-integration during SLE12 RC. This workaround can be removed. - Remove host-memcpy-hack.h This might have been usefult at some point but we have more things that depend on specific library versions today. - Remove try-disable-staging-driver The config for linux-next is autogenerated from master config, and defaults filled for missing options. This is unlikely to enable any staging driver in the first place. - Revert 'ALSA: usb-audio: Skip setting clock selector for single connections' (stable-fixes). - Revert 'arm64: dts: allwinner: h6: Use RSB for AXP805 PMIC (git-fixes) - Revert 'bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first' (stable-fixes). - Revert 'drm/amdgpu: do not allow userspace to create a doorbell BO' (stable-fixes). - Revert 'ipv6: save dontfrag in cork (git-fixes).' - Revert 'kABI: ipv6: save dontfrag in cork (git-fixes).' - Revert 'wifi: mt76: mt7996: fill txd by host driver' (stable-fixes). - SUNRPC: Do not allow waiting for exiting tasks (git-fixes). - SUNRPC: Prevent hang on NFS mount with xprtsec=[m]tls (git-fixes). - SUNRPC: rpc_clnt_set_transport() must not change the autobind setting (git-fixes). - SUNRPC: rpcbind should never reset the port to the value '0' (git-fixes). - USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB (stable-fixes). - VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify (git-fixes). - accel/qaic: Mask out SR-IOV PCI resources (stable-fixes). - acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio() (git-fixes). - add bug reference to existing hv_storvsc change (bsc#1245455). - arm64: dts: marvell: uDPU: define pinctrl state for alarm LEDs (git-fixes) - ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode (stable-fixes). - ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 (stable-fixes). - ath10k: snoc: fix unbalanced IRQ enable in crash recovery (git-fixes). - backlight: pm8941: Add NULL check in wled_configure() (git-fixes). - bnxt: properly flush XDP redirect lists (git-fixes). - bpf: Force uprobe bpf program to always return 0 (git-fixes). - bs-upload-kernel: Pass limit_packages also on multibuild Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') Fixes: 747f601d4156 ('bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)') - btrfs: fix fsync of files with no hard links not persisting deletion (git-fixes). - btrfs: fix invalid data space release when truncating block in NOCOW mode (git-fixes). - btrfs: fix qgroup reservation leak on failure to allocate ordered extent (git-fixes). - btrfs: fix wrong start offset for delalloc space release during mmap write (git-fixes). - btrfs: remove end_no_trans label from btrfs_log_inode_parent() (git-fixes). - btrfs: simplify condition for logging new dentries at btrfs_log_inode_parent() (git-fixes). - bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device (git-fixes). - bus: fsl-mc: fix GET/SET_TAILDROP command ids (git-fixes). - bus: fsl-mc: fix double-free on mc_dev (git-fixes). - bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value (stable-fixes). - bus: mhi: host: Fix conflict between power_up and SYSERR (git-fixes). - calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (git-fixes). - can: c_can: Use of_property_present() to test existence of DT property (stable-fixes). - can: tcan4x5x: fix power regulator retrieval during probe (git-fixes). - ceph: Fix incorrect flush end position calculation (git-fixes). - ceph: allocate sparse_ext map only for sparse reads (git-fixes). - ceph: fix memory leaks in __ceph_sync_read() (git-fixes). - cgroup/cpuset: Fix race between newly created partition and dying one (bsc#1241166). - clocksource: Fix brown-bag boolean thinko in (git-fixes) - clocksource: Make watchdog and suspend-timing multiplication (git-fixes) - crypto: lrw - Only add ecb if it is not already there (git-fixes). - crypto: lzo - Fix compression buffer overrun (stable-fixes). - crypto: marvell/cesa - Avoid empty transfer descriptor (git-fixes). - crypto: marvell/cesa - Do not chain submitted requests (git-fixes). - crypto: marvell/cesa - Handle zero-length skcipher requests (git-fixes). - crypto: octeontx2 - suppress auth failure screaming due to negative tests (stable-fixes). - crypto: qat - add shutdown handler to qat_420xx (git-fixes). - crypto: qat - add shutdown handler to qat_4xxx (git-fixes). - crypto: skcipher - Zap type in crypto_alloc_sync_skcipher (stable-fixes). - crypto: sun8i-ce - move fallback ahash_request to the end of the struct (git-fixes). - crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare() (git-fixes). - crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions (git-fixes). - crypto: xts - Only add ecb if it is not already there (git-fixes). - devlink: Fix referring to hw_addr attribute during state validation (git-fixes). - devlink: fix port dump cmd type (git-fixes). - dlm: mask sk_shutdown value (bsc#1228854). - dlm: use SHUT_RDWR for SCTP shutdown (bsc#1228854). - dmaengine: idxd: cdev: Fix uninitialized use of sva in idxd_cdev_open (stable-fixes). - dmaengine: ti: Add NULL check in udma_probe() (git-fixes). - drivers/rapidio/rio_cm.c: prevent possible heap overwrite (stable-fixes). - drm/amd/display/dm: drop hw_support check in amdgpu_dm_i2c_xfer() (stable-fixes). - drm/amd/display: Add null pointer check for get_first_active_display() (git-fixes). - drm/amd/display: Do not try AUX transactions on disconnected link (stable-fixes). - drm/amd/display: Fix incorrect DPCD configs while Replay/PSR switch (stable-fixes). - drm/amd/display: Guard against setting dispclk low for dcn31x (stable-fixes). - drm/amd/display: Increase block_sequence array size (stable-fixes). - drm/amd/display: Initial psr_version with correct setting (stable-fixes). - drm/amd/display: Skip checking FRL_MODE bit for PCON BW determination (stable-fixes). - drm/amd/display: Update CR AUX RD interval interpretation (stable-fixes). - drm/amd/display: fix link_set_dpms_off multi-display MST corner case (stable-fixes). - drm/amd/display: remove minimum Dispclk and apply oem panel timing (stable-fixes). - drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table (git-fixes). - drm/amdgpu: Do not program AGP BAR regs under SRIOV in gfxhub_v1_0.c (stable-fixes). - drm/amdgpu: Set snoop bit for SDMA for MI series (stable-fixes). - drm/amdgpu: Update SRIOV video codec caps (stable-fixes). - drm/amdgpu: enlarge the VBIOS binary size limit (stable-fixes). - drm/amdgpu: reset psp->cmd to NULL after releasing the buffer (stable-fixes). - drm/amdgpu: switch job hw_fence to amdgpu_fence (git-fixes). - drm/amdkfd: KFD release_work possible circular locking (stable-fixes). - drm/amdkfd: Set per-process flags only once cik/vi (stable-fixes). - drm/ast: Find VBIOS mode from regular display size (stable-fixes). - drm/ast: Fix comment on modeset lock (git-fixes). - drm/atomic: clarify the rules around drm_atomic_state->allow_modeset (stable-fixes). - drm/bridge: cdns-dsi: Check return value when getting default PHY config (git-fixes). - drm/bridge: cdns-dsi: Fix connecting to next bridge (git-fixes). - drm/bridge: cdns-dsi: Fix phy de-init and flag it so (git-fixes). - drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() (git-fixes). - drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready (git-fixes). - drm/bridge: lt9611uxc: Fix an error handling path in lt9611uxc_probe() (git-fixes). - drm/etnaviv: Protect the scheduler's pending list with its lock (git-fixes). - drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1 (git-fixes). - drm/i915/pmu: Fix build error with GCOV and AutoFDO enabled (git-fixes). - drm/i915: fix build error some more (git-fixes). - drm/mediatek: Fix kobject put for component sub-drivers (git-fixes). - drm/mediatek: mtk_dpi: Add checks for reg_h_fre_con existence (stable-fixes). - drm/mediatek: mtk_drm_drv: Fix kobject put for mtk_mutex device ptr (git-fixes). - drm/mediatek: mtk_drm_drv: Unbind secondary mmsys components on err (git-fixes). - drm/msm/disp: Correct porch timing for SDM845 (git-fixes). - drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate (git-fixes). - drm/msm/gpu: Fix crash when throttling GPU immediately during boot (git-fixes). - drm/nouveau/bl: increase buffer size to avoid truncate warning (git-fixes). - drm/panel-edp: Add Starry 116KHD024006 (stable-fixes). - drm/panel: samsung-sofef00: Drop s6e3fc2x01 support (git-fixes). - drm/rockchip: vop2: Add uv swap for cluster window (stable-fixes). - drm/ssd130x: fix ssd132x_clear_screen() columns (git-fixes). - drm/tegra: Assign plane type before registration (git-fixes). - drm/tegra: Fix a possible null pointer dereference (git-fixes). - drm/tegra: rgb: Fix the unbound reference count (git-fixes). - drm/udl: Unregister device before cleaning up on disconnect (git-fixes). - drm/v3d: Add clock handling (stable-fixes). - drm/vc4: tests: Use return instead of assert (git-fixes). - drm/vkms: Adjust vkms_state->active_planes allocation type (git-fixes). - drm/vmwgfx: Add seqno waiter for sync_files (git-fixes). - drm: Add valid clones check (stable-fixes). - drm: bridge: adv7511: fill stream capabilities (stable-fixes). - drm: rcar-du: Fix memory leak in rcar_du_vsps_init() (git-fixes). - e1000e: set fixed clock frequency indication for Nahum 11 and Nahum 13 (git-fixes). - fbcon: Make sure modelist not set on unregistered console (stable-fixes). - fbcon: Use correct erase colour for clearing in fbcon (stable-fixes). - fbdev/efifb: Remove PM for parent device (bsc#1244261). - fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var (git-fixes). - fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var (git-fixes). - fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() (git-fixes). - fbdev: core: tileblit: Implement missing margin clearing for tileblit (stable-fixes). - fbdev: fsl-diu-fb: add missing device_remove_file() (stable-fixes). - fgraph: Still initialize idle shadow stacks when starting (git-fixes). - firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES (git-fixes). - firmware: arm_ffa: Reject higher major version as incompatible (stable-fixes). - firmware: arm_ffa: Set dma_mask for ffa devices (stable-fixes). - firmware: arm_scmi: Relax duplicate name constraint across protocol ids (stable-fixes). - firmware: psci: Fix refcount leak in psci_dt_init (git-fixes). - fpga: altera-cvp: Increase credit timeout (stable-fixes). - fs/nfs/read: fix double-unlock bug in nfs_return_empty_folio() (git-fixes). - gpio: mlxbf3: only get IRQ for device instance 0 (git-fixes). - gpio: pca953x: Simplify code with cleanup helpers (stable-fixes). - gpio: pca953x: Split pca953x_restore_context() and pca953x_save_context() (stable-fixes). - gpio: pca953x: fix IRQ storm on system wake up (git-fixes). - gpiolib: Revert 'Do not WARN on gpiod_put() for optional GPIO' (stable-fixes). - gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt (git-fixes). - gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO (git-fixes). - hwmon: (asus-ec-sensors) check sensor index in read_string() (git-fixes). - hwmon: (dell-smm) Increment the number of fans (stable-fixes). - hwmon: (ftsteutates) Fix TOCTOU race in fts_read() (git-fixes). - hwmon: (gpio-fan) Add missing mutex locks (stable-fixes). - hwmon: (nct6775): Actually make use of the HWMON_NCT6775 symbol namespace (git-fixes). - hwmon: (occ) Rework attribute registration for stack usage (git-fixes). - hwmon: (occ) fix unaligned accesses (git-fixes). - hwmon: (peci/dimmtemp) Do not provide fake thresholds data (git-fixes). - hwmon: (xgene-hwmon) use appropriate type for the latency value (stable-fixes). - hwmon: corsair-psu: add USB id of HX1200i Series 2023 psu (git-fixes). - i2c: designware: Invoke runtime suspend on quick slave re-registration (stable-fixes). - i2c: npcm: Add clock toggle recovery (stable-fixes). - i2c: pxa: fix call balance of i2c->clk handling routines (stable-fixes). - i2c: qup: Vote for interconnect bandwidth to DRAM (stable-fixes). - i2c: robotfuzz-osif: disable zero-length read messages (git-fixes). - i2c: tegra: check msg length in SMBUS block read (bsc#1242086) - i2c: tiny-usb: disable zero-length read messages (git-fixes). - i3c: master: svc: Fix implicit fallthrough in svc_i3c_master_ibi_work() (git-fixes). - i3c: master: svc: Fix missing STOP for master request (stable-fixes). - i3c: master: svc: Flush FIFO before sending Dynamic Address Assignment(DAA) (stable-fixes). - i40e: retry VFLR handling if there is ongoing VF reset (git-fixes). - i40e: return false from i40e_reset_vf if reset is in progress (git-fixes). - ice: Fix LACP bonds without SRIOV environment (git-fixes). - ice: create new Tx scheduler nodes for new queues only (git-fixes). - ice: fix Tx scheduler error handling in XDP callback (git-fixes). - ice: fix rebuilding the Tx scheduler tree for large queue counts (git-fixes). - ice: fix vf->num_mac count with port representors (git-fixes). - ieee802154: ca8210: Use proper setters and getters for bitwise types (stable-fixes). - iio: accel: fxls8962af: Fix temperature scan element sign (git-fixes). - iio: adc: ad7124: Fix 3dB filter frequency reading (git-fixes). - iio: adc: ad7606_spi: fix reg write value mask (git-fixes). - iio: filter: admv8818: Support frequencies >= 2^32 (git-fixes). - iio: filter: admv8818: fix band 4, state 15 (git-fixes). - iio: filter: admv8818: fix integer overflow (git-fixes). - iio: filter: admv8818: fix range calculation (git-fixes). - iio: imu: inv_icm42600: Fix temperature calculation (git-fixes). - ima: Suspend PCR extends and log appends when rebooting (bsc#1210025 ltc#196650). - ima: process_measurement() needlessly takes inode_lock() on MAY_READ (stable-fixes). - intel_th: avoid using deprecated page->mapping, index fields (stable-fixes). - iommu: Protect against overflow in iommu_pgsize() (git-fixes). - iommu: Skip PASID validation for devices without PASID capability (bsc#1244100) - iommu: Validate the PASID in iommu_attach_device_pasid() (bsc#1244100) - ip6mr: fix tables suspicious RCU usage (git-fixes). - ip_tunnel: annotate data-races around t->parms.link (git-fixes). - ipmr: fix incorrect parameter validation in the ip_mroute_getsockopt() function (git-fixes). - ipmr: fix tables suspicious RCU usage (git-fixes). - ipv4: Convert ip_route_input() to dscp_t (git-fixes). - ipv4: Correct/silence an endian warning in __ip_do_redirect (git-fixes). - ipv6: save dontfrag in cork (git-fixes). - ipvs: Always clear ipvs_property flag in skb_scrub_packet() (git-fixes). - isolcpus: fix bug in returning number of allocated cpumask (bsc#1243774). - jffs2: check jffs2_prealloc_raw_node_refs() result in few other places (git-fixes). - jffs2: check that raw node were preallocated before writing summary (git-fixes). - kABI workaround for hda_codec.beep_just_power_on flag (git-fixes). - kABI: PCI: endpoint: Retain fixed-size BAR size as well as aligned size (git-fixes). - kABI: ipv6: save dontfrag in cork (git-fixes). - kABI: serial: mctrl_gpio: split disable_ms into sync and no_sync APIs (git-fixes). - kabi: restore layout of struct cgroup_subsys (bsc#1241166). - kabi: restore layout of struct mem_control (jsc#PED-12551). - kabi: restore layout of struct page_counter (jsc#PED-12551). - kernel-source: Do not use multiple -r in sed parameters - kernel-source: Remove log.sh from sources - leds: pwm-multicolor: Add check for fwnode_property_read_u32 (stable-fixes). - loop: add file_start_write() and file_end_write() (git-fixes). - mailbox: use error ret code of of_parse_phandle_with_args() (stable-fixes). - md/raid1,raid10: do not handle IO error for REQ_RAHEAD and REQ_NOWAIT (git-fixes). - media: adv7180: Disable test-pattern control on adv7180 (stable-fixes). - media: c8sectpfe: Call of_node_put(i2c_bus) only once in c8sectpfe_probe() (stable-fixes). - media: ccs-pll: Check for too high VT PLL multiplier in dual PLL case (git-fixes). - media: ccs-pll: Correct the upper limit of maximum op_pre_pll_clk_div (git-fixes). - media: ccs-pll: Start OP pre-PLL multiplier search from correct value (git-fixes). - media: ccs-pll: Start VT pre-PLL multiplier search from correct value (git-fixes). - media: cx231xx: set device_caps for 417 (stable-fixes). - media: cxusb: no longer judge rbuf when the write fails (git-fixes). - media: davinci: vpif: Fix memory leak in probe error path (git-fixes). - media: gspca: Add error handling for stv06xx_read_sensor() (git-fixes). - media: i2c: imx219: Correct the minimum vblanking value (stable-fixes). - media: imx-jpeg: Cleanup after an allocation error (git-fixes). - media: imx-jpeg: Drop the first error frames (git-fixes). - media: imx-jpeg: Move mxc_jpeg_free_slot_data() ahead (git-fixes). - media: imx-jpeg: Reset slot data pointers when freed (git-fixes). - media: nxp: imx8-isi: better handle the m2m usage_count (git-fixes). - media: omap3isp: use sgtable-based scatterlist wrappers (git-fixes). - media: ov5675: suppress probe deferral errors (git-fixes). - media: ov8856: suppress probe deferral errors (git-fixes). - media: qcom: camss: csid: Only add TPG v4l2 ctrl if TPG hardware is available (stable-fixes). - media: rkvdec: Fix frame size enumeration (git-fixes). - media: tc358746: improve calculation of the D-PHY timing registers (stable-fixes). - media: test-drivers: vivid: do not call schedule in loop (stable-fixes). - media: uvcvideo: Add sanity check to uvc_ioctl_xu_ctrl_map (stable-fixes). - media: uvcvideo: Fix deferred probing error (git-fixes). - media: uvcvideo: Handle uvc menu translation inside uvc_get_le_value (stable-fixes). - media: uvcvideo: Return the number of processed controls (git-fixes). - media: v4l2-dev: fix error handling in __video_register_device() (git-fixes). - media: v4l: Memset argument to 0 before calling get_mbus_config pad op (stable-fixes). - media: venus: Fix probe error handling (git-fixes). - media: videobuf2: use sgtable-based scatterlist wrappers (git-fixes). - media: vidtv: Terminating the subsequent process of initialization failure (git-fixes). - media: vivid: Change the siize of the composing (git-fixes). - mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() (git-fixes). - mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE (git-fixes). - mfd: tps65219: Remove TPS65219_REG_TI_DEV_ID check (stable-fixes). - mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337). - mm, memcg: cg2 memory{.swap,}.peak write handlers (jsc#PED-12551). - mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431). - mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245431). - mm/memcontrol: export memcg.swap watermark via sysfs for v2 memcg (jsc#PED-12551). - mmc: Add quirk to disable DDR50 tuning (stable-fixes). - mmc: dw_mmc: add exynos7870 DW MMC support (stable-fixes). - mmc: host: Wait for Vdd to settle on card power off (stable-fixes). - mmc: sdhci: Disable SD card clock before changing parameters (stable-fixes). - mtd: nand: ecc-mxic: Fix use of uninitialized variable ret (git-fixes). - mtd: nand: sunxi: Add randomizer configuration before randomizer enable (git-fixes). - mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk (git-fixes). - neighbour: Do not let neigh_forced_gc() disable preemption for long (git-fixes). - net/mdiobus: Fix potential out-of-bounds clause 45 read/write access (git-fixes). - net/mdiobus: Fix potential out-of-bounds read/write access (git-fixes). - net/mlx4_en: Prevent potential integer overflow calculating Hz (git-fixes). - net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid() (git-fixes). - net/mlx5: Ensure fw pages are always allocated on same NUMA (git-fixes). - net/mlx5: Fix ECVF vports unload on shutdown flow (git-fixes). - net/mlx5: Fix return value when searching for existing flow group (git-fixes). - net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr() (git-fixes). - net/mlx5e: Fix leak of Geneve TLV option object (git-fixes). - net/neighbor: clear error in case strict check is not set (git-fixes). - net/sched: fix use-after-free in taprio_dev_notifier (git-fixes). - net: Fix TOCTOU issue in sk_is_readable() (git-fixes). - net: Implement missing getsockopt(SO_TIMESTAMPING_NEW) (git-fixes). - net: add rcu safety to rtnl_prop_list_size() (git-fixes). - net: fix udp gso skb_segment after pull from frag_list (git-fixes). - net: give more chances to rcu in netdev_wait_allrefs_any() (git-fixes). - net: ice: Perform accurate aRFS flow match (git-fixes). - net: ipv4: fix a memleak in ip_setup_cork (git-fixes). - net: linkwatch: use system_unbound_wq (git-fixes). - net: mana: Add support for Multi Vports on Bare metal (bsc#1244229). - net: mana: Record doorbell physical address in PF mode (bsc#1244229). - net: page_pool: fix warning code (git-fixes). - net: phy: clear phydev->devlink when the link is deleted (git-fixes). - net: phy: fix up const issues in to_mdio_device() and to_phy_device() (git-fixes). - net: phy: move phy_link_change() prior to mdio_bus_phy_may_suspend() (bsc#1243538) - net: phy: mscc: Fix memory leak when using one step timestamping (git-fixes). - net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames (git-fixes). - net: sched: cls_u32: Fix allocation size in u32_init() (git-fixes). - net: sched: consistently use rcu_replace_pointer() in taprio_change() (git-fixes). - net: sched: em_text: fix possible memory leak in em_text_destroy() (git-fixes). - net: sched: fix erspan_opt settings in cls_flower (git-fixes). - net: usb: aqc111: debug info before sanitation (git-fixes). - net: usb: aqc111: fix error handling of usbnet read calls (git-fixes). - net: wwan: t7xx: Fix napi rx poll issue (git-fixes). - net_sched: ets: fix a race in ets_qdisc_change() (git-fixes). - net_sched: prio: fix a race in prio_tune() (git-fixes). - net_sched: red: fix a race in __red_change() (git-fixes). - net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312) - net_sched: sch_sfq: reject invalid perturb period (git-fixes). - net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504) - net_sched: tbf: fix a race in tbf_change() (git-fixes). - netdev-genl: Hold rcu_read_lock in napi_get (git-fixes). - netlink: fix potential sleeping issue in mqueue_flush_file (git-fixes). - netlink: specs: dpll: replace underscores with dashes in names (git-fixes). - netpoll: Use rcu_access_pointer() in __netpoll_setup (git-fixes). - netpoll: hold rcu read lock in __netpoll_send_skb() (git-fixes). - nfsd: Initialize ssc before laundromat_work to prevent NULL dereference (git-fixes). - nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request (git-fixes). - nfsd: validate the nfsd_serv pointer before calling svc_wake_up (git-fixes). - ntp: Clamp maxerror and esterror to operating range (git-fixes) - ntp: Remove invalid cast in time offset math (git-fixes) - ntp: Safeguard against time_constant overflow (git-fixes) - nvme-fc: do not reference lsrsp after failure (bsc#1245193). - nvme-pci: add NVME_QUIRK_NO_DEEPEST_PS quirk for SOLIDIGM P44 Pro (git-fixes). - nvme-pci: add quirks for WDC Blue SN550 15b7:5009 (git-fixes). - nvme-pci: add quirks for device 126f:1001 (git-fixes). - nvme: always punt polled uring_cmd end_io work to task_work (git-fixes). - nvme: fix command limits status code (git-fixes). - nvme: fix implicit bool to flags conversion (git-fixes). - nvmet-fc: free pending reqs on tgtport unregister (bsc#1245193). - nvmet-fc: take tgtport refs for portentry (bsc#1245193). - nvmet-fcloop: access fcpreq only when holding reqlock (bsc#1245193). - nvmet-fcloop: add missing fcloop_callback_host_done (bsc#1245193). - nvmet-fcloop: allocate/free fcloop_lsreq directly (bsc#1245193). - nvmet-fcloop: do not wait for lport cleanup (bsc#1245193). - nvmet-fcloop: drop response if targetport is gone (bsc#1245193). - nvmet-fcloop: prevent double port deletion (bsc#1245193). - nvmet-fcloop: refactor fcloop_delete_local_port (bsc#1245193). - nvmet-fcloop: refactor fcloop_nport_alloc and track lport (bsc#1245193). - nvmet-fcloop: remove nport from list on last user (bsc#1245193). - nvmet-fcloop: track ref counts for nports (bsc#1245193). - nvmet-fcloop: update refs on tfcp_req (bsc#1245193). - orangefs: Do not truncate file size (git-fixes). - pNFS/flexfiles: Report ENETDOWN as a connection error (git-fixes). - page_pool: Fix use-after-free in page_pool_recycle_in_ring (git-fixes). - phy: core: do not require set_mode() callback for phy_get_mode() to work (stable-fixes). - phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug (git-fixes). - phy: renesas: rcar-gen3-usb2: Add support to initialize the bus (stable-fixes). - phy: renesas: rcar-gen3-usb2: Assert PLL reset on PHY power off (git-fixes). - phy: renesas: rcar-gen3-usb2: Lock around hardware registers and driver data (git-fixes). - phy: renesas: rcar-gen3-usb2: Move IRQ request in probe (stable-fixes). - pinctrl-tegra: Restore SFSEL bit when freeing pins (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() (stable-fixes). - pinctrl: armada-37xx: set GPIO output value before setting direction (git-fixes). - pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 (git-fixes). - pinctrl: at91: Fix possible out-of-boundary access (git-fixes). - pinctrl: bcm281xx: Use 'unsigned int' instead of bare 'unsigned' (stable-fixes). - pinctrl: devicetree: do not goto err when probing hogs in pinctrl_dt_to_map (stable-fixes). - pinctrl: mcp23s08: Reset all pins to input at probe (stable-fixes). - pinctrl: meson: define the pull up/down resistor value as 60 kOhm (stable-fixes). - pinctrl: qcom: pinctrl-qcm2290: Add missing pins (git-fixes). - pinctrl: st: Drop unused st_gpio_bank() function (git-fixes). - pinctrl: tegra: Fix off by one in tegra_pinctrl_get_group() (git-fixes). - platform/x86/amd: pmc: Clear metrics table at start of cycle (git-fixes). - platform/x86/intel-uncore-freq: Fail module load when plat_info is NULL (git-fixes). - platform/x86: dell_rbu: Fix list usage (git-fixes). - platform/x86: dell_rbu: Stop overwriting data buffer (git-fixes). - platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys (git-fixes). - platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys (stable-fixes). - platform/x86: ideapad-laptop: use usleep_range() for EC polling (git-fixes). - platform/x86: thinkpad_acpi: Ignore battery threshold change event notification (stable-fixes). - platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS (git-fixes). - platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS (stable-fixes). - power: reset: at91-reset: Optimize at91_reset() (git-fixes). - power: supply: bq27xxx: Retrieve again when busy (stable-fixes). - power: supply: collie: Fix wakeup source leaks on device unbind (stable-fixes). - powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery (bsc#1215199). - powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (bsc#1244309 ltc#213790). - powerpc/pseries/msi: Avoid reading PCI device registers in reduced power states (bsc#1215199). - powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() (bsc#1244309 ltc#213790). - pstore: Change kmsg_bytes storage size to u32 (git-fixes). - ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() (git-fixes). - r8152: add vendor/device ID pair for Dell Alienware AW1022z (git-fixes). - regulator: ad5398: Add device tree support (stable-fixes). - regulator: max14577: Add error check for max14577_read_reg() (git-fixes). - regulator: max20086: Change enable gpio to optional (git-fixes). - regulator: max20086: Fix MAX200086 chip id (git-fixes). - regulator: max20086: Fix refcount leak in max20086_parse_regulators_dt() (git-fixes). - rpm/check-for-config-changes: add more to IGNORED_CONFIGS_RE Useful when someone tries (needs) to build the kernel with clang. - rpm/kernel-source.changes.old: Drop bogus bugzilla reference (bsc#1244725) - rpm: Stop using is_kotd_qa macro This macro is set by bs-upload-kernel, and a conditional in each spec file is used to determine when to build the spec file. This logic should not really be in the spec file. Previously this was done with package links and package meta for the individula links. However, the use of package links is rejected for packages in git based release projects (nothing to do with git actually, new policy). An alternative to package links is multibuild. However, for multibuild packages package meta cannot be used to set which spec file gets built. Use prjcon buildflags instead, and remove this conditional. Depends on bs-upload-kernel adding the build flag. - rtc: Fix offset calculation for .start_secs &lt; 0 (git-fixes). - rtc: Make rtc_time64_to_tm() support dates before 1970 (stable-fixes). - rtc: at91rm9200: drop unused module alias (git-fixes). - rtc: cmos: use spin_lock_irqsave in cmos_interrupt (git-fixes). - rtc: cpcap: drop unused module alias (git-fixes). - rtc: da9063: drop unused module alias (git-fixes). - rtc: ds1307: stop disabling alarms on probe (stable-fixes). - rtc: jz4740: drop unused module alias (git-fixes). - rtc: pm8xxx: drop unused module alias (git-fixes). - rtc: rv3032: fix EERD location (stable-fixes). - rtc: s3c: drop unused module alias (git-fixes). - rtc: sh: assign correct interrupts with DT (git-fixes). - rtc: stm32: drop unused module alias (git-fixes). - s390/pci: Allow re-add of a reserved but not yet removed device (bsc#1244145). - s390/pci: Fix __pcilg_mio_inuser() inline assembly (git-fixes bsc#1245226). - s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs (git-fixes bsc#1244145). - s390/pci: Fix potential double remove of hotplug slot (bsc#1244145). - s390/pci: Prevent self deletion in disable_slot() (bsc#1244145). - s390/pci: Remove redundant bus removal and disable from zpci_release_device() (bsc#1244145). - s390/pci: Serialize device addition and removal (bsc#1244145). - s390/pci: introduce lock to synchronize state of zpci_dev's (jsc#PED-10253 bsc#1244145). - s390/pci: remove hotplug slot when releasing the device (bsc#1244145). - s390/pci: rename lock member in struct zpci_dev (jsc#PED-10253 bsc#1244145). - s390/tty: Fix a potential memory leak bug (git-fixes bsc#1245228). - scsi: dc395x: Remove DEBUG conditional compilation (git-fixes). - scsi: dc395x: Remove leftover if statement in reselect() (git-fixes). - scsi: elx: efct: Fix memory leak in efct_hw_parse_filter() (git-fixes). - scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk (git-fixes). - scsi: iscsi: Fix incorrect error path labels for flashnode operations (git-fixes). - scsi: mpi3mr: Add level check to control event logging (git-fixes). - scsi: mpt3sas: Send a diag reset if target reset fails (git-fixes). - scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops (git-fixes). - scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer (git-fixes). - scsi: st: ERASE does not change tape location (git-fixes). - scsi: st: Restore some drive settings after reset (git-fixes). - scsi: st: Tighten the page format heuristics with MODE SELECT (git-fixes). - scsi: storvsc: Do not report the host packet status as the hv status (git-fixes). - scsi: storvsc: Increase the timeouts to storvsc_timeout (git-fixes). - selftests/bpf: Fix bpf_nf selftest failure (git-fixes). - selftests/mm: restore default nr_hugepages value during cleanup in hugetlb_reparenting_test.sh (git-fixes). - selftests/net: have `gro.sh -t` return a correct exit code (stable-fixes). - selftests/seccomp: fix syscall_restart test for arm compat (git-fixes). - serial: Fix potential null-ptr-deref in mlb_usio_probe() (git-fixes). - serial: imx: Restore original RXTL for console to fix data loss (git-fixes). - serial: mctrl_gpio: split disable_ms into sync and no_sync APIs (git-fixes). - serial: sh-sci: Move runtime PM enable to sci_probe_single() (stable-fixes). - serial: sh-sci: Save and restore more registers (git-fixes). - serial: sh-sci: Update the suspend/resume support (stable-fixes). - soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() (git-fixes). - soc: aspeed: lpc: Fix impossible judgment condition (git-fixes). - soc: qcom: smp2p: Fix fallback to qcom,ipc parse (git-fixes). - soc: ti: k3-socinfo: Do not use syscon helper to build regmap (stable-fixes). - software node: Correct a OOB check in software_node_get_reference_args() (stable-fixes). - soundwire: amd: change the soundwire wake enable/disable sequence (stable-fixes). - spi-rockchip: Fix register out of bounds access (stable-fixes). - spi: bcm63xx-hsspi: fix shared reset (git-fixes). - spi: bcm63xx-spi: fix shared reset (git-fixes). - spi: sh-msiof: Fix maximum DMA transfer size (git-fixes). - spi: spi-sun4i: fix early activation (stable-fixes). - spi: tegra210-quad: Fix X1_X2_X4 encoding and support x4 transfers (git-fixes). - spi: tegra210-quad: modify chip select (CS) deactivation (git-fixes). - spi: tegra210-quad: remove redundant error handling code (git-fixes). - spi: zynqmp-gqspi: Always acknowledge interrupts (stable-fixes). - staging: iio: ad5933: Correct settling cycles encoding per datasheet (git-fixes). - staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() (git-fixes). - struct usci: hide additional member (git-fixes). - sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (git-fixes). - tcp/dccp: allow a connection when sk_max_ack_backlog is zero (git-fixes). - tcp/dccp: bypass empty buckets in inet_twsk_purge() (git-fixes). - tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog (git-fixes). - tcp: bring back NUMA dispersion in inet_ehash_locks_alloc() (git-fixes). - tcp_metrics: optimize tcp_metrics_flush_all() (git-fixes). - thermal/drivers/qoriq: Power down TMU on system suspend (stable-fixes). - thunderbolt: Do not add non-active NVM if NVM upgrade is disabled for retimer (stable-fixes). - thunderbolt: Do not double dequeue a configuration request (stable-fixes). - thunderbolt: Fix a logic error in wake on connect (git-fixes). - timekeeping: Fix bogus clock_was_set() invocation in (git-fixes) - timekeeping: Fix cross-timestamp interpolation corner case (git-fixes) - timekeeping: Fix cross-timestamp interpolation for non-x86 (git-fixes) - timekeeping: Fix cross-timestamp interpolation on counter (git-fixes) - trace/trace_event_perf: remove duplicate samples on the first tracepoint event (git-fixes). - tracing/eprobe: Fix to release eprobe when failed to add dyn_event (git-fixes). - tracing: Add __print_dynamic_array() helper (bsc#1243544). - tracing: Add __string_len() example (bsc#1243544). - tracing: Fix cmp_entries_dup() to respect sort() comparison rules (git-fixes). - tracing: Fix compilation warning on arm32 (bsc#1243551). - tracing: Use atomic64_inc_return() in trace_clock_counter() (git-fixes). - truct dwc3 hide new member wakeup_pending_funcs (git-fixes). - ucsi_debugfs_entry: hide signedness change (git-fixes). - udp: annotate data-races around up->pending (git-fixes). - udp: fix incorrect parameter validation in the udp_lib_getsockopt() function (git-fixes). - udp: fix receiving fraglist GSO packets (git-fixes). - udp: preserve the connected status if only UDP cmsg (git-fixes). - uprobes: Use kzalloc to allocate xol area (git-fixes). - usb: Flush altsetting 0 endpoints before reinitializating them after reset (git-fixes). - usb: cdnsp: Fix issue with detecting USB 3.2 speed (git-fixes). - usb: cdnsp: Fix issue with detecting command completion event (git-fixes). - usb: dwc3: gadget: Make gadget_wakeup asynchronous (git-fixes). - usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE (stable-fixes). - usb: renesas_usbhs: Reorder clock handling and power management in probe (git-fixes). - usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device (stable-fixes). - usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() (git-fixes). - usb: typec: ucsi: Only enable supported notifications (git-fixes). - usb: typec: ucsi: allow non-partner GET_PDOS for Qualcomm devices (git-fixes). - usb: typec: ucsi: fix Clang -Wsign-conversion warning (git-fixes). - usb: typec: ucsi: fix UCSI on buggy Qualcomm devices (git-fixes). - usb: typec: ucsi: limit the UCSI_NO_PARTNER_PDOS even further (git-fixes). - usb: usbtmc: Fix read_stb function and get_stb ioctl (git-fixes). - usb: usbtmc: Fix timeout value in get_stb (git-fixes). - usb: xhci: Do not change the status of stalled TDs on failed Stop EP (stable-fixes). - usbnet: asix AX88772: leave the carrier control to phylink (stable-fixes). - vgacon: Add check for vc_origin address range in vgacon_scroll() (git-fixes). - vmxnet3: correctly report gso type for UDP tunnels (bsc#1244626). - vmxnet3: support higher link speeds from vmxnet3 v9 (bsc#1244626). - vmxnet3: update MTU after device quiesce (bsc#1244626). - vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() (git-fixes). - watchdog: da9052_wdt: respect TWDMIN (stable-fixes). - watchdog: exar: Shorten identity name to fit correctly (git-fixes). - watchdog: fix watchdog may detect false positive of softlockup (stable-fixes). - watchdog: it87_wdt: add PWRGD enable quirk for Qotom QCML04 (git-fixes). - watchdog: mediatek: Add support for MT6735 TOPRGU/WDT (git-fixes). - wifi: ath11k: Fix QMI memory reuse logic (stable-fixes). - wifi: ath11k: avoid burning CPU in ath11k_debugfs_fw_stats_request() (git-fixes). - wifi: ath11k: convert timeouts to secs_to_jiffies() (stable-fixes). - wifi: ath11k: do not use static variables in ath11k_debugfs_fw_stats_process() (git-fixes). - wifi: ath11k: do not wait when there is no vdev started (git-fixes). - wifi: ath11k: fix node corruption in ar->arvifs list (git-fixes). - wifi: ath11k: fix ring-buffer corruption (git-fixes). - wifi: ath11k: fix rx completion meta data corruption (git-fixes). - wifi: ath11k: fix soc_dp_stats debugfs file permission (stable-fixes). - wifi: ath11k: move some firmware stats related functions outside of debugfs (git-fixes). - wifi: ath11k: update channel list in worker when wait flag is set (bsc#1243847). - wifi: ath11k: validate ath11k_crypto_mode on top of ath11k_core_qmi_firmware_ready (git-fixes). - wifi: ath12k: Add MSDU length validation for TKIP MIC error (git-fixes). - wifi: ath12k: Avoid napi_sync() before napi_enable() (stable-fixes). - wifi: ath12k: Fix WMI tag for EHT rate in peer assoc (git-fixes). - wifi: ath12k: Fix end offset bit definition in monitor ring descriptor (stable-fixes). - wifi: ath12k: Fix invalid memory access while forming 802.11 header (git-fixes). - wifi: ath12k: Fix memory leak during vdev_id mismatch (git-fixes). - wifi: ath12k: Fix the QoS control field offset to build QoS header (git-fixes). - wifi: ath12k: Improve BSS discovery with hidden SSID in 6 GHz band (stable-fixes). - wifi: ath12k: Pass correct values of center freq1 and center freq2 for 160 MHz (stable-fixes). - wifi: ath12k: Report proper tx completion status to mac80211 (stable-fixes). - wifi: ath12k: fix a possible dead lock caused by ab->base_lock (stable-fixes). - wifi: ath12k: fix ath12k_hal_tx_cmd_ext_desc_setup() info1 override (stable-fixes). - wifi: ath12k: fix cleanup path after mhi init (git-fixes). - wifi: ath12k: fix failed to set mhi state error during reboot with hardware grouping (stable-fixes). - wifi: ath12k: fix incorrect CE addresses (stable-fixes). - wifi: ath12k: fix invalid access to memory (git-fixes). - wifi: ath12k: fix link valid field initialization in the monitor Rx (stable-fixes). - wifi: ath12k: fix macro definition HAL_RX_MSDU_PKT_LENGTH_GET (stable-fixes). - wifi: ath12k: fix node corruption in ar->arvifs list (git-fixes). - wifi: ath12k: fix ring-buffer corruption (git-fixes). - wifi: ath9k: return by of_get_mac_address (stable-fixes). - wifi: ath9k_htc: Abort software beacon handling if disabled (git-fixes). - wifi: carl9170: do not ping device which has failed to load firmware (git-fixes). - wifi: iwlfiwi: mvm: Fix the rate reporting (git-fixes). - wifi: iwlwifi: Add missing MODULE_FIRMWARE for Qu-c0-jf-b0 (stable-fixes). - wifi: iwlwifi: add support for Killer on MTL (stable-fixes). - wifi: iwlwifi: fix debug actions order (stable-fixes). - wifi: iwlwifi: pcie: make sure to lock rxq->read (stable-fixes). - wifi: mac80211: VLAN traffic in multicast path (stable-fixes). - wifi: mac80211: do not offer a mesh path if forwarding is disabled (stable-fixes). - wifi: mac80211: do not unconditionally call drv_mgd_complete_tx() (stable-fixes). - wifi: mac80211: fix beacon interval calculation overflow (git-fixes). - wifi: mac80211: remove misplaced drv_mgd_complete_tx() call (stable-fixes). - wifi: mac80211_hwsim: Prevent tsf from setting if beacon is disabled (stable-fixes). - wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R (stable-fixes). - wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init() (git-fixes). - wifi: mt76: mt7921: add 160 MHz AP for mt7922 device (stable-fixes). - wifi: mt76: mt7925: ensure all MCU commands wait for response (git-fixes). - wifi: mt76: mt7925: fix host interrupt register initialization (git-fixes). - wifi: mt76: mt7925: prevent multiple scan commands (git-fixes). - wifi: mt76: mt7925: refine the sniffer commnad (git-fixes). - wifi: mt76: mt7996: drop fragments with multicast or broadcast RA (stable-fixes). - wifi: mt76: mt7996: fix RX buffer size of MCU event (git-fixes). - wifi: mt76: mt7996: revise TXS size (stable-fixes). - wifi: mt76: mt7996: set EHT max ampdu length capability (git-fixes). - wifi: mt76: only mark tx-status-failed frames as ACKed on mt76x0/2 (stable-fixes). - wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() (git-fixes). - wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 (git-fixes). - wifi: rtw88: Do not use static local variable in rtw8822b_set_tx_power_index_by_rate (stable-fixes). - wifi: rtw88: Fix __rtw_download_firmware() for RTL8814AU (stable-fixes). - wifi: rtw88: Fix download_firmware_validate() for RTL8814AU (stable-fixes). - wifi: rtw88: Fix rtw_desc_to_mcsrate() to handle MCS16-31 (stable-fixes). - wifi: rtw88: Fix rtw_init_ht_cap() for RTL8814AU (stable-fixes). - wifi: rtw88: Fix rtw_init_vht_cap() for RTL8814AU (stable-fixes). - wifi: rtw88: do not ignore hardware read error during DPK (git-fixes). - wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (git-fixes). - wifi: rtw88: sdio: call rtw_sdio_indicate_tx_status unconditionally (git-fixes). - wifi: rtw88: sdio: map mgmt frames to queue TX_DESC_QSEL_MGMT (git-fixes). - wifi: rtw88: usb: Reduce control message timeout to 500 ms (git-fixes). - wifi: rtw89: add wiphy_lock() to work that isn't held wiphy_lock() yet (stable-fixes). - wifi: rtw89: fw: propagate error code from rtw89_h2c_tx() (stable-fixes). - wifi: rtw89: leave idle mode when setting WEP encryption for AP mode (stable-fixes). - wifi: rtw89: pci: enlarge retry times of RX tag to 1000 (git-fixes). - x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt() (git-fixes). - x86/kaslr: Reduce KASLR entropy on most x86 systems (git-fixes). - x86/microcode/AMD: Add get_patch_level() (git-fixes). - x86/microcode/AMD: Do not return error when microcode update is not necessary (git-fixes). - x86/microcode/AMD: Get rid of the _load_microcode_amd() forward declaration (git-fixes). - x86/microcode/AMD: Have __apply_microcode_amd() return bool (git-fixes). - x86/microcode/AMD: Make __verify_patch_size() return bool (git-fixes). - x86/microcode/AMD: Merge early_apply_microcode() into its single callsite (git-fixes). - x86/microcode/AMD: Remove ugly linebreak in __verify_patch_section() signature (git-fixes). - x86/microcode/AMD: Return bool from find_blobs_in_containers() (git-fixes). - x86/microcode: Consolidate the loader enablement checking (git-fixes). - x86/mm/init: Handle the special case of device private pages in add_pages(), to not increase max_pfn and trigger dma_addressing_limited() bounce buffers (git-fixes). - x86/xen: fix balloon target initialization for PVH dom0 (git-fixes). - xen/arm: call uaccess_ttbr0_enable for dm_op hypercall (git-fixes) - xen/x86: fix initial memory balloon target (git-fixes). - xsk: always clear DMA mapping information when unmapping the pool (git-fixes). Important SUSE bug 1012628 SUSE bug 1151679 SUSE bug 1151680 SUSE bug 1151794 SUSE bug 1151927 SUSE bug 1210025 SUSE bug 1211226 SUSE bug 1215199 SUSE bug 1218184 SUSE bug 1223008 SUSE bug 1228557 SUSE bug 1228854 SUSE bug 1232504 SUSE bug 1232882 SUSE bug 1235490 SUSE bug 1235728 SUSE bug 1236208 SUSE bug 1237312 SUSE bug 1237913 SUSE bug 1238859 SUSE bug 1238982 SUSE bug 1240180 SUSE bug 1240577 SUSE bug 1240610 SUSE bug 1240686 SUSE bug 1240723 SUSE bug 1240814 SUSE bug 1240823 SUSE bug 1241166 SUSE bug 1241278 SUSE bug 1241414 SUSE bug 1241544 SUSE bug 1241572 SUSE bug 1241592 SUSE bug 1241617 SUSE bug 1242086 SUSE bug 1242163 SUSE bug 1242504 SUSE bug 1242515 SUSE bug 1242521 SUSE bug 1242556 SUSE bug 1242573 SUSE bug 1242725 SUSE bug 1242846 SUSE bug 1242849 SUSE bug 1242850 SUSE bug 1242907 SUSE bug 1242940 SUSE bug 1242946 SUSE bug 1242954 SUSE bug 1242982 SUSE bug 1243051 SUSE bug 1243060 SUSE bug 1243342 SUSE bug 1243467 SUSE bug 1243475 SUSE bug 1243480 SUSE bug 1243506 SUSE bug 1243523 SUSE bug 1243537 SUSE bug 1243538 SUSE bug 1243542 SUSE bug 1243544 SUSE bug 1243551 SUSE bug 1243571 SUSE bug 1243572 SUSE bug 1243620 SUSE bug 1243628 SUSE bug 1243698 SUSE bug 1243774 SUSE bug 1243782 SUSE bug 1243823 SUSE bug 1243827 SUSE bug 1243832 SUSE bug 1243836 SUSE bug 1243847 SUSE bug 1244100 SUSE bug 1244145 SUSE bug 1244172 SUSE bug 1244176 SUSE bug 1244229 SUSE bug 1244234 SUSE bug 1244241 SUSE bug 1244261 SUSE bug 1244274 SUSE bug 1244275 SUSE bug 1244277 SUSE bug 1244309 SUSE bug 1244313 SUSE bug 1244337 SUSE bug 1244626 SUSE bug 1244725 SUSE bug 1244727 SUSE bug 1244729 SUSE bug 1244731 SUSE bug 1244732 SUSE bug 1244736 SUSE bug 1244737 SUSE bug 1244738 SUSE bug 1244739 SUSE bug 1244743 SUSE bug 1244746 SUSE bug 1244759 SUSE bug 1244789 SUSE bug 1244862 SUSE bug 1244906 SUSE bug 1244938 SUSE bug 1244995 SUSE bug 1244996 SUSE bug 1244999 SUSE bug 1245001 SUSE bug 1245003 SUSE bug 1245004 SUSE bug 1245025 SUSE bug 1245042 SUSE bug 1245046 SUSE bug 1245078 SUSE bug 1245081 SUSE bug 1245082 SUSE bug 1245083 SUSE bug 1245155 SUSE bug 1245183 SUSE bug 1245193 SUSE bug 1245210 SUSE bug 1245217 SUSE bug 1245225 SUSE bug 1245226 SUSE bug 1245228 SUSE bug 1245431 SUSE bug 1245455 CVE-2023-52888 at SUSE CVE-2023-52888 at NVD CVE-2024-26831 at SUSE CVE-2024-26831 at NVD CVE-2024-49568 at SUSE CVE-2024-49568 at NVD CVE-2024-50106 at SUSE CVE-2024-50106 at NVD CVE-2024-56613 at SUSE CVE-2024-56613 at NVD CVE-2024-56699 at SUSE CVE-2024-56699 at NVD CVE-2024-57982 at SUSE CVE-2024-57982 at NVD CVE-2024-58053 at SUSE CVE-2024-58053 at NVD CVE-2025-21658 at SUSE CVE-2025-21658 at NVD CVE-2025-21720 at SUSE CVE-2025-21720 at NVD CVE-2025-21868 at SUSE CVE-2025-21868 at NVD CVE-2025-21898 at SUSE CVE-2025-21898 at NVD CVE-2025-21899 at SUSE CVE-2025-21899 at NVD CVE-2025-21920 at SUSE CVE-2025-21920 at NVD CVE-2025-21938 at SUSE CVE-2025-21938 at NVD CVE-2025-21959 at SUSE CVE-2025-21959 at NVD CVE-2025-21997 at SUSE CVE-2025-21997 at NVD CVE-2025-22035 at SUSE CVE-2025-22035 at NVD CVE-2025-22083 at SUSE CVE-2025-22083 at NVD CVE-2025-22111 at SUSE CVE-2025-22111 at NVD CVE-2025-22113 at SUSE CVE-2025-22113 at NVD CVE-2025-22120 at SUSE CVE-2025-22120 at NVD CVE-2025-23155 at SUSE CVE-2025-23155 at NVD CVE-2025-37738 at SUSE CVE-2025-37738 at NVD CVE-2025-37743 at SUSE CVE-2025-37743 at NVD CVE-2025-37752 at SUSE CVE-2025-37752 at NVD CVE-2025-37756 at SUSE CVE-2025-37756 at NVD CVE-2025-37757 at SUSE CVE-2025-37757 at NVD CVE-2025-37786 at SUSE CVE-2025-37786 at NVD CVE-2025-37800 at SUSE CVE-2025-37800 at NVD CVE-2025-37801 at SUSE CVE-2025-37801 at NVD CVE-2025-37811 at SUSE CVE-2025-37811 at NVD CVE-2025-37844 at SUSE CVE-2025-37844 at NVD CVE-2025-37859 at SUSE CVE-2025-37859 at NVD CVE-2025-37862 at SUSE CVE-2025-37862 at NVD CVE-2025-37865 at SUSE CVE-2025-37865 at NVD CVE-2025-37874 at SUSE CVE-2025-37874 at NVD CVE-2025-37884 at SUSE CVE-2025-37884 at NVD CVE-2025-37909 at SUSE CVE-2025-37909 at NVD CVE-2025-37917 at SUSE CVE-2025-37917 at NVD CVE-2025-37921 at SUSE CVE-2025-37921 at NVD CVE-2025-37923 at SUSE CVE-2025-37923 at NVD CVE-2025-37927 at SUSE CVE-2025-37927 at NVD CVE-2025-37933 at SUSE CVE-2025-37933 at NVD CVE-2025-37936 at SUSE CVE-2025-37936 at NVD CVE-2025-37938 at SUSE CVE-2025-37938 at NVD CVE-2025-37945 at SUSE CVE-2025-37945 at NVD CVE-2025-37946 at SUSE CVE-2025-37946 at NVD CVE-2025-37961 at SUSE CVE-2025-37961 at NVD CVE-2025-37967 at SUSE CVE-2025-37967 at NVD CVE-2025-37968 at SUSE CVE-2025-37968 at NVD CVE-2025-37973 at SUSE CVE-2025-37973 at NVD CVE-2025-37987 at SUSE CVE-2025-37987 at NVD CVE-2025-37992 at SUSE CVE-2025-37992 at NVD CVE-2025-37994 at SUSE CVE-2025-37994 at NVD CVE-2025-37995 at SUSE CVE-2025-37995 at NVD CVE-2025-37997 at SUSE CVE-2025-37997 at NVD CVE-2025-37998 at SUSE CVE-2025-37998 at NVD CVE-2025-38000 at SUSE CVE-2025-38000 at NVD CVE-2025-38001 at SUSE CVE-2025-38001 at NVD CVE-2025-38003 at SUSE CVE-2025-38003 at NVD CVE-2025-38004 at SUSE CVE-2025-38004 at NVD CVE-2025-38005 at SUSE CVE-2025-38005 at NVD CVE-2025-38007 at SUSE CVE-2025-38007 at NVD CVE-2025-38009 at SUSE CVE-2025-38009 at NVD CVE-2025-38010 at SUSE CVE-2025-38010 at NVD CVE-2025-38011 at SUSE CVE-2025-38011 at NVD CVE-2025-38013 at SUSE CVE-2025-38013 at NVD CVE-2025-38014 at SUSE CVE-2025-38014 at NVD CVE-2025-38015 at SUSE CVE-2025-38015 at NVD CVE-2025-38018 at SUSE CVE-2025-38018 at NVD CVE-2025-38020 at SUSE CVE-2025-38020 at NVD CVE-2025-38022 at SUSE CVE-2025-38022 at NVD CVE-2025-38023 at SUSE CVE-2025-38023 at NVD CVE-2025-38024 at SUSE CVE-2025-38024 at NVD CVE-2025-38027 at SUSE CVE-2025-38027 at NVD CVE-2025-38031 at SUSE CVE-2025-38031 at NVD CVE-2025-38040 at SUSE CVE-2025-38040 at NVD CVE-2025-38043 at SUSE CVE-2025-38043 at NVD CVE-2025-38044 at SUSE CVE-2025-38044 at NVD CVE-2025-38045 at SUSE CVE-2025-38045 at NVD CVE-2025-38053 at SUSE CVE-2025-38053 at NVD CVE-2025-38057 at SUSE CVE-2025-38057 at NVD CVE-2025-38059 at SUSE CVE-2025-38059 at NVD CVE-2025-38060 at SUSE CVE-2025-38060 at NVD CVE-2025-38065 at SUSE CVE-2025-38065 at NVD CVE-2025-38068 at SUSE CVE-2025-38068 at NVD CVE-2025-38072 at SUSE CVE-2025-38072 at NVD CVE-2025-38077 at SUSE CVE-2025-38077 at NVD CVE-2025-38078 at SUSE CVE-2025-38078 at NVD CVE-2025-38079 at SUSE CVE-2025-38079 at NVD CVE-2025-38080 at SUSE CVE-2025-38080 at NVD CVE-2025-38081 at SUSE CVE-2025-38081 at NVD CVE-2025-38083 at SUSE CVE-2025-38083 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-starlette (Moderate) openSUSE Leap 15.6 This update for python-starlette fixes the following issues: - CVE-2025-54121: Correctly parse multi-part form with large files to avoid DoS. (bsc#1246855) Moderate SUSE bug 1246855 CVE-2025-54121 at SUSE CVE-2025-54121 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-1_8_0-openj9 (Important) openSUSE Leap 15.6 This update for java-1_8_0-openj9 fixes the following issues: Update to OpenJDK 8u462 build 08 with OpenJ9 0.53.0 virtual machine: - CVE-2025-30749: several scenarios can lead to heap corruption (Oracle CPU 2025-07) (bsc#1246595) - CVE-2025-30754: incomplete handshake may lead to weakening TLS protections (Oracle CPU 2025-07) (bsc#1246598) - CVE-2025-30761: Improve scripting supports (Oracle CPU 2025-07) (bsc#1246580) - CVE-2025-50059: Improve HTTP client header handling (Oracle CPU 2025-07) (bsc#1246575) Important SUSE bug 1246575 SUSE bug 1246580 SUSE bug 1246595 SUSE bug 1246598 CVE-2025-30749 at SUSE CVE-2025-30749 at NVD CVE-2025-30754 at SUSE CVE-2025-30754 at NVD CVE-2025-30761 at SUSE CVE-2025-30761 at NVD CVE-2025-50059 at SUSE CVE-2025-50059 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaThunderbird (Important) openSUSE Leap 15.6 This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 140.1 (MFSA 2025-63) (bsc#1246664): - CVE-2025-8027: JavaScript engine only wrote partial return value to stack (bmo#1968423) - CVE-2025-8028: Large branch table could lead to truncated instruction (bmo#1971581) - CVE-2025-8029: javascript: URLs executed on object and embed tags (bmo#1928021) - CVE-2025-8036: DNS rebinding circumvents CORS (bmo#1960834) - CVE-2025-8037: Nameless cookies shadow secure cookies (bmo#1964767) - CVE-2025-8030: Potential user-assisted code execution in 'Copy as cURL' command (bmo#1968414) - CVE-2025-8031: Incorrect URL stripping in CSP reports (bmo#1971719) - CVE-2025-8032: XSLT documents could bypass CSP (bmo#1974407) - CVE-2025-8038: CSP frame-src was not correctly enforced for paths (bmo#1808979) - CVE-2025-8039: Search terms persisted in URL bar (bmo#1970997) - CVE-2025-8033: Incorrect JavaScript state machine for generators (bmo#1973990) - CVE-2025-8034: Memory safety bugs fixed in Firefox ESR 115.26, Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 (bmo#1970422, bmo#1970422, bmo#1970422, bmo#1970422) - CVE-2025-8040: Memory safety bugs fixed in Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 (bmo#1975058, bmo#1975058, bmo#1975998, bmo#1975998) - CVE-2025-8035: Memory safety bugs fixed in Firefox ESR 128.13, Thunderbird ESR 128.13, Firefox ESR 140.1, Thunderbird ESR 140.1, Firefox 141 and Thunderbird 141 (bmo#1975961, bmo#1975961, bmo#1975961) Update to Mozilla Thunderbird 140.0.1 (MFSA 2025-54) (bsc#1244670): - CVE-2025-6424: Use-after-free in FontFaceSet (bmo#1966423) - CVE-2025-6425: The WebCompat WebExtension shipped exposed a persistent UUID (bmo#1717672) - CVE-2025-6426: No warning when opening executable terminal files on macOS (bmo#1964385) - CVE-2025-6427: connect-src Content Security Policy restriction could be bypassed (bmo#1966927) - CVE-2025-6429: Incorrect parsing of URLs could have allowed embedding of youtube.com (bmo#1970658) - CVE-2025-6430: Content-Disposition header ignored when a file is included in an embed or object tag (bmo#1971140) - CVE-2025-6432: DNS Requests leaked outside of a configured SOCKS proxy (bmo#1943804) - CVE-2025-6433: WebAuthn would allow a user to sign a challenge on a webpage with an invalid TLS certificate (bmo#1954033) - CVE-2025-6434: HTTPS-Only exception screen lacked anti-clickjacking delay (bmo#1955182) - CVE-2025-6435: Save as in Devtools could download files without sanitizing the extension (bmo#1950056, bmo#1961777) - CVE-2025-6436: Memory safety bugs fixed in Firefox 140 and Thunderbird 140 (bmo#1941377, bmo#1960948, bmo#1966187, bmo#1966505, bmo#1970764) Important SUSE bug 1244670 SUSE bug 1246664 CVE-2025-6424 at SUSE CVE-2025-6424 at NVD CVE-2025-6425 at SUSE CVE-2025-6425 at NVD CVE-2025-6426 at SUSE CVE-2025-6426 at NVD CVE-2025-6427 at SUSE CVE-2025-6427 at NVD CVE-2025-6429 at SUSE CVE-2025-6429 at NVD CVE-2025-6430 at SUSE CVE-2025-6430 at NVD CVE-2025-6432 at SUSE CVE-2025-6432 at NVD CVE-2025-6433 at SUSE CVE-2025-6433 at NVD CVE-2025-6434 at SUSE CVE-2025-6434 at NVD CVE-2025-6435 at SUSE CVE-2025-6435 at NVD CVE-2025-6436 at SUSE CVE-2025-6436 at NVD CVE-2025-8027 at SUSE CVE-2025-8027 at NVD CVE-2025-8028 at SUSE CVE-2025-8028 at NVD CVE-2025-8029 at SUSE CVE-2025-8029 at NVD CVE-2025-8030 at SUSE CVE-2025-8030 at NVD CVE-2025-8031 at SUSE CVE-2025-8031 at NVD CVE-2025-8032 at SUSE CVE-2025-8032 at NVD CVE-2025-8033 at SUSE CVE-2025-8033 at NVD CVE-2025-8034 at SUSE CVE-2025-8034 at NVD CVE-2025-8035 at SUSE CVE-2025-8035 at NVD CVE-2025-8036 at SUSE CVE-2025-8036 at NVD CVE-2025-8037 at SUSE CVE-2025-8037 at NVD CVE-2025-8038 at SUSE CVE-2025-8038 at NVD CVE-2025-8039 at SUSE CVE-2025-8039 at NVD CVE-2025-8040 at SUSE CVE-2025-8040 at NVD cpe:/o:opensuse:leap:15.6 Recommended update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container (Moderate) openSUSE Leap 15.6 This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues: - Revert commits adding zero block detection feature in 1.4.1 (bsc#1244548) - rebuild with current GO compiler. Moderate SUSE bug 1244548 cpe:/o:opensuse:leap:15.6 Security update for rmt-server (Important) openSUSE Leap 15.6 This update for rmt-server fixes the following issues: - Update to version 2.23 - CVE-2025-46727: Fixed Unbounded-Parameter DoS in Rack:QueryParser. (bsc#1242893) - CVE-2025-32441: Fixed a bug where simultaneous rack requests can restore a deleted rack session. (bsc#1242898) Important SUSE bug 1242893 SUSE bug 1242898 SUSE bug 1244166 CVE-2025-32441 at SUSE CVE-2025-32441 at NVD CVE-2025-46727 at SUSE CVE-2025-46727 at NVD cpe:/o:opensuse:leap:15.6 Security update for libarchive (Moderate) openSUSE Leap 15.6 This update for libarchive fixes the following issues: - CVE-2025-5914: Fixed double free due to an integer overflow in the archive_read_format_rar_seek_data() function (bsc#1244272) - CVE-2025-5915: Fixed heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c (bsc#1244273) - CVE-2025-5916: Fixed integer overflow while reading warc files at archive_read_support_format_warc.c (bsc#1244270) - CVE-2025-5917: Fixed off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c (bsc#1244336) - CVE-2025-5918: Fixed reading past EOF may be triggered for piped file streams (bsc#1244279) Moderate SUSE bug 1244270 SUSE bug 1244272 SUSE bug 1244273 SUSE bug 1244279 SUSE bug 1244336 CVE-2025-5914 at SUSE CVE-2025-5914 at NVD CVE-2025-5915 at SUSE CVE-2025-5915 at NVD CVE-2025-5916 at SUSE CVE-2025-5916 at NVD CVE-2025-5917 at SUSE CVE-2025-5917 at NVD CVE-2025-5918 at SUSE CVE-2025-5918 at NVD cpe:/o:opensuse:leap:15.6 Security update for rav1e (Moderate) openSUSE Leap 15.6 This update for rav1e fixes the following issues: - CVE-2024-12224: Fixed improper validation of unsafe equivalence in punycode. (bsc#1243855) Moderate SUSE bug 1243855 CVE-2024-12224 at SUSE CVE-2024-12224 at NVD cpe:/o:opensuse:leap:15.6 Security update for cosign (Important) openSUSE Leap 15.6 This update for cosign fixes the following issues: Update to version 2.5.3 (jsc#SLE-23879): - CVE-2025-46569: Fixed OPA server Data API HTTP path injection of Rego (bsc#1246725) Changelog: Update to 2.5.3: - Add signing-config create command (#4280) - Allow multiple services to be specified for trusted-root create (#4285) - force when copying the latest image to overwrite (#4298) - Fix cert verification logic for trusted-root/SCTs (#4294) - Fix lint error for types package (#4295) - feat: Add OCI 1.1+ experimental support to tree (#4205) - Add validity period end for trusted-root create (#4271) - avoid double-loading trustedroot from file (#4264) Update to 2.5.2: - Do not load trusted root when CT env key is set - docs: improve doc for --no-upload option (#4206) Update to 2.5.1: - Add Rekor v2 support for trusted-root create (#4242) - Add baseUrl and Uri to trusted-root create command - Upgrade to TUF v2 client with trusted root - Don't verify SCT for a private PKI cert (#4225) - Bump TSA library to relax EKU chain validation rules (#4219) - Bump sigstore-go to pick up log index=0 fix (#4162) - remove unused recursive flag on attest command (#4187) Important SUSE bug 1246725 CVE-2025-46569 at SUSE CVE-2025-46569 at NVD cpe:/o:opensuse:leap:15.6 Security update for valkey (Important) openSUSE Leap 15.6 This update for valkey fixes the following issues: - CVE-2025-32023: Fixed an out-of-bounds write when working with HyperLogLog commands that can lead to remote code execution. (bsc#1246059) - CVE-2025-48367: Fixed unauthenticated connection causing repeated IP protocol erros that can lead to client starvation and DoS. (bsc#1246058) Important SUSE bug 1246058 SUSE bug 1246059 CVE-2025-32023 at SUSE CVE-2025-32023 at NVD CVE-2025-48367 at SUSE CVE-2025-48367 at NVD cpe:/o:opensuse:leap:15.6 Security update for gnutls (Important) openSUSE Leap 15.6 This update for gnutls fixes the following issues: - CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299) - CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232) - CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233) - CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267) Important SUSE bug 1246232 SUSE bug 1246233 SUSE bug 1246267 SUSE bug 1246299 CVE-2025-32988 at SUSE CVE-2025-32988 at NVD CVE-2025-32989 at SUSE CVE-2025-32989 at NVD CVE-2025-32990 at SUSE CVE-2025-32990 at NVD CVE-2025-6395 at SUSE CVE-2025-6395 at NVD cpe:/o:opensuse:leap:15.6 Security update for python310 (Moderate) openSUSE Leap 15.6 This update for python310 fixes the following issues: - CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705). Moderate SUSE bug 1244705 CVE-2025-6069 at SUSE CVE-2025-6069 at NVD cpe:/o:opensuse:leap:15.6 Security update for libxml2 (Important) openSUSE Leap 15.6 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) Important SUSE bug 1246296 CVE-2025-7425 at SUSE CVE-2025-7425 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-21-openjdk (Important) openSUSE Leap 15.6 This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.8+9 (July 2025 CPU): Security fixes: - CVE-2025-30749: several scenarios can lead to heap corruption (bsc#1246595) - CVE-2025-30754: incomplete handshake may lead to weakening TLS protections (bsc#1246598) - CVE-2025-50059: Improve HTTP client header handling (bsc#1246575) - CVE-2025-50106: Glyph out-of-memory access and crash (bsc#1246584) Other fixes: - Allow compilation of openjdk for 40 years (bsc#1213796) Changelog: + JDK-6956385: URLConnection.getLastModified() leaks file handles for jar:file and file: URLs + JDK-8051591: Test javax/swing/JTabbedPane/8007563/Test8007563.java fails + JDK-8136895: Writer not closed with disk full error, file resource leaked + JDK-8180450: secondary_super_cache does not scale well + JDK-8183348: Better cleanup for jdk/test/sun/security/pkcs12/P12SecretKey.java + JDK-8200566: DistributionPointFetcher fails to fetch CRLs if the DistributionPoints field contains more than one DistributionPoint and the first one fails + JDK-8202100: Merge vm/share/InMemoryJavaCompiler w/ jdk/test/lib/compiler/InMemoryJavaCompiler + JDK-8210471: GZIPInputStream constructor could leak an un-end()ed Inflater + JDK-8211400: nsk.share.gc.Memory::getArrayLength returns wrong value + JDK-8220213: com/sun/jndi/dns/ConfigTests/Timeout.java failed intermittent + JDK-8249831: Test sun/security/mscapi/nonUniqueAliases/ /NonUniqueAliases.java is marked with @ignore + JDK-8253440: serviceability/sa/TestJhsdbJstackLineNumbers.java failed with 'Didn't find enough line numbers' + JDK-8256211: assert fired in java/net/httpclient/DependentPromiseActionsTest (infrequent) + JDK-8258483: [TESTBUG] gtest CollectorPolicy.young_scaled_initial_ergo_vm fails if heap is too small + JDK-8267174: Many test files have the wrong Copyright header + JDK-8270269: Desktop.browse method fails if earlier CoInitialize call as COINIT_MULTITHREADED + JDK-8276995: Bug in jdk.jfr.event.gc.collection.TestSystemGC + JDK-8279016: JFR Leak Profiler is broken with Shenandoah + JDK-8280991: [XWayland] No displayChanged event after setDisplayMode call + JDK-8281511: java/net/ipv6tests/UdpTest.java fails with checkTime failed + JDK-8282726: java/net/vthread/BlockingSocketOps.java timeout/hang intermittently on Windows + JDK-8286204: [Accessibility,macOS,VoiceOver] VoiceOver reads the spinner value 10 as 1 when user iterates to 10 for the first time on macOS + JDK-8286789: Test forceEarlyReturn002.java timed out + JDK-8286875: ProgrammableUpcallHandler::on_entry/on_exit access thread fields from native + JDK-8294155: Exception thrown before awaitAndCheck hangs PassFailJFrame + JDK-8295804: javax/swing/JFileChooser/ /JFileChooserSetLocationTest.java failed with 'setLocation() is not working properly' + JDK-8297692: Avoid sending per-region GCPhaseParallel JFR events in G1ScanCollectionSetRegionClosure + JDK-8303770: Remove Baltimore root certificate expiring in May 2025 + JDK-8305010: Test vmTestbase/nsk/jvmti/scenarios/sampling/ /SP05/sp05t003/TestDescription.java timed out: thread not suspended + JDK-8307318: Test serviceability/sa/ /ClhsdbCDSJstackPrintAll.java failed: ArrayIndexOutOfBoundsException + JDK-8307824: Clean up Finalizable.java and finalize terminology in vmTestbase/nsk/share + JDK-8308033: The jcmd thread dump related tests should test virtual threads + JDK-8308966: Add intrinsic for float/double modulo for x86 AVX2 and AVX512 + JDK-8309667: TLS handshake fails because of ConcurrentModificationException in PKCS12KeyStore .engineGetEntry + JDK-8309841: Jarsigner should print a warning if an entry is removed + JDK-8309978: [x64] Fix useless padding + JDK-8310066: Improve test coverage for JVMTI GetThreadState on carrier and mounted vthread + JDK-8310525: DynamicLauncher for JDP test needs to try harder to find a free port + JDK-8310643: Misformatted copyright messages in FFM + JDK-8312246: NPE when HSDB visits bad oop + JDK-8312475: org.jline.util.PumpReader signed byte problem + JDK-8313290: Misleading exception message from STS.Subtask::get when task forked after shutdown + JDK-8313430: [JVMCI] fatal error: Never compilable: in JVMCI shutdown + JDK-8313654: Test WaitNotifySuspendedVThreadTest.java timed out + JDK-8314056: Remove runtime platform check from frem/drem + JDK-8314136: Test java/net/httpclient/CancelRequestTest.java failed: WARNING: tracker for HttpClientImpl(42) has outstanding operations + JDK-8314236: Overflow in Collections.rotate + JDK-8314319: LogCompilation doesn't reset lateInlining when it encounters a failure. + JDK-8314840: 3 gc/epsilon tests ignore external vm options + JDK-8314842: zgc/genzgc tests ignore vm flags + JDK-8315128: jdk/jfr/event/runtime/ /TestResidentSetSizeEvent.java fails with 'The size should be less than or equal to peak' + JDK-8315484: java/awt/dnd/RejectDragDropActionTest.java timed out + JDK-8315669: Open source several Swing PopupMenu related tests + JDK-8315742: Open source several Swing Scroll related tests + JDK-8315827: Kitchensink.java and RenaissanceStressTest.java time out with jvmti module errors + JDK-8315871: Opensource five more Swing regression tests + JDK-8315876: Open source several Swing CSS related tests + JDK-8315951: Open source several Swing HTMLEditorKit related tests + JDK-8315981: Opensource five more random Swing tests + JDK-8316061: Open source several Swing RootPane and Slider related tests + JDK-8316324: Opensource five miscellaneous Swing tests + JDK-8316388: Opensource five Swing component related regression tests + JDK-8316452: java/lang/instrument/modules/ /AppendToClassPathModuleTest.java ignores VM flags + JDK-8316497: ColorConvertOp - typo for non-ICC conversions needs one-line fix + JDK-8316580: HttpClient with StructuredTaskScope does not close when a task fails + JDK-8316629: j.text.DateFormatSymbols setZoneStrings() exception is unhelpful + JDK-8317264: Pattern.Bound has `static` fields that should be `static final`. + JDK-8318509: x86 count_positives intrinsic broken for -XX:AVX3Threshold=0 + JDK-8318636: Add jcmd to print annotated process memory map + JDK-8318700: MacOS Zero cannot run gtests due to wrong JVM path + JDK-8318811: Compiler directives parser swallows a character after line comments + JDK-8318915: Enhance checks in BigDecimal.toPlainString() + JDK-8319439: Move BufferNode from PtrQueue files to new files + JDK-8319572: Test jdk/incubator/vector/LoadJsvmlTest.java ignores VM flags + JDK-8319690: [AArch64] C2 compilation hits offset_ok_for_immed: assert 'c2 compiler bug' + JDK-8320687: sun.jvmstat.monitor.MonitoredHost .getMonitoredHost() throws unexpected exceptions when invoked concurrently + JDK-8320948: NPE due to unreported compiler error + JDK-8321204: C2: assert(false) failed: node should be in igvn hash table + JDK-8321479: java -D-D crashes + JDK-8321931: memory_swap_current_in_bytes reports 0 as 'unlimited' + JDK-8322141: SequenceInputStream.transferTo should not return as soon as Long.MAX_VALUE bytes have been transferred + JDK-8322475: Extend printing for System.map + JDK-8323795: jcmd Compiler.codecache should print total size of code cache + JDK-8324345: Stack overflow during C2 compilation when splitting memory phi + JDK-8324678: Replace NULL with nullptr in HotSpot gtests + JDK-8324681: Replace NULL with nullptr in HotSpot jtreg test native code files + JDK-8324799: Use correct extension for C++ test headers + JDK-8324880: Rename get_stack_trace.h + JDK-8325055: Rename Injector.h + JDK-8325180: Rename jvmti_FollowRefObjects.h + JDK-8325347: Rename native_thread.h + JDK-8325367: Rename nsk_list.h + JDK-8325435: [macos] Menu or JPopupMenu not closed when main window is resized + JDK-8325456: Rename nsk_mutex.h + JDK-8325458: Rename mlvmJvmtiUtils.h + JDK-8325680: Uninitialised memory in deleteGSSCB of GSSLibStub.c:179 + JDK-8325682: Rename nsk_strace.h + JDK-8325910: Rename jnihelper.h + JDK-8326090: Rename jvmti_aod.h + JDK-8326389: [test] improve assertEquals failure output + JDK-8326524: Rename agent_common.h + JDK-8326586: Improve Speed of System.map + JDK-8327071: [Testbug] g-tests for cgroup leave files in /tmp on linux + JDK-8327169: serviceability/dcmd/vm/SystemMapTest.java and SystemDumpMapTest.java may fail after JDK-8326586 + JDK-8327370: (ch) sun.nio.ch.Poller.register throws AssertionError + JDK-8327461: KeyStore getEntry is not thread-safe + JDK-8328107: Shenandoah/C2: TestVerifyLoopOptimizations test failure + JDK-8328301: Convert Applet test ManualHTMLDataFlavorTest.java to main program + JDK-8328482: Convert and Open source few manual applet test to main based + JDK-8328484: Convert and Opensource few JFileChooser applet test to main + JDK-8328648: Remove applet usage from JFileChooser tests bug4150029 + JDK-8328670: Automate and open source few closed manual applet test + JDK-8328673: Convert closed text/html/CSS manual applet test to main + JDK-8328864: NullPointerException in sun.security.jca.ProviderList.getService() + JDK-8329261: G1: interpreter post-barrier x86 code asserts index size of wrong buffer + JDK-8329729: java/util/Properties/StoreReproducibilityTest.java times out + JDK-8330106: C2: VectorInsertNode::make() shouldn't call ConINode::make() directly + JDK-8330158: C2: Loop strip mining uses ABS with min int + JDK-8330534: Update nsk/jdwp tests to use driver instead of othervm + JDK-8330598: java/net/httpclient/Http1ChunkedTest.java fails with java.util.MissingFormatArgumentException: Format specifier '%s' + JDK-8330936: [ubsan] exclude function BilinearInterp and ShapeSINextSpan in libawt java2d from ubsan checks + JDK-8331088: Incorrect TraceLoopPredicate output + JDK-8331735: UpcallLinker::on_exit races with GC when copying frame anchor + JDK-8332252: Clean up vmTestbase/vm/share + JDK-8332506: SIGFPE In ObjectSynchronizer::is_async_deflation_needed() + JDK-8332631: Update nsk.share.jpda.BindServer to don't use finalization + JDK-8332641: Update nsk.share.jpda.Jdb to don't use finalization + JDK-8332880: JFR GCHelper class recognizes 'Archive' regions as valid + JDK-8332921: Ctrl+C does not call shutdown hooks after JLine upgrade + JDK-8333013: Update vmTestbase/nsk/share/LocalProcess.java to don't use finalization + JDK-8333117: Remove support of remote and manual debuggee launchers + JDK-8333680: com/sun/tools/attach/BasicTests.java fails with 'SocketException: Permission denied: connect' + JDK-8333805: Replaying compilation with null static final fields results in a crash + JDK-8333890: Fatal error in auto-vectorizer with float16 kernel. + JDK-8334644: Automate javax/print/attribute/PageRangesException.java + JDK-8334780: Crash: assert(h_array_list.not_null()) failed: invariant + JDK-8334895: OpenJDK fails to configure on linux aarch64 when CDS is disabled after JDK-8331942 + JDK-8335181: Incorrect handling of HTTP/2 GOAWAY frames in HttpClient + JDK-8335643: serviceability/dcmd/vm tests fail for ZGC after JDK-8322475 + JDK-8335662: [AArch64] C1: guarantee(val < (1ULL << nbits)) failed: Field too big for insn + JDK-8335684: Test ThreadCpuTime.java should pause like ThreadCpuTimeArray.java + JDK-8335710: serviceability/dcmd/vm/SystemDumpMapTest.java and SystemMapTest.java fail on Linux Alpine after 8322475 + JDK-8335836: serviceability/jvmti/StartPhase/AllowedFunctions/ /AllowedFunctions.java fails with unexpected exit code: 112 + JDK-8335860: compiler/vectorization/ /TestFloat16VectorConvChain.java fails with non-standard AVX/SSE settings + JDK-8336042: Caller/callee param size mismatch in deoptimization causes crash + JDK-8336499: Failure when creating non-CRT RSA private keys in SunPKCS11 + JDK-8336587: failure_handler lldb command times out on macosx-aarch64 core file + JDK-8336827: compiler/vectorization/ /TestFloat16VectorConvChain.java timeouts on ppc64 platforms after JDK-8335860 + JDK-8337221: CompileFramework: test library to conveniently compile java and jasm sources for fuzzing + JDK-8337299: vmTestbase/nsk/jdb/stop_at/stop_at002/ /stop_at002.java failure goes undetected + JDK-8337681: PNGImageWriter uses much more memory than necessary + JDK-8337795: Type annotation attached to incorrect type during class reading + JDK-8337958: Out-of-bounds array access in secondary_super_cache + JDK-8337981: ShenandoahHeap::is_in should check for alive regions + JDK-8337998: CompletionFailure in getEnclosingType attaching type annotations + JDK-8338010: WB_IsFrameDeoptimized miss ResourceMark + JDK-8338064: Give better error for ConcurrentHashTable corruption + JDK-8338136: Hotspot should support multiple large page sizes on Windows + JDK-8338154: Fix -Wzero-as-null-pointer-constant warnings in gtest framework + JDK-8338202: Shenandoah: Improve handshake closure labels + JDK-8338314: JFR: Split JFRCheckpoint VM operation + JDK-8339148: Make os::Linux::active_processor_count() public + JDK-8339288: Improve diagnostic logging runtime/cds/DeterministicDump.java + JDK-8339300: CollectorPolicy.young_scaled_initial_ergo_vm gtest fails on ppc64 based platforms + JDK-8339538: Wrong timeout computations in DnsClient + JDK-8339639: Opensource few AWT PopupMenu tests + JDK-8339678: Update runtime/condy tests to be executed with VM flags + JDK-8339727: Open source several AWT focus tests - series 1 + JDK-8339769: Incorrect error message during startup if working directory does not exist + JDK-8339794: Open source closed choice tests #1 + JDK-8339810: Clean up the code in sun.tools.jar.Main to properly close resources and use ZipFile during extract + JDK-8339836: Open source several AWT Mouse tests - Batch 1 + JDK-8339842: Open source several AWT focus tests - series 2 + JDK-8339895: Open source several AWT focus tests - series 3 + JDK-8339906: Open source several AWT focus tests - series 4 + JDK-8339935: Open source several AWT focus tests - series 5 + JDK-8339982: Open source several AWT Mouse tests - Batch 2 + JDK-8339984: Open source AWT MenuItem related tests + JDK-8339995: Open source several AWT focus tests - series 6 + JDK-8340024: In ClassReader, extract a constant for the superclass supertype_index + JDK-8340077: Open source few Checkbox tests - Set2 + JDK-8340084: Open source AWT Frame related tests + JDK-8340143: Open source several Java2D rendering loop tests. + JDK-8340146: ZGC: TestAllocateHeapAt.java should not run with UseLargePages + JDK-8340164: Open source few Component tests - Set1 + JDK-8340173: Open source some Component/Panel/EventQueue tests - Set2 + JDK-8340176: Replace usage of -noclassgc with -Xnoclassgc in test/jdk/java/lang/management/MemoryMXBean/LowMemoryTest2.java + JDK-8340193: Open source several AWT Dialog tests - Batch 1 + JDK-8340228: Open source couple more miscellaneous AWT tests + JDK-8340271: Open source several AWT Robot tests + JDK-8340279: Open source several AWT Dialog tests - Batch 2 + JDK-8340332: Open source mixed AWT tests - Set3 + JDK-8340366: Open source several AWT Dialog tests - Batch 3 + JDK-8340367: Opensource few AWT image tests + JDK-8340393: Open source closed choice tests #2 + JDK-8340407: Open source a few more Component related tests + JDK-8340417: Open source some MenuBar tests - Set1 + JDK-8340432: Open source some MenuBar tests - Set2 + JDK-8340433: Open source closed choice tests #3 + JDK-8340437: Open source few more AWT Frame related tests + JDK-8340458: Open source additional Component tests (part 2) + JDK-8340555: Open source DnD tests - Set4 + JDK-8340560: Open Source several AWT/2D font and rendering tests + JDK-8340605: Open source several AWT PopupMenu tests + JDK-8340621: Open source several AWT List tests + JDK-8340625: Open source additional Component tests (part 3) + JDK-8340639: Open source few more AWT List tests + JDK-8340713: Open source DnD tests - Set5 + JDK-8340784: Remove PassFailJFrame constructor with screenshots + JDK-8340790: Open source several AWT Dialog tests - Batch 4 + JDK-8340809: Open source few more AWT PopupMenu tests + JDK-8340874: Open source some of the AWT Geometry/Button tests + JDK-8340907: Open source closed frame tests # 2 + JDK-8340966: Open source few Checkbox and Cursor tests - Set1 + JDK-8340967: Open source few Cursor tests - Set2 + JDK-8340978: Open source few DnD tests - Set6 + JDK-8340985: Open source some Desktop related tests + JDK-8341000: Open source some of the AWT Window tests + JDK-8341004: Open source AWT FileDialog related tests + JDK-8341072: Open source several AWT Canvas and Rectangle related tests + JDK-8341128: open source some 2d graphics tests + JDK-8341148: Open source several Choice related tests + JDK-8341162: Open source some of the AWT window test + JDK-8341170: Open source several Choice related tests (part 2) + JDK-8341177: Opensource few List and a Window test + JDK-8341191: Open source few more AWT FileDialog tests + JDK-8341239: Open source closed frame tests # 3 + JDK-8341257: Open source few DND tests - Set1 + JDK-8341258: Open source few various AWT tests - Set1 + JDK-8341278: Open source few TrayIcon tests - Set7 + JDK-8341298: Open source more AWT window tests + JDK-8341373: Open source closed frame tests # 4 + JDK-8341378: Open source few TrayIcon tests - Set8 + JDK-8341447: Open source closed frame tests # 5 + JDK-8341535: sun/awt/font/TestDevTransform.java fails with RuntimeException: Different rendering + JDK-8341637: java/net/Socket/UdpSocket.java fails with 'java.net.BindException: Address already in use' (macos-aarch64) + JDK-8341779: [REDO BACKPORT] type annotations are not visible to javac plugins across compilation boundaries (JDK-8225377) + JDK-8341972: java/awt/dnd/DnDRemoveFocusOwnerCrashTest.java timed out after JDK-8341257 + JDK-8342075: HttpClient: improve HTTP/2 flow control checks + JDK-8342376: More reliable OOM handling in ExceptionDuringDumpAtObjectsInitPhase test + JDK-8342524: Use latch in AbstractButton/bug6298940.java instead of delay + JDK-8342633: javax/management/security/ /HashedPasswordFileTest.java creates tmp file in src dir + JDK-8342958: Use jvmArgs consistently in microbenchmarks + JDK-8343019: Primitive caches must use boxed instances from the archive + JDK-8343037: Missing @since tag on JColorChooser.showDialog overload + JDK-8343103: Enable debug logging for vmTestbase/nsk/jvmti/ /scenarios/sampling/SP05/sp05t003/TestDescription.java + JDK-8343124: Tests fails with java.lang.IllegalAccessException: class com.sun.javatest.regtest.agent.MainWrapper$MainTask cannot access + JDK-8343144: UpcallLinker::on_entry racingly clears pending exception with GC safepoints + JDK-8343170: java/awt/Cursor/JPanelCursorTest/ /JPanelCursorTest.java does not show the default cursor + JDK-8343224: print/Dialog/PaperSizeError.java fails with MediaSizeName is not A4: A4 + JDK-8343342: java/io/File/GetXSpace.java fails on Windows with CD-ROM drive + JDK-8343345: Use -jvmArgsPrepend when running microbenchmarks in RunTests.gmk + JDK-8343529: serviceability/sa/ClhsdbWhere.java fails AssertionFailure: Corrupted constant pool + JDK-8343754: Problemlist jdk/jfr/event/oldobject/TestShenandoah.java after JDK-8279016 + JDK-8343855: HTTP/2 ConnectionWindowUpdateSender may miss some unprocessed DataFrames from closed streams + JDK-8343891: Test javax/swing/JTabbedPane/ /TestJTabbedPaneBackgroundColor.java failed + JDK-8343936: Adjust timeout in test javax/management/monitor/DerivedGaugeMonitorTest.java + JDK-8344316: security/auth/callback/TextCallbackHandler/ /Password.java make runnable with JTReg and add the UI + JDK-8344346: java/net/httpclient/ShutdownNow.java fails with java.lang.AssertionError: client was still running, but exited after further delay: timeout should be adjusted + JDK-8344361: Restore null return for invalid services from legacy providers + JDK-8344414: ZGC: Another division by zero in rule_major_allocation_rate + JDK-8344925: translet-name ignored when package-name is also set + JDK-8345133: Test sun/security/tools/jarsigner/ /TsacertOptionTest.java failed: Warning found in stdout + JDK-8345134: Test sun/security/tools/jarsigner/ /ConciseJarsigner.java failed: unable to find valid certification path to requested target + JDK-8345146: [PPC64] Make intrinsic conversions between bit representations of half precision values and floats + JDK-8345341: Fix incorrect log message in JDI stop002t test + JDK-8345357: test/jdk/javax/swing/JRadioButton/8033699/ /bug8033699.java fails in ubuntu22.04 + JDK-8345447: test/jdk/javax/swing/JToolBar/4529206/ /bug4529206.java fails in ubuntu22.04 + JDK-8345547: test/jdk/javax/swing/text/DefaultEditorKit/ /4278839/bug4278839.java fails in ubuntu22.04 + JDK-8345598: Upgrade NSS binaries for interop tests + JDK-8345625: Better HTTP connections + JDK-8345728: [Accessibility,macOS,Screen Magnifier]: JCheckbox unchecked state does not magnify but works for checked state + JDK-8345838: Remove the appcds/javaldr/AnonVmClassesDuringDump.java test + JDK-8346049: jdk/test/lib/security/timestamp/TsaServer.java warnings + JDK-8346082: Output JVMTI agent information in hserr files + JDK-8346264: 'Total compile time' counter should include time spent in failing/bailout compiles + JDK-8346581: JRadioButton/ButtonGroupFocusTest.java fails in CI on Linux + JDK-8346888: [ubsan] block.cpp:1617:30: runtime error: 9.97582e+36 is outside the range of representable values of type 'int' + JDK-8347000: Bug in com/sun/net/httpserver/bugs/B6361557.java test + JDK-8347019: Test javax/swing/JRadioButton/8033699/ /bug8033699.java still fails: Focus is not on Radio Button Single as Expected + JDK-8347083: Incomplete logging in nsk/jvmti/ /ResourceExhausted/resexhausted00* tests + JDK-8347126: gc/stress/TestStressG1Uncommit.java gets OOM-killed + JDK-8347173: java/net/DatagramSocket/ /InterruptibleDatagramSocket.java fails with virtual thread factory + JDK-8347286: (fs) Remove some extensions from java/nio/file/Files/probeContentType/Basic.java + JDK-8347296: WinInstallerUiTest fails in local test runs if the path to test work directory is longer that regular + JDK-8347373: HTTP/2 flow control checks may count unprocessed data twice + JDK-8347506: Compatible OCSP readtimeout property with OCSP timeout + JDK-8347596: Update HSS/LMS public key encoding + JDK-8347629: Test FailOverDirectExecutionControlTest.java fails with -Xcomp + JDK-8347995: Race condition in jdk/java/net/httpclient/ /offline/FixedResponseHttpClient.java + JDK-8348107: test/jdk/java/net/httpclient/ /HttpsTunnelAuthTest.java fails intermittently + JDK-8348110: Update LCMS to 2.17 + JDK-8348299: Update List/ItemEventTest/ItemEventTest.java + JDK-8348323: Corrupted timezone string in JVM crash log + JDK-8348596: Update FreeType to 2.13.3 + JDK-8348597: Update HarfBuzz to 10.4.0 + JDK-8348598: Update Libpng to 1.6.47 + JDK-8348600: Update PipeWire to 1.3.81 + JDK-8348865: JButton/bug4796987.java never runs because Windows XP is unavailable + JDK-8348936: [Accessibility,macOS,VoiceOver] VoiceOver doesn't announce untick on toggling the checkbox with 'space' key on macOS + JDK-8348989: Better Glyph drawing + JDK-8349111: Enhance Swing supports + JDK-8349200: [JMH] time.format.ZonedDateTimeFormatterBenchmark fails + JDK-8349348: Refactor ClassLoaderDeadlock.sh and Deadlock.sh to run fully in java + JDK-8349358: [JMH] Cannot access class jdk.internal.vm.ContinuationScope + JDK-8349492: Update sun/security/pkcs12/ /KeytoolOpensslInteropTest.java to use a recent Openssl version + JDK-8349501: Relocate supporting classes in security/testlibrary to test/lib/jdk tree + JDK-8349594: Enhance TLS protocol support + JDK-8349623: [ASAN] Gtest os_linux.glibc_mallinfo_wrapper_vm fails + JDK-8349637: Integer.numberOfLeadingZeros outputs incorrectly in certain cases + JDK-8349751: AIX build failure after upgrade pipewire to 1.3.81 + JDK-8350201: Out of bounds access on Linux aarch64 in os::print_register_info + JDK-8350211: CTW: Attempt to preload all classes in constant pool + JDK-8350224: Test javax/swing/JComboBox/ /TestComboBoxComponentRendering.java fails in ubuntu 23.x and later + JDK-8350260: Improve HTML instruction formatting in PassFailJFrame + JDK-8350313: Include timings for leaving safepoint in safepoint logging + JDK-8350383: Test: add more test case for string compare (UL case) + JDK-8350386: Test TestCodeCacheFull.java fails with option -XX:-UseCodeCacheFlushing + JDK-8350412: [21u] AArch64: Ambiguous frame layout leads to incorrect traces in JFR + JDK-8350483: AArch64: turn on signum intrinsics by default on Ampere CPUs + JDK-8350498: Remove two Camerfirma root CA certificates + JDK-8350546: Several java/net/InetAddress tests fails UnknownHostException + JDK-8350616: Skip ValidateHazardPtrsClosure in non-debug builds + JDK-8350650: Bump update version for OpenJDK: jdk-21.0.8 + JDK-8350682: [JMH] vector.IndexInRangeBenchmark failed with IndexOutOfBoundsException for size=1024 + JDK-8350786: Some java/lang jtreg tests miss requires vm.hasJFR + JDK-8350924: javax/swing/JMenu/4213634/bug4213634.java fails + JDK-8350991: Improve HTTP client header handling + JDK-8351086: (fc) Make java/nio/channels/FileChannel/ /BlockDeviceSize.java test manual + JDK-8351500: G1: NUMA migrations cause crashes in region allocation + JDK-8351665: Remove unused UseNUMA in os_aix.cpp + JDK-8351933: Inaccurate masking of TC subfield decrement in ForkJoinPool + JDK-8352076: [21u] Problem list tests that fail in 21 and would be fixed by 8309622 + JDK-8352109: java/awt/Desktop/MailTest.java fails in platforms where Action.MAIL is not supported + JDK-8352302: Test sun/security/tools/jarsigner/ /TimestampCheck.java is failing + JDK-8352512: TestVectorZeroCount: counter not reset between iterations + JDK-8352676: Opensource JMenu tests - series1 + JDK-8352680: Opensource few misc swing tests + JDK-8352684: Opensource JInternalFrame tests - series1 + JDK-8352706: httpclient HeadTest does not run on HTTP2 + JDK-8352716: (tz) Update Timezone Data to 2025b + JDK-8352908: Open source several swing tests batch1 + JDK-8352942: jdk/jfr/startupargs/TestMemoryOptions.java fails with 32-bit build + JDK-8353070: Clean up and open source couple AWT Graphics related tests (Part 1) + JDK-8353138: Screen capture for test TaskbarPositionTest.java, failure case + JDK-8353190: Use '/native' Run Option for TestAvailableProcessors Execution + JDK-8353237: [AArch64] Incorrect result of VectorizedHashCode intrinsic on Cortex-A53 + JDK-8353320: Open source more Swing text tests + JDK-8353446: Open source several AWT Menu tests - Batch 2 + JDK-8353475: Open source two Swing DefaultCaret tests + JDK-8353685: Open some JComboBox bugs 4 + JDK-8353709: Debug symbols bundle should contain full debug files when building --with-external-symbols-in-bundles=public + JDK-8353787: Increased number of SHA-384-Digest java.util.jar.Attributes$Name instances leading to higher memory footprint + JDK-8353942: Open source Swing Tests - Set 5 + JDK-8354255: [jittester] Remove TempDir debug output + JDK-8354530: AIX: sporadic unexpected errno when calling setsockopt in Net.joinOrDrop + JDK-8354554: Open source several clipboard tests batch1 + JDK-8354802: MAX_SECS definition is unused in os_linux + JDK-8354893: [REDO BACKPORT] javac crashes while adding type annotations to the return type of a constructor (JDK-8320001) + JDK-8355498: [AIX] Adapt code for C++ VLA rule + JDK-8356053: Test java/awt/Toolkit/Headless/ /HeadlessToolkit.java fails by timeout + JDK-8356096: ISO 4217 Amendment 179 Update + JDK-8356571: Re-enable -Wtype-limits for GCC in LCMS + JDK-8357105: C2: compilation fails with 'assert(false) failed: empty program detected during loop optimization' + JDK-8357193: [VS 2022 17.14] Warning C5287 in debugInit.c: enum type mismatch during build + JDK-8359170: Add 2 TLS and 2 CS Sectigo roots + JDK-8360147: Better Glyph drawing redux + JDK-8360406: [21u] Disable logic for attaching type annotations to class files until 8359336 is fixed + JDK-8361672: [21u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 21.0.8 Important SUSE bug 1213796 SUSE bug 1246575 SUSE bug 1246584 SUSE bug 1246595 SUSE bug 1246598 CVE-2025-30749 at SUSE CVE-2025-30749 at NVD CVE-2025-30754 at SUSE CVE-2025-30754 at NVD CVE-2025-50059 at SUSE CVE-2025-50059 at NVD CVE-2025-50106 at SUSE CVE-2025-50106 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-11-openjdk (Important) openSUSE Leap 15.6 This update for java-11-openjdk fixes the following issues: Upgrade to upstream tag jdk-11.0.28+6 (July 2025 CPU): Security fixes: - CVE-2025-30749: several scenarios can lead to heap corruption (bsc#1246595) - CVE-2025-30754: incomplete handshake may lead to weakening TLS protections (bsc#1246598) - CVE-2025-30761: Improve scripting supports (bsc#1246580) - CVE-2025-50059: Improve HTTP client header handling (bsc#1246575) - CVE-2025-50106: Glyph out-of-memory access and crash (bsc#1246584) Changelog: + JDK-8026976: ECParameters, Point does not match field size + JDK-8211400: nsk.share.gc.Memory::getArrayLength returns wrong value + JDK-8231058: VerifyOops crashes with assert(_offset >= 0) failed: offset for non comment? + JDK-8232625: HttpClient redirect policy should be more conservative + JDK-8258483: [TESTBUG] gtest CollectorPolicy.young_scaled_initial_ergo_vm fails if heap is too small + JDK-8293345: SunPKCS11 provider checks on PKCS11 Mechanism are problematic + JDK-8296631: NSS tests failing on OL9 linux-aarch64 hosts + JDK-8301753: AppendFile/WriteFile has differences between make 3.81 and 4+ + JDK-8303770: Remove Baltimore root certificate expiring in May 2025 + JDK-8315380: AsyncGetCallTrace crash in frame::safe_for_sender + JDK-8327476: Upgrade JLine to 3.26.1 + JDK-8328957: Update PKCS11Test.java to not use hardcoded path + JDK-8331959: Update PKCS#11 Cryptographic Token Interface to v3.1 + JDK-8339300: CollectorPolicy.young_scaled_initial_ergo_vm gtest fails on ppc64 based platforms + JDK-8339728: [Accessibility,Windows,JAWS] Bug in the getKeyChar method of the AccessBridge class + JDK-8345133: Test sun/security/tools/jarsigner/ /TsacertOptionTest.java failed: Warning found in stdout + JDK-8345625: Better HTTP connections + JDK-8346887: DrawFocusRect() may cause an assertion failure + JDK-8347629: Test FailOverDirectExecutionControlTest.java fails with -Xcomp + JDK-8348110: Update LCMS to 2.17 + JDK-8348596: Update FreeType to 2.13.3 + JDK-8348598: Update Libpng to 1.6.47 + JDK-8348989: Better Glyph drawing + JDK-8349111: Enhance Swing supports + JDK-8349594: Enhance TLS protocol support + JDK-8350469: [11u] Test AbsPathsInImage.java fails - JDK-8239429 public clone + JDK-8350498: Remove two Camerfirma root CA certificates + JDK-8350991: Improve HTTP client header handling + JDK-8351099: Bump update version of OpenJDK: 11.0.28 + JDK-8351422: Improve scripting supports + JDK-8352302: Test sun/security/tools/jarsigner/ /TimestampCheck.java is failing + JDK-8352716: (tz) Update Timezone Data to 2025b + JDK-8356096: ISO 4217 Amendment 179 Update + JDK-8356571: Re-enable -Wtype-limits for GCC in LCMS + JDK-8359170: Add 2 TLS and 2 CS Sectigo roots + JDK-8360147: Better Glyph drawing redux Important SUSE bug 1246575 SUSE bug 1246580 SUSE bug 1246584 SUSE bug 1246595 SUSE bug 1246598 CVE-2025-30749 at SUSE CVE-2025-30749 at NVD CVE-2025-30754 at SUSE CVE-2025-30754 at NVD CVE-2025-30761 at SUSE CVE-2025-30761 at NVD CVE-2025-50059 at SUSE CVE-2025-50059 at NVD CVE-2025-50106 at SUSE CVE-2025-50106 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-17-openjdk (Important) openSUSE Leap 15.6 This update for java-17-openjdk fixes the following issues: Upgrade to upstream tag jdk-17.0.16+8 (July 2025 CPU): - CVE-2025-30749: several scenarios can lead to heap corruption (bsc#1246595) - CVE-2025-30754: incomplete handshake may lead to weakening TLS protections (bsc#1246598) - CVE-2025-50059: Improve HTTP client header handling (bsc#1246575) - CVE-2025-50106: Glyph out-of-memory access and crash (bsc#1246584) Changelog: + JDK-4850101: Setting mnemonic to VK_F4 underlines the letter S in a button. + JDK-5074006: Swing JOptionPane shows </html> tag as a string after newline + JDK-6956385: URLConnection.getLastModified() leaks file handles for jar:file and file: URLs + JDK-8024624: [TEST_BUG] [macosx] CTRL+RIGHT(LEFT) doesn't move selection on next cell in JTable on Aqua L&F + JDK-8042134: JOptionPane bungles HTML messages + JDK-8051591: Test javax/swing/JTabbedPane/8007563/Test8007563.java fails + JDK-8077371: Binary files in JAXP test should be removed + JDK-8183348: Better cleanup for jdk/test/sun/security/pkcs12/P12SecretKey.java + JDK-8196465: javax/swing/JComboBox/8182031/ComboPopupTest.java fails on Linux + JDK-8202100: Merge vm/share/InMemoryJavaCompiler w/ jdk/test/lib/compiler/InMemoryJavaCompiler + JDK-8211400: nsk.share.gc.Memory::getArrayLength returns wrong value + JDK-8218474: JComboBox display issue with GTKLookAndFeel + JDK-8224267: JOptionPane message string with 5000+ newlines produces StackOverflowError + JDK-8249831: Test sun/security/mscapi/nonUniqueAliases/ /NonUniqueAliases.java is marked with @ignore + JDK-8251505: Use of types in compiler shared code should be consistent. + JDK-8253440: serviceability/sa/TestJhsdbJstackLineNumbers.java failed with 'Didn't find enough line numbers' + JDK-8254786: java/net/httpclient/CancelRequestTest.java failing intermittently + JDK-8256211: assert fired in java/net/httpclient/DependentPromiseActionsTest (infrequent) + JDK-8258483: [TESTBUG] gtest CollectorPolicy.young_scaled_initial_ergo_vm fails if heap is too small + JDK-8269516: AArch64: Assembler cleanups + JDK-8271419: Refactor test code for modifying CDS archive contents + JDK-8276995: Bug in jdk.jfr.event.gc.collection.TestSystemGC + JDK-8277983: Remove unused fields from sun.net.www.protocol.jar.JarURLConnection + JDK-8279884: Use better file for cygwin source permission check + JDK-8279894: javax/swing/JInternalFrame/8020708/bug8020708.java timeouts on Windows 11 + JDK-8280468: Crashes in getConfigColormap, getConfigVisualId, XVisualIDFromVisual on Linux + JDK-8280820: Clean up bug8033699 and bug8075609.java tests: regtesthelpers aren't used + JDK-8280991: [XWayland] No displayChanged event after setDisplayMode call + JDK-8281511: java/net/ipv6tests/UdpTest.java fails with checkTime failed + JDK-8282863: java/awt/FullScreen/FullscreenWindowProps/ /FullscreenWindowProps.java fails on Windows 10 with HiDPI screen + JDK-8286204: [Accessibility,macOS,VoiceOver] VoiceOver reads the spinner value 10 as 1 when user iterates to 10 for the first time on macOS + JDK-8286789: Test forceEarlyReturn002.java timed out + JDK-8286875: ProgrammableUpcallHandler::on_entry/on_exit access thread fields from native + JDK-8286925: Move JSON parser used in JFR tests to test library + JDK-8287352: DockerTestUtils::execute shows incorrect elapsed time + JDK-8287801: Fix test-bugs related to stress flags + JDK-8288707: javax/swing/JToolBar/4529206/bug4529206.java: setFloating does not work correctly + JDK-8290162: Reset recursion counter missed in fix of JDK-8224267 + JDK-8292064: Convert java/lang/management/MemoryMXBean shell tests to java version + JDK-8293503: gc/metaspace/TestMetaspacePerfCounters.java #Epsilon-64 failed assertGreaterThanOrEqual: expected MMM >= NNN + JDK-8294038: Remove 'Classpath' exception from javax/swing tests + JDK-8294155: Exception thrown before awaitAndCheck hangs PassFailJFrame + JDK-8295470: Update openjdk.java.net => openjdk.org URLs in test code + JDK-8295670: Remove duplication in java/util/Formatter/Basic*.java + JDK-8295804: javax/swing/JFileChooser/JFileChooserSetLocationTest.java failed with 'setLocation() is not working properly' + JDK-8296072: CertAttrSet::encode and DerEncoder::derEncode should write into DerOutputStream + JDK-8296167: test/langtools/tools/jdeps/jdkinternals/ /ShowReplacement.java failing after JDK-8296072 + JDK-8296920: Regression Test DialogOrient.java fails on MacOS + JDK-8297173: usageTicks and totalTicks should be volatile to ensure that different threads get the latest ticks + JDK-8297242: Use-after-free during library unloading on Linux + JDK-8298061: vmTestbase/nsk/sysdict/vm/stress/btree/btree012/ /btree012.java failed with 'fatal error: refcount has gone to zero' + JDK-8298147: Clang warns about pointless comparisons + JDK-8298248: Limit sscanf output width in cgroup file parsers + JDK-8298709: Fix typos in src/java.desktop/ and various test classes of client component + JDK-8298730: Refactor subsystem_file_line_contents and add docs and tests + JDK-8300645: Handle julong values in logging of GET_CONTAINER_INFO macros + JDK-8300658: memory_and_swap_limit() reporting wrong values on systems with swapaccount=0 + JDK-8302226: failure_handler native.core should wait for coredump to finish + JDK-8303549: [AIX] TestNativeStack.java is failing with exit value 1 + JDK-8303770: Remove Baltimore root certificate expiring in May 2025 + JDK-8305010: Test vmTestbase/nsk/jvmti/scenarios/sampling/ /SP05/sp05t003/TestDescription.java timed out: thread not suspended + JDK-8305578: X11GraphicsDevice.pGetBounds() is slow in remote X11 sessions + JDK-8306997: C2: 'malformed control flow' assert due to missing safepoint on backedge with a switch + JDK-8307318: Test serviceability/sa/ClhsdbCDSJstackPrintAll.java failed: ArrayIndexOutOfBoundsException + JDK-8308875: java/awt/Toolkit/GetScreenInsetsCustomGC/ /GetScreenInsetsCustomGC.java failed with 'Cannot invoke 'sun.awt.X11GraphicsDevice.getInsets()' because 'device' is null' + JDK-8309841: Jarsigner should print a warning if an entry is removed + JDK-8310525: DynamicLauncher for JDP test needs to try harder to find a free port + JDK-8312246: NPE when HSDB visits bad oop + JDK-8314120: Add tests for FileDescriptor.sync + JDK-8314236: Overflow in Collections.rotate + JDK-8314246: javax/swing/JToolBar/4529206/bug4529206.java fails intermittently on Linux + JDK-8314320: Mark runtime/CommandLine/ tests as flagless + JDK-8314828: Mark 3 jcmd command-line options test as vm.flagless + JDK-8315484: java/awt/dnd/RejectDragDropActionTest.java timed out + JDK-8315669: Open source several Swing PopupMenu related tests + JDK-8315721: CloseRace.java#id0 fails transiently on libgraal + JDK-8315742: Open source several Swing Scroll related tests + JDK-8315871: Opensource five more Swing regression tests + JDK-8315876: Open source several Swing CSS related tests + JDK-8315951: Open source several Swing HTMLEditorKit related tests + JDK-8315981: Opensource five more random Swing tests + JDK-8316061: Open source several Swing RootPane and Slider related tests + JDK-8316156: ByteArrayInputStream.transferTo causes MaxDirectMemorySize overflow + JDK-8316228: jcmd tests are broken by 8314828 + JDK-8316324: Opensource five miscellaneous Swing tests + JDK-8316388: Opensource five Swing component related regression tests + JDK-8316451: 6 java/lang/instrument/PremainClass tests ignore VM flags + JDK-8316452: java/lang/instrument/modules/ /AppendToClassPathModuleTest.java ignores VM flags + JDK-8316460: 4 javax/management tests ignore VM flags + JDK-8316497: ColorConvertOp - typo for non-ICC conversions needs one-line fix + JDK-8316629: j.text.DateFormatSymbols setZoneStrings() exception is unhelpful + JDK-8318700: MacOS Zero cannot run gtests due to wrong JVM path + JDK-8318915: Enhance checks in BigDecimal.toPlainString() + JDK-8318962: Update ProcessTools javadoc with suggestions in 8315097 + JDK-8319572: Test jdk/incubator/vector/LoadJsvmlTest.java ignores VM flags + JDK-8319578: Few java/lang/instrument ignore test.java.opts and accept test.vm.opts only + JDK-8319690: [AArch64] C2 compilation hits offset_ok_for_immed: assert 'c2 compiler bug' + JDK-8320682: [AArch64] C1 compilation fails with 'Field too big for insn' + JDK-8320687: sun.jvmstat.monitor.MonitoredHost .getMonitoredHost() throws unexpected exceptions when invoked concurrently + JDK-8321204: C2: assert(false) failed: node should be in igvn hash table + JDK-8321479: java -D-D crashes + JDK-8321509: False positive in get_trampoline fast path causes crash + JDK-8321713: Harmonize executeTestJvm with create[Limited]TestJavaProcessBuilder + JDK-8321718: ProcessTools.executeProcess calls waitFor before logging + JDK-8321931: memory_swap_current_in_bytes reports 0 as 'unlimited' + JDK-8325435: [macos] Menu or JPopupMenu not closed when main window is resized + JDK-8325680: Uninitialised memory in deleteGSSCB of GSSLibStub.c:179 + JDK-8325682: Rename nsk_strace.h + JDK-8326389: [test] improve assertEquals failure output + JDK-8328301: Convert Applet test ManualHTMLDataFlavorTest.java to main program + JDK-8328482: Convert and Open source few manual applet test to main based + JDK-8328484: Convert and Opensource few JFileChooser applet test to main + JDK-8328648: Remove applet usage from JFileChooser tests bug4150029 + JDK-8328670: Automate and open source few closed manual applet test + JDK-8328673: Convert closed text/html/CSS manual applet test to main + JDK-8329261: G1: interpreter post-barrier x86 code asserts index size of wrong buffer + JDK-8330534: Update nsk/jdwp tests to use driver instead of othervm + JDK-8330598: java/net/httpclient/Http1ChunkedTest.java fails with java.util.MissingFormatArgumentException: Format specifier '%s' + JDK-8331735: UpcallLinker::on_exit races with GC when copying frame anchor + JDK-8333117: Remove support of remote and manual debuggee launchers + JDK-8333680: com/sun/tools/attach/BasicTests.java fails with 'SocketException: Permission denied: connect' + JDK-8334560: [PPC64]: postalloc_expand_java_dynamic_call_sched does not copy all fields + JDK-8334644: Automate javax/print/attribute/PageRangesException.java + JDK-8334780: Crash: assert(h_array_list.not_null()) failed: invariant + JDK-8334895: OpenJDK fails to configure on linux aarch64 when CDS is disabled after JDK-8331942 + JDK-8335662: [AArch64] C1: guarantee(val < (1ULL << nbits)) failed: Field too big for insn + JDK-8335684: Test ThreadCpuTime.java should pause like ThreadCpuTimeArray.java + JDK-8335836: serviceability/jvmti/StartPhase/AllowedFunctions/ /AllowedFunctions.java fails with unexpected exit code: 112 + JDK-8336587: failure_handler lldb command times out on macosx-aarch64 core file + JDK-8337221: CompileFramework: test library to conveniently compile java and jasm sources for fuzzing + JDK-8337299: vmTestbase/nsk/jdb/stop_at/stop_at002/ /stop_at002.java failure goes undetected + JDK-8338154: Fix -Wzero-as-null-pointer-constant warnings in gtest framework + JDK-8339148: Make os::Linux::active_processor_count() public + JDK-8339300: CollectorPolicy.young_scaled_initial_ergo_vm gtest fails on ppc64 based platforms + JDK-8339639: Opensource few AWT PopupMenu tests + JDK-8339678: Update runtime/condy tests to be executed with VM flags + JDK-8339727: Open source several AWT focus tests - series 1 + JDK-8339794: Open source closed choice tests #1 + JDK-8339810: Clean up the code in sun.tools.jar.Main to properly close resources and use ZipFile during extract + JDK-8339836: Open source several AWT Mouse tests - Batch 1 + JDK-8339842: Open source several AWT focus tests - series 2 + JDK-8339895: Open source several AWT focus tests - series 3 + JDK-8339906: Open source several AWT focus tests - series 4 + JDK-8339935: Open source several AWT focus tests - series 5 + JDK-8339982: Open source several AWT Mouse tests - Batch 2 + JDK-8339984: Open source AWT MenuItem related tests + JDK-8339995: Open source several AWT focus tests - series 6 + JDK-8340077: Open source few Checkbox tests - Set2 + JDK-8340084: Open source AWT Frame related tests + JDK-8340143: Open source several Java2D rendering loop tests. + JDK-8340164: Open source few Component tests - Set1 + JDK-8340173: Open source some Component/Panel/EventQueue tests - Set2 + JDK-8340176: Replace usage of -noclassgc with -Xnoclassgc in test/jdk/java/lang/management/MemoryMXBean/LowMemoryTest2.java + JDK-8340193: Open source several AWT Dialog tests - Batch 1 + JDK-8340228: Open source couple more miscellaneous AWT tests + JDK-8340271: Open source several AWT Robot tests + JDK-8340279: Open source several AWT Dialog tests - Batch 2 + JDK-8340332: Open source mixed AWT tests - Set3 + JDK-8340366: Open source several AWT Dialog tests - Batch 3 + JDK-8340367: Opensource few AWT image tests + JDK-8340393: Open source closed choice tests #2 + JDK-8340407: Open source a few more Component related tests + JDK-8340417: Open source some MenuBar tests - Set1 + JDK-8340432: Open source some MenuBar tests - Set2 + JDK-8340433: Open source closed choice tests #3 + JDK-8340437: Open source few more AWT Frame related tests + JDK-8340458: Open source additional Component tests (part 2) + JDK-8340555: Open source DnD tests - Set4 + JDK-8340560: Open Source several AWT/2D font and rendering tests + JDK-8340605: Open source several AWT PopupMenu tests + JDK-8340621: Open source several AWT List tests + JDK-8340625: Open source additional Component tests (part 3) + JDK-8340639: Open source few more AWT List tests + JDK-8340713: Open source DnD tests - Set5 + JDK-8340784: Remove PassFailJFrame constructor with screenshots + JDK-8340790: Open source several AWT Dialog tests - Batch 4 + JDK-8340809: Open source few more AWT PopupMenu tests + JDK-8340874: Open source some of the AWT Geometry/Button tests + JDK-8340907: Open source closed frame tests # 2 + JDK-8340966: Open source few Checkbox and Cursor tests - Set1 + JDK-8340967: Open source few Cursor tests - Set2 + JDK-8340978: Open source few DnD tests - Set6 + JDK-8340985: Open source some Desktop related tests + JDK-8341000: Open source some of the AWT Window tests + JDK-8341004: Open source AWT FileDialog related tests + JDK-8341072: Open source several AWT Canvas and Rectangle related tests + JDK-8341128: open source some 2d graphics tests + JDK-8341148: Open source several Choice related tests + JDK-8341162: Open source some of the AWT window test + JDK-8341170: Open source several Choice related tests (part 2) + JDK-8341177: Opensource few List and a Window test + JDK-8341191: Open source few more AWT FileDialog tests + JDK-8341239: Open source closed frame tests # 3 + JDK-8341257: Open source few DND tests - Set1 + JDK-8341258: Open source few various AWT tests - Set1 + JDK-8341278: Open source few TrayIcon tests - Set7 + JDK-8341298: Open source more AWT window tests + JDK-8341373: Open source closed frame tests # 4 + JDK-8341378: Open source few TrayIcon tests - Set8 + JDK-8341447: Open source closed frame tests # 5 + JDK-8341535: sun/awt/font/TestDevTransform.java fails with RuntimeException: Different rendering + JDK-8341637: java/net/Socket/UdpSocket.java fails with 'java.net.BindException: Address already in use' (macos-aarch64) + JDK-8341972: java/awt/dnd/DnDRemoveFocusOwnerCrashTest.java timed out after JDK-8341257 + JDK-8342376: More reliable OOM handling in ExceptionDuringDumpAtObjectsInitPhase test + JDK-8342524: Use latch in AbstractButton/bug6298940.java instead of delay + JDK-8342633: javax/management/security/ /HashedPasswordFileTest.java creates tmp file in src dir + JDK-8343037: Missing @since tag on JColorChooser.showDialog overload + JDK-8343103: Enable debug logging for vmTestbase/nsk/jvmti/ /scenarios/sampling/SP05/sp05t003/TestDescription.java + JDK-8343124: Tests fails with java.lang.IllegalAccessException: class com.sun.javatest.regtest.agent.MainWrapper$MainTask cannot access + JDK-8343170: java/awt/Cursor/JPanelCursorTest/ /JPanelCursorTest.java does not show the default cursor + JDK-8343205: CompileBroker::possibly_add_compiler_threads excessively polls available memory + JDK-8343529: serviceability/sa/ClhsdbWhere.java fails AssertionFailure: Corrupted constant pool + JDK-8343891: Test javax/swing/JTabbedPane/ /TestJTabbedPaneBackgroundColor.java failed + JDK-8343936: Adjust timeout in test javax/management/monitor/DerivedGaugeMonitorTest.java + JDK-8344316: security/auth/callback/TextCallbackHandler/ /Password.java make runnable with JTReg and add the UI + JDK-8344361: Restore null return for invalid services from legacy providers + JDK-8345133: Test sun/security/tools/jarsigner/ /TsacertOptionTest.java failed: Warning found in stdout + JDK-8345134: Test sun/security/tools/jarsigner/ /ConciseJarsigner.java failed: unable to find valid certification path to requested target + JDK-8345357: test/jdk/javax/swing/JRadioButton/8033699/ /bug8033699.java fails in ubuntu22.04 + JDK-8345447: test/jdk/javax/swing/JToolBar/4529206/ /bug4529206.java fails in ubuntu22.04 + JDK-8345547: test/jdk/javax/swing/text/DefaultEditorKit/ /4278839/bug4278839.java fails in ubuntu22.04 + JDK-8345598: Upgrade NSS binaries for interop tests + JDK-8345625: Better HTTP connections + JDK-8345728: [Accessibility,macOS,Screen Magnifier]: JCheckbox unchecked state does not magnify but works for checked tate + JDK-8345838: Remove the appcds/javaldr/AnonVmClassesDuringDump.java test + JDK-8346049: jdk/test/lib/security/timestamp/TsaServer.java warnings + JDK-8346581: JRadioButton/ButtonGroupFocusTest.java fails in CI on Linux + JDK-8347000: Bug in com/sun/net/httpserver/bugs/B6361557.java test + JDK-8347019: Test javax/swing/JRadioButton/8033699/ /bug8033699.java still fails: Focus is not on Radio Button Single as Expected + JDK-8347083: Incomplete logging in nsk/jvmti/ResourceExhausted/resexhausted00* tests + JDK-8347126: gc/stress/TestStressG1Uncommit.java gets OOM-killed + JDK-8347267: [macOS]: UnixOperatingSystem.c:67:40: runtime error: division by zero + JDK-8347286: (fs) Remove some extensions from java/nio/file/Files/probeContentType/Basic.java + JDK-8347576: Error output in libjsound has non matching format strings + JDK-8347629: Test FailOverDirectExecutionControlTest.java fails with -Xcomp + JDK-8347911: Limit the length of inflated text chunks + JDK-8347995: Race condition in jdk/java/net/httpclient/ /offline/FixedResponseHttpClient.java + JDK-8348107: test/jdk/java/net/httpclient/ /HttpsTunnelAuthTest.java fails intermittently + JDK-8348110: Update LCMS to 2.17 + JDK-8348299: Update List/ItemEventTest/ItemEventTest.java + JDK-8348596: Update FreeType to 2.13.3 + JDK-8348597: Update HarfBuzz to 10.4.0 + JDK-8348598: Update Libpng to 1.6.47 + JDK-8348600: Update PipeWire to 1.3.81 + JDK-8348865: JButton/bug4796987.java never runs because Windows XP is unavailable + JDK-8348936: [Accessibility,macOS,VoiceOver] VoiceOver doesn't announce untick on toggling the checkbox with 'space' key on macOS + JDK-8348989: Better Glyph drawing + JDK-8349039: Adjust exception No type named <ThreadType> in database + JDK-8349111: Enhance Swing supports + JDK-8349200: [JMH] time.format.ZonedDateTimeFormatterBenchmark fails + JDK-8349348: Refactor ClassLoaderDeadlock.sh and Deadlock.sh to run fully in java + JDK-8349492: Update sun/security/pkcs12/ /KeytoolOpensslInteropTest.java to use a recent Openssl version + JDK-8349501: Relocate supporting classes in security/testlibrary to test/lib/jdk tree + JDK-8349594: Enhance TLS protocol support + JDK-8349751: AIX build failure after upgrade pipewire to 1.3.81 + JDK-8349974: [JMH,17u] MaskQueryOperationsBenchmark fails java.lang.NoClassDefFoundError + JDK-8350211: CTW: Attempt to preload all classes in constant pool + JDK-8350224: Test javax/swing/JComboBox/ /TestComboBoxComponentRendering.java fails in ubuntu 23.x and later + JDK-8350260: Improve HTML instruction formatting in PassFailJFrame + JDK-8350383: Test: add more test case for string compare (UL case) + JDK-8350386: Test TestCodeCacheFull.java fails with option -XX:-UseCodeCacheFlushing + JDK-8350412: [21u] AArch64: Ambiguous frame layout leads to incorrect traces in JFR + JDK-8350498: Remove two Camerfirma root CA certificates + JDK-8350540: [17u,11u] B8312065.java fails Network is unreachable + JDK-8350546: Several java/net/InetAddress tests fails UnknownHostException + JDK-8350616: Skip ValidateHazardPtrsClosure in non-debug builds + JDK-8350651: Bump update version for OpenJDK: jdk-17.0.16 + JDK-8350924: javax/swing/JMenu/4213634/bug4213634.java fails + JDK-8350991: Improve HTTP client header handling + JDK-8351086: (fc) Make java/nio/channels/FileChannel/BlockDeviceSize.java test manual + JDK-8352076: [21u] Problem list tests that fail in 21 and would be fixed by 8309622 + JDK-8352109: java/awt/Desktop/MailTest.java fails in platforms where Action.MAIL is not supported + JDK-8352302: Test sun/security/tools/jarsigner/TimestampCheck.java is failing + JDK-8352649: [17u] guarantee(is_result_safe || is_in_asgct()) failed inside AsyncGetCallTrace + JDK-8352676: Opensource JMenu tests - series1 + JDK-8352680: Opensource few misc swing tests + JDK-8352684: Opensource JInternalFrame tests - series1 + JDK-8352706: httpclient HeadTest does not run on HTTP2 + JDK-8352716: (tz) Update Timezone Data to 2025b + JDK-8352908: Open source several swing tests batch1 + JDK-8352942: jdk/jfr/startupargs/TestMemoryOptions.java fails with 32-bit build + JDK-8353070: Clean up and open source couple AWT Graphics related tests (Part 1) + JDK-8353138: Screen capture for test TaskbarPositionTest.java, failure case + JDK-8353320: Open source more Swing text tests + JDK-8353446: Open source several AWT Menu tests - Batch 2 + JDK-8353475: Open source two Swing DefaultCaret tests + JDK-8353685: Open some JComboBox bugs 4 + JDK-8353709: Debug symbols bundle should contain full debug files when building --with-external-symbols-in-bundles=public + JDK-8353714: [17u] Backport of 8347740 incomplete + JDK-8353942: Open source Swing Tests - Set 5 + JDK-8354554: Open source several clipboard tests batch1 + JDK-8356053: Test java/awt/Toolkit/Headless/ /HeadlessToolkit.java fails by timeout + JDK-8356096: ISO 4217 Amendment 179 Update + JDK-8356571: Re-enable -Wtype-limits for GCC in LCMS + JDK-8357105: C2: compilation fails with 'assert(false) failed: empty program detected during loop optimization' + JDK-8357193: [VS 2022 17.14] Warning C5287 in debugInit.c: enum type mismatch during build + JDK-8359170: Add 2 TLS and 2 CS Sectigo roots + JDK-8360147: Better Glyph drawing redux + JDK-8361674: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.16 Important SUSE bug 1246575 SUSE bug 1246584 SUSE bug 1246595 SUSE bug 1246598 CVE-2025-30749 at SUSE CVE-2025-30749 at NVD CVE-2025-30754 at SUSE CVE-2025-30754 at NVD CVE-2025-50059 at SUSE CVE-2025-50059 at NVD CVE-2025-50106 at SUSE CVE-2025-50106 at NVD cpe:/o:opensuse:leap:15.6 Security update for sqlite3 (Important) openSUSE Leap 15.6 This update for sqlite3 fixes the following issues: - Update to version 3.50.2 - CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597) Important SUSE bug 1246597 CVE-2025-6965 at SUSE CVE-2025-6965 at NVD cpe:/o:opensuse:leap:15.6 Security update for redis (Important) openSUSE Leap 15.6 This update for redis fixes the following issues: - CVE-2025-27151: Fixed absence of filename size check may cause a stack overflow. (bsc#1243804) - CVE-2025-32023: Fixed out-of-bounds write when working with HyperLogLog commands can lead to remote code execution. (bsc#1246059) - CVE-2025-48367: Fixed unauthenticated connection causing repeated IP protocol erros can lead to client starvation and DoS. (bsc#1246058) Important SUSE bug 1243804 SUSE bug 1246058 SUSE bug 1246059 CVE-2025-27151 at SUSE CVE-2025-27151 at NVD CVE-2025-32023 at SUSE CVE-2025-32023 at NVD CVE-2025-48367 at SUSE CVE-2025-48367 at NVD cpe:/o:opensuse:leap:15.6 Security update for apache2 (Important) openSUSE Leap 15.6 This update for apache2 fixes the following issues: - CVE-2024-42516: Fixed HTTP response splitting. (bsc#1246477) - CVE-2024-43204: Fixed a SSRF when mod_proxy is loaded that allows an attacker to send outbound proxy requests to a URL controlled by them. (bsc#1246305) - CVE-2024-47252: Fixed insufficient escaping of user-supplied data in mod_ssl allows an untrusted SSL/TLS client to insert escape characters into log file. (bsc#1246303) - CVE-2025-23048: Fixed access control bypass by trusted clients through TLS 1.3 session resumption in some mod_ssl configurations. (bsc#1246302) - CVE-2025-49630: Fixed denial of service can be triggered by untrusted clients causing an assertion in mod_proxy_http2. (bsc#1246307) - CVE-2025-49812: Fixed Opossum Attack Application Layer Desynchronization using Opportunistic TLS. (bsc#1246169) - CVE-2025-53020: Fixed HTTP/2 denial of service due to late release of memory after effective lifetime. (bsc#1246306) Important SUSE bug 1246169 SUSE bug 1246302 SUSE bug 1246303 SUSE bug 1246305 SUSE bug 1246306 SUSE bug 1246307 SUSE bug 1246477 CVE-2024-42516 at SUSE CVE-2024-42516 at NVD CVE-2024-43204 at SUSE CVE-2024-43204 at NVD CVE-2024-47252 at SUSE CVE-2024-47252 at NVD CVE-2025-23048 at SUSE CVE-2025-23048 at NVD CVE-2025-49630 at SUSE CVE-2025-49630 at NVD CVE-2025-49812 at SUSE CVE-2025-49812 at NVD CVE-2025-53020 at SUSE CVE-2025-53020 at NVD cpe:/o:opensuse:leap:15.6 Recommended update for hplip (Important) openSUSE Leap 15.6 This update for hplip fixes the following issues: This update for hplip fixes the following issues: Update to hplip 3.24.4 (jsc#PED-5846) - Added support for new printers: * HP OfficeJet 8120 All-in-One series * HP OfficeJet Pro 8120 All-in-One series * HP OfficeJet 8130 All-in-One series * HP OfficeJet Pro 8130 All-in-One series * HP OfficeJet Pro 9720 Series * HP OfficeJet Pro 9730 Series * HP OfficeJet Pro 9130b series * HP OfficeJet Pro 9120b series * HP OfficeJet Pro 9110b series * HP Color LaserJet Enterprise Flow MFP X58045z * HP Color LaserJet Enterprise Flow MFP X58045zs * HP Color LaserJet Enterprise MFP X58045dn  * HP Color LaserJet Enterprise MFP X58045 * HP LaserJet Pro P1106 plus * HP LaserJet Pro P1108 plus - Bug fixes: * hpmud: sanitize printer serial number (bsc#1209401, lp#2012262) - hppsfilter: booklet printing: change insecure fixed /tmp file paths (bsc#1214399) Important SUSE bug 1209401 SUSE bug 1214399 SUSE bug 1225777 SUSE bug 1234745 CVE-2020-6923 at SUSE CVE-2020-6923 at NVD cpe:/o:opensuse:leap:15.6 Security update for python39 (Moderate) openSUSE Leap 15.6 This update for python39 fixes the following issues: - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249). Moderate SUSE bug 1247249 CVE-2025-8194 at SUSE CVE-2025-8194 at NVD cpe:/o:opensuse:leap:15.6 Security update for python (Moderate) openSUSE Leap 15.6 This update for python fixes the following issues: - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249). Moderate SUSE bug 1247249 CVE-2025-8194 at SUSE CVE-2025-8194 at NVD cpe:/o:opensuse:leap:15.6 Security update for djvulibre (Moderate) openSUSE Leap 15.6 This update for djvulibre fixes the following issues: - CVE-2025-53367: Fixed a bug where a crafted document may lead to an out of bound write. (bsc#1245773) Moderate SUSE bug 1245773 CVE-2025-53367 at SUSE CVE-2025-53367 at NVD cpe:/o:opensuse:leap:15.6 Security update for python311 (Important) openSUSE Leap 15.6 This update for python311 fixes the following issues: - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249). - CVE-2025-6069: Avoid worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705). - CVE-2025-4435: Fixed Tarfile extracting filtered members when errorlevel=0 (bsc#1244061). Important SUSE bug 1244061 SUSE bug 1244705 SUSE bug 1247249 CVE-2025-4435 at SUSE CVE-2025-4435 at NVD CVE-2025-6069 at SUSE CVE-2025-6069 at NVD CVE-2025-8194 at SUSE CVE-2025-8194 at NVD cpe:/o:opensuse:leap:15.6 Security update for dpkg (Moderate) openSUSE Leap 15.6 This update for dpkg fixes the following issues: - CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573) Moderate SUSE bug 1245573 CVE-2025-6297 at SUSE CVE-2025-6297 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-urllib3 (Moderate) openSUSE Leap 15.6 This update for python-urllib3 fixes the following issues: - CVE-2025-50181: Pool managers now properly control redirects when retries is passed. (bsc#1244925) Moderate SUSE bug 1244925 CVE-2025-50181 at SUSE CVE-2025-50181 at NVD cpe:/o:opensuse:leap:15.6 Security update for ruby2.5 (Moderate) openSUSE Leap 15.6 This update for ruby2.5 fixes the following issues: - CVE-2025-6442: Fixed read_header HTTP Request Smuggling Vulnerability in WEBrick (bsc#1245254) - CVE-2025-27221: Fixed userinfo leakage in URI#join, URI#merge and URI#+ (bsc#1237805) Moderate SUSE bug 1237805 SUSE bug 1245254 CVE-2025-27221 at SUSE CVE-2025-27221 at NVD CVE-2025-6442 at SUSE CVE-2025-6442 at NVD cpe:/o:opensuse:leap:15.6 Security update for tgt (Moderate) openSUSE Leap 15.6 This update for tgt fixes the following issues: - CVE-2024-45751: Fixed CHAP authentication bypass in user-space Linux target framework (bsc#1230360) Moderate SUSE bug 1230360 CVE-2024-45751 at SUSE CVE-2024-45751 at NVD cpe:/o:opensuse:leap:15.6 Security update for iperf (Important) openSUSE Leap 15.6 This update for iperf fixes the following issues: - update to 3.19.1: * CVE-2025-54351: Fixed buffer overflow in net.c (bsc#1247522) * CVE-2025-54350: Fixed Base64Decode assertion failure and application exit upon a malformed authentication attempt (bsc#1247520) * CVE-2025-54349: Fixed off-by-one error and resultant heap-based buffer overflow (bsc#1247519) - update to 3.19: * iperf3 now supports the use of Multi-Path TCP (MPTCPv1) on Linux with the use of the `-m` or `--mptcp` flag. (PR #1661) * iperf3 now supports a `--cntl-ka` option to enable TCP keepalives on the control connection. (#812, #835, PR #1423) * iperf3 now supports the `MSG_TRUNC` receive option, specified by the `--skip-rx-copy`. This theoretically improves the rated throughput of tests at high bitrates by not delivering network payload data to userspace. (#1678, PR #1717) * A bug that caused the bitrate setting to be ignored when bursts are set, has been fixed. (#1773, #1820, PR #1821, PR #1848) * The congestion control protocol setting, if used, is now properly reset between tests. (PR #1812) * iperf3 now exits with a non-error 0 exit code if exiting via a `SIGTERM`, `SIGHUP`, or `SIGINT`. (#1009, PR# 1829) * The current behavior of iperf3 with respect to the `-n` and `-k` options is now documented as correct. (#1768, #1775, #596, PR #1800) Important SUSE bug 1247519 SUSE bug 1247520 SUSE bug 1247522 CVE-2025-54349 at SUSE CVE-2025-54349 at NVD CVE-2025-54350 at SUSE CVE-2025-54350 at NVD CVE-2025-54351 at SUSE CVE-2025-54351 at NVD cpe:/o:opensuse:leap:15.6 Security update for opensc (Moderate) openSUSE Leap 15.6 This update for opensc fixes the following issues: - CVE-2023-5992: Fixed side-channel leaks while stripping encryption PKCS#1 padding (bsc#1219386). Moderate SUSE bug 1219386 CVE-2023-5992 at SUSE CVE-2023-5992 at NVD cpe:/o:opensuse:leap:15.6 Security update for libxml2 (Important) openSUSE Leap 15.6 This update for libxml2 fixes the following issues: - CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296) Important SUSE bug 1246296 CVE-2025-7425 at SUSE CVE-2025-7425 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.23 (Moderate) openSUSE Leap 15.6 This update for go1.23 fixes the following issues: - Update to go1.23.12: * CVE-2025-47906: Fixed LookPath returning unexpected paths (bsc#1247719) * CVE-2025-47907: Fixed incorrect results returned from Rows.Scan (bsc#1247720) * go#74415 runtime: use-after-free of allpSnapshot in findRunnable * go#74693 runtime: segfaults in runtime.(*unwinder).next * go#74721 cmd/go: TestScript/build_trimpath_cgo fails to decode dwarf on release-branch.go1.23 * go#74726 cmd/cgo/internal/testsanitizers: failures with signal: segmentation fault or exit status 66 Moderate SUSE bug 1229122 SUSE bug 1247719 SUSE bug 1247720 CVE-2025-47906 at SUSE CVE-2025-47906 at NVD CVE-2025-47907 at SUSE CVE-2025-47907 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.24 (Moderate) openSUSE Leap 15.6 This update for go1.24 fixes the following issues: - Update to go1.24.6: * CVE-2025-47906: Fixed LookPath returning unexpected paths (bsc#1247719) * CVE-2025-47907: Fixed incorrect results returned from Rows.Scan (bsc#1247720) * go#73800 runtime: RSS seems to have increased in Go 1.24 while the runtime accounting has not * go#74416 runtime: use-after-free of allpSnapshot in findRunnable * go#74694 runtime: segfaults in runtime.(*unwinder).next * go#74760 os/user:nolibgcc: TestGroupIdsTestUser failures Moderate SUSE bug 1236217 SUSE bug 1247719 SUSE bug 1247720 CVE-2025-47906 at SUSE CVE-2025-47906 at NVD CVE-2025-47907 at SUSE CVE-2025-47907 at NVD cpe:/o:opensuse:leap:15.6 Security update for eclipse-jgit (Moderate) openSUSE Leap 15.6 This update for eclipse-jgit fixes the following issues: - CVE-2025-4949: Fixed the XXE vulnerability in ManifestParser and AmazonS3 class (bsc#1243647). Moderate SUSE bug 1243647 CVE-2025-4949 at SUSE CVE-2025-4949 at NVD cpe:/o:opensuse:leap:15.6 Security update for webkit2gtk3 (Important) openSUSE Leap 15.6 This update for webkit2gtk3 fixes the following issues: Updated to version 2.48.5: - CVE-2025-31273: Fixed a vulnerability where processing maliciously crafted web content could lead to memory corruption. (bsc#1247564) - CVE-2025-31278: Fixed a vulnerability where processing maliciously crafted web content may lead to memory corruption. (bsc#1247563) - CVE-2025-43211: Fixed a vulnerability where processing web content may lead to a denial-of-service. (bsc#1247562) - CVE-2025-43212: Fixed a vulnerability where processing maliciously crafted web content may lead to an unexpected Safari crash. (bsc#1247595) - CVE-2025-43216: Fixed a vulnerability where processing maliciously crafted web content may lead to an unexpected Safari crash. (bsc#1247596) - CVE-2025-43227: Fixed a vulnerability where processing maliciously crafted web content may disclose sensitive user information. (bsc#1247597) - CVE-2025-43228: Fixed a vulnerability where visiting a malicious website may lead to address bar spoofing. (bsc#1247598) - CVE-2025-43240: Fixed a vulnerability where a download's origin may be incorrectly associated. (bsc#1247599) - CVE-2025-43265: Fixed a vulnerability where processing maliciously crafted web content may disclose internal states of the app. (bsc#1247600) - CVE-2025-6558: Fixed a vulnerability where processing maliciously crafted web content may lead to an unexpected Safari crash. (bsc#1247742) Other fixes: - Improve emoji font selection with USE_SKIA=ON. - Improve playback of multimedia streams from blob URLs. - Fix the build with USE_SKIA_OPENTYPE_SVG=ON and USE_SYSPROF_CAPTURE=ON. - Fix crash when using a WebKitWebView widget in an offscreen window. - Fix several crashes and rendering issues. - Fix a crash introduced by the new threaded rendering implementation using Skia API. - Improve rendering performance by recording layers once and replaying every dirty region in different worker threads. - Fix a crash when setting WEBKIT_SKIA_GPU_PAINTING_THREADS=0. - Fix a reference cycle in webkitmediastreamsrc preventing its disposal. - Increase mem_per_process again to avoid running out of memory. Important SUSE bug 1247562 SUSE bug 1247563 SUSE bug 1247564 SUSE bug 1247595 SUSE bug 1247596 SUSE bug 1247597 SUSE bug 1247598 SUSE bug 1247599 SUSE bug 1247600 SUSE bug 1247742 CVE-2024-44192 at SUSE CVE-2024-44192 at NVD CVE-2024-54467 at SUSE CVE-2024-54467 at NVD CVE-2025-24189 at SUSE CVE-2025-24189 at NVD CVE-2025-24201 at SUSE CVE-2025-24201 at NVD CVE-2025-31273 at SUSE CVE-2025-31273 at NVD CVE-2025-31278 at SUSE CVE-2025-31278 at NVD CVE-2025-43211 at SUSE CVE-2025-43211 at NVD CVE-2025-43212 at SUSE CVE-2025-43212 at NVD CVE-2025-43216 at SUSE CVE-2025-43216 at NVD CVE-2025-43227 at SUSE CVE-2025-43227 at NVD CVE-2025-43228 at SUSE CVE-2025-43228 at NVD CVE-2025-43240 at SUSE CVE-2025-43240 at NVD CVE-2025-43265 at SUSE CVE-2025-43265 at NVD CVE-2025-6558 at SUSE CVE-2025-6558 at NVD cpe:/o:opensuse:leap:15.6 Security update for sccache (Moderate) openSUSE Leap 15.6 This update for sccache fixes the following issues: - Update to version 0.4.2~4: - CVE-2024-12224: Fixed improper validation of unsafe equivalence in punycode. (bsc#1243868) Moderate SUSE bug 1243868 CVE-2024-12224 at SUSE CVE-2024-12224 at NVD cpe:/o:opensuse:leap:15.6 Security update for amber-cli (Important) openSUSE Leap 15.6 This update for amber-cli fixes the following issues: - Update to version 1.13.1+git20250329.c2e3bb8: * CVE-2025-30204: Fixed jwt-go excessive memory allocation during header parsing (bsc#1240511) * jwt version upgrade (#174) * Update policy size limit to 20k (#173) * Update tenant user model with latest changes (#172) * Fix/workflow (#171) * Upgrade GO version to 1.23.6 (#170) * Update golang jwt dependency (#169) * Update TMS roles struct (#167) * Update jwt dependency version (#165) * Add changes to support JWT (#163) * Update roles struct to be in sync with TMS (#164) * go upgrade to 1.22.7 (#162) * CASSINI-22266: Added permissions in ci workflow files (#153) * Add check for missing Security.md file (#150) * Go version upgrade to 1.22.5 (#148) * CLI changes (#140) * Bump github.com/hashicorp/go-retryablehttp from 0.7.4 to 0.7.7 (#147) * Update product model to include multiple plan IDs (#146) * Updated the help section (#145) * Mark policy type field as not required (#144) * Upgrade/goversion 1.22.3 (#143) * Remove policy type and attestation type check for policy creation (#142) * Go version upgrade 1.22.2 (#141) * Fix error message to include the correct set of characters (#138) * UT coverage 80.9% (#137) * Fix push installer workflow (#136) * 3rd party versions upgrade (#133) * GO version upgrade to 1.22.0 (#132) * Fix/go version 1.21.6 (#127) * Update API key validation regex as per latest changes (#125) * Update API key validation regex as per latest changes (#124) * dependency version upgrade (#123) * Update tag create model (#121) * CASSINI-10113: Add scans in CI (#99) * corrected minor check condition (#120) * Add check to validate env variable before setting (#119) * Add version-check script (#118) * Add file path check for invalid characters (#116) * Update compoenent version (#117) * Update README as per suggestions (#113) (#115) * Added HTTP scheme validation to avoid API Key leakage (#108) * CASSINI-10987 Golang version upgrade to 1.21.4 (#114) * Update policy model as per the latest changes (#109) * Remove branch info from on schedule (#106) * Add BDBA scan to CI (#104) * Update CLI URL (#105) * updated licenses (#102) * Updated version of all components to v1.0.0 for GA (#100) * Validate the email id input before requesting list of users (#98) * Remove redundant print statements (#97) * Request ID and trace ID should be visible on the console for errors as well (#96) * Update sample policy as per token profile update changes (#95) * Update CLI name from tenantclt to inteltrustauthority (#93) * Update the headers for request and trace id (#94) * cassini-9466-Go version update to 1.20.6 (#91) * Add retry logic to client in tenant CLI (#92) * Add request-id optional parameter for each command (#90) - Override build date with SOURCE_DATE_EPOCH (bsc#1047218) Important SUSE bug 1047218 SUSE bug 1240511 CVE-2025-30204 at SUSE CVE-2025-30204 at NVD cpe:/o:opensuse:leap:15.6 Security update for amazon-ssm-agent (Important) openSUSE Leap 15.6 This update for amazon-ssm-agent fixes the following issues: Update to version 3.3.1611.0: - CVE-2025-21613: Fixed argument injection via the URL field in github.com/go-git/go-git/v5 (bsc#1235575) Full changelog: https://github.com/aws/amazon-ssm-agent/compare/3.1.1260.0...3.3.1611.0 Important SUSE bug 1235575 CVE-2025-21613 at SUSE CVE-2025-21613 at NVD cpe:/o:opensuse:leap:15.6 Security update for tiff (Important) openSUSE Leap 15.6 This update for tiff fixes the following issues: - Updated TIFFMergeFieldInfo() with read_count=write_count=0 for FIELD_IGNORE (bsc#1243503) - CVE-2025-8176: Fixed heap use-after-free in tools/tiffmedian.c (bsc#1247108) - CVE-2025-8177: Fixed possible buffer overflow in tools/thumbnail.c:setrow() when processing malformed TIFF files (bsc#1247106) - Add -DCMAKE_POLICY_VERSION_MINIMUM=3.5 to fix FTBFS with cmake4 - Add %check section - Remove Group: declarations, no longer used Important SUSE bug 1243503 SUSE bug 1247106 SUSE bug 1247108 CVE-2025-8176 at SUSE CVE-2025-8176 at NVD CVE-2025-8177 at SUSE CVE-2025-8177 at NVD cpe:/o:opensuse:leap:15.6 Recommended update for grub2 (Moderate) openSUSE Leap 15.6 This update for grub2 fixes the following issues: - CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959) Other fixes: - Fix test -f and -s do not work properly over the network files served via tftp and http (bsc#1246157, bsc#1246237) - Skip mount point in grub_find_device function (bsc#1246231) Moderate SUSE bug 1234959 SUSE bug 1246157 SUSE bug 1246231 SUSE bug 1246237 CVE-2024-56738 at SUSE CVE-2024-56738 at NVD cpe:/o:opensuse:leap:15.6 Security update for python3 (Important) openSUSE Leap 15.6 This update for python3 fixes the following issues: - CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273). - CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056) - CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059) - CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060) - CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061) - CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032) - CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705) - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249) Other fixes: - Limit buffer size for IPv6 address parsing (bsc#1244401). Important SUSE bug 1233012 SUSE bug 1243273 SUSE bug 1244032 SUSE bug 1244056 SUSE bug 1244059 SUSE bug 1244060 SUSE bug 1244061 SUSE bug 1244401 SUSE bug 1244705 SUSE bug 1247249 SUSE bug 831629 CVE-2024-12718 at SUSE CVE-2024-12718 at NVD CVE-2025-4138 at SUSE CVE-2025-4138 at NVD CVE-2025-4330 at SUSE CVE-2025-4330 at NVD CVE-2025-4435 at SUSE CVE-2025-4435 at NVD CVE-2025-4516 at SUSE CVE-2025-4516 at NVD CVE-2025-4517 at SUSE CVE-2025-4517 at NVD CVE-2025-6069 at SUSE CVE-2025-6069 at NVD CVE-2025-8194 at SUSE CVE-2025-8194 at NVD cpe:/o:opensuse:leap:15.6 Security update for openvpn (Moderate) openSUSE Leap 15.6 This update for openvpn fixes the following issues: - CVE-2024-5594: Fixed wrong handling of null bytes and invalid characters in control messages (bsc#1235147) Moderate SUSE bug 1235147 CVE-2024-5594 at SUSE CVE-2024-5594 at NVD cpe:/o:opensuse:leap:15.6 Security update for apache-commons-lang3 (Moderate) openSUSE Leap 15.6 This update for apache-commons-lang3 fixes the following issues: - CVE-2025-48924: Fixed an uncontrolled recursion vulnerability that may lead to a DoS. (bsc#1246397) Moderate SUSE bug 1246397 CVE-2025-48924 at SUSE CVE-2025-48924 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-21-openjdk (Moderate) openSUSE Leap 15.6 This update for java-21-openjdk fixes the following issues: Upgrade to upstream tag jdk-21.0.6+7 (January 2025 CPU) Security fixes: - CVE-2025-21502: Enhance array handling (JDK-8330045, bsc#1236278) Other changes: - JDK-6942632: Hotspot should be able to use more than 64 logical processors on Windows - JDK-8028127: Regtest java/security/Security/SynchronizedAccess.java is incorrect - JDK-8195675: Call to insertText with single character from custom Input Method ignored - JDK-8207908: JMXStatusTest.java fails assertion intermittently - JDK-8225220: When the Tab Policy is checked,the scroll button direction displayed incorrectly. - JDK-8240343: JDI stopListening/stoplis001 'FAILED: listening is successfully stopped without starting listening' - JDK-8283214: [macos] Screen magnifier does not show the magnified text for JComboBox - JDK-8296787: Unify debug printing format of X.509 cert serial numbers - JDK-8296972: [macos13] java/awt/Frame/MaximizedToIconified/MaximizedToIconified.java: getExtendedState() != 6 as expected. - JDK-8306446: java/lang/management/ThreadMXBean/Locks.java transient failures - JDK-8308429: jvmti/StopThread/stopthrd007 failed with 'NoClassDefFoundError: Could not initialize class jdk.internal.misc.VirtualThreads' - JDK-8309218: java/util/concurrent/locks/Lock/OOMEInAQS.java still times out with ZGC, Generational ZGC, and SerialGC - JDK-8311301: MethodExitTest may fail with stack buffer overrun - JDK-8311656: Shenandoah: Unused ShenandoahSATBAndRemarkThreadsClosure::_claim_token - JDK-8312518: [macos13] setFullScreenWindow() shows black screen on macOS 13 & above - JDK-8313374: --enable-ccache's CCACHE_BASEDIR breaks builds - JDK-8313878: Exclude two compiler/rtm/locking tests on ppc64le - JDK-8315701: [macos] Regression: KeyEvent has different keycode on different keyboard layouts - JDK-8316428: G1: Nmethod count statistics only count last code root set iterated - JDK-8316893: Compile without -fno-delete-null-pointer-checks - JDK-8316895: SeenThread::print_action_queue called on a null pointer - JDK-8316907: Fix nonnull-compare warnings - JDK-8317116: Provide layouts for multiple test UI in PassFailJFrame - JDK-8317575: AArch64: C2_MacroAssembler::fast_lock uses rscratch1 for cmpxchg result - JDK-8318105: [jmh] the test java.security.HSS failed with 2 active threads - JDK-8318442: java/net/httpclient/ManyRequests2.java fails intermittently on Linux - JDK-8319640: ClassicFormat::parseObject (from DateTimeFormatter) does not conform to the javadoc and may leak DateTimeException - JDK-8319673: Few security tests ignore VM flags - JDK-8319678: Several tests from corelibs areas ignore VM flags - JDK-8319960: RISC-V: compiler/intrinsics/TestInteger/LongUnsignedDivMod.java failed with 'counts: Graph contains wrong number of nodes' - JDK-8319970: AArch64: enable tests compiler/intrinsics/Test(Long|Integer)UnsignedDivMod.java on aarch64 - JDK-8319973: AArch64: Save and restore FPCR in the call stub - JDK-8320192: SHAKE256 does not work correctly if n >= 137 - JDK-8320397: RISC-V: Avoid passing t0 as temp register to MacroAssembler:: cmpxchg_obj_header/cmpxchgptr - JDK-8320575: generic type information lost on mandated parameters of record's compact constructors - JDK-8320586: update manual test/jdk/TEST.groups - JDK-8320665: update jdk_core at open/test/jdk/TEST.groups - JDK-8320673: PageFormat/CustomPaper.java has no Pass/Fail buttons; multiple instructions - JDK-8320682: [AArch64] C1 compilation fails with 'Field too big for insn' - JDK-8320892: AArch64: Restore FPU control state after JNI - JDK-8321299: runtime/logging/ClassLoadUnloadTest.java doesn't reliably trigger class unloading - JDK-8321470: ThreadLocal.nextHashCode can be static final - JDK-8321474: TestAutoCreateSharedArchiveUpgrade.java should be updated with JDK 21 - JDK-8321543: Update NSS to version 3.96 - JDK-8321550: Update several runtime/cds tests to use vm flags or mark as flagless - JDK-8321616: Retire binary test vectors in test/jdk/java/util/zip/ZipFile - JDK-8321940: Improve CDSHeapVerifier in handling of interned strings - JDK-8322166: Files.isReadable/isWritable/isExecutable expensive when file does not exist - JDK-8322754: click JComboBox when dialog about to close causes IllegalComponentStateException - JDK-8322809: SystemModulesMap::classNames and moduleNames arrays do not match the order - JDK-8322830: Add test case for ZipFile opening a ZIP with no entries - JDK-8323562: SaslInputStream.read() may return wrong value - JDK-8323688: C2: Fix UB of jlong overflow in PhaseIdealLoop::is_counted_loop() - JDK-8324841: PKCS11 tests still skip execution - JDK-8324861: Exceptions::wrap_dynamic_exception() doesn't have ResourceMark - JDK-8325038: runtime/cds/appcds/ProhibitedPackage.java can fail with UseLargePages - JDK-8325399: Add tests for virtual threads doing Selector operations - JDK-8325506: Ensure randomness is only read from provided SecureRandom object - JDK-8325525: Create jtreg test case for JDK-8325203 - JDK-8325610: CTW: Add StressIncrementalInlining to stress options - JDK-8325762: Use PassFailJFrame.Builder.splitUI() in PrintLatinCJKTest.java - JDK-8325851: Hide PassFailJFrame.Builder constructor - JDK-8325906: Problemlist vmTestbase/vm/mlvm/meth/stress/compiler/deoptimize/Test.java#id1 until JDK-8320865 is fixed - JDK-8326100: DeflaterDictionaryTests should use Deflater.getBytesWritten instead of Deflater.getTotalOut - JDK-8326121: vmTestbase/gc/g1/unloading/tests/unloading_keepRef_rootClass_inMemoryCompilation_keep_cl failed with Full gc happened. Test was useless. - JDK-8326611: Clean up vmTestbase/nsk/stress/stack tests - JDK-8326898: NSK tests should listen on loopback addresses only - JDK-8327924: Simplify TrayIconScalingTest.java - JDK-8328021: Convert applet test java/awt/List/SetFontTest/SetFontTest.html to main program - JDK-8328242: Add a log area to the PassFailJFrame - JDK-8328303: 3 JDI tests timed out with UT enabled - JDK-8328379: Convert URLDragTest.html applet test to main - JDK-8328402: Implement pausing functionality for the PassFailJFrame - JDK-8328619: sun/management/jmxremote/bootstrap/SSLConfigFilePermissionTest.java failed with BindException: Address already in use - JDK-8328665: serviceability/jvmti/vthread/PopFrameTest failed with a timeout - JDK-8328723: IP Address error when client enables HTTPS endpoint check on server socket - JDK-8329353: ResolvedReferencesNotNullTest.java failed with Incorrect resolved references array, quxString should not be archived - JDK-8329533: TestCDSVMCrash fails on libgraal - JDK-8330278: Have SSLSocketTemplate.doClientSide use loopback address - JDK-8330621: Make 5 compiler tests use ProcessTools.executeProcess - JDK-8331391: Enhance the keytool code by invoking the buildTrustedCerts method for essential options - JDK-8331393: AArch64: u32 _partial_subtype_ctr loaded/stored as 64 - JDK-8331864: Update Public Suffix List to 1cbd6e7 - JDK-8332112: Update nsk.share.Log to don't print summary during VM shutdown hook - JDK-8332340: Add JavacBench as a test case for CDS - JDK-8332461: ubsan : dependencies.cpp:906:3: runtime error: load of value 4294967295, which is not a valid value for type 'DepType' - JDK-8332724: x86 MacroAssembler may over-align code - JDK-8332777: Update JCStress test suite - JDK-8332866: Crash in ImageIO JPEG decoding when MEM_STATS in enabled - JDK-8332901: Select{Current,New}ItemTest.java for Choice don't open popup on macOS - JDK-8333098: ubsan: bytecodeInfo.cpp:318:59: runtime error: division by zero - JDK-8333108: Update vmTestbase/nsk/share/DebugeeProcess.java to don't use finalization - JDK-8333144: docker tests do not work when ubsan is configured - JDK-8333235: vmTestbase/nsk/jdb/kill/kill001/kill001.java fails with C1 - JDK-8333248: VectorGatherMaskFoldingTest.java failed when maximum vector bits is 64 - JDK-8333317: Test sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java failed with: Invalid ECDH ServerKeyExchange signature - JDK-8333427: langtools/tools/javac/newlines/NewLineTest.java is failing on Japanese Windows - JDK-8333728: ubsan: shenandoahFreeSet.cpp:1347:24: runtime error: division by zero - JDK-8333754: Add a Test against ECDSA and ECDH NIST Test vector - JDK-8333824: Unused ClassValue in VarHandles - JDK-8334057: JLinkReproducibleTest.java support receive test.tool.vm.opts - JDK-8334405: java/nio/channels/Selector/SelectWithConsumer.java#id0 failed in testWakeupDuringSelect - JDK-8334475: UnsafeIntrinsicsTest.java#ZGenerationalDebug assert(!assert_on_failure) failed: Has low-order bits set - JDK-8334560: [PPC64]: postalloc_expand_java_dynamic_call_sched does not copy all fields - JDK-8334562: Automate com/sun/security/auth/callback/TextCallbackHandler/Default.java test - JDK-8334567: [test] runtime/os/TestTracePageSizes move ppc handling - JDK-8334719: (se) Deferred close of SelectableChannel may result in a Selector doing the final close before concurrent I/O on channel has completed - JDK-8335142: compiler/c1/TestTraceLinearScanLevel.java occasionally times out with -Xcomp - JDK-8335172: Add manual steps to run security/auth/callback/TextCallbackHandler/Password.java test - JDK-8335267: [XWayland] move screencast tokens from .awt to .java folder - JDK-8335344: test/jdk/sun/security/tools/keytool/NssTest.java fails to compile - JDK-8335428: Enhanced Building of Processes - JDK-8335449: runtime/cds/DeterministicDump.java fails with File content different at byte ... - JDK-8335530: Java file extension missing in AuthenticatorTest - JDK-8335664: Parsing jsr broken: assert(bci>= 0 && bci < c->method()->code_size()) failed: index out of bounds - JDK-8335709: C2: assert(!loop->is_member(get_loop(useblock))) failed: must be outside loop - JDK-8335912, JDK-8337499: Add an operation mode to the jar command when extracting to not overwriting existing files - JDK-8336240: Test com/sun/crypto/provider/Cipher/DES/PerformanceTest.java fails with java.lang.ArithmeticException - JDK-8336257: Additional tests in jmxremote/startstop to match on PID not app name - JDK-8336315: tools/jpackage/windows/WinChildProcessTest.java Failed: Check is calculator process is alive - JDK-8336413: gtk headers : Fix typedef redeclaration of GMainContext and GdkPixbuf - JDK-8336564: Enhance mask blit functionality redux - JDK-8336640: Shenandoah: Parallel worker use in parallel_heap_region_iterate - JDK-8336854: CAInterop.java#actalisauthenticationrootca conflicted with /manual and /timeout - JDK-8336911: ZGC: Division by zero in heuristics after JDK-8332717 - JDK-8337066: Repeated call of StringBuffer.reverse with double byte string returns wrong result - JDK-8337067: Test runtime/classFileParserBug/Bad_NCDFE_Msg.java won't compile - JDK-8337320: Update ProblemList.txt with tests known to fail on XWayland - JDK-8337331: crash: pinned virtual thread will lead to jvm crash when running with the javaagent option - JDK-8337410: The makefiles should set problemlist and adjust timeout basing on the given VM flags - JDK-8337780: RISC-V: C2: Change C calling convention for sp to NS - JDK-8337810: ProblemList BasicDirectoryModel/LoaderThreadCount.java on Windows - JDK-8337826: Improve logging in OCSPTimeout and SimpleOCSPResponder to help diagnose JDK-8309754 - JDK-8337851: Some tests have name which confuse jtreg - JDK-8337876: [IR Framework] Add support for IR tests with @Stable - JDK-8337966: (fs) Files.readAttributes fails with Operation not permitted on older docker releases - JDK-8338058: map_or_reserve_memory_aligned Windows enhance remap assertion - JDK-8338101: remove old remap assertion in map_or_reserve_memory_aligned after JDK-8338058 - JDK-8338109: java/awt/Mouse/EnterExitEvents/ResizingFrameTest.java duplicate in ProblemList - JDK-8338110: Exclude Fingerprinter::do_type from ubsan checks - JDK-8338112: Test testlibrary_tests/ir_framework/tests/TestPrivilegedMode.java fails with release build - JDK-8338344: Test TestPrivilegedMode.java intermittent fails java.lang.NoClassDefFoundError: jdk/test/lib/Platform - JDK-8338380: Update TLSCommon/interop/AbstractServer to specify an interface to listen for connections - JDK-8338389: [JFR] Long strings should be added to the string pool - JDK-8338402: GHA: some of bundles may not get removed - JDK-8338449: ubsan: division by zero in sharedRuntimeTrans.cpp - JDK-8338550: Do libubsan1 installation in test container only if requested - JDK-8338748: [17u,21u] Test Disconnect.java compile error: cannot find symbol after JDK-8299813 - JDK-8338751: ConfigureNotify behavior has changed in KWin 6.2 - JDK-8338759: Add extra diagnostic to java/net/InetAddress/ptr/Lookup.java - JDK-8338924: C1: assert(0 <= i && i < _len) failed: illegal index 5 for length 5 - JDK-8339080: Bump update version for OpenJDK: jdk-21.0.6 - JDK-8339180: Enhanced Building of Processes: Follow-on Issue - JDK-8339248: RISC-V: Remove li64 macro assembler routine and related code - JDK-8339384: Unintentional IOException in jdk.jdi module when JDWP end of stream occurs - JDK-8339386: Assertion on AIX - original PC must be in the main code section of the compiled method - JDK-8339416: [s390x] Provide implementation for resolve_global_jobject - JDK-8339487: ProcessHandleImpl os_getChildren sysctl call - retry in case of ENOMEM and enhance exception message - JDK-8339548: GHA: RISC-V: Use Debian snapshot archive for bootstrap - JDK-8339560: Unaddressed comments during code review of JDK-8337664 - JDK-8339591: Mark jdk/jshell/ExceptionMessageTest.java intermittent - JDK-8339637: (tz) Update Timezone Data to 2024b - JDK-8339644: Improve parsing of Day/Month in tzdata rules - JDK-8339648: ZGC: Division by zero in rule_major_allocation_rate - JDK-8339725: Concurrent GC crashed due to GetMethodDeclaringClass - JDK-8339731: java.desktop/share/classes/javax/swing/text/html/default.css typo in margin settings - JDK-8339741: RISC-V: C ABI breakage for integer on stack - JDK-8339787: Add some additional diagnostic output to java/net/ipv6tests/UdpTest.java - JDK-8339803: Acknowledge case insensitive unambiguous keywords in tzdata files - JDK-8339892: Several security shell tests don't set TESTJAVAOPTS - JDK-8340007: Refactor KeyEvent/FunctionKeyTest.java - JDK-8340008: KeyEvent/KeyTyped/Numpad1KeyTyped.java has 15 seconds timeout - JDK-8340109: Ubsan: ciEnv.cpp:1660:65: runtime error: member call on null pointer of type 'struct CompileTask' - JDK-8340210: Add positionTestUI() to PassFailJFrame.Builder - JDK-8340214: C2 compilation asserts with 'no node with a side effect' in PhaseIdealLoop::try_sink_out_of_loop - JDK-8340230: Tests crash: assert(is_in_encoding_range || k->is_interface() || k->is_abstract()) failed: sanity - JDK-8340306: Add border around instructions in PassFailJFrame - JDK-8340308: PassFailJFrame: Make rows default to number of lines in instructions - JDK-8340365: Position the first window of a window list - JDK-8340383: VM issues warning failure to find kernel32.dll on Windows nanoserver - JDK-8340387: Update OS detection code to recognize Windows Server 2025 - JDK-8340398: [JVMCI] Unintuitive behavior of UseJVMCICompiler option - JDK-8340418: GHA: MacOS AArch64 bundles can be removed prematurely - JDK-8340461: Amend description for logArea - JDK-8340466: Add description for PassFailJFrame constructors - JDK-8340552: Harden TzdbZoneRulesCompiler against missing zone names - JDK-8340590: RISC-V: C2: Small improvement to vector gather load and scatter store - JDK-8340632: ProblemList java/nio/channels/DatagramChannel/ for Macos - JDK-8340657: [PPC64] SA determines wrong unextendedSP - JDK-8340684: Reading from an input stream backed by a closed ZipFile has no test coverage - JDK-8340785: Update description of PassFailJFrame and samples - JDK-8340799: Add border inside instruction frame in PassFailJFrame - JDK-8340801: Disable ubsan checks in some awt/2d coding - JDK-8340804: doc/building.md update Xcode instructions to note that full install is required - JDK-8340812: LambdaForm customization via MethodHandle::updateForm is not thread safe - JDK-8340815: Add SECURITY.md file - JDK-8340899: Remove wildcard bound in PositionWindows.positionTestWindows - JDK-8340923: The class LogSelection copies uninitialized memory - JDK-8341024: [test] build/AbsPathsInImage.java fails with OOM when using ubsan-enabled binaries - JDK-8341146: RISC-V: Unnecessary fences used for load-acquire in template interpreter - JDK-8341235: Improve default instruction frame title in PassFailJFrame - JDK-8341261: Tests assume UnlockExperimentalVMOptions is disabled by default - JDK-8341562: RISC-V: Generate comments in -XX:+PrintInterpreter to link to source code - JDK-8341688: Aarch64: Generate comments in -XX:+PrintInterpreter to link to source code - JDK-8341722: Fix some warnings as errors when building on Linux with toolchain clang - JDK-8341806: Gcc version detection failure on Alinux3 - JDK-8341927: Replace hardcoded security providers with new test.provider.name system property - JDK-8341997: Tests create files in src tree instead of scratch dir - JDK-8342014: RISC-V: ZStoreBarrierStubC2 clobbers rflags - JDK-8342063: [21u][aix] Backport introduced redundant line in ProblemList - JDK-8342181: Update tests to use stronger Key and Salt size - JDK-8342183: Update tests to use stronger algorithms and keys - JDK-8342188: Update tests to use stronger key parameters and certificates - JDK-8342409: [s390x] C1 unwind_handler fails to unlock synchronized methods with LM_MONITOR - JDK-8342496: C2/Shenandoah: SEGV in compiled code when running jcstress - JDK-8342578: GHA: RISC-V: Bootstrap using Debian snapshot is still failing - JDK-8342607: Enhance register printing on x86_64 platforms - JDK-8342669: [21u] Fix TestArrayAllocatorMallocLimit after backport of JDK-8315097 - JDK-8342681: TestLoadBypassesNullCheck.java fails improperly specified VM option - JDK-8342701: [PPC64] TestOSRLotsOfLocals.java crashes - JDK-8342765: [21u] RTM tests assume UnlockExperimentalVMOptions is disabled by default - JDK-8342823: Ubsan: ciEnv.cpp:1614:65: runtime error: member call on null pointer of type 'struct CompileTask' - JDK-8342905: Thread.setContextClassloader from thread in FJP commonPool task no longer works after JDK-8327501 redux - JDK-8342962: [s390x] TestOSRLotsOfLocals.java crashes - JDK-8343285: java.lang.Process is unresponsive and CPU usage spikes to 100% - JDK-8343474: [updates] Customize README.md to specifics of update project - JDK-8343506: [s390x] multiple test failures with ubsan - JDK-8343724: [PPC64] Disallow OptoScheduling - JDK-8343848: Fix typo of property name in TestOAEPPadding after 8341927 - JDK-8343877: Test AsyncClose.java intermittent fails - Socket.getInputStream().read() wasn't preempted - JDK-8343884: [s390x] Disallow OptoScheduling - JDK-8343923: GHA: Switch to Xcode 15 on MacOS AArch64 runners - JDK-8344164: [s390x] ProblemList hotspot/jtreg/runtime/NMT/VirtualAllocCommitMerge.java - JDK-8344628: Test TestEnableJVMCIProduct.java run with virtual thread intermittent fails - JDK-8344993: [21u] [REDO] Backport JDK-8327501 and JDK-8328366 to JDK 21 - JDK-8345055: [21u] ProblemList failing rtm tests on ppc platforms - JDK-8347010: [21u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 21.0.6 Moderate SUSE bug 1236278 CVE-2025-21502 at SUSE CVE-2025-21502 at NVD cpe:/o:opensuse:leap:15.6 Security update for poppler (Important) openSUSE Leap 15.6 This update for poppler fixes the following issues: - CVE-2025-50420: Fixed Denial of Service in pdfseparate utility (bsc#1247590) Important SUSE bug 1247590 CVE-2025-50420 at SUSE CVE-2025-50420 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.23 (Important) openSUSE Leap 15.6 This update for go1.23 fixes the following issues: - Update to go1.23.5 (bsc#1229122) - CVE-2024-45341: Properly check for IPv6 hosts in URIs (bsc#1236045) - CVE-2024-45336: Persist header stripping across repeated redirects (bsc#1236046) Important SUSE bug 1229122 SUSE bug 1236045 SUSE bug 1236046 CVE-2024-45336 at SUSE CVE-2024-45336 at NVD CVE-2024-45341 at SUSE CVE-2024-45341 at NVD cpe:/o:opensuse:leap:15.6 Security update for podman (Important) openSUSE Leap 15.6 This update for podman fixes the following issues: - CVE-2025-6032: Fixed machine init command failing to verify TLS certificate (bsc#1245320) Important SUSE bug 1245320 CVE-2025-6032 at SUSE CVE-2025-6032 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.22 (Important) openSUSE Leap 15.6 This update for go1.22 fixes the following issues: - Update to go1.22.11 (bsc#1218424) - CVE-2024-45341: Properly check for IPv6 hosts in URIs (bsc#1236045) - CVE-2024-45336: Persist header stripping across repeated redirects (bsc#1236046) Important SUSE bug 1218424 SUSE bug 1236045 SUSE bug 1236046 CVE-2024-45336 at SUSE CVE-2024-45336 at NVD CVE-2024-45341 at SUSE CVE-2024-45341 at NVD cpe:/o:opensuse:leap:15.6 Security update for ruby2.5 (Moderate) openSUSE Leap 15.6 This update for ruby2.5 fixes the following issues: - CVE-2024-35221: Fixed remote denial of service via YAML manifest (bsc#1225905) Moderate SUSE bug 1225905 CVE-2024-35221 at SUSE CVE-2024-35221 at NVD cpe:/o:opensuse:leap:15.6 Security update for libavif (Moderate) openSUSE Leap 15.6 This update for libavif fixes the following issues: - update to 1.3.0: - CVE-2025-48175: Fixed an integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes. (bsc#1243270) - CVE-2025-48174: Fixed an integer overflow and resultant buffer overflow in stream->offset+size. (bsc#1243269) Moderate SUSE bug 1243269 SUSE bug 1243270 CVE-2025-48174 at SUSE CVE-2025-48174 at NVD CVE-2025-48175 at SUSE CVE-2025-48175 at NVD cpe:/o:opensuse:leap:15.6 Security update for apache-commons-lang3 (Moderate) openSUSE Leap 15.6 This update for apache-commons-lang3 fixes the following issues: - Update to version 3.18.0 - CVE-2025-48924: Fixed an uncontrolled recursion vulnerability that may lead to a DoS. (bsc#1246397) Moderate SUSE bug 1246397 CVE-2025-48924 at SUSE CVE-2025-48924 at NVD cpe:/o:opensuse:leap:15.6 Security update for nginx (Important) openSUSE Leap 15.6 This update for nginx fixes the following issues: - CVE-2023-44487: Mitigate HTTP/2 Rapid Reset Attack (bsc#1216171) - CVE-2024-7347: Fixed worker crashes on special crafted mp4 files containing invalid chunk information (bsc#1229155) Important SUSE bug 1216171 SUSE bug 1229155 CVE-2023-44487 at SUSE CVE-2023-44487 at NVD CVE-2024-7347 at SUSE CVE-2024-7347 at NVD cpe:/o:opensuse:leap:15.6 Security update for nodejs22 (Important) openSUSE Leap 15.6 This update for nodejs22 fixes the following issues: Update to 22.13.1: - CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics (bsc#1236251) - CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERR_PROTO (bsc#1236250) - CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici (bsc#1236258) Important SUSE bug 1236250 SUSE bug 1236251 SUSE bug 1236258 CVE-2025-22150 at SUSE CVE-2025-22150 at NVD CVE-2025-23083 at SUSE CVE-2025-23083 at NVD CVE-2025-23085 at SUSE CVE-2025-23085 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql13 (Important) openSUSE Leap 15.6 This update for postgresql13 fixes the following issues: Upgrade to 13.22: - CVE-2025-8713: optimizer statistics can expose sampled data within a view, partition, or child table (bsc#1248120). - CVE-2025-8714: untrusted data inclusion in `pg_dump` lets superuser of origin server execute arbitrary code in psql client (bsc#1248122). - CVE-2025-8715: improper neutralization of newlines in `pg_dump` allows execution of arbitrary code in psql client and in restore target server (bsc#1248119). Important SUSE bug 1248119 SUSE bug 1248120 SUSE bug 1248122 CVE-2025-8713 at SUSE CVE-2025-8713 at NVD CVE-2025-8714 at SUSE CVE-2025-8714 at NVD CVE-2025-8715 at SUSE CVE-2025-8715 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.24 (Important) openSUSE Leap 15.6 This update for go1.24 fixes the following issues: This update ships go1.24rc2 (bsc#1236217). - CVE-2024-45341: Properly check for IPv6 hosts in URIs (bsc#1236045) - CVE-2024-45336: Persist header stripping across repeated redirects (bsc#1236046) - CVE-2025-22865: Avoid panic when parsing partial PKCS#1 private keys (bsc#1236361) - CVE-2024-45340: Restore netrc preferences for GOAUTH and fix domain lookup (bsc#1236360) Important SUSE bug 1236045 SUSE bug 1236046 SUSE bug 1236217 SUSE bug 1236360 SUSE bug 1236361 CVE-2024-45336 at SUSE CVE-2024-45336 at NVD CVE-2024-45340 at SUSE CVE-2024-45340 at NVD CVE-2024-45341 at SUSE CVE-2024-45341 at NVD CVE-2025-22865 at SUSE CVE-2025-22865 at NVD cpe:/o:opensuse:leap:15.6 Security update for lua51-luajit (Low) openSUSE Leap 15.6 This update for lua51-luajit fixes the following issues: - CVE-2024-25176: Fixed stack-buffer-overflow in lj_strfmt_wfnum in lj_strfmt_num.c (bsc#1246077) - CVE-2024-25177: Fixed unsinking of IR_FSTORE for NULL metatable (bsc#1246078) - CVE-2024-25178: Fixed ut-of-bounds read in the stack-overflow handler in lj_state.c (bsc#1246079) Low SUSE bug 1246077 SUSE bug 1246078 SUSE bug 1246079 CVE-2024-25176 at SUSE CVE-2024-25176 at NVD CVE-2024-25177 at SUSE CVE-2024-25177 at NVD CVE-2024-25178 at SUSE CVE-2024-25178 at NVD cpe:/o:opensuse:leap:15.6 Security update for iperf (Moderate) openSUSE Leap 15.6 This update for iperf fixes the following issues: - Update to version 3.18 - CVE-2024-53580: Fixed a segmentation violation via the iperf_exchange_parameters() function. (bsc#1234705) Moderate SUSE bug 1234705 CVE-2024-53580 at SUSE CVE-2024-53580 at NVD cpe:/o:opensuse:leap:15.6 Security update for docker (Moderate) openSUSE Leap 15.6 This update for docker fixes the following issues: - Update to Docker 28.3.3-ce. - CVE-2025-54388: Fixed a bug where firewalld when reloaded can make published container ports accessible from remote hosts. (bsc#1247367) Moderate SUSE bug 1246556 SUSE bug 1247367 CVE-2025-54388 at SUSE CVE-2025-54388 at NVD cpe:/o:opensuse:leap:15.6 Security update for jq (Moderate) openSUSE Leap 15.6 This update for jq fixes the following issues: - CVE-2025-48060: Fixed stack-buffer-overflow in jq_fuzz_execute (bsc#1244116) Moderate SUSE bug 1244116 CVE-2025-48060 at SUSE CVE-2025-48060 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.25 (Important) openSUSE Leap 15.6 go1.25 (released 2025-08-12) is a major release of Go. go1.25.x minor releases will be provided through August 2026. https://github.com/golang/go/wiki/Go-Release-Cycle go1.25 arrives six months after Go 1.24. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. (boo#1244485 go1.25 release tracking) * Language changes: There are no languages changes that affect Go programs in Go 1.25. However, in the language specification the notion of core types has been removed in favor of dedicated prose. See the respective blog post for more information. * go command: The go build -asan option now defaults to doing leak detection at program exit. This will report an error if memory allocated by C is not freed and is not referenced by any other memory allocated by either C or Go. These new error reports may be disabled by setting ASAN_OPTIONS=detect_leaks=0 in the environment when running the program. * go command: The Go distribution will include fewer prebuilt tool binaries. Core toolchain binaries such as the compiler and linker will still be included, but tools not invoked by build or test operations will be built and run by go tool as needed. * go command: The new go.mod ignore directive can be used to specify directories the go command should ignore. Files in these directories and their subdirectories will be ignored by the go command when matching package patterns, such as all or ./..., but will still be included in module zip files. * go command: The new go doc -http option will start a documentation server showing documentation for the requested object, and open the documentation in a browser window. * go command: The new go version -m -json option will print the JSON encodings of the runtime/debug.BuildInfo structures embedded in the given Go binary files. * go command: The go command now supports using a subdirectory of a repository as the path for a module root, when resolving a module path using the syntax <meta name='go-import' content='root-path vcs repo-url subdir'> to indicate that the root-path corresponds to the subdir of the repo-url with version control system vcs. * go command: The new work package pattern matches all packages in the work (formerly called main) modules: either the single work module in module mode or the set of workspace modules in workspace mode. * go command: When the go command updates the go line in a go.mod or go.work file, it no longer adds a toolchain line specifying the command’s current version. * go vet: The go vet command includes new analyzers: * go vet: waitgroup reports misplaced calls to sync.WaitGroup.Add; * go vet: hostport reports uses of fmt.Sprintf('%s:%d', host, port) to construct addresses for net.Dial, as these will not work with IPv6; instead it suggests using net.JoinHostPort. * Runtime: Container-aware GOMAXPROCS. The default behavior of the GOMAXPROCS has changed. In prior versions of Go, GOMAXPROCS defaults to the number of logical CPUs available at startup (runtime.NumCPU). Go 1.25 introduces two changes: On Linux, the runtime considers the CPU bandwidth limit of the cgroup containing the process, if any. If the CPU bandwidth limit is lower than the number of logical CPUs available, GOMAXPROCS will default to the lower limit. In container runtime systems like Kubernetes, cgroup CPU bandwidth limits generally correspond to the “CPU limit” option. The Go runtime does not consider the “CPU requests” option. On all OSes, the runtime periodically updates GOMAXPROCS if the number of logical CPUs available or the cgroup CPU bandwidth limit change. Both of these behaviors are automatically disabled if GOMAXPROCS is set manually via the GOMAXPROCS environment variable or a call to runtime.GOMAXPROCS. They can also be disabled explicitly with the GODEBUG settings containermaxprocs=0 and updatemaxprocs=0, respectively. In order to support reading updated cgroup limits, the runtime will keep cached file descriptors for the cgroup files for the duration of the process lifetime. * Runtime: garbage collector: A new garbage collector is now available as an experiment. This garbage collector’s design improves the performance of marking and scanning small objects through better locality and CPU scalability. Benchmark result vary, but we expect somewhere between a 10—40% reduction in garbage collection overhead in real-world programs that heavily use the garbage collector. The new garbage collector may be enabled by setting GOEXPERIMENT=greenteagc at build time. We expect the design to continue to evolve and improve. To that end, we encourage Go developers to try it out and report back their experiences. See the GitHub issue for more details on the design and instructions for sharing feedback. * Runtime: trace flight recorder: Runtime execution traces have long provided a powerful, but expensive way to understand and debug the low-level behavior of an application. Unfortunately, because of their size and the cost of continuously writing an execution trace, they were generally impractical for debugging rare events. The new runtime/trace.FlightRecorder API provides a lightweight way to capture a runtime execution trace by continuously recording the trace into an in-memory ring buffer. When a significant event occurs, a program can call FlightRecorder.WriteTo to snapshot the last few seconds of the trace to a file. This approach produces a much smaller trace by enabling applications to capture only the traces that matter. The length of time and amount of data captured by a FlightRecorder may be configured within the FlightRecorderConfig. * Runtime: Change to unhandled panic output: The message printed when a program exits due to an unhandled panic that was recovered and repanicked no longer repeats the text of the panic value. * Runtime: VMA names on Linux: On Linux systems with kernel support for anonymous virtual memory area (VMA) names (CONFIG_ANON_VMA_NAME), the Go runtime will annotate anonymous memory mappings with context about their purpose. e.g., [anon: Go: heap] for heap memory. This can be disabled with the GODEBUG setting decoratemappings=0. * Compiler: nil pointer bug: This release fixes a compiler bug, introduced in Go 1.21, that could incorrectly delay nil pointer checks. * Compiler: DWARF5 support: The compiler and linker in Go 1.25 now generate debug information using DWARF version 5. The newer DWARF version reduces the space required for debugging information in Go binaries, and reduces the time for linking, especially for large Go binaries. DWARF 5 generation can be disabled by setting the environment variable GOEXPERIMENT=nodwarf5 at build time (this fallback may be removed in a future Go release). * Compiler: Faster slices: The compiler can now allocate the backing store for slices on the stack in more situations, which improves performance. This change has the potential to amplify the effects of incorrect unsafe.Pointer usage, see for example issue 73199. In order to track down these problems, the bisect tool can be used to find the allocation causing trouble using the -compile=variablemake flag. All such new stack allocations can also be turned off using -gcflags=all=-d=variablemakehash=n. * Linker: The linker now accepts a -funcalign=N command line option, which specifies the alignment of function entries. The default value is platform-dependent, and is unchanged in this release. * Standard library: testing/synctest: The new testing/synctest package provides support for testing concurrent code. This package was first available in Go 1.24 under GOEXPERIMENT=synctest, with a slightly different API. The experiment has now graduated to general availability. The old API is still present if GOEXPERIMENT=synctest is set, but will be removed in Go 1.26. * Standard library: testing/synctest: The Test function runs a test function in an isolated “bubble”. Within the bubble, time is virtualized: time package functions operate on a fake clock and the clock moves forward instantaneously if all goroutines in the bubble are blocked. * Standard library: testing/synctest: The Wait function waits for all goroutines in the current bubble to block. * Standard library: encoding/json/v2: Go 1.25 includes a new, experimental JSON implementation, which can be enabled by setting the environment variable GOEXPERIMENT=jsonv2 at build time. When enabled, two new packages are available: The encoding/json/v2 package is a major revision of the encoding/json package. The encoding/json/jsontext package provides lower-level processing of JSON syntax. In addition, when the “jsonv2” GOEXPERIMENT is enabled: The encoding/json package uses the new JSON implementation. Marshaling and unmarshaling behavior is unaffected, but the text of errors returned by package function may change. The encoding/json package contains a number of new options which may be used to configure the marshaler and unmarshaler. The new implementation performs substantially better than the existing one under many scenarios. In general, encoding performance is at parity between the implementations and decoding is substantially faster in the new one. See the github.com/go-json-experiment/jsonbench repository for more detailed analysis. We encourage users of encoding/json to test their programs with GOEXPERIMENT=jsonv2 enabled to help detect any compatibility issues with the new implementation. We expect the design of encoding/json/v2 to continue to evolve. We encourage developers to try out the new API and provide feedback on the proposal issue. * archive/tar: The Writer.AddFS implementation now supports symbolic links for filesystems that implement io/fs.ReadLinkFS. * encoding/asn1: Unmarshal and UnmarshalWithParams now parse the ASN.1 types T61String and BMPString more consistently. This may result in some previously accepted malformed encodings now being rejected. * crypto: MessageSigner is a new signing interface that can be implemented by signers that wish to hash the message to be signed themselves. A new function is also introduced, SignMessage, which attempts to upgrade a Signer interface to MessageSigner, using the MessageSigner.SignMessage method if successful, and Signer.Sign if not. This can be used when code wishes to support both Signer and MessageSigner. * crypto: Changing the fips140 GODEBUG setting after the program has started is now a no-op. Previously, it was documented as not allowed, and could cause a panic if changed. * crypto: SHA-1, SHA-256, and SHA-512 are now slower on amd64 when AVX2 instructions are not available. All server processors (and most others) produced since 2015 support AVX2. * crypto/ecdsa: The new ParseRawPrivateKey, ParseUncompressedPublicKey, PrivateKey.Bytes, and PublicKey.Bytes functions and methods implement low-level encodings, replacing the need to use crypto/elliptic or math/big functions and methods. * crypto/ecdsa: When FIPS 140-3 mode is enabled, signing is now four times faster, matching the performance of non-FIPS mode. * crypto/ed25519: When FIPS 140-3 mode is enabled, signing is now four times faster, matching the performance of non-FIPS mode. * crypto/elliptic: The hidden and undocumented Inverse and CombinedMult methods on some Curve implementations have been removed. * crypto/rsa: PublicKey no longer claims that the modulus value is treated as secret. VerifyPKCS1v15 and VerifyPSS already warned that all inputs are public and could be leaked, and there are mathematical attacks that can recover the modulus from other public values. * crypto/rsa: Key generation is now three times faster. * crypto/sha1: Hashing is now two times faster on amd64 when SHA-NI instructions are available. * crypto/sha3: The new SHA3.Clone method implements hash.Cloner. * crypto/sha3: Hashing is now two times faster on Apple M processors. * crypto/tls: The new ConnectionState.CurveID field exposes the key exchange mechanism used to establish the connection. * crypto/tls: The new Config.GetEncryptedClientHelloKeys callback can be used to set the EncryptedClientHelloKeys for a server to use when a client sends an Encrypted Client Hello extension. * crypto/tls: SHA-1 signature algorithms are now disallowed in TLS 1.2 handshakes, per RFC 9155. They can be re-enabled with the GODEBUG setting tlssha1=1. * crypto/tls: When FIPS 140-3 mode is enabled, Extended Master Secret is now required in TLS 1.2, and Ed25519 and X25519MLKEM768 are now allowed. * crypto/tls: TLS servers now prefer the highest supported protocol version, even if it isn’t the client’s most preferred protocol version. * crypto/tls: Both TLS clients and servers are now stricter in following the specifications and in rejecting off-spec behavior. Connections with compliant peers should be unaffected. * crypto/x509: CreateCertificate, CreateCertificateRequest, and CreateRevocationList can now accept a crypto.MessageSigner signing interface as well as crypto.Signer. This allows these functions to use signers which implement “one-shot” signing interfaces, where hashing is done as part of the signing operation, instead of by the caller. * crypto/x509: CreateCertificate now uses truncated SHA-256 to populate the SubjectKeyId if it is missing. The GODEBUG setting x509sha256skid=0 reverts to SHA-1. * crypto/x509: ParseCertificate now rejects certificates which contain a BasicConstraints extension that contains a negative pathLenConstraint. * crypto/x509: ParseCertificate now handles strings encoded with the ASN.1 T61String and BMPString types more consistently. This may result in some previously accepted malformed encodings now being rejected. * debug/elf: The debug/elf package adds two new constants: PT_RISCV_ATTRIBUTES and SHT_RISCV_ATTRIBUTES for RISC-V ELF parsing. * go/ast: The FilterPackage, PackageExports, and MergePackageFiles functions, and the MergeMode type and its constants, are all deprecated, as they are for use only with the long-deprecated Object and Package machinery. * go/ast: The new PreorderStack function, like Inspect, traverses a syntax tree and provides control over descent into subtrees, but as a convenience it also provides the stack of enclosing nodes at each point. * go/parser: The ParseDir function is deprecated. * go/token: The new FileSet.AddExistingFiles method enables existing Files to be added to a FileSet, or a FileSet to be constructed for an arbitrary set of Files, alleviating the problems associated with a single global FileSet in long-lived applications. * go/types: Var now has a Var.Kind method that classifies the variable as one of: package-level, receiver, parameter, result, local variable, or a struct field. * go/types: The new LookupSelection function looks up the field or method of a given name and receiver type, like the existing LookupFieldOrMethod function, but returns the result in the form of a Selection. * hash: The new XOF interface can be implemented by “extendable output functions”, which are hash functions with arbitrary or unlimited output length such as SHAKE. * hash: Hashes implementing the new Cloner interface can return a copy of their state. All standard library Hash implementations now implement Cloner. * hash/maphash: The new Hash.Clone method implements hash.Cloner. * io/fs: A new ReadLinkFS interface provides the ability to read symbolic links in a filesystem. * log/slog: GroupAttrs creates a group Attr from a slice of Attr values. * log/slog: Record now has a Source method, returning its source location or nil if unavailable. * mime/multipart: The new helper function FileContentDisposition builds multipart Content-Disposition header fields. * net: LookupMX and Resolver.LookupMX now return DNS names that look like valid IP address, as well as valid domain names. Previously if a name server returned an IP address as a DNS name, LookupMX would discard it, as required by the RFCs. However, name servers in practice do sometimes return IP addresses. * net: On Windows, ListenMulticastUDP now supports IPv6 addresses. * net: On Windows, it is now possible to convert between an os.File and a network connection. Specifcally, the FileConn, FilePacketConn, and FileListener functions are now implemented, and return a network connection or listener corresponding to an open file. Similarly, the File methods of TCPConn, UDPConn, UnixConn, IPConn, TCPListener, and UnixListener are now implemented, and return the underlying os.File of a network connection. * net/http: The new CrossOriginProtection implements protections against Cross-Site Request Forgery (CSRF) by rejecting non-safe cross-origin browser requests. It uses modern browser Fetch metadata, doesn’t require tokens or cookies, and supports origin-based and pattern-based bypasses. * os: On Windows, NewFile now supports handles opened for asynchronous I/O (that is, syscall.FILE_FLAG_OVERLAPPED is specified in the syscall.CreateFile call). These handles are associated with the Go runtime’s I/O completion port, which provides the following benefits for the resulting File: I/O methods (File.Read, File.Write, File.ReadAt, and File.WriteAt) do not block an OS thread. Deadline methods (File.SetDeadline, File.SetReadDeadline, and File.SetWriteDeadline) are supported. This enhancement is especially beneficial for applications that communicate via named pipes on Windows. Note that a handle can only be associated with one completion port at a time. If the handle provided to NewFile is already associated with a completion port, the returned File is downgraded to synchronous I/O mode. In this case, I/O methods will block an OS thread, and the deadline methods have no effect. * os: The filesystems returned by DirFS and Root.FS implement the new io/fs.ReadLinkFS interface. CopyFS supports symlinks when copying filesystems that implement io/fs.ReadLinkFS. The Root type supports the following additional methods: Root.Chmod, Root.Chown, Root.Chtimes, Root.Lchown, Root.Link, Root.MkdirAll, Root.ReadFile, Root.Readlink, Root.RemoveAll, Root.Rename, Root.Symlink, and Root.WriteFile. * reflect: The new TypeAssert function permits converting a Value directly to a Go value of the given type. This is like using a type assertion on the result of Value.Interface, but avoids unnecessary memory allocations. * regexp/syntax: The \p{name} and \P{name} character class syntaxes now accept the names Any, ASCII, Assigned, Cn, and LC, as well as Unicode category aliases like \p{Letter} for \pL. Following Unicode TR18, they also now use case-insensitive name lookups, ignoring spaces, underscores, and hyphens. * runtime: Cleanup functions scheduled by AddCleanup are now executed concurrently and in parallel, making cleanups more viable for heavy use like the unique package. Note that individual cleanups should still shunt their work to a new goroutine if they must execute or block for a long time to avoid blocking the cleanup queue. * runtime: A new GODEBUG=checkfinalizers=1 setting helps find common issues with finalizers and cleanups, such as those described in the GC guide. In this mode, the runtime runs diagnostics on each garbage collection cycle, and will also regularly report the finalizer and cleanup queue lengths to stderr to help identify issues with long-running finalizers and/or cleanups. See the GODEBUG documentation for more details. * runtime: The new SetDefaultGOMAXPROCS function sets GOMAXPROCS to the runtime default value, as if the GOMAXPROCS environment variable is not set. This is useful for enabling the new GOMAXPROCS default if it has been disabled by the GOMAXPROCS environment variable or a prior call to GOMAXPROCS. * runtime/pprof: The mutex profile for contention on runtime-internal locks now correctly points to the end of the critical section that caused the delay. This matches the profile’s behavior for contention on sync.Mutex values. The runtimecontentionstacks setting for GODEBUG, which allowed opting in to the unusual behavior of Go 1.22 through 1.24 for this part of the profile, is now gone. * sync: The new WaitGroup.Go method makes the common pattern of creating and counting goroutines more convenient. * testing: The new methods T.Attr, B.Attr, and F.Attr emit an attribute to the test log. An attribute is an arbitrary key and value associated with a test. * testing: With the -json flag, attributes appear as a new “attr” action. * testing: The new Output method of T, B and F provides an io.Writer that writes to the same test output stream as TB.Log. Like TB.Log, the output is indented, but it does not include the file and line number. * testing: The AllocsPerRun function now panics if parallel tests are running. The result of AllocsPerRun is inherently flaky if other tests are running. The new panicking behavior helps catch such bugs. * testing/fstest: MapFS implements the new io/fs.ReadLinkFS interface. TestFS will verify the functionality of the io/fs.ReadLinkFS interface if implemented. TestFS will no longer follow symlinks to avoid unbounded recursion. * unicode: The new CategoryAliases map provides access to category alias names, such as “Letter” for “L”. * unicode: The new categories Cn and LC define unassigned codepoints and cased letters, respectively. These have always been defined by Unicode but were inadvertently omitted in earlier versions of Go. The C category now includes Cn, meaning it has added all unassigned code points. * unique: The unique package now reclaims interned values more eagerly, more efficiently, and in parallel. As a consequence, applications using Make are now less likely to experience memory blow-up when lots of truly unique values are interned. * unique: Values passed to Make containing Handles previously required multiple garbage collection cycles to collect, proportional to the depth of the chain of Handle values. Now, once unused, they are collected promptly in a single cycle. * Darwin port: As announced in the Go 1.24 release notes, Go 1.25 requires macOS 12 Monterey or later. Support for previous versions has been discontinued. * Windows port: Go 1.25 is the last release that contains the broken 32-bit windows/arm port (GOOS=windows GOARCH=arm). It will be removed in Go 1.26. * Loong64 port: The linux/loong64 port now supports the race detector, gathering traceback information from C code using runtime.SetCgoTraceback, and linking cgo programs with the internal link mode. * RISC-V port: The linux/riscv64 port now supports the plugin build mode. * RISC-V port: The GORISCV64 environment variable now accepts a new value rva23u64, which selects the RVA23U64 user-mode application profile. Important SUSE bug 1244485 SUSE bug 1246118 SUSE bug 1247719 SUSE bug 1247720 CVE-2025-4674 at SUSE CVE-2025-4674 at NVD CVE-2025-47906 at SUSE CVE-2025-47906 at NVD CVE-2025-47907 at SUSE CVE-2025-47907 at NVD cpe:/o:opensuse:leap:15.6 Security update for python310 (Moderate) openSUSE Leap 15.6 This update for python310 fixes the following issues: - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249). Moderate SUSE bug 1247249 CVE-2025-8194 at SUSE CVE-2025-8194 at NVD cpe:/o:opensuse:leap:15.6 Security update for gdk-pixbuf (Important) openSUSE Leap 15.6 This update for gdk-pixbuf fixes the following issues: - CVE-2025-6199: Fixed uninitialized memory leading to arbitrary memory contents leak (bsc#1245227) - CVE-2025-7345: Fixed heap buffer overflow within the gdk_pixbuf__jpeg_image_load_increment function (bsc#1246114) Important SUSE bug 1245227 SUSE bug 1246114 CVE-2025-6199 at SUSE CVE-2025-6199 at NVD CVE-2025-7345 at SUSE CVE-2025-7345 at NVD cpe:/o:opensuse:leap:15.6 Security update for glibc (Moderate) openSUSE Leap 15.6 This update for glibc fixes the following issues: - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965) Moderate SUSE bug 1240058 SUSE bug 1246965 CVE-2025-8058 at SUSE CVE-2025-8058 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-36028: mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (bsc#1225707). - CVE-2024-36348, CVE-2024-36349, CVE-2024-36350, CVE-2024-36357: x86/process: Move the buffer clearing before MONITOR (bsc#1238896). - CVE-2024-44963: btrfs: do not BUG_ON() when freeing tree block after error (bsc#1230216). - CVE-2024-49861: net: clear the dst when changing skb protocol (bsc#1245954). - CVE-2024-56742: vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() (bsc#1235613). - CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061). - CVE-2025-21854: selftest/bpf: Add vsock test for sockmap rejecting unconnected (bsc#1239470). - CVE-2025-21872: efi/mokvar-table: Avoid repeated map/unmap of the same page (bsc#1240323). - CVE-2025-22090: mm: (un)track_pfn_copy() fix + doc improvements (bsc#1241537). - CVE-2025-23163: net: vlan: do not propagate flags on open (bsc#1242837). - CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068). - CVE-2025-37864: net: dsa: clean up FDB, MDB, VLAN entries on unbind (bsc#1242965). - CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960). - CVE-2025-37920: kABI workaround for xsk: Fix race condition in AF_XDP generic RX path (bsc#1243479). - CVE-2025-37984: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() (bsc#1243669). - CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792). - CVE-2025-38035: nvmet-tcp: do not restore null sk_state_change (bsc#1244801). - CVE-2025-38051: smb: client: Fix use-after-free in cifs_fill_dirent (bsc#1244750). - CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151). - CVE-2025-38061: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() (bsc#1245440). - CVE-2025-38062: kABI: restore layout of struct msi_desc (bsc#1245216). - CVE-2025-38063: dm: fix unconditional IO throttle caused by REQ_PREFLUSH (bsc#1245202). - CVE-2025-38064: virtio: break and reset virtio devices on device_shutdown() (bsc#1245201). - CVE-2025-38074: vhost-scsi: protect vq->log_used with vq->mutex (bsc#1244735). - CVE-2025-38094: net: cadence: macb: Fix a possible deadlock in macb_halt_tx (bsc#1245649). - CVE-2025-38097: kabi: restore encap_sk in struct xfrm_state (bsc#1245660). - CVE-2025-38098: drm/amd/display: Do not treat wb connector as physical in (bsc#1245654). - CVE-2025-38099: Bluetooth: btusb: Fix regression in the initialization of fake Bluetooth controllers (bsc#1245671). - CVE-2025-38100: x86/iopl: Cure TIF_IO_BITMAP inconsistencies (bsc#1245650). - CVE-2025-38105: ALSA: usb-audio: Kill timer properly at removal (bsc#1245682). - CVE-2025-38115: net_sched: sch_sfq: fix a potential crash on gso_skb handling (bsc#1245689). - CVE-2025-38117: hci_dev centralize extra lock (bsc#1245695). - CVE-2025-38126: net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping (bsc#1245708). - CVE-2025-38131: coresight: prevent deactivate active config while enabling the config (bsc#1245677). - CVE-2025-38132: coresight: holding cscfg_csdev_lock while removing cscfg from csdev (bsc#1245679). - CVE-2025-38147: calipso: unlock rcu before returning -EAFNOSUPPORT (bsc#1245768). - CVE-2025-38158: hisi_acc_vfio_pci: fix XQE dma address error (bsc#1245750). - CVE-2025-38162: netfilter: nft_set_pipapo: prevent overflow in lookup table allocation (bsc#1245752). - CVE-2025-38166: bpf: fix ktls panic with sockmap (bsc#1245758). - CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970). - CVE-2025-38182: ublk: santizize the arguments from userspace when adding a device (bsc#1245937). - CVE-2025-38183: net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() (bsc#1246006). - CVE-2025-38187: drm/nouveau: fix a use-after-free in r535_gsp_rpc_push() (bsc#1245951). - CVE-2025-38188: drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE (bsc#1246098). - CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045). - CVE-2025-38202: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() (bsc#1245980). - CVE-2025-38203: jfs: Fix null-ptr-deref in jfs_ioc_trim (bsc#1246044). - CVE-2025-38204: jfs: fix array-index-out-of-bounds read in add_missing_indices (bsc#1245983). - CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073). - CVE-2025-38210: configfs-tsm-report: Fix NULL dereference of tsm_ops (bsc#1246020). - CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029). - CVE-2025-38220: ext4: only dirty folios when data journaling regular files (bsc#1245966). - CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976). - CVE-2025-38236: af_unix: Disable MSG_OOB for unprivileged users (bsc#1246093). - CVE-2025-38239: scsi: megaraid_sas: Fix invalid node index (bsc#1246178). - CVE-2025-38244: smb: client: fix potential deadlock when reconnecting channels (bsc#1246183). - CVE-2025-38248: bridge: mcast: Fix use-after-free during router port configuration (bsc#1246173). - CVE-2025-38250: kABI workaround for bluetooth hci_dev changes (bsc#1246182). - CVE-2025-38264: llist: add interface to check if a node is on a list (bsc#1246387). - CVE-2025-38272: net: dsa: b53: do not enable EEE on bcm63xx (bsc#1246268). - CVE-2025-38279: selftests/bpf: Add tests with stack ptr register in conditional jmp (bsc#1246264). - CVE-2025-38283: hisi_acc_vfio_pci: bugfix live migration function without VF device driver (bsc#1246273). - CVE-2025-38303: Bluetooth: eir: Fix possible crashes on eir_create_adv_data (bsc#1246354). - CVE-2025-38310: seg6: Fix validation of nexthop addresses (bsc#1246361). - CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473). - CVE-2025-38334: x86/sgx: Prevent attempts to reclaim poisoned pages (bsc#1246384). - CVE-2025-38335: Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT (bsc#1246250). - CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253). - CVE-2025-38349: eventpoll: do not decrement ep refcount while still holding the ep mutex (bsc#1246777). - CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781). - CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911). - CVE-2025-38364: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() (bsc#1247091). - CVE-2025-38365: btrfs: fix a race between renames and directory logging (bsc#1247023). - CVE-2025-38371: drm/v3d: Disable interrupts before resetting the GPU (bsc#1247178). - CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177). - CVE-2025-38382: btrfs: fix iteration of extrefs during log replay (bsc#1247031). - CVE-2025-38392: idpf: convert control queue mutex to a spinlock (bsc#1247169). - CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247156). - CVE-2025-38399: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (bsc#1247097). - CVE-2025-38403: vsock/vmci: Clear the vmci transport packet properly when initializing it (bsc#1247141). - CVE-2025-38414: wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 (bsc#1247145). - CVE-2025-38426: drm/amdgpu: Add basic validation for RAS header (bsc#1247252). - CVE-2025-38429: bus: mhi: ep: Update read pointer only after buffer is written (bsc#1247253). - CVE-2025-38455: KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (bsc#1247101). - CVE-2025-38457: net/sched: Abort __tc_modify_qdisc if parent class does not exist (bsc#1247098). - CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143). - CVE-2025-38461: vsock: Fix transport_* TOCTOU (bsc#1247103). - CVE-2025-38462: vsock: Fix transport_{g2h,h2g} TOCTOU (bsc#1247104). - CVE-2025-38463: tcp: Correct signedness in skb remaining space calculation (bsc#1247113). - CVE-2025-38465: netlink: make sure we allow at least one dump skb (bsc#1247118). - CVE-2025-38470: kABI fix for net: vlan: fix VLAN 0 refcount imbalance of toggling (bsc#1247288). - CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247450). - CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347). - CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374). The following non-security bugs were fixed: - Documentation: ACPI: Fix parent device references (git-fixes). - Documentation: usb: gadget: Wrap remaining usage snippets in literal code block (git-fixes). - Fix dma_unmap_sg() nents value (git-fixes) - Reapply 'wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()' (git-fixes). - Revert 'ACPI: battery: negate current when discharging' (stable-fixes). - Revert 'cgroup_freezer: cgroup_freezing: Check if not frozen' (bsc#1219338). - Revert 'drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1' (stable-fixes). - Revert 'mmc: sdhci: Disable SD card clock before changing parameters' (git-fixes). - Revert 'usb: xhci: Implement xhci_handshake_check_state() helper' (git-fixes). - Revert 'vgacon: Add check for vc_origin address range in vgacon_scroll()' (stable-fixes). - acpi: LPSS: Remove AudioDSP related ID (git-fixes). - acpi: PRM: Reduce unnecessary printing to avoid user confusion (bsc#1246122). - acpi: processor: perflib: Fix initial _PPC limit application (git-fixes). - acpica: Refuse to evaluate a method if arguments are missing (stable-fixes). - af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() (git-fixes). - af_unix: Add a prompt to CONFIG_AF_UNIX_OOB (bsc#1246093). - alsa: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() (git-fixes). - alsa: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx (stable-fixes). - alsa: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 (stable-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (stable-fixes). - alsa: hda/tegra: Add Tegra264 support (stable-fixes). - alsa: hda: Add missing NVIDIA HDA codec IDs (stable-fixes). - alsa: hda: Add new pci id for AMD GPU display HD audio controller (stable-fixes). - alsa: hda: Ignore unsol events for cards being shut down (stable-fixes). - alsa: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() (git-fixes). - alsa: sb: Do not allow changing the DMA mode during operations (stable-fixes). - alsa: sb: Force to disable DMAs once when DMA mode is changed (stable-fixes). - amd/amdkfd: fix a kfd_process ref leak (stable-fixes). - aoe: clean device rq_list in aoedev_downdev() (git-fixes). - apple-mfi-fastcharge: protect first device name (git-fixes). - asoc: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15 (stable-fixes). - asoc: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic (stable-fixes). - asoc: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic (stable-fixes). - asoc: amd: yc: update quirk data for HP Victus (stable-fixes). - asoc: codec: wcd9335: Convert to GPIO descriptors (stable-fixes). - asoc: codecs: wcd9335: Fix missing free of regulator supplies (git-fixes). - asoc: codecs: wcd9335: Handle nicer probe deferral and simplify with dev_err_probe() (stable-fixes). - asoc: cs35l56: probe() should fail if the device ID is not recognized (git-fixes). - asoc: fsl_asrc: use internal measured ratio for non-ideal ratio mode (git-fixes). - asoc: fsl_xcvr: get channel status data when PHY is not exists (git-fixes). - asoc: ops: dynamically allocate struct snd_ctl_elem_value (git-fixes). - asoc: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (git-fixes). - ata: pata_cs5536: fix build on 32-bit UML (stable-fixes). - audit,module: restore audit logging in load failure case (git-fixes). - bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (git-fixes). - bluetooth: L2CAP: Fix L2CAP MTU negotiation (stable-fixes). - bluetooth: L2CAP: Fix attempting to adjust outgoing MTU (git-fixes). - bluetooth: MGMT: Fix not generating command complete for MGMT_OP_DISCONNECT (git-fixes). - bluetooth: MGMT: mesh_send: check instances prior disabling advertising (git-fixes). - bluetooth: MGMT: set_mesh: update LE scan interval and window (git-fixes). - bluetooth: Prevent unintended pause by checking if advertising is active (git-fixes). - bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout (git-fixes). - bluetooth: SMP: If an unallowed command is received consider it a failure (git-fixes). - bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID (git-fixes). - bluetooth: hci_conn: Fix sending BT_HCI_CMD_LE_CREATE_CONN_CANCEL (git-fixes). - bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected (git-fixes). - bluetooth: hci_event: Mask data status from LE ext adv reports (git-fixes). - bluetooth: hci_sync: Attempt to dequeue connection attempt (git-fixes). - bluetooth: hci_sync: Fix UAF on create_le_conn_complete (git-fixes). - bluetooth: hci_sync: Fix handling of HCI_OP_CREATE_CONN_CANCEL (git-fixes). - bluetooth: hci_sync: Fix not disabling advertising instance (git-fixes). - bluetooth: hci_sync: fix connectable extended advertising when using static random address (git-fixes). - bluetooth: hci_sync: revert some mesh modifications (git-fixes). - bpf, sockmap: Fix sk_msg_reset_curr (git-fixes). - bpf/lpm_trie: Inline longest_prefix_match for fastpath (git-fixes). - bpf/selftests: Check errno when percpu map value size exceeds (git-fixes). - bpf: Add a possibly-zero-sized read test (git-fixes). - bpf: Avoid __hidden__ attribute in static object (git-fixes). - bpf: Check percpu map value size first (git-fixes). - bpf: Disable some `attribute ignored' warnings in GCC (git-fixes). - bpf: Fix memory leak in bpf_core_apply (git-fixes). - bpf: Fix potential integer overflow in resolve_btfids (git-fixes). - bpf: Harden __bpf_kfunc tag against linker kfunc removal (git-fixes). - bpf: Make the pointer returned by iter next method valid (git-fixes). - bpf: Simplify checking size of helper accesses (git-fixes). - bpf: fix order of args in call to bpf_map_kvcalloc (git-fixes). - bpf: sockmap, updating the sg structure should also update curr (git-fixes). - bpftool: Fix missing pids during link show (git-fixes). - bpftool: Fix undefined behavior caused by shifting into the sign bit (git-fixes). - bpftool: Mount bpffs on provided dir instead of parent dir (git-fixes). - bpftool: Remove unnecessary source files from bootstrap version (git-fixes). - bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer (git-fixes). - btrfs: do not ignore inode missing when replaying log tree (git-fixes). - btrfs: do not silently ignore unexpected extent type when replaying log (git-fixes). - btrfs: do not skip remaining extrefs if dir not found during log replay (git-fixes). - btrfs: explicitly ref count block_group on new_bgs list (bsc#1243068) - btrfs: fix assertion when building free space tree (git-fixes). - btrfs: fix inode lookup error handling during log replay (git-fixes). - btrfs: fix invalid inode pointer dereferences during log replay (git-fixes). - btrfs: fix log tree replay failure due to file with 0 links and extents (git-fixes). - btrfs: fix missing error handling when searching for inode refs during log replay (git-fixes). - btrfs: fix non-empty delayed iputs list on unmount due to async workers (git-fixes). - btrfs: fix ssd_spread overallocation (git-fixes). - btrfs: make btrfs_discard_workfn() block_group ref explicit (bsc#1243068) - btrfs: propagate last_unlink_trans earlier when doing a rmdir (git-fixes). - btrfs: rename err to ret in btrfs_rmdir() (git-fixes). - btrfs: return a btrfs_inode from btrfs_iget_logging() (git-fixes). - btrfs: return a btrfs_inode from read_one_inode() (git-fixes). - btrfs: tests: fix chunk map leak after failure to add it to the tree (git-fixes). - btrfs: update superblock's device bytes_used when dropping chunk (git-fixes). - btrfs: use NOFS context when getting inodes during logging and log replay (git-fixes). - btrfs: use btrfs_record_snapshot_destroy() during rmdir (git-fixes). - bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() (git-fixes). - bus: mhi: host: Detect events pointing to unexpected TREs (git-fixes). - can: dev: can_restart(): move debug message and stats after successful restart (stable-fixes). - can: dev: can_restart(): reverse logic to remove need for goto (stable-fixes). - can: kvaser_pciefd: Store device channel index (git-fixes). - can: kvaser_usb: Assign netdev.dev_port based on device channel index (git-fixes). - can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level (git-fixes). - can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (git-fixes). - can: peak_usb: fix USB FD devices potential malfunction (git-fixes). - cdc-acm: fix race between initial clearing halt and open (git-fixes). - cgroup,freezer: fix incomplete freezing when attaching tasks (bsc#1245789). - cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks (bsc#1241166). - cifs: reconnect helper should set reconnect for the right channel (git-fixes). - clk: clk-axi-clkgen: fix fpfd_max frequency for zynq (git-fixes). - clk: davinci: Add NULL check in davinci_lpsc_clk_register() (git-fixes). - clk: sunxi-ng: v3s: Fix de clock definition (git-fixes). - clk: xilinx: vcu: unregister pll_post only if registered correctly (git-fixes). - clocksource: Scale the watchdog read retries automatically (bsc#1241345 bsc#1244457). - clocksource: Set cs_watchdog_read() checks based on .uncertainty_margin (bsc#1241345 bsc#1244457). - comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large (git-fixes). - comedi: Fix initialization of data for instructions that write to subdevice (git-fixes). - comedi: Fix some signed shift left operations (git-fixes). - comedi: Fix use of uninitialized data in insn_rw_emulate_bits() (git-fixes). - comedi: aio_iiro_16: Fix bit shift out of bounds (git-fixes). - comedi: das16m1: Fix bit shift out of bounds (git-fixes). - comedi: das6402: Fix bit shift out of bounds (git-fixes). - comedi: pcl812: Fix bit shift out of bounds (git-fixes). - compiler_types.h: Define __retain for __attribute__((__retain__)) (git-fixes). - crypto: arm/aes-neonbs - work around gcc-15 warning (git-fixes). - crypto: ccp - Fix crash when rebind ccp device for ccp.ko (git-fixes). - crypto: ccp - Fix locking on alloc failure handling (git-fixes). - crypto: img-hash - Fix dma_unmap_sg() nents value (git-fixes). - crypto: inside-secure - Fix `dma_unmap_sg()` nents value (git-fixes). - crypto: keembay - Fix dma_unmap_sg() nents value (git-fixes). - crypto: marvell/cesa - Fix engine load inaccuracy (git-fixes). - crypto: qat - allow enabling VFs in the absence of IOMMU (git-fixes). - crypto: qat - disable ZUC-256 capability for QAT GEN5 (git-fixes). - crypto: qat - fix DMA direction for compression on GEN2 devices (git-fixes). - crypto: qat - fix seq_file position update in adf_ring_next() (git-fixes). - crypto: qat - fix state restore for banks with exceptions (git-fixes). - crypto: qat - flush misc workqueue during device shutdown (git-fixes). - crypto: qat - use unmanaged allocation for dc_data (git-fixes). - crypto: sun8i-ce - fix nents passed to dma_unmap_sg() (git-fixes). - dm-bufio: fix sched in atomic context (git-fixes). - dm-flakey: error all IOs when num_features is absent (git-fixes). - dm-flakey: make corrupting read bios work (git-fixes). - dm-mirror: fix a tiny race condition (git-fixes). - dm-raid: fix variable in journal device check (git-fixes). - dm-verity: fix a memory leak if some arguments are specified multiple times (git-fixes). - dm: do not change md if dm_table_set_restrictions() fails (git-fixes). - dm: free table mempools if not used in __bind (git-fixes). - dm: restrict dm device size to 2^63-512 bytes (git-fixes). - dma-buf: fix timeout handling in dma_resv_wait_timeout v2 (stable-fixes). - dmaengine: dw-edma: Drop unused dchan2dev() and chan2dev() (git-fixes). - dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using (stable-fixes). - dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (git-fixes). - dmaengine: nbpfaxi: Add missing check after DMA map (git-fixes). - dmaengine: nbpfaxi: Fix memory corruption in probe() (git-fixes). - dmaengine: qcom: gpi: Drop unused gpi_write_reg_field() (git-fixes). - dmaengine: xilinx_dma: Set dma_device directions (stable-fixes). - docs/ABI: Fix sysfs-kernel-address_bits path (git-fixes). - drm/amd/display: Do not overwrite dce60_clk_mgr (git-fixes). - drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (git-fixes). - drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume (git-fixes). - drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram (stable-fixes). - drm/amdkfd: Fix race in GWS queue scheduling (stable-fixes). - drm/bridge: panel: move prepare_prev_first handling to drm_panel_bridge_add_typed (git-fixes). - drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type (git-fixes). - drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() (git-fixes). - drm/bridge: ti-sn65dsi86: make use of debugfs_init callback (stable-fixes). - drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (git-fixes). - drm/exynos: fimd: Guard display clock control with runtime PM calls (git-fixes). - drm/framebuffer: Acquire internal references on GEM handles (git-fixes). - drm/gem: Acquire references on GEM handles for framebuffers (stable-fixes). - drm/gem: Fix race in drm_gem_handle_create_tail() (stable-fixes). - drm/i915/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/i915/gt: Fix timeline left held on VMA alloc error (git-fixes). - drm/i915/selftests: Change mock_request() to return error pointers (git-fixes). - drm/msm/dpu: Fill in min_prefill_lines for SC8180X (git-fixes). - drm/msm: Fix a fence leak in submit error path (stable-fixes). - drm/msm: Fix another leak in the submit error path (stable-fixes). - drm/panfrost: Fix panfrost device variable name in devfreq (git-fixes). - drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed (git-fixes). - drm/sched: Increment job count before swapping tail spsc queue (git-fixes). - drm/sched: Remove optimization that causes hang when killing dependent jobs (git-fixes). - drm/scheduler: signal scheduled fence when kill job (stable-fixes). - drm/tegra: nvdec: Fix dma_alloc_coherent error check (git-fixes). - drm/ttm: fix error handling in ttm_buffer_object_transfer (git-fixes). - drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel (git-fixes). - exfat: fdatasync flag should be same like generic_write_sync() (git-fixes). - fbcon: Fix outdated registered_fb reference in comment (git-fixes). - fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (git-fixes). - firewire: ohci: correct code comments about bus_reset tasklet (git-fixes). - fs/jfs: consolidate sanity checking in dbMount (git-fixes). - fs/orangefs: Allow 2 more characters in do_c_string() (git-fixes). - gpio: mlxbf2: use platform_get_irq_optional() (git-fixes). - gpio: pca953x: log an error when failing to get the reset GPIO (git-fixes). - gpio: sim: include a missing header (git-fixes). - gpio: vf610: add locking to gpio direction functions (git-fixes). - gpio: virtio: Fix config space reading (git-fixes). - gpiolib: Fix debug messaging in gpiod_find_and_request() (git-fixes). - gpiolib: Handle no pin_ranges in gpiochip_generic_config() (git-fixes). - gpiolib: acpi: Do not use GPIO chip fwnode in acpi_gpiochip_find() (bsc#1233300). - gpiolib: acpi: Fix failed in acpi_gpiochip_find() by adding parent node match (bsc#1233300). - gpiolib: cdev: Ignore reconfiguration without direction (git-fixes). - gpiolib: of: Add polarity quirk for s5m8767 (stable-fixes). - hfs: make splice write available again (git-fixes). - hfsplus: make splice write available again (git-fixes). - hfsplus: remove mutex_lock check in hfsplus_free_extents (git-fixes). - hid: Add IGNORE quirk for SMARTLINKTECHNOLOGY (stable-fixes). - hid: core: do not bypass hid_hw_raw_request (stable-fixes). - hid: core: ensure __hid_request reserves the report ID as the first byte (git-fixes). - hid: core: ensure the allocated report buffer can contain the reserved report ID (stable-fixes). - hid: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 (stable-fixes). - hid: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (stable-fixes). - hv_netvsc: Use VF's tso_max_size value when data path is VF (bsc#1246203). - hwmon: (corsair-cpro) Validate the size of the received input buffer (git-fixes). - hwmon: (gsc-hwmon) fix fan pwm setpoint show functions (git-fixes). - hwmon: (pmbus/max34440) Fix support for max34451 (stable-fixes). - hwrng: mtk - handle devm_pm_runtime_enable errors (git-fixes). - i2c/designware: Fix an initialization issue (git-fixes). - i2c: qup: jump out of the loop in case of timeout (git-fixes). - i2c: stm32: fix the device used for the DMA map (git-fixes). - i2c: tegra: Fix reset error handling with ACPI (git-fixes). - i2c: virtio: Avoid hang by using interruptible completion wait (git-fixes). - i3c: fix module_i3c_i2c_driver() with I3C=n (git-fixes). - ib/mlx5: Fix potential deadlock in MR deregistration (git-fixes) - iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush (git-fixes). - iio: adc: ad7949: use spi_is_bpw_supported() (git-fixes). - iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos (stable-fixes). - iio: adc: ad_sigma_delta: change to buffer predisable (git-fixes). - iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (stable-fixes). - iio: adc: max1363: Reorder mode_list[] entries (stable-fixes). - iio: adc: stm32-adc: Fix race in installing chained IRQ handler (git-fixes). - iio: imu: bno055: fix OOB access of hw_xlate array (git-fixes). - iio: pressure: zpa2326: Use aligned_s64 for the timestamp (stable-fixes). - input: iqs7222 - explicitly define number of external channels (git-fixes). - input: xpad - adjust error handling for disconnect (git-fixes). - input: xpad - set correct controller type for Acer NGR200 (git-fixes). - input: xpad - support Acer NGR 200 Controller (stable-fixes). - iommu/amd: Fix geometry.aperture_end for V2 tables (git-fixes). - iommu/amd: Set the pgsize_bitmap correctly (git-fixes). - iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (git-fixes). - iommu/vt-d: Fix possible circular locking dependency (git-fixes). - iommu/vt-d: Fix system hang on reboot -f (git-fixes). - ipv6: fix possible infinite loop in fib6_info_uses_dev() (git-fixes). - ipv6: mcast: Delay put pmc->idev in mld_del_delrec() (git-fixes). - ipv6: prevent infinite loop in rt6_nlmsg_size() (git-fixes). - ipv6: reject malicious packets in ipv6_gso_segment() (git-fixes). - iwlwifi: Add missing check for alloc_ordered_workqueue (git-fixes). - jfs: fix metapage reference count leak in dbAllocCtl (git-fixes). - kABI workaround for struct drm_framebuffer changes (git-fixes). - kABI: Fix the module::name type in audit_context (git-fixes). - kasan: remove kasan_find_vm_area() to prevent possible deadlock (git-fixes). - kernel-obs-qa: Do not depend on srchash when qemu emulation is used In this case the dependency is never fulfilled Fixes: 485ae1da2b88 ('kernel-obs-qa: Use srchash for dependency as well') - kernel-syms.spec: Drop old rpm release number hack (bsc#1247172). - leds: multicolor: Fix intensity setting while SW blinking (stable-fixes). - lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1236897). - lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() (bsc#1236897). - logitech C-270 even more broken (stable-fixes). - maple_tree: fix mt_destroy_walk() on root leaf node (git-fixes). - md/md-bitmap: fix dm-raid max_write_behind setting (git-fixes). - media: gspca: Add bounds checking to firmware parser (git-fixes). - media: hi556: correct the test pattern configuration (git-fixes). - media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (git-fixes). - media: ov2659: Fix memory leaks in ov2659_probe() (git-fixes). - media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (git-fixes). - media: usbtv: Lock resolution while streaming (git-fixes). - media: uvcvideo: Do not mark valid metadata as invalid (git-fixes). - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (git-fixes). - media: v4l2-ctrls: Do not reset handler's error in v4l2_ctrl_handler_free() (git-fixes). - media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (git-fixes). - media: venus: Add a check for packet size after reading from shared memory (git-fixes). - media: venus: hfi: explicitly release IRQ during teardown (git-fixes). - media: venus: protect against spurious interrupts during probe (git-fixes). - media: venus: vdec: Clamp param smaller than 1fps and bigger than 240 (git-fixes). - media: venus: venc: Clamp param smaller than 1fps and bigger than 240 (git-fixes). - media: vivid: fix wrong pixel_array control size (git-fixes). - memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() (git-fixes). - mfd: max14577: Fix wakeup source leaks on device unbind (stable-fixes). - misc: rtsx: usb: Ensure mmc child device is active when card is present (git-fixes). - mmc: bcm2835: Fix dma_unmap_sg() nents value (git-fixes). - mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier (git-fixes). - mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models (git-fixes). - mmc: sdhci: Add a helper function for dump register in dynamic debug mode (stable-fixes). - mmc: sdhci_am654: Workaround for Errata i2312 (git-fixes). - module: Fix memory deallocation on error path in move_module() (git-fixes). - module: Remove unnecessary +1 from last_unloaded_module::name size (git-fixes). - module: Restore the moduleparam prefix length check (git-fixes). - mtd: fix possible integer overflow in erase_xfer() (git-fixes). - mtd: rawnand: atmel: Fix dma_mapping_error() address (git-fixes). - mtd: rawnand: atmel: set pmecc data setup time (git-fixes). - mtd: rawnand: fsmc: Add missing check after DMA map (git-fixes). - mtd: rawnand: renesas: Add missing check after DMA map (git-fixes). - mtd: rawnand: rockchip: Add missing check after DMA map (git-fixes). - mtd: spi-nor: Fix spi_nor_try_unlock_all() (git-fixes). - mtd: spinand: fix memory leak of ECC engine conf (stable-fixes). - mtd: spinand: propagate spinand_wait() errors from spinand_write_page() (git-fixes). - mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (git-fixes). - mtk-sd: Prevent memory corruption from DMA map failure (git-fixes). - mtk-sd: reset host->mrq on prepare_data() error (git-fixes). - mwl8k: Add missing check after DMA map (git-fixes). - nbd: fix uaf in nbd_genl_connect() error path (git-fixes). - net/packet: fix a race in packet_set_ring() and packet_notifier() (git-fixes). - net/sched: Restrict conditions for adding duplicating netems to qdisc tree (git-fixes). - net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (git-fixes). - net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (git-fixes). - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (git-fixes). - net/sched: sch_qfq: Fix race condition on qfq_aggregate (git-fixes). - net/sched: taprio: enforce minimum value for picos_per_byte (git-fixes). - net: mana: Add debug logs in MANA network driver (bsc#1246212). - net: mana: Add handler for hardware servicing events (bsc#1245730). - net: mana: Allocate MSI-X vectors dynamically (bsc#1245457). - net: mana: Allow irq_setup() to skip cpus for affinity (bsc#1245457). - net: mana: Allow tso_max_size to go up-to GSO_MAX_SIZE (bsc#1246203). - net: mana: Expose additional hardware counters for drop and TC via ethtool (bsc#1245729). - net: mana: Set tx_packets to post gso processing packet count (bsc#1245731). - net: mana: explain irq_setup() algorithm (bsc#1245457). - net: phy: Do not register LEDs for genphy (git-fixes). - net: phy: micrel: fix KSZ8081/KSZ8091 cable test (git-fixes). - net: phy: microchip: limit 100M workaround to link-down events on LAN88xx (git-fixes). - net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap (git-fixes). - net: phy: smsc: Fix link failure in forced mode with Auto-MDIX (git-fixes). - net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect (git-fixes). - net: usb: qmi_wwan: add SIMCom 8230C composition (stable-fixes). - net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (git-fixes). - net: usbnet: Fix the wrong netif_carrier_on() call (git-fixes). - netpoll: prevent hanging NAPI when netcons gets enabled (git-fixes). - nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails (git-fixes). - nfs: Fix filehandle bounds checking in nfs_fh_to_dentry() (git-fixes). - nfs: Fix the setting of capabilities when automounting a new filesystem (git-fixes). - nfs: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() (git-fixes). - nfs: Fixup allocation flags for nfsiod's __GFP_NORETRY (git-fixes). - nfsd: detect mismatch of file handle and delegation stateid in OPEN op (git-fixes). - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (git-fixes). - nfsv4.2: another fix for listxattr (git-fixes). - nfsv4.2: fix listxattr to return selinux security label (git-fixes). - nfsv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN (git-fixes). - nfsv4: Always set NLINK even if the server does not support it (git-fixes). - nfsv4: xattr handlers should check for absent nfs filehandles (git-fixes). - nilfs2: reject invalid file types when reading inodes (git-fixes). - nvme-pci: refresh visible attrs after being checked (git-fixes). - nvme: Fix incorrect cdw15 value in passthru error logging (git-fixes). - nvme: fix endianness of command word prints in nvme_log_err_passthru() (git-fixes). - nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (git-fixes). - nvme: fix misaccounting of nvme-mpath inflight I/O (git-fixes). - nvmet-tcp: fix callback lock for TLS handshake (git-fixes). - objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret() (git-fixes). - objtool: Fix UNWIND_HINT_{SAVE,RESTORE} across basic blocks (git-fixes). - objtool: Fix _THIS_IP_ detection for cold functions (git-fixes). - objtool: Fix error handling inconsistencies in check() (git-fixes). - objtool: Ignore dangling jump table entries (git-fixes). - objtool: Ignore end-of-section jumps for KCOV/GCOV (git-fixes). - objtool: Properly disable uaccess validation (git-fixes). - objtool: Silence more KCOV warnings (git-fixes). - objtool: Silence more KCOV warnings, part 2 (git-fixes). - objtool: Stop UNRET validation on UD2 (git-fixes). - pNFS/flexfiles: do not attempt pnfs on fatal DS errors (git-fixes). - pch_uart: Fix dma_sync_sg_for_device() nents value (git-fixes). - pci/MSI: Export pci_msix_prepare_desc() for dynamic MSI-X allocations (bsc#1245457). - pci: dwc: Make link training more robust by setting PORT_LOGIC_LINK_WIDTH to one lane (stable-fixes). - pci: endpoint: Fix configfs group list head handling (git-fixes). - pci: endpoint: Fix configfs group removal on driver teardown (git-fixes). - pci: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute (git-fixes). - pci: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails (git-fixes). - pci: hv: Allow dynamic MSI-X vector allocation (bsc#1245457). - pci: rockchip-host: Fix 'Unexpected Completion' log message (git-fixes). - perf: Fix sample vs do_exit() (bsc#1246547). - phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode (git-fixes). - pinctrl: amd: Clear GPIO debounce for suspend (git-fixes). - pinctrl: qcom: msm: mark certain pins as invalid for interrupts (git-fixes). - pinctrl: sunxi: Fix memory leak on krealloc failure (git-fixes). - pinmux: fix race causing mux_owner NULL with active mux_usecount (git-fixes). - platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() (git-fixes). - platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 (git-fixes). - platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (git-fixes). - platform/mellanox: mlxreg-lc: Fix logic error in power state check (git-fixes). - platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message (git-fixes). - platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list (stable-fixes). - platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (git-fixes). - platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots (git-fixes). - platform/x86: think-lmi: Create ksets consecutively (stable-fixes). - platform/x86: think-lmi: Fix kobject cleanup (git-fixes). - platform/x86: think-lmi: Fix sysfs group cleanup (git-fixes). - pm / devfreq: Check governor before using governor->name (git-fixes). - power: supply: cpcap-charger: Fix null check for power_supply_get_by_name (git-fixes). - power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (git-fixes). - powercap: call put_device() on an error path in powercap_register_control_type() (stable-fixes). - powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() (git-fixes). - powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed (git-fixes). - powerpc/bpf: enforce full ordering for ATOMIC operations with BPF_FETCH (git-fixes). - ptp: fix breakage after ptp_vclock_in_use() rework (bsc#1246506). - pwm: imx-tpm: Reset counter if CMOD is 0 (git-fixes). - pwm: mediatek: Ensure to disable clocks in error path (git-fixes). - rdma/core: Rate limit GID cache warning messages (git-fixes) - rdma/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes) - rdma/hns: Drop GFP_NOWARN (git-fixes) - rdma/hns: Fix -Wframe-larger-than issue (git-fixes) - rdma/hns: Fix HW configurations not cleared in error flow (git-fixes) - rdma/hns: Fix accessing uninitialized resources (git-fixes) - rdma/hns: Fix double destruction of rsv_qp (git-fixes) - rdma/hns: Get message length of ack_req from FW (git-fixes) - rdma/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes) - rdma/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes) - rdma/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes) - rdma/mlx5: Fix CC counters query for MPV (git-fixes) - rdma/mlx5: Fix HW counters query for non-representor devices (git-fixes) - rdma/mlx5: Fix compilation warning when USER_ACCESS isn't set (git-fixes) - rdma/mlx5: Fix vport loopback for MPV device (git-fixes) - rdma/mlx5: Initialize obj_event->obj_sub_list before xa_insert (git-fixes) - rdma/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes) - rdma/siw: Fix the sendmsg byte count in siw_tcp_sendpages (git-fixes) - rdma/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes) - rdma/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes) - rdma/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes) - rdma/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes) - regmap: fix potential memory leak of regmap_bus (git-fixes). - regulator: fan53555: add enable_time support and soft-start times (stable-fixes). - regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (git-fixes). - regulator: pwm-regulator: Calculate the output voltage for disabled PWMs (stable-fixes). - resource: fix false warning in __request_region() (git-fixes). - restore UCSI_CONNECTOR_RESET_HARD definition (git-fixes). - ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() (git-fixes). - rose: fix dangling neighbour pointers in rose_rt_device_down() (git-fixes). - rpl: Fix use-after-free in rpl_do_srh_inline() (git-fixes). - rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879) Put the same workaround to avoid file truncation of vmlinux and co in kernel-default-base package, too. - rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337) - rtc: ds1307: fix incorrect maximum clock rate handling (git-fixes). - rtc: hym8563: fix incorrect maximum clock rate handling (git-fixes). - rtc: nct3018y: fix incorrect maximum clock rate handling (git-fixes). - rtc: pcf85063: fix incorrect maximum clock rate handling (git-fixes). - rtc: pcf8563: fix incorrect maximum clock rate handling (git-fixes). - rtc: rv3028: fix incorrect maximum clock rate handling (git-fixes). - s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (git-fixes bsc#1246870). - s390/entry: Fix last breaking event handling in case of stack corruption (git-fixes bsc#1243806). - s390/pci: Do not try re-enabling load/store if device is disabled (git-fixes bsc#1245646). - s390/pci: Fix stale function handles in error handling (git-fixes bsc#1245647). - s390/pkey: Prevent overflow in size calculation for memdup_user() (git-fixes bsc#1245598). - s390: Add z17 elf platform (LTC#214086 bsc#1245540). - samples: mei: Fix building on musl libc (git-fixes). - sched,freezer: Remove unnecessary warning in __thaw_task (bsc#1219338). - sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up() (git-fixes). - scsi: core: Enforce unlimited max_segment_size when virt_boundary_mask is set (git-fixes). - scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Early return out of FDMI cmpl for locally rejected statuses (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Modify end-of-life adapters' model descriptions (bsc#1245260 bsc#1243100 bsc#1246125 bsc#1204142). - scsi: lpfc: Move clearing of HBA_SETUP flag to before lpfc_sli4_queue_unset (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Relocate clearing initial phba flags from link up to link down hdlr (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Revise CQ_CREATE_SET mailbox bitfield definitions (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Revise logging format for failed CT MIB requests (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Simplify error handling for failed lpfc_get_sli4_parameters cmd (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Skip RSCN processing when FC_UNLOADING flag is set (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Update debugfs trace ring initialization messages (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Update lpfc version to 14.4.0.10 (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: megaraid_sas: Fix invalid node index (git-fixes). - scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() (git-fixes). - scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (git-fixes). - scsi: s390: zfcp: Ensure synchronous unit_add (git-fixes bsc#1245599). - selftests/bpf: Add CFLAGS per source file and runner (git-fixes). - selftests/bpf: Add tests for iter next method returning valid pointer (git-fixes). - selftests/bpf: Change functions definitions to support GCC (git-fixes). - selftests/bpf: Fix a few tests for GCC related warnings (git-fixes). - selftests/bpf: Fix pointer arithmetic in test_xdp_do_redirect (git-fixes). - selftests/bpf: Fix prog numbers in test_sockmap (git-fixes). - smb3: move server check earlier when setting channel sequence number (git-fixes). - smb3: rename macro CIFS_SERVER_IS_CHAN to avoid confusion (git-fixes). - smb3: send channel sequence number in SMB3 requests after reconnects (git-fixes). - smb: client: fix parsing of device numbers (git-fixes). - soc/tegra: cbb: Clear ERR_FORCE register with ERR_STATUS (git-fixes). - soc: aspeed: lpc-snoop: Cleanup resources in stack-order (git-fixes). - soc: aspeed: lpc-snoop: Do not disable channels that are not enabled (git-fixes). - soc: qcom: QMI encoding/decoding for big endian (git-fixes). - soc: qcom: fix endianness for QMI header (git-fixes). - soc: qcom: pmic_glink: fix OF node leak (git-fixes). - soundwire: amd: fix for clearing command status register (git-fixes). - soundwire: stream: restore params when prepare ports fail (git-fixes). - spi: spi-fsl-dspi: Clear completion counter before initiating transfer (git-fixes). - staging: axis-fifo: remove sysfs interface (git-fixes). - staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (git-fixes). - staging: nvec: Fix incorrect null termination of battery manufacturer (git-fixes). - struct cdns: move new member to the end (git-fixes). - struct ucsi_operations: use padding for new operation (git-fixes). - sunrpc: do not immediately retransmit on seqno miss (git-fixes). - sunrpc: fix client side handling of tls alerts (git-fixes). - sunrpc: fix handling of server side tls alerts (git-fixes). - supported.conf: add missing entries for armv7hl - supported.conf: move nvme-apple to optional again - supported.conf: sort entries again - tcp: call tcp_measure_rcv_mss() for ooo packets (git-fixes). - thunderbolt: Fix bit masking in tb_dp_port_set_hops() (git-fixes). - thunderbolt: Fix copy+paste error in match_service_id() (git-fixes). - thunderbolt: Fix wake on connect at runtime (git-fixes). - tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (git-fixes). - tracing/kprobes: Fix to free objects when failed to copy a symbol (git-fixes). - types: Complement the aligned types with signed 64-bit one (stable-fixes). - ucount: fix atomic_long_inc_below() argument type (git-fixes). - ucsi-glink: adapt to kABI consistency (git-fixes). - ucsi_ccg: Refine the UCSI Interrupt handling (git-fixes). - ucsi_operations: add stubs for all operations (git-fixes). - ucsi_ops: adapt update_connector to kABI consistency (git-fixes). - usb: Add checks for snprintf() calls in usb_alloc_dev() (stable-fixes). - usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (git-fixes). - usb: cdc-wdm: avoid setting WDM_READ for ZLP-s (stable-fixes). - usb: cdnsp: Fix issue with CV Bad Descriptor test (git-fixes). - usb: cdnsp: Fix issue with resuming from L1 (git-fixes). - usb: cdnsp: Replace snprintf() with the safer scnprintf() variant (stable-fixes). - usb: cdnsp: do not disable slot for disabled slot (git-fixes). - usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume (git-fixes). - usb: common: usb-conn-gpio: use a unique name for usb connector device (stable-fixes). - usb: dwc2: also exit clock_gating when stopping udc while suspended (stable-fixes). - usb: dwc3: meson-g12a: fix device leaks at unbind (git-fixes). - usb: early: xhci-dbc: Fix early_ioremap leak (git-fixes). - usb: gadget : fix use-after-free in composite_dev_cleanup() (git-fixes). - usb: gadget: u_serial: Fix race condition in TTY wakeup (git-fixes). - usb: gadget: udc: renesas_usb3: fix device leak at unbind (git-fixes). - usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() (git-fixes). - usb: hub: Do not try to recover devices lost during warm reset (git-fixes). - usb: misc: apple-mfi-fastcharge: Make power supply names unique (git-fixes). - usb: musb: fix gadget state on disconnect (git-fixes). - usb: musb: omap2430: fix device leak at unbind (git-fixes). - usb: net: sierra: check for no status endpoint (git-fixes). - usb: potential integer overflow in usbg_make_tpg() (stable-fixes). - usb: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (stable-fixes). - usb: serial: option: add Foxconn T99W640 (stable-fixes). - usb: serial: option: add Telit Cinterion FE910C04 (ECM) composition (stable-fixes). - usb: typec: Update sysfs when setting ops (git-fixes). - usb: typec: altmodes/displayport: do not index invalid pin_assignments (git-fixes). - usb: typec: displayport: Fix potential deadlock (git-fixes). - usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode (stable-fixes). - usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set (stable-fixes). - usb: typec: tcpm: allow switching to mode accessory to mux properly (stable-fixes). - usb: typec: tcpm: allow to use sink in accessory mode (stable-fixes). - usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach (git-fixes). - usb: typec: ucsi: Add DATA_RESET option of Connector Reset command (git-fixes). - usb: typec: ucsi: Add qcm6490-pmic-glink as needing PDOS quirk (git-fixes). - usb: typec: ucsi: Delay alternate mode discovery (git-fixes). - usb: typec: ucsi: Fix busy loop on ASUS VivoBooks (git-fixes). - usb: typec: ucsi: Fix the partner PD revision (git-fixes). - usb: typec: ucsi: Get PD revision for partner (git-fixes). - usb: typec: ucsi: Set orientation as none when connector is unplugged (git-fixes). - usb: typec: ucsi: Update power_supply on power role change (git-fixes). - usb: typec: ucsi: add callback for connector status updates (git-fixes). - usb: typec: ucsi: add update_connector callback (git-fixes). - usb: typec: ucsi: do not retrieve PDOs if not supported (git-fixes). - usb: typec: ucsi: extract code to read PD caps (git-fixes). - usb: typec: ucsi: fix UCSI on SM8550 & SM8650 Qualcomm devices (git-fixes). - usb: typec: ucsi: glink: fix off-by-one in connector_status (git-fixes). - usb: typec: ucsi: glink: increase max ports for x1e80100 (git-fixes). - usb: typec: ucsi: glink: move GPIO reading into connector_status callback (git-fixes). - usb: typec: ucsi: glink: use typec_set_orientation (git-fixes). - usb: typec: ucsi: move ucsi_acknowledge() from ucsi_read_error() (git-fixes). - usb: typec: ucsi: properly register partner's PD device (git-fixes). - usb: typec: ucsi: support delaying GET_PDOS for device (git-fixes). - usb: typec: ucsi_acpi: Add LG Gram quirk (git-fixes). - usb: typec: ucsi_glink: drop NO_PARTNER_PDOS quirk for sm8550 / sm8650 (git-fixes). - usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk (git-fixes). - usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk on qcm6490 (git-fixes). - usb: typec: ucsi_glink: rework quirks implementation (git-fixes). - usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed (git-fixes). - usb: xhci: quirk for data loss in ISOC transfers (stable-fixes). - usb:cdnsp: remove TRB_FLUSH_ENDPOINT command (stable-fixes). - virtgpu: do not reset on shutdown (git-fixes). - vmci: Prevent the dispatching of uninitialized payloads (git-fixes). - vt: add missing notification when switching back to text mode (stable-fixes). - vt: defkeymap: Map keycodes above 127 to K_HOLE (git-fixes). - vt: keyboard: Do not process Unicode characters in K_OFF mode (git-fixes). - watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (git-fixes). - wifi: ath11k: clear initialized flag for deinit-ed srng lists (git-fixes). - wifi: ath11k: fix dest ring-buffer corruption (git-fixes). - wifi: ath11k: fix dest ring-buffer corruption when ring is full (git-fixes). - wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() (git-fixes). - wifi: ath11k: fix source ring-buffer corruption (git-fixes). - wifi: ath11k: fix suspend use-after-free after probe failure (git-fixes). - wifi: ath12k: fix dest ring-buffer corruption (git-fixes). - wifi: ath12k: fix dest ring-buffer corruption when ring is full (git-fixes). - wifi: ath12k: fix endianness handling while accessing wmi service bit (git-fixes). - wifi: ath12k: fix source ring-buffer corruption (git-fixes). - wifi: ath6kl: remove WARN on bad firmware input (stable-fixes). - wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (git-fixes). - wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (git-fixes). - wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() (git-fixes). - wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (git-fixes). - wifi: iwlwifi: return ERR_PTR from opmode start() (stable-fixes). - wifi: mac80211: Add link iteration macro for link data (stable-fixes). - wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() (git-fixes). - wifi: mac80211: Do not call fq_flow_idx() for management frames (git-fixes). - wifi: mac80211: Do not schedule stopped TXQs (git-fixes). - wifi: mac80211: chan: chandef is non-NULL for reserved (stable-fixes). - wifi: mac80211: drop invalid source address OCB frames (stable-fixes). - wifi: mac80211: reject TDLS operations when station is not associated (git-fixes). - wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() (git-fixes). - wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan (git-fixes). - wifi: mt76: mt7925: fix the wrong config for tx interrupt (git-fixes). - wifi: plfxlc: Fix error handling in usb driver probe (git-fixes). - wifi: prevent A-MSDU attacks in mesh networks (stable-fixes). - wifi: rtl818x: Kill URBs before clearing tx status queue (git-fixes). - wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band (git-fixes). - wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (git-fixes). - x86/cpu/amd: Fix workaround for erratum 1054 (git-fixes). - x86/mce/amd: Add default names for MCA banks and blocks (git-fixes). - x86/mce/amd: Fix threshold limit reset (git-fixes). - x86/mce: Do not remove sysfs if thresholding sysfs init fails (git-fixes). - x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (git-fixes). - x86/tdx: Fix __noreturn build warning around __tdx_hypercall_failed() (git-fixes). - x86/traps: Initialize DR6 by writing its architectural reset value (git-fixes). - x86/virt/tdx: Avoid indirect calls to TDX assembly functions (git-fixes). - x86: UV RTC: Add parameter to disable RTC clocksource (bsc#1241345). - xfs: fix off-by-one error in fsmap's end_daddr usage (bsc#1235837). - xfs: only create event xfs_file_compat_ioctl when CONFIG_COMPAT is configure (git-fixes). - xfs: remove unused event xfs_alloc_near_error (git-fixes). - xfs: remove unused event xfs_alloc_near_nominleft (git-fixes). - xfs: remove unused event xfs_attr_node_removename (git-fixes). - xfs: remove unused event xfs_ioctl_clone (git-fixes). - xfs: remove unused event xfs_pagecache_inval (git-fixes). - xfs: remove unused event xlog_iclog_want_sync (git-fixes). - xfs: remove unused trace event xfs_attr_remove_iter_return (git-fixes). - xfs: remove unused trace event xfs_attr_rmtval_set (git-fixes). - xfs: remove unused trace event xfs_reflink_cow_enospc (git-fixes). - xfs: remove unused xfs_attr events (git-fixes). - xfs: remove unused xfs_reflink_compare_extents events (git-fixes). - xfs: remove usused xfs_end_io_direct events (git-fixes). - xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS (git-fixes). - xhci: dbc: Flush queued requests before stopping dbc (git-fixes). - xhci: dbctty: disable ECHO flag by default (git-fixes). Important SUSE bug 1139073 SUSE bug 1204142 SUSE bug 1219338 SUSE bug 1225707 SUSE bug 1230216 SUSE bug 1233300 SUSE bug 1235613 SUSE bug 1235837 SUSE bug 1236333 SUSE bug 1236897 SUSE bug 1238896 SUSE bug 1239061 SUSE bug 1239470 SUSE bug 1240323 SUSE bug 1240885 SUSE bug 1240966 SUSE bug 1241166 SUSE bug 1241345 SUSE bug 1241537 SUSE bug 1242086 SUSE bug 1242414 SUSE bug 1242837 SUSE bug 1242960 SUSE bug 1242965 SUSE bug 1242993 SUSE bug 1243068 SUSE bug 1243100 SUSE bug 1243479 SUSE bug 1243669 SUSE bug 1243806 SUSE bug 1244309 SUSE bug 1244337 SUSE bug 1244457 SUSE bug 1244735 SUSE bug 1244749 SUSE bug 1244750 SUSE bug 1244792 SUSE bug 1244801 SUSE bug 1245151 SUSE bug 1245201 SUSE bug 1245202 SUSE bug 1245216 SUSE bug 1245260 SUSE bug 1245431 SUSE bug 1245440 SUSE bug 1245457 SUSE bug 1245498 SUSE bug 1245499 SUSE bug 1245504 SUSE bug 1245506 SUSE bug 1245508 SUSE bug 1245510 SUSE bug 1245540 SUSE bug 1245598 SUSE bug 1245599 SUSE bug 1245646 SUSE bug 1245647 SUSE bug 1245649 SUSE bug 1245650 SUSE bug 1245654 SUSE bug 1245658 SUSE bug 1245660 SUSE bug 1245665 SUSE bug 1245666 SUSE bug 1245668 SUSE bug 1245669 SUSE bug 1245670 SUSE bug 1245671 SUSE bug 1245675 SUSE bug 1245676 SUSE bug 1245677 SUSE bug 1245679 SUSE bug 1245682 SUSE bug 1245683 SUSE bug 1245684 SUSE bug 1245688 SUSE bug 1245689 SUSE bug 1245690 SUSE bug 1245691 SUSE bug 1245695 SUSE bug 1245705 SUSE bug 1245708 SUSE bug 1245711 SUSE bug 1245713 SUSE bug 1245714 SUSE bug 1245719 SUSE bug 1245723 SUSE bug 1245729 SUSE bug 1245730 SUSE bug 1245731 SUSE bug 1245735 SUSE bug 1245737 SUSE bug 1245744 SUSE bug 1245745 SUSE bug 1245746 SUSE bug 1245747 SUSE bug 1245748 SUSE bug 1245749 SUSE bug 1245750 SUSE bug 1245751 SUSE bug 1245752 SUSE bug 1245757 SUSE bug 1245758 SUSE bug 1245765 SUSE bug 1245768 SUSE bug 1245769 SUSE bug 1245777 SUSE bug 1245781 SUSE bug 1245789 SUSE bug 1245937 SUSE bug 1245945 SUSE bug 1245951 SUSE bug 1245952 SUSE bug 1245954 SUSE bug 1245957 SUSE bug 1245966 SUSE bug 1245970 SUSE bug 1245976 SUSE bug 1245980 SUSE bug 1245983 SUSE bug 1245986 SUSE bug 1246000 SUSE bug 1246002 SUSE bug 1246006 SUSE bug 1246008 SUSE bug 1246020 SUSE bug 1246023 SUSE bug 1246029 SUSE bug 1246031 SUSE bug 1246037 SUSE bug 1246041 SUSE bug 1246042 SUSE bug 1246044 SUSE bug 1246045 SUSE bug 1246047 SUSE bug 1246049 SUSE bug 1246050 SUSE bug 1246055 SUSE bug 1246073 SUSE bug 1246093 SUSE bug 1246098 SUSE bug 1246109 SUSE bug 1246122 SUSE bug 1246125 SUSE bug 1246171 SUSE bug 1246173 SUSE bug 1246178 SUSE bug 1246182 SUSE bug 1246183 SUSE bug 1246186 SUSE bug 1246195 SUSE bug 1246203 SUSE bug 1246212 SUSE bug 1246220 SUSE bug 1246236 SUSE bug 1246240 SUSE bug 1246243 SUSE bug 1246246 SUSE bug 1246249 SUSE bug 1246250 SUSE bug 1246253 SUSE bug 1246258 SUSE bug 1246262 SUSE bug 1246264 SUSE bug 1246266 SUSE bug 1246268 SUSE bug 1246273 SUSE bug 1246283 SUSE bug 1246287 SUSE bug 1246292 SUSE bug 1246293 SUSE bug 1246295 SUSE bug 1246334 SUSE bug 1246337 SUSE bug 1246342 SUSE bug 1246349 SUSE bug 1246354 SUSE bug 1246358 SUSE bug 1246361 SUSE bug 1246364 SUSE bug 1246370 SUSE bug 1246375 SUSE bug 1246384 SUSE bug 1246386 SUSE bug 1246387 SUSE bug 1246438 SUSE bug 1246453 SUSE bug 1246473 SUSE bug 1246490 SUSE bug 1246506 SUSE bug 1246547 SUSE bug 1246777 SUSE bug 1246781 SUSE bug 1246870 SUSE bug 1246879 SUSE bug 1246911 SUSE bug 1247018 SUSE bug 1247023 SUSE bug 1247028 SUSE bug 1247031 SUSE bug 1247033 SUSE bug 1247035 SUSE bug 1247061 SUSE bug 1247089 SUSE bug 1247091 SUSE bug 1247097 SUSE bug 1247098 SUSE bug 1247101 SUSE bug 1247103 SUSE bug 1247104 SUSE bug 1247113 SUSE bug 1247118 SUSE bug 1247123 SUSE bug 1247125 SUSE bug 1247128 SUSE bug 1247132 SUSE bug 1247138 SUSE bug 1247141 SUSE bug 1247143 SUSE bug 1247145 SUSE bug 1247146 SUSE bug 1247147 SUSE bug 1247149 SUSE bug 1247150 SUSE bug 1247151 SUSE bug 1247153 SUSE bug 1247154 SUSE bug 1247156 SUSE bug 1247160 SUSE bug 1247164 SUSE bug 1247169 SUSE bug 1247170 SUSE bug 1247171 SUSE bug 1247172 SUSE bug 1247174 SUSE bug 1247176 SUSE bug 1247177 SUSE bug 1247178 SUSE bug 1247181 SUSE bug 1247209 SUSE bug 1247210 SUSE bug 1247227 SUSE bug 1247233 SUSE bug 1247236 SUSE bug 1247238 SUSE bug 1247241 SUSE bug 1247251 SUSE bug 1247252 SUSE bug 1247253 SUSE bug 1247255 SUSE bug 1247271 SUSE bug 1247273 SUSE bug 1247274 SUSE bug 1247276 SUSE bug 1247277 SUSE bug 1247278 SUSE bug 1247279 SUSE bug 1247284 SUSE bug 1247285 SUSE bug 1247288 SUSE bug 1247289 SUSE bug 1247293 SUSE bug 1247311 SUSE bug 1247314 SUSE bug 1247317 SUSE bug 1247347 SUSE bug 1247348 SUSE bug 1247349 SUSE bug 1247374 SUSE bug 1247437 SUSE bug 1247450 CVE-2019-11135 at SUSE CVE-2019-11135 at NVD CVE-2024-36028 at SUSE CVE-2024-36028 at NVD CVE-2024-36348 at SUSE CVE-2024-36348 at NVD CVE-2024-36349 at SUSE CVE-2024-36349 at NVD CVE-2024-36350 at SUSE CVE-2024-36350 at NVD CVE-2024-36357 at SUSE CVE-2024-36357 at NVD CVE-2024-44963 at SUSE CVE-2024-44963 at NVD CVE-2024-49861 at SUSE CVE-2024-49861 at NVD CVE-2024-56742 at SUSE CVE-2024-56742 at NVD CVE-2024-57947 at SUSE CVE-2024-57947 at NVD CVE-2025-21839 at SUSE CVE-2025-21839 at NVD CVE-2025-21854 at SUSE CVE-2025-21854 at NVD CVE-2025-21872 at SUSE CVE-2025-21872 at NVD CVE-2025-22090 at SUSE CVE-2025-22090 at NVD CVE-2025-23163 at SUSE CVE-2025-23163 at NVD CVE-2025-37798 at SUSE CVE-2025-37798 at NVD CVE-2025-37856 at SUSE CVE-2025-37856 at NVD CVE-2025-37864 at SUSE CVE-2025-37864 at NVD CVE-2025-37885 at SUSE CVE-2025-37885 at NVD CVE-2025-37920 at SUSE CVE-2025-37920 at NVD CVE-2025-37984 at SUSE CVE-2025-37984 at NVD CVE-2025-38034 at SUSE CVE-2025-38034 at NVD CVE-2025-38035 at SUSE CVE-2025-38035 at NVD CVE-2025-38051 at SUSE CVE-2025-38051 at NVD CVE-2025-38052 at SUSE CVE-2025-38052 at NVD CVE-2025-38058 at SUSE CVE-2025-38058 at NVD CVE-2025-38061 at SUSE CVE-2025-38061 at NVD CVE-2025-38062 at SUSE CVE-2025-38062 at NVD CVE-2025-38063 at SUSE CVE-2025-38063 at NVD CVE-2025-38064 at SUSE CVE-2025-38064 at NVD CVE-2025-38074 at SUSE CVE-2025-38074 at NVD CVE-2025-38084 at SUSE CVE-2025-38084 at NVD CVE-2025-38085 at SUSE CVE-2025-38085 at NVD CVE-2025-38087 at SUSE CVE-2025-38087 at NVD CVE-2025-38088 at SUSE CVE-2025-38088 at NVD CVE-2025-38089 at SUSE CVE-2025-38089 at NVD CVE-2025-38090 at SUSE CVE-2025-38090 at NVD CVE-2025-38094 at SUSE CVE-2025-38094 at NVD CVE-2025-38095 at SUSE CVE-2025-38095 at NVD CVE-2025-38097 at SUSE CVE-2025-38097 at NVD CVE-2025-38098 at SUSE CVE-2025-38098 at NVD CVE-2025-38099 at SUSE CVE-2025-38099 at NVD CVE-2025-38100 at SUSE CVE-2025-38100 at NVD CVE-2025-38102 at SUSE CVE-2025-38102 at NVD CVE-2025-38105 at SUSE CVE-2025-38105 at NVD CVE-2025-38107 at SUSE CVE-2025-38107 at NVD CVE-2025-38108 at SUSE CVE-2025-38108 at NVD CVE-2025-38109 at SUSE CVE-2025-38109 at NVD CVE-2025-38110 at SUSE CVE-2025-38110 at NVD CVE-2025-38111 at SUSE CVE-2025-38111 at NVD CVE-2025-38112 at SUSE CVE-2025-38112 at NVD CVE-2025-38113 at SUSE CVE-2025-38113 at NVD CVE-2025-38115 at SUSE CVE-2025-38115 at NVD CVE-2025-38117 at SUSE CVE-2025-38117 at NVD CVE-2025-38118 at SUSE CVE-2025-38118 at NVD CVE-2025-38120 at SUSE CVE-2025-38120 at NVD CVE-2025-38122 at SUSE CVE-2025-38122 at NVD CVE-2025-38123 at SUSE CVE-2025-38123 at NVD CVE-2025-38124 at SUSE CVE-2025-38124 at NVD CVE-2025-38126 at SUSE CVE-2025-38126 at NVD CVE-2025-38127 at SUSE CVE-2025-38127 at NVD CVE-2025-38129 at SUSE CVE-2025-38129 at NVD CVE-2025-38131 at SUSE CVE-2025-38131 at NVD CVE-2025-38132 at SUSE CVE-2025-38132 at NVD CVE-2025-38135 at SUSE CVE-2025-38135 at NVD CVE-2025-38136 at SUSE CVE-2025-38136 at NVD CVE-2025-38138 at SUSE CVE-2025-38138 at NVD CVE-2025-38142 at SUSE CVE-2025-38142 at NVD CVE-2025-38143 at SUSE CVE-2025-38143 at NVD CVE-2025-38145 at SUSE CVE-2025-38145 at NVD CVE-2025-38147 at SUSE CVE-2025-38147 at NVD CVE-2025-38148 at SUSE CVE-2025-38148 at NVD CVE-2025-38149 at SUSE CVE-2025-38149 at NVD CVE-2025-38151 at SUSE CVE-2025-38151 at NVD CVE-2025-38153 at SUSE CVE-2025-38153 at NVD CVE-2025-38154 at SUSE CVE-2025-38154 at NVD CVE-2025-38155 at SUSE CVE-2025-38155 at NVD CVE-2025-38157 at SUSE CVE-2025-38157 at NVD CVE-2025-38158 at SUSE CVE-2025-38158 at NVD CVE-2025-38159 at SUSE CVE-2025-38159 at NVD CVE-2025-38161 at SUSE CVE-2025-38161 at NVD CVE-2025-38162 at SUSE CVE-2025-38162 at NVD CVE-2025-38165 at SUSE CVE-2025-38165 at NVD CVE-2025-38166 at SUSE CVE-2025-38166 at NVD CVE-2025-38173 at SUSE CVE-2025-38173 at NVD CVE-2025-38174 at SUSE CVE-2025-38174 at NVD CVE-2025-38177 at SUSE CVE-2025-38177 at NVD CVE-2025-38180 at SUSE CVE-2025-38180 at NVD CVE-2025-38181 at SUSE CVE-2025-38181 at NVD CVE-2025-38182 at SUSE CVE-2025-38182 at NVD CVE-2025-38183 at SUSE CVE-2025-38183 at NVD CVE-2025-38187 at SUSE CVE-2025-38187 at NVD CVE-2025-38188 at SUSE CVE-2025-38188 at NVD CVE-2025-38192 at SUSE CVE-2025-38192 at NVD CVE-2025-38193 at SUSE CVE-2025-38193 at NVD CVE-2025-38194 at SUSE CVE-2025-38194 at NVD CVE-2025-38197 at SUSE CVE-2025-38197 at NVD CVE-2025-38198 at SUSE CVE-2025-38198 at NVD CVE-2025-38200 at SUSE CVE-2025-38200 at NVD CVE-2025-38202 at SUSE CVE-2025-38202 at NVD CVE-2025-38203 at SUSE CVE-2025-38203 at NVD CVE-2025-38204 at SUSE CVE-2025-38204 at NVD CVE-2025-38206 at SUSE CVE-2025-38206 at NVD CVE-2025-38210 at SUSE CVE-2025-38210 at NVD CVE-2025-38211 at SUSE CVE-2025-38211 at NVD CVE-2025-38212 at SUSE CVE-2025-38212 at NVD CVE-2025-38213 at SUSE CVE-2025-38213 at NVD CVE-2025-38214 at SUSE CVE-2025-38214 at NVD CVE-2025-38215 at SUSE CVE-2025-38215 at NVD CVE-2025-38217 at SUSE CVE-2025-38217 at NVD CVE-2025-38220 at SUSE CVE-2025-38220 at NVD CVE-2025-38222 at SUSE CVE-2025-38222 at NVD CVE-2025-38225 at SUSE CVE-2025-38225 at NVD CVE-2025-38226 at SUSE CVE-2025-38226 at NVD CVE-2025-38227 at SUSE CVE-2025-38227 at NVD CVE-2025-38229 at SUSE CVE-2025-38229 at NVD CVE-2025-38231 at SUSE CVE-2025-38231 at NVD CVE-2025-38236 at SUSE CVE-2025-38236 at NVD CVE-2025-38239 at SUSE CVE-2025-38239 at NVD CVE-2025-38244 at SUSE CVE-2025-38244 at NVD CVE-2025-38246 at SUSE CVE-2025-38246 at NVD CVE-2025-38248 at SUSE CVE-2025-38248 at NVD CVE-2025-38249 at SUSE CVE-2025-38249 at NVD CVE-2025-38250 at SUSE CVE-2025-38250 at NVD CVE-2025-38257 at SUSE CVE-2025-38257 at NVD CVE-2025-38259 at SUSE CVE-2025-38259 at NVD CVE-2025-38264 at SUSE CVE-2025-38264 at NVD CVE-2025-38272 at SUSE CVE-2025-38272 at NVD CVE-2025-38273 at SUSE CVE-2025-38273 at NVD CVE-2025-38275 at SUSE CVE-2025-38275 at NVD CVE-2025-38277 at SUSE CVE-2025-38277 at NVD CVE-2025-38279 at SUSE CVE-2025-38279 at NVD CVE-2025-38283 at SUSE CVE-2025-38283 at NVD CVE-2025-38286 at SUSE CVE-2025-38286 at NVD CVE-2025-38289 at SUSE CVE-2025-38289 at NVD CVE-2025-38290 at SUSE CVE-2025-38290 at NVD CVE-2025-38292 at SUSE CVE-2025-38292 at NVD CVE-2025-38293 at SUSE CVE-2025-38293 at NVD CVE-2025-38300 at SUSE CVE-2025-38300 at NVD CVE-2025-38303 at SUSE CVE-2025-38303 at NVD CVE-2025-38304 at SUSE CVE-2025-38304 at NVD CVE-2025-38305 at SUSE CVE-2025-38305 at NVD CVE-2025-38307 at SUSE CVE-2025-38307 at NVD CVE-2025-38310 at SUSE CVE-2025-38310 at NVD CVE-2025-38312 at SUSE CVE-2025-38312 at NVD CVE-2025-38313 at SUSE CVE-2025-38313 at NVD CVE-2025-38319 at SUSE CVE-2025-38319 at NVD CVE-2025-38323 at SUSE CVE-2025-38323 at NVD CVE-2025-38326 at SUSE CVE-2025-38326 at NVD CVE-2025-38328 at SUSE CVE-2025-38328 at NVD CVE-2025-38332 at SUSE CVE-2025-38332 at NVD CVE-2025-38334 at SUSE CVE-2025-38334 at NVD CVE-2025-38335 at SUSE CVE-2025-38335 at NVD CVE-2025-38336 at SUSE CVE-2025-38336 at NVD CVE-2025-38337 at SUSE CVE-2025-38337 at NVD CVE-2025-38338 at SUSE CVE-2025-38338 at NVD CVE-2025-38342 at SUSE CVE-2025-38342 at NVD CVE-2025-38343 at SUSE CVE-2025-38343 at NVD CVE-2025-38344 at SUSE CVE-2025-38344 at NVD CVE-2025-38345 at SUSE CVE-2025-38345 at NVD CVE-2025-38348 at SUSE CVE-2025-38348 at NVD CVE-2025-38349 at SUSE CVE-2025-38349 at NVD CVE-2025-38350 at SUSE CVE-2025-38350 at NVD CVE-2025-38352 at SUSE CVE-2025-38352 at NVD CVE-2025-38354 at SUSE CVE-2025-38354 at NVD CVE-2025-38362 at SUSE CVE-2025-38362 at NVD CVE-2025-38363 at SUSE CVE-2025-38363 at NVD CVE-2025-38364 at SUSE CVE-2025-38364 at NVD CVE-2025-38365 at SUSE CVE-2025-38365 at NVD CVE-2025-38369 at SUSE CVE-2025-38369 at NVD CVE-2025-38371 at SUSE CVE-2025-38371 at NVD CVE-2025-38373 at SUSE CVE-2025-38373 at NVD CVE-2025-38375 at SUSE CVE-2025-38375 at NVD CVE-2025-38376 at SUSE CVE-2025-38376 at NVD CVE-2025-38377 at SUSE CVE-2025-38377 at NVD CVE-2025-38380 at SUSE CVE-2025-38380 at NVD CVE-2025-38382 at SUSE CVE-2025-38382 at NVD CVE-2025-38384 at SUSE CVE-2025-38384 at NVD CVE-2025-38385 at SUSE CVE-2025-38385 at NVD CVE-2025-38386 at SUSE CVE-2025-38386 at NVD CVE-2025-38387 at SUSE CVE-2025-38387 at NVD CVE-2025-38389 at SUSE CVE-2025-38389 at NVD CVE-2025-38391 at SUSE CVE-2025-38391 at NVD CVE-2025-38392 at SUSE CVE-2025-38392 at NVD CVE-2025-38393 at SUSE CVE-2025-38393 at NVD CVE-2025-38395 at SUSE CVE-2025-38395 at NVD CVE-2025-38396 at SUSE CVE-2025-38396 at NVD CVE-2025-38399 at SUSE CVE-2025-38399 at NVD CVE-2025-38400 at SUSE CVE-2025-38400 at NVD CVE-2025-38401 at SUSE CVE-2025-38401 at NVD CVE-2025-38403 at SUSE CVE-2025-38403 at NVD CVE-2025-38404 at SUSE CVE-2025-38404 at NVD CVE-2025-38406 at SUSE CVE-2025-38406 at NVD CVE-2025-38409 at SUSE CVE-2025-38409 at NVD CVE-2025-38410 at SUSE CVE-2025-38410 at NVD CVE-2025-38412 at SUSE CVE-2025-38412 at NVD CVE-2025-38414 at SUSE CVE-2025-38414 at NVD CVE-2025-38415 at SUSE CVE-2025-38415 at NVD CVE-2025-38416 at SUSE CVE-2025-38416 at NVD CVE-2025-38420 at SUSE CVE-2025-38420 at NVD CVE-2025-38424 at SUSE CVE-2025-38424 at NVD CVE-2025-38425 at SUSE CVE-2025-38425 at NVD CVE-2025-38426 at SUSE CVE-2025-38426 at NVD CVE-2025-38428 at SUSE CVE-2025-38428 at NVD CVE-2025-38429 at SUSE CVE-2025-38429 at NVD CVE-2025-38430 at SUSE CVE-2025-38430 at NVD CVE-2025-38436 at SUSE CVE-2025-38436 at NVD CVE-2025-38443 at SUSE CVE-2025-38443 at NVD CVE-2025-38448 at SUSE CVE-2025-38448 at NVD CVE-2025-38449 at SUSE CVE-2025-38449 at NVD CVE-2025-38455 at SUSE CVE-2025-38455 at NVD CVE-2025-38457 at SUSE CVE-2025-38457 at NVD CVE-2025-38460 at SUSE CVE-2025-38460 at NVD CVE-2025-38461 at SUSE CVE-2025-38461 at NVD CVE-2025-38462 at SUSE CVE-2025-38462 at NVD CVE-2025-38463 at SUSE CVE-2025-38463 at NVD CVE-2025-38465 at SUSE CVE-2025-38465 at NVD CVE-2025-38467 at SUSE CVE-2025-38467 at NVD CVE-2025-38468 at SUSE CVE-2025-38468 at NVD CVE-2025-38470 at SUSE CVE-2025-38470 at NVD CVE-2025-38471 at SUSE CVE-2025-38471 at NVD CVE-2025-38473 at SUSE CVE-2025-38473 at NVD CVE-2025-38474 at SUSE CVE-2025-38474 at NVD CVE-2025-38476 at SUSE CVE-2025-38476 at NVD CVE-2025-38477 at SUSE CVE-2025-38477 at NVD CVE-2025-38478 at SUSE CVE-2025-38478 at NVD CVE-2025-38480 at SUSE CVE-2025-38480 at NVD CVE-2025-38481 at SUSE CVE-2025-38481 at NVD CVE-2025-38482 at SUSE CVE-2025-38482 at NVD CVE-2025-38483 at SUSE CVE-2025-38483 at NVD CVE-2025-38485 at SUSE CVE-2025-38485 at NVD CVE-2025-38487 at SUSE CVE-2025-38487 at NVD CVE-2025-38489 at SUSE CVE-2025-38489 at NVD CVE-2025-38494 at SUSE CVE-2025-38494 at NVD CVE-2025-38495 at SUSE CVE-2025-38495 at NVD CVE-2025-38496 at SUSE CVE-2025-38496 at NVD CVE-2025-38497 at SUSE CVE-2025-38497 at NVD CVE-2025-38498 at SUSE CVE-2025-38498 at NVD cpe:/o:opensuse:leap:15.6 Security update for pam (Moderate) openSUSE Leap 15.6 This update for pam fixes the following issues: - Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234) Moderate SUSE bug 1232234 SUSE bug 1246221 CVE-2024-10041 at SUSE CVE-2024-10041 at NVD cpe:/o:opensuse:leap:15.6 Security update for cmake3 (Low) openSUSE Leap 15.6 This update for cmake3 fixes the following issues: - CVE-2025-9301: Fixed assertion failure due to improper validation (bsc#1248461) Low SUSE bug 1248461 CVE-2025-9301 at SUSE CVE-2025-9301 at NVD cpe:/o:opensuse:leap:15.6 Security update for kubernetes1.18 (Important) openSUSE Leap 15.6 This update for kubernetes1.18 fixes the following issues: - Update to version 1.18.20: - CVE-2021-3121: Fixed a lack of certain index validation in plugin/unmarshal/unmarshal.go. (bsc#1182185) Important SUSE bug 1182185 SUSE bug 1246989 CVE-2021-3121 at SUSE CVE-2021-3121 at NVD cpe:/o:opensuse:leap:15.6 Security update for tomcat10 (Important) openSUSE Leap 15.6 This update for tomcat10 fixes the following issues: Updated to Tomcat 10.1.43i: - CVE-2025-52520: Fixed integer overflow can lead to DoS for some unlikely configurations of multipart upload (bsc#1246388) - CVE-2025-53506: Fixed uncontrolled resource HTTP/2 client consumption vulnerability (bsc#1246318) Other: - Correct a regression in the fix for CVE-2025-49125 that prevented access to PreResources and PostResources when mounted below the web application root with a path that was terminated with a file separator. Important SUSE bug 1246318 SUSE bug 1246388 CVE-2025-49125 at SUSE CVE-2025-49125 at NVD CVE-2025-52520 at SUSE CVE-2025-52520 at NVD CVE-2025-53506 at SUSE CVE-2025-53506 at NVD cpe:/o:opensuse:leap:15.6 Security update for tomcat11 (Important) openSUSE Leap 15.6 This update for tomcat11 fixes the following issues: Updated to Tomcat 11.0.9 - CVE-2025-52520: Fixed integer overflow can lead to DoS for some unlikely configurations of multipart upload (bsc#1246388) - CVE-2025-53506: Fixed uncontrolled resource HTTP/2 client consumption vulnerability (bsc#1246318) Other: - Correct a regression in the fix for CVE-2025-49125 that prevented access to PreResources and PostResources when mounted below the web application root with a path that was terminated with a file separator. Important SUSE bug 1246318 SUSE bug 1246388 CVE-2025-49125 at SUSE CVE-2025-49125 at NVD CVE-2025-52520 at SUSE CVE-2025-52520 at NVD CVE-2025-53506 at SUSE CVE-2025-53506 at NVD cpe:/o:opensuse:leap:15.6 Security update for python312 (Moderate) openSUSE Leap 15.6 This update for python312 fixes the following issues: - CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249). Moderate SUSE bug 1247249 CVE-2025-8194 at SUSE CVE-2025-8194 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql17 (Important) openSUSE Leap 15.6 This update for postgresql17 fixes the following issues: Updated to 17.6: * CVE-2025-8713: Fixed optimizer statistics exposing sampled data within a view, partition, or child table (bsc#1248120) * CVE-2025-8714: Fixed untrusted data inclusion in pg_dump allows superuser of origin server to execute arbitrary code in psql client (bsc#1248122) * CVE-2025-8715: Fixed improper neutralization of newlines in pg_dump leading to arbitrary code execution in the psql client and in the restore target server (bsc#1248119) Important SUSE bug 1248119 SUSE bug 1248120 SUSE bug 1248122 CVE-2025-8713 at SUSE CVE-2025-8713 at NVD CVE-2025-8714 at SUSE CVE-2025-8714 at NVD CVE-2025-8715 at SUSE CVE-2025-8715 at NVD cpe:/o:opensuse:leap:15.6 Security update for ignition (Moderate) openSUSE Leap 15.6 This update for ignition fixes the following issues: CVE-2023-45288: Fixed unclosed connections when receiving too many headers in golang.org/x/net/http2 (bsc#1236518) Moderate SUSE bug 1236518 CVE-2023-45288 at SUSE CVE-2023-45288 at NVD cpe:/o:opensuse:leap:15.6 Security update for ffmpeg (Moderate) openSUSE Leap 15.6 This update for ffmpeg fixes the following issues: - CVE-2025-7700: Fixed NULL Pointer Dereference in FFmpeg ALS Decoder (libavcodec/alsdec.c) (bsc#1246790). Moderate SUSE bug 1246790 CVE-2025-7700 at SUSE CVE-2025-7700 at NVD cpe:/o:opensuse:leap:15.6 Security update for firebird (Important) openSUSE Leap 15.6 This update for firebird fixes the following issues: - CVE-2025-54989: Fixed NULL pointer dereference in XDR message parsing leading to denial-of-service (ZDI-CAN-26486, bsc#1248143) Important SUSE bug 1248143 CVE-2025-54989 at SUSE CVE-2025-54989 at NVD cpe:/o:opensuse:leap:15.6 Security update for tomcat11 (Important) openSUSE Leap 15.6 This update for tomcat11 fixes the following issues: Updated to Tomcat 11.0.10 - CVE-2025-48989: Fixed 'MadeYouReset' DoS in HTTP/2 due to client triggered stream reset (bsc#1243895) Other fixes: * Catalina + Fix: Fix bloom filter population for archive indexing when using a packed WAR containing one or more JAR files. (markt) * Coyote + Fix: 69748: Add missing call to set keep-alive timeout when using HTTP/1.1 following an async request, which was present for AJP. (remm/markt) + Fix: 69762: Fix possible overflow during HPACK decoding of integers. Note that the maximum permitted value of an HPACK decoded integer is Integer.MAX_VALUE. (markt) + Fix: Update the HTTP/2 overhead documentation - particularly the code comments - to reflect the deprecation of the PRIORITY frame and clarify that a stream reset always triggers an overhead increase. (markt) * Cluster + Update: Add enableStatistics configuration attribute for the DeltaManager, defaulting to true. (remm) * WebSocket + Fix: Align the WebSocket extension handling for WebSocket client connections with WebSocket server connections. The WebSocket client now only includes an extension requested by an endpoint in the opening handshake if the WebSocket client supports that extension. (markt) * Web applications + Fix: Manager and Host Manager. Provide the Manager and Host Manager web applications with a dedicated favicon file rather than using the one from the ROOT web application which might not be present or may represent something entirely different. Pull requests #876 and #878 by Simon Arame. * Other + Update: Update Checkstyle to 10.26.1. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) Important SUSE bug 1243895 CVE-2025-48989 at SUSE CVE-2025-48989 at NVD cpe:/o:opensuse:leap:15.6 Security update for jetty-minimal (Important) openSUSE Leap 15.6 This update for jetty-minimal fixes the following issues: Upgraded to version 9.4.58.v20250814: - CVE-2025-5115: Fixed MadeYouReset DoS attack via HTTP/2 protocol (including DNS over HTTPS) (bsc#1244252) Important SUSE bug 1244252 CVE-2025-5115 at SUSE CVE-2025-5115 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-36028: mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (bsc#1225707). - CVE-2024-36348, CVE-2024-36349, CVE-2024-36350, CVE-2024-36357: x86/process: Move the buffer clearing before MONITOR (bsc#1238896). - CVE-2024-44963: btrfs: do not BUG_ON() when freeing tree block after error (1230216). - CVE-2024-49861: net: clear the dst when changing skb protocol (bsc#1245954). - CVE-2024-56742: vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() (bsc#1235613). - CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061). - CVE-2025-21854: selftest/bpf: Add vsock test for sockmap rejecting unconnected (bsc#1239470). - CVE-2025-21872: efi/mokvar-table: Avoid repeated map/unmap of the same page (bsc#1240323). - CVE-2025-22090: mm: (un)track_pfn_copy() fix + doc improvements (bsc#1241537). - CVE-2025-23163: net: vlan: do not propagate flags on open (bsc#1242837). - CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068). - CVE-2025-37864: net: dsa: clean up FDB, MDB, VLAN entries on unbind (bsc#1242965). - CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960). - CVE-2025-37920: kABI workaround for xsk: Fix race condition in AF_XDP generic RX path (bsc#1243479). - CVE-2025-37984: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() (bsc#1243669). - CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792). - CVE-2025-38035: nvmet-tcp: do not restore null sk_state_change (bsc#1244801). - CVE-2025-38051: smb: client: Fix use-after-free in cifs_fill_dirent (bsc#1244750). - CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151). - CVE-2025-38061: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() (bsc#1245440). - CVE-2025-38062: kABI: restore layout of struct msi_desc (bsc#1245216). - CVE-2025-38063: dm: fix unconditional IO throttle caused by REQ_PREFLUSH (bsc#1245202). - CVE-2025-38064: virtio: break and reset virtio devices on device_shutdown() (bsc#1245201). - CVE-2025-38074: vhost-scsi: protect vq->log_used with vq->mutex (bsc#1244735). - CVE-2025-38094: net: cadence: macb: Fix a possible deadlock in macb_halt_tx (bsc#1245649). - CVE-2025-38097: kabi: restore encap_sk in struct xfrm_state (bsc#1245660). - CVE-2025-38098: drm/amd/display: Do not treat wb connector as physical in (bsc#1245654). - CVE-2025-38099: Bluetooth: btusb: Fix regression in the initialization of fake Bluetooth controllers (bsc#1245671). - CVE-2025-38100: x86/iopl: Cure TIF_IO_BITMAP inconsistencies (bsc#1245650). - CVE-2025-38105: ALSA: usb-audio: Kill timer properly at removal (bsc#1245682). - CVE-2025-38115: net_sched: sch_sfq: fix a potential crash on gso_skb handling (bsc#1245689). - CVE-2025-38117: hci_dev centralize extra lock (bsc#1245695). - CVE-2025-38126: net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping (bsc#1245708). - CVE-2025-38131: coresight: prevent deactivate active config while enabling the config (bsc#1245677). - CVE-2025-38132: coresight: holding cscfg_csdev_lock while removing cscfg from csdev (bsc#1245679). - CVE-2025-38147: calipso: unlock rcu before returning -EAFNOSUPPORT (bsc#1245768). - CVE-2025-38158: hisi_acc_vfio_pci: fix XQE dma address error (bsc#1245750). - CVE-2025-38162: netfilter: nft_set_pipapo: prevent overflow in lookup table allocation (bsc#1245752). - CVE-2025-38166: bpf: fix ktls panic with sockmap (bsc#1245758). - CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970). - CVE-2025-38182: ublk: santizize the arguments from userspace when adding a device (bsc#1245937). - CVE-2025-38183: net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() (bsc#1246006). - CVE-2025-38187: drm/nouveau: fix a use-after-free in r535_gsp_rpc_push() (bsc#1245951). - CVE-2025-38188: drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE (bsc#1246098). - CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045). - CVE-2025-38202: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() (bsc#1245980). - CVE-2025-38203: jfs: Fix null-ptr-deref in jfs_ioc_trim (bsc#1246044). - CVE-2025-38204: jfs: fix array-index-out-of-bounds read in add_missing_indices (bsc#1245983). - CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073). - CVE-2025-38210: configfs-tsm-report: Fix NULL dereference of tsm_ops (bsc#1246020). - CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029). - CVE-2025-38220: ext4: only dirty folios when data journaling regular files (bsc#1245966). - CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976). - CVE-2025-38236: af_unix: Disable MSG_OOB for unprivileged users (bsc#1246093). - CVE-2025-38239: scsi: megaraid_sas: Fix invalid node index (bsc#1246178). - CVE-2025-38244: smb: client: fix potential deadlock when reconnecting channels (bsc#1246183). - CVE-2025-38248: bridge: mcast: Fix use-after-free during router port configuration (bsc#1246173). - CVE-2025-38250: kABI workaround for bluetooth hci_dev changes (bsc#1246182). - CVE-2025-38264: llist: add interface to check if a node is on a list (bsc#1246387). - CVE-2025-38272: net: dsa: b53: do not enable EEE on bcm63xx (bsc#1246268). - CVE-2025-38279: selftests/bpf: Add tests with stack ptr register in conditional jmp (bsc#1246264). - CVE-2025-38283: hisi_acc_vfio_pci: bugfix live migration function without VF device driver (bsc#1246273). - CVE-2025-38303: Bluetooth: eir: Fix possible crashes on eir_create_adv_data (bsc#1246354). - CVE-2025-38310: seg6: Fix validation of nexthop addresses (bsc#1246361). - CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473). - CVE-2025-38334: x86/sgx: Prevent attempts to reclaim poisoned pages (bsc#1246384). - CVE-2025-38335: Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT (bsc#1246250). - CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253). - CVE-2025-38349: eventpoll: do not decrement ep refcount while still holding the ep mutex (bsc#1246777). - CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781). - CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911). - CVE-2025-38364: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() (bsc#1247091). - CVE-2025-38365: btrfs: fix a race between renames and directory logging (bsc#1247023). - CVE-2025-38371: drm/v3d: Disable interrupts before resetting the GPU (bsc#1247178). - CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177). - CVE-2025-38382: btrfs: fix iteration of extrefs during log replay (bsc#1247031). - CVE-2025-38392: idpf: convert control queue mutex to a spinlock (bsc#1247169). - CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247156). - CVE-2025-38399: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (bsc#1247097). - CVE-2025-38403: vsock/vmci: Clear the vmci transport packet properly when initializing it (bsc#1247141). - CVE-2025-38414: wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 (bsc#1247145). - CVE-2025-38426: drm/amdgpu: Add basic validation for RAS header (bsc#1247252). - CVE-2025-38429: bus: mhi: ep: Update read pointer only after buffer is written (bsc#1247253). - CVE-2025-38455: KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (bsc#1247101). - CVE-2025-38457: net/sched: Abort __tc_modify_qdisc if parent class does not exist (bsc#1247098). - CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143). - CVE-2025-38461: vsock: Fix transport_* TOCTOU (bsc#1247103). - CVE-2025-38462: vsock: Fix transport_{g2h,h2g} TOCTOU (bsc#1247104). - CVE-2025-38463: tcp: Correct signedness in skb remaining space calculation (bsc#1247113). - CVE-2025-38465: netlink: make sure we allow at least one dump skb (bsc#1247118). - CVE-2025-38470: kABI fix for net: vlan: fix VLAN 0 refcount imbalance of toggling (bsc#1247288). - CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247450). - CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347). - CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374). The following non-security bugs were fixed: - Fix dma_unmap_sg() nents value (git-fixes) - Logitech C-270 even more broken (stable-fixes). - Reapply 'wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()' (git-fixes). - Revert 'ACPI: battery: negate current when discharging' (stable-fixes). - Revert 'cgroup_freezer: cgroup_freezing: Check if not frozen' (bsc#1219338). - Revert 'drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1' (stable-fixes). - Revert 'mmc: sdhci: Disable SD card clock before changing parameters' (git-fixes). - Revert 'usb: xhci: Implement xhci_handshake_check_state() helper' (git-fixes). - Revert 'vgacon: Add check for vc_origin address range in vgacon_scroll()' (stable-fixes). - acpi: LPSS: Remove AudioDSP related ID (git-fixes). - acpi: PRM: Reduce unnecessary printing to avoid user confusion (bsc#1246122). - acpi: processor: perflib: Fix initial _PPC limit application (git-fixes). - acpica: Refuse to evaluate a method if arguments are missing (stable-fixes). - af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() (git-fixes). - af_unix: Add a prompt to CONFIG_AF_UNIX_OOB (bsc#1246093). - alsa: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() (git-fixes). - alsa: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx (stable-fixes). - alsa: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 (stable-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (stable-fixes). - alsa: hda/tegra: Add Tegra264 support (stable-fixes). - alsa: hda: Add missing NVIDIA HDA codec IDs (stable-fixes). - alsa: hda: Add new pci id for AMD GPU display HD audio controller (stable-fixes). - alsa: hda: Ignore unsol events for cards being shut down (stable-fixes). - alsa: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() (git-fixes). - alsa: sb: Do not allow changing the DMA mode during operations (stable-fixes). - alsa: sb: Force to disable DMAs once when DMA mode is changed (stable-fixes). - amd/amdkfd: fix a kfd_process ref leak (stable-fixes). - aoe: clean device rq_list in aoedev_downdev() (git-fixes). - apple-mfi-fastcharge: protect first device name (git-fixes). - asoc: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15 (stable-fixes). - asoc: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic (stable-fixes). - asoc: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic (stable-fixes). - asoc: amd: yc: update quirk data for HP Victus (stable-fixes). - asoc: codec: wcd9335: Convert to GPIO descriptors (stable-fixes). - asoc: codecs: wcd9335: Fix missing free of regulator supplies (git-fixes). - asoc: codecs: wcd9335: Handle nicer probe deferral and simplify with dev_err_probe() (stable-fixes). - asoc: cs35l56: probe() should fail if the device ID is not recognized (git-fixes). - asoc: fsl_asrc: use internal measured ratio for non-ideal ratio mode (git-fixes). - asoc: fsl_xcvr: get channel status data when PHY is not exists (git-fixes). - asoc: ops: dynamically allocate struct snd_ctl_elem_value (git-fixes). - asoc: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (git-fixes). - ata: pata_cs5536: fix build on 32-bit UML (stable-fixes). - audit,module: restore audit logging in load failure case (git-fixes). - bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (git-fixes). - bluetooth: L2CAP: Fix L2CAP MTU negotiation (stable-fixes). - bluetooth: L2CAP: Fix attempting to adjust outgoing MTU (git-fixes). - bluetooth: MGMT: Fix not generating command complete for MGMT_OP_DISCONNECT (git-fixes). - bluetooth: MGMT: mesh_send: check instances prior disabling advertising (git-fixes). - bluetooth: MGMT: set_mesh: update LE scan interval and window (git-fixes). - bluetooth: Prevent unintended pause by checking if advertising is active (git-fixes). - bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout (git-fixes). - bluetooth: SMP: If an unallowed command is received consider it a failure (git-fixes). - bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID (git-fixes). - bluetooth: hci_conn: Fix sending BT_HCI_CMD_LE_CREATE_CONN_CANCEL (git-fixes). - bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected (git-fixes). - bluetooth: hci_event: Mask data status from LE ext adv reports (git-fixes). - bluetooth: hci_sync: Attempt to dequeue connection attempt (git-fixes). - bluetooth: hci_sync: Fix UAF on create_le_conn_complete (git-fixes). - bluetooth: hci_sync: Fix handling of HCI_OP_CREATE_CONN_CANCEL (git-fixes). - bluetooth: hci_sync: Fix not disabling advertising instance (git-fixes). - bluetooth: hci_sync: fix connectable extended advertising when using static random address (git-fixes). - bluetooth: hci_sync: revert some mesh modifications (git-fixes). - bpf, sockmap: Fix sk_msg_reset_curr (git-fixes). - bpf/lpm_trie: Inline longest_prefix_match for fastpath (git-fixes). - bpf/selftests: Check errno when percpu map value size exceeds (git-fixes). - bpf: Add a possibly-zero-sized read test (git-fixes). - bpf: Avoid __hidden__ attribute in static object (git-fixes). - bpf: Check percpu map value size first (git-fixes). - bpf: Disable some `attribute ignored' warnings in GCC (git-fixes). - bpf: Fix memory leak in bpf_core_apply (git-fixes). - bpf: Fix potential integer overflow in resolve_btfids (git-fixes). - bpf: Harden __bpf_kfunc tag against linker kfunc removal (git-fixes). - bpf: Make the pointer returned by iter next method valid (git-fixes). - bpf: Simplify checking size of helper accesses (git-fixes). - bpf: fix order of args in call to bpf_map_kvcalloc (git-fixes). - bpf: sockmap, updating the sg structure should also update curr (git-fixes). - bpftool: Fix missing pids during link show (git-fixes). - bpftool: Fix undefined behavior caused by shifting into the sign bit (git-fixes). - bpftool: Mount bpffs on provided dir instead of parent dir (git-fixes). - bpftool: Remove unnecessary source files from bootstrap version (git-fixes). - bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer (git-fixes). - btrfs: do not ignore inode missing when replaying log tree (git-fixes). - btrfs: do not silently ignore unexpected extent type when replaying log (git-fixes). - btrfs: do not skip remaining extrefs if dir not found during log replay (git-fixes). - btrfs: explicitly ref count block_group on new_bgs list (bsc#1243068) - btrfs: fix assertion when building free space tree (git-fixes). - btrfs: fix inode lookup error handling during log replay (git-fixes). - btrfs: fix invalid inode pointer dereferences during log replay (git-fixes). - btrfs: fix log tree replay failure due to file with 0 links and extents (git-fixes). - btrfs: fix missing error handling when searching for inode refs during log replay (git-fixes). - btrfs: fix non-empty delayed iputs list on unmount due to async workers (git-fixes). - btrfs: fix ssd_spread overallocation (git-fixes). - btrfs: make btrfs_discard_workfn() block_group ref explicit (bsc#1243068) - btrfs: propagate last_unlink_trans earlier when doing a rmdir (git-fixes). - btrfs: rename err to ret in btrfs_rmdir() (git-fixes). - btrfs: return a btrfs_inode from btrfs_iget_logging() (git-fixes). - btrfs: return a btrfs_inode from read_one_inode() (git-fixes). - btrfs: tests: fix chunk map leak after failure to add it to the tree (git-fixes). - btrfs: update superblock's device bytes_used when dropping chunk (git-fixes). - btrfs: use NOFS context when getting inodes during logging and log replay (git-fixes). - btrfs: use btrfs_record_snapshot_destroy() during rmdir (git-fixes). - bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() (git-fixes). - bus: mhi: host: Detect events pointing to unexpected TREs (git-fixes). - can: dev: can_restart(): move debug message and stats after successful restart (stable-fixes). - can: dev: can_restart(): reverse logic to remove need for goto (stable-fixes). - can: kvaser_pciefd: Store device channel index (git-fixes). - can: kvaser_usb: Assign netdev.dev_port based on device channel index (git-fixes). - can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level (git-fixes). - can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (git-fixes). - can: peak_usb: fix USB FD devices potential malfunction (git-fixes). - cdc-acm: fix race between initial clearing halt and open (git-fixes). - cgroup,freezer: fix incomplete freezing when attaching tasks (bsc#1245789). - cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks (bsc#1241166). - cifs: reconnect helper should set reconnect for the right channel (git-fixes). - clk: clk-axi-clkgen: fix fpfd_max frequency for zynq (git-fixes). - clk: davinci: Add NULL check in davinci_lpsc_clk_register() (git-fixes). - clk: sunxi-ng: v3s: Fix de clock definition (git-fixes). - clk: xilinx: vcu: unregister pll_post only if registered correctly (git-fixes). - clocksource: Scale the watchdog read retries automatically (bsc#1241345 bsc#1244457). - clocksource: Set cs_watchdog_read() checks based on .uncertainty_margin (bsc#1241345 bsc#1244457). - comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large (git-fixes). - comedi: Fix initialization of data for instructions that write to subdevice (git-fixes). - comedi: Fix some signed shift left operations (git-fixes). - comedi: Fix use of uninitialized data in insn_rw_emulate_bits() (git-fixes). - comedi: aio_iiro_16: Fix bit shift out of bounds (git-fixes). - comedi: das16m1: Fix bit shift out of bounds (git-fixes). - comedi: das6402: Fix bit shift out of bounds (git-fixes). - comedi: pcl812: Fix bit shift out of bounds (git-fixes). - compiler_types.h: Define __retain for __attribute__((__retain__)) (git-fixes). - crypto: arm/aes-neonbs - work around gcc-15 warning (git-fixes). - crypto: ccp - Fix crash when rebind ccp device for ccp.ko (git-fixes). - crypto: ccp - Fix locking on alloc failure handling (git-fixes). - crypto: img-hash - Fix dma_unmap_sg() nents value (git-fixes). - crypto: inside-secure - Fix `dma_unmap_sg()` nents value (git-fixes). - crypto: keembay - Fix dma_unmap_sg() nents value (git-fixes). - crypto: marvell/cesa - Fix engine load inaccuracy (git-fixes). - crypto: qat - allow enabling VFs in the absence of IOMMU (git-fixes). - crypto: qat - disable ZUC-256 capability for QAT GEN5 (git-fixes). - crypto: qat - fix DMA direction for compression on GEN2 devices (git-fixes). - crypto: qat - fix seq_file position update in adf_ring_next() (git-fixes). - crypto: qat - fix state restore for banks with exceptions (git-fixes). - crypto: qat - flush misc workqueue during device shutdown (git-fixes). - crypto: qat - use unmanaged allocation for dc_data (git-fixes). - crypto: sun8i-ce - fix nents passed to dma_unmap_sg() (git-fixes). - dm-bufio: fix sched in atomic context (git-fixes). - dm-flakey: error all IOs when num_features is absent (git-fixes). - dm-flakey: make corrupting read bios work (git-fixes). - dm-mirror: fix a tiny race condition (git-fixes). - dm-raid: fix variable in journal device check (git-fixes). - dm-verity: fix a memory leak if some arguments are specified multiple times (git-fixes). - dm: do not change md if dm_table_set_restrictions() fails (git-fixes). - dm: free table mempools if not used in __bind (git-fixes). - dm: restrict dm device size to 2^63-512 bytes (git-fixes). - dma-buf: fix timeout handling in dma_resv_wait_timeout v2 (stable-fixes). - dmaengine: dw-edma: Drop unused dchan2dev() and chan2dev() (git-fixes). - dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using (stable-fixes). - dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (git-fixes). - dmaengine: nbpfaxi: Add missing check after DMA map (git-fixes). - dmaengine: nbpfaxi: Fix memory corruption in probe() (git-fixes). - dmaengine: qcom: gpi: Drop unused gpi_write_reg_field() (git-fixes). - dmaengine: xilinx_dma: Set dma_device directions (stable-fixes). - docs/ABI: Fix sysfs-kernel-address_bits path (git-fixes). - documentation: ACPI: Fix parent device references (git-fixes). - documentation: usb: gadget: Wrap remaining usage snippets in literal code block (git-fixes). - drm/amd/display: Do not overwrite dce60_clk_mgr (git-fixes). - drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (git-fixes). - drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume (git-fixes). - drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram (stable-fixes). - drm/amdkfd: Fix race in GWS queue scheduling (stable-fixes). - drm/bridge: panel: move prepare_prev_first handling to drm_panel_bridge_add_typed (git-fixes). - drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type (git-fixes). - drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() (git-fixes). - drm/bridge: ti-sn65dsi86: make use of debugfs_init callback (stable-fixes). - drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (git-fixes). - drm/exynos: fimd: Guard display clock control with runtime PM calls (git-fixes). - drm/framebuffer: Acquire internal references on GEM handles (git-fixes). - drm/gem: Acquire references on GEM handles for framebuffers (stable-fixes). - drm/gem: Fix race in drm_gem_handle_create_tail() (stable-fixes). - drm/i915/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/i915/gt: Fix timeline left held on VMA alloc error (git-fixes). - drm/i915/selftests: Change mock_request() to return error pointers (git-fixes). - drm/msm/dpu: Fill in min_prefill_lines for SC8180X (git-fixes). - drm/msm: Fix a fence leak in submit error path (stable-fixes). - drm/msm: Fix another leak in the submit error path (stable-fixes). - drm/panfrost: Fix panfrost device variable name in devfreq (git-fixes). - drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed (git-fixes). - drm/sched: Increment job count before swapping tail spsc queue (git-fixes). - drm/sched: Remove optimization that causes hang when killing dependent jobs (git-fixes). - drm/scheduler: signal scheduled fence when kill job (stable-fixes). - drm/tegra: nvdec: Fix dma_alloc_coherent error check (git-fixes). - drm/ttm: fix error handling in ttm_buffer_object_transfer (git-fixes). - drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel (git-fixes). - exfat: fdatasync flag should be same like generic_write_sync() (git-fixes). - fbcon: Fix outdated registered_fb reference in comment (git-fixes). - fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (git-fixes). - firewire: ohci: correct code comments about bus_reset tasklet (git-fixes). - fs/jfs: consolidate sanity checking in dbMount (git-fixes). - fs/orangefs: Allow 2 more characters in do_c_string() (git-fixes). - gpio: mlxbf2: use platform_get_irq_optional() (git-fixes). - gpio: pca953x: log an error when failing to get the reset GPIO (git-fixes). - gpio: sim: include a missing header (git-fixes). - gpio: vf610: add locking to gpio direction functions (git-fixes). - gpio: virtio: Fix config space reading (git-fixes). - gpiolib: Fix debug messaging in gpiod_find_and_request() (git-fixes). - gpiolib: Handle no pin_ranges in gpiochip_generic_config() (git-fixes). - gpiolib: acpi: Do not use GPIO chip fwnode in acpi_gpiochip_find() (bsc#1233300). - gpiolib: acpi: Fix failed in acpi_gpiochip_find() by adding parent node match (bsc#1233300). - gpiolib: cdev: Ignore reconfiguration without direction (git-fixes). - gpiolib: of: Add polarity quirk for s5m8767 (stable-fixes). - hfs: make splice write available again (git-fixes). - hfsplus: make splice write available again (git-fixes). - hfsplus: remove mutex_lock check in hfsplus_free_extents (git-fixes). - hid: Add IGNORE quirk for SMARTLINKTECHNOLOGY (stable-fixes). - hid: core: do not bypass hid_hw_raw_request (stable-fixes). - hid: core: ensure __hid_request reserves the report ID as the first byte (git-fixes). - hid: core: ensure the allocated report buffer can contain the reserved report ID (stable-fixes). - hid: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 (stable-fixes). - hid: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (stable-fixes). - hv_netvsc: Use VF's tso_max_size value when data path is VF (bsc#1246203). - hwmon: (corsair-cpro) Validate the size of the received input buffer (git-fixes). - hwmon: (gsc-hwmon) fix fan pwm setpoint show functions (git-fixes). - hwmon: (pmbus/max34440) Fix support for max34451 (stable-fixes). - hwrng: mtk - handle devm_pm_runtime_enable errors (git-fixes). - i2c/designware: Fix an initialization issue (git-fixes). - i2c: qup: jump out of the loop in case of timeout (git-fixes). - i2c: stm32: fix the device used for the DMA map (git-fixes). - i2c: tegra: Fix reset error handling with ACPI (git-fixes). - i2c: virtio: Avoid hang by using interruptible completion wait (git-fixes). - i3c: fix module_i3c_i2c_driver() with I3C=n (git-fixes). - ib/mlx5: Fix potential deadlock in MR deregistration (git-fixes) - iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush (git-fixes). - iio: adc: ad7949: use spi_is_bpw_supported() (git-fixes). - iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos (stable-fixes). - iio: adc: ad_sigma_delta: change to buffer predisable (git-fixes). - iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (stable-fixes). - iio: adc: max1363: Reorder mode_list[] entries (stable-fixes). - iio: adc: stm32-adc: Fix race in installing chained IRQ handler (git-fixes). - iio: imu: bno055: fix OOB access of hw_xlate array (git-fixes). - iio: pressure: zpa2326: Use aligned_s64 for the timestamp (stable-fixes). - input: iqs7222 - explicitly define number of external channels (git-fixes). - input: xpad - adjust error handling for disconnect (git-fixes). - input: xpad - set correct controller type for Acer NGR200 (git-fixes). - input: xpad - support Acer NGR 200 Controller (stable-fixes). - iommu/amd: Fix geometry.aperture_end for V2 tables (git-fixes). - iommu/amd: Set the pgsize_bitmap correctly (git-fixes). - iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (git-fixes). - iommu/vt-d: Fix possible circular locking dependency (git-fixes). - iommu/vt-d: Fix system hang on reboot -f (git-fixes). - ipv6: fix possible infinite loop in fib6_info_uses_dev() (git-fixes). - ipv6: mcast: Delay put pmc->idev in mld_del_delrec() (git-fixes). - ipv6: prevent infinite loop in rt6_nlmsg_size() (git-fixes). - ipv6: reject malicious packets in ipv6_gso_segment() (git-fixes). - iwlwifi: Add missing check for alloc_ordered_workqueue (git-fixes). - jfs: fix metapage reference count leak in dbAllocCtl (git-fixes). - kABI workaround for struct drm_framebuffer changes (git-fixes). - kABI: Fix the module::name type in audit_context (git-fixes). - kasan: remove kasan_find_vm_area() to prevent possible deadlock (git-fixes). - leds: multicolor: Fix intensity setting while SW blinking (stable-fixes). - lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1236897). - lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() (bsc#1236897). - maple_tree: fix mt_destroy_walk() on root leaf node (git-fixes). - md/md-bitmap: fix dm-raid max_write_behind setting (git-fixes). - media: gspca: Add bounds checking to firmware parser (git-fixes). - media: hi556: correct the test pattern configuration (git-fixes). - media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (git-fixes). - media: ov2659: Fix memory leaks in ov2659_probe() (git-fixes). - media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (git-fixes). - media: usbtv: Lock resolution while streaming (git-fixes). - media: uvcvideo: Do not mark valid metadata as invalid (git-fixes). - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (git-fixes). - media: v4l2-ctrls: Do not reset handler's error in v4l2_ctrl_handler_free() (git-fixes). - media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (git-fixes). - media: venus: Add a check for packet size after reading from shared memory (git-fixes). - media: venus: hfi: explicitly release IRQ during teardown (git-fixes). - media: venus: protect against spurious interrupts during probe (git-fixes). - media: venus: vdec: Clamp param smaller than 1fps and bigger than 240 (git-fixes). - media: venus: venc: Clamp param smaller than 1fps and bigger than 240 (git-fixes). - media: vivid: fix wrong pixel_array control size (git-fixes). - memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() (git-fixes). - mfd: max14577: Fix wakeup source leaks on device unbind (stable-fixes). - misc: rtsx: usb: Ensure mmc child device is active when card is present (git-fixes). - mmc: bcm2835: Fix dma_unmap_sg() nents value (git-fixes). - mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier (git-fixes). - mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models (git-fixes). - mmc: sdhci: Add a helper function for dump register in dynamic debug mode (stable-fixes). - mmc: sdhci_am654: Workaround for Errata i2312 (git-fixes). - module: Fix memory deallocation on error path in move_module() (git-fixes). - module: Remove unnecessary +1 from last_unloaded_module::name size (git-fixes). - module: Restore the moduleparam prefix length check (git-fixes). - mtd: fix possible integer overflow in erase_xfer() (git-fixes). - mtd: rawnand: atmel: Fix dma_mapping_error() address (git-fixes). - mtd: rawnand: atmel: set pmecc data setup time (git-fixes). - mtd: rawnand: fsmc: Add missing check after DMA map (git-fixes). - mtd: rawnand: renesas: Add missing check after DMA map (git-fixes). - mtd: rawnand: rockchip: Add missing check after DMA map (git-fixes). - mtd: spi-nor: Fix spi_nor_try_unlock_all() (git-fixes). - mtd: spinand: fix memory leak of ECC engine conf (stable-fixes). - mtd: spinand: propagate spinand_wait() errors from spinand_write_page() (git-fixes). - mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (git-fixes). - mtk-sd: Prevent memory corruption from DMA map failure (git-fixes). - mtk-sd: reset host->mrq on prepare_data() error (git-fixes). - mwl8k: Add missing check after DMA map (git-fixes). - nbd: fix uaf in nbd_genl_connect() error path (git-fixes). - net/packet: fix a race in packet_set_ring() and packet_notifier() (git-fixes). - net/sched: Restrict conditions for adding duplicating netems to qdisc tree (git-fixes). - net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (git-fixes). - net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (git-fixes). - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (git-fixes). - net/sched: sch_qfq: Fix race condition on qfq_aggregate (git-fixes). - net/sched: taprio: enforce minimum value for picos_per_byte (git-fixes). - net: mana: Add debug logs in MANA network driver (bsc#1246212). - net: mana: Add handler for hardware servicing events (bsc#1245730). - net: mana: Allocate MSI-X vectors dynamically (bsc#1245457). - net: mana: Allow irq_setup() to skip cpus for affinity (bsc#1245457). - net: mana: Allow tso_max_size to go up-to GSO_MAX_SIZE (bsc#1246203). - net: mana: Expose additional hardware counters for drop and TC via ethtool (bsc#1245729). - net: mana: Set tx_packets to post gso processing packet count (bsc#1245731). - net: mana: explain irq_setup() algorithm (bsc#1245457). - net: phy: Do not register LEDs for genphy (git-fixes). - net: phy: micrel: fix KSZ8081/KSZ8091 cable test (git-fixes). - net: phy: microchip: limit 100M workaround to link-down events on LAN88xx (git-fixes). - net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap (git-fixes). - net: phy: smsc: Fix link failure in forced mode with Auto-MDIX (git-fixes). - net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect (git-fixes). - net: usb: qmi_wwan: add SIMCom 8230C composition (stable-fixes). - net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (git-fixes). - net: usbnet: Fix the wrong netif_carrier_on() call (git-fixes). - netpoll: prevent hanging NAPI when netcons gets enabled (git-fixes). - nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails (git-fixes). - nfs: Fix filehandle bounds checking in nfs_fh_to_dentry() (git-fixes). - nfs: Fix the setting of capabilities when automounting a new filesystem (git-fixes). - nfs: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() (git-fixes). - nfs: Fixup allocation flags for nfsiod's __GFP_NORETRY (git-fixes). - nfsd: detect mismatch of file handle and delegation stateid in OPEN op (git-fixes). - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (git-fixes). - nfsv4.2: another fix for listxattr (git-fixes). - nfsv4.2: fix listxattr to return selinux security label (git-fixes). - nfsv4/pnfs: Fix a race to wake on NFS_LAYOUT_DRAIN (git-fixes). - nfsv4: Always set NLINK even if the server does not support it (git-fixes). - nfsv4: xattr handlers should check for absent nfs filehandles (git-fixes). - nilfs2: reject invalid file types when reading inodes (git-fixes). - nvme-pci: refresh visible attrs after being checked (git-fixes). - nvme: Fix incorrect cdw15 value in passthru error logging (git-fixes). - nvme: fix endianness of command word prints in nvme_log_err_passthru() (git-fixes). - nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (git-fixes). - nvme: fix misaccounting of nvme-mpath inflight I/O (git-fixes). - nvmet-tcp: fix callback lock for TLS handshake (git-fixes). - objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret() (git-fixes). - objtool: Fix UNWIND_HINT_{SAVE,RESTORE} across basic blocks (git-fixes). - objtool: Fix _THIS_IP_ detection for cold functions (git-fixes). - objtool: Fix error handling inconsistencies in check() (git-fixes). - objtool: Ignore dangling jump table entries (git-fixes). - objtool: Ignore end-of-section jumps for KCOV/GCOV (git-fixes). - objtool: Properly disable uaccess validation (git-fixes). - objtool: Silence more KCOV warnings (git-fixes). - objtool: Silence more KCOV warnings, part 2 (git-fixes). - objtool: Stop UNRET validation on UD2 (git-fixes). - pch_uart: Fix dma_sync_sg_for_device() nents value (git-fixes). - pci/msi: Export pci_msix_prepare_desc() for dynamic MSI-X allocations (bsc#1245457). - pci: dwc: Make link training more robust by setting PORT_LOGIC_LINK_WIDTH to one lane (stable-fixes). - pci: endpoint: Fix configfs group list head handling (git-fixes). - pci: endpoint: Fix configfs group removal on driver teardown (git-fixes). - pci: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute (git-fixes). - pci: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails (git-fixes). - pci: hv: Allow dynamic MSI-X vector allocation (bsc#1245457). - pci: rockchip-host: Fix 'Unexpected Completion' log message (git-fixes). - perf: Fix sample vs do_exit() (bsc#1246547). - phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode (git-fixes). - pinctrl: amd: Clear GPIO debounce for suspend (git-fixes). - pinctrl: qcom: msm: mark certain pins as invalid for interrupts (git-fixes). - pinctrl: sunxi: Fix memory leak on krealloc failure (git-fixes). - pinmux: fix race causing mux_owner NULL with active mux_usecount (git-fixes). - platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() (git-fixes). - platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 (git-fixes). - platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (git-fixes). - platform/mellanox: mlxreg-lc: Fix logic error in power state check (git-fixes). - platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message (git-fixes). - platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list (stable-fixes). - platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (git-fixes). - platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots (git-fixes). - platform/x86: think-lmi: Create ksets consecutively (stable-fixes). - platform/x86: think-lmi: Fix kobject cleanup (git-fixes). - platform/x86: think-lmi: Fix sysfs group cleanup (git-fixes). - pm / devfreq: Check governor before using governor->name (git-fixes). - pnfs/flexfiles: do not attempt pnfs on fatal DS errors (git-fixes). - power: supply: cpcap-charger: Fix null check for power_supply_get_by_name (git-fixes). - power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (git-fixes). - powercap: call put_device() on an error path in powercap_register_control_type() (stable-fixes). - powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() (git-fixes). - powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed (git-fixes). - powerpc/bpf: enforce full ordering for ATOMIC operations with BPF_FETCH (git-fixes). - ptp: fix breakage after ptp_vclock_in_use() rework (bsc#1246506). - pwm: imx-tpm: Reset counter if CMOD is 0 (git-fixes). - pwm: mediatek: Ensure to disable clocks in error path (git-fixes). - rdma/core: Rate limit GID cache warning messages (git-fixes) - rdma/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes) - rdma/hns: Drop GFP_NOWARN (git-fixes) - rdma/hns: Fix -Wframe-larger-than issue (git-fixes) - rdma/hns: Fix HW configurations not cleared in error flow (git-fixes) - rdma/hns: Fix accessing uninitialized resources (git-fixes) - rdma/hns: Fix double destruction of rsv_qp (git-fixes) - rdma/hns: Get message length of ack_req from FW (git-fixes) - rdma/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes) - rdma/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes) - rdma/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes) - rdma/mlx5: Fix CC counters query for MPV (git-fixes) - rdma/mlx5: Fix HW counters query for non-representor devices (git-fixes) - rdma/mlx5: Fix compilation warning when USER_ACCESS isn't set (git-fixes) - rdma/mlx5: Fix vport loopback for MPV device (git-fixes) - rdma/mlx5: Initialize obj_event->obj_sub_list before xa_insert (git-fixes) - rdma/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes) - rdma/siw: Fix the sendmsg byte count in siw_tcp_sendpages (git-fixes) - rdma/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes) - rdma/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes) - rdma/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes) - rdma/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes) - regmap: fix potential memory leak of regmap_bus (git-fixes). - regulator: fan53555: add enable_time support and soft-start times (stable-fixes). - regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (git-fixes). - regulator: pwm-regulator: Calculate the output voltage for disabled PWMs (stable-fixes). - resource: fix false warning in __request_region() (git-fixes). - restore UCSI_CONNECTOR_RESET_HARD definition (git-fixes). - ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() (git-fixes). - rose: fix dangling neighbour pointers in rose_rt_device_down() (git-fixes). - rpl: Fix use-after-free in rpl_do_srh_inline() (git-fixes). - rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337) - rtc: ds1307: fix incorrect maximum clock rate handling (git-fixes). - rtc: hym8563: fix incorrect maximum clock rate handling (git-fixes). - rtc: nct3018y: fix incorrect maximum clock rate handling (git-fixes). - rtc: pcf85063: fix incorrect maximum clock rate handling (git-fixes). - rtc: pcf8563: fix incorrect maximum clock rate handling (git-fixes). - rtc: rv3028: fix incorrect maximum clock rate handling (git-fixes). - s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (git-fixes bsc#1246870). - s390/entry: Fix last breaking event handling in case of stack corruption (git-fixes bsc#1243806). - s390/pci: Do not try re-enabling load/store if device is disabled (git-fixes bsc#1245646). - s390/pci: Fix stale function handles in error handling (git-fixes bsc#1245647). - s390/pkey: Prevent overflow in size calculation for memdup_user() (git-fixes bsc#1245598). - s390: Add z17 elf platform (LTC#214086 bsc#1245540). - samples: mei: Fix building on musl libc (git-fixes). - sched,freezer: Remove unnecessary warning in __thaw_task (bsc#1219338). - sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up() (git-fixes). - scsi: core: Enforce unlimited max_segment_size when virt_boundary_mask is set (git-fixes). - scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Copyright updates for 14.4.0.10 (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Early return out of FDMI cmpl for locally rejected statuses (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Modify end-of-life adapters' model descriptions (bsc#1245260 bsc#1243100 bsc#1246125 bsc#1204142). - scsi: lpfc: Move clearing of HBA_SETUP flag to before lpfc_sli4_queue_unset (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Relocate clearing initial phba flags from link up to link down hdlr (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Revise CQ_CREATE_SET mailbox bitfield definitions (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Revise logging format for failed CT MIB requests (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Simplify error handling for failed lpfc_get_sli4_parameters cmd (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Skip RSCN processing when FC_UNLOADING flag is set (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Update debugfs trace ring initialization messages (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Update lpfc version to 14.4.0.10 (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: megaraid_sas: Fix invalid node index (git-fixes). - scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() (git-fixes). - scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (git-fixes). - scsi: s390: zfcp: Ensure synchronous unit_add (git-fixes bsc#1245599). - selftests/bpf: Add CFLAGS per source file and runner (git-fixes). - selftests/bpf: Add tests for iter next method returning valid pointer (git-fixes). - selftests/bpf: Change functions definitions to support GCC (git-fixes). - selftests/bpf: Fix a few tests for GCC related warnings (git-fixes). - selftests/bpf: Fix pointer arithmetic in test_xdp_do_redirect (git-fixes). - selftests/bpf: Fix prog numbers in test_sockmap (git-fixes). - smb3: move server check earlier when setting channel sequence number (git-fixes). - smb3: rename macro CIFS_SERVER_IS_CHAN to avoid confusion (git-fixes). - smb3: send channel sequence number in SMB3 requests after reconnects (git-fixes). - soc/tegra: cbb: Clear ERR_FORCE register with ERR_STATUS (git-fixes). - soc: aspeed: lpc-snoop: Cleanup resources in stack-order (git-fixes). - soc: aspeed: lpc-snoop: Do not disable channels that are not enabled (git-fixes). - soc: qcom: QMI encoding/decoding for big endian (git-fixes). - soc: qcom: fix endianness for QMI header (git-fixes). - soc: qcom: pmic_glink: fix OF node leak (git-fixes). - soundwire: amd: fix for clearing command status register (git-fixes). - soundwire: stream: restore params when prepare ports fail (git-fixes). - spi: spi-fsl-dspi: Clear completion counter before initiating transfer (git-fixes). - staging: axis-fifo: remove sysfs interface (git-fixes). - staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (git-fixes). - staging: nvec: Fix incorrect null termination of battery manufacturer (git-fixes). - struct cdns: move new member to the end (git-fixes). - struct ucsi_operations: use padding for new operation (git-fixes). - sunrpc: do not immediately retransmit on seqno miss (git-fixes). - sunrpc: fix client side handling of tls alerts (git-fixes). - supported.conf: add missing entries for armv7hl - supported.conf: move nvme-apple to optional again - supported.conf: sort entries again - tcp: call tcp_measure_rcv_mss() for ooo packets (git-fixes). - thunderbolt: Fix bit masking in tb_dp_port_set_hops() (git-fixes). - thunderbolt: Fix copy+paste error in match_service_id() (git-fixes). - thunderbolt: Fix wake on connect at runtime (git-fixes). - tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (git-fixes). - tracing/kprobes: Fix to free objects when failed to copy a symbol (git-fixes). - types: Complement the aligned types with signed 64-bit one (stable-fixes). - ucount: fix atomic_long_inc_below() argument type (git-fixes). - ucsi-glink: adapt to kABI consistency (git-fixes). - ucsi_ccg: Refine the UCSI Interrupt handling (git-fixes). - ucsi_operations: add stubs for all operations (git-fixes). - ucsi_ops: adapt update_connector to kABI consistency (git-fixes). - usb: Add checks for snprintf() calls in usb_alloc_dev() (stable-fixes). - usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (git-fixes). - usb: cdc-wdm: avoid setting WDM_READ for ZLP-s (stable-fixes). - usb: cdnsp: Fix issue with CV Bad Descriptor test (git-fixes). - usb: cdnsp: Fix issue with resuming from L1 (git-fixes). - usb: cdnsp: Replace snprintf() with the safer scnprintf() variant (stable-fixes). - usb: cdnsp: do not disable slot for disabled slot (git-fixes). - usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume (git-fixes). - usb: common: usb-conn-gpio: use a unique name for usb connector device (stable-fixes). - usb: dwc2: also exit clock_gating when stopping udc while suspended (stable-fixes). - usb: dwc3: meson-g12a: fix device leaks at unbind (git-fixes). - usb: early: xhci-dbc: Fix early_ioremap leak (git-fixes). - usb: gadget : fix use-after-free in composite_dev_cleanup() (git-fixes). - usb: gadget: u_serial: Fix race condition in TTY wakeup (git-fixes). - usb: gadget: udc: renesas_usb3: fix device leak at unbind (git-fixes). - usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() (git-fixes). - usb: hub: Do not try to recover devices lost during warm reset (git-fixes). - usb: misc: apple-mfi-fastcharge: Make power supply names unique (git-fixes). - usb: musb: fix gadget state on disconnect (git-fixes). - usb: musb: omap2430: fix device leak at unbind (git-fixes). - usb: net: sierra: check for no status endpoint (git-fixes). - usb: potential integer overflow in usbg_make_tpg() (stable-fixes). - usb: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (stable-fixes). - usb: serial: option: add Foxconn T99W640 (stable-fixes). - usb: serial: option: add Telit Cinterion FE910C04 (ECM) composition (stable-fixes). - usb: typec: Update sysfs when setting ops (git-fixes). - usb: typec: altmodes/displayport: do not index invalid pin_assignments (git-fixes). - usb: typec: displayport: Fix potential deadlock (git-fixes). - usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode (stable-fixes). - usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set (stable-fixes). - usb: typec: tcpm: allow switching to mode accessory to mux properly (stable-fixes). - usb: typec: tcpm: allow to use sink in accessory mode (stable-fixes). - usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach (git-fixes). - usb: typec: ucsi: Add DATA_RESET option of Connector Reset command (git-fixes). - usb: typec: ucsi: Add qcm6490-pmic-glink as needing PDOS quirk (git-fixes). - usb: typec: ucsi: Delay alternate mode discovery (git-fixes). - usb: typec: ucsi: Fix busy loop on ASUS VivoBooks (git-fixes). - usb: typec: ucsi: Fix the partner PD revision (git-fixes). - usb: typec: ucsi: Get PD revision for partner (git-fixes). - usb: typec: ucsi: Set orientation as none when connector is unplugged (git-fixes). - usb: typec: ucsi: Update power_supply on power role change (git-fixes). - usb: typec: ucsi: add callback for connector status updates (git-fixes). - usb: typec: ucsi: add update_connector callback (git-fixes). - usb: typec: ucsi: do not retrieve PDOs if not supported (git-fixes). - usb: typec: ucsi: extract code to read PD caps (git-fixes). - usb: typec: ucsi: fix UCSI on SM8550 & SM8650 Qualcomm devices (git-fixes). - usb: typec: ucsi: glink: fix off-by-one in connector_status (git-fixes). - usb: typec: ucsi: glink: increase max ports for x1e80100 (git-fixes). - usb: typec: ucsi: glink: move GPIO reading into connector_status callback (git-fixes). - usb: typec: ucsi: glink: use typec_set_orientation (git-fixes). - usb: typec: ucsi: move ucsi_acknowledge() from ucsi_read_error() (git-fixes). - usb: typec: ucsi: properly register partner's PD device (git-fixes). - usb: typec: ucsi: support delaying GET_PDOS for device (git-fixes). - usb: typec: ucsi_acpi: Add LG Gram quirk (git-fixes). - usb: typec: ucsi_glink: drop NO_PARTNER_PDOS quirk for sm8550 / sm8650 (git-fixes). - usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk (git-fixes). - usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk on qcm6490 (git-fixes). - usb: typec: ucsi_glink: rework quirks implementation (git-fixes). - usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed (git-fixes). - usb: xhci: quirk for data loss in ISOC transfers (stable-fixes). - usb:cdnsp: remove TRB_FLUSH_ENDPOINT command (stable-fixes). - virtgpu: do not reset on shutdown (git-fixes). - vmci: Prevent the dispatching of uninitialized payloads (git-fixes). - vt: add missing notification when switching back to text mode (stable-fixes). - vt: defkeymap: Map keycodes above 127 to K_HOLE (git-fixes). - vt: keyboard: Do not process Unicode characters in K_OFF mode (git-fixes). - watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (git-fixes). - wifi: ath11k: clear initialized flag for deinit-ed srng lists (git-fixes). - wifi: ath11k: fix dest ring-buffer corruption (git-fixes). - wifi: ath11k: fix dest ring-buffer corruption when ring is full (git-fixes). - wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() (git-fixes). - wifi: ath11k: fix source ring-buffer corruption (git-fixes). - wifi: ath11k: fix suspend use-after-free after probe failure (git-fixes). - wifi: ath12k: fix dest ring-buffer corruption (git-fixes). - wifi: ath12k: fix dest ring-buffer corruption when ring is full (git-fixes). - wifi: ath12k: fix endianness handling while accessing wmi service bit (git-fixes). - wifi: ath12k: fix source ring-buffer corruption (git-fixes). - wifi: ath6kl: remove WARN on bad firmware input (stable-fixes). - wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (git-fixes). - wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (git-fixes). - wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() (git-fixes). - wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (git-fixes). - wifi: iwlwifi: return ERR_PTR from opmode start() (stable-fixes). - wifi: mac80211: Add link iteration macro for link data (stable-fixes). - wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() (git-fixes). - wifi: mac80211: Do not call fq_flow_idx() for management frames (git-fixes). - wifi: mac80211: Do not schedule stopped TXQs (git-fixes). - wifi: mac80211: chan: chandef is non-NULL for reserved (stable-fixes). - wifi: mac80211: drop invalid source address OCB frames (stable-fixes). - wifi: mac80211: reject TDLS operations when station is not associated (git-fixes). - wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() (git-fixes). - wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan (git-fixes). - wifi: mt76: mt7925: fix the wrong config for tx interrupt (git-fixes). - wifi: plfxlc: Fix error handling in usb driver probe (git-fixes). - wifi: prevent A-MSDU attacks in mesh networks (stable-fixes). - wifi: rtl818x: Kill URBs before clearing tx status queue (git-fixes). - wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band (git-fixes). - wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (git-fixes). - x86/cpu/amd: Fix workaround for erratum 1054 (git-fixes). - x86/mce/amd: Add default names for MCA banks and blocks (git-fixes). - x86/mce/amd: Fix threshold limit reset (git-fixes). - x86/mce: Do not remove sysfs if thresholding sysfs init fails (git-fixes). - x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (git-fixes). - x86/tdx: Fix __noreturn build warning around __tdx_hypercall_failed() (git-fixes). - x86/traps: Initialize DR6 by writing its architectural reset value (git-fixes). - x86/virt/tdx: Avoid indirect calls to TDX assembly functions (git-fixes). - x86: UV RTC: Add parameter to disable RTC clocksource (bsc#1241345). - xfs: fix off-by-one error in fsmap's end_daddr usage (bsc#1235837). - xfs: only create event xfs_file_compat_ioctl when CONFIG_COMPAT is configure (git-fixes). - xfs: remove unused event xfs_alloc_near_error (git-fixes). - xfs: remove unused event xfs_alloc_near_nominleft (git-fixes). - xfs: remove unused event xfs_attr_node_removename (git-fixes). - xfs: remove unused event xfs_ioctl_clone (git-fixes). - xfs: remove unused event xfs_pagecache_inval (git-fixes). - xfs: remove unused event xlog_iclog_want_sync (git-fixes). - xfs: remove unused trace event xfs_attr_remove_iter_return (git-fixes). - xfs: remove unused trace event xfs_attr_rmtval_set (git-fixes). - xfs: remove unused trace event xfs_reflink_cow_enospc (git-fixes). - xfs: remove unused xfs_attr events (git-fixes). - xfs: remove unused xfs_reflink_compare_extents events (git-fixes). - xfs: remove usused xfs_end_io_direct events (git-fixes). - xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS (git-fixes). - xhci: dbc: Flush queued requests before stopping dbc (git-fixes). - xhci: dbctty: disable ECHO flag by default (git-fixes). Important SUSE bug 1204142 SUSE bug 1219338 SUSE bug 1225707 SUSE bug 1230216 SUSE bug 1233300 SUSE bug 1235613 SUSE bug 1235837 SUSE bug 1236333 SUSE bug 1236897 SUSE bug 1238896 SUSE bug 1239061 SUSE bug 1239470 SUSE bug 1240323 SUSE bug 1240885 SUSE bug 1240966 SUSE bug 1241166 SUSE bug 1241345 SUSE bug 1241537 SUSE bug 1242086 SUSE bug 1242414 SUSE bug 1242837 SUSE bug 1242960 SUSE bug 1242965 SUSE bug 1242993 SUSE bug 1243068 SUSE bug 1243100 SUSE bug 1243479 SUSE bug 1243669 SUSE bug 1243806 SUSE bug 1244309 SUSE bug 1244337 SUSE bug 1244457 SUSE bug 1244735 SUSE bug 1244749 SUSE bug 1244750 SUSE bug 1244792 SUSE bug 1244801 SUSE bug 1245151 SUSE bug 1245201 SUSE bug 1245202 SUSE bug 1245216 SUSE bug 1245260 SUSE bug 1245431 SUSE bug 1245440 SUSE bug 1245457 SUSE bug 1245498 SUSE bug 1245499 SUSE bug 1245504 SUSE bug 1245506 SUSE bug 1245508 SUSE bug 1245510 SUSE bug 1245540 SUSE bug 1245598 SUSE bug 1245599 SUSE bug 1245646 SUSE bug 1245647 SUSE bug 1245649 SUSE bug 1245650 SUSE bug 1245654 SUSE bug 1245658 SUSE bug 1245660 SUSE bug 1245665 SUSE bug 1245666 SUSE bug 1245668 SUSE bug 1245669 SUSE bug 1245670 SUSE bug 1245671 SUSE bug 1245675 SUSE bug 1245676 SUSE bug 1245677 SUSE bug 1245679 SUSE bug 1245682 SUSE bug 1245683 SUSE bug 1245684 SUSE bug 1245688 SUSE bug 1245689 SUSE bug 1245690 SUSE bug 1245691 SUSE bug 1245695 SUSE bug 1245705 SUSE bug 1245708 SUSE bug 1245711 SUSE bug 1245713 SUSE bug 1245714 SUSE bug 1245719 SUSE bug 1245723 SUSE bug 1245729 SUSE bug 1245730 SUSE bug 1245731 SUSE bug 1245735 SUSE bug 1245737 SUSE bug 1245744 SUSE bug 1245745 SUSE bug 1245746 SUSE bug 1245747 SUSE bug 1245748 SUSE bug 1245749 SUSE bug 1245750 SUSE bug 1245751 SUSE bug 1245752 SUSE bug 1245757 SUSE bug 1245758 SUSE bug 1245765 SUSE bug 1245768 SUSE bug 1245769 SUSE bug 1245777 SUSE bug 1245781 SUSE bug 1245789 SUSE bug 1245937 SUSE bug 1245945 SUSE bug 1245951 SUSE bug 1245952 SUSE bug 1245954 SUSE bug 1245957 SUSE bug 1245966 SUSE bug 1245970 SUSE bug 1245976 SUSE bug 1245980 SUSE bug 1245983 SUSE bug 1245986 SUSE bug 1246000 SUSE bug 1246002 SUSE bug 1246006 SUSE bug 1246008 SUSE bug 1246020 SUSE bug 1246023 SUSE bug 1246029 SUSE bug 1246031 SUSE bug 1246037 SUSE bug 1246041 SUSE bug 1246042 SUSE bug 1246044 SUSE bug 1246045 SUSE bug 1246047 SUSE bug 1246049 SUSE bug 1246050 SUSE bug 1246055 SUSE bug 1246073 SUSE bug 1246093 SUSE bug 1246098 SUSE bug 1246109 SUSE bug 1246122 SUSE bug 1246125 SUSE bug 1246171 SUSE bug 1246173 SUSE bug 1246178 SUSE bug 1246182 SUSE bug 1246183 SUSE bug 1246186 SUSE bug 1246195 SUSE bug 1246203 SUSE bug 1246212 SUSE bug 1246220 SUSE bug 1246236 SUSE bug 1246240 SUSE bug 1246243 SUSE bug 1246246 SUSE bug 1246249 SUSE bug 1246250 SUSE bug 1246253 SUSE bug 1246258 SUSE bug 1246262 SUSE bug 1246264 SUSE bug 1246266 SUSE bug 1246268 SUSE bug 1246273 SUSE bug 1246283 SUSE bug 1246287 SUSE bug 1246292 SUSE bug 1246293 SUSE bug 1246295 SUSE bug 1246334 SUSE bug 1246337 SUSE bug 1246342 SUSE bug 1246349 SUSE bug 1246354 SUSE bug 1246358 SUSE bug 1246361 SUSE bug 1246364 SUSE bug 1246370 SUSE bug 1246375 SUSE bug 1246384 SUSE bug 1246386 SUSE bug 1246387 SUSE bug 1246438 SUSE bug 1246453 SUSE bug 1246473 SUSE bug 1246490 SUSE bug 1246506 SUSE bug 1246547 SUSE bug 1246777 SUSE bug 1246781 SUSE bug 1246870 SUSE bug 1246879 SUSE bug 1246911 SUSE bug 1247018 SUSE bug 1247023 SUSE bug 1247028 SUSE bug 1247031 SUSE bug 1247033 SUSE bug 1247035 SUSE bug 1247061 SUSE bug 1247089 SUSE bug 1247091 SUSE bug 1247097 SUSE bug 1247098 SUSE bug 1247101 SUSE bug 1247103 SUSE bug 1247104 SUSE bug 1247113 SUSE bug 1247118 SUSE bug 1247123 SUSE bug 1247125 SUSE bug 1247128 SUSE bug 1247132 SUSE bug 1247138 SUSE bug 1247141 SUSE bug 1247143 SUSE bug 1247145 SUSE bug 1247146 SUSE bug 1247147 SUSE bug 1247149 SUSE bug 1247150 SUSE bug 1247151 SUSE bug 1247153 SUSE bug 1247154 SUSE bug 1247156 SUSE bug 1247160 SUSE bug 1247164 SUSE bug 1247169 SUSE bug 1247170 SUSE bug 1247171 SUSE bug 1247172 SUSE bug 1247174 SUSE bug 1247176 SUSE bug 1247177 SUSE bug 1247178 SUSE bug 1247181 SUSE bug 1247209 SUSE bug 1247210 SUSE bug 1247227 SUSE bug 1247233 SUSE bug 1247236 SUSE bug 1247238 SUSE bug 1247241 SUSE bug 1247251 SUSE bug 1247252 SUSE bug 1247253 SUSE bug 1247255 SUSE bug 1247271 SUSE bug 1247273 SUSE bug 1247274 SUSE bug 1247276 SUSE bug 1247277 SUSE bug 1247278 SUSE bug 1247279 SUSE bug 1247284 SUSE bug 1247285 SUSE bug 1247288 SUSE bug 1247289 SUSE bug 1247293 SUSE bug 1247311 SUSE bug 1247314 SUSE bug 1247317 SUSE bug 1247347 SUSE bug 1247348 SUSE bug 1247349 SUSE bug 1247374 SUSE bug 1247437 SUSE bug 1247450 CVE-2019-11135 at SUSE CVE-2019-11135 at NVD CVE-2024-36028 at SUSE CVE-2024-36028 at NVD CVE-2024-36348 at SUSE CVE-2024-36348 at NVD CVE-2024-36349 at SUSE CVE-2024-36349 at NVD CVE-2024-36350 at SUSE CVE-2024-36350 at NVD CVE-2024-36357 at SUSE CVE-2024-36357 at NVD CVE-2024-44963 at SUSE CVE-2024-44963 at NVD CVE-2024-49861 at SUSE CVE-2024-49861 at NVD CVE-2024-56742 at SUSE CVE-2024-56742 at NVD CVE-2024-57947 at SUSE CVE-2024-57947 at NVD CVE-2025-21839 at SUSE CVE-2025-21839 at NVD CVE-2025-21854 at SUSE CVE-2025-21854 at NVD CVE-2025-21872 at SUSE CVE-2025-21872 at NVD CVE-2025-22090 at SUSE CVE-2025-22090 at NVD CVE-2025-23163 at SUSE CVE-2025-23163 at NVD CVE-2025-37798 at SUSE CVE-2025-37798 at NVD CVE-2025-37856 at SUSE CVE-2025-37856 at NVD CVE-2025-37864 at SUSE CVE-2025-37864 at NVD CVE-2025-37885 at SUSE CVE-2025-37885 at NVD CVE-2025-37920 at SUSE CVE-2025-37920 at NVD CVE-2025-37984 at SUSE CVE-2025-37984 at NVD CVE-2025-38034 at SUSE CVE-2025-38034 at NVD CVE-2025-38035 at SUSE CVE-2025-38035 at NVD CVE-2025-38051 at SUSE CVE-2025-38051 at NVD CVE-2025-38052 at SUSE CVE-2025-38052 at NVD CVE-2025-38058 at SUSE CVE-2025-38058 at NVD CVE-2025-38061 at SUSE CVE-2025-38061 at NVD CVE-2025-38062 at SUSE CVE-2025-38062 at NVD CVE-2025-38063 at SUSE CVE-2025-38063 at NVD CVE-2025-38064 at SUSE CVE-2025-38064 at NVD CVE-2025-38074 at SUSE CVE-2025-38074 at NVD CVE-2025-38084 at SUSE CVE-2025-38084 at NVD CVE-2025-38085 at SUSE CVE-2025-38085 at NVD CVE-2025-38087 at SUSE CVE-2025-38087 at NVD CVE-2025-38088 at SUSE CVE-2025-38088 at NVD CVE-2025-38089 at SUSE CVE-2025-38089 at NVD CVE-2025-38090 at SUSE CVE-2025-38090 at NVD CVE-2025-38094 at SUSE CVE-2025-38094 at NVD CVE-2025-38095 at SUSE CVE-2025-38095 at NVD CVE-2025-38097 at SUSE CVE-2025-38097 at NVD CVE-2025-38098 at SUSE CVE-2025-38098 at NVD CVE-2025-38099 at SUSE CVE-2025-38099 at NVD CVE-2025-38100 at SUSE CVE-2025-38100 at NVD CVE-2025-38102 at SUSE CVE-2025-38102 at NVD CVE-2025-38105 at SUSE CVE-2025-38105 at NVD CVE-2025-38107 at SUSE CVE-2025-38107 at NVD CVE-2025-38108 at SUSE CVE-2025-38108 at NVD CVE-2025-38109 at SUSE CVE-2025-38109 at NVD CVE-2025-38110 at SUSE CVE-2025-38110 at NVD CVE-2025-38111 at SUSE CVE-2025-38111 at NVD CVE-2025-38112 at SUSE CVE-2025-38112 at NVD CVE-2025-38113 at SUSE CVE-2025-38113 at NVD CVE-2025-38115 at SUSE CVE-2025-38115 at NVD CVE-2025-38117 at SUSE CVE-2025-38117 at NVD CVE-2025-38118 at SUSE CVE-2025-38118 at NVD CVE-2025-38120 at SUSE CVE-2025-38120 at NVD CVE-2025-38122 at SUSE CVE-2025-38122 at NVD CVE-2025-38123 at SUSE CVE-2025-38123 at NVD CVE-2025-38124 at SUSE CVE-2025-38124 at NVD CVE-2025-38126 at SUSE CVE-2025-38126 at NVD CVE-2025-38127 at SUSE CVE-2025-38127 at NVD CVE-2025-38129 at SUSE CVE-2025-38129 at NVD CVE-2025-38131 at SUSE CVE-2025-38131 at NVD CVE-2025-38132 at SUSE CVE-2025-38132 at NVD CVE-2025-38135 at SUSE CVE-2025-38135 at NVD CVE-2025-38136 at SUSE CVE-2025-38136 at NVD CVE-2025-38138 at SUSE CVE-2025-38138 at NVD CVE-2025-38142 at SUSE CVE-2025-38142 at NVD CVE-2025-38143 at SUSE CVE-2025-38143 at NVD CVE-2025-38145 at SUSE CVE-2025-38145 at NVD CVE-2025-38147 at SUSE CVE-2025-38147 at NVD CVE-2025-38148 at SUSE CVE-2025-38148 at NVD CVE-2025-38149 at SUSE CVE-2025-38149 at NVD CVE-2025-38151 at SUSE CVE-2025-38151 at NVD CVE-2025-38153 at SUSE CVE-2025-38153 at NVD CVE-2025-38154 at SUSE CVE-2025-38154 at NVD CVE-2025-38155 at SUSE CVE-2025-38155 at NVD CVE-2025-38157 at SUSE CVE-2025-38157 at NVD CVE-2025-38158 at SUSE CVE-2025-38158 at NVD CVE-2025-38159 at SUSE CVE-2025-38159 at NVD CVE-2025-38161 at SUSE CVE-2025-38161 at NVD CVE-2025-38162 at SUSE CVE-2025-38162 at NVD CVE-2025-38165 at SUSE CVE-2025-38165 at NVD CVE-2025-38166 at SUSE CVE-2025-38166 at NVD CVE-2025-38173 at SUSE CVE-2025-38173 at NVD CVE-2025-38174 at SUSE CVE-2025-38174 at NVD CVE-2025-38177 at SUSE CVE-2025-38177 at NVD CVE-2025-38180 at SUSE CVE-2025-38180 at NVD CVE-2025-38181 at SUSE CVE-2025-38181 at NVD CVE-2025-38182 at SUSE CVE-2025-38182 at NVD CVE-2025-38183 at SUSE CVE-2025-38183 at NVD CVE-2025-38187 at SUSE CVE-2025-38187 at NVD CVE-2025-38188 at SUSE CVE-2025-38188 at NVD CVE-2025-38192 at SUSE CVE-2025-38192 at NVD CVE-2025-38193 at SUSE CVE-2025-38193 at NVD CVE-2025-38194 at SUSE CVE-2025-38194 at NVD CVE-2025-38197 at SUSE CVE-2025-38197 at NVD CVE-2025-38198 at SUSE CVE-2025-38198 at NVD CVE-2025-38200 at SUSE CVE-2025-38200 at NVD CVE-2025-38202 at SUSE CVE-2025-38202 at NVD CVE-2025-38203 at SUSE CVE-2025-38203 at NVD CVE-2025-38204 at SUSE CVE-2025-38204 at NVD CVE-2025-38206 at SUSE CVE-2025-38206 at NVD CVE-2025-38210 at SUSE CVE-2025-38210 at NVD CVE-2025-38211 at SUSE CVE-2025-38211 at NVD CVE-2025-38212 at SUSE CVE-2025-38212 at NVD CVE-2025-38213 at SUSE CVE-2025-38213 at NVD CVE-2025-38214 at SUSE CVE-2025-38214 at NVD CVE-2025-38215 at SUSE CVE-2025-38215 at NVD CVE-2025-38217 at SUSE CVE-2025-38217 at NVD CVE-2025-38220 at SUSE CVE-2025-38220 at NVD CVE-2025-38222 at SUSE CVE-2025-38222 at NVD CVE-2025-38225 at SUSE CVE-2025-38225 at NVD CVE-2025-38226 at SUSE CVE-2025-38226 at NVD CVE-2025-38227 at SUSE CVE-2025-38227 at NVD CVE-2025-38229 at SUSE CVE-2025-38229 at NVD CVE-2025-38231 at SUSE CVE-2025-38231 at NVD CVE-2025-38236 at SUSE CVE-2025-38236 at NVD CVE-2025-38239 at SUSE CVE-2025-38239 at NVD CVE-2025-38244 at SUSE CVE-2025-38244 at NVD CVE-2025-38246 at SUSE CVE-2025-38246 at NVD CVE-2025-38248 at SUSE CVE-2025-38248 at NVD CVE-2025-38249 at SUSE CVE-2025-38249 at NVD CVE-2025-38250 at SUSE CVE-2025-38250 at NVD CVE-2025-38257 at SUSE CVE-2025-38257 at NVD CVE-2025-38259 at SUSE CVE-2025-38259 at NVD CVE-2025-38264 at SUSE CVE-2025-38264 at NVD CVE-2025-38272 at SUSE CVE-2025-38272 at NVD CVE-2025-38273 at SUSE CVE-2025-38273 at NVD CVE-2025-38275 at SUSE CVE-2025-38275 at NVD CVE-2025-38277 at SUSE CVE-2025-38277 at NVD CVE-2025-38279 at SUSE CVE-2025-38279 at NVD CVE-2025-38283 at SUSE CVE-2025-38283 at NVD CVE-2025-38286 at SUSE CVE-2025-38286 at NVD CVE-2025-38289 at SUSE CVE-2025-38289 at NVD CVE-2025-38290 at SUSE CVE-2025-38290 at NVD CVE-2025-38292 at SUSE CVE-2025-38292 at NVD CVE-2025-38293 at SUSE CVE-2025-38293 at NVD CVE-2025-38300 at SUSE CVE-2025-38300 at NVD CVE-2025-38303 at SUSE CVE-2025-38303 at NVD CVE-2025-38304 at SUSE CVE-2025-38304 at NVD CVE-2025-38305 at SUSE CVE-2025-38305 at NVD CVE-2025-38307 at SUSE CVE-2025-38307 at NVD CVE-2025-38310 at SUSE CVE-2025-38310 at NVD CVE-2025-38312 at SUSE CVE-2025-38312 at NVD CVE-2025-38313 at SUSE CVE-2025-38313 at NVD CVE-2025-38319 at SUSE CVE-2025-38319 at NVD CVE-2025-38323 at SUSE CVE-2025-38323 at NVD CVE-2025-38326 at SUSE CVE-2025-38326 at NVD CVE-2025-38328 at SUSE CVE-2025-38328 at NVD CVE-2025-38332 at SUSE CVE-2025-38332 at NVD CVE-2025-38334 at SUSE CVE-2025-38334 at NVD CVE-2025-38335 at SUSE CVE-2025-38335 at NVD CVE-2025-38336 at SUSE CVE-2025-38336 at NVD CVE-2025-38337 at SUSE CVE-2025-38337 at NVD CVE-2025-38338 at SUSE CVE-2025-38338 at NVD CVE-2025-38342 at SUSE CVE-2025-38342 at NVD CVE-2025-38343 at SUSE CVE-2025-38343 at NVD CVE-2025-38344 at SUSE CVE-2025-38344 at NVD CVE-2025-38345 at SUSE CVE-2025-38345 at NVD CVE-2025-38348 at SUSE CVE-2025-38348 at NVD CVE-2025-38349 at SUSE CVE-2025-38349 at NVD CVE-2025-38350 at SUSE CVE-2025-38350 at NVD CVE-2025-38352 at SUSE CVE-2025-38352 at NVD CVE-2025-38354 at SUSE CVE-2025-38354 at NVD CVE-2025-38362 at SUSE CVE-2025-38362 at NVD CVE-2025-38363 at SUSE CVE-2025-38363 at NVD CVE-2025-38364 at SUSE CVE-2025-38364 at NVD CVE-2025-38365 at SUSE CVE-2025-38365 at NVD CVE-2025-38369 at SUSE CVE-2025-38369 at NVD CVE-2025-38371 at SUSE CVE-2025-38371 at NVD CVE-2025-38373 at SUSE CVE-2025-38373 at NVD CVE-2025-38375 at SUSE CVE-2025-38375 at NVD CVE-2025-38376 at SUSE CVE-2025-38376 at NVD CVE-2025-38377 at SUSE CVE-2025-38377 at NVD CVE-2025-38380 at SUSE CVE-2025-38380 at NVD CVE-2025-38382 at SUSE CVE-2025-38382 at NVD CVE-2025-38384 at SUSE CVE-2025-38384 at NVD CVE-2025-38385 at SUSE CVE-2025-38385 at NVD CVE-2025-38386 at SUSE CVE-2025-38386 at NVD CVE-2025-38387 at SUSE CVE-2025-38387 at NVD CVE-2025-38389 at SUSE CVE-2025-38389 at NVD CVE-2025-38391 at SUSE CVE-2025-38391 at NVD CVE-2025-38392 at SUSE CVE-2025-38392 at NVD CVE-2025-38393 at SUSE CVE-2025-38393 at NVD CVE-2025-38395 at SUSE CVE-2025-38395 at NVD CVE-2025-38396 at SUSE CVE-2025-38396 at NVD CVE-2025-38399 at SUSE CVE-2025-38399 at NVD CVE-2025-38400 at SUSE CVE-2025-38400 at NVD CVE-2025-38401 at SUSE CVE-2025-38401 at NVD CVE-2025-38403 at SUSE CVE-2025-38403 at NVD CVE-2025-38404 at SUSE CVE-2025-38404 at NVD CVE-2025-38406 at SUSE CVE-2025-38406 at NVD CVE-2025-38409 at SUSE CVE-2025-38409 at NVD CVE-2025-38410 at SUSE CVE-2025-38410 at NVD CVE-2025-38412 at SUSE CVE-2025-38412 at NVD CVE-2025-38414 at SUSE CVE-2025-38414 at NVD CVE-2025-38415 at SUSE CVE-2025-38415 at NVD CVE-2025-38416 at SUSE CVE-2025-38416 at NVD CVE-2025-38420 at SUSE CVE-2025-38420 at NVD CVE-2025-38424 at SUSE CVE-2025-38424 at NVD CVE-2025-38425 at SUSE CVE-2025-38425 at NVD CVE-2025-38426 at SUSE CVE-2025-38426 at NVD CVE-2025-38428 at SUSE CVE-2025-38428 at NVD CVE-2025-38429 at SUSE CVE-2025-38429 at NVD CVE-2025-38430 at SUSE CVE-2025-38430 at NVD CVE-2025-38436 at SUSE CVE-2025-38436 at NVD CVE-2025-38443 at SUSE CVE-2025-38443 at NVD CVE-2025-38448 at SUSE CVE-2025-38448 at NVD CVE-2025-38449 at SUSE CVE-2025-38449 at NVD CVE-2025-38455 at SUSE CVE-2025-38455 at NVD CVE-2025-38457 at SUSE CVE-2025-38457 at NVD CVE-2025-38460 at SUSE CVE-2025-38460 at NVD CVE-2025-38461 at SUSE CVE-2025-38461 at NVD CVE-2025-38462 at SUSE CVE-2025-38462 at NVD CVE-2025-38463 at SUSE CVE-2025-38463 at NVD CVE-2025-38465 at SUSE CVE-2025-38465 at NVD CVE-2025-38467 at SUSE CVE-2025-38467 at NVD CVE-2025-38468 at SUSE CVE-2025-38468 at NVD CVE-2025-38470 at SUSE CVE-2025-38470 at NVD CVE-2025-38471 at SUSE CVE-2025-38471 at NVD CVE-2025-38473 at SUSE CVE-2025-38473 at NVD CVE-2025-38474 at SUSE CVE-2025-38474 at NVD CVE-2025-38476 at SUSE CVE-2025-38476 at NVD CVE-2025-38477 at SUSE CVE-2025-38477 at NVD CVE-2025-38478 at SUSE CVE-2025-38478 at NVD CVE-2025-38480 at SUSE CVE-2025-38480 at NVD CVE-2025-38481 at SUSE CVE-2025-38481 at NVD CVE-2025-38482 at SUSE CVE-2025-38482 at NVD CVE-2025-38483 at SUSE CVE-2025-38483 at NVD CVE-2025-38485 at SUSE CVE-2025-38485 at NVD CVE-2025-38487 at SUSE CVE-2025-38487 at NVD CVE-2025-38489 at SUSE CVE-2025-38489 at NVD CVE-2025-38494 at SUSE CVE-2025-38494 at NVD CVE-2025-38495 at SUSE CVE-2025-38495 at NVD CVE-2025-38496 at SUSE CVE-2025-38496 at NVD CVE-2025-38497 at SUSE CVE-2025-38497 at NVD CVE-2025-38498 at SUSE CVE-2025-38498 at NVD cpe:/o:opensuse:leap:15.6 Security update for ignition (Moderate) openSUSE Leap 15.6 This update for ignition fixes the following issues: - CVE-2022-28948: Fixed an issue during unmarshaling in Go-Yaml v3 can lead to DoS via invalid input (bsc#1248548) Moderate SUSE bug 1248548 CVE-2022-28948 at SUSE CVE-2022-28948 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql16 (Important) openSUSE Leap 15.6 This update for postgresql16 fixes the following issues: Upgraded to 16.10: * CVE-2025-8713: Fixed optimizer statistics exposing sampled data within a view, partition, or child table (bsc#1248120) * CVE-2025-8714: Fixed untrusted data inclusion in pg_dump allows superuser of origin server to execute arbitrary code in psql client (bsc#1248122) * CVE-2025-8715: Fixed improper neutralization of newlines in pg_dump leading to arbitrary code execution in the psql client and in the restore target server (bsc#1248119) Important SUSE bug 1248119 SUSE bug 1248120 SUSE bug 1248122 CVE-2025-8713 at SUSE CVE-2025-8713 at NVD CVE-2025-8714 at SUSE CVE-2025-8714 at NVD CVE-2025-8715 at SUSE CVE-2025-8715 at NVD cpe:/o:opensuse:leap:15.6 Security update for tomcat10 (Important) openSUSE Leap 15.6 This update for tomcat10 fixes the following issues: Updated to Tomcat 10.1.44: - CVE-2025-48989: Fixed 'MadeYouReset' DoS in HTTP/2 due to client triggered stream reset (bsc#1243895) Other fixes: - Catalina + Fix: Fix bloom filter population for archive indexing when using a packed WAR containing one or more JAR files. (markt) - Coyote + Fix: 69748: Add missing call to set keep-alive timeout when using HTTP/1.1 following an async request, which was present for AJP. (remm/markt) + Fix: 69762: Fix possible overflow during HPACK decoding of integers. Note that the maximum permitted value of an HPACK decoded integer is Integer.MAX_VALUE. (markt) + Fix: Update the HTTP/2 overhead documentation - particularly the code comments - to reflect the deprecation of the PRIORITY frame and clarify that a stream reset always triggers an overhead increase. (markt) + Fix: 69762: Additional overflow fix for HPACK decoding of integers. Pull request #880 by Chenjp. (markt) - Cluster + Update: Add enableStatistics configuration attribute for the DeltaManager, defaulting to true. (remm) - WebSocket + Fix: Align the WebSocket extension handling for WebSocket client connections with WebSocket server connections. The WebSocket client now only includes an extension requested by an endpoint in the opening handshake if the WebSocket client supports that extension. (markt) - Web applications + Fix: Manager and Host Manager. Provide the Manager and Host Manager web applications with a dedicated favicon file rather than using the one from the ROOT web application which might not be present or may represent something entirely different. Pull requests #876 and #878 by Simon Arame. - Other + Update: Update Checkstyle to 10.26.1. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Japanese translations by tak7iji. (markt) Important SUSE bug 1243895 CVE-2025-48989 at SUSE CVE-2025-48989 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaThunderbird (Important) openSUSE Leap 15.6 This update for MozillaThunderbird fixes the following issues: Updated to Mozilla Thunderbird 140.2 MFSA 2025-72 (bsc#1248162): * CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP component * CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D component * CVE-2025-9181: Uninitialized memory in the JavaScript Engine component * CVE-2025-9182: Denial-of-service due to out-of-memory in the Graphics: WebRender component * CVE-2025-9184: Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 * CVE-2025-9185: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 Other fixes: * Users were unable to use Fastmail calendars due to missing OAuth settings * Account setup error handling was broken for Account hub * Menu bar was hidden after updating from 128esr to 140esr Important SUSE bug 1248162 CVE-2025-9179 at SUSE CVE-2025-9179 at NVD CVE-2025-9180 at SUSE CVE-2025-9180 at NVD CVE-2025-9181 at SUSE CVE-2025-9181 at NVD CVE-2025-9182 at SUSE CVE-2025-9182 at NVD CVE-2025-9184 at SUSE CVE-2025-9184 at NVD CVE-2025-9185 at SUSE CVE-2025-9185 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaFirefox (Important) openSUSE Leap 15.6 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 140.2.0 ESR MFSA 2025-67 (bsc#1248162) * CVE-2025-9179 (bmo#1979527): Sandbox escape due to invalid pointer in the Audio/Video: GMP component * CVE-2025-9180 (bmo#1979782): Same-origin policy bypass in the Graphics: Canvas2D component * CVE-2025-9181 (bmo#1977130): Uninitialized memory in the JavaScript Engine component * CVE-2025-9182 (bmo#1975837): Denial-of-service due to out-of-memory in the Graphics: WebRender component * CVE-2025-9183 (bmo#1976102): Spoofing issue in the Address Bar component * CVE-2025-9184 (bmo#1929482, bmo#1976376, bmo#1979163, bmo#1979955): Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 * CVE-2025-9185 (bmo#1970154, bmo#1976782, bmo#1977166): Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 * CVE-2025-9187 (bmo#1825621, bmo#1970079, bmo#1976736, bmo#1979072): Memory safety bugs fixed in Firefox 142 and Thunderbird 142 - Other fixes: * Ensure the use of the correct file-picker on KDE (bsc#1226112) Important SUSE bug 1226112 SUSE bug 1247774 SUSE bug 1248162 CVE-2025-9179 at SUSE CVE-2025-9179 at NVD CVE-2025-9180 at SUSE CVE-2025-9180 at NVD CVE-2025-9181 at SUSE CVE-2025-9181 at NVD CVE-2025-9182 at SUSE CVE-2025-9182 at NVD CVE-2025-9183 at SUSE CVE-2025-9183 at NVD CVE-2025-9184 at SUSE CVE-2025-9184 at NVD CVE-2025-9185 at SUSE CVE-2025-9185 at NVD CVE-2025-9187 at SUSE CVE-2025-9187 at NVD cpe:/o:opensuse:leap:15.6 Security update for buildah (Important) openSUSE Leap 15.6 This update for buildah fixes the following issues: - Update to version 1.35.5 - CVE-2024-11218: Fix TOCTOU error when bind and cache mounts use 'src' values. (bsc#1236272) Important SUSE bug 1236272 CVE-2024-11218 at SUSE CVE-2024-11218 at NVD cpe:/o:opensuse:leap:15.6 security update for git, git-lfs, obs-scm-bridge, python-PyYAML (Important) openSUSE Leap 15.6 This update for git, git-lfs, obs-scm-bridge, python-PyYAML fixes the following issues: git was updated from version 2.43.0 to 2.51.0 (bsc#1243197): - Security issues fixed: * CVE-2025-27613 Fixed arbitrary writable file creation and truncation in Gitk(bsc#1245938) * CVE-2025-27614 Fixed arbitrary script execution via repository clonation in gitk(bsc#1245939) * CVE-2025-46835 Fixed arbitrary writable file creation in Git GUI when untrusted repository is cloned (bsc#1245942) * CVE-2025-48384 Fixed the unintentional execution of a script after checkout due to CRLF transforming (bsc#1245943) * CVE-2025-48385 Fixed arbitrary code execution due to protocol injection via fetching advertised bundle(bsc#1245946) - Other changes and bugs fixed: - Other changes and bugs fixed: * Added SHA256 support (bsc#1243197) * Git moved to /usr/libexec/git/git and updated AppArmor profile accordingly (bsc#1218588) * gitweb AppArmor profile: allow reading etc/gitweb-common.conf (bsc#1218664) * Do not replace apparmor configuration (bsc#1216545) * Fixed the Python version required (bsc#1212476) - Version Updates Release Notes: * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.51.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.50.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.50.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.49.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.48.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.48.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.47.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.47.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.2.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.3.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.2.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.1.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.44.0.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.3.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.2.adoc * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.1.adoc git-lfs is included in version 3.7.0. python-PyYAML was updated from version 6.0.1 to 6.0.2: - Added support for Cython 3.x and Python 3.13 obs-scm-bridge was updated from version 0.5.4 to 0.7.4: - New Features and Improvements: * Manifest File Support: Support has been added for a `_manifest file`, which serves as a successor to the `_subdirs` file. * Control Over Git Information: A new noobsinfo query parameter was added to hide git information in source and binary files. * Enhanced Submodule Handling: The system now records the configured branch of submodules and stays on that branch during checkout. * Git SHA Tracking: In project mode, the tool now uses git SHA sums instead of md5sum to track package sources. * SSH URL Support: ssh:// SCM URLs can now be used. * Improved Error Messages: Error reporting for invalid files within package subdirectories has been improved. * Standardized Config Location: In project mode, the _config file is now always located in the top-level directory, even when using subdirs. * Reduced Unnecessary Changes: In project mode, unnecessary modifications to the package meta URL are now avoided. * Limit Asset Handling: A new mechanism has been introduced to limit how assets are handled. * Branch Information Export: The trackingbranch is now exported to scmsync.obsinfo. - Bugs fixed: * Syntax Fix: A syntax issue was corrected. * Git Submodule Parsing: The .gitsubmodule parser was fixed to correctly handle files that contain a mix of spaces and tabs. Important SUSE bug 1212476 SUSE bug 1216545 SUSE bug 1218588 SUSE bug 1218664 SUSE bug 1243197 SUSE bug 1245938 SUSE bug 1245939 SUSE bug 1245942 SUSE bug 1245943 SUSE bug 1245946 CVE-2025-27613 at SUSE CVE-2025-27613 at NVD CVE-2025-27614 at SUSE CVE-2025-27614 at NVD CVE-2025-46835 at SUSE CVE-2025-46835 at NVD CVE-2025-48384 at SUSE CVE-2025-48384 at NVD CVE-2025-48385 at SUSE CVE-2025-48385 at NVD cpe:/o:opensuse:leap:15.6 Security update for udisks2 (Important) openSUSE Leap 15.6 This update for udisks2 fixes the following issues: - CVE-2025-8067: Fixed missing bounds check can lead to out-of-bounds read in udisks daemon (bsc#1248502) Important SUSE bug 1248502 CVE-2025-8067 at SUSE CVE-2025-8067 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql15 (Important) openSUSE Leap 15.6 This update for postgresql15 fixes the following issues: Upgrade to 15.14: - CVE-2025-8713: optimizer statistics can expose sampled data within a view, partition, or child table (bsc#1248120). - CVE-2025-8714: untrusted data inclusion in `pg_dump` lets superuser of origin server execute arbitrary code in psql client (bsc#1248122). - CVE-2025-8715: improper neutralization of newlines in `pg_dump` allows execution of arbitrary code in psql client and in restore target server (bsc#1248119). Important SUSE bug 1248119 SUSE bug 1248120 SUSE bug 1248122 CVE-2025-8713 at SUSE CVE-2025-8713 at NVD CVE-2025-8714 at SUSE CVE-2025-8714 at NVD CVE-2025-8715 at SUSE CVE-2025-8715 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql14 (Important) openSUSE Leap 15.6 This update for postgresql14 fixes the following issues: Upgrade to 14.19: - CVE-2025-8713: optimizer statistics can expose sampled data within a view, partition, or child table (bsc#1248120). - CVE-2025-8714: untrusted data inclusion in `pg_dump` lets superuser of origin server execute arbitrary code in psql client (bsc#1248122). - CVE-2025-8715: improper neutralization of newlines in `pg_dump` allows execution of arbitrary code in psql client and in restore target server (bsc#1248119). Important SUSE bug 1248119 SUSE bug 1248120 SUSE bug 1248122 CVE-2025-8713 at SUSE CVE-2025-8713 at NVD CVE-2025-8714 at SUSE CVE-2025-8714 at NVD CVE-2025-8715 at SUSE CVE-2025-8715 at NVD cpe:/o:opensuse:leap:15.6 Security update for google-osconfig-agent (Moderate) openSUSE Leap 15.6 This update for google-osconfig-agent fixes the following issues: - Update to version 20250115.01 (bsc#1236406, bsc#1236407) - CVE-2024-24790: Bump the golang compiler version to 1.22.4 (bsc#1225974) Moderate SUSE bug 1225974 SUSE bug 1236406 SUSE bug 1236407 CVE-2024-24790 at SUSE CVE-2024-24790 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2019-11135: TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may (bsc#1139073) - CVE-2024-36028: mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() (bsc#1225707). - CVE-2024-36348, CVE-2024-36349, CVE-2024-36350, CVE-2024-36357: x86/process: Move the buffer clearing before MONITOR (bsc#1238896). - CVE-2024-44963: btrfs: do not BUG_ON() when freeing tree block after error (bsc#1230216). - CVE-2024-56742: vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() (bsc#1235613). - CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061). - CVE-2025-21872: efi/mokvar-table: Avoid repeated map/unmap of the same page (bsc#1240323). - CVE-2025-23163: net: vlan: do not propagate flags on open (bsc#1242837). - CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068). - CVE-2025-37864: net: dsa: clean up FDB, MDB, VLAN entries on unbind (bsc#1242965). - CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960). - CVE-2025-37920: kABI workaround for xsk: Fix race condition in AF_XDP generic RX path (bsc#1243479). - CVE-2025-37984: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() (bsc#1243669). - CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792). - CVE-2025-38035: nvmet-tcp: do not restore null sk_state_change (bsc#1244801). - CVE-2025-38051: smb: client: Fix use-after-free in cifs_fill_dirent (bsc#1244750). - CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151). - CVE-2025-38061: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() (bsc#1245440). - CVE-2025-38062: kABI: restore layout of struct msi_desc (bsc#1245216). - CVE-2025-38063: dm: fix unconditional IO throttle caused by REQ_PREFLUSH (bsc#1245202). - CVE-2025-38064: virtio: break and reset virtio devices on device_shutdown() (bsc#1245201). - CVE-2025-38074: vhost-scsi: protect vq->log_used with vq->mutex (bsc#1244735). - CVE-2025-38094: net: cadence: macb: Fix a possible deadlock in macb_halt_tx (bsc#1245649). - CVE-2025-38097: kabi: restore encap_sk in struct xfrm_state (bsc#1245660). - CVE-2025-38098: drm/amd/display: Do not treat wb connector as physical in (bsc#1245654). - CVE-2025-38099: Bluetooth: btusb: Fix regression in the initialization of fake Bluetooth controllers (bsc#1245671). - CVE-2025-38100: x86/iopl: Cure TIF_IO_BITMAP inconsistencies (bsc#1245650). - CVE-2025-38105: ALSA: usb-audio: Kill timer properly at removal (bsc#1245682). - CVE-2025-38115: net_sched: sch_sfq: fix a potential crash on gso_skb handling (bsc#1245689). - CVE-2025-38117: hci_dev centralize extra lock (bsc#1245695). - CVE-2025-38126: net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping (bsc#1245708). - CVE-2025-38131: coresight: prevent deactivate active config while enabling the config (bsc#1245677). - CVE-2025-38132: coresight: holding cscfg_csdev_lock while removing cscfg from csdev (bsc#1245679). - CVE-2025-38147: calipso: unlock rcu before returning -EAFNOSUPPORT (bsc#1245768). - CVE-2025-38158: hisi_acc_vfio_pci: fix XQE dma address error (bsc#1245750). - CVE-2025-38162: netfilter: nft_set_pipapo: prevent overflow in lookup table allocation (bsc#1245752). - CVE-2025-38166: bpf: fix ktls panic with sockmap (bsc#1245758). - CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970). - CVE-2025-38182: ublk: santizize the arguments from userspace when adding a device (bsc#1245937). - CVE-2025-38183: net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() (bsc#1246006). - CVE-2025-38187: drm/nouveau: fix a use-after-free in r535_gsp_rpc_push() (bsc#1245951). - CVE-2025-38188: drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE (bsc#1246098). - CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045). - CVE-2025-38202: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() (bsc#1245980). - CVE-2025-38203: jfs: Fix null-ptr-deref in jfs_ioc_trim (bsc#1246044). - CVE-2025-38204: jfs: fix array-index-out-of-bounds read in add_missing_indices (bsc#1245983). - CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073). - CVE-2025-38210: configfs-tsm-report: Fix NULL dereference of tsm_ops (bsc#1246020). - CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029). - CVE-2025-38220: ext4: only dirty folios when data journaling regular files (bsc#1245966). - CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976). - CVE-2025-38236: af_unix: Disable MSG_OOB for unprivileged users (bsc#1246093). - CVE-2025-38239: scsi: megaraid_sas: Fix invalid node index (bsc#1246178). - CVE-2025-38244: smb: client: fix potential deadlock when reconnecting channels (bsc#1246183). - CVE-2025-38248: bridge: mcast: Fix use-after-free during router port configuration (bsc#1246173). - CVE-2025-38250: kABI workaround for bluetooth hci_dev changes (bsc#1246182). - CVE-2025-38264: llist: add interface to check if a node is on a list (bsc#1246387). - CVE-2025-38272: net: dsa: b53: do not enable EEE on bcm63xx (bsc#1246268). - CVE-2025-38279: selftests/bpf: Add tests with stack ptr register in conditional jmp (bsc#1246264). - CVE-2025-38283: hisi_acc_vfio_pci: bugfix live migration function without VF device driver (bsc#1246273). - CVE-2025-38303: Bluetooth: eir: Fix possible crashes on eir_create_adv_data (bsc#1246354). - CVE-2025-38310: seg6: Fix validation of nexthop addresses (bsc#1246361). - CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473). - CVE-2025-38334: x86/sgx: Prevent attempts to reclaim poisoned pages (bsc#1246384). - CVE-2025-38335: Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT (bsc#1246250). - CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253). - CVE-2025-38349: eventpoll: do not decrement ep refcount while still holding the ep mutex (bsc#1246777). - CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781). - CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911). - CVE-2025-38364: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() (bsc#1247091). - CVE-2025-38365: btrfs: fix a race between renames and directory logging (bsc#1247023). - CVE-2025-38371: drm/v3d: Disable interrupts before resetting the GPU (bsc#1247178). - CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177). - CVE-2025-38382: btrfs: fix iteration of extrefs during log replay (bsc#1247031). - CVE-2025-38392: idpf: convert control queue mutex to a spinlock (bsc#1247169). - CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247156). - CVE-2025-38399: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (bsc#1247097). - CVE-2025-38403: vsock/vmci: Clear the vmci transport packet properly when initializing it (bsc#1247141). - CVE-2025-38414: wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 (bsc#1247145). - CVE-2025-38426: drm/amdgpu: Add basic validation for RAS header (bsc#1247252). - CVE-2025-38429: bus: mhi: ep: Update read pointer only after buffer is written (bsc#1247253). - CVE-2025-38455: KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (bsc#1247101). - CVE-2025-38457: net/sched: Abort __tc_modify_qdisc if parent class does not exist (bsc#1247098). - CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143). - CVE-2025-38461: vsock: Fix transport_* TOCTOU (bsc#1247103). - CVE-2025-38462: vsock: Fix transport_{g2h,h2g} TOCTOU (bsc#1247104). - CVE-2025-38463: tcp: Correct signedness in skb remaining space calculation (bsc#1247113). - CVE-2025-38465: netlink: make sure we allow at least one dump skb (bsc#1247118). - CVE-2025-38470: kABI fix for net: vlan: fix VLAN 0 refcount imbalance of toggling (bsc#1247288). - CVE-2025-38471: tls: always refresh the queue when reading sock (bsc#1247450). - CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347). - CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374). The following non-security bugs were fixed: - Fix dma_unmap_sg() nents value (git-fixes) - Reapply 'wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()' (git-fixes). - Revert 'ACPI: battery: negate current when discharging' (stable-fixes). - Revert 'cgroup_freezer: cgroup_freezing: Check if not frozen' (bsc#1219338). - Revert 'drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1' (stable-fixes). - Revert 'mmc: sdhci: Disable SD card clock before changing parameters' (git-fixes). - Revert 'usb: xhci: Implement xhci_handshake_check_state() helper' (git-fixes). - Revert 'vgacon: Add check for vc_origin address range in vgacon_scroll()' (stable-fixes). - [SMB3] send channel sequence number in SMB3 requests after reconnects (git-fixes). - acpi: LPSS: Remove AudioDSP related ID (git-fixes). - acpi: PRM: Reduce unnecessary printing to avoid user confusion (bsc#1246122). - acpi: processor: perflib: Fix initial _PPC limit application (git-fixes). - acpica: Refuse to evaluate a method if arguments are missing (stable-fixes). - af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() (git-fixes). - af_unix: Add a prompt to CONFIG_AF_UNIX_OOB (bsc#1246093). - alsa: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() (git-fixes). - alsa: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx (stable-fixes). - alsa: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 (stable-fixes). - alsa: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (stable-fixes). - alsa: hda/tegra: Add Tegra264 support (stable-fixes). - alsa: hda: Add missing NVIDIA HDA codec IDs (stable-fixes). - alsa: hda: Add new pci id for AMD GPU display HD audio controller (stable-fixes). - alsa: hda: Ignore unsol events for cards being shut down (stable-fixes). - alsa: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() (git-fixes). - alsa: sb: Do not allow changing the DMA mode during operations (stable-fixes). - alsa: sb: Force to disable DMAs once when DMA mode is changed (stable-fixes). - amd/amdkfd: fix a kfd_process ref leak (stable-fixes). - aoe: clean device rq_list in aoedev_downdev() (git-fixes). - apple-mfi-fastcharge: protect first device name (git-fixes). - asoc: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15 (stable-fixes). - asoc: amd: yc: Add quirk for MSI Bravo 17 D7VF internal mic (stable-fixes). - asoc: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic (stable-fixes). - asoc: amd: yc: update quirk data for HP Victus (stable-fixes). - asoc: codec: wcd9335: Convert to GPIO descriptors (stable-fixes). - asoc: codecs: wcd9335: Fix missing free of regulator supplies (git-fixes). - asoc: codecs: wcd9335: Handle nicer probe deferral and simplify with dev_err_probe() (stable-fixes). - asoc: cs35l56: probe() should fail if the device ID is not recognized (git-fixes). - asoc: fsl_asrc: use internal measured ratio for non-ideal ratio mode (git-fixes). - asoc: fsl_xcvr: get channel status data when PHY is not exists (git-fixes). - asoc: ops: dynamically allocate struct snd_ctl_elem_value (git-fixes). - asoc: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (git-fixes). - ata: pata_cs5536: fix build on 32-bit UML (stable-fixes). - audit,module: restore audit logging in load failure case (git-fixes). - bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (git-fixes). - bluetooth: L2CAP: Fix L2CAP MTU negotiation (stable-fixes). - bluetooth: L2CAP: Fix attempting to adjust outgoing MTU (git-fixes). - bluetooth: MGMT: Fix not generating command complete for MGMT_OP_DISCONNECT (git-fixes). - bluetooth: MGMT: mesh_send: check instances prior disabling advertising (git-fixes). - bluetooth: MGMT: set_mesh: update LE scan interval and window (git-fixes). - bluetooth: Prevent unintended pause by checking if advertising is active (git-fixes). - bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout (git-fixes). - bluetooth: SMP: If an unallowed command is received consider it a failure (git-fixes). - bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID (git-fixes). - bluetooth: hci_conn: Fix sending BT_HCI_CMD_LE_CREATE_CONN_CANCEL (git-fixes). - bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected (git-fixes). - bluetooth: hci_event: Mask data status from LE ext adv reports (git-fixes). - bluetooth: hci_sync: Attempt to dequeue connection attempt (git-fixes). - bluetooth: hci_sync: Fix UAF on create_le_conn_complete (git-fixes). - bluetooth: hci_sync: Fix handling of HCI_OP_CREATE_CONN_CANCEL (git-fixes). - bluetooth: hci_sync: Fix not disabling advertising instance (git-fixes). - bluetooth: hci_sync: fix connectable extended advertising when using static random address (git-fixes). - bluetooth: hci_sync: revert some mesh modifications (git-fixes). - bpf, sockmap: Fix sk_msg_reset_curr (git-fixes). - bpf/lpm_trie: Inline longest_prefix_match for fastpath (git-fixes). - bpf/selftests: Check errno when percpu map value size exceeds (git-fixes). - bpf: Add a possibly-zero-sized read test (git-fixes). - bpf: Avoid __hidden__ attribute in static object (git-fixes). - bpf: Check percpu map value size first (git-fixes). - bpf: Disable some `attribute ignored' warnings in GCC (git-fixes). - bpf: Fix memory leak in bpf_core_apply (git-fixes). - bpf: Fix potential integer overflow in resolve_btfids (git-fixes). - bpf: Harden __bpf_kfunc tag against linker kfunc removal (git-fixes). - bpf: Make the pointer returned by iter next method valid (git-fixes). - bpf: Simplify checking size of helper accesses (git-fixes). - bpf: fix order of args in call to bpf_map_kvcalloc (git-fixes). - bpf: sockmap, updating the sg structure should also update curr (git-fixes). - bpftool: Fix missing pids during link show (git-fixes). - bpftool: Fix undefined behavior caused by shifting into the sign bit (git-fixes). - bpftool: Mount bpffs on provided dir instead of parent dir (git-fixes). - bpftool: Remove unnecessary source files from bootstrap version (git-fixes). - bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer (git-fixes). - btrfs: do not ignore inode missing when replaying log tree (git-fixes). - btrfs: do not silently ignore unexpected extent type when replaying log (git-fixes). - btrfs: do not skip remaining extrefs if dir not found during log replay (git-fixes). - btrfs: explicitly ref count block_group on new_bgs list (bsc#1243068) - btrfs: fix assertion when building free space tree (git-fixes). - btrfs: fix inode lookup error handling during log replay (git-fixes). - btrfs: fix invalid inode pointer dereferences during log replay (git-fixes). - btrfs: fix log tree replay failure due to file with 0 links and extents (git-fixes). - btrfs: fix missing error handling when searching for inode refs during log replay (git-fixes). - btrfs: fix non-empty delayed iputs list on unmount due to async workers (git-fixes). - btrfs: fix ssd_spread overallocation (git-fixes). - btrfs: make btrfs_discard_workfn() block_group ref explicit (bsc#1243068) - btrfs: propagate last_unlink_trans earlier when doing a rmdir (git-fixes). - btrfs: rename err to ret in btrfs_rmdir() (git-fixes). - btrfs: return a btrfs_inode from btrfs_iget_logging() (git-fixes). - btrfs: return a btrfs_inode from read_one_inode() (git-fixes). - btrfs: tests: fix chunk map leak after failure to add it to the tree (git-fixes). - btrfs: update superblock's device bytes_used when dropping chunk (git-fixes). - btrfs: use NOFS context when getting inodes during logging and log replay (git-fixes). - btrfs: use btrfs_record_snapshot_destroy() during rmdir (git-fixes). - bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() (git-fixes). - bus: mhi: host: Detect events pointing to unexpected TREs (git-fixes). - can: dev: can_restart(): move debug message and stats after successful restart (stable-fixes). - can: dev: can_restart(): reverse logic to remove need for goto (stable-fixes). - can: kvaser_pciefd: Store device channel index (git-fixes). - can: kvaser_usb: Assign netdev.dev_port based on device channel index (git-fixes). - can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level (git-fixes). - can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (git-fixes). - can: peak_usb: fix USB FD devices potential malfunction (git-fixes). - cdc-acm: fix race between initial clearing halt and open (git-fixes). - cgroup,freezer: fix incomplete freezing when attaching tasks (bsc#1245789). - cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks (bsc#1241166). - cifs: reconnect helper should set reconnect for the right channel (git-fixes). - clk: clk-axi-clkgen: fix fpfd_max frequency for zynq (git-fixes). - clk: davinci: Add NULL check in davinci_lpsc_clk_register() (git-fixes). - clk: sunxi-ng: v3s: Fix de clock definition (git-fixes). - clk: xilinx: vcu: unregister pll_post only if registered correctly (git-fixes). - clocksource: Scale the watchdog read retries automatically (bsc#1241345 bsc#1244457). - clocksource: Set cs_watchdog_read() checks based on .uncertainty_margin (bsc#1241345 bsc#1244457). - comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large (git-fixes). - comedi: Fix initialization of data for instructions that write to subdevice (git-fixes). - comedi: Fix some signed shift left operations (git-fixes). - comedi: Fix use of uninitialized data in insn_rw_emulate_bits() (git-fixes). - comedi: aio_iiro_16: Fix bit shift out of bounds (git-fixes). - comedi: das16m1: Fix bit shift out of bounds (git-fixes). - comedi: das6402: Fix bit shift out of bounds (git-fixes). - comedi: pcl812: Fix bit shift out of bounds (git-fixes). - compiler_types.h: Define __retain for __attribute__((__retain__)) (git-fixes). - crypto: arm/aes-neonbs - work around gcc-15 warning (git-fixes). - crypto: ccp - Fix crash when rebind ccp device for ccp.ko (git-fixes). - crypto: ccp - Fix locking on alloc failure handling (git-fixes). - crypto: img-hash - Fix dma_unmap_sg() nents value (git-fixes). - crypto: inside-secure - Fix `dma_unmap_sg()` nents value (git-fixes). - crypto: keembay - Fix dma_unmap_sg() nents value (git-fixes). - crypto: marvell/cesa - Fix engine load inaccuracy (git-fixes). - crypto: qat - allow enabling VFs in the absence of IOMMU (git-fixes). - crypto: qat - disable ZUC-256 capability for QAT GEN5 (git-fixes). - crypto: qat - fix DMA direction for compression on GEN2 devices (git-fixes). - crypto: qat - fix seq_file position update in adf_ring_next() (git-fixes). - crypto: qat - fix state restore for banks with exceptions (git-fixes). - crypto: qat - flush misc workqueue during device shutdown (git-fixes). - crypto: qat - use unmanaged allocation for dc_data (git-fixes). - crypto: sun8i-ce - fix nents passed to dma_unmap_sg() (git-fixes). - dm-bufio: fix sched in atomic context (git-fixes). - dm-flakey: error all IOs when num_features is absent (git-fixes). - dm-flakey: make corrupting read bios work (git-fixes). - dm-mirror: fix a tiny race condition (git-fixes). - dm-raid: fix variable in journal device check (git-fixes). - dm-verity: fix a memory leak if some arguments are specified multiple times (git-fixes). - dm: do not change md if dm_table_set_restrictions() fails (git-fixes). - dm: free table mempools if not used in __bind (git-fixes). - dm: restrict dm device size to 2^63-512 bytes (git-fixes). - dma-buf: fix timeout handling in dma_resv_wait_timeout v2 (stable-fixes). - dmaengine: dw-edma: Drop unused dchan2dev() and chan2dev() (git-fixes). - dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using (stable-fixes). - dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (git-fixes). - dmaengine: nbpfaxi: Add missing check after DMA map (git-fixes). - dmaengine: nbpfaxi: Fix memory corruption in probe() (git-fixes). - dmaengine: qcom: gpi: Drop unused gpi_write_reg_field() (git-fixes). - dmaengine: xilinx_dma: Set dma_device directions (stable-fixes). - docs/aBI: Fix sysfs-kernel-address_bits path (git-fixes). - documentation: ACPI: Fix parent device references (git-fixes). - documentation: usb: gadget: Wrap remaining usage snippets in literal code block (git-fixes). - drm/amd/display: Do not overwrite dce60_clk_mgr (git-fixes). - drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (git-fixes). - drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume (git-fixes). - drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram (stable-fixes). - drm/amdkfd: Fix race in GWS queue scheduling (stable-fixes). - drm/bridge: panel: move prepare_prev_first handling to drm_panel_bridge_add_typed (git-fixes). - drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type (git-fixes). - drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() (git-fixes). - drm/bridge: ti-sn65dsi86: make use of debugfs_init callback (stable-fixes). - drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (git-fixes). - drm/exynos: fimd: Guard display clock control with runtime PM calls (git-fixes). - drm/framebuffer: Acquire internal references on GEM handles (git-fixes). - drm/gem: Acquire references on GEM handles for framebuffers (stable-fixes). - drm/gem: Fix race in drm_gem_handle_create_tail() (stable-fixes). - drm/i915/gsc: mei interrupt top half should be in irq disabled context (git-fixes). - drm/i915/gt: Fix timeline left held on VMA alloc error (git-fixes). - drm/i915/selftests: Change mock_request() to return error pointers (git-fixes). - drm/msm/dpu: Fill in min_prefill_lines for SC8180X (git-fixes). - drm/msm: Fix a fence leak in submit error path (stable-fixes). - drm/msm: Fix another leak in the submit error path (stable-fixes). - drm/panfrost: Fix panfrost device variable name in devfreq (git-fixes). - drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed (git-fixes). - drm/sched: Increment job count before swapping tail spsc queue (git-fixes). - drm/sched: Remove optimization that causes hang when killing dependent jobs (git-fixes). - drm/scheduler: signal scheduled fence when kill job (stable-fixes). - drm/tegra: nvdec: Fix dma_alloc_coherent error check (git-fixes). - drm/ttm: fix error handling in ttm_buffer_object_transfer (git-fixes). - drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel (git-fixes). - exfat: fdatasync flag should be same like generic_write_sync() (git-fixes). - fbcon: Fix outdated registered_fb reference in comment (git-fixes). - fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (git-fixes). - firewire: ohci: correct code comments about bus_reset tasklet (git-fixes). - fs/jfs: consolidate sanity checking in dbMount (git-fixes). - fs/orangefs: Allow 2 more characters in do_c_string() (git-fixes). - gpio: mlxbf2: use platform_get_irq_optional() (git-fixes). - gpio: pca953x: log an error when failing to get the reset GPIO (git-fixes). - gpio: sim: include a missing header (git-fixes). - gpio: vf610: add locking to gpio direction functions (git-fixes). - gpio: virtio: Fix config space reading (git-fixes). - gpiolib: Fix debug messaging in gpiod_find_and_request() (git-fixes). - gpiolib: Handle no pin_ranges in gpiochip_generic_config() (git-fixes). - gpiolib: acpi: Do not use GPIO chip fwnode in acpi_gpiochip_find() (bsc#1233300). - gpiolib: acpi: Fix failed in acpi_gpiochip_find() by adding parent node match (bsc#1233300). - gpiolib: cdev: Ignore reconfiguration without direction (git-fixes). - gpiolib: of: Add polarity quirk for s5m8767 (stable-fixes). - hfs: make splice write available again (git-fixes). - hfsplus: make splice write available again (git-fixes). - hfsplus: remove mutex_lock check in hfsplus_free_extents (git-fixes). - hid: Add IGNORE quirk for SMARTLINKTECHNOLOGY (stable-fixes). - hid: core: do not bypass hid_hw_raw_request (stable-fixes). - hid: core: ensure __hid_request reserves the report ID as the first byte (git-fixes). - hid: core: ensure the allocated report buffer can contain the reserved report ID (stable-fixes). - hid: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 (stable-fixes). - hid: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (stable-fixes). - hv_netvsc: Use VF's tso_max_size value when data path is VF (bsc#1246203). - hwmon: (corsair-cpro) Validate the size of the received input buffer (git-fixes). - hwmon: (gsc-hwmon) fix fan pwm setpoint show functions (git-fixes). - hwmon: (pmbus/max34440) Fix support for max34451 (stable-fixes). - hwrng: mtk - handle devm_pm_runtime_enable errors (git-fixes). - i2c/designware: Fix an initialization issue (git-fixes). - i2c: qup: jump out of the loop in case of timeout (git-fixes). - i2c: stm32: fix the device used for the DMA map (git-fixes). - i2c: tegra: Fix reset error handling with ACPI (git-fixes). - i2c: virtio: Avoid hang by using interruptible completion wait (git-fixes). - i3c: fix module_i3c_i2c_driver() with I3C=n (git-fixes). - ib/mlx5: Fix potential deadlock in MR deregistration (git-fixes) - iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush (git-fixes). - iio: adc: ad7949: use spi_is_bpw_supported() (git-fixes). - iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos (stable-fixes). - iio: adc: ad_sigma_delta: change to buffer predisable (git-fixes). - iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (stable-fixes). - iio: adc: max1363: Reorder mode_list[] entries (stable-fixes). - iio: adc: stm32-adc: Fix race in installing chained IRQ handler (git-fixes). - iio: imu: bno055: fix OOB access of hw_xlate array (git-fixes). - iio: pressure: zpa2326: Use aligned_s64 for the timestamp (stable-fixes). - input: iqs7222 - explicitly define number of external channels (git-fixes). - input: xpad - adjust error handling for disconnect (git-fixes). - input: xpad - set correct controller type for Acer NGR200 (git-fixes). - input: xpad - support Acer NGR 200 Controller (stable-fixes). - iommu/amd: Fix geometry.aperture_end for V2 tables (git-fixes). - iommu/amd: Set the pgsize_bitmap correctly (git-fixes). - iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (git-fixes). - iommu/vt-d: Fix possible circular locking dependency (git-fixes). - iommu/vt-d: Fix system hang on reboot -f (git-fixes). - ipv6: fix possible infinite loop in fib6_info_uses_dev() (git-fixes). - ipv6: mcast: Delay put pmc->idev in mld_del_delrec() (git-fixes). - ipv6: prevent infinite loop in rt6_nlmsg_size() (git-fixes). - ipv6: reject malicious packets in ipv6_gso_segment() (git-fixes). - iwlwifi: Add missing check for alloc_ordered_workqueue (git-fixes). - jfs: fix metapage reference count leak in dbAllocCtl (git-fixes). - kABI workaround for struct drm_framebuffer changes (git-fixes). - kABI: Fix the module::name type in audit_context (git-fixes). - kasan: remove kasan_find_vm_area() to prevent possible deadlock (git-fixes). - kernel-syms.spec: Drop old rpm release number hack (bsc#1247172). - leds: multicolor: Fix intensity setting while SW blinking (stable-fixes). - lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1236897). - lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() (bsc#1236897). - logitech C-270 even more broken (stable-fixes). - maple_tree: fix mt_destroy_walk() on root leaf node (git-fixes). - md/md-bitmap: fix dm-raid max_write_behind setting (git-fixes). - media: gspca: Add bounds checking to firmware parser (git-fixes). - media: hi556: correct the test pattern configuration (git-fixes). - media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (git-fixes). - media: ov2659: Fix memory leaks in ov2659_probe() (git-fixes). - media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (git-fixes). - media: usbtv: Lock resolution while streaming (git-fixes). - media: uvcvideo: Do not mark valid metadata as invalid (git-fixes). - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (git-fixes). - media: v4l2-ctrls: Do not reset handler's error in v4l2_ctrl_handler_free() (git-fixes). - media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (git-fixes). - media: venus: Add a check for packet size after reading from shared memory (git-fixes). - media: venus: hfi: explicitly release IRQ during teardown (git-fixes). - media: venus: protect against spurious interrupts during probe (git-fixes). - media: venus: vdec: Clamp param smaller than 1fps and bigger than 240 (git-fixes). - media: venus: venc: Clamp param smaller than 1fps and bigger than 240 (git-fixes). - media: vivid: fix wrong pixel_array control size (git-fixes). - memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() (git-fixes). - mfd: max14577: Fix wakeup source leaks on device unbind (stable-fixes). - misc: rtsx: usb: Ensure mmc child device is active when card is present (git-fixes). - mmc: bcm2835: Fix dma_unmap_sg() nents value (git-fixes). - mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier (git-fixes). - mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models (git-fixes). - mmc: sdhci: Add a helper function for dump register in dynamic debug mode (stable-fixes). - mmc: sdhci_am654: Workaround for Errata i2312 (git-fixes). - module: Fix memory deallocation on error path in move_module() (git-fixes). - module: Remove unnecessary +1 from last_unloaded_module::name size (git-fixes). - module: Restore the moduleparam prefix length check (git-fixes). - mtd: fix possible integer overflow in erase_xfer() (git-fixes). - mtd: rawnand: atmel: Fix dma_mapping_error() address (git-fixes). - mtd: rawnand: atmel: set pmecc data setup time (git-fixes). - mtd: rawnand: fsmc: Add missing check after DMA map (git-fixes). - mtd: rawnand: renesas: Add missing check after DMA map (git-fixes). - mtd: rawnand: rockchip: Add missing check after DMA map (git-fixes). - mtd: spi-nor: Fix spi_nor_try_unlock_all() (git-fixes). - mtd: spinand: fix memory leak of ECC engine conf (stable-fixes). - mtd: spinand: propagate spinand_wait() errors from spinand_write_page() (git-fixes). - mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data (git-fixes). - mtk-sd: Prevent memory corruption from DMA map failure (git-fixes). - mtk-sd: reset host->mrq on prepare_data() error (git-fixes). - mwl8k: Add missing check after DMA map (git-fixes). - nbd: fix uaf in nbd_genl_connect() error path (git-fixes). - net/packet: fix a race in packet_set_ring() and packet_notifier() (git-fixes). - net/sched: Restrict conditions for adding duplicating netems to qdisc tree (git-fixes). - net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (git-fixes). - net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (git-fixes). - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (git-fixes). - net/sched: sch_qfq: Fix race condition on qfq_aggregate (git-fixes). - net/sched: taprio: enforce minimum value for picos_per_byte (git-fixes). - net: mana: Add debug logs in MANA network driver (bsc#1246212). - net: mana: Add handler for hardware servicing events (bsc#1245730). - net: mana: Allocate MSI-X vectors dynamically (bsc#1245457). - net: mana: Allow irq_setup() to skip cpus for affinity (bsc#1245457). - net: mana: Allow tso_max_size to go up-to GSO_MAX_SIZE (bsc#1246203). - net: mana: Expose additional hardware counters for drop and TC via ethtool (bsc#1245729). - net: mana: Set tx_packets to post gso processing packet count (bsc#1245731). - net: mana: explain irq_setup() algorithm (bsc#1245457). - net: phy: Do not register LEDs for genphy (git-fixes). - net: phy: micrel: fix KSZ8081/KSZ8091 cable test (git-fixes). - net: phy: microchip: limit 100M workaround to link-down events on LAN88xx (git-fixes). - net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap (git-fixes). - net: phy: smsc: Fix link failure in forced mode with Auto-MDIX (git-fixes). - net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect (git-fixes). - net: usb: qmi_wwan: add SIMCom 8230C composition (stable-fixes). - net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (git-fixes). - net: usbnet: Fix the wrong netif_carrier_on() call (git-fixes). - netpoll: prevent hanging NAPI when netcons gets enabled (git-fixes). - nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails (git-fixes). - nfs: Fix filehandle bounds checking in nfs_fh_to_dentry() (git-fixes). - nfs: Fix the setting of capabilities when automounting a new filesystem (git-fixes). - nfs: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() (git-fixes). - nfs: Fixup allocation flags for nfsiod's __GFP_NORETRY (git-fixes). - nfsd: detect mismatch of file handle and delegation stateid in OPEN op (git-fixes). - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (git-fixes). - nfsv4.2: another fix for listxattr (git-fixes). - nfsv4.2: fix listxattr to return selinux security label (git-fixes). - nfsv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN (git-fixes). - nfsv4: Always set NLINK even if the server does not support it (git-fixes). - nfsv4: xattr handlers should check for absent nfs filehandles (git-fixes). - nilfs2: reject invalid file types when reading inodes (git-fixes). - nvme-pci: refresh visible attrs after being checked (git-fixes). - nvme: Fix incorrect cdw15 value in passthru error logging (git-fixes). - nvme: fix endianness of command word prints in nvme_log_err_passthru() (git-fixes). - nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (git-fixes). - nvme: fix misaccounting of nvme-mpath inflight I/O (git-fixes). - nvmet-tcp: fix callback lock for TLS handshake (git-fixes). - objtool: Fix INSN_CONTEXT_SWITCH handling in validate_unret() (git-fixes). - objtool: Fix UNWIND_HINT_{SAVE,RESTORE} across basic blocks (git-fixes). - objtool: Fix _THIS_IP_ detection for cold functions (git-fixes). - objtool: Fix error handling inconsistencies in check() (git-fixes). - objtool: Ignore dangling jump table entries (git-fixes). - objtool: Ignore end-of-section jumps for KCOV/GCOV (git-fixes). - objtool: Properly disable uaccess validation (git-fixes). - objtool: Silence more KCOV warnings (git-fixes). - objtool: Silence more KCOV warnings, part 2 (git-fixes). - objtool: Stop UNRET validation on UD2 (git-fixes). - pNFS/flexfiles: do not attempt pnfs on fatal DS errors (git-fixes). - pch_uart: Fix dma_sync_sg_for_device() nents value (git-fixes). - pci/msi: Export pci_msix_prepare_desc() for dynamic MSI-X allocations (bsc#1245457). - pci: dwc: Make link training more robust by setting PORT_LOGIC_LINK_WIDTH to one lane (stable-fixes). - pci: endpoint: Fix configfs group list head handling (git-fixes). - pci: endpoint: Fix configfs group removal on driver teardown (git-fixes). - pci: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute (git-fixes). - pci: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails (git-fixes). - pci: hv: Allow dynamic MSI-X vector allocation (bsc#1245457). - pci: rockchip-host: Fix 'Unexpected Completion' log message (git-fixes). - perf: Fix sample vs do_exit() (bsc#1246547). - phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode (git-fixes). - pinctrl: amd: Clear GPIO debounce for suspend (git-fixes). - pinctrl: qcom: msm: mark certain pins as invalid for interrupts (git-fixes). - pinctrl: sunxi: Fix memory leak on krealloc failure (git-fixes). - pinmux: fix race causing mux_owner NULL with active mux_usecount (git-fixes). - platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() (git-fixes). - platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 (git-fixes). - platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment (git-fixes). - platform/mellanox: mlxreg-lc: Fix logic error in power state check (git-fixes). - platform/mellanox: nvsw-sn2201: Fix bus number in adapter error message (git-fixes). - platform/x86/amd/pmc: Add PCSpecialist Lafite Pro V 14M to 8042 quirks list (stable-fixes). - platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (git-fixes). - platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots (git-fixes). - platform/x86: think-lmi: Create ksets consecutively (stable-fixes). - platform/x86: think-lmi: Fix kobject cleanup (git-fixes). - platform/x86: think-lmi: Fix sysfs group cleanup (git-fixes). - pm / devfreq: Check governor before using governor->name (git-fixes). - power: supply: cpcap-charger: Fix null check for power_supply_get_by_name (git-fixes). - power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (git-fixes). - powercap: call put_device() on an error path in powercap_register_control_type() (stable-fixes). - powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() (git-fixes). - powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed (git-fixes). - powerpc/bpf: enforce full ordering for ATOMIC operations with BPF_FETCH (git-fixes). - ptp: fix breakage after ptp_vclock_in_use() rework (bsc#1246506). - pwm: imx-tpm: Reset counter if CMOD is 0 (git-fixes). - pwm: mediatek: Ensure to disable clocks in error path (git-fixes). - rdma/core: Rate limit GID cache warning messages (git-fixes) - rdma/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes) - rdma/hns: Drop GFP_NOWARN (git-fixes) - rdma/hns: Fix -Wframe-larger-than issue (git-fixes) - rdma/hns: Fix HW configurations not cleared in error flow (git-fixes) - rdma/hns: Fix accessing uninitialized resources (git-fixes) - rdma/hns: Fix double destruction of rsv_qp (git-fixes) - rdma/hns: Get message length of ack_req from FW (git-fixes) - rdma/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes) - rdma/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes) - rdma/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes) - rdma/mlx5: Fix CC counters query for MPV (git-fixes) - rdma/mlx5: Fix HW counters query for non-representor devices (git-fixes) - rdma/mlx5: Fix compilation warning when USER_ACCESS isn't set (git-fixes) - rdma/mlx5: Fix vport loopback for MPV device (git-fixes) - rdma/mlx5: Initialize obj_event->obj_sub_list before xa_insert (git-fixes) - rdma/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes) - rdma/siw: Fix the sendmsg byte count in siw_tcp_sendpages (git-fixes) - rdma/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes) - rdma/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes) - rdma/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes) - rdma/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes) - regmap: fix potential memory leak of regmap_bus (git-fixes). - regulator: fan53555: add enable_time support and soft-start times (stable-fixes). - regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods (git-fixes). - regulator: pwm-regulator: Calculate the output voltage for disabled PWMs (stable-fixes). - resource: fix false warning in __request_region() (git-fixes). - restore UCSI_CONNECTOR_RESET_HARD definition (git-fixes). - ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() (git-fixes). - rose: fix dangling neighbour pointers in rose_rt_device_down() (git-fixes). - rpl: Fix use-after-free in rpl_do_srh_inline() (git-fixes). - rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879) Put the same workaround to avoid file truncation of vmlinux and co in kernel-default-base package, too. - rtc: ds1307: fix incorrect maximum clock rate handling (git-fixes). - rtc: hym8563: fix incorrect maximum clock rate handling (git-fixes). - rtc: nct3018y: fix incorrect maximum clock rate handling (git-fixes). - rtc: pcf85063: fix incorrect maximum clock rate handling (git-fixes). - rtc: pcf8563: fix incorrect maximum clock rate handling (git-fixes). - rtc: rv3028: fix incorrect maximum clock rate handling (git-fixes). - s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (git-fixes bsc#1246870). - s390/entry: Fix last breaking event handling in case of stack corruption (git-fixes bsc#1243806). - s390/pci: Do not try re-enabling load/store if device is disabled (git-fixes bsc#1245646). - s390/pci: Fix stale function handles in error handling (git-fixes bsc#1245647). - s390/pkey: Prevent overflow in size calculation for memdup_user() (git-fixes bsc#1245598). - s390: Add z17 elf platform (LTC#214086 bsc#1245540). - samples: mei: Fix building on musl libc (git-fixes). - sched,freezer: Remove unnecessary warning in __thaw_task (bsc#1219338). - sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up() (git-fixes). - scsi: core: Enforce unlimited max_segment_size when virt_boundary_mask is set (git-fixes). - scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Early return out of FDMI cmpl for locally rejected statuses (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Modify end-of-life adapters' model descriptions (bsc#1245260 bsc#1243100 bsc#1246125 bsc#1204142). - scsi: lpfc: Move clearing of HBA_SETUP flag to before lpfc_sli4_queue_unset (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Relocate clearing initial phba flags from link up to link down hdlr (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Revise CQ_CREATE_SET mailbox bitfield definitions (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Revise logging format for failed CT MIB requests (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Simplify error handling for failed lpfc_get_sli4_parameters cmd (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Skip RSCN processing when FC_UNLOADING flag is set (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Update debugfs trace ring initialization messages (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: lpfc: Update lpfc version to 14.4.0.10 (bsc#1245260 bsc#1243100 bsc#1246125). - scsi: megaraid_sas: Fix invalid node index (git-fixes). - scsi: qla2xxx: Fix DMA mapping test in qla24xx_get_port_database() (git-fixes). - scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() (git-fixes). - scsi: s390: zfcp: Ensure synchronous unit_add (git-fixes bsc#1245599). - selftests/bpf: Add CFLAGS per source file and runner (git-fixes). - selftests/bpf: Add tests for iter next method returning valid pointer (git-fixes). - selftests/bpf: Change functions definitions to support GCC (git-fixes). - selftests/bpf: Fix a few tests for GCC related warnings (git-fixes). - selftests/bpf: Fix pointer arithmetic in test_xdp_do_redirect (git-fixes). - selftests/bpf: Fix prog numbers in test_sockmap (git-fixes). - smb3: move server check earlier when setting channel sequence number (git-fixes). - smb3: rename macro CIFS_SERVER_IS_CHAN to avoid confusion (git-fixes). - soc/tegra: cbb: Clear ERR_FORCE register with ERR_STATUS (git-fixes). - soc: aspeed: lpc-snoop: Cleanup resources in stack-order (git-fixes). - soc: aspeed: lpc-snoop: Do not disable channels that are not enabled (git-fixes). - soc: qcom: QMI encoding/decoding for big endian (git-fixes). - soc: qcom: fix endianness for QMI header (git-fixes). - soc: qcom: pmic_glink: fix OF node leak (git-fixes). - soundwire: amd: fix for clearing command status register (git-fixes). - soundwire: stream: restore params when prepare ports fail (git-fixes). - spi: spi-fsl-dspi: Clear completion counter before initiating transfer (git-fixes). - staging: axis-fifo: remove sysfs interface (git-fixes). - staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (git-fixes). - staging: nvec: Fix incorrect null termination of battery manufacturer (git-fixes). - struct cdns: move new member to the end (git-fixes). - struct ucsi_operations: use padding for new operation (git-fixes). - sunrpc: do not immediately retransmit on seqno miss (git-fixes). - sunrpc: fix client side handling of tls alerts (git-fixes). - supported.conf: add missing entries for armv7hl - supported.conf: move nvme-apple to optional again - supported.conf: sort entries again - tcp: call tcp_measure_rcv_mss() for ooo packets (git-fixes). - thunderbolt: Fix bit masking in tb_dp_port_set_hops() (git-fixes). - thunderbolt: Fix copy+paste error in match_service_id() (git-fixes). - thunderbolt: Fix wake on connect at runtime (git-fixes). - tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (git-fixes). - tracing/kprobes: Fix to free objects when failed to copy a symbol (git-fixes). - types: Complement the aligned types with signed 64-bit one (stable-fixes). - ucount: fix atomic_long_inc_below() argument type (git-fixes). - ucsi-glink: adapt to kABI consistency (git-fixes). - ucsi_ccg: Refine the UCSI Interrupt handling (git-fixes). - ucsi_operations: add stubs for all operations (git-fixes). - ucsi_ops: adapt update_connector to kABI consistency (git-fixes). - usb: Add checks for snprintf() calls in usb_alloc_dev() (stable-fixes). - usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (git-fixes). - usb: cdc-wdm: avoid setting WDM_READ for ZLP-s (stable-fixes). - usb: cdnsp: Fix issue with CV Bad Descriptor test (git-fixes). - usb: cdnsp: Fix issue with resuming from L1 (git-fixes). - usb: cdnsp: Replace snprintf() with the safer scnprintf() variant (stable-fixes). - usb: cdnsp: do not disable slot for disabled slot (git-fixes). - usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume (git-fixes). - usb: common: usb-conn-gpio: use a unique name for usb connector device (stable-fixes). - usb: dwc2: also exit clock_gating when stopping udc while suspended (stable-fixes). - usb: dwc3: meson-g12a: fix device leaks at unbind (git-fixes). - usb: early: xhci-dbc: Fix early_ioremap leak (git-fixes). - usb: gadget : fix use-after-free in composite_dev_cleanup() (git-fixes). - usb: gadget: u_serial: Fix race condition in TTY wakeup (git-fixes). - usb: gadget: udc: renesas_usb3: fix device leak at unbind (git-fixes). - usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() (git-fixes). - usb: hub: Do not try to recover devices lost during warm reset (git-fixes). - usb: misc: apple-mfi-fastcharge: Make power supply names unique (git-fixes). - usb: musb: fix gadget state on disconnect (git-fixes). - usb: musb: omap2430: fix device leak at unbind (git-fixes). - usb: net: sierra: check for no status endpoint (git-fixes). - usb: potential integer overflow in usbg_make_tpg() (stable-fixes). - usb: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (stable-fixes). - usb: serial: option: add Foxconn T99W640 (stable-fixes). - usb: serial: option: add Telit Cinterion FE910C04 (ECM) composition (stable-fixes). - usb: typec: Update sysfs when setting ops (git-fixes). - usb: typec: altmodes/displayport: do not index invalid pin_assignments (git-fixes). - usb: typec: displayport: Fix potential deadlock (git-fixes). - usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode (stable-fixes). - usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set (stable-fixes). - usb: typec: tcpm: allow switching to mode accessory to mux properly (stable-fixes). - usb: typec: tcpm: allow to use sink in accessory mode (stable-fixes). - usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach (git-fixes). - usb: typec: ucsi: Add DATA_RESET option of Connector Reset command (git-fixes). - usb: typec: ucsi: Add qcm6490-pmic-glink as needing PDOS quirk (git-fixes). - usb: typec: ucsi: Delay alternate mode discovery (git-fixes). - usb: typec: ucsi: Fix busy loop on ASUS VivoBooks (git-fixes). - usb: typec: ucsi: Fix the partner PD revision (git-fixes). - usb: typec: ucsi: Get PD revision for partner (git-fixes). - usb: typec: ucsi: Set orientation as none when connector is unplugged (git-fixes). - usb: typec: ucsi: Update power_supply on power role change (git-fixes). - usb: typec: ucsi: add callback for connector status updates (git-fixes). - usb: typec: ucsi: add update_connector callback (git-fixes). - usb: typec: ucsi: do not retrieve PDOs if not supported (git-fixes). - usb: typec: ucsi: extract code to read PD caps (git-fixes). - usb: typec: ucsi: fix UCSI on SM8550 & SM8650 Qualcomm devices (git-fixes). - usb: typec: ucsi: glink: fix off-by-one in connector_status (git-fixes). - usb: typec: ucsi: glink: increase max ports for x1e80100 (git-fixes). - usb: typec: ucsi: glink: move GPIO reading into connector_status callback (git-fixes). - usb: typec: ucsi: glink: use typec_set_orientation (git-fixes). - usb: typec: ucsi: move ucsi_acknowledge() from ucsi_read_error() (git-fixes). - usb: typec: ucsi: properly register partner's PD device (git-fixes). - usb: typec: ucsi: support delaying GET_PDOS for device (git-fixes). - usb: typec: ucsi_acpi: Add LG Gram quirk (git-fixes). - usb: typec: ucsi_glink: drop NO_PARTNER_PDOS quirk for sm8550 / sm8650 (git-fixes). - usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk (git-fixes). - usb: typec: ucsi_glink: enable the UCSI_DELAY_DEVICE_PDOS quirk on qcm6490 (git-fixes). - usb: typec: ucsi_glink: rework quirks implementation (git-fixes). - usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed (git-fixes). - usb: xhci: quirk for data loss in ISOC transfers (stable-fixes). - usb:cdnsp: remove TRB_FLUSH_ENDPOINT command (stable-fixes). - virtgpu: do not reset on shutdown (git-fixes). - vmci: Prevent the dispatching of uninitialized payloads (git-fixes). - vt: add missing notification when switching back to text mode (stable-fixes). - vt: defkeymap: Map keycodes above 127 to K_HOLE (git-fixes). - vt: keyboard: Do not process Unicode characters in K_OFF mode (git-fixes). - watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (git-fixes). - wifi: ath11k: clear initialized flag for deinit-ed srng lists (git-fixes). - wifi: ath11k: fix dest ring-buffer corruption (git-fixes). - wifi: ath11k: fix dest ring-buffer corruption when ring is full (git-fixes). - wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() (git-fixes). - wifi: ath11k: fix source ring-buffer corruption (git-fixes). - wifi: ath11k: fix suspend use-after-free after probe failure (git-fixes). - wifi: ath12k: fix dest ring-buffer corruption (git-fixes). - wifi: ath12k: fix dest ring-buffer corruption when ring is full (git-fixes). - wifi: ath12k: fix endianness handling while accessing wmi service bit (git-fixes). - wifi: ath12k: fix source ring-buffer corruption (git-fixes). - wifi: ath6kl: remove WARN on bad firmware input (stable-fixes). - wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (git-fixes). - wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (git-fixes). - wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() (git-fixes). - wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (git-fixes). - wifi: iwlwifi: return ERR_PTR from opmode start() (stable-fixes). - wifi: mac80211: Add link iteration macro for link data (stable-fixes). - wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() (git-fixes). - wifi: mac80211: Do not call fq_flow_idx() for management frames (git-fixes). - wifi: mac80211: Do not schedule stopped TXQs (git-fixes). - wifi: mac80211: chan: chandef is non-NULL for reserved (stable-fixes). - wifi: mac80211: drop invalid source address OCB frames (stable-fixes). - wifi: mac80211: reject TDLS operations when station is not associated (git-fixes). - wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() (git-fixes). - wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan (git-fixes). - wifi: mt76: mt7925: fix the wrong config for tx interrupt (git-fixes). - wifi: plfxlc: Fix error handling in usb driver probe (git-fixes). - wifi: prevent A-MSDU attacks in mesh networks (stable-fixes). - wifi: rtl818x: Kill URBs before clearing tx status queue (git-fixes). - wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band (git-fixes). - wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (git-fixes). - x86/cpu/amd: Fix workaround for erratum 1054 (git-fixes). - x86/mce/amd: Add default names for MCA banks and blocks (git-fixes). - x86/mce/amd: Fix threshold limit reset (git-fixes). - x86/mce: Do not remove sysfs if thresholding sysfs init fails (git-fixes). - x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (git-fixes). - x86/tdx: Fix __noreturn build warning around __tdx_hypercall_failed() (git-fixes). - x86/traps: Initialize DR6 by writing its architectural reset value (git-fixes). - x86/virt/tdx: Avoid indirect calls to TDX assembly functions (git-fixes). - x86: UV RTC: Add parameter to disable RTC clocksource (bsc#1241345). - xfs: fix off-by-one error in fsmap's end_daddr usage (bsc#1235837). - xfs: only create event xfs_file_compat_ioctl when CONFIG_COMPAT is configure (git-fixes). - xfs: remove unused event xfs_alloc_near_error (git-fixes). - xfs: remove unused event xfs_alloc_near_nominleft (git-fixes). - xfs: remove unused event xfs_attr_node_removename (git-fixes). - xfs: remove unused event xfs_ioctl_clone (git-fixes). - xfs: remove unused event xfs_pagecache_inval (git-fixes). - xfs: remove unused event xlog_iclog_want_sync (git-fixes). - xfs: remove unused trace event xfs_attr_remove_iter_return (git-fixes). - xfs: remove unused trace event xfs_attr_rmtval_set (git-fixes). - xfs: remove unused trace event xfs_reflink_cow_enospc (git-fixes). - xfs: remove unused xfs_attr events (git-fixes). - xfs: remove unused xfs_reflink_compare_extents events (git-fixes). - xfs: remove usused xfs_end_io_direct events (git-fixes). - xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS (git-fixes). - xhci: dbc: Flush queued requests before stopping dbc (git-fixes). - xhci: dbctty: disable ECHO flag by default (git-fixes). Important SUSE bug 1139073 SUSE bug 1204142 SUSE bug 1219338 SUSE bug 1225707 SUSE bug 1230216 SUSE bug 1233300 SUSE bug 1235613 SUSE bug 1235837 SUSE bug 1236333 SUSE bug 1236897 SUSE bug 1238896 SUSE bug 1239061 SUSE bug 1240323 SUSE bug 1240885 SUSE bug 1240966 SUSE bug 1241166 SUSE bug 1241345 SUSE bug 1242086 SUSE bug 1242414 SUSE bug 1242837 SUSE bug 1242960 SUSE bug 1242965 SUSE bug 1242993 SUSE bug 1243068 SUSE bug 1243100 SUSE bug 1243479 SUSE bug 1243669 SUSE bug 1243806 SUSE bug 1244309 SUSE bug 1244457 SUSE bug 1244735 SUSE bug 1244749 SUSE bug 1244750 SUSE bug 1244792 SUSE bug 1244801 SUSE bug 1245151 SUSE bug 1245201 SUSE bug 1245202 SUSE bug 1245216 SUSE bug 1245260 SUSE bug 1245431 SUSE bug 1245440 SUSE bug 1245457 SUSE bug 1245498 SUSE bug 1245499 SUSE bug 1245504 SUSE bug 1245506 SUSE bug 1245508 SUSE bug 1245510 SUSE bug 1245540 SUSE bug 1245598 SUSE bug 1245599 SUSE bug 1245646 SUSE bug 1245647 SUSE bug 1245649 SUSE bug 1245650 SUSE bug 1245654 SUSE bug 1245658 SUSE bug 1245660 SUSE bug 1245665 SUSE bug 1245666 SUSE bug 1245668 SUSE bug 1245669 SUSE bug 1245670 SUSE bug 1245671 SUSE bug 1245675 SUSE bug 1245676 SUSE bug 1245677 SUSE bug 1245679 SUSE bug 1245682 SUSE bug 1245683 SUSE bug 1245684 SUSE bug 1245688 SUSE bug 1245689 SUSE bug 1245690 SUSE bug 1245691 SUSE bug 1245695 SUSE bug 1245705 SUSE bug 1245708 SUSE bug 1245711 SUSE bug 1245713 SUSE bug 1245714 SUSE bug 1245719 SUSE bug 1245723 SUSE bug 1245729 SUSE bug 1245730 SUSE bug 1245731 SUSE bug 1245735 SUSE bug 1245737 SUSE bug 1245744 SUSE bug 1245745 SUSE bug 1245746 SUSE bug 1245747 SUSE bug 1245748 SUSE bug 1245749 SUSE bug 1245750 SUSE bug 1245751 SUSE bug 1245752 SUSE bug 1245757 SUSE bug 1245758 SUSE bug 1245765 SUSE bug 1245768 SUSE bug 1245769 SUSE bug 1245777 SUSE bug 1245781 SUSE bug 1245789 SUSE bug 1245937 SUSE bug 1245945 SUSE bug 1245951 SUSE bug 1245952 SUSE bug 1245954 SUSE bug 1245957 SUSE bug 1245966 SUSE bug 1245970 SUSE bug 1245976 SUSE bug 1245980 SUSE bug 1245983 SUSE bug 1245986 SUSE bug 1246000 SUSE bug 1246002 SUSE bug 1246006 SUSE bug 1246008 SUSE bug 1246020 SUSE bug 1246023 SUSE bug 1246029 SUSE bug 1246031 SUSE bug 1246037 SUSE bug 1246041 SUSE bug 1246042 SUSE bug 1246044 SUSE bug 1246045 SUSE bug 1246047 SUSE bug 1246049 SUSE bug 1246050 SUSE bug 1246055 SUSE bug 1246073 SUSE bug 1246093 SUSE bug 1246098 SUSE bug 1246109 SUSE bug 1246122 SUSE bug 1246125 SUSE bug 1246171 SUSE bug 1246173 SUSE bug 1246178 SUSE bug 1246182 SUSE bug 1246183 SUSE bug 1246186 SUSE bug 1246195 SUSE bug 1246203 SUSE bug 1246212 SUSE bug 1246220 SUSE bug 1246236 SUSE bug 1246240 SUSE bug 1246243 SUSE bug 1246246 SUSE bug 1246249 SUSE bug 1246250 SUSE bug 1246253 SUSE bug 1246258 SUSE bug 1246262 SUSE bug 1246264 SUSE bug 1246266 SUSE bug 1246268 SUSE bug 1246273 SUSE bug 1246283 SUSE bug 1246287 SUSE bug 1246292 SUSE bug 1246293 SUSE bug 1246295 SUSE bug 1246334 SUSE bug 1246337 SUSE bug 1246342 SUSE bug 1246349 SUSE bug 1246354 SUSE bug 1246358 SUSE bug 1246361 SUSE bug 1246364 SUSE bug 1246370 SUSE bug 1246375 SUSE bug 1246384 SUSE bug 1246386 SUSE bug 1246387 SUSE bug 1246438 SUSE bug 1246453 SUSE bug 1246473 SUSE bug 1246490 SUSE bug 1246506 SUSE bug 1246547 SUSE bug 1246777 SUSE bug 1246781 SUSE bug 1246870 SUSE bug 1246879 SUSE bug 1246911 SUSE bug 1247018 SUSE bug 1247023 SUSE bug 1247028 SUSE bug 1247031 SUSE bug 1247033 SUSE bug 1247035 SUSE bug 1247061 SUSE bug 1247089 SUSE bug 1247091 SUSE bug 1247097 SUSE bug 1247098 SUSE bug 1247101 SUSE bug 1247103 SUSE bug 1247104 SUSE bug 1247113 SUSE bug 1247118 SUSE bug 1247123 SUSE bug 1247125 SUSE bug 1247128 SUSE bug 1247132 SUSE bug 1247138 SUSE bug 1247141 SUSE bug 1247143 SUSE bug 1247145 SUSE bug 1247146 SUSE bug 1247147 SUSE bug 1247149 SUSE bug 1247150 SUSE bug 1247151 SUSE bug 1247153 SUSE bug 1247154 SUSE bug 1247156 SUSE bug 1247160 SUSE bug 1247164 SUSE bug 1247169 SUSE bug 1247170 SUSE bug 1247171 SUSE bug 1247172 SUSE bug 1247174 SUSE bug 1247176 SUSE bug 1247177 SUSE bug 1247178 SUSE bug 1247181 SUSE bug 1247209 SUSE bug 1247210 SUSE bug 1247227 SUSE bug 1247233 SUSE bug 1247236 SUSE bug 1247238 SUSE bug 1247241 SUSE bug 1247251 SUSE bug 1247252 SUSE bug 1247253 SUSE bug 1247255 SUSE bug 1247271 SUSE bug 1247273 SUSE bug 1247274 SUSE bug 1247276 SUSE bug 1247277 SUSE bug 1247278 SUSE bug 1247279 SUSE bug 1247284 SUSE bug 1247285 SUSE bug 1247288 SUSE bug 1247289 SUSE bug 1247293 SUSE bug 1247311 SUSE bug 1247314 SUSE bug 1247317 SUSE bug 1247347 SUSE bug 1247348 SUSE bug 1247349 SUSE bug 1247374 SUSE bug 1247437 SUSE bug 1247450 CVE-2019-11135 at SUSE CVE-2019-11135 at NVD CVE-2024-36028 at SUSE CVE-2024-36028 at NVD CVE-2024-36348 at SUSE CVE-2024-36348 at NVD CVE-2024-36349 at SUSE CVE-2024-36349 at NVD CVE-2024-36350 at SUSE CVE-2024-36350 at NVD CVE-2024-36357 at SUSE CVE-2024-36357 at NVD CVE-2024-44963 at SUSE CVE-2024-44963 at NVD CVE-2024-56742 at SUSE CVE-2024-56742 at NVD CVE-2024-57947 at SUSE CVE-2024-57947 at NVD CVE-2025-21839 at SUSE CVE-2025-21839 at NVD CVE-2025-21872 at SUSE CVE-2025-21872 at NVD CVE-2025-23163 at SUSE CVE-2025-23163 at NVD CVE-2025-37798 at SUSE CVE-2025-37798 at NVD CVE-2025-37856 at SUSE CVE-2025-37856 at NVD CVE-2025-37864 at SUSE CVE-2025-37864 at NVD CVE-2025-37885 at SUSE CVE-2025-37885 at NVD CVE-2025-37920 at SUSE CVE-2025-37920 at NVD CVE-2025-37984 at SUSE CVE-2025-37984 at NVD CVE-2025-38034 at SUSE CVE-2025-38034 at NVD CVE-2025-38035 at SUSE CVE-2025-38035 at NVD CVE-2025-38051 at SUSE CVE-2025-38051 at NVD CVE-2025-38052 at SUSE CVE-2025-38052 at NVD CVE-2025-38058 at SUSE CVE-2025-38058 at NVD CVE-2025-38061 at SUSE CVE-2025-38061 at NVD CVE-2025-38062 at SUSE CVE-2025-38062 at NVD CVE-2025-38063 at SUSE CVE-2025-38063 at NVD CVE-2025-38064 at SUSE CVE-2025-38064 at NVD CVE-2025-38074 at SUSE CVE-2025-38074 at NVD CVE-2025-38084 at SUSE CVE-2025-38084 at NVD CVE-2025-38085 at SUSE CVE-2025-38085 at NVD CVE-2025-38087 at SUSE CVE-2025-38087 at NVD CVE-2025-38088 at SUSE CVE-2025-38088 at NVD CVE-2025-38089 at SUSE CVE-2025-38089 at NVD CVE-2025-38090 at SUSE CVE-2025-38090 at NVD CVE-2025-38094 at SUSE CVE-2025-38094 at NVD CVE-2025-38095 at SUSE CVE-2025-38095 at NVD CVE-2025-38097 at SUSE CVE-2025-38097 at NVD CVE-2025-38098 at SUSE CVE-2025-38098 at NVD CVE-2025-38099 at SUSE CVE-2025-38099 at NVD CVE-2025-38100 at SUSE CVE-2025-38100 at NVD CVE-2025-38102 at SUSE CVE-2025-38102 at NVD CVE-2025-38105 at SUSE CVE-2025-38105 at NVD CVE-2025-38107 at SUSE CVE-2025-38107 at NVD CVE-2025-38108 at SUSE CVE-2025-38108 at NVD CVE-2025-38109 at SUSE CVE-2025-38109 at NVD CVE-2025-38110 at SUSE CVE-2025-38110 at NVD CVE-2025-38111 at SUSE CVE-2025-38111 at NVD CVE-2025-38112 at SUSE CVE-2025-38112 at NVD CVE-2025-38113 at SUSE CVE-2025-38113 at NVD CVE-2025-38115 at SUSE CVE-2025-38115 at NVD CVE-2025-38117 at SUSE CVE-2025-38117 at NVD CVE-2025-38118 at SUSE CVE-2025-38118 at NVD CVE-2025-38120 at SUSE CVE-2025-38120 at NVD CVE-2025-38122 at SUSE CVE-2025-38122 at NVD CVE-2025-38123 at SUSE CVE-2025-38123 at NVD CVE-2025-38124 at SUSE CVE-2025-38124 at NVD CVE-2025-38126 at SUSE CVE-2025-38126 at NVD CVE-2025-38127 at SUSE CVE-2025-38127 at NVD CVE-2025-38129 at SUSE CVE-2025-38129 at NVD CVE-2025-38131 at SUSE CVE-2025-38131 at NVD CVE-2025-38132 at SUSE CVE-2025-38132 at NVD CVE-2025-38135 at SUSE CVE-2025-38135 at NVD CVE-2025-38136 at SUSE CVE-2025-38136 at NVD CVE-2025-38138 at SUSE CVE-2025-38138 at NVD CVE-2025-38142 at SUSE CVE-2025-38142 at NVD CVE-2025-38143 at SUSE CVE-2025-38143 at NVD CVE-2025-38145 at SUSE CVE-2025-38145 at NVD CVE-2025-38147 at SUSE CVE-2025-38147 at NVD CVE-2025-38148 at SUSE CVE-2025-38148 at NVD CVE-2025-38149 at SUSE CVE-2025-38149 at NVD CVE-2025-38151 at SUSE CVE-2025-38151 at NVD CVE-2025-38153 at SUSE CVE-2025-38153 at NVD CVE-2025-38154 at SUSE CVE-2025-38154 at NVD CVE-2025-38155 at SUSE CVE-2025-38155 at NVD CVE-2025-38157 at SUSE CVE-2025-38157 at NVD CVE-2025-38158 at SUSE CVE-2025-38158 at NVD CVE-2025-38159 at SUSE CVE-2025-38159 at NVD CVE-2025-38161 at SUSE CVE-2025-38161 at NVD CVE-2025-38162 at SUSE CVE-2025-38162 at NVD CVE-2025-38165 at SUSE CVE-2025-38165 at NVD CVE-2025-38166 at SUSE CVE-2025-38166 at NVD CVE-2025-38173 at SUSE CVE-2025-38173 at NVD CVE-2025-38174 at SUSE CVE-2025-38174 at NVD CVE-2025-38177 at SUSE CVE-2025-38177 at NVD CVE-2025-38180 at SUSE CVE-2025-38180 at NVD CVE-2025-38181 at SUSE CVE-2025-38181 at NVD CVE-2025-38182 at SUSE CVE-2025-38182 at NVD CVE-2025-38183 at SUSE CVE-2025-38183 at NVD CVE-2025-38187 at SUSE CVE-2025-38187 at NVD CVE-2025-38188 at SUSE CVE-2025-38188 at NVD CVE-2025-38192 at SUSE CVE-2025-38192 at NVD CVE-2025-38193 at SUSE CVE-2025-38193 at NVD CVE-2025-38194 at SUSE CVE-2025-38194 at NVD CVE-2025-38197 at SUSE CVE-2025-38197 at NVD CVE-2025-38198 at SUSE CVE-2025-38198 at NVD CVE-2025-38200 at SUSE CVE-2025-38200 at NVD CVE-2025-38202 at SUSE CVE-2025-38202 at NVD CVE-2025-38203 at SUSE CVE-2025-38203 at NVD CVE-2025-38204 at SUSE CVE-2025-38204 at NVD CVE-2025-38206 at SUSE CVE-2025-38206 at NVD CVE-2025-38210 at SUSE CVE-2025-38210 at NVD CVE-2025-38211 at SUSE CVE-2025-38211 at NVD CVE-2025-38212 at SUSE CVE-2025-38212 at NVD CVE-2025-38213 at SUSE CVE-2025-38213 at NVD CVE-2025-38214 at SUSE CVE-2025-38214 at NVD CVE-2025-38215 at SUSE CVE-2025-38215 at NVD CVE-2025-38217 at SUSE CVE-2025-38217 at NVD CVE-2025-38220 at SUSE CVE-2025-38220 at NVD CVE-2025-38222 at SUSE CVE-2025-38222 at NVD CVE-2025-38225 at SUSE CVE-2025-38225 at NVD CVE-2025-38226 at SUSE CVE-2025-38226 at NVD CVE-2025-38227 at SUSE CVE-2025-38227 at NVD CVE-2025-38229 at SUSE CVE-2025-38229 at NVD CVE-2025-38231 at SUSE CVE-2025-38231 at NVD CVE-2025-38236 at SUSE CVE-2025-38236 at NVD CVE-2025-38239 at SUSE CVE-2025-38239 at NVD CVE-2025-38244 at SUSE CVE-2025-38244 at NVD CVE-2025-38246 at SUSE CVE-2025-38246 at NVD CVE-2025-38248 at SUSE CVE-2025-38248 at NVD CVE-2025-38249 at SUSE CVE-2025-38249 at NVD CVE-2025-38250 at SUSE CVE-2025-38250 at NVD CVE-2025-38257 at SUSE CVE-2025-38257 at NVD CVE-2025-38259 at SUSE CVE-2025-38259 at NVD CVE-2025-38264 at SUSE CVE-2025-38264 at NVD CVE-2025-38272 at SUSE CVE-2025-38272 at NVD CVE-2025-38273 at SUSE CVE-2025-38273 at NVD CVE-2025-38275 at SUSE CVE-2025-38275 at NVD CVE-2025-38277 at SUSE CVE-2025-38277 at NVD CVE-2025-38279 at SUSE CVE-2025-38279 at NVD CVE-2025-38283 at SUSE CVE-2025-38283 at NVD CVE-2025-38286 at SUSE CVE-2025-38286 at NVD CVE-2025-38289 at SUSE CVE-2025-38289 at NVD CVE-2025-38290 at SUSE CVE-2025-38290 at NVD CVE-2025-38292 at SUSE CVE-2025-38292 at NVD CVE-2025-38293 at SUSE CVE-2025-38293 at NVD CVE-2025-38300 at SUSE CVE-2025-38300 at NVD CVE-2025-38303 at SUSE CVE-2025-38303 at NVD CVE-2025-38304 at SUSE CVE-2025-38304 at NVD CVE-2025-38305 at SUSE CVE-2025-38305 at NVD CVE-2025-38307 at SUSE CVE-2025-38307 at NVD CVE-2025-38310 at SUSE CVE-2025-38310 at NVD CVE-2025-38312 at SUSE CVE-2025-38312 at NVD CVE-2025-38313 at SUSE CVE-2025-38313 at NVD CVE-2025-38319 at SUSE CVE-2025-38319 at NVD CVE-2025-38323 at SUSE CVE-2025-38323 at NVD CVE-2025-38326 at SUSE CVE-2025-38326 at NVD CVE-2025-38328 at SUSE CVE-2025-38328 at NVD CVE-2025-38332 at SUSE CVE-2025-38332 at NVD CVE-2025-38334 at SUSE CVE-2025-38334 at NVD CVE-2025-38335 at SUSE CVE-2025-38335 at NVD CVE-2025-38336 at SUSE CVE-2025-38336 at NVD CVE-2025-38337 at SUSE CVE-2025-38337 at NVD CVE-2025-38338 at SUSE CVE-2025-38338 at NVD CVE-2025-38342 at SUSE CVE-2025-38342 at NVD CVE-2025-38343 at SUSE CVE-2025-38343 at NVD CVE-2025-38344 at SUSE CVE-2025-38344 at NVD CVE-2025-38345 at SUSE CVE-2025-38345 at NVD CVE-2025-38348 at SUSE CVE-2025-38348 at NVD CVE-2025-38349 at SUSE CVE-2025-38349 at NVD CVE-2025-38350 at SUSE CVE-2025-38350 at NVD CVE-2025-38352 at SUSE CVE-2025-38352 at NVD CVE-2025-38354 at SUSE CVE-2025-38354 at NVD CVE-2025-38362 at SUSE CVE-2025-38362 at NVD CVE-2025-38363 at SUSE CVE-2025-38363 at NVD CVE-2025-38364 at SUSE CVE-2025-38364 at NVD CVE-2025-38365 at SUSE CVE-2025-38365 at NVD CVE-2025-38369 at SUSE CVE-2025-38369 at NVD CVE-2025-38371 at SUSE CVE-2025-38371 at NVD CVE-2025-38373 at SUSE CVE-2025-38373 at NVD CVE-2025-38375 at SUSE CVE-2025-38375 at NVD CVE-2025-38376 at SUSE CVE-2025-38376 at NVD CVE-2025-38377 at SUSE CVE-2025-38377 at NVD CVE-2025-38380 at SUSE CVE-2025-38380 at NVD CVE-2025-38382 at SUSE CVE-2025-38382 at NVD CVE-2025-38384 at SUSE CVE-2025-38384 at NVD CVE-2025-38385 at SUSE CVE-2025-38385 at NVD CVE-2025-38386 at SUSE CVE-2025-38386 at NVD CVE-2025-38387 at SUSE CVE-2025-38387 at NVD CVE-2025-38389 at SUSE CVE-2025-38389 at NVD CVE-2025-38391 at SUSE CVE-2025-38391 at NVD CVE-2025-38392 at SUSE CVE-2025-38392 at NVD CVE-2025-38393 at SUSE CVE-2025-38393 at NVD CVE-2025-38395 at SUSE CVE-2025-38395 at NVD CVE-2025-38396 at SUSE CVE-2025-38396 at NVD CVE-2025-38399 at SUSE CVE-2025-38399 at NVD CVE-2025-38400 at SUSE CVE-2025-38400 at NVD CVE-2025-38401 at SUSE CVE-2025-38401 at NVD CVE-2025-38403 at SUSE CVE-2025-38403 at NVD CVE-2025-38404 at SUSE CVE-2025-38404 at NVD CVE-2025-38406 at SUSE CVE-2025-38406 at NVD CVE-2025-38409 at SUSE CVE-2025-38409 at NVD CVE-2025-38410 at SUSE CVE-2025-38410 at NVD CVE-2025-38412 at SUSE CVE-2025-38412 at NVD CVE-2025-38414 at SUSE CVE-2025-38414 at NVD CVE-2025-38415 at SUSE CVE-2025-38415 at NVD CVE-2025-38416 at SUSE CVE-2025-38416 at NVD CVE-2025-38420 at SUSE CVE-2025-38420 at NVD CVE-2025-38424 at SUSE CVE-2025-38424 at NVD CVE-2025-38425 at SUSE CVE-2025-38425 at NVD CVE-2025-38426 at SUSE CVE-2025-38426 at NVD CVE-2025-38428 at SUSE CVE-2025-38428 at NVD CVE-2025-38429 at SUSE CVE-2025-38429 at NVD CVE-2025-38430 at SUSE CVE-2025-38430 at NVD CVE-2025-38436 at SUSE CVE-2025-38436 at NVD CVE-2025-38443 at SUSE CVE-2025-38443 at NVD CVE-2025-38448 at SUSE CVE-2025-38448 at NVD CVE-2025-38449 at SUSE CVE-2025-38449 at NVD CVE-2025-38455 at SUSE CVE-2025-38455 at NVD CVE-2025-38457 at SUSE CVE-2025-38457 at NVD CVE-2025-38460 at SUSE CVE-2025-38460 at NVD CVE-2025-38461 at SUSE CVE-2025-38461 at NVD CVE-2025-38462 at SUSE CVE-2025-38462 at NVD CVE-2025-38463 at SUSE CVE-2025-38463 at NVD CVE-2025-38465 at SUSE CVE-2025-38465 at NVD CVE-2025-38467 at SUSE CVE-2025-38467 at NVD CVE-2025-38468 at SUSE CVE-2025-38468 at NVD CVE-2025-38470 at SUSE CVE-2025-38470 at NVD CVE-2025-38471 at SUSE CVE-2025-38471 at NVD CVE-2025-38473 at SUSE CVE-2025-38473 at NVD CVE-2025-38474 at SUSE CVE-2025-38474 at NVD CVE-2025-38476 at SUSE CVE-2025-38476 at NVD CVE-2025-38477 at SUSE CVE-2025-38477 at NVD CVE-2025-38478 at SUSE CVE-2025-38478 at NVD CVE-2025-38480 at SUSE CVE-2025-38480 at NVD CVE-2025-38481 at SUSE CVE-2025-38481 at NVD CVE-2025-38482 at SUSE CVE-2025-38482 at NVD CVE-2025-38483 at SUSE CVE-2025-38483 at NVD CVE-2025-38485 at SUSE CVE-2025-38485 at NVD CVE-2025-38487 at SUSE CVE-2025-38487 at NVD CVE-2025-38489 at SUSE CVE-2025-38489 at NVD CVE-2025-38494 at SUSE CVE-2025-38494 at NVD CVE-2025-38495 at SUSE CVE-2025-38495 at NVD CVE-2025-38496 at SUSE CVE-2025-38496 at NVD CVE-2025-38497 at SUSE CVE-2025-38497 at NVD CVE-2025-38498 at SUSE CVE-2025-38498 at NVD cpe:/o:opensuse:leap:15.6 Security update for tomcat (Important) openSUSE Leap 15.6 This update for tomcat fixes the following issues: Updated to 9.0.108: - CVE-2025-52520: Fixed integer overflow can lead to DoS for some unlikely configurations of multipart upload (bsc#1246388) - CVE-2025-53506: Fixed uncontrolled resource HTTP/2 client consumption vulnerability (bsc#1246318) - CVE-2025-52434: Fixed race condition on connection close when using the APR/Native connector leading to a JVM crash (bsc#1246389) - CVE-2025-48989: Fixed 'MadeYouReset' DoS in HTTP/2 due to client triggered stream reset (bsc#1243895) Other: - Correct a regression in the fix for CVE-2025-49125 that prevented access to PreResources and PostResources when mounted below the web application root with a path that was terminated with a file separator. Important SUSE bug 1243895 SUSE bug 1246318 SUSE bug 1246388 SUSE bug 1246389 CVE-2025-48989 at SUSE CVE-2025-48989 at NVD CVE-2025-49125 at SUSE CVE-2025-49125 at NVD CVE-2025-52434 at SUSE CVE-2025-52434 at NVD CVE-2025-52520 at SUSE CVE-2025-52520 at NVD CVE-2025-53506 at SUSE CVE-2025-53506 at NVD cpe:/o:opensuse:leap:15.6 Security update for javamail (Moderate) openSUSE Leap 15.6 This update for javamail fixes the following issues: - Update to version 1.6.2 - CVE-2025-7962: Fixed an improper neutralization of \r and \n UTF-8 characters can lead to SMTP injection (bsc#1246873) Moderate SUSE bug 1246873 CVE-2025-7962 at SUSE CVE-2025-7962 at NVD cpe:/o:opensuse:leap:15.6 Security update for libxml2 (Important) openSUSE Leap 15.6 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) Important SUSE bug 1236460 CVE-2022-49043 at SUSE CVE-2022-49043 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-future (Important) openSUSE Leap 15.6 This update for python-future fixes the following issues: - CVE-2025-50817: Fixed arbitrary code execution via the automatic import of file test.py (bsc#1248124) Important SUSE bug 1248124 CVE-2025-50817 at SUSE CVE-2025-50817 at NVD cpe:/o:opensuse:leap:15.6 Recommended update for nginx (Moderate) openSUSE Leap 15.6 This update for nginx fixes the following issues: - Drop root priviledges while running logrotate (bsc#1246090) Moderate SUSE bug 1246090 cpe:/o:opensuse:leap:15.6 Security update for ucode-intel (Important) openSUSE Leap 15.6 This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20250812 release (bsc#1248438) - CVE-2025-20109: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel Processors may allow an authenticated user to potentially enable escalation of privilege via local access. - CVE-2025-22840: Sequence of processor instructions leads to unexpected behavior for some Intel Xeon 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access - CVE-2025-22839: Insufficient granularity of access control in the OOB-MSM for some Intel Xeon 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. - CVE-2025-22889: Improper handling of overlap between protected memory ranges for some Intel Xeon 6 processor with Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - CVE-2025-20053: Improper buffer restrictions for some Intel Xeon Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. - CVE-2025-26403: Out-of-bounds write in the memory subsystem for some Intel Xeon 6 processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - CVE-2025-32086: Improperly implemented security check for standard in the DDRIO configuration for some Intel Xeon 6 Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - Update for functional issues. - Updated Platforms: | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ARL-H | A1 | 06-c5-02/82 | 00000118 | 00000119 | Core Ultra Processor (Series 2) | ARL-S/HX (8P) | B0 | 06-c6-02/82 | 00000118 | 00000119 | Core Ultra Processor (Series 2) | EMR-SP | A1 | 06-cf-02/87 | 210002a9 | 210002b3 | Xeon Scalable Gen5 | GNR-AP/SP | B0 | 06-ad-01/95 | 010003a2 | 010003d0 | Xeon Scalable Gen6 | GNR-AP/SP | H0 | 06-ad-01/20 | 0a0000d1 | 0a000100 | Xeon Scalable Gen6 | ICL-D | B0 | 06-6c-01/10 | 010002d0 | 010002e0 | Xeon D-17xx, D-27xx | ICX-SP | Dx/M1 | 06-6a-06/87 | 0d000404 | 0d000410 | Xeon Scalable Gen3 | LNL | B0 | 06-bd-01/80 | 0000011f | 00000123 | Core Ultra 200 V Series Processor | MTL | C0 | 06-aa-04/e6 | 00000024 | 00000025 | Core™ Ultra Processor | RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004128 | 00004129 | Core Gen13 | RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004128 | 00004129 | Core Gen13 | SPR-HBM | Bx | 06-8f-08/10 | 2c0003f7 | 2c000401 | Xeon Max | SPR-SP | E4/S2 | 06-8f-07/87 | 2b000639 | 2b000643 | Xeon Scalable Gen4 | SPR-SP | E5/S3 | 06-8f-08/87 | 2b000639 | 2b000643 | Xeon Scalable Gen4 | SRF-SP | C0 | 06-af-03/01 | 03000341 | 03000362 | Xeon 6700-Series Processors with E-Cores New Disclosures Updated in Prior Releases: All ADL, RPL, SPR, EMR, MTL, ARL Microcode patches previously released in May 2025. Important SUSE bug 1248438 CVE-2025-20053 at SUSE CVE-2025-20053 at NVD CVE-2025-20109 at SUSE CVE-2025-20109 at NVD CVE-2025-22839 at SUSE CVE-2025-22839 at NVD CVE-2025-22840 at SUSE CVE-2025-22840 at NVD CVE-2025-22889 at SUSE CVE-2025-22889 at NVD CVE-2025-26403 at SUSE CVE-2025-26403 at NVD CVE-2025-32086 at SUSE CVE-2025-32086 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-aiohttp (Low) openSUSE Leap 15.6 This update for python-aiohttp fixes the following issues: - CVE-2025-53643: Fixed request smuggling due to incorrect parsing of chunked trailer section (bsc#1246517) Low SUSE bug 1246517 CVE-2025-53643 at SUSE CVE-2025-53643 at NVD cpe:/o:opensuse:leap:15.6 Security update for munge (Moderate) openSUSE Leap 15.6 This update for munge fixes the following issues: - Make `logrotate` work on log as user `munge` to prevent local privilege escalation (bsc#1246088). Moderate SUSE bug 1246088 cpe:/o:opensuse:leap:15.6 Security update for redis (Important) openSUSE Leap 15.6 This update for redis fixes the following issues: - CVE-2025-32023: Fixed out-of-bounds write when working with HyperLogLog commands can lead to remote code execution. (bsc#1246059) - CVE-2025-48367: Fixed unauthenticated connection causing repeated IP protocol erros can lead to client starvation and DoS. (bsc#1246058) Important SUSE bug 1246058 SUSE bug 1246059 CVE-2025-32023 at SUSE CVE-2025-32023 at NVD CVE-2025-48367 at SUSE CVE-2025-48367 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Django (Important) openSUSE Leap 15.6 This update for python-Django fixes the following issues: - CVE-2025-57833: Fixed potential SQL injection in FilteredRelation column aliases (bsc#1248810) Important SUSE bug 1248810 CVE-2025-57833 at SUSE CVE-2025-57833 at NVD cpe:/o:opensuse:leap:15.6 Security update for gimp (Important) openSUSE Leap 15.6 This update for gimp fixes the following issues: - CVE-2025-2760: lack of proper validation of user-supplied data in DDS parser can lead to integer overflow and remote code execution (bsc#1241690). Important SUSE bug 1241690 CVE-2025-2760 at SUSE CVE-2025-2760 at NVD cpe:/o:opensuse:leap:15.6 Security update for rav1e (Moderate) openSUSE Leap 15.6 This update for rav1e fixes the following issues: - CVE-2024-58266: shlex: Fixed certain bytes allowed to appear unquoted and unescaped in command arguments (bsc#1247207) Moderate SUSE bug 1230028 SUSE bug 1247207 CVE-2024-58266 at SUSE CVE-2024-58266 at NVD cpe:/o:opensuse:leap:15.6 Recommended update for perl-YAML-LibYAML (Moderate) openSUSE Leap 15.6 This update for perl-YAML-LibYAML fixes the following issues: - Updated to 0.904.0 - Dependency submission for the openQA stack Moderate CVE-2025-40908 at SUSE CVE-2025-40908 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-maturin (Low) openSUSE Leap 15.6 This update for python-maturin fixes the following issues: - CVE-2025-58160: terminal escape injection via ANSI sequences from untrusted input (bsc#1249011). Low SUSE bug 1249011 CVE-2025-58160 at SUSE CVE-2025-58160 at NVD cpe:/o:opensuse:leap:15.6 Security update for perl-Authen-SASL, perl-Crypt-URandom (Moderate) openSUSE Leap 15.6 This update for perl-Authen-SASL, perl-Crypt-URandom fixes the following issues: Changes in perl-Authen-SASL: - CVE-2025-40918: Fixed insecurely generated client nonce (bsc#1246623) Changes in perl-Crypt-URandom: - Included 0.540.0 for use by perl-Authen-SASL in SLE-15 (jsc#PED-13306 / bsc#1246623). Moderate SUSE bug 1246623 CVE-2025-40918 at SUSE CVE-2025-40918 at NVD cpe:/o:opensuse:leap:15.6 Security update for firebird (Important) openSUSE Leap 15.6 This update for firebird fixes the following issues: - CVE-2017-11509: authenticated remote code execution via the definition external functions that don't match the original definition of the entry point (bsc#1087421). Important SUSE bug 1087421 CVE-2017-11509 at SUSE CVE-2017-11509 at NVD cpe:/o:opensuse:leap:15.6 Security update for gtk3 (Important) openSUSE Leap 15.6 This update for gtk3 fixes the following issues: - CVE-2024-6655: Fixed library injection from current working directory (bsc#1228120). Other fixes: - Updated to version 3.24.43 Important SUSE bug 1172879 SUSE bug 1228120 CVE-2024-6655 at SUSE CVE-2024-6655 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-pydantic (Moderate) openSUSE Leap 15.6 This update for python-pydantic fixes the following issues: - CVE-2024-3772: Fixed Regular expression DoS (bsc#1222806) Moderate SUSE bug 1222806 CVE-2024-3772 at SUSE CVE-2024-3772 at NVD cpe:/o:opensuse:leap:15.6 Security update for netty, netty-tcnative (Important) openSUSE Leap 15.6 This update for netty, netty-tcnative fixes the following issues: Upgrade to upstream version 4.1.126. Security issues fixed: - CVE-2025-58057: decompression codecs allocating a large number of buffers after processing specially crafted input can cause a denial of service (bsc#1249134). - CVE-2025-58056: incorrect parsing of chunk extensions can lead to request smuggling (bsc#1249116). - CVE-2025-55163: 'MadeYouReset' denial of serivce attack in the HTTP/2 protocol (bsc#1247991). Other issues fixed: - Fixes from version 4.1.126 * Fix IllegalReferenceCountException on invalid upgrade response. * Drop unknown frame on missing stream. * Don't try to handle incomplete upgrade request. * Update to netty-tcnative 2.0.73Final. - Fixes from version 4.1.124 * Fix NPE and AssertionErrors when many tasks are scheduled and cancelled. * HTTP2: Http2ConnectionHandler should always use Http2ConnectionEncoder. * Epoll: Correctly handle UDP packets with source port of 0. * Fix netty-common OSGi Import-Package header. * MqttConnectPayload.toString() includes password. - Fixes from version 4.1.123 * Fix chunk reuse bug in adaptive allocator. * More accurate adaptive memory usage accounting. * Introduce size-classes for the adaptive allocator. * Reduce magazine proliferation eagerness. * Fix concurrent ByteBuffer access issue in AdaptiveByteBuf.getBytes. * Fix possible buffer corruption caused by incorrect setCharSequence(...) implementation. * AdaptiveByteBuf: Fix AdaptiveByteBuf.maxFastWritableBytes() to take writerIndex() into account. * Optimize capacity bumping for adaptive ByteBufs. * AbstractDnsRecord: equals() and hashCode() to ignore name field's case. * Backport Unsafe guards. * Guard recomputed offset access with hasUnsafe. * HTTP2: Always produce a RST frame on stream exception. * Correct what artifacts included in netty-bom. - Fixes from version 4.1.122 * DirContextUtils.addNameServer(...) should just catch Exception internally. * Make public API specify explicit maxAllocation to prevent OOM. * Fix concurrent ByteBuf write access bug in adaptive allocator. * Fix transport-native-kqueue Bundle-SymbolicNames. * Fix resolver-dns-native-macos Bundle-SymbolicNames. * Always correctly calculate the memory address of the ByteBuf even if sun.misc.Unsafe is not usable. * Upgrade lz4 dependencies as the old version did not correctly handle ByteBuffer that have an arrayOffset > 0. * Optimize ByteBuf.setCharSequence for adaptive allocator. * Kqueue: Fix registration failure when fd is reused. * Make JdkZlibEncoder accept Deflater.DEFAULT_COMPRESSION as level. * Ensure OpenSsl.availableJavaCipherSuites does not contain null values. * Always prefer direct buffers for pooled allocators if not explicit disabled. * Update to netty-tcnative 2.0.72.Final. * Re-enable sun.misc.Unsafe by default on Java 24+. * Kqueue: Delay removal from registration map to fix noisy warnings. - Fixes from version 4.1.121 * Epoll.isAvailable() returns false on Ubuntu 20.04/22.04 arch amd64. * Fix transport-native-epoll Bundle-SymbolicNames. - Fixes from version 4.1.120 * Fix flawed termination condition check in HttpPostRequestEncoder#encodeNextChunkUrlEncoded(int) for current InterfaceHttpData. * Exposed decoderEnforceMaxConsecutiveEmptyDataFrames and decoderEnforceMaxRstFramesPerWindow. * ThreadExecutorMap must restore old EventExecutor. * Make Recycler virtual thread friendly. * Disable sun.misc.Unsafe by default on Java 24+. * Adaptive: Correctly enforce leak detection when using AdaptiveByteBufAllocator. * Add suppressed exception to original cause when calling Future.sync*. * Add SETTINGS_ENABLE_CONNECT_PROTOCOL to the default HTTP/2 settings. * Correct computation for suboptimal chunk retirement probability. * Fix bug in method AdaptivePoolingAllocator.allocateWithoutLock(...). * Fix a Bytebuf leak in TcpDnsQueryDecoder. * SSL: Clear native error if named group is not supported. * WebSocketClientCompressionHandler shouldn't claim window bits support when jzlib is not available. * Fix the assignment error of maxQoS parameter in ConnAck Properties. - Fixes from version 4.1.119 * Replace SSL assertion with explicit record length check. * Fix NPE when upgrade message fails to aggregate. * SslHandler: Fix possible NPE when executor is used for delegating. * Consistently add channel info in HTTP/2 logs. * Add QueryStringDecoder option to leave '+' alone. * Use initialized BouncyCastle providers when available. - Fix pom.xml errors that will be fatal with Maven 4 Important SUSE bug 1247991 SUSE bug 1249116 SUSE bug 1249134 CVE-2025-55163 at SUSE CVE-2025-55163 at NVD CVE-2025-58056 at SUSE CVE-2025-58056 at NVD CVE-2025-58057 at SUSE CVE-2025-58057 at NVD cpe:/o:opensuse:leap:15.6 Security update for regionServiceClientConfigAzure (Critical) openSUSE Leap 15.6 This update for regionServiceClientConfigAzure contains the following fixes: - Update to version 3.0.0.(bsc#1246995) + SLE 16 python-requests requires SSL v3 certificates. Update 2 region server certs to support SLE 16 when it gets released. - Update dependency name for metadata package, name change in SLE 16. (bsc#1243419) + Replacing certificate for rgnsrv-azure-southeastasia to get rid of weird chain cert Critical SUSE bug 1243419 SUSE bug 1246995 cpe:/o:opensuse:leap:15.6 Security update for regionServiceClientConfigEC2 (Critical) openSUSE Leap 15.6 This update for regionServiceClientConfigEC2 contains the following fixes: - Update to version 5.0.0. (bsc#1246995) + SLE 16 python-requests requires SSL v3 certificates. Update 2 region server certs to support SLE 16 when it gets released. - Update dependency to accomodate metadata binary package name change in SLE 16. (bsc#1243419) + New 4096 certificate for rgnsrv-ec2-us-east1 Critical SUSE bug 1243419 SUSE bug 1246995 cpe:/o:opensuse:leap:15.6 Security update for regionServiceClientConfigGCE (Critical) openSUSE Leap 15.6 This update for regionServiceClientConfigGCE contains the following fixes: - Update to version 5.0.0 (bsc#1246995) + SLE 16 python-requests requires SSL v3 certificates. Update 2 region server certs to support SLE 16 when it gets released. - Update conditional to handle name change of metadata package in SLE 16. (bsc#1242063) + Add noipv6 patch Critical SUSE bug 1242063 SUSE bug 1246995 cpe:/o:opensuse:leap:15.6 Security update for python-deepdiff (Critical) openSUSE Leap 15.6 This update for python-deepdiff fixes the following issues: - CVE-2025-58367: class pollution via the `Delta` class constructor can lead to denial-of-service and remote code execution (bsc#1249347). Critical SUSE bug 1249347 CVE-2025-58367 at SUSE CVE-2025-58367 at NVD cpe:/o:opensuse:leap:15.6 Security update for apptainer (Moderate) openSUSE Leap 15.6 This update for apptainer fixes the following issues: - CVE-2023-45288: Fixed unclosed connections when receiving too many headers in golang.org/x/net/http2 (bsc#1236528) Moderate SUSE bug 1236528 CVE-2023-45288 at SUSE CVE-2023-45288 at NVD CVE-2024-3727 at SUSE CVE-2024-3727 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.24-openssl (Important) openSUSE Leap 15.6 This security update of go1.24-openssl fixes the following issues: Update to version 1.24.6 cut from the go1.24-fips-release branch at the revision tagged go1.24.6-1-openssl-fips. Refs jsc#SLE-18320 * Fix HKDF-Extract The latest OpenSSL in c9s/c10s requires nil salt to be passed as a hash length buffer of zeros. go1.24.6 (released 2025-08-06) includes security fixes to the database/sql and os/exec packages, as well as bug fixes to the runtime. ( boo#1236217 go1.24 release tracking) CVE-2025-47906 CVE-2025-47907: * go#74804 go#74466 boo#1247719 security: fix CVE-2025-47906 os/exec: LookPath bug: incorrect expansion of '', '.' and '..' in some PATH configurations * go#74833 go#74831 boo#1247720 security: fix CVE-2025-47907 database/sql: incorrect results returned from Rows.Scan * go#73800 runtime: RSS seems to have increased in Go 1.24 while the runtime accounting has not * go#74416 runtime: use-after-free of allpSnapshot in findRunnable * go#74694 runtime: segfaults in runtime.(*unwinder).next * go#74760 os/user:nolibgcc: TestGroupIdsTestUser failures go1.24.5 (released 2025-07-08) includes security fixes to the go command, as well as bug fixes to the compiler, the linker, the , and the go command. ( boo#1236217 go1.24 release tracking) j CVE-2025-4674: * go#74381 go#74380 boo#1246118 security: fix CVE-2025-4674 cmd/go: disable support for multiple vcs in one module * go#73908 runtime: bad frame pointer during panic during duffcopy * go#74098 cmd/compile: regression on ppc64le bit operations * go#74113 cmd/go: crash on unknown GOEXPERIMENT during toolchain selection * go#74290 runtime: heap mspan limit is set too late, causing data race between span allocation and conservative scanning * go#74294 internal/trace: stress tests triggering suspected deadlock in tracer * go#74346 runtime: memlock not unlocked in all control flow paths in sysReserveAlignedSbrk * go#74363 runtime/pprof: crash 'cannot read stack of running goroutine' in goroutine profile * go#74403 cmd/link: duplicated definition of symbol github.com/ebitengine/purego.syscall15XABI0 when running with ASAN go1.24.4 (released 2025-06-05) includes security fixes to the crypto/x509, net/http, and os packages, as well as bug fixes to the linker, the go command, and the hash/maphash and os packages. ( boo#1236217 go1.24 release tracking) CVE-2025-22874 CVE-2025-0913 CVE-2025-4673 * go#73700 go#73702 boo#1244158 security: fix CVE-2025-22874 crypto/x509: ExtKeyUsageAny bypasses policy validation * go#73720 go#73612 boo#1244157 security: fix CVE-2025-0913 os: inconsistent handling of O_CREATE|O_EXCL on Unix and Windows * go#73906 go#73816 boo#1244156 security: fix CVE-2025-4673 net/http: sensitive headers not cleared on cross-origin redirect * go#73570 os: Root.Mkdir creates directories with zero permissions on OpenBSD * go#73669 hash/maphash: hashing channels with purego impl. of maphash.Comparable panics * go#73678 runtime/debug: BuildSetting does not document DefaultGODEBUG * go#73809 cmd/go: add fips140 module selection mechanism * go#73832 cmd/link: Go 1.24.3 and 1.23.9 regression - duplicated definition of symbol dlopen Important SUSE bug 1236217 SUSE bug 1244156 SUSE bug 1244157 SUSE bug 1244158 SUSE bug 1246118 SUSE bug 1247719 SUSE bug 1247720 CVE-2025-0913 at SUSE CVE-2025-0913 at NVD CVE-2025-22874 at SUSE CVE-2025-22874 at NVD CVE-2025-4673 at SUSE CVE-2025-4673 at NVD CVE-2025-4674 at SUSE CVE-2025-4674 at NVD CVE-2025-47906 at SUSE CVE-2025-47906 at NVD CVE-2025-47907 at SUSE CVE-2025-47907 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.23-openssl (Important) openSUSE Leap 15.6 This update for go1.23-openssl fixes the following issues: Update to version 1.23.12 cut from the go1.23-fips-release branch at the revision tagged go1.23.12-1-openssl-fips. ( jsc#SLE-18320) * Rebase to 1.23.12 * Fix HKDF-Extract The latest OpenSSL in c9s/c10s requires nil salt to be passed as a hash length buffer of zeros. Packaging improvements: * Update go_bootstrap_version to go1.21 from go1.20 to shorten the bootstrap chain. go1.21 can optionally be bootstrapped with gccgo and serve as the inital version of go1.x. * Refs boo#1247816 bootstrap go1.21 with gccgo go1.23.12 (released 2025-08-06) includes security fixes to the database/sql and os/exec packages, as well as bug fixes to the runtime. CVE-2025-47906 CVE-2025-47907: * go#74803 go#74466 boo#1247719 security: fix CVE-2025-47906 os/exec: LookPath bug: incorrect expansion of '', '.' and '..' in some PATH configurations * go#74832 go#74831 boo#1247720 security: fix CVE-2025-47907 database/sql: incorrect results returned from Rows.Scan * go#74415 runtime: use-after-free of allpSnapshot in findRunnable * go#74693 runtime: segfaults in runtime.(*unwinder).next * go#74721 cmd/go: TestScript/build_trimpath_cgo fails to decode dwarf on release-branch.go1.23 * go#74726 cmd/cgo/internal/testsanitizers: failures with signal: segmentation fault or exit status 66 go1.23.11 (released 2025-07-08) includes security fixes to the go command, as well as bug fixes to the compiler, the linker, and the runtime. CVE-2025-4674: * go#74382 go#74380 boo#1246118 security: fix CVE-2025-4674 cmd/go: disable support for multiple vcs in one module * go#73907 runtime: bad frame pointer during panic during duffcopy * go#74289 runtime: heap mspan limit is set too late, causing data race between span allocation and conservative scanning * go#74293 internal/trace: stress tests triggering suspected deadlock in tracer * go#74362 runtime/pprof: crash 'cannot read stack of running goroutine' in goroutine profile * go#74402 cmd/link: duplicated definition of symbol github.com/ebitengine/purego.syscall15XABI0 when running with ASAN go1.23.10 (released 2025-06-05) includes security fixes to the net/http and os packages, as well as bug fixes to the linker. (boo#1229122 go1.23 release tracking) CVE-2025-0913 CVE-2025-4673: * go#73719 go#73612 boo#1244157 security: fix CVE-2025-0913 os: inconsistent handling of O_CREATE|O_EXCL on Unix and Windows * go#73905 go#73816 boo#1244156 security: fix CVE-2025-4673 net/http: sensitive headers not cleared on cross-origin redirect * go#73677 runtime/debug: BuildSetting does not document DefaultGODEBUG * go#73831 cmd/link: Go 1.24.3 and 1.23.9 regression - duplicated definition of symbol dlopen go1.23.9 (released 2025-05-06) includes fixes to the runtime and the linker. (boo#1229122 go1.23 release tracking) * go#73091 cmd/link: linkname directive on userspace variable can override runtime variable * go#73380 runtime, x/sys/unix: Connectx is broken on darwin/amd64 go1.23.8 (released 2025-04-01) includes security fixes to the net/http package, as well as bug fixes to the runtime and the go command. CVE-2025-22871: * go#72010 go#71988 boo#1240550 security: fix CVE-2025-22871 net/http: reject bare LF in chunked encoding * go#72114 runtime: process hangs for mips hardware * go#72871 runtime: cgo callback on extra M treated as external code after nested cgo callback returns * go#72937 internal/godebugs: winsymlink and winreadlinkvolume have incorrect defaults for Go 1.22 go1.23.7 (released 2025-03-04) includes security fixes to the net/http package, as well as bug fixes to cgo, the compiler, and the reflect, runtime, and syscall packages. CVE-2025-22870: * go#71985 go#71984 boo#1238572 security: fix CVE-2025-22870 net/http, x/net/proxy, x/net/http/httpproxy: proxy bypass using IPv6 zone IDs * go#71727 runtime: usleep computes wrong tv_nsec on s390x * go#71839 runtime: recover added in range-over-func loop body doesn't stop panic propagation / segfaults printing error * go#71848 os: spurious SIGCHILD on running child process * go#71875 reflect: Value.Seq panicking on functional iterator methods * go#71915 reflect: Value.Seq iteration value types not matching the type of given int types * go#71962 runtime/cgo: does not build with -Wdeclaration-after-statement go1.23.6 (released 2025-02-04) includes security fixes to the crypto/elliptic package, as well as bug fixes to the compiler and the go command. CVE-2025-22866 * go#71423 go#71383 boo#1236801 security: fix CVE-2025-22866 crypto/internal/fips140/nistec: p256NegCond is variable time on ppc64le * go#71263 cmd/go/internal/modfetch/codehost: test fails with git 2.47.1 * go#71230 cmd/compile: broken write barrier go1.23.5 (released 2025-01-16) includes security fixes to the crypto/x509 and net/http packages, as well as bug fixes to the compiler, the runtime, and the net package. CVE-2024-45341 CVE-2024-45336: * go#71208 go#71156 boo#1236045 security: fix CVE-2024-45341 crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints * go#71211 go#70530 boo#1236046 security: fix CVE-2024-45336 net/http: sensitive headers incorrectly sent after cross-domain redirect * go#69988 runtime: severe performance drop for cgo calls in go1.22.5 * go#70517 cmd/compile/internal/importer: flip enable alias to true * go#70789 os: io.Copy(net.Conn, os.Stdin) on MacOS terminate immediately without waiting for input * go#71104 crypto/tls: TestVerifyConnection/TLSv12 failures * go#71147 internal/trace: TestTraceCPUProfile/Stress failures go1.23.4 (released 2024-12-03) includes fixes to the compiler, the runtime, the trace command, and the syscall package. * go#70644 crypto/rsa: new key generation prohibitively slow under race detector * go#70645 proposal: go/types: add Scope.Node convenience getter * go#70646 x/tools/gopls: unimported completion corrupts import decl (client=BBEdit) * go#70648 crypto/tls: TestHandshakeClientECDHEECDSAAESGCM/TLSv12 failures * go#70649 x/benchmarks/sweet/cmd/sweet: TestSweetEndToEnd failures * go#70650 crypto/tls: TestGetClientCertificate/TLSv13 failures * go#70651 x/tools/go/gcexportdata: simplify implementation assuming go >= 1.21 * go#70654 cmd/go: Incorrect output from go list * go#70655 x/build/cmd/relui: add workflows for some remaining manual recurring Go major release cycle tasks * go#70657 proposal: bufio: Scanner.IterText/Scanner.IterBytes * go#70658 x/net/http2: stuck extended CONNECT requests * go#70659 os: TestRootDirFS failures on linux-mips64 and linux-mips64le arch-mips * go#70660 crypto/ecdsa: TestRFC6979 failures on s390x * go#70664 x/mobile: target maccatalyst cannot find OpenGLES header * go#70665 x/tools/gopls: refactor.extract.variable fails at package level * go#70666 x/tools/gopls: panic in GetIfaceStubInfo * go#70667 proposal: crypto/x509: support extracting X25519 public keys from certificates * go#70668 proposal: x/mobile: better support for unrecovered panics * go#70669 cmd/go: local failure in TestScript/build_trimpath_cgo * go#70670 cmd/link: unused functions aren't getting deadcoded from the binary * go#70674 x/pkgsite: package removal request for https://pkg.go.dev/github.com/uisdevsquad/go-test/debugmate * go#70675 cmd/go/internal/lockedfile: mountrpc flake in TestTransform on plan9 * go#70677 all: remote file server I/O flakiness with 'Bad fid' errors on plan9 * go#70678 internal/poll: deadlock on 'Intel(R) Xeon(R) Platinum' when an FD is closed * go#70679 mime/multipart: With go 1.23.3, mime/multipart does not link Update to version 1.23.2.3 cut from the go1.23-fips-release branch at the revision tagged go1.23.2-3-openssl-fips. ( jsc#SLE-18320) * Add negative tests for openssl (#243) go1.23.3 (released 2024-11-06) includes fixes to the linker, the runtime, and the net/http, os, and syscall packages. * go#69258 runtime: corrupted GoroutineProfile stack traces * go#69259 runtime: multi-arch build via qemu fails to exec go binary * go#69640 os: os.checkPidfd() crashes with SIGSYS * go#69746 runtime: TestGdbAutotmpTypes failures * go#69848 cmd/compile: syscall.Syscall15: nosplit stack over 792 byte limit * go#69865 runtime: MutexProfile missing root frames in go1.23 * go#69882 time,runtime: too many concurrent timer firings for short time.Ticker * go#69978 time,runtime: too many concurrent timer firings for short, fast-resetting time.Timer * go#69992 cmd/link: LC_UUID not generated by go linker, resulting in failure to access local network on macOS 15 * go#70001 net/http/pprof: coroutines + pprof makes the program panic * go#70020 net/http: short writes with FileServer on macos Important SUSE bug 1229122 SUSE bug 1236045 SUSE bug 1236046 SUSE bug 1236801 SUSE bug 1238572 SUSE bug 1240550 SUSE bug 1244156 SUSE bug 1244157 SUSE bug 1246118 SUSE bug 1247719 SUSE bug 1247720 SUSE bug 1247816 CVE-2024-45336 at SUSE CVE-2024-45336 at NVD CVE-2024-45341 at SUSE CVE-2024-45341 at NVD CVE-2025-0913 at SUSE CVE-2025-0913 at NVD CVE-2025-22866 at SUSE CVE-2025-22866 at NVD CVE-2025-22870 at SUSE CVE-2025-22870 at NVD CVE-2025-22871 at SUSE CVE-2025-22871 at NVD CVE-2025-4673 at SUSE CVE-2025-4673 at NVD CVE-2025-4674 at SUSE CVE-2025-4674 at NVD CVE-2025-47906 at SUSE CVE-2025-47906 at NVD CVE-2025-47907 at SUSE CVE-2025-47907 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.25-openssl (Important) openSUSE Leap 15.6 This update for go1.25-openssl fixes the following issues: Update to version 1.25.0 cut from the go1.25-fips-release branch at the revision tagged go1.25.0-1-openssl-fips. ( jsc#SLE-18320 ) * Rebase to 1.25.0 * Fix HKDF-Extract The latest OpenSSL in c9s/c10s requires nil salt to be passed as a hash length buffer of zeros. go1.25 (released 2025-08-12) is a major release of Go. go1.25.x minor releases will be provided through August 2026. https://github.com/golang/go/wiki/Go-Release-Cycle go1.25 arrives six months after Go 1.24. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. ( bsc#1244485 go1.25 release tracking ) * Language changes: There are no languages changes that affect Go programs in Go 1.25. However, in the language specification the notion of core types has been removed in favor of dedicated prose. See the respective blog post for more information. * go command: The go build -asan option now defaults to doing leak detection at program exit. This will report an error if memory allocated by C is not freed and is not referenced by any other memory allocated by either C or Go. These new error reports may be disabled by setting ASAN_OPTIONS=detect_leaks=0 in the environment when running the program. * go command: The Go distribution will include fewer prebuilt tool binaries. Core toolchain binaries such as the compiler and linker will still be included, but tools not invoked by build or test operations will be built and run by go tool as needed. * go command: The new go.mod ignore directive can be used to specify directories the go command should ignore. Files in these directories and their subdirectories will be ignored by the go command when matching package patterns, such as all or ./..., but will still be included in module zip files. * go command: The new go doc -http option will start a documentation server showing documentation for the requested object, and open the documentation in a browser window. * go command: The new go version -m -json option will print the JSON encodings of the runtime/debug.BuildInfo structures embedded in the given Go binary files. * go command: The go command now supports using a subdirectory of a repository as the path for a module root, when resolving a module path using the syntax <meta name='go-import' content='root-path vcs repo-url subdir'> to indicate that the root-path corresponds to the subdir of the repo-url with version control system vcs. * go command: The new work package pattern matches all packages in the work (formerly called main) modules: either the single work module in module mode or the set of workspace modules in workspace mode. * go command: When the go command updates the go line in a go.mod or go.work file, it no longer adds a toolchain line specifying the command’s current version. * go vet: The go vet command includes new analyzers: * go vet: waitgroup reports misplaced calls to sync.WaitGroup.Add; * go vet: hostport reports uses of fmt.Sprintf('%s:%d', host, port) to construct addresses for net.Dial, as these will not work with IPv6; instead it suggests using net.JoinHostPort. * Runtime: Container-aware GOMAXPROCS. The default behavior of the GOMAXPROCS has changed. In prior versions of Go, GOMAXPROCS defaults to the number of logical CPUs available at startup (runtime.NumCPU). Go 1.25 introduces two changes: On Linux, the runtime considers the CPU bandwidth limit of the cgroup containing the process, if any. If the CPU bandwidth limit is lower than the number of logical CPUs available, GOMAXPROCS will default to the lower limit. In container runtime systems like Kubernetes, cgroup CPU bandwidth limits generally correspond to the “CPU limit” option. The Go runtime does not consider the “CPU requests” option. On all OSes, the runtime periodically updates GOMAXPROCS if the number of logical CPUs available or the cgroup CPU bandwidth limit change. Both of these behaviors are automatically disabled if GOMAXPROCS is set manually via the GOMAXPROCS environment variable or a call to runtime.GOMAXPROCS. They can also be disabled explicitly with the GODEBUG settings containermaxprocs=0 and updatemaxprocs=0, respectively. In order to support reading updated cgroup limits, the runtime will keep cached file descriptors for the cgroup files for the duration of the process lifetime. * Runtime: garbage collector: A new garbage collector is now available as an experiment. This garbage collector’s design improves the performance of marking and scanning small objects through better locality and CPU scalability. Benchmark result vary, but we expect somewhere between a 10—40% reduction in garbage collection overhead in real-world programs that heavily use the garbage collector. The new garbage collector may be enabled by setting GOEXPERIMENT=greenteagc at build time. We expect the design to continue to evolve and improve. To that end, we encourage Go developers to try it out and report back their experiences. See the GitHub issue for more details on the design and instructions for sharing feedback. * Runtime: trace flight recorder: Runtime execution traces have long provided a powerful, but expensive way to understand and debug the low-level behavior of an application. Unfortunately, because of their size and the cost of continuously writing an execution trace, they were generally impractical for debugging rare events. The new runtime/trace.FlightRecorder API provides a lightweight way to capture a runtime execution trace by continuously recording the trace into an in-memory ring buffer. When a significant event occurs, a program can call FlightRecorder.WriteTo to snapshot the last few seconds of the trace to a file. This approach produces a much smaller trace by enabling applications to capture only the traces that matter. The length of time and amount of data captured by a FlightRecorder may be configured within the FlightRecorderConfig. * Runtime: Change to unhandled panic output: The message printed when a program exits due to an unhandled panic that was recovered and repanicked no longer repeats the text of the panic value. * Runtime: VMA names on Linux: On Linux systems with kernel support for anonymous virtual memory area (VMA) names (CONFIG_ANON_VMA_NAME), the Go runtime will annotate anonymous memory mappings with context about their purpose. e.g., [anon: Go: heap] for heap memory. This can be disabled with the GODEBUG setting decoratemappings=0. * Compiler: nil pointer bug: This release fixes a compiler bug, introduced in Go 1.21, that could incorrectly delay nil pointer checks. * Compiler: DWARF5 support: The compiler and linker in Go 1.25 now generate debug information using DWARF version 5. The newer DWARF version reduces the space required for debugging information in Go binaries, and reduces the time for linking, especially for large Go binaries. DWARF 5 generation can be disabled by setting the environment variable GOEXPERIMENT=nodwarf5 at build time (this fallback may be removed in a future Go release). * Compiler: Faster slices: The compiler can now allocate the backing store for slices on the stack in more situations, which improves performance. This change has the potential to amplify the effects of incorrect unsafe.Pointer usage, see for example issue 73199. In order to track down these problems, the bisect tool can be used to find the allocation causing trouble using the -compile=variablemake flag. All such new stack allocations can also be turned off using -gcflags=all=-d=variablemakehash=n. * Linker: The linker now accepts a -funcalign=N command line option, which specifies the alignment of function entries. The default value is platform-dependent, and is unchanged in this release. * Standard library: testing/synctest: The new testing/synctest package provides support for testing concurrent code. This package was first available in Go 1.24 under GOEXPERIMENT=synctest, with a slightly different API. The experiment has now graduated to general availability. The old API is still present if GOEXPERIMENT=synctest is set, but will be removed in Go 1.26. * Standard library: testing/synctest: The Test function runs a test function in an isolated “bubble”. Within the bubble, time is virtualized: time package functions operate on a fake clock and the clock moves forward instantaneously if all goroutines in the bubble are blocked. * Standard library: testing/synctest: The Wait function waits for all goroutines in the current bubble to block. * Standard library: encoding/json/v2: Go 1.25 includes a new, experimental JSON implementation, which can be enabled by setting the environment variable GOEXPERIMENT=jsonv2 at build time. When enabled, two new packages are available: The encoding/json/v2 package is a major revision of the encoding/json package. The encoding/json/jsontext package provides lower-level processing of JSON syntax. In addition, when the “jsonv2” GOEXPERIMENT is enabled: The encoding/json package uses the new JSON implementation. Marshaling and unmarshaling behavior is unaffected, but the text of errors returned by package function may change. The encoding/json package contains a number of new options which may be used to configure the marshaler and unmarshaler. The new implementation performs substantially better than the existing one under many scenarios. In general, encoding performance is at parity between the implementations and decoding is substantially faster in the new one. See the github.com/go-json-experiment/jsonbench repository for more detailed analysis. We encourage users of encoding/json to test their programs with GOEXPERIMENT=jsonv2 enabled to help detect any compatibility issues with the new implementation. We expect the design of encoding/json/v2 to continue to evolve. We encourage developers to try out the new API and provide feedback on the proposal issue. * archive/tar: The Writer.AddFS implementation now supports symbolic links for filesystems that implement io/fs.ReadLinkFS. * encoding/asn1: Unmarshal and UnmarshalWithParams now parse the ASN.1 types T61String and BMPString more consistently. This may result in some previously accepted malformed encodings now being rejected. * crypto: MessageSigner is a new signing interface that can be implemented by signers that wish to hash the message to be signed themselves. A new function is also introduced, SignMessage, which attempts to upgrade a Signer interface to MessageSigner, using the MessageSigner.SignMessage method if successful, and Signer.Sign if not. This can be used when code wishes to support both Signer and MessageSigner. * crypto: Changing the fips140 GODEBUG setting after the program has started is now a no-op. Previously, it was documented as not allowed, and could cause a panic if changed. * crypto: SHA-1, SHA-256, and SHA-512 are now slower on amd64 when AVX2 instructions are not available. All server processors (and most others) produced since 2015 support AVX2. * crypto/ecdsa: The new ParseRawPrivateKey, ParseUncompressedPublicKey, PrivateKey.Bytes, and PublicKey.Bytes functions and methods implement low-level encodings, replacing the need to use crypto/elliptic or math/big functions and methods. * crypto/ecdsa: When FIPS 140-3 mode is enabled, signing is now four times faster, matching the performance of non-FIPS mode. * crypto/ed25519: When FIPS 140-3 mode is enabled, signing is now four times faster, matching the performance of non-FIPS mode. * crypto/elliptic: The hidden and undocumented Inverse and CombinedMult methods on some Curve implementations have been removed. * crypto/rsa: PublicKey no longer claims that the modulus value is treated as secret. VerifyPKCS1v15 and VerifyPSS already warned that all inputs are public and could be leaked, and there are mathematical attacks that can recover the modulus from other public values. * crypto/rsa: Key generation is now three times faster. * crypto/sha1: Hashing is now two times faster on amd64 when SHA-NI instructions are available. * crypto/sha3: The new SHA3.Clone method implements hash.Cloner. * crypto/sha3: Hashing is now two times faster on Apple M processors. * crypto/tls: The new ConnectionState.CurveID field exposes the key exchange mechanism used to establish the connection. * crypto/tls: The new Config.GetEncryptedClientHelloKeys callback can be used to set the EncryptedClientHelloKeys for a server to use when a client sends an Encrypted Client Hello extension. * crypto/tls: SHA-1 signature algorithms are now disallowed in TLS 1.2 handshakes, per RFC 9155. They can be re-enabled with the GODEBUG setting tlssha1=1. * crypto/tls: When FIPS 140-3 mode is enabled, Extended Master Secret is now required in TLS 1.2, and Ed25519 and X25519MLKEM768 are now allowed. * crypto/tls: TLS servers now prefer the highest supported protocol version, even if it isn’t the client’s most preferred protocol version. * crypto/tls: Both TLS clients and servers are now stricter in following the specifications and in rejecting off-spec behavior. Connections with compliant peers should be unaffected. * crypto/x509: CreateCertificate, CreateCertificateRequest, and CreateRevocationList can now accept a crypto.MessageSigner signing interface as well as crypto.Signer. This allows these functions to use signers which implement “one-shot” signing interfaces, where hashing is done as part of the signing operation, instead of by the caller. * crypto/x509: CreateCertificate now uses truncated SHA-256 to populate the SubjectKeyId if it is missing. The GODEBUG setting x509sha256skid=0 reverts to SHA-1. * crypto/x509: ParseCertificate now rejects certificates which contain a BasicConstraints extension that contains a negative pathLenConstraint. * crypto/x509: ParseCertificate now handles strings encoded with the ASN.1 T61String and BMPString types more consistently. This may result in some previously accepted malformed encodings now being rejected. * debug/elf: The debug/elf package adds two new constants: PT_RISCV_ATTRIBUTES and SHT_RISCV_ATTRIBUTES for RISC-V ELF parsing. * go/ast: The FilterPackage, PackageExports, and MergePackageFiles functions, and the MergeMode type and its constants, are all deprecated, as they are for use only with the long-deprecated Object and Package machinery. * go/ast: The new PreorderStack function, like Inspect, traverses a syntax tree and provides control over descent into subtrees, but as a convenience it also provides the stack of enclosing nodes at each point. * go/parser: The ParseDir function is deprecated. * go/token: The new FileSet.AddExistingFiles method enables existing Files to be added to a FileSet, or a FileSet to be constructed for an arbitrary set of Files, alleviating the problems associated with a single global FileSet in long-lived applications. * go/types: Var now has a Var.Kind method that classifies the variable as one of: package-level, receiver, parameter, result, local variable, or a struct field. * go/types: The new LookupSelection function looks up the field or method of a given name and receiver type, like the existing LookupFieldOrMethod function, but returns the result in the form of a Selection. * hash: The new XOF interface can be implemented by “extendable output functions”, which are hash functions with arbitrary or unlimited output length such as SHAKE. * hash: Hashes implementing the new Cloner interface can return a copy of their state. All standard library Hash implementations now implement Cloner. * hash/maphash: The new Hash.Clone method implements hash.Cloner. * io/fs: A new ReadLinkFS interface provides the ability to read symbolic links in a filesystem. * log/slog: GroupAttrs creates a group Attr from a slice of Attr values. * log/slog: Record now has a Source method, returning its source location or nil if unavailable. * mime/multipart: The new helper function FileContentDisposition builds multipart Content-Disposition header fields. * net: LookupMX and Resolver.LookupMX now return DNS names that look like valid IP address, as well as valid domain names. Previously if a name server returned an IP address as a DNS name, LookupMX would discard it, as required by the RFCs. However, name servers in practice do sometimes return IP addresses. * net: On Windows, ListenMulticastUDP now supports IPv6 addresses. * net: On Windows, it is now possible to convert between an os.File and a network connection. Specifcally, the FileConn, FilePacketConn, and FileListener functions are now implemented, and return a network connection or listener corresponding to an open file. Similarly, the File methods of TCPConn, UDPConn, UnixConn, IPConn, TCPListener, and UnixListener are now implemented, and return the underlying os.File of a network connection. * net/http: The new CrossOriginProtection implements protections against Cross-Site Request Forgery (CSRF) by rejecting non-safe cross-origin browser requests. It uses modern browser Fetch metadata, doesn’t require tokens or cookies, and supports origin-based and pattern-based bypasses. * os: On Windows, NewFile now supports handles opened for asynchronous I/O (that is, syscall.FILE_FLAG_OVERLAPPED is specified in the syscall.CreateFile call). These handles are associated with the Go runtime’s I/O completion port, which provides the following benefits for the resulting File: I/O methods (File.Read, File.Write, File.ReadAt, and File.WriteAt) do not block an OS thread. Deadline methods (File.SetDeadline, File.SetReadDeadline, and File.SetWriteDeadline) are supported. This enhancement is especially beneficial for applications that communicate via named pipes on Windows. Note that a handle can only be associated with one completion port at a time. If the handle provided to NewFile is already associated with a completion port, the returned File is downgraded to synchronous I/O mode. In this case, I/O methods will block an OS thread, and the deadline methods have no effect. * os: The filesystems returned by DirFS and Root.FS implement the new io/fs.ReadLinkFS interface. CopyFS supports symlinks when copying filesystems that implement io/fs.ReadLinkFS. The Root type supports the following additional methods: Root.Chmod, Root.Chown, Root.Chtimes, Root.Lchown, Root.Link, Root.MkdirAll, Root.ReadFile, Root.Readlink, Root.RemoveAll, Root.Rename, Root.Symlink, and Root.WriteFile. * reflect: The new TypeAssert function permits converting a Value directly to a Go value of the given type. This is like using a type assertion on the result of Value.Interface, but avoids unnecessary memory allocations. * regexp/syntax: The \p{name} and \P{name} character class syntaxes now accept the names Any, ASCII, Assigned, Cn, and LC, as well as Unicode category aliases like \p{Letter} for \pL. Following Unicode TR18, they also now use case-insensitive name lookups, ignoring spaces, underscores, and hyphens. * runtime: Cleanup functions scheduled by AddCleanup are now executed concurrently and in parallel, making cleanups more viable for heavy use like the unique package. Note that individual cleanups should still shunt their work to a new goroutine if they must execute or block for a long time to avoid blocking the cleanup queue. * runtime: A new GODEBUG=checkfinalizers=1 setting helps find common issues with finalizers and cleanups, such as those described in the GC guide. In this mode, the runtime runs diagnostics on each garbage collection cycle, and will also regularly report the finalizer and cleanup queue lengths to stderr to help identify issues with long-running finalizers and/or cleanups. See the GODEBUG documentation for more details. * runtime: The new SetDefaultGOMAXPROCS function sets GOMAXPROCS to the runtime default value, as if the GOMAXPROCS environment variable is not set. This is useful for enabling the new GOMAXPROCS default if it has been disabled by the GOMAXPROCS environment variable or a prior call to GOMAXPROCS. * runtime/pprof: The mutex profile for contention on runtime-internal locks now correctly points to the end of the critical section that caused the delay. This matches the profile’s behavior for contention on sync.Mutex values. The runtimecontentionstacks setting for GODEBUG, which allowed opting in to the unusual behavior of Go 1.22 through 1.24 for this part of the profile, is now gone. * sync: The new WaitGroup.Go method makes the common pattern of creating and counting goroutines more convenient. * testing: The new methods T.Attr, B.Attr, and F.Attr emit an attribute to the test log. An attribute is an arbitrary key and value associated with a test. * testing: With the -json flag, attributes appear as a new “attr” action. * testing: The new Output method of T, B and F provides an io.Writer that writes to the same test output stream as TB.Log. Like TB.Log, the output is indented, but it does not include the file and line number. * testing: The AllocsPerRun function now panics if parallel tests are running. The result of AllocsPerRun is inherently flaky if other tests are running. The new panicking behavior helps catch such bugs. * testing/fstest: MapFS implements the new io/fs.ReadLinkFS interface. TestFS will verify the functionality of the io/fs.ReadLinkFS interface if implemented. TestFS will no longer follow symlinks to avoid unbounded recursion. * unicode: The new CategoryAliases map provides access to category alias names, such as “Letter” for “L”. * unicode: The new categories Cn and LC define unassigned codepoints and cased letters, respectively. These have always been defined by Unicode but were inadvertently omitted in earlier versions of Go. The C category now includes Cn, meaning it has added all unassigned code points. * unique: The unique package now reclaims interned values more eagerly, more efficiently, and in parallel. As a consequence, applications using Make are now less likely to experience memory blow-up when lots of truly unique values are interned. * unique: Values passed to Make containing Handles previously required multiple garbage collection cycles to collect, proportional to the depth of the chain of Handle values. Now, once unused, they are collected promptly in a single cycle. * Darwin port: As announced in the Go 1.24 release notes, Go 1.25 requires macOS 12 Monterey or later. Support for previous versions has been discontinued. * Windows port: Go 1.25 is the last release that contains the broken 32-bit windows/arm port (GOOS=windows GOARCH=arm). It will be removed in Go 1.26. * Loong64 port: The linux/loong64 port now supports the race detector, gathering traceback information from C code using runtime.SetCgoTraceback, and linking cgo programs with the internal link mode. * RISC-V port: The linux/riscv64 port now supports the plugin build mode. * RISC-V port: The GORISCV64 environment variable now accepts a new value rva23u64, which selects the RVA23U64 user-mode application profile. Fixed during development: * go#74466 bsc#1247719 security: fix CVE-2025-47906 os/exec: LookPath bug: incorrect expansion of '', '.' and '..' in some PATH configurations * go#74831 bsc#1247720 security: fix CVE-2025-47907 database/sql: incorrect results returned from Rows.Scan CVE-2025-4674 * go#74380 bsc#1246118 security: fix CVE-2025-4674 cmd/go: disable support for multiple vcs in one module Important SUSE bug 1244485 SUSE bug 1246118 SUSE bug 1247719 SUSE bug 1247720 SUSE bug 1247816 SUSE bug 1248082 CVE-2025-4674 at SUSE CVE-2025-4674 at NVD CVE-2025-47906 at SUSE CVE-2025-47906 at NVD CVE-2025-47907 at SUSE CVE-2025-47907 at NVD cpe:/o:opensuse:leap:15.6 Security update for ffmpeg-4 (Moderate) openSUSE Leap 15.6 This update for ffmpeg-4 fixes the following issues: - CVE-2025-7700: Fixed NULL Pointer Dereference in FFmpeg ALS Decoder (bsc#1246790). Moderate SUSE bug 1246790 CVE-2025-7700 at SUSE CVE-2025-7700 at NVD cpe:/o:opensuse:leap:15.6 Security update for ImageMagick (Important) openSUSE Leap 15.6 This update for ImageMagick fixes the following issues: - CVE-2025-55004: Fixed heap buffer over-read in in ReadOneMNGIMage when processing images with separate alpha channels (bsc#1248076). - CVE-2025-55005: Fixed heap buffer overflow when transforming from Log to sRGB colorspaces (bsc#1248077). - CVE-2025-55154: Fixed integer overflow when performing magnified size calculations in ReadOneMNGIMage (bsc#1248078). - CVE-2025-55160: Fixed undefined behavior due to function-type-mismatch in CloneSplayTree (bsc#1248079). - CVE-2025-55212: Fixed division-by-zero in ThumbnailImage() when passing a geometry string containing only a colon to `montage -geometry` (bsc#1248767). - CVE-2025-55298: Fixed heap overflow due to format string bug vulnerability (bsc#1248780). - CVE-2025-57803: Fixed heap out-of-bounds (OOB) write due to 32-bit integer overflow (bsc#1248784). Other fixes: - Fixed output file placeholders (bsc#1247475). Important SUSE bug 1247475 SUSE bug 1248076 SUSE bug 1248077 SUSE bug 1248078 SUSE bug 1248079 SUSE bug 1248767 SUSE bug 1248780 SUSE bug 1248784 CVE-2025-55004 at SUSE CVE-2025-55004 at NVD CVE-2025-55005 at SUSE CVE-2025-55005 at NVD CVE-2025-55154 at SUSE CVE-2025-55154 at NVD CVE-2025-55160 at SUSE CVE-2025-55160 at NVD CVE-2025-55212 at SUSE CVE-2025-55212 at NVD CVE-2025-55298 at SUSE CVE-2025-55298 at NVD CVE-2025-57803 at SUSE CVE-2025-57803 at NVD cpe:/o:opensuse:leap:15.6 Security update for curl (Important) openSUSE Leap 15.6 This update for curl fixes the following issues: Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). Security issues fixed: - CVE-2025-0665: eventfd double close can cause libcurl to act unreliably (bsc#1236589). - CVE-2025-4947: QUIC certificate check is skipped with wolfSSL allows for MITM attacks (bsc#1243397). - CVE-2025-5025: no QUIC certificate pinning with wolfSSL can lead to connections to impostor servers that are not easily noticed (bsc#1243706). - CVE-2025-5399: bug in websocket code can cause libcurl to get trapped in an endless busy-loop when processing specially crafted packets (bsc#1243933). - CVE-2024-6874: punycode conversions to/from IDN can leak stack content when libcurl is built to use the macidn IDN backend (bsc#1228260). - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix wrong return code when --retry is used (bsc#1249367). * tool_operate: fix return code when --retry is used but not triggered [b42776b] - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Fixed with version 8.14.1: * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. Important SUSE bug 1228260 SUSE bug 1236589 SUSE bug 1243397 SUSE bug 1243706 SUSE bug 1243933 SUSE bug 1246197 SUSE bug 1249191 SUSE bug 1249348 SUSE bug 1249367 CVE-2024-6874 at SUSE CVE-2024-6874 at NVD CVE-2025-0665 at SUSE CVE-2025-0665 at NVD CVE-2025-10148 at SUSE CVE-2025-10148 at NVD CVE-2025-4947 at SUSE CVE-2025-4947 at NVD CVE-2025-5025 at SUSE CVE-2025-5025 at NVD CVE-2025-5399 at SUSE CVE-2025-5399 at NVD CVE-2025-9086 at SUSE CVE-2025-9086 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-h2 (Moderate) openSUSE Leap 15.6 This update for python-h2 fixes the following issues: - CVE-2025-57804: Fixed HTTP Request Smuggling due to illegal characters in headers (bsc#1248737) Moderate SUSE bug 1248737 CVE-2025-57804 at SUSE CVE-2025-57804 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.25 (Moderate) openSUSE Leap 15.6 This update for go1.25 fixes the following issues: Update to go1.25.1, released 2025-09-03 (bsc#1244485). Security issues fixed: - CVE-2025-47910: net/http: `CrossOriginProtection` insecure bypass patterns not limited to exact matches (bsc#1249141). Other issues fixed: - go#74822 cmd/go: 'get toolchain@latest' should ignore release candidates. - go#74999 net: WriteMsgUDPAddrPort should accept IPv4-mapped IPv6 destination addresses on IPv4 UDP sockets. - go#75008 os/exec: TestLookPath fails on plan9 after CL 685755. - go#75021 testing/synctest: bubble not terminating. - go#75083 os: File.Seek doesn't set the correct offset with Windows overlapped handles. Moderate SUSE bug 1244485 SUSE bug 1247816 SUSE bug 1248082 SUSE bug 1249141 CVE-2025-47910 at SUSE CVE-2025-47910 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-eventlet (Moderate) openSUSE Leap 15.6 This update for python-eventlet fixes the following issues: - CVE-2025-58068: improper handling of HTTP trailer sections in WSGI parser leads to HTTP request smuggling (bsc#1248994). Moderate SUSE bug 1248994 CVE-2025-58068 at SUSE CVE-2025-58068 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-1_8_0-openjdk (Important) openSUSE Leap 15.6 This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u462 (icedtea-3.36.0). Security issues fixed: - CVE-2025-30749: heap corruption allows unauthenticated attacker with network access to compromise and takeover Java applications that load and run untrusted code (bsc#1246595). - CVE-2025-30754: incomplete handshake allows unauthenticated attacker with network access via TLS to gain unauthorized update, insert, delete and read access to sensitive data (bsc#1246598). - CVE-2025-30761: issue in Scripting component allows unauthenticated attacker with network access to gain unauthorized creation, deletion or modification access to critical data (bsc#1246580). - CVE-2025-50106: Glyph out-of-memory access allows unauthenticated attacker with network access to compromise and takeover Java applications that load and run untrusted code (bsc#1246584). Other issues fixed: - Import of OpenJDK 8 u462 build 08 + JDK-8026976: ECParameters, Point does not match field size. + JDK-8071996: split_if accesses NULL region of ConstraintCast. + JDK-8186143: keytool -ext option doesn't accept wildcards for DNS subject alternative names. + JDK-8186787: clang-4.0 SIGSEGV in Unsafe_PutByte. + JDK-8248001: javadoc generates invalid HTML pages whose ftp:// links are broken. + JDK-8278472: Invalid value set to CANDIDATEFORM structure. + JDK-8293107: GHA: Bump to Ubuntu 22.04. + JDK-8303770: Remove Baltimore root certificate expiring in May 2025. + JDK-8309841: Jarsigner should print a warning if an entry is removed. + JDK-8339810: Clean up the code in sun.tools.jar.Main to properly close resources and use ZipFile during extract. + JDK-8345625: Better HTTP connections. + JDK-8346887: DrawFocusRect() may cause an assertion failure. + JDK-8349111: Enhance Swing supports. + JDK-8350498: Remove two Camerfirma root CA certificates. + JDK-8352716: (tz) Update Timezone Data to 2025b. + JDK-8353433: XCG currency code not recognized in JDK 8u. + JDK-8356096: ISO 4217 Amendment 179 Update. + JDK-8359170: Add 2 TLS and 2 CS Sectigo roots. - Backports + JDK-8358538: Update GHA Windows runner to 2025. - JDK-8354941: Build failure with glibc 2.42 due to uabs() name collision. Important SUSE bug 1246580 SUSE bug 1246584 SUSE bug 1246595 SUSE bug 1246598 SUSE bug 1246806 CVE-2025-30749 at SUSE CVE-2025-30749 at NVD CVE-2025-30754 at SUSE CVE-2025-30754 at NVD CVE-2025-30761 at SUSE CVE-2025-30761 at NVD CVE-2025-50106 at SUSE CVE-2025-50106 at NVD cpe:/o:opensuse:leap:15.6 Security update for cups-filters (Important) openSUSE Leap 15.6 This update for cups-filters fixes the following issues: - CVE-2024-47175: no validation of IPP attributes in `ppdCreatePPDFromIPP2` when writing to a temporary PPD file allows for the injection of attacker-controlled data to the resulting PPD (bsc#1230932). Important SUSE bug 1230932 SUSE bug 1246533 CVE-2024-47175 at SUSE CVE-2024-47175 at NVD cpe:/o:opensuse:leap:15.6 Security update for rabbitmq-server313 (Moderate) openSUSE Leap 15.6 This update for rabbitmq-server313 fixes the following issues: - CVE-2025-50200: Fixed logging of Basic Auth header from an HTTP request (bsc#1245105) - Fixed bad logrotate configuration allowing potential escalation from rabbitmq to root (bsc#1246091) Moderate SUSE bug 1245105 SUSE bug 1246091 CVE-2025-50200 at SUSE CVE-2025-50200 at NVD cpe:/o:opensuse:leap:15.6 Security update for raptor (Moderate) openSUSE Leap 15.6 This update for raptor fixes the following issues: - CVE-2024-57823: Fixed integer underflow when normalizing a URI with the turtle parser (bsc#1235673) - CVE-2024-57822: Fixed heap buffer overread when parsing triples with the nquads parser (bsc#1235674) Moderate SUSE bug 1235673 SUSE bug 1235674 CVE-2024-57822 at SUSE CVE-2024-57822 at NVD CVE-2024-57823 at SUSE CVE-2024-57823 at NVD cpe:/o:opensuse:leap:15.6 Security update for nvidia-open-driver-G06-signed (Important) openSUSE Leap 15.6 This update for nvidia-open-driver-G06-signed fixes the following issues: Updated CUDA variant to 580.82.07: - CVE-2025-23277: Fixed access memory outside bounds permitted under normal use cases in NVIDIA Display Driver (bsc#1247528). - CVE-2025-23278: Fixed improper index validation by issuing a call with crafted parameters in NVIDIA Display Driver (bsc#1247529). - CVE-2025-23286: Fixed invalid memory read in NVIDIA GPU Display Driver (bsc#1247530). - CVE-2025-23283: Fixed stack buffer overflow triggerable by a malicious guest in Virtual GPU Manager in NVIDIA vGPU software (bsc#1247531). - CVE-2025-23279: Fixed race condition that lead to privileges escalations in NVIDIA .run Installer (bsc#1247532). Update non-CUDA variant to 580.82.07 (bsc#1249235). Other fixes: - Added Requires to be provided by special versions of nvidia-modprobe and nvidia-persitenced built against SP4 (bsc#1237208, jsc#PED-13295). - Get rid of rule of older KMPs not to load nvidia_drm module, which are still installed in parallel and therefore still active (bsc#1247923). Important SUSE bug 1237208 SUSE bug 1247528 SUSE bug 1247529 SUSE bug 1247530 SUSE bug 1247531 SUSE bug 1247532 SUSE bug 1247907 SUSE bug 1247923 SUSE bug 1249235 CVE-2025-23277 at SUSE CVE-2025-23277 at NVD CVE-2025-23278 at SUSE CVE-2025-23278 at NVD CVE-2025-23279 at SUSE CVE-2025-23279 at NVD CVE-2025-23283 at SUSE CVE-2025-23283 at NVD CVE-2025-23286 at SUSE CVE-2025-23286 at NVD cpe:/o:opensuse:leap:15.6 Security update for net-tools (Moderate) openSUSE Leap 15.6 This update for net-tools fixes the following issues: Security issues fixed: - CVE-2025-46836: missing bounds check in `get_name` may lead to a stack buffer overflow (bsc#1243581). - Avoid unsafe use of `memcpy` in `ifconfig` (bsc#1248687). - Prevent overflow in `ax25` and `netrom` (bsc#1248687). - Fix stack buffer overflow in `parse_hex` (bsc#1248687). - Fix stack buffer overflow in `proc_gen_fmt` (bsc#1248687). Other issues fixed: - Allow use of long interface names after CVE-2025-46836 fix, even if they are not accepted by the kernel (bsc#1248410). - Fix netrom support. Moderate SUSE bug 1243581 SUSE bug 1246608 SUSE bug 1248410 SUSE bug 1248687 SUSE bug 142461 CVE-2025-46836 at SUSE CVE-2025-46836 at NVD cpe:/o:opensuse:leap:15.6 Security update for cups (Important) openSUSE Leap 15.6 This update for cups fixes the following issues: - CVE-2024-47175: no validation of IPP attributes in `ppdCreatePPDFromIPP2` when writing to a temporary PPD file allows for the injection of attacker-controlled data to the resulting PPD (bsc#1230932). - CVE-2025-58060: no password check when `AuthType` is set to anything but `Basic` and a request is made with an `Authorization: Basic` header (bsc#1249049). - CVE-2025-58364: unsafe deserialization and validation of printer attributes leads to NULL pointer dereference (bsc#1249128). Important SUSE bug 1230932 SUSE bug 1246533 SUSE bug 1249049 SUSE bug 1249128 CVE-2024-47175 at SUSE CVE-2024-47175 at NVD CVE-2025-58060 at SUSE CVE-2025-58060 at NVD CVE-2025-58364 at SUSE CVE-2025-58364 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-1_8_0-ibm (Important) openSUSE Leap 15.6 This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 50. Security issues fixed: - Oracle July 15 2025 CPU (bsc#1247754). - CVE-2025-30749: heap corruption allows unauthenticated attacker with network access to compromise and takeover Java applications that load and run untrusted code (bsc#1246595). - CVE-2025-30754: incomplete handshake allows unauthenticated attacker with network access via TLS to gain unauthorized update, insert, delete and read access to sensitive data (bsc#1246598). - CVE-2025-30761: issue in the Scripting component allows unauthenticated attacker with network access to gain unauthorized creation, deletion or modification access to critical data (bsc#1246580). - CVE-2025-50059: issue in the Networking component allows unauthenticated attacker with network access to gain unauthorized access to critical data (bsc#1246575). - CVE-2025-50106: Glyph out-of-memory access allows unauthenticated attacker with network access to compromise and takeover Java applications that load and run untrusted code (bsc#1246584). Other issues fixed: - Class Libraries: - Oracle Security Fix 8348989: Better Glyph drawing. - Removal of Baltimore root certificate and TWO CAMERFIRMA root CA certificates from CACERTS. - Update timezone information to the latest TZDATA2025B. - Java Virtual Machine: - Assertion failure at copyforwardscheme.cpp. - JIT Compiler: - GC assert due to an invalid object reference. - SIGILL from JIT compiled method. - Unexpected behaviour with very large arrays. - Security: - Deserialization of a serialized RSAPrivateCrtKey is throwing an exception. - EDDSAsignature fails when doing multiple update. - HTTPS channel binding support. - IBMJCEPlus provider supports post quantum cryptography algorithms ML-KEM (key encapsulation) and ML-DSA (digital signature). - Key certificate management: Extended key usage cannot be set without having key usage extension in certificate request. - MessageDigest.update API does not throw the correct exception. - Oracle Security Fix 8349594: Enhance TLS protocol support. - Problem getting key in PKCS12 keystore on MAC. - TLS support for the EDDSA signature algorithm. - Wrong algorithm name returned for EDDSA keys. - z/OS Extentions: - IBMJCEHybridException with hybrid provider in GCM mode. Important SUSE bug 1246575 SUSE bug 1246580 SUSE bug 1246584 SUSE bug 1246595 SUSE bug 1246598 SUSE bug 1247754 CVE-2025-30749 at SUSE CVE-2025-30749 at NVD CVE-2025-30754 at SUSE CVE-2025-30754 at NVD CVE-2025-30761 at SUSE CVE-2025-30761 at NVD CVE-2025-50059 at SUSE CVE-2025-50059 at NVD CVE-2025-50106 at SUSE CVE-2025-50106 at NVD cpe:/o:opensuse:leap:15.6 Security update for curl (Important) openSUSE Leap 15.6 This update for curl fixes the following issues: Security issues fixed: - CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer (bsc#1249191). - CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348). Other issues fixed: - Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197). * tool_getparam: fix --ftp-pasv [5f805ee] - Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056). * TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs. * websocket: add option to disable auto-pong reply. * huge number of bugfixes. Please see https://curl.se/ch/ for full changelogs. Important SUSE bug 1246197 SUSE bug 1249191 SUSE bug 1249348 SUSE bug 1249367 CVE-2025-10148 at SUSE CVE-2025-10148 at NVD CVE-2025-9086 at SUSE CVE-2025-9086 at NVD cpe:/o:opensuse:leap:15.6 Security update for clamav (Important) openSUSE Leap 15.6 This update for clamav fixes the following issues: New version 1.4.2: * CVE-2025-20128, bsc#1236307: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service (DoS) condition. - Start clamonacc with --fdpass to avoid errors due to clamd not being able to access user files. (bsc#1232242) - New version 1.4.1: * https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html - New version 1.4.0: * Added support for extracting ALZ archives. * Added support for extracting LHA/LZH archives. * Added the ability to disable image fuzzy hashing, if needed. For context, image fuzzy hashing is a detection mechanism useful for identifying malware by matching images included with the malware or phishing email/document. * https://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html - New version 1.3.2: * CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files. * CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service condition. * Removed unused Python modules from freshclam tests including deprecated 'cgi' module that is expected to cause test failures in Python 3.13. * Fix unit test caused by expiring signing certificate. * Fixed a build issue on Windows with newer versions of Rust. Also upgraded GitHub Actions imports to fix CI failures. * Fixed an unaligned pointer dereference issue on select architectures. * Fixes to Jenkins CI pipeline. - New Version: 1.3.1: * CVE-2024-20380: Fixed a possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition. * Updated select Rust dependencies to the latest versions. * Fixed a bug causing some text to be truncated when converting from UTF-16. * Fixed assorted complaints identified by Coverity static analysis. * Fixed a bug causing CVDs downloaded by the DatabaseCustomURL * Added the new 'valhalla' database name to the list of optional databases in preparation for future work. - New version: 1.3.0: * Added support for extracting and scanning attachments found in Microsoft OneNote section files. OneNote parsing will be enabled by default, but may be optionally disabled. * Added file type recognition for compiled Python ('.pyc') files. * Improved support for decrypting PDFs with empty passwords. * Fixed a warning when scanning some HTML files. * ClamOnAcc: Fixed an infinite loop when a watched directory does not exist. * ClamOnAcc: Fixed an infinite loop when a file has been deleted before a scan. - New version: 1.2.0: * Added support for extracting Universal Disk Format (UDF) partitions. * Added an option to customize the size of ClamAV's clean file cache. * Raised the MaxScanSize limit so the total amount of data scanned when scanning a file or archive may exceed 4 gigabytes. * Added ability for Freshclam to use a client certificate PEM file and a private key PEM file for authentication to a private mirror. * Fix an issue extracting files from ISO9660 partitions where the files are listed in the plain ISO tree and there also exists an empty Joliet tree. * PID and socket are now located under /run/clamav/clamd.pid and /run/clamav/clamd.sock . * bsc#1211594: Fixed an issue where ClamAV does not abort the signature load process after partially loading an invalid signature. - New version 1.1.0: * https://blog.clamav.net/2023/05/clamav-110-released.html * Added the ability to extract images embedded in HTML CSS <style> blocks. * Updated to Sigtool so that the '--vba' option will extract VBA code from Microsoft Office documents the same way that libclamav extracts VBA. * Added a new option --fail-if-cvd-older-than=days to clamscan and clamd, and FailIfCvdOlderThan to clamd.conf * Added a new function 'cl_cvdgetage()' to the libclamav API. * Added a new function 'cl_engine_set_clcb_vba()' to the libclamav API. - bsc#1180296: Integrate clamonacc as a service. - New version 1.0.1 LTS (including changes in 0.104 and 0.105): * As of ClamAV 0.104, CMake is required to build ClamAV. * As of ClamAV 0.105, Rust is now required to compile ClamAV. * Increased the default limits for file and scan size: * MaxScanSize: 100M to 400M * MaxFileSize: 25M to 100M * StreamMaxLength: 25M to 100M * PCREMaxFileSize: 25M to 100M * MaxEmbeddedPE: 10M to 40M * MaxHTMLNormalize: 10M to 40M * MaxScriptNormalize: 5M to 20M * MaxHTMLNoTags: 2M to 8M * Added image fuzzy hash subsignatures for logical signatures. * Support for decrypting read-only OLE2-based XLS files that are encrypted with the default password. * Overhauled the implementation of the all-match feature. * Added a new callback to the public API for inspecting file content during a scan at each layer of archive extraction. * Added a new function to the public API for unpacking CVD signature archives. * The option to build with an external TomsFastMath library has been removed. ClamAV requires non-default build options for TomsFastMath to support bigger floating point numbers. * For a full list of changes see the release announcements: * https://blog.clamav.net/2022/11/clamav-100-lts-released.html * https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html * https://blog.clamav.net/2021/09/clamav-01040-released.html - Build clamd with systemd support. * CVE-2023-20197: Fixed a possible denial of service vulnerability in the HFS+ file parser. (bsc#1214342) * CVE-2018-14679: Fixed that an issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There isan off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized da (bsc#1103032) - Package huge .html documentation in a separate subpackage. - Update to 0.103.7 (bsc#1202986) - Zip parser: tolerate 2-byte overlap in file entries - Fix bug with logical signature Intermediates feature - Update to UnRAR v6.1.7 - Patch UnRAR: allow skipping files in solid archives - Patch UnRAR: limit dict winsize to 1GB - Use a split-provides for clamav-milter instead of recommending it. - Package clamav-milter in a subpackage - Remove virus signatures upon uninstall - Check for database existence before starting clamd - Restart clamd when it exits - Don't daemonize freshclam, but use a systemd timer instead to trigger updates Important SUSE bug 1102840 SUSE bug 1103032 SUSE bug 1180296 SUSE bug 1202986 SUSE bug 1211594 SUSE bug 1214342 SUSE bug 1232242 SUSE bug 1236307 CVE-2018-14679 at SUSE CVE-2018-14679 at NVD CVE-2023-20197 at SUSE CVE-2023-20197 at NVD CVE-2024-20380 at SUSE CVE-2024-20380 at NVD CVE-2024-20505 at SUSE CVE-2024-20505 at NVD CVE-2024-20506 at SUSE CVE-2024-20506 at NVD CVE-2025-20128 at SUSE CVE-2025-20128 at NVD cpe:/o:opensuse:leap:15.6 Security update for busybox, busybox-links (Moderate) openSUSE Leap 15.6 This update for busybox, busybox-links fixes the following issues: Updated to version 1.37.0 (jsc#PED-13039): - CVE-2023-42363: Fixed use-after-free vulnerability in xasprintf function in xfuncs_printf.c (bsc#1217580) - CVE-2023-42364: Fixed use-after-free in the awk.c evaluate function (bsc#1217584) - CVE-2023-42365: Fixed use-after-free in the awk.c copyvar function (bsc#1217585) Other fixes: - fix generation of file lists via Dockerfile - add copy of busybox.links from the container to catch changes to busybox config - Blacklist creating links for halt, reboot, shutdown commands to avoid accidental use in a fully booted system (bsc#1243201) - Add getfattr applet to attr filelist - busybox-udhcpc conflicts with udhcp. - Add new sub-package for udhcpc - zgrep: don't set the label option as only the real grep supports it (bsc#1215943) - Add conflict for coreutils-systemd, package got splitted - Check in filelists instead of buildrequiring all non-busybox utils - Replace transitional %usrmerged macro with regular version check (bsc#1206798) - Create sub-package 'hexedit' [bsc#1203399] - Create sub-package 'sha3sum' [bsc#1203397] - Drop update-alternatives support - Add provides smtp_daemon to busybox-sendmail - Add conflicts: mawk to busybox-gawk - fix mkdir path to point to /usr/bin instead of /bin - add placeholder variable and ignore applet logic to busybox.install - enable halt, poweroff, reboot commands (bsc#1243201) - Fully enable udhcpc and document that this tool needs special configuration and does not work out of the box [bsc#1217883] - Replace transitional %usrmerged macro with regular version check (bsc#1206798) Moderate SUSE bug 1203397 SUSE bug 1203399 SUSE bug 1206798 SUSE bug 1215943 SUSE bug 1217580 SUSE bug 1217584 SUSE bug 1217585 SUSE bug 1217883 SUSE bug 1239176 SUSE bug 1243201 CVE-2023-42363 at SUSE CVE-2023-42363 at NVD CVE-2023-42364 at SUSE CVE-2023-42364 at NVD CVE-2023-42365 at SUSE CVE-2023-42365 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-46733: btrfs: fix qgroup reserve leaks in cow_file_range (bsc#1230708). - CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089). - CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960). - CVE-2025-38006: net: mctp: Do not access ifa_index when missing (bsc#1244930). - CVE-2025-38075: scsi: target: iscsi: Fix timeout on deleted connection (bsc#1244734). - CVE-2025-38103: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (bsc#1245663). - CVE-2025-38125: net: stmmac: make sure that ptp_rate is not 0 before configuring EST (bsc#1245710). - CVE-2025-38146: net: openvswitch: Fix the dead loop of MPLS parse (bsc#1245767). - CVE-2025-38160: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() (bsc#1245780). - CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956). - CVE-2025-38185: atm: atmtcp: Free invalid length skb in atmtcp_c_send() (bsc#1246012). - CVE-2025-38190: atm: Revert atm_account_tx() if copy_from_iter_full() fails (bsc#1245973). - CVE-2025-38201: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX (bsc#1245977). - CVE-2025-38205: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 (bsc#1246005). - CVE-2025-38208: smb: client: add NULL check in automount_fullpath (bsc#1245815). - CVE-2025-38245: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister() (bsc#1246193). - CVE-2025-38251: atm: clip: prevent NULL deref in clip_push() (bsc#1246181). - CVE-2025-38360: drm/amd/display: Add more checks for DSC / HUBP ONO guarantees (bsc#1247078). - CVE-2025-38439: bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (bsc#1247155). - CVE-2025-38441: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (bsc#1247167). - CVE-2025-38444: raid10: cleanup memleak at raid10_make_request (bsc#1247162). - CVE-2025-38445: md/raid1: Fix stack memory use after return in raid1_reshape (bsc#1247229). - CVE-2025-38458: atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (bsc#1247116). - CVE-2025-38459: atm: clip: Fix infinite recursive call of clip_push() (bsc#1247119). - CVE-2025-38464: tipc: Fix use-after-free in tipc_conn_close() (bsc#1247112). - CVE-2025-38472: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (bsc#1247313). - CVE-2025-38490: net: libwx: remove duplicate page_pool_put_full_page() (bsc#1247243). - CVE-2025-38491: mptcp: make fallback action and fallback decision atomic (bsc#1247280). - CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976). - CVE-2025-38500: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (bsc#1248088). - CVE-2025-38506: KVM: Allow CPU to reschedule while setting per-page memory attributes (bsc#1248186). - CVE-2025-38520: drm/amdkfd: Do not call mmput from MMU notifier callback (bsc#1248217). - CVE-2025-38524: rxrpc: Fix recv-recv race of completed call (bsc#1248194). - CVE-2025-38528: bpf: Reject %p% format string in bprintf-like helpers (bsc#1248198). - CVE-2025-38531: iio: common: st_sensors: Fix use of uninitialize device structs (bsc#1248205). - CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223). - CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312). - CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306). - CVE-2025-38585: staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() (bsc#1248355). - CVE-2025-38591: bpf: Reject narrower access to pointer ctx fields (bsc#1248363). - CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338). - CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511). The following non-security bugs were fixed: - ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered (stable-fixes). - ACPI: pfr_update: Fix the driver update version check (git-fixes). - ACPI: processor: fix acpi_object initialization (stable-fixes). - ACPI: processor: perflib: Move problematic pr->performance check (git-fixes). - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (stable-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks (stable-fixes). - ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 (stable-fixes). - ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again (git-fixes). - ALSA: hda/realtek: Fix headset mic on ASUS Zenbook 14 (git-fixes). - ALSA: hda/realtek: Fix headset mic on HONOR BRB-X (stable-fixes). - ALSA: hda: Disable jack polling at shutdown (stable-fixes). - ALSA: hda: Handle the jack polling always via a work (stable-fixes). - ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 (stable-fixes). - ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop (stable-fixes). - ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (git-fixes). - ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros (stable-fixes). - ALSA: usb-audio: Fix size validation in convert_chmap_v3() (git-fixes). - ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation (git-fixes). - ALSA: usb-audio: Validate UAC3 cluster segment descriptors (git-fixes). - ALSA: usb-audio: Validate UAC3 power domain descriptors, too (git-fixes). - ASoC: Intel: avs: Fix uninitialized pointer error in probe() (stable-fixes). - ASoC: Intel: fix SND_SOC_SOF dependencies (stable-fixes). - ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx (stable-fixes). - ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx (stable-fixes). - ASoC: amd: yc: add DMI quirk for ASUS M6501RM (stable-fixes). - ASoC: codecs: rt5640: Retry DEVICE_ID verification (stable-fixes). - ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (stable-fixes). - ASoC: hdac_hdmi: Rate limit logging on connection and disconnection (stable-fixes). - ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed (stable-fixes). - Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer TX10UB Nano (stable-fixes). - Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() (git-fixes). - Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced (git-fixes). - Bluetooth: hci_event: Mark connection as closed during suspend disconnect (git-fixes). - Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success (git-fixes). - Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established (git-fixes). - Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() (stable-fixes). - Bluetooth: hci_sync: fix set_local_name race condition (git-fixes). - HID: asus: fix UAF via HID_CLAIMED_INPUT validation (git-fixes). - HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (git-fixes). - PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes). - PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge (git-fixes). - PCI: Add ACS quirk for Loongson PCIe (git-fixes). - PCI: Support Immediate Readiness on devices without PM capabilities (git-fixes). - PCI: apple: Fix missing OF node reference in apple_pcie_setup_port (git-fixes). - PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features (git-fixes). - PCI: imx6: Delay link start until configfs 'start' written (git-fixes). - PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset (git-fixes). - PCI: pnv_php: Clean up allocated IRQs on unplug (bsc#1215199). - PCI: pnv_php: Work around switches with broken presence detection (bsc#1215199). - PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining (git-fixes). - PCI: rockchip: Use standard PCIe definitions (git-fixes). - PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() (stable-fixes). - PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() (stable-fixes). - PM: sleep: console: Fix the black screen issue (stable-fixes). - RAS/AMD/ATL: Include row bit in row retirement (bsc#1242034). - RAS/AMD/FMPM: Get masked address (bsc#1242034). - RAS/AMD/FMPM: Use atl internal.h for INVALID_SPA (bsc#1242034). - RDMA/bnxt_re: Fix a possible memory leak in the driver (git-fixes) - RDMA/bnxt_re: Fix to do SRQ armena by default (git-fixes) - RDMA/bnxt_re: Fix to initialize the PBL array (git-fixes) - RDMA/bnxt_re: Fix to remove workload check in SRQ limit path (git-fixes) - RDMA/core: reduce stack using in nldev_stat_get_doit() (git-fixes) - RDMA/erdma: Fix ignored return value of init_kernel_qp (git-fixes) - RDMA/hns: Fix dip entries leak on devices newer than hip09 (git-fixes) - RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (git-fixes) - Revert 'gpio: mlxbf3: only get IRQ for device instance 0' (git-fixes). - Revert 'scsi: iscsi: Fix HW conn removal use after free' (git-fixes). - USB: serial: option: add Foxconn T99W709 (stable-fixes). - USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera (stable-fixes). - USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles (stable-fixes). - aoe: defer rexmit timer downdev work to workqueue (git-fixes). - arch/powerpc: Remove .interp section in vmlinux (bsc#1215199). - arm64/cpufeatures/kvm: Add ARMv8.9 FEAT_ECBHB bits in ID_AA64MMFR1 (git-fixes). - arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() (git-fixes). - arm64/mm: Check PUD_TYPE_TABLE in pud_bad() (git-fixes). - arm64: Add support for HIP09 Spectre-BHB mitigation (git-fixes). - arm64: Filter out SME hwcaps when FEAT_SME isn't implemented (git-fixes). - arm64: Restrict pagetable teardown to avoid false warning (git-fixes). - arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename (git-fixes). - arm64: dts: freescale: imx8mm-verdin: Keep LDO5 always on (git-fixes). - arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed (git-fixes). - arm64: dts: imx8mm-beacon: Fix RTC capacitive load (git-fixes). - arm64: dts: imx8mm-venice-gw700x: Increase HS400 USDHC clock speed (git-fixes). - arm64: dts: imx8mm-venice-gw7901: Increase HS400 USDHC clock speed (git-fixes). - arm64: dts: imx8mm-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes). - arm64: dts: imx8mm-venice-gw7903: Increase HS400 USDHC clock speed (git-fixes). - arm64: dts: imx8mm-venice-gw7904: Increase HS400 USDHC clock speed (git-fixes). - arm64: dts: imx8mn-beacon: Fix HS400 USDHC clock speed (git-fixes). - arm64: dts: imx8mn-beacon: Fix RTC capacitive load (git-fixes). - arm64: dts: imx8mn-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes). - arm64: dts: imx8mp-beacon: Fix RTC capacitive load (git-fixes). - arm64: dts: rockchip: Update eMMC for NanoPi R5 series (git-fixes). - arm64: dts: rockchip: fix endpoint dtc warning for PX30 ISP (git-fixes). - arm64: tegra: Drop remaining serial clock-names and reset-names (git-fixes). - arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator (git-fixes). - arm64: zynqmp: add clock-output-names property in clock nodes (git-fixes). - ata: libata-scsi: Fix CDL control (git-fixes). - block: fix kobject leak in blk_unregister_queue (git-fixes). - block: mtip32xx: Fix usage of dma_map_sg() (git-fixes). - bpf: fix kfunc btf caching for modules (git-fixes). - bpf: use kvzmalloc to allocate BPF verifier environment (git-fixes). - btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling (git-fixes). - btrfs: correctly escape subvol in btrfs_show_options() (git-fixes). - btrfs: fix adding block group to a reclaim list and the unused list during reclaim (git-fixes). - btrfs: fix bitmap leak when loading free space cache on duplicate entry (git-fixes). - btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() (git-fixes). - btrfs: fix the length of reserved qgroup to free (bsc#1240708). - btrfs: retry block group reclaim without infinite loop (git-fixes). - btrfs: return accurate error code on open failure in open_fs_devices() (bsc#1233120). - btrfs: run delayed iputs when flushing delalloc (git-fixes). - btrfs: update target inode's ctime on unlink (git-fixes). - cdx: Fix off-by-one error in cdx_rpmsg_probe() (git-fixes). - char: misc: Fix improper and inaccurate error code returned by misc_init() (stable-fixes). - comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() (git-fixes). - comedi: Make insn_rw_emulate_bits() do insn->n samples (git-fixes). - comedi: fix race between polling and detaching (git-fixes). - comedi: pcl726: Prevent invalid irq number (git-fixes). - crypto: hisilicon/hpre - fix dma unmap sequence (stable-fixes). - crypto: jitter - fix intermediary handling (stable-fixes). - crypto: octeontx2 - add timeout for load_fvc completion poll (stable-fixes). - crypto: qat - lower priority for skcipher and aead algorithms (stable-fixes). - drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() (git-fixes). - drm/amd/display: Add primary plane to commits for correct VRR handling (stable-fixes). - drm/amd/display: Adjust DCE 8-10 clock, do not overclock by 15% (git-fixes). - drm/amd/display: Avoid a NULL pointer dereference (stable-fixes). - drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported (stable-fixes). - drm/amd/display: Avoid trying AUX transactions on disconnected ports (stable-fixes). - drm/amd/display: Do not overclock DCE 6 by 15% (git-fixes). - drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs (stable-fixes). - drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs (stable-fixes). - drm/amd/display: Fix 'failed to blank crtc!' (stable-fixes). - drm/amd/display: Fix DP audio DTO1 clock source on DCE 6 (stable-fixes). - drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 (git-fixes). - drm/amd/display: Only finalize atomic_obj if it was initialized (stable-fixes). - drm/amd/display: Separate set_gsl from set_gsl_source_select (stable-fixes). - drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual (stable-fixes). - drm/amd: Restore cached power limit during resume (stable-fixes). - drm/amdgpu: Avoid extra evict-restore process (stable-fixes). - drm/amdgpu: fix incorrect vm flags to map bo (git-fixes). - drm/amdgpu: fix task hang from failed job submission during process kill (git-fixes). - drm/amdgpu: update mmhub 3.0.1 client id mappings (stable-fixes). - drm/amdkfd: Destroy KFD debugfs after destroy KFD wq (stable-fixes). - drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS (stable-fixes). - drm/hisilicon/hibmc: fix the hibmc loaded failed bug (git-fixes). - drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv (git-fixes). - drm/msm/kms: move snapshot init earlier in KMS init (git-fixes). - drm/msm: Defer fd_install in SUBMIT ioctl (git-fixes). - drm/msm: use trylock for debugfs (stable-fixes). - drm/nouveau/disp: Always accept linear modifier (git-fixes). - drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor() (git-fixes). - drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 (git-fixes). - drm/nouveau: fix typos in comments (git-fixes). - drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr (git-fixes). - drm/nouveau: remove unused memory target test (git-fixes). - drm/ttm: Respect the shrinker core free target (stable-fixes). - drm/ttm: Should to return the evict error (stable-fixes). - et131x: Add missing check after DMA map (stable-fixes). - exfat: add cluster chain loop check for dir (git-fixes). - fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (stable-fixes). - fbdev: fix potential buffer overflow in do_register_framebuffer() (stable-fixes). - fs/mnt_idmapping.c: Return -EINVAL when no map is written (bsc#1233120) - fs/orangefs: use snprintf() instead of sprintf() (git-fixes). - gpio: mlxbf3: use platform_get_irq_optional() (git-fixes). - gpio: tps65912: check the return value of regmap_update_bits() (stable-fixes). - gpio: wcd934x: check the return value of regmap_update_bits() (stable-fixes). - hfs: fix not erasing deleted b-tree node issue (git-fixes). - hfs: fix slab-out-of-bounds in hfs_bnode_read() (git-fixes). - hfsplus: do not use BUG_ON() in hfsplus_create_attributes_file() (git-fixes). - hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() (git-fixes). - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes). - hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state (stable-fixes). - i2c: Force DLL0945 touchpad i2c freq to 100khz (stable-fixes). - i3c: do not fail if GETHDRCAP is unsupported (stable-fixes). - i3c: master: Initialize ret in i3c_i2c_notifier_call() (stable-fixes). - ice, irdma: fix an off by one in error handling code (bsc#1247712). - ice, irdma: move interrupts code to irdma (bsc#1247712). - ice: Fix signedness bug in ice_init_interrupt_scheme() (bsc#1247712). - ice: count combined queues using Rx/Tx count (bsc#1247712). - ice: devlink PF MSI-X max and min parameter (bsc#1247712). - ice: enable_rdma devlink param (bsc#1247712). - ice: get rid of num_lan_msix field (bsc#1247712). - ice: init flow director before RDMA (bsc#1247712). - ice: remove splitting MSI-X between features (bsc#1247712). - ice: simplify VF MSI-X managing (bsc#1247712). - ice: treat dyn_allowed only as suggestion (bsc#1247712). - iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement (stable-fixes). - iio: adc: ad_sigma_delta: do not overallocate scan buffer (stable-fixes). - iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 (stable-fixes). - iio: imu: inv_icm42600: use = { } instead of memset() (stable-fixes). - iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() (git-fixes). - iio: proximity: isl29501: fix buffered read on big-endian systems (git-fixes). - integrity/platform_certs: Allow loading of keys in the static key management mode (jsc#PED-13345 jsc#PED-13343). - iosys-map: Fix undefined behavior in iosys_map_clear() (git-fixes). - ipmi: Fix strcpy source and destination the same (stable-fixes). - ipmi: Use dev_warn_ratelimited() for incorrect message warnings (stable-fixes). - irdma: free iwdev->rf after removing MSI-X (bsc#1247712). - jfs: Regular file corruption check (git-fixes). - jfs: truncate good inode pages when hard link is 0 (git-fixes). - jfs: upper bound check of tree index in dbAllocAG (git-fixes). - kABI: PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes). - kernel-binary: Another installation ordering fix (bsc#1241353). - kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346). - kselftest/arm64: Fix check for setting new VLs in sve-ptrace (git-fixes). - leds: leds-lp50xx: Handle reg to get correct multi_index (stable-fixes). - loop: use kiocb helpers to fix lockdep warning (git-fixes). - mISDN: hfcpci: Fix warning when deleting uninitialized timer (git-fixes). - md/md-cluster: handle REMOVE message earlier (bsc#1247057). - md/raid1,raid10: strip REQ_NOWAIT from member bios (git-fixes). - md: allow removing faulty rdev during resync (git-fixes). - md: make rdev_addable usable for rcu mode (git-fixes). - media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (stable-fixes). - media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (stable-fixes). - media: tc358743: Check I2C succeeded during probe (stable-fixes). - media: tc358743: Increase FIFO trigger level to 374 (stable-fixes). - media: tc358743: Return an appropriate colorspace from tc358743_set_fmt (stable-fixes). - media: usb: hdpvr: disable zero-length read messages (stable-fixes). - media: uvcvideo: Fix bandwidth issue for Alcor camera (stable-fixes). - media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control (stable-fixes). - mei: bus: Check for still connected devices in mei_cl_bus_dev_release() (stable-fixes). - memstick: Fix deadlock by moving removing flag earlier (git-fixes). - mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() (git-fixes). - mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() (stable-fixes). - mmc: sdhci-msm: Ensure SD card power isn't ON when card removed (stable-fixes). - mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency (git-fixes). - most: core: Drop device reference after usage in get_channel() (git-fixes). - mptcp: fallback when MPTCP opts are dropped after 1st data (git-fixes). - mptcp: reset when MPTCP opts are dropped after join (git-fixes). - net: phy: micrel: Add ksz9131_resume() (stable-fixes). - net: phy: smsc: add proper reset flags for LAN8710A (stable-fixes). - net: thunderbolt: Enable end-to-end flow control also in transmit (stable-fixes). - net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() (stable-fixes). - net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization (git-fixes). - net: usb: asix_devices: add phy_mask for ax88772 mdio bus (git-fixes). - pNFS: Fix disk addr range check in block/scsi layout (git-fixes). - pNFS: Fix stripe mapping in block/scsi layout (git-fixes). - pNFS: Fix uninited ptr deref in block/scsi layout (git-fixes). - pNFS: Handle RPC size limit for layoutcommits (git-fixes). - phy: mscc: Fix parsing of unicast frames (git-fixes). - phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal (stable-fixes). - pinctrl: STMFX: add missing HAS_IOMEM dependency (git-fixes). - pinctrl: stm32: Manage irq affinity settings (stable-fixes). - platform/chrome: cros_ec_typec: Defer probe on missing EC parent (stable-fixes). - platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list (stable-fixes). - pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() (stable-fixes). - power: supply: qcom_battmgr: Add lithium-polymer entry (stable-fixes). - powerpc/eeh: Export eeh_unfreeze_pe() (bsc#1215199). - powerpc/eeh: Make EEH driver device hotplug safe (bsc#1215199). - powerpc/eeh: Rely on dev->link_active_reporting (bsc#1215199). - powerpc/kernel: Fix ppc_save_regs inclusion in build (bsc#1215199). - powerpc/pseries: Correct secvar format representation for static key management (jsc#PED-13345 jsc#PED-13343). - powerpc/secvar: Expose secvars relevant to the key management mode (jsc#PED-13345 jsc#PED-13343). - powerpc: do not build ppc_save_regs.o always (bsc#1215199). - pwm: mediatek: Fix duty and period setting (git-fixes). - pwm: mediatek: Handle hardware enable and clock enable separately (stable-fixes). - reset: brcmstb: Enable reset drivers for ARCH_BCM2835 (stable-fixes). - rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 (stable-fixes). - rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe (stable-fixes). - samples/bpf: Fix compilation errors with cf-protection option (git-fixes). - scsi: core: Fix kernel doc for scsi_track_queue_full() (git-fixes). - scsi: elx: efct: Fix dma_unmap_sg() nents value (git-fixes). - scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value (git-fixes). - scsi: isci: Fix dma_unmap_sg() nents value (git-fixes). - scsi: mpi3mr: Fix kernel-doc issues in mpi3mr_app.c (git-fixes). - scsi: mpi3mr: Fix race between config read submit and interrupt completion (git-fixes). - scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems (git-fixes). - scsi: mpt3sas: Fix a fw_event memory leak (git-fixes). - scsi: mvsas: Fix dma_unmap_sg() nents value (git-fixes). - scsi: sd: Make sd shutdown issue START STOP UNIT appropriately (git-fixes). - selftests/bpf: fexit_sleep: Fix stack allocation for arm64 (git-fixes). - selftests/tracing: Fix false failure of subsystem event test (git-fixes). - selftests: Fix errno checking in syscall_user_dispatch test (git-fixes). - selftests: rtnetlink.sh: remove esp4_offload after test (git-fixes). - serial: 8250: fix panic due to PSLVERR (git-fixes). - slab: Decouple slab_debug and no_hash_pointers (bsc#1249022). - smb: client: fix parsing of device numbers (git-fixes). - soc/tegra: pmc: Ensure power-domains are in a known state (git-fixes). - soundwire: amd: serialize amd manager resume sequence during pm_prepare (stable-fixes). - squashfs: fix memory leak in squashfs_fill_super (git-fixes). - sunrpc: fix handling of server side tls alerts (git-fixes). - sunvdc: Balance device refcount in vdc_port_mpgroup_check (git-fixes). - thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required (stable-fixes). - thermal: sysfs: Return ENODATA instead of EAGAIN for reads (stable-fixes). - ublk: sanity check add_dev input for underflow (git-fixes). - ublk: use vmalloc for ublk_device's __queues (git-fixes). - usb: core: config: Prevent OOB read in SS endpoint companion parsing (stable-fixes). - usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test (git-fixes). - usb: core: usb_submit_urb: downgrade type check (stable-fixes). - usb: dwc3: Ignore late xferNotReady event to prevent halt timeout (git-fixes). - usb: dwc3: Remove WARN_ON for device endpoint command timeouts (stable-fixes). - usb: dwc3: core: Fix system suspend on TI AM62 platforms (git-fixes). - usb: dwc3: fix fault at system suspend if device was already runtime suspended (git-fixes). - usb: dwc3: pci: add support for the Intel Wildcat Lake (stable-fixes). - usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive (stable-fixes). - usb: renesas-xhci: Fix External ROM access timeouts (git-fixes). - usb: storage: realtek_cr: Use correct byte order for bcs->Residue (git-fixes). - usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present (stable-fixes). - usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default (stable-fixes). - usb: xhci: Avoid showing errors during surprise removal (stable-fixes). - usb: xhci: Avoid showing warnings for dying controller (stable-fixes). - usb: xhci: Fix slot_id resource race conflict (git-fixes). - usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command (stable-fixes). - usb: xhci: print xhci->xhc_state when queue_command failed (stable-fixes). - vfs: Add a sysctl for automated deletion of dentry (bsc#1240890). - watchdog: dw_wdt: Fix default timeout (stable-fixes). - watchdog: iTCO_wdt: Report error if timeout configuration fails (stable-fixes). - watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition (stable-fixes). - wifi: ath12k: Add memset and update default rate value in wmi tx completion (stable-fixes). - wifi: ath12k: Correct tid cleanup when tid setup fails (stable-fixes). - wifi: ath12k: Decrement TID on RX peer frag setup error handling (stable-fixes). - wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 (stable-fixes). - wifi: cfg80211: Fix interface type validation (stable-fixes). - wifi: cfg80211: reject HTC bit for management frames (stable-fixes). - wifi: iwlegacy: Check rate_idx range after addition (stable-fixes). - wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() (stable-fixes). - wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect (stable-fixes). - wifi: iwlwifi: mvm: fix scan request validation (stable-fixes). - wifi: iwlwifi: mvm: set gtk id also in older FWs (stable-fixes). - wifi: mac80211: do not complete management TX on SAE commit (stable-fixes). - wifi: mac80211: fix rx link assignment for non-MLO stations (stable-fixes). - wifi: mac80211: update radar_required in channel context after channel switch (stable-fixes). - wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch (stable-fixes). - wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() (stable-fixes). - wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()` (stable-fixes). - wifi: rtw89: Disable deep power saving for USB/SDIO (stable-fixes). - wifi: rtw89: Fix rtw89_mac_power_switch() for USB (stable-fixes). - wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB (stable-fixes). Important SUSE bug 1012628 SUSE bug 1213545 SUSE bug 1215199 SUSE bug 1221858 SUSE bug 1222323 SUSE bug 1230557 SUSE bug 1230708 SUSE bug 1232089 SUSE bug 1233120 SUSE bug 1240708 SUSE bug 1240890 SUSE bug 1241353 SUSE bug 1242034 SUSE bug 1242754 SUSE bug 1242960 SUSE bug 1244734 SUSE bug 1244930 SUSE bug 1245663 SUSE bug 1245710 SUSE bug 1245767 SUSE bug 1245780 SUSE bug 1245815 SUSE bug 1245956 SUSE bug 1245973 SUSE bug 1245977 SUSE bug 1246005 SUSE bug 1246012 SUSE bug 1246181 SUSE bug 1246193 SUSE bug 1247057 SUSE bug 1247078 SUSE bug 1247112 SUSE bug 1247116 SUSE bug 1247119 SUSE bug 1247155 SUSE bug 1247162 SUSE bug 1247167 SUSE bug 1247229 SUSE bug 1247243 SUSE bug 1247280 SUSE bug 1247313 SUSE bug 1247712 SUSE bug 1247976 SUSE bug 1248088 SUSE bug 1248108 SUSE bug 1248164 SUSE bug 1248166 SUSE bug 1248178 SUSE bug 1248179 SUSE bug 1248180 SUSE bug 1248183 SUSE bug 1248186 SUSE bug 1248194 SUSE bug 1248196 SUSE bug 1248198 SUSE bug 1248205 SUSE bug 1248206 SUSE bug 1248208 SUSE bug 1248209 SUSE bug 1248212 SUSE bug 1248213 SUSE bug 1248214 SUSE bug 1248216 SUSE bug 1248217 SUSE bug 1248223 SUSE bug 1248227 SUSE bug 1248228 SUSE bug 1248229 SUSE bug 1248240 SUSE bug 1248255 SUSE bug 1248297 SUSE bug 1248306 SUSE bug 1248312 SUSE bug 1248333 SUSE bug 1248337 SUSE bug 1248338 SUSE bug 1248340 SUSE bug 1248341 SUSE bug 1248345 SUSE bug 1248349 SUSE bug 1248350 SUSE bug 1248354 SUSE bug 1248355 SUSE bug 1248361 SUSE bug 1248363 SUSE bug 1248368 SUSE bug 1248374 SUSE bug 1248377 SUSE bug 1248386 SUSE bug 1248390 SUSE bug 1248395 SUSE bug 1248399 SUSE bug 1248401 SUSE bug 1248511 SUSE bug 1248573 SUSE bug 1248575 SUSE bug 1248577 SUSE bug 1248609 SUSE bug 1248614 SUSE bug 1248617 SUSE bug 1248621 SUSE bug 1248636 SUSE bug 1248643 SUSE bug 1248648 SUSE bug 1248652 SUSE bug 1248655 SUSE bug 1248666 SUSE bug 1248669 SUSE bug 1248746 SUSE bug 1248748 SUSE bug 1249022 SUSE bug 1249346 CVE-2023-3867 at SUSE CVE-2023-3867 at NVD CVE-2023-4130 at SUSE CVE-2023-4130 at NVD CVE-2023-4515 at SUSE CVE-2023-4515 at NVD CVE-2024-26661 at SUSE CVE-2024-26661 at NVD CVE-2024-46733 at SUSE CVE-2024-46733 at NVD CVE-2024-49996 at SUSE CVE-2024-49996 at NVD CVE-2024-58238 at SUSE CVE-2024-58238 at NVD CVE-2024-58239 at SUSE CVE-2024-58239 at NVD CVE-2025-37885 at SUSE CVE-2025-37885 at NVD CVE-2025-38006 at SUSE CVE-2025-38006 at NVD CVE-2025-38075 at SUSE CVE-2025-38075 at NVD CVE-2025-38103 at SUSE CVE-2025-38103 at NVD CVE-2025-38125 at SUSE CVE-2025-38125 at NVD CVE-2025-38146 at SUSE CVE-2025-38146 at NVD CVE-2025-38160 at SUSE CVE-2025-38160 at NVD CVE-2025-38184 at SUSE CVE-2025-38184 at NVD CVE-2025-38185 at SUSE CVE-2025-38185 at NVD CVE-2025-38190 at SUSE CVE-2025-38190 at NVD CVE-2025-38201 at SUSE CVE-2025-38201 at NVD CVE-2025-38205 at SUSE CVE-2025-38205 at NVD CVE-2025-38208 at SUSE CVE-2025-38208 at NVD CVE-2025-38245 at SUSE CVE-2025-38245 at NVD CVE-2025-38251 at SUSE CVE-2025-38251 at NVD CVE-2025-38360 at SUSE CVE-2025-38360 at NVD CVE-2025-38439 at SUSE CVE-2025-38439 at NVD CVE-2025-38441 at SUSE CVE-2025-38441 at NVD CVE-2025-38444 at SUSE CVE-2025-38444 at NVD CVE-2025-38445 at SUSE CVE-2025-38445 at NVD CVE-2025-38458 at SUSE CVE-2025-38458 at NVD CVE-2025-38459 at SUSE CVE-2025-38459 at NVD CVE-2025-38464 at SUSE CVE-2025-38464 at NVD CVE-2025-38472 at SUSE CVE-2025-38472 at NVD CVE-2025-38490 at SUSE CVE-2025-38490 at NVD CVE-2025-38491 at SUSE CVE-2025-38491 at NVD CVE-2025-38499 at SUSE CVE-2025-38499 at NVD CVE-2025-38500 at SUSE CVE-2025-38500 at NVD CVE-2025-38503 at SUSE CVE-2025-38503 at NVD CVE-2025-38506 at SUSE CVE-2025-38506 at NVD CVE-2025-38510 at SUSE CVE-2025-38510 at NVD CVE-2025-38512 at SUSE CVE-2025-38512 at NVD CVE-2025-38513 at SUSE CVE-2025-38513 at NVD CVE-2025-38515 at SUSE CVE-2025-38515 at NVD CVE-2025-38516 at SUSE CVE-2025-38516 at NVD CVE-2025-38520 at SUSE CVE-2025-38520 at NVD CVE-2025-38524 at SUSE CVE-2025-38524 at NVD CVE-2025-38528 at SUSE CVE-2025-38528 at NVD CVE-2025-38529 at SUSE CVE-2025-38529 at NVD CVE-2025-38530 at SUSE CVE-2025-38530 at NVD CVE-2025-38531 at SUSE CVE-2025-38531 at NVD CVE-2025-38535 at SUSE CVE-2025-38535 at NVD CVE-2025-38537 at SUSE CVE-2025-38537 at NVD CVE-2025-38538 at SUSE CVE-2025-38538 at NVD CVE-2025-38540 at SUSE CVE-2025-38540 at NVD CVE-2025-38541 at SUSE CVE-2025-38541 at NVD CVE-2025-38543 at SUSE CVE-2025-38543 at NVD CVE-2025-38546 at SUSE CVE-2025-38546 at NVD CVE-2025-38548 at SUSE CVE-2025-38548 at NVD CVE-2025-38550 at SUSE CVE-2025-38550 at NVD CVE-2025-38553 at SUSE CVE-2025-38553 at NVD CVE-2025-38555 at SUSE CVE-2025-38555 at NVD CVE-2025-38560 at SUSE CVE-2025-38560 at NVD CVE-2025-38563 at SUSE CVE-2025-38563 at NVD CVE-2025-38565 at SUSE CVE-2025-38565 at NVD CVE-2025-38566 at SUSE CVE-2025-38566 at NVD CVE-2025-38568 at SUSE CVE-2025-38568 at NVD CVE-2025-38571 at SUSE CVE-2025-38571 at NVD CVE-2025-38572 at SUSE CVE-2025-38572 at NVD CVE-2025-38576 at SUSE CVE-2025-38576 at NVD CVE-2025-38581 at SUSE CVE-2025-38581 at NVD CVE-2025-38582 at SUSE CVE-2025-38582 at NVD CVE-2025-38583 at SUSE CVE-2025-38583 at NVD CVE-2025-38585 at SUSE CVE-2025-38585 at NVD CVE-2025-38587 at SUSE CVE-2025-38587 at NVD CVE-2025-38588 at SUSE CVE-2025-38588 at NVD CVE-2025-38591 at SUSE CVE-2025-38591 at NVD CVE-2025-38601 at SUSE CVE-2025-38601 at NVD CVE-2025-38602 at SUSE CVE-2025-38602 at NVD CVE-2025-38604 at SUSE CVE-2025-38604 at NVD CVE-2025-38608 at SUSE CVE-2025-38608 at NVD CVE-2025-38609 at SUSE CVE-2025-38609 at NVD CVE-2025-38610 at SUSE CVE-2025-38610 at NVD CVE-2025-38612 at SUSE CVE-2025-38612 at NVD CVE-2025-38617 at SUSE CVE-2025-38617 at NVD CVE-2025-38618 at SUSE CVE-2025-38618 at NVD CVE-2025-38621 at SUSE CVE-2025-38621 at NVD CVE-2025-38624 at SUSE CVE-2025-38624 at NVD CVE-2025-38630 at SUSE CVE-2025-38630 at NVD CVE-2025-38632 at SUSE CVE-2025-38632 at NVD CVE-2025-38634 at SUSE CVE-2025-38634 at NVD CVE-2025-38635 at SUSE CVE-2025-38635 at NVD CVE-2025-38644 at SUSE CVE-2025-38644 at NVD CVE-2025-38646 at SUSE CVE-2025-38646 at NVD CVE-2025-38650 at SUSE CVE-2025-38650 at NVD CVE-2025-38656 at SUSE CVE-2025-38656 at NVD CVE-2025-38663 at SUSE CVE-2025-38663 at NVD CVE-2025-38665 at SUSE CVE-2025-38665 at NVD CVE-2025-38670 at SUSE CVE-2025-38670 at NVD CVE-2025-38671 at SUSE CVE-2025-38671 at NVD cpe:/o:opensuse:leap:15.6 Security update for mariadb (Moderate) openSUSE Leap 15.6 This update for mariadb fixes the following issues: Update to version 10.11.14. Security issues fixed: - CVE-2025-30693: InnoDB issue allows high privileged attacker with network access to gain unauthorized update, insert or delete access to data and cause repeatable crash in MySQL server (bsc#1249213). - CVE-2025-30722: mysqldump issue allows low privileged attacker with network access to gain unauthorized update, insert or delete access to data in MySQL Client (bsc#1249212). - CVE-2023-52969: crash with empty backtrace log in MariaDB Server (bsc#1239150). - CVE-2023-52970: crash in MariaDB Server when inserting from derived table containing insert target table (bsc#1239151). - CVE-2023-52971: crash in the optimizer of MariaDB Server when processing certain queries with subqueries (bsc#1249219). Release notes and changelog: - https://mariadb.com/docs/release-notes/community-server/mariadb-10-11-series/mariadb-10.11.14-release-notes - https://mariadb.com/docs/release-notes/community-server/changelogs/changelogs-mariadb-10-11-series/mariadb-10.11.14-changelog - https://mariadb.com/kb/en/mariadb-10-11-13-release-notes/ - https://mariadb.com/kb/en/mariadb-10-11-13-changelog/ - https://mariadb.com/kb/en/mariadb-10-11-12-release-notes/ - https://mariadb.com/kb/en/mariadb-10-11-12-changelog/ Moderate SUSE bug 1239150 SUSE bug 1239151 SUSE bug 1249212 SUSE bug 1249213 SUSE bug 1249219 CVE-2023-52969 at SUSE CVE-2023-52969 at NVD CVE-2023-52970 at SUSE CVE-2023-52970 at NVD CVE-2023-52971 at SUSE CVE-2023-52971 at NVD CVE-2025-30693 at SUSE CVE-2025-30693 at NVD CVE-2025-30722 at SUSE CVE-2025-30722 at NVD cpe:/o:opensuse:leap:15.6 Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container (Important) openSUSE Leap 15.6 This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues: This update for kubevirt updates golang.org/x/net to 0.38.0, fixing security issues (CVE-2025-22872, CVE-2024-45337, CVE-2024-45338, bsc#1234537, bsc#1235303, bsc#1241772) and also rebuilds it against current GO. Important SUSE bug 1234537 SUSE bug 1235303 SUSE bug 1241772 CVE-2024-45337 at SUSE CVE-2024-45337 at NVD CVE-2024-45338 at SUSE CVE-2024-45338 at NVD CVE-2025-22872 at SUSE CVE-2025-22872 at NVD cpe:/o:opensuse:leap:15.6 Security update for mybatis, ognl (Important) openSUSE Leap 15.6 This update for mybatis, ognl fixes the following issues: Version update to 3.5.7: * Bug fixes: + Improved performance under JDK 8. #2223 Version update to 3.5.8: * List of changes: + Avoid NullPointerException when mapping an empty string to java.lang.Character. #2368 + Fixed an incorrect argument when initializing static object. This resolves a compatibility issue with quarkus-mybatis. #2284 + Performance improvements. #2297 #2335 #2340 Version update to 3.5.9: * List of changes: + Add nullable to <foreach />. If enabled, it skips the iteration when the collection is null instead of throwing an exception. To enable this feature globally, set nullableOnForEach=true in the config. #1883 Version update to 3.5.10: * Bug fixes: + Unexpected illegal reflective access warning (or InaccessibleObjectException on Java 16+) when calling method in OGNL expression. #2392 + IllegalAccessException when auto-mapping Records (JEP-359) #2195 + 'interrupted' status is not set when PooledConnection#getConnection() is interrupted. #2503 * Enhancements: + A new option argNameBasedConstructorAutoMapping is added. If enabled, constructor argument names are used to look up columns when auto-mapping. #2192 + Added a new property skipSetAutoCommitOnClose to JdbcTransactionFactory. Skipping setAutoCommit() call could improve performance with some drivers. #2426 + <idArg /> can now be listed after <arg /> in <constructor />. #2541 Version update to 3.5.11: * Bug fixes: + OGNL could throw IllegalArgumentException when invoking inherited method. #2609 + returnInstanceForEmptyRow is not applied to constructor auto-mapping. #2665 Version update to 3.5.12 * User impactful changes + #2703 Referencing collection parameter by name fails fixing #2693 + #2709 Fix a race condition caused by other threads calling mapper methods while mapped tables are being constructed + #2727 Enable ability to provide custom configuration to XMLConfigBuilder + #2731 Adding mapper could fail under JPMS + #2741 Add 'affectedData' attribute to @select, @SelectProvider, and <select /> + #2767 Resolve resultType by namespace and id when not provided resultType and resultMap + #2804 Search readable property when resolving constructor arg type by name + Minor correction: 'boolean' can never be null (primative) + General library updates + Uses parameters option for compiler now (needed by spring boot 3) (for reflection needs) * Code cleanup + #2816 Use open rewrite to partially cleanup java code + #2817 Add private constructors per open rewrite + #2819 Add final where appropriate per open rewrite + #2825 Cleanup if statement breaks / return logic + #2826 Eclipse based cleanup * Build + #2820 Remove test ci group profile in favor of more direct usage on GH-Actions and update deprecated surefire along in overview in README.md + Adjustments to build so shaded ognl and javassist no longer throw warnings + Build with jdk 21-ea as well now + Various test cleanup, updates, and additions + Turn on auto formatting of all java code including note to contributors on readme to skip formatting when necessary in code blocks + Tests may use jdk 11 now while retaining jdk 8 runtime + Pom cleanup / better clarification on parameters * Documentation + Various documentation updates Version update to 3.5.13: * Bug fix: + Unable to resolve result type when the target property has a getter with different return type #2834 Version update to 3.5.14: * Bug fixes: + Registered type handler is not used for anonymous enums #2956 + Discriminator does not work in constructor mapping #2913 Version update to 3.5.15: * Changes + XNode#toString() should output all child nodes. See #3001 and associated tickets on this issue + Fix performance of mappedColumnNames.contains by using 'set' rather than 'list'. See #3023 + Fix osgi issue with javassist. See #3031 + Updated shaded OGNL to 3.4.2. See #3035 + Add support method for generating dynamic sql on SQL class. See #2887 + General library updates + General document updates * Build + We now show builds from java 11, 17, 21, and 22 on Github Actions. Code is still java 8 compatible at this time. + Update vulnerable hsqldb to 2.7.2 fixing our tests that now work due to newer support. Note, users were never affected by this but at least one user pull request was attempted opened in addition to both renovate and dependabot and various reporting on it. + Now using more properties to define versions in pom to lower the frequency of pull requests from renovate Version update to 3.5.16: * Security: + Prevent Invocation from being used by vulnerable applications. #3115 * Bugs: + When database ID resolution is failed, invalid bound statement is used. #3040 * Enhancements: + It is now possible to write a custom map wrapper to customize how to map column name with dots or brackets. #13 #3062 * Performance: + Improved compatibility with Virtual Threads introduced by Loom. + Reduced memory footprint when performing the default (i.e. order based) constructor auto-mapping. #3113 * Build: + Include the shaded libraries (OGNL and Javassist) in the sources.jar. Version update to 3.5.17: * Bugs: + VendorDatabaseIdProvider#getDatabaseId() should return product name when properties is empty #3297 + Update NClobTypeHandler to use methods for national character set #3298 * Enhancements: + Allow DefaultSqlSessionFactory to provide a custom SqlSession #3128 Version update to 3.5.18: * Regressions + Fixed issue in 3.5.17 #3334 * New + Ignore empty xnode per #3349 + Share expression validator #3339 + Throw helpful error instead of IndexOutOfBoundsException (automapping) #3327 + Optimize mapper builder #3252 * Tests + Add TransactionFactory, Transaction test cases #3277 * Build + Reworked pom to match current java 17 build usage + Moved all tests to newer java standards + Cleaned up github actions + Run 'site' branch only on release commits Version update to 3.5.19: * Revert Regression introduced by #3349. - Initial packaging with version 3.4.7 ognl replaces the EOLed apache-commons-ognl that has an unpatched security bug (bsc#1248252, CVE-2025-53192) Important SUSE bug 1248252 CVE-2025-53192 at SUSE CVE-2025-53192 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaFirefox (Important) openSUSE Leap 15.6 This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 140.3.0 ESR (bsc#1249391). MFSA 2025-75: * CVE-2025-10527 (bmo#1984825) Sandbox escape due to use-after-free in the Graphics: Canvas2D component * CVE-2025-10528 (bmo#1986185) Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component * CVE-2025-10529 (bmo#1970490) Same-origin policy bypass in the Layout component * CVE-2025-10532 (bmo#1979502) Incorrect boundary conditions in the JavaScript: GC component * CVE-2025-10533 (bmo#1980788) Integer overflow in the SVG component * CVE-2025-10536 (bmo#1981502) Information disclosure in the Networking: Cache component * CVE-2025-10537 (bmo#1938220, bmo#1980730, bmo#1981280, bmo#1981283, bmo#1984505, bmo#1985067) Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 Important SUSE bug 1249391 CVE-2025-10527 at SUSE CVE-2025-10527 at NVD CVE-2025-10528 at SUSE CVE-2025-10528 at NVD CVE-2025-10529 at SUSE CVE-2025-10529 at NVD CVE-2025-10532 at SUSE CVE-2025-10532 at NVD CVE-2025-10533 at SUSE CVE-2025-10533 at NVD CVE-2025-10536 at SUSE CVE-2025-10536 at NVD CVE-2025-10537 at SUSE CVE-2025-10537 at NVD cpe:/o:opensuse:leap:15.6 Security update for wireshark (Moderate) openSUSE Leap 15.6 This update for wireshark fixes the following issues: Update to version 4.2.13. Security issues fixed: - CVE-2025-9817: SSH dissector crash due to NULL pointer dereference when processing malformed packet traces (bsc#1249090). Non-security issues fixed: - Bug in UDS dissector with Service ReadDataByPeriodicIdentifier Response. - Incorrectly parsed `application/x-www-form-urlencoded` key following a name-value byte sequence with no `=`. - DNP3 time stamp not working after epoch time (year 2038). - Bug in LZ77 decoder; reads a 16-bit length when it should read a 32-bit length. Moderate SUSE bug 1249090 CVE-2025-9817 at SUSE CVE-2025-9817 at NVD cpe:/o:opensuse:leap:15.6 Security update for rustup (Moderate) openSUSE Leap 15.6 This update for rustup fixes the following issues: - CVE-2024-12224: Fixed improper validation of unsafe equivalence in punycode (bsc#1243862) - CVE-2025-3416: Fixed use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242617) Moderate SUSE bug 1242617 SUSE bug 1243862 CVE-2024-12224 at SUSE CVE-2024-12224 at NVD CVE-2025-3416 at SUSE CVE-2025-3416 at NVD cpe:/o:opensuse:leap:15.6 Security update for tomcat10 (Important) openSUSE Leap 15.6 This update for tomcat10 fixes the following issues: Update to Tomcat 10.1.34 - Fixed CVEs: + CVE-2024-54677: DoS in examples web application (bsc#1234664) + CVE-2024-50379: RCE due to TOCTOU issue in JSP compilation (bsc#1234663) + CVE-2024-52317: Request/response mix-up with HTTP/2 (bsc#1233435) + CVE-2024-56337: RCE due to TOCTOU issue in JSP compilation - mitigation was incomplete - Catalina + Add: Add option to serve resources from subpath only with WebDAV Servlet like with DefaultServlet. (michaelo) + Fix: Add special handling for the protocols attribute of SSLHostConfig in storeconfig. (remm) + Fix: 69442: Fix case sensitive check on content-type when parsing request parameters. (remm) + Code: Refactor duplicate code for extracting media type and subtype from content-type into a single method. (markt) + Fix: Compatibility of generated embedded code with components where constructors or property related methods throw a checked exception. (remm) + Fix: The previous fix for inconsistent resource metadata during concurrent reads and writes was incomplete. (markt) + Fix: #780: Fix content-range header length. Submitted by Chenjp. (remm) + Fix: 69444: Ensure that the jakarta.servlet.error.message request attribute is set when an application defined error page is called. (markt) + Fix: Avoid quotes for numeric values in the JSON generated by the status servlet. (remm) + Add: Add strong ETag support for the WebDAV and default servlet, which can be enabled by using the useStrongETags init parameter with a value set to true. The ETag generated will be a SHA-1 checksum of the resource content. (remm) + Fix: Use client locale for directory listings. (remm) + Fix: 69439: Improve the handling of multiple Cache-Control headers in the ExpiresFilter. Based on pull request #777 by Chenjp. (markt) + Fix: 69447: Update the support for caching classes the web application class loader cannot find to take account of classes loaded from external repositories. Prior to this fix, these classes could be incorrectly marked as not found. (markt) + Fix: 69466: Rework handling of HEAD requests. Headers explicitly set by users will not be removed and any header present in a HEAD request will also be present in the equivalent GET request. There may be some headers, as per RFC 9110, section 9.3.2, that are present in a GET request that are not present in the equivalent HEAD request. (markt) + Fix: 69471: Log instances of CloseNowException caught by ApplicationDispatcher.invoke() at debug level rather than error level as they are very likely to have been caused by a client disconnection or similar I/O issue. (markt) + Add: Add a test case for the fix for 69442. Also refactor references to application/x-www-form-urlencoded. Based on pull request #779 by Chenjp. (markt) + Fix: 69476: Catch possible ISE when trying to report PUT failure in the DefaultServlet. (remm) + Add: Add support for RateLimit header fields for HTTP (draft) in the RateLimitFilter. Based on pull request #775 provided by Chenjp. (markt) + Add: #787: Add regression tests for 69478. Pull request provided by Thomas Krisch. (markt) + Fix: The default servlet now rejects HTTP range requests when two or more of the requested ranges overlap. Based on pull request #782 provided by Chenjp. (markt) + Fix: Enhance Content-Range verification for partial PUT requests handled by the default servlet. Provided by Chenjp in pull request #778. (markt) + Fix: Harmonize DataSourceStore lookup in the global resources to optionally avoid the comp/env prefix which is usually not used there. (remm) + Fix: As required by RFC 9110, the HTTP Range header will now only be processed for GET requests. Based on pull request #790 provided by Chenjp. (markt) + Fix: Deprecate the useAcceptRanges initialisation parameter for the default servlet. It will be removed in Tomcat 12 onwards where it will effectively be hard coded to true. (markt) + Add: Add DataSource based property storage for the WebdavServlet. (remm) - Coyote + Fix: Align encodedSolidusHandling with the Servlet specification. If the pass-through mode is used, any %25 sequences will now also be passed through to avoid errors and/or corruption when the application decodes the path. (markt) - Jasper + Fix: Follow-up to the fix for 69381. Apply the optimisation for method lookup performance in expression language to an additional location. (markt) - Web applications + Fix: Documentation. Remove references to the ResourceParams element. Support for ResourceParams was removed in Tomcat 5.5.x. (markt) + Fix: Documentation. 69477: Correct name of attribute for RemoteIPFilter. The attribute is internalProxies rather than allowedInternalProxies. Pull request #786 (markt) + Fix: Examples. Fix broken links when Servlet Request Info example is called via a URL that includes a pathInfo component. (markt) + Fix: Examples. Expand the obfuscation of session cookie values in the request header example to JSON responses. (markt) + Add: Examples. Add the ability to delete session attributes in the servlet session example. (markt) + Add: Examples. Add a hard coded limit of 10 attributes per session for the servlet session example. (markt) + Add: Examples. Add the ability to delete session attributes and add a hard coded limit of 10 attributes per session for the JSP form authentication example. (markt) + Add: Examples. Limit the shopping cart example to only allow adding the pre-defined items to the cart. (markt) + Fix: Examples. Remove JSP calendar example. (markt) - Other + Fix: 69465: Fix warnings during native image compilation using the Tomcat embedded JARs. (markt) + Update: Update Tomcat's fork of Commons DBCP to 2.13.0. (markt) + Update: Update EasyMock to 5.5.0. (markt) + Update: Update Checkstyle to 10.20.2. (markt) + Update: Update BND to 7.1.0. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Korean translations. (markt) + Add: Improvements to Chinese translations. (markt) + Add: Improvements to Japanese translations by tak7iji. (markt) Important SUSE bug 1233435 SUSE bug 1234663 SUSE bug 1234664 SUSE bug 1236809 CVE-2024-50379 at SUSE CVE-2024-50379 at NVD CVE-2024-52317 at SUSE CVE-2024-52317 at NVD CVE-2024-54677 at SUSE CVE-2024-54677 at NVD CVE-2024-56337 at SUSE CVE-2024-56337 at NVD cpe:/o:opensuse:leap:15.6 Security update for vim (Moderate) openSUSE Leap 15.6 This update for vim fixes the following issues: Updated to 9.1.1629: - CVE-2025-53905: Fixed malicious tar archive may causing a path traversal in Vim’s tar.vim plugin (bsc#1246604) - CVE-2025-53906: Fixed malicious zip archive may causing a path traversal in Vim’s zip (bsc#1246602) - CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938) - CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939) Moderate SUSE bug 1246602 SUSE bug 1246604 SUSE bug 1247938 SUSE bug 1247939 CVE-2025-53905 at SUSE CVE-2025-53905 at NVD CVE-2025-53906 at SUSE CVE-2025-53906 at NVD CVE-2025-55157 at SUSE CVE-2025-55157 at NVD CVE-2025-55158 at SUSE CVE-2025-55158 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-46733: btrfs: fix qgroup reserve leaks in cow_file_range (bsc#1230708). - CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089). - CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156). - CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960). - CVE-2025-38006: net: mctp: Do not access ifa_index when missing (bsc#1244930). - CVE-2025-38075: scsi: target: iscsi: Fix timeout on deleted connection (bsc#1244734). - CVE-2025-38103: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (bsc#1245663). - CVE-2025-38125: net: stmmac: make sure that ptp_rate is not 0 before configuring EST (bsc#1245710). - CVE-2025-38146: net: openvswitch: Fix the dead loop of MPLS parse (bsc#1245767). - CVE-2025-38160: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() (bsc#1245780). - CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956). - CVE-2025-38185: atm: atmtcp: Free invalid length skb in atmtcp_c_send() (bsc#1246012). - CVE-2025-38190: atm: Revert atm_account_tx() if copy_from_iter_full() fails (bsc#1245973). - CVE-2025-38201: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX (bsc#1245977). - CVE-2025-38205: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 (bsc#1246005). - CVE-2025-38208: smb: client: add NULL check in automount_fullpath (bsc#1245815). - CVE-2025-38245: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister() (bsc#1246193). - CVE-2025-38251: atm: clip: prevent NULL deref in clip_push() (bsc#1246181). - CVE-2025-38360: drm/amd/display: Add more checks for DSC / HUBP ONO guarantees (bsc#1247078). - CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306). - CVE-2025-38439: bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (bsc#1247155). - CVE-2025-38441: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (bsc#1247167). - CVE-2025-38444: raid10: cleanup memleak at raid10_make_request (bsc#1247162). - CVE-2025-38445: md/raid1: Fix stack memory use after return in raid1_reshape (bsc#1247229). - CVE-2025-38458: atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (bsc#1247116). - CVE-2025-38459: atm: clip: Fix infinite recursive call of clip_push() (bsc#1247119). - CVE-2025-38464: tipc: Fix use-after-free in tipc_conn_close() (bsc#1247112). - CVE-2025-38472: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (bsc#1247313). - CVE-2025-38490: net: libwx: remove duplicate page_pool_put_full_page() (bsc#1247243). - CVE-2025-38491: mptcp: make fallback action and fallback decision atomic (bsc#1247280). - CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976). - CVE-2025-38500: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (bsc#1248088). - CVE-2025-38506: KVM: Allow CPU to reschedule while setting per-page memory attributes (bsc#1248186). - CVE-2025-38520: drm/amdkfd: Do not call mmput from MMU notifier callback (bsc#1248217). - CVE-2025-38524: rxrpc: Fix recv-recv race of completed call (bsc#1248194). - CVE-2025-38528: bpf: Reject %p% format string in bprintf-like helpers (bsc#1248198). - CVE-2025-38531: iio: common: st_sensors: Fix use of uninitialize device structs (bsc#1248205). - CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223). - CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312). - CVE-2025-38585: staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() (bsc#1248355). - CVE-2025-38591: bpf: Reject narrower access to pointer ctx fields (bsc#1248363). - CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338). - CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511). The following non-security bugs were fixed: - ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered (stable-fixes). - ACPI: pfr_update: Fix the driver update version check (git-fixes). - ACPI: processor: fix acpi_object initialization (stable-fixes). - ACPI: processor: perflib: Move problematic pr->performance check (git-fixes). - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (stable-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks (stable-fixes). - ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 (stable-fixes). - ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again (git-fixes). - ALSA: hda/realtek: Fix headset mic on ASUS Zenbook 14 (git-fixes). - ALSA: hda/realtek: Fix headset mic on HONOR BRB-X (stable-fixes). - ALSA: hda: Disable jack polling at shutdown (stable-fixes). - ALSA: hda: Handle the jack polling always via a work (stable-fixes). - ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 (stable-fixes). - ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop (stable-fixes). - ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (git-fixes). - ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros (stable-fixes). - ALSA: usb-audio: Fix size validation in convert_chmap_v3() (git-fixes). - ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation (git-fixes). - ALSA: usb-audio: Validate UAC3 cluster segment descriptors (git-fixes). - ALSA: usb-audio: Validate UAC3 power domain descriptors, too (git-fixes). - ASoC: Intel: avs: Fix uninitialized pointer error in probe() (stable-fixes). - ASoC: Intel: fix SND_SOC_SOF dependencies (stable-fixes). - ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx (stable-fixes). - ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx (stable-fixes). - ASoC: amd: yc: add DMI quirk for ASUS M6501RM (stable-fixes). - ASoC: codecs: rt5640: Retry DEVICE_ID verification (stable-fixes). - ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (stable-fixes). - ASoC: hdac_hdmi: Rate limit logging on connection and disconnection (stable-fixes). - ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed (stable-fixes). - Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer TX10UB Nano (stable-fixes). - Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() (git-fixes). - Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced (git-fixes). - Bluetooth: hci_event: Mark connection as closed during suspend disconnect (git-fixes). - Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success (git-fixes). - Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established (git-fixes). - Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() (stable-fixes). - Bluetooth: hci_sync: fix set_local_name race condition (git-fixes). - HID: asus: fix UAF via HID_CLAIMED_INPUT validation (git-fixes). - HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (git-fixes). - PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes). - PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge (git-fixes). - PCI: Add ACS quirk for Loongson PCIe (git-fixes). - PCI: Support Immediate Readiness on devices without PM capabilities (git-fixes). - PCI: apple: Fix missing OF node reference in apple_pcie_setup_port (git-fixes). - PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features (git-fixes). - PCI: imx6: Delay link start until configfs 'start' written (git-fixes). - PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset (git-fixes). - PCI: pnv_php: Clean up allocated IRQs on unplug (bsc#1215199). - PCI: pnv_php: Work around switches with broken presence detection (bsc#1215199). - PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining (git-fixes). - PCI: rockchip: Use standard PCIe definitions (git-fixes). - PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() (stable-fixes). - PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() (stable-fixes). - PM: sleep: console: Fix the black screen issue (stable-fixes). - RAS/AMD/ATL: Include row bit in row retirement (bsc#1242034). - RAS/AMD/FMPM: Get masked address (bsc#1242034). - RAS/AMD/FMPM: Use atl internal.h for INVALID_SPA (bsc#1242034). - RDMA/bnxt_re: Fix a possible memory leak in the driver (git-fixes) - RDMA/bnxt_re: Fix to do SRQ armena by default (git-fixes) - RDMA/bnxt_re: Fix to initialize the PBL array (git-fixes) - RDMA/bnxt_re: Fix to remove workload check in SRQ limit path (git-fixes) - RDMA/core: reduce stack using in nldev_stat_get_doit() (git-fixes) - RDMA/erdma: Fix ignored return value of init_kernel_qp (git-fixes) - RDMA/hns: Fix dip entries leak on devices newer than hip09 (git-fixes) - RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (git-fixes) - Revert 'gpio: mlxbf3: only get IRQ for device instance 0' (git-fixes). - USB: serial: option: add Foxconn T99W709 (stable-fixes). - USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera (stable-fixes). - USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles (stable-fixes). - aoe: defer rexmit timer downdev work to workqueue (git-fixes). - arch/powerpc: Remove .interp section in vmlinux (bsc#1215199). - arm64/cpufeatures/kvm: Add ARMv8.9 FEAT_ECBHB bits in ID_AA64MMFR1 (git-fixes) - arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() (git-fixes) - arm64/mm: Check PUD_TYPE_TABLE in pud_bad() (git-fixes) - arm64: Add support for HIP09 Spectre-BHB mitigation (git-fixes) - arm64: Filter out SME hwcaps when FEAT_SME isn't implemented (git-fixes) - arm64: Restrict pagetable teardown to avoid false warning (git-fixes) - arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename (git-fixes) - arm64: dts: freescale: imx8mm-verdin: Keep LDO5 always on (git-fixes) - arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-beacon: Fix RTC capacitive load (git-fixes) - arm64: dts: imx8mm-venice-gw700x: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7901: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7903: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7904: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mn-beacon: Fix HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mn-beacon: Fix RTC capacitive load (git-fixes) - arm64: dts: imx8mn-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mp-beacon: Fix RTC capacitive load (git-fixes) - arm64: dts: rockchip: Update eMMC for NanoPi R5 series (git-fixes) - arm64: dts: rockchip: fix endpoint dtc warning for PX30 ISP (git-fixes) - arm64: tegra: Drop remaining serial clock-names and reset-names (git-fixes) - arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator (git-fixes) - arm64: zynqmp: add clock-output-names property in clock nodes (git-fixes) - ata: libata-scsi: Fix CDL control (git-fixes). - block: fix kobject leak in blk_unregister_queue (git-fixes). - block: mtip32xx: Fix usage of dma_map_sg() (git-fixes). - bpf: fix kfunc btf caching for modules (git-fixes). - bpf: use kvzmalloc to allocate BPF verifier environment (git-fixes). - btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling (git-fixes). - btrfs: correctly escape subvol in btrfs_show_options() (git-fixes). - btrfs: fix adding block group to a reclaim list and the unused list during reclaim (git-fixes). - btrfs: fix bitmap leak when loading free space cache on duplicate entry (git-fixes). - btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() (git-fixes). - btrfs: fix the length of reserved qgroup to free (bsc#1240708) - btrfs: retry block group reclaim without infinite loop (git-fixes). - btrfs: return accurate error code on open failure in open_fs_devices() (bsc#1233120) - btrfs: run delayed iputs when flushing delalloc (git-fixes). - btrfs: update target inode's ctime on unlink (git-fixes). - cdx: Fix off-by-one error in cdx_rpmsg_probe() (git-fixes). - char: misc: Fix improper and inaccurate error code returned by misc_init() (stable-fixes). - comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() (git-fixes). - comedi: Make insn_rw_emulate_bits() do insn->n samples (git-fixes). - comedi: fix race between polling and detaching (git-fixes). - comedi: pcl726: Prevent invalid irq number (git-fixes). - crypto: hisilicon/hpre - fix dma unmap sequence (stable-fixes). - crypto: jitter - fix intermediary handling (stable-fixes). - crypto: octeontx2 - add timeout for load_fvc completion poll (stable-fixes). - crypto: qat - lower priority for skcipher and aead algorithms (stable-fixes). - drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() (git-fixes). - drm/amd/display: Add primary plane to commits for correct VRR handling (stable-fixes). - drm/amd/display: Adjust DCE 8-10 clock, do not overclock by 15% (git-fixes). - drm/amd/display: Avoid a NULL pointer dereference (stable-fixes). - drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported (stable-fixes). - drm/amd/display: Avoid trying AUX transactions on disconnected ports (stable-fixes). - drm/amd/display: Do not overclock DCE 6 by 15% (git-fixes). - drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs (stable-fixes). - drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs (stable-fixes). - drm/amd/display: Fix 'failed to blank crtc!' (stable-fixes). - drm/amd/display: Fix DP audio DTO1 clock source on DCE 6 (stable-fixes). - drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 (git-fixes). - drm/amd/display: Only finalize atomic_obj if it was initialized (stable-fixes). - drm/amd/display: Separate set_gsl from set_gsl_source_select (stable-fixes). - drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual (stable-fixes). - drm/amd: Restore cached power limit during resume (stable-fixes). - drm/amdgpu: Avoid extra evict-restore process (stable-fixes). - drm/amdgpu: fix incorrect vm flags to map bo (git-fixes). - drm/amdgpu: fix task hang from failed job submission during process kill (git-fixes). - drm/amdgpu: update mmhub 3.0.1 client id mappings (stable-fixes). - drm/amdkfd: Destroy KFD debugfs after destroy KFD wq (stable-fixes). - drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS (stable-fixes). - drm/hisilicon/hibmc: fix the hibmc loaded failed bug (git-fixes). - drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv (git-fixes). - drm/msm/kms: move snapshot init earlier in KMS init (git-fixes). - drm/msm: Defer fd_install in SUBMIT ioctl (git-fixes). - drm/msm: use trylock for debugfs (stable-fixes). - drm/nouveau/disp: Always accept linear modifier (git-fixes). - drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor() (git-fixes). - drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 (git-fixes). - drm/nouveau: fix typos in comments (git-fixes). - drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr (git-fixes). - drm/nouveau: remove unused memory target test (git-fixes). - drm/ttm: Respect the shrinker core free target (stable-fixes). - drm/ttm: Should to return the evict error (stable-fixes). - et131x: Add missing check after DMA map (stable-fixes). - exfat: add cluster chain loop check for dir (git-fixes). - fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (stable-fixes). - fbdev: fix potential buffer overflow in do_register_framebuffer() (stable-fixes). - fs/mnt_idmapping.c: Return -EINVAL when no map is written (bsc#1233120) - fs/orangefs: use snprintf() instead of sprintf() (git-fixes). - gpio: mlxbf3: use platform_get_irq_optional() (git-fixes). - gpio: tps65912: check the return value of regmap_update_bits() (stable-fixes). - gpio: wcd934x: check the return value of regmap_update_bits() (stable-fixes). - hfs: fix not erasing deleted b-tree node issue (git-fixes). - hfs: fix slab-out-of-bounds in hfs_bnode_read() (git-fixes). - hfsplus: do not use BUG_ON() in hfsplus_create_attributes_file() (git-fixes). - hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() (git-fixes). - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes). - hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state (stable-fixes). - i2c: Force DLL0945 touchpad i2c freq to 100khz (stable-fixes). - i3c: do not fail if GETHDRCAP is unsupported (stable-fixes). - i3c: master: Initialize ret in i3c_i2c_notifier_call() (stable-fixes). - ice, irdma: fix an off by one in error handling code (bsc#1247712). - ice, irdma: move interrupts code to irdma (bsc#1247712). - ice: Fix signedness bug in ice_init_interrupt_scheme() (bsc#1247712). - ice: count combined queues using Rx/Tx count (bsc#1247712). - ice: devlink PF MSI-X max and min parameter (bsc#1247712). - ice: enable_rdma devlink param (bsc#1247712). - ice: get rid of num_lan_msix field (bsc#1247712). - ice: init flow director before RDMA (bsc#1247712). - ice: remove splitting MSI-X between features (bsc#1247712). - ice: simplify VF MSI-X managing (bsc#1247712). - ice: treat dyn_allowed only as suggestion (bsc#1247712). - iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement (stable-fixes). - iio: adc: ad_sigma_delta: do not overallocate scan buffer (stable-fixes). - iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 (stable-fixes). - iio: imu: inv_icm42600: use = { } instead of memset() (stable-fixes). - iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() (git-fixes). - iio: proximity: isl29501: fix buffered read on big-endian systems (git-fixes). - integrity/platform_certs: Allow loading of keys in the static key management mode (jsc#PED-13345 jsc#PED-13343). - iosys-map: Fix undefined behavior in iosys_map_clear() (git-fixes). - ipmi: Fix strcpy source and destination the same (stable-fixes). - ipmi: Use dev_warn_ratelimited() for incorrect message warnings (stable-fixes). - irdma: free iwdev->rf after removing MSI-X (bsc#1247712). - jfs: Regular file corruption check (git-fixes). - jfs: truncate good inode pages when hard link is 0 (git-fixes). - jfs: upper bound check of tree index in dbAllocAG (git-fixes). - kABI: PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes). - kselftest/arm64: Fix check for setting new VLs in sve-ptrace (git-fixes). - leds: leds-lp50xx: Handle reg to get correct multi_index (stable-fixes). - loop: use kiocb helpers to fix lockdep warning (git-fixes). - mISDN: hfcpci: Fix warning when deleting uninitialized timer (git-fixes). - md/md-cluster: handle REMOVE message earlier (bsc#1247057). - md/raid1,raid10: strip REQ_NOWAIT from member bios (git-fixes). - md: allow removing faulty rdev during resync (git-fixes). - md: make rdev_addable usable for rcu mode (git-fixes). - media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (stable-fixes). - media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (stable-fixes). - media: tc358743: Check I2C succeeded during probe (stable-fixes). - media: tc358743: Increase FIFO trigger level to 374 (stable-fixes). - media: tc358743: Return an appropriate colorspace from tc358743_set_fmt (stable-fixes). - media: usb: hdpvr: disable zero-length read messages (stable-fixes). - media: uvcvideo: Fix bandwidth issue for Alcor camera (stable-fixes). - media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control (stable-fixes). - mei: bus: Check for still connected devices in mei_cl_bus_dev_release() (stable-fixes). - memstick: Fix deadlock by moving removing flag earlier (git-fixes). - mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() (git-fixes) - mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() (stable-fixes). - mmc: sdhci-msm: Ensure SD card power isn't ON when card removed (stable-fixes). - mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency (git-fixes). - most: core: Drop device reference after usage in get_channel() (git-fixes). - mptcp: fallback when MPTCP opts are dropped after 1st data (git-fixes). - mptcp: reset when MPTCP opts are dropped after join (git-fixes). - net: phy: micrel: Add ksz9131_resume() (stable-fixes). - net: phy: smsc: add proper reset flags for LAN8710A (stable-fixes). - net: thunderbolt: Enable end-to-end flow control also in transmit (stable-fixes). - net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() (stable-fixes). - net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization (git-fixes). - net: usb: asix_devices: add phy_mask for ax88772 mdio bus (git-fixes). - pNFS: Fix disk addr range check in block/scsi layout (git-fixes). - pNFS: Fix stripe mapping in block/scsi layout (git-fixes). - pNFS: Fix uninited ptr deref in block/scsi layout (git-fixes). - pNFS: Handle RPC size limit for layoutcommits (git-fixes). - phy: mscc: Fix parsing of unicast frames (git-fixes). - phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal (stable-fixes). - pinctrl: STMFX: add missing HAS_IOMEM dependency (git-fixes). - pinctrl: stm32: Manage irq affinity settings (stable-fixes). - platform/chrome: cros_ec_typec: Defer probe on missing EC parent (stable-fixes). - platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list (stable-fixes). - pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() (stable-fixes). - power: supply: qcom_battmgr: Add lithium-polymer entry (stable-fixes). - powerpc/eeh: Export eeh_unfreeze_pe() (bsc#1215199). - powerpc/eeh: Make EEH driver device hotplug safe (bsc#1215199). - powerpc/eeh: Rely on dev->link_active_reporting (bsc#1215199). - powerpc/kernel: Fix ppc_save_regs inclusion in build (bsc#1215199). - powerpc/pseries: Correct secvar format representation for static key management (jsc#PED-13345 jsc#PED-13343). - powerpc/secvar: Expose secvars relevant to the key management mode (jsc#PED-13345 jsc#PED-13343). - powerpc: do not build ppc_save_regs.o always (bsc#1215199). - pwm: mediatek: Fix duty and period setting (git-fixes). - pwm: mediatek: Handle hardware enable and clock enable separately (stable-fixes). - reset: brcmstb: Enable reset drivers for ARCH_BCM2835 (stable-fixes). - rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 (stable-fixes). - rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe (stable-fixes). - samples/bpf: Fix compilation errors with cf-protection option (git-fixes). - Revert 'scsi: iscsi: Fix HW conn removal use after free' (git-fixes). - scsi: core: Fix kernel doc for scsi_track_queue_full() (git-fixes). - scsi: elx: efct: Fix dma_unmap_sg() nents value (git-fixes). - scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value (git-fixes). - scsi: isci: Fix dma_unmap_sg() nents value (git-fixes). - scsi: mpi3mr: Fix kernel-doc issues in mpi3mr_app.c (git-fixes). - scsi: mpi3mr: Fix race between config read submit and interrupt completion (git-fixes). - scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems (git-fixes). - scsi: mpt3sas: Fix a fw_event memory leak (git-fixes). - scsi: mvsas: Fix dma_unmap_sg() nents value (git-fixes). - scsi: sd: Make sd shutdown issue START STOP UNIT appropriately (git-fixes). - selftests/bpf: fexit_sleep: Fix stack allocation for arm64 (git-fixes). - selftests/tracing: Fix false failure of subsystem event test (git-fixes). - selftests: Fix errno checking in syscall_user_dispatch test (git-fixes). - selftests: rtnetlink.sh: remove esp4_offload after test (git-fixes). - serial: 8250: fix panic due to PSLVERR (git-fixes). - slab: Decouple slab_debug and no_hash_pointers (bsc#1249022). - smb: client: fix parsing of device numbers (git-fixes). - soc/tegra: pmc: Ensure power-domains are in a known state (git-fixes). - soundwire: amd: serialize amd manager resume sequence during pm_prepare (stable-fixes). - squashfs: fix memory leak in squashfs_fill_super (git-fixes). - sunrpc: fix handling of server side tls alerts (git-fixes). - sunvdc: Balance device refcount in vdc_port_mpgroup_check (git-fixes). - thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required (stable-fixes). - thermal: sysfs: Return ENODATA instead of EAGAIN for reads (stable-fixes). - ublk: sanity check add_dev input for underflow (git-fixes). - ublk: use vmalloc for ublk_device's __queues (git-fixes). - usb: core: config: Prevent OOB read in SS endpoint companion parsing (stable-fixes). - usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test (git-fixes). - usb: core: usb_submit_urb: downgrade type check (stable-fixes). - usb: dwc3: Ignore late xferNotReady event to prevent halt timeout (git-fixes). - usb: dwc3: Remove WARN_ON for device endpoint command timeouts (stable-fixes). - usb: dwc3: core: Fix system suspend on TI AM62 platforms (git-fixes). - usb: dwc3: fix fault at system suspend if device was already runtime suspended (git-fixes). - usb: dwc3: pci: add support for the Intel Wildcat Lake (stable-fixes). - usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive (stable-fixes). - usb: renesas-xhci: Fix External ROM access timeouts (git-fixes). - usb: storage: realtek_cr: Use correct byte order for bcs->Residue (git-fixes). - usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present (stable-fixes). - usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default (stable-fixes). - usb: xhci: Avoid showing errors during surprise removal (stable-fixes). - usb: xhci: Avoid showing warnings for dying controller (stable-fixes). - usb: xhci: Fix slot_id resource race conflict (git-fixes). - usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command (stable-fixes). - usb: xhci: print xhci->xhc_state when queue_command failed (stable-fixes). - vfs: Add a sysctl for automated deletion of dentry (bsc#1240890). - watchdog: dw_wdt: Fix default timeout (stable-fixes). - watchdog: iTCO_wdt: Report error if timeout configuration fails (stable-fixes). - watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition (stable-fixes). - wifi: ath12k: Add memset and update default rate value in wmi tx completion (stable-fixes). - wifi: ath12k: Correct tid cleanup when tid setup fails (stable-fixes). - wifi: ath12k: Decrement TID on RX peer frag setup error handling (stable-fixes). - wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 (stable-fixes). - wifi: cfg80211: Fix interface type validation (stable-fixes). - wifi: cfg80211: reject HTC bit for management frames (stable-fixes). - wifi: iwlegacy: Check rate_idx range after addition (stable-fixes). - wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() (stable-fixes). - wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect (stable-fixes). - wifi: iwlwifi: mvm: fix scan request validation (stable-fixes). - wifi: iwlwifi: mvm: set gtk id also in older FWs (stable-fixes). - wifi: mac80211: do not complete management TX on SAE commit (stable-fixes). - wifi: mac80211: fix rx link assignment for non-MLO stations (stable-fixes). - wifi: mac80211: update radar_required in channel context after channel switch (stable-fixes). - wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch (stable-fixes). - wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() (stable-fixes). - wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()` (stable-fixes). - wifi: rtw89: Disable deep power saving for USB/SDIO (stable-fixes). - wifi: rtw89: Fix rtw89_mac_power_switch() for USB (stable-fixes). - wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB (stable-fixes). Important SUSE bug 1012628 SUSE bug 1213545 SUSE bug 1215199 SUSE bug 1221858 SUSE bug 1222323 SUSE bug 1230557 SUSE bug 1230708 SUSE bug 1232089 SUSE bug 1233120 SUSE bug 1234156 SUSE bug 1240708 SUSE bug 1240890 SUSE bug 1241353 SUSE bug 1242034 SUSE bug 1242754 SUSE bug 1242960 SUSE bug 1244734 SUSE bug 1244930 SUSE bug 1245663 SUSE bug 1245710 SUSE bug 1245767 SUSE bug 1245780 SUSE bug 1245815 SUSE bug 1245956 SUSE bug 1245973 SUSE bug 1245977 SUSE bug 1246005 SUSE bug 1246012 SUSE bug 1246181 SUSE bug 1246193 SUSE bug 1247057 SUSE bug 1247078 SUSE bug 1247112 SUSE bug 1247116 SUSE bug 1247119 SUSE bug 1247155 SUSE bug 1247162 SUSE bug 1247167 SUSE bug 1247229 SUSE bug 1247243 SUSE bug 1247280 SUSE bug 1247313 SUSE bug 1247712 SUSE bug 1247976 SUSE bug 1248088 SUSE bug 1248108 SUSE bug 1248164 SUSE bug 1248166 SUSE bug 1248178 SUSE bug 1248179 SUSE bug 1248180 SUSE bug 1248183 SUSE bug 1248186 SUSE bug 1248194 SUSE bug 1248196 SUSE bug 1248198 SUSE bug 1248205 SUSE bug 1248206 SUSE bug 1248208 SUSE bug 1248209 SUSE bug 1248212 SUSE bug 1248213 SUSE bug 1248214 SUSE bug 1248216 SUSE bug 1248217 SUSE bug 1248223 SUSE bug 1248227 SUSE bug 1248228 SUSE bug 1248229 SUSE bug 1248240 SUSE bug 1248255 SUSE bug 1248297 SUSE bug 1248306 SUSE bug 1248312 SUSE bug 1248333 SUSE bug 1248337 SUSE bug 1248338 SUSE bug 1248340 SUSE bug 1248341 SUSE bug 1248345 SUSE bug 1248349 SUSE bug 1248350 SUSE bug 1248354 SUSE bug 1248355 SUSE bug 1248361 SUSE bug 1248363 SUSE bug 1248368 SUSE bug 1248374 SUSE bug 1248377 SUSE bug 1248386 SUSE bug 1248390 SUSE bug 1248395 SUSE bug 1248399 SUSE bug 1248401 SUSE bug 1248511 SUSE bug 1248573 SUSE bug 1248575 SUSE bug 1248577 SUSE bug 1248609 SUSE bug 1248614 SUSE bug 1248617 SUSE bug 1248621 SUSE bug 1248636 SUSE bug 1248643 SUSE bug 1248648 SUSE bug 1248652 SUSE bug 1248655 SUSE bug 1248666 SUSE bug 1248669 SUSE bug 1248746 SUSE bug 1248748 SUSE bug 1249022 SUSE bug 1249346 CVE-2023-3867 at SUSE CVE-2023-3867 at NVD CVE-2023-4130 at SUSE CVE-2023-4130 at NVD CVE-2023-4515 at SUSE CVE-2023-4515 at NVD CVE-2024-26661 at SUSE CVE-2024-26661 at NVD CVE-2024-46733 at SUSE CVE-2024-46733 at NVD CVE-2024-49996 at SUSE CVE-2024-49996 at NVD CVE-2024-53125 at SUSE CVE-2024-53125 at NVD CVE-2024-58238 at SUSE CVE-2024-58238 at NVD CVE-2024-58239 at SUSE CVE-2024-58239 at NVD CVE-2025-37885 at SUSE CVE-2025-37885 at NVD CVE-2025-38006 at SUSE CVE-2025-38006 at NVD CVE-2025-38075 at SUSE CVE-2025-38075 at NVD CVE-2025-38103 at SUSE CVE-2025-38103 at NVD CVE-2025-38125 at SUSE CVE-2025-38125 at NVD CVE-2025-38146 at SUSE CVE-2025-38146 at NVD CVE-2025-38160 at SUSE CVE-2025-38160 at NVD CVE-2025-38184 at SUSE CVE-2025-38184 at NVD CVE-2025-38185 at SUSE CVE-2025-38185 at NVD CVE-2025-38190 at SUSE CVE-2025-38190 at NVD CVE-2025-38201 at SUSE CVE-2025-38201 at NVD CVE-2025-38205 at SUSE CVE-2025-38205 at NVD CVE-2025-38208 at SUSE CVE-2025-38208 at NVD CVE-2025-38245 at SUSE CVE-2025-38245 at NVD CVE-2025-38251 at SUSE CVE-2025-38251 at NVD CVE-2025-38360 at SUSE CVE-2025-38360 at NVD CVE-2025-38439 at SUSE CVE-2025-38439 at NVD CVE-2025-38441 at SUSE CVE-2025-38441 at NVD CVE-2025-38444 at SUSE CVE-2025-38444 at NVD CVE-2025-38445 at SUSE CVE-2025-38445 at NVD CVE-2025-38458 at SUSE CVE-2025-38458 at NVD CVE-2025-38459 at SUSE CVE-2025-38459 at NVD CVE-2025-38464 at SUSE CVE-2025-38464 at NVD CVE-2025-38472 at SUSE CVE-2025-38472 at NVD CVE-2025-38490 at SUSE CVE-2025-38490 at NVD CVE-2025-38491 at SUSE CVE-2025-38491 at NVD CVE-2025-38499 at SUSE CVE-2025-38499 at NVD CVE-2025-38500 at SUSE CVE-2025-38500 at NVD CVE-2025-38503 at SUSE CVE-2025-38503 at NVD CVE-2025-38506 at SUSE CVE-2025-38506 at NVD CVE-2025-38510 at SUSE CVE-2025-38510 at NVD CVE-2025-38512 at SUSE CVE-2025-38512 at NVD CVE-2025-38513 at SUSE CVE-2025-38513 at NVD CVE-2025-38515 at SUSE CVE-2025-38515 at NVD CVE-2025-38516 at SUSE CVE-2025-38516 at NVD CVE-2025-38520 at SUSE CVE-2025-38520 at NVD CVE-2025-38524 at SUSE CVE-2025-38524 at NVD CVE-2025-38528 at SUSE CVE-2025-38528 at NVD CVE-2025-38529 at SUSE CVE-2025-38529 at NVD CVE-2025-38530 at SUSE CVE-2025-38530 at NVD CVE-2025-38531 at SUSE CVE-2025-38531 at NVD CVE-2025-38535 at SUSE CVE-2025-38535 at NVD CVE-2025-38537 at SUSE CVE-2025-38537 at NVD CVE-2025-38538 at SUSE CVE-2025-38538 at NVD CVE-2025-38540 at SUSE CVE-2025-38540 at NVD CVE-2025-38541 at SUSE CVE-2025-38541 at NVD CVE-2025-38543 at SUSE CVE-2025-38543 at NVD CVE-2025-38546 at SUSE CVE-2025-38546 at NVD CVE-2025-38548 at SUSE CVE-2025-38548 at NVD CVE-2025-38550 at SUSE CVE-2025-38550 at NVD CVE-2025-38553 at SUSE CVE-2025-38553 at NVD CVE-2025-38555 at SUSE CVE-2025-38555 at NVD CVE-2025-38560 at SUSE CVE-2025-38560 at NVD CVE-2025-38563 at SUSE CVE-2025-38563 at NVD CVE-2025-38565 at SUSE CVE-2025-38565 at NVD CVE-2025-38566 at SUSE CVE-2025-38566 at NVD CVE-2025-38568 at SUSE CVE-2025-38568 at NVD CVE-2025-38571 at SUSE CVE-2025-38571 at NVD CVE-2025-38572 at SUSE CVE-2025-38572 at NVD CVE-2025-38576 at SUSE CVE-2025-38576 at NVD CVE-2025-38581 at SUSE CVE-2025-38581 at NVD CVE-2025-38582 at SUSE CVE-2025-38582 at NVD CVE-2025-38583 at SUSE CVE-2025-38583 at NVD CVE-2025-38585 at SUSE CVE-2025-38585 at NVD CVE-2025-38587 at SUSE CVE-2025-38587 at NVD CVE-2025-38588 at SUSE CVE-2025-38588 at NVD CVE-2025-38591 at SUSE CVE-2025-38591 at NVD CVE-2025-38601 at SUSE CVE-2025-38601 at NVD CVE-2025-38602 at SUSE CVE-2025-38602 at NVD CVE-2025-38604 at SUSE CVE-2025-38604 at NVD CVE-2025-38608 at SUSE CVE-2025-38608 at NVD CVE-2025-38609 at SUSE CVE-2025-38609 at NVD CVE-2025-38610 at SUSE CVE-2025-38610 at NVD CVE-2025-38612 at SUSE CVE-2025-38612 at NVD CVE-2025-38617 at SUSE CVE-2025-38617 at NVD CVE-2025-38618 at SUSE CVE-2025-38618 at NVD CVE-2025-38621 at SUSE CVE-2025-38621 at NVD CVE-2025-38624 at SUSE CVE-2025-38624 at NVD CVE-2025-38630 at SUSE CVE-2025-38630 at NVD CVE-2025-38632 at SUSE CVE-2025-38632 at NVD CVE-2025-38634 at SUSE CVE-2025-38634 at NVD CVE-2025-38635 at SUSE CVE-2025-38635 at NVD CVE-2025-38644 at SUSE CVE-2025-38644 at NVD CVE-2025-38646 at SUSE CVE-2025-38646 at NVD CVE-2025-38650 at SUSE CVE-2025-38650 at NVD CVE-2025-38656 at SUSE CVE-2025-38656 at NVD CVE-2025-38663 at SUSE CVE-2025-38663 at NVD CVE-2025-38665 at SUSE CVE-2025-38665 at NVD CVE-2025-38670 at SUSE CVE-2025-38670 at NVD CVE-2025-38671 at SUSE CVE-2025-38671 at NVD cpe:/o:opensuse:leap:15.6 Security update for sevctl (Moderate) openSUSE Leap 15.6 This update for sevctl fixes the following issues: - CVE-2024-12224: idna: Fixed improper validation of unsafe equivalence in punycode. (bsc#1243860) - CVE-2025-3416: openssl: Fixed use-after-free in Md::fetch and Cipher::fetch (bsc#1242618) Moderate SUSE bug 1242618 SUSE bug 1243860 CVE-2024-12224 at SUSE CVE-2024-12224 at NVD CVE-2025-3416 at SUSE CVE-2025-3416 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaThunderbird (Important) openSUSE Leap 15.6 This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 140.3 (bsc#1249391). Security issues fixed: - MFSA 2025-78 * CVE-2025-10527: sandbox escape due to use-after-free in the Graphics: Canvas2D component. * CVE-2025-10528: sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. * CVE-2025-10529: same-origin policy bypass in the Layout component. * CVE-2025-10532: incorrect boundary conditions in the JavaScript: GC component. * CVE-2025-10533: integer overflow in the SVG component. * CVE-2025-10536: information disclosure in the Networking: Cache component. * CVE-2025-10537: memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Other issues fixed: - Right-clicking 'List-ID' -> 'Unsubscribe' created double encoded draft subject. - Thunderbird could crash on startup. - Thunderbird could crash when importing mail. - Opening Website header link in RSS feed incorrectly re-encoded URL parameters. Important SUSE bug 1249391 CVE-2025-10527 at SUSE CVE-2025-10527 at NVD CVE-2025-10528 at SUSE CVE-2025-10528 at NVD CVE-2025-10529 at SUSE CVE-2025-10529 at NVD CVE-2025-10532 at SUSE CVE-2025-10532 at NVD CVE-2025-10533 at SUSE CVE-2025-10533 at NVD CVE-2025-10536 at SUSE CVE-2025-10536 at NVD CVE-2025-10537 at SUSE CVE-2025-10537 at NVD cpe:/o:opensuse:leap:15.6 Security update for avahi (Moderate) openSUSE Leap 15.6 This update for avahi fixes the following issues: - CVE-2024-52615: wide-area DNS uses constant source port for queries and can expose the Avahi-daemon to DNS spoofing attacks (bsc#1233421). Moderate SUSE bug 1233421 CVE-2024-52615 at SUSE CVE-2024-52615 at NVD cpe:/o:opensuse:leap:15.6 Security update for tiff (Moderate) openSUSE Leap 15.6 This update for tiff fixes the following issues: - CVE-2025-9165: local execution manipulation leading to memory leak (bsc#1248330). - CVE-2024-13978: null pointer dereference in component fax2ps (bsc#1247581) - CVE-2025-8534: null pointer dereference in function PS_Lvl2page (bsc#1247582). - CVE-2025-8961: segmentation fault via main function of tiffcrop utility (bsc#1248117). Moderate SUSE bug 1247581 SUSE bug 1247582 SUSE bug 1248117 SUSE bug 1248330 CVE-2024-13978 at SUSE CVE-2024-13978 at NVD CVE-2025-8534 at SUSE CVE-2025-8534 at NVD CVE-2025-8961 at SUSE CVE-2025-8961 at NVD CVE-2025-9165 at SUSE CVE-2025-9165 at NVD cpe:/o:opensuse:leap:15.6 Security update for openjpeg2 (Low) openSUSE Leap 15.6 This update for openjpeg2 fixes the following issues: - CVE-2018-18088: Fixed a null pointer dereferencei in imagetopnm function. (bsc#1111638). Low SUSE bug 1111638 CVE-2018-18088 at SUSE CVE-2018-18088 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-pycares (Moderate) openSUSE Leap 15.6 This update for python-pycares fixes the following issues: Update to version 4.10.0 (jsc#PED-13442): - CVE-2025-48945: Fixed use-after-free vulnerability may have led to a crash (bsc#1244691). Moderate SUSE bug 1244691 CVE-2025-48945 at SUSE CVE-2025-48945 at NVD cpe:/o:opensuse:leap:15.6 Security update for xrdp (Important) openSUSE Leap 15.6 This update for xrdp fixes the following issues: - CVE-2024-39917: Enforce no login screen if require_credentials is set (bsc#1227769) Important SUSE bug 1227769 CVE-2024-39917 at SUSE CVE-2024-39917 at NVD cpe:/o:opensuse:leap:15.6 Security update for libssh (Moderate) openSUSE Leap 15.6 This update for libssh fixes the following issues: - CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is repeated with incorrect guesses (bsc#1249375). - CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID (bsc#1246974). Moderate SUSE bug 1246974 SUSE bug 1249375 CVE-2025-8114 at SUSE CVE-2025-8114 at NVD CVE-2025-8277 at SUSE CVE-2025-8277 at NVD cpe:/o:opensuse:leap:15.6 Security update for luajit (Low) openSUSE Leap 15.6 This update for luajit fixes the following issues: - CVE-2024-25176: Fixed stack-buffer-overflow in lj_strfmt_wfnum in lj_strfmt_num.c (bsc#1246077) - CVE-2024-25177: Fixed unsinking of IR_FSTORE for NULL metatable (bsc#1246078) - CVE-2024-25178: Fixed out-of-bounds read in the stack-overflow handler in lj_state.c (bsc#1246079) Low SUSE bug 1246077 SUSE bug 1246078 SUSE bug 1246079 CVE-2024-25176 at SUSE CVE-2024-25176 at NVD CVE-2024-25177 at SUSE CVE-2024-25177 at NVD CVE-2024-25178 at SUSE CVE-2024-25178 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-11-openjdk (Moderate) openSUSE Leap 15.6 This update for java-11-openjdk fixes the following issues: Upgrade to upstream tag jdk-11.0.26+4 (January 2025 CPU) Security fixes: - CVE-2025-21502: Enhance array handling (JDK-8330045, bsc#1236278) Other changes: - JDK-8224624: Inefficiencies in CodeStrings::add_comment cause - timeouts - JDK-8225045: javax/swing/JInternalFrame/8146321//JInternalFrameIconTest.java fails on linux-x64 - JDK-8232367: Update Reactive Streams to 1.0.3 -- tests only - JDK-8247706: Unintentional use of new Date(year...) with absolute year - JDK-8299254: Support dealing with standard assert macro - JDK-8303920: Avoid calling out to python in DataDescriptorSignatureMissing test - JDK-8315936: Parallelize gc/stress/TestStressG1Humongous.java test - JDK-8316193: jdk/jfr/event/oldobject/TestListenerLeak.java java.lang.Exception: Could not find leak - JDK-8328300: Convert PrintDialogsTest.java from Applet to main program - JDK-8328642: Convert applet test MouseDraggedOutCauseScrollingTest.html to main - JDK-8334332: TestIOException.java fails if run by root - JDK-8335428: Enhanced Building of Processes - JDK-8335801: [11u] Backport of 8210988 to 11u removes gcc warnings - JDK-8335912, JDK-8337499: Add an operation mode to the jar command when extracting to not overwriting existing files - JDK-8336564: Enhance mask blit functionality redux - JDK-8338402: GHA: some of bundles may not get removed - JDK-8339082: Bump update version for OpenJDK: jdk-11.0.26 - JDK-8339180: Enhanced Building of Processes: Follow-on Issue - JDK-8339470: [17u] More defensive fix for 8163921 - JDK-8339637: (tz) Update Timezone Data to 2024b - JDK-8339644: Improve parsing of Day/Month in tzdata rules - JDK-8339803: Acknowledge case insensitive unambiguous keywords in tzdata files - JDK-8340552: Harden TzdbZoneRulesCompiler against missing zone names - JDK-8340671: GHA: Bump macOS and Xcode versions to macos-12 and XCode 13.4.1 - JDK-8340815: Add SECURITY.md file - JDK-8342426: [11u] javax/naming/module/RunBasic.java javac compile fails - JDK-8342629: [11u] Properly message out that shenandoah is disabled - JDK-8347483: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.26 Moderate SUSE bug 1236278 CVE-2025-21502 at SUSE CVE-2025-21502 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-17-openjdk (Moderate) openSUSE Leap 15.6 This update for java-17-openjdk fixes the following issues: Update to upstream tag jdk-17.0.14+7 (January 2025 CPU): Security fixes: - CVE-2025-21502: Enhance array handling (JDK-8330045, bsc#1236278) Other changes: - JDK-7093691: Nimbus LAF: disabled JComboBox using renderer has bad font color - JDK-8028127: Regtest java/security/Security/SynchronizedAccess.java is incorrect - JDK-8071693: Introspector ignores default interface methods - JDK-8195675: Call to insertText with single character from custom Input Method ignored - JDK-8202926: Test java/awt/Focus/WindowUpdateFocusabilityTest/WindowUpdateFocusabilityTest.html fails - JDK-8207908: JMXStatusTest.java fails assertion intermittently - JDK-8225220: When the Tab Policy is checked,the scroll button direction displayed incorrectly. - JDK-8240343: JDI stopListening/stoplis001 'FAILED: listening is successfully stopped without starting listening' - JDK-8254759: [TEST_BUG] [macosx] javax/swing/JInternalFrame/4202966/IntFrameCoord.html fails - JDK-8258734: jdk/jfr/event/oldobject/TestClassLoaderLeak.java failed with 'RuntimeException: Could not find class leak' - JDK-8268364: jmethod clearing should be done during unloading - JDK-8269770: nsk tests should start IOPipe channel before launch debuggee - Debugee.prepareDebugee - JDK-8271003: hs_err improvement: handle CLASSPATH env setting longer than O_BUFLEN - JDK-8271456: Avoid looking up standard charsets in 'java.desktop' module - JDK-8271821: mark hotspot runtime/MinimalVM tests which ignore external VM flags - JDK-8271825: mark hotspot runtime/LoadClass tests which ignore external VM flags - JDK-8271836: runtime/ErrorHandling/ClassPathEnvVar.java fails with release VMs - JDK-8272746: ZipFile can't open big file (NegativeArraySizeException) - JDK-8273914: Indy string concat changes order of operations - JDK-8274170: Add hooks for custom makefiles to augment jtreg test execution - JDK-8274505: Too weak variable type leads to unnecessary cast in java.desktop - JDK-8276763: java/nio/channels/SocketChannel/AdaptorStreams.java fails with 'SocketTimeoutException: Read timed out' - JDK-8278527: java/util/concurrent/tck/JSR166TestCase.java fails nanoTime test - JDK-8280131: jcmd reports 'Module jdk.jfr not found.' when 'jdk.management.jfr' is missing - JDK-8281379: Assign package declarations to all jtreg test cases under gc - JDK-8282578: AIOOBE in javax.sound.sampled.Clip - JDK-8283214: [macos] Screen magnifier does not show the magnified text for JComboBox - JDK-8283222: improve diagnosability of runtime/8176717/TestInheritFD.java timeouts - JDK-8284291: sun/security/krb5/auto/Renew.java fails intermittently on Windows 11 - JDK-8284874: Add comment to ProcessHandle/OnExitTest to describe zombie problem - JDK-8286160: (fs) Files.exists returns unexpected results with C:\pagefile.sys because it's not readable - JDK-8287003: InputStreamReader::read() can return zero despite writing a char in the buffer - JDK-8288976: classfile parser 'wrong name' error message has the names the wrong way around - JDK-8289184: runtime/ClassUnload/DictionaryDependsTest.java failed with 'Test failed: should be unloaded' - JDK-8290023: Remove use of IgnoreUnrecognizedVMOptions in gc tests - JDK-8290269: gc/shenandoah/TestVerifyJCStress.java fails due to invalid tag: required after JDK-8290023 - JDK-8292309: Fix 'java/awt/PrintJob/ConstrainedPrintingTest/ConstrainedPrintingTest.java' test - JDK-8293061: Combine CDSOptions and AppCDSOptions test utility classes - JDK-8293877: Rewrite MineField test - JDK-8294193: Files.createDirectories throws FileAlreadyExistsException for a symbolic link whose target is an existing directory - JDK-8294726: Update URLs in minefield tests - JDK-8295239: Refactor java/util/Formatter/Basic script into a Java native test launcher - JDK-8295344: Harden runtime/StackGuardPages/TestStackGuardPages.java - JDK-8295859: Update Manual Test Groups - JDK-8296709: WARNING: JNI call made without checking exceptions - JDK-8296718: Refactor bootstrap Test Common Functionalities to test/lib/Utils - JDK-8296787: Unify debug printing format of X.509 cert serial numbers - JDK-8296972: [macos13] java/awt/Frame/MaximizedToIconified/MaximizedToIconified.java: getExtendedState() != 6 as expected. - JDK-8298513: vmTestbase/nsk/jdi/EventSet/suspendPolicy/suspendpolicy009/TestDescription.java fails with usage tracker - JDK-8300416: java.security.MessageDigestSpi clone can result in thread-unsafe clones - JDK-8301379: Verify TLS_ECDH_* cipher suites cannot be negotiated - JDK-8302225: SunJCE Provider doesn't validate key sizes when using 'constrained' transforms for AES/KW and AES/KWP - JDK-8303697: ProcessTools doesn't print last line of process output - JDK-8303705: Field sleeper.started should be volatile JdbLockTestTarg.java - JDK-8303742: CompletableFuture.orTimeout leaks if the future completes exceptionally - JDK-8304020: Speed up test/jdk/java/util/zip/ZipFile/TestTooManyEntries.java and clarify its purpose - JDK-8304557: java/util/concurrent/CompletableFuture/CompletableFutureOrTimeoutExceptionallyTest.java times out - JDK-8306015: Update sun.security.ssl TLS tests to use SSLContextTemplate or SSLEngineTemplate - JDK-8307297: Move some DnD tests to open - JDK-8307408: Some jdk/sun/tools/jhsdb tests don't pass test JVM args to the debuggee JVM - JDK-8309109: AArch64: [TESTBUG] compiler/intrinsics/sha/cli/TestUseSHA3IntrinsicsOptionOnSupportedCPU.java fails on Neoverse N2 and V1 - JDK-8309303: jdk/internal/misc/VM/RuntimeArguments test ignores jdk/internal/vm/options - JDK-8309532: java/lang/Class/getDeclaredField/FieldSetAccessibleTest should filter modules that depend on JVMCI - JDK-8310072: JComboBox/DisabledComboBoxFontTestAuto: Enabled and disabled ComboBox does not match in these LAFs: GTK- - JDK-8310731: Configure a javax.net.ssl.SNIMatcher for the HTTP/1.1 test servers in java/net/httpclient tests - JDK-8312111: open/test/jdk/java/awt/Robot/ModifierRobotKey/ModifierRobotKeyTest.java fails on ubuntu 23.04 - JDK-8313374: --enable-ccache's CCACHE_BASEDIR breaks builds - JDK-8313638: Add test for dump of resolved references - JDK-8313854: Some tests in serviceability area fail on localized Windows platform - JDK-8313878: Exclude two compiler/rtm/locking tests on ppc64le - JDK-8314333: Update com/sun/jdi/ProcessAttachTest.java to use ProcessTools.createTestJvm(..) - JDK-8314824: Fix serviceability/jvmti/8036666/GetObjectLockCount.java to use vm flags - JDK-8314829: serviceability/sa/jmap-hprof/JMapHProfLargeHeapTest.java ignores vm flags - JDK-8314831: NMT tests ignore vm flags - JDK-8315097: Rename createJavaProcessBuilder - JDK-8315406: [REDO] serviceability/jdwp/AllModulesCommandTest.java ignores VM flags - JDK-8315988: Parallel: Make TestAggressiveHeap use createTestJvm - JDK-8316410: GC: Make TestCompressedClassFlags use createTestJvm - JDK-8316446: 4 sun/management/jdp tests ignore VM flags - JDK-8316447: 8 sun/management/jmxremote tests ignore VM flags - JDK-8316464: 3 sun/tools tests ignore VM flags - JDK-8316562: serviceability/sa/jmap-hprof/JMapHProfLargeHeapTest.java times out after JDK-8314829 - JDK-8316581: Improve performance of Symbol::print_value_on() - JDK-8317042: G1: Make TestG1ConcMarkStepDurationMillis use createTestJvm - JDK-8317116: Provide layouts for multiple test UI in PassFailJFrame - JDK-8317188: G1: Make TestG1ConcRefinementThreads use createTestJvm - JDK-8317218: G1: Make TestG1HeapRegionSize use createTestJvm - JDK-8317347: Parallel: Make TestInitialTenuringThreshold use createTestJvm - JDK-8317738: CodeCacheFullCountTest failed with 'VirtualMachineError: Out of space in CodeCache for method handle intrinsic' - JDK-8318964: Fix build failures caused by 8315097 - JDK-8319574: Exec/process tests should be marked as flagless - JDK-8319640: ClassicFormat::parseObject (from DateTimeFormatter) does not conform to the javadoc and may leak DateTimeException - JDK-8319651: Several network tests ignore vm flags when start java process - JDK-8319817: Charset constructor should make defensive copy of aliases - JDK-8320586: update manual test/jdk/TEST.groups - JDK-8320665: update jdk_core at open/test/jdk/TEST.groups - JDK-8320673: PageFormat/CustomPaper.java has no Pass/Fail buttons; multiple instructions - JDK-8320675: PrinterJob/SecurityDialogTest.java hangs - JDK-8321163: [test] OutputAnalyzer.getExitValue() unnecessarily logs even when process has already completed - JDK-8321299: runtime/logging/ClassLoadUnloadTest.java doesn't reliably trigger class unloading - JDK-8321470: ThreadLocal.nextHashCode can be static final - JDK-8321543: Update NSS to version 3.96 - JDK-8321616: Retire binary test vectors in test/jdk/java/util/zip/ZipFile - JDK-8322754: click JComboBox when dialog about to close causes IllegalComponentStateException - JDK-8322766: Micro bench SSLHandshake should use default algorithms - JDK-8322809: SystemModulesMap::classNames and moduleNames arrays do not match the order - JDK-8322830: Add test case for ZipFile opening a ZIP with no entries - JDK-8323562: SaslInputStream.read() may return wrong value - JDK-8323688: C2: Fix UB of jlong overflow in PhaseIdealLoop::is_counted_loop() - JDK-8324808: Manual printer tests have no Pass/Fail buttons, instructions close set 3 - JDK-8324841: PKCS11 tests still skip execution - JDK-8325038: runtime/cds/appcds/ProhibitedPackage.java can fail with UseLargePages - JDK-8325525: Create jtreg test case for JDK-8325203 - JDK-8325587: Shenandoah: ShenandoahLock should allow blocking in VM - JDK-8325610: CTW: Add StressIncrementalInlining to stress options - JDK-8325616: JFR ZGC Allocation Stall events should record stack traces - JDK-8325762: Use PassFailJFrame.Builder.splitUI() in PrintLatinCJKTest.java - JDK-8325851: Hide PassFailJFrame.Builder constructor - JDK-8326100: DeflaterDictionaryTests should use Deflater.getBytesWritten instead of Deflater.getTotalOut - JDK-8326121: vmTestbase/gc/g1/unloading/tests/unloading_keepRef_rootClass_inMemoryCompilation_keep_cl failed with Full gc happened. Test was useless. - JDK-8326611: Clean up vmTestbase/nsk/stress/stack tests - JDK-8326898: NSK tests should listen on loopback addresses only - JDK-8326948: Force English locale for timeout formatting - JDK-8327401: Some jtreg tests fail on Wayland without any tracking bug - JDK-8327474: Review use of java.io.tmpdir in jdk tests - JDK-8327924: Simplify TrayIconScalingTest.java - JDK-8328021: Convert applet test java/awt/List/SetFontTest/SetFontTest.html to main program - JDK-8328242: Add a log area to the PassFailJFrame - JDK-8328303: 3 JDI tests timed out with UT enabled - JDK-8328379: Convert URLDragTest.html applet test to main - JDK-8328402: Implement pausing functionality for the PassFailJFrame - JDK-8328619: sun/management/jmxremote/bootstrap/SSLConfigFilePermissionTest.java failed with BindException: Address already in use - JDK-8328697: SubMenuShowTest and SwallowKeyEvents tests stabilization - JDK-8328723: IP Address error when client enables HTTPS endpoint check on server socket - JDK-8328957: Update PKCS11Test.java to not use hardcoded path - JDK-8330278: Have SSLSocketTemplate.doClientSide use loopback address - JDK-8330464: hserr generic events - add entry for the before_exit calls - JDK-8330621: Make 5 compiler tests use ProcessTools.executeProcess - JDK-8330814: Cleanups for KeepAliveCache tests - JDK-8331142: Add test for number of loader threads in BasicDirectoryModel - JDK-8331391: Enhance the keytool code by invoking the buildTrustedCerts method for essential options - JDK-8331405: Shenandoah: Optimize ShenandoahLock with TTAS - JDK-8331411: Shenandoah: Reconsider spinning duration in ShenandoahLock - JDK-8331495: Limit BasicDirectoryModel/LoaderThreadCount.java to Windows only - JDK-8331626: unsafe.cpp:162:38: runtime error in index_oop_from_field_offset_long - applying non-zero offset 4563897424 to null pointer - JDK-8331789: ubsan: deoptimization.cpp:403:29: runtime error: load of value 208, which is not a valid value for type 'bool' - JDK-8331863: DUIterator_Fast used before it is constructed - JDK-8331864: Update Public Suffix List to 1cbd6e7 - JDK-8331999: BasicDirectoryModel/LoaderThreadCount.java frequently fails on Windows in CI - JDK-8332340: Add JavacBench as a test case for CDS - JDK-8332473: ubsan: growableArray.hpp:290:10: runtime error: null pointer passed as argument 1, which is declared to never be null - JDK-8332589: ubsan: unix/native/libjava/ProcessImpl_md.c:562:5: runtime error: null pointer passed as argument 2, which is declared to never be null - JDK-8332720: ubsan: instanceKlass.cpp:3550:76: runtime error: member call on null pointer of type 'struct Array' - JDK-8332724: x86 MacroAssembler may over-align code - JDK-8332777: Update JCStress test suite - JDK-8332825: ubsan: guardedMemory.cpp:35:11: runtime error: null pointer passed as argument 2, which is declared to never be null - JDK-8332866: Crash in ImageIO JPEG decoding when MEM_STATS in enabled - JDK-8332901: Select{Current,New}ItemTest.java for Choice don't open popup on macOS - JDK-8332903: ubsan: opto/output.cpp:1002:18: runtime error: load of value 171, which is not a valid value for type 'bool' - JDK-8332904: ubsan ppc64le: c1_LIRGenerator_ppc.cpp:581:21: runtime error: signed integer overflow: 9223372036854775807 - 1 cannot be represented in type 'long int' - JDK-8332935: Crash: assert(*lastPtr != 0) failed: Mismatched JNINativeInterface tables, check for new entries - JDK-8333317: Test sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java failed with: Invalid ECDH ServerKeyExchange signature - JDK-8333824: Unused ClassValue in VarHandles - JDK-8334057: JLinkReproducibleTest.java support receive test.tool.vm.opts - JDK-8334405: java/nio/channels/Selector/SelectWithConsumer.java#id0 failed in testWakeupDuringSelect - JDK-8334562: Automate com/sun/security/auth/callback/TextCallbackHandler/Default.java test - JDK-8334567: [test] runtime/os/TestTracePageSizes move ppc handling - JDK-8335142: compiler/c1/TestTraceLinearScanLevel.java occasionally times out with -Xcomp - JDK-8335267: [XWayland] move screencast tokens from .awt to .java folder - JDK-8335344: test/jdk/sun/security/tools/keytool/NssTest.java fails to compile - JDK-8335428: Enhanced Building of Processes - JDK-8335449: runtime/cds/DeterministicDump.java fails with File content different at byte ... - JDK-8335493: check_gc_overhead_limit should reset SoftRefPolicy::_should_clear_all_soft_refs - JDK-8335530: Java file extension missing in AuthenticatorTest - JDK-8335709: C2: assert(!loop->is_member(get_loop(useblock))) failed: must be outside loop - JDK-8335904: Fix invalid comment in ShenandoahLock - JDK-8335912, JDK-8337499: Add an operation mode to the jar command when extracting to not overwriting existing files - JDK-8336240: Test com/sun/crypto/provider/Cipher/DES/PerformanceTest.java fails with java.lang.ArithmeticException - JDK-8336257: Additional tests in jmxremote/startstop to match on PID not app name - JDK-8336315: tools/jpackage/windows/WinChildProcessTest.java Failed: Check is calculator process is alive - JDK-8336342: Fix known X11 library locations in sysroot - JDK-8336343: Add more known sysroot library locations for ALSA - JDK-8336413: gtk headers : Fix typedef redeclaration of GMainContext and GdkPixbuf - JDK-8336564: Enhance mask blit functionality redux - JDK-8336854: CAInterop.java#actalisauthenticationrootca conflicted with /manual and /timeout - JDK-8337066: Repeated call of StringBuffer.reverse with double byte string returns wrong result - JDK-8337320: Update ProblemList.txt with tests known to fail on XWayland - JDK-8337410: The makefiles should set problemlist and adjust timeout basing on the given VM flags - JDK-8337780: RISC-V: C2: Change C calling convention for sp to NS - JDK-8337810: ProblemList BasicDirectoryModel/LoaderThreadCount.java on Windows - JDK-8337851: Some tests have name which confuse jtreg - JDK-8337966: (fs) Files.readAttributes fails with Operation not permitted on older docker releases - JDK-8338058: map_or_reserve_memory_aligned Windows enhance remap assertion - JDK-8338101: remove old remap assertion in map_or_reserve_memory_aligned after JDK-8338058 - JDK-8338109: java/awt/Mouse/EnterExitEvents/ResizingFrameTest.java duplicate in ProblemList - JDK-8338286: GHA: Demote x86_32 to hotspot build only - JDK-8338380: Update TLSCommon/interop/AbstractServer to specify an interface to listen for connections - JDK-8338402: GHA: some of bundles may not get removed - JDK-8338748: [17u,21u] Test Disconnect.java compile error: cannot find symbol after JDK-8299813 - JDK-8338751: ConfigureNotify behavior has changed in KWin 6.2 - JDK-8338759: Add extra diagnostic to java/net/InetAddress/ptr/Lookup.java - JDK-8339081: Bump update version for OpenJDK: jdk-17.0.14 - JDK-8339180: Enhanced Building of Processes: Follow-on Issue - JDK-8339248: RISC-V: Remove li64 macro assembler routine and related code - JDK-8339384: Unintentional IOException in jdk.jdi module when JDWP end of stream occurs - JDK-8339470: [17u] More defensive fix for 8163921 - JDK-8339487: ProcessHandleImpl os_getChildren sysctl call - retry in case of ENOMEM and enhance exception message - JDK-8339548: GHA: RISC-V: Use Debian snapshot archive for bootstrap - JDK-8339560: Unaddressed comments during code review of JDK-8337664 - JDK-8339591: Mark jdk/jshell/ExceptionMessageTest.java intermittent - JDK-8339637: (tz) Update Timezone Data to 2024b - JDK-8339644: Improve parsing of Day/Month in tzdata rules - JDK-8339731: java.desktop/share/classes/javax/swing/text/html/default.css typo in margin settings - JDK-8339741: RISC-V: C ABI breakage for integer on stack - JDK-8339787: Add some additional diagnostic output to java/net/ipv6tests/UdpTest.java - JDK-8339803: Acknowledge case insensitive unambiguous keywords in tzdata files - JDK-8339892: Several security shell tests don't set TESTJAVAOPTS - JDK-8339931: Update problem list for WindowUpdateFocusabilityTest.java - JDK-8340007: Refactor KeyEvent/FunctionKeyTest.java - JDK-8340008: KeyEvent/KeyTyped/Numpad1KeyTyped.java has 15 seconds timeout - JDK-8340210: Add positionTestUI() to PassFailJFrame.Builder - JDK-8340230: Tests crash: assert(is_in_encoding_range || k->is_interface() || k->is_abstract()) failed: sanity - JDK-8340306: Add border around instructions in PassFailJFrame - JDK-8340308: PassFailJFrame: Make rows default to number of lines in instructions - JDK-8340365: Position the first window of a window list - JDK-8340387: Update OS detection code to recognize Windows Server 2025 - JDK-8340418: GHA: MacOS AArch64 bundles can be removed prematurely - JDK-8340461: Amend description for logArea - JDK-8340466: Add description for PassFailJFrame constructors - JDK-8340552: Harden TzdbZoneRulesCompiler against missing zone names - JDK-8340632: ProblemList java/nio/channels/DatagramChannel/ for Macos - JDK-8340657: [PPC64] SA determines wrong unextendedSP - JDK-8340684: Reading from an input stream backed by a closed ZipFile has no test coverage - JDK-8340785: Update description of PassFailJFrame and samples - JDK-8340799: Add border inside instruction frame in PassFailJFrame - JDK-8340812: LambdaForm customization via MethodHandle::updateForm is not thread safe - JDK-8340815: Add SECURITY.md file - JDK-8340899: Remove wildcard bound in PositionWindows.positionTestWindows - JDK-8341146: RISC-V: Unnecessary fences used for load-acquire in template interpreter - JDK-8341235: Improve default instruction frame title in PassFailJFrame - JDK-8341562: RISC-V: Generate comments in -XX:-PrintInterpreter to link to source code - JDK-8341635: [17u] runtime/ErrorHandling/ClassPathEnvVar test ignores external VM flags - JDK-8341688: Aarch64: Generate comments in -XX:-PrintInterpreter to link to source code - JDK-8341806: Gcc version detection failure on Alinux3 - JDK-8341927: Replace hardcoded security providers with new test.provider.name system property - JDK-8341997: Tests create files in src tree instead of scratch dir - JDK-8342181: Update tests to use stronger Key and Salt size - JDK-8342183: Update tests to use stronger algorithms and keys - JDK-8342188: Update tests to use stronger key parameters and certificates - JDK-8342496: C2/Shenandoah: SEGV in compiled code when running jcstress - JDK-8342578: GHA: RISC-V: Bootstrap using Debian snapshot is still failing - JDK-8342669: [21u] Fix TestArrayAllocatorMallocLimit after backport of JDK-8315097 - JDK-8342681: TestLoadBypassesNullCheck.java fails improperly specified VM option - JDK-8342701: [PPC64] TestOSRLotsOfLocals.java crashes - JDK-8342962: [s390x] TestOSRLotsOfLocals.java crashes - JDK-8343285: java.lang.Process is unresponsive and CPU usage spikes to 100% - JDK-8343474: [updates] Customize README.md to specifics of update project - JDK-8343687: [17u] TestAntiDependencyForPinnedLoads requires UTF-8 - JDK-8343848: Fix typo of property name in TestOAEPPadding after 8341927 - JDK-8343877: Test AsyncClose.java intermittent fails - Socket.getInputStream().read() wasn't preempted - JDK-8343923: GHA: Switch to Xcode 15 on MacOS AArch64 runners - JDK-8347011: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.14 Moderate SUSE bug 1236278 CVE-2025-21502 at SUSE CVE-2025-21502 at NVD cpe:/o:opensuse:leap:15.6 Security update for apache2-mod_security2 (Moderate) openSUSE Leap 15.6 This update for apache2-mod_security2 fixes the following issues: - CVE-2025-54571: Fixed insufficient return value handling on modsecurity leads to xss and source code disclosure (bsc#1247674) Moderate SUSE bug 1247674 CVE-2025-54571 at SUSE CVE-2025-54571 at NVD cpe:/o:opensuse:leap:15.6 Security update for open-vm-tools (Important) openSUSE Leap 15.6 This update for open-vm-tools fixes the following issues: - CVE-2025-41244: local privilege escalation via the Service Discovery Plugin (bsc#1250373). Important SUSE bug 1250373 CVE-2025-41244 at SUSE CVE-2025-41244 at NVD cpe:/o:opensuse:leap:15.6 Security update for orc (Important) openSUSE Leap 15.6 This update for orc fixes the following issues: - CVE-2024-40897: Fixed stack-based buffer overflow in the Orc compiler when formatting error messages for certain input files (bsc#1228184) Important SUSE bug 1228184 CVE-2024-40897 at SUSE CVE-2024-40897 at NVD cpe:/o:opensuse:leap:15.6 Security update for openssl-3 (Important) openSUSE Leap 15.6 This update for openssl-3 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). Important SUSE bug 1250232 CVE-2025-9230 at SUSE CVE-2025-9230 at NVD cpe:/o:opensuse:leap:15.6 Security update for openssl-1_1 (Important) openSUSE Leap 15.6 This update for openssl-1_1 fixes the following issues: - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap (bsc#1250232). Important SUSE bug 1250232 CVE-2025-9230 at SUSE CVE-2025-9230 at NVD cpe:/o:opensuse:leap:15.6 Security update for nginx (Moderate) openSUSE Leap 15.6 This update for nginx fixes the following issues: - CVE-2025-53859:?the server side may leak arbitrary bytes during the NGINX SMTP authentication process (bsc#1248070). - CVE-2025-23419: session resumption can bypass client certificate authentication requirements using TLSv1.3 (bsc#1236851). Moderate SUSE bug 1236851 SUSE bug 1248070 CVE-2025-23419 at SUSE CVE-2025-23419 at NVD CVE-2025-53859 at SUSE CVE-2025-53859 at NVD cpe:/o:opensuse:leap:15.6 Security update for snpguest (Moderate) openSUSE Leap 15.6 This update for snpguest fixes the following issues: - CVE-2024-12224: idna: acceptance of Punycode labels that do not produce any non-ASCII output may lead to incorrect hostname comparisons and incorrect URL parsing (bsc#1243869). - CVE-2025-3416: openssl: use-after-free in `Md::fetch` and `Cipher::fetch` when `Some(...)` value is passed to the `properties` argument (bsc#1242601). Moderate SUSE bug 1242601 SUSE bug 1243869 CVE-2024-12224 at SUSE CVE-2024-12224 at NVD CVE-2025-3416 at SUSE CVE-2025-3416 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Django (Critical) openSUSE Leap 15.6 This update for python-Django fixes the following issues: - CVE-2025-59681: SQL injection via the `QuerySet` annotate()`, `alias()`, `aggregate()`, or `extra()` methods when processing a specially crafted dictionary with dictionary expansion (bsc#1250485). - CVE-2025-59682: directory traversal via the `django.utils.archive.extract()` function when processing an archive with file paths that share a common prefix with the target directory (bsc#1250487). Critical SUSE bug 1250485 SUSE bug 1250487 CVE-2025-59681 at SUSE CVE-2025-59681 at NVD CVE-2025-59682 at SUSE CVE-2025-59682 at NVD cpe:/o:opensuse:leap:15.6 Security update for warewulf4 (Moderate) openSUSE Leap 15.6 This update for warewulf4 fixes the following issues: Update to version 4.6.4. Security issues fixed: - CVE-2025-58058: xz: excessive memory consuption when unpacking a large number of corrupted LZMA archives (bsc#1248906). Other issues fixed: - Convert disk booleans from `wwbool` to `*bool` which allows bools in disk to be set to false via command line (bsc#1248768). - Fix `wwctl` upgrade nodes to handle kernel argument lists (bsc#1227686, bsc#1227465). - Mark `slurm` as recommeneded in the `warewulf4-overlay-slurm` package (bsc#1246082). - Switch to `dnsmasq` as default DHCP and TFTP provider. - v4.6.4 release updates: * Update NetworkManager Overlay * Disable IPv4 in NetworkManager if no address or route is specified * Fix(`wwctl`): create overlay edit `tempfile` in `tmpdir` * Add default for systemd name for warewulf in `warewulf.conf` * Atomic overlay file application in `wwclient` * Simpler names for overlay methods * Fix `warewulfd` API behavior when deleting distribution overlay - v4.6.3 release updates: * IPv6 iPXE support * Fix a race condition in `wwctl` overlay edit * Fixed handling of comma-separated mount options in `fstab` and `ignition` overlays * Move `reexec.Init()` to beginning of `wwctl` * Added `warewuld` configure option * Address copilot review from #1945 * Bugfix: cloning a site overlay when parent dir does not exist * Clone to a site overlay when adding files in `wwapi` * Consolidated `createOverlayFile` and `updateOverlayFile` to `addOverlayFile` * Support for creating and updating overlay file in `wwapi` * Only return overlay files that refer to a path within the overlay * Add overlay file deletion support * `DELETE /api/overlays/{id}?force=true` can delete overlays in use * Restore idempotency of `PUT /api/nodes/{id}` * Simplify overlay mtime API and add tests * Add node overlay buildtime * Improved `netplan` support * Rebuild overlays for discovered nodes - v4.6.2 release updates: * (preview) support for provisioning to local disk - incoperated from v4.6.1: * REST API, which is disabled in the default configuration Moderate SUSE bug 1227465 SUSE bug 1227686 SUSE bug 1246082 SUSE bug 1248768 SUSE bug 1248906 CVE-2025-58058 at SUSE CVE-2025-58058 at NVD cpe:/o:opensuse:leap:15.6 Security update for cairo (Low) openSUSE Leap 15.6 This update for cairo fixes the following issues: - CVE-2025-50422: Fixed Poppler crash on malformed input (bsc#1247589) - Update to version 1.18.4: + The dependency on LZO has been made optional through a build time configuration toggle. + You can build Cairo against a Freetype installation that does not have the FT_Color type. + Cairo tests now build on Solaris 11.4 with GCC 14. + The DirectWrite backend now builds on MINGW 11. + The DirectWrite backend now supports font variations and proper glyph coverage. - Use tarball in lieu of source service due to freedesktop gitlab migration, will switch back at next release at the latest. - Add pkgconfig(lzo2) BuildRequires: New optional dependency, build lzo2 support feature. - Convert to source service: allows for easier upgrades by the GNOME team. - Update to version 1.18.2: + The malloc-stats code has been removed from the tests directory + Cairo now requires a version of pixman equal to, or newer than, 0.40. + There have been multiple build fixes for newer versions of GCC for MSVC; for Solaris; and on macOS 10.7. + PNG errors caused by loading malformed data are correctly propagated to callers, so they can handle the case. + Both stroke and fill colors are now set when showing glyphs on a PDF surface. + All the font options are copied when creating a fallback font object. + When drawing text on macOS, Cairo now tries harder to select the appropriate font name. + Cairo now prefers the COLRv1 table inside a font, if one is available. + Cairo requires a C11 toolchain when building. Low SUSE bug 1247589 CVE-2025-50422 at SUSE CVE-2025-50422 at NVD cpe:/o:opensuse:leap:15.6 Security update for frr (Moderate) openSUSE Leap 15.6 This update for frr fixes the following issues: - CVE-2024-55553: excessive resource consumption may lead to denial of service due to repeated RIB revalidation when processing several RPKI updates (bsc#1235237). Moderate SUSE bug 1235237 CVE-2024-55553 at SUSE CVE-2024-55553 at NVD cpe:/o:opensuse:leap:15.6 Security update for logback (Moderate) openSUSE Leap 15.6 This update for logback fixes the following issues: - CVE-2025-11226: fixed the ACE vulnerability in conditional configuration file processing (bsc#1250715) Moderate SUSE bug 1250715 CVE-2025-11226 at SUSE CVE-2025-11226 at NVD cpe:/o:opensuse:leap:15.6 Security update for ghostscript (Low) openSUSE Leap 15.6 This update for ghostscript fixes the following issues: - CVE-2025-48708: Fixed password disclosure due to lacks of argument sanitization (bsc#1243701) Low SUSE bug 1243701 CVE-2025-48708 at SUSE CVE-2025-48708 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaFirefox (Important) openSUSE Leap 15.6 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.3.1 ESR (bsc#1250452). - Improved reliability when HTTP/3 connections fail: Firefox no longer forces HTTP/2 during fallback, allowing the server to choose the protocol and preventing stalls on some sites. Important SUSE bug 1250452 cpe:/o:opensuse:leap:15.6 Security update for rubygem-puma (Important) openSUSE Leap 15.6 This update for rubygem-puma fixes the following issues: Update to version 5.6.9. - CVE-2024-45614: improper header normalization allows for clients to clobber proxy set headers, which can lead to information leaks (bsc#1230848, fixed in an earlier update). - CVE-2024-21647: unbounded resource consumption due to invalid parsing of chunked encoding in HTTP/1.1 can lead to denial-of-service attacks (bsc#1218638, fixed in an earlier update) - CVE-2023-40175: incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers can lead to HTTP request smuggling attacks (bsc#1214425, fixed in an earlier update). Important SUSE bug 1214425 SUSE bug 1218638 SUSE bug 1230848 CVE-2023-40175 at SUSE CVE-2023-40175 at NVD CVE-2024-21647 at SUSE CVE-2024-21647 at NVD CVE-2024-45614 at SUSE CVE-2024-45614 at NVD cpe:/o:opensuse:leap:15.6 Security update for libxml2 (Important) openSUSE Leap 15.6 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) Important SUSE bug 1236460 CVE-2022-49043 at SUSE CVE-2022-49043 at NVD cpe:/o:opensuse:leap:15.6 Security update for libxslt (Moderate) openSUSE Leap 15.6 This update for libxslt fixes the following issues: - CVE-2025-10911: fixed use-after-free with key data stored cross-RVT (bsc#1250553) Moderate SUSE bug 1250553 CVE-2025-10911 at SUSE CVE-2025-10911 at NVD cpe:/o:opensuse:leap:15.6 Security update for valkey (Critical) openSUSE Leap 15.6 This update for valkey to version 8.0.6 fixes the following issues: - CVE-2025-49844: Malicious Lua scripts may lead to remote code execution. [bsc#1250995] - CVE-2025-46817: Malicious Lua scripts may lead to integer overflow and potential remote code execution. [bsc#1250995] - CVE-2025-46818: Malicious Lua scripts can be executed in the context of another user. [bsc#1250995] - CVE-2025-46819: Malicious Lua scripts can trigger out-of-bound reads to facilitate denial-of-service attacks. [bsc#1250995] Critical SUSE bug 1250995 CVE-2025-46817 at SUSE CVE-2025-46817 at NVD CVE-2025-46818 at SUSE CVE-2025-46818 at NVD CVE-2025-46819 at SUSE CVE-2025-46819 at NVD CVE-2025-49844 at SUSE CVE-2025-49844 at NVD cpe:/o:opensuse:leap:15.6 Security update for redis7 (Critical) openSUSE Leap 15.6 This update for redis7 fixes the following issues: - CVE-2025-49844: Malicious Lua scripts may lead to remote code execution. [bsc#1250995] - CVE-2025-46817: Malicious Lua scripts may lead to integer overflow and potential remote code execution. [bsc#1250995] - CVE-2025-46818: Malicious Lua scripts can be executed in the context of another user. [bsc#1250995] - CVE-2025-46819: Malicious Lua scripts can trigger out-of-bound reads to facilitate denial-of-service attacks. [bsc#1250995] Critical SUSE bug 1250995 CVE-2025-46817 at SUSE CVE-2025-46817 at NVD CVE-2025-46818 at SUSE CVE-2025-46818 at NVD CVE-2025-46819 at SUSE CVE-2025-46819 at NVD CVE-2025-49844 at SUSE CVE-2025-49844 at NVD cpe:/o:opensuse:leap:15.6 Security update for redis (Critical) openSUSE Leap 15.6 This update for redis fixes the following issues: - CVE-2025-49844: Malicious Lua scripts may lead to remote code execution. [bsc#1250995] - CVE-2025-46817: Malicious Lua scripts may lead to integer overflow and potential remote code execution. [bsc#1250995] - CVE-2025-46818: Malicious Lua scripts can be executed in the context of another user. [bsc#1250995] - CVE-2025-46819: Malicious Lua scripts can trigger out-of-bound reads to facilitate denial-of-service attacks. [bsc#1250995] Critical SUSE bug 1250995 CVE-2025-46817 at SUSE CVE-2025-46817 at NVD CVE-2025-46818 at SUSE CVE-2025-46818 at NVD CVE-2025-46819 at SUSE CVE-2025-46819 at NVD CVE-2025-49844 at SUSE CVE-2025-49844 at NVD cpe:/o:opensuse:leap:15.6 Security update for ImageMagick (Moderate) openSUSE Leap 15.6 This update for ImageMagick fixes the following issues: - CVE-2025-57807: heap out-of-bounds?write?can lead to memory corruption (bsc#1249362). Moderate SUSE bug 1249362 CVE-2025-57807 at SUSE CVE-2025-57807 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-xmltodict (Moderate) openSUSE Leap 15.6 This update for python-xmltodict fixes the following issues: - CVE-2025-9375: XML injection vulnerability in `xmltodict` allows input data manipulation (bsc#1249036). Moderate SUSE bug 1249036 CVE-2025-9375 at SUSE CVE-2025-9375 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.25-openssl (Moderate) openSUSE Leap 15.6 This update for go1.25-openssl fixes the following issues: Update to version 1.25.1, released 2025-09-03 (bsc#1244485). Security issues fixed: - CVE-2025-47910: net/http: `CrossOriginProtection` insecure bypass patterns not limited to exact matches (bsc#1249141). Other issues fixed: - go#74822 cmd/go: 'get toolchain@latest' should ignore release candidates - go#74999 net: WriteMsgUDPAddrPort should accept IPv4-mapped IPv6 destination addresses on IPv4 UDP sockets - go#75008 os/exec: TestLookPath fails on plan9 after CL 685755 - go#75021 testing/synctest: bubble not terminating - go#75083 os: File.Seek doesn't set the correct offset with Windows overlapped handles Moderate SUSE bug 1244485 SUSE bug 1249141 CVE-2025-47910 at SUSE CVE-2025-47910 at NVD cpe:/o:opensuse:leap:15.6 Security update for open-vm-tools (Important) openSUSE Leap 15.6 This update for open-vm-tools fixes the following issues: - CVE-2025-41244: fixed a local privilege escalation vulnerability (bnc#1250373). Important SUSE bug 1250373 SUSE bug 1250692 CVE-2025-41244 at SUSE CVE-2025-41244 at NVD cpe:/o:opensuse:leap:15.6 Security update for docker-stable (Important) openSUSE Leap 15.6 This update for docker-stable fixes the following issues: Note this update contains a already fixed references mostly. - Remove git-core recommends on SLE to avoid pulling it in unnecessary. (bsc#1250508) This feature is mostly intended for developers ('docker build git://') so most users already have the dependency installed, and the error when git is missing is fairly straightforward (so they can easily figure out what they need to install). - Include historical changelog data from before the docker-stable fork. The initial changelog entry did technically provide all the necessary information, but our CVE tracking tools do not understand how the package is forked and so it seems that this package does not include fixes for ~12 years of updates. So, include a copy of the original package's changelog up until the fork point. bsc#1250596 - Update to docker-buildx v0.25.0. Upstream changelog: <https://github.com/docker/buildx/releases/tag/v0.25.0> - Update to Go 1.23 for building now that upstream has switched their 23.0.x LTSS to use Go 1.23. - Do not try to inject SUSEConnect secrets when in Rootless Docker mode, as Docker does not have permission to access the host zypper credentials in this mode (and unprivileged users cannot disable the feature using /etc/docker/suse-secrets-enable.) bsc#1240150 - Initial docker-stable fork, forked from Docker 24.0.7-ce release (packaged on 2024-02-14). The original changelog is included below for historical reference. Important SUSE bug 1001161 SUSE bug 1004490 SUSE bug 1007249 SUSE bug 1009961 SUSE bug 1012568 SUSE bug 1015661 SUSE bug 1016307 SUSE bug 1016992 SUSE bug 1019251 SUSE bug 1020806 SUSE bug 1021227 SUSE bug 1026827 SUSE bug 1028638 SUSE bug 1028639 SUSE bug 1029320 SUSE bug 1029630 SUSE bug 1030702 SUSE bug 1032287 SUSE bug 1032644 SUSE bug 1034053 SUSE bug 1034063 SUSE bug 1037436 SUSE bug 1037607 SUSE bug 1038476 SUSE bug 1038493 SUSE bug 1045628 SUSE bug 1046024 SUSE bug 1047218 SUSE bug 1048046 SUSE bug 1051429 SUSE bug 1055676 SUSE bug 1057743 SUSE bug 1058173 SUSE bug 1059011 SUSE bug 1064781 SUSE bug 1065609 SUSE bug 1066210 SUSE bug 1066801 SUSE bug 1069468 SUSE bug 1069758 SUSE bug 1072798 SUSE bug 1073877 SUSE bug 1074971 SUSE bug 1080978 SUSE bug 1084533 SUSE bug 1085117 SUSE bug 1085380 SUSE bug 1086185 SUSE bug 1089732 SUSE bug 1095817 SUSE bug 1096726 SUSE bug 1099277 SUSE bug 1100331 SUSE bug 1100727 SUSE bug 1102522 SUSE bug 1104821 SUSE bug 1105000 SUSE bug 1108038 SUSE bug 1112980 SUSE bug 1113313 SUSE bug 1114832 SUSE bug 1115464 SUSE bug 1118897 SUSE bug 1118898 SUSE bug 1118899 SUSE bug 1118990 SUSE bug 1119634 SUSE bug 1121412 SUSE bug 1121768 SUSE bug 1122469 SUSE bug 1124308 SUSE bug 1128376 SUSE bug 1128746 SUSE bug 1134068 SUSE bug 1138920 SUSE bug 1139649 SUSE bug 1142160 SUSE bug 1142413 SUSE bug 1143349 SUSE bug 1150397 SUSE bug 1153367 SUSE bug 1157330 SUSE bug 1158590 SUSE bug 1170415 SUSE bug 1170446 SUSE bug 1172377 SUSE bug 1174075 SUSE bug 1175081 SUSE bug 1176708 SUSE bug 1178760 SUSE bug 1178801 SUSE bug 1180243 SUSE bug 1180401 SUSE bug 1181594 SUSE bug 1181641 SUSE bug 1181677 SUSE bug 1181730 SUSE bug 1181732 SUSE bug 1182168 SUSE bug 1182476 SUSE bug 1182947 SUSE bug 1183855 SUSE bug 1184768 SUSE bug 1188447 SUSE bug 1190670 SUSE bug 1191015 SUSE bug 1191121 SUSE bug 1191334 SUSE bug 1191355 SUSE bug 1191434 SUSE bug 1192814 SUSE bug 1193273 SUSE bug 1193930 SUSE bug 1197284 SUSE bug 1197517 SUSE bug 1200022 SUSE bug 1200145 SUSE bug 1205375 SUSE bug 1206065 SUSE bug 1208074 SUSE bug 1210141 SUSE bug 1210797 SUSE bug 1211578 SUSE bug 1212368 SUSE bug 1213120 SUSE bug 1213229 SUSE bug 1213500 SUSE bug 1214107 SUSE bug 1214108 SUSE bug 1214109 SUSE bug 1215323 SUSE bug 1217513 SUSE bug 1219267 SUSE bug 1219268 SUSE bug 1219438 SUSE bug 1240150 SUSE bug 1247362 SUSE bug 1250508 SUSE bug 1250596 SUSE bug 885209 SUSE bug 907012 SUSE bug 907014 SUSE bug 908033 SUSE bug 909709 SUSE bug 909710 SUSE bug 909712 SUSE bug 913211 SUSE bug 913213 SUSE bug 920645 SUSE bug 930235 SUSE bug 931301 SUSE bug 935570 SUSE bug 938156 SUSE bug 942369 SUSE bug 942370 SUSE bug 946653 SUSE bug 949660 SUSE bug 950931 SUSE bug 953182 SUSE bug 954737 SUSE bug 954797 SUSE bug 954812 SUSE bug 956434 SUSE bug 958255 SUSE bug 959405 SUSE bug 963142 SUSE bug 964468 SUSE bug 964673 SUSE bug 965600 SUSE bug 965918 SUSE bug 968933 SUSE bug 968972 SUSE bug 970637 SUSE bug 974208 SUSE bug 976777 SUSE bug 977394 SUSE bug 978260 SUSE bug 980555 SUSE bug 983015 SUSE bug 984942 SUSE bug 987198 SUSE bug 988408 SUSE bug 988707 SUSE bug 989566 SUSE bug 993847 SUSE bug 995058 SUSE bug 995102 SUSE bug 995620 SUSE bug 996015 SUSE bug 999582 CVE-2014-3499 at SUSE CVE-2014-3499 at NVD CVE-2014-5277 at SUSE CVE-2014-5277 at NVD CVE-2014-6407 at SUSE CVE-2014-6407 at NVD CVE-2014-6408 at SUSE CVE-2014-6408 at NVD CVE-2014-8178 at SUSE CVE-2014-8178 at NVD CVE-2014-8179 at SUSE CVE-2014-8179 at NVD CVE-2014-9356 at SUSE CVE-2014-9356 at NVD CVE-2014-9357 at SUSE CVE-2014-9357 at NVD CVE-2014-9358 at SUSE CVE-2014-9358 at NVD CVE-2015-3627 at SUSE CVE-2015-3627 at NVD CVE-2015-3629 at SUSE CVE-2015-3629 at NVD CVE-2015-3630 at SUSE CVE-2015-3630 at NVD CVE-2015-3631 at SUSE CVE-2015-3631 at NVD CVE-2016-3697 at SUSE CVE-2016-3697 at NVD CVE-2016-8867 at SUSE CVE-2016-8867 at NVD CVE-2016-9962 at SUSE CVE-2016-9962 at NVD CVE-2017-14992 at SUSE CVE-2017-14992 at NVD CVE-2017-16539 at SUSE CVE-2017-16539 at NVD CVE-2018-10892 at SUSE CVE-2018-10892 at NVD CVE-2018-15664 at SUSE CVE-2018-15664 at NVD CVE-2018-16873 at SUSE CVE-2018-16873 at NVD CVE-2018-16874 at SUSE CVE-2018-16874 at NVD CVE-2018-16875 at SUSE CVE-2018-16875 at NVD CVE-2018-20699 at SUSE CVE-2018-20699 at NVD CVE-2019-13509 at SUSE CVE-2019-13509 at NVD CVE-2019-14271 at SUSE CVE-2019-14271 at NVD CVE-2020-12912 at SUSE CVE-2020-12912 at NVD CVE-2020-13401 at SUSE CVE-2020-13401 at NVD CVE-2020-15257 at SUSE CVE-2020-15257 at NVD CVE-2020-8694 at SUSE CVE-2020-8694 at NVD CVE-2020-8695 at SUSE CVE-2020-8695 at NVD CVE-2021-21284 at SUSE CVE-2021-21284 at NVD CVE-2021-21285 at SUSE CVE-2021-21285 at NVD CVE-2021-41089 at SUSE CVE-2021-41089 at NVD CVE-2021-41091 at SUSE CVE-2021-41091 at NVD CVE-2021-41092 at SUSE CVE-2021-41092 at NVD CVE-2021-41103 at SUSE CVE-2021-41103 at NVD CVE-2021-41190 at SUSE CVE-2021-41190 at NVD CVE-2021-43565 at SUSE CVE-2021-43565 at NVD CVE-2022-24769 at SUSE CVE-2022-24769 at NVD CVE-2022-27191 at SUSE CVE-2022-27191 at NVD CVE-2022-36109 at SUSE CVE-2022-36109 at NVD CVE-2023-28840 at SUSE CVE-2023-28840 at NVD CVE-2023-28841 at SUSE CVE-2023-28841 at NVD CVE-2023-28842 at SUSE CVE-2023-28842 at NVD CVE-2024-23650 at SUSE CVE-2024-23650 at NVD CVE-2024-23651 at SUSE CVE-2024-23651 at NVD CVE-2024-23652 at SUSE CVE-2024-23652 at NVD CVE-2024-23653 at SUSE CVE-2024-23653 at NVD CVE-2024-29018 at SUSE CVE-2024-29018 at NVD CVE-2024-41110 at SUSE CVE-2024-41110 at NVD CVE-2025-22868 at SUSE CVE-2025-22868 at NVD CVE-2025-22869 at SUSE CVE-2025-22869 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.25 (Important) openSUSE Leap 15.6 This update for go1.25 fixes the following issues: go1.25.2 (released 2025-10-07) includes security fixes to the archive/tar, crypto/tls, crypto/x509, encoding/asn1, encoding/pem, net/http, net/mail, net/textproto, and net/url packages, as well as bug fixes to the compiler, the runtime, and the context, debug/pe, net/http, os, and sync/atomic packages. (bsc#1244485) CVE-2025-58189 CVE-2025-61725 CVE-2025-58188 CVE-2025-58185 CVE-2025-58186 CVE-2025-61723 CVE-2025-58183 CVE-2025-47912 CVE-2025-58187 CVE-2025-61724: * bsc#1251255 CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information * bsc#1251253 CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress * bsc#1251260 CVE-2025-58188: crypto/x509: panic when validating certificates with DSA public keys * bsc#1251258 CVE-2025-58185: encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion * bsc#1251259 CVE-2025-58186: net/http: lack of limit when parsing cookies can cause memory exhaustion * bsc#1251256 CVE-2025-61723: encoding/pem: quadratic complexity when parsing some invalid inputs * bsc#1251261 CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map * bsc#1251257 CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames * bsc#1251254 CVE-2025-58187: crypto/x509: quadratic complexity when checking name constraints * bsc#1251262 CVE-2025-61724: net/textproto: excessive CPU consumption in Reader.ReadResponse * go#75111 os, syscall: volume handles with FILE_FLAG_OVERLAPPED fail when calling ReadAt * go#75116 os: Root.MkdirAll can return 'file exists' when called concurrently on the same path * go#75139 os: Root.OpenRoot sets incorrect name, losing prefix of original root * go#75221 debug/pe: pe.Open fails on object files produced by llvm-mingw 21 * go#75255 cmd/compile: export to DWARF types only referenced through interfaces * go#75347 testing/synctest: test timeout with no runnable goroutines * go#75357 net: new test TestIPv4WriteMsgUDPAddrPortTargetAddrIPVersion fails on plan9 * go#75524 crypto/internal/fips140/rsa: requires a panic if self-tests fail * go#75537 context: Err can return non-nil before Done channel is closed * go#75539 net/http: internal error: connCount underflow * go#75595 cmd/compile: internal compiler error with GOEXPERIMENT=cgocheck2 on github.com/leodido/go-urn * go#75610 sync/atomic: comment for Uintptr.Or incorrectly describes return value * go#75669 runtime: debug.decoratemappings don't work as expected Important SUSE bug 1244485 SUSE bug 1251253 SUSE bug 1251254 SUSE bug 1251255 SUSE bug 1251256 SUSE bug 1251257 SUSE bug 1251258 SUSE bug 1251259 SUSE bug 1251260 SUSE bug 1251261 SUSE bug 1251262 CVE-2025-47912 at SUSE CVE-2025-47912 at NVD CVE-2025-58183 at SUSE CVE-2025-58183 at NVD CVE-2025-58185 at SUSE CVE-2025-58185 at NVD CVE-2025-58186 at SUSE CVE-2025-58186 at NVD CVE-2025-58187 at SUSE CVE-2025-58187 at NVD CVE-2025-58188 at SUSE CVE-2025-58188 at NVD CVE-2025-58189 at SUSE CVE-2025-58189 at NVD CVE-2025-61723 at SUSE CVE-2025-61723 at NVD CVE-2025-61724 at SUSE CVE-2025-61724 at NVD CVE-2025-61725 at SUSE CVE-2025-61725 at NVD cpe:/o:opensuse:leap:15.6 Security update for bind (Important) openSUSE Leap 15.6 This update for bind fixes the following issues: Update to release 9.18.33 Security Fixes: - CVE-2024-11187: Fixes CPU exhaustion caused by many records in the additional section (bsc#1236596) - CVE-2024-12705: Fixes multiple issues in DNS-over-HTTPS implementation when under heavy query load (bsc#1236597) Important SUSE bug 1236596 SUSE bug 1236597 CVE-2024-11187 at SUSE CVE-2024-11187 at NVD CVE-2024-12705 at SUSE CVE-2024-12705 at NVD cpe:/o:opensuse:leap:15.6 Security update for etcd (Moderate) openSUSE Leap 15.6 This update for etcd fixes the following issues: Security Update to version 3.5.18: * Ensure all goroutines created by StartEtcd to exit before closing the errc * mvcc: restore tombstone index if it's first revision * Bump go toolchain to 1.22.11 * Avoid deadlock in etcd.Close when stopping during bootstrapping * etcdutl/etcdutl: use datadir package to build wal/snapdir * Remove duplicated <-s.ReadyNotify() * Do not wait for ready notify if the server is stopping * Fix mixVersion test case: ensure a snapshot to be sent out * *: support custom content check offline in v2store * Print warning message for deprecated flags if set * fix runtime error: comparing uncomparable type * add tls min/max version to grpc proxy - Fixing a configuration data loss bug: Fillup really really wants that the template and the target file actually follow the sysconfig format. The current config and the current template do not fulfill this requirement. Move the current /etc/sysconfig/etcd to /etc/default/etcd and install a new sysconfig file which only adds the ETCD_OPTIONS option, which is actually used by the unit file. This also makes it a bit cleaner to move etcd to use --config-file in the long run. - Update etcd configuration file based on https://github.com/etcd-io/etcd/blob/v3.5.17/etcd.conf.yml.sample Update to version 3.5.17: * fix(defrag): close temp file in case of error * Bump go toolchain to 1.22.9 * fix(defrag): handle defragdb failure * fix(defrag): handle no space left error * [3.5] Fix risk of a partial write txn being applied * [serverWatchStream] terminate recvLoop on sws.close() Update to version 3.5.16: * Bump go toolchain to 1.22.7 * Introduce compaction sleep interval flag * Fix passing default grpc call options in Kubernetes client * Skip leadership check if the etcd instance is active processing heartbeats * Introduce Kubernetes KV interface to etcd client Update to version 3.5.15: * Differentiate the warning message for rejected client and peer * connections * Suppress noisy basic auth token deletion log * Support multiple values for allowed client and peer TLS identities(#18015) * print error log when validation on conf change failed Update to version 3.5.14: * etcdutl: Fix snapshot restore memory alloc issue * server: Implement WithMmapSize option for backend config * gRPC health server sets serving status to NOT_SERVING on defrag * server/mvcc: introduce compactBeforeSetFinishedCompact failpoint * Update the compaction log when bootstrap and update compact's signature * add experimental-snapshot-catchup-entries flag. * Fix retry requests when receiving ErrGPRCNotSupportedForLearner Update to version 3.5.13: * Fix progress notification for watch that doesn't get any events * pkg/types: Support Unix sockets in NewURLS * added arguments to the grpc-proxy: dial-keepalive-time, dial-keepalive-timeout, permit-without-stream * server: fix comment to match function name * Make CGO_ENABLED configurable for etcd 3.5 * etcdserver: drain leaky goroutines before test completed Moderate SUSE bug 1095184 SUSE bug 1183703 cpe:/o:opensuse:leap:15.6 Security update for haproxy (Moderate) openSUSE Leap 15.6 This update for haproxy fixes the following issues: - CVE-2025-11230: Fixed issue in the mjson JSON decoder, that could have let to excessive resource consumption when processing numbers with large exponents (bsc#1250983). Moderate SUSE bug 1250983 CVE-2025-11230 at SUSE CVE-2025-11230 at NVD cpe:/o:opensuse:leap:15.6 Security update for libxslt (Moderate) openSUSE Leap 15.6 This update for libxslt fixes the following issues: - last fix caused a regression, patch was temporary disabled [bsc#1250553] Moderate SUSE bug 1250553 CVE-2025-10911 at SUSE CVE-2025-10911 at NVD cpe:/o:opensuse:leap:15.6 Security update for qt6-base (Moderate) openSUSE Leap 15.6 This update for qt6-base fixes the following issues: - CVE-2025-5455: processing of malformed data in `qDecodeDataUrl()` can trigger assertion and cause a crash (bsc#1243958). - CVE-2025-30348: complex algorithm used in `encodeText` in QDom when processing XML data can cause low performance (bsc#1239896). Moderate SUSE bug 1239896 SUSE bug 1243958 CVE-2025-30348 at SUSE CVE-2025-30348 at NVD CVE-2025-5455 at SUSE CVE-2025-5455 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-53261: coresight: Fix memory leak in acpi_buffer->pointer (bsc#1249770). - CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabled (bsc#1240324). - CVE-2025-22022: usb: xhci: Apply the link chain quirk on NEC isoc endpoints (bsc#1241292). - CVE-2025-38119: scsi: core: ufs: Fix a hang in the error handler (bsc#1245700). - CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057). - CVE-2025-38263: bcache: fix NULL pointer in cache_set_flush() (bsc#1246248). - CVE-2025-38351: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (bsc#1246782). - CVE-2025-38402: idpf: return 0 size for RSS key if not supported (bsc#1247262). - CVE-2025-38408: genirq/irq_sim: Initialize work context pointers properly (bsc#1247126). - CVE-2025-38418: remoteproc: core: Release rproc->clean_table after rproc_attach() fails (bsc#1247137). - CVE-2025-38419: remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() (bsc#1247136). - CVE-2025-38456: ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() (bsc#1247099). - CVE-2025-38466: perf: Revert to requiring CAP_SYS_ADMIN for uprobes (bsc#1247442). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38514: rxrpc: Fix oops due to non-existence of prealloc backlog struct (bsc#1248202). - CVE-2025-38526: ice: add NULL check in eswitch lag check (bsc#1248192). - CVE-2025-38527: smb: client: fix use-after-free in cifs_oplock_break (bsc#1248199). - CVE-2025-38533: net: libwx: fix the using of Rx buffer DMA (bsc#1248200). - CVE-2025-38544: rxrpc: Fix bug due to prealloc collision (bsc#1248225). - CVE-2025-38556: HID: core: Harden s32ton() against conversion to 0 bits (bsc#1248296). - CVE-2025-38574: pptp: ensure minimal skb length in pptp_xmit() (bsc#1248365). - CVE-2025-38584: padata: Fix pd UAF once and for all (bsc1248343). - CVE-2025-38590: net/mlx5e: Remove skb secpath if xfrm state is not found (bsc#1248360). - CVE-2025-38593: kABI workaround for bluetooth discovery_state change (bsc#1248357). - CVE-2025-38595: xen: fix UAF in dmabuf_exp_from_pages() (bsc#1248380). - CVE-2025-38597: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port (bsc#1248378). - CVE-2025-38605: wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (bsc#1248334). - CVE-2025-38614: eventpoll: Fix semi-unbounded recursion (bsc#1248392). - CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1248512). - CVE-2025-38622: net: drop UFO packets in udp_rcv_segment() (bsc#1248619). - CVE-2025-38623: PCI: pnv_php: Fix surprise plug detection and recovery (bsc#1248610). - CVE-2025-38639: netfilter: xt_nfacct: do not assume acct name is null-terminated (bsc#1248674). - CVE-2025-38640: bpf: Disable migration in nf_hook_run_bpf() (bsc#1248622). - CVE-2025-38643: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (bsc#1248681). - CVE-2025-38645: net/mlx5: Check device memory pointer before usage (bsc#1248626). - CVE-2025-38659: gfs2: No more self recovery (bsc#1248639). - CVE-2025-38660: [ceph] parse_longname(): strrchr() expects NUL-terminated string (bsc#1248634). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38668: regulator: core: fix NULL dereference on unbind due to stale coupling data (bsc#1248647). - CVE-2025-38676: iommu/amd: Avoid stack buffer overflow from kernel cmdline (bsc#1248775). - CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126). - CVE-2025-38679: media: venus: Fix OOB read due to missing payload bound check (bsc#1249202). - CVE-2025-38684: net/sched: ets: use old 'nbands' while purging unused classes (bsc#1249156). - CVE-2025-38701: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (bsc#1249258). - CVE-2025-38705: drm/amd/pm: fix null pointer access (bsc#1249334). - CVE-2025-38709: loop: Avoid updating block size under exclusive owner (bsc#1249199). - CVE-2025-38721: netfilter: ctnetlink: fix refcount leak on table dump (bsc#1249176). - CVE-2025-38722: habanalabs: fix UAF in export_dmabuf() (bsc#1249163). - CVE-2025-38730: io_uring/net: commit partial buffers on retry (bsc#1249172). - CVE-2025-38732: netfilter: nf_reject: do not leak dst refcount for loopback packets (bsc#1249262). - CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324). - CVE-2025-38735: gve: prevent ethtool ops after shutdown (bsc#1249288). - CVE-2025-39677: net/sched: Fix backlog accounting in qdisc_dequeue_internal (bsc#1249300). - CVE-2025-39678: platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (bsc#1249290). - CVE-2025-39681: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper (bsc#1249303). - CVE-2025-39682: tls: fix handling of zero-length records on the rx_list (bsc#1249284). - CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374). - CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315). - CVE-2025-39705: drm/amd/display: fix a Null pointer dereference vulnerability (bsc#1249295). - CVE-2025-39718: vsock/virtio: Validate length in packet header before skb_put() (bsc#1249305). - CVE-2025-39738: btrfs: do not allow relocation of partially dropped subvolumes (bsc#1249540). - CVE-2025-39744: rcu: Fix rcu_read_unlock() deadloop due to IRQ work (bsc#1249494). - CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516). - CVE-2025-39749: rcu: Protect ->defer_qs_iw_pending from data race (bsc#1249533). - CVE-2025-39754: mm/smaps: fix race between smaps_hugetlb_range and migration (bsc#1249524). - CVE-2025-39764: netfilter: ctnetlink: remove refcounting in expectation dumpers (bsc#1249513). - CVE-2025-39766: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (bsc#1249510). - CVE-2025-39770: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM (bsc#1249508). - CVE-2025-39773: net: bridge: fix soft lockup in br_multicast_query_expired() (bsc#1249504). - CVE-2025-39782: jbd2: prevent softlockup in jbd2_log_do_checkpoint() (bsc#1249526). - CVE-2025-39787: soc: qcom: mdt_loader: Deal with zero e_shentsize (bsc#1249545). - CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608). - CVE-2025-39810: bnxt_en: Fix memory corruption when FW resources change during ifdown (bsc#1249975). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). - CVE-2025-39825: smb: client: fix race with concurrent opens in rename(2) (bsc#1250179). - CVE-2025-39832: net/mlx5: Fix lockdep assertion on sync reset unload event (bsc#1249901). - CVE-2025-39835: xfs: do not propagate ENODATA disk errors into xattr code (bsc#1250025). - CVE-2025-39838: cifs: prevent NULL pointer dereference in UTF16 conversion (bsc#1250365). - CVE-2025-39842: ocfs2: prevent release journal inode after journal shutdown (bsc#1250267). - CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292). - CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276). - CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275). - CVE-2025-39854: ice: fix NULL access of tx->in_use in ice_ll_ts_intr (bsc#1250297). - CVE-2025-39857: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() (bsc#1250251). - CVE-2025-39865: tee: fix NULL pointer dereference in tee_shm_put (bsc#1250294). - CVE-2025-39885: ocfs2: fix recursive semaphore deadlock in fiemap call (bsc#1250407). - CVE-2025-40300: x86/vmscape: Warn when STIBP is disabled with SMT (bsc#1247483). The following non-security bugs were fixed: - 9p/xen: fix init sequence (git-fixes). - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes). - ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list (stable-fixes). - ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message (git-fixes). - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (git-fixes). - ACPI: debug: fix signedness issues in read/write helpers (git-fixes). - ACPI: processor: idle: Fix memory leak when register cpuidle device failed (git-fixes). - ACPI: property: Fix buffer properties extraction for subnodes (git-fixes). - ACPICA: Fix largest possible resource descriptor index (git-fixes). - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (stable-fixes). - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (stable-fixes). - ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup (stable-fixes). - ALSA: hda/realtek: Add ALC295 Dell TAS2781 I2C fixup (git-fixes). - ALSA: hda/realtek: Add support for HP Agusta using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY (stable-fixes). - ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx (stable-fixes). - ALSA: hda: intel-dsp-config: Prevent SEGFAULT if ACPI_HANDLE() is NULL (git-fixes). - ALSA: lx_core: use int type to store negative error codes (git-fixes). - ALSA: usb-audio: Add DSD support for Comtrue USB Audio device (stable-fixes). - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on more devices (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on some devices (stable-fixes). - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Convert comma to semicolon (git-fixes). - ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix block comments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix build with CONFIG_INPUT=n (git-fixes). - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (stable-fixes). - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (stable-fixes). - ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free (git-fixes). - ALSA: usb-audio: move mixer_quirks' min_mute into common quirk (stable-fixes). - ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (git-fixes). - ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (git-fixes). - ASoC: codecs: tx-macro: correct tx_macro_component_drv name (stable-fixes). - ASoC: imx-hdmi: remove cpu_pdev related code (git-fixes). - ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface (git-fixes). - ASoC: qcom: audioreach: fix potential null pointer dereference (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S (git-fixes). - ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() (git-fixes). - ASoC: wm8940: Correct PLL rate rounding (git-fixes). - ASoC: wm8940: Correct typo in control name (git-fixes). - ASoC: wm8974: Correct PLL rate rounding (git-fixes). - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (git-fixes). - Bluetooth: ISO: Fix possible UAF on iso_conn_free (git-fixes). - Bluetooth: ISO: do not leak skb in ISO_CONT RX (git-fixes). - Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO (git-fixes). - Bluetooth: MGMT: Fix possible UAFs (git-fixes). - Bluetooth: compute LE flow credits based on recvbuf space (git-fixes). - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (git-fixes). - Bluetooth: hci_sync: Avoid adding default advertising on startup (stable-fixes). - Bluetooth: hci_sync: Fix hci_resume_advertising_sync (git-fixes). - Bluetooth: qca: fix invalid device address check (git-fixes). - Bluetooth: qca: fix wcn3991 device address check (git-fixes). - Bluetooth: vhci: Prevent use-after-free by removing debugfs files early (git-fixes). - CONFIG & no reference -> OK temporarily, must be resolved eventually - Correct typos of References tags in some patches - Do not self obsolete older kernel variants - Drivers: hv: Always select CONFIG_SYSFB for Hyper-V guests (git-fixes). - Drivers: hv: Select CONFIG_SYSFB only if EFI is enabled (git-fixes). - EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller (git-fixes). - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (stable-fixes). - HID: input: rename hidinput_set_battery_charge_status() (stable-fixes). - HID: input: report battery status changes immediately (git-fixes). - HID: intel-ish-ipc: Remove redundant ready check after timeout function (git-fixes). - HID: mcp2221: Do not set bus speed on every transfer (stable-fixes). - HID: mcp2221: Handle reads greater than 60 bytes (stable-fixes). - HID: quirks: add support for Legion Go dual dinput modes (stable-fixes). - HID: wacom: Add a new Art Pen 2 (stable-fixes). - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (git-fixes) - IB/sa: Fix sa_local_svc_timeout_ms read race (git-fixes) - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table (stable-fixes). - Input: iqs7222 - avoid enabling unused interrupts (stable-fixes). - KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs (git-fixes). - KVM: SVM: Disable interception of SPEC_CTRL iff the MSR exists for the guest (git-fixes). - KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active (git-fixes). - KVM: VMX: Extract checking of guest's DEBUGCTL into helper (git-fixes). - KVM: VMX: Flush shadow VMCS on emergency reboot (git-fixes). - KVM: VMX: Handle KVM-induced preemption timer exits in fastpath for L2 (git-fixes). - KVM: VMX: Handle forced exit due to preemption timer in fastpath (git-fixes). - KVM: VMX: Re-enter guest in fastpath for 'spurious' preemption timer exits (git-fixes). - KVM: arm64: vgic: fix incorrect spinlock API usage (git-fixes). - KVM: s390: Fix incorrect usage of mmu_notifier_register() (git-fixes bsc#1250336). - KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table (git-fixes). - KVM: x86: Drop pending_smi vs. INIT_RECEIVED check when setting MP_STATE (git-fixes). - KVM: x86: Fully defer to vendor code to decide how to force immediate exit (git-fixes). - KVM: x86: Move handling of is_guest_mode() into fastpath exit handlers (git-fixes). - KVM: x86: Plumb 'force_immediate_exit' into kvm_entry() tracepoint (git-fixes). - KVM: x86: avoid underflow when scaling TSC frequency (git-fixes). - NFSv4.1: fix backchannel max_resp_sz verification check (git-fixes). - NFSv4/flexfiles: Fix layout merge mirror check (git-fixes). - NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set (git-fixes). - NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server (git-fixes). - NFSv4: Do not clear capabilities that won't be reset (git-fixes). - PCI/AER: Fix missing uevent on recovery when a reset is requested (git-fixes). - PCI/ERR: Fix uevent on failure to recover (git-fixes). - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (git-fixes). - PCI/sysfs: Ensure devices are powered for config reads (git-fixes). - PCI: Extend isolated function probing to LoongArch (git-fixes). - PCI: keystone: Use devm_request_irq() to free 'ks-pcie-error-irq' on exit (git-fixes). - PCI: rcar-host: Drop PMSR spinlock (git-fixes). - PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() (git-fixes). - PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert() (git-fixes). - PCI: tegra194: Handle errors in BPMP response (git-fixes). - PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock (git-fixes). - PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation (git-fixes). - PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() (git-fixes). - PM: sleep: core: Clear power.must_resume in noirq suspend error path (git-fixes). - RDMA/cm: Rate limit destroy CM ID timeout error message (git-fixes) - RDMA/core: Resolve MAC of next-hop device without ARP support (git-fixes) - RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count (git-fixes) - RDMA/mlx5: Fix vport loopback forcing for MPV device (git-fixes) - RDMA/rxe: Fix race in do_task() when draining (git-fixes) - RDMA/siw: Always report immediate post SQ errors (git-fixes) - Revert 'SUNRPC: Do not allow waiting for exiting tasks' (git-fixes). - Revert 'drm/amdgpu: fix incorrect vm flags to map bo' (stable-fixes). - SUNRPC: call xs_sock_process_cmsg for all cmsg (git-fixes). - Squashfs: add additional inode sanity checking (git-fixes). - Squashfs: fix uninit-value in squashfs_get_parent (git-fixes). - Squashfs: reject negative file sizes in squashfs_read_inode() (git-fixes). - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (git-fixes). - USB: serial: option: add Telit Cinterion FN990A w/audio compositions (stable-fixes). - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (stable-fixes). - afs: Fix potential null pointer dereference in afs_put_server (git-fixes). - arch: arm64: Drop arm64 patches that may lead to module load failure (bsc#1250057). - arm64: Handle KCOV __init vs inline mismatches (git-fixes) - arm64: Mark kernel as tainted on SAE and SError panic (git-fixes) - arm64: dts: apple: Add ethernet0 alias for J375 template (git-fixes) - arm64: dts: apple: t8103-j457: Fix PCIe ethernet iommu-map (git-fixes) - arm64: dts: imx8mp-tqma8mpql: fix LDO5 power off (git-fixes) - arm64: dts: imx8mp: Correct thermal sensor index (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul (git-fixes) - arm64: dts: rockchip: Add vcc-supply to SPI flash on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou (git-fixes). - arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma (git-fixes) - arm64: dts: rockchip: use cs-gpios for spi1 on ringneck (git-fixes) - arm64: ftrace: fix unreachable PLT for ftrace_caller in init_module (git-fixes) - ax25: properly unshare skbs in ax25_kiss_rcv() (git-fixes). - batman-adv: fix OOB read/write in network-coding decode (git-fixes). - bpf, bpftool: Fix incorrect disasm pc (git-fixes). - bpf: Adjust free target to avoid global starvation of LRU map (git-fixes). - bpf: Fix iter/task tid filtering (git-fixes). - bpf: Fix link info netfilter flags to populate defrag flag (git-fixes). - bpf: Make reg_not_null() true for CONST_PTR_TO_MAP (git-fixes). - bpf: Properly test iter/task tid filtering (git-fixes). - bpf: bpftool: Setting error code in do_loader() (git-fixes). - bpf: handle implicit declaration of function gettid in bpf_iter.c - bpf: skip non exist keys in generic_map_lookup_batch (git-fixes). - bpftool: Fix JSON writer resource leak in version command (git-fixes). - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure (git-fixes). - bpftool: Fix readlink usage in get_fd_type (git-fixes). - bpftool: Mount bpffs when pinmaps path not under the bpffs (git-fixes). - bpftool: fix potential NULL pointer dereferencing in prog_dump() (git-fixes). - btrfs: abort transaction during log replay if walk_log_tree() failed (git-fixes). - btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() (git-fixes). - btrfs: add cancellation points to trim loops (git-fixes). - btrfs: always abort transaction on failure to add block group to free space tree (git-fixes). - btrfs: always update fstrim_range on failure in FITRIM ioctl (git-fixes). - btrfs: avoid load/store tearing races when checking if an inode was logged (git-fixes). - btrfs: fix data overwriting bug during buffered write when block size &lt; page size (git-fixes). - btrfs: fix invalid extref key setup when replaying dentry (git-fixes). - btrfs: fix race between logging inode and checking if it was logged before (git-fixes). - btrfs: fix race between setting last_dir_index_offset and inode logging (git-fixes). - btrfs: make found_logical_ret parameter mandatory for function queue_scrub_stripe() (git-fixes). - btrfs: move transaction aborts to the error site in add_block_group_free_space() (git-fixes). - btrfs: qgroup: fix race between quota disable and quota rescan ioctl (git-fixes). - btrfs: scrub: avoid unnecessary csum tree search preparing stripes (git-fixes). - btrfs: scrub: avoid unnecessary extent tree search preparing stripes (git-fixes). - btrfs: scrub: fix grouping of read IO (git-fixes). - btrfs: scrub: remove scrub_ctx::csum_list member (git-fixes). - btrfs: split remaining space to discard in chunks (git-fixes). - btrfs: tree-checker: fix the incorrect inode ref size check (git-fixes). - btrfs: use SECTOR_SHIFT to convert physical offset to LBA (git-fixes). - build_bug.h: Add KABI assert (bsc#1249186). - bus: fsl-mc: Check return value of platform_get_resource() (git-fixes). - bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() (git-fixes). - can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: j1939: implement NETDEV_UNREGISTER notification handler (git-fixes). - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (git-fixes). - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (git-fixes). - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: peak_usb: fix shift-out-of-bounds issue (git-fixes). - can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (stable-fixes). - can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB (git-fixes). - cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN (stable-fixes). - ceph: fix possible integer overflow in ceph_zero_objects() (git-fixes). - ceph: validate snapdirname option length when mounting (git-fixes). - cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key (bsc#1241166). - cgroup/rstat: Optimize cgroup_rstat_updated_list() (bsc#1247963). - cgroup/rstat: Reduce cpu_lock hold time in cgroup_rstat_flush_locked() (bsc#1247963). - cgroup: llist: avoid memory tears for llist_node (bsc#1247963). - cgroup: make css_rstat_updated nmi safe (bsc#1247963). - cgroup: remove cgroup_rstat_flush_atomic() (bsc#1247963). - cgroup: remove per-cpu per-subsystem locks (bsc#1247963). - cgroup: support to enable nmi-safe css_rstat_updated (bsc#1247963). - compiler-clang.h: define __SANITIZE_*__ macros only when undefined (stable-fixes). - compiler: remove __ADDRESSABLE_ASM{_STR,}() again (git-fixes). - cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag (stable-fixes). - cpufreq: Exit governor when failed to start old governor (stable-fixes). - cpufreq: Init policy->rwsem before it may be possibly used (git-fixes). - cpufreq: Initialize cpufreq-based frequency-invariance later (git-fixes). - cpufreq: Initialize cpufreq-based invariance before subsys (git-fixes). - cpufreq: Use the fixed and coherent frequency for scaling capacity (stable-fixes). - cpufreq: cppc: Fix invalid return value in .get() callback (git-fixes). - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (git-fixes). - cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode (git-fixes). - cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode (git-fixes). - cpufreq: scpi: compare kHz instead of Hz (git-fixes). - cpufreq: tegra186: Share policy per cluster (stable-fixes). - cpupower: Fix a bug where the -t option of the set subcommand was not working (stable-fixes). - crypto: af_alg - Set merge to zero early in af_alg_sendmsg (git-fixes). - crypto: aspeed - Fix dma_unmap_sg() direction (git-fixes). - crypto: atmel - Fix dma_unmap_sg() direction (git-fixes). - crypto: hisilicon/qm - check whether the input function and PF are on the same device (git-fixes). - crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs (git-fixes). - crypto: keembay - Add missing check after sg_nents_for_len() (git-fixes). - crypto: qat - add shutdown handler to qat_c3xxx (git-fixes). - crypto: qat - add shutdown handler to qat_c62x (git-fixes). - crypto: qat - add shutdown handler to qat_dh895xcc (git-fixes). - dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted (stable-fixes). - dmaengine: Fix dma_async_tx_descriptor->tx_submit documentation (git-fixes). - dmaengine: dw: dmamux: Fix device reference leak in rzn1_dmamux_route_allocate (git-fixes). - dmaengine: idxd: Fix double free in idxd_setup_wqs() (git-fixes). - dmaengine: idxd: Fix refcount underflow on module unload (git-fixes). - dmaengine: idxd: Remove improper idxd_free (git-fixes). - dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (git-fixes). - dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (git-fixes). - dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (git-fixes). - docs: admin-guide: update to current minimum pipe size default (git-fixes). - drivers/base/node: fix double free in register_one_node() (git-fixes). - drivers/base/node: handle error properly in register_one_node() (git-fixes). - drivers/base/node: optimize memory block registration to reduce boot time (bsc#1241866). - drivers/base/node: remove register_mem_block_under_node_early() (bsc#1241866). - drivers/base/node: remove register_memory_blocks_under_node() function call from register_one_node (bsc#1241866). - drivers/base/node: rename __register_one_node() to register_one_node() (bsc#1241866). - drivers/base/node: rename register_memory_blocks_under_node() and remove context argument (bsc#1241866). - drm/amd/amdgpu: Fix missing error return on kzalloc failure (git-fixes). - drm/amd/display: Disable DPCD Probe Quirk (bsc#1248121). - drm/amd/display: Do not warn when missing DCE encoder caps (stable-fixes). - drm/amd/display: Remove redundant semicolons (git-fixes). - drm/amd/display: use udelay rather than fsleep (git-fixes). - drm/amd/pm: Adjust si_upload_smc_data register programming (v3) (git-fixes). - drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) (git-fixes). - drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) (git-fixes). - drm/amd/pm: Disable ULV even if unsupported (v3) (git-fixes). - drm/amd/pm: Fix si_upload_smc_data (v3) (git-fixes). - drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) (git-fixes). - drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages (stable-fixes). - drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time (stable-fixes). - drm/amdgpu: Power up UVD 3 for FW validation (v2) (git-fixes). - drm/amdgpu: drop hw access in non-DC audio fini (stable-fixes). - drm/amdgpu: fix a memory leak in fence cleanup when unloading (git-fixes). - drm/amdgpu: remove the redeclaration of variable i (git-fixes). - drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() (git-fixes). - drm/ast: Use msleep instead of mdelay for edid read (bsc#1250530). - drm/bridge: it6505: select REGMAP_I2C (git-fixes). - drm/bridge: ti-sn65dsi86: fix REFCLK setting (git-fixes). - drm/dp: Add an EDID quirk for the DPCD register access probe (bsc#1248121). - drm/dp: Change AUX DPCD probe address from LANE0_1_STATUS to TRAINING_PATTERN_SET (bsc#1248121). - drm/edid: Add support for quirks visible to DRM core and drivers (bsc#1248121). - drm/edid: Define the quirks in an enum list (bsc#1248121). - drm/gma500: Fix null dereference in hdmi teardown (git-fixes). - drm/i915/backlight: Return immediately when scale() finds invalid parameters (stable-fixes). - drm/i915/power: fix size for for_each_set_bit() in abox iteration (git-fixes). - drm/mediatek: fix potential OF node use-after-free (git-fixes). - drm/msm/dpu: fix incorrect type for ret (git-fixes). - drm/panel: novatek-nt35560: Fix invalid return value (git-fixes). - drm/radeon/r600_cs: clean up of dead code in r600_cs (git-fixes). - drm/rcar-du: dsi: Fix 1/2/3 lane support (git-fixes). - drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ (git-fixes). - drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path (git-fixes). - erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC (git-fixes). - ext4: remove writable userspace mappings before truncating page cache (bsc#1247223). - fbcon: Fix OOB access in font allocation (git-fixes). - fbcon: fix integer overflow in fbcon_do_set_font (git-fixes). - firewire: core: fix overlooked update of subsystem ABI version (git-fixes). - firmware: meson_sm: fix device leak at probe (git-fixes). - flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read (git-fixes). - fs/nfs/io: make nfs_start_io_*() killable (git-fixes). - fs: Limit patch filenames to 100 characters (bsc#1249604). - hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111). - hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open to prevent IPv6 addrconf (git-fixes). - hwmon: (mlxreg-fan) Separate methods of fan setting coming from different subsystems (git-fixes). - hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM (git-fixes). - hwrng: ks-sa - fix division by zero in ks_sa_rng_init (git-fixes). - hwrng: nomadik - add ARM_AMBA dependency (git-fixes). - hypfs_create_cpu_files(): add missing check for hypfs_mkdir() failure (git-fixes bsc#1249122). - i2c: designware: Add disabling clocks when probe fails (git-fixes). - i2c: i801: Hide Intel Birch Stream SoC TCO WDT (git-fixes). - i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (git-fixes). - i2c: riic: Allow setting frequencies lower than 50KHz (git-fixes). - i2c: tegra: Use internal reset when reset property is not available (bsc#1249143) - i3c: Fix default I2C adapter timeout value (git-fixes). - i3c: master: svc: Recycle unused IBI slot (git-fixes). - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (git-fixes). - iio: dac: ad5360: use int type to store negative error codes (git-fixes). - iio: dac: ad5421: use int type to store negative error codes (git-fixes). - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (git-fixes). - iio: frequency: adf4350: Fix prescaler usage (git-fixes). - iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume (git-fixes). - iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK (git-fixes). - iio: xilinx-ams: Unmask interrupts after updating alarms (git-fixes). - iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() (git-fixes). - isolcpus: add missing hunk back (bsc#1236897 bsc#1249206). - kABI fix after vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes). - kABI fix for 'netfilter: nf_tables: Audit log rule reset' (git-fixes). - kABI workaround for 'drm/dp: Add an EDID quirk for the DPCD register access probe' (bsc#1248121). - kABI workaround for RCU tasks exit tracking (bsc#1246298). - kABI: adjust new field on ip_ct_sctp struct (git-fixes). - kABI: arm64: ftrace: Restore init_module behavior (git-fixes). - kABI: arm64: ftrace: Restore struct mod_arch_specific layout (git-fixes). - kABI: make nft_trans_gc_catchall() public again (git-fixes). - kABI: netfilter flowtable move gc operation to bottom (git-fixes). - kabi: Restore layout of parallel_data (bsc1248343). - kabi: add struct cgroup_extra (bsc#1247963). - kabi: restore layout of struct cgroup_rstat_cpu (bsc#1247963). - kbuild/modpost: Continue processing all unresolved symbols when KLP_SYM_RELA is found (bsc#1218644, bsc#1250655). - kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522). - mISDN: Fix memory leak in dsp_hwec_enable() (git-fixes). - maple_tree: fix MAPLE_PARENT_RANGE32 and parent pointer docs (git-fixes). - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (git-fixes). - media: cx18: Add missing check after DMA map (git-fixes). - media: i2c: mt9v111: fix incorrect type for ret (git-fixes). - media: lirc: Fix error handling in lirc_register() (git-fixes). - media: pci: ivtv: Add missing check after DMA map (git-fixes). - media: rc: fix races with imon_disconnect() (git-fixes). - media: rj54n1cb0c: Fix memleak in rj54n1_probe() (git-fixes). - media: st-delta: avoid excessive stack usage (git-fixes). - media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (git-fixes). - media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() (git-fixes). - media: zoran: Remove zoran_fh structure (git-fixes). - memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (git-fixes). - mfd: rz-mtu3: Fix MTU5 NFCR register offset (git-fixes). - mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (git-fixes). - misc: genwqe: Fix incorrect cmd field being reported in error (git-fixes). - mm/hwpoison: do not send SIGBUS to processes with recovered clean pages (git-fixes). - mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn (git-fixes). - mm: introduce and use {pgd,p4d}_populate_kernel() (git-fixes). - mm: move page table sync declarations to linux/pgtable.h (git-fixes). - mmc: core: Use GFP_NOIO in ACMD22 (git-fixes). - mmc: mvsdio: Fix dma_unmap_sg() nents value (git-fixes). - mmc: sdhci-cadence: add Mobileye eyeQ support (stable-fixes). - mtd: nand: raw: atmel: Fix comment in timings preparation (stable-fixes). - mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (git-fixes). - mtd: rawnand: omap2: fix device leak on probe failure (git-fixes). - mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (git-fixes). - mtd: rawnand: stm32_fmc2: fix ECC overwrite (git-fixes). - net: hv_netvsc: fix loss of early receive events from host during channel open (git-fixes). - net: nfc: nci: Add parameter validation for packet data (git-fixes). - net: phy: fix phy_uses_state_machine() (git-fixes). - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (git-fixes). - net: rose: convert 'use' field to refcount_t (git-fixes). - net: rose: fix a typo in rose_clear_routes() (git-fixes). - net: rose: include node references in rose_neigh refcount (git-fixes). - net: rose: split remove and free operations in rose_remove_neigh() (stable-fixes). - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (git-fixes). - net: usb: cdc-ncm: check for filtering capability (git-fixes). - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (git-fixes). - netfilter: conntrack: fix extension size table (git-fixes). - netfilter: flowtable: GC pushes back packets to classic path (git-fixes). - netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp (git-fixes). - netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses (git-fixes). - netfilter: nf_conntrack_bridge: initialize err to 0 (git-fixes). - netfilter: nf_tables: A better name for nft_obj_filter (git-fixes). - netfilter: nf_tables: Audit log rule reset (git-fixes). - netfilter: nf_tables: Carry reset boolean in nft_obj_dump_ctx (git-fixes). - netfilter: nf_tables: Carry s_idx in nft_obj_dump_ctx (git-fixes). - netfilter: nf_tables: Deduplicate nft_register_obj audit logs (git-fixes). - netfilter: nf_tables: Drop pointless memset in nf_tables_dump_obj (git-fixes). - netfilter: nf_tables: Drop pointless memset when dumping rules (git-fixes). - netfilter: nf_tables: Fix entries val in rule reset audit log (git-fixes). - netfilter: nf_tables: Introduce nf_tables_getrule_single() (git-fixes). - netfilter: nf_tables: Open-code audit log call in nf_tables_getrule() (git-fixes). - netfilter: nf_tables: Unbreak audit log reset (git-fixes). - netfilter: nf_tables: Unconditionally allocate nft_obj_filter (git-fixes). - netfilter: nf_tables: audit log object reset once per table (git-fixes). - netfilter: nf_tables: bogus ENOENT when destroying element which does not exist (git-fixes). - netfilter: nf_tables: disallow element removal on anonymous sets (git-fixes). - netfilter: nf_tables: do not remove elements if set backend implements .abort (git-fixes). - netfilter: nf_tables: nft_obj_filter fits into cb->ctx (git-fixes). - netfilter: nf_tables: remove catchall element in GC sync path (git-fixes). - netfilter: nf_tables: revert do not remove elements if set backend implements .abort (git-fixes). - netfilter: nf_tables: split async and sync catchall in two functions (git-fixes). - netfilter: nfnetlink_log: silence bogus compiler warning (git-fixes). - netfilter: nft_payload: fix wrong mac header matching (git-fixes). - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (git-fixes). - netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC (git-fixes). - netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails (git-fixes). - netfilter: nft_set_rbtree: prefer sync gc to async worker (git-fixes). - netfilter: nft_set_rbtree: rename gc deactivate+erase function (git-fixes). - netfilter: xt_recent: fix (increase) ipv6 literal buffer length (git-fixes). - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* (git-fixes). - nouveau: fix disabling the nonstall irq due to storm code (git-fixes). - nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500). - nvme-pci: try function level reset on init failure (git-fixes). - nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500). - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500). - nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500). - orangefs: Remove unused type in macro fill_default_sys_attrs (git-fixes). - pcmcia: Add error handling for add_interval() in do_validate_mem() (git-fixes). - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() (git-fixes). - pcmcia: omap: Add missing check for platform_get_resource (git-fixes). - phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 (git-fixes). - phy: tegra: xusb: fix device and OF node leak at probe (git-fixes). - phy: ti-pipe3: fix device leak at unbind (git-fixes). - pinctrl: equilibrium: Remove redundant semicolons (git-fixes). - pinctrl: meson-gxl: add missing i2c_d pinmux (git-fixes). - pinctrl: renesas: Use int type to store negative error codes (git-fixes). - pinctrl: samsung: Drop unused S3C24xx driver data (git-fixes). - platform/mellanox: mlxbf-pmc: Remove newline char from event name input (git-fixes). - platform/mellanox: mlxbf-pmc: Validate event/enable input (git-fixes). - platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list (stable-fixes). - platform/x86: dell-wmi-sysman: Fix class device unregistration (git-fixes). - platform/x86: think-lmi: Fix class device unregistration (git-fixes). - platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches (git-fixes). - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (git-fixes). - power: supply: bq27xxx: restrict no-battery detection to bq27000 (git-fixes). - power: supply: cw2015: Fix a alignment coding style issue (git-fixes). - power: supply: max77976_charger: fix constant current reporting (git-fixes). - pptp: fix pptp_xmit() error path (git-fixes). - pwm: berlin: Fix wrong register in suspend/resume (git-fixes). - pwm: tiehrpwm: Fix corner case in clock divisor calculation (git-fixes). - pwm: tiehrpwm: Make code comment in .free() more useful (git-fixes). - rcu-tasks: Add data to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Eliminate deadlocks involving do_exit() and RCU (bsc#1246298) - rcu-tasks: Initialize callback lists at rcu_init() time (bsc#1246298) - rcu-tasks: Initialize data to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Maintain lists to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Maintain real-time response in (bsc#1246298) - rcu/exp: Fix RCU expedited parallel grace period kworker (git-fixes) - rcu/exp: Handle RCU expedited grace period kworker allocation (git-fixes) - rcu: Fix racy re-initialization of irq_work causing hangs (git-fixes) - regmap: Remove superfluous check for !config in __regmap_init() (git-fixes). - regulator: scmi: Use int type to store negative error codes (git-fixes). - regulator: sy7636a: fix lifecycle of power good gpio (git-fixes). - rpm: Configure KABI checkingness macro (bsc#1249186). - rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186). - rpm: Link arch-symbols script from scripts directory. - rpm: Link guards script from scripts directory. - s390/cpum_cf: Deny all sampling events by counter PMU (git-fixes bsc#1249481). - s390/hypfs: Avoid unnecessary ioctl registration in debugfs (git-fixes bsc#1248733 LTC#214881). - s390/hypfs: Enable limited access during lockdown (git-fixes bsc#1248733 LTC#214881). - s390/ism: fix concurrency management in ism_cmd() (git-fixes bsc#1248735). - s390/pai: Deny all events not handled by this PMU (git-fixes bsc#1249482). - s390/pci: Allow automatic recovery with minimal driver support (git-fixes bsc#1248734 LTC#214880). - s390/sclp: Fix SCCB present check (git-fixes bsc#1249123). - s390/stp: Remove udelay from stp_sync_clock() (git-fixes bsc#1249124). - s390/time: Use monotonic clock in get_cycles() (git-fixes bsc#1249125). - s390/vfio-ap: Fix no AP queue sharing allowed message written to kernel log (git-fixes bsc#1249488). - sched/deadline: Collect sched_dl_entity initialization (git-fixes) - sched/fair: Remove unused parameter from sched_asym() (git-fixes) - sched/fair: Take the scheduling domain into account in (git-fixes) - sched/isolation: Fix boot crash when maxcpus &lt; first (git-fixes) - sched/numa, mm: do not try to migrate memory to memoryless (git-fixes) - scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519). - scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519). - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519). - scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519). - scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519). - scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519). - scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519). - scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519). - scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519). - scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519). - scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519). - scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519). - scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519). - scsi: lpfc: Use int type to store negative error codes (bsc#1250519). - scsi: lpfc: use min() to improve code (bsc#1250519). - scsi: qla2xxx: Avoid stack frame size warning in qla_dfs (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() (git-fixes). - scsi: qla2xxx: Remove firmware URL (git-fixes). - scsi: qla2xxx: Use secs_to_jiffies() instead of msecs_to_jiffies() (git-fixes). - scsi: qla2xxx: edif: Fix incorrect sign of error code (git-fixes). - seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast (git-fixes). - selftests/bpf: Add asserts for netfilter link info (git-fixes). - selftests/bpf: Add cmp_map_pointer_with_const test (git-fixes). - selftests/bpf: Add test cases with CONST_PTR_TO_MAP null checks (git-fixes). - selftests/bpf: adapt one more case in test_lru_map to the new target_free (git-fixes). - selftests/cpufreq: Fix cpufreq basic read and update testcases (bsc#1250344). - selftests: bpf: test batch lookup on array of maps with holes (git-fixes). - serial: max310x: Add error checking in probe() (git-fixes). - serial: sc16is7xx: fix bug in flow control levels init (git-fixes). - soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (git-fixes). - spi: bcm2835: Remove redundant semicolons (git-fixes). - spi: cadence-quadspi: Flush posted register writes before DAC access (git-fixes). - spi: cadence-quadspi: Flush posted register writes before INDAC access (git-fixes). - spi: mtk-snfi: Remove redundant semicolons (git-fixes). - spi: spi-fsl-lpspi: Fix transmissions when using CONT (git-fixes). - spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (git-fixes). - spi: spi-fsl-lpspi: Set correct chip-select polarity bit (git-fixes). - struct cdc_ncm_ctx: hide new member filtering_supported (git-fixes). - struct ci_hdrc: new member has_short_pkt_limit to end (git-fixes). - struct l2cap_chan: shift new member rx_avail to end (git-fixes). - supported.conf: mark hyperv_drm as external - thermal/drivers/qcom/lmh: Add missing IRQ includes (git-fixes). - thunderbolt: Compare HMAC values in constant time (git-fixes). - tty: hvc_console: Call hvc_kick in hvc_write unconditionally (bsc#1230062). - tty: n_gsm: Do not block input queue by waiting MSC (git-fixes). - uio: uio_pdrv_genirq: Remove MODULE_DEVICE_TABLE (git-fixes). - usb: chipidea: add CI_HDRC_HAS_SHORT_PKT_LIMIT flag (git-fixes). - usb: core: Add 0x prefix to quirks debug output (stable-fixes). - usb: dwc3: imx8mp: fix device leak at unbind (git-fixes). - usb: dwc3: qcom: Do not leave BCR asserted (git-fixes). - usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (git-fixes). - usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure calls (git-fixes). - usb: typec: fusb302: cache PD RX state (git-fixes). - usb: typec: maxim_contaminant: disable low power mode when reading comparator values (git-fixes). - usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean (git-fixes). - usb: typec: tcpci: use GENMASK() for TCPC_ROLE_CTRL_CC[12] (git-fixes). - usb: typec: tcpm/tcpci_maxim: fix non-contaminant CC handling (git-fixes). - usb: typec: tcpm/tcpci_maxim: use GENMASK() for TCPC_VENDOR_CC_CTRL2 register (git-fixes). - usb: xhci: Fix invalid pointer dereference in Etron workaround (git-fixes). - use uniform permission checks for all mount propagation changes (git-fixes). - vhost-scsi: Fix log flooding with target does not exist errors (git-fixes). - vhost-scsi: Return queue full for page alloc failures during copy (git-fixes). - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (git-fixes). - vhost/vsock: Avoid allocating arbitrarily-sized SKBs (git-fixes). - vhost: fail early when __vhost_add_used() fails (git-fixes). - vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page (git-fixes). - vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes). - vsock: Allow retrying on connect() failure (git-fixes). - vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` (git-fixes). - vsock: avoid timeout during connect() if the socket is closing (git-fixes). - watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (git-fixes). - wifi: ath10k: avoid unnecessary wait for service ready message (git-fixes). - wifi: ath11k: HAL SRNG: do not deinitialize and re-initialize again (git-fixes). - wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() (git-fixes). - wifi: ath11k: fix group data packet drops during rekey (git-fixes). - wifi: ath12k: Add MODULE_FIRMWARE() entries (bsc#1250952). - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work (git-fixes). - wifi: cfg80211: fix use-after-free in cmp_bss() (git-fixes). - wifi: cfg80211: remove cfg80211_inform_single_bss_frame_data() (git-fixes). - wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (git-fixes). - wifi: cw1200: cap SSID length in cw1200_do_join() (git-fixes). - wifi: iwlwifi: uefi: check DSM item validity (git-fixes). - wifi: libertas: cap SSID len in lbs_associate() (git-fixes). - wifi: mac80211: fix Rx packet handling when pubsta information is not available (git-fixes). - wifi: mac80211: fix incorrect type for ret (stable-fixes). - wifi: mac80211: increase scan_ies_len for S1G (stable-fixes). - wifi: mt76: fix potential memory leak in mt76_wmac_probe() (git-fixes). - wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() (git-fixes). - wifi: mwifiex: Initialize the chan_stats array to zero (git-fixes). - wifi: mwifiex: send world regulatory domain to driver (git-fixes). - wifi: rtw89: avoid circular locking dependency in ser_state_run() (git-fixes). - wifi: virt_wifi: Fix page fault on connect (stable-fixes). - wifi: wilc1000: avoid buffer overflow in WID string configuration (stable-fixes). - wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn() (git-fixes). - writeback: Avoid contention on wb->list_lock when switching inodes (bsc#1237776). - writeback: Avoid contention on wb->list_lock when switching inodes (kABI fixup) (bsc#1237776). - writeback: Avoid excessively long inode switching times (bsc#1237776). - writeback: Avoid softlockup when switching many inodes (bsc#1237776). - wrt: Regression fix for wrt s2idle on AMD laptops (bsc#1243112). - x86/CPU/AMD: WARN when setting EFER.AUTOIBRS if and only if the WRMSR fails (git-fixes). - x86/Kconfig: Always enable ARCH_SPARSEMEM_ENABLE (git-fixes). - x86/amd_nb: Restrict init function to AMD-based systems (git-fixes). - x86/cpu: Add model number for Intel Clearwater Forest processor (git-fixes). - x86/fpu: Delay instruction pointer fixup until after warning (git-fixes). - x86/microcode/AMD: Handle the case of no BIOS microcode (git-fixes). - x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() (git-fixes). - x86/rdrand: Disable RDSEED on AMD Cyan Skillfish (git-fixes). - xen/gntdev: remove struct gntdev_copy_batch from stack (git-fixes). - xen/netfront: Fix TX response spurious interrupts (git-fixes). - xen: Add support for XenServer 6.1 platform device (git-fixes). - xenbus: Allow PVH dom0 a non-local xenstore (git-fixes). - xfs: rearrange code in xfs_inode_item_precommit (bsc#1237449). - xfs: rework datasync tracking and execution (bsc#1237449). - xhci: Fix control transfer error on Etron xHCI host (git-fixes). - xhci: dbc: Fix full DbC transfer ring after several reconnects (git-fixes). - xhci: fix memory leak regression when freeing xhci vdev devices depth first (git-fixes). - xirc2ps_cs: fix register access when enabling FullDuplex (git-fixes). Important SUSE bug 1012628 SUSE bug 1194869 SUSE bug 1213061 SUSE bug 1213666 SUSE bug 1214073 SUSE bug 1214928 SUSE bug 1214953 SUSE bug 1215150 SUSE bug 1215696 SUSE bug 1216436 SUSE bug 1216976 SUSE bug 1218644 SUSE bug 1220186 SUSE bug 1220419 SUSE bug 1229165 SUSE bug 1230062 SUSE bug 1236897 SUSE bug 1237449 SUSE bug 1237776 SUSE bug 1240324 SUSE bug 1241166 SUSE bug 1241292 SUSE bug 1241866 SUSE bug 1243100 SUSE bug 1243112 SUSE bug 1245193 SUSE bug 1245260 SUSE bug 1245700 SUSE bug 1246057 SUSE bug 1246125 SUSE bug 1246190 SUSE bug 1246248 SUSE bug 1246298 SUSE bug 1246509 SUSE bug 1246782 SUSE bug 1247099 SUSE bug 1247118 SUSE bug 1247126 SUSE bug 1247136 SUSE bug 1247137 SUSE bug 1247223 SUSE bug 1247239 SUSE bug 1247262 SUSE bug 1247442 SUSE bug 1247483 SUSE bug 1247500 SUSE bug 1247963 SUSE bug 1248111 SUSE bug 1248121 SUSE bug 1248192 SUSE bug 1248199 SUSE bug 1248200 SUSE bug 1248202 SUSE bug 1248225 SUSE bug 1248296 SUSE bug 1248334 SUSE bug 1248343 SUSE bug 1248357 SUSE bug 1248360 SUSE bug 1248365 SUSE bug 1248378 SUSE bug 1248380 SUSE bug 1248392 SUSE bug 1248512 SUSE bug 1248610 SUSE bug 1248619 SUSE bug 1248622 SUSE bug 1248626 SUSE bug 1248628 SUSE bug 1248634 SUSE bug 1248639 SUSE bug 1248647 SUSE bug 1248674 SUSE bug 1248681 SUSE bug 1248733 SUSE bug 1248734 SUSE bug 1248735 SUSE bug 1248775 SUSE bug 1248847 SUSE bug 1249122 SUSE bug 1249123 SUSE bug 1249124 SUSE bug 1249125 SUSE bug 1249126 SUSE bug 1249143 SUSE bug 1249156 SUSE bug 1249159 SUSE bug 1249163 SUSE bug 1249164 SUSE bug 1249166 SUSE bug 1249169 SUSE bug 1249170 SUSE bug 1249172 SUSE bug 1249176 SUSE bug 1249177 SUSE bug 1249186 SUSE bug 1249190 SUSE bug 1249194 SUSE bug 1249195 SUSE bug 1249196 SUSE bug 1249199 SUSE bug 1249200 SUSE bug 1249202 SUSE bug 1249203 SUSE bug 1249204 SUSE bug 1249206 SUSE bug 1249215 SUSE bug 1249220 SUSE bug 1249221 SUSE bug 1249254 SUSE bug 1249255 SUSE bug 1249257 SUSE bug 1249258 SUSE bug 1249260 SUSE bug 1249262 SUSE bug 1249263 SUSE bug 1249265 SUSE bug 1249266 SUSE bug 1249271 SUSE bug 1249272 SUSE bug 1249273 SUSE bug 1249278 SUSE bug 1249279 SUSE bug 1249281 SUSE bug 1249282 SUSE bug 1249284 SUSE bug 1249285 SUSE bug 1249288 SUSE bug 1249290 SUSE bug 1249292 SUSE bug 1249295 SUSE bug 1249296 SUSE bug 1249299 SUSE bug 1249300 SUSE bug 1249303 SUSE bug 1249304 SUSE bug 1249305 SUSE bug 1249308 SUSE bug 1249312 SUSE bug 1249315 SUSE bug 1249318 SUSE bug 1249321 SUSE bug 1249323 SUSE bug 1249324 SUSE bug 1249334 SUSE bug 1249338 SUSE bug 1249374 SUSE bug 1249413 SUSE bug 1249479 SUSE bug 1249482 SUSE bug 1249486 SUSE bug 1249488 SUSE bug 1249489 SUSE bug 1249490 SUSE bug 1249494 SUSE bug 1249504 SUSE bug 1249506 SUSE bug 1249508 SUSE bug 1249510 SUSE bug 1249513 SUSE bug 1249515 SUSE bug 1249516 SUSE bug 1249522 SUSE bug 1249523 SUSE bug 1249524 SUSE bug 1249526 SUSE bug 1249533 SUSE bug 1249538 SUSE bug 1249540 SUSE bug 1249542 SUSE bug 1249545 SUSE bug 1249548 SUSE bug 1249554 SUSE bug 1249598 SUSE bug 1249604 SUSE bug 1249608 SUSE bug 1249615 SUSE bug 1249640 SUSE bug 1249641 SUSE bug 1249642 SUSE bug 1249658 SUSE bug 1249662 SUSE bug 1249672 SUSE bug 1249673 SUSE bug 1249677 SUSE bug 1249678 SUSE bug 1249679 SUSE bug 1249682 SUSE bug 1249687 SUSE bug 1249698 SUSE bug 1249707 SUSE bug 1249712 SUSE bug 1249730 SUSE bug 1249756 SUSE bug 1249758 SUSE bug 1249761 SUSE bug 1249762 SUSE bug 1249768 SUSE bug 1249770 SUSE bug 1249774 SUSE bug 1249779 SUSE bug 1249780 SUSE bug 1249785 SUSE bug 1249787 SUSE bug 1249795 SUSE bug 1249815 SUSE bug 1249820 SUSE bug 1249823 SUSE bug 1249824 SUSE bug 1249825 SUSE bug 1249826 SUSE bug 1249833 SUSE bug 1249842 SUSE bug 1249845 SUSE bug 1249849 SUSE bug 1249850 SUSE bug 1249853 SUSE bug 1249856 SUSE bug 1249861 SUSE bug 1249863 SUSE bug 1249864 SUSE bug 1249865 SUSE bug 1249866 SUSE bug 1249869 SUSE bug 1249870 SUSE bug 1249880 SUSE bug 1249883 SUSE bug 1249888 SUSE bug 1249894 SUSE bug 1249896 SUSE bug 1249897 SUSE bug 1249901 SUSE bug 1249911 SUSE bug 1249917 SUSE bug 1249919 SUSE bug 1249923 SUSE bug 1249926 SUSE bug 1249938 SUSE bug 1249949 SUSE bug 1249950 SUSE bug 1249952 SUSE bug 1249975 SUSE bug 1249979 SUSE bug 1249984 SUSE bug 1249988 SUSE bug 1249990 SUSE bug 1249993 SUSE bug 1249994 SUSE bug 1249997 SUSE bug 1250002 SUSE bug 1250004 SUSE bug 1250007 SUSE bug 1250012 SUSE bug 1250022 SUSE bug 1250024 SUSE bug 1250025 SUSE bug 1250028 SUSE bug 1250029 SUSE bug 1250035 SUSE bug 1250049 SUSE bug 1250055 SUSE bug 1250057 SUSE bug 1250058 SUSE bug 1250062 SUSE bug 1250063 SUSE bug 1250065 SUSE bug 1250066 SUSE bug 1250067 SUSE bug 1250069 SUSE bug 1250070 SUSE bug 1250073 SUSE bug 1250074 SUSE bug 1250088 SUSE bug 1250089 SUSE bug 1250106 SUSE bug 1250112 SUSE bug 1250117 SUSE bug 1250120 SUSE bug 1250125 SUSE bug 1250127 SUSE bug 1250128 SUSE bug 1250145 SUSE bug 1250150 SUSE bug 1250156 SUSE bug 1250157 SUSE bug 1250161 SUSE bug 1250163 SUSE bug 1250166 SUSE bug 1250167 SUSE bug 1250171 SUSE bug 1250177 SUSE bug 1250179 SUSE bug 1250180 SUSE bug 1250186 SUSE bug 1250196 SUSE bug 1250198 SUSE bug 1250199 SUSE bug 1250201 SUSE bug 1250203 SUSE bug 1250204 SUSE bug 1250206 SUSE bug 1250208 SUSE bug 1250241 SUSE bug 1250242 SUSE bug 1250243 SUSE bug 1250247 SUSE bug 1250249 SUSE bug 1250251 SUSE bug 1250262 SUSE bug 1250263 SUSE bug 1250266 SUSE bug 1250267 SUSE bug 1250268 SUSE bug 1250275 SUSE bug 1250276 SUSE bug 1250281 SUSE bug 1250290 SUSE bug 1250291 SUSE bug 1250292 SUSE bug 1250294 SUSE bug 1250297 SUSE bug 1250298 SUSE bug 1250313 SUSE bug 1250319 SUSE bug 1250323 SUSE bug 1250325 SUSE bug 1250329 SUSE bug 1250336 SUSE bug 1250337 SUSE bug 1250344 SUSE bug 1250358 SUSE bug 1250365 SUSE bug 1250371 SUSE bug 1250377 SUSE bug 1250384 SUSE bug 1250389 SUSE bug 1250395 SUSE bug 1250397 SUSE bug 1250402 SUSE bug 1250406 SUSE bug 1250407 SUSE bug 1250426 SUSE bug 1250450 SUSE bug 1250459 SUSE bug 1250519 SUSE bug 1250522 SUSE bug 1250530 SUSE bug 1250655 SUSE bug 1250712 SUSE bug 1250713 SUSE bug 1250732 SUSE bug 1250736 SUSE bug 1250741 SUSE bug 1250759 SUSE bug 1250763 SUSE bug 1250765 SUSE bug 1250807 SUSE bug 1250808 SUSE bug 1250809 SUSE bug 1250812 SUSE bug 1250813 SUSE bug 1250815 SUSE bug 1250816 SUSE bug 1250820 SUSE bug 1250823 SUSE bug 1250825 SUSE bug 1250827 SUSE bug 1250830 SUSE bug 1250831 SUSE bug 1250837 SUSE bug 1250841 SUSE bug 1250861 SUSE bug 1250863 SUSE bug 1250867 SUSE bug 1250872 SUSE bug 1250873 SUSE bug 1250878 SUSE bug 1250905 SUSE bug 1250907 SUSE bug 1250917 SUSE bug 1250918 SUSE bug 1250923 SUSE bug 1250926 SUSE bug 1250928 SUSE bug 1250929 SUSE bug 1250930 SUSE bug 1250931 SUSE bug 1250941 SUSE bug 1250942 SUSE bug 1250949 SUSE bug 1250952 SUSE bug 1250957 SUSE bug 1250964 CVE-2023-31248 at SUSE CVE-2023-31248 at NVD CVE-2023-3772 at SUSE CVE-2023-3772 at NVD CVE-2023-39197 at SUSE CVE-2023-39197 at NVD CVE-2023-42753 at SUSE CVE-2023-42753 at NVD CVE-2023-53147 at SUSE CVE-2023-53147 at NVD CVE-2023-53148 at SUSE CVE-2023-53148 at NVD CVE-2023-53150 at SUSE CVE-2023-53150 at NVD CVE-2023-53151 at SUSE CVE-2023-53151 at NVD CVE-2023-53152 at SUSE CVE-2023-53152 at NVD CVE-2023-53165 at SUSE CVE-2023-53165 at NVD CVE-2023-53167 at SUSE CVE-2023-53167 at NVD CVE-2023-53170 at SUSE CVE-2023-53170 at NVD CVE-2023-53174 at SUSE CVE-2023-53174 at NVD CVE-2023-53175 at SUSE CVE-2023-53175 at NVD CVE-2023-53177 at SUSE CVE-2023-53177 at NVD CVE-2023-53179 at SUSE CVE-2023-53179 at NVD CVE-2023-53180 at SUSE CVE-2023-53180 at NVD CVE-2023-53181 at SUSE CVE-2023-53181 at NVD CVE-2023-53183 at SUSE CVE-2023-53183 at NVD CVE-2023-53184 at SUSE CVE-2023-53184 at NVD CVE-2023-53185 at SUSE CVE-2023-53185 at NVD CVE-2023-53187 at SUSE CVE-2023-53187 at NVD CVE-2023-53189 at SUSE CVE-2023-53189 at NVD CVE-2023-53192 at SUSE CVE-2023-53192 at NVD CVE-2023-53195 at SUSE CVE-2023-53195 at NVD CVE-2023-53196 at SUSE CVE-2023-53196 at NVD CVE-2023-53201 at SUSE CVE-2023-53201 at NVD CVE-2023-53204 at SUSE CVE-2023-53204 at NVD CVE-2023-53205 at SUSE CVE-2023-53205 at NVD CVE-2023-53206 at SUSE CVE-2023-53206 at NVD CVE-2023-53207 at SUSE CVE-2023-53207 at NVD CVE-2023-53208 at SUSE CVE-2023-53208 at NVD CVE-2023-53209 at SUSE CVE-2023-53209 at NVD CVE-2023-53210 at SUSE CVE-2023-53210 at NVD CVE-2023-53215 at SUSE CVE-2023-53215 at NVD CVE-2023-53217 at SUSE CVE-2023-53217 at NVD CVE-2023-53220 at SUSE CVE-2023-53220 at NVD CVE-2023-53221 at SUSE CVE-2023-53221 at NVD CVE-2023-53222 at SUSE CVE-2023-53222 at NVD CVE-2023-53226 at SUSE CVE-2023-53226 at NVD CVE-2023-53230 at SUSE CVE-2023-53230 at NVD CVE-2023-53231 at SUSE CVE-2023-53231 at NVD CVE-2023-53235 at SUSE CVE-2023-53235 at NVD CVE-2023-53238 at SUSE CVE-2023-53238 at NVD CVE-2023-53243 at SUSE CVE-2023-53243 at NVD CVE-2023-53245 at SUSE CVE-2023-53245 at NVD CVE-2023-53247 at SUSE CVE-2023-53247 at NVD CVE-2023-53248 at SUSE CVE-2023-53248 at NVD CVE-2023-53249 at SUSE CVE-2023-53249 at NVD CVE-2023-53251 at SUSE CVE-2023-53251 at NVD CVE-2023-53252 at SUSE CVE-2023-53252 at NVD CVE-2023-53255 at SUSE CVE-2023-53255 at NVD CVE-2023-53257 at SUSE CVE-2023-53257 at NVD CVE-2023-53258 at SUSE CVE-2023-53258 at NVD CVE-2023-53260 at SUSE CVE-2023-53260 at NVD CVE-2023-53261 at SUSE CVE-2023-53261 at NVD CVE-2023-53263 at SUSE CVE-2023-53263 at NVD CVE-2023-53264 at SUSE CVE-2023-53264 at NVD CVE-2023-53272 at SUSE CVE-2023-53272 at NVD CVE-2023-53274 at SUSE CVE-2023-53274 at NVD CVE-2023-53275 at SUSE CVE-2023-53275 at NVD CVE-2023-53280 at SUSE CVE-2023-53280 at NVD CVE-2023-53286 at SUSE CVE-2023-53286 at NVD CVE-2023-53287 at SUSE CVE-2023-53287 at NVD CVE-2023-53288 at SUSE CVE-2023-53288 at NVD CVE-2023-53291 at SUSE CVE-2023-53291 at NVD CVE-2023-53292 at SUSE CVE-2023-53292 at NVD CVE-2023-53303 at SUSE CVE-2023-53303 at NVD CVE-2023-53304 at SUSE CVE-2023-53304 at NVD CVE-2023-53305 at SUSE CVE-2023-53305 at NVD CVE-2023-53309 at SUSE CVE-2023-53309 at NVD CVE-2023-53311 at SUSE CVE-2023-53311 at NVD CVE-2023-53312 at SUSE CVE-2023-53312 at NVD CVE-2023-53313 at SUSE CVE-2023-53313 at NVD CVE-2023-53314 at SUSE CVE-2023-53314 at NVD CVE-2023-53316 at SUSE CVE-2023-53316 at NVD CVE-2023-53319 at SUSE CVE-2023-53319 at NVD CVE-2023-53321 at SUSE CVE-2023-53321 at NVD CVE-2023-53322 at SUSE CVE-2023-53322 at NVD CVE-2023-53323 at SUSE CVE-2023-53323 at NVD CVE-2023-53324 at SUSE CVE-2023-53324 at NVD CVE-2023-53325 at SUSE CVE-2023-53325 at NVD CVE-2023-53328 at SUSE CVE-2023-53328 at NVD CVE-2023-53331 at SUSE CVE-2023-53331 at NVD CVE-2023-53333 at SUSE CVE-2023-53333 at NVD CVE-2023-53336 at SUSE CVE-2023-53336 at NVD CVE-2023-53338 at SUSE CVE-2023-53338 at NVD CVE-2023-53339 at SUSE CVE-2023-53339 at NVD CVE-2023-53342 at SUSE CVE-2023-53342 at NVD CVE-2023-53343 at SUSE CVE-2023-53343 at NVD CVE-2023-53350 at SUSE CVE-2023-53350 at NVD CVE-2023-53352 at SUSE CVE-2023-53352 at NVD CVE-2023-53354 at SUSE CVE-2023-53354 at NVD CVE-2023-53356 at SUSE CVE-2023-53356 at NVD CVE-2023-53357 at SUSE CVE-2023-53357 at NVD CVE-2023-53360 at SUSE CVE-2023-53360 at NVD CVE-2023-53362 at SUSE CVE-2023-53362 at NVD CVE-2023-53364 at SUSE CVE-2023-53364 at NVD CVE-2023-53365 at SUSE CVE-2023-53365 at NVD CVE-2023-53367 at SUSE CVE-2023-53367 at NVD CVE-2023-53368 at SUSE CVE-2023-53368 at NVD CVE-2023-53369 at SUSE CVE-2023-53369 at NVD CVE-2023-53370 at SUSE CVE-2023-53370 at NVD CVE-2023-53371 at SUSE CVE-2023-53371 at NVD CVE-2023-53374 at SUSE CVE-2023-53374 at NVD CVE-2023-53377 at SUSE CVE-2023-53377 at NVD CVE-2023-53379 at SUSE CVE-2023-53379 at NVD CVE-2023-53380 at SUSE CVE-2023-53380 at NVD CVE-2023-53384 at SUSE CVE-2023-53384 at NVD CVE-2023-53385 at SUSE CVE-2023-53385 at NVD CVE-2023-53386 at SUSE CVE-2023-53386 at NVD CVE-2023-53391 at SUSE CVE-2023-53391 at NVD CVE-2023-53394 at SUSE CVE-2023-53394 at NVD CVE-2023-53395 at SUSE CVE-2023-53395 at NVD CVE-2023-53397 at SUSE CVE-2023-53397 at NVD CVE-2023-53401 at SUSE CVE-2023-53401 at NVD CVE-2023-53420 at SUSE CVE-2023-53420 at NVD CVE-2023-53421 at SUSE CVE-2023-53421 at NVD CVE-2023-53424 at SUSE CVE-2023-53424 at NVD CVE-2023-53425 at SUSE CVE-2023-53425 at NVD CVE-2023-53426 at SUSE CVE-2023-53426 at NVD CVE-2023-53428 at SUSE CVE-2023-53428 at NVD CVE-2023-53429 at SUSE CVE-2023-53429 at NVD CVE-2023-53432 at SUSE CVE-2023-53432 at NVD CVE-2023-53436 at SUSE CVE-2023-53436 at NVD CVE-2023-53438 at SUSE CVE-2023-53438 at NVD CVE-2023-53441 at SUSE CVE-2023-53441 at NVD CVE-2023-53442 at SUSE CVE-2023-53442 at NVD CVE-2023-53444 at SUSE CVE-2023-53444 at NVD CVE-2023-53446 at SUSE CVE-2023-53446 at NVD CVE-2023-53447 at SUSE CVE-2023-53447 at NVD CVE-2023-53448 at SUSE CVE-2023-53448 at NVD CVE-2023-53451 at SUSE CVE-2023-53451 at NVD CVE-2023-53454 at SUSE CVE-2023-53454 at NVD CVE-2023-53456 at SUSE CVE-2023-53456 at NVD CVE-2023-53457 at SUSE CVE-2023-53457 at NVD CVE-2023-53461 at SUSE CVE-2023-53461 at NVD CVE-2023-53462 at SUSE CVE-2023-53462 at NVD CVE-2023-53463 at SUSE CVE-2023-53463 at NVD CVE-2023-53465 at SUSE CVE-2023-53465 at NVD CVE-2023-53472 at SUSE CVE-2023-53472 at NVD CVE-2023-53479 at SUSE CVE-2023-53479 at NVD CVE-2023-53480 at SUSE CVE-2023-53480 at NVD CVE-2023-53485 at SUSE CVE-2023-53485 at NVD CVE-2023-53487 at SUSE CVE-2023-53487 at NVD CVE-2023-53488 at SUSE CVE-2023-53488 at NVD CVE-2023-53490 at SUSE CVE-2023-53490 at NVD CVE-2023-53491 at SUSE CVE-2023-53491 at NVD CVE-2023-53492 at SUSE CVE-2023-53492 at NVD CVE-2023-53493 at SUSE CVE-2023-53493 at NVD CVE-2023-53495 at SUSE CVE-2023-53495 at NVD CVE-2023-53496 at SUSE CVE-2023-53496 at NVD CVE-2023-53500 at SUSE CVE-2023-53500 at NVD CVE-2023-53501 at SUSE CVE-2023-53501 at NVD CVE-2023-53504 at SUSE CVE-2023-53504 at NVD CVE-2023-53505 at SUSE CVE-2023-53505 at NVD CVE-2023-53507 at SUSE CVE-2023-53507 at NVD CVE-2023-53508 at SUSE CVE-2023-53508 at NVD CVE-2023-53510 at SUSE CVE-2023-53510 at NVD CVE-2023-53515 at SUSE CVE-2023-53515 at NVD CVE-2023-53516 at SUSE CVE-2023-53516 at NVD CVE-2023-53518 at SUSE CVE-2023-53518 at NVD CVE-2023-53519 at SUSE CVE-2023-53519 at NVD CVE-2023-53520 at SUSE CVE-2023-53520 at NVD CVE-2023-53523 at SUSE CVE-2023-53523 at NVD CVE-2023-53526 at SUSE CVE-2023-53526 at NVD CVE-2023-53527 at SUSE CVE-2023-53527 at NVD CVE-2023-53528 at SUSE CVE-2023-53528 at NVD CVE-2023-53530 at SUSE CVE-2023-53530 at NVD CVE-2023-53531 at SUSE CVE-2023-53531 at NVD CVE-2024-26584 at SUSE CVE-2024-26584 at NVD CVE-2024-58090 at SUSE CVE-2024-58090 at NVD CVE-2024-58240 at SUSE CVE-2024-58240 at NVD CVE-2025-22022 at SUSE CVE-2025-22022 at NVD CVE-2025-38119 at SUSE CVE-2025-38119 at NVD CVE-2025-38234 at SUSE CVE-2025-38234 at NVD CVE-2025-38255 at SUSE CVE-2025-38255 at NVD CVE-2025-38263 at SUSE CVE-2025-38263 at NVD CVE-2025-38351 at SUSE CVE-2025-38351 at NVD CVE-2025-38402 at SUSE CVE-2025-38402 at NVD CVE-2025-38408 at SUSE CVE-2025-38408 at NVD CVE-2025-38418 at SUSE CVE-2025-38418 at NVD CVE-2025-38419 at SUSE CVE-2025-38419 at NVD CVE-2025-38456 at SUSE CVE-2025-38456 at NVD CVE-2025-38465 at SUSE CVE-2025-38465 at NVD CVE-2025-38466 at SUSE CVE-2025-38466 at NVD CVE-2025-38488 at SUSE CVE-2025-38488 at NVD CVE-2025-38514 at SUSE CVE-2025-38514 at NVD CVE-2025-38526 at SUSE CVE-2025-38526 at NVD CVE-2025-38527 at SUSE CVE-2025-38527 at NVD CVE-2025-38533 at SUSE CVE-2025-38533 at NVD CVE-2025-38544 at SUSE CVE-2025-38544 at NVD CVE-2025-38556 at SUSE CVE-2025-38556 at NVD CVE-2025-38574 at SUSE CVE-2025-38574 at NVD CVE-2025-38584 at SUSE CVE-2025-38584 at NVD CVE-2025-38590 at SUSE CVE-2025-38590 at NVD CVE-2025-38593 at SUSE CVE-2025-38593 at NVD CVE-2025-38595 at SUSE CVE-2025-38595 at NVD CVE-2025-38597 at SUSE CVE-2025-38597 at NVD CVE-2025-38605 at SUSE CVE-2025-38605 at NVD CVE-2025-38614 at SUSE CVE-2025-38614 at NVD CVE-2025-38616 at SUSE CVE-2025-38616 at NVD CVE-2025-38622 at SUSE CVE-2025-38622 at NVD CVE-2025-38623 at SUSE CVE-2025-38623 at NVD CVE-2025-38639 at SUSE CVE-2025-38639 at NVD CVE-2025-38640 at SUSE CVE-2025-38640 at NVD CVE-2025-38643 at SUSE CVE-2025-38643 at NVD CVE-2025-38645 at SUSE CVE-2025-38645 at NVD CVE-2025-38659 at SUSE CVE-2025-38659 at NVD CVE-2025-38660 at SUSE CVE-2025-38660 at NVD CVE-2025-38664 at SUSE CVE-2025-38664 at NVD CVE-2025-38668 at SUSE CVE-2025-38668 at NVD CVE-2025-38676 at SUSE CVE-2025-38676 at NVD CVE-2025-38678 at SUSE CVE-2025-38678 at NVD CVE-2025-38679 at SUSE CVE-2025-38679 at NVD CVE-2025-38680 at SUSE CVE-2025-38680 at NVD CVE-2025-38681 at SUSE CVE-2025-38681 at NVD CVE-2025-38683 at SUSE CVE-2025-38683 at NVD CVE-2025-38684 at SUSE CVE-2025-38684 at NVD CVE-2025-38685 at SUSE CVE-2025-38685 at NVD CVE-2025-38687 at SUSE CVE-2025-38687 at NVD CVE-2025-38691 at SUSE CVE-2025-38691 at NVD CVE-2025-38692 at SUSE CVE-2025-38692 at NVD CVE-2025-38693 at SUSE CVE-2025-38693 at NVD CVE-2025-38694 at SUSE CVE-2025-38694 at NVD CVE-2025-38695 at SUSE CVE-2025-38695 at NVD CVE-2025-38697 at SUSE CVE-2025-38697 at NVD CVE-2025-38698 at SUSE CVE-2025-38698 at NVD CVE-2025-38701 at SUSE CVE-2025-38701 at NVD CVE-2025-38702 at SUSE CVE-2025-38702 at NVD CVE-2025-38705 at SUSE CVE-2025-38705 at NVD CVE-2025-38706 at SUSE CVE-2025-38706 at NVD CVE-2025-38709 at SUSE CVE-2025-38709 at NVD CVE-2025-38712 at SUSE CVE-2025-38712 at NVD CVE-2025-38713 at SUSE CVE-2025-38713 at NVD CVE-2025-38714 at SUSE CVE-2025-38714 at NVD CVE-2025-38715 at SUSE CVE-2025-38715 at NVD CVE-2025-38721 at SUSE CVE-2025-38721 at NVD CVE-2025-38722 at SUSE CVE-2025-38722 at NVD CVE-2025-38724 at SUSE CVE-2025-38724 at NVD CVE-2025-38725 at SUSE CVE-2025-38725 at NVD CVE-2025-38727 at SUSE CVE-2025-38727 at NVD CVE-2025-38729 at SUSE CVE-2025-38729 at NVD CVE-2025-38730 at SUSE CVE-2025-38730 at NVD CVE-2025-38732 at SUSE CVE-2025-38732 at NVD CVE-2025-38734 at SUSE CVE-2025-38734 at NVD CVE-2025-38735 at SUSE CVE-2025-38735 at NVD CVE-2025-38736 at SUSE CVE-2025-38736 at NVD CVE-2025-39675 at SUSE CVE-2025-39675 at NVD CVE-2025-39677 at SUSE CVE-2025-39677 at NVD CVE-2025-39678 at SUSE CVE-2025-39678 at NVD CVE-2025-39679 at SUSE CVE-2025-39679 at NVD CVE-2025-39681 at SUSE CVE-2025-39681 at NVD CVE-2025-39682 at SUSE CVE-2025-39682 at NVD CVE-2025-39684 at SUSE CVE-2025-39684 at NVD CVE-2025-39685 at SUSE CVE-2025-39685 at NVD CVE-2025-39686 at SUSE CVE-2025-39686 at NVD CVE-2025-39691 at SUSE CVE-2025-39691 at NVD CVE-2025-39693 at SUSE CVE-2025-39693 at NVD CVE-2025-39694 at SUSE CVE-2025-39694 at NVD CVE-2025-39701 at SUSE CVE-2025-39701 at NVD CVE-2025-39703 at SUSE CVE-2025-39703 at NVD CVE-2025-39705 at SUSE CVE-2025-39705 at NVD CVE-2025-39706 at SUSE CVE-2025-39706 at NVD CVE-2025-39709 at SUSE CVE-2025-39709 at NVD CVE-2025-39710 at SUSE CVE-2025-39710 at NVD CVE-2025-39713 at SUSE CVE-2025-39713 at NVD CVE-2025-39714 at SUSE CVE-2025-39714 at NVD CVE-2025-39718 at SUSE CVE-2025-39718 at NVD CVE-2025-39719 at SUSE CVE-2025-39719 at NVD CVE-2025-39721 at SUSE CVE-2025-39721 at NVD CVE-2025-39724 at SUSE CVE-2025-39724 at NVD CVE-2025-39726 at SUSE CVE-2025-39726 at NVD CVE-2025-39730 at SUSE CVE-2025-39730 at NVD CVE-2025-39732 at SUSE CVE-2025-39732 at NVD CVE-2025-39738 at SUSE CVE-2025-39738 at NVD CVE-2025-39739 at SUSE CVE-2025-39739 at NVD CVE-2025-39742 at SUSE CVE-2025-39742 at NVD CVE-2025-39743 at SUSE CVE-2025-39743 at NVD CVE-2025-39744 at SUSE CVE-2025-39744 at NVD CVE-2025-39746 at SUSE CVE-2025-39746 at NVD CVE-2025-39749 at SUSE CVE-2025-39749 at NVD CVE-2025-39750 at SUSE CVE-2025-39750 at NVD CVE-2025-39751 at SUSE CVE-2025-39751 at NVD CVE-2025-39754 at SUSE CVE-2025-39754 at NVD CVE-2025-39757 at SUSE CVE-2025-39757 at NVD CVE-2025-39758 at SUSE CVE-2025-39758 at NVD CVE-2025-39759 at SUSE CVE-2025-39759 at NVD CVE-2025-39760 at SUSE CVE-2025-39760 at NVD CVE-2025-39761 at SUSE CVE-2025-39761 at NVD CVE-2025-39763 at SUSE CVE-2025-39763 at NVD CVE-2025-39764 at SUSE CVE-2025-39764 at NVD CVE-2025-39766 at SUSE CVE-2025-39766 at NVD CVE-2025-39770 at SUSE CVE-2025-39770 at NVD CVE-2025-39772 at SUSE CVE-2025-39772 at NVD CVE-2025-39773 at SUSE CVE-2025-39773 at NVD CVE-2025-39782 at SUSE CVE-2025-39782 at NVD CVE-2025-39783 at SUSE CVE-2025-39783 at NVD CVE-2025-39787 at SUSE CVE-2025-39787 at NVD CVE-2025-39790 at SUSE CVE-2025-39790 at NVD CVE-2025-39797 at SUSE CVE-2025-39797 at NVD CVE-2025-39798 at SUSE CVE-2025-39798 at NVD CVE-2025-39800 at SUSE CVE-2025-39800 at NVD CVE-2025-39801 at SUSE CVE-2025-39801 at NVD CVE-2025-39806 at SUSE CVE-2025-39806 at NVD CVE-2025-39808 at SUSE CVE-2025-39808 at NVD CVE-2025-39810 at SUSE CVE-2025-39810 at NVD CVE-2025-39823 at SUSE CVE-2025-39823 at NVD CVE-2025-39824 at SUSE CVE-2025-39824 at NVD CVE-2025-39825 at SUSE CVE-2025-39825 at NVD CVE-2025-39826 at SUSE CVE-2025-39826 at NVD CVE-2025-39827 at SUSE CVE-2025-39827 at NVD CVE-2025-39832 at SUSE CVE-2025-39832 at NVD CVE-2025-39833 at SUSE CVE-2025-39833 at NVD CVE-2025-39835 at SUSE CVE-2025-39835 at NVD CVE-2025-39838 at SUSE CVE-2025-39838 at NVD CVE-2025-39839 at SUSE CVE-2025-39839 at NVD CVE-2025-39842 at SUSE CVE-2025-39842 at NVD CVE-2025-39844 at SUSE CVE-2025-39844 at NVD CVE-2025-39845 at SUSE CVE-2025-39845 at NVD CVE-2025-39846 at SUSE CVE-2025-39846 at NVD CVE-2025-39847 at SUSE CVE-2025-39847 at NVD CVE-2025-39848 at SUSE CVE-2025-39848 at NVD CVE-2025-39849 at SUSE CVE-2025-39849 at NVD CVE-2025-39850 at SUSE CVE-2025-39850 at NVD CVE-2025-39853 at SUSE CVE-2025-39853 at NVD CVE-2025-39854 at SUSE CVE-2025-39854 at NVD CVE-2025-39857 at SUSE CVE-2025-39857 at NVD CVE-2025-39860 at SUSE CVE-2025-39860 at NVD CVE-2025-39861 at SUSE CVE-2025-39861 at NVD CVE-2025-39863 at SUSE CVE-2025-39863 at NVD CVE-2025-39864 at SUSE CVE-2025-39864 at NVD CVE-2025-39865 at SUSE CVE-2025-39865 at NVD CVE-2025-39869 at SUSE CVE-2025-39869 at NVD CVE-2025-39870 at SUSE CVE-2025-39870 at NVD CVE-2025-39871 at SUSE CVE-2025-39871 at NVD CVE-2025-39873 at SUSE CVE-2025-39873 at NVD CVE-2025-39882 at SUSE CVE-2025-39882 at NVD CVE-2025-39885 at SUSE CVE-2025-39885 at NVD CVE-2025-39889 at SUSE CVE-2025-39889 at NVD CVE-2025-39891 at SUSE CVE-2025-39891 at NVD CVE-2025-39907 at SUSE CVE-2025-39907 at NVD CVE-2025-39920 at SUSE CVE-2025-39920 at NVD CVE-2025-39923 at SUSE CVE-2025-39923 at NVD CVE-2025-39925 at SUSE CVE-2025-39925 at NVD CVE-2025-40300 at SUSE CVE-2025-40300 at NVD cpe:/o:opensuse:leap:15.6 Security update for squid (Important) openSUSE Leap 15.6 This update for squid fixes the following issues: - CVE-2025-59362: fixed buffer overflow (bsc#1250627) Important SUSE bug 1250627 CVE-2025-59362 at SUSE CVE-2025-59362 at NVD cpe:/o:opensuse:leap:15.6 Security update for samba (Critical) openSUSE Leap 15.6 This update for samba fixes the following issues: - CVE-2025-9640: Fixed uninitialized memory disclosure via vfs_streams_xattr (bsc#1251279). - CVE-2025-10230: Fixed command Injection in WINS server hook script (bsc#1251280). Critical SUSE bug 1251279 SUSE bug 1251280 CVE-2025-10230 at SUSE CVE-2025-10230 at NVD CVE-2025-9640 at SUSE CVE-2025-9640 at NVD cpe:/o:opensuse:leap:15.6 Security update for expat (Important) openSUSE Leap 15.6 This update for expat fixes the following issues: - CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations by submitting crafted XML input (bsc#1249584). Important SUSE bug 1249584 CVE-2025-59375 at SUSE CVE-2025-59375 at NVD cpe:/o:opensuse:leap:15.6 Security update for pgadmin4 (Important) openSUSE Leap 15.6 This update for pgadmin4 fixes the following issues: - CVE-2025-9636: Fixed cross-origin opener policy (COOP) vulnerability (bsc#1249151). Important SUSE bug 1249151 CVE-2025-9636 at SUSE CVE-2025-9636 at NVD cpe:/o:opensuse:leap:15.6 Security update for gstreamer-plugins-rs (Important) openSUSE Leap 15.6 This update for gstreamer-plugins-rs fixes the following issues: Update to version 0.12.11 (jsc#PED-13826): - CVE-2024-32650: Fixed infinite loop in rustls::conn::ConnectionCommon:complete_io() with proper client input (bsc#1223219). Important SUSE bug 1223219 CVE-2024-32650 at SUSE CVE-2024-32650 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-53261: coresight: Fix memory leak in acpi_buffer->pointer (bsc#1249770). - CVE-2024-46733: btrfs: fix qgroup reserve leaks in cow_file_range (bsc#1230708). - CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156). - CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabled (bsc#1240324). - CVE-2025-22022: usb: xhci: Apply the link chain quirk on NEC isoc endpoints (bsc#1241292). - CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960). - CVE-2025-38006: net: mctp: Do not access ifa_index when missing (bsc#1244930). - CVE-2025-38075: scsi: target: iscsi: Fix timeout on deleted connection (bsc#1244734). - CVE-2025-38103: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (bsc#1245663). - CVE-2025-38119: scsi: core: ufs: Fix a hang in the error handler (bsc#1245700). - CVE-2025-38125: net: stmmac: make sure that ptp_rate is not 0 before configuring EST (bsc#1245710). - CVE-2025-38146: net: openvswitch: Fix the dead loop of MPLS parse (bsc#1245767). - CVE-2025-38160: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() (bsc#1245780). - CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956). - CVE-2025-38185: atm: atmtcp: Free invalid length skb in atmtcp_c_send() (bsc#1246012). - CVE-2025-38190: atm: Revert atm_account_tx() if copy_from_iter_full() fails (bsc#1245973). - CVE-2025-38201: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX (bsc#1245977). - CVE-2025-38205: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 (bsc#1246005). - CVE-2025-38208: smb: client: add NULL check in automount_fullpath (bsc#1245815). - CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057). - CVE-2025-38245: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister() (bsc#1246193). - CVE-2025-38251: atm: clip: prevent NULL deref in clip_push() (bsc#1246181). - CVE-2025-38263: bcache: fix NULL pointer in cache_set_flush() (bsc#1246248). - CVE-2025-38351: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (bsc#1246782). - CVE-2025-38360: drm/amd/display: Add more checks for DSC / HUBP ONO guarantees (bsc#1247078). - CVE-2025-38402: idpf: return 0 size for RSS key if not supported (bsc#1247262). - CVE-2025-38408: genirq/irq_sim: Initialize work context pointers properly (bsc#1247126). - CVE-2025-38418: remoteproc: core: Release rproc->clean_table after rproc_attach() fails (bsc#1247137). - CVE-2025-38419: remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() (bsc#1247136). - CVE-2025-38439: bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (bsc#1247155). - CVE-2025-38441: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (bsc#1247167). - CVE-2025-38444: raid10: cleanup memleak at raid10_make_request (bsc#1247162). - CVE-2025-38445: md/raid1: Fix stack memory use after return in raid1_reshape (bsc#1247229). - CVE-2025-38456: ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() (bsc#1247099). - CVE-2025-38458: atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (bsc#1247116). - CVE-2025-38459: atm: clip: Fix infinite recursive call of clip_push() (bsc#1247119). - CVE-2025-38464: tipc: Fix use-after-free in tipc_conn_close() (bsc#1247112). - CVE-2025-38466: perf: Revert to requiring CAP_SYS_ADMIN for uprobes (bsc#1247442). - CVE-2025-38472: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (bsc#1247313). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38490: net: libwx: remove duplicate page_pool_put_full_page() (bsc#1247243). - CVE-2025-38491: mptcp: make fallback action and fallback decision atomic (bsc#1247280). - CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976). - CVE-2025-38500: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (bsc#1248088). - CVE-2025-38506: KVM: Allow CPU to reschedule while setting per-page memory attributes (bsc#1248186). - CVE-2025-38514: rxrpc: Fix oops due to non-existence of prealloc backlog struct (bsc#1248202). - CVE-2025-38520: drm/amdkfd: Do not call mmput from MMU notifier callback (bsc#1248217). - CVE-2025-38524: rxrpc: Fix recv-recv race of completed call (bsc#1248194). - CVE-2025-38526: ice: add NULL check in eswitch lag check (bsc#1248192). - CVE-2025-38527: smb: client: fix use-after-free in cifs_oplock_break (bsc#1248199). - CVE-2025-38528: bpf: Reject %p% format string in bprintf-like helpers (bsc#1248198). - CVE-2025-38531: iio: common: st_sensors: Fix use of uninitialize device structs (bsc#1248205). - CVE-2025-38533: net: libwx: fix the using of Rx buffer DMA (bsc#1248200). - CVE-2025-38544: rxrpc: Fix bug due to prealloc collision (bsc#1248225). - CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223). - CVE-2025-38556: HID: core: Harden s32ton() against conversion to 0 bits (bsc#1248296). - CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312). - CVE-2025-38574: pptp: ensure minimal skb length in pptp_xmit() (bsc#1248365). - CVE-2025-38584: padata: Fix pd UAF once and for all (bsc1248343). - CVE-2025-38585: staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() (bsc#1248355). - CVE-2025-38590: net/mlx5e: Remove skb secpath if xfrm state is not found (bsc#1248360). - CVE-2025-38591: bpf: Reject narrower access to pointer ctx fields (bsc#1248363). - CVE-2025-38593: kABI workaround for bluetooth discovery_state change (bsc#1248357). - CVE-2025-38595: xen: fix UAF in dmabuf_exp_from_pages() (bsc#1248380). - CVE-2025-38597: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port (bsc#1248378). - CVE-2025-38605: wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (bsc#1248334). - CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338). - CVE-2025-38614: eventpoll: Fix semi-unbounded recursion (bsc#1248392). - CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1248512). - CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511). - CVE-2025-38622: net: drop UFO packets in udp_rcv_segment() (bsc#1248619). - CVE-2025-38623: PCI: pnv_php: Fix surprise plug detection and recovery (bsc#1248610). - CVE-2025-38639: netfilter: xt_nfacct: do not assume acct name is null-terminated (bsc#1248674). - CVE-2025-38640: bpf: Disable migration in nf_hook_run_bpf() (bsc#1248622). - CVE-2025-38643: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (bsc#1248681). - CVE-2025-38645: net/mlx5: Check device memory pointer before usage (bsc#1248626). - CVE-2025-38659: gfs2: No more self recovery (bsc#1248639). - CVE-2025-38660: [ceph] parse_longname(): strrchr() expects NUL-terminated string (bsc#1248634). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38668: regulator: core: fix NULL dereference on unbind due to stale coupling data (bsc#1248647). - CVE-2025-38676: iommu/amd: Avoid stack buffer overflow from kernel cmdline (bsc#1248775). - CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126). - CVE-2025-38679: media: venus: Fix OOB read due to missing payload bound check (bsc#1249202). - CVE-2025-38684: net/sched: ets: use old 'nbands' while purging unused classes (bsc#1249156). - CVE-2025-38701: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (bsc#1249258). - CVE-2025-38705: drm/amd/pm: fix null pointer access (bsc#1249334). - CVE-2025-38709: loop: Avoid updating block size under exclusive owner (bsc#1249199). - CVE-2025-38721: netfilter: ctnetlink: fix refcount leak on table dump (bsc#1249176). - CVE-2025-38722: habanalabs: fix UAF in export_dmabuf() (bsc#1249163). - CVE-2025-38730: io_uring/net: commit partial buffers on retry (bsc#1249172). - CVE-2025-38732: netfilter: nf_reject: do not leak dst refcount for loopback packets (bsc#1249262). - CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324). - CVE-2025-38735: gve: prevent ethtool ops after shutdown (bsc#1249288). - CVE-2025-39677: net/sched: Fix backlog accounting in qdisc_dequeue_internal (bsc#1249300). - CVE-2025-39678: platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (bsc#1249290). - CVE-2025-39681: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper (bsc#1249303). - CVE-2025-39682: tls: fix handling of zero-length records on the rx_list (bsc#1249284). - CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374). - CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315). - CVE-2025-39705: drm/amd/display: fix a Null pointer dereference vulnerability (bsc#1249295). - CVE-2025-39718: vsock/virtio: Validate length in packet header before skb_put() (bsc#1249305). - CVE-2025-39738: btrfs: do not allow relocation of partially dropped subvolumes (bsc#1249540). - CVE-2025-39744: rcu: Fix rcu_read_unlock() deadloop due to IRQ work (bsc#1249494). - CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516). - CVE-2025-39749: rcu: Protect ->defer_qs_iw_pending from data race (bsc#1249533). - CVE-2025-39754: mm/smaps: fix race between smaps_hugetlb_range and migration (bsc#1249524). - CVE-2025-39764: netfilter: ctnetlink: remove refcounting in expectation dumpers (bsc#1249513). - CVE-2025-39766: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (bsc#1249510). - CVE-2025-39770: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM (bsc#1249508). - CVE-2025-39773: net: bridge: fix soft lockup in br_multicast_query_expired() (bsc#1249504). - CVE-2025-39782: jbd2: prevent softlockup in jbd2_log_do_checkpoint() (bsc#1249526). - CVE-2025-39787: soc: qcom: mdt_loader: Deal with zero e_shentsize (bsc#1249545). - CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608). - CVE-2025-39810: bnxt_en: Fix memory corruption when FW resources change during ifdown (bsc#1249975). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). - CVE-2025-39825: smb: client: fix race with concurrent opens in rename(2) (bsc#1250179). - CVE-2025-39828: kABI workaround for struct atmdev_ops extension (bsc#1250205). - CVE-2025-39832: net/mlx5: Fix lockdep assertion on sync reset unload event (bsc#1249901). - CVE-2025-39835: xfs: do not propagate ENODATA disk errors into xattr code (bsc#1250025). - CVE-2025-39838: cifs: prevent NULL pointer dereference in UTF16 conversion (bsc#1250365). - CVE-2025-39842: ocfs2: prevent release journal inode after journal shutdown (bsc#1250267). - CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292). - CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276). - CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275). - CVE-2025-39854: ice: fix NULL access of tx->in_use in ice_ll_ts_intr (bsc#1250297). - CVE-2025-39857: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() (bsc#1250251). - CVE-2025-39865: tee: fix NULL pointer dereference in tee_shm_put (bsc#1250294). - CVE-2025-39885: ocfs2: fix recursive semaphore deadlock in fiemap call (bsc#1250407). - CVE-2025-40300: x86/vmscape: Warn when STIBP is disabled with SMT (bsc#1247483). The following non-security bugs were fixed: - 9p/xen: fix init sequence (git-fixes). - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes). - ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered (stable-fixes). - ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list (stable-fixes). - ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message (git-fixes). - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (git-fixes). - ACPI: debug: fix signedness issues in read/write helpers (git-fixes). - ACPI: pfr_update: Fix the driver update version check (git-fixes). - ACPI: processor: fix acpi_object initialization (stable-fixes). - ACPI: processor: idle: Fix memory leak when register cpuidle device failed (git-fixes). - ACPI: processor: perflib: Move problematic pr->performance check (git-fixes). - ACPI: property: Fix buffer properties extraction for subnodes (git-fixes). - ACPICA: Fix largest possible resource descriptor index (git-fixes). - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (stable-fixes). - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (stable-fixes). - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (stable-fixes). - ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup (stable-fixes). - ALSA: hda/realtek: Add ALC295 Dell TAS2781 I2C fixup (git-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks (stable-fixes). - ALSA: hda/realtek: Add support for HP Agusta using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 (stable-fixes). - ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again (git-fixes). - ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY (stable-fixes). - ALSA: hda/realtek: Fix headset mic on ASUS Zenbook 14 (git-fixes). - ALSA: hda/realtek: Fix headset mic on HONOR BRB-X (stable-fixes). - ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx (stable-fixes). - ALSA: hda: Disable jack polling at shutdown (stable-fixes). - ALSA: hda: Handle the jack polling always via a work (stable-fixes). - ALSA: hda: intel-dsp-config: Prevent SEGFAULT if ACPI_HANDLE() is NULL (git-fixes). - ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 (stable-fixes). - ALSA: lx_core: use int type to store negative error codes (git-fixes). - ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop (stable-fixes). - ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (git-fixes). - ALSA: usb-audio: Add DSD support for Comtrue USB Audio device (stable-fixes). - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on more devices (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on some devices (stable-fixes). - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros (stable-fixes). - ALSA: usb-audio: Convert comma to semicolon (git-fixes). - ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix block comments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix build with CONFIG_INPUT=n (git-fixes). - ALSA: usb-audio: Fix size validation in convert_chmap_v3() (git-fixes). - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (stable-fixes). - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (stable-fixes). - ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation (git-fixes). - ALSA: usb-audio: Validate UAC3 cluster segment descriptors (git-fixes). - ALSA: usb-audio: Validate UAC3 power domain descriptors, too (git-fixes). - ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free (git-fixes). - ALSA: usb-audio: move mixer_quirks' min_mute into common quirk (stable-fixes). - ASoC: Intel: avs: Fix uninitialized pointer error in probe() (stable-fixes). - ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: fix SND_SOC_SOF dependencies (stable-fixes). - ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (git-fixes). - ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx (stable-fixes). - ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx (stable-fixes). - ASoC: amd: yc: add DMI quirk for ASUS M6501RM (stable-fixes). - ASoC: codecs: rt5640: Retry DEVICE_ID verification (stable-fixes). - ASoC: codecs: tx-macro: correct tx_macro_component_drv name (stable-fixes). - ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (stable-fixes). - ASoC: hdac_hdmi: Rate limit logging on connection and disconnection (stable-fixes). - ASoC: imx-hdmi: remove cpu_pdev related code (git-fixes). - ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface (git-fixes). - ASoC: qcom: audioreach: fix potential null pointer dereference (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S (git-fixes). - ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed (stable-fixes). - ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() (git-fixes). - ASoC: wm8940: Correct PLL rate rounding (git-fixes). - ASoC: wm8940: Correct typo in control name (git-fixes). - ASoC: wm8974: Correct PLL rate rounding (git-fixes). - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (git-fixes). - Bluetooth: ISO: Fix possible UAF on iso_conn_free (git-fixes). - Bluetooth: ISO: do not leak skb in ISO_CONT RX (git-fixes). - Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO (git-fixes). - Bluetooth: MGMT: Fix possible UAFs (git-fixes). - Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer TX10UB Nano (stable-fixes). - Bluetooth: compute LE flow credits based on recvbuf space (git-fixes). - Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() (git-fixes). - Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced (git-fixes). - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (git-fixes). - Bluetooth: hci_event: Mark connection as closed during suspend disconnect (git-fixes). - Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success (git-fixes). - Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established (git-fixes). - Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() (stable-fixes). - Bluetooth: hci_sync: Avoid adding default advertising on startup (stable-fixes). - Bluetooth: hci_sync: Fix hci_resume_advertising_sync (git-fixes). - Bluetooth: hci_sync: fix set_local_name race condition (git-fixes). - Bluetooth: qca: fix invalid device address check (git-fixes). - Bluetooth: qca: fix wcn3991 device address check (git-fixes). - Bluetooth: vhci: Prevent use-after-free by removing debugfs files early (git-fixes). - CONFIG & no reference -> OK temporarily, must be resolved eventually - Correct typos of References tags in some patches - Do not self obsolete older kernel variants - Drivers: hv: Always select CONFIG_SYSFB for Hyper-V guests (git-fixes). - Drivers: hv: Select CONFIG_SYSFB only if EFI is enabled (git-fixes). - EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller (git-fixes). - HID: asus: fix UAF via HID_CLAIMED_INPUT validation (git-fixes). - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (stable-fixes). - HID: input: rename hidinput_set_battery_charge_status() (stable-fixes). - HID: input: report battery status changes immediately (git-fixes). - HID: intel-ish-ipc: Remove redundant ready check after timeout function (git-fixes). - HID: mcp2221: Do not set bus speed on every transfer (stable-fixes). - HID: mcp2221: Handle reads greater than 60 bytes (stable-fixes). - HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (git-fixes). - HID: quirks: add support for Legion Go dual dinput modes (stable-fixes). - HID: wacom: Add a new Art Pen 2 (stable-fixes). - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (git-fixes) - IB/sa: Fix sa_local_svc_timeout_ms read race (git-fixes) - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table (stable-fixes). - Input: iqs7222 - avoid enabling unused interrupts (stable-fixes). - KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs (git-fixes). - KVM: SVM: Disable interception of SPEC_CTRL iff the MSR exists for the guest (git-fixes). - KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active (git-fixes). - KVM: VMX: Extract checking of guest's DEBUGCTL into helper (git-fixes). - KVM: VMX: Flush shadow VMCS on emergency reboot (git-fixes). - KVM: VMX: Handle KVM-induced preemption timer exits in fastpath for L2 (git-fixes). - KVM: VMX: Handle forced exit due to preemption timer in fastpath (git-fixes). - KVM: VMX: Re-enter guest in fastpath for 'spurious' preemption timer exits (git-fixes). - KVM: arm64: vgic: fix incorrect spinlock API usage (git-fixes). - KVM: s390: Fix incorrect usage of mmu_notifier_register() (git-fixes bsc#1250336). - KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table (git-fixes). - KVM: x86: Drop pending_smi vs. INIT_RECEIVED check when setting MP_STATE (git-fixes). - KVM: x86: Fully defer to vendor code to decide how to force immediate exit (git-fixes). - KVM: x86: Move handling of is_guest_mode() into fastpath exit handlers (git-fixes). - KVM: x86: Plumb 'force_immediate_exit' into kvm_entry() tracepoint (git-fixes). - KVM: x86: avoid underflow when scaling TSC frequency (git-fixes). - Limit patch filenames to 100 characters (bsc#1249604). - Move pesign-obs-integration requirement from kernel-syms to kernel devel subpackage (bsc#1248108). - NFSv4.1: fix backchannel max_resp_sz verification check (git-fixes). - NFSv4/flexfiles: Fix layout merge mirror check (git-fixes). - NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set (git-fixes). - NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server (git-fixes). - NFSv4: Do not clear capabilities that won't be reset (git-fixes). - PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes). - PCI/AER: Fix missing uevent on recovery when a reset is requested (git-fixes). - PCI/ERR: Fix uevent on failure to recover (git-fixes). - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (git-fixes). - PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge (git-fixes). - PCI/sysfs: Ensure devices are powered for config reads (git-fixes). - PCI: Add ACS quirk for Loongson PCIe (git-fixes). - PCI: Extend isolated function probing to LoongArch (git-fixes). - PCI: Support Immediate Readiness on devices without PM capabilities (git-fixes). - PCI: apple: Fix missing OF node reference in apple_pcie_setup_port (git-fixes). - PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features (git-fixes). - PCI: imx6: Delay link start until configfs 'start' written (git-fixes). - PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset (git-fixes). - PCI: keystone: Use devm_request_irq() to free 'ks-pcie-error-irq' on exit (git-fixes). - PCI: pnv_php: Clean up allocated IRQs on unplug (bsc#1215199). - PCI: pnv_php: Work around switches with broken presence detection (bsc#1215199). - PCI: rcar-host: Drop PMSR spinlock (git-fixes). - PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining (git-fixes). - PCI: rockchip: Use standard PCIe definitions (git-fixes). - PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() (git-fixes). - PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert() (git-fixes). - PCI: tegra194: Handle errors in BPMP response (git-fixes). - PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock (git-fixes). - PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation (git-fixes). - PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() (stable-fixes). - PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() (git-fixes). - PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() (stable-fixes). - PM: sleep: console: Fix the black screen issue (stable-fixes). - PM: sleep: core: Clear power.must_resume in noirq suspend error path (git-fixes). - RAS/AMD/ATL: Include row bit in row retirement (bsc#1242034). - RAS/AMD/FMPM: Get masked address (bsc#1242034). - RAS/AMD/FMPM: Use atl internal.h for INVALID_SPA (bsc#1242034). - RDMA/bnxt_re: Fix a possible memory leak in the driver (git-fixes) - RDMA/bnxt_re: Fix to do SRQ armena by default (git-fixes) - RDMA/bnxt_re: Fix to initialize the PBL array (git-fixes) - RDMA/bnxt_re: Fix to remove workload check in SRQ limit path (git-fixes) - RDMA/cm: Rate limit destroy CM ID timeout error message (git-fixes) - RDMA/core: Resolve MAC of next-hop device without ARP support (git-fixes) - RDMA/core: reduce stack using in nldev_stat_get_doit() (git-fixes) - RDMA/erdma: Fix ignored return value of init_kernel_qp (git-fixes) - RDMA/hns: Fix dip entries leak on devices newer than hip09 (git-fixes) - RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count (git-fixes) - RDMA/mlx5: Fix vport loopback forcing for MPV device (git-fixes) - RDMA/rxe: Fix race in do_task() when draining (git-fixes) - RDMA/siw: Always report immediate post SQ errors (git-fixes) - RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (git-fixes) - Refresh patches.suse/kernel-add-product-identifying-information-to-kernel-build.patch. (bsc#1249186) - Revert 'SUNRPC: Do not allow waiting for exiting tasks' (git-fixes). - Revert 'drm/amdgpu: fix incorrect vm flags to map bo' (stable-fixes). - Revert 'gpio: mlxbf3: only get IRQ for device instance 0' (git-fixes). - SUNRPC: call xs_sock_process_cmsg for all cmsg (git-fixes). - Squashfs: add additional inode sanity checking (git-fixes). - Squashfs: fix uninit-value in squashfs_get_parent (git-fixes). - Squashfs: reject negative file sizes in squashfs_read_inode() (git-fixes). - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (git-fixes). - USB: serial: option: add Foxconn T99W709 (stable-fixes). - USB: serial: option: add Telit Cinterion FN990A w/audio compositions (stable-fixes). - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (stable-fixes). - USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera (stable-fixes). - USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles (stable-fixes). - afs: Fix potential null pointer dereference in afs_put_server (git-fixes). - aoe: defer rexmit timer downdev work to workqueue (git-fixes). - arch/powerpc: Remove .interp section in vmlinux (bsc#1215199). - arm64/cpufeatures/kvm: Add ARMv8.9 FEAT_ECBHB bits in ID_AA64MMFR1 (git-fixes) - arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() (git-fixes) - arm64/mm: Check PUD_TYPE_TABLE in pud_bad() (git-fixes) - arm64: Add support for HIP09 Spectre-BHB mitigation (git-fixes) - arm64: Filter out SME hwcaps when FEAT_SME isn't implemented (git-fixes) - arm64: Handle KCOV __init vs inline mismatches (git-fixes) - arm64: Mark kernel as tainted on SAE and SError panic (git-fixes) - arm64: Restrict pagetable teardown to avoid false warning (git-fixes) - arm64: dts: apple: Add ethernet0 alias for J375 template (git-fixes) - arm64: dts: apple: t8103-j457: Fix PCIe ethernet iommu-map (git-fixes) - arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename (git-fixes) - arm64: dts: freescale: imx8mm-verdin: Keep LDO5 always on (git-fixes) - arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-beacon: Fix RTC capacitive load (git-fixes) - arm64: dts: imx8mm-venice-gw700x: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7901: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7903: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7904: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mn-beacon: Fix HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mn-beacon: Fix RTC capacitive load (git-fixes) - arm64: dts: imx8mn-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mp-beacon: Fix RTC capacitive load (git-fixes) - arm64: dts: imx8mp-tqma8mpql: fix LDO5 power off (git-fixes) - arm64: dts: imx8mp: Correct thermal sensor index (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul (git-fixes) - arm64: dts: rockchip: Add vcc-supply to SPI flash on (git-fixes) - arm64: dts: rockchip: Update eMMC for NanoPi R5 series (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou (git-fixes). - arm64: dts: rockchip: fix endpoint dtc warning for PX30 ISP (git-fixes) - arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma (git-fixes) - arm64: dts: rockchip: use cs-gpios for spi1 on ringneck (git-fixes) - arm64: ftrace: fix unreachable PLT for ftrace_caller in init_module (git-fixes) - arm64: tegra: Drop remaining serial clock-names and reset-names (git-fixes) - arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator (git-fixes) - arm64: zynqmp: add clock-output-names property in clock nodes (git-fixes) - ata: libata-scsi: Fix CDL control (git-fixes). - ax25: properly unshare skbs in ax25_kiss_rcv() (git-fixes). - batman-adv: fix OOB read/write in network-coding decode (git-fixes). - block: fix kobject leak in blk_unregister_queue (git-fixes). - block: mtip32xx: Fix usage of dma_map_sg() (git-fixes). - bpf, bpftool: Fix incorrect disasm pc (git-fixes). - bpf: Adjust free target to avoid global starvation of LRU map (git-fixes). - bpf: Fix iter/task tid filtering (git-fixes). - bpf: Fix link info netfilter flags to populate defrag flag (git-fixes). - bpf: Make reg_not_null() true for CONST_PTR_TO_MAP (git-fixes). - bpf: Properly test iter/task tid filtering (git-fixes). - bpf: bpftool: Setting error code in do_loader() (git-fixes). - bpf: fix kfunc btf caching for modules (git-fixes). - bpf: handle implicit declaration of function gettid in bpf_iter.c - bpf: skip non exist keys in generic_map_lookup_batch (git-fixes). - bpf: use kvzmalloc to allocate BPF verifier environment (git-fixes). - bpftool: Fix JSON writer resource leak in version command (git-fixes). - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure (git-fixes). - bpftool: Fix readlink usage in get_fd_type (git-fixes). - bpftool: Mount bpffs when pinmaps path not under the bpffs (git-fixes). - bpftool: fix potential NULL pointer dereferencing in prog_dump() (git-fixes). - btrfs: abort transaction during log replay if walk_log_tree() failed (git-fixes). - btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() (git-fixes). - btrfs: add cancellation points to trim loops (git-fixes). - btrfs: always abort transaction on failure to add block group to free space tree (git-fixes). - btrfs: always update fstrim_range on failure in FITRIM ioctl (git-fixes). - btrfs: avoid load/store tearing races when checking if an inode was logged (git-fixes). - btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling (git-fixes). - btrfs: correctly escape subvol in btrfs_show_options() (git-fixes). - btrfs: fix adding block group to a reclaim list and the unused list during reclaim (git-fixes). - btrfs: fix bitmap leak when loading free space cache on duplicate entry (git-fixes). - btrfs: fix data overwriting bug during buffered write when block size &lt; page size (git-fixes). - btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() (git-fixes). - btrfs: fix invalid extref key setup when replaying dentry (git-fixes). - btrfs: fix race between logging inode and checking if it was logged before (git-fixes). - btrfs: fix race between setting last_dir_index_offset and inode logging (git-fixes). - btrfs: fix the length of reserved qgroup to free (bsc#1240708) - btrfs: make found_logical_ret parameter mandatory for function queue_scrub_stripe() (git-fixes). - btrfs: move transaction aborts to the error site in add_block_group_free_space() (git-fixes). - btrfs: qgroup: fix race between quota disable and quota rescan ioctl (git-fixes). - btrfs: retry block group reclaim without infinite loop (git-fixes). - btrfs: return accurate error code on open failure in open_fs_devices() (bsc#1233120) - btrfs: run delayed iputs when flushing delalloc (git-fixes). - btrfs: scrub: avoid unnecessary csum tree search preparing stripes (git-fixes). - btrfs: scrub: avoid unnecessary extent tree search preparing stripes (git-fixes). - btrfs: scrub: fix grouping of read IO (git-fixes). - btrfs: scrub: remove scrub_ctx::csum_list member (git-fixes). - btrfs: split remaining space to discard in chunks (git-fixes). - btrfs: tree-checker: fix the incorrect inode ref size check (git-fixes). - btrfs: update target inode's ctime on unlink (git-fixes). - btrfs: use SECTOR_SHIFT to convert physical offset to LBA (git-fixes). - build_bug.h: Add KABI assert (bsc#1249186). - bus: fsl-mc: Check return value of platform_get_resource() (git-fixes). - bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() (git-fixes). - can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: j1939: implement NETDEV_UNREGISTER notification handler (git-fixes). - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (git-fixes). - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (git-fixes). - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: peak_usb: fix shift-out-of-bounds issue (git-fixes). - can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (stable-fixes). - can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB (git-fixes). - cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN (stable-fixes). - cdx: Fix off-by-one error in cdx_rpmsg_probe() (git-fixes). - ceph: fix possible integer overflow in ceph_zero_objects() (git-fixes). - ceph: validate snapdirname option length when mounting (git-fixes). - cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key (bsc#1241166). - cgroup/rstat: Optimize cgroup_rstat_updated_list() (bsc#1247963). - cgroup/rstat: Reduce cpu_lock hold time in cgroup_rstat_flush_locked() (bsc#1247963). - cgroup: llist: avoid memory tears for llist_node (bsc#1247963). - cgroup: make css_rstat_updated nmi safe (bsc#1247963). - cgroup: remove cgroup_rstat_flush_atomic() (bsc#1247963). - cgroup: remove per-cpu per-subsystem locks (bsc#1247963). - cgroup: support to enable nmi-safe css_rstat_updated (bsc#1247963). - char: misc: Fix improper and inaccurate error code returned by misc_init() (stable-fixes). - comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() (git-fixes). - comedi: Make insn_rw_emulate_bits() do insn->n samples (git-fixes). - comedi: fix race between polling and detaching (git-fixes). - comedi: pcl726: Prevent invalid irq number (git-fixes). - compiler-clang.h: define __SANITIZE_*__ macros only when undefined (stable-fixes). - compiler: remove __ADDRESSABLE_ASM{_STR,}() again (git-fixes). - cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag (stable-fixes). - cpufreq: Exit governor when failed to start old governor (stable-fixes). - cpufreq: Init policy->rwsem before it may be possibly used (git-fixes). - cpufreq: Initialize cpufreq-based frequency-invariance later (git-fixes). - cpufreq: Initialize cpufreq-based invariance before subsys (git-fixes). - cpufreq: Use the fixed and coherent frequency for scaling capacity (stable-fixes). - cpufreq: cppc: Fix invalid return value in .get() callback (git-fixes). - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (git-fixes). - cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode (git-fixes). - cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode (git-fixes). - cpufreq: scpi: compare kHz instead of Hz (git-fixes). - cpufreq: tegra186: Share policy per cluster (stable-fixes). - cpupower: Fix a bug where the -t option of the set subcommand was not working (stable-fixes). - crypto: af_alg - Set merge to zero early in af_alg_sendmsg (git-fixes). - crypto: aspeed - Fix dma_unmap_sg() direction (git-fixes). - crypto: atmel - Fix dma_unmap_sg() direction (git-fixes). - crypto: hisilicon/hpre - fix dma unmap sequence (stable-fixes). - crypto: hisilicon/qm - check whether the input function and PF are on the same device (git-fixes). - crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs (git-fixes). - crypto: jitter - fix intermediary handling (stable-fixes). - crypto: keembay - Add missing check after sg_nents_for_len() (git-fixes). - crypto: octeontx2 - add timeout for load_fvc completion poll (stable-fixes). - crypto: qat - add shutdown handler to qat_c3xxx (git-fixes). - crypto: qat - add shutdown handler to qat_c62x (git-fixes). - crypto: qat - add shutdown handler to qat_dh895xcc (git-fixes). - crypto: qat - lower priority for skcipher and aead algorithms (stable-fixes). - dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted (stable-fixes). - dmaengine: Fix dma_async_tx_descriptor->tx_submit documentation (git-fixes). - dmaengine: dw: dmamux: Fix device reference leak in rzn1_dmamux_route_allocate (git-fixes). - dmaengine: idxd: Fix double free in idxd_setup_wqs() (git-fixes). - dmaengine: idxd: Fix refcount underflow on module unload (git-fixes). - dmaengine: idxd: Remove improper idxd_free (git-fixes). - dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (git-fixes). - dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (git-fixes). - dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (git-fixes). - docs: admin-guide: update to current minimum pipe size default (git-fixes). - drivers/base/node: fix double free in register_one_node() (git-fixes). - drivers/base/node: handle error properly in register_one_node() (git-fixes). - drivers/base/node: optimize memory block registration to reduce boot time (bsc#1241866). - drivers/base/node: remove register_mem_block_under_node_early() (bsc#1241866). - drivers/base/node: remove register_memory_blocks_under_node() function call from register_one_node (bsc#1241866). - drivers/base/node: rename __register_one_node() to register_one_node() (bsc#1241866). - drivers/base/node: rename register_memory_blocks_under_node() and remove context argument (bsc#1241866). - drm/amd/amdgpu: Fix missing error return on kzalloc failure (git-fixes). - drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() (git-fixes). - drm/amd/display: Add primary plane to commits for correct VRR handling (stable-fixes). - drm/amd/display: Adjust DCE 8-10 clock, do not overclock by 15% (git-fixes). - drm/amd/display: Avoid a NULL pointer dereference (stable-fixes). - drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported (stable-fixes). - drm/amd/display: Avoid trying AUX transactions on disconnected ports (stable-fixes). - drm/amd/display: Disable DPCD Probe Quirk (bsc#1248121). - drm/amd/display: Do not overclock DCE 6 by 15% (git-fixes). - drm/amd/display: Do not warn when missing DCE encoder caps (stable-fixes). - drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs (stable-fixes). - drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs (stable-fixes). - drm/amd/display: Fix 'failed to blank crtc!' (stable-fixes). - drm/amd/display: Fix DP audio DTO1 clock source on DCE 6 (stable-fixes). - drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 (git-fixes). - drm/amd/display: Only finalize atomic_obj if it was initialized (stable-fixes). - drm/amd/display: Remove redundant semicolons (git-fixes). - drm/amd/display: Separate set_gsl from set_gsl_source_select (stable-fixes). - drm/amd/display: use udelay rather than fsleep (git-fixes). - drm/amd/pm: Adjust si_upload_smc_data register programming (v3) (git-fixes). - drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) (git-fixes). - drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) (git-fixes). - drm/amd/pm: Disable ULV even if unsupported (v3) (git-fixes). - drm/amd/pm: Fix si_upload_smc_data (v3) (git-fixes). - drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) (git-fixes). - drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual (stable-fixes). - drm/amd: Restore cached power limit during resume (stable-fixes). - drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages (stable-fixes). - drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time (stable-fixes). - drm/amdgpu: Avoid extra evict-restore process (stable-fixes). - drm/amdgpu: Power up UVD 3 for FW validation (v2) (git-fixes). - drm/amdgpu: drop hw access in non-DC audio fini (stable-fixes). - drm/amdgpu: fix a memory leak in fence cleanup when unloading (git-fixes). - drm/amdgpu: fix incorrect vm flags to map bo (git-fixes). - drm/amdgpu: fix task hang from failed job submission during process kill (git-fixes). - drm/amdgpu: remove the redeclaration of variable i (git-fixes). - drm/amdgpu: update mmhub 3.0.1 client id mappings (stable-fixes). - drm/amdkfd: Destroy KFD debugfs after destroy KFD wq (stable-fixes). - drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() (git-fixes). - drm/ast: Use msleep instead of mdelay for edid read (bsc#1250530). - drm/bridge: it6505: select REGMAP_I2C (git-fixes). - drm/bridge: ti-sn65dsi86: fix REFCLK setting (git-fixes). - drm/dp: Add an EDID quirk for the DPCD register access probe (bsc#1248121). - drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS (stable-fixes). - drm/dp: Change AUX DPCD probe address from LANE0_1_STATUS to TRAINING_PATTERN_SET (bsc#1248121). - drm/edid: Add support for quirks visible to DRM core and drivers (bsc#1248121). - drm/edid: Define the quirks in an enum list (bsc#1248121). - drm/gma500: Fix null dereference in hdmi teardown (git-fixes). - drm/hisilicon/hibmc: fix the hibmc loaded failed bug (git-fixes). - drm/i915/backlight: Return immediately when scale() finds invalid parameters (stable-fixes). - drm/i915/power: fix size for for_each_set_bit() in abox iteration (git-fixes). - drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv (git-fixes). - drm/mediatek: fix potential OF node use-after-free (git-fixes). - drm/msm/dpu: fix incorrect type for ret (git-fixes). - drm/msm/kms: move snapshot init earlier in KMS init (git-fixes). - drm/msm: Defer fd_install in SUBMIT ioctl (git-fixes). - drm/msm: use trylock for debugfs (stable-fixes). - drm/nouveau/disp: Always accept linear modifier (git-fixes). - drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor() (git-fixes). - drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 (git-fixes). - drm/nouveau: fix typos in comments (git-fixes). - drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr (git-fixes). - drm/nouveau: remove unused memory target test (git-fixes). - drm/panel: novatek-nt35560: Fix invalid return value (git-fixes). - drm/radeon/r600_cs: clean up of dead code in r600_cs (git-fixes). - drm/rcar-du: dsi: Fix 1/2/3 lane support (git-fixes). - drm/ttm: Respect the shrinker core free target (stable-fixes). - drm/ttm: Should to return the evict error (stable-fixes). - drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ (git-fixes). - drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path (git-fixes). - erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC (git-fixes). - et131x: Add missing check after DMA map (stable-fixes). - exfat: add cluster chain loop check for dir (git-fixes). - ext4: remove writable userspace mappings before truncating page cache (bsc#1247223). - fbcon: Fix OOB access in font allocation (git-fixes). - fbcon: fix integer overflow in fbcon_do_set_font (git-fixes). - fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (stable-fixes). - fbdev: fix potential buffer overflow in do_register_framebuffer() (stable-fixes). - firewire: core: fix overlooked update of subsystem ABI version (git-fixes). - firmware: meson_sm: fix device leak at probe (git-fixes). - flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read (git-fixes). - fs/mnt_idmapping.c: Return -EINVAL when no map is written (bsc#1233120) - fs/nfs/io: make nfs_start_io_*() killable (git-fixes). - fs/orangefs: use snprintf() instead of sprintf() (git-fixes). - gpio: mlxbf3: use platform_get_irq_optional() (git-fixes). - gpio: tps65912: check the return value of regmap_update_bits() (stable-fixes). - gpio: wcd934x: check the return value of regmap_update_bits() (stable-fixes). - hfs: fix not erasing deleted b-tree node issue (git-fixes). - hfs: fix slab-out-of-bounds in hfs_bnode_read() (git-fixes). - hfsplus: do not use BUG_ON() in hfsplus_create_attributes_file() (git-fixes). - hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() (git-fixes). - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes). - hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111). - hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open to prevent IPv6 addrconf (git-fixes). - hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state (stable-fixes). - hwmon: (mlxreg-fan) Separate methods of fan setting coming from different subsystems (git-fixes). - hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM (git-fixes). - hwrng: ks-sa - fix division by zero in ks_sa_rng_init (git-fixes). - hwrng: nomadik - add ARM_AMBA dependency (git-fixes). - hypfs_create_cpu_files(): add missing check for hypfs_mkdir() failure (git-fixes bsc#1249122). - i2c: Force DLL0945 touchpad i2c freq to 100khz (stable-fixes). - i2c: designware: Add disabling clocks when probe fails (git-fixes). - i2c: i801: Hide Intel Birch Stream SoC TCO WDT (git-fixes). - i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (git-fixes). - i2c: riic: Allow setting frequencies lower than 50KHz (git-fixes). - i2c: tegra: Use internal reset when reset property is not available (bsc#1249143) - i3c: Fix default I2C adapter timeout value (git-fixes). - i3c: do not fail if GETHDRCAP is unsupported (stable-fixes). - i3c: master: Initialize ret in i3c_i2c_notifier_call() (stable-fixes). - i3c: master: svc: Recycle unused IBI slot (git-fixes). - ice, irdma: fix an off by one in error handling code (bsc#1247712). - ice, irdma: move interrupts code to irdma (bsc#1247712). - ice: Fix signedness bug in ice_init_interrupt_scheme() (bsc#1247712). - ice: count combined queues using Rx/Tx count (bsc#1247712). - ice: devlink PF MSI-X max and min parameter (bsc#1247712). - ice: enable_rdma devlink param (bsc#1247712). - ice: get rid of num_lan_msix field (bsc#1247712). - ice: init flow director before RDMA (bsc#1247712). - ice: remove splitting MSI-X between features (bsc#1247712). - ice: simplify VF MSI-X managing (bsc#1247712). - ice: treat dyn_allowed only as suggestion (bsc#1247712). - iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement (stable-fixes). - iio: adc: ad_sigma_delta: do not overallocate scan buffer (stable-fixes). - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (git-fixes). - iio: dac: ad5360: use int type to store negative error codes (git-fixes). - iio: dac: ad5421: use int type to store negative error codes (git-fixes). - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (git-fixes). - iio: frequency: adf4350: Fix prescaler usage (git-fixes). - iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume (git-fixes). - iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 (stable-fixes). - iio: imu: inv_icm42600: use = { } instead of memset() (stable-fixes). - iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() (git-fixes). - iio: proximity: isl29501: fix buffered read on big-endian systems (git-fixes). - iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK (git-fixes). - iio: xilinx-ams: Unmask interrupts after updating alarms (git-fixes). - integrity/platform_certs: Allow loading of keys in the static key management mode (jsc#PED-13345 jsc#PED-13343). - iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() (git-fixes). - iosys-map: Fix undefined behavior in iosys_map_clear() (git-fixes). - ipmi: Fix strcpy source and destination the same (stable-fixes). - ipmi: Use dev_warn_ratelimited() for incorrect message warnings (stable-fixes). - irdma: free iwdev->rf after removing MSI-X (bsc#1247712). - isolcpus: add missing hunk back (bsc#1236897 bsc#1249206). - jfs: Regular file corruption check (git-fixes). - jfs: truncate good inode pages when hard link is 0 (git-fixes). - jfs: upper bound check of tree index in dbAllocAG (git-fixes). - kABI fix after vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes). - kABI fix for 'netfilter: nf_tables: Audit log rule reset' (git-fixes). - kABI workaround for 'drm/dp: Add an EDID quirk for the DPCD register access probe' (bsc#1248121). - kABI workaround for RCU tasks exit tracking (bsc#1246298). - kABI: PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes). - kABI: adjust new field on ip_ct_sctp struct (git-fixes). - kABI: arm64: ftrace: Restore init_module behavior (git-fixes). - kABI: arm64: ftrace: Restore struct mod_arch_specific layout (git-fixes). - kABI: make nft_trans_gc_catchall() public again (git-fixes). - kABI: netfilter flowtable move gc operation to bottom (git-fixes). - kabi: Restore layout of parallel_data (bsc1248343). - kabi: add struct cgroup_extra (bsc#1247963). - kabi: restore layout of struct cgroup_rstat_cpu (bsc#1247963). - kbuild/modpost: Continue processing all unresolved symbols when KLP_SYM_RELA is found (bsc#1218644, bsc#1250655). - kernel-binary: Another installation ordering fix (bsc#1241353). - kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522). - kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346) - kselftest/arm64: Fix check for setting new VLs in sve-ptrace (git-fixes). - leds: leds-lp50xx: Handle reg to get correct multi_index (stable-fixes). - loop: use kiocb helpers to fix lockdep warning (git-fixes). - mISDN: Fix memory leak in dsp_hwec_enable() (git-fixes). - mISDN: hfcpci: Fix warning when deleting uninitialized timer (git-fixes). - maple_tree: fix MAPLE_PARENT_RANGE32 and parent pointer docs (git-fixes). - md/md-cluster: handle REMOVE message earlier (bsc#1247057). - md/raid1,raid10: strip REQ_NOWAIT from member bios (git-fixes). - md: allow removing faulty rdev during resync (git-fixes). - md: make rdev_addable usable for rcu mode (git-fixes). - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (git-fixes). - media: cx18: Add missing check after DMA map (git-fixes). - media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (stable-fixes). - media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (stable-fixes). - media: i2c: mt9v111: fix incorrect type for ret (git-fixes). - media: lirc: Fix error handling in lirc_register() (git-fixes). - media: pci: ivtv: Add missing check after DMA map (git-fixes). - media: rc: fix races with imon_disconnect() (git-fixes). - media: rj54n1cb0c: Fix memleak in rj54n1_probe() (git-fixes). - media: st-delta: avoid excessive stack usage (git-fixes). - media: tc358743: Check I2C succeeded during probe (stable-fixes). - media: tc358743: Increase FIFO trigger level to 374 (stable-fixes). - media: tc358743: Return an appropriate colorspace from tc358743_set_fmt (stable-fixes). - media: usb: hdpvr: disable zero-length read messages (stable-fixes). - media: uvcvideo: Fix bandwidth issue for Alcor camera (stable-fixes). - media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (git-fixes). - media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control (stable-fixes). - media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() (git-fixes). - media: zoran: Remove zoran_fh structure (git-fixes). - mei: bus: Check for still connected devices in mei_cl_bus_dev_release() (stable-fixes). - memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (git-fixes). - memstick: Fix deadlock by moving removing flag earlier (git-fixes). - mfd: rz-mtu3: Fix MTU5 NFCR register offset (git-fixes). - mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (git-fixes). - misc: genwqe: Fix incorrect cmd field being reported in error (git-fixes). - mm/hwpoison: do not send SIGBUS to processes with recovered clean pages (git-fixes). - mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn (git-fixes). - mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() (git-fixes) - mm: introduce and use {pgd,p4d}_populate_kernel() (git-fixes). - mm: move page table sync declarations to linux/pgtable.h (git-fixes). - mmc: core: Use GFP_NOIO in ACMD22 (git-fixes). - mmc: mvsdio: Fix dma_unmap_sg() nents value (git-fixes). - mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() (stable-fixes). - mmc: sdhci-cadence: add Mobileye eyeQ support (stable-fixes). - mmc: sdhci-msm: Ensure SD card power isn't ON when card removed (stable-fixes). - mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency (git-fixes). - most: core: Drop device reference after usage in get_channel() (git-fixes). - mptcp: fallback when MPTCP opts are dropped after 1st data (git-fixes). - mptcp: reset when MPTCP opts are dropped after join (git-fixes). - mtd: nand: raw: atmel: Fix comment in timings preparation (stable-fixes). - mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (git-fixes). - mtd: rawnand: omap2: fix device leak on probe failure (git-fixes). - mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (git-fixes). - mtd: rawnand: stm32_fmc2: fix ECC overwrite (git-fixes). - net: hv_netvsc: fix loss of early receive events from host during channel open (git-fixes). - net: nfc: nci: Add parameter validation for packet data (git-fixes). - net: phy: fix phy_uses_state_machine() (git-fixes). - net: phy: micrel: Add ksz9131_resume() (stable-fixes). - net: phy: smsc: add proper reset flags for LAN8710A (stable-fixes). - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (git-fixes). - net: rose: convert 'use' field to refcount_t (git-fixes). - net: rose: fix a typo in rose_clear_routes() (git-fixes). - net: rose: include node references in rose_neigh refcount (git-fixes). - net: rose: split remove and free operations in rose_remove_neigh() (stable-fixes). - net: thunderbolt: Enable end-to-end flow control also in transmit (stable-fixes). - net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() (stable-fixes). - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (git-fixes). - net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization (git-fixes). - net: usb: asix_devices: add phy_mask for ax88772 mdio bus (git-fixes). - net: usb: cdc-ncm: check for filtering capability (git-fixes). - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (git-fixes). - netfilter: conntrack: fix extension size table (git-fixes). - netfilter: flowtable: GC pushes back packets to classic path (git-fixes). - netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp (git-fixes). - netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses (git-fixes). - netfilter: nf_conntrack_bridge: initialize err to 0 (git-fixes). - netfilter: nf_tables: A better name for nft_obj_filter (git-fixes). - netfilter: nf_tables: Audit log rule reset (git-fixes). - netfilter: nf_tables: Carry reset boolean in nft_obj_dump_ctx (git-fixes). - netfilter: nf_tables: Carry s_idx in nft_obj_dump_ctx (git-fixes). - netfilter: nf_tables: Deduplicate nft_register_obj audit logs (git-fixes). - netfilter: nf_tables: Drop pointless memset in nf_tables_dump_obj (git-fixes). - netfilter: nf_tables: Drop pointless memset when dumping rules (git-fixes). - netfilter: nf_tables: Fix entries val in rule reset audit log (git-fixes). - netfilter: nf_tables: Introduce nf_tables_getrule_single() (git-fixes). - netfilter: nf_tables: Open-code audit log call in nf_tables_getrule() (git-fixes). - netfilter: nf_tables: Unbreak audit log reset (git-fixes). - netfilter: nf_tables: Unconditionally allocate nft_obj_filter (git-fixes). - netfilter: nf_tables: audit log object reset once per table (git-fixes). - netfilter: nf_tables: bogus ENOENT when destroying element which does not exist (git-fixes). - netfilter: nf_tables: disallow element removal on anonymous sets (git-fixes). - netfilter: nf_tables: do not remove elements if set backend implements .abort (git-fixes). - netfilter: nf_tables: nft_obj_filter fits into cb->ctx (git-fixes). - netfilter: nf_tables: remove catchall element in GC sync path (git-fixes). - netfilter: nf_tables: revert do not remove elements if set backend implements .abort (git-fixes). - netfilter: nf_tables: split async and sync catchall in two functions (git-fixes). - netfilter: nfnetlink_log: silence bogus compiler warning (git-fixes). - netfilter: nft_payload: fix wrong mac header matching (git-fixes). - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (git-fixes). - netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC (git-fixes). - netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails (git-fixes). - netfilter: nft_set_rbtree: prefer sync gc to async worker (git-fixes). - netfilter: nft_set_rbtree: rename gc deactivate+erase function (git-fixes). - netfilter: xt_recent: fix (increase) ipv6 literal buffer length (git-fixes). - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* (git-fixes). - nouveau: fix disabling the nonstall irq due to storm code (git-fixes). - nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500). - nvme-pci: try function level reset on init failure (git-fixes). - nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500). - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500). - nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500). - orangefs: Remove unused type in macro fill_default_sys_attrs (git-fixes). - pNFS: Fix disk addr range check in block/scsi layout (git-fixes). - pNFS: Fix stripe mapping in block/scsi layout (git-fixes). - pNFS: Fix uninited ptr deref in block/scsi layout (git-fixes). - pNFS: Handle RPC size limit for layoutcommits (git-fixes). - pcmcia: Add error handling for add_interval() in do_validate_mem() (git-fixes). - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() (git-fixes). - pcmcia: omap: Add missing check for platform_get_resource (git-fixes). - phy: mscc: Fix parsing of unicast frames (git-fixes). - phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal (stable-fixes). - phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 (git-fixes). - phy: tegra: xusb: fix device and OF node leak at probe (git-fixes). - phy: ti-pipe3: fix device leak at unbind (git-fixes). - pinctrl: STMFX: add missing HAS_IOMEM dependency (git-fixes). - pinctrl: equilibrium: Remove redundant semicolons (git-fixes). - pinctrl: meson-gxl: add missing i2c_d pinmux (git-fixes). - pinctrl: renesas: Use int type to store negative error codes (git-fixes). - pinctrl: samsung: Drop unused S3C24xx driver data (git-fixes). - pinctrl: stm32: Manage irq affinity settings (stable-fixes). - platform/chrome: cros_ec_typec: Defer probe on missing EC parent (stable-fixes). - platform/mellanox: mlxbf-pmc: Remove newline char from event name input (git-fixes). - platform/mellanox: mlxbf-pmc: Validate event/enable input (git-fixes). - platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list (stable-fixes). - platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list (stable-fixes). - platform/x86: dell-wmi-sysman: Fix class device unregistration (git-fixes). - platform/x86: think-lmi: Fix class device unregistration (git-fixes). - platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches (git-fixes). - pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() (stable-fixes). - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (git-fixes). - power: supply: bq27xxx: restrict no-battery detection to bq27000 (git-fixes). - power: supply: cw2015: Fix a alignment coding style issue (git-fixes). - power: supply: max77976_charger: fix constant current reporting (git-fixes). - power: supply: qcom_battmgr: Add lithium-polymer entry (stable-fixes). - powerpc/eeh: Export eeh_unfreeze_pe() (bsc#1215199). - powerpc/eeh: Make EEH driver device hotplug safe (bsc#1215199). - powerpc/eeh: Rely on dev->link_active_reporting (bsc#1215199). - powerpc/kernel: Fix ppc_save_regs inclusion in build (bsc#1215199). - powerpc/pseries: Correct secvar format representation for static key management (jsc#PED-13345 jsc#PED-13343). - powerpc/secvar: Expose secvars relevant to the key management mode (jsc#PED-13345 jsc#PED-13343). - powerpc: do not build ppc_save_regs.o always (bsc#1215199). - pptp: fix pptp_xmit() error path (git-fixes). - pwm: berlin: Fix wrong register in suspend/resume (git-fixes). - pwm: mediatek: Fix duty and period setting (git-fixes). - pwm: mediatek: Handle hardware enable and clock enable separately (stable-fixes). - pwm: tiehrpwm: Fix corner case in clock divisor calculation (git-fixes). - pwm: tiehrpwm: Make code comment in .free() more useful (git-fixes). - rcu-tasks: Add data to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Eliminate deadlocks involving do_exit() and RCU (bsc#1246298) - rcu-tasks: Initialize callback lists at rcu_init() time (bsc#1246298) - rcu-tasks: Initialize data to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Maintain lists to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Maintain real-time response in (bsc#1246298) - rcu/exp: Fix RCU expedited parallel grace period kworker (git-fixes) - rcu/exp: Handle RCU expedited grace period kworker allocation (git-fixes) - rcu: Fix racy re-initialization of irq_work causing hangs (git-fixes) - regmap: Remove superfluous check for !config in __regmap_init() (git-fixes). - regulator: scmi: Use int type to store negative error codes (git-fixes). - regulator: sy7636a: fix lifecycle of power good gpio (git-fixes). - reset: brcmstb: Enable reset drivers for ARCH_BCM2835 (stable-fixes). - rpm: Configure KABI checkingness macro (bsc#1249186) - rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186) - rpm: Link arch-symbols script from scripts directory. - rpm: Link guards script from scripts directory. - rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 (stable-fixes). - rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe (stable-fixes). - s390/cpum_cf: Deny all sampling events by counter PMU (git-fixes bsc#1249481). - s390/hypfs: Avoid unnecessary ioctl registration in debugfs (git-fixes bsc#1248733 LTC#214881). - s390/hypfs: Enable limited access during lockdown (git-fixes bsc#1248733 LTC#214881). - s390/ism: fix concurrency management in ism_cmd() (git-fixes bsc#1248735). - s390/pai: Deny all events not handled by this PMU (git-fixes bsc#1249482). - s390/pci: Allow automatic recovery with minimal driver support (git-fixes bsc#1248734 LTC#214880). - s390/sclp: Fix SCCB present check (git-fixes bsc#1249123). - s390/stp: Remove udelay from stp_sync_clock() (git-fixes bsc#1249124). - s390/time: Use monotonic clock in get_cycles() (git-fixes bsc#1249125). - s390/vfio-ap: Fix no AP queue sharing allowed message written to kernel log (git-fixes bsc#1249488). - samples/bpf: Fix compilation errors with cf-protection option (git-fixes). - sched/deadline: Collect sched_dl_entity initialization (git-fixes) - sched/fair: Remove unused parameter from sched_asym() (git-fixes) - sched/fair: Take the scheduling domain into account in (git-fixes) - sched/isolation: Fix boot crash when maxcpus &lt; first (git-fixes) - sched/numa, mm: do not try to migrate memory to memoryless (git-fixes) - scsi: Revert 'scsi: iscsi: Fix HW conn removal use after free' (git-fixes). - scsi: core: Fix kernel doc for scsi_track_queue_full() (git-fixes). - scsi: elx: efct: Fix dma_unmap_sg() nents value (git-fixes). - scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519). - scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value (git-fixes). - scsi: isci: Fix dma_unmap_sg() nents value (git-fixes). - scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519). - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519). - scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519). - scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519). - scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519). - scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519). - scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519). - scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519). - scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519). - scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519). - scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519). - scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519). - scsi: lpfc: Use int type to store negative error codes (bsc#1250519). - scsi: lpfc: use min() to improve code (bsc#1250519). - scsi: mpi3mr: Fix kernel-doc issues in mpi3mr_app.c (git-fixes). - scsi: mpi3mr: Fix race between config read submit and interrupt completion (git-fixes). - scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems (git-fixes). - scsi: mpt3sas: Fix a fw_event memory leak (git-fixes). - scsi: mvsas: Fix dma_unmap_sg() nents value (git-fixes). - scsi: qla2xxx: Avoid stack frame size warning in qla_dfs (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() (git-fixes). - scsi: qla2xxx: Remove firmware URL (git-fixes). - scsi: qla2xxx: Use secs_to_jiffies() instead of msecs_to_jiffies() (git-fixes). - scsi: qla2xxx: edif: Fix incorrect sign of error code (git-fixes). - scsi: sd: Make sd shutdown issue START STOP UNIT appropriately (git-fixes). - seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast (git-fixes). - selftests/bpf: Add asserts for netfilter link info (git-fixes). - selftests/bpf: Add cmp_map_pointer_with_const test (git-fixes). - selftests/bpf: Add test cases with CONST_PTR_TO_MAP null checks (git-fixes). - selftests/bpf: adapt one more case in test_lru_map to the new target_free (git-fixes). - selftests/bpf: fexit_sleep: Fix stack allocation for arm64 (git-fixes). - selftests/cpufreq: Fix cpufreq basic read and update testcases (bsc#1250344). - selftests/tracing: Fix false failure of subsystem event test (git-fixes). - selftests: Fix errno checking in syscall_user_dispatch test (git-fixes). - selftests: bpf: test batch lookup on array of maps with holes (git-fixes). - selftests: rtnetlink.sh: remove esp4_offload after test (git-fixes). - serial: 8250: fix panic due to PSLVERR (git-fixes). - serial: max310x: Add error checking in probe() (git-fixes). - serial: sc16is7xx: fix bug in flow control levels init (git-fixes). - slab: Decouple slab_debug and no_hash_pointers (bsc#1249022). - soc/tegra: pmc: Ensure power-domains are in a known state (git-fixes). - soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (git-fixes). - soundwire: amd: serialize amd manager resume sequence during pm_prepare (stable-fixes). - spi: bcm2835: Remove redundant semicolons (git-fixes). - spi: cadence-quadspi: Flush posted register writes before DAC access (git-fixes). - spi: cadence-quadspi: Flush posted register writes before INDAC access (git-fixes). - spi: mtk-snfi: Remove redundant semicolons (git-fixes). - spi: spi-fsl-lpspi: Fix transmissions when using CONT (git-fixes). - spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (git-fixes). - spi: spi-fsl-lpspi: Set correct chip-select polarity bit (git-fixes). - squashfs: fix memory leak in squashfs_fill_super (git-fixes). - struct cdc_ncm_ctx: hide new member filtering_supported (git-fixes). - struct ci_hdrc: new member has_short_pkt_limit to end (git-fixes). - struct l2cap_chan: shift new member rx_avail to end (git-fixes). - sunvdc: Balance device refcount in vdc_port_mpgroup_check (git-fixes). - supported.conf: mark hyperv_drm as external - thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required (stable-fixes). - thermal/drivers/qcom/lmh: Add missing IRQ includes (git-fixes). - thermal: sysfs: Return ENODATA instead of EAGAIN for reads (stable-fixes). - thunderbolt: Compare HMAC values in constant time (git-fixes). - tty: hvc_console: Call hvc_kick in hvc_write unconditionally (bsc#1230062). - tty: n_gsm: Do not block input queue by waiting MSC (git-fixes). - ublk: sanity check add_dev input for underflow (git-fixes). - ublk: use vmalloc for ublk_device's __queues (git-fixes). - uio: uio_pdrv_genirq: Remove MODULE_DEVICE_TABLE (git-fixes). - usb: chipidea: add CI_HDRC_HAS_SHORT_PKT_LIMIT flag (git-fixes). - usb: core: Add 0x prefix to quirks debug output (stable-fixes). - usb: core: config: Prevent OOB read in SS endpoint companion parsing (stable-fixes). - usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test (git-fixes). - usb: core: usb_submit_urb: downgrade type check (stable-fixes). - usb: dwc3: Ignore late xferNotReady event to prevent halt timeout (git-fixes). - usb: dwc3: Remove WARN_ON for device endpoint command timeouts (stable-fixes). - usb: dwc3: core: Fix system suspend on TI AM62 platforms (git-fixes). - usb: dwc3: fix fault at system suspend if device was already runtime suspended (git-fixes). - usb: dwc3: imx8mp: fix device leak at unbind (git-fixes). - usb: dwc3: pci: add support for the Intel Wildcat Lake (stable-fixes). - usb: dwc3: qcom: Do not leave BCR asserted (git-fixes). - usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (git-fixes). - usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure calls (git-fixes). - usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive (stable-fixes). - usb: renesas-xhci: Fix External ROM access timeouts (git-fixes). - usb: storage: realtek_cr: Use correct byte order for bcs->Residue (git-fixes). - usb: typec: fusb302: cache PD RX state (git-fixes). - usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present (stable-fixes). - usb: typec: maxim_contaminant: disable low power mode when reading comparator values (git-fixes). - usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean (git-fixes). - usb: typec: tcpci: use GENMASK() for TCPC_ROLE_CTRL_CC[12] (git-fixes). - usb: typec: tcpm/tcpci_maxim: fix non-contaminant CC handling (git-fixes). - usb: typec: tcpm/tcpci_maxim: use GENMASK() for TCPC_VENDOR_CC_CTRL2 register (git-fixes). - usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default (stable-fixes). - usb: xhci: Avoid showing errors during surprise removal (stable-fixes). - usb: xhci: Avoid showing warnings for dying controller (stable-fixes). - usb: xhci: Fix invalid pointer dereference in Etron workaround (git-fixes). - usb: xhci: Fix slot_id resource race conflict (git-fixes). - usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command (stable-fixes). - usb: xhci: print xhci->xhc_state when queue_command failed (stable-fixes). - use uniform permission checks for all mount propagation changes (git-fixes). - vfs: Add a sysctl for automated deletion of dentry (bsc#1240890). - vhost-scsi: Fix log flooding with target does not exist errors (git-fixes). - vhost-scsi: Return queue full for page alloc failures during copy (git-fixes). - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (git-fixes). - vhost/vsock: Avoid allocating arbitrarily-sized SKBs (git-fixes). - vhost: fail early when __vhost_add_used() fails (git-fixes). - vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page (git-fixes). - vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes). - vsock: Allow retrying on connect() failure (git-fixes). - vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` (git-fixes). - vsock: avoid timeout during connect() if the socket is closing (git-fixes). - watchdog: dw_wdt: Fix default timeout (stable-fixes). - watchdog: iTCO_wdt: Report error if timeout configuration fails (stable-fixes). - watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (git-fixes). - watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition (stable-fixes). - wifi: ath10k: avoid unnecessary wait for service ready message (git-fixes). - wifi: ath11k: HAL SRNG: do not deinitialize and re-initialize again (git-fixes). - wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() (git-fixes). - wifi: ath11k: fix group data packet drops during rekey (git-fixes). - wifi: ath12k: Add MODULE_FIRMWARE() entries (bsc#1250952). - wifi: ath12k: Add memset and update default rate value in wmi tx completion (stable-fixes). - wifi: ath12k: Correct tid cleanup when tid setup fails (stable-fixes). - wifi: ath12k: Decrement TID on RX peer frag setup error handling (stable-fixes). - wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 (stable-fixes). - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work (git-fixes). - wifi: cfg80211: Fix interface type validation (stable-fixes). - wifi: cfg80211: fix use-after-free in cmp_bss() (git-fixes). - wifi: cfg80211: reject HTC bit for management frames (stable-fixes). - wifi: cfg80211: remove cfg80211_inform_single_bss_frame_data() (git-fixes). - wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (git-fixes). - wifi: cw1200: cap SSID length in cw1200_do_join() (git-fixes). - wifi: iwlegacy: Check rate_idx range after addition (stable-fixes). - wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() (stable-fixes). - wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect (stable-fixes). - wifi: iwlwifi: mvm: fix scan request validation (stable-fixes). - wifi: iwlwifi: mvm: set gtk id also in older FWs (stable-fixes). - wifi: iwlwifi: uefi: check DSM item validity (git-fixes). - wifi: libertas: cap SSID len in lbs_associate() (git-fixes). - wifi: mac80211: do not complete management TX on SAE commit (stable-fixes). - wifi: mac80211: fix Rx packet handling when pubsta information is not available (git-fixes). - wifi: mac80211: fix incorrect type for ret (stable-fixes). - wifi: mac80211: fix rx link assignment for non-MLO stations (stable-fixes). - wifi: mac80211: increase scan_ies_len for S1G (stable-fixes). - wifi: mac80211: update radar_required in channel context after channel switch (stable-fixes). - wifi: mt76: fix potential memory leak in mt76_wmac_probe() (git-fixes). - wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch (stable-fixes). - wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() (git-fixes). - wifi: mwifiex: Initialize the chan_stats array to zero (git-fixes). - wifi: mwifiex: send world regulatory domain to driver (git-fixes). - wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() (stable-fixes). - wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()` (stable-fixes). - wifi: rtw89: Disable deep power saving for USB/SDIO (stable-fixes). - wifi: rtw89: Fix rtw89_mac_power_switch() for USB (stable-fixes). - wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB (stable-fixes). - wifi: rtw89: avoid circular locking dependency in ser_state_run() (git-fixes). - wifi: virt_wifi: Fix page fault on connect (stable-fixes). - wifi: wilc1000: avoid buffer overflow in WID string configuration (stable-fixes). - wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn() (git-fixes). - writeback: Avoid contention on wb->list_lock when switching inodes (bsc#1237776). - writeback: Avoid contention on wb->list_lock when switching inodes (kABI fixup) (bsc#1237776). - writeback: Avoid excessively long inode switching times (bsc#1237776). - writeback: Avoid softlockup when switching many inodes (bsc#1237776). - x86/CPU/AMD: WARN when setting EFER.AUTOIBRS if and only if the WRMSR fails (git-fixes). - x86/Kconfig: Always enable ARCH_SPARSEMEM_ENABLE (git-fixes). - x86/amd_nb: Restrict init function to AMD-based systems (git-fixes). - x86/cpu: Add model number for Intel Clearwater Forest processor (git-fixes). - x86/fpu: Delay instruction pointer fixup until after warning (git-fixes). - x86/microcode/AMD: Handle the case of no BIOS microcode (git-fixes). - x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() (git-fixes). - x86/rdrand: Disable RDSEED on AMD Cyan Skillfish (git-fixes). - xen/gntdev: remove struct gntdev_copy_batch from stack (git-fixes). - xen/netfront: Fix TX response spurious interrupts (git-fixes). - xen: Add support for XenServer 6.1 platform device (git-fixes). - xenbus: Allow PVH dom0 a non-local xenstore (git-fixes). - xfs: rearrange code in xfs_inode_item_precommit (bsc#1237449). - xfs: rework datasync tracking and execution (bsc#1237449). - xhci: Fix control transfer error on Etron xHCI host (git-fixes). - xhci: dbc: Fix full DbC transfer ring after several reconnects (git-fixes). - xhci: fix memory leak regression when freeing xhci vdev devices depth first (git-fixes). - xirc2ps_cs: fix register access when enabling FullDuplex (git-fixes). Important SUSE bug 1012628 SUSE bug 1194869 SUSE bug 1213061 SUSE bug 1213545 SUSE bug 1213666 SUSE bug 1214073 SUSE bug 1214928 SUSE bug 1214953 SUSE bug 1215150 SUSE bug 1215199 SUSE bug 1215696 SUSE bug 1216436 SUSE bug 1216976 SUSE bug 1218644 SUSE bug 1220186 SUSE bug 1220419 SUSE bug 1221858 SUSE bug 1222323 SUSE bug 1229165 SUSE bug 1230062 SUSE bug 1230557 SUSE bug 1230708 SUSE bug 1233120 SUSE bug 1234156 SUSE bug 1236897 SUSE bug 1237449 SUSE bug 1237776 SUSE bug 1240324 SUSE bug 1240708 SUSE bug 1240890 SUSE bug 1241166 SUSE bug 1241292 SUSE bug 1241353 SUSE bug 1241866 SUSE bug 1242034 SUSE bug 1242754 SUSE bug 1242960 SUSE bug 1243100 SUSE bug 1243112 SUSE bug 1244734 SUSE bug 1244930 SUSE bug 1245193 SUSE bug 1245260 SUSE bug 1245663 SUSE bug 1245700 SUSE bug 1245710 SUSE bug 1245767 SUSE bug 1245780 SUSE bug 1245815 SUSE bug 1245956 SUSE bug 1245973 SUSE bug 1245977 SUSE bug 1246005 SUSE bug 1246012 SUSE bug 1246057 SUSE bug 1246125 SUSE bug 1246181 SUSE bug 1246190 SUSE bug 1246193 SUSE bug 1246248 SUSE bug 1246298 SUSE bug 1246509 SUSE bug 1246782 SUSE bug 1247057 SUSE bug 1247078 SUSE bug 1247099 SUSE bug 1247112 SUSE bug 1247116 SUSE bug 1247118 SUSE bug 1247119 SUSE bug 1247126 SUSE bug 1247136 SUSE bug 1247137 SUSE bug 1247155 SUSE bug 1247162 SUSE bug 1247167 SUSE bug 1247223 SUSE bug 1247229 SUSE bug 1247239 SUSE bug 1247243 SUSE bug 1247262 SUSE bug 1247280 SUSE bug 1247313 SUSE bug 1247442 SUSE bug 1247483 SUSE bug 1247500 SUSE bug 1247712 SUSE bug 1247963 SUSE bug 1247976 SUSE bug 1248088 SUSE bug 1248108 SUSE bug 1248111 SUSE bug 1248121 SUSE bug 1248164 SUSE bug 1248166 SUSE bug 1248178 SUSE bug 1248179 SUSE bug 1248180 SUSE bug 1248183 SUSE bug 1248186 SUSE bug 1248192 SUSE bug 1248194 SUSE bug 1248196 SUSE bug 1248198 SUSE bug 1248199 SUSE bug 1248200 SUSE bug 1248202 SUSE bug 1248205 SUSE bug 1248206 SUSE bug 1248208 SUSE bug 1248209 SUSE bug 1248212 SUSE bug 1248213 SUSE bug 1248214 SUSE bug 1248216 SUSE bug 1248217 SUSE bug 1248223 SUSE bug 1248225 SUSE bug 1248227 SUSE bug 1248228 SUSE bug 1248229 SUSE bug 1248255 SUSE bug 1248296 SUSE bug 1248297 SUSE bug 1248306 SUSE bug 1248312 SUSE bug 1248333 SUSE bug 1248334 SUSE bug 1248337 SUSE bug 1248338 SUSE bug 1248340 SUSE bug 1248341 SUSE bug 1248343 SUSE bug 1248345 SUSE bug 1248349 SUSE bug 1248350 SUSE bug 1248354 SUSE bug 1248355 SUSE bug 1248357 SUSE bug 1248360 SUSE bug 1248361 SUSE bug 1248363 SUSE bug 1248365 SUSE bug 1248368 SUSE bug 1248374 SUSE bug 1248377 SUSE bug 1248378 SUSE bug 1248380 SUSE bug 1248386 SUSE bug 1248390 SUSE bug 1248392 SUSE bug 1248395 SUSE bug 1248399 SUSE bug 1248401 SUSE bug 1248511 SUSE bug 1248512 SUSE bug 1248573 SUSE bug 1248575 SUSE bug 1248577 SUSE bug 1248609 SUSE bug 1248610 SUSE bug 1248614 SUSE bug 1248617 SUSE bug 1248619 SUSE bug 1248621 SUSE bug 1248622 SUSE bug 1248626 SUSE bug 1248628 SUSE bug 1248634 SUSE bug 1248636 SUSE bug 1248639 SUSE bug 1248643 SUSE bug 1248648 SUSE bug 1248652 SUSE bug 1248655 SUSE bug 1248666 SUSE bug 1248669 SUSE bug 1248674 SUSE bug 1248681 SUSE bug 1248733 SUSE bug 1248734 SUSE bug 1248735 SUSE bug 1248746 SUSE bug 1248748 SUSE bug 1248775 SUSE bug 1248847 SUSE bug 1249022 SUSE bug 1249122 SUSE bug 1249123 SUSE bug 1249124 SUSE bug 1249125 SUSE bug 1249126 SUSE bug 1249143 SUSE bug 1249156 SUSE bug 1249159 SUSE bug 1249163 SUSE bug 1249164 SUSE bug 1249166 SUSE bug 1249169 SUSE bug 1249170 SUSE bug 1249172 SUSE bug 1249176 SUSE bug 1249177 SUSE bug 1249186 SUSE bug 1249190 SUSE bug 1249194 SUSE bug 1249195 SUSE bug 1249196 SUSE bug 1249199 SUSE bug 1249200 SUSE bug 1249202 SUSE bug 1249203 SUSE bug 1249204 SUSE bug 1249206 SUSE bug 1249215 SUSE bug 1249220 SUSE bug 1249221 SUSE bug 1249254 SUSE bug 1249255 SUSE bug 1249257 SUSE bug 1249258 SUSE bug 1249260 SUSE bug 1249262 SUSE bug 1249263 SUSE bug 1249265 SUSE bug 1249266 SUSE bug 1249271 SUSE bug 1249272 SUSE bug 1249273 SUSE bug 1249278 SUSE bug 1249279 SUSE bug 1249281 SUSE bug 1249282 SUSE bug 1249284 SUSE bug 1249285 SUSE bug 1249288 SUSE bug 1249290 SUSE bug 1249292 SUSE bug 1249295 SUSE bug 1249296 SUSE bug 1249299 SUSE bug 1249300 SUSE bug 1249303 SUSE bug 1249304 SUSE bug 1249305 SUSE bug 1249308 SUSE bug 1249312 SUSE bug 1249315 SUSE bug 1249318 SUSE bug 1249321 SUSE bug 1249323 SUSE bug 1249324 SUSE bug 1249334 SUSE bug 1249338 SUSE bug 1249346 SUSE bug 1249374 SUSE bug 1249413 SUSE bug 1249479 SUSE bug 1249481 SUSE bug 1249482 SUSE bug 1249486 SUSE bug 1249488 SUSE bug 1249489 SUSE bug 1249490 SUSE bug 1249494 SUSE bug 1249504 SUSE bug 1249506 SUSE bug 1249508 SUSE bug 1249510 SUSE bug 1249513 SUSE bug 1249515 SUSE bug 1249516 SUSE bug 1249522 SUSE bug 1249523 SUSE bug 1249524 SUSE bug 1249526 SUSE bug 1249533 SUSE bug 1249538 SUSE bug 1249540 SUSE bug 1249542 SUSE bug 1249545 SUSE bug 1249548 SUSE bug 1249554 SUSE bug 1249598 SUSE bug 1249604 SUSE bug 1249608 SUSE bug 1249615 SUSE bug 1249640 SUSE bug 1249641 SUSE bug 1249642 SUSE bug 1249658 SUSE bug 1249662 SUSE bug 1249672 SUSE bug 1249673 SUSE bug 1249677 SUSE bug 1249678 SUSE bug 1249679 SUSE bug 1249682 SUSE bug 1249687 SUSE bug 1249698 SUSE bug 1249707 SUSE bug 1249712 SUSE bug 1249730 SUSE bug 1249756 SUSE bug 1249758 SUSE bug 1249761 SUSE bug 1249762 SUSE bug 1249768 SUSE bug 1249770 SUSE bug 1249774 SUSE bug 1249779 SUSE bug 1249780 SUSE bug 1249785 SUSE bug 1249787 SUSE bug 1249795 SUSE bug 1249815 SUSE bug 1249820 SUSE bug 1249823 SUSE bug 1249824 SUSE bug 1249825 SUSE bug 1249826 SUSE bug 1249833 SUSE bug 1249842 SUSE bug 1249845 SUSE bug 1249849 SUSE bug 1249850 SUSE bug 1249853 SUSE bug 1249856 SUSE bug 1249861 SUSE bug 1249863 SUSE bug 1249864 SUSE bug 1249865 SUSE bug 1249866 SUSE bug 1249869 SUSE bug 1249870 SUSE bug 1249880 SUSE bug 1249883 SUSE bug 1249888 SUSE bug 1249894 SUSE bug 1249896 SUSE bug 1249897 SUSE bug 1249901 SUSE bug 1249911 SUSE bug 1249917 SUSE bug 1249919 SUSE bug 1249923 SUSE bug 1249926 SUSE bug 1249938 SUSE bug 1249949 SUSE bug 1249950 SUSE bug 1249952 SUSE bug 1249975 SUSE bug 1249979 SUSE bug 1249984 SUSE bug 1249988 SUSE bug 1249990 SUSE bug 1249993 SUSE bug 1249994 SUSE bug 1249997 SUSE bug 1250002 SUSE bug 1250004 SUSE bug 1250006 SUSE bug 1250007 SUSE bug 1250012 SUSE bug 1250022 SUSE bug 1250024 SUSE bug 1250025 SUSE bug 1250028 SUSE bug 1250029 SUSE bug 1250035 SUSE bug 1250049 SUSE bug 1250055 SUSE bug 1250057 SUSE bug 1250058 SUSE bug 1250062 SUSE bug 1250063 SUSE bug 1250065 SUSE bug 1250066 SUSE bug 1250067 SUSE bug 1250069 SUSE bug 1250070 SUSE bug 1250073 SUSE bug 1250074 SUSE bug 1250088 SUSE bug 1250089 SUSE bug 1250106 SUSE bug 1250112 SUSE bug 1250117 SUSE bug 1250120 SUSE bug 1250125 SUSE bug 1250127 SUSE bug 1250128 SUSE bug 1250145 SUSE bug 1250150 SUSE bug 1250156 SUSE bug 1250157 SUSE bug 1250161 SUSE bug 1250163 SUSE bug 1250166 SUSE bug 1250167 SUSE bug 1250169 SUSE bug 1250171 SUSE bug 1250177 SUSE bug 1250179 SUSE bug 1250180 SUSE bug 1250186 SUSE bug 1250196 SUSE bug 1250198 SUSE bug 1250199 SUSE bug 1250201 SUSE bug 1250203 SUSE bug 1250204 SUSE bug 1250205 SUSE bug 1250206 SUSE bug 1250208 SUSE bug 1250241 SUSE bug 1250242 SUSE bug 1250243 SUSE bug 1250247 SUSE bug 1250249 SUSE bug 1250251 SUSE bug 1250262 SUSE bug 1250263 SUSE bug 1250266 SUSE bug 1250267 SUSE bug 1250268 SUSE bug 1250275 SUSE bug 1250276 SUSE bug 1250281 SUSE bug 1250290 SUSE bug 1250291 SUSE bug 1250292 SUSE bug 1250294 SUSE bug 1250297 SUSE bug 1250298 SUSE bug 1250313 SUSE bug 1250319 SUSE bug 1250323 SUSE bug 1250325 SUSE bug 1250329 SUSE bug 1250336 SUSE bug 1250337 SUSE bug 1250344 SUSE bug 1250358 SUSE bug 1250365 SUSE bug 1250371 SUSE bug 1250377 SUSE bug 1250384 SUSE bug 1250389 SUSE bug 1250395 SUSE bug 1250397 SUSE bug 1250402 SUSE bug 1250406 SUSE bug 1250407 SUSE bug 1250426 SUSE bug 1250450 SUSE bug 1250459 SUSE bug 1250519 SUSE bug 1250522 SUSE bug 1250530 SUSE bug 1250655 SUSE bug 1250712 SUSE bug 1250713 SUSE bug 1250732 SUSE bug 1250736 SUSE bug 1250741 SUSE bug 1250759 SUSE bug 1250763 SUSE bug 1250765 SUSE bug 1250807 SUSE bug 1250808 SUSE bug 1250809 SUSE bug 1250812 SUSE bug 1250813 SUSE bug 1250815 SUSE bug 1250816 SUSE bug 1250820 SUSE bug 1250823 SUSE bug 1250825 SUSE bug 1250827 SUSE bug 1250830 SUSE bug 1250831 SUSE bug 1250837 SUSE bug 1250841 SUSE bug 1250861 SUSE bug 1250863 SUSE bug 1250867 SUSE bug 1250872 SUSE bug 1250873 SUSE bug 1250878 SUSE bug 1250905 SUSE bug 1250907 SUSE bug 1250917 SUSE bug 1250918 SUSE bug 1250923 SUSE bug 1250926 SUSE bug 1250928 SUSE bug 1250929 SUSE bug 1250930 SUSE bug 1250931 SUSE bug 1250941 SUSE bug 1250942 SUSE bug 1250949 SUSE bug 1250952 SUSE bug 1250957 SUSE bug 1250964 CVE-2023-31248 at SUSE CVE-2023-31248 at NVD CVE-2023-3772 at SUSE CVE-2023-3772 at NVD CVE-2023-3867 at SUSE CVE-2023-3867 at NVD CVE-2023-39197 at SUSE CVE-2023-39197 at NVD CVE-2023-4130 at SUSE CVE-2023-4130 at NVD CVE-2023-42753 at SUSE CVE-2023-42753 at NVD CVE-2023-4515 at SUSE CVE-2023-4515 at NVD CVE-2023-53147 at SUSE CVE-2023-53147 at NVD CVE-2023-53148 at SUSE CVE-2023-53148 at NVD CVE-2023-53150 at SUSE CVE-2023-53150 at NVD CVE-2023-53151 at SUSE CVE-2023-53151 at NVD CVE-2023-53152 at SUSE CVE-2023-53152 at NVD CVE-2023-53165 at SUSE CVE-2023-53165 at NVD CVE-2023-53167 at SUSE CVE-2023-53167 at NVD CVE-2023-53170 at SUSE CVE-2023-53170 at NVD CVE-2023-53174 at SUSE CVE-2023-53174 at NVD CVE-2023-53175 at SUSE CVE-2023-53175 at NVD CVE-2023-53177 at SUSE CVE-2023-53177 at NVD CVE-2023-53179 at SUSE CVE-2023-53179 at NVD CVE-2023-53180 at SUSE CVE-2023-53180 at NVD CVE-2023-53181 at SUSE CVE-2023-53181 at NVD CVE-2023-53183 at SUSE CVE-2023-53183 at NVD CVE-2023-53184 at SUSE CVE-2023-53184 at NVD CVE-2023-53185 at SUSE CVE-2023-53185 at NVD CVE-2023-53187 at SUSE CVE-2023-53187 at NVD CVE-2023-53189 at SUSE CVE-2023-53189 at NVD CVE-2023-53192 at SUSE CVE-2023-53192 at NVD CVE-2023-53195 at SUSE CVE-2023-53195 at NVD CVE-2023-53196 at SUSE CVE-2023-53196 at NVD CVE-2023-53201 at SUSE CVE-2023-53201 at NVD CVE-2023-53204 at SUSE CVE-2023-53204 at NVD CVE-2023-53205 at SUSE CVE-2023-53205 at NVD CVE-2023-53206 at SUSE CVE-2023-53206 at NVD CVE-2023-53207 at SUSE CVE-2023-53207 at NVD CVE-2023-53208 at SUSE CVE-2023-53208 at NVD CVE-2023-53209 at SUSE CVE-2023-53209 at NVD CVE-2023-53210 at SUSE CVE-2023-53210 at NVD CVE-2023-53215 at SUSE CVE-2023-53215 at NVD CVE-2023-53217 at SUSE CVE-2023-53217 at NVD CVE-2023-53220 at SUSE CVE-2023-53220 at NVD CVE-2023-53221 at SUSE CVE-2023-53221 at NVD CVE-2023-53222 at SUSE CVE-2023-53222 at NVD CVE-2023-53226 at SUSE CVE-2023-53226 at NVD CVE-2023-53230 at SUSE CVE-2023-53230 at NVD CVE-2023-53231 at SUSE CVE-2023-53231 at NVD CVE-2023-53235 at SUSE CVE-2023-53235 at NVD CVE-2023-53238 at SUSE CVE-2023-53238 at NVD CVE-2023-53243 at SUSE CVE-2023-53243 at NVD CVE-2023-53245 at SUSE CVE-2023-53245 at NVD CVE-2023-53247 at SUSE CVE-2023-53247 at NVD CVE-2023-53248 at SUSE CVE-2023-53248 at NVD CVE-2023-53249 at SUSE CVE-2023-53249 at NVD CVE-2023-53251 at SUSE CVE-2023-53251 at NVD CVE-2023-53252 at SUSE CVE-2023-53252 at NVD CVE-2023-53255 at SUSE CVE-2023-53255 at NVD CVE-2023-53257 at SUSE CVE-2023-53257 at NVD CVE-2023-53258 at SUSE CVE-2023-53258 at NVD CVE-2023-53260 at SUSE CVE-2023-53260 at NVD CVE-2023-53261 at SUSE CVE-2023-53261 at NVD CVE-2023-53263 at SUSE CVE-2023-53263 at NVD CVE-2023-53264 at SUSE CVE-2023-53264 at NVD CVE-2023-53272 at SUSE CVE-2023-53272 at NVD CVE-2023-53274 at SUSE CVE-2023-53274 at NVD CVE-2023-53275 at SUSE CVE-2023-53275 at NVD CVE-2023-53280 at SUSE CVE-2023-53280 at NVD CVE-2023-53286 at SUSE CVE-2023-53286 at NVD CVE-2023-53287 at SUSE CVE-2023-53287 at NVD CVE-2023-53288 at SUSE CVE-2023-53288 at NVD CVE-2023-53291 at SUSE CVE-2023-53291 at NVD CVE-2023-53292 at SUSE CVE-2023-53292 at NVD CVE-2023-53303 at SUSE CVE-2023-53303 at NVD CVE-2023-53304 at SUSE CVE-2023-53304 at NVD CVE-2023-53305 at SUSE CVE-2023-53305 at NVD CVE-2023-53309 at SUSE CVE-2023-53309 at NVD CVE-2023-53311 at SUSE CVE-2023-53311 at NVD CVE-2023-53312 at SUSE CVE-2023-53312 at NVD CVE-2023-53313 at SUSE CVE-2023-53313 at NVD CVE-2023-53314 at SUSE CVE-2023-53314 at NVD CVE-2023-53316 at SUSE CVE-2023-53316 at NVD CVE-2023-53319 at SUSE CVE-2023-53319 at NVD CVE-2023-53321 at SUSE CVE-2023-53321 at NVD CVE-2023-53322 at SUSE CVE-2023-53322 at NVD CVE-2023-53323 at SUSE CVE-2023-53323 at NVD CVE-2023-53324 at SUSE CVE-2023-53324 at NVD CVE-2023-53325 at SUSE CVE-2023-53325 at NVD CVE-2023-53328 at SUSE CVE-2023-53328 at NVD CVE-2023-53331 at SUSE CVE-2023-53331 at NVD CVE-2023-53333 at SUSE CVE-2023-53333 at NVD CVE-2023-53336 at SUSE CVE-2023-53336 at NVD CVE-2023-53338 at SUSE CVE-2023-53338 at NVD CVE-2023-53339 at SUSE CVE-2023-53339 at NVD CVE-2023-53342 at SUSE CVE-2023-53342 at NVD CVE-2023-53343 at SUSE CVE-2023-53343 at NVD CVE-2023-53350 at SUSE CVE-2023-53350 at NVD CVE-2023-53352 at SUSE CVE-2023-53352 at NVD CVE-2023-53354 at SUSE CVE-2023-53354 at NVD CVE-2023-53356 at SUSE CVE-2023-53356 at NVD CVE-2023-53357 at SUSE CVE-2023-53357 at NVD CVE-2023-53360 at SUSE CVE-2023-53360 at NVD CVE-2023-53362 at SUSE CVE-2023-53362 at NVD CVE-2023-53364 at SUSE CVE-2023-53364 at NVD CVE-2023-53365 at SUSE CVE-2023-53365 at NVD CVE-2023-53367 at SUSE CVE-2023-53367 at NVD CVE-2023-53368 at SUSE CVE-2023-53368 at NVD CVE-2023-53369 at SUSE CVE-2023-53369 at NVD CVE-2023-53370 at SUSE CVE-2023-53370 at NVD CVE-2023-53371 at SUSE CVE-2023-53371 at NVD CVE-2023-53374 at SUSE CVE-2023-53374 at NVD CVE-2023-53377 at SUSE CVE-2023-53377 at NVD CVE-2023-53379 at SUSE CVE-2023-53379 at NVD CVE-2023-53380 at SUSE CVE-2023-53380 at NVD CVE-2023-53384 at SUSE CVE-2023-53384 at NVD CVE-2023-53385 at SUSE CVE-2023-53385 at NVD CVE-2023-53386 at SUSE CVE-2023-53386 at NVD CVE-2023-53391 at SUSE CVE-2023-53391 at NVD CVE-2023-53394 at SUSE CVE-2023-53394 at NVD CVE-2023-53395 at SUSE CVE-2023-53395 at NVD CVE-2023-53397 at SUSE CVE-2023-53397 at NVD CVE-2023-53401 at SUSE CVE-2023-53401 at NVD CVE-2023-53420 at SUSE CVE-2023-53420 at NVD CVE-2023-53421 at SUSE CVE-2023-53421 at NVD CVE-2023-53424 at SUSE CVE-2023-53424 at NVD CVE-2023-53425 at SUSE CVE-2023-53425 at NVD CVE-2023-53426 at SUSE CVE-2023-53426 at NVD CVE-2023-53428 at SUSE CVE-2023-53428 at NVD CVE-2023-53429 at SUSE CVE-2023-53429 at NVD CVE-2023-53432 at SUSE CVE-2023-53432 at NVD CVE-2023-53436 at SUSE CVE-2023-53436 at NVD CVE-2023-53438 at SUSE CVE-2023-53438 at NVD CVE-2023-53441 at SUSE CVE-2023-53441 at NVD CVE-2023-53442 at SUSE CVE-2023-53442 at NVD CVE-2023-53444 at SUSE CVE-2023-53444 at NVD CVE-2023-53446 at SUSE CVE-2023-53446 at NVD CVE-2023-53447 at SUSE CVE-2023-53447 at NVD CVE-2023-53448 at SUSE CVE-2023-53448 at NVD CVE-2023-53451 at SUSE CVE-2023-53451 at NVD CVE-2023-53454 at SUSE CVE-2023-53454 at NVD CVE-2023-53456 at SUSE CVE-2023-53456 at NVD CVE-2023-53457 at SUSE CVE-2023-53457 at NVD CVE-2023-53461 at SUSE CVE-2023-53461 at NVD CVE-2023-53462 at SUSE CVE-2023-53462 at NVD CVE-2023-53463 at SUSE CVE-2023-53463 at NVD CVE-2023-53465 at SUSE CVE-2023-53465 at NVD CVE-2023-53472 at SUSE CVE-2023-53472 at NVD CVE-2023-53479 at SUSE CVE-2023-53479 at NVD CVE-2023-53480 at SUSE CVE-2023-53480 at NVD CVE-2023-53485 at SUSE CVE-2023-53485 at NVD CVE-2023-53487 at SUSE CVE-2023-53487 at NVD CVE-2023-53488 at SUSE CVE-2023-53488 at NVD CVE-2023-53490 at SUSE CVE-2023-53490 at NVD CVE-2023-53491 at SUSE CVE-2023-53491 at NVD CVE-2023-53492 at SUSE CVE-2023-53492 at NVD CVE-2023-53493 at SUSE CVE-2023-53493 at NVD CVE-2023-53495 at SUSE CVE-2023-53495 at NVD CVE-2023-53496 at SUSE CVE-2023-53496 at NVD CVE-2023-53500 at SUSE CVE-2023-53500 at NVD CVE-2023-53501 at SUSE CVE-2023-53501 at NVD CVE-2023-53504 at SUSE CVE-2023-53504 at NVD CVE-2023-53505 at SUSE CVE-2023-53505 at NVD CVE-2023-53507 at SUSE CVE-2023-53507 at NVD CVE-2023-53508 at SUSE CVE-2023-53508 at NVD CVE-2023-53510 at SUSE CVE-2023-53510 at NVD CVE-2023-53515 at SUSE CVE-2023-53515 at NVD CVE-2023-53516 at SUSE CVE-2023-53516 at NVD CVE-2023-53518 at SUSE CVE-2023-53518 at NVD CVE-2023-53519 at SUSE CVE-2023-53519 at NVD CVE-2023-53520 at SUSE CVE-2023-53520 at NVD CVE-2023-53523 at SUSE CVE-2023-53523 at NVD CVE-2023-53526 at SUSE CVE-2023-53526 at NVD CVE-2023-53527 at SUSE CVE-2023-53527 at NVD CVE-2023-53528 at SUSE CVE-2023-53528 at NVD CVE-2023-53530 at SUSE CVE-2023-53530 at NVD CVE-2023-53531 at SUSE CVE-2023-53531 at NVD CVE-2024-26584 at SUSE CVE-2024-26584 at NVD CVE-2024-26661 at SUSE CVE-2024-26661 at NVD CVE-2024-46733 at SUSE CVE-2024-46733 at NVD CVE-2024-53125 at SUSE CVE-2024-53125 at NVD CVE-2024-58090 at SUSE CVE-2024-58090 at NVD CVE-2024-58238 at SUSE CVE-2024-58238 at NVD CVE-2024-58239 at SUSE CVE-2024-58239 at NVD CVE-2024-58240 at SUSE CVE-2024-58240 at NVD CVE-2025-22022 at SUSE CVE-2025-22022 at NVD CVE-2025-37885 at SUSE CVE-2025-37885 at NVD CVE-2025-38006 at SUSE CVE-2025-38006 at NVD CVE-2025-38075 at SUSE CVE-2025-38075 at NVD CVE-2025-38103 at SUSE CVE-2025-38103 at NVD CVE-2025-38119 at SUSE CVE-2025-38119 at NVD CVE-2025-38125 at SUSE CVE-2025-38125 at NVD CVE-2025-38146 at SUSE CVE-2025-38146 at NVD CVE-2025-38160 at SUSE CVE-2025-38160 at NVD CVE-2025-38184 at SUSE CVE-2025-38184 at NVD CVE-2025-38185 at SUSE CVE-2025-38185 at NVD CVE-2025-38190 at SUSE CVE-2025-38190 at NVD CVE-2025-38201 at SUSE CVE-2025-38201 at NVD CVE-2025-38205 at SUSE CVE-2025-38205 at NVD CVE-2025-38208 at SUSE CVE-2025-38208 at NVD CVE-2025-38234 at SUSE CVE-2025-38234 at NVD CVE-2025-38245 at SUSE CVE-2025-38245 at NVD CVE-2025-38251 at SUSE CVE-2025-38251 at NVD CVE-2025-38255 at SUSE CVE-2025-38255 at NVD CVE-2025-38263 at SUSE CVE-2025-38263 at NVD CVE-2025-38351 at SUSE CVE-2025-38351 at NVD CVE-2025-38360 at SUSE CVE-2025-38360 at NVD CVE-2025-38402 at SUSE CVE-2025-38402 at NVD CVE-2025-38408 at SUSE CVE-2025-38408 at NVD CVE-2025-38418 at SUSE CVE-2025-38418 at NVD CVE-2025-38419 at SUSE CVE-2025-38419 at NVD CVE-2025-38439 at SUSE CVE-2025-38439 at NVD CVE-2025-38441 at SUSE CVE-2025-38441 at NVD CVE-2025-38444 at SUSE CVE-2025-38444 at NVD CVE-2025-38445 at SUSE CVE-2025-38445 at NVD CVE-2025-38456 at SUSE CVE-2025-38456 at NVD CVE-2025-38458 at SUSE CVE-2025-38458 at NVD CVE-2025-38459 at SUSE CVE-2025-38459 at NVD CVE-2025-38464 at SUSE CVE-2025-38464 at NVD CVE-2025-38465 at SUSE CVE-2025-38465 at NVD CVE-2025-38466 at SUSE CVE-2025-38466 at NVD CVE-2025-38472 at SUSE CVE-2025-38472 at NVD CVE-2025-38488 at SUSE CVE-2025-38488 at NVD CVE-2025-38490 at SUSE CVE-2025-38490 at NVD CVE-2025-38491 at SUSE CVE-2025-38491 at NVD CVE-2025-38499 at SUSE CVE-2025-38499 at NVD CVE-2025-38500 at SUSE CVE-2025-38500 at NVD CVE-2025-38503 at SUSE CVE-2025-38503 at NVD CVE-2025-38506 at SUSE CVE-2025-38506 at NVD CVE-2025-38510 at SUSE CVE-2025-38510 at NVD CVE-2025-38512 at SUSE CVE-2025-38512 at NVD CVE-2025-38513 at SUSE CVE-2025-38513 at NVD CVE-2025-38514 at SUSE CVE-2025-38514 at NVD CVE-2025-38515 at SUSE CVE-2025-38515 at NVD CVE-2025-38516 at SUSE CVE-2025-38516 at NVD CVE-2025-38520 at SUSE CVE-2025-38520 at NVD CVE-2025-38524 at SUSE CVE-2025-38524 at NVD CVE-2025-38526 at SUSE CVE-2025-38526 at NVD CVE-2025-38527 at SUSE CVE-2025-38527 at NVD CVE-2025-38528 at SUSE CVE-2025-38528 at NVD CVE-2025-38529 at SUSE CVE-2025-38529 at NVD CVE-2025-38530 at SUSE CVE-2025-38530 at NVD CVE-2025-38531 at SUSE CVE-2025-38531 at NVD CVE-2025-38533 at SUSE CVE-2025-38533 at NVD CVE-2025-38535 at SUSE CVE-2025-38535 at NVD CVE-2025-38537 at SUSE CVE-2025-38537 at NVD CVE-2025-38538 at SUSE CVE-2025-38538 at NVD CVE-2025-38540 at SUSE CVE-2025-38540 at NVD CVE-2025-38541 at SUSE CVE-2025-38541 at NVD CVE-2025-38543 at SUSE CVE-2025-38543 at NVD CVE-2025-38544 at SUSE CVE-2025-38544 at NVD CVE-2025-38546 at SUSE CVE-2025-38546 at NVD CVE-2025-38548 at SUSE CVE-2025-38548 at NVD CVE-2025-38550 at SUSE CVE-2025-38550 at NVD CVE-2025-38553 at SUSE CVE-2025-38553 at NVD CVE-2025-38555 at SUSE CVE-2025-38555 at NVD CVE-2025-38556 at SUSE CVE-2025-38556 at NVD CVE-2025-38560 at SUSE CVE-2025-38560 at NVD CVE-2025-38563 at SUSE CVE-2025-38563 at NVD CVE-2025-38565 at SUSE CVE-2025-38565 at NVD CVE-2025-38566 at SUSE CVE-2025-38566 at NVD CVE-2025-38568 at SUSE CVE-2025-38568 at NVD CVE-2025-38571 at SUSE CVE-2025-38571 at NVD CVE-2025-38572 at SUSE CVE-2025-38572 at NVD CVE-2025-38574 at SUSE CVE-2025-38574 at NVD CVE-2025-38576 at SUSE CVE-2025-38576 at NVD CVE-2025-38581 at SUSE CVE-2025-38581 at NVD CVE-2025-38582 at SUSE CVE-2025-38582 at NVD CVE-2025-38583 at SUSE CVE-2025-38583 at NVD CVE-2025-38584 at SUSE CVE-2025-38584 at NVD CVE-2025-38585 at SUSE CVE-2025-38585 at NVD CVE-2025-38587 at SUSE CVE-2025-38587 at NVD CVE-2025-38588 at SUSE CVE-2025-38588 at NVD CVE-2025-38590 at SUSE CVE-2025-38590 at NVD CVE-2025-38591 at SUSE CVE-2025-38591 at NVD CVE-2025-38593 at SUSE CVE-2025-38593 at NVD CVE-2025-38595 at SUSE CVE-2025-38595 at NVD CVE-2025-38597 at SUSE CVE-2025-38597 at NVD CVE-2025-38601 at SUSE CVE-2025-38601 at NVD CVE-2025-38602 at SUSE CVE-2025-38602 at NVD CVE-2025-38604 at SUSE CVE-2025-38604 at NVD CVE-2025-38605 at SUSE CVE-2025-38605 at NVD CVE-2025-38608 at SUSE CVE-2025-38608 at NVD CVE-2025-38609 at SUSE CVE-2025-38609 at NVD CVE-2025-38610 at SUSE CVE-2025-38610 at NVD CVE-2025-38612 at SUSE CVE-2025-38612 at NVD CVE-2025-38614 at SUSE CVE-2025-38614 at NVD CVE-2025-38616 at SUSE CVE-2025-38616 at NVD CVE-2025-38617 at SUSE CVE-2025-38617 at NVD CVE-2025-38618 at SUSE CVE-2025-38618 at NVD CVE-2025-38621 at SUSE CVE-2025-38621 at NVD CVE-2025-38622 at SUSE CVE-2025-38622 at NVD CVE-2025-38623 at SUSE CVE-2025-38623 at NVD CVE-2025-38624 at SUSE CVE-2025-38624 at NVD CVE-2025-38630 at SUSE CVE-2025-38630 at NVD CVE-2025-38632 at SUSE CVE-2025-38632 at NVD CVE-2025-38634 at SUSE CVE-2025-38634 at NVD CVE-2025-38635 at SUSE CVE-2025-38635 at NVD CVE-2025-38639 at SUSE CVE-2025-38639 at NVD CVE-2025-38640 at SUSE CVE-2025-38640 at NVD CVE-2025-38643 at SUSE CVE-2025-38643 at NVD CVE-2025-38644 at SUSE CVE-2025-38644 at NVD CVE-2025-38645 at SUSE CVE-2025-38645 at NVD CVE-2025-38646 at SUSE CVE-2025-38646 at NVD CVE-2025-38650 at SUSE CVE-2025-38650 at NVD CVE-2025-38656 at SUSE CVE-2025-38656 at NVD CVE-2025-38659 at SUSE CVE-2025-38659 at NVD CVE-2025-38660 at SUSE CVE-2025-38660 at NVD CVE-2025-38663 at SUSE CVE-2025-38663 at NVD CVE-2025-38664 at SUSE CVE-2025-38664 at NVD CVE-2025-38665 at SUSE CVE-2025-38665 at NVD CVE-2025-38668 at SUSE CVE-2025-38668 at NVD CVE-2025-38670 at SUSE CVE-2025-38670 at NVD CVE-2025-38671 at SUSE CVE-2025-38671 at NVD CVE-2025-38676 at SUSE CVE-2025-38676 at NVD CVE-2025-38678 at SUSE CVE-2025-38678 at NVD CVE-2025-38679 at SUSE CVE-2025-38679 at NVD CVE-2025-38680 at SUSE CVE-2025-38680 at NVD CVE-2025-38681 at SUSE CVE-2025-38681 at NVD CVE-2025-38683 at SUSE CVE-2025-38683 at NVD CVE-2025-38684 at SUSE CVE-2025-38684 at NVD CVE-2025-38685 at SUSE CVE-2025-38685 at NVD CVE-2025-38687 at SUSE CVE-2025-38687 at NVD CVE-2025-38691 at SUSE CVE-2025-38691 at NVD CVE-2025-38692 at SUSE CVE-2025-38692 at NVD CVE-2025-38693 at SUSE CVE-2025-38693 at NVD CVE-2025-38694 at SUSE CVE-2025-38694 at NVD CVE-2025-38695 at SUSE CVE-2025-38695 at NVD CVE-2025-38697 at SUSE CVE-2025-38697 at NVD CVE-2025-38698 at SUSE CVE-2025-38698 at NVD CVE-2025-38701 at SUSE CVE-2025-38701 at NVD CVE-2025-38702 at SUSE CVE-2025-38702 at NVD CVE-2025-38705 at SUSE CVE-2025-38705 at NVD CVE-2025-38706 at SUSE CVE-2025-38706 at NVD CVE-2025-38709 at SUSE CVE-2025-38709 at NVD CVE-2025-38712 at SUSE CVE-2025-38712 at NVD CVE-2025-38713 at SUSE CVE-2025-38713 at NVD CVE-2025-38714 at SUSE CVE-2025-38714 at NVD CVE-2025-38715 at SUSE CVE-2025-38715 at NVD CVE-2025-38721 at SUSE CVE-2025-38721 at NVD CVE-2025-38722 at SUSE CVE-2025-38722 at NVD CVE-2025-38724 at SUSE CVE-2025-38724 at NVD CVE-2025-38725 at SUSE CVE-2025-38725 at NVD CVE-2025-38727 at SUSE CVE-2025-38727 at NVD CVE-2025-38729 at SUSE CVE-2025-38729 at NVD CVE-2025-38730 at SUSE CVE-2025-38730 at NVD CVE-2025-38732 at SUSE CVE-2025-38732 at NVD CVE-2025-38734 at SUSE CVE-2025-38734 at NVD CVE-2025-38735 at SUSE CVE-2025-38735 at NVD CVE-2025-38736 at SUSE CVE-2025-38736 at NVD CVE-2025-39675 at SUSE CVE-2025-39675 at NVD CVE-2025-39677 at SUSE CVE-2025-39677 at NVD CVE-2025-39678 at SUSE CVE-2025-39678 at NVD CVE-2025-39679 at SUSE CVE-2025-39679 at NVD CVE-2025-39681 at SUSE CVE-2025-39681 at NVD CVE-2025-39682 at SUSE CVE-2025-39682 at NVD CVE-2025-39684 at SUSE CVE-2025-39684 at NVD CVE-2025-39685 at SUSE CVE-2025-39685 at NVD CVE-2025-39686 at SUSE CVE-2025-39686 at NVD CVE-2025-39691 at SUSE CVE-2025-39691 at NVD CVE-2025-39693 at SUSE CVE-2025-39693 at NVD CVE-2025-39694 at SUSE CVE-2025-39694 at NVD CVE-2025-39701 at SUSE CVE-2025-39701 at NVD CVE-2025-39703 at SUSE CVE-2025-39703 at NVD CVE-2025-39705 at SUSE CVE-2025-39705 at NVD CVE-2025-39706 at SUSE CVE-2025-39706 at NVD CVE-2025-39709 at SUSE CVE-2025-39709 at NVD CVE-2025-39710 at SUSE CVE-2025-39710 at NVD CVE-2025-39713 at SUSE CVE-2025-39713 at NVD CVE-2025-39714 at SUSE CVE-2025-39714 at NVD CVE-2025-39718 at SUSE CVE-2025-39718 at NVD CVE-2025-39719 at SUSE CVE-2025-39719 at NVD CVE-2025-39721 at SUSE CVE-2025-39721 at NVD CVE-2025-39724 at SUSE CVE-2025-39724 at NVD CVE-2025-39726 at SUSE CVE-2025-39726 at NVD CVE-2025-39730 at SUSE CVE-2025-39730 at NVD CVE-2025-39732 at SUSE CVE-2025-39732 at NVD CVE-2025-39738 at SUSE CVE-2025-39738 at NVD CVE-2025-39739 at SUSE CVE-2025-39739 at NVD CVE-2025-39742 at SUSE CVE-2025-39742 at NVD CVE-2025-39743 at SUSE CVE-2025-39743 at NVD CVE-2025-39744 at SUSE CVE-2025-39744 at NVD CVE-2025-39746 at SUSE CVE-2025-39746 at NVD CVE-2025-39749 at SUSE CVE-2025-39749 at NVD CVE-2025-39750 at SUSE CVE-2025-39750 at NVD CVE-2025-39751 at SUSE CVE-2025-39751 at NVD CVE-2025-39754 at SUSE CVE-2025-39754 at NVD CVE-2025-39757 at SUSE CVE-2025-39757 at NVD CVE-2025-39758 at SUSE CVE-2025-39758 at NVD CVE-2025-39759 at SUSE CVE-2025-39759 at NVD CVE-2025-39760 at SUSE CVE-2025-39760 at NVD CVE-2025-39761 at SUSE CVE-2025-39761 at NVD CVE-2025-39763 at SUSE CVE-2025-39763 at NVD CVE-2025-39764 at SUSE CVE-2025-39764 at NVD CVE-2025-39766 at SUSE CVE-2025-39766 at NVD CVE-2025-39770 at SUSE CVE-2025-39770 at NVD CVE-2025-39772 at SUSE CVE-2025-39772 at NVD CVE-2025-39773 at SUSE CVE-2025-39773 at NVD CVE-2025-39782 at SUSE CVE-2025-39782 at NVD CVE-2025-39783 at SUSE CVE-2025-39783 at NVD CVE-2025-39787 at SUSE CVE-2025-39787 at NVD CVE-2025-39790 at SUSE CVE-2025-39790 at NVD CVE-2025-39797 at SUSE CVE-2025-39797 at NVD CVE-2025-39798 at SUSE CVE-2025-39798 at NVD CVE-2025-39800 at SUSE CVE-2025-39800 at NVD CVE-2025-39801 at SUSE CVE-2025-39801 at NVD CVE-2025-39806 at SUSE CVE-2025-39806 at NVD CVE-2025-39808 at SUSE CVE-2025-39808 at NVD CVE-2025-39810 at SUSE CVE-2025-39810 at NVD CVE-2025-39823 at SUSE CVE-2025-39823 at NVD CVE-2025-39824 at SUSE CVE-2025-39824 at NVD CVE-2025-39825 at SUSE CVE-2025-39825 at NVD CVE-2025-39826 at SUSE CVE-2025-39826 at NVD CVE-2025-39827 at SUSE CVE-2025-39827 at NVD CVE-2025-39828 at SUSE CVE-2025-39828 at NVD CVE-2025-39832 at SUSE CVE-2025-39832 at NVD CVE-2025-39833 at SUSE CVE-2025-39833 at NVD CVE-2025-39835 at SUSE CVE-2025-39835 at NVD CVE-2025-39838 at SUSE CVE-2025-39838 at NVD CVE-2025-39839 at SUSE CVE-2025-39839 at NVD CVE-2025-39842 at SUSE CVE-2025-39842 at NVD CVE-2025-39844 at SUSE CVE-2025-39844 at NVD CVE-2025-39845 at SUSE CVE-2025-39845 at NVD CVE-2025-39846 at SUSE CVE-2025-39846 at NVD CVE-2025-39847 at SUSE CVE-2025-39847 at NVD CVE-2025-39848 at SUSE CVE-2025-39848 at NVD CVE-2025-39849 at SUSE CVE-2025-39849 at NVD CVE-2025-39850 at SUSE CVE-2025-39850 at NVD CVE-2025-39853 at SUSE CVE-2025-39853 at NVD CVE-2025-39854 at SUSE CVE-2025-39854 at NVD CVE-2025-39857 at SUSE CVE-2025-39857 at NVD CVE-2025-39860 at SUSE CVE-2025-39860 at NVD CVE-2025-39861 at SUSE CVE-2025-39861 at NVD CVE-2025-39863 at SUSE CVE-2025-39863 at NVD CVE-2025-39864 at SUSE CVE-2025-39864 at NVD CVE-2025-39865 at SUSE CVE-2025-39865 at NVD CVE-2025-39869 at SUSE CVE-2025-39869 at NVD CVE-2025-39870 at SUSE CVE-2025-39870 at NVD CVE-2025-39871 at SUSE CVE-2025-39871 at NVD CVE-2025-39873 at SUSE CVE-2025-39873 at NVD CVE-2025-39882 at SUSE CVE-2025-39882 at NVD CVE-2025-39885 at SUSE CVE-2025-39885 at NVD CVE-2025-39889 at SUSE CVE-2025-39889 at NVD CVE-2025-39891 at SUSE CVE-2025-39891 at NVD CVE-2025-39907 at SUSE CVE-2025-39907 at NVD CVE-2025-39920 at SUSE CVE-2025-39920 at NVD CVE-2025-39923 at SUSE CVE-2025-39923 at NVD CVE-2025-39925 at SUSE CVE-2025-39925 at NVD CVE-2025-40300 at SUSE CVE-2025-40300 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.25 (Important) openSUSE Leap 15.6 This update for go1.25 fixes the following issues: go1.25.3 (released 2025-10-13) includes fixes to the crypto/x509 package. (bsc#1244485 CVE-2025-58187) * go#75861 crypto/x509: TLS validation fails for FQDNs with trailing dot * go#75777 spec: Go1.25 spec should be dated closer to actual release date * Further fixups to the fix for net/url allowing IP literals with IPv4 mapped IPv6 addresses. Important SUSE bug 1244485 CVE-2025-58187 at SUSE CVE-2025-58187 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.24 (Important) openSUSE Leap 15.6 This update for go1.24 fixes the following issues: go1.24.9 (released 2025-10-13) includes fixes to the crypto/x509 package. (bsc#1236217) * crypto/x509: TLS validation fails for FQDNs with trailing dot go1.24.8 (released 2025-10-07) includes security fixes to the archive/tar, crypto/tls, crypto/x509, encoding/asn1, encoding/pem, net/http, net/mail, net/textproto, and net/url packages, as well as bug fixes to the compiler, the linker, and the debug/pe, net/http, os, and sync/atomic packages. (bsc#1236217) CVE-2025-58189 CVE-2025-61725 CVE-2025-58188 CVE-2025-58185 CVE-2025-58186 CVE-2025-61723 CVE-2025-58183 CVE-2025-47912 CVE-2025-58187 CVE-2025-61724: * bsc#1251255 CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information * bsc#1251253 CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress * bsc#1251260 CVE-2025-58188: crypto/x509: panic when validating certificates with DSA public keys * bsc#1251258 CVE-2025-58185: encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion * bsc#1251259 CVE-2025-58186: net/http: lack of limit when parsing cookies can cause memory exhaustion * bsc#1251256 CVE-2025-61723: encoding/pem: quadratic complexity when parsing some invalid inputs * bsc#1251261 CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map * bsc#1251257 CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames * bsc#1251254 CVE-2025-58187: crypto/x509: quadratic complexity when checking name constraints * bsc#1251262 CVE-2025-61724: net/textproto: excessive CPU consumption in Reader.ReadResponse * os: Root.OpenRoot sets incorrect name, losing prefix of original root * debug/pe: pe.Open fails on object files produced by llvm-mingw 21 * cmd/link: panic on riscv64 with CGO enabled due to empty container symbol * net: new test TestIPv4WriteMsgUDPAddrPortTargetAddrIPVersion fails on plan9 * os: new test TestOpenFileCreateExclDanglingSymlink fails on Plan 9 * crypto/internal/fips140/rsa: requires a panic if self-tests fail * net/http: internal error: connCount underflow * cmd/compile: internal compiler error with GOEXPERIMENT=cgocheck2 on github.com/leodido/go-urn * sync/atomic: comment for Uintptr.Or incorrectly describes return value Important SUSE bug 1236217 SUSE bug 1251253 SUSE bug 1251254 SUSE bug 1251255 SUSE bug 1251256 SUSE bug 1251257 SUSE bug 1251258 SUSE bug 1251259 SUSE bug 1251260 SUSE bug 1251261 SUSE bug 1251262 CVE-2025-47912 at SUSE CVE-2025-47912 at NVD CVE-2025-58183 at SUSE CVE-2025-58183 at NVD CVE-2025-58185 at SUSE CVE-2025-58185 at NVD CVE-2025-58186 at SUSE CVE-2025-58186 at NVD CVE-2025-58187 at SUSE CVE-2025-58187 at NVD CVE-2025-58188 at SUSE CVE-2025-58188 at NVD CVE-2025-58189 at SUSE CVE-2025-58189 at NVD CVE-2025-61723 at SUSE CVE-2025-61723 at NVD CVE-2025-61724 at SUSE CVE-2025-61724 at NVD CVE-2025-61725 at SUSE CVE-2025-61725 at NVD cpe:/o:opensuse:leap:15.6 Security update for curl (Moderate) openSUSE Leap 15.6 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588) Moderate SUSE bug 1236588 SUSE bug 1236590 CVE-2025-0167 at SUSE CVE-2025-0167 at NVD CVE-2025-0725 at SUSE CVE-2025-0725 at NVD cpe:/o:opensuse:leap:15.6 Security update for krb5 (Moderate) openSUSE Leap 15.6 This update for krb5 fixes the following issues: - CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5 as very old protocol supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those alorithms. The following algorithms have been removed from valid krb5 enctypes: - des3-cbc-sha1 - arcfour-hmac-md5 To reenable those algorithms, you can use allow options in krb5.conf: [libdefaults] allow_des3 = true allow_rc4 = true to reenable them. Moderate SUSE bug 1241219 CVE-2025-3576 at SUSE CVE-2025-3576 at NVD cpe:/o:opensuse:leap:15.6 Security update for webkit2gtk3 (Important) openSUSE Leap 15.6 This update for webkit2gtk3 fixes the following issues: - CVE-2025-43343: improved memory handling in web content processing to prevent process crash (bsc#1251975) - CVE-2025-43272: improved memory handling to prevent unexpected process crash (bsc#1250439) - CVE-2025-43342: correctness issue was addressed with improved checks to prevent unexcepted process crash (bsc#1250440) - CVE-2025-43356: improved handling of caches to prevent sensor access without consent (bsc#1250441) - CVE-2025-43368: improved memory management to prevent a use-after-free (bsc#1250442) Important SUSE bug 1250439 SUSE bug 1250440 SUSE bug 1250441 SUSE bug 1250442 SUSE bug 1251975 CVE-2025-43272 at SUSE CVE-2025-43272 at NVD CVE-2025-43342 at SUSE CVE-2025-43342 at NVD CVE-2025-43343 at SUSE CVE-2025-43343 at NVD CVE-2025-43356 at SUSE CVE-2025-43356 at NVD CVE-2025-43368 at SUSE CVE-2025-43368 at NVD cpe:/o:opensuse:leap:15.6 Security update for ffmpeg-4 (Important) openSUSE Leap 15.6 This update for ffmpeg-4 fixes the following issues: - CVE-2025-59728: allocated space for the appended '/' (bsc#1251137) Important SUSE bug 1226308 SUSE bug 1251137 CVE-2025-59728 at SUSE CVE-2025-59728 at NVD CVE-2025-7700 at SUSE CVE-2025-7700 at NVD cpe:/o:opensuse:leap:15.6 Security update for libqt5-qtbase (Moderate) openSUSE Leap 15.6 This update for libqt5-qtbase fixes the following issues: Security issues fixed: - CVE-2025-5455: processing of malformed data in `qDecodeDataUrl()` can trigger assertion and cause a crash (bsc#1243958). - CVE-2025-30348: complex algorithm used in `encodeText` in QDom when processing XML data can cause low performance (bsc#1239896). Other issues fixed: - Initialize a member variable in `QObjectPrivate::Signal` that was uninitialized under some circumstances. - Fix a crash when parsing a particular glyph in a particular font. - Avoid repeatedly registering xsettings callbacks when switching cursor themes. - Check validity of RandR output info before using it. - Fix reparenting a window so it takes effect even if there are no other state changes to the window. Moderate SUSE bug 1239896 SUSE bug 1243958 CVE-2025-30348 at SUSE CVE-2025-30348 at NVD CVE-2025-5455 at SUSE CVE-2025-5455 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaFirefox (Important) openSUSE Leap 15.6 This update for MozillaFirefox to 128.7esr fixes the following issues: * MFSA 2025-09 * CVE-2025-1009 (bmo#1936613) Use-after-free in XSLT * CVE-2025-1010 (bmo#1936982) Use-after-free in Custom Highlight * CVE-2025-1011 (bmo#1936454) A bug in WebAssembly code generation could result in a crash * CVE-2025-1012 (bmo#1939710) Use-after-free during concurrent delazification * CVE-2024-11704 (bmo#1899402) Potential double-free vulnerability in PKCS#7 decryption handling * CVE-2025-1013 (bmo#1932555) Potential opening of private browsing tabs in normal browsing windows * CVE-2025-1014 (bmo#1940804) Certificate length was not properly checked * CVE-2025-1016 (bmo#1936601, bmo#1936844, bmo#1937694, bmo#1938469, bmo#1939583, bmo#1940994) Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 115.20, and Thunderbird 128.7 * CVE-2025-1017 (bmo#1926256, bmo#1935471, bmo#1935984) Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7 Important SUSE bug 1236539 CVE-2024-11704 at SUSE CVE-2024-11704 at NVD CVE-2025-1009 at SUSE CVE-2025-1009 at NVD CVE-2025-1010 at SUSE CVE-2025-1010 at NVD CVE-2025-1011 at SUSE CVE-2025-1011 at NVD CVE-2025-1012 at SUSE CVE-2025-1012 at NVD CVE-2025-1013 at SUSE CVE-2025-1013 at NVD CVE-2025-1014 at SUSE CVE-2025-1014 at NVD CVE-2025-1016 at SUSE CVE-2025-1016 at NVD CVE-2025-1017 at SUSE CVE-2025-1017 at NVD cpe:/o:opensuse:leap:15.6 Security update for libxslt (Important) openSUSE Leap 15.6 This update for libxslt fixes the following issues: - CVE-2025-11731: fixed a type confusion in exsltFuncResultComp function that could cause a denial of service (bsc#1251979) Important SUSE bug 1251979 CVE-2025-11731 at SUSE CVE-2025-11731 at NVD cpe:/o:opensuse:leap:15.6 Security update for aws-cli, local-npm-registry, python-boto3, python-botocore, python-coverage, python-flaky, python-pluggy, python-pytest, python-pytest-cov, python-pytest-html, python-pytest-metadata, python-pytest-mock (Important) openSUSE Leap 15.6 This update for aws-cli, local-npm-registry, python-boto3, python-botocore, python-coverage, python-flaky, python-pluggy, python-pytest, python-pytest-cov, python-pytest-html, python-pytest-metadata, python-pytest-mock contains the following fixes: Changes in aws-cli: - Update to 1.33.26 * api-change:``acm-pca``: Minor refactoring of C2J model for AWS Private CA * api-change:``arc-zonal-shift``: Adds the option to subscribe to get notifications when a zonal autoshift occurs in a region. * api-change:``globalaccelerator``: This feature adds exceptions to the Customer API to avoid throwing Internal Service errors * api-change:``pinpoint``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``quicksight``: Vega ally control options and Support for Reviewed Answers in Topics - from version 1.33.25 * api-change:``batch``: This feature allows AWS Batch Jobs with EKS container orchestration type to be run as Multi-Node Parallel Jobs. * api-change:``bedrock``: Add support for contextual grounding check for Guardrails for Amazon Bedrock. * api-change:``bedrock-agent``: Introduces new data sources and chunking strategies for Knowledge bases, advanced parsing logic using FMs, session summary generation, and code interpretation (preview) for Claude V3 Sonnet and Haiku models. Also introduces Prompt Flows (preview) to link prompts, foundational models, and resources. * api-change:``bedrock-agent-runtime``: Introduces query decomposition, enhanced Agents integration with Knowledge bases, session summary generation, and code interpretation (preview) for Claude V3 Sonnet and Haiku models. Also introduces Prompt Flows (preview) to link prompts, foundational models, and resources for end-to-end solutions. * api-change:``bedrock-runtime``: Add support for contextual grounding check and ApplyGuardrail API for Guardrails for Amazon Bedrock. * api-change:``ec2``: Add parameters to enable provisioning IPAM BYOIPv4 space at a Local Zone Network Border Group level * api-change:``glue``: Add recipe step support for recipe node * api-change:``groundstation``: Documentation update specifying OEM ephemeris units of measurement * api-change:``license-manager-linux-subscriptions``: Add support for third party subscription providers, starting with RHEL subscriptions through Red Hat Subscription Manager (RHSM). Additionally, add support for tagging subscription provider resources, and detect when an instance has more than one Linux subscription and notify the customer. * api-change:``mediaconnect``: AWS Elemental MediaConnect introduces the ability to disable outputs. Disabling an output allows you to keep the output attached to the flow, but stop streaming to the output destination. A disabled output does not incur data transfer costs. - from version 1.33.24 * api-change:``datazone``: This release deprecates dataProductItem field from SearchInventoryResultItem, along with some unused DataProduct shapes * api-change:``fsx``: Adds support for FSx for NetApp ONTAP 2nd Generation file systems, and FSx for OpenZFS Single AZ HA file systems. * api-change:``opensearch``: This release adds support for enabling or disabling Natural Language Query Processing feature for Amazon OpenSearch Service domains, and provides visibility into the current state of the setup or tear-down. * api-change:``sagemaker``: This release 1/ enables optimization jobs that allows customers to perform Ahead-of-time compilation and quantization. 2/ allows customers to control access to Amazon Q integration in SageMaker Studio. 3/ enables AdditionalModelDataSources for CreateModel action. - from version 1.33.23 * api-change:``codedeploy``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``devicefarm``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``dms``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``elasticbeanstalk``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``es``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``firehose``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``gamelift``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``qapps``: This is a general availability (GA) release of Amazon Q Apps, a capability of Amazon Q Business. Q Apps leverages data sources your company has provided to enable users to build, share, and customize apps within your organization. * api-change:``route53resolver``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``ses``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. - from version 1.33.22 * api-change:``acm``: Documentation updates, including fixes for xml formatting, broken links, and ListCertificates description. * api-change:``ecr``: This release for Amazon ECR makes change to bring the SDK into sync with the API. * api-change:``payment-cryptography-data``: Added further restrictions on logging of potentially sensitive inputs and outputs. * api-change:``qbusiness``: Add personalization to Q Applications. Customers can enable or disable personalization when creating or updating a Q application with the personalization configuration. - from version 1.33.21 * api-change:``application-autoscaling``: Doc only update for Application Auto Scaling that fixes resource name. * api-change:``directconnect``: This update includes documentation for support of new native 400 GBps ports for Direct Connect. * api-change:``organizations``: Added a new reason under ConstraintViolationException in RegisterDelegatedAdministrator API to prevent registering suspended accounts as delegated administrator of a service. * api-change:``rekognition``: This release adds support for tagging projects and datasets with the CreateProject and CreateDataset APIs. * api-change:``workspaces``: Fix create workspace bundle RootStorage/UserStorage to accept non null values - Refresh patches for new version - Update Requires from setup.py - Update to 1.33.20 * api-change:``ec2``: Documentation updates for Elastic Compute Cloud (EC2). * api-change:``fms``: Increases Customer API's ManagedServiceData length * api-change:``s3``: Added response overrides to Head Object requests. - from version 1.33.19 * api-change:``apigateway``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``cognito-identity``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``connect``: Authentication profiles are Amazon Connect resources (in gated preview) that allow you to configure authentication settings for users in your contact center. This release adds support for new ListAuthenticationProfiles, DescribeAuthenticationProfile and UpdateAuthenticationProfile APIs. * api-change:``docdb``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``eks``: Updates EKS managed node groups to support EC2 Capacity Blocks for ML * api-change:``payment-cryptography``: Added further restrictions on logging of potentially sensitive inputs and outputs. * api-change:``payment-cryptography-data``: Adding support for dynamic keys for encrypt, decrypt, re-encrypt and translate pin functions. With this change, customers can use one-time TR-31 keys directly in dataplane operations without the need to first import them into the service. * api-change:``stepfunctions``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``swf``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``wafv2``: JSON body inspection: Update documentation to clarify that JSON parsing doesn't include full validation. - from version 1.33.18 * api-change:``acm-pca``: Added CCPC_LEVEL_1_OR_HIGHER KeyStorageSecurityStandard and SM2 KeyAlgorithm and SM3WITHSM2 SigningAlgorithm for China regions. * api-change:``cloudhsmv2``: Added 3 new APIs to support backup sharing: GetResourcePolicy, PutResourcePolicy, and DeleteResourcePolicy. Added BackupArn to the output of the DescribeBackups API. Added support for BackupArn in the CreateCluster API. * api-change:``connect``: This release supports showing PreferredAgentRouting step via DescribeContact API. * api-change:``emr``: This release provides the support for new allocation strategies i.e. CAPACITY_OPTIMIZED_PRIORITIZED for Spot and PRIORITIZED for On-Demand by taking input of priority value for each instance type for instance fleet clusters. * api-change:``glue``: Added AttributesToGet parameter to Glue GetDatabases, allowing caller to limit output to include only the database name. * api-change:``kinesisanalyticsv2``: Support for Flink 1.19 in Managed Service for Apache Flink * api-change:``opensearch``: This release removes support for enabling or disabling Natural Language Query Processing feature for Amazon OpenSearch Service domains. * api-change:``pi``: Noting that the filter db.sql.db_id isn't available for RDS for SQL Server DB instances. * api-change:``workspaces``: Added support for Red Hat Enterprise Linux 8 on Amazon WorkSpaces Personal. - from version 1.33.17 * api-change:``application-autoscaling``: Amazon WorkSpaces customers can now use Application Auto Scaling to automatically scale the number of virtual desktops in a WorkSpaces pool. * api-change:``chime-sdk-media-pipelines``: Added Amazon Transcribe multi language identification to Chime SDK call analytics. Enabling customers sending single stream audio to generate call recordings using Chime SDK call analytics * api-change:``cloudfront``: Doc only update for CloudFront that fixes customer-reported issue * api-change:``datazone``: This release supports the data lineage feature of business data catalog in Amazon DataZone. * api-change:``elasticache``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``mq``: This release makes the EngineVersion field optional for both broker and configuration and uses the latest available version by default. The AutoMinorVersionUpgrade field is also now optional for broker creation and defaults to 'true'. * api-change:``qconnect``: Adds CreateContentAssociation, ListContentAssociations, GetContentAssociation, and DeleteContentAssociation APIs. * api-change:``quicksight``: Adding support for Repeating Sections, Nested Filters * api-change:``rds``: Updates Amazon RDS documentation for TAZ export to S3. * api-change:``sagemaker``: Add capability for Admins to customize Studio experience for the user by showing or hiding Apps and MLTools. * api-change:``workspaces``: Added support for WorkSpaces Pools. - from version 1.33.16 * api-change:``controltower``: Added ListLandingZoneOperations API. * api-change:``eks``: Added support for disabling unmanaged addons during cluster creation. * api-change:``ivs-realtime``: IVS Real-Time now offers customers the ability to upload public keys for customer vended participant tokens. * api-change:``kinesisanalyticsv2``: This release adds support for new ListApplicationOperations and DescribeApplicationOperation APIs. It adds a new configuration to enable system rollbacks, adds field ApplicationVersionCreateTimestamp for clarity and improves support for pagination for APIs. * api-change:``opensearch``: This release adds support for enabling or disabling Natural Language Query Processing feature for Amazon OpenSearch Service domains, and provides visibility into the current state of the setup or tear-down. - from version 1.33.15 * api-change:``autoscaling``: Doc only update for Auto Scaling's TargetTrackingMetricDataQuery * api-change:``ec2``: This release is for the launch of the new u7ib-12tb.224xlarge, R8g, c7gn.metal and mac2-m1ultra.metal instance types * api-change:``networkmanager``: This is model changes & documentation update for the Asynchronous Error Reporting feature for AWS Cloud WAN. This feature allows customers to view errors that occur while their resources are being provisioned, enabling customers to fix their resources without needing external support. * api-change:``workspaces-thin-client``: This release adds the deviceCreationTags field to CreateEnvironment API input, UpdateEnvironment API input and GetEnvironment API output. - from version 1.33.14 * api-change:``bedrock-runtime``: Increases Converse API's document name length * api-change:``customer-profiles``: This release includes changes to ProfileObjectType APIs, adds functionality top set and get capacity for profile object types. * api-change:``ec2``: Fix EC2 multi-protocol info in models. * api-change:``qbusiness``: Allow enable/disable Q Apps when creating/updating a Q application; Return the Q Apps enablement information when getting a Q application. * api-change:``ssm``: Add sensitive trait to SSM IPAddress property for CloudTrail redaction * api-change:``workspaces-web``: Added ability to enable DeepLinking functionality on a Portal via UserSettings as well as added support for IdentityProvider resource tagging. - from version 1.33.13 * api-change:``bedrock-runtime``: This release adds document support to Converse and ConverseStream APIs * api-change:``codeartifact``: Add support for the Cargo package format. * api-change:``compute-optimizer``: This release enables AWS Compute Optimizer to analyze and generate optimization recommendations for Amazon RDS MySQL and RDS PostgreSQL. * api-change:``cost-optimization-hub``: This release enables AWS Cost Optimization Hub to show cost optimization recommendations for Amazon RDS MySQL and RDS PostgreSQL. * api-change:``dynamodb``: Doc-only update for DynamoDB. Fixed Important note in 6 Global table APIs - CreateGlobalTable, DescribeGlobalTable, DescribeGlobalTableSettings, ListGlobalTables, UpdateGlobalTable, and UpdateGlobalTableSettings. * api-change:``glue``: Fix Glue paginators for Jobs, JobRuns, Triggers, Blueprints and Workflows. * api-change:``ivs-realtime``: IVS Real-Time now offers customers the ability to record individual stage participants to S3. * api-change:``sagemaker``: Adds support for model references in Hub service, and adds support for cross-account access of Hubs * api-change:``securityhub``: Documentation updates for Security Hub - from version 1.33.12 * api-change:``artifact``: This release adds an acceptanceType field to the ReportSummary structure (used in the ListReports API response). * api-change:``athena``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``cur``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``directconnect``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``elastictranscoder``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``opensearch``: This release enables customers to use JSON Web Tokens (JWT) for authentication on their Amazon OpenSearch Service domains. - from version 1.33.11 * api-change:``bedrock-runtime``: This release adds support for using Guardrails with the Converse and ConverseStream APIs. * api-change:``cloudtrail``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``config``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``eks``: This release adds support to surface async fargate customer errors from async path to customer through describe-fargate-profile API response. * api-change:``lightsail``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``polly``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``rekognition``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``sagemaker``: Launched a new feature in SageMaker to provide managed MLflow Tracking Servers for customers to track ML experiments. This release also adds a new capability of attaching additional storage to SageMaker HyperPod cluster instances. * api-change:``shield``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``snowball``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. - from version 1.33.10 * api-change:``acm-pca``: Doc-only update that adds name constraints as an allowed extension for ImportCertificateAuthorityCertificate. * api-change:``batch``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``codebuild``: AWS CodeBuild now supports global and organization GitHub webhooks * api-change:``cognito-idp``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``ds``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``efs``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``glue``: This release introduces a new feature, Usage profiles. Usage profiles allow the AWS Glue admin to create different profiles for various classes of users within the account, enforcing limits and defaults for jobs and sessions. * api-change:``mediaconvert``: This release includes support for creating I-frame only video segments for DASH trick play. * api-change:``secretsmanager``: Doc only update for Secrets Manager * api-change:``waf``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. - from version 1.33.9 * api-change:``datazone``: This release introduces a new default service blueprint for custom environment creation. * api-change:``ec2``: Documentation updates for Amazon EC2. * api-change:``macie2``: This release adds support for managing the status of automated sensitive data discovery for individual accounts in an organization, and determining whether individual S3 buckets are included in the scope of the analyses. * api-change:``mediaconvert``: This release adds the ability to search for historical job records within the management console using a search box and/or via the SDK/CLI with partial string matching search on input file name. * api-change:``route53domains``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. - from version 1.33.8 * api-change:``cloudhsmv2``: Added support for hsm type hsm2m.medium. Added supported for creating a cluster in FIPS or NON_FIPS mode. * api-change:``glue``: This release adds support for configuration of evaluation method for composite rules in Glue Data Quality rulesets. * api-change:``iotwireless``: Add RoamingDeviceSNR and RoamingDeviceRSSI to Customer Metrics. * api-change:``kms``: This feature allows customers to use their keys stored in KMS to derive a shared secret which can then be used to establish a secured channel for communication, provide proof of possession, or establish trust with other parties. * api-change:``mediapackagev2``: This release adds support for CMAF ingest (DASH-IF live media ingest protocol interface 1) - from version 1.33.7 * api-change:``apptest``: AWS Mainframe Modernization Application Testing is an AWS Mainframe Modernization service feature that automates functional equivalence testing for mainframe application modernization and migration to AWS, and regression testing. * api-change:``ec2``: Tagging support for Traffic Mirroring FilterRule resource * api-change:``osis``: SDK changes for self-managed vpc endpoint to OpenSearch ingestion pipelines. * api-change:``redshift``: Updates to remove DC1 and DS2 node types. * api-change:``secretsmanager``: Introducing RotationToken parameter for PutSecretValue API * api-change:``securitylake``: This release updates request validation regex to account for non-commercial aws partitions. * api-change:``sesv2``: This release adds support for Amazon EventBridge as an email sending events destination. - from version 1.33.6 * api-change:``accessanalyzer``: IAM Access Analyzer now provides policy recommendations to help resolve unused permissions for IAM roles and users. Additionally, IAM Access Analyzer now extends its custom policy checks to detect when IAM policies grant public access or access to critical resources ahead of deployments. * api-change:``guardduty``: Added API support for GuardDuty Malware Protection for S3. * api-change:``networkmanager``: This is model changes & documentation update for Service Insertion feature for AWS Cloud WAN. This feature allows insertion of AWS/3rd party security services on Cloud WAN. This allows to steer inter/intra segment traffic via security appliances and provide visibility to the route updates. * api-change:``pca-connector-scep``: Connector for SCEP allows you to use a managed, cloud CA to enroll mobile devices and networking gear. SCEP is a widely-adopted protocol used by mobile device management (MDM) solutions for enrolling mobile devices. With the connector, you can use AWS Private CA with popular MDM solutions. * api-change:``sagemaker``: Introduced Scope and AuthenticationRequestExtraParams to SageMaker Workforce OIDC configuration; this allows customers to modify these options for their private Workforce IdP integration. Model Registry Cross-account model package groups are discoverable. - from version 1.33.5 * api-change:``application-signals``: This is the initial SDK release for Amazon CloudWatch Application Signals. Amazon CloudWatch Application Signals provides curated application performance monitoring for developers to monitor and troubleshoot application health using pre-built dashboards and Service Level Objectives. * api-change:``ecs``: This release introduces a new cluster configuration to support the customer-managed keys for ECS managed storage encryption. * api-change:``imagebuilder``: This release updates the regex pattern for Image Builder ARNs. - Refresh patches for new version - Update Requires from setup.py - Update to 1.33.4 * api-change:``auditmanager``: New feature: common controls. When creating custom controls, you can now use pre-grouped AWS data sources based on common compliance themes. Also, the awsServices parameter is deprecated because we now manage services in scope for you. If used, the input is ignored and an empty list is returned. * api-change:``b2bi``: Added exceptions to B2Bi List operations and ConflictException to B2Bi StartTransformerJob operation. Also made capabilities field explicitly required when creating a Partnership. * api-change:``codepipeline``: CodePipeline now supports overriding S3 Source Object Key during StartPipelineExecution, as part of Source Overrides. * api-change:``sagemaker``: This release introduces a new optional parameter: InferenceAmiVersion, in ProductionVariant. * api-change:``verifiedpermissions``: This release adds OpenIdConnect (OIDC) configuration support for IdentitySources, allowing for external IDPs to be used in authorization requests. - from version 1.33.3 * api-change:``account``: This release adds 3 new APIs (AcceptPrimaryEmailUpdate, GetPrimaryEmail, and StartPrimaryEmailUpdate) used to centrally manage the root user email address of member accounts within an AWS organization. * api-change:``firehose``: Adds integration with Secrets Manager for Redshift, Splunk, HttpEndpoint, and Snowflake destinations * api-change:``fsx``: This release adds support to increase metadata performance on FSx for Lustre file systems beyond the default level provisioned when a file system is created. This can be done by specifying MetadataConfiguration during the creation of Persistent_2 file systems or by updating it on demand. * api-change:``glue``: This release adds support for creating and updating Glue Data Catalog Views. * api-change:``iotwireless``: Adds support for wireless device to be in Conflict FUOTA Device Status due to a FUOTA Task, so it couldn't be attached to a new one. * api-change:``location``: Added two new APIs, VerifyDevicePosition and ForecastGeofenceEvents. Added support for putting larger geofences up to 100,000 vertices with Geobuf fields. * api-change:``sns``: Doc-only update for SNS. These changes include customer-reported issues and TXC3 updates. * api-change:``sqs``: Doc only updates for SQS. These updates include customer-reported issues and TCX3 modifications. * api-change:``storagegateway``: Adds SoftwareUpdatePreferences to DescribeMaintenanceStartTime and UpdateMaintenanceStartTime, a structure which contains AutomaticUpdatePolicy. - from version 1.33.2 * api-change:``globalaccelerator``: This release contains a new optional ip-addresses input field for the update accelerator and update custom routing accelerator apis. This input enables consumers to replace IPv4 addresses on existing accelerators with addresses provided in the input. * api-change:``glue``: AWS Glue now supports native SaaS connectivity: Salesforce connector available now * api-change:``s3``: Added new params copySource and key to copyObject API for supporting S3 Access Grants plugin. These changes will not change any of the existing S3 API functionality. * bugfix:emr customization: Update the EC2 service principal when creating the trust policy for EMR default roles to always be ec2.amazonaws.com. - from version 1.33.1 * api-change:``ec2``: U7i instances with up to 32 TiB of DDR5 memory and 896 vCPUs are now available. C7i-flex instances are launched and are lower-priced variants of the Amazon EC2 C7i instances that offer a baseline level of CPU performance with the ability to scale up to the full compute performance 95% of the time. * api-change:``pipes``: This release adds Timestream for LiveAnalytics as a supported target in EventBridge Pipes * api-change:``sagemaker``: Extend DescribeClusterNode response with private DNS hostname and IP address, and placement information about availability zone and availability zone ID. * api-change:``taxsettings``: Initial release of AWS Tax Settings API - from version 1.33.0 * api-change:``amplify``: This doc-only update identifies fields that are specific to Gen 1 and Gen 2 applications. * api-change:``batch``: This release adds support for the AWS Batch GetJobQueueSnapshot API operation. * api-change:``eks``: Adds support for EKS add-ons pod identity associations integration * api-change:``iottwinmaker``: Support RESET_VALUE UpdateType for PropertyUpdates to reset property value to default or null * feature:logs start-live-tail: Adds support for starting a live tail streaming session for one or more log groups. - from version 1.32.117 * api-change:``codebuild``: AWS CodeBuild now supports Self-hosted GitHub Actions runners for Github Enterprise * api-change:``codeguru-security``: This release includes minor model updates and documentation updates. * api-change:``elasticache``: Update to attributes of TestFailover and minor revisions. * api-change:``launch-wizard``: This release adds support for describing workload deployment specifications, deploying additional workload types, and managing tags for Launch Wizard resources with API operations. - from version 1.32.116 * api-change:``acm``: add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``bedrock-agent``: With this release, Knowledge bases for Bedrock adds support for Titan Text Embedding v2. * api-change:``bedrock-runtime``: This release adds Converse and ConverseStream APIs to Bedrock Runtime * api-change:``cloudtrail``: CloudTrail Lake returns PartitionKeys in the GetEventDataStore API response. Events are grouped into partitions based on these keys for better query performance. For example, the calendarday key groups events by day, while combining the calendarday key with the hour key groups them by day and hour. * api-change:``connect``: Adding associatedQueueIds as a SearchCriteria and response field to the SearchRoutingProfiles API * api-change:``emr-serverless``: The release adds support for spark structured streaming. * api-change:``rds``: Updates Amazon RDS documentation for Aurora Postgres DBname. * api-change:``sagemaker``: Adds Model Card information as a new component to Model Package. Autopilot launches algorithm selection for TimeSeries modality to generate AutoML candidates per algorithm. * bugfix:``ssm start-session``: Only provide profile name to session-manager-plugin if provided using --profile flag - from version 1.32.115 * api-change:``athena``: Throwing validation errors on CreateNotebook with Name containing `/`,`:`,`\` * api-change:``codebuild``: AWS CodeBuild now supports manually creating GitHub webhooks * api-change:``connect``: This release includes changes to DescribeContact API's response by including ConnectedToSystemTimestamp, RoutingCriteria, Customer, Campaign, AnsweringMachineDetectionStatus, CustomerVoiceActivity, QualityMetrics, DisconnectDetails, and SegmentAttributes information from a contact in Amazon Connect. * api-change:``glue``: Add optional field JobMode to CreateJob and UpdateJob APIs. * api-change:``securityhub``: Add ROOT type for TargetType model - from version 1.32.114 * api-change:``dynamodb``: Doc-only update for DynamoDB. Specified the IAM actions needed to authorize a user to create a table with a resource-based policy. * api-change:``ec2``: Providing support to accept BgpAsnExtended attribute * api-change:``kafka``: Adds ControllerNodeInfo in ListNodes response to support Raft mode for MSK * api-change:``swf``: This release adds new APIs for deleting activity type and workflow type resources. - from version 1.32.113 * api-change:``dynamodb``: Documentation only updates for DynamoDB. * api-change:``iotfleetwise``: AWS IoT FleetWise now supports listing vehicles with attributes filter, ListVehicles API is updated to support additional attributes filter. * api-change:``managedblockchain``: This is a minor documentation update to address the impact of the shut down of the Goerli and Polygon networks. - from version 1.32.112 * api-change:``emr-serverless``: This release adds the capability to run interactive workloads using Apache Livy Endpoint. * api-change:``opsworks``: Documentation-only update for OpsWorks Stacks. - from version 1.32.111 * api-change:``chatbot``: This change adds support for tagging Chatbot configurations. * api-change:``cloudformation``: Added DeletionMode FORCE_DELETE_STACK for deleting a stack that is stuck in DELETE_FAILED state due to resource deletion failure. * api-change:``kms``: This release includes feature to import customer's asymmetric (RSA, ECC and SM2) and HMAC keys into KMS in China. * api-change:``opensearch``: This release adds support for enabling or disabling a data source configured as part of Zero-ETL integration with Amazon S3, by setting its status. * api-change:``wafv2``: You can now use Security Lake to collect web ACL traffic data. - from version 1.32.110 * api-change:``cloudfront``: Model update; no change to SDK functionality. * api-change:``glue``: Add Maintenance window to CreateJob and UpdateJob APIs and JobRun response. Add a new Job Run State for EXPIRED. * api-change:``lightsail``: This release adds support for Amazon Lightsail instances to switch between dual-stack or IPv4 only and IPv6-only public IP address types. * api-change:``mailmanager``: This release includes a new Amazon SES feature called Mail Manager, which is a set of email gateway capabilities designed to help customers strengthen their organization's email infrastructure, simplify email workflow management, and streamline email compliance control. * api-change:``pi``: Performance Insights added a new input parameter called AuthorizedActions to support the fine-grained access feature. Performance Insights also restricted the acceptable input characters. * api-change:``rds``: Updates Amazon RDS documentation for Db2 license through AWS Marketplace. * api-change:``storagegateway``: Added new SMBSecurityStrategy enum named MandatoryEncryptionNoAes128, new mode enforces encryption and disables AES 128-bit algorithums. - from version 1.32.109 * api-change:``bedrock-agent``: This release adds support for using Guardrails with Bedrock Agents. * api-change:``bedrock-agent-runtime``: This release adds support for using Guardrails with Bedrock Agents. * api-change:``controltower``: Added ListControlOperations API and filtering support for ListEnabledControls API. Updates also includes added metadata for enabled controls and control operations. * api-change:``osis``: Add support for creating an OpenSearch Ingestion pipeline that is attached to a provided VPC. Add information about the destinations of an OpenSearch Ingestion pipeline to the GetPipeline and ListPipelines APIs. * api-change:``rds``: This release adds support for EngineLifecycleSupport on DBInstances, DBClusters, and GlobalClusters. * api-change:``secretsmanager``: add v2 smoke tests and smithy smokeTests trait for SDK testing - from version 1.32.108 * api-change:``application-autoscaling``: add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``codebuild``: Aws CodeBuild now supports 36 hours build timeout * api-change:``elbv2``: This release adds dualstack-without-public-ipv4 IP address type for ALB. * api-change:``lakeformation``: Introduces a new API, GetDataLakePrincipal, that returns the identity of the invoking principal * api-change:``transfer``: Enable use of CloudFormation traits in Smithy model to improve generated CloudFormation schema from the Smithy API model. - from version 1.32.107 * api-change:``acm-pca``: This release adds support for waiters to fail on AccessDeniedException when having insufficient permissions * api-change:``connect``: Adding Contact Flow metrics to the GetMetricDataV2 API * api-change:``kafka``: AWS MSK support for Broker Removal. * api-change:``mwaa``: Amazon MWAA now supports Airflow web server auto scaling to automatically handle increased demand from REST APIs, Command Line Interface (CLI), or more Airflow User Interface (UI) users. Customers can specify maximum and minimum web server instances during environment creation and update workflow. * api-change:``quicksight``: This release adds DescribeKeyRegistration and UpdateKeyRegistration APIs to manage QuickSight Customer Managed Keys (CMK). * api-change:``sagemaker``: Introduced WorkerAccessConfiguration to SageMaker Workteam. This allows customers to configure resource access for workers in a workteam. * api-change:``secretsmanager``: Documentation updates for AWS Secrets Manager - from version 1.32.106 * api-change:``bedrock-agent-runtime``: Updating Bedrock Knowledge Base Metadata & Filters feature with two new filters listContains and stringContains * api-change:``codebuild``: CodeBuild Reserved Capacity VPC Support * api-change:``datasync``: Task executions now display a CANCELLING status when an execution is in the process of being cancelled. * api-change:``grafana``: This release adds new ServiceAccount and ServiceAccountToken APIs. * api-change:``medical-imaging``: Added support for importing medical imaging data from Amazon S3 buckets across accounts and regions. * api-change:``securityhub``: Documentation-only update for AWS Security Hub - Refresh patches for new version - Update Requires from setup.py - Update to 1.32.105 * api-change:``connect``: Amazon Connect provides enhanced search capabilities for flows & flow modules on the Connect admin website and programmatically using APIs. You can search for flows and flow modules by name, description, type, status, and tags, to filter and identify a specific flow in your Connect instances. * api-change:``s3``: Updated a few x-id in the http uri traits - from version 1.32.104 * api-change:``events``: Amazon EventBridge introduces KMS customer-managed key (CMK) encryption support for custom and partner events published on EventBridge Event Bus (including default bus) and UpdateEventBus API. * api-change:``vpc-lattice``: This release adds TLS Passthrough support. It also increases max number of target group per rule to 10. - from version 1.32.103 * api-change:``discovery``: add v2 smoke tests and smithy smokeTests trait for SDK testing * api-change:``greengrassv2``: Mark ComponentVersion in ComponentDeploymentSpecification as required. * api-change:``sagemaker``: Introduced support for G6 instance types on Sagemaker Notebook Instances and on SageMaker Studio for JupyterLab and CodeEditor applications. * api-change:``sso-oidc``: Updated request parameters for PKCE support. - from version 1.32.102 * api-change:``bedrock-agent-runtime``: This release adds support to provide guardrail configuration and modify inference parameters that are then used in RetrieveAndGenerate API in Agents for Amazon Bedrock. * api-change:``pinpoint``: This release adds support for specifying email message headers for Email Templates, Campaigns, Journeys and Send Messages. * api-change:``route53resolver``: Update the DNS Firewall settings to correct a spelling issue. * api-change:``ssm-sap``: Added support for application-aware start/stop of SAP applications running on EC2 instances, with SSM for SAP * api-change:``verifiedpermissions``: Adds policy effect and actions fields to Policy API's. - from version 1.32.101 * api-change:``cognito-idp``: Add EXTERNAL_PROVIDER enum value to UserStatusType. * api-change:``ec2``: Adding Precision Hardware Clock (PHC) to public API DescribeInstanceTypes * api-change:``ecr``: This release adds pull through cache rules support for GitLab container registry in Amazon ECR. * api-change:``fms``: The policy scope resource tag is always a string value, either a non-empty string or an empty string. * api-change:``polly``: Add new engine - generative - that builds the most expressive conversational voices. * api-change:``sqs``: This release adds MessageSystemAttributeNames to ReceiveMessageRequest to replace AttributeNames. - from version 1.32.100 * api-change:``b2bi``: Documentation update to clarify the MappingTemplate definition. * api-change:``budgets``: This release adds tag support for budgets and budget actions. * api-change:``resiliencehub``: AWS Resilience Hub has expanded its drift detection capabilities by introducing a new type of drift detection - application resource drift. This new enhancement detects changes, such as the addition or deletion of resources within the application's input sources. * api-change:``route53profiles``: Doc only update for Route 53 profiles that fixes some link issues - from version 1.32.99 * api-change:``medialive``: AWS Elemental MediaLive now supports configuring how SCTE 35 passthrough triggers segment breaks in HLS and MediaPackage output groups. Previously, messages triggered breaks in all these output groups. The new option is to trigger segment breaks only in groups that have SCTE 35 passthrough enabled. - from version 1.32.98 * api-change:``bedrock-agent``: This release adds support for using Provisioned Throughput with Bedrock Agents. * api-change:``connect``: This release adds 5 new APIs for managing attachments: StartAttachedFileUpload, CompleteAttachedFileUpload, GetAttachedFile, BatchGetAttachedFileMetadata, DeleteAttachedFile. These APIs can be used to programmatically upload and download attachments to Connect resources, like cases. * api-change:``connectcases``: This feature supports the release of Files related items * api-change:``datasync``: Updated guidance on using private or self-signed certificate authorities (CAs) with AWS DataSync object storage locations. * api-change:``inspector2``: This release adds CSV format to GetCisScanReport for Inspector v2 * api-change:``sagemaker``: Amazon SageMaker Inference now supports m6i, c6i, r6i, m7i, c7i, r7i and g5 instance types for Batch Transform Jobs * api-change:``sesv2``: Adds support for specifying replacement headers per BulkEmailEntry in SendBulkEmail in SESv2. - from version 1.32.97 * api-change:``dynamodb``: This release adds support to specify an optional, maximum OnDemandThroughput for DynamoDB tables and global secondary indexes in the CreateTable or UpdateTable APIs. You can also override the OnDemandThroughput settings by calling the ImportTable, RestoreFromPointInTime, or RestoreFromBackup APIs. * api-change:``ec2``: This release includes a new API for retrieving the public endorsement key of the EC2 instance's Nitro Trusted Platform Module (NitroTPM). * api-change:``personalize``: This releases ability to delete users and their data, including their metadata and interactions data, from a dataset group. * api-change:``redshift-serverless``: Update Redshift Serverless List Scheduled Actions Output Response to include Namespace Name. - from version 1.32.96 * api-change:``bedrock-agent``: This release adds support for using MongoDB Atlas as a vector store when creating a knowledge base. * api-change:``ec2``: Documentation updates for Amazon EC2. * api-change:``personalize-runtime``: This release adds support for a Reason attribute for predicted items generated by User-Personalization-v2. * api-change:``securityhub``: Updated CreateMembers API request with limits. * api-change:``sesv2``: Fixes ListContacts and ListImportJobs APIs to use POST instead of GET. - from version 1.32.95 * api-change:``chime-sdk-voice``: Due to changes made by the Amazon Alexa service, GetSipMediaApplicationAlexaSkillConfiguration and PutSipMediaApplicationAlexaSkillConfiguration APIs are no longer available for use. For more information, refer to the Alexa Smart Properties page. * api-change:``codeartifact``: Add support for the Ruby package format. * api-change:``fms``: AWS Firewall Manager now supports the network firewall service stream exception policy feature for accounts within your organization. * api-change:``omics``: Add support for workflow sharing and dynamic run storage * api-change:``opensearch``: This release enables customers to create Route53 A and AAAA alias record types to point custom endpoint domain to OpenSearch domain's dualstack search endpoint. * api-change:``pinpoint-sms-voice-v2``: Amazon Pinpoint has added two new features Multimedia services (MMS) and protect configurations. Use the three new MMS APIs to send media messages to a mobile phone which includes image, audio, text, or video files. Use the ten new protect configurations APIs to block messages to specific countries. * api-change:``qbusiness``: This is a general availability (GA) release of Amazon Q Business. Q Business enables employees in an enterprise to get comprehensive answers to complex questions and take actions through a unified, intuitive web-based chat experience - using an enterprise's existing content, data, and systems. * api-change:``quicksight``: New Q embedding supporting Generative Q&A * api-change:``route53resolver``: Release of FirewallDomainRedirectionAction parameter on the Route 53 DNS Firewall Rule. This allows customers to configure a DNS Firewall rule to inspect all the domains in the DNS redirection chain (default) , such as CNAME, ALIAS, DNAME, etc., or just the first domain and trust the rest. * api-change:``sagemaker``: Amazon SageMaker Training now supports the use of attribute-based access control (ABAC) roles for training job execution roles. Amazon SageMaker Inference now supports G6 instance types. * api-change:``signer``: Documentation updates for AWS Signer. Adds cross-account signing constraint and definitions for cross-account actions. - from version 1.32.94 * api-change:``amplify``: Updating max results limit for listing any resources (Job, Artifacts, Branch, BackendResources, DomainAssociation) to 50 with the exception of list apps that where max results can be up to 100. * api-change:``connectcases``: This feature releases DeleteField, DeletedLayout, and DeleteTemplate API's * api-change:``inspector2``: Update Inspector2 to include new Agentless API parameters. * api-change:``timestream-query``: This change allows users to update and describe account settings associated with their accounts. * api-change:``transcribe``: This update provides error messaging for generative call summarization in Transcribe Call Analytics * api-change:``trustedadvisor``: This release adds the BatchUpdateRecommendationResourceExclusion API to support batch updates of Recommendation Resource exclusion statuses and introduces a new exclusion status filter to the ListRecommendationResources and ListOrganizationRecommendationResources APIs. - from version 1.32.93 * api-change:``codepipeline``: Add ability to manually and automatically roll back a pipeline stage to a previously successful execution. * api-change:``cognito-idp``: Add LimitExceededException to SignUp errors * api-change:``connectcampaigns``: This release adds support for specifying if Answering Machine should wait for prompt sound. * api-change:``marketplace-entitlement``: Releasing minor endpoint updates. * api-change:``oam``: This release introduces support for Source Accounts to define which Metrics and Logs to share with the Monitoring Account * api-change:``rds``: SupportsLimitlessDatabase field added to describe-db-engine-versions to indicate whether the DB engine version supports Aurora Limitless Database. * api-change:``support``: Releasing minor endpoint updates. * enhancement:dependency: Bump upper bound of colorama to <0.4.7; fixes `#7086 <https://github.com/aws/aws-cli/issues/7086>`__ - from version 1.32.92 * api-change:``appsync``: UpdateGraphQLAPI documentation update and datasource introspection secret arn update * api-change:``fms``: AWS Firewall Manager adds support for network ACL policies to manage Amazon Virtual Private Cloud (VPC) network access control lists (ACLs) for accounts in your organization. * api-change:``ivs``: Bug Fix: IVS does not support arns with the `svs` prefix * api-change:``ivs-realtime``: Bug Fix: IVS Real Time does not support ARNs using the `svs` prefix. * api-change:``rds``: Updates Amazon RDS documentation for setting local time zones for RDS for Db2 DB instances. * api-change:``stepfunctions``: Add new ValidateStateMachineDefinition operation, which performs syntax checking on the definition of a Amazon States Language (ASL) state machine. - from version 1.32.91 * api-change:``datasync``: This change allows users to disable and enable the schedules associated with their tasks. * api-change:``ec2``: Launching capability for customers to enable or disable automatic assignment of public IPv4 addresses to their network interface * api-change:``emr-containers``: EMRonEKS Service support for SecurityConfiguration enforcement for Spark Jobs. * api-change:``entityresolution``: Support Batch Unique IDs Deletion. * api-change:``gamelift``: Amazon GameLift releases container fleets support for public preview. Deploy Linux-based containerized game server software for hosting on Amazon GameLift. * api-change:``ssm``: Add SSM DescribeInstanceProperties API to public AWS SDK. - from version 1.32.90 * api-change:``bedrock``: This release introduces Model Evaluation and Guardrails for Amazon Bedrock. * api-change:``bedrock-agent``: Introducing the ability to create multiple data sources per knowledge base, specify S3 buckets as data sources from external accounts, and exposing levers to define the deletion behavior of the underlying vector store data. * api-change:``bedrock-agent-runtime``: This release introduces zero-setup file upload support for the RetrieveAndGenerate API. This allows you to chat with your data without setting up a Knowledge Base. * api-change:``bedrock-runtime``: This release introduces Guardrails for Amazon Bedrock. * api-change:``ce``: Added additional metadata that might be applicable to your reservation recommendations. * api-change:``ec2``: This release introduces EC2 AMI Deregistration Protection, a new AMI property that can be enabled by customers to protect an AMI against an unintended deregistration. This release also enables the AMI owners to view the AMI 'LastLaunchedTime' in DescribeImages API. * api-change:``pi``: Clarifies how aggregation works for GetResourceMetrics in the Performance Insights API. * api-change:``rds``: Fix the example ARN for ModifyActivityStreamRequest * api-change:``workspaces-web``: Added InstanceType and MaxConcurrentSessions parameters on CreatePortal and UpdatePortal Operations as well as the ability to read Customer Managed Key & Additional Encryption Context parameters on supported resources (Portal, BrowserSettings, UserSettings, IPAccessSettings) - from version 1.32.89 * api-change:``bedrock-agent``: Releasing the support for simplified configuration and return of control * api-change:``bedrock-agent-runtime``: Releasing the support for simplified configuration and return of control * api-change:``payment-cryptography``: Adding support to TR-31/TR-34 exports for optional headers, allowing customers to add additional metadata (such as key version and KSN) when exporting keys from the service. * api-change:``redshift-serverless``: Updates description of schedule field for scheduled actions. * api-change:``route53profiles``: Route 53 Profiles allows you to apply a central DNS configuration across many VPCs regardless of account. * api-change:``sagemaker``: This release adds support for Real-Time Collaboration and Shared Space for JupyterLab App on SageMaker Studio. * api-change:``servicediscovery``: This release adds examples to several Cloud Map actions. * api-change:``transfer``: Adding new API to support remote directory listing using SFTP connector - from version 1.32.88 * api-change:``glue``: Adding RowFilter in the response for GetUnfilteredTableMetadata API * api-change:``internetmonitor``: This update introduces the GetInternetEvent and ListInternetEvents APIs, which provide access to internet events displayed on the Amazon CloudWatch Internet Weather Map. * api-change:``personalize``: This releases auto training capability while creating a solution and automatically syncing latest solution versions when creating/updating a campaign - from version 1.32.87 * api-change:``drs``: Outpost ARN added to Source Server and Recovery Instance * api-change:``emr-serverless``: This release adds the capability to publish detailed Spark engine metrics to Amazon Managed Service for Prometheus (AMP) for enhanced monitoring for Spark jobs. * api-change:``guardduty``: Added IPv6Address fields for local and remote IP addresses * api-change:``quicksight``: This release adds support for the Cross Sheet Filter and Control features, and support for warnings in asset imports for any permitted errors encountered during execution * api-change:``rolesanywhere``: This release introduces the PutAttributeMapping and DeleteAttributeMapping APIs. IAM Roles Anywhere now provides the capability to define a set of mapping rules, allowing customers to specify which data is extracted from their X.509 end-entity certificates. * api-change:``sagemaker``: Removed deprecated enum values and updated API documentation. * api-change:``workspaces``: Adds new APIs for managing and sharing WorkSpaces BYOL configuration across accounts. - from version 1.32.86 * api-change:``ec2``: Documentation updates for Elastic Compute Cloud (EC2). * api-change:``qbusiness``: This release adds support for IAM Identity Center (IDC) as the identity gateway for Q Business. It also allows users to provide an explicit intent for Q Business to identify how the Chat request should be handled. - from version 1.32.85 * api-change:``bedrock-agent``: For Create Agent API, the agentResourceRoleArn parameter is no longer required. * api-change:``emr-serverless``: This release adds support for shuffle optimized disks that allow larger disk sizes and higher IOPS to efficiently run shuffle heavy workloads. * api-change:``entityresolution``: Cross Account Resource Support . * api-change:``iotwireless``: Add PublicGateways in the GetWirelessStatistics call response, indicating the LoRaWAN public network accessed by the device. * api-change:``lakeformation``: This release adds Lake Formation managed RAM support for the 4 APIs - 'DescribeLakeFormationIdentityCenterConfiguration', 'CreateLakeFormationIdentityCenterConfiguration', 'DescribeLakeFormationIdentityCenterConfiguration', and 'DeleteLakeFormationIdentityCenterConfiguration' * api-change:``m2``: Adding new ListBatchJobRestartPoints API and support for restart batch job. * api-change:``mediapackagev2``: Dash v2 is a MediaPackage V2 feature to support egressing on DASH manifest format. * api-change:``outposts``: This release adds new APIs to allow customers to configure their Outpost capacity at order-time. * api-change:``wellarchitected``: AWS Well-Architected now has a Connector for Jira to allow customers to efficiently track workload risks and improvement efforts and create closed-loop mechanisms. - from version 1.32.84 * api-change:``cloudformation``: Adding support for the new parameter 'IncludePropertyValues' in the CloudFormation DescribeChangeSet API. When this parameter is included, the DescribeChangeSet response will include more detailed information such as before and after values for the resource properties that will change. * api-change:``config``: Updates documentation for AWS Config * api-change:``glue``: Modifying request for GetUnfilteredTableMetadata for view-related fields. * api-change:``healthlake``: Added new CREATE_FAILED status for data stores. Added new errorCause to DescribeFHIRDatastore API and ListFHIRDatastores API response for additional insights into data store creation and deletion workflows. * api-change:``iotfleethub``: Documentation updates for AWS IoT Fleet Hub to clarify that Fleet Hub supports organization instance of IAM Identity Center. * api-change:``kms``: This feature supports the ability to specify a custom rotation period for automatic key rotations, the ability to perform on-demand key rotations, and visibility into your key material rotations. * api-change:``mediatailor``: Added InsertionMode to PlaybackConfigurations. This setting controls whether players can use stitched or guided ad insertion. The default for players that do not specify an insertion mode is stitched. * api-change:``neptune-graph``: Update to API documentation to resolve customer reported issues. * api-change:``outposts``: This release adds EXPEDITORS as a valid shipment carrier. * api-change:``redshift``: Adds support for Amazon Redshift DescribeClusterSnapshots API to include Snapshot ARN response field. * api-change:``transfer``: This change releases support for importing self signed certificates to the Transfer Family for sending outbound file transfers over TLS/HTTPS. - from version 1.32.83 * api-change:``batch``: This release adds the task properties field to attempt details and the name field on EKS container detail. * api-change:``cloudfront``: CloudFront origin access control extends support to AWS Lambda function URLs and AWS Elemental MediaPackage v2 origins. * api-change:``cloudwatch``: This release adds support for Metric Characteristics for CloudWatch Anomaly Detection. Anomaly Detector now takes Metric Characteristics object with Periodic Spikes boolean field that tells Anomaly Detection that spikes that repeat at the same time every week are part of the expected pattern. * api-change:``codebuild``: Support access tokens for Bitbucket sources * api-change:``iam``: For CreateOpenIDConnectProvider API, the ThumbprintList parameter is no longer required. * api-change:``medialive``: AWS Elemental MediaLive introduces workflow monitor, a new feature that enables the visualization and monitoring of your media workflows. Create signal maps of your existing workflows and monitor them by creating notification and monitoring template groups. * api-change:``omics``: This release adds support for retrieval of S3 direct access metadata on sequence stores and read sets, and adds support for SHA256up and SHA512up HealthOmics ETags. * api-change:``pipes``: LogConfiguration ARN validation fixes * api-change:``rds``: Updates Amazon RDS documentation for Standard Edition 2 support in RDS Custom for Oracle. * api-change:``s3control``: Documentation updates for Amazon S3-control. - from version 1.32.82 * api-change:``cleanrooms``: AWS Clean Rooms Differential Privacy is now fully available. Differential privacy protects against user-identification attempts. * api-change:``connect``: This release adds new Submit Auto Evaluation Action for Amazon Connect Rules. * api-change:``networkmonitor``: Examples were added to CloudWatch Network Monitor commands. * api-change:``qconnect``: This release adds a new QiC public API updateSession and updates an existing QiC public API createSession * api-change:``rekognition``: Added support for ContentType to content moderation detections. * api-change:``supplychain``: This release includes API SendDataIntegrationEvent for AWS Supply Chain * api-change:``workspaces-thin-client``: Adding tags field to SoftwareSet. Removing tags fields from Summary objects. Changing the list of exceptions in tagging APIs. Fixing an issue where the SDK returns empty tags in Get APIs. - from version 1.32.81 * api-change:``codebuild``: Add new webhook filter types for GitHub webhooks * api-change:``mediaconvert``: This release includes support for bringing your own fonts to use for burn-in or DVB-Sub captioning workflows. * api-change:``pinpoint``: The OrchestrationSendingRoleArn has been added to the email channel and is used to send emails from campaigns or journeys. * api-change:``rds``: This release adds support for specifying the CA certificate to use for the new db instance when restoring from db snapshot, restoring from s3, restoring to point in time, and creating a db instance read replica. - from version 1.32.80 * api-change:``controlcatalog``: This is the initial SDK release for AWS Control Catalog, a central catalog for AWS managed controls. This release includes 3 new APIs - ListDomains, ListObjectives, and ListCommonControls - that vend high-level data to categorize controls across the AWS platform. * api-change:``mgn``: Added USE_SOURCE as default option to LaunchConfigurationTemplate bootMode parameter. * api-change:``networkmonitor``: Updated the allowed monitorName length for CloudWatch Network Monitor. - from version 1.32.79 * api-change:``quicksight``: Adding IAMIdentityCenterInstanceArn parameter to CreateAccountSubscription * api-change:``resource-groups``: Added a new QueryErrorCode RESOURCE_TYPE_NOT_SUPPORTED that is returned by the ListGroupResources operation if the group query contains unsupported resource types. * api-change:``verifiedpermissions``: Adding BatchIsAuthorizedWithToken API which supports multiple authorization requests against a PolicyStore given a bearer token. - from version 1.32.78 * api-change:``b2bi``: Adding support for X12 5010 HIPAA EDI version and associated transaction sets. * api-change:``cleanrooms``: Feature: New schemaStatusDetails field to the existing Schema object that displays a status on Schema API responses to show whether a schema is queryable or not. New BatchGetSchemaAnalysisRule API to retrieve multiple schemaAnalysisRules using a single API call. * api-change:``ec2``: Amazon EC2 G6 instances powered by NVIDIA L4 Tensor Core GPUs can be used for a wide range of graphics-intensive and machine learning use cases. Gr6 instances also feature NVIDIA L4 GPUs and can be used for graphics workloads with higher memory requirements. * api-change:``emr-containers``: This release adds support for integration with EKS AccessEntry APIs to enable automatic Cluster Access for EMR on EKS. * api-change:``ivs``: API update to include an SRT ingest endpoint and passphrase for all channels. * api-change:``verifiedpermissions``: Adds GroupConfiguration field to Identity Source API's - from version 1.32.77 * api-change:``cleanroomsml``: The release includes a public SDK for AWS Clean Rooms ML APIs, making them globally available to developers worldwide. * api-change:``cloudformation``: This release would return a new field - PolicyAction in cloudformation's existed DescribeChangeSetResponse, showing actions we are going to apply on the physical resource (e.g., Delete, Retain) according to the user's template * api-change:``datazone``: This release supports the feature of dataQuality to enrich asset with dataQualityResult in Amazon DataZone. * api-change:``docdb``: This release adds Global Cluster Switchover capability which enables you to change your global cluster's primary AWS Region, the region that serves writes, while preserving the replication between all regions in the global cluster. * api-change:``groundstation``: This release adds visibilityStartTime and visibilityEndTime to DescribeContact and ListContacts responses. * api-change:``lambda``: Add Ruby 3.3 (ruby3.3) support to AWS Lambda * api-change:``medialive``: Cmaf Ingest outputs are now supported in Media Live * api-change:``medical-imaging``: SearchImageSets API now supports following enhancements - Additional support for searching on UpdatedAt and SeriesInstanceUID - Support for searching existing filters between dates/times - Support for sorting the search result by Ascending/Descending - Additional parameters returned in the response * api-change:``transfer``: Add ability to specify Security Policies for SFTP Connectors - from version 1.32.76 * api-change:``ecs``: Documentation only update for Amazon ECS. * api-change:``glue``: Adding View related fields to responses of read-only Table APIs. * api-change:``ivschat``: Doc-only update. Changed 'Resources' to 'Key Concepts' in docs and updated text. * api-change:``rolesanywhere``: This release increases the limit on the roleArns request parameter for the *Profile APIs that support it. This parameter can now take up to 250 role ARNs. * api-change:``securityhub``: Documentation updates for AWS Security Hub - from version 1.32.75 * api-change:``cloudwatch``: This release adds support for CloudWatch Anomaly Detection on cross-account metrics. SingleMetricAnomalyDetector and MetricDataQuery inputs to Anomaly Detection APIs now take an optional AccountId field. * api-change:``datazone``: This release supports the feature of AI recommendations for descriptions to enrich the business data catalog in Amazon DataZone. * api-change:``deadline``: AWS Deadline Cloud is a new fully managed service that helps customers set up, deploy, and scale rendering projects in minutes, so they can improve the efficiency of their rendering pipelines and take on more projects. * api-change:``emr``: This release fixes a broken link in the documentation. * api-change:``lightsail``: This release adds support to upgrade the TLS version of the distribution. - from version 1.32.74 * api-change:``b2bi``: Supporting new EDI X12 transaction sets for X12 versions 4010, 4030, and 5010. * api-change:``codebuild``: Add new fleet status code for Reserved Capacity. * api-change:``codeconnections``: Duplicating the CodeStar Connections service into the new, rebranded AWS CodeConnections service. * api-change:``internetmonitor``: This release adds support to allow customers to track cross account monitors through ListMonitor, GetMonitor, ListHealthEvents, GetHealthEvent, StartQuery APIs. * api-change:``iotwireless``: Add support for retrieving key historical and live metrics for LoRaWAN devices and gateways * api-change:``marketplace-catalog``: This release enhances the ListEntities API to support ResaleAuthorizationId filter and sort for OfferEntity in the request and the addition of a ResaleAuthorizationId field in the response of OfferSummary. * api-change:``neptune-graph``: Add the new API Start-Import-Task for Amazon Neptune Analytics. * api-change:``sagemaker``: This release adds support for custom images for the CodeEditor App on SageMaker Studio * enhancement:``s3``: Add parameter to validate source and destination S3 URIs to the ``mv`` command. - from version 1.32.73 * api-change:``codecatalyst``: This release adds support for understanding pending changes to subscriptions by including two new response parameters for the GetSubscription API for Amazon CodeCatalyst. * api-change:``compute-optimizer``: This release enables AWS Compute Optimizer to analyze and generate recommendations with a new customization preference, Memory Utilization. * api-change:``ec2``: Amazon EC2 C7gd, M7gd and R7gd metal instances with up to 3.8 TB of local NVMe-based SSD block-level storage have up to 45% improved real-time NVMe storage performance than comparable Graviton2-based instances. * api-change:``eks``: Add multiple customer error code to handle customer caused failure when managing EKS node groups * api-change:``guardduty``: Add EC2 support for GuardDuty Runtime Monitoring auto management. * api-change:``neptune-graph``: Update ImportTaskCancelled waiter to evaluate task state correctly and minor documentation changes. * api-change:``oam``: This release adds support for sharing AWS::InternetMonitor::Monitor resources. * api-change:``quicksight``: Amazon QuickSight: Adds support for setting up VPC Endpoint restrictions for accessing QuickSight Website. - from version 1.32.72 * api-change:``batch``: This feature allows AWS Batch to support configuration of imagePullSecrets and allowPrivilegeEscalation for jobs running on EKS * api-change:``bedrock-agent``: This changes introduces metadata documents statistics and also updates the documentation for bedrock agent. * api-change:``bedrock-agent-runtime``: This release introduces filtering support on Retrieve and RetrieveAndGenerate APIs. * api-change:``elasticache``: Added minimum capacity to Amazon ElastiCache Serverless. This feature allows customer to ensure minimum capacity even without current load * api-change:``secretsmanager``: Documentation updates for Secrets Manager - from version 1.32.71 * api-change:``bedrock-agent-runtime``: This release adds support to customize prompts sent through the RetrieveAndGenerate API in Agents for Amazon Bedrock. * api-change:``ce``: Adds support for backfill of cost allocation tags, with new StartCostAllocationTagBackfill and ListCostAllocationTagBackfillHistory API. * api-change:``ec2``: Documentation updates for Elastic Compute Cloud (EC2). * api-change:``ecs``: This is a documentation update for Amazon ECS. * api-change:``finspace``: Add new operation delete-kx-cluster-node and add status parameter to list-kx-cluster-node operation. - from version 1.32.70 * api-change:``codebuild``: Supporting GitLab and GitLab Self Managed as source types in AWS CodeBuild. * api-change:``ec2``: Added support for ModifyInstanceMetadataDefaults and GetInstanceMetadataDefaults to set Instance Metadata Service account defaults * api-change:``ecs``: Documentation only update for Amazon ECS. * api-change:``emr-containers``: This release increases the number of supported job template parameters from 20 to 100. * api-change:``globalaccelerator``: AWS Global Accelerator now supports cross-account sharing for bring your own IP addresses. * api-change:``medialive``: Exposing TileMedia H265 options * api-change:``sagemaker``: Introduced support for the following new instance types on SageMaker Studio for JupyterLab and CodeEditor applications: m6i, m6id, m7i, c6i, c6id, c7i, r6i, r6id, r7i, and p5 - from version 1.32.69 * api-change:``firehose``: Updates Amazon Firehose documentation for message regarding Enforcing Tags IAM Policy. * api-change:``kendra``: Documentation update, March 2024. Corrects some docs for Amazon Kendra. * api-change:``pricing``: Add ResourceNotFoundException to ListPriceLists and GetPriceListFileUrl APIs * api-change:``rolesanywhere``: This release relaxes constraints on the durationSeconds request parameter for the *Profile APIs that support it. This parameter can now take on values that go up to 43200. * api-change:``securityhub``: Added new resource detail object to ASFF, including resource for LastKnownExploitAt - from version 1.32.68 * api-change:``codeartifact``: This release adds Package groups to CodeArtifact so you can more conveniently configure package origin controls for multiple packages. - from version 1.32.67 * api-change:``accessanalyzer``: This release adds support for policy validation and external access findings for DynamoDB tables and streams. IAM Access Analyzer helps you author functional and secure resource-based policies and identify cross-account access. Updated service API, documentation, and paginators. * api-change:``codebuild``: This release adds support for new webhook events (RELEASED and PRERELEASED) and filter types (TAG_NAME and RELEASE_NAME). * api-change:``connect``: This release updates the *InstanceStorageConfig APIs to support a new ResourceType: REAL_TIME_CONTACT_ANALYSIS_CHAT_SEGMENTS. Use this resource type to enable streaming for real-time analysis of chat contacts and to associate a Kinesis stream where real-time analysis chat segments will be published. * api-change:``dynamodb``: This release introduces 3 new APIs ('GetResourcePolicy', 'PutResourcePolicy' and 'DeleteResourcePolicy') and modifies the existing 'CreateTable' API for the resource-based policy support. It also modifies several APIs to accept a 'TableArn' for the 'TableName' parameter. * api-change:``managedblockchain-query``: AMB Query: update GetTransaction to include transactionId as input * api-change:``savingsplans``: Introducing the Savings Plans Return feature enabling customers to return their Savings Plans within 7 days of purchase. - from version 1.32.66 * api-change:``cloudformation``: Documentation update, March 2024. Corrects some formatting. * api-change:``ec2``: This release adds the new DescribeMacHosts API operation for getting information about EC2 Mac Dedicated Hosts. Users can now see the latest macOS versions that their underlying Apple Mac can support without needing to be updated. * api-change:``finspace``: Adding new attributes readWrite and onDemand to dataview models for Database Maintenance operations. * api-change:``logs``: Update LogSamples field in Anomaly model to be a list of LogEvent * api-change:``managedblockchain-query``: Introduces a new API for Amazon Managed Blockchain Query: ListFilteredTransactionEvents. - from version 1.32.65 * api-change:``cloudformation``: This release supports for a new API ListStackSetAutoDeploymentTargets, which provider auto-deployment configuration as a describable resource. Customers can now view the specific combinations of regions and OUs that are being auto-deployed. * api-change:``kms``: Adds the ability to use the default policy name by omitting the policyName parameter in calls to PutKeyPolicy and GetKeyPolicy * api-change:``mediatailor``: This release adds support to allow customers to show different content within a channel depending on metadata associated with the viewer. * api-change:``rds``: This release launches the ModifyIntegration API and support for data filtering for zero-ETL Integrations. * api-change:``s3``: Fix two issues with response root node names. * api-change:``timestream-query``: Documentation updates, March 2024 - from version 1.32.64 * api-change:``backup``: This release introduces a boolean attribute ManagedByAWSBackupOnly as part of ListRecoveryPointsByResource api to filter the recovery points based on ownership. This attribute can be used to filter out the recovery points protected by AWSBackup. * api-change:``codebuild``: AWS CodeBuild now supports overflow behavior on Reserved Capacity. * api-change:``connect``: This release adds Hierarchy based Access Control fields to Security Profile public APIs and adds support for UserAttributeFilter to SearchUsers API. * api-change:``ec2``: Add media accelerator and neuron device information on the describe instance types API. * api-change:``kinesisanalyticsv2``: Support for Flink 1.18 in Managed Service for Apache Flink * api-change:``s3``: Documentation updates for Amazon S3. * api-change:``sagemaker``: Adds m6i, m6id, m7i, c6i, c6id, c7i, r6i r6id, r7i, p5 instance type support to Sagemaker Notebook Instances and miscellaneous wording fixes for previous Sagemaker documentation. * api-change:``workspaces-thin-client``: Removed unused parameter kmsKeyArn from UpdateDeviceRequest - from version 1.32.63 * api-change:``amplify``: Documentation updates for Amplify. Identifies the APIs available only to apps created using Amplify Gen 1. * api-change:``ec2-instance-connect``: This release includes a new exception type 'SerialConsoleSessionUnsupportedException' for SendSerialConsoleSSHPublicKey API. * api-change:``elbv2``: This release allows you to configure HTTP client keep-alive duration for communication between clients and Application Load Balancers. * api-change:``fis``: This release adds support for previewing target resources before running a FIS experiment. It also adds resource ARNs for actions, experiments, and experiment templates to API responses. * api-change:``rds``: Updates Amazon RDS documentation for EBCDIC collation for RDS for Db2. * api-change:``secretsmanager``: Doc only update for Secrets Manager * api-change:``timestream-influxdb``: This is the initial SDK release for Amazon Timestream for InfluxDB. Amazon Timestream for InfluxDB is a new time-series database engine that makes it easy for application developers and DevOps teams to run InfluxDB databases on AWS for near real-time time-series applications using open source APIs. - from version 1.32.62 * api-change:``ivs-realtime``: adds support for multiple new composition layout configuration options (grid, pip) * api-change:``kinesisanalyticsv2``: Support new RuntimeEnvironmentUpdate parameter within UpdateApplication API allowing callers to change the Flink version upon which their application runs. * api-change:``s3``: This release makes the default option for S3 on Outposts request signing to use the SigV4A algorithm when using AWS Common Runtime (CRT). - from version 1.32.61 * api-change:``cloudformation``: CloudFormation documentation update for March, 2024 * api-change:``connect``: This release increases MaxResults limit to 500 in request for SearchUsers, SearchQueues and SearchRoutingProfiles APIs of Amazon Connect. * api-change:``ec2``: Documentation updates for Amazon EC2. * api-change:``kafka``: Added support for specifying the starting position of topic replication in MSK-Replicator. * api-change:``ssm``: March 2024 doc-only updates for Systems Manager. - from version 1.32.60 * api-change:``codestar-connections``: Added a sync configuration enum to disable publishing of deployment status to source providers (PublishDeploymentStatus). Added a sync configuration enum (TriggerStackUpdateOn) to only trigger changes. * api-change:``elasticache``: Revisions to API text that are now to be carried over to SDK text, changing usages of 'SFO' in code examples to 'us-west-1', and some other typos. * api-change:``mediapackagev2``: This release enables customers to safely update their MediaPackage v2 channel groups, channels and origin endpoints using entity tags. - from version 1.32.59 * api-change:``batch``: This release adds JobStateTimeLimitActions setting to the Job Queue API. It allows you to configure an action Batch can take for a blocking job in front of the queue after the defined period of time. The new parameter applies for ECS, EKS, and FARGATE Job Queues. * api-change:``bedrock-agent-runtime``: Documentation update for Bedrock Runtime Agent * api-change:``cloudtrail``: Added exceptions to CreateTrail, DescribeTrails, and ListImportFailures APIs. * api-change:``codebuild``: This release adds support for a new webhook event: PULL_REQUEST_CLOSED. * api-change:``cognito-idp``: Add ConcurrentModificationException to SetUserPoolMfaConfig * api-change:``guardduty``: Add RDS Provisioned and Serverless Usage types * api-change:``transfer``: Added DES_EDE3_CBC to the list of supported encryption algorithms for messages sent with an AS2 connector. - from version 1.32.58 * api-change:``appconfig``: AWS AppConfig now supports dynamic parameters, which enhance the functionality of AppConfig Extensions by allowing you to provide parameter values to your Extensions at the time you deploy your configuration. * api-change:``ec2``: This release adds an optional parameter to RegisterImage and CopyImage APIs to support tagging AMIs at the time of creation. * api-change:``grafana``: Adds support for the new GrafanaToken as part of the Amazon Managed Grafana Enterprise plugins upgrade to associate your AWS account with a Grafana Labs account. * api-change:``lambda``: Documentation updates for AWS Lambda * api-change:``payment-cryptography-data``: AWS Payment Cryptography EMV Decrypt Feature Release * api-change:``rds``: Updates Amazon RDS documentation for io2 storage for Multi-AZ DB clusters * api-change:``snowball``: Doc-only update for change to EKS-Anywhere ordering. * api-change:``wafv2``: You can increase the max request body inspection size for some regional resources. The size setting is in the web ACL association config. Also, the AWSManagedRulesBotControlRuleSet EnableMachineLearning setting now takes a Boolean instead of a primitive boolean type, for languages like Java. * api-change:``workspaces``: Added note for user decoupling - from version 1.32.57 * api-change:``dynamodb``: Doc only updates for DynamoDB documentation * api-change:``imagebuilder``: Add PENDING status to Lifecycle Execution resource status. Add StartTime and EndTime to ListLifecycleExecutionResource API response. * api-change:``mwaa``: Amazon MWAA adds support for Apache Airflow v2.8.1. * api-change:``rds``: Updated the input of CreateDBCluster and ModifyDBCluster to support setting CA certificates. Updated the output of DescribeDBCluster to show current CA certificate setting value. * api-change:``redshift``: Update for documentation only. Covers port ranges, definition updates for data sharing, and definition updates to cluster-snapshot documentation. * api-change:``verifiedpermissions``: Deprecating details in favor of configuration for GetIdentitySource and ListIdentitySources APIs. - from version 1.32.56 * api-change:``apigateway``: Documentation updates for Amazon API Gateway * api-change:``chatbot``: Minor update to documentation. * api-change:``organizations``: This release contains an endpoint addition * api-change:``sesv2``: Adds support for providing custom headers within SendEmail and SendBulkEmail for SESv2. - from version 1.32.55 * api-change:``cloudformation``: Add DetailedStatus field to DescribeStackEvents and DescribeStacks APIs * api-change:``fsx``: Added support for creating FSx for NetApp ONTAP file systems with up to 12 HA pairs, delivering up to 72 GB/s of read throughput and 12 GB/s of write throughput. * api-change:``organizations``: Documentation update for AWS Organizations - from version 1.32.54 * api-change:``accessanalyzer``: Fixed a typo in description field. * api-change:``autoscaling``: With this release, Amazon EC2 Auto Scaling groups, EC2 Fleet, and Spot Fleet improve the default price protection behavior of attribute-based instance type selection of Spot Instances, to consistently select from a wide range of instance types. * api-change:``ec2``: With this release, Amazon EC2 Auto Scaling groups, EC2 Fleet, and Spot Fleet improve the default price protection behavior of attribute-based instance type selection of Spot Instances, to consistently select from a wide range of instance types. - from version 1.32.53 * api-change:``docdb-elastic``: Launched Elastic Clusters Readable Secondaries, Start/Stop, Configurable Shard Instance count, Automatic Backups and Snapshot Copying * api-change:``eks``: Added support for new AL2023 AMIs to the supported AMITypes. * api-change:``lexv2-models``: This release makes AMAZON.QnAIntent generally available in Amazon Lex. This generative AI feature leverages large language models available through Amazon Bedrock to automate frequently asked questions (FAQ) experience for end-users. * api-change:``migrationhuborchestrator``: Adds new CreateTemplate, UpdateTemplate and DeleteTemplate APIs. * api-change:``quicksight``: TooltipTarget for Combo chart visuals; ColumnConfiguration limit increase to 2000; Documentation Update * api-change:``sagemaker``: Adds support for ModelDataSource in Model Packages to support unzipped models. Adds support to specify SourceUri for models which allows registration of models without mandating a container for hosting. Using SourceUri, customers can decouple the model from hosting information during registration. * api-change:``securitylake``: Add capability to update the Data Lake's MetaStoreManager Role in order to perform required data lake updates to use Iceberg table format in their data lake or update the role for any other reason. - from version 1.32.52 * api-change:``batch``: This release adds Batch support for configuration of multicontainer jobs in ECS, Fargate, and EKS. This support is available for all types of jobs, including both array jobs and multi-node parallel jobs. * api-change:``bedrock-agent-runtime``: This release adds support to override search strategy performed by the Retrieve and RetrieveAndGenerate APIs for Amazon Bedrock Agents * api-change:``ce``: This release introduces the new API 'GetApproximateUsageRecords', which retrieves estimated usage records for hourly granularity or resource-level data at daily granularity. * api-change:``ec2``: This release increases the range of MaxResults for GetNetworkInsightsAccessScopeAnalysisFindings to 1,000. * api-change:``iot``: This release reduces the maximum results returned per query invocation from 500 to 100 for the SearchIndex API. This change has no implications as long as the API is invoked until the nextToken is NULL. * api-change:``wafv2``: AWS WAF now supports configurable time windows for request aggregation with rate-based rules. Customers can now select time windows of 1 minute, 2 minutes or 10 minutes, in addition to the previously supported 5 minutes. - from version 1.32.51 * api-change:``amplifyuibuilder``: We have added the ability to tag resources after they are created - from version 1.32.50 * api-change:``apigateway``: Documentation updates for Amazon API Gateway. * api-change:``drs``: Added volume status to DescribeSourceServer replicated volumes. * api-change:``kafkaconnect``: Adds support for tagging, with new TagResource, UntagResource and ListTagsForResource APIs to manage tags and updates to existing APIs to allow tag on create. This release also adds support for the new DeleteWorkerConfiguration API. * api-change:``rds``: This release adds support for gp3 data volumes for Multi-AZ DB Clusters. - from version 1.32.49 * api-change:``appsync``: Documentation only updates for AppSync * api-change:``qldb``: Clarify possible values for KmsKeyArn and EncryptionDescription. * api-change:``rds``: Add pattern and length based validations for DBShardGroupIdentifier * api-change:``rum``: Doc-only update for new RUM metrics that were added - from version 1.32.48 * api-change:``internetmonitor``: This release adds IPv4 prefixes to health events * api-change:``kinesisvideo``: Increasing NextToken parameter length restriction for List APIs from 512 to 1024. - from version 1.32.47 * api-change:``iotevents``: Increase the maximum length of descriptions for Inputs, Detector Models, and Alarm Models * api-change:``lookoutequipment``: This release adds a field exposing model quality to read APIs for models. It also adds a model quality field to the API response when creating an inference scheduler. * api-change:``medialive``: MediaLive now supports the ability to restart pipelines in a running channel. * api-change:``ssm``: This release adds support for sharing Systems Manager parameters with other AWS accounts. - from version 1.32.46 * api-change:``dynamodb``: Publishing quick fix for doc only update. * api-change:``firehose``: This release updates a few Firehose related APIs. * api-change:``lambda``: Add .NET 8 (dotnet8) Runtime support to AWS Lambda. - from version 1.32.45 * api-change:``amplify``: This release contains API changes that enable users to configure their Amplify domains with their own custom SSL/TLS certificate. * api-change:``chatbot``: This release adds support for AWS Chatbot. You can now monitor, operate, and troubleshoot your AWS resources with interactive ChatOps using the AWS SDK. * api-change:``config``: Documentation updates for the AWS Config CLI * api-change:``ivs``: Changed description for latencyMode in Create/UpdateChannel and Channel/ChannelSummary. * api-change:``keyspaces``: Documentation updates for Amazon Keyspaces * api-change:``mediatailor``: MediaTailor: marking #AdBreak.OffsetMillis as required. - from version 1.32.44 * api-change:``connectparticipant``: Doc only update to GetTranscript API reference guide to inform users about presence of events in the chat transcript. * api-change:``emr``: adds fine grained control over Unhealthy Node Replacement to Amazon ElasticMapReduce * api-change:``firehose``: This release adds support for Data Message Extraction for decompressed CloudWatch logs, and to use a custom file extension or time zone for S3 destinations. * api-change:``lambda``: Documentation-only updates for Lambda to clarify a number of existing actions and properties. * api-change:``rds``: Doc only update for a valid option in DB parameter group * api-change:``sns``: This release marks phone numbers as sensitive inputs. - from version 1.32.43 * api-change:``artifact``: This is the initial SDK release for AWS Artifact. AWS Artifact provides on-demand access to compliance and third-party compliance reports. This release includes access to List and Get reports, along with their metadata. This release also includes access to AWS Artifact notifications settings. * api-change:``codepipeline``: Add ability to override timeout on action level. * api-change:``detective``: Doc only updates for content enhancement * api-change:``guardduty``: Marked fields IpAddressV4, PrivateIpAddress, Email as Sensitive. * api-change:``healthlake``: This release adds a new response parameter, JobProgressReport, to the DescribeFHIRImportJob and ListFHIRImportJobs API operation. JobProgressReport provides details on the progress of the import job on the server. * api-change:``opensearch``: Adds additional supported instance types. * api-change:``polly``: Amazon Polly adds 1 new voice - Burcu (tr-TR) * api-change:``sagemaker``: This release adds a new API UpdateClusterSoftware for SageMaker HyperPod. This API allows users to patch HyperPod clusters with latest platform softwares. * api-change:``secretsmanager``: Doc only update for Secrets Manager * api-change:``endpoint-rules``: Update endpoint-rules command to latest version - from version 1.32.42 * api-change:``controltower``: Adds support for new Baseline and EnabledBaseline APIs for automating multi-account governance. * api-change:``lookoutequipment``: This feature allows customers to see pointwise model diagnostics results for their models. * api-change:``qbusiness``: This release adds the metadata-boosting feature, which allows customers to easily fine-tune the underlying ranking of retrieved RAG passages in order to optimize Q&A answer relevance. It also adds new feedback reasons for the PutFeedback API. - from version 1.32.41 * api-change:``lightsail``: This release adds support to upgrade the major version of a database. * api-change:``marketplace-catalog``: AWS Marketplace Catalog API now supports setting intent on requests * api-change:``resource-explorer-2``: Resource Explorer now uses newly supported IPv4 'amazonaws.com' endpoints by default. * api-change:``securitylake``: Documentation updates for Security Lake * api-change:``endpoint-rules``: Update endpoint-rules command to latest version - from version 1.32.40 * api-change:``appsync``: Adds support for new options on GraphqlAPIs, Resolvers and Data Sources for emitting Amazon CloudWatch metrics for enhanced monitoring of AppSync APIs. * api-change:``cloudwatch``: Update cloudwatch command to latest version * api-change:``neptune-graph``: Adding a new option 'parameters' for data plane api ExecuteQuery to support running parameterized query via SDK. * api-change:``route53domains``: This release adds bill contact support for RegisterDomain, TransferDomain, UpdateDomainContact and GetDomainDetail API. - from version 1.32.39 * api-change:``amp``: Overall documentation updates. * api-change:``batch``: This feature allows Batch to support configuration of repository credentials for jobs running on ECS * api-change:``braket``: Creating a job will result in DeviceOfflineException when using an offline device, and DeviceRetiredException when using a retired device. * api-change:``cost-optimization-hub``: Adding includeMemberAccounts field to the response of ListEnrollmentStatuses API. * api-change:``ecs``: Documentation only update for Amazon ECS. * api-change:``iot``: This release allows AWS IoT Core users to enable Online Certificate Status Protocol (OCSP) Stapling for TLS X.509 Server Certificates when creating and updating AWS IoT Domain Configurations with Custom Domain. * api-change:``pricing``: Add Throttling Exception to all APIs. - from version 1.32.38 * api-change:``codepipeline``: Add ability to execute pipelines with new parallel & queued execution modes and add support for triggers with filtering on branches and file paths. * api-change:``quicksight``: General Interactions for Visuals; Waterfall Chart Color Configuration; Documentation Update * api-change:``workspaces``: This release introduces User-Decoupling feature. This feature allows Workspaces Core customers to provision workspaces without providing users. CreateWorkspaces and DescribeWorkspaces APIs will now take a new optional parameter 'WorkspaceName'. - from version 1.32.37 * api-change:``datasync``: AWS DataSync now supports manifests for specifying files or objects to transfer. * api-change:``lexv2-models``: Update lexv2-models command to latest version * api-change:``redshift``: LisRecommendations API to fetch Amazon Redshift Advisor recommendations. - from version 1.32.36 * api-change:``appsync``: Support for environment variables in AppSync GraphQL APIs * api-change:``ecs``: This release is a documentation only update to address customer issues. * api-change:``es``: This release adds clear visibility to the customers on the changes that they make on the domain. * api-change:``logs``: This release adds a new field, logGroupArn, to the response of the logs:DescribeLogGroups action. * api-change:``opensearch``: This release adds clear visibility to the customers on the changes that they make on the domain. * api-change:``wafv2``: You can now delete an API key that you've created for use with your CAPTCHA JavaScript integration API. - from version 1.32.35 * api-change:``glue``: Introduce Catalog Encryption Role within Glue Data Catalog Settings. Introduce SASL/PLAIN as an authentication method for Glue Kafka connections * api-change:``workspaces``: Added definitions of various WorkSpace states - from version 1.32.34 * api-change:``dynamodb``: Any number of users can execute up to 50 concurrent restores (any type of restore) in a given account. * api-change:``sagemaker``: Amazon SageMaker Canvas adds GenerativeAiSettings support for CanvasAppSettings. * api-change:``endpoint-rules``: Update endpoint-rules command to latest version - from version 1.32.33 * api-change:``cognito-idp``: Added CreateIdentityProvider and UpdateIdentityProvider details for new SAML IdP features * api-change:``ivs``: This release introduces a new resource Playback Restriction Policy which can be used to geo-restrict or domain-restrict channel stream playback when associated with a channel. New APIs to support this resource were introduced in the form of Create/Delete/Get/Update/List. * api-change:``managedblockchain-query``: This release adds support for transactions that have not reached finality. It also removes support for the status property from the response of the GetTransaction operation. You can use the confirmationStatus and executionStatus properties to determine the status of the transaction. * api-change:``mediaconvert``: This release includes support for broadcast-mixed audio description tracks. * api-change:``neptune-graph``: Adding new APIs in SDK for Amazon Neptune Analytics. These APIs include operations to execute, cancel, list queries and get the graph summary. - from version 1.32.32 * api-change:``cloudformation``: CloudFormation IaC generator allows you to scan existing resources in your account and select resources to generate a template for a new or existing CloudFormation stack. * api-change:``elbv2``: Update elbv2 command to latest version * api-change:``glue``: Update page size limits for GetJobRuns and GetTriggers APIs. * api-change:``ssm``: This release adds an optional Duration parameter to StateManager Associations. This allows customers to specify how long an apply-only-on-cron association execution should run. Once the specified Duration is out all the ongoing cancellable commands or automations are cancelled. - Refresh patches for new version - Update Requires from setup.py Changes in local-npm-registry: - fix await import error on older node.js versions - update to 1.1.0 * always run npm with --no-package-lock. This will fix all weird errors and no loger require cleaning package-lock.json from upstream * `quilt setup` script is now in the utility * everything is run in JS now, so you can run directly with node version of change. Either, local-npm-registry or node22 /usr/bin/local-npm-registry - update to 1.0.2 * --help invocation fixes * cleanup npm's config.registry on exit * adds support for non-standard alternative versions - Escape `quilt setup` invoked section in the helper script - update to 1.0.1 * update dependencies * no longer shows paths for tarballs served by the proxy * works with latest nodejs * removing npm command patch dropped, upstreamed - Revert Requires: back to npm-default. If we need support for Fedora to have something else, we can do this another way https://en.opensuse.org/openSUSE:Build_Service_prjconf#Substitute - Allow the user to override `node` and `npm` commands in PATH. This is useful if one wants to eg. use Electron to run npm. - Change Requires: npm-default to Requires: npm. npm-default is already prefered by the prjconf, this works with any version of npm, and Fedora does not have npm-default. - update to 0.0.3: * fixes case when npm is stalling when package is not found - Update to 0.0.2: fixes uncaught exceptions - work with quilt when unpacking archive - Initial version 0.0.1 Changes in python-boto3: - Update to 1.34.144 * api-change:``acm-pca``: [``botocore``] Minor refactoring of C2J model for AWS Private CA * api-change:``arc-zonal-shift``: [``botocore``] Adds the option to subscribe to get notifications when a zonal autoshift occurs in a region. * api-change:``globalaccelerator``: [``botocore``] This feature adds exceptions to the Customer API to avoid throwing Internal Service errors * api-change:``pinpoint``: [``botocore``] Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``quicksight``: [``botocore``] Vega ally control options and Support for Reviewed Answers in Topics - from version 1.34.143 * api-change:``batch``: [``botocore``] This feature allows AWS Batch Jobs with EKS container orchestration type to be run as Multi-Node Parallel Jobs. * api-change:``bedrock``: [``botocore``] Add support for contextual grounding check for Guardrails for Amazon Bedrock. * api-change:``bedrock-agent``: [``botocore``] Introduces new data sources and chunking strategies for Knowledge bases, advanced parsing logic using FMs, session summary generation, and code interpretation (preview) for Claude V3 Sonnet and Haiku models. Also introduces Prompt Flows (preview) to link prompts, foundational models, and resources. * api-change:``bedrock-agent-runtime``: [``botocore``] Introduces query decomposition, enhanced Agents integration with Knowledge bases, session summary generation, and code interpretation (preview) for Claude V3 Sonnet and Haiku models. Also introduces Prompt Flows (preview) to link prompts, foundational models, and resources for end-to-end solutions. * api-change:``bedrock-runtime``: [``botocore``] Add support for contextual grounding check and ApplyGuardrail API for Guardrails for Amazon Bedrock. * api-change:``ec2``: [``botocore``] Add parameters to enable provisioning IPAM BYOIPv4 space at a Local Zone Network Border Group level * api-change:``glue``: [``botocore``] Add recipe step support for recipe node * api-change:``groundstation``: [``botocore``] Documentation update specifying OEM ephemeris units of measurement * api-change:``license-manager-linux-subscriptions``: [``botocore``] Add support for third party subscription providers, starting with RHEL subscriptions through Red Hat Subscription Manager (RHSM). Additionally, add support for tagging subscription provider resources, and detect when an instance has more than one Linux subscription and notify the customer. * api-change:``mediaconnect``: [``botocore``] AWS Elemental MediaConnect introduces the ability to disable outputs. Disabling an output allows you to keep the output attached to the flow, but stop streaming to the output destination. A disabled output does not incur data transfer costs. - from version 1.34.142 * api-change:``datazone``: [``botocore``] This release deprecates dataProductItem field from SearchInventoryResultItem, along with some unused DataProduct shapes * api-change:``fsx``: [``botocore``] Adds support for FSx for NetApp ONTAP 2nd Generation file systems, and FSx for OpenZFS Single AZ HA file systems. * api-change:``opensearch``: [``botocore``] This release adds support for enabling or disabling Natural Language Query Processing feature for Amazon OpenSearch Service domains, and provides visibility into the current state of the setup or tear-down. * api-change:``sagemaker``: [``botocore``] This release 1/ enables optimization jobs that allows customers to perform Ahead-of-time compilation and quantization. 2/ allows customers to control access to Amazon Q integration in SageMaker Studio. 3/ enables AdditionalModelDataSources for CreateModel action. - from version 1.34.141 * api-change:``codedeploy``: [``botocore``] Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``devicefarm``: [``botocore``] Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``dms``: [``botocore``] Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``elasticbeanstalk``: [``botocore``] Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``es``: [``botocore``] Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``firehose``: [``botocore``] Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``gamelift``: [``botocore``] Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``qapps``: [``botocore``] This is a general availability (GA) release of Amazon Q Apps, a capability of Amazon Q Business. Q Apps leverages data sources your company has provided to enable users to build, share, and customize apps within your organization. * api-change:``route53resolver``: [``botocore``] Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``ses``: [``botocore``] Add v2 smoke tests and smithy smokeTests trait for SDK testing. - from version 1.34.140 * api-change:``acm``: [``botocore``] Documentation updates, including fixes for xml formatting, broken links, and ListCertificates description. * api-change:``ecr``: [``botocore``] This release for Amazon ECR makes change to bring the SDK into sync with the API. * api-change:``payment-cryptography-data``: [``botocore``] Added further restrictions on logging of potentially sensitive inputs and outputs. * api-change:``qbusiness``: [``botocore``] Add personalization to Q Applications. Customers can enable or disable personalization when creating or updating a Q application with the personalization configuration. - from version 1.34.139 * api-change:``application-autoscaling``: [``botocore``] Doc only update for Application Auto Scaling that fixes resource name. * api-change:``directconnect``: [``botocore``] This update includes documentation for support of new native 400 GBps ports for Direct Connect. * api-change:``organizations``: [``botocore``] Added a new reason under ConstraintViolationException in RegisterDelegatedAdministrator API to prevent registering suspended accounts as delegated administrator of a service. * api-change:``rekognition``: [``botocore``] This release adds support for tagging projects and datasets with the CreateProject and CreateDataset APIs. * api-change:``workspaces``: [``botocore``] Fix create workspace bundle RootStorage/UserStorage to accept non null values - Update BuildRequires and Requires from setup.py - Update to 1.34.138 * api-change:``ec2``: [``botocore``] Documentation updates for Elastic Compute Cloud (EC2). * api-change:``fms``: [``botocore``] Increases Customer API's ManagedServiceData length * api-change:``s3``: [``botocore``] Added response overrides to Head Object requests. - from version 1.34.137 * api-change:``apigateway``: [``botocore``] Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``cognito-identity``: [``botocore``] Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``connect``: [``botocore``] Authentication profiles are Amazon Connect resources (in gated preview) that allow you to configure authentication settings for users in your contact center. This release adds support for new ListAuthenticationProfiles, DescribeAuthenticationProfile and UpdateAuthenticationProfile APIs. * api-change:``docdb``: [``botocore``] Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``eks``: [``botocore``] Updates EKS managed node groups to support EC2 Capacity Blocks for ML * api-change:``payment-cryptography``: [``botocore``] Added further restrictions on logging of potentially sensitive inputs and outputs. * api-change:``payment-cryptography-data``: [``botocore``] Adding support for dynamic keys for encrypt, decrypt, re-encrypt and translate pin functions. With this change, customers can use one-time TR-31 keys directly in dataplane operations without the need to first import them into the service. * api-change:``stepfunctions``: [``botocore``] Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``swf``: [``botocore``] Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``wafv2``: [``botocore``] JSON body inspection: Update documentation to clarify that JSON parsing doesn't include full validation. - from version 1.34.136 * api-change:``acm-pca``: [``botocore``] Added CCPC_LEVEL_1_OR_HIGHER KeyStorageSecurityStandard and SM2 KeyAlgorithm and SM3WITHSM2 SigningAlgorithm for China regions. * api-change:``cloudhsmv2``: [``botocore``] Added 3 new APIs to support backup sharing: GetResourcePolicy, PutResourcePolicy, and DeleteResourcePolicy. Added BackupArn to the output of the DescribeBackups API. Added support for BackupArn in the CreateCluster API. * api-change:``connect``: [``botocore``] This release supports showing PreferredAgentRouting step via DescribeContact API. * api-change:``emr``: [``botocore``] This release provides the support for new allocation strategies i.e. CAPACITY_OPTIMIZED_PRIORITIZED for Spot and PRIORITIZED for On-Demand by taking input of priority value for each instance type for instance fleet clusters. * api-change:``glue``: [``botocore``] Added AttributesToGet parameter to Glue GetDatabases, allowing caller to limit output to include only the database name. * api-change:``kinesisanalyticsv2``: [``botocore``] Support for Flink 1.19 in Managed Service for Apache Flink * api-change:``opensearch``: [``botocore``] This release removes support for enabling or disabling Natural Language Query Processing feature for Amazon OpenSearch Service domains. * api-change:``pi``: [``botocore``] Noting that the filter db.sql.db_id isn't available for RDS for SQL Server DB instances. * api-change:``workspaces``: [``botocore``] Added support for Red Hat Enterprise Linux 8 on Amazon WorkSpaces Personal. - from version 1.34.135 * api-change:``application-autoscaling``: [``botocore``] Amazon WorkSpaces customers can now use Application Auto Scaling to automatically scale the number of virtual desktops in a WorkSpaces pool. * api-change:``chime-sdk-media-pipelines``: [``botocore``] Added Amazon Transcribe multi language identification to Chime SDK call analytics. Enabling customers sending single stream audio to generate call recordings using Chime SDK call analytics * api-change:``cloudfront``: [``botocore``] Doc only update for CloudFront that fixes customer-reported issue * api-change:``datazone``: [``botocore``] This release supports the data lineage feature of business data catalog in Amazon DataZone. * api-change:``elasticache``: [``botocore``] Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``mq``: [``botocore``] This release makes the EngineVersion field optional for both broker and configuration and uses the latest available version by default. The AutoMinorVersionUpgrade field is also now optional for broker creation and defaults to 'true'. * api-change:``qconnect``: [``botocore``] Adds CreateContentAssociation, ListContentAssociations, GetContentAssociation, and DeleteContentAssociation APIs. * api-change:``quicksight``: [``botocore``] Adding support for Repeating Sections, Nested Filters * api-change:``rds``: [``botocore``] Updates Amazon RDS documentation for TAZ export to S3. * api-change:``sagemaker``: [``botocore``] Add capability for Admins to customize Studio experience for the user by showing or hiding Apps and MLTools. * api-change:``workspaces``: [``botocore``] Added support for WorkSpaces Pools. - from version 1.34.134 * api-change:``controltower``: [``botocore``] Added ListLandingZoneOperations API. * api-change:``eks``: [``botocore``] Added support for disabling unmanaged addons during cluster creation. * api-change:``ivs-realtime``: [``botocore``] IVS Real-Time now offers customers the ability to upload public keys for customer vended participant tokens. * api-change:``kinesisanalyticsv2``: [``botocore``] This release adds support for new ListApplicationOperations and DescribeApplicationOperation APIs. It adds a new configuration to enable system rollbacks, adds field ApplicationVersionCreateTimestamp for clarity and improves support for pagination for APIs. * api-change:``opensearch``: [``botocore``] This release adds support for enabling or disabling Natural Language Query Processing feature for Amazon OpenSearch Service domains, and provides visibility into the current state of the setup or tear-down. - from version 1.34.133 * api-change:``autoscaling``: [``botocore``] Doc only update for Auto Scaling's TargetTrackingMetricDataQuery * api-change:``ec2``: [``botocore``] This release is for the launch of the new u7ib-12tb.224xlarge, R8g, c7gn.metal and mac2-m1ultra.metal instance types * api-change:``networkmanager``: [``botocore``] This is model changes & documentation update for the Asynchronous Error Reporting feature for AWS Cloud WAN. This feature allows customers to view errors that occur while their resources are being provisioned, enabling customers to fix their resources without needing external support. * api-change:``workspaces-thin-client``: [``botocore``] This release adds the deviceCreationTags field to CreateEnvironment API input, UpdateEnvironment API input and GetEnvironment API output. - from version 1.34.132 * api-change:``bedrock-runtime``: [``botocore``] Increases Converse API's document name length * api-change:``customer-profiles``: [``botocore``] This release includes changes to ProfileObjectType APIs, adds functionality top set and get capacity for profile object types. * api-change:``ec2``: [``botocore``] Fix EC2 multi-protocol info in models. * api-change:``qbusiness``: [``botocore``] Allow enable/disable Q Apps when creating/updating a Q application; Return the Q Apps enablement information when getting a Q application. * api-change:``ssm``: [``botocore``] Add sensitive trait to SSM IPAddress property for CloudTrail redaction * api-change:``workspaces-web``: [``botocore``] Added ability to enable DeepLinking functionality on a Portal via UserSettings as well as added support for IdentityProvider resource tagging. - from version 1.34.131 * api-change:``bedrock-runtime``: [``botocore``] This release adds document support to Converse and ConverseStream APIs * api-change:``codeartifact``: [``botocore``] Add support for the Cargo package format. * api-change:``compute-optimizer``: [``botocore``] This release enables AWS Compute Optimizer to analyze and generate optimization recommendations for Amazon RDS MySQL and RDS PostgreSQL. * api-change:``cost-optimization-hub``: [``botocore``] This release enables AWS Cost Optimization Hub to show cost optimization recommendations for Amazon RDS MySQL and RDS PostgreSQL. * api-change:``dynamodb``: [``botocore``] Doc-only update for DynamoDB. Fixed Important note in 6 Global table APIs - CreateGlobalTable, DescribeGlobalTable, DescribeGlobalTableSettings, ListGlobalTables, UpdateGlobalTable, and UpdateGlobalTableSettings. * api-change:``glue``: [``botocore``] Fix Glue paginators for Jobs, JobRuns, Triggers, Blueprints and Workflows. * api-change:``ivs-realtime``: [``botocore``] IVS Real-Time now offers customers the ability to record individual stage participants to S3. * api-change:``sagemaker``: [``botocore``] Adds support for model references in Hub service, and adds support for cross-account access of Hubs * api-change:``securityhub``: [``botocore``] Documentation updates for Security Hub - from version 1.34.130 * api-change:``artifact``: [``botocore``] This release adds an acceptanceType field to the ReportSummary structure (used in the ListReports API response). * api-change:``athena``: [``botocore``] Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``cur``: [``botocore``] Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``directconnect``: [``botocore``] Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``elastictranscoder``: [``botocore``] Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``opensearch``: [``botocore``] This release enables customers to use JSON Web Tokens (JWT) for authentication on their Amazon OpenSearch Service domains. - from version 1.34.129 * api-change:``bedrock-runtime``: [``botocore``] This release adds support for using Guardrails with the Converse and ConverseStream APIs. * api-change:``cloudtrail``: [``botocore``] Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``config``: [``botocore``] Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``eks``: [``botocore``] This release adds support to surface async fargate customer errors from async path to customer through describe-fargate-profile API response. * api-change:``lightsail``: [``botocore``] Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``polly``: [``botocore``] Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``rekognition``: [``botocore``] Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``sagemaker``: [``botocore``] Launched a new feature in SageMaker to provide managed MLflow Tracking Servers for customers to track ML experiments. This release also adds a new capability of attaching additional storage to SageMaker HyperPod cluster instances. * api-change:``shield``: [``botocore``] Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``snowball``: [``botocore``] Add v2 smoke tests and smithy smokeTests trait for SDK testing. - from version 1.34.128 * api-change:``acm-pca``: [``botocore``] Doc-only update that adds name constraints as an allowed extension for ImportCertificateAuthorityCertificate. * api-change:``batch``: [``botocore``] Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``codebuild``: [``botocore``] AWS CodeBuild now supports global and organization GitHub webhooks * api-change:``cognito-idp``: [``botocore``] Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``ds``: [``botocore``] Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``efs``: [``botocore``] Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``glue``: [``botocore``] This release introduces a new feature, Usage profiles. Usage profiles allow the AWS Glue admin to create different profiles for various classes of users within the account, enforcing limits and defaults for jobs and sessions. * api-change:``mediaconvert``: [``botocore``] This release includes support for creating I-frame only video segments for DASH trick play. * api-change:``secretsmanager``: [``botocore``] Doc only update for Secrets Manager * api-change:``waf``: [``botocore``] Add v2 smoke tests and smithy smokeTests trait for SDK testing. - from version 1.34.127 * api-change:``datazone``: [``botocore``] This release introduces a new default service blueprint for custom environment creation. * api-change:``ec2``: [``botocore``] Documentation updates for Amazon EC2. * api-change:``macie2``: [``botocore``] This release adds support for managing the status of automated sensitive data discovery for individual accounts in an organization, and determining whether individual S3 buckets are included in the scope of the analyses. * api-change:``mediaconvert``: [``botocore``] This release adds the ability to search for historical job records within the management console using a search box and/or via the SDK/CLI with partial string matching search on input file name. * api-change:``route53domains``: [``botocore``] Add v2 smoke tests and smithy smokeTests trait for SDK testing. - from version 1.34.126 * api-change:``cloudhsmv2``: [``botocore``] Added support for hsm type hsm2m.medium. Added supported for creating a cluster in FIPS or NON_FIPS mode. * api-change:``glue``: [``botocore``] This release adds support for configuration of evaluation method for composite rules in Glue Data Quality rulesets. * api-change:``iotwireless``: [``botocore``] Add RoamingDeviceSNR and RoamingDeviceRSSI to Customer Metrics. * api-change:``kms``: [``botocore``] This feature allows customers to use their keys stored in KMS to derive a shared secret which can then be used to establish a secured channel for communication, provide proof of possession, or establish trust with other parties. * api-change:``mediapackagev2``: [``botocore``] This release adds support for CMAF ingest (DASH-IF live media ingest protocol interface 1) - from version 1.34.125 * api-change:``apptest``: [``botocore``] AWS Mainframe Modernization Application Testing is an AWS Mainframe Modernization service feature that automates functional equivalence testing for mainframe application modernization and migration to AWS, and regression testing. * api-change:``backupstorage``: [``botocore``] The backupstorage client has been removed following the deprecation of the service. * api-change:``ec2``: [``botocore``] Tagging support for Traffic Mirroring FilterRule resource * api-change:``osis``: [``botocore``] SDK changes for self-managed vpc endpoint to OpenSearch ingestion pipelines. * api-change:``redshift``: [``botocore``] Updates to remove DC1 and DS2 node types. * api-change:``secretsmanager``: [``botocore``] Introducing RotationToken parameter for PutSecretValue API * api-change:``securitylake``: [``botocore``] This release updates request validation regex to account for non-commercial aws partitions. * api-change:``sesv2``: [``botocore``] This release adds support for Amazon EventBridge as an email sending events destination. - from version 1.34.124 * api-change:``accessanalyzer``: [``botocore``] IAM Access Analyzer now provides policy recommendations to help resolve unused permissions for IAM roles and users. Additionally, IAM Access Analyzer now extends its custom policy checks to detect when IAM policies grant public access or access to critical resources ahead of deployments. * api-change:``guardduty``: [``botocore``] Added API support for GuardDuty Malware Protection for S3. * api-change:``networkmanager``: [``botocore``] This is model changes & documentation update for Service Insertion feature for AWS Cloud WAN. This feature allows insertion of AWS/3rd party security services on Cloud WAN. This allows to steer inter/intra segment traffic via security appliances and provide visibility to the route updates. * api-change:``pca-connector-scep``: [``botocore``] Connector for SCEP allows you to use a managed, cloud CA to enroll mobile devices and networking gear. SCEP is a widely-adopted protocol used by mobile device management (MDM) solutions for enrolling mobile devices. With the connector, you can use AWS Private CA with popular MDM solutions. * api-change:``sagemaker``: [``botocore``] Introduced Scope and AuthenticationRequestExtraParams to SageMaker Workforce OIDC configuration; this allows customers to modify these options for their private Workforce IdP integration. Model Registry Cross-account model package groups are discoverable. - from version 1.34.123 * api-change:``application-signals``: [``botocore``] This is the initial SDK release for Amazon CloudWatch Application Signals. Amazon CloudWatch Application Signals provides curated application performance monitoring for developers to monitor and troubleshoot application health using pre-built dashboards and Service Level Objectives. * api-change:``ecs``: [``botocore``] This release introduces a new cluster configuration to support the customer-managed keys for ECS managed storage encryption. * api-change:``imagebuilder``: [``botocore``] This release updates the regex pattern for Image Builder ARNs. - Update BuildRequires and Requires from setup.py - Update to 1.34.122 * api-change:``auditmanager``: [``botocore``] New feature: common controls. When creating custom controls, you can now use pre-grouped AWS data sources based on common compliance themes. Also, the awsServices parameter is deprecated because we now manage services in scope for you. If used, the input is ignored and an empty list is returned. * api-change:``b2bi``: [``botocore``] Added exceptions to B2Bi List operations and ConflictException to B2Bi StartTransformerJob operation. Also made capabilities field explicitly required when creating a Partnership. * api-change:``codepipeline``: [``botocore``] CodePipeline now supports overriding S3 Source Object Key during StartPipelineExecution, as part of Source Overrides. * api-change:``sagemaker``: [``botocore``] This release introduces a new optional parameter: InferenceAmiVersion, in ProductionVariant. * api-change:``verifiedpermissions``: [``botocore``] This release adds OpenIdConnect (OIDC) configuration support for IdentitySources, allowing for external IDPs to be used in authorization requests. - from version 1.34.121 * api-change:``account``: [``botocore``] This release adds 3 new APIs (AcceptPrimaryEmailUpdate, GetPrimaryEmail, and StartPrimaryEmailUpdate) used to centrally manage the root user email address of member accounts within an AWS organization. * api-change:``alexaforbusiness``: [``botocore``] The alexaforbusiness client has been removed following the deprecation of the service. * api-change:``firehose``: [``botocore``] Adds integration with Secrets Manager for Redshift, Splunk, HttpEndpoint, and Snowflake destinations * api-change:``fsx``: [``botocore``] This release adds support to increase metadata performance on FSx for Lustre file systems beyond the default level provisioned when a file system is created. This can be done by specifying MetadataConfiguration during the creation of Persistent_2 file systems or by updating it on demand. * api-change:``glue``: [``botocore``] This release adds support for creating and updating Glue Data Catalog Views. * api-change:``honeycode``: [``botocore``] The honeycode client has been removed following the deprecation of the service. * api-change:``iotwireless``: [``botocore``] Adds support for wireless device to be in Conflict FUOTA Device Status due to a FUOTA Task, so it couldn't be attached to a new one. * api-change:``location``: [``botocore``] Added two new APIs, VerifyDevicePosition and ForecastGeofenceEvents. Added support for putting larger geofences up to 100,000 vertices with Geobuf fields. * api-change:``sns``: [``botocore``] Doc-only update for SNS. These changes include customer-reported issues and TXC3 updates. * api-change:``sqs``: [``botocore``] Doc only updates for SQS. These updates include customer-reported issues and TCX3 modifications. * api-change:``storagegateway``: [``botocore``] Adds SoftwareUpdatePreferences to DescribeMaintenanceStartTime and UpdateMaintenanceStartTime, a structure which contains AutomaticUpdatePolicy. * enhancement:AWSCRT: [``botocore``] Update awscrt version to 0.20.11 - from version 1.34.120 * api-change:``globalaccelerator``: [``botocore``] This release contains a new optional ip-addresses input field for the update accelerator and update custom routing accelerator apis. This input enables consumers to replace IPv4 addresses on existing accelerators with addresses provided in the input. * api-change:``glue``: [``botocore``] AWS Glue now supports native SaaS connectivity: Salesforce connector available now * api-change:``s3``: [``botocore``] Added new params copySource and key to copyObject API for supporting S3 Access Grants plugin. These changes will not change any of the existing S3 API functionality. - from version 1.34.119 * api-change:``ec2``: [``botocore``] U7i instances with up to 32 TiB of DDR5 memory and 896 vCPUs are now available. C7i-flex instances are launched and are lower-priced variants of the Amazon EC2 C7i instances that offer a baseline level of CPU performance with the ability to scale up to the full compute performance 95% of the time. * api-change:``pipes``: [``botocore``] This release adds Timestream for LiveAnalytics as a supported target in EventBridge Pipes * api-change:``sagemaker``: [``botocore``] Extend DescribeClusterNode response with private DNS hostname and IP address, and placement information about availability zone and availability zone ID. * api-change:``taxsettings``: [``botocore``] Initial release of AWS Tax Settings API - from version 1.34.118 * api-change:``amplify``: [``botocore``] This doc-only update identifies fields that are specific to Gen 1 and Gen 2 applications. * api-change:``batch``: [``botocore``] This release adds support for the AWS Batch GetJobQueueSnapshot API operation. * api-change:``eks``: [``botocore``] Adds support for EKS add-ons pod identity associations integration * api-change:``iottwinmaker``: [``botocore``] Support RESET_VALUE UpdateType for PropertyUpdates to reset property value to default or null - from version 1.34.117 * api-change:``codebuild``: [``botocore``] AWS CodeBuild now supports Self-hosted GitHub Actions runners for Github Enterprise * api-change:``codeguru-security``: [``botocore``] This release includes minor model updates and documentation updates. * api-change:``elasticache``: [``botocore``] Update to attributes of TestFailover and minor revisions. * api-change:``launch-wizard``: [``botocore``] This release adds support for describing workload deployment specifications, deploying additional workload types, and managing tags for Launch Wizard resources with API operations. - from version 1.34.116 * api-change:``acm``: [``botocore``] add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``bedrock-agent``: [``botocore``] With this release, Knowledge bases for Bedrock adds support for Titan Text Embedding v2. * api-change:``bedrock-runtime``: [``botocore``] This release adds Converse and ConverseStream APIs to Bedrock Runtime * api-change:``cloudtrail``: [``botocore``] CloudTrail Lake returns PartitionKeys in the GetEventDataStore API response. Events are grouped into partitions based on these keys for better query performance. For example, the calendarday key groups events by day, while combining the calendarday key with the hour key groups them by day and hour. * api-change:``connect``: [``botocore``] Adding associatedQueueIds as a SearchCriteria and response field to the SearchRoutingProfiles API * api-change:``emr-serverless``: [``botocore``] The release adds support for spark structured streaming. * api-change:``rds``: [``botocore``] Updates Amazon RDS documentation for Aurora Postgres DBname. * api-change:``sagemaker``: [``botocore``] Adds Model Card information as a new component to Model Package. Autopilot launches algorithm selection for TimeSeries modality to generate AutoML candidates per algorithm. - from version 1.34.115 * api-change:``athena``: [``botocore``] Throwing validation errors on CreateNotebook with Name containing `/`,`:`,`\` * api-change:``codebuild``: [``botocore``] AWS CodeBuild now supports manually creating GitHub webhooks * api-change:``connect``: [``botocore``] This release includes changes to DescribeContact API's response by including ConnectedToSystemTimestamp, RoutingCriteria, Customer, Campaign, AnsweringMachineDetectionStatus, CustomerVoiceActivity, QualityMetrics, DisconnectDetails, and SegmentAttributes information from a contact in Amazon Connect. * api-change:``glue``: [``botocore``] Add optional field JobMode to CreateJob and UpdateJob APIs. * api-change:``securityhub``: [``botocore``] Add ROOT type for TargetType model - from version 1.34.114 * api-change:``dynamodb``: [``botocore``] Doc-only update for DynamoDB. Specified the IAM actions needed to authorize a user to create a table with a resource-based policy. * api-change:``ec2``: [``botocore``] Providing support to accept BgpAsnExtended attribute * api-change:``kafka``: [``botocore``] Adds ControllerNodeInfo in ListNodes response to support Raft mode for MSK * api-change:``swf``: [``botocore``] This release adds new APIs for deleting activity type and workflow type resources. - from version 1.34.113 * api-change:``dynamodb``: [``botocore``] Documentation only updates for DynamoDB. * api-change:``iotfleetwise``: [``botocore``] AWS IoT FleetWise now supports listing vehicles with attributes filter, ListVehicles API is updated to support additional attributes filter. * api-change:``managedblockchain``: [``botocore``] This is a minor documentation update to address the impact of the shut down of the Goerli and Polygon networks. - from version 1.34.112 * api-change:``emr-serverless``: [``botocore``] This release adds the capability to run interactive workloads using Apache Livy Endpoint. * api-change:``opsworks``: [``botocore``] Documentation-only update for OpsWorks Stacks. - from version 1.34.111 * api-change:``chatbot``: [``botocore``] This change adds support for tagging Chatbot configurations. * api-change:``cloudformation``: [``botocore``] Added DeletionMode FORCE_DELETE_STACK for deleting a stack that is stuck in DELETE_FAILED state due to resource deletion failure. * api-change:``kms``: [``botocore``] This release includes feature to import customer's asymmetric (RSA, ECC and SM2) and HMAC keys into KMS in China. * api-change:``opensearch``: [``botocore``] This release adds support for enabling or disabling a data source configured as part of Zero-ETL integration with Amazon S3, by setting its status. * api-change:``wafv2``: [``botocore``] You can now use Security Lake to collect web ACL traffic data. - from version 1.34.110 * api-change:``cloudfront``: [``botocore``] Model update; no change to SDK functionality. * api-change:``glue``: [``botocore``] Add Maintenance window to CreateJob and UpdateJob APIs and JobRun response. Add a new Job Run State for EXPIRED. * api-change:``lightsail``: [``botocore``] This release adds support for Amazon Lightsail instances to switch between dual-stack or IPv4 only and IPv6-only public IP address types. * api-change:``mailmanager``: [``botocore``] This release includes a new Amazon SES feature called Mail Manager, which is a set of email gateway capabilities designed to help customers strengthen their organization's email infrastructure, simplify email workflow management, and streamline email compliance control. * api-change:``pi``: [``botocore``] Performance Insights added a new input parameter called AuthorizedActions to support the fine-grained access feature. Performance Insights also restricted the acceptable input characters. * api-change:``rds``: [``botocore``] Updates Amazon RDS documentation for Db2 license through AWS Marketplace. * api-change:``storagegateway``: [``botocore``] Added new SMBSecurityStrategy enum named MandatoryEncryptionNoAes128, new mode enforces encryption and disables AES 128-bit algorithums. - from version 1.34.109 * api-change:``bedrock-agent``: [``botocore``] This release adds support for using Guardrails with Bedrock Agents. * api-change:``bedrock-agent-runtime``: [``botocore``] This release adds support for using Guardrails with Bedrock Agents. * api-change:``controltower``: [``botocore``] Added ListControlOperations API and filtering support for ListEnabledControls API. Updates also includes added metadata for enabled controls and control operations. * api-change:``osis``: [``botocore``] Add support for creating an OpenSearch Ingestion pipeline that is attached to a provided VPC. Add information about the destinations of an OpenSearch Ingestion pipeline to the GetPipeline and ListPipelines APIs. * api-change:``rds``: [``botocore``] This release adds support for EngineLifecycleSupport on DBInstances, DBClusters, and GlobalClusters. * api-change:``secretsmanager``: [``botocore``] add v2 smoke tests and smithy smokeTests trait for SDK testing - from version 1.34.108 * api-change:``application-autoscaling``: [``botocore``] add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``codebuild``: [``botocore``] Aws CodeBuild now supports 36 hours build timeout * api-change:``elbv2``: [``botocore``] This release adds dualstack-without-public-ipv4 IP address type for ALB. * api-change:``lakeformation``: [``botocore``] Introduces a new API, GetDataLakePrincipal, that returns the identity of the invoking principal * api-change:``transfer``: [``botocore``] Enable use of CloudFormation traits in Smithy model to improve generated CloudFormation schema from the Smithy API model. - from version 1.34.107 * api-change:``acm-pca``: [``botocore``] This release adds support for waiters to fail on AccessDeniedException when having insufficient permissions * api-change:``connect``: [``botocore``] Adding Contact Flow metrics to the GetMetricDataV2 API * api-change:``kafka``: [``botocore``] AWS MSK support for Broker Removal. * api-change:``mwaa``: [``botocore``] Amazon MWAA now supports Airflow web server auto scaling to automatically handle increased demand from REST APIs, Command Line Interface (CLI), or more Airflow User Interface (UI) users. Customers can specify maximum and minimum web server instances during environment creation and update workflow. * api-change:``quicksight``: [``botocore``] This release adds DescribeKeyRegistration and UpdateKeyRegistration APIs to manage QuickSight Customer Managed Keys (CMK). * api-change:``sagemaker``: [``botocore``] Introduced WorkerAccessConfiguration to SageMaker Workteam. This allows customers to configure resource access for workers in a workteam. * api-change:``secretsmanager``: [``botocore``] Documentation updates for AWS Secrets Manager * bugfix:retries: [``botocore``] Fix backoff calculation for truncated binary exponential backoff (`#3178 <https://github.com/boto/botocore/issues/3178>`__) - from version 1.34.106 * api-change:``bedrock-agent-runtime``: [``botocore``] Updating Bedrock Knowledge Base Metadata & Filters feature with two new filters listContains and stringContains * api-change:``codebuild``: [``botocore``] CodeBuild Reserved Capacity VPC Support * api-change:``datasync``: [``botocore``] Task executions now display a CANCELLING status when an execution is in the process of being cancelled. * api-change:``grafana``: [``botocore``] This release adds new ServiceAccount and ServiceAccountToken APIs. * api-change:``medical-imaging``: [``botocore``] Added support for importing medical imaging data from Amazon S3 buckets across accounts and regions. * api-change:``securityhub``: [``botocore``] Documentation-only update for AWS Security Hub - Update BuildRequires and Requires from setup.py - Update to 1.34.105 * api-change:``connect``: [``botocore``] Amazon Connect provides enhanced search capabilities for flows & flow modules on the Connect admin website and programmatically using APIs. You can search for flows and flow modules by name, description, type, status, and tags, to filter and identify a specific flow in your Connect instances. * api-change:``s3``: [``botocore``] Updated a few x-id in the http uri traits - from version 1.34.104 * api-change:``events``: [``botocore``] Amazon EventBridge introduces KMS customer-managed key (CMK) encryption support for custom and partner events published on EventBridge Event Bus (including default bus) and UpdateEventBus API. * api-change:``vpc-lattice``: [``botocore``] This release adds TLS Passthrough support. It also increases max number of target group per rule to 10. - from version 1.34.103 * api-change:``discovery``: [``botocore``] add v2 smoke tests and smithy smokeTests trait for SDK testing * api-change:``greengrassv2``: [``botocore``] Mark ComponentVersion in ComponentDeploymentSpecification as required. * api-change:``sagemaker``: [``botocore``] Introduced support for G6 instance types on Sagemaker Notebook Instances and on SageMaker Studio for JupyterLab and CodeEditor applications. * api-change:``sso-oidc``: [``botocore``] Updated request parameters for PKCE support. - from version 1.34.102 * api-change:``bedrock-agent-runtime``: [``botocore``] This release adds support to provide guardrail configuration and modify inference parameters that are then used in RetrieveAndGenerate API in Agents for Amazon Bedrock. * api-change:``pinpoint``: [``botocore``] This release adds support for specifying email message headers for Email Templates, Campaigns, Journeys and Send Messages. * api-change:``route53resolver``: [``botocore``] Update the DNS Firewall settings to correct a spelling issue. * api-change:``ssm-sap``: [``botocore``] Added support for application-aware start/stop of SAP applications running on EC2 instances, with SSM for SAP * api-change:``verifiedpermissions``: [``botocore``] Adds policy effect and actions fields to Policy API's. - from version 1.34.101 * api-change:``cognito-idp``: [``botocore``] Add EXTERNAL_PROVIDER enum value to UserStatusType. * api-change:``ec2``: [``botocore``] Adding Precision Hardware Clock (PHC) to public API DescribeInstanceTypes * api-change:``ecr``: [``botocore``] This release adds pull through cache rules support for GitLab container registry in Amazon ECR. * api-change:``fms``: [``botocore``] The policy scope resource tag is always a string value, either a non-empty string or an empty string. * api-change:``polly``: [``botocore``] Add new engine - generative - that builds the most expressive conversational voices. * api-change:``sqs``: [``botocore``] This release adds MessageSystemAttributeNames to ReceiveMessageRequest to replace AttributeNames. - from version 1.34.100 * api-change:``b2bi``: [``botocore``] Documentation update to clarify the MappingTemplate definition. * api-change:``budgets``: [``botocore``] This release adds tag support for budgets and budget actions. * api-change:``resiliencehub``: [``botocore``] AWS Resilience Hub has expanded its drift detection capabilities by introducing a new type of drift detection - application resource drift. This new enhancement detects changes, such as the addition or deletion of resources within the application's input sources. * api-change:``route53profiles``: [``botocore``] Doc only update for Route 53 profiles that fixes some link issues - from version 1.34.99 * api-change:``medialive``: [``botocore``] AWS Elemental MediaLive now supports configuring how SCTE 35 passthrough triggers segment breaks in HLS and MediaPackage output groups. Previously, messages triggered breaks in all these output groups. The new option is to trigger segment breaks only in groups that have SCTE 35 passthrough enabled. - from version 1.34.98 * api-change:``bedrock-agent``: [``botocore``] This release adds support for using Provisioned Throughput with Bedrock Agents. * api-change:``connect``: [``botocore``] This release adds 5 new APIs for managing attachments: StartAttachedFileUpload, CompleteAttachedFileUpload, GetAttachedFile, BatchGetAttachedFileMetadata, DeleteAttachedFile. These APIs can be used to programmatically upload and download attachments to Connect resources, like cases. * api-change:``connectcases``: [``botocore``] This feature supports the release of Files related items * api-change:``datasync``: [``botocore``] Updated guidance on using private or self-signed certificate authorities (CAs) with AWS DataSync object storage locations. * api-change:``inspector2``: [``botocore``] This release adds CSV format to GetCisScanReport for Inspector v2 * api-change:``sagemaker``: [``botocore``] Amazon SageMaker Inference now supports m6i, c6i, r6i, m7i, c7i, r7i and g5 instance types for Batch Transform Jobs * api-change:``sesv2``: [``botocore``] Adds support for specifying replacement headers per BulkEmailEntry in SendBulkEmail in SESv2. - from version 1.34.97 * api-change:``dynamodb``: [``botocore``] This release adds support to specify an optional, maximum OnDemandThroughput for DynamoDB tables and global secondary indexes in the CreateTable or UpdateTable APIs. You can also override the OnDemandThroughput settings by calling the ImportTable, RestoreFromPointInTime, or RestoreFromBackup APIs. * api-change:``ec2``: [``botocore``] This release includes a new API for retrieving the public endorsement key of the EC2 instance's Nitro Trusted Platform Module (NitroTPM). * api-change:``personalize``: [``botocore``] This releases ability to delete users and their data, including their metadata and interactions data, from a dataset group. * api-change:``redshift-serverless``: [``botocore``] Update Redshift Serverless List Scheduled Actions Output Response to include Namespace Name. - from version 1.34.96 * api-change:``bedrock-agent``: [``botocore``] This release adds support for using MongoDB Atlas as a vector store when creating a knowledge base. * api-change:``ec2``: [``botocore``] Documentation updates for Amazon EC2. * api-change:``personalize-runtime``: [``botocore``] This release adds support for a Reason attribute for predicted items generated by User-Personalization-v2. * api-change:``securityhub``: [``botocore``] Updated CreateMembers API request with limits. * api-change:``sesv2``: [``botocore``] Fixes ListContacts and ListImportJobs APIs to use POST instead of GET. - from version 1.34.95 * api-change:``chime-sdk-voice``: [``botocore``] Due to changes made by the Amazon Alexa service, GetSipMediaApplicationAlexaSkillConfiguration and PutSipMediaApplicationAlexaSkillConfiguration APIs are no longer available for use. For more information, refer to the Alexa Smart Properties page. * api-change:``codeartifact``: [``botocore``] Add support for the Ruby package format. * api-change:``fms``: [``botocore``] AWS Firewall Manager now supports the network firewall service stream exception policy feature for accounts within your organization. * api-change:``omics``: [``botocore``] Add support for workflow sharing and dynamic run storage * api-change:``opensearch``: [``botocore``] This release enables customers to create Route53 A and AAAA alias record types to point custom endpoint domain to OpenSearch domain's dualstack search endpoint. * api-change:``pinpoint-sms-voice-v2``: [``botocore``] Amazon Pinpoint has added two new features Multimedia services (MMS) and protect configurations. Use the three new MMS APIs to send media messages to a mobile phone which includes image, audio, text, or video files. Use the ten new protect configurations APIs to block messages to specific countries. * api-change:``qbusiness``: [``botocore``] This is a general availability (GA) release of Amazon Q Business. Q Business enables employees in an enterprise to get comprehensive answers to complex questions and take actions through a unified, intuitive web-based chat experience - using an enterprise's existing content, data, and systems. * api-change:``quicksight``: [``botocore``] New Q embedding supporting Generative Q&A * api-change:``route53resolver``: [``botocore``] Release of FirewallDomainRedirectionAction parameter on the Route 53 DNS Firewall Rule. This allows customers to configure a DNS Firewall rule to inspect all the domains in the DNS redirection chain (default) , such as CNAME, ALIAS, DNAME, etc., or just the first domain and trust the rest. * api-change:``sagemaker``: [``botocore``] Amazon SageMaker Training now supports the use of attribute-based access control (ABAC) roles for training job execution roles. Amazon SageMaker Inference now supports G6 instance types. * api-change:``signer``: [``botocore``] Documentation updates for AWS Signer. Adds cross-account signing constraint and definitions for cross-account actions. - from version 1.34.94 * api-change:``amplify``: [``botocore``] Updating max results limit for listing any resources (Job, Artifacts, Branch, BackendResources, DomainAssociation) to 50 with the exception of list apps that where max results can be up to 100. * api-change:``connectcases``: [``botocore``] This feature releases DeleteField, DeletedLayout, and DeleteTemplate API's * api-change:``inspector2``: [``botocore``] Update Inspector2 to include new Agentless API parameters. * api-change:``timestream-query``: [``botocore``] This change allows users to update and describe account settings associated with their accounts. * api-change:``transcribe``: [``botocore``] This update provides error messaging for generative call summarization in Transcribe Call Analytics * api-change:``trustedadvisor``: [``botocore``] This release adds the BatchUpdateRecommendationResourceExclusion API to support batch updates of Recommendation Resource exclusion statuses and introduces a new exclusion status filter to the ListRecommendationResources and ListOrganizationRecommendationResources APIs. - from version 1.34.93 * api-change:``codepipeline``: [``botocore``] Add ability to manually and automatically roll back a pipeline stage to a previously successful execution. * api-change:``cognito-idp``: [``botocore``] Add LimitExceededException to SignUp errors * api-change:``connectcampaigns``: [``botocore``] This release adds support for specifying if Answering Machine should wait for prompt sound. * api-change:``marketplace-entitlement``: [``botocore``] Releasing minor endpoint updates. * api-change:``oam``: [``botocore``] This release introduces support for Source Accounts to define which Metrics and Logs to share with the Monitoring Account * api-change:``rds``: [``botocore``] SupportsLimitlessDatabase field added to describe-db-engine-versions to indicate whether the DB engine version supports Aurora Limitless Database. * api-change:``support``: [``botocore``] Releasing minor endpoint updates. - from version 1.34.92 * api-change:``appsync``: [``botocore``] UpdateGraphQLAPI documentation update and datasource introspection secret arn update * api-change:``fms``: [``botocore``] AWS Firewall Manager adds support for network ACL policies to manage Amazon Virtual Private Cloud (VPC) network access control lists (ACLs) for accounts in your organization. * api-change:``ivs``: [``botocore``] Bug Fix: IVS does not support arns with the `svs` prefix * api-change:``ivs-realtime``: [``botocore``] Bug Fix: IVS Real Time does not support ARNs using the `svs` prefix. * api-change:``rds``: [``botocore``] Updates Amazon RDS documentation for setting local time zones for RDS for Db2 DB instances. * api-change:``stepfunctions``: [``botocore``] Add new ValidateStateMachineDefinition operation, which performs syntax checking on the definition of a Amazon States Language (ASL) state machine. - from version 1.34.91 * api-change:``datasync``: [``botocore``] This change allows users to disable and enable the schedules associated with their tasks. * api-change:``ec2``: [``botocore``] Launching capability for customers to enable or disable automatic assignment of public IPv4 addresses to their network interface * api-change:``emr-containers``: [``botocore``] EMRonEKS Service support for SecurityConfiguration enforcement for Spark Jobs. * api-change:``entityresolution``: [``botocore``] Support Batch Unique IDs Deletion. * api-change:``gamelift``: [``botocore``] Amazon GameLift releases container fleets support for public preview. Deploy Linux-based containerized game server software for hosting on Amazon GameLift. * api-change:``ssm``: [``botocore``] Add SSM DescribeInstanceProperties API to public AWS SDK. - from version 1.34.90 * api-change:``bedrock``: [``botocore``] This release introduces Model Evaluation and Guardrails for Amazon Bedrock. * api-change:``bedrock-agent``: [``botocore``] Introducing the ability to create multiple data sources per knowledge base, specify S3 buckets as data sources from external accounts, and exposing levers to define the deletion behavior of the underlying vector store data. * api-change:``bedrock-agent-runtime``: [``botocore``] This release introduces zero-setup file upload support for the RetrieveAndGenerate API. This allows you to chat with your data without setting up a Knowledge Base. * api-change:``bedrock-runtime``: [``botocore``] This release introduces Guardrails for Amazon Bedrock. * api-change:``ce``: [``botocore``] Added additional metadata that might be applicable to your reservation recommendations. * api-change:``ec2``: [``botocore``] This release introduces EC2 AMI Deregistration Protection, a new AMI property that can be enabled by customers to protect an AMI against an unintended deregistration. This release also enables the AMI owners to view the AMI 'LastLaunchedTime' in DescribeImages API. * api-change:``pi``: [``botocore``] Clarifies how aggregation works for GetResourceMetrics in the Performance Insights API. * api-change:``rds``: [``botocore``] Fix the example ARN for ModifyActivityStreamRequest * api-change:``sqs``: [``botocore``] This release enables customers to call SQS using AWS JSON-1.0 protocol * api-change:``workspaces-web``: [``botocore``] Added InstanceType and MaxConcurrentSessions parameters on CreatePortal and UpdatePortal Operations as well as the ability to read Customer Managed Key & Additional Encryption Context parameters on supported resources (Portal, BrowserSettings, UserSettings, IPAccessSettings) - from version 1.34.89 * api-change:``bedrock-agent``: [``botocore``] Releasing the support for simplified configuration and return of control * api-change:``bedrock-agent-runtime``: [``botocore``] Releasing the support for simplified configuration and return of control * api-change:``payment-cryptography``: [``botocore``] Adding support to TR-31/TR-34 exports for optional headers, allowing customers to add additional metadata (such as key version and KSN) when exporting keys from the service. * api-change:``redshift-serverless``: [``botocore``] Updates description of schedule field for scheduled actions. * api-change:``route53profiles``: [``botocore``] Route 53 Profiles allows you to apply a central DNS configuration across many VPCs regardless of account. * api-change:``sagemaker``: [``botocore``] This release adds support for Real-Time Collaboration and Shared Space for JupyterLab App on SageMaker Studio. * api-change:``servicediscovery``: [``botocore``] This release adds examples to several Cloud Map actions. * api-change:``transfer``: [``botocore``] Adding new API to support remote directory listing using SFTP connector - from version 1.34.88 * api-change:``glue``: [``botocore``] Adding RowFilter in the response for GetUnfilteredTableMetadata API * api-change:``internetmonitor``: [``botocore``] This update introduces the GetInternetEvent and ListInternetEvents APIs, which provide access to internet events displayed on the Amazon CloudWatch Internet Weather Map. * api-change:``personalize``: [``botocore``] This releases auto training capability while creating a solution and automatically syncing latest solution versions when creating/updating a campaign - from version 1.34.87 * api-change:``drs``: [``botocore``] Outpost ARN added to Source Server and Recovery Instance * api-change:``emr-serverless``: [``botocore``] This release adds the capability to publish detailed Spark engine metrics to Amazon Managed Service for Prometheus (AMP) for enhanced monitoring for Spark jobs. * api-change:``guardduty``: [``botocore``] Added IPv6Address fields for local and remote IP addresses * api-change:``quicksight``: [``botocore``] This release adds support for the Cross Sheet Filter and Control features, and support for warnings in asset imports for any permitted errors encountered during execution * api-change:``rolesanywhere``: [``botocore``] This release introduces the PutAttributeMapping and DeleteAttributeMapping APIs. IAM Roles Anywhere now provides the capability to define a set of mapping rules, allowing customers to specify which data is extracted from their X.509 end-entity certificates. * api-change:``sagemaker``: [``botocore``] Removed deprecated enum values and updated API documentation. * api-change:``workspaces``: [``botocore``] Adds new APIs for managing and sharing WorkSpaces BYOL configuration across accounts. - from version 1.34.86 * api-change:``ec2``: [``botocore``] Documentation updates for Elastic Compute Cloud (EC2). * api-change:``qbusiness``: [``botocore``] This release adds support for IAM Identity Center (IDC) as the identity gateway for Q Business. It also allows users to provide an explicit intent for Q Business to identify how the Chat request should be handled. - from version 1.34.85 * api-change:``bedrock-agent``: [``botocore``] For Create Agent API, the agentResourceRoleArn parameter is no longer required. * api-change:``emr-serverless``: [``botocore``] This release adds support for shuffle optimized disks that allow larger disk sizes and higher IOPS to efficiently run shuffle heavy workloads. * api-change:``entityresolution``: [``botocore``] Cross Account Resource Support . * api-change:``iotwireless``: [``botocore``] Add PublicGateways in the GetWirelessStatistics call response, indicating the LoRaWAN public network accessed by the device. * api-change:``lakeformation``: [``botocore``] This release adds Lake Formation managed RAM support for the 4 APIs - 'DescribeLakeFormationIdentityCenterConfiguration', 'CreateLakeFormationIdentityCenterConfiguration', 'DescribeLakeFormationIdentityCenterConfiguration', and 'DeleteLakeFormationIdentityCenterConfiguration' * api-change:``m2``: [``botocore``] Adding new ListBatchJobRestartPoints API and support for restart batch job. * api-change:``mediapackagev2``: [``botocore``] Dash v2 is a MediaPackage V2 feature to support egressing on DASH manifest format. * api-change:``outposts``: [``botocore``] This release adds new APIs to allow customers to configure their Outpost capacity at order-time. * api-change:``wellarchitected``: [``botocore``] AWS Well-Architected now has a Connector for Jira to allow customers to efficiently track workload risks and improvement efforts and create closed-loop mechanisms. * enhancement:AWSCRT: [``botocore``] Update awscrt version to 0.20.9 - from version 1.34.84 * api-change:``cloudformation``: [``botocore``] Adding support for the new parameter 'IncludePropertyValues' in the CloudFormation DescribeChangeSet API. When this parameter is included, the DescribeChangeSet response will include more detailed information such as before and after values for the resource properties that will change. * api-change:``config``: [``botocore``] Updates documentation for AWS Config * api-change:``glue``: [``botocore``] Modifying request for GetUnfilteredTableMetadata for view-related fields. * api-change:``healthlake``: [``botocore``] Added new CREATE_FAILED status for data stores. Added new errorCause to DescribeFHIRDatastore API and ListFHIRDatastores API response for additional insights into data store creation and deletion workflows. * api-change:``iotfleethub``: [``botocore``] Documentation updates for AWS IoT Fleet Hub to clarify that Fleet Hub supports organization instance of IAM Identity Center. * api-change:``kms``: [``botocore``] This feature supports the ability to specify a custom rotation period for automatic key rotations, the ability to perform on-demand key rotations, and visibility into your key material rotations. * api-change:``mediatailor``: [``botocore``] Added InsertionMode to PlaybackConfigurations. This setting controls whether players can use stitched or guided ad insertion. The default for players that do not specify an insertion mode is stitched. * api-change:``neptune-graph``: [``botocore``] Update to API documentation to resolve customer reported issues. * api-change:``outposts``: [``botocore``] This release adds EXPEDITORS as a valid shipment carrier. * api-change:``redshift``: [``botocore``] Adds support for Amazon Redshift DescribeClusterSnapshots API to include Snapshot ARN response field. * api-change:``transfer``: [``botocore``] This change releases support for importing self signed certificates to the Transfer Family for sending outbound file transfers over TLS/HTTPS. - from version 1.34.83 * api-change:``batch``: [``botocore``] This release adds the task properties field to attempt details and the name field on EKS container detail. * api-change:``cloudfront``: [``botocore``] CloudFront origin access control extends support to AWS Lambda function URLs and AWS Elemental MediaPackage v2 origins. * api-change:``cloudwatch``: [``botocore``] This release adds support for Metric Characteristics for CloudWatch Anomaly Detection. Anomaly Detector now takes Metric Characteristics object with Periodic Spikes boolean field that tells Anomaly Detection that spikes that repeat at the same time every week are part of the expected pattern. * api-change:``codebuild``: [``botocore``] Support access tokens for Bitbucket sources * api-change:``iam``: [``botocore``] For CreateOpenIDConnectProvider API, the ThumbprintList parameter is no longer required. * api-change:``medialive``: [``botocore``] AWS Elemental MediaLive introduces workflow monitor, a new feature that enables the visualization and monitoring of your media workflows. Create signal maps of your existing workflows and monitor them by creating notification and monitoring template groups. * api-change:``omics``: [``botocore``] This release adds support for retrieval of S3 direct access metadata on sequence stores and read sets, and adds support for SHA256up and SHA512up HealthOmics ETags. * api-change:``pipes``: [``botocore``] LogConfiguration ARN validation fixes * api-change:``rds``: [``botocore``] Updates Amazon RDS documentation for Standard Edition 2 support in RDS Custom for Oracle. * api-change:``s3control``: [``botocore``] Documentation updates for Amazon S3-control. - from version 1.34.82 * api-change:``cleanrooms``: [``botocore``] AWS Clean Rooms Differential Privacy is now fully available. Differential privacy protects against user-identification attempts. * api-change:``connect``: [``botocore``] This release adds new Submit Auto Evaluation Action for Amazon Connect Rules. * api-change:``networkmonitor``: [``botocore``] Examples were added to CloudWatch Network Monitor commands. * api-change:``qconnect``: [``botocore``] This release adds a new QiC public API updateSession and updates an existing QiC public API createSession * api-change:``rekognition``: [``botocore``] Added support for ContentType to content moderation detections. * api-change:``supplychain``: [``botocore``] This release includes API SendDataIntegrationEvent for AWS Supply Chain * api-change:``workspaces-thin-client``: [``botocore``] Adding tags field to SoftwareSet. Removing tags fields from Summary objects. Changing the list of exceptions in tagging APIs. Fixing an issue where the SDK returns empty tags in Get APIs. - from version 1.34.81 * api-change:``codebuild``: [``botocore``] Add new webhook filter types for GitHub webhooks * api-change:``mediaconvert``: [``botocore``] This release includes support for bringing your own fonts to use for burn-in or DVB-Sub captioning workflows. * api-change:``pinpoint``: [``botocore``] The OrchestrationSendingRoleArn has been added to the email channel and is used to send emails from campaigns or journeys. * api-change:``rds``: [``botocore``] This release adds support for specifying the CA certificate to use for the new db instance when restoring from db snapshot, restoring from s3, restoring to point in time, and creating a db instance read replica. - from version 1.34.80 * api-change:``controlcatalog``: [``botocore``] This is the initial SDK release for AWS Control Catalog, a central catalog for AWS managed controls. This release includes 3 new APIs - ListDomains, ListObjectives, and ListCommonControls - that vend high-level data to categorize controls across the AWS platform. * api-change:``mgn``: [``botocore``] Added USE_SOURCE as default option to LaunchConfigurationTemplate bootMode parameter. * api-change:``networkmonitor``: [``botocore``] Updated the allowed monitorName length for CloudWatch Network Monitor. - from version 1.34.79 * api-change:``quicksight``: [``botocore``] Adding IAMIdentityCenterInstanceArn parameter to CreateAccountSubscription * api-change:``resource-groups``: [``botocore``] Added a new QueryErrorCode RESOURCE_TYPE_NOT_SUPPORTED that is returned by the ListGroupResources operation if the group query contains unsupported resource types. * api-change:``verifiedpermissions``: [``botocore``] Adding BatchIsAuthorizedWithToken API which supports multiple authorization requests against a PolicyStore given a bearer token. - from version 1.34.78 * api-change:``b2bi``: [``botocore``] Adding support for X12 5010 HIPAA EDI version and associated transaction sets. * api-change:``cleanrooms``: [``botocore``] Feature: New schemaStatusDetails field to the existing Schema object that displays a status on Schema API responses to show whether a schema is queryable or not. New BatchGetSchemaAnalysisRule API to retrieve multiple schemaAnalysisRules using a single API call. * api-change:``ec2``: [``botocore``] Amazon EC2 G6 instances powered by NVIDIA L4 Tensor Core GPUs can be used for a wide range of graphics-intensive and machine learning use cases. Gr6 instances also feature NVIDIA L4 GPUs and can be used for graphics workloads with higher memory requirements. * api-change:``emr-containers``: [``botocore``] This release adds support for integration with EKS AccessEntry APIs to enable automatic Cluster Access for EMR on EKS. * api-change:``ivs``: [``botocore``] API update to include an SRT ingest endpoint and passphrase for all channels. * api-change:``verifiedpermissions``: [``botocore``] Adds GroupConfiguration field to Identity Source API's - from version 1.34.77 * api-change:``cleanroomsml``: [``botocore``] The release includes a public SDK for AWS Clean Rooms ML APIs, making them globally available to developers worldwide. * api-change:``cloudformation``: [``botocore``] This release would return a new field - PolicyAction in cloudformation's existed DescribeChangeSetResponse, showing actions we are going to apply on the physical resource (e.g., Delete, Retain) according to the user's template * api-change:``datazone``: [``botocore``] This release supports the feature of dataQuality to enrich asset with dataQualityResult in Amazon DataZone. * api-change:``docdb``: [``botocore``] This release adds Global Cluster Switchover capability which enables you to change your global cluster's primary AWS Region, the region that serves writes, while preserving the replication between all regions in the global cluster. * api-change:``groundstation``: [``botocore``] This release adds visibilityStartTime and visibilityEndTime to DescribeContact and ListContacts responses. * api-change:``lambda``: [``botocore``] Add Ruby 3.3 (ruby3.3) support to AWS Lambda * api-change:``medialive``: [``botocore``] Cmaf Ingest outputs are now supported in Media Live * api-change:``medical-imaging``: [``botocore``] SearchImageSets API now supports following enhancements - Additional support for searching on UpdatedAt and SeriesInstanceUID - Support for searching existing filters between dates/times - Support for sorting the search result by Ascending/Descending - Additional parameters returned in the response * api-change:``transfer``: [``botocore``] Add ability to specify Security Policies for SFTP Connectors - from version 1.34.76 * api-change:``ecs``: [``botocore``] Documentation only update for Amazon ECS. * api-change:``glue``: [``botocore``] Adding View related fields to responses of read-only Table APIs. * api-change:``ivschat``: [``botocore``] Doc-only update. Changed 'Resources' to 'Key Concepts' in docs and updated text. * api-change:``rolesanywhere``: [``botocore``] This release increases the limit on the roleArns request parameter for the *Profile APIs that support it. This parameter can now take up to 250 role ARNs. * api-change:``securityhub``: [``botocore``] Documentation updates for AWS Security Hub - from version 1.34.75 * api-change:``cloudwatch``: [``botocore``] This release adds support for CloudWatch Anomaly Detection on cross-account metrics. SingleMetricAnomalyDetector and MetricDataQuery inputs to Anomaly Detection APIs now take an optional AccountId field. * api-change:``datazone``: [``botocore``] This release supports the feature of AI recommendations for descriptions to enrich the business data catalog in Amazon DataZone. * api-change:``deadline``: [``botocore``] AWS Deadline Cloud is a new fully managed service that helps customers set up, deploy, and scale rendering projects in minutes, so they can improve the efficiency of their rendering pipelines and take on more projects. * api-change:``emr``: [``botocore``] This release fixes a broken link in the documentation. * api-change:``lightsail``: [``botocore``] This release adds support to upgrade the TLS version of the distribution. - from version 1.34.74 * api-change:``b2bi``: [``botocore``] Supporting new EDI X12 transaction sets for X12 versions 4010, 4030, and 5010. * api-change:``codebuild``: [``botocore``] Add new fleet status code for Reserved Capacity. * api-change:``codeconnections``: [``botocore``] Duplicating the CodeStar Connections service into the new, rebranded AWS CodeConnections service. * api-change:``internetmonitor``: [``botocore``] This release adds support to allow customers to track cross account monitors through ListMonitor, GetMonitor, ListHealthEvents, GetHealthEvent, StartQuery APIs. * api-change:``iotwireless``: [``botocore``] Add support for retrieving key historical and live metrics for LoRaWAN devices and gateways * api-change:``marketplace-catalog``: [``botocore``] This release enhances the ListEntities API to support ResaleAuthorizationId filter and sort for OfferEntity in the request and the addition of a ResaleAuthorizationId field in the response of OfferSummary. * api-change:``neptune-graph``: [``botocore``] Add the new API Start-Import-Task for Amazon Neptune Analytics. * api-change:``sagemaker``: [``botocore``] This release adds support for custom images for the CodeEditor App on SageMaker Studio - from version 1.34.73 * api-change:``codecatalyst``: [``botocore``] This release adds support for understanding pending changes to subscriptions by including two new response parameters for the GetSubscription API for Amazon CodeCatalyst. * api-change:``compute-optimizer``: [``botocore``] This release enables AWS Compute Optimizer to analyze and generate recommendations with a new customization preference, Memory Utilization. * api-change:``ec2``: [``botocore``] Amazon EC2 C7gd, M7gd and R7gd metal instances with up to 3.8 TB of local NVMe-based SSD block-level storage have up to 45% improved real-time NVMe storage performance than comparable Graviton2-based instances. * api-change:``eks``: [``botocore``] Add multiple customer error code to handle customer caused failure when managing EKS node groups * api-change:``guardduty``: [``botocore``] Add EC2 support for GuardDuty Runtime Monitoring auto management. * api-change:``neptune-graph``: [``botocore``] Update ImportTaskCancelled waiter to evaluate task state correctly and minor documentation changes. * api-change:``oam``: [``botocore``] This release adds support for sharing AWS::InternetMonitor::Monitor resources. * api-change:``quicksight``: [``botocore``] Amazon QuickSight: Adds support for setting up VPC Endpoint restrictions for accessing QuickSight Website. - from version 1.34.72 * api-change:``batch``: [``botocore``] This feature allows AWS Batch to support configuration of imagePullSecrets and allowPrivilegeEscalation for jobs running on EKS * api-change:``bedrock-agent``: [``botocore``] This changes introduces metadata documents statistics and also updates the documentation for bedrock agent. * api-change:``bedrock-agent-runtime``: [``botocore``] This release introduces filtering support on Retrieve and RetrieveAndGenerate APIs. * api-change:``elasticache``: [``botocore``] Added minimum capacity to Amazon ElastiCache Serverless. This feature allows customer to ensure minimum capacity even without current load * api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager - from version 1.34.71 * api-change:``bedrock-agent-runtime``: [``botocore``] This release adds support to customize prompts sent through the RetrieveAndGenerate API in Agents for Amazon Bedrock. * api-change:``ce``: [``botocore``] Adds support for backfill of cost allocation tags, with new StartCostAllocationTagBackfill and ListCostAllocationTagBackfillHistory API. * api-change:``ec2``: [``botocore``] Documentation updates for Elastic Compute Cloud (EC2). * api-change:``ecs``: [``botocore``] This is a documentation update for Amazon ECS. * api-change:``finspace``: [``botocore``] Add new operation delete-kx-cluster-node and add status parameter to list-kx-cluster-node operation. - from version 1.34.70 * api-change:``codebuild``: [``botocore``] Supporting GitLab and GitLab Self Managed as source types in AWS CodeBuild. * api-change:``ec2``: [``botocore``] Added support for ModifyInstanceMetadataDefaults and GetInstanceMetadataDefaults to set Instance Metadata Service account defaults * api-change:``ecs``: [``botocore``] Documentation only update for Amazon ECS. * api-change:``emr-containers``: [``botocore``] This release increases the number of supported job template parameters from 20 to 100. * api-change:``globalaccelerator``: [``botocore``] AWS Global Accelerator now supports cross-account sharing for bring your own IP addresses. * api-change:``medialive``: [``botocore``] Exposing TileMedia H265 options * api-change:``sagemaker``: [``botocore``] Introduced support for the following new instance types on SageMaker Studio for JupyterLab and CodeEditor applications: m6i, m6id, m7i, c6i, c6id, c7i, r6i, r6id, r7i, and p5 - from version 1.34.69 * api-change:``firehose``: [``botocore``] Updates Amazon Firehose documentation for message regarding Enforcing Tags IAM Policy. * api-change:``kendra``: [``botocore``] Documentation update, March 2024. Corrects some docs for Amazon Kendra. * api-change:``pricing``: [``botocore``] Add ResourceNotFoundException to ListPriceLists and GetPriceListFileUrl APIs * api-change:``rolesanywhere``: [``botocore``] This release relaxes constraints on the durationSeconds request parameter for the *Profile APIs that support it. This parameter can now take on values that go up to 43200. * api-change:``securityhub``: [``botocore``] Added new resource detail object to ASFF, including resource for LastKnownExploitAt - from version 1.34.68 * api-change:``codeartifact``: [``botocore``] This release adds Package groups to CodeArtifact so you can more conveniently configure package origin controls for multiple packages. - from version 1.34.67 * api-change:``accessanalyzer``: [``botocore``] This release adds support for policy validation and external access findings for DynamoDB tables and streams. IAM Access Analyzer helps you author functional and secure resource-based policies and identify cross-account access. Updated service API, documentation, and paginators. * api-change:``codebuild``: [``botocore``] This release adds support for new webhook events (RELEASED and PRERELEASED) and filter types (TAG_NAME and RELEASE_NAME). * api-change:``connect``: [``botocore``] This release updates the *InstanceStorageConfig APIs to support a new ResourceType: REAL_TIME_CONTACT_ANALYSIS_CHAT_SEGMENTS. Use this resource type to enable streaming for real-time analysis of chat contacts and to associate a Kinesis stream where real-time analysis chat segments will be published. * api-change:``dynamodb``: [``botocore``] This release introduces 3 new APIs ('GetResourcePolicy', 'PutResourcePolicy' and 'DeleteResourcePolicy') and modifies the existing 'CreateTable' API for the resource-based policy support. It also modifies several APIs to accept a 'TableArn' for the 'TableName' parameter. * api-change:``managedblockchain-query``: [``botocore``] AMB Query: update GetTransaction to include transactionId as input * api-change:``savingsplans``: [``botocore``] Introducing the Savings Plans Return feature enabling customers to return their Savings Plans within 7 days of purchase. - from version 1.34.66 * api-change:``cloudformation``: [``botocore``] Documentation update, March 2024. Corrects some formatting. * api-change:``ec2``: [``botocore``] This release adds the new DescribeMacHosts API operation for getting information about EC2 Mac Dedicated Hosts. Users can now see the latest macOS versions that their underlying Apple Mac can support without needing to be updated. * api-change:``finspace``: [``botocore``] Adding new attributes readWrite and onDemand to dataview models for Database Maintenance operations. * api-change:``logs``: [``botocore``] Update LogSamples field in Anomaly model to be a list of LogEvent * api-change:``managedblockchain-query``: [``botocore``] Introduces a new API for Amazon Managed Blockchain Query: ListFilteredTransactionEvents. - from version 1.34.65 * api-change:``cloudformation``: [``botocore``] This release supports for a new API ListStackSetAutoDeploymentTargets, which provider auto-deployment configuration as a describable resource. Customers can now view the specific combinations of regions and OUs that are being auto-deployed. * api-change:``kms``: [``botocore``] Adds the ability to use the default policy name by omitting the policyName parameter in calls to PutKeyPolicy and GetKeyPolicy * api-change:``mediatailor``: [``botocore``] This release adds support to allow customers to show different content within a channel depending on metadata associated with the viewer. * api-change:``rds``: [``botocore``] This release launches the ModifyIntegration API and support for data filtering for zero-ETL Integrations. * api-change:``s3``: [``botocore``] Fix two issues with response root node names. * api-change:``timestream-query``: [``botocore``] Documentation updates, March 2024 - from version 1.34.64 * api-change:``backup``: [``botocore``] This release introduces a boolean attribute ManagedByAWSBackupOnly as part of ListRecoveryPointsByResource api to filter the recovery points based on ownership. This attribute can be used to filter out the recovery points protected by AWSBackup. * api-change:``codebuild``: [``botocore``] AWS CodeBuild now supports overflow behavior on Reserved Capacity. * api-change:``connect``: [``botocore``] This release adds Hierarchy based Access Control fields to Security Profile public APIs and adds support for UserAttributeFilter to SearchUsers API. * api-change:``ec2``: [``botocore``] Add media accelerator and neuron device information on the describe instance types API. * api-change:``kinesisanalyticsv2``: [``botocore``] Support for Flink 1.18 in Managed Service for Apache Flink * api-change:``s3``: [``botocore``] Documentation updates for Amazon S3. * api-change:``sagemaker``: [``botocore``] Adds m6i, m6id, m7i, c6i, c6id, c7i, r6i r6id, r7i, p5 instance type support to Sagemaker Notebook Instances and miscellaneous wording fixes for previous Sagemaker documentation. * api-change:``workspaces-thin-client``: [``botocore``] Removed unused parameter kmsKeyArn from UpdateDeviceRequest - from version 1.34.63 * api-change:``amplify``: [``botocore``] Documentation updates for Amplify. Identifies the APIs available only to apps created using Amplify Gen 1. * api-change:``ec2-instance-connect``: [``botocore``] This release includes a new exception type 'SerialConsoleSessionUnsupportedException' for SendSerialConsoleSSHPublicKey API. * api-change:``elbv2``: [``botocore``] This release allows you to configure HTTP client keep-alive duration for communication between clients and Application Load Balancers. * api-change:``fis``: [``botocore``] This release adds support for previewing target resources before running a FIS experiment. It also adds resource ARNs for actions, experiments, and experiment templates to API responses. * api-change:``iot-roborunner``: [``botocore``] The iot-roborunner client has been removed following the deprecation of the service. * api-change:``rds``: [``botocore``] Updates Amazon RDS documentation for EBCDIC collation for RDS for Db2. * api-change:``secretsmanager``: [``botocore``] Doc only update for Secrets Manager * api-change:``timestream-influxdb``: [``botocore``] This is the initial SDK release for Amazon Timestream for InfluxDB. Amazon Timestream for InfluxDB is a new time-series database engine that makes it easy for application developers and DevOps teams to run InfluxDB databases on AWS for near real-time time-series applications using open source APIs. * enhancement:``urllib3``: [``botocore``] Added support for urllib3 2.2.1+ in Python 3.10+ - from version 1.34.62 * api-change:``ivs-realtime``: [``botocore``] adds support for multiple new composition layout configuration options (grid, pip) * api-change:``kinesisanalyticsv2``: [``botocore``] Support new RuntimeEnvironmentUpdate parameter within UpdateApplication API allowing callers to change the Flink version upon which their application runs. * api-change:``s3``: [``botocore``] This release makes the default option for S3 on Outposts request signing to use the SigV4A algorithm when using AWS Common Runtime (CRT). - from version 1.34.61 * api-change:``cloudformation``: [``botocore``] CloudFormation documentation update for March, 2024 * api-change:``connect``: [``botocore``] This release increases MaxResults limit to 500 in request for SearchUsers, SearchQueues and SearchRoutingProfiles APIs of Amazon Connect. * api-change:``ec2``: [``botocore``] Documentation updates for Amazon EC2. * api-change:``kafka``: [``botocore``] Added support for specifying the starting position of topic replication in MSK-Replicator. * api-change:``ssm``: [``botocore``] March 2024 doc-only updates for Systems Manager. - from version 1.34.60 * api-change:``codestar-connections``: [``botocore``] Added a sync configuration enum to disable publishing of deployment status to source providers (PublishDeploymentStatus). Added a sync configuration enum (TriggerStackUpdateOn) to only trigger changes. * api-change:``elasticache``: [``botocore``] Revisions to API text that are now to be carried over to SDK text, changing usages of 'SFO' in code examples to 'us-west-1', and some other typos. * api-change:``mediapackagev2``: [``botocore``] This release enables customers to safely update their MediaPackage v2 channel groups, channels and origin endpoints using entity tags. - from version 1.34.59 * api-change:``batch``: [``botocore``] This release adds JobStateTimeLimitActions setting to the Job Queue API. It allows you to configure an action Batch can take for a blocking job in front of the queue after the defined period of time. The new parameter applies for ECS, EKS, and FARGATE Job Queues. * api-change:``bedrock-agent-runtime``: [``botocore``] Documentation update for Bedrock Runtime Agent * api-change:``cloudtrail``: [``botocore``] Added exceptions to CreateTrail, DescribeTrails, and ListImportFailures APIs. * api-change:``codebuild``: [``botocore``] This release adds support for a new webhook event: PULL_REQUEST_CLOSED. * api-change:``cognito-idp``: [``botocore``] Add ConcurrentModificationException to SetUserPoolMfaConfig * api-change:``guardduty``: [``botocore``] Add RDS Provisioned and Serverless Usage types * api-change:``transfer``: [``botocore``] Added DES_EDE3_CBC to the list of supported encryption algorithms for messages sent with an AS2 connector. - from version 1.34.58 * api-change:``appconfig``: [``botocore``] AWS AppConfig now supports dynamic parameters, which enhance the functionality of AppConfig Extensions by allowing you to provide parameter values to your Extensions at the time you deploy your configuration. * api-change:``ec2``: [``botocore``] This release adds an optional parameter to RegisterImage and CopyImage APIs to support tagging AMIs at the time of creation. * api-change:``grafana``: [``botocore``] Adds support for the new GrafanaToken as part of the Amazon Managed Grafana Enterprise plugins upgrade to associate your AWS account with a Grafana Labs account. * api-change:``lambda``: [``botocore``] Documentation updates for AWS Lambda * api-change:``payment-cryptography-data``: [``botocore``] AWS Payment Cryptography EMV Decrypt Feature Release * api-change:``rds``: [``botocore``] Updates Amazon RDS documentation for io2 storage for Multi-AZ DB clusters * api-change:``snowball``: [``botocore``] Doc-only update for change to EKS-Anywhere ordering. * api-change:``wafv2``: [``botocore``] You can increase the max request body inspection size for some regional resources. The size setting is in the web ACL association config. Also, the AWSManagedRulesBotControlRuleSet EnableMachineLearning setting now takes a Boolean instead of a primitive boolean type, for languages like Java. * api-change:``workspaces``: [``botocore``] Added note for user decoupling - from version 1.34.57 * api-change:``dynamodb``: [``botocore``] Doc only updates for DynamoDB documentation * api-change:``imagebuilder``: [``botocore``] Add PENDING status to Lifecycle Execution resource status. Add StartTime and EndTime to ListLifecycleExecutionResource API response. * api-change:``mwaa``: [``botocore``] Amazon MWAA adds support for Apache Airflow v2.8.1. * api-change:``rds``: [``botocore``] Updated the input of CreateDBCluster and ModifyDBCluster to support setting CA certificates. Updated the output of DescribeDBCluster to show current CA certificate setting value. * api-change:``redshift``: [``botocore``] Update for documentation only. Covers port ranges, definition updates for data sharing, and definition updates to cluster-snapshot documentation. * api-change:``verifiedpermissions``: [``botocore``] Deprecating details in favor of configuration for GetIdentitySource and ListIdentitySources APIs. - from version 1.34.56 * api-change:``apigateway``: [``botocore``] Documentation updates for Amazon API Gateway * api-change:``chatbot``: [``botocore``] Minor update to documentation. * api-change:``organizations``: [``botocore``] This release contains an endpoint addition * api-change:``sesv2``: [``botocore``] Adds support for providing custom headers within SendEmail and SendBulkEmail for SESv2. - Update BuildRequires and Requires from setup.py - Update to 1.34.55 * api-change:``docdb-elastic``: Launched Elastic Clusters Readable Secondaries, Start/Stop, Configurable Shard Instance count, Automatic Backups and Snapshot Copying * api-change:``quicksight``: TooltipTarget for Combo chart visuals; ColumnConfiguration limit increase to 2000; Documentation Update * api-change:``amplifyuibuilder``: We have added the ability to tag resources after they are created * api-change:``internetmonitor``: This release adds IPv4 prefixes to health events * api-change:``iotevents``: Increase the maximum length of descriptions for Inputs, Detector Models, and Alarm Models * api-change:``lambda``: Add .NET 8 (dotnet8) Runtime support to AWS Lambda. * api-change:``chatbot``: This release adds support for AWS Chatbot. You can now monitor, operate, and troubleshoot your AWS resources with interactive ChatOps using the AWS SDK. * api-change:``sns``: This release marks phone numbers as sensitive inputs. * api-change:``artifact``: This is the initial SDK release for AWS Artifact. AWS Artifact provides on-demand access to compliance and third-party compliance reports. This release includes access to List and Get reports, along with their metadata. This release also includes access to AWS Artifact notifications settings. * api-change:``guardduty``: Marked fields IpAddressV4, PrivateIpAddress, Email as Sensitive. * api-change:``polly``: Amazon Polly adds 1 new voice - Burcu (tr-TR) * bugfix:ContainerProvider: Properly refreshes token from file from EKS in ContainerProvider * api-change:``resource-explorer-2``: Resource Explorer now uses newly supported IPv4 'amazonaws.com' endpoints by default. * api-change:``pricing``: Add Throttling Exception to all APIs. * api-change:``mediaconvert``: This release includes support for broadcast-mixed audio description tracks. * api-change:``glue``: Update page size limits for GetJobRuns and GetTriggers APIs. * Many more changes, see CHANGELOG.rst Changes in python-botocore: - Double physicalmemory for python-botocore:test in _constraints - Update to 1.34.144 * api-change:``acm-pca``: Minor refactoring of C2J model for AWS Private CA * api-change:``arc-zonal-shift``: Adds the option to subscribe to get notifications when a zonal autoshift occurs in a region. * api-change:``globalaccelerator``: This feature adds exceptions to the Customer API to avoid throwing Internal Service errors * api-change:``pinpoint``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``quicksight``: Vega ally control options and Support for Reviewed Answers in Topics - from version 1.34.143 * api-change:``batch``: This feature allows AWS Batch Jobs with EKS container orchestration type to be run as Multi-Node Parallel Jobs. * api-change:``bedrock``: Add support for contextual grounding check for Guardrails for Amazon Bedrock. * api-change:``bedrock-agent``: Introduces new data sources and chunking strategies for Knowledge bases, advanced parsing logic using FMs, session summary generation, and code interpretation (preview) for Claude V3 Sonnet and Haiku models. Also introduces Prompt Flows (preview) to link prompts, foundational models, and resources. * api-change:``bedrock-agent-runtime``: Introduces query decomposition, enhanced Agents integration with Knowledge bases, session summary generation, and code interpretation (preview) for Claude V3 Sonnet and Haiku models. Also introduces Prompt Flows (preview) to link prompts, foundational models, and resources for end-to-end solutions. * api-change:``bedrock-runtime``: Add support for contextual grounding check and ApplyGuardrail API for Guardrails for Amazon Bedrock. * api-change:``ec2``: Add parameters to enable provisioning IPAM BYOIPv4 space at a Local Zone Network Border Group level * api-change:``glue``: Add recipe step support for recipe node * api-change:``groundstation``: Documentation update specifying OEM ephemeris units of measurement * api-change:``license-manager-linux-subscriptions``: Add support for third party subscription providers, starting with RHEL subscriptions through Red Hat Subscription Manager (RHSM). Additionally, add support for tagging subscription provider resources, and detect when an instance has more than one Linux subscription and notify the customer. * api-change:``mediaconnect``: AWS Elemental MediaConnect introduces the ability to disable outputs. Disabling an output allows you to keep the output attached to the flow, but stop streaming to the output destination. A disabled output does not incur data transfer costs. - from version 1.34.142 * api-change:``datazone``: This release deprecates dataProductItem field from SearchInventoryResultItem, along with some unused DataProduct shapes * api-change:``fsx``: Adds support for FSx for NetApp ONTAP 2nd Generation file systems, and FSx for OpenZFS Single AZ HA file systems. * api-change:``opensearch``: This release adds support for enabling or disabling Natural Language Query Processing feature for Amazon OpenSearch Service domains, and provides visibility into the current state of the setup or tear-down. * api-change:``sagemaker``: This release 1/ enables optimization jobs that allows customers to perform Ahead-of-time compilation and quantization. 2/ allows customers to control access to Amazon Q integration in SageMaker Studio. 3/ enables AdditionalModelDataSources for CreateModel action. - from version 1.34.141 * api-change:``codedeploy``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``devicefarm``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``dms``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``elasticbeanstalk``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``es``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``firehose``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``gamelift``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``qapps``: This is a general availability (GA) release of Amazon Q Apps, a capability of Amazon Q Business. Q Apps leverages data sources your company has provided to enable users to build, share, and customize apps within your organization. * api-change:``route53resolver``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``ses``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. - from version 1.34.140 * api-change:``acm``: Documentation updates, including fixes for xml formatting, broken links, and ListCertificates description. * api-change:``ecr``: This release for Amazon ECR makes change to bring the SDK into sync with the API. * api-change:``payment-cryptography-data``: Added further restrictions on logging of potentially sensitive inputs and outputs. * api-change:``qbusiness``: Add personalization to Q Applications. Customers can enable or disable personalization when creating or updating a Q application with the personalization configuration. - from version 1.34.139 * api-change:``application-autoscaling``: Doc only update for Application Auto Scaling that fixes resource name. * api-change:``directconnect``: This update includes documentation for support of new native 400 GBps ports for Direct Connect. * api-change:``organizations``: Added a new reason under ConstraintViolationException in RegisterDelegatedAdministrator API to prevent registering suspended accounts as delegated administrator of a service. * api-change:``rekognition``: This release adds support for tagging projects and datasets with the CreateProject and CreateDataset APIs. * api-change:``workspaces``: Fix create workspace bundle RootStorage/UserStorage to accept non null values - Update to 1.34.138 * api-change:``ec2``: Documentation updates for Elastic Compute Cloud (EC2). * api-change:``fms``: Increases Customer API's ManagedServiceData length * api-change:``s3``: Added response overrides to Head Object requests. - from version 1.34.137 * api-change:``apigateway``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``cognito-identity``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``connect``: Authentication profiles are Amazon Connect resources (in gated preview) that allow you to configure authentication settings for users in your contact center. This release adds support for new ListAuthenticationProfiles, DescribeAuthenticationProfile and UpdateAuthenticationProfile APIs. * api-change:``docdb``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``eks``: Updates EKS managed node groups to support EC2 Capacity Blocks for ML * api-change:``payment-cryptography``: Added further restrictions on logging of potentially sensitive inputs and outputs. * api-change:``payment-cryptography-data``: Adding support for dynamic keys for encrypt, decrypt, re-encrypt and translate pin functions. With this change, customers can use one-time TR-31 keys directly in dataplane operations without the need to first import them into the service. * api-change:``stepfunctions``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``swf``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``wafv2``: JSON body inspection: Update documentation to clarify that JSON parsing doesn't include full validation. - from version 1.34.136 * api-change:``acm-pca``: Added CCPC_LEVEL_1_OR_HIGHER KeyStorageSecurityStandard and SM2 KeyAlgorithm and SM3WITHSM2 SigningAlgorithm for China regions. * api-change:``cloudhsmv2``: Added 3 new APIs to support backup sharing: GetResourcePolicy, PutResourcePolicy, and DeleteResourcePolicy. Added BackupArn to the output of the DescribeBackups API. Added support for BackupArn in the CreateCluster API. * api-change:``connect``: This release supports showing PreferredAgentRouting step via DescribeContact API. * api-change:``emr``: This release provides the support for new allocation strategies i.e. CAPACITY_OPTIMIZED_PRIORITIZED for Spot and PRIORITIZED for On-Demand by taking input of priority value for each instance type for instance fleet clusters. * api-change:``glue``: Added AttributesToGet parameter to Glue GetDatabases, allowing caller to limit output to include only the database name. * api-change:``kinesisanalyticsv2``: Support for Flink 1.19 in Managed Service for Apache Flink * api-change:``opensearch``: This release removes support for enabling or disabling Natural Language Query Processing feature for Amazon OpenSearch Service domains. * api-change:``pi``: Noting that the filter db.sql.db_id isn't available for RDS for SQL Server DB instances. * api-change:``workspaces``: Added support for Red Hat Enterprise Linux 8 on Amazon WorkSpaces Personal. - from version 1.34.135 * api-change:``application-autoscaling``: Amazon WorkSpaces customers can now use Application Auto Scaling to automatically scale the number of virtual desktops in a WorkSpaces pool. * api-change:``chime-sdk-media-pipelines``: Added Amazon Transcribe multi language identification to Chime SDK call analytics. Enabling customers sending single stream audio to generate call recordings using Chime SDK call analytics * api-change:``cloudfront``: Doc only update for CloudFront that fixes customer-reported issue * api-change:``datazone``: This release supports the data lineage feature of business data catalog in Amazon DataZone. * api-change:``elasticache``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``mq``: This release makes the EngineVersion field optional for both broker and configuration and uses the latest available version by default. The AutoMinorVersionUpgrade field is also now optional for broker creation and defaults to 'true'. * api-change:``qconnect``: Adds CreateContentAssociation, ListContentAssociations, GetContentAssociation, and DeleteContentAssociation APIs. * api-change:``quicksight``: Adding support for Repeating Sections, Nested Filters * api-change:``rds``: Updates Amazon RDS documentation for TAZ export to S3. * api-change:``sagemaker``: Add capability for Admins to customize Studio experience for the user by showing or hiding Apps and MLTools. * api-change:``workspaces``: Added support for WorkSpaces Pools. - from version 1.34.134 * api-change:``controltower``: Added ListLandingZoneOperations API. * api-change:``eks``: Added support for disabling unmanaged addons during cluster creation. * api-change:``ivs-realtime``: IVS Real-Time now offers customers the ability to upload public keys for customer vended participant tokens. * api-change:``kinesisanalyticsv2``: This release adds support for new ListApplicationOperations and DescribeApplicationOperation APIs. It adds a new configuration to enable system rollbacks, adds field ApplicationVersionCreateTimestamp for clarity and improves support for pagination for APIs. * api-change:``opensearch``: This release adds support for enabling or disabling Natural Language Query Processing feature for Amazon OpenSearch Service domains, and provides visibility into the current state of the setup or tear-down. - from version 1.34.133 * api-change:``autoscaling``: Doc only update for Auto Scaling's TargetTrackingMetricDataQuery * api-change:``ec2``: This release is for the launch of the new u7ib-12tb.224xlarge, R8g, c7gn.metal and mac2-m1ultra.metal instance types * api-change:``networkmanager``: This is model changes & documentation update for the Asynchronous Error Reporting feature for AWS Cloud WAN. This feature allows customers to view errors that occur while their resources are being provisioned, enabling customers to fix their resources without needing external support. * api-change:``workspaces-thin-client``: This release adds the deviceCreationTags field to CreateEnvironment API input, UpdateEnvironment API input and GetEnvironment API output. - from version 1.34.132 * api-change:``bedrock-runtime``: Increases Converse API's document name length * api-change:``customer-profiles``: This release includes changes to ProfileObjectType APIs, adds functionality top set and get capacity for profile object types. * api-change:``ec2``: Fix EC2 multi-protocol info in models. * api-change:``qbusiness``: Allow enable/disable Q Apps when creating/updating a Q application; Return the Q Apps enablement information when getting a Q application. * api-change:``ssm``: Add sensitive trait to SSM IPAddress property for CloudTrail redaction * api-change:``workspaces-web``: Added ability to enable DeepLinking functionality on a Portal via UserSettings as well as added support for IdentityProvider resource tagging. - from version 1.34.131 * api-change:``bedrock-runtime``: This release adds document support to Converse and ConverseStream APIs * api-change:``codeartifact``: Add support for the Cargo package format. * api-change:``compute-optimizer``: This release enables AWS Compute Optimizer to analyze and generate optimization recommendations for Amazon RDS MySQL and RDS PostgreSQL. * api-change:``cost-optimization-hub``: This release enables AWS Cost Optimization Hub to show cost optimization recommendations for Amazon RDS MySQL and RDS PostgreSQL. * api-change:``dynamodb``: Doc-only update for DynamoDB. Fixed Important note in 6 Global table APIs - CreateGlobalTable, DescribeGlobalTable, DescribeGlobalTableSettings, ListGlobalTables, UpdateGlobalTable, and UpdateGlobalTableSettings. * api-change:``glue``: Fix Glue paginators for Jobs, JobRuns, Triggers, Blueprints and Workflows. * api-change:``ivs-realtime``: IVS Real-Time now offers customers the ability to record individual stage participants to S3. * api-change:``sagemaker``: Adds support for model references in Hub service, and adds support for cross-account access of Hubs * api-change:``securityhub``: Documentation updates for Security Hub - from version 1.34.130 * api-change:``artifact``: This release adds an acceptanceType field to the ReportSummary structure (used in the ListReports API response). * api-change:``athena``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``cur``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``directconnect``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``elastictranscoder``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``opensearch``: This release enables customers to use JSON Web Tokens (JWT) for authentication on their Amazon OpenSearch Service domains. - from version 1.34.129 * api-change:``bedrock-runtime``: This release adds support for using Guardrails with the Converse and ConverseStream APIs. * api-change:``cloudtrail``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``config``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``eks``: This release adds support to surface async fargate customer errors from async path to customer through describe-fargate-profile API response. * api-change:``lightsail``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``polly``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``rekognition``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``sagemaker``: Launched a new feature in SageMaker to provide managed MLflow Tracking Servers for customers to track ML experiments. This release also adds a new capability of attaching additional storage to SageMaker HyperPod cluster instances. * api-change:``shield``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``snowball``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. - from version 1.34.128 * api-change:``acm-pca``: Doc-only update that adds name constraints as an allowed extension for ImportCertificateAuthorityCertificate. * api-change:``batch``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``codebuild``: AWS CodeBuild now supports global and organization GitHub webhooks * api-change:``cognito-idp``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``ds``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``efs``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``glue``: This release introduces a new feature, Usage profiles. Usage profiles allow the AWS Glue admin to create different profiles for various classes of users within the account, enforcing limits and defaults for jobs and sessions. * api-change:``mediaconvert``: This release includes support for creating I-frame only video segments for DASH trick play. * api-change:``secretsmanager``: Doc only update for Secrets Manager * api-change:``waf``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. - from version 1.34.127 * api-change:``datazone``: This release introduces a new default service blueprint for custom environment creation. * api-change:``ec2``: Documentation updates for Amazon EC2. * api-change:``macie2``: This release adds support for managing the status of automated sensitive data discovery for individual accounts in an organization, and determining whether individual S3 buckets are included in the scope of the analyses. * api-change:``mediaconvert``: This release adds the ability to search for historical job records within the management console using a search box and/or via the SDK/CLI with partial string matching search on input file name. * api-change:``route53domains``: Add v2 smoke tests and smithy smokeTests trait for SDK testing. - from version 1.34.126 * api-change:``cloudhsmv2``: Added support for hsm type hsm2m.medium. Added supported for creating a cluster in FIPS or NON_FIPS mode. * api-change:``glue``: This release adds support for configuration of evaluation method for composite rules in Glue Data Quality rulesets. * api-change:``iotwireless``: Add RoamingDeviceSNR and RoamingDeviceRSSI to Customer Metrics. * api-change:``kms``: This feature allows customers to use their keys stored in KMS to derive a shared secret which can then be used to establish a secured channel for communication, provide proof of possession, or establish trust with other parties. * api-change:``mediapackagev2``: This release adds support for CMAF ingest (DASH-IF live media ingest protocol interface 1) - from version 1.34.125 * api-change:``apptest``: AWS Mainframe Modernization Application Testing is an AWS Mainframe Modernization service feature that automates functional equivalence testing for mainframe application modernization and migration to AWS, and regression testing. * api-change:``backupstorage``: The backupstorage client has been removed following the deprecation of the service. * api-change:``ec2``: Tagging support for Traffic Mirroring FilterRule resource * api-change:``osis``: SDK changes for self-managed vpc endpoint to OpenSearch ingestion pipelines. * api-change:``redshift``: Updates to remove DC1 and DS2 node types. * api-change:``secretsmanager``: Introducing RotationToken parameter for PutSecretValue API * api-change:``securitylake``: This release updates request validation regex to account for non-commercial aws partitions. * api-change:``sesv2``: This release adds support for Amazon EventBridge as an email sending events destination. - from version 1.34.124 * api-change:``accessanalyzer``: IAM Access Analyzer now provides policy recommendations to help resolve unused permissions for IAM roles and users. Additionally, IAM Access Analyzer now extends its custom policy checks to detect when IAM policies grant public access or access to critical resources ahead of deployments. * api-change:``guardduty``: Added API support for GuardDuty Malware Protection for S3. * api-change:``networkmanager``: This is model changes & documentation update for Service Insertion feature for AWS Cloud WAN. This feature allows insertion of AWS/3rd party security services on Cloud WAN. This allows to steer inter/intra segment traffic via security appliances and provide visibility to the route updates. * api-change:``pca-connector-scep``: Connector for SCEP allows you to use a managed, cloud CA to enroll mobile devices and networking gear. SCEP is a widely-adopted protocol used by mobile device management (MDM) solutions for enrolling mobile devices. With the connector, you can use AWS Private CA with popular MDM solutions. * api-change:``sagemaker``: Introduced Scope and AuthenticationRequestExtraParams to SageMaker Workforce OIDC configuration; this allows customers to modify these options for their private Workforce IdP integration. Model Registry Cross-account model package groups are discoverable. - from version 1.34.123 * api-change:``application-signals``: This is the initial SDK release for Amazon CloudWatch Application Signals. Amazon CloudWatch Application Signals provides curated application performance monitoring for developers to monitor and troubleshoot application health using pre-built dashboards and Service Level Objectives. * api-change:``ecs``: This release introduces a new cluster configuration to support the customer-managed keys for ECS managed storage encryption. * api-change:``imagebuilder``: This release updates the regex pattern for Image Builder ARNs. - Update to 1.34.122 * api-change:``auditmanager``: New feature: common controls. When creating custom controls, you can now use pre-grouped AWS data sources based on common compliance themes. Also, the awsServices parameter is deprecated because we now manage services in scope for you. If used, the input is ignored and an empty list is returned. * api-change:``b2bi``: Added exceptions to B2Bi List operations and ConflictException to B2Bi StartTransformerJob operation. Also made capabilities field explicitly required when creating a Partnership. * api-change:``codepipeline``: CodePipeline now supports overriding S3 Source Object Key during StartPipelineExecution, as part of Source Overrides. * api-change:``sagemaker``: This release introduces a new optional parameter: InferenceAmiVersion, in ProductionVariant. * api-change:``verifiedpermissions``: This release adds OpenIdConnect (OIDC) configuration support for IdentitySources, allowing for external IDPs to be used in authorization requests. - from version 1.34.121 * api-change:``account``: This release adds 3 new APIs (AcceptPrimaryEmailUpdate, GetPrimaryEmail, and StartPrimaryEmailUpdate) used to centrally manage the root user email address of member accounts within an AWS organization. * api-change:``alexaforbusiness``: The alexaforbusiness client has been removed following the deprecation of the service. * api-change:``firehose``: Adds integration with Secrets Manager for Redshift, Splunk, HttpEndpoint, and Snowflake destinations * api-change:``fsx``: This release adds support to increase metadata performance on FSx for Lustre file systems beyond the default level provisioned when a file system is created. This can be done by specifying MetadataConfiguration during the creation of Persistent_2 file systems or by updating it on demand. * api-change:``glue``: This release adds support for creating and updating Glue Data Catalog Views. * api-change:``honeycode``: The honeycode client has been removed following the deprecation of the service. * api-change:``iotwireless``: Adds support for wireless device to be in Conflict FUOTA Device Status due to a FUOTA Task, so it couldn't be attached to a new one. * api-change:``location``: Added two new APIs, VerifyDevicePosition and ForecastGeofenceEvents. Added support for putting larger geofences up to 100,000 vertices with Geobuf fields. * api-change:``sns``: Doc-only update for SNS. These changes include customer-reported issues and TXC3 updates. * api-change:``sqs``: Doc only updates for SQS. These updates include customer-reported issues and TCX3 modifications. * api-change:``storagegateway``: Adds SoftwareUpdatePreferences to DescribeMaintenanceStartTime and UpdateMaintenanceStartTime, a structure which contains AutomaticUpdatePolicy. * enhancement:AWSCRT: Update awscrt version to 0.20.11 - from version 1.34.120 * api-change:``globalaccelerator``: This release contains a new optional ip-addresses input field for the update accelerator and update custom routing accelerator apis. This input enables consumers to replace IPv4 addresses on existing accelerators with addresses provided in the input. * api-change:``glue``: AWS Glue now supports native SaaS connectivity: Salesforce connector available now * api-change:``s3``: Added new params copySource and key to copyObject API for supporting S3 Access Grants plugin. These changes will not change any of the existing S3 API functionality. - from version 1.34.119 * api-change:``ec2``: U7i instances with up to 32 TiB of DDR5 memory and 896 vCPUs are now available. C7i-flex instances are launched and are lower-priced variants of the Amazon EC2 C7i instances that offer a baseline level of CPU performance with the ability to scale up to the full compute performance 95% of the time. * api-change:``pipes``: This release adds Timestream for LiveAnalytics as a supported target in EventBridge Pipes * api-change:``sagemaker``: Extend DescribeClusterNode response with private DNS hostname and IP address, and placement information about availability zone and availability zone ID. * api-change:``taxsettings``: Initial release of AWS Tax Settings API - from version 1.34.118 * api-change:``amplify``: This doc-only update identifies fields that are specific to Gen 1 and Gen 2 applications. * api-change:``batch``: This release adds support for the AWS Batch GetJobQueueSnapshot API operation. * api-change:``eks``: Adds support for EKS add-ons pod identity associations integration * api-change:``iottwinmaker``: Support RESET_VALUE UpdateType for PropertyUpdates to reset property value to default or null - from version 1.34.117 * api-change:``codebuild``: AWS CodeBuild now supports Self-hosted GitHub Actions runners for Github Enterprise * api-change:``codeguru-security``: This release includes minor model updates and documentation updates. * api-change:``elasticache``: Update to attributes of TestFailover and minor revisions. * api-change:``launch-wizard``: This release adds support for describing workload deployment specifications, deploying additional workload types, and managing tags for Launch Wizard resources with API operations. - from version 1.34.116 * api-change:``acm``: add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``bedrock-agent``: With this release, Knowledge bases for Bedrock adds support for Titan Text Embedding v2. * api-change:``bedrock-runtime``: This release adds Converse and ConverseStream APIs to Bedrock Runtime * api-change:``cloudtrail``: CloudTrail Lake returns PartitionKeys in the GetEventDataStore API response. Events are grouped into partitions based on these keys for better query performance. For example, the calendarday key groups events by day, while combining the calendarday key with the hour key groups them by day and hour. * api-change:``connect``: Adding associatedQueueIds as a SearchCriteria and response field to the SearchRoutingProfiles API * api-change:``emr-serverless``: The release adds support for spark structured streaming. * api-change:``rds``: Updates Amazon RDS documentation for Aurora Postgres DBname. * api-change:``sagemaker``: Adds Model Card information as a new component to Model Package. Autopilot launches algorithm selection for TimeSeries modality to generate AutoML candidates per algorithm. - from version 1.34.115 * api-change:``athena``: Throwing validation errors on CreateNotebook with Name containing `/`,`:`,`\` * api-change:``codebuild``: AWS CodeBuild now supports manually creating GitHub webhooks * api-change:``connect``: This release includes changes to DescribeContact API's response by including ConnectedToSystemTimestamp, RoutingCriteria, Customer, Campaign, AnsweringMachineDetectionStatus, CustomerVoiceActivity, QualityMetrics, DisconnectDetails, and SegmentAttributes information from a contact in Amazon Connect. * api-change:``glue``: Add optional field JobMode to CreateJob and UpdateJob APIs. * api-change:``securityhub``: Add ROOT type for TargetType model - from version 1.34.114 * api-change:``dynamodb``: Doc-only update for DynamoDB. Specified the IAM actions needed to authorize a user to create a table with a resource-based policy. * api-change:``ec2``: Providing support to accept BgpAsnExtended attribute * api-change:``kafka``: Adds ControllerNodeInfo in ListNodes response to support Raft mode for MSK * api-change:``swf``: This release adds new APIs for deleting activity type and workflow type resources. - from version 1.34.113 * api-change:``dynamodb``: Documentation only updates for DynamoDB. * api-change:``iotfleetwise``: AWS IoT FleetWise now supports listing vehicles with attributes filter, ListVehicles API is updated to support additional attributes filter. * api-change:``managedblockchain``: This is a minor documentation update to address the impact of the shut down of the Goerli and Polygon networks. - from version 1.34.112 * api-change:``emr-serverless``: This release adds the capability to run interactive workloads using Apache Livy Endpoint. * api-change:``opsworks``: Documentation-only update for OpsWorks Stacks. - from version 1.34.111 * api-change:``chatbot``: This change adds support for tagging Chatbot configurations. * api-change:``cloudformation``: Added DeletionMode FORCE_DELETE_STACK for deleting a stack that is stuck in DELETE_FAILED state due to resource deletion failure. * api-change:``kms``: This release includes feature to import customer's asymmetric (RSA, ECC and SM2) and HMAC keys into KMS in China. * api-change:``opensearch``: This release adds support for enabling or disabling a data source configured as part of Zero-ETL integration with Amazon S3, by setting its status. * api-change:``wafv2``: You can now use Security Lake to collect web ACL traffic data. - from version 1.34.110 * api-change:``cloudfront``: Model update; no change to SDK functionality. * api-change:``glue``: Add Maintenance window to CreateJob and UpdateJob APIs and JobRun response. Add a new Job Run State for EXPIRED. * api-change:``lightsail``: This release adds support for Amazon Lightsail instances to switch between dual-stack or IPv4 only and IPv6-only public IP address types. * api-change:``mailmanager``: This release includes a new Amazon SES feature called Mail Manager, which is a set of email gateway capabilities designed to help customers strengthen their organization's email infrastructure, simplify email workflow management, and streamline email compliance control. * api-change:``pi``: Performance Insights added a new input parameter called AuthorizedActions to support the fine-grained access feature. Performance Insights also restricted the acceptable input characters. * api-change:``rds``: Updates Amazon RDS documentation for Db2 license through AWS Marketplace. * api-change:``storagegateway``: Added new SMBSecurityStrategy enum named MandatoryEncryptionNoAes128, new mode enforces encryption and disables AES 128-bit algorithums. - from version 1.34.109 * api-change:``bedrock-agent``: This release adds support for using Guardrails with Bedrock Agents. * api-change:``bedrock-agent-runtime``: This release adds support for using Guardrails with Bedrock Agents. * api-change:``controltower``: Added ListControlOperations API and filtering support for ListEnabledControls API. Updates also includes added metadata for enabled controls and control operations. * api-change:``osis``: Add support for creating an OpenSearch Ingestion pipeline that is attached to a provided VPC. Add information about the destinations of an OpenSearch Ingestion pipeline to the GetPipeline and ListPipelines APIs. * api-change:``rds``: This release adds support for EngineLifecycleSupport on DBInstances, DBClusters, and GlobalClusters. * api-change:``secretsmanager``: add v2 smoke tests and smithy smokeTests trait for SDK testing - from version 1.34.108 * api-change:``application-autoscaling``: add v2 smoke tests and smithy smokeTests trait for SDK testing. * api-change:``codebuild``: Aws CodeBuild now supports 36 hours build timeout * api-change:``elbv2``: This release adds dualstack-without-public-ipv4 IP address type for ALB. * api-change:``lakeformation``: Introduces a new API, GetDataLakePrincipal, that returns the identity of the invoking principal * api-change:``transfer``: Enable use of CloudFormation traits in Smithy model to improve generated CloudFormation schema from the Smithy API model. - from version 1.34.107 * api-change:``acm-pca``: This release adds support for waiters to fail on AccessDeniedException when having insufficient permissions * api-change:``connect``: Adding Contact Flow metrics to the GetMetricDataV2 API * api-change:``kafka``: AWS MSK support for Broker Removal. * api-change:``mwaa``: Amazon MWAA now supports Airflow web server auto scaling to automatically handle increased demand from REST APIs, Command Line Interface (CLI), or more Airflow User Interface (UI) users. Customers can specify maximum and minimum web server instances during environment creation and update workflow. * api-change:``quicksight``: This release adds DescribeKeyRegistration and UpdateKeyRegistration APIs to manage QuickSight Customer Managed Keys (CMK). * api-change:``sagemaker``: Introduced WorkerAccessConfiguration to SageMaker Workteam. This allows customers to configure resource access for workers in a workteam. * api-change:``secretsmanager``: Documentation updates for AWS Secrets Manager * bugfix:retries: Fix backoff calculation for truncated binary exponential backoff (`#3178 <https://github.com/boto/botocore/issues/3178>`__) - from version 1.34.106 * api-change:``bedrock-agent-runtime``: Updating Bedrock Knowledge Base Metadata & Filters feature with two new filters listContains and stringContains * api-change:``codebuild``: CodeBuild Reserved Capacity VPC Support * api-change:``datasync``: Task executions now display a CANCELLING status when an execution is in the process of being cancelled. * api-change:``grafana``: This release adds new ServiceAccount and ServiceAccountToken APIs. * api-change:``medical-imaging``: Added support for importing medical imaging data from Amazon S3 buckets across accounts and regions. * api-change:``securityhub``: Documentation-only update for AWS Security Hub - Update to 1.34.105 * api-change:``connect``: Amazon Connect provides enhanced search capabilities for flows & flow modules on the Connect admin website and programmatically using APIs. You can search for flows and flow modules by name, description, type, status, and tags, to filter and identify a specific flow in your Connect instances. * api-change:``s3``: Updated a few x-id in the http uri traits - from version 1.34.104 * api-change:``events``: Amazon EventBridge introduces KMS customer-managed key (CMK) encryption support for custom and partner events published on EventBridge Event Bus (including default bus) and UpdateEventBus API. * api-change:``vpc-lattice``: This release adds TLS Passthrough support. It also increases max number of target group per rule to 10. - from version 1.34.103 * api-change:``discovery``: add v2 smoke tests and smithy smokeTests trait for SDK testing * api-change:``greengrassv2``: Mark ComponentVersion in ComponentDeploymentSpecification as required. * api-change:``sagemaker``: Introduced support for G6 instance types on Sagemaker Notebook Instances and on SageMaker Studio for JupyterLab and CodeEditor applications. * api-change:``sso-oidc``: Updated request parameters for PKCE support. - from version 1.34.102 * api-change:``bedrock-agent-runtime``: This release adds support to provide guardrail configuration and modify inference parameters that are then used in RetrieveAndGenerate API in Agents for Amazon Bedrock. * api-change:``pinpoint``: This release adds support for specifying email message headers for Email Templates, Campaigns, Journeys and Send Messages. * api-change:``route53resolver``: Update the DNS Firewall settings to correct a spelling issue. * api-change:``ssm-sap``: Added support for application-aware start/stop of SAP applications running on EC2 instances, with SSM for SAP * api-change:``verifiedpermissions``: Adds policy effect and actions fields to Policy API's. - from version 1.34.101 * api-change:``cognito-idp``: Add EXTERNAL_PROVIDER enum value to UserStatusType. * api-change:``ec2``: Adding Precision Hardware Clock (PHC) to public API DescribeInstanceTypes * api-change:``ecr``: This release adds pull through cache rules support for GitLab container registry in Amazon ECR. * api-change:``fms``: The policy scope resource tag is always a string value, either a non-empty string or an empty string. * api-change:``polly``: Add new engine - generative - that builds the most expressive conversational voices. * api-change:``sqs``: This release adds MessageSystemAttributeNames to ReceiveMessageRequest to replace AttributeNames. - from version 1.34.100 * api-change:``b2bi``: Documentation update to clarify the MappingTemplate definition. * api-change:``budgets``: This release adds tag support for budgets and budget actions. * api-change:``resiliencehub``: AWS Resilience Hub has expanded its drift detection capabilities by introducing a new type of drift detection - application resource drift. This new enhancement detects changes, such as the addition or deletion of resources within the application's input sources. * api-change:``route53profiles``: Doc only update for Route 53 profiles that fixes some link issues - from version 1.34.99 * api-change:``medialive``: AWS Elemental MediaLive now supports configuring how SCTE 35 passthrough triggers segment breaks in HLS and MediaPackage output groups. Previously, messages triggered breaks in all these output groups. The new option is to trigger segment breaks only in groups that have SCTE 35 passthrough enabled. - from version 1.34.98 * api-change:``bedrock-agent``: This release adds support for using Provisioned Throughput with Bedrock Agents. * api-change:``connect``: This release adds 5 new APIs for managing attachments: StartAttachedFileUpload, CompleteAttachedFileUpload, GetAttachedFile, BatchGetAttachedFileMetadata, DeleteAttachedFile. These APIs can be used to programmatically upload and download attachments to Connect resources, like cases. * api-change:``connectcases``: This feature supports the release of Files related items * api-change:``datasync``: Updated guidance on using private or self-signed certificate authorities (CAs) with AWS DataSync object storage locations. * api-change:``inspector2``: This release adds CSV format to GetCisScanReport for Inspector v2 * api-change:``sagemaker``: Amazon SageMaker Inference now supports m6i, c6i, r6i, m7i, c7i, r7i and g5 instance types for Batch Transform Jobs * api-change:``sesv2``: Adds support for specifying replacement headers per BulkEmailEntry in SendBulkEmail in SESv2. - from version 1.34.97 * api-change:``dynamodb``: This release adds support to specify an optional, maximum OnDemandThroughput for DynamoDB tables and global secondary indexes in the CreateTable or UpdateTable APIs. You can also override the OnDemandThroughput settings by calling the ImportTable, RestoreFromPointInTime, or RestoreFromBackup APIs. * api-change:``ec2``: This release includes a new API for retrieving the public endorsement key of the EC2 instance's Nitro Trusted Platform Module (NitroTPM). * api-change:``personalize``: This releases ability to delete users and their data, including their metadata and interactions data, from a dataset group. * api-change:``redshift-serverless``: Update Redshift Serverless List Scheduled Actions Output Response to include Namespace Name. - from version 1.34.96 * api-change:``bedrock-agent``: This release adds support for using MongoDB Atlas as a vector store when creating a knowledge base. * api-change:``ec2``: Documentation updates for Amazon EC2. * api-change:``personalize-runtime``: This release adds support for a Reason attribute for predicted items generated by User-Personalization-v2. * api-change:``securityhub``: Updated CreateMembers API request with limits. * api-change:``sesv2``: Fixes ListContacts and ListImportJobs APIs to use POST instead of GET. - from version 1.34.95 * api-change:``chime-sdk-voice``: Due to changes made by the Amazon Alexa service, GetSipMediaApplicationAlexaSkillConfiguration and PutSipMediaApplicationAlexaSkillConfiguration APIs are no longer available for use. For more information, refer to the Alexa Smart Properties page. * api-change:``codeartifact``: Add support for the Ruby package format. * api-change:``fms``: AWS Firewall Manager now supports the network firewall service stream exception policy feature for accounts within your organization. * api-change:``omics``: Add support for workflow sharing and dynamic run storage * api-change:``opensearch``: This release enables customers to create Route53 A and AAAA alias record types to point custom endpoint domain to OpenSearch domain's dualstack search endpoint. * api-change:``pinpoint-sms-voice-v2``: Amazon Pinpoint has added two new features Multimedia services (MMS) and protect configurations. Use the three new MMS APIs to send media messages to a mobile phone which includes image, audio, text, or video files. Use the ten new protect configurations APIs to block messages to specific countries. * api-change:``qbusiness``: This is a general availability (GA) release of Amazon Q Business. Q Business enables employees in an enterprise to get comprehensive answers to complex questions and take actions through a unified, intuitive web-based chat experience - using an enterprise's existing content, data, and systems. * api-change:``quicksight``: New Q embedding supporting Generative Q&A * api-change:``route53resolver``: Release of FirewallDomainRedirectionAction parameter on the Route 53 DNS Firewall Rule. This allows customers to configure a DNS Firewall rule to inspect all the domains in the DNS redirection chain (default) , such as CNAME, ALIAS, DNAME, etc., or just the first domain and trust the rest. * api-change:``sagemaker``: Amazon SageMaker Training now supports the use of attribute-based access control (ABAC) roles for training job execution roles. Amazon SageMaker Inference now supports G6 instance types. * api-change:``signer``: Documentation updates for AWS Signer. Adds cross-account signing constraint and definitions for cross-account actions. - from version 1.34.94 * api-change:``amplify``: Updating max results limit for listing any resources (Job, Artifacts, Branch, BackendResources, DomainAssociation) to 50 with the exception of list apps that where max results can be up to 100. * api-change:``connectcases``: This feature releases DeleteField, DeletedLayout, and DeleteTemplate API's * api-change:``inspector2``: Update Inspector2 to include new Agentless API parameters. * api-change:``timestream-query``: This change allows users to update and describe account settings associated with their accounts. * api-change:``transcribe``: This update provides error messaging for generative call summarization in Transcribe Call Analytics * api-change:``trustedadvisor``: This release adds the BatchUpdateRecommendationResourceExclusion API to support batch updates of Recommendation Resource exclusion statuses and introduces a new exclusion status filter to the ListRecommendationResources and ListOrganizationRecommendationResources APIs. - from version 1.34.93 * api-change:``codepipeline``: Add ability to manually and automatically roll back a pipeline stage to a previously successful execution. * api-change:``cognito-idp``: Add LimitExceededException to SignUp errors * api-change:``connectcampaigns``: This release adds support for specifying if Answering Machine should wait for prompt sound. * api-change:``marketplace-entitlement``: Releasing minor endpoint updates. * api-change:``oam``: This release introduces support for Source Accounts to define which Metrics and Logs to share with the Monitoring Account * api-change:``rds``: SupportsLimitlessDatabase field added to describe-db-engine-versions to indicate whether the DB engine version supports Aurora Limitless Database. * api-change:``support``: Releasing minor endpoint updates. - from version 1.34.92 * api-change:``appsync``: UpdateGraphQLAPI documentation update and datasource introspection secret arn update * api-change:``fms``: AWS Firewall Manager adds support for network ACL policies to manage Amazon Virtual Private Cloud (VPC) network access control lists (ACLs) for accounts in your organization. * api-change:``ivs``: Bug Fix: IVS does not support arns with the `svs` prefix * api-change:``ivs-realtime``: Bug Fix: IVS Real Time does not support ARNs using the `svs` prefix. * api-change:``rds``: Updates Amazon RDS documentation for setting local time zones for RDS for Db2 DB instances. * api-change:``stepfunctions``: Add new ValidateStateMachineDefinition operation, which performs syntax checking on the definition of a Amazon States Language (ASL) state machine. - from version 1.34.91 * api-change:``datasync``: This change allows users to disable and enable the schedules associated with their tasks. * api-change:``ec2``: Launching capability for customers to enable or disable automatic assignment of public IPv4 addresses to their network interface * api-change:``emr-containers``: EMRonEKS Service support for SecurityConfiguration enforcement for Spark Jobs. * api-change:``entityresolution``: Support Batch Unique IDs Deletion. * api-change:``gamelift``: Amazon GameLift releases container fleets support for public preview. Deploy Linux-based containerized game server software for hosting on Amazon GameLift. * api-change:``ssm``: Add SSM DescribeInstanceProperties API to public AWS SDK. - from version 1.34.90 * api-change:``bedrock``: This release introduces Model Evaluation and Guardrails for Amazon Bedrock. * api-change:``bedrock-agent``: Introducing the ability to create multiple data sources per knowledge base, specify S3 buckets as data sources from external accounts, and exposing levers to define the deletion behavior of the underlying vector store data. * api-change:``bedrock-agent-runtime``: This release introduces zero-setup file upload support for the RetrieveAndGenerate API. This allows you to chat with your data without setting up a Knowledge Base. * api-change:``bedrock-runtime``: This release introduces Guardrails for Amazon Bedrock. * api-change:``ce``: Added additional metadata that might be applicable to your reservation recommendations. * api-change:``ec2``: This release introduces EC2 AMI Deregistration Protection, a new AMI property that can be enabled by customers to protect an AMI against an unintended deregistration. This release also enables the AMI owners to view the AMI 'LastLaunchedTime' in DescribeImages API. * api-change:``pi``: Clarifies how aggregation works for GetResourceMetrics in the Performance Insights API. * api-change:``rds``: Fix the example ARN for ModifyActivityStreamRequest * api-change:``sqs``: This release enables customers to call SQS using AWS JSON-1.0 protocol * api-change:``workspaces-web``: Added InstanceType and MaxConcurrentSessions parameters on CreatePortal and UpdatePortal Operations as well as the ability to read Customer Managed Key & Additional Encryption Context parameters on supported resources (Portal, BrowserSettings, UserSettings, IPAccessSettings) - from version 1.34.89 * api-change:``bedrock-agent``: Releasing the support for simplified configuration and return of control * api-change:``bedrock-agent-runtime``: Releasing the support for simplified configuration and return of control * api-change:``payment-cryptography``: Adding support to TR-31/TR-34 exports for optional headers, allowing customers to add additional metadata (such as key version and KSN) when exporting keys from the service. * api-change:``redshift-serverless``: Updates description of schedule field for scheduled actions. * api-change:``route53profiles``: Route 53 Profiles allows you to apply a central DNS configuration across many VPCs regardless of account. * api-change:``sagemaker``: This release adds support for Real-Time Collaboration and Shared Space for JupyterLab App on SageMaker Studio. * api-change:``servicediscovery``: This release adds examples to several Cloud Map actions. * api-change:``transfer``: Adding new API to support remote directory listing using SFTP connector - from version 1.34.88 * api-change:``glue``: Adding RowFilter in the response for GetUnfilteredTableMetadata API * api-change:``internetmonitor``: This update introduces the GetInternetEvent and ListInternetEvents APIs, which provide access to internet events displayed on the Amazon CloudWatch Internet Weather Map. * api-change:``personalize``: This releases auto training capability while creating a solution and automatically syncing latest solution versions when creating/updating a campaign - from version 1.34.87 * api-change:``drs``: Outpost ARN added to Source Server and Recovery Instance * api-change:``emr-serverless``: This release adds the capability to publish detailed Spark engine metrics to Amazon Managed Service for Prometheus (AMP) for enhanced monitoring for Spark jobs. * api-change:``guardduty``: Added IPv6Address fields for local and remote IP addresses * api-change:``quicksight``: This release adds support for the Cross Sheet Filter and Control features, and support for warnings in asset imports for any permitted errors encountered during execution * api-change:``rolesanywhere``: This release introduces the PutAttributeMapping and DeleteAttributeMapping APIs. IAM Roles Anywhere now provides the capability to define a set of mapping rules, allowing customers to specify which data is extracted from their X.509 end-entity certificates. * api-change:``sagemaker``: Removed deprecated enum values and updated API documentation. * api-change:``workspaces``: Adds new APIs for managing and sharing WorkSpaces BYOL configuration across accounts. - from version 1.34.86 * api-change:``ec2``: Documentation updates for Elastic Compute Cloud (EC2). * api-change:``qbusiness``: This release adds support for IAM Identity Center (IDC) as the identity gateway for Q Business. It also allows users to provide an explicit intent for Q Business to identify how the Chat request should be handled. - from version 1.34.85 * api-change:``bedrock-agent``: For Create Agent API, the agentResourceRoleArn parameter is no longer required. * api-change:``emr-serverless``: This release adds support for shuffle optimized disks that allow larger disk sizes and higher IOPS to efficiently run shuffle heavy workloads. * api-change:``entityresolution``: Cross Account Resource Support . * api-change:``iotwireless``: Add PublicGateways in the GetWirelessStatistics call response, indicating the LoRaWAN public network accessed by the device. * api-change:``lakeformation``: This release adds Lake Formation managed RAM support for the 4 APIs - 'DescribeLakeFormationIdentityCenterConfiguration', 'CreateLakeFormationIdentityCenterConfiguration', 'DescribeLakeFormationIdentityCenterConfiguration', and 'DeleteLakeFormationIdentityCenterConfiguration' * api-change:``m2``: Adding new ListBatchJobRestartPoints API and support for restart batch job. * api-change:``mediapackagev2``: Dash v2 is a MediaPackage V2 feature to support egressing on DASH manifest format. * api-change:``outposts``: This release adds new APIs to allow customers to configure their Outpost capacity at order-time. * api-change:``wellarchitected``: AWS Well-Architected now has a Connector for Jira to allow customers to efficiently track workload risks and improvement efforts and create closed-loop mechanisms. * enhancement:AWSCRT: Update awscrt version to 0.20.9 - from version 1.34.84 * api-change:``cloudformation``: Adding support for the new parameter 'IncludePropertyValues' in the CloudFormation DescribeChangeSet API. When this parameter is included, the DescribeChangeSet response will include more detailed information such as before and after values for the resource properties that will change. * api-change:``config``: Updates documentation for AWS Config * api-change:``glue``: Modifying request for GetUnfilteredTableMetadata for view-related fields. * api-change:``healthlake``: Added new CREATE_FAILED status for data stores. Added new errorCause to DescribeFHIRDatastore API and ListFHIRDatastores API response for additional insights into data store creation and deletion workflows. * api-change:``iotfleethub``: Documentation updates for AWS IoT Fleet Hub to clarify that Fleet Hub supports organization instance of IAM Identity Center. * api-change:``kms``: This feature supports the ability to specify a custom rotation period for automatic key rotations, the ability to perform on-demand key rotations, and visibility into your key material rotations. * api-change:``mediatailor``: Added InsertionMode to PlaybackConfigurations. This setting controls whether players can use stitched or guided ad insertion. The default for players that do not specify an insertion mode is stitched. * api-change:``neptune-graph``: Update to API documentation to resolve customer reported issues. * api-change:``outposts``: This release adds EXPEDITORS as a valid shipment carrier. * api-change:``redshift``: Adds support for Amazon Redshift DescribeClusterSnapshots API to include Snapshot ARN response field. * api-change:``transfer``: This change releases support for importing self signed certificates to the Transfer Family for sending outbound file transfers over TLS/HTTPS. - from version 1.34.83 * api-change:``batch``: This release adds the task properties field to attempt details and the name field on EKS container detail. * api-change:``cloudfront``: CloudFront origin access control extends support to AWS Lambda function URLs and AWS Elemental MediaPackage v2 origins. * api-change:``cloudwatch``: This release adds support for Metric Characteristics for CloudWatch Anomaly Detection. Anomaly Detector now takes Metric Characteristics object with Periodic Spikes boolean field that tells Anomaly Detection that spikes that repeat at the same time every week are part of the expected pattern. * api-change:``codebuild``: Support access tokens for Bitbucket sources * api-change:``iam``: For CreateOpenIDConnectProvider API, the ThumbprintList parameter is no longer required. * api-change:``medialive``: AWS Elemental MediaLive introduces workflow monitor, a new feature that enables the visualization and monitoring of your media workflows. Create signal maps of your existing workflows and monitor them by creating notification and monitoring template groups. * api-change:``omics``: This release adds support for retrieval of S3 direct access metadata on sequence stores and read sets, and adds support for SHA256up and SHA512up HealthOmics ETags. * api-change:``pipes``: LogConfiguration ARN validation fixes * api-change:``rds``: Updates Amazon RDS documentation for Standard Edition 2 support in RDS Custom for Oracle. * api-change:``s3control``: Documentation updates for Amazon S3-control. - from version 1.34.82 * api-change:``cleanrooms``: AWS Clean Rooms Differential Privacy is now fully available. Differential privacy protects against user-identification attempts. * api-change:``connect``: This release adds new Submit Auto Evaluation Action for Amazon Connect Rules. * api-change:``networkmonitor``: Examples were added to CloudWatch Network Monitor commands. * api-change:``qconnect``: This release adds a new QiC public API updateSession and updates an existing QiC public API createSession * api-change:``rekognition``: Added support for ContentType to content moderation detections. * api-change:``supplychain``: This release includes API SendDataIntegrationEvent for AWS Supply Chain * api-change:``workspaces-thin-client``: Adding tags field to SoftwareSet. Removing tags fields from Summary objects. Changing the list of exceptions in tagging APIs. Fixing an issue where the SDK returns empty tags in Get APIs. - from version 1.34.81 * api-change:``codebuild``: Add new webhook filter types for GitHub webhooks * api-change:``mediaconvert``: This release includes support for bringing your own fonts to use for burn-in or DVB-Sub captioning workflows. * api-change:``pinpoint``: The OrchestrationSendingRoleArn has been added to the email channel and is used to send emails from campaigns or journeys. * api-change:``rds``: This release adds support for specifying the CA certificate to use for the new db instance when restoring from db snapshot, restoring from s3, restoring to point in time, and creating a db instance read replica. - from version 1.34.80 * api-change:``controlcatalog``: This is the initial SDK release for AWS Control Catalog, a central catalog for AWS managed controls. This release includes 3 new APIs - ListDomains, ListObjectives, and ListCommonControls - that vend high-level data to categorize controls across the AWS platform. * api-change:``mgn``: Added USE_SOURCE as default option to LaunchConfigurationTemplate bootMode parameter. * api-change:``networkmonitor``: Updated the allowed monitorName length for CloudWatch Network Monitor. - from version 1.34.79 * api-change:``quicksight``: Adding IAMIdentityCenterInstanceArn parameter to CreateAccountSubscription * api-change:``resource-groups``: Added a new QueryErrorCode RESOURCE_TYPE_NOT_SUPPORTED that is returned by the ListGroupResources operation if the group query contains unsupported resource types. * api-change:``verifiedpermissions``: Adding BatchIsAuthorizedWithToken API which supports multiple authorization requests against a PolicyStore given a bearer token. - from version 1.34.78 * api-change:``b2bi``: Adding support for X12 5010 HIPAA EDI version and associated transaction sets. * api-change:``cleanrooms``: Feature: New schemaStatusDetails field to the existing Schema object that displays a status on Schema API responses to show whether a schema is queryable or not. New BatchGetSchemaAnalysisRule API to retrieve multiple schemaAnalysisRules using a single API call. * api-change:``ec2``: Amazon EC2 G6 instances powered by NVIDIA L4 Tensor Core GPUs can be used for a wide range of graphics-intensive and machine learning use cases. Gr6 instances also feature NVIDIA L4 GPUs and can be used for graphics workloads with higher memory requirements. * api-change:``emr-containers``: This release adds support for integration with EKS AccessEntry APIs to enable automatic Cluster Access for EMR on EKS. * api-change:``ivs``: API update to include an SRT ingest endpoint and passphrase for all channels. * api-change:``verifiedpermissions``: Adds GroupConfiguration field to Identity Source API's - from version 1.34.77 * api-change:``cleanroomsml``: The release includes a public SDK for AWS Clean Rooms ML APIs, making them globally available to developers worldwide. * api-change:``cloudformation``: This release would return a new field - PolicyAction in cloudformation's existed DescribeChangeSetResponse, showing actions we are going to apply on the physical resource (e.g., Delete, Retain) according to the user's template * api-change:``datazone``: This release supports the feature of dataQuality to enrich asset with dataQualityResult in Amazon DataZone. * api-change:``docdb``: This release adds Global Cluster Switchover capability which enables you to change your global cluster's primary AWS Region, the region that serves writes, while preserving the replication between all regions in the global cluster. * api-change:``groundstation``: This release adds visibilityStartTime and visibilityEndTime to DescribeContact and ListContacts responses. * api-change:``lambda``: Add Ruby 3.3 (ruby3.3) support to AWS Lambda * api-change:``medialive``: Cmaf Ingest outputs are now supported in Media Live * api-change:``medical-imaging``: SearchImageSets API now supports following enhancements - Additional support for searching on UpdatedAt and SeriesInstanceUID - Support for searching existing filters between dates/times - Support for sorting the search result by Ascending/Descending - Additional parameters returned in the response * api-change:``transfer``: Add ability to specify Security Policies for SFTP Connectors - from version 1.34.76 * api-change:``ecs``: Documentation only update for Amazon ECS. * api-change:``glue``: Adding View related fields to responses of read-only Table APIs. * api-change:``ivschat``: Doc-only update. Changed 'Resources' to 'Key Concepts' in docs and updated text. * api-change:``rolesanywhere``: This release increases the limit on the roleArns request parameter for the *Profile APIs that support it. This parameter can now take up to 250 role ARNs. * api-change:``securityhub``: Documentation updates for AWS Security Hub - from version 1.34.75 * api-change:``cloudwatch``: This release adds support for CloudWatch Anomaly Detection on cross-account metrics. SingleMetricAnomalyDetector and MetricDataQuery inputs to Anomaly Detection APIs now take an optional AccountId field. * api-change:``datazone``: This release supports the feature of AI recommendations for descriptions to enrich the business data catalog in Amazon DataZone. * api-change:``deadline``: AWS Deadline Cloud is a new fully managed service that helps customers set up, deploy, and scale rendering projects in minutes, so they can improve the efficiency of their rendering pipelines and take on more projects. * api-change:``emr``: This release fixes a broken link in the documentation. * api-change:``lightsail``: This release adds support to upgrade the TLS version of the distribution. - from version 1.34.74 * api-change:``b2bi``: Supporting new EDI X12 transaction sets for X12 versions 4010, 4030, and 5010. * api-change:``codebuild``: Add new fleet status code for Reserved Capacity. * api-change:``codeconnections``: Duplicating the CodeStar Connections service into the new, rebranded AWS CodeConnections service. * api-change:``internetmonitor``: This release adds support to allow customers to track cross account monitors through ListMonitor, GetMonitor, ListHealthEvents, GetHealthEvent, StartQuery APIs. * api-change:``iotwireless``: Add support for retrieving key historical and live metrics for LoRaWAN devices and gateways * api-change:``marketplace-catalog``: This release enhances the ListEntities API to support ResaleAuthorizationId filter and sort for OfferEntity in the request and the addition of a ResaleAuthorizationId field in the response of OfferSummary. * api-change:``neptune-graph``: Add the new API Start-Import-Task for Amazon Neptune Analytics. * api-change:``sagemaker``: This release adds support for custom images for the CodeEditor App on SageMaker Studio - from version 1.34.73 * api-change:``codecatalyst``: This release adds support for understanding pending changes to subscriptions by including two new response parameters for the GetSubscription API for Amazon CodeCatalyst. * api-change:``compute-optimizer``: This release enables AWS Compute Optimizer to analyze and generate recommendations with a new customization preference, Memory Utilization. * api-change:``ec2``: Amazon EC2 C7gd, M7gd and R7gd metal instances with up to 3.8 TB of local NVMe-based SSD block-level storage have up to 45% improved real-time NVMe storage performance than comparable Graviton2-based instances. * api-change:``eks``: Add multiple customer error code to handle customer caused failure when managing EKS node groups * api-change:``guardduty``: Add EC2 support for GuardDuty Runtime Monitoring auto management. * api-change:``neptune-graph``: Update ImportTaskCancelled waiter to evaluate task state correctly and minor documentation changes. * api-change:``oam``: This release adds support for sharing AWS::InternetMonitor::Monitor resources. * api-change:``quicksight``: Amazon QuickSight: Adds support for setting up VPC Endpoint restrictions for accessing QuickSight Website. - from version 1.34.72 * api-change:``batch``: This feature allows AWS Batch to support configuration of imagePullSecrets and allowPrivilegeEscalation for jobs running on EKS * api-change:``bedrock-agent``: This changes introduces metadata documents statistics and also updates the documentation for bedrock agent. * api-change:``bedrock-agent-runtime``: This release introduces filtering support on Retrieve and RetrieveAndGenerate APIs. * api-change:``elasticache``: Added minimum capacity to Amazon ElastiCache Serverless. This feature allows customer to ensure minimum capacity even without current load * api-change:``secretsmanager``: Documentation updates for Secrets Manager - from version 1.34.71 * api-change:``bedrock-agent-runtime``: This release adds support to customize prompts sent through the RetrieveAndGenerate API in Agents for Amazon Bedrock. * api-change:``ce``: Adds support for backfill of cost allocation tags, with new StartCostAllocationTagBackfill and ListCostAllocationTagBackfillHistory API. * api-change:``ec2``: Documentation updates for Elastic Compute Cloud (EC2). * api-change:``ecs``: This is a documentation update for Amazon ECS. * api-change:``finspace``: Add new operation delete-kx-cluster-node and add status parameter to list-kx-cluster-node operation. - from version 1.34.70 * api-change:``codebuild``: Supporting GitLab and GitLab Self Managed as source types in AWS CodeBuild. * api-change:``ec2``: Added support for ModifyInstanceMetadataDefaults and GetInstanceMetadataDefaults to set Instance Metadata Service account defaults * api-change:``ecs``: Documentation only update for Amazon ECS. * api-change:``emr-containers``: This release increases the number of supported job template parameters from 20 to 100. * api-change:``globalaccelerator``: AWS Global Accelerator now supports cross-account sharing for bring your own IP addresses. * api-change:``medialive``: Exposing TileMedia H265 options * api-change:``sagemaker``: Introduced support for the following new instance types on SageMaker Studio for JupyterLab and CodeEditor applications: m6i, m6id, m7i, c6i, c6id, c7i, r6i, r6id, r7i, and p5 - from version 1.34.69 * api-change:``firehose``: Updates Amazon Firehose documentation for message regarding Enforcing Tags IAM Policy. * api-change:``kendra``: Documentation update, March 2024. Corrects some docs for Amazon Kendra. * api-change:``pricing``: Add ResourceNotFoundException to ListPriceLists and GetPriceListFileUrl APIs * api-change:``rolesanywhere``: This release relaxes constraints on the durationSeconds request parameter for the *Profile APIs that support it. This parameter can now take on values that go up to 43200. * api-change:``securityhub``: Added new resource detail object to ASFF, including resource for LastKnownExploitAt - from version 1.34.68 * api-change:``codeartifact``: This release adds Package groups to CodeArtifact so you can more conveniently configure package origin controls for multiple packages. - from version 1.34.67 * api-change:``accessanalyzer``: This release adds support for policy validation and external access findings for DynamoDB tables and streams. IAM Access Analyzer helps you author functional and secure resource-based policies and identify cross-account access. Updated service API, documentation, and paginators. * api-change:``codebuild``: This release adds support for new webhook events (RELEASED and PRERELEASED) and filter types (TAG_NAME and RELEASE_NAME). * api-change:``connect``: This release updates the *InstanceStorageConfig APIs to support a new ResourceType: REAL_TIME_CONTACT_ANALYSIS_CHAT_SEGMENTS. Use this resource type to enable streaming for real-time analysis of chat contacts and to associate a Kinesis stream where real-time analysis chat segments will be published. * api-change:``dynamodb``: This release introduces 3 new APIs ('GetResourcePolicy', 'PutResourcePolicy' and 'DeleteResourcePolicy') and modifies the existing 'CreateTable' API for the resource-based policy support. It also modifies several APIs to accept a 'TableArn' for the 'TableName' parameter. * api-change:``managedblockchain-query``: AMB Query: update GetTransaction to include transactionId as input * api-change:``savingsplans``: Introducing the Savings Plans Return feature enabling customers to return their Savings Plans within 7 days of purchase. - from version 1.34.66 * api-change:``cloudformation``: Documentation update, March 2024. Corrects some formatting. * api-change:``ec2``: This release adds the new DescribeMacHosts API operation for getting information about EC2 Mac Dedicated Hosts. Users can now see the latest macOS versions that their underlying Apple Mac can support without needing to be updated. * api-change:``finspace``: Adding new attributes readWrite and onDemand to dataview models for Database Maintenance operations. * api-change:``logs``: Update LogSamples field in Anomaly model to be a list of LogEvent * api-change:``managedblockchain-query``: Introduces a new API for Amazon Managed Blockchain Query: ListFilteredTransactionEvents. - from version 1.34.65 * api-change:``cloudformation``: This release supports for a new API ListStackSetAutoDeploymentTargets, which provider auto-deployment configuration as a describable resource. Customers can now view the specific combinations of regions and OUs that are being auto-deployed. * api-change:``kms``: Adds the ability to use the default policy name by omitting the policyName parameter in calls to PutKeyPolicy and GetKeyPolicy * api-change:``mediatailor``: This release adds support to allow customers to show different content within a channel depending on metadata associated with the viewer. * api-change:``rds``: This release launches the ModifyIntegration API and support for data filtering for zero-ETL Integrations. * api-change:``s3``: Fix two issues with response root node names. * api-change:``timestream-query``: Documentation updates, March 2024 - from version 1.34.64 * api-change:``backup``: This release introduces a boolean attribute ManagedByAWSBackupOnly as part of ListRecoveryPointsByResource api to filter the recovery points based on ownership. This attribute can be used to filter out the recovery points protected by AWSBackup. * api-change:``codebuild``: AWS CodeBuild now supports overflow behavior on Reserved Capacity. * api-change:``connect``: This release adds Hierarchy based Access Control fields to Security Profile public APIs and adds support for UserAttributeFilter to SearchUsers API. * api-change:``ec2``: Add media accelerator and neuron device information on the describe instance types API. * api-change:``kinesisanalyticsv2``: Support for Flink 1.18 in Managed Service for Apache Flink * api-change:``s3``: Documentation updates for Amazon S3. * api-change:``sagemaker``: Adds m6i, m6id, m7i, c6i, c6id, c7i, r6i r6id, r7i, p5 instance type support to Sagemaker Notebook Instances and miscellaneous wording fixes for previous Sagemaker documentation. * api-change:``workspaces-thin-client``: Removed unused parameter kmsKeyArn from UpdateDeviceRequest - from version 1.34.63 * api-change:``amplify``: Documentation updates for Amplify. Identifies the APIs available only to apps created using Amplify Gen 1. * api-change:``ec2-instance-connect``: This release includes a new exception type 'SerialConsoleSessionUnsupportedException' for SendSerialConsoleSSHPublicKey API. * api-change:``elbv2``: This release allows you to configure HTTP client keep-alive duration for communication between clients and Application Load Balancers. * api-change:``fis``: This release adds support for previewing target resources before running a FIS experiment. It also adds resource ARNs for actions, experiments, and experiment templates to API responses. * api-change:``iot-roborunner``: The iot-roborunner client has been removed following the deprecation of the service. * api-change:``rds``: Updates Amazon RDS documentation for EBCDIC collation for RDS for Db2. * api-change:``secretsmanager``: Doc only update for Secrets Manager * api-change:``timestream-influxdb``: This is the initial SDK release for Amazon Timestream for InfluxDB. Amazon Timestream for InfluxDB is a new time-series database engine that makes it easy for application developers and DevOps teams to run InfluxDB databases on AWS for near real-time time-series applications using open source APIs. * enhancement:``urllib3``: Added support for urllib3 2.2.1+ in Python 3.10+ - from version 1.34.62 * api-change:``ivs-realtime``: adds support for multiple new composition layout configuration options (grid, pip) * api-change:``kinesisanalyticsv2``: Support new RuntimeEnvironmentUpdate parameter within UpdateApplication API allowing callers to change the Flink version upon which their application runs. * api-change:``s3``: This release makes the default option for S3 on Outposts request signing to use the SigV4A algorithm when using AWS Common Runtime (CRT). - from version 1.34.61 * api-change:``cloudformation``: CloudFormation documentation update for March, 2024 * api-change:``connect``: This release increases MaxResults limit to 500 in request for SearchUsers, SearchQueues and SearchRoutingProfiles APIs of Amazon Connect. * api-change:``ec2``: Documentation updates for Amazon EC2. * api-change:``kafka``: Added support for specifying the starting position of topic replication in MSK-Replicator. * api-change:``ssm``: March 2024 doc-only updates for Systems Manager. - from version 1.34.60 * api-change:``codestar-connections``: Added a sync configuration enum to disable publishing of deployment status to source providers (PublishDeploymentStatus). Added a sync configuration enum (TriggerStackUpdateOn) to only trigger changes. * api-change:``elasticache``: Revisions to API text that are now to be carried over to SDK text, changing usages of 'SFO' in code examples to 'us-west-1', and some other typos. * api-change:``mediapackagev2``: This release enables customers to safely update their MediaPackage v2 channel groups, channels and origin endpoints using entity tags. - from version 1.34.59 * api-change:``batch``: This release adds JobStateTimeLimitActions setting to the Job Queue API. It allows you to configure an action Batch can take for a blocking job in front of the queue after the defined period of time. The new parameter applies for ECS, EKS, and FARGATE Job Queues. * api-change:``bedrock-agent-runtime``: Documentation update for Bedrock Runtime Agent * api-change:``cloudtrail``: Added exceptions to CreateTrail, DescribeTrails, and ListImportFailures APIs. * api-change:``codebuild``: This release adds support for a new webhook event: PULL_REQUEST_CLOSED. * api-change:``cognito-idp``: Add ConcurrentModificationException to SetUserPoolMfaConfig * api-change:``guardduty``: Add RDS Provisioned and Serverless Usage types * api-change:``transfer``: Added DES_EDE3_CBC to the list of supported encryption algorithms for messages sent with an AS2 connector. - from version 1.34.58 * api-change:``appconfig``: AWS AppConfig now supports dynamic parameters, which enhance the functionality of AppConfig Extensions by allowing you to provide parameter values to your Extensions at the time you deploy your configuration. * api-change:``ec2``: This release adds an optional parameter to RegisterImage and CopyImage APIs to support tagging AMIs at the time of creation. * api-change:``grafana``: Adds support for the new GrafanaToken as part of the Amazon Managed Grafana Enterprise plugins upgrade to associate your AWS account with a Grafana Labs account. * api-change:``lambda``: Documentation updates for AWS Lambda * api-change:``payment-cryptography-data``: AWS Payment Cryptography EMV Decrypt Feature Release * api-change:``rds``: Updates Amazon RDS documentation for io2 storage for Multi-AZ DB clusters * api-change:``snowball``: Doc-only update for change to EKS-Anywhere ordering. * api-change:``wafv2``: You can increase the max request body inspection size for some regional resources. The size setting is in the web ACL association config. Also, the AWSManagedRulesBotControlRuleSet EnableMachineLearning setting now takes a Boolean instead of a primitive boolean type, for languages like Java. * api-change:``workspaces``: Added note for user decoupling - from version 1.34.57 * api-change:``dynamodb``: Doc only updates for DynamoDB documentation * api-change:``imagebuilder``: Add PENDING status to Lifecycle Execution resource status. Add StartTime and EndTime to ListLifecycleExecutionResource API response. * api-change:``mwaa``: Amazon MWAA adds support for Apache Airflow v2.8.1. * api-change:``rds``: Updated the input of CreateDBCluster and ModifyDBCluster to support setting CA certificates. Updated the output of DescribeDBCluster to show current CA certificate setting value. * api-change:``redshift``: Update for documentation only. Covers port ranges, definition updates for data sharing, and definition updates to cluster-snapshot documentation. * api-change:``verifiedpermissions``: Deprecating details in favor of configuration for GetIdentitySource and ListIdentitySources APIs. - from version 1.34.56 * api-change:``apigateway``: Documentation updates for Amazon API Gateway * api-change:``chatbot``: Minor update to documentation. * api-change:``organizations``: This release contains an endpoint addition * api-change:``sesv2``: Adds support for providing custom headers within SendEmail and SendBulkEmail for SESv2. - Update to 1.34.55 * api-change:``docdb-elastic``: Launched Elastic Clusters Readable Secondaries, Start/Stop, Configurable Shard Instance count, Automatic Backups and Snapshot Copying * api-change:``quicksight``: TooltipTarget for Combo chart visuals; ColumnConfiguration limit increase to 2000; Documentation Update * api-change:``amplifyuibuilder``: We have added the ability to tag resources after they are created * api-change:``internetmonitor``: This release adds IPv4 prefixes to health events * api-change:``iotevents``: Increase the maximum length of descriptions for Inputs, Detector Models, and Alarm Models * api-change:``lambda``: Add .NET 8 (dotnet8) Runtime support to AWS Lambda. * api-change:``chatbot``: This release adds support for AWS Chatbot. You can now monitor, operate, and troubleshoot your AWS resources with interactive ChatOps using the AWS SDK. * api-change:``sns``: This release marks phone numbers as sensitive inputs. * api-change:``artifact``: This is the initial SDK release for AWS Artifact. AWS Artifact provides on-demand access to compliance and third-party compliance reports. This release includes access to List and Get reports, along with their metadata. This release also includes access to AWS Artifact notifications settings. * api-change:``guardduty``: Marked fields IpAddressV4, PrivateIpAddress, Email as Sensitive. * api-change:``polly``: Amazon Polly adds 1 new voice - Burcu (tr-TR) * bugfix:ContainerProvider: Properly refreshes token from file from EKS in ContainerProvider * api-change:``resource-explorer-2``: Resource Explorer now uses newly supported IPv4 'amazonaws.com' endpoints by default. * api-change:``pricing``: Add Throttling Exception to all APIs. * api-change:``mediaconvert``: This release includes support for broadcast-mixed audio description tracks. * api-change:``glue``: Update page size limits for GetJobRuns and GetTriggers APIs. * Many more changes, see CHANGELOG.rst Changes in python-coverage: - update to 7.6.10: * Fix: some descriptions of missing branches in HTML and LCOV reports were incorrect when multi-line statements were involved (issue 1874 and issue 1875). These are now fixed. * Fix: Python 3.14 defers evaluation of annotations by moving them into separate code objects. That code is rarely executed, so coverage.py would mark them as missing, as reported in issue 1908. Now they are ignored by coverage automatically. * Fixed an obscure and mysterious problem on PyPy 3.10 seemingly involving mocks, imports, and trace functions: issue 1902. To be honest, I don't understand the problem or the solution, but git bisect helped find it, and now it's fixed. * Docs: re-wrote the :ref:`subprocess` page to put multiprocessing first and to highlight the correct use of :class:`multiprocessing.Pool <python:multiprocessing.pool.Pool>`. * Fix: Tomas Uribe fixed a performance problem in the XML report. Large code bases should produce XML reports much faster now. * Fix: the LCOV report code assumed that a branch line that took no branches meant that the entire line was unexecuted. This isn't true in a few cases: the line might always raise an exception, or might have been optimized away. Fixes issue 1896. * Fix: similarly, the HTML report will now explain that a line that jumps to none of its expected destinations must have always raised an exception. Previously, it would say something nonsensical like, 'line 4 didn't jump to line 5 because line 4 was never true, and it didn't jump to line 7 because line 4 was always true.' This was also shown in issue 1896. * Fix: ugh, the other assert from 7.6.5 can also be encountered in the wild, so it's been restored to a conditional. Sorry for the churn. * One of the new asserts from 7.6.5 caused problems in real projects, as reported in issue 1891. The assert has been removed. * Fix: fine-tuned the exact Python version (3.12.6) when exiting from with statements changed how they traced. This affected whether people saw the fix for `issue 1880`_. * Fix: isolate our code more from mocking in the os module that in rare cases can cause bizarre behavior. * Refactor: some code unreachable code paths in parser.py were changed to asserts. If you encounter any of these, please let me know! - update to 7.6.4: * fix: multi-line with statements could cause contained branches to be incorrectly marked as missing (issue 1880). This is now fixed. * Fix: nested context managers could incorrectly be analyzed to flag a missing branch on the last context manager, as described in issue 1876. This is now fixed. * Fix: the missing branch message about not exiting a module had an extra 'didn't,' as described in issue 1873. This is now fixed. * Dropped support for Python 3.8 and PyPy 3.8. * Fix: a final wildcard match/case clause assigning to a name (case _ as value) was incorrectly marked as a missing branch. This is now fixed, closing issue 1860. * Fewer things are considered branches now. Lambdas, comprehensions, and generator expressions are no longer marked as missing branches if they don't complete execution. Closes issue 1852. * Fix: the HTML report didn't properly show multi-line f-strings that end with a backslash continuation. This is now fixed, closing issue 1836, thanks to LiuYinCarl and Marco Ricci. * Fix: the LCOV report now has correct line numbers (fixing issue 1846) and better branch descriptions for BRDA records (fixing issue 1850). There are other changes to lcov also, including a new configuration option :ref:`line_checksums <config_lcov_line_checksums>` to control whether line checksums are included in the lcov report. The default is false. To keep checksums set it to true. All this work is thanks to Zack Weinberg (pull 1849 and pull 1851). * Fixed the docs for multi-line regex exclusions, closing issue 1863. * Fixed a potential crash in the C tracer, closing issue 1835, thanks to Jan K?hle. - update to 7.6.1: * Fix: coverage used to fail when measuring code using :func:`runpy.run_path <python:runpy.run_path>` with a :class:`Path <python:pathlib.Path>` argument. This is now fixed, thanks to Ask Hjorth Larsen. * Fix: backslashes preceding a multi-line backslashed string could confuse the HTML report. This is now fixed, thanks to LiuYinCarl. * Now we publish wheels for Python 3.13, both regular and free- threaded. * Exclusion patterns can now be multi-line, thanks to Daniel Diniz. This enables many interesting exclusion use-cases, including those requested in issues 118 (entire files), 996 (multiple lines only when appearing together), 1741 (remainder of a function), and 1803 (arbitrary sequence of marked lines). See the :ref:`multi_line_exclude` section of the docs for more details and examples. * The JSON report now includes per-function and per-class coverage information. Thanks to Daniel Diniz for getting the work started. This closes issue 1793 and issue 1532. * Fixed an incorrect calculation of '(no class)' lines in the HTML classes report. * Python 3.13.0b3 is supported. * If you attempt to combine statement coverage data with branch coverage data, coverage.py used to fail with the message 'Can't combine arc data with line data' or its reverse, 'Can't combine line data with arc data.' These messages used internal terminology, making it hard for people to understand the problem. They are now changed to mention 'branch coverage data' and 'statement coverage data.' * Fixed a minor branch coverage problem with wildcard match/case cases using names or guard clauses. * Started testing on 3.13 free-threading (nogil) builds of Python. I'm not claiming full support yet. Closes issue 1799. - update to 7.5.3: * Performance improvements for combining data files, especially when measuring line coverage. A few different quadratic behaviors were eliminated. In one extreme case of combining 700+ data files, the time dropped from more than three hours to seven minutes. Thanks for Kraken Tech for funding the fix. * Performance improvements for generating HTML reports, with a side benefit of reducing memory use, closing issue 1791. Thanks to Daniel Diniz for helping to diagnose the problem. * Fix: nested matches of exclude patterns could exclude too much code, as reported in issue 1779. This is now fixed. * Changed: previously, coverage.py would consider a module docstring to be an executable statement if it appeared after line 1 in the file, but not executable if it was the first line. Now module docstrings are never counted as executable statements. This can change coverage.py's count of the number of statements in a file, which can slightly change the coverage percentage reported. * In the HTML report, the filter term and 'hide covered' checkbox settings are remembered between viewings, thanks to Daniel Diniz. * Python 3.13.0b1 is supported. * Fix: parsing error handling is improved to ensure bizarre source files are handled gracefully, and to unblock oss-fuzz fuzzing, thanks to Liam DeVoe. Closes issue 1787. - Update to 7.5.1: * Fix: a pragma comment on the continuation lines of a multi-line statement now excludes the statement and its body, the same as if the pragma is on the first line. * Fix: very complex source files could cause a maximum recursion error when creating an HTML report. * HTML report improvements: + Support files (JavaScript and CSS) referenced by the HTML report now have hashes added to their names to ensure updated files are used instead of stale cached copies. + Missing branch coverage explanations that said 'the condition was never false' now read 'the condition was always true' because it's easier to understand. + Column sort order is remembered better as you move between the index pages. * Added initial support for function and class reporting in the HTML report. * Other HTML report improvements: + There is now a 'hide covered' checkbox to filter out 100% files. + The index page is always sorted by one of its columns, with clearer indications of the sorting. + The 'previous file' shortcut key didn't work on the index page, but now it does. * The debug output showing which configuration files were tried now shows absolute paths to help diagnose problems where settings aren't taking effect, and is renamed from 'attempted_config_files' to the more logical 'config_files_attempted.' * Fix: in some cases, even with [run] relative_files=True, a data file could be created with absolute path names. When combined with other relative data files, it was random whether the absolute file names would be made relative or not. If they weren't, then a file would be listed twice in reports. * Fix: the last case of a match/case statement had an incorrect message if the branch was missed. It said the pattern never matched, when actually the branch is missed if the last case always matched. * Fix: clicking a line number in the HTML report now positions more accurately. * Fix: the report:format setting was defined as a boolean, but should be a string. * Fix: in some cases, coverage could fail with a RuntimeError: 'Set changed size during iteration.' * Fix: setting COVERAGE_CORE=sysmon no longer errors on 3.11 and lower. * Fix: the JSON report now includes an explicit format version number. * Fix: the change for multi-line signature exclusions in 7.3.3 broke other forms of nested clauses being excluded properly. * Fix: in the HTML report, selecting code for copying won't select the line numbers also. Thanks, `Robert Harris <pull 1717_>`_. * Fix: function definitions with multi-line signatures can now be excluded by matching any of the lines. * Fix: XML reports could fail with a TypeError if files had numeric components that were duplicates except for leading zeroes, like file1.py and file001.py. * The coverage annotate command used to announce that it would be removed in a future version. Enough people got in touch to say that they use it, so it will stay. Don't expect it to keep up with other new features though. - Set COVERAGE_CORE, so we no longer need to skip the ctrace tests, it will be handled for us. - Skip two tests that assert PYTHONPATH is empty, which it can't be. - update to 7.3.2: * The ``coverage lcov`` command ignored the ``[report] exclude_lines`` and ``[report] exclude_also`` settings * Sometimes SQLite will create journal files alongside the coverage.py database files. These are ephemeral, but could be mistakenly included when combining data files. * On Python 3.12+, we now disable SQLite writing journal files, which should be a little faster. * The new 3.12 soft keyword ``type`` is properly bolded in HTML reports. * Removed the 'fullcoverage' feature used by CPython to measure the coverage of early-imported standard library modules. - update to 7.3.1: * The semantics of stars in file patterns has been clarified in the docs. A leading or trailing star matches any number of path components, like a double star would. This is different than the behavior of a star in the middle of a pattern. - specfile * fix build on Leap 15 by moving sle15_python_module_pythons macro to the top - specfile: * require python 3.8 - update to version 7.3.0: * Added a Coverage.collect() context manager to start and stop coverage data collection. * Dropped support for Python 3.7. * Fix: in unusual circumstances, SQLite cannot be set to asynchronous mode. Coverage.py would fail with the error Safety level may not be changed inside a transaction. This is now avoided, closing issue 1646. Thanks to Michael Bell for the detailed bug report. * Docs: examples of configuration files now include separate examples for the different syntaxes: .coveragerc, pyproject.toml, setup.cfg, and tox.ini. * Fix: added nosemgrep comments to our JavaScript code so that semgrep-based SAST security checks won’t raise false alarms about security problems that aren’t problems. * Added a CITATION.cff file, thanks to Ken Schackart. - specfile: * removed upstream patch - update to version 7.2.7: * Fix: reverted a change from 6.4.3 that helped Cython, but also increased the size of data files when using dynamic contexts, as described in the now-fixed issue 1586. The problem is now avoided due to a recent change (issue 1538). Thanks to Anders Kaseorg and David Szotten for persisting with problem reports and detailed diagnoses. * Wheels are now provided for CPython 3.12. - changes from version 7.2.6: * Fix: the lcov command could raise an IndexError exception if a file is translated to Python but then executed under its own name. Jinja2 does this when rendering templates. Fixes issue 1553. * Python 3.12 beta 1 now inlines comprehensions. Previously they were compiled as invisible functions and coverage.py would warn you if they weren’t completely executed. This no longer happens under Python 3.12. * Fix: the coverage debug sys command includes some environment variables in its output. This could have included sensitive data. Those values are now hidden with asterisks, closing issue 1628. since 6.4.3. - Handle cases where python2 is disabled - add LICENSE.txt - python3 package added - minor spec improvement (files section) Changes in python-flaky: - Update to 3.8.1: * Support pytest >= 8.1.1, and Python >= 3.12. - Drop patches, included upstream. - Switch to pyproject macros. - Add patch to remove dependency on the external genty package (gh#box/flaky!197). - Clean up the SPEC file Changes in python-pluggy: - Update to 1.5.0: * Features + Add support for deprecating specific hook parameters, or more generally, for issuing a warning whenever a hook implementation requests certain parameters. + A warning ~pluggy.PluggyTeardownRaisedWarning is now issued when an old-style hookwrapper raises an exception during teardown. + Add PluginManager.unblock <pluggy.PluginManager.unblock> method to unblock a plugin by plugin name. * Bug Fixes + PluginManager.get_plugins() no longer returns None for blocked plugins. + Fix ~pluggy.HookCaller.call_extra() extra methods getting ordered before everything else in some circumstances. Regressed in pluggy 1.1.0. + Fix plugins registering other plugins in a hook when the other plugins implement the same hook itself. Regressed in pluggy 1.1.0. - Switch to pyproject macros. - Revert to 1.3.0 * Pytest 7 is not compatible with pluggy 1.4 but many packages are not compatible with pytest 8 yet - update to 1.4.0: * A warning :class:`~pluggy.PluggyTeardownRaisedWarning` is now issued when an old-style hookwrapper raises an exception during teardown. See the warning documentation for more details. * Add :func:`PluginManager.unblock <pluggy.PluginManager.unblock>` method to unblock a plugin by plugin name. * Fix :func:`~pluggy.HookCaller.call_extra()` extra methods getting ordered before everything else in some circumstances. Regressed in pluggy 1.1.0. * Fix plugins registering other plugins in a hook when the other plugins implement the same hook itself. Regressed in pluggy 1.1.0. - update to 1.3.0: * Python 3.7 is no longer supported. * Pluggy now exposes its typings to static type checkers. * Some fields and classes are marked ``Final`` and ``@final``. * The :ref:`api-reference` is updated to clearly delineate pluggy's public API. Compatibility aliases are put in place for the renamed types. Please note that pluggy is currently unable to provide strong typing for hook calls, e.g. ``pm.hook.my_hook(...)``, nor to statically check that a hook implementation matches the hook specification's type. * The new-style hook wrappers, added in the yanked 1.1.0 release, now require an explicit ``wrapper=True`` designation in the ``@hookimpl()`` decorator. Deprecations and Removals The deprecation was announced in release 0.7.0. deprecation was announced in release 0.7.0. deprecation was announced in release 0.6.0. * fix issue #4: specific HookCallError exception for when a hook call Changes in python-pytest-cov: - Update to 6.2.1: * Added a version requirement for pytest's pluggy dependency. * Removed deprecated license classifier (packaging). * The plugin now adds 3 rules in the filter warnings configuration to prevent common coverage warnings being raised as obscure errors. * Fixed breakage that occurs when ``--cov-context`` and the ``no_cover`` marker are used together. * Change terminal output to use full width lines for the coverage header. * Removed unnecessary CovFailUnderWarning. * Fixed the term report not using the precision specified via ``--cov-precision``. * Changed fail under checks to use the precision set in the coverage configuration. * Added a ``--cov-precision`` cli option that can override the value set in your coverage configuration. * Dropped support for now EOL Python 3.8. - Switch to pytest macro. - Add patch to support changes in coverage 7.5. - update to 5.0.0: * Removed support for xdist rsync (now deprecated). * Switched docs theme to Furo. * Various legacy Python cleanup and CI improvements. Contributed by Christian Clauss and Hugo van Kemenade in #630, #631, #632 and #633. * Added a pyproject.toml example in the docs. Contributed by Dawn James in #626. * Modernized project's pre-commit hooks to use ruff. Initial POC contributed by Christian Clauss in #584. * Support coverage >= 6.2 - Inject multibuild to avoid build cycles. - Skip 6 test cases that are causing problems with Python 3.8 (when combining coverage data from parallel mode). * Added the --cov-append command line options. coverage-4.0 (automatically activated if there’s a * Changed --cov-report=term to automatically upgrade to --cov-report=term-missing if there’s * Changed --cov so it can be used with no path argument (in wich case the source settings from .coveragerc will * Fixed .pth installation to work in all cases * Data file suffixing changed to use coverage’s * Avoid warning about missing coverage data * Fixed a race condition when running with xdist (all the workers tried to combine the files). It’s possible that this issue is not present in Changes in python-pytest-html: - refresh node modules * update pbkdf2 to 3.1.3 CVE-2025-6545, CVE-2025-6547, bsc#1245288. bsc#1245289 - refresh node modules * update brace-expansion to 1.1.12 and 2.0.2 CVE-2025-5889, gh#juliangruber/brace-expansion#65, bsc#1244343 - refresh node modules * update cross-spawn module to 7.0.6 - CVE-2024-21538 (bsc#1233852) - Update packages-lock.json to fix CVE-2024-48948, update elliptic js dependency to 6.6.0. bsc#1231688 - Update packages-lock.json to fix CVE-2024-48949, update elliptic js dependency. bsc#1231562 - Replace node_modules.tar.gz vendoring with obs-service-node_modules - Update to 4.1.1: * fix: Latest eslint is broken (#769) @BeyondEvil * fix: original sort order (#768) @BeyondEvil * [pre-commit.ci] pre-commit autoupdate (#763) @pre-commit-ci - 4.1.0: * Release v4.1.0 (#761) @BeyondEvil * fix: Escaping HTML in log (#757) @BeyondEvil * test: Add UTF8 test (#760) @BeyondEvil * [pre-commit.ci] pre-commit autoupdate (#563) @pre-commit-ci * fix: Only run npm when building from source (#758) @BeyondEvil * Fix results table modification documentation (#749) @michalkaptur * fix: Add collections errors to report (#756) @BeyondEvil * fix: Revert report generation to full run (#754) @BeyondEvil * fix: Broken duration (#753) @BeyondEvil * Pytest html fix reload button typo (#738) @jeffwright13 - 4.0.2: * Fix: Use absolute path for the report (#735) @adrien-berchet - 4.0.1: * fix: Incorrect label for xfailed (#733) @BeyondEvil - Refresh patches and node_modules.tar.gz - Update to 4.0.0: * Feat: Add duration format hook (#724) @BeyondEvil * Chore: Drop support for python 3.7 (#723) @BeyondEvil * Add expander to log output (#721) @drRedflint * Fix: Broken sorting for custom columns (#715) @BeyondEvil * Chore: Stop running scheduled tests on forks (#720) @BeyondEvil * Chore: Fix tox (#718) @BeyondEvil * use max height instead of fixed height (#706) @drRedflint * if only one item in gallery, remove navigation (#705) @drRedflint * Chore: Support legacy pytest-metadata (#714) @BeyondEvil * Feature: Untemplate table header (#713) @BeyondEvil * Fix: Borken HTML in jinja template (#712) @BeyondEvil * Feature: Update json-data-blob (#704) @BeyondEvil * Fix: Collapsed state between redraws (#703) @BeyondEvil * Feature: Only one collapsed state (#701) @BeyondEvil * Chore: General JS cleanup (#700) @BeyondEvil * Feature: Template test and duration summary (#698) @BeyondEvil * Feature: Template result filters (#697) @BeyondEvil * Feature: Template table header (#696) @BeyondEvil * Fix: visible query param (#695) @BeyondEvil * Fix: Handle legacy py html (#694) @BeyondEvil * Fix: Environment table toggle bug (#693) @BeyondEvil * Feature: Add initial sort column as ini (#692) @BeyondEvil * Fix: Duration sorting (#691) @BeyondEvil * Fix: Logging issues with teardown (#690) @BeyondEvil * Chore: Simplify results table hooks (#688) @BeyondEvil * Enable variable expansion for CSS addons. (#676) @BeyondEvil * Fix: results table html hook (#669) @BeyondEvil * fix for #671 - Sort icons inverted in next-gen branch (#672) @harmin-parra * Docs: Update ReadTheDocs to v2 (#673) @BeyondEvil * Feature: Add 'session' to results summary hook (#660) @BeyondEvil * Chore: Fix npm building (#658) @BeyondEvil * Feature: Add hide-able Environment Table (#638) @BeyondEvil * Feature: Make entire row collapsible (#656) @BeyondEvil * Chore: Disambiguate collapsed (#657) @BeyondEvil * Chore: Assorted fixes around pytest entry points (#655) @BeyondEvil * Chore: Add eslint (#651) @BeyondEvil * Chore: Decouple ReportData (#650) @BeyondEvil * Chore: Add npm build hooks (#649) @BeyondEvil * Docs: Fix deprecations page title [skip ci] (#645) @BeyondEvil * Fix: Renamed report-data class to avoid confusion (#642) @BeyondEvil * Chore: Temporary imports for backwards compat (#643) @BeyondEvil * Docs: Add Deprecations docs (#640) @BeyondEvil * Fix: Support cells.pop() (#641) @BeyondEvil * Fix: Order and layout of outcome summary (#629) @BeyondEvil * Fix: Sorting of custom table columns (#634) @BeyondEvil * Chore: Allow concurrency on default branch (#639) @BeyondEvil * Fix: Initial sort and query param (#637) @BeyondEvil * Fix: Add skip marker results to report (#636) @BeyondEvil * Fix: Deprecate use of 'True' in render_collapsed (#635) @BeyondEvil * Fix: Color E(xecption) lines in the log red (#631) @BeyondEvil * Fix: Handle appends on table hooks (#630) @BeyondEvil * Fix: Handle assignment on table hooks (#628) @BeyondEvil * Docs: Update contrib docs (#627) @BeyondEvil * Fix issue with report.extra attribute (#626) @BeyondEvil * chore: It's , 120 is fine (#625) @BeyondEvil * Next gen (#621) @BeyondEvil * chore: Migrate from Poetry to Hatch (#617) @BeyondEvil * docs: Update to current (#616) @BeyondEvil * fix: Broken sorting due to typo in jinja template (#614) @BeyondEvil * fix: Use the same duration formatting as for the tests (#613) @BeyondEvil * fix: Replacing log HTML (#611) @BeyondEvil * fix: Incorrect precedence render collapsed (#610) @BeyondEvil * chore: Better directory and class structure (#609) @BeyondEvil * fix: Deprecate the Cells.pop function (#608) @BeyondEvil * fix: Collapsed should support All and none (#605) @BeyondEvil * tests: Add tests for stdout and sterr capture (#604) @BeyondEvil * fix: Missing logging in report (#603) @BeyondEvil * chore: Add code coverage for JS (#600) @BeyondEvil * Fix: Table row hook (#599) @BeyondEvil * fix: Report fails to render with pytest-xdist (#598) @BeyondEvil * fix: Add config to report object (#588) @BeyondEvil * update: duration_format renders deprecation warning (#589) @BeyondEvil * chore: Add unit test file (#590) @BeyondEvil * refactor: stop overwriting pytest data (#597) @BeyondEvil * Combined fe and be (#479) @BeyondEvil * Revert 'Rename master branch to main' (#562) @BeyondEvil * Switch to setuptools-scm >= 7.0.0 (#567) @dvzrv - Add patch to remove assertpy dependency - Add patch to vendor npm build requirements - Update to 4.0.0rc5, compatible with python-pytest-metadata 3.0.0 (gh#pytest-dev/pytest-html#683) - No release notes upstream - add sle15_python_module_pythons - Remove python_module macro definition - Add python-py dependency - Update to 3.2.0 * Explicitly add py.xml dependency. Thanks to @smartEBL for the PR * Implement the visible URL query parameter to control visibility of test results on page load. (#399) Thanks to @TheCorp for reporting and @gnikonorov for the fix * Make the report tab title reflect the report name. (#412) Thanks to @gnikonorov for the PR * Implement environment_table_redact_list to allow for redaction of environment table values. (#233) Thanks to @fenchu for reporting and @gnikonorov for the PR Changes in python-pytest-metadata: - update to 3.1.1: * Add environment variables for AWS CodeBuild CI - update to 3.1.0: * Support Pytest 8.0 - update to 3.0.0: * Group CLI options * Switch to Hatch * Use `pytest.stash` internally instead of `_metadata` * Simplify code - add sle15_python_module_pythons - Remove python_module macro definition - Update to 2.0.4: * Fix deprecated pytest.mark.optionalhook marker. - 2.0.3: * Remove py dependency. Thanks to @Czaki for reporting. - 2.0.2: * Allow all python versions above 3.7 - 2.0.1: * Fix issues with switching to pyproject.toml Thanks to @dvzrv and @eltrufas for raising issues and providing fixes. - 2.0.0: * Drop support for python 2.7 and 3.6 * Add support for python 3.9 and 3.10 * Introduce pyproject.toml * Provide metadata via JSON file Thanks to @digitalorder for the PR - 1.11.0: * Provide a session fixture to include metadata in Junit XMLs as property tags. Thanks to @sanga for the PR Changes in python-pytest-mock: - Drop python-py requirement, no longer required. - update to 3.14.0: * #415: MockType and AsyncMockType can be imported from pytest_mock for type annotation purposes. * #420: Fixed a regression which would cause patch to not being properly cleared between tests. * #417: spy now has spy_return_list, which is a list containing all the values returned by the spied function. * pytest-mock now requires pytest>=6.2.5. * #410: pytest-mock's setup.py file is removed. If you relied on this file, e.g. to install pytest using setup.py install, please see Why you shouldn't invoke setup.py directly for alternatives. - Fix tests with python 3.11.7 - Add patch to fix tests python3117. - update to 3.12.0: * Added support for Python 3.12. * Dropped support for EOL Python 3.7. * ``mocker.resetall()`` now also resets mocks created by ``mocker.create_autospec`` (`#390`_). - add upstream patch to test with pytest5. Changes in python-pytest: - Update to 8.3.5 * Bug fixes - #11777: Fixed issue where sequences were still being shortened even with -vv verbosity. - #12888: Fixed broken input when using Python 3.13+ and a libedit build of Python, such as on macOS or with uv-managed Python binaries from the python-build- standalone project. This could manifest e.g. by a broken prompt when using Pdb, or seeing empty inputs with manual usage of input() and suspended capturing. - #13026: Fixed AttributeError{.interpreted-text role='class'} crash when using --import-mode=importlib when top-level directory same name as another module of the standard library. - #13053: Fixed a regression in pytest 8.3.4 where, when using --import-mode=importlib, a directory containing py file with the same name would cause an ImportError - #13083: Fixed issue where pytest could crash if one of the collected directories got removed during collection. * Improved documentation - #12842: Added dedicated page about using types with pytest. See types{.interpreted-text role='ref'} for detailed usage. * Contributor-facing changes - #13112: Fixed selftest failures in test_terminal.py with Pygments >= 2.19.0 - #13256: Support for Towncrier versions released in 2024 has been re-enabled when building Sphinx docs -- by webknjaz{.interpreted-text role='user'}. - Add upstream patch to fix compatibility with new Pygments - update to 8.3.4: * #12592: Fixed :class:`KeyError` crash when using --import- mode=importlib in a directory layout where a directory contains a child directory with the same name. * #12818: Assertion rewriting now preserves the source ranges of the original instructions, making it play well with tools that deal with the AST, like executing. * #12849: ANSI escape codes for colored output now handled correctly in :func:`pytest.fail` with pytrace=False. * #9353: :func:`pytest.approx` now uses strict equality when given booleans. * #10558: Fix ambiguous docstring of :func:`pytest.Config.getoption`. * #10829: Improve documentation on the current handling of the --basetemp option and its lack of retention functionality (:ref:`temporary directory location and retention`). * #12866: Improved cross-references concerning the :fixture:`recwarn` fixture. * #12966: Clarify :ref:`filterwarnings` docs on filter precedence/order when using multiple :ref:`@pytest.mark.filterwarnings <pytest.mark.filterwarnings ref>` marks. * #12497: Fixed two failing pdb-related tests on Python 3.13. - update to 8.3.3: * #12446: Avoid calling @property (and other instance descriptors) during fixture discovery -- by :user:`asottile` * #12659: Fixed the issue of not displaying assertion failure differences when using the parameter --import-mode=importlib in pytest>=8.1. * #12667: Fixed a regression where type change in ExceptionInfo.errisinstance caused mypy to fail. * #12744: Fixed typing compatibility with Python 3.9 or less -- replaced typing.Self with typing_extensions.Self -- by :user:`Avasam` * #12745: Fixed an issue with backslashes being incorrectly converted in nodeid paths on Windows, ensuring consistent path handling across environments. * #6682: Fixed bug where the verbosity levels where not being respected when printing the 'msg' part of failed assertion (as in assert condition, msg). * #9422: Fix bug where disabling the terminal plugin via -p no:terminal would cause crashes related to missing the verbose option. -- by :user:`GTowers1` * #12663: Clarify that the pytest_deselected hook should be called from pytest_collection_modifyitems hook implementations when items are deselected. * #12678: Remove erroneous quotes from tmp_path_retention_policy example in docs. * #12769: Fix typos discovered by codespell and add codespell to pre-commit hooks. - update to 8.3.2: * Resolve regression where `conda` environments where no longer being automatically detected - Update to 8.3.1: * New features + Added `--xfail-tb` flag, which turns on traceback output for XFAIL results. + Added support for keyword matching in marker expressions. + Added ``--no-fold-skipped`` command line option. * Improvements + The console output now uses the 'third-party plugins' terminology. + Python virtual environment detection was improved by checking for a pyvenv.cfg file + Do not truncate arguments to functions in output when running with -vvv. + The readability of assertion introspection of bound methods has been enhanced. + Added timezone information to the testsuite timestamp in the JUnit XML report. * Bug Fixes + Fixed reporting of teardown errors in higher-scoped fixtures when using `--maxfail` or `--stepwise`. + pytest.approx now correctly handles Sequence-like objects. + Fixed a regression in pytest 8.0 where tracebacks get longer and longer when multiple tests fail due to a shared higher-scope fixture which raised + Fixed collection error upon encountering an abstract class, including abstract unittest.TestCase subclasses. + Fixed a regression in pytest 8.0.0 where package-scoped parameterized items were not correctly reordered to minimize setups/teardowns in some cases. + Fixed crash with `assert testcase is not None` assertion failure when re-running unittest tests using plugins like pytest-rerunfailures. + Fixed a crash when returning category ``'error'`` or ``'failed'`` with a custom test status from :hook:`pytest_report_teststatus` hook. + Improved handling of invalid regex patterns in pytest.raises(match=r'...') by providing a clear error message. + Parametrization parameters are now compared using == instead of is (is is still used as a fallback if the parameter does not support ==). + Fixed progress percentages sometimes not aligning correctly when running with pytest-xdist -n. * Fix regression in 8.2.2 that did not allow test case reruns. - Update to 8.2.2 * Support for Python 3.13 (beta1 at the time of writing). * Fix `PermissionError` crashes arising from directories which are not selected on the command-line. * Keyboard interrupts and system exits are now properly handled during the test collection. * Fixed handling of 'Function not implemented' error under squashfuse_ll, which is a different way to say that the mountpoint is read-only. * Fix a regression in pytest 8.2.0 where the permissions of automatically-created .pytest_cache directories became rwx------ instead of the expected rwxr-xr-x. * Fix possible catastrophic performance slowdown on a certain parametrization pattern involving many higher-scoped parameters. * Fix a regression in pytest 8.2.0 where unittest class instances were not released promptly on test teardown but only on session teardown. * Fix possible “Directory not empty” crashes arising from concurent cache dir (.pytest_cache) creation. Regressed in pytest 8.2.0. - Update to 8.2.0: * A deprecation warning is now raised when implementations of one of the following hooks request a deprecated py.path.local parameter. * Added support for reading command line arguments from a file using the prefix character @. * Fixed a regression in pytest 8.0.0 where test classes containing setup_method and tests using @staticmethod or @classmethod would crash with AttributeError. * pluggy>=1.5.0 is now required. * Added PYTEST_VERSION environment variable which is defined at the start of the pytest session and undefined afterwards. * Improved namespace packages detection when consider_namespace_packages is enabled. * pytest.importorskip will now issue a warning if the module could be found, but raised ImportError. * Fixed error in pytest.approx when used with numpy arrays and comparing with other types. * Added the new consider_namespace_packages configuration option, defaulting to False. * Added the new verbosity_test_cases configuration option for fine-grained control of test execution verbosity. * --import-mode=importlib <import-mode-importlib> now tries to import modules using the standard import mechanism. * Added support for sys.last_exc for post-mortem debugging on Python>=3.12. * Fixed a regression in pytest 8.0.0 that would cause test collection to fail due to permission errors when using --pyargs. * Fix the stacklevel used when warning about marks used on fixtures. * Fix an edge case where ExceptionInfo._stringify_exception could crash. * Fix an IndexError crash raising from getstatementrange_ast. * PytestRemovedIn8Warning deprecation warnings are now errors by default. * Dropped support for Python 3.7. * Files and directories are now collected in alphabetical order jointly. * Sanitized the handling of the default parameter when defining configuration options. * Avoid microsecond exceeds 1_000_000 when using log-date-format with %f specifier. - Switch to pyproject macros. - Add python version constraints to Requires & BuildRequires - update to 7.4.4: * Fix non-string constants at the top of file being detected as docstrings on Python>=3.8. * Handle an edge case where :data:`sys.stderr` and :data:`sys.__stderr__` might already be closed when :ref:`faulthandler` is tearing down. * Fixed tracebacks from collection errors not getting pruned. * Removed unhelpful error message from assertion rewrite mechanism when exceptions are raised in ``__iter__`` methods. Now they are treated un-iterable instead. - update to 7.4.3: * Markers are now considered in the reverse mro order to ensure base class markers are considered first -- this resolves a regression. * Fixed ``:=`` in asserts impacting unrelated test cases. * Handled an edge case where :data:`sys.stderr` might already be closed when :ref:`faulthandler` is tearing down. Important SUSE bug 1231562 SUSE bug 1231688 SUSE bug 1233852 SUSE bug 1244343 SUSE bug 1245288 SUSE bug 1245289 CVE-2024-21538 at SUSE CVE-2024-21538 at NVD CVE-2024-48948 at SUSE CVE-2024-48948 at NVD CVE-2024-48949 at SUSE CVE-2024-48949 at NVD CVE-2025-5889 at SUSE CVE-2025-5889 at NVD CVE-2025-6545 at SUSE CVE-2025-6545 at NVD CVE-2025-6547 at SUSE CVE-2025-6547 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-53261: coresight: Fix memory leak in acpi_buffer->pointer (bsc#1249770). - CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabled (bsc#1240324). - CVE-2025-22022: usb: xhci: Apply the link chain quirk on NEC isoc endpoints (bsc#1241292). - CVE-2025-38119: scsi: core: ufs: Fix a hang in the error handler (bsc#1245700). - CVE-2025-38234: sched/rt: Fix race in push_rt_task (bsc#1246057). - CVE-2025-38263: bcache: fix NULL pointer in cache_set_flush() (bsc#1246248). - CVE-2025-38351: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (bsc#1246782). - CVE-2025-38402: idpf: return 0 size for RSS key if not supported (bsc#1247262). - CVE-2025-38408: genirq/irq_sim: Initialize work context pointers properly (bsc#1247126). - CVE-2025-38418: remoteproc: core: Release rproc->clean_table after rproc_attach() fails (bsc#1247137). - CVE-2025-38419: remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() (bsc#1247136). - CVE-2025-38456: ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() (bsc#1247099). - CVE-2025-38466: perf: Revert to requiring CAP_SYS_ADMIN for uprobes (bsc#1247442). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38514: rxrpc: Fix oops due to non-existence of prealloc backlog struct (bsc#1248202). - CVE-2025-38526: ice: add NULL check in eswitch lag check (bsc#1248192). - CVE-2025-38527: smb: client: fix use-after-free in cifs_oplock_break (bsc#1248199). - CVE-2025-38533: net: libwx: fix the using of Rx buffer DMA (bsc#1248200). - CVE-2025-38544: rxrpc: Fix bug due to prealloc collision (bsc#1248225). - CVE-2025-38556: HID: core: Harden s32ton() against conversion to 0 bits (bsc#1248296). - CVE-2025-38574: pptp: ensure minimal skb length in pptp_xmit() (bsc#1248365). - CVE-2025-38584: padata: Fix pd UAF once and for all (bsc1248343). - CVE-2025-38590: net/mlx5e: Remove skb secpath if xfrm state is not found (bsc#1248360). - CVE-2025-38593: kABI workaround for bluetooth discovery_state change (bsc#1248357). - CVE-2025-38595: xen: fix UAF in dmabuf_exp_from_pages() (bsc#1248380). - CVE-2025-38597: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port (bsc#1248378). - CVE-2025-38605: wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (bsc#1248334). - CVE-2025-38614: eventpoll: Fix semi-unbounded recursion (bsc#1248392). - CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1248512). - CVE-2025-38622: net: drop UFO packets in udp_rcv_segment() (bsc#1248619). - CVE-2025-38623: PCI: pnv_php: Fix surprise plug detection and recovery (bsc#1248610). - CVE-2025-38639: netfilter: xt_nfacct: do not assume acct name is null-terminated (bsc#1248674). - CVE-2025-38640: bpf: Disable migration in nf_hook_run_bpf() (bsc#1248622). - CVE-2025-38643: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (bsc#1248681). - CVE-2025-38645: net/mlx5: Check device memory pointer before usage (bsc#1248626). - CVE-2025-38659: gfs2: No more self recovery (bsc#1248639). - CVE-2025-38660: [ceph] parse_longname(): strrchr() expects NUL-terminated string (bsc#1248634). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38668: regulator: core: fix NULL dereference on unbind due to stale coupling data (bsc#1248647). - CVE-2025-38676: iommu/amd: Avoid stack buffer overflow from kernel cmdline (bsc#1248775). - CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126). - CVE-2025-38679: media: venus: Fix OOB read due to missing payload bound check (bsc#1249202). - CVE-2025-38684: net/sched: ets: use old 'nbands' while purging unused classes (bsc#1249156). - CVE-2025-38701: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (bsc#1249258). - CVE-2025-38705: drm/amd/pm: fix null pointer access (bsc#1249334). - CVE-2025-38709: loop: Avoid updating block size under exclusive owner (bsc#1249199). - CVE-2025-38721: netfilter: ctnetlink: fix refcount leak on table dump (bsc#1249176). - CVE-2025-38722: habanalabs: fix UAF in export_dmabuf() (bsc#1249163). - CVE-2025-38730: io_uring/net: commit partial buffers on retry (bsc#1249172). - CVE-2025-38732: netfilter: nf_reject: do not leak dst refcount for loopback packets (bsc#1249262). - CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324). - CVE-2025-38735: gve: prevent ethtool ops after shutdown (bsc#1249288). - CVE-2025-39677: net/sched: Fix backlog accounting in qdisc_dequeue_internal (bsc#1249300). - CVE-2025-39678: platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (bsc#1249290). - CVE-2025-39681: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper (bsc#1249303). - CVE-2025-39682: tls: fix handling of zero-length records on the rx_list (bsc#1249284). - CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374). - CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315). - CVE-2025-39705: drm/amd/display: fix a Null pointer dereference vulnerability (bsc#1249295). - CVE-2025-39718: vsock/virtio: Validate length in packet header before skb_put() (bsc#1249305). - CVE-2025-39738: btrfs: do not allow relocation of partially dropped subvolumes (bsc#1249540). - CVE-2025-39744: rcu: Fix rcu_read_unlock() deadloop due to IRQ work (bsc#1249494). - CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516). - CVE-2025-39749: rcu: Protect ->defer_qs_iw_pending from data race (bsc#1249533). - CVE-2025-39754: mm/smaps: fix race between smaps_hugetlb_range and migration (bsc#1249524). - CVE-2025-39764: netfilter: ctnetlink: remove refcounting in expectation dumpers (bsc#1249513). - CVE-2025-39766: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (bsc#1249510). - CVE-2025-39770: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM (bsc#1249508). - CVE-2025-39773: net: bridge: fix soft lockup in br_multicast_query_expired() (bsc#1249504). - CVE-2025-39782: jbd2: prevent softlockup in jbd2_log_do_checkpoint() (bsc#1249526). - CVE-2025-39787: soc: qcom: mdt_loader: Deal with zero e_shentsize (bsc#1249545). - CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608). - CVE-2025-39810: bnxt_en: Fix memory corruption when FW resources change during ifdown (bsc#1249975). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). - CVE-2025-39825: smb: client: fix race with concurrent opens in rename(2) (bsc#1250179). - CVE-2025-39832: net/mlx5: Fix lockdep assertion on sync reset unload event (bsc#1249901). - CVE-2025-39835: xfs: do not propagate ENODATA disk errors into xattr code (bsc#1250025). - CVE-2025-39838: cifs: prevent NULL pointer dereference in UTF16 conversion (bsc#1250365). - CVE-2025-39842: ocfs2: prevent release journal inode after journal shutdown (bsc#1250267). - CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292). - CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276). - CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275). - CVE-2025-39854: ice: fix NULL access of tx->in_use in ice_ll_ts_intr (bsc#1250297). - CVE-2025-39857: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() (bsc#1250251). - CVE-2025-39865: tee: fix NULL pointer dereference in tee_shm_put (bsc#1250294). - CVE-2025-39885: ocfs2: fix recursive semaphore deadlock in fiemap call (bsc#1250407). - CVE-2025-40300: x86/vmscape: Warn when STIBP is disabled with SMT (bsc#1247483). The following non-security bugs were fixed: - 9p/xen: fix init sequence (git-fixes). - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes). - ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list (stable-fixes). - ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message (git-fixes). - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (git-fixes). - ACPI: debug: fix signedness issues in read/write helpers (git-fixes). - ACPI: processor: idle: Fix memory leak when register cpuidle device failed (git-fixes). - ACPI: property: Fix buffer properties extraction for subnodes (git-fixes). - ACPICA: Fix largest possible resource descriptor index (git-fixes). - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (stable-fixes). - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (stable-fixes). - ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup (stable-fixes). - ALSA: hda/realtek: Add ALC295 Dell TAS2781 I2C fixup (git-fixes). - ALSA: hda/realtek: Add support for HP Agusta using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY (stable-fixes). - ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx (stable-fixes). - ALSA: hda: intel-dsp-config: Prevent SEGFAULT if ACPI_HANDLE() is NULL (git-fixes). - ALSA: lx_core: use int type to store negative error codes (git-fixes). - ALSA: usb-audio: Add DSD support for Comtrue USB Audio device (stable-fixes). - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on more devices (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on some devices (stable-fixes). - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Convert comma to semicolon (git-fixes). - ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix block comments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix build with CONFIG_INPUT=n (git-fixes). - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (stable-fixes). - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (stable-fixes). - ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free (git-fixes). - ALSA: usb-audio: move mixer_quirks' min_mute into common quirk (stable-fixes). - ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (git-fixes). - ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (git-fixes). - ASoC: codecs: tx-macro: correct tx_macro_component_drv name (stable-fixes). - ASoC: imx-hdmi: remove cpu_pdev related code (git-fixes). - ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface (git-fixes). - ASoC: qcom: audioreach: fix potential null pointer dereference (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S (git-fixes). - ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() (git-fixes). - ASoC: wm8940: Correct PLL rate rounding (git-fixes). - ASoC: wm8940: Correct typo in control name (git-fixes). - ASoC: wm8974: Correct PLL rate rounding (git-fixes). - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (git-fixes). - Bluetooth: ISO: Fix possible UAF on iso_conn_free (git-fixes). - Bluetooth: ISO: do not leak skb in ISO_CONT RX (git-fixes). - Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO (git-fixes). - Bluetooth: MGMT: Fix possible UAFs (git-fixes). - Bluetooth: compute LE flow credits based on recvbuf space (git-fixes). - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (git-fixes). - Bluetooth: hci_sync: Avoid adding default advertising on startup (stable-fixes). - Bluetooth: hci_sync: Fix hci_resume_advertising_sync (git-fixes). - Bluetooth: qca: fix invalid device address check (git-fixes). - Bluetooth: qca: fix wcn3991 device address check (git-fixes). - Bluetooth: vhci: Prevent use-after-free by removing debugfs files early (git-fixes). - Drivers: hv: Always select CONFIG_SYSFB for Hyper-V guests (git-fixes). - Drivers: hv: Select CONFIG_SYSFB only if EFI is enabled (git-fixes). - arch: arm64: Drop arm64 patches that may lead to module load failure (bsc#1250057). - wrt: Regression fix for wrt s2idle on AMD laptops (bsc#1243112). - EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller (git-fixes). - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (stable-fixes). - HID: input: rename hidinput_set_battery_charge_status() (stable-fixes). - HID: input: report battery status changes immediately (git-fixes). - HID: intel-ish-ipc: Remove redundant ready check after timeout function (git-fixes). - HID: mcp2221: Do not set bus speed on every transfer (stable-fixes). - HID: mcp2221: Handle reads greater than 60 bytes (stable-fixes). - HID: quirks: add support for Legion Go dual dinput modes (stable-fixes). - HID: wacom: Add a new Art Pen 2 (stable-fixes). - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (git-fixes) - IB/sa: Fix sa_local_svc_timeout_ms read race (git-fixes) - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table (stable-fixes). - Input: iqs7222 - avoid enabling unused interrupts (stable-fixes). - KVM: SVM: Clear current_vmcb during vCPU free for all *possible* CPUs (git-fixes). - KVM: SVM: Disable interception of SPEC_CTRL iff the MSR exists for the guest (git-fixes). - KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active (git-fixes). - KVM: VMX: Extract checking of guest's DEBUGCTL into helper (git-fixes). - KVM: VMX: Flush shadow VMCS on emergency reboot (git-fixes). - KVM: VMX: Handle KVM-induced preemption timer exits in fastpath for L2 (git-fixes). - KVM: VMX: Handle forced exit due to preemption timer in fastpath (git-fixes). - KVM: VMX: Re-enter guest in fastpath for 'spurious' preemption timer exits (git-fixes). - KVM: arm64: vgic: fix incorrect spinlock API usage (git-fixes). - KVM: s390: Fix incorrect usage of mmu_notifier_register() (git-fixes bsc#1250336). - KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table (git-fixes). - KVM: x86: Drop pending_smi vs. INIT_RECEIVED check when setting MP_STATE (git-fixes). - KVM: x86: Fully defer to vendor code to decide how to force immediate exit (git-fixes). - KVM: x86: Move handling of is_guest_mode() into fastpath exit handlers (git-fixes). - KVM: x86: Plumb 'force_immediate_exit' into kvm_entry() tracepoint (git-fixes). - KVM: x86: avoid underflow when scaling TSC frequency (git-fixes). - Limit patch filenames to 100 characters (bsc#1249604). - NFSv4.1: fix backchannel max_resp_sz verification check (git-fixes). - NFSv4/flexfiles: Fix layout merge mirror check (git-fixes). - NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set (git-fixes). - NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server (git-fixes). - NFSv4: Do not clear capabilities that won't be reset (git-fixes). - PCI/AER: Fix missing uevent on recovery when a reset is requested (git-fixes). - PCI/ERR: Fix uevent on failure to recover (git-fixes). - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (git-fixes). - PCI/sysfs: Ensure devices are powered for config reads (git-fixes). - PCI: Extend isolated function probing to LoongArch (git-fixes). - PCI: keystone: Use devm_request_irq() to free 'ks-pcie-error-irq' on exit (git-fixes). - PCI: rcar-host: Drop PMSR spinlock (git-fixes). - PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() (git-fixes). - PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert() (git-fixes). - PCI: tegra194: Handle errors in BPMP response (git-fixes). - PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock (git-fixes). - PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation (git-fixes). - PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() (git-fixes). - PM: sleep: core: Clear power.must_resume in noirq suspend error path (git-fixes). - RDMA/cm: Rate limit destroy CM ID timeout error message (git-fixes) - RDMA/core: Resolve MAC of next-hop device without ARP support (git-fixes) - RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count (git-fixes) - RDMA/mlx5: Fix vport loopback forcing for MPV device (git-fixes) - RDMA/rxe: Fix race in do_task() when draining (git-fixes) - RDMA/siw: Always report immediate post SQ errors (git-fixes) - Revert 'SUNRPC: Do not allow waiting for exiting tasks' (git-fixes). - Revert 'drm/amdgpu: fix incorrect vm flags to map bo' (stable-fixes). - SUNRPC: call xs_sock_process_cmsg for all cmsg (git-fixes). - Squashfs: add additional inode sanity checking (git-fixes). - Squashfs: fix uninit-value in squashfs_get_parent (git-fixes). - Squashfs: reject negative file sizes in squashfs_read_inode() (git-fixes). - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (git-fixes). - USB: serial: option: add Telit Cinterion FN990A w/audio compositions (stable-fixes). - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (stable-fixes). - Update config files. (bsc#1249186) Plain run_oldconfig after Kconfig update. - afs: Fix potential null pointer dereference in afs_put_server (git-fixes). - arm64: Handle KCOV __init vs inline mismatches (git-fixes) - arm64: Mark kernel as tainted on SAE and SError panic (git-fixes) - arm64: dts: apple: Add ethernet0 alias for J375 template (git-fixes) - arm64: dts: apple: t8103-j457: Fix PCIe ethernet iommu-map (git-fixes) - arm64: dts: imx8mp-tqma8mpql: fix LDO5 power off (git-fixes) - arm64: dts: imx8mp: Correct thermal sensor index (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul (git-fixes) - arm64: dts: rockchip: Add vcc-supply to SPI flash on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou (git-fixes). - arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma (git-fixes) - arm64: dts: rockchip: use cs-gpios for spi1 on ringneck (git-fixes) - arm64: ftrace: fix unreachable PLT for ftrace_caller in init_module (git-fixes) - ax25: properly unshare skbs in ax25_kiss_rcv() (git-fixes). - batman-adv: fix OOB read/write in network-coding decode (git-fixes). - bpf, bpftool: Fix incorrect disasm pc (git-fixes). - bpf: Adjust free target to avoid global starvation of LRU map (git-fixes). - bpf: Fix iter/task tid filtering (git-fixes). - bpf: Fix link info netfilter flags to populate defrag flag (git-fixes). - bpf: Make reg_not_null() true for CONST_PTR_TO_MAP (git-fixes). - bpf: Properly test iter/task tid filtering (git-fixes). - bpf: bpftool: Setting error code in do_loader() (git-fixes). - bpf: handle implicit declaration of function gettid in bpf_iter.c - bpf: skip non exist keys in generic_map_lookup_batch (git-fixes). - bpftool: Fix JSON writer resource leak in version command (git-fixes). - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure (git-fixes). - bpftool: Fix readlink usage in get_fd_type (git-fixes). - bpftool: Mount bpffs when pinmaps path not under the bpffs (git-fixes). - bpftool: fix potential NULL pointer dereferencing in prog_dump() (git-fixes). - btrfs: abort transaction during log replay if walk_log_tree() failed (git-fixes). - btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() (git-fixes). - btrfs: add cancellation points to trim loops (git-fixes). - btrfs: always abort transaction on failure to add block group to free space tree (git-fixes). - btrfs: always update fstrim_range on failure in FITRIM ioctl (git-fixes). - btrfs: avoid load/store tearing races when checking if an inode was logged (git-fixes). - btrfs: fix data overwriting bug during buffered write when block size &lt; page size (git-fixes). - btrfs: fix invalid extref key setup when replaying dentry (git-fixes). - btrfs: fix race between logging inode and checking if it was logged before (git-fixes). - btrfs: fix race between setting last_dir_index_offset and inode logging (git-fixes). - btrfs: make found_logical_ret parameter mandatory for function queue_scrub_stripe() (git-fixes). - btrfs: move transaction aborts to the error site in add_block_group_free_space() (git-fixes). - btrfs: qgroup: fix race between quota disable and quota rescan ioctl (git-fixes). - btrfs: scrub: avoid unnecessary csum tree search preparing stripes (git-fixes). - btrfs: scrub: avoid unnecessary extent tree search preparing stripes (git-fixes). - btrfs: scrub: fix grouping of read IO (git-fixes). - btrfs: scrub: remove scrub_ctx::csum_list member (git-fixes). - btrfs: split remaining space to discard in chunks (git-fixes). - btrfs: tree-checker: fix the incorrect inode ref size check (git-fixes). - btrfs: use SECTOR_SHIFT to convert physical offset to LBA (git-fixes). - build_bug.h: Add KABI assert (bsc#1249186). - bus: fsl-mc: Check return value of platform_get_resource() (git-fixes). - bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() (git-fixes). - can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: j1939: implement NETDEV_UNREGISTER notification handler (git-fixes). - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (git-fixes). - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (git-fixes). - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: peak_usb: fix shift-out-of-bounds issue (git-fixes). - can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (stable-fixes). - can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB (git-fixes). - cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN (stable-fixes). - ceph: fix possible integer overflow in ceph_zero_objects() (git-fixes). - ceph: validate snapdirname option length when mounting (git-fixes). - cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key (bsc#1241166). - cgroup/rstat: Optimize cgroup_rstat_updated_list() (bsc#1247963). - cgroup/rstat: Reduce cpu_lock hold time in cgroup_rstat_flush_locked() (bsc#1247963). - cgroup: llist: avoid memory tears for llist_node (bsc#1247963). - cgroup: make css_rstat_updated nmi safe (bsc#1247963). - cgroup: remove cgroup_rstat_flush_atomic() (bsc#1247963). - cgroup: remove per-cpu per-subsystem locks (bsc#1247963). - cgroup: support to enable nmi-safe css_rstat_updated (bsc#1247963). - compiler-clang.h: define __SANITIZE_*__ macros only when undefined (stable-fixes). - compiler: remove __ADDRESSABLE_ASM{_STR,}() again (git-fixes). - cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag (stable-fixes). - cpufreq: Exit governor when failed to start old governor (stable-fixes). - cpufreq: Init policy->rwsem before it may be possibly used (git-fixes). - cpufreq: Initialize cpufreq-based frequency-invariance later (git-fixes). - cpufreq: Initialize cpufreq-based invariance before subsys (git-fixes). - cpufreq: Use the fixed and coherent frequency for scaling capacity (stable-fixes). - cpufreq: cppc: Fix invalid return value in .get() callback (git-fixes). - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (git-fixes). - cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode (git-fixes). - cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode (git-fixes). - cpufreq: scpi: compare kHz instead of Hz (git-fixes). - cpufreq: tegra186: Share policy per cluster (stable-fixes). - cpupower: Fix a bug where the -t option of the set subcommand was not working (stable-fixes). - crypto: af_alg - Set merge to zero early in af_alg_sendmsg (git-fixes). - crypto: aspeed - Fix dma_unmap_sg() direction (git-fixes). - crypto: atmel - Fix dma_unmap_sg() direction (git-fixes). - crypto: hisilicon/qm - check whether the input function and PF are on the same device (git-fixes). - crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs (git-fixes). - crypto: keembay - Add missing check after sg_nents_for_len() (git-fixes). - crypto: qat - add shutdown handler to qat_c3xxx (git-fixes). - crypto: qat - add shutdown handler to qat_c62x (git-fixes). - crypto: qat - add shutdown handler to qat_dh895xcc (git-fixes). - dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted (stable-fixes). - dmaengine: Fix dma_async_tx_descriptor->tx_submit documentation (git-fixes). - dmaengine: dw: dmamux: Fix device reference leak in rzn1_dmamux_route_allocate (git-fixes). - dmaengine: idxd: Fix double free in idxd_setup_wqs() (git-fixes). - dmaengine: idxd: Fix refcount underflow on module unload (git-fixes). - dmaengine: idxd: Remove improper idxd_free (git-fixes). - dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (git-fixes). - dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (git-fixes). - dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (git-fixes). - docs: admin-guide: update to current minimum pipe size default (git-fixes). - drivers/base/node: fix double free in register_one_node() (git-fixes). - drivers/base/node: handle error properly in register_one_node() (git-fixes). - drivers/base/node: optimize memory block registration to reduce boot time (bsc#1241866). - drivers/base/node: remove register_mem_block_under_node_early() (bsc#1241866). - drivers/base/node: remove register_memory_blocks_under_node() function call from register_one_node (bsc#1241866). - drivers/base/node: rename __register_one_node() to register_one_node() (bsc#1241866). - drivers/base/node: rename register_memory_blocks_under_node() and remove context argument (bsc#1241866). - drm/amd/amdgpu: Fix missing error return on kzalloc failure (git-fixes). - drm/amd/display: Disable DPCD Probe Quirk (bsc#1248121). - drm/amd/display: Do not warn when missing DCE encoder caps (stable-fixes). - drm/amd/display: Remove redundant semicolons (git-fixes). - drm/amd/display: use udelay rather than fsleep (git-fixes). - drm/amd/pm: Adjust si_upload_smc_data register programming (v3) (git-fixes). - drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) (git-fixes). - drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) (git-fixes). - drm/amd/pm: Disable ULV even if unsupported (v3) (git-fixes). - drm/amd/pm: Fix si_upload_smc_data (v3) (git-fixes). - drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) (git-fixes). - drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages (stable-fixes). - drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time (stable-fixes). - drm/amdgpu: Power up UVD 3 for FW validation (v2) (git-fixes). - drm/amdgpu: drop hw access in non-DC audio fini (stable-fixes). - drm/amdgpu: fix a memory leak in fence cleanup when unloading (git-fixes). - drm/amdgpu: remove the redeclaration of variable i (git-fixes). - drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() (git-fixes). - drm/ast: Use msleep instead of mdelay for edid read (bsc#1250530). - drm/bridge: it6505: select REGMAP_I2C (git-fixes). - drm/bridge: ti-sn65dsi86: fix REFCLK setting (git-fixes). - drm/dp: Add an EDID quirk for the DPCD register access probe (bsc#1248121). - drm/dp: Change AUX DPCD probe address from LANE0_1_STATUS to TRAINING_PATTERN_SET (bsc#1248121). - drm/edid: Add support for quirks visible to DRM core and drivers (bsc#1248121). - drm/edid: Define the quirks in an enum list (bsc#1248121). - drm/gma500: Fix null dereference in hdmi teardown (git-fixes). - drm/i915/backlight: Return immediately when scale() finds invalid parameters (stable-fixes). - drm/i915/power: fix size for for_each_set_bit() in abox iteration (git-fixes). - drm/mediatek: fix potential OF node use-after-free (git-fixes). - drm/msm/dpu: fix incorrect type for ret (git-fixes). - drm/panel: novatek-nt35560: Fix invalid return value (git-fixes). - drm/radeon/r600_cs: clean up of dead code in r600_cs (git-fixes). - drm/rcar-du: dsi: Fix 1/2/3 lane support (git-fixes). - drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ (git-fixes). - drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path (git-fixes). - erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC (git-fixes). - ext4: remove writable userspace mappings before truncating page cache (bsc#1247223). - fbcon: Fix OOB access in font allocation (git-fixes). - fbcon: fix integer overflow in fbcon_do_set_font (git-fixes). - firewire: core: fix overlooked update of subsystem ABI version (git-fixes). - firmware: meson_sm: fix device leak at probe (git-fixes). - flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read (git-fixes). - fs/nfs/io: make nfs_start_io_*() killable (git-fixes). - hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111). - hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open to prevent IPv6 addrconf (git-fixes). - hwmon: (mlxreg-fan) Separate methods of fan setting coming from different subsystems (git-fixes). - hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM (git-fixes). - hwrng: ks-sa - fix division by zero in ks_sa_rng_init (git-fixes). - hwrng: nomadik - add ARM_AMBA dependency (git-fixes). - hypfs_create_cpu_files(): add missing check for hypfs_mkdir() failure (git-fixes bsc#1249122). - i2c: designware: Add disabling clocks when probe fails (git-fixes). - i2c: i801: Hide Intel Birch Stream SoC TCO WDT (git-fixes). - i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (git-fixes). - i2c: riic: Allow setting frequencies lower than 50KHz (git-fixes). - i2c: tegra: Use internal reset when reset property is not available (bsc#1249143) - i3c: Fix default I2C adapter timeout value (git-fixes). - i3c: master: svc: Recycle unused IBI slot (git-fixes). - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (git-fixes). - iio: dac: ad5360: use int type to store negative error codes (git-fixes). - iio: dac: ad5421: use int type to store negative error codes (git-fixes). - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (git-fixes). - iio: frequency: adf4350: Fix prescaler usage (git-fixes). - iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume (git-fixes). - iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK (git-fixes). - iio: xilinx-ams: Unmask interrupts after updating alarms (git-fixes). - iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() (git-fixes). - isolcpus: add missing hunk back (bsc#1236897 bsc#1249206). - kABI fix after vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes). - kABI fix for 'netfilter: nf_tables: Audit log rule reset' (git-fixes). - kABI workaround for 'drm/dp: Add an EDID quirk for the DPCD register access probe' (bsc#1248121). - kABI workaround for RCU tasks exit tracking (bsc#1246298). - kABI: adjust new field on ip_ct_sctp struct (git-fixes). - kABI: arm64: ftrace: Restore init_module behavior (git-fixes). - kABI: arm64: ftrace: Restore struct mod_arch_specific layout (git-fixes). - kABI: make nft_trans_gc_catchall() public again (git-fixes). - kABI: netfilter flowtable move gc operation to bottom (git-fixes). - kabi: Restore layout of parallel_data (bsc1248343). - kabi: add struct cgroup_extra (bsc#1247963). - kabi: restore layout of struct cgroup_rstat_cpu (bsc#1247963). - kbuild/modpost: Continue processing all unresolved symbols when KLP_SYM_RELA is found (bsc#1218644, bsc#1250655). - kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522). - mISDN: Fix memory leak in dsp_hwec_enable() (git-fixes). - maple_tree: fix MAPLE_PARENT_RANGE32 and parent pointer docs (git-fixes). - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (git-fixes). - media: cx18: Add missing check after DMA map (git-fixes). - media: i2c: mt9v111: fix incorrect type for ret (git-fixes). - media: lirc: Fix error handling in lirc_register() (git-fixes). - media: pci: ivtv: Add missing check after DMA map (git-fixes). - media: rc: fix races with imon_disconnect() (git-fixes). - media: rj54n1cb0c: Fix memleak in rj54n1_probe() (git-fixes). - media: st-delta: avoid excessive stack usage (git-fixes). - media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (git-fixes). - media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() (git-fixes). - media: zoran: Remove zoran_fh structure (git-fixes). - memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (git-fixes). - mfd: rz-mtu3: Fix MTU5 NFCR register offset (git-fixes). - mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (git-fixes). - misc: genwqe: Fix incorrect cmd field being reported in error (git-fixes). - mm/hwpoison: do not send SIGBUS to processes with recovered clean pages (git-fixes). - mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn (git-fixes). - mm: introduce and use {pgd,p4d}_populate_kernel() (git-fixes). - mm: move page table sync declarations to linux/pgtable.h (git-fixes). - mmc: core: Use GFP_NOIO in ACMD22 (git-fixes). - mmc: mvsdio: Fix dma_unmap_sg() nents value (git-fixes). - mmc: sdhci-cadence: add Mobileye eyeQ support (stable-fixes). - mtd: nand: raw: atmel: Fix comment in timings preparation (stable-fixes). - mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (git-fixes). - mtd: rawnand: omap2: fix device leak on probe failure (git-fixes). - mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (git-fixes). - mtd: rawnand: stm32_fmc2: fix ECC overwrite (git-fixes). - net: hv_netvsc: fix loss of early receive events from host during channel open (git-fixes). - net: nfc: nci: Add parameter validation for packet data (git-fixes). - net: phy: fix phy_uses_state_machine() (git-fixes). - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (git-fixes). - net: rose: convert 'use' field to refcount_t (git-fixes). - net: rose: fix a typo in rose_clear_routes() (git-fixes). - net: rose: include node references in rose_neigh refcount (git-fixes). - net: rose: split remove and free operations in rose_remove_neigh() (stable-fixes). - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (git-fixes). - net: usb: cdc-ncm: check for filtering capability (git-fixes). - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (git-fixes). - netfilter: conntrack: fix extension size table (git-fixes). - netfilter: flowtable: GC pushes back packets to classic path (git-fixes). - netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp (git-fixes). - netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses (git-fixes). - netfilter: nf_conntrack_bridge: initialize err to 0 (git-fixes). - netfilter: nf_tables: A better name for nft_obj_filter (git-fixes). - netfilter: nf_tables: Audit log rule reset (git-fixes). - netfilter: nf_tables: Carry reset boolean in nft_obj_dump_ctx (git-fixes). - netfilter: nf_tables: Carry s_idx in nft_obj_dump_ctx (git-fixes). - netfilter: nf_tables: Deduplicate nft_register_obj audit logs (git-fixes). - netfilter: nf_tables: Drop pointless memset in nf_tables_dump_obj (git-fixes). - netfilter: nf_tables: Drop pointless memset when dumping rules (git-fixes). - netfilter: nf_tables: Fix entries val in rule reset audit log (git-fixes). - netfilter: nf_tables: Introduce nf_tables_getrule_single() (git-fixes). - netfilter: nf_tables: Open-code audit log call in nf_tables_getrule() (git-fixes). - netfilter: nf_tables: Unbreak audit log reset (git-fixes). - netfilter: nf_tables: Unconditionally allocate nft_obj_filter (git-fixes). - netfilter: nf_tables: audit log object reset once per table (git-fixes). - netfilter: nf_tables: bogus ENOENT when destroying element which does not exist (git-fixes). - netfilter: nf_tables: disallow element removal on anonymous sets (git-fixes). - netfilter: nf_tables: do not remove elements if set backend implements .abort (git-fixes). - netfilter: nf_tables: nft_obj_filter fits into cb->ctx (git-fixes). - netfilter: nf_tables: remove catchall element in GC sync path (git-fixes). - netfilter: nf_tables: revert do not remove elements if set backend implements .abort (git-fixes). - netfilter: nf_tables: split async and sync catchall in two functions (git-fixes). - netfilter: nfnetlink_log: silence bogus compiler warning (git-fixes). - netfilter: nft_payload: fix wrong mac header matching (git-fixes). - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (git-fixes). - netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC (git-fixes). - netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails (git-fixes). - netfilter: nft_set_rbtree: prefer sync gc to async worker (git-fixes). - netfilter: nft_set_rbtree: rename gc deactivate+erase function (git-fixes). - netfilter: xt_recent: fix (increase) ipv6 literal buffer length (git-fixes). - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* (git-fixes). - nouveau: fix disabling the nonstall irq due to storm code (git-fixes). - nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500). - nvme-pci: try function level reset on init failure (git-fixes). - nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500). - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500). - nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500). - orangefs: Remove unused type in macro fill_default_sys_attrs (git-fixes). - pcmcia: Add error handling for add_interval() in do_validate_mem() (git-fixes). - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() (git-fixes). - pcmcia: omap: Add missing check for platform_get_resource (git-fixes). - phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 (git-fixes). - phy: tegra: xusb: fix device and OF node leak at probe (git-fixes). - phy: ti-pipe3: fix device leak at unbind (git-fixes). - pinctrl: equilibrium: Remove redundant semicolons (git-fixes). - pinctrl: meson-gxl: add missing i2c_d pinmux (git-fixes). - pinctrl: renesas: Use int type to store negative error codes (git-fixes). - pinctrl: samsung: Drop unused S3C24xx driver data (git-fixes). - platform/mellanox: mlxbf-pmc: Remove newline char from event name input (git-fixes). - platform/mellanox: mlxbf-pmc: Validate event/enable input (git-fixes). - platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list (stable-fixes). - platform/x86: dell-wmi-sysman: Fix class device unregistration (git-fixes). - platform/x86: think-lmi: Fix class device unregistration (git-fixes). - platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches (git-fixes). - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (git-fixes). - power: supply: bq27xxx: restrict no-battery detection to bq27000 (git-fixes). - power: supply: cw2015: Fix a alignment coding style issue (git-fixes). - power: supply: max77976_charger: fix constant current reporting (git-fixes). - pptp: fix pptp_xmit() error path (git-fixes). - pwm: berlin: Fix wrong register in suspend/resume (git-fixes). - pwm: tiehrpwm: Fix corner case in clock divisor calculation (git-fixes). - pwm: tiehrpwm: Make code comment in .free() more useful (git-fixes). - rcu-tasks: Add data to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Eliminate deadlocks involving do_exit() and RCU (bsc#1246298) - rcu-tasks: Initialize callback lists at rcu_init() time (bsc#1246298) - rcu-tasks: Initialize data to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Maintain lists to eliminate RCU-tasks/do_exit() (bsc#1246298) - rcu-tasks: Maintain real-time response in (bsc#1246298) - rcu/exp: Fix RCU expedited parallel grace period kworker (git-fixes) - rcu/exp: Handle RCU expedited grace period kworker allocation (git-fixes) - rcu: Fix racy re-initialization of irq_work causing hangs (git-fixes) - regmap: Remove superfluous check for !config in __regmap_init() (git-fixes). - regulator: scmi: Use int type to store negative error codes (git-fixes). - regulator: sy7636a: fix lifecycle of power good gpio (git-fixes). - rpm: Link arch-symbols script from scripts directory. - rpm: Link guards script from scripts directory. - s390/cpum_cf: Deny all sampling events by counter PMU (git-fixes bsc#1249481). - s390/hypfs: Avoid unnecessary ioctl registration in debugfs (git-fixes bsc#1248733 LTC#214881). - s390/hypfs: Enable limited access during lockdown (git-fixes bsc#1248733 LTC#214881). - s390/ism: fix concurrency management in ism_cmd() (git-fixes bsc#1248735). - s390/pai: Deny all events not handled by this PMU (git-fixes bsc#1249482). - s390/pci: Allow automatic recovery with minimal driver support (git-fixes bsc#1248734 LTC#214880). - s390/sclp: Fix SCCB present check (git-fixes bsc#1249123). - s390/stp: Remove udelay from stp_sync_clock() (git-fixes bsc#1249124). - s390/time: Use monotonic clock in get_cycles() (git-fixes bsc#1249125). - s390/vfio-ap: Fix no AP queue sharing allowed message written to kernel log (git-fixes bsc#1249488). - sched/deadline: Collect sched_dl_entity initialization (git-fixes) - sched/fair: Remove unused parameter from sched_asym() (git-fixes) - sched/fair: Take the scheduling domain into account in (git-fixes) - sched/isolation: Fix boot crash when maxcpus &lt; first (git-fixes) - sched/numa, mm: do not try to migrate memory to memoryless (git-fixes) - scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519). - scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519). - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519). - scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519). - scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519). - scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519). - scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519). - scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519). - scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519). - scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519). - scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519). - scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519). - scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519). - scsi: lpfc: Use int type to store negative error codes (bsc#1250519). - scsi: lpfc: use min() to improve code (bsc#1250519). - scsi: qla2xxx: Avoid stack frame size warning in qla_dfs (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() (git-fixes). - scsi: qla2xxx: Remove firmware URL (git-fixes). - scsi: qla2xxx: Use secs_to_jiffies() instead of msecs_to_jiffies() (git-fixes). - scsi: qla2xxx: edif: Fix incorrect sign of error code (git-fixes). - seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast (git-fixes). - selftests/bpf: Add asserts for netfilter link info (git-fixes). - selftests/bpf: Add cmp_map_pointer_with_const test (git-fixes). - selftests/bpf: Add test cases with CONST_PTR_TO_MAP null checks (git-fixes). - selftests/bpf: adapt one more case in test_lru_map to the new target_free (git-fixes). - selftests/cpufreq: Fix cpufreq basic read and update testcases (bsc#1250344). - selftests: bpf: test batch lookup on array of maps with holes (git-fixes). - serial: max310x: Add error checking in probe() (git-fixes). - serial: sc16is7xx: fix bug in flow control levels init (git-fixes). - soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (git-fixes). - spi: bcm2835: Remove redundant semicolons (git-fixes). - spi: cadence-quadspi: Flush posted register writes before DAC access (git-fixes). - spi: cadence-quadspi: Flush posted register writes before INDAC access (git-fixes). - spi: mtk-snfi: Remove redundant semicolons (git-fixes). - spi: spi-fsl-lpspi: Fix transmissions when using CONT (git-fixes). - spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (git-fixes). - spi: spi-fsl-lpspi: Set correct chip-select polarity bit (git-fixes). - struct cdc_ncm_ctx: hide new member filtering_supported (git-fixes). - struct ci_hdrc: new member has_short_pkt_limit to end (git-fixes). - struct l2cap_chan: shift new member rx_avail to end (git-fixes). - supported.conf: mark hyperv_drm as external - thermal/drivers/qcom/lmh: Add missing IRQ includes (git-fixes). - thunderbolt: Compare HMAC values in constant time (git-fixes). - tty: hvc_console: Call hvc_kick in hvc_write unconditionally (bsc#1230062). - tty: n_gsm: Do not block input queue by waiting MSC (git-fixes). - uio: uio_pdrv_genirq: Remove MODULE_DEVICE_TABLE (git-fixes). - usb: chipidea: add CI_HDRC_HAS_SHORT_PKT_LIMIT flag (git-fixes). - usb: core: Add 0x prefix to quirks debug output (stable-fixes). - usb: dwc3: imx8mp: fix device leak at unbind (git-fixes). - usb: dwc3: qcom: Do not leave BCR asserted (git-fixes). - usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (git-fixes). - usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure calls (git-fixes). - usb: typec: fusb302: cache PD RX state (git-fixes). - usb: typec: maxim_contaminant: disable low power mode when reading comparator values (git-fixes). - usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean (git-fixes). - usb: typec: tcpci: use GENMASK() for TCPC_ROLE_CTRL_CC[12] (git-fixes). - usb: typec: tcpm/tcpci_maxim: fix non-contaminant CC handling (git-fixes). - usb: typec: tcpm/tcpci_maxim: use GENMASK() for TCPC_VENDOR_CC_CTRL2 register (git-fixes). - usb: xhci: Fix invalid pointer dereference in Etron workaround (git-fixes). - use uniform permission checks for all mount propagation changes (git-fixes). - vhost-scsi: Fix log flooding with target does not exist errors (git-fixes). - vhost-scsi: Return queue full for page alloc failures during copy (git-fixes). - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (git-fixes). - vhost/vsock: Avoid allocating arbitrarily-sized SKBs (git-fixes). - vhost: fail early when __vhost_add_used() fails (git-fixes). - vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page (git-fixes). - vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes). - vsock: Allow retrying on connect() failure (git-fixes). - vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` (git-fixes). - vsock: avoid timeout during connect() if the socket is closing (git-fixes). - watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (git-fixes). - wifi: ath10k: avoid unnecessary wait for service ready message (git-fixes). - wifi: ath11k: HAL SRNG: do not deinitialize and re-initialize again (git-fixes). - wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() (git-fixes). - wifi: ath11k: fix group data packet drops during rekey (git-fixes). - wifi: ath12k: Add MODULE_FIRMWARE() entries (bsc#1250952). - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work (git-fixes). - wifi: cfg80211: fix use-after-free in cmp_bss() (git-fixes). - wifi: cfg80211: remove cfg80211_inform_single_bss_frame_data() (git-fixes). - wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (git-fixes). - wifi: cw1200: cap SSID length in cw1200_do_join() (git-fixes). - wifi: iwlwifi: uefi: check DSM item validity (git-fixes). - wifi: libertas: cap SSID len in lbs_associate() (git-fixes). - wifi: mac80211: fix Rx packet handling when pubsta information is not available (git-fixes). - wifi: mac80211: fix incorrect type for ret (stable-fixes). - wifi: mac80211: increase scan_ies_len for S1G (stable-fixes). - wifi: mt76: fix potential memory leak in mt76_wmac_probe() (git-fixes). - wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() (git-fixes). - wifi: mwifiex: Initialize the chan_stats array to zero (git-fixes). - wifi: mwifiex: send world regulatory domain to driver (git-fixes). - wifi: rtw89: avoid circular locking dependency in ser_state_run() (git-fixes). - wifi: virt_wifi: Fix page fault on connect (stable-fixes). - wifi: wilc1000: avoid buffer overflow in WID string configuration (stable-fixes). - wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn() (git-fixes). - writeback: Avoid contention on wb->list_lock when switching inodes (bsc#1237776). - writeback: Avoid contention on wb->list_lock when switching inodes (kABI fixup) (bsc#1237776). - writeback: Avoid excessively long inode switching times (bsc#1237776). - writeback: Avoid softlockup when switching many inodes (bsc#1237776). - x86/CPU/AMD: WARN when setting EFER.AUTOIBRS if and only if the WRMSR fails (git-fixes). - x86/Kconfig: Always enable ARCH_SPARSEMEM_ENABLE (git-fixes). - x86/amd_nb: Restrict init function to AMD-based systems (git-fixes). - x86/cpu: Add model number for Intel Clearwater Forest processor (git-fixes). - x86/fpu: Delay instruction pointer fixup until after warning (git-fixes). - x86/microcode/AMD: Handle the case of no BIOS microcode (git-fixes). - x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() (git-fixes). - x86/rdrand: Disable RDSEED on AMD Cyan Skillfish (git-fixes). - xen/gntdev: remove struct gntdev_copy_batch from stack (git-fixes). - xen/netfront: Fix TX response spurious interrupts (git-fixes). - xen: Add support for XenServer 6.1 platform device (git-fixes). - xenbus: Allow PVH dom0 a non-local xenstore (git-fixes). - xfs: rearrange code in xfs_inode_item_precommit (bsc#1237449). - xfs: rework datasync tracking and execution (bsc#1237449). - xhci: Fix control transfer error on Etron xHCI host (git-fixes). - xhci: dbc: Fix full DbC transfer ring after several reconnects (git-fixes). - xhci: fix memory leak regression when freeing xhci vdev devices depth first (git-fixes). - xirc2ps_cs: fix register access when enabling FullDuplex (git-fixes). Important SUSE bug 1012628 SUSE bug 1194869 SUSE bug 1213061 SUSE bug 1213666 SUSE bug 1214073 SUSE bug 1214928 SUSE bug 1214953 SUSE bug 1215150 SUSE bug 1215696 SUSE bug 1216436 SUSE bug 1216976 SUSE bug 1218644 SUSE bug 1220186 SUSE bug 1220419 SUSE bug 1229165 SUSE bug 1230062 SUSE bug 1236897 SUSE bug 1237449 SUSE bug 1237776 SUSE bug 1240324 SUSE bug 1241166 SUSE bug 1241292 SUSE bug 1241866 SUSE bug 1243100 SUSE bug 1243112 SUSE bug 1245193 SUSE bug 1245260 SUSE bug 1245700 SUSE bug 1246057 SUSE bug 1246125 SUSE bug 1246190 SUSE bug 1246248 SUSE bug 1246298 SUSE bug 1246509 SUSE bug 1246782 SUSE bug 1247099 SUSE bug 1247118 SUSE bug 1247126 SUSE bug 1247136 SUSE bug 1247137 SUSE bug 1247223 SUSE bug 1247239 SUSE bug 1247262 SUSE bug 1247442 SUSE bug 1247483 SUSE bug 1247500 SUSE bug 1247963 SUSE bug 1248111 SUSE bug 1248121 SUSE bug 1248192 SUSE bug 1248199 SUSE bug 1248200 SUSE bug 1248202 SUSE bug 1248225 SUSE bug 1248296 SUSE bug 1248334 SUSE bug 1248343 SUSE bug 1248357 SUSE bug 1248360 SUSE bug 1248365 SUSE bug 1248378 SUSE bug 1248380 SUSE bug 1248392 SUSE bug 1248512 SUSE bug 1248610 SUSE bug 1248619 SUSE bug 1248622 SUSE bug 1248626 SUSE bug 1248628 SUSE bug 1248634 SUSE bug 1248639 SUSE bug 1248647 SUSE bug 1248674 SUSE bug 1248681 SUSE bug 1248733 SUSE bug 1248734 SUSE bug 1248735 SUSE bug 1248775 SUSE bug 1248847 SUSE bug 1249122 SUSE bug 1249123 SUSE bug 1249124 SUSE bug 1249125 SUSE bug 1249126 SUSE bug 1249143 SUSE bug 1249156 SUSE bug 1249159 SUSE bug 1249163 SUSE bug 1249164 SUSE bug 1249166 SUSE bug 1249169 SUSE bug 1249170 SUSE bug 1249172 SUSE bug 1249176 SUSE bug 1249177 SUSE bug 1249186 SUSE bug 1249190 SUSE bug 1249194 SUSE bug 1249195 SUSE bug 1249196 SUSE bug 1249199 SUSE bug 1249200 SUSE bug 1249202 SUSE bug 1249203 SUSE bug 1249204 SUSE bug 1249206 SUSE bug 1249215 SUSE bug 1249220 SUSE bug 1249221 SUSE bug 1249254 SUSE bug 1249255 SUSE bug 1249257 SUSE bug 1249258 SUSE bug 1249260 SUSE bug 1249262 SUSE bug 1249263 SUSE bug 1249265 SUSE bug 1249266 SUSE bug 1249271 SUSE bug 1249272 SUSE bug 1249273 SUSE bug 1249278 SUSE bug 1249279 SUSE bug 1249281 SUSE bug 1249282 SUSE bug 1249284 SUSE bug 1249285 SUSE bug 1249288 SUSE bug 1249290 SUSE bug 1249292 SUSE bug 1249295 SUSE bug 1249296 SUSE bug 1249299 SUSE bug 1249300 SUSE bug 1249303 SUSE bug 1249304 SUSE bug 1249305 SUSE bug 1249308 SUSE bug 1249312 SUSE bug 1249315 SUSE bug 1249318 SUSE bug 1249321 SUSE bug 1249323 SUSE bug 1249324 SUSE bug 1249334 SUSE bug 1249338 SUSE bug 1249374 SUSE bug 1249413 SUSE bug 1249479 SUSE bug 1249481 SUSE bug 1249482 SUSE bug 1249486 SUSE bug 1249488 SUSE bug 1249489 SUSE bug 1249490 SUSE bug 1249494 SUSE bug 1249504 SUSE bug 1249506 SUSE bug 1249508 SUSE bug 1249510 SUSE bug 1249513 SUSE bug 1249515 SUSE bug 1249516 SUSE bug 1249522 SUSE bug 1249523 SUSE bug 1249524 SUSE bug 1249526 SUSE bug 1249533 SUSE bug 1249538 SUSE bug 1249540 SUSE bug 1249542 SUSE bug 1249545 SUSE bug 1249548 SUSE bug 1249554 SUSE bug 1249598 SUSE bug 1249604 SUSE bug 1249608 SUSE bug 1249615 SUSE bug 1249640 SUSE bug 1249641 SUSE bug 1249642 SUSE bug 1249658 SUSE bug 1249662 SUSE bug 1249672 SUSE bug 1249673 SUSE bug 1249677 SUSE bug 1249678 SUSE bug 1249679 SUSE bug 1249682 SUSE bug 1249687 SUSE bug 1249698 SUSE bug 1249707 SUSE bug 1249712 SUSE bug 1249730 SUSE bug 1249756 SUSE bug 1249758 SUSE bug 1249761 SUSE bug 1249762 SUSE bug 1249768 SUSE bug 1249770 SUSE bug 1249774 SUSE bug 1249779 SUSE bug 1249780 SUSE bug 1249785 SUSE bug 1249787 SUSE bug 1249795 SUSE bug 1249815 SUSE bug 1249820 SUSE bug 1249823 SUSE bug 1249824 SUSE bug 1249825 SUSE bug 1249826 SUSE bug 1249833 SUSE bug 1249842 SUSE bug 1249845 SUSE bug 1249849 SUSE bug 1249850 SUSE bug 1249853 SUSE bug 1249856 SUSE bug 1249861 SUSE bug 1249863 SUSE bug 1249864 SUSE bug 1249865 SUSE bug 1249866 SUSE bug 1249869 SUSE bug 1249870 SUSE bug 1249880 SUSE bug 1249883 SUSE bug 1249888 SUSE bug 1249896 SUSE bug 1249897 SUSE bug 1249901 SUSE bug 1249911 SUSE bug 1249917 SUSE bug 1249919 SUSE bug 1249923 SUSE bug 1249926 SUSE bug 1249938 SUSE bug 1249949 SUSE bug 1249950 SUSE bug 1249952 SUSE bug 1249975 SUSE bug 1249979 SUSE bug 1249984 SUSE bug 1249988 SUSE bug 1249990 SUSE bug 1249993 SUSE bug 1249994 SUSE bug 1249997 SUSE bug 1250002 SUSE bug 1250004 SUSE bug 1250006 SUSE bug 1250007 SUSE bug 1250012 SUSE bug 1250022 SUSE bug 1250024 SUSE bug 1250025 SUSE bug 1250028 SUSE bug 1250029 SUSE bug 1250035 SUSE bug 1250049 SUSE bug 1250055 SUSE bug 1250057 SUSE bug 1250058 SUSE bug 1250062 SUSE bug 1250063 SUSE bug 1250065 SUSE bug 1250066 SUSE bug 1250067 SUSE bug 1250069 SUSE bug 1250070 SUSE bug 1250073 SUSE bug 1250074 SUSE bug 1250088 SUSE bug 1250089 SUSE bug 1250106 SUSE bug 1250112 SUSE bug 1250117 SUSE bug 1250120 SUSE bug 1250125 SUSE bug 1250127 SUSE bug 1250128 SUSE bug 1250145 SUSE bug 1250150 SUSE bug 1250156 SUSE bug 1250157 SUSE bug 1250161 SUSE bug 1250163 SUSE bug 1250166 SUSE bug 1250167 SUSE bug 1250169 SUSE bug 1250171 SUSE bug 1250177 SUSE bug 1250179 SUSE bug 1250180 SUSE bug 1250186 SUSE bug 1250196 SUSE bug 1250198 SUSE bug 1250199 SUSE bug 1250201 SUSE bug 1250203 SUSE bug 1250204 SUSE bug 1250206 SUSE bug 1250208 SUSE bug 1250241 SUSE bug 1250242 SUSE bug 1250243 SUSE bug 1250247 SUSE bug 1250249 SUSE bug 1250251 SUSE bug 1250262 SUSE bug 1250263 SUSE bug 1250266 SUSE bug 1250267 SUSE bug 1250268 SUSE bug 1250275 SUSE bug 1250276 SUSE bug 1250281 SUSE bug 1250290 SUSE bug 1250291 SUSE bug 1250292 SUSE bug 1250294 SUSE bug 1250297 SUSE bug 1250298 SUSE bug 1250313 SUSE bug 1250319 SUSE bug 1250323 SUSE bug 1250325 SUSE bug 1250329 SUSE bug 1250336 SUSE bug 1250337 SUSE bug 1250344 SUSE bug 1250358 SUSE bug 1250365 SUSE bug 1250371 SUSE bug 1250377 SUSE bug 1250384 SUSE bug 1250389 SUSE bug 1250395 SUSE bug 1250397 SUSE bug 1250402 SUSE bug 1250406 SUSE bug 1250407 SUSE bug 1250426 SUSE bug 1250450 SUSE bug 1250459 SUSE bug 1250519 SUSE bug 1250522 SUSE bug 1250530 SUSE bug 1250655 SUSE bug 1250712 SUSE bug 1250713 SUSE bug 1250732 SUSE bug 1250736 SUSE bug 1250741 SUSE bug 1250759 SUSE bug 1250763 SUSE bug 1250765 SUSE bug 1250807 SUSE bug 1250808 SUSE bug 1250809 SUSE bug 1250812 SUSE bug 1250813 SUSE bug 1250815 SUSE bug 1250816 SUSE bug 1250820 SUSE bug 1250823 SUSE bug 1250825 SUSE bug 1250827 SUSE bug 1250830 SUSE bug 1250831 SUSE bug 1250837 SUSE bug 1250841 SUSE bug 1250861 SUSE bug 1250863 SUSE bug 1250867 SUSE bug 1250872 SUSE bug 1250873 SUSE bug 1250878 SUSE bug 1250905 SUSE bug 1250907 SUSE bug 1250917 SUSE bug 1250918 SUSE bug 1250923 SUSE bug 1250926 SUSE bug 1250928 SUSE bug 1250929 SUSE bug 1250930 SUSE bug 1250931 SUSE bug 1250941 SUSE bug 1250942 SUSE bug 1250949 SUSE bug 1250952 SUSE bug 1250957 SUSE bug 1250964 CVE-2023-31248 at SUSE CVE-2023-31248 at NVD CVE-2023-3772 at SUSE CVE-2023-3772 at NVD CVE-2023-39197 at SUSE CVE-2023-39197 at NVD CVE-2023-42753 at SUSE CVE-2023-42753 at NVD CVE-2023-53147 at SUSE CVE-2023-53147 at NVD CVE-2023-53148 at SUSE CVE-2023-53148 at NVD CVE-2023-53150 at SUSE CVE-2023-53150 at NVD CVE-2023-53151 at SUSE CVE-2023-53151 at NVD CVE-2023-53152 at SUSE CVE-2023-53152 at NVD CVE-2023-53165 at SUSE CVE-2023-53165 at NVD CVE-2023-53167 at SUSE CVE-2023-53167 at NVD CVE-2023-53170 at SUSE CVE-2023-53170 at NVD CVE-2023-53174 at SUSE CVE-2023-53174 at NVD CVE-2023-53175 at SUSE CVE-2023-53175 at NVD CVE-2023-53177 at SUSE CVE-2023-53177 at NVD CVE-2023-53179 at SUSE CVE-2023-53179 at NVD CVE-2023-53180 at SUSE CVE-2023-53180 at NVD CVE-2023-53181 at SUSE CVE-2023-53181 at NVD CVE-2023-53183 at SUSE CVE-2023-53183 at NVD CVE-2023-53184 at SUSE CVE-2023-53184 at NVD CVE-2023-53185 at SUSE CVE-2023-53185 at NVD CVE-2023-53187 at SUSE CVE-2023-53187 at NVD CVE-2023-53189 at SUSE CVE-2023-53189 at NVD CVE-2023-53192 at SUSE CVE-2023-53192 at NVD CVE-2023-53195 at SUSE CVE-2023-53195 at NVD CVE-2023-53196 at SUSE CVE-2023-53196 at NVD CVE-2023-53201 at SUSE CVE-2023-53201 at NVD CVE-2023-53204 at SUSE CVE-2023-53204 at NVD CVE-2023-53205 at SUSE CVE-2023-53205 at NVD CVE-2023-53206 at SUSE CVE-2023-53206 at NVD CVE-2023-53207 at SUSE CVE-2023-53207 at NVD CVE-2023-53208 at SUSE CVE-2023-53208 at NVD CVE-2023-53209 at SUSE CVE-2023-53209 at NVD CVE-2023-53210 at SUSE CVE-2023-53210 at NVD CVE-2023-53215 at SUSE CVE-2023-53215 at NVD CVE-2023-53217 at SUSE CVE-2023-53217 at NVD CVE-2023-53220 at SUSE CVE-2023-53220 at NVD CVE-2023-53221 at SUSE CVE-2023-53221 at NVD CVE-2023-53222 at SUSE CVE-2023-53222 at NVD CVE-2023-53226 at SUSE CVE-2023-53226 at NVD CVE-2023-53230 at SUSE CVE-2023-53230 at NVD CVE-2023-53231 at SUSE CVE-2023-53231 at NVD CVE-2023-53235 at SUSE CVE-2023-53235 at NVD CVE-2023-53238 at SUSE CVE-2023-53238 at NVD CVE-2023-53243 at SUSE CVE-2023-53243 at NVD CVE-2023-53245 at SUSE CVE-2023-53245 at NVD CVE-2023-53247 at SUSE CVE-2023-53247 at NVD CVE-2023-53248 at SUSE CVE-2023-53248 at NVD CVE-2023-53249 at SUSE CVE-2023-53249 at NVD CVE-2023-53251 at SUSE CVE-2023-53251 at NVD CVE-2023-53252 at SUSE CVE-2023-53252 at NVD CVE-2023-53255 at SUSE CVE-2023-53255 at NVD CVE-2023-53257 at SUSE CVE-2023-53257 at NVD CVE-2023-53258 at SUSE CVE-2023-53258 at NVD CVE-2023-53260 at SUSE CVE-2023-53260 at NVD CVE-2023-53261 at SUSE CVE-2023-53261 at NVD CVE-2023-53263 at SUSE CVE-2023-53263 at NVD CVE-2023-53264 at SUSE CVE-2023-53264 at NVD CVE-2023-53272 at SUSE CVE-2023-53272 at NVD CVE-2023-53274 at SUSE CVE-2023-53274 at NVD CVE-2023-53275 at SUSE CVE-2023-53275 at NVD CVE-2023-53280 at SUSE CVE-2023-53280 at NVD CVE-2023-53286 at SUSE CVE-2023-53286 at NVD CVE-2023-53287 at SUSE CVE-2023-53287 at NVD CVE-2023-53288 at SUSE CVE-2023-53288 at NVD CVE-2023-53291 at SUSE CVE-2023-53291 at NVD CVE-2023-53292 at SUSE CVE-2023-53292 at NVD CVE-2023-53303 at SUSE CVE-2023-53303 at NVD CVE-2023-53304 at SUSE CVE-2023-53304 at NVD CVE-2023-53305 at SUSE CVE-2023-53305 at NVD CVE-2023-53309 at SUSE CVE-2023-53309 at NVD CVE-2023-53311 at SUSE CVE-2023-53311 at NVD CVE-2023-53312 at SUSE CVE-2023-53312 at NVD CVE-2023-53313 at SUSE CVE-2023-53313 at NVD CVE-2023-53314 at SUSE CVE-2023-53314 at NVD CVE-2023-53316 at SUSE CVE-2023-53316 at NVD CVE-2023-53319 at SUSE CVE-2023-53319 at NVD CVE-2023-53321 at SUSE CVE-2023-53321 at NVD CVE-2023-53322 at SUSE CVE-2023-53322 at NVD CVE-2023-53323 at SUSE CVE-2023-53323 at NVD CVE-2023-53324 at SUSE CVE-2023-53324 at NVD CVE-2023-53325 at SUSE CVE-2023-53325 at NVD CVE-2023-53328 at SUSE CVE-2023-53328 at NVD CVE-2023-53331 at SUSE CVE-2023-53331 at NVD CVE-2023-53333 at SUSE CVE-2023-53333 at NVD CVE-2023-53336 at SUSE CVE-2023-53336 at NVD CVE-2023-53338 at SUSE CVE-2023-53338 at NVD CVE-2023-53339 at SUSE CVE-2023-53339 at NVD CVE-2023-53342 at SUSE CVE-2023-53342 at NVD CVE-2023-53343 at SUSE CVE-2023-53343 at NVD CVE-2023-53350 at SUSE CVE-2023-53350 at NVD CVE-2023-53352 at SUSE CVE-2023-53352 at NVD CVE-2023-53354 at SUSE CVE-2023-53354 at NVD CVE-2023-53356 at SUSE CVE-2023-53356 at NVD CVE-2023-53357 at SUSE CVE-2023-53357 at NVD CVE-2023-53360 at SUSE CVE-2023-53360 at NVD CVE-2023-53362 at SUSE CVE-2023-53362 at NVD CVE-2023-53364 at SUSE CVE-2023-53364 at NVD CVE-2023-53365 at SUSE CVE-2023-53365 at NVD CVE-2023-53367 at SUSE CVE-2023-53367 at NVD CVE-2023-53368 at SUSE CVE-2023-53368 at NVD CVE-2023-53369 at SUSE CVE-2023-53369 at NVD CVE-2023-53370 at SUSE CVE-2023-53370 at NVD CVE-2023-53371 at SUSE CVE-2023-53371 at NVD CVE-2023-53374 at SUSE CVE-2023-53374 at NVD CVE-2023-53377 at SUSE CVE-2023-53377 at NVD CVE-2023-53379 at SUSE CVE-2023-53379 at NVD CVE-2023-53380 at SUSE CVE-2023-53380 at NVD CVE-2023-53384 at SUSE CVE-2023-53384 at NVD CVE-2023-53385 at SUSE CVE-2023-53385 at NVD CVE-2023-53386 at SUSE CVE-2023-53386 at NVD CVE-2023-53391 at SUSE CVE-2023-53391 at NVD CVE-2023-53394 at SUSE CVE-2023-53394 at NVD CVE-2023-53395 at SUSE CVE-2023-53395 at NVD CVE-2023-53397 at SUSE CVE-2023-53397 at NVD CVE-2023-53401 at SUSE CVE-2023-53401 at NVD CVE-2023-53420 at SUSE CVE-2023-53420 at NVD CVE-2023-53421 at SUSE CVE-2023-53421 at NVD CVE-2023-53424 at SUSE CVE-2023-53424 at NVD CVE-2023-53425 at SUSE CVE-2023-53425 at NVD CVE-2023-53426 at SUSE CVE-2023-53426 at NVD CVE-2023-53428 at SUSE CVE-2023-53428 at NVD CVE-2023-53429 at SUSE CVE-2023-53429 at NVD CVE-2023-53432 at SUSE CVE-2023-53432 at NVD CVE-2023-53436 at SUSE CVE-2023-53436 at NVD CVE-2023-53438 at SUSE CVE-2023-53438 at NVD CVE-2023-53441 at SUSE CVE-2023-53441 at NVD CVE-2023-53442 at SUSE CVE-2023-53442 at NVD CVE-2023-53444 at SUSE CVE-2023-53444 at NVD CVE-2023-53446 at SUSE CVE-2023-53446 at NVD CVE-2023-53447 at SUSE CVE-2023-53447 at NVD CVE-2023-53448 at SUSE CVE-2023-53448 at NVD CVE-2023-53451 at SUSE CVE-2023-53451 at NVD CVE-2023-53454 at SUSE CVE-2023-53454 at NVD CVE-2023-53456 at SUSE CVE-2023-53456 at NVD CVE-2023-53457 at SUSE CVE-2023-53457 at NVD CVE-2023-53461 at SUSE CVE-2023-53461 at NVD CVE-2023-53462 at SUSE CVE-2023-53462 at NVD CVE-2023-53463 at SUSE CVE-2023-53463 at NVD CVE-2023-53465 at SUSE CVE-2023-53465 at NVD CVE-2023-53472 at SUSE CVE-2023-53472 at NVD CVE-2023-53479 at SUSE CVE-2023-53479 at NVD CVE-2023-53480 at SUSE CVE-2023-53480 at NVD CVE-2023-53485 at SUSE CVE-2023-53485 at NVD CVE-2023-53487 at SUSE CVE-2023-53487 at NVD CVE-2023-53488 at SUSE CVE-2023-53488 at NVD CVE-2023-53490 at SUSE CVE-2023-53490 at NVD CVE-2023-53491 at SUSE CVE-2023-53491 at NVD CVE-2023-53492 at SUSE CVE-2023-53492 at NVD CVE-2023-53493 at SUSE CVE-2023-53493 at NVD CVE-2023-53495 at SUSE CVE-2023-53495 at NVD CVE-2023-53496 at SUSE CVE-2023-53496 at NVD CVE-2023-53500 at SUSE CVE-2023-53500 at NVD CVE-2023-53501 at SUSE CVE-2023-53501 at NVD CVE-2023-53504 at SUSE CVE-2023-53504 at NVD CVE-2023-53505 at SUSE CVE-2023-53505 at NVD CVE-2023-53507 at SUSE CVE-2023-53507 at NVD CVE-2023-53508 at SUSE CVE-2023-53508 at NVD CVE-2023-53510 at SUSE CVE-2023-53510 at NVD CVE-2023-53515 at SUSE CVE-2023-53515 at NVD CVE-2023-53516 at SUSE CVE-2023-53516 at NVD CVE-2023-53518 at SUSE CVE-2023-53518 at NVD CVE-2023-53519 at SUSE CVE-2023-53519 at NVD CVE-2023-53520 at SUSE CVE-2023-53520 at NVD CVE-2023-53523 at SUSE CVE-2023-53523 at NVD CVE-2023-53526 at SUSE CVE-2023-53526 at NVD CVE-2023-53527 at SUSE CVE-2023-53527 at NVD CVE-2023-53528 at SUSE CVE-2023-53528 at NVD CVE-2023-53530 at SUSE CVE-2023-53530 at NVD CVE-2023-53531 at SUSE CVE-2023-53531 at NVD CVE-2024-26584 at SUSE CVE-2024-26584 at NVD CVE-2024-58090 at SUSE CVE-2024-58090 at NVD CVE-2024-58240 at SUSE CVE-2024-58240 at NVD CVE-2025-22022 at SUSE CVE-2025-22022 at NVD CVE-2025-38119 at SUSE CVE-2025-38119 at NVD CVE-2025-38234 at SUSE CVE-2025-38234 at NVD CVE-2025-38255 at SUSE CVE-2025-38255 at NVD CVE-2025-38263 at SUSE CVE-2025-38263 at NVD CVE-2025-38351 at SUSE CVE-2025-38351 at NVD CVE-2025-38402 at SUSE CVE-2025-38402 at NVD CVE-2025-38408 at SUSE CVE-2025-38408 at NVD CVE-2025-38418 at SUSE CVE-2025-38418 at NVD CVE-2025-38419 at SUSE CVE-2025-38419 at NVD CVE-2025-38456 at SUSE CVE-2025-38456 at NVD CVE-2025-38465 at SUSE CVE-2025-38465 at NVD CVE-2025-38466 at SUSE CVE-2025-38466 at NVD CVE-2025-38488 at SUSE CVE-2025-38488 at NVD CVE-2025-38514 at SUSE CVE-2025-38514 at NVD CVE-2025-38526 at SUSE CVE-2025-38526 at NVD CVE-2025-38527 at SUSE CVE-2025-38527 at NVD CVE-2025-38533 at SUSE CVE-2025-38533 at NVD CVE-2025-38544 at SUSE CVE-2025-38544 at NVD CVE-2025-38556 at SUSE CVE-2025-38556 at NVD CVE-2025-38574 at SUSE CVE-2025-38574 at NVD CVE-2025-38584 at SUSE CVE-2025-38584 at NVD CVE-2025-38590 at SUSE CVE-2025-38590 at NVD CVE-2025-38593 at SUSE CVE-2025-38593 at NVD CVE-2025-38595 at SUSE CVE-2025-38595 at NVD CVE-2025-38597 at SUSE CVE-2025-38597 at NVD CVE-2025-38605 at SUSE CVE-2025-38605 at NVD CVE-2025-38614 at SUSE CVE-2025-38614 at NVD CVE-2025-38616 at SUSE CVE-2025-38616 at NVD CVE-2025-38622 at SUSE CVE-2025-38622 at NVD CVE-2025-38623 at SUSE CVE-2025-38623 at NVD CVE-2025-38639 at SUSE CVE-2025-38639 at NVD CVE-2025-38640 at SUSE CVE-2025-38640 at NVD CVE-2025-38643 at SUSE CVE-2025-38643 at NVD CVE-2025-38645 at SUSE CVE-2025-38645 at NVD CVE-2025-38659 at SUSE CVE-2025-38659 at NVD CVE-2025-38660 at SUSE CVE-2025-38660 at NVD CVE-2025-38664 at SUSE CVE-2025-38664 at NVD CVE-2025-38668 at SUSE CVE-2025-38668 at NVD CVE-2025-38676 at SUSE CVE-2025-38676 at NVD CVE-2025-38678 at SUSE CVE-2025-38678 at NVD CVE-2025-38679 at SUSE CVE-2025-38679 at NVD CVE-2025-38680 at SUSE CVE-2025-38680 at NVD CVE-2025-38681 at SUSE CVE-2025-38681 at NVD CVE-2025-38683 at SUSE CVE-2025-38683 at NVD CVE-2025-38684 at SUSE CVE-2025-38684 at NVD CVE-2025-38685 at SUSE CVE-2025-38685 at NVD CVE-2025-38687 at SUSE CVE-2025-38687 at NVD CVE-2025-38691 at SUSE CVE-2025-38691 at NVD CVE-2025-38692 at SUSE CVE-2025-38692 at NVD CVE-2025-38693 at SUSE CVE-2025-38693 at NVD CVE-2025-38694 at SUSE CVE-2025-38694 at NVD CVE-2025-38695 at SUSE CVE-2025-38695 at NVD CVE-2025-38697 at SUSE CVE-2025-38697 at NVD CVE-2025-38698 at SUSE CVE-2025-38698 at NVD CVE-2025-38701 at SUSE CVE-2025-38701 at NVD CVE-2025-38702 at SUSE CVE-2025-38702 at NVD CVE-2025-38705 at SUSE CVE-2025-38705 at NVD CVE-2025-38706 at SUSE CVE-2025-38706 at NVD CVE-2025-38709 at SUSE CVE-2025-38709 at NVD CVE-2025-38712 at SUSE CVE-2025-38712 at NVD CVE-2025-38713 at SUSE CVE-2025-38713 at NVD CVE-2025-38714 at SUSE CVE-2025-38714 at NVD CVE-2025-38715 at SUSE CVE-2025-38715 at NVD CVE-2025-38721 at SUSE CVE-2025-38721 at NVD CVE-2025-38722 at SUSE CVE-2025-38722 at NVD CVE-2025-38724 at SUSE CVE-2025-38724 at NVD CVE-2025-38725 at SUSE CVE-2025-38725 at NVD CVE-2025-38727 at SUSE CVE-2025-38727 at NVD CVE-2025-38729 at SUSE CVE-2025-38729 at NVD CVE-2025-38730 at SUSE CVE-2025-38730 at NVD CVE-2025-38732 at SUSE CVE-2025-38732 at NVD CVE-2025-38734 at SUSE CVE-2025-38734 at NVD CVE-2025-38735 at SUSE CVE-2025-38735 at NVD CVE-2025-38736 at SUSE CVE-2025-38736 at NVD CVE-2025-39675 at SUSE CVE-2025-39675 at NVD CVE-2025-39677 at SUSE CVE-2025-39677 at NVD CVE-2025-39678 at SUSE CVE-2025-39678 at NVD CVE-2025-39679 at SUSE CVE-2025-39679 at NVD CVE-2025-39681 at SUSE CVE-2025-39681 at NVD CVE-2025-39682 at SUSE CVE-2025-39682 at NVD CVE-2025-39684 at SUSE CVE-2025-39684 at NVD CVE-2025-39685 at SUSE CVE-2025-39685 at NVD CVE-2025-39686 at SUSE CVE-2025-39686 at NVD CVE-2025-39691 at SUSE CVE-2025-39691 at NVD CVE-2025-39693 at SUSE CVE-2025-39693 at NVD CVE-2025-39694 at SUSE CVE-2025-39694 at NVD CVE-2025-39701 at SUSE CVE-2025-39701 at NVD CVE-2025-39703 at SUSE CVE-2025-39703 at NVD CVE-2025-39705 at SUSE CVE-2025-39705 at NVD CVE-2025-39706 at SUSE CVE-2025-39706 at NVD CVE-2025-39709 at SUSE CVE-2025-39709 at NVD CVE-2025-39710 at SUSE CVE-2025-39710 at NVD CVE-2025-39713 at SUSE CVE-2025-39713 at NVD CVE-2025-39714 at SUSE CVE-2025-39714 at NVD CVE-2025-39718 at SUSE CVE-2025-39718 at NVD CVE-2025-39719 at SUSE CVE-2025-39719 at NVD CVE-2025-39721 at SUSE CVE-2025-39721 at NVD CVE-2025-39724 at SUSE CVE-2025-39724 at NVD CVE-2025-39726 at SUSE CVE-2025-39726 at NVD CVE-2025-39730 at SUSE CVE-2025-39730 at NVD CVE-2025-39732 at SUSE CVE-2025-39732 at NVD CVE-2025-39738 at SUSE CVE-2025-39738 at NVD CVE-2025-39739 at SUSE CVE-2025-39739 at NVD CVE-2025-39742 at SUSE CVE-2025-39742 at NVD CVE-2025-39743 at SUSE CVE-2025-39743 at NVD CVE-2025-39744 at SUSE CVE-2025-39744 at NVD CVE-2025-39746 at SUSE CVE-2025-39746 at NVD CVE-2025-39749 at SUSE CVE-2025-39749 at NVD CVE-2025-39750 at SUSE CVE-2025-39750 at NVD CVE-2025-39751 at SUSE CVE-2025-39751 at NVD CVE-2025-39754 at SUSE CVE-2025-39754 at NVD CVE-2025-39757 at SUSE CVE-2025-39757 at NVD CVE-2025-39758 at SUSE CVE-2025-39758 at NVD CVE-2025-39759 at SUSE CVE-2025-39759 at NVD CVE-2025-39760 at SUSE CVE-2025-39760 at NVD CVE-2025-39761 at SUSE CVE-2025-39761 at NVD CVE-2025-39763 at SUSE CVE-2025-39763 at NVD CVE-2025-39764 at SUSE CVE-2025-39764 at NVD CVE-2025-39766 at SUSE CVE-2025-39766 at NVD CVE-2025-39770 at SUSE CVE-2025-39770 at NVD CVE-2025-39772 at SUSE CVE-2025-39772 at NVD CVE-2025-39773 at SUSE CVE-2025-39773 at NVD CVE-2025-39782 at SUSE CVE-2025-39782 at NVD CVE-2025-39783 at SUSE CVE-2025-39783 at NVD CVE-2025-39787 at SUSE CVE-2025-39787 at NVD CVE-2025-39790 at SUSE CVE-2025-39790 at NVD CVE-2025-39797 at SUSE CVE-2025-39797 at NVD CVE-2025-39798 at SUSE CVE-2025-39798 at NVD CVE-2025-39800 at SUSE CVE-2025-39800 at NVD CVE-2025-39801 at SUSE CVE-2025-39801 at NVD CVE-2025-39806 at SUSE CVE-2025-39806 at NVD CVE-2025-39808 at SUSE CVE-2025-39808 at NVD CVE-2025-39810 at SUSE CVE-2025-39810 at NVD CVE-2025-39823 at SUSE CVE-2025-39823 at NVD CVE-2025-39824 at SUSE CVE-2025-39824 at NVD CVE-2025-39825 at SUSE CVE-2025-39825 at NVD CVE-2025-39826 at SUSE CVE-2025-39826 at NVD CVE-2025-39827 at SUSE CVE-2025-39827 at NVD CVE-2025-39832 at SUSE CVE-2025-39832 at NVD CVE-2025-39833 at SUSE CVE-2025-39833 at NVD CVE-2025-39835 at SUSE CVE-2025-39835 at NVD CVE-2025-39838 at SUSE CVE-2025-39838 at NVD CVE-2025-39839 at SUSE CVE-2025-39839 at NVD CVE-2025-39842 at SUSE CVE-2025-39842 at NVD CVE-2025-39844 at SUSE CVE-2025-39844 at NVD CVE-2025-39845 at SUSE CVE-2025-39845 at NVD CVE-2025-39846 at SUSE CVE-2025-39846 at NVD CVE-2025-39847 at SUSE CVE-2025-39847 at NVD CVE-2025-39848 at SUSE CVE-2025-39848 at NVD CVE-2025-39849 at SUSE CVE-2025-39849 at NVD CVE-2025-39850 at SUSE CVE-2025-39850 at NVD CVE-2025-39853 at SUSE CVE-2025-39853 at NVD CVE-2025-39854 at SUSE CVE-2025-39854 at NVD CVE-2025-39857 at SUSE CVE-2025-39857 at NVD CVE-2025-39860 at SUSE CVE-2025-39860 at NVD CVE-2025-39861 at SUSE CVE-2025-39861 at NVD CVE-2025-39863 at SUSE CVE-2025-39863 at NVD CVE-2025-39864 at SUSE CVE-2025-39864 at NVD CVE-2025-39865 at SUSE CVE-2025-39865 at NVD CVE-2025-39869 at SUSE CVE-2025-39869 at NVD CVE-2025-39870 at SUSE CVE-2025-39870 at NVD CVE-2025-39871 at SUSE CVE-2025-39871 at NVD CVE-2025-39873 at SUSE CVE-2025-39873 at NVD CVE-2025-39882 at SUSE CVE-2025-39882 at NVD CVE-2025-39885 at SUSE CVE-2025-39885 at NVD CVE-2025-39889 at SUSE CVE-2025-39889 at NVD CVE-2025-39891 at SUSE CVE-2025-39891 at NVD CVE-2025-39907 at SUSE CVE-2025-39907 at NVD CVE-2025-39920 at SUSE CVE-2025-39920 at NVD CVE-2025-39923 at SUSE CVE-2025-39923 at NVD CVE-2025-39925 at SUSE CVE-2025-39925 at NVD CVE-2025-40300 at SUSE CVE-2025-40300 at NVD cpe:/o:opensuse:leap:15.6 Security update for libsoup (Important) openSUSE Leap 15.6 This update for libsoup fixes the following issues: - CVE-2025-11021: Ignored invalid date when processing cookies to prevent out-of-bounds read (bsc#1250562). Important SUSE bug 1250562 CVE-2025-11021 at SUSE CVE-2025-11021 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Authlib (Important) openSUSE Leap 15.6 This update for python-Authlib fixes the following issues: - CVE-2025-61920: limited the size of the header to prevent DoS (bsc#1251921). Important SUSE bug 1251921 CVE-2025-61920 at SUSE CVE-2025-61920 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaFirefox (Important) openSUSE Leap 15.6 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.4.0 ESR (bsc#1251263). - CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance() - CVE-2025-11709: Out of bounds read/write in a privileged process triggered by WebGL textures - CVE-2025-11710: Cross-process information leaked due to malicious IPC messages - CVE-2025-11711: Some non-writable Object properties could be modified - CVE-2025-11712: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type - CVE-2025-11713: Potential user-assisted code execution in “Copy as cURL” command - CVE-2025-11714: Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 - CVE-2025-11715: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 Important SUSE bug 1251263 CVE-2025-11708 at SUSE CVE-2025-11708 at NVD CVE-2025-11709 at SUSE CVE-2025-11709 at NVD CVE-2025-11710 at SUSE CVE-2025-11710 at NVD CVE-2025-11711 at SUSE CVE-2025-11711 at NVD CVE-2025-11712 at SUSE CVE-2025-11712 at NVD CVE-2025-11713 at SUSE CVE-2025-11713 at NVD CVE-2025-11714 at SUSE CVE-2025-11714 at NVD CVE-2025-11715 at SUSE CVE-2025-11715 at NVD cpe:/o:opensuse:leap:15.6 Security update for ruby2.5 (Moderate) openSUSE Leap 15.6 This update for ruby2.5 fixes the following issues: - CVE-2025-24294: resolv: insufficient checks on the length of a decompressed domain name when processing a DNS packet can lead to a denial of service due to excessive resource consumption (bsc#1246430). Moderate SUSE bug 1246430 CVE-2025-24294 at SUSE CVE-2025-24294 at NVD cpe:/o:opensuse:leap:15.6 Security update for poppler (Important) openSUSE Leap 15.6 This update for poppler fixes the following issues: - CVE-2025-43718: fixed uncontrolled recursion in the regex-based metadata parser when processing specially crafted PDF files (bsc#1250908) - CVE-2025-52885: improved pointer handling that could have led to dangling pointers when the vector is resized (bsc#1251940) Important SUSE bug 1250908 SUSE bug 1251940 CVE-2025-43718 at SUSE CVE-2025-43718 at NVD CVE-2025-52885 at SUSE CVE-2025-52885 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-python-socketio (Moderate) openSUSE Leap 15.6 This update for python-python-socketio fixes the following issues: - CVE-2025-61765: fixed by using json, rather than pickle for serialization (bsc#1251193) Moderate SUSE bug 1251193 CVE-2025-61765 at SUSE CVE-2025-61765 at NVD cpe:/o:opensuse:leap:15.6 Security update for podman (Important) openSUSE Leap 15.6 This update for podman fixes the following issues: - CVE-2025-9566: fixed a case when kube play command could overwrite host files (bsc#1249154). Important SUSE bug 1249154 CVE-2025-9566 at SUSE CVE-2025-9566 at NVD cpe:/o:opensuse:leap:15.6 Security update for p7zip (Moderate) openSUSE Leap 15.6 This update for p7zip fixes the following issues: - CVE-2022-47069: heap buffer overflow in `ZipIn.cpp` file (bsc#1209648). - CVE-2025-53817: null pointer dereference may lead to denial of service (bsc#1246707). Moderate SUSE bug 1209648 SUSE bug 1246707 CVE-2022-47069 at SUSE CVE-2022-47069 at NVD CVE-2023-1576 at SUSE CVE-2023-1576 at NVD CVE-2025-53817 at SUSE CVE-2025-53817 at NVD cpe:/o:opensuse:leap:15.6 Security update for chrony (Moderate) openSUSE Leap 15.6 This update for chrony fixes the following issues: - Race condition during socket creation by chronyc allows privilege escalation from user chrony to root (bsc#1246544). This update also ships chrony-pool-empty to SLE Micro 5.x (jsc#SMO-587) Moderate SUSE bug 1246544 cpe:/o:opensuse:leap:15.6 Security update for xen (Important) openSUSE Leap 15.6 This update for xen fixes the following issues: - CVE-2025-58147, CVE-2025-58148: Fixed incorrect input sanitisation in Viridian hypercalls (bsc#1251271, XSA-475) - CVE-2025-27466, CVE-2025-58142, CVE-2025-58143: Fixed mutiple vulnerabilities in the Viridian interface (bsc#1248807, XSA-472) Important SUSE bug 1027519 SUSE bug 1248807 SUSE bug 1251271 CVE-2025-27466 at SUSE CVE-2025-27466 at NVD CVE-2025-58142 at SUSE CVE-2025-58142 at NVD CVE-2025-58143 at SUSE CVE-2025-58143 at NVD CVE-2025-58147 at SUSE CVE-2025-58147 at NVD CVE-2025-58148 at SUSE CVE-2025-58148 at NVD cpe:/o:opensuse:leap:15.6 Security update for mozilla-nss (Important) openSUSE Leap 15.6 This update for mozilla-nss fixes the following issues: - Move NSS DB password hash away from SHA-1 Update to NSS 3.112.2: * Prevent leaks during pkcs12 decoding. * SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates Update to NSS 3.112.1: * restore support for finding certificates by decoded serial number. Important SUSE bug 1251263 CVE-2025-9187 at SUSE CVE-2025-9187 at NVD cpe:/o:opensuse:leap:15.6 Security update for erlang (Important) openSUSE Leap 15.6 This update for erlang fixes the following issues: - CVE-2025-48041: fixed erlang exhaustion of file handles in SSH (bsc#1249473) Important SUSE bug 1249473 CVE-2025-48041 at SUSE CVE-2025-48041 at NVD cpe:/o:opensuse:leap:15.6 Security update for rabbitmq-server (Moderate) openSUSE Leap 15.6 This update for rabbitmq-server fixes the following issues: - CVE-2025-50200: prevented logging of Basic Auth header from HTTP requests (bsc#1245105) - fixed a bad logrotate configuration that allowed escalation from rabbitmq to root, /var/log/rabbitmq ownership is now 750 (bsc#1246091) Moderate SUSE bug 1245105 SUSE bug 1246091 CVE-2025-50200 at SUSE CVE-2025-50200 at NVD cpe:/o:opensuse:leap:15.6 Security update for wireshark (Moderate) openSUSE Leap 15.6 This update for wireshark fixes the following issues: - CVE-2025-11626: fixed MONGO dissector infinite loop (bsc#1251933). Moderate SUSE bug 1251933 CVE-2025-11626 at SUSE CVE-2025-11626 at NVD cpe:/o:opensuse:leap:15.6 Security update for cmake (Low) openSUSE Leap 15.6 This update for cmake fixes the following issues: - CVE-2025-9301: Fixed assertion failure due to improper validation (bsc#1248461) Low SUSE bug 1248461 CVE-2025-9301 at SUSE CVE-2025-9301 at NVD cpe:/o:opensuse:leap:15.6 Security update for podman (Important) openSUSE Leap 15.6 This update for podman fixes the following issues: - CVE-2024-11218: Fixed a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. (bsc#1236270) Important SUSE bug 1236270 CVE-2024-11218 at SUSE CVE-2024-11218 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Authlib (Moderate) openSUSE Leap 15.6 This update for python-Authlib fixes the following issues: - CVE-2025-62706: fixed a denial of service condition (bsc#1252504, gh#authlib/authlib@e0863d512931) Moderate SUSE bug 1252504 CVE-2025-62706 at SUSE CVE-2025-62706 at NVD cpe:/o:opensuse:leap:15.6 Security update for ImageMagick (Moderate) openSUSE Leap 15.6 This update for ImageMagick fixes the following issues: - CVE-2025-62171: Fixed incomplete fix for integer overflow in BMP Decoder (bsc#1252282). Moderate SUSE bug 1252282 CVE-2025-62171 at SUSE CVE-2025-62171 at NVD cpe:/o:opensuse:leap:15.6 Security update for fetchmail (Moderate) openSUSE Leap 15.6 This update for fetchmail fixes the following issues: - CVE-2025-61962: fixed a denial of service condition (bsc#1251194) Moderate SUSE bug 1251194 CVE-2025-61962 at SUSE CVE-2025-61962 at NVD cpe:/o:opensuse:leap:15.6 Security update for strongswan (Important) openSUSE Leap 15.6 This update for strongswan fixes the following issues: - CVE-2025-62291: fixed buffer overflow when handling EAP-MSCHAPv2 failure requests (bsc#1251941) Important SUSE bug 1251941 CVE-2025-62291 at SUSE CVE-2025-62291 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-21-openjdk (Important) openSUSE Leap 15.6 This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.9+10 (October 2025 CPU): - CVE-2025-53057: Fixed unauthenticated attacker can achieve unauthorized creation, deletion or modification access to critical data (bsc#1252414). - CVE-2025-53066: Fixed unauthenticated attacker can achive unauthorized access to critical data or complete access (bsc#1252417). - CVE-2025-61748: Fixed unauthenticated attacker can achive unauthorized update, insert or delete access to some resources (bsc#1252418). Other bug fixes: - Do not embed rebuild counter (bsc#1246806) Important SUSE bug 1246806 SUSE bug 1252414 SUSE bug 1252417 SUSE bug 1252418 CVE-2025-53057 at SUSE CVE-2025-53057 at NVD CVE-2025-53066 at SUSE CVE-2025-53066 at NVD CVE-2025-61748 at SUSE CVE-2025-61748 at NVD cpe:/o:opensuse:leap:15.6 Security update for python39 (Moderate) openSUSE Leap 15.6 This update for python39 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) Moderate SUSE bug 1236705 CVE-2025-0938 at SUSE CVE-2025-0938 at NVD cpe:/o:opensuse:leap:15.6 Security update for xwayland (Important) openSUSE Leap 15.6 This update for xwayland fixes the following issues: - Fixed use-after-free in XPresentNotify structures creation (CVE-2025-62229, bsc#1251958) - Fixed use-after-free in Xkb client resource removal (CVE-2025-62230, bsc#1251959) - Fixed value overflow in Xkb extension XkbSetCompatMap() (CVE-2025-62231, bsc#1251960) Important SUSE bug 1251958 SUSE bug 1251959 SUSE bug 1251960 CVE-2025-62229 at SUSE CVE-2025-62229 at NVD CVE-2025-62230 at SUSE CVE-2025-62230 at NVD CVE-2025-62231 at SUSE CVE-2025-62231 at NVD cpe:/o:opensuse:leap:15.6 Security update for xorg-x11-server (Important) openSUSE Leap 15.6 This update for xorg-x11-server fixes the following issues: - Fixed use-after-free in XPresentNotify structures creation (CVE-2025-62229, bsc#1251958) - Fixed use-after-free in Xkb client resource removal (CVE-2025-62230, bsc#1251959) - Fixed value overflow in Xkb extension XkbSetCompatMap() (CVE-2025-62231, bsc#1251960) Important SUSE bug 1251958 SUSE bug 1251959 SUSE bug 1251960 CVE-2025-62229 at SUSE CVE-2025-62229 at NVD CVE-2025-62230 at SUSE CVE-2025-62230 at NVD CVE-2025-62231 at SUSE CVE-2025-62231 at NVD cpe:/o:opensuse:leap:15.6 Security update for libxslt (Important) openSUSE Leap 15.6 This update for libxslt fixes the following issues: - CVE-2025-11731: fixed a type confusion in exsltFuncResultComp function leading to denial of service (bsc#1251979) - CVE-2025-10911: last fix caused a regression, patch was temporary disabled (bsc#1250553) Important SUSE bug 1250553 SUSE bug 1251979 CVE-2025-10911 at SUSE CVE-2025-10911 at NVD CVE-2025-11731 at SUSE CVE-2025-11731 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.22 (Moderate) openSUSE Leap 15.6 This update for go1.22 fixes the following issues: - CVE-2025-22866: Fixed timing sidechannel for P-256 on ppc64le (bsc#1236801). Bug fixes: - go1.22 release tracking (bsc#1218424) Moderate SUSE bug 1218424 SUSE bug 1236801 CVE-2025-22866 at SUSE CVE-2025-22866 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.23 (Moderate) openSUSE Leap 15.6 This update for go1.23 fixes the following issues: - CVE-2025-22866: Fixed timing sidechannel for P-256 on ppc64le (bsc#1236801). Bug fixes: - go1.23 release tracking (bsc#1229122) Moderate SUSE bug 1229122 SUSE bug 1236801 CVE-2025-22866 at SUSE CVE-2025-22866 at NVD cpe:/o:opensuse:leap:15.6 Security update for sccache (Moderate) openSUSE Leap 15.6 This update for sccache fixes the following issues: - CVE-2025-55159 - updated slab with the uninit memory access fix (bsc#1248003) Moderate SUSE bug 1248003 CVE-2025-55159 at SUSE CVE-2025-55159 at NVD cpe:/o:opensuse:leap:15.6 Security update for openjpeg (Moderate) openSUSE Leap 15.6 This update for openjpeg fixes the following issues: - CVE-2023-39327: Fixed that malicious files can cause a large loop that continuously prints warning messages on the terminal (bsc#1227410). Other bug fixes: - Ensure no bundled libraries are used (bsc#1250467). Moderate SUSE bug 1227410 SUSE bug 1250467 CVE-2023-39327 at SUSE CVE-2023-39327 at NVD cpe:/o:opensuse:leap:15.6 Security update for jasper (Moderate) openSUSE Leap 15.6 This update for jasper fixes the following issues: - Update to 4.2.8: - CVE-2025-8837: Fixed a bug in the JPC decoder that could cause bad memory accesses if the debug level is set sufficiently high (bsc#1247901). - CVE-2025-8836: Added some missing range checking on several coding parameters in the JPC encoder (bsc#1247902). - CVE-2025-8835: Added a check for a missing color component in the jas_image_chclrspc function (bsc#1247904). - CVE-2023-51257: Fixed invalid memory write bug (bsc#1218802). Moderate SUSE bug 1218802 SUSE bug 1247901 SUSE bug 1247902 SUSE bug 1247904 CVE-2023-51257 at SUSE CVE-2023-51257 at NVD CVE-2025-8835 at SUSE CVE-2025-8835 at NVD CVE-2025-8836 at SUSE CVE-2025-8836 at NVD CVE-2025-8837 at SUSE CVE-2025-8837 at NVD cpe:/o:opensuse:leap:15.6 Security update for colord (Moderate) openSUSE Leap 15.6 This update for colord fixes the following issues: - CVE-2021-42523: The original fix was wrong and did not properly free the error, resulting in a crash that has now been addressed (bsc#1250750). Moderate SUSE bug 1250750 CVE-2021-42523 at SUSE CVE-2021-42523 at NVD cpe:/o:opensuse:leap:15.6 Security update for runc (Important) openSUSE Leap 15.6 This update for runc fixes the following issues: - CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252232). - CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252232). - CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252232). Update to runc v1.2.7. - Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.2.7> Important SUSE bug 1252232 CVE-2025-31133 at SUSE CVE-2025-31133 at NVD CVE-2025-52565 at SUSE CVE-2025-52565 at NVD CVE-2025-52881 at SUSE CVE-2025-52881 at NVD cpe:/o:opensuse:leap:15.6 Security update for aws-efs-utils (Moderate) openSUSE Leap 15.6 This update for aws-efs-utils fixes the following issues: Update to version 2.3.3 (bsc#1240044). Security issues fixed: - CVE-2025-55159: slab: incorrect bounds check in `get_disjoint_mut` function can lead to potential crash due to out-of-bounds access (bsc#1248055). - CVE-2020-35881: traitobject: log4rs: out-of-bounds write due to fat pointer layout assumptions (bsc#1249851). Other issues fixed: - Build and install efs-proxy binary (bsc#1240044). - Fixed in version 2.3.3: * Add environment variable support for AWS profiles and regions * Regenerate Cargo.lock with rust 1.70.0 * Update circle-ci config * Fix AWS Env Variable Test and Code Style Issue * Remove CentOS 8 and Ubuntu 16.04 from verified Linux distribution list - Fixed in version 2.3.2: * Update version in amazon-efs-utils.spec to 2.3.1 * Fix incorrect package version - Fixed in version 2.3.1: * Fix backtrace version to resolve ubuntu and rhel build issues * Pin Cargo.lock to avoid unexpected error across images - Fixed in version 2.3.0: * Add support for pod-identity credentials in the credentials chain * Enable mounting with IPv6 when using with the 'stunnel' mount option - Fixed in version 2.2.1: * Update log4rs - Fixed in version 2.2.0 * Use region-specific domain suffixes for dns endpoints where missing * Merge PR #211 - Amend Debian control to use binary architecture - Fixed in version 2.1.0 * Add mount option for specifying region * Add new ISO regions to config file - Fixed in version 2.0.4 * Add retry logic to and increase timeout for EC2 metadata token retrieval requests - Fixed in version 2.0.3: * Upgrade py version * Replace deprecated usage of datetime - Fixed in version 2.0.2 * Check for efs-proxy PIDs when cleaning tunnel state files * Add PID to log entries - Fxied in version 2.0.1 * Disable Nagle's algorithm for efs-proxy TLS mounts to improve latencies - Fixed in version 2.0.0: * Replace stunnel, which provides TLS encryptions for mounts, with efs-proxy, a component built in-house at AWS. Efs-proxy lays the foundation for upcoming feature launches at EFS. - Fixed in version 1.36.0: * Support new mount option: crossaccount, conduct cross account mounts via ip address. Use client AZ-ID to choose mount target. - Fixed in version 1.35.2: * Revert 'Add warning if using older Version' * Support MacOS Sonoma - Fixed in version 1.35.1: * Revert openssl requirement change * Revert 'Update EFS Documentation: Clarify Current FIPS Compliance Status' * Update EFS Documentation: Clarify Current FIPS Compliance Status * test: Change repo urls in eol debian9 build * Check private key file size to skip generation * test: Fix pytest that failed since commit 3dd89ca * Fix should_check_efs_utils_version scope * Add warning if using old version * Add 'fsap' option as EFS-only option - Fixed in version 1.35.0: * Add parameters to allow mount fo pod impersonation feature in EFS CSI Driver * Updated the README with support of Oracle8 distribution * Readme troubleshooting section + table of contents * Add efs-utils Support for MacOS Ventura EC2 instances Moderate SUSE bug 1240044 SUSE bug 1248055 SUSE bug 1249851 CVE-2020-35881 at SUSE CVE-2020-35881 at NVD CVE-2025-55159 at SUSE CVE-2025-55159 at NVD cpe:/o:opensuse:leap:15.6 Security update for tiff (Important) openSUSE Leap 15.6 This update for tiff fixes the following issues: Update to 4.7.1: - CVE-2025-8851: Fixed stack-based buffer overflow (bsc#1248278). - CVE-2025-9900: Fixed write-what-where via TIFFReadRGBAImageOriented (bsc#1250413). Important SUSE bug 1248278 SUSE bug 1250413 CVE-2025-8851 at SUSE CVE-2025-8851 at NVD CVE-2025-9900 at SUSE CVE-2025-9900 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-1_8_0-ibm (Important) openSUSE Leap 15.6 This update for java-1_8_0-ibm fixes the following issues: - CVE-2025-53057: Fixed an issue where an unauthenticated attacker can achieve unauthorized creation, deletion or modification access to critical data (bsc#1252414) - CVE-2025-53066: Fixed an issue where an unauthenticated attacker can achieve unauthorized access to critical data or complete access (bsc#1252417) - CVE-2025-61748: Fixed an issue where an unauthenticated attacker can achieve unauthorized update, insert or delete access to some resources (bsc#1252418) Important SUSE bug 1252414 SUSE bug 1252417 SUSE bug 1252418 SUSE bug 1252758 CVE-2025-53057 at SUSE CVE-2025-53057 at NVD CVE-2025-53066 at SUSE CVE-2025-53066 at NVD CVE-2025-61748 at SUSE CVE-2025-61748 at NVD cpe:/o:opensuse:leap:15.6 Security update for ImageMagick (Moderate) openSUSE Leap 15.6 This update for ImageMagick fixes the following issues: - CVE-2025-62594: Fixed unsigned underflow and division-by-zero that can lead to OOB pointer arithmetic and process crash. (bsc#1252749) Moderate SUSE bug 1252749 CVE-2025-62594 at SUSE CVE-2025-62594 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-11-openjdk (Important) openSUSE Leap 15.6 This update for java-11-openjdk fixes the following issues: Upgrade to upstream tag jdk-11.0.29+7 (October 2025 CPU): - CVE-2025-53057: Fixed unauthenticated attacker can achieve unauthorized creation, deletion or modification access to critical data (bsc#1252414). - CVE-2025-53066: Fixed unauthenticated attacker can achive unauthorized access to critical data or complete access (bsc#1252417). Other bug fixes: - Do not embed rebuild counter (bsc#1246806) Important SUSE bug 1246806 SUSE bug 1252414 SUSE bug 1252417 CVE-2025-53057 at SUSE CVE-2025-53057 at NVD CVE-2025-53066 at SUSE CVE-2025-53066 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-17-openjdk (Important) openSUSE Leap 15.6 This update for java-17-openjdk fixes the following issues: Upgrade to upstream tag jdk-17.0.17+10 (October 2025 CPU): - CVE-2025-53057: Fixed unauthenticated attacker can achieve unauthorized creation, deletion or modification access to critical data (bsc#1252414). - CVE-2025-53066: Fixed unauthenticated attacker can achive unauthorized access to critical data or complete access (bsc#1252417). Other bug fixes: - Do not embed rebuild counter (bsc#1246806) Important SUSE bug 1246806 SUSE bug 1252414 SUSE bug 1252417 CVE-2025-53057 at SUSE CVE-2025-53057 at NVD CVE-2025-53066 at SUSE CVE-2025-53066 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-1_8_0-openj9 (Important) openSUSE Leap 15.6 This update for java-1_8_0-openj9 fixes the following issues: Update to OpenJDK 8u472 build 08 with OpenJDK 0.56.0 virtual machine (including Oracle October 2025 CPU changes): - CVE-2025-53057: Fixed unauthenticated attacker achieving unauthorized access to critical data or complete access (bsc#1252414) - CVE-2025-53066: Fixed unauthenticated attacker achieving unauthorized creation, deletion or modification access to critical data (bsc#1252417) Important SUSE bug 1252414 SUSE bug 1252417 CVE-2025-53057 at SUSE CVE-2025-53057 at NVD CVE-2025-53066 at SUSE CVE-2025-53066 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaThunderbird (Important) openSUSE Leap 15.6 This update for MozillaThunderbird fixes the following issue: Mozilla Thunderbird is updated to 140.4. * changed: Account Hub is now disabled by default for second email account (bmo#1992027) * changed: Flatpak runtime has been updated to Freedesktop SDK 24.08 (bmo#1952100) * fixed: Users could not read mail signed with OpenPGP v6 and PQC keys (bmo#1986845) * fixed: Image preview in Insert Image dialog failed with CSP error for web resources (bmo#1989392) * fixed: Emptying trash on exit did not work with some providers (bmo#1975147) * fixed: Thunderbird could crash when applying filters (bmo#1987880) * fixed: Users were unable to override expired mail server certificate (bmo#1979323) * fixed: Opening Website header link in RSS feed incorrectly re-encoded URL parameters (bmo#1971035) Security fixes: MFSA 2025-85 (bsc#1251263): * CVE-2025-11708 (bmo#1988931) Use-after-free in MediaTrackGraphImpl::GetInstance() * CVE-2025-11709 (bmo#1989127) Out of bounds read/write in a privileged process triggered by WebGL textures * CVE-2025-11710 (bmo#1989899) Cross-process information leaked due to malicious IPC messages * CVE-2025-11711 (bmo#1989978) Some non-writable Object properties could be modified * CVE-2025-11712 (bmo#1979536) An OBJECT tag type attribute overrode browser behavior on web resources without a content-type * CVE-2025-11713 (bmo#1986142) Potential user-assisted code execution in “Copy as cURL” command * CVE-2025-11714 (bmo#1973699, bmo#1989945, bmo#1990970, bmo#1991040, bmo#1992113) Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 * CVE-2025-11715 (bmo#1983838, bmo#1987624, bmo#1988244, bmo#1988912, bmo#1989734, bmo#1990085, bmo#1991899) Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 Important SUSE bug 1251263 SUSE bug 1952100 SUSE bug 1973699 SUSE bug 1975147 SUSE bug 1979323 SUSE bug 1979536 SUSE bug 1983838 SUSE bug 1986142 SUSE bug 1986845 SUSE bug 1987624 SUSE bug 1987880 SUSE bug 1988244 SUSE bug 1988912 SUSE bug 1988931 SUSE bug 1989127 SUSE bug 1989392 SUSE bug 1989734 SUSE bug 1989899 SUSE bug 1989945 SUSE bug 1989978 SUSE bug 1990085 SUSE bug 1990970 SUSE bug 1991040 SUSE bug 1991899 SUSE bug 1992027 SUSE bug 1992113 CVE-2025-11708 at SUSE CVE-2025-11708 at NVD CVE-2025-11709 at SUSE CVE-2025-11709 at NVD CVE-2025-11710 at SUSE CVE-2025-11710 at NVD CVE-2025-11711 at SUSE CVE-2025-11711 at NVD CVE-2025-11712 at SUSE CVE-2025-11712 at NVD CVE-2025-11713 at SUSE CVE-2025-11713 at NVD CVE-2025-11714 at SUSE CVE-2025-11714 at NVD CVE-2025-11715 at SUSE CVE-2025-11715 at NVD cpe:/o:opensuse:leap:15.6 Security update for crypto-policies, krb5 (Moderate) openSUSE Leap 15.6 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. Moderate SUSE bug 1236619 CVE-2025-24528 at SUSE CVE-2025-24528 at NVD cpe:/o:opensuse:leap:15.6 Security update for squid (Important) openSUSE Leap 15.6 This update for squid fixes the following issues: - CVE-2025-62168: Fixed failure to redact HTTP authentication credentials in error handling leading to information disclosure (bsc#1252281) Important SUSE bug 1252281 CVE-2025-62168 at SUSE CVE-2025-62168 at NVD cpe:/o:opensuse:leap:15.6 Security update for erlang26 (Important) openSUSE Leap 15.6 This update for erlang26 fixes the following issues: - CVE-2025-48041: Fixed exhaustion of file handles in ssh (bsc#1249473) Important SUSE bug 1249473 CVE-2025-48041 at SUSE CVE-2025-48041 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-1_8_0-openjdk (Important) openSUSE Leap 15.6 This update for java-1_8_0-openjdk fixes the following issues: Update to version jdk8u472 (icedtea-3.37.0): - CVE-2025-53057: Fixed certificate handling leading to unauthorized creation, deletion or modification access to critical data (bsc#1252414) - CVE-2025-53066: Fixed Path factories leading to unauthorized access to critical data or complete access (bsc#1252417) Important SUSE bug 1252414 SUSE bug 1252417 CVE-2025-53057 at SUSE CVE-2025-53057 at NVD CVE-2025-53066 at SUSE CVE-2025-53066 at NVD cpe:/o:opensuse:leap:15.6 Security update for rsync (Moderate) openSUSE Leap 15.6 This update for rsync fixes the following issues: - Bump rsync protocol version to 32 to show server is patched against recent vulnerabilities. Moderate SUSE bug 1233760 cpe:/o:opensuse:leap:15.6 Security update for MozillaThunderbird (Important) openSUSE Leap 15.6 This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.7 (MFSA 2025-10, bsc#1236539). Security fixes: - CVE-2025-1009: use-after-free in XSLT. - CVE-2025-1010: use-after-free in Custom Highlight. - CVE-2025-1011: a bug in WebAssembly code generation could result in a crash. - CVE-2025-1012: use-after-free during concurrent delazification. - CVE-2024-11704: potential double-free vulnerability in PKCS#7 decryption handling. - CVE-2025-1013: potential opening of private browsing tabs in normal browsing windows. - CVE-2025-1014: certificate length was not properly checked. - CVE-2025-1015: unsanitized address book fields. - CVE-2025-0510: address of e-mail sender can be spoofed by malicious email. - CVE-2025-1016: memory safety bugs. - CVE-2025-1017: memory safety bugs. Other fixes: - fixed: images inside links could zoom when clicked instead of opening the link. - fixed: compacting an empty folder failed with write error. - fixed: compacting of IMAP folder with corrupted local storage failed with write error. - fixed: after restart, all restored tabs with opened PDFs showed the same attachment. - fixed: exceptions during CalDAV item processing would halt subsequent item handling. - fixed: context menu was unable to move email address to a different field. - fixed: link at about:rights pointed to Firefox privacy policy instead of Thunderbird's. - fixed: POP3 'fetch headers only' and 'get selected messages' could delete messages. - fixed: 'Search Online' checkbox in saved search properties was incorrectly disabled. - fixed: POP3 status message showed incorrect download count when messages were deleted. - fixed: space bar did not always advance to the next unread message. - fixed: folder creation or renaming failed due to incorrect preference settings. - fixed: forwarding/editing S/MIME drafts/templates unusable due to regression (bsc#1236411). - fixed: sort order in 'Search Messages' panel reset after search or on first launch. - fixed: reply window added an unnecessary third blank line at the top. - fixed: Thunderbird spell check box did not allow ENTER to accept suggested changes. - fixed: long email subject lines could overlap window control buttons on macOS. - fixed: flathub manifest link was not correct. - fixed: 'Prefer client-side email scheduling' needed to be selected twice. - fixed: duplicate invitations were sent if CALDAV calendar email case did not match. - fixed: visual and UX improvements. Important SUSE bug 1236411 SUSE bug 1236539 CVE-2024-11704 at SUSE CVE-2024-11704 at NVD CVE-2025-0510 at SUSE CVE-2025-0510 at NVD CVE-2025-1009 at SUSE CVE-2025-1009 at NVD CVE-2025-1010 at SUSE CVE-2025-1010 at NVD CVE-2025-1011 at SUSE CVE-2025-1011 at NVD CVE-2025-1012 at SUSE CVE-2025-1012 at NVD CVE-2025-1013 at SUSE CVE-2025-1013 at NVD CVE-2025-1014 at SUSE CVE-2025-1014 at NVD CVE-2025-1015 at SUSE CVE-2025-1015 at NVD CVE-2025-1016 at SUSE CVE-2025-1016 at NVD CVE-2025-1017 at SUSE CVE-2025-1017 at NVD cpe:/o:opensuse:leap:15.6 Security update for qatengine, qatlib (Moderate) openSUSE Leap 15.6 This update for qatengine, qatlib fixes the following issues: Note that the 1.6.1 release included in 1.7.0 fixes the following vulnerabilities: * CVE-2024-28885: Fixed observable discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access. (bsc#1233363) * CVE-2024-31074: Fixed observable timing discrepancy may allow information disclosure via network access (bsc#1233365) * CVE-2024-33617: Fixed insufficient control flow management may allow information disclosure via network access (bsc#1233366) qatengine was updated to 1.7.0: * ipp-crypto name change to cryptography-primitives * QAT_SW GCM memory leak fix in cleanup function * Update limitation section in README for v1.7.0 release * Fix build with OPENSSL_NO_ENGINE * Fix for build issues with qatprovider in qatlib * Bug fixes and README updates to v1.7.0 * Remove qat_contig_mem driver support * Add support for building QAT Engine ENGINE and PROVIDER modules with QuicTLS 3.x libraries * Fix for DSA issue with openssl3.2 * Fix missing lower bounds check on index i * Enabled SW Fallback support for FBSD * Fix for segfault issue when SHIM config section is unavailable * Fix for Coverity & Resource leak * Fix for RSA failure with SVM enabled in openssl-3.2 * SM3 Memory Leak Issue Fix * Fix qatprovider lib name issue with system openssl Update to 1.6.0: * Fix issue with make depend for QAT_SW * QAT_HW GCM Memleak fix & bug fixes * QAT2.0 FreeBSD14 intree driver support * Fix OpenSSL 3.2 compatibility issues * Optimize hex dump logging * Clear job tlv on error * QAT_HW RSA Encrypt and Decrypt provider support * QAT_HW AES-CCM Provider support * Add ECDH keymgmt support for provider * Fix QAT_HW SM2 memory leak * Enable qaeMemFreeNonZeroNUMA() for qatlib * Fix polling issue for the process that doesn't have QAT_HW instance * Fix SHA3 qctx initialization issue & potential memleak * Fix compilation error in SM2 with qat_contig_mem * Update year in copyright information to 2024 - update to 24.09.0: * Improved performance scaling in multi-thread applications * Set core affinity mapping based on NUMA (libnuma now required for building) * bug fixes, see https://github.com/intel/qatlib#resolved-issues - version update to 24.02.0 * Support DC NS (NoSession) APIs * Support Symmetric Crypto SM3 & SM4 * Support Asymmetric Crypto SM2 * Support DC CompressBound APIs * Bug Fixes. See Resolved section in README.md Moderate SUSE bug 1233363 SUSE bug 1233365 SUSE bug 1233366 CVE-2024-28885 at SUSE CVE-2024-28885 at NVD CVE-2024-31074 at SUSE CVE-2024-31074 at NVD CVE-2024-33617 at SUSE CVE-2024-33617 at NVD cpe:/o:opensuse:leap:15.6 Security update for ongres-scram (Moderate) openSUSE Leap 15.6 This update for ongres-scram fixes the following issues: - CVE-2025-59432: Fixed timing attack vulnerability in SCRAM Authentication (bsc#1250399) Moderate SUSE bug 1250399 CVE-2025-59432 at SUSE CVE-2025-59432 at NVD cpe:/o:opensuse:leap:15.6 Security update for python310 (Moderate) openSUSE Leap 15.6 This update for python310 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) Moderate SUSE bug 1236705 CVE-2025-0938 at SUSE CVE-2025-0938 at NVD cpe:/o:opensuse:leap:15.6 Security update for openssh (Moderate) openSUSE Leap 15.6 This update for openssh fixes the following issues: - CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198) - CVE-2025-61985: Fixed code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199) Moderate SUSE bug 1251198 SUSE bug 1251199 CVE-2025-61984 at SUSE CVE-2025-61984 at NVD CVE-2025-61985 at SUSE CVE-2025-61985 at NVD cpe:/o:opensuse:leap:15.6 Security update for lasso (Critical) openSUSE Leap 15.6 This update for lasso fixes the following issues: - CVE-2025-46404: Fixed denial of service in Entr'ouvert Lasso (bsc#1253092) - CVE-2025-46705: Fixed denial of service in Entr'ouvert Lasso (bsc#1253093) - CVE-2025-47151: Fixed type confusion vulnerability in the lasso_node_impl_init_from_xml functionality (bsc#1253095) Critical SUSE bug 1253092 SUSE bug 1253093 SUSE bug 1253095 CVE-2025-46404 at SUSE CVE-2025-46404 at NVD CVE-2025-46705 at SUSE CVE-2025-46705 at NVD CVE-2025-47151 at SUSE CVE-2025-47151 at NVD cpe:/o:opensuse:leap:15.6 Security update for runc (Important) openSUSE Leap 15.6 This update for runc fixes the following issues: Update to runc v1.3.3. Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.3.3>. bsc#1252232 * CVE-2025-31133 * CVE-2025-52565 * CVE-2025-52881 Update to runc v1.3.2. Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.3.2> bsc#1252110 - Includes an important fix for the CPUSet translation for cgroupv2. Update to runc v1.3.1. Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.3.1> Update to runc v1.3.0. Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.3.0> Important SUSE bug 1252110 SUSE bug 1252232 CVE-2025-31133 at SUSE CVE-2025-31133 at NVD CVE-2025-52565 at SUSE CVE-2025-52565 at NVD CVE-2025-52881 at SUSE CVE-2025-52881 at NVD cpe:/o:opensuse:leap:15.6 Security update for buildah (Important) openSUSE Leap 15.6 This update for buildah fixes the following issues: - CVE-2025-52881: Fixed container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1253096) Important SUSE bug 1253096 CVE-2025-52881 at SUSE CVE-2025-52881 at NVD cpe:/o:opensuse:leap:15.6 Security update for podman (Important) openSUSE Leap 15.6 This update for podman fixes the following issues: - CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252376) - CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252376) - CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252376) Other fixes: - Fix: podman and buildah with runc 1.3.2 fail with lots of warnings as rootless (bsc#1252543) Important SUSE bug 1252376 SUSE bug 1252543 CVE-2025-31133 at SUSE CVE-2025-31133 at NVD CVE-2025-52565 at SUSE CVE-2025-52565 at NVD CVE-2025-52881 at SUSE CVE-2025-52881 at NVD cpe:/o:opensuse:leap:15.6 Security update for tomcat11 (Important) openSUSE Leap 15.6 This update for tomcat11 fixes the following issues: Update to Tomcat 11.0.13 - CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753) - CVE-2025-55754: Fixed improper neutralization of escape, meta, or control sequences vulnerability (bsc#1252905) - CVE-2025-61795: Fixed denial of service due to temporary copies during the processing of multipart upload (bsc#1252756) Important SUSE bug 1252753 SUSE bug 1252756 SUSE bug 1252905 CVE-2025-55752 at SUSE CVE-2025-55752 at NVD CVE-2025-55754 at SUSE CVE-2025-55754 at NVD CVE-2025-61795 at SUSE CVE-2025-61795 at NVD cpe:/o:opensuse:leap:15.6 Security update for netty, netty-tcnative (Moderate) openSUSE Leap 15.6 This update for netty, netty-tcnative fixes the following issues: - CVE-2025-59419: fixed SMTP command injection vulnerability that allowed email forgery (bsc#1252097) Moderate SUSE bug 1252097 CVE-2025-59419 at SUSE CVE-2025-59419 at NVD cpe:/o:opensuse:leap:15.6 Security update for cargo-packaging, rust-bindgen (Low) openSUSE Leap 15.6 This update for cargo-packaging and rust-bindgen fixes the following issues: cargo-packaging was updated to version 1.3.0+0: - CVE-2025-58160: Fixed tracing log pollution in tracing-subscriber (bsc#1249012) Other fixes: - Prevent stripping debug info (bsc#1222175) rust-bindgen was updated to 0.72.0. Low SUSE bug 1222175 SUSE bug 1249012 CVE-2025-58160 at SUSE CVE-2025-58160 at NVD cpe:/o:opensuse:leap:15.6 Security update for elfutils (Moderate) openSUSE Leap 15.6 This update for elfutils fixes the following issues: - Fixing build/testsuite for more recent glibc and kernels. - Fixing denial of service and general buffer overflow errors (bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242): - CVE-2025-1376: Fixed denial of service in function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip - CVE-2025-1377: Fixed denial of service in function gelf_getsymshndx of the file strip.c of the component eu-strip - CVE-2025-1372: Fixed buffer overflow in function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf - CVE-2025-1352: Fixed SEGV (illegal read access) in function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf - Fixing testsuite race conditions in run-debuginfod-find.sh. Moderate SUSE bug 1237236 SUSE bug 1237240 SUSE bug 1237241 SUSE bug 1237242 CVE-2025-1352 at SUSE CVE-2025-1352 at NVD CVE-2025-1372 at SUSE CVE-2025-1372 at NVD CVE-2025-1376 at SUSE CVE-2025-1376 at NVD CVE-2025-1377 at SUSE CVE-2025-1377 at NVD cpe:/o:opensuse:leap:15.6 Security update for binutils (Important) openSUSE Leap 15.6 This update for binutils fixes the following issues: - Do not enable '-z gcs=implicit' on aarch64 for old codestreams. Update to version 2.45: * New versioned release of libsframe.so.2 * s390: tools now support SFrame format 2; recognize 'z17' as CPU name [bsc#1247105, jsc#IBM-1485] * sframe sections are now of ELF section type SHT_GNU_SFRAME. * sframe secions generated by the assembler have SFRAME_F_FDE_FUNC_START_PCREL set. * riscv: Support more extensions: standard: Zicfiss v1.0, Zicfilp v1.0, Zcmp v1.0, Zcmt v1.0, Smrnmi v1.0, S[sm]dbltrp v1.0, S[sm]ctr v1.0, ssqosid v1.0, ssnpm v1.0, smnpm v1.0, smmpm v1.0, sspm v1.0, supm v1.0, sha v1.0, zce v1.0, smcdeleg v1.0, ssccfg v1.0, svvptc v1.0, zilsd v1.0, zclsd v1.0, smrnmi v1.0; vendor: CORE-V, xcvbitmanip v1.0 and xcvsimd v1.0; SiFive, xsfvqmaccdod v1.0, xsfvqmaccqoqv1.0 and xsfvfnrclipxfqf v1.0; T-Head: xtheadvdot v1.0; MIPS: xmipscbop v1.0, xmipscmov v1.0, xmipsexectl v1.0, xmipslsp v1.0. * Support RISC-V privileged version 1.13, profiles 20/22/23, and .bfloat16 directive. * x86: Add support for these ISAs: Intel Diamond Rapids AMX, MOVRS, AVX10.2 (including SM4), MSR_IMM; Zhaoxin PadLock PHE2, RNG2, GMI, XMODX. Drop support for AVX10.2 256 bit rounding. * arm: Add support for most of Armv9.6, enabled by -march=armv9.6-a and extensions '+cmpbr', '+f8f16mm', '+f8f32mm', '+fprcvt', '+lsfe', '+lsui', '+occmo', '+pops', '+sme2p2', '+ssve-aes', '+sve-aes', '+sve-aes2', '+sve-bfscale', '+sve-f16f32mm' and '+sve2p2'. * Predefined symbols 'GAS(version)' and, on non-release builds, 'GAS(date)' are now being made available. * Add .errif and .warnif directives. * linker: - Add --image-base=<ADDR> option to the ELF linker to behave the same as -Ttext-segment for compatibility with LLD. - Add support for mixed LTO and non-LTO codes in relocatable output. - s390: linker generates .eh_frame and/or .sframe for linker generated .plt sections by default (can be disabled by --no-ld-generated-unwind-info). - riscv: add new PLT formats, and GNU property merge rules for zicfiss and zicfilp extensions. - gold is no longer included - Contains fixes for these non-CVEs (not security bugs per upstreams SECURITY.md): * bsc#1236632 aka CVE-2025-0840 aka PR32650 * bsc#1236977 aka CVE-2025-1149 aka PR32576 * bsc#1236978 aka CVE-2025-1148 aka PR32576 * bsc#1236999 aka CVE-2025-1176 aka PR32636 * bsc#1237000 aka CVE-2025-1153 aka PR32603 * bsc#1237001 aka CVE-2025-1152 aka PR32576 * bsc#1237003 aka CVE-2025-1151 aka PR32576 * bsc#1237005 aka CVE-2025-1150 aka PR32576 * bsc#1237018 aka CVE-2025-1178 aka PR32638 * bsc#1237019 aka CVE-2025-1181 aka PR32643 * bsc#1237020 aka CVE-2025-1180 aka PR32642 * bsc#1237021 aka CVE-2025-1179 aka PR32640 * bsc#1237042 aka CVE-2025-1182 aka PR32644 * bsc#1240870 aka CVE-2025-3198 aka PR32716 * bsc#1243756 aka CVE-2025-5244 aka PR32858 * bsc#1243760 aka CVE-2025-5245 aka PR32829 * bsc#1246481 aka CVE-2025-7545 aka PR33049 * bsc#1246486 aka CVE-2025-7546 aka PR33050 * bsc#1247114 aka CVE-2025-8224 aka PR32109 * bsc#1247117 aka CVE-2025-8225 no PR - Add these backport patches: * bsc#1236976 aka CVE-2025-1147 aka PR32556 * bsc#1250632 aka CVE-2025-11083 aka PR33457 * bsc#1251275 aka CVE-2025-11412 aka PR33452 * bsc#1251276 aka CVE-2025-11413 aka PR33456 * bsc#1251277 aka CVE-2025-11414 aka PR33450 * bsc#1251794 aka CVE-2025-11494 aka PR33499 * bsc#1251795 aka CVE-2025-11495 aka PR33502 - Skip PGO with %want_reproducible_builds (bsc#1040589) - Fix crash in assembler with -gdwarf-5 - aarch64-common-pagesize.patch, aarch64 no longer uses 64K page size - Add -std=gnu17 to move gcc15 forward, as temporary measure until the binutils version can be updated [bsc#1241916]. Important SUSE bug 1040589 SUSE bug 1236632 SUSE bug 1236976 SUSE bug 1236977 SUSE bug 1236978 SUSE bug 1236999 SUSE bug 1237000 SUSE bug 1237001 SUSE bug 1237003 SUSE bug 1237005 SUSE bug 1237018 SUSE bug 1237019 SUSE bug 1237020 SUSE bug 1237021 SUSE bug 1237042 SUSE bug 1240870 SUSE bug 1241916 SUSE bug 1243756 SUSE bug 1243760 SUSE bug 1246481 SUSE bug 1246486 SUSE bug 1247105 SUSE bug 1247114 SUSE bug 1247117 SUSE bug 1250632 SUSE bug 1251275 SUSE bug 1251276 SUSE bug 1251277 SUSE bug 1251794 SUSE bug 1251795 CVE-2025-0840 at SUSE CVE-2025-0840 at NVD CVE-2025-11083 at SUSE CVE-2025-11083 at NVD CVE-2025-11412 at SUSE CVE-2025-11412 at NVD CVE-2025-11413 at SUSE CVE-2025-11413 at NVD CVE-2025-11414 at SUSE CVE-2025-11414 at NVD CVE-2025-1147 at SUSE CVE-2025-1147 at NVD CVE-2025-1148 at SUSE CVE-2025-1148 at NVD CVE-2025-1149 at SUSE CVE-2025-1149 at NVD CVE-2025-11494 at SUSE CVE-2025-11494 at NVD CVE-2025-11495 at SUSE CVE-2025-11495 at NVD CVE-2025-1150 at SUSE CVE-2025-1150 at NVD CVE-2025-1151 at SUSE CVE-2025-1151 at NVD CVE-2025-1152 at SUSE CVE-2025-1152 at NVD CVE-2025-1153 at SUSE CVE-2025-1153 at NVD CVE-2025-1176 at SUSE CVE-2025-1176 at NVD CVE-2025-1178 at SUSE CVE-2025-1178 at NVD CVE-2025-1179 at SUSE CVE-2025-1179 at NVD CVE-2025-1180 at SUSE CVE-2025-1180 at NVD CVE-2025-1181 at SUSE CVE-2025-1181 at NVD CVE-2025-1182 at SUSE CVE-2025-1182 at NVD CVE-2025-3198 at SUSE CVE-2025-3198 at NVD CVE-2025-5244 at SUSE CVE-2025-5244 at NVD CVE-2025-5245 at SUSE CVE-2025-5245 at NVD CVE-2025-7545 at SUSE CVE-2025-7545 at NVD CVE-2025-7546 at SUSE CVE-2025-7546 at NVD CVE-2025-8224 at SUSE CVE-2025-8224 at NVD CVE-2025-8225 at SUSE CVE-2025-8225 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Django (Important) openSUSE Leap 15.6 This update for python-Django fixes the following issues: - CVE-2025-64459: Fixed a potential SQL injection via the '_connector' keyword (bsc#1252926) Important SUSE bug 1252926 CVE-2025-62769 at SUSE CVE-2025-62769 at NVD CVE-2025-64459 at SUSE CVE-2025-64459 at NVD cpe:/o:opensuse:leap:15.6 Security update for tomcat10 (Important) openSUSE Leap 15.6 This update for tomcat10 fixes the following issues: Update to Tomcat 10.1.48 - CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753) - CVE-2025-55754: Fixed improper neutralization of escape, meta, or control sequences vulnerability (bsc#1252905) - CVE-2025-61795: Fixed denial of service due to temporary copies during the processing of multipart upload (bsc#1252756) Important SUSE bug 1252753 SUSE bug 1252756 SUSE bug 1252905 CVE-2025-55752 at SUSE CVE-2025-55752 at NVD CVE-2025-55754 at SUSE CVE-2025-55754 at NVD CVE-2025-61795 at SUSE CVE-2025-61795 at NVD cpe:/o:opensuse:leap:15.6 Security update for bind (Important) openSUSE Leap 15.6 This update for bind fixes the following issues: - CVE-2025-8677: DNSSEC validation fails if matching but invalid DNSKEY is found (bsc#1252378). - CVE-2025-40778: Address various spoofing attacks (bsc#1252379). - CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator (bsc#1252380). Important SUSE bug 1252378 SUSE bug 1252379 SUSE bug 1252380 CVE-2025-40778 at SUSE CVE-2025-40778 at NVD CVE-2025-40780 at SUSE CVE-2025-40780 at NVD CVE-2025-8677 at SUSE CVE-2025-8677 at NVD cpe:/o:opensuse:leap:15.6 Security update for libxml2 (Moderate) openSUSE Leap 15.6 This update for libxml2 fixes the following issues: - CVE-2025-9714: Fixed inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c (bsc#1249076) - CVE-2025-8732: Fixed infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247850) Moderate SUSE bug 1247850 SUSE bug 1249076 CVE-2025-8732 at SUSE CVE-2025-8732 at NVD CVE-2025-9714 at SUSE CVE-2025-9714 at NVD cpe:/o:opensuse:leap:15.6 Security update for openssl-1_0_0 (Important) openSUSE Leap 15.6 This update for openssl-1_0_0 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232). Important SUSE bug 1250232 CVE-2025-9230 at SUSE CVE-2025-9230 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939). - CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211). - CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230). - CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630). - CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224). - CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182). - CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161). - CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320). - CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302). - CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286). - CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319). - CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317). - CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512). - CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595). - CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202). - CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032). - CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296). - CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455). - CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400). - CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379). - CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721). - CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702). - CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704). - CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230). - CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114). - CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232). - CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233). - CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177). - CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804). - CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047). - CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044). - CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051). - CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052). - CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039). - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035). - CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069). - CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062). - CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349). - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688). - CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858). - CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826). - CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848). - CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789). - CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774). - CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918). The following non security issues were fixed: - ACPI: battery: Add synchronization between interface updates (git-fixes). - KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199). - KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes). - KVM: x86: Process 'guest stopped request' once per guest time update (git-fixes). - bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364). - cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes). - drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes). - ext4: fix checks for orphan inodes (bsc#1250119). - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes). - kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939). - module: Prevent silent truncation of module name in delete_module(2) (git-fixes). - net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754). - netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). - perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes). - perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes). - phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes). - powerpc/boot: Fix build with gcc 15 (bsc#1215199). - powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199). - powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199). - powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199). - powerpc: floppy: Add missing checks after DMA map (bsc#1215199). - proc: fix missing pde_set_flags() for net proc files (bsc#1248630) - proc: fix type confusion in pde_set_flags() (bsc#1248630) - sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517). - skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650). - smb: client: fix crypto buffers in non-linear memory (bsc#1250491, bsc#1239206). - smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886). - tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650). - tracing: Remove unneeded goto out logic (bsc#1249286). - x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517). Important SUSE bug 1012628 SUSE bug 1214954 SUSE bug 1215143 SUSE bug 1215199 SUSE bug 1216396 SUSE bug 1220419 SUSE bug 1239206 SUSE bug 1244939 SUSE bug 1248211 SUSE bug 1248230 SUSE bug 1248517 SUSE bug 1248630 SUSE bug 1248754 SUSE bug 1248886 SUSE bug 1249161 SUSE bug 1249182 SUSE bug 1249224 SUSE bug 1249286 SUSE bug 1249302 SUSE bug 1249317 SUSE bug 1249319 SUSE bug 1249320 SUSE bug 1249512 SUSE bug 1249595 SUSE bug 1249608 SUSE bug 1250032 SUSE bug 1250119 SUSE bug 1250202 SUSE bug 1250237 SUSE bug 1250274 SUSE bug 1250296 SUSE bug 1250379 SUSE bug 1250400 SUSE bug 1250455 SUSE bug 1250491 SUSE bug 1250519 SUSE bug 1250650 SUSE bug 1250702 SUSE bug 1250704 SUSE bug 1250721 SUSE bug 1250742 SUSE bug 1250946 SUSE bug 1251024 SUSE bug 1251027 SUSE bug 1251028 SUSE bug 1251031 SUSE bug 1251035 SUSE bug 1251038 SUSE bug 1251043 SUSE bug 1251045 SUSE bug 1251052 SUSE bug 1251053 SUSE bug 1251054 SUSE bug 1251056 SUSE bug 1251057 SUSE bug 1251059 SUSE bug 1251060 SUSE bug 1251065 SUSE bug 1251066 SUSE bug 1251067 SUSE bug 1251068 SUSE bug 1251071 SUSE bug 1251076 SUSE bug 1251079 SUSE bug 1251081 SUSE bug 1251083 SUSE bug 1251084 SUSE bug 1251100 SUSE bug 1251105 SUSE bug 1251106 SUSE bug 1251108 SUSE bug 1251113 SUSE bug 1251114 SUSE bug 1251119 SUSE bug 1251123 SUSE bug 1251126 SUSE bug 1251132 SUSE bug 1251134 SUSE bug 1251143 SUSE bug 1251146 SUSE bug 1251150 SUSE bug 1251152 SUSE bug 1251153 SUSE bug 1251159 SUSE bug 1251161 SUSE bug 1251170 SUSE bug 1251177 SUSE bug 1251180 SUSE bug 1251206 SUSE bug 1251215 SUSE bug 1251216 SUSE bug 1251222 SUSE bug 1251230 SUSE bug 1251232 SUSE bug 1251233 SUSE bug 1251247 SUSE bug 1251268 SUSE bug 1251269 SUSE bug 1251270 SUSE bug 1251282 SUSE bug 1251283 SUSE bug 1251286 SUSE bug 1251290 SUSE bug 1251319 SUSE bug 1251321 SUSE bug 1251323 SUSE bug 1251328 SUSE bug 1251529 SUSE bug 1251721 SUSE bug 1251732 SUSE bug 1251742 SUSE bug 1251743 SUSE bug 1251746 SUSE bug 1251748 SUSE bug 1251749 SUSE bug 1251750 SUSE bug 1251754 SUSE bug 1251755 SUSE bug 1251756 SUSE bug 1251758 SUSE bug 1251759 SUSE bug 1251760 SUSE bug 1251762 SUSE bug 1251763 SUSE bug 1251764 SUSE bug 1251769 SUSE bug 1251771 SUSE bug 1251772 SUSE bug 1251777 SUSE bug 1251780 SUSE bug 1251804 SUSE bug 1251810 SUSE bug 1251930 SUSE bug 1251967 SUSE bug 1252033 SUSE bug 1252035 SUSE bug 1252039 SUSE bug 1252044 SUSE bug 1252047 SUSE bug 1252051 SUSE bug 1252052 SUSE bug 1252056 SUSE bug 1252060 SUSE bug 1252062 SUSE bug 1252064 SUSE bug 1252065 SUSE bug 1252069 SUSE bug 1252070 SUSE bug 1252072 SUSE bug 1252074 SUSE bug 1252075 SUSE bug 1252078 SUSE bug 1252079 SUSE bug 1252082 SUSE bug 1252083 SUSE bug 1252236 SUSE bug 1252265 SUSE bug 1252332 SUSE bug 1252336 SUSE bug 1252346 SUSE bug 1252348 SUSE bug 1252349 SUSE bug 1252364 SUSE bug 1252479 SUSE bug 1252481 SUSE bug 1252489 SUSE bug 1252490 SUSE bug 1252492 SUSE bug 1252495 SUSE bug 1252496 SUSE bug 1252499 SUSE bug 1252534 SUSE bug 1252536 SUSE bug 1252537 SUSE bug 1252550 SUSE bug 1252553 SUSE bug 1252559 SUSE bug 1252561 SUSE bug 1252564 SUSE bug 1252565 SUSE bug 1252566 SUSE bug 1252632 SUSE bug 1252668 SUSE bug 1252678 SUSE bug 1252679 SUSE bug 1252685 SUSE bug 1252688 SUSE bug 1252772 SUSE bug 1252774 SUSE bug 1252775 SUSE bug 1252785 SUSE bug 1252787 SUSE bug 1252789 SUSE bug 1252797 SUSE bug 1252822 SUSE bug 1252826 SUSE bug 1252841 SUSE bug 1252848 SUSE bug 1252849 SUSE bug 1252850 SUSE bug 1252851 SUSE bug 1252854 SUSE bug 1252858 SUSE bug 1252865 SUSE bug 1252866 SUSE bug 1252873 SUSE bug 1252902 SUSE bug 1252904 SUSE bug 1252909 SUSE bug 1252918 SUSE bug 1252939 CVE-2023-53538 at SUSE CVE-2023-53538 at NVD CVE-2023-53539 at SUSE CVE-2023-53539 at NVD CVE-2023-53540 at SUSE CVE-2023-53540 at NVD CVE-2023-53541 at SUSE CVE-2023-53541 at NVD CVE-2023-53543 at SUSE CVE-2023-53543 at NVD CVE-2023-53545 at SUSE CVE-2023-53545 at NVD CVE-2023-53546 at SUSE CVE-2023-53546 at NVD CVE-2023-53548 at SUSE CVE-2023-53548 at NVD CVE-2023-53550 at SUSE CVE-2023-53550 at NVD CVE-2023-53552 at SUSE CVE-2023-53552 at NVD CVE-2023-53553 at SUSE CVE-2023-53553 at NVD CVE-2023-53554 at SUSE CVE-2023-53554 at NVD CVE-2023-53555 at SUSE CVE-2023-53555 at NVD CVE-2023-53556 at SUSE CVE-2023-53556 at NVD CVE-2023-53557 at SUSE CVE-2023-53557 at NVD CVE-2023-53558 at SUSE CVE-2023-53558 at NVD CVE-2023-53559 at SUSE CVE-2023-53559 at NVD CVE-2023-53560 at SUSE CVE-2023-53560 at NVD CVE-2023-53563 at SUSE CVE-2023-53563 at NVD CVE-2023-53568 at SUSE CVE-2023-53568 at NVD CVE-2023-53570 at SUSE CVE-2023-53570 at NVD CVE-2023-53572 at SUSE CVE-2023-53572 at NVD CVE-2023-53574 at SUSE CVE-2023-53574 at NVD CVE-2023-53575 at SUSE CVE-2023-53575 at NVD CVE-2023-53577 at SUSE CVE-2023-53577 at NVD CVE-2023-53579 at SUSE CVE-2023-53579 at NVD CVE-2023-53580 at SUSE CVE-2023-53580 at NVD CVE-2023-53581 at SUSE CVE-2023-53581 at NVD CVE-2023-53583 at SUSE CVE-2023-53583 at NVD CVE-2023-53585 at SUSE CVE-2023-53585 at NVD CVE-2023-53588 at SUSE CVE-2023-53588 at NVD CVE-2023-53593 at SUSE CVE-2023-53593 at NVD CVE-2023-53596 at SUSE CVE-2023-53596 at NVD CVE-2023-53597 at SUSE CVE-2023-53597 at NVD CVE-2023-53599 at SUSE CVE-2023-53599 at NVD CVE-2023-53600 at SUSE CVE-2023-53600 at NVD CVE-2023-53601 at SUSE CVE-2023-53601 at NVD CVE-2023-53602 at SUSE CVE-2023-53602 at NVD CVE-2023-53603 at SUSE CVE-2023-53603 at NVD CVE-2023-53611 at SUSE CVE-2023-53611 at NVD CVE-2023-53613 at SUSE CVE-2023-53613 at NVD CVE-2023-53615 at SUSE CVE-2023-53615 at NVD CVE-2023-53616 at SUSE CVE-2023-53616 at NVD CVE-2023-53617 at SUSE CVE-2023-53617 at NVD CVE-2023-53618 at SUSE CVE-2023-53618 at NVD CVE-2023-53619 at SUSE CVE-2023-53619 at NVD CVE-2023-53621 at SUSE CVE-2023-53621 at NVD CVE-2023-53622 at SUSE CVE-2023-53622 at NVD CVE-2023-53631 at SUSE CVE-2023-53631 at NVD CVE-2023-53632 at SUSE CVE-2023-53632 at NVD CVE-2023-53633 at SUSE CVE-2023-53633 at NVD CVE-2023-53638 at SUSE CVE-2023-53638 at NVD CVE-2023-53645 at SUSE CVE-2023-53645 at NVD CVE-2023-53646 at SUSE CVE-2023-53646 at NVD CVE-2023-53647 at SUSE CVE-2023-53647 at NVD CVE-2023-53648 at SUSE CVE-2023-53648 at NVD CVE-2023-53649 at SUSE CVE-2023-53649 at NVD CVE-2023-53650 at SUSE CVE-2023-53650 at NVD CVE-2023-53652 at SUSE CVE-2023-53652 at NVD CVE-2023-53653 at SUSE CVE-2023-53653 at NVD CVE-2023-53654 at SUSE CVE-2023-53654 at NVD CVE-2023-53656 at SUSE CVE-2023-53656 at NVD CVE-2023-53657 at SUSE CVE-2023-53657 at NVD CVE-2023-53658 at SUSE CVE-2023-53658 at NVD CVE-2023-53659 at SUSE CVE-2023-53659 at NVD CVE-2023-53660 at SUSE CVE-2023-53660 at NVD CVE-2023-53662 at SUSE CVE-2023-53662 at NVD CVE-2023-53663 at SUSE CVE-2023-53663 at NVD CVE-2023-53665 at SUSE CVE-2023-53665 at NVD CVE-2023-53666 at SUSE CVE-2023-53666 at NVD CVE-2023-53668 at SUSE CVE-2023-53668 at NVD CVE-2023-53670 at SUSE CVE-2023-53670 at NVD CVE-2023-53672 at SUSE CVE-2023-53672 at NVD CVE-2023-53673 at SUSE CVE-2023-53673 at NVD CVE-2023-53674 at SUSE CVE-2023-53674 at NVD CVE-2023-53681 at SUSE CVE-2023-53681 at NVD CVE-2023-53686 at SUSE CVE-2023-53686 at NVD CVE-2023-53687 at SUSE CVE-2023-53687 at NVD CVE-2023-53693 at SUSE CVE-2023-53693 at NVD CVE-2023-53697 at SUSE CVE-2023-53697 at NVD CVE-2023-53698 at SUSE CVE-2023-53698 at NVD CVE-2023-53699 at SUSE CVE-2023-53699 at NVD CVE-2023-53703 at SUSE CVE-2023-53703 at NVD CVE-2023-53704 at SUSE CVE-2023-53704 at NVD CVE-2023-53707 at SUSE CVE-2023-53707 at NVD CVE-2023-53708 at SUSE CVE-2023-53708 at NVD CVE-2023-53711 at SUSE CVE-2023-53711 at NVD CVE-2023-53713 at SUSE CVE-2023-53713 at NVD CVE-2023-53718 at SUSE CVE-2023-53718 at NVD CVE-2023-53721 at SUSE CVE-2023-53721 at NVD CVE-2023-53722 at SUSE CVE-2023-53722 at NVD CVE-2023-53725 at SUSE CVE-2023-53725 at NVD CVE-2023-53726 at SUSE CVE-2023-53726 at NVD CVE-2023-53727 at SUSE CVE-2023-53727 at NVD CVE-2023-53728 at SUSE CVE-2023-53728 at NVD CVE-2023-53729 at SUSE CVE-2023-53729 at NVD CVE-2023-53730 at SUSE CVE-2023-53730 at NVD CVE-2023-53731 at SUSE CVE-2023-53731 at NVD CVE-2023-53733 at SUSE CVE-2023-53733 at NVD CVE-2025-38008 at SUSE CVE-2025-38008 at NVD CVE-2025-38539 at SUSE CVE-2025-38539 at NVD CVE-2025-38552 at SUSE CVE-2025-38552 at NVD CVE-2025-38653 at SUSE CVE-2025-38653 at NVD CVE-2025-38699 at SUSE CVE-2025-38699 at NVD CVE-2025-38700 at SUSE CVE-2025-38700 at NVD CVE-2025-38718 at SUSE CVE-2025-38718 at NVD CVE-2025-39673 at SUSE CVE-2025-39673 at NVD CVE-2025-39676 at SUSE CVE-2025-39676 at NVD CVE-2025-39683 at SUSE CVE-2025-39683 at NVD CVE-2025-39697 at SUSE CVE-2025-39697 at NVD CVE-2025-39702 at SUSE CVE-2025-39702 at NVD CVE-2025-39756 at SUSE CVE-2025-39756 at NVD CVE-2025-39794 at SUSE CVE-2025-39794 at NVD CVE-2025-39797 at SUSE CVE-2025-39797 at NVD CVE-2025-39812 at SUSE CVE-2025-39812 at NVD CVE-2025-39813 at SUSE CVE-2025-39813 at NVD CVE-2025-39841 at SUSE CVE-2025-39841 at NVD CVE-2025-39851 at SUSE CVE-2025-39851 at NVD CVE-2025-39866 at SUSE CVE-2025-39866 at NVD CVE-2025-39876 at SUSE CVE-2025-39876 at NVD CVE-2025-39881 at SUSE CVE-2025-39881 at NVD CVE-2025-39895 at SUSE CVE-2025-39895 at NVD CVE-2025-39902 at SUSE CVE-2025-39902 at NVD CVE-2025-39911 at SUSE CVE-2025-39911 at NVD CVE-2025-39931 at SUSE CVE-2025-39931 at NVD CVE-2025-39934 at SUSE CVE-2025-39934 at NVD CVE-2025-39937 at SUSE CVE-2025-39937 at NVD CVE-2025-39938 at SUSE CVE-2025-39938 at NVD CVE-2025-39945 at SUSE CVE-2025-39945 at NVD CVE-2025-39946 at SUSE CVE-2025-39946 at NVD CVE-2025-39947 at SUSE CVE-2025-39947 at NVD CVE-2025-39948 at SUSE CVE-2025-39948 at NVD CVE-2025-39949 at SUSE CVE-2025-39949 at NVD CVE-2025-39952 at SUSE CVE-2025-39952 at NVD CVE-2025-39955 at SUSE CVE-2025-39955 at NVD CVE-2025-39957 at SUSE CVE-2025-39957 at NVD CVE-2025-39965 at SUSE CVE-2025-39965 at NVD CVE-2025-39967 at SUSE CVE-2025-39967 at NVD CVE-2025-39968 at SUSE CVE-2025-39968 at NVD CVE-2025-39969 at SUSE CVE-2025-39969 at NVD CVE-2025-39970 at SUSE CVE-2025-39970 at NVD CVE-2025-39971 at SUSE CVE-2025-39971 at NVD CVE-2025-39972 at SUSE CVE-2025-39972 at NVD CVE-2025-39973 at SUSE CVE-2025-39973 at NVD CVE-2025-39978 at SUSE CVE-2025-39978 at NVD CVE-2025-39981 at SUSE CVE-2025-39981 at NVD CVE-2025-39982 at SUSE CVE-2025-39982 at NVD CVE-2025-39985 at SUSE CVE-2025-39985 at NVD CVE-2025-39986 at SUSE CVE-2025-39986 at NVD CVE-2025-39987 at SUSE CVE-2025-39987 at NVD CVE-2025-39988 at SUSE CVE-2025-39988 at NVD CVE-2025-39991 at SUSE CVE-2025-39991 at NVD CVE-2025-39993 at SUSE CVE-2025-39993 at NVD CVE-2025-39994 at SUSE CVE-2025-39994 at NVD CVE-2025-39995 at SUSE CVE-2025-39995 at NVD CVE-2025-39996 at SUSE CVE-2025-39996 at NVD CVE-2025-39997 at SUSE CVE-2025-39997 at NVD CVE-2025-40000 at SUSE CVE-2025-40000 at NVD CVE-2025-40005 at SUSE CVE-2025-40005 at NVD CVE-2025-40010 at SUSE CVE-2025-40010 at NVD CVE-2025-40011 at SUSE CVE-2025-40011 at NVD CVE-2025-40013 at SUSE CVE-2025-40013 at NVD CVE-2025-40016 at SUSE CVE-2025-40016 at NVD CVE-2025-40018 at SUSE CVE-2025-40018 at NVD CVE-2025-40019 at SUSE CVE-2025-40019 at NVD CVE-2025-40020 at SUSE CVE-2025-40020 at NVD CVE-2025-40029 at SUSE CVE-2025-40029 at NVD CVE-2025-40032 at SUSE CVE-2025-40032 at NVD CVE-2025-40035 at SUSE CVE-2025-40035 at NVD CVE-2025-40036 at SUSE CVE-2025-40036 at NVD CVE-2025-40043 at SUSE CVE-2025-40043 at NVD CVE-2025-40044 at SUSE CVE-2025-40044 at NVD CVE-2025-40049 at SUSE CVE-2025-40049 at NVD CVE-2025-40051 at SUSE CVE-2025-40051 at NVD CVE-2025-40052 at SUSE CVE-2025-40052 at NVD CVE-2025-40056 at SUSE CVE-2025-40056 at NVD CVE-2025-40058 at SUSE CVE-2025-40058 at NVD CVE-2025-40060 at SUSE CVE-2025-40060 at NVD CVE-2025-40061 at SUSE CVE-2025-40061 at NVD CVE-2025-40062 at SUSE CVE-2025-40062 at NVD CVE-2025-40071 at SUSE CVE-2025-40071 at NVD CVE-2025-40078 at SUSE CVE-2025-40078 at NVD CVE-2025-40080 at SUSE CVE-2025-40080 at NVD CVE-2025-40082 at SUSE CVE-2025-40082 at NVD CVE-2025-40085 at SUSE CVE-2025-40085 at NVD CVE-2025-40087 at SUSE CVE-2025-40087 at NVD CVE-2025-40088 at SUSE CVE-2025-40088 at NVD CVE-2025-40096 at SUSE CVE-2025-40096 at NVD CVE-2025-40100 at SUSE CVE-2025-40100 at NVD cpe:/o:opensuse:leap:15.6 Security update for unbound (Moderate) openSUSE Leap 15.6 This update for unbound fixes the following issues: - CVE-2025-11411: Fixed possible domain hijacking attack. (bsc#1252525) Moderate SUSE bug 1252525 CVE-2025-11411 at SUSE CVE-2025-11411 at NVD cpe:/o:opensuse:leap:15.6 Security update for gimp (Important) openSUSE Leap 15.6 This update for gimp fixes the following issues: - CVE-2025-10934: Fixed XWD file parsing heap-based buffer overflow vulnerability (bsc#1252886) Important SUSE bug 1252886 CVE-2025-10934 at SUSE CVE-2025-10934 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939). - CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211). - CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230). - CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630). - CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224). - CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182). - CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161). - CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320). - CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302). - CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286). - CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319). - CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317). - CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512). - CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595). - CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202). - CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032). - CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205). - CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296). - CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455). - CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400). - CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379). - CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721). - CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702). - CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704). - CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230). - CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114). - CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232). - CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233). - CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177). - CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804). - CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047). - CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044). - CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051). - CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052). - CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039). - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035). - CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069). - CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062). - CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349). - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688). - CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858). - CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826). - CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848). - CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789). - CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774). - CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918). The following non security issues were fixed: - ACPI: battery: Add synchronization between interface updates (git-fixes). - KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199). - KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes). - KVM: x86: Process 'guest stopped request' once per guest time update (git-fixes). - bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364). - cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes). - drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes). - ext4: fix checks for orphan inodes (bsc#1250119). - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes). - kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939). - module: Prevent silent truncation of module name in delete_module(2) (git-fixes). - net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754). - netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). - perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes). - perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes). - phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes). - powerpc/boot: Fix build with gcc 15 (bsc#1215199). - powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199). - powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199). - powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199). - powerpc: export MIN RMA size (bsc#1236743 ltc#211409). - powerpc: floppy: Add missing checks after DMA map (bsc#1215199). - powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743 ltc#211409 bsc#1252269 ltc#215957). - proc: fix missing pde_set_flags() for net proc files (bsc#1248630) - proc: fix type confusion in pde_set_flags() (bsc#1248630) - sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517). - skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650). - smb: client: fix crypto buffers in non-linear memory (bsc#1250491, bsc#1239206). - smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886). - tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650). - tracing: Remove unneeded goto out logic (bsc#1249286). - x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517). Important SUSE bug 1012628 SUSE bug 1214954 SUSE bug 1215143 SUSE bug 1215199 SUSE bug 1216396 SUSE bug 1220419 SUSE bug 1236743 SUSE bug 1239206 SUSE bug 1244939 SUSE bug 1248211 SUSE bug 1248230 SUSE bug 1248517 SUSE bug 1248630 SUSE bug 1248754 SUSE bug 1248886 SUSE bug 1249161 SUSE bug 1249182 SUSE bug 1249224 SUSE bug 1249286 SUSE bug 1249302 SUSE bug 1249317 SUSE bug 1249319 SUSE bug 1249320 SUSE bug 1249512 SUSE bug 1249595 SUSE bug 1249608 SUSE bug 1250032 SUSE bug 1250119 SUSE bug 1250202 SUSE bug 1250205 SUSE bug 1250237 SUSE bug 1250274 SUSE bug 1250296 SUSE bug 1250379 SUSE bug 1250400 SUSE bug 1250455 SUSE bug 1250491 SUSE bug 1250519 SUSE bug 1250650 SUSE bug 1250702 SUSE bug 1250704 SUSE bug 1250721 SUSE bug 1250742 SUSE bug 1250946 SUSE bug 1251024 SUSE bug 1251027 SUSE bug 1251028 SUSE bug 1251031 SUSE bug 1251035 SUSE bug 1251038 SUSE bug 1251043 SUSE bug 1251045 SUSE bug 1251052 SUSE bug 1251053 SUSE bug 1251054 SUSE bug 1251056 SUSE bug 1251057 SUSE bug 1251059 SUSE bug 1251060 SUSE bug 1251065 SUSE bug 1251066 SUSE bug 1251067 SUSE bug 1251068 SUSE bug 1251071 SUSE bug 1251076 SUSE bug 1251079 SUSE bug 1251081 SUSE bug 1251083 SUSE bug 1251084 SUSE bug 1251100 SUSE bug 1251105 SUSE bug 1251106 SUSE bug 1251108 SUSE bug 1251113 SUSE bug 1251114 SUSE bug 1251119 SUSE bug 1251123 SUSE bug 1251126 SUSE bug 1251132 SUSE bug 1251134 SUSE bug 1251143 SUSE bug 1251146 SUSE bug 1251150 SUSE bug 1251152 SUSE bug 1251153 SUSE bug 1251159 SUSE bug 1251161 SUSE bug 1251170 SUSE bug 1251177 SUSE bug 1251180 SUSE bug 1251206 SUSE bug 1251215 SUSE bug 1251216 SUSE bug 1251222 SUSE bug 1251230 SUSE bug 1251232 SUSE bug 1251233 SUSE bug 1251247 SUSE bug 1251268 SUSE bug 1251269 SUSE bug 1251270 SUSE bug 1251282 SUSE bug 1251283 SUSE bug 1251286 SUSE bug 1251290 SUSE bug 1251319 SUSE bug 1251321 SUSE bug 1251323 SUSE bug 1251328 SUSE bug 1251529 SUSE bug 1251721 SUSE bug 1251732 SUSE bug 1251742 SUSE bug 1251743 SUSE bug 1251746 SUSE bug 1251748 SUSE bug 1251749 SUSE bug 1251750 SUSE bug 1251754 SUSE bug 1251755 SUSE bug 1251756 SUSE bug 1251758 SUSE bug 1251759 SUSE bug 1251760 SUSE bug 1251762 SUSE bug 1251763 SUSE bug 1251764 SUSE bug 1251769 SUSE bug 1251771 SUSE bug 1251772 SUSE bug 1251777 SUSE bug 1251780 SUSE bug 1251804 SUSE bug 1251810 SUSE bug 1251930 SUSE bug 1251967 SUSE bug 1252033 SUSE bug 1252035 SUSE bug 1252039 SUSE bug 1252044 SUSE bug 1252047 SUSE bug 1252051 SUSE bug 1252052 SUSE bug 1252056 SUSE bug 1252060 SUSE bug 1252062 SUSE bug 1252064 SUSE bug 1252065 SUSE bug 1252069 SUSE bug 1252070 SUSE bug 1252072 SUSE bug 1252074 SUSE bug 1252075 SUSE bug 1252078 SUSE bug 1252079 SUSE bug 1252082 SUSE bug 1252083 SUSE bug 1252236 SUSE bug 1252265 SUSE bug 1252269 SUSE bug 1252332 SUSE bug 1252336 SUSE bug 1252346 SUSE bug 1252348 SUSE bug 1252349 SUSE bug 1252364 SUSE bug 1252479 SUSE bug 1252481 SUSE bug 1252489 SUSE bug 1252490 SUSE bug 1252492 SUSE bug 1252495 SUSE bug 1252496 SUSE bug 1252499 SUSE bug 1252534 SUSE bug 1252536 SUSE bug 1252537 SUSE bug 1252550 SUSE bug 1252553 SUSE bug 1252559 SUSE bug 1252561 SUSE bug 1252564 SUSE bug 1252565 SUSE bug 1252566 SUSE bug 1252632 SUSE bug 1252668 SUSE bug 1252678 SUSE bug 1252679 SUSE bug 1252685 SUSE bug 1252688 SUSE bug 1252772 SUSE bug 1252774 SUSE bug 1252775 SUSE bug 1252785 SUSE bug 1252787 SUSE bug 1252789 SUSE bug 1252797 SUSE bug 1252822 SUSE bug 1252826 SUSE bug 1252841 SUSE bug 1252848 SUSE bug 1252849 SUSE bug 1252850 SUSE bug 1252851 SUSE bug 1252854 SUSE bug 1252858 SUSE bug 1252865 SUSE bug 1252866 SUSE bug 1252873 SUSE bug 1252902 SUSE bug 1252904 SUSE bug 1252909 SUSE bug 1252918 SUSE bug 1252939 CVE-2023-53538 at SUSE CVE-2023-53538 at NVD CVE-2023-53539 at SUSE CVE-2023-53539 at NVD CVE-2023-53540 at SUSE CVE-2023-53540 at NVD CVE-2023-53541 at SUSE CVE-2023-53541 at NVD CVE-2023-53543 at SUSE CVE-2023-53543 at NVD CVE-2023-53545 at SUSE CVE-2023-53545 at NVD CVE-2023-53546 at SUSE CVE-2023-53546 at NVD CVE-2023-53548 at SUSE CVE-2023-53548 at NVD CVE-2023-53550 at SUSE CVE-2023-53550 at NVD CVE-2023-53552 at SUSE CVE-2023-53552 at NVD CVE-2023-53553 at SUSE CVE-2023-53553 at NVD CVE-2023-53554 at SUSE CVE-2023-53554 at NVD CVE-2023-53555 at SUSE CVE-2023-53555 at NVD CVE-2023-53556 at SUSE CVE-2023-53556 at NVD CVE-2023-53557 at SUSE CVE-2023-53557 at NVD CVE-2023-53558 at SUSE CVE-2023-53558 at NVD CVE-2023-53559 at SUSE CVE-2023-53559 at NVD CVE-2023-53560 at SUSE CVE-2023-53560 at NVD CVE-2023-53563 at SUSE CVE-2023-53563 at NVD CVE-2023-53568 at SUSE CVE-2023-53568 at NVD CVE-2023-53570 at SUSE CVE-2023-53570 at NVD CVE-2023-53572 at SUSE CVE-2023-53572 at NVD CVE-2023-53574 at SUSE CVE-2023-53574 at NVD CVE-2023-53575 at SUSE CVE-2023-53575 at NVD CVE-2023-53577 at SUSE CVE-2023-53577 at NVD CVE-2023-53579 at SUSE CVE-2023-53579 at NVD CVE-2023-53580 at SUSE CVE-2023-53580 at NVD CVE-2023-53581 at SUSE CVE-2023-53581 at NVD CVE-2023-53583 at SUSE CVE-2023-53583 at NVD CVE-2023-53585 at SUSE CVE-2023-53585 at NVD CVE-2023-53588 at SUSE CVE-2023-53588 at NVD CVE-2023-53593 at SUSE CVE-2023-53593 at NVD CVE-2023-53596 at SUSE CVE-2023-53596 at NVD CVE-2023-53597 at SUSE CVE-2023-53597 at NVD CVE-2023-53599 at SUSE CVE-2023-53599 at NVD CVE-2023-53600 at SUSE CVE-2023-53600 at NVD CVE-2023-53601 at SUSE CVE-2023-53601 at NVD CVE-2023-53602 at SUSE CVE-2023-53602 at NVD CVE-2023-53603 at SUSE CVE-2023-53603 at NVD CVE-2023-53611 at SUSE CVE-2023-53611 at NVD CVE-2023-53613 at SUSE CVE-2023-53613 at NVD CVE-2023-53615 at SUSE CVE-2023-53615 at NVD CVE-2023-53616 at SUSE CVE-2023-53616 at NVD CVE-2023-53617 at SUSE CVE-2023-53617 at NVD CVE-2023-53618 at SUSE CVE-2023-53618 at NVD CVE-2023-53619 at SUSE CVE-2023-53619 at NVD CVE-2023-53621 at SUSE CVE-2023-53621 at NVD CVE-2023-53622 at SUSE CVE-2023-53622 at NVD CVE-2023-53631 at SUSE CVE-2023-53631 at NVD CVE-2023-53632 at SUSE CVE-2023-53632 at NVD CVE-2023-53633 at SUSE CVE-2023-53633 at NVD CVE-2023-53638 at SUSE CVE-2023-53638 at NVD CVE-2023-53645 at SUSE CVE-2023-53645 at NVD CVE-2023-53646 at SUSE CVE-2023-53646 at NVD CVE-2023-53647 at SUSE CVE-2023-53647 at NVD CVE-2023-53648 at SUSE CVE-2023-53648 at NVD CVE-2023-53649 at SUSE CVE-2023-53649 at NVD CVE-2023-53650 at SUSE CVE-2023-53650 at NVD CVE-2023-53652 at SUSE CVE-2023-53652 at NVD CVE-2023-53653 at SUSE CVE-2023-53653 at NVD CVE-2023-53654 at SUSE CVE-2023-53654 at NVD CVE-2023-53656 at SUSE CVE-2023-53656 at NVD CVE-2023-53657 at SUSE CVE-2023-53657 at NVD CVE-2023-53658 at SUSE CVE-2023-53658 at NVD CVE-2023-53659 at SUSE CVE-2023-53659 at NVD CVE-2023-53660 at SUSE CVE-2023-53660 at NVD CVE-2023-53662 at SUSE CVE-2023-53662 at NVD CVE-2023-53663 at SUSE CVE-2023-53663 at NVD CVE-2023-53665 at SUSE CVE-2023-53665 at NVD CVE-2023-53666 at SUSE CVE-2023-53666 at NVD CVE-2023-53668 at SUSE CVE-2023-53668 at NVD CVE-2023-53670 at SUSE CVE-2023-53670 at NVD CVE-2023-53672 at SUSE CVE-2023-53672 at NVD CVE-2023-53673 at SUSE CVE-2023-53673 at NVD CVE-2023-53674 at SUSE CVE-2023-53674 at NVD CVE-2023-53681 at SUSE CVE-2023-53681 at NVD CVE-2023-53686 at SUSE CVE-2023-53686 at NVD CVE-2023-53687 at SUSE CVE-2023-53687 at NVD CVE-2023-53693 at SUSE CVE-2023-53693 at NVD CVE-2023-53697 at SUSE CVE-2023-53697 at NVD CVE-2023-53698 at SUSE CVE-2023-53698 at NVD CVE-2023-53699 at SUSE CVE-2023-53699 at NVD CVE-2023-53703 at SUSE CVE-2023-53703 at NVD CVE-2023-53704 at SUSE CVE-2023-53704 at NVD CVE-2023-53707 at SUSE CVE-2023-53707 at NVD CVE-2023-53708 at SUSE CVE-2023-53708 at NVD CVE-2023-53711 at SUSE CVE-2023-53711 at NVD CVE-2023-53713 at SUSE CVE-2023-53713 at NVD CVE-2023-53718 at SUSE CVE-2023-53718 at NVD CVE-2023-53721 at SUSE CVE-2023-53721 at NVD CVE-2023-53722 at SUSE CVE-2023-53722 at NVD CVE-2023-53725 at SUSE CVE-2023-53725 at NVD CVE-2023-53726 at SUSE CVE-2023-53726 at NVD CVE-2023-53727 at SUSE CVE-2023-53727 at NVD CVE-2023-53728 at SUSE CVE-2023-53728 at NVD CVE-2023-53729 at SUSE CVE-2023-53729 at NVD CVE-2023-53730 at SUSE CVE-2023-53730 at NVD CVE-2023-53731 at SUSE CVE-2023-53731 at NVD CVE-2023-53733 at SUSE CVE-2023-53733 at NVD CVE-2025-38008 at SUSE CVE-2025-38008 at NVD CVE-2025-38539 at SUSE CVE-2025-38539 at NVD CVE-2025-38552 at SUSE CVE-2025-38552 at NVD CVE-2025-38653 at SUSE CVE-2025-38653 at NVD CVE-2025-38699 at SUSE CVE-2025-38699 at NVD CVE-2025-38700 at SUSE CVE-2025-38700 at NVD CVE-2025-38718 at SUSE CVE-2025-38718 at NVD CVE-2025-39673 at SUSE CVE-2025-39673 at NVD CVE-2025-39676 at SUSE CVE-2025-39676 at NVD CVE-2025-39683 at SUSE CVE-2025-39683 at NVD CVE-2025-39697 at SUSE CVE-2025-39697 at NVD CVE-2025-39702 at SUSE CVE-2025-39702 at NVD CVE-2025-39756 at SUSE CVE-2025-39756 at NVD CVE-2025-39794 at SUSE CVE-2025-39794 at NVD CVE-2025-39797 at SUSE CVE-2025-39797 at NVD CVE-2025-39812 at SUSE CVE-2025-39812 at NVD CVE-2025-39813 at SUSE CVE-2025-39813 at NVD CVE-2025-39828 at SUSE CVE-2025-39828 at NVD CVE-2025-39841 at SUSE CVE-2025-39841 at NVD CVE-2025-39851 at SUSE CVE-2025-39851 at NVD CVE-2025-39866 at SUSE CVE-2025-39866 at NVD CVE-2025-39876 at SUSE CVE-2025-39876 at NVD CVE-2025-39881 at SUSE CVE-2025-39881 at NVD CVE-2025-39895 at SUSE CVE-2025-39895 at NVD CVE-2025-39902 at SUSE CVE-2025-39902 at NVD CVE-2025-39911 at SUSE CVE-2025-39911 at NVD CVE-2025-39931 at SUSE CVE-2025-39931 at NVD CVE-2025-39934 at SUSE CVE-2025-39934 at NVD CVE-2025-39937 at SUSE CVE-2025-39937 at NVD CVE-2025-39938 at SUSE CVE-2025-39938 at NVD CVE-2025-39945 at SUSE CVE-2025-39945 at NVD CVE-2025-39946 at SUSE CVE-2025-39946 at NVD CVE-2025-39947 at SUSE CVE-2025-39947 at NVD CVE-2025-39948 at SUSE CVE-2025-39948 at NVD CVE-2025-39949 at SUSE CVE-2025-39949 at NVD CVE-2025-39952 at SUSE CVE-2025-39952 at NVD CVE-2025-39955 at SUSE CVE-2025-39955 at NVD CVE-2025-39957 at SUSE CVE-2025-39957 at NVD CVE-2025-39965 at SUSE CVE-2025-39965 at NVD CVE-2025-39967 at SUSE CVE-2025-39967 at NVD CVE-2025-39968 at SUSE CVE-2025-39968 at NVD CVE-2025-39969 at SUSE CVE-2025-39969 at NVD CVE-2025-39970 at SUSE CVE-2025-39970 at NVD CVE-2025-39971 at SUSE CVE-2025-39971 at NVD CVE-2025-39972 at SUSE CVE-2025-39972 at NVD CVE-2025-39973 at SUSE CVE-2025-39973 at NVD CVE-2025-39978 at SUSE CVE-2025-39978 at NVD CVE-2025-39981 at SUSE CVE-2025-39981 at NVD CVE-2025-39982 at SUSE CVE-2025-39982 at NVD CVE-2025-39985 at SUSE CVE-2025-39985 at NVD CVE-2025-39986 at SUSE CVE-2025-39986 at NVD CVE-2025-39987 at SUSE CVE-2025-39987 at NVD CVE-2025-39988 at SUSE CVE-2025-39988 at NVD CVE-2025-39991 at SUSE CVE-2025-39991 at NVD CVE-2025-39993 at SUSE CVE-2025-39993 at NVD CVE-2025-39994 at SUSE CVE-2025-39994 at NVD CVE-2025-39995 at SUSE CVE-2025-39995 at NVD CVE-2025-39996 at SUSE CVE-2025-39996 at NVD CVE-2025-39997 at SUSE CVE-2025-39997 at NVD CVE-2025-40000 at SUSE CVE-2025-40000 at NVD CVE-2025-40005 at SUSE CVE-2025-40005 at NVD CVE-2025-40010 at SUSE CVE-2025-40010 at NVD CVE-2025-40011 at SUSE CVE-2025-40011 at NVD CVE-2025-40013 at SUSE CVE-2025-40013 at NVD CVE-2025-40016 at SUSE CVE-2025-40016 at NVD CVE-2025-40018 at SUSE CVE-2025-40018 at NVD CVE-2025-40019 at SUSE CVE-2025-40019 at NVD CVE-2025-40020 at SUSE CVE-2025-40020 at NVD CVE-2025-40029 at SUSE CVE-2025-40029 at NVD CVE-2025-40032 at SUSE CVE-2025-40032 at NVD CVE-2025-40035 at SUSE CVE-2025-40035 at NVD CVE-2025-40036 at SUSE CVE-2025-40036 at NVD CVE-2025-40043 at SUSE CVE-2025-40043 at NVD CVE-2025-40044 at SUSE CVE-2025-40044 at NVD CVE-2025-40049 at SUSE CVE-2025-40049 at NVD CVE-2025-40051 at SUSE CVE-2025-40051 at NVD CVE-2025-40052 at SUSE CVE-2025-40052 at NVD CVE-2025-40056 at SUSE CVE-2025-40056 at NVD CVE-2025-40058 at SUSE CVE-2025-40058 at NVD CVE-2025-40060 at SUSE CVE-2025-40060 at NVD CVE-2025-40061 at SUSE CVE-2025-40061 at NVD CVE-2025-40062 at SUSE CVE-2025-40062 at NVD CVE-2025-40071 at SUSE CVE-2025-40071 at NVD CVE-2025-40078 at SUSE CVE-2025-40078 at NVD CVE-2025-40080 at SUSE CVE-2025-40080 at NVD CVE-2025-40082 at SUSE CVE-2025-40082 at NVD CVE-2025-40085 at SUSE CVE-2025-40085 at NVD CVE-2025-40087 at SUSE CVE-2025-40087 at NVD CVE-2025-40088 at SUSE CVE-2025-40088 at NVD CVE-2025-40096 at SUSE CVE-2025-40096 at NVD CVE-2025-40100 at SUSE CVE-2025-40100 at NVD cpe:/o:opensuse:leap:15.6 Security update for ghostscript (Moderate) openSUSE Leap 15.6 This update for ghostscript fixes the following issues: - CVE-2025-59798: Fixed stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c. (bsc#1250353) - CVE-2025-59799: Fixed stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value. (bsc#1250354) Moderate SUSE bug 1250353 SUSE bug 1250354 CVE-2025-59798 at SUSE CVE-2025-59798 at NVD CVE-2025-59799 at SUSE CVE-2025-59799 at NVD cpe:/o:opensuse:leap:15.6 Security update for cups-filters (Moderate) openSUSE Leap 15.6 This update for cups-filters fixes the following issues: - CVE-2025-64503: Fixed out-of-bounds write in pdftoraster tool (bsc#1253374) - CVE-2025-57812: Fixed multiple TIFF-related issues in libcupsfilters (bsc#1253373) - CVE-2025-64524: Fixed out-of-bounds write de to use of unvalidated length parameter in the rastertopclx filter (bsc#1253364) Moderate SUSE bug 1253364 SUSE bug 1253373 SUSE bug 1253374 CVE-2025-57812 at SUSE CVE-2025-57812 at NVD CVE-2025-64503 at SUSE CVE-2025-64503 at NVD CVE-2025-64524 at SUSE CVE-2025-64524 at NVD cpe:/o:opensuse:leap:15.6 Security update for tomcat (Important) openSUSE Leap 15.6 This update for tomcat fixes the following issues: Update to Tomcat 9.0.111: - CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753) - CVE-2025-55754: Fixed improper neutralization of escape, meta, or control sequences vulnerability (bsc#1252905) - CVE-2025-61795: Fixed denial of service due to temporary copies during the processing of multipart upload (bsc#1252756) Important SUSE bug 1252753 SUSE bug 1252756 SUSE bug 1252905 CVE-2025-55752 at SUSE CVE-2025-55752 at NVD CVE-2025-55754 at SUSE CVE-2025-55754 at NVD CVE-2025-61795 at SUSE CVE-2025-61795 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaFirefox (Important) openSUSE Leap 15.6 This update for MozillaFirefox fixes the following issues: - Update to Firefox Extended Support Release 140.5.0 ESR (bsc#1253188) - CVE-2025-13012: Race condition in the Graphics component. - CVE-2025-13016: Incorrect boundary conditions in the JavaScript: WebAssembly component. - CVE-2025-13017: Same-origin policy bypass in the DOM: Notifications component. - CVE-2025-13018: Mitigation bypass in the DOM: Security component. - CVE-2025-13019: Same-origin policy bypass in the DOM: Workers component. - CVE-2025-13013: Mitigation bypass in the DOM: Core & HTML component. - CVE-2025-13020: Use-after-free in the WebRTC: Audio/Video component. - CVE-2025-13014: Use-after-free in the Audio/Video component. - CVE-2025-13015: Spoofing issue in Firefox. Important SUSE bug 1253188 CVE-2025-11708 at SUSE CVE-2025-11708 at NVD CVE-2025-11709 at SUSE CVE-2025-11709 at NVD CVE-2025-11710 at SUSE CVE-2025-11710 at NVD CVE-2025-11711 at SUSE CVE-2025-11711 at NVD CVE-2025-11712 at SUSE CVE-2025-11712 at NVD CVE-2025-11713 at SUSE CVE-2025-11713 at NVD CVE-2025-11714 at SUSE CVE-2025-11714 at NVD CVE-2025-11715 at SUSE CVE-2025-11715 at NVD CVE-2025-13012 at SUSE CVE-2025-13012 at NVD CVE-2025-13013 at SUSE CVE-2025-13013 at NVD CVE-2025-13014 at SUSE CVE-2025-13014 at NVD CVE-2025-13015 at SUSE CVE-2025-13015 at NVD CVE-2025-13016 at SUSE CVE-2025-13016 at NVD CVE-2025-13017 at SUSE CVE-2025-13017 at NVD CVE-2025-13018 at SUSE CVE-2025-13018 at NVD CVE-2025-13019 at SUSE CVE-2025-13019 at NVD CVE-2025-13020 at SUSE CVE-2025-13020 at NVD cpe:/o:opensuse:leap:15.6 Security update for podman (Important) openSUSE Leap 15.6 This update for podman fixes the following issues: - CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253542) Important SUSE bug 1253542 CVE-2025-47913 at SUSE CVE-2025-47913 at NVD cpe:/o:opensuse:leap:15.6 Security update for nvidia-container-toolkit (Critical) openSUSE Leap 15.6 This update for nvidia-container-toolkit fixes the following issues: - Update to version 1.18.0: - This is a major release and includes the following high-level changes: - The default mode of the NVIDIA Container Runtime has been updated to make use of a just-in-time-generated CDI specification instead of defaulting to the legacy mode. - Added a systemd unit to generate CDI specifications for available devices automatically. This allows native CDI support in container engines such as Docker and Podman to be used without additional steps. - Security issues fixed: - CVE-2024-0133: Fixed data tampering in host file system via specially crafted container image (bsc#1231032) - CVE-2024-0132: Fixed time-of-check time-of-use (TOCTOU) race condition in default configuration via specifically crafted container image (bsc#1231033) - CVE-2024-0134: Fixed specially-crafted container image can lead to the creation of unauthorized files on the host (bsc#1232855) - CVE-2024-0135: Fixed Improper Isolation or Compartmentalization in NVIDIA Container Toolkit (bsc#1236496) - CVE-2024-0136: Fixed Improper Isolation or Compartmentalization in NVIDIA Container Toolkit (bsc#1236497) - CVE-2024-0137: Fixed Improper Isolation or Compartmentalization in NVIDIA Container Toolkit (bsc#1236498) - CVE-2025-23359: Fixed TOCTOU Vulnerability in NVIDIA Container Toolkit (bsc#1237085) - CVE-2025-23267: Fixed link following can lead to container escape (bsc#1246614) - CVE-2025-23266: Fixed hook initialization might lead to escalation of privileges (bsc#1246860) Critical SUSE bug 1231032 SUSE bug 1231033 SUSE bug 1232855 SUSE bug 1236496 SUSE bug 1236497 SUSE bug 1236498 SUSE bug 1237085 SUSE bug 1246614 SUSE bug 1246860 CVE-2024-0132 at SUSE CVE-2024-0132 at NVD CVE-2024-0133 at SUSE CVE-2024-0133 at NVD CVE-2024-0134 at SUSE CVE-2024-0134 at NVD CVE-2024-0135 at SUSE CVE-2024-0135 at NVD CVE-2024-0136 at SUSE CVE-2024-0136 at NVD CVE-2024-0137 at SUSE CVE-2024-0137 at NVD CVE-2025-23266 at SUSE CVE-2025-23266 at NVD CVE-2025-23267 at SUSE CVE-2025-23267 at NVD CVE-2025-23359 at SUSE CVE-2025-23359 at NVD cpe:/o:opensuse:leap:15.6 Security update for helm (Important) openSUSE Leap 15.6 This update for helm fixes the following issues: - Update to version 3.19.1 - CVE-2025-53547: Fixed local code execution in Helm Chart. (bsc#1246152) - CVE-2025-58190: Fixed excessive memory consumption by `html.ParseFragment` when processing specially crafted input. (bsc#1251649) - CVE-2025-47911: Fixed various algorithms with quadratic complexity when parsing HTML documents. (bsc#1251442) Important SUSE bug 1246152 SUSE bug 1251442 SUSE bug 1251649 CVE-2025-47911 at SUSE CVE-2025-47911 at NVD CVE-2025-53547 at SUSE CVE-2025-53547 at NVD CVE-2025-58190 at SUSE CVE-2025-58190 at NVD cpe:/o:opensuse:leap:15.6 Security update for amazon-ssm-agent (Important) openSUSE Leap 15.6 This update for amazon-ssm-agent fixes the following issues: - CVE-2025-47913: Fixed a bug in the client process termination when receiving an unexpected message type in response to a key listing or signing request. (bsc#1253598) Important SUSE bug 1253611 CVE-2025-47913 at SUSE CVE-2025-47913 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaThunderbird (Important) openSUSE Leap 15.6 This update for MozillaThunderbird fixes the following issues: - Update Mozilla Thunderbird to version 140.5 (bsc#1253188) - CVE-2025-13012: Race condition in the Graphics component. - CVE-2025-13016: Incorrect boundary conditions in the JavaScript: WebAssembly component. - CVE-2025-13017: Same-origin policy bypass in the DOM: Notifications component. - CVE-2025-13018: Mitigation bypass in the DOM: Security component. - CVE-2025-13019: Same-origin policy bypass in the DOM: Workers component. - CVE-2025-13013: Mitigation bypass in the DOM: Core & HTML component. - CVE-2025-13020: Use-after-free in the WebRTC: Audio/Video component. - CVE-2025-13014: Use-after-free in the Audio/Video component. - CVE-2025-13015: Spoofing issue in Thunderbird. Important SUSE bug 1253188 CVE-2025-13012 at SUSE CVE-2025-13012 at NVD CVE-2025-13013 at SUSE CVE-2025-13013 at NVD CVE-2025-13014 at SUSE CVE-2025-13014 at NVD CVE-2025-13015 at SUSE CVE-2025-13015 at NVD CVE-2025-13016 at SUSE CVE-2025-13016 at NVD CVE-2025-13017 at SUSE CVE-2025-13017 at NVD CVE-2025-13018 at SUSE CVE-2025-13018 at NVD CVE-2025-13019 at SUSE CVE-2025-13019 at NVD CVE-2025-13020 at SUSE CVE-2025-13020 at NVD cpe:/o:opensuse:leap:15.6 Security update for grub2 (Moderate) openSUSE Leap 15.6 This update for grub2 fixes the following issues: - CVE-2025-54770: Fixed missing unregister call for net_set_vlan command may lead to use-after-free (bsc#1252930) - CVE-2025-54771: Fixed rub_file_close() does not properly controls the fs refcount (bsc#1252931) - CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function (bsc#1252932) - CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933) - CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934) - CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935) Other fixes: - Bump upstream SBAT generation to 6 - Fix timeout when loading initrd via http after PPC CAS reboot (bsc#1245953) - Fix PPC CAS reboot failure work when initiated via submenu (bsc#1241132) - Fix out of memory issue on PowerPC by increasing RMA size (bsc#1236744, bsc#1252269) Moderate SUSE bug 1236744 SUSE bug 1241132 SUSE bug 1245953 SUSE bug 1252269 SUSE bug 1252930 SUSE bug 1252931 SUSE bug 1252932 SUSE bug 1252933 SUSE bug 1252934 SUSE bug 1252935 CVE-2025-54770 at SUSE CVE-2025-54770 at NVD CVE-2025-54771 at SUSE CVE-2025-54771 at NVD CVE-2025-61661 at SUSE CVE-2025-61661 at NVD CVE-2025-61662 at SUSE CVE-2025-61662 at NVD CVE-2025-61663 at SUSE CVE-2025-61663 at NVD CVE-2025-61664 at SUSE CVE-2025-61664 at NVD cpe:/o:opensuse:leap:15.6 Security update for skopeo (Moderate) openSUSE Leap 15.6 This update for skopeo fixes the following issues: - CVE-2024-6104: possible sensitive data exposure due to hashicorp/go-retryablehttp not sanitizing URLs when writing them to log files. (bsc#1227056) - CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of CONTINUATION frames read for an HTTP/2 request in golang.org/x/net/http2. (bsc#1236483) Moderate SUSE bug 1227056 SUSE bug 1236483 CVE-2023-45288 at SUSE CVE-2023-45288 at NVD CVE-2024-6104 at SUSE CVE-2024-6104 at NVD cpe:/o:opensuse:leap:15.6 Security update for ovmf (Important) openSUSE Leap 15.6 This update for ovmf fixes the following issues: - CVE-2023-45229: out-of-bounds read in edk2 when processing IA_NA/IA_TA options in DHCPv6 Advertise messages. (bsc#1218879) - CVE-2023-45230: buffer overflow in the DHCPv6 client in edk2 via a long Server ID option. (bsc#1218880) - CVE-2023-45231: out-of-bounds read in edk2 when handling a ND Redirect message with truncated options. (bsc#1218881) - CVE-2023-45232: infinite loop in edk2 when parsing unknown options in the Destination Options header. (bsc#1218882) - CVE-2023-45233: infinite loop in edk2 when parsing PadN options in the Destination Options header. (bsc#1218883) - CVE-2023-45234: buffer overflow in edk2 when processing DNS Servers options in a DHCPv6 Advertise message. (bsc#1218884) - CVE-2023-45235: buffer overflow in edk2 when handling the Server ID option in a DHCPv6 proxy Advertise message. (bsc#1218885) - CVE-2023-45236: predictable TCP Initial Sequence Numbers in edk2 network packages. (bsc#1218886) - CVE-2023-45237: use of a weak pseudorandom number generator in edk2. (bsc#1218887) Important SUSE bug 1218879 SUSE bug 1218880 SUSE bug 1218881 SUSE bug 1218882 SUSE bug 1218883 SUSE bug 1218884 SUSE bug 1218885 SUSE bug 1218886 SUSE bug 1218887 CVE-2023-45229 at SUSE CVE-2023-45229 at NVD CVE-2023-45230 at SUSE CVE-2023-45230 at NVD CVE-2023-45231 at SUSE CVE-2023-45231 at NVD CVE-2023-45232 at SUSE CVE-2023-45232 at NVD CVE-2023-45233 at SUSE CVE-2023-45233 at NVD CVE-2023-45234 at SUSE CVE-2023-45234 at NVD CVE-2023-45235 at SUSE CVE-2023-45235 at NVD CVE-2023-45236 at SUSE CVE-2023-45236 at NVD CVE-2023-45237 at SUSE CVE-2023-45237 at NVD cpe:/o:opensuse:leap:15.6 Security update for python39 (Low) openSUSE Leap 15.6 This update for python39 fixes the following issues: Updated to 3.9.24: - CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars() (bsc#1252974) - CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory (EOCD) not checked by the 'zipfile' module (bsc#1251305) Low SUSE bug 1251305 SUSE bug 1252974 CVE-2025-6075 at SUSE CVE-2025-6075 at NVD CVE-2025-8291 at SUSE CVE-2025-8291 at NVD cpe:/o:opensuse:leap:15.6 Security update for curl (Moderate) openSUSE Leap 15.6 This update for curl fixes the following issues: - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) Moderate SUSE bug 1253757 CVE-2025-11563 at SUSE CVE-2025-11563 at NVD cpe:/o:opensuse:leap:15.6 Security update for python3-numpy (Moderate) openSUSE Leap 15.6 This update for python3-numpy fixes the following issues: - CVE-2021-41495: missing return value validation can lead to null pointer dereference. (bsc#1193911) Other bug fixes: - Correction of advance in PCG with emulated int128. Moderate SUSE bug 1193911 SUSE bug 1236787 CVE-2021-41495 at SUSE CVE-2021-41495 at NVD cpe:/o:opensuse:leap:15.6 Security update for buildah (Important) openSUSE Leap 15.6 This update for buildah fixes the following issues: - CVE-2025-47913: Fixed a bug in the client process termination when receiving an unexpected message type in response to a key listing or signing request. (bsc#1253598) Important SUSE bug 1253598 CVE-2025-47913 at SUSE CVE-2025-47913 at NVD cpe:/o:opensuse:leap:15.6 Security update for sssd (Important) openSUSE Leap 15.6 This update for sssd fixes the following issues: - CVE-2025-11561: Fixed privilege escalation on AD-joined Linux systems due to default Kerberos configuration disabling localauth an2ln plugin (bsc#1251827) Important SUSE bug 1251827 CVE-2025-11561 at SUSE CVE-2025-11561 at NVD cpe:/o:opensuse:leap:15.6 Security update for wget (Moderate) openSUSE Leap 15.6 This update for wget fixes the following issues: - CVE-2021-31879: Authorization header disclosed upon redirects to different origins. (bsc#1185551) Moderate SUSE bug 1185551 SUSE bug 1230795 CVE-2021-31879 at SUSE CVE-2021-31879 at NVD cpe:/o:opensuse:leap:15.6 Security update for dpdk (Moderate) openSUSE Leap 15.6 This update for dpdk fixes the following issues: - Update to version 22.11.10 - CVE-2025-23259: Fixed an out-of-order completions in ordinary Rx burst. (bsc#1254161) Moderate SUSE bug 1254161 CVE-2025-23259 at SUSE CVE-2025-23259 at NVD cpe:/o:opensuse:leap:15.6 Security update for python312 (Low) openSUSE Leap 15.6 This update for python312 fixes the following issues: Update to 3.12.12: - CVE-2025-6075: Fixed quadratic complexity vulnerabilities of os.path.expandvars() (bsc#1252974) - CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory (EOCD) not checked by the 'zipfile' module (bsc#1251305) Other fixes: - Fix readline history truncation when length is reduced Low SUSE bug 1251305 SUSE bug 1252974 CVE-2025-6075 at SUSE CVE-2025-6075 at NVD CVE-2025-8291 at SUSE CVE-2025-8291 at NVD cpe:/o:opensuse:leap:15.6 Security update for rubygem-rack (Important) openSUSE Leap 15.6 This update for rubygem-rack fixes the following issues: - Update to version 2.2.20 (bsc#1251936) - CVE-2025-61919: Fixed application/x-www-form-urlencoded`, calling `rack.input.read(nil)` without enforcing a length or cap (bsc#1251936) - CVE-2025-61780: Fixed improper handling of headers in `Rack::Sendfile` allows for bypass of proxy-level access restrictions (bsc#1253951) Important SUSE bug 1251936 SUSE bug 1253951 CVE-2025-61780 at SUSE CVE-2025-61780 at NVD CVE-2025-61919 at SUSE CVE-2025-61919 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52489: mm/sparsemem: fix race in accessing memory_section->usage (bsc#1221326). - CVE-2024-45828: i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request (bsc#1235705). - CVE-2024-48881: bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again (bsc#1235727). - CVE-2024-49948: net: add more sanity checks to qdisc_pkt_len_init() (bsc#1232161). - CVE-2024-49951: Bluetooth: MGMT: Fix possible crash on mgmt_index_removed (bsc#1232158). - CVE-2024-49978: gso: fix udp gso fraglist segmentation after pull from frag_list (bsc#1232101). - CVE-2024-49998: net: dsa: improve shutdown sequence (bsc#1232087). - CVE-2024-50151: smb: client: fix OOBs when building SMB2_IOCTL request (bsc#1233055). - CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112). - CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248). - CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221). - CVE-2024-50299: sctp: properly validate chunk size in sctp_sf_ootb() (bsc#1233488). - CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522). - CVE-2024-53091: bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx (bsc#1233638). - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863). - CVE-2024-53170: block: fix uaf for flush rq while iterating tags (bsc#1234888). - CVE-2024-53172: ubi: fastmap: Fix duplicate slab cache names while attaching (bsc#1234898). - CVE-2024-53175: ipc: fix memleak if msg_init_ns failed in create_ipc_ns (bsc#1234893). - CVE-2024-53185: smb: client: fix NULL ptr deref in crypto_aead_setkey() (bsc#1234901). - CVE-2024-53187: io_uring: check for overflows in io_pin_pages (bsc#1234947). - CVE-2024-53195: KVM: arm64: Get rid of userspace_irqchip_in_use (bsc#1234957). - CVE-2024-53196: KVM: arm64: Do not retire aborted MMIO instruction (bsc#1234906). - CVE-2024-53198: xen: Fix the issue of resource not being properly released in xenbus_dev_probe() (bsc#1234923). - CVE-2024-53203: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() (bsc#1235001). - CVE-2024-53227: scsi: bfa: Fix use-after-free in bfad_im_module_exit() (bsc#1235011). - CVE-2024-53232: iommu/s390: Implement blocking domain (bsc#1235050). - CVE-2024-53236: xsk: Free skb when TX metadata options are invalid (bsc#1235000). - CVE-2024-53685: ceph: give up on paths longer than PATH_MAX (bsc#1235720). - CVE-2024-55639: net: renesas: rswitch: avoid use-after-put for a device tree node (bsc#1235737). - CVE-2024-55881: KVM: x86: Play nice with protected guests in complete_hypercall_exit() (bsc#1235745). - CVE-2024-56372: net: tun: fix tun_napi_alloc_frags() (bsc#1235753). - CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032). - CVE-2024-56569: ftrace: Fix regression with module command in stack_trace_filter (bsc#1235031). - CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035). - CVE-2024-56588: scsi: hisi_sas: Create all dump files during debugfs initialization (bsc#1235123). - CVE-2024-56589: scsi: hisi_sas: Add cond_resched() for no forced preemption model (bsc#1235241). - CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217). - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230). - CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521). - CVE-2024-56603: net: af_can: do not leave a dangling sk pointer in can_create() (bsc#1235415). - CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061). - CVE-2024-56608: drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' (bsc#1235487). - CVE-2024-56610: kcsan: Turn report_filterlist_lock into a raw_spinlock (bsc#1235390). - CVE-2024-56611: mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM (bsc#1235391). - CVE-2024-56614: xsk: fix OOB map writes when deleting elements (bsc#1235424). - CVE-2024-56615: bpf: fix OOB devmap writes when deleting elements (bsc#1235426). - CVE-2024-56617: cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU (bsc#1235429). - CVE-2024-56620: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled (bsc#1235227). - CVE-2024-56622: scsi: ufs: core: sysfs: Prevent div by zero (bsc#1235251). - CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480). - CVE-2024-56635: net: avoid potential UAF in default_operstate() (bsc#1235519). - CVE-2024-56636: geneve: do not assume mac header is set in geneve_xmit_skb() (bsc#1235520). - CVE-2024-56637: netfilter: ipset: Hold module reference while requesting a module (bsc#1235523). - CVE-2024-56641: net/smc: initialize close_work early to avoid warning (bsc#1235526). - CVE-2024-56643: dccp: Fix memory leak in dccp_feat_change_recv (bsc#1235132). - CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451). - CVE-2024-56649: net: enetc: Do not configure preemptible TCs if SIs do not support (bsc#1235449). - CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430). - CVE-2024-56656: bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips (bsc#1235444). - CVE-2024-56659: net: lapb: increase LAPB_HEADER_LEN (bsc#1235439). - CVE-2024-56660: net/mlx5: DR, prevent potential error pointer dereference (bsc#1235437). - CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249). - CVE-2024-56665: bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog (bsc#1235489). - CVE-2024-56675: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors (bsc#1235555). - CVE-2024-56679: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c (bsc#1235498). - CVE-2024-56693: brd: defer automatic disk creation until module initialization succeeds (bsc#1235418). - CVE-2024-56694: bpf: fix recursive lock when verdict program return SK_PASS (bsc#1235412). - CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584). - CVE-2024-56707: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c (bsc#1235545). - CVE-2024-56708: EDAC/igen6: Avoid segmentation fault on module unload (bsc#1235564). - CVE-2024-56712: udmabuf: fix memory leak on last export_udmabuf() error path (bsc#1235565). - CVE-2024-56715: ionic: Fix netdev notifier unregister on failure (bsc#1235612). - CVE-2024-56716: netdevsim: prevent bad user input in nsim_dev_health_break_write() (bsc#1235587). - CVE-2024-56725: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c (bsc#1235578). - CVE-2024-56726: octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c (bsc#1235582). - CVE-2024-56727: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c (bsc#1235583). - CVE-2024-56728: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c (bsc#1235656). - CVE-2024-56729: smb: Initialize cfid->tcon before performing network ops (bsc#1235503). - CVE-2024-56747: scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (bsc#1234934). - CVE-2024-56748: scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() (bsc#1235627). - CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645). - CVE-2024-56763: tracing: Prevent bad count for tracing_cpumask_write (bsc#1235638). - CVE-2024-56774: btrfs: add a sanity check for btrfs root in btrfs_search_slot() (bsc#1235653). - CVE-2024-56775: drm/amd/display: Fix handling of plane refcount (bsc#1235657). - CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759). - CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors (bsc#1235768). - CVE-2024-57795: RDMA/rxe: Remove the direct link to net_device (bsc#1235906). - CVE-2024-57801: net/mlx5e: Skip restore TC rules for vport rep without loaded flag (bsc#1235940). - CVE-2024-57802: netrom: check buffer length before accessing it (bsc#1235941). - CVE-2024-57804: scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs (bsc#1235779). - CVE-2024-57809: PCI: imx6: Fix suspend/resume support on i.MX6QDL (bsc#1235793). - CVE-2024-57838: s390/entry: Mark IRQ entries to fix stack depot warnings (bsc#1235798). - CVE-2024-57857: RDMA/siw: Remove direct link to net_device (bsc#1235946). - CVE-2024-57884: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (bsc#1235948). - CVE-2024-57892: ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (bsc#1235964). - CVE-2024-57896: btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount (bsc#1235965). - CVE-2024-57903: net: restrict SO_REUSEPORT to inet sockets (bsc#1235967). - CVE-2024-57917: topology: Keep the cpumask unchanged when printing cpumap (bsc#1236127). - CVE-2024-57929: dm array: fix releasing a faulty array block twice in dm_array_cursor_end (bsc#1236096). - CVE-2024-57931: selinux: ignore unknown extended permissions (bsc#1236192). - CVE-2024-57932: gve: guard XDP xmit NDO on existence of xdp queues (bsc#1236190). - CVE-2024-57933: gve: guard XSK operations on the existence of queues (bsc#1236178). - CVE-2024-57938: net/sctp: Prevent autoclose integer overflow in sctp_association_init() (bsc#1236182). - CVE-2024-57946: virtio-blk: do not keep queue frozen during system suspend (bsc#1236247). - CVE-2025-21632: x86/fpu: Ensure shadow stack is active before 'getting' registers (bsc#1236106). - CVE-2025-21649: net: hns3: fix kernel crash when 1588 is sent on HIP08 devices (bsc#1236143). - CVE-2025-21650: net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue (bsc#1236144). - CVE-2025-21651: net: hns3: do not auto enable misc vector (bsc#1236145). - CVE-2025-21652: ipvlan: Fix use-after-free in ipvlan_get_iflink() (bsc#1236160). - CVE-2025-21653: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (bsc#1236161). - CVE-2025-21655: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period (bsc#1236163). - CVE-2025-21662: net/mlx5: Fix variable not being completed when function returns (bsc#1236198). - CVE-2025-21663: net: stmmac: dwmac-tegra: Read iommu stream id from device tree (bsc#1236260). - CVE-2025-21664: dm thin: make get_first_thin use rcu-safe list first function (bsc#1236262). - CVE-2025-21674: net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel (bsc#1236688). - CVE-2025-21676: net: fec: handle page_pool_dev_alloc_pages error (bsc#1236696). - CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698). - CVE-2025-21682: eth: bnxt: always recalculate features after XDP clearing, fix null-deref (bsc#1236703). The following non-security bugs were fixed: - ACPI/IORT: Add PMCG platform information for HiSilicon HIP09A (stable-fixes). - ACPI/IORT: Add PMCG platform information for HiSilicon HIP10/11 (stable-fixes). - ACPI: PCC: Add PCC shared memory region command and status bitfields (stable-fixes). - ACPI: fan: cleanup resources in the error path of .probe() (git-fixes). - ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] (stable-fixes). - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] (stable-fixes). - ACPI: resource: acpi_dev_irq_override(): Check DMI match last (stable-fixes). - ALSA: hda/realtek - Add support for ASUS Zen AIO 27 Z272SD_A272SD audio (stable-fixes). - ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop (git-fixes). - ALSA: hda/realtek: Add new alc2xx-fixup-headset-mic model (stable-fixes). - ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for Galaxy Book2 Pro (NP950XEE) (stable-fixes). - ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx (stable-fixes). - ALSA: hda/realtek: Enable headset mic on Positivo C6400 (stable-fixes). - ALSA: hda/realtek: Workaround for resume on Dell Venue 11 Pro 7130 (bsc#1235686). - ALSA: hda: Fix headset detection failure due to unstable sort (git-fixes). - ALSA: ump: Use guard() for locking (stable-fixes). - ALSA: usb-audio: Add delay quirk for USB Audio Device (stable-fixes). - ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro (stable-fixes). - ASoC: Intel: avs: Fix theoretical infinite loop (git-fixes). - ASoC: acp: Support microphone from Lenovo Go S (stable-fixes). - ASoC: mediatek: disable buffer pre-allocation (stable-fixes). - ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback (git-fixes). - ASoC: rt722: add delay time to wait for the calibration procedure (stable-fixes). - ASoC: samsung: Add missing depends on I2C (git-fixes). - ASoC: samsung: Add missing selects for MFD_WM8994 (stable-fixes). - ASoC: sun4i-spdif: Add clock multiplier settings (git-fixes). - ASoC: wm8994: Add depends on MFD core (stable-fixes). - Bluetooth: Add support ITTIM PE50-M75C (stable-fixes). - Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection (git-fixes). - Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc (git-fixes). - Bluetooth: MGMT: Fix Add Device to responding before completing (git-fixes). - Bluetooth: btnxpuart: Fix driver sending truncated data (git-fixes). - Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming (git-fixes). - Bluetooth: btusb: Add USB HW IDs for MT7921/MT7922/MT7925 (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0489/e111 for MT7925 (stable-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3602 for MT7925 (stable-fixes). - Bluetooth: btusb: add callback function in btusb suspend/resume (stable-fixes). - Bluetooth: btusb: mediatek: add callback function in btusb_disconnect (stable-fixes). - Bluetooth: hci_sync: Fix not setting Random Address when required (git-fixes). - EDAC/{i10nm,skx,skx_common}: Support UV systems (bsc#1234693). - HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (git-fixes). - HID: fix generic desktop D-Pad controls (git-fixes). - HID: hid-sensor-hub: do not use stale platform-data on remove (git-fixes). - HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check (git-fixes). - HID: multitouch: fix support for Goodix PID 0x01e9 (git-fixes). - Input: atkbd - map F23 key to support default copilot shortcut (stable-fixes). - Input: bbnsm_pwrkey - add remove hook (git-fixes). - Input: bbnsm_pwrkey - fix missed key press after suspend (git-fixes). - Input: davinci-keyscan - remove leftover header (git-fixes). - Input: xpad - add QH Electronics VID/PID (stable-fixes). - Input: xpad - add support for Nacon Evol-X Xbox One Controller (stable-fixes). - Input: xpad - add support for Nacon Pro Compact (stable-fixes). - Input: xpad - add support for wooting two he (arm) (stable-fixes). - Input: xpad - add unofficial Xbox 360 wireless receiver clone (stable-fixes). - Input: xpad - improve name of 8BitDo controller 2dc8:3106 (stable-fixes). - KVM: SVM: Allow guest writes to set MSR_AMD64_DE_CFG bits (bsc#1234635). - KVM: s390: Reject KVM_SET_GSI_ROUTING on ucontrol VMs (git-fixes bsc#1235776). - KVM: s390: Reject setting flic pfault attributes on ucontrol VMs (git-fixes bsc#1235777). - KVM: s390: vsie: fix virtual/physical address in unpin_scb() (git-fixes bsc#1235778). - NFC: nci: Add bounds checking in nci_hci_create_pipe() (git-fixes). - NFSv4.2: fix COPY_NOTIFY xdr buf size calculation (git-fixes). - NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE (git-fixes). - PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 (git-fixes). - PCI: dwc: Always stop link in the dw_pcie_suspend_noirq (git-fixes). - PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() (git-fixes). - PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() (git-fixes). - PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() (git-fixes). - PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() (git-fixes). - PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test (git-fixes). - PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error (git-fixes). - PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset() (git-fixes). - PCI: imx6: Skip controller_id generation logic for i.MX7D (git-fixes). - PCI: microchip: Set inbound address translation for coherent or non-coherent mode (git-fixes). - PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() (git-fixes). - PM: hibernate: Add error handling for syscore_suspend() (git-fixes). - RDMA/bnxt_re: Add send queue size check for variable wqe (git-fixes) - RDMA/bnxt_re: Fix MSN table size for variable wqe mode (git-fixes) - RDMA/bnxt_re: Fix max SGEs for the Work Request (git-fixes) - RDMA/bnxt_re: Fix the max WQE size for static WQE support (git-fixes) - RDMA/bnxt_re: Fix the max WQEs used in Static WQE mode (git-fixes) - RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error (git-fixes) - RDMA/bnxt_re: Fix to export port num to ib_query_qp (git-fixes) - RDMA/mlx4: Avoid false error about access to uninitialized gids array (git-fixes) - RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (git-fixes) - RDMA/mlx5: Fix implicit ODP use after free (git-fixes) - RDMA/mlx5: Fix indirect mkey ODP page count (git-fixes) - RDMA/rxe: Fix mismatched max_msg_sz (git-fixes) - RDMA/rxe: Fix the warning '__rxe_cleanup+0x12c/0x170 [rdma_rxe]' (git-fixes) - RDMA/srp: Fix error handling in srp_add_port (git-fixes) - Disable 'ocfs2: fix UBSAN warning in ocfs2_verify_volume()' (bsc#1236138). - Remove 'idpf: fix memory leaks and crashes while performing a soft reset' fix (bsc#1236628). - Remove 'media: uvcvideo: Require entities to have a non-zero unique ID' fix (bsc#1235894). - Revert 'HID: multitouch: Add support for lenovo Y9000P Touchpad' (stable-fixes). - Revert 'drm/i915/dpt: Make DPT object unshrinkable' (stable-fixes). - Revert 'mtd: spi-nor: core: replace dummy buswidth from addr to data' (git-fixes). - Revert 'usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null' (stable-fixes). - USB: core: Disable LPM only for non-suspended ports (git-fixes). - USB: serial: cp210x: add Phoenix Contact UPS Device (stable-fixes). - USB: serial: option: add MeiG Smart SRM815 (stable-fixes). - USB: serial: option: add Neoway N723-EA support (stable-fixes). - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() (git-fixes). - USB: usblp: return error when setting unsupported protocol (git-fixes). - VFS: use system_unbound_wq for delayed_mntput (bsc#1234683). - VMCI: fix reference to ioctl-number.rst (git-fixes). - afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY (git-fixes). - afs: Fix cleanup of immediately failed async calls (git-fixes). - afs: Fix directory format encoding struct (git-fixes). - afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call (git-fixes). - afs: Fix the maximum cell name length (git-fixes). - arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu() (git-fixes) - arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented (git-fixes) - arm64: Kconfig: Make SME depend on BROKEN for now (git-fixes bsc#1236245). - arm64: dts: rockchip: Add sdmmc/sdio/emmc reset controls for RK3328 (git-fixes) - arm64: dts: rockchip: add hevc power domain clock to rk3328 (git-fixes). - arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma (git-fixes) - arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL (git-fixes). - arm64: tegra: Disable Tegra234 sce-fabric node (git-fixes) - arm64: tegra: Fix Tegra234 PCIe interrupt-map (git-fixes) - arm64: tegra: Fix typo in Tegra234 dce-fabric compatible (git-fixes) - ata: libata-core: Set ATA_QCFLAG_RTF_FILLED in fill_result_tf() (stable-fixes). - bnxt_en: Fix GSO type for HW GRO packets on 5750X chips (git-fixes) - btrfs: fix use-after-free in btrfs_encoded_read_endio() (bsc#1235445). - btrfs: fix use-after-free waiting for encoded read endios (bsc#1235445). - bus: mhi: host: Free mhi_buf vector inside mhi_alloc_bhie_table() (git-fixes). - ceph: improve error handling and short/overflow-read logic in __ceph_sync_read() (bsc#1228592). - cleanup: Add conditional guard support (stable-fixes). - cleanup: Adjust scoped_guard() macros to avoid potential warning (stable-fixes). - cleanup: Remove address space of returned pointer (git-fixes). - cpufreq: ACPI: Fix max-frequency computation (git-fixes). - cpufreq: Do not unregister cpufreq cooling on CPU hotplug (git-fixes). - cpufreq: amd-pstate: remove global header file (git-fixes). - cpufreq: intel_pstate: Check turbo_is_disabled() in store_no_turbo() (bsc#1234619). - cpufreq: intel_pstate: Do not update global.turbo_disabled after initialization (bsc#1234619). - cpufreq: intel_pstate: Drop redundant locking from intel_pstate_driver_cleanup() (bsc#1234619). - cpufreq: intel_pstate: Fix unchecked HWP MSR access (bsc#1234619). - cpufreq: intel_pstate: Fold intel_pstate_max_within_limits() into caller (bsc#1234619). - cpufreq: intel_pstate: Get rid of unnecessary READ_ONCE() annotations (bsc#1234619). - cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock (git-fixes). - cpufreq: intel_pstate: Read global.no_turbo under READ_ONCE() (bsc#1234619). - cpufreq: intel_pstate: Rearrange show_no_turbo() and store_no_turbo() (bsc#1234619). - cpufreq: intel_pstate: Refine computation of P-state for given frequency (bsc#1234619). - cpufreq: intel_pstate: Replace three global.turbo_disabled checks (bsc#1234619). - cpufreq: intel_pstate: Revise global turbo disable check (bsc#1234619). - cpufreq: intel_pstate: Simplify spinlock locking (bsc#1234619). - cpufreq: intel_pstate: Update the maximum CPU frequency consistently (bsc#1234619). - cpufreq: intel_pstate: Use HWP to initialize ITMT if CPPC is missing (git-fixes). - cpufreq: intel_pstate: Use __ro_after_init for three variables (bsc#1234619). - cpufreq: intel_pstate: Wait for canceled delayed work to complete (bsc#1234619). - cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back (git-fixes). - cpuidle: Avoid potential overflow in integer multiplication (git-fixes). - cpupower: fix TSC MHz calculation (git-fixes). - crypto: caam - use JobR's space to access page 0 regs (git-fixes). - crypto: ecc - Prevent ecc_digits_from_bytes from reading too many bytes (git-fixes). - crypto: ecdsa - Avoid signed integer overflow on signature decoding (stable-fixes). - crypto: ecdsa - Convert byte arrays with key coordinates to digits (stable-fixes). - crypto: ecdsa - Rename keylen to bufsize where necessary (stable-fixes). - crypto: ecdsa - Use ecc_digits_from_bytes to convert signature (stable-fixes). - crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async' (git-fixes). - crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() (git-fixes). - crypto: qce - fix goto jump in error path (git-fixes). - crypto: qce - fix priority to be less than ARMv8 CE (git-fixes). - crypto: qce - unregister previously registered algos in error path (git-fixes). - devcoredump: cleanup some comments (git-fixes). - dlm: fix possible lkb_resource null dereference (git-fixes). - dmaengine: ti: edma: fix OF node reference leaks in edma_driver (git-fixes). - docs: media: update location of the media patches (stable-fixes). - docs: power: Fix footnote reference for Toshiba Satellite P10-554 (git-fixes). - driver core: class: Fix wild pointer dereferences in API class_dev_iter_next() (git-fixes). - drivers/card_reader/rtsx_usb: Restore interrupt based detection (git-fixes). - drm/amd/display: Add check for granularity in dml ceil/floor helpers (stable-fixes). - drm/amd/display: Fix DSC-re-computing (stable-fixes). - drm/amd/display: Fix incorrect DSC recompute trigger (stable-fixes). - drm/amd/display: Use HW lock mgr for PSR1 (stable-fixes). - drm/amd/display: increase MAX_SURFACES to the value supported by hw (stable-fixes). - drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config() (git-fixes). - drm/amdgpu/vcn: reset fw_shared under SRIOV (git-fixes). - drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table (git-fixes). - drm/amdgpu: always sync the GFX pipe on ctx switch (stable-fixes). - drm/amdgpu: simplify return statement in amdgpu_ras_eeprom_init (git-fixes). - drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini() (git-fixes). - drm/amdkfd: Correct the migration DMA map direction (stable-fixes). - drm/amdkfd: fixed page fault when enable MES shader debugger (git-fixes). - drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE (git-fixes). - drm/etnaviv: Fix page property being used for non writecombine buffers (git-fixes). - drm/i915/fb: Relax clear color alignment to 64 bytes (stable-fixes). - drm/mediatek: Add return value check when reading DPCD (git-fixes). - drm/mediatek: Add support for 180-degree rotation in the display driver (git-fixes). - drm/mediatek: Fix YCbCr422 color format issue for DP (git-fixes). - drm/mediatek: Fix mode valid issue for dp (git-fixes). - drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err (git-fixes). - drm/mediatek: mtk_dsi: Add registers to pdata to fix MT8186/MT8188 (git-fixes). - drm/mediatek: stop selecting foreign drivers (git-fixes). - drm/msm/dp: set safe_to_exit_level before printing it (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8150 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8250 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8350 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8550 (git-fixes). - drm/msm: Check return value of of_dma_configure() (git-fixes). - drm/msm: do not clean up priv->kms prematurely (git-fixes). - drm/rcar-du: dsi: Fix PHY lock bit check (git-fixes). - drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() (git-fixes). - drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8 (git-fixes). - drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset (git-fixes). - drm/rockchip: vop2: Fix the mixer alpha setup for layer 0 (git-fixes). - drm/tidss: Clear the interrupt status for interrupts being disabled (git-fixes). - drm/tidss: Fix issue in irq handling causing irq-flood issue (git-fixes). - drm/v3d: Assign job pointer to NULL before signaling the fence (git-fixes). - drm/v3d: Ensure job pointer is set to NULL after job completion (git-fixes). - drm/v3d: Stop active perfmon if it is being destroyed (git-fixes). - drm/vmwgfx: Add new keep_resv BO param (git-fixes). - exfat: ensure that ctime is updated whenever the mtime is (git-fixes). - exfat: fix the infinite loop in __exfat_free_cluster() (git-fixes). - exfat: fix the infinite loop in exfat_readdir() (git-fixes). - fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() (git-fixes). - genirq: Make handle_enforce_irqctx() unconditionally available (git-fixes). - genksyms: fix memory leak when the same symbol is added from source (git-fixes). - genksyms: fix memory leak when the same symbol is read from *.symref file (git-fixes). - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (git-fixes). - gpio: mxc: remove dead code after switch to DT-only (git-fixes). - gpio: xilinx: Convert gpio_lock to raw spinlock (git-fixes). - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes). - hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur (git-fixes). - hwmon: (drivetemp) Set scsi command timeout to 10s (stable-fixes). - hwmon: (tmp513) Fix division of negative numbers (git-fixes). - hyperv: Do not overlap the hvcall IO areas in get_vtl() (git-fixes). - i2c: core: fix reference leak in i2c_register_adapter() (git-fixes). - i2c: i801: Add support for Intel Arrow Lake-H (stable-fixes). - i2c: i801: Add support for Intel Panther Lake (stable-fixes). - i2c: mux: demux-pinctrl: check initial mux selection, too (git-fixes). - i2c: rcar: fix NACK handling when being a target (git-fixes). - i2c: xgene-slimpro: Migrate to use generic PCC shmem related macros (stable-fixes). - ibmvnic: Free any outstanding tx skbs during scrq reset (bsc#1226980). - ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() (git-fixes). - iio: adc: ad7124: Disable all channels at probe time (git-fixes). - iio: adc: ad_sigma_delta: Handle CS assertion as intended in ad_sd_read_reg_raw() (git-fixes). - iio: adc: at91: call input_free_device() on allocated iio_dev (git-fixes). - iio: adc: rockchip_saradc: fix information leak in triggered buffer (git-fixes). - iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() (git-fixes). - iio: adc: ti-ads8688: fix information leak in triggered buffer (git-fixes). - iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer (git-fixes). - iio: gyro: fxas21002c: Fix missing data update in trigger handler (git-fixes). - iio: iio-mux: kzalloc instead of devm_kzalloc to ensure page alignment (git-fixes). - iio: imu: kmx61: fix information leak in triggered buffer (git-fixes). - iio: inkern: call iio_device_put() only on mapped devices (git-fixes). - iio: light: as73211: fix channel handling in only-color triggered buffer (git-fixes). - iio: light: vcnl4035: fix information leak in triggered buffer (git-fixes). - iio: pressure: zpa2326: fix information leak in triggered buffer (git-fixes). - iio: test : check null return of kunit_kmalloc in iio_rescale_test_scale (git-fixes). - intel_th: core: fix kernel-doc warnings (git-fixes). - ipmi: ipmb: Add check devm_kasprintf() returned value (git-fixes). - ipmi: ssif_bmc: Fix new request loss when bmc ready for a response (git-fixes). - irqchip/gic-v3: Force propagation of the active state with a read-back (stable-fixes). - irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base (stable-fixes). - kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST (git-fixes). - kheaders: Ignore silly-rename files (stable-fixes). - ktest.pl: Avoid false positives with grub2 skip regex (stable-fixes). - ktest.pl: Check kernelrelease return in get_version (git-fixes). - ktest.pl: Fix typo 'accesing' (git-fixes). - ktest.pl: Fix typo in comment (git-fixes). - ktest.pl: Remove unused declarations in run_bisect_test function (git-fixes). - ktest: force $buildonly = 1 for 'make_warnings_file' test type (stable-fixes). - landlock: Handle weird files (git-fixes). - latencytop: use correct kernel-doc format for func params (git-fixes). - leds: lp8860: Write full EEPROM, not only half of it (git-fixes). - leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() (git-fixes). - lib/inflate.c: remove dead code (git-fixes). - lib/stackdepot: print disabled message only if truly disabled (git-fixes). - mac802154: check local interfaces before deleting sdata list (stable-fixes). - mailbox: pcc: Add support for platform notification handling (stable-fixes). - mailbox: pcc: Support shared interrupt for multiple subspaces (stable-fixes). - mailbox: tegra-hsp: Clear mailbox before using message (git-fixes). - maple_tree: simplify split calculation (git-fixes). - media: camif-core: Add check for clk_enable() (git-fixes). - media: ccs: Clean up parsed CCS static data on parse failure (git-fixes). - media: ccs: Fix CCS static data parsing for large block sizes (git-fixes). - media: ccs: Fix cleanup order in ccs_probe() (git-fixes). - media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer (git-fixes). - media: i2c: imx412: Add missing newline to prints (git-fixes). - media: i2c: ov9282: Correct the exposure offset (git-fixes). - media: imx-jpeg: Fix potential error pointer dereference in detach_pm() (git-fixes). - media: imx296: Add standby delay during probe (git-fixes). - media: lmedm04: Handle errors for lme2510_int_read (git-fixes). - media: marvell: Add check for clk_enable() (git-fixes). - media: mc: fix endpoint iteration (git-fixes). - media: mipi-csis: Add check for clk_enable() (git-fixes). - media: nxp: imx8-isi: fix v4l2-compliance test errors (git-fixes). - media: ov5640: fix get_light_freq on auto (git-fixes). - media: rc: iguanair: handle timeouts (git-fixes). - media: rkisp1: Fix unused value issue (git-fixes). - media: uvcvideo: Fix crash during unbind if gpio unit is in use (git-fixes). - media: uvcvideo: Fix double free in error path (git-fixes). - media: uvcvideo: Fix event flags in uvc_ctrl_send_events (git-fixes). - media: uvcvideo: Force UVC version to 1.0a for 0408:4035 (stable-fixes). - media: uvcvideo: Only save async fh if success (git-fixes). - media: uvcvideo: Propagate buf->error to userspace (git-fixes). - media: uvcvideo: Remove dangling pointers (git-fixes). - media: uvcvideo: Remove redundant NULL assignment (git-fixes). - media: uvcvideo: Support partial control reads (git-fixes). - memory tiering: count PGPROMOTE_SUCCESS when mem tiering is enabled (git-fixes). - memory-failure: use a folio in me_huge_page() (git-fixes). - memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() (git-fixes). - misc: fastrpc: Deregister device nodes properly in error scenarios (git-fixes). - misc: fastrpc: Fix copy buffer page size (git-fixes). - misc: fastrpc: Fix registered buffer page address (git-fixes). - misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling (git-fixes). - misc: microchip: pci1xxxx: Resolve return code mismatch during GPIO set config (git-fixes). - misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors (git-fixes). - mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes). - mm,page_owner: do not remove __GFP_NOLOCKDEP in add_stack_record_to_list (git-fixes). - mm/memory-failure: cast index to loff_t before shifting it (git-fixes). - mm/memory-failure: check the mapcount of the precise page (git-fixes). - mm/memory-failure: fix crash in split_huge_page_to_list from soft_offline_page (git-fixes). - mm/memory-failure: pass the folio and the page to collect_procs() (git-fixes). - mm/memory-failure: use raw_spinlock_t in struct memory_failure_cpu (git-fixes). - mm/memory_hotplug: add missing mem_hotplug_lock (git-fixes). - mm/memory_hotplug: fix error handling in add_memory_resource() (git-fixes). - mm/memory_hotplug: prevent accessing by index=-1 (git-fixes). - mm/memory_hotplug: use pfn math in place of direct struct page manipulation (git-fixes). - mm/migrate: correct nr_failed in migrate_pages_sync() (git-fixes). - mm/migrate: fix deadlock in migrate_pages_batch() on large folios (git-fixes). - mm/migrate: putback split folios when numa hint migration fails (git-fixes). - mm/migrate: split source folio if it is on deferred split list (git-fixes). - mm/page_owner: remove free_ts from page_owner output (git-fixes). - mm/rodata_test: use READ_ONCE() to read const variable (git-fixes). - mm: convert DAX lock/unlock page to lock/unlock folio (git-fixes). - mm: memory-failure: ensure moving HWPoison flag to the raw error pages (git-fixes). - mm: memory-failure: fetch compound head after extra page refcnt is held (git-fixes). - mm: memory-failure: fix potential page refcnt leak in memory_failure() (git-fixes). - mm: memory-failure: fix race window when trying to get hugetlb folio (git-fixes). - mm: memory-failure: remove unneeded PageHuge() check (git-fixes). - mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes). - modpost: fix the missed iteration for the max bit in do_input() (git-fixes). - mtd: onenand: Fix uninitialized retlen in do_otp_read() (git-fixes). - mtd: spinand: Remove write_enable_op() in markbad() (git-fixes). - net/rose: prevent integer overflows in rose_setsockopt() (git-fixes). - net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760). - net: mana: Enable debugfs files for MANA device (bsc#1236758). - net: netvsc: Update default VMBus channels (bsc#1236757). - net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset (git-fixes). - net: rose: fix timer races against user threads (git-fixes). - net: usb: qmi_wwan: add Telit FE910C04 compositions (stable-fixes). - net: usb: rtl8150: enable basic endpoint checking (git-fixes). - net: wwan: iosm: Properly check for valid exec stage in ipc_mmio_init() (git-fixes). - net: wwan: t7xx: Fix FSM command timeout issue (git-fixes). - netfilter: nf_tables: validate family when identifying table via handle (bsc#1233778 ZDI-24-1454). - nilfs2: fix possible int overflows in nilfs_fiemap() (git-fixes). - nvme-tcp: Fix I/O queue cpu spreading for multiple controllers (git-fixes). - nvme: Add error check for xa_store in nvme_get_effects_log (git-fixes). - nvme: Add error path for xa_store in nvme_init_effects (git-fixes). - nvme: fix bogus kzalloc() return check in nvme_init_effects_log() (git-fixes). - nvmet: propagate npwg topology (git-fixes). - padata: add pd get/put refcnt helper (git-fixes). - padata: avoid UAF for reorder_work (git-fixes). - padata: fix UAF in padata_reorder (git-fixes). - pinctrl: amd: Take suspend type into consideration which pins are non-wake (git-fixes). - pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails (git-fixes). - platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it (git-fixes). - platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1225897). - platform/x86/intel/tpmi: Add defines to get version information (bsc#1225897). - pm:cpupower: Add missing powercap_set_enabled() stub function (git-fixes). - power: ip5xxx_power: Fix return value on ADC read errors (git-fixes). - powerpc/iommu: Move pSeries specific functions to pseries/iommu.c (bsc#1220711 ltc#205755). - powerpc/iommu: Only build sPAPR access functions on pSeries (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove MVE code (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove ioda1 support (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove last IODA1 defines (bsc#1220711 ltc#205755). - powerpc/pseries/eeh: Fix get PE state translation (bsc#1215199). - powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW (bsc#1218470 ltc#204531). - powerpc/pseries/vas: Add close() callback in vas_vm_ops struct (bsc#1234825). - pps: add an error check in parport_attach (git-fixes). - pps: remove usage of the deprecated ida_simple_xx() API (stable-fixes). - printk: Add is_printk_legacy_deferred() (bsc#1236733). - printk: Defer legacy printing when holding printk_cpu_sync (bsc#1236733). - pwm: stm32-lp: Add check for clk_enable() (git-fixes). - pwm: stm32: Add check for clk_enable() (git-fixes). - r8169: enable SG/TSO on selected chip versions per default (bsc#1235874). - rcu-tasks: Pull sampling of ->percpu_dequeue_lim out of loop (git-fixes) - rcu/tree: Defer setting of jiffies during stall reset (git-fixes) - rcu: Dump memory object info if callback function is invalid (git-fixes) - rcu: Eliminate rcu_gp_slow_unregister() false positive (git-fixes) - rcuscale: Move rcu_scale_writer() (git-fixes) - rdma/cxgb4: Prevent potential integer overflow on 32bit (git-fixes) - regulator: core: Add missing newline character (git-fixes). - regulator: of: Implement the unwind path of of_regulator_match() (git-fixes). - remoteproc: core: Fix ida_free call while not allocated (git-fixes). - rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (git-fixes). - rtc: zynqmp: Fix optional clock name property (git-fixes). - s390x config: IOMMU_DEFAULT_DMA_LAZY=y (bsc#1235646) - samples/landlock: Fix possible NULL dereference in parse_path() (git-fixes). - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat (bsc#1235865). - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat -kabi (bsc#1235865). - scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (git-fixes). - seccomp: Stub for !CONFIG_SECCOMP (stable-fixes). - selftest: media_tests: fix trivial UAF typo (git-fixes). - selftests/alsa: Fix circular dependency involving global-timer (stable-fixes). - selftests/landlock: Fix error message (git-fixes). - selftests/mm/cow: modify the incorrect checking parameters (git-fixes). - selftests/powerpc: Fix argument order to timer_sub() (git-fixes). - selftests: harness: fix printing of mismatch values in __EXPECT() (git-fixes). - selftests: mptcp: avoid spurious errors on disconnect (git-fixes). - selftests: tc-testing: reduce rshift value (stable-fixes). - selftests: timers: clocksource-switch: Adapt progress to kselftest framework (git-fixes). - selinux: Fix SCTP error inconsistency in selinux_socket_bind() (git-fixes). - serial: 8250: Adjust the timeout for FIFO mode (git-fixes). - serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use (git-fixes). - serial: sh-sci: Drop __initdata macro for port_cfg (git-fixes). - soc: atmel: fix device_node release in atmel_soc_device_init() (git-fixes). - soc: mediatek: mtk-devapc: Fix leaking IO map on error paths (git-fixes). - soc: qcom: smem_state: fix missing of_node_put in error path (git-fixes). - soc: qcom: socinfo: Avoid out of bounds read of serial number (git-fixes). - sound: usb: enable DSD output for ddHiFi TC44C (stable-fixes). - sound: usb: format: do not warn that raw DSD is unsupported (stable-fixes). - spi: zynq-qspi: Add check for clk_enable() (git-fixes). - srcu: Fix srcu_struct node grpmask overflow on 64-bit systems (git-fixes) - srcu: Only accelerate on enqueue time (git-fixes) - stackdepot: rename pool_index to pool_index_plus_1 (git-fixes). - stackdepot: respect __GFP_NOLOCKDEP allocation flag (git-fixes). - staging: iio: ad9832: Correct phase range check (git-fixes). - staging: iio: ad9834: Correct phase range check (git-fixes). - staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() (git-fixes). - staging: media: max96712: fix kernel oops when removing module (git-fixes). - thermal: of: fix OF node leak in of_thermal_zone_find() (git-fixes). - thunderbolt: Add support for Intel Lunar Lake (stable-fixes). - thunderbolt: Add support for Intel Panther Lake-M/P (stable-fixes). - tipc: fix NULL deref in cleanup_bearer() (bsc#1235433). - tools: Sync if_xdp.h uapi tooling header (git-fixes). - tpm: Map the ACPI provided event log (bsc#1233260 bsc#1233259 bsc#1232421). - tty: serial: 8250: Fix another runtime PM usage counter underflow (git-fixes). - ubifs: skip dumping tnc tree when zroot is null (git-fixes). - uio: Fix return value of poll (git-fixes). - uio: uio_dmem_genirq: check the return value of devm_kasprintf() (git-fixes). - usb-storage: Add max sectors quirk for Nokia 208 (stable-fixes). - usb: chipidea: add CI_HDRC_FORCE_VBUS_ACTIVE_ALWAYS flag (stable-fixes). - usb: dwc3-am62: Disable autosuspend during remove (git-fixes). - usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk() (git-fixes). - usb: dwc3: gadget: fix writing NYET threshold (git-fixes). - usb: fix reference leak in usb_new_device() (git-fixes). - usb: gadget: configfs: Ignore trailing LF for user strings to cdev (git-fixes). - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind (git-fixes). - usb: gadget: f_tcm: Decrement command ref count on cleanup (git-fixes). - usb: gadget: f_tcm: Do not free command immediately (git-fixes). - usb: gadget: f_tcm: Do not prepare BOT write request twice (git-fixes). - usb: gadget: f_tcm: Fix Get/SetInterface return value (git-fixes). - usb: gadget: f_tcm: Translate error to sense (git-fixes). - usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint (git-fixes). - usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints (git-fixes). - usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null (git-fixes). - usb: host: xhci-plat: Assign shared_hcd->rsrc_start (git-fixes). - usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control() (bsc#1235001) - usb: typec: tcpm/tcpci_maxim: fix error code in max_contaminant_read_resistance_kohm() (git-fixes). - usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE (git-fixes). - usbnet: ipheth: break up NCM header size computation (git-fixes). - usbnet: ipheth: check that DPE points past NCM header (git-fixes). - usbnet: ipheth: fix DPE OoB read (git-fixes). - usbnet: ipheth: fix possible overflow in DPE length check (git-fixes). - usbnet: ipheth: refactor NCM datagram loop (git-fixes). - usbnet: ipheth: use static NDP16 location in URB (git-fixes). - vfio/pci: Lock external INTx masking ops (bsc#1222803). - vmscan,migrate: fix page count imbalance on node stats when demoting pages (git-fixes). - watchdog: rzg2l_wdt: Power on the watchdog domain in the restart handler (stable-fixes). - watchdog: rzg2l_wdt: Rely on the reset driver for doing proper reset (stable-fixes). - watchdog: rzg2l_wdt: Remove reset de-assert from probe (stable-fixes). - wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855 (git-fixes). - wifi: ath11k: cleanup struct ath11k_mon_data (git-fixes). - wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask() (stable-fixes). - wifi: ath12k: fix tx power, max reg power update to firmware (git-fixes). - wifi: brcmfmac: add missing header include for brcmf_dbg (git-fixes). - wifi: cfg80211: adjust allocation of colocated AP data (git-fixes). - wifi: iwlwifi: fw: read STEP table from correct UEFI var (git-fixes). - wifi: mac80211: Add non-atomic station iterator (stable-fixes). - wifi: mac80211: Fix common size calculation for ML element (git-fixes). - wifi: mac80211: do not flush non-uploaded STAs (git-fixes). - wifi: mac80211: export ieee80211_purge_tx_queue() for drivers (stable-fixes). - wifi: mac80211: fix mbss changed flags corruption on 32 bit systems (stable-fixes). - wifi: mac80211: fix tid removal during mesh forwarding (git-fixes). - wifi: mac80211: prohibit deactivating all links (git-fixes). - wifi: mac80211: wake the queues in case of failure in resume (stable-fixes). - wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO (git-fixes). - wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC (git-fixes). - wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz on MT7916 (git-fixes). - wifi: mt76: mt7915: firmware restart on devices with a second pcie link (git-fixes). - wifi: mt76: mt7915: fix overflows seen when writing limit attributes (git-fixes). - wifi: mt76: mt7915: fix register mapping (git-fixes). - wifi: mt76: mt7921: fix using incorrect group cipher after disconnection (git-fixes). - wifi: mt76: mt7925: fix off by one in mt7925_load_clc() (git-fixes). - wifi: mt76: mt7996: add max mpdu len capability (git-fixes). - wifi: mt76: mt7996: fix HE Phy capability (git-fixes). - wifi: mt76: mt7996: fix definition of tx descriptor (git-fixes). - wifi: mt76: mt7996: fix incorrect indexing of MIB FW event (git-fixes). - wifi: mt76: mt7996: fix ldpc setting (git-fixes). - wifi: mt76: mt7996: fix overflows seen when writing limit attributes (git-fixes). - wifi: mt76: mt7996: fix register mapping (git-fixes). - wifi: mt76: mt7996: fix rx filter setting for bfee functionality (git-fixes). - wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU (git-fixes). - wifi: rtlwifi: destroy workqueue at rtl_deinit_core (git-fixes). - wifi: rtlwifi: do not complete firmware loading needlessly (git-fixes). - wifi: rtlwifi: fix init_sw_vars leak when probe fails (git-fixes). - wifi: rtlwifi: fix memory leaks and invalid access at probe error path (git-fixes). - wifi: rtlwifi: pci: wait for firmware loading before releasing memory (git-fixes). - wifi: rtlwifi: remove unused check_buddy_priv (git-fixes). - wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step (git-fixes). - wifi: rtlwifi: rtl8821ae: Fix media status report (git-fixes). - wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop (git-fixes). - wifi: rtlwifi: usb: fix workqueue leak when probe fails (git-fixes). - wifi: rtlwifi: wait for firmware loading before releasing memory (git-fixes). - wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb (stable-fixes). - wifi: rtw89: mcc: consider time limits not divisible by 1024 (git-fixes). - wifi: wcn36xx: fix channel survey memory allocation size (git-fixes). - wifi: wlcore: fix unbalanced pm_runtime calls (git-fixes). - workqueue: Add rcu lock check at the end of work item execution (bsc#1236732). - x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (git-fixes). - xfs: Add error handling for xfs_reflink_cancel_cow_range (git-fixes). - xfs: Propagate errors from xfs_reflink_cancel_cow_range in xfs_dax_write_iomap_end (git-fixes). Important SUSE bug 1012628 SUSE bug 1194869 SUSE bug 1215199 SUSE bug 1216813 SUSE bug 1218470 SUSE bug 1220711 SUSE bug 1221326 SUSE bug 1222803 SUSE bug 1224049 SUSE bug 1225897 SUSE bug 1226980 SUSE bug 1228592 SUSE bug 1229833 SUSE bug 1231016 SUSE bug 1232087 SUSE bug 1232101 SUSE bug 1232158 SUSE bug 1232161 SUSE bug 1232421 SUSE bug 1232882 SUSE bug 1233055 SUSE bug 1233112 SUSE bug 1233221 SUSE bug 1233248 SUSE bug 1233259 SUSE bug 1233260 SUSE bug 1233488 SUSE bug 1233522 SUSE bug 1233638 SUSE bug 1233642 SUSE bug 1233778 SUSE bug 1234195 SUSE bug 1234619 SUSE bug 1234635 SUSE bug 1234683 SUSE bug 1234693 SUSE bug 1234726 SUSE bug 1234825 SUSE bug 1234863 SUSE bug 1234887 SUSE bug 1234888 SUSE bug 1234893 SUSE bug 1234898 SUSE bug 1234901 SUSE bug 1234906 SUSE bug 1234923 SUSE bug 1234931 SUSE bug 1234934 SUSE bug 1234947 SUSE bug 1234957 SUSE bug 1235000 SUSE bug 1235001 SUSE bug 1235011 SUSE bug 1235031 SUSE bug 1235032 SUSE bug 1235035 SUSE bug 1235037 SUSE bug 1235038 SUSE bug 1235039 SUSE bug 1235040 SUSE bug 1235042 SUSE bug 1235043 SUSE bug 1235046 SUSE bug 1235050 SUSE bug 1235051 SUSE bug 1235053 SUSE bug 1235054 SUSE bug 1235057 SUSE bug 1235059 SUSE bug 1235061 SUSE bug 1235065 SUSE bug 1235070 SUSE bug 1235073 SUSE bug 1235100 SUSE bug 1235112 SUSE bug 1235115 SUSE bug 1235117 SUSE bug 1235122 SUSE bug 1235123 SUSE bug 1235125 SUSE bug 1235132 SUSE bug 1235133 SUSE bug 1235155 SUSE bug 1235160 SUSE bug 1235217 SUSE bug 1235219 SUSE bug 1235220 SUSE bug 1235222 SUSE bug 1235223 SUSE bug 1235224 SUSE bug 1235227 SUSE bug 1235230 SUSE bug 1235241 SUSE bug 1235249 SUSE bug 1235251 SUSE bug 1235252 SUSE bug 1235389 SUSE bug 1235390 SUSE bug 1235391 SUSE bug 1235406 SUSE bug 1235410 SUSE bug 1235412 SUSE bug 1235413 SUSE bug 1235415 SUSE bug 1235416 SUSE bug 1235417 SUSE bug 1235418 SUSE bug 1235423 SUSE bug 1235424 SUSE bug 1235425 SUSE bug 1235426 SUSE bug 1235427 SUSE bug 1235428 SUSE bug 1235429 SUSE bug 1235430 SUSE bug 1235433 SUSE bug 1235437 SUSE bug 1235439 SUSE bug 1235444 SUSE bug 1235445 SUSE bug 1235449 SUSE bug 1235451 SUSE bug 1235454 SUSE bug 1235458 SUSE bug 1235459 SUSE bug 1235464 SUSE bug 1235466 SUSE bug 1235473 SUSE bug 1235479 SUSE bug 1235480 SUSE bug 1235483 SUSE bug 1235486 SUSE bug 1235487 SUSE bug 1235488 SUSE bug 1235489 SUSE bug 1235491 SUSE bug 1235494 SUSE bug 1235495 SUSE bug 1235496 SUSE bug 1235497 SUSE bug 1235498 SUSE bug 1235500 SUSE bug 1235502 SUSE bug 1235503 SUSE bug 1235519 SUSE bug 1235520 SUSE bug 1235521 SUSE bug 1235523 SUSE bug 1235526 SUSE bug 1235528 SUSE bug 1235532 SUSE bug 1235533 SUSE bug 1235534 SUSE bug 1235537 SUSE bug 1235538 SUSE bug 1235545 SUSE bug 1235552 SUSE bug 1235555 SUSE bug 1235557 SUSE bug 1235563 SUSE bug 1235564 SUSE bug 1235565 SUSE bug 1235568 SUSE bug 1235570 SUSE bug 1235571 SUSE bug 1235577 SUSE bug 1235578 SUSE bug 1235582 SUSE bug 1235583 SUSE bug 1235584 SUSE bug 1235587 SUSE bug 1235611 SUSE bug 1235612 SUSE bug 1235616 SUSE bug 1235622 SUSE bug 1235627 SUSE bug 1235632 SUSE bug 1235635 SUSE bug 1235638 SUSE bug 1235641 SUSE bug 1235643 SUSE bug 1235645 SUSE bug 1235646 SUSE bug 1235647 SUSE bug 1235650 SUSE bug 1235653 SUSE bug 1235656 SUSE bug 1235657 SUSE bug 1235663 SUSE bug 1235686 SUSE bug 1235700 SUSE bug 1235705 SUSE bug 1235707 SUSE bug 1235708 SUSE bug 1235710 SUSE bug 1235714 SUSE bug 1235716 SUSE bug 1235720 SUSE bug 1235723 SUSE bug 1235727 SUSE bug 1235730 SUSE bug 1235737 SUSE bug 1235739 SUSE bug 1235745 SUSE bug 1235747 SUSE bug 1235750 SUSE bug 1235753 SUSE bug 1235759 SUSE bug 1235764 SUSE bug 1235768 SUSE bug 1235776 SUSE bug 1235777 SUSE bug 1235778 SUSE bug 1235779 SUSE bug 1235793 SUSE bug 1235798 SUSE bug 1235806 SUSE bug 1235808 SUSE bug 1235812 SUSE bug 1235814 SUSE bug 1235818 SUSE bug 1235842 SUSE bug 1235865 SUSE bug 1235874 SUSE bug 1235894 SUSE bug 1235902 SUSE bug 1235903 SUSE bug 1235906 SUSE bug 1235918 SUSE bug 1235919 SUSE bug 1235920 SUSE bug 1235924 SUSE bug 1235940 SUSE bug 1235941 SUSE bug 1235946 SUSE bug 1235948 SUSE bug 1235952 SUSE bug 1235964 SUSE bug 1235965 SUSE bug 1235967 SUSE bug 1235969 SUSE bug 1235976 SUSE bug 1235977 SUSE bug 1236078 SUSE bug 1236080 SUSE bug 1236082 SUSE bug 1236088 SUSE bug 1236090 SUSE bug 1236091 SUSE bug 1236096 SUSE bug 1236097 SUSE bug 1236098 SUSE bug 1236101 SUSE bug 1236102 SUSE bug 1236104 SUSE bug 1236106 SUSE bug 1236120 SUSE bug 1236125 SUSE bug 1236127 SUSE bug 1236131 SUSE bug 1236138 SUSE bug 1236143 SUSE bug 1236144 SUSE bug 1236145 SUSE bug 1236160 SUSE bug 1236161 SUSE bug 1236163 SUSE bug 1236168 SUSE bug 1236178 SUSE bug 1236180 SUSE bug 1236181 SUSE bug 1236182 SUSE bug 1236190 SUSE bug 1236192 SUSE bug 1236198 SUSE bug 1236227 SUSE bug 1236245 SUSE bug 1236247 SUSE bug 1236248 SUSE bug 1236260 SUSE bug 1236262 SUSE bug 1236628 SUSE bug 1236688 SUSE bug 1236696 SUSE bug 1236698 SUSE bug 1236703 SUSE bug 1236732 SUSE bug 1236733 SUSE bug 1236757 SUSE bug 1236758 SUSE bug 1236760 CVE-2023-52489 at SUSE CVE-2023-52489 at NVD CVE-2023-52923 at SUSE CVE-2023-52923 at NVD CVE-2024-36476 at SUSE CVE-2024-36476 at NVD CVE-2024-39282 at SUSE CVE-2024-39282 at NVD CVE-2024-43913 at SUSE CVE-2024-43913 at NVD CVE-2024-45828 at SUSE CVE-2024-45828 at NVD CVE-2024-46896 at SUSE CVE-2024-46896 at NVD CVE-2024-47141 at SUSE CVE-2024-47141 at NVD CVE-2024-47143 at SUSE CVE-2024-47143 at NVD CVE-2024-47809 at SUSE CVE-2024-47809 at NVD CVE-2024-48873 at SUSE CVE-2024-48873 at NVD CVE-2024-48881 at SUSE CVE-2024-48881 at NVD CVE-2024-49569 at SUSE CVE-2024-49569 at NVD CVE-2024-49948 at SUSE CVE-2024-49948 at NVD CVE-2024-49951 at SUSE CVE-2024-49951 at NVD CVE-2024-49978 at SUSE CVE-2024-49978 at NVD CVE-2024-49998 at SUSE CVE-2024-49998 at NVD CVE-2024-50051 at SUSE CVE-2024-50051 at NVD CVE-2024-50106 at SUSE CVE-2024-50106 at NVD CVE-2024-50151 at SUSE CVE-2024-50151 at NVD CVE-2024-50199 at SUSE CVE-2024-50199 at NVD CVE-2024-50251 at SUSE CVE-2024-50251 at NVD CVE-2024-50258 at SUSE CVE-2024-50258 at NVD CVE-2024-50299 at SUSE CVE-2024-50299 at NVD CVE-2024-50304 at SUSE CVE-2024-50304 at NVD CVE-2024-52332 at SUSE CVE-2024-52332 at NVD CVE-2024-53091 at SUSE CVE-2024-53091 at NVD CVE-2024-53095 at SUSE CVE-2024-53095 at NVD CVE-2024-53164 at SUSE CVE-2024-53164 at NVD CVE-2024-53168 at SUSE CVE-2024-53168 at NVD CVE-2024-53170 at SUSE CVE-2024-53170 at NVD CVE-2024-53172 at SUSE CVE-2024-53172 at NVD CVE-2024-53175 at SUSE CVE-2024-53175 at NVD CVE-2024-53185 at SUSE CVE-2024-53185 at NVD CVE-2024-53187 at SUSE CVE-2024-53187 at NVD CVE-2024-53194 at SUSE CVE-2024-53194 at NVD CVE-2024-53195 at SUSE CVE-2024-53195 at NVD CVE-2024-53196 at SUSE CVE-2024-53196 at NVD CVE-2024-53197 at SUSE CVE-2024-53197 at NVD CVE-2024-53198 at SUSE CVE-2024-53198 at NVD CVE-2024-53203 at SUSE CVE-2024-53203 at NVD CVE-2024-53227 at SUSE CVE-2024-53227 at NVD CVE-2024-53230 at SUSE CVE-2024-53230 at NVD CVE-2024-53231 at SUSE CVE-2024-53231 at NVD CVE-2024-53232 at SUSE CVE-2024-53232 at NVD CVE-2024-53233 at SUSE CVE-2024-53233 at NVD CVE-2024-53236 at SUSE CVE-2024-53236 at NVD CVE-2024-53239 at SUSE CVE-2024-53239 at NVD CVE-2024-53685 at SUSE CVE-2024-53685 at NVD CVE-2024-53690 at SUSE CVE-2024-53690 at NVD CVE-2024-54680 at SUSE CVE-2024-54680 at NVD CVE-2024-55639 at SUSE CVE-2024-55639 at NVD CVE-2024-55881 at SUSE CVE-2024-55881 at NVD CVE-2024-55916 at SUSE CVE-2024-55916 at NVD CVE-2024-56369 at SUSE CVE-2024-56369 at NVD CVE-2024-56372 at SUSE CVE-2024-56372 at NVD CVE-2024-56531 at SUSE CVE-2024-56531 at NVD CVE-2024-56532 at SUSE CVE-2024-56532 at NVD CVE-2024-56533 at SUSE CVE-2024-56533 at NVD CVE-2024-56538 at SUSE CVE-2024-56538 at NVD CVE-2024-56543 at SUSE CVE-2024-56543 at NVD CVE-2024-56546 at SUSE CVE-2024-56546 at NVD CVE-2024-56548 at SUSE CVE-2024-56548 at NVD CVE-2024-56557 at SUSE CVE-2024-56557 at NVD CVE-2024-56558 at SUSE CVE-2024-56558 at NVD CVE-2024-56568 at SUSE CVE-2024-56568 at NVD CVE-2024-56569 at SUSE CVE-2024-56569 at NVD CVE-2024-56570 at SUSE CVE-2024-56570 at NVD CVE-2024-56571 at SUSE CVE-2024-56571 at NVD CVE-2024-56572 at SUSE CVE-2024-56572 at NVD CVE-2024-56573 at SUSE CVE-2024-56573 at NVD CVE-2024-56574 at SUSE CVE-2024-56574 at NVD CVE-2024-56575 at SUSE CVE-2024-56575 at NVD CVE-2024-56577 at SUSE CVE-2024-56577 at NVD CVE-2024-56578 at SUSE CVE-2024-56578 at NVD CVE-2024-56584 at SUSE CVE-2024-56584 at NVD CVE-2024-56587 at SUSE CVE-2024-56587 at NVD CVE-2024-56588 at SUSE CVE-2024-56588 at NVD CVE-2024-56589 at SUSE CVE-2024-56589 at NVD CVE-2024-56590 at SUSE CVE-2024-56590 at NVD CVE-2024-56593 at SUSE CVE-2024-56593 at NVD CVE-2024-56594 at SUSE CVE-2024-56594 at NVD CVE-2024-56595 at SUSE CVE-2024-56595 at NVD CVE-2024-56596 at SUSE CVE-2024-56596 at NVD CVE-2024-56597 at SUSE CVE-2024-56597 at NVD CVE-2024-56598 at SUSE CVE-2024-56598 at NVD CVE-2024-56600 at SUSE CVE-2024-56600 at NVD CVE-2024-56601 at SUSE CVE-2024-56601 at NVD CVE-2024-56602 at SUSE CVE-2024-56602 at NVD CVE-2024-56603 at SUSE CVE-2024-56603 at NVD CVE-2024-56606 at SUSE CVE-2024-56606 at NVD CVE-2024-56607 at SUSE CVE-2024-56607 at NVD CVE-2024-56608 at SUSE CVE-2024-56608 at NVD CVE-2024-56609 at SUSE CVE-2024-56609 at NVD CVE-2024-56610 at SUSE CVE-2024-56610 at NVD CVE-2024-56611 at SUSE CVE-2024-56611 at NVD CVE-2024-56614 at SUSE CVE-2024-56614 at NVD CVE-2024-56615 at SUSE CVE-2024-56615 at NVD CVE-2024-56616 at SUSE CVE-2024-56616 at NVD CVE-2024-56617 at SUSE CVE-2024-56617 at NVD CVE-2024-56619 at SUSE CVE-2024-56619 at NVD CVE-2024-56620 at SUSE CVE-2024-56620 at NVD CVE-2024-56622 at SUSE CVE-2024-56622 at NVD CVE-2024-56623 at SUSE CVE-2024-56623 at NVD CVE-2024-56625 at SUSE CVE-2024-56625 at NVD CVE-2024-56629 at SUSE CVE-2024-56629 at NVD CVE-2024-56630 at SUSE CVE-2024-56630 at NVD CVE-2024-56631 at SUSE CVE-2024-56631 at NVD CVE-2024-56632 at SUSE CVE-2024-56632 at NVD CVE-2024-56634 at SUSE CVE-2024-56634 at NVD CVE-2024-56635 at SUSE CVE-2024-56635 at NVD CVE-2024-56636 at SUSE CVE-2024-56636 at NVD CVE-2024-56637 at SUSE CVE-2024-56637 at NVD CVE-2024-56641 at SUSE CVE-2024-56641 at NVD CVE-2024-56642 at SUSE CVE-2024-56642 at NVD CVE-2024-56643 at SUSE CVE-2024-56643 at NVD CVE-2024-56644 at SUSE CVE-2024-56644 at NVD CVE-2024-56648 at SUSE CVE-2024-56648 at NVD CVE-2024-56649 at SUSE CVE-2024-56649 at NVD CVE-2024-56650 at SUSE CVE-2024-56650 at NVD CVE-2024-56651 at SUSE CVE-2024-56651 at NVD CVE-2024-56654 at SUSE CVE-2024-56654 at NVD CVE-2024-56656 at SUSE CVE-2024-56656 at NVD CVE-2024-56659 at SUSE CVE-2024-56659 at NVD CVE-2024-56660 at SUSE CVE-2024-56660 at NVD CVE-2024-56661 at SUSE CVE-2024-56661 at NVD CVE-2024-56662 at SUSE CVE-2024-56662 at NVD CVE-2024-56663 at SUSE CVE-2024-56663 at NVD CVE-2024-56664 at SUSE CVE-2024-56664 at NVD CVE-2024-56665 at SUSE CVE-2024-56665 at NVD CVE-2024-56670 at SUSE CVE-2024-56670 at NVD CVE-2024-56672 at SUSE CVE-2024-56672 at NVD CVE-2024-56675 at SUSE CVE-2024-56675 at NVD CVE-2024-56677 at SUSE CVE-2024-56677 at NVD CVE-2024-56678 at SUSE CVE-2024-56678 at NVD CVE-2024-56679 at SUSE CVE-2024-56679 at NVD CVE-2024-56681 at SUSE CVE-2024-56681 at NVD CVE-2024-56683 at SUSE CVE-2024-56683 at NVD CVE-2024-56687 at SUSE CVE-2024-56687 at NVD CVE-2024-56688 at SUSE CVE-2024-56688 at NVD CVE-2024-56690 at SUSE CVE-2024-56690 at NVD CVE-2024-56691 at SUSE CVE-2024-56691 at NVD CVE-2024-56693 at SUSE CVE-2024-56693 at NVD CVE-2024-56694 at SUSE CVE-2024-56694 at NVD CVE-2024-56698 at SUSE CVE-2024-56698 at NVD CVE-2024-56700 at SUSE CVE-2024-56700 at NVD CVE-2024-56701 at SUSE CVE-2024-56701 at NVD CVE-2024-56704 at SUSE CVE-2024-56704 at NVD CVE-2024-56705 at SUSE CVE-2024-56705 at NVD CVE-2024-56707 at SUSE CVE-2024-56707 at NVD CVE-2024-56708 at SUSE CVE-2024-56708 at NVD CVE-2024-56709 at SUSE CVE-2024-56709 at NVD CVE-2024-56712 at SUSE CVE-2024-56712 at NVD CVE-2024-56715 at SUSE CVE-2024-56715 at NVD CVE-2024-56716 at SUSE CVE-2024-56716 at NVD CVE-2024-56722 at SUSE CVE-2024-56722 at NVD CVE-2024-56723 at SUSE CVE-2024-56723 at NVD CVE-2024-56724 at SUSE CVE-2024-56724 at NVD CVE-2024-56725 at SUSE CVE-2024-56725 at NVD CVE-2024-56726 at SUSE CVE-2024-56726 at NVD CVE-2024-56727 at SUSE CVE-2024-56727 at NVD CVE-2024-56728 at SUSE CVE-2024-56728 at NVD CVE-2024-56729 at SUSE CVE-2024-56729 at NVD CVE-2024-56739 at SUSE CVE-2024-56739 at NVD CVE-2024-56741 at SUSE CVE-2024-56741 at NVD CVE-2024-56745 at SUSE CVE-2024-56745 at NVD CVE-2024-56746 at SUSE CVE-2024-56746 at NVD CVE-2024-56747 at SUSE CVE-2024-56747 at NVD CVE-2024-56748 at SUSE CVE-2024-56748 at NVD CVE-2024-56759 at SUSE CVE-2024-56759 at NVD CVE-2024-56760 at SUSE CVE-2024-56760 at NVD CVE-2024-56763 at SUSE CVE-2024-56763 at NVD CVE-2024-56765 at SUSE CVE-2024-56765 at NVD CVE-2024-56766 at SUSE CVE-2024-56766 at NVD CVE-2024-56767 at SUSE CVE-2024-56767 at NVD CVE-2024-56769 at SUSE CVE-2024-56769 at NVD CVE-2024-56774 at SUSE CVE-2024-56774 at NVD CVE-2024-56775 at SUSE CVE-2024-56775 at NVD CVE-2024-56776 at SUSE CVE-2024-56776 at NVD CVE-2024-56777 at SUSE CVE-2024-56777 at NVD CVE-2024-56778 at SUSE CVE-2024-56778 at NVD CVE-2024-56779 at SUSE CVE-2024-56779 at NVD CVE-2024-56780 at SUSE CVE-2024-56780 at NVD CVE-2024-56787 at SUSE CVE-2024-56787 at NVD CVE-2024-57791 at SUSE CVE-2024-57791 at NVD CVE-2024-57792 at SUSE CVE-2024-57792 at NVD CVE-2024-57793 at SUSE CVE-2024-57793 at NVD CVE-2024-57795 at SUSE CVE-2024-57795 at NVD CVE-2024-57798 at SUSE CVE-2024-57798 at NVD CVE-2024-57801 at SUSE CVE-2024-57801 at NVD CVE-2024-57802 at SUSE CVE-2024-57802 at NVD CVE-2024-57804 at SUSE CVE-2024-57804 at NVD CVE-2024-57809 at SUSE CVE-2024-57809 at NVD CVE-2024-57838 at SUSE CVE-2024-57838 at NVD CVE-2024-57849 at SUSE CVE-2024-57849 at NVD CVE-2024-57850 at SUSE CVE-2024-57850 at NVD CVE-2024-57857 at SUSE CVE-2024-57857 at NVD CVE-2024-57874 at SUSE CVE-2024-57874 at NVD CVE-2024-57876 at SUSE CVE-2024-57876 at NVD CVE-2024-57884 at SUSE CVE-2024-57884 at NVD CVE-2024-57887 at SUSE CVE-2024-57887 at NVD CVE-2024-57888 at SUSE CVE-2024-57888 at NVD CVE-2024-57890 at SUSE CVE-2024-57890 at NVD CVE-2024-57892 at SUSE CVE-2024-57892 at NVD CVE-2024-57893 at SUSE CVE-2024-57893 at NVD CVE-2024-57896 at SUSE CVE-2024-57896 at NVD CVE-2024-57897 at SUSE CVE-2024-57897 at NVD CVE-2024-57899 at SUSE CVE-2024-57899 at NVD CVE-2024-57903 at SUSE CVE-2024-57903 at NVD CVE-2024-57904 at SUSE CVE-2024-57904 at NVD CVE-2024-57906 at SUSE CVE-2024-57906 at NVD CVE-2024-57907 at SUSE CVE-2024-57907 at NVD CVE-2024-57908 at SUSE CVE-2024-57908 at NVD CVE-2024-57910 at SUSE CVE-2024-57910 at NVD CVE-2024-57911 at SUSE CVE-2024-57911 at NVD CVE-2024-57912 at SUSE CVE-2024-57912 at NVD CVE-2024-57913 at SUSE CVE-2024-57913 at NVD CVE-2024-57915 at SUSE CVE-2024-57915 at NVD CVE-2024-57916 at SUSE CVE-2024-57916 at NVD CVE-2024-57917 at SUSE CVE-2024-57917 at NVD CVE-2024-57922 at SUSE CVE-2024-57922 at NVD CVE-2024-57926 at SUSE CVE-2024-57926 at NVD CVE-2024-57929 at SUSE CVE-2024-57929 at NVD CVE-2024-57931 at SUSE CVE-2024-57931 at NVD CVE-2024-57932 at SUSE CVE-2024-57932 at NVD CVE-2024-57933 at SUSE CVE-2024-57933 at NVD CVE-2024-57935 at SUSE CVE-2024-57935 at NVD CVE-2024-57936 at SUSE CVE-2024-57936 at NVD CVE-2024-57938 at SUSE CVE-2024-57938 at NVD CVE-2024-57940 at SUSE CVE-2024-57940 at NVD CVE-2024-57946 at SUSE CVE-2024-57946 at NVD CVE-2025-21632 at SUSE CVE-2025-21632 at NVD CVE-2025-21645 at SUSE CVE-2025-21645 at NVD CVE-2025-21646 at SUSE CVE-2025-21646 at NVD CVE-2025-21649 at SUSE CVE-2025-21649 at NVD CVE-2025-21650 at SUSE CVE-2025-21650 at NVD CVE-2025-21651 at SUSE CVE-2025-21651 at NVD CVE-2025-21652 at SUSE CVE-2025-21652 at NVD CVE-2025-21653 at SUSE CVE-2025-21653 at NVD CVE-2025-21655 at SUSE CVE-2025-21655 at NVD CVE-2025-21656 at SUSE CVE-2025-21656 at NVD CVE-2025-21662 at SUSE CVE-2025-21662 at NVD CVE-2025-21663 at SUSE CVE-2025-21663 at NVD CVE-2025-21664 at SUSE CVE-2025-21664 at NVD CVE-2025-21674 at SUSE CVE-2025-21674 at NVD CVE-2025-21676 at SUSE CVE-2025-21676 at NVD CVE-2025-21678 at SUSE CVE-2025-21678 at NVD CVE-2025-21682 at SUSE CVE-2025-21682 at NVD cpe:/o:opensuse:leap:15.6 Security update for containerd (Important) openSUSE Leap 15.6 This update for containerd fixes the following issues: - Update to containerd v1.7.29 - CVE-2024-25621: Fixed an overly broad default permission vulnerability. (bsc#1253126) - CVE-2025-64329: Fixed a goroutine leaks which can lead to memory exhaustion on the host. (bsc#1253132) Important SUSE bug 1253126 SUSE bug 1253132 CVE-2024-25621 at SUSE CVE-2024-25621 at NVD CVE-2025-64329 at SUSE CVE-2025-64329 at NVD cpe:/o:opensuse:leap:15.6 Security update for cups (Moderate) openSUSE Leap 15.6 This update for cups fixes the following issues: - CVE-2025-61915: Fixed a local denial-of-service via cupsd.conf update and related issues. (bsc#1253783) - CVE-2025-58436: Fixed an issue where a slow client communication leads to a possible DoS attack. (bsc#1244057) Moderate SUSE bug 1234225 SUSE bug 1244057 SUSE bug 1253783 CVE-2025-58436 at SUSE CVE-2025-58436 at NVD CVE-2025-61915 at SUSE CVE-2025-61915 at NVD cpe:/o:opensuse:leap:15.6 Security update for libmicrohttpd (Important) openSUSE Leap 15.6 This update for libmicrohttpd fixes the following issues: - CVE-2025-59777: Fixed NULL pointer dereference via specially crafted packet sent by an attacker (bsc#1253177) - CVE-2025-62689: Fixed heap-based buffer overflow via specially crafted packet sent by an attacker (bsc#1253178) Important SUSE bug 1253177 SUSE bug 1253178 CVE-2025-59777 at SUSE CVE-2025-59777 at NVD CVE-2025-62689 at SUSE CVE-2025-62689 at NVD cpe:/o:opensuse:leap:15.6 Security update for python311 (Low) openSUSE Leap 15.6 This update for python311 fixes the following issues: Update to 3.11.14: - CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars() (bsc#1252974) - CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory (EOCD) not checked by the 'zipfile' module (bsc#1251305) Low SUSE bug 1251305 SUSE bug 1252974 CVE-2025-6075 at SUSE CVE-2025-6075 at NVD CVE-2025-8291 at SUSE CVE-2025-8291 at NVD cpe:/o:opensuse:leap:15.6 Security update for webkit2gtk3 (Important) openSUSE Leap 15.6 This update for webkit2gtk3 fixes the following issues: Update to version 2.46.5 (bsc#1234851): Security fixes: - CVE-2024-54479: Processing maliciously crafted web content may lead to an unexpected process crash - CVE-2024-54502: Processing maliciously crafted web content may lead to an unexpected process crash - CVE-2024-54505: Processing maliciously crafted web content may lead to memory corruption - CVE-2024-54508: Processing maliciously crafted web content may lead to an unexpected process crash - CVE-2024-54534: Processing maliciously crafted web content may lead to memory corruption Other fixes: - Fix the build with GBM and release logs disabled. - Fix several crashes and rendering issues. - Improve memory consumption and performance of Canvas getImageData. - Fix preserve-3D intersection rendering. - Fix video dimensions since GStreamer 1.24.9. - Fix the HTTP-based remote Web Inspector not loading in Chromium. - Fix content filters not working on about:blank iframes. - Fix several crashes and rendering issues. Important SUSE bug 1234851 CVE-2024-40866 at SUSE CVE-2024-40866 at NVD CVE-2024-44185 at SUSE CVE-2024-44185 at NVD CVE-2024-44187 at SUSE CVE-2024-44187 at NVD CVE-2024-44308 at SUSE CVE-2024-44308 at NVD CVE-2024-44309 at SUSE CVE-2024-44309 at NVD CVE-2024-54479 at SUSE CVE-2024-54479 at NVD CVE-2024-54502 at SUSE CVE-2024-54502 at NVD CVE-2024-54505 at SUSE CVE-2024-54505 at NVD CVE-2024-54508 at SUSE CVE-2024-54508 at NVD CVE-2024-54534 at SUSE CVE-2024-54534 at NVD cpe:/o:opensuse:leap:15.6 Security update for openssl-3 (Moderate) openSUSE Leap 15.6 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136). Moderate SUSE bug 1236136 CVE-2024-13176 at SUSE CVE-2024-13176 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939). - CVE-2025-38539: trace/fgraph: Fix the warning caused by missing unregister notifier (bsc#1248211). - CVE-2025-38552: mptcp: plug races between subflow fail and subflow creation (bsc#1248230). - CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630). - CVE-2025-38699: scsi: bfa: Double-free fix (bsc#1249224). - CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182). - CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161). - CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320). - CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302). - CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286). - CVE-2025-39697: nfs: remove dead code for the old swap over NFS implementation (bsc#1249319 bsc#1252236). - CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317). - CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512). - CVE-2025-39794: ARM: tegra: Use I/O memcpy to write to IRAM (bsc#1249595). - CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202). - CVE-2025-39813: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump (bsc#1250032). - CVE-2025-39828: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control() (bsc#1250205). - CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296). - CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455). - CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400). - CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379). - CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721). - CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702). - CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704). - CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230). - CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114). - CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232). - CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233). - CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177). - CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804). - CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047). - CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044). - CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051). - CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052). - CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039). - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035). - CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069). - CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062). - CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349). - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688). - CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858). - CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826). - CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848). - CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789). - CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774). - CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918). The following non security issues were fixed: - ACPI: battery: Add synchronization between interface updates (git-fixes). - KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199). - KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() (git-fixes). - KVM: x86: Process 'guest stopped request' once per guest time update (git-fixes). - bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog types (bsc#1252364). - cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (stable-fixes git-fixes). - drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes). - ext4: fix checks for orphan inodes (bsc#1250119). - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (git-fixes). - kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939). - module: Prevent silent truncation of module name in delete_module(2) (git-fixes). - net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754). - netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). No CVE available yet, please see the bugzilla ticket referenced. - perf/x86/intel: Allow to update user space GPRs from PEBS records (git-fixes). - perf/x86/intel: Fix crash in icl_update_topdown_event() (git-fixes). - phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes). - powerpc/boot: Fix build with gcc 15 (bsc#1215199). - powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199). - powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199). - powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199). - powerpc: export MIN RMA size (bsc#1236743 ltc#211409). - powerpc: floppy: Add missing checks after DMA map (bsc#1215199). - powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743 ltc#211409 bsc#1252269 ltc#215957). - proc: fix missing pde_set_flags() for net proc files (bsc#1248630) - proc: fix type confusion in pde_set_flags() (bsc#1248630) - sched/idle: Conditionally handle tick broadcast in default_idle_call() (bsc#1248517). - serial: jsm: fix NPE during jsm_uart_port_init (git fixes, bsc#1246244). - skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650). - smb: client: fix crypto buffers in non-linear memory (bsc#1250491, bsc#1239206). - smb: client: fix potential cfid UAF in smb2_query_info_compound (bsc#1248886). - tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650). - tracing: Remove unneeded goto out logic (bsc#1249286). - x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517). Important SUSE bug 1012628 SUSE bug 1214954 SUSE bug 1215143 SUSE bug 1215199 SUSE bug 1216396 SUSE bug 1220419 SUSE bug 1236743 SUSE bug 1239206 SUSE bug 1244939 SUSE bug 1246244 SUSE bug 1248211 SUSE bug 1248230 SUSE bug 1248517 SUSE bug 1248630 SUSE bug 1248754 SUSE bug 1248886 SUSE bug 1249161 SUSE bug 1249182 SUSE bug 1249224 SUSE bug 1249286 SUSE bug 1249302 SUSE bug 1249317 SUSE bug 1249319 SUSE bug 1249320 SUSE bug 1249512 SUSE bug 1249595 SUSE bug 1249608 SUSE bug 1250032 SUSE bug 1250119 SUSE bug 1250202 SUSE bug 1250205 SUSE bug 1250237 SUSE bug 1250274 SUSE bug 1250296 SUSE bug 1250379 SUSE bug 1250400 SUSE bug 1250455 SUSE bug 1250491 SUSE bug 1250519 SUSE bug 1250650 SUSE bug 1250702 SUSE bug 1250704 SUSE bug 1250721 SUSE bug 1250742 SUSE bug 1250946 SUSE bug 1251024 SUSE bug 1251027 SUSE bug 1251028 SUSE bug 1251031 SUSE bug 1251035 SUSE bug 1251038 SUSE bug 1251043 SUSE bug 1251045 SUSE bug 1251052 SUSE bug 1251053 SUSE bug 1251054 SUSE bug 1251056 SUSE bug 1251057 SUSE bug 1251059 SUSE bug 1251060 SUSE bug 1251065 SUSE bug 1251066 SUSE bug 1251067 SUSE bug 1251068 SUSE bug 1251071 SUSE bug 1251076 SUSE bug 1251079 SUSE bug 1251081 SUSE bug 1251083 SUSE bug 1251084 SUSE bug 1251100 SUSE bug 1251105 SUSE bug 1251106 SUSE bug 1251108 SUSE bug 1251113 SUSE bug 1251114 SUSE bug 1251119 SUSE bug 1251123 SUSE bug 1251126 SUSE bug 1251132 SUSE bug 1251134 SUSE bug 1251143 SUSE bug 1251146 SUSE bug 1251150 SUSE bug 1251152 SUSE bug 1251153 SUSE bug 1251159 SUSE bug 1251161 SUSE bug 1251170 SUSE bug 1251177 SUSE bug 1251180 SUSE bug 1251206 SUSE bug 1251215 SUSE bug 1251216 SUSE bug 1251222 SUSE bug 1251230 SUSE bug 1251232 SUSE bug 1251233 SUSE bug 1251247 SUSE bug 1251268 SUSE bug 1251269 SUSE bug 1251270 SUSE bug 1251282 SUSE bug 1251283 SUSE bug 1251286 SUSE bug 1251290 SUSE bug 1251319 SUSE bug 1251321 SUSE bug 1251323 SUSE bug 1251328 SUSE bug 1251529 SUSE bug 1251721 SUSE bug 1251732 SUSE bug 1251742 SUSE bug 1251743 SUSE bug 1251746 SUSE bug 1251748 SUSE bug 1251749 SUSE bug 1251750 SUSE bug 1251754 SUSE bug 1251755 SUSE bug 1251756 SUSE bug 1251758 SUSE bug 1251759 SUSE bug 1251760 SUSE bug 1251762 SUSE bug 1251763 SUSE bug 1251764 SUSE bug 1251769 SUSE bug 1251771 SUSE bug 1251772 SUSE bug 1251777 SUSE bug 1251780 SUSE bug 1251804 SUSE bug 1251810 SUSE bug 1251930 SUSE bug 1251967 SUSE bug 1252033 SUSE bug 1252035 SUSE bug 1252039 SUSE bug 1252044 SUSE bug 1252047 SUSE bug 1252051 SUSE bug 1252052 SUSE bug 1252056 SUSE bug 1252060 SUSE bug 1252062 SUSE bug 1252064 SUSE bug 1252065 SUSE bug 1252069 SUSE bug 1252070 SUSE bug 1252072 SUSE bug 1252074 SUSE bug 1252075 SUSE bug 1252078 SUSE bug 1252079 SUSE bug 1252082 SUSE bug 1252083 SUSE bug 1252236 SUSE bug 1252265 SUSE bug 1252269 SUSE bug 1252332 SUSE bug 1252336 SUSE bug 1252346 SUSE bug 1252348 SUSE bug 1252349 SUSE bug 1252364 SUSE bug 1252479 SUSE bug 1252481 SUSE bug 1252489 SUSE bug 1252490 SUSE bug 1252492 SUSE bug 1252495 SUSE bug 1252496 SUSE bug 1252499 SUSE bug 1252534 SUSE bug 1252536 SUSE bug 1252537 SUSE bug 1252550 SUSE bug 1252553 SUSE bug 1252559 SUSE bug 1252561 SUSE bug 1252564 SUSE bug 1252565 SUSE bug 1252566 SUSE bug 1252632 SUSE bug 1252668 SUSE bug 1252678 SUSE bug 1252679 SUSE bug 1252685 SUSE bug 1252688 SUSE bug 1252772 SUSE bug 1252774 SUSE bug 1252775 SUSE bug 1252785 SUSE bug 1252787 SUSE bug 1252789 SUSE bug 1252797 SUSE bug 1252822 SUSE bug 1252826 SUSE bug 1252841 SUSE bug 1252848 SUSE bug 1252849 SUSE bug 1252850 SUSE bug 1252851 SUSE bug 1252854 SUSE bug 1252858 SUSE bug 1252865 SUSE bug 1252866 SUSE bug 1252873 SUSE bug 1252902 SUSE bug 1252904 SUSE bug 1252909 SUSE bug 1252918 SUSE bug 1252939 CVE-2023-53538 at SUSE CVE-2023-53538 at NVD CVE-2023-53539 at SUSE CVE-2023-53539 at NVD CVE-2023-53540 at SUSE CVE-2023-53540 at NVD CVE-2023-53541 at SUSE CVE-2023-53541 at NVD CVE-2023-53543 at SUSE CVE-2023-53543 at NVD CVE-2023-53545 at SUSE CVE-2023-53545 at NVD CVE-2023-53546 at SUSE CVE-2023-53546 at NVD CVE-2023-53548 at SUSE CVE-2023-53548 at NVD CVE-2023-53550 at SUSE CVE-2023-53550 at NVD CVE-2023-53552 at SUSE CVE-2023-53552 at NVD CVE-2023-53553 at SUSE CVE-2023-53553 at NVD CVE-2023-53554 at SUSE CVE-2023-53554 at NVD CVE-2023-53555 at SUSE CVE-2023-53555 at NVD CVE-2023-53556 at SUSE CVE-2023-53556 at NVD CVE-2023-53557 at SUSE CVE-2023-53557 at NVD CVE-2023-53558 at SUSE CVE-2023-53558 at NVD CVE-2023-53559 at SUSE CVE-2023-53559 at NVD CVE-2023-53560 at SUSE CVE-2023-53560 at NVD CVE-2023-53563 at SUSE CVE-2023-53563 at NVD CVE-2023-53568 at SUSE CVE-2023-53568 at NVD CVE-2023-53570 at SUSE CVE-2023-53570 at NVD CVE-2023-53572 at SUSE CVE-2023-53572 at NVD CVE-2023-53574 at SUSE CVE-2023-53574 at NVD CVE-2023-53575 at SUSE CVE-2023-53575 at NVD CVE-2023-53577 at SUSE CVE-2023-53577 at NVD CVE-2023-53579 at SUSE CVE-2023-53579 at NVD CVE-2023-53580 at SUSE CVE-2023-53580 at NVD CVE-2023-53581 at SUSE CVE-2023-53581 at NVD CVE-2023-53583 at SUSE CVE-2023-53583 at NVD CVE-2023-53585 at SUSE CVE-2023-53585 at NVD CVE-2023-53588 at SUSE CVE-2023-53588 at NVD CVE-2023-53593 at SUSE CVE-2023-53593 at NVD CVE-2023-53596 at SUSE CVE-2023-53596 at NVD CVE-2023-53597 at SUSE CVE-2023-53597 at NVD CVE-2023-53599 at SUSE CVE-2023-53599 at NVD CVE-2023-53600 at SUSE CVE-2023-53600 at NVD CVE-2023-53601 at SUSE CVE-2023-53601 at NVD CVE-2023-53602 at SUSE CVE-2023-53602 at NVD CVE-2023-53603 at SUSE CVE-2023-53603 at NVD CVE-2023-53611 at SUSE CVE-2023-53611 at NVD CVE-2023-53613 at SUSE CVE-2023-53613 at NVD CVE-2023-53615 at SUSE CVE-2023-53615 at NVD CVE-2023-53616 at SUSE CVE-2023-53616 at NVD CVE-2023-53617 at SUSE CVE-2023-53617 at NVD CVE-2023-53618 at SUSE CVE-2023-53618 at NVD CVE-2023-53619 at SUSE CVE-2023-53619 at NVD CVE-2023-53621 at SUSE CVE-2023-53621 at NVD CVE-2023-53622 at SUSE CVE-2023-53622 at NVD CVE-2023-53631 at SUSE CVE-2023-53631 at NVD CVE-2023-53632 at SUSE CVE-2023-53632 at NVD CVE-2023-53633 at SUSE CVE-2023-53633 at NVD CVE-2023-53638 at SUSE CVE-2023-53638 at NVD CVE-2023-53645 at SUSE CVE-2023-53645 at NVD CVE-2023-53646 at SUSE CVE-2023-53646 at NVD CVE-2023-53647 at SUSE CVE-2023-53647 at NVD CVE-2023-53648 at SUSE CVE-2023-53648 at NVD CVE-2023-53649 at SUSE CVE-2023-53649 at NVD CVE-2023-53650 at SUSE CVE-2023-53650 at NVD CVE-2023-53652 at SUSE CVE-2023-53652 at NVD CVE-2023-53653 at SUSE CVE-2023-53653 at NVD CVE-2023-53654 at SUSE CVE-2023-53654 at NVD CVE-2023-53656 at SUSE CVE-2023-53656 at NVD CVE-2023-53657 at SUSE CVE-2023-53657 at NVD CVE-2023-53658 at SUSE CVE-2023-53658 at NVD CVE-2023-53659 at SUSE CVE-2023-53659 at NVD CVE-2023-53660 at SUSE CVE-2023-53660 at NVD CVE-2023-53662 at SUSE CVE-2023-53662 at NVD CVE-2023-53663 at SUSE CVE-2023-53663 at NVD CVE-2023-53665 at SUSE CVE-2023-53665 at NVD CVE-2023-53666 at SUSE CVE-2023-53666 at NVD CVE-2023-53668 at SUSE CVE-2023-53668 at NVD CVE-2023-53670 at SUSE CVE-2023-53670 at NVD CVE-2023-53672 at SUSE CVE-2023-53672 at NVD CVE-2023-53673 at SUSE CVE-2023-53673 at NVD CVE-2023-53674 at SUSE CVE-2023-53674 at NVD CVE-2023-53681 at SUSE CVE-2023-53681 at NVD CVE-2023-53686 at SUSE CVE-2023-53686 at NVD CVE-2023-53687 at SUSE CVE-2023-53687 at NVD CVE-2023-53693 at SUSE CVE-2023-53693 at NVD CVE-2023-53697 at SUSE CVE-2023-53697 at NVD CVE-2023-53698 at SUSE CVE-2023-53698 at NVD CVE-2023-53699 at SUSE CVE-2023-53699 at NVD CVE-2023-53703 at SUSE CVE-2023-53703 at NVD CVE-2023-53704 at SUSE CVE-2023-53704 at NVD CVE-2023-53707 at SUSE CVE-2023-53707 at NVD CVE-2023-53708 at SUSE CVE-2023-53708 at NVD CVE-2023-53711 at SUSE CVE-2023-53711 at NVD CVE-2023-53713 at SUSE CVE-2023-53713 at NVD CVE-2023-53718 at SUSE CVE-2023-53718 at NVD CVE-2023-53721 at SUSE CVE-2023-53721 at NVD CVE-2023-53722 at SUSE CVE-2023-53722 at NVD CVE-2023-53725 at SUSE CVE-2023-53725 at NVD CVE-2023-53726 at SUSE CVE-2023-53726 at NVD CVE-2023-53727 at SUSE CVE-2023-53727 at NVD CVE-2023-53728 at SUSE CVE-2023-53728 at NVD CVE-2023-53729 at SUSE CVE-2023-53729 at NVD CVE-2023-53730 at SUSE CVE-2023-53730 at NVD CVE-2023-53731 at SUSE CVE-2023-53731 at NVD CVE-2023-53733 at SUSE CVE-2023-53733 at NVD CVE-2025-38008 at SUSE CVE-2025-38008 at NVD CVE-2025-38539 at SUSE CVE-2025-38539 at NVD CVE-2025-38552 at SUSE CVE-2025-38552 at NVD CVE-2025-38653 at SUSE CVE-2025-38653 at NVD CVE-2025-38699 at SUSE CVE-2025-38699 at NVD CVE-2025-38700 at SUSE CVE-2025-38700 at NVD CVE-2025-38718 at SUSE CVE-2025-38718 at NVD CVE-2025-39673 at SUSE CVE-2025-39673 at NVD CVE-2025-39676 at SUSE CVE-2025-39676 at NVD CVE-2025-39683 at SUSE CVE-2025-39683 at NVD CVE-2025-39697 at SUSE CVE-2025-39697 at NVD CVE-2025-39702 at SUSE CVE-2025-39702 at NVD CVE-2025-39756 at SUSE CVE-2025-39756 at NVD CVE-2025-39794 at SUSE CVE-2025-39794 at NVD CVE-2025-39797 at SUSE CVE-2025-39797 at NVD CVE-2025-39812 at SUSE CVE-2025-39812 at NVD CVE-2025-39813 at SUSE CVE-2025-39813 at NVD CVE-2025-39828 at SUSE CVE-2025-39828 at NVD CVE-2025-39841 at SUSE CVE-2025-39841 at NVD CVE-2025-39851 at SUSE CVE-2025-39851 at NVD CVE-2025-39866 at SUSE CVE-2025-39866 at NVD CVE-2025-39876 at SUSE CVE-2025-39876 at NVD CVE-2025-39881 at SUSE CVE-2025-39881 at NVD CVE-2025-39895 at SUSE CVE-2025-39895 at NVD CVE-2025-39902 at SUSE CVE-2025-39902 at NVD CVE-2025-39911 at SUSE CVE-2025-39911 at NVD CVE-2025-39931 at SUSE CVE-2025-39931 at NVD CVE-2025-39934 at SUSE CVE-2025-39934 at NVD CVE-2025-39937 at SUSE CVE-2025-39937 at NVD CVE-2025-39938 at SUSE CVE-2025-39938 at NVD CVE-2025-39945 at SUSE CVE-2025-39945 at NVD CVE-2025-39946 at SUSE CVE-2025-39946 at NVD CVE-2025-39947 at SUSE CVE-2025-39947 at NVD CVE-2025-39948 at SUSE CVE-2025-39948 at NVD CVE-2025-39949 at SUSE CVE-2025-39949 at NVD CVE-2025-39952 at SUSE CVE-2025-39952 at NVD CVE-2025-39955 at SUSE CVE-2025-39955 at NVD CVE-2025-39957 at SUSE CVE-2025-39957 at NVD CVE-2025-39965 at SUSE CVE-2025-39965 at NVD CVE-2025-39967 at SUSE CVE-2025-39967 at NVD CVE-2025-39968 at SUSE CVE-2025-39968 at NVD CVE-2025-39969 at SUSE CVE-2025-39969 at NVD CVE-2025-39970 at SUSE CVE-2025-39970 at NVD CVE-2025-39971 at SUSE CVE-2025-39971 at NVD CVE-2025-39972 at SUSE CVE-2025-39972 at NVD CVE-2025-39973 at SUSE CVE-2025-39973 at NVD CVE-2025-39978 at SUSE CVE-2025-39978 at NVD CVE-2025-39981 at SUSE CVE-2025-39981 at NVD CVE-2025-39982 at SUSE CVE-2025-39982 at NVD CVE-2025-39985 at SUSE CVE-2025-39985 at NVD CVE-2025-39986 at SUSE CVE-2025-39986 at NVD CVE-2025-39987 at SUSE CVE-2025-39987 at NVD CVE-2025-39988 at SUSE CVE-2025-39988 at NVD CVE-2025-39991 at SUSE CVE-2025-39991 at NVD CVE-2025-39993 at SUSE CVE-2025-39993 at NVD CVE-2025-39994 at SUSE CVE-2025-39994 at NVD CVE-2025-39995 at SUSE CVE-2025-39995 at NVD CVE-2025-39996 at SUSE CVE-2025-39996 at NVD CVE-2025-39997 at SUSE CVE-2025-39997 at NVD CVE-2025-40000 at SUSE CVE-2025-40000 at NVD CVE-2025-40005 at SUSE CVE-2025-40005 at NVD CVE-2025-40010 at SUSE CVE-2025-40010 at NVD CVE-2025-40011 at SUSE CVE-2025-40011 at NVD CVE-2025-40013 at SUSE CVE-2025-40013 at NVD CVE-2025-40016 at SUSE CVE-2025-40016 at NVD CVE-2025-40018 at SUSE CVE-2025-40018 at NVD CVE-2025-40019 at SUSE CVE-2025-40019 at NVD CVE-2025-40020 at SUSE CVE-2025-40020 at NVD CVE-2025-40029 at SUSE CVE-2025-40029 at NVD CVE-2025-40032 at SUSE CVE-2025-40032 at NVD CVE-2025-40035 at SUSE CVE-2025-40035 at NVD CVE-2025-40036 at SUSE CVE-2025-40036 at NVD CVE-2025-40043 at SUSE CVE-2025-40043 at NVD CVE-2025-40044 at SUSE CVE-2025-40044 at NVD CVE-2025-40049 at SUSE CVE-2025-40049 at NVD CVE-2025-40051 at SUSE CVE-2025-40051 at NVD CVE-2025-40052 at SUSE CVE-2025-40052 at NVD CVE-2025-40056 at SUSE CVE-2025-40056 at NVD CVE-2025-40058 at SUSE CVE-2025-40058 at NVD CVE-2025-40060 at SUSE CVE-2025-40060 at NVD CVE-2025-40061 at SUSE CVE-2025-40061 at NVD CVE-2025-40062 at SUSE CVE-2025-40062 at NVD CVE-2025-40071 at SUSE CVE-2025-40071 at NVD CVE-2025-40078 at SUSE CVE-2025-40078 at NVD CVE-2025-40080 at SUSE CVE-2025-40080 at NVD CVE-2025-40082 at SUSE CVE-2025-40082 at NVD CVE-2025-40085 at SUSE CVE-2025-40085 at NVD CVE-2025-40087 at SUSE CVE-2025-40087 at NVD CVE-2025-40088 at SUSE CVE-2025-40088 at NVD CVE-2025-40096 at SUSE CVE-2025-40096 at NVD CVE-2025-40100 at SUSE CVE-2025-40100 at NVD cpe:/o:opensuse:leap:15.6 Security update for glib2 (Moderate) openSUSE Leap 15.6 This update for glib2 fixes the following issues: - CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055) Moderate SUSE bug 1249055 CVE-2025-7039 at SUSE CVE-2025-7039 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.24 (Moderate) openSUSE Leap 15.6 This update for go1.24 fixes the following issues: - CVE-2025-22866: Fixed timing sidechannel for P-256 on ppc64le (bsc#1236801). - CVE-2025-22867: Fixed arbitrary code execution during build on darwin (bsc#1236839). Other fixes: - go1.2r42 release tracking (bsc#1236217) Moderate SUSE bug 1236217 SUSE bug 1236801 SUSE bug 1236839 CVE-2025-22866 at SUSE CVE-2025-22866 at NVD CVE-2025-22867 at SUSE CVE-2025-22867 at NVD cpe:/o:opensuse:leap:15.6 Security update for libcryptopp (Moderate) openSUSE Leap 15.6 This update for libcryptopp fixes the following issues: - CVE-2023-50979: Fixed side-channel leakage during decryption with PKCS#1v1.5 padding. (bsc#1218217) Moderate SUSE bug 1218217 CVE-2023-50979 at SUSE CVE-2023-50979 at NVD cpe:/o:opensuse:leap:15.6 Security update for python (Low) openSUSE Leap 15.6 This update for python fixes the following issues: - CVE-2025-8291: Check the validity the ZIP64 End of Central Directory (EOCD). (bsc#1251305) Low SUSE bug 1251305 CVE-2025-8291 at SUSE CVE-2025-8291 at NVD cpe:/o:opensuse:leap:15.6 Security update for cups (Important) openSUSE Leap 15.6 This update for cups fixes the following issues: - The fix for CVE-2025-58436 causes a regression where GTK applications will hang. (bsc#1254353) See also https://github.com/OpenPrinting/cups/issues/1429 The fix has been temporary disabled. Important SUSE bug 1254353 CVE-2025-58436 at SUSE CVE-2025-58436 at NVD cpe:/o:opensuse:leap:15.6 Security update for gnutls (Moderate) openSUSE Leap 15.6 This update for gnutls fixes the following issues: - CVE-2025-9820: Fixed buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132) Moderate SUSE bug 1254132 CVE-2025-9820 at SUSE CVE-2025-9820 at NVD cpe:/o:opensuse:leap:15.6 Security update for gimp (Important) openSUSE Leap 15.6 This update for gimp fixes the following issues: - CVE-2025-10922: Fixed GIMP DCM file parsing heap-based buffer overflow remote code execution vulnerability. (bsc#1250497) Important SUSE bug 1250497 CVE-2025-10922 at SUSE CVE-2025-10922 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql13 (Important) openSUSE Leap 15.6 This update for postgresql13 fixes the following issues: Upgraded to 13.23: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS (bsc#1253332) - CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq (bsc#1253333) Other fixes: - Use %product_libs_llvm_ver to determine the LLVM version. - Remove conditionals for obsolete PostgreSQL releases. - Sync spec file from version 18. Important SUSE bug 1253332 SUSE bug 1253333 CVE-2025-12817 at SUSE CVE-2025-12817 at NVD CVE-2025-12818 at SUSE CVE-2025-12818 at NVD cpe:/o:opensuse:leap:15.6 Security update for gegl (Important) openSUSE Leap 15.6 This update for gegl fixes the following issues: - CVE-2025-10921: lack of proper validation of user-supplied data when parsing HDR files can lead to RCE (bsc#1250496). Important SUSE bug 1250496 CVE-2025-10921 at SUSE CVE-2025-10921 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.25 (Important) openSUSE Leap 15.6 This update for go1.25 fixes the following issues: go1.25.5 (released 2025-12-02) includes two security fixes to the crypto/x509 package, as well as bug fixes to the mime and os packages. (bsc#1244485) CVE-2025-61729 CVE-2025-61727: * go#76461 go#76445 bsc#1254431 security: fix CVE-2025-61729 crypto/x509: excessive resource consumption in printing error string for host certificate validation * go#76464 go#76442 bsc#1254430 security: fix CVE-2025-61727 crypto/x509: excluded subdomain constraint doesn't preclude wildcard SAN * go#76245 mime: FormatMediaType and ParseMediaType not compatible across 1.24 to 1.25 * go#76360 os: on windows RemoveAll removing directories containing read-only files errors with unlinkat ... Access is denied, ReOpenFile error handling followup - Packaging: Migrate from update-alternatives to libalternatives (bsc#1245878) * This is an optional migration controlled via prjconf definition with_libalternatives * If with_libalternatives is not defined packaging continues to use update-alternatives go1.25.4 (released 2025-11-05) includes fixes to the compiler, the runtime, and the crypto/subtle, encoding/pem, net/url, and os packages. (bsc#1244485) * go#75480 cmd/link: linker panic and relocation errors with complex generics inlining * go#75775 runtime: build fails when run via QEMU for linux/amd64 running on linux/arm64 * go#75790 crypto/internal/fips140/subtle: Go 1.25 subtle.xorBytes panic on MIPS * go#75832 net/url: ipv4 mapped ipv6 addresses should be valid in square brackets * go#75952 encoding/pem: regression when decoding blocks with leading garbage * go#75989 os: on windows RemoveAll removing directories containing read-only files errors with unlinkat ... Access is denied * go#76010 cmd/compile: any(func(){})==any(func(){}) does not panic but should * go#76029 pem/encoding: malformed line endings can cause panics Important SUSE bug 1244485 SUSE bug 1245878 SUSE bug 1254227 SUSE bug 1254430 SUSE bug 1254431 CVE-2025-61727 at SUSE CVE-2025-61727 at NVD CVE-2025-61729 at SUSE CVE-2025-61729 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.24 (Important) openSUSE Leap 15.6 This update for go1.24 fixes the following issues: go1.24.11 (released 2025-12-02) includes two security fixes to the crypto/x509 package, as well as bug fixes to the runtime. (bsc#1236217) CVE-2025-61727 CVE-2025-61729: * go#76460 go#76445 bsc#1254431 security: fix CVE-2025-61729 crypto/x509: excessive resource consumption in printing error string for host certificate validation * go#76463 go#76442 bsc#1254430 security: fix CVE-2025-61727 crypto/x509: excluded subdomain constraint doesn't preclude wildcard SAN * go#76378 internal/cpu: incorrect CPU features bit parsing on loong64 cause illegal instruction core dumps on LA364 cores - Packaging: Migrate from update-alternatives to libalternatives (bsc#1245878) * This is an optional migration controlled via prjconf definition with_libalternatives * If with_libalternatives is not defined packaging continues to use update-alternatives Important SUSE bug 1236217 SUSE bug 1245878 SUSE bug 1254430 SUSE bug 1254431 CVE-2025-61727 at SUSE CVE-2025-61727 at NVD CVE-2025-61729 at SUSE CVE-2025-61729 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-1_8_0-openj9 (Moderate) openSUSE Leap 15.6 This update for java-1_8_0-openj9 fixes the following issues: Update to OpenJDK 8u442 build 06 with OpenJ9 0.49.0 virtual machine. - CVE-2024-21235: unauthorized read/write access to data through the Hotspot component. (bsc#1231719) - CVE-2024-21217: partial denial-of-service through the Serialization component. (bsc#1231716) - CVE-2024-21210: unauthorized read/write access to data through the Hotspot component. (bsc#1231711) - CVE-2024-21208: partial denial-of-service through the Networking component. (bsc#1231702) Moderate SUSE bug 1231702 SUSE bug 1231711 SUSE bug 1231716 SUSE bug 1231719 CVE-2024-21208 at SUSE CVE-2024-21208 at NVD CVE-2024-21210 at SUSE CVE-2024-21210 at NVD CVE-2024-21217 at SUSE CVE-2024-21217 at NVD CVE-2024-21235 at SUSE CVE-2024-21235 at NVD cpe:/o:opensuse:leap:15.6 Security update for python310 (Low) openSUSE Leap 15.6 This update for python310 fixes the following issues: Update to 3.10.19: - CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars(). (bsc#1252974) - CVE-2025-8291: Check the validity the ZIP64 End of Central Directory (EOCD). (bsc#1251305) Low SUSE bug 1251305 SUSE bug 1252974 CVE-2025-6075 at SUSE CVE-2025-6075 at NVD CVE-2025-8291 at SUSE CVE-2025-8291 at NVD cpe:/o:opensuse:leap:15.6 Security update for fontforge (Low) openSUSE Leap 15.6 This update for fontforge fixes the following issues: - CVE-2025-50949: Fixed a memory leak in the DlgCreate8 function. (bsc#1252652) Low SUSE bug 1252652 CVE-2025-50949 at SUSE CVE-2025-50949 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql17, postgresql18 (Important) openSUSE Leap 15.6 This update for postgresql17, postgresql18 fixes the following issues: Changes in postgresql18: - Fix build with uring for post SLE15 code streams. Update to 18.1: * https://www.postgresql.org/about/news/p-3171/ * https://www.postgresql.org/docs/release/18.1/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. - pg_config --libs returns -lnuma so we need to require it. Update to 18.0: * https://www.postgresql.org/about/news/p-3142/ * https://www.postgresql.org/docs/18/release-18.html Changes in postgresql17: Update to 17.7: * https://www.postgresql.org/about/news/p-3171/ * https://www.postgresql.org/docs/release/17.7/ * bsc#1253332, CVE-2025-12817: Missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. * bsc#1253333, CVE-2025-12818: Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. - switch library to pg 18 Important SUSE bug 1253332 SUSE bug 1253333 CVE-2025-12817 at SUSE CVE-2025-12817 at NVD CVE-2025-12818 at SUSE CVE-2025-12818 at NVD cpe:/o:opensuse:leap:15.6 Security update for python3 (Low) openSUSE Leap 15.6 This update for python3 fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). Low SUSE bug 1251305 SUSE bug 1252974 CVE-2025-6075 at SUSE CVE-2025-6075 at NVD CVE-2025-8291 at SUSE CVE-2025-8291 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql14 (Important) openSUSE Leap 15.6 This update for postgresql14 fixes the following issues: Upgraded to 14.20: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS (bsc#1253332) - CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq (bsc#1253333) Other fixes: - Use %product_libs_llvm_ver to determine the LLVM version. - Remove conditionals for obsolete PostgreSQL releases. - Sync spec file from version 18. Important SUSE bug 1253332 SUSE bug 1253333 CVE-2025-12817 at SUSE CVE-2025-12817 at NVD CVE-2025-12818 at SUSE CVE-2025-12818 at NVD cpe:/o:opensuse:leap:15.6 Security update for kubernetes-client (Important) openSUSE Leap 15.6 This update for kubernetes client rebuilds it against current the go release to fix bugs and security issues in the go stdlib. Important cpe:/o:opensuse:leap:15.6 Security update for kubernetes-client (Important) openSUSE Leap 15.6 This update for kubernetes client rebuilds it against current the go release to fix bugs and security issues in the go stdlib. Important cpe:/o:opensuse:leap:15.6 Security update for python-Django (Important) openSUSE Leap 15.6 This update for python-Django fixes the following issues: - CVE-2025-13372: Fixed SQL Injection in FilteredRelation (bsc#1254437) - CVE-2025-64460: Fixed denial of service via specially crafted XML input in django.core.serializers.xml_serializer.getInnerText() (bsc#1254437) Important SUSE bug 1254437 CVE-2025-13372 at SUSE CVE-2025-13372 at NVD CVE-2025-64460 at SUSE CVE-2025-64460 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql16 (Important) openSUSE Leap 15.6 This update for postgresql16 fixes the following issues: Upgraded to 16.11: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS (bsc#1253332) - CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq (bsc#1253333) Other fixes: - Use %product_libs_llvm_ver to determine the LLVM version. - Remove conditionals for obsolete PostgreSQL releases. - Sync spec file from version 18. Important SUSE bug 1253332 SUSE bug 1253333 CVE-2025-12817 at SUSE CVE-2025-12817 at NVD CVE-2025-12818 at SUSE CVE-2025-12818 at NVD cpe:/o:opensuse:leap:15.6 Security update for python (Low) openSUSE Leap 15.6 This update for python fixes the following issues: - CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed to it are user-controlled (bsc#1252974). - CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305). Low SUSE bug 1251305 SUSE bug 1252974 CVE-2025-6075 at SUSE CVE-2025-6075 at NVD CVE-2025-8291 at SUSE CVE-2025-8291 at NVD cpe:/o:opensuse:leap:15.6 Security update for rhino (Moderate) openSUSE Leap 15.6 This update for rhino fixes the following issues: Update to version 1.7.15.1. Security issues fixed: - CVE-2025-66453: high CPU consumption when processing specific numbers via the `toFixed()` function (bsc#1254481). Other changes and issues fixed: - Version 1.7.15: * Basic support for 'rest parameters'. * Improvements in Unicode support. * 'Symbol.species' implemented in many places. * More correct property ordering in many places. * Miscellaneous improvements and bug fixes. Moderate SUSE bug 1254481 CVE-2025-66453 at SUSE CVE-2025-66453 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaThunderbird (Important) openSUSE Leap 15.6 This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 140.6 (bsc#1254551). - MFSA 2025-96 * CVE-2025-14321: use-after-free in the WebRTC: Signaling component. * CVE-2025-14322: sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. * CVE-2025-14323: privilege escalation in the DOM: Notifications component. * CVE-2025-14324: JIT miscompilation in the JavaScript Engine: JIT component. * CVE-2025-14325: JIT miscompilation in the JavaScript Engine: JIT component. * CVE-2025-14328: privilege escalation in the Netmonitor component. * CVE-2025-14329: privilege escalation in the Netmonitor component. * CVE-2025-14330: JIT miscompilation in the JavaScript Engine: JIT component. * CVE-2025-14331: same-origin policy bypass in the Request Handling component. * CVE-2025-14333: memory safety bugs. Important SUSE bug 1254551 CVE-2025-14321 at SUSE CVE-2025-14321 at NVD CVE-2025-14322 at SUSE CVE-2025-14322 at NVD CVE-2025-14323 at SUSE CVE-2025-14323 at NVD CVE-2025-14324 at SUSE CVE-2025-14324 at NVD CVE-2025-14325 at SUSE CVE-2025-14325 at NVD CVE-2025-14328 at SUSE CVE-2025-14328 at NVD CVE-2025-14329 at SUSE CVE-2025-14329 at NVD CVE-2025-14330 at SUSE CVE-2025-14330 at NVD CVE-2025-14331 at SUSE CVE-2025-14331 at NVD CVE-2025-14333 at SUSE CVE-2025-14333 at NVD cpe:/o:opensuse:leap:15.6 Security update for openjpeg2 (Moderate) openSUSE Leap 15.6 This update for openjpeg2 fixes the following issues: - CVE-2024-56826: Fixed heap buffer overflow in bin/common/color.c (bsc#1235029) Moderate SUSE bug 1235029 CVE-2024-56826 at SUSE CVE-2024-56826 at NVD cpe:/o:opensuse:leap:15.6 Security update for buildah (Moderate) openSUSE Leap 15.6 This update for buildah rebuilds it against the current security release of GO. Moderate cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50253: bpf: make sure skb->len != 0 when redirecting to a tunneling device (bsc#1249912). - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786). - CVE-2025-21710: tcp: correct handling of extreme memory squeeze (bsc#1237888). - CVE-2025-37916: pds_core: remove write-after-free of client_id (bsc#1243474). - CVE-2025-38359: s390/mm: Fix in_atomic() handling in do_secure_storage_access() (bsc#1247076). - CVE-2025-38361: drm/amd/display: Check dce_hwseq before dereferencing it (bsc#1247079). - CVE-2025-39788: scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE (bsc#1249547). - CVE-2025-39805: net: macb: fix unregister_netdev call order in macb_remove() (bsc#1249982). - CVE-2025-39819: fs/smb: Fix inconsistent refcnt update (bsc#1250176). - CVE-2025-39859: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog (bsc#1250252). - CVE-2025-39944: octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() (bsc#1251120). - CVE-2025-39980: nexthop: Forbid FDB status change while nexthop is in a group (bsc#1252063). - CVE-2025-40001: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (bsc#1252303). - CVE-2025-40021: tracing: dynevent: Add a missing lockdown check on dynevent (bsc#1252681). - CVE-2025-40027: net/9p: fix double req put in p9_fd_cancelled (bsc#1252763). - CVE-2025-40030: pinctrl: check the return value of pinmux_ops::get_function_name() (bsc#1252773). - CVE-2025-40038: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid (bsc#1252817). - CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780). - CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862). - CVE-2025-40055: ocfs2: fix double free in user_cluster_connect() (bsc#1252821). - CVE-2025-40059: coresight: Fix incorrect handling for return value of devm_kzalloc (bsc#1252809). - CVE-2025-40064: smc: Fix use-after-free in __pnet_find_base_ndev() (bsc#1252845). - CVE-2025-40070: pps: fix warning in pps_register_cdev when register device fail (bsc#1252836). - CVE-2025-40074: ipv4: start using dst_dev_rcu() (bsc#1252794). - CVE-2025-40075: tcp_metrics: use dst_dev_net_rcu() (bsc#1252795). - CVE-2025-40083: net/sched: sch_qfq: Fix null-deref in agg_dequeue (bsc#1252912). - CVE-2025-40098: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() (bsc#1252917). - CVE-2025-40105: vfs: Don't leak disconnected dentries on umount (bsc#1252928). - CVE-2025-40139: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set() (bsc#1253409). - CVE-2025-40149: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock() (bsc#1253355). - CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253403). - CVE-2025-40168: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match() (bsc#1253427). - CVE-2025-40169: bpf: Reject negative offsets for ALU ops (bsc#1253416). - CVE-2025-40173: net/ip6_tunnel: Prevent perpetual tunnel growth (bsc#1253421). - CVE-2025-40176: tls: wait for pending async decryptions if tls_strp_msg_hold fails (bsc#1253425). - CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436). The following non security issues were fixed: - ACPI: CPPC: Check _CPC validity for only the online CPUs (git-fixes). - ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs (git-fixes). - ACPI: CPPC: Perform fast check switch only for online CPUs (git-fixes). - ACPI: PRM: Skip handlers with NULL handler_address or NULL VA (stable-fixes). - ACPI: SBS: Fix present test in acpi_battery_read() (git-fixes). - ACPI: property: Return present device nodes only on fwnode interface (stable-fixes). - ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids (stable-fixes). - ACPICA: Update dsmethod.c to get rid of unused variable warning (stable-fixes). - ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() (stable-fixes). - ALSA: hda: Fix missing pointer check in hda_component_manager_init function (git-fixes). - ALSA: serial-generic: remove shared static buffer (stable-fixes). - ALSA: usb-audio: Add validation of UAC2/UAC3 effect units (stable-fixes). - ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd (git-fixes). - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer (stable-fixes). - ALSA: usb-audio: add mono main switch to Presonus S1824c (stable-fixes). - ALSA: usb-audio: apply quirk for MOONDROP Quark2 (stable-fixes). - ALSA: usb-audio: don't log messages meant for 1810c when initializing 1824c (git-fixes). - ALSA: usb-audio: fix uac2 clock source at terminal parser (git-fixes). - ASoC: codecs: va-macro: fix resource leak in probe error path (git-fixes). - ASoC: cs4271: Fix regulator leak on probe failure (git-fixes). - ASoC: max98090/91: fixed max98091 ALSA widget powering up/down (stable-fixes). - ASoC: meson: aiu-encoder-i2s: fix bit clock polarity (stable-fixes). - ASoC: qcom: sc8280xp: explicitly set S16LE format in sc8280xp_be_hw_params_fixup() (stable-fixes). - ASoC: stm32: sai: manage context in set_sysclk callback (stable-fixes). - ASoC: tlv320aic3x: Fix class-D initialization for tlv320aic3007 (stable-fixes). - Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions (git-fixes). - Bluetooth: 6lowpan: add missing l2cap_chan_lock() (git-fixes). - Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion (git-fixes). - Bluetooth: 6lowpan: reset link-local header on ipv6 recv path (git-fixes). - Bluetooth: L2CAP: export l2cap_chan_hold for modules (stable-fixes). - Bluetooth: MGMT: cancel mesh send timer when hdev removed (git-fixes). - Bluetooth: SCO: Fix UAF on sco_conn_free (stable-fixes). - Bluetooth: bcsp: receive data only if registered (stable-fixes). - Bluetooth: btrtl: Fix memory leak in rtlbt_parse_firmware_v2() (git-fixes). - Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames (stable-fixes). - Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (git-fixes). - Bluetooth: hci_event: validate skb length for unknown CC opcode (git-fixes). - Drivers: hv: vmbus: Add utility function for querying ring size (git-fixes). - HID: amd_sfh: Stop sensor before starting (git-fixes). - HID: hid-ntrig: Prevent memory leak in ntrig_report_version() (git-fixes). - HID: quirks: avoid Cooler Master MM712 dongle wakeup bug (stable-fixes). - HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (git-fixes). - HID: uclogic: Fix potential memory leak in error path (git-fixes). - Input: atmel_mxt_ts - allow reset GPIO to sleep (stable-fixes). - Input: imx_sc_key - fix memory corruption on unload (git-fixes). - Input: pegasus-notetaker - fix potential out-of-bounds access (git-fixes). - KVM: Pass new routing entries and irqfd when updating IRTEs (git-fixes). - KVM: SVM: Delete IRTE link from previous vCPU before setting new IRTE (git-fixes). - KVM: SVM: Delete IRTE link from previous vCPU irrespective of new routing (git-fixes). - KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 (git-fixes). - KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated (git-fixes). - KVM: SVM: Re-load current, not host, TSC_AUX on #VMEXIT from SEV-ES guest (git-fixes). - KVM: SVM: Track per-vCPU IRTEs using kvm_kernel_irqfd structure (git-fixes). - KVM: SVM: WARN if an invalid posted interrupt IRTE entry is added (git-fixes). - KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported (git-fixes). - KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes). - KVM: VMX: Fix check for valid GVA on an EPT violation (git-fixes). - KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest (git-fixes). - KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs (git-fixes). - KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter (git-fixes). - KVM: x86/mmu: Locally cache whether a PFN is host MMIO when making a SPTE (git-fixes). - KVM: x86: Add helper to retrieve current value of user return MSR (git-fixes). - KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes). - KVM: x86: Don't treat ENTER and LEAVE as branches, because they aren't (git-fixes). - KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag (git-fixes). - NFS4: Fix state renewals missing after boot (git-fixes). - NFS: check if suid/sgid was cleared after a write as needed (git-fixes). - NFSD: Never cache a COMPOUND when the SEQUENCE operation fails (git-fixes). - NFSD: Skip close replay processing if XDR encoding fails (git-fixes). - NFSD: free copynotify stateid in nfs4_free_ol_stateid() (git-fixes). - NFSv4.1: fix mount hang after CREATE_SESSION failure (git-fixes). - NFSv4: handle ERR_GRACE on delegation recalls (git-fixes). - PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call (stable-fixes). - PCI/PM: Skip resuming to D0 if device is disconnected (stable-fixes). - PCI: Disable MSI on RDC PCI to PCIe bridges (stable-fixes). - PCI: cadence: Check for the existence of cdns_pcie::ops before using it (stable-fixes). - PCI: dwc: Verify the single eDMA IRQ in dw_pcie_edma_irq_verify() (stable-fixes). - PCI: j721e: Fix incorrect error message in probe() (git-fixes). - PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock (git-fixes). - PCI: tegra194: Reset BARs when running in PCIe endpoint mode (git-fixes). - RDMA/bnxt_re: Don't fail destroy QP and cleanup debugfs earlier (git-fixes). - RDMA/bnxt_re: Fix a potential memory leak in destroy_gsi_sqp (git-fixes). - RDMA/hns: Fix recv CQ and QP cache affinity (git-fixes). - RDMA/hns: Fix the modification of max_send_sge (git-fixes). - RDMA/hns: Fix wrong WQE data when QP wraps around (git-fixes). - RDMA/irdma: Fix SD index calculation (git-fixes). - RDMA/irdma: Set irdma_cq cq_num field during CQ create (git-fixes). - accel/habanalabs/gaudi2: fix BMON disable configuration (stable-fixes). - accel/habanalabs/gaudi2: read preboot status after recovering from dirty state (stable-fixes). - accel/habanalabs: return ENOMEM if less than requested pages were pinned (stable-fixes). - accel/habanalabs: support mapping cb with vmalloc-backed coherent memory (stable-fixes). - acpi,srat: Fix incorrect device handle check for Generic Initiator (git-fixes). - amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw (stable-fixes). - block: avoid possible overflow for chunk_sectors check in blk_stack_limits() (git-fixes). - block: fix kobject double initialization in add_disk (git-fixes). - btrfs: abort transaction on failure to add link to inode (git-fixes). - btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range() (git-fix). - btrfs: avoid using fixed char array size for tree names (git-fix). - btrfs: do not update last_log_commit when logging inode due to a new name (git-fixes). - btrfs: fix COW handling in run_delalloc_nocow() (git-fix). - btrfs: fix inode leak on failure to add link to inode (git-fixes). - btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve (git-fix). - btrfs: mark dirty extent range for out of bound prealloc extents (git-fixes). - btrfs: qgroup: correctly model root qgroup rsv in convert (git-fix). - btrfs: rename err to ret in btrfs_link() (git-fixes). - btrfs: run btrfs_error_commit_super() early (git-fix). - btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() (git-fix). - btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() (git-fixes). - btrfs: send: fix duplicated rmdir operations when using extrefs (git-fixes). - btrfs: set inode flag BTRFS_INODE_COPY_EVERYTHING when logging new name (git-fixes). - btrfs: simplify error handling logic for btrfs_link() (git-fixes). - btrfs: tree-checker: add dev extent item checks (git-fix). - btrfs: tree-checker: add type and sequence check for inline backrefs (git-fix). - btrfs: tree-checker: fix the wrong output of data backref objectid (git-fix). - btrfs: tree-checker: reject BTRFS_FT_UNKNOWN dir type (git-fix). - btrfs: tree-checker: validate dref root and objectid (git-fix). - btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() (git-fixes). - char: misc: Does not request module for miscdevice with dynamic minor (stable-fixes). - char: misc: Make misc_register() reentry for miscdevice who wants dynamic minor (stable-fixes). - char: misc: restrict the dynamic range to exclude reserved minors (stable-fixes). - cramfs: Verify inode mode when loading from disk (git-fixes). - crypto: aspeed - fix double free caused by devm (git-fixes). - crypto: aspeed-acry - Convert to platform remove callback returning void (stable-fixes). - crypto: hisilicon/qm - Fix device reference leak in qm_get_qos_value (git-fixes). - crypto: iaa - Do not clobber req->base.data (git-fixes). - crypto: qat - use kcalloc() in qat_uclo_map_objs_from_mof() (stable-fixes). - dmaengine: dw-edma: Set status for callback_result (stable-fixes). - dmaengine: mv_xor: match alloc_wc and free_wc (stable-fixes). - drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream (stable-fixes). - drm/amd/display: Disable VRR on DCE 6 (stable-fixes). - drm/amd/display: Fix DVI-D/HDMI adapters (stable-fixes). - drm/amd/display: Fix NULL deref in debugfs odm_combine_segments (git-fixes). - drm/amd/display: Fix black screen with HDMI outputs (git-fixes). - drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration (stable-fixes). - drm/amd/display: add more cyan skillfish devices (stable-fixes). - drm/amd/display: ensure committing streams is seamless (stable-fixes). - drm/amd/display: update dpp/disp clock from smu clock table (stable-fixes). - drm/amd/pm: Disable MCLK switching on SI at high pixel clocks (stable-fixes). - drm/amd/pm: Use cached metrics data on aldebaran (stable-fixes). - drm/amd/pm: Use cached metrics data on arcturus (stable-fixes). - drm/amd: Avoid evicting resources at S5 (stable-fixes). - drm/amd: Fix suspend failure with secure display TA (git-fixes). - drm/amd: add more cyan skillfish PCI ids (stable-fixes). - drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff (stable-fixes). - drm/amdgpu: Allow kfd CRIU with no buffer objects (stable-fixes). - drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices (stable-fixes). - drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl (stable-fixes). - drm/amdgpu: add support for cyan skillfish gpu_info (stable-fixes). - drm/amdgpu: don't enable SMU on cyan skillfish (stable-fixes). - drm/amdgpu: reject gang submissions under SRIOV (stable-fixes). - drm/amdkfd: Handle lack of READ permissions in SVM mapping (stable-fixes). - drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption (stable-fixes). - drm/amdkfd: fix vram allocation failure for a special case (stable-fixes). - drm/amdkfd: return -ENOTTY for unsupported IOCTLs (stable-fixes). - drm/bridge: cdns-dsi: Don't fail on MIPI_DSI_MODE_VIDEO_BURST (stable-fixes). - drm/bridge: cdns-dsi: Fix REG_WAKEUP_TIME value (stable-fixes). - drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts (stable-fixes). - drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD (git-fixes). - drm/i915: Fix conversion between clock ticks and nanoseconds (git-fixes). - drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL (stable-fixes). - drm/msm/dsi/phy_7nm: Fix missing initial VCO rate (stable-fixes). - drm/msm: make sure to not queue up recovery more than once (stable-fixes). - drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() (stable-fixes). - drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb (git-fixes). - drm/tegra: Add call to put_pid() (git-fixes). - drm/tegra: dc: Fix reference leak in tegra_dc_couple() (git-fixes). - drm/tidss: Set crtc modesetting parameters with adjusted mode (stable-fixes). - drm/tidss: Use the crtc_* timings when programming the HW (stable-fixes). - drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (git-fixes). - exfat: limit log print for IO error (git-fixes). - extcon: adc-jack: Cleanup wakeup source only if it was enabled (git-fixes). - extcon: adc-jack: Fix wakeup source leaks on device unbind (stable-fixes). - fbcon: Set fb_display[i]->mode to NULL when the mode is released (stable-fixes). - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (stable-fixes). - fbdev: bitblit: bound-check glyph index in bit_putcs* (stable-fixes). - fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS (stable-fixes). - hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex (stable-fixes). - hwmon: (dell-smm) Add support for Dell OptiPlex 7040 (stable-fixes). - hwmon: (k10temp) Add device ID for Strix Halo (stable-fixes). - hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models (stable-fixes). - hwmon: (sbtsi_temp) AMD CPU extended temperature range support (stable-fixes). - hwmon: sy7636a: add alias (stable-fixes). - iio: adc: imx93_adc: load calibrated values even calibration failed (stable-fixes). - iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register (stable-fixes). - ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (stable-fixes). - iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE (git-fixes). - isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() (git-fixes). - jfs: Verify inode mode when loading from disk (git-fixes). - jfs: fix uninitialized waitqueue in transaction manager (git-fixes). - lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC (git-fixes). - md/raid1: fix data lost for writemostly rdev (git-fixes). - md: fix mssing blktrace bio split events (git-fixes). - media: adv7180: Add missing lock in suspend callback (stable-fixes). - media: adv7180: Do not write format to device in set_fmt (stable-fixes). - media: adv7180: Only validate format in querystd (stable-fixes). - media: amphion: Delete v4l2_fh synchronously in .release() (stable-fixes). - media: fix uninitialized symbol warnings (stable-fixes). - media: i2c: Kconfig: Ensure a dependency on HAVE_CLK for VIDEO_CAMERA_SENSOR (stable-fixes). - media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer (stable-fixes). - media: imon: make send_packet() more robust (stable-fixes). - media: ov08x40: Fix the horizontal flip control (stable-fixes). - media: redrat3: use int type to store negative error codes (stable-fixes). - media: uvcvideo: Use heuristic to find stream entity (git-fixes). - memstick: Add timeout to prevent indefinite waiting (stable-fixes). - mfd: da9063: Split chip variant reading in two bus transactions (stable-fixes). - mfd: madera: Work around false-positive -Wininitialized warning (stable-fixes). - mfd: stmpe-i2c: Add missing MODULE_LICENSE (stable-fixes). - mfd: stmpe: Remove IRQ domain upon removal (stable-fixes). - minixfs: Verify inode mode when loading from disk (git-fixes). - mm/mm_init: fix hash table order logging in alloc_large_system_hash() (git-fixes). - mm/secretmem: fix use-after-free race in fault handler (git-fixes). - mmc: host: renesas_sdhi: Fix the actual clock (stable-fixes). - mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card (stable-fixes). - mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 (git-fixes). - mtd: onenand: Pass correct pointer to IRQ handler (git-fixes). - mtd: rawnand: cadence: fix DMA device NULL pointer dereference (git-fixes). - mtdchar: fix integer overflow in read/write ioctls (git-fixes). - net/mana: fix warning in the writer of client oob (git-fixes). - net/smc: Remove validation of reserved bits in CLC Decline message (bsc#1253779). - net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms (stable-fixes). - net: phy: clear link parameters on admin link down (stable-fixes). - net: phy: fixed_phy: let fixed_phy_unregister free the phy_device (stable-fixes). - net: phy: marvell: Fix 88e1510 downshift counter errata (stable-fixes). - net: tcp: send zero-window ACK when no memory (bsc#1253779). - net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup (git-fixes). - nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing (git-fixes). - nfsd: do not defer requests during idmap lookup in v4 compound decode (bsc#1232223). - nfsd: fix return error codes for nfsd_map_name_to_id (bsc#1232223). - nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot (git-fixes). - perf script: add --addr2line option (bsc#1247509). - phy: cadence: cdns-dphy: Enable lower resolutions in dphy (stable-fixes). - phy: renesas: r8a779f0-ether-serdes: add new step added to latest datasheet (stable-fixes). - phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 (stable-fixes). - pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc (git-fixes). - pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() (git-fixes). - pinctrl: single: fix bias pull up/down handling in pin_config_set (stable-fixes). - platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos (git-fixes). - power: supply: qcom_battmgr: add OOI chemistry (stable-fixes). - power: supply: qcom_battmgr: handle charging state change notifications (stable-fixes). - power: supply: sbs-charger: Support multiple devices (stable-fixes). - regulator: fixed: fix GPIO descriptor leak on register failure (git-fixes). - rtc: rx8025: fix incorrect register reference (git-fixes). - s390/mm,fault: simplify kfence fault handling (bsc#1247076). - scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans (git-fixes). - scsi: aacraid: Stop using PCI_IRQ_AFFINITY (git-fixes). - scsi: core: sysfs: Correct sysfs attributes access rights (git-fixes). - scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() (git-fixes). - scsi: libfc: Prevent integer overflow in fc_fcp_recv_data() (git-fixes). - scsi: mpi3mr: Correctly handle ATA device errors (git-fixes). - scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers (git-fixes). - scsi: mpt3sas: Correctly handle ATA device errors (git-fixes). - scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (git-fixes). - scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod (git-fixes). - scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267). - selftests/bpf: Close fd in error path in drop_on_reuseport (git-fixes). - selftests/bpf: Close obj in error path in xdp_adjust_tail (git-fixes). - selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c (git-fixes). - selftests/bpf: Fix missing BUILD_BUG_ON() declaration (git-fixes). - selftests/bpf: Fix missing UINT_MAX definitions in benchmarks (git-fixes). - selftests/bpf: Fix string read in strncmp benchmark (git-fixes). - selftests/bpf: Mitigate sockmap_ktls disconnect_after_delete failure (git-fixes). - selftests/bpf: Use pid_t consistently in test_progs.c (git-fixes). - selftests/bpf: fix signedness bug in redir_partial() (git-fixes). - serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 (git-fixes). - serial: 8250_mtk: Enable baud clock and manage in runtime PM (git-fixes). - soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups (stable-fixes). - soc: aspeed: socinfo: Add AST27xx silicon IDs (stable-fixes). - soc: qcom: smem: Fix endian-unaware access of num_entries (stable-fixes). - spi: Try to get ACPI GPIO IRQ earlier (git-fixes). - spi: loopback-test: Don't use %pK through printk (stable-fixes). - spi: rpc-if: Add resume support for RZ/G3E (stable-fixes). - strparser: Fix signed/unsigned mismatch bug (git-fixes). - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork (bsc#1250705). - thunderbolt: Use is_pciehp instead of is_hotplug_bridge (stable-fixes). - tools/cpupower: Fix incorrect size in cpuidle_state_disable() (stable-fixes). - tools/cpupower: fix error return value in cpupower_write_sysfs() (stable-fixes). - tools/power x86_energy_perf_policy: Enhance HWP enable (stable-fixes). - tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage (stable-fixes). - tools/power x86_energy_perf_policy: Prefer driver HWP limits (stable-fixes). - tools: lib: thermal: don't preserve owner in install (stable-fixes). - tools: lib: thermal: use pkg-config to locate libnl3 (stable-fixes). - uio_hv_generic: Query the ringbuffer size for device (git-fixes). - usb/core/quirks: Add Huawei ME906S to wakeup quirk (git-fixes). - usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget (stable-fixes). - usb: gadget: f_fs: Fix epfile null pointer access after ep enable (stable-fixes). - usb: gadget: f_hid: Fix zero length packet transfer (stable-fixes). - usb: gadget: f_ncm: Fix MAC assignment NCM ethernet (stable-fixes). - usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs (stable-fixes). - usb: xhci: plat: Facilitate using autosuspend for xhci plat devices (stable-fixes). - video: backlight: lp855x_bl: Set correct EPROM start for LP8556 (stable-fixes). - watchdog: s3c2410_wdt: Fix max_timeout being calculated larger (stable-fixes). - wifi: ath10k: Fix connection after GTK rekeying (stable-fixes). - wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp() (git-fixes). - wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256 (stable-fixes). - wifi: mac80211: Fix HE capabilities element check (stable-fixes). - wifi: mac80211: reject address change while connecting (git-fixes). - wifi: mac80211: skip rate verification for not captured PSDUs (git-fixes). - wifi: mac80211_hwsim: Limit destroy_on_close radio removal to netgroup (git-fixes). - wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device (stable-fixes). - wifi: mt76: mt7996: Temporarily disable EPCS (stable-fixes). - wifi: mwl8k: inject DSSS Parameter Set element into beacons if missing (git-fixes). - wifi: rtw88: sdio: use indirect IO for device registers before power-on (stable-fixes). - wifi: zd1211rw: fix potential memory leak in __zd_usb_enable_rx() (git-fixes). - x86/CPU/AMD: Add RDSEED fix for Zen5 (git-fixes). - x86/CPU/AMD: Add additional fixed RDSEED microcode revisions (git-fixes). - x86/CPU/AMD: Add missing terminator for zen5_rdseed_microcode (git-fixes). - x86/CPU/AMD: Do the common init on future Zens too (git-fixes). - x86/amd_nb: Add new PCI IDs for AMD family 0x1a (stable-fixes). - x86/bugs: Fix reporting of LFENCE retpoline (git-fixes). - x86/bugs: Report correct retbleed mitigation status (git-fixes). - x86/vmscape: Add old Intel CPUs to affected list (git-fixes). - xhci: dbc: Allow users to modify DbC poll interval via sysfs (stable-fixes). - xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive (git-fixes). - xhci: dbc: Improve performance by removing delay in transfer event polling (stable-fixes). - xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event (git-fixes). - xhci: dbc: poll at different rate depending on data transfer activity (stable-fixes). Important SUSE bug 1232223 SUSE bug 1237888 SUSE bug 1243474 SUSE bug 1245193 SUSE bug 1247076 SUSE bug 1247079 SUSE bug 1247500 SUSE bug 1247509 SUSE bug 1249547 SUSE bug 1249912 SUSE bug 1249982 SUSE bug 1250176 SUSE bug 1250237 SUSE bug 1250252 SUSE bug 1250705 SUSE bug 1251120 SUSE bug 1251786 SUSE bug 1252063 SUSE bug 1252267 SUSE bug 1252303 SUSE bug 1252353 SUSE bug 1252681 SUSE bug 1252763 SUSE bug 1252773 SUSE bug 1252780 SUSE bug 1252794 SUSE bug 1252795 SUSE bug 1252809 SUSE bug 1252817 SUSE bug 1252821 SUSE bug 1252836 SUSE bug 1252845 SUSE bug 1252862 SUSE bug 1252912 SUSE bug 1252917 SUSE bug 1252928 SUSE bug 1253018 SUSE bug 1253176 SUSE bug 1253275 SUSE bug 1253318 SUSE bug 1253324 SUSE bug 1253349 SUSE bug 1253352 SUSE bug 1253355 SUSE bug 1253360 SUSE bug 1253362 SUSE bug 1253363 SUSE bug 1253367 SUSE bug 1253369 SUSE bug 1253393 SUSE bug 1253395 SUSE bug 1253403 SUSE bug 1253407 SUSE bug 1253409 SUSE bug 1253412 SUSE bug 1253416 SUSE bug 1253421 SUSE bug 1253423 SUSE bug 1253424 SUSE bug 1253425 SUSE bug 1253427 SUSE bug 1253428 SUSE bug 1253431 SUSE bug 1253436 SUSE bug 1253438 SUSE bug 1253440 SUSE bug 1253441 SUSE bug 1253445 SUSE bug 1253448 SUSE bug 1253449 SUSE bug 1253453 SUSE bug 1253456 SUSE bug 1253472 SUSE bug 1253779 CVE-2022-50253 at SUSE CVE-2022-50253 at NVD CVE-2023-53676 at SUSE CVE-2023-53676 at NVD CVE-2025-21710 at SUSE CVE-2025-21710 at NVD CVE-2025-37916 at SUSE CVE-2025-37916 at NVD CVE-2025-38359 at SUSE CVE-2025-38359 at NVD CVE-2025-38361 at SUSE CVE-2025-38361 at NVD CVE-2025-39788 at SUSE CVE-2025-39788 at NVD CVE-2025-39805 at SUSE CVE-2025-39805 at NVD CVE-2025-39819 at SUSE CVE-2025-39819 at NVD CVE-2025-39859 at SUSE CVE-2025-39859 at NVD CVE-2025-39944 at SUSE CVE-2025-39944 at NVD CVE-2025-39980 at SUSE CVE-2025-39980 at NVD CVE-2025-40001 at SUSE CVE-2025-40001 at NVD CVE-2025-40021 at SUSE CVE-2025-40021 at NVD CVE-2025-40027 at SUSE CVE-2025-40027 at NVD CVE-2025-40030 at SUSE CVE-2025-40030 at NVD CVE-2025-40038 at SUSE CVE-2025-40038 at NVD CVE-2025-40040 at SUSE CVE-2025-40040 at NVD CVE-2025-40048 at SUSE CVE-2025-40048 at NVD CVE-2025-40055 at SUSE CVE-2025-40055 at NVD CVE-2025-40059 at SUSE CVE-2025-40059 at NVD CVE-2025-40064 at SUSE CVE-2025-40064 at NVD CVE-2025-40070 at SUSE CVE-2025-40070 at NVD CVE-2025-40074 at SUSE CVE-2025-40074 at NVD CVE-2025-40075 at SUSE CVE-2025-40075 at NVD CVE-2025-40083 at SUSE CVE-2025-40083 at NVD CVE-2025-40098 at SUSE CVE-2025-40098 at NVD CVE-2025-40105 at SUSE CVE-2025-40105 at NVD CVE-2025-40107 at SUSE CVE-2025-40107 at NVD CVE-2025-40109 at SUSE CVE-2025-40109 at NVD CVE-2025-40110 at SUSE CVE-2025-40110 at NVD CVE-2025-40111 at SUSE CVE-2025-40111 at NVD CVE-2025-40115 at SUSE CVE-2025-40115 at NVD CVE-2025-40116 at SUSE CVE-2025-40116 at NVD CVE-2025-40118 at SUSE CVE-2025-40118 at NVD CVE-2025-40120 at SUSE CVE-2025-40120 at NVD CVE-2025-40121 at SUSE CVE-2025-40121 at NVD CVE-2025-40127 at SUSE CVE-2025-40127 at NVD CVE-2025-40129 at SUSE CVE-2025-40129 at NVD CVE-2025-40139 at SUSE CVE-2025-40139 at NVD CVE-2025-40140 at SUSE CVE-2025-40140 at NVD CVE-2025-40141 at SUSE CVE-2025-40141 at NVD CVE-2025-40149 at SUSE CVE-2025-40149 at NVD CVE-2025-40154 at SUSE CVE-2025-40154 at NVD CVE-2025-40156 at SUSE CVE-2025-40156 at NVD CVE-2025-40157 at SUSE CVE-2025-40157 at NVD CVE-2025-40159 at SUSE CVE-2025-40159 at NVD CVE-2025-40164 at SUSE CVE-2025-40164 at NVD CVE-2025-40168 at SUSE CVE-2025-40168 at NVD CVE-2025-40169 at SUSE CVE-2025-40169 at NVD CVE-2025-40171 at SUSE CVE-2025-40171 at NVD CVE-2025-40172 at SUSE CVE-2025-40172 at NVD CVE-2025-40173 at SUSE CVE-2025-40173 at NVD CVE-2025-40176 at SUSE CVE-2025-40176 at NVD CVE-2025-40180 at SUSE CVE-2025-40180 at NVD CVE-2025-40183 at SUSE CVE-2025-40183 at NVD CVE-2025-40186 at SUSE CVE-2025-40186 at NVD CVE-2025-40188 at SUSE CVE-2025-40188 at NVD CVE-2025-40194 at SUSE CVE-2025-40194 at NVD CVE-2025-40198 at SUSE CVE-2025-40198 at NVD CVE-2025-40200 at SUSE CVE-2025-40200 at NVD CVE-2025-40204 at SUSE CVE-2025-40204 at NVD CVE-2025-40205 at SUSE CVE-2025-40205 at NVD CVE-2025-40206 at SUSE CVE-2025-40206 at NVD CVE-2025-40207 at SUSE CVE-2025-40207 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaFirefox (Important) openSUSE Leap 15.6 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.6.0 ESR (bsc#1254551). - MFSA 2025-94 * CVE-2025-14321: use-after-free in the WebRTC: Signaling component. * CVE-2025-14322: sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. * CVE-2025-14323: privilege escalation in the DOM: Notifications component. * CVE-2025-14324: JIT miscompilation in the JavaScript Engine: JIT component. * CVE-2025-14325: JIT miscompilation in the JavaScript Engine: JIT component. * CVE-2025-14328: privilege escalation in the Netmonitor component. * CVE-2025-14329: privilege escalation in the Netmonitor component. * CVE-2025-14330: JIT miscompilation in the JavaScript Engine: JIT component. * CVE-2025-14331: same-origin policy bypass in the Request Handling component. * CVE-2025-14333: memory safety bugs. Important SUSE bug 1254551 CVE-2025-14321 at SUSE CVE-2025-14321 at NVD CVE-2025-14322 at SUSE CVE-2025-14322 at NVD CVE-2025-14323 at SUSE CVE-2025-14323 at NVD CVE-2025-14324 at SUSE CVE-2025-14324 at NVD CVE-2025-14325 at SUSE CVE-2025-14325 at NVD CVE-2025-14328 at SUSE CVE-2025-14328 at NVD CVE-2025-14329 at SUSE CVE-2025-14329 at NVD CVE-2025-14330 at SUSE CVE-2025-14330 at NVD CVE-2025-14331 at SUSE CVE-2025-14331 at NVD CVE-2025-14333 at SUSE CVE-2025-14333 at NVD cpe:/o:opensuse:leap:15.6 Security update for cups (Moderate) openSUSE Leap 15.6 This update for cups fixes the following issues: Security issues fixed: - CVE-2025-58436: single client sending slow messages to cupsd can delay the application and make it unusable for other clients (bsc#1244057). Other issues fixed: - Update the CVE-2025-58436 patch to fix a regression that causes GTK applications to hang (bsc#1254353). Moderate SUSE bug 1244057 SUSE bug 1254353 CVE-2025-58436 at SUSE CVE-2025-58436 at NVD cpe:/o:opensuse:leap:15.6 Security update for xkbcomp (Moderate) openSUSE Leap 15.6 This update for xkbcomp fixes the following issues: - CVE-2018-15863: NULL pointer dereference triggered by a a crafted keymap file with a no-op modmask expression can lead to a crash (bsc#1105832). - CVE-2018-15861: NULL pointer dereference triggered by a crafted keymap file that induces an `xkb_intern_atom` failure can lead to a crash (bsc#1105832). - CVE-2018-15859: NULL pointer dereference triggered by a specially a crafted keymap file can lead to a crash (bsc#1105832). - CVE-2018-15853: endless recursion triggered by a crafted keymap file that induces boolean negation can lead to a crash (bsc#1105832). Moderate SUSE bug 1105832 CVE-2018-15853 at SUSE CVE-2018-15853 at NVD CVE-2018-15859 at SUSE CVE-2018-15859 at NVD CVE-2018-15861 at SUSE CVE-2018-15861 at NVD CVE-2018-15863 at SUSE CVE-2018-15863 at NVD cpe:/o:opensuse:leap:15.6 Security update for libpng12 (Moderate) openSUSE Leap 15.6 This update for libpng12 fixes the following issues: - CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157) Moderate SUSE bug 1254157 CVE-2025-64505 at SUSE CVE-2025-64505 at NVD cpe:/o:opensuse:leap:15.6 Security update for python39 (Moderate) openSUSE Leap 15.6 This update for python39 fixes the following issues: * Update to 3.9.25: - Security - gh-137836: Add support of the “plaintext” element, RAWTEXT elements “xmp”, “iframe”, “noembed” and “noframes”, and optionally RAWTEXT element “noscript” in html.parser.HTMLParser. - gh-136063: email.message: ensure linear complexity for legacy HTTP parameters parsing. Patch by B?n?dikt Tran. - Library - gh-98793: Fix argument typechecks in _overlapped.WSAConnect() and _overlapped.Overlapped.WSASendTo() functions. bpo-44817: Ignore WinError 53 (ERROR_BAD_NETPATH), 65 (ERROR_NETWORK_ACCESS_DENIED) and 161 (ERROR_BAD_PATHNAME) when using ntpath.realpath(). - Core and Builtins - gh-120384: Fix an array out of bounds crash in list_ass_subscript, which could be invoked via some specificly tailored input: including concurrent modification of a list object, where one thread assigns a slice and another clears it. - gh-120298: Fix use-after free in list_richcompare_impl which can be invoked via some specificly tailored evil input. Moderate cpe:/o:opensuse:leap:15.6 Security update for poppler (Low) openSUSE Leap 15.6 This update for poppler fixes the following issues: - CVE-2025-11896: Fixed infinite recursion leading to stack overflow due to object loop in PDF CMap (bsc#1252337) Low SUSE bug 1252337 CVE-2025-11896 at SUSE CVE-2025-11896 at NVD cpe:/o:opensuse:leap:15.6 Security update for helm (Important) openSUSE Leap 15.6 This update for helm rebuilds it against current GO to fix security issues in go-stdlib. Important cpe:/o:opensuse:leap:15.6 Security update for wireshark (Moderate) openSUSE Leap 15.6 This update for wireshark fixes the following issues: - CVE-2025-13499: Fixed Kafka dissector crash due to malformed packet (bsc#1254108). - CVE-2025-13946: Fixed MEGACO dissector infinite loop that allows denial of service (bsc#1254472). Moderate SUSE bug 1254108 SUSE bug 1254472 CVE-2025-13499 at SUSE CVE-2025-13499 at NVD CVE-2025-13946 at SUSE CVE-2025-13946 at NVD cpe:/o:opensuse:leap:15.6 Security update 5.0.6 for Multi-Linux Manager Client Tools (Important) openSUSE Leap 15.6 This update fixes the following issues: dracut-saltboot: - Update to version 1.0.0 * Reboot on salt key timeout (bsc#1237495) * Fixed parsing files with space in the name (bsc#1252100) grafana was updated from version 11.5.5 to 11.5.10: - Security issues fixed: * CVE-2025-47911: Fix parsing HTML documents (bsc#1251454) * CVE-2025-58190: Fix excessive memory consumption (bsc#1251657) * CVE-2025-64751: Drop experimental implementation of authorization Zanzana server/client (bsc#1254113) * CVE-2025-11065: Fixed sensitive information leak in logs (version 11.5.9) (bsc#1250616) * CVE-2025-6023: Fixed cross-site-scripting via scripted dashboards (version 11.5.7) (bsc#1246735) * CVE-2025-6197: Fixed open redirect in organization switching (version 11.5.7) (bsc#1246736) * CVE-2025-3415: Fixed exposure of DingDing alerting integration URL to Viewer level users (version 11.5.6) (bsc#1245302) - Other changes, new features and bugs fixed: * Version 11.5.10: + Update to Go 1.25 + Update to golang.org/x/net v0.45.0 + Auth: Fix render user OAuth passthrough + LDAP Authentication: Fix URL to propagate username context as parameter * Version 11.5.9: + Auditing: Document new options for recording datasource query request/response body. + Login: Fixed redirection after login when Grafana is served from subpath. * Version 11.5.7: + Azure: Fixed legend formatting and resource name determination in template variable queries. mgr-push: - Version 5.0.3-0 * Fixed syntax error in changelog rhnlib: - Version 5.0.6-0 * Use more secure defusedxml parser (bsc#1227577) spacecmd: - Version 5.0.14-0 * Fixed installation of python lib files on Ubuntu 24.04 (bsc#1246586) * Use JSON instead of pickle for spacecmd cache (bsc#1227579) * Make spacecmd to work with Python 3.12 and higher * Call print statements properly in Python 3 uyuni-tools: - Version 0.1.37-0 * Handle CA files with symlinks during migration (bsc#1251044) * Add a lowercase version of --logLevel (bsc#1243611) * Adjust traefik exposed configuration for chart v27+ (bsc#1247721) * Stop executing scripts in temporary folder (bsc#1243704) * Convert the traefik install time to local time (bsc#1251138) * Run smdba and reindex only during migration (bsc#1244534) * Support config: collect podman inspect for hub container (bsc#1245099) * Add --registry-host, --registry-user and --registry-password to pull images from an authenticate registry * Deprecate --registry * Use new dedicated path for Cobbler settings (bsc#1244027) * Migrate custom auto installation snippets (bsc#1246320) * Add SLE15SP7 to buildin productmap * Fix loading product map from mgradm configuration file (bsc#1246068) * Fix channel override for distro copy * Do not use sudo when running as a root user (bsc#1246882) * Do not require backups to be at the same location for restoring (bsc#1246906) * Check for restorecon presence before calling (bsc#1246925) * Automatically get up-to-date systemid file on salt based proxy hosts (bsc#1246789) * Fix recomputing proxy images when installing a ptf or test (bsc#1246553) * Add migration for server monitoring configuration (bsc#1247688) - Version 0.1.36-0 * Bump the default image tag - Version 0.1.35-0 * Restore SELinux contexts for restored backup volumes (bsc#1244127) - Version 0.1.34-0 * Fix mgradm backup create handling of images and systemd files (bsc#1246738) - Version 0.1.33-0 * Restore volumes using tar instead of podman import (bsc#1244127) Important SUSE bug 1227577 SUSE bug 1227579 SUSE bug 1237495 SUSE bug 1243611 SUSE bug 1243704 SUSE bug 1244027 SUSE bug 1244127 SUSE bug 1244534 SUSE bug 1245099 SUSE bug 1245302 SUSE bug 1246068 SUSE bug 1246320 SUSE bug 1246553 SUSE bug 1246586 SUSE bug 1246662 SUSE bug 1246735 SUSE bug 1246736 SUSE bug 1246738 SUSE bug 1246789 SUSE bug 1246882 SUSE bug 1246906 SUSE bug 1246925 SUSE bug 1247688 SUSE bug 1247721 SUSE bug 1250616 SUSE bug 1251044 SUSE bug 1251138 SUSE bug 1252100 CVE-2025-11065 at SUSE CVE-2025-11065 at NVD CVE-2025-3415 at SUSE CVE-2025-3415 at NVD CVE-2025-6023 at SUSE CVE-2025-6023 at NVD CVE-2025-6197 at SUSE CVE-2025-6197 at NVD cpe:/o:opensuse:leap:15.6 Security update for salt (Important) openSUSE Leap 15.6 This update for salt fixes the following issues: - Security issues fixed: - CVE-2025-62349: Added minimum_auth_version to enforce security (bsc#1254257) - CVE-2025-62348: Fixed Junos module yaml loader (bsc#1254256) - Backport security fixes for vendored tornado * BDSA-2024-3438 * BDSA-2024-3439 * BDSA-2024-9026 - Other changes and bugs fixed: - Fixed TLS and x509 modules for OSes with older cryptography module - Fixed Salt for Python > 3.11 (bsc#1252285) (bsc#1252244) * Use external tornado on Python > 3.11 * Make tls and x509 to use python-cryptography * Remove usage of spwd - Fixed payload signature verification on Tumbleweed (bsc#1251776) - Fixed broken symlink on migration to Leap 16.0 (bsc#1250755) - Fixed known_hosts error on gitfs (bsc#1250520) (bsc#1227207) - Improved SL Micro 6.2 detection with grains - Reverted requirement of M2Crypto >= 0.44.0 for SUSE Family distros - Set python-CherryPy as required for python-salt-testsuite Important SUSE bug 1227207 SUSE bug 1250520 SUSE bug 1250755 SUSE bug 1251776 SUSE bug 1252244 SUSE bug 1252285 SUSE bug 1254256 SUSE bug 1254257 CVE-2025-62348 at SUSE CVE-2025-62348 at NVD CVE-2025-62349 at SUSE CVE-2025-62349 at NVD cpe:/o:opensuse:leap:15.6 Security update for golang-github-prometheus-alertmanager (Moderate) openSUSE Leap 15.6 This update for golang-github-prometheus-alertmanager fixes the following issues: - Update to version 0.28.1 (jsc#PED-13285): * Improved performance of inhibition rules when using Equal labels. * Improve the documentation on escaping in UTF-8 matchers. * Update alertmanager_config_hash metric help to document the hash is not cryptographically strong. * Fix panic in amtool when using --verbose. * Fix templating of channel field for Rocket.Chat. * Fix rocketchat_configs written as rocket_configs in docs. * Fix usage for --enable-feature flag. * Trim whitespace from OpsGenie API Key. * Fix Jira project template not rendered when searching for existing issues. * Fix subtle bug in JSON/YAML encoding of inhibition rules that would cause Equal labels to be omitted. * Fix header for slack_configs in docs. * Fix weight and wrap of Microsoft Teams notifications. - Upgrade to version 0.28.0: * CVE-2025-47908: Bump github.com/rs/cors (bsc#1247748). * Templating errors in the SNS integration now return an error. * Adopt log/slog, drop go-kit/log. * Add a new Microsoft Teams integration based on Flows. * Add a new Rocket.Chat integration. * Add a new Jira integration. * Add support for GOMEMLIMIT, enable it via the feature flag --enable-feature=auto-gomemlimit. * Add support for GOMAXPROCS, enable it via the feature flag --enable-feature=auto-gomaxprocs. * Add support for limits of silences including the maximum number of active and pending silences, and the maximum size per silence (in bytes). You can use the flags --silences.max-silences and --silences.max-silence-size-bytes to set them accordingly. * Muted alerts now show whether they are suppressed or not in both the /api/v2/alerts endpoint and the Alertmanager UI. - Upgrade to version 0.27.0: * API: Removal of all api/v1/ endpoints. These endpoints now log and return a deprecation message and respond with a status code of 410. * UTF-8 Support: Introduction of support for any UTF-8 character as part of label names and matchers. * Discord Integration: Enforce max length in message. * Metrics: Introduced the experimental feature flag --enable-feature=receiver-name-in-metrics to include the receiver name. * Metrics: Introduced a new gauge named alertmanager_inhibition_rules that counts the number of configured inhibition rules. * Metrics: Introduced a new counter named alertmanager_alerts_supressed_total that tracks muted alerts, it contains a reason label to indicate the source of the mute. * Discord Integration: Introduced support for webhook_url_file. * Microsoft Teams Integration: Introduced support for webhook_url_file. * Microsoft Teams Integration: Add support for summary. * Metrics: Notification metrics now support two new values for the label reason, contextCanceled and contextDeadlineExceeded. * Email Integration: Contents of auth_password_file are now trimmed of prefixed and suffixed whitespace. * amtool: Fixes the error scheme required for webhook url when using amtool with --alertmanager.url. * Mixin: Fix AlertmanagerFailedToSendAlerts, AlertmanagerClusterFailedToSendAlerts, and AlertmanagerClusterFailedToSendAlerts to make sure they ignore the reason label. Moderate SUSE bug 1247748 CVE-2025-47908 at SUSE CVE-2025-47908 at NVD cpe:/o:opensuse:leap:15.6 Security update for grafana (Important) openSUSE Leap 15.6 This update for grafana fixes the following issues: grafana was updated from version 11.5.5 to 11.5.10: - Security issues fixed: * CVE-2025-64751: Dropped experimental implementation of authorization Zanzana server/client (version 11.5.10) (bsc#1254113) * CVE-2025-47911: Fixed parsing HTML documents (version 11.5.10) (bsc#1251454) * CVE-2025-58190: Fixed excessive memory consumption (version 11.5.10) (bsc#1251657) * CVE-2025-11065: Fixed sensitive information leak in logs (version 11.5.9) (bsc#1250616) * CVE-2025-6023: Fixed cross-site-scripting via scripted dashboards (version 11.5.7) (bsc#1246735) * CVE-2025-6197: Fixed open redirect in organization switching (version 11.5.7) (bsc#1246736) * CVE-2025-3415: Fixed exposure of DingDing alerting integration URL to Viewer level users (version 11.5.6) (bsc#1245302) - Other changes, new features and bugs fixed: * Version 11.5.10: + Use forked wire from Grafana repository instead of external package (jsc#PED-14178) + Auth: Fix render user OAuth passthrough. + LDAP Authentication: Fix URL to propagate username context as parameter. + Plugins: Dependencies do not inherit parent URL for preinstall. * Version 11.5.9: + Auditing: Document new options for recording datasource query request/response body. + Login: Fixed redirection after login when Grafana is served from subpath. * Version 11.5.7: + Azure: Fixed legend formatting and resource name determination in template variable queries. Important SUSE bug 1245302 SUSE bug 1246735 SUSE bug 1246736 SUSE bug 1250616 SUSE bug 1251454 SUSE bug 1251657 SUSE bug 1254113 CVE-2025-11065 at SUSE CVE-2025-11065 at NVD CVE-2025-3415 at SUSE CVE-2025-3415 at NVD CVE-2025-47911 at SUSE CVE-2025-47911 at NVD CVE-2025-58190 at SUSE CVE-2025-58190 at NVD CVE-2025-6023 at SUSE CVE-2025-6023 at NVD CVE-2025-6197 at SUSE CVE-2025-6197 at NVD CVE-2025-64751 at SUSE CVE-2025-64751 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql15 (Important) openSUSE Leap 15.6 This update for postgresql15 fixes the following issues: Upgraded to 15.15: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS (bsc#1253332) - CVE-2025-12818: Fixed integer overflow in allocation-size calculations within libpq (bsc#1253333) Other fixes: - Use %product_libs_llvm_ver to determine the LLVM version. - Remove conditionals for obsolete PostgreSQL releases. - Sync spec file from version 18. Important SUSE bug 1253332 SUSE bug 1253333 CVE-2025-12817 at SUSE CVE-2025-12817 at NVD CVE-2025-12818 at SUSE CVE-2025-12818 at NVD cpe:/o:opensuse:leap:15.6 Security update for netty (Moderate) openSUSE Leap 15.6 This update for netty fixes the following issues: Update to upstream version 4.1.130. Security issues fixed: - CVE-2025-67735: lack of URI sanitization in `HttpRequestEncoder` allows for CRLF injection through a request URI and can lead to request smuggling (bsc#1255048). Other updates and bugfixes: - Version 4.1.130: * Update `lz4-java` version to 1.10.1 * Close `Channel` and fail bootstrap when setting a `ChannelOption` causes an error * Discard the following `HttpContent` for preflight request * Fix race condition in `NonStickyEventExecutorGroup` causing incorrect `inEventLoop()` results * Fix Zstd compression for large data * Fix `ZstdEncoder` not producing data when source is smaller than block * Make big endian ASCII hashcode consistent with little endian * Fix reentrancy bug in `ByteToMessageDecoder` * Add 32k and 64k size classes to adaptive allocator * Re-enable reflective field accesses in native images * Correct HTTP/2 padding length check * Fix HTTP startline validation * Fix `MpscIntQueue` bug - Build against the `org.jboss:jdk-misc` artifact that is implementing the `sun.misc` classes removed in Java 25 Moderate SUSE bug 1255048 CVE-2025-67735 at SUSE CVE-2025-67735 at NVD cpe:/o:opensuse:leap:15.6 Security update for libpng16 (Important) openSUSE Leap 15.6 This update for libpng16 fixes the following issues: - CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160) - CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480) - CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158) - CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159) - CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157) Important SUSE bug 1254157 SUSE bug 1254158 SUSE bug 1254159 SUSE bug 1254160 SUSE bug 1254480 CVE-2025-64505 at SUSE CVE-2025-64505 at NVD CVE-2025-64506 at SUSE CVE-2025-64506 at NVD CVE-2025-64720 at SUSE CVE-2025-64720 at NVD CVE-2025-65018 at SUSE CVE-2025-65018 at NVD CVE-2025-66293 at SUSE CVE-2025-66293 at NVD cpe:/o:opensuse:leap:15.6 Security update for taglib (Low) openSUSE Leap 15.6 This update for taglib fixes the following issues: - CVE-2023-47466: application crash when processing specially crafted WAV files during tag writing operations (bsc#1243499). Low SUSE bug 1243499 CVE-2023-47466 at SUSE CVE-2023-47466 at NVD cpe:/o:opensuse:leap:15.6 Security update for mariadb (Important) openSUSE Leap 15.6 This update for mariadb fixes the following issues: - CVE-2025-13699: Fixed MariaDB mariadb-dump utility vulnerable to Path Traversal and Remote Code Execution (bsc#1254313) Other fixes: - Update to 10.11.15 - Add %license tags to license files (bsc#1252162) - Add INSTALL_DOCREADMEDIR cmake flag to install readme and license files Important SUSE bug 1252162 SUSE bug 1254313 CVE-2025-13699 at SUSE CVE-2025-13699 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-50253: bpf: make sure skb->len != 0 when redirecting to a tunneling device (bsc#1249912). - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786). - CVE-2025-21710: tcp: correct handling of extreme memory squeeze (bsc#1237888). - CVE-2025-37916: pds_core: remove write-after-free of client_id (bsc#1243474). - CVE-2025-38359: s390/mm: Fix in_atomic() handling in do_secure_storage_access() (bsc#1247076). - CVE-2025-38361: drm/amd/display: Check dce_hwseq before dereferencing it (bsc#1247079). - CVE-2025-39788: scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE (bsc#1249547). - CVE-2025-39805: net: macb: fix unregister_netdev call order in macb_remove() (bsc#1249982). - CVE-2025-39819: fs/smb: Fix inconsistent refcnt update (bsc#1250176). - CVE-2025-39859: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog (bsc#1250252). - CVE-2025-39944: octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() (bsc#1251120). - CVE-2025-39980: nexthop: Forbid FDB status change while nexthop is in a group (bsc#1252063). - CVE-2025-40001: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (bsc#1252303). - CVE-2025-40021: tracing: dynevent: Add a missing lockdown check on dynevent (bsc#1252681). - CVE-2025-40027: net/9p: fix double req put in p9_fd_cancelled (bsc#1252763). - CVE-2025-40030: pinctrl: check the return value of pinmux_ops::get_function_name() (bsc#1252773). - CVE-2025-40038: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid (bsc#1252817). - CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780). - CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862). - CVE-2025-40055: ocfs2: fix double free in user_cluster_connect() (bsc#1252821). - CVE-2025-40059: coresight: Fix incorrect handling for return value of devm_kzalloc (bsc#1252809). - CVE-2025-40064: smc: Fix use-after-free in __pnet_find_base_ndev() (bsc#1252845). - CVE-2025-40070: pps: fix warning in pps_register_cdev when register device fail (bsc#1252836). - CVE-2025-40074: ipv4: start using dst_dev_rcu() (bsc#1252794). - CVE-2025-40075: tcp_metrics: use dst_dev_net_rcu() (bsc#1252795). - CVE-2025-40083: net/sched: sch_qfq: Fix null-deref in agg_dequeue (bsc#1252912). - CVE-2025-40098: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() (bsc#1252917). - CVE-2025-40105: vfs: Don't leak disconnected dentries on umount (bsc#1252928). - CVE-2025-40139: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set() (bsc#1253409). - CVE-2025-40149: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock() (bsc#1253355). - CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253403). - CVE-2025-40168: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match() (bsc#1253427). - CVE-2025-40169: bpf: Reject negative offsets for ALU ops (bsc#1253416). - CVE-2025-40173: net/ip6_tunnel: Prevent perpetual tunnel growth (bsc#1253421). - CVE-2025-40176: tls: wait for pending async decryptions if tls_strp_msg_hold fails (bsc#1253425). - CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436). The following non-security bugs were fixed: - ACPI: CPPC: Check _CPC validity for only the online CPUs (git-fixes). - ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs (git-fixes). - ACPI: CPPC: Perform fast check switch only for online CPUs (git-fixes). - ACPI: PRM: Skip handlers with NULL handler_address or NULL VA (stable-fixes). - ACPI: SBS: Fix present test in acpi_battery_read() (git-fixes). - ACPI: property: Return present device nodes only on fwnode interface (stable-fixes). - ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids (stable-fixes). - ACPICA: Update dsmethod.c to get rid of unused variable warning (stable-fixes). - ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() (stable-fixes). - ALSA: hda: Fix missing pointer check in hda_component_manager_init function (git-fixes). - ALSA: serial-generic: remove shared static buffer (stable-fixes). - ALSA: usb-audio: Add validation of UAC2/UAC3 effect units (stable-fixes). - ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd (git-fixes). - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer (stable-fixes). - ALSA: usb-audio: add mono main switch to Presonus S1824c (stable-fixes). - ALSA: usb-audio: apply quirk for MOONDROP Quark2 (stable-fixes). - ALSA: usb-audio: do not log messages meant for 1810c when initializing 1824c (git-fixes). - ALSA: usb-audio: fix uac2 clock source at terminal parser (git-fixes). - ASoC: codecs: va-macro: fix resource leak in probe error path (git-fixes). - ASoC: cs4271: Fix regulator leak on probe failure (git-fixes). - ASoC: max98090/91: fixed max98091 ALSA widget powering up/down (stable-fixes). - ASoC: meson: aiu-encoder-i2s: fix bit clock polarity (stable-fixes). - ASoC: qcom: sc8280xp: explicitly set S16LE format in sc8280xp_be_hw_params_fixup() (stable-fixes). - ASoC: stm32: sai: manage context in set_sysclk callback (stable-fixes). - ASoC: tlv320aic3x: Fix class-D initialization for tlv320aic3007 (stable-fixes). - Bluetooth: 6lowpan: Do not hold spin lock over sleeping functions (git-fixes). - Bluetooth: 6lowpan: add missing l2cap_chan_lock() (git-fixes). - Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion (git-fixes). - Bluetooth: 6lowpan: reset link-local header on ipv6 recv path (git-fixes). - Bluetooth: L2CAP: export l2cap_chan_hold for modules (stable-fixes). - Bluetooth: MGMT: cancel mesh send timer when hdev removed (git-fixes). - Bluetooth: SCO: Fix UAF on sco_conn_free (stable-fixes). - Bluetooth: bcsp: receive data only if registered (stable-fixes). - Bluetooth: btrtl: Fix memory leak in rtlbt_parse_firmware_v2() (git-fixes). - Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames (stable-fixes). - Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (git-fixes). - Bluetooth: hci_event: validate skb length for unknown CC opcode (git-fixes). - Documentation: ACPI: i2c-muxes: fix I2C device references (git-fixes). - Drivers: hv: vmbus: Add utility function for querying ring size (git-fixes). - HID: amd_sfh: Stop sensor before starting (git-fixes). - HID: hid-ntrig: Prevent memory leak in ntrig_report_version() (git-fixes). - HID: quirks: avoid Cooler Master MM712 dongle wakeup bug (stable-fixes). - HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (git-fixes). - HID: uclogic: Fix potential memory leak in error path (git-fixes). - Input: atmel_mxt_ts - allow reset GPIO to sleep (stable-fixes). - Input: imx_sc_key - fix memory corruption on unload (git-fixes). - Input: pegasus-notetaker - fix potential out-of-bounds access (git-fixes). - KVM: Pass new routing entries and irqfd when updating IRTEs (git-fixes). - KVM: SVM: Delete IRTE link from previous vCPU before setting new IRTE (git-fixes). - KVM: SVM: Delete IRTE link from previous vCPU irrespective of new routing (git-fixes). - KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 (git-fixes). - KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated (git-fixes). - KVM: SVM: Re-load current, not host, TSC_AUX on #VMEXIT from SEV-ES guest (git-fixes). - KVM: SVM: Track per-vCPU IRTEs using kvm_kernel_irqfd structure (git-fixes). - KVM: SVM: WARN if an invalid posted interrupt IRTE entry is added (git-fixes). - KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported (git-fixes). - KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes). - KVM: VMX: Fix check for valid GVA on an EPT violation (git-fixes). - KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest (git-fixes). - KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs (git-fixes). - KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter (git-fixes). - KVM: x86/mmu: Locally cache whether a PFN is host MMIO when making a SPTE (git-fixes). - KVM: x86: Add helper to retrieve current value of user return MSR (git-fixes). - KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes). - KVM: x86: Do not treat ENTER and LEAVE as branches, because they are not (git-fixes). - KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag (git-fixes). - NFS4: Fix state renewals missing after boot (git-fixes). - NFS: check if suid/sgid was cleared after a write as needed (git-fixes). - NFSD: Never cache a COMPOUND when the SEQUENCE operation fails (git-fixes). - NFSD: Skip close replay processing if XDR encoding fails (git-fixes). - NFSD: free copynotify stateid in nfs4_free_ol_stateid() (git-fixes). - NFSv4.1: fix mount hang after CREATE_SESSION failure (git-fixes). - NFSv4: handle ERR_GRACE on delegation recalls (git-fixes). - PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call (stable-fixes). - PCI/PM: Skip resuming to D0 if device is disconnected (stable-fixes). - PCI: Disable MSI on RDC PCI to PCIe bridges (stable-fixes). - PCI: cadence: Check for the existence of cdns_pcie::ops before using it (stable-fixes). - PCI: dwc: Verify the single eDMA IRQ in dw_pcie_edma_irq_verify() (stable-fixes). - PCI: j721e: Fix incorrect error message in probe() (git-fixes). - PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock (git-fixes). - PCI: tegra194: Reset BARs when running in PCIe endpoint mode (git-fixes). - RDMA/bnxt_re: Do not fail destroy QP and cleanup debugfs earlier (git-fixes). - RDMA/bnxt_re: Fix a potential memory leak in destroy_gsi_sqp (git-fixes). - RDMA/hns: Fix recv CQ and QP cache affinity (git-fixes). - RDMA/hns: Fix the modification of max_send_sge (git-fixes). - RDMA/hns: Fix wrong WQE data when QP wraps around (git-fixes). - RDMA/irdma: Fix SD index calculation (git-fixes). - RDMA/irdma: Set irdma_cq cq_num field during CQ create (git-fixes). - Revert 'drm/tegra: dsi: Clear enable register if powered by bootloader' (git-fixes). - Revert 'wifi: ath10k: avoid unnecessary wait for service ready message' (git-fixes). - accel/habanalabs/gaudi2: fix BMON disable configuration (stable-fixes). - accel/habanalabs/gaudi2: read preboot status after recovering from dirty state (stable-fixes). - accel/habanalabs: return ENOMEM if less than requested pages were pinned (stable-fixes). - accel/habanalabs: support mapping cb with vmalloc-backed coherent memory (stable-fixes). - acpi,srat: Fix incorrect device handle check for Generic Initiator (git-fixes). - amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw (stable-fixes). - block: avoid possible overflow for chunk_sectors check in blk_stack_limits() (git-fixes). - block: fix kobject double initialization in add_disk (git-fixes). - btrfs: abort transaction on failure to add link to inode (git-fixes). - btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range() (git-fix). - btrfs: avoid using fixed char array size for tree names (git-fix). - btrfs: do not update last_log_commit when logging inode due to a new name (git-fixes). - btrfs: fix COW handling in run_delalloc_nocow() (git-fix). - btrfs: fix inode leak on failure to add link to inode (git-fixes). - btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve (git-fix). - btrfs: mark dirty extent range for out of bound prealloc extents (git-fixes). - btrfs: qgroup: correctly model root qgroup rsv in convert (git-fix). - btrfs: rename err to ret in btrfs_link() (git-fixes). - btrfs: run btrfs_error_commit_super() early (git-fix). - btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() (git-fix). - btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() (git-fixes). - btrfs: send: fix duplicated rmdir operations when using extrefs (git-fixes). - btrfs: set inode flag BTRFS_INODE_COPY_EVERYTHING when logging new name (git-fixes). - btrfs: simplify error handling logic for btrfs_link() (git-fixes). - btrfs: tree-checker: add dev extent item checks (git-fix). - btrfs: tree-checker: add type and sequence check for inline backrefs (git-fix). - btrfs: tree-checker: fix the wrong output of data backref objectid (git-fix). - btrfs: tree-checker: reject BTRFS_FT_UNKNOWN dir type (git-fix). - btrfs: tree-checker: validate dref root and objectid (git-fix). - btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() (git-fixes). - char: misc: Does not request module for miscdevice with dynamic minor (stable-fixes). - char: misc: Make misc_register() reentry for miscdevice who wants dynamic minor (stable-fixes). - char: misc: restrict the dynamic range to exclude reserved minors (stable-fixes). - cramfs: Verify inode mode when loading from disk (git-fixes). - crypto: aspeed - fix double free caused by devm (git-fixes). - crypto: aspeed-acry - Convert to platform remove callback returning void (stable-fixes). - crypto: hisilicon/qm - Fix device reference leak in qm_get_qos_value (git-fixes). - crypto: iaa - Do not clobber req->base.data (git-fixes). - crypto: qat - use kcalloc() in qat_uclo_map_objs_from_mof() (stable-fixes). - dmaengine: dw-edma: Set status for callback_result (stable-fixes). - dmaengine: mv_xor: match alloc_wc and free_wc (stable-fixes). - drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream (stable-fixes). - drm/amd/display: Disable VRR on DCE 6 (stable-fixes). - drm/amd/display: Fix DVI-D/HDMI adapters (stable-fixes). - drm/amd/display: Fix NULL deref in debugfs odm_combine_segments (git-fixes). - drm/amd/display: Fix black screen with HDMI outputs (git-fixes). - drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration (stable-fixes). - drm/amd/display: add more cyan skillfish devices (stable-fixes). - drm/amd/display: ensure committing streams is seamless (stable-fixes). - drm/amd/display: update dpp/disp clock from smu clock table (stable-fixes). - drm/amd/pm: Disable MCLK switching on SI at high pixel clocks (stable-fixes). - drm/amd/pm: Use cached metrics data on aldebaran (stable-fixes). - drm/amd/pm: Use cached metrics data on arcturus (stable-fixes). - drm/amd: Avoid evicting resources at S5 (stable-fixes). - drm/amd: Fix suspend failure with secure display TA (git-fixes). - drm/amd: add more cyan skillfish PCI ids (stable-fixes). - drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff (stable-fixes). - drm/amdgpu: Allow kfd CRIU with no buffer objects (stable-fixes). - drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices (stable-fixes). - drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl (stable-fixes). - drm/amdgpu: add support for cyan skillfish gpu_info (stable-fixes). - drm/amdgpu: do not enable SMU on cyan skillfish (stable-fixes). - drm/amdgpu: reject gang submissions under SRIOV (stable-fixes). - drm/amdkfd: Handle lack of READ permissions in SVM mapping (stable-fixes). - drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption (stable-fixes). - drm/amdkfd: fix vram allocation failure for a special case (stable-fixes). - drm/amdkfd: return -ENOTTY for unsupported IOCTLs (stable-fixes). - drm/bridge: cdns-dsi: Do not fail on MIPI_DSI_MODE_VIDEO_BURST (stable-fixes). - drm/bridge: cdns-dsi: Fix REG_WAKEUP_TIME value (stable-fixes). - drm/bridge: display-connector: do not set OP_DETECT for DisplayPorts (stable-fixes). - drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD (git-fixes). - drm/i915: Fix conversion between clock ticks and nanoseconds (git-fixes). - drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL (stable-fixes). - drm/msm/dsi/phy_7nm: Fix missing initial VCO rate (stable-fixes). - drm/msm: make sure to not queue up recovery more than once (stable-fixes). - drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() (stable-fixes). - drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb (git-fixes). - drm/tegra: Add call to put_pid() (git-fixes). - drm/tegra: dc: Fix reference leak in tegra_dc_couple() (git-fixes). - drm/tidss: Set crtc modesetting parameters with adjusted mode (stable-fixes). - drm/tidss: Use the crtc_* timings when programming the HW (stable-fixes). - drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (git-fixes). - exfat: limit log print for IO error (git-fixes). - extcon: adc-jack: Cleanup wakeup source only if it was enabled (git-fixes). - extcon: adc-jack: Fix wakeup source leaks on device unbind (stable-fixes). - fbcon: Set fb_display[i]->mode to NULL when the mode is released (stable-fixes). - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (stable-fixes). - fbdev: bitblit: bound-check glyph index in bit_putcs* (stable-fixes). - fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS (stable-fixes). - hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex (stable-fixes). - hwmon: (dell-smm) Add support for Dell OptiPlex 7040 (stable-fixes). - hwmon: (k10temp) Add device ID for Strix Halo (stable-fixes). - hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models (stable-fixes). - hwmon: (sbtsi_temp) AMD CPU extended temperature range support (stable-fixes). - hwmon: sy7636a: add alias (stable-fixes). - iio: adc: imx93_adc: load calibrated values even calibration failed (stable-fixes). - iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register (stable-fixes). - ima: do not clear IMA_DIGSIG flag when setting or removing non-IMA xattr (stable-fixes). - iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE (git-fixes). - isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() (git-fixes). - jfs: Verify inode mode when loading from disk (git-fixes). - jfs: fix uninitialized waitqueue in transaction manager (git-fixes). - kABI fix for KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes). - kabi/severities: drop xfer_to_guest_mode_handle_work. - lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC (git-fixes). - md/raid1: fix data lost for writemostly rdev (git-fixes). - md: fix mssing blktrace bio split events (git-fixes). - media: adv7180: Add missing lock in suspend callback (stable-fixes). - media: adv7180: Do not write format to device in set_fmt (stable-fixes). - media: adv7180: Only validate format in querystd (stable-fixes). - media: amphion: Delete v4l2_fh synchronously in .release() (stable-fixes). - media: fix uninitialized symbol warnings (stable-fixes). - media: i2c: Kconfig: Ensure a dependency on HAVE_CLK for VIDEO_CAMERA_SENSOR (stable-fixes). - media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer (stable-fixes). - media: imon: make send_packet() more robust (stable-fixes). - media: ov08x40: Fix the horizontal flip control (stable-fixes). - media: redrat3: use int type to store negative error codes (stable-fixes). - media: uvcvideo: Use heuristic to find stream entity (git-fixes). - memstick: Add timeout to prevent indefinite waiting (stable-fixes). - mfd: da9063: Split chip variant reading in two bus transactions (stable-fixes). - mfd: madera: Work around false-positive -Wininitialized warning (stable-fixes). - mfd: stmpe-i2c: Add missing MODULE_LICENSE (stable-fixes). - mfd: stmpe: Remove IRQ domain upon removal (stable-fixes). - minixfs: Verify inode mode when loading from disk (git-fixes). - mm/mm_init: fix hash table order logging in alloc_large_system_hash() (git-fixes). - mm/secretmem: fix use-after-free race in fault handler (git-fixes). - mmc: host: renesas_sdhi: Fix the actual clock (stable-fixes). - mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card (stable-fixes). - mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 (git-fixes). - mtd: onenand: Pass correct pointer to IRQ handler (git-fixes). - mtd: rawnand: cadence: fix DMA device NULL pointer dereference (git-fixes). - mtdchar: fix integer overflow in read/write ioctls (git-fixes). - net/mana: fix warning in the writer of client oob (git-fixes). - net/smc: Remove validation of reserved bits in CLC Decline message (bsc#1253779). - net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms (stable-fixes). - net: phy: clear link parameters on admin link down (stable-fixes). - net: phy: fixed_phy: let fixed_phy_unregister free the phy_device (stable-fixes). - net: phy: marvell: Fix 88e1510 downshift counter errata (stable-fixes). - net: tcp: send zero-window ACK when no memory (bsc#1253779). - net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup (git-fixes). - nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing (git-fixes). - nfsd: do not defer requests during idmap lookup in v4 compound decode (bsc#1232223). - nfsd: fix return error codes for nfsd_map_name_to_id (bsc#1232223). - nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot (git-fixes). - perf script: add --addr2line option (bsc#1247509). - phy: cadence: cdns-dphy: Enable lower resolutions in dphy (stable-fixes). - phy: renesas: r8a779f0-ether-serdes: add new step added to latest datasheet (stable-fixes). - phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 (stable-fixes). - pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc (git-fixes). - pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() (git-fixes). - pinctrl: single: fix bias pull up/down handling in pin_config_set (stable-fixes). - platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos (git-fixes). - power: supply: qcom_battmgr: add OOI chemistry (stable-fixes). - power: supply: qcom_battmgr: handle charging state change notifications (stable-fixes). - power: supply: sbs-charger: Support multiple devices (stable-fixes). - powerpc: export MIN RMA size (bsc#1236743). - powerpc: increase MIN RMA size for CAS negotiation (bsc#1236743, bsc#1252269). - regulator: fixed: fix GPIO descriptor leak on register failure (git-fixes). - rtc: rx8025: fix incorrect register reference (git-fixes). - s390/mm,fault: simplify kfence fault handling (bsc#1247076). - scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans (git-fixes). - scsi: aacraid: Stop using PCI_IRQ_AFFINITY (git-fixes). - scsi: core: sysfs: Correct sysfs attributes access rights (git-fixes). - scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() (git-fixes). - scsi: libfc: Prevent integer overflow in fc_fcp_recv_data() (git-fixes). - scsi: mpi3mr: Correctly handle ATA device errors (git-fixes). - scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers (git-fixes). - scsi: mpt3sas: Correctly handle ATA device errors (git-fixes). - scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (git-fixes). - scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod (git-fixes). - scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267). - selftests/bpf: Close fd in error path in drop_on_reuseport (git-fixes). - selftests/bpf: Close obj in error path in xdp_adjust_tail (git-fixes). - selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c (git-fixes). - selftests/bpf: Fix missing BUILD_BUG_ON() declaration (git-fixes). - selftests/bpf: Fix missing UINT_MAX definitions in benchmarks (git-fixes). - selftests/bpf: Fix string read in strncmp benchmark (git-fixes). - selftests/bpf: Mitigate sockmap_ktls disconnect_after_delete failure (git-fixes). - selftests/bpf: Use pid_t consistently in test_progs.c (git-fixes). - selftests/bpf: fix signedness bug in redir_partial() (git-fixes). - serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 (git-fixes). - serial: 8250_mtk: Enable baud clock and manage in runtime PM (git-fixes). - soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups (stable-fixes). - soc: aspeed: socinfo: Add AST27xx silicon IDs (stable-fixes). - soc: qcom: smem: Fix endian-unaware access of num_entries (stable-fixes). - spi: Try to get ACPI GPIO IRQ earlier (git-fixes). - spi: loopback-test: Do not use %pK through printk (stable-fixes). - spi: rpc-if: Add resume support for RZ/G3E (stable-fixes). - strparser: Fix signed/unsigned mismatch bug (git-fixes). - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork (bsc#1250705). - thunderbolt: Use is_pciehp instead of is_hotplug_bridge (stable-fixes). - tools/cpupower: Fix incorrect size in cpuidle_state_disable() (stable-fixes). - tools/cpupower: fix error return value in cpupower_write_sysfs() (stable-fixes). - tools/power x86_energy_perf_policy: Enhance HWP enable (stable-fixes). - tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage (stable-fixes). - tools/power x86_energy_perf_policy: Prefer driver HWP limits (stable-fixes). - tools: lib: thermal: do not preserve owner in install (stable-fixes). - tools: lib: thermal: use pkg-config to locate libnl3 (stable-fixes). - uio_hv_generic: Query the ringbuffer size for device (git-fixes). - usb/core/quirks: Add Huawei ME906S to wakeup quirk (git-fixes). - usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget (stable-fixes). - usb: gadget: f_fs: Fix epfile null pointer access after ep enable (stable-fixes). - usb: gadget: f_hid: Fix zero length packet transfer (stable-fixes). - usb: gadget: f_ncm: Fix MAC assignment NCM ethernet (stable-fixes). - usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs (stable-fixes). - usb: xhci: plat: Facilitate using autosuspend for xhci plat devices (stable-fixes). - video: backlight: lp855x_bl: Set correct EPROM start for LP8556 (stable-fixes). - watchdog: s3c2410_wdt: Fix max_timeout being calculated larger (stable-fixes). - wifi: ath10k: Fix connection after GTK rekeying (stable-fixes). - wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp() (git-fixes). - wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256 (stable-fixes). - wifi: mac80211: Fix HE capabilities element check (stable-fixes). - wifi: mac80211: reject address change while connecting (git-fixes). - wifi: mac80211: skip rate verification for not captured PSDUs (git-fixes). - wifi: mac80211_hwsim: Limit destroy_on_close radio removal to netgroup (git-fixes). - wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device (stable-fixes). - wifi: mt76: mt7996: Temporarily disable EPCS (stable-fixes). - wifi: mwl8k: inject DSSS Parameter Set element into beacons if missing (git-fixes). - wifi: rtw88: sdio: use indirect IO for device registers before power-on (stable-fixes). - wifi: zd1211rw: fix potential memory leak in __zd_usb_enable_rx() (git-fixes). - x86/CPU/AMD: Add RDSEED fix for Zen5 (git-fixes). - x86/CPU/AMD: Add additional fixed RDSEED microcode revisions (git-fixes). - x86/CPU/AMD: Add missing terminator for zen5_rdseed_microcode (git-fixes). - x86/CPU/AMD: Do the common init on future Zens too (git-fixes). - x86/amd_nb: Add new PCI IDs for AMD family 0x1a (stable-fixes). - x86/bugs: Fix reporting of LFENCE retpoline (git-fixes). - x86/bugs: Report correct retbleed mitigation status (git-fixes). - x86/vmscape: Add old Intel CPUs to affected list (git-fixes). - xhci: dbc: Allow users to modify DbC poll interval via sysfs (stable-fixes). - xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive (git-fixes). - xhci: dbc: Improve performance by removing delay in transfer event polling (stable-fixes). - xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event (git-fixes). - xhci: dbc: poll at different rate depending on data transfer activity (stable-fixes). Important SUSE bug 1232223 SUSE bug 1236743 SUSE bug 1237888 SUSE bug 1243474 SUSE bug 1245193 SUSE bug 1247076 SUSE bug 1247079 SUSE bug 1247500 SUSE bug 1247509 SUSE bug 1249547 SUSE bug 1249912 SUSE bug 1249982 SUSE bug 1250176 SUSE bug 1250237 SUSE bug 1250252 SUSE bug 1250705 SUSE bug 1251120 SUSE bug 1251786 SUSE bug 1252063 SUSE bug 1252267 SUSE bug 1252269 SUSE bug 1252303 SUSE bug 1252353 SUSE bug 1252681 SUSE bug 1252763 SUSE bug 1252773 SUSE bug 1252780 SUSE bug 1252794 SUSE bug 1252795 SUSE bug 1252809 SUSE bug 1252817 SUSE bug 1252821 SUSE bug 1252836 SUSE bug 1252845 SUSE bug 1252862 SUSE bug 1252912 SUSE bug 1252917 SUSE bug 1252928 SUSE bug 1253018 SUSE bug 1253176 SUSE bug 1253275 SUSE bug 1253318 SUSE bug 1253324 SUSE bug 1253349 SUSE bug 1253352 SUSE bug 1253355 SUSE bug 1253360 SUSE bug 1253362 SUSE bug 1253363 SUSE bug 1253367 SUSE bug 1253369 SUSE bug 1253393 SUSE bug 1253395 SUSE bug 1253403 SUSE bug 1253407 SUSE bug 1253409 SUSE bug 1253412 SUSE bug 1253416 SUSE bug 1253421 SUSE bug 1253423 SUSE bug 1253424 SUSE bug 1253425 SUSE bug 1253427 SUSE bug 1253428 SUSE bug 1253431 SUSE bug 1253436 SUSE bug 1253438 SUSE bug 1253440 SUSE bug 1253441 SUSE bug 1253445 SUSE bug 1253448 SUSE bug 1253449 SUSE bug 1253453 SUSE bug 1253456 SUSE bug 1253472 SUSE bug 1253779 CVE-2022-50253 at SUSE CVE-2022-50253 at NVD CVE-2023-53676 at SUSE CVE-2023-53676 at NVD CVE-2025-21710 at SUSE CVE-2025-21710 at NVD CVE-2025-37916 at SUSE CVE-2025-37916 at NVD CVE-2025-38359 at SUSE CVE-2025-38359 at NVD CVE-2025-38361 at SUSE CVE-2025-38361 at NVD CVE-2025-39788 at SUSE CVE-2025-39788 at NVD CVE-2025-39805 at SUSE CVE-2025-39805 at NVD CVE-2025-39819 at SUSE CVE-2025-39819 at NVD CVE-2025-39859 at SUSE CVE-2025-39859 at NVD CVE-2025-39944 at SUSE CVE-2025-39944 at NVD CVE-2025-39980 at SUSE CVE-2025-39980 at NVD CVE-2025-40001 at SUSE CVE-2025-40001 at NVD CVE-2025-40021 at SUSE CVE-2025-40021 at NVD CVE-2025-40027 at SUSE CVE-2025-40027 at NVD CVE-2025-40030 at SUSE CVE-2025-40030 at NVD CVE-2025-40038 at SUSE CVE-2025-40038 at NVD CVE-2025-40040 at SUSE CVE-2025-40040 at NVD CVE-2025-40048 at SUSE CVE-2025-40048 at NVD CVE-2025-40055 at SUSE CVE-2025-40055 at NVD CVE-2025-40059 at SUSE CVE-2025-40059 at NVD CVE-2025-40064 at SUSE CVE-2025-40064 at NVD CVE-2025-40070 at SUSE CVE-2025-40070 at NVD CVE-2025-40074 at SUSE CVE-2025-40074 at NVD CVE-2025-40075 at SUSE CVE-2025-40075 at NVD CVE-2025-40083 at SUSE CVE-2025-40083 at NVD CVE-2025-40098 at SUSE CVE-2025-40098 at NVD CVE-2025-40105 at SUSE CVE-2025-40105 at NVD CVE-2025-40107 at SUSE CVE-2025-40107 at NVD CVE-2025-40109 at SUSE CVE-2025-40109 at NVD CVE-2025-40110 at SUSE CVE-2025-40110 at NVD CVE-2025-40111 at SUSE CVE-2025-40111 at NVD CVE-2025-40115 at SUSE CVE-2025-40115 at NVD CVE-2025-40116 at SUSE CVE-2025-40116 at NVD CVE-2025-40118 at SUSE CVE-2025-40118 at NVD CVE-2025-40120 at SUSE CVE-2025-40120 at NVD CVE-2025-40121 at SUSE CVE-2025-40121 at NVD CVE-2025-40127 at SUSE CVE-2025-40127 at NVD CVE-2025-40129 at SUSE CVE-2025-40129 at NVD CVE-2025-40139 at SUSE CVE-2025-40139 at NVD CVE-2025-40140 at SUSE CVE-2025-40140 at NVD CVE-2025-40141 at SUSE CVE-2025-40141 at NVD CVE-2025-40149 at SUSE CVE-2025-40149 at NVD CVE-2025-40154 at SUSE CVE-2025-40154 at NVD CVE-2025-40156 at SUSE CVE-2025-40156 at NVD CVE-2025-40157 at SUSE CVE-2025-40157 at NVD CVE-2025-40159 at SUSE CVE-2025-40159 at NVD CVE-2025-40164 at SUSE CVE-2025-40164 at NVD CVE-2025-40168 at SUSE CVE-2025-40168 at NVD CVE-2025-40169 at SUSE CVE-2025-40169 at NVD CVE-2025-40171 at SUSE CVE-2025-40171 at NVD CVE-2025-40172 at SUSE CVE-2025-40172 at NVD CVE-2025-40173 at SUSE CVE-2025-40173 at NVD CVE-2025-40176 at SUSE CVE-2025-40176 at NVD CVE-2025-40180 at SUSE CVE-2025-40180 at NVD CVE-2025-40183 at SUSE CVE-2025-40183 at NVD CVE-2025-40186 at SUSE CVE-2025-40186 at NVD CVE-2025-40188 at SUSE CVE-2025-40188 at NVD CVE-2025-40194 at SUSE CVE-2025-40194 at NVD CVE-2025-40198 at SUSE CVE-2025-40198 at NVD CVE-2025-40200 at SUSE CVE-2025-40200 at NVD CVE-2025-40204 at SUSE CVE-2025-40204 at NVD CVE-2025-40205 at SUSE CVE-2025-40205 at NVD CVE-2025-40206 at SUSE CVE-2025-40206 at NVD CVE-2025-40207 at SUSE CVE-2025-40207 at NVD cpe:/o:opensuse:leap:15.6 Security update for rsync (Moderate) openSUSE Leap 15.6 This update for rsync fixes the following issues: - CVE-2025-10158: Fixed out-of-bounds array access via negative index (bsc#1254441) Moderate SUSE bug 1254441 CVE-2025-10158 at SUSE CVE-2025-10158 at NVD cpe:/o:opensuse:leap:15.6 Security update for mozjs52 (Moderate) openSUSE Leap 15.6 This update for mozjs52 fixes the following issues: - CVE-2024-45491: Fixed integer overflow in dtdCopy (bsc#1230037) - CVE-2024-50602: Fixed DoS via XML_ResumeParser (bsc#1232599) - CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart (bsc#1230038) - CVE-2024-45490: Fixed negative len for XML_ParseBuffer (bsc#1230036) Moderate SUSE bug 1230036 SUSE bug 1230037 SUSE bug 1230038 SUSE bug 1232599 CVE-2024-45490 at SUSE CVE-2024-45490 at NVD CVE-2024-45491 at SUSE CVE-2024-45491 at NVD CVE-2024-45492 at SUSE CVE-2024-45492 at NVD CVE-2024-50602 at SUSE CVE-2024-50602 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-50253: bpf: make sure skb->len != 0 when redirecting to a tunneling device (bsc#1249912). - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786). - CVE-2025-21710: tcp: correct handling of extreme memory squeeze (bsc#1237888). - CVE-2025-37916: pds_core: remove write-after-free of client_id (bsc#1243474). - CVE-2025-38359: s390/mm: Fix in_atomic() handling in do_secure_storage_access() (bsc#1247076). - CVE-2025-38361: drm/amd/display: Check dce_hwseq before dereferencing it (bsc#1247079). - CVE-2025-39788: scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE (bsc#1249547). - CVE-2025-39805: net: macb: fix unregister_netdev call order in macb_remove() (bsc#1249982). - CVE-2025-39819: fs/smb: Fix inconsistent refcnt update (bsc#1250176). - CVE-2025-39859: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog (bsc#1250252). - CVE-2025-39944: octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() (bsc#1251120). - CVE-2025-39980: nexthop: Forbid FDB status change while nexthop is in a group (bsc#1252063). - CVE-2025-40001: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (bsc#1252303). - CVE-2025-40021: tracing: dynevent: Add a missing lockdown check on dynevent (bsc#1252681). - CVE-2025-40027: net/9p: fix double req put in p9_fd_cancelled (bsc#1252763). - CVE-2025-40030: pinctrl: check the return value of pinmux_ops::get_function_name() (bsc#1252773). - CVE-2025-40038: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid (bsc#1252817). - CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780). - CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862). - CVE-2025-40055: ocfs2: fix double free in user_cluster_connect() (bsc#1252821). - CVE-2025-40059: coresight: Fix incorrect handling for return value of devm_kzalloc (bsc#1252809). - CVE-2025-40064: smc: Fix use-after-free in __pnet_find_base_ndev() (bsc#1252845). - CVE-2025-40070: pps: fix warning in pps_register_cdev when register device fail (bsc#1252836). - CVE-2025-40074: ipv4: start using dst_dev_rcu() (bsc#1252794). - CVE-2025-40075: tcp_metrics: use dst_dev_net_rcu() (bsc#1252795). - CVE-2025-40083: net/sched: sch_qfq: Fix null-deref in agg_dequeue (bsc#1252912). - CVE-2025-40098: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() (bsc#1252917). - CVE-2025-40105: vfs: Don't leak disconnected dentries on umount (bsc#1252928). - CVE-2025-40139: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set() (bsc#1253409). - CVE-2025-40149: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock() (bsc#1253355). - CVE-2025-40159: xsk: Harden userspace-supplied xdp_desc validation (bsc#1253403). - CVE-2025-40168: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match() (bsc#1253427). - CVE-2025-40169: bpf: Reject negative offsets for ALU ops (bsc#1253416). - CVE-2025-40173: net/ip6_tunnel: Prevent perpetual tunnel growth (bsc#1253421). - CVE-2025-40176: tls: wait for pending async decryptions if tls_strp_msg_hold fails (bsc#1253425). - CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436). The following non-security bugs were fixed: - ACPI: CPPC: Check _CPC validity for only the online CPUs (git-fixes). - ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs (git-fixes). - ACPI: CPPC: Perform fast check switch only for online CPUs (git-fixes). - ACPI: PRM: Skip handlers with NULL handler_address or NULL VA (stable-fixes). - ACPI: SBS: Fix present test in acpi_battery_read() (git-fixes). - ACPI: property: Return present device nodes only on fwnode interface (stable-fixes). - ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids (stable-fixes). - ACPICA: Update dsmethod.c to get rid of unused variable warning (stable-fixes). - ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() (stable-fixes). - ALSA: hda: Fix missing pointer check in hda_component_manager_init function (git-fixes). - ALSA: serial-generic: remove shared static buffer (stable-fixes). - ALSA: usb-audio: Add validation of UAC2/UAC3 effect units (stable-fixes). - ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd (git-fixes). - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer (stable-fixes). - ALSA: usb-audio: add mono main switch to Presonus S1824c (stable-fixes). - ALSA: usb-audio: apply quirk for MOONDROP Quark2 (stable-fixes). - ALSA: usb-audio: do not log messages meant for 1810c when initializing 1824c (git-fixes). - ALSA: usb-audio: fix uac2 clock source at terminal parser (git-fixes). - ASoC: codecs: va-macro: fix resource leak in probe error path (git-fixes). - ASoC: cs4271: Fix regulator leak on probe failure (git-fixes). - ASoC: max98090/91: fixed max98091 ALSA widget powering up/down (stable-fixes). - ASoC: meson: aiu-encoder-i2s: fix bit clock polarity (stable-fixes). - ASoC: qcom: sc8280xp: explicitly set S16LE format in sc8280xp_be_hw_params_fixup() (stable-fixes). - ASoC: stm32: sai: manage context in set_sysclk callback (stable-fixes). - ASoC: tlv320aic3x: Fix class-D initialization for tlv320aic3007 (stable-fixes). - Bluetooth: 6lowpan: Do not hold spin lock over sleeping functions (git-fixes). - Bluetooth: 6lowpan: add missing l2cap_chan_lock() (git-fixes). - Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion (git-fixes). - Bluetooth: 6lowpan: reset link-local header on ipv6 recv path (git-fixes). - Bluetooth: L2CAP: export l2cap_chan_hold for modules (stable-fixes). - Bluetooth: MGMT: cancel mesh send timer when hdev removed (git-fixes). - Bluetooth: SCO: Fix UAF on sco_conn_free (stable-fixes). - Bluetooth: bcsp: receive data only if registered (stable-fixes). - Bluetooth: btrtl: Fix memory leak in rtlbt_parse_firmware_v2() (git-fixes). - Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames (stable-fixes). - Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (git-fixes). - Bluetooth: hci_event: validate skb length for unknown CC opcode (git-fixes). - Documentation: ACPI: i2c-muxes: fix I2C device references (git-fixes). - Drivers: hv: vmbus: Add utility function for querying ring size (git-fixes). - HID: amd_sfh: Stop sensor before starting (git-fixes). - HID: hid-ntrig: Prevent memory leak in ntrig_report_version() (git-fixes). - HID: quirks: avoid Cooler Master MM712 dongle wakeup bug (stable-fixes). - HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (git-fixes). - HID: uclogic: Fix potential memory leak in error path (git-fixes). - Input: atmel_mxt_ts - allow reset GPIO to sleep (stable-fixes). - Input: imx_sc_key - fix memory corruption on unload (git-fixes). - Input: pegasus-notetaker - fix potential out-of-bounds access (git-fixes). - KVM: Pass new routing entries and irqfd when updating IRTEs (git-fixes). - KVM: SVM: Delete IRTE link from previous vCPU before setting new IRTE (git-fixes). - KVM: SVM: Delete IRTE link from previous vCPU irrespective of new routing (git-fixes). - KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 (git-fixes). - KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated (git-fixes). - KVM: SVM: Re-load current, not host, TSC_AUX on #VMEXIT from SEV-ES guest (git-fixes). - KVM: SVM: Track per-vCPU IRTEs using kvm_kernel_irqfd structure (git-fixes). - KVM: SVM: WARN if an invalid posted interrupt IRTE entry is added (git-fixes). - KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported (git-fixes). - KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes). - KVM: VMX: Fix check for valid GVA on an EPT violation (git-fixes). - KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest (git-fixes). - KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs (git-fixes). - KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter (git-fixes). - KVM: x86/mmu: Locally cache whether a PFN is host MMIO when making a SPTE (git-fixes). - KVM: x86: Add helper to retrieve current value of user return MSR (git-fixes). - KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes). - KVM: x86: Do not treat ENTER and LEAVE as branches, because they are not (git-fixes). - KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag (git-fixes). - NFS4: Fix state renewals missing after boot (git-fixes). - NFS: check if suid/sgid was cleared after a write as needed (git-fixes). - NFSD: Never cache a COMPOUND when the SEQUENCE operation fails (git-fixes). - NFSD: Skip close replay processing if XDR encoding fails (git-fixes). - NFSD: free copynotify stateid in nfs4_free_ol_stateid() (git-fixes). - NFSv4.1: fix mount hang after CREATE_SESSION failure (git-fixes). - NFSv4: handle ERR_GRACE on delegation recalls (git-fixes). - PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call (stable-fixes). - PCI/PM: Skip resuming to D0 if device is disconnected (stable-fixes). - PCI: Disable MSI on RDC PCI to PCIe bridges (stable-fixes). - PCI: cadence: Check for the existence of cdns_pcie::ops before using it (stable-fixes). - PCI: dwc: Verify the single eDMA IRQ in dw_pcie_edma_irq_verify() (stable-fixes). - PCI: j721e: Fix incorrect error message in probe() (git-fixes). - PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock (git-fixes). - PCI: tegra194: Reset BARs when running in PCIe endpoint mode (git-fixes). - RDMA/bnxt_re: Do not fail destroy QP and cleanup debugfs earlier (git-fixes). - RDMA/bnxt_re: Fix a potential memory leak in destroy_gsi_sqp (git-fixes). - RDMA/hns: Fix recv CQ and QP cache affinity (git-fixes). - RDMA/hns: Fix the modification of max_send_sge (git-fixes). - RDMA/hns: Fix wrong WQE data when QP wraps around (git-fixes). - RDMA/irdma: Fix SD index calculation (git-fixes). - RDMA/irdma: Set irdma_cq cq_num field during CQ create (git-fixes). - Revert 'drm/tegra: dsi: Clear enable register if powered by bootloader' (git-fixes). - Revert 'wifi: ath10k: avoid unnecessary wait for service ready message' (git-fixes). - accel/habanalabs/gaudi2: fix BMON disable configuration (stable-fixes). - accel/habanalabs/gaudi2: read preboot status after recovering from dirty state (stable-fixes). - accel/habanalabs: return ENOMEM if less than requested pages were pinned (stable-fixes). - accel/habanalabs: support mapping cb with vmalloc-backed coherent memory (stable-fixes). - acpi,srat: Fix incorrect device handle check for Generic Initiator (git-fixes). - amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw (stable-fixes). - block: avoid possible overflow for chunk_sectors check in blk_stack_limits() (git-fixes). - block: fix kobject double initialization in add_disk (git-fixes). - btrfs: abort transaction on failure to add link to inode (git-fixes). - btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range() (git-fix). - btrfs: avoid using fixed char array size for tree names (git-fix). - btrfs: do not update last_log_commit when logging inode due to a new name (git-fixes). - btrfs: fix COW handling in run_delalloc_nocow() (git-fix). - btrfs: fix inode leak on failure to add link to inode (git-fixes). - btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve (git-fix). - btrfs: mark dirty extent range for out of bound prealloc extents (git-fixes). - btrfs: qgroup: correctly model root qgroup rsv in convert (git-fix). - btrfs: rename err to ret in btrfs_link() (git-fixes). - btrfs: run btrfs_error_commit_super() early (git-fix). - btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() (git-fixes). - btrfs: send: fix duplicated rmdir operations when using extrefs (git-fixes). - btrfs: set inode flag BTRFS_INODE_COPY_EVERYTHING when logging new name (git-fixes). - btrfs: simplify error handling logic for btrfs_link() (git-fixes). - btrfs: tree-checker: add dev extent item checks (git-fix). - btrfs: tree-checker: add type and sequence check for inline backrefs (git-fix). - btrfs: tree-checker: fix the wrong output of data backref objectid (git-fix). - btrfs: tree-checker: reject BTRFS_FT_UNKNOWN dir type (git-fix). - btrfs: tree-checker: validate dref root and objectid (git-fix). - btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() (git-fixes). - char: misc: Does not request module for miscdevice with dynamic minor (stable-fixes). - char: misc: Make misc_register() reentry for miscdevice who wants dynamic minor (stable-fixes). - char: misc: restrict the dynamic range to exclude reserved minors (stable-fixes). - cramfs: Verify inode mode when loading from disk (git-fixes). - crypto: aspeed - fix double free caused by devm (git-fixes). - crypto: aspeed-acry - Convert to platform remove callback returning void (stable-fixes). - crypto: hisilicon/qm - Fix device reference leak in qm_get_qos_value (git-fixes). - crypto: iaa - Do not clobber req->base.data (git-fixes). - crypto: qat - use kcalloc() in qat_uclo_map_objs_from_mof() (stable-fixes). - dmaengine: dw-edma: Set status for callback_result (stable-fixes). - dmaengine: mv_xor: match alloc_wc and free_wc (stable-fixes). - drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream (stable-fixes). - drm/amd/display: Disable VRR on DCE 6 (stable-fixes). - drm/amd/display: Fix DVI-D/HDMI adapters (stable-fixes). - drm/amd/display: Fix NULL deref in debugfs odm_combine_segments (git-fixes). - drm/amd/display: Fix black screen with HDMI outputs (git-fixes). - drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration (stable-fixes). - drm/amd/display: add more cyan skillfish devices (stable-fixes). - drm/amd/display: ensure committing streams is seamless (stable-fixes). - drm/amd/display: update dpp/disp clock from smu clock table (stable-fixes). - drm/amd/pm: Disable MCLK switching on SI at high pixel clocks (stable-fixes). - drm/amd/pm: Use cached metrics data on aldebaran (stable-fixes). - drm/amd/pm: Use cached metrics data on arcturus (stable-fixes). - drm/amd: Avoid evicting resources at S5 (stable-fixes). - drm/amd: Fix suspend failure with secure display TA (git-fixes). - drm/amd: add more cyan skillfish PCI ids (stable-fixes). - drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff (stable-fixes). - drm/amdgpu: Allow kfd CRIU with no buffer objects (stable-fixes). - drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices (stable-fixes). - drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl (stable-fixes). - drm/amdgpu: add support for cyan skillfish gpu_info (stable-fixes). - drm/amdgpu: do not enable SMU on cyan skillfish (stable-fixes). - drm/amdgpu: reject gang submissions under SRIOV (stable-fixes). - drm/amdkfd: Handle lack of READ permissions in SVM mapping (stable-fixes). - drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption (stable-fixes). - drm/amdkfd: fix vram allocation failure for a special case (stable-fixes). - drm/amdkfd: return -ENOTTY for unsupported IOCTLs (stable-fixes). - drm/bridge: cdns-dsi: Do not fail on MIPI_DSI_MODE_VIDEO_BURST (stable-fixes). - drm/bridge: cdns-dsi: Fix REG_WAKEUP_TIME value (stable-fixes). - drm/bridge: display-connector: do not set OP_DETECT for DisplayPorts (stable-fixes). - drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD (git-fixes). - drm/i915: Fix conversion between clock ticks and nanoseconds (git-fixes). - drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL (stable-fixes). - drm/msm/dsi/phy_7nm: Fix missing initial VCO rate (stable-fixes). - drm/msm: make sure to not queue up recovery more than once (stable-fixes). - drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() (stable-fixes). - drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb (git-fixes). - drm/tegra: Add call to put_pid() (git-fixes). - drm/tegra: dc: Fix reference leak in tegra_dc_couple() (git-fixes). - drm/tidss: Set crtc modesetting parameters with adjusted mode (stable-fixes). - drm/tidss: Use the crtc_* timings when programming the HW (stable-fixes). - drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (git-fixes). - exfat: limit log print for IO error (git-fixes). - extcon: adc-jack: Cleanup wakeup source only if it was enabled (git-fixes). - extcon: adc-jack: Fix wakeup source leaks on device unbind (stable-fixes). - fbcon: Set fb_display[i]->mode to NULL when the mode is released (stable-fixes). - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (stable-fixes). - fbdev: bitblit: bound-check glyph index in bit_putcs* (stable-fixes). - fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS (stable-fixes). - hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex (stable-fixes). - hwmon: (dell-smm) Add support for Dell OptiPlex 7040 (stable-fixes). - hwmon: (k10temp) Add device ID for Strix Halo (stable-fixes). - hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models (stable-fixes). - hwmon: (sbtsi_temp) AMD CPU extended temperature range support (stable-fixes). - hwmon: sy7636a: add alias (stable-fixes). - iio: adc: imx93_adc: load calibrated values even calibration failed (stable-fixes). - iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register (stable-fixes). - ima: do not clear IMA_DIGSIG flag when setting or removing non-IMA xattr (stable-fixes). - iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE (git-fixes). - isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() (git-fixes). - jfs: Verify inode mode when loading from disk (git-fixes). - jfs: fix uninitialized waitqueue in transaction manager (git-fixes). - kABI fix for KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes). - kabi/severities: drop xfer_to_guest_mode_handle_work. - lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC (git-fixes). - md/raid1: fix data lost for writemostly rdev (git-fixes). - md: fix mssing blktrace bio split events (git-fixes). - media: adv7180: Add missing lock in suspend callback (stable-fixes). - media: adv7180: Do not write format to device in set_fmt (stable-fixes). - media: adv7180: Only validate format in querystd (stable-fixes). - media: amphion: Delete v4l2_fh synchronously in .release() (stable-fixes). - media: fix uninitialized symbol warnings (stable-fixes). - media: i2c: Kconfig: Ensure a dependency on HAVE_CLK for VIDEO_CAMERA_SENSOR (stable-fixes). - media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer (stable-fixes). - media: imon: make send_packet() more robust (stable-fixes). - media: ov08x40: Fix the horizontal flip control (stable-fixes). - media: redrat3: use int type to store negative error codes (stable-fixes). - media: uvcvideo: Use heuristic to find stream entity (git-fixes). - memstick: Add timeout to prevent indefinite waiting (stable-fixes). - mfd: da9063: Split chip variant reading in two bus transactions (stable-fixes). - mfd: madera: Work around false-positive -Wininitialized warning (stable-fixes). - mfd: stmpe-i2c: Add missing MODULE_LICENSE (stable-fixes). - mfd: stmpe: Remove IRQ domain upon removal (stable-fixes). - minixfs: Verify inode mode when loading from disk (git-fixes). - mm/mm_init: fix hash table order logging in alloc_large_system_hash() (git-fixes). - mm/secretmem: fix use-after-free race in fault handler (git-fixes). - mmc: host: renesas_sdhi: Fix the actual clock (stable-fixes). - mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card (stable-fixes). - mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 (git-fixes). - mtd: onenand: Pass correct pointer to IRQ handler (git-fixes). - mtd: rawnand: cadence: fix DMA device NULL pointer dereference (git-fixes). - mtdchar: fix integer overflow in read/write ioctls (git-fixes). - net/mana: fix warning in the writer of client oob (git-fixes). - net/smc: Remove validation of reserved bits in CLC Decline message (bsc#1253779). - net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms (stable-fixes). - net: phy: clear link parameters on admin link down (stable-fixes). - net: phy: fixed_phy: let fixed_phy_unregister free the phy_device (stable-fixes). - net: phy: marvell: Fix 88e1510 downshift counter errata (stable-fixes). - net: tcp: send zero-window ACK when no memory (bsc#1253779). - net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup (git-fixes). - nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing (git-fixes). - nfsd: do not defer requests during idmap lookup in v4 compound decode (bsc#1232223). - nfsd: fix return error codes for nfsd_map_name_to_id (bsc#1232223). - nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot (git-fixes). - perf script: add --addr2line option (bsc#1247509). - phy: cadence: cdns-dphy: Enable lower resolutions in dphy (stable-fixes). - phy: renesas: r8a779f0-ether-serdes: add new step added to latest datasheet (stable-fixes). - phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 (stable-fixes). - pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc (git-fixes). - pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() (git-fixes). - pinctrl: single: fix bias pull up/down handling in pin_config_set (stable-fixes). - platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos (git-fixes). - power: supply: qcom_battmgr: add OOI chemistry (stable-fixes). - power: supply: qcom_battmgr: handle charging state change notifications (stable-fixes). - power: supply: sbs-charger: Support multiple devices (stable-fixes). - regulator: fixed: fix GPIO descriptor leak on register failure (git-fixes). - rtc: rx8025: fix incorrect register reference (git-fixes). - s390/mm,fault: simplify kfence fault handling (bsc#1247076). - scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans (git-fixes). - scsi: aacraid: Stop using PCI_IRQ_AFFINITY (git-fixes). - scsi: core: sysfs: Correct sysfs attributes access rights (git-fixes). - scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() (git-fixes). - scsi: libfc: Prevent integer overflow in fc_fcp_recv_data() (git-fixes). - scsi: mpi3mr: Correctly handle ATA device errors (git-fixes). - scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers (git-fixes). - scsi: mpt3sas: Correctly handle ATA device errors (git-fixes). - scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (git-fixes). - scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod (git-fixes). - scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267). - selftests/bpf: Close fd in error path in drop_on_reuseport (git-fixes). - selftests/bpf: Close obj in error path in xdp_adjust_tail (git-fixes). - selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c (git-fixes). - selftests/bpf: Fix missing BUILD_BUG_ON() declaration (git-fixes). - selftests/bpf: Fix missing UINT_MAX definitions in benchmarks (git-fixes). - selftests/bpf: Fix string read in strncmp benchmark (git-fixes). - selftests/bpf: Mitigate sockmap_ktls disconnect_after_delete failure (git-fixes). - selftests/bpf: Use pid_t consistently in test_progs.c (git-fixes). - selftests/bpf: fix signedness bug in redir_partial() (git-fixes). - serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 (git-fixes). - serial: 8250_mtk: Enable baud clock and manage in runtime PM (git-fixes). - soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups (stable-fixes). - soc: aspeed: socinfo: Add AST27xx silicon IDs (stable-fixes). - soc: qcom: smem: Fix endian-unaware access of num_entries (stable-fixes). - spi: Try to get ACPI GPIO IRQ earlier (git-fixes). - spi: loopback-test: Do not use %pK through printk (stable-fixes). - spi: rpc-if: Add resume support for RZ/G3E (stable-fixes). - strparser: Fix signed/unsigned mismatch bug (git-fixes). - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork (bsc#1250705). - thunderbolt: Use is_pciehp instead of is_hotplug_bridge (stable-fixes). - tools/cpupower: Fix incorrect size in cpuidle_state_disable() (stable-fixes). - tools/cpupower: fix error return value in cpupower_write_sysfs() (stable-fixes). - tools/power x86_energy_perf_policy: Enhance HWP enable (stable-fixes). - tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage (stable-fixes). - tools/power x86_energy_perf_policy: Prefer driver HWP limits (stable-fixes). - tools: lib: thermal: do not preserve owner in install (stable-fixes). - tools: lib: thermal: use pkg-config to locate libnl3 (stable-fixes). - uio_hv_generic: Query the ringbuffer size for device (git-fixes). - usb/core/quirks: Add Huawei ME906S to wakeup quirk (git-fixes). - usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget (stable-fixes). - usb: gadget: f_fs: Fix epfile null pointer access after ep enable (stable-fixes). - usb: gadget: f_hid: Fix zero length packet transfer (stable-fixes). - usb: gadget: f_ncm: Fix MAC assignment NCM ethernet (stable-fixes). - usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs (stable-fixes). - usb: xhci: plat: Facilitate using autosuspend for xhci plat devices (stable-fixes). - video: backlight: lp855x_bl: Set correct EPROM start for LP8556 (stable-fixes). - watchdog: s3c2410_wdt: Fix max_timeout being calculated larger (stable-fixes). - wifi: ath10k: Fix connection after GTK rekeying (stable-fixes). - wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp() (git-fixes). - wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256 (stable-fixes). - wifi: mac80211: Fix HE capabilities element check (stable-fixes). - wifi: mac80211: reject address change while connecting (git-fixes). - wifi: mac80211: skip rate verification for not captured PSDUs (git-fixes). - wifi: mac80211_hwsim: Limit destroy_on_close radio removal to netgroup (git-fixes). - wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device (stable-fixes). - wifi: mt76: mt7996: Temporarily disable EPCS (stable-fixes). - wifi: mwl8k: inject DSSS Parameter Set element into beacons if missing (git-fixes). - wifi: rtw88: sdio: use indirect IO for device registers before power-on (stable-fixes). - wifi: zd1211rw: fix potential memory leak in __zd_usb_enable_rx() (git-fixes). - x86/CPU/AMD: Add RDSEED fix for Zen5 (git-fixes). - x86/CPU/AMD: Add additional fixed RDSEED microcode revisions (git-fixes). - x86/CPU/AMD: Add missing terminator for zen5_rdseed_microcode (git-fixes). - x86/CPU/AMD: Do the common init on future Zens too (git-fixes). - x86/amd_nb: Add new PCI IDs for AMD family 0x1a (stable-fixes). - x86/bugs: Fix reporting of LFENCE retpoline (git-fixes). - x86/bugs: Report correct retbleed mitigation status (git-fixes). - x86/vmscape: Add old Intel CPUs to affected list (git-fixes). - xhci: dbc: Allow users to modify DbC poll interval via sysfs (stable-fixes). - xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive (git-fixes). - xhci: dbc: Improve performance by removing delay in transfer event polling (stable-fixes). - xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event (git-fixes). - xhci: dbc: poll at different rate depending on data transfer activity (stable-fixes). Important SUSE bug 1232223 SUSE bug 1237888 SUSE bug 1243474 SUSE bug 1245193 SUSE bug 1247076 SUSE bug 1247079 SUSE bug 1247500 SUSE bug 1247509 SUSE bug 1249547 SUSE bug 1249912 SUSE bug 1249982 SUSE bug 1250176 SUSE bug 1250237 SUSE bug 1250252 SUSE bug 1250705 SUSE bug 1251120 SUSE bug 1251786 SUSE bug 1252063 SUSE bug 1252267 SUSE bug 1252303 SUSE bug 1252353 SUSE bug 1252681 SUSE bug 1252763 SUSE bug 1252773 SUSE bug 1252780 SUSE bug 1252794 SUSE bug 1252795 SUSE bug 1252809 SUSE bug 1252817 SUSE bug 1252821 SUSE bug 1252836 SUSE bug 1252845 SUSE bug 1252862 SUSE bug 1252912 SUSE bug 1252917 SUSE bug 1252928 SUSE bug 1253018 SUSE bug 1253176 SUSE bug 1253275 SUSE bug 1253318 SUSE bug 1253324 SUSE bug 1253349 SUSE bug 1253352 SUSE bug 1253355 SUSE bug 1253360 SUSE bug 1253362 SUSE bug 1253363 SUSE bug 1253367 SUSE bug 1253369 SUSE bug 1253393 SUSE bug 1253395 SUSE bug 1253403 SUSE bug 1253407 SUSE bug 1253409 SUSE bug 1253412 SUSE bug 1253416 SUSE bug 1253421 SUSE bug 1253423 SUSE bug 1253424 SUSE bug 1253425 SUSE bug 1253427 SUSE bug 1253428 SUSE bug 1253431 SUSE bug 1253436 SUSE bug 1253438 SUSE bug 1253440 SUSE bug 1253441 SUSE bug 1253445 SUSE bug 1253448 SUSE bug 1253449 SUSE bug 1253453 SUSE bug 1253456 SUSE bug 1253472 SUSE bug 1253779 CVE-2022-50253 at SUSE CVE-2022-50253 at NVD CVE-2023-53676 at SUSE CVE-2023-53676 at NVD CVE-2025-21710 at SUSE CVE-2025-21710 at NVD CVE-2025-37916 at SUSE CVE-2025-37916 at NVD CVE-2025-38359 at SUSE CVE-2025-38359 at NVD CVE-2025-38361 at SUSE CVE-2025-38361 at NVD CVE-2025-39788 at SUSE CVE-2025-39788 at NVD CVE-2025-39805 at SUSE CVE-2025-39805 at NVD CVE-2025-39819 at SUSE CVE-2025-39819 at NVD CVE-2025-39859 at SUSE CVE-2025-39859 at NVD CVE-2025-39944 at SUSE CVE-2025-39944 at NVD CVE-2025-39980 at SUSE CVE-2025-39980 at NVD CVE-2025-40001 at SUSE CVE-2025-40001 at NVD CVE-2025-40021 at SUSE CVE-2025-40021 at NVD CVE-2025-40027 at SUSE CVE-2025-40027 at NVD CVE-2025-40030 at SUSE CVE-2025-40030 at NVD CVE-2025-40038 at SUSE CVE-2025-40038 at NVD CVE-2025-40040 at SUSE CVE-2025-40040 at NVD CVE-2025-40048 at SUSE CVE-2025-40048 at NVD CVE-2025-40055 at SUSE CVE-2025-40055 at NVD CVE-2025-40059 at SUSE CVE-2025-40059 at NVD CVE-2025-40064 at SUSE CVE-2025-40064 at NVD CVE-2025-40070 at SUSE CVE-2025-40070 at NVD CVE-2025-40074 at SUSE CVE-2025-40074 at NVD CVE-2025-40075 at SUSE CVE-2025-40075 at NVD CVE-2025-40083 at SUSE CVE-2025-40083 at NVD CVE-2025-40098 at SUSE CVE-2025-40098 at NVD CVE-2025-40105 at SUSE CVE-2025-40105 at NVD CVE-2025-40107 at SUSE CVE-2025-40107 at NVD CVE-2025-40109 at SUSE CVE-2025-40109 at NVD CVE-2025-40110 at SUSE CVE-2025-40110 at NVD CVE-2025-40111 at SUSE CVE-2025-40111 at NVD CVE-2025-40115 at SUSE CVE-2025-40115 at NVD CVE-2025-40116 at SUSE CVE-2025-40116 at NVD CVE-2025-40118 at SUSE CVE-2025-40118 at NVD CVE-2025-40120 at SUSE CVE-2025-40120 at NVD CVE-2025-40121 at SUSE CVE-2025-40121 at NVD CVE-2025-40127 at SUSE CVE-2025-40127 at NVD CVE-2025-40129 at SUSE CVE-2025-40129 at NVD CVE-2025-40139 at SUSE CVE-2025-40139 at NVD CVE-2025-40140 at SUSE CVE-2025-40140 at NVD CVE-2025-40141 at SUSE CVE-2025-40141 at NVD CVE-2025-40149 at SUSE CVE-2025-40149 at NVD CVE-2025-40154 at SUSE CVE-2025-40154 at NVD CVE-2025-40156 at SUSE CVE-2025-40156 at NVD CVE-2025-40157 at SUSE CVE-2025-40157 at NVD CVE-2025-40159 at SUSE CVE-2025-40159 at NVD CVE-2025-40164 at SUSE CVE-2025-40164 at NVD CVE-2025-40168 at SUSE CVE-2025-40168 at NVD CVE-2025-40169 at SUSE CVE-2025-40169 at NVD CVE-2025-40171 at SUSE CVE-2025-40171 at NVD CVE-2025-40172 at SUSE CVE-2025-40172 at NVD CVE-2025-40173 at SUSE CVE-2025-40173 at NVD CVE-2025-40176 at SUSE CVE-2025-40176 at NVD CVE-2025-40180 at SUSE CVE-2025-40180 at NVD CVE-2025-40183 at SUSE CVE-2025-40183 at NVD CVE-2025-40186 at SUSE CVE-2025-40186 at NVD CVE-2025-40188 at SUSE CVE-2025-40188 at NVD CVE-2025-40194 at SUSE CVE-2025-40194 at NVD CVE-2025-40198 at SUSE CVE-2025-40198 at NVD CVE-2025-40200 at SUSE CVE-2025-40200 at NVD CVE-2025-40204 at SUSE CVE-2025-40204 at NVD CVE-2025-40205 at SUSE CVE-2025-40205 at NVD CVE-2025-40206 at SUSE CVE-2025-40206 at NVD CVE-2025-40207 at SUSE CVE-2025-40207 at NVD cpe:/o:opensuse:leap:15.6 Security update for python39 (Moderate) openSUSE Leap 15.6 This update for python39 fixes the following issues: - CVE-2025-12084: quadratic complexity when building nested elements using `xml.dom.minidom` methods that depend on `_clear_id_cache()` can lead to availability issues when building excessively nested documents (bsc#1254997). - CVE-2025-13836: use of `Content-Length` by default when reading an HTTP response with no read amount specified can lead to OOM issues and DoS when a client deals with a malicious server (bsc#1254400). - CVE-2025-13837: data read by the plistlib module according to the size specified by the file itself can lead to OOM issues and DoS (bsc#1254401). Moderate SUSE bug 1254400 SUSE bug 1254401 SUSE bug 1254997 CVE-2025-12084 at SUSE CVE-2025-12084 at NVD CVE-2025-13836 at SUSE CVE-2025-13836 at NVD CVE-2025-13837 at SUSE CVE-2025-13837 at NVD cpe:/o:opensuse:leap:15.6 Security update for apache2-mod_auth_openidc (Important) openSUSE Leap 15.6 This update for apache2-mod_auth_openidc fixes the following issues: - Update to 2.4.17.1 (bsc#1248806 / PED-14130). - Remove many patches, as they've been merged upstream. Important SUSE bug 1248806 CVE-2019-14857 at SUSE CVE-2019-14857 at NVD CVE-2019-20479 at SUSE CVE-2019-20479 at NVD CVE-2021-32785 at SUSE CVE-2021-32785 at NVD CVE-2021-32786 at SUSE CVE-2021-32786 at NVD CVE-2021-32791 at SUSE CVE-2021-32791 at NVD CVE-2021-32792 at SUSE CVE-2021-32792 at NVD CVE-2021-39191 at SUSE CVE-2021-39191 at NVD CVE-2022-23527 at SUSE CVE-2022-23527 at NVD CVE-2023-28625 at SUSE CVE-2023-28625 at NVD CVE-2024-24814 at SUSE CVE-2024-24814 at NVD CVE-2025-31492 at SUSE CVE-2025-31492 at NVD CVE-2025-3891 at SUSE CVE-2025-3891 at NVD cpe:/o:opensuse:leap:15.6 Security update for dpdk22 (Important) openSUSE Leap 15.6 This update for dpdk22 fixes the following issues: Update to version 22.11.10. Security issues fixed: - CVE-2025-23259: issue in the Poll Mode Driver (PMD) allows an attacker on a VM in the system to leak information and cause a denial of service on the network interface (bsc#1254161). Other updates and bugfixes: - Fix SUSE provided DPDK modules tainting the kernel as unsupported (bsc#1214724). Important SUSE bug 1214724 SUSE bug 1254161 CVE-2025-23259 at SUSE CVE-2025-23259 at NVD cpe:/o:opensuse:leap:15.6 Security update for podman (Moderate) openSUSE Leap 15.6 This update for podman fixes the following issues: - CVE-2024-6104: possible sensitive data exposure due to hashicorp/go-retryablehttp not sanitizing URLs when writing them to log files. (bsc#1227052) - CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of CONTINUATION frames read for an HTTP/2 request in golang.org/x/net/http2. (bsc#1236507) Moderate SUSE bug 1227052 SUSE bug 1236507 CVE-2023-45288 at SUSE CVE-2023-45288 at NVD CVE-2024-6104 at SUSE CVE-2024-6104 at NVD cpe:/o:opensuse:leap:15.6 Security update for python39 (Moderate) openSUSE Leap 15.6 This update for python39 fixes the following issue: - Update to 3.9.21 Moderate SUSE bug 1232241 SUSE bug 1233307 CVE-2024-11168 at SUSE CVE-2024-11168 at NVD CVE-2024-9287 at SUSE CVE-2024-9287 at NVD cpe:/o:opensuse:leap:15.6 Security update for python312 (Moderate) openSUSE Leap 15.6 This update for python312 fixes the following issues: - Properly quote path names provided when creating a virtual environment (bsc#1232241, CVE-2024-9287) Moderate SUSE bug 1232241 CVE-2024-9287 at SUSE CVE-2024-9287 at NVD cpe:/o:opensuse:leap:15.6 Security update for python310 (Moderate) openSUSE Leap 15.6 This update for python310 fixes the following issues: - Update to 3.10.16 Moderate SUSE bug 1232241 SUSE bug 1233307 CVE-2024-11168 at SUSE CVE-2024-11168 at NVD CVE-2024-9287 at SUSE CVE-2024-9287 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-21682: eth: bnxt: always recalculate features after XDP clearing, fix null-deref (bsc#1236703). - CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698). - CVE-2025-21676: net: fec: handle page_pool_dev_alloc_pages error (bsc#1236696). - CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694). - CVE-2025-21674: net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel (bsc#1236688). - CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685). - CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683). - CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680). - CVE-2025-21664: dm thin: make get_first_thin use rcu-safe list first function (bsc#1236262). - CVE-2025-21663: net: stmmac: dwmac-tegra: Read iommu stream id from device tree (bsc#1236260). - CVE-2025-21662: net/mlx5: Fix variable not being completed when function returns (bsc#1236198). - CVE-2025-21655: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period (bsc#1236163). - CVE-2025-21653: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (bsc#1236161). - CVE-2025-21652: ipvlan: Fix use-after-free in ipvlan_get_iflink() (bsc#1236160). - CVE-2025-21651: net: hns3: do not auto enable misc vector (bsc#1236145). - CVE-2025-21650: net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue (bsc#1236144). - CVE-2025-21649: net: hns3: fix kernel crash when 1588 is sent on HIP08 devices (bsc#1236143). - CVE-2025-21632: x86/fpu: Ensure shadow stack is active before 'getting' registers (bsc#1236106). - CVE-2024-57946: virtio-blk: do not keep queue frozen during system suspend (bsc#1236247). - CVE-2024-57938: net/sctp: Prevent autoclose integer overflow in sctp_association_init() (bsc#1236182). - CVE-2024-57933: gve: guard XSK operations on the existence of queues (bsc#1236178). - CVE-2024-57932: gve: guard XDP xmit NDO on existence of xdp queues (bsc#1236190). - CVE-2024-57931: selinux: ignore unknown extended permissions (bsc#1236192). - CVE-2024-57929: dm array: fix releasing a faulty array block twice in dm_array_cursor_end (bsc#1236096). - CVE-2024-57917: topology: Keep the cpumask unchanged when printing cpumap (bsc#1236127). - CVE-2024-57903: net: restrict SO_REUSEPORT to inet sockets (bsc#1235967). - CVE-2024-57896: btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount (bsc#1235965). - CVE-2024-57892: ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (bsc#1235964). - CVE-2024-57884: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (bsc#1235948). - CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914). - CVE-2024-57857: RDMA/siw: Remove direct link to net_device (bsc#1235946). - CVE-2024-57838: s390/entry: Mark IRQ entries to fix stack depot warnings (bsc#1235798). - CVE-2024-57809: PCI: imx6: Fix suspend/resume support on i.MX6QDL (bsc#1235793). - CVE-2024-57804: scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs (bsc#1235779). - CVE-2024-57802: netrom: check buffer length before accessing it (bsc#1235941). - CVE-2024-57801: net/mlx5e: Skip restore TC rules for vport rep without loaded flag (bsc#1235940). - CVE-2024-57795: RDMA/rxe: Remove the direct link to net_device (bsc#1235906). - CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors (bsc#1235768). - CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759). - CVE-2024-56775: drm/amd/display: Fix handling of plane refcount (bsc#1235657). - CVE-2024-56774: btrfs: add a sanity check for btrfs root in btrfs_search_slot() (bsc#1235653). - CVE-2024-56763: tracing: Prevent bad count for tracing_cpumask_write (bsc#1235638). - CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645). - CVE-2024-56748: scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() (bsc#1235627). - CVE-2024-56747: scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (bsc#1234934). - CVE-2024-56729: smb: Initialize cfid->tcon before performing network ops (bsc#1235503). - CVE-2024-56728: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c (bsc#1235656). - CVE-2024-56727: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c (bsc#1235583). - CVE-2024-56726: octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c (bsc#1235582). - CVE-2024-56725: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c (bsc#1235578). - CVE-2024-56716: netdevsim: prevent bad user input in nsim_dev_health_break_write() (bsc#1235587). - CVE-2024-56715: ionic: Fix netdev notifier unregister on failure (bsc#1235612). - CVE-2024-56712: udmabuf: fix memory leak on last export_udmabuf() error path (bsc#1235565). - CVE-2024-56708: EDAC/igen6: Avoid segmentation fault on module unload (bsc#1235564). - CVE-2024-56707: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c (bsc#1235545). - CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584). - CVE-2024-56694: bpf: fix recursive lock when verdict program return SK_PASS (bsc#1235412). - CVE-2024-56693: brd: defer automatic disk creation until module initialization succeeds (bsc#1235418). - CVE-2024-56679: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c (bsc#1235498). - CVE-2024-56675: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors (bsc#1235555). - CVE-2024-56665: bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog (bsc#1235489). - CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249). - CVE-2024-56660: net/mlx5: DR, prevent potential error pointer dereference (bsc#1235437). - CVE-2024-56659: net: lapb: increase LAPB_HEADER_LEN (bsc#1235439). - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). - CVE-2024-56656: bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips (bsc#1235444). - CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430). - CVE-2024-56649: net: enetc: Do not configure preemptible TCs if SIs do not support (bsc#1235449). - CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451). - CVE-2024-56643: dccp: Fix memory leak in dccp_feat_change_recv (bsc#1235132). - CVE-2024-56641: net/smc: initialize close_work early to avoid warning (bsc#1235526). - CVE-2024-56637: netfilter: ipset: Hold module reference while requesting a module (bsc#1235523). - CVE-2024-56636: geneve: do not assume mac header is set in geneve_xmit_skb() (bsc#1235520). - CVE-2024-56635: net: avoid potential UAF in default_operstate() (bsc#1235519). - CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480). - CVE-2024-56622: scsi: ufs: core: sysfs: Prevent div by zero (bsc#1235251). - CVE-2024-56620: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled (bsc#1235227). - CVE-2024-56617: cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU (bsc#1235429). - CVE-2024-56615: bpf: fix OOB devmap writes when deleting elements (bsc#1235426). - CVE-2024-56614: xsk: fix OOB map writes when deleting elements (bsc#1235424). - CVE-2024-56611: mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM (bsc#1235391). - CVE-2024-56610: kcsan: Turn report_filterlist_lock into a raw_spinlock (bsc#1235390). - CVE-2024-56608: drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' (bsc#1235487). - CVE-2024-56603: net: af_can: do not leave a dangling sk pointer in can_create() (bsc#1235415). - CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521). - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230). - CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217). - CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244). - CVE-2024-56589: scsi: hisi_sas: Add cond_resched() for no forced preemption model (bsc#1235241). - CVE-2024-56588: scsi: hisi_sas: Create all dump files during debugfs initialization (bsc#1235123). - CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035). - CVE-2024-56569: ftrace: Fix regression with module command in stack_trace_filter (bsc#1235031). - CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032). - CVE-2024-56372: net: tun: fix tun_napi_alloc_frags() (bsc#1235753). - CVE-2024-55881: KVM: x86: Play nice with protected guests in complete_hypercall_exit() (bsc#1235745). - CVE-2024-55639: net: renesas: rswitch: avoid use-after-put for a device tree node (bsc#1235737). - CVE-2024-53685: ceph: give up on paths longer than PATH_MAX (bsc#1235720). - CVE-2024-53236: xsk: Free skb when TX metadata options are invalid (bsc#1235000). - CVE-2024-53232: iommu/s390: Implement blocking domain (bsc#1235050). - CVE-2024-53227: scsi: bfa: Fix use-after-free in bfad_im_module_exit() (bsc#1235011). - CVE-2024-53203: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() (bsc#1235001). - CVE-2024-53198: xen: Fix the issue of resource not being properly released in xenbus_dev_probe() (bsc#1234923). - CVE-2024-53196: KVM: arm64: Do not retire aborted MMIO instruction (bsc#1234906). - CVE-2024-53195: KVM: arm64: Get rid of userspace_irqchip_in_use (bsc#1234957). - CVE-2024-53187: io_uring: check for overflows in io_pin_pages (bsc#1234947). - CVE-2024-53185: smb: client: fix NULL ptr deref in crypto_aead_setkey() (bsc#1234901). - CVE-2024-53175: ipc: fix memleak if msg_init_ns failed in create_ipc_ns (bsc#1234893). - CVE-2024-53172: ubi: fastmap: Fix duplicate slab cache names while attaching (bsc#1234898). - CVE-2024-53170: block: fix uaf for flush rq while iterating tags (bsc#1234888). - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863). - CVE-2024-53091: bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx (bsc#1233638). - CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522). - CVE-2024-50299: sctp: properly validate chunk size in sctp_sf_ootb() (bsc#1233488). - CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221). - CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248). - CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112). - CVE-2024-50151: smb: client: fix OOBs when building SMB2_IOCTL request (bsc#1233055). - CVE-2024-49998: net: dsa: improve shutdown sequence (bsc#1232087). - CVE-2024-49978: gso: fix udp gso fraglist segmentation after pull from frag_list (bsc#1232101). - CVE-2024-49951: Bluetooth: MGMT: Fix possible crash on mgmt_index_removed (bsc#1232158). - CVE-2024-49948: net: add more sanity checks to qdisc_pkt_len_init() (bsc#1232161). - CVE-2024-48881: bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again (bsc#1235727). - CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088). - CVE-2024-45828: i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request (bsc#1235705). - CVE-2024-26810: vfio/pci: Lock external INTx masking ops (bsc#1222803). - CVE-2023-52489: mm/sparsemem: fix race in accessing memory_section->usage (bsc#1221326). The following non-security bugs were fixed: - ACPI/IORT: Add PMCG platform information for HiSilicon HIP09A (stable-fixes). - ACPI/IORT: Add PMCG platform information for HiSilicon HIP10/11 (stable-fixes). - ACPI: PCC: Add PCC shared memory region command and status bitfields (stable-fixes). - ACPI: fan: cleanup resources in the error path of .probe() (git-fixes). - ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] (stable-fixes). - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] (stable-fixes). - ACPI: resource: acpi_dev_irq_override(): Check DMI match last (stable-fixes). - ALSA: hda/realtek - Add support for ASUS Zen AIO 27 Z272SD_A272SD audio (stable-fixes). - ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop (git-fixes). - ALSA: hda/realtek: Add new alc2xx-fixup-headset-mic model (stable-fixes). - ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for Galaxy Book2 Pro (NP950XEE) (stable-fixes). - ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx (stable-fixes). - ALSA: hda/realtek: Enable headset mic on Positivo C6400 (stable-fixes). - ALSA: hda/realtek: Workaround for resume on Dell Venue 11 Pro 7130 (bsc#1235686). - ALSA: hda: Fix headset detection failure due to unstable sort (git-fixes). - ALSA: ump: Use guard() for locking (stable-fixes). - ALSA: usb-audio: Add delay quirk for USB Audio Device (stable-fixes). - ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro (stable-fixes). - ASoC: Intel: avs: Fix theoretical infinite loop (git-fixes). - ASoC: acp: Support microphone from Lenovo Go S (stable-fixes). - ASoC: mediatek: disable buffer pre-allocation (stable-fixes). - ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback (git-fixes). - ASoC: rt722: add delay time to wait for the calibration procedure (stable-fixes). - ASoC: samsung: Add missing depends on I2C (git-fixes). - ASoC: samsung: Add missing selects for MFD_WM8994 (stable-fixes). - ASoC: sun4i-spdif: Add clock multiplier settings (git-fixes). - ASoC: wm8994: Add depends on MFD core (stable-fixes). - Align git commit ID abbreviation guidelines and checks (git-fixes). - Bluetooth: Add support ITTIM PE50-M75C (stable-fixes). - Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection (git-fixes). - Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc (git-fixes). - Bluetooth: MGMT: Fix Add Device to responding before completing (git-fixes). - Bluetooth: btnxpuart: Fix driver sending truncated data (git-fixes). - Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming (git-fixes). - Bluetooth: btusb: Add USB HW IDs for MT7921/MT7922/MT7925 (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0489/e111 for MT7925 (stable-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3602 for MT7925 (stable-fixes). - Bluetooth: btusb: add callback function in btusb suspend/resume (stable-fixes). - Bluetooth: btusb: mediatek: add callback function in btusb_disconnect (stable-fixes). - Bluetooth: hci_sync: Fix not setting Random Address when required (git-fixes). - EDAC/{i10nm,skx,skx_common}: Support UV systems (bsc#1234693). - HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (git-fixes). - HID: fix generic desktop D-Pad controls (git-fixes). - HID: hid-sensor-hub: do not use stale platform-data on remove (git-fixes). - HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check (git-fixes). - HID: multitouch: fix support for Goodix PID 0x01e9 (git-fixes). - Input: atkbd - map F23 key to support default copilot shortcut (stable-fixes). - Input: bbnsm_pwrkey - add remove hook (git-fixes). - Input: bbnsm_pwrkey - fix missed key press after suspend (git-fixes). - Input: davinci-keyscan - remove leftover header (git-fixes). - Input: xpad - add QH Electronics VID/PID (stable-fixes). - Input: xpad - add support for Nacon Evol-X Xbox One Controller (stable-fixes). - Input: xpad - add support for Nacon Pro Compact (stable-fixes). - Input: xpad - add support for wooting two he (arm) (stable-fixes). - Input: xpad - add unofficial Xbox 360 wireless receiver clone (stable-fixes). - Input: xpad - improve name of 8BitDo controller 2dc8:3106 (stable-fixes). - KVM: SVM: Allow guest writes to set MSR_AMD64_DE_CFG bits (bsc#1234635). - KVM: s390: Reject KVM_SET_GSI_ROUTING on ucontrol VMs (git-fixes bsc#1235776). - KVM: s390: Reject setting flic pfault attributes on ucontrol VMs (git-fixes bsc#1235777). - KVM: s390: vsie: fix virtual/physical address in unpin_scb() (git-fixes bsc#1235778). - NFC: nci: Add bounds checking in nci_hci_create_pipe() (git-fixes). - NFSv4.2: fix COPY_NOTIFY xdr buf size calculation (git-fixes). - NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE (git-fixes). - PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 (git-fixes). - PCI: dwc: Always stop link in the dw_pcie_suspend_noirq (git-fixes). - PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() (git-fixes). - PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() (git-fixes). - PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() (git-fixes). - PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() (git-fixes). - PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test (git-fixes). - PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error (git-fixes). - PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset() (git-fixes). - PCI: imx6: Skip controller_id generation logic for i.MX7D (git-fixes). - PCI: microchip: Set inbound address translation for coherent or non-coherent mode (git-fixes). - PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() (git-fixes). - PM: hibernate: Add error handling for syscore_suspend() (git-fixes). - RDMA/bnxt_re: Add send queue size check for variable wqe (git-fixes) - RDMA/bnxt_re: Fix MSN table size for variable wqe mode (git-fixes) - RDMA/bnxt_re: Fix max SGEs for the Work Request (git-fixes) - RDMA/bnxt_re: Fix the max WQE size for static WQE support (git-fixes) - RDMA/bnxt_re: Fix the max WQEs used in Static WQE mode (git-fixes) - RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error (git-fixes) - RDMA/bnxt_re: Fix to export port num to ib_query_qp (git-fixes) - RDMA/mlx4: Avoid false error about access to uninitialized gids array (git-fixes) - RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (git-fixes) - RDMA/mlx5: Fix implicit ODP use after free (git-fixes) - RDMA/mlx5: Fix indirect mkey ODP page count (git-fixes) - RDMA/rxe: Fix mismatched max_msg_sz (git-fixes) - RDMA/rxe: Fix the warning '__rxe_cleanup+0x12c/0x170 [rdma_rxe]' (git-fixes) - RDMA/srp: Fix error handling in srp_add_port (git-fixes) - Revert 'HID: multitouch: Add support for lenovo Y9000P Touchpad' (stable-fixes). - Revert 'drm/i915/dpt: Make DPT object unshrinkable' (stable-fixes). - Revert 'mtd: spi-nor: core: replace dummy buswidth from addr to data' (git-fixes). - Revert 'usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null' (stable-fixes). - USB: core: Disable LPM only for non-suspended ports (git-fixes). - USB: serial: cp210x: add Phoenix Contact UPS Device (stable-fixes). - USB: serial: option: add MeiG Smart SRM815 (stable-fixes). - USB: serial: option: add Neoway N723-EA support (stable-fixes). - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() (git-fixes). - USB: usblp: return error when setting unsupported protocol (git-fixes). - VFS: use system_unbound_wq for delayed_mntput (bsc#1234683). - VMCI: fix reference to ioctl-number.rst (git-fixes). - afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY (git-fixes). - afs: Fix cleanup of immediately failed async calls (git-fixes). - afs: Fix directory format encoding struct (git-fixes). - afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call (git-fixes). - afs: Fix the maximum cell name length (git-fixes). - arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu() (git-fixes) - arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented (git-fixes) - arm64: Kconfig: Make SME depend on BROKEN for now (git-fixes bsc#1236245). - arm64: dts: rockchip: Add sdmmc/sdio/emmc reset controls for RK3328 (git-fixes) - arm64: dts: rockchip: add hevc power domain clock to rk3328 (git-fixes). - arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma (git-fixes) - arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL (git-fixes). - arm64: tegra: Disable Tegra234 sce-fabric node (git-fixes) - arm64: tegra: Fix Tegra234 PCIe interrupt-map (git-fixes) - arm64: tegra: Fix typo in Tegra234 dce-fabric compatible (git-fixes) - ata: libata-core: Set ATA_QCFLAG_RTF_FILLED in fill_result_tf() (stable-fixes). - bnxt_en: Fix GSO type for HW GRO packets on 5750X chips (git-fixes) - btrfs: fix use-after-free in btrfs_encoded_read_endio() (bsc#1235445). - btrfs: fix use-after-free waiting for encoded read endios (bsc#1235445). - bus: mhi: host: Free mhi_buf vector inside mhi_alloc_bhie_table() (git-fixes). - ceph: improve error handling and short/overflow-read logic in __ceph_sync_read() (bsc#1228592). - cleanup: Add conditional guard support (stable-fixes). - cleanup: Adjust scoped_guard() macros to avoid potential warning (stable-fixes). - cleanup: Remove address space of returned pointer (git-fixes). - cpufreq: ACPI: Fix max-frequency computation (git-fixes). - cpufreq: Do not unregister cpufreq cooling on CPU hotplug (git-fixes). - cpufreq: amd-pstate: remove global header file (git-fixes). - cpufreq: intel_pstate: Check turbo_is_disabled() in store_no_turbo() (bsc#1234619). - cpufreq: intel_pstate: Do not update global.turbo_disabled after initialization (bsc#1234619). - cpufreq: intel_pstate: Drop redundant locking from intel_pstate_driver_cleanup() (bsc#1234619). - cpufreq: intel_pstate: Fix unchecked HWP MSR access (bsc#1234619). - cpufreq: intel_pstate: Fold intel_pstate_max_within_limits() into caller (bsc#1234619). - cpufreq: intel_pstate: Get rid of unnecessary READ_ONCE() annotations (bsc#1234619). - cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock (git-fixes). - cpufreq: intel_pstate: Read global.no_turbo under READ_ONCE() (bsc#1234619). - cpufreq: intel_pstate: Rearrange show_no_turbo() and store_no_turbo() (bsc#1234619). - cpufreq: intel_pstate: Refine computation of P-state for given frequency (bsc#1234619). - cpufreq: intel_pstate: Replace three global.turbo_disabled checks (bsc#1234619). - cpufreq: intel_pstate: Revise global turbo disable check (bsc#1234619). - cpufreq: intel_pstate: Simplify spinlock locking (bsc#1234619). - cpufreq: intel_pstate: Update the maximum CPU frequency consistently (bsc#1234619). - cpufreq: intel_pstate: Use HWP to initialize ITMT if CPPC is missing (git-fixes). - cpufreq: intel_pstate: Use __ro_after_init for three variables (bsc#1234619). - cpufreq: intel_pstate: Wait for canceled delayed work to complete (bsc#1234619). - cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back (git-fixes). - cpuidle: Avoid potential overflow in integer multiplication (git-fixes). - cpupower: fix TSC MHz calculation (git-fixes). - crypto: caam - use JobR's space to access page 0 regs (git-fixes). - crypto: ecc - Prevent ecc_digits_from_bytes from reading too many bytes (git-fixes). - crypto: ecdsa - Avoid signed integer overflow on signature decoding (stable-fixes). - crypto: ecdsa - Convert byte arrays with key coordinates to digits (stable-fixes). - crypto: ecdsa - Rename keylen to bufsize where necessary (stable-fixes). - crypto: ecdsa - Use ecc_digits_from_bytes to convert signature (stable-fixes). - crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async' (git-fixes). - crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() (git-fixes). - crypto: qce - fix goto jump in error path (git-fixes). - crypto: qce - fix priority to be less than ARMv8 CE (git-fixes). - crypto: qce - unregister previously registered algos in error path (git-fixes). - devcoredump: cleanup some comments (git-fixes). - dlm: fix possible lkb_resource null dereference (git-fixes). - dmaengine: ti: edma: fix OF node reference leaks in edma_driver (git-fixes). - docs: media: update location of the media patches (stable-fixes). - docs: power: Fix footnote reference for Toshiba Satellite P10-554 (git-fixes). - driver core: class: Fix wild pointer dereferences in API class_dev_iter_next() (git-fixes). - drivers/card_reader/rtsx_usb: Restore interrupt based detection (git-fixes). - drm/amd/display: Add check for granularity in dml ceil/floor helpers (stable-fixes). - drm/amd/display: Fix DSC-re-computing (stable-fixes). - drm/amd/display: Fix incorrect DSC recompute trigger (stable-fixes). - drm/amd/display: Use HW lock mgr for PSR1 (stable-fixes). - drm/amd/display: increase MAX_SURFACES to the value supported by hw (stable-fixes). - drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config() (git-fixes). - drm/amdgpu/vcn: reset fw_shared under SRIOV (git-fixes). - drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table (git-fixes). - drm/amdgpu: always sync the GFX pipe on ctx switch (stable-fixes). - drm/amdgpu: simplify return statement in amdgpu_ras_eeprom_init (git-fixes). - drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini() (git-fixes). - drm/amdkfd: Correct the migration DMA map direction (stable-fixes). - drm/amdkfd: fixed page fault when enable MES shader debugger (git-fixes). - drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE (git-fixes). - drm/etnaviv: Fix page property being used for non writecombine buffers (git-fixes). - drm/i915/fb: Relax clear color alignment to 64 bytes (stable-fixes). - drm/mediatek: Add return value check when reading DPCD (git-fixes). - drm/mediatek: Add support for 180-degree rotation in the display driver (git-fixes). - drm/mediatek: Fix YCbCr422 color format issue for DP (git-fixes). - drm/mediatek: Fix mode valid issue for dp (git-fixes). - drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err (git-fixes). - drm/mediatek: mtk_dsi: Add registers to pdata to fix MT8186/MT8188 (git-fixes). - drm/mediatek: stop selecting foreign drivers (git-fixes). - drm/msm/dp: set safe_to_exit_level before printing it (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8150 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8250 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8350 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8550 (git-fixes). - drm/msm: Check return value of of_dma_configure() (git-fixes). - drm/msm: do not clean up priv->kms prematurely (git-fixes). - drm/rcar-du: dsi: Fix PHY lock bit check (git-fixes). - drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() (git-fixes). - drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8 (git-fixes). - drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset (git-fixes). - drm/rockchip: vop2: Fix the mixer alpha setup for layer 0 (git-fixes). - drm/tidss: Clear the interrupt status for interrupts being disabled (git-fixes). - drm/tidss: Fix issue in irq handling causing irq-flood issue (git-fixes). - drm/v3d: Assign job pointer to NULL before signaling the fence (git-fixes). - drm/v3d: Ensure job pointer is set to NULL after job completion (git-fixes). - drm/v3d: Stop active perfmon if it is being destroyed (git-fixes). - drm/vmwgfx: Add new keep_resv BO param (git-fixes). - exfat: ensure that ctime is updated whenever the mtime is (git-fixes). - exfat: fix the infinite loop in __exfat_free_cluster() (git-fixes). - exfat: fix the infinite loop in exfat_readdir() (git-fixes). - fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() (git-fixes). - genirq: Make handle_enforce_irqctx() unconditionally available (git-fixes). - genksyms: fix memory leak when the same symbol is added from source (git-fixes). - genksyms: fix memory leak when the same symbol is read from *.symref file (git-fixes). - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (git-fixes). - gpio: mxc: remove dead code after switch to DT-only (git-fixes). - gpio: xilinx: Convert gpio_lock to raw spinlock (git-fixes). - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes). - hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur (git-fixes). - hwmon: (drivetemp) Set scsi command timeout to 10s (stable-fixes). - hwmon: (tmp513) Fix division of negative numbers (git-fixes). - hyperv: Do not overlap the hvcall IO areas in get_vtl() (git-fixes). - i2c: core: fix reference leak in i2c_register_adapter() (git-fixes). - i2c: i801: Add support for Intel Arrow Lake-H (stable-fixes). - i2c: i801: Add support for Intel Panther Lake (stable-fixes). - i2c: mux: demux-pinctrl: check initial mux selection, too (git-fixes). - i2c: rcar: fix NACK handling when being a target (git-fixes). - i2c: xgene-slimpro: Migrate to use generic PCC shmem related macros (stable-fixes). - ibmvnic: Free any outstanding tx skbs during scrq reset (bsc#1226980). - ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() (git-fixes). - iio: adc: ad7124: Disable all channels at probe time (git-fixes). - iio: adc: ad_sigma_delta: Handle CS assertion as intended in ad_sd_read_reg_raw() (git-fixes). - iio: adc: at91: call input_free_device() on allocated iio_dev (git-fixes). - iio: adc: rockchip_saradc: fix information leak in triggered buffer (git-fixes). - iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() (git-fixes). - iio: adc: ti-ads8688: fix information leak in triggered buffer (git-fixes). - iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer (git-fixes). - iio: gyro: fxas21002c: Fix missing data update in trigger handler (git-fixes). - iio: iio-mux: kzalloc instead of devm_kzalloc to ensure page alignment (git-fixes). - iio: imu: kmx61: fix information leak in triggered buffer (git-fixes). - iio: inkern: call iio_device_put() only on mapped devices (git-fixes). - iio: light: as73211: fix channel handling in only-color triggered buffer (git-fixes). - iio: light: vcnl4035: fix information leak in triggered buffer (git-fixes). - iio: pressure: zpa2326: fix information leak in triggered buffer (git-fixes). - iio: test : check null return of kunit_kmalloc in iio_rescale_test_scale (git-fixes). - intel_th: core: fix kernel-doc warnings (git-fixes). - ipmi: ipmb: Add check devm_kasprintf() returned value (git-fixes). - ipmi: ssif_bmc: Fix new request loss when bmc ready for a response (git-fixes). - irqchip/gic-v3: Force propagation of the active state with a read-back (stable-fixes). - irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base (stable-fixes). - kABI workaround for struct auto_pin_cfg_item change (git-fixes). - kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST (git-fixes). - kheaders: Ignore silly-rename files (stable-fixes). - ktest.pl: Avoid false positives with grub2 skip regex (stable-fixes). - ktest.pl: Check kernelrelease return in get_version (git-fixes). - ktest.pl: Fix typo 'accesing' (git-fixes). - ktest.pl: Fix typo in comment (git-fixes). - ktest.pl: Remove unused declarations in run_bisect_test function (git-fixes). - ktest: force $buildonly = 1 for 'make_warnings_file' test type (stable-fixes). - landlock: Handle weird files (git-fixes). - latencytop: use correct kernel-doc format for func params (git-fixes). - leds: lp8860: Write full EEPROM, not only half of it (git-fixes). - leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() (git-fixes). - lib/inflate.c: remove dead code (git-fixes). - lib/stackdepot: print disabled message only if truly disabled (git-fixes). - mac802154: check local interfaces before deleting sdata list (stable-fixes). - mailbox: pcc: Add support for platform notification handling (stable-fixes). - mailbox: pcc: Support shared interrupt for multiple subspaces (stable-fixes). - mailbox: tegra-hsp: Clear mailbox before using message (git-fixes). - maple_tree: simplify split calculation (git-fixes). - media: camif-core: Add check for clk_enable() (git-fixes). - media: ccs: Clean up parsed CCS static data on parse failure (git-fixes). - media: ccs: Fix CCS static data parsing for large block sizes (git-fixes). - media: ccs: Fix cleanup order in ccs_probe() (git-fixes). - media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer (git-fixes). - media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes). - media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes). - media: i2c: imx412: Add missing newline to prints (git-fixes). - media: i2c: ov9282: Correct the exposure offset (git-fixes). - media: imx-jpeg: Fix potential error pointer dereference in detach_pm() (git-fixes). - media: imx296: Add standby delay during probe (git-fixes). - media: lmedm04: Handle errors for lme2510_int_read (git-fixes). - media: marvell: Add check for clk_enable() (git-fixes). - media: mc: fix endpoint iteration (git-fixes). - media: mipi-csis: Add check for clk_enable() (git-fixes). - media: nxp: imx8-isi: fix v4l2-compliance test errors (git-fixes). - media: ov08x40: Fix hblank out of range issue (git-fixes). - media: ov5640: fix get_light_freq on auto (git-fixes). - media: rc: iguanair: handle timeouts (git-fixes). - media: rkisp1: Fix unused value issue (git-fixes). - media: uvcvideo: Drop uvcvideo fix due to regression (bsc#1235894) - media: uvcvideo: Fix crash during unbind if gpio unit is in use (git-fixes). - media: uvcvideo: Fix double free in error path (git-fixes). - media: uvcvideo: Fix event flags in uvc_ctrl_send_events (git-fixes). - media: uvcvideo: Force UVC version to 1.0a for 0408:4035 (stable-fixes). - media: uvcvideo: Only save async fh if success (git-fixes). - media: uvcvideo: Propagate buf->error to userspace (git-fixes). - media: uvcvideo: Remove dangling pointers (git-fixes). - media: uvcvideo: Remove redundant NULL assignment (git-fixes). - media: uvcvideo: Support partial control reads (git-fixes). - memory tiering: count PGPROMOTE_SUCCESS when mem tiering is enabled (git-fixes). - memory-failure: use a folio in me_huge_page() (git-fixes). - memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() (git-fixes). - misc: fastrpc: Deregister device nodes properly in error scenarios (git-fixes). - misc: fastrpc: Fix copy buffer page size (git-fixes). - misc: fastrpc: Fix registered buffer page address (git-fixes). - misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling (git-fixes). - misc: microchip: pci1xxxx: Resolve return code mismatch during GPIO set config (git-fixes). - misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors (git-fixes). - mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes). - mm,page_owner: do not remove __GFP_NOLOCKDEP in add_stack_record_to_list (git-fixes). - mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)). - mm/memory-failure: cast index to loff_t before shifting it (git-fixes). - mm/memory-failure: check the mapcount of the precise page (git-fixes). - mm/memory-failure: fix crash in split_huge_page_to_list from soft_offline_page (git-fixes). - mm/memory-failure: pass the folio and the page to collect_procs() (git-fixes). - mm/memory-failure: use raw_spinlock_t in struct memory_failure_cpu (git-fixes). - mm/memory_hotplug: add missing mem_hotplug_lock (git-fixes). - mm/memory_hotplug: fix error handling in add_memory_resource() (git-fixes). - mm/memory_hotplug: prevent accessing by index=-1 (git-fixes). - mm/memory_hotplug: use pfn math in place of direct struct page manipulation (git-fixes). - mm/migrate: correct nr_failed in migrate_pages_sync() (git-fixes). - mm/migrate: fix deadlock in migrate_pages_batch() on large folios (git-fixes). - mm/migrate: putback split folios when numa hint migration fails (git-fixes). - mm/migrate: split source folio if it is on deferred split list (git-fixes). - mm/page_owner: remove free_ts from page_owner output (git-fixes). - mm/rodata_test: use READ_ONCE() to read const variable (git-fixes). - mm: convert DAX lock/unlock page to lock/unlock folio (git-fixes). - mm: memory-failure: ensure moving HWPoison flag to the raw error pages (git-fixes). - mm: memory-failure: fetch compound head after extra page refcnt is held (git-fixes). - mm: memory-failure: fix potential page refcnt leak in memory_failure() (git-fixes). - mm: memory-failure: fix race window when trying to get hugetlb folio (git-fixes). - mm: memory-failure: remove unneeded PageHuge() check (git-fixes). - mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes). - modpost: fix the missed iteration for the max bit in do_input() (git-fixes). - mtd: onenand: Fix uninitialized retlen in do_otp_read() (git-fixes). - mtd: spinand: Remove write_enable_op() in markbad() (git-fixes). - net/rose: prevent integer overflows in rose_setsockopt() (git-fixes). - net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). - net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760). - net: mana: Enable debugfs files for MANA device (bsc#1236758). - net: netvsc: Update default VMBus channels (bsc#1236757). - net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset (git-fixes). - net: rose: fix timer races against user threads (git-fixes). - net: usb: qmi_wwan: add Telit FE910C04 compositions (stable-fixes). - net: usb: rtl8150: enable basic endpoint checking (git-fixes). - net: wwan: iosm: Properly check for valid exec stage in ipc_mmio_init() (git-fixes). - net: wwan: t7xx: Fix FSM command timeout issue (git-fixes). - netfilter: nf_tables: validate family when identifying table via handle (bsc#1233778 ZDI-24-1454). - nilfs2: fix possible int overflows in nilfs_fiemap() (git-fixes). - nvme-tcp: Fix I/O queue cpu spreading for multiple controllers (git-fixes). - nvme: Add error check for xa_store in nvme_get_effects_log (git-fixes). - nvme: Add error path for xa_store in nvme_init_effects (git-fixes). - nvme: fix bogus kzalloc() return check in nvme_init_effects_log() (git-fixes). - nvmet: propagate npwg topology (git-fixes). - ocfs2: temporarily disable upstream patch (bsc#1236138) - padata: add pd get/put refcnt helper (git-fixes). - padata: avoid UAF for reorder_work (git-fixes). - padata: fix UAF in padata_reorder (git-fixes). - pinctrl: amd: Take suspend type into consideration which pins are non-wake (git-fixes). - pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails (git-fixes). - platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it (git-fixes). - platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1225897). - platform/x86/intel/tpmi: Add defines to get version information (bsc#1225897). - pm:cpupower: Add missing powercap_set_enabled() stub function (git-fixes). - power: ip5xxx_power: Fix return value on ADC read errors (git-fixes). - powerpc/iommu: Move pSeries specific functions to pseries/iommu.c (bsc#1220711 ltc#205755). - powerpc/iommu: Only build sPAPR access functions on pSeries (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove MVE code (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove ioda1 support (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove last IODA1 defines (bsc#1220711 ltc#205755). - powerpc/pseries/eeh: Fix get PE state translation (bsc#1215199). - powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW (bsc#1218470 ltc#204531). - powerpc/pseries/vas: Add close() callback in vas_vm_ops struct (bsc#1234825). - pps: add an error check in parport_attach (git-fixes). - pps: remove usage of the deprecated ida_simple_xx() API (stable-fixes). - printk: Add is_printk_legacy_deferred() (bsc#1236733). - printk: Defer legacy printing when holding printk_cpu_sync (bsc#1236733). - pwm: stm32-lp: Add check for clk_enable() (git-fixes). - pwm: stm32: Add check for clk_enable() (git-fixes). - r8169: enable SG/TSO on selected chip versions per default (bsc#1235874). - rcu-tasks: Pull sampling of ->percpu_dequeue_lim out of loop (git-fixes) - rcu/tree: Defer setting of jiffies during stall reset (git-fixes) - rcu: Dump memory object info if callback function is invalid (git-fixes) - rcu: Eliminate rcu_gp_slow_unregister() false positive (git-fixes) - rcuscale: Move rcu_scale_writer() (git-fixes) - rdma/cxgb4: Prevent potential integer overflow on 32bit (git-fixes) - regulator: core: Add missing newline character (git-fixes). - regulator: of: Implement the unwind path of of_regulator_match() (git-fixes). - remoteproc: core: Fix ida_free call while not allocated (git-fixes). - rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (git-fixes). - rtc: zynqmp: Fix optional clock name property (git-fixes). - s390x config: IOMMU_DEFAULT_DMA_LAZY=y (bsc#1235646) - samples/landlock: Fix possible NULL dereference in parse_path() (git-fixes). - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat (bsc#1235865). - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat -kabi (bsc#1235865). - scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (git-fixes). - seccomp: Stub for !CONFIG_SECCOMP (stable-fixes). - selftest: media_tests: fix trivial UAF typo (git-fixes). - selftests/alsa: Fix circular dependency involving global-timer (stable-fixes). - selftests/landlock: Fix error message (git-fixes). - selftests/mm/cow: modify the incorrect checking parameters (git-fixes). - selftests/powerpc: Fix argument order to timer_sub() (git-fixes). - selftests: harness: fix printing of mismatch values in __EXPECT() (git-fixes). - selftests: mptcp: avoid spurious errors on disconnect (git-fixes). - selftests: tc-testing: reduce rshift value (stable-fixes). - selftests: timers: clocksource-switch: Adapt progress to kselftest framework (git-fixes). - selinux: Fix SCTP error inconsistency in selinux_socket_bind() (git-fixes). - serial: 8250: Adjust the timeout for FIFO mode (git-fixes). - serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use (git-fixes). - serial: sh-sci: Drop __initdata macro for port_cfg (git-fixes). - soc: atmel: fix device_node release in atmel_soc_device_init() (git-fixes). - soc: mediatek: mtk-devapc: Fix leaking IO map on error paths (git-fixes). - soc: qcom: smem_state: fix missing of_node_put in error path (git-fixes). - soc: qcom: socinfo: Avoid out of bounds read of serial number (git-fixes). - sound: usb: enable DSD output for ddHiFi TC44C (stable-fixes). - sound: usb: format: do not warn that raw DSD is unsupported (stable-fixes). - spi: zynq-qspi: Add check for clk_enable() (git-fixes). - srcu: Fix srcu_struct node grpmask overflow on 64-bit systems (git-fixes) - srcu: Only accelerate on enqueue time (git-fixes) - stackdepot: rename pool_index to pool_index_plus_1 (git-fixes). - stackdepot: respect __GFP_NOLOCKDEP allocation flag (git-fixes). - staging: iio: ad9832: Correct phase range check (git-fixes). - staging: iio: ad9834: Correct phase range check (git-fixes). - staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() (git-fixes). - staging: media: max96712: fix kernel oops when removing module (git-fixes). - thermal: of: fix OF node leak in of_thermal_zone_find() (git-fixes). - thunderbolt: Add support for Intel Lunar Lake (stable-fixes). - thunderbolt: Add support for Intel Panther Lake-M/P (stable-fixes). - tipc: fix NULL deref in cleanup_bearer() (bsc#1235433). - tools: Sync if_xdp.h uapi tooling header (git-fixes). - tpm: Map the ACPI provided event log (bsc#1233260 bsc#1233259 bsc#1232421). - tty: serial: 8250: Fix another runtime PM usage counter underflow (git-fixes). - tty: xilinx_uartps: split sysrq handling (git-fixes). - ubifs: skip dumping tnc tree when zroot is null (git-fixes). - uio: Fix return value of poll (git-fixes). - uio: uio_dmem_genirq: check the return value of devm_kasprintf() (git-fixes). - usb-storage: Add max sectors quirk for Nokia 208 (stable-fixes). - usb: chipidea: add CI_HDRC_FORCE_VBUS_ACTIVE_ALWAYS flag (stable-fixes). - usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes). - usb: dwc3-am62: Disable autosuspend during remove (git-fixes). - usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk() (git-fixes). - usb: dwc3: gadget: fix writing NYET threshold (git-fixes). - usb: fix reference leak in usb_new_device() (git-fixes). - usb: gadget: configfs: Ignore trailing LF for user strings to cdev (git-fixes). - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind (git-fixes). - usb: gadget: f_tcm: Decrement command ref count on cleanup (git-fixes). - usb: gadget: f_tcm: Do not free command immediately (git-fixes). - usb: gadget: f_tcm: Do not prepare BOT write request twice (git-fixes). - usb: gadget: f_tcm: Fix Get/SetInterface return value (git-fixes). - usb: gadget: f_tcm: Translate error to sense (git-fixes). - usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint (git-fixes). - usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints (git-fixes). - usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null (git-fixes). - usb: host: xhci-plat: Assign shared_hcd->rsrc_start (git-fixes). - usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control() (bsc#1235001) - usb: typec: tcpm/tcpci_maxim: fix error code in max_contaminant_read_resistance_kohm() (git-fixes). - usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE (git-fixes). - usbnet: ipheth: break up NCM header size computation (git-fixes). - usbnet: ipheth: check that DPE points past NCM header (git-fixes). - usbnet: ipheth: fix DPE OoB read (git-fixes). - usbnet: ipheth: fix possible overflow in DPE length check (git-fixes). - usbnet: ipheth: refactor NCM datagram loop (git-fixes). - usbnet: ipheth: use static NDP16 location in URB (git-fixes). - virtio-mem: check if the config changed before fake offlining memory (git-fixes). - virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes). - virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes). - virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes). - vmscan,migrate: fix page count imbalance on node stats when demoting pages (git-fixes). - vsock/virtio: cancel close work in the destructor (git-fixes) - vsock: Keep the binding until socket destruction (git-fixes) - vsock: reset socket state when de-assigning the transport (git-fixes) - watchdog: rzg2l_wdt: Power on the watchdog domain in the restart handler (stable-fixes). - watchdog: rzg2l_wdt: Rely on the reset driver for doing proper reset (stable-fixes). - watchdog: rzg2l_wdt: Remove reset de-assert from probe (stable-fixes). - wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855 (git-fixes). - wifi: ath11k: cleanup struct ath11k_mon_data (git-fixes). - wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask() (stable-fixes). - wifi: ath12k: fix tx power, max reg power update to firmware (git-fixes). - wifi: brcmfmac: add missing header include for brcmf_dbg (git-fixes). - wifi: cfg80211: adjust allocation of colocated AP data (git-fixes). - wifi: iwlwifi: fw: read STEP table from correct UEFI var (git-fixes). - wifi: mac80211: Add non-atomic station iterator (stable-fixes). - wifi: mac80211: Fix common size calculation for ML element (git-fixes). - wifi: mac80211: do not flush non-uploaded STAs (git-fixes). - wifi: mac80211: export ieee80211_purge_tx_queue() for drivers (stable-fixes). - wifi: mac80211: fix mbss changed flags corruption on 32 bit systems (stable-fixes). - wifi: mac80211: fix tid removal during mesh forwarding (git-fixes). - wifi: mac80211: prohibit deactivating all links (git-fixes). - wifi: mac80211: wake the queues in case of failure in resume (stable-fixes). - wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO (git-fixes). - wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC (git-fixes). - wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz on MT7916 (git-fixes). - wifi: mt76: mt7915: firmware restart on devices with a second pcie link (git-fixes). - wifi: mt76: mt7915: fix overflows seen when writing limit attributes (git-fixes). - wifi: mt76: mt7915: fix register mapping (git-fixes). - wifi: mt76: mt7921: fix using incorrect group cipher after disconnection (git-fixes). - wifi: mt76: mt7925: fix off by one in mt7925_load_clc() (git-fixes). - wifi: mt76: mt7996: add max mpdu len capability (git-fixes). - wifi: mt76: mt7996: fix HE Phy capability (git-fixes). - wifi: mt76: mt7996: fix definition of tx descriptor (git-fixes). - wifi: mt76: mt7996: fix incorrect indexing of MIB FW event (git-fixes). - wifi: mt76: mt7996: fix ldpc setting (git-fixes). - wifi: mt76: mt7996: fix overflows seen when writing limit attributes (git-fixes). - wifi: mt76: mt7996: fix register mapping (git-fixes). - wifi: mt76: mt7996: fix rx filter setting for bfee functionality (git-fixes). - wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU (git-fixes). - wifi: rtlwifi: destroy workqueue at rtl_deinit_core (git-fixes). - wifi: rtlwifi: do not complete firmware loading needlessly (git-fixes). - wifi: rtlwifi: fix init_sw_vars leak when probe fails (git-fixes). - wifi: rtlwifi: fix memory leaks and invalid access at probe error path (git-fixes). - wifi: rtlwifi: pci: wait for firmware loading before releasing memory (git-fixes). - wifi: rtlwifi: remove unused check_buddy_priv (git-fixes). - wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step (git-fixes). - wifi: rtlwifi: rtl8821ae: Fix media status report (git-fixes). - wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop (git-fixes). - wifi: rtlwifi: usb: fix workqueue leak when probe fails (git-fixes). - wifi: rtlwifi: wait for firmware loading before releasing memory (git-fixes). - wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb (stable-fixes). - wifi: rtw89: mcc: consider time limits not divisible by 1024 (git-fixes). - wifi: wcn36xx: fix channel survey memory allocation size (git-fixes). - wifi: wlcore: fix unbalanced pm_runtime calls (git-fixes). - workqueue: Add rcu lock check at the end of work item execution (bsc#1236732). - x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (git-fixes). - xfs: Add error handling for xfs_reflink_cancel_cow_range (git-fixes). - xfs: Propagate errors from xfs_reflink_cancel_cow_range in xfs_dax_write_iomap_end (git-fixes). Important SUSE bug 1012628 SUSE bug 1194869 SUSE bug 1215199 SUSE bug 1216813 SUSE bug 1218470 SUSE bug 1220711 SUSE bug 1221326 SUSE bug 1222803 SUSE bug 1224049 SUSE bug 1225897 SUSE bug 1226980 SUSE bug 1228592 SUSE bug 1229833 SUSE bug 1231016 SUSE bug 1231088 SUSE bug 1232087 SUSE bug 1232101 SUSE bug 1232158 SUSE bug 1232161 SUSE bug 1232421 SUSE bug 1232882 SUSE bug 1233055 SUSE bug 1233112 SUSE bug 1233221 SUSE bug 1233248 SUSE bug 1233259 SUSE bug 1233260 SUSE bug 1233488 SUSE bug 1233522 SUSE bug 1233638 SUSE bug 1233642 SUSE bug 1233778 SUSE bug 1234195 SUSE bug 1234619 SUSE bug 1234635 SUSE bug 1234683 SUSE bug 1234693 SUSE bug 1234726 SUSE bug 1234825 SUSE bug 1234863 SUSE bug 1234887 SUSE bug 1234888 SUSE bug 1234893 SUSE bug 1234898 SUSE bug 1234901 SUSE bug 1234906 SUSE bug 1234923 SUSE bug 1234931 SUSE bug 1234934 SUSE bug 1234947 SUSE bug 1234957 SUSE bug 1235000 SUSE bug 1235001 SUSE bug 1235011 SUSE bug 1235031 SUSE bug 1235032 SUSE bug 1235035 SUSE bug 1235037 SUSE bug 1235038 SUSE bug 1235039 SUSE bug 1235040 SUSE bug 1235042 SUSE bug 1235043 SUSE bug 1235046 SUSE bug 1235050 SUSE bug 1235051 SUSE bug 1235053 SUSE bug 1235054 SUSE bug 1235057 SUSE bug 1235059 SUSE bug 1235065 SUSE bug 1235070 SUSE bug 1235073 SUSE bug 1235100 SUSE bug 1235112 SUSE bug 1235115 SUSE bug 1235117 SUSE bug 1235122 SUSE bug 1235123 SUSE bug 1235125 SUSE bug 1235132 SUSE bug 1235133 SUSE bug 1235155 SUSE bug 1235160 SUSE bug 1235217 SUSE bug 1235219 SUSE bug 1235220 SUSE bug 1235222 SUSE bug 1235223 SUSE bug 1235224 SUSE bug 1235227 SUSE bug 1235230 SUSE bug 1235241 SUSE bug 1235244 SUSE bug 1235249 SUSE bug 1235251 SUSE bug 1235252 SUSE bug 1235389 SUSE bug 1235390 SUSE bug 1235391 SUSE bug 1235406 SUSE bug 1235410 SUSE bug 1235412 SUSE bug 1235413 SUSE bug 1235415 SUSE bug 1235416 SUSE bug 1235417 SUSE bug 1235418 SUSE bug 1235423 SUSE bug 1235424 SUSE bug 1235425 SUSE bug 1235426 SUSE bug 1235427 SUSE bug 1235428 SUSE bug 1235429 SUSE bug 1235430 SUSE bug 1235433 SUSE bug 1235437 SUSE bug 1235439 SUSE bug 1235441 SUSE bug 1235444 SUSE bug 1235445 SUSE bug 1235449 SUSE bug 1235451 SUSE bug 1235454 SUSE bug 1235458 SUSE bug 1235459 SUSE bug 1235464 SUSE bug 1235466 SUSE bug 1235473 SUSE bug 1235479 SUSE bug 1235480 SUSE bug 1235483 SUSE bug 1235486 SUSE bug 1235487 SUSE bug 1235488 SUSE bug 1235489 SUSE bug 1235491 SUSE bug 1235494 SUSE bug 1235495 SUSE bug 1235496 SUSE bug 1235497 SUSE bug 1235498 SUSE bug 1235500 SUSE bug 1235502 SUSE bug 1235503 SUSE bug 1235519 SUSE bug 1235520 SUSE bug 1235521 SUSE bug 1235523 SUSE bug 1235526 SUSE bug 1235528 SUSE bug 1235532 SUSE bug 1235533 SUSE bug 1235534 SUSE bug 1235537 SUSE bug 1235538 SUSE bug 1235545 SUSE bug 1235552 SUSE bug 1235555 SUSE bug 1235557 SUSE bug 1235563 SUSE bug 1235564 SUSE bug 1235565 SUSE bug 1235568 SUSE bug 1235570 SUSE bug 1235571 SUSE bug 1235577 SUSE bug 1235578 SUSE bug 1235582 SUSE bug 1235583 SUSE bug 1235584 SUSE bug 1235587 SUSE bug 1235611 SUSE bug 1235612 SUSE bug 1235616 SUSE bug 1235622 SUSE bug 1235627 SUSE bug 1235632 SUSE bug 1235635 SUSE bug 1235638 SUSE bug 1235641 SUSE bug 1235643 SUSE bug 1235645 SUSE bug 1235646 SUSE bug 1235647 SUSE bug 1235650 SUSE bug 1235653 SUSE bug 1235656 SUSE bug 1235657 SUSE bug 1235663 SUSE bug 1235686 SUSE bug 1235700 SUSE bug 1235705 SUSE bug 1235707 SUSE bug 1235708 SUSE bug 1235710 SUSE bug 1235714 SUSE bug 1235716 SUSE bug 1235720 SUSE bug 1235723 SUSE bug 1235727 SUSE bug 1235730 SUSE bug 1235737 SUSE bug 1235739 SUSE bug 1235745 SUSE bug 1235747 SUSE bug 1235750 SUSE bug 1235753 SUSE bug 1235759 SUSE bug 1235764 SUSE bug 1235768 SUSE bug 1235776 SUSE bug 1235777 SUSE bug 1235778 SUSE bug 1235779 SUSE bug 1235793 SUSE bug 1235798 SUSE bug 1235806 SUSE bug 1235808 SUSE bug 1235812 SUSE bug 1235814 SUSE bug 1235818 SUSE bug 1235842 SUSE bug 1235865 SUSE bug 1235874 SUSE bug 1235894 SUSE bug 1235902 SUSE bug 1235903 SUSE bug 1235906 SUSE bug 1235914 SUSE bug 1235918 SUSE bug 1235919 SUSE bug 1235920 SUSE bug 1235924 SUSE bug 1235940 SUSE bug 1235941 SUSE bug 1235946 SUSE bug 1235948 SUSE bug 1235952 SUSE bug 1235964 SUSE bug 1235965 SUSE bug 1235967 SUSE bug 1235969 SUSE bug 1235976 SUSE bug 1235977 SUSE bug 1236078 SUSE bug 1236080 SUSE bug 1236082 SUSE bug 1236088 SUSE bug 1236090 SUSE bug 1236091 SUSE bug 1236096 SUSE bug 1236097 SUSE bug 1236098 SUSE bug 1236101 SUSE bug 1236102 SUSE bug 1236104 SUSE bug 1236106 SUSE bug 1236120 SUSE bug 1236125 SUSE bug 1236127 SUSE bug 1236131 SUSE bug 1236138 SUSE bug 1236143 SUSE bug 1236144 SUSE bug 1236145 SUSE bug 1236160 SUSE bug 1236161 SUSE bug 1236163 SUSE bug 1236168 SUSE bug 1236178 SUSE bug 1236180 SUSE bug 1236181 SUSE bug 1236182 SUSE bug 1236190 SUSE bug 1236192 SUSE bug 1236198 SUSE bug 1236227 SUSE bug 1236245 SUSE bug 1236247 SUSE bug 1236248 SUSE bug 1236260 SUSE bug 1236262 SUSE bug 1236628 SUSE bug 1236680 SUSE bug 1236683 SUSE bug 1236685 SUSE bug 1236688 SUSE bug 1236694 SUSE bug 1236696 SUSE bug 1236698 SUSE bug 1236703 SUSE bug 1236732 SUSE bug 1236733 SUSE bug 1236757 SUSE bug 1236758 SUSE bug 1236760 SUSE bug 1236761 CVE-2023-52489 at SUSE CVE-2023-52489 at NVD CVE-2023-52923 at SUSE CVE-2023-52923 at NVD CVE-2024-26810 at SUSE CVE-2024-26810 at NVD CVE-2024-36476 at SUSE CVE-2024-36476 at NVD CVE-2024-39282 at SUSE CVE-2024-39282 at NVD CVE-2024-43913 at SUSE CVE-2024-43913 at NVD CVE-2024-45828 at SUSE CVE-2024-45828 at NVD CVE-2024-46858 at SUSE CVE-2024-46858 at NVD CVE-2024-46896 at SUSE CVE-2024-46896 at NVD CVE-2024-47141 at SUSE CVE-2024-47141 at NVD CVE-2024-47143 at SUSE CVE-2024-47143 at NVD CVE-2024-47809 at SUSE CVE-2024-47809 at NVD CVE-2024-48873 at SUSE CVE-2024-48873 at NVD CVE-2024-48881 at SUSE CVE-2024-48881 at NVD CVE-2024-49569 at SUSE CVE-2024-49569 at NVD CVE-2024-49948 at SUSE CVE-2024-49948 at NVD CVE-2024-49951 at SUSE CVE-2024-49951 at NVD CVE-2024-49978 at SUSE CVE-2024-49978 at NVD CVE-2024-49998 at SUSE CVE-2024-49998 at NVD CVE-2024-50051 at SUSE CVE-2024-50051 at NVD CVE-2024-50106 at SUSE CVE-2024-50106 at NVD CVE-2024-50151 at SUSE CVE-2024-50151 at NVD CVE-2024-50199 at SUSE CVE-2024-50199 at NVD CVE-2024-50251 at SUSE CVE-2024-50251 at NVD CVE-2024-50258 at SUSE CVE-2024-50258 at NVD CVE-2024-50299 at SUSE CVE-2024-50299 at NVD CVE-2024-50304 at SUSE CVE-2024-50304 at NVD CVE-2024-52332 at SUSE CVE-2024-52332 at NVD CVE-2024-53091 at SUSE CVE-2024-53091 at NVD CVE-2024-53095 at SUSE CVE-2024-53095 at NVD CVE-2024-53164 at SUSE CVE-2024-53164 at NVD CVE-2024-53168 at SUSE CVE-2024-53168 at NVD CVE-2024-53170 at SUSE CVE-2024-53170 at NVD CVE-2024-53172 at SUSE CVE-2024-53172 at NVD CVE-2024-53175 at SUSE CVE-2024-53175 at NVD CVE-2024-53185 at SUSE CVE-2024-53185 at NVD CVE-2024-53187 at SUSE CVE-2024-53187 at NVD CVE-2024-53194 at SUSE CVE-2024-53194 at NVD CVE-2024-53195 at SUSE CVE-2024-53195 at NVD CVE-2024-53196 at SUSE CVE-2024-53196 at NVD CVE-2024-53197 at SUSE CVE-2024-53197 at NVD CVE-2024-53198 at SUSE CVE-2024-53198 at NVD CVE-2024-53203 at SUSE CVE-2024-53203 at NVD CVE-2024-53227 at SUSE CVE-2024-53227 at NVD CVE-2024-53230 at SUSE CVE-2024-53230 at NVD CVE-2024-53231 at SUSE CVE-2024-53231 at NVD CVE-2024-53232 at SUSE CVE-2024-53232 at NVD CVE-2024-53233 at SUSE CVE-2024-53233 at NVD CVE-2024-53236 at SUSE CVE-2024-53236 at NVD CVE-2024-53239 at SUSE CVE-2024-53239 at NVD CVE-2024-53685 at SUSE CVE-2024-53685 at NVD CVE-2024-53690 at SUSE CVE-2024-53690 at NVD CVE-2024-54680 at SUSE CVE-2024-54680 at NVD CVE-2024-55639 at SUSE CVE-2024-55639 at NVD CVE-2024-55881 at SUSE CVE-2024-55881 at NVD CVE-2024-55916 at SUSE CVE-2024-55916 at NVD CVE-2024-56369 at SUSE CVE-2024-56369 at NVD CVE-2024-56372 at SUSE CVE-2024-56372 at NVD CVE-2024-56531 at SUSE CVE-2024-56531 at NVD CVE-2024-56532 at SUSE CVE-2024-56532 at NVD CVE-2024-56533 at SUSE CVE-2024-56533 at NVD CVE-2024-56538 at SUSE CVE-2024-56538 at NVD CVE-2024-56543 at SUSE CVE-2024-56543 at NVD CVE-2024-56546 at SUSE CVE-2024-56546 at NVD CVE-2024-56548 at SUSE CVE-2024-56548 at NVD CVE-2024-56557 at SUSE CVE-2024-56557 at NVD CVE-2024-56558 at SUSE CVE-2024-56558 at NVD CVE-2024-56568 at SUSE CVE-2024-56568 at NVD CVE-2024-56569 at SUSE CVE-2024-56569 at NVD CVE-2024-56570 at SUSE CVE-2024-56570 at NVD CVE-2024-56571 at SUSE CVE-2024-56571 at NVD CVE-2024-56572 at SUSE CVE-2024-56572 at NVD CVE-2024-56573 at SUSE CVE-2024-56573 at NVD CVE-2024-56574 at SUSE CVE-2024-56574 at NVD CVE-2024-56575 at SUSE CVE-2024-56575 at NVD CVE-2024-56577 at SUSE CVE-2024-56577 at NVD CVE-2024-56578 at SUSE CVE-2024-56578 at NVD CVE-2024-56584 at SUSE CVE-2024-56584 at NVD CVE-2024-56587 at SUSE CVE-2024-56587 at NVD CVE-2024-56588 at SUSE CVE-2024-56588 at NVD CVE-2024-56589 at SUSE CVE-2024-56589 at NVD CVE-2024-56590 at SUSE CVE-2024-56590 at NVD CVE-2024-56592 at SUSE CVE-2024-56592 at NVD CVE-2024-56593 at SUSE CVE-2024-56593 at NVD CVE-2024-56594 at SUSE CVE-2024-56594 at NVD CVE-2024-56595 at SUSE CVE-2024-56595 at NVD CVE-2024-56596 at SUSE CVE-2024-56596 at NVD CVE-2024-56597 at SUSE CVE-2024-56597 at NVD CVE-2024-56598 at SUSE CVE-2024-56598 at NVD CVE-2024-56600 at SUSE CVE-2024-56600 at NVD CVE-2024-56601 at SUSE CVE-2024-56601 at NVD CVE-2024-56602 at SUSE CVE-2024-56602 at NVD CVE-2024-56603 at SUSE CVE-2024-56603 at NVD CVE-2024-56606 at SUSE CVE-2024-56606 at NVD CVE-2024-56607 at SUSE CVE-2024-56607 at NVD CVE-2024-56608 at SUSE CVE-2024-56608 at NVD CVE-2024-56609 at SUSE CVE-2024-56609 at NVD CVE-2024-56610 at SUSE CVE-2024-56610 at NVD CVE-2024-56611 at SUSE CVE-2024-56611 at NVD CVE-2024-56614 at SUSE CVE-2024-56614 at NVD CVE-2024-56615 at SUSE CVE-2024-56615 at NVD CVE-2024-56616 at SUSE CVE-2024-56616 at NVD CVE-2024-56617 at SUSE CVE-2024-56617 at NVD CVE-2024-56619 at SUSE CVE-2024-56619 at NVD CVE-2024-56620 at SUSE CVE-2024-56620 at NVD CVE-2024-56622 at SUSE CVE-2024-56622 at NVD CVE-2024-56623 at SUSE CVE-2024-56623 at NVD CVE-2024-56625 at SUSE CVE-2024-56625 at NVD CVE-2024-56629 at SUSE CVE-2024-56629 at NVD CVE-2024-56630 at SUSE CVE-2024-56630 at NVD CVE-2024-56631 at SUSE CVE-2024-56631 at NVD CVE-2024-56632 at SUSE CVE-2024-56632 at NVD CVE-2024-56634 at SUSE CVE-2024-56634 at NVD CVE-2024-56635 at SUSE CVE-2024-56635 at NVD CVE-2024-56636 at SUSE CVE-2024-56636 at NVD CVE-2024-56637 at SUSE CVE-2024-56637 at NVD CVE-2024-56641 at SUSE CVE-2024-56641 at NVD CVE-2024-56642 at SUSE CVE-2024-56642 at NVD CVE-2024-56643 at SUSE CVE-2024-56643 at NVD CVE-2024-56644 at SUSE CVE-2024-56644 at NVD CVE-2024-56648 at SUSE CVE-2024-56648 at NVD CVE-2024-56649 at SUSE CVE-2024-56649 at NVD CVE-2024-56650 at SUSE CVE-2024-56650 at NVD CVE-2024-56651 at SUSE CVE-2024-56651 at NVD CVE-2024-56654 at SUSE CVE-2024-56654 at NVD CVE-2024-56656 at SUSE CVE-2024-56656 at NVD CVE-2024-56658 at SUSE CVE-2024-56658 at NVD CVE-2024-56659 at SUSE CVE-2024-56659 at NVD CVE-2024-56660 at SUSE CVE-2024-56660 at NVD CVE-2024-56661 at SUSE CVE-2024-56661 at NVD CVE-2024-56662 at SUSE CVE-2024-56662 at NVD CVE-2024-56663 at SUSE CVE-2024-56663 at NVD CVE-2024-56664 at SUSE CVE-2024-56664 at NVD CVE-2024-56665 at SUSE CVE-2024-56665 at NVD CVE-2024-56670 at SUSE CVE-2024-56670 at NVD CVE-2024-56672 at SUSE CVE-2024-56672 at NVD CVE-2024-56675 at SUSE CVE-2024-56675 at NVD CVE-2024-56677 at SUSE CVE-2024-56677 at NVD CVE-2024-56678 at SUSE CVE-2024-56678 at NVD CVE-2024-56679 at SUSE CVE-2024-56679 at NVD CVE-2024-56681 at SUSE CVE-2024-56681 at NVD CVE-2024-56683 at SUSE CVE-2024-56683 at NVD CVE-2024-56687 at SUSE CVE-2024-56687 at NVD CVE-2024-56688 at SUSE CVE-2024-56688 at NVD CVE-2024-56690 at SUSE CVE-2024-56690 at NVD CVE-2024-56691 at SUSE CVE-2024-56691 at NVD CVE-2024-56693 at SUSE CVE-2024-56693 at NVD CVE-2024-56694 at SUSE CVE-2024-56694 at NVD CVE-2024-56698 at SUSE CVE-2024-56698 at NVD CVE-2024-56700 at SUSE CVE-2024-56700 at NVD CVE-2024-56701 at SUSE CVE-2024-56701 at NVD CVE-2024-56704 at SUSE CVE-2024-56704 at NVD CVE-2024-56705 at SUSE CVE-2024-56705 at NVD CVE-2024-56707 at SUSE CVE-2024-56707 at NVD CVE-2024-56708 at SUSE CVE-2024-56708 at NVD CVE-2024-56709 at SUSE CVE-2024-56709 at NVD CVE-2024-56712 at SUSE CVE-2024-56712 at NVD CVE-2024-56715 at SUSE CVE-2024-56715 at NVD CVE-2024-56716 at SUSE CVE-2024-56716 at NVD CVE-2024-56722 at SUSE CVE-2024-56722 at NVD CVE-2024-56723 at SUSE CVE-2024-56723 at NVD CVE-2024-56724 at SUSE CVE-2024-56724 at NVD CVE-2024-56725 at SUSE CVE-2024-56725 at NVD CVE-2024-56726 at SUSE CVE-2024-56726 at NVD CVE-2024-56727 at SUSE CVE-2024-56727 at NVD CVE-2024-56728 at SUSE CVE-2024-56728 at NVD CVE-2024-56729 at SUSE CVE-2024-56729 at NVD CVE-2024-56739 at SUSE CVE-2024-56739 at NVD CVE-2024-56741 at SUSE CVE-2024-56741 at NVD CVE-2024-56745 at SUSE CVE-2024-56745 at NVD CVE-2024-56746 at SUSE CVE-2024-56746 at NVD CVE-2024-56747 at SUSE CVE-2024-56747 at NVD CVE-2024-56748 at SUSE CVE-2024-56748 at NVD CVE-2024-56759 at SUSE CVE-2024-56759 at NVD CVE-2024-56760 at SUSE CVE-2024-56760 at NVD CVE-2024-56763 at SUSE CVE-2024-56763 at NVD CVE-2024-56765 at SUSE CVE-2024-56765 at NVD CVE-2024-56766 at SUSE CVE-2024-56766 at NVD CVE-2024-56767 at SUSE CVE-2024-56767 at NVD CVE-2024-56769 at SUSE CVE-2024-56769 at NVD CVE-2024-56774 at SUSE CVE-2024-56774 at NVD CVE-2024-56775 at SUSE CVE-2024-56775 at NVD CVE-2024-56776 at SUSE CVE-2024-56776 at NVD CVE-2024-56777 at SUSE CVE-2024-56777 at NVD CVE-2024-56778 at SUSE CVE-2024-56778 at NVD CVE-2024-56779 at SUSE CVE-2024-56779 at NVD CVE-2024-56780 at SUSE CVE-2024-56780 at NVD CVE-2024-56787 at SUSE CVE-2024-56787 at NVD CVE-2024-57791 at SUSE CVE-2024-57791 at NVD CVE-2024-57792 at SUSE CVE-2024-57792 at NVD CVE-2024-57793 at SUSE CVE-2024-57793 at NVD CVE-2024-57795 at SUSE CVE-2024-57795 at NVD CVE-2024-57798 at SUSE CVE-2024-57798 at NVD CVE-2024-57801 at SUSE CVE-2024-57801 at NVD CVE-2024-57802 at SUSE CVE-2024-57802 at NVD CVE-2024-57804 at SUSE CVE-2024-57804 at NVD CVE-2024-57809 at SUSE CVE-2024-57809 at NVD CVE-2024-57838 at SUSE CVE-2024-57838 at NVD CVE-2024-57849 at SUSE CVE-2024-57849 at NVD CVE-2024-57850 at SUSE CVE-2024-57850 at NVD CVE-2024-57857 at SUSE CVE-2024-57857 at NVD CVE-2024-57874 at SUSE CVE-2024-57874 at NVD CVE-2024-57876 at SUSE CVE-2024-57876 at NVD CVE-2024-57882 at SUSE CVE-2024-57882 at NVD CVE-2024-57884 at SUSE CVE-2024-57884 at NVD CVE-2024-57887 at SUSE CVE-2024-57887 at NVD CVE-2024-57888 at SUSE CVE-2024-57888 at NVD CVE-2024-57890 at SUSE CVE-2024-57890 at NVD CVE-2024-57892 at SUSE CVE-2024-57892 at NVD CVE-2024-57893 at SUSE CVE-2024-57893 at NVD CVE-2024-57896 at SUSE CVE-2024-57896 at NVD CVE-2024-57897 at SUSE CVE-2024-57897 at NVD CVE-2024-57899 at SUSE CVE-2024-57899 at NVD CVE-2024-57903 at SUSE CVE-2024-57903 at NVD CVE-2024-57904 at SUSE CVE-2024-57904 at NVD CVE-2024-57906 at SUSE CVE-2024-57906 at NVD CVE-2024-57907 at SUSE CVE-2024-57907 at NVD CVE-2024-57908 at SUSE CVE-2024-57908 at NVD CVE-2024-57910 at SUSE CVE-2024-57910 at NVD CVE-2024-57911 at SUSE CVE-2024-57911 at NVD CVE-2024-57912 at SUSE CVE-2024-57912 at NVD CVE-2024-57913 at SUSE CVE-2024-57913 at NVD CVE-2024-57915 at SUSE CVE-2024-57915 at NVD CVE-2024-57916 at SUSE CVE-2024-57916 at NVD CVE-2024-57917 at SUSE CVE-2024-57917 at NVD CVE-2024-57922 at SUSE CVE-2024-57922 at NVD CVE-2024-57926 at SUSE CVE-2024-57926 at NVD CVE-2024-57929 at SUSE CVE-2024-57929 at NVD CVE-2024-57931 at SUSE CVE-2024-57931 at NVD CVE-2024-57932 at SUSE CVE-2024-57932 at NVD CVE-2024-57933 at SUSE CVE-2024-57933 at NVD CVE-2024-57935 at SUSE CVE-2024-57935 at NVD CVE-2024-57936 at SUSE CVE-2024-57936 at NVD CVE-2024-57938 at SUSE CVE-2024-57938 at NVD CVE-2024-57940 at SUSE CVE-2024-57940 at NVD CVE-2024-57946 at SUSE CVE-2024-57946 at NVD CVE-2025-21632 at SUSE CVE-2025-21632 at NVD CVE-2025-21645 at SUSE CVE-2025-21645 at NVD CVE-2025-21646 at SUSE CVE-2025-21646 at NVD CVE-2025-21649 at SUSE CVE-2025-21649 at NVD CVE-2025-21650 at SUSE CVE-2025-21650 at NVD CVE-2025-21651 at SUSE CVE-2025-21651 at NVD CVE-2025-21652 at SUSE CVE-2025-21652 at NVD CVE-2025-21653 at SUSE CVE-2025-21653 at NVD CVE-2025-21655 at SUSE CVE-2025-21655 at NVD CVE-2025-21656 at SUSE CVE-2025-21656 at NVD CVE-2025-21662 at SUSE CVE-2025-21662 at NVD CVE-2025-21663 at SUSE CVE-2025-21663 at NVD CVE-2025-21664 at SUSE CVE-2025-21664 at NVD CVE-2025-21666 at SUSE CVE-2025-21666 at NVD CVE-2025-21669 at SUSE CVE-2025-21669 at NVD CVE-2025-21670 at SUSE CVE-2025-21670 at NVD CVE-2025-21674 at SUSE CVE-2025-21674 at NVD CVE-2025-21675 at SUSE CVE-2025-21675 at NVD CVE-2025-21676 at SUSE CVE-2025-21676 at NVD CVE-2025-21678 at SUSE CVE-2025-21678 at NVD CVE-2025-21682 at SUSE CVE-2025-21682 at NVD cpe:/o:opensuse:leap:15.6 Security update for liboqs, oqs-provider (Important) openSUSE Leap 15.6 This update for liboqs, oqs-provider fixes the following issues: This update supplies the new FIPS standardized ML-KEM, ML-DSA, SHL-DSA algorithms. This update liboqs to 0.12.0: - This release updates the ML-DSA implementation to the [final FIPS 204](https://csrc.nist.gov/pubs/fips/204/final) version. This release still includes the NIST Round 3 version of Dilithium for interoperability purposes, but we plan to remove Dilithium Round 3 in a future release. - This will be the last release of liboqs to include Kyber (that is, the NIST Round 3 version of Kyber, prior to its standardization by NIST as ML-KEM in FIPS 203). Applications should switch to ML-KEM (FIPS 203). - The addition of ML-DSA FIPS 204 final version to liboqs has introduced a new signature API which includes a context string parameter. We are planning to remove the old version of the API without a context string in the next release to streamline the API and bring it in line with NIST specifications. Users who have an opinion on this removal are invited to provide input at https://github.com/open-quantum-safe/liboqs/issues/2001. Security issues: - CVE-2024-54137: Fixed bug in HQC decapsulation that leads to incorrect shared secret value during decapsulation when called with an invalid ciphertext. (bsc#1234292) - new library major version 7 Updated to 0.11.0: * This release updates ML-KEM implementations to their final FIPS 203 https://csrc.nist.gov/pubs/fips/203/final versions . * This release still includes the NIST Round 3 version of Kyber for interoperability purposes, but we plan to remove Kyber Round 3 in a future release. * Additionally, this release adds support for MAYO and CROSS digital signature schemes from [NIST Additional Signatures Round 1 https://csrc.nist.gov/Projects/pqc-dig-sig/round-1-additional-signatures along with stateful hash-based signature schemes XMSS https://datatracker.ietf.org/doc/html/rfc8391 and LMS https://datatracker.ietf.org/doc/html/rfc8554. * Finally, this release provides formally verified implementations of Kyber-512 and Kyber-768 from libjade https://github.com/formosa-crypto/libjade/releases/tag/release%2F2023.05-2 * LMS and XMSS are disabled by default due to the security risks associated with their use in software. See the note on stateful hash-based signatures in CONFIGURE.md * Key encapsulation mechanisms: - Kyber: Added formally-verified portable C and AVX2 implementations of Kyber-512 and Kyber-768 from libjade. - ML-KEM: Updated portable C and AVX2 implementations of ML-KEM-512, ML-KEM-768, and ML-KEM-1024 to FIP 203 version. - Kyber: Patched ARM64 implementations of Kyber-512, Kyber-768, and Kyber-1024 to work with AddressSanitizer. * Digital signature schemes: - LMS/XMSS: Added implementations of stateful hash-based signature schemes: XMSS and LMS - MAYO: Added portable C and AVX2 implementations of MAYO signature scheme from NIST Additional Signatures Round 1. - CROSS: Added portable C and AVX2 implementations of CROSS signature scheme from NIST Additional Signatures Round 1. * Other changes: - Added callback API to use custom implementations of AES, SHA2, and SHA3. - Refactor SHA3 implementation to use OpenSSL's EVP_DigestSqueeze() API. - new library major version 6 Updated to 0.10.1: - This release is a security release which fixes potential non-constant-time behaviour in ML-KEM and Kyber. (bsc#1226162 CVE-2024-36405) It also includes a fix for incorrectly named macros in the ML-DSA implementation. updated to 0.10.0: Key encapsulation mechanisms: - BIKE: Updated portable C implementation to include constant-time fixes from upstream. - HQC: Updated to NIST Round 4 version. - ML-KEM: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-KEM-512, ML-KEM-768, and ML-KEM-1024. Digital signature schemes: - Falcon: Updated portable C, AVX2, and AArch64 implementations to support fixed-length (PADDED-format) signatures. Fixed the maximum length of variable-length signatures to comply with the NIST Round 3 specification. - ML-DSA: Added portable C and AVX2 implementations of Initial Public Draft (IPD) versions of ML-DSA-44, ML-DSA-65, and ML-DSA-87. Other changes: - Improved thread safety. - Removed support for the 'NIST-KAT' DRBG. - Added extended KAT test programs. - library major version changed from 4 to 5 This update also updates oqs-provider to 0.7.0: - Adds support for MAYO from Round 1 of NIST’s Post-Quantum Signature On-Ramp process. - Adds support for CROSS from Round 1 of NIST’s Post-Quantum Signature On-Ramp process. - Updates ML-KEM's code points in line with internet draft draft-kwiatkowski-tls-ecdhe-mlkem-02. - Reverses keyshares for X25519MLKEM768 and X448-ML-KEM-768 TLS hybrids in line with draft-kwiatkowski-tls-ecdhe-mlkem-02. Updated to 0.6.1: - CVE-2024-37305: Fixed buffer overflow in deserialization of hybrid keys and signatures (bsc#1226468) Updated to 0.6.0: - First availability of standardized PQ algorithms, e.g., ML-KEM, ML-DSA - Support for Composite PQ operations - Alignment with PQ algorithm implementations as provided by liboqs 0.10.0, most notably updating HQC and Falcon. - Implementation of security code review recommendations - Support for more hybrid operations as fully documented here. - Support for extraction of classical and hybrid key material Updated to 0.5.3: - only tracking parallel liboqs security update Updated to 0.5.2: - Algorithm updates as documented in the liboqs 0.9.0 release notes - Standard coding style - Enhanced memory leak protection - Added community cooperation documentation - (optional) KEM algorithm en-/decoder feature Updated to 0.5.1: - Documentation update - document specs - General documentation overhaul - change TLS demo to use QSC alg - Build a module instead of a shared library. - explain groups in USAGE Important SUSE bug 1226162 SUSE bug 1226468 SUSE bug 1234292 CVE-2024-36405 at SUSE CVE-2024-36405 at NVD CVE-2024-37305 at SUSE CVE-2024-37305 at NVD CVE-2024-54137 at SUSE CVE-2024-54137 at NVD cpe:/o:opensuse:leap:15.6 Security update for python (Moderate) openSUSE Leap 15.6 This update for python fixes the following issues: - CVE-2025-0938: functions `urllib.parse.urlsplit` and `urlparse` accept domain names including square brackets (bsc#1236705). Moderate SUSE bug 1236705 CVE-2025-0938 at SUSE CVE-2025-0938 at NVD cpe:/o:opensuse:leap:15.6 Security update for python312 (Important) openSUSE Leap 15.6 This update for python312 fixes the following issues: - CVE-2025-0938: Functions `urllib.parse.urlsplit` and `urlparse` accept domain names including square brackets (bsc#1236705). - CVE-2024-12254: Unbounded memory buffering in SelectorSocketTransport.writelines() (bsc#1234290). Other bugfixes: - Position of SUSE Python interpreters on Externally managed environments (bsc#1228165). Important SUSE bug 1228165 SUSE bug 1234290 SUSE bug 1236705 CVE-2024-12254 at SUSE CVE-2024-12254 at NVD CVE-2025-0938 at SUSE CVE-2025-0938 at NVD cpe:/o:opensuse:leap:15.6 Security update for SUSE Manager Client Tools (Moderate) openSUSE Leap 15.6 This update fixes the following issues: dracut-saltboot was updated to version 0.1.1728559936.c16d4fb: - Added MAC based terminal naming option (jsc#SUMA-314) golang-github-prometheus-prometheus was updated from version 2.45.6 to 2.53.3 (jsc#PED-11649): - Security issues fixed: * CVE-2024-51744: Updated golang-jwt to version 5.0 to fix bad error handling (bsc#1232970) - Highlights of other changes: * Performance: + Significant enhancements to PromQL execution speed, TSDB operations (especially querying and compaction) and remote write operations. + Default GOGC value lowered to 75 for better memory management. + Option to limit memory usage from dropped targets added. * New Features: + Experimental OpenTelemetry ingestion. + Automatic memory limit handling. + Native histogram support, including new functions, UI enhancements, and improved scraping. + Improved alerting features, such as relabeling rules for AlertmanagerConfig and a new query_offset option. + Expanded service discovery options with added metadata and support for new services. + New promtool commands for PromQL formatting, label manipulation, metric pushing, and OpenMetrics dumping. * Bug Fixes: + Numerous fixes across scraping, API, TSDB, PromQL, and service discovery. * For a detailed list of changes consult the package changelog or https://github.com/prometheus/prometheus/compare/v2.45.6...v2.53.3 grafana was updated from version 9.5.18 to 10.4.13 (jsc#PED-11591,jsc#PED-11649): - Security issues fixed: * CVE-2024-45337: Prevent possible misuse of ServerConfig.PublicKeyCallback by upgrading golang.org/x/crypto (bsc#1234554) * CVE-2023-3128: Fixed authentication bypass using Azure AD OAuth (bsc#1212641) * CVE-2023-6152: Add email verification when updating user email (bsc#1219912) * CVE-2024-6837: Fixed potential data source permission escalation (bsc#1236301) * CVE-2024-8118: Fixed permission on external alerting rule write endpoint (bsc#1231024) - Potential breaking changes in version 10: * In panels using the `extract fields` transformation, where one of the extracted names collides with one of the already existing ields, the extracted field will be renamed. * For the existing backend mode users who have table visualization might see some inconsistencies on their panels. We have updated the table column naming. This will potentially affect field transformations and/or field overrides. To resolve this either: update transformation or field override. * For the existing backend mode users who have Transformations with the `time` field, might see their transformations are not working. Those panels that have broken transformations will fail to render. This is because we changed the field key. To resolve this either: Remove the affected panel and re-create it; Select the `Time` field again; Edit the `time` field as `Time` for transformation in `panel.json` or `dashboard.json` * The following data source permission endpoints have been removed: `GET /datasources/:datasourceId/permissions` `POST /api/datasources/:datasourceId/permissions` `DELETE /datasources/:datasourceId/permissions` `POST /datasources/:datasourceId/enable-permissions` `POST /datasources/:datasourceId/disable-permissions` + Please use the following endpoints instead: `GET /api/access-control/datasources/:uid` for listing data source permissions `POST /api/access-control/datasources/:uid/users/:id`, `POST /api/access-control/datasources/:uid/teams/:id` and `POST /api/access-control/datasources/:uid/buildInRoles/:id` for adding or removing data source permissions * If you are using Terraform Grafana provider to manage data source permissions, you will need to upgrade your provider. * For the existing backend mode users who have table visualization might see some inconsistencies on their panels. We have updated the table column naming. This will potentially affect field transformations and/or field overrides. * The deprecated `/playlists/{uid}/dashboards` API endpoint has been removed. Dashboard information can be retrieved from the `/dashboard/...` APIs. * The `PUT /api/folders/:uid` endpoint no more supports modifying the folder's `UID` * Removed all components for the old panel header design. * Please review https://grafana.com/docs/grafana/next/breaking-changes/breaking-changes-v10-3/ for more details * OAuth role mapping enforcement: This change impacts GitHub, Gitlab, Okta, and Generic OAuth. To avoid overriding manually set roles, enable the skip_org_role_sync option in the Grafana configuration for your OAuth provider before upgrading * Angular has been deprecated * Grafana legacy alerting has been deprecated * API keys are migrating to service accounts * The experimental “dashboard previews” feature is removed * Usernames are now case-insensitive by default * Grafana OAuth integrations do not work anymore with email lookups * The “Alias” field in the CloudWatch data source is removed * Athena data source plugin must be updated to version >=2.9.3 * Redshift data source plugin must be updated to version >=1.8.3 * DoiT International BigQuery plugin no longer supported * Please review https://grafana.com/docs/grafana/next/breaking-changes/breaking-changes-v10-0 for more details - This update brings many new features, enhancements and fixes highlighted at: * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-4/ * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-3/ * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-2/ * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-1/ * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-0/: spacecmd was updated to version 5.0.11-0: - Updated translation strings supportutils-plugin-salt was updated to version 1.2.3: - Adjusted requirements for plugin to allow compatibility with supportutils 3.2.9 release (bsc#1235145) - Provide backwards-compatible scripts version supportutils-plugin-susemanager-client was updated to version 5.0.4-0: - Adjusted requirements for plugin to allow compatibility with supportutils 3.2.9 release (bsc#1235145) uyuni-tools was updated from version 0.1.23-0 to 0.1.27-0: - Security issues fixed: * CVE-2024-22037: Use podman secret to store the database credentials (bsc#1231497) - Other changes and bugs fixed: * Version 0.1.27-0 + Bump the default image tag to 5.0.3 + IsInstalled function fix + Run systemctl daemon-reload after changing the container image config (bsc#1233279) + Coco-replicas-upgrade + Persist search server indexes (bsc#1231759) + Sync deletes files during migration (bsc#1233660) + Ignore coco and hub images when applying PTF if they are not ailable (bsc#1229079) + Add --registry back to mgrpxy (bsc#1233202) + Only add java.hostname on migrated server if not present + Consider the configuration file to detect the coco or hub api images should be pulled (bsc#1229104) + Only raise an error if cloudguestregistryauth fails for PAYG (bsc#1233630) + Add registry.suse.com login to mgradm upgrade podman list (bsc#1234123) * Version 0.1.26-0 + Ignore all zypper caches during migration (bsc#1232769) + Use the uyuni network for all podman containers (bsc#1232817) * Version 0.1.25-0 + Don't migrate enabled systemd services, recreate them (bsc#1232575) * Version 0.1.24-0 + Redact JSESSIONID and pxt-session-cookie values from logs and console output (bsc#1231568) Moderate SUSE bug 1212641 SUSE bug 1219912 SUSE bug 1229079 SUSE bug 1229104 SUSE bug 1231024 SUSE bug 1231497 SUSE bug 1231568 SUSE bug 1231759 SUSE bug 1232575 SUSE bug 1232769 SUSE bug 1232817 SUSE bug 1232970 SUSE bug 1233202 SUSE bug 1233279 SUSE bug 1233630 SUSE bug 1233660 SUSE bug 1234123 SUSE bug 1234554 SUSE bug 1235145 SUSE bug 1236301 CVE-2023-3128 at SUSE CVE-2023-3128 at NVD CVE-2023-6152 at SUSE CVE-2023-6152 at NVD CVE-2024-22037 at SUSE CVE-2024-22037 at NVD CVE-2024-45337 at SUSE CVE-2024-45337 at NVD CVE-2024-51744 at SUSE CVE-2024-51744 at NVD CVE-2024-6837 at SUSE CVE-2024-6837 at NVD CVE-2024-8118 at SUSE CVE-2024-8118 at NVD cpe:/o:opensuse:leap:15.6 Security update for grafana (Moderate) openSUSE Leap 15.6 This update for grafana fixes the following issues: grafana was updated from version 9.5.18 to 10.4.13 (jsc#PED-11591,jsc#PED-11649): - Security issues fixed: * CVE-2024-45337: Prevent possible misuse of ServerConfig.PublicKeyCallback by upgrading golang.org/x/crypto (bsc#1234554) * CVE-2023-3128: Fixed authentication bypass using Azure AD OAuth (bsc#1212641) * CVE-2023-6152: Add email verification when updating user email (bsc#1219912) * CVE-2024-6837: Fixed potential data source permission escalation (bsc#1236301) * CVE-2024-8118: Fixed permission on external alerting rule write endpoint (bsc#1231024) - Potential breaking changes in version 10: * In panels using the `extract fields` transformation, where one of the extracted names collides with one of the already existing ields, the extracted field will be renamed. * For the existing backend mode users who have table visualization might see some inconsistencies on their panels. We have updated the table column naming. This will potentially affect field transformations and/or field overrides. To resolve this either: update transformation or field override. * For the existing backend mode users who have Transformations with the `time` field, might see their transformations are not working. Those panels that have broken transformations will fail to render. This is because we changed the field key. To resolve this either: Remove the affected panel and re-create it; Select the `Time` field again; Edit the `time` field as `Time` for transformation in `panel.json` or `dashboard.json` * The following data source permission endpoints have been removed: `GET /datasources/:datasourceId/permissions` `POST /api/datasources/:datasourceId/permissions` `DELETE /datasources/:datasourceId/permissions` `POST /datasources/:datasourceId/enable-permissions` `POST /datasources/:datasourceId/disable-permissions` + Please use the following endpoints instead: `GET /api/access-control/datasources/:uid` for listing data source permissions `POST /api/access-control/datasources/:uid/users/:id`, `POST /api/access-control/datasources/:uid/teams/:id` and `POST /api/access-control/datasources/:uid/buildInRoles/:id` for adding or removing data source permissions * If you are using Terraform Grafana provider to manage data source permissions, you will need to upgrade your provider. * For the existing backend mode users who have table visualization might see some inconsistencies on their panels. We have updated the table column naming. This will potentially affect field transformations and/or field overrides. * The deprecated `/playlists/{uid}/dashboards` API endpoint has been removed. Dashboard information can be retrieved from the `/dashboard/...` APIs. * The `PUT /api/folders/:uid` endpoint no more supports modifying the folder's `UID` * Removed all components for the old panel header design. * Please review https://grafana.com/docs/grafana/next/breaking-changes/breaking-changes-v10-3/ for more details * OAuth role mapping enforcement: This change impacts GitHub, Gitlab, Okta, and Generic OAuth. To avoid overriding manually set roles, enable the skip_org_role_sync option in the Grafana configuration for your OAuth provider before upgrading * Angular has been deprecated * Grafana legacy alerting has been deprecated * API keys are migrating to service accounts * The experimental &#8220;dashboard previews&#8221; feature is removed * Usernames are now case-insensitive by default * Grafana OAuth integrations do not work anymore with email lookups * The &#8220;Alias&#8221; field in the CloudWatch data source is removed * Athena data source plugin must be updated to version &gt;=2.9.3 * Redshift data source plugin must be updated to version &gt;=1.8.3 * DoiT International BigQuery plugin no longer supported * Please review https://grafana.com/docs/grafana/next/breaking-changes/breaking-changes-v10-0 for more details - This update brings many new features, enhancements and fixes highlighted at: * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-4/ * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-3/ * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-2/ * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-1/ * https://grafana.com/docs/grafana/next/whatsnew/whats-new-in-v10-0/ Moderate SUSE bug 1212641 SUSE bug 1219912 SUSE bug 1231024 SUSE bug 1234554 SUSE bug 1236301 CVE-2023-3128 at SUSE CVE-2023-3128 at NVD CVE-2023-6152 at SUSE CVE-2023-6152 at NVD CVE-2024-45337 at SUSE CVE-2024-45337 at NVD CVE-2024-6837 at SUSE CVE-2024-6837 at NVD CVE-2024-8118 at SUSE CVE-2024-8118 at NVD cpe:/o:opensuse:leap:15.6 Security update golang-github-prometheus-prometheus (Moderate) openSUSE Leap 15.6 golang-github-prometheus-prometheus was updated from version 2.45.6 to 2.53.3 (jsc#PED-11649): - Security issues fixed: * CVE-2024-51744: Updated golang-jwt to version 5.0 to fix bad error handling (bsc#1232970) - Highlights of other changes: * Performance: + Significant enhancements to PromQL execution speed, TSDB operations (especially querying and compaction) and remote write operations. + Default GOGC value lowered to 75 for better memory management. + Option to limit memory usage from dropped targets added. * New Features: + Experimental OpenTelemetry ingestion. + Automatic memory limit handling. + Native histogram support, including new functions, UI enhancements, and improved scraping. + Improved alerting features, such as relabeling rules for AlertmanagerConfig and a new query_offset option. + Expanded service discovery options with added metadata and support for new services. + New promtool commands for PromQL formatting, label manipulation, metric pushing, and OpenMetrics dumping. * Bug Fixes: + Numerous fixes across scraping, API, TSDB, PromQL, and service discovery. * For a detailed list of changes consult the package changelog or https://github.com/prometheus/prometheus/compare/v2.45.6...v2.53.3 Moderate SUSE bug 1232970 CVE-2024-51744 at SUSE CVE-2024-51744 at NVD cpe:/o:opensuse:leap:15.6 Security update for libtasn1 (Important) openSUSE Leap 15.6 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) Important SUSE bug 1236878 CVE-2024-12133 at SUSE CVE-2024-12133 at NVD cpe:/o:opensuse:leap:15.6 Security update for gstreamer-plugins-good (Important) openSUSE Leap 15.6 This update for gstreamer-plugins-good fixes the following issues: - CVE-2024-47606: Fixed an integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes. (boo#1234449) - CVE-2024-47537: Fixed an out-of-bounds write in isomp4/qtdemux.c. (boo#1234414) - CVE-2024-47539: Fixed an out-of-bounds write in convert_to_s334_1a. (boo#1234417) - CVE-2024-47530: Fixed an uninitialized stack memory in Matroska/WebM demuxer. (boo#1234421) - CVE-2024-47596: Fixed an integer underflow in MP4/MOV demuxer that can lead to out-of-bounds reads. (boo#1234424) - CVE-2024-47597: Fixed an out-of-bounds reads in MP4/MOV demuxer sample table parser (boo#1234425) - CVE-2024-47598: Fixed MP4/MOV sample table parser out-of-bounds read. (boo#1234426) - CVE-2024-47599: Fixed insufficient error handling in JPEG decoder that can lead to NULL-pointer dereferences. (boo#1234427) - CVE-2024-47601: Fixed a NULL-pointer dereference in Matroska/WebM demuxer. (boo#1234428) - CVE-2024-47602: Fixed a NULL-pointer dereferences and out-of-bounds reads in Matroska/WebM demuxer. (boo#1234432) - CVE-2024-47603: Fixed a NULL-pointer dereference in Matroska/WebM demuxer. (boo#1234433) - CVE-2024-47775: Fixed various out-of-bounds reads in WAV parser. (boo#1234434) - CVE-2024-47776: Fixed various out-of-bounds reads in WAV parser. (boo#1234435) - CVE-2024-47777: Fixed various out-of-bounds reads in WAV parser. (boo#1234436) - CVE-2024-47778: Fixed various out-of-bounds reads in WAV parser. (boo#1234439) - CVE-2024-47834: Fixed a use-after-free in the Matroska demuxer that can cause crashes for certain input files. (boo#1234440) - CVE-2024-47774: Fixed an integer overflow in AVI subtitle parser that leads to out-of-bounds reads. (boo#1234446) - CVE-2024-47613: Fixed a NULL-pointer dereference in gdk-pixbuf decoder. (boo#1234447) - CVE-2024-47543: Fixed an out-of-bounds write in qtdemux_parse_container. (boo#1234462) - CVE-2024-47544: Fixed a NULL-pointer dereferences in MP4/MOV demuxer CENC handling. (boo#1234473) - CVE-2024-47545: Fixed an integer underflow in FOURCC_strf parsing leading to out-of-bounds read. (boo#1234476) - CVE-2024-47546: Fixed an integer underflow in extract_cc_from_data leading to out-of-bounds read. (boo#1234477) Important SUSE bug 1234414 SUSE bug 1234417 SUSE bug 1234421 SUSE bug 1234424 SUSE bug 1234425 SUSE bug 1234426 SUSE bug 1234427 SUSE bug 1234428 SUSE bug 1234432 SUSE bug 1234433 SUSE bug 1234434 SUSE bug 1234435 SUSE bug 1234436 SUSE bug 1234439 SUSE bug 1234440 SUSE bug 1234446 SUSE bug 1234447 SUSE bug 1234449 SUSE bug 1234462 SUSE bug 1234473 SUSE bug 1234476 SUSE bug 1234477 CVE-2024-47537 at SUSE CVE-2024-47537 at NVD CVE-2024-47539 at SUSE CVE-2024-47539 at NVD CVE-2024-47540 at SUSE CVE-2024-47540 at NVD CVE-2024-47543 at SUSE CVE-2024-47543 at NVD CVE-2024-47544 at SUSE CVE-2024-47544 at NVD CVE-2024-47545 at SUSE CVE-2024-47545 at NVD CVE-2024-47546 at SUSE CVE-2024-47546 at NVD CVE-2024-47596 at SUSE CVE-2024-47596 at NVD CVE-2024-47597 at SUSE CVE-2024-47597 at NVD CVE-2024-47598 at SUSE CVE-2024-47598 at NVD CVE-2024-47599 at SUSE CVE-2024-47599 at NVD CVE-2024-47601 at SUSE CVE-2024-47601 at NVD CVE-2024-47602 at SUSE CVE-2024-47602 at NVD CVE-2024-47603 at SUSE CVE-2024-47603 at NVD CVE-2024-47606 at SUSE CVE-2024-47606 at NVD CVE-2024-47613 at SUSE CVE-2024-47613 at NVD CVE-2024-47774 at SUSE CVE-2024-47774 at NVD CVE-2024-47775 at SUSE CVE-2024-47775 at NVD CVE-2024-47776 at SUSE CVE-2024-47776 at NVD CVE-2024-47777 at SUSE CVE-2024-47777 at NVD CVE-2024-47778 at SUSE CVE-2024-47778 at NVD CVE-2024-47834 at SUSE CVE-2024-47834 at NVD cpe:/o:opensuse:leap:15.6 Security update for python311 (Moderate) openSUSE Leap 15.6 This update for python311 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) Other fixes: - Update to version 3.11.11. - Remove -IVendor/ from python-config. (bsc#1231795) Moderate SUSE bug 1228165 SUSE bug 1231795 SUSE bug 1236705 CVE-2025-0938 at SUSE CVE-2025-0938 at NVD cpe:/o:opensuse:leap:15.6 Security update for python3 (Moderate) openSUSE Leap 15.6 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705) Moderate SUSE bug 1236705 CVE-2025-0938 at SUSE CVE-2025-0938 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-45828: i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request (bsc#1235705). - CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088). - CVE-2024-48881: bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again (bsc#1235727). - CVE-2024-49948: net: add more sanity checks to qdisc_pkt_len_init() (bsc#1232161). - CVE-2024-49951: Bluetooth: MGMT: Fix possible crash on mgmt_index_removed (bsc#1232158). - CVE-2024-49978: gso: fix udp gso fraglist segmentation after pull from frag_list (bsc#1232101). - CVE-2024-49998: net: dsa: improve shutdown sequence (bsc#1232087). - CVE-2024-50151: smb: client: fix OOBs when building SMB2_IOCTL request (bsc#1233055). - CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112). - CVE-2024-50251: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (bsc#1233248). - CVE-2024-50258: net: fix crash when config small gso_max_size/gso_ipv4_max_size (bsc#1233221). - CVE-2024-50299: sctp: properly validate chunk size in sctp_sf_ootb() (bsc#1233488). - CVE-2024-50304: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (bsc#1233522). - CVE-2024-53091: bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx (bsc#1233638). - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863). - CVE-2024-53170: block: fix uaf for flush rq while iterating tags (bsc#1234888). - CVE-2024-53172: ubi: fastmap: Fix duplicate slab cache names while attaching (bsc#1234898). - CVE-2024-53175: ipc: fix memleak if msg_init_ns failed in create_ipc_ns (bsc#1234893). - CVE-2024-53185: smb: client: fix NULL ptr deref in crypto_aead_setkey() (bsc#1234901). - CVE-2024-53187: io_uring: check for overflows in io_pin_pages (bsc#1234947). - CVE-2024-53195: KVM: arm64: Get rid of userspace_irqchip_in_use (bsc#1234957). - CVE-2024-53196: KVM: arm64: Do not retire aborted MMIO instruction (bsc#1234906). - CVE-2024-53198: xen: Fix the issue of resource not being properly released in xenbus_dev_probe() (bsc#1234923). - CVE-2024-53203: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() (bsc#1235001). - CVE-2024-53227: scsi: bfa: Fix use-after-free in bfad_im_module_exit() (bsc#1235011). - CVE-2024-53232: iommu/s390: Implement blocking domain (bsc#1235050). - CVE-2024-53236: xsk: Free skb when TX metadata options are invalid (bsc#1235000). - CVE-2024-53685: ceph: give up on paths longer than PATH_MAX (bsc#1235720). - CVE-2024-55639: net: renesas: rswitch: avoid use-after-put for a device tree node (bsc#1235737). - CVE-2024-55881: KVM: x86: Play nice with protected guests in complete_hypercall_exit() (bsc#1235745). - CVE-2024-56372: net: tun: fix tun_napi_alloc_frags() (bsc#1235753). - CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032). - CVE-2024-56569: ftrace: Fix regression with module command in stack_trace_filter (bsc#1235031). - CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035). - CVE-2024-56588: scsi: hisi_sas: Create all dump files during debugfs initialization (bsc#1235123). - CVE-2024-56589: scsi: hisi_sas: Add cond_resched() for no forced preemption model (bsc#1235241). - CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244). - CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217). - CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230). - CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521). - CVE-2024-56603: net: af_can: do not leave a dangling sk pointer in can_create() (bsc#1235415). - CVE-2024-56608: drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' (bsc#1235487). - CVE-2024-56610: kcsan: Turn report_filterlist_lock into a raw_spinlock (bsc#1235390). - CVE-2024-56611: mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM (bsc#1235391). - CVE-2024-56614: xsk: fix OOB map writes when deleting elements (bsc#1235424). - CVE-2024-56615: bpf: fix OOB devmap writes when deleting elements (bsc#1235426). - CVE-2024-56617: cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU (bsc#1235429). - CVE-2024-56620: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled (bsc#1235227). - CVE-2024-56622: scsi: ufs: core: sysfs: Prevent div by zero (bsc#1235251). - CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480). - CVE-2024-56635: net: avoid potential UAF in default_operstate() (bsc#1235519). - CVE-2024-56636: geneve: do not assume mac header is set in geneve_xmit_skb() (bsc#1235520). - CVE-2024-56637: netfilter: ipset: Hold module reference while requesting a module (bsc#1235523). - CVE-2024-56641: net/smc: initialize close_work early to avoid warning (bsc#1235526). - CVE-2024-56643: dccp: Fix memory leak in dccp_feat_change_recv (bsc#1235132). - CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451). - CVE-2024-56649: net: enetc: Do not configure preemptible TCs if SIs do not support (bsc#1235449). - CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430). - CVE-2024-56656: bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips (bsc#1235444). - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). - CVE-2024-56659: net: lapb: increase LAPB_HEADER_LEN (bsc#1235439). - CVE-2024-56660: net/mlx5: DR, prevent potential error pointer dereference (bsc#1235437). - CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249). - CVE-2024-56665: bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog (bsc#1235489). - CVE-2024-56675: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors (bsc#1235555). - CVE-2024-56679: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c (bsc#1235498). - CVE-2024-56693: brd: defer automatic disk creation until module initialization succeeds (bsc#1235418). - CVE-2024-56694: bpf: fix recursive lock when verdict program return SK_PASS (bsc#1235412). - CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584). - CVE-2024-56707: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c (bsc#1235545). - CVE-2024-56708: EDAC/igen6: Avoid segmentation fault on module unload (bsc#1235564). - CVE-2024-56712: udmabuf: fix memory leak on last export_udmabuf() error path (bsc#1235565). - CVE-2024-56715: ionic: Fix netdev notifier unregister on failure (bsc#1235612). - CVE-2024-56716: netdevsim: prevent bad user input in nsim_dev_health_break_write() (bsc#1235587). - CVE-2024-56725: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c (bsc#1235578). - CVE-2024-56726: octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c (bsc#1235582). - CVE-2024-56727: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c (bsc#1235583). - CVE-2024-56728: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c (bsc#1235656). - CVE-2024-56729: smb: Initialize cfid->tcon before performing network ops (bsc#1235503). - CVE-2024-56747: scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (bsc#1234934). - CVE-2024-56748: scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() (bsc#1235627). - CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645). - CVE-2024-56763: tracing: Prevent bad count for tracing_cpumask_write (bsc#1235638). - CVE-2024-56774: btrfs: add a sanity check for btrfs root in btrfs_search_slot() (bsc#1235653). - CVE-2024-56775: drm/amd/display: Fix handling of plane refcount (bsc#1235657). - CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759). - CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors (bsc#1235768). - CVE-2024-57795: RDMA/rxe: Remove the direct link to net_device (bsc#1235906). - CVE-2024-57801: net/mlx5e: Skip restore TC rules for vport rep without loaded flag (bsc#1235940). - CVE-2024-57802: netrom: check buffer length before accessing it (bsc#1235941). - CVE-2024-57804: scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs (bsc#1235779). - CVE-2024-57809: PCI: imx6: Fix suspend/resume support on i.MX6QDL (bsc#1235793). - CVE-2024-57838: s390/entry: Mark IRQ entries to fix stack depot warnings (bsc#1235798). - CVE-2024-57857: RDMA/siw: Remove direct link to net_device (bsc#1235946). - CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914). - CVE-2024-57884: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (bsc#1235948). - CVE-2024-57892: ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (bsc#1235964). - CVE-2024-57896: btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount (bsc#1235965). - CVE-2024-57903: net: restrict SO_REUSEPORT to inet sockets (bsc#1235967). - CVE-2024-57917: topology: Keep the cpumask unchanged when printing cpumap (bsc#1236127). - CVE-2024-57929: dm array: fix releasing a faulty array block twice in dm_array_cursor_end (bsc#1236096). - CVE-2024-57931: selinux: ignore unknown extended permissions (bsc#1236192). - CVE-2024-57932: gve: guard XDP xmit NDO on existence of xdp queues (bsc#1236190). - CVE-2024-57933: gve: guard XSK operations on the existence of queues (bsc#1236178). - CVE-2024-57938: net/sctp: Prevent autoclose integer overflow in sctp_association_init() (bsc#1236182). - CVE-2024-57946: virtio-blk: do not keep queue frozen during system suspend (bsc#1236247). - CVE-2025-21632: x86/fpu: Ensure shadow stack is active before 'getting' registers (bsc#1236106). - CVE-2025-21649: net: hns3: fix kernel crash when 1588 is sent on HIP08 devices (bsc#1236143). - CVE-2025-21650: net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue (bsc#1236144). - CVE-2025-21651: net: hns3: do not auto enable misc vector (bsc#1236145). - CVE-2025-21652: ipvlan: Fix use-after-free in ipvlan_get_iflink() (bsc#1236160). - CVE-2025-21653: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (bsc#1236161). - CVE-2025-21655: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period (bsc#1236163). - CVE-2025-21662: net/mlx5: Fix variable not being completed when function returns (bsc#1236198). - CVE-2025-21663: net: stmmac: dwmac-tegra: Read iommu stream id from device tree (bsc#1236260). - CVE-2025-21664: dm thin: make get_first_thin use rcu-safe list first function (bsc#1236262). - CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680). - CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683). - CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685). - CVE-2025-21674: net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel (bsc#1236688). - CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694). - CVE-2025-21676: net: fec: handle page_pool_dev_alloc_pages error (bsc#1236696). - CVE-2025-21678: gtp: Destroy device along with udp socket's netns dismantle (bsc#1236698). - CVE-2025-21682: eth: bnxt: always recalculate features after XDP clearing, fix null-deref (bsc#1236703). The following non-security bugs were fixed: - ACPI/IORT: Add PMCG platform information for HiSilicon HIP09A (stable-fixes). - ACPI/IORT: Add PMCG platform information for HiSilicon HIP10/11 (stable-fixes). - ACPI: PCC: Add PCC shared memory region command and status bitfields (stable-fixes). - ACPI: fan: cleanup resources in the error path of .probe() (git-fixes). - ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] (stable-fixes). - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] (stable-fixes). - ACPI: resource: acpi_dev_irq_override(): Check DMI match last (stable-fixes). - ALSA: hda/realtek - Add support for ASUS Zen AIO 27 Z272SD_A272SD audio (stable-fixes). - ALSA: hda/realtek - Fixed headphone distorted sound on Acer Aspire A115-31 laptop (git-fixes). - ALSA: hda/realtek: Add new alc2xx-fixup-headset-mic model (stable-fixes). - ALSA: hda/realtek: Add support for Ayaneo System using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for Galaxy Book2 Pro (NP950XEE) (stable-fixes). - ALSA: hda/realtek: Enable Mute LED on HP Laptop 14s-fq1xxx (stable-fixes). - ALSA: hda/realtek: Enable headset mic on Positivo C6400 (stable-fixes). - ALSA: hda/realtek: Workaround for resume on Dell Venue 11 Pro 7130 (bsc#1235686). - ALSA: hda: Fix headset detection failure due to unstable sort (git-fixes). - ALSA: ump: Use guard() for locking (stable-fixes). - ALSA: usb-audio: Add delay quirk for USB Audio Device (stable-fixes). - ALSA: usb-audio: Add delay quirk for iBasso DC07 Pro (stable-fixes). - ASoC: Intel: avs: Fix theoretical infinite loop (git-fixes). - ASoC: acp: Support microphone from Lenovo Go S (stable-fixes). - ASoC: mediatek: disable buffer pre-allocation (stable-fixes). - ASoC: rockchip: i2s_tdm: Re-add the set_sysclk callback (git-fixes). - ASoC: rt722: add delay time to wait for the calibration procedure (stable-fixes). - ASoC: samsung: Add missing depends on I2C (git-fixes). - ASoC: samsung: Add missing selects for MFD_WM8994 (stable-fixes). - ASoC: sun4i-spdif: Add clock multiplier settings (git-fixes). - ASoC: wm8994: Add depends on MFD core (stable-fixes). - Align git commit ID abbreviation guidelines and checks (git-fixes). - Bluetooth: Add support ITTIM PE50-M75C (stable-fixes). - Bluetooth: L2CAP: accept zero as a special value for MTU auto-selection (git-fixes). - Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc (git-fixes). - Bluetooth: MGMT: Fix Add Device to responding before completing (git-fixes). - Bluetooth: btnxpuart: Fix driver sending truncated data (git-fixes). - Bluetooth: btnxpuart: Fix glitches seen in dual A2DP streaming (git-fixes). - Bluetooth: btusb: Add USB HW IDs for MT7921/MT7922/MT7925 (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0489/e111 for MT7925 (stable-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3602 for MT7925 (stable-fixes). - Bluetooth: btusb: add callback function in btusb suspend/resume (stable-fixes). - Bluetooth: btusb: mediatek: add callback function in btusb_disconnect (stable-fixes). - Bluetooth: hci_sync: Fix not setting Random Address when required (git-fixes). - uvcvideo: drop fix due to regression (bsc#1235894) - EDAC/{i10nm,skx,skx_common}: Support UV systems (bsc#1234693). - HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (git-fixes). - HID: fix generic desktop D-Pad controls (git-fixes). - HID: hid-sensor-hub: do not use stale platform-data on remove (git-fixes). - HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check (git-fixes). - HID: multitouch: fix support for Goodix PID 0x01e9 (git-fixes). - Input: atkbd - map F23 key to support default copilot shortcut (stable-fixes). - Input: bbnsm_pwrkey - add remove hook (git-fixes). - Input: bbnsm_pwrkey - fix missed key press after suspend (git-fixes). - Input: davinci-keyscan - remove leftover header (git-fixes). - Input: xpad - add QH Electronics VID/PID (stable-fixes). - Input: xpad - add support for Nacon Evol-X Xbox One Controller (stable-fixes). - Input: xpad - add support for Nacon Pro Compact (stable-fixes). - Input: xpad - add support for wooting two he (arm) (stable-fixes). - Input: xpad - add unofficial Xbox 360 wireless receiver clone (stable-fixes). - Input: xpad - improve name of 8BitDo controller 2dc8:3106 (stable-fixes). - KVM: SVM: Allow guest writes to set MSR_AMD64_DE_CFG bits (bsc#1234635). - KVM: s390: Reject KVM_SET_GSI_ROUTING on ucontrol VMs (git-fixes bsc#1235776). - KVM: s390: Reject setting flic pfault attributes on ucontrol VMs (git-fixes bsc#1235777). - KVM: s390: vsie: fix virtual/physical address in unpin_scb() (git-fixes bsc#1235778). - Move upstreamed DRM patch into sorted section - Move upstreamed NFS patch into sorted section - Move upstreamed TPM patch into sorted section - Move upstreamed lpfc patches into sorted section - Move upstreamed ppc patch into sorted section - Move upstreamed sound patch into sorted section - NFC: nci: Add bounds checking in nci_hci_create_pipe() (git-fixes). - NFSv4.2: fix COPY_NOTIFY xdr buf size calculation (git-fixes). - NFSv4.2: mark OFFLOAD_CANCEL MOVEABLE (git-fixes). - PCI: Avoid putting some root ports into D3 on TUXEDO Sirius Gen1 (git-fixes). - PCI: dwc: Always stop link in the dw_pcie_suspend_noirq (git-fixes). - PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() (git-fixes). - PCI: dwc: ep: Write BAR_MASK before iATU registers in pci_epc_set_bar() (git-fixes). - PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() (git-fixes). - PCI: endpoint: Finish virtual EP removal in pci_epf_remove_vepf() (git-fixes). - PCI: endpoint: pci-epf-test: Fix check for DMA MEMCPY test (git-fixes). - PCI: endpoint: pci-epf-test: Set dma_chan_rx pointer to NULL on error (git-fixes). - PCI: imx6: Deassert apps_reset in imx_pcie_deassert_core_reset() (git-fixes). - PCI: imx6: Skip controller_id generation logic for i.MX7D (git-fixes). - PCI: microchip: Set inbound address translation for coherent or non-coherent mode (git-fixes). - PCI: rcar-ep: Fix incorrect variable used when calling devm_request_mem_region() (git-fixes). - PM: hibernate: Add error handling for syscore_suspend() (git-fixes). - RDMA/bnxt_re: Add send queue size check for variable wqe (git-fixes) - RDMA/bnxt_re: Fix MSN table size for variable wqe mode (git-fixes) - RDMA/bnxt_re: Fix max SGEs for the Work Request (git-fixes) - RDMA/bnxt_re: Fix the max WQE size for static WQE support (git-fixes) - RDMA/bnxt_re: Fix the max WQEs used in Static WQE mode (git-fixes) - RDMA/bnxt_re: Fix to drop reference to the mmap entry in case of error (git-fixes) - RDMA/bnxt_re: Fix to export port num to ib_query_qp (git-fixes) - RDMA/mlx4: Avoid false error about access to uninitialized gids array (git-fixes) - RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (git-fixes) - RDMA/mlx5: Fix implicit ODP use after free (git-fixes) - RDMA/mlx5: Fix indirect mkey ODP page count (git-fixes) - RDMA/rxe: Fix mismatched max_msg_sz (git-fixes) - RDMA/rxe: Fix the warning '__rxe_cleanup+0x12c/0x170 [rdma_rxe]' (git-fixes) - RDMA/srp: Fix error handling in srp_add_port (git-fixes) - USB: core: Disable LPM only for non-suspended ports (git-fixes). - USB: serial: cp210x: add Phoenix Contact UPS Device (stable-fixes). - USB: serial: option: add MeiG Smart SRM815 (stable-fixes). - USB: serial: option: add Neoway N723-EA support (stable-fixes). - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() (git-fixes). - USB: usblp: return error when setting unsupported protocol (git-fixes). - Update patches.suse/nvme-tcp-Fix-I-O-queue-cpu-spreading-for-multiple-co.patch (git-fixes bsc#1224049). - VFS: use system_unbound_wq for delayed_mntput (bsc#1234683). - VMCI: fix reference to ioctl-number.rst (git-fixes). - afs: Fix EEXIST error returned from afs_rmdir() to be ENOTEMPTY (git-fixes). - afs: Fix cleanup of immediately failed async calls (git-fixes). - afs: Fix directory format encoding struct (git-fixes). - afs: Fix the fallback handling for the YFS.RemoveFile2 RPC call (git-fixes). - afs: Fix the maximum cell name length (git-fixes). - arm64/sme: Move storage of reg_smidr to __cpuinfo_store_cpu() (git-fixes) - arm64: Filter out SVE hwcaps when FEAT_SVE isn't implemented (git-fixes) - arm64: Kconfig: Make SME depend on BROKEN for now (git-fixes bsc#1236245). - arm64: dts: rockchip: Add sdmmc/sdio/emmc reset controls for RK3328 (git-fixes) - arm64: dts: rockchip: add hevc power domain clock to rk3328 (git-fixes). - arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma (git-fixes) - arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL (git-fixes). - arm64: tegra: Disable Tegra234 sce-fabric node (git-fixes) - arm64: tegra: Fix Tegra234 PCIe interrupt-map (git-fixes) - arm64: tegra: Fix typo in Tegra234 dce-fabric compatible (git-fixes) - ata: libata-core: Set ATA_QCFLAG_RTF_FILLED in fill_result_tf() (stable-fixes). - bnxt_en: Fix GSO type for HW GRO packets on 5750X chips (git-fixes) - btrfs: fix use-after-free in btrfs_encoded_read_endio() (bsc#1235445). - btrfs: fix use-after-free waiting for encoded read endios (bsc#1235445). - bus: mhi: host: Free mhi_buf vector inside mhi_alloc_bhie_table() (git-fixes). - ceph: improve error handling and short/overflow-read logic in __ceph_sync_read() (bsc#1228592). - cleanup: Add conditional guard support (stable-fixes). - cleanup: Adjust scoped_guard() macros to avoid potential warning (stable-fixes). - cleanup: Remove address space of returned pointer (git-fixes). - cpufreq: ACPI: Fix max-frequency computation (git-fixes). - cpufreq: Do not unregister cpufreq cooling on CPU hotplug (git-fixes). - cpufreq: amd-pstate: remove global header file (git-fixes). - cpufreq: intel_pstate: Check turbo_is_disabled() in store_no_turbo() (bsc#1234619). - cpufreq: intel_pstate: Do not update global.turbo_disabled after initialization (bsc#1234619). - cpufreq: intel_pstate: Drop redundant locking from intel_pstate_driver_cleanup() (bsc#1234619). - cpufreq: intel_pstate: Fix unchecked HWP MSR access (bsc#1234619). - cpufreq: intel_pstate: Fold intel_pstate_max_within_limits() into caller (bsc#1234619). - cpufreq: intel_pstate: Get rid of unnecessary READ_ONCE() annotations (bsc#1234619). - cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock (git-fixes). - cpufreq: intel_pstate: Read global.no_turbo under READ_ONCE() (bsc#1234619). - cpufreq: intel_pstate: Rearrange show_no_turbo() and store_no_turbo() (bsc#1234619). - cpufreq: intel_pstate: Refine computation of P-state for given frequency (bsc#1234619). - cpufreq: intel_pstate: Replace three global.turbo_disabled checks (bsc#1234619). - cpufreq: intel_pstate: Revise global turbo disable check (bsc#1234619). - cpufreq: intel_pstate: Simplify spinlock locking (bsc#1234619). - cpufreq: intel_pstate: Update the maximum CPU frequency consistently (bsc#1234619). - cpufreq: intel_pstate: Use HWP to initialize ITMT if CPPC is missing (git-fixes). - cpufreq: intel_pstate: Use __ro_after_init for three variables (bsc#1234619). - cpufreq: intel_pstate: Wait for canceled delayed work to complete (bsc#1234619). - cpufreq: intel_pstate: fix pstate limits enforcement for adjust_perf call back (git-fixes). - cpuidle: Avoid potential overflow in integer multiplication (git-fixes). - cpupower: fix TSC MHz calculation (git-fixes). - crypto: caam - use JobR's space to access page 0 regs (git-fixes). - crypto: ecc - Prevent ecc_digits_from_bytes from reading too many bytes (git-fixes). - crypto: ecdsa - Avoid signed integer overflow on signature decoding (stable-fixes). - crypto: ecdsa - Convert byte arrays with key coordinates to digits (stable-fixes). - crypto: ecdsa - Rename keylen to bufsize where necessary (stable-fixes). - crypto: ecdsa - Use ecc_digits_from_bytes to convert signature (stable-fixes). - crypto: iaa - Fix IAA disabling that occurs when sync_mode is set to 'async' (git-fixes). - crypto: ixp4xx - fix OF node reference leaks in init_ixp_crypto() (git-fixes). - crypto: qce - fix goto jump in error path (git-fixes). - crypto: qce - fix priority to be less than ARMv8 CE (git-fixes). - crypto: qce - unregister previously registered algos in error path (git-fixes). - devcoredump: cleanup some comments (git-fixes). - dlm: fix possible lkb_resource null dereference (git-fixes). - dmaengine: ti: edma: fix OF node reference leaks in edma_driver (git-fixes). - doc/README.SUSE: Point to the updated version of LKMPG - docs: media: update location of the media patches (stable-fixes). - docs: power: Fix footnote reference for Toshiba Satellite P10-554 (git-fixes). - driver core: class: Fix wild pointer dereferences in API class_dev_iter_next() (git-fixes). - drivers/card_reader/rtsx_usb: Restore interrupt based detection (git-fixes). - drm/amd/display: Add check for granularity in dml ceil/floor helpers (stable-fixes). - drm/amd/display: Fix DSC-re-computing (stable-fixes). - drm/amd/display: Fix incorrect DSC recompute trigger (stable-fixes). - drm/amd/display: Use HW lock mgr for PSR1 (stable-fixes). - drm/amd/display: increase MAX_SURFACES to the value supported by hw (stable-fixes). - drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config() (git-fixes). - drm/amdgpu/vcn: reset fw_shared under SRIOV (git-fixes). - drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table (git-fixes). - drm/amdgpu: always sync the GFX pipe on ctx switch (stable-fixes). - drm/amdgpu: simplify return statement in amdgpu_ras_eeprom_init (git-fixes). - drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini() (git-fixes). - drm/amdkfd: Correct the migration DMA map direction (stable-fixes). - drm/amdkfd: fixed page fault when enable MES shader debugger (git-fixes). - drm/bridge: it6505: Change definition of AUX_FIFO_MAX_SIZE (git-fixes). - drm/etnaviv: Fix page property being used for non writecombine buffers (git-fixes). - drm/i915/fb: Relax clear color alignment to 64 bytes (stable-fixes). - drm/mediatek: Add return value check when reading DPCD (git-fixes). - drm/mediatek: Add support for 180-degree rotation in the display driver (git-fixes). - drm/mediatek: Fix YCbCr422 color format issue for DP (git-fixes). - drm/mediatek: Fix mode valid issue for dp (git-fixes). - drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err (git-fixes). - drm/mediatek: mtk_dsi: Add registers to pdata to fix MT8186/MT8188 (git-fixes). - drm/mediatek: stop selecting foreign drivers (git-fixes). - drm/msm/dp: set safe_to_exit_level before printing it (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SC8180X (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8150 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8250 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8350 (git-fixes). - drm/msm/dpu: link DSPP_2/_3 blocks on SM8550 (git-fixes). - drm/msm: Check return value of of_dma_configure() (git-fixes). - drm/msm: do not clean up priv->kms prematurely (git-fixes). - drm/rcar-du: dsi: Fix PHY lock bit check (git-fixes). - drm/rockchip: cdn-dp: Use drm_connector_helper_hpd_irq_event() (git-fixes). - drm/rockchip: vop2: Check linear format for Cluster windows on rk3566/8 (git-fixes). - drm/rockchip: vop2: Fix cluster windows alpha ctrl regsiters offset (git-fixes). - drm/rockchip: vop2: Fix the mixer alpha setup for layer 0 (git-fixes). - drm/tidss: Clear the interrupt status for interrupts being disabled (git-fixes). - drm/tidss: Fix issue in irq handling causing irq-flood issue (git-fixes). - drm/v3d: Assign job pointer to NULL before signaling the fence (git-fixes). - drm/v3d: Ensure job pointer is set to NULL after job completion (git-fixes). - drm/v3d: Stop active perfmon if it is being destroyed (git-fixes). - drm/vmwgfx: Add new keep_resv BO param (git-fixes). - exfat: ensure that ctime is updated whenever the mtime is (git-fixes). - exfat: fix the infinite loop in __exfat_free_cluster() (git-fixes). - exfat: fix the infinite loop in exfat_readdir() (git-fixes). - fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() (git-fixes). - genirq: Make handle_enforce_irqctx() unconditionally available (git-fixes). - genksyms: fix memory leak when the same symbol is added from source (git-fixes). - genksyms: fix memory leak when the same symbol is read from *.symref file (git-fixes). - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (git-fixes). - gpio: mxc: remove dead code after switch to DT-only (git-fixes). - gpio: xilinx: Convert gpio_lock to raw spinlock (git-fixes). - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp() (git-fixes). - hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur (git-fixes). - hwmon: (drivetemp) Set scsi command timeout to 10s (stable-fixes). - hwmon: (tmp513) Fix division of negative numbers (git-fixes). - hyperv: Do not overlap the hvcall IO areas in get_vtl() (git-fixes). - i2c: core: fix reference leak in i2c_register_adapter() (git-fixes). - i2c: i801: Add support for Intel Arrow Lake-H (stable-fixes). - i2c: i801: Add support for Intel Panther Lake (stable-fixes). - i2c: mux: demux-pinctrl: check initial mux selection, too (git-fixes). - i2c: rcar: fix NACK handling when being a target (git-fixes). - i2c: xgene-slimpro: Migrate to use generic PCC shmem related macros (stable-fixes). - ibmvnic: Free any outstanding tx skbs during scrq reset (bsc#1226980). - ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() (git-fixes). - iio: adc: ad7124: Disable all channels at probe time (git-fixes). - iio: adc: ad_sigma_delta: Handle CS assertion as intended in ad_sd_read_reg_raw() (git-fixes). - iio: adc: at91: call input_free_device() on allocated iio_dev (git-fixes). - iio: adc: rockchip_saradc: fix information leak in triggered buffer (git-fixes). - iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() (git-fixes). - iio: adc: ti-ads8688: fix information leak in triggered buffer (git-fixes). - iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer (git-fixes). - iio: gyro: fxas21002c: Fix missing data update in trigger handler (git-fixes). - iio: iio-mux: kzalloc instead of devm_kzalloc to ensure page alignment (git-fixes). - iio: imu: kmx61: fix information leak in triggered buffer (git-fixes). - iio: inkern: call iio_device_put() only on mapped devices (git-fixes). - iio: light: as73211: fix channel handling in only-color triggered buffer (git-fixes). - iio: light: vcnl4035: fix information leak in triggered buffer (git-fixes). - iio: pressure: zpa2326: fix information leak in triggered buffer (git-fixes). - iio: test : check null return of kunit_kmalloc in iio_rescale_test_scale (git-fixes). - intel_th: core: fix kernel-doc warnings (git-fixes). - ipmi: ipmb: Add check devm_kasprintf() returned value (git-fixes). - ipmi: ssif_bmc: Fix new request loss when bmc ready for a response (git-fixes). - irqchip/gic-v3: Force propagation of the active state with a read-back (stable-fixes). - irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base (stable-fixes). - kABI workaround for struct auto_pin_cfg_item change (git-fixes). - kconfig: fix file name in warnings when loading KCONFIG_DEFCONFIG_LIST (git-fixes). - kheaders: Ignore silly-rename files (stable-fixes). - ktest.pl: Avoid false positives with grub2 skip regex (stable-fixes). - ktest.pl: Check kernelrelease return in get_version (git-fixes). - ktest.pl: Fix typo 'accesing' (git-fixes). - ktest.pl: Fix typo in comment (git-fixes). - ktest.pl: Remove unused declarations in run_bisect_test function (git-fixes). - ktest: force $buildonly = 1 for 'make_warnings_file' test type (stable-fixes). - landlock: Handle weird files (git-fixes). - latencytop: use correct kernel-doc format for func params (git-fixes). - leds: lp8860: Write full EEPROM, not only half of it (git-fixes). - leds: netxbig: Fix an OF node reference leak in netxbig_leds_get_of_pdata() (git-fixes). - lib/inflate.c: remove dead code (git-fixes). - lib/stackdepot: print disabled message only if truly disabled (git-fixes). - mac802154: check local interfaces before deleting sdata list (stable-fixes). - mailbox: pcc: Add support for platform notification handling (stable-fixes). - mailbox: pcc: Support shared interrupt for multiple subspaces (stable-fixes). - mailbox: tegra-hsp: Clear mailbox before using message (git-fixes). - maple_tree: simplify split calculation (git-fixes). - media: camif-core: Add check for clk_enable() (git-fixes). - media: ccs: Clean up parsed CCS static data on parse failure (git-fixes). - media: ccs: Fix CCS static data parsing for large block sizes (git-fixes). - media: ccs: Fix cleanup order in ccs_probe() (git-fixes). - media: dvb-usb-v2: af9035: fix ISO C90 compilation error on af9035_i2c_master_xfer (git-fixes). - media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes). - media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes). - media: i2c: imx412: Add missing newline to prints (git-fixes). - media: i2c: ov9282: Correct the exposure offset (git-fixes). - media: imx-jpeg: Fix potential error pointer dereference in detach_pm() (git-fixes). - media: imx296: Add standby delay during probe (git-fixes). - media: lmedm04: Handle errors for lme2510_int_read (git-fixes). - media: marvell: Add check for clk_enable() (git-fixes). - media: mc: fix endpoint iteration (git-fixes). - media: mipi-csis: Add check for clk_enable() (git-fixes). - media: nxp: imx8-isi: fix v4l2-compliance test errors (git-fixes). - media: ov08x40: Fix hblank out of range issue (git-fixes). - media: ov5640: fix get_light_freq on auto (git-fixes). - media: rc: iguanair: handle timeouts (git-fixes). - media: rkisp1: Fix unused value issue (git-fixes). - media: uvcvideo: Fix crash during unbind if gpio unit is in use (git-fixes). - media: uvcvideo: Fix double free in error path (git-fixes). - media: uvcvideo: Fix event flags in uvc_ctrl_send_events (git-fixes). - media: uvcvideo: Force UVC version to 1.0a for 0408:4035 (stable-fixes). - media: uvcvideo: Only save async fh if success (git-fixes). - media: uvcvideo: Propagate buf->error to userspace (git-fixes). - media: uvcvideo: Remove dangling pointers (git-fixes). - media: uvcvideo: Remove redundant NULL assignment (git-fixes). - media: uvcvideo: Support partial control reads (git-fixes). - memory tiering: count PGPROMOTE_SUCCESS when mem tiering is enabled (git-fixes). - memory-failure: use a folio in me_huge_page() (git-fixes). - memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() (git-fixes). - misc: fastrpc: Deregister device nodes properly in error scenarios (git-fixes). - misc: fastrpc: Fix copy buffer page size (git-fixes). - misc: fastrpc: Fix registered buffer page address (git-fixes). - misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling (git-fixes). - misc: microchip: pci1xxxx: Resolve return code mismatch during GPIO set config (git-fixes). - misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors (git-fixes). - mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes). - mm,page_owner: do not remove __GFP_NOLOCKDEP in add_stack_record_to_list (git-fixes). - mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)). - mm/memory-failure: cast index to loff_t before shifting it (git-fixes). - mm/memory-failure: check the mapcount of the precise page (git-fixes). - mm/memory-failure: fix crash in split_huge_page_to_list from soft_offline_page (git-fixes). - mm/memory-failure: pass the folio and the page to collect_procs() (git-fixes). - mm/memory-failure: use raw_spinlock_t in struct memory_failure_cpu (git-fixes). - mm/memory_hotplug: add missing mem_hotplug_lock (git-fixes). - mm/memory_hotplug: fix error handling in add_memory_resource() (git-fixes). - mm/memory_hotplug: prevent accessing by index=-1 (git-fixes). - mm/memory_hotplug: use pfn math in place of direct struct page manipulation (git-fixes). - mm/migrate: correct nr_failed in migrate_pages_sync() (git-fixes). - mm/migrate: fix deadlock in migrate_pages_batch() on large folios (git-fixes). - mm/migrate: putback split folios when numa hint migration fails (git-fixes). - mm/migrate: split source folio if it is on deferred split list (git-fixes). - mm/page_owner: remove free_ts from page_owner output (git-fixes). - mm/rodata_test: use READ_ONCE() to read const variable (git-fixes). - mm: convert DAX lock/unlock page to lock/unlock folio (git-fixes). - mm: memory-failure: ensure moving HWPoison flag to the raw error pages (git-fixes). - mm: memory-failure: fetch compound head after extra page refcnt is held (git-fixes). - mm: memory-failure: fix potential page refcnt leak in memory_failure() (git-fixes). - mm: memory-failure: fix race window when trying to get hugetlb folio (git-fixes). - mm: memory-failure: remove unneeded PageHuge() check (git-fixes). - mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes). - modpost: fix the missed iteration for the max bit in do_input() (git-fixes). - mtd: onenand: Fix uninitialized retlen in do_otp_read() (git-fixes). - mtd: spinand: Remove write_enable_op() in markbad() (git-fixes). - net/rose: prevent integer overflows in rose_setsockopt() (git-fixes). - net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). - net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760). - net: mana: Enable debugfs files for MANA device (bsc#1236758). - net: netvsc: Update default VMBus channels (bsc#1236757). - net: phy: c45-tjaxx: add delay between MDIO write and read in soft_reset (git-fixes). - net: rose: fix timer races against user threads (git-fixes). - net: usb: qmi_wwan: add Telit FE910C04 compositions (stable-fixes). - net: usb: rtl8150: enable basic endpoint checking (git-fixes). - net: wwan: iosm: Properly check for valid exec stage in ipc_mmio_init() (git-fixes). - net: wwan: t7xx: Fix FSM command timeout issue (git-fixes). - netfilter: nf_tables: validate family when identifying table via handle (bsc#1233778 ZDI-24-1454). - nilfs2: fix possible int overflows in nilfs_fiemap() (git-fixes). - nvme-tcp: Fix I/O queue cpu spreading for multiple controllers (git-fixes). - nvme: Add error check for xa_store in nvme_get_effects_log (git-fixes). - nvme: Add error path for xa_store in nvme_init_effects (git-fixes). - nvme: fix bogus kzalloc() return check in nvme_init_effects_log() (git-fixes). - nvmet: propagate npwg topology (git-fixes). - padata: add pd get/put refcnt helper (git-fixes). - padata: avoid UAF for reorder_work (git-fixes). - padata: fix UAF in padata_reorder (git-fixes). - pinctrl: amd: Take suspend type into consideration which pins are non-wake (git-fixes). - pinctrl: samsung: fix fwnode refcount cleanup if platform_get_irq_optional() fails (git-fixes). - platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it (git-fixes). - platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1225897). - platform/x86/intel/tpmi: Add defines to get version information (bsc#1225897). - pm:cpupower: Add missing powercap_set_enabled() stub function (git-fixes). - power: ip5xxx_power: Fix return value on ADC read errors (git-fixes). - powerpc/iommu: Move pSeries specific functions to pseries/iommu.c (bsc#1220711 ltc#205755). - powerpc/iommu: Only build sPAPR access functions on pSeries (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove MVE code (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove ioda1 support (bsc#1220711 ltc#205755). - powerpc/powernv/pci: Remove last IODA1 defines (bsc#1220711 ltc#205755). - powerpc/pseries/eeh: Fix get PE state translation (bsc#1215199). - powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW (bsc#1218470 ltc#204531). - powerpc/pseries/vas: Add close() callback in vas_vm_ops struct (bsc#1234825). - pps: add an error check in parport_attach (git-fixes). - pps: remove usage of the deprecated ida_simple_xx() API (stable-fixes). - printk: Add is_printk_legacy_deferred() (bsc#1236733). - printk: Defer legacy printing when holding printk_cpu_sync (bsc#1236733). - pwm: stm32-lp: Add check for clk_enable() (git-fixes). - pwm: stm32: Add check for clk_enable() (git-fixes). - r8169: enable SG/TSO on selected chip versions per default (bsc#1235874). - rcu-tasks: Pull sampling of ->percpu_dequeue_lim out of loop (git-fixes) - rcu/tree: Defer setting of jiffies during stall reset (git-fixes) - rcu: Dump memory object info if callback function is invalid (git-fixes) - rcu: Eliminate rcu_gp_slow_unregister() false positive (git-fixes) - rcuscale: Move rcu_scale_writer() (git-fixes) - rdma/cxgb4: Prevent potential integer overflow on 32bit (git-fixes) - regulator: core: Add missing newline character (git-fixes). - regulator: of: Implement the unwind path of of_regulator_match() (git-fixes). - remoteproc: core: Fix ida_free call while not allocated (git-fixes). - rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (git-fixes). - rtc: zynqmp: Fix optional clock name property (git-fixes). - s390x config: IOMMU_DEFAULT_DMA_LAZY=y (bsc#1235646) - samples/landlock: Fix possible NULL dereference in parse_path() (git-fixes). - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat (bsc#1235865). - sched/fair: Fix value reported by hot tasks pulled in /proc/schedstat -kabi (bsc#1235865). - scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (git-fixes). - seccomp: Stub for !CONFIG_SECCOMP (stable-fixes). - selftest: media_tests: fix trivial UAF typo (git-fixes). - selftests/alsa: Fix circular dependency involving global-timer (stable-fixes). - selftests/landlock: Fix error message (git-fixes). - selftests/mm/cow: modify the incorrect checking parameters (git-fixes). - selftests/powerpc: Fix argument order to timer_sub() (git-fixes). - selftests: harness: fix printing of mismatch values in __EXPECT() (git-fixes). - selftests: mptcp: avoid spurious errors on disconnect (git-fixes). - selftests: tc-testing: reduce rshift value (stable-fixes). - selftests: timers: clocksource-switch: Adapt progress to kselftest framework (git-fixes). - selinux: Fix SCTP error inconsistency in selinux_socket_bind() (git-fixes). - serial: 8250: Adjust the timeout for FIFO mode (git-fixes). - serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use (git-fixes). - serial: sh-sci: Drop __initdata macro for port_cfg (git-fixes). - ocfs2: temporarily disable upstream patch (bsc#1236138). - soc: atmel: fix device_node release in atmel_soc_device_init() (git-fixes). - soc: mediatek: mtk-devapc: Fix leaking IO map on error paths (git-fixes). - soc: qcom: smem_state: fix missing of_node_put in error path (git-fixes). - soc: qcom: socinfo: Avoid out of bounds read of serial number (git-fixes). - sound: usb: enable DSD output for ddHiFi TC44C (stable-fixes). - sound: usb: format: do not warn that raw DSD is unsupported (stable-fixes). - spi: zynq-qspi: Add check for clk_enable() (git-fixes). - srcu: Fix srcu_struct node grpmask overflow on 64-bit systems (git-fixes) - srcu: Only accelerate on enqueue time (git-fixes) - stackdepot: rename pool_index to pool_index_plus_1 (git-fixes). - stackdepot: respect __GFP_NOLOCKDEP allocation flag (git-fixes). - staging: iio: ad9832: Correct phase range check (git-fixes). - staging: iio: ad9834: Correct phase range check (git-fixes). - staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() (git-fixes). - staging: media: max96712: fix kernel oops when removing module (git-fixes). - thermal: of: fix OF node leak in of_thermal_zone_find() (git-fixes). - thunderbolt: Add support for Intel Lunar Lake (stable-fixes). - thunderbolt: Add support for Intel Panther Lake-M/P (stable-fixes). - tipc: fix NULL deref in cleanup_bearer() (bsc#1235433). - tools: Sync if_xdp.h uapi tooling header (git-fixes). - tpm: Map the ACPI provided event log (bsc#1233260 bsc#1233259 bsc#1232421). - tty: serial: 8250: Fix another runtime PM usage counter underflow (git-fixes). - tty: xilinx_uartps: split sysrq handling (git-fixes). - ubifs: skip dumping tnc tree when zroot is null (git-fixes). - uio: Fix return value of poll (git-fixes). - uio: uio_dmem_genirq: check the return value of devm_kasprintf() (git-fixes). - usb-storage: Add max sectors quirk for Nokia 208 (stable-fixes). - usb: chipidea: add CI_HDRC_FORCE_VBUS_ACTIVE_ALWAYS flag (stable-fixes). - usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes). - usb: dwc3-am62: Disable autosuspend during remove (git-fixes). - usb: dwc3-am62: Fix an OF node leak in phy_syscon_pll_refclk() (git-fixes). - usb: dwc3: gadget: fix writing NYET threshold (git-fixes). - usb: fix reference leak in usb_new_device() (git-fixes). - usb: gadget: configfs: Ignore trailing LF for user strings to cdev (git-fixes). - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind (git-fixes). - usb: gadget: f_tcm: Decrement command ref count on cleanup (git-fixes). - usb: gadget: f_tcm: Do not free command immediately (git-fixes). - usb: gadget: f_tcm: Do not prepare BOT write request twice (git-fixes). - usb: gadget: f_tcm: Fix Get/SetInterface return value (git-fixes). - usb: gadget: f_tcm: Translate error to sense (git-fixes). - usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint (git-fixes). - usb: gadget: f_uac2: Fix incorrect setting of bNumEndpoints (git-fixes). - usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null (git-fixes). - usb: host: xhci-plat: Assign shared_hcd->rsrc_start (git-fixes). - usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control() (bsc#1235001) - usb: typec: tcpm/tcpci_maxim: fix error code in max_contaminant_read_resistance_kohm() (git-fixes). - usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE (git-fixes). - usbnet: ipheth: break up NCM header size computation (git-fixes). - usbnet: ipheth: check that DPE points past NCM header (git-fixes). - usbnet: ipheth: fix DPE OoB read (git-fixes). - usbnet: ipheth: fix possible overflow in DPE length check (git-fixes). - usbnet: ipheth: refactor NCM datagram loop (git-fixes). - usbnet: ipheth: use static NDP16 location in URB (git-fixes). - vfio/pci: Lock external INTx masking ops (bsc#1222803). - virtio-mem: check if the config changed before fake offlining memory (git-fixes). - virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes). - virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes). - virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes). - vmscan,migrate: fix page count imbalance on node stats when demoting pages (git-fixes). - vsock/virtio: cancel close work in the destructor (git-fixes) - vsock: Keep the binding until socket destruction (git-fixes) - vsock: reset socket state when de-assigning the transport (git-fixes) - watchdog: rzg2l_wdt: Power on the watchdog domain in the restart handler (stable-fixes). - watchdog: rzg2l_wdt: Rely on the reset driver for doing proper reset (stable-fixes). - watchdog: rzg2l_wdt: Remove reset de-assert from probe (stable-fixes). - wifi: ath11k: Fix unexpected return buffer manager error for WCN6750/WCN6855 (git-fixes). - wifi: ath11k: cleanup struct ath11k_mon_data (git-fixes). - wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask() (stable-fixes). - wifi: ath12k: fix tx power, max reg power update to firmware (git-fixes). - wifi: brcmfmac: add missing header include for brcmf_dbg (git-fixes). - wifi: cfg80211: adjust allocation of colocated AP data (git-fixes). - wifi: iwlwifi: fw: read STEP table from correct UEFI var (git-fixes). - wifi: mac80211: Add non-atomic station iterator (stable-fixes). - wifi: mac80211: Fix common size calculation for ML element (git-fixes). - wifi: mac80211: do not flush non-uploaded STAs (git-fixes). - wifi: mac80211: export ieee80211_purge_tx_queue() for drivers (stable-fixes). - wifi: mac80211: fix mbss changed flags corruption on 32 bit systems (stable-fixes). - wifi: mac80211: fix tid removal during mesh forwarding (git-fixes). - wifi: mac80211: prohibit deactivating all links (git-fixes). - wifi: mac80211: wake the queues in case of failure in resume (stable-fixes). - wifi: mt76: mt76u_vendor_request: Do not print error messages when -EPROTO (git-fixes). - wifi: mt76: mt7915: Fix mesh scan on MT7916 DBDC (git-fixes). - wifi: mt76: mt7915: add module param to select 5 GHz or 6 GHz on MT7916 (git-fixes). - wifi: mt76: mt7915: firmware restart on devices with a second pcie link (git-fixes). - wifi: mt76: mt7915: fix overflows seen when writing limit attributes (git-fixes). - wifi: mt76: mt7915: fix register mapping (git-fixes). - wifi: mt76: mt7921: fix using incorrect group cipher after disconnection (git-fixes). - wifi: mt76: mt7925: fix off by one in mt7925_load_clc() (git-fixes). - wifi: mt76: mt7996: add max mpdu len capability (git-fixes). - wifi: mt76: mt7996: fix HE Phy capability (git-fixes). - wifi: mt76: mt7996: fix definition of tx descriptor (git-fixes). - wifi: mt76: mt7996: fix incorrect indexing of MIB FW event (git-fixes). - wifi: mt76: mt7996: fix ldpc setting (git-fixes). - wifi: mt76: mt7996: fix overflows seen when writing limit attributes (git-fixes). - wifi: mt76: mt7996: fix register mapping (git-fixes). - wifi: mt76: mt7996: fix rx filter setting for bfee functionality (git-fixes). - wifi: mt76: mt7996: fix the capability of reception of EHT MU PPDU (git-fixes). - wifi: rtlwifi: destroy workqueue at rtl_deinit_core (git-fixes). - wifi: rtlwifi: do not complete firmware loading needlessly (git-fixes). - wifi: rtlwifi: fix init_sw_vars leak when probe fails (git-fixes). - wifi: rtlwifi: fix memory leaks and invalid access at probe error path (git-fixes). - wifi: rtlwifi: pci: wait for firmware loading before releasing memory (git-fixes). - wifi: rtlwifi: remove unused check_buddy_priv (git-fixes). - wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step (git-fixes). - wifi: rtlwifi: rtl8821ae: Fix media status report (git-fixes). - wifi: rtlwifi: rtl8821ae: phy: restore removed code to fix infinite loop (git-fixes). - wifi: rtlwifi: usb: fix workqueue leak when probe fails (git-fixes). - wifi: rtlwifi: wait for firmware loading before releasing memory (git-fixes). - wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb (stable-fixes). - wifi: rtw89: mcc: consider time limits not divisible by 1024 (git-fixes). - wifi: wcn36xx: fix channel survey memory allocation size (git-fixes). - wifi: wlcore: fix unbalanced pm_runtime calls (git-fixes). - workqueue: Add rcu lock check at the end of work item execution (bsc#1236732). - x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (git-fixes). - xfs: Add error handling for xfs_reflink_cancel_cow_range (git-fixes). - xfs: Propagate errors from xfs_reflink_cancel_cow_range in xfs_dax_write_iomap_end (git-fixes). Important SUSE bug 1012628 SUSE bug 1194869 SUSE bug 1215199 SUSE bug 1216813 SUSE bug 1218470 SUSE bug 1220711 SUSE bug 1222803 SUSE bug 1224049 SUSE bug 1225897 SUSE bug 1226980 SUSE bug 1228592 SUSE bug 1229833 SUSE bug 1231016 SUSE bug 1231088 SUSE bug 1232087 SUSE bug 1232101 SUSE bug 1232158 SUSE bug 1232161 SUSE bug 1232421 SUSE bug 1232882 SUSE bug 1233055 SUSE bug 1233112 SUSE bug 1233221 SUSE bug 1233248 SUSE bug 1233259 SUSE bug 1233260 SUSE bug 1233488 SUSE bug 1233522 SUSE bug 1233638 SUSE bug 1233642 SUSE bug 1233778 SUSE bug 1234195 SUSE bug 1234619 SUSE bug 1234635 SUSE bug 1234683 SUSE bug 1234693 SUSE bug 1234726 SUSE bug 1234825 SUSE bug 1234863 SUSE bug 1234887 SUSE bug 1234888 SUSE bug 1234893 SUSE bug 1234898 SUSE bug 1234901 SUSE bug 1234906 SUSE bug 1234923 SUSE bug 1234931 SUSE bug 1234934 SUSE bug 1234947 SUSE bug 1234957 SUSE bug 1235000 SUSE bug 1235001 SUSE bug 1235011 SUSE bug 1235031 SUSE bug 1235032 SUSE bug 1235035 SUSE bug 1235037 SUSE bug 1235038 SUSE bug 1235039 SUSE bug 1235040 SUSE bug 1235042 SUSE bug 1235043 SUSE bug 1235046 SUSE bug 1235050 SUSE bug 1235051 SUSE bug 1235053 SUSE bug 1235054 SUSE bug 1235057 SUSE bug 1235059 SUSE bug 1235065 SUSE bug 1235070 SUSE bug 1235073 SUSE bug 1235100 SUSE bug 1235112 SUSE bug 1235115 SUSE bug 1235117 SUSE bug 1235122 SUSE bug 1235123 SUSE bug 1235125 SUSE bug 1235132 SUSE bug 1235133 SUSE bug 1235155 SUSE bug 1235160 SUSE bug 1235217 SUSE bug 1235219 SUSE bug 1235220 SUSE bug 1235222 SUSE bug 1235223 SUSE bug 1235224 SUSE bug 1235227 SUSE bug 1235230 SUSE bug 1235241 SUSE bug 1235244 SUSE bug 1235249 SUSE bug 1235251 SUSE bug 1235252 SUSE bug 1235389 SUSE bug 1235390 SUSE bug 1235391 SUSE bug 1235406 SUSE bug 1235410 SUSE bug 1235412 SUSE bug 1235413 SUSE bug 1235415 SUSE bug 1235416 SUSE bug 1235417 SUSE bug 1235418 SUSE bug 1235423 SUSE bug 1235424 SUSE bug 1235425 SUSE bug 1235426 SUSE bug 1235427 SUSE bug 1235428 SUSE bug 1235429 SUSE bug 1235430 SUSE bug 1235433 SUSE bug 1235437 SUSE bug 1235439 SUSE bug 1235441 SUSE bug 1235444 SUSE bug 1235445 SUSE bug 1235449 SUSE bug 1235451 SUSE bug 1235454 SUSE bug 1235458 SUSE bug 1235459 SUSE bug 1235464 SUSE bug 1235466 SUSE bug 1235473 SUSE bug 1235479 SUSE bug 1235480 SUSE bug 1235483 SUSE bug 1235486 SUSE bug 1235487 SUSE bug 1235488 SUSE bug 1235489 SUSE bug 1235491 SUSE bug 1235494 SUSE bug 1235495 SUSE bug 1235496 SUSE bug 1235497 SUSE bug 1235498 SUSE bug 1235500 SUSE bug 1235502 SUSE bug 1235503 SUSE bug 1235519 SUSE bug 1235520 SUSE bug 1235521 SUSE bug 1235523 SUSE bug 1235526 SUSE bug 1235528 SUSE bug 1235532 SUSE bug 1235533 SUSE bug 1235534 SUSE bug 1235537 SUSE bug 1235538 SUSE bug 1235545 SUSE bug 1235552 SUSE bug 1235555 SUSE bug 1235557 SUSE bug 1235563 SUSE bug 1235564 SUSE bug 1235565 SUSE bug 1235568 SUSE bug 1235570 SUSE bug 1235571 SUSE bug 1235577 SUSE bug 1235578 SUSE bug 1235582 SUSE bug 1235583 SUSE bug 1235584 SUSE bug 1235587 SUSE bug 1235611 SUSE bug 1235612 SUSE bug 1235616 SUSE bug 1235622 SUSE bug 1235627 SUSE bug 1235632 SUSE bug 1235635 SUSE bug 1235638 SUSE bug 1235641 SUSE bug 1235643 SUSE bug 1235645 SUSE bug 1235646 SUSE bug 1235647 SUSE bug 1235650 SUSE bug 1235653 SUSE bug 1235656 SUSE bug 1235657 SUSE bug 1235663 SUSE bug 1235686 SUSE bug 1235700 SUSE bug 1235705 SUSE bug 1235707 SUSE bug 1235708 SUSE bug 1235710 SUSE bug 1235714 SUSE bug 1235716 SUSE bug 1235720 SUSE bug 1235723 SUSE bug 1235727 SUSE bug 1235730 SUSE bug 1235737 SUSE bug 1235739 SUSE bug 1235745 SUSE bug 1235747 SUSE bug 1235750 SUSE bug 1235753 SUSE bug 1235759 SUSE bug 1235764 SUSE bug 1235768 SUSE bug 1235776 SUSE bug 1235777 SUSE bug 1235778 SUSE bug 1235779 SUSE bug 1235793 SUSE bug 1235798 SUSE bug 1235806 SUSE bug 1235808 SUSE bug 1235812 SUSE bug 1235814 SUSE bug 1235818 SUSE bug 1235842 SUSE bug 1235865 SUSE bug 1235874 SUSE bug 1235894 SUSE bug 1235902 SUSE bug 1235903 SUSE bug 1235906 SUSE bug 1235914 SUSE bug 1235918 SUSE bug 1235919 SUSE bug 1235920 SUSE bug 1235924 SUSE bug 1235940 SUSE bug 1235941 SUSE bug 1235946 SUSE bug 1235948 SUSE bug 1235952 SUSE bug 1235964 SUSE bug 1235965 SUSE bug 1235967 SUSE bug 1235969 SUSE bug 1235976 SUSE bug 1235977 SUSE bug 1236078 SUSE bug 1236080 SUSE bug 1236082 SUSE bug 1236088 SUSE bug 1236090 SUSE bug 1236091 SUSE bug 1236096 SUSE bug 1236097 SUSE bug 1236098 SUSE bug 1236101 SUSE bug 1236102 SUSE bug 1236104 SUSE bug 1236106 SUSE bug 1236120 SUSE bug 1236125 SUSE bug 1236127 SUSE bug 1236131 SUSE bug 1236138 SUSE bug 1236143 SUSE bug 1236144 SUSE bug 1236145 SUSE bug 1236160 SUSE bug 1236161 SUSE bug 1236163 SUSE bug 1236168 SUSE bug 1236178 SUSE bug 1236180 SUSE bug 1236181 SUSE bug 1236182 SUSE bug 1236190 SUSE bug 1236192 SUSE bug 1236198 SUSE bug 1236227 SUSE bug 1236245 SUSE bug 1236247 SUSE bug 1236248 SUSE bug 1236260 SUSE bug 1236262 SUSE bug 1236628 SUSE bug 1236680 SUSE bug 1236683 SUSE bug 1236685 SUSE bug 1236688 SUSE bug 1236694 SUSE bug 1236696 SUSE bug 1236698 SUSE bug 1236703 SUSE bug 1236732 SUSE bug 1236733 SUSE bug 1236757 SUSE bug 1236758 SUSE bug 1236760 SUSE bug 1236761 CVE-2023-52923 at SUSE CVE-2023-52923 at NVD CVE-2024-36476 at SUSE CVE-2024-36476 at NVD CVE-2024-39282 at SUSE CVE-2024-39282 at NVD CVE-2024-43913 at SUSE CVE-2024-43913 at NVD CVE-2024-45828 at SUSE CVE-2024-45828 at NVD CVE-2024-46858 at SUSE CVE-2024-46858 at NVD CVE-2024-46896 at SUSE CVE-2024-46896 at NVD CVE-2024-47141 at SUSE CVE-2024-47141 at NVD CVE-2024-47143 at SUSE CVE-2024-47143 at NVD CVE-2024-47809 at SUSE CVE-2024-47809 at NVD CVE-2024-48873 at SUSE CVE-2024-48873 at NVD CVE-2024-48881 at SUSE CVE-2024-48881 at NVD CVE-2024-49569 at SUSE CVE-2024-49569 at NVD CVE-2024-49948 at SUSE CVE-2024-49948 at NVD CVE-2024-49951 at SUSE CVE-2024-49951 at NVD CVE-2024-49978 at SUSE CVE-2024-49978 at NVD CVE-2024-49998 at SUSE CVE-2024-49998 at NVD CVE-2024-50051 at SUSE CVE-2024-50051 at NVD CVE-2024-50106 at SUSE CVE-2024-50106 at NVD CVE-2024-50151 at SUSE CVE-2024-50151 at NVD CVE-2024-50199 at SUSE CVE-2024-50199 at NVD CVE-2024-50251 at SUSE CVE-2024-50251 at NVD CVE-2024-50258 at SUSE CVE-2024-50258 at NVD CVE-2024-50299 at SUSE CVE-2024-50299 at NVD CVE-2024-50304 at SUSE CVE-2024-50304 at NVD CVE-2024-52332 at SUSE CVE-2024-52332 at NVD CVE-2024-53091 at SUSE CVE-2024-53091 at NVD CVE-2024-53095 at SUSE CVE-2024-53095 at NVD CVE-2024-53164 at SUSE CVE-2024-53164 at NVD CVE-2024-53168 at SUSE CVE-2024-53168 at NVD CVE-2024-53170 at SUSE CVE-2024-53170 at NVD CVE-2024-53172 at SUSE CVE-2024-53172 at NVD CVE-2024-53175 at SUSE CVE-2024-53175 at NVD CVE-2024-53185 at SUSE CVE-2024-53185 at NVD CVE-2024-53187 at SUSE CVE-2024-53187 at NVD CVE-2024-53194 at SUSE CVE-2024-53194 at NVD CVE-2024-53195 at SUSE CVE-2024-53195 at NVD CVE-2024-53196 at SUSE CVE-2024-53196 at NVD CVE-2024-53197 at SUSE CVE-2024-53197 at NVD CVE-2024-53198 at SUSE CVE-2024-53198 at NVD CVE-2024-53203 at SUSE CVE-2024-53203 at NVD CVE-2024-53227 at SUSE CVE-2024-53227 at NVD CVE-2024-53230 at SUSE CVE-2024-53230 at NVD CVE-2024-53231 at SUSE CVE-2024-53231 at NVD CVE-2024-53232 at SUSE CVE-2024-53232 at NVD CVE-2024-53233 at SUSE CVE-2024-53233 at NVD CVE-2024-53236 at SUSE CVE-2024-53236 at NVD CVE-2024-53239 at SUSE CVE-2024-53239 at NVD CVE-2024-53685 at SUSE CVE-2024-53685 at NVD CVE-2024-53690 at SUSE CVE-2024-53690 at NVD CVE-2024-54680 at SUSE CVE-2024-54680 at NVD CVE-2024-55639 at SUSE CVE-2024-55639 at NVD CVE-2024-55881 at SUSE CVE-2024-55881 at NVD CVE-2024-55916 at SUSE CVE-2024-55916 at NVD CVE-2024-56369 at SUSE CVE-2024-56369 at NVD CVE-2024-56372 at SUSE CVE-2024-56372 at NVD CVE-2024-56531 at SUSE CVE-2024-56531 at NVD CVE-2024-56532 at SUSE CVE-2024-56532 at NVD CVE-2024-56533 at SUSE CVE-2024-56533 at NVD CVE-2024-56538 at SUSE CVE-2024-56538 at NVD CVE-2024-56543 at SUSE CVE-2024-56543 at NVD CVE-2024-56546 at SUSE CVE-2024-56546 at NVD CVE-2024-56548 at SUSE CVE-2024-56548 at NVD CVE-2024-56557 at SUSE CVE-2024-56557 at NVD CVE-2024-56558 at SUSE CVE-2024-56558 at NVD CVE-2024-56568 at SUSE CVE-2024-56568 at NVD CVE-2024-56569 at SUSE CVE-2024-56569 at NVD CVE-2024-56570 at SUSE CVE-2024-56570 at NVD CVE-2024-56571 at SUSE CVE-2024-56571 at NVD CVE-2024-56572 at SUSE CVE-2024-56572 at NVD CVE-2024-56573 at SUSE CVE-2024-56573 at NVD CVE-2024-56574 at SUSE CVE-2024-56574 at NVD CVE-2024-56575 at SUSE CVE-2024-56575 at NVD CVE-2024-56577 at SUSE CVE-2024-56577 at NVD CVE-2024-56578 at SUSE CVE-2024-56578 at NVD CVE-2024-56584 at SUSE CVE-2024-56584 at NVD CVE-2024-56587 at SUSE CVE-2024-56587 at NVD CVE-2024-56588 at SUSE CVE-2024-56588 at NVD CVE-2024-56589 at SUSE CVE-2024-56589 at NVD CVE-2024-56590 at SUSE CVE-2024-56590 at NVD CVE-2024-56592 at SUSE CVE-2024-56592 at NVD CVE-2024-56593 at SUSE CVE-2024-56593 at NVD CVE-2024-56594 at SUSE CVE-2024-56594 at NVD CVE-2024-56595 at SUSE CVE-2024-56595 at NVD CVE-2024-56596 at SUSE CVE-2024-56596 at NVD CVE-2024-56597 at SUSE CVE-2024-56597 at NVD CVE-2024-56598 at SUSE CVE-2024-56598 at NVD CVE-2024-5660 at SUSE CVE-2024-5660 at NVD CVE-2024-56600 at SUSE CVE-2024-56600 at NVD CVE-2024-56601 at SUSE CVE-2024-56601 at NVD CVE-2024-56602 at SUSE CVE-2024-56602 at NVD CVE-2024-56603 at SUSE CVE-2024-56603 at NVD CVE-2024-56606 at SUSE CVE-2024-56606 at NVD CVE-2024-56607 at SUSE CVE-2024-56607 at NVD CVE-2024-56608 at SUSE CVE-2024-56608 at NVD CVE-2024-56609 at SUSE CVE-2024-56609 at NVD CVE-2024-56610 at SUSE CVE-2024-56610 at NVD CVE-2024-56611 at SUSE CVE-2024-56611 at NVD CVE-2024-56614 at SUSE CVE-2024-56614 at NVD CVE-2024-56615 at SUSE CVE-2024-56615 at NVD CVE-2024-56616 at SUSE CVE-2024-56616 at NVD CVE-2024-56617 at SUSE CVE-2024-56617 at NVD CVE-2024-56619 at SUSE CVE-2024-56619 at NVD CVE-2024-56620 at SUSE CVE-2024-56620 at NVD CVE-2024-56622 at SUSE CVE-2024-56622 at NVD CVE-2024-56623 at SUSE CVE-2024-56623 at NVD CVE-2024-56625 at SUSE CVE-2024-56625 at NVD CVE-2024-56629 at SUSE CVE-2024-56629 at NVD CVE-2024-56630 at SUSE CVE-2024-56630 at NVD CVE-2024-56631 at SUSE CVE-2024-56631 at NVD CVE-2024-56632 at SUSE CVE-2024-56632 at NVD CVE-2024-56634 at SUSE CVE-2024-56634 at NVD CVE-2024-56635 at SUSE CVE-2024-56635 at NVD CVE-2024-56636 at SUSE CVE-2024-56636 at NVD CVE-2024-56637 at SUSE CVE-2024-56637 at NVD CVE-2024-56641 at SUSE CVE-2024-56641 at NVD CVE-2024-56642 at SUSE CVE-2024-56642 at NVD CVE-2024-56643 at SUSE CVE-2024-56643 at NVD CVE-2024-56644 at SUSE CVE-2024-56644 at NVD CVE-2024-56648 at SUSE CVE-2024-56648 at NVD CVE-2024-56649 at SUSE CVE-2024-56649 at NVD CVE-2024-56650 at SUSE CVE-2024-56650 at NVD CVE-2024-56651 at SUSE CVE-2024-56651 at NVD CVE-2024-56654 at SUSE CVE-2024-56654 at NVD CVE-2024-56656 at SUSE CVE-2024-56656 at NVD CVE-2024-56658 at SUSE CVE-2024-56658 at NVD CVE-2024-56659 at SUSE CVE-2024-56659 at NVD CVE-2024-56660 at SUSE CVE-2024-56660 at NVD CVE-2024-56661 at SUSE CVE-2024-56661 at NVD CVE-2024-56662 at SUSE CVE-2024-56662 at NVD CVE-2024-56663 at SUSE CVE-2024-56663 at NVD CVE-2024-56664 at SUSE CVE-2024-56664 at NVD CVE-2024-56665 at SUSE CVE-2024-56665 at NVD CVE-2024-56670 at SUSE CVE-2024-56670 at NVD CVE-2024-56672 at SUSE CVE-2024-56672 at NVD CVE-2024-56675 at SUSE CVE-2024-56675 at NVD CVE-2024-56677 at SUSE CVE-2024-56677 at NVD CVE-2024-56678 at SUSE CVE-2024-56678 at NVD CVE-2024-56679 at SUSE CVE-2024-56679 at NVD CVE-2024-56681 at SUSE CVE-2024-56681 at NVD CVE-2024-56683 at SUSE CVE-2024-56683 at NVD CVE-2024-56687 at SUSE CVE-2024-56687 at NVD CVE-2024-56688 at SUSE CVE-2024-56688 at NVD CVE-2024-56690 at SUSE CVE-2024-56690 at NVD CVE-2024-56691 at SUSE CVE-2024-56691 at NVD CVE-2024-56693 at SUSE CVE-2024-56693 at NVD CVE-2024-56694 at SUSE CVE-2024-56694 at NVD CVE-2024-56698 at SUSE CVE-2024-56698 at NVD CVE-2024-56700 at SUSE CVE-2024-56700 at NVD CVE-2024-56701 at SUSE CVE-2024-56701 at NVD CVE-2024-56704 at SUSE CVE-2024-56704 at NVD CVE-2024-56705 at SUSE CVE-2024-56705 at NVD CVE-2024-56707 at SUSE CVE-2024-56707 at NVD CVE-2024-56708 at SUSE CVE-2024-56708 at NVD CVE-2024-56709 at SUSE CVE-2024-56709 at NVD CVE-2024-56712 at SUSE CVE-2024-56712 at NVD CVE-2024-56715 at SUSE CVE-2024-56715 at NVD CVE-2024-56716 at SUSE CVE-2024-56716 at NVD CVE-2024-56722 at SUSE CVE-2024-56722 at NVD CVE-2024-56723 at SUSE CVE-2024-56723 at NVD CVE-2024-56724 at SUSE CVE-2024-56724 at NVD CVE-2024-56725 at SUSE CVE-2024-56725 at NVD CVE-2024-56726 at SUSE CVE-2024-56726 at NVD CVE-2024-56727 at SUSE CVE-2024-56727 at NVD CVE-2024-56728 at SUSE CVE-2024-56728 at NVD CVE-2024-56729 at SUSE CVE-2024-56729 at NVD CVE-2024-56739 at SUSE CVE-2024-56739 at NVD CVE-2024-56741 at SUSE CVE-2024-56741 at NVD CVE-2024-56745 at SUSE CVE-2024-56745 at NVD CVE-2024-56746 at SUSE CVE-2024-56746 at NVD CVE-2024-56747 at SUSE CVE-2024-56747 at NVD CVE-2024-56748 at SUSE CVE-2024-56748 at NVD CVE-2024-56759 at SUSE CVE-2024-56759 at NVD CVE-2024-56760 at SUSE CVE-2024-56760 at NVD CVE-2024-56763 at SUSE CVE-2024-56763 at NVD CVE-2024-56765 at SUSE CVE-2024-56765 at NVD CVE-2024-56766 at SUSE CVE-2024-56766 at NVD CVE-2024-56767 at SUSE CVE-2024-56767 at NVD CVE-2024-56769 at SUSE CVE-2024-56769 at NVD CVE-2024-56774 at SUSE CVE-2024-56774 at NVD CVE-2024-56775 at SUSE CVE-2024-56775 at NVD CVE-2024-56776 at SUSE CVE-2024-56776 at NVD CVE-2024-56777 at SUSE CVE-2024-56777 at NVD CVE-2024-56778 at SUSE CVE-2024-56778 at NVD CVE-2024-56779 at SUSE CVE-2024-56779 at NVD CVE-2024-56780 at SUSE CVE-2024-56780 at NVD CVE-2024-56787 at SUSE CVE-2024-56787 at NVD CVE-2024-57791 at SUSE CVE-2024-57791 at NVD CVE-2024-57792 at SUSE CVE-2024-57792 at NVD CVE-2024-57793 at SUSE CVE-2024-57793 at NVD CVE-2024-57795 at SUSE CVE-2024-57795 at NVD CVE-2024-57798 at SUSE CVE-2024-57798 at NVD CVE-2024-57801 at SUSE CVE-2024-57801 at NVD CVE-2024-57802 at SUSE CVE-2024-57802 at NVD CVE-2024-57804 at SUSE CVE-2024-57804 at NVD CVE-2024-57809 at SUSE CVE-2024-57809 at NVD CVE-2024-57838 at SUSE CVE-2024-57838 at NVD CVE-2024-57849 at SUSE CVE-2024-57849 at NVD CVE-2024-57850 at SUSE CVE-2024-57850 at NVD CVE-2024-57857 at SUSE CVE-2024-57857 at NVD CVE-2024-57874 at SUSE CVE-2024-57874 at NVD CVE-2024-57876 at SUSE CVE-2024-57876 at NVD CVE-2024-57882 at SUSE CVE-2024-57882 at NVD CVE-2024-57884 at SUSE CVE-2024-57884 at NVD CVE-2024-57887 at SUSE CVE-2024-57887 at NVD CVE-2024-57888 at SUSE CVE-2024-57888 at NVD CVE-2024-57890 at SUSE CVE-2024-57890 at NVD CVE-2024-57892 at SUSE CVE-2024-57892 at NVD CVE-2024-57893 at SUSE CVE-2024-57893 at NVD CVE-2024-57896 at SUSE CVE-2024-57896 at NVD CVE-2024-57897 at SUSE CVE-2024-57897 at NVD CVE-2024-57899 at SUSE CVE-2024-57899 at NVD CVE-2024-57903 at SUSE CVE-2024-57903 at NVD CVE-2024-57904 at SUSE CVE-2024-57904 at NVD CVE-2024-57906 at SUSE CVE-2024-57906 at NVD CVE-2024-57907 at SUSE CVE-2024-57907 at NVD CVE-2024-57908 at SUSE CVE-2024-57908 at NVD CVE-2024-57910 at SUSE CVE-2024-57910 at NVD CVE-2024-57911 at SUSE CVE-2024-57911 at NVD CVE-2024-57912 at SUSE CVE-2024-57912 at NVD CVE-2024-57913 at SUSE CVE-2024-57913 at NVD CVE-2024-57915 at SUSE CVE-2024-57915 at NVD CVE-2024-57916 at SUSE CVE-2024-57916 at NVD CVE-2024-57917 at SUSE CVE-2024-57917 at NVD CVE-2024-57922 at SUSE CVE-2024-57922 at NVD CVE-2024-57926 at SUSE CVE-2024-57926 at NVD CVE-2024-57929 at SUSE CVE-2024-57929 at NVD CVE-2024-57931 at SUSE CVE-2024-57931 at NVD CVE-2024-57932 at SUSE CVE-2024-57932 at NVD CVE-2024-57933 at SUSE CVE-2024-57933 at NVD CVE-2024-57935 at SUSE CVE-2024-57935 at NVD CVE-2024-57936 at SUSE CVE-2024-57936 at NVD CVE-2024-57938 at SUSE CVE-2024-57938 at NVD CVE-2024-57940 at SUSE CVE-2024-57940 at NVD CVE-2024-57946 at SUSE CVE-2024-57946 at NVD CVE-2025-21632 at SUSE CVE-2025-21632 at NVD CVE-2025-21645 at SUSE CVE-2025-21645 at NVD CVE-2025-21646 at SUSE CVE-2025-21646 at NVD CVE-2025-21649 at SUSE CVE-2025-21649 at NVD CVE-2025-21650 at SUSE CVE-2025-21650 at NVD CVE-2025-21651 at SUSE CVE-2025-21651 at NVD CVE-2025-21652 at SUSE CVE-2025-21652 at NVD CVE-2025-21653 at SUSE CVE-2025-21653 at NVD CVE-2025-21655 at SUSE CVE-2025-21655 at NVD CVE-2025-21656 at SUSE CVE-2025-21656 at NVD CVE-2025-21662 at SUSE CVE-2025-21662 at NVD CVE-2025-21663 at SUSE CVE-2025-21663 at NVD CVE-2025-21664 at SUSE CVE-2025-21664 at NVD CVE-2025-21666 at SUSE CVE-2025-21666 at NVD CVE-2025-21669 at SUSE CVE-2025-21669 at NVD CVE-2025-21670 at SUSE CVE-2025-21670 at NVD CVE-2025-21674 at SUSE CVE-2025-21674 at NVD CVE-2025-21675 at SUSE CVE-2025-21675 at NVD CVE-2025-21676 at SUSE CVE-2025-21676 at NVD CVE-2025-21678 at SUSE CVE-2025-21678 at NVD CVE-2025-21682 at SUSE CVE-2025-21682 at NVD cpe:/o:opensuse:leap:15.6 Security update for tomcat (Important) openSUSE Leap 15.6 This update for tomcat fixes the following issues: Update to Tomcat 9.0.98 - Fixed CVEs: + CVE-2024-54677: DoS in examples web application (bsc#1234664) + CVE-2024-50379: RCE due to TOCTOU issue in JSP compilation (bsc#1234663) + CVE-2024-52317: Request/response mix-up with HTTP/2 (bsc#1233435) - Catalina + Add: Add option to serve resources from subpath only with WebDAV Servlet like with DefaultServlet. (michaelo) + Fix: Add special handling for the protocols attribute of SSLHostConfig in storeconfig. (remm) + Fix: 69442: Fix case sensitive check on content-type when parsing request parameters. (remm) + Code: Refactor duplicate code for extracting media type and subtype from content-type into a single method. (markt) + Fix: Compatibility of generated embedded code with components where constructors or property related methods throw a checked exception. (remm) + Fix: The previous fix for inconsistent resource metadata during concurrent reads and writes was incomplete. (markt) + Fix: 69444: Ensure that the javax.servlet.error.message request attribute is set when an application defined error page is called. (markt) + Fix: Avoid quotes for numeric values in the JSON generated by the status servlet. (remm) + Add: Add strong ETag support for the WebDAV and default servlet, which can be enabled by using the useStrongETags init parameter with a value set to true. The ETag generated will be a SHA-1 checksum of the resource content. (remm) + Fix: Use client locale for directory listings. (remm) + Fix: 69439: Improve the handling of multiple Cache-Control headers in the ExpiresFilter. Based on pull request #777 by Chenjp. (markt) + Fix: 69447: Update the support for caching classes the web application class loader cannot find to take account of classes loaded from external repositories. Prior to this fix, these classes could be incorrectly marked as not found. (markt) + Fix: 69466: Rework handling of HEAD requests. Headers explicitly set by users will not be removed and any header present in a HEAD request will also be present in the equivalent GET request. There may be some headers, as per RFC 9110, section 9.3.2, that are present in a GET request that are not present in the equivalent HEAD request. (markt) + Fix: 69471: Log instances of CloseNowException caught by ApplicationDispatcher.invoke() at debug level rather than error level as they are very likely to have been caused by a client disconnection or similar I/O issue. (markt) + Add: Add a test case for the fix for 69442. Also refactor references to application/x-www-form-urlencoded. Based on pull request #779 by Chenjp. (markt) + Fix: 69476: Catch possible ISE when trying to report PUT failure in the DefaultServlet. (remm) + Add: Add support for RateLimit header fields for HTTP (draft) in the RateLimitFilter. Based on pull request #775 provided by Chenjp. (markt) + Add: #787: Add regression tests for 69478. Pull request provided by Thomas Krisch. (markt) + Fix: The default servlet now rejects HTTP range requests when two or more of the requested ranges overlap. Based on pull request #782 provided by Chenjp. (markt) + Fix: Enhance Content-Range verification for partial PUT requests handled by the default servlet. Provided by Chenjp in pull request #778. (markt) + Fix: Harmonize DataSourceStore lookup in the global resources to optionally avoid the comp/env prefix which is usually not used there. (remm) + Fix: As required by RFC 9110, the HTTP Range header will now only be processed for GET requests. Based on pull request #790 provided by Chenjp. (markt) + Fix: Deprecate the useAcceptRanges initialisation parameter for the default servlet. It will be removed in Tomcat 12 onwards where it will effectively be hard coded to true. (markt) + Add: Add DataSource based property storage for the WebdavServlet. (remm) - Coyote + Fix: Align encodedSolidusHandling with the Servlet specification. If the pass-through mode is used, any %25 sequences will now also be passed through to avoid errors and/or corruption when the application decodes the path. (markt) - Jasper + Fix: Further optimise EL evaluation of method parameters. Patch provided by Paolo B. (markt) + Fix: Follow-up to the fix for 69381. Apply the optimisation for method lookup performance in expression language to an additional location. (markt) - Web applications + Fix: Documentation. Remove references to the ResourceParams element. Support for ResourceParams was removed in Tomcat 5.5.x. (markt) + Fix: Documentation. 69477: Correct name of attribute for RemoteIPFilter. The attribute is internalProxies rather than allowedInternalProxies. Pull request #786 (markt) + Fix: Examples. Fix broken links when Servlet Request Info example is called via a URL that includes a pathInfo component. (markt) + Fix: Examples. Expand the obfuscation of session cookie values in the request header example to JSON responses. (markt) + Add: Examples. Add the ability to delete session attributes in the servlet session example. (markt) + Add: Examples. Add a hard coded limit of 10 attributes per session for the servlet session example. (markt) + Add: Examples. Add the ability to delete session attributes and add a hard coded limit of 10 attributes per session for the JSP form authentication example. (markt) + Add: Examples. Limit the shopping cart example to only allow adding the pre-defined items to the cart. (markt) + Fix: Examples. Remove JSP calendar example. (markt) - Other + Fix: 69465: Fix warnings during native image compilation using the Tomcat embedded JARs. (markt) + Update: Update Tomcat's fork of Commons DBCP to 2.13.0. (markt) + Update: Update EasyMock to 5.5.0. (markt) + Update: Update Checkstyle to 10.20.2. (markt) + Update: Update BND to 7.1.0. (markt) + Add: Improvements to French translations. (remm) + Add: Improvements to Korean translations. (markt) + Add: Improvements to Chinese translations. (markt) + Add: Improvements to Japanese translations by tak7iji. (markt) Important SUSE bug 1233435 SUSE bug 1234663 SUSE bug 1234664 SUSE bug 1236809 CVE-2024-50379 at SUSE CVE-2024-50379 at NVD CVE-2024-52317 at SUSE CVE-2024-52317 at NVD CVE-2024-54677 at SUSE CVE-2024-54677 at NVD CVE-2024-56337 at SUSE CVE-2024-56337 at NVD cpe:/o:opensuse:leap:15.6 Security update for buildah (Moderate) openSUSE Leap 15.6 This update for buildah fixes the following issues: - CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of CONTINUATION frames read for an HTTP/2 request in golang.org/x/net/http2. (bsc#1236531) Moderate SUSE bug 1236531 CVE-2023-45288 at SUSE CVE-2023-45288 at NVD cpe:/o:opensuse:leap:15.6 Security update for glibc (Low) openSUSE Leap 15.6 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) Low SUSE bug 1236282 CVE-2025-0395 at SUSE CVE-2025-0395 at NVD cpe:/o:opensuse:leap:15.6 Security update for openvswitch (Important) openSUSE Leap 15.6 This update for openvswitch fixes the following issues: - CVE-2025-0650: ovn: egress ACLs may be bypassed via specially crafted UDP packet (bsc#1236353). Important SUSE bug 1236353 CVE-2025-0650 at SUSE CVE-2025-0650 at NVD cpe:/o:opensuse:leap:15.6 Security update for openssh (Moderate) openSUSE Leap 15.6 This update for openssh fixes the following issues: - CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (bsc#1237040). - CVE-2025-26466: Fixed DoS attack against OpenSSH's client and server (bsc#1237041). Moderate SUSE bug 1237040 SUSE bug 1237041 CVE-2025-26465 at SUSE CVE-2025-26465 at NVD CVE-2025-26466 at SUSE CVE-2025-26466 at NVD cpe:/o:opensuse:leap:15.6 Security update for grub2 (Important) openSUSE Leap 15.6 This update for grub2 fixes the following issues: - CVE-2024-45781: Fixed strcpy overflow in ufs. (bsc#1233617) - CVE-2024-56737: Fixed a heap-based buffer overflow in hfs. (bsc#1234958) - CVE-2024-45782: Fixed strcpy overflow in hfs. (bsc#1233615) - CVE-2024-45780: Fixed an overflow in tar/cpio. (bsc#1233614) - CVE-2024-45783: Fixed a refcount overflow in hfsplus. (bsc#1233616) - CVE-2024-45774: Fixed a heap overflow in JPEG parser. (bsc#1233609) - CVE-2024-45775: Fixed a missing NULL check in extcmd parser. (bsc#1233610) - CVE-2024-45776: Fixed an overflow in .MO file handling. (bsc#1233612) - CVE-2024-45777: Fixed an integer overflow in gettext. (bsc#1233613) - CVE-2024-45778: Fixed bfs filesystem by removing it from lockdown capable modules. (bsc#1233606) - CVE-2024-45779: Fixed a heap overflow in bfs. (bsc#1233608) - CVE-2024-49504: Fixed an issue that can bypass TPM-bound disk encryption on SL(E)M encrypted Images. (bsc#1229164) - CVE-2025-0624: Fixed an out-of-bounds write during the network boot process. (bsc#1236316) - CVE-2025-0622: Fixed a use-after-free when handling hooks during module unload in command/gpg . (bsc#1236317) - CVE-2025-0690: Fixed an integer overflow that may lead to an out-of-bounds write through the read command. (bsc#1237012) - CVE-2025-1118: Fixed an issue where the dump command was not being blocked when grub was in lockdown mode. (bsc#1237013) - CVE-2025-0677: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in ufs. (bsc#1237002) - CVE-2025-0684: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in reiserfs. (bsc#1237008) - CVE-2025-0685: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in jfs. (bsc#1237009) - CVE-2025-0686: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in romfs. (bsc#1237010) - CVE-2025-0689: Fixed a heap-based buffer overflow in udf that may lead to arbitrary code execution. (bsc#1237011) - CVE-2025-1125: Fixed an integer overflow that may lead to an out-of-bounds write in hfs. (bsc#1237014) - CVE-2025-0678: Fixed an integer overflow that may lead to an out-of-bounds write in squash4. (bsc#1237006) Important SUSE bug 1229163 SUSE bug 1229164 SUSE bug 1233606 SUSE bug 1233608 SUSE bug 1233609 SUSE bug 1233610 SUSE bug 1233612 SUSE bug 1233613 SUSE bug 1233614 SUSE bug 1233615 SUSE bug 1233616 SUSE bug 1233617 SUSE bug 1234958 SUSE bug 1236316 SUSE bug 1236317 SUSE bug 1237002 SUSE bug 1237006 SUSE bug 1237008 SUSE bug 1237009 SUSE bug 1237010 SUSE bug 1237011 SUSE bug 1237012 SUSE bug 1237013 SUSE bug 1237014 CVE-2024-45774 at SUSE CVE-2024-45774 at NVD CVE-2024-45775 at SUSE CVE-2024-45775 at NVD CVE-2024-45776 at SUSE CVE-2024-45776 at NVD CVE-2024-45777 at SUSE CVE-2024-45777 at NVD CVE-2024-45778 at SUSE CVE-2024-45778 at NVD CVE-2024-45779 at SUSE CVE-2024-45779 at NVD CVE-2024-45780 at SUSE CVE-2024-45780 at NVD CVE-2024-45781 at SUSE CVE-2024-45781 at NVD CVE-2024-45782 at SUSE CVE-2024-45782 at NVD CVE-2024-45783 at SUSE CVE-2024-45783 at NVD CVE-2024-49504 at SUSE CVE-2024-49504 at NVD CVE-2024-56737 at SUSE CVE-2024-56737 at NVD CVE-2025-0622 at SUSE CVE-2025-0622 at NVD CVE-2025-0624 at SUSE CVE-2025-0624 at NVD CVE-2025-0677 at SUSE CVE-2025-0677 at NVD CVE-2025-0678 at SUSE CVE-2025-0678 at NVD CVE-2025-0684 at SUSE CVE-2025-0684 at NVD CVE-2025-0685 at SUSE CVE-2025-0685 at NVD CVE-2025-0686 at SUSE CVE-2025-0686 at NVD CVE-2025-0689 at SUSE CVE-2025-0689 at NVD CVE-2025-0690 at SUSE CVE-2025-0690 at NVD CVE-2025-1118 at SUSE CVE-2025-1118 at NVD CVE-2025-1125 at SUSE CVE-2025-1125 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaFirefox (Important) openSUSE Leap 15.6 This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 128.6.0 ESR * Fixed: Various security fixes. MFSA 2025-02 (bsc#1234991) * CVE-2025-0237 (bmo#1915257) WebChannel APIs susceptible to confused deputy attack * CVE-2025-0238 (bmo#1915535) Use-after-free when breaking lines * CVE-2025-0239 (bmo#1929156) Alt-Svc ALPN validation failure when redirected * CVE-2025-0240 (bmo#1929623) Compartment mismatch when parsing JavaScript JSON module * CVE-2025-0241 (bmo#1933023) Memory corruption when using JavaScript Text Segmentation * CVE-2025-0242 (bmo#1874523, bmo#1926454, bmo#1931873, bmo#1932169) Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6 * CVE-2025-0243 (bmo#1827142, bmo#1932783) Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6 - Firefox Extended Support Release 128.5.2 ESR * Fixed: Fixed a crash experienced by Windows users with Qihoo 360 Total Security Antivirus software installed (bmo#1934258) Important SUSE bug 1234991 CVE-2025-0237 at SUSE CVE-2025-0237 at NVD CVE-2025-0238 at SUSE CVE-2025-0238 at NVD CVE-2025-0239 at SUSE CVE-2025-0239 at NVD CVE-2025-0240 at SUSE CVE-2025-0240 at NVD CVE-2025-0241 at SUSE CVE-2025-0241 at NVD CVE-2025-0242 at SUSE CVE-2025-0242 at NVD CVE-2025-0243 at SUSE CVE-2025-0243 at NVD cpe:/o:opensuse:leap:15.6 Security update for netty, netty-tcnative (Important) openSUSE Leap 15.6 This update for netty, netty-tcnative fixes the following issues: - CVE-2025-24970: incorrect validation of packets by SslHandler can lead to a native crash. (bsc#1237037) - CVE-2025-25193: unsafe reading of environment files can lead to an application crash. (bsc#1237038) Update to netty version 4.1.118 and netty-tcnative version 2.0.70 Final. Other fixes: - Fix recycling in CodecOutputList. - StreamBufferingEncoder: do not send header frame with priority by default. - Notify event loop termination future of unexpected exceptions. - Fix AccessControlException in GlobalEventExecutor. - AdaptivePoolingAllocator: round chunk sizes up and reduce chunk release frequency. - Support BouncyCastle FIPS for reading PEM files. - Dns: correctly encode DnsPtrRecord. - Provide Brotli settings without com.aayushatharva.brotli4j dependency. - Make DefaultResourceLeak more resilient against OOM. - OpenSslSession: add support to defensively check for peer certs. - SslHandler: ensure buffers are never leaked when wrap(...) produces SSLException. - Correcly handle comments appended to nameserver declarations. - PcapWriteHandler: apply fixes so that the handler can append to an existing PCAP file when writing the global header. - PcapWriteHandler: allow output of PCAP files larger than 2GB. - Fix bugs in BoundedInputStream. - Fix HTTP header validation bug. - AdaptivePoolingAllocator: fix possible race condition in method offerToQueue(...). - AdaptivePoolingAllocator: make sure the sentinel object Magazine.MAGAZINE_FREED not be replaced. - Only try to use Zstd and Brotli if the native libs can be loaded. - Bump BlockHound version to 1.0.10.RELEASE. - Add details to TooLongFrameException message. - AdaptivePoolingAllocator: correctly reuse chunks. - AdaptivePoolingAllocator: don't fail when we run on a host with 1 core. - AdaptivePoolingAllocator: correctly re-use central queue chunks and avoid OOM issue. - Fix several memory management (leaks and missing checks) issues. Important SUSE bug 1237037 SUSE bug 1237038 CVE-2025-24970 at SUSE CVE-2025-24970 at NVD CVE-2025-25193 at SUSE CVE-2025-25193 at NVD cpe:/o:opensuse:leap:15.6 Security update for ucode-intel (Moderate) openSUSE Leap 15.6 This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20250211 release (bsc#1237096) - CVE-2024-31068: Improper Finite State Machines (FSMs) in Hardware Logic for some Intel Processors may allow privileged user to potentially enable denial of service via local access. - CVE-2024-36293: A potential security vulnerability in some Intel Software Guard Extensions (Intel SGX) Platforms may allow denial of service. Intel is releasing microcode updates to mitigate this potential vulnerability. - CVE-2024-39355: A potential security vulnerability in some 13th and 14th Generation Intel Core Processors may allow denial of service. Intel is releasing microcode and UEFI reference code updates to mitigate this potential vulnerability. - CVE-2024-37020: A potential security vulnerability in the Intel Data Streaming Accelerator (Intel DSA) for some Intel Xeon Processors may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability. - New Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | SRF-SP | C0 | 06-af-03/01 | | 03000330 | Xeon 6700-Series Processors with E-Cores ### Updated Platforms | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | ADL | C0 | 06-97-02/07 | 00000037 | 00000038 | Core Gen12 | ADL | H0 | 06-97-05/07 | 00000037 | 00000038 | Core Gen12 | ADL | L0 | 06-9a-03/80 | 00000435 | 00000436 | Core Gen12 | ADL | R0 | 06-9a-04/80 | 00000435 | 00000436 | Core Gen12 | ADL-N | N0 | 06-be-00/19 | 0000001a | 0000001c | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E | AZB | A0/R0 | 06-9a-04/40 | 00000007 | 00000009 | Intel(R) Atom(R) C1100 | CFL-H | R0 | 06-9e-0d/22 | 00000100 | 00000102 | Core Gen9 Mobile | CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f8 | 000000fa | Core Gen8 Desktop, Mobile, Xeon E | EMR-SP | A0 | 06-cf-01/87 | 21000283 | 21000291 | Xeon Scalable Gen5 | EMR-SP | A1 | 06-cf-02/87 | 21000283 | 21000291 | Xeon Scalable Gen5 | ICL-D | B0 | 06-6c-01/10 | 010002b0 | 010002c0 | Xeon D-17xx, D-27xx | ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003e7 | 0d0003f5 | Xeon Scalable Gen3 | RPL-E/HX/S | B0 | 06-b7-01/32 | 0000012b | 0000012c | Core Gen13/Gen14 | RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004123 | 00004124 | Core Gen13 | RPL-HX/S | C0 | 06-bf-02/07 | 00000037 | 00000038 | Core Gen13/Gen14 | RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004123 | 00004124 | Core Gen13 | RPL-S | H0 | 06-bf-05/07 | 00000037 | 00000038 | Core Gen13/Gen14 | RKL-S | B0 | 06-a7-01/02 | 00000062 | 00000063 | Core Gen11 | SPR-HBM | Bx | 06-8f-08/10 | 2c000390 | 2c0003e0 | Xeon Max | SPR-SP | E4/S2 | 06-8f-07/87 | 2b000603 | 2b000620 | Xeon Scalable Gen4 | SPR-SP | E5/S3 | 06-8f-08/87 | 2b000603 | 2b000620 | Xeon Scalable Gen4 | TWL | N0 | 06-be-00/19 | 0000001a | 0000001c | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E ### New Disclosures Updated in Prior Releases | Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |:---------------|:---------|:------------|:---------|:---------|:--------- | CFL-H/S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9 Moderate SUSE bug 1237096 CVE-2024-31068 at SUSE CVE-2024-31068 at NVD CVE-2024-36293 at SUSE CVE-2024-36293 at NVD CVE-2024-37020 at SUSE CVE-2024-37020 at NVD CVE-2024-39355 at SUSE CVE-2024-39355 at NVD cpe:/o:opensuse:leap:15.6 Security update for emacs (Important) openSUSE Leap 15.6 This update for emacs fixes the following issues: - CVE-2025-1244: improper handling of custom 'man' URI schemes allow for shell command injections. (bsc#1237091) Important SUSE bug 1237091 CVE-2025-1244 at SUSE CVE-2025-1244 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Jinja2 (Important) openSUSE Leap 15.6 This update for python-Jinja2 fixes the following issues: - CVE-2024-56201: Fixed sandbox breakout through malicious content and filename of a template (bsc#1234808) - CVE-2024-56326: Fixed sandbox breakout through indirect reference to format method (bsc#1234809) Important SUSE bug 1234808 SUSE bug 1234809 CVE-2024-56201 at SUSE CVE-2024-56201 at NVD CVE-2024-56326 at SUSE CVE-2024-56326 at NVD cpe:/o:opensuse:leap:15.6 Security update for brise (Important) openSUSE Leap 15.6 This update for brise fixes the following issues: - CVE-2025-21613: Fixed argument injection via the URL field (bsc#1235573). - CVE-2024-45337: Fixed authorization bypass in golang.org/x/crypto via the ServerConfig.PublicKeyCallback callback (bsc#1234597). Important SUSE bug 1234597 SUSE bug 1235573 CVE-2024-45337 at SUSE CVE-2024-45337 at NVD CVE-2025-21613 at SUSE CVE-2025-21613 at NVD cpe:/o:opensuse:leap:15.6 Security update for helm (Important) openSUSE Leap 15.6 This update for helm fixes the following issues: Update to version 3.17.1: - CVE-2024-45338: Fixed denial of service due to non-linear parsing of case-insensitive content (bsc#1235318). - CVE-2024-45337: Fixed misuse of ServerConfig.PublicKeyCallback to prevent authorization bypass in golang.org/x/crypto (bsc#1234482). Important SUSE bug 1234482 SUSE bug 1235318 CVE-2024-45337 at SUSE CVE-2024-45337 at NVD CVE-2024-45338 at SUSE CVE-2024-45338 at NVD cpe:/o:opensuse:leap:15.6 Security update for ovmf (Important) openSUSE Leap 15.6 This update for ovmf fixes the following issues: - PXE boot is failing due to patches applied to fix CVE-2023-45236 and CVE-2023-45237 (bsc#1237084). Important SUSE bug 1237084 CVE-2023-45236 at SUSE CVE-2023-45236 at NVD CVE-2023-45237 at SUSE CVE-2023-45237 at NVD cpe:/o:opensuse:leap:15.6 Security update for google-osconfig-agent (Important) openSUSE Leap 15.6 This update for google-osconfig-agent fixes the following issues: - CVE-2024-45339: github.com/golang/glog: a privileged process' log file path can be easily predicted and used to overwrite other sensitive files in a system. (bsc#1236560) Important SUSE bug 1236560 CVE-2024-45339 at SUSE CVE-2024-45339 at NVD cpe:/o:opensuse:leap:15.6 Security update for openssl-1_1 (Moderate) openSUSE Leap 15.6 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771). Moderate SUSE bug 1236136 SUSE bug 1236771 CVE-2024-13176 at SUSE CVE-2024-13176 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql15 (Important) openSUSE Leap 15.6 This update for postgresql15 fixes the following issues: Upgrade to 15.12: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings (bsc#1237093). Important SUSE bug 1237093 CVE-2025-1094 at SUSE CVE-2025-1094 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql17 (Important) openSUSE Leap 15.6 This update for postgresql17 fixes the following issues: Upgrade to 17.4: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings (bsc#1237093). Important SUSE bug 1237093 CVE-2025-1094 at SUSE CVE-2025-1094 at NVD cpe:/o:opensuse:leap:15.6 Security update for gstreamer (Important) openSUSE Leap 15.6 This update for gstreamer fixes the following issues: - CVE-2024-47606: Avoid integer overflow when allocating sysmem. (bsc#1234449). Important SUSE bug 1234449 CVE-2024-47606 at SUSE CVE-2024-47606 at NVD cpe:/o:opensuse:leap:15.6 Security update for grafana (Important) openSUSE Leap 15.6 This update for grafana fixes the following issues: grafana was updated from version 10.4.13 to 10.4.15: - Security issues fixed: * CVE-2024-45339: Fixed vulnerability when creating log files (bsc#1236559) * CVE-2024-11741: Fixed the Grafana Alerting VictorOps integration (bsc#1236734) * CVE-2025-21613: Removed vulnerable library github.com/go-git/go-git/v5 (bsc#1235574) * CVE-2024-28180: Fixed improper handling of highly compressed data (bsc#1235206) - Other bugs fixed and changes: * Alerting: Do not fetch Orgs if the user is authenticated by apikey/sa or render key * Added provisioning directories * Use /bin/bash in wrapper scripts Important SUSE bug 1235206 SUSE bug 1235574 SUSE bug 1236559 SUSE bug 1236734 CVE-2024-11741 at SUSE CVE-2024-11741 at NVD CVE-2024-28180 at SUSE CVE-2024-28180 at NVD CVE-2024-45339 at SUSE CVE-2024-45339 at NVD CVE-2025-21613 at SUSE CVE-2025-21613 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql14 (Important) openSUSE Leap 15.6 This update for postgresql14 fixes the following issues: Upgrade to 14.17: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings (bsc#1237093). Important SUSE bug 1237093 CVE-2025-1094 at SUSE CVE-2025-1094 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql16 (Important) openSUSE Leap 15.6 This update for postgresql16 fixes the following issues: Upgrade to 16.8: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings (bsc#1237093). Important SUSE bug 1237093 CVE-2025-1094 at SUSE CVE-2025-1094 at NVD cpe:/o:opensuse:leap:15.6 Security update for gstreamer-plugins-base (Important) openSUSE Leap 15.6 This update for gstreamer-plugins-base fixes the following issues: - CVE-2024-47538: Fixed a stack-buffer overflow in vorbis_handle_identification_packet. (bsc#1234415) - CVE-2024-47835: Fixed a NULL-pointer dereference in LRC subtitle parser. (bsc#1234450) - CVE-2024-47600: Fixed an out-of-bounds read in gst-discoverer-1.0 commandline tool. (bsc#1234453) - CVE-2024-47615: Fixed an out-of-bounds write in Ogg demuxer. (bsc#1234456) - CVE-2024-47541: Fixed an out-of-bounds write in SSA subtitle parser. (bsc#1234459) - CVE-2024-47542: Fixed an ID3v2 parser out-of-bounds read and NULL-pointer dereference. (bsc#1234460) - CVE-2024-47607: Fixed a stack buffer-overflow in Opus decoder. (bsc#1234455) Important SUSE bug 1234415 SUSE bug 1234450 SUSE bug 1234453 SUSE bug 1234455 SUSE bug 1234456 SUSE bug 1234459 SUSE bug 1234460 CVE-2024-47538 at SUSE CVE-2024-47538 at NVD CVE-2024-47541 at SUSE CVE-2024-47541 at NVD CVE-2024-47542 at SUSE CVE-2024-47542 at NVD CVE-2024-47600 at SUSE CVE-2024-47600 at NVD CVE-2024-47607 at SUSE CVE-2024-47607 at NVD CVE-2024-47615 at SUSE CVE-2024-47615 at NVD CVE-2024-47835 at SUSE CVE-2024-47835 at NVD cpe:/o:opensuse:leap:15.6 Security update for apptainer (Moderate) openSUSE Leap 15.6 This update for apptainer fixes the following issues: - Update to version 1.3.6 - CVE-2024-28180: Fixed an improper handling of highly compressed data in go-jose. (bsc#1235211) Moderate SUSE bug 1235211 CVE-2024-28180 at SUSE CVE-2024-28180 at NVD cpe:/o:opensuse:leap:15.6 Feature update for slurm and pdsh (Moderate) openSUSE Leap 15.6 This update for slurm and pdsh fixes the following issues: slurm was updated to version 24.11.1 using package slurm_24_11: - Security issues fixed: * CVE-2024-48936: Fixed authentication handling in stepmgr that could permit an attacker to execute processes under other users' jobs (bsc#1236722) * CVE-2024-42511: Fixed vulnerability with switch plugins where a user could override the isolation between Slingshot VNIs or IMEX channels (bsc#1236726) - Important remarks: * Slurm can be upgraded from version 23.02, 23.11 or 24.05 to version 24.11 without loss of jobs or other state information. Upgrading directly from an earlier version of Slurm will result in loss of state information. * If using the `slurmdbd` (Slurm DataBase Daemon) you must update this first. * The 24.11 `slurmdbd` will work with Slurm daemons of version 23.02 and above. You will not need to update all clusters at the same time, but it is very important to update `slurmdbd` first and having it running before updating any other clusters making use of it. * If using a backup DBD you must start the primary first to do any database conversion, the backup will not start until this has happened. * All SPANK plugins must be recompiled when upgrading from any Slurm version prior to 24.11. - Highlights of changes: * Fixed issues related to the modified startup handling for slurmdbd: moved PID file to `/run/slurmdbd` (bsc#1236928) * Create slurm-owned log file on behalf of slurmdbd (bsc#1236929) * Added report AccountUtilizationByQOS to sreport. * `AccountUtilizationByUser` is able to be filtered by QOS. * Added autodetected gpus to the output of `slurmd -C` * Added ability to submit jobs with multiple QOS. These are sorted by priority highest being the first. * Removed the instant on feature from `switch/hpe_slingshot`. * `slurmctld` : Changed incoming RPC handling to dedicated thread pool with asynchronous handling of I/O that can be configured via `conmgr_*` entries under `SlurmctldParameters` in `slurm.conf`. - Configuration File Changes (see appropriate man page for details) * Added `SchedulerParameters=bf_allow_magnetic_slot` option. It allows jobs in magnetic reservations to be planned by backfill scheduler. * Added `TopologyParam=TopoMaxSizeUnroll=#` to allow `--nodes=<min>-<max>` for `topology/block`. * Added `DataParserParameters` `slurm.conf` parameter to allow setting default value for CLI `--json` and `--yaml` arguments. * Hardware collectives in `switch/hpe_slingshot` now requires `enable_stepmgr`. * Added connection related parameters to `slurm.conf` under `SlurmctldParameters`: `conmgr_max_connections`: Defaults to 150 connections. `conmgr_threads`: Defaults to 64 threads for slurmctld. `conmgr_use_poll`: Defaults is to use epoll in Linux. `conmgr_connect_timeout`: Defaults to `MessageTimeout`. `conmgr_read_timeout`: Defaults to `MessageTimeout`. `conmgr_wait_write_delay`: Defaults to `MessageTimeout`. `conmgr_write_timeout`: Defaults to MessageTimeout. * Added `SlurmctldParamters=ignore_constraint_validation` to ignore `constraint/feature` validation at submission. * Added `SchedulerParameters=bf_topopt_enable` option to enable experimental hook to control backfill. - Command Changes (see man pages for details): * Remove srun `--cpu-bind=rank`. * Add `'%b'` as a file name pattern for the array task id modulo 10. * `sacct` : Respect `--noheader` for `--batch-script` and `--env-vars`. * Add `sacctmgr ping` command to query status of `slurmdbd`. * `sbcast` : Add `--nodelist` option to specify where files are transmitted to * `sbcast` : Add `--no-allocation` option to transmit files to nodes outside of a job allocation. * `slurmdbd` : Add `-u` option. This is used to determine if restarting the DBD will result in database conversion. * Remove `salloc --get-user-env`. * `scontrol` : Add `--json`/`--yaml` support to `listpids`. * `scontrol` : Add `liststeps`. * `scontrol` : Add `listjobs`. * `scontrol show topo` : Show aggregated block sizes when using topology/block. - API Changes: * Remove `burst_buffer/lua` call `slurm.job_info_to_string()`. * `job_submit/lua` : Add `assoc_qos` attribute to `job_desc` to display all potential QOS's for a job's association. * `job_submit/lua` : Add `slurm.get_qos_priority()` function to retrieve the given QOS's priority. - SLURMRESTD Changes: * Removed fields deprecated in the Slurm-23.11 release from v0.0.42 endpoints. * Removed v0.0.39 plugins. * Set `data_parser/v0.0.42+prefer_refs` flag to default. * Add `data_parser/v0.0.42+minimize_refs` flag to inline single referenced schemas in the OpenAPI schema to get default behavior of `data_parser/v0.0.41`. * Rename v0.0.42 `JOB_INFO` field `minimum_switches` to `required_switches` to reflect the actual behavior. * Rename v0.0.42 `ACCOUNT_CONDITION` field `assocation` to `association` (typo). * Tag `slurmdb/v0.0.42/jobs pid` field deprecated. - For details on the changes in this version update, consult Slurm 24.11 changelog pdsh: - Fix version test for munge build (bsc#1236156) - Dropped Slurm support for s390x and i586: Slurm no longer builds for s390x or 32bit - Implementation of package `pdsh-slurm_24_11` compatible with Slurm 24.11 Moderate SUSE bug 1236722 SUSE bug 1236726 SUSE bug 1236928 SUSE bug 1236929 CVE-2024-42511 at SUSE CVE-2024-42511 at NVD CVE-2024-48936 at SUSE CVE-2024-48936 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-1_8_0-ibm (Moderate) openSUSE Leap 15.6 This update for java-1_8_0-ibm fixes the following issues: Update to Java 8.0 Service Refresh 8 Fix Pack 40 (bsc#1236470): - CVE-2025-21502: unauthenticated attacker can obtain unauthorized read and write access to data through the Hotspot component API (bsc#1236278). Moderate SUSE bug 1233296 SUSE bug 1236278 SUSE bug 1236470 CVE-2024-10917 at SUSE CVE-2024-10917 at NVD CVE-2025-21502 at SUSE CVE-2025-21502 at NVD cpe:/o:opensuse:leap:15.6 Security update for pam_pkcs11 (Moderate) openSUSE Leap 15.6 This update for pam_pkcs11 fixes the following issues: - CVE-2025-24032: default value for `cert_policy` (`none`) allows for authentication bypass (bsc#1237062). - CVE-2025-24031: uninitialized pointer dereference caused by user pressing ctrl-c/ctrl-d when asked for PIN leads to crash (bsc#1237058). Moderate SUSE bug 1237058 SUSE bug 1237062 CVE-2025-24031 at SUSE CVE-2025-24031 at NVD CVE-2025-24032 at SUSE CVE-2025-24032 at NVD cpe:/o:opensuse:leap:15.6 Security update for webkit2gtk3 (Important) openSUSE Leap 15.6 This update for webkit2gtk3 fixes the following issues: Update to version 2.46.6 (bsc#1236946): - CVE-2025-24143: A maliciously crafted webpage may be able to fingerprint the user. - CVE-2025-24150: Copying a URL from Web Inspector may lead to command injection. - CVE-2025-24158: Processing web content may lead to a denial-of-service. - CVE-2025-24162: Processing maliciously crafted web content may lead to an unexpected process crash. Already fixed in previous releases: - CVE-2024-54543: Processing maliciously crafted web content may lead to memory corruption. - CVE-2024-27856: Processing a file may lead to unexpected app termination or arbitrary code execution. - CVE-2024-54658: Processing web content may lead to a denial-of-service. Important SUSE bug 1236946 CVE-2024-27856 at SUSE CVE-2024-27856 at NVD CVE-2024-54543 at SUSE CVE-2024-54543 at NVD CVE-2024-54658 at SUSE CVE-2024-54658 at NVD CVE-2025-24143 at SUSE CVE-2025-24143 at NVD CVE-2025-24150 at SUSE CVE-2025-24150 at NVD CVE-2025-24158 at SUSE CVE-2025-24158 at NVD CVE-2025-24162 at SUSE CVE-2025-24162 at NVD cpe:/o:opensuse:leap:15.6 Security update for dnsmasq (Important) openSUSE Leap 15.6 This update for dnsmasq fixes the following issues: - Version update to 2.90: - CVE-2023-50387: Fixed a Denial Of Service while trying to validate specially crafted DNSSEC responses. (bsc#1219823) - CVE-2023-50868: Fixed a Denial Of Service while trying to validate specially crafted DNSSEC responses. (bsc#1219826) - CVE-2023-28450: Default maximum EDNS.0 UDP packet size should be 1232. (bsc#1209358) Important SUSE bug 1200344 SUSE bug 1207174 SUSE bug 1209358 SUSE bug 1214884 SUSE bug 1219823 SUSE bug 1219826 CVE-2023-28450 at SUSE CVE-2023-28450 at NVD CVE-2023-50387 at SUSE CVE-2023-50387 at NVD CVE-2023-50868 at SUSE CVE-2023-50868 at NVD cpe:/o:opensuse:leap:15.6 Recommended update for Maven (Moderate) openSUSE Leap 15.6 This update for Maven fixes the following issues: maven-dependency-analyzer was updated from version 1.13.2 to 1.15.1: - Key changes across versions: * Bug fixes and improved support of dynamic types * Dependency upgrades (ASM, Maven core, and notably the removal of commons-io) * Improved error handling by logging instead of failing * Improved dependency usage tracking maven-dependency-plugin was updated from version 3.6.0 to 3.8.1: - Key changes across versions: * Dependency upgrades on maven-dependency-analyzer and Doxia * Deprecated dependency:sources in favor of dependency:resolve-sources * Documentation improvements * New dependency analysis goal to check for invalid exclusions * New JSON output option for dependency:tree * Performance improvements * Several bug fixes addressing: + The handling of silent parameters + The display of the optional flag in the tree + The clarity of some error messages maven-doxia-sitetools was updated from version 1.11.1 to 2.0.0: - Key changes across versions: * New features: + Passing the input filename to the parser + Adding a timezone field to the site descriptor + Configuring parsers per markup * Improvements: + Clarifying site descriptor properties + Requiring a skin if a site descriptor (site.xml) has been provided + Optimization of resource handling + Overhauled locale support + Refinined menu item display + Use of Maven Resolver for artifact resolution + Enhanced Velocity context population + Automating anchor creation * Internal changes: + Migration from Plexus to Sisu + Upgraded to Java 8 + Removal of deprecated components and features (such as Maven 1.x support, Google-related properties) + Simplified the site model + Improved the DocumentRenderer interface/DocumentRenderingContext class API * Several bug fixes addressing: + The Plexus to Sisu migration + Decoration model injection + Anchor creation + XML character escaping + Handling of 0-byte site descriptors maven-doxia was updated from version 1.12.0 to 2.0.0: - Key changes across versions: * Improved HTML5 Support: + Obsolete attributes and elements were removed + CSS styles are now used for styling + XHTML5 is now the default HTML implementation, and XHTML(4) is deprecated * Improved Markdown Support: + A new Markdown sink allows converting content to Markdown. + Support for various Markdown features like blockquotes, footnotes, and metadata has been added * General Improvements: + Dependencies were updated + Doxia was upgraded to Java 8 + Logging and Doxia ID generation were streamlined + Migration from Plexus to Sisu + Removed deprecated modules and code * Several bug fixes addressing: + HTML5 incorrect output such as tables, styling and missing or improperly handled attributes + Markdown formatting issues + Issues with plexus migration + Incorrect generation of unique IDs + Incorrect anchor generation for document titles + Ignored element classes maven-invoker-plugin was updated from version 3.2.2 to 3.8.1: - Key changes across versions: * Commons-lang3 was removed * Custom Maven executables, external POM files, and more CLI options are now supported * Deprecated code was cleaned up * Doxia was updated, improving HTML generation and adding Markdown support * Groovy was updated, adding support for JDK 19 * Improved Reporting and Time Handling * Enhanced syntax support for invoker properties and Maven options * Java 8 is now the minimum supported version * Maven 3.6.3 is now the minimum supported version * Several dependencies were updated or removed * Snapshot update behavior can be controlled * Several bug fixes addressing issues with: + Dependency resolution + Environment variables + File handling + Report generation + Threading maven-invoker was updated from version 3.1.0 to 3.3.0: - Key changes across versions: * Added several CLI options. * Added support to disable snapshot updates. * Added test for inherited environment * Custom Maven executables * Deprecated code was removed * External POM files * Fixed issues with builder IDs * Improved timeout handling * Java 8 is now a requirement * Tests were migrated to JUnit 5 maven-javadoc-plugin was updated from version 3.6.0 to 3.11.1: - Key changes across versions: * Addressed test cleanup and inconsistent default value * Automatic release detection for older JDKs * Clarified documentation * Dependency upgrades of org.codehaus.plexus:plexus-java and Doxia * Deprecated the 'old' parameter * Improvements include handling of Java 12+ links, user settings with invoker, and default author value. * Simplified integration tests. * Upgraded maven-plugin parent * Various bug fixes related to: + Toolchains issues + Empty JAR creation + JDK 10 compatibility + Reactor build failures + Unit test issues + Null pointer exception + Issues with skipped reports + Stale file detection + Log4j dependency dowload + Test repository creation maven-parent was updated from version 40 to 43: - Key changes across versions: * Potentially breaking changes: + Removed dependency on `maven-plugin-annotations` to better support Maven 4 plugins + Removed `checkstyle.violation.ignore` * Improved Java 21 support * Empty Surefire and PMD reports are now skipped * Disabled annotation processing by compiler * Various code cleanup and project restructuring tasks maven-plugin-tools was updated from version 3.13.0 to 3.15.1: - Key changes across versions: * Doxia and Velocity Engine upgrades * New report-no-fork goal 'report-no-fork' which will not invoke process-classes * Deprecation of o.a.m.plugins.annotations.Component * Improved Maven 3 and Maven 4 support maven-reporting-api was updated from version 3.1.1 to 4.0.0: - Key changes across versions: * API: Allow MavenReportRenderer.render() and MavenReport.canGenerateReport() to throw exceptions * Require locales to be non-null * Improve the MavenReport interface and AbstractMavenReport class * Removed unused default-report.xml file maven-reporting-implementation was updated from version 3.2.0 to 4.0.0: - Key changes across versions include: * Addressed issues with duplicate calls to canGenerateReport() * New features such markup output support, flexible section handling and verbatim source rendering * Numerous improvements to skinning, rendering, parameter handling, timestamp population and logging * Upgrade to Java 8 maven-surefire was updated from version 3.2.5 to 3.5.2: - Key changes across versions include: * Addressed issues with JUnit5 test reporting, serialization, classpath handling and compatibility with newer JDKs. * Refined handling of system properties, commons-io usage, parallel test execution and report generation. * Updated Doxia and commons-compress dependencies * Improved documentation, including FAQ fixes plexus-velocity was updated to version 2.1.0: - Upgraded Velocity Engine to 2.3 - Moved to JUnit5 velocity-engine: - New package velocity-engine-core implemented at version 2.4 Moderate CVE-2020-13936 at SUSE CVE-2020-13936 at NVD cpe:/o:opensuse:leap:15.6 Security update for logback (Important) openSUSE Leap 15.6 This update for logback fixes the following issues: - CVE-2024-12798: Fixed arbitrary code execution via JaninoEventEvaluator (bsc#1234742) - CVE-2024-12801: Fixed Server-Side Request Forgery in SaxEventRecorder (bsc#1234743) Important SUSE bug 1234742 SUSE bug 1234743 CVE-2024-12798 at SUSE CVE-2024-12798 at NVD CVE-2024-12801 at SUSE CVE-2024-12801 at NVD cpe:/o:opensuse:leap:15.6 Security update for vim (Moderate) openSUSE Leap 15.6 This update for vim fixes the following issues: Update to version 9.1.1101: - CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685). - CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822). - CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078). - CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode (bsc#1235695). - CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151). - CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137). Moderate SUSE bug 1229685 SUSE bug 1229822 SUSE bug 1230078 SUSE bug 1235695 SUSE bug 1236151 SUSE bug 1237137 CVE-2024-43790 at SUSE CVE-2024-43790 at NVD CVE-2024-43802 at SUSE CVE-2024-43802 at NVD CVE-2024-45306 at SUSE CVE-2024-45306 at NVD CVE-2025-1215 at SUSE CVE-2025-1215 at NVD CVE-2025-22134 at SUSE CVE-2025-22134 at NVD CVE-2025-24014 at SUSE CVE-2025-24014 at NVD cpe:/o:opensuse:leap:15.6 Security update for xwayland (Important) openSUSE Leap 15.6 This update for xwayland fixes the following issues: - CVE-2025-26594: Use-after-free of the root cursor (bsc#1237427). - CVE-2025-26595: Buffer overflow in XkbVModMaskText() (bsc#1237429). - CVE-2025-26596: Heap overflow in XkbWriteKeySyms() (bsc#1237430). - CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey() (bsc#1237431). - CVE-2025-26598: Out-of-bounds write in CreatePointerBarrierClient() (bsc#1237432). - CVE-2025-26599: Use of uninitialized pointer in compRedirectWindow() (bsc#1237433). - CVE-2025-26600: Use-after-free in PlayReleasedEvents() (bsc#1237434). - CVE-2025-26601: Use-after-free in SyncInitTrigger() (bsc#1237435). Important SUSE bug 1237427 SUSE bug 1237429 SUSE bug 1237430 SUSE bug 1237431 SUSE bug 1237432 SUSE bug 1237433 SUSE bug 1237434 SUSE bug 1237435 CVE-2025-26594 at SUSE CVE-2025-26594 at NVD CVE-2025-26595 at SUSE CVE-2025-26595 at NVD CVE-2025-26596 at SUSE CVE-2025-26596 at NVD CVE-2025-26597 at SUSE CVE-2025-26597 at NVD CVE-2025-26598 at SUSE CVE-2025-26598 at NVD CVE-2025-26599 at SUSE CVE-2025-26599 at NVD CVE-2025-26600 at SUSE CVE-2025-26600 at NVD CVE-2025-26601 at SUSE CVE-2025-26601 at NVD cpe:/o:opensuse:leap:15.6 Security update for xorg-x11-server (Important) openSUSE Leap 15.6 This update for xorg-x11-server fixes the following issues: - CVE-2025-26594: Use-after-free of the root cursor (bsc#1237427). - CVE-2025-26595: Buffer overflow in XkbVModMaskText() (bsc#1237429). - CVE-2025-26596: Heap overflow in XkbWriteKeySyms() (bsc#1237430). - CVE-2025-26597: Buffer overflow in XkbChangeTypesOfKey() (bsc#1237431). - CVE-2025-26598: Out-of-bounds write in CreatePointerBarrierClient() (bsc#1237432). - CVE-2025-26599: Use of uninitialized pointer in compRedirectWindow() (bsc#1237433). - CVE-2025-26600: Use-after-free in PlayReleasedEvents() (bsc#1237434). - CVE-2025-26601: Use-after-free in SyncInitTrigger() (bsc#1237435). Important SUSE bug 1237427 SUSE bug 1237429 SUSE bug 1237430 SUSE bug 1237431 SUSE bug 1237432 SUSE bug 1237433 SUSE bug 1237434 SUSE bug 1237435 CVE-2025-26594 at SUSE CVE-2025-26594 at NVD CVE-2025-26595 at SUSE CVE-2025-26595 at NVD CVE-2025-26596 at SUSE CVE-2025-26596 at NVD CVE-2025-26597 at SUSE CVE-2025-26597 at NVD CVE-2025-26598 at SUSE CVE-2025-26598 at NVD CVE-2025-26599 at SUSE CVE-2025-26599 at NVD CVE-2025-26600 at SUSE CVE-2025-26600 at NVD CVE-2025-26601 at SUSE CVE-2025-26601 at NVD cpe:/o:opensuse:leap:15.6 Security update for ruby2.5 (Important) openSUSE Leap 15.6 This update for ruby2.5 fixes the following issues: - CVE-2024-47220: Fixed a HTTP request smuggling attack in WEBrick (bsc#1230930) - CVE-2024-49761: Fixed a ReDoS vulnerability in ruby rexml (bsc#1232440) Other fixes: - [ruby/uri] Fix quadratic backtracking on invalid relative URI - [ruby/time] Make RFC2822 regexp linear - [ruby/time] Fix quadratic backtracking on invalid time - merge some parts of CGI 0.1.1 Important SUSE bug 1230930 SUSE bug 1232440 CVE-2024-47220 at SUSE CVE-2024-47220 at NVD CVE-2024-49761 at SUSE CVE-2024-49761 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql13 (Important) openSUSE Leap 15.6 This update for postgresql13 fixes the following issues: Upgrade to 13.20: - CVE-2025-1094: Harden PQescapeString and allied functions against invalidly-encoded input strings (bsc#1237093). Important SUSE bug 1237093 CVE-2025-1094 at SUSE CVE-2025-1094 at NVD cpe:/o:opensuse:leap:15.6 Security update for libX11 (Moderate) openSUSE Leap 15.6 This update for libX11 fixes the following issues: - CVE-2025-26597: improper resizing of key actions when nGroups is 0 can lead to buffer overflows in XkbChangeTypesOfKey() (bsc#1237431). Moderate SUSE bug 1237431 CVE-2025-26597 at SUSE CVE-2025-26597 at NVD cpe:/o:opensuse:leap:15.6 Security update for procps (Important) openSUSE Leap 15.6 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290). Important SUSE bug 1214290 SUSE bug 1236842 CVE-2023-4016 at SUSE CVE-2023-4016 at NVD cpe:/o:opensuse:leap:15.6 Security update for openvswitch3 (Important) openSUSE Leap 15.6 This update for openvswitch3 fixes the following issues: - CVE-2025-0650: Fixed egress ACLs that may be bypassed via specially crafted UDP packet (bsc#1236353). Important SUSE bug 1236353 CVE-2025-0650 at SUSE CVE-2025-0650 at NVD cpe:/o:opensuse:leap:15.6 Security update for libxml2 (Important) openSUSE Leap 15.6 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). Important SUSE bug 1237363 SUSE bug 1237370 SUSE bug 1237418 CVE-2024-56171 at SUSE CVE-2024-56171 at NVD CVE-2025-24928 at SUSE CVE-2025-24928 at NVD CVE-2025-27113 at SUSE CVE-2025-27113 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-azure-identity (Moderate) openSUSE Leap 15.6 This update for python-azure-identity fixes the following issues: - CVE-2024-35255: race condition leading to privilege escalation and unauthorized access to sensitive information in Azure Identity libraries (bsc#1230100). Moderate SUSE bug 1230100 CVE-2024-35255 at SUSE CVE-2024-35255 at NVD cpe:/o:opensuse:leap:15.6 Security update for azure-cli (Important) openSUSE Leap 15.6 This update for azure-cli fixes the following issues: - CVE-2024-43591: improper neutralization of special elements could allow users to run Azure CLI commands that result in certain service management operations being performed with System level permissions in Azure Defender for Cloud (bsc#1231971). Important SUSE bug 1231971 CVE-2024-43591 at SUSE CVE-2024-43591 at NVD cpe:/o:opensuse:leap:15.6 Security update for tiff (Moderate) openSUSE Leap 15.6 This update for tiff fixes the following issues: - CVE-2023-25435: Heap-buffer-overflow in extractContigSamplesShifted8bits() in tiffcrop.c (bsc#1212607). - CVE-2023-52356: Segment fault in libtiff in TIFFReadRGBATileExt() leading to denial of service (bsc#1219213). Other bugfixes: - Fixed tiff build issue on s390x as test 12 test_directory fails (bsc#1236834). Moderate SUSE bug 1212607 SUSE bug 1219213 SUSE bug 1236834 CVE-2023-25435 at SUSE CVE-2023-25435 at NVD CVE-2023-52356 at SUSE CVE-2023-52356 at NVD cpe:/o:opensuse:leap:15.6 Security update for wireshark (Important) openSUSE Leap 15.6 This update for wireshark fixes the following issues: Update to version 4.2.11: - CVE-2025-1492: uncontrolled recursion leading to a stack buffer overflow can cause Bundle Protocol and CBOR dissector to crash (bsc#1237414). Important SUSE bug 1237414 CVE-2025-1492 at SUSE CVE-2025-1492 at NVD cpe:/o:opensuse:leap:15.6 Security update for u-boot (Moderate) openSUSE Leap 15.6 This update for u-boot fixes the following issues: - CVE-2024-57256: integer overflow in U-Boot's ext4 symlink resolution function (bsc#1237284). - CVE-2024-57258: multiple integer overflows in U-Boot's memory allocator (bsc#1237287). Moderate SUSE bug 1237284 SUSE bug 1237287 CVE-2024-57256 at SUSE CVE-2024-57256 at NVD CVE-2024-57258 at SUSE CVE-2024-57258 at NVD cpe:/o:opensuse:leap:15.6 Security update for python (Moderate) openSUSE Leap 15.6 This update for python fixes the following issues: - Reference to no longer used 'bracketed_host' variable in the fix for CVE-2025-0938 (bsc#1236705, bsc#1223694). Moderate SUSE bug 1223694 SUSE bug 1236705 CVE-2025-0938 at SUSE CVE-2025-0938 at NVD cpe:/o:opensuse:leap:15.6 Security update for libxkbfile (Moderate) openSUSE Leap 15.6 This update for libxkbfile fixes the following issues: - CVE-2025-26595: Fixed buffer overflow in XkbVModMaskText() (bsc#1237429). Moderate SUSE bug 1237429 CVE-2025-26595 at SUSE CVE-2025-26595 at NVD cpe:/o:opensuse:leap:15.6 Security update for gnutls (Moderate) openSUSE Leap 15.6 This update for gnutls fixes the following issues: - CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS (bsc#1236974). Moderate SUSE bug 1236974 CVE-2024-12243 at SUSE CVE-2024-12243 at NVD cpe:/o:opensuse:leap:15.6 Security update for skopeo (Important) openSUSE Leap 15.6 This update for skopeo fixes the following issues: - CVE-2025-27144: excessive memory consumption by Go JOSE when parsing compact JWS or JWE input containing a large number of '.' characters (bsc#1237613). Important SUSE bug 1237613 CVE-2025-27144 at SUSE CVE-2025-27144 at NVD cpe:/o:opensuse:leap:15.6 Security update for docker (Moderate) openSUSE Leap 15.6 This update for docker fixes the following issues: Update to Docker 27.5.1-ce (bsc#1237335): - CVE-2024-29018: External DNS requests from 'internal' networks could lead to data exfiltration (bsc#1234089). Moderate SUSE bug 1234089 SUSE bug 1237335 CVE-2024-29018 at SUSE CVE-2024-29018 at NVD cpe:/o:opensuse:leap:15.6 Security update for podman (Important) openSUSE Leap 15.6 This update for podman fixes the following issues: - CVE-2025-27144: Fixed denial of service in parsing function of embedded library Go JOSE (bsc#1237641) Important SUSE bug 1237641 CVE-2025-27144 at SUSE CVE-2025-27144 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaFirefox (Important) openSUSE Leap 15.6 This update for MozillaFirefox fixes the following issues: Security Vulnerabilities fixed in Firefox ESR 128.8 (MFSA 2025-16) (bsc#1237683) - CVE-2024-43097: Overflow when growing an SkRegion's RunArray - CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the Browser process - CVE-2025-1931: Use-after-free in WebTransportChild - CVE-2025-1932: Inconsistent comparator in XSLT sorting led to out-of-bounds access - CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs - CVE-2025-1934: Unexpected GC during RegExp bailout processing - CVE-2025-1935: Clickjacking the registerProtocolHandler info-bar - CVE-2025-1936: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents - CVE-2025-1937: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8 - CVE-2025-1938: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8 Important SUSE bug 1237683 CVE-2024-43097 at SUSE CVE-2024-43097 at NVD CVE-2025-1930 at SUSE CVE-2025-1930 at NVD CVE-2025-1931 at SUSE CVE-2025-1931 at NVD CVE-2025-1932 at SUSE CVE-2025-1932 at NVD CVE-2025-1933 at SUSE CVE-2025-1933 at NVD CVE-2025-1934 at SUSE CVE-2025-1934 at NVD CVE-2025-1935 at SUSE CVE-2025-1935 at NVD CVE-2025-1936 at SUSE CVE-2025-1936 at NVD CVE-2025-1937 at SUSE CVE-2025-1937 at NVD CVE-2025-1938 at SUSE CVE-2025-1938 at NVD cpe:/o:opensuse:leap:15.6 Recommended update 4.3.15 for Multi-Linux Manager Client Tools (Moderate) openSUSE Leap 15.6 This update fixes the following issues: ansible: - Security issues fixed: * CVE-2024-8775: Fixed issue where sensitive information stored in Ansible Vault files could be exposed in plaintext (bsc#1230601) spacewalk-client-tools: - Version 4.3.22-0 * Allow translation to wrap strings as weblate forces it * Show Source String change for translations uyuni-proxy-systemd-services: - Version 4.3.15-0 * Update to Multi-Linux Manager 4.3.15 Moderate SUSE bug 1230601 CVE-2024-8775 at SUSE CVE-2024-8775 at NVD cpe:/o:opensuse:leap:15.6 Recommended update for python3-M2Crypto (Moderate) openSUSE Leap 15.6 This update for python3-M2Crypto fixes the following issues: - Fix spelling of BSD-2-Clause license. - Update to 0.44.0: - The real license is BSD 2-Clause, not MIT. - Remove python-M2Crypto.keyring, because PyPI broke GPG support - Build for modern python stack on SLE/Leap - require setuptools - Make tests running again. - Remove unnecessary fdupes call - Add python-typing as a dependency - SLE12 requires swig3 for a successful build, too Moderate SUSE bug 1205042 SUSE bug 1231589 SUSE bug 1236664 CVE-2020-25657 at SUSE CVE-2020-25657 at NVD cpe:/o:opensuse:leap:15.6 Security update for emacs (Important) openSUSE Leap 15.6 This update for emacs fixes the following issues: - CVE-2024-53920: Fixed arbitrary code execution via Lisp macro expansion (bsc#1233894). Important SUSE bug 1233894 CVE-2024-53920 at SUSE CVE-2024-53920 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaThunderbird (Important) openSUSE Leap 15.6 This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird ESR 128.6 (MFSA 2025-05, bsc#1234991) Security fixes: - CVE-2025-0237 (bmo#1915257) WebChannel APIs susceptible to confused deputy attack - CVE-2025-0238 (bmo#1915535) Use-after-free when breaking lines in text - CVE-2025-0239 (bmo#1929156) Alt-Svc ALPN validation failure when redirected - CVE-2025-0240 (bmo#1929623) Compartment mismatch when parsing JavaScript JSON module - CVE-2025-0241 (bmo#1933023) Memory corruption when using JavaScript Text Segmentation - CVE-2025-0242 (bmo#1874523, bmo#1926454, bmo#1931873, bmo#1932169) Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6 - CVE-2025-0243 (bmo#1827142, bmo#1932783) Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6 Other fixes: - fixed: New mail notification was not hidden after reading the new message (bmo#1920077) - fixed: New mail notification could show for the wrong folder, causing repeated alerts (bmo#1926462) - fixed: macOS shortcut CMD+1 did not restore the main window when it was minimized (bmo#1857953) - fixed: Clicking the context menu 'Reply' button resulted in 'Reply-All' (bmo#1935883) - fixed: Switching from 'All', 'Unread', and 'Threads with unread' did not work (bmo#1921618) - fixed: Downloading message headers from a newsgroup could cause a hang (bmo#1931661) - fixed: Message list performance slow when many updates happened at once (bmo#1933104) - fixed: 'mailto:' links did not apply the compose format of the current identity (bmo#550414) - fixed: Authentication failure of AUTH PLAIN or AUTH LOGIN did not fall back to USERPASS (bmo#1928026) Important SUSE bug 1234991 CVE-2025-0237 at SUSE CVE-2025-0237 at NVD CVE-2025-0238 at SUSE CVE-2025-0238 at NVD CVE-2025-0239 at SUSE CVE-2025-0239 at NVD CVE-2025-0240 at SUSE CVE-2025-0240 at NVD CVE-2025-0241 at SUSE CVE-2025-0241 at NVD CVE-2025-0242 at SUSE CVE-2025-0242 at NVD CVE-2025-0243 at SUSE CVE-2025-0243 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.24 (Moderate) openSUSE Leap 15.6 This update for go1.24 fixes the following issues: - CVE-2025-22870: golang.org/x/net/proxy, golang.org/x/net/http/httpproxy: Fixed proxy bypass using IPv6 zone IDs (bsc#1238572) Other fixes: - Updated go version to go1.24.1 (bsc#1236217): * go#71986 go#71984 bsc#1238572 security: fix CVE-2025-22870 net/http, x/net/proxy, x/net/http/httpproxy: proxy bypass using IPv6 zone IDs * go#71687 cmd/go: panics with GOAUTH='git dir' go get -x * go#71705 runtime: add linkname of runtime.lastmoduledatap for cloudwego/sonic * go#71728 runtime: usleep computes wrong tv_nsec on s390x * go#71745 crypto: add fips140 as an opaque GODEBUG setting and add documentation for it * go#71829 cmd/compile: fail to compile package in 1.24 * go#71836 os: possible regression from Go 1.23 to Go 1.24 when opening DevNull with O_TRUNC * go#71840 runtime: recover added in range-over-func loop body doesn't stop panic propagation / segfaults printing error * go#71849 os: spurious SIGCHILD on running child process * go#71855 cmd/compile: Pow10 freeze the compiler on certain condition on Go 1.24 * go#71858 debug/buildinfo: false positives with external scanners flag for go117 binary in testdata * go#71876 reflect: Value.Seq panicking on functional iterator methods * go#71904 cmd/compile: nil dereference when storing field of non-nil struct value * go#71916 reflect: Value.Seq iteration value types not matching the type of given int types * go#71938 cmd/compile: 'fatal error: found pointer to free object' on arm64 * go#71955 proposal: runtime: allow cleanups to run concurrently * go#71963 runtime/cgo: does not build with -Wdeclaration-after-statement * go#71977 syscall: js/wasm file operations fail on windows / node.js Moderate SUSE bug 1236217 SUSE bug 1238572 CVE-2025-22870 at SUSE CVE-2025-22870 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.23 (Moderate) openSUSE Leap 15.6 This update for go1.23 fixes the following issues: - CVE-2025-22870: golang.org/x/net/proxy, golang.org/x/net/http/httpproxy: Fixed proxy bypass using IPv6 zone IDs (bsc#1238572) Other fixes: - Updated go version to go1.23.7 (bsc#1229122): * go#71985 go#71984 bsc#1238572 security: fix CVE-2025-22870 net/http, x/net/proxy, x/net/http/httpproxy: proxy bypass using IPv6 zone IDs * go#71727 runtime: usleep computes wrong tv_nsec on s390x * go#71839 runtime: recover added in range-over-func loop body doesn't stop panic propagation / segfaults printing error * go#71848 os: spurious SIGCHILD on running child process * go#71875 reflect: Value.Seq panicking on functional iterator methods * go#71915 reflect: Value.Seq iteration value types not matching the type of given int types * go#71962 runtime/cgo: does not build with -Wdeclaration-after-statement Moderate SUSE bug 1229122 SUSE bug 1238572 CVE-2025-22870 at SUSE CVE-2025-22870 at NVD cpe:/o:opensuse:leap:15.6 Security update for buildah (Important) openSUSE Leap 15.6 This update for buildah fixes the following issues: - CVE-2025-27144: Fixed denial of service in parsing function of embedded library Go JOSE (bsc#1237681) Important SUSE bug 1237681 CVE-2025-27144 at SUSE CVE-2025-27144 at NVD cpe:/o:opensuse:leap:15.6 Security update for iniparser (Moderate) openSUSE Leap 15.6 This update for iniparser fixes the following issues: - CVE-2025-0633: string copy into buffer without previous size validation leads to heap buffer overflow in iniparser_dumpsection_ini() of iniparser (bsc#1237377). Moderate SUSE bug 1237377 CVE-2025-0633 at SUSE CVE-2025-0633 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672). - CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937). - CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235). - CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438). - CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439). - CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088). - CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949). - CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912). - CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508). - CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028). - CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109). - CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483). - CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070). - CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857). - CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895). - CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032). - CVE-2024-56592: bpf: Call free_htab_elem() after htab_unlock_bucket() (bsc#1235244). - CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485). - CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435). - CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441). - CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592). - CVE-2024-57882: mptcp: fix TCP options overflow. (bsc#1235914). - CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901). - CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113). - CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114). - CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115). - CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122). - CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123). - CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133). - CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684). - CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] (bsc#1236680). - CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681). - CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682). - CVE-2025-21669: vsock/virtio: discard packets if the transport changes (bsc#1236683). - CVE-2025-21670: vsock/bpf: return early if transport is not assigned (bsc#1236685). - CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689). - CVE-2025-21675: net/mlx5: Clear port select structure when fail to create (bsc#1236694). - CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700). - CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702). - CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045). - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028). - CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159). - CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879). - CVE-2024-57979: kABI workaround for pps changes (bsc#1238521). - CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525). - CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889). - CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891). - CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860). - CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863). - CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877). - CVE-2025-21733: tracing/osnoise: Fix resetting of tracepoints (bsc#1238494). - CVE-2025-21754: btrfs: fix assertion failure when splitting ordered extent after transaction abort (bsc#1238496). - CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509). - CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753). - CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759). - CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739). - CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751). The following non-security bugs were fixed: - ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes). - ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes). - ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes). - ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes). - ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes). - ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes). - ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes). - ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes). - ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes). - ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes). - ALSA: seq: Make dependency on UMP clearer (git-fixes). - ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes). - ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes). - ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes). - APEI: GHES: Have GHES honor the panic= setting (stable-fixes). - ASoC: Intel: avs: Abstract IPC handling (stable-fixes). - ASoC: Intel: avs: Do not readq() u32 registers (git-fixes). - ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes). - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes). - ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes). - ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes). - ASoC: amd: Add ACPI dependency to fix build error (stable-fixes). - ASoC: es8328: fix route from DAC to output (git-fixes). - ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes). - ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes). - Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes). - Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes). - Fix memory-hotplug regression (bsc#1237504). - Grab mm lock before grabbing pt lock (git-fixes). - HID: Wacom: Add PCI Wacom device support (stable-fixes). - HID: hid-steam: Add Deck IMU support (stable-fixes). - HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes). - HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes). - HID: hid-steam: Clean up locking (stable-fixes). - HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes). - HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes). - HID: hid-steam: Fix cleanup in probe() (git-fixes). - HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes). - HID: hid-steam: Move hidraw input (un)registering to work (git-fixes). - HID: hid-steam: Update list of identifiers from SDL (stable-fixes). - HID: hid-steam: remove pointless error message (stable-fixes). - HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes). - HID: multitouch: Add NULL check in mt_input_configured (git-fixes). - IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes) - Input: allocate keycode for phone linking (stable-fixes). - KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes). - KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes). - KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes). - KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes). - KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes). - KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes). - KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes). - KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes) - KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes). - KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes). - KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes). - KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155). - KVM: x86/mmu: Skip the 'try unsync' path iff the old SPTE was a leaf SPTE (git-fixes). - KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes). - KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes). - KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes). - KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes). - KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes). - KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes). - KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes). - KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348). - KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes). - PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes). - PCI: Use downstream bridges for distributing resources (bsc#1237325). - PCI: hookup irq_get_affinity callback (bsc#1236896). - PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes). - PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes). - RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes) - RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes) - RDMA/efa: Reset device on probe failure (git-fixes) - RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes) - RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes). - RDMA/mlx5: Fix AH static rate parsing (git-fixes) - RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes) - RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes) - RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes) - RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes) - RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes) - RDMA/rxe: Improve newline in printing messages (git-fixes) - Revert 'blk-throttle: Fix IO hang for a corner case' (git-fixes). - Revert 'drm/amd/display: Use HW lock mgr for PSR1' (stable-fixes). - USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes). - USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes). - USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes). - USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes). - USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes). - USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes). - USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes). - USB: serial: option: add MeiG Smart SLM828 (stable-fixes). - USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes). - USB: serial: option: drop MeiG Smart defines (stable-fixes). - USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes). - Update 'drm/mgag200: Added support for the new device G200eH5' (jsc#PED-12094). - Use gcc-13 for build on SLE16 (jsc#PED-10028). - acct: block access to kernel internal filesystems (git-fixes). - acct: perform last write from workqueue (git-fixes). - add nf_tables for iptables non-legacy network handling This is needed for example by docker on the Alpine Linux distribution, but can also be used on openSUSE. - af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849). - amdgpu/pm/legacy: fix suspend/resume issues (git-fixes). - arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes) - arm64: Handle .ARM.attributes section in linker scripts (git-fixes) - arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes) - ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes). - batman-adv: Drop unmanaged ELP metric worker (git-fixes). - batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes). - batman-adv: fix panic during interface removal (git-fixes). - bio-integrity: do not restrict the size of integrity metadata (git-fixes). - blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558). - blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606). - blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes). - blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes). - blk-mq: add number of queue calc helper (bsc#1236897). - blk-mq: create correct map for fallback case (bsc#1236896). - blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes). - blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896). - blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897). - blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes). - blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes). - blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897). - blk_iocost: remove some duplicate irq disable/enables (git-fixes). - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes). - block: Clear zone limits for a non-zoned stacked queue (git-fixes). - block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes). - block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes). - block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes). - block: Provide bdev_open_* functions (git-fixes). - block: Remove special-casing of compound pages (git-fixes). - block: Set memalloc_noio to false on device_add_disk() error path (git-fixes). - block: add a disk_has_partscan helper (git-fixes). - block: add a partscan sysfs attribute for disks (git-fixes). - block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes). - block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes). - block: change rq_integrity_vec to respect the iterator (git-fixes). - block: copy back bounce buffer to user-space correctly in case of split (git-fixes). - block: ensure we hold a queue reference when using queue limits (git-fixes). - block: fix and simplify blkdevparts= cmdline parsing (git-fixes). - block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes). - block: fix integer overflow in BLKSECDISCARD (git-fixes). - block: fix missing dispatching request when queue is started or unquiesced (git-fixes). - block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes). - block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes). - block: fix sanity checks in blk_rq_map_user_bvec (git-fixes). - block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes). - block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes). - block: retry call probe after request_module in blk_request_module (git-fixes). - block: return unsigned int from bdev_io_min (git-fixes). - block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes). - block: support to account io_ticks precisely (git-fixes). - block: use the right type for stub rq_integrity_vec() (git-fixes). - bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes). - bnxt_en: Refactor bnxt_ptp_init() (git-fixes). - bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes). - btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232). - btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232). - can: c_can: fix unbalanced runtime PM disable in error path (git-fixes). - can: ctucanfd: handle skb allocation failure (git-fixes). - can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes). - can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes). - chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes). - cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes). - cifs: Remove intermediate object of failed create reparse call (git-fixes). - cifs: commands that are retried should have replay flag set (bsc#1231432). - cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432). - cifs: helper function to check replayable error codes (bsc#1231432). - cifs: new mount option called retrans (bsc#1231432). - cifs: open_cached_dir should not rely on primary channel (bsc#1231432). - cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes). - cifs: update desired access while requesting for directory lease (git-fixes). - cifs: update the same create_guid on replay (git-fixes). - clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-img: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes). - clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes). - clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes). - clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes). - clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes). - clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes). - clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes). - cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562). - cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562). - cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes). - cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes). - cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes). - cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes). - cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes). - cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes). - cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes). - cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes). - cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes). - cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes). - cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes). - cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes). - cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes). - cpufreq: s3c64xx: Fix compilation warning (stable-fixes). - crypto: hisilicon/sec2 - fix for aead icv error (git-fixes). - crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes). - crypto: hisilicon/sec2 - optimize the error return process (stable-fixes). - cxgb4: Avoid removal of uninserted tid (git-fixes). - cxgb4: use port number to set mac addr (git-fixes). - devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234). - dlm: fix srcu_read_lock() return type to int (git-fixes). - doc/README.SUSE: Point to the updated version of LKMPG - doc: update managed_irq documentation (bsc#1236897). - driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896). - drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes). - drm/amd/pm: Mark MM activity as unsupported (stable-fixes). - drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes). - drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes). - drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes). - drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759). - drm/amdkfd: only flush the validate MES contex (stable-fixes). - drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes). - drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes). - drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes). - drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes). - drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes). - drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes). - drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes). - drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes). - drm/i915/pmu: Fix zero delta busyness issue (git-fixes). - drm/i915/selftests: avoid using uninitialized context (git-fixes). - drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes). - drm/i915: Fix page cleanup on DMA remap failure (git-fixes). - drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes). - drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes). - drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094) - drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes). - drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes). - drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes). - drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes). - drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes). - drm/msm: Avoid rounding up to one jiffy (git-fixes). - drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes). - drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes). - drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes). - drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes). - drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes). - drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes). - drm/virtio: New fence for every plane update (stable-fixes). - efi: Avoid cold plugged memory for placing the kernel (stable-fixes). - efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes). - eth: gve: use appropriate helper to set xdp_features (git-fixes). - exfat: convert to ctime accessor functions (git-fixes). - exfat: fix file being changed by unaligned direct write (git-fixes). - exfat: fix zero the unwritten part for dio read (git-fixes). - fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes). - firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes). - futex: Do not include process MM in futex key on no-MMU (git-fixes). - gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes). - gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes). - gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes). - gpio: pca953x: Improve interrupt support (git-fixes). - gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes). - gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes). - gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes). - gup: make the stack expansion warning a bit more targeted (bsc#1238214). - hfs: Sanity check the root record (git-fixes). - i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes). - i2c: ls2x: Fix frequency division register access (git-fixes). - i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes). - iavf: allow changing VLAN state without calling PF (git-fixes). - ice: Skip PTP HW writes during PTP reset procedure (git-fixes). - ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415). - ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415). - ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes). - ice: fix incorrect PHY settings for 100 GB/s (git-fixes). - ice: fix max values for dpll pin phase adjust (git-fixes). - ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415). - ice: gather page_count()'s of each frag right before XDP prog call (git-fixes). - ice: put Rx buffers after being done with current frame (git-fixes). - ice: stop storing XDP verdict within ice_rx_buf (git-fixes). - ice: use internal pf id instead of function number (git-fixes). - idpf: add read memory barrier when checking descriptor done bit (git-fixes). - idpf: call set_real_num_queues in idpf_open (bsc#1236661). - idpf: convert workqueues to unbound (git-fixes). - idpf: fix VF dynamic interrupt ctl register initialization (git-fixes). - idpf: fix handling rsc packet with a single segment (git-fixes). - igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes). - igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes). - igc: return early when failing to read EECD register (git-fixes). - iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes). - kabi: fix bus type (bsc#1236896). - kabi: fix group_cpus_evenly (bsc#1236897). - kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749). - kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes). - kbuild: userprogs: fix bitsize and target detection on clang (git-fixes). - kernel-source: Also replace bin/env - lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897). - lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897). - lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes). - lib: stackinit: hide never-taken branch from compiler (stable-fixes). - lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes). - lockdep: fix deadlock issue between lockdep and rcu (git-fixes). - locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes). - locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes). - loop: do not set QUEUE_FLAG_NOMERGES (git-fixes). - md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes). - md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes). - md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes). - md/md-cluster: fix spares warnings for __le64 (git-fixes). - md/raid0: do not free conf on raid0_run failure (git-fixes). - md/raid1: do not free conf on raid0_run failure (git-fixes). - md/raid5: Wait sync io to finish before changing group cnt (git-fixes). - md: Do not flush sync_work in md_write_start() (git-fixes). - md: convert comma to semicolon (git-fixes). - media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes). - media: dvb: mb86a16: check the return value of mb86a16_read() (git-fixes). - media: firewire: firedtv-avc.c: replace BUG with proper, error return (git-fixes). - media: ov08x40: Fix hblank out of range issue (git-fixes). - media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes). - media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes). - media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes). - media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes). - mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes). - mm/compaction: fix UBSAN shift-out-of-bounds warning (git fixes (mm/compaction)). - mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes). - mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes). - mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes). - mptcp: export local_address (git-fixes) - mptcp: fix NL PM announced address accounting (git-fixes) - mptcp: fix data races on local_id (git-fixes) - mptcp: fix inconsistent state on fastopen race (bsc#1222672). - mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes) - mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes) - mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes) - mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes) - mptcp: pm: deny endp with signal + subflow + port (git-fixes) - mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes) - mptcp: pm: do not try to create sf if alloc failed (git-fixes) - mptcp: pm: fullmesh: select the right ID later (git-fixes) - mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes) - mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes) - mptcp: pm: re-using ID of unused flushed subflows (git-fixes) - mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes) - mptcp: pm: re-using ID of unused removed subflows (git-fixes) - mptcp: pm: reduce indentation blocks (git-fixes) - mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes) - mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes) - mptcp: unify pm get_local_id interfaces (git-fixes) - mptcp: unify pm set_flags interfaces (git-fixes) - mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes). - mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes). - mtd: rawnand: cadence: fix unchecked dereference (git-fixes). - mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes). - nbd: Fix signal handling (git-fixes). - nbd: Improve the documentation of the locking assumptions (git-fixes). - nbd: do not allow reconnect after disconnect (git-fixes). - net/mlx5: Correct TASR typo into TSAR (git-fixes). - net/mlx5: Fix RDMA TX steering prio (git-fixes). - net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981). - net/mlx5: SF, Fix add port error handling (git-fixes). - net/mlx5: Verify support for scheduling element and TSAR type (git-fixes). - net/mlx5e: Always start IPsec sequence number from 1 (git-fixes). - net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes). - net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes). - net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994). - net: Fix undefined behavior in netdev name allocation (bsc#1233749). - net: avoid UAF on deleted altname (bsc#1233749). - net: check for altname conflicts when changing netdev's netns (bsc#1233749). - net: core: Use the bitmap API to allocate bitmaps (bsc#1233749). - net: do not send a MOVE event when netdev changes netns (bsc#1233749). - net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749). - net: fix ifname in netlink ntf during netns move (bsc#1233749). - net: fix removing a namespace with conflicting altnames (bsc#1233749). - net: free altname using an RCU callback (bsc#1233749). - net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749). - net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761). - net: move altnames together with the netdevice (bsc#1233749). - net: reduce indentation of __dev_alloc_name() (bsc#1233749). - net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749). - net: remove else after return in dev_prep_valid_name() (bsc#1233749). - net: rose: lock the socket in rose_bind() (git-fixes). - net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes). - net: smc: fix spurious error message from __sock_release() (bsc#1237126). - net: trust the bitmap in __dev_alloc_name() (bsc#1233749). - net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes). - nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes). - null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes). - null_blk: Fix missing mutex_destroy() at module removal (git-fixes). - null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes). - null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes). - null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes). - null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes). - null_blk: fix validation of block size (git-fixes). - nvme-fc: use ctrl state getter (git-fixes). - nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes). - nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes). - nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897). - nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes). - nvme/ioctl: add missing space in err message (git-fixes). - nvme: handle connectivity loss in nvme_set_queue_count (git-fixes). - nvme: make nvme_tls_attrs_group static (git-fixes). - nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - nvme: tcp: Fix compilation warning with W=1 (git-fixes). - nvmet: Fix crash when a namespace is disabled (git-fixes). - ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138). - padata: Clean up in padata_do_multithreaded() (bsc#1237563). - padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563). - partitions: ldm: remove the initial kernel-doc notation (git-fixes). - phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes). - phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes). - phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes). - pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes). - platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452). - platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452). - platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452). - platform/x86: ISST: Ignore minor version change (bsc#1237452). - platform/x86: acer-wmi: Ignore AC events (stable-fixes). - platform/x86: int3472: Check for adev == NULL (stable-fixes). - power: supply: da9150-fg: fix potential overflow (git-fixes). - powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199). - powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199). - powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199). - powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199). - powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932). - powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988). - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950). - rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes). - rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes). - rbd: do not move requests to the running list on errors (git-fixes). - rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes). - regmap-irq: Add missing kfree() (git-fixes). - rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303) - s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205). - s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158). - s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200). - s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752). - s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368). - s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752). - s390/pci: Ignore RID for isolated VFs (bsc#1236752). - s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368). - s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752). - s390/pci: Use topology ID for multi-function devices (bsc#1236752). - s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199). - s390/topology: Improve topology detection (bsc#1236591). - s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203). - scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes). - scsi: core: Clear driver private data when retrying request (git-fixes). - scsi: core: Handle depopulation and restoration in progress (git-fixes). - scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347). - scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347). - scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347). - scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347). - scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347). - scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347). - scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes). - scsi: use block layer helpers to calculate num of queues (bsc#1236897). - selftest: hugetlb_dio: fix test naming (git-fixes). - selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes). - selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes). - selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes). - selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes). - selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes). - selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes). - selftests: mptcp: connect: -f: no reconnect (git-fixes). - selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes). - serial: 8250: Fix fifo underflow on flush (git-fixes). - serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes). - smb3: fix creating FIFOs when mounting with 'sfu' mount option (git-fixes). - smb3: request handle caching when caching directories (bsc#1231432). - smb3: retrying on failed server close (bsc#1231432). - smb: cached directories can be more than root file handle (bsc#1231432). - smb: cilent: set reparse mount points as automounts (git-fixes). - smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes). - smb: client: Fix minor whitespace errors and warnings (git-fixes). - smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes). - smb: client: add support for WSL reparse points (git-fixes). - smb: client: allow creating special files via reparse points (git-fixes). - smb: client: allow creating symlinks via reparse points (git-fixes). - smb: client: cleanup smb2_query_reparse_point() (git-fixes). - smb: client: do not query reparse points twice on symlinks (git-fixes). - smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432). - smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432). - smb: client: fix OOB in smb2_query_reparse_point() (git-fixes). - smb: client: fix corruption in cifs_extend_writeback (bsc#1235609). - smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes). - smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes). - smb: client: fix hardlinking of reparse points (git-fixes). - smb: client: fix missing mode bits for SMB symlinks (git-fixes). - smb: client: fix possible double free in smb2_set_ea() (git-fixes). - smb: client: fix potential broken compound request (git-fixes). - smb: client: fix renaming of reparse points (git-fixes). - smb: client: get rid of smb311_posix_query_path_info() (git-fixes). - smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes). - smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes). - smb: client: handle path separator of created SMB symlinks (git-fixes). - smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes). - smb: client: ignore unhandled reparse tags (git-fixes). - smb: client: implement ->query_reparse_point() for SMB1 (git-fixes). - smb: client: instantiate when creating SFU files (git-fixes). - smb: client: introduce ->parse_reparse_point() (git-fixes). - smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes). - smb: client: introduce cifs_sfu_make_node() (git-fixes). - smb: client: introduce reparse mount option (git-fixes). - smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432). - smb: client: move most of reparse point handling code to common file (git-fixes). - smb: client: move some params to cifs_open_info_data (bsc#1231432). - smb: client: optimise reparse point querying (git-fixes). - smb: client: parse owner/group when creating reparse points (git-fixes). - smb: client: parse reparse point flag in create response (bsc#1231432). - smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes). - smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896). - smb: client: reduce number of parameters in smb2_compound_op() (git-fixes). - smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432). - smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes). - smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432). - smb: client: retry compound request without reusing lease (git-fixes). - smb: client: return reparse type in /proc/mounts (git-fixes). - smb: client: reuse file lease key in compound operations (git-fixes). - smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes). - smb: client: set correct file type from NFS reparse points (git-fixes). - smb: client: stop revalidating reparse points unnecessarily (git-fixes). - smb: use kernel_connect() and kernel_bind() (git-fixes). - soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes). - soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes). - soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes). - soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes). - soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes). - soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes). - spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes). - spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes). - spi: sn-f-ospi: Fix division by zero (git-fixes). - tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367). - tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes). - tools: fix annoying 'mkdir -p ...' logs when building tools in parallel (git-fixes). - tty: xilinx_uartps: split sysrq handling (git-fixes). - ublk: fix error code for unsupported command (git-fixes). - ublk: fix ublk_ch_mmap() for 64K page size (git-fixes). - ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes). - ublk: move zone report data out of request pdu (git-fixes). - usb: cdc-acm: Check control transfer buffer size before access (git-fixes). - usb: cdc-acm: Fix handling of oversized fragments (git-fixes). - usb: chipidea: ci_hdrc_imx: decrement device's refcount in .remove() and in the error path of .probe() (git-fixes). - usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes). - usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes). - usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes). - usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes). - usb: gadget: core: flush gadget workqueue after device removal (git-fixes). - usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes). - usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes). - usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes). - usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes). - usb: roles: set switch registered flag early on (git-fixes). - usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes). - usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes). - usbnet: ipheth: document scope of NCM implementation (stable-fixes). - util_macros.h: fix/rework find_closest() macros (git-fixes). - vhost/net: Set num_buffers for virtio 1.0 (git-fixes). - virtio-mem: check if the config changed before fake offlining memory (git-fixes). - virtio-mem: convert most offline_and_remove_memory() errors to -EBUSY (git-fixes). - virtio-mem: keep retrying on offline_and_remove_memory() errors in Sub Block Mode (SBM) (git-fixes). - virtio-mem: remove unsafe unplug in Big Block Mode (BBM) (git-fixes). - virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896). - virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897). - virtio: hookup irq_get_affinity callback (bsc#1236896). - virtio_blk: reverse request order in virtio_queue_rqs (git-fixes). - vsock/virtio: cancel close work in the destructor (git-fixes) - vsock: Keep the binding until socket destruction (git-fixes) - vsock: reset socket state when de-assigning the transport (git-fixes) - wifi: ath12k: fix handling of 6 GHz rules (git-fixes). - wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes). - wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes). - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes). - wifi: iwlwifi: avoid memory leak (stable-fixes). - wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes). - wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes). - wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes). - wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes). - wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes). - wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes). - x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes). - x86/asm: Make serialize() always_inline (git-fixes). - x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes). - x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes). - x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes). - x86/mm: Carve out INVLPG inline asm for use by others (git-fixes). - x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes). - x86/xen: allow larger contiguous memory regions in PV guests (git-fixes). - x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes). - xen/swiotlb: relax alignment requirements (git-fixes). - xhci: dbgtty: remove kfifo_out() wrapper (git-fixes). - zram: clear IDLE flag after recompression (git-fixes). - zram: clear IDLE flag in mark_idle() (git-fixes). - zram: do not mark idle slots that cannot be idle (git-fixes). - zram: fix potential UAF of zram table (git-fixes). - zram: fix uninitialized ZRAM not releasing backing device (git-fixes). - zram: refuse to use zero sized block device as backing device (git-fixes). - zram: split memory-tracking and ac-time tracking (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes). - arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes) - arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes) - arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes) - bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes). - drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes). - drm/sched: Fix preprocessor guard (git-fixes). - exfat: do not zero the extended part (bsc#1237356). - exfat: fix appending discontinuous clusters to empty file (bsc#1237356). - exfat: fix timing of synchronizing bitmap and inode (bsc#1237356). - ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497). - initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521). - mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes) - rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570) - scsi: core: Do not retry I/Os during depopulation (git-fixes). - scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes). - scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes). - scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes). - scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes). - scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes). - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes). - scsi: megaraid_sas: Fix for a potential deadlock (git-fixes). - scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes). - scsi: mpi3mr: Start controller indexing from 0 (git-fixes). - scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes). - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253). - scsi: myrb: Remove dead code (git-fixes). - scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes). - scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes). - scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes). - scsi: sg: Enable runtime power management (git-fixes). - scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes). - scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes). - wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes). - wifi: iwlwifi: limit printed string from FW file (git-fixes). - wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes). - wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes). Important SUSE bug 1012628 SUSE bug 1215199 SUSE bug 1219367 SUSE bug 1222672 SUSE bug 1222803 SUSE bug 1225606 SUSE bug 1225742 SUSE bug 1225981 SUSE bug 1227937 SUSE bug 1228521 SUSE bug 1230235 SUSE bug 1230438 SUSE bug 1230439 SUSE bug 1230497 SUSE bug 1231088 SUSE bug 1231432 SUSE bug 1231912 SUSE bug 1231920 SUSE bug 1231949 SUSE bug 1232159 SUSE bug 1232198 SUSE bug 1232201 SUSE bug 1232299 SUSE bug 1232508 SUSE bug 1232520 SUSE bug 1232919 SUSE bug 1233028 SUSE bug 1233109 SUSE bug 1233483 SUSE bug 1233749 SUSE bug 1234070 SUSE bug 1234853 SUSE bug 1234857 SUSE bug 1234891 SUSE bug 1234894 SUSE bug 1234895 SUSE bug 1234896 SUSE bug 1234963 SUSE bug 1235032 SUSE bug 1235054 SUSE bug 1235061 SUSE bug 1235073 SUSE bug 1235244 SUSE bug 1235435 SUSE bug 1235441 SUSE bug 1235485 SUSE bug 1235592 SUSE bug 1235599 SUSE bug 1235609 SUSE bug 1235914 SUSE bug 1235932 SUSE bug 1235933 SUSE bug 1236113 SUSE bug 1236114 SUSE bug 1236115 SUSE bug 1236122 SUSE bug 1236123 SUSE bug 1236133 SUSE bug 1236138 SUSE bug 1236199 SUSE bug 1236200 SUSE bug 1236203 SUSE bug 1236205 SUSE bug 1236573 SUSE bug 1236575 SUSE bug 1236576 SUSE bug 1236591 SUSE bug 1236661 SUSE bug 1236677 SUSE bug 1236680 SUSE bug 1236681 SUSE bug 1236682 SUSE bug 1236683 SUSE bug 1236684 SUSE bug 1236685 SUSE bug 1236689 SUSE bug 1236694 SUSE bug 1236700 SUSE bug 1236702 SUSE bug 1236752 SUSE bug 1236759 SUSE bug 1236761 SUSE bug 1236821 SUSE bug 1236822 SUSE bug 1236896 SUSE bug 1236897 SUSE bug 1236952 SUSE bug 1236967 SUSE bug 1236994 SUSE bug 1237007 SUSE bug 1237017 SUSE bug 1237025 SUSE bug 1237028 SUSE bug 1237045 SUSE bug 1237126 SUSE bug 1237132 SUSE bug 1237139 SUSE bug 1237155 SUSE bug 1237158 SUSE bug 1237159 SUSE bug 1237232 SUSE bug 1237234 SUSE bug 1237325 SUSE bug 1237356 SUSE bug 1237415 SUSE bug 1237452 SUSE bug 1237504 SUSE bug 1237521 SUSE bug 1237558 SUSE bug 1237562 SUSE bug 1237563 SUSE bug 1237848 SUSE bug 1237849 SUSE bug 1237879 SUSE bug 1237889 SUSE bug 1237891 SUSE bug 1237901 SUSE bug 1237950 SUSE bug 1238214 SUSE bug 1238303 SUSE bug 1238347 SUSE bug 1238368 SUSE bug 1238494 SUSE bug 1238496 SUSE bug 1238509 SUSE bug 1238521 SUSE bug 1238525 SUSE bug 1238570 SUSE bug 1238739 SUSE bug 1238751 SUSE bug 1238753 SUSE bug 1238759 SUSE bug 1238860 SUSE bug 1238863 SUSE bug 1238877 CVE-2023-52924 at SUSE CVE-2023-52924 at NVD CVE-2023-52925 at SUSE CVE-2023-52925 at NVD CVE-2024-26708 at SUSE CVE-2024-26708 at NVD CVE-2024-26810 at SUSE CVE-2024-26810 at NVD CVE-2024-40980 at SUSE CVE-2024-40980 at NVD CVE-2024-41055 at SUSE CVE-2024-41055 at NVD CVE-2024-44974 at SUSE CVE-2024-44974 at NVD CVE-2024-45009 at SUSE CVE-2024-45009 at NVD CVE-2024-45010 at SUSE CVE-2024-45010 at NVD CVE-2024-46858 at SUSE CVE-2024-46858 at NVD CVE-2024-47701 at SUSE CVE-2024-47701 at NVD CVE-2024-49884 at SUSE CVE-2024-49884 at NVD CVE-2024-49950 at SUSE CVE-2024-49950 at NVD CVE-2024-50029 at SUSE CVE-2024-50029 at NVD CVE-2024-50036 at SUSE CVE-2024-50036 at NVD CVE-2024-50073 at SUSE CVE-2024-50073 at NVD CVE-2024-50085 at SUSE CVE-2024-50085 at NVD CVE-2024-50115 at SUSE CVE-2024-50115 at NVD CVE-2024-50142 at SUSE CVE-2024-50142 at NVD CVE-2024-50185 at SUSE CVE-2024-50185 at NVD CVE-2024-50294 at SUSE CVE-2024-50294 at NVD CVE-2024-53123 at SUSE CVE-2024-53123 at NVD CVE-2024-53147 at SUSE CVE-2024-53147 at NVD CVE-2024-53173 at SUSE CVE-2024-53173 at NVD CVE-2024-53176 at SUSE CVE-2024-53176 at NVD CVE-2024-53177 at SUSE CVE-2024-53177 at NVD CVE-2024-53178 at SUSE CVE-2024-53178 at NVD CVE-2024-53226 at SUSE CVE-2024-53226 at NVD CVE-2024-53239 at SUSE CVE-2024-53239 at NVD CVE-2024-56539 at SUSE CVE-2024-56539 at NVD CVE-2024-56548 at SUSE CVE-2024-56548 at NVD CVE-2024-56568 at SUSE CVE-2024-56568 at NVD CVE-2024-56579 at SUSE CVE-2024-56579 at NVD CVE-2024-56592 at SUSE CVE-2024-56592 at NVD CVE-2024-56605 at SUSE CVE-2024-56605 at NVD CVE-2024-56633 at SUSE CVE-2024-56633 at NVD CVE-2024-56647 at SUSE CVE-2024-56647 at NVD CVE-2024-56658 at SUSE CVE-2024-56658 at NVD CVE-2024-56720 at SUSE CVE-2024-56720 at NVD CVE-2024-57882 at SUSE CVE-2024-57882 at NVD CVE-2024-57889 at SUSE CVE-2024-57889 at NVD CVE-2024-57948 at SUSE CVE-2024-57948 at NVD CVE-2024-57979 at SUSE CVE-2024-57979 at NVD CVE-2024-57994 at SUSE CVE-2024-57994 at NVD CVE-2025-21636 at SUSE CVE-2025-21636 at NVD CVE-2025-21637 at SUSE CVE-2025-21637 at NVD CVE-2025-21638 at SUSE CVE-2025-21638 at NVD CVE-2025-21639 at SUSE CVE-2025-21639 at NVD CVE-2025-21640 at SUSE CVE-2025-21640 at NVD CVE-2025-21647 at SUSE CVE-2025-21647 at NVD CVE-2025-21665 at SUSE CVE-2025-21665 at NVD CVE-2025-21666 at SUSE CVE-2025-21666 at NVD CVE-2025-21667 at SUSE CVE-2025-21667 at NVD CVE-2025-21668 at SUSE CVE-2025-21668 at NVD CVE-2025-21669 at SUSE CVE-2025-21669 at NVD CVE-2025-21670 at SUSE CVE-2025-21670 at NVD CVE-2025-21673 at SUSE CVE-2025-21673 at NVD CVE-2025-21675 at SUSE CVE-2025-21675 at NVD CVE-2025-21680 at SUSE CVE-2025-21680 at NVD CVE-2025-21681 at SUSE CVE-2025-21681 at NVD CVE-2025-21684 at SUSE CVE-2025-21684 at NVD CVE-2025-21687 at SUSE CVE-2025-21687 at NVD CVE-2025-21688 at SUSE CVE-2025-21688 at NVD CVE-2025-21689 at SUSE CVE-2025-21689 at NVD CVE-2025-21690 at SUSE CVE-2025-21690 at NVD CVE-2025-21692 at SUSE CVE-2025-21692 at NVD CVE-2025-21697 at SUSE CVE-2025-21697 at NVD CVE-2025-21699 at SUSE CVE-2025-21699 at NVD CVE-2025-21700 at SUSE CVE-2025-21700 at NVD CVE-2025-21705 at SUSE CVE-2025-21705 at NVD CVE-2025-21715 at SUSE CVE-2025-21715 at NVD CVE-2025-21716 at SUSE CVE-2025-21716 at NVD CVE-2025-21719 at SUSE CVE-2025-21719 at NVD CVE-2025-21724 at SUSE CVE-2025-21724 at NVD CVE-2025-21725 at SUSE CVE-2025-21725 at NVD CVE-2025-21728 at SUSE CVE-2025-21728 at NVD CVE-2025-21733 at SUSE CVE-2025-21733 at NVD CVE-2025-21754 at SUSE CVE-2025-21754 at NVD CVE-2025-21767 at SUSE CVE-2025-21767 at NVD CVE-2025-21790 at SUSE CVE-2025-21790 at NVD CVE-2025-21795 at SUSE CVE-2025-21795 at NVD CVE-2025-21799 at SUSE CVE-2025-21799 at NVD CVE-2025-21802 at SUSE CVE-2025-21802 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaThunderbird (Important) openSUSE Leap 15.6 This update for MozillaThunderbird fixes the following issues: Updated to Mozilla Thunderbird 128.8 MFSA 2025-18 (bsc#1237683): - CVE-2024-43097: Overflow when growing an SkRegion's RunArray - CVE-2025-1930: AudioIPC StreamData could trigger a use-after-free in the Browser process - CVE-2025-1931: Use-after-free in WebTransportChild - CVE-2025-1932: Inconsistent comparator in XSLT sorting led to out-of-bounds access - CVE-2025-1933: JIT corruption of WASM i32 return values on 64-bit CPUs - CVE-2025-1934: Unexpected GC during RegExp bailout processing - CVE-2025-1935: Clickjacking the registerProtocolHandler info-bar - CVE-2025-1936: Adding %00 and a fake extension to a jar: URL changed the interpretation of the contents - CVE-2025-1937: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 115.21, Firefox ESR 128.8, and Thunderbird 128.8 - CVE-2025-1938: Memory safety bugs fixed in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8 - CVE-2025-26695: Downloading of OpenPGP keys from WKD used incorrect padding - CVE-2025-26696: Crafted email message incorrectly shown as being encrypted Other fixes: * Opening an .EML file in profiles with many folders could take a long time. * Users with many folders experienced poor performance when resizing message panes. *'Replace' button in compose window was overwritten when the window was narrow. * Export to mobile did not work when 'Use default server' was selected. * 'Save Link As' was not working in feed web content. Important SUSE bug 1237683 CVE-2024-43097 at SUSE CVE-2024-43097 at NVD CVE-2025-1930 at SUSE CVE-2025-1930 at NVD CVE-2025-1931 at SUSE CVE-2025-1931 at NVD CVE-2025-1932 at SUSE CVE-2025-1932 at NVD CVE-2025-1933 at SUSE CVE-2025-1933 at NVD CVE-2025-1934 at SUSE CVE-2025-1934 at NVD CVE-2025-1935 at SUSE CVE-2025-1935 at NVD CVE-2025-1936 at SUSE CVE-2025-1936 at NVD CVE-2025-1937 at SUSE CVE-2025-1937 at NVD CVE-2025-1938 at SUSE CVE-2025-1938 at NVD CVE-2025-26695 at SUSE CVE-2025-26695 at NVD CVE-2025-26696 at SUSE CVE-2025-26696 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672). - CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937). - CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235). - CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438). - CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439). - CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949). - CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912). - CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508). - CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028). - CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109). - CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483). - CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070). - CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857). - CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895). - CVE-2024-56568: iommu/arm-smmu: Defer probe of clients after smmu device bound (bsc#1235032). - CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485). - CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435). - CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592). - CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901). - CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113). - CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114). - CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115). - CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122). - CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123). - CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133). - CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684). - CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681). - CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682). - CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689). - CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700). - CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702). - CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045). - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028). - CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159). - CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879). - CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525). - CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889). - CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891). - CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860). - CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863). - CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877). - CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509). - CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753). - CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759). - CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739). - CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751). The following non-security bugs were fixed: - ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes). - ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes). - ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes). - ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes). - ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes). - ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes). - ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes). - ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes). - ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes). - ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes). - ALSA: seq: Make dependency on UMP clearer (git-fixes). - ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes). - ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes). - ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes). - APEI: GHES: Have GHES honor the panic= setting (stable-fixes). - ASoC: Intel: avs: Abstract IPC handling (stable-fixes). - ASoC: Intel: avs: Do not readq() u32 registers (git-fixes). - ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes). - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes). - ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes). - ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes). - ASoC: amd: Add ACPI dependency to fix build error (stable-fixes). - ASoC: es8328: fix route from DAC to output (git-fixes). - ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes). - ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes). - Bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes). - Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes). - Fix memory-hotplug regression (bsc#1237504). - Grab mm lock before grabbing pt lock (git-fixes). - HID: Wacom: Add PCI Wacom device support (stable-fixes). - HID: hid-steam: Add Deck IMU support (stable-fixes). - HID: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes). - HID: hid-steam: Avoid overwriting smoothing parameter (stable-fixes). - HID: hid-steam: Clean up locking (stable-fixes). - HID: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes). - HID: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes). - HID: hid-steam: Fix cleanup in probe() (git-fixes). - HID: hid-steam: Make sure rumble work is canceled on removal (stable-fixes). - HID: hid-steam: Move hidraw input (un)registering to work (git-fixes). - HID: hid-steam: Update list of identifiers from SDL (stable-fixes). - HID: hid-steam: remove pointless error message (stable-fixes). - HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes). - HID: multitouch: Add NULL check in mt_input_configured (git-fixes). - IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes) - Input: allocate keycode for phone linking (stable-fixes). - KVM: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes). - KVM: VMX: Fix comment of handle_vmx_instruction() (git-fixes). - KVM: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes). - KVM: arm64: Do not eagerly teardown the vgic on init error (git-fixes). - KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes). - KVM: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes). - KVM: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes). - KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes) - KVM: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes). - KVM: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes). - KVM: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes). - KVM: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155). - KVM: x86/mmu: Skip the 'try unsync' path iff the old SPTE was a leaf SPTE (git-fixes). - KVM: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes). - KVM: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes). - KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes). - KVM: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes). - KVM: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes). - KVM: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes). - KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes). - KVM: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348). - KVM: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes). - PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes). - PCI: Use downstream bridges for distributing resources (bsc#1237325). - PCI: hookup irq_get_affinity callback (bsc#1236896). - PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes). - PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes). - RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes) - RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes) - RDMA/efa: Reset device on probe failure (git-fixes) - RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes) - RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes). - RDMA/mlx5: Fix AH static rate parsing (git-fixes) - RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes) - RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes) - RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes) - RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes) - RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes) - RDMA/rxe: Improve newline in printing messages (git-fixes) - Revert 'blk-throttle: Fix IO hang for a corner case' (git-fixes). - Revert 'drm/amd/display: Use HW lock mgr for PSR1' (stable-fixes). - USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes). - USB: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes). - USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes). - USB: gadget: f_midi: f_midi_complete to call queue_work (git-fixes). - USB: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes). - USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes). - USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes). - USB: serial: option: add MeiG Smart SLM828 (stable-fixes). - USB: serial: option: add Telit Cinterion FN990B compositions (stable-fixes). - USB: serial: option: drop MeiG Smart defines (stable-fixes). - USB: serial: option: fix Telit Cinterion FN990A name (stable-fixes). - Update 'drm/mgag200: Added support for the new device G200eH5' (jsc#PED-12094). - Use gcc-13 for build on SLE16 (jsc#PED-10028). - acct: block access to kernel internal filesystems (git-fixes). - acct: perform last write from workqueue (git-fixes). - add nf_tables for iptables non-legacy network handling This is needed for example by docker on the Alpine Linux distribution, but can also be used on openSUSE. - af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849). - amdgpu/pm/legacy: fix suspend/resume issues (git-fixes). - arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes) - arm64: Handle .ARM.attributes section in linker scripts (git-fixes) - arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes) - ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes). - batman-adv: Drop unmanaged ELP metric worker (git-fixes). - batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes). - batman-adv: fix panic during interface removal (git-fixes). - bio-integrity: do not restrict the size of integrity metadata (git-fixes). - blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558). - blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606). - blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes). - blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes). - blk-mq: add number of queue calc helper (bsc#1236897). - blk-mq: create correct map for fallback case (bsc#1236896). - blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes). - blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896). - blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897). - blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes). - blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes). - blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897). - blk_iocost: remove some duplicate irq disable/enables (git-fixes). - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes). - block: Clear zone limits for a non-zoned stacked queue (git-fixes). - block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes). - block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes). - block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes). - block: Provide bdev_open_* functions (git-fixes). - block: Remove special-casing of compound pages (git-fixes). - block: Set memalloc_noio to false on device_add_disk() error path (git-fixes). - block: add a disk_has_partscan helper (git-fixes). - block: add a partscan sysfs attribute for disks (git-fixes). - block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes). - block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes). - block: change rq_integrity_vec to respect the iterator (git-fixes). - block: copy back bounce buffer to user-space correctly in case of split (git-fixes). - block: ensure we hold a queue reference when using queue limits (git-fixes). - block: fix and simplify blkdevparts= cmdline parsing (git-fixes). - block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes). - block: fix integer overflow in BLKSECDISCARD (git-fixes). - block: fix missing dispatching request when queue is started or unquiesced (git-fixes). - block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes). - block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes). - block: fix sanity checks in blk_rq_map_user_bvec (git-fixes). - block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes). - block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes). - block: retry call probe after request_module in blk_request_module (git-fixes). - block: return unsigned int from bdev_io_min (git-fixes). - block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes). - block: support to account io_ticks precisely (git-fixes). - block: use the right type for stub rq_integrity_vec() (git-fixes). - bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes). - bnxt_en: Refactor bnxt_ptp_init() (git-fixes). - bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes). - btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232). - btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232). - can: c_can: fix unbalanced runtime PM disable in error path (git-fixes). - can: ctucanfd: handle skb allocation failure (git-fixes). - can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes). - can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes). - chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes). - cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes). - cifs: Remove intermediate object of failed create reparse call (git-fixes). - cifs: commands that are retried should have replay flag set (bsc#1231432). - cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432). - cifs: helper function to check replayable error codes (bsc#1231432). - cifs: new mount option called retrans (bsc#1231432). - cifs: open_cached_dir should not rely on primary channel (bsc#1231432). - cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes). - cifs: update desired access while requesting for directory lease (git-fixes). - cifs: update the same create_guid on replay (git-fixes). - clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-img: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes). - clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes). - clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes). - clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes). - clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes). - clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes). - clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes). - cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562). - cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562). - cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes). - cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes). - cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes). - cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes). - cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes). - cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes). - cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes). - cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes). - cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes). - cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes). - cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes). - cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes). - cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes). - cpufreq: s3c64xx: Fix compilation warning (stable-fixes). - crypto: hisilicon/sec2 - fix for aead icv error (git-fixes). - crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes). - crypto: hisilicon/sec2 - optimize the error return process (stable-fixes). - cxgb4: Avoid removal of uninserted tid (git-fixes). - cxgb4: use port number to set mac addr (git-fixes). - devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234). - dlm: fix srcu_read_lock() return type to int (git-fixes). - doc: update managed_irq documentation (bsc#1236897). - driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896). - drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes). - drm/amd/pm: Mark MM activity as unsupported (stable-fixes). - drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes). - drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes). - drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes). - drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759). - drm/amdkfd: only flush the validate MES contex (stable-fixes). - drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes). - drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes). - drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes). - drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes). - drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes). - drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes). - drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes). - drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes). - drm/i915/pmu: Fix zero delta busyness issue (git-fixes). - drm/i915/selftests: avoid using uninitialized context (git-fixes). - drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes). - drm/i915: Fix page cleanup on DMA remap failure (git-fixes). - drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes). - drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes). - drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094) - drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes). - drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes). - drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes). - drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes). - drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes). - drm/msm: Avoid rounding up to one jiffy (git-fixes). - drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes). - drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes). - drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes). - drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes). - drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes). - drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes). - drm/virtio: New fence for every plane update (stable-fixes). - efi: Avoid cold plugged memory for placing the kernel (stable-fixes). - efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes). - eth: gve: use appropriate helper to set xdp_features (git-fixes). - exfat: convert to ctime accessor functions (git-fixes). - exfat: fix file being changed by unaligned direct write (git-fixes). - exfat: fix zero the unwritten part for dio read (git-fixes). - fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes). - firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes). - futex: Do not include process MM in futex key on no-MMU (git-fixes). - gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes). - gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes). - gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes). - gpio: pca953x: Improve interrupt support (git-fixes). - gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes). - gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes). - gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes). - gup: make the stack expansion warning a bit more targeted (bsc#1238214). - hfs: Sanity check the root record (git-fixes). - i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes). - i2c: ls2x: Fix frequency division register access (git-fixes). - i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes). - iavf: allow changing VLAN state without calling PF (git-fixes). - ice: Skip PTP HW writes during PTP reset procedure (git-fixes). - ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415). - ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415). - ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes). - ice: fix incorrect PHY settings for 100 GB/s (git-fixes). - ice: fix max values for dpll pin phase adjust (git-fixes). - ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415). - ice: gather page_count()'s of each frag right before XDP prog call (git-fixes). - ice: put Rx buffers after being done with current frame (git-fixes). - ice: stop storing XDP verdict within ice_rx_buf (git-fixes). - ice: use internal pf id instead of function number (git-fixes). - idpf: add read memory barrier when checking descriptor done bit (git-fixes). - idpf: call set_real_num_queues in idpf_open (bsc#1236661). - idpf: convert workqueues to unbound (git-fixes). - idpf: fix VF dynamic interrupt ctl register initialization (git-fixes). - idpf: fix handling rsc packet with a single segment (git-fixes). - igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes). - igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes). - igc: return early when failing to read EECD register (git-fixes). - iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes). - kabi: fix bus type (bsc#1236896). - kabi: fix group_cpus_evenly (bsc#1236897). - kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749). - kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes). - kbuild: userprogs: fix bitsize and target detection on clang (git-fixes). - kernel-source: Also replace bin/env - lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897). - lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897). - lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes). - lib: stackinit: hide never-taken branch from compiler (stable-fixes). - lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes). - lockdep: fix deadlock issue between lockdep and rcu (git-fixes). - locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes). - locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes). - loop: do not set QUEUE_FLAG_NOMERGES (git-fixes). - md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes). - md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes). - md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes). - md/md-cluster: fix spares warnings for __le64 (git-fixes). - md/raid0: do not free conf on raid0_run failure (git-fixes). - md/raid1: do not free conf on raid0_run failure (git-fixes). - md/raid5: Wait sync io to finish before changing group cnt (git-fixes). - md: Do not flush sync_work in md_write_start() (git-fixes). - md: convert comma to semicolon (git-fixes). - media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes). - media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes). - media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes). - media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes). - media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes). - mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes). - mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes). - mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes). - mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes). - mptcp: export local_address (git-fixes) - mptcp: fix NL PM announced address accounting (git-fixes) - mptcp: fix data races on local_id (git-fixes) - mptcp: fix inconsistent state on fastopen race (bsc#1222672). - mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes) - mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes) - mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes) - mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes) - mptcp: pm: deny endp with signal + subflow + port (git-fixes) - mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes) - mptcp: pm: do not try to create sf if alloc failed (git-fixes) - mptcp: pm: fullmesh: select the right ID later (git-fixes) - mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes) - mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes) - mptcp: pm: re-using ID of unused flushed subflows (git-fixes) - mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes) - mptcp: pm: re-using ID of unused removed subflows (git-fixes) - mptcp: pm: reduce indentation blocks (git-fixes) - mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes) - mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes) - mptcp: unify pm get_local_id interfaces (git-fixes) - mptcp: unify pm set_flags interfaces (git-fixes) - mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes). - mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes). - mtd: rawnand: cadence: fix unchecked dereference (git-fixes). - mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes). - nbd: Fix signal handling (git-fixes). - nbd: Improve the documentation of the locking assumptions (git-fixes). - nbd: do not allow reconnect after disconnect (git-fixes). - net/mlx5: Correct TASR typo into TSAR (git-fixes). - net/mlx5: Fix RDMA TX steering prio (git-fixes). - net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981). - net/mlx5: SF, Fix add port error handling (git-fixes). - net/mlx5: Verify support for scheduling element and TSAR type (git-fixes). - net/mlx5e: Always start IPsec sequence number from 1 (git-fixes). - net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes). - net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes). - net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994). - net: Fix undefined behavior in netdev name allocation (bsc#1233749). - net: avoid UAF on deleted altname (bsc#1233749). - net: check for altname conflicts when changing netdev's netns (bsc#1233749). - net: core: Use the bitmap API to allocate bitmaps (bsc#1233749). - net: do not send a MOVE event when netdev changes netns (bsc#1233749). - net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749). - net: fix ifname in netlink ntf during netns move (bsc#1233749). - net: fix removing a namespace with conflicting altnames (bsc#1233749). - net: free altname using an RCU callback (bsc#1233749). - net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749). - net: move altnames together with the netdevice (bsc#1233749). - net: reduce indentation of __dev_alloc_name() (bsc#1233749). - net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749). - net: remove else after return in dev_prep_valid_name() (bsc#1233749). - net: rose: lock the socket in rose_bind() (git-fixes). - net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes). - net: smc: fix spurious error message from __sock_release() (bsc#1237126). - net: trust the bitmap in __dev_alloc_name() (bsc#1233749). - net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes). - nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes). - null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes). - null_blk: Fix missing mutex_destroy() at module removal (git-fixes). - null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes). - null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes). - null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes). - null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes). - null_blk: fix validation of block size (git-fixes). - nvme-fc: use ctrl state getter (git-fixes). - nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes). - nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes). - nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897). - nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes). - nvme/ioctl: add missing space in err message (git-fixes). - nvme: handle connectivity loss in nvme_set_queue_count (git-fixes). - nvme: make nvme_tls_attrs_group static (git-fixes). - nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - nvme: tcp: Fix compilation warning with W=1 (git-fixes). - nvmet: Fix crash when a namespace is disabled (git-fixes). - ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138). - padata: Clean up in padata_do_multithreaded() (bsc#1237563). - padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563). - partitions: ldm: remove the initial kernel-doc notation (git-fixes). - phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes). - phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes). - phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes). - pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes). - platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452). - platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452). - platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452). - platform/x86: ISST: Ignore minor version change (bsc#1237452). - platform/x86: acer-wmi: Ignore AC events (stable-fixes). - platform/x86: int3472: Check for adev == NULL (stable-fixes). - power: supply: da9150-fg: fix potential overflow (git-fixes). - powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199). - powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199). - powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199). - powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199). - powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932). - powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988). - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950). - rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes). - rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes). - rbd: do not move requests to the running list on errors (git-fixes). - rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes). - regmap-irq: Add missing kfree() (git-fixes). - rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303) - s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205). - s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158). - s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200). - s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752). - s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368). - s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752). - s390/pci: Ignore RID for isolated VFs (bsc#1236752). - s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368). - s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752). - s390/pci: Use topology ID for multi-function devices (bsc#1236752). - s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199). - s390/topology: Improve topology detection (bsc#1236591). - s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203). - scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes). - scsi: core: Clear driver private data when retrying request (git-fixes). - scsi: core: Handle depopulation and restoration in progress (git-fixes). - scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347). - scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347). - scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347). - scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347). - scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347). - scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347). - scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes). - scsi: use block layer helpers to calculate num of queues (bsc#1236897). - selftest: hugetlb_dio: fix test naming (git-fixes). - selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes). - selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes). - selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes). - selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes). - selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes). - selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes). - selftests: mptcp: connect: -f: no reconnect (git-fixes). - selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes). - serial: 8250: Fix fifo underflow on flush (git-fixes). - serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes). - smb3: fix creating FIFOs when mounting with 'sfu' mount option (git-fixes). - smb3: request handle caching when caching directories (bsc#1231432). - smb3: retrying on failed server close (bsc#1231432). - smb: cached directories can be more than root file handle (bsc#1231432). - smb: cilent: set reparse mount points as automounts (git-fixes). - smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes). - smb: client: Fix minor whitespace errors and warnings (git-fixes). - smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes). - smb: client: add support for WSL reparse points (git-fixes). - smb: client: allow creating special files via reparse points (git-fixes). - smb: client: allow creating symlinks via reparse points (git-fixes). - smb: client: cleanup smb2_query_reparse_point() (git-fixes). - smb: client: do not query reparse points twice on symlinks (git-fixes). - smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432). - smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432). - smb: client: fix OOB in smb2_query_reparse_point() (git-fixes). - smb: client: fix corruption in cifs_extend_writeback (bsc#1235609). - smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes). - smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes). - smb: client: fix hardlinking of reparse points (git-fixes). - smb: client: fix missing mode bits for SMB symlinks (git-fixes). - smb: client: fix possible double free in smb2_set_ea() (git-fixes). - smb: client: fix potential broken compound request (git-fixes). - smb: client: fix renaming of reparse points (git-fixes). - smb: client: get rid of smb311_posix_query_path_info() (git-fixes). - smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes). - smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes). - smb: client: handle path separator of created SMB symlinks (git-fixes). - smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes). - smb: client: ignore unhandled reparse tags (git-fixes). - smb: client: implement ->query_reparse_point() for SMB1 (git-fixes). - smb: client: instantiate when creating SFU files (git-fixes). - smb: client: introduce ->parse_reparse_point() (git-fixes). - smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes). - smb: client: introduce cifs_sfu_make_node() (git-fixes). - smb: client: introduce reparse mount option (git-fixes). - smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432). - smb: client: move most of reparse point handling code to common file (git-fixes). - smb: client: move some params to cifs_open_info_data (bsc#1231432). - smb: client: optimise reparse point querying (git-fixes). - smb: client: parse owner/group when creating reparse points (git-fixes). - smb: client: parse reparse point flag in create response (bsc#1231432). - smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes). - smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896). - smb: client: reduce number of parameters in smb2_compound_op() (git-fixes). - smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432). - smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes). - smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432). - smb: client: retry compound request without reusing lease (git-fixes). - smb: client: return reparse type in /proc/mounts (git-fixes). - smb: client: reuse file lease key in compound operations (git-fixes). - smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes). - smb: client: set correct file type from NFS reparse points (git-fixes). - smb: client: stop revalidating reparse points unnecessarily (git-fixes). - smb: use kernel_connect() and kernel_bind() (git-fixes). - soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes). - soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes). - soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes). - soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes). - soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes). - soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes). - spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes). - spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes). - spi: sn-f-ospi: Fix division by zero (git-fixes). - tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367). - tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes). - tools: fix annoying 'mkdir -p ...' logs when building tools in parallel (git-fixes). - ublk: fix error code for unsupported command (git-fixes). - ublk: fix ublk_ch_mmap() for 64K page size (git-fixes). - ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes). - ublk: move zone report data out of request pdu (git-fixes). - usb: cdc-acm: Check control transfer buffer size before access (git-fixes). - usb: cdc-acm: Fix handling of oversized fragments (git-fixes). - usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes). - usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes). - usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes). - usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes). - usb: gadget: core: flush gadget workqueue after device removal (git-fixes). - usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes). - usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes). - usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes). - usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes). - usb: roles: set switch registered flag early on (git-fixes). - usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes). - usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes). - usbnet: ipheth: document scope of NCM implementation (stable-fixes). - util_macros.h: fix/rework find_closest() macros (git-fixes). - vhost/net: Set num_buffers for virtio 1.0 (git-fixes). - virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896). - virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897). - virtio: hookup irq_get_affinity callback (bsc#1236896). - virtio_blk: reverse request order in virtio_queue_rqs (git-fixes). - wifi: ath12k: fix handling of 6 GHz rules (git-fixes). - wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes). - wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes). - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes). - wifi: iwlwifi: avoid memory leak (stable-fixes). - wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes). - wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes). - wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes). - wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes). - wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes). - wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes). - x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes). - x86/asm: Make serialize() always_inline (git-fixes). - x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes). - x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes). - x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes). - x86/mm: Carve out INVLPG inline asm for use by others (git-fixes). - x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes). - x86/xen: allow larger contiguous memory regions in PV guests (git-fixes). - x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes). - xen/swiotlb: relax alignment requirements (git-fixes). - xhci: dbgtty: remove kfifo_out() wrapper (git-fixes). - zram: clear IDLE flag after recompression (git-fixes). - zram: clear IDLE flag in mark_idle() (git-fixes). - zram: do not mark idle slots that cannot be idle (git-fixes). - zram: fix potential UAF of zram table (git-fixes). - zram: fix uninitialized ZRAM not releasing backing device (git-fixes). - zram: refuse to use zero sized block device as backing device (git-fixes). - zram: split memory-tracking and ac-time tracking (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes). - Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes). - arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes) - arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes) - arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes) - bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes). - drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes). - drm/sched: Fix preprocessor guard (git-fixes). - exfat: do not zero the extended part (bsc#1237356). - exfat: fix appending discontinuous clusters to empty file (bsc#1237356). - exfat: fix timing of synchronizing bitmap and inode (bsc#1237356). - ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497). - initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521). - mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes) - packaging: Turn gcc version into config.sh variable. - rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570) - scsi: core: Do not retry I/Os during depopulation (git-fixes). - scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes). - scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes). - scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes). - scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes). - scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes). - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes). - scsi: megaraid_sas: Fix for a potential deadlock (git-fixes). - scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes). - scsi: mpi3mr: Start controller indexing from 0 (git-fixes). - scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes). - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253). - scsi: myrb: Remove dead code (git-fixes). - scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes). - scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes). - scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes). - scsi: sg: Enable runtime power management (git-fixes). - scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes). - scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes). - wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes). - wifi: iwlwifi: limit printed string from FW file (git-fixes). - wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes). - wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes). Important SUSE bug 1012628 SUSE bug 1215199 SUSE bug 1219367 SUSE bug 1222672 SUSE bug 1222803 SUSE bug 1225606 SUSE bug 1225742 SUSE bug 1225981 SUSE bug 1227937 SUSE bug 1228521 SUSE bug 1230235 SUSE bug 1230438 SUSE bug 1230439 SUSE bug 1230497 SUSE bug 1231432 SUSE bug 1231912 SUSE bug 1231920 SUSE bug 1231949 SUSE bug 1232159 SUSE bug 1232198 SUSE bug 1232201 SUSE bug 1232299 SUSE bug 1232508 SUSE bug 1232520 SUSE bug 1232919 SUSE bug 1233028 SUSE bug 1233109 SUSE bug 1233483 SUSE bug 1233749 SUSE bug 1234070 SUSE bug 1234853 SUSE bug 1234857 SUSE bug 1234891 SUSE bug 1234894 SUSE bug 1234895 SUSE bug 1234896 SUSE bug 1234963 SUSE bug 1235032 SUSE bug 1235054 SUSE bug 1235061 SUSE bug 1235073 SUSE bug 1235435 SUSE bug 1235485 SUSE bug 1235592 SUSE bug 1235599 SUSE bug 1235609 SUSE bug 1235932 SUSE bug 1235933 SUSE bug 1236113 SUSE bug 1236114 SUSE bug 1236115 SUSE bug 1236122 SUSE bug 1236123 SUSE bug 1236133 SUSE bug 1236138 SUSE bug 1236199 SUSE bug 1236200 SUSE bug 1236203 SUSE bug 1236205 SUSE bug 1236573 SUSE bug 1236575 SUSE bug 1236576 SUSE bug 1236591 SUSE bug 1236661 SUSE bug 1236677 SUSE bug 1236681 SUSE bug 1236682 SUSE bug 1236684 SUSE bug 1236689 SUSE bug 1236700 SUSE bug 1236702 SUSE bug 1236752 SUSE bug 1236759 SUSE bug 1236821 SUSE bug 1236822 SUSE bug 1236896 SUSE bug 1236897 SUSE bug 1236952 SUSE bug 1236967 SUSE bug 1236994 SUSE bug 1237007 SUSE bug 1237017 SUSE bug 1237025 SUSE bug 1237028 SUSE bug 1237045 SUSE bug 1237126 SUSE bug 1237132 SUSE bug 1237139 SUSE bug 1237155 SUSE bug 1237158 SUSE bug 1237159 SUSE bug 1237232 SUSE bug 1237234 SUSE bug 1237325 SUSE bug 1237356 SUSE bug 1237415 SUSE bug 1237452 SUSE bug 1237504 SUSE bug 1237521 SUSE bug 1237558 SUSE bug 1237562 SUSE bug 1237563 SUSE bug 1237848 SUSE bug 1237849 SUSE bug 1237879 SUSE bug 1237889 SUSE bug 1237891 SUSE bug 1237901 SUSE bug 1237950 SUSE bug 1238214 SUSE bug 1238303 SUSE bug 1238347 SUSE bug 1238368 SUSE bug 1238509 SUSE bug 1238525 SUSE bug 1238570 SUSE bug 1238739 SUSE bug 1238751 SUSE bug 1238753 SUSE bug 1238759 SUSE bug 1238860 SUSE bug 1238863 SUSE bug 1238877 CVE-2023-52924 at SUSE CVE-2023-52924 at NVD CVE-2023-52925 at SUSE CVE-2023-52925 at NVD CVE-2024-26708 at SUSE CVE-2024-26708 at NVD CVE-2024-26810 at SUSE CVE-2024-26810 at NVD CVE-2024-40980 at SUSE CVE-2024-40980 at NVD CVE-2024-41055 at SUSE CVE-2024-41055 at NVD CVE-2024-44974 at SUSE CVE-2024-44974 at NVD CVE-2024-45009 at SUSE CVE-2024-45009 at NVD CVE-2024-45010 at SUSE CVE-2024-45010 at NVD CVE-2024-47701 at SUSE CVE-2024-47701 at NVD CVE-2024-49884 at SUSE CVE-2024-49884 at NVD CVE-2024-49950 at SUSE CVE-2024-49950 at NVD CVE-2024-50029 at SUSE CVE-2024-50029 at NVD CVE-2024-50036 at SUSE CVE-2024-50036 at NVD CVE-2024-50073 at SUSE CVE-2024-50073 at NVD CVE-2024-50085 at SUSE CVE-2024-50085 at NVD CVE-2024-50115 at SUSE CVE-2024-50115 at NVD CVE-2024-50142 at SUSE CVE-2024-50142 at NVD CVE-2024-50185 at SUSE CVE-2024-50185 at NVD CVE-2024-50294 at SUSE CVE-2024-50294 at NVD CVE-2024-53123 at SUSE CVE-2024-53123 at NVD CVE-2024-53147 at SUSE CVE-2024-53147 at NVD CVE-2024-53173 at SUSE CVE-2024-53173 at NVD CVE-2024-53176 at SUSE CVE-2024-53176 at NVD CVE-2024-53177 at SUSE CVE-2024-53177 at NVD CVE-2024-53178 at SUSE CVE-2024-53178 at NVD CVE-2024-53226 at SUSE CVE-2024-53226 at NVD CVE-2024-53239 at SUSE CVE-2024-53239 at NVD CVE-2024-56539 at SUSE CVE-2024-56539 at NVD CVE-2024-56548 at SUSE CVE-2024-56548 at NVD CVE-2024-56568 at SUSE CVE-2024-56568 at NVD CVE-2024-56579 at SUSE CVE-2024-56579 at NVD CVE-2024-56605 at SUSE CVE-2024-56605 at NVD CVE-2024-56633 at SUSE CVE-2024-56633 at NVD CVE-2024-56647 at SUSE CVE-2024-56647 at NVD CVE-2024-56720 at SUSE CVE-2024-56720 at NVD CVE-2024-57889 at SUSE CVE-2024-57889 at NVD CVE-2024-57948 at SUSE CVE-2024-57948 at NVD CVE-2024-57994 at SUSE CVE-2024-57994 at NVD CVE-2025-21636 at SUSE CVE-2025-21636 at NVD CVE-2025-21637 at SUSE CVE-2025-21637 at NVD CVE-2025-21638 at SUSE CVE-2025-21638 at NVD CVE-2025-21639 at SUSE CVE-2025-21639 at NVD CVE-2025-21640 at SUSE CVE-2025-21640 at NVD CVE-2025-21647 at SUSE CVE-2025-21647 at NVD CVE-2025-21665 at SUSE CVE-2025-21665 at NVD CVE-2025-21667 at SUSE CVE-2025-21667 at NVD CVE-2025-21668 at SUSE CVE-2025-21668 at NVD CVE-2025-21673 at SUSE CVE-2025-21673 at NVD CVE-2025-21680 at SUSE CVE-2025-21680 at NVD CVE-2025-21681 at SUSE CVE-2025-21681 at NVD CVE-2025-21684 at SUSE CVE-2025-21684 at NVD CVE-2025-21687 at SUSE CVE-2025-21687 at NVD CVE-2025-21688 at SUSE CVE-2025-21688 at NVD CVE-2025-21689 at SUSE CVE-2025-21689 at NVD CVE-2025-21690 at SUSE CVE-2025-21690 at NVD CVE-2025-21692 at SUSE CVE-2025-21692 at NVD CVE-2025-21697 at SUSE CVE-2025-21697 at NVD CVE-2025-21699 at SUSE CVE-2025-21699 at NVD CVE-2025-21700 at SUSE CVE-2025-21700 at NVD CVE-2025-21705 at SUSE CVE-2025-21705 at NVD CVE-2025-21715 at SUSE CVE-2025-21715 at NVD CVE-2025-21716 at SUSE CVE-2025-21716 at NVD CVE-2025-21719 at SUSE CVE-2025-21719 at NVD CVE-2025-21724 at SUSE CVE-2025-21724 at NVD CVE-2025-21725 at SUSE CVE-2025-21725 at NVD CVE-2025-21728 at SUSE CVE-2025-21728 at NVD CVE-2025-21767 at SUSE CVE-2025-21767 at NVD CVE-2025-21790 at SUSE CVE-2025-21790 at NVD CVE-2025-21795 at SUSE CVE-2025-21795 at NVD CVE-2025-21799 at SUSE CVE-2025-21799 at NVD CVE-2025-21802 at SUSE CVE-2025-21802 at NVD cpe:/o:opensuse:leap:15.6 Security update for build (Important) openSUSE Leap 15.6 This update for build fixes the following issues: - CVE-2024-22038: Fixed DoS attacks, information leaks with crafted Git repositories (bnc#1230469) Other fixes: - Fixed behaviour when using '--shell' aka 'osc shell' option in a VM build. Startup is faster and permissions stay intact now. - fixes for POSIX compatibility for obs-docker-support adn mkbaselibs - Add support for apk in docker/podman builds - Add support for 'wget' in Docker images - Fix debian support for Dockerfile builds - Fix preinstallimages in containers - mkosi: add back system-packages used by build-recipe directly - pbuild: parse the Release files for debian repos - mkosi: drop most systemd/build-packages deps and use obs_scm directory as source if present - improve source copy handling - Introduce --repos-directory and --containers-directory options - productcompose: support of building against a baseiso - preinstallimage: avoid inclusion of build script generated files - preserve timestamps on sources copy-in for kiwi and productcompose - alpine package support updates - tumbleweed config update - debian: Support installation of foreign architecture packages (required for armv7l setups) - Parse unknown timezones as UTC - Apk (Alpine Linux) format support added - Implement default value in parameter expansion - Also support supplements that use & as 'and' - Add workaround for skopeo's argument parser - add cap-htm=off on power9 - Fixed usage of chown calls - Remove leading `go` from `purl` locators - container related: * Implement support for the new <containers> element in kiwi recipes * Fixes for SBOM and dependencies of multi stage container builds * obs-docker-support: enable dnf and yum substitutions - Arch Linux: * fix file path for Arch repo * exclude unsupported arch * Use root as download user - build-vm-qemu: force sv48 satp mode on riscv64 - mkosi: * Create .sha256 files after mkosi builds * Always pass --image-version to mkosi - General improvements and bugfixes (mkosi, pbuild, appimage/livebuild, obs work detection, documention, SBOM) - Support slsa v1 in unpack_slsa_provenance - generate_sbom: do not clobber spdx supplier - Harden export_debian_orig_from_git (bsc#1230469) - SBOM generation: - Adding golang introspection support - Adding rust binary introspection support - Keep track of unknwon licenses and add a 'hasExtractedLicensingInfos' section - Also normalize licenses for cyclonedx - Make generate_sbom errors fatal - general improvements - Fix noprep building not working because the buildir is removed - kiwi image: also detect a debian build if /var/lib/dpkg/status is present - Do not use the Encode module to convert a code point to utf8 - Fix personality syscall number for riscv - add more required recommendations for KVM builds - set PACKAGER field in build-recipe-arch - fix writing _modulemd.yaml - pbuild: support --release and --baselibs option - container: - copy base container information from the annotation into the containerinfo - track base containers over multiple stages - always put the base container last in the dependencies - providing fileprovides in createdirdeps tool - Introduce buildflag nochecks - productcompose: support __all__ option - config update: tumbleweed using preinstallexpand - minor improvements - tumbleweed build config update - support the %load macro - improve container filename generation (docker) - fix hanging curl calls during build (docker) - productcompose: fix milestone query - tumbleweed build config update - 15.6 build config fixes - sourcerpm & sourcedep handling fixes - productcompose: - Fix milestone handling - Support bcntsynctag - Adding debian support to generate_sbom - Add syscall for personality switch on loongarch64 kernel - vm-build: ext3 & ext4: fix disk space allocation - mkosi format updates, not fully working yet - pbuild exception fixes - Fixes for current fedora and centos distros - Don't copy original dsc sources if OBS-DCH-RELEASE set - Unbreak parsing of sources/patches - Support ForceMultiVersion in the dockerfile parser - Support %bcond of rpm 4.17.1 - Add a hack for systemd 255.3, creating an empty /etc/os-release if missing after preinstall. - docker: Fix HEAD request in dummyhttpserver - pbuild: Make docker-nobasepackages expand flag the default - rpm: Support a couple of builtin rpm macros - rpm: Implement argument expansion for define/with/bcond... - Fix multiline macro handling - Accept -N parameter of %autosetup - documentation updates - various code cleanup and speedup work. - ProductCompose: multiple improvements - Add buildflags:define_specfile support - Fix copy-in of git subdirectory sources - pbuild: Speed up XML parsing - pubild: product compose support - generate_sbom: add help option - podman: enforce runtime=runc - Implement direct conflicts from the distro config - changelog2spec: fix time zone handling - Do not unmount /proc/sys/fs/binfmt_misc before runnint the check scripts - spec file cleanup - documentation updates - productcompose: - support schema 0.1 - support milestones - Leap 15.6 config - SLE 15 SP6 config - productcompose: follow incompatible flavor syntax change - pbuild: support for zstd - fixed handling for cmdline parameters via kernel packages - productcompose: * BREAKING: support new schema * adapt flavor architecture parsing - productcompose: * support filtered package lists * support default architecture listing * fix copy in binaries in VM builds^ - obsproduct build type got renamed to productcompose - Support zstd compressed rpm-md meta data (bsc#1217269) - Added Debian 12 configuration - First ObsProduct build format support - fix SLE 15 SP5 build configuration - Improve user agent handling for obs repositories - Docker: - Support flavor specific build descriptions via Dockerfile.$flavor - support 'PlusRecommended' hint to also provide recommended packages - use the name/version as filename if both are known - Produce docker format containers by default - pbuild: Support for signature authentification of OBS resources - Fix wiping build root for --vm-type podman - Put BUILD_RELEASE and BUILD_CHANGELOG_TIMESTAMP in the /.buildenv - build-vm-kvm: use -cpu host on riscv64 - small fixes and cleanups - Added parser for BcntSyncTag in sources - pbuild: * fix dependency expansion for build types other than spec * Reworked cycle handling code * add --extra-packs option * add debugflags option - Pass-through --buildtool-opt - Parse Patch and Source lines more accurately - fix tunefs functionality - minor bugfixes - --vm-type=podman added (supports also root-less builds) - Also support build constraints in the Dockerfile - minor fixes - Add SUSE ALP build config - BREAKING: Record errors when parsing the project config former behaviour was undefined - container: Support compression format configuration option - Don't setup ccache with --no-init - improved loongarch64 support - sbom: SPDX supplier tag added - kiwi: support different versions per profile - preinstallimage: fail when recompression fails - Add support for recommends and supplements dependencies - Support the 'keepfilerequires' expand flag - add '--buildtool-opt=OPTIONS' to pass options to the used build tool - distro config updates * ArchLinux * Tumbleweed - documentation updates - openSUSE Tumbleweed: sync config and move to suse_version 1699. - universal post-build hook, just place a file in /usr/lib/build/post_build.d/ - mkbaselibs/hwcaps, fix pattern name once again (x86_64_v3) - KiwiProduct: add --use-newest-package hint if the option is set - Dockerfile support: * export multibuild flavor as argument * allow parameters in FROM .. scratch lines * include OS name in build result if != linux - Workaround directory->symlink usrmerge problems for cross arch sysroot - multiple fixes for SBOM support - KIWI VM image SBOM support added Important SUSE bug 1217269 SUSE bug 1230469 CVE-2024-22038 at SUSE CVE-2024-22038 at NVD cpe:/o:opensuse:leap:15.6 Security update for rubygem-rack-1_6 (Important) openSUSE Leap 15.6 This update for rubygem-rack-1_6 fixes the following issues: - CVE-2025-27610: Fixed improper sanitization of user-supplied paths when serving files leading to local file inclusion (bsc#1239298). - CVE-2025-25184: Fixed Rack::CommonLogger log entry manipulation (bsc#1237141). Important SUSE bug 1237141 SUSE bug 1239298 CVE-2025-25184 at SUSE CVE-2025-25184 at NVD CVE-2025-27610 at SUSE CVE-2025-27610 at NVD cpe:/o:opensuse:leap:15.6 Security update for python (Low) openSUSE Leap 15.6 This update for python fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307). Low SUSE bug 1233307 CVE-2024-11168 at SUSE CVE-2024-11168 at NVD cpe:/o:opensuse:leap:15.6 Security update for ffmpeg-4 (Important) openSUSE Leap 15.6 This update for ffmpeg-4 fixes the following issues: - CVE-2025-22921: Fixed segmentation violation in NULL pointer dereference via the component /libavcodec/jpeg2000dec.c (bsc#1237382). - CVE-2025-25473: Fixed memory leak in avformat_free_context() (bsc#1237351). - CVE-2025-0518: Fixed unchecked sscanf return value which leads to memory data leak (bsc#1236007). - CVE-2025-22919: Fixed denial of service (DoS) via opening a crafted AAC file (bsc#1237371). - CVE-2024-12361: Fixed NULL Pointer Dereference (bsc#1237358). - CVE-2024-35368: Fixed Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c (bsc#1234028). - CVE-2024-36613: Fixed Integer overflow in ffmpeg (bsc#1235092). - CVE-2023-50010: Fixed arbitrary code execution via the set_encoder_id function in /fftools/ffmpeg_enc.c component (bsc#1223256). - CVE-2023-51794: Fixed heap-buffer-overflow at libavfilter/af_stereowiden.c (bsc#1223437). - CVE-2023-51793: Fixed heap buffer overflow in the image_copy_plane function in libavutil/imgutils.c (bsc#1223272). - CVE-2023-49502: Fixed heap buffer overflow via the ff_bwdif_filter_intra_c function in libavfilter/bwdifdsp.c (bsc#1223235). - CVE-2023-51798: Fixed floating point exception(FPE) via the interpolate function in libavfilter/vf_minterpolate.c (bsc#1223304). - CVE-2024-31578: Fixed heap use-after-free via the av_hwframe_ctx_init function (bsc#1223070). - CVE-2024-7055: Fixed heap-based buffer overflow in pnmdec.c (bsc#1229026). - CVE-2024-32230: Fixed buffer overflow due to negative-size-param bug at libavcodec/mpegvideo_enc.c in load_input_picture (bsc#1227296). Other fixes: - Updated to version 4.4.5. Important SUSE bug 1202848 SUSE bug 1215945 SUSE bug 1223070 SUSE bug 1223235 SUSE bug 1223256 SUSE bug 1223272 SUSE bug 1223304 SUSE bug 1223437 SUSE bug 1227296 SUSE bug 1229026 SUSE bug 1229338 SUSE bug 1234028 SUSE bug 1235092 SUSE bug 1236007 SUSE bug 1237351 SUSE bug 1237358 SUSE bug 1237371 SUSE bug 1237382 CVE-2023-49502 at SUSE CVE-2023-49502 at NVD CVE-2023-50010 at SUSE CVE-2023-50010 at NVD CVE-2023-51793 at SUSE CVE-2023-51793 at NVD CVE-2023-51794 at SUSE CVE-2023-51794 at NVD CVE-2023-51798 at SUSE CVE-2023-51798 at NVD CVE-2024-12361 at SUSE CVE-2024-12361 at NVD CVE-2024-31578 at SUSE CVE-2024-31578 at NVD CVE-2024-32230 at SUSE CVE-2024-32230 at NVD CVE-2024-35368 at SUSE CVE-2024-35368 at NVD CVE-2024-36613 at SUSE CVE-2024-36613 at NVD CVE-2024-7055 at SUSE CVE-2024-7055 at NVD CVE-2025-0518 at SUSE CVE-2025-0518 at NVD CVE-2025-22919 at SUSE CVE-2025-22919 at NVD CVE-2025-22921 at SUSE CVE-2025-22921 at NVD CVE-2025-25473 at SUSE CVE-2025-25473 at NVD cpe:/o:opensuse:leap:15.6 Security update for amazon-ssm-agent (Moderate) openSUSE Leap 15.6 This update for amazon-ssm-agent fixes the following issues: - CVE-2025-22870: golang.org/x/net/proxy: Fixed proxy bypass using IPv6 zone IDs (bsc#1238702) Moderate SUSE bug 1238702 CVE-2025-22870 at SUSE CVE-2025-22870 at NVD cpe:/o:opensuse:leap:15.6 Security update for rubygem-rack (Important) openSUSE Leap 15.6 This update for rubygem-rack fixes the following issues: - CVE-2025-25184: Fixed escape sequence injection vulnerability in rack leading to possible log injection (bsc#1237141) - CVE-2025-27111: Fixed escape sequence injection vulnerability in rack leading to possible log injection (bsc#1238607) - CVE-2025-27610: Fixed improper sanitization of user-supplied paths (bsc#1239298) Important SUSE bug 1237141 SUSE bug 1238607 SUSE bug 1239298 CVE-2025-25184 at SUSE CVE-2025-25184 at NVD CVE-2025-27111 at SUSE CVE-2025-27111 at NVD CVE-2025-27610 at SUSE CVE-2025-27610 at NVD cpe:/o:opensuse:leap:15.6 Security update for google-cloud-sap-agent (Important) openSUSE Leap 15.6 This update for google-cloud-sap-agent fixes the following issues: - CVE-2025-22868: golang.org/x/oauth2/jws: Fixed unexpected memory consumption during token parsing (bsc#1239197) Important SUSE bug 1239197 CVE-2025-22868 at SUSE CVE-2025-22868 at NVD cpe:/o:opensuse:leap:15.6 Security update for python312 (Low) openSUSE Leap 15.6 This update for python312 fixes the following issues: - CVE-2025-1795: Fixed mishandling of comma during folding and unicode-encoding of email headers (bsc#1238450). Low SUSE bug 1238450 SUSE bug 1239210 CVE-2025-1795 at SUSE CVE-2025-1795 at NVD cpe:/o:opensuse:leap:15.6 Security update for erlang (Moderate) openSUSE Leap 15.6 This update for erlang fixes the following issues: - CVE-2025-26618: Fixed SSH SFTP packet size not verified properly in Erlang OTP (bsc#1237467). Moderate SUSE bug 1237467 CVE-2025-26618 at SUSE CVE-2025-26618 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26708: mptcp: fix inconsistent state on fastopen race (bsc#1222672). - CVE-2024-40980: drop_monitor: replace spin_lock by raw_spin_lock (bsc#1227937). - CVE-2024-44974: mptcp: pm: avoid possible UaF when selecting endp (bsc#1230235). - CVE-2024-45009: mptcp: pm: only decrement add_addr_accepted for MPJ req (bsc#1230438). - CVE-2024-45010: mptcp: pm: only mark 'subflow' endp as available (bsc#1230439). - CVE-2024-50029: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync (bsc#1231949). - CVE-2024-50036: net: do not delay dst_entries_add() in dst_release() (bsc#1231912). - CVE-2024-50085: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow (bsc#1232508). - CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028). - CVE-2024-50185: kABI fix for mptcp: handle consistently DSS corruption (bsc#1233109). - CVE-2024-50294: rxrpc: Fix missing locking causing hanging calls (bsc#1233483). - CVE-2024-53123: mptcp: error out earlier on disconnect (bsc#1234070). - CVE-2024-53147: exfat: fix out-of-bounds access of directory entries (bsc#1234857). - CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894). - CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896). - CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895). - CVE-2024-56633: selftests/bpf: Add apply_bytes test to test_txmsg_redir_wait_sndmem in test_sockmap (bsc#1235485). - CVE-2024-56647: net: Fix icmp host relookup triggering ip_rt_bug (bsc#1235435). - CVE-2024-56720: bpf, sockmap: Several fixes to bpf_msg_pop_data (bsc#1235592). - CVE-2024-57994: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() (bsc#1237901). - CVE-2025-21636: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy (bsc#1236113). - CVE-2025-21637: sctp: sysctl: udp_port: avoid using current->nsproxy (bsc#1236114). - CVE-2025-21638: sctp: sysctl: auth_enable: avoid using current->nsproxy (bsc#1236115). - CVE-2025-21639: sctp: sysctl: rto_min/max: avoid using current->nsproxy (bsc#1236122). - CVE-2025-21640: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (bsc#1236123). - CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133). - CVE-2025-21665: filemap: avoid truncating 64-bit offset to 32 bits (bsc#1236684). - CVE-2025-21667: iomap: avoid avoid truncating 64-bit offset to 32 bits (bsc#1236681). - CVE-2025-21668: pmdomain: imx8mp-blk-ctrl: add missing loop break condition (bsc#1236682). - CVE-2025-21673: smb: client: fix double free of TCP_Server_Info::hostname (bsc#1236689). - CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries (bsc#1236700). - CVE-2025-21681: openvswitch: fix lockup on tx to unregistering netdev with carrier (bsc#1236702). - CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls (bsc#1237045). - CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028). - CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159). - CVE-2025-21705: mptcp: handle fastopen disconnect correctly (bsc#1238525). - CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove (bsc#1237889). - CVE-2025-21716: vxlan: Fix uninit-value in vxlan_vnifilter_dump() (bsc#1237891). - CVE-2025-21719: ipmr: do not call mr_mfc_uses_dev() for unres entries (bsc#1238860). - CVE-2025-21724: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() (bsc#1238863). - CVE-2025-21725: smb: client: fix oops due to unset link speed (bsc#1238877). - CVE-2025-21728: bpf: Send signals asynchronously if !preemptible (bsc#1237879). - CVE-2025-21767: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context (bsc#1238509). - CVE-2025-21790: vxlan: check vxlan_vnigroup_init() return value (bsc#1238753). - CVE-2025-21795: NFSD: fix hang in nfsd4_shutdown_callback (bsc#1238759). - CVE-2025-21799: net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns() (bsc#1238739). - CVE-2025-21802: net: hns3: fix oops when unload drivers paralleling (bsc#1238751). The following non-security bugs were fixed: - acct: block access to kernel internal filesystems (git-fixes). - acct: perform last write from workqueue (git-fixes). - ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes). - ACPI: property: Fix return value for nval == 0 in acpi_data_prop_read() (git-fixes). - ACPI: x86: Add skip i2c clients quirk for Vexia EDU ATLA 10 tablet 5V (stable-fixes). - add nf_tables for iptables non-legacy network handling - af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (bsc#1237849). - ALSA: hda: Add error check for snd_ctl_rename_id() in snd_hda_create_dig_out_ctls() (git-fixes). - ALSA: hda/cirrus: Correct the full scale volume set logic (git-fixes). - ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED (stable-fixes). - ALSA: hda/realtek: Fix microphone regression on ASUS N705UD (git-fixes). - ALSA: hda/realtek: Fix wrong mic setup for ASUS VivoBook 15 (git-fixes). - ALSA: hda/realtek: Fixup ALC225 depop procedure (git-fixes). - ALSA: seq: Drop UMP events when no UMP-conversion is set (git-fixes). - ALSA: seq: Make dependency on UMP clearer (git-fixes). - ALSA: seq: remove redundant 'tristate' for SND_SEQ_UMP_CLIENT (stable-fixes). - ALSA: usb-audio: Avoid dropping MIDI events at closing multiple ports (git-fixes). - ALSA: usb-audio: Re-add sample rate quirk for Pioneer DJM-900NXS2 (stable-fixes). - amdgpu/pm/legacy: fix suspend/resume issues (git-fixes). - APEI: GHES: Have GHES honor the panic= setting (stable-fixes). - arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (git-fixes) - arm64: Handle .ARM.attributes section in linker scripts (git-fixes) - arm64: hugetlb: enable __HAVE_ARCH_FLUSH_HUGETLB_TLB_RANGE (git-fixes) - arm64: hugetlb: Fix flush_hugetlb_tlb_range() invalidation level (git-fixes) - arm64: hugetlb: Fix huge_ptep_get_and_clear() for non-present ptes (git-fixes) - arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes) - ASoC: amd: Add ACPI dependency to fix build error (stable-fixes). - ASoC: es8328: fix route from DAC to output (git-fixes). - ASoC: fsl_micfil: Enable default case in micfil_set_quality() (git-fixes). - ASoC: Intel: avs: Abstract IPC handling (stable-fixes). - ASoC: Intel: avs: Do not readq() u32 registers (git-fixes). - ASoC: Intel: avs: Prefix SKL/APL-specific members (stable-fixes). - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V (stable-fixes). - ASoC: rockchip: i2s-tdm: fix shift config for SND_SOC_DAIFMT_DSP_[AB] (git-fixes). - ASoC: SOF: pcm: Clear the susbstream pointer to NULL on close (git-fixes). - ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (git-fixes). - ata: libata-sff: Ensure that we cannot write outside the allocated buffer (stable-fixes). - batman-adv: Drop unmanaged ELP metric worker (git-fixes). - batman-adv: fix panic during interface removal (git-fixes). - batman-adv: Ignore neighbor throughput metrics in error case (stable-fixes). - bio-integrity: do not restrict the size of integrity metadata (git-fixes). - blk_iocost: remove some duplicate irq disable/enables (git-fixes). - blk-cgroup: Fix class @block_class's subsystem refcount leakage (bsc#1237558). - blk-cgroup: Properly propagate the iostat update up the hierarchy (bsc#1225606). - blk-iocost: Avoid using clamp() on inuse in __propagate_weights() (git-fixes). - blk-mq: add number of queue calc helper (bsc#1236897). - blk-mq: create correct map for fallback case (bsc#1236896). - blk-mq: do not count completed flush data request as inflight in case of quiesce (git-fixes). - blk-mq: introduce blk_mq_map_hw_queues (bsc#1236896). - blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1236897). - blk-mq: Make blk_mq_quiesce_tagset() hold the tag list mutex less long (git-fixes). - blk-mq: move cpuhp callback registering out of q->sysfs_lock (git-fixes). - blk-mq: register cpuhp callback after hctx is added to xarray table (git-fixes). - blk-mq: use hk cpus only when isolcpus=managed_irq is enabled (bsc#1236897). - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (git-fixes). - block: add a disk_has_partscan helper (git-fixes). - block: add a partscan sysfs attribute for disks (git-fixes). - block: add check of 'minors' and 'first_minor' in device_add_disk() (git-fixes). - block: avoid to reuse `hctx` not removed from cpuhp callback list (git-fixes). - block: change rq_integrity_vec to respect the iterator (git-fixes). - block: Clear zone limits for a non-zoned stacked queue (git-fixes). - block: copy back bounce buffer to user-space correctly in case of split (git-fixes). - block: ensure we hold a queue reference when using queue limits (git-fixes). - block: fix and simplify blkdevparts= cmdline parsing (git-fixes). - block: fix bio_split_rw_at to take zone_write_granularity into account (git-fixes). - block: Fix elevator_get_default() checking for NULL q->tag_set (git-fixes). - block: fix integer overflow in BLKSECDISCARD (git-fixes). - block: Fix lockdep warning in blk_mq_mark_tag_wait (git-fixes). - block: fix missing dispatching request when queue is started or unquiesced (git-fixes). - block: fix ordering between checking BLK_MQ_S_STOPPED request adding (git-fixes). - block: fix ordering between checking QUEUE_FLAG_QUIESCED request adding (git-fixes). - block: Fix page refcounts for unaligned buffers in __bio_release_pages() (git-fixes). - block: fix sanity checks in blk_rq_map_user_bvec (git-fixes). - block: propagate partition scanning errors to the BLKRRPART ioctl (git-fixes). - block: Provide bdev_open_* functions (git-fixes). - block: Remove special-casing of compound pages (git-fixes). - block: remove the blk_flush_integrity call in blk_integrity_unregister (git-fixes). - block: retry call probe after request_module in blk_request_module (git-fixes). - block: return unsigned int from bdev_io_min (git-fixes). - block: sed-opal: avoid possible wrong address reference in read_sed_opal_key() (git-fixes). - block: Set memalloc_noio to false on device_add_disk() error path (git-fixes). - block: support to account io_ticks precisely (git-fixes). - block: use the right type for stub rq_integrity_vec() (git-fixes). - bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected() (git-fixes). - bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name() (git-fixes). - bluetooth: btusb: Initialize .owner field of force_poll_sync_fops (git-fixes). - bluetooth: L2CAP: Fix L2CAP_ECRED_CONN_RSP response (git-fixes). - bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (stable-fixes). - bnxt_en: Fix possible memory leak when hwrm_req_replace fails (git-fixes). - bnxt_en: Refactor bnxt_ptp_init() (git-fixes). - bnxt_en: Unregister PTP during PCI shutdown and suspend (git-fixes). - btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1237232). - btrfs: fix extent map merging not happening for adjacent extents (bsc#1237232). - can: c_can: fix unbalanced runtime PM disable in error path (git-fixes). - can: ctucanfd: handle skb allocation failure (git-fixes). - can: etas_es58x: fix potential NULL pointer dereference on udev->serial (git-fixes). - can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero (git-fixes). - chelsio/chtls: prevent potential integer overflow on 32bit (git-fixes). - cifs: commands that are retried should have replay flag set (bsc#1231432). - cifs: Fix parsing reparse point with native symlink in SMB1 non-UNICODE session (git-fixes). - cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (bsc#1231432). - cifs: helper function to check replayable error codes (bsc#1231432). - cifs: new mount option called retrans (bsc#1231432). - cifs: open_cached_dir should not rely on primary channel (bsc#1231432). - cifs: open_cached_dir(): add FILE_READ_EA to desired access (git-fixes). - cifs: Remove intermediate object of failed create reparse call (git-fixes). - cifs: update desired access while requesting for directory lease (git-fixes). - cifs: update the same create_guid on replay (git-fixes). - clk: mediatek: mt2701-aud: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: mediatek: mt2701-bdp: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-img: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-mm: add missing dummy clk (git-fixes). - clk: mediatek: mt2701-vdec: fix conversion to mtk_clk_simple_probe (git-fixes). - clk: qcom: clk-alpha-pll: fix alpha mode configuration (git-fixes). - clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate (git-fixes). - clk: qcom: dispcc-sm6350: Add missing parent_map for a clock (git-fixes). - clk: qcom: gcc-mdm9607: Fix cmd_rcgr offset for blsp1_uart6 rcg (git-fixes). - clk: qcom: gcc-sm6350: Add missing parent_map for two clocks (git-fixes). - clk: qcom: gcc-sm8550: Do not turn off PCIe GDSCs during gdsc_disable() (git-fixes). - clk: sunxi-ng: a100: enable MMC clock reparenting (git-fixes). - cpu/hotplug: Do not offline the last non-isolated CPU (bsc#1237562). - cpu/hotplug: Prevent self deadlock on CPU hot-unplug (bsc#1237562). - cpufreq: imx6q: Do not disable 792 Mhz OPP unnecessarily (git-fixes). - cpufreq: imx6q: do not warn for disabling a non-existing frequency (git-fixes). - cpufreq: mediatek-hw: Do not error out if supply is not found (git-fixes). - cpufreq: mediatek-hw: Wait for CPU supplies before probing (git-fixes). - cpufreq: qcom-nvmem: add support for IPQ8064 (git-fixes). - cpufreq: qcom-nvmem: drop pvs_ver for format a fuses (git-fixes). - cpufreq: qcom-nvmem: Enable virtual power domain devices (git-fixes). - cpufreq: qcom-nvmem: fix memory leaks in probe error paths (git-fixes). - cpufreq: qcom-nvmem: Simplify driver data allocation (stable-fixes). - cpufreq: qcom-nvmem: use helper to get SMEM SoC ID (git-fixes). - cpufreq: qcom-nvmem: use SoC ID-s from bindings (git-fixes). - cpufreq: qcom: Fix qcom_cpufreq_hw_recalc_rate() to query LUT if LMh IRQ is not available (git-fixes). - cpufreq: qcom: Implement clk_ops::determine_rate() for qcom_cpufreq* clocks (git-fixes). - cpufreq: s3c64xx: Fix compilation warning (stable-fixes). - crypto: hisilicon/sec2 - fix for aead icv error (git-fixes). - crypto: hisilicon/sec2 - fix for aead invalid authsize (git-fixes). - crypto: hisilicon/sec2 - optimize the error return process (stable-fixes). - cxgb4: Avoid removal of uninserted tid (git-fixes). - cxgb4: use port number to set mac addr (git-fixes). - devlink: avoid potential loop in devlink_rel_nested_in_notify_work() (bsc#1237234). - dlm: fix srcu_read_lock() return type to int (git-fixes). - doc: update managed_irq documentation (bsc#1236897). - driver core: bus: add irq_get_affinity callback to bus_type (bsc#1236896). - drm/amd/display: Fix Mode Cutoff in DSC Passthrough to DP2.1 Monitor (stable-fixes). - drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params (git-fixes). - drm/amd/pm: Mark MM activity as unsupported (stable-fixes). - drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (stable-fixes). - drm/amdgpu: bail out when failed to load fw in psp_init_cap_microcode() (git-fixes). - drm/amdgpu: disable BAR resize on Dell G5 SE (git-fixes). - drm/amdgpu: fix UVD contiguous CS mapping problem (bsc#1236759). - drm/amdkfd: only flush the validate MES contex (stable-fixes). - drm/bridge: it6505: Change definition MAX_HDCP_DOWN_STREAM_COUNT (stable-fixes). - drm/bridge: it6505: fix HDCP Bstatus check (stable-fixes). - drm/bridge: it6505: fix HDCP CTS compare V matching (stable-fixes). - drm/bridge: it6505: fix HDCP CTS KSV list wait timer (stable-fixes). - drm/bridge: it6505: fix HDCP encryption when R0 ready (stable-fixes). - drm/i915: Drop 64bpp YUV formats from ICL+ SDR planes (stable-fixes). - drm/i915: Fix page cleanup on DMA remap failure (git-fixes). - drm/i915: Make sure all planes in use by the joiner have their crtc included (stable-fixes). - drm/i915/dp: Fix error handling during 128b/132b link training (stable-fixes). - drm/i915/dp: Iterate DSC BPP from high to low on all platforms (git-fixes). - drm/i915/guc: Debug print LRC state entries only if the context is pinned (git-fixes). - drm/i915/pmu: Fix zero delta busyness issue (git-fixes). - drm/i915/selftests: avoid using uninitialized context (git-fixes). - drm/komeda: Add check for komeda_get_layer_fourcc_list() (git-fixes). - drm/mgag200: Added support for the new device G200eH5 (jsc#PED-12094) - drm/modeset: Handle tiled displays in pan_display_atomic (stable-fixes). - drm/msm: Avoid rounding up to one jiffy (git-fixes). - drm/msm/dpu: Disable dither in phys encoder cleanup (git-fixes). - drm/msm/dpu: Do not leak bits_per_component into random DSC_ENC fields (git-fixes). - drm/msm/gem: Demote userspace errors to DRM_UT_DRIVER (stable-fixes). - drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (git-fixes). - drm/nouveau/pmu: Fix gp10b firmware guard (git-fixes). - drm/rockchip: move output interface related definition to rockchip_drm_drv.h (stable-fixes). - drm/rockchip: vop2: Fix the windows switch between different layers (git-fixes). - drm/rockchip: vop2: include rockchip_drm_drv.h (git-fixes). - drm/rockchip: vop2: set bg dly and prescan dly at vop2_post_config (stable-fixes). - drm/rockchip: vop2: Set YUV/RGB overlay mode (stable-fixes). - drm/sched: Fix preprocessor guard (git-fixes). - drm/virtio: New fence for every plane update (stable-fixes). - efi: Avoid cold plugged memory for placing the kernel (stable-fixes). - efi: libstub: Use '-std=gnu11' to fix build with GCC 15 (stable-fixes). - eth: gve: use appropriate helper to set xdp_features (git-fixes). - exfat: convert to ctime accessor functions (git-fixes). - exfat: do not zero the extended part (bsc#1237356). - exfat: fix appending discontinuous clusters to empty file (bsc#1237356). - exfat: fix file being changed by unaligned direct write (git-fixes). - exfat: fix timing of synchronizing bitmap and inode (bsc#1237356). - exfat: fix zero the unwritten part for dio read (git-fixes). - fbdev: omap: use threaded IRQ for LCD DMA (stable-fixes). - firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry (git-fixes). - Fix conditional for selecting gcc-13 - Fix conditional for selecting gcc-13. - Fix memory-hotplug regression (bsc#1237504) - futex: Do not include process MM in futex key on no-MMU (git-fixes). - gpio: bcm-kona: Add missing newline to dev_err format string (git-fixes). - gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 (git-fixes). - gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ (git-fixes). - gpio: pca953x: Improve interrupt support (git-fixes). - gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock (git-fixes). - gpiolib: acpi: Add a quirk for Acer Nitro ANV14 (stable-fixes). - gpu: drm_dp_cec: fix broken CEC adapter properties check (git-fixes). - Grab mm lock before grabbing pt lock (git-fixes). - gup: make the stack expansion warning a bit more targeted (bsc#1238214). - hfs: Sanity check the root record (git-fixes). - hid: hid-steam: Add Deck IMU support (stable-fixes). - hid: hid-steam: Add gamepad-only mode switched to by holding options (stable-fixes). - hid: hid-steam: Avoid overwriting smoothing parameter (stable-fixes). - hid: hid-steam: Clean up locking (stable-fixes). - hid: hid-steam: Disable watchdog instead of using a heartbeat (stable-fixes). - hid: hid-steam: Do not use cancel_delayed_work_sync in IRQ context (git-fixes). - hid: hid-steam: Fix cleanup in probe() (git-fixes). - hid: hid-steam: Make sure rumble work is canceled on removal (stable-fixes). - hid: hid-steam: Move hidraw input (un)registering to work (git-fixes). - hid: hid-steam: remove pointless error message (stable-fixes). - hid: hid-steam: Update list of identifiers from SDL (stable-fixes). - hid: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() (git-fixes). - hid: multitouch: Add NULL check in mt_input_configured (git-fixes). - hid: Wacom: Add PCI Wacom device support (stable-fixes). - i2c: Force ELAN06FA touchpad I2C bus freq to 100KHz (stable-fixes). - i2c: ls2x: Fix frequency division register access (git-fixes). - i2c: npcm: disable interrupt enable bit before devm_request_irq (git-fixes). - iavf: allow changing VLAN state without calling PF (git-fixes). - IB/mlx5: Set and get correct qp_num for a DCT QP (git-fixes) - ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1237415). - ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1237415). - ice: check ICE_VSI_DOWN under rtnl_lock when preparing for reset (git-fixes). - ice: fix incorrect PHY settings for 100 GB/s (git-fixes). - ice: fix max values for dpll pin phase adjust (git-fixes). - ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1237415). - ice: gather page_count()'s of each frag right before XDP prog call (git-fixes). - ice: pass VSI pointer into ice_vc_isvalid_q_id (bsc#1237848 bsc#1230497). - ice: put Rx buffers after being done with current frame (git-fixes). - ice: Skip PTP HW writes during PTP reset procedure (git-fixes). - ice: stop storing XDP verdict within ice_rx_buf (git-fixes). - ice: use internal pf id instead of function number (git-fixes). - idpf: add read memory barrier when checking descriptor done bit (git-fixes). - idpf: call set_real_num_queues in idpf_open (bsc#1236661). - idpf: convert workqueues to unbound (git-fixes). - idpf: fix handling rsc packet with a single segment (git-fixes). - idpf: fix VF dynamic interrupt ctl register initialization (git-fixes). - igc: Fix HW RX timestamp when passed by ZC XDP (git-fixes). - igc: return early when failing to read EECD register (git-fixes). - igc: Set buffer type for empty frames in igc_init_empty_frame (git-fixes). - initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521). - Input: allocate keycode for phone linking (stable-fixes). - iommu/arm-smmu-v3: Clean up more on probe failure (stable-fixes). - kabi: fix bus type (bsc#1236896). - kabi: fix group_cpus_evenly (bsc#1236897). - kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749). - kasan: do not call find_vm_area() in a PREEMPT_RT kernel (git-fixes). - kbuild: userprogs: fix bitsize and target detection on clang (git-fixes). - kernel-source: Also replace bin/env - kvm: arm64: Do not eagerly teardown the vgic on init error (git-fixes). - kvm: arm64: Ensure vgic_ready() is ordered against MMIO registration (git-fixes). - kvm: arm64: Fix alignment of kvm_hyp_memcache allocations (git-fixes). - kvm: arm64: Flush hyp bss section after initialization of variables in bss (git-fixes). - kvm: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state (git-fixes) - kvm: arm64: vgic-v3: Sanitise guest writes to GICR_INVLPIR (git-fixes). - kvm: nSVM: Enter guest mode before initializing nested NPT MMU (git-fixes). - kvm: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes). - kvm: nVMX: Treat vpid01 as current if L2 is active, but with VPID disabled (jsc#PED-348 git-fixes). - kvm: s390: vsie: fix some corner-cases when grabbing vsie pages (git-fixes bsc#1237155). - kvm: VMX: Allow toggling bits in MSR_IA32_RTIT_CTL when enable bit is cleared (git-fixes). - kvm: VMX: Fix comment of handle_vmx_instruction() (git-fixes). - kvm: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes). - kvm: VMX: reset the segment cache after segment init in vmx_vcpu_reset() (jsc#PED-348 git-fixes). - kvm: x86: Account for KVM-reserved CR4 bits when passing through CR4 on VMX (git-fixes). - kvm: x86: Advertise SRSO_USER_KERNEL_NO to userspace (git-fixes). - kvm: x86: AMD's IBPB is not equivalent to Intel's IBPB (git-fixes). - kvm: x86: Avoid double RDPKRU when loading host/guest PKRU (git-fixes). - kvm: x86: Cache CPUID.0xD XSTATE offsets+sizes during module init (git-fixes). - kvm: x86: Fix a comment inside __kvm_set_or_clear_apicv_inhibit() (git-fixes). - kvm: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (git-fixes). - kvm: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348). - kvm: x86: Unconditionally set irr_pending when updating APICv state (jsc#PED-348). - kvm: x86: Zero out PV features cache when the CPUID leaf is not present (git-fixes). - kvm: x86/mmu: Skip the 'try unsync' path iff the old SPTE was a leaf SPTE (git-fixes). - lib: stackinit: hide never-taken branch from compiler (stable-fixes). - lib/group_cpus: honor housekeeping config when grouping CPUs (bsc#1236897). - lib/group_cpus: let group_cpu_evenly return number initialized masks (bsc#1236897). - lib/iov_iter: fix import_iovec_ubuf iovec management (git-fixes). - lockdep: fix deadlock issue between lockdep and rcu (git-fixes). - lockdep: Fix upper limit for LOCKDEP_*_BITS configs (stable-fixes). - locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass() (git-fixes). - locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers (git-fixes). - loop: do not set QUEUE_FLAG_NOMERGES (git-fixes). - md: convert comma to semicolon (git-fixes). - md: Do not flush sync_work in md_write_start() (git-fixes). - md/md-bitmap: add 'sync_size' into struct md_bitmap_stats (git-fixes). - md/md-bitmap: Add missing destroy_work_on_stack() (git-fixes). - md/md-bitmap: replace md_bitmap_status() with a new helper md_bitmap_get_stats() (git-fixes). - md/md-cluster: fix spares warnings for __le64 (git-fixes). - md/raid0: do not free conf on raid0_run failure (git-fixes). - md/raid1: do not free conf on raid0_run failure (git-fixes). - md/raid5: Wait sync io to finish before changing group cnt (git-fixes). - media: cxd2841er: fix 64-bit division on gcc-9 (stable-fixes). - media: uvcvideo: Add Kurokesu C1 PRO camera (stable-fixes). - media: uvcvideo: Add new quirk definition for the Sonix Technology Co. 292a camera (stable-fixes). - media: uvcvideo: Implement dual stream quirk to fix loss of usb packets (stable-fixes). - media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread (stable-fixes). - mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id (stable-fixes). - mm: hugetlb: Add huge page size param to huge_ptep_get_and_clear() (git-fixes) - mmc: core: Respect quirk_max_rate for non-UHS SDIO card (stable-fixes). - mmc: mtk-sd: Fix register settings for hs400(es) mode (git-fixes). - mmc: sdhci-msm: Correctly set the load for the regulator (stable-fixes). - Move upstreamed ACPI patch into sorted section - mptcp: export local_address (git-fixes) - mptcp: fix data races on local_id (git-fixes) - mptcp: fix inconsistent state on fastopen race (bsc#1222672). - mptcp: fix NL PM announced address accounting (git-fixes) - mptcp: fix recvbuffer adjust on sleeping rcvmsg (git-fixes) - mptcp: fully established after ADD_ADDR echo on MPJ (git-fixes) - mptcp: pass addr to mptcp_pm_alloc_anno_list (git-fixes) - mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR (git-fixes) - mptcp: pm: deny endp with signal + subflow + port (git-fixes) - mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set (git-fixes) - mptcp: pm: do not try to create sf if alloc failed (git-fixes) - mptcp: pm: fullmesh: select the right ID later (git-fixes) - mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID (git-fixes) - mptcp: pm: only in-kernel cannot have entries with ID 0 (git-fixes) - mptcp: pm: re-using ID of unused flushed subflows (git-fixes) - mptcp: pm: re-using ID of unused removed ADD_ADDR (git-fixes) - mptcp: pm: re-using ID of unused removed subflows (git-fixes) - mptcp: pm: reduce indentation blocks (git-fixes) - mptcp: pm: remove mptcp_pm_remove_subflow (git-fixes) - mptcp: unify pm get_flags_and_ifindex_by_id (git-fixes) - mptcp: unify pm get_local_id interfaces (git-fixes) - mptcp: unify pm set_flags interfaces (git-fixes) - mtd: rawnand: cadence: fix error code in cadence_nand_init() (git-fixes). - mtd: rawnand: cadence: fix incorrect device in dma_unmap_single (git-fixes). - mtd: rawnand: cadence: fix unchecked dereference (git-fixes). - mtd: rawnand: cadence: use dma_map_resource for sdma address (git-fixes). - nbd: do not allow reconnect after disconnect (git-fixes). - nbd: Fix signal handling (git-fixes). - nbd: Improve the documentation of the locking assumptions (git-fixes). - net: avoid UAF on deleted altname (bsc#1233749). - net: check for altname conflicts when changing netdev's netns (bsc#1233749). - net: core: Use the bitmap API to allocate bitmaps (bsc#1233749). - net: do not send a MOVE event when netdev changes netns (bsc#1233749). - net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749). - net: fix ifname in netlink ntf during netns move (bsc#1233749). - net: fix removing a namespace with conflicting altnames (bsc#1233749). - net: Fix undefined behavior in netdev name allocation (bsc#1233749). - net: free altname using an RCU callback (bsc#1233749). - net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749). - net: move altnames together with the netdevice (bsc#1233749). - net: reduce indentation of __dev_alloc_name() (bsc#1233749). - net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749). - net: remove else after return in dev_prep_valid_name() (bsc#1233749). - net: rose: lock the socket in rose_bind() (git-fixes). - net: sfc: Correct key_len for efx_tc_ct_zone_ht_params (git-fixes). - net: smc: fix spurious error message from __sock_release() (bsc#1237126). - net: trust the bitmap in __dev_alloc_name() (bsc#1233749). - net: wwan: iosm: Fix hibernation by re-binding the driver around it (stable-fixes). - net/mlx5: Correct TASR typo into TSAR (git-fixes). - net/mlx5: Fix msix vectors to respect platform limit (bsc#1225981). - net/mlx5: Fix RDMA TX steering prio (git-fixes). - net/mlx5: SF, Fix add port error handling (git-fixes). - net/mlx5: Verify support for scheduling element and TSAR type (git-fixes). - net/mlx5e: Always start IPsec sequence number from 1 (git-fixes). - net/mlx5e: macsec: Maintain TX SA from encoding_sa (git-fixes). - net/mlx5e: Rely on reqid in IPsec tunnel mode (git-fixes). - net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (bsc#1236994). - nouveau/svm: fix missing folio unlock + put after make_device_exclusive_range() (git-fixes). - null_blk: Do not allow runt zone with zone capacity smaller then zone size (git-fixes). - null_blk: do not cap max_hw_sectors to BLK_DEF_MAX_SECTORS (git-fixes). - null_blk: Fix missing mutex_destroy() at module removal (git-fixes). - null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (git-fixes). - null_blk: fix validation of block size (git-fixes). - null_blk: Print correct max open zones limit in null_init_zoned_dev() (git-fixes). - null_blk: Remove usage of the deprecated ida_simple_xx() API (git-fixes). - nvme-fc: use ctrl state getter (git-fixes). - nvme-pci: Add TUXEDO IBP Gen9 to Samsung sleep quirk (git-fixes). - nvme-pci: Add TUXEDO InfinityFlex to Samsung sleep quirk (git-fixes). - nvme-pci: use block layer helpers to calculate num of queues (bsc#1236897). - nvme-tcp: fix connect failure on receiving partial ICResp PDU (git-fixes). - nvme: handle connectivity loss in nvme_set_queue_count (git-fixes). - nvme: make nvme_tls_attrs_group static (git-fixes). - nvme: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - nvme: tcp: Fix compilation warning with W=1 (git-fixes). - nvme/ioctl: add missing space in err message (git-fixes). - nvmet: Fix crash when a namespace is disabled (git-fixes). - ocfs2: fix incorrect CPU endianness conversion causing mount failure (bsc#1236138). - packaging: Turn gcc version into config.sh variable. - padata: Clean up in padata_do_multithreaded() (bsc#1237563). - padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563). - partitions: ldm: remove the initial kernel-doc notation (git-fixes). - PCI: hookup irq_get_affinity callback (bsc#1236896). - PCI: imx6: Simplify clock handling by using clk_bulk*() function (git-fixes). - PCI: switchtec: Add Microchip PCI100X device IDs (stable-fixes). - PCI: Use downstream bridges for distributing resources (bsc#1237325). - PCI/DPC: Quirk PIO log size for Intel Raptor Lake-P (stable-fixes). - phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk (git-fixes). - phy: rockchip: naneng-combphy: compatible reset with old DT (git-fixes). - phy: tegra: xusb: reset VBUS & ID OVERRIDE (git-fixes). - Pickup RXE code change introduced by upstream merge - pinctrl: cy8c95x0: Respect IRQ trigger settings from firmware (git-fixes). - platform/x86: acer-wmi: Ignore AC events (stable-fixes). - platform/x86: int3472: Check for adev == NULL (stable-fixes). - platform/x86: ISST: Ignore minor version change (bsc#1237452). - platform/x86/intel-uncore-freq: Ignore minor version change (bsc#1237452). - platform/x86/intel-uncore-freq: Increase minor number support (bsc#1237452). - platform/x86/intel/tpmi: Add defines to get version information (bsc#1237452). - power: supply: da9150-fg: fix potential overflow (git-fixes). - powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline (bsc#1215199). - powerpc/64s/mm: Move __real_pte stubs into hash-4k.h (bsc#1215199). - powerpc/code-patching: Disable KASAN report during patching via temporary mm (bsc#1215199). - powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (bsc#1215199). - powerpc/pseries/iommu: Split Dynamic DMA Window to be used in Hybrid mode (ltc#210895 bsc#1235933 ltc#210896 bsc#1235932). - powerpc/trace: Add support for HAVE_FUNCTION_ARG_ACCESS_API (bsc#1236967 ltc#210988). - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (bsc#1237950). - rbd: do not assume rbd_is_lock_owner() for exclusive mappings (git-fixes). - rbd: do not assume RBD_LOCK_STATE_LOCKED for exclusive mappings (git-fixes). - rbd: do not move requests to the running list on errors (git-fixes). - rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (git-fixes). - RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers (git-fixes) - RDMA/bnxt_re: Fix the statistics for Gen P7 VF (git-fixes) - RDMA/efa: Reset device on probe failure (git-fixes) - RDMA/hns: Fix mbox timing out by adding retry mechanism (git-fixes) - RDMA/mana_ib: Allocate PAGE aligned doorbell index (git-fixes). - RDMA/mlx5: Fix a race for DMABUF MR which can lead to CQE with error (git-fixes) - RDMA/mlx5: Fix a WARN during dereg_mr for DM type (git-fixes) - RDMA/mlx5: Fix AH static rate parsing (git-fixes) - RDMA/mlx5: Fix bind QP error cleanup flow (git-fixes) - RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes) - RDMA/mlx5: Fix the recovery flow of the UMR QP (git-fixes) - RDMA/rxe: Improve newline in printing messages (git-fixes) - regmap-irq: Add missing kfree() (git-fixes). - Revert 'blk-throttle: Fix IO hang for a corner case' (git-fixes). - Revert 'drm/amd/display: Use HW lock mgr for PSR1' (stable-fixes). - rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303) - rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570) - s390/cio: rename bitmap_size() -> idset_bitmap_size() (git-fixes bsc#1236205). - s390/futex: Fix FUTEX_OP_ANDN implementation (git-fixes bsc#1237158). - s390/iucv: fix receive buffer virtual vs physical address confusion (git-fixes bsc#1236200). - s390/pci: Fix handling of isolated VFs (git-fixes bsc#1238368). - s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (bsc#1236752). - s390/pci: Fix SR-IOV for PFs initially in standby (git-fixes bsc#1236752). - s390/pci: Ignore RID for isolated VFs (bsc#1236752). - s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (git-fixes bsc#1238368). - s390/pci: Sort PCI functions prior to creating virtual busses (bsc#1236752). - s390/pci: Use topology ID for multi-function devices (bsc#1236752). - s390/smp,mcck: fix early IPI handling (git-fixes bsc#1236199). - s390/topology: Improve topology detection (bsc#1236591). - s390/vfio-ap: Remove gmap_convert_to_secure() from vfio_ap_ops (git-fixes bsc#1236203). - scripts/gdb: fix aarch64 userspace detection in get_current_task (stable-fixes). - scsi: core: Clear driver private data when retrying request (git-fixes). - scsi: core: Do not retry I/Os during depopulation (git-fixes). - scsi: core: Handle depopulation and restoration in progress (git-fixes). - scsi: hisi_sas: Allocate DFX memory during dump trigger (git-fixes). - scsi: hisi_sas: Directly call register snapshot instead of using workqueue (git-fixes). - scsi: hisi_sas: Enable all PHYs that are not disabled by user during controller reset (git-fixes). - scsi: hisi_sas: Fix a deadlock issue related to automatic dump (git-fixes). - scsi: hisi_sas: Remove redundant checks for automatic debugfs dump (git-fixes). - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (git-fixes). - scsi: lpfc: Copyright updates for 14.4.0.8 patches (bsc#1238347). - scsi: lpfc: Free phba irq in lpfc_sli4_enable_msi() when pci_irq_vector() fails (bsc#1238347). - scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine (bsc#1238347). - scsi: lpfc: Ignore ndlp rport mismatch in dev_loss_tmo callbk (bsc#1238347). - scsi: lpfc: Reduce log message generation during ELS ring clean up (bsc#1238347). - scsi: lpfc: Update lpfc version to 14.4.0.8 (bsc#1238347). - scsi: megaraid_sas: Fix for a potential deadlock (git-fixes). - scsi: mpi3mr: Fix possible crash when setting up bsg fails (git-fixes). - scsi: mpi3mr: Start controller indexing from 0 (git-fixes). - scsi: mpi3mr: Use ida to manage mrioc ID (git-fixes). - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253). - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (jsc#PED-11253). - scsi: myrb: Remove dead code (git-fixes). - scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes). - scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (git-fixes). - scsi: replace blk_mq_pci_map_queues with blk_mq_map_hw_queues (bsc#1236896). - scsi: scsi_debug: Fix hrtimer support for ndelay (git-fixes). - scsi: sg: Enable runtime power management (git-fixes). - scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (git-fixes). - scsi: st: Do not modify unknown block number in MTIOCGET (git-fixes). - scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes). - scsi: use block layer helpers to calculate num of queues (bsc#1236897). - selftest: hugetlb_dio: fix test naming (git-fixes). - selftest: mm: Test if hugepage does not get leaked during __bio_release_pages() (git-fixes). - selftests: gpio: gpio-sim: Fix missing chip disablements (stable-fixes). - selftests: hugetlb_dio: check for initial conditions to skip in the start (git-fixes). - selftests: hugetlb_dio: fixup check for initial conditions to skip in the start (git-fixes). - selftests: mptcp: connect: -f: no reconnect (git-fixes). - selftests: rtnetlink: update netdevsim ipsec output format (stable-fixes). - selftests/futex: pass _GNU_SOURCE without a value to the compiler (git-fixes). - selftests/net/ipsec: Fix Null pointer dereference in rtattr_pack() (stable-fixes). - serial: 8250: Fix fifo underflow on flush (git-fixes). - serial: sc16is7xx: use device_property APIs when configuring irda mode (stable-fixes). - smb: cached directories can be more than root file handle (bsc#1231432). - smb: cilent: set reparse mount points as automounts (git-fixes). - smb: client: add support for WSL reparse points (git-fixes). - smb: client: allow creating special files via reparse points (git-fixes). - smb: client: allow creating symlinks via reparse points (git-fixes). - smb: client: cleanup smb2_query_reparse_point() (git-fixes). - smb: client: do not query reparse points twice on symlinks (git-fixes). - smb: client: extend smb2_compound_op() to accept more commands (bsc#1231432). - smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() (git-fixes). - smb: client: fix corruption in cifs_extend_writeback (bsc#1235609). - smb: client: fix double put of @cfile in smb2_rename_path() (git-fixes). - smb: client: fix double put of @cfile in smb2_set_path_size() (git-fixes). - smb: client: fix hardlinking of reparse points (git-fixes). - smb: client: Fix minor whitespace errors and warnings (git-fixes). - smb: client: fix missing mode bits for SMB symlinks (git-fixes). - smb: client: Fix netns refcount imbalance causing leaks and use-after-free (git-fixes). - smb: client: fix OOB in SMB2_query_info_init() (bsc#1231432). - smb: client: fix OOB in smb2_query_reparse_point() (git-fixes). - smb: client: fix possible double free in smb2_set_ea() (git-fixes). - smb: client: fix potential broken compound request (git-fixes). - smb: client: fix renaming of reparse points (git-fixes). - smb: client: get rid of smb311_posix_query_path_info() (git-fixes). - smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (git-fixes). - smb: client: handle path separator of created SMB symlinks (git-fixes). - smb: client: handle special files and symlinks in SMB3 POSIX (git-fixes). - smb: client: handle STATUS_IO_REPARSE_TAG_NOT_HANDLED (git-fixes). - smb: client: ignore unhandled reparse tags (git-fixes). - smb: client: implement ->query_reparse_point() for SMB1 (git-fixes). - smb: client: instantiate when creating SFU files (git-fixes). - smb: client: introduce ->parse_reparse_point() (git-fixes). - smb: client: introduce cifs_sfu_make_node() (git-fixes). - smb: client: introduce reparse mount option (git-fixes). - smb: client: introduce SMB2_OP_QUERY_WSL_EA (git-fixes). - smb: client: make smb2_compound_op() return resp buffer on success (bsc#1231432). - smb: client: move most of reparse point handling code to common file (git-fixes). - smb: client: move some params to cifs_open_info_data (bsc#1231432). - smb: client: optimise reparse point querying (git-fixes). - smb: client: parse owner/group when creating reparse points (git-fixes). - smb: client: parse reparse point flag in create response (bsc#1231432). - smb: client: parse uid, gid, mode and dev from WSL reparse points (git-fixes). - smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896). - smb: client: reduce number of parameters in smb2_compound_op() (git-fixes). - smb: client: reduce stack usage in smb2_query_info_compound() (bsc#1231432). - smb: client: reduce stack usage in smb2_query_reparse_point() (git-fixes). - smb: client: reduce stack usage in smb2_set_ea() (bsc#1231432). - smb: client: retry compound request without reusing lease (git-fixes). - smb: client: return reparse type in /proc/mounts (git-fixes). - smb: client: reuse file lease key in compound operations (git-fixes). - smb: client: set correct d_type for reparse DFS/DFSR and mount point (git-fixes). - smb: client: set correct file type from NFS reparse points (git-fixes). - smb: client: stop revalidating reparse points unnecessarily (git-fixes). - smb: use kernel_connect() and kernel_bind() (git-fixes). - smb3: fix creating FIFOs when mounting with 'sfu' mount option (git-fixes). - smb3: request handle caching when caching directories (bsc#1231432). - smb3: retrying on failed server close (bsc#1231432). - soc: loongson: loongson2_guts: Add check for devm_kstrdup() (git-fixes). - soc: mediatek: mtk-devapc: Fix leaking IO map on driver remove (git-fixes). - soc: qcom: smem: introduce qcom_smem_get_soc_id() (git-fixes). - soc: qcom: socinfo: move SMEM item struct and defines to a header (git-fixes). - soc/mediatek: mtk-devapc: Convert to platform remove callback returning void (stable-fixes). - soc/tegra: fuse: Update Tegra234 nvmem keepout list (stable-fixes). - spi: atmel-qspi: Memory barriers after memory-mapped I/O (git-fixes). - spi: atmel-quadspi: Create `atmel_qspi_ops` to support newer SoC families (stable-fixes). - spi: sn-f-ospi: Fix division by zero (git-fixes). - tg3: Disable tg3 PCIe AER on system reboot (bsc#1219367). - tomoyo: do not emit warning in tomoyo_write_control() (stable-fixes). - tools: fix annoying 'mkdir -p ...' logs when building tools in parallel (git-fixes). - ublk: fix error code for unsupported command (git-fixes). - ublk: fix ublk_ch_mmap() for 64K page size (git-fixes). - ublk: move ublk_cancel_dev() out of ub->mutex (git-fixes). - ublk: move zone report data out of request pdu (git-fixes). - usb: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone (stable-fixes). - usb: cdc-acm: Check control transfer buffer size before access (git-fixes). - usb: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk (git-fixes). - usb: cdc-acm: Fix handling of oversized fragments (git-fixes). - usb: core: fix pipe creation for get_bMaxPacketSize0 (git-fixes). - usb: dwc2: gadget: remove of_node reference upon udc_stop (git-fixes). - usb: dwc3: core: Defer the probe until USB power supply ready (git-fixes). - usb: dwc3: Fix timeout issue during controller enter/exit from halt state (git-fixes). - usb: Fix the issue of task recovery failure caused by USB status when S4 wakes up (git-fixes). - usb: gadget: core: flush gadget workqueue after device removal (git-fixes). - usb: gadget: f_midi: f_midi_complete to call queue_work (git-fixes). - usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (git-fixes). - usb: gadget: f_midi: Fixing wMaxPacketSize exceeded issue during MIDI bind retries (git-fixes). - usb: gadget: udc: renesas_usb3: Fix compiler warning (git-fixes). - usb: hub: Ignore non-compliant devices with too many configs or interfaces (stable-fixes). - usb: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI (stable-fixes). - usb: quirks: Add NO_LPM quirk for TOSHIBA TransMemory-Mx device (git-fixes). - usb: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist (stable-fixes). - usb: roles: set switch registered flag early on (git-fixes). - usb: serial: option: add MeiG Smart SLM828 (stable-fixes). - usb: serial: option: add Telit Cinterion FN990B compositions (stable-fixes). - usb: serial: option: drop MeiG Smart defines (stable-fixes). - usb: serial: option: fix Telit Cinterion FN990A name (stable-fixes). - usb: xhci: Fix NULL pointer dereference on certain command aborts (git-fixes). - usbnet: gl620a: fix endpoint checking in genelink_bind() (git-fixes). - usbnet: ipheth: document scope of NCM implementation (stable-fixes). - Use gcc-13 for build on SLE16 (jsc#PED-10028). - util_macros.h: fix/rework find_closest() macros (git-fixes). - vhost/net: Set num_buffers for virtio 1.0 (git-fixes). - virtio_blk: reverse request order in virtio_queue_rqs (git-fixes). - virtio: blk/scsi: replace blk_mq_virtio_map_queues with blk_mq_map_hw_queues (bsc#1236896). - virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1236897). - virtio: hookup irq_get_affinity callback (bsc#1236896). - wifi: ath12k: fix handling of 6 GHz rules (git-fixes). - wifi: brcmfmac: Check the return value of of_property_read_string_index() (stable-fixes). - wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (stable-fixes). - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (stable-fixes). - wifi: cfg80211: regulatory: improve invalid hints checking (git-fixes). - wifi: iwlwifi: avoid memory leak (stable-fixes). - wifi: iwlwifi: limit printed string from FW file (git-fixes). - wifi: iwlwifi: mvm: do not try to talk to a dead firmware (git-fixes). - wifi: mt76: connac: move mt7615_mcu_del_wtbl_all to connac (stable-fixes). - wifi: mt76: mt7915: fix omac index assignment after hardware reset (git-fixes). - wifi: mt76: mt7915: improve hardware restart reliability (stable-fixes). - wifi: mt76: mt7921u: Add VID/PID for TP-Link TXE50UH (stable-fixes). - wifi: nl80211: reject cooked mode if it is set along with other flags (git-fixes). - wifi: rtw88: sdio: Fix disconnection after beacon loss (stable-fixes). - wifi: rtw89: add crystal_cap check to avoid setting as overflow value (stable-fixes). - x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB (git-fixes). - x86/asm: Make serialize() always_inline (git-fixes). - x86/bugs: Add SRSO_USER_KERNEL_NO support (git-fixes). - x86/cpu: Add Lunar Lake to list of CPUs with a broken MONITOR implementation (git-fixes). - x86/cpu/kvm: SRSO: Fix possible missing IBPB on VM-Exit (git-fixes). - x86/mm: Carve out INVLPG inline asm for use by others (git-fixes). - x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes). - x86/xen: allow larger contiguous memory regions in PV guests (git-fixes). - x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes). - xen/swiotlb: relax alignment requirements (git-fixes). - xhci: dbgtty: remove kfifo_out() wrapper (git-fixes). - zram: clear IDLE flag after recompression (git-fixes). - zram: clear IDLE flag in mark_idle() (git-fixes). - zram: do not mark idle slots that cannot be idle (git-fixes). - zram: fix potential UAF of zram table (git-fixes). - zram: fix uninitialized ZRAM not releasing backing device (git-fixes). - zram: refuse to use zero sized block device as backing device (git-fixes). - zram: split memory-tracking and ac-time tracking (git-fixes). Important SUSE bug 1012628 SUSE bug 1215199 SUSE bug 1219367 SUSE bug 1222672 SUSE bug 1222803 SUSE bug 1225606 SUSE bug 1225742 SUSE bug 1225981 SUSE bug 1227937 SUSE bug 1228521 SUSE bug 1230235 SUSE bug 1230438 SUSE bug 1230439 SUSE bug 1230497 SUSE bug 1231432 SUSE bug 1231912 SUSE bug 1231920 SUSE bug 1231949 SUSE bug 1232159 SUSE bug 1232198 SUSE bug 1232201 SUSE bug 1232299 SUSE bug 1232508 SUSE bug 1232520 SUSE bug 1232919 SUSE bug 1233028 SUSE bug 1233109 SUSE bug 1233483 SUSE bug 1233749 SUSE bug 1234070 SUSE bug 1234853 SUSE bug 1234857 SUSE bug 1234891 SUSE bug 1234894 SUSE bug 1234895 SUSE bug 1234896 SUSE bug 1234963 SUSE bug 1235054 SUSE bug 1235061 SUSE bug 1235073 SUSE bug 1235435 SUSE bug 1235485 SUSE bug 1235592 SUSE bug 1235599 SUSE bug 1235609 SUSE bug 1235932 SUSE bug 1235933 SUSE bug 1236113 SUSE bug 1236114 SUSE bug 1236115 SUSE bug 1236122 SUSE bug 1236123 SUSE bug 1236133 SUSE bug 1236138 SUSE bug 1236199 SUSE bug 1236200 SUSE bug 1236203 SUSE bug 1236205 SUSE bug 1236573 SUSE bug 1236575 SUSE bug 1236576 SUSE bug 1236591 SUSE bug 1236661 SUSE bug 1236677 SUSE bug 1236681 SUSE bug 1236682 SUSE bug 1236684 SUSE bug 1236689 SUSE bug 1236700 SUSE bug 1236702 SUSE bug 1236752 SUSE bug 1236759 SUSE bug 1236821 SUSE bug 1236822 SUSE bug 1236896 SUSE bug 1236897 SUSE bug 1236952 SUSE bug 1236967 SUSE bug 1236994 SUSE bug 1237007 SUSE bug 1237017 SUSE bug 1237025 SUSE bug 1237028 SUSE bug 1237045 SUSE bug 1237126 SUSE bug 1237132 SUSE bug 1237139 SUSE bug 1237155 SUSE bug 1237158 SUSE bug 1237159 SUSE bug 1237232 SUSE bug 1237234 SUSE bug 1237325 SUSE bug 1237356 SUSE bug 1237415 SUSE bug 1237452 SUSE bug 1237504 SUSE bug 1237521 SUSE bug 1237558 SUSE bug 1237562 SUSE bug 1237563 SUSE bug 1237848 SUSE bug 1237849 SUSE bug 1237879 SUSE bug 1237889 SUSE bug 1237891 SUSE bug 1237901 SUSE bug 1237950 SUSE bug 1238214 SUSE bug 1238303 SUSE bug 1238347 SUSE bug 1238368 SUSE bug 1238509 SUSE bug 1238525 SUSE bug 1238570 SUSE bug 1238739 SUSE bug 1238751 SUSE bug 1238753 SUSE bug 1238759 SUSE bug 1238860 SUSE bug 1238863 SUSE bug 1238877 CVE-2023-52924 at SUSE CVE-2023-52924 at NVD CVE-2023-52925 at SUSE CVE-2023-52925 at NVD CVE-2024-26708 at SUSE CVE-2024-26708 at NVD CVE-2024-26810 at SUSE CVE-2024-26810 at NVD CVE-2024-40980 at SUSE CVE-2024-40980 at NVD CVE-2024-41055 at SUSE CVE-2024-41055 at NVD CVE-2024-44974 at SUSE CVE-2024-44974 at NVD CVE-2024-45009 at SUSE CVE-2024-45009 at NVD CVE-2024-45010 at SUSE CVE-2024-45010 at NVD CVE-2024-47701 at SUSE CVE-2024-47701 at NVD CVE-2024-49884 at SUSE CVE-2024-49884 at NVD CVE-2024-49950 at SUSE CVE-2024-49950 at NVD CVE-2024-50029 at SUSE CVE-2024-50029 at NVD CVE-2024-50036 at SUSE CVE-2024-50036 at NVD CVE-2024-50073 at SUSE CVE-2024-50073 at NVD CVE-2024-50085 at SUSE CVE-2024-50085 at NVD CVE-2024-50115 at SUSE CVE-2024-50115 at NVD CVE-2024-50142 at SUSE CVE-2024-50142 at NVD CVE-2024-50185 at SUSE CVE-2024-50185 at NVD CVE-2024-50294 at SUSE CVE-2024-50294 at NVD CVE-2024-53123 at SUSE CVE-2024-53123 at NVD CVE-2024-53147 at SUSE CVE-2024-53147 at NVD CVE-2024-53173 at SUSE CVE-2024-53173 at NVD CVE-2024-53176 at SUSE CVE-2024-53176 at NVD CVE-2024-53177 at SUSE CVE-2024-53177 at NVD CVE-2024-53178 at SUSE CVE-2024-53178 at NVD CVE-2024-53226 at SUSE CVE-2024-53226 at NVD CVE-2024-53239 at SUSE CVE-2024-53239 at NVD CVE-2024-56539 at SUSE CVE-2024-56539 at NVD CVE-2024-56548 at SUSE CVE-2024-56548 at NVD CVE-2024-56579 at SUSE CVE-2024-56579 at NVD CVE-2024-56605 at SUSE CVE-2024-56605 at NVD CVE-2024-56633 at SUSE CVE-2024-56633 at NVD CVE-2024-56647 at SUSE CVE-2024-56647 at NVD CVE-2024-56720 at SUSE CVE-2024-56720 at NVD CVE-2024-57889 at SUSE CVE-2024-57889 at NVD CVE-2024-57948 at SUSE CVE-2024-57948 at NVD CVE-2024-57994 at SUSE CVE-2024-57994 at NVD CVE-2025-21636 at SUSE CVE-2025-21636 at NVD CVE-2025-21637 at SUSE CVE-2025-21637 at NVD CVE-2025-21638 at SUSE CVE-2025-21638 at NVD CVE-2025-21639 at SUSE CVE-2025-21639 at NVD CVE-2025-21640 at SUSE CVE-2025-21640 at NVD CVE-2025-21647 at SUSE CVE-2025-21647 at NVD CVE-2025-21665 at SUSE CVE-2025-21665 at NVD CVE-2025-21667 at SUSE CVE-2025-21667 at NVD CVE-2025-21668 at SUSE CVE-2025-21668 at NVD CVE-2025-21673 at SUSE CVE-2025-21673 at NVD CVE-2025-21680 at SUSE CVE-2025-21680 at NVD CVE-2025-21681 at SUSE CVE-2025-21681 at NVD CVE-2025-21684 at SUSE CVE-2025-21684 at NVD CVE-2025-21687 at SUSE CVE-2025-21687 at NVD CVE-2025-21688 at SUSE CVE-2025-21688 at NVD CVE-2025-21689 at SUSE CVE-2025-21689 at NVD CVE-2025-21690 at SUSE CVE-2025-21690 at NVD CVE-2025-21692 at SUSE CVE-2025-21692 at NVD CVE-2025-21697 at SUSE CVE-2025-21697 at NVD CVE-2025-21699 at SUSE CVE-2025-21699 at NVD CVE-2025-21700 at SUSE CVE-2025-21700 at NVD CVE-2025-21705 at SUSE CVE-2025-21705 at NVD CVE-2025-21715 at SUSE CVE-2025-21715 at NVD CVE-2025-21716 at SUSE CVE-2025-21716 at NVD CVE-2025-21719 at SUSE CVE-2025-21719 at NVD CVE-2025-21724 at SUSE CVE-2025-21724 at NVD CVE-2025-21725 at SUSE CVE-2025-21725 at NVD CVE-2025-21728 at SUSE CVE-2025-21728 at NVD CVE-2025-21767 at SUSE CVE-2025-21767 at NVD CVE-2025-21790 at SUSE CVE-2025-21790 at NVD CVE-2025-21795 at SUSE CVE-2025-21795 at NVD CVE-2025-21799 at SUSE CVE-2025-21799 at NVD CVE-2025-21802 at SUSE CVE-2025-21802 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Jinja2 (Moderate) openSUSE Leap 15.6 This update for python-Jinja2 fixes the following issues: - CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method (bsc#1238879) Moderate SUSE bug 1238879 CVE-2025-27516 at SUSE CVE-2025-27516 at NVD cpe:/o:opensuse:leap:15.6 Security update for ffmpeg-4 (Important) openSUSE Leap 15.6 This update for ffmpeg-4 fixes the following issues: - CVE-2022-48434: Fixed use after free in libavcodec/pthread_frame.c (bsc#1209934) - CVE-2020-22021: Fixed Buffer Overflow vulnerability in filter_edges function in libavfilter/vf_yadif.c (bsc#1186586) Important SUSE bug 1186586 SUSE bug 1209934 SUSE bug 1215309 CVE-2020-22021 at SUSE CVE-2020-22021 at NVD CVE-2020-22046 at SUSE CVE-2020-22046 at NVD CVE-2022-48434 at SUSE CVE-2022-48434 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Django (Moderate) openSUSE Leap 15.6 This update for python-Django fixes the following issues: - CVE-2025-26699: Fixed potential denial-of-service in django.utils.text.wrap() (bsc#1239052). Moderate SUSE bug 1239052 CVE-2025-26699 at SUSE CVE-2025-26699 at NVD cpe:/o:opensuse:leap:15.6 Security update for webkit2gtk3 (Important) openSUSE Leap 15.6 This update for webkit2gtk3 fixes the following issues: - CVE-2025-24201: Fixed out-of-bounds write vulnerability due to that WebGL context primitive restart can be toggled from WebContent process (bsc#1239547). Important SUSE bug 1239547 CVE-2025-24201 at SUSE CVE-2025-24201 at NVD cpe:/o:opensuse:leap:15.6 Security update for libxml2 (Important) openSUSE Leap 15.6 This update for libxml2 fixes the following issues: - CVE-2024-56171: Fixed use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: Fixed stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: Fixed NULL Pointer Dereference in libxml2 xmlPatMatch (bsc#1237418). Important SUSE bug 1237363 SUSE bug 1237370 SUSE bug 1237418 CVE-2024-56171 at SUSE CVE-2024-56171 at NVD CVE-2025-24928 at SUSE CVE-2025-24928 at NVD CVE-2025-27113 at SUSE CVE-2025-27113 at NVD cpe:/o:opensuse:leap:15.6 Security update for wpa_supplicant (Moderate) openSUSE Leap 15.6 This update for wpa_supplicant fixes the following issues: - CVE-2025-24912: Fixed hostapd failing to process crafted RADIUS packets properly (bsc#1239461) Moderate SUSE bug 1239461 CVE-2025-24912 at SUSE CVE-2025-24912 at NVD cpe:/o:opensuse:leap:15.6 Security update for zvbi (Important) openSUSE Leap 15.6 This update for zvbi fixes the following issues: - CVE-2025-2173: Fixed check on src_length to avoid an unitinialized heap read (bsc#1239222). - CVE-2025-2174: Fixed integer overflow leading to heap overflow in src/conv.c, src/io-sim.c, src/search.c (bsc#1239299). - CVE-2025-2175: Fixed integer overflow in _vbi_strndup_iconv (bsc#1239312). - CVE-2025-2176: Fixed integer overflow in function vbi_capture_sim_load_caption in src/io-sim.c (bsc#1239319). - CVE-2025-2177: Fixed integer overflow in function vbi_search_new in src/search.c (bsc#1239320). Important SUSE bug 1239222 SUSE bug 1239299 SUSE bug 1239312 SUSE bug 1239319 SUSE bug 1239320 CVE-2025-2173 at SUSE CVE-2025-2173 at NVD CVE-2025-2174 at SUSE CVE-2025-2174 at NVD CVE-2025-2175 at SUSE CVE-2025-2175 at NVD CVE-2025-2176 at SUSE CVE-2025-2176 at NVD CVE-2025-2177 at SUSE CVE-2025-2177 at NVD cpe:/o:opensuse:leap:15.6 Security update for apptainer (Critical) openSUSE Leap 15.6 This update for apptainer fixes the following issues: - CVE-2025-27144: Fixed Denial of Service in Go JOSE's Parsing (bsc#1237679). - CVE-2024-45338: Fixed denial of service due to non-linear parsing of case-insensitive content (bsc#1234794). - CVE-2024-45337: Fixed Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto (bsc#1234595). - CVE-2025-22870: Fixed proxy bypass using IPv6 zone IDs (bsc#1238611). - CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239341). - CVE-2024-41110: Fixed Authz zero length regression (bsc#1228324). Critical SUSE bug 1228324 SUSE bug 1234595 SUSE bug 1234794 SUSE bug 1237679 SUSE bug 1238611 SUSE bug 1239341 CVE-2024-41110 at SUSE CVE-2024-41110 at NVD CVE-2024-45337 at SUSE CVE-2024-45337 at NVD CVE-2024-45338 at SUSE CVE-2024-45338 at NVD CVE-2025-22869 at SUSE CVE-2025-22869 at NVD CVE-2025-22870 at SUSE CVE-2025-22870 at NVD CVE-2025-27144 at SUSE CVE-2025-27144 at NVD cpe:/o:opensuse:leap:15.6 Security update for python311 (Low) openSUSE Leap 15.6 This update for python311 fixes the following issues: - CVE-2025-1795: Fixed mishandling of comma during folding and unicode-encoding of email headers (bsc#1238450). Low SUSE bug 1238450 SUSE bug 1239210 CVE-2025-1795 at SUSE CVE-2025-1795 at NVD cpe:/o:opensuse:leap:15.6 Security update for xorg-x11-server (Moderate) openSUSE Leap 15.6 This update for xorg-x11-server fixes the following issues: - CVE-2022-49737: Fixed Xorg crashing when client applications use easystroke for mouse gestures (bsc#1239750) Moderate SUSE bug 1239750 CVE-2022-49737 at SUSE CVE-2022-49737 at NVD cpe:/o:opensuse:leap:15.6 Security update for libarchive (Moderate) openSUSE Leap 15.6 This update for libarchive fixes the following issues: - CVE-2025-1632: Fixed null pointer dereference in bsdunzip.c (bsc#1237606) - CVE-2025-25724: Fixed buffer overflow vulnerability in function list_item_verbose() in tar/util.c (bsc#1238610) Moderate SUSE bug 1237606 SUSE bug 1238610 CVE-2025-1632 at SUSE CVE-2025-1632 at NVD CVE-2025-25724 at SUSE CVE-2025-25724 at NVD cpe:/o:opensuse:leap:15.6 Security update for u-boot (Moderate) openSUSE Leap 15.6 This update for u-boot fixes the following issues: - CVE-2024-57256: integer overflow in U-Boot's ext4 symlink resolution function (bsc#1237284). - CVE-2024-57258: multiple integer overflows in U-Boot's memory allocator (bsc#1237287). Moderate SUSE bug 1237284 SUSE bug 1237287 CVE-2024-57256 at SUSE CVE-2024-57256 at NVD CVE-2024-57258 at SUSE CVE-2024-57258 at NVD cpe:/o:opensuse:leap:15.6 Security update for freetype2 (Important) openSUSE Leap 15.6 This update for freetype2 fixes the following issues: - CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font subglyph structures related to TrueType GX and variable font files (bsc#1239465). Important SUSE bug 1239465 CVE-2025-27363 at SUSE CVE-2025-27363 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-tornado6 (Important) openSUSE Leap 15.6 This update for python-tornado6 fixes the following issues: - CVE-2025-67724: unescaped `reason` argument used in HTTP headers and in HTML default error pages can be used by attackers to launch header injection or XSS attacks (bsc#1254903). - CVE-2025-67725: quadratic complexity of string concatenation operations used by the `HTTPHeaders.add` method can lead to DoS when processing a maliciously crafted HTTP request (bsc#1254905). - CVE-2025-67726: quadratic complexity algorithm used in the `_parseparam` function of `httputil.py` can lead to DoS when processing maliciously crafted parameters in a `Content-Disposition` header (bsc#1254904). Important SUSE bug 1254903 SUSE bug 1254904 SUSE bug 1254905 CVE-2025-67724 at SUSE CVE-2025-67724 at NVD CVE-2025-67725 at SUSE CVE-2025-67725 at NVD CVE-2025-67726 at SUSE CVE-2025-67726 at NVD cpe:/o:opensuse:leap:15.6 Recommended update for rust1.94 (Moderate) openSUSE Leap 15.6 This update for rust1.94 fixes the following issues: This update adds rust1.94. Release notes can be found externally: https://github.com/rust-lang/rust/releases/tag/1.94.0 - CVE-2026-31812: avoid unwrapping varint decoding during parameters parsing (bsc#1259623) Moderate SUSE bug 1259623 CVE-2026-31812 at SUSE CVE-2026-31812 at NVD cpe:/o:opensuse:leap:15.6 Security update for Prometheus (Important) openSUSE Leap 15.6 This update for Prometheus fixes the following issues: golang-github-prometheus-alertmanager, golang-github-prometheus-node_exporter: - Internal changes to fix build issues with no impact for customers golang-github-prometheus-prometheus: - Security issues fixed: * CVE-2026-27606: Fixed arbitrary file write via path traversal in rollup (bsc#1258893) * CVE-2026-25547: Fixed unbounded brace range expansion leading to excessive CPU and memory consumption (bsc#1257841) * CVE-2026-1615, CVE-2025-61140 The old web UI is no longer built due to security issues (bsc#1257897, bsc#1257442) * CVE-2025-13465: Bump lodash package to version 4.17.23 to fix prototype pollution vulnerability (bsc#1257329) * CVE-2025-12816: Interpretation conflict vulnerability allowing bypassing cryptographic verifications (bsc#1255588) - Version update from 2.53.4 to 3.5.0 with the following highlighted changes (jsc#PED-13824): * Modernized Interface: Introduced a brand-new UI * Enhanced Cloud and Auth: Added unified AWS service discovery (EC2, ECS, Lightsail) and Azure Workload Identity support for more secure, native cloudauthentication. * Performance Standards: Fully integrated OpenTelemetry (OTLP) ingestion and moved Native Histograms from experimental to a stable feature. * Advanced Data Export: Rolled out Remote Write 2.0, offering better performance and metadata handling when sending data to external systems. * Query Power: Added new PromQL functions (like first_over_time and last_over_time) and optimization for grouping operations. * Better Visibility: The UI now displays detailed relabeling steps, scrape intervals, and timeouts, making it easier to troubleshoot why targets aren't reporting correctly. * Critical Fixes: Resolved significant memory leaks related to query logging and fixed bugs where targets were accidentally being scraped multiple times. Important SUSE bug 1255588 SUSE bug 1257329 SUSE bug 1257442 SUSE bug 1257841 SUSE bug 1257897 CVE-2025-12816 at SUSE CVE-2025-12816 at NVD CVE-2025-13465 at SUSE CVE-2025-13465 at NVD CVE-2025-61140 at SUSE CVE-2025-61140 at NVD CVE-2026-1615 at SUSE CVE-2026-1615 at NVD CVE-2026-25547 at SUSE CVE-2026-25547 at NVD cpe:/o:opensuse:leap:15.6 Security update 5.0.7 for Multi-Linux Manager Client Tools (Important) openSUSE Leap 15.6 This update fixes the following issues: dracut-saltboot: - Version update to 1.1.0: * Retry DHCP requests up to 3 times (bsc#1253004) golang-github-QubitProducts-exporter_exporter: - Non-customer-facing optimization and update golang-github-boynux-squid_exporter: - Version update from 1.6.0 to 1.13.0 with the following highlighted changes and fixes (jsc#PED-14971): * Added compatibility for Squid 6 and support for the squid-internal-mgr metrics path * Added TLS and Basic Authentication to the exporter’s web interface * Added support for the exporter to authenticate against the Squid proxy itself * Allow the gathering of process information without requiring root privileges * The exporter can now be configured using environment variables * Added support for custom labels to all exported metrics for better data filtering * New metrics to track if Squid is running (squid_up), how long a scrape takes, and if any errors occurred * Added 'service time' metrics to analyze proxy speed and performance. * Added a metric for open file descriptors (process_open_fds) to help prevent connection bottlenecks * Corrected the squid_client_http_requests_total metric to ensure accurate reporting golang-github-lusitaniae-apache_exporter: - Version update from 1.0.8 to 1.0.10: * Updated github.com/prometheus/client_golang to 1.21.1 * Updated github.com/prometheus/common to 0.63.0 * Updated github.com/prometheus/exporter-toolkit to 0.14.0 * Fixed signal handler logging golang-github-prometheus-prometheus: - Security issues fixed: * CVE-2026-27606: Fixed arbitrary file write via path traversal in rollup (bsc#1258893) * CVE-2026-25547: Fixed unbounded brace range expansion leading to excessive CPU and memory consumption (bsc#1257841) * CVE-2026-1615, CVE-2025-61140 The old web UI is no longer built due to security issues (bsc#1257897, bsc#1257442) * CVE-2025-13465: Bump lodash package to version 4.17.23 to fix prototype pollution vulnerability (bsc#1257329) * CVE-2025-12816: Interpretation conflict vulnerability allowing bypassing cryptographic verifications (bsc#1255588) - Version update from 2.53.4 to 3.5.0 with the following highlighted changes (jsc#PED-13824): * Modernized Interface: Introduced a brand-new UI * Enhanced Cloud and Auth: Added unified AWS service discovery (EC2, ECS, Lightsail) and Azure Workload Identity support for more secure, native cloudauthentication. * Performance Standards: Fully integrated OpenTelemetry (OTLP) ingestion and moved Native Histograms from experimental to a stable feature. * Advanced Data Export: Rolled out Remote Write 2.0, offering better performance and metadata handling when sending data to external systems. * Query Power: Added new PromQL functions (like first_over_time and last_over_time) and optimization for grouping operations * Better Visibility: The UI now displays detailed relabeling steps, scrape intervals, and timeouts, making it easier to troubleshoot why targets aren't reporting correctly. * Critical Fixes: Resolved significant memory leaks related to query logging and fixed bugs where targets were accidentally being scraped multiple times grafana: - Security issues fixed: * CVE-2026-21722: Public dashboards annotations: use dashboard timerange if time selection disabled (bsc#1258136) * CVE-2026-21721: Fixed access control by the dashboard permissions API (bsc#1257337) * CVE-2026-21720: Fixed unauthenticated DoS (bsc#1257349) * CVE-2025-68156: Fixed potential DoS via unbounded recursion in builtin functions (bsc#1255340) * CVE-2025-3415: Fixedexposure of DingDing alerting integration URL to Viewer level users (bsc#1245302) - Version update from 11.5.10 to 11.6.11 with the following highlighted changes and fixes: * Performance Boost: Introduced WebGL-powered geomaps for smoother map visualizations and removed blurred backgrounds from UI overlays to speed up the interface * One-Click Actions: Visualizations now support faster navigation via one-click links and actions * Alerting History: Added version history for alert rules, allowing you to track changes over time * Service Accounts: Automated the migration of old API keys to more secure Service Accounts upon startup * Cron Support: Annotations now support Cron syntax for more flexible scheduling * Identity and Auth: Hardened the Avatar feature (now requires sign-in) and fixed several login redirection issues when Grafana is hosted on a subpath * Data Source Support: Added support for Cloud Partner Prometheus data sources and improved Azure legend formatting * Alerting Limits: Added size limits for expanded notification templates to prevent system strain * RBAC: Integrated Role-Based Access Control (RBAC) into the Alertmanager via the reqAction field * Data Consistency: Fixed several issues with Graphite and InfluxDB regarding how variables are handled in repeated rows or nested queries * Dashboard Reliability: Resolved bugs involving row repeats and 'self-referencing' data links * Alerting Fixes: Patched a critical 'panic' (crash) caused by a race condition in alert rules and fixed issues where contact points weren't working correctly * URL Handling: Fixed a bug where 'true' values in URL parameters weren't being read correctly prometheus-blackbox_exporter: - Non-customer-facing optimization and update spacecmd: - Version update to 5.0.15: * Fixed typo in spacecmd help ca-cert flag (bsc#1253174) * Convert cached IDs to integer values (bsc#1251995) * Fixed spacecmd binary file upload (bsc#1253659) uyuni-tools: - Version update to 0.1.38: * Fixed cobbler configuration when migrating to standalone files (bsc#1256803) * Detect custom apache and squid config in the /etc/uyuni/proxy folder * Add ssh tuning to configure sshd (bsc#1253738) * Ignore supportconfig errors (bsc#1255781) * Bumped the default image tag to 5.0.7 * Removed cgroup mount for podman containers (bsc#1253347) * Registry flag can be a string (bsc#1254589) * Use static supportconfig name to avoid dynamic search (bsc#1257941) Important SUSE bug 1245302 SUSE bug 1251995 SUSE bug 1253004 SUSE bug 1253174 SUSE bug 1253347 SUSE bug 1253659 SUSE bug 1253738 SUSE bug 1254589 SUSE bug 1255340 SUSE bug 1255588 SUSE bug 1255781 SUSE bug 1256803 SUSE bug 1257329 SUSE bug 1257337 SUSE bug 1257349 SUSE bug 1257442 SUSE bug 1257841 SUSE bug 1257897 SUSE bug 1257941 SUSE bug 1258136 SUSE bug 1258893 CVE-2025-12816 at SUSE CVE-2025-12816 at NVD CVE-2025-13465 at SUSE CVE-2025-13465 at NVD CVE-2025-3415 at SUSE CVE-2025-3415 at NVD CVE-2025-61140 at SUSE CVE-2025-61140 at NVD CVE-2025-68156 at SUSE CVE-2025-68156 at NVD CVE-2026-1615 at SUSE CVE-2026-1615 at NVD CVE-2026-21720 at SUSE CVE-2026-21720 at NVD CVE-2026-21721 at SUSE CVE-2026-21721 at NVD CVE-2026-21722 at SUSE CVE-2026-21722 at NVD CVE-2026-25547 at SUSE CVE-2026-25547 at NVD CVE-2026-27606 at SUSE CVE-2026-27606 at NVD cpe:/o:opensuse:leap:15.6 Security update for salt (Important) openSUSE Leap 15.6 This update for salt fixes the following issues: - Security issues fixed: * CVE-2025-67724: Fixed missing validation of supplied reason phrase (bsc#1254903) * CVE-2025-67725: Fixed DoS via malicious HTTP request (bsc#1254905) * CVE-2025-67726: Fixed HTTP header parameter parsing algorithm (bsc#1254904) * CVE-2025-13836: Set a safe limit to http.client response read (bsc#1254400) - Made syntax in httputil_test compatible with Python 3.6 - Fixed KeyError in postgres module with PostgreSQL 17 (bsc#1254325) - Use internal deb classes instead of external aptsource lib - Improved wheel key.finger call (bsc#1240532) - Improved utils.find_json function (bsc#1246130) - Extended warn_until period to 2027 Important SUSE bug 1240532 SUSE bug 1246130 SUSE bug 1254325 SUSE bug 1254400 SUSE bug 1254903 SUSE bug 1254904 SUSE bug 1254905 CVE-2025-13836 at SUSE CVE-2025-13836 at NVD CVE-2025-67724 at SUSE CVE-2025-67724 at NVD CVE-2025-67725 at SUSE CVE-2025-67725 at NVD CVE-2025-67726 at SUSE CVE-2025-67726 at NVD cpe:/o:opensuse:leap:15.6 Security update for grafana (Important) openSUSE Leap 15.6 This update for grafana fixes the following issues: - Security issues fixed: - CVE-2026-21722: Public dashboards annotations: use dashboard timerange if time selection disabled (bsc#1258136) - CVE-2026-21721: Fixed access control by the dashboard permissions API (bsc#1257337) - CVE-2026-21720: Fixed unauthenticated DoS (bsc#1257349) - CVE-2025-68156: Fixed potential DoS via unbounded recursion in builtin functions (bsc#1255340) - CVE-2025-3415: Fixed exposure of DingDing alerting integration URL to Viewer level users (bsc#1245302) - Version update from 11.5.10 to 11.6.11 with the following highlighted changes and fixes: - Performance Boost: Introduced WebGL-powered geomaps for smoother map visualizations and removed blurred backgrounds from UI overlays to speed up the interface. - One-Click Actions: Visualizations now support faster navigation via one-click links and actions. - Alerting History: Added version history for alert rules, allowing you to track changes over time. - Service Accounts: Automated the migration of old API keys to more secure Service Accounts upon startup. - Cron Support: Annotations now support Cron syntax for more flexible scheduling. - Identity and Auth: Hardened the Avatar feature (now requires sign-in) and fixed several login redirection issues when Grafana is hosted on a subpath. - Data Source Support: Added support for Cloud Partner Prometheus data sources and improved Azure legend formatting. - Alerting Limits: Added size limits for expanded notification templates to prevent system strain. - RBAC: Integrated Role-Based Access Control (RBAC) into the Alertmanager via the reqAction field. - Data Consistency: Fixed several issues with Graphite and InfluxDB regarding how variables are handled in repeated rows or nested queries. - Dashboard Reliability: Resolved bugs involving row repeats and 'self-referencing' data links. - Alerting Fixes: Patched a critical 'panic' (crash) caused by a race condition in alert rules and fixed issues where contact points weren't working correctly. - URL Handling: Fixed a bug where 'true' values in URL parameters weren't being read correctly Important SUSE bug 1245302 SUSE bug 1255340 SUSE bug 1257337 SUSE bug 1257349 SUSE bug 1258136 CVE-2025-3415 at SUSE CVE-2025-3415 at NVD CVE-2025-68156 at SUSE CVE-2025-68156 at NVD CVE-2026-21720 at SUSE CVE-2026-21720 at NVD CVE-2026-21721 at SUSE CVE-2026-21721 at NVD CVE-2026-21722 at SUSE CVE-2026-21722 at NVD cpe:/o:opensuse:leap:15.6 Security update for systemd (Important) openSUSE Leap 15.6 This update for systemd fixes the following issues: - CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650). - CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418). - udev: check for invalid chars in various fields received from the kernel (bsc#1259697). Changelog: - a943e3ce2f machined: reject invalid class types when registering machines - 71593f77db udev: fix review mixup - 73a89810b4 udev-builtin-net-id: print cescaped bad attributes - 0f360bfdc0 udev-builtin-net_id: do not assume the current interface name is ethX - 40905232e2 udev: ensure tag parsing stays within bounds - 7bce9026e3 udev: ensure there is space for trailing NUL before calling sprintf - d018ac1ea3 udev: check for invalid chars in various fields received from the kernel - aef6e11921 core/cgroup: avoid one unnecessary strjoina() - cc7426f38a sd-json: fix off-by-one issue when updating parent for array elements - 26a748f727 core: validate input cgroup path more prudently - 99d8308fde core/dbus-manager: propagate meaningful dbus errors from EnqueueMarkedJobs Important SUSE bug 1259418 SUSE bug 1259650 SUSE bug 1259697 CVE-2026-29111 at SUSE CVE-2026-29111 at NVD CVE-2026-4105 at SUSE CVE-2026-4105 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-53817: crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() (bsc#1254992). - CVE-2024-38542: RDMA/mana_ib: boundary check before installing cq callbacks (bsc#1226591). - CVE-2025-37861: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue (bsc#1243055). - CVE-2025-39817: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (bsc#1249998). - CVE-2025-39964: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (bsc#1251966). - CVE-2025-40099: cifs: parse_dfs_referrals: prevent oob on malformed input (bsc#1252911). - CVE-2025-40103: smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924). - CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084). - CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1256645). - CVE-2025-71113: crypto: af_alg - zero initialize memory allocated via sock_kmalloc (bsc#1256716). - CVE-2025-71231: crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode (bsc#1258424). - CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231). - CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735). - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749). - CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790). - CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258181). - CVE-2026-23141: btrfs: send: check for inline extents in range_is_hole_in_parent() (bsc#1258377). - CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395). - CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340). - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518). - CVE-2026-23214: btrfs: reject new transactions if the fs is fully read-only (bsc#1258464). - CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1258850). - CVE-2026-23269: apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1259857). The following non-security bugs were fixed: - Add bugnumber to existing mana change (bsc#1251971). - Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). - Drivers: hv: remove stale comment (git-fixes). - Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes). - Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git-fixes). - Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes). - PCI: hv: Correct a comment (git-fixes). - PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes). - PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes). - PCI: hv: remove unnecessary module_init/exit functions (git-fixes). - RDMA/mana_ib: Access remote atomic for MRs (bsc#1251135). - RDMA/mana_ib: Add EQ creation for rnic adapter (git-fixes). - RDMA/mana_ib: Add device statistics support (git-fixes). - RDMA/mana_ib: Add device-memory support (git-fixes). - RDMA/mana_ib: Add port statistics support (git-fixes). - RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes). - RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes). - RDMA/mana_ib: Adding and deleting GIDs (git-fixes). - RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes). - RDMA/mana_ib: Configure mac address in RNIC (git-fixes). - RDMA/mana_ib: Create and destroy RC QP (git-fixes). - RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes). - RDMA/mana_ib: Create and destroy rnic adapter (git-fixes). - RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes). - RDMA/mana_ib: Enable RoCE on port 1 (git-fixes). - RDMA/mana_ib: Extend modify QP (git-fixes). - RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes). - RDMA/mana_ib: Fix error code in probe() (git-fixes). - RDMA/mana_ib: Fix integer overflow during queue creation (bsc#1251135). - RDMA/mana_ib: Fix missing ret value (git-fixes). - RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690). - RDMA/mana_ib: Implement DMABUF MR support (git-fixes). - RDMA/mana_ib: Implement port parameters (git-fixes). - RDMA/mana_ib: Implement uapi to create and destroy RC QP (git-fixes). - RDMA/mana_ib: Introduce helpers to create and destroy mana queues (git-fixes). - RDMA/mana_ib: Introduce mana_ib_get_netdev helper function (git-fixes). - RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function (git-fixes). - RDMA/mana_ib: Introduce mdev_to_gc helper function (git-fixes). - RDMA/mana_ib: Modify QP state (git-fixes). - RDMA/mana_ib: Process QP error events in mana_ib (git-fixes). - RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes). - RDMA/mana_ib: Set correct device into ib (git-fixes). - RDMA/mana_ib: Take CQ type from the device type (git-fixes). - RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes). - RDMA/mana_ib: UD/GSI work requests (git-fixes). - RDMA/mana_ib: Use num_comp_vectors of ib_device (git-fixes). - RDMA/mana_ib: Use safer allocation function() (bsc#1251135). - RDMA/mana_ib: Use struct mana_ib_queue for CQs (git-fixes). - RDMA/mana_ib: Use struct mana_ib_queue for RAW QPs (git-fixes). - RDMA/mana_ib: Use struct mana_ib_queue for WQs (git-fixes). - RDMA/mana_ib: add additional port counters (bsc#1251135). - RDMA/mana_ib: add support of multiple ports (bsc#1251135). - RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). - RDMA/mana_ib: create EQs for RNIC CQs (git-fixes). - RDMA/mana_ib: create and destroy RNIC cqs (git-fixes). - RDMA/mana_ib: create kernel-level CQs (git-fixes). - RDMA/mana_ib: create/destroy AH (git-fixes). - RDMA/mana_ib: extend mana QP table (git-fixes). - RDMA/mana_ib: extend query device (git-fixes). - RDMA/mana_ib: helpers to allocate kernel queues (git-fixes). - RDMA/mana_ib: implement get_dma_mr (git-fixes). - RDMA/mana_ib: implement req_notify_cq (git-fixes). - RDMA/mana_ib: implement uapi for creation of rnic cq (git-fixes). - RDMA/mana_ib: indicate CM support (git-fixes). - RDMA/mana_ib: introduce a helper to remove cq callbacks (git-fixes). - RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes). - RDMA/mana_ib: remove useless return values from dbg prints (git-fixes). - RDMA/mana_ib: request error CQEs when supported (git-fixes). - RDMA/mana_ib: set node_guid (git-fixes). - RDMA/mana_ib: support of the zero based MRs (bsc#1251135). - RDMA/mana_ib: unify mana_ib functions to support any gdma device (git-fixes). - apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849). - apparmor: fix differential encoding verification (bsc#1258849). - apparmor: fix memory leak in verify_header (bsc#1258849). - apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849). - apparmor: fix race between freeing data and fs accessing it (bsc#1258849). - apparmor: fix race on rawdata dereference (bsc#1258849). - apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849). - apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849). - apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849). - apparmor: replace recursive profile removal with iterative approach (bsc#1258849). - apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849). - btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes). - cifs: add xid to query server interface call (git-fixes). - clocksource: Print durations for sync check unconditionally (bsc#1241345). - clocksource: Reduce watchdog readout delay limit to prevent false positives (bsc#1241345). - hv/hv_kvp_daemon: Handle IPv4 and Ipv6 combination for keyfile format (git-fixes). - hv/hv_kvp_daemon: Pass NIC name to hv_get_dns_info as well (git-fixes). - net/mana: Null service_wq on setup error to prevent double destroy (git-fix). - net: mana: Add metadata support for xdp mode (git-fixes). - net: mana: Add standard counter rx_missed_errors (git-fixes). - net: mana: Add support for auxiliary device servicing events (bsc#1251971). - net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690). - net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes). - net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes). - net: mana: Fix use-after-free in reset service rescan path (git-fixes). - net: mana: Fix warnings for missing export.h header inclusion (git-fixes). - net: mana: Handle Reset Request from MANA NIC (bsc#1245728 bsc#1251971). - net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes). - net: mana: Handle hardware recovery events when probing the device (bsc#1257466). - net: mana: Handle unsupported HWC commands (git-fixes). - net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472). - net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes). - net: mana: Probe rdma device in mana driver (git-fixes). - net: mana: Reduce waiting time if HWC not responding (bsc#1252266). - net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes). - net: mana: Support HW link state events (bsc#1253049). - net: mana: Use mana_cleanup_port_context() for rxq cleanup (git-fixes). - net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes). - net: mana: use ethtool string helpers (git-fixes). - s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306). - scsi: mpi3mr: Event processing debug improvement (bsc#1251186, bsc#1258832). - scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes). - scsi: storvsc: Remove redundant ternary operators (git-fixes). - shrink_slab_memcg: clear_bits of skipped shrinkers (bsc#1256564). - spi: tegra210-quad: Move curr_xfer read inside spinlock (bsc#1257952) - spi: tegra210-quad: Protect curr_xfer assignment in (bsc#1257952) - spi: tegra210-quad: Protect curr_xfer check in IRQ handler (bsc#1257952) - spi: tegra210-quad: Protect curr_xfer clearing in (bsc#1257952) - spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (bsc#1257952) - spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed (bsc#1257952) - tools/hv: add a .gitignore file (git-fixes). - tools/hv: reduce resouce usage in hv_get_dns_info helper (git-fixes). - tools/hv: reduce resource usage in hv_kvp_daemon (git-fixes). - tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes). - tools: hv: lsvmbus: change shebang to use python3 (git-fixes). - workqueue: mark power efficient workqueue as unbounded if (bsc#1257891) Important SUSE bug 1226591 SUSE bug 1241345 SUSE bug 1243055 SUSE bug 1245728 SUSE bug 1249998 SUSE bug 1251135 SUSE bug 1251186 SUSE bug 1251966 SUSE bug 1251971 SUSE bug 1252266 SUSE bug 1252911 SUSE bug 1252924 SUSE bug 1253049 SUSE bug 1254306 SUSE bug 1254992 SUSE bug 1255084 SUSE bug 1256564 SUSE bug 1256645 SUSE bug 1256690 SUSE bug 1256716 SUSE bug 1257231 SUSE bug 1257466 SUSE bug 1257472 SUSE bug 1257473 SUSE bug 1257732 SUSE bug 1257735 SUSE bug 1257749 SUSE bug 1257790 SUSE bug 1257891 SUSE bug 1257952 SUSE bug 1258181 SUSE bug 1258338 SUSE bug 1258340 SUSE bug 1258376 SUSE bug 1258377 SUSE bug 1258395 SUSE bug 1258424 SUSE bug 1258464 SUSE bug 1258518 SUSE bug 1258524 SUSE bug 1258832 SUSE bug 1258849 SUSE bug 1258850 SUSE bug 1258928 SUSE bug 1259070 SUSE bug 1259857 CVE-2023-53817 at SUSE CVE-2023-53817 at NVD CVE-2024-38542 at SUSE CVE-2024-38542 at NVD CVE-2025-37861 at SUSE CVE-2025-37861 at NVD CVE-2025-39817 at SUSE CVE-2025-39817 at NVD CVE-2025-39964 at SUSE CVE-2025-39964 at NVD CVE-2025-40099 at SUSE CVE-2025-40099 at NVD CVE-2025-40103 at SUSE CVE-2025-40103 at NVD CVE-2025-40253 at SUSE CVE-2025-40253 at NVD CVE-2025-71066 at SUSE CVE-2025-71066 at NVD CVE-2025-71113 at SUSE CVE-2025-71113 at NVD CVE-2025-71231 at SUSE CVE-2025-71231 at NVD CVE-2026-23004 at SUSE CVE-2026-23004 at NVD CVE-2026-23054 at SUSE CVE-2026-23054 at NVD CVE-2026-23060 at SUSE CVE-2026-23060 at NVD CVE-2026-23074 at SUSE CVE-2026-23074 at NVD CVE-2026-23089 at SUSE CVE-2026-23089 at NVD CVE-2026-23111 at SUSE CVE-2026-23111 at NVD CVE-2026-23141 at SUSE CVE-2026-23141 at NVD CVE-2026-23157 at SUSE CVE-2026-23157 at NVD CVE-2026-23191 at SUSE CVE-2026-23191 at NVD CVE-2026-23202 at SUSE CVE-2026-23202 at NVD CVE-2026-23204 at SUSE CVE-2026-23204 at NVD CVE-2026-23207 at SUSE CVE-2026-23207 at NVD CVE-2026-23209 at SUSE CVE-2026-23209 at NVD CVE-2026-23214 at SUSE CVE-2026-23214 at NVD CVE-2026-23268 at SUSE CVE-2026-23268 at NVD CVE-2026-23269 at SUSE CVE-2026-23269 at NVD cpe:/o:opensuse:leap:15.6 Security update for python310 (Important) openSUSE Leap 15.6 This update for python310 fixes the following issues: Update to Python 3.10.20: - CVE-2025-6075: quadratic complexity in os.path.expandvars() (bsc#1252974). - CVE-2025-11468: header injection with carefully crafted inputs (bsc#1257029). - CVE-2025-12084: quadratic complexity in xml.minidom node ID cache clearing (bsc#1254997). - CVE-2025-13836: potential memory denial of service in the http.client module (bsc#1254400). - CVE-2025-13837: potential memory denial of service in the plistlib module (bsc#1254401). - CVE-2026-0672: control characters in http.cookies.Morsel fields and values (bsc#1257031). - CVE-2026-0865: C0 control characters within wsgiref.headers.Headers fields, values, and parameters (bsc#1257042). - CVE-2026-1299: header injection when an email is serialized due to improper newline quoting (bsc#1257181). - CVE-2026-2297: validation bypass via incorrectly handled hook in FileLoader (bsc#1259240). Changelog: - Update to 3.10.20: - gh-144125: BytesGenerator will now refuse to serialize (write) headers that are unsafely folded or delimited; see verify_generated_headers. (Contributed by Bas Bloemsaat and Petr Viktorin in gh-121650) (bsc#1257181, CVE-2026-1299). - gh-143935: Fixed a bug in the folding of comments when flattening an email message using a modern email policy. Comments consisting of a very long sequence of non-foldable characters could trigger a forced line wrap that omitted the required leading space on the continuation line, causing the remainder of the comment to be interpreted as a new header field. This enabled header injection with carefully crafted inputs (bsc#1257029 CVE-2025-11468). - gh-143925: Reject control characters in data: URL media types. - gh-143919: Reject control characters in http.cookies.Morsel fields and values (bsc#1257031, CVE-2026-0672). - gh-143916: Reject C0 control characters within wsgiref.headers.Headers fields, values, and parameters (bsc#1257042, CVE-2026-0865). - gh-142145: Remove quadratic behavior in xml.minidom node ID cache clearing. In order to do this without breaking existing users, we also add the ownerDocument attribute to xml.dom.minidom elements and attributes created by directly instantiating the Element or Attr class. Note that this way of creating nodes is not supported; creator functions like xml.dom.Document.documentElement() should be used instead (bsc#1254997, CVE-2025-12084). - gh-137836: Add support of the 'plaintext' element, RAWTEXT elements 'xmp', 'iframe', 'noembed' and 'noframes', and optionally RAWTEXT element 'noscript' in html.parser.HTMLParser. - gh-136063: email.message: ensure linear complexity for legacy HTTP parameters parsing. Patch by B?n?dikt Tran. - gh-136065: Fix quadratic complexity in os.path.expandvars() (bsc#1252974, CVE-2025-6075). - gh-119451: Fix a potential memory denial of service in the http.client module. When connecting to a malicious server, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes (CVE-2025-13836, bsc#1254400). - gh-119452: Fix a potential memory denial of service in the http.server module. When a malicious user is connected to the CGI server on Windows, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes. - gh-119342: Fix a potential memory denial of service in the plistlib module. When reading a Plist file received from untrusted source, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes (bsc#1254401, CVE-2025-13837). - Library - gh-144833: Fixed a use-after-free in ssl when SSL_new() returns NULL in newPySSLSocket(). The error was reported via a dangling pointer after the object had already been freed. - gh-144363: Update bundled libexpat to 2.7.4 - gh-90949: Add SetAllocTrackerActivationThreshold() and SetAllocTrackerMaximumAmplification() to xmlparser objects to prevent use of disproportional amounts of dynamic memory from within an Expat parser. Patch by B?n?dikt Tran. - Core and Builtins - gh-120384: Fix an array out of bounds crash in list_ass_subscript, which could be invoked via some specificly tailored input: including concurrent modification of a list object, where one thread assigns a slice and another clears it. - gh-120298: Fix use-after free in list_richcompare_impl which can be invoked via some specificly tailored evil input. Important SUSE bug 1252974 SUSE bug 1254400 SUSE bug 1254401 SUSE bug 1254997 SUSE bug 1257029 SUSE bug 1257031 SUSE bug 1257042 SUSE bug 1257181 SUSE bug 1259240 CVE-2025-11468 at SUSE CVE-2025-11468 at NVD CVE-2025-12084 at SUSE CVE-2025-12084 at NVD CVE-2025-13836 at SUSE CVE-2025-13836 at NVD CVE-2025-13837 at SUSE CVE-2025-13837 at NVD CVE-2025-6075 at SUSE CVE-2025-6075 at NVD CVE-2026-0672 at SUSE CVE-2026-0672 at NVD CVE-2026-0865 at SUSE CVE-2026-0865 at NVD CVE-2026-1299 at SUSE CVE-2026-1299 at NVD CVE-2026-2297 at SUSE CVE-2026-2297 at NVD cpe:/o:opensuse:leap:15.6 Security update for frr (Moderate) openSUSE Leap 15.6 This update for frr fixes the following issues: Security issues: - CVE-2025-61099: NULL Pointer Dereference in FRRouting (bsc#1252838). - CVE-2025-61100: NULL Pointer Dereference in FRRouting (bsc#1252829). - CVE-2025-61101: NULL Pointer Dereference in FRRouting (bsc#1252833). - CVE-2025-61102: NULL Pointer Dereference in FRRouting (bsc#1252835). - CVE-2025-61103: NULL pointer dereference in show_vty_ext_link_lan_adj_sid() in ospf_ext.c (bsc#1252810). - CVE-2025-61104: NULL pointer dereference in show_vty_unknown_tlv() in ospf_ext.c (bsc#1252811). - CVE-2025-61105: NULL pointer dereference in show_vty_link_info() in ospf_ext.c (bsc#1252761). - CVE-2025-61106: NULL pointer dereference in show_vty_ext_pref_pref_sid() in ospf_ext.c (bsc#1252812). Non-security issues: - Fix /var/run leftovers in logrotate config file, create /var/log and /var/lib via tmpfiles.d (jsc#PED-14796). Moderate SUSE bug 1252761 SUSE bug 1252810 SUSE bug 1252811 SUSE bug 1252812 SUSE bug 1252813 SUSE bug 1252829 SUSE bug 1252833 SUSE bug 1252835 SUSE bug 1252838 CVE-2025-61099 at SUSE CVE-2025-61099 at NVD CVE-2025-61100 at SUSE CVE-2025-61100 at NVD CVE-2025-61101 at SUSE CVE-2025-61101 at NVD CVE-2025-61102 at SUSE CVE-2025-61102 at NVD CVE-2025-61103 at SUSE CVE-2025-61103 at NVD CVE-2025-61104 at SUSE CVE-2025-61104 at NVD CVE-2025-61105 at SUSE CVE-2025-61105 at NVD CVE-2025-61106 at SUSE CVE-2025-61106 at NVD CVE-2025-61107 at SUSE CVE-2025-61107 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-tornado6 (Important) openSUSE Leap 15.6 This update for python-tornado6 fixes the following issues: - CVE-2026-31958: parsing large multipart bodies with many parts can cause a denial of service (bsc#1259553). - incomplete validation of cookie attributes allows for injection of user-controlled values in other cookie attributes (bsc#1259630). Important SUSE bug 1259553 SUSE bug 1259630 CVE-2026-31958 at SUSE CVE-2026-31958 at NVD cpe:/o:opensuse:leap:15.6 Security update for sqlite3 (Moderate) openSUSE Leap 15.6 This update for sqlite3 fixes the following issues: Update sqlite3 to 3.51.3: - CVE-2025-7709: Integer Overflow in FTS5 Extension (bsc#1254670). - CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation (bsc#1259619). Changelog: * Fix the WAL-reset database corruption bug: https://sqlite.org/wal.html#walresetbug Moderate SUSE bug 1254670 SUSE bug 1259619 CVE-2025-70873 at SUSE CVE-2025-70873 at NVD CVE-2025-7709 at SUSE CVE-2025-7709 at NVD cpe:/o:opensuse:leap:15.6 Security update for pgvector (Important) openSUSE Leap 15.6 This update for pgvector fixes the following issue: Update to pgvector 0.8.2: - CVE-2026-3172: Buffer overflow in parallel HNSW index build (bsc#1258945). Changelog: * Fixed Index Searches in EXPLAIN output for Postgres 18 Important SUSE bug 1258945 CVE-2026-3172 at SUSE CVE-2026-3172 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-pyasn1 (Important) openSUSE Leap 15.6 This update for python-pyasn1 fixes the following issues: - CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803). Important SUSE bug 1259803 CVE-2026-30922 at SUSE CVE-2026-30922 at NVD cpe:/o:opensuse:leap:15.6 Security update for python3 (Important) openSUSE Leap 15.6 This update for python3 fixes the following issues: - CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in BytesGenerator (bsc#1257181). Important SUSE bug 1257181 CVE-2026-1299 at SUSE CVE-2026-1299 at NVD cpe:/o:opensuse:leap:15.6 Security update for kea (Important) openSUSE Leap 15.6 This update for kea fixes the following issues: Update to release 2.6.3 (bsc#1243240): - CVE-2025-32801: Fixed loading a malicious hook library can lead to local privilege escalation. - CVE-2025-32802: Fixed insecure handling of file paths allows multiple local attacks. - CVE-2025-32803: Fixed insecure file permissions can result in confidential information leakage. Important SUSE bug 1243240 CVE-2025-32801 at SUSE CVE-2025-32801 at NVD CVE-2025-32802 at SUSE CVE-2025-32802 at NVD CVE-2025-32803 at SUSE CVE-2025-32803 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-deepdiff (Important) openSUSE Leap 15.6 This update for python-deepdiff fixes the following issues: - CVE-2026-33155: Fixed denial of service via builtins.bytes, builtins.list, builtins.range (bsc#1260064). Important SUSE bug 1260064 CVE-2026-33155 at SUSE CVE-2026-33155 at NVD cpe:/o:opensuse:leap:15.6 Security update for cosign (Important) openSUSE Leap 15.6 This update for cosign rebuilds it against the current go 1.25 security release. Important cpe:/o:opensuse:leap:15.6 Security update for ImageMagick (Important) openSUSE Leap 15.6 This update for ImageMagick fixes the following issues: - CVE-2025-65955: possible use-after-free/double-free in `Options::fontFamily` when clearing a family can lead to crashes or memory corruption (bsc#1254435). - CVE-2025-66628: possible integer overflow in the TIM image parser's `ReadTIMImage` function can lead to arbitrary memory disclosure on 32-bit systems (bsc#1254820). Important SUSE bug 1254435 SUSE bug 1254820 CVE-2025-65955 at SUSE CVE-2025-65955 at NVD CVE-2025-66628 at SUSE CVE-2025-66628 at NVD cpe:/o:opensuse:leap:15.6 Security update for containerd (Important) openSUSE Leap 15.6 This update for containerd rebuilds it against the current go 1.25 security release. Important cpe:/o:opensuse:leap:15.6 Security update for python312 (Important) openSUSE Leap 15.6 This update for python312 fixes the following issues: Update to Python 3.12.13: - CVE-2025-6075: quadratic complexity in os.path.expandvars() (bsc#1252974). - CVE-2025-11468: header injection with carefully crafted inputs (bsc#1257029). - CVE-2025-12084: quadratic complexity in xml.minidom node ID cache clearing (bsc#1254997). - CVE-2025-13836: potential memory denial of service in the http.client module (bsc#1254400). - CVE-2025-13837: potential memory denial of service in the plistlib module (bsc#1254401). - CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046). - CVE-2026-0672: control characters in http.cookies.Morsel fields and values (bsc#1257031). - CVE-2026-0865: C0 control characters within wsgiref.headers.Headers fields, values, and parameters (bsc#1257042). - CVE-2026-1299: header injection when an email is serialized due to improper newline quoting (bsc#1257181). - CVE-2026-2297: validation bypass via incorrectly handled hook in FileLoader (bsc#1259240). Changelog: - gh-144125: BytesGenerator will now refuse to serialize (write) headers that are unsafely folded or delimited; see verify_generated_headers. (Contributed by Bas Bloemsaat and Petr Viktorin in gh-121650) (bsc#1257181, CVE-2026-1299). - gh-143935: Fixed a bug in the folding of comments when flattening an email message using a modern email policy. Comments consisting of a very long sequence of non-foldable characters could trigger a forced line wrap that omitted the required leading space on the continuation line, causing the remainder of the comment to be interpreted as a new header field. This enabled header injection with carefully crafted inputs (bsc#1257029 CVE-2025-11468). - gh-143925: Reject control characters in data: URL media types (bsc#1257046, CVE-2025-15282). - gh-143919: Reject control characters in http.cookies.Morsel fields and values (bsc#1257031, CVE-2026-0672). - gh-143916: Reject C0 control characters within wsgiref.headers.Headers fields, values, and parameters (bsc#1257042, CVE-2026-0865). - gh-142145: Remove quadratic behavior in xml.minidom node ID cache clearing. In order to do this without breaking existing users, we also add the ownerDocument attribute to xml.dom.minidom elements and attributes created by directly instantiating the Element or Attr class. Note that this way of creating nodes is not supported; creator functions like xml.dom.Document.documentElement() should be used instead (bsc#1254997, CVE-2025-12084). - gh-137836: Add support of the 'plaintext' element, RAWTEXT elements 'xmp', 'iframe', 'noembed' and 'noframes', and optionally RAWTEXT element 'noscript' in html.parser.HTMLParser. - gh-136063: email.message: ensure linear complexity for legacy HTTP parameters parsing. Patch by B?n?dikt Tran. - gh-136065: Fix quadratic complexity in os.path.expandvars() (bsc#1252974, CVE-2025-6075). - gh-119451: Fix a potential memory denial of service in the http.client module. When connecting to a malicious server, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes (CVE-2025-13836, bsc#1254400). - gh-119452: Fix a potential memory denial of service in the http.server module. When a malicious user is connected to the CGI server on Windows, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes. - gh-119342: Fix a potential memory denial of service in the plistlib module. When reading a Plist file received from untrusted source, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes (bsc#1254401, CVE-2025-13837). - Library - gh-144833: Fixed a use-after-free in ssl when SSL_new() returns NULL in newPySSLSocket(). The error was reported via a dangling pointer after the object had already been freed. - gh-144363: Update bundled libexpat to 2.7.4 - gh-90949: Add SetAllocTrackerActivationThreshold() and SetAllocTrackerMaximumAmplification() to xmlparser objects to prevent use of disproportional amounts of dynamic memory from within an Expat parser. Patch by B?n?dikt Tran. Important SUSE bug 1252974 SUSE bug 1254400 SUSE bug 1254401 SUSE bug 1254997 SUSE bug 1257029 SUSE bug 1257031 SUSE bug 1257042 SUSE bug 1257046 SUSE bug 1257181 SUSE bug 1259240 CVE-2025-11468 at SUSE CVE-2025-11468 at NVD CVE-2025-12084 at SUSE CVE-2025-12084 at NVD CVE-2025-13836 at SUSE CVE-2025-13836 at NVD CVE-2025-13837 at SUSE CVE-2025-13837 at NVD CVE-2025-15282 at SUSE CVE-2025-15282 at NVD CVE-2025-6075 at SUSE CVE-2025-6075 at NVD CVE-2026-0672 at SUSE CVE-2026-0672 at NVD CVE-2026-0865 at SUSE CVE-2026-0865 at NVD CVE-2026-1299 at SUSE CVE-2026-1299 at NVD CVE-2026-2297 at SUSE CVE-2026-2297 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaFirefox (Important) openSUSE Leap 15.6 This update for MozillaFirefox fixes the following issues: Update to Firefox 140.9.0 ESR (MFSA 2026-22, bsc#1260083): - CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender component - CVE-2026-4685: Incorrect boundary conditions in the Graphics: Canvas2D component - CVE-2026-4686: Incorrect boundary conditions in the Graphics: Canvas2D component - CVE-2026-4687: Sandbox escape due to incorrect boundary conditions in the Telemetry component - CVE-2026-4688: Sandbox escape due to use-after-free in the Disability Access APIs component - CVE-2026-4689: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component - CVE-2026-4690: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component - CVE-2026-4691: Use-after-free in the CSS Parsing and Computation component - CVE-2026-4692: Sandbox escape in the Responsive Design Mode component - CVE-2026-4693: Incorrect boundary conditions in the Audio/Video: Playback component - CVE-2026-4694: Incorrect boundary conditions, integer overflow in the Graphics component - CVE-2026-4695: Incorrect boundary conditions in the Audio/Video: Web Codecs component - CVE-2026-4696: Use-after-free in the Layout: Text and Fonts component - CVE-2026-4697: Incorrect boundary conditions in the Audio/Video: Web Codecs component - CVE-2026-4698: JIT miscompilation in the JavaScript Engine: JIT component - CVE-2026-4699: Incorrect boundary conditions in the Layout: Text and Fonts component - CVE-2026-4700: Mitigation bypass in the Networking: HTTP component - CVE-2026-4701: Use-after-free in the JavaScript Engine component - CVE-2026-4702: JIT miscompilation in the JavaScript Engine component - CVE-2026-4704: Denial-of-service in the WebRTC: Signaling component - CVE-2026-4705: Undefined behavior in the WebRTC: Signaling component - CVE-2026-4706: Incorrect boundary conditions in the Graphics: Canvas2D component - CVE-2026-4707: Incorrect boundary conditions in the Graphics: Canvas2D component - CVE-2026-4708: Incorrect boundary conditions in the Graphics component - CVE-2026-4709: Incorrect boundary conditions in the Audio/Video: GMP component - CVE-2026-4710: Incorrect boundary conditions in the Audio/Video component - CVE-2026-4711: Use-after-free in the Widget: Cocoa component - CVE-2026-4712: Information disclosure in the Widget: Cocoa component - CVE-2026-4713: Incorrect boundary conditions in the Graphics component - CVE-2026-4714: Incorrect boundary conditions in the Audio/Video component - CVE-2026-4715: Uninitialized memory in the Graphics: Canvas2D component - CVE-2026-4716: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component - CVE-2026-4717: Privilege escalation in the Netmonitor component - CVE-2025-59375: Denial-of-service in the XML component - CVE-2026-4718: Undefined behavior in the WebRTC: Signaling component - CVE-2026-4719: Incorrect boundary conditions in the Graphics: Text component - CVE-2026-4720: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 - CVE-2026-4721: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 Important SUSE bug 1260083 CVE-2025-59375 at SUSE CVE-2025-59375 at NVD CVE-2026-4684 at SUSE CVE-2026-4684 at NVD CVE-2026-4685 at SUSE CVE-2026-4685 at NVD CVE-2026-4686 at SUSE CVE-2026-4686 at NVD CVE-2026-4687 at SUSE CVE-2026-4687 at NVD CVE-2026-4688 at SUSE CVE-2026-4688 at NVD CVE-2026-4689 at SUSE CVE-2026-4689 at NVD CVE-2026-4690 at SUSE CVE-2026-4690 at NVD CVE-2026-4691 at SUSE CVE-2026-4691 at NVD CVE-2026-4692 at SUSE CVE-2026-4692 at NVD CVE-2026-4693 at SUSE CVE-2026-4693 at NVD CVE-2026-4694 at SUSE CVE-2026-4694 at NVD CVE-2026-4695 at SUSE CVE-2026-4695 at NVD CVE-2026-4696 at SUSE CVE-2026-4696 at NVD CVE-2026-4697 at SUSE CVE-2026-4697 at NVD CVE-2026-4698 at SUSE CVE-2026-4698 at NVD CVE-2026-4699 at SUSE CVE-2026-4699 at NVD CVE-2026-4700 at SUSE CVE-2026-4700 at NVD CVE-2026-4701 at SUSE CVE-2026-4701 at NVD CVE-2026-4702 at SUSE CVE-2026-4702 at NVD CVE-2026-4704 at SUSE CVE-2026-4704 at NVD CVE-2026-4705 at SUSE CVE-2026-4705 at NVD CVE-2026-4706 at SUSE CVE-2026-4706 at NVD CVE-2026-4707 at SUSE CVE-2026-4707 at NVD CVE-2026-4708 at SUSE CVE-2026-4708 at NVD CVE-2026-4709 at SUSE CVE-2026-4709 at NVD CVE-2026-4710 at SUSE CVE-2026-4710 at NVD CVE-2026-4711 at SUSE CVE-2026-4711 at NVD CVE-2026-4712 at SUSE CVE-2026-4712 at NVD CVE-2026-4713 at SUSE CVE-2026-4713 at NVD CVE-2026-4714 at SUSE CVE-2026-4714 at NVD CVE-2026-4715 at SUSE CVE-2026-4715 at NVD CVE-2026-4716 at SUSE CVE-2026-4716 at NVD CVE-2026-4717 at SUSE CVE-2026-4717 at NVD CVE-2026-4718 at SUSE CVE-2026-4718 at NVD CVE-2026-4719 at SUSE CVE-2026-4719 at NVD CVE-2026-4720 at SUSE CVE-2026-4720 at NVD CVE-2026-4721 at SUSE CVE-2026-4721 at NVD cpe:/o:opensuse:leap:15.6 Security update for util-linux (Moderate) openSUSE Leap 15.6 This update for util-linux fixes the following issues: - CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666). - lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682). Moderate SUSE bug 1254666 CVE-2025-14104 at SUSE CVE-2025-14104 at NVD cpe:/o:opensuse:leap:15.6 Security update for perl-XML-Parser (Important) openSUSE Leap 15.6 This update for perl-XML-Parser fixes the following issues: - CVE-2006-10002: heap buffer overflow in `parse_stream` when processing UTF-8 input streams (bsc#1259901). - CVE-2006-10003: off-by-one heap buffer overflow in `st_serial_stack` (bsc#1259902). Important SUSE bug 1259901 SUSE bug 1259902 CVE-2006-10002 at SUSE CVE-2006-10002 at NVD CVE-2006-10003 at SUSE CVE-2006-10003 at NVD cpe:/o:opensuse:leap:15.6 Security update for freerdp (Important) openSUSE Leap 15.6 This update for freerdp fixes the following issues: - CVE-2026-26271: Buffer Overread in FreeRDP Icon Processing (bsc#1258979). - CVE-2026-26955: Out-of-bounds Write in freerdp (bsc#1258982). - CVE-2026-26965: Out-of-bounds Write in freerdp (bsc#1258985). - CVE-2026-31806: improper validation of server messages can lead to a heap buffer overflow and arbitrary code execution (bsc#1259653). - CVE-2026-31883: crafted RDPSND audio format and wave data can cause a heap buffer overflow write (bsc#1259679). - CVE-2026-31885: unchecked predictor can lead to an out-of-bounds read (bsc#1259686). Important SUSE bug 1258979 SUSE bug 1258982 SUSE bug 1258985 SUSE bug 1259653 SUSE bug 1259679 SUSE bug 1259686 CVE-2026-26271 at SUSE CVE-2026-26271 at NVD CVE-2026-26955 at SUSE CVE-2026-26955 at NVD CVE-2026-26965 at SUSE CVE-2026-26965 at NVD CVE-2026-31806 at SUSE CVE-2026-31806 at NVD CVE-2026-31883 at SUSE CVE-2026-31883 at NVD CVE-2026-31885 at SUSE CVE-2026-31885 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaThunderbird (Important) openSUSE Leap 15.6 This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 140.9 (MFSA 2026-24, bsc#1260083): - CVE-2026-3889: Spoofing issue in Thunderbird - CVE-2026-4371: Out of bounds read in IMAP parsing - CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender component - CVE-2026-4685: Incorrect boundary conditions in the Graphics: Canvas2D component - CVE-2026-4686: Incorrect boundary conditions in the Graphics: Canvas2D component - CVE-2026-4687: Sandbox escape due to incorrect boundary conditions in the Telemetry component - CVE-2026-4688: Sandbox escape due to use-after-free in the Disability Access APIs component - CVE-2026-4689: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component - CVE-2026-4690: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component - CVE-2026-4691: Use-after-free in the CSS Parsing and Computation component - CVE-2026-4692: Sandbox escape in the Responsive Design Mode component - CVE-2026-4693: Incorrect boundary conditions in the Audio/Video: Playback component - CVE-2026-4694: Incorrect boundary conditions, integer overflow in the Graphics component - CVE-2026-4695: Incorrect boundary conditions in the Audio/Video: Web Codecs component - CVE-2026-4696: Use-after-free in the Layout: Text and Fonts component - CVE-2026-4697: Incorrect boundary conditions in the Audio/Video: Web Codecs component - CVE-2026-4698: JIT miscompilation in the JavaScript Engine: JIT component - CVE-2026-4699: Incorrect boundary conditions in the Layout: Text and Fonts component - CVE-2026-4700: Mitigation bypass in the Networking: HTTP component - CVE-2026-4701: Use-after-free in the JavaScript Engine component - CVE-2026-4702: JIT miscompilation in the JavaScript Engine component - CVE-2026-4704: Denial-of-service in the WebRTC: Signaling component - CVE-2026-4705: Undefined behavior in the WebRTC: Signaling component - CVE-2026-4706: Incorrect boundary conditions in the Graphics: Canvas2D component - CVE-2026-4707: Incorrect boundary conditions in the Graphics: Canvas2D component - CVE-2026-4708: Incorrect boundary conditions in the Graphics component - CVE-2026-4709: Incorrect boundary conditions in the Audio/Video: GMP component - CVE-2026-4710: Incorrect boundary conditions in the Audio/Video component - CVE-2026-4711: Use-after-free in the Widget: Cocoa component - CVE-2026-4712: Information disclosure in the Widget: Cocoa component - CVE-2026-4713: Incorrect boundary conditions in the Graphics component - CVE-2026-4714: Incorrect boundary conditions in the Audio/Video component - CVE-2026-4715: Uninitialized memory in the Graphics: Canvas2D component - CVE-2026-4716: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component - CVE-2026-4717: Privilege escalation in the Netmonitor component - CVE-2025-59375: Denial-of-service in the XML component - CVE-2026-4718: Undefined behavior in the WebRTC: Signaling component - CVE-2026-4719: Incorrect boundary conditions in the Graphics: Text component - CVE-2026-4720: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 - CVE-2026-4721: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 Important SUSE bug 1260083 CVE-2025-59375 at SUSE CVE-2025-59375 at NVD CVE-2026-3889 at SUSE CVE-2026-3889 at NVD CVE-2026-4371 at SUSE CVE-2026-4371 at NVD CVE-2026-4684 at SUSE CVE-2026-4684 at NVD CVE-2026-4685 at SUSE CVE-2026-4685 at NVD CVE-2026-4686 at SUSE CVE-2026-4686 at NVD CVE-2026-4687 at SUSE CVE-2026-4687 at NVD CVE-2026-4688 at SUSE CVE-2026-4688 at NVD CVE-2026-4689 at SUSE CVE-2026-4689 at NVD CVE-2026-4690 at SUSE CVE-2026-4690 at NVD CVE-2026-4691 at SUSE CVE-2026-4691 at NVD CVE-2026-4692 at SUSE CVE-2026-4692 at NVD CVE-2026-4693 at SUSE CVE-2026-4693 at NVD CVE-2026-4694 at SUSE CVE-2026-4694 at NVD CVE-2026-4695 at SUSE CVE-2026-4695 at NVD CVE-2026-4696 at SUSE CVE-2026-4696 at NVD CVE-2026-4697 at SUSE CVE-2026-4697 at NVD CVE-2026-4698 at SUSE CVE-2026-4698 at NVD CVE-2026-4699 at SUSE CVE-2026-4699 at NVD CVE-2026-4700 at SUSE CVE-2026-4700 at NVD CVE-2026-4701 at SUSE CVE-2026-4701 at NVD CVE-2026-4702 at SUSE CVE-2026-4702 at NVD CVE-2026-4704 at SUSE CVE-2026-4704 at NVD CVE-2026-4705 at SUSE CVE-2026-4705 at NVD CVE-2026-4706 at SUSE CVE-2026-4706 at NVD CVE-2026-4707 at SUSE CVE-2026-4707 at NVD CVE-2026-4708 at SUSE CVE-2026-4708 at NVD CVE-2026-4709 at SUSE CVE-2026-4709 at NVD CVE-2026-4710 at SUSE CVE-2026-4710 at NVD CVE-2026-4711 at SUSE CVE-2026-4711 at NVD CVE-2026-4712 at SUSE CVE-2026-4712 at NVD CVE-2026-4713 at SUSE CVE-2026-4713 at NVD CVE-2026-4714 at SUSE CVE-2026-4714 at NVD CVE-2026-4715 at SUSE CVE-2026-4715 at NVD CVE-2026-4716 at SUSE CVE-2026-4716 at NVD CVE-2026-4717 at SUSE CVE-2026-4717 at NVD CVE-2026-4718 at SUSE CVE-2026-4718 at NVD CVE-2026-4719 at SUSE CVE-2026-4719 at NVD CVE-2026-4720 at SUSE CVE-2026-4720 at NVD CVE-2026-4721 at SUSE CVE-2026-4721 at NVD cpe:/o:opensuse:leap:15.6 Security update for expat (Important) openSUSE Leap 15.6 This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value (bsc#1259726). - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711). - CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729). Important SUSE bug 1259711 SUSE bug 1259726 SUSE bug 1259729 CVE-2026-32776 at SUSE CVE-2026-32776 at NVD CVE-2026-32777 at SUSE CVE-2026-32777 at NVD CVE-2026-32778 at SUSE CVE-2026-32778 at NVD cpe:/o:opensuse:leap:15.6 Security update for util-linux (Moderate) openSUSE Leap 15.6 This update for util-linux fixes the following issues: - CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666). - lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682). Moderate SUSE bug 1254666 CVE-2025-14104 at SUSE CVE-2025-14104 at NVD cpe:/o:opensuse:leap:15.6 Security update for LibVNCServer (Important) openSUSE Leap 15.6 This update for LibVNCServer fixes the following issues: - CVE-2026-32853: crafted FramebufferUpdate message can lead to information disclosure or denial of service (bsc#1260431). - CVE-2026-32854: crafted HTTP requests can cause a denial of service (bsc#1260429). Important SUSE bug 1260429 SUSE bug 1260431 CVE-2026-32853 at SUSE CVE-2026-32853 at NVD CVE-2026-32854 at SUSE CVE-2026-32854 at NVD cpe:/o:opensuse:leap:15.6 Security update for tar (Important) openSUSE Leap 15.6 This update for tar fixes the following issue: - CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives (bsc#1246399). Important SUSE bug 1246399 CVE-2025-45582 at SUSE CVE-2025-45582 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-pyOpenSSL (Important) openSUSE Leap 15.6 This update for python-pyOpenSSL fixes the following issues: - CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804). - CVE-2026-27459: large cookie value can lead to a buffer overflow (bsc#1259808). Important SUSE bug 1259804 SUSE bug 1259808 CVE-2026-27448 at SUSE CVE-2026-27448 at NVD CVE-2026-27459 at SUSE CVE-2026-27459 at NVD cpe:/o:opensuse:leap:15.6 Security update for gimp (Important) openSUSE Leap 15.6 This update for gimp fixes the following issues: - CVE-2026-4150: PSD File Parsing Integer Overflow Remote Code Execution Vulnerability (bsc#1259979). - CVE-2026-4153: PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability (bsc#1259984). - CVE-2026-4154: XPM File Parsing Integer Overflow Remote Code Execution Vulnerability (bsc#1259986). Important SUSE bug 1259979 SUSE bug 1259984 SUSE bug 1259986 CVE-2026-4150 at SUSE CVE-2026-4150 at NVD CVE-2026-4153 at SUSE CVE-2026-4153 at NVD CVE-2026-4154 at SUSE CVE-2026-4154 at NVD cpe:/o:opensuse:leap:15.6 Security update for google-cloud-sap-agent (Important) openSUSE Leap 15.6 This update for google-cloud-sap-agent fixes the following issue: Update to google-cloud-sap-agent 3.12 (bsc#1259816): - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header (bsc#1260265). Changelog: * Collect WLM metric `saphanasr_angi_installed` for all OS types. * Failure handling: Remove attached disks from CG * OTE Status checks for Parameter Manager (SAP Agent) * Log command-line arguments in configureinstance. * Minor multiple reliability checks and fixes * Support custom names for restored disks in hanadiskrestore * Add newAttachedDisks to Restorer and detach them on restore failure. * Improve unit test coverage for hanadiskbackup and hanadiskrestore * Add support for refresh point tests. * Refactor HANA disk backup user validation and physical path parsing. * Auto updated compiled protocol buffers * Parameter Manager integration to SAP Agent * Modify collection logic for SAP HANA configuration files. * Update workloadagentplatform version and hash. * Update WLM Validation metrics to support SAPHanaSR-angi setups. * Increment agent version to 3.12. * SAP HANA Pacemaker failover settings can come from `SAPHanaController`. * Update collection for WLM metric `ha_sr_hook_configured`. * Refactor CheckTopology to accept instance number. * Use constant backoff with max retries for snapshot group operations. * Update workloadagentplatform dependency Important SUSE bug 1259816 SUSE bug 1260265 CVE-2026-33186 at SUSE CVE-2026-33186 at NVD cpe:/o:opensuse:leap:15.6 Security update for xen (Important) openSUSE Leap 15.6 This update for xen fixes the following issues: Security issues fixed: - CVE-2025-27466: NULL pointer dereference in the Viridian interface when updating the reference TSC area (bsc#1248807). - CVE-2025-58142: NULL pointer dereference in the Viridian interface due to assumption that the SIM page is mapped when a synthetic timer message has to be delivered (bsc#1248807). - CVE-2025-58143: information leak and reference counter underflow in the Viridian interface due to race in the mapping of the reference TSC page (bsc#1248807). - CVE-2025-58147: incorrect input sanitisation in Viridian hypercalls using the HV_VP_SET Sparse format can lead to out-of-bounds write through `vpmask_set()` (bsc#1251271). - CVE-2025-58148: incorrect input sanitisation in Viridian hypercalls using any input format can lead to out-of-bounds read through `send_ipi()` (bsc#1251271). - CVE-2025-58149: incorrect removal of permissions on PCI device unplug allows PV guests to access memory of devices no longer assigned to them (bsc#1252692). Other issues fixed: - Several upstream bug fixes (bsc#1027519). - Failure to restart xenstored (bsc#1254180). Important SUSE bug 1027519 SUSE bug 1248807 SUSE bug 1251271 SUSE bug 1252692 SUSE bug 1254180 CVE-2025-27466 at SUSE CVE-2025-27466 at NVD CVE-2025-58142 at SUSE CVE-2025-58142 at NVD CVE-2025-58143 at SUSE CVE-2025-58143 at NVD CVE-2025-58147 at SUSE CVE-2025-58147 at NVD CVE-2025-58148 at SUSE CVE-2025-58148 at NVD CVE-2025-58149 at SUSE CVE-2025-58149 at NVD cpe:/o:opensuse:leap:15.6 Security update for ovmf (Important) openSUSE Leap 15.6 This update for ovmf fixes the following issues: - CVE-2022-36765: Fixed integer overflow to buffer overflow via local network vulnerability (bsc#1218680). Important SUSE bug 1218680 CVE-2022-36765 at SUSE CVE-2022-36765 at NVD cpe:/o:opensuse:leap:15.6 Security update for ImageMagick (Important) openSUSE Leap 15.6 This update for ImageMagick fixes the following issues: - CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write (bsc#1259446). - CVE-2026-28494: missing bounds checks in the morphology kernel parsing functions can lead to a stack buffer overflow (bsc#1259447). - CVE-2026-28686: undersized output buffer allocation in the PCL encoder can lead to a heap buffer overflow (bsc#1259448). - CVE-2026-28687: heap use-after-free vulnerability in the MSL decoder via a crafted MSL file (bsc#1259450). - CVE-2026-28688: heap use-after-free in the MSL encoder when a cloned image is destroyed twice (bsc#1259451). - CVE-2026-28689: `domain='path'` authorization is checked before final file open/use and allows for read/write bypass via symlink swaps (bsc#1259452). - CVE-2026-28690: missing bounds check in the MNG encoder can lead to a stack buffer overflow (bsc#1259456). - CVE-2026-28691: missing check in the JBIG decoder can lead to an uninitialized pointer dereference (bsc#1259455). - CVE-2026-28692: 32-bit integer overflow in MAT decoder can lead to a heap buffer over-read (bsc#1259457). - CVE-2026-28693: integer overflow in the DIB coder can lead to an out-of-bounds read or write (bsc#1259466). - CVE-2026-30883: missing bounds check when encoding a PNG image can lead to a heap buffer over-write (bsc#1259467). - CVE-2026-30929: improper use of fixed-size stack buffer in `MagnifyImage`can lead to a stack buffer overflow (bsc#1259468). - CVE-2026-30935: heap-based buffer over-read in BilateralBlurImage (bsc#1259497). - CVE-2026-30936: Heap Buffer Overflow in WaveletDenoiseImage (bsc#1259464). - CVE-2026-30937: Heap buffer overflow in XWD encoder due to CARD32 arithmetic overflow (bsc#1259463). - CVE-2026-31853: heap buffer overflow leads to crash in the SFW decoder of 32-bit systems when processing extremely large images (bsc#1259528). - CVE-2026-32259: memory allocation fails can lead to out of bound write (bsc#1259612). - CVE-2026-32636: Denial of Service via out-of-bounds write in NewXMLTree method (bsc#1259872). - CVE-2026-33535: Out-of-Bounds write of a zero byte in X11 display interaction (bsc#1260874). - CVE-2026-33536: Denial of Service via out-of-bounds write (bsc#1260879). Important SUSE bug 1259446 SUSE bug 1259447 SUSE bug 1259448 SUSE bug 1259450 SUSE bug 1259451 SUSE bug 1259452 SUSE bug 1259455 SUSE bug 1259456 SUSE bug 1259457 SUSE bug 1259463 SUSE bug 1259464 SUSE bug 1259466 SUSE bug 1259467 SUSE bug 1259468 SUSE bug 1259497 SUSE bug 1259528 SUSE bug 1259612 SUSE bug 1259872 SUSE bug 1260874 SUSE bug 1260879 CVE-2026-28493 at SUSE CVE-2026-28493 at NVD CVE-2026-28494 at SUSE CVE-2026-28494 at NVD CVE-2026-28686 at SUSE CVE-2026-28686 at NVD CVE-2026-28687 at SUSE CVE-2026-28687 at NVD CVE-2026-28688 at SUSE CVE-2026-28688 at NVD CVE-2026-28689 at SUSE CVE-2026-28689 at NVD CVE-2026-28690 at SUSE CVE-2026-28690 at NVD CVE-2026-28691 at SUSE CVE-2026-28691 at NVD CVE-2026-28692 at SUSE CVE-2026-28692 at NVD CVE-2026-28693 at SUSE CVE-2026-28693 at NVD CVE-2026-30883 at SUSE CVE-2026-30883 at NVD CVE-2026-30929 at SUSE CVE-2026-30929 at NVD CVE-2026-30935 at SUSE CVE-2026-30935 at NVD CVE-2026-30936 at SUSE CVE-2026-30936 at NVD CVE-2026-30937 at SUSE CVE-2026-30937 at NVD CVE-2026-31853 at SUSE CVE-2026-31853 at NVD CVE-2026-32259 at SUSE CVE-2026-32259 at NVD CVE-2026-32636 at SUSE CVE-2026-32636 at NVD CVE-2026-33535 at SUSE CVE-2026-33535 at NVD CVE-2026-33536 at SUSE CVE-2026-33536 at NVD cpe:/o:opensuse:leap:15.6 Security update for python (Important) openSUSE Leap 15.6 This update for python fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). - CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). - CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). - CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). Important SUSE bug 1259611 SUSE bug 1259734 SUSE bug 1259735 SUSE bug 1260026 CVE-2025-13462 at SUSE CVE-2025-13462 at NVD CVE-2026-3644 at SUSE CVE-2026-3644 at NVD CVE-2026-4224 at SUSE CVE-2026-4224 at NVD CVE-2026-4519 at SUSE CVE-2026-4519 at NVD cpe:/o:opensuse:leap:15.6 Security update for openssl-3 (Important) openSUSE Leap 15.6 This update for openssl-3 fixes the following issues: - CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). - CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). - CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). - CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445). Important SUSE bug 1260441 SUSE bug 1260442 SUSE bug 1260443 SUSE bug 1260444 SUSE bug 1260445 CVE-2026-28387 at SUSE CVE-2026-28387 at NVD CVE-2026-28388 at SUSE CVE-2026-28388 at NVD CVE-2026-28389 at SUSE CVE-2026-28389 at NVD CVE-2026-31789 at SUSE CVE-2026-31789 at NVD CVE-2026-31790 at SUSE CVE-2026-31790 at NVD cpe:/o:opensuse:leap:15.6 Security update for freerdp (Important) openSUSE Leap 15.6 This update for freerdp fixes the following issue: - CVE-2026-24684: Heap-use-after-free in play_thread (bsc#1257991). Important SUSE bug 1257991 CVE-2026-24684 at SUSE CVE-2026-24684 at NVD cpe:/o:opensuse:leap:15.6 Recommended update for shadow (Important) openSUSE Leap 15.6 This update for shadow fixes the following issues: shadow is updated to 4.17.2 to bring lots of features and bug fixes. - util-linux-2.41 introduced new variable: LOGIN_ENV_SAFELIST. Recognize it and update dependencies. - Set SYS_{UID,GID}_MIN to 201: After repeated similar requests to change the ID ranges we set the above mentioned value to 201. The max value will stay at 499. This range should be sufficient and will give us leeway for the future. It's not straightforward to find out which static UIDs/GIDs are used in all packages. Update to 4.17.2: * src/login_nopam.c: Fix compiler warnings #1170 * lib/chkname.c: Put limits for LOGIN_NAME_MAX and sysconf(_SC_LOGIN_NAME_MAX) #1169 * Use HTTPS in link to Wikipedia article on password strength #1164 * lib/attr.h: use C23 attributes only with gcc >= 10 #1172 * login: Fix no-pam authorization regression #1174 * man: Add Portuguese translation #1178 * Update French translation #1177 * Add cheap defense mechanisms #1171 * Add Romanian translation #1176 Update to 4.17.1: * Fix `su -` regression #1163 Update to 4.17.0: * Fix the lower part of the domain of csrand_uniform() * Fix use of volatile pointer * Use str2[u]l() instead of atoi(3) * Use a2i() in various places * Fix const correctness * Use uid_t for holding UIDs (and GIDs) * Move all sprintf(3)-like APIs to a subdirectory * Move all copying APIs to a subdirectory * Fix forever loop on ENOMEM * Fix REALLOC() nmemb calculation * Remove id(1) * Remove groups(1) * Use local time for human-readable dates * Use %F instead of %Y-%m-%d with strftime(3) * is_valid{user,group}_name(): Set errno to distinguish the reasons * Recommend --badname only if it is useful * Add fmkomstemp() to fix mode of /etc/default/useradd * Fix use-after-free bug in sgetgrent() * Update Catalan translation * Remove references to cppw, cpgr * groupadd, groupmod: Update gshadow file with -U * Added option -a for listing active users only, optimized using if aflg,return * Added information in lastlog man page for new option '-a' * Plenty of code cleanup and clarifications - Disable flushing sssd caches. The sssd's files provider is no longer available. Update to 4.16.0: * The shadow implementations of id(1) and groups(1) are deprecated in favor of the GNU coreutils and binutils versions. They will be removed in 4.17.0. * The rlogind implementation has been removed. * The libsubid major version has been bumped, since it now requires specification of the module's free() implementation. Update to 4.15.1: * Fix a bug that caused spurious error messages about unknown login.defs configuration options #967 * Adding checks for fd omission #964 * Use temporary stat buffer #974 * Fix wrong french translation #975 Update to 4.15.0 * libshadow: + Use utmpx instead of utmp. This fixes a regression introduced in 4.14.0. + Fix build error (parameter name omitted). * Build system: + Link correctly with libdl. + Install pam configs for chpasswd(8) and newusers(8) when using ./configure --with-libpam --disable-account-tools-setuid. + Merge libshadow and libmisc into a single libshadow. This fixes problems in the linker, which were reported at least in Gentoo. + Fix build with musl libc. + Support out of tree builds * useradd(8): + Set proper SELinux labels for def_usrtemplate Update to 4.14.6: * login(1): + Fix off-by-one bugs. * passwd(1): + Don't silently truncate passwords of length >= 200 characters. Instead, accept a length of PASS_MAX, and reject longer ones. * libshadow: + Fix calculation in strtoday(), which caused a wrong half-day offset in some cases (bsc#1176006) + Fix parsing of dates in get_date() (bsc#1176006) + Use utmpx instead of utmp. This fixes a regression introduced in 4.14.0. Update to 4.14.5: * Build system: + Fix regression introduced in 4.14.4, due to a typo. chgpasswd had been deleted from a Makefile variable, but it should have been chpasswd. Update to 4.14.4: * Build system: + Link correctly with libdl. + Install pam configs for chpasswd(8) and newusers(8) when using ./configure --with-libpam --disable-account-tools-setuid. * libshadow: + Fix build error (parameter name omitted). + Fix off-by-one bug. + Remove warning. Update to 4.14.3: * libshadow: Avoid null pointer dereference (#904) * Remove pam_keyinit from PAM configuration. (bsc#1199026 bsc#1203823) This was introduced for bsc#1144060. Update to 4.14.2: * libshadow: + Fix build with musl libc. + Avoid NULL dereference. + Update utmp at an initial login * useradd(8): + Set proper SELinux labels for def_usrtemplate * Manual: + Document --prefix in chage(1), chpasswd(8), and passwd(1) Update to 4.14.1: Build system: Merge libshadow and libmisc into a single libshadow. This fixes problems in the linker, which were reported at least in Gentoo. #791 - Set proper SELinux labels for new homedirs. Update to 4.14.0: * configure: add with-libbsd option * Code cleanup * Replace utmp interface #757 * new option enable-logind #674 * shadow userdel: add the adaptation to the busybox ps in 01-kill_user_procs.sh * chsh: warn if root sets a shell not listed in /etc/shells #535 * newgrp: fix potential string injection * lastlog: fix alignment of Latest header * Fix yescrypt support #748 * chgpasswd: Fix segfault in command-line options * gpasswd: Fix password leak (bsc#1214806, CVE-2023-4641) * Add --prefix to passwd, chpasswd and chage #714 (bsc#1206627) * usermod: fix off-by-one issues #701 * ch(g)passwd: Check selinux permissions upon startup #675 * sub_[ug]id_{add,remove}: fix return values * chsh: Verify that login shell path is absolute #730 * process_prefix_flag: Drop privileges * run_parts for groupadd and groupdel #706 * newgrp/useradd: always set SIGCHLD to default * useradd/usermod: add --selinux-range argument #698 * sssd: skip flushing if executable does not exist #699 * semanage: Do not set default SELinux range #676 * Add control character check #687 * usermod: respect --prefix for --gid option * Fix null dereference in basename * newuidmap and newgidmap: support passing pid as fd * Prevent out of boundary access #633 * Explicitly override only newlines #633 * Correctly handle illegal system file in tz #633 * Supporting vendor given -shells- configuration file #599 * Warn if failed to read existing /etc/nsswitch.conf * chfn: new_fields: fix wrong fields printed * Allow supplementary groups to be added via config file #586 * useradd: check if subid range exists for user #592 (rh#2012929) - Rename lastlog to lastlog.legacy to be able to switch to Y2038 safe lastlog2 as default [jsc#PED-3144] - bsc#1205502: Fix useradd audit event logging of ID field Update to 4.13: * useradd.8: fix default group ID * Revert drop of subid_init() * Georgian translation * useradd: Avoid taking unneeded space: do not reset non-existent data in lastlog * relax username restrictions * selinux: check MLS enabled before setting serange * copy_tree: use fchmodat instead of chmod * copy_tree: don't block on FIFOs * add shell linter * copy_tree: carefully treat permissions * lib/commonio: make lock failures more detailed * lib: use strzero and memzero where applicable * Update Dutch translation * Don't test for NULL before calling free * Use libc MAX() and MIN() * chage: Fix regression in print_date * usermod: report error if homedir does not exist * libmisc: minimum id check for system accounts * fix usermod -rG x y wrongly adding a group * man: add missing space in useradd.8.xml * lastlog: check for localtime() return value * Raise limit for passwd and shadow entry length * Remove adduser-old.c * useradd: Fix buffer overflow when using a prefix * Don't warn when failed to open /etc/nsswitch.conf Update to 4.12.3: Revert removal of subid_init, which should have bumped soname. So note that 4.12 through 4.12.2 were broken for subid users. Update to 4.12.2: * Address CVE-2013-4235 (TOCTTOU when copying directories) [bsc#916845] Update to 4.12.1: * Fix uk manpages Update to 4.12: * Add absolute path hint to --root * Various cleanups * Fix Ubuntu release used in CI tests * add -F options to userad * useradd manpage updates * Check for ownerid (not just username) in subid ranges * Declare file local functions static * Use strict prototypes * Do not drop const qualifier for Basename * Constify various pointers * Don't return uninitialized memory * Don't let compiler optimize away memory cleaning * Remove many obsolete compatibility checks and defines * Modify ID range check in useradd * Use 'extern 'C'' to make libsubid easier to use from C++ * French translation updates * Fix s/with-pam/with-libpam/ * Spanish translation updates * French translation fixes * Default max group name length to 32 * Fix PAM service files without-selinux * Improve manpages - groupadd, useradd, usermod - groups and id - pwck * Fix condition under which pw_dir check happens * logoutd: switch to strncat * AUTHORS: improve markdown output * Handle ERANGE errors correctly * Check for fopen NULL return * Split get_salt() into its own fn juyin) * Get salt before chroot to ensure /dev/urandom. * Chpasswd code cleanup * Work around git safe.directory enforcement * Alphabetize order in usermod help * Erase password copy on error branches * Suggest using --badname if needed * Update translation files * Correct badnames option to badname * configure: replace obsolete autoconf macros * tests: replace egrep with grep -E * Update Ukrainian translations * Cleanups - Remove redeclared variable - Remove commented out code and FIXMEs - Add header guards - Initialize local variables * CI updates - Create github workflow to install dependencies - Enable CodeQL - Update actions version * libmisc: use /dev/urandom as fallback if other methods fail Provide /etc/login.defs.d on SLE15 since we support and use it Update to 4.11.1: * build: include lib/shadowlog_internal.h in dist tarballs Update to 4.11: * Handle possible TOCTTOU issues in usermod/userdel - (CVE-2013-4235) - Use O_NOFOLLOW when copying file - Kill all user tasks in userdel * Fix useradd -D segfault * Clean up obsolete libc feature-check ifdefs * Fix -fno-common build breaks due to duplicate Prog declarations * Have single date_to_str definition * Fix libsubid SONAME version * Clarify licensing info, use SPDX. Update to 4.10: * From this release forward, su from this package should be considered deprecated. Please replace any users of it with su rom util-linux * libsubid fixes * Rename the test program list_subid_ranges to getsubids, write a manpage, so distros can ship it. * Add libeconf dep for new*idmap * Allow all group types with usermod -G * Avoid useradd generating empty subid range * Handle NULL pw_passwd * Fix default value SHA_get_salt_rounds * Use https where possible in README * Update content and format of README * Translation updates * Switch from xml2po to itstool in 'make dist' * Fix double frees * Add LOG_INIT configurable to useradd * Add CREATE_MAIL_SPOOL documentation * Create a security.md * Fix su never being SIGKILLd when trapping TERM * Fix wrong SELinux labels in several possible cases * Fix missing chmod in chadowtb_move * Handle malformed hushlogins entries * Fix groupdel segv when passwd does not exist * Fix covscan-found newgrp segfault * Remove trailing slash on hoedir * Fix passwd -l message - it does not change expirey * Fix SIGCHLD handling bugs in su and vipw * Remove special case for '' in usermod * Implement usermod -rG to remove a specific group * call pam_end() after fork in child path for su and login * useradd: In absence of /etc/passwd, assume 0 == root * lib: check NULL before freeing data * Fix pwck segfault - Really enable USERGROUPS_ENAB [bsc#1189139]. Added hardening to systemd service(s) (bsc#1181400). * Add LOGIN_KEEP_USERNAME to login.defs. * Remove PREVENT_NO_AUTH from login.defs. Only used by the unpackaged login and su. * Remove variables BCRYPT_MIN_ROUNDS, BCRYPT_MAX_ROUNDS, YESCRYPT_COST_FACTOR, not supported by the current configuratiton. * login.defs: Enable USERGROUPS_ENAB and CREATE_HOME to be compatible with other Linux distros and the other tools creating user accounts in use on openSUSE. Set HOME_MODE to 700 for security reasons and compatibility. [bsc#1189139] [bsc#1182850] Update to 4.9: * Updated translations * Major salt updates * Various coverity and cleanup fixes * Consistently use 0 to disable PASS_MIN_DAYS in man * Implement NSS support for subids and a libsubid * setfcap: retain setfcap when mapping uid 0 * login.defs: include HMAC_CRYPTO_ALGO key * selinux fixes * Fix path prefix path handling * Manpage updates * Treat an empty passwd field as invalid(Haelwenn Monnier) * newxidmap: allow running under alternative gid * usermod: check that shell is executable * Add yescript support * useradd memleak fixes * useradd: use built-in settings by default * getdefs: add foreign * buffer overflow fixes * Adding run-parts style for pre and post useradd/del - login.defs/MOTD_FILE: Use '' instead of blank entry [bsc#1187536] - Add /etc/login.defs.d directory - Enable shadowgrp so that we can set more secure group passwords using shadow. - Disable MOTD_FILE to allow the use of pam_motd to unify motd message output [bsc#1185897]. Else motd entries of e.g. cockpit will not be shown. Important SUSE bug 1144060 SUSE bug 1176006 SUSE bug 1181400 SUSE bug 1182850 SUSE bug 1185897 SUSE bug 1187536 SUSE bug 1189139 SUSE bug 1199026 SUSE bug 1203823 SUSE bug 1205502 SUSE bug 1206627 SUSE bug 1214806 SUSE bug 1246052 SUSE bug 916845 CVE-2013-4235 at SUSE CVE-2013-4235 at NVD CVE-2023-4641 at SUSE CVE-2023-4641 at NVD cpe:/o:opensuse:leap:15.6 Security update for tigervnc (Important) openSUSE Leap 15.6 This update for tigervnc fixes the following issues: - CVE-2026-34352: Fixed permissions to prevent other users from observing the screen, or modifying what is sent to the client. (bsc#1260871) Important SUSE bug 1260871 CVE-2026-34352 at SUSE CVE-2026-34352 at NVD cpe:/o:opensuse:leap:15.6 Security update for openssl-1_0_0 (Important) openSUSE Leap 15.6 This update for openssl-1_0_0 fixes the following issues: - CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441). - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). - CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). - CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444). - CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445). Important SUSE bug 1260441 SUSE bug 1260442 SUSE bug 1260443 SUSE bug 1260444 SUSE bug 1260445 CVE-2026-28387 at SUSE CVE-2026-28387 at NVD CVE-2026-28388 at SUSE CVE-2026-28388 at NVD CVE-2026-28389 at SUSE CVE-2026-28389 at NVD CVE-2026-31789 at SUSE CVE-2026-31789 at NVD CVE-2026-31790 at SUSE CVE-2026-31790 at NVD cpe:/o:opensuse:leap:15.6 Security update for python312 (Important) openSUSE Leap 15.6 This update for python312 fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). - CVE-2026-3479: improper resource argument validation in `pkgutil.get_data()` can lead to path traversal (bsc#1259989). - CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). - CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). - CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). Important SUSE bug 1259611 SUSE bug 1259734 SUSE bug 1259735 SUSE bug 1259989 SUSE bug 1260026 CVE-2025-13462 at SUSE CVE-2025-13462 at NVD CVE-2026-3479 at SUSE CVE-2026-3479 at NVD CVE-2026-3644 at SUSE CVE-2026-3644 at NVD CVE-2026-4224 at SUSE CVE-2026-4224 at NVD CVE-2026-4519 at SUSE CVE-2026-4519 at NVD cpe:/o:opensuse:leap:15.6 Security update for python39 (Important) openSUSE Leap 15.6 This update for python39 fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo when GNU long name and type AREGTYPE are combined can lead to misinterpretation of tar archives (bsc#1259611). - CVE-2026-3644: incomplete control character validation in http.cookies can lead to input validation bypass (bsc#1259734). - CVE-2026-4224: parsing XML with deeply nested DTD content models can lead to C stack overflow (bsc#1259735). - CVE-2026-4519: failure to sanitize leading dashes in URLs in the `webbrowser.open()` API can lead to web browser command line option injection (bsc#1260026). Important SUSE bug 1259611 SUSE bug 1259734 SUSE bug 1259735 SUSE bug 1260026 CVE-2025-13462 at SUSE CVE-2025-13462 at NVD CVE-2026-3644 at SUSE CVE-2026-3644 at NVD CVE-2026-4224 at SUSE CVE-2026-4224 at NVD CVE-2026-4519 at SUSE CVE-2026-4519 at NVD cpe:/o:opensuse:leap:15.6 Security update for python310 (Moderate) openSUSE Leap 15.6 This update for python310 fixes the following issues: - CVE-2025-12084: quadratic complexity when building nested elements using `xml.dom.minidom` methods that depend on `_clear_id_cache()` can lead to availability issues when building excessively nested documents (bsc#1254997). - CVE-2025-13836: use of `Content-Length` by default when reading an HTTP response with no read amount specified can lead to OOM issues and DoS when a client deals with a malicious server (bsc#1254400). - CVE-2025-13837: data read by the plistlib module according to the size specified by the file itself can lead to OOM issues and DoS (bsc#1254401). Moderate SUSE bug 1254400 SUSE bug 1254401 SUSE bug 1254997 CVE-2025-12084 at SUSE CVE-2025-12084 at NVD CVE-2025-13836 at SUSE CVE-2025-13836 at NVD CVE-2025-13837 at SUSE CVE-2025-13837 at NVD cpe:/o:opensuse:leap:15.6 Security update for libssh (Moderate) openSUSE Leap 15.6 This update for libssh fixes the following issues: - CVE-2026-3731: Denial of Service via out-of-bounds read in SFTP extension name handler (bsc#1259377). Moderate SUSE bug 1259377 CVE-2026-3731 at SUSE CVE-2026-3731 at NVD cpe:/o:opensuse:leap:15.6 Security update for bind (Important) openSUSE Leap 15.6 This update for bind fixes the following issues: - CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations (bsc#1260805). Important SUSE bug 1260805 CVE-2026-1519 at SUSE CVE-2026-1519 at NVD cpe:/o:opensuse:leap:15.6 Security update for ignition (Important) openSUSE Leap 15.6 This update for ignition fixes the following issue: - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 `:path` pseudo-header (bsc#1260251). Important SUSE bug 1260251 CVE-2026-33186 at SUSE CVE-2026-33186 at NVD cpe:/o:opensuse:leap:15.6 Security update for clamav (Moderate) openSUSE Leap 15.6 This update for clamav fixes the following issues: Update to clamav 1.5.2: Security issue: - CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of service conditions via a crafted HTML file (bsc#1259207). Non security issue: - Support transactional updates (jsc#PED-14819). Changelog: * Fixed a possible infinite loop when scanning some JPEG files by upgrading affected ClamAV dependency, a Rust image library. * The CVD verification process will now ignore certificate files in the CVD certs directory when the user lacks read permissions. * Freshclam: Fix CLD verification bug with PrivateMirror option. * Upgraded the Rust bytes dependency to a newer version to resolve RUSTSEC-2026-0007 advisory. * Fixed a possible crash caused by invalid pointer alignment on some platforms. * Minimal required Rust version is now 1.87. Moderate SUSE bug 1221954 SUSE bug 1258072 SUSE bug 1259207 CVE-2026-20031 at SUSE CVE-2026-20031 at NVD cpe:/o:opensuse:leap:15.6 Security update for xwayland (Important) openSUSE Leap 15.6 This update for xwayland fixes the following issues: - CVE-2026-33999: XKB integer underflow in XkbSetCompatMap() (bsc#1260922). - CVE-2026-34000: XKB out-of-bounds read in CheckSetGeom() (bsc#1260923). - CVE-2026-34001: XSYNC use-after-free in miSyncTriggerFence() (bsc#1260924). - CVE-2026-34002: XKB out-of-bounds read in CheckModifierMap() (bsc#1260925). - CVE-2026-34003: XKB buffer overflow in CheckKeyTypes() (bsc#1260926). Important SUSE bug 1260922 SUSE bug 1260923 SUSE bug 1260924 SUSE bug 1260925 SUSE bug 1260926 CVE-2026-33999 at SUSE CVE-2026-33999 at NVD CVE-2026-34000 at SUSE CVE-2026-34000 at NVD CVE-2026-34001 at SUSE CVE-2026-34001 at NVD CVE-2026-34002 at SUSE CVE-2026-34002 at NVD CVE-2026-34003 at SUSE CVE-2026-34003 at NVD cpe:/o:opensuse:leap:15.6 Security update for xorg-x11-server (Important) openSUSE Leap 15.6 This update for xorg-x11-server fixes the following issues: - CVE-2026-33999: XKB integer underflow in XkbSetCompatMap() (bsc#1260922). - CVE-2026-34000: XKB out-of-bounds read in CheckSetGeom() (bsc#1260923). - CVE-2026-34001: XSYNC use-after-free in miSyncTriggerFence() (bsc#1260924). - CVE-2026-34002: XKB out-of-bounds read in CheckModifierMap() (bsc#1260925). - CVE-2026-34003: XKB buffer overflow in CheckKeyTypes() (bsc#1260926). Important SUSE bug 1260922 SUSE bug 1260923 SUSE bug 1260924 SUSE bug 1260925 SUSE bug 1260926 CVE-2026-33999 at SUSE CVE-2026-33999 at NVD CVE-2026-34000 at SUSE CVE-2026-34000 at NVD CVE-2026-34001 at SUSE CVE-2026-34001 at NVD CVE-2026-34002 at SUSE CVE-2026-34002 at NVD CVE-2026-34003 at SUSE CVE-2026-34003 at NVD cpe:/o:opensuse:leap:15.6 Security update for buildah (Important) openSUSE Leap 15.6 This update for buildah fixes the following issues: - CVE-2025-47914: golang.org/x/crypto/ssh/agent: Fixed out of bounds read caused by non validated message size (bsc#1254054) - CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253598) Important SUSE bug 1253598 SUSE bug 1254054 CVE-2025-47913 at SUSE CVE-2025-47913 at NVD CVE-2025-47914 at SUSE CVE-2025-47914 at NVD cpe:/o:opensuse:leap:15.6 Security update for pgadmin4 (Important) openSUSE Leap 15.6 This update for pgadmin4 fixes the following issues: - CVE-2025-12765: insufficient checks in the LDAP authentication flow allow a for bypass of TLS certificate validation that can lead to the stealing of bind credentials and the altering of directory responses (bsc#1253478). - CVE-2025-12764: improper validation of characters in a username allows for LDAP injections that force the processing of unusual amounts of data and leads to a DoS (bsc#1253477). Important SUSE bug 1253477 SUSE bug 1253478 CVE-2025-12764 at SUSE CVE-2025-12764 at NVD CVE-2025-12765 at SUSE CVE-2025-12765 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaThunderbird (Critical) openSUSE Leap 15.6 This update for MozillaThunderbird fixes the following issues: MFSA 2026-05 (bsc#1256340): - CVE-2026-0877: Mitigation bypass in the DOM in Security component - CVE-2026-0878: Sandbox escape due to incorrect boundary conditions in the Graphics in CanvasWebGL component - CVE-2026-0879: Sandbox escape due to incorrect boundary conditions in the Graphics component - CVE-2026-0880: Sandbox escape due to integer overflow in the Graphics component - CVE-2026-0882: Use-after-free in the IPC component - CVE-2025-14327: Spoofing issue in the Downloads Panel component - CVE-2026-0883: Information disclosure in the Networking component - CVE-2026-0884: Use-after-free in the JavaScript Engine component - CVE-2026-0885: Use-after-free in the JavaScript: GC component - CVE-2026-0886: Incorrect boundary conditions in the Graphics component - CVE-2026-0887: Clickjacking issue, information disclosure in the PDF Viewer component - CVE-2026-0890: Spoofing issue in the DOM in Copy & Paste and Drag & Drop component - CVE-2026-0891: Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147 Critical SUSE bug 1256340 CVE-2025-14327 at SUSE CVE-2025-14327 at NVD CVE-2026-0877 at SUSE CVE-2026-0877 at NVD CVE-2026-0878 at SUSE CVE-2026-0878 at NVD CVE-2026-0879 at SUSE CVE-2026-0879 at NVD CVE-2026-0880 at SUSE CVE-2026-0880 at NVD CVE-2026-0882 at SUSE CVE-2026-0882 at NVD CVE-2026-0883 at SUSE CVE-2026-0883 at NVD CVE-2026-0884 at SUSE CVE-2026-0884 at NVD CVE-2026-0885 at SUSE CVE-2026-0885 at NVD CVE-2026-0886 at SUSE CVE-2026-0886 at NVD CVE-2026-0887 at SUSE CVE-2026-0887 at NVD CVE-2026-0890 at SUSE CVE-2026-0890 at NVD CVE-2026-0891 at SUSE CVE-2026-0891 at NVD cpe:/o:opensuse:leap:15.6 Security update for libsoup (Important) openSUSE Leap 15.6 This update for libsoup fixes the following issues: - CVE-2025-12105: Fixed heap use-after-free in message queue handling during HTTP/2 read completion (bsc#1252555) Important SUSE bug 1252555 CVE-2025-12105 at SUSE CVE-2025-12105 at NVD cpe:/o:opensuse:leap:15.6 Security update for glib2 (Important) openSUSE Leap 15.6 This update for glib2 fixes the following issues: - CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote filesystem attribute values can lead to denial-of-service (bsc#1254878). - CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()`functions when processing attacker-influenced data may lead to crash or code execution (bsc#1254662). - CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a large number of unacceptable characters may lead to crash or code execution (bsc#1254297). Important SUSE bug 1254297 SUSE bug 1254662 SUSE bug 1254878 CVE-2025-13601 at SUSE CVE-2025-13601 at NVD CVE-2025-14087 at SUSE CVE-2025-14087 at NVD CVE-2025-14512 at SUSE CVE-2025-14512 at NVD cpe:/o:opensuse:leap:15.6 Security update for ffmpeg-4 (Important) openSUSE Leap 15.6 This update for ffmpeg-4 fixes the following issues: - CVE-2023-6601: Fixed HLS Unsafe File Extension Bypass (bsc#1220545). - CVE-2025-63757: Fixed integer overflow in yuv2ya16_X_c_template() (bsc#1255392). Important SUSE bug 1220545 SUSE bug 1255392 CVE-2023-6601 at SUSE CVE-2023-6601 at NVD CVE-2025-63757 at SUSE CVE-2025-63757 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-FontTools (Moderate) openSUSE Leap 15.6 This update for python-FontTools fixes the following issues: - CVE-2025-66034: Fixed arbitrary file write vulnerability that could lead to remote code execution (bsc#1254366). Moderate SUSE bug 1254366 CVE-2025-66034 at SUSE CVE-2025-66034 at NVD cpe:/o:opensuse:leap:15.6 Security update for apache2 (Important) openSUSE Leap 15.6 This update for apache2 fixes the following issues: - CVE-2025-55753: Fixed mod_md (ACME) unintended retry intervals (bsc#1254511) - CVE-2025-65082: Fixed CGI environment variable override (bsc#1254514) - CVE-2025-58098: Fixed Server Side Includes adding query string to #exec cmd=... (bsc#1254512) - CVE-2025-66200: Fixed mod_userdir+suexec bypass via AllowOverride FileInfo (bsc#1254515) Important SUSE bug 1254511 SUSE bug 1254512 SUSE bug 1254514 SUSE bug 1254515 CVE-2025-55753 at SUSE CVE-2025-55753 at NVD CVE-2025-58098 at SUSE CVE-2025-58098 at NVD CVE-2025-65082 at SUSE CVE-2025-65082 at NVD CVE-2025-66200 at SUSE CVE-2025-66200 at NVD cpe:/o:opensuse:leap:15.6 Security update for webkit2gtk3 (Important) openSUSE Leap 15.6 This update for webkit2gtk3 fixes the following issues: Update to version 2.50.4. Security issues fixed: - CVE-2025-13502: processing of maliciously crafted payloads by the GLib remote inspector server may lead to a UIProcess crash due to an out-of-bounds read and an integer underflow (bsc#1254208). - CVE-2025-13947: use of the file drag-and-drop mechanism may lead to remote information disclosure due to a lack of verification of the origins of drag operations (bsc#1254473). - CVE-2025-14174: processing maliciously crafted web content may lead to memory corruption due to improper validation (bsc#1255497). - CVE-2025-43392: websites may exfiltrate image data cross-origin due to issues with cache handling (bsc#1254165). - CVE-2025-43421: processing maliciously crafted web content may lead to an unexpected process crash due to enabled array allocation sinking (bsc#1254167). - CVE-2025-43425: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1254168). - CVE-2025-43427: processing maliciously crafted web content may lead to an unexpected process crash due to issues with state management (bsc#1254169). - CVE-2025-43429: processing maliciously crafted web content may lead to an unexpected process crash due to a buffer overflow issue (bsc#1254174). - CVE-2025-43430: processing maliciously crafted web content may lead to an unexpected process crash due to issues with state management (bsc#1254172). - CVE-2025-43431: processing maliciously crafted web content may lead to memory corruption due to improper memory handling (bsc#1254170). - CVE-2025-43432: processing maliciously crafted web content may lead to an unexpected process crash due to a use-after-free issue (bsc#1254171). - CVE-2025-43434: processing maliciously crafted web content may lead to an unexpected process crash due to a use-after-free issue (bsc#1254179). - CVE-2025-43440: processing maliciously crafted web content may lead to an unexpected process crash due to missing checks (bsc#1254177). - CVE-2025-43443: processing maliciously crafted web content may lead to an unexpected process crash due to missing checks (bsc#1254176). - CVE-2025-43458: processing maliciously crafted web content may lead to an unexpected process crash due to issues with state management (bsc#1254498). - CVE-2025-43501: processing maliciously crafted web content may lead to an unexpected process crash due to a buffer overflow issue (bsc#1255194). - CVE-2025-43529: processing maliciously crafted web content may lead to arbitrary code execution due to a use-after-free issue (bsc#1255198). - CVE-2025-43531: processing maliciously crafted web content may lead to an unexpected process crash due to a race condition (bsc#1255183). - CVE-2025-43535: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1255195). - CVE-2025-43536: processing maliciously crafted web content may lead to an unexpected process crash due to a use-after-free issue (bsc#1255200). - CVE-2025-43541: processing maliciously crafted web content may lead to an unexpected process crash due to type confusion (bsc#1255191). - CVE-2025-66287: processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling (bsc#1254509). Other issues fixed and changes: - Version 2.50.4: * Correctly handle the program name passed to the sleep disabler. * Ensure GStreamer is initialized before using the Quirks. * Fix several crashes and rendering issues. - Version 2.50.3: * Fix seeking and looping of media elements that set the 'loop' property. * Fix several crashes and rendering issues. - Version 2.50.2: * Prevent unsafe URI schemes from participating in media playback. * Make jsc_value_array_buffer_get_data() function introspectable. * Fix logging in to Google accounts that have a WebAuthn second factor configured. * Fix loading webkit://gpu when there are no threads configured for GPU rendering. * Fix rendering gradiants that use the CSS hue interpolation method. * Fix pasting image data from the clipboard. * Fix font-family selection when the font name contains spaces. * Fix the build with standard C libraries that lack execinfo.h, like Musl or uClibc. * Fix capturing canvas snapshots in the Web Inspector. * Fix several crashes and rendering issues. - Fix a11y regression where AT-SPI roles were mapped incorrectly. Important SUSE bug 1254164 SUSE bug 1254165 SUSE bug 1254166 SUSE bug 1254167 SUSE bug 1254168 SUSE bug 1254169 SUSE bug 1254170 SUSE bug 1254171 SUSE bug 1254172 SUSE bug 1254174 SUSE bug 1254175 SUSE bug 1254176 SUSE bug 1254177 SUSE bug 1254179 SUSE bug 1254208 SUSE bug 1254473 SUSE bug 1254498 SUSE bug 1254509 SUSE bug 1255183 SUSE bug 1255191 SUSE bug 1255194 SUSE bug 1255195 SUSE bug 1255198 SUSE bug 1255200 SUSE bug 1255497 CVE-2023-43000 at SUSE CVE-2023-43000 at NVD CVE-2025-13502 at SUSE CVE-2025-13502 at NVD CVE-2025-13947 at SUSE CVE-2025-13947 at NVD CVE-2025-14174 at SUSE CVE-2025-14174 at NVD CVE-2025-43392 at SUSE CVE-2025-43392 at NVD CVE-2025-43419 at SUSE CVE-2025-43419 at NVD CVE-2025-43421 at SUSE CVE-2025-43421 at NVD CVE-2025-43425 at SUSE CVE-2025-43425 at NVD CVE-2025-43427 at SUSE CVE-2025-43427 at NVD CVE-2025-43429 at SUSE CVE-2025-43429 at NVD CVE-2025-43430 at SUSE CVE-2025-43430 at NVD CVE-2025-43431 at SUSE CVE-2025-43431 at NVD CVE-2025-43432 at SUSE CVE-2025-43432 at NVD CVE-2025-43434 at SUSE CVE-2025-43434 at NVD CVE-2025-43440 at SUSE CVE-2025-43440 at NVD CVE-2025-43443 at SUSE CVE-2025-43443 at NVD CVE-2025-43458 at SUSE CVE-2025-43458 at NVD CVE-2025-43480 at SUSE CVE-2025-43480 at NVD CVE-2025-43501 at SUSE CVE-2025-43501 at NVD CVE-2025-43529 at SUSE CVE-2025-43529 at NVD CVE-2025-43531 at SUSE CVE-2025-43531 at NVD CVE-2025-43535 at SUSE CVE-2025-43535 at NVD CVE-2025-43536 at SUSE CVE-2025-43536 at NVD CVE-2025-43541 at SUSE CVE-2025-43541 at NVD CVE-2025-66287 at SUSE CVE-2025-66287 at NVD cpe:/o:opensuse:leap:15.6 Security update for gpg2 (Important) openSUSE Leap 15.6 This update for gpg2 fixes the following issues: - CVE-2025-68973: Fix possible memory corruption in the armor parser (gpg.fail/memcpy)(bsc#1255715). - Avoid potential downgrade to SHA1 in 3rd party key signatures (gpg.fail/sha1) (bsc#1256246). - Error out on unverified output for non-detached signatures (gpg.fail/detached) (bsc#1256244). - Fix a memory leak in gpg2 agent (bsc#1256243). - Fix Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG (gpg.fail/notdash) (bsc#1256390). Important SUSE bug 1255715 SUSE bug 1256243 SUSE bug 1256244 SUSE bug 1256246 SUSE bug 1256390 CVE-2025-68973 at SUSE CVE-2025-68973 at NVD cpe:/o:opensuse:leap:15.6 Security update for keylime (Critical) openSUSE Leap 15.6 This update for keylime fixes the following issues: - CVE-2025-13609: avoid re-registration of clients with same UUID but with different TPM identity (bsc#1254199). Critical SUSE bug 1254199 CVE-2025-13609 at SUSE CVE-2025-13609 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.25 (Important) openSUSE Leap 15.6 This update for go1.25 fixes the following issues: Update to go1.25.6 (released 2026-01-15) (bsc#1244485) Security fixes: - CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level (bsc#1256821). - CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc#1256820). - CVE-2025-61731: cmd/go: bypass of flag sanitization can lead to arbitrary code execution (bsc#1256819). - CVE-2025-61726: net/http: memory exhaustion in Request.ParseForm (bsc#1256817). - CVE-2025-61728: archive/zip: denial of service when parsing arbitrary ZIP archives (bsc#1256816). - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818). Other fixes: * go#76392 os: package initialization hangs is Stdin is blocked * go#76409 crypto/tls: earlyTrafficSecret should use ClientHelloInner if ECH enabled * go#76620 os: on Unix, Readdirnames skips directory entries with zero inodes * go#76761 runtime: stack split at bad time in os/signal with Go 1.25.4 windows 386 * go#76776 runtime: race detector crash on ppc64le * go#76967 cmd/compile/internal/ssa: Compile.func1(): panic during sccp while compiling &lt;function&gt;: runtime error: index out of range * go#76973 errors: errors.Join behavior changed in 1.25 Important SUSE bug 1244485 SUSE bug 1256816 SUSE bug 1256817 SUSE bug 1256818 SUSE bug 1256819 SUSE bug 1256820 SUSE bug 1256821 CVE-2025-61726 at SUSE CVE-2025-61726 at NVD CVE-2025-61728 at SUSE CVE-2025-61728 at NVD CVE-2025-61730 at SUSE CVE-2025-61730 at NVD CVE-2025-61731 at SUSE CVE-2025-61731 at NVD CVE-2025-68119 at SUSE CVE-2025-68119 at NVD CVE-2025-68121 at SUSE CVE-2025-68121 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.24 (Important) openSUSE Leap 15.6 This update for go1.24 fixes the following issues: Update to go1.24.12 (released 2026-01-15) (bsc#1236217) Security fixes: - CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level (bsc#1256821). - CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc#1256820). - CVE-2025-61731: cmd/go: bypass of flag sanitization can lead to arbitrary code execution (bsc#1256819). - CVE-2025-61726: net/http: memory exhaustion in Request.ParseForm (bsc#1256817). - CVE-2025-61728: archive/zip: denial of service when parsing arbitrary ZIP archives (bsc#1256816). - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818). Other fixes: * go#76408 crypto/tls: earlyTrafficSecret should use ClientHelloInner if ECH enabled * go#76624 os: on Unix, Readdirnames skips directory entries with zero inodes * go#76760 runtime: stack split at bad time in os/signal with Go 1.25.4 windows 386 * go#76796 runtime: race detector crash on ppc64le * go#76966 cmd/compile/internal/ssa: Compile.func1(): panic during sccp while compiling &lt;function&gt;: runtime error: index out of range Important SUSE bug 1236217 SUSE bug 1256816 SUSE bug 1256817 SUSE bug 1256818 SUSE bug 1256819 SUSE bug 1256820 SUSE bug 1256821 CVE-2025-61726 at SUSE CVE-2025-61726 at NVD CVE-2025-61728 at SUSE CVE-2025-61728 at NVD CVE-2025-61730 at SUSE CVE-2025-61730 at NVD CVE-2025-61731 at SUSE CVE-2025-61731 at NVD CVE-2025-68119 at SUSE CVE-2025-68119 at NVD CVE-2025-68121 at SUSE CVE-2025-68121 at NVD cpe:/o:opensuse:leap:15.6 Security update for qemu (Important) openSUSE Leap 15.6 This update for qemu fixes the following issues: Security issues fixed: - CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations can be exploited by a malicious guest user to crash the QEMU process on the host (bsc#1253002). - CVE-2025-11234: use-after-free in WebSocket handshake operations can be exploited by a malicious client with network access to the VNC WebSocket port to cause a denial-of-service (bsc#1250984). Other updates and bugfixes: - [openSUSE][RPM]: really fix *-virtio-gpu-pci dependency on ARM (bsc#1254286). - block/curl: fix curl internal handles handling (bsc#1252768). Important SUSE bug 1250984 SUSE bug 1252768 SUSE bug 1253002 SUSE bug 1254286 CVE-2025-11234 at SUSE CVE-2025-11234 at NVD CVE-2025-12464 at SUSE CVE-2025-12464 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-filelock (Moderate) openSUSE Leap 15.6 This update for python-filelock fixes the following issues: - CVE-2025-68146: TOCTOU race condition may allow local attackers to corrupt or truncate arbitrary user files (bsc#1255244). - CVE-2026-22701: TOCTOU race condition in the SoftFileLock implementation (bsc#1256457). Moderate SUSE bug 1255244 SUSE bug 1256457 CVE-2025-68146 at SUSE CVE-2025-68146 at NVD CVE-2026-22701 at SUSE CVE-2026-22701 at NVD cpe:/o:opensuse:leap:15.6 Security update for libsodium (Moderate) openSUSE Leap 15.6 This update for libsodium fixes the following issues: - CVE-2025-15444: fixed cryptographic bypass via improper elliptic curve point validation (bsc#1256070). Moderate SUSE bug 1256070 CVE-2025-15444 at SUSE CVE-2025-15444 at NVD cpe:/o:opensuse:leap:15.6 Security update for libtasn1 (Moderate) openSUSE Leap 15.6 This update for libtasn1 fixes the following issues: - CVE-2025-13151: stack-based buffer overflow in `asn1_expend_octet_string` (bsc#1256341). Moderate SUSE bug 1256341 CVE-2025-13151 at SUSE CVE-2025-13151 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-marshmallow (Moderate) openSUSE Leap 15.6 This update for python-marshmallow fixes the following issues: - CVE-2025-68480: Fixed possible DoS when using Schema.load(data, many=True) (bsc#1255473). Moderate SUSE bug 1255473 CVE-2025-68480 at SUSE CVE-2025-68480 at NVD cpe:/o:opensuse:leap:15.6 Security update for net-snmp (Important) openSUSE Leap 15.6 This update for net-snmp fixes the following issues: - CVE-2025-68615: Fixed snmptrapd buffer overflow (bsc#1255491) Important SUSE bug 1255491 CVE-2025-68615 at SUSE CVE-2025-68615 at NVD cpe:/o:opensuse:leap:15.6 Security update for erlang26 (Moderate) openSUSE Leap 15.6 This update for erlang26 fixes the following issues: - CVE-2025-48040: Excessive resource consumption (bsc#1249472) - CVE-2025-48039: Excessive use of system resources (bsc#1249469) - CVE-2025-48038: Excessive use of system resources (bsc#1249470) Moderate SUSE bug 1249469 SUSE bug 1249470 SUSE bug 1249472 CVE-2025-48038 at SUSE CVE-2025-48038 at NVD CVE-2025-48039 at SUSE CVE-2025-48039 at NVD CVE-2025-48040 at SUSE CVE-2025-48040 at NVD cpe:/o:opensuse:leap:15.6 Security update for exiv2-0_26 (Low) openSUSE Leap 15.6 This update for exiv2-0_26 fixes the following issues: Add reference for previously fixed issue: - CVE-2025-55304: Fixed quadratic performance algorithm in the ICC profile parsing code of `JpegBase::readMetadata` (bsc#1248963). Low SUSE bug 1248963 CVE-2025-55304 at SUSE CVE-2025-55304 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-virtualenv (Moderate) openSUSE Leap 15.6 This update for python-virtualenv fixes the following issues: - CVE-2026-22702: Fixed local attacker can redirect file operations via TOCTOU race condition (bsc#1256458). Moderate SUSE bug 1256458 CVE-2026-22702 at SUSE CVE-2026-22702 at NVD cpe:/o:opensuse:leap:15.6 Security update for libpng16 (Moderate) openSUSE Leap 15.6 This update for libpng16 fixes the following issues: - CVE-2026-22695: Fixed heap buffer over-read in png_image_finish_read (bsc#1256525) - CVE-2026-22801: Fixed integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526). Moderate SUSE bug 1256525 SUSE bug 1256526 CVE-2026-22695 at SUSE CVE-2026-22695 at NVD CVE-2026-22801 at SUSE CVE-2026-22801 at NVD cpe:/o:opensuse:leap:15.6 Security update for busybox (Important) openSUSE Leap 15.6 This update for busybox fixes the following issues: This update for busybox fixes the following issues: Security issues: - CVE-2025-46394: Fixed tar hidden files via escape sequence (CVE-2025-46394, bsc#1241661) - CVE-2025-60876: Fixed HTTP request header injection in wget (CVE-2025-60876, bsc#1253245) Other issues: - Set CONFIG_FIRST_SYSTEM_ID to 201 to avoid confclict (bsc#1236670) - Fixed unshare -mrpf sh core dump on ppc64le (bsc#1249237) - Fixed adduser inside containers on an SELinux host (bsc#1247779) Important SUSE bug 1236670 SUSE bug 1241661 SUSE bug 1247779 SUSE bug 1249237 SUSE bug 1253245 CVE-2025-46394 at SUSE CVE-2025-46394 at NVD CVE-2025-60876 at SUSE CVE-2025-60876 at NVD cpe:/o:opensuse:leap:15.6 Security update for wireshark (Moderate) openSUSE Leap 15.6 This update for wireshark fixes the following issues: - CVE-2026-0959: IEEE 802.11 dissector crash (bsc#1256734). - CVE-2026-0960: HTTP3 dissector infinite loop (bsc#1256736). - CVE-2026-0962: SOME/IP-SD dissector crash (bsc#1256739). Moderate SUSE bug 1256734 SUSE bug 1256736 SUSE bug 1256739 CVE-2026-0959 at SUSE CVE-2026-0959 at NVD CVE-2026-0960 at SUSE CVE-2026-0960 at NVD CVE-2026-0962 at SUSE CVE-2026-0962 at NVD cpe:/o:opensuse:leap:15.6 Security update for librsvg (Moderate) openSUSE Leap 15.6 This update for librsvg fixes the following issues: Update to version 2.57.4 - bsc#1243867: + CVE-2024-12224: RUSTSEC-2024-0421 - idna accepts Punycode labels that do not produce any non-ASCII when decoded. + RUSTSEC-2024-0404 - Unsoundness in anstream. Moderate SUSE bug 1243867 CVE-2024-12224 at SUSE CVE-2024-12224 at NVD cpe:/o:opensuse:leap:15.6 Security update for php7 (Moderate) openSUSE Leap 15.6 This update for php7 fixes the following issues: Security fixes: - CVE-2025-14178: heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE (bsc#1255711). Other fixes: - Add all php7 packages to PackageHUB (unsupported), no source changes. (bsc#1251932) Moderate SUSE bug 1255711 CVE-2025-14178 at SUSE CVE-2025-14178 at NVD cpe:/o:opensuse:leap:15.6 Security update for python312 (Moderate) openSUSE Leap 15.6 This update for python312 fixes the following issues: - CVE-2025-12084: quadratic complexity when building nested elements using `xml.dom.minidom` methods that depend on `_clear_id_cache()` can lead to availability issues when building excessively nested documents (bsc#1254997). - CVE-2025-13836: use of `Content-Length` by default when reading an HTTP response with no read amount specified can lead to OOM issues and DoS when a client deals with a malicious server (bsc#1254400). - CVE-2025-13837: data read by the plistlib module according to the size specified by the file itself can lead to OOM issues and DoS (bsc#1254401). Moderate SUSE bug 1254400 SUSE bug 1254401 SUSE bug 1254997 CVE-2025-12084 at SUSE CVE-2025-12084 at NVD CVE-2025-13836 at SUSE CVE-2025-13836 at NVD CVE-2025-13837 at SUSE CVE-2025-13837 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-pyasn1 (Important) openSUSE Leap 15.6 This update for python-pyasn1 fixes the following issues: - CVE-2026-23490: Fixed Denial-of-Service issue that may lead to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets (bsc#1256902) Important SUSE bug 1256902 CVE-2026-23490 at SUSE CVE-2026-23490 at NVD cpe:/o:opensuse:leap:15.6 Security update for libsoup2 (Important) openSUSE Leap 15.6 This update for libsoup2 fixes the following issues: - CVE-2025-14523: Reject duplicated Host in headers and followed upstream update (bsc#1254876). - CVE-2026-0719: Fixed overflow for password md4sum (bsc#1256399) Important SUSE bug 1254876 SUSE bug 1256399 CVE-2025-14523 at SUSE CVE-2025-14523 at NVD CVE-2026-0719 at SUSE CVE-2026-0719 at NVD cpe:/o:opensuse:leap:15.6 Security update for log4j (Moderate) openSUSE Leap 15.6 This update for log4j fixes the following issues: Security fixes: - CVE-2025-68161: Fixed absent TLS hostname verification that may allow a man-in-the-middle attack (bsc#1255427) Other fixes: - Upgrade to 2.18.0 * Added + Add support for Jakarta Mail API in the SMTP appender. + Add support for custom Log4j 1.x levels. + Add support for adding and retrieving appenders in Log4j 1.x bridge. + Add support for custom LMAX disruptor WaitStrategy configuration. + Add support for Apache Extras' RollingFileAppender in Log4j 1.x bridge. + Add MutableThreadContextMapFilter. + Add support for 24 colors in highlighting * Changed + Improves ServiceLoader support on servlet containers. + Make the default disruptor WaitStrategy used by Async Loggers garbage-free. + Do not throw UnsupportedOperationException when JUL ApiLogger::setLevel is called. + Support Spring 2.6.x. + Move perf tests to log4j-core-its + Upgrade the Flume Appender to Flume 1.10.0 * Fixed + Fix minor typo #792. + Improve validation and reporting of configuration errors. + Allow enterprise id to be an OID fragment. + Fix problem with non-uppercase custom levels. + Avoid ClassCastException in JeroMqManager with custom LoggerContextFactory #791. + DirectWriteRolloverStrategy should use the current time when creating files. + Fixes the syslog appender in Log4j 1.x bridge, when used with a custom layout. + log4j-1.2-api 2.17.2 throws NullPointerException while removing appender with name as null. + Improve JsonTemplateLayout performance. + Fix resolution of non-Log4j properties. + Fixes Spring Boot logging system registration in a multi-application environment. + JAR file containing Log4j configuration isn’t closed. + Properties defined in configuration using a value attribute (as opposed to element) are read correctly. + Syslog appender lacks the SocketOptions setting. + Log4j 1.2 bridge should not wrap components unnecessarily. + Update 3rd party dependencies for 2.18.0. + SizeBasedTriggeringPolicy would fail to rename files properly when integer pattern contained a leading zero. + Fixes default SslConfiguration, when a custom keystore is used. + Fixes appender concurrency problems in Log4j 1.x bridge. + Fix and test for race condition in FileUtils.mkdir(). + LocalizedMessage logs misleading errors on the console. + Add missing message parameterization in RegexFilter. + Add the missing context stack to JsonLayout template. + HttpWatcher did not pass credentials when polling. + UrlConnectionFactory.createConnection now accepts an AuthorizationProvider as a parameter. + The DirectWriteRolloverStrategy was not detecting the correct index to use during startup. + Async Loggers were including the location information by default. + ClassArbiter’s newBuilder method referenced the wrong class. + Don’t use Paths.get() to avoid circular file systems. + Fix parsing error, when XInclude is disabled. + Fix LevelRangeFilterBuilder to align with log4j1’s behavior. + Fixes problem with wrong ANSI escape code for bright colors + Log4j 1.2 bridge should generate Log4j 2.x messages based on the parameter runtime type. - Update to 2.19.0 * Added + Add implementation of SLF4J2 fluent API. + Add support for SLF4J2 stack-valued MDC. * Changed + Add getExplicitLevel method to LoggerConfig. + Allow PropertySources to be added. + Allow Plugins to be injected with the LoggerContext reference. * Fixed + Add correct manifest entries for OSGi to log4j-jcl + Improve support for passwordless keystores. + SystemPropertyArbiter was assigning the value as the name. + Make JsonTemplateLayout stack trace truncation operate for each label block. + Fix recursion between Log4j 1.2 LogManager and Category. + Fix resolution of properties not starting with log4j2.. + Logger$PrivateConfig.filter(Level, Marker, String) was allocating empty varargs array. + Allows a space separated list of style specifiers in the %style pattern for consistency with %highlight. + Fix NPE in log4j-to-jul in the case the root logger level is null. + Fix RollingRandomAccessFileAppender with DirectWriteRolloverStrategy can’t create the first log file of different directory. + Generate new SSL certs for testing. + Fix ServiceLoaderUtil behavior in the presence of a SecurityManager. + Fix regression in Rfc5424Layout default values. + Harden InstantFormatter against delegate failures. + Add async support to Log4jServletFilter. * Removed + Removed build page in favor of a single build instructions file. + Remove SLF4J 1.8.x binding. - Update to 2.20.0 * Added + Add support for timezones in RollingFileAppender date pattern + Add LogEvent timestamp to ProducerRecord in KafkaAppender + Add PatternLayout support for abbreviating the name of all logger components except the 2 rightmost + Removes internal field that leaked into public API. + Add a LogBuilder#logAndGet() method to emulate the Logger#traceEntry method. * Changed + Simplify site generation + Switch the issue tracker from JIRA to GitHub Issues + Remove liquibase-log4j2 maven module + Fix order of stacktrace elements, that causes cache misses in ThrowableProxyHelper. + Switch from com.sun.mail to Eclipse Angus. + Add Log4j2 Core as default runtime dependency of the SLF4J2-to-Log4j2 API bridge. + Replace maven-changes-plugin with a custom changelog implementation + Moved log4j-api and log4j-core artifacts with classifier tests to log4j-api-test and log4j-core-test respectively. * Deprecated + Deprecate support for package scanning for plugins * Fixed + Copy programmatically supplied location even if includeLocation='false'. + Eliminate status logger warning, when disableAnsi or noConsoleNoAnsi is used the style and highlight patterns. + Fix detection of location requirements in RewriteAppender. + Replace regex with manual code to escape characters in Rfc5424Layout. + Fix java.sql.Time object formatting in MapMessage + Fix previous fire time computation in CronTriggeringPolicy + Correct default to not include location for AsyncRootLoggers + Make StatusConsoleListener use SimpleLogger internally. + Lazily evaluate the level of a SLF4J LogEventBuilder + Fixes priority of Legacy system properties, which are now back to having higher priority than Environment variables. + Protects ServiceLoaderUtil from unchecked ServiceLoader exceptions. + Fix Configurator#setLevel for internal classes + Fix level propagation in Log4jBridgeHandler + Disable OsgiServiceLocator if not running in OSGI container. + When using a Date Lookup in the file pattern the current time should be used. + Fixed LogBuilder filtering in the presence of global filters. Moderate SUSE bug 1255427 CVE-2025-68161 at SUSE CVE-2025-68161 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-urllib3 (Moderate) openSUSE Leap 15.6 This update for python-urllib3 fixes the following issues: - CVE-2026-21441: Fixed excessive resource consumption during decompression of data in HTTP redirect responses (bsc#1256331) Moderate SUSE bug 1256331 CVE-2026-21441 at SUSE CVE-2026-21441 at NVD cpe:/o:opensuse:leap:15.6 Security update for openldap2_5 (Moderate) openSUSE Leap 15.6 This update for openldap2_5 fixes the following issues: Security fixes: - CVE-2026-22185: Fixed possible crash in malicious DB (bsc#1256297) Other fixes: - Update to version 2.5.20+11: * ITS#10421 mdb_load: check for malicious input Moderate SUSE bug 1256297 CVE-2026-22185 at SUSE CVE-2026-22185 at NVD cpe:/o:opensuse:leap:15.6 Security update for libsoup (Important) openSUSE Leap 15.6 This update for libsoup fixes the following issues: - CVE-2026-0716: Fixed out-of-bounds read for websocket (bsc#1256418) - CVE-2026-0719: Fixed overflow for password md4sum (bsc#1256399) - CVE-2025-14523: Reject duplicated Host in headers and followed upstream update (bsc#1254876). Important SUSE bug 1254876 SUSE bug 1256399 SUSE bug 1256418 CVE-2025-14523 at SUSE CVE-2025-14523 at NVD CVE-2026-0716 at SUSE CVE-2026-0716 at NVD CVE-2026-0719 at SUSE CVE-2026-0719 at NVD cpe:/o:opensuse:leap:15.6 Security update for avahi (Moderate) openSUSE Leap 15.6 This update for avahi fixes the following issues: - CVE-2025-68276: Fixed refuse to create wide-area record browsers when wide-area is off (bsc#1256498) - CVE-2025-68471: Fixed DoS bug by changing assert to return (bsc#1256500) - CVE-2025-68468: Fixed DoS bug by removing incorrect assertion (bsc#1256499) Moderate SUSE bug 1256498 SUSE bug 1256499 SUSE bug 1256500 CVE-2025-68276 at SUSE CVE-2025-68276 at NVD CVE-2025-68468 at SUSE CVE-2025-68468 at NVD CVE-2025-68471 at SUSE CVE-2025-68471 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaFirefox (Important) openSUSE Leap 15.6 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.7.0 ESR (bsc#1256340). - MFSA 2026-03 * CVE-2026-0877: Mitigation bypass in the DOM: Security component * CVE-2026-0878: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component * CVE-2026-0879: Sandbox escape due to incorrect boundary conditions in the Graphics component * CVE-2026-0880: Sandbox escape due to integer overflow in the Graphics component * CVE-2026-0882: Use-after-free in the IPC component * CVE-2025-14327: Spoofing issue in the Downloads Panel component * CVE-2026-0883: Information disclosure in the Networking component * CVE-2026-0884: Use-after-free in the JavaScript Engine component * CVE-2026-0885: Use-after-free in the JavaScript: GC component * CVE-2026-0886: Incorrect boundary conditions in the Graphics component * CVE-2026-0887: Clickjacking issue, information disclosure in the PDF Viewer component * CVE-2026-0890: Spoofing issue in the DOM: Copy-Paste and Drag-Drop component * CVE-2026-0891: Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147 Important SUSE bug 1256340 CVE-2025-14327 at SUSE CVE-2025-14327 at NVD CVE-2026-0877 at SUSE CVE-2026-0877 at NVD CVE-2026-0878 at SUSE CVE-2026-0878 at NVD CVE-2026-0879 at SUSE CVE-2026-0879 at NVD CVE-2026-0880 at SUSE CVE-2026-0880 at NVD CVE-2026-0882 at SUSE CVE-2026-0882 at NVD CVE-2026-0883 at SUSE CVE-2026-0883 at NVD CVE-2026-0884 at SUSE CVE-2026-0884 at NVD CVE-2026-0885 at SUSE CVE-2026-0885 at NVD CVE-2026-0886 at SUSE CVE-2026-0886 at NVD CVE-2026-0887 at SUSE CVE-2026-0887 at NVD CVE-2026-0890 at SUSE CVE-2026-0890 at NVD CVE-2026-0891 at SUSE CVE-2026-0891 at NVD cpe:/o:opensuse:leap:15.6 Security update for python (Moderate) openSUSE Leap 15.6 This update for python fixes the following issues: - CVE-2025-13836: Fixed reading an HTTP response from a server, if no read amount is specified, with using Content-Length per default as the length (bsc#1254400) - CVE-2025-12084: Fixed Denial of Service due to quadratic algorithm in xml.dom.minidom (bsc#1254997). Moderate SUSE bug 1254400 SUSE bug 1254997 CVE-2025-12084 at SUSE CVE-2025-12084 at NVD CVE-2025-13836 at SUSE CVE-2025-13836 at NVD CVE-2025-6075 at SUSE CVE-2025-6075 at NVD cpe:/o:opensuse:leap:15.6 Security update for python3 (Moderate) openSUSE Leap 15.6 This update for python3 fixes the following issues: - CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service (bsc#1254997) - CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response (bsc#1254400) - CVE-2025-13837: Fixed plistlib module denial of service (bsc#1254401) Moderate SUSE bug 1254400 SUSE bug 1254401 SUSE bug 1254997 CVE-2025-12084 at SUSE CVE-2025-12084 at NVD CVE-2025-13836 at SUSE CVE-2025-13836 at NVD CVE-2025-13837 at SUSE CVE-2025-13837 at NVD cpe:/o:opensuse:leap:15.6 Security update for openvswitch (Important) openSUSE Leap 15.6 This update for openvswitch fixes the following issues: Update to v3.1.7: - CVE-2023-3966: openvswitch, openvswitch3: Invalid memory access in Geneve with HW offload (bsc#1219465). - CVE-2024-2182: openvswitch: ov: insufficient validation of incoming BFD packets may lead to denial of service (bsc#1255435). - CVE-2023-1668: openvswitch: remote traffic denial of service via crafted packets with IP proto 0 (bsc#1210054). - CVE-2023-3153: openvswitch,openvswitch3: service monitor MAC flow is not rate limited (bsc#1212125). - CVE-2023-5366: openvswitch: missing masks on a final stage with ports trie (bsc#1216002). Important SUSE bug 1210054 SUSE bug 1212125 SUSE bug 1216002 SUSE bug 1219465 SUSE bug 1255435 CVE-2023-1668 at SUSE CVE-2023-1668 at NVD CVE-2023-3152 at SUSE CVE-2023-3152 at NVD CVE-2023-3153 at SUSE CVE-2023-3153 at NVD CVE-2023-3966 at SUSE CVE-2023-3966 at NVD CVE-2023-5366 at SUSE CVE-2023-5366 at NVD CVE-2024-2182 at SUSE CVE-2024-2182 at NVD CVE-2025-0650 at SUSE CVE-2025-0650 at NVD cpe:/o:opensuse:leap:15.6 Security update for glib2 (Low) openSUSE Leap 15.6 This update for glib2 fixes the following issues: - CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049). Low SUSE bug 1257049 CVE-2026-0988 at SUSE CVE-2026-0988 at NVD cpe:/o:opensuse:leap:15.6 Security update for harfbuzz (Moderate) openSUSE Leap 15.6 This update for harfbuzz fixes the following issues: - CVE-2026-22693: Fixed a NULL pointer dereference in SubtableUnicodesCache::create (bsc#1256459). Moderate SUSE bug 1256459 CVE-2026-22693 at SUSE CVE-2026-22693 at NVD cpe:/o:opensuse:leap:15.6 Security update for openvswitch3 (Important) openSUSE Leap 15.6 This update for openvswitch3 fixes the following issues: Update to v3.1.7: - CVE-2023-3966: openvswitch, openvswitch3: Invalid memory access in Geneve with HW offload (bsc#1219465). - CVE-2024-2182: openvswitch: ov: insufficient validation of incoming BFD packets may lead to denial of service (bsc#1255435). - CVE-2023-1668: openvswitch: remote traffic denial of service via crafted packets with IP proto 0 (bsc#1210054). - CVE-2023-3153: openvswitch,openvswitch3: service monitor MAC flow is not rate limited (bsc#1212125). - CVE-2023-5366: openvswitch: missing masks on a final stage with ports trie (bsc#1216002). Important SUSE bug 1210054 SUSE bug 1212125 SUSE bug 1216002 SUSE bug 1219465 SUSE bug 1255435 CVE-2023-1668 at SUSE CVE-2023-1668 at NVD CVE-2023-3152 at SUSE CVE-2023-3152 at NVD CVE-2023-3153 at SUSE CVE-2023-3153 at NVD CVE-2023-3966 at SUSE CVE-2023-3966 at NVD CVE-2023-5366 at SUSE CVE-2023-5366 at NVD CVE-2024-2182 at SUSE CVE-2024-2182 at NVD CVE-2025-0650 at SUSE CVE-2025-0650 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38321: smb: Log an error when close_all_cached_dirs fails (bsc#1246328). - CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd (bsc#1249256). - CVE-2025-39890: wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event (bsc#1250334). - CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046). - CVE-2025-40006: mm/hugetlb: fix folio is still mapped when deleted (bsc#1252342). - CVE-2025-40024: vhost: Take a reference on the task in struct vhost_task (bsc#1252686). - CVE-2025-40033: remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() (bsc#1252824). - CVE-2025-40042: tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (bsc#1252861). - CVE-2025-40053: net: dlink: handle copy_thresh allocation failure (bsc#1252808). - CVE-2025-40081: perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (bsc#1252776). - CVE-2025-40102: KVM: arm64: Prevent access to vCPU events before init (bsc#1252919). - CVE-2025-40134: dm: fix NULL pointer dereference in __dm_suspend() (bsc#1253386). - CVE-2025-40135: ipv6: use RCU in ip6_xmit() (bsc#1253342). - CVE-2025-40153: mm: hugetlb: avoid soft lockup when mprotect to large memory area (bsc#1253408). - CVE-2025-40158: ipv6: use RCU in ip6_output() (bsc#1253402). - CVE-2025-40167: ext4: detect invalid INLINE_DATA + EXTENTS flag combination (bsc#1253458). - CVE-2025-40170: net: use dst_dev_rcu() in sk_setup_caps() (bsc#1253413). - CVE-2025-40178: pid: Add a judgment for ns null in pid_nr_ns (bsc#1253463). - CVE-2025-40179: ext4: verify orphan file size is not too big (bsc#1253442). - CVE-2025-40187: net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() (bsc#1253647). - CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959). - CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520). - CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813). - CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075). - CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1254843). - CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847). - CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255187). - CVE-2025-40328: smb: client: fix potential UAF in smb2_close_cached_fid() (bsc#1254624). - CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615). - CVE-2025-68259: KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (bsc#1255199). The following non security issues were fixed: - ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4 (git-fixes). - ACPI: property: Fix fwnode refcount leak in acpi_fwnode_graph_parse_endpoint() (git-fixes). - ALSA: dice: fix buffer overflow in detect_stream_formats() (git-fixes). - ALSA: firewire-motu: add bounds check in put_user loop for DSP events (git-fixes). - ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events (git-fixes). - ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() (git-fixes). - ALSA: uapi: Fix typo in asound.h comment (git-fixes). - ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230 (stable-fixes). - ASoC: Intel: catpt: Fix error path in hw_params() (git-fixes). - ASoC: ak4458: Disable regulator when error happens (git-fixes). - ASoC: ak5558: Disable regulator when error happens (git-fixes). - ASoC: codecs: wcd938x: fix OF node leaks on probe failure (git-fixes). - ASoC: fsl_xcvr: clear the channel status control memory (git-fixes). - ASoC: qcom: q6adm: the the copp device only during last instance (git-fixes). - ASoC: qcom: q6asm-dai: perform correct state check before closing (git-fixes). - ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment (git-fixes). - ASoC: stm32: sai: fix OF node leak on probe (git-fixes). - ASoC: stm32: sai: fix clk prepare imbalance on probe failure (git-fixes). - ASoC: stm32: sai: fix device leak on probe (git-fixes). - Bluetooth: HCI: Fix tracking of advertisement set/instance 0x00 (git-fixes). - Bluetooth: SMP: Fix not generating mackey and ltk when repairing (git-fixes). - Bluetooth: hci_sock: Prevent race in socket write iter and sock bind (git-fixes). - Documentation/kernel-parameters: fix typo in retbleed= kernel parameter description (git-fixes). - Documentation: hid-alps: Fix packet format section headings (git-fixes). - Documentation: parport-lowlevel: Separate function listing code blocks (git-fixes). - HID: logitech-dj: Remove duplicate error logging (git-fixes). - HID: logitech-hidpp: Do not assume FAP in hidpp_send_message_sync() (git-fixes). - Input: cros_ec_keyb - fix an invalid memory access (stable-fixes). - Input: goodix - add support for ACPI ID GDIX1003 (stable-fixes). - Input: goodix - add support for ACPI ID GDX9110 (stable-fixes). - KEYS: trusted: Fix a memory leak in tpm2_load_cmd (git-fixes). - KEYS: trusted_tpm1: Compare HMAC values in constant time (git-fixes). - PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths (git-fixes). - PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition (git-fixes). - PCI: keystone: Exit ks_pcie_probe() for invalid mode (git-fixes). - PCI: rcar-gen2: Drop ARM dependency from PCI_RCAR_GEN2 (git-fixes). - Revert 'mtd: rawnand: marvell: fix layouts' (git-fixes). - USB: Fix descriptor count when handling invalid MBIM extended descriptor (git-fixes). - USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC (git-fixes). - USB: serial: ftdi_sio: add support for u-blox EVK-M101 (stable-fixes). - USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC (git-fixes). - USB: serial: option: add Quectel RG255C (stable-fixes). - USB: serial: option: add Telit FN920C04 ECM compositions (stable-fixes). - USB: serial: option: add UNISOC UIS7720 (stable-fixes). - USB: serial: option: add support for Rolling RW101R-GL (stable-fixes). - USB: storage: Remove subclass and protocol overrides from Novatek quirk (git-fixes). - arm64: zynqmp: Fix usb node drive strength and slew rate (git-fixes). - arm64: zynqmp: Revert usb node drive strength and slew rate for (git-fixes). - atm/fore200e: Fix possible data race in fore200e_open() (git-fixes). - atm: idt77252: Add missing `dma_map_error()` (stable-fixes). - backlight: led-bl: Add devlink to supplier LEDs (git-fixes). - backlight: lp855x: Fix lp855x.h kernel-doc warnings (git-fixes). - bs-upload-kernel: Fix cve branch uploads. - btrfs: make sure extent and csum paths are always released in scrub_raid56_parity_stripe() (git-fixes). - can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs (git-fixes). - can: kvaser_usb: leaf: Fix potential infinite loop in command parsers (git-fixes). - can: sja1000: fix max irq loop handling (git-fixes). - can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling (git-fixes). - cifs: Fix uncached read into ITER_KVEC iterator (bsc#1245449). - cifs: after disabling multichannel, mark tcon for reconnect (git-fixes). - cifs: avoid redundant calls to disable multichannel (git-fixes). - cifs: cifs_pick_channel should try selecting active channels (git-fixes). - cifs: deal with the channel loading lag while picking channels (git-fixes). - cifs: dns resolution is needed only for primary channel (git-fixes). - cifs: do not disable interface polling on failure (git-fixes). - cifs: do not search for channel if server is terminating (git-fixes). - cifs: fix a pending undercount of srv_count (git-fixes). - cifs: fix lock ordering while disabling multichannel (git-fixes). - cifs: fix stray unlock in cifs_chan_skip_or_disable (git-fixes). - cifs: fix use after free for iface while disabling secondary channels (git-fixes). - cifs: handle servers that still advertise multichannel after disabling (git-fixes). - cifs: handle when server starts supporting multichannel (git-fixes). - cifs: handle when server stops supporting multichannel (git-fixes). - cifs: make cifs_chan_update_iface() a void function (git-fixes). - cifs: make sure server interfaces are requested only for SMB3+ (git-fixes). - cifs: make sure that channel scaling is done only once (git-fixes). - cifs: reconnect worker should take reference on server struct unconditionally (git-fixes). - cifs: reset connections for all channels when reconnect requested (git-fixes). - cifs: reset iface weights when we cannot find a candidate (git-fixes). - cifs: serialize other channels when query server interfaces is pending (git-fixes). - cifs: update dstaddr whenever channel iface is updated (git-fixes). - clk: qcom: camcc-sm6350: Fix PLL config of PLL2 (git-fixes). - clk: qcom: camcc-sm6350: Specify Titan GDSC power domain as a parent to other (git-fixes). - clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle callback (git-fixes). - clk: renesas: r9a06g032: Fix memory leak in error path (git-fixes). - comedi: c6xdigio: Fix invalid PNP driver unregistration (git-fixes). - comedi: check device's attached status in compat ioctls (git-fixes). - comedi: multiq3: sanitize config options in multiq3_attach() (git-fixes). - comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() (git-fixes). - cpufreq: intel_pstate: Check IDA only before MSR_IA32_PERF_CTL writes (git-fixes). - cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026). - crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (git-fixes). - crypto: authenc - Correctly pass EINPROGRESS back up to the caller (git-fixes). - crypto: ccree - Correctly handle return of sg_nents_for_len (git-fixes). - crypto: hisilicon/qm - restore original qos values (git-fixes). - crypto: iaa - Fix incorrect return value in save_iaa_wq() (git-fixes). - crypto: rockchip - drop redundant crypto_skcipher_ivsize() calls (git-fixes). - dm-integrity: limit MAX_TAG_SIZE to 255 (git-fixes). - dm-verity: fix unreliable memory allocation (git-fixes). - dm: fix queue start/stop imbalance under suspend/load/resume races (bsc#1253386). - drivers/usb/dwc3: fix PCI parent check (git-fixes). - drm/amd/display: Check NULL before accessing (stable-fixes). - drm/amd/display: Fix logical vs bitwise bug in get_embedded_panel_info_v2_1() (git-fixes). - drm/amd/display: Increase DPCD read retries (stable-fixes). - drm/amd/display: Move sleep into each retry for retrieve_link_cap() (stable-fixes). - drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled (stable-fixes). - drm/amdgpu: add missing lock to amdgpu_ttm_access_memory_sdma (git-fixes). - drm/amdgpu: fix cyan_skillfish2 gpu info fw handling (git-fixes). - drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg() (git-fixes). - drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue (git-fixes). - drm/mediatek: Fix device node reference leak in mtk_dp_dt_parse() (git-fixes). - drm/mgag200: Fix big-endian support (git-fixes). - drm/msm/a2xx: stop over-complaining about the legacy firmware (git-fixes). - drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers (git-fixes). - drm/msm/a6xx: Flush LRZ cache before PT switch (git-fixes). - drm/msm/dpu: Remove dead-code in dpu_encoder_helper_reset_mixers() (git-fixes). - drm/nouveau: restrict the flush page to a 32-bit address (git-fixes). - drm/ttm: Avoid NULL pointer deref for evicted BOs (git-fixes). - drm/vgem-fence: Fix potential deadlock on release (git-fixes). - drm: nouveau: Replace sprintf() with sysfs_emit() (git-fixes). - drm: sti: fix device leaks at component probe (git-fixes). - efi/libstub: Describe missing 'out' parameter in efi_load_initrd (git-fixes). - efi/libstub: Fix page table access in 5-level to 4-level paging transition (git-fixes). - fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing (git-fixes). - fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe() (git-fixes). - fbdev: tcx.c fix mem_map to correct smem_start offset (git-fixes). - firmware: imx: scu-irq: fix OF node leak in (git-fixes). - firmware: stratix10-svc: Add mutex in stratix10 memory management (git-fixes). - firmware: stratix10-svc: fix bug in saving controller data (git-fixes). - firmware: stratix10-svc: fix make htmldocs warning for stratix10_svc (git-fixes). - gpu: host1x: Fix race in syncpt alloc/free (git-fixes). - hwmon: (max16065) Use local variable to avoid TOCTOU (git-fixes). - hwmon: (w83791d) Convert macros to functions to avoid TOCTOU (git-fixes). - hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU (git-fixes). - hwmon: sy7636a: Fix regulator_enable resource leak on error path (git-fixes). - i2c: amd-mp2: fix reference leak in MP2 PCI device (git-fixes). - i2c: i2c.h: fix a bad kernel-doc line (git-fixes). - i3c: master: svc: Prevent incomplete IBI transaction (git-fixes). - iio: accel: bmc150: Fix irq assumption regression (stable-fixes). - iio: accel: fix ADXL355 startup race condition (git-fixes). - iio: adc: ad7280a: fix ad7280_store_balance_timer() (git-fixes). - iio: core: Clean up device correctly on iio_device_alloc() failure (git-fixes). - iio: core: add missing mutex_destroy in iio_dev_release() (git-fixes). - iio: imu: st_lsm6dsx: Fix measurement unit for odr struct member (git-fixes). - iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields (git-fixes). - iio: st_lsm6dsx: Fixed calibrated timestamp calculation (git-fixes). - ima: Handle error code returned by ima_filter_rule_match() (git-fixes). - intel_th: Fix error handling in intel_th_output_open (git-fixes). - ipmi: Fix handling of messages with provided receive message pointer (git-fixes). - ipmi: Rework user message limit handling (git-fixes). - irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() (git-fixes). - kconfig/mconf: Initialize the default locale at startup (stable-fixes). - kconfig/nconf: Initialize the default locale at startup (stable-fixes). - leds: leds-lp50xx: Allow LED 0 to be added to module bank (git-fixes). - leds: leds-lp50xx: Enable chip before any communication (git-fixes). - leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs (git-fixes). - leds: netxbig: Fix GPIO descriptor leak in error paths (git-fixes). - lib/vsprintf: Check pointer before dereferencing in time_and_date() (git-fixes). - mailbox: mailbox-test: Fix debugfs_create_dir error checking (git-fixes). - media: TDA1997x: Remove redundant cancel_delayed_work in probe (git-fixes). - media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() (git-fixes). - media: amphion: Cancel message work before releasing the VPU core (git-fixes). - media: atomisp: Prefix firmware paths with 'intel/ipu/' (bsc#1252973). - media: atomisp: Remove firmware_name module parameter (bsc#1252973). - media: cec: Fix debugfs leak on bus_register() failure (git-fixes). - media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() (git-fixes). - media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe (git-fixes). - media: i2c: adv7842: Remove redundant cancel_delayed_work in probe (git-fixes). - media: msp3400: Avoid possible out-of-bounds array accesses in msp3400c_thread() (git-fixes). - media: pvrusb2: Fix incorrect variable used in trace message (git-fixes). - media: rc: st_rc: Fix reset control resource leak (git-fixes). - media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled (git-fixes). - media: samsung: exynos4-is: fix potential ABBA deadlock on init (git-fixes). - media: v4l2-mem2mem: Fix outdated documentation (git-fixes). - media: verisilicon: Protect G2 HEVC decoder against invalid DPB index (git-fixes). - media: videobuf2: Fix device reference leak in vb2_dc_alloc error path (git-fixes). - media: vidtv: initialize local pointers upon transfer of memory ownership (git-fixes). - media: vpif_capture: fix section mismatch (git-fixes). - media: vpif_display: fix section mismatch (git-fixes). - mfd: altera-sysmgr: Fix device leak on sysmgr regmap lookup (git-fixes). - mfd: da9055: Fix missing regmap_del_irq_chip() in error path (git-fixes). - mfd: max77620: Fix potential IRQ chip conflict when probing two devices (git-fixes). - mfd: mt6358-irq: Fix missing irq_domain_remove() in error path (git-fixes). - mfd: mt6397-irq: Fix missing irq_domain_remove() in error path (git-fixes). - most: usb: fix double free on late probe failure (git-fixes). - mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() (git-fixes). - mtd: lpddr_cmds: fix signed shifts in lpddr_cmds (git-fixes). - mtd: maps: pcmciamtd: fix potential memory leak in pcmciamtd_detach() (git-fixes). - mtd: nand: relax ECC parameter validation check (git-fixes). - mtd: rawnand: lpc32xx_slc: fix GPIO descriptor leak on probe error and remove (git-fixes). - mtd: rawnand: renesas: Handle devm_pm_runtime_enable() errors (git-fixes). - net: phy: adin1100: Fix software power-down ready condition (git-fixes). - net: phy: mxl-gpy: fix bogus error on USXGMII and integrated PHY (git-fixes). - net: phy: mxl-gpy: fix link properties on USXGMII and internal PHYs (git-fixes). - nvme: Use non zero KATO for persistent discovery connections (git-fixes). - orangefs: fix xattr related buffer overflow.. (git-fixes). - phy: broadcom: bcm63xx-usbh: fix section mismatches (git-fixes). - phy: renesas: rcar-gen3-usb2: Fix an error handling path in rcar_gen3_phy_usb2_probe() (git-fixes). - pinctrl: stm32: fix hwspinlock resource leak in probe function (git-fixes). - platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver (git-fixes). - platform/x86: asus-wmi: use brightness_set_blocking() for kbd led (git-fixes). - platform/x86: intel: chtwc_int33fe: don't dereference swnode args (git-fixes). - platform/x86: intel: punit_ipc: fix memory corruption (git-fixes). - power: supply: apm_power: only unset own apm_get_power_status (git-fixes). - power: supply: cw2015: Check devm_delayed_work_autocancel() return code (git-fixes). - power: supply: rt9467: Prevent using uninitialized local variable in rt9467_set_value_from_ranges() (git-fixes). - power: supply: rt9467: Return error on failure in rt9467_set_value_from_ranges() (git-fixes). - power: supply: wm831x: Check wm831x_set_bits() return value (git-fixes). - powerpc/64s/slb: Fix SLB multihit issue during SLB preload (bac#1236022 ltc#211187). - powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029). - pwm: bcm2835: Make sure the channel is enabled after pwm_request() (git-fixes). - regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex (git-fixes). - regulator: core: disable supply if enabling main regulator fails (git-fixes). - rpmsg: glink: fix rpmsg device leak (git-fixes). - rtc: gamecube: Check the return value of ioremap() (git-fixes). - scripts: teaapi: Add paging. - scrits: teaapi: Add list_repos. - scsi: lpfc: Add capability to register Platform Name ID to fabric (bsc#1254119). - scsi: lpfc: Allow support for BB credit recovery in point-to-point topology (bsc#1254119). - scsi: lpfc: Ensure unregistration of rpis for received PLOGIs (bsc#1254119). - scsi: lpfc: Fix leaked ndlp krefs when in point-to-point topology (bsc#1254119). - scsi: lpfc: Fix reusing an ndlp that is marked NLP_DROPPED during FLOGI (bsc#1254119). - scsi: lpfc: Modify kref handling for Fabric Controller ndlps (bsc#1254119). - scsi: lpfc: Remove redundant NULL ptr assignment in lpfc_els_free_iocb() (bsc#1254119). - scsi: lpfc: Revise discovery related function headers and comments (bsc#1254119). - scsi: lpfc: Update lpfc version to 14.4.0.12 (bsc#1254119). - scsi: lpfc: Update various NPIV diagnostic log messaging (bsc#1254119). - serial: amba-pl011: prefer dma_mapping_error() over explicit address checking (git-fixes). - slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves (git-fixes). - smb3: add missing null server pointer check (git-fixes). - smb: client: fix cifs_pick_channel when channel needs reconnect (git-fixes). - smb: client: fix warning when reconnecting channel (git-fixes). - smb: client: introduce close_cached_dir_locked() (git-fixes). - soc/tegra: fuse: speedo-tegra210: Update speedo IDs (git-fixes). - soc: amlogic: canvas: fix device leak on lookup (git-fixes). - soc: qcom: ocmem: fix device leak on lookup (git-fixes). - soc: qcom: smem: fix hwspinlock resource leak in probe error paths (git-fixes). - spi: amlogic-spifc-a1: Handle devm_pm_runtime_enable() errors (git-fixes). - spi: bcm63xx: drop wrong casts in probe() (git-fixes). - spi: bcm63xx: fix premature CS deassertion on RX-only transactions (git-fixes). - spi: tegra210-qspi: Remove cache operations (git-fixes). - spi: tegra210-quad: Add support for internal DMA (git-fixes). - spi: tegra210-quad: Check hardware status on timeout (bsc#1253155). - spi: tegra210-quad: Fix timeout handling (bsc#1253155). - spi: tegra210-quad: Fix timeout handling (git-fixes). - spi: tegra210-quad: Refactor error handling into helper functions (bsc#1253155). - spi: tegra210-quad: Update dummy sequence configuration (git-fixes). - staging: fbtft: core: fix potential memory leak in fbtft_probe_common() (git-fixes). - thunderbolt: Add support for Intel Wildcat Lake (stable-fixes). - tracing: Fix access to trace_event_file (bsc#1254373). - uio: uio_fsl_elbc_gpcm:: Add null pointer check to uio_fsl_elbc_gpcm_probe (git-fixes). - usb: cdns3: Fix double resource release in cdns3_pci_probe (git-fixes). - usb: chaoskey: fix locking for O_NONBLOCK (git-fixes). - usb: chipidea: udc: limit usb request length to max 16KB (stable-fixes). - usb: dwc2: fix hang during suspend if set as peripheral (git-fixes). - usb: dwc3: Abort suspend on soft disconnect failure (git-fixes). - usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths (git-fixes). - usb: dwc3: pci: Sort out the Intel device IDs (stable-fixes). - usb: dwc3: pci: add support for the Intel Nova Lake -S (stable-fixes). - usb: gadget: configfs: Correctly set use_os_string at bind (git-fixes). - usb: gadget: f_eem: Fix memory leak in eem_unwrap (git-fixes). - usb: gadget: renesas_usbf: Handle devm_pm_runtime_enable() errors (git-fixes). - usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt (git-fixes). - usb: phy: Initialize struct usb_phy list_head (git-fixes). - usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE (git-fixes). - usb: raw-gadget: do not limit transfer length (git-fixes). - usb: storage: Fix memory leak in USB bulk transport (git-fixes). - usb: storage: sddr55: Reject out-of-bound new_pba (stable-fixes). - usb: typec: tipd: Clear interrupts first (git-fixes). - usb: typec: ucsi: psy: Set max current to zero when disconnected (git-fixes). - usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer (git-fixes). - usb: udc: Add trace event for usb_gadget_set_state (stable-fixes). - usb: vhci-hcd: Prevent suspending virtually attached devices (git-fixes). - watchdog: wdat_wdt: Fix ACPI table leak in probe function (git-fixes). - wifi: ath11k: fix peer HE MCS assignment (git-fixes). - wifi: ath11k: restore register window after global reset (git-fixes). - wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper() (git-fixes). - wifi: ieee80211: correct FILS status codes (git-fixes). - wifi: mac80211: fix CMAC functions not handling errors (git-fixes). - wifi: mt76: Fix DTS power-limits on little endian systems (git-fixes). - wifi: nl80211: vendor-cmd: intel: fix a blank kernel-doc line warning (git-fixes). - wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() (git-fixes). - wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() (git-fixes). - x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() (git-fixes). - x86/microcode/AMD: Add TSA microcode SHAs (bsc#1256528). - x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev (bsc#1256528). - x86/microcode/AMD: Add more known models to entry sign checking (bsc#1256528). - x86/microcode/AMD: Add some forgotten models to the SHA check (bsc#1256528). - x86/microcode/AMD: Clean the cache if update did not load microcode (bsc#1256528). - x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches (bsc#1256528). - x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256528). - x86/microcode/AMD: Fix __apply_microcode_amd()'s return value (bsc#1256528). - x86/microcode/AMD: Limit Entrysign signature checking to known generations (bsc#1256528). - x86/microcode/AMD: Load only SHA256-checksummed patches (bsc#1256528). - x86/microcode/AMD: Select which microcode patch to load (bsc#1256528). - x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256528). - x86/microcode: Fix Entrysign revision check for Zen1/Naples (bsc#1256528). - xhci: dbgtty: fix device unregister (git-fixes). Important SUSE bug 1012628 SUSE bug 1065729 SUSE bug 1194869 SUSE bug 1214635 SUSE bug 1214847 SUSE bug 1215146 SUSE bug 1215211 SUSE bug 1215344 SUSE bug 1216062 SUSE bug 1216436 SUSE bug 1219165 SUSE bug 1220419 SUSE bug 1223731 SUSE bug 1234163 SUSE bug 1245193 SUSE bug 1245449 SUSE bug 1246328 SUSE bug 1247500 SUSE bug 1248886 SUSE bug 1249256 SUSE bug 1250334 SUSE bug 1252046 SUSE bug 1252342 SUSE bug 1252686 SUSE bug 1252776 SUSE bug 1252808 SUSE bug 1252824 SUSE bug 1252861 SUSE bug 1252919 SUSE bug 1252973 SUSE bug 1253155 SUSE bug 1253262 SUSE bug 1253342 SUSE bug 1253386 SUSE bug 1253402 SUSE bug 1253408 SUSE bug 1253413 SUSE bug 1253442 SUSE bug 1253458 SUSE bug 1253463 SUSE bug 1253647 SUSE bug 1254119 SUSE bug 1254126 SUSE bug 1254373 SUSE bug 1254518 SUSE bug 1254520 SUSE bug 1254599 SUSE bug 1254606 SUSE bug 1254611 SUSE bug 1254613 SUSE bug 1254615 SUSE bug 1254621 SUSE bug 1254623 SUSE bug 1254624 SUSE bug 1254626 SUSE bug 1254648 SUSE bug 1254649 SUSE bug 1254653 SUSE bug 1254655 SUSE bug 1254657 SUSE bug 1254660 SUSE bug 1254661 SUSE bug 1254663 SUSE bug 1254669 SUSE bug 1254677 SUSE bug 1254678 SUSE bug 1254688 SUSE bug 1254690 SUSE bug 1254691 SUSE bug 1254693 SUSE bug 1254695 SUSE bug 1254698 SUSE bug 1254701 SUSE bug 1254704 SUSE bug 1254705 SUSE bug 1254707 SUSE bug 1254712 SUSE bug 1254715 SUSE bug 1254717 SUSE bug 1254723 SUSE bug 1254724 SUSE bug 1254732 SUSE bug 1254733 SUSE bug 1254737 SUSE bug 1254739 SUSE bug 1254742 SUSE bug 1254743 SUSE bug 1254749 SUSE bug 1254750 SUSE bug 1254753 SUSE bug 1254754 SUSE bug 1254758 SUSE bug 1254761 SUSE bug 1254762 SUSE bug 1254765 SUSE bug 1254782 SUSE bug 1254791 SUSE bug 1254793 SUSE bug 1254795 SUSE bug 1254796 SUSE bug 1254797 SUSE bug 1254798 SUSE bug 1254813 SUSE bug 1254828 SUSE bug 1254829 SUSE bug 1254832 SUSE bug 1254840 SUSE bug 1254843 SUSE bug 1254847 SUSE bug 1254850 SUSE bug 1254851 SUSE bug 1254858 SUSE bug 1254860 SUSE bug 1254894 SUSE bug 1254918 SUSE bug 1254957 SUSE bug 1254959 SUSE bug 1254983 SUSE bug 1255005 SUSE bug 1255009 SUSE bug 1255026 SUSE bug 1255033 SUSE bug 1255034 SUSE bug 1255035 SUSE bug 1255041 SUSE bug 1255046 SUSE bug 1255057 SUSE bug 1255062 SUSE bug 1255064 SUSE bug 1255065 SUSE bug 1255068 SUSE bug 1255072 SUSE bug 1255075 SUSE bug 1255077 SUSE bug 1255083 SUSE bug 1255092 SUSE bug 1255094 SUSE bug 1255100 SUSE bug 1255122 SUSE bug 1255135 SUSE bug 1255146 SUSE bug 1255149 SUSE bug 1255152 SUSE bug 1255154 SUSE bug 1255155 SUSE bug 1255163 SUSE bug 1255167 SUSE bug 1255169 SUSE bug 1255171 SUSE bug 1255182 SUSE bug 1255187 SUSE bug 1255190 SUSE bug 1255193 SUSE bug 1255197 SUSE bug 1255199 SUSE bug 1255202 SUSE bug 1255203 SUSE bug 1255206 SUSE bug 1255209 SUSE bug 1255218 SUSE bug 1255221 SUSE bug 1255233 SUSE bug 1255245 SUSE bug 1255246 SUSE bug 1255251 SUSE bug 1255252 SUSE bug 1255253 SUSE bug 1255259 SUSE bug 1255274 SUSE bug 1255276 SUSE bug 1255279 SUSE bug 1255280 SUSE bug 1255281 SUSE bug 1255325 SUSE bug 1255329 SUSE bug 1255351 SUSE bug 1255415 SUSE bug 1255480 SUSE bug 1255483 SUSE bug 1255489 SUSE bug 1255493 SUSE bug 1255495 SUSE bug 1255505 SUSE bug 1255538 SUSE bug 1255540 SUSE bug 1255545 SUSE bug 1255549 SUSE bug 1255550 SUSE bug 1255553 SUSE bug 1255557 SUSE bug 1255558 SUSE bug 1255563 SUSE bug 1255564 SUSE bug 1255570 SUSE bug 1255578 SUSE bug 1255579 SUSE bug 1255580 SUSE bug 1255583 SUSE bug 1255591 SUSE bug 1255601 SUSE bug 1255603 SUSE bug 1255605 SUSE bug 1255611 SUSE bug 1255616 SUSE bug 1255617 SUSE bug 1255618 SUSE bug 1255621 SUSE bug 1255628 SUSE bug 1255629 SUSE bug 1255630 SUSE bug 1255632 SUSE bug 1255636 SUSE bug 1255688 SUSE bug 1255691 SUSE bug 1255702 SUSE bug 1255704 SUSE bug 1255706 SUSE bug 1255722 SUSE bug 1255758 SUSE bug 1255759 SUSE bug 1255760 SUSE bug 1255763 SUSE bug 1255769 SUSE bug 1255770 SUSE bug 1255772 SUSE bug 1255774 SUSE bug 1255775 SUSE bug 1255776 SUSE bug 1255780 SUSE bug 1255785 SUSE bug 1255786 SUSE bug 1255789 SUSE bug 1255790 SUSE bug 1255792 SUSE bug 1255793 SUSE bug 1255795 SUSE bug 1255798 SUSE bug 1255800 SUSE bug 1255801 SUSE bug 1255806 SUSE bug 1255807 SUSE bug 1255809 SUSE bug 1255810 SUSE bug 1255812 SUSE bug 1255814 SUSE bug 1255820 SUSE bug 1255838 SUSE bug 1255842 SUSE bug 1255843 SUSE bug 1255872 SUSE bug 1255875 SUSE bug 1255879 SUSE bug 1255883 SUSE bug 1255884 SUSE bug 1255886 SUSE bug 1255888 SUSE bug 1255890 SUSE bug 1255891 SUSE bug 1255892 SUSE bug 1255899 SUSE bug 1255902 SUSE bug 1255907 SUSE bug 1255911 SUSE bug 1255915 SUSE bug 1255918 SUSE bug 1255921 SUSE bug 1255924 SUSE bug 1255925 SUSE bug 1255931 SUSE bug 1255932 SUSE bug 1255934 SUSE bug 1255943 SUSE bug 1255944 SUSE bug 1255949 SUSE bug 1255951 SUSE bug 1255952 SUSE bug 1255955 SUSE bug 1255957 SUSE bug 1255961 SUSE bug 1255963 SUSE bug 1255964 SUSE bug 1255967 SUSE bug 1255974 SUSE bug 1255978 SUSE bug 1255984 SUSE bug 1255988 SUSE bug 1255990 SUSE bug 1255992 SUSE bug 1255993 SUSE bug 1255994 SUSE bug 1255996 SUSE bug 1256033 SUSE bug 1256034 SUSE bug 1256045 SUSE bug 1256050 SUSE bug 1256058 SUSE bug 1256071 SUSE bug 1256074 SUSE bug 1256081 SUSE bug 1256082 SUSE bug 1256083 SUSE bug 1256084 SUSE bug 1256085 SUSE bug 1256090 SUSE bug 1256093 SUSE bug 1256094 SUSE bug 1256095 SUSE bug 1256096 SUSE bug 1256099 SUSE bug 1256100 SUSE bug 1256104 SUSE bug 1256106 SUSE bug 1256107 SUSE bug 1256117 SUSE bug 1256119 SUSE bug 1256121 SUSE bug 1256145 SUSE bug 1256153 SUSE bug 1256178 SUSE bug 1256197 SUSE bug 1256231 SUSE bug 1256233 SUSE bug 1256234 SUSE bug 1256238 SUSE bug 1256263 SUSE bug 1256267 SUSE bug 1256268 SUSE bug 1256271 SUSE bug 1256273 SUSE bug 1256274 SUSE bug 1256279 SUSE bug 1256285 SUSE bug 1256291 SUSE bug 1256292 SUSE bug 1256300 SUSE bug 1256301 SUSE bug 1256302 SUSE bug 1256335 SUSE bug 1256348 SUSE bug 1256351 SUSE bug 1256354 SUSE bug 1256358 SUSE bug 1256361 SUSE bug 1256364 SUSE bug 1256367 SUSE bug 1256368 SUSE bug 1256369 SUSE bug 1256370 SUSE bug 1256371 SUSE bug 1256373 SUSE bug 1256375 SUSE bug 1256379 SUSE bug 1256387 SUSE bug 1256394 SUSE bug 1256395 SUSE bug 1256396 SUSE bug 1256528 CVE-2023-42752 at SUSE CVE-2023-42752 at NVD CVE-2023-53743 at SUSE CVE-2023-53743 at NVD CVE-2023-53750 at SUSE CVE-2023-53750 at NVD CVE-2023-53752 at SUSE CVE-2023-53752 at NVD CVE-2023-53759 at SUSE CVE-2023-53759 at NVD CVE-2023-53762 at SUSE CVE-2023-53762 at NVD CVE-2023-53766 at SUSE CVE-2023-53766 at NVD CVE-2023-53768 at SUSE CVE-2023-53768 at NVD CVE-2023-53777 at SUSE CVE-2023-53777 at NVD CVE-2023-53778 at SUSE CVE-2023-53778 at NVD CVE-2023-53782 at SUSE CVE-2023-53782 at NVD CVE-2023-53784 at SUSE CVE-2023-53784 at NVD CVE-2023-53785 at SUSE CVE-2023-53785 at NVD CVE-2023-53787 at SUSE CVE-2023-53787 at NVD CVE-2023-53791 at SUSE CVE-2023-53791 at NVD CVE-2023-53792 at SUSE CVE-2023-53792 at NVD CVE-2023-53793 at SUSE CVE-2023-53793 at NVD CVE-2023-53794 at SUSE CVE-2023-53794 at NVD CVE-2023-53795 at SUSE CVE-2023-53795 at NVD CVE-2023-53797 at SUSE CVE-2023-53797 at NVD CVE-2023-53799 at SUSE CVE-2023-53799 at NVD CVE-2023-53807 at SUSE CVE-2023-53807 at NVD CVE-2023-53808 at SUSE CVE-2023-53808 at NVD CVE-2023-53813 at SUSE CVE-2023-53813 at NVD CVE-2023-53815 at SUSE CVE-2023-53815 at NVD CVE-2023-53819 at SUSE CVE-2023-53819 at NVD CVE-2023-53821 at SUSE CVE-2023-53821 at NVD CVE-2023-53823 at SUSE CVE-2023-53823 at NVD CVE-2023-53825 at SUSE CVE-2023-53825 at NVD CVE-2023-53828 at SUSE CVE-2023-53828 at NVD CVE-2023-53831 at SUSE CVE-2023-53831 at NVD CVE-2023-53834 at SUSE CVE-2023-53834 at NVD CVE-2023-53836 at SUSE CVE-2023-53836 at NVD CVE-2023-53839 at SUSE CVE-2023-53839 at NVD CVE-2023-53841 at SUSE CVE-2023-53841 at NVD CVE-2023-53842 at SUSE CVE-2023-53842 at NVD CVE-2023-53843 at SUSE CVE-2023-53843 at NVD CVE-2023-53844 at SUSE CVE-2023-53844 at NVD CVE-2023-53846 at SUSE CVE-2023-53846 at NVD CVE-2023-53847 at SUSE CVE-2023-53847 at NVD CVE-2023-53848 at SUSE CVE-2023-53848 at NVD CVE-2023-53850 at SUSE CVE-2023-53850 at NVD CVE-2023-53851 at SUSE CVE-2023-53851 at NVD CVE-2023-53852 at SUSE CVE-2023-53852 at NVD CVE-2023-53855 at SUSE CVE-2023-53855 at NVD CVE-2023-53856 at SUSE CVE-2023-53856 at NVD CVE-2023-53857 at SUSE CVE-2023-53857 at NVD CVE-2023-53858 at SUSE CVE-2023-53858 at NVD CVE-2023-53860 at SUSE CVE-2023-53860 at NVD CVE-2023-53861 at SUSE CVE-2023-53861 at NVD CVE-2023-53863 at SUSE CVE-2023-53863 at NVD CVE-2023-53864 at SUSE CVE-2023-53864 at NVD CVE-2023-53865 at SUSE CVE-2023-53865 at NVD CVE-2023-53989 at SUSE CVE-2023-53989 at NVD CVE-2023-53992 at SUSE CVE-2023-53992 at NVD CVE-2023-53994 at SUSE CVE-2023-53994 at NVD CVE-2023-53995 at SUSE CVE-2023-53995 at NVD CVE-2023-53996 at SUSE CVE-2023-53996 at NVD CVE-2023-53997 at SUSE CVE-2023-53997 at NVD CVE-2023-53998 at SUSE CVE-2023-53998 at NVD CVE-2023-53999 at SUSE CVE-2023-53999 at NVD CVE-2023-54000 at SUSE CVE-2023-54000 at NVD CVE-2023-54001 at SUSE CVE-2023-54001 at NVD CVE-2023-54005 at SUSE CVE-2023-54005 at NVD CVE-2023-54006 at SUSE CVE-2023-54006 at NVD CVE-2023-54008 at SUSE CVE-2023-54008 at NVD CVE-2023-54014 at SUSE CVE-2023-54014 at NVD CVE-2023-54016 at SUSE CVE-2023-54016 at NVD CVE-2023-54017 at SUSE CVE-2023-54017 at NVD CVE-2023-54019 at SUSE CVE-2023-54019 at NVD CVE-2023-54022 at SUSE CVE-2023-54022 at NVD CVE-2023-54023 at SUSE CVE-2023-54023 at NVD CVE-2023-54025 at SUSE CVE-2023-54025 at NVD CVE-2023-54026 at SUSE CVE-2023-54026 at NVD CVE-2023-54027 at SUSE CVE-2023-54027 at NVD CVE-2023-54030 at SUSE CVE-2023-54030 at NVD CVE-2023-54031 at SUSE CVE-2023-54031 at NVD CVE-2023-54032 at SUSE CVE-2023-54032 at NVD CVE-2023-54035 at SUSE CVE-2023-54035 at NVD CVE-2023-54037 at SUSE CVE-2023-54037 at NVD CVE-2023-54038 at SUSE CVE-2023-54038 at NVD CVE-2023-54042 at SUSE CVE-2023-54042 at NVD CVE-2023-54045 at SUSE CVE-2023-54045 at NVD CVE-2023-54048 at SUSE CVE-2023-54048 at NVD CVE-2023-54049 at SUSE CVE-2023-54049 at NVD CVE-2023-54051 at SUSE CVE-2023-54051 at NVD CVE-2023-54052 at SUSE CVE-2023-54052 at NVD CVE-2023-54060 at SUSE CVE-2023-54060 at NVD CVE-2023-54064 at SUSE CVE-2023-54064 at NVD CVE-2023-54066 at SUSE CVE-2023-54066 at NVD CVE-2023-54067 at SUSE CVE-2023-54067 at NVD CVE-2023-54069 at SUSE CVE-2023-54069 at NVD CVE-2023-54070 at SUSE CVE-2023-54070 at NVD CVE-2023-54072 at SUSE CVE-2023-54072 at NVD CVE-2023-54076 at SUSE CVE-2023-54076 at NVD CVE-2023-54080 at SUSE CVE-2023-54080 at NVD CVE-2023-54081 at SUSE CVE-2023-54081 at NVD CVE-2023-54083 at SUSE CVE-2023-54083 at NVD CVE-2023-54088 at SUSE CVE-2023-54088 at NVD CVE-2023-54089 at SUSE CVE-2023-54089 at NVD CVE-2023-54091 at SUSE CVE-2023-54091 at NVD CVE-2023-54092 at SUSE CVE-2023-54092 at NVD CVE-2023-54093 at SUSE CVE-2023-54093 at NVD CVE-2023-54094 at SUSE CVE-2023-54094 at NVD CVE-2023-54095 at SUSE CVE-2023-54095 at NVD CVE-2023-54096 at SUSE CVE-2023-54096 at NVD CVE-2023-54099 at SUSE CVE-2023-54099 at NVD CVE-2023-54101 at SUSE CVE-2023-54101 at NVD CVE-2023-54104 at SUSE CVE-2023-54104 at NVD CVE-2023-54106 at SUSE CVE-2023-54106 at NVD CVE-2023-54112 at SUSE CVE-2023-54112 at NVD CVE-2023-54113 at SUSE CVE-2023-54113 at NVD CVE-2023-54115 at SUSE CVE-2023-54115 at NVD CVE-2023-54117 at SUSE CVE-2023-54117 at NVD CVE-2023-54121 at SUSE CVE-2023-54121 at NVD CVE-2023-54125 at SUSE CVE-2023-54125 at NVD CVE-2023-54127 at SUSE CVE-2023-54127 at NVD CVE-2023-54133 at SUSE CVE-2023-54133 at NVD CVE-2023-54134 at SUSE CVE-2023-54134 at NVD CVE-2023-54135 at SUSE CVE-2023-54135 at NVD CVE-2023-54136 at SUSE CVE-2023-54136 at NVD CVE-2023-54137 at SUSE CVE-2023-54137 at NVD CVE-2023-54140 at SUSE CVE-2023-54140 at NVD CVE-2023-54141 at SUSE CVE-2023-54141 at NVD CVE-2023-54142 at SUSE CVE-2023-54142 at NVD CVE-2023-54143 at SUSE CVE-2023-54143 at NVD CVE-2023-54145 at SUSE CVE-2023-54145 at NVD CVE-2023-54148 at SUSE CVE-2023-54148 at NVD CVE-2023-54149 at SUSE CVE-2023-54149 at NVD CVE-2023-54153 at SUSE CVE-2023-54153 at NVD CVE-2023-54154 at SUSE CVE-2023-54154 at NVD CVE-2023-54155 at SUSE CVE-2023-54155 at NVD CVE-2023-54156 at SUSE CVE-2023-54156 at NVD CVE-2023-54164 at SUSE CVE-2023-54164 at NVD CVE-2023-54166 at SUSE CVE-2023-54166 at NVD CVE-2023-54169 at SUSE CVE-2023-54169 at NVD CVE-2023-54170 at SUSE CVE-2023-54170 at NVD CVE-2023-54171 at SUSE CVE-2023-54171 at NVD CVE-2023-54172 at SUSE CVE-2023-54172 at NVD CVE-2023-54173 at SUSE CVE-2023-54173 at NVD CVE-2023-54177 at SUSE CVE-2023-54177 at NVD CVE-2023-54178 at SUSE CVE-2023-54178 at NVD CVE-2023-54179 at SUSE CVE-2023-54179 at NVD CVE-2023-54181 at SUSE CVE-2023-54181 at NVD CVE-2023-54183 at SUSE CVE-2023-54183 at NVD CVE-2023-54185 at SUSE CVE-2023-54185 at NVD CVE-2023-54189 at SUSE CVE-2023-54189 at NVD CVE-2023-54194 at SUSE CVE-2023-54194 at NVD CVE-2023-54201 at SUSE CVE-2023-54201 at NVD CVE-2023-54204 at SUSE CVE-2023-54204 at NVD CVE-2023-54207 at SUSE CVE-2023-54207 at NVD CVE-2023-54209 at SUSE CVE-2023-54209 at NVD CVE-2023-54210 at SUSE CVE-2023-54210 at NVD CVE-2023-54211 at SUSE CVE-2023-54211 at NVD CVE-2023-54215 at SUSE CVE-2023-54215 at NVD CVE-2023-54219 at SUSE CVE-2023-54219 at NVD CVE-2023-54220 at SUSE CVE-2023-54220 at NVD CVE-2023-54221 at SUSE CVE-2023-54221 at NVD CVE-2023-54223 at SUSE CVE-2023-54223 at NVD CVE-2023-54224 at SUSE CVE-2023-54224 at NVD CVE-2023-54225 at SUSE CVE-2023-54225 at NVD CVE-2023-54227 at SUSE CVE-2023-54227 at NVD CVE-2023-54229 at SUSE CVE-2023-54229 at NVD CVE-2023-54230 at SUSE CVE-2023-54230 at NVD CVE-2023-54235 at SUSE CVE-2023-54235 at NVD CVE-2023-54240 at SUSE CVE-2023-54240 at NVD CVE-2023-54241 at SUSE CVE-2023-54241 at NVD CVE-2023-54246 at SUSE CVE-2023-54246 at NVD CVE-2023-54247 at SUSE CVE-2023-54247 at NVD CVE-2023-54251 at SUSE CVE-2023-54251 at NVD CVE-2023-54253 at SUSE CVE-2023-54253 at NVD CVE-2023-54254 at SUSE CVE-2023-54254 at NVD CVE-2023-54255 at SUSE CVE-2023-54255 at NVD CVE-2023-54258 at SUSE CVE-2023-54258 at NVD CVE-2023-54261 at SUSE CVE-2023-54261 at NVD CVE-2023-54263 at SUSE CVE-2023-54263 at NVD CVE-2023-54264 at SUSE CVE-2023-54264 at NVD CVE-2023-54266 at SUSE CVE-2023-54266 at NVD CVE-2023-54267 at SUSE CVE-2023-54267 at NVD CVE-2023-54271 at SUSE CVE-2023-54271 at NVD CVE-2023-54276 at SUSE CVE-2023-54276 at NVD CVE-2023-54278 at SUSE CVE-2023-54278 at NVD CVE-2023-54281 at SUSE CVE-2023-54281 at NVD CVE-2023-54282 at SUSE CVE-2023-54282 at NVD CVE-2023-54283 at SUSE CVE-2023-54283 at NVD CVE-2023-54285 at SUSE CVE-2023-54285 at NVD CVE-2023-54289 at SUSE CVE-2023-54289 at NVD CVE-2023-54291 at SUSE CVE-2023-54291 at NVD CVE-2023-54292 at SUSE CVE-2023-54292 at NVD CVE-2023-54293 at SUSE CVE-2023-54293 at NVD CVE-2023-54296 at SUSE CVE-2023-54296 at NVD CVE-2023-54297 at SUSE CVE-2023-54297 at NVD CVE-2023-54299 at SUSE CVE-2023-54299 at NVD CVE-2023-54300 at SUSE CVE-2023-54300 at NVD CVE-2023-54302 at SUSE CVE-2023-54302 at NVD CVE-2023-54303 at SUSE CVE-2023-54303 at NVD CVE-2023-54304 at SUSE CVE-2023-54304 at NVD CVE-2023-54309 at SUSE CVE-2023-54309 at NVD CVE-2023-54312 at SUSE CVE-2023-54312 at NVD CVE-2023-54313 at SUSE CVE-2023-54313 at NVD CVE-2023-54314 at SUSE CVE-2023-54314 at NVD CVE-2023-54315 at SUSE CVE-2023-54315 at NVD CVE-2023-54316 at SUSE CVE-2023-54316 at NVD CVE-2023-54318 at SUSE CVE-2023-54318 at NVD CVE-2023-54319 at SUSE CVE-2023-54319 at NVD CVE-2023-54322 at SUSE CVE-2023-54322 at NVD CVE-2023-54324 at SUSE CVE-2023-54324 at NVD CVE-2023-54326 at SUSE CVE-2023-54326 at NVD CVE-2024-26944 at SUSE CVE-2024-26944 at NVD CVE-2025-38321 at SUSE CVE-2025-38321 at NVD CVE-2025-38728 at SUSE CVE-2025-38728 at NVD CVE-2025-39890 at SUSE CVE-2025-39890 at NVD CVE-2025-39977 at SUSE CVE-2025-39977 at NVD CVE-2025-40006 at SUSE CVE-2025-40006 at NVD CVE-2025-40024 at SUSE CVE-2025-40024 at NVD CVE-2025-40033 at SUSE CVE-2025-40033 at NVD CVE-2025-40042 at SUSE CVE-2025-40042 at NVD CVE-2025-40053 at SUSE CVE-2025-40053 at NVD CVE-2025-40081 at SUSE CVE-2025-40081 at NVD CVE-2025-40102 at SUSE CVE-2025-40102 at NVD CVE-2025-40134 at SUSE CVE-2025-40134 at NVD CVE-2025-40135 at SUSE CVE-2025-40135 at NVD CVE-2025-40153 at SUSE CVE-2025-40153 at NVD CVE-2025-40158 at SUSE CVE-2025-40158 at NVD CVE-2025-40167 at SUSE CVE-2025-40167 at NVD CVE-2025-40170 at SUSE CVE-2025-40170 at NVD CVE-2025-40178 at SUSE CVE-2025-40178 at NVD CVE-2025-40179 at SUSE CVE-2025-40179 at NVD CVE-2025-40187 at SUSE CVE-2025-40187 at NVD CVE-2025-40211 at SUSE CVE-2025-40211 at NVD CVE-2025-40215 at SUSE CVE-2025-40215 at NVD CVE-2025-40219 at SUSE CVE-2025-40219 at NVD CVE-2025-40220 at SUSE CVE-2025-40220 at NVD CVE-2025-40223 at SUSE CVE-2025-40223 at NVD CVE-2025-40233 at SUSE CVE-2025-40233 at NVD CVE-2025-40242 at SUSE CVE-2025-40242 at NVD CVE-2025-40244 at SUSE CVE-2025-40244 at NVD CVE-2025-40256 at SUSE CVE-2025-40256 at NVD CVE-2025-40258 at SUSE CVE-2025-40258 at NVD CVE-2025-40262 at SUSE CVE-2025-40262 at NVD CVE-2025-40263 at SUSE CVE-2025-40263 at NVD CVE-2025-40269 at SUSE CVE-2025-40269 at NVD CVE-2025-40272 at SUSE CVE-2025-40272 at NVD CVE-2025-40273 at SUSE CVE-2025-40273 at NVD CVE-2025-40275 at SUSE CVE-2025-40275 at NVD CVE-2025-40277 at SUSE CVE-2025-40277 at NVD CVE-2025-40280 at SUSE CVE-2025-40280 at NVD CVE-2025-40282 at SUSE CVE-2025-40282 at NVD CVE-2025-40283 at SUSE CVE-2025-40283 at NVD CVE-2025-40284 at SUSE CVE-2025-40284 at NVD CVE-2025-40288 at SUSE CVE-2025-40288 at NVD CVE-2025-40297 at SUSE CVE-2025-40297 at NVD CVE-2025-40301 at SUSE CVE-2025-40301 at NVD CVE-2025-40304 at SUSE CVE-2025-40304 at NVD CVE-2025-40306 at SUSE CVE-2025-40306 at NVD CVE-2025-40308 at SUSE CVE-2025-40308 at NVD CVE-2025-40309 at SUSE CVE-2025-40309 at NVD CVE-2025-40310 at SUSE CVE-2025-40310 at NVD CVE-2025-40311 at SUSE CVE-2025-40311 at NVD CVE-2025-40312 at SUSE CVE-2025-40312 at NVD CVE-2025-40314 at SUSE CVE-2025-40314 at NVD CVE-2025-40315 at SUSE CVE-2025-40315 at NVD CVE-2025-40316 at SUSE CVE-2025-40316 at NVD CVE-2025-40317 at SUSE CVE-2025-40317 at NVD CVE-2025-40318 at SUSE CVE-2025-40318 at NVD CVE-2025-40320 at SUSE CVE-2025-40320 at NVD CVE-2025-40321 at SUSE CVE-2025-40321 at NVD CVE-2025-40322 at SUSE CVE-2025-40322 at NVD CVE-2025-40323 at SUSE CVE-2025-40323 at NVD CVE-2025-40324 at SUSE CVE-2025-40324 at NVD CVE-2025-40328 at SUSE CVE-2025-40328 at NVD CVE-2025-40329 at SUSE CVE-2025-40329 at NVD CVE-2025-40331 at SUSE CVE-2025-40331 at NVD CVE-2025-40342 at SUSE CVE-2025-40342 at NVD CVE-2025-40343 at SUSE CVE-2025-40343 at NVD CVE-2025-40345 at SUSE CVE-2025-40345 at NVD CVE-2025-40349 at SUSE CVE-2025-40349 at NVD CVE-2025-40351 at SUSE CVE-2025-40351 at NVD CVE-2025-68168 at SUSE CVE-2025-68168 at NVD CVE-2025-68172 at SUSE CVE-2025-68172 at NVD CVE-2025-68176 at SUSE CVE-2025-68176 at NVD CVE-2025-68180 at SUSE CVE-2025-68180 at NVD CVE-2025-68183 at SUSE CVE-2025-68183 at NVD CVE-2025-68185 at SUSE CVE-2025-68185 at NVD CVE-2025-68192 at SUSE CVE-2025-68192 at NVD CVE-2025-68194 at SUSE CVE-2025-68194 at NVD CVE-2025-68195 at SUSE CVE-2025-68195 at NVD CVE-2025-68217 at SUSE CVE-2025-68217 at NVD CVE-2025-68218 at SUSE CVE-2025-68218 at NVD CVE-2025-68222 at SUSE CVE-2025-68222 at NVD CVE-2025-68233 at SUSE CVE-2025-68233 at NVD CVE-2025-68235 at SUSE CVE-2025-68235 at NVD CVE-2025-68237 at SUSE CVE-2025-68237 at NVD CVE-2025-68238 at SUSE CVE-2025-68238 at NVD CVE-2025-68244 at SUSE CVE-2025-68244 at NVD CVE-2025-68249 at SUSE CVE-2025-68249 at NVD CVE-2025-68252 at SUSE CVE-2025-68252 at NVD CVE-2025-68257 at SUSE CVE-2025-68257 at NVD CVE-2025-68258 at SUSE CVE-2025-68258 at NVD CVE-2025-68259 at SUSE CVE-2025-68259 at NVD CVE-2025-68286 at SUSE CVE-2025-68286 at NVD CVE-2025-68287 at SUSE CVE-2025-68287 at NVD CVE-2025-68289 at SUSE CVE-2025-68289 at NVD CVE-2025-68290 at SUSE CVE-2025-68290 at NVD CVE-2025-68303 at SUSE CVE-2025-68303 at NVD CVE-2025-68305 at SUSE CVE-2025-68305 at NVD CVE-2025-68307 at SUSE CVE-2025-68307 at NVD CVE-2025-68308 at SUSE CVE-2025-68308 at NVD CVE-2025-68312 at SUSE CVE-2025-68312 at NVD CVE-2025-68313 at SUSE CVE-2025-68313 at NVD CVE-2025-68328 at SUSE CVE-2025-68328 at NVD CVE-2025-68330 at SUSE CVE-2025-68330 at NVD CVE-2025-68331 at SUSE CVE-2025-68331 at NVD CVE-2025-68332 at SUSE CVE-2025-68332 at NVD CVE-2025-68335 at SUSE CVE-2025-68335 at NVD CVE-2025-68339 at SUSE CVE-2025-68339 at NVD CVE-2025-68345 at SUSE CVE-2025-68345 at NVD CVE-2025-68346 at SUSE CVE-2025-68346 at NVD CVE-2025-68347 at SUSE CVE-2025-68347 at NVD CVE-2025-68354 at SUSE CVE-2025-68354 at NVD CVE-2025-68362 at SUSE CVE-2025-68362 at NVD CVE-2025-68380 at SUSE CVE-2025-68380 at NVD CVE-2025-68724 at SUSE CVE-2025-68724 at NVD CVE-2025-68732 at SUSE CVE-2025-68732 at NVD CVE-2025-68734 at SUSE CVE-2025-68734 at NVD CVE-2025-68740 at SUSE CVE-2025-68740 at NVD CVE-2025-68746 at SUSE CVE-2025-68746 at NVD CVE-2025-68750 at SUSE CVE-2025-68750 at NVD CVE-2025-68753 at SUSE CVE-2025-68753 at NVD CVE-2025-68757 at SUSE CVE-2025-68757 at NVD CVE-2025-68758 at SUSE CVE-2025-68758 at NVD CVE-2025-68759 at SUSE CVE-2025-68759 at NVD CVE-2025-68765 at SUSE CVE-2025-68765 at NVD CVE-2025-68766 at SUSE CVE-2025-68766 at NVD cpe:/o:opensuse:leap:15.6 Security update for nodejs22 (Important) openSUSE Leap 15.6 This update for nodejs22 fixes the following issues: Security fixes: - CVE-2026-22036: Fixed unbounded decompression chain in HTTP response leading to resource exhaustion (bsc#1256848) - CVE-2026-21637: Fixed synchronous exceptions thrown during callbacks that bypass TLS error handling and causing denial of service (bsc#1256576) - CVE-2025-55132: Fixed futimes() ability to acces file even if process has read permissions only (bsc#1256571) - CVE-2025-55131: Fixed race condition that allowed allocations with leftover data leading to in-process secrets exposure (bsc#1256570) - CVE-2025-55130: Fixed filesystem permissions bypass via crafted symlinks (bsc#1256569) - CVE-2025-59465: Fixed malformed HTTP/2 HEADERS frame with invalid HPACK leading to crash (bsc#1256573) - CVE-2025-59466: Fixed uncatchable 'Maximum call stack size exceeded' error leading to crash (bsc#1256574) Other fixes: - Update to 22.22.0: * deps: updated undici to 6.23.0 * deps: updated bundled c-ares to 1.34.6 (if used) * add TLSSocket default error handler * disable futimes when permission model is enabled * require full read and write to symlink APIs * rethrow stack overflow exceptions in async_hooks * refactor unsafe buffer creation to remove zero-fill toggle * route callback exceptions through error handlers - Update to 22.21.1: * src: avoid unnecessary string -> char* -> string round trips * src: remove unnecessary shadowed functions on Utf8Value & BufferValue * process: fix hrtime fast call signatures * http: improve writeEarlyHints by avoiding for-of loop - Update to 22.21.0: * cli: add --use-env-proxy * http: support http proxy for fetch under NODE_USE_ENV_PROXY * http: add shouldUpgradeCallback to let servers control HTTP upgrades * http,https: add built-in proxy support in http/https.request and Agent * src: add percentage support to --max-old-space-size - Update to 22.20.0 * doc: stabilize --disable-sigusr1 * doc: mark path.matchesGlob as stable * http: add Agent.agentKeepAliveTimeoutBuffer option * http2: add support for raw header arrays in h2Stream.respond() * inspector: add http2 tracking support * sea: implement execArgvExtension * sea: support execArgv in sea config * stream: add brotli support to CompressionStream and DecompressionStream * test_runner: support object property mocking * worker: add cpu profile APIs for worker - Update to 22.19.0 * cli: add NODE_USE_SYSTEM_CA=1 * cli: support ${pid} placeholder in --cpu-prof-name * crypto: add tls.setDefaultCACertificates() * dns: support max timeout * doc: update the instruction on how to verify releases * esm: unflag --experimental-wasm-modules * http: add server.keepAliveTimeoutBuffer option * lib: docs deprecate _http_* * net: update net.blocklist to allow file save and file management * process: add threadCpuUsage * zlib: add dictionary support to zstdCompress and zstdDecompress - Update to 22.18.0: * deps: update amaro to 1.1.0 * doc: add all watch-mode related flags to node.1 * doc: add islandryu to collaborators * esm: implement import.meta.main * fs: allow correct handling of burst in fs-events with AsyncIterator * permission: propagate permission model flags on spawn * sqlite: add support for readBigInts option in db connection level * src,permission: add support to permission.has(addon) * url: add fileURLToPathBuffer API * watch: add --watch-kill-signal flag * worker: make Worker async disposable Important SUSE bug 1256569 SUSE bug 1256570 SUSE bug 1256571 SUSE bug 1256573 SUSE bug 1256574 SUSE bug 1256576 SUSE bug 1256848 CVE-2025-55130 at SUSE CVE-2025-55130 at NVD CVE-2025-55131 at SUSE CVE-2025-55131 at NVD CVE-2025-55132 at SUSE CVE-2025-55132 at NVD CVE-2025-59465 at SUSE CVE-2025-59465 at NVD CVE-2025-59466 at SUSE CVE-2025-59466 at NVD CVE-2026-21637 at SUSE CVE-2026-21637 at NVD CVE-2026-22036 at SUSE CVE-2026-22036 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.25-openssl (Important) openSUSE Leap 15.6 This update for go1.25-openssl fixes the following issues: Update to version 1.25.6 (released 2026-01-15) (jsc#SLE-18320, bsc#1244485): Security fixes: - CVE-2025-4674 cmd/go: disable support for multiple vcs in one module (bsc#1246118). - CVE-2025-47906 os/exec: LookPath bug: incorrect expansion of '', '.' and '..' in some PATH configurations (bsc#1247719). - CVE-2025-47907 database/sql: incorrect results returned from Rows.Scan (bsc#1247720). - CVE-2025-47910 net/http: CrossOriginProtection insecure bypass patterns not limited to exact matches (bsc#1249141). - CVE-2025-47912 net/url: insufficient validation of bracketed IPv6 hostnames (bsc#1251257). - CVE-2025-58183 archive/tar: unbounded allocation when parsing GNU sparse map (bsc#1251261). - CVE-2025-58185 encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion (bsc#1251258). - CVE-2025-58186 net/http: lack of limit when parsing cookies can cause memory exhaustion (bsc#1251259). - CVE-2025-58187 crypto/x509: quadratic complexity when checking name constraints (bsc#1251254). - CVE-2025-58188 crypto/x509: panic when validating certificates with DSA public keys (bsc#1251260). - CVE-2025-58189 crypto/tls: ALPN negotiation error contains attacker controlled information (bsc#1251255). - CVE-2025-61723 encoding/pem: quadratic complexity when parsing some invalid inputs (bsc#1251256). - CVE-2025-61724 net/textproto: excessive CPU consumption in Reader.ReadResponse (bsc#1251262). - CVE-2025-61725 net/mail: excessive CPU consumption in ParseAddress (bsc#1251253). - CVE-2025-61726 net/http: memory exhaustion in Request.ParseForm (bsc#1256817). - CVE-2025-61727 crypto/x509: excluded subdomain constraint doesn't preclude wildcard SAN (bsc#1254430). - CVE-2025-61728 archive/zip: denial of service when parsing arbitrary ZIP archives (bsc#1256816). - CVE-2025-61729 crypto/x509: excessive resource consumption in printing error string for host certificate validation (bsc#1254431). - CVE-2025-61730 crypto/tls: handshake messages may be processed at the incorrect encryption level (bsc#1256821). - CVE-2025-61731 cmd/go: bypass of flag sanitization can lead to arbitrary code execution (bsc#1256819). - CVE-2025-68119 cmd/go: unexpected code execution when invoking toolchain (bsc#1256820). - CVE-2025-68121 crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818). Other fixes: * go#74822 cmd/go: 'get toolchain@latest' should ignore release candidates * go#74999 net: WriteMsgUDPAddrPort should accept IPv4-mapped IPv6 destination addresses on IPv4 UDP sockets * go#75008 os/exec: TestLookPath fails on plan9 after CL 685755 * go#75021 testing/synctest: bubble not terminating * go#75083 os: File.Seek doesn't set the correct offset with Windows overlapped handles * go#75111 os, syscall: volume handles with FILE_FLAG_OVERLAPPED fail when calling ReadAt * go#75116 os: Root.MkdirAll can return 'file exists' when called concurrently on the same path * go#75139 os: Root.OpenRoot sets incorrect name, losing prefix of original root * go#75221 debug/pe: pe.Open fails on object files produced by llvm-mingw 21 * go#75255 cmd/compile: export to DWARF types only referenced through interfaces * go#75347 testing/synctest: test timeout with no runnable goroutines * go#75357 net: new test TestIPv4WriteMsgUDPAddrPortTargetAddrIPVersion fails on plan9 * go#75480 cmd/link: linker panic and relocation errors with complex generics inlining * go#75524 crypto/internal/fips140/rsa: requires a panic if self-tests fail * go#75537 context: Err can return non-nil before Done channel is closed * go#75539 net/http: internal error: connCount underflow * go#75595 cmd/compile: internal compiler error with GOEXPERIMENT=cgocheck2 on github.com/leodido/go-urn * go#75610 sync/atomic: comment for Uintptr.Or incorrectly describes return value * go#75669 runtime: debug.decoratemappings don't work as expected * go#75775 runtime: build fails when run via QEMU for linux/amd64 running on linux/arm64 * go#75777 spec: Go1.25 spec should be dated closer to actual release date * go#75790 crypto/internal/fips140/subtle: Go 1.25 subtle.xorBytes panic on MIPS * go#75832 net/url: ipv4 mapped ipv6 addresses should be valid in square brackets * go#75861 crypto/x509: TLS validation fails for FQDNs with trailing dot * go#75952 encoding/pem: regression when decoding blocks with leading garbage * go#75989 os: on windows RemoveAll removing directories containing read-only files errors with unlinkat ... Access is denied * go#76010 cmd/compile: any(func(){})==any(func(){}) does not panic but should * go#76029 pem/encoding: malformed line endings can cause panics * go#76245 mime: FormatMediaType and ParseMediaType not compatible across 1.24 to 1.25 * go#76360 os: on windows RemoveAll removing directories containing read-only files errors with unlinkat ... Access is denied, ReOpenFile error handling followup * go#76392 os: package initialization hangs is Stdin is blocked * go#76409 crypto/tls: earlyTrafficSecret should use ClientHelloInner if ECH enabled * go#76620 os: on Unix, Readdirnames skips directory entries with zero inodes * go#76761 runtime: stack split at bad time in os/signal with Go 1.25.4 windows 386 * go#76776 runtime: race detector crash on ppc64le * go#76967 cmd/compile/internal/ssa: Compile.func1(): panic during sccp while compiling <function>: runtime error: index out of range * go#76973 errors: errors.Join behavior changed in 1.25 Important SUSE bug 1244485 SUSE bug 1245878 SUSE bug 1246118 SUSE bug 1247719 SUSE bug 1247720 SUSE bug 1247816 SUSE bug 1248082 SUSE bug 1249141 SUSE bug 1249985 SUSE bug 1251253 SUSE bug 1251254 SUSE bug 1251255 SUSE bug 1251256 SUSE bug 1251257 SUSE bug 1251258 SUSE bug 1251259 SUSE bug 1251260 SUSE bug 1251261 SUSE bug 1251262 SUSE bug 1254227 SUSE bug 1254430 SUSE bug 1254431 SUSE bug 1256816 SUSE bug 1256817 SUSE bug 1256818 SUSE bug 1256819 SUSE bug 1256820 SUSE bug 1256821 CVE-2025-4674 at SUSE CVE-2025-4674 at NVD CVE-2025-47906 at SUSE CVE-2025-47906 at NVD CVE-2025-47907 at SUSE CVE-2025-47907 at NVD CVE-2025-47910 at SUSE CVE-2025-47910 at NVD CVE-2025-47912 at SUSE CVE-2025-47912 at NVD CVE-2025-58183 at SUSE CVE-2025-58183 at NVD CVE-2025-58185 at SUSE CVE-2025-58185 at NVD CVE-2025-58186 at SUSE CVE-2025-58186 at NVD CVE-2025-58187 at SUSE CVE-2025-58187 at NVD CVE-2025-58188 at SUSE CVE-2025-58188 at NVD CVE-2025-58189 at SUSE CVE-2025-58189 at NVD CVE-2025-61723 at SUSE CVE-2025-61723 at NVD CVE-2025-61724 at SUSE CVE-2025-61724 at NVD CVE-2025-61725 at SUSE CVE-2025-61725 at NVD CVE-2025-61726 at SUSE CVE-2025-61726 at NVD CVE-2025-61727 at SUSE CVE-2025-61727 at NVD CVE-2025-61728 at SUSE CVE-2025-61728 at NVD CVE-2025-61729 at SUSE CVE-2025-61729 at NVD CVE-2025-61730 at SUSE CVE-2025-61730 at NVD CVE-2025-61731 at SUSE CVE-2025-61731 at NVD CVE-2025-68119 at SUSE CVE-2025-68119 at NVD CVE-2025-68121 at SUSE CVE-2025-68121 at NVD cpe:/o:opensuse:leap:15.6 Security update for xen (Moderate) openSUSE Leap 15.6 This update for xen fixes the following issues: - CVE-2025-58150: Fixed buffer overrun with shadow paging and tracing (XSA-477) (bsc#1256745) - CVE-2026-23553: Fixed incomplete IBPB for vCPU isolation (XSA-479) (bsc#1256747) Moderate SUSE bug 1256745 SUSE bug 1256747 CVE-2025-58150 at SUSE CVE-2025-58150 at NVD CVE-2026-23553 at SUSE CVE-2026-23553 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-python-multipart (Important) openSUSE Leap 15.6 This update for python-python-multipart fixes the following issues: - CVE-2026-24486: Fixed non-default configuration options can lead to path traversal (bsc#1257301). Important SUSE bug 1257301 CVE-2026-24486 at SUSE CVE-2026-24486 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.24-openssl (Important) openSUSE Leap 15.6 This update for go1.24-openssl fixes the following issues: Update to version 1.24.12 (released 2026-01-15) (jsc#SLE-18320, bsc#1236217): Security fixes: - CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames (bsc#1251257). - CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map (bsc#1251261). - CVE-2025-58185: encoding/asn1: pre-allocating memory when parsing DER payload can cause memory exhaustion (bsc#1251258). - CVE-2025-58186: net/http: lack of limit when parsing cookies can cause memory exhaustion (bsc#1251259). - CVE-2025-58187: crypto/x509: quadratic complexity when checking name constraints (bsc#1251254). - CVE-2025-58188: crypto/x509: panic when validating certificates with DSA public keys (bsc#1251260). - CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information (bsc#1251255). - CVE-2025-61723: encoding/pem: quadratic complexity when parsing some invalid inputs (bsc#1251256). - CVE-2025-61724: net/textproto: excessive CPU consumption in Reader.ReadResponse (bsc#1251262). - CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress (bsc#1251253). - CVE-2025-61726: net/http: memory exhaustion in Request.ParseForm (bsc#1256817). - CVE-2025-61727: crypto/x509: excluded subdomain constraint doesn't preclude wildcard SAN (bsc#1254430). - CVE-2025-61728: archive/zip: denial of service when parsing arbitrary ZIP archives (bsc#1256816). - CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host certificate validation (bsc#1254431). - CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level (bsc#1256821). - CVE-2025-61731: cmd/go: bypass of flag sanitization can lead to arbitrary code execution (bsc#1256819). - CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc#1256820). - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818). Other fixes: * go#74818 net: WriteMsgUDPAddrPort should accept IPv4-mapped IPv6 destination addresses on IPv4 UDP sockets * go#74821 cmd/go: 'get toolchain@latest' should ignore release candidates * go#75007 os/exec: TestLookPath fails on plan9 after CL 685755 * go#75138 os: Root.OpenRoot sets incorrect name, losing prefix of original root * go#75220 debug/pe: pe.Open fails on object files produced by llvm-mingw 21 * go#75351 cmd/link: panic on riscv64 with CGO enabled due to empty container symbol * go#75356 net: new test TestIPv4WriteMsgUDPAddrPortTargetAddrIPVersion fails on plan9 * go#75359 os: new test TestOpenFileCreateExclDanglingSymlink fails on Plan 9 * go#75523 crypto/internal/fips140/rsa: requires a panic if self-tests fail * go#75538 net/http: internal error: connCount underflow * go#75594 cmd/compile: internal compiler error with GOEXPERIMENT=cgocheck2 on github.com/leodido/go-urn * go#75609 sync/atomic: comment for Uintptr.Or incorrectly describes return value * go#75831 net/url: ipv4 mapped ipv6 addresses should be valid in square brackets * go#75860 crypto/x509: TLS validation fails for FQDNs with trailing dot * go#75951 encoding/pem: regression when decoding blocks with leading garbage * go#76028 pem/encoding: malformed line endings can cause panics * go#76378 internal/cpu: incorrect CPU features bit parsing on loong64 cause illegal instruction core dumps on LA364 cores * go#76408 crypto/tls: earlyTrafficSecret should use ClientHelloInner if ECH enabled * go#76624 os: on Unix, Readdirnames skips directory entries with zero inodes * go#76760 runtime: stack split at bad time in os/signal with Go 1.25.4 windows 386 * go#76796 runtime: race detector crash on ppc64le * go#76966 cmd/compile/internal/ssa: Compile.func1(): panic during sccp while compiling &lt;function&gt;: runtime error: index out of range Important SUSE bug 1236217 SUSE bug 1245878 SUSE bug 1247816 SUSE bug 1248082 SUSE bug 1249985 SUSE bug 1251253 SUSE bug 1251254 SUSE bug 1251255 SUSE bug 1251256 SUSE bug 1251257 SUSE bug 1251258 SUSE bug 1251259 SUSE bug 1251260 SUSE bug 1251261 SUSE bug 1251262 SUSE bug 1254430 SUSE bug 1254431 SUSE bug 1256816 SUSE bug 1256817 SUSE bug 1256818 SUSE bug 1256819 SUSE bug 1256820 SUSE bug 1256821 CVE-2025-47912 at SUSE CVE-2025-47912 at NVD CVE-2025-58183 at SUSE CVE-2025-58183 at NVD CVE-2025-58185 at SUSE CVE-2025-58185 at NVD CVE-2025-58186 at SUSE CVE-2025-58186 at NVD CVE-2025-58187 at SUSE CVE-2025-58187 at NVD CVE-2025-58188 at SUSE CVE-2025-58188 at NVD CVE-2025-58189 at SUSE CVE-2025-58189 at NVD CVE-2025-61723 at SUSE CVE-2025-61723 at NVD CVE-2025-61724 at SUSE CVE-2025-61724 at NVD CVE-2025-61725 at SUSE CVE-2025-61725 at NVD CVE-2025-61726 at SUSE CVE-2025-61726 at NVD CVE-2025-61727 at SUSE CVE-2025-61727 at NVD CVE-2025-61728 at SUSE CVE-2025-61728 at NVD CVE-2025-61729 at SUSE CVE-2025-61729 at NVD CVE-2025-61730 at SUSE CVE-2025-61730 at NVD CVE-2025-61731 at SUSE CVE-2025-61731 at NVD CVE-2025-68119 at SUSE CVE-2025-68119 at NVD CVE-2025-68121 at SUSE CVE-2025-68121 at NVD cpe:/o:opensuse:leap:15.6 Security update for openssl-3 (Critical) openSUSE Leap 15.6 This update for openssl-3 fixes the following issues: - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830). - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). Critical SUSE bug 1256830 SUSE bug 1256834 SUSE bug 1256835 SUSE bug 1256836 SUSE bug 1256837 SUSE bug 1256838 SUSE bug 1256839 SUSE bug 1256840 CVE-2025-15467 at SUSE CVE-2025-15467 at NVD CVE-2025-68160 at SUSE CVE-2025-68160 at NVD CVE-2025-69418 at SUSE CVE-2025-69418 at NVD CVE-2025-69419 at SUSE CVE-2025-69419 at NVD CVE-2025-69420 at SUSE CVE-2025-69420 at NVD CVE-2025-69421 at SUSE CVE-2025-69421 at NVD CVE-2026-22795 at SUSE CVE-2026-22795 at NVD CVE-2026-22796 at SUSE CVE-2026-22796 at NVD cpe:/o:opensuse:leap:15.6 Security update for gimp (Important) openSUSE Leap 15.6 This update for gimp fixes the following issues: - CVE-2025-14422: Fixed RCE vulnerability due to PNM file parsing integer overflow (bsc#1255293) - CVE-2025-14425: Fixed RCE vulnerability due to JP2 file parsing heap-based buffer overflow (bsc#1255296) Important SUSE bug 1255293 SUSE bug 1255296 CVE-2025-14422 at SUSE CVE-2025-14422 at NVD CVE-2025-14425 at SUSE CVE-2025-14425 at NVD cpe:/o:opensuse:leap:15.6 Security update for python311 (Moderate) openSUSE Leap 15.6 This update for python311 fixes the following issues: - CVE-2025-12084: prevent quadratic behavior in node ID cache clearing (bsc#1254997). - CVE-2025-13836: prevent reading an HTTP response from a server, if no read amount is specified, with using Content-Length per default as the length (bsc#1254400). - CVE-2025-13837: protect against OOM when loading malicious content (bsc#1254401). Moderate SUSE bug 1254400 SUSE bug 1254401 SUSE bug 1254997 CVE-2025-12084 at SUSE CVE-2025-12084 at NVD CVE-2025-13836 at SUSE CVE-2025-13836 at NVD CVE-2025-13837 at SUSE CVE-2025-13837 at NVD cpe:/o:opensuse:leap:15.6 Security update for kubernetes (Important) openSUSE Leap 15.6 This update for kubernetes rebuilds it against the current GO security release. Important cpe:/o:opensuse:leap:15.6 Security update for helm (Important) openSUSE Leap 15.6 This update for helm rebuilds it against the current GO security release. Important cpe:/o:opensuse:leap:15.6 Security update for openjpeg2 (Low) openSUSE Leap 15.6 This update for openjpeg2 fixes the following issues: - CVE-2023-39327: Fixed malicious files can cause a large loop that continuously prints warning messages on the terminal (bsc#1227412). Low SUSE bug 1227412 CVE-2023-39327 at SUSE CVE-2023-39327 at NVD cpe:/o:opensuse:leap:15.6 Security update for openssl-1_0_0 (Moderate) openSUSE Leap 15.6 This update for openssl-1_0_0 fixes the following issues: - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). Moderate SUSE bug 1256834 SUSE bug 1256837 SUSE bug 1256838 SUSE bug 1256840 CVE-2025-68160 at SUSE CVE-2025-68160 at NVD CVE-2025-69420 at SUSE CVE-2025-69420 at NVD CVE-2025-69421 at SUSE CVE-2025-69421 at NVD CVE-2026-22796 at SUSE CVE-2026-22796 at NVD cpe:/o:opensuse:leap:15.6 Security update for libxml2 (Low) openSUSE Leap 15.6 This update for libxml2 fixes the following issues: - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `<include>` directives (bsc#1256805) Low SUSE bug 1256805 CVE-2026-0989 at SUSE CVE-2026-0989 at NVD cpe:/o:opensuse:leap:15.6 Security update for python (Moderate) openSUSE Leap 15.6 This update for python fixes the following issues: - Modified CVE-2025-6075 fix to not use `re.ASCII` flag (not available in Python 2.7) (bsc#1257064). Moderate SUSE bug 1257064 CVE-2025-6075 at SUSE CVE-2025-6075 at NVD cpe:/o:opensuse:leap:15.6 Security update for abseil-cpp (Moderate) openSUSE Leap 15.6 This update for abseil-cpp fixes the following issues: - CVE-2025-0838: Fixed heap buffer overflow in sized constructors, reserve(), and rehash() methods of absl:{flat,node}hash{set,map} (bsc#1237543). Moderate SUSE bug 1237543 CVE-2025-0838 at SUSE CVE-2025-0838 at NVD cpe:/o:opensuse:leap:15.6 Security update for assertj-core (Moderate) openSUSE Leap 15.6 This update for assertj-core fixes the following issues: Upgrade to version 3.27.7: - CVE-2026-24400: Fix XXE vulnerability in isXmlEqualTo assertion (bsc#1257293). Moderate SUSE bug 1257293 CVE-2026-24400 at SUSE CVE-2026-24400 at NVD cpe:/o:opensuse:leap:15.6 Security update for openssl-1_1 (Moderate) openSUSE Leap 15.6 This update for openssl-1_1 fixes the following issues: - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839). - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837). - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838). - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840). - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835). - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836). Moderate SUSE bug 1256834 SUSE bug 1256835 SUSE bug 1256836 SUSE bug 1256837 SUSE bug 1256838 SUSE bug 1256839 SUSE bug 1256840 CVE-2025-68160 at SUSE CVE-2025-68160 at NVD CVE-2025-69418 at SUSE CVE-2025-69418 at NVD CVE-2025-69419 at SUSE CVE-2025-69419 at NVD CVE-2025-69420 at SUSE CVE-2025-69420 at NVD CVE-2025-69421 at SUSE CVE-2025-69421 at NVD CVE-2026-22795 at SUSE CVE-2026-22795 at NVD CVE-2026-22796 at SUSE CVE-2026-22796 at NVD cpe:/o:opensuse:leap:15.6 Security update for openCryptoki (Moderate) openSUSE Leap 15.6 This update for openCryptoki fixes the following issues: - CVE-2026-23893: Fixed privilege escalation or data exposure via symlink following (bsc#1257116) Moderate SUSE bug 1257116 CVE-2026-23893 at SUSE CVE-2026-23893 at NVD cpe:/o:opensuse:leap:15.6 Security update for libpcap (Low) openSUSE Leap 15.6 This update for libpcap fixes the following issues: - CVE-2025-11961: missing validation of provided MAC-48 address string in `pcap_ether_aton()` can lead to out-of-bounds read and write (bsc#1255765). Low SUSE bug 1255765 CVE-2025-11961 at SUSE CVE-2025-11961 at NVD cpe:/o:opensuse:leap:15.6 Security update for logback (Moderate) openSUSE Leap 15.6 This update for logback fixes the following issues: - CVE-2026-1225: ACE vulnerability in configuration file (bsc#1257094) Moderate SUSE bug 1257094 CVE-2026-1225 at SUSE CVE-2026-1225 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-21-openjdk (Important) openSUSE Leap 15.6 This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.10+7 (January 2026 CPU) Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI (bsc#1257034). - CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX (bsc#1257036). - CVE-2026-21933: Fixed Oracle Java SE component Networking (bsc#1257037). - CVE-2026-21945: Fixed Oracle Java SE component Security (bsc#1257038). Other fixes: - Do not depend on update-desktop-files (jsc#PED-14507, jsc#PED-15217). Important SUSE bug 1257034 SUSE bug 1257036 SUSE bug 1257037 SUSE bug 1257038 CVE-2026-21925 at SUSE CVE-2026-21925 at NVD CVE-2026-21932 at SUSE CVE-2026-21932 at NVD CVE-2026-21933 at SUSE CVE-2026-21933 at NVD CVE-2026-21945 at SUSE CVE-2026-21945 at NVD cpe:/o:opensuse:leap:15.6 Security update for libpng16 (Moderate) openSUSE Leap 15.6 This update for libpng16 fixes the following issues: - CVE-2025-28162: memory leaks when running `pngimage` (bsc#1257364). - CVE-2025-28164: memory leaks when running `pngimage` (bsc#1257365). - CVE-2026-22695: Fixed heap buffer over-read in png_image_finish_read (bsc#1256525). Moderate SUSE bug 1257364 SUSE bug 1257365 CVE-2025-28162 at SUSE CVE-2025-28162 at NVD CVE-2025-28164 at SUSE CVE-2025-28164 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-urllib3 (Moderate) openSUSE Leap 15.6 This update for python-urllib3 fixes the following issues: - CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API (bsc#1254867). - CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain (bsc#1254866). Moderate SUSE bug 1254866 SUSE bug 1254867 CVE-2025-66418 at SUSE CVE-2025-66418 at NVD CVE-2025-66471 at SUSE CVE-2025-66471 at NVD cpe:/o:opensuse:leap:15.6 Security update for libsodium (Moderate) openSUSE Leap 15.6 This update for libsodium fixes the following issues: - CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point validation (bsc#1256070). - CVE-2025-69277: Fixed incorrect validation of elliptic curve points in crypto_core_ed25519_is_valid_point function (bsc#1255764). Moderate SUSE bug 1255764 SUSE bug 1256070 CVE-2025-15444 at SUSE CVE-2025-15444 at NVD CVE-2025-69277 at SUSE CVE-2025-69277 at NVD cpe:/o:opensuse:leap:15.6 Security update for glibc (Important) openSUSE Leap 15.6 This update for glibc fixes the following issues: Security fixes: - CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766). - CVE-2026-0915: Fixed uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822). - CVE-2025-15281: Fixed uninitialized memory may cause the process abort (bsc#1257005). Other fixes: - NPTL: Optimize trylock for high cache contention workloads (bsc#1256437). Important SUSE bug 1256437 SUSE bug 1256766 SUSE bug 1256822 SUSE bug 1257005 CVE-2025-15281 at SUSE CVE-2025-15281 at NVD CVE-2026-0861 at SUSE CVE-2026-0861 at NVD CVE-2026-0915 at SUSE CVE-2026-0915 at NVD cpe:/o:opensuse:leap:15.6 Security update for glib2 (Important) openSUSE Leap 15.6 This update for glib2 fixes the following issues: - CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354). - CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355). - CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353). Important SUSE bug 1257353 SUSE bug 1257354 SUSE bug 1257355 CVE-2026-1484 at SUSE CVE-2026-1484 at NVD CVE-2026-1485 at SUSE CVE-2026-1485 at NVD CVE-2026-1489 at SUSE CVE-2026-1489 at NVD cpe:/o:opensuse:leap:15.6 Security update for protobuf (Moderate) openSUSE Leap 15.6 This update for protobuf fixes the following issues: - CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python json_format.ParseDict (bsc#1257173). Moderate SUSE bug 1257173 CVE-2026-0994 at SUSE CVE-2026-0994 at NVD cpe:/o:opensuse:leap:15.6 Security update for libheif (Moderate) openSUSE Leap 15.6 This update for libheif fixes the following issues: - CVE-2025-68431: Fixed heap buffer over-read in `HeifPixelImage::overlay()` via crafted HEIF that exercises the overlay image item (bsc#1255735) Moderate SUSE bug 1255735 CVE-2025-68431 at SUSE CVE-2025-68431 at NVD cpe:/o:opensuse:leap:15.6 Security update for rekor (Moderate) openSUSE Leap 15.6 This update for rekor fixes the following issues: Security fixes: - CVE-2025-58058: Fixed github.com/ulikunitz/xz leaks memory (bsc#1248910) - CVE-2025-29923: Fixed potential out of order responses when `CLIENT SETINFO` times out during connection establishment (bsc#1241153) Other fixes: - Update to version 1.4.3 - Update to version 1.4.2 - Update to version 1.4.1 (jsc#SLE-23476) Moderate SUSE bug 1241153 SUSE bug 1248910 CVE-2025-29923 at SUSE CVE-2025-29923 at NVD CVE-2025-58058 at SUSE CVE-2025-58058 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaThunderbird (Important) openSUSE Leap 15.6 This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 140.7.1 MFSA 2026-08 (bsc#1257397): - CVE-2026-0818: CSS-based exfiltration of the content from partially encrypted emails when allowing remote content Important SUSE bug 1257397 CVE-2026-0818 at SUSE CVE-2026-0818 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-1_8_0-openj9 (Important) openSUSE Leap 15.6 This update for java-1_8_0-openj9 fixes the following issues: - CVE-2026-21925: Fixed a vulnerability in the Oracle Java SE component RMI. (bsc#1257034) - CVE-2026-21932: Fixed a vulnerability in the Oracle Java SE component AWT and JavaFX. (bsc#1257036) - CVE-2026-21933: Fixed a vulnerability in the Oracle Java SE component Networking. (bsc#1257037) - CVE-2026-21945: Fixed a vulnerability in the Oracle Java SE component Security. (bsc#1257038) Important SUSE bug 1257034 SUSE bug 1257036 SUSE bug 1257037 SUSE bug 1257038 CVE-2026-21925 at SUSE CVE-2026-21925 at NVD CVE-2026-21932 at SUSE CVE-2026-21932 at NVD CVE-2026-21933 at SUSE CVE-2026-21933 at NVD CVE-2026-21945 at SUSE CVE-2026-21945 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-1_8_0-ibm (Important) openSUSE Leap 15.6 This update for java-1_8_0-ibm fixes the following issues: Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI (bsc#1257034) - CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX (bsc#1257036) - CVE-2026-21933: Fixed Oracle Java SE component Networking (bsc#1257037) - CVE-2026-21945: Fixed Oracle Java SE component Security (bsc#1257038) Other fixes: - Upgrade to Java 8.0 Service Refresh 8 Fix Pack 60 (bsc#1257131) Important SUSE bug 1257034 SUSE bug 1257036 SUSE bug 1257037 SUSE bug 1257038 SUSE bug 1257131 CVE-2026-21925 at SUSE CVE-2026-21925 at NVD CVE-2026-21932 at SUSE CVE-2026-21932 at NVD CVE-2026-21933 at SUSE CVE-2026-21933 at NVD CVE-2026-21945 at SUSE CVE-2026-21945 at NVD cpe:/o:opensuse:leap:15.6 Security update for libxml2 (Low) openSUSE Leap 15.6 This update for libxml2 fixes the following issues: - CVE-2026-0989: Fixed call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth when resolving `<include>` directives (bsc#1256805) Low SUSE bug 1256805 CVE-2026-0989 at SUSE CVE-2026-0989 at NVD cpe:/o:opensuse:leap:15.6 Security update for kubernetes-old (Important) openSUSE Leap 15.6 This update for kubernetes-old rebuilds it against the current GO security release. Important cpe:/o:opensuse:leap:15.6 Security update for java-11-openjdk (Important) openSUSE Leap 15.6 This update for java-11-openjdk fixes the following issues: Upgrade to upstream tag jdk-11.0.30+7 (January 2026 CPU) Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI (bsc#1257034). - CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX (bsc#1257036). - CVE-2026-21933: Fixed Oracle Java SE component Networking (bsc#1257037). - CVE-2026-21945: Fixed Oracle Java SE component Security (bsc#1257038). Other fixes: - OpenJDK rendering blue borders when it should not, due to missing the fix for JDK-6304250 from upstream (bsc#1255446). - Do not depend on update-desktop-files (jsc#PED-14507). Important SUSE bug 1255446 SUSE bug 1257034 SUSE bug 1257036 SUSE bug 1257037 SUSE bug 1257038 CVE-2026-21925 at SUSE CVE-2026-21925 at NVD CVE-2026-21932 at SUSE CVE-2026-21932 at NVD CVE-2026-21933 at SUSE CVE-2026-21933 at NVD CVE-2026-21945 at SUSE CVE-2026-21945 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-17-openjdk (Important) openSUSE Leap 15.6 This update for java-17-openjdk fixes the following issues: Upgrade to upstream tag jdk-17.0.18+8 (January 2026 CPU) Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI (bsc#1257034). - CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX (bsc#1257036). - CVE-2026-21933: Fixed Oracle Java SE component Networking (bsc#1257037). - CVE-2026-21945: Fixed Oracle Java SE component Security (bsc#1257038). Other fixes: - OpenJDK rendering blue borders when it should not, due to missing the fix for JDK-6304250 from upstream (bsc#1255446). - Do not depend on update-desktop-files (jsc#PED-14507, jsc#PED-15216). Important SUSE bug 1255446 SUSE bug 1257034 SUSE bug 1257036 SUSE bug 1257037 SUSE bug 1257038 CVE-2026-21925 at SUSE CVE-2026-21925 at NVD CVE-2026-21932 at SUSE CVE-2026-21932 at NVD CVE-2026-21933 at SUSE CVE-2026-21933 at NVD CVE-2026-21945 at SUSE CVE-2026-21945 at NVD cpe:/o:opensuse:leap:15.6 Security update for freerdp (Important) openSUSE Leap 15.6 This update for freerdp fixes the following issues: - CVE-2026-22852: a malicious RDP server can trigger a heap-buffer-overflow in audin_process_formats (bsc#1256718). - CVE-2026-22854: server-controlled read length is used to read file data into an IRP output can cause heap-buffer-overflow in drive_process_irp_read (bsc#1256720). - CVE-2026-22856: race condition in the serial channel IRP thread tracking can cause heap-use-after-free in create_irp_thread(bsc#1256722). - CVE-2026-22859: improper bound check can lead to heap-buffer-overflow in urb_select_configuration (bsc#1256725). - CVE-2026-23530: improper validation can lead to heap buffer overflow in `planar_decompress_plane_rle` (bsc#1256940). - CVE-2026-23531: improper validation in `clear_decompress` can lead to heap buffer overflow (bsc#1256941). - CVE-2026-23532: mismatch between destination rectangle clamping and the actual copy size can lead to a heap buffer overflow in `gdi_SurfaceToSurface` (bsc#1256942). - CVE-2026-23534: missing checks can lead to heap buffer overflow in `clear_decompress_bands_data` (bsc#1256944). Important SUSE bug 1256718 SUSE bug 1256720 SUSE bug 1256722 SUSE bug 1256725 SUSE bug 1256940 SUSE bug 1256941 SUSE bug 1256942 SUSE bug 1256944 CVE-2026-22852 at SUSE CVE-2026-22852 at NVD CVE-2026-22854 at SUSE CVE-2026-22854 at NVD CVE-2026-22856 at SUSE CVE-2026-22856 at NVD CVE-2026-22859 at SUSE CVE-2026-22859 at NVD CVE-2026-23530 at SUSE CVE-2026-23530 at NVD CVE-2026-23531 at SUSE CVE-2026-23531 at NVD CVE-2026-23532 at SUSE CVE-2026-23532 at NVD CVE-2026-23534 at SUSE CVE-2026-23534 at NVD cpe:/o:opensuse:leap:15.6 Security update for usbmuxd (Moderate) openSUSE Leap 15.6 This update for usbmuxd fixes the following issues: - CVE-2025-66004: Fixed LPE from nobody to usbmux (bsc#1254302) Moderate SUSE bug 1254302 CVE-2025-66004 at SUSE CVE-2025-66004 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-brotlipy (Important) openSUSE Leap 15.6 This update for python-brotlipy fixes the following issues: - Add max length decompression (bsc#1254867, bsc#1256017) Important SUSE bug 1254867 SUSE bug 1256017 cpe:/o:opensuse:leap:15.6 Security update for python-wheel (Important) openSUSE Leap 15.6 This update for python-wheel fixes the following issues: - CVE-2026-24049: Fixed absent path sanitization can cause arbitrary file permission modification (bsc#1257100). Important SUSE bug 1257100 CVE-2026-24049 at SUSE CVE-2026-24049 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.24 (Critical) openSUSE Leap 15.6 This update for go1.24 fixes the following issues: Update to version 1.24.13. Security issues fixed: - CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling (bsc#1257692). - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818). - CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc1256820). Other updates and bugfixes: - version update to 1.24.13: * go#77323 crypto/x509: single-label excluded DNS name constraints incorrectly match all wildcard SANs * go#77424 crypto/tls: CL 737700 broke session resumption on macOS Critical SUSE bug 1236217 SUSE bug 1256818 SUSE bug 1256820 SUSE bug 1257692 CVE-2025-61732 at SUSE CVE-2025-61732 at NVD CVE-2025-68119 at SUSE CVE-2025-68119 at NVD CVE-2025-68121 at SUSE CVE-2025-68121 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.25 (Critical) openSUSE Leap 15.6 This update for go1.25 fixes the following issues: Update to version 1.25.7. Security issues fixed: - CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling (bsc#1257692). - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818). Other updates and bugfixes: - version update to 1.25.7: * go#75844 cmd/compile: OOM killed on linux/arm64 * go#77323 crypto/x509: single-label excluded DNS name constraints incorrectly match all wildcard SANs * go#77425 crypto/tls: CL 737700 broke session resumption on macOS Critical SUSE bug 1244485 SUSE bug 1256818 SUSE bug 1257692 CVE-2025-61732 at SUSE CVE-2025-61732 at NVD CVE-2025-68121 at SUSE CVE-2025-68121 at NVD cpe:/o:opensuse:leap:15.6 Security update for libsoup (Important) openSUSE Leap 15.6 This update for libsoup fixes the following issues: - CVE-2026-1536: Always validate the headers value when coming from untrusted source to avoid HTTP header injection. (bsc#1257440) - CVE-2026-1761: Check length of bytes read in soup_filter_input_stream_read_until to avoid a stack-based buffer overflow. (bsc#1257598) Important SUSE bug 1257440 SUSE bug 1257598 CVE-2026-1536 at SUSE CVE-2026-1536 at NVD CVE-2026-1761 at SUSE CVE-2026-1761 at NVD cpe:/o:opensuse:leap:15.6 Security update for sqlite3 (Moderate) openSUSE Leap 15.6 This update for sqlite3 fixes the following issues: - Update to v3.51.2: - CVE-2025-7709: Fixed an integer overflow in the FTS5 extension. (bsc#1254670) Moderate SUSE bug 1248586 SUSE bug 1254670 CVE-2025-7709 at SUSE CVE-2025-7709 at NVD cpe:/o:opensuse:leap:15.6 Security update for xrdp (Important) openSUSE Leap 15.6 This update for xrdp fixes the following issues: - CVE-2025-68670: Fix a potential overflow when processing user domain information. (bsc#1257362) Important SUSE bug 1257362 CVE-2025-68670 at SUSE CVE-2025-68670 at NVD cpe:/o:opensuse:leap:15.6 Security update for gpg2 (Important) openSUSE Leap 15.6 This update for gpg2 fixes the following issues: Security fixes: - CVE-2026-24882: Fixed stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys (bsc#1257396) - Fixed GnuPG accepting Path Separators and Path Traversals in Literal Data 'Filename' Field (bsc#1256389) Important SUSE bug 1256389 SUSE bug 1257396 CVE-2026-24882 at SUSE CVE-2026-24882 at NVD cpe:/o:opensuse:leap:15.6 Security update for nodejs20 (Important) openSUSE Leap 15.6 This update for nodejs20 fixes the following issues: - Update to 20.20.0: - CVE-2026-22036: Updated undici to 6.23.0 (bsc#1256848) - CVE-2025-59465: Add TLSSocket default error handler (bsc#1256573) - CVE-2025-55132: Disable futimes when permission model is enabled (bsc#1256571) - CVE-2025-55130: Require full read and write to symlink APIs (bsc#1256569) - CVE-2025-59466: Rethrow stack overflow exceptions in async_hooks (bsc#1256574) - CVE-2025-55131: Refactor unsafe buffer creation to remove zero-fill toggle (bsc#1256570) - CVE-2026-21637: Route callback exceptions through error handlers (bsc#1256576) Important SUSE bug 1256569 SUSE bug 1256570 SUSE bug 1256571 SUSE bug 1256573 SUSE bug 1256574 SUSE bug 1256576 SUSE bug 1256848 CVE-2025-55130 at SUSE CVE-2025-55130 at NVD CVE-2025-55131 at SUSE CVE-2025-55131 at NVD CVE-2025-55132 at SUSE CVE-2025-55132 at NVD CVE-2025-59465 at SUSE CVE-2025-59465 at NVD CVE-2025-59466 at SUSE CVE-2025-59466 at NVD CVE-2026-21637 at SUSE CVE-2026-21637 at NVD CVE-2026-22036 at SUSE CVE-2026-22036 at NVD cpe:/o:opensuse:leap:15.6 Security update for ImageMagick (Important) openSUSE Leap 15.6 This update for ImageMagick fixes the following issues: - CVE-2026-22770: improper pointer initialization can cause denial of service (bsc#1256969). - CVE-2026-23874: manipulation of digital images can lead to stack overflow (bsc#1256976). - CVE-2026-23876: maliciously crafted image can lead to heap buffer overflow (bsc#1256962). - CVE-2026-23952: processing comment tag can cause null pointer dereference (bsc#1257076). Important SUSE bug 1256962 SUSE bug 1256969 SUSE bug 1256976 SUSE bug 1257076 CVE-2026-22770 at SUSE CVE-2026-22770 at NVD CVE-2026-23874 at SUSE CVE-2026-23874 at NVD CVE-2026-23876 at SUSE CVE-2026-23876 at NVD CVE-2026-23952 at SUSE CVE-2026-23952 at NVD cpe:/o:opensuse:leap:15.6 Security update for apptainer (Important) openSUSE Leap 15.6 This update for apptainer fixes the following issues: Security fixes: - CVE-2024-45310: Fixed runc being tricked into creating empty files/directories on host (bsc#1257432) - CVE-2025-65105: Fixed security bypass due to disabling security options (bsc#1255462) - CVE-2025-47914: Fixed malformed constraint may cause denial of service in golang.org/x/crypto/ssh/agent (bsc#1253967) - CVE-2025-58181: Fixed unbounded memory consumption in golang.org/x/crypto/ssh (bsc#1253784) - CVE-2025-47913: Fixed potential denial of service in golang.org/x/crypto/ssh/agent (bsc#1253506) - CVE-2025-22872: Fixed incorrect Neutralization of Input During Web Page Generation in x/net (bsc#1241710) - CVE-2025-22870: Fixed HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net (bsc#1238611) - CVE-2025-22869: Fixed potential denial of service in golang.org/x/crypto (bsc#1239322) - CVE-2025-27144: Fixed DoS in go-jose Parsing in github.com/go-jose/go-jose (bsc#1237608) - CVE-2025-8556: Fixed missing and wrong validation can lead to incorrect results in github.com/cloudflare/circl Other fixes: - Update to 1.4.5 Important SUSE bug 1237608 SUSE bug 1238611 SUSE bug 1239322 SUSE bug 1241710 SUSE bug 1253506 SUSE bug 1253784 SUSE bug 1253967 SUSE bug 1255462 SUSE bug 1257432 CVE-2024-45310 at SUSE CVE-2024-45310 at NVD CVE-2025-22869 at SUSE CVE-2025-22869 at NVD CVE-2025-22870 at SUSE CVE-2025-22870 at NVD CVE-2025-22872 at SUSE CVE-2025-22872 at NVD CVE-2025-27144 at SUSE CVE-2025-27144 at NVD CVE-2025-47913 at SUSE CVE-2025-47913 at NVD CVE-2025-47914 at SUSE CVE-2025-47914 at NVD CVE-2025-58181 at SUSE CVE-2025-58181 at NVD CVE-2025-65105 at SUSE CVE-2025-65105 at NVD CVE-2025-8556 at SUSE CVE-2025-8556 at NVD cpe:/o:opensuse:leap:15.6 Security update for mozjs60 (Moderate) openSUSE Leap 15.6 This update for mozjs60 fixes the following issues: - CVE-2024-45492: embedded expat: detect integer overflow in function nextScaffoldPart (bsc#1230038) - CVE-2024-45491: embedded expat: detect integer overflow in dtdCopy (bsc#1230037) - CVE-2024-45490: embedded expat: reject negative len for XML_ParseBuffer (bsc#1230036) - CVE-2024-50602: libexpat: DoS via XML_ResumeParser (bsc#1232602) Moderate SUSE bug 1230036 SUSE bug 1230037 SUSE bug 1230038 SUSE bug 1232602 CVE-2024-45490 at SUSE CVE-2024-45490 at NVD CVE-2024-45491 at SUSE CVE-2024-45491 at NVD CVE-2024-45492 at SUSE CVE-2024-45492 at NVD CVE-2024-50602 at SUSE CVE-2024-50602 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Django (Important) openSUSE Leap 15.6 This update for python-Django fixes the following issues: - CVE-2025-14550: Fixed potential denial-of-service via repeated headers when using ASGI(bsc#1257403) - CVE-2026-1312: Fixed potential SQL injection via QuerySet.order_by and FilteredRelation (bsc#1257408) - CVE-2026-1287: Fixed potential SQL injection in column aliases via control characters (bsc#1257407) - CVE-2026-1207: Fixed potential SQL injection via raster lookups on PostGIS (bsc#1257405) - CVE-2025-13473: Fixed username enumeration through timing difference in mod_wsgi authentication handler (bsc#1257401) - CVE-2026-1285: Fixed potential denial-of-service in django.utils.text.Truncator HTML methods (bsc#1257406) Important SUSE bug 1257401 SUSE bug 1257403 SUSE bug 1257405 SUSE bug 1257406 SUSE bug 1257407 SUSE bug 1257408 CVE-2025-13473 at SUSE CVE-2025-13473 at NVD CVE-2025-14550 at SUSE CVE-2025-14550 at NVD CVE-2026-1207 at SUSE CVE-2026-1207 at NVD CVE-2026-1285 at SUSE CVE-2026-1285 at NVD CVE-2026-1287 at SUSE CVE-2026-1287 at NVD CVE-2026-1312 at SUSE CVE-2026-1312 at NVD cpe:/o:opensuse:leap:15.6 Security update for gimp (Important) openSUSE Leap 15.6 This update for gimp fixes the following issues: - CVE-2026-0797: Fixed a heap-based buffer overflow in the parsing of ICO files. (bsc#1257549) Important SUSE bug 1257549 CVE-2026-0797 at SUSE CVE-2026-0797 at NVD cpe:/o:opensuse:leap:15.6 Security update for uriparser (Moderate) openSUSE Leap 15.6 This update for uriparser fixes the following issues: - CVE-2025-67899: large input containing many commas can cause unbounded recursion and stack consumption (bsc#1255000). Moderate SUSE bug 1255000 CVE-2025-67899 at SUSE CVE-2025-67899 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-wheel (Important) openSUSE Leap 15.6 This update for python-wheel fixes the following issues: - CVE-2026-24049: Fixed absent path sanitization can cause arbitrary file permission modification (bsc#1257100). Important SUSE bug 1257100 CVE-2026-24049 at SUSE CVE-2026-24049 at NVD cpe:/o:opensuse:leap:15.6 Security update for the Linux Kernel (Important) openSUSE Leap 15.6 The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842). - CVE-2025-40259: scsi: sg: Do not sleep in atomic context (bsc#1254845). - CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255377). - CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401). - CVE-2025-68775: net/handshake: duplicate handshake cancellations leak socket (bsc#1256665). - CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641). - CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623). - CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612). - CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726). - CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779). - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236). - CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232). - CVE-2026-23010: ipv6: Fix use-after-free in inet6_addr_del() (bsc#1257332). The following non security issues were fixed: - bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603). - btrfs: do not strictly require dirty metadata threshold for metadata writepages (stable-fixes). - cifs: Fix copy offload to flush destination region (bsc#1252511). - cifs: Fix flushing, invalidation and file size with copy_file_range() (bsc#1252511). - cifs: add new field to track the last access time of cfid (git-fixes). - ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378). - ice: use netif_get_num_default_rss_queues() (bsc#1247712). - mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1253087). - net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473). - net: tcp: allow zero-window ACK update the window (bsc#1254767). - sched: Increase sched_tick_remote timeout (bsc#1254510). - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - smb: change return type of cached_dir_lease_break() to bool (git-fixes). - smb: client: ensure open_cached_dir_by_dentry() only returns valid cfid (git-fixes). - smb: client: remove unused fid_lock (git-fixes). - smb: client: short-circuit in open_cached_dir_by_dentry() if !dentry (git-fixes). - smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748). - smb: client: update cfid->last_access_time in open_cached_dir_by_dentry() (git-fixes). - smb: improve directory cache reuse for readdir operations (bsc#1252712). - x86: make page fault handling disable interrupts properly (git-fixes). Important SUSE bug 1228490 SUSE bug 1233563 SUSE bug 1234842 SUSE bug 1241437 SUSE bug 1242909 SUSE bug 1246184 SUSE bug 1246447 SUSE bug 1247030 SUSE bug 1247712 SUSE bug 1248211 SUSE bug 1249307 SUSE bug 1250032 SUSE bug 1250082 SUSE bug 1250705 SUSE bug 1250748 SUSE bug 1252511 SUSE bug 1252712 SUSE bug 1252900 SUSE bug 1253087 SUSE bug 1253451 SUSE bug 1254378 SUSE bug 1254447 SUSE bug 1254465 SUSE bug 1254510 SUSE bug 1254767 SUSE bug 1254842 SUSE bug 1254845 SUSE bug 1255377 SUSE bug 1255401 SUSE bug 1256528 SUSE bug 1256609 SUSE bug 1256610 SUSE bug 1256612 SUSE bug 1256616 SUSE bug 1256617 SUSE bug 1256623 SUSE bug 1256641 SUSE bug 1256664 SUSE bug 1256665 SUSE bug 1256682 SUSE bug 1256726 SUSE bug 1256728 SUSE bug 1256759 SUSE bug 1256779 SUSE bug 1256792 SUSE bug 1257154 SUSE bug 1257158 SUSE bug 1257232 SUSE bug 1257236 SUSE bug 1257296 SUSE bug 1257332 SUSE bug 1257473 SUSE bug 1257603 CVE-2023-53714 at SUSE CVE-2023-53714 at NVD CVE-2024-42103 at SUSE CVE-2024-42103 at NVD CVE-2024-53070 at SUSE CVE-2024-53070 at NVD CVE-2024-53149 at SUSE CVE-2024-53149 at NVD CVE-2025-22047 at SUSE CVE-2025-22047 at NVD CVE-2025-37813 at SUSE CVE-2025-37813 at NVD CVE-2025-38243 at SUSE CVE-2025-38243 at NVD CVE-2025-38322 at SUSE CVE-2025-38322 at NVD CVE-2025-38379 at SUSE CVE-2025-38379 at NVD CVE-2025-38539 at SUSE CVE-2025-38539 at NVD CVE-2025-39689 at SUSE CVE-2025-39689 at NVD CVE-2025-39813 at SUSE CVE-2025-39813 at NVD CVE-2025-39829 at SUSE CVE-2025-39829 at NVD CVE-2025-39913 at SUSE CVE-2025-39913 at NVD CVE-2025-40097 at SUSE CVE-2025-40097 at NVD CVE-2025-40202 at SUSE CVE-2025-40202 at NVD CVE-2025-40257 at SUSE CVE-2025-40257 at NVD CVE-2025-40259 at SUSE CVE-2025-40259 at NVD CVE-2025-68284 at SUSE CVE-2025-68284 at NVD CVE-2025-68285 at SUSE CVE-2025-68285 at NVD CVE-2025-68775 at SUSE CVE-2025-68775 at NVD CVE-2025-68804 at SUSE CVE-2025-68804 at NVD CVE-2025-68808 at SUSE CVE-2025-68808 at NVD CVE-2025-68813 at SUSE CVE-2025-68813 at NVD CVE-2025-68819 at SUSE CVE-2025-68819 at NVD CVE-2025-71078 at SUSE CVE-2025-71078 at NVD CVE-2025-71081 at SUSE CVE-2025-71081 at NVD CVE-2025-71083 at SUSE CVE-2025-71083 at NVD CVE-2025-71085 at SUSE CVE-2025-71085 at NVD CVE-2025-71089 at SUSE CVE-2025-71089 at NVD CVE-2025-71111 at SUSE CVE-2025-71111 at NVD CVE-2025-71112 at SUSE CVE-2025-71112 at NVD CVE-2025-71120 at SUSE CVE-2025-71120 at NVD CVE-2025-71136 at SUSE CVE-2025-71136 at NVD CVE-2025-71147 at SUSE CVE-2025-71147 at NVD CVE-2026-22999 at SUSE CVE-2026-22999 at NVD CVE-2026-23001 at SUSE CVE-2026-23001 at NVD CVE-2026-23010 at SUSE CVE-2026-23010 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-azure-core (Important) openSUSE Leap 15.6 This update for python-azure-core fixes the following issues: - CVE-2026-21226: Fixed deserialization of untrusted data which may allow an authorized attacker to execute code over a network. (bsc#1257703) Important SUSE bug 1257703 CVE-2026-21226 at SUSE CVE-2026-21226 at NVD cpe:/o:opensuse:leap:15.6 Security update for helm (Important) openSUSE Leap 15.6 This update for helm rebuilds it against the current GO security release. Important cpe:/o:opensuse:leap:15.6 Security update for munge (Important) openSUSE Leap 15.6 This update for munge fixes the following issues: - CVE-2026-25506: buffer overflow in message unpacking (bsc#1257651). Important SUSE bug 1257651 CVE-2026-25506 at SUSE CVE-2026-25506 at NVD cpe:/o:opensuse:leap:15.6 Security update for curl (Moderate) openSUSE Leap 15.6 This update for curl fixes the following issues: - CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731). - CVE-2025-14819: libssh global knownhost override (bsc#1255732). - CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733). - CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734). Moderate SUSE bug 1255731 SUSE bug 1255732 SUSE bug 1255733 SUSE bug 1255734 CVE-2025-14524 at SUSE CVE-2025-14524 at NVD CVE-2025-14819 at SUSE CVE-2025-14819 at NVD CVE-2025-15079 at SUSE CVE-2025-15079 at NVD CVE-2025-15224 at SUSE CVE-2025-15224 at NVD cpe:/o:opensuse:leap:15.6 Security update for java-1_8_0-openjdk (Important) openSUSE Leap 15.6 This update for java-1_8_0-openjdk fixes the following issues: - CVE-2026-21925: Fixed a vulnerability in the Oracle Java SE component RMI. (bsc#1257034) - CVE-2026-21932: Fixed a vulnerability in the Oracle Java SE component AWT and JavaFX. (bsc#1257036) - CVE-2026-21933: Fixed a vulnerability in the Oracle Java SE component Networking. (bsc#1257037) - CVE-2026-21945: Fixed a vulnerability in the Oracle Java SE component Security. (bsc#1257038) Important SUSE bug 1257034 SUSE bug 1257036 SUSE bug 1257037 SUSE bug 1257038 CVE-2026-21925 at SUSE CVE-2026-21925 at NVD CVE-2026-21932 at SUSE CVE-2026-21932 at NVD CVE-2026-21933 at SUSE CVE-2026-21933 at NVD CVE-2026-21945 at SUSE CVE-2026-21945 at NVD cpe:/o:opensuse:leap:15.6 Security update for cargo-auditable (Important) openSUSE Leap 15.6 This update for cargo-auditable fixes the following issues: Update to version 0.7.2~0. Security issues fixed: - CVE-2026-25727: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257906). Other updates and bugfixes: - Update to version 0.7.2~0: * mention cargo-dist in README * commit Cargo.lock * bump which dev-dependency to 8.0.0 * bump object to 0.37 * Upgrade cargo_metadata to 0.23 * Expand the set of dist platforms in config - Update to version 0.7.1~0: * Out out of unhelpful clippy lint * Satisfy clippy * Do not assume --crate-name and --out-dir are present in the rustc command, but show warnings if they aren't * Run apt-get update before trying to install packages * run `cargo dist init` on dist 0.30 * Drop allow-dirty from dist config, should no longer be needed * Reorder paragraphs in README * Note the maintenance transition for the go extraction library * Editing pass on the adopters: scanners * clarify Docker support * Cargo clippy fix * Add Wolfi OS and Chainguard to adopters * Update mentions around Anchore tooling * README and documentation updates for nightly * Bump dependency version in rust-audit-info * More work on docs * Nicer formatting on format revision documentation * Bump versions * regenerate JSON schema * cargo fmt * Document format field * Make it more clear that RawVersionInfo is private * Add format field to the serialized data * cargo clippy fix * Add special handling for proc macros to treat them as the build dependencies they are * Add a test to ensure proc macros are reported as build dependencies * Add a test fixture for a crate with a proc macro dependency * parse fully qualified package ID specs from SBOMs * select first discovered SBOM file * cargo sbom integration * Get rid of unmaintained wee_alloc in test code to make people's scanners misled by GHSA chill out * Don't fail plan workflow due to manually changed release.yml * Bump Ubuntu version to hopefully fix release.yml workflow * Add test for stripped binary * Bump version to 0.6.7 * Populate changelog * README.md: add auditable2cdx, more consistency in text * Placate clippy * Do not emit -Wl if a bare linker is in use * Get rid of a compiler warning * Add bare linker detection function * drop boilerplate from test that's no longer relevant * Add support for recovering rustc codegen options * More lenient parsing of rustc arguments * More descriptive error message in case rustc is killed abruptly * change formatting to fit rustfmt * More descriptive error message in case cargo is killed * Update REPLACING_CARGO.md to fix #195 * Clarify osv-scanner support in README * Include the command required to view metadata * Mention wasm-tools support * Switch from broken generic cache action to a Rust-specific one * Fill in various fields in auditable2cdx Cargo.toml * Include osv-scanner in the list, with a caveat * Add link to blint repo to README * Mention that blint supports our data * Consolidate target definitions * Account for WASM test dependencies changing, commit the Cargo.lock so they would stop doing that * Migrate to a maintained toolchain action * Fix author specification * Add link to repository to resolverver Cargo.toml * Bump resolverver to 0.1.0 * Add resolverver crate to the tree - Update to version 0.6.6~0: * Note the `object` upgrade in the changelog * Upgrade cyclonedx-bom from 0.5 to 0.8 in auditable-cyclonedx * Upgrade object crate from 0.30 to 0.36 to reduce dependency footprint * Update dependencies in the lock file * Populate changelog * apply clippy lint * add another --emit parsing test * shorter code with cargo fmt * Actually fix cargo-c compatibility * Attempt to fix cargo-capi incompatibility * Refactoring in preparation for fixes * Also read the --emit flag to rustc * Fill in changelogs * Bump versions * Drop cfg'd out tests * Drop obsolete doc line * Move dependency cycle tests from auditable-serde to cargo-auditable crate * Remove cargo_metadata from auditable-serde API surface. * Apply clippy lint * Upgrade miniz_oxide to 0.8.0 * Insulate our semver from miniz_oxide semver * Add support for Rust 2024 edition * Update tests * More robust OS detection for riscv feature detection * bump version * update changelog for auditable-extract 0.3.5 * Fix wasm component auditable data extraction * Update blocker description in README.md * Add openSUSE to adopters * Update list of know adopters * Fix detection of `riscv64-linux-android` target features * Silence noisy lint * Bump version requirement in rust-audit-info * Fill in changelogs * Bump semver of auditable-info * Drop obsolete comment now that wasm is enabled by default * Remove dependency on cargo-lock * Brag about adoption in the README * Don't use LTO for cargo-dist builds to make them consistent with `cargo install` etc * Also build musl binaries * dist: update dist config for future releases * dist(cargo-auditable): ignore auditable2cdx for now * chore: add cargo-dist Important SUSE bug 1257906 CVE-2026-25727 at SUSE CVE-2026-25727 at NVD cpe:/o:opensuse:leap:15.6 Security update for libnvidia-container (Important) openSUSE Leap 15.6 This update for libnvidia-container fixes the following issues: Update to version 1.18.0. Security issues fixed: - CVE-2024-0132: time-of-check time-of-use (TOCTOU) race condition in default configuration via specifically crafted container image (bsc#1231033). - CVE-2024-0133: data tampering in host file system via specially crafted container image (bsc#1231032). Other updates and bugfixes: - updated to 1.18.0 - Add clock_gettime to allowed syscalls - Fix pointer accessing local variable out of scope - Require version match between libnvidia-container-tools and libnvidia-container1 - Add libnvidia-gpucomp.so to the list of compute libs - Use VERSION_ prefix for version parts in makefiles - Add additional logging - Do not discard container flags when --cuda-compat-mode is not specified - Remove unneeded --no-cntlibs argument from list command - Add cuda-compat-mode flag to configure command - Skip files when user has insufficient permissions - Fix building with Go 1.24 - Add no-cntlibs CLI option to nvidia-container-cli - Fix always using fallback - Add fallback for systems without memfd_create() - Create virtual copy of host ldconfig binary before calling fexecve() - Fix some typos in text. - update nvidia modprobe to expected 550.54.14. - remove services Important SUSE bug 1231032 SUSE bug 1231033 CVE-2024-0132 at SUSE CVE-2024-0132 at NVD CVE-2024-0133 at SUSE CVE-2024-0133 at NVD cpe:/o:opensuse:leap:15.6 Security update for libxml2 (Moderate) openSUSE Leap 15.6 This update for libxml2 fixes the following issues: - CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811) - CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential behavior. (bsc#1256809, bsc#1256812) - CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595) - CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553) Moderate SUSE bug 1250553 SUSE bug 1256807 SUSE bug 1256808 SUSE bug 1256809 SUSE bug 1256811 SUSE bug 1256812 SUSE bug 1257593 SUSE bug 1257594 SUSE bug 1257595 CVE-2025-10911 at SUSE CVE-2025-10911 at NVD CVE-2026-0990 at SUSE CVE-2026-0990 at NVD CVE-2026-0992 at SUSE CVE-2026-0992 at NVD CVE-2026-1757 at SUSE CVE-2026-1757 at NVD cpe:/o:opensuse:leap:15.6 Security update for libxml2 (Moderate) openSUSE Leap 15.6 This update for libxml2 fixes the following issues: - CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811) - CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential behavior. (bsc#1256809, bsc#1256812) - CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595) - CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553) - CVE-2025-8732: Fixed an infinite recursion in catalog parsing functions when processing malformed SGML catalog files. (bsc#1247858) Moderate SUSE bug 1247850 SUSE bug 1247858 SUSE bug 1250553 SUSE bug 1256807 SUSE bug 1256808 SUSE bug 1256809 SUSE bug 1256811 SUSE bug 1256812 SUSE bug 1257593 SUSE bug 1257594 SUSE bug 1257595 CVE-2025-10911 at SUSE CVE-2025-10911 at NVD CVE-2025-8732 at SUSE CVE-2025-8732 at NVD CVE-2026-0990 at SUSE CVE-2026-0990 at NVD CVE-2026-0992 at SUSE CVE-2026-0992 at NVD CVE-2026-1757 at SUSE CVE-2026-1757 at NVD cpe:/o:opensuse:leap:15.6 Security update for kubernetes (Important) openSUSE Leap 15.6 This update for kubernetes rebuilds it against the current GO security release. Important cpe:/o:opensuse:leap:15.6 Security update for kubernetes-old (Important) openSUSE Leap 15.6 This update for kubernetes-old rebuilds it against the current GO security release. Important cpe:/o:opensuse:leap:15.6 Security update for libsoup2 (Important) openSUSE Leap 15.6 This update for libsoup2 fixes the following issues: - CVE-2026-1761: incorrect length calculation when parsing of multipart HTTP responses can lead to a stack-based buffer overflow (bsc#1257598). - CVE-2026-0716: improper bounds handling may allow out-of-bounds read (bsc#1256418). - CVE-2025-4476: null pointer dereference may lead to denial of service (bsc#1243422). Important SUSE bug 1243422 SUSE bug 1256418 SUSE bug 1257598 CVE-2025-4476 at SUSE CVE-2025-4476 at NVD CVE-2026-0716 at SUSE CVE-2026-0716 at NVD CVE-2026-1761 at SUSE CVE-2026-1761 at NVD cpe:/o:opensuse:leap:15.6 Security update for apptainer (Moderate) openSUSE Leap 15.6 This update for apptainer fixes the following issues: - CVE-2025-58190: Fixed a HTML parser misimplementation of a part of the HTML specification for table related tags. (bsc#1258048). - CVE-2025-47911: Fixed an issue where the HTML parser takes a very long time or even never returns. (bsc#1258047). Moderate SUSE bug 1253924 SUSE bug 1258047 SUSE bug 1258048 CVE-2025-47911 at SUSE CVE-2025-47911 at NVD CVE-2025-58190 at SUSE CVE-2025-58190 at NVD cpe:/o:opensuse:leap:15.6 Security update for snpguest (Important) openSUSE Leap 15.6 This update for snpguest fixes the following issues: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257927). Important SUSE bug 1257927 CVE-2026-25727 at SUSE CVE-2026-25727 at NVD cpe:/o:opensuse:leap:15.6 Security update for python (Important) openSUSE Leap 15.6 This update for python fixes the following issues: - CVE-2026-0672: Fixed a HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel. (bsc#1257031) - CVE-2026-0865: Fixed a bug where a user-controlled header containing newlines can allow injecting HTTP headers. (bsc#1257042) - CVE-2025-15366: Fixed a bug wherer a user-controlled command can allow additional commands injected using newlines. (bsc#1257044) - CVE-2025-15367: Fixed control characters which may allow the injection of additional commands. (bsc#1257041) Important SUSE bug 1254867 SUSE bug 1257031 SUSE bug 1257041 SUSE bug 1257042 SUSE bug 1257044 CVE-2025-15366 at SUSE CVE-2025-15366 at NVD CVE-2025-15367 at SUSE CVE-2025-15367 at NVD CVE-2026-0672 at SUSE CVE-2026-0672 at NVD CVE-2026-0865 at SUSE CVE-2026-0865 at NVD cpe:/o:opensuse:leap:15.6 Security update for vexctl (Important) openSUSE Leap 15.6 This update for vexctl fixes the following issues: - Update to version 0.4.1+git78.f951e3a: - CVE-2025-22868: Unexpected memory consumption during token parsing in golang.org/x/oauth2. (bsc#1239186) - CVE-2024-45337: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto. (bsc#1234486) - CVE-2025-27144: Go JOSE's Parsing Vulnerable to Denial of Service. (bsc#1237611) - CVE-2025-22870: proxy bypass using IPv6 zone IDs. (bsc#1238683) - CVE-2025-22869: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh. (bsc#1239323) - CVE-2025-30204: jwt-go allows excessive memory allocation during header parsing. (bsc#1240444) - CVE-2025-58181: invalidated number of mechanisms can cause unbounded memory consumption. (bsc#1253802) - CVE-2026-22772: MetaIssuer URL validation bypass can trigger SSRF to arbitrary internal services. (bsc#1256535) - CVE-2026-24137: legacy TUF client allows for arbitrary file writes with target cache path traversal. (bsc#1257138) Important SUSE bug 1234486 SUSE bug 1237611 SUSE bug 1238683 SUSE bug 1239186 SUSE bug 1239323 SUSE bug 1240444 SUSE bug 1253802 SUSE bug 1256535 SUSE bug 1257138 CVE-2024-45337 at SUSE CVE-2024-45337 at NVD CVE-2025-22868 at SUSE CVE-2025-22868 at NVD CVE-2025-22869 at SUSE CVE-2025-22869 at NVD CVE-2025-22870 at SUSE CVE-2025-22870 at NVD CVE-2025-27144 at SUSE CVE-2025-27144 at NVD CVE-2025-30204 at SUSE CVE-2025-30204 at NVD CVE-2025-58181 at SUSE CVE-2025-58181 at NVD CVE-2026-22772 at SUSE CVE-2026-22772 at NVD CVE-2026-24137 at SUSE CVE-2026-24137 at NVD cpe:/o:opensuse:leap:15.6 Security update for libpng16 (Important) openSUSE Leap 15.6 This update for libpng16 fixes the following issues: - CVE-2026-25646: heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020). Important SUSE bug 1258020 CVE-2026-25646 at SUSE CVE-2026-25646 at NVD cpe:/o:opensuse:leap:15.6 Security update for libpng12 (Important) openSUSE Leap 15.6 This update for libpng12 fixes the following issues: - CVE-2026-25646: heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020). Important SUSE bug 1258020 CVE-2026-25646 at SUSE CVE-2026-25646 at NVD cpe:/o:opensuse:leap:15.6 Security update for capstone (Moderate) openSUSE Leap 15.6 This update for capstone fixes the following issues: Security issues fixed: - CVE-2025-67873: missing bounds check on user-provided skipdata callback can lead to a heap buffer overflow (bsc#1255309). - CVE-2025-68114: unchecked `vsnprintf` return value can lead to a stack buffer overflow (bsc#1255310). Other updates and bugfixes: - Enable static library, and add `libcapstone-devel-static` subpackage. Moderate SUSE bug 1255309 SUSE bug 1255310 CVE-2025-67873 at SUSE CVE-2025-67873 at NVD CVE-2025-68114 at SUSE CVE-2025-68114 at NVD cpe:/o:opensuse:leap:15.6 Security update for gimp (Important) openSUSE Leap 15.6 This update for gimp fixes the following issues: - CVE-2026-2272: integer overflow in ICO file handling can lead to a heap buffer overflow (bsc#1258000). - CVE-2026-2271: integer overflow in the PSP file parser can lead to a heap buffer overflow (bsc#1257999). - CVE-2026-2239: missing null terminator when processing a specially crafted PSD file can lead to a heap buffer overflow and an application crash (bsc#1257959). Important SUSE bug 1257959 SUSE bug 1257999 SUSE bug 1258000 CVE-2026-2239 at SUSE CVE-2026-2239 at NVD CVE-2026-2271 at SUSE CVE-2026-2271 at NVD CVE-2026-2272 at SUSE CVE-2026-2272 at NVD cpe:/o:opensuse:leap:15.6 Security update for ImageMagick (Moderate) openSUSE Leap 15.6 This update for ImageMagick fixes the following issues: - CVE-2025-68618: read a malicious SVG file may result in a DoS attack (bsc#1255821). - CVE-2025-68950: check for circular references in mvg files may lead to stack overflow (bsc#1255822). - CVE-2025-69204: an integer overflow can lead to a DoS attack (bsc#1255823). Moderate SUSE bug 1255821 SUSE bug 1255822 SUSE bug 1255823 CVE-2025-68618 at SUSE CVE-2025-68618 at NVD CVE-2025-68950 at SUSE CVE-2025-68950 at NVD CVE-2025-69204 at SUSE CVE-2025-69204 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaFirefox (Important) openSUSE Leap 15.6 This update for MozillaFirefox fixes the following issues: - Update to Firefox 140.7.1 ESR - CVE-2026-2447: Fixed a heap buffer overflow in libvpx. (bsc#1258231) Important SUSE bug 1258231 CVE-2026-2447 at SUSE CVE-2026-2447 at NVD cpe:/o:opensuse:leap:15.6 Security update for python310 (Important) openSUSE Leap 15.6 This update for python310 fixes the following issues: - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters (bsc#1257029). - CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel (bsc#1257031). - CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042). - CVE-2025-15366: user-controlled command can allow additional commands injected using newlines (bsc#1257044). - CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046). - CVE-2025-15367: control characters may allow the injection of additional commands (bsc#1257041). Important SUSE bug 1257029 SUSE bug 1257031 SUSE bug 1257041 SUSE bug 1257042 SUSE bug 1257044 SUSE bug 1257046 CVE-2025-11468 at SUSE CVE-2025-11468 at NVD CVE-2025-15282 at SUSE CVE-2025-15282 at NVD CVE-2025-15366 at SUSE CVE-2025-15366 at NVD CVE-2025-15367 at SUSE CVE-2025-15367 at NVD CVE-2026-0672 at SUSE CVE-2026-0672 at NVD CVE-2026-0865 at SUSE CVE-2026-0865 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-urllib3_1 (Moderate) openSUSE Leap 15.6 This update for python-urllib3_1 fixes the following issues: - CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API (bsc#1254867). - CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain (bsc#1254866). - CVE-2026-21441: excessive resource consumption during decompression of data in HTTP redirect responses (bsc#1256331). Moderate SUSE bug 1254866 SUSE bug 1254867 SUSE bug 1256331 CVE-2025-66418 at SUSE CVE-2025-66418 at NVD CVE-2025-66471 at SUSE CVE-2025-66471 at NVD CVE-2026-21441 at SUSE CVE-2026-21441 at NVD cpe:/o:opensuse:leap:15.6 Security update for python39 (Important) openSUSE Leap 15.6 This update for python39 fixes the following issues: - CVE-2025-11468: Fixed a header injection when folding a long comment in an email header containing exclusively unfoldable characters. (bsc#1257029) - CVE-2026-0672: Fixed a HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel. (bsc#1257031) - CVE-2026-0865: Fixed a bug where a user-controlled header containing newlines can allow injecting HTTP headers. (bsc#1257042) - CVE-2025-15282: Fixed a bug where a user-controlled data URLs parsed may allow injecting headers. (bsc#1257046) - CVE-2025-15366: Fixed a bug wherer a user-controlled command can allow additional commands injected using newlines. (bsc#1257044) - CVE-2025-15367: Fixed control characters which may allow the injection of additional commands. (bsc#1257041) Important SUSE bug 1257029 SUSE bug 1257031 SUSE bug 1257041 SUSE bug 1257042 SUSE bug 1257044 SUSE bug 1257046 CVE-2025-11468 at SUSE CVE-2025-11468 at NVD CVE-2025-15282 at SUSE CVE-2025-15282 at NVD CVE-2025-15366 at SUSE CVE-2025-15366 at NVD CVE-2025-15367 at SUSE CVE-2025-15367 at NVD CVE-2026-0672 at SUSE CVE-2026-0672 at NVD CVE-2026-0865 at SUSE CVE-2026-0865 at NVD cpe:/o:opensuse:leap:15.6 Security update for python312 (Important) openSUSE Leap 15.6 This update for python312 fixes the following issues: - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters (bsc#1257029). - CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel (bsc#1257031). - CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042). - CVE-2025-15366: user-controlled command can allow additional commands injected using newlines (bsc#1257044). - CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046). - CVE-2025-15367: control characters may allow the injection of additional commands (bsc#1257041). Important SUSE bug 1257029 SUSE bug 1257031 SUSE bug 1257041 SUSE bug 1257042 SUSE bug 1257044 SUSE bug 1257046 CVE-2025-11468 at SUSE CVE-2025-11468 at NVD CVE-2025-15282 at SUSE CVE-2025-15282 at NVD CVE-2025-15366 at SUSE CVE-2025-15366 at NVD CVE-2025-15367 at SUSE CVE-2025-15367 at NVD CVE-2026-0672 at SUSE CVE-2026-0672 at NVD CVE-2026-0865 at SUSE CVE-2026-0865 at NVD cpe:/o:opensuse:leap:15.6 Security update for freerdp (Important) openSUSE Leap 15.6 This update for freerdp fixes the following issues: - CVE-2026-24491: heap-use-after-free in video_timer (bsc#1257981). - CVE-2026-24675: heap-use-after-free in urb_select_interface (bsc#1257982). - CVE-2026-24676: heap-use-after-free in audio_format_compatible (bsc#1257983). - CVE-2026-24679: heap-buffer-overflow in urb_select_interface (bsc#1257986). - CVE-2026-24681: heap-use-after-free in urb_bulk_transfer_cb (bsc#1257988). - CVE-2026-24682: heap-buffer-overflow in audio_formats_free (bsc#1257989). - CVE-2026-24683: heap-use-after-free in ainput_send_input_event (bsc#1257990). - CVE-2026-24684: heap-use-after-free in play_thread (bsc#1257991). Important SUSE bug 1257981 SUSE bug 1257982 SUSE bug 1257983 SUSE bug 1257986 SUSE bug 1257988 SUSE bug 1257989 SUSE bug 1257990 SUSE bug 1257991 CVE-2026-24491 at SUSE CVE-2026-24491 at NVD CVE-2026-24675 at SUSE CVE-2026-24675 at NVD CVE-2026-24676 at SUSE CVE-2026-24676 at NVD CVE-2026-24679 at SUSE CVE-2026-24679 at NVD CVE-2026-24681 at SUSE CVE-2026-24681 at NVD CVE-2026-24682 at SUSE CVE-2026-24682 at NVD CVE-2026-24683 at SUSE CVE-2026-24683 at NVD CVE-2026-24684 at SUSE CVE-2026-24684 at NVD cpe:/o:opensuse:leap:15.6 Security update for redis (Moderate) openSUSE Leap 15.6 This update for redis fixes the following issue: - a user can manipulate data read by a connection by injecting sequences into a Redis error reply (bsc#1258706). Moderate SUSE bug 1258706 cpe:/o:opensuse:leap:15.6 Security update for libsoup2 (Important) openSUSE Leap 15.6 This update for libsoup2 fixes the following issues: - CVE-2025-32049: denial of Service attack to websocket server (bsc#1240751). - CVE-2026-2369: buffer overread due to integer underflow when handling zero-length resources (bsc#1258120). - CVE-2026-2443: out-of-bounds read when processing specially crafted HTTP Range headers can lead to heap information disclosure to remote attackers (bsc#1258170). - CVE-2026-2708: HTTP request smuggling via duplicate Content-Length headers (bsc#1258508). Important SUSE bug 1240751 SUSE bug 1258120 SUSE bug 1258170 SUSE bug 1258508 CVE-2025-32049 at SUSE CVE-2025-32049 at NVD CVE-2026-2369 at SUSE CVE-2026-2369 at NVD CVE-2026-2443 at SUSE CVE-2026-2443 at NVD CVE-2026-2708 at SUSE CVE-2026-2708 at NVD cpe:/o:opensuse:leap:15.6 Security update for docker-stable (Important) openSUSE Leap 15.6 This update for docker-stable fixes the following issues: - CVE-2025-30204: Fixed a vulnerability in jwt-go which allowed excessive memory allocation during header parsing. (bsc#1240513) Important SUSE bug 1240513 CVE-2025-30204 at SUSE CVE-2025-30204 at NVD cpe:/o:opensuse:leap:15.6 Security update for erlang (Moderate) openSUSE Leap 15.6 This update for erlang fixes the following issues: - CVE-2025-48039:Fixed an excessive use of system resources. (bsc#1249469) - CVE-2025-48038:Fixed an excessive use of system resources. (bsc#1249470) - CVE-2025-48040:Fixed an excessive resource consumption. (bsc#1249472) Moderate SUSE bug 1249469 SUSE bug 1249470 SUSE bug 1249472 CVE-2025-48038 at SUSE CVE-2025-48038 at NVD CVE-2025-48039 at SUSE CVE-2025-48039 at NVD CVE-2025-48040 at SUSE CVE-2025-48040 at NVD cpe:/o:opensuse:leap:15.6 Security update for qemu (Moderate) openSUSE Leap 15.6 This update for qemu fixes the following issues: - CVE-2025-14876: qemu-kvm: Unbounded allocation in virtio-crypto (bsc#1255400). - CVE-2026-0665: out-of-bounds heap access can lead to a denial of service or potential memory corruption (bsc#1256484). Moderate SUSE bug 1255400 SUSE bug 1256484 CVE-2025-14876 at SUSE CVE-2025-14876 at NVD CVE-2026-0665 at SUSE CVE-2026-0665 at NVD cpe:/o:opensuse:leap:15.6 Security update for python3 (Important) openSUSE Leap 15.6 This update for python3 fixes the following issues: - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters (bsc#1257029). - CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel (bsc#1257031). - CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042). - CVE-2025-15366: user-controlled command can allow additional commands injected using newlines (bsc#1257044). - CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046). - CVE-2025-15367: control characters may allow the injection of additional commands (bsc#1257041). Important SUSE bug 1257029 SUSE bug 1257031 SUSE bug 1257041 SUSE bug 1257042 SUSE bug 1257044 SUSE bug 1257046 CVE-2025-11468 at SUSE CVE-2025-11468 at NVD CVE-2025-15282 at SUSE CVE-2025-15282 at NVD CVE-2025-15366 at SUSE CVE-2025-15366 at NVD CVE-2025-15367 at SUSE CVE-2025-15367 at NVD CVE-2026-0672 at SUSE CVE-2026-0672 at NVD CVE-2026-0865 at SUSE CVE-2026-0865 at NVD cpe:/o:opensuse:leap:15.6 Security update for docker (Moderate) openSUSE Leap 15.6 This update for docker fixes the following issues: - CVE-2025-58181: Fixed a bug in crypto/ssh where invalidated number of mechanisms can cause unbounded memory consumption. (bsc#1253904) Moderate SUSE bug 1253904 CVE-2025-58181 at SUSE CVE-2025-58181 at NVD cpe:/o:opensuse:leap:15.6 Security update for redis7 (Moderate) openSUSE Leap 15.6 This update for redis7 fixes the following issue: - a user can manipulate data read by a connection by injecting sequences into a Redis error reply (bsc#1258706). Moderate SUSE bug 1258706 cpe:/o:opensuse:leap:15.6 Security update for ucode-intel (Important) openSUSE Leap 15.6 This update for ucode-intel fixes the following issues: - Intel CPU Microcode was updated to the 20260210 release (bsc#1258046) - CVE-2024-24853: Updated fix for incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access. (bsc#1229129) - CVE-2025-31648: Improper handling of values in the microcode flow for some Intel Processor Family may allow an escalation of privilege. (bsc#1258046) Important SUSE bug 1229129 SUSE bug 1258046 CVE-2024-24853 at SUSE CVE-2024-24853 at NVD CVE-2025-31648 at SUSE CVE-2025-31648 at NVD cpe:/o:opensuse:leap:15.6 Security update for podman (Moderate) openSUSE Leap 15.6 This update for podman fixes the following issues: - CVE-2025-47914: Fixed ssh-agent that could cause a panic due to an out-of-bounds read with non validated message size (bsc#1253993) Moderate SUSE bug 1253993 CVE-2025-47914 at SUSE CVE-2025-47914 at NVD cpe:/o:opensuse:leap:15.6 Security update for libvirt (Moderate) openSUSE Leap 15.6 This update for libvirt fixes the following issues: - CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots (bsc#1253703) - CVE-2025-12748: Fixed Check ACLs before parsing the whole domain XML (bsc#1253278) Moderate SUSE bug 1253278 SUSE bug 1253703 CVE-2025-12748 at SUSE CVE-2025-12748 at NVD CVE-2025-13193 at SUSE CVE-2025-13193 at NVD cpe:/o:opensuse:leap:15.6 Security update for gimp (Important) openSUSE Leap 15.6 This update for gimp fixes the following issues: - CVE-2026-2044: lack of proper initialization of memory can allow remote attackers to execute arbitrary code (bsc#1258532). - CVE-2026-2045: check offset in the colormap is valid before using it (bsc#1258533). - CVE-2026-2048: lack of proper validation of user-supplied data can allow remote attackers to execute arbitrary code (bsc#1258535). Important SUSE bug 1258532 SUSE bug 1258533 SUSE bug 1258535 CVE-2025-10934 at SUSE CVE-2025-10934 at NVD CVE-2026-2044 at SUSE CVE-2026-2044 at NVD CVE-2026-2045 at SUSE CVE-2026-2045 at NVD CVE-2026-2048 at SUSE CVE-2026-2048 at NVD cpe:/o:opensuse:leap:15.6 Security update for valkey (Moderate) openSUSE Leap 15.6 This update for valkey fixes the following issues: Update to version 8.0.7. Security issues fixed: - CVE-2025-67733: data tampering and denial of service via improper null character handling in Lua scripts (bsc#1258746). - CVE-2026-21863: denial of service via invalid clusterbus packet (bsc#1258788). Other updates and bugfixes: - ltrim should not call signalModifiedKey when no elements are removed (#2787) - chained replica crash when doing dual channel replication (#2983) - used_memory_dataset underflow due to miscalculated used_memory_overhead (#3005) - avoids crash during MODULE UNLOAD when ACL rules reference a module command and subcommand (#3160) - server assert on ACL LOAD and resetchannels (#3182) - bug causing no response flush sometimes when IO threads are busy (#3205) Moderate SUSE bug 1258746 SUSE bug 1258788 CVE-2025-67733 at SUSE CVE-2025-67733 at NVD CVE-2026-21863 at SUSE CVE-2026-21863 at NVD cpe:/o:opensuse:leap:15.6 Security update for libsoup (Important) openSUSE Leap 15.6 This update for libsoup fixes the following issues: - CVE-2025-32049: denial of Service attack to websocket server (bsc#1240751). - CVE-2026-2369: buffer overread due to integer underflow when handling zero-length resources (bsc#1258120). - CVE-2026-2443: out-of-bounds read when processing specially crafted HTTP Range headers can lead to heap information disclosure to remote attackers (bsc#1258170). - CVE-2026-2708: HTTP request smuggling via duplicate Content-Length headers (bsc#1258508). Important SUSE bug 1240751 SUSE bug 1258120 SUSE bug 1258170 SUSE bug 1258508 CVE-2025-32049 at SUSE CVE-2025-32049 at NVD CVE-2026-2369 at SUSE CVE-2026-2369 at NVD CVE-2026-2443 at SUSE CVE-2026-2443 at NVD CVE-2026-2708 at SUSE CVE-2026-2708 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaThunderbird (Important) openSUSE Leap 15.6 This update for MozillaThunderbird fixes the following issues: - Update to Thunderbird 140.7.2 - CVE-2026-2447: Fixed a heap buffer overflow in libvpx. (bsc#1258231) Important SUSE bug 1258231 CVE-2026-2447 at SUSE CVE-2026-2447 at NVD cpe:/o:opensuse:leap:15.6 Security update for php8 (Moderate) openSUSE Leap 15.6 This update for php8 fixes the following issues: Security fixes: - CVE-2025-14177: getimagesize() function may leak uninitialized heap memory into the APPn segments when reading images in multi-chunk mode (bsc#1255710). - CVE-2025-14178: heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE (bsc#1255711). - CVE-2025-14180: null pointer dereference in pdo_parse_params() function when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled (bsc#1255712). Other fixes: - Update to 8.2.30: Curl: Fix curl build and test failures with version 8.16. Opcache: Reset global pointers to prevent use-after-free in zend_jit_status(). PDO: Fixed GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180) Standard: Fixed GHSA-www2-q4fc-65wf (Null byte termination in dns_get_record()). Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in array_merge()). (CVE-2025-14178) Fixed GHSA-3237-qqm7-mfv7 (Information Leak of Memory in getimagesize). (CVE-2025-14177) Moderate SUSE bug 1255710 SUSE bug 1255711 SUSE bug 1255712 CVE-2025-14177 at SUSE CVE-2025-14177 at NVD CVE-2025-14178 at SUSE CVE-2025-14178 at NVD CVE-2025-14180 at SUSE CVE-2025-14180 at NVD cpe:/o:opensuse:leap:15.6 Security update for shim (Moderate) openSUSE Leap 15.6 This update for shim fixes the following issues: shim is updated to version 16.1: - shim_start_image(): fix guid/handle pairing when uninstalling protocols - Fix uncompressed ipv6 netboot - fix test segfaults caused by uninitialized memory - SbatLevel_Variable.txt: minor typo fix. - Realloc() needs to allocate one more byte for sprintf() - IPv6: Add more check to avoid multiple double colon and illegal char - Loader proto v2 - loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages - Generate Authenticode for the entire PE file - README: mention new loader protocol and interaction with UKIs - shim: change automatically enable MOK_POLICY_REQUIRE_NX - Save var info - add SbatLevel entry 2025051000 for PSA-2025-00012-1 - Coverity fixes 20250804 - fix http boot - Fix double free and leak in the loader protocol shim is updated to version 16.0: - Validate that a supplied vendor cert is not in PEM format - sbat: Add grub.peimage,2 to latest (CVE-2024-2312) - sbat: Also bump latest for grub,4 (and to todays date) - undo change that limits certificate files to a single file - shim: don't set second_stage to the empty string - Fix SBAT.md for today's consensus about numbers - Update Code of Conduct contact address - make-certs: Handle missing OpenSSL installation - Update MokVars.txt - export DEFINES for sub makefile - Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition - Null-terminate 'arguments' in fallback - Fix 'Verifiying' typo in error message - Update Fedora CI targets - Force gcc to produce DWARF4 so that gdb can use it - Minor housekeeping 2024121700 - Discard load-options that start with WINDOWS - Fix the issue that the gBS->LoadImage pointer was empty. - shim: Allow data after the end of device path node in load options - Handle network file not found like disks - Update gnu-efi submodule for EFI_HTTP_ERROR - Increase EFI file alignment - avoid EFIv2 runtime services on Apple x86 machines - Improve shortcut performance when comparing two boolean expressions - Provide better error message when MokManager is not found - tpm: Boot with a warning if the event log is full - MokManager: remove redundant logical constraints - Test import_mok_state() when MokListRT would be bigger than available size - test-mok-mirror: minor bug fix - Fix file system browser hang when enrolling MOK from disk - Ignore a minor clang-tidy nit - Allow fallback to default loader when encountering errors on network boot - test.mk: don't use a temporary random.bin - pe: Enhance debug report for update_mem_attrs - Multiple certificate handling improvements - Generate SbatLevel Metadata from SbatLevel_Variable.txt - Apply EKU check with compile option - Add configuration option to boot an alternative 2nd stage - Loader protocol (with Device Path resolution support) - netboot cleanup for additional files - Document how revocations can be delivered - post-process-pe: add tests to validate NX compliance - regression: CopyMem() in ad8692e copies out of bounds - Save the debug and error logs in mok-variables - Add features for the Host Security ID program - Mirror some more efi variables to mok-variables - This adds DXE Services measurements to HSI and uses them for NX - Add shim's current NX_COMPAT status to HSIStatus - README.tpm: reflect that vendor_db is in fact logged as 'vendor_db' - Reject HTTP message with duplicate Content-Length header fields - Disable log saving - fallback: don't add new boot order entries backwards - README.tpm: Update MokList entry to MokListRT - SBAT Level update for February 2025 GRUB CVEs Moderate SUSE bug 1240871 SUSE bug 1247432 CVE-2024-2312 at SUSE CVE-2024-2312 at NVD cpe:/o:opensuse:leap:15.6 Security update for busybox (Important) openSUSE Leap 15.6 This update for busybox fixes the following issues: - CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization (bsc#1258163). - CVE-2026-26158: Arbitrary file modification and privilege escalation via unvalidated tar archive entries (bsc#1258167). Important SUSE bug 1258163 SUSE bug 1258167 CVE-2026-26157 at SUSE CVE-2026-26157 at NVD CVE-2026-26158 at SUSE CVE-2026-26158 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.25-openssl (Critical) openSUSE Leap 15.6 This update for go1.25-openssl fixes the following issues: Update to version 1.25.7. Security issues fixed: - CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling (bsc#1257692). - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818). Other updates and bugfixes: - version update to 1.25.7: * go#75844 cmd/compile: OOM killed on linux/arm64 * go#77323 crypto/x509: single-label excluded DNS name constraints incorrectly match all wildcard SANs * go#77425 crypto/tls: CL 737700 broke session resumption on macOS Critical SUSE bug 1256818 SUSE bug 1257692 CVE-2025-61732 at SUSE CVE-2025-61732 at NVD CVE-2025-68121 at SUSE CVE-2025-68121 at NVD cpe:/o:opensuse:leap:15.6 Security update for freerdp (Important) openSUSE Leap 15.6 This update for freerdp fixes the following issues: - CVE-2026-22855: heap-buffer-overflow in smartcard_unpack_set_attrib_call (bsc#1256721). - CVE-2026-22857: heap-use-after-free in irp_thread_func (bsc#1256723). - CVE-2026-23533: improper validation can lead to heap buffer overflow in `clear_decompress_residual_data` (bsc#1256943). - CVE-2026-23732: improper validation can lead to heap buffer overflow in `Glyph_Alloc` (bsc#1256945). - CVE-2026-23883: use-after-free when `update_pointer_color` and `freerdp_image_copy_from_pointer_data` fail (bsc#1256946). - CVE-2026-23884: use-after-free in `gdi_set_bounds` (bsc#1256947). Important SUSE bug 1256721 SUSE bug 1256723 SUSE bug 1256943 SUSE bug 1256945 SUSE bug 1256946 SUSE bug 1256947 CVE-2026-22855 at SUSE CVE-2026-22855 at NVD CVE-2026-22857 at SUSE CVE-2026-22857 at NVD CVE-2026-23533 at SUSE CVE-2026-23533 at NVD CVE-2026-23732 at SUSE CVE-2026-23732 at NVD CVE-2026-23883 at SUSE CVE-2026-23883 at NVD CVE-2026-23884 at SUSE CVE-2026-23884 at NVD cpe:/o:opensuse:leap:15.6 Security update for gnome-remote-desktop (Moderate) openSUSE Leap 15.6 This update for gnome-remote-desktop fixes the following issue: - CVE-2025-5024: an unauthenticated attacker can exhaust system resources (bsc#1244053). Moderate SUSE bug 1244053 CVE-2025-5024 at SUSE CVE-2025-5024 at NVD cpe:/o:opensuse:leap:15.6 Security update for python311 (Important) openSUSE Leap 15.6 This update for python311 fixes the following issues: - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters (bsc#1257029). - CVE-2025-12781: inadequate parameter check can cause data integrity issues (bsc#1257108). - CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046). - CVE-2025-15366: user-controlled command can allow additional commands injected using newlines (bsc#1257044). - CVE-2025-15367: control characters may allow the injection of additional commands (bsc#1257041). - CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel (bsc#1257031). - CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042). Important SUSE bug 1257029 SUSE bug 1257031 SUSE bug 1257041 SUSE bug 1257042 SUSE bug 1257044 SUSE bug 1257046 SUSE bug 1257108 CVE-2025-11468 at SUSE CVE-2025-11468 at NVD CVE-2025-12781 at SUSE CVE-2025-12781 at NVD CVE-2025-15282 at SUSE CVE-2025-15282 at NVD CVE-2025-15366 at SUSE CVE-2025-15366 at NVD CVE-2025-15367 at SUSE CVE-2025-15367 at NVD CVE-2026-0672 at SUSE CVE-2026-0672 at NVD CVE-2026-0865 at SUSE CVE-2026-0865 at NVD cpe:/o:opensuse:leap:15.6 Security update for curl (Moderate) openSUSE Leap 15.6 This update for curl fixes the following issues: - CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105). Moderate SUSE bug 1256105 CVE-2025-14017 at SUSE CVE-2025-14017 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql15 (Important) openSUSE Leap 15.6 This update for postgresql15 fixes the following issues: Update to version 15.17 (bsc#1258754). Security issues fixed: - CVE-2026-2003: improper validation of type 'oidvector' may allow disclose a few bytes of server memory (bsc#1258008). - CVE-2026-2004: intarray missing validation of type of input to selectivity estimator could lead to arbitrary code execution (bsc#1258009). - CVE-2026-2005: buffer overrun in contrib/pgcrypto's PGP decryption functions could lead to arbitrary code execution (bsc#1258010). - CVE-2026-2006: inadequate validation of multibyte character lengths could lead to arbitrary code execution (bsc#1258011). Regression fixes: - the substring() function raises an error 'invalid byte sequence for encoding' on non-ASCII text values if the source of that value is a database column (caused by CVE-2026-2006 fix). - a standby may halt and return an error 'could not access status of transaction'. Important SUSE bug 1258008 SUSE bug 1258009 SUSE bug 1258010 SUSE bug 1258011 SUSE bug 1258754 CVE-2026-2003 at SUSE CVE-2026-2003 at NVD CVE-2026-2004 at SUSE CVE-2026-2004 at NVD CVE-2026-2005 at SUSE CVE-2026-2005 at NVD CVE-2026-2006 at SUSE CVE-2026-2006 at NVD cpe:/o:opensuse:leap:15.6 Security update for python (Low) openSUSE Leap 15.6 This update for python fixes the following issue: - CVE-2024-7592: uncontrolled CPU resource consumption when in http.cookies module (bsc#1229596). Low SUSE bug 1229596 CVE-2024-7592 at SUSE CVE-2024-7592 at NVD cpe:/o:opensuse:leap:15.6 Security update for evolution-data-server (Moderate) openSUSE Leap 15.6 This update for evolution-data-server fixes the following issue: - CVE-2026-2604: arbitrary file deletion via inconsistent URI handling (bsc#1258307). Moderate SUSE bug 1258307 CVE-2026-2604 at SUSE CVE-2026-2604 at NVD cpe:/o:opensuse:leap:15.6 Security update for cosign (Moderate) openSUSE Leap 15.6 This update for cosign fixes the following issues: Update to version 3.0.5 (jsc#SLE-23879). Security issues fixed: - CVE-2025-11065: github.com/go-viper/mapstructure/v2: sensitive Information leak in logs (bsc#1250620). - CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption (bsc#1253913). - CVE-2026-22703: Verification accepts any valid Rekor entry under certain conditions (bsc#1256496). - CVE-2026-22772: github.com/sigstore/fulcio: bypass MetaIssuer URL validation bypass can trigger SSRF to arbitrary internal services (bsc#1256562). - CVE-2026-23991: github.com/theupdateframework/go-tuf/v2: denial of service due to invalid TUF metadata JSON returned by TUF repository (bsc#1257080). - CVE-2026-23992: github.com/theupdateframework/go-tuf/v2: unauthorized modification to TUF metadata files due to a compromised or misconfigured TUF repository (bsc#1257085). - CVE-2026-24122: improper validation of certificates that outlive expired CA certificates (bsc#1258542). - CVE-2026-24137: github.com/sigstore/sigstore/pkg/tuf: legacy TUF client allows for arbitrary file writes with target cache path traversal (bsc#1257139). - CVE-2026-26958: filippo.io/edwards25519: failure to initialize receiver in MultiScalarMult can produce invalid results and lead to undefined behavior (bsc#1258612). Other updates and bugfixes: * chore(deps): bump google.golang.org/api from 0.260.0 to 0.264.0 (#4679) * chore(deps): bump github.com/sigstore/rekor-tiles/v2 from 2.0.1 to 2.1.0 (#4670) * chore(deps): bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 (#4712) * chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4680) * chore(deps): bump the gomod group across 1 directory with 4 updates (#4702) * chore(deps): bump the actions group with 3 updates (#4703) * update golang builder to use go1.25.7 (#4687) * update golangci-lint to v2.8.x (#4688) * Support DSSE signing conformance test (#4685) * chore(deps): bump the actions group across 1 directory with 8 updates (#4689) * Deprecate rekor-entry-type flag (#4691) * Deprecate cosign triangulate (#4676) * Deprecate cosign copy (#4681) * Enforce TSA requirement for Rekor v2, Fuclio signing (#4683) * chore(deps): bump github.com/theupdateframework/go-tuf/v2 (#4668) * chore(deps): bump golang from 1.25.5 to 1.25.6 in the all group (#4673) * Automatically require signed timestamp with Rekor v2 entries (#4666) * Fix syntax issue in conformance test, update nightly (#4664) * Add mTLS support for TSA client connections when signing with a signing config (#4620) * fix: avoid panic on malformed tlog entry body (#4652) * Verify validity of chain rather than just certificate (#4663) * Allow --local-image with --new-bundle-format for v2 and v3 signatures (#4626) * chore(deps): bump the gomod group across 1 directory with 3 updates (#4662) * Bump sigstore/sigstore to resolve GHSA (#4660) * Gracefully fail if bundle payload body is not a string (#4648) * fix: avoid panic on malformed replace payload (#4653) * chore(deps): bump github.com/sigstore/rekor from 1.4.3 to 1.5.0 (#4659) * fix: avoid panic on malformed attestation payload (#4651) * fix: avoid panic on malformed tlog entries (#4649) * Update conformance to latest * docs(cosign): clarify RFC3161 revocation semantics (#4642) * Add empty predicate to cosign sign when payload type is application/vnd.in-toto+json (#4635) * chore(deps): bump github.com/sigstore/fulcio from 1.8.4 to 1.8.5 (#4637) * Add origin key for ctfe trusted root * Add changelog updates for v3.0.4 and v2.6.2 (#4625) - Update to version 3.0.4: * Fix bundle verify path for old bundle/trusted root (#4623) * chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4616) * chore(deps): bump cuelang.org/go in the gomod group (#4615) * Optimize cosign tree performance by caching digest resolution (#4612) * Don't require a trusted root to verify offline with a key (#4613) * Support default services for trusted-root and signing-config creation (#4592) * chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4602) * chore(deps): bump github.com/sigstore/sigstore-go (#4578) * chore(deps): bump github.com/buildkite/agent/v3 from 3.114.1 to 3.115.2 (#4601) * chore(deps): bump google.golang.org/api from 0.257.0 to 0.258.0 (#4611) * chore(deps): bump k8s.io/client-go from 0.34.3 to 0.35.0 (#4604) * chore(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 (#4588) * chore(deps): bump golang.org/x/oauth2 from 0.33.0 to 0.34.0 (#4586) * chore(deps): bump the gomod group with 5 updates (#4599) * chore(deps): bump github.com/open-policy-agent/opa from 1.10.1 to 1.12.1 (#4600) * chore(deps): bump golang.org/x/term from 0.37.0 to 0.38.0 (#4584) * chore(deps): bump the actions group with 3 updates (#4587) * chore(deps): bump actions/cache from 4.3.0 to 5.0.1 (#4589) * chore(deps): bump the gomod group with 9 updates (#4577) - Update to version 3.0.3: * 4554: Closes 4554 - Add warning when --output* is used (#4556) * chore(deps): bump golangci/golangci-lint-action from 8.0.0 to 9.1.0 (#4545) * chore(deps): bump github.com/buildkite/agent/v3 from 3.111.0 to 3.113.0 (#4542) * chore(deps): bump github.com/awslabs/amazon-ecr-credential-helper/ecr-login (#4543) * chore(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#4546) * chore(deps): bump the actions group with 4 updates (#4544) * chore(deps): bump the gomod group across 1 directory with 5 updates (#4567) * chore(deps): bump golang from 1.25.4 to 1.25.5 in the all group (#4568) * update builder to use go1.25.5 (#4566) * Protobuf bundle support for subcommand `clean` (#4539) * Add staging flag to initialize with staging TUF metadata * update slack invite link (#4560) * Updating sign-blob to also support signing with a certificate (#4547) * Bump sigstore library dependencies (#4532) * Protobuf bundle support for subcommands `save` and `load` (#4538) * Fix cert attachment for new bundle with signing config * Fix OCI verification with local cert - old bundle * chore(deps): bump github.com/sigstore/fulcio from 1.7.1 to 1.8.1 (#4519) * chore(deps): bump golang.org/x/crypto in /test/fakeoidc (#4535) * chore(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0 (#4536) * update go builder and cosign (#4529) * chore(deps): bump the gomod group across 1 directory with 7 updates (#4528) * chore(deps): bump sigstore/cosign-installer from 3.10.0 to 4.0.0 (#4478) * chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4520) * chore(deps): bump golang from 1.25.3 to 1.25.4 in the all group (#4515) * chore(deps): bump golang.org/x/oauth2 from 0.32.0 to 0.33.0 (#4518) * chore(deps): bump cuelang.org/go from 0.14.2 to 0.15.0 (#4524) * chore(deps): bump github.com/open-policy-agent/opa from 1.9.0 to 1.10.1 (#4521) * chore(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (#4502) * chore(deps): bump the actions group across 1 directory with 2 updates (#4516) * chore(deps): bump github.com/buildkite/agent/v3 from 3.110.0 to 3.111.0 (#4523) * chore(deps): bump github.com/theupdateframework/go-tuf/v2 (#4522) * Deprecate tlog-upload flag (#4458) * fix: Use signal context for `sign` cli package. * update offline verification directions (#4526) * Fix signing/verifying annotations for new bundle * Add support to download and attach for protobuf bundles (#4477) * Add --signing-algorithm flag (#3497) * Refactor signcommon bundle helpers * Add --bundle and fix --upload for new bundle * Pass insecure registry flags through to referrers * chore(deps): bump github.com/buildkite/agent/v3 from 3.108.0 to 3.109.1 (#4483) * Add protobuf bundle support for tree subcommand (#4491) * Remove stale embed import (#4492) * Support multiple container identities * chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4484) * chore(deps): bump chainguard-dev/actions in the actions group (#4480) * chore(deps): bump github.com/sigstore/rekor-tiles/v2 (#4485) * chore(deps): bump golang.org/x/crypto from 0.42.0 to 0.43.0 (#4486) * chore(deps): bump cuelang.org/go in the gomod group (#4479) * upgrade OSS-Fuzz build tooling (#4487) * Fix segfault when no attestations are found (#4472) * Use overridden repository for new bundle format (#4473) * update go to 1.25.3 (#4471) * Remove --out flag from `cosign initialize` (#4462) * chore(deps): bump the actions group with 2 updates (#4460) * Deprecate offline flag (#4457) * Deduplicate code in sign/attest* and verify* commands (#4449) * Cache signing config when calling initialize (#4456) * Update changelog for v3.0.2 (#4455) * chore(deps): bump google.golang.org/api from 0.250.0 to 0.251.0 * chore(deps): bump gitlab.com/gitlab-org/api/client-go * chore(deps): bump the actions group with 3 updates * chore(deps): bump github.com/buildkite/agent/v3 from 3.107.2 to 3.108.0 * choose different signature filename for KMS-signed release signatures (#4448) * chore(deps): bump github.com/go-jose/go-jose/v4 (#4451) * Update rekor-tiles version path * update CL for v3.0.1 release (#4447) * update goreleaser config for v3.0.0 release (#4446) * Create changelog for v3.0.0 (#4440) * Fetch service URLs from the TUF PGI signing config by default (#4428) * Create changelog for v2.6.1 (#4439) * chore(deps): bump google.golang.org/api from 0.249.0 to 0.250.0 (#4432) * chore(deps): bump the gomod group with 2 updates (#4429) * chore(deps): bump github.com/open-policy-agent/opa from 1.8.0 to 1.9.0 (#4433) * chore(deps): bump the actions group with 3 updates (#4434) * chore(deps): bump github.com/go-openapi/swag from 0.24.1 to 0.25.1 (#4435) * chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4436) * chore(deps): bump github.com/go-openapi/runtime from 0.28.0 to 0.29.0 (#4437) * Bump module version to v3 for Cosign v3.0 (#4427) * Move sigstore-conformance back to tagged release (#4425) * Bump sigstore-go to v1.1.3 (#4423) * Partially populate the output of cosign verify when working with new bundles (#4416) * chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4419) * chore(deps): bump github.com/theupdateframework/go-tuf/v2 (#4418) * chore(deps): bump github.com/buildkite/agent/v3 from 3.105.0 to 3.107.0 (#4420) * chore(deps): bump chainguard-dev/actions in the actions group (#4421) * bump go builder to use 1.25.1 and cosign (#4417) * Bump sigstore-go for more precise user agents (#4413) * chore(deps): bump github.com/spf13/viper from 1.20.1 to 1.21.0 (#4408) * chore(deps): bump the actions group with 2 updates (#4407) * chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4410) * chore(deps): bump github.com/buildkite/agent/v3 from 3.104.0 to 3.105.0 (#4411) * Default to using the new protobuf format (#4318) - Update to version 2.6.0: * Require exclusively a SigningConfig or service URLs when signing (#4403) * Add a terminal spinner while signing with sigstore-go (#4402) * Bump sigstore-go, support alternative hash algorithms with keys (#4386) * Add support for SigningConfig in sign/attest (#4371) * Support self-managed keys when signing with sigstore-go (#4368) * Remove SHA256 assumption in sign-blob/verify-blob (#4050) * introduce dockerfile to pin the go version to decouple go version from go.mod (#4369) * refactor: extract function to write referrer attestations (#4357) * Break import cycle with e2e build tag (#4370) * Update conformance test binary for signing config (#4367) * update builder image to use go1.25 (#4366) * Don't load content from TUF if trusted root path is specified (#4347) * Don't require timestamps when verifying with a key (#4337) * Fixes to cosign sign / verify for the new bundle format (#4346) * update builder to use go1.24.6 (#4334) * bump golangci-lint to v2.3.x (#4333) * Have cosign sign support bundle format (#4316) * Add support for SigningConfig for sign-blob/attest-blob, support Rekor v2 (#4319) * Verify subject with bundle only when checking claims (#4320) * Add to `attest-blob` the ability to supply a complete in-toto statement, and add to `verify-blob-attestation` the ability to verify with just a digest (#4306) Moderate SUSE bug 1250620 SUSE bug 1253913 SUSE bug 1256496 SUSE bug 1256562 SUSE bug 1257080 SUSE bug 1257085 SUSE bug 1257139 SUSE bug 1258542 SUSE bug 1258612 CVE-2025-11065 at SUSE CVE-2025-11065 at NVD CVE-2025-58181 at SUSE CVE-2025-58181 at NVD CVE-2026-22703 at SUSE CVE-2026-22703 at NVD CVE-2026-22772 at SUSE CVE-2026-22772 at NVD CVE-2026-23991 at SUSE CVE-2026-23991 at NVD CVE-2026-23992 at SUSE CVE-2026-23992 at NVD CVE-2026-24122 at SUSE CVE-2026-24122 at NVD CVE-2026-24137 at SUSE CVE-2026-24137 at NVD CVE-2026-26958 at SUSE CVE-2026-26958 at NVD cpe:/o:opensuse:leap:15.6 Security update for libssh (Moderate) openSUSE Leap 15.6 This update for libssh fixes the following issues: - CVE-2026-0964: improper sanitation of paths received from SCP servers can cause path traversal (bsc#1258049). - CVE-2026-0965: possible denial of service when parsing unexpected configuration files (bsc#1258045). - CVE-2026-0966: buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054). - CVE-2026-0967: specially crafted patterns could cause denial of service (bsc#1258081). - CVE-2026-0968: malformed SFTP message can lead to out of bound read (bsc#1258080). Moderate SUSE bug 1258045 SUSE bug 1258049 SUSE bug 1258054 SUSE bug 1258080 SUSE bug 1258081 CVE-2026-0964 at SUSE CVE-2026-0964 at NVD CVE-2026-0965 at SUSE CVE-2026-0965 at NVD CVE-2026-0966 at SUSE CVE-2026-0966 at NVD CVE-2026-0967 at SUSE CVE-2026-0967 at NVD CVE-2026-0968 at SUSE CVE-2026-0968 at NVD cpe:/o:opensuse:leap:15.6 Security update for tracker-miners (Moderate) openSUSE Leap 15.6 This update for tracker-miners fixes the following issues: - CVE-2026-1764: heap buffer overflow leads to denial of service or information disclosure when parsing MP3 files (bsc#1257606). - CVE-2026-1765: denial of Service and potential information disclosure via crafted MP3 files (bsc#1257607). - CVE-2026-1766: denial of Service and information disclosure via malformed MP3 files (bsc#1257608). - CVE-2026-1767: heap buffer overflow leading to denial of service or information disclosure via malformed MP3 ID3 tags (bsc#1257609). Moderate SUSE bug 1257606 SUSE bug 1257607 SUSE bug 1257608 SUSE bug 1257609 CVE-2026-1764 at SUSE CVE-2026-1764 at NVD CVE-2026-1765 at SUSE CVE-2026-1765 at NVD CVE-2026-1766 at SUSE CVE-2026-1766 at NVD CVE-2026-1767 at SUSE CVE-2026-1767 at NVD cpe:/o:opensuse:leap:15.6 Security update for patch (Low) openSUSE Leap 15.6 This update for patch fixes the following issues: - CVE-2021-45261: Clear range of pointers before they are used/freed (bsc#1194037). Low SUSE bug 1194037 CVE-2021-45261 at SUSE CVE-2021-45261 at NVD cpe:/o:opensuse:leap:15.6 Security update for zlib (Moderate) openSUSE Leap 15.6 This update for zlib fixes the following issue: - CVE-2026-27171: Fixed infinite loop via the `crc32_combine64` and `crc32_combine_gen64` functions due to missing checks for negative lengths (bsc#1258392). Moderate SUSE bug 1258392 CVE-2026-27171 at SUSE CVE-2026-27171 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql14 (Important) openSUSE Leap 15.6 This update for postgresql14 fixes the following issues: Update to version 14.22 (bsc#1258754). Security issues fixed: - CVE-2026-2003: improper validation of type 'oidvector' may allow disclose a few bytes of server memory (bsc#1258008). - CVE-2026-2004: intarray missing validation of type of input to selectivity estimator could lead to arbitrary code execution (bsc#1258009). - CVE-2026-2005: buffer overrun in contrib/pgcrypto's PGP decryption functions could lead to arbitrary code execution (bsc#1258010). - CVE-2026-2006: inadequate validation of multibyte character lengths could lead to arbitrary code execution (bsc#1258011). Regression fixes: - the substring() function raises an error 'invalid byte sequence for encoding' on non-ASCII text values if the source of that value is a database column (caused by CVE-2026-2006 fix). - a standby may halt and return an error 'could not access status of transaction'. Important SUSE bug 1258008 SUSE bug 1258009 SUSE bug 1258010 SUSE bug 1258011 SUSE bug 1258754 CVE-2026-2003 at SUSE CVE-2026-2003 at NVD CVE-2026-2004 at SUSE CVE-2026-2004 at NVD CVE-2026-2005 at SUSE CVE-2026-2005 at NVD CVE-2026-2006 at SUSE CVE-2026-2006 at NVD cpe:/o:opensuse:leap:15.6 Security update for libsoup (Important) openSUSE Leap 15.6 This update for libsoup fixes the following issues: - CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests (bsc#1257398). - CVE-2026-1539: proxy authentication credentials leaked via the Proxy-Authorization header when handling HTTP redirects (bsc#1257441). - CVE-2026-1760: improper handling of HTTP requests combining certain headers by SoupServer can lead to HTTP request smuggling and potential DoS (bsc#1257597). Important SUSE bug 1257398 SUSE bug 1257441 SUSE bug 1257597 CVE-2026-1467 at SUSE CVE-2026-1467 at NVD CVE-2026-1539 at SUSE CVE-2026-1539 at NVD CVE-2026-1760 at SUSE CVE-2026-1760 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.24-openssl (Critical) openSUSE Leap 15.6 This update for go1.24-openssl fixes the following issues: Update to version 1.24.13 (jsc#SLE-18320, bsc#1236217). Security issues fixed: - CVE-2025-61732: cmd/cgo: discrepancy between Go and C/C++ comment parsing allows for C code smuggling (bsc#1257692). - CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain (bsc#1256820). - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818). Other updates and bugfixes: - go#77322 crypto/x509: single-label excluded DNS name constraints incorrectly match all wildcard SANs - go#77424 crypto/tls: CL 737700 broke session resumption on macOS Critical SUSE bug 1236217 SUSE bug 1256818 SUSE bug 1256820 SUSE bug 1257692 CVE-2025-61732 at SUSE CVE-2025-61732 at NVD CVE-2025-68119 at SUSE CVE-2025-68119 at NVD CVE-2025-68121 at SUSE CVE-2025-68121 at NVD cpe:/o:opensuse:leap:15.6 Security update for libxslt (Moderate) openSUSE Leap 15.6 This update for libxslt fixes the following issues: - CVE-2025-10911: use-after-free will be fixed on libxml2 side instead (bsc#1250553). Moderate SUSE bug 1250553 CVE-2025-10911 at SUSE CVE-2025-10911 at NVD cpe:/o:opensuse:leap:15.6 Security update for util-linux (Moderate) openSUSE Leap 15.6 This update for util-linux fixes the following issues: - CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for 'login -h' (bsc#1258859). Moderate SUSE bug 1258859 CVE-2026-3184 at SUSE CVE-2026-3184 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-pip (Low) openSUSE Leap 15.6 This update for python-pip fixes the following issues: - CVE-2026-1703: Fixed a potential path traversal in python-pip. (bsc#1257599) Low SUSE bug 1257599 CVE-2026-1703 at SUSE CVE-2026-1703 at NVD cpe:/o:opensuse:leap:15.6 Security update for wireshark (Low) openSUSE Leap 15.6 This update for wireshark fixes the following issue: - CVE-2026-3201: USB HID protocol dissector memory exhaustion (bsc#1258907). Low SUSE bug 1258907 CVE-2026-3201 at SUSE CVE-2026-3201 at NVD cpe:/o:opensuse:leap:15.6 Security update for libsoup2 (Important) openSUSE Leap 15.6 This update for libsoup2 fixes the following issues: - CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests (bsc#1257398). - CVE-2026-1539: proxy authentication credentials leaked via the Proxy-Authorization header when handling HTTP redirects (bsc#1257441). - CVE-2026-1760: improper handling of HTTP requests combining certain headers by SoupServer can lead to HTTP request smuggling and potential DoS (bsc#1257597). Important SUSE bug 1257398 SUSE bug 1257441 SUSE bug 1257597 CVE-2026-1467 at SUSE CVE-2026-1467 at NVD CVE-2026-1539 at SUSE CVE-2026-1539 at NVD CVE-2026-1760 at SUSE CVE-2026-1760 at NVD cpe:/o:opensuse:leap:15.6 Security update for mozilla-nss (Moderate) openSUSE Leap 15.6 This update for mozilla-nss fixes the following issues: Update to NSS 3.112.3: * CVE-2026-2781: Avoid integer overflow in platform-independent ghash (bsc#1258568) Moderate SUSE bug 1258568 CVE-2026-2781 at SUSE CVE-2026-2781 at NVD cpe:/o:opensuse:leap:15.6 Security update for virtiofsd (Important) openSUSE Leap 15.6 This update for virtiofsd fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257912). Important SUSE bug 1257912 CVE-2026-25727 at SUSE CVE-2026-25727 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Django (Moderate) openSUSE Leap 15.6 This update for python-Django fixes the following issue: - CVE-2026-25674: race condition can lead to potential incorrect permissions on newly created file system objects (bsc#1259142). Moderate SUSE bug 1259142 CVE-2026-25674 at SUSE CVE-2026-25674 at NVD cpe:/o:opensuse:leap:15.6 Security update for php-composer2 (Low) openSUSE Leap 15.6 This update for php-composer2 fixes the following issues: CVE-2025-67746: Fixed ANSI control characters injection in the terminal output of various Composer commands via attacker controlled remote sources. (bsc#1255768) Low SUSE bug 1255768 CVE-2025-67746 at SUSE CVE-2025-67746 at NVD cpe:/o:opensuse:leap:15.6 Security update for expat (Moderate) openSUSE Leap 15.6 This update for expat fixes the following issues: - CVE-2026-24515: Fixed a null dereference in XML_ExternalEntityParserCreate. (bsc#1257144) - CVE-2026-25210: Fixed an integer overflow in doContent. (bsc#1257496) Moderate SUSE bug 1257144 SUSE bug 1257496 CVE-2026-24515 at SUSE CVE-2026-24515 at NVD CVE-2026-25210 at SUSE CVE-2026-25210 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Authlib (Moderate) openSUSE Leap 15.6 This update for python-Authlib fixes the following issues: - CVE-2025-68158: Fixed 1-click account takeover in applications that use the Authlib library (bsc#1256414) Moderate SUSE bug 1256414 CVE-2025-68158 at SUSE CVE-2025-68158 at NVD cpe:/o:opensuse:leap:15.6 Security update for gnutls (Moderate) openSUSE Leap 15.6 This update for gnutls fixes the following issues: Security issue: - CVE-2025-14831: excessive resource consumption when verifying specially crafted malicious certificates containing a large number of name constraints and subject alternative names (bsc#1257960). Other updates and bugfixes: - update libgnutls package to avoid binder getting calculated with SHA256 (bsc#1258083, jsc#PED-15752, jsc#PED-15753). - lib/psk: Add gnutls_psk_allocate_{client,server}_credentials2 - tests/psk-file: Add testing for _credentials2 functions - lib/psk: add null check for binder algo - pre_shared_key: fix memleak when retrying with different binder algo - pre_shared_key: add null check on pskcred Moderate SUSE bug 1257960 SUSE bug 1258083 CVE-2025-14831 at SUSE CVE-2025-14831 at NVD cpe:/o:opensuse:leap:15.6 Security update for gimp (Important) openSUSE Leap 15.6 This update for gimp fixes the following issues: - CVE-2025-15059: Fixed Heap-based Buffer Overflow Remote Code Execution Vulnerability in GIMP PSP File Parsing (bsc#1255766). Important SUSE bug 1255766 CVE-2025-15059 at SUSE CVE-2025-15059 at NVD cpe:/o:opensuse:leap:15.6 Security update for ocaml (Important) openSUSE Leap 15.6 This update for ocaml fixes the following issues: - CVE-2026-28364: missing bounds validation in readblock() can lead to arbitrary code execution (bsc#1258992). Important SUSE bug 1258992 CVE-2026-28364 at SUSE CVE-2026-28364 at NVD cpe:/o:opensuse:leap:15.6 Security update for openvpn (Important) openSUSE Leap 15.6 This update for openvpn fixes the following issues: - Updated to version 2.6.10 that fixes: * CVE-2025-13086: improper validation of IP addresses that can cause denial of service (bsc#1254486) Important SUSE bug 1254486 CVE-2025-13086 at SUSE CVE-2025-13086 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Markdown (Important) openSUSE Leap 15.6 This update for python-Markdown fixes the following issue: - CVE-2025-69534: incomplete markup declaration in raw HTML can crash applications that process untrusted Markdown (bsc#1259256). Important SUSE bug 1259256 CVE-2025-69534 at SUSE CVE-2025-69534 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Flask (Moderate) openSUSE Leap 15.6 This update for python-Flask fixes the following issue: - CVE-2026-27205: information disclosure due to Flask session not adding the `Vary: Cookie` header (bsc#1258700). Moderate SUSE bug 1258700 CVE-2026-27205 at SUSE CVE-2026-27205 at NVD cpe:/o:opensuse:leap:15.6 Security update for ImageMagick (Important) openSUSE Leap 15.6 This update for ImageMagick fixes the following issues: - CVE-2026-24481: Possible Heap Information Disclosure in PSD ZIP Decompression (bsc#1258743). - CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion (bsc#1258790). - CVE-2026-24485: denial of service via malformed PCD file processing (bsc#1258791). - CVE-2026-25576: Out of bounds read in multiple coders that read raw pixel data (bsc#1258748). - CVE-2026-25637: Denial of Service via crafted image due to memory leak (bsc#1258759). - CVE-2026-25638: Denial of Service due to memory leak in image processing (bsc#1258793). - CVE-2026-25795: Denial of Service due to NULL pointer dereference during temporary file creation failure (bsc#1258792). - CVE-2026-25796: Memory leak of watermark Image object in ReadSTEGANOImage on multiple error/early-return paths (bsc#1258757). - CVE-2026-25797: Code injection in various encoders (bsc#1258770). - CVE-2026-25798: NULL Pointer Dereference in ClonePixelCacheRepository via crafted image (bsc#1258787). - CVE-2026-25799: Division-by-Zero in YUV sampling factor validation leads to crash (bsc#1258786). - CVE-2026-25897: Out-of-bounds heap write via integer overflow in sun decoder (bsc#1258799). - CVE-2026-25898: Information disclosure or denial of service via crafted image with invalid pixel index (bsc#1258807). - CVE-2026-25965: Policy bypass through path traversal allows reading restricted content despite secured policy (bsc#1258785). - CVE-2026-25966: Security Policy Bypass through config/policy-secure.xml via 'fd handler' leads to stdin/stdout access (bsc#1258780). - CVE-2026-25967: Stack buffer overflow in FTXT reader via oversized integer field (bsc#1258779). - CVE-2026-25968: MSL attribute stack buffer overflow leads to out of bounds write (bsc#1258776). - CVE-2026-25969: Memory Leak in coders/ashlar.c (bsc#1258775). - CVE-2026-25970: Memory corruption and denial of service via signed integer overflow in SIXEL decoder (bsc#1258802). - CVE-2026-25971: MSL: Stack overflow in ProcessMSLScript (bsc#1258774). - CVE-2026-25983: Denial of service via crafted MSL script (bsc#1258805). - CVE-2026-25985: Memory allocation with excessive without limits in the internal SVG decoder (bsc#1258812). - CVE-2026-25986: Denial of Service via malicious YUV image processing (bsc#1258818). - CVE-2026-25987: Memory disclosure and denial of service via crafted MAP files (bsc#1258821). - CVE-2026-25988: Denial of Service due to memory leak in image processing (bsc#1258810). - CVE-2026-25989: Integer overflow or wraparound and incorrect conversion between numeric types in the internal SVG decoder (bsc#1258771). - CVE-2026-26066: Infinite loop when writing IPTCTEXT leads to denial of service via crafted profile (bsc#1258769). - CVE-2026-26284: Heap overflow in pcd decoder leads to out of bounds read (bsc#1258765). - CVE-2026-26983: Invalid MSL <map> can result in a use after free (bsc#1258763). - CVE-2026-27798: Heap Buffer Over-read in WaveletDenoise when processing small images (bsc#1259018). - CVE-2026-27799: ImageMagick has a heap Buffer Over-read in its DJVU image format handler (bsc#1259017). Important SUSE bug 1258743 SUSE bug 1258748 SUSE bug 1258757 SUSE bug 1258759 SUSE bug 1258763 SUSE bug 1258765 SUSE bug 1258769 SUSE bug 1258770 SUSE bug 1258771 SUSE bug 1258774 SUSE bug 1258775 SUSE bug 1258776 SUSE bug 1258779 SUSE bug 1258780 SUSE bug 1258785 SUSE bug 1258786 SUSE bug 1258787 SUSE bug 1258790 SUSE bug 1258791 SUSE bug 1258792 SUSE bug 1258793 SUSE bug 1258799 SUSE bug 1258802 SUSE bug 1258805 SUSE bug 1258807 SUSE bug 1258810 SUSE bug 1258812 SUSE bug 1258818 SUSE bug 1258821 SUSE bug 1259017 SUSE bug 1259018 CVE-2026-24481 at SUSE CVE-2026-24481 at NVD CVE-2026-24484 at SUSE CVE-2026-24484 at NVD CVE-2026-24485 at SUSE CVE-2026-24485 at NVD CVE-2026-25576 at SUSE CVE-2026-25576 at NVD CVE-2026-25637 at SUSE CVE-2026-25637 at NVD CVE-2026-25638 at SUSE CVE-2026-25638 at NVD CVE-2026-25795 at SUSE CVE-2026-25795 at NVD CVE-2026-25796 at SUSE CVE-2026-25796 at NVD CVE-2026-25797 at SUSE CVE-2026-25797 at NVD CVE-2026-25798 at SUSE CVE-2026-25798 at NVD CVE-2026-25799 at SUSE CVE-2026-25799 at NVD CVE-2026-25897 at SUSE CVE-2026-25897 at NVD CVE-2026-25898 at SUSE CVE-2026-25898 at NVD CVE-2026-25965 at SUSE CVE-2026-25965 at NVD CVE-2026-25966 at SUSE CVE-2026-25966 at NVD CVE-2026-25967 at SUSE CVE-2026-25967 at NVD CVE-2026-25968 at SUSE CVE-2026-25968 at NVD CVE-2026-25969 at SUSE CVE-2026-25969 at NVD CVE-2026-25970 at SUSE CVE-2026-25970 at NVD CVE-2026-25971 at SUSE CVE-2026-25971 at NVD CVE-2026-25983 at SUSE CVE-2026-25983 at NVD CVE-2026-25985 at SUSE CVE-2026-25985 at NVD CVE-2026-25986 at SUSE CVE-2026-25986 at NVD CVE-2026-25987 at SUSE CVE-2026-25987 at NVD CVE-2026-25988 at SUSE CVE-2026-25988 at NVD CVE-2026-25989 at SUSE CVE-2026-25989 at NVD CVE-2026-26066 at SUSE CVE-2026-26066 at NVD CVE-2026-26284 at SUSE CVE-2026-26284 at NVD CVE-2026-26983 at SUSE CVE-2026-26983 at NVD CVE-2026-27798 at SUSE CVE-2026-27798 at NVD CVE-2026-27799 at SUSE CVE-2026-27799 at NVD cpe:/o:opensuse:leap:15.6 Security update for c3p0 and mchange-commons (Important) openSUSE Leap 15.6 This update for c3p0 and mchange-commons fixes the following issues: c3p0: - Security issues fixed: - CVE-2026-27830: Fixed unsafe object deserialization (bsc#1258942) - Fix the null pointer exception in the userOverridesAsString method (bsc#1259313). mchange-commons: - Security issues fixed: - CVE-2026-27727: Disabled remote ClassLoading when dereferencing javax.naming.Reference instances (bsc#1258913) Important SUSE bug 1258913 SUSE bug 1258942 SUSE bug 1259313 CVE-2026-27727 at SUSE CVE-2026-27727 at NVD CVE-2026-27830 at SUSE CVE-2026-27830 at NVD cpe:/o:opensuse:leap:15.6 Security update for util-linux (Moderate) openSUSE Leap 15.6 This update for util-linux fixes the following issues: - CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for 'login -h' (bsc#1258859). Moderate SUSE bug 1258859 CVE-2026-3184 at SUSE CVE-2026-3184 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-aiohttp (Important) openSUSE Leap 15.6 This update for python-aiohttp fixes the following issues: - CVE-2025-69228: Fixed denial of service through large payloads (bsc#1256022). - CVE-2025-69226: Fixed brute-force leak of internal static file path components (bsc#1256020). - CVE-2025-69224: Fixed unicode processing of header values could cause parsing discrepancies (bsc#1256018). - CVE-2025-69223: Fixed aiohttp HTTP Parser auto_decompress feature susceptible to zip bomb (bsc#1256017). - CVE-2025-69227: Fixed DoS when bypassing asserts (bsc#1256021). - CVE-2025-69225: Fixed unicode match groups in regexes for ASCII protocol elements (bsc#1256019). - CVE-2025-69229: Fixed DoS through chunked messages (bsc#1256023). Important SUSE bug 1256017 SUSE bug 1256018 SUSE bug 1256019 SUSE bug 1256020 SUSE bug 1256021 SUSE bug 1256022 SUSE bug 1256023 CVE-2025-69223 at SUSE CVE-2025-69223 at NVD CVE-2025-69224 at SUSE CVE-2025-69224 at NVD CVE-2025-69225 at SUSE CVE-2025-69225 at NVD CVE-2025-69226 at SUSE CVE-2025-69226 at NVD CVE-2025-69227 at SUSE CVE-2025-69227 at NVD CVE-2025-69228 at SUSE CVE-2025-69228 at NVD CVE-2025-69229 at SUSE CVE-2025-69229 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-maturin (Important) openSUSE Leap 15.6 This update for python-maturin fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257918). Important SUSE bug 1257918 CVE-2026-25727 at SUSE CVE-2026-25727 at NVD cpe:/o:opensuse:leap:15.6 Security update for ImageMagick (Moderate) openSUSE Leap 15.6 This update for ImageMagick fixes the following issue: - CVE-2026-24484: denial of service vulnerability via multi-layer nested MVG to SVG conversion (bsc#1258790). Moderate SUSE bug 1258790 CVE-2026-24484 at SUSE CVE-2026-24484 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaFirefox (Important) openSUSE Leap 15.6 This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.8.0 ESR (MFSA 2026-15) (bsc#1258568): - CVE-2026-2757: Incorrect boundary conditions in the WebRTC: Audio/Video component - CVE-2026-2758: Use-after-free in the JavaScript: GC component - CVE-2026-2759: Incorrect boundary conditions in the Graphics: ImageLib component - CVE-2026-2760: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component - CVE-2026-2761: Sandbox escape in the Graphics: WebRender component - CVE-2026-2762: Integer overflow in the JavaScript: Standard Library component - CVE-2026-2763: Use-after-free in the JavaScript Engine component - CVE-2026-2764: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component - CVE-2026-2765: Use-after-free in the JavaScript Engine component - CVE-2026-2766: Use-after-free in the JavaScript Engine: JIT component - CVE-2026-2767: Use-after-free in the JavaScript: WebAssembly component - CVE-2026-2768: Sandbox escape in the Storage: IndexedDB component - CVE-2026-2769: Use-after-free in the Storage: IndexedDB component - CVE-2026-2770: Use-after-free in the DOM: Bindings (WebIDL) component - CVE-2026-2771: Undefined behavior in the DOM: Core & HTML component - CVE-2026-2772: Use-after-free in the Audio/Video: Playback component - CVE-2026-2773: Incorrect boundary conditions in the Web Audio component - CVE-2026-2774: Integer overflow in the Audio/Video component - CVE-2026-2775: Mitigation bypass in the DOM: HTML Parser component - CVE-2026-2776: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software - CVE-2026-2777: Privilege escalation in the Messaging System component - CVE-2026-2778: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component - CVE-2026-2779: Incorrect boundary conditions in the Networking: JAR component - CVE-2026-2780: Privilege escalation in the Netmonitor component - CVE-2026-2781: Integer overflow in the Libraries component in NSS - CVE-2026-2782: Privilege escalation in the Netmonitor component - CVE-2026-2783: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component - CVE-2026-2784: Mitigation bypass in the DOM: Security component - CVE-2026-2785: Invalid pointer in the JavaScript Engine component - CVE-2026-2786: Use-after-free in the JavaScript Engine component - CVE-2026-2787: Use-after-free in the DOM: Window and Location component - CVE-2026-2788: Incorrect boundary conditions in the Audio/Video: GMP component - CVE-2026-2789: Use-after-free in the Graphics: ImageLib component - CVE-2026-2790: Same-origin policy bypass in the Networking: JAR component - CVE-2026-2791: Mitigation bypass in the Networking: Cache component - CVE-2026-2792: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 - CVE-2026-2793: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 Important SUSE bug 1258568 CVE-2026-2757 at SUSE CVE-2026-2757 at NVD CVE-2026-2758 at SUSE CVE-2026-2758 at NVD CVE-2026-2759 at SUSE CVE-2026-2759 at NVD CVE-2026-2760 at SUSE CVE-2026-2760 at NVD CVE-2026-2761 at SUSE CVE-2026-2761 at NVD CVE-2026-2762 at SUSE CVE-2026-2762 at NVD CVE-2026-2763 at SUSE CVE-2026-2763 at NVD CVE-2026-2764 at SUSE CVE-2026-2764 at NVD CVE-2026-2765 at SUSE CVE-2026-2765 at NVD CVE-2026-2766 at SUSE CVE-2026-2766 at NVD CVE-2026-2767 at SUSE CVE-2026-2767 at NVD CVE-2026-2768 at SUSE CVE-2026-2768 at NVD CVE-2026-2769 at SUSE CVE-2026-2769 at NVD CVE-2026-2770 at SUSE CVE-2026-2770 at NVD CVE-2026-2771 at SUSE CVE-2026-2771 at NVD CVE-2026-2772 at SUSE CVE-2026-2772 at NVD CVE-2026-2773 at SUSE CVE-2026-2773 at NVD CVE-2026-2774 at SUSE CVE-2026-2774 at NVD CVE-2026-2775 at SUSE CVE-2026-2775 at NVD CVE-2026-2776 at SUSE CVE-2026-2776 at NVD CVE-2026-2777 at SUSE CVE-2026-2777 at NVD CVE-2026-2778 at SUSE CVE-2026-2778 at NVD CVE-2026-2779 at SUSE CVE-2026-2779 at NVD CVE-2026-2780 at SUSE CVE-2026-2780 at NVD CVE-2026-2781 at SUSE CVE-2026-2781 at NVD CVE-2026-2782 at SUSE CVE-2026-2782 at NVD CVE-2026-2783 at SUSE CVE-2026-2783 at NVD CVE-2026-2784 at SUSE CVE-2026-2784 at NVD CVE-2026-2785 at SUSE CVE-2026-2785 at NVD CVE-2026-2786 at SUSE CVE-2026-2786 at NVD CVE-2026-2787 at SUSE CVE-2026-2787 at NVD CVE-2026-2788 at SUSE CVE-2026-2788 at NVD CVE-2026-2789 at SUSE CVE-2026-2789 at NVD CVE-2026-2790 at SUSE CVE-2026-2790 at NVD CVE-2026-2791 at SUSE CVE-2026-2791 at NVD CVE-2026-2792 at SUSE CVE-2026-2792 at NVD CVE-2026-2793 at SUSE CVE-2026-2793 at NVD cpe:/o:opensuse:leap:15.6 Security update for python (Important) openSUSE Leap 15.6 This update for python fixes the following issue: - CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in `BytesGenerator` (bsc#1257181). Important SUSE bug 1257181 CVE-2026-1299 at SUSE CVE-2026-1299 at NVD cpe:/o:opensuse:leap:15.6 Security update for GraphicsMagick (Moderate) openSUSE Leap 15.6 This update for GraphicsMagick fixes the following issue: - CVE-2026-25799: Division-by-Zero in YUV sampling factor validation leads to crash (bsc#1258786). Moderate SUSE bug 1258786 CVE-2026-25799 at SUSE CVE-2026-25799 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.25 (Moderate) openSUSE Leap 15.6 This update for go1.25 fixes the following issues: Update to go1.25.8 (bsc#1244485): - CVE-2026-25679: net/url: reject IPv6 literal not at start of host (bsc#1259264). - CVE-2026-27139: os: FileInfo can escape from a Root (bsc#1259268). - CVE-2026-27142: html/template: URLs in meta content attribute actions are not escaped (bsc#1259265). Changelog: * go#77253 cmd/compile: miscompile of global array initialization * go#77406 os: Go 1.25.x regression on RemoveAll for windows * go#77413 runtime: netpollinit() incorrectly prints the error from linux.Eventfd * go#77438 cmd/go: CGO compilation fails after upgrading from Go 1.25.5 to 1.25.6 due to --define-variable flag in pkg-config * go#77531 net/smtp: expiry date of localhostCert for testing is too short Moderate SUSE bug 1244485 SUSE bug 1259264 SUSE bug 1259265 SUSE bug 1259268 CVE-2026-25679 at SUSE CVE-2026-25679 at NVD CVE-2026-27139 at SUSE CVE-2026-27139 at NVD CVE-2026-27142 at SUSE CVE-2026-27142 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.26 (Moderate) openSUSE Leap 15.6 This update for go1.26 fixes the following issues: Update to go1.26.1 (bsc#1255111): - CVE-2026-25679: net/url: reject IPv6 literal not at start of host (bsc#1259264). - CVE-2026-27137: crypto/x509: incorrect enforcement of email constraints (bsc#1259266). - CVE-2026-27138: crypto/x509: panic in name constraint checking for malformed certificates (bsc#1259267). - CVE-2026-27139: os: FileInfo can escape from a Root (bsc#1259268). - CVE-2026-27142: html/template: URLs in meta content attribute actions are not escaped (bsc#1259265). Changelog: * go#77252 cmd/compile: miscompile of global array initialization * go#77407 os: Go 1.25.x regression on RemoveAll for windows * go#77474 cmd/go: CGO compilation fails after upgrading from Go 1.25.5 to 1.25.6 due to --define-variable flag in pkg-config * go#77529 cmd/fix, x/tools/go/analysis/passes/modernize: stringscut: OOB panic in indexArgValid analyzing 'buf.Bytes()' call * go#77532 net/smtp: expiry date of localhostCert for testing is too short * go#77536 cmd/compile: internal compiler error: 'main.func1': not lowered: v15, Load STRUCT PTR SSA * go#77618 strings: HasSuffix doesn't work correctly for multibyte runes in go 1.26 * go#77623 cmd/compile: internal compiler error on : 'tried to free an already free register' with generic function and type >= 192 bytes * go#77624 cmd/fix, x/tools/go/analysis/passes/modernize: stringsbuilder breaks code when combining two strings.Builders * go#77680 cmd/link: TestFlagW/-w_-linkmode=external fails on illumos * go#77766 cmd/fix,x/tools/go/analysis/passes/modernize: rangeint uses target platform's type in the range expression, breaking other platforms * go#77780 reflect: breaking change for reflect.Value.Interface behaviour * go#77786 cmd/compile: rewriteFixedLoad does not properly sign extend AuxInt * go#77803 cmd/fix,x/tools/go/analysis/passes/modernize: reflect.TypeOf(nil) transformed into reflect.TypeFor[untyped nil]() * go#77804 cmd/fix,x/tools/go/analysis/passes/modernize: minmax breaks select statements * go#77805 cmd/fix, x/tools/go/analysis/passes/modernize: waitgroup leads to a compilation error * go#77807 cmd/fix,x/tools/go/analysis/passes/modernize: stringsbuilder ignores variables if they are used multiple times * go#77849 cmd/fix,x/tools/go/analysis/passes/modernize: stringscut rewrite changes behavior * go#77860 cmd/go: change go mod init default go directive back to 1.N * go#77899 cmd/fix, x/tools/go/analysis/passes/modernize: bad rangeint rewriting * go#77904 x/tools/go/analysis/passes/modernize: stringsbuilder breaks code when GenDecl is a block declaration Moderate SUSE bug 1255111 SUSE bug 1259264 SUSE bug 1259265 SUSE bug 1259266 SUSE bug 1259267 SUSE bug 1259268 CVE-2026-25679 at SUSE CVE-2026-25679 at NVD CVE-2026-27137 at SUSE CVE-2026-27137 at NVD CVE-2026-27138 at SUSE CVE-2026-27138 at NVD CVE-2026-27139 at SUSE CVE-2026-27139 at NVD CVE-2026-27142 at SUSE CVE-2026-27142 at NVD cpe:/o:opensuse:leap:15.6 Security update for tomcat11 (Important) openSUSE Leap 15.6 This update for tomcat11 fixes the following issues: Update to Tomcat 11.0.18: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371). - CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385). - CVE-2026-24734: certificate revocation bypass due to incomplete OCSP verification checks (bsc#1258387). Changelog: * Catalina + Fix: 69932: Fix request end access log pattern regression, which would log the start time of the request instead. (remm) + Fix: 69623: Additional fix for the long standing regression that meant that calls to ClassLoader.getResource().getContent() failed when made from within a web application with resource caching enabled if the target resource was packaged in a JAR file. (markt) + Fix: Pull request #923: Avoid adding multiple CSRF tokens to a URL in the CsrfPreventionFilter. (schultz) + Fix: 69918: Ensure request parameters are correctly parsed for HTTP/2 requests when the content-length header is not set. (dsoumis) + Update: Enable minimum and recommended Tomcat Native versions to be set separately for Tomcat Native 1.x and 2.x. Update the minimum and recommended versions for Tomcat Native 1.x to 1.3.4. Update the minimum and recommended versions for Tomcat Native 2.x to 2.0.12. (markt) + Add: Add a new ssoReauthenticationMode to the Tomcat provided Authenticators that provides a per Authenticator override of the SSO Valve requireReauthentication attribute. (markt) + Fix: Ensure URL encoding errors in the Rewrite Valve trigger an exception rather than silently using a replacement character. (markt) + Fix: 69871: Increase log level to INFO for missing configuration for the rewrite valve. (remm) + Fix: Add log warnings for additional Host appBase suspicious values. (remm) + Fix: Remove hard dependency on tomcat-jni.jar for catalina.jar. org.apache.catalina.Connector no longer requires org.apache.tomcat.jni.AprStatus to be present. (markt) + Add: Add the ability to use a custom function to generate the client identifier in the CrawlerSessionManagerValve. This is only available programmatically. Pull request #902 by Brian Matzon. (markt) + Fix: Change the SSO reauthentication behaviour for SPNEGO authentication so that a normal SPNEGO authentication is performed if the SSL Valve is configured with reauthentication enabled. This is so that the delegated credentials will be available to the web application. (markt) + Fix: When generating the class path in the Loader, re-order the check on individual class path components to avoid a potential NullPointerException. Identified by Coverity Scan. (markt) + Fix: Fix SSL socket factory configuration in the JNDI realm. Based on pull request #915 by Joshua Rogers. (remm) + Update: Add an attribute, digestInRfc3112Order, to MessageDigestCredentialHandler to control the order in which the credential and salt are digested. By default, the current, non-RFC 3112 compliant, order of salt then credential will be used. This default will change in Tomcat 12 to the RFC 3112 compliant order of credential then salt. (markt) * Cluster + Add: 62814: Document that human-readable names may be used for mapSendOptions and align documentation with channelSendOptions. Based on pull request #929 by archan0621. (markt) * Clustering + Fix: Correct a regression introduced in 11.0.11 that broke some clustering configurations. (markt) * Coyote + Fix: 69936: Fix bug in previous fix for Tomcat Native crashes on shutdown that triggered a significant memory leak. Patch provided by Wes. (markt) + Fix: Prevent concurrent release of OpenSSLEngine resources and the termination of the Tomcat Native library as it can cause crashes during Tomcat shutdown. (markt) + Fix: Improve warnings when setting ciphers lists in the FFM code, mirroring the tomcat-native changes. (remm) + Fix: 69910: Dereference TLS objects right after closing a socket to improve memory efficiency. (remm) + Fix: Relax the JSSE vs OpenSSL configuration style checks on SSLHostConfig to reflect the existing implementation that allows one configuration style to be used for the trust attributes and a different style for all the other attributes. (markt) + Fix: Better warning message when OpenSSLConf configuration elements are used with a JSSE TLS implementation. (markt) + Fix: When using OpenSSL via FFM, don't log a warning about missing CA certificates unless CA certificates were configured and the configuration failed. (markt) + Add: For configuration consistency between OpenSSL and JSSE TLS implementations, TLSv1.3 cipher suites included in the ciphers attribute of an SSLHostConfig are now always ignored (previously they would be ignored with OpenSSL implementations and used with JSSE implementations) and a warning is logged that the cipher suite has been ignored. (markt) + Add: Add the ciphersuite attribute to SSLHostConfig to configure the TLSv1.3 cipher suites. (markt) + Add: Add OCSP support to JSSE based TLS connectors and make the use of OCSP configurable per connector for both JSSE and OpenSSL based TLS implementations. Align the checks performed by OpenSSL with those performed by JSSE. (markt) + Add: Add support for soft failure of OCSP checks with soft failure support disabled by default. (markt) + Add: Add support for configuring the verification flags passed to OCSP_basic_verify when using an OpenSSL based TLS implementation. (markt) + Fix: Fix OpenSSL FFM code compatibility with LibreSSL versions below 3.5. + Fix: Don't log an incorrect certificate KeyStore location when creating a TLS connector if the KeyStore instance has been set directly on the connector. (markt) + Fix: HTTP/0.9 only allows GET as the HTTP method. (remm) + Add: Add strictSni attribute on the Connector to allow matching the SSLHostConfig configuration associated with the SNI host name to the SSLHostConfig configuration matched from the HTTP protocol host name. Non matching configurations will cause the request to be rejected. The attribute default value is true, enabling the matching. (remm) + Fix: Graceful failure for OCSP on BoringSSL in the FFM code. (remm) + Fix: 69866: Fix a memory leak when using a trust store with the OpenSSL provider. Pull request #912 by aogburn. (markt) + Fix: Fix potential crash on shutdown when a Connector depends on the Tomcat Native library. (markt) + Fix: Fix AJP message length check. Pull request #916 by Joshua Rogers. * Jasper + Fix: 69333: Correct a regression in the previous fix for 69333 and ensure that reuse() or release() is always called for a tag. (markt) + Fix: 69877: Catch IllegalArgumentException when processing URIs when creating the classpath to handle invalid URIs. (remm) + Fix: Fix populating the classpath with the webapp classloader repositories. (remm) + Fix: 69862: Avoid NPE unwrapping Servlet exception which would hide some exception details. Patch submitted by Eric Blanquer. (remm) * Jdbc-pool + Fix: 64083: If the underlying connection has been closed, don't add it to the pool when it is returned. Pull request #235 by Alex Panchenko. (markt) * Web applications + Fix: Manager: Fix abrupt truncation of the HTML and JSON complete server status output if one or more of the web applications failed to start. (schultz) + Add: Manager: Include web application state in the HTML and JSON complete server status output. (markt) + Add: Documentation: Expand the documentation to better explain when OCSP is supported and when it is not. (markt) * Websocket + Fix: 69920: When attempting to write to a closed Writer or OutputStream obtained from a WebSocket session, throw an IOException rather than an IllegalStateExcpetion as required by Writer and strongly suggested by OutputStream. (markt) * Other + Add: Add property 'gpg.sign.files' to optionally disable release artefact signing with GPG. (rjung) + Add: Add test.silent property to suppress JUnit console output during test execution. Useful for cleaner console output when running tests with multiple threads. (csutherl) + Update: Update the internal fork of Commons Pool to 2.13.1. (markt) + Update: Update the internal fork of Commons DBCP to 2.14.0. (markt) + Update: Update Commons Daemon to 1.5.1. (markt) + Update: Update to the Eclipse JDT compiler 4.37. (markt) + Update: Update ByteBuddy to 1.18.3. (markt) + Update: Update UnboundID to 7.0.4. (markt) + Update: Update Checkstyle to 12.3.1. (markt) + Add: Improvements to French translations. (markt) + Add: Improvements to Japanese translations provided by tak7iji. (markt) + Add: Improvements to Chinese translations provided by Yang. vincent.h and yong hu. (markt) + Update: Update Tomcat Native to 2.0.12. (markt) + Add: Add test profile system for selective test execution. Profiles can be specified via -Dtest.profile=<name> to run specific test subsets without using patterns directly. Profile patterns are defined in test-profiles.properties. (csutherl) + Update: Update file extension to media type mappings to align with the current list used by the Apache Web Server (httpd). (markt) + Update: Update the packaged version of the Tomcat Migration Tool for Jakarta EE to 1.0.10. (markt) + Update: Update Commons Daemon to 1.5.0. (markt) + Update: Update Byte Buddy to 1.18.2. (markt) + Update: Update Checkstyle to 12.2.0. (markt) + Add: Improvements to Spanish translations provided by White Vogel. (markt) + Add: Improvements to French translations. (remm) + Update: Update the internal fork of Apache Commons BCEL to 6.11.0. (markt) + Update: Update to Byte Buddy 1.17.8. (markt) + Update: Update to Checkstyle 12.1.1. (markt) + Update: Update to Jacoco 0.8.14. (markt) + Update: Update to SpotBugs 4.9.8. (markt) + Update: Update to JSign 7.4. (markt) + Update: Update Maven Resolver Ant Tasks to 1.6.0. (rjung) Important SUSE bug 1253460 SUSE bug 1258371 SUSE bug 1258385 SUSE bug 1258387 CVE-2025-66614 at SUSE CVE-2025-66614 at NVD CVE-2026-24733 at SUSE CVE-2026-24733 at NVD CVE-2026-24734 at SUSE CVE-2026-24734 at NVD cpe:/o:opensuse:leap:15.6 Security update for MozillaThunderbird (Important) openSUSE Leap 15.6 This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 140.8 MFSA 2026-17 (bsc#1258568): - CVE-2026-2757: Incorrect boundary conditions in the WebRTC: Audio/Video component - CVE-2026-2758: Use-after-free in the JavaScript: GC component - CVE-2026-2759: Incorrect boundary conditions in the Graphics: ImageLib component - CVE-2026-2760: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component - CVE-2026-2761: Sandbox escape in the Graphics: WebRender component - CVE-2026-2762: Integer overflow in the JavaScript: Standard Library component - CVE-2026-2763: Use-after-free in the JavaScript Engine component - CVE-2026-2764: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component - CVE-2026-2765: Use-after-free in the JavaScript Engine component - CVE-2026-2766: Use-after-free in the JavaScript Engine: JIT component - CVE-2026-2767: Use-after-free in the JavaScript: WebAssembly component - CVE-2026-2768: Sandbox escape in the Storage: IndexedDB component - CVE-2026-2769: Use-after-free in the Storage: IndexedDB component - CVE-2026-2770: Use-after-free in the DOM: Bindings (WebIDL) component - CVE-2026-2771: Undefined behavior in the DOM: Core & HTML component - CVE-2026-2772: Use-after-free in the Audio/Video: Playback component - CVE-2026-2773: Incorrect boundary conditions in the Web Audio component - CVE-2026-2774: Integer overflow in the Audio/Video component - CVE-2026-2775: Mitigation bypass in the DOM: HTML Parser component - CVE-2026-2776: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software - CVE-2026-2777: Privilege escalation in the Messaging System component - CVE-2026-2778: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component - CVE-2026-2779: Incorrect boundary conditions in the Networking: JAR component - CVE-2026-2780: Privilege escalation in the Netmonitor component - CVE-2026-2781: Integer overflow in the Libraries component in NSS - CVE-2026-2782: Privilege escalation in the Netmonitor component - CVE-2026-2783: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component - CVE-2026-2784: Mitigation bypass in the DOM: Security component - CVE-2026-2785: Invalid pointer in the JavaScript Engine component - CVE-2026-2786: Use-after-free in the JavaScript Engine component - CVE-2026-2787: Use-after-free in the DOM: Window and Location component - CVE-2026-2788: Incorrect boundary conditions in the Audio/Video: GMP component - CVE-2026-2789: Use-after-free in the Graphics: ImageLib component - CVE-2026-2790: Same-origin policy bypass in the Networking: JAR component - CVE-2026-2791: Mitigation bypass in the Networking: Cache component - CVE-2026-2792: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 - CVE-2026-2793: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 Important SUSE bug 1258568 CVE-2026-2757 at SUSE CVE-2026-2757 at NVD CVE-2026-2758 at SUSE CVE-2026-2758 at NVD CVE-2026-2759 at SUSE CVE-2026-2759 at NVD CVE-2026-2760 at SUSE CVE-2026-2760 at NVD CVE-2026-2761 at SUSE CVE-2026-2761 at NVD CVE-2026-2762 at SUSE CVE-2026-2762 at NVD CVE-2026-2763 at SUSE CVE-2026-2763 at NVD CVE-2026-2764 at SUSE CVE-2026-2764 at NVD CVE-2026-2765 at SUSE CVE-2026-2765 at NVD CVE-2026-2766 at SUSE CVE-2026-2766 at NVD CVE-2026-2767 at SUSE CVE-2026-2767 at NVD CVE-2026-2768 at SUSE CVE-2026-2768 at NVD CVE-2026-2769 at SUSE CVE-2026-2769 at NVD CVE-2026-2770 at SUSE CVE-2026-2770 at NVD CVE-2026-2771 at SUSE CVE-2026-2771 at NVD CVE-2026-2772 at SUSE CVE-2026-2772 at NVD CVE-2026-2773 at SUSE CVE-2026-2773 at NVD CVE-2026-2774 at SUSE CVE-2026-2774 at NVD CVE-2026-2775 at SUSE CVE-2026-2775 at NVD CVE-2026-2776 at SUSE CVE-2026-2776 at NVD CVE-2026-2777 at SUSE CVE-2026-2777 at NVD CVE-2026-2778 at SUSE CVE-2026-2778 at NVD CVE-2026-2779 at SUSE CVE-2026-2779 at NVD CVE-2026-2780 at SUSE CVE-2026-2780 at NVD CVE-2026-2781 at SUSE CVE-2026-2781 at NVD CVE-2026-2782 at SUSE CVE-2026-2782 at NVD CVE-2026-2783 at SUSE CVE-2026-2783 at NVD CVE-2026-2784 at SUSE CVE-2026-2784 at NVD CVE-2026-2785 at SUSE CVE-2026-2785 at NVD CVE-2026-2786 at SUSE CVE-2026-2786 at NVD CVE-2026-2787 at SUSE CVE-2026-2787 at NVD CVE-2026-2788 at SUSE CVE-2026-2788 at NVD CVE-2026-2789 at SUSE CVE-2026-2789 at NVD CVE-2026-2790 at SUSE CVE-2026-2790 at NVD CVE-2026-2791 at SUSE CVE-2026-2791 at NVD CVE-2026-2792 at SUSE CVE-2026-2792 at NVD CVE-2026-2793 at SUSE CVE-2026-2793 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql18 (Important) openSUSE Leap 15.6 This update for postgresql18 fixes the following issues: Update to version 18.3 (bsc#1258754). Security issues fixed: - CVE-2026-2003: improper validation of type 'oidvector' may allow disclose a few bytes of server memory (bsc#1258008). - CVE-2026-2004: intarray missing validation of type of input to selectivity estimator could lead to arbitrary code execution (bsc#1258009). - CVE-2026-2005: buffer overrun in contrib/pgcrypto's PGP decryption functions could lead to arbitrary code execution (bsc#1258010). - CVE-2026-2006: inadequate validation of multibyte character lengths could lead to arbitrary code execution (bsc#1258011). - CVE-2026-2007: pg_trgm heap buffer overflow can cause to write pattern onto server memory (bsc#1258012). Regression fixes: - the substring() function raises an error 'invalid byte sequence for encoding' on non-ASCII text values if the source of that value is a database column (caused by CVE-2026-2006 fix). - a standby may halt and return an error 'could not access status of transaction'. Important SUSE bug 1258008 SUSE bug 1258009 SUSE bug 1258010 SUSE bug 1258011 SUSE bug 1258012 SUSE bug 1258754 CVE-2026-2003 at SUSE CVE-2026-2003 at NVD CVE-2026-2004 at SUSE CVE-2026-2004 at NVD CVE-2026-2005 at SUSE CVE-2026-2005 at NVD CVE-2026-2006 at SUSE CVE-2026-2006 at NVD CVE-2026-2007 at SUSE CVE-2026-2007 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql16 (Important) openSUSE Leap 15.6 This update for postgresql16 fixes the following issues: Update to version 16.13 (bsc#1258754). Security issues fixed: - CVE-2026-2003: improper validation of type 'oidvector' may allow disclose a few bytes of server memory (bsc#1258008). - CVE-2026-2004: intarray missing validation of type of input to selectivity estimator could lead to arbitrary code execution (bsc#1258009). - CVE-2026-2005: buffer overrun in contrib/pgcrypto's PGP decryption functions could lead to arbitrary code execution (bsc#1258010). - CVE-2026-2006: inadequate validation of multibyte character lengths could lead to arbitrary code execution (bsc#1258011). Regression fixes: - the substring() function raises an error 'invalid byte sequence for encoding' on non-ASCII text values if the source of that value is a database column (caused by CVE-2026-2006 fix). - a standby may halt and return an error 'could not access status of transaction'. Important SUSE bug 1258008 SUSE bug 1258009 SUSE bug 1258010 SUSE bug 1258011 SUSE bug 1258754 CVE-2026-2003 at SUSE CVE-2026-2003 at NVD CVE-2026-2004 at SUSE CVE-2026-2004 at NVD CVE-2026-2005 at SUSE CVE-2026-2005 at NVD CVE-2026-2006 at SUSE CVE-2026-2006 at NVD cpe:/o:opensuse:leap:15.6 Security update for postgresql17 (Important) openSUSE Leap 15.6 This update for postgresql17 fixes the following issues: Update to version 17.9 (bsc#1258754). Security issues fixed: - CVE-2026-2003: improper validation of type 'oidvector' may allow disclose a few bytes of server memory (bsc#1258008). - CVE-2026-2004: intarray missing validation of type of input to selectivity estimator could lead to arbitrary code execution (bsc#1258009). - CVE-2026-2005: buffer overrun in contrib/pgcrypto's PGP decryption functions could lead to arbitrary code execution (bsc#1258010). - CVE-2026-2006: inadequate validation of multibyte character lengths could lead to arbitrary code execution (bsc#1258011). Regression fixes: - the substring() function raises an error 'invalid byte sequence for encoding' on non-ASCII text values if the source of that value is a database column (caused by CVE-2026-2006 fix). - a standby may halt and return an error 'could not access status of transaction'. Important SUSE bug 1258008 SUSE bug 1258009 SUSE bug 1258010 SUSE bug 1258011 SUSE bug 1258754 CVE-2026-2003 at SUSE CVE-2026-2003 at NVD CVE-2026-2004 at SUSE CVE-2026-2004 at NVD CVE-2026-2005 at SUSE CVE-2026-2005 at NVD CVE-2026-2006 at SUSE CVE-2026-2006 at NVD cpe:/o:opensuse:leap:15.6 Security update for curl (Important) openSUSE Leap 15.6 This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362). - CVE-2026-3783: token leak with redirect and netrc (bsc#1259363). - CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364). - CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365). Important SUSE bug 1259362 SUSE bug 1259363 SUSE bug 1259364 SUSE bug 1259365 CVE-2026-1965 at SUSE CVE-2026-1965 at NVD CVE-2026-3783 at SUSE CVE-2026-3783 at NVD CVE-2026-3784 at SUSE CVE-2026-3784 at NVD CVE-2026-3805 at SUSE CVE-2026-3805 at NVD cpe:/o:opensuse:leap:15.6 Security update for libsoup2 (Moderate) openSUSE Leap 15.6 This update for libsoup2 fixes the following issue: - CVE-2026-0716: improper bounds handling may allow out-of-bounds read (bsc#1256418). Moderate SUSE bug 1256418 CVE-2026-0716 at SUSE CVE-2026-0716 at NVD cpe:/o:opensuse:leap:15.6 Security update for tomcat10 (Important) openSUSE Leap 15.6 This update for tomcat10 fixes the following issues: Update to Tomcat 10.1.52: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371). - CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385). - CVE-2026-24734: certificate revocation bypass due to incomplete OCSP verification checks (bsc#1258387). Changelog: * Catalina + Fix: 69623: Additional fix for the long standing regression that meant that calls to ClassLoader.getResource().getContent() failed when made from within a web application with resource caching enabled if the target resource was packaged in a JAR file. (markt) + Fix: Pull request #923: Avoid adding multiple CSRF tokens to a URL in the CsrfPreventionFilter. (schultz) + Fix: 69918: Ensure request parameters are correctly parsed for HTTP/2 requests when the content-length header is not set. (dsoumis) + Update: Enable minimum and recommended Tomcat Native versions to be set separately for Tomcat Native 1.x and 2.x. Update the minimum and recommended versions for Tomcat Native 1.x to 1.3.4. Update the minimum and recommended versions for Tomcat Native 2.x to 2.0.12. (markt) + Add: Add a new ssoReauthenticationMode to the Tomcat provided Authenticators that provides a per Authenticator override of the SSO Valve requireReauthentication attribute. (markt) + Fix: Ensure URL encoding errors in the Rewrite Valve trigger an exception rather than silently using a replacement character. (markt) + Fix: 69932: Fix request end access log pattern regression, which would log the start time of the request instead. (remm) + Fix: 69871: Increase log level to INFO for missing configuration for the rewrite valve. (remm) + Fix: Add log warnings for additional Host appBase suspicious values. (remm) + Fix: Remove hard dependency on tomcat-jni.jar for catalina.jar. org.apache.catalina.Connector no longer requires org.apache.tomcat.jni.AprStatus to be present. (markt) + Add: Add the ability to use a custom function to generate the client identifier in the CrawlerSessionManagerValve. This is only available programmatically. Pull request #902 by Brian Matzon. (markt) + Fix: Change the SSO reauthentication behaviour for SPNEGO authentication so that a normal SPNEGO authentication is performed if the SSL Valve is configured with reauthentication enabled. This is so that the delegated credentials will be available to the web application. (markt) + Fix: When generating the class path in the Loader, re-order the check on individual class path components to avoid a potential NullPointerException. Identified by Coverity Scan. (markt) + Fix: Fix SSL socket factory configuration in the JNDI realm. Based on pull request #915 by Joshua Rogers. (remm) + Update: Add an attribute, digestInRfc3112Order, to MessageDigestCredentialHandler to control the order in which the credential and salt are digested. By default, the current, non-RFC 3112 compliant, order of salt then credential will be used. This default will change in Tomcat 12 to the RFC 3112 compliant order of credential then salt. (markt) + Fix: Log warnings when the SSO configuration does not comply with the documentation. (remm) + Update: Deprecate the RemoteAddrFilter and RemoteAddrValve in favour of the RemoteCIDRFilter and RemoteCIDRValve. (markt) + Fix: 69837: Fix corruption of the class path generated by the Loader when running on Windows. (markt) + Fix: Reject requests that map to invalid Windows file names earlier. (markt) + Fix: 69839: Ensure that changes to session IDs (typically after authentication) are promulgated to the SSO Valve to ensure that SSO entries are fully clean-up on session expiration. Patch provided by Kim Johan Andersson. (markt) + Fix: Fix a race condition in the creation of the storage location for the FileStore. (markt) * Cluster + Add: 62814: Document that human-readable names may be used for mapSendOptions and align documentation with channelSendOptions. Based on pull request #929 by archan0621. (markt) * Clustering + Fix: Correct a regression introduced in 10.1.45 that broke some clustering configurations. (markt) * Coyote + Fix: 69936: Fix bug in previous fix for Tomcat Native crashes on shutdown that triggered a significant memory leak. Patch provided by Wes. (markt) + Fix: Avoid possible NPEs when using a TLS enabled custom connector. (remm) + Fix: Improve warnings when setting ciphers lists in the FFM code, mirroring the tomcat-native changes. (remm) + Fix: 69910: Dereference TLS objects right after closing a socket to improve memory efficiency. (remm) + Fix: Relax the JSSE vs OpenSSL configuration style checks on SSLHostConfig to reflect the existing implementation that allows one configuration style to be used for the trust attributes and a different style for all the other attributes. (markt) + Fix: Better warning message when OpenSSLConf configuration elements are used with a JSSE TLS implementation. (markt) + Fix: When using OpenSSL via FFM, don't log a warning about missing CA certificates unless CA certificates were configured and the configuration failed. (markt) + Add: For configuration consistency between OpenSSL and JSSE TLS implementations, TLSv1.3 cipher suites included in the ciphers attribute of an SSLHostConfig are now always ignored (previously they would be ignored with OpenSSL implementations and used with JSSE implementations) and a warning is logged that the cipher suite has been ignored. (markt) + Add: Add the ciphersuite attribute to SSLHostConfig to configure the TLSv1.3 cipher suites. (markt) + Add: Add OCSP support to JSSE based TLS connectors and make the use of OCSP configurable per connector for both JSSE and OpenSSL based TLS implementations. Align the checks performed by OpenSSL with those performed by JSSE. (markt) + Add: Add support for soft failure of OCSP checks with soft failure support disabled by default. (markt) + Add: Add support for configuring the verification flags passed to OCSP_basic_verify when using an OpenSSL based TLS implementation. (markt) + Fix: Fix OpenSSL FFM code compatibility with LibreSSL versions below 3.5. + Fix: Prevent concurrent release of OpenSSLEngine resources and the termination of the Tomcat Native library as it can cause crashes during Tomcat shutdown. (markt) + Fix: Don't log an incorrect certificate KeyStore location when creating a TLS connector if the KeyStore instance has been set directly on the connector. (markt) + Fix: HTTP/0.9 only allows GET as the HTTP method. (remm) + Add: Add strictSni attribute on the Connector to allow matching the SSLHostConfig configuration associated with the SNI host name to the SSLHostConfig configuration matched from the HTTP protocol host name. Non matching configurations will cause the request to be rejected. The attribute default value is true, enabling the matching. (remm) + Fix: Graceful failure for OCSP on BoringSSL in the FFM code. (remm) + Fix: Fix use of deferAccept attribute in JMX, since it is normally only removed in Tomcat 11. (remm) + Fix: 69866: Fix a memory leak when using a trust store with the OpenSSL provider. Pull request #912 by aogburn. (markt) + Fix: Fix potential crash on shutdown when a Connector depends on the Tomcat Native library. (markt) + Fix: Fix AJP message length check. Pull request #916 by Joshua Rogers. + Fix: 69848: Fix copy/paste errors in 10.1.47 that meant DELETE requests received via the AJP connector were processed as OPTIONS requests and PROPFIND requests were processed as TRACE. (markt) + Fix: Various OCSP processing issues in the OpenSSL FFM code. (dsoumis) * General + Add: Add test.silent property to suppress JUnit console output during test execution. Useful for cleaner console output when running tests with multiple threads. (csutherl) * Jasper + Fix: 69333: Correct a regression in the previous fix for 69333 and ensure that reuse() or release() is always called for a tag. (markt) + Fix: 69877: Catch IllegalArgumentException when processing URIs when creating the classpath to handle invalid URIs. (remm) + Fix: Fix populating the classpath with the webapp classloader repositories. (remm) + Fix: 69862: Avoid NPE unwrapping Servlet exception which would hide some exception details. Patch submitted by Eric Blanquer. (remm) * Jdbc-pool + Fix: 64083: If the underlying connection has been closed, don't add it to the pool when it is returned. Pull request #235 by Alex Panchenko. (markt) * Web applications + Fix: Manager: Fix abrupt truncation of the HTML and JSON complete server status output if one or more of the web applications failed to start. (schultz) + Add: Manager: Include web application state in the HTML and JSON complete server status output. (markt) + Add: Documentation: Expand the documentation to better explain when OCSP is supported and when it is not. (markt) * Websocket + Fix: 69920: When attempting to write to a closed Writer or OutputStream obtained from a WebSocket session, throw an IOException rather than an IllegalStateExcpetion as required by Writer and strongly suggested by OutputStream. (markt) + Fix: 69845: When using permessage-deflate with Java 25 onwards, handle the underlying Inflater and/or Deflater throwing IllegalStateException when closed rather than NullPointerException as they do in Java 24 and earlier. * Other + Update: Update the internal fork of Commons Pool to 2.13.1. (markt) + Update: Update the internal fork of Commons DBCP to 2.14.0. (markt) + Update: Update Commons Daemon to 1.5.1. (markt) + Update: Update ByteBuddy to 1.18.3. (markt) + Update: Update UnboundID to 7.0.4. (markt) + Update: Update Checkstyle to 12.3.1. (markt) + Add: Improvements to French translations. (markt) + Add: Improvements to Japanese translations provided by tak7iji. (markt) + Add: Improvements to Chinese translations provided by Yang. vincent.h and yong hu. (markt) + Update: Update Tomcat Native to 2.0.12. (markt) + Add: Add property 'gpg.sign.files' to optionally disable release artefact signing with GPG. (rjung) + Add: Add test profile system for selective test execution. Profiles can be specified via -Dtest.profile=<name> to run specific test subsets without using patterns directly. Profile patterns are defined in test-profiles.properties. (csutherl) + Update: Update file extension to media type mappings to align with the current list used by the Apache Web Server (httpd). (markt) + Update: Update the packaged version of the Tomcat Migration Tool for Jakarta EE to 1.0.10. (markt) + Update: Update Commons Daemon to 1.5.0. (markt) + Update: Update Byte Buddy to 1.18.2. (markt) + Update: Update Checkstyle to 12.2.0. (markt) + Add: Improvements to Spanish translations provided by White Vogel. (markt) + Add: Improvements to French translations. (remm) + Update: Update the internal fork of Apache Commons BCEL to 6.11.0. (markt) + Update: Update to Byte Buddy 1.17.8. (markt) + Update: Update to Checkstyle 12.1.1. (markt) + Update: Update to Jacoco 0.8.14. (markt) + Update: Update to SpotBugs 4.9.8. (markt) + Update: Update to JSign 7.4. (markt) + Update: Update Maven Resolver Ant Tasks to 1.6.0. (rjung) Important SUSE bug 1258371 SUSE bug 1258385 SUSE bug 1258387 CVE-2025-66614 at SUSE CVE-2025-66614 at NVD CVE-2026-24733 at SUSE CVE-2026-24733 at NVD CVE-2026-24734 at SUSE CVE-2026-24734 at NVD cpe:/o:opensuse:leap:15.6 Security update for libsoup (Moderate) openSUSE Leap 15.6 This update for libsoup fixes the following issue: - CVE-2026-0716: improper bounds handling may allow out-of-bounds read (bsc#1256418). Moderate SUSE bug 1256418 CVE-2026-0716 at SUSE CVE-2026-0716 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-black (Moderate) openSUSE Leap 15.6 This update for python-black fixes the following issue: - CVE-2026-32274: arbitrary file writes from unsanitized user input in cache file name (bsc#1259608). Moderate SUSE bug 1259608 CVE-2026-32274 at SUSE CVE-2026-32274 at NVD cpe:/o:opensuse:leap:15.6 Security update for xen (Important) openSUSE Leap 15.6 This update for xen fixes the following issues: - CVE-2026-23554: xen: Use after free of paging structures in EPT (bsc#1259247, XSA-480) - CVE-2026-23555: xen: Xenstored DoS by unprivileged domain (bsc#1259248, XSA-481) Important SUSE bug 1259247 SUSE bug 1259248 CVE-2026-23554 at SUSE CVE-2026-23554 at NVD CVE-2026-23555 at SUSE CVE-2026-23555 at NVD cpe:/o:opensuse:leap:15.6 Security update for vim (Moderate) openSUSE Leap 15.6 This update for vim fixes the following issues: Update Vim to version 9.2.0110: - CVE-2025-53906: Fixed that malicious zip archive may cause a path traversal in Vim's zip (bsc#1246602). - CVE-2026-26269: Fixed Netbeans specialKeys stack buffer overflow (bsc#1258229). - CVE-2026-28417: Fixed that a crafted URL parsed by netrw plugin can lead to execute arbitrary shell commands (bsc#1259051). - CVE-2026-28418: Fixed that a malformed tags file can cause an heap-based buffer overflow out-of-bounds read (bsc#1259052) - CVE-2026-28419: Fixed processing a malformed tags file containing a delimiter can lead to a crash (bsc#1259053) - CVE-2026-28420: Fixed that processing maximum combining characters in terminal emulator can lead to heap-based buffer overflow write (bsc#1259054) - CVE-2026-28421: Fixed that a crafted swap file can cause a heap-buffer-overflow and a segmentation fault - CVE-2026-28422: Fixed that a malicious modeline or plugin can trigger a stack-buffer-overflow (bsc#1259056) Moderate SUSE bug 1246602 SUSE bug 1258229 SUSE bug 1259051 SUSE bug 1259052 SUSE bug 1259053 SUSE bug 1259054 SUSE bug 1259055 SUSE bug 1259056 CVE-2025-53906 at SUSE CVE-2025-53906 at NVD CVE-2026-26269 at SUSE CVE-2026-26269 at NVD CVE-2026-28417 at SUSE CVE-2026-28417 at NVD CVE-2026-28418 at SUSE CVE-2026-28418 at NVD CVE-2026-28419 at SUSE CVE-2026-28419 at NVD CVE-2026-28420 at SUSE CVE-2026-28420 at NVD CVE-2026-28421 at SUSE CVE-2026-28421 at NVD CVE-2026-28422 at SUSE CVE-2026-28422 at NVD cpe:/o:opensuse:leap:15.6 Security update for 389-ds (Important) openSUSE Leap 15.6 This update for 389-ds fixes the following issues: - CVE-2025-14905: Fixed heap buffer overflow due to improper size calculation in `schema_attr_enum_callback` callback (bsc#1258727). Important SUSE bug 1258727 CVE-2025-14905 at SUSE CVE-2025-14905 at NVD cpe:/o:opensuse:leap:15.6 Security update for kubernetes (Important) openSUSE Leap 15.6 This update for kubernetes rebuilds it against the current go 1.25 security release. Important cpe:/o:opensuse:leap:15.6 Security update for jq (Low) openSUSE Leap 15.6 This update for jq fixes the following issue: - CVE-2025-9403: test suite assertion failure in JSON parsing consistency validation (bsc#1248600). Low SUSE bug 1248600 CVE-2025-9403 at SUSE CVE-2025-9403 at NVD cpe:/o:opensuse:leap:15.6 Security update for tomcat (Important) openSUSE Leap 15.6 This update for tomcat fixes the following issues: Update to Tomcat 9.0.115: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping (bsc#1258371). - CVE-2026-24733: improper input validation on HTTP/0.9 requests (bsc#1258385). - CVE-2026-24734: certificate revocation bypass due to incomplete OCSP verification checks (bsc#1258387). Changelog: * Catalina + Fix: 69623: Additional fix for the long standing regression that meant that calls to ClassLoader.getResource().getContent() failed when made from within a web application with resource caching enabled if the target resource was packaged in a JAR file. (markt) + Fix: Pull request #923: Avoid adding multiple CSRF tokens to a URL in the CsrfPreventionFilter. (schultz) + Fix: 69918: Ensure request parameters are correctly parsed for HTTP/2 requests when the content-length header is not set. (dsoumis) + Update: Update the minimum and recommended versions for Tomcat Native to 1.3.4. (markt) + Add: Add a new ssoReauthenticationMode to the Tomcat provided Authenticators that provides a per Authenticator override of the SSO Valve requireReauthentication attribute. (markt) + Fix: Ensure URL encoding errors in the Rewrite Valve trigger an exception rather than silently using a replacement character. (markt) + Fix: 69871: Increase log level to INFO for missing configuration for the rewrite valve. (remm) + Fix: Add log warnings for additional Host appBase suspicious values. (remm) + Fix: Remove hard dependency on tomcat-jni.jar for catalina.jar. org.apache.catalina.Connector no longer requires org.apache.tomcat.jni.AprStatus to be present. (markt) + Add: Add the ability to use a custom function to generate the client identifier in the CrawlerSessionManagerValve. This is only available programmatically. Pull request #902 by Brian Matzon. (markt) + Fix: Change the SSO reauthentication behaviour for SPNEGO authentication so that a normal SPNEGO authentication is performed if the SSL Valve is configured with reauthentication enabled. This is so that the delegated credentials will be available to the web application. (markt) + Fix: When generating the class path in the Loader, re-order the check on individual class path components to avoid a potential NullPointerException. Identified by Coverity Scan. (markt) + Fix: Fix SSL socket factory configuration in the JNDI realm. Based on pull request #915 by Joshua Rogers. (remm) + Update: Add an attribute, digestInRfc3112Order, to MessageDigestCredentialHandler to control the order in which the credential and salt are digested. By default, the current, non-RFC 3112 compliant, order of salt then credential will be used. This default will change in Tomcat 12 to the RFC 3112 compliant order of credential then salt. (markt) * Cluster + Add: 62814: Document that human-readable names maybe used for mapSendOptions and align documentation with channelSendOptions. Based on pull request #929 by archan0621. (markt) * Clustering + Fix: Correct a regression introduced in 9.0.109 that broke some clustering configurations. (markt) * Coyote + Fix: Prevent concurrent release of OpenSSLEngine resources and the termination of the Tomcat Native library as it can cause crashes during Tomcat shutdown. (markt) + Fix: Avoid possible NPEs when using a TLS enabled custom connector. (remm) + Fix: Improve warnings when setting ciphers lists in the FFM code, mirroring the tomcat-native changes. (remm) + Fix: 69910: Dereference TLS objects right after closing a socket to improve memory efficiency. (remm) + Fix: Relax the JSSE vs OpenSSL configuration style checks on SSLHostConfig to reflect the existing implementation that allows one configuration style to be used for the trust attributes and a different style for all the other attributes. (markt) + Fix: Better warning message when OpenSSLConf configuration elements are used with a JSSE TLS implementation. (markt) + Fix: When using OpenSSL via FFM, don't log a warning about missing CA certificates unless CA certificates were configured and the configuration failed. (markt) + Add: For configuration consistency between OpenSSL and JSSE TLS implementations, TLSv1.3 cipher suites included in the ciphers attribute of an SSLHostConfig are now always ignored (previously they would be ignored with OpenSSL implementations and used with JSSE implementations) and a warning is logged that the cipher suite has been ignored. (markt) + Add: Add the ciphersuite attribute to SSLHostConfig to configure the TLSv1.3 cipher suites. (markt) + Add: Add OCSP support to JSSE based TLS connectors and make the use of OCSP configurable per connector for both JSSE and OpenSSL based TLS implementations. Align the checks performed by OpenSSL with those performed by JSSE. (markt) + Add: Add support for soft failure of OCSP checks with soft failure support disabled by default. (markt) + Add: Add support for configuring the verification flags passed to OCSP_basic_verify when using an OpenSSL based TLS implementation. (markt) + Fix: Fix OpenSSL FFM code compatibility with LibreSSL versions below 3.5. + Fix: Don't log an incorrect certificate KeyStore location when creating a TLS connector if the KeyStore instance has been set directly on the connector. (markt) + Fix: HTTP/0.9 only allows GET as the HTTP method. (remm) + Add: Add strictSni attribute on the Connector to allow matching the SSLHostConfig configuration associated with the SNI host name to the SSLHostConfig configuration matched from the HTTP protocol host name. Non matching configurations will cause the request to be rejected. The attribute default value is true, enabling the matching. (remm) + Fix: Graceful failure for OCSP on BoringSSL in the FFM code. (remm) + Fix: 69866: Fix a memory leak when using a trust store with the OpenSSL provider. Pull request #912 by aogburn. (markt) + Fix: Fix AJP message length check. Pull request #916 by Joshua Rogers. * Jasper + Fix: 69333: Correct a regression in the previous fix for 69333 and ensure that reuse() or release() is always called for a tag. (markt) + Fix: 69877: Catch IllegalArgumentException when processing URIs when creating the classpath to handle invalid URIs. (remm) + Fix: Fix populating the classpath with the webapp classloader repositories. (remm) + Fix: 69862: Avoid NPE unwrapping Servlet exception which would hide some exception details. Patch submitted by Eric Blanquer. (remm) * Jdbc-pool + Fix: 64083: If the underlying connection has been closed, don't add it to the pool when it is returned. Pull request #235 by Alex Panchenko. (markt) * Web applications + Fix: Manager: Fix abrupt truncation of the HTML and JSON complete server status output if one or more of the web applications failed to start. (schultz) + Add: Manager: Include web application state in the HTML and JSON complete server status output. (markt) + Add: Documentation: Expand the documentation to better explain when OCSP is supported and when it is not. (markt) * Websocket + Fix: 69920: When attempting to write to a closed Writer or OutputStream obtained from a WebSocket session, throw an IOException rather than an IllegalStateExcpetion as required by Writer and strongly suggested by OutputStream. (markt) * Other + Add: Add property 'gpg.sign.files' to optionally disable release artefact signing with GPG. (rjung) + Add: Add test.silent property to suppress JUnit console output during test execution. Useful for cleaner console output when running tests with multiple threads. (csutherl) + Update: Update the internal fork of Commons Pool to 2.13.1. (markt) + Update: Update the internal fork of Commons DBCP to 2.14.0. (markt) + Update: Update Commons Daemon to 1.5.1. (markt) + Update: Update ByteBuddy to 1.18.3. (markt) + Update: Update UnboundID to 7.0.4. (markt) + Update: Update Checkstyle to 12.3.1. (markt) + Add: Improvements to French translations. (markt) + Add: Improvements to Japanese translations provided by tak7iji. (markt) + Add: Improvements to Chinese translations provided by Yang. vincent.h and yong hu. (markt) + Update: Update Tomcat Native to 1.3.5. (markt) + Add: Add test profile system for selective test execution. Profiles can be specified via -Dtest.profile=<name> to run specific test subsets without using patterns directly. Profile patterns are defined in test-profiles.properties. (csutherl) + Update: Update file extension to media type mappings to align with the current list used by the Apache Web Server (httpd). (markt) + Update: Update Commons Daemon to 1.5.0. (markt) + Update: Update Byte Buddy to 1.18.2. (markt) + Update: Update Checkstyle to 12.2.0. (markt) + Add: Improvements to Spanish translations provided by White Vogel. (markt) + Add: Improvements to French translations. (remm) + Update: Update the internal fork of Apache Commons BCEL to 6.11.0. (markt) + Update: Update to Byte Buddy 1.17.8. (markt) + Update: Update to Checkstyle 12.1.1. (markt) + Update: Update to Jacoco 0.8.14. (markt) + Update: Update to SpotBugs 4.9.8. (markt) + Update: Update to JSign 7.4. (markt) + Update: Update Maven Resolver Ant Tasks to 1.6.0. (rjung) Important SUSE bug 1258371 SUSE bug 1258385 SUSE bug 1258387 CVE-2025-66614 at SUSE CVE-2025-66614 at NVD CVE-2026-24733 at SUSE CVE-2026-24733 at NVD CVE-2026-24734 at SUSE CVE-2026-24734 at NVD cpe:/o:opensuse:leap:15.6 Security update for freerdp (Important) openSUSE Leap 15.6 This update for freerdp fixes the following issue: - CVE-2026-24491: Heap-use-after-free in video_timer additional fix (bsc#1257981). Important SUSE bug 1257981 SUSE bug 1259251 CVE-2026-24491 at SUSE CVE-2026-24491 at NVD cpe:/o:opensuse:leap:15.6 Security update for GraphicsMagick (Important) openSUSE Leap 15.6 This update for GraphicsMagick fixes the following issues: - CVE-2026-28691: missing check in the JBIG decoder can lead to an uninitialized pointer dereference (bsc#1259455). - CVE-2026-30883: missing bounds check when encoding a PNG image can lead to a heap buffer over-write (bsc#1259467). Important SUSE bug 1259455 SUSE bug 1259467 CVE-2026-28691 at SUSE CVE-2026-28691 at NVD CVE-2026-30883 at SUSE CVE-2026-30883 at NVD cpe:/o:opensuse:leap:15.6 Security update for helm (Important) openSUSE Leap 15.6 This update for helm rebuilds it against the current go 1.25 security release. Important cpe:/o:opensuse:leap:15.6 Security update for runc (Important) openSUSE Leap 15.6 This update for runc rebuilds it against the current go 1.25 security release. Important cpe:/o:opensuse:leap:15.6 Security update for docker (Important) openSUSE Leap 15.6 This update for docker rebuilds it against the current go 1.25 security release. Important cpe:/o:opensuse:leap:15.6 Security update for gvfs (Important) openSUSE Leap 15.6 This update for gvfs fixes the following issues: - CVE-2026-28295: information disclosure when processing untrusted PASV responses from FTP servers (bsc#1258953). - CVE-2026-28296: arbitrary FTP command injection due to unsanitized CRLF sequences in user supplied file paths (bsc#1258954). Important SUSE bug 1258953 SUSE bug 1258954 CVE-2026-28295 at SUSE CVE-2026-28295 at NVD CVE-2026-28296 at SUSE CVE-2026-28296 at NVD cpe:/o:opensuse:leap:15.6 Security update for python39 (Moderate) openSUSE Leap 15.6 This update for python39 fixes the following issue: - CVE-2026-2297: validation bypass via incorrectly handled hook in FileLoader (bsc#1259240). Moderate SUSE bug 1259240 CVE-2026-2297 at SUSE CVE-2026-2297 at NVD cpe:/o:opensuse:leap:15.6 Security update for docker-stable (Important) openSUSE Leap 15.6 This update for docker-stable fixes the following issues: - CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption (bsc#1253904). Important SUSE bug 1253904 CVE-2024-23650 at SUSE CVE-2024-23650 at NVD CVE-2024-29018 at SUSE CVE-2024-29018 at NVD CVE-2024-41110 at SUSE CVE-2024-41110 at NVD CVE-2025-22868 at SUSE CVE-2025-22868 at NVD CVE-2025-22869 at SUSE CVE-2025-22869 at NVD CVE-2025-30204 at SUSE CVE-2025-30204 at NVD CVE-2025-58181 at SUSE CVE-2025-58181 at NVD cpe:/o:opensuse:leap:15.6 Security update for python-Authlib (Critical) openSUSE Leap 15.6 This update for python-Authlib fixes the following issues: - CVE-2026-27962: JWS `deserialize_compact()` allows for signature bypass by accepting user-controlled embedded JWK as verification key (bsc#1259738). - CVE-2026-28490: cryptographic padding oracle in JWE RSA1_5 key management algorithm (bsc#1259736). - CVE-2026-28498: fail-open in behavior OIDC hash validation allows for bypass mandatory integrity protections (bsc#1259737). Critical SUSE bug 1259736 SUSE bug 1259737 SUSE bug 1259738 CVE-2026-27962 at SUSE CVE-2026-27962 at NVD CVE-2026-28490 at SUSE CVE-2026-28490 at NVD CVE-2026-28498 at SUSE CVE-2026-28498 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.26-openssl (Important) openSUSE Leap 15.6 This update for go1.26-openssl fixes the following issues: Update to go 1.26.1 (bsc#1255111, jsc#SLE-18320): - CVE-2026-25679: net/url: reject IPv6 literal not at start of host (bsc#1259264). - CVE-2026-27137: crypto/x509: incorrect enforcement of email constraints (bsc#1259266). - CVE-2026-27138: crypto/x509: panic in name constraint checking for malformed certificates (bsc#1259267). - CVE-2026-27139: os: FileInfo can escape from a Root (bsc#1259268). - CVE-2026-27142: html/template: URLs in meta content attribute actions are not escaped (bsc#1259265). Changelog: * Fix fips140only test in boring mode * Fix fips140 only test * Add GODEBUG=fips140=auto mode (#341) * go#77252 cmd/compile: miscompile of global array initialization * go#77407 os: Go 1.25.x regression on RemoveAll for windows * go#77474 cmd/go: CGO compilation fails after upgrading from Go 1.25.5 to 1.25.6 due to --define-variable flag in pkg-config * go#77529 cmd/fix, x/tools/go/analysis/passes/modernize: stringscut: OOB panic in indexArgValid analyzing 'buf.Bytes()' call * go#77532 net/smtp: expiry date of localhostCert for testing is too short * go#77536 cmd/compile: internal compiler error: 'main.func1': not lowered: v15, Load STRUCT PTR SSA * go#77618 strings: HasSuffix doesn't work correctly for multibyte runes in go 1.26 * go#77623 cmd/compile: internal compiler error on : 'tried to free an already free register' with generic function and type >= 192 bytes * go#77624 cmd/fix, x/tools/go/analysis/passes/modernize: stringsbuilder breaks code when combining two strings.Builders * go#77680 cmd/link: TestFlagW/-w_-linkmode=external fails on illumos * go#77766 cmd/fix,x/tools/go/analysis/passes/modernize: rangeint uses target platform's type in the range expression, breaking other platforms * go#77780 reflect: breaking change for reflect.Value.Interface behaviour * go#77786 cmd/compile: rewriteFixedLoad does not properly sign extend AuxInt * go#77803 cmd/fix,x/tools/go/analysis/passes/modernize: reflect.TypeOf(nil) transformed into reflect.TypeFor[untyped nil]() * go#77804 cmd/fix,x/tools/go/analysis/passes/modernize: minmax breaks select statements * go#77805 cmd/fix, x/tools/go/analysis/passes/modernize: waitgroup leads to a compilation error * go#77807 cmd/fix,x/tools/go/analysis/passes/modernize: stringsbuilder ignores variables if they are used multiple times * go#77849 cmd/fix,x/tools/go/analysis/passes/modernize: stringscut rewrite changes behavior * go#77860 cmd/go: change go mod init default go directive back to 1.N * go#77899 cmd/fix, x/tools/go/analysis/passes/modernize: bad rangeint rewriting * go#77904 x/tools/go/analysis/passes/modernize: stringsbuilder breaks code when GenDecl is a block declaration - go1.26.0 (released 2026-02-10) is a major release of Go. go1.26.x minor releases will be provided through February 2027. https://github.com/golang/go/wiki/Go-Release-Cycle go1.26 arrives six months after Go 1.25. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. * Language change: The built-in new function, which creates a new variable, now allows its operand to be an expression, specifying the initial value of the variable. * Language change: The restriction that a generic type may not refer to itself in its type parameter list has been lifted. It is now possible to specify type constraints that refer to the generic type being constrained. * go command: The venerable go fix command has been completely revamped and is now the home of Go's modernizers. It provides a dependable, push-button way to update Go code bases to the latest idioms and core library APIs. The initial suite of modernizers includes dozens of fixers to make use of modern features of the Go language and library, as well a source-level inliner that allows users to automate their own API migrations using //go:fix inline directives. These fixers should not change the behavior of your program, so if you encounter any issues with a fix performed by go fix, please report it. * go command: The rewritten go fix command builds atop the exact same Go analysis framework as go vet. This means the same analyzers that provide diagnostics in go vet can be used to suggest and apply fixes in go fix. The go fix command's historical fixers, all of which were obsolete, have been removed. * go command: Two upcoming Go blog posts will go into more detail on modernizers, the inliner, and how to get the most out of go fix. * go command: go mod init now defaults to a lower go version in new go.mod files. Running go mod init using a toolchain of version 1.N.X will create a go.mod file specifying the Go version go 1.(N-1).0. Pre-release versions of 1.N will create go.mod files specifying go 1.(N-2).0. For example, the Go 1.26 release candidates will create go.mod files with go 1.24.0, and Go 1.26 and its minor releases will create go.mod files with go 1.25.0. This is intended to encourage the creation of modules that are compatible with currently supported versions of Go. For additional control over the go version in new modules, go mod init can be followed up with go get go@version. * go command: cmd/doc, and go tool doc have been deleted. go doc can be used as a replacement for go tool doc: it takes the same flags and arguments and has the same behavior. * pprof: The pprof tool web UI, enabled with the -http flag, now defaults to the flame graph view. The previous graph view is available in the 'View -> Graph' menu, or via /ui/graph. * Runtime: The new Green Tea garbage collector, previously available as an experiment in Go 1.25, is now enabled by default after incorporating feedback. This garbage collector's design improves the performance of marking and scanning small objects through better locality and CPU scalability. Benchmark results vary, but we expect somewhere between a 10--40% reduction in garbage collection overhead in real-world programs that heavily use the garbage collector. Further improvements, on the order of 10% in garbage collection overhead, are expected when running on newer amd64-based CPU platforms (Intel Ice Lake or AMD Zen 4 and newer), as the garbage collector now leverages vector instructions for scanning small objects when possible. The new garbage collector may be disabled by setting GOEXPERIMENT=nogreenteagc at build time. This opt-out setting is expected to be removed in Go 1.27. If you disable the new garbage collector for any reason related to its performance or behavior, please file an issue. * Runtime: cgo: The baseline runtime overhead of cgo calls has been reduced by ~30%. * Runtime: Heap base address randomization: On 64-bit platforms, the runtime now randomizes the heap base address at startup. This is a security enhancement that makes it harder for attackers to predict memory addresses and exploit vulnerabilities when using cgo. This feature may be disabled by setting GOEXPERIMENT=norandomizedheapbase64 at build time. This opt-out setting is expected to be removed in a future Go release. * Runtime: Experimental goroutine leak profile: A new profile type that reports leaked goroutines is now available as an experiment. The new profile type, named goroutineleak in the runtime/pprof package, may be enabled by setting GOEXPERIMENT=goroutineleakprofile at build time. Enabling the experiment also makes the profile available as a net/http/pprof endpoint, /debug/pprof/goroutineleak. A leaked goroutine is a goroutine blocked on some concurrency primitive (channels, sync.Mutex, sync.Cond, etc) that cannot possibly become unblocked. The runtime detects leaked goroutines using the garbage collector: if a goroutine G is blocked on concurrency primitive P, and P is unreachable from any runnable goroutine or any goroutine that those could unblock, then P cannot be unblocked, so goroutine G can never wake up. While it is impossible to detect permanently blocked goroutines in all cases, this approach detects a large class of such leaks. Because this technique builds on reachability, the runtime may fail to identify leaks caused by blocking on concurrency primitives reachable through global variables or the local variables of runnable goroutines. Special thanks to Vlad Saioc at Uber for contributing this work. The underlying theory is presented in detail in a publication by Saioc et al. The implementation is production-ready, and is only considered an experiment for the purposes of collecting feedback on the API, specifically the choice to make it a new profile. The feature is also designed to not incur any additional run-time overhead unless it is actively in-use. We encourage users to try out the new feature in the Go playground, in tests, in continuous integration, and in production. We welcome additional feedback on the proposal issue. We aim to enable goroutine leak profiles by default in Go 1.27. * Compiler: The compiler can now allocate the backing store for slices on the stack in more situations, which improves performance. If this change is causing trouble, the bisect tool can be used to find the allocation causing trouble using the -compile=variablemake flag. All such new stack allocations can also be turned off using -gcflags=all=-d=variablemakehash=n. If you encounter issues with this optimization, please file an issue. * Linker: On 64-bit ARM-based Windows (the windows/arm64 port), the linker now supports internal linking mode of cgo programs, which can be requested with the -ldflags=-linkmode=internal flag. * Linker: There are several minor changes to executable files. These changes do not affect running Go programs. They may affect programs that analyze Go executables, and they may affect people who use external linking mode with custom linker scripts. * Linker: The moduledata structure is now in its own section, named .go.module. * Linker: The moduledata cutab field, which is a slice, now has the correct length; previously the length was four times too large. * Linker: The pcHeader found at the start of the .gopclntab section no longer records the start of the text section. That field is now always zero. * Linker: That pcHeader change was made so that the .gopclntab section no longer contains any relocations. On platforms that support relro, the section has moved from the relro segment to the rodata segment. * Linker: The funcdata symbols and the findfunctab have moved from the .rodata section to the .gopclntab section. * Linker: The .gosymtab section has been removed. It was previously always present but empty. * Linker: When using internal linking, ELF sections now appear in the section header list sorted by address. The previous order was somewhat unpredictable. * Linker: The references to section names here use the ELF names as seen on Linux and other systems. The Mach-O names as seen on Darwin start with a double underscore and do not contain any dots. * Bootstrap: As mentioned in the Go 1.24 release notes, Go 1.26 now requires Go 1.24.6 or later for bootstrap. We expect that Go 1.28 will require a minor release of Go 1.26 or later for bootstrap. * Standard Library: New crypto/hpke package: The new crypto/hpke package implements Hybrid Public Key Encryption (HPKE) as specified in RFC 9180, including support for post-quantum hybrid KEMs. * Standard Library: New experimental simd/archsimd package: Go 1.26 introduces a new experimental simd/archsimd package, which can be enabled by setting the environment variable GOEXPERIMENT=simd at build time. This package provides access to architecture-specific SIMD operations. It is currently available on the amd64 architecture and supports 128-bit, 256-bit, and 512-bit vector types, such as Int8x16 and Float64x8, with operations such as Int8x16.Add. The API is not yet considered stable. We intend to provide support for other architectures in future versions, but the API intentionally architecture-specific and thus non-portable. In addition, we plan to develop a high-level portable SIMD package in the future. * Standard Library: New experimental runtime/secret package: The new runtime/secret package is available as an experiment, which GOEXPERIMENT=runtimesecret at build time. It provides a facility for securely erasing temporaries used in code that manipulates secret information--typically cryptographic in nature--such as registers, stack, new heap allocations. This package is intended to make it easier to ensure forward secrecy. It currently supports the amd64 and arm64 architectures on Linux. * bytes: The new Buffer.Peek method returns the next n bytes from the buffer without advancing it. * crypto: The new Encapsulator and Decapsulator interfaces allow accepting abstract KEM encapsulation or decapsulation keys. * crypto/dsa: The random parameter to GenerateKey is now ignored. Instead, it now always uses a secure source of cryptographically random bytes. For deterministic testing, use the new testing/cryptotest.SetGlobalRandom function. The new GODEBUG setting cryptocustomrand=1 temporarily restores the old behavior. * crypto/ecdh: The random parameter to Curve.GenerateKey is now behavior. The new KeyExchanger interface, implemented by PrivateKey, makes it possible to accept abstract ECDH private keys, e.g. those implemented in hardware. * crypto/ecdsa: The big.Int fields of PublicKey and PrivateKey are now deprecated. The random parameter to GenerateKey, SignASN1, Sign, and PrivateKey.Sign is now ignored. Instead, they now always use a secure source of cryptographically random bytes. For deterministic testing, use the new testing/cryptotest.SetGlobalRandom function. The new GODEBUG setting cryptocustomrand=1 temporarily restores the old * crypto/ed25519: If the random parameter to GenerateKey is nil, GenerateKey now always uses a secure source of cryptographically random bytes, instead of crypto/rand.Reader (which could have been overridden). The new GODEBUG setting cryptocustomrand=1 temporarily restores the old behavior. * crypto/fips140: The new WithoutEnforcement and Enforced functions now allow running in GODEBUG=fips140=only mode while selectively disabling the strict FIPS 140-3 checks. Version returns the resolved FIPS 140-3 Go Cryptographic Module version when building against a frozen module with GOFIPS140. * crypto/mlkem: The new DecapsulationKey768.Encapsulator and DecapsulationKey1024.Encapsulator methods implement the new crypto.Decapsulator interface. * crypto/mlkem/mlkemtest: The new crypto/mlkem/mlkemtest package exposes the Encapsulate768 and Encapsulate1024 functions which implement derandomized ML-KEM encapsulation, for use with known-answer tests. * crypto/rand: The random parameter to Prime is now * crypto/rsa: The new EncryptOAEPWithOptions function allows specifying different hash functions for OAEP padding and MGF1 mask generation. * crypto/rsa: The random parameter to GenerateKey, GenerateMultiPrimeKey, and EncryptPKCS1v15 is now ignored. Instead, they now always use a secure source of * crypto/rsa: If PrivateKey fields are modified after calling PrivateKey.Precompute, PrivateKey.Validate now fails. * crypto/rsa: PrivateKey.D is now checked for consistency with precomputed values, even if it is not used. * crypto/rsa: Unsafe PKCS #1 v1.5 encryption padding (implemented by EncryptPKCS1v15, DecryptPKCS1v15, and DecryptPKCS1v15SessionKey) is now deprecated. * crypto/subtle: The WithDataIndependentTiming function no longer locks the calling goroutine to the OS thread while executing the passed function. Additionally, any goroutines which are spawned during the execution of the passed function and their descendants now inherit the properties of WithDataIndependentTiming for their lifetime. This change also affects cgo in the following ways: * crypto/subtle: Any C code called via cgo from within the function passed to WithDataIndependentTiming, or from a goroutine spawned by the function passed to WithDataIndependentTiming and its descendants, will also have data independent timing enabled for the duration of the call. If the C code disables data independent timing, it will be re-enabled on return to Go. * crypto/subtle: If C code called via cgo, from the function passed to WithDataIndependentTiming or elsewhere, enables or disables data independent timing then calling into Go will preserve that state for the duration of the call. * crypto/tls: The hybrid SecP256r1MLKEM768 and SecP384r1MLKEM1024 post-quantum key exchanges are now enabled by default. They can be disabled by setting Config.CurvePreferences or with the tlssecpmlkem=0 GODEBUG setting. * crypto/tls: The new ClientHelloInfo.HelloRetryRequest field indicates if the ClientHello was sent in response to a HelloRetryRequest message. The new ConnectionState.HelloRetryRequest field indicates if the server sent a HelloRetryRequest, or if the client received a HelloRetryRequest, depending on connection role. * crypto/tls: The QUICConn type used by QUIC implementations includes a new event for reporting TLS handshake errors. * crypto/tls: If Certificate.PrivateKey implements crypto.MessageSigner, its SignMessage method is used instead of Sign in TLS 1.2 and later. * crypto/tls: The following GODEBUG settings introduced in Go 1.22 and Go 1.23 will be removed in the next major Go release. Starting in Go 1.27, the new behavior will apply regardless of GODEBUG setting or go.mod language version. * crypto/tls: GODEBUG tlsunsafeekm: ConnectionState.ExportKeyingMaterial will require TLS 1.3 or Extended Master Secret. * crypto/tls: GODEBUG tlsrsakex: legacy RSA-only key exchanges without ECDH won't be enabled by default. * crypto/tls: GODEBUG tls10server: the default minimum TLS version for both clients and servers will be TLS 1.2. * crypto/tls: GODEBUG tls3des: the default cipher suites will not include 3DES. * crypto/tls: GODEBUG x509keypairleaf: X509KeyPair and LoadX509KeyPair will always populate the Certificate.Leaf field. * crypto/x509: The ExtKeyUsage and KeyUsage types now have String methods that return the corresponding OID names as defined in RFC 5280 and other registries. * crypto/x509: The ExtKeyUsage type now has an OID method that returns the corresponding OID for the EKU. * crypto/x509: The new OIDFromASN1OID function allows converting an encoding/asn1.ObjectIdentifier into an OID. * debug/elf: Additional R_LARCH_* constants from LoongArch ELF psABI v20250521 (global version v2.40) are defined for use with LoongArch systems. * errors: The new AsType function is a generic version of As. It is type-safe, faster, and, in most cases, easier to use. * fmt: For unformatted strings, fmt.Errorf('x') now allocates less and generally matches the allocations for errors.New('x'). * go/ast: The new ParseDirective function parses directive comments, which are comments such as //go:generate. Source code tools can support their own directive comments and this new API should help them implement the conventional syntax. * go/ast: The new BasicLit.ValueEnd field records the precise end position of a literal so that the BasicLit.End method can now always return the correct answer. (Previously it was computed using a heuristic that was incorrect for multi-line raw string literals in Windows source files, due to removal of carriage returns.) * go/ast: Programs that update the ValuePos field of BasicLits produced by the parser may need to also update or clear the ValueEnd field to avoid minor differences in formatted output. * go/token: The new File.End convenience method returns the file's end position. * go/types: The gotypesalias GODEBUG setting introduced in Go 1.22 will be removed in the next major Go release. Starting in Go 1.27, the go/types package will always produce an Alias type for the representation of type aliases regardless of GODEBUG setting or go.mod language version. * image/jpeg: The JPEG encoder and decoder have been replaced with new, faster, more accurate implementations. Code that expects specific bit-for-bit outputs from the encoder or decoder may need to be updated. * io: ReadAll now allocates less intermediate memory and returns a minimally sized final slice. It is often about two times faster while typically allocating around half as much total memory, with more benefit for larger inputs. * log/slog: The NewMultiHandler function creates a MultiHandler that invokes all the given Handlers. Its Enabled method reports whether any of the handlers' Enabled methods return true. Its Handle, WithAttrs and WithGroup methods call the corresponding method on each of the enabled handlers. * net: The new Dialer methods DialIP, DialTCP, DialUDP, and DialUnix permit dialing specific network types with context values. * net/http: The new HTTP2Config.StrictMaxConcurrentRequests field controls whether a new connection should be opened if an existing HTTP/2 connection has exceeded its stream limit. * net/http: The new Transport.NewClientConn method returns a client connection to an HTTP server. Most users should continue to use Transport.RoundTrip to make requests, which manages a pool of connections. NewClientConn is useful for users who need to implement their own connection management. * net/http: Client now uses and sets cookies scoped to URLs with the host portion matching Request.Host when available. Previously, the connection address host was always used. * net/http/httptest: The HTTP client returned by Server.Client will now redirect requests for example.com and any subdomains to the server being tested. * net/http/httputil: The ReverseProxy.Director configuration field is deprecated in favor of ReverseProxy.Rewrite. * net/http/httputil: A malicious client can remove headers added by a Director function by designating those headers as hop-by-hop. Since there is no way to address this problem within the scope of the Director API, we added a new Rewrite hook in Go 1.20. Rewrite hooks are provided with both the unmodified inbound request received by the proxy and the outbound request which will be sent by the proxy. Since the Director hook is fundamentally unsafe, we are now deprecating it. * net/netip: The new Prefix.Compare method compares two prefixes. * net/url: Parse now rejects malformed URLs containing colons in the host subcomponent, such as http://::1/ or http://localhost:80:80/. URLs containing bracketed IPv6 addresses, such as http://[::1]/ are still accepted. The new GODEBUG setting urlstrictcolons=0 restores the old behavior. * os: The new Process.WithHandle method provides access to an internal process handle on supported platforms (pidfd on Linux 5.4 or later, Handle on Windows). * os: On Windows, the OpenFile flag parameter can now contain any combination of Windows-specific file flags, such as FILE_FLAG_OVERLAPPED and FILE_FLAG_SEQUENTIAL_SCAN, for control of file or device caching behavior, access modes, and other special-purpose flags. * os/signal: NotifyContext now cancels the returned context with context.CancelCauseFunc and an error indicating which signal was received. * reflect: The new methods Type.Fields, Type.Methods, Type.Ins and Type.Outs return iterators for a type's fields (for a struct type), methods, inputs and outputs parameters (for a function type), respectively. Similarly, the new methods Value.Fields and Value.Methods return iterators over a value's fields or methods, respectively. Each iteration yields the type information (StructField or Method) of a field or method, along with the field or method Value. * runtime/metrics: Several new scheduler metrics have been added, including counts of goroutines in various states (waiting, runnable, etc.) under the /sched/goroutines prefix, the number of OS threads the runtime is aware of with /sched/threads:threads, and the total number of goroutines created by the program with /sched/goroutines-created:goroutines. * testing: The new methods T.ArtifactDir, B.ArtifactDir, and F.ArtifactDir return a directory in which to write test output files (artifacts). * testing: When the -artifacts flag is provided to go test, this directory will be located under the output directory (specified with -outputdir, or the current directory by default). Otherwise, artifacts are stored in a temporary directory which is removed after the test completes. * testing: The first call to ArtifactDir when -artifacts is provided writes the location of the directory to the test log. * testing: The B.Loop method no longer prevents inlining in the loop body, which could lead to unanticipated allocation and slower benchmarks. With this fix, we expect that all benchmarks can be converted from the old B.N style to the new B.Loop style with no ill effects. Within the body of a for b.Loop() { ... } loop, function call parameters, results, and assigned variables are still kept alive, preventing the compiler from optimizing away entire parts of the benchmark. * testing/cryptotest: The new SetGlobalRandom function configures a global, deterministic cryptographic randomness source for the duration of the test. It affects crypto/rand, and all implicit sources of cryptographic randomness in the crypto/... packages. * time: The asynctimerchan GODEBUG setting introduced in Go 1.23 will be removed in the next major Go release. Starting in Go 1.27, the time package will always use unbuffered (synchronous) channels for timers regardless of GODEBUG setting or go.mod language version. * Ports: Darwin: Go 1.26 is the last release that will run on macOS 12 Monterey. Go 1.27 will require macOS 13 Ventura or later. * Ports: FreeBSD: The freebsd/riscv64 port (GOOS=freebsd GOARCH=riscv64) has been marked broken. See issue 76475 for details. * Ports: Windows: As announced in the Go 1.25 release notes, the broken 32-bit windows/arm port (GOOS=windows GOARCH=arm) has been removed. * Ports: PowerPC: Go 1.26 is the last release that supports the ELFv1 ABI on the big-endian 64-bit PowerPC port on Linux (GOOS=linux GOARCH=ppc64). It will switch to the ELFv2 ABI in Go 1.27. As the port does not currently support linking against other ELF objects, we expect this change to be transparent to users. * Ports: RISC-V: The linux/riscv64 port now supports the race detector. * Ports: S390X: The s390x port now supports passing function arguments and results using registers. * Ports: WebAssembly: The compiler now unconditionally makes use of the sign extension and non-trapping floating-point to integer conversion instructions. These features have been standardized since at least Wasm 2.0. The corresponding GOWASM settings, signext and satconv, are now ignored. * Ports: WebAssembly: For WebAssembly applications, the runtime now manages chunks of heap memory in much smaller increments, leading to significantly reduced memory usage for applications with heaps less than around 16 MiB in size. - go1.26rc3 (released 2026-02-04) is a release candidate version of go1.26 cut from the master branch at the revision tagged go1.26rc3. - go1.26rc2 (released 2026-01-15) is a release candidate version of go1.26rc2. * go1.26 requires go1.24.6 or later for bootstrap. - go1.26rc1 (released 2025-12-16) is a release candidate version of go1.26rc1. Important SUSE bug 1255111 SUSE bug 1259264 SUSE bug 1259265 SUSE bug 1259266 SUSE bug 1259267 SUSE bug 1259268 CVE-2026-25679 at SUSE CVE-2026-25679 at NVD CVE-2026-27137 at SUSE CVE-2026-27137 at NVD CVE-2026-27138 at SUSE CVE-2026-27138 at NVD CVE-2026-27139 at SUSE CVE-2026-27139 at NVD CVE-2026-27142 at SUSE CVE-2026-27142 at NVD cpe:/o:opensuse:leap:15.6 Security update for go1.25-openssl (Critical) openSUSE Leap 15.6 This update for go1.25-openssl fixes the following issues: Update to go 1.25.8 (bsc#1244485, jsc#SLE-18320): - CVE-2025-61732: cmd/cgo: discrepancy between Go and C/C++ comment parsing allows for C code smuggling (bsc#1257692). - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session ticket keys, session resumption does not account for the expiration of full certificate chain (bsc#1256818). - CVE-2026-25679: net/url: reject IPv6 literal not at start of host (bsc#1259264). - CVE-2026-27139: os: FileInfo can escape from a Root (bsc#1259268). - CVE-2026-27142: html/template: URLs in meta content attribute actions are not escaped (bsc#1259265). Changelog: * go#77253 cmd/compile: miscompile of global array initialization * go#77406 os: Go 1.25.x regression on RemoveAll for windows * go#77413 runtime: netpollinit() incorrectly prints the error from linux.Eventfd * go#77438 cmd/go: CGO compilation fails after upgrading from Go 1.25.5 to 1.25.6 due to --define-variable flag in pkg-config * go#77531 net/smtp: expiry date of localhostCert for testing is too short * go#75844 cmd/compile: OOM killed on linux/arm64 * go#77323 crypto/x509: single-label excluded DNS name constraints incorrectly match all wildcard SANs * go#77425 crypto/tls: CL 737700 broke session resumption on macOS Critical SUSE bug 1244485 SUSE bug 1256818 SUSE bug 1257692 SUSE bug 1259264 SUSE bug 1259265 SUSE bug 1259268 CVE-2025-61732 at SUSE CVE-2025-61732 at NVD CVE-2025-68121 at SUSE CVE-2025-68121 at NVD CVE-2026-25679 at SUSE CVE-2026-25679 at NVD CVE-2026-27139 at SUSE CVE-2026-27139 at NVD CVE-2026-27142 at SUSE CVE-2026-27142 at NVD cpe:/o:opensuse:leap:15.6 Security update for strongswan (Important) openSUSE Leap 15.6 This update for strongswan fixes the following issues: - CVE-2026-25075: Fixed integer underflow when handling EAP-TTLS AVP (bsc#1259472). Important SUSE bug 1259472 CVE-2026-25075 at SUSE CVE-2026-25075 at NVD cpe:/o:opensuse:leap:15.6 Security update for gstreamer-plugins-ugly (Important) openSUSE Leap 15.6 This update for gstreamer-plugins-ugly fixes the following issues: - CVE-2026-2920: GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability (bsc#1259367). - CVE-2026-2922: GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution Vulnerability (bsc#1259370). Important SUSE bug 1259367 SUSE bug 1259370 CVE-2026-2920 at SUSE CVE-2026-2920 at NVD CVE-2026-2922 at SUSE CVE-2026-2922 at NVD cpe:/o:opensuse:leap:15.6 opera openSUSE-release libhtp-devel libhtp2 chromedriver chromium nano nano-lang gmenudbusmenuproxy plasma5-session plasma5-session-wayland plasma5-workspace plasma5-workspace-devel plasma5-workspace-lang plasma5-workspace-libs xembedsniproxy gdcm gdcm-applications gdcm-devel gdcm-examples libgdcm3_0 libsocketxx1_2 python3-gdcm sngrep kbfs kbfs-git kbfs-tool keybase-client obs-service-download_url Botan Botan-doc libbotan-2-19 libbotan-2-19-32bit libbotan-2-19-64bit libbotan-devel libbotan-devel-32bit libbotan-devel-64bit python3-botan znc znc-devel znc-lang znc-perl znc-python3 znc-tcl cockpit cockpit-bridge cockpit-devel cockpit-doc cockpit-kdump cockpit-networkmanager cockpit-packagekit cockpit-pcp cockpit-selinux cockpit-storaged cockpit-system cockpit-ws global python3-sentry-sdk caddy caddy-bash-completion caddy-fish-completion caddy-zsh-completion python3-nltk assimp-devel libassimp5 gh gh-bash-completion gh-fish-completion gh-zsh-completion jupyter-notebook jupyter-notebook-doc jupyter-notebook-lang jupyter-notebook-latex python3-notebook python3-notebook-lang python311-yt-dlp yt-dlp yt-dlp-bash-completion yt-dlp-fish-completion yt-dlp-zsh-completion ksh ksh-devel gn rust-bindgen trivy cacti cacti-spine kanidm kanidm-clients kanidm-docs kanidm-server kanidm-unixd-clients ntpd-rs ntpd-rs-common htmldoc coredns coredns-extras roundcubemail seamonkey seamonkey-dom-inspector seamonkey-irc hostapd liblxc-devel liblxc1 lxc lxc-bash-completion lxc-ja-doc lxc-ko-doc pam_cgfs xsd xsd-doc libmosquitto1 libmosquittopp1 mosquitto mosquitto-clients mosquitto-devel jupyter-jupyterlab python3-jupyterlab kmail-account-wizard kmail-account-wizard-lang python3-mysql-connector-python qbittorrent qbittorrent-nox kbuild python3-virtualbox virtualbox virtualbox-devel virtualbox-guest-desktop-icons virtualbox-guest-source virtualbox-guest-tools virtualbox-host-source virtualbox-kmp-default virtualbox-qt virtualbox-vnc virtualbox-websrv python3-djangorestframework python3-djangorestframework-simplejwt python3-pytest-django python3-PyPDF2 cobbler cobbler-tests cobbler-tests-containers icinga2 icinga2-bin icinga2-common icinga2-doc icinga2-ido-mysql icinga2-ido-pgsql nano-icinga2 vim-icinga2 iptraf-ng system-user-zabbix zabbix-agent zabbix-java-gateway zabbix-proxy zabbix-proxy-mysql zabbix-proxy-postgresql zabbix-proxy-sqlite zabbix-server zabbix-server-mysql zabbix-server-postgresql zabbix-ui radare2 radare2-devel radare2-zsh-completion docker-machine-driver-kvm2 minikube minikube-bash-completion libprotobuf-nanopb0 nanopb-devel nanopb-source python311-python-sql python3-xhtml2pdf git-bug git-bug-bash-completion git-bug-fish-completion git-bug-zsh-completion cadvisor restic restic-bash-completion restic-zsh-completion crane crane-bash-completion crane-fish-completion crane-zsh-completion gcrane gcrane-bash-completion gcrane-fish-completion gcrane-zsh-completion doomsday perl-Data-Entropy ruby2.5-rubygem-rexml ruby2.5-rubygem-rexml-doc gdk-pixbuf-loader-jxl gimp-plugin-jxl jxl-thumbnailer libjxl-devel libjxl-tools libjxl0_8 libjxl0_8-32bit libjxl0_8-64bit python3-Django libmozjs-102-0 mozjs102 mozjs102-devel proftpd proftpd-devel proftpd-doc proftpd-lang proftpd-ldap proftpd-mysql proftpd-pgsql proftpd-radius proftpd-sqlite git-lfs cpp-httplib-devel libcpp-httplib0_12 deepin-feature-enable libneatvnc0 neatvnc-devel afterburn afterburn-dracut upx glow kubo libevtlog-4_6-0 syslog-ng syslog-ng-cloudauth syslog-ng-curl syslog-ng-devel syslog-ng-geoip syslog-ng-java syslog-ng-python syslog-ng-python-modules syslog-ng-redis syslog-ng-smtp syslog-ng-snmp syslog-ng-sql rclone rclone-bash-completion rclone-zsh-completion libvarnishapi3 varnish varnish-devel libxmp-devel libxmp4 atop atop-daemon konsole konsole-part konsole-part-lang konsole-zsh-completion libetebase-devel libetebase0 xtrabackup xtrabackup-test gstreamer-plugins-bad gstreamer-plugins-bad-32bit gstreamer-plugins-bad-64bit gstreamer-plugins-bad-chromaprint gstreamer-plugins-bad-chromaprint-32bit gstreamer-plugins-bad-chromaprint-64bit gstreamer-plugins-bad-devel gstreamer-plugins-bad-fluidsynth gstreamer-plugins-bad-fluidsynth-32bit gstreamer-plugins-bad-fluidsynth-64bit gstreamer-plugins-bad-lang gstreamer-transcoder gstreamer-transcoder-devel libgstadaptivedemux-1_0-0 libgstadaptivedemux-1_0-0-32bit libgstadaptivedemux-1_0-0-64bit libgstanalytics-1_0-0 libgstanalytics-1_0-0-32bit libgstanalytics-1_0-0-64bit libgstbadaudio-1_0-0 libgstbadaudio-1_0-0-32bit libgstbadaudio-1_0-0-64bit libgstbasecamerabinsrc-1_0-0 libgstbasecamerabinsrc-1_0-0-32bit libgstbasecamerabinsrc-1_0-0-64bit libgstcodecparsers-1_0-0 libgstcodecparsers-1_0-0-32bit libgstcodecparsers-1_0-0-64bit libgstcodecs-1_0-0 libgstcodecs-1_0-0-32bit libgstcodecs-1_0-0-64bit libgstcuda-1_0-0 libgstcuda-1_0-0-32bit libgstcuda-1_0-0-64bit libgstdxva-1_0-0 libgstdxva-1_0-0-32bit libgstdxva-1_0-0-64bit libgstinsertbin-1_0-0 libgstinsertbin-1_0-0-32bit libgstinsertbin-1_0-0-64bit libgstisoff-1_0-0 libgstisoff-1_0-0-32bit libgstisoff-1_0-0-64bit libgstmpegts-1_0-0 libgstmpegts-1_0-0-32bit libgstmpegts-1_0-0-64bit libgstmse-1_0-0 libgstmse-1_0-0-32bit libgstmse-1_0-0-64bit libgstphotography-1_0-0 libgstphotography-1_0-0-32bit libgstphotography-1_0-0-64bit libgstplay-1_0-0 libgstplay-1_0-0-32bit libgstplay-1_0-0-64bit libgstplayer-1_0-0 libgstplayer-1_0-0-32bit libgstplayer-1_0-0-64bit libgstsctp-1_0-0 libgstsctp-1_0-0-32bit libgstsctp-1_0-0-64bit libgsttranscoder-1_0-0 libgsttranscoder-1_0-0-32bit libgsttranscoder-1_0-0-64bit libgsturidownloader-1_0-0 libgsturidownloader-1_0-0-32bit libgsturidownloader-1_0-0-64bit libgstva-1_0-0 libgstva-1_0-0-32bit libgstva-1_0-0-64bit libgstvulkan-1_0-0 libgstvulkan-1_0-0-32bit libgstvulkan-1_0-0-64bit libgstwayland-1_0-0 libgstwayland-1_0-0-32bit libgstwayland-1_0-0-64bit libgstwebrtc-1_0-0 libgstwebrtc-1_0-0-32bit libgstwebrtc-1_0-0-64bit libgstwebrtcnice-1_0-0 libgstwebrtcnice-1_0-0-32bit libgstwebrtcnice-1_0-0-64bit typelib-1_0-CudaGst-1_0 typelib-1_0-GstAnalytics-1_0 typelib-1_0-GstBadAudio-1_0 typelib-1_0-GstCodecs-1_0 typelib-1_0-GstCuda-1_0 typelib-1_0-GstDxva-1_0 typelib-1_0-GstInsertBin-1_0 typelib-1_0-GstMpegts-1_0 typelib-1_0-GstMse-1_0 typelib-1_0-GstPlay-1_0 typelib-1_0-GstPlayer-1_0 typelib-1_0-GstTranscoder-1_0 typelib-1_0-GstVa-1_0 typelib-1_0-GstVulkan-1_0 typelib-1_0-GstVulkanWayland-1_0 typelib-1_0-GstVulkanXCB-1_0 typelib-1_0-GstWebRTC-1_0 sslh libQt6Pdf6 libQt6PdfQuick6 libQt6PdfWidgets6 libQt6WebEngineCore6 libQt6WebEngineQuick6 libQt6WebEngineWidgets6 qt6-pdf-devel qt6-pdf-imports qt6-pdf-private-devel qt6-pdfquick-devel qt6-pdfquick-private-devel qt6-pdfwidgets-devel qt6-pdfwidgets-private-devel qt6-webengine qt6-webengine-docs-html qt6-webengine-docs-qch qt6-webengine-examples qt6-webengine-imports qt6-webenginecore-devel qt6-webenginecore-private-devel qt6-webenginequick-devel qt6-webenginequick-private-devel qt6-webenginewidgets-devel qt6-webenginewidgets-private-devel libspdlog1_11 libspdlog1_11-64bit spdlog-devel chmlib-devel chmlib-devel-32bit chmlib-devel-64bit chmlib-examples libchm0 libchm0-32bit libchm0-64bit cheat pdns-recursor python3-pycares etcd etcdctl etcdutl dante dante-devel dante-devel-64bit dante-server libsocks0 libsocks0-64bit rpi-imager system-user-velociraptor velociraptor velociraptor-client go-sendxmpp minikube-fish-completion minikube-zsh-completion golang-github-v2fly-v2ray-core v2ray-core libQt6Bluetooth6 libQt6Nfc6 qt6-connectivity qt6-connectivity-devel qt6-connectivity-docs-html qt6-connectivity-docs-qch qt6-connectivity-examples qt6-connectivity-private-devel dcmtk dcmtk-devel libdcmtk19 7zip openQA openQA-auto-update openQA-bootstrap openQA-client openQA-common openQA-continuous-update openQA-devel openQA-doc openQA-local-db openQA-mcp openQA-munin openQA-python-scripts openQA-single-instance openQA-single-instance-nginx openQA-worker os-autoinst os-autoinst-devel os-autoinst-ipmi-deps os-autoinst-openvswitch os-autoinst-qemu-kvm os-autoinst-qemu-x86 os-autoinst-s390-deps os-autoinst-swtpm perl-CryptX perl-IPC-Run perl-JSON-Validator perl-MCP perl-Mojolicious java-11-openj9 java-11-openj9-demo java-11-openj9-devel java-11-openj9-headless java-11-openj9-javadoc java-11-openj9-jmods java-11-openj9-src java-17-openj9 java-17-openj9-demo java-17-openj9-devel java-17-openj9-headless java-17-openj9-javadoc java-17-openj9-jmods java-17-openj9-src onefetch perl-Cpanel-JSON-XS perl-JSON-XS python312-yt-dlp yt-dlp-youtube-dl golang-github-teddysun-v2ray-plugin shadowsocks-v2ray-plugin SDL2_sound-devel libSDL2_sound2 tor stb-devel exim eximon eximstats-html python311-djangorestframework-simplejwt python3-pdfminer.six libebml-devel libebml5 libebml5-32bit libebml5-64bit tcpreplay gitea-tea gitea-tea-bash-completion gitea-tea-zsh-completion libcpp-httplib0_20 act python-mistralclient-doc python3-mistralclient flannel flannel-k8s-yaml duc python311-asteval crun phpMyAdmin phpMyAdmin-apache phpMyAdmin-lang ark ark-lang libkerfuffle23 libwget4 wget2 wget2-devel glusterfs glusterfs-devel libgfapi0 libgfchangelog0 libgfrpc0 libgfxdr0 libglusterfs0 python3-gluster osslsigncode python311-Flask-HTTPAuth zk python311-weasyprint libdcmtk20 libopenh264-8 libopenh264-8-32bit libopenh264-8-64bit libopenh264-devel libaec-devel libaec0 libaec0-32bit libaec0-64bit libsz2 libsz2-32bit libsz2-64bit sz2-devel python311-simpleeval netty netty-javadoc netty-poms netty-tcnative netty-tcnative-javadoc cosign java-11-openjdk java-11-openjdk-demo java-11-openjdk-devel java-11-openjdk-headless java-11-openjdk-javadoc java-11-openjdk-jmods java-11-openjdk-src java-17-openjdk java-17-openjdk-demo java-17-openjdk-devel java-17-openjdk-headless java-17-openjdk-javadoc java-17-openjdk-jmods java-17-openjdk-src grafana mybatis mybatis-javadoc bouncycastle bouncycastle-javadoc bouncycastle-jmail bouncycastle-mail bouncycastle-pg bouncycastle-pkix bouncycastle-tls bouncycastle-util python3-rpm python311-rpm rpm rpm-32bit rpm-build rpm-devel rpm-imaevmsign rpm-ndb rpm-ndb-32bit python3-pymongo go1.22 go1.22-doc go1.22-race go1.21 go1.21-doc go1.21-race ghostscript ghostscript-devel ghostscript-x11 python311-Werkzeug ffmpeg ffmpeg-private-devel libavcodec-devel libavcodec57 libavcodec57-32bit libavdevice-devel libavdevice57 libavdevice57-32bit libavfilter-devel libavfilter6 libavfilter6-32bit libavformat-devel libavformat57 libavformat57-32bit libavresample-devel libavresample3 libavresample3-32bit libavutil-devel libavutil55 libavutil55-32bit libpostproc-devel libpostproc54 libpostproc54-32bit libswresample-devel libswresample2 libswresample2-32bit libswscale-devel libswscale4 libswscale4-32bit python-Werkzeug-doc libcrc32c-devel libcrc32c1 python311-apipkg python311-cachetools python311-certifi python311-cffi python311-charset-normalizer python311-google-api-core python311-google-auth python311-google-cloud-appengine-logging python311-google-cloud-artifact-registry python311-google-cloud-audit-log python311-google-cloud-build python311-google-cloud-compute python311-google-cloud-core python311-google-cloud-dns python311-google-cloud-domains python311-google-cloud-iam python311-google-cloud-kms python311-google-cloud-kms-inventory python311-google-cloud-logging python311-google-cloud-run python311-google-cloud-secret-manager python311-google-cloud-service-directory python311-google-cloud-spanner python311-google-cloud-storage python311-google-cloud-vpc-access python311-google-crc32c python311-google-resumable-media python311-googleapis-common-protos python311-grpc-google-iam-v1 python311-grpcio-status python311-idna python311-iniconfig python311-proto-plus python311-py python311-pyOpenSSL python311-pyasn1 python311-pyasn1-modules python311-pycparser python311-pytz python311-requests python311-rsa python311-setuptools python311-setuptools-wheel python311-sqlparse python311-urllib3 python-paramiko-doc python-tqdm-bash-completion python311-Automat python311-Deprecated python311-Fabric python311-PyGithub python311-PyJWT python311-Pygments python311-Twisted python311-Twisted-all_non_platform python311-Twisted-conch python311-Twisted-conch_nacl python311-Twisted-contextvars python311-Twisted-http2 python311-Twisted-serial python311-Twisted-tls python311-aiohttp python311-aiosignal python311-antlr4-python3-runtime python311-argcomplete python311-asgiref python311-async_timeout python311-avro python311-blinker python311-chardet python311-constantly python311-decorator python311-distro python311-docker python311-fakeredis python311-fixedint python311-fluidity-sm python311-frozenlist python311-httplib2 python311-httpretty python311-humanfriendly python311-hyperlink python311-importlib-metadata python311-incremental python311-invoke python311-isodate python311-javaproperties python311-jsondiff python311-knack python311-lexicon python311-marshmallow python311-multidict python311-oauthlib python311-opencensus python311-opencensus-context python311-opencensus-ext-threading python311-opentelemetry-api python311-opentelemetry-sdk python311-opentelemetry-semantic-conventions python311-opentelemetry-test-utils python311-paramiko python311-pathspec python311-pip python311-pkginfo python311-portalocker python311-psutil python311-pycomposefile python311-pydash python311-pyparsing python311-redis python311-requests-oauthlib python311-retrying python311-scp python311-semver python311-service_identity python311-sortedcontainers python311-sshtunnel python311-strictyaml python311-tabulate python311-tqdm python311-typing_extensions python311-vcrpy python311-websocket-client python311-wheel python311-wrapt python311-yarl python311-zipp python311-zope.interface libpython3_10-1_0 libpython3_10-1_0-32bit python310 python310-32bit python310-base python310-base-32bit python310-curses python310-dbm python310-devel python310-doc python310-doc-devhelp python310-idle python310-testsuite python310-tk python310-tools perl perl-32bit perl-base perl-base-32bit perl-core-DB_File perl-core-DB_File-32bit perl-doc MozillaFirefox MozillaFirefox-branding-upstream MozillaFirefox-devel MozillaFirefox-translations-common MozillaFirefox-translations-other ucode-intel java-1_8_0-openj9 java-1_8_0-openj9-accessibility java-1_8_0-openj9-demo java-1_8_0-openj9-devel java-1_8_0-openj9-headless java-1_8_0-openj9-javadoc java-1_8_0-openj9-src warewulf4 warewulf4-man warewulf4-overlay warewulf4-overlay-slurm MozillaThunderbird MozillaThunderbird-translations-common MozillaThunderbird-translations-other java-1_8_0-ibm java-1_8_0-ibm-32bit java-1_8_0-ibm-alsa java-1_8_0-ibm-demo java-1_8_0-ibm-devel java-1_8_0-ibm-devel-32bit java-1_8_0-ibm-plugin java-1_8_0-ibm-src liburiparser1 liburiparser1-32bit uriparser uriparser-devel libpython2_7-1_0 libpython2_7-1_0-32bit python python-32bit python-base python-base-32bit python-curses python-demo python-devel python-doc python-doc-pdf python-gdbm python-idle python-tk python-xml python311-Jinja2 fwupdate fwupdate-devel fwupdate-efi libfwup1 apiguardian apiguardian-javadoc assertj-core byte-buddy dom4j dom4j-demo dom4j-javadoc hamcrest hamcrest-javadoc jaxen jdom jopt-simple jopt-simple-javadoc junit junit-javadoc junit-manual junit5 junit5-bom junit5-guide junit5-javadoc junit5-minimal objectweb-asm objectweb-asm-javadoc open-test-reporting-events open-test-reporting-schema saxpath xom 389-ds 389-ds-devel 389-ds-snmp lib389 libsvrcore0 ffmpeg-4 ffmpeg-4-libavcodec-devel ffmpeg-4-libavdevice-devel ffmpeg-4-libavfilter-devel ffmpeg-4-libavformat-devel ffmpeg-4-libavresample-devel ffmpeg-4-libavutil-devel ffmpeg-4-libpostproc-devel ffmpeg-4-libswresample-devel ffmpeg-4-libswscale-devel ffmpeg-4-private-devel libavcodec58_134 libavcodec58_134-32bit libavdevice58_13 libavdevice58_13-32bit libavfilter7_110 libavfilter7_110-32bit libavformat58_76 libavformat58_76-32bit libavresample4_0 libavresample4_0-32bit libavutil56_70 libavutil56_70-32bit libpostproc55_9 libpostproc55_9-32bit libswresample3_9 libswresample3_9-32bit libswscale5_9 libswscale5_9-32bit libmariadbd104-devel mariadb104 mariadb104-bench mariadb104-client mariadb104-errormessages mariadb104-galera mariadb104-rpm-macros mariadb104-test mariadb104-tools libunbound8 unbound unbound-anchor unbound-devel unbound-munin unbound-python python311-PyMySQL python3-docker libipa_hbac-devel libipa_hbac0 libnfsidmap-sss libsss_certmap-devel libsss_certmap0 libsss_idmap-devel libsss_idmap0 libsss_nss_idmap-devel libsss_nss_idmap0 libsss_simpleifp-devel libsss_simpleifp0 python3-ipa_hbac python3-sss-murmur python3-sss_nss_idmap python3-sssd-config sssd sssd-ad sssd-dbus sssd-ipa sssd-kcm sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy sssd-tools sssd-winbind-idmap libblkid-devel libblkid-devel-32bit libblkid-devel-static libblkid1 libblkid1-32bit libfdisk-devel libfdisk-devel-32bit libfdisk-devel-static libfdisk1 libfdisk1-32bit libmount-devel libmount-devel-32bit libmount-devel-static libmount1 libmount1-32bit libsmartcols-devel libsmartcols-devel-32bit libsmartcols-devel-static libsmartcols1 libsmartcols1-32bit libuuid-devel libuuid-devel-32bit libuuid-devel-static libuuid1 libuuid1-32bit python3-libmount util-linux util-linux-lang util-linux-systemd util-linux-tty-tools uuidd WebKitGTK-4.0-lang WebKitGTK-4.1-lang WebKitGTK-6.0-lang libjavascriptcoregtk-4_0-18 libjavascriptcoregtk-4_0-18-32bit libjavascriptcoregtk-4_1-0 libjavascriptcoregtk-4_1-0-32bit libjavascriptcoregtk-6_0-1 libwebkit2gtk-4_0-37 libwebkit2gtk-4_0-37-32bit libwebkit2gtk-4_1-0 libwebkit2gtk-4_1-0-32bit libwebkitgtk-6_0-4 typelib-1_0-JavaScriptCore-4_0 typelib-1_0-JavaScriptCore-4_1 typelib-1_0-JavaScriptCore-6_0 typelib-1_0-WebKit-6_0 typelib-1_0-WebKit2-4_0 typelib-1_0-WebKit2-4_1 typelib-1_0-WebKit2WebExtension-4_0 typelib-1_0-WebKit2WebExtension-4_1 typelib-1_0-WebKitWebProcessExtension-6_0 webkit-jsc-4 webkit-jsc-4.1 webkit-jsc-6.0 webkit2gtk-4_0-injected-bundles webkit2gtk-4_1-injected-bundles webkit2gtk3-devel webkit2gtk3-minibrowser webkit2gtk3-soup2-devel webkit2gtk3-soup2-minibrowser webkit2gtk4-devel webkit2gtk4-minibrowser webkitgtk-6_0-injected-bundles gstreamer-plugins-base gstreamer-plugins-base-32bit gstreamer-plugins-base-devel gstreamer-plugins-base-devel-32bit gstreamer-plugins-base-lang libgstallocators-1_0-0 libgstallocators-1_0-0-32bit libgstapp-1_0-0 libgstapp-1_0-0-32bit libgstaudio-1_0-0 libgstaudio-1_0-0-32bit libgstfft-1_0-0 libgstfft-1_0-0-32bit libgstgl-1_0-0 libgstgl-1_0-0-32bit libgstpbutils-1_0-0 libgstpbutils-1_0-0-32bit libgstriff-1_0-0 libgstriff-1_0-0-32bit libgstrtp-1_0-0 libgstrtp-1_0-0-32bit libgstrtsp-1_0-0 libgstrtsp-1_0-0-32bit libgstsdp-1_0-0 libgstsdp-1_0-0-32bit libgsttag-1_0-0 libgsttag-1_0-0-32bit libgstvideo-1_0-0 libgstvideo-1_0-0-32bit typelib-1_0-GstAllocators-1_0 typelib-1_0-GstApp-1_0 typelib-1_0-GstAudio-1_0 typelib-1_0-GstGL-1_0 typelib-1_0-GstGLEGL-1_0 typelib-1_0-GstGLWayland-1_0 typelib-1_0-GstGLX11-1_0 typelib-1_0-GstPbutils-1_0 typelib-1_0-GstRtp-1_0 typelib-1_0-GstRtsp-1_0 typelib-1_0-GstSdp-1_0 typelib-1_0-GstTag-1_0 typelib-1_0-GstVideo-1_0 gio-branding-SLE gio-branding-upstream glib2-devel glib2-devel-32bit glib2-devel-static glib2-doc glib2-lang glib2-tests-devel glib2-tools glib2-tools-32bit libgio-2_0-0 libgio-2_0-0-32bit libglib-2_0-0 libglib-2_0-0-32bit libgmodule-2_0-0 libgmodule-2_0-0-32bit libgobject-2_0-0 libgobject-2_0-0-32bit libgthread-2_0-0 libgthread-2_0-0-32bit squid libvirt libvirt-client libvirt-client-qemu libvirt-daemon libvirt-daemon-common libvirt-daemon-config-network libvirt-daemon-config-nwfilter libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-gluster libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-hooks libvirt-daemon-lock libvirt-daemon-log libvirt-daemon-lxc libvirt-daemon-plugin-lockd libvirt-daemon-plugin-sanlock libvirt-daemon-proxy libvirt-daemon-qemu libvirt-daemon-xen libvirt-devel libvirt-devel-32bit libvirt-doc libvirt-libs libvirt-nss wireshark-plugin-libvirt apache2 apache2-devel apache2-event apache2-manual apache2-prefork apache2-utils apache2-worker aws-nitro-enclaves-binaryblobs-upstream aws-nitro-enclaves-cli system-group-ne frr frr-devel libfrr0 libfrr_pb0 libfrrcares0 libfrrfpm_pb0 libfrrospfapiclient0 libfrrsnmp0 libfrrzmq0 libmlag_pb0 rmt-server rmt-server-config rmt-server-pubcloud iperf iperf-devel libiperf0 skopeo skopeo-bash-completion skopeo-fish-completion skopeo-zsh-completion containerized-data-importer-api containerized-data-importer-cloner containerized-data-importer-controller containerized-data-importer-importer containerized-data-importer-manifests containerized-data-importer-operator containerized-data-importer-uploadproxy containerized-data-importer-uploadserver obs-service-cdi_containers_meta cups cups-client cups-config cups-ddk cups-devel cups-devel-32bit libcups2 libcups2-32bit libcupscgi1 libcupscgi1-32bit libcupsimage2 libcupsimage2-32bit libcupsmime1 libcupsmime1-32bit libcupsppdc1 libcupsppdc1-32bit python3-scikit-learn podman podman-docker podman-remote podmansh libmariadbd-devel libmariadbd19 mariadb mariadb-bench mariadb-client mariadb-errormessages mariadb-galera mariadb-rpm-macros mariadb-test mariadb-tools apache2-mod_php7 php7 php7-bcmath php7-bz2 php7-calendar php7-cli php7-ctype php7-curl php7-dba php7-devel php7-dom php7-embed php7-enchant php7-exif php7-fastcgi php7-fileinfo php7-fpm php7-ftp php7-gd php7-gettext php7-gmp php7-iconv php7-intl php7-json php7-ldap php7-mbstring php7-mysql php7-odbc php7-opcache php7-openssl php7-pcntl php7-pdo php7-pgsql php7-phar php7-posix php7-readline php7-shmop php7-snmp php7-soap php7-sockets php7-sodium php7-sqlite php7-sysvmsg php7-sysvsem php7-sysvshm php7-test php7-tidy php7-tokenizer php7-xmlreader php7-xmlrpc php7-xmlwriter php7-xsl php7-zip php7-zlib booth booth-test aom-tools libaom-devel libaom-devel-doc libaom3 libaom3-32bit libopenssl-1_1-devel libopenssl-1_1-devel-32bit libopenssl1_1 libopenssl1_1-32bit openssl-1_1 openssl-1_1-doc less python311-Authlib libopenssl-3-devel libopenssl-3-devel-32bit libopenssl-3-fips-provider libopenssl-3-fips-provider-32bit libopenssl3 libopenssl3-32bit openssl-3 openssl-3-doc xdg-desktop-portal xdg-desktop-portal-devel xdg-desktop-portal-lang gdk-pixbuf-devel gdk-pixbuf-devel-32bit gdk-pixbuf-lang gdk-pixbuf-query-loaders gdk-pixbuf-query-loaders-32bit gdk-pixbuf-thumbnailer libgdk_pixbuf-2_0-0 libgdk_pixbuf-2_0-0-32bit typelib-1_0-GdkPixbuf-2_0 typelib-1_0-GdkPixdata-2_0 elixir115 elixir115-doc erlang-rabbitmq-client313 erlang26 erlang26-debugger erlang26-debugger-src erlang26-dialyzer erlang26-dialyzer-src erlang26-diameter erlang26-diameter-src erlang26-doc erlang26-epmd erlang26-et erlang26-et-src erlang26-jinterface erlang26-jinterface-src erlang26-observer erlang26-observer-src erlang26-reltool erlang26-reltool-src erlang26-src erlang26-wx erlang26-wx-src rabbitmq-server313 rabbitmq-server313-plugins bsdtar libarchive-devel libarchive13 libarchive13-32bit php-composer2 containerd containerd-ctr containerd-devel cluster-md-kmp-azure dlm-kmp-azure gfs2-kmp-azure kernel-azure kernel-azure-extra kernel-azure-optional kernel-azure-vdso kernel-source-azure kernel-syms-azure kselftests-kmp-azure ocfs2-kmp-azure reiserfs-kmp-azure libpodofo-devel libpodofo0_9_6 podofo python311-cryptography libvte-2_91-0 typelib-1_0-Vte-2_91 typelib-1_0-Vte-3_91 vte-devel vte-lang vte-tools vte-tools-gtk4 gnome-settings-daemon gnome-settings-daemon-devel gnome-settings-daemon-lang libntfs-3g-devel libntfs-3g87 ntfs-3g ntfsprogs ntfsprogs-extra hdf5_1_10_11-gnu-hpc hdf5_1_10_11-gnu-hpc-devel hdf5_1_10_11-gnu-hpc-devel-static hdf5_1_10_11-gnu-hpc-module hdf5_1_10_11-gnu-mpich-hpc hdf5_1_10_11-gnu-mpich-hpc-devel hdf5_1_10_11-gnu-mpich-hpc-devel-static hdf5_1_10_11-gnu-mpich-hpc-module hdf5_1_10_11-gnu-mvapich2-hpc hdf5_1_10_11-gnu-mvapich2-hpc-devel hdf5_1_10_11-gnu-mvapich2-hpc-devel-static hdf5_1_10_11-gnu-mvapich2-hpc-module hdf5_1_10_11-gnu-openmpi3-hpc hdf5_1_10_11-gnu-openmpi3-hpc-devel hdf5_1_10_11-gnu-openmpi3-hpc-devel-static hdf5_1_10_11-gnu-openmpi3-hpc-module hdf5_1_10_11-gnu-openmpi4-hpc hdf5_1_10_11-gnu-openmpi4-hpc-devel hdf5_1_10_11-gnu-openmpi4-hpc-devel-static hdf5_1_10_11-gnu-openmpi4-hpc-module hdf5_1_10_11-hpc-examples libhdf5_1_10_11-gnu-hpc libhdf5_1_10_11-gnu-mpich-hpc libhdf5_1_10_11-gnu-mvapich2-hpc libhdf5_1_10_11-gnu-openmpi3-hpc libhdf5_1_10_11-gnu-openmpi4-hpc libhdf5_cpp_1_10_11-gnu-hpc libhdf5_cpp_1_10_11-gnu-mpich-hpc libhdf5_cpp_1_10_11-gnu-mvapich2-hpc libhdf5_cpp_1_10_11-gnu-openmpi3-hpc libhdf5_cpp_1_10_11-gnu-openmpi4-hpc libhdf5_fortran_1_10_11-gnu-hpc libhdf5_fortran_1_10_11-gnu-mpich-hpc libhdf5_fortran_1_10_11-gnu-mvapich2-hpc libhdf5_fortran_1_10_11-gnu-openmpi3-hpc libhdf5_fortran_1_10_11-gnu-openmpi4-hpc libhdf5_hl_1_10_11-gnu-hpc libhdf5_hl_1_10_11-gnu-mpich-hpc libhdf5_hl_1_10_11-gnu-mvapich2-hpc libhdf5_hl_1_10_11-gnu-openmpi3-hpc libhdf5_hl_1_10_11-gnu-openmpi4-hpc libhdf5_hl_cpp_1_10_11-gnu-hpc libhdf5_hl_cpp_1_10_11-gnu-mpich-hpc libhdf5_hl_cpp_1_10_11-gnu-mvapich2-hpc libhdf5_hl_cpp_1_10_11-gnu-openmpi3-hpc libhdf5_hl_cpp_1_10_11-gnu-openmpi4-hpc libhdf5hl_fortran_1_10_11-gnu-hpc libhdf5hl_fortran_1_10_11-gnu-mpich-hpc libhdf5hl_fortran_1_10_11-gnu-mvapich2-hpc libhdf5hl_fortran_1_10_11-gnu-openmpi3-hpc libhdf5hl_fortran_1_10_11-gnu-openmpi4-hpc libmca_common_dstore1 libopenmpi4-gnu-hpc libopenmpi_4_1_4-gnu-hpc libopenmpi_4_1_6-gnu-hpc libpmix2 lua51-luaposix lua51-luaterm lua53-luaposix lua53-luaterm luaposix-doc mpich mpich-devel mpich-gnu-hpc mpich-gnu-hpc-devel mpich-gnu-hpc-devel-static mpich-gnu-hpc-macros-devel mpich-ofi mpich-ofi-devel mpich-ofi-gnu-hpc mpich-ofi-gnu-hpc-devel mpich-ofi-gnu-hpc-devel-static mpich-ofi-gnu-hpc-macros-devel mpich-ofi_4_0_2-gnu-hpc mpich-ofi_4_0_2-gnu-hpc-devel mpich-ofi_4_0_2-gnu-hpc-devel-static mpich-ofi_4_0_2-gnu-hpc-macros-devel mpich-ofi_4_1_2-gnu-hpc mpich-ofi_4_1_2-gnu-hpc-devel mpich-ofi_4_1_2-gnu-hpc-devel-static mpich-ofi_4_1_2-gnu-hpc-macros-devel mpich_4_0_2-gnu-hpc mpich_4_0_2-gnu-hpc-devel mpich_4_0_2-gnu-hpc-devel-static mpich_4_0_2-gnu-hpc-macros-devel mpich_4_1_2-gnu-hpc mpich_4_1_2-gnu-hpc-devel mpich_4_1_2-gnu-hpc-devel-static mpich_4_1_2-gnu-hpc-macros-devel mvapich2 mvapich2-devel mvapich2-devel-static mvapich2-doc mvapich2-gnu-hpc mvapich2-gnu-hpc-devel mvapich2-gnu-hpc-doc mvapich2-gnu-hpc-macros-devel mvapich2-psm mvapich2-psm-devel mvapich2-psm-devel-static mvapich2-psm-doc mvapich2-psm-gnu-hpc mvapich2-psm-gnu-hpc-devel mvapich2-psm-gnu-hpc-doc mvapich2-psm-gnu-hpc-macros-devel mvapich2-psm2 mvapich2-psm2-devel mvapich2-psm2-devel-static mvapich2-psm2-doc mvapich2-psm2-gnu-hpc mvapich2-psm2-gnu-hpc-devel mvapich2-psm2-gnu-hpc-doc mvapich2-psm2-gnu-hpc-macros-devel mvapich2-psm2_2_3_7-gnu-hpc mvapich2-psm2_2_3_7-gnu-hpc-devel mvapich2-psm2_2_3_7-gnu-hpc-devel-static mvapich2-psm2_2_3_7-gnu-hpc-doc mvapich2-psm2_2_3_7-gnu-hpc-macros-devel mvapich2-psm_2_3_7-gnu-hpc mvapich2-psm_2_3_7-gnu-hpc-devel mvapich2-psm_2_3_7-gnu-hpc-devel-static mvapich2-psm_2_3_7-gnu-hpc-doc mvapich2-psm_2_3_7-gnu-hpc-macros-devel mvapich2_2_3_7-gnu-hpc mvapich2_2_3_7-gnu-hpc-devel mvapich2_2_3_7-gnu-hpc-devel-static mvapich2_2_3_7-gnu-hpc-doc mvapich2_2_3_7-gnu-hpc-macros-devel openmpi4 openmpi4-config openmpi4-devel openmpi4-docs openmpi4-gnu-hpc openmpi4-gnu-hpc-devel openmpi4-gnu-hpc-devel-static openmpi4-gnu-hpc-docs openmpi4-gnu-hpc-macros-devel openmpi4-libs openmpi4-libs-32bit openmpi4-macros-devel openmpi4-testsuite openmpi_4_1_4-gnu-hpc openmpi_4_1_4-gnu-hpc-devel openmpi_4_1_4-gnu-hpc-devel-static openmpi_4_1_4-gnu-hpc-docs openmpi_4_1_4-gnu-hpc-macros-devel openmpi_4_1_4-gnu-hpc-testsuite openmpi_4_1_6-gnu-hpc openmpi_4_1_6-gnu-hpc-devel openmpi_4_1_6-gnu-hpc-devel-static openmpi_4_1_6-gnu-hpc-docs openmpi_4_1_6-gnu-hpc-macros-devel openmpi_4_1_6-gnu-hpc-testsuite pmix pmix-devel pmix-headers pmix-mca-params pmix-plugin-munge pmix-plugins pmix-test avahi avahi-autoipd avahi-compat-howl-devel avahi-compat-mDNSResponder-devel avahi-lang avahi-utils avahi-utils-gtk libavahi-client3 libavahi-client3-32bit libavahi-common3 libavahi-common3-32bit libavahi-core7 libavahi-devel libavahi-glib-devel libavahi-glib1 libavahi-glib1-32bit libavahi-gobject-devel libavahi-gobject0 libavahi-libevent1 libavahi-qt5-1 libavahi-qt5-devel libavahi-ui-gtk3-0 libdns_sd libdns_sd-32bit libhowl0 python3-avahi python3-avahi-gtk typelib-1_0-Avahi-0_6 wget wget-lang cluster-md-kmp-64kb cluster-md-kmp-default dlm-kmp-64kb dlm-kmp-default dtb-allwinner dtb-altera dtb-amazon dtb-amd dtb-amlogic dtb-apm dtb-apple dtb-arm dtb-broadcom dtb-cavium dtb-exynos dtb-freescale dtb-hisilicon dtb-lg dtb-marvell dtb-mediatek dtb-nvidia dtb-qcom dtb-renesas dtb-rockchip dtb-socionext dtb-sprd dtb-xilinx gfs2-kmp-64kb gfs2-kmp-default kernel-64kb kernel-64kb-extra kernel-64kb-optional kernel-debug kernel-debug-vdso kernel-default kernel-default-base kernel-default-base-rebuild kernel-default-extra kernel-default-livepatch kernel-default-optional kernel-default-vdso kernel-docs kernel-docs-html kernel-kvmsmall kernel-kvmsmall-vdso kernel-macros kernel-obs-build kernel-obs-qa kernel-source kernel-source-vanilla kernel-syms kernel-zfcpdump kselftests-kmp-64kb kselftests-kmp-default ocfs2-kmp-64kb ocfs2-kmp-default reiserfs-kmp-64kb reiserfs-kmp-default libreoffice libreoffice-base libreoffice-base-drivers-postgresql libreoffice-branding-upstream libreoffice-calc libreoffice-calc-extensions libreoffice-draw libreoffice-filters-optional libreoffice-gdb-pretty-printers libreoffice-glade libreoffice-gnome libreoffice-gtk3 libreoffice-icon-themes libreoffice-impress libreoffice-l10n-af libreoffice-l10n-am libreoffice-l10n-ar libreoffice-l10n-as libreoffice-l10n-ast libreoffice-l10n-be libreoffice-l10n-bg libreoffice-l10n-bn libreoffice-l10n-bn_IN libreoffice-l10n-bo libreoffice-l10n-br libreoffice-l10n-brx libreoffice-l10n-bs libreoffice-l10n-ca libreoffice-l10n-ca_valencia libreoffice-l10n-ckb libreoffice-l10n-cs libreoffice-l10n-cy libreoffice-l10n-da libreoffice-l10n-de libreoffice-l10n-dgo libreoffice-l10n-dsb libreoffice-l10n-dz libreoffice-l10n-el libreoffice-l10n-en libreoffice-l10n-en_GB libreoffice-l10n-en_ZA libreoffice-l10n-eo libreoffice-l10n-es libreoffice-l10n-et libreoffice-l10n-eu libreoffice-l10n-fa libreoffice-l10n-fi libreoffice-l10n-fr libreoffice-l10n-fur libreoffice-l10n-fy libreoffice-l10n-ga libreoffice-l10n-gd libreoffice-l10n-gl libreoffice-l10n-gu libreoffice-l10n-gug libreoffice-l10n-he libreoffice-l10n-hi libreoffice-l10n-hr libreoffice-l10n-hsb libreoffice-l10n-hu libreoffice-l10n-hy libreoffice-l10n-id libreoffice-l10n-is libreoffice-l10n-it libreoffice-l10n-ja libreoffice-l10n-ka libreoffice-l10n-kab libreoffice-l10n-kk libreoffice-l10n-km libreoffice-l10n-kmr_Latn libreoffice-l10n-kn libreoffice-l10n-ko libreoffice-l10n-kok libreoffice-l10n-ks libreoffice-l10n-lb libreoffice-l10n-lo libreoffice-l10n-lt libreoffice-l10n-lv libreoffice-l10n-mai libreoffice-l10n-mk libreoffice-l10n-ml libreoffice-l10n-mn libreoffice-l10n-mni libreoffice-l10n-mr libreoffice-l10n-my libreoffice-l10n-nb libreoffice-l10n-ne libreoffice-l10n-nl libreoffice-l10n-nn libreoffice-l10n-nr libreoffice-l10n-nso libreoffice-l10n-oc libreoffice-l10n-om libreoffice-l10n-or libreoffice-l10n-pa libreoffice-l10n-pl libreoffice-l10n-pt_BR libreoffice-l10n-pt_PT libreoffice-l10n-ro libreoffice-l10n-ru libreoffice-l10n-rw libreoffice-l10n-sa_IN libreoffice-l10n-sat libreoffice-l10n-sd libreoffice-l10n-si libreoffice-l10n-sid libreoffice-l10n-sk libreoffice-l10n-sl libreoffice-l10n-sq libreoffice-l10n-sr libreoffice-l10n-ss libreoffice-l10n-st libreoffice-l10n-sv libreoffice-l10n-sw_TZ libreoffice-l10n-szl libreoffice-l10n-ta libreoffice-l10n-te libreoffice-l10n-tg libreoffice-l10n-th libreoffice-l10n-tn libreoffice-l10n-tr libreoffice-l10n-ts libreoffice-l10n-tt libreoffice-l10n-ug libreoffice-l10n-uk libreoffice-l10n-uz libreoffice-l10n-ve libreoffice-l10n-vec libreoffice-l10n-vi libreoffice-l10n-xh libreoffice-l10n-zh_CN libreoffice-l10n-zh_TW libreoffice-l10n-zu libreoffice-librelogo libreoffice-mailmerge libreoffice-math libreoffice-officebean libreoffice-pyuno libreoffice-qt5 libreoffice-sdk libreoffice-sdk-doc libreoffice-writer libreoffice-writer-extensions libreofficekit libreofficekit-devel pgadmin4 pgadmin4-cloud pgadmin4-desktop pgadmin4-doc pgadmin4-web-uwsgi system-user-pgadmin postgresql15 postgresql15-contrib postgresql15-devel postgresql15-docs postgresql15-llvmjit postgresql15-llvmjit-devel postgresql15-plperl postgresql15-plpython postgresql15-pltcl postgresql15-server postgresql15-server-devel postgresql15-test postgresql14 postgresql14-contrib postgresql14-devel postgresql14-docs postgresql14-llvmjit postgresql14-llvmjit-devel postgresql14-plperl postgresql14-plpython postgresql14-pltcl postgresql14-server postgresql14-server-devel postgresql14-test libwireshark15 libwiretap12 libwsutil13 wireshark wireshark-devel wireshark-ui-qt libecpg6 libecpg6-32bit libpq5 libpq5-32bit postgresql16 postgresql16-contrib postgresql16-devel postgresql16-docs postgresql16-llvmjit postgresql16-llvmjit-devel postgresql16-plperl postgresql16-plpython postgresql16-pltcl postgresql16-server postgresql16-server-devel postgresql16-test python3-libxml2-python python311-Js2Py openssh openssh-askpass-gnome openssh-cavs openssh-clients openssh-common openssh-fips openssh-helpers openssh-server openssh-server-config-disallow-rootlogin git git-arch git-core git-credential-libsecret git-cvs git-daemon git-doc git-email git-gui git-p4 git-svn git-web gitk perl-Git libpython3_9-1_0 libpython3_9-1_0-32bit python39 python39-32bit python39-base python39-base-32bit python39-curses python39-dbm python39-devel python39-doc python39-doc-devhelp python39-idle python39-testsuite python39-tk python39-tools libndp libndp-devel libndp0 libxml2-2 libxml2-2-32bit libxml2-devel libxml2-devel-32bit libxml2-doc libxml2-tools python3-libxml2 python311-libxml2 apache2-mod_auth_openidc krb5 krb5-32bit krb5-client krb5-devel krb5-devel-32bit krb5-plugin-kdb-ldap krb5-plugin-preauth-otp krb5-plugin-preauth-pkinit krb5-plugin-preauth-spake krb5-server netty3 netty3-javadoc kubevirt-container-disk kubevirt-manifests kubevirt-pr-helper-conf kubevirt-tests kubevirt-virt-api kubevirt-virt-controller kubevirt-virt-exportproxy kubevirt-virt-exportserver kubevirt-virt-handler kubevirt-virt-launcher kubevirt-virt-operator kubevirt-virtctl obs-service-kubevirt_containers_meta freeradius-server freeradius-server-devel freeradius-server-doc freeradius-server-krb5 freeradius-server-ldap freeradius-server-ldap-schemas freeradius-server-libs freeradius-server-mysql freeradius-server-perl freeradius-server-postgresql freeradius-server-python3 freeradius-server-sqlite freeradius-server-utils libonig4 oniguruma-devel libvpx-devel libvpx7 libvpx7-32bit vpx-tools tomcat10 tomcat10-admin-webapps tomcat10-doc tomcat10-docs-webapp tomcat10-el-5_0-api tomcat10-embed tomcat10-jsp-3_1-api tomcat10-jsvc tomcat10-lib tomcat10-servlet-6_0-api tomcat10-webapps libpython3_6m1_0 libpython3_6m1_0-32bit python3 python3-base python3-curses python3-dbm python3-devel python3-doc python3-doc-devhelp python3-idle python3-testsuite python3-tk python3-tools python311-black tomcat tomcat-admin-webapps tomcat-docs-webapp tomcat-el-3_0-api tomcat-embed tomcat-javadoc tomcat-jsp-2_3-api tomcat-jsvc tomcat-lib tomcat-servlet-4_0-api tomcat-webapps xen xen-devel xen-doc-html xen-libs xen-libs-32bit xen-tools xen-tools-domU xen-tools-xendomains-wait-disk emacs emacs-el emacs-info emacs-nox emacs-x11 etags mockito mockito-javadoc snakeyaml snakeyaml-javadoc testng testng-javadoc libpython3_12-1_0 libpython3_12-1_0-32bit python312 python312-32bit python312-base python312-base-32bit python312-curses python312-dbm python312-devel python312-doc python312-doc-devhelp python312-idle python312-testsuite python312-tk python312-tools corepack20 nodejs20 nodejs20-devel nodejs20-docs npm20 kernel-firmware kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-ath12k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qcom kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd gnome-extensions gnome-shell gnome-shell-calendar gnome-shell-devel gnome-shell-lang python311-Django java-21-openjdk java-21-openjdk-demo java-21-openjdk-devel java-21-openjdk-headless java-21-openjdk-javadoc java-21-openjdk-jmods java-21-openjdk-src libgit2-1_7 libgit2-devel libgit2-tools kernel-firmware-nvidia-gspx-G06 kernel-firmware-nvidia-gspx-G06-cuda nv-prefer-signed-open-driver nvidia-open-driver-G06-signed-64kb-devel nvidia-open-driver-G06-signed-azure-devel nvidia-open-driver-G06-signed-cuda-64kb-devel nvidia-open-driver-G06-signed-cuda-azure-devel nvidia-open-driver-G06-signed-cuda-default-devel nvidia-open-driver-G06-signed-cuda-kmp-64kb nvidia-open-driver-G06-signed-cuda-kmp-azure nvidia-open-driver-G06-signed-cuda-kmp-default nvidia-open-driver-G06-signed-default-devel nvidia-open-driver-G06-signed-kmp-64kb nvidia-open-driver-G06-signed-kmp-azure nvidia-open-driver-G06-signed-kmp-default p7zip p7zip-doc p7zip-full python311-dnspython login_defs shadow freerdp freerdp-devel freerdp-proxy freerdp-server freerdp-wayland libfreerdp2-2 libuwac0-0 libwinpr2-2 uwac0-0-devel winpr-devel espeak-ng espeak-ng-compat espeak-ng-compat-devel espeak-ng-devel libespeak-ng1 gettext-its-gtk3 gtk3-branding-upstream gtk3-data gtk3-devel gtk3-devel-32bit gtk3-devel-doc gtk3-immodule-amharic gtk3-immodule-amharic-32bit gtk3-immodule-broadway gtk3-immodule-inuktitut gtk3-immodule-inuktitut-32bit gtk3-immodule-multipress gtk3-immodule-multipress-32bit gtk3-immodule-thai gtk3-immodule-thai-32bit gtk3-immodule-tigrigna gtk3-immodule-tigrigna-32bit gtk3-immodule-vietnamese gtk3-immodule-vietnamese-32bit gtk3-immodule-xim gtk3-immodule-xim-32bit gtk3-lang gtk3-schema gtk3-tools gtk3-tools-32bit libgtk-3-0 libgtk-3-0-32bit typelib-1_0-Gtk-3_0 gtk2-branding-upstream gtk2-data gtk2-devel gtk2-devel-32bit gtk2-immodule-amharic gtk2-immodule-amharic-32bit gtk2-immodule-inuktitut gtk2-immodule-inuktitut-32bit gtk2-immodule-multipress gtk2-immodule-multipress-32bit gtk2-immodule-thai gtk2-immodule-thai-32bit gtk2-immodule-tigrigna gtk2-immodule-tigrigna-32bit gtk2-immodule-vietnamese gtk2-immodule-vietnamese-32bit gtk2-immodule-xim gtk2-immodule-xim-32bit gtk2-lang gtk2-tools gtk2-tools-32bit libgtk-2_0-0 libgtk-2_0-0-32bit typelib-1_0-Gtk-2_0 bind bind-doc bind-utils liborc-0_4-0 liborc-0_4-0-32bit orc orc-doc libfreebl3 libfreebl3-32bit libsoftokn3 libsoftokn3-32bit mozilla-nss mozilla-nss-32bit mozilla-nss-certs mozilla-nss-certs-32bit mozilla-nss-devel mozilla-nss-sysinit mozilla-nss-sysinit-32bit mozilla-nss-tools dri3proto-devel presentproto-devel wayland-protocols-devel xwayland xwayland-devel patch curl libcurl-devel libcurl-devel-32bit libcurl4 libcurl4-32bit java-1_8_0-openjdk java-1_8_0-openjdk-accessibility java-1_8_0-openjdk-demo java-1_8_0-openjdk-devel java-1_8_0-openjdk-headless java-1_8_0-openjdk-javadoc java-1_8_0-openjdk-src libnbd libnbd-bash-completion libnbd-devel libnbd0 nbdfuse python3-libnbd kubernetes1.23-apiserver kubernetes1.23-client kubernetes1.23-client-bash-completion kubernetes1.23-client-common kubernetes1.23-client-fish-completion kubernetes1.23-controller-manager kubernetes1.23-kubeadm kubernetes1.23-kubelet kubernetes1.23-kubelet-common kubernetes1.23-proxy kubernetes1.23-scheduler kubernetes1.24-apiserver kubernetes1.24-client kubernetes1.24-client-bash-completion kubernetes1.24-client-common kubernetes1.24-client-fish-completion kubernetes1.24-controller-manager kubernetes1.24-kubeadm kubernetes1.24-kubelet kubernetes1.24-kubelet-common kubernetes1.24-proxy kubernetes1.24-scheduler ca-certificates-mozilla ca-certificates-mozilla-prebuilt libQt6Concurrent6 libQt6Core6 libQt6DBus6 libQt6Gui6 libQt6Network6 libQt6OpenGL6 libQt6OpenGLWidgets6 libQt6PrintSupport6 libQt6Sql6 libQt6Test6 libQt6Widgets6 libQt6Xml6 qt6-base-common-devel qt6-base-devel qt6-base-docs-html qt6-base-docs-qch qt6-base-examples qt6-base-private-devel qt6-concurrent-devel qt6-core-devel qt6-core-private-devel qt6-dbus-devel qt6-dbus-private-devel qt6-docs-common qt6-exampleicons-devel-static qt6-gui-devel qt6-gui-private-devel qt6-kmssupport-devel-static qt6-kmssupport-private-devel qt6-network-devel qt6-network-private-devel qt6-network-tls qt6-networkinformation-glib qt6-networkinformation-nm qt6-opengl-devel qt6-opengl-private-devel qt6-openglwidgets-devel qt6-platformsupport-devel-static qt6-platformsupport-private-devel qt6-platformtheme-gtk3 qt6-platformtheme-xdgdesktopportal qt6-printsupport-cups qt6-printsupport-devel qt6-printsupport-private-devel qt6-sql-devel qt6-sql-mysql qt6-sql-postgresql qt6-sql-private-devel qt6-sql-sqlite qt6-sql-unixODBC qt6-test-devel qt6-test-private-devel qt6-widgets-devel qt6-widgets-private-devel qt6-xml-devel qt6-xml-private-devel libQt5Bootstrap-devel-static libQt5Bootstrap-devel-static-32bit libQt5Concurrent-devel libQt5Concurrent-devel-32bit libQt5Concurrent5 libQt5Concurrent5-32bit libQt5Core-devel libQt5Core-devel-32bit libQt5Core-private-headers-devel libQt5Core5 libQt5Core5-32bit libQt5DBus-devel libQt5DBus-devel-32bit libQt5DBus-private-headers-devel libQt5DBus5 libQt5DBus5-32bit libQt5Gui-devel libQt5Gui-devel-32bit libQt5Gui-private-headers-devel libQt5Gui5 libQt5Gui5-32bit libQt5KmsSupport-devel-static libQt5KmsSupport-private-headers-devel libQt5Network-devel libQt5Network-devel-32bit libQt5Network-private-headers-devel libQt5Network5 libQt5Network5-32bit libQt5OpenGL-devel libQt5OpenGL-devel-32bit libQt5OpenGL-private-headers-devel libQt5OpenGL5 libQt5OpenGL5-32bit libQt5OpenGLExtensions-devel-static libQt5OpenGLExtensions-devel-static-32bit libQt5PlatformHeaders-devel libQt5PlatformSupport-devel-static libQt5PlatformSupport-devel-static-32bit libQt5PlatformSupport-private-headers-devel libQt5PrintSupport-devel libQt5PrintSupport-devel-32bit libQt5PrintSupport-private-headers-devel libQt5PrintSupport5 libQt5PrintSupport5-32bit libQt5Sql-devel libQt5Sql-devel-32bit libQt5Sql-private-headers-devel libQt5Sql5 libQt5Sql5-32bit libQt5Sql5-mysql libQt5Sql5-mysql-32bit libQt5Sql5-postgresql libQt5Sql5-postgresql-32bit libQt5Sql5-sqlite libQt5Sql5-sqlite-32bit libQt5Sql5-unixODBC libQt5Sql5-unixODBC-32bit libQt5Test-devel libQt5Test-devel-32bit libQt5Test-private-headers-devel libQt5Test5 libQt5Test5-32bit libQt5Widgets-devel libQt5Widgets-devel-32bit libQt5Widgets-private-headers-devel libQt5Widgets5 libQt5Widgets5-32bit libQt5Xml-devel libQt5Xml-devel-32bit libQt5Xml5 libQt5Xml5-32bit libqt5-qtbase-common-devel libqt5-qtbase-devel libqt5-qtbase-examples libqt5-qtbase-examples-32bit libqt5-qtbase-platformtheme-gtk3 libqt5-qtbase-platformtheme-xdgdesktopportal libqt5-qtbase-private-headers-devel python312-setuptools python39-setuptools python310-setuptools libzzip-0-13 libzzip-0-13-32bit zziplib-devel zziplib-devel-32bit kubernetes1.25-apiserver kubernetes1.25-client kubernetes1.25-client-bash-completion kubernetes1.25-client-common kubernetes1.25-client-fish-completion kubernetes1.25-controller-manager kubernetes1.25-kubeadm kubernetes1.25-kubelet kubernetes1.25-kubelet-common kubernetes1.25-proxy kubernetes1.25-scheduler osc python311-WebOb cluster-md-kmp-rt dlm-kmp-rt gfs2-kmp-rt kernel-rt kernel-rt-extra kernel-rt-optional kernel-rt-vdso kernel-rt_debug kernel-rt_debug-vdso kernel-source-rt kernel-syms-rt kselftests-kmp-rt ocfs2-kmp-rt reiserfs-kmp-rt qemu qemu-SLOF qemu-accel-qtest qemu-accel-tcg-x86 qemu-arm qemu-audio-alsa qemu-audio-dbus qemu-audio-jack qemu-audio-pa qemu-audio-pipewire qemu-audio-spice qemu-block-curl qemu-block-dmg qemu-block-gluster qemu-block-iscsi qemu-block-nfs qemu-block-rbd qemu-block-ssh qemu-chardev-baum qemu-chardev-spice qemu-doc qemu-extra qemu-guest-agent qemu-headless qemu-hw-display-qxl qemu-hw-display-virtio-gpu qemu-hw-display-virtio-gpu-pci qemu-hw-display-virtio-vga qemu-hw-s390x-virtio-gpu-ccw qemu-hw-usb-host qemu-hw-usb-redirect qemu-hw-usb-smartcard qemu-img qemu-ipxe qemu-ivshmem-tools qemu-ksm qemu-lang qemu-linux-user qemu-microvm qemu-ppc qemu-pr-helper qemu-s390x qemu-seabios qemu-skiboot qemu-spice qemu-tools qemu-ui-curses qemu-ui-dbus qemu-ui-gtk qemu-ui-opengl qemu-ui-spice-app qemu-ui-spice-core qemu-vgabios qemu-vhost-user-gpu qemu-x86 libQt53DAnimation-devel libQt53DAnimation5 libQt53DCore-devel libQt53DCore5 libQt53DExtras-devel libQt53DExtras5 libQt53DInput-devel libQt53DInput5 libQt53DLogic-devel libQt53DLogic5 libQt53DQuick-devel libQt53DQuick5 libQt53DQuickAnimation-devel libQt53DQuickAnimation5 libQt53DQuickExtras-devel libQt53DQuickExtras5 libQt53DQuickInput-devel libQt53DQuickInput5 libQt53DQuickRender-devel libQt53DQuickRender5 libQt53DQuickScene2D-devel libQt53DQuickScene2D5 libQt53DRender-devel libQt53DRender5 libqt5-qt3d-devel libqt5-qt3d-examples libqt5-qt3d-imports libqt5-qt3d-private-headers-devel libqt5-qt3d-tools libQt5Quick3D5 libQt5Quick3DAssetImport5 libqt5-qtquick3d-devel libqt5-qtquick3d-examples libqt5-qtquick3d-imports libqt5-qtquick3d-private-headers-devel libqt5-qtquick3d-tools MozillaFirefox-branding-SLE python3-setuptools python3-setuptools-test python3-setuptools-wheel kubernetes1.26-apiserver kubernetes1.26-client kubernetes1.26-client-bash-completion kubernetes1.26-client-common kubernetes1.26-client-fish-completion kubernetes1.26-controller-manager kubernetes1.26-kubeadm kubernetes1.26-kubelet kubernetes1.26-kubelet-common kubernetes1.26-proxy kubernetes1.26-scheduler kubernetes1.28-apiserver kubernetes1.28-client kubernetes1.28-client-bash-completion kubernetes1.28-client-common kubernetes1.28-client-fish-completion kubernetes1.28-controller-manager kubernetes1.28-kubeadm kubernetes1.28-kubelet kubernetes1.28-kubelet-common kubernetes1.28-proxy kubernetes1.28-scheduler kubernetes1.27-apiserver kubernetes1.27-client kubernetes1.27-client-bash-completion kubernetes1.27-client-common kubernetes1.27-client-fish-completion kubernetes1.27-controller-manager kubernetes1.27-kubeadm kubernetes1.27-kubelet kubernetes1.27-kubelet-common kubernetes1.27-proxy kubernetes1.27-scheduler bubblewrap bubblewrap-zsh-completion flatpak flatpak-devel flatpak-remote-flathub flatpak-zsh-completion libflatpak0 system-user-flatpak typelib-1_0-Flatpak-1_0 libtiff-devel libtiff-devel-32bit libtiff6 libtiff6-32bit tiff dovecot23 dovecot23-backend-mysql dovecot23-backend-pgsql dovecot23-backend-sqlite dovecot23-devel dovecot23-fts dovecot23-fts-lucene dovecot23-fts-solr dovecot23-fts-squat libopenssl-1_0_0-devel libopenssl-1_0_0-devel-32bit libopenssl10 libopenssl1_0_0 libopenssl1_0_0-32bit libopenssl1_0_0-hmac libopenssl1_0_0-hmac-32bit libopenssl1_0_0-steam libopenssl1_0_0-steam-32bit openssl-1_0_0 openssl-1_0_0-cavs openssl-1_0_0-doc docker docker-bash-completion docker-fish-completion docker-rootless-extras docker-zsh-completion buildah postgresql12 postgresql12-contrib postgresql12-devel postgresql12-docs postgresql12-llvmjit postgresql12-llvmjit-devel postgresql12-plperl postgresql12-plpython postgresql12-pltcl postgresql12-server postgresql12-server-devel postgresql12-test python312-pip gradle libwireshark17 libwiretap14 libwsutil15 postgresql13 postgresql13-contrib postgresql13-devel postgresql13-docs postgresql13-llvmjit postgresql13-llvmjit-devel postgresql13-plperl postgresql13-plpython postgresql13-pltcl postgresql13-server postgresql13-server-devel postgresql13-test go1.23 go1.23-doc go1.23-race expat libexpat-devel libexpat-devel-32bit libexpat1 libexpat1-32bit libpcap-devel libpcap-devel-32bit libpcap-devel-static libpcap1 libpcap1-32bit colord colord-color-profiles colord-lang libcolord-devel libcolord2 libcolord2-32bit libcolorhug2 typelib-1_0-Colord-1_0 typelib-1_0-Colorhug-1_0 runc spacecmd firewalld-prometheus-config golang-github-prometheus-prometheus clamav clamav-devel libclamav9 libfreshclam2 python311-azure-identity wpa_supplicant wpa_supplicant-gui rage-encryption rage-encryption-bash-completion rage-encryption-fish-completion rage-encryption-zsh-completion libpython3_11-1_0 libpython3_11-1_0-32bit python311 python311-32bit python311-base python311-base-32bit python311-curses python311-dbm python311-devel python311-doc python311-doc-devhelp python311-idle python311-testsuite python311-tk python311-tools apr-devel libapr1 opensc opensc-32bit libfpm_pb0 libospf0 libospfapiclient0 libquagga_pb0 libzebra1 quagga quagga-devel openvpn openvpn-auth-pam-plugin openvpn-devel openvpn-down-root-plugin OpenIPMI OpenIPMI-devel OpenIPMI-python3 libOpenIPMI0 cups-filters cups-filters-devel libpcp-devel libpcp3 libpcp_gui2 libpcp_import1 libpcp_mmv1 libpcp_trace2 libpcp_web1 pcp pcp-conf pcp-devel pcp-doc pcp-export-pcp2elasticsearch pcp-export-pcp2graphite pcp-export-pcp2influxdb pcp-export-pcp2json pcp-export-pcp2spark pcp-export-pcp2xml pcp-export-pcp2zabbix pcp-gui pcp-import-collectl2pcp pcp-import-ganglia2pcp pcp-import-iostat2pcp pcp-import-mrtg2pcp pcp-import-sar2pcp pcp-pmda-activemq pcp-pmda-apache pcp-pmda-bash pcp-pmda-bonding pcp-pmda-cifs pcp-pmda-cisco pcp-pmda-dbping pcp-pmda-dm pcp-pmda-docker pcp-pmda-ds389 pcp-pmda-ds389log pcp-pmda-elasticsearch pcp-pmda-gfs2 pcp-pmda-gluster pcp-pmda-gpfs pcp-pmda-gpsd pcp-pmda-hacluster pcp-pmda-haproxy pcp-pmda-infiniband pcp-pmda-json pcp-pmda-lmsensors pcp-pmda-logger pcp-pmda-lustre pcp-pmda-lustrecomm pcp-pmda-mailq pcp-pmda-memcache pcp-pmda-mic pcp-pmda-mounts pcp-pmda-mysql pcp-pmda-named pcp-pmda-netcheck pcp-pmda-netfilter pcp-pmda-news pcp-pmda-nfsclient pcp-pmda-nginx pcp-pmda-nutcracker pcp-pmda-nvidia-gpu pcp-pmda-openmetrics pcp-pmda-openvswitch pcp-pmda-oracle pcp-pmda-pdns pcp-pmda-perfevent pcp-pmda-postfix pcp-pmda-rabbitmq pcp-pmda-redis pcp-pmda-roomtemp pcp-pmda-rsyslog pcp-pmda-samba pcp-pmda-sendmail pcp-pmda-shping pcp-pmda-slurm pcp-pmda-smart pcp-pmda-snmp pcp-pmda-sockets pcp-pmda-summary pcp-pmda-systemd pcp-pmda-trace pcp-pmda-unbound pcp-pmda-weblog pcp-pmda-zimbra pcp-pmda-zswap pcp-system-tools pcp-testsuite pcp-zeroconf perl-PCP-LogImport perl-PCP-LogSummary perl-PCP-MMV perl-PCP-PMDA python3-pcp redis redis7 libmozjs-115-0 mozjs115 mozjs115-devel Mesa Mesa-32bit Mesa-KHR-devel Mesa-devel Mesa-dri Mesa-dri-32bit Mesa-dri-devel Mesa-dri-nouveau Mesa-dri-nouveau-32bit Mesa-dri-vc4 Mesa-gallium Mesa-gallium-32bit Mesa-libEGL-devel Mesa-libEGL-devel-32bit Mesa-libEGL1 Mesa-libEGL1-32bit Mesa-libGL-devel Mesa-libGL-devel-32bit Mesa-libGL1 Mesa-libGL1-32bit Mesa-libGLESv1_CM-devel Mesa-libGLESv1_CM-devel-32bit Mesa-libGLESv2-devel Mesa-libGLESv2-devel-32bit Mesa-libGLESv3-devel Mesa-libOpenCL Mesa-libd3d Mesa-libd3d-32bit Mesa-libd3d-devel Mesa-libd3d-devel-32bit Mesa-libglapi-devel Mesa-libglapi-devel-32bit Mesa-libglapi0 Mesa-libglapi0-32bit Mesa-libva Mesa-vulkan-device-select Mesa-vulkan-device-select-32bit Mesa-vulkan-overlay Mesa-vulkan-overlay-32bit libOSMesa-devel libOSMesa-devel-32bit libOSMesa8 libOSMesa8-32bit libgbm-devel libgbm-devel-32bit libgbm1 libgbm1-32bit libvdpau_nouveau libvdpau_nouveau-32bit libvdpau_r600 libvdpau_r600-32bit libvdpau_radeonsi libvdpau_radeonsi-32bit libvdpau_virtio_gpu libvdpau_virtio_gpu-32bit libvulkan_broadcom libvulkan_freedreno libvulkan_intel libvulkan_intel-32bit libvulkan_lvp libvulkan_radeon libvulkan_radeon-32bit libxatracker-devel libxatracker2 jenkins-json-lib json-lib json-lib-javadoc libmozjs-78-0 mozjs78 mozjs78-devel libreoffice-base-drivers-firebird keepalived python311-starlette jetty-annotations jetty-ant jetty-cdi jetty-client jetty-continuation jetty-deploy jetty-fcgi jetty-http jetty-http-spi jetty-io jetty-jaas jetty-jmx jetty-jndi jetty-jsp jetty-minimal-javadoc jetty-openid jetty-plus jetty-proxy jetty-quickstart jetty-rewrite jetty-security jetty-server jetty-servlet jetty-servlets jetty-start jetty-util jetty-util-ajax jetty-webapp jetty-xml apache2-mod_php8 php8 php8-bcmath php8-bz2 php8-calendar php8-cli php8-ctype php8-curl php8-dba php8-devel php8-dom php8-embed php8-enchant php8-exif php8-fastcgi php8-ffi php8-fileinfo php8-fpm php8-fpm-apache php8-ftp php8-gd php8-gettext php8-gmp php8-iconv php8-intl php8-ldap php8-mbstring php8-mysql php8-odbc php8-opcache php8-openssl php8-pcntl php8-pdo php8-pgsql php8-phar php8-posix php8-readline php8-shmop php8-snmp php8-soap php8-sockets php8-sodium php8-sqlite php8-sysvmsg php8-sysvsem php8-sysvshm php8-test php8-tidy php8-tokenizer php8-xmlreader php8-xmlwriter php8-xsl php8-zip php8-zlib libprotobuf-lite25_1_0 libprotobuf-lite25_1_0-32bit libprotobuf25_1_0 libprotobuf25_1_0-32bit libprotoc25_1_0 libprotoc25_1_0-32bit protobuf-devel protobuf-java python311-protobuf cargo-c go1.21-openssl go1.21-openssl-doc go1.21-openssl-race xorg-x11-server xorg-x11-server-Xvfb xorg-x11-server-extra xorg-x11-server-sdk xorg-x11-server-source apache2-mod_uwsgi uwsgi uwsgi-emperor_pg uwsgi-emperor_zeromq uwsgi-gevent uwsgi-glusterfs uwsgi-greenlet uwsgi-jvm uwsgi-ldap uwsgi-libffi uwsgi-logzmq uwsgi-lua uwsgi-pam uwsgi-php7 uwsgi-psgi uwsgi-pypy uwsgi-python3 uwsgi-sqlite3 uwsgi-xslt ruby2.5-rubygem-bundler ruby2.5-rubygem-bundler-doc libruby2_5-2_5 ruby2.5 ruby2.5-devel ruby2.5-devel-extra ruby2.5-doc ruby2.5-doc-ri ruby2.5-stdlib python311-waitress python311-waitress-doc ruby2.5-rubygem-actionpack-5_1 ruby2.5-rubygem-actionpack-doc-5_1 ruby2.5-rubygem-actionmailer-5_1 ruby2.5-rubygem-actionmailer-doc-5_1 gsf-office-thumbnailer libgsf-1-114 libgsf-devel libgsf-lang libgsf-tools typelib-1_0-Gsf-1 go1.23-openssl go1.23-openssl-doc go1.23-openssl-race go1.22-openssl go1.22-openssl-doc go1.22-openssl-race gdk-pixbuf-loader-libheif libheif-devel libheif1 libheif1-32bit python311-wxPython python311-wxPython-lang apache-commons-lang3 apache-commons-lang3-javadoc bcel mojo-parent xalan-j2 xalan-j2-demo xalan-j2-manual xalan-j2-xsltc xerces-j2 xerces-j2-demo xerces-j2-javadoc python3-wxPython python3-wxPython-lang golang-github-lusitaniae-apache_exporter golang-github-prometheus-promu wire httpcomponents-client httpcomponents-client-cache httpcomponents-client-javadoc httpcomponents-core httpcomponents-core-javadoc bea-stax bea-stax-api xstream xstream-benchmark xstream-javadoc xstream-parent javapackages-filesystem javapackages-gradle javapackages-ivy javapackages-local javapackages-tools python3-javapackages xmlgraphics-batik xmlgraphics-batik-css xmlgraphics-batik-demo xmlgraphics-batik-javadoc xmlgraphics-batik-rasterizer xmlgraphics-batik-slideshow xmlgraphics-batik-squiggle xmlgraphics-batik-svgpp xmlgraphics-batik-ttf2svg xmlgraphics-commons xmlgraphics-commons-javadoc xmlgraphics-fop postgresql postgresql-contrib postgresql-devel postgresql-docs postgresql-llvmjit postgresql-llvmjit-devel postgresql-plperl postgresql-plpython postgresql-pltcl postgresql-server postgresql-server-devel postgresql-test postgresql17 postgresql17-contrib postgresql17-devel postgresql17-docs postgresql17-llvmjit postgresql17-llvmjit-devel postgresql17-plperl postgresql17-plpython postgresql17-pltcl postgresql17-server postgresql17-server-devel postgresql17-test hplip hplip-devel hplip-hpijs hplip-sane hplip-scan-utils hplip-udev-rules python311-virtualenv libuv-devel libuv1 libuv1-32bit python311-tornado6 python3-virtualenv editorconfig libeditorconfig-devel libeditorconfig-devel-32bit libeditorconfig0 libeditorconfig0-32bit bpftool python311-python-multipart docker-stable docker-stable-bash-completion docker-stable-fish-completion docker-stable-rootless-extras docker-stable-zsh-completion obs-scm-bridge helm helm-bash-completion helm-fish-completion helm-zsh-completion libsoup-2_4-1 libsoup-2_4-1-32bit libsoup2-devel libsoup2-devel-32bit libsoup2-lang typelib-1_0-Soup-2_4 socat aws-iam-authenticator gvim vim vim-data vim-data-common vim-small libsoup-3_0-0 libsoup-3_0-0-32bit libsoup-devel libsoup-devel-32bit libsoup-lang typelib-1_0-Soup-3_0 python311-urllib3_1 libsvn_auth_gnome_keyring-1-0 libsvn_auth_kwallet-1-0 subversion subversion-bash-completion subversion-devel subversion-perl subversion-python subversion-ruby subversion-server subversion-tools haproxy python311-grpcio grpc-devel grpc-source libgrpc++1_60 libgrpc1_60 libgrpc37 libupb37 upb-devel jctools jctools-channels jctools-experimental jctools-javadoc gdb gdb-testresults gdbserver libmetrics-devel libmetrics0 vhostmd vm-dump-metrics libpoppler-cpp0 libpoppler-cpp0-32bit libpoppler-devel libpoppler-glib-devel libpoppler-glib8 libpoppler-glib8-32bit libpoppler-qt5-1 libpoppler-qt5-1-32bit libpoppler-qt5-devel libpoppler-qt6-3 libpoppler-qt6-devel libpoppler135 libpoppler135-32bit poppler-tools typelib-1_0-Poppler-0_18 libxslt-python google-guest-agent google-osconfig-agent python311-gunicorn azure-cli-core apache2-mod_jk apache-commons-vfs2 apache-commons-vfs2-ant apache-commons-vfs2-examples apache-commons-vfs2-javadoc ed25519-java ed25519-java-javadoc mercurial mercurial-lang mercurial-tests corosync corosync-qdevice corosync-qnetd corosync-testagents libcfg6 libcfg6-32bit libcmap4 libcmap4-32bit libcorosync-devel libcorosync_common4 libcorosync_common4-32bit libcpg4 libcpg4-32bit libquorum5 libquorum5-32bit libsam4 libsam4-32bit libtotem_pg5 libtotem_pg5-32bit libvotequorum8 libvotequorum8-32bit warewulf4-dracut warewulf4-reference-doc libxslt-devel libxslt-devel-32bit libxslt-tools libxslt1 libxslt1-32bit GraphicsMagick GraphicsMagick-devel libGraphicsMagick++-Q16-12 libGraphicsMagick++-devel libGraphicsMagick-Q16-3 libGraphicsMagick3-config libGraphicsMagickWand-Q16-2 perl-GraphicsMagick apache2-mod_apparmor apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang libapparmor-devel libapparmor1 libapparmor1-32bit pam_apparmor pam_apparmor-32bit perl-apparmor python3-apparmor ruby-apparmor liblzma5 liblzma5-32bit xz xz-devel xz-devel-32bit xz-lang xz-static-devel apache-commons-io apache-commons-io-javadoc go1.24 go1.24-doc go1.24-race giflib-devel giflib-devel-32bit giflib-progs libgif7 libgif7-32bit fontforge fontforge-devel fontforge-doc libmozjs-52 mozjs52 mozjs52-devel rekor pam pam-32bit pam-devel pam-devel-32bit pam-doc pam-extra pam-extra-32bit erlang erlang-debugger erlang-debugger-src erlang-dialyzer erlang-dialyzer-src erlang-diameter erlang-diameter-src erlang-doc erlang-epmd erlang-et erlang-et-src erlang-jinterface erlang-jinterface-src erlang-observer erlang-observer-src erlang-reltool erlang-reltool-src erlang-src erlang-wx erlang-wx-src libmozjs-60 mozjs60 mozjs60-devel cifs-utils cifs-utils-devel pam_cifscreds python311-h11 libsqlite3-0 libsqlite3-0-32bit sqlite3 sqlite3-devel sqlite3-doc sqlite3-tcl erlang-rabbitmq-client rabbitmq-server rabbitmq-server-plugins ImageMagick ImageMagick-config-7-SUSE ImageMagick-config-7-upstream-limited ImageMagick-config-7-upstream-open ImageMagick-config-7-upstream-secure ImageMagick-config-7-upstream-websafe ImageMagick-devel ImageMagick-devel-32bit ImageMagick-doc ImageMagick-extra libMagick++-7_Q16HDRI5 libMagick++-7_Q16HDRI5-32bit libMagick++-devel libMagick++-devel-32bit libMagickCore-7_Q16HDRI10 libMagickCore-7_Q16HDRI10-32bit libMagickWand-7_Q16HDRI10 libMagickWand-7_Q16HDRI10-32bit perl-PerlMagick ruby2.5-rubygem-rack-1_6 ruby2.5-rubygem-rack-doc-1_6 ruby2.5-rubygem-rack-testsuite-1_6 libsaml-devel libsaml11 opensaml-bin opensaml-schemas openvpn-dco openvpn-dco-devel augeas augeas-bash-completion augeas-devel augeas-devel-32bit augeas-lense-tests augeas-lenses libaugeas0 libaugeas0-32bit libfa1 libfa1-32bit audiofile audiofile-devel audiofile-devel-32bit audiofile-doc libaudiofile1 libaudiofile1-32bit rsync libvmtools-devel libvmtools0 open-vm-tools open-vm-tools-containerinfo open-vm-tools-desktop open-vm-tools-salt-minion open-vm-tools-sdmp valkey valkey-compat-redis valkey-devel gimp gimp-devel gimp-lang gimp-plugin-aa libgimp-2_0-0 libgimp-2_0-0-32bit libgimpui-2_0-0 libgimpui-2_0-0-32bit libraw-devel libraw-devel-static libraw-tools libraw23 libraw23-32bit brlapi-devel brlapi-java brltty brltty-driver-at-spi2 brltty-driver-brlapi brltty-driver-espeak brltty-driver-libbraille brltty-driver-speech-dispatcher brltty-driver-xwindow brltty-lang brltty-udev-generic brltty-utils libbrlapi0_8 ocaml-brlapi python3-brlapi system-user-brltty tcl-brlapi xbrlapi ruby2.5-rubygem-rack ruby2.5-rubygem-rack-doc ruby2.5-rubygem-rack-testsuite python311-maturin grub2 grub2-arm64-efi grub2-arm64-efi-debug grub2-arm64-efi-extras grub2-branding-upstream grub2-i386-pc grub2-i386-pc-debug grub2-i386-pc-extras grub2-i386-xen-debug grub2-powerpc-ieee1275 grub2-powerpc-ieee1275-debug grub2-powerpc-ieee1275-extras grub2-s390x-emu grub2-s390x-emu-debug grub2-s390x-emu-extras grub2-snapper-plugin grub2-systemd-sleep-plugin grub2-x86_64-efi grub2-x86_64-efi-debug grub2-x86_64-efi-extras grub2-x86_64-xen grub2-x86_64-xen-debug grub2-x86_64-xen-extras libekmfweb1 libekmfweb1-devel libkmipclient1 libkmipclient1-devel osasnmpd s390-tools s390-tools-chreipl-fcp-mpath s390-tools-genprotimg-data s390-tools-hmcdrvfs s390-tools-zdsfs pam_u2f glibc glibc-32bit glibc-devel glibc-devel-32bit glibc-devel-static glibc-devel-static-32bit glibc-extra glibc-html glibc-i18ndata glibc-info glibc-lang glibc-locale glibc-locale-base glibc-locale-base-32bit glibc-profile glibc-profile-32bit glibc-utils glibc-utils-32bit libnsl1 libnsl1-32bit nscd libwx_base-suse-devel libwx_base-suse-nostl-devel libwx_baseu-suse-nostl5_0_0 libwx_baseu-suse5_0_0 libwx_baseu_net-suse-nostl5_0_0 libwx_baseu_net-suse5_0_0 libwx_baseu_xml-suse-nostl5_0_0 libwx_baseu_xml-suse5_0_0 libwx_gtk2u_adv-suse5_0_0 libwx_gtk2u_aui-suse5_0_0 libwx_gtk2u_core-suse5_0_0 libwx_gtk2u_gl-suse5_0_0 libwx_gtk2u_html-suse5_0_0 libwx_gtk2u_media-suse5_0_0 libwx_gtk2u_propgrid-suse5_0_0 libwx_gtk2u_qa-suse5_0_0 libwx_gtk2u_ribbon-suse5_0_0 libwx_gtk2u_richtext-suse5_0_0 libwx_gtk2u_stc-suse5_0_0 libwx_gtk2u_xrc-suse5_0_0 libwx_gtk3u_adv-suse-nostl5_0_0 libwx_gtk3u_adv-suse5_0_0 libwx_gtk3u_aui-suse-nostl5_0_0 libwx_gtk3u_aui-suse5_0_0 libwx_gtk3u_core-suse-nostl5_0_0 libwx_gtk3u_core-suse5_0_0 libwx_gtk3u_gl-suse-nostl5_0_0 libwx_gtk3u_gl-suse5_0_0 libwx_gtk3u_html-suse-nostl5_0_0 libwx_gtk3u_html-suse5_0_0 libwx_gtk3u_media-suse-nostl5_0_0 libwx_gtk3u_media-suse5_0_0 libwx_gtk3u_propgrid-suse-nostl5_0_0 libwx_gtk3u_propgrid-suse5_0_0 libwx_gtk3u_qa-suse-nostl5_0_0 libwx_gtk3u_qa-suse5_0_0 libwx_gtk3u_ribbon-suse-nostl5_0_0 libwx_gtk3u_ribbon-suse5_0_0 libwx_gtk3u_richtext-suse-nostl5_0_0 libwx_gtk3u_richtext-suse5_0_0 libwx_gtk3u_stc-suse-nostl5_0_0 libwx_gtk3u_stc-suse5_0_0 libwx_gtk3u_webview-suse5_0_0 libwx_gtk3u_xrc-suse-nostl5_0_0 libwx_gtk3u_xrc-suse5_0_0 libwx_qtu_adv-suse5_0_0 libwx_qtu_aui-suse5_0_0 libwx_qtu_core-suse5_0_0 libwx_qtu_gl-suse5_0_0 libwx_qtu_html-suse5_0_0 libwx_qtu_media-suse5_0_0 libwx_qtu_propgrid-suse5_0_0 libwx_qtu_qa-suse5_0_0 libwx_qtu_ribbon-suse5_0_0 libwx_qtu_richtext-suse5_0_0 libwx_qtu_stc-suse5_0_0 libwx_qtu_xrc-suse5_0_0 wxGTK3-3_2-devel wxQt-3_2-devel wxWidgets-3_2-devel wxWidgets-3_2-nostl-devel wxWidgets-3_2-plugin-sound_sdlu-3_2 dnsdist libnss_slurm2_22_05 libpmi0_22_05 libslurm38 perl-slurm_22_05 slurm_22_05 slurm_22_05-auth-none slurm_22_05-config slurm_22_05-config-man slurm_22_05-cray slurm_22_05-devel slurm_22_05-doc slurm_22_05-hdf5 slurm_22_05-lua slurm_22_05-munge slurm_22_05-node slurm_22_05-openlava slurm_22_05-pam_slurm slurm_22_05-plugins slurm_22_05-rest slurm_22_05-seff slurm_22_05-sjstat slurm_22_05-slurmdbd slurm_22_05-sql slurm_22_05-sview slurm_22_05-testsuite slurm_22_05-torque slurm_22_05-webdoc libnss_slurm2_23_02 libpmi0_23_02 perl-slurm_23_02 slurm_23_02 slurm_23_02-auth-none slurm_23_02-config slurm_23_02-config-man slurm_23_02-cray slurm_23_02-devel slurm_23_02-doc slurm_23_02-hdf5 slurm_23_02-lua slurm_23_02-munge slurm_23_02-node slurm_23_02-openlava slurm_23_02-pam_slurm slurm_23_02-plugin-ext-sensors-rrd slurm_23_02-plugins slurm_23_02-rest slurm_23_02-seff slurm_23_02-sjstat slurm_23_02-slurmdbd slurm_23_02-sql slurm_23_02-sview slurm_23_02-testsuite slurm_23_02-torque slurm_23_02-webdoc libnss_slurm2 libpmi0 libslurm39 perl-slurm slurm slurm-auth-none slurm-config slurm-config-man slurm-cray slurm-devel slurm-doc slurm-hdf5 slurm-lua slurm-munge slurm-node slurm-openlava slurm-pam_slurm slurm-plugin-ext-sensors-rrd slurm-plugins slurm-rest slurm-seff slurm-sjstat slurm-slurmdbd slurm-sql slurm-sview slurm-testsuite slurm-torque slurm-webdoc libnss_slurm2_24_11 libpmi0_24_11 libslurm42 perl-slurm_24_11 slurm_24_11 slurm_24_11-auth-none slurm_24_11-config slurm_24_11-config-man slurm_24_11-cray slurm_24_11-devel slurm_24_11-doc slurm_24_11-hdf5 slurm_24_11-lua slurm_24_11-munge slurm_24_11-node slurm_24_11-openlava slurm_24_11-pam_slurm slurm_24_11-plugins slurm_24_11-rest slurm_24_11-seff slurm_24_11-sjstat slurm_24_11-slurmdbd slurm_24_11-sql slurm_24_11-sview slurm_24_11-testsuite slurm_24_11-torque slurm_24_11-webdoc iputils dpdk dpdk-devel dpdk-devel-static dpdk-doc dpdk-examples dpdk-kmp-default dpdk-thunderx dpdk-thunderx-devel dpdk-thunderx-devel-static dpdk-thunderx-doc dpdk-thunderx-examples dpdk-thunderx-kmp-default dpdk-thunderx-tools dpdk-tools libdpdk-23 gnuplot gnuplot-doc apache-commons-beanutils apache-commons-beanutils-javadoc libcryptopp-devel libcryptopp8_6_0 libcryptopp8_6_0-32bit helm-mirror transfig corepack22 nodejs22 nodejs22-devel nodejs22-docs npm22 perl-Crypt-OpenSSL-RSA perl-YAML-LibYAML nbdkit nbdkit-bash-completion nbdkit-basic-filters nbdkit-basic-plugins nbdkit-curl-plugin nbdkit-devel nbdkit-example-plugins nbdkit-gzip-filter nbdkit-linuxdisk-plugin nbdkit-nbd-plugin nbdkit-python-plugin nbdkit-server nbdkit-ssh-plugin nbdkit-tar-filter nbdkit-tmpdisk-plugin nbdkit-vddk-plugin nbdkit-xz-filter sysstat sysstat-isag kubernetes1.31-client kubernetes1.31-client-bash-completion kubernetes1.31-client-common dhcp dhcp-client dhcp-devel dhcp-doc dhcp-relay dhcp-server golang-github-prometheus-node_exporter prometheus-blackbox_exporter golang-github-prometheus-alertmanager gdm gdm-branding-upstream gdm-devel gdm-lang gdm-schema gdm-systemd gdmflexiserver libgdm1 typelib-1_0-Gdm-1_0 ignition ignition-dracut-grub2 screen pam_pkcs11 pam_pkcs11-32bit pam_pkcs11-devel-doc apache2-mod_security2 ghc-pandoc ghc-pandoc-devel libbd_btrfs-devel libbd_btrfs2 libbd_crypto-devel libbd_crypto2 libbd_dm-devel libbd_dm2 libbd_fs-devel libbd_fs2 libbd_kbd-devel libbd_kbd2 libbd_loop-devel libbd_loop2 libbd_lvm-dbus-devel libbd_lvm-dbus2 libbd_lvm-devel libbd_lvm2 libbd_mdraid-devel libbd_mdraid2 libbd_mpath-devel libbd_mpath2 libbd_part-devel libbd_part2 libbd_swap-devel libbd_swap2 libbd_utils-devel libbd_utils2 libbd_vdo-devel libbd_vdo2 libblockdev libblockdev-devel libblockdev2 python3-libblockdev typelib-1_0-BlockDev-2_0 gstreamer-plugins-good gstreamer-plugins-good-32bit gstreamer-plugins-good-extra gstreamer-plugins-good-extra-32bit gstreamer-plugins-good-gtk gstreamer-plugins-good-jack gstreamer-plugins-good-jack-32bit gstreamer-plugins-good-lang gstreamer-plugins-good-qtqml distribution-registry icu libicu-devel libicu-devel-32bit libicu-doc libicu-suse65_1 libicu-suse65_1-32bit libicu65_1-bedata libicu65_1-ledata pam-config perl-File-Find-Rule apache-commons-fileupload apache-commons-fileupload-javadoc yelp-xsl libyelp0 yelp yelp-devel yelp-lang sudo sudo-devel sudo-plugin-python sudo-policy-sudo-auth-self sudo-policy-wheel-auth-self sudo-test system-group-sudo clamav-docs-html clamav-milter libclamav12 libclammspack0 libfreshclam3 libgepub-0_7-0 libgepub-devel typelib-1_0-Gepub-0_7 libssh-config libssh-devel libssh4 libssh4-32bit libsystemd0 libsystemd0-32bit libudev1 libudev1-32bit systemd systemd-32bit systemd-boot systemd-container systemd-coredump systemd-devel systemd-doc systemd-experimental systemd-homed systemd-journal-remote systemd-lang systemd-network systemd-portable systemd-sysvcompat systemd-testsuite udev dirmngr gpg2 gpg2-lang gpg2-tpm umoci protobuf-java-bom protobuf-java-parent coreutils coreutils-doc coreutils-lang coreutils-single coreutils-testsuite FastCGI FastCGI-devel libfcgi0 perl-FastCGI jq libjq-devel libjq1 libgcrypt-devel libgcrypt-devel-32bit libgcrypt20 libgcrypt20-32bit python-oslo.utils-doc python3-oslo.utils python3-salt python3-salt-testsuite salt salt-api salt-bash-completion salt-cloud salt-doc salt-fish-completion salt-master salt-minion salt-proxy salt-ssh salt-standalone-formulas-configuration salt-syndic salt-transactional-update salt-zsh-completion ovmf ovmf-tools qemu-ovmf-ia32 qemu-ovmf-x86_64 qemu-ovmf-x86_64-debug qemu-uefi-aarch32 qemu-uefi-aarch64 libpolkit-agent-1-0 libpolkit-agent-1-0-32bit libpolkit-gobject-1-0 libpolkit-gobject-1-0-32bit pkexec polkit polkit-devel polkit-doc typelib-1_0-Polkit-1_0 boost-license1_66_0 boost_1_66-doc-html boost_1_66-doc-pdf boost_1_66-jam boost_1_66-quickbook libboost_atomic1_66_0 libboost_atomic1_66_0-32bit libboost_atomic1_66_0-devel libboost_chrono1_66_0 libboost_chrono1_66_0-devel libboost_container1_66_0 libboost_container1_66_0-32bit libboost_container1_66_0-devel libboost_context1_66_0 libboost_context1_66_0-32bit libboost_context1_66_0-devel libboost_coroutine1_66_0 libboost_coroutine1_66_0-32bit libboost_coroutine1_66_0-devel libboost_date_time1_66_0 libboost_date_time1_66_0-32bit libboost_date_time1_66_0-devel libboost_fiber1_66_0 libboost_fiber1_66_0-32bit libboost_fiber1_66_0-devel libboost_filesystem1_66_0 libboost_filesystem1_66_0-32bit libboost_filesystem1_66_0-devel libboost_graph1_66_0 libboost_graph1_66_0-32bit libboost_graph1_66_0-devel libboost_graph_parallel1_66_0 libboost_graph_parallel1_66_0-32bit libboost_graph_parallel1_66_0-devel libboost_headers1_66_0-devel libboost_iostreams1_66_0 libboost_iostreams1_66_0-32bit libboost_iostreams1_66_0-devel libboost_locale1_66_0 libboost_locale1_66_0-32bit libboost_locale1_66_0-devel libboost_log1_66_0 libboost_log1_66_0-devel libboost_math1_66_0 libboost_math1_66_0-32bit libboost_math1_66_0-devel libboost_mpi1_66_0 libboost_mpi1_66_0-32bit libboost_mpi1_66_0-devel libboost_mpi_python-py2_7-1_66_0 libboost_mpi_python-py2_7-1_66_0-devel libboost_mpi_python-py3-1_66_0 libboost_mpi_python-py3-1_66_0-devel libboost_numpy-py2_7-1_66_0 libboost_numpy-py2_7-1_66_0-devel libboost_numpy-py3-1_66_0 libboost_numpy-py3-1_66_0-devel libboost_program_options1_66_0 libboost_program_options1_66_0-32bit libboost_program_options1_66_0-devel libboost_python-py2_7-1_66_0 libboost_python-py2_7-1_66_0-32bit libboost_python-py2_7-1_66_0-devel libboost_python-py3-1_66_0 libboost_python-py3-1_66_0-32bit libboost_python-py3-1_66_0-devel libboost_random1_66_0 libboost_random1_66_0-32bit libboost_random1_66_0-devel libboost_regex1_66_0 libboost_regex1_66_0-32bit libboost_regex1_66_0-devel libboost_serialization1_66_0 libboost_serialization1_66_0-32bit libboost_serialization1_66_0-devel libboost_signals1_66_0 libboost_signals1_66_0-32bit libboost_signals1_66_0-devel libboost_stacktrace1_66_0 libboost_stacktrace1_66_0-32bit libboost_stacktrace1_66_0-devel libboost_system1_66_0 libboost_system1_66_0-32bit libboost_system1_66_0-devel libboost_test1_66_0 libboost_test1_66_0-32bit libboost_test1_66_0-devel libboost_thread1_66_0 libboost_thread1_66_0-32bit libboost_thread1_66_0-devel libboost_timer1_66_0 libboost_timer1_66_0-devel libboost_type_erasure1_66_0 libboost_type_erasure1_66_0-32bit libboost_type_erasure1_66_0-devel libboost_wave1_66_0 libboost_wave1_66_0-32bit libboost_wave1_66_0-devel python3-boost_parallel_mpi1_66_0 librav1e0_6 librav1e0_6-32bit rav1e rav1e-devel gnutls libgnutls-devel libgnutls-devel-32bit libgnutls30 libgnutls30-32bit libgnutlsxx-devel libgnutlsxx30 djvulibre djvulibre-doc libdjvulibre-devel libdjvulibre21 dpkg dpkg-devel dpkg-lang update-alternatives tgt eclipse-jgit sccache amber-cli amazon-ssm-agent apache-commons-lang apache-commons-lang-javadoc avif-tools gdk-pixbuf-loader-libavif libavif-devel libavif16 libavif16-32bit nginx nginx-source lua51-luajit lua51-luajit-devel go1.25 go1.25-doc go1.25-race cmake3 cmake3-full kubernetes1.18-client kubernetes1.18-client-common tomcat11 tomcat11-admin-webapps tomcat11-doc tomcat11-docs-webapp tomcat11-el-6_0-api tomcat11-embed tomcat11-jsp-4_0-api tomcat11-jsvc tomcat11-lib tomcat11-servlet-6_1-api tomcat11-webapps firebird firebird-doc firebird-examples firebird-server firebird-utils libfbclient-devel libfbclient2 libfbclient2-32bit libib_util libib_util-32bit libib_util-devel jetty-javax-websocket-client-impl jetty-javax-websocket-server-impl jetty-project jetty-websocket-api jetty-websocket-client jetty-websocket-common jetty-websocket-javadoc jetty-websocket-server jetty-websocket-servlet python311-PyYAML libudisks2-0 libudisks2-0-devel libudisks2-0_bcache libudisks2-0_btrfs libudisks2-0_lsm libudisks2-0_lvm2 libudisks2-0_vdo libudisks2-0_zram typelib-1_0-UDisks-2_0 udisks2 udisks2-lang javamail javamail-javadoc python311-future libmunge2 libmunge2-32bit munge munge-devel munge-devel-32bit perl-Authen-SASL perl-Crypt-URandom gnome-themes-accessibility gnome-themes-accessibility-gtk2 gtk2-metatheme-adwaita gtk2-theming-engine-adwaita gtk2-theming-engine-adwaita-32bit gtk3-branding-SLE gtk3-metatheme-adwaita metatheme-adwaita-common python311-pydantic regionServiceClientConfigAzure regionServiceClientConfigEC2 regionServiceClientConfigGCE python311-deepdiff apptainer apptainer-leap apptainer-sle15_5 apptainer-sle15_6 go1.24-openssl go1.24-openssl-doc go1.24-openssl-race go1.25-openssl go1.25-openssl-doc go1.25-openssl-race python311-h2 python311-eventlet libraptor-devel libraptor2-0 libraptor2-0-32bit raptor net-tools net-tools-deprecated net-tools-lang brotli libbrotli-devel libbrotlicommon1 libbrotlicommon1-32bit libbrotlidec1 libbrotlidec1-32bit libbrotlienc1 libbrotlienc1-32bit busybox busybox-adduser busybox-attr busybox-bc busybox-bind-utils busybox-bzip2 busybox-coreutils busybox-cpio busybox-diffutils busybox-dos2unix busybox-ed busybox-findutils busybox-gawk busybox-grep busybox-gzip busybox-hexedit busybox-hostname busybox-iproute2 busybox-iputils busybox-kbd busybox-kmod busybox-less busybox-links busybox-man busybox-misc busybox-ncurses-utils busybox-net-tools busybox-netcat busybox-patch busybox-policycoreutils busybox-procps busybox-psmisc busybox-sed busybox-selinux-tools busybox-sendmail busybox-sh busybox-sha3sum busybox-sharutils busybox-static busybox-syslogd busybox-sysvinit-tools busybox-tar busybox-telnet busybox-testsuite busybox-tftp busybox-time busybox-traceroute busybox-tunctl busybox-udhcpc busybox-unzip busybox-util-linux busybox-vi busybox-vlan busybox-warewulf3 busybox-wget busybox-which busybox-whois busybox-xz ognl ognl-javadoc rustup sevctl libopenjp2-7 libopenjp2-7-32bit openjpeg2 openjpeg2-devel python311-pycares libpainter0 librfxencode0 xrdp xrdp-devel libluajit-5_1-2 libluajit-5_1-2-32bit luajit luajit-devel snpguest cairo-devel cairo-devel-32bit cairo-tools libcairo-gobject2 libcairo-gobject2-32bit libcairo-script-interpreter2 libcairo-script-interpreter2-32bit libcairo2 libcairo2-32bit logback logback-access logback-examples logback-javadoc ruby2.5-rubygem-puma ruby2.5-rubygem-puma-doc python311-xmltodict ctdb ctdb-pcp-pmda libsamba-policy-devel libsamba-policy-python3-devel libsamba-policy0-python3 libsamba-policy0-python3-32bit samba samba-ceph samba-client samba-client-32bit samba-client-libs samba-client-libs-32bit samba-dcerpc samba-devel samba-devel-32bit samba-doc samba-gpupdate samba-ldb-ldap samba-libs samba-libs-32bit samba-libs-python3 samba-libs-python3-32bit samba-python3 samba-test samba-tool samba-winbind samba-winbind-libs samba-winbind-libs-32bit gstreamer-plugins-rs gstreamer-plugins-rs-devel aws-cli python311-boto3 python311-botocore python311-coverage python311-flaky python311-pluggy python311-pytest python311-pytest-cov python311-pytest-mock python311-python-socketio chrony chrony-pool-empty chrony-pool-openSUSE chrony-pool-suse cmake cmake-full cmake-gui cmake-man fetchmail fetchmailconf strongswan strongswan-doc strongswan-hmac strongswan-ipsec strongswan-libs0 strongswan-mysql strongswan-nm strongswan-sqlite libopenjpeg1 libopenjpeg1-32bit openjpeg openjpeg-devel openjpeg-devel-32bit jasper libjasper-devel libjasper7 libjasper7-32bit aws-efs-utils crypto-policies crypto-policies-scripts libqat4 libusdm0 qatengine qatlib qatlib-devel ongres-scram ongres-scram-client ongres-scram-javadoc ongres-scram-parent liblasso-devel liblasso3 python3-lasso cargo-packaging elfutils elfutils-lang libasm-devel libasm1 libasm1-32bit libdw-devel libdw1 libdw1-32bit libelf-devel libelf-devel-32bit libelf1 libelf1-32bit binutils binutils-devel binutils-devel-32bit cross-aarch64-binutils cross-arm-binutils cross-avr-binutils cross-bpf-binutils cross-epiphany-binutils cross-hppa-binutils cross-hppa64-binutils cross-i386-binutils cross-ia64-binutils cross-m68k-binutils cross-mips-binutils cross-ppc-binutils cross-ppc64-binutils cross-ppc64le-binutils cross-pru-binutils cross-riscv64-binutils cross-rx-binutils cross-s390-binutils cross-s390x-binutils cross-sparc-binutils cross-sparc64-binutils cross-spu-binutils cross-x86_64-binutils cross-xtensa-binutils libctf-nobfd0 libctf0 libucm-devel libucm0 libucp-devel libucp0 libucs-devel libucs0 libuct-devel libuct0 openucx-tools perf perf-bash-completion perf-devel perf-gtk nvidia-container-toolkit python3-numpy python3-numpy-devel python3-numpy-gnu-hpc python3-numpy-gnu-hpc-devel python3-numpy_1_17_3-gnu-hpc python3-numpy_1_17_3-gnu-hpc-devel sssd-32bit libmicrohttpd-devel libmicrohttpd12 gegl gegl-0_4 gegl-0_4-lang gegl-devel gegl-doc libgegl-0_4-0 libgegl-0_4-0-32bit typelib-1_0-Gegl-0_4 postgresql18 postgresql18-contrib postgresql18-devel postgresql18-docs postgresql18-llvmjit postgresql18-llvmjit-devel postgresql18-plperl postgresql18-plpython postgresql18-pltcl postgresql18-server postgresql18-server-devel postgresql18-test kubernetes1.33-client kubernetes1.33-client-bash-completion kubernetes1.33-client-common rhino rhino-demo rhino-engine rhino-javadoc rhino-runtime xkbcomp xkbcomp-devel libpng12-0 libpng12-0-32bit libpng12-compat-devel libpng12-compat-devel-32bit libpng12-devel libpng12-devel-32bit dracut-saltboot supportutils-plugin-susemanager-client python311-salt libpng16-16 libpng16-16-32bit libpng16-compat-devel libpng16-compat-devel-32bit libpng16-devel libpng16-devel-32bit libpng16-tools libtag-devel libtag-doc libtag1 libtag1-32bit libtag_c0 libtag_c0-32bit taglib dpdk22 dpdk22-devel dpdk22-devel-static dpdk22-doc dpdk22-examples dpdk22-kmp-default dpdk22-thunderx dpdk22-thunderx-devel dpdk22-thunderx-devel-static dpdk22-thunderx-doc dpdk22-thunderx-examples dpdk22-thunderx-kmp-default dpdk22-thunderx-tools dpdk22-tools liboqs-devel liboqs-devel-32bit liboqs7 liboqs7-32bit oqs-provider supportutils-plugin-salt libtasn1 libtasn1-6 libtasn1-6-32bit libtasn1-devel libtasn1-devel-32bit libopenvswitch-3_1-0 libovn-23_03-0 openvswitch openvswitch-devel openvswitch-doc openvswitch-ipsec openvswitch-pki openvswitch-test openvswitch-vtep ovn ovn-central ovn-devel ovn-doc ovn-docker ovn-host ovn-vtep python3-ovs rime-schema-all rime-schema-array rime-schema-bopomofo rime-schema-cangjie rime-schema-cantonese rime-schema-combo-pinyin rime-schema-custom rime-schema-default rime-schema-double-pinyin rime-schema-emoji rime-schema-essay rime-schema-essay-simp rime-schema-extra rime-schema-ipa rime-schema-luna-pinyin rime-schema-middle-chinese rime-schema-pinyin-simp rime-schema-prelude rime-schema-quick rime-schema-scj rime-schema-soutzoe rime-schema-stenotype rime-schema-stroke rime-schema-terra-pinyin rime-schema-wubi rime-schema-wugniu gstreamer gstreamer-32bit gstreamer-devel gstreamer-devel-32bit gstreamer-lang gstreamer-utils libgstreamer-1_0-0 libgstreamer-1_0-0-32bit typelib-1_0-Gst-1_0 typelib-1_0-Gst-1_0-32bit pdsh pdsh-dshgroup pdsh-genders pdsh-machines pdsh-netgroup pdsh-slurm_22_05 pdsh-slurm_23_02 pdsh-slurm_24_11 dnsmasq dnsmasq-utils maven-dependency-analyzer maven-dependency-analyzer-javadoc maven-dependency-plugin maven-dependency-plugin-javadoc maven-doxia-core maven-doxia-javadoc maven-doxia-module-apt maven-doxia-module-fml maven-doxia-module-xdoc maven-doxia-module-xhtml5 maven-doxia-sink-api maven-doxia-sitetools maven-doxia-sitetools-javadoc maven-doxia-test-docs maven-failsafe-plugin maven-failsafe-plugin-bootstrap maven-invoker maven-invoker-javadoc maven-invoker-plugin maven-invoker-plugin-javadoc maven-javadoc-plugin maven-javadoc-plugin-bootstrap maven-javadoc-plugin-javadoc maven-parent maven-plugin-annotations maven-plugin-plugin maven-plugin-plugin-bootstrap maven-plugin-plugin-javadoc maven-plugin-tools-annotations maven-plugin-tools-ant maven-plugin-tools-api maven-plugin-tools-beanshell maven-plugin-tools-generators maven-plugin-tools-java maven-plugin-tools-javadoc maven-plugin-tools-model maven-reporting-api maven-reporting-api-javadoc maven-reporting-impl maven-reporting-impl-javadoc maven-script-ant maven-script-beanshell maven-surefire maven-surefire-javadoc maven-surefire-plugin maven-surefire-plugin-bootstrap maven-surefire-plugins-javadoc maven-surefire-provider-junit maven-surefire-provider-junit5 maven-surefire-provider-junit5-javadoc maven-surefire-provider-testng maven-surefire-report-parser maven-surefire-report-plugin maven-surefire-report-plugin-bootstrap plexus-velocity plexus-velocity-javadoc velocity-engine-core velocity-engine-core-javadoc libX11-6 libX11-6-32bit libX11-data libX11-devel libX11-devel-32bit libX11-xcb1 libX11-xcb1-32bit libprocps8 procps procps-devel procps-lang openvswitch3 openvswitch3-devel openvswitch3-doc openvswitch3-ipsec openvswitch3-pki openvswitch3-test openvswitch3-vtep ovn3 ovn3-central ovn3-devel ovn3-doc ovn3-docker ovn3-host ovn3-vtep python3-ovs3 python3-azure-identity azure-cli azure-cli-test u-boot-xilinxzynqmpgeneric u-boot-xilinxzynqmpgeneric-doc libxkbfile-devel libxkbfile-devel-32bit libxkbfile1 libxkbfile1-32bit ansible ansible-doc ansible-test python3-M2Crypto python3-M2Crypto-doc libiniparser-devel libiniparser1 libiniparser1-32bit build build-initvm-aarch64 build-initvm-powerpc64le build-initvm-s390x build-initvm-x86_64 build-mkbaselibs build-mkdrpms google-cloud-sap-agent libzvbi-chains0 libzvbi-chains0-32bit libzvbi0 libzvbi0-32bit zvbi zvbi-devel zvbi-devel-32bit zvbi-lang u-boot-avnetultra96rev1 u-boot-avnetultra96rev1-doc u-boot-bananapim64 u-boot-bananapim64-doc u-boot-dragonboard410c u-boot-dragonboard410c-doc u-boot-dragonboard820c u-boot-dragonboard820c-doc u-boot-evb-rk3399 u-boot-evb-rk3399-doc u-boot-firefly-rk3399 u-boot-firefly-rk3399-doc u-boot-geekbox u-boot-geekbox-doc u-boot-hikey u-boot-hikey-doc u-boot-khadas-vim u-boot-khadas-vim-doc u-boot-khadas-vim2 u-boot-khadas-vim2-doc u-boot-libretech-ac u-boot-libretech-ac-doc u-boot-libretech-cc u-boot-libretech-cc-doc u-boot-ls1012afrdmqspi u-boot-ls1012afrdmqspi-doc u-boot-mvebudb-88f3720 u-boot-mvebudb-88f3720-doc u-boot-mvebudbarmada8k u-boot-mvebudbarmada8k-doc u-boot-mvebuespressobin-88f3720 u-boot-mvebuespressobin-88f3720-doc u-boot-mvebumcbin-88f8040 u-boot-mvebumcbin-88f8040-doc u-boot-nanopia64 u-boot-nanopia64-doc u-boot-odroid-c2 u-boot-odroid-c2-doc u-boot-odroid-c4 u-boot-odroid-c4-doc u-boot-odroid-n2 u-boot-odroid-n2-doc u-boot-orangepipc2 u-boot-orangepipc2-doc u-boot-p2371-2180 u-boot-p2371-2180-doc u-boot-p2771-0000-500 u-boot-p2771-0000-500-doc u-boot-p3450-0000 u-boot-p3450-0000-doc u-boot-pine64plus u-boot-pine64plus-doc u-boot-pinebook u-boot-pinebook-doc u-boot-pinebook-pro-rk3399 u-boot-pinebook-pro-rk3399-doc u-boot-pineh64 u-boot-pineh64-doc u-boot-pinephone u-boot-pinephone-doc u-boot-poplar u-boot-poplar-doc u-boot-rock-pi-4-rk3399 u-boot-rock-pi-4-rk3399-doc u-boot-rock-pi-n10-rk3399pro u-boot-rock-pi-n10-rk3399pro-doc u-boot-rock64-rk3328 u-boot-rock64-rk3328-doc u-boot-rock960-rk3399 u-boot-rock960-rk3399-doc u-boot-rockpro64-rk3399 u-boot-rockpro64-rk3399-doc u-boot-rpi3 u-boot-rpi3-doc u-boot-rpi4 u-boot-rpi4-doc u-boot-rpiarm64 u-boot-rpiarm64-doc u-boot-tools u-boot-xilinxzynqmpvirt u-boot-xilinxzynqmpvirt-doc u-boot-xilinxzynqmpzcu102rev10 u-boot-xilinxzynqmpzcu102rev10-doc freetype2-devel freetype2-devel-32bit freetype2-profile-tti35 ft2demos ftbench ftdiff ftdump ftgamma ftgrid ftinspect ftlint ftmulti ftstring ftvalid ftview libfreetype6 libfreetype6-32bit cargo cargo1.94 rust rust1.94 rust1.94-src golang-github-QubitProducts-exporter_exporter golang-github-boynux-squid_exporter systemd-networkd systemd-resolved pgvector-devel postgresql13-pgvector postgresql14-pgvector postgresql15-pgvector postgresql16-pgvector postgresql17-pgvector postgresql18-pgvector kea kea-devel kea-doc kea-hooks libkea-asiodns49 libkea-asiolink72 libkea-cc68 libkea-cfgclient66 libkea-cryptolink50 libkea-d2srv47 libkea-database62 libkea-dhcp++92 libkea-dhcp_ddns57 libkea-dhcpsrv111 libkea-dns++57 libkea-eval69 libkea-exceptions33 libkea-hooks100 libkea-http72 libkea-log61 libkea-mysql71 libkea-pgsql71 libkea-process74 libkea-stats41 libkea-tcp19 libkea-util-io0 libkea-util86 python3-kea perl-XML-Parser util-linux-extra LibVNCServer-devel libvncclient1 libvncserver1 tar tar-backup-scripts tar-doc tar-lang tar-rmt tar-tests libsubid-devel libsubid5 libXvnc-devel libXvnc1 tigervnc tigervnc-x11vnc xorg-x11-Xvnc xorg-x11-Xvnc-java xorg-x11-Xvnc-module xorg-x11-Xvnc-novnc libfreshclam4 python311-FontTools keylime-agent keylime-config keylime-firewalld keylime-logrotate keylime-registrar keylime-tpm_cert_store keylime-verifier python3-keylime python311-filelock libsodium-devel libsodium23 libsodium23-32bit libsnmp40 libsnmp40-32bit net-snmp net-snmp-devel net-snmp-devel-32bit perl-SNMP python3-net-snmp snmp-mibs libexiv2-26 libexiv2-26-32bit gdk-pixbuf-loader-rsvg gdk-pixbuf-loader-rsvg-32bit librsvg-2-2 librsvg-2-2-32bit librsvg-devel rsvg-convert rsvg-thumbnailer typelib-1_0-Rsvg-2_0 log4j log4j-javadoc log4j-jcl log4j-slf4j libldap-2_5-0 openldap2_5 openldap2_5-client openldap2_5-contrib openldap2_5-devel openldap2_5-doc openldap2_5-ppolicy-check-password harfbuzz-devel harfbuzz-tools libharfbuzz-cairo0 libharfbuzz-cairo0-32bit libharfbuzz-gobject0 libharfbuzz-gobject0-32bit libharfbuzz-icu0 libharfbuzz-icu0-32bit libharfbuzz-subset0 libharfbuzz-subset0-32bit libharfbuzz0 libharfbuzz0-32bit typelib-1_0-HarfBuzz-0_0 kubernetes1.35-client kubernetes1.35-client-bash-completion kubernetes1.35-client-common abseil-cpp-devel libabsl2401_0_0 libabsl2401_0_0-32bit openCryptoki openCryptoki-64bit openCryptoki-devel usbmuxd python3-brotlipy libsquashfuse0 squashfuse squashfuse-devel squashfuse-tools lensfun-data lensfun-devel lensfun-doc lensfun-tools liblensfun1 python3-lensfun python311-azure-core cargo-auditable libnvidia-container-devel libnvidia-container-static libnvidia-container-tools libnvidia-container1 vexctl capstone capstone-doc libcapstone-devel libcapstone4 python3-capstone docker-buildx shim gnome-remote-desktop gnome-remote-desktop-lang evolution-data-server evolution-data-server-devel evolution-data-server-lang libcamel-1_2-64 libebackend-1_2-11 libebook-1_2-21 libebook-contacts-1_2-4 libecal-2_0-2 libedata-book-1_2-27 libedata-cal-2_0-2 libedataserver-1_2-27 libedataserverui-1_2-4 libedataserverui4-1_0-0 typelib-1_0-Camel-1_2 typelib-1_0-EBackend-1_2 typelib-1_0-EBook-1_2 typelib-1_0-EBookContacts-1_2 typelib-1_0-ECal-2_0 typelib-1_0-EDataBook-1_2 typelib-1_0-EDataCal-2_0 typelib-1_0-EDataServer-1_2 typelib-1_0-EDataServerUI-1_2 typelib-1_0-EDataServerUI4-1_0 tracker-miner-files tracker-miners tracker-miners-lang libminizip1 libminizip1-32bit libz1 libz1-32bit minizip-devel zlib-devel zlib-devel-32bit zlib-devel-static zlib-devel-static-32bit zlib-testsuite virtiofsd ocaml ocaml-compiler-libs ocaml-compiler-libs-devel ocaml-ocamldoc ocaml-runtime ocaml-source python311-Markdown python311-Flask python311-Flask-doc c3p0 c3p0-javadoc mchange-commons mchange-commons-javadoc go1.26 go1.26-doc go1.26-race gvfs gvfs-32bit gvfs-backend-afc gvfs-backend-goa gvfs-backend-samba gvfs-backends gvfs-devel gvfs-fuse gvfs-lang go1.26-openssl go1.26-openssl-doc go1.26-openssl-race gstreamer-plugins-ugly gstreamer-plugins-ugly-32bit gstreamer-plugins-ugly-lang (x86_64) 0:109.0.5097.45-lp156.2.3.1 15.6 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.5.42-bp156.3.3.1 (aarch64|x86_64) 0:125.0.6422.141-bp156.2.3.1 (x86_64) 0:110.0.5130.64-lp156.2.6.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:7.2-bp156.3.3.1 (noarch) 0:7.2-bp156.3.3.1 (aarch64|ppc64le|x86_64) 0:5.27.11-bp156.3.3.1 (noarch) 0:5.27.11-bp156.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.0.24-bp156.2.4.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.8.1-bp156.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:6.2.8-bp156.2.3.1 (noarch) 0:0.2.1-bp156.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:2.19.5-bp156.3.3.1 (noarch) 0:2.19.5-bp156.3.3.1 (x86_64) 0:2.19.5-bp156.3.3.1 (aarch64_ilp32) 0:2.19.5-bp156.3.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.9.1-bp156.2.3.1 (noarch) 0:1.9.1-bp156.2.3.1 (aarch64|x86_64) 0:126.0.6478.126-bp156.2.6.1 (aarch64|ppc64le|s390x|x86_64) 0:320-bp156.2.6.3 (noarch) 0:320-bp156.2.6.3 (aarch64|i586|ppc64le|s390x|x86_64) 0:6.6.9-bp156.3.3.1 (aarch64|x86_64) 0:126.0.6478.182-bp156.2.11.1 (noarch) 0:0.14.4-bp156.4.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:2.8.4-bp156.3.3.1 (noarch) 0:2.8.4-bp156.3.3.1 (noarch) 0:3.7-bp156.4.3.1 (x86_64) 0:112.0.5197.25-lp156.2.11.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:6.2.8-bp156.2.6.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.1-bp156.3.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:2.53.0-bp156.2.6.1 (noarch) 0:2.53.0-bp156.2.6.1 (noarch) 0:5.7.11-bp156.4.3.1 (noarch) 0:2024.08.01-bp156.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:93vu-bp156.6.3.1 (x86_64) 0:112.0.5197.53-lp156.2.14.1 (aarch64|x86_64) 0:127.0.6533.119-bp156.2.14.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.20240730-bp156.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.69.1-bp156.2.1 (aarch64|x86_64) 0:128.0.6613.84-bp156.2.17.1 (aarch64|x86_64) 0:128.0.6613.113-bp156.2.20.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.54.1-bp156.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.70.1-bp156.5.1 (x86_64) 0:113.0.5230.32-lp156.2.17.1 (noarch) 0:1.2.27-bp156.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.2.27-bp156.2.3.1 (aarch64|x86_64) 0:128.0.6613.119-bp156.2.23.1 (aarch64|x86_64) 0:1.3.3~git0.f075d13-bp156.4.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.2.3-bp156.2.1 (noarch) 0:1.2.3-bp156.2.1 (aarch64|x86_64) 0:128.0.6613.137-bp156.2.26.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.9.16-bp156.3.3.1 (aarch64|x86_64) 0:129.0.6668.58-bp156.2.29.2 (aarch64|x86_64) 0:129.0.6668.70-bp156.2.32.1 (aarch64|i586|x86_64) 0:1.11.3-bp156.4.3.1 (noarch) 0:1.11.3-bp156.4.3.1 (x86_64) 0:114.0.5282.21-lp156.2.20.1 (aarch64|x86_64) 0:129.0.6668.89-bp156.2.35.1 (noarch) 0:1.6.8-bp156.2.3.1 (i586|x86_64) 0:2.53.19-bp156.2.3.1 (aarch64|x86_64) 0:129.0.6668.100-bp156.2.38.1 (aarch64|x86_64) 0:130.0.6723.58-bp156.2.41.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:2.11-bp156.2.3.1 (aarch64|x86_64) 0:130.0.6723.69-bp156.2.44.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:6.0.2-bp156.2.3.1 (noarch) 0:6.0.2-bp156.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:2.19.5-bp156.3.6.1 (noarch) 0:2.19.5-bp156.3.6.1 (x86_64) 0:2.19.5-bp156.3.6.1 (aarch64_ilp32) 0:2.19.5-bp156.3.6.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:4.1.0-bp156.5.3.1 (noarch) 0:4.1.0-bp156.5.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.20-bp156.2.3.1 (aarch64|x86_64) 0:130.0.6723.91-bp156.2.47.1 (noarch) 0:2.2.10-bp156.3.3.1 (aarch64|x86_64) 0:23.08.5-bp156.2.3.1 (noarch) 0:23.08.5-bp156.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:9.1.0-bp156.4.3.1 (aarch64|x86_64) 0:130.0.6723.116-bp156.2.50.1 (aarch64|ppc64le|s390x|x86_64) 0:5.0.1-bp156.3.6.1 (aarch64|ppc64le|x86_64) 0:0.1.9998+svn3613-bp156.2.3.1 (x86_64) 0:7.1.4-lp156.2.4.1 (noarch) 0:7.1.4-lp156.2.4.1 (x86_64) 0:7.1.4_k6.4.0_150600.23.25-lp156.2.4.1 (noarch) 0:3.11.2-bp156.5.1 (noarch) 0:4.6.0-bp156.4.1 (noarch) 0:3.9.0-bp156.4.1 (noarch) 0:1.26.0-bp156.4.3.1 (noarch) 0:3.3.7-bp156.2.6.1 (aarch64|i586|ppc64le|x86_64) 0:2.13.10-bp156.4.3.1 (aarch64|x86_64) 0:131.0.6778.69-bp156.2.53.1 (aarch64|x86_64) 0:131.0.6778.85-bp156.2.56.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.2.2-bp156.4.3.1 (noarch) 0:6.0.33-bp156.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:6.0.33-bp156.2.3.1 (x86_64) 0:115.0.5322.68-lp156.2.23.1 (aarch64|ppc64le|s390x|x86_64) 0:5.9.8-bp156.4.3.1 (noarch) 0:5.9.8-bp156.4.3.1 (aarch64|x86_64) 0:1.34.0-bp156.2.3.1 (aarch64|i586|x86_64) 0:1.34.0-bp156.2.3.1 (noarch) 0:1.34.0-bp156.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.4.6-bp156.4.3.1 (noarch) 0:0.4.6-bp156.4.3.1 (aarch64|x86_64) 0:131.0.6778.108-bp156.2.59.1 (aarch64|x86_64) 0:131.0.6778.139-bp156.2.62.1 (noarch) 0:1.5.1-bp156.2.6.1 (noarch) 0:0.2.4-bp156.4.3.1 (aarch64|x86_64) 0:131.0.6778.204-bp156.2.65.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:5.9.8-bp156.4.9.1 (noarch) 0:5.9.8-bp156.4.9.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.8.0+git.1733745604.d499b6e-bp156.3.3.1 (noarch) 0:0.8.0+git.1733745604.d499b6e-bp156.3.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.52.1-bp156.3.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.18.0-bp156.2.6.1 (noarch) 0:0.18.0-bp156.2.6.1 (x86_64) 0:117.0.5408.163-lp156.2.32.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.1-bp156.3.9.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.20.3-bp156.2.3.1 (noarch) 0:0.20.3-bp156.2.3.1 (aarch64|x86_64) 0:135.0.7049.52-bp156.2.102.2 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.20250306-bp156.2.6.1 (ppc64le|s390x|x86_64) 0:2.3.1-bp156.4.3.1 (x86_64) 0:116.0.5366.21-lp156.2.26.1 (aarch64|x86_64) 0:135.0.7049.84-bp156.2.107.1 (noarch) 0:0.8.0-bp156.4.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:3.3.9-bp156.4.3.1 (i586|x86_64) 0:1.12.1-bp156.4.6.5 (noarch) 0:1.12.1-bp156.4.6.5 (aarch64|x86_64) 0:135.0.7049.95-bp156.2.110.1 (aarch64|i586|s390x|x86_64) 0:0.8.4-bp156.3.3.4 (noarch) 0:0.8.4-bp156.3.3.4 (x86_64) 0:0.8.4-bp156.3.3.4 (aarch64_ilp32) 0:0.8.4-bp156.3.3.4 (noarch) 0:2.2.28-bp156.6.1 (aarch64|x86_64) 0:136.0.7103.59-bp156.2.113.2 (aarch64|i686|ppc64le|x86_64) 0:102.15.1-bp156.3.3.1 (aarch64|x86_64) 0:136.0.7103.92-bp156.2.116.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.3.8c-bp156.2.3.1 (noarch) 0:1.3.8c-bp156.2.3.1 (aarch64|x86_64) 0:1.6.2~git0.a20663ea8-bp156.29.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:3.6.1-bp156.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.12.5-bp156.2.6.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.1-bp156.4.3.1 (aarch64|x86_64) 0:136.0.7103.113-bp156.2.119.1 (aarch64|ppc64le|s390x|x86_64) 0:0.9.2-bp156.3.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:5.8.2-bp156.2.3.1 (noarch) 0:5.8.2-bp156.2.3.1 (noarch) 0:2.2.28-bp156.9.1 (aarch64|ppc64le|s390x|x86_64) 0:5.0.0-lp156.3.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.2.2-lp156.4.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.5.1-lp156.2.3.1 (x86_64) 0:119.0.5497.38-lp156.2.35.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.35.0-bp156.2.6.1 (aarch64|x86_64) 0:137.0.7151.55-bp156.2.122.2 (aarch64|ppc64le|s390x|x86_64) 0:4.6.0-bp156.2.3.1 (aarch64|i586|ppc64le|x86_64) 0:1.69.3-bp156.2.3.2 (noarch) 0:1.69.3-bp156.2.3.2 (aarch64|i586|ppc64le|s390x|x86_64) 0:7.7.1-bp156.2.3.1 (aarch64|x86_64) 0:132.0.6834.83-bp156.2.69.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:4.6.3-bp156.2.3.1 (aarch64|ppc64le|x86_64) 0:137.0.7151.68-bp156.2.125.2 (noarch) 0:2.2.28-bp156.12.1 (aarch64|ppc64le|x86_64) 0:137.0.7151.103-bp156.2.128.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:2.11.1-bp156.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:23.08.5-bp156.2.3.1 (aarch64|ppc64le|x86_64) 0:137.0.7151.119-bp156.2.131.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:2.65.0-bp156.2.17.1 (noarch) 0:2.65.0-bp156.2.17.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.5.8-bp156.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:2.4.26-bp156.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.24.0-lp156.3.3.1 (x86_64) 0:1.24.0-lp156.3.3.1 (aarch64_ilp32) 0:1.24.0-lp156.3.3.1 (noarch) 0:1.24.0-lp156.3.3.1 (noarch) 0:1.6.11-bp156.2.9.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:2.2.4-bp156.5.3.1 (aarch64|ppc64le|x86_64) 0:138.0.7204.96-bp156.2.138.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:2.74.2-bp156.2.26.1 (noarch) 0:2.74.2-bp156.2.26.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.20250520-bp156.2.9.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.21-bp156.2.6.1 (aarch64|x86_64) 0:6.6.3-bp156.2.3.1 (noarch) 0:2.2.28-bp156.15.1 (aarch64|ppc64le|s390x|x86_64) 0:1.11.0-bp156.3.3.1 (aarch64_ilp32) 0:1.11.0-bp156.3.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.40-bp156.5.3.1 (x86_64) 0:0.40-bp156.5.3.1 (aarch64_ilp32) 0:0.40-bp156.5.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:4.4.2-bp156.3.3.1 (aarch64|ppc64le|x86_64) 0:5.1.3-bp156.2.3.1 (x86_64) 0:120.0.5543.61-lp156.2.38.1 (aarch64|ppc64le|x86_64) 0:138.0.7204.157-bp156.2.141.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:3.1.1-bp156.2.3.1 (x86_64) 0:120.0.5543.93-lp156.2.41.1 (aarch64|x86_64) 0:138.0.7204.168-bp156.2.144.1 (aarch64|ppc64le|x86_64) 0:138.0.7204.183-bp156.2.147.1 (aarch64|ppc64le|x86_64) 0:139.0.7258.66-bp156.2.152.1 (aarch64|ppc64le|x86_64) 0:139.0.7258.127-bp156.2.155.1 (aarch64|ppc64le|s390x|x86_64) 0:3.5.12-bp156.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.4.4-bp156.4.3.1 (aarch64_ilp32) 0:1.4.4-bp156.4.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.64.1-bp156.2.12.1 (aarch64|i586|ppc64le|x86_64) 0:1.7.5-bp156.2.4.1 (noarch) 0:1.0.0-bp156.3.3.1 (x86_64) 0:0.7.0.4.git142.862ef23-bp156.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.7.0.4.git142.862ef23-bp156.3.3.1 (aarch64|ppc64le|x86_64) 0:139.0.7258.138-bp156.2.158.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.15.0-bp156.2.6.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.3.8d-bp156.2.6.1 (noarch) 0:1.3.8d-bp156.2.6.1 (aarch64|x86_64) 0:1.36.0-bp156.2.6.1 (aarch64|i586|x86_64) 0:1.36.0-bp156.2.6.1 (noarch) 0:1.36.0-bp156.2.6.1 (noarch) 0:5.33.0-bp156.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:5.33.0-bp156.2.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.2-bp156.4.6.1 (aarch64|ppc64le|x86_64) 0:139.0.7258.154-bp156.2.161.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:6.6.3-bp156.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:3.6.9-bp156.4.12.1 (noarch) 0:2.2.28-bp156.18.1 (aarch64|x86_64) 0:140.0.7339.80-bp156.2.164.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.20250619-bp156.2.12.1 (aarch64|ppc64le|s390x|x86_64) 0:25.01-lp156.2.3.1 (aarch64|x86_64) 0:132.0.6834.110-bp156.2.72.1 (aarch64|ppc64le|s390x|x86_64) 0:5.1757005118.aac56dbc-bp156.2.43.1 (aarch64|ppc64le|s390x|x86_64) 0:5.1756894972.736fbfd-bp156.2.36.1 (x86_64) 0:5.1756894972.736fbfd-bp156.2.36.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.87.0-bp156.3.3.1 (noarch) 0:20231003.0.0-bp156.3.3.1 (noarch) 0:5.150.0-bp156.2.3.1 (noarch) 0:0.40.0-bp156.2.1 (noarch) 0:9.410.0-bp156.2.6.1 (x86_64) 0:121.0.5600.50-lp156.2.44.1 (aarch64|x86_64) 0:140.0.7339.127-bp156.2.167.1 (aarch64|ppc64le|s390x|x86_64) 0:5.1757135418.ec726f9c-bp156.2.46.1 (aarch64|ppc64le|s390x|x86_64) 0:5.1757071172.ffc94dc-bp156.2.39.1 (x86_64) 0:5.1757071172.ffc94dc-bp156.2.39.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.87.0-bp156.3.6.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.35.0-bp156.2.9.1 (aarch64|ppc64le|s390x|x86_64) 0:11.0.28.0-bp156.4.6.1 (noarch) 0:11.0.28.0-bp156.4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:17.0.16.0-bp156.3.6.1 (noarch) 0:17.0.16.0-bp156.3.6.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:2.25.0-bp156.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:4.37-bp156.2.3.1 (aarch64|ppc64le|s390x|x86_64) 0:4.40.0-bp156.3.3.1 (aarch64|x86_64) 0:132.0.6834.159-bp156.2.75.1 (noarch) 0:2025.08.22-lp156.2.3.1 (noarch) 0:5.37.0-bp156.2.6.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:5.37.0-bp156.2.6.1 (aarch64|x86_64) 0:140.0.7339.185-bp156.2.170.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:2.0.4-bp156.2.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.4.8.18-bp156.2.3.1 (aarch64|x86_64) 0:140.0.7339.207-bp156.2.173.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.1-bp156.3.6.1 (noarch) 0:2.2.28-bp156.21.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:5.9.0.git21.a73f509-bp156.2.8.1 (noarch) 0:5.9.0.git21.a73f509-bp156.2.8.1 (aarch64|ppc64le|x86_64) 0:141.0.7390.54-bp156.2.176.1 (aarch64|ppc64le|x86_64) 0:141.0.7390.65-bp156.2.179.1 (noarch) 0:20240910-bp156.2.3.1 (aarch64|ppc64le|x86_64) 0:141.0.7390.107-bp156.2.185.1 (aarch64|ppc64le|s390x|x86_64) 0:1.12.4-bp156.4.9.1 (noarch) 0:1.12.4-bp156.4.9.1 (aarch64|ppc64le|x86_64) 0:141.0.7390.122-bp156.2.188.1 (aarch64|ppc64le|s390x|x86_64) 0:4.98.2-bp156.5.1 (aarch64|ppc64le|x86_64) 0:142.0.7444.59-bp156.2.191.1 (aarch64|ppc64le|x86_64) 0:142.0.7444.59-bp156.2.194.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.10.1-bp156.3.6.1 (noarch) 0:0.10.1-bp156.3.6.1 (noarch) 0:2.2.28-bp156.24.1 (aarch64|ppc64le|x86_64) 0:142.0.7444.134-bp156.2.197.1 (noarch) 0:4.6.0-bp156.4.3.1 (noarch) 0:20200124-bp156.4.3.1 (aarch64|ppc64le|x86_64) 0:142.0.7444.162-bp156.2.200.1 (aarch64|ppc64le|x86_64) 0:142.0.7444.175-bp156.2.203.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.4.5-bp156.3.3.1 (x86_64) 0:1.4.5-bp156.3.3.1 (aarch64_ilp32) 0:1.4.5-bp156.3.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:4.5.2-bp156.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.11.1-bp156.14.1 (noarch) 0:0.11.1-bp156.14.1 (aarch64|i586|ppc64le|x86_64) 0:0.20.1-bp156.2.9.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.2.45-bp156.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.11.1-bp156.17.1 (noarch) 0:0.11.1-bp156.17.1 (aarch64|ppc64le|x86_64) 0:143.0.7499.40-bp156.2.206.1 (noarch) 0:4.0.1-bp156.4.3.1 (noarch) 0:2.2.28-bp156.27.1 (aarch64|ppc64le|x86_64) 0:143.0.7499.109-bp156.1.1 (aarch64|ppc64le|x86_64) 0:143.0.7499.146-bp156.2.209.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.68.2-bp156.2.15.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.27.4-bp156.4.3.1 (noarch) 0:0.27.4-bp156.4.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:4.4.2-bp156.3.6.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.15.1-bp156.2.9.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.4.6-bp156.3.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.32.1-bp156.2.3.1 (noarch) 0:1.0.6-bp156.4.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:3.6.9-bp156.4.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.58.2-bp156.2.6.1 (aarch64|x86_64) 0:133.0.6943.53-bp156.2.78.1 (aarch64|x86_64) 0:133.0.6943.98-bp156.2.81.2 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.12.5-bp156.2.3.1 (aarch64|ppc64le|s390x|x86_64) 0:11.0.26.0-bp156.4.3.1 (noarch) 0:11.0.26.0-bp156.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:17.0.14.0-bp156.3.3.1 (noarch) 0:17.0.14.0-bp156.3.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:3.6.9-bp156.4.6.1 (aarch64|x86_64) 0:133.0.6943.126-bp156.2.84.1 (aarch64|ppc64le|s390x|x86_64) 0:5.9.8-bp156.4.6.1 (noarch) 0:5.9.8-bp156.4.6.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.20-bp156.2.3.1 (aarch64|x86_64) 0:133.0.6943.141-bp156.2.87.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.59.1-bp156.2.9.1 (noarch) 0:5.2.2-bp156.4.3.1 (aarch64|x86_64) 0:134.0.6998.35-bp156.2.90.1 (aarch64|x86_64) 0:134.0.6998.88-bp156.2.93.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.17.3-bp156.2.3.1 (noarch) 0:0.17.3-bp156.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.9.2-bp156.5.1 (noarch) 0:0.9.2-bp156.5.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:3.6.9-bp156.4.9.1 (aarch64|x86_64) 0:134.0.6998.117-bp156.2.96.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:2.2.1-bp156.2.3.1 (noarch) 0:5.47.0-bp156.2.6.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:5.47.0-bp156.2.6.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:11.2-bp156.4.3.1 (noarch) 0:11.2-bp156.4.3.1 (aarch64|i586|s390x|x86_64) 0:0.8.5-bp156.3.6.1 (noarch) 0:0.8.5-bp156.3.6.1 (x86_64) 0:0.8.5-bp156.3.6.1 (aarch64_ilp32) 0:0.8.5-bp156.3.6.1 (aarch64|ppc64le|x86_64) 0:146.0.7680.177-bp156.2.257.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:2.13-bp156.2.3.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:6.2.8-bp156.2.9.16 (noarch) 0:4.8.0-bp156.2.3.1 (aarch64|ppc64le|x86_64) 0:147.0.7727.55-bp156.2.260.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.15.2-bp156.2.3.1 (aarch64|ppc64le|x86_64) 0:144.0.7559.59-bp156.2.215.1 (aarch64|ppc64le|s390x|x86_64) 0:1.14.0-bp156.4.13.1 (noarch) 0:1.14.0-bp156.4.13.1 (noarch) 0:60.2-bp156.2.3.1 (aarch64|ppc64le|x86_64) 0:144.0.7559.96-bp156.2.218.1 (noarch) 0:1.2.30-bp156.2.6.1 (aarch64|ppc64le|x86_64) 0:144.0.7559.109-bp156.2.221.1 (noarch) 0:2.2.28-bp156.30.1 (aarch64|ppc64le|x86_64) 0:144.0.7559.132-bp156.2.224.1 (aarch64|ppc64le|s390x|x86_64) 0:5.3.1-bp156.3.12.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.9.16-bp156.3.6.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:3.7.0-bp156.4.15.1 (aarch64|x86_64) 0:145.0.7632.75-bp156.2.231.1 (noarch) 0:3.7-bp156.4.6.1 (aarch64|ppc64le|x86_64) 0:145.0.7632.109-bp156.2.239.1 (aarch64|ppc64le|x86_64) 0:143.0.7499.192-bp156.2.212.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:2.6.0~noopenh264-bp156.2.1 (x86_64) 0:2.6.0~noopenh264-bp156.2.1 (aarch64_ilp32) 0:2.6.0~noopenh264-bp156.2.1 (aarch64|ppc64le|s390x|x86_64) 0:5.1771422749.560a3b26-bp156.2.124.1 (aarch64|ppc64le|s390x|x86_64) 0:5.1771353921.c8005c9-bp156.2.93.1 (x86_64) 0:5.1771353921.c8005c9-bp156.2.93.1 (aarch64|ppc64le|x86_64) 0:145.0.7632.116-bp156.2.242.1 (noarch) 0:1.6.13-bp156.2.12.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:1.1.6-bp156.2.4.1 (x86_64) 0:1.1.6-bp156.2.4.1 (aarch64_ilp32) 0:1.1.6-bp156.2.4.1 (aarch64|i586|ppc64le|s390x|x86_64) 0:0.12.0-bp156.23.1 (noarch) 0:0.12.0-bp156.23.1 (aarch64|ppc64le|x86_64) 0:145.0.7632.159-bp156.2.245.1 (aarch64|ppc64le|x86_64) 0:1.14.2-bp156.4.16.1 (noarch) 0:1.14.2-bp156.4.16.1 (aarch64|ppc64le|x86_64) 0:146.0.7680.80-bp156.2.248.1 (noarch) 0:0.9.13-bp156.2.3.1 (aarch64|ppc64le|x86_64) 0:146.0.7680.153-bp156.2.251.1 (aarch64|ppc64le|x86_64) 0:146.0.7680.164-bp156.2.254.1 (aarch64|ppc64le|s390x|x86_64) 0:4.1.108-150200.4.23.1 (noarch) 0:4.1.108-150200.4.23.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.65-150200.3.19.1 (noarch) 0:2.0.65-150200.3.19.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.4-150400.3.20.1 (aarch64|ppc64le|s390x|x86_64) 0:11.0.23.0-150000.3.113.1 (noarch) 0:11.0.23.0-150000.3.113.1 (aarch64|ppc64le|s390x|x86_64) 0:17.0.11.0-150400.3.42.1 (noarch) 0:17.0.11.0-150400.3.42.1 (aarch64|ppc64le|s390x|x86_64) 0:9.5.18-150200.3.56.1 (noarch) 0:3.5.6-150200.5.6.1 (noarch) 0:1.78.1-150200.3.29.1 (aarch64|ppc64le|s390x|x86_64) 0:4.14.3-150400.59.16.1 (x86_64) 0:4.14.3-150400.59.16.1 (aarch64|ppc64le|s390x|x86_64) 0:3.11.0-150300.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.22.3-150000.1.15.1 (aarch64|ppc64le|s390x|x86_64) 0:1.21.10-150000.1.33.1 (aarch64|ppc64le|s390x|x86_64) 0:9.52-150000.188.1 (noarch) 0:2.3.6-150400.6.9.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.2-150200.11.44.1 (x86_64) 0:3.4.2-150200.11.44.1 (noarch) 0:0.14.1-150100.6.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.2-150400.9.3.1 (noarch) 0:3.0.1-150400.12.6.1 (noarch) 0:5.3.1-150400.8.6.1 (noarch) 0:2023.7.22-150400.12.6.2 (aarch64|ppc64le|s390x|x86_64) 0:1.15.1-150400.8.7.2 (noarch) 0:3.1.0-150400.9.7.2 (noarch) 0:2.15.0-150400.5.4.1 (noarch) 0:2.27.0-150400.6.7.1 (noarch) 0:1.4.0-150400.9.3.1 (noarch) 0:1.11.0-150400.9.3.1 (noarch) 0:0.2.5-150400.9.3.1 (noarch) 0:3.22.0-150400.9.3.1 (noarch) 0:1.15.0-150400.9.3.1 (noarch) 0:2.4.1-150400.5.4.1 (noarch) 0:0.35.0-150400.9.3.1 (noarch) 0:1.7.1-150400.9.3.1 (noarch) 0:2.13.0-150400.9.3.1 (noarch) 0:2.21.0-150400.9.3.1 (noarch) 0:0.2.2-150400.9.3.1 (noarch) 0:3.9.0-150400.9.3.1 (noarch) 0:0.10.1-150400.9.3.1 (noarch) 0:2.17.0-150400.9.3.1 (noarch) 0:1.11.1-150400.9.3.1 (noarch) 0:3.40.1-150400.9.3.1 (noarch) 0:2.14.0-150400.10.3.1 (noarch) 0:1.10.0-150400.9.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.5.0-150400.9.3.1 (noarch) 0:2.7.0-150400.10.4.1 (noarch) 0:1.62.0-150400.10.4.1 (noarch) 0:0.13.0-150400.9.3.1 (noarch) 0:1.60.1-150400.9.3.1 (noarch) 0:3.4-150400.11.6.1 (noarch) 0:2.0.0-150400.10.6.1 (noarch) 0:1.23.0-150400.9.3.1 (noarch) 0:1.11.0-150400.12.7.2 (noarch) 0:23.2.0-150400.3.10.1 (noarch) 0:0.5.0-150400.12.7.2 (noarch) 0:0.3.0-150400.12.7.1 (noarch) 0:2.21-150400.12.7.2 (noarch) 0:2023.3-150400.6.6.1 (noarch) 0:2.31.0-150400.6.8.1 (noarch) 0:4.9-150400.12.7.1 (noarch) 0:67.7.2-150400.3.12.1 (noarch) 0:0.4.4-150400.6.4.2 (noarch) 0:2.0.7-150400.7.14.1 (noarch) 0:3.4.0-150400.13.10.4 (noarch) 0:4.66.1-150400.9.7.4 (noarch) 0:22.10.0-150400.3.7.2 (noarch) 0:1.2.14-150400.10.7.2 (noarch) 0:3.2.2-150400.10.4.1 (noarch) 0:1.57-150400.10.4.4 (noarch) 0:2.8.0-150400.8.7.2 (noarch) 0:2.15.1-150400.7.7.4 (noarch) 0:22.10.0-150400.5.17.4 (aarch64|ppc64le|s390x|x86_64) 0:3.9.3-150400.10.18.4 (noarch) 0:1.3.1-150400.9.7.2 (noarch) 0:4.13.1-150400.10.4.1 (noarch) 0:3.3.0-150400.12.12.2 (noarch) 0:3.6.0-150400.9.7.3 (noarch) 0:4.0.2-150400.10.7.2 (noarch) 0:1.11.3-150400.10.4.1 (noarch) 0:1.6.2-150400.12.7.4 (noarch) 0:5.2.0-150400.13.7.2 (noarch) 0:15.1.0-150400.12.7.2 (noarch) 0:5.1.1-150400.12.7.4 (noarch) 0:1.9.0-150400.12.4.1 (noarch) 0:7.0.0-150400.8.4.4 (noarch) 0:2.21.0-150400.9.3.4 (noarch) 0:0.2.0-150400.9.3.1 (noarch) 0:0.2.0-150400.10.7.2 (aarch64|ppc64le|s390x|x86_64) 0:1.3.3-150400.9.7.2 (noarch) 0:0.22.0-150400.10.4.1 (noarch) 0:1.1.4-150400.11.4.1 (noarch) 0:10.0-150400.13.7.4 (noarch) 0:21.0.0-150400.12.7.4 (noarch) 0:6.8.0-150400.10.9.2 (noarch) 0:2.1.2-150400.10.7.4 (noarch) 0:0.6.1-150400.12.7.2 (noarch) 0:0.8.1-150400.10.4.4 (noarch) 0:2.0.0-150400.10.4.1 (noarch) 0:0.11.0-150400.10.4.4 (noarch) 0:2.0.1-150400.10.7.1 (noarch) 0:3.20.2-150400.9.7.1 (aarch64|ppc64le|s390x|x86_64) 0:6.0.4-150400.7.7.4 (noarch) 0:3.2.2-150400.12.7.4 (noarch) 0:0.11.4-150400.10.6.3 (noarch) 0:0.1.3-150400.10.6.1 (noarch) 0:0.1.2-150400.10.6.1 (noarch) 0:1.23.0-150400.10.7.1 (noarch) 0:0.44b0-150400.9.3.1 (noarch) 0:0.11.1-150400.9.7.2 (noarch) 0:22.3.1-150400.17.16.4 (noarch) 0:1.9.6-150400.7.7.1 (noarch) 0:2.7.0-150400.10.7.4 (aarch64|ppc64le|s390x|x86_64) 0:5.9.5-150400.6.9.4 (noarch) 0:0.0.30-150400.9.3.1 (noarch) 0:6.0.2-150400.9.4.1 (noarch) 0:3.0.9-150400.5.7.4 (noarch) 0:5.0.1-150400.12.4.4 (noarch) 0:1.3.1-150400.12.7.1 (noarch) 0:1.3.4-150400.12.4.1 (noarch) 0:0.14.5-150400.12.7.4 (noarch) 0:3.0.2-150400.10.4.1 (noarch) 0:23.1.0-150400.8.7.1 (noarch) 0:2.4.0-150400.8.7.4 (noarch) 0:0.4.0-150400.5.4.4 (noarch) 0:1.7.3-150400.9.3.4 (noarch) 0:0.9.0-150400.11.7.4 (noarch) 0:4.5.0-150400.3.9.1 (noarch) 0:6.0.1-150400.7.4.4 (noarch) 0:1.5.1-150400.13.7.1 (noarch) 0:0.40.0-150400.13.7.4 (aarch64|ppc64le|s390x|x86_64) 0:1.15.0-150400.12.7.1 (aarch64|ppc64le|s390x|x86_64) 0:1.9.2-150400.8.7.4 (noarch) 0:3.15.0-150400.10.7.1 (aarch64|ppc64le|s390x|x86_64) 0:6.0-150400.12.7.4 (aarch64|ppc64le|s390x|x86_64) 0:3.10.14-150400.4.48.1 (x86_64) 0:3.10.14-150400.4.48.1 (aarch64|ppc64le|s390x|x86_64) 0:5.26.1-150300.17.17.1 (x86_64) 0:5.26.1-150300.17.17.1 (noarch) 0:5.26.1-150300.17.17.1 (aarch64|ppc64le|s390x|x86_64) 0:115.11.0-150200.152.137.2 (noarch) 0:115.11.0-150200.152.137.2 (x86_64) 0:20240514-150200.41.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.412-150200.3.45.2 (noarch) 0:1.8.0.412-150200.3.45.2 (aarch64|x86_64) 0:4.5.2-150500.6.13.1 (noarch) 0:4.5.2-150500.6.13.1 (noarch) 0:2.31.0-150400.6.12.1 (aarch64|ppc64le|s390x|x86_64) 0:115.11.0-150200.8.160.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr8.25-150000.3.89.1 (x86_64) 0:1.8.0_sr8.25-150000.3.89.1 (aarch64|ppc64le|s390x|x86_64) 0:0.8.5-150000.3.8.1 (x86_64) 0:0.8.5-150000.3.8.1 (aarch64|ppc64le|s390x|x86_64) 0:2.7.18-150000.65.1 (x86_64) 0:2.7.18-150000.65.1 (noarch) 0:2.7.18-150000.65.1 (aarch64|ppc64le|s390x|x86_64) 0:3.1.2-150400.12.6.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.3-150400.10.21.1 (aarch64|x86_64) 0:12-150100.11.15.2 (noarch) 0:4.66.4-150400.9.12.1 (noarch) 0:1.1.2-150200.3.10.2 (noarch) 0:3.25.3-150200.5.4.3 (noarch) 0:1.14.16-150200.5.7.1 (noarch) 0:2.1.4-150200.12.10.2 (noarch) 0:2.2-150200.12.17.2 (noarch) 0:2.0.0-150200.5.3.1 (noarch) 0:1.1.3-150200.12.8.2 (noarch) 0:5.0.4-150200.3.4.3 (noarch) 0:4.13.2-150200.3.15.2 (noarch) 0:5.10.2-150200.3.10.3 (noarch) 0:5.10.2-150200.3.10.2 (noarch) 0:9.7-150200.3.15.2 (noarch) 0:0.1.0~M2-150200.5.7.2 (noarch) 0:1.0-150200.5.3.3 (noarch) 0:1.3.9-150200.5.3.3 (aarch64|ppc64le|s390x|x86_64) 0:2.2.8~git65.347aae6-150600.8.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.2-150200.11.47.1 (x86_64) 0:3.4.2-150200.11.47.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4-150600.13.5.1 (x86_64) 0:4.4-150600.13.5.1 (aarch64|ppc64le|s390x|x86_64) 0:10.4.33-150100.3.8.1 (noarch) 0:10.4.33-150100.3.8.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.0-150600.23.3.1 (noarch) 0:1.20.0-150600.23.3.1 (noarch) 0:1.1.0-150600.3.3.1 (noarch) 0:7.0.0-150400.8.7.1 (noarch) 0:4.2.0-150200.3.5.1 (noarch) 0:3.4-150400.11.10.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.3-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.39.3-150600.4.3.1 (x86_64) 0:2.39.3-150600.4.3.1 (noarch) 0:2.39.3-150600.4.3.1 (noarch) 0:2.44.2-150600.12.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.44.2-150600.12.3.1 (x86_64) 0:2.44.2-150600.12.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.24.0-150600.3.3.1 (x86_64) 0:1.24.0-150600.3.3.1 (noarch) 0:1.24.0-150600.3.3.1 (noarch) 0:15-150600.35.2.1 (noarch) 0:2.78.6-150600.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.78.6-150600.4.3.1 (x86_64) 0:2.78.6-150600.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:6.9-150600.3.3.2 (aarch64|ppc64le|s390x|x86_64) 0:10.0.0-150600.8.3.1 (x86_64) 0:10.0.0-150600.8.3.1 (aarch64|x86_64) 0:10.0.0-150600.8.3.1 (noarch) 0:10.0.0-150600.8.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.58-150600.5.3.1 (noarch) 0:2.4.58-150600.5.3.1 (aarch64|x86_64) 0:1.3.0~git1.db34c02-150600.10.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.21.11-150000.1.36.1 (aarch64|ppc64le|s390x|x86_64) 0:1.22.4-150000.1.18.1 (aarch64|ppc64le|s390x|x86_64) 0:8.4-150500.4.23.1 (aarch64|ppc64le|s390x|x86_64) 0:2.17-150500.3.16.1 (aarch64|ppc64le|s390x|x86_64) 0:3.17.1-150000.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.14.4-150300.11.11.1 (noarch) 0:1.14.4-150300.11.11.1 (x86_64) 0:1.58.0-150600.3.3.2 (aarch64|ppc64le|s390x|x86_64) 0:2.2.7-150000.3.59.1 (x86_64) 0:2.2.7-150000.3.59.1 (aarch64|ppc64le|s390x|x86_64) 0:0.23.2-150300.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:4.9.5-150500.3.12.1 (noarch) 0:4.9.5-150500.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:10.11.8-150600.4.3.1 (noarch) 0:10.11.8-150600.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4.33-150400.4.37.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1+git0.09b0074-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.7.1-150600.3.3.1 (noarch) 0:3.7.1-150600.3.3.1 (x86_64) 0:3.7.1-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.1w-150600.5.3.1 (x86_64) 0:1.1.1w-150600.5.3.1 (noarch) 0:1.1.1w-150600.5.3.1 (aarch64|ppc64le|s390x|x86_64) 0:643-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:115.12.0-150200.152.140.2 (noarch) 0:115.12.0-150200.152.140.2 (noarch) 0:1.3.1-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.1.4-150600.5.7.1 (x86_64) 0:3.1.4-150600.5.7.1 (noarch) 0:3.1.4-150600.5.7.1 (aarch64|ppc64le|s390x|x86_64) 0:1.18.2-150600.4.3.1 (noarch) 0:1.18.2-150600.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:115.12.0-150200.8.163.1 (aarch64|ppc64le|s390x|x86_64) 0:2.42.12-150600.3.3.1 (x86_64) 0:2.42.12-150600.3.3.1 (noarch) 0:2.42.12-150600.3.3.1 (noarch) 0:1.15.7-150300.7.5.1 (aarch64|ppc64le|s390x|x86_64) 0:3.13.1-150600.13.5.3 (aarch64|ppc64le|s390x|x86_64) 0:26.2.1-150300.7.5.1 (aarch64|ppc64le|s390x|x86_64) 0:3.7.2-150600.3.3.1 (x86_64) 0:3.7.2-150600.3.3.1 (noarch) 0:2.6.4-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.7.17-150000.111.3 (noarch) 0:1.7.17-150000.111.3 (aarch64|x86_64) 0:6.4.0-150600.8.5.4 (x86_64) 0:6.4.0-150600.8.5.4 (noarch) 0:6.4.0-150600.8.5.4 (aarch64|x86_64) 0:6.4.0-150600.8.5.1 (aarch64|ppc64le|s390x|x86_64) 0:0.9.6-150300.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:41.0.3-150600.23.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.74.2-150600.3.3.1 (noarch) 0:0.74.2-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:45.1-150600.3.3.1 (noarch) 0:45.1-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2022.5.17-150000.3.21.1 (aarch64|ppc64le|s390x|x86_64) 0:1.10.11-150400.3.17.1 (aarch64|ppc64le|s390x|x86_64) 0:1.10.11-150400.3.17.2 (aarch64|ppc64le|s390x|x86_64) 0:3.2.3-150300.3.10.1 (aarch64|ppc64le|s390x|x86_64) 0:4.1.6-150600.3.2.1 (aarch64|ppc64le|s390x|x86_64) 0:4.1.4-150500.3.2.1 (aarch64|ppc64le|s390x|x86_64) 0:34.1.1-150200.3.5.1 (aarch64|ppc64le|s390x|x86_64) 0:0.07-150000.5.5.1 (noarch) 0:34.1.1-150200.3.5.1 (aarch64|ppc64le|s390x|x86_64) 0:4.1.2-150600.3.2.1 (noarch) 0:4.1.2-150600.3.2.1 (aarch64|ppc64le|s390x|x86_64) 0:4.0.2-150500.3.2.1 (aarch64|ppc64le|s390x|x86_64) 0:2.3.7-150600.9.2.1 (noarch) 0:2.3.7-150600.9.2.1 (x86_64) 0:2.3.7-150500.3.2.1 (noarch) 0:2.3.7-150500.3.2.1 (x86_64) 0:2.3.7-150600.9.2.1 (noarch) 0:4.1.6-150600.3.2.1 (x86_64) 0:4.1.6-150600.3.2.1 (noarch) 0:4.1.4-150500.3.2.1 (noarch) 0:3.2.3-150300.3.10.1 (aarch64|ppc64le|s390x|x86_64) 0:9.52-150000.191.1 (aarch64|ppc64le|s390x|x86_64) 0:0.8-150600.15.3.1 (noarch) 0:0.8-150600.15.3.1 (x86_64) 0:0.8-150600.15.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.3-150600.19.3.1 (noarch) 0:1.20.3-150600.19.3.1 (aarch64) 0:6.4.0-150600.23.7.3 (aarch64|ppc64le|s390x|x86_64) 0:6.4.0-150600.23.7.3 (aarch64) 0:6.4.0-150600.23.7.1 (ppc64le|x86_64) 0:6.4.0-150600.23.7.3 (x86_64) 0:6.4.0-150600.23.7.3 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.7.3.150600.12.2.7 (noarch) 0:6.4.0-150600.23.7.4 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.7.3 (noarch) 0:6.4.0-150600.23.7.2 (aarch64|ppc64le|s390x|x86_64) 0:6.4.0-150600.23.7.1 (s390x) 0:6.4.0-150600.23.7.3 (aarch64|ppc64le|s390x|x86_64) 0:3.10.14-150400.4.51.1 (x86_64) 0:3.10.14-150400.4.51.1 (aarch64|ppc64le|s390x|x86_64) 0:24.2.4.2-150500.20.6.5 (noarch) 0:24.2.4.2-150500.20.6.5 (noarch) 0:8.5-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:15.7-150600.16.3.1 (noarch) 0:15.7-150600.16.3.1 (aarch64|ppc64le|s390x|x86_64) 0:14.12-150600.16.3.1 (noarch) 0:14.12-150600.16.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.23-150600.18.3.1 (aarch64|ppc64le|s390x|x86_64) 0:16.2-150600.16.2.1 (x86_64) 0:16.2-150600.16.2.1 (noarch) 0:16.2-150600.16.2.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.7-150000.3.70.1 (aarch64|ppc64le|s390x|x86_64) 0:6.10-150600.3.6.1 (noarch) 0:0.74-150400.9.6.1 (aarch64|ppc64le|s390x|x86_64) 0:9.6p1-150600.6.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.43.0-150600.3.3.1 (noarch) 0:2.43.0-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.19-150300.4.46.1 (x86_64) 0:3.9.19-150300.4.46.1 (aarch64|ppc64le|s390x|x86_64) 0:0.9.6-150300.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6-150000.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:4.9.5-150500.3.15.1 (noarch) 0:4.9.5-150500.3.15.1 (aarch64|ppc64le|s390x|x86_64) 0:2.10.3-150500.5.17.1 (x86_64) 0:2.10.3-150500.5.17.1 (noarch) 0:2.10.3-150500.5.17.1 (aarch64|ppc64le|s390x|x86_64) 0:9.52-150000.194.1 (aarch64|ppc64le|s390x|x86_64) 0:2.3.8-150600.16.5.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.1-150600.11.3.1 (x86_64) 0:1.20.1-150600.11.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.21.12-150000.1.39.1 (aarch64|ppc64le|s390x|x86_64) 0:1.22.5-150000.1.21.1 (noarch) 0:3.10.6-150200.3.10.1 (x86_64) 0:1.1.1-150600.5.3.2 (noarch) 0:2.0.7-150400.7.18.1 (aarch64|ppc64le|s390x|x86_64) 0:3.2.4-150600.3.3.2 (aarch64|ppc64le|s390x|x86_64) 0:9.6p1-150600.6.6.1 (noarch) 0:3.17.0-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:115.13.0-150200.152.143.1 (noarch) 0:115.13.0-150200.152.143.1 (noarch) 0:3.15.0-150400.10.10.1 (aarch64|ppc64le|s390x|x86_64) 0:6.7.0-150000.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.58-150600.5.11.1 (noarch) 0:2.4.58-150600.5.11.1 (aarch64|ppc64le|s390x|x86_64) 0:1.11.0-150400.3.7.1 (x86_64) 0:1.11.0-150400.3.7.1 (noarch) 0:10.1.25-150200.5.25.1 (aarch64|ppc64le|s390x|x86_64) 0:115.12.2-150200.8.168.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.15-150300.10.65.1 (x86_64) 0:3.6.15-150300.10.65.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.15-150300.10.65.2 (noarch) 0:24.3.0-150400.9.8.1 (noarch) 0:9.0.91-150200.68.1 (aarch64|x86_64) 0:4.18.2_06-150600.3.3.1 (x86_64) 0:4.18.2_06-150600.3.3.1 (noarch) 0:4.18.2_06-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:27.2-150400.3.17.1 (noarch) 0:27.2-150400.3.17.1 (noarch) 0:5.11.0-150200.3.7.1 (noarch) 0:2.2-150200.3.15.1 (noarch) 0:7.10.1-150200.3.10.1 (aarch64) 0:6.4.0-150600.23.14.1 (aarch64|ppc64le|s390x|x86_64) 0:6.4.0-150600.23.14.2 (ppc64le|x86_64) 0:6.4.0-150600.23.14.2 (x86_64) 0:6.4.0-150600.23.14.2 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.14.2.150600.12.4.3 (noarch) 0:6.4.0-150600.23.14.2 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.14.2 (s390x) 0:6.4.0-150600.23.14.2 (aarch64|ppc64le|s390x|x86_64) 0:3.12.4-150600.3.3.1 (x86_64) 0:3.12.4-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:20.15.1-150600.3.3.2 (noarch) 0:20.15.1-150600.3.3.2 (noarch) 0:20240712-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:45.3-150600.5.6.1 (noarch) 0:45.3-150600.5.6.1 (noarch) 0:4.2.11-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:21.0.4.0-150600.3.3.1 (noarch) 0:21.0.4.0-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.43.0-150600.3.6.1 (noarch) 0:2.43.0-150600.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.7.2-150600.3.3.1 (aarch64|x86_64) 0:550.100-150600.3.7.1 (aarch64|x86_64) 0:555.42.06-150600.3.7.1 (aarch64) 0:550.100-150600.3.7.1 (x86_64) 0:550.100-150600.3.7.1 (aarch64) 0:555.42.06-150600.3.7.1 (x86_64) 0:555.42.06-150600.3.7.1 (aarch64) 0:555.42.06_k6.4.0_150600.23.7-150600.3.7.1 (x86_64) 0:555.42.06_k6.4.0_150600.8.5-150600.3.7.1 (aarch64|x86_64) 0:555.42.06_k6.4.0_150600.23.7-150600.3.7.1 (aarch64) 0:550.100_k6.4.0_150600.23.7-150600.3.7.1 (x86_64) 0:550.100_k6.4.0_150600.8.5-150600.3.7.1 (aarch64|x86_64) 0:550.100_k6.4.0_150600.23.7-150600.3.7.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.58-150600.5.18.1 (noarch) 0:2.4.58-150600.5.18.1 (aarch64|ppc64le|s390x|x86_64) 0:16.02-150200.14.12.1 (noarch) 0:16.02-150200.14.12.1 (noarch) 0:2.3.0-150400.12.6.1 (aarch64|ppc64le|s390x|x86_64) 0:9.52-150000.197.1 (aarch64|ppc64le|s390x|x86_64) 0:17.0.12.0-150400.3.45.1 (noarch) 0:17.0.12.0-150400.3.45.1 (aarch64|ppc64le|s390x|x86_64) 0:11.0.24.0-150000.3.116.1 (noarch) 0:11.0.24.0-150000.3.116.1 (noarch) 0:4.8.1-150600.17.3.1 (aarch64|ppc64le|s390x|x86_64) 0:4.8.1-150600.17.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.11.2-150600.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.50-150300.3.3.1 (noarch) 0:3.24.38+111-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.24.38+111-150600.3.3.1 (x86_64) 0:3.24.38+111-150600.3.3.1 (noarch) 0:2.24.33-150600.11.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.24.33-150600.11.3.1 (x86_64) 0:2.24.33-150600.11.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.1.4-150600.5.10.1 (x86_64) 0:3.1.4-150600.5.10.1 (noarch) 0:3.1.4-150600.5.10.1 (aarch64|ppc64le|s390x|x86_64) 0:9.18.28-150600.3.3.1 (noarch) 0:9.18.28-150600.3.3.1 (x86_64) 0:1.59.0-150600.3.6.1 (x86_64) 0:1.2.2-150600.5.6.1 (aarch64|ppc64le|s390x|x86_64) 0:0.4.28-150000.3.6.1 (x86_64) 0:0.4.28-150000.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:3.101.2-150400.3.48.1 (x86_64) 0:3.101.2-150400.3.48.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2-150100.6.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3-150600.3.3.1 (noarch) 0:1.36-150600.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:24.1.1-150600.5.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.7.6-150000.5.6.1 (aarch64|ppc64le|s390x|x86_64) 0:8.6.0-150600.4.3.1 (x86_64) 0:8.6.0-150600.4.3.1 (noarch) 0:20240728-150600.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.422-150000.3.97.1 (noarch) 0:1.8.0.422-150000.3.97.1 (aarch64|ppc64le|s390x|x86_64) 0:115.13.0-150200.8.171.4 (aarch64) 0:6.4.0-150600.23.17.1 (aarch64|ppc64le|s390x|x86_64) 0:6.4.0-150600.23.17.1 (ppc64le|x86_64) 0:6.4.0-150600.23.17.1 (x86_64) 0:6.4.0-150600.23.17.1 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.17.1.150600.12.6.2 (noarch) 0:6.4.0-150600.23.17.3 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.17.1 (noarch) 0:6.4.0-150600.23.17.1 (s390x) 0:6.4.0-150600.23.17.1 (noarch) 0:4.8.1-150600.17.6.1 (aarch64|ppc64le|s390x|x86_64) 0:4.8.1-150600.17.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.18.5-150600.18.3.1 (noarch) 0:1.18.5-150600.18.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.2-150200.11.50.1 (x86_64) 0:3.4.2-150200.11.50.1 (noarch) 0:4.2.11-150600.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.23.17-150500.3.15.1 (noarch) 0:1.23.17-150500.3.15.1 (aarch64|ppc64le|s390x|x86_64) 0:1.24.17-150500.3.19.1 (noarch) 0:1.24.17-150500.3.19.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4-150600.13.10.1 (x86_64) 0:4.4-150600.13.10.1 (noarch) 0:2.68-150200.33.1 (aarch64|ppc64le|s390x|x86_64) 0:6.6.3-150600.3.3.1 (noarch) 0:6.6.3-150600.3.3.1 (noarch) 0:22.10.0-150400.5.23.1 (aarch64|ppc64le|s390x|x86_64) 0:5.15.12+kde151-150600.3.6.1 (x86_64) 0:5.15.12+kde151-150600.3.6.1 (noarch) 0:5.15.12+kde151-150600.3.6.1 (aarch64|x86_64) 0:6.4.0-150600.8.8.2 (x86_64) 0:6.4.0-150600.8.8.2 (noarch) 0:6.4.0-150600.8.8.2 (aarch64|x86_64) 0:6.4.0-150600.8.8.1 (noarch) 0:68.1.2-150600.3.3.1 (noarch) 0:2.44.2-150600.12.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.44.2-150600.12.6.1 (x86_64) 0:2.44.2-150600.12.6.1 (noarch) 0:44.1.1-150300.7.9.1 (noarch) 0:67.6.1-150400.4.9.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.10~git2.345056d3-150600.8.7.2 (aarch64|ppc64le|s390x|x86_64) 0:0.13.72-150600.4.3.1 (x86_64) 0:0.13.72-150600.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.25.16-150400.9.10.1 (noarch) 0:1.25.16-150400.9.10.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.1w-150600.5.6.1 (x86_64) 0:1.1.1w-150600.5.6.1 (noarch) 0:1.1.1w-150600.5.6.1 (noarch) 0:1.9.0-150400.10.6.1 (noarch) 0:1.8.7-150400.11.6.1 (x86_64) 0:6.4.0-150600.10.5.1 (noarch) 0:6.4.0-150600.10.5.1 (aarch64|ppc64le|s390x|x86_64) 0:3.10.14-150400.4.54.1 (x86_64) 0:3.10.14-150400.4.54.1 (aarch64|ppc64le|s390x|x86_64) 0:8.2.6-150600.3.9.1 (noarch) 0:8.2.6-150600.3.9.1 (noarch) 0:8.2.61.16.3_3_ga95067eb-150600.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:5.15.12+kde0-150600.3.3.1 (noarch) 0:5.15.12+kde0-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:5.15.12+kde1-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:128.1.0-150200.152.146.1 (aarch64|ppc64le|s390x|x86_64) 0:128-150200.9.16.1 (noarch) 0:128.1.0-150200.152.146.1 (noarch) 0:44.1.1-150400.9.9.1 (noarch) 0:67.7.2-150400.3.16.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.19-150300.4.49.1 (x86_64) 0:3.9.19-150300.4.49.1 (aarch64|ppc64le|s390x|x86_64) 0:1.26.15-150400.9.11.1 (noarch) 0:1.26.15-150400.9.11.1 (x86_64) 0:20240813-150200.44.1 (aarch64|ppc64le|s390x|x86_64) 0:1.28.13-150400.9.8.1 (noarch) 0:1.28.13-150400.9.8.1 (aarch64|ppc64le|s390x|x86_64) 0:1.27.16-150400.9.10.1 (noarch) 0:1.27.16-150400.9.10.1 (aarch64|ppc64le|s390x|x86_64) 0:0.8.0-150500.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.14.6-150600.3.3.1 (noarch) 0:1.14.6-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.1.4-150600.5.15.1 (x86_64) 0:3.1.4-150600.5.15.1 (noarch) 0:3.1.4-150600.5.15.1 (aarch64|ppc64le|s390x|x86_64) 0:8.4-150500.4.26.1 (noarch) 0:2.44.3-150600.12.9.1 (aarch64|ppc64le|s390x|x86_64) 0:2.44.3-150600.12.9.1 (x86_64) 0:2.44.3-150600.12.9.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.3-150400.10.24.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.0-150600.23.6.1 (noarch) 0:1.20.0-150600.23.6.1 (aarch64|ppc64le|s390x|x86_64) 0:115.14.0-150200.8.174.1 (aarch64|x86_64) 0:4.18.3_02-150600.3.6.1 (x86_64) 0:4.18.3_02-150600.3.6.1 (noarch) 0:4.18.3_02-150600.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.2-150200.11.57.1 (x86_64) 0:3.4.2-150200.11.57.1 (aarch64|ppc64le|s390x|x86_64) 0:4.6.0-150600.3.3.1 (x86_64) 0:4.6.0-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.3.15-150200.65.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.2p-150000.3.94.1 (x86_64) 0:1.0.2p-150000.3.94.1 (noarch) 0:1.0.2p-150000.3.94.1 (aarch64|ppc64le|s390x|x86_64) 0:25.0.6_ce-150000.207.1 (noarch) 0:25.0.6_ce-150000.207.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.422-150200.3.48.2 (noarch) 0:1.8.0.422-150200.3.48.2 (aarch64|ppc64le|s390x|x86_64) 0:1.35.4-150500.3.10.1 (aarch64|ppc64le|s390x|x86_64) 0:12.20-150200.8.63.1 (noarch) 0:12.20-150200.8.63.1 (aarch64|ppc64le|s390x|x86_64) 0:1.26.15-150400.9.14.1 (noarch) 0:1.26.15-150400.9.14.1 (noarch) 0:23.2.1-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:128.2.0-150200.152.149.1 (noarch) 0:128.2.0-150200.152.149.1 (aarch64|ppc64le|s390x|x86_64) 0:15.8-150600.16.6.1 (noarch) 0:15.8-150600.16.6.1 (aarch64|ppc64le|s390x|x86_64) 0:16.4-150600.16.5.1 (x86_64) 0:16.4-150600.16.5.1 (noarch) 0:16.4-150600.16.5.1 (aarch64|ppc64le|s390x|x86_64) 0:14.13-150600.16.6.1 (noarch) 0:14.13-150600.16.6.1 (noarch) 0:4.2.11-150600.3.9.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr8.30-150000.3.92.1 (x86_64) 0:1.8.0_sr8.30-150000.3.92.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4.1-150200.3.24.1 (aarch64|ppc64le|s390x|x86_64) 0:4.2.6-150600.18.6.1 (aarch64|ppc64le|s390x|x86_64) 0:13.16-150200.5.61.1 (noarch) 0:13.16-150200.5.61.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.58-150600.5.23.1 (noarch) 0:2.4.58-150600.5.23.1 (aarch64|x86_64) 0:6.4.0-150600.8.11.1 (x86_64) 0:6.4.0-150600.8.11.1 (noarch) 0:6.4.0-150600.8.11.1 (x86_64) 0:6.4.0-150600.10.8.3 (noarch) 0:6.4.0-150600.10.8.3 (x86_64) 0:6.4.0-150600.10.8.1 (aarch64|ppc64le|s390x|x86_64) 0:8.6.0-150600.4.6.1 (x86_64) 0:8.6.0-150600.4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.22.7-150000.1.27.1 (aarch64|ppc64le|s390x|x86_64) 0:1.23.1-150000.1.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.4-150400.3.22.1 (x86_64) 0:2.4.4-150400.3.22.1 (aarch64|ppc64le|s390x|x86_64) 0:1.10.4-150600.3.3.2 (x86_64) 0:1.10.4-150600.3.3.2 (aarch64|ppc64le|s390x|x86_64) 0:1.4.6-150600.3.3.1 (noarch) 0:1.4.6-150600.3.3.1 (x86_64) 0:1.4.6-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.7.21-150000.117.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.14-150000.70.1 (aarch64|ppc64le|s390x|x86_64) 0:4.2.7-150600.18.11.1 (noarch) 0:5.0.9-150000.3.124.1 (aarch64|ppc64le|s390x|x86_64) 0:0.1-150100.4.20.1 (aarch64|ppc64le|s390x|x86_64) 0:2.45.6-150100.4.20.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4-150600.13.13.1 (x86_64) 0:4.4-150600.13.13.1 (aarch64|ppc64le|s390x|x86_64) 0:3.12.6-150600.3.6.1 (x86_64) 0:3.12.6-150600.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:0.103.12-150600.18.3.1 (x86_64) 0:20240910-150200.47.1 (x86_64) 0:6.4.0-150600.10.11.2 (noarch) 0:6.4.0-150600.10.11.2 (x86_64) 0:6.4.0-150600.10.11.1 (aarch64|ppc64le|s390x|x86_64) 0:1.24.17-150500.3.22.1 (noarch) 0:1.24.17-150500.3.22.1 (aarch64|ppc64le|s390x|x86_64) 0:1.25.16-150400.9.16.1 (noarch) 0:1.25.16-150400.9.16.1 (noarch) 0:1.15.0-150400.11.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.10-150600.7.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.10.15-150400.4.57.1 (x86_64) 0:3.10.15-150400.4.57.1 (aarch64) 0:6.4.0-150600.23.22.1 (aarch64|ppc64le|s390x|x86_64) 0:6.4.0-150600.23.22.1 (ppc64le|x86_64) 0:6.4.0-150600.23.22.1 (x86_64) 0:6.4.0-150600.23.22.1 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.22.1.150600.12.8.3 (noarch) 0:6.4.0-150600.23.22.1 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.22.1 (s390x) 0:6.4.0-150600.23.22.1 (aarch64|x86_64) 0:0.10.0+0-150500.3.6.1 (noarch) 0:0.10.0+0-150500.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.20-150300.4.52.1 (x86_64) 0:3.9.20-150300.4.52.1 (aarch64|x86_64) 0:4.18.3_04-150600.3.9.1 (x86_64) 0:4.18.3_04-150600.3.9.1 (noarch) 0:4.18.3_04-150600.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:3.11.10-150600.3.6.1 (x86_64) 0:3.11.10-150600.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6.3-150000.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:0.22.0-150600.11.3.1 (x86_64) 0:0.22.0-150600.11.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.24.17-150500.3.24.1 (noarch) 0:1.24.17-150500.3.24.1 (aarch64|ppc64le|s390x|x86_64) 0:1.28.13-150400.9.10.1 (noarch) 0:1.28.13-150400.9.10.1 (aarch64|ppc64le|s390x|x86_64) 0:1.27.16-150400.9.12.1 (noarch) 0:1.27.16-150400.9.12.1 (aarch64|ppc64le|s390x|x86_64) 0:1.26.15-150400.9.16.1 (noarch) 0:1.26.15-150400.9.16.1 (aarch64|ppc64le|s390x|x86_64) 0:1.25.16-150400.9.18.1 (noarch) 0:1.25.16-150400.9.18.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.15-150300.10.72.1 (x86_64) 0:3.6.15-150300.10.72.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.1-150400.12.8.1 (aarch64|ppc64le|s390x|x86_64) 0:3.1.4-150600.5.18.1 (x86_64) 0:3.1.4-150600.5.18.1 (noarch) 0:3.1.4-150600.5.18.1 (aarch64|ppc64le|s390x|x86_64) 0:2.6.8-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.31-150600.10.3.1 (aarch64|ppc64le|s390x|x86_64) 0:128.2.3-150200.8.177.1 (aarch64|ppc64le|s390x|x86_64) 0:128.3.0-150200.152.152.1 (noarch) 0:128.3.0-150200.152.152.1 (aarch64|ppc64le|s390x|x86_64) 0:1.25.0-150200.3.16.1 (aarch64|ppc64le|s390x|x86_64) 0:6.2.0-150600.3.6.1 (noarch) 0:6.2.0-150600.3.6.1 (aarch64|ppc64le|x86_64) 0:6.2.0-150600.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:7.2.4-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:7.0.8-150600.8.3.1 (aarch64|ppc64le|s390x|x86_64) 0:115.4.0-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:23.3.4-150600.83.3.1 (x86_64) 0:23.3.4-150600.83.3.1 (aarch64|ppc64le|x86_64) 0:23.3.4-150600.83.3.1 (aarch64) 0:23.3.4-150600.83.3.1 (aarch64|x86_64) 0:23.3.4-150600.83.3.1 (aarch64|ppc64le|x86_64) 0:1.0.0-150600.83.3.1 (noarch) 0:2.4-150200.3.7.1 (aarch64|ppc64le|s390x|x86_64) 0:1.35.4-150500.3.13.1 (aarch64|ppc64le|s390x|x86_64) 0:4.9.5-150500.3.18.1 (noarch) 0:4.9.5-150500.3.18.1 (aarch64|ppc64le|s390x|x86_64) 0:0.9.6-150300.3.15.1 (aarch64|x86_64) 0:6.4.0-150600.8.14.1 (x86_64) 0:6.4.0-150600.8.14.1 (noarch) 0:6.4.0-150600.8.14.1 (aarch64|ppc64le|s390x|x86_64) 0:78.15.0-150400.3.6.2 (aarch64) 0:6.4.0-150600.23.25.1 (aarch64|ppc64le|s390x|x86_64) 0:6.4.0-150600.23.25.1 (ppc64le|x86_64) 0:6.4.0-150600.23.25.1 (x86_64) 0:6.4.0-150600.23.25.1 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.25.1.150600.12.10.2 (noarch) 0:6.4.0-150600.23.25.2 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.25.1 (noarch) 0:6.4.0-150600.23.25.1 (aarch64|ppc64le|s390x|x86_64) 0:6.4.0-150600.23.25.2 (s390x) 0:6.4.0-150600.23.25.1 (x86_64) 0:6.4.0-150600.10.14.1 (noarch) 0:6.4.0-150600.10.14.1 (aarch64|ppc64le|s390x|x86_64) 0:24.8.1.2-150500.20.11.2 (noarch) 0:24.8.1.2-150500.20.11.2 (noarch) 0:2.31.0-150400.6.15.1 (aarch64|ppc64le|s390x|x86_64) 0:128.3.1-150200.152.155.1 (noarch) 0:128.3.1-150200.152.155.1 (aarch64|ppc64le|s390x|x86_64) 0:4.2.8-150600.18.14.1 (aarch64|ppc64le|s390x|x86_64) 0:128.3.0-150200.8.182.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.8-150600.3.5.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.0-150600.23.9.1 (noarch) 0:1.20.0-150600.23.9.1 (aarch64|ppc64le|s390x|x86_64) 0:3.5.12-150000.7.6.1 (aarch64|ppc64le|s390x|x86_64) 0:3.7.2-150600.3.6.1 (x86_64) 0:3.7.2-150600.3.6.1 (noarch) 0:0.35.1-150600.3.3.1 (noarch) 0:9.4.56-150200.3.28.1 (aarch64|ppc64le|s390x|x86_64) 0:1.35.4-150500.3.16.1 (aarch64|ppc64le|s390x|x86_64) 0:8.2.24-150600.3.6.1 (noarch) 0:8.2.24-150600.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:128.3.1-150200.8.185.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4.33-150400.4.40.1 (aarch64|ppc64le|s390x|x86_64) 0:4.9.5-150500.3.25.1 (noarch) 0:4.9.5-150500.3.25.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.58-150600.5.26.1 (noarch) 0:2.4.58-150600.5.26.1 (aarch64|ppc64le|s390x|x86_64) 0:25.1-150600.16.7.1 (x86_64) 0:25.1-150600.16.7.1 (aarch64|ppc64le|s390x|x86_64) 0:4.25.1-150600.16.7.1 (aarch64|ppc64le|s390x|x86_64) 0:0.10.3~git0.ee7d7ef-150600.3.3.1 (noarch) 0:2.46.0-150600.12.12.1 (aarch64|ppc64le|s390x|x86_64) 0:2.46.0-150600.12.12.1 (x86_64) 0:2.46.0-150600.12.12.1 (aarch64|ppc64le|s390x|x86_64) 0:4.9.5-150500.3.28.1 (noarch) 0:4.9.5-150500.3.28.1 (aarch64|ppc64le|s390x|x86_64) 0:1.35.4-150500.3.19.1 (aarch64|ppc64le|s390x|x86_64) 0:1.21.13.1-150600.16.3.1 (noarch) 0:8.5-150600.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:21.1.11-150600.5.3.1 (aarch64|ppc64le|s390x|x86_64) 0:24.1.1-150600.5.6.1 (noarch) 0:2.3.6-150400.6.12.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.10~git18.20ce9289-150600.8.10.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.19.1-150400.8.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.25.0-150200.3.19.2 (aarch64|ppc64le|s390x|x86_64) 0:1.16.1-150000.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.5.9-150000.4.32.1 (noarch) 0:2.5.9-150000.4.32.1 (aarch64|ppc64le|s390x|x86_64) 0:11.0.25.0-150000.3.119.1 (noarch) 0:11.0.25.0-150000.3.119.1 (noarch) 0:2.1.2-150400.12.7.1 (aarch64|ppc64le|s390x|x86_64) 0:5.1.4-150000.3.32.1 (aarch64|ppc64le|s390x|x86_64) 0:5.1.4-150000.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.15-150300.10.75.1 (x86_64) 0:3.6.15-150300.10.75.1 (aarch64|ppc64le|s390x|x86_64) 0:128.4.0-150200.152.158.1 (noarch) 0:128.4.0-150200.152.158.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.1w-150600.5.9.1 (x86_64) 0:1.1.1w-150600.5.9.1 (noarch) 0:1.1.1w-150600.5.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.14.51-150600.4.3.1 (noarch) 0:1.14.51-150600.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4.1-150200.3.27.1 (aarch64|ppc64le|s390x|x86_64) 0:3.10.15-150400.4.60.1 (x86_64) 0:3.10.15-150400.4.60.1 (aarch64|ppc64le|s390x|x86_64) 0:8.6.0-150600.4.12.1 (x86_64) 0:8.6.0-150600.4.12.1 (aarch64|ppc64le|s390x|x86_64) 0:1.23.2.2-150600.13.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.22.7.1-150600.13.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.7.2-150600.3.9.1 (x86_64) 0:3.7.2-150600.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:9.52-150000.200.1 (aarch64|ppc64le|s390x|x86_64) 0:3.1.4-150600.5.21.1 (x86_64) 0:3.1.4-150600.5.21.1 (noarch) 0:3.1.4-150600.5.21.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.20-150300.4.55.2 (x86_64) 0:3.9.20-150300.4.55.2 (aarch64|ppc64le|s390x|x86_64) 0:3.9.20-150300.4.55.1 (x86_64) 0:3.9.20-150300.4.55.1 (aarch64|ppc64le|s390x|x86_64) 0:21.0.5.0-150600.3.6.3 (noarch) 0:21.0.5.0-150600.3.6.3 (aarch64|ppc64le|s390x|x86_64) 0:3.11.10-150600.3.9.2 (x86_64) 0:3.11.10-150600.3.9.2 (aarch64|ppc64le|s390x|x86_64) 0:3.11.10-150600.3.9.3 (aarch64|ppc64le|s390x|x86_64) 0:3.12.7-150600.3.9.1 (x86_64) 0:3.12.7-150600.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.12.0-150400.3.14.1 (x86_64) 0:1.12.0-150400.3.14.1 (aarch64|ppc64le|s390x|x86_64) 0:17.0.13.0-150400.3.48.2 (noarch) 0:17.0.13.0-150400.3.48.2 (aarch64|ppc64le|s390x|x86_64) 0:4.1.1-150400.3.8.1 (noarch) 0:3.16.0-150200.3.9.2 (noarch) 0:6.10.0-150200.11.6.2 (noarch) 0:82-150200.3.10.1 (noarch) 0:3.10.6-150200.3.13.2 (noarch) 0:2.7.3-150200.11.7.1 (noarch) 0:2.12.2-150200.3.10.2 (aarch64|x86_64) 0:6.4.0-150600.8.17.2 (x86_64) 0:6.4.0-150600.8.17.2 (noarch) 0:6.4.0-150600.8.17.1 (aarch64|x86_64) 0:6.4.0-150600.8.17.1 (x86_64) 0:6.4.0-150600.10.17.1 (noarch) 0:6.4.0-150600.10.17.1 (aarch64|ppc64le|s390x|x86_64) 0:4.1.1-150400.10.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.8-150000.1.23.3 (aarch64|ppc64le|s390x|x86_64) 0:0.16.0-150000.3.21.4 (noarch) 0:5.0.10-150000.3.127.3 (aarch64|ppc64le|s390x|x86_64) 0:0.6.0-150000.1.17.4 (aarch64|ppc64le|s390x|x86_64) 0:2.4.4-150400.3.25.1 (x86_64) 0:2.4.4-150400.3.25.1 (noarch) 0:4.5.14-150200.3.9.1 (noarch) 0:4.4.14-150200.3.9.1 (noarch) 0:1.2.0-150200.11.3.1 (noarch) 0:1.4.21-150200.3.28.1 (aarch64|ppc64le|s390x|x86_64) 0:128.4.3-150200.8.188.1 (x86_64) 0:20241112-150200.50.1 (aarch64|ppc64le|s390x|x86_64) 0:6.3.4-150200.3.15.1 (noarch) 0:6.3.4-150200.3.15.1 (noarch) 0:1.18-150200.4.10.2 (noarch) 0:2.10-150200.3.10.2 (noarch) 0:2.10-150200.13.10.1 (aarch64|ppc64le|s390x|x86_64) 0:17.2-150600.13.5.1 (x86_64) 0:17.2-150600.13.5.1 (noarch) 0:17-150600.17.6.1 (aarch64|ppc64le|s390x|x86_64) 0:16.6-150600.16.10.1 (noarch) 0:16.6-150600.16.10.1 (noarch) 0:17.2-150600.13.5.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.3-150400.10.27.1 (noarch) 0:2.46.3-150600.12.16.1 (aarch64|ppc64le|s390x|x86_64) 0:2.46.3-150600.12.16.1 (x86_64) 0:2.46.3-150600.12.16.1 (aarch64|ppc64le|s390x|x86_64) 0:128.5.0-150200.152.161.1 (noarch) 0:128.5.0-150200.152.161.1 (aarch64|ppc64le|s390x|x86_64) 0:3.23.8-150600.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:8.5.6-150500.4.30.1 (noarch) 0:20.22.0-150400.9.6.1 (aarch64|ppc64le|s390x|x86_64) 0:8.2.7-150600.3.20.1 (noarch) 0:8.2.7-150600.3.20.1 (noarch) 0:8.2.71.16.3_3_ga95067eb-150600.3.20.1 (aarch64|ppc64le|s390x|x86_64) 0:15.10-150600.16.9.1 (noarch) 0:15.10-150600.16.9.1 (aarch64|ppc64le|s390x|x86_64) 0:12.22-150200.8.66.1 (noarch) 0:12.22-150200.8.66.1 (noarch) 0:10.1.33-150200.5.28.1 (noarch) 0:9.0.97-150200.71.1 (aarch64|ppc64le|s390x|x86_64) 0:1.44.2-150500.3.5.1 (x86_64) 0:1.44.2-150500.3.5.1 (aarch64|ppc64le|s390x|x86_64) 0:14.15-150600.16.9.1 (noarch) 0:14.15-150600.16.9.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.20-150300.4.58.1 (x86_64) 0:3.9.20-150300.4.58.1 (aarch64|ppc64le|s390x|x86_64) 0:8.2.26-150600.3.9.1 (noarch) 0:8.2.26-150600.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:6.3.2-150400.9.6.1 (aarch64|ppc64le|s390x|x86_64) 0:4.2.9-150600.18.17.1 (noarch) 0:20.17.1-150600.3.5.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.3-150600.19.9.1 (noarch) 0:1.20.3-150600.19.9.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4.33-150400.4.43.1 (aarch64|ppc64le|s390x|x86_64) 0:128.5.0-150200.8.191.1 (aarch64|ppc64le|s390x|x86_64) 0:2.7.18-150000.68.1 (x86_64) 0:2.7.18-150000.68.1 (noarch) 0:2.7.18-150000.68.1 (aarch64|ppc64le|s390x|x86_64) 0:0.12.6-150600.3.3.1 (x86_64) 0:0.12.6-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.10.15-150400.4.63.1 (x86_64) 0:3.10.15-150400.4.63.1 (aarch64|ppc64le|s390x|x86_64) 0:6.4.0-150600.19.6.1 (aarch64|x86_64) 0:4.18.3_06-150600.3.12.1 (x86_64) 0:4.18.3_06-150600.3.12.1 (noarch) 0:4.18.3_06-150600.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:13.18-150200.5.64.1 (noarch) 0:13.18-150200.5.64.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.15-150300.10.78.1 (x86_64) 0:3.6.15-150300.10.78.1 (noarch) 0:0.0.9-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.8-150600.15.6.1 (noarch) 0:0.8-150600.15.6.1 (x86_64) 0:0.8-150600.15.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.432-150000.3.100.1 (noarch) 0:1.8.0.432-150000.3.100.1 (aarch64|ppc64le|s390x|x86_64) 0:24.0.9_ce-150000.1.5.1 (noarch) 0:24.0.9_ce-150000.1.5.1 (noarch) 0:0.5.4-150100.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:3.16.3-150000.1.38.1 (noarch) 0:3.16.3-150000.1.38.1 (noarch) 0:2.78.6-150600.4.8.1 (aarch64|ppc64le|s390x|x86_64) 0:2.78.6-150600.4.8.1 (x86_64) 0:2.78.6-150600.4.8.1 (noarch) 0:20241128-150600.3.9.1 (noarch) 0:4.2.11-150600.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:20.18.1-150600.3.6.1 (noarch) 0:20.18.1-150600.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:8.6.0-150600.4.15.1 (x86_64) 0:8.6.0-150600.4.15.1 (aarch64|ppc64le|s390x|x86_64) 0:2.74.3-150600.4.3.1 (x86_64) 0:2.74.3-150600.4.3.1 (noarch) 0:2.74.3-150600.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.12.8-150600.3.12.1 (x86_64) 0:3.12.8-150600.3.12.1 (noarch) 0:2.46.3-150600.12.21.1 (aarch64|ppc64le|s390x|x86_64) 0:2.46.3-150600.12.21.1 (x86_64) 0:2.46.3-150600.12.21.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.0-150600.20.6.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr8.35-150000.3.95.1 (x86_64) 0:1.8.0_sr8.35-150000.3.95.1 (x86_64) 0:6.4.0-150600.10.20.1 (noarch) 0:6.4.0-150600.10.20.1 (aarch64|x86_64) 0:6.4.0-150600.8.20.1 (x86_64) 0:6.4.0-150600.8.20.1 (noarch) 0:6.4.0-150600.8.20.1 (aarch64) 0:6.4.0-150600.23.30.1 (aarch64|ppc64le|s390x|x86_64) 0:6.4.0-150600.23.30.1 (ppc64le|x86_64) 0:6.4.0-150600.23.30.1 (x86_64) 0:6.4.0-150600.23.30.1 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.30.1.150600.12.12.6 (noarch) 0:6.4.0-150600.23.30.1 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.30.1 (s390x) 0:6.4.0-150600.23.30.1 (aarch64|ppc64le|s390x|x86_64) 0:128.5.1-150200.152.164.1 (noarch) 0:128.5.1-150200.152.164.1 (aarch64|ppc64le|s390x|x86_64) 0:128.5.2-150200.8.194.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.3-150400.10.30.1 (aarch64|ppc64le|s390x|x86_64) 0:0.5.3-150000.1.12.1 (aarch64|ppc64le|s390x|x86_64) 0:9.1.0836-150500.20.15.1 (noarch) 0:9.1.0836-150500.20.15.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.4-150600.3.3.1 (x86_64) 0:3.4.4-150600.3.3.1 (noarch) 0:3.4.4-150600.3.3.1 (noarch) 0:1.26.18-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:26.1.5_ce-150000.212.1 (noarch) 0:26.1.5_ce-150000.212.1 (aarch64|ppc64le|s390x|x86_64) 0:1.14.1-150400.5.3.1 (noarch) 0:1.14.1-150400.5.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.8.11+git0.01c1056a4-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:24.0.9_ce-150000.1.8.1 (noarch) 0:24.0.9_ce-150000.1.8.1 (aarch64|ppc64le|s390x|x86_64) 0:27.2-150400.3.20.2 (noarch) 0:27.2-150400.3.20.2 (aarch64|ppc64le|s390x|x86_64) 0:1.60.1-150600.16.8.1 (aarch64|ppc64le|s390x|x86_64) 0:1.60.0-150600.15.3.1 (noarch) 0:1.60.0-150600.15.3.1 (noarch) 0:4.0.5-150200.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:4.1.115-150200.4.26.1 (noarch) 0:4.1.115-150200.4.26.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.69-150200.3.22.1 (noarch) 0:2.0.69-150200.3.22.1 (aarch64|ppc64le|s390x|x86_64) 0:115.4.0-150600.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:78.15.0-150400.3.11.1 (aarch64|ppc64le|s390x|x86_64) 0:14.2-150400.15.20.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2-150600.17.3.1 (aarch64|ppc64le|s390x|x86_64) 0:24.03.0-150600.3.5.1 (x86_64) 0:24.03.0-150600.3.5.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.32-150000.3.17.1 (aarch64|ppc64le|s390x|x86_64) 0:20250116.00-150000.1.57.1 (aarch64|ppc64le|s390x|x86_64) 0:20250115.01-150000.1.47.1 (aarch64|ppc64le|s390x|x86_64) 0:3.17.2-150000.1.44.1 (noarch) 0:3.17.2-150000.1.44.1 (noarch) 0:20.1.0-150400.12.9.1 (aarch64|ppc64le|s390x|x86_64) 0:10.4.15-150200.3.67.1 (aarch64|ppc64le|s390x|x86_64) 0:8.2.28-150600.3.16.1 (noarch) 0:8.2.28-150600.3.16.1 (aarch64|ppc64le|s390x|x86_64) 0:1.35.5-150500.3.34.1 (noarch) 0:2.58.0-150400.14.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2.50-150100.6.12.1 (noarch) 0:2.10.0-150200.3.3.1 (noarch) 0:10.1.39-150200.5.36.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4.33-150400.4.48.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.8b-150600.13.6.1 (noarch) 0:1.3.8b-150600.13.6.1 (noarch) 0:0.3.0-150200.5.9.1 (aarch64|ppc64le|s390x|x86_64) 0:4.9.5-150500.3.40.1 (noarch) 0:4.9.5-150500.3.40.1 (aarch64|ppc64le|s390x|x86_64) 0:26.2.1-150300.7.8.1 (aarch64|ppc64le|s390x|x86_64) 0:5.9.1-150400.3.6.1 (noarch) 0:5.9.1-150400.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.14.4-150300.11.22.1 (noarch) 0:1.14.4-150300.11.22.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.15-150300.10.84.1 (x86_64) 0:3.6.15-150300.10.84.1 (aarch64|ppc64le|s390x|x86_64) 0:27.5.1_ce-150000.218.1 (noarch) 0:27.5.1_ce-150000.218.1 (aarch64|ppc64le|s390x|x86_64) 0:24.0.9_ce-150000.1.15.1 (noarch) 0:24.0.9_ce-150000.1.15.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.6-150300.12.13.1 (x86_64) 0:2.4.6-150300.12.13.1 (aarch64|x86_64) 0:4.6.0-150500.6.34.1 (noarch) 0:4.6.0-150500.6.34.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.34-150400.3.6.1 (x86_64) 0:1.1.34-150400.3.6.1 (noarch) 0:9.0.102-150200.78.1 (aarch64|ppc64le|s390x|x86_64) 0:9.52-150000.203.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.42-150600.3.4.1 (aarch64|ppc64le|s390x|x86_64) 0:3.1.7-150600.5.3.2 (noarch) 0:3.1.7-150600.5.3.2 (x86_64) 0:3.1.7-150600.5.3.2 (aarch64|ppc64le|s390x|x86_64) 0:5.4.1-150600.3.3.1 (x86_64) 0:5.4.1-150600.3.3.1 (noarch) 0:5.4.1-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:128.9.0-150200.152.176.1 (noarch) 0:128.9.0-150200.152.176.1 (aarch64|ppc64le|s390x|x86_64) 0:1.23.8-150000.1.27.1 (aarch64|ppc64le|s390x|x86_64) 0:20250327.01-150000.1.60.1 (noarch) 0:2.48.0-150600.12.33.1 (aarch64|ppc64le|s390x|x86_64) 0:2.48.0-150600.12.33.1 (x86_64) 0:2.48.0-150600.12.33.1 (noarch) 0:2.18.0-150200.3.15.1 (aarch64|ppc64le|s390x|x86_64) 0:1.24.2-150000.1.17.1 (aarch64|ppc64le|s390x|x86_64) 0:128.9.0-150200.8.206.1 (aarch64|ppc64le|s390x|x86_64) 0:2.43.0-150600.3.9.1 (noarch) 0:2.43.0-150600.3.9.1 (aarch64|x86_64) 0:4.18.4_06-150600.3.20.1 (x86_64) 0:4.18.4_06-150600.3.20.1 (noarch) 0:4.18.4_06-150600.3.20.1 (aarch64|ppc64le|s390x|x86_64) 0:5.2.2-150000.4.16.1 (x86_64) 0:5.2.2-150000.4.16.1 (aarch64|x86_64) 0:6.4.0-150600.8.23.1 (x86_64) 0:6.4.0-150600.8.23.1 (noarch) 0:6.4.0-150600.8.23.1 (aarch64|x86_64) 0:6.4.0-150600.8.34.2 (x86_64) 0:6.4.0-150600.8.34.2 (noarch) 0:6.4.0-150600.8.34.2 (aarch64|x86_64) 0:6.4.0-150600.8.34.1 (x86_64) 0:6.4.0-150600.10.34.1 (noarch) 0:6.4.0-150600.10.34.1 (aarch64) 0:6.4.0-150600.23.47.2 (aarch64|ppc64le|s390x|x86_64) 0:6.4.0-150600.23.47.2 (aarch64) 0:6.4.0-150600.23.47.1 (ppc64le|x86_64) 0:6.4.0-150600.23.47.2 (x86_64) 0:6.4.0-150600.23.47.2 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.47.2.150600.12.20.2 (noarch) 0:6.4.0-150600.23.47.1 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.47.2 (noarch) 0:6.4.0-150600.23.47.2 (aarch64|ppc64le|s390x|x86_64) 0:6.4.0-150600.23.47.1 (s390x) 0:6.4.0-150600.23.47.2 (aarch64|ppc64le|s390x|x86_64) 0:20200314-150200.3.9.1 (noarch) 0:20200314-150200.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:2.7.1-150400.3.28.1 (x86_64) 0:2.7.1-150400.3.28.1 (noarch) 0:8.5-150600.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:2.8.11+git0.01c1056a4-150600.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:3.5.21-150000.7.12.1 (aarch64|ppc64le|s390x|x86_64) 0:2.3.8-150600.16.8.1 (aarch64|ppc64le|s390x|x86_64) 0:52.6.0-150000.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:78.15.0-150400.3.14.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.34-150000.3.11.1 (noarch) 0:2.48.1-150600.12.36.5 (aarch64|ppc64le|s390x|x86_64) 0:2.48.1-150600.12.36.5 (x86_64) 0:2.48.1-150600.12.36.5 (aarch64|ppc64le|s390x|x86_64) 0:1.3.10-150400.4.25.1 (aarch64|ppc64le|s390x|x86_64) 0:2.5.0-150400.3.27.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.0-150000.6.76.1 (x86_64) 0:1.3.0-150000.6.76.1 (noarch) 0:1.3.0-150000.6.76.1 (aarch64|ppc64le|s390x|x86_64) 0:115.4.0-150600.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:24.03.0-150600.3.10.1 (x86_64) 0:24.03.0-150600.3.10.1 (aarch64|ppc64le|s390x|x86_64) 0:1.7.27-150000.123.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.42-150600.3.7.1 (aarch64|ppc64le|s390x|x86_64) 0:26.2.1-150300.7.11.1 (aarch64|ppc64le|s390x|x86_64) 0:23.3.4.19-150300.3.20.1 (aarch64|ppc64le|s390x|x86_64) 0:60.9.0-150200.6.3.1 (aarch64|ppc64le|s390x|x86_64) 0:128.9.2-150200.8.209.1 (noarch) 0:2.78.6-150600.4.11.1 (aarch64|ppc64le|s390x|x86_64) 0:2.78.6-150600.4.11.1 (x86_64) 0:2.78.6-150600.4.11.1 (aarch64|ppc64le|s390x|x86_64) 0:2.5.9-150000.4.41.1 (noarch) 0:2.5.9-150000.4.41.1 (aarch64|ppc64le|s390x|x86_64) 0:6.15-150400.3.12.1 (aarch64|x86_64) 0:4.18.4_02-150600.3.15.2 (x86_64) 0:4.18.4_02-150600.3.15.2 (noarch) 0:4.18.4_02-150600.3.15.2 (aarch64|ppc64le|s390x|x86_64) 0:21.0.7.0-150600.3.12.1 (noarch) 0:21.0.7.0-150600.3.12.1 (noarch) 0:0.14.0-150400.9.6.1 (aarch64|ppc64le|s390x|x86_64) 0:7.0.8-150600.8.9.1 (aarch64|ppc64le|s390x|x86_64) 0:7.2.4-150600.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:24.03.0-150600.3.13.1 (x86_64) 0:24.03.0-150600.3.13.1 (aarch64|ppc64le|s390x|x86_64) 0:128.10.0-150200.152.179.1 (noarch) 0:128.10.0-150200.152.179.1 (aarch64|ppc64le|s390x|x86_64) 0:2.10.3-150500.5.26.1 (x86_64) 0:2.10.3-150500.5.26.1 (noarch) 0:2.10.3-150500.5.26.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.7-150000.3.79.1 (aarch64|ppc64le|s390x|x86_64) 0:0.11.0-150500.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.16.0-150600.3.6.1 (noarch) 0:1.16.0-150600.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.2-150200.11.60.1 (x86_64) 0:3.4.2-150200.11.60.1 (aarch64|ppc64le|s390x|x86_64) 0:3.49.1-150000.3.27.1 (x86_64) 0:3.49.1-150000.3.27.1 (noarch) 0:3.49.1-150000.3.27.1 (aarch64|ppc64le|s390x|x86_64) 0:3.8.11-150300.3.19.1 (aarch64|ppc64le|s390x|x86_64) 0:11.0.27.0-150000.3.125.1 (noarch) 0:11.0.27.0-150000.3.125.1 (aarch64|ppc64le|s390x|x86_64) 0:7.1.1.21-150600.3.3.1 (x86_64) 0:7.1.1.21-150600.3.3.1 (noarch) 0:7.1.1.21-150600.3.3.1 (noarch) 0:4.2.11-150600.3.15.1 (aarch64|ppc64le|s390x|x86_64) 0:17.0.15.0-150400.3.54.1 (noarch) 0:17.0.15.0-150400.3.54.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6.8-150000.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:3.1.0-150300.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.74.3-150600.4.6.1 (x86_64) 0:2.74.3-150600.4.6.1 (noarch) 0:2.74.3-150600.4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.4-150600.3.7.1 (x86_64) 0:3.4.4-150600.3.7.1 (noarch) 0:3.4.4-150600.3.7.1 (aarch64|ppc64le|s390x|x86_64) 0:128.10.0-150200.8.212.1 (aarch64|ppc64le|s390x|x86_64) 0:2.6.8-150600.3.17.1 (aarch64|ppc64le|s390x|x86_64) 0:3.1.7-150600.5.9.1 (noarch) 0:3.1.7-150600.5.9.1 (x86_64) 0:3.1.7-150600.5.9.1 (noarch) 0:9.0.104-150200.81.1 (noarch) 0:4.2.11-150600.3.21.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.452-150000.3.106.1 (noarch) 0:1.8.0.452-150000.3.106.1 (x86_64) 0:6.4.0-150600.10.23.1 (noarch) 0:6.4.0-150600.10.23.1 (aarch64|ppc64le|s390x|x86_64) 0:1.14.1-150600.3.3.1 (x86_64) 0:1.14.1-150600.3.3.1 (noarch) 0:10.1.40-150200.5.40.1 (aarch64) 0:6.4.0-150600.23.33.1 (aarch64|ppc64le|s390x|x86_64) 0:6.4.0-150600.23.33.1 (ppc64le|x86_64) 0:6.4.0-150600.23.33.1 (x86_64) 0:6.4.0-150600.23.33.1 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.33.1.150600.12.14.1 (noarch) 0:6.4.0-150600.23.33.1 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.33.1 (s390x) 0:6.4.0-150600.23.33.1 (aarch64|ppc64le|s390x|x86_64) 0:3.13.1-150600.13.8.1 (aarch64|ppc64le|s390x|x86_64) 0:3.1.4-150600.5.27.1 (x86_64) 0:3.1.4-150600.5.27.1 (noarch) 0:3.1.4-150600.5.27.1 (aarch64|ppc64le|s390x|x86_64) 0:1.24.3-150000.1.23.1 (aarch64|ppc64le|s390x|x86_64) 0:0.3.6-150000.3.12.1 (x86_64) 0:0.3.6-150000.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:3.2.7-150600.3.8.1 (aarch64|x86_64) 0:12.5.2-150600.3.12.1 (x86_64) 0:12.5.2-150600.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:8.0.2-150600.13.6.1 (noarch) 0:8.0.2-150600.13.6.1 (aarch64|ppc64le|s390x|x86_64) 0:0.10.3~git0.ee7d7ef-150600.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.10.30-150400.3.14.1 (noarch) 0:2.10.30-150400.3.14.1 (x86_64) 0:2.10.30-150400.3.14.1 (aarch64|ppc64le|s390x|x86_64) 0:0.21.1-150600.3.5.1 (x86_64) 0:0.21.1-150600.3.5.1 (aarch64|ppc64le|s390x|x86_64) 0:6.6-150600.3.3.1 (noarch) 0:6.6-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.8-150000.3.31.1 (aarch64|ppc64le|s390x|x86_64) 0:1.4.0-150600.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:3.17.3-150000.1.47.1 (noarch) 0:3.17.3-150000.1.47.1 (aarch64|ppc64le|s390x|x86_64) 0:7.0.8-150600.8.6.1 (aarch64) 0:6.4.0-150600.23.50.1 (aarch64|ppc64le|s390x|x86_64) 0:6.4.0-150600.23.50.1 (ppc64le|x86_64) 0:6.4.0-150600.23.50.1 (x86_64) 0:6.4.0-150600.23.50.1 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.50.1.150600.12.22.1 (noarch) 0:6.4.0-150600.23.50.1 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.50.1 (s390x) 0:6.4.0-150600.23.50.1 (aarch64|ppc64le|s390x|x86_64) 0:2.12-150600.8.27.1 (noarch) 0:2.12-150600.8.27.1 (s390x) 0:2.12-150600.8.27.1 (s390x) 0:2.31.0-150600.8.16.1 (s390x|x86_64) 0:2.31.0-150600.8.16.1 (noarch) 0:2.31.0-150600.8.16.1 (aarch64|ppc64le|s390x|x86_64) 0:7.2.4-150600.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:9.6p1-150600.6.26.1 (aarch64|ppc64le|s390x|x86_64) 0:17.5-150600.13.13.1 (x86_64) 0:17.5-150600.13.13.1 (noarch) 0:17.5-150600.13.13.1 (aarch64|ppc64le|s390x|x86_64) 0:6.3.2-150400.9.9.1 (x86_64) 0:20250512-150200.56.1 (aarch64|ppc64le|s390x|x86_64) 0:13.21-150600.14.8.1 (noarch) 0:13.21-150600.14.8.1 (aarch64|ppc64le|s390x|x86_64) 0:128.10.1-150200.8.215.1 (aarch64|ppc64le|s390x|x86_64) 0:14.18-150600.16.17.1 (noarch) 0:14.18-150600.16.17.1 (aarch64|ppc64le|s390x|x86_64) 0:41.0.3-150600.23.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2.0-150600.10.5.1 (aarch64|ppc64le|s390x|x86_64) 0:128.10.1-150200.152.182.1 (noarch) 0:128.10.1-150200.152.182.1 (aarch64|ppc64le|s390x|x86_64) 0:2.38-150600.14.32.1 (x86_64) 0:2.38-150600.14.32.1 (noarch) 0:2.38-150600.14.32.1 (aarch64|x86_64) 0:4.18.5_02-150600.3.23.1 (x86_64) 0:4.18.5_02-150600.3.23.1 (noarch) 0:4.18.5_02-150600.3.23.1 (noarch) 0:67.7.2-150400.3.19.1 (aarch64|x86_64) 0:6.4.0-150600.8.37.1 (x86_64) 0:6.4.0-150600.8.37.1 (noarch) 0:6.4.0-150600.8.37.1 (noarch) 0:67.6.1-150400.4.12.1 (aarch64|ppc64le|s390x|x86_64) 0:10.11.11-150600.4.10.1 (noarch) 0:10.11.11-150600.4.10.1 (noarch) 0:44.1.1-150300.7.12.1 (aarch64|ppc64le|s390x|x86_64) 0:3.1.5-150400.3.10.1 (noarch) 0:9.4.57-150200.3.31.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0-150400.9.6.1 (noarch) 0:2.48.2-150600.12.40.2 (aarch64|ppc64le|s390x|x86_64) 0:2.48.2-150600.12.40.2 (x86_64) 0:2.48.2-150600.12.40.2 (aarch64|ppc64le|s390x|x86_64) 0:15.13-150600.16.17.1 (noarch) 0:15.13-150600.16.17.1 (aarch64|ppc64le|s390x|x86_64) 0:22.05.11-150300.7.12.1 (noarch) 0:22.05.11-150300.7.12.1 (aarch64|ppc64le|s390x|x86_64) 0:23.02.7-150300.7.20.1 (noarch) 0:23.02.7-150300.7.20.1 (aarch64|ppc64le|s390x|x86_64) 0:23.02.7-150500.5.18.1 (noarch) 0:23.02.7-150500.5.18.1 (aarch64|ppc64le|s390x|x86_64) 0:24.11.5-150300.7.8.1 (noarch) 0:24.11.5-150300.7.8.1 (aarch64|ppc64le|s390x|x86_64) 0:16.9-150600.16.18.1 (noarch) 0:16.9-150600.16.18.1 (noarch) 0:68.1.2-150600.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:20221126-150500.3.11.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr8.45-150000.3.101.1 (x86_64) 0:1.8.0_sr8.45-150000.3.101.1 (aarch64|ppc64le|x86_64) 0:22.11.1-150600.3.9.1 (noarch) 0:22.11.1-150600.3.9.1 (aarch64|ppc64le|x86_64) 0:22.11.1_k6.4.0_150600.23.30-150600.3.9.1 (aarch64) 0:22.11.1-150600.3.9.1 (aarch64) 0:22.11.1_k6.4.0_150600.23.30-150600.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:2.74.3-150600.4.9.1 (x86_64) 0:2.74.3-150600.4.9.1 (noarch) 0:2.74.3-150600.4.9.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.10~git99.aa5d0ecbf-150600.8.20.1 (noarch) 0:44.1.1-150400.9.12.1 (aarch64|ppc64le|s390x|x86_64) 0:5.4.3-150400.3.3.1 (noarch) 0:5.4.3-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.4-150600.3.10.1 (x86_64) 0:3.4.4-150600.3.10.1 (noarch) 0:3.4.4-150600.3.10.1 (aarch64|ppc64le|s390x|x86_64) 0:128.10.2-150200.8.218.1 (aarch64|ppc64le|s390x|x86_64) 0:128.11.0-150200.152.185.1 (noarch) 0:128.11.0-150200.152.185.1 (noarch) 0:1.11.0-150200.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:8.6.0-150400.3.9.1 (x86_64) 0:8.6.0-150400.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:0.3.1-150000.1.18.2 (aarch64|ppc64le|s390x|x86_64) 0:3.2.9a-150600.3.5.1 (aarch64|ppc64le|s390x|x86_64) 0:1.24.4-150000.1.26.1 (aarch64|ppc64le|s390x|x86_64) 0:1.23.10-150000.1.34.1 (aarch64|ppc64le|s390x|x86_64) 0:22.15.1-150600.13.9.1 (noarch) 0:22.15.1-150600.13.9.1 (aarch64|ppc64le|s390x|x86_64) 0:0.28-150600.19.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.890.0-150000.3.11.1 (aarch64|ppc64le|s390x|x86_64) 0:1.36.5-150400.3.9.1 (noarch) 0:1.36.5-150400.3.9.1 (x86_64) 0:1.36.5-150400.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:12.0.2-150000.3.37.1 (aarch64|ppc64le|s390x|x86_64) 0:1.23.17-150500.3.21.1 (noarch) 0:1.23.17-150500.3.21.1 (aarch64|ppc64le|s390x|x86_64) 0:1.24.17-150500.3.28.1 (noarch) 0:1.24.17-150500.3.28.1 (aarch64|ppc64le|s390x|x86_64) 0:1.31.9-150600.13.10.1 (noarch) 0:1.31.9-150600.13.10.1 (aarch64|ppc64le|s390x|x86_64) 0:128.11.0-150200.8.221.1 (noarch) 0:4.2.11-150600.3.24.1 (aarch64|ppc64le|s390x|x86_64) 0:2.3.8-150600.16.11.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.452-150200.3.54.2 (noarch) 0:1.8.0.452-150200.3.54.2 (aarch64|ppc64le|s390x|x86_64) 0:4.3.6.P1-150000.6.22.1 (x86_64) 0:6.4.0-150600.10.39.1 (noarch) 0:6.4.0-150600.10.39.1 (aarch64|x86_64) 0:6.4.0-150600.8.40.1 (x86_64) 0:6.4.0-150600.8.40.1 (noarch) 0:6.4.0-150600.8.40.1 (aarch64|ppc64le|s390x|x86_64) 0:4.2.12-150600.18.23.1 (aarch64|ppc64le|s390x|x86_64) 0:24.1.1-150600.5.12.1 (aarch64|ppc64le|s390x|x86_64) 0:21.1.11-150600.5.12.1 (aarch64|ppc64le|s390x|x86_64) 0:1.9.1-150100.3.35.2 (aarch64|ppc64le|s390x|x86_64) 0:0.26.0-150000.1.27.1 (aarch64|ppc64le|s390x|x86_64) 0:0.1-150100.4.26.2 (aarch64|ppc64le|s390x|x86_64) 0:2.53.4-150100.4.26.2 (aarch64|ppc64le|s390x|x86_64) 0:11.5.5-150200.3.72.2 (aarch64|ppc64le|s390x|x86_64) 0:0.26.0-150100.4.25.2 (aarch64) 0:6.4.0-150600.23.53.1 (aarch64|ppc64le|s390x|x86_64) 0:6.4.0-150600.23.53.1 (ppc64le|x86_64) 0:6.4.0-150600.23.53.1 (x86_64) 0:6.4.0-150600.23.53.1 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.53.1.150600.12.24.1 (noarch) 0:6.4.0-150600.23.53.1 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.53.1 (s390x) 0:6.4.0-150600.23.53.1 (aarch64|ppc64le|s390x|x86_64) 0:45.0.1-150600.6.8.1 (noarch) 0:45.0.1-150600.6.8.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.0-150000.6.83.1 (x86_64) 0:1.3.0-150000.6.83.1 (noarch) 0:1.3.0-150000.6.83.1 (aarch64|ppc64le|s390x|x86_64) 0:2.14.0-150400.9.9.1 (aarch64|ppc64le|s390x|x86_64) 0:4.6.2-150000.5.8.1 (aarch64|ppc64le|s390x|x86_64) 0:0.6.10-150600.16.8.1 (x86_64) 0:0.6.10-150600.16.8.1 (noarch) 0:0.6.10-150600.16.8.1 (aarch64|ppc64le|s390x|x86_64) 0:5.26.1-150300.17.20.1 (x86_64) 0:5.26.1-150300.17.20.1 (noarch) 0:5.26.1-150300.17.20.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.4-150400.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:3.1.11.1-150500.11.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.26-150400.3.5.1 (aarch64|ppc64le|s390x|x86_64) 0:20.19.2-150600.3.12.1 (noarch) 0:20.19.2-150600.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:3.10.18-150400.4.82.1 (x86_64) 0:3.10.18-150400.4.82.1 (aarch64|ppc64le|s390x|x86_64) 0:3.12.11-150600.3.30.1 (x86_64) 0:3.12.11-150600.3.30.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.23-150300.4.75.1 (x86_64) 0:3.9.23-150300.4.75.1 (aarch64|ppc64le|s390x|x86_64) 0:3.11.13-150600.3.30.1 (x86_64) 0:3.11.13-150600.3.30.1 (aarch64|ppc64le|s390x|x86_64) 0:1.24.0-150600.3.7.1 (x86_64) 0:1.24.0-150600.3.7.1 (noarch) 0:1.24.0-150600.3.7.1 (aarch64|ppc64le|s390x|x86_64) 0:2.8.3-150400.9.27.1 (aarch64|x86_64) 0:565.57.01-150600.3.29.2 (aarch64) 0:550.144.03-150600.3.29.2 (x86_64) 0:550.144.03-150600.3.29.2 (aarch64) 0:565.57.01-150600.3.29.2 (x86_64) 0:565.57.01-150600.3.29.2 (aarch64) 0:565.57.01_k6.4.0_150600.21-150600.3.29.2 (x86_64) 0:565.57.01_k6.4.0_150600.6-150600.3.29.2 (aarch64|x86_64) 0:565.57.01_k6.4.0_150600.21-150600.3.29.2 (aarch64|x86_64) 0:550.144.03-150600.3.29.2 (aarch64) 0:550.144.03_k6.4.0_150600.21-150600.3.29.2 (x86_64) 0:550.144.03_k6.4.0_150600.6-150600.3.29.2 (aarch64|x86_64) 0:550.144.03_k6.4.0_150600.21-150600.3.29.2 (aarch64|ppc64le|s390x|x86_64) 0:65.1-150200.4.15.1 (x86_64) 0:65.1-150200.4.15.1 (noarch) 0:65.1-150200.4.15.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1-150600.16.8.1 (aarch64|ppc64le|s390x|x86_64) 0:3.11.9-150600.3.3.1 (x86_64) 0:3.11.9-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:4.9.5-150500.3.43.2 (noarch) 0:4.9.5-150500.3.43.2 (aarch64|ppc64le|s390x|x86_64) 0:2.10.30-150400.3.17.1 (noarch) 0:2.10.30-150400.3.17.1 (x86_64) 0:2.10.30-150400.3.17.1 (noarch) 0:0.34-150000.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.18.3-150000.1.50.1 (noarch) 0:3.18.3-150000.1.50.1 (aarch64|ppc64le|s390x|x86_64) 0:128.12.0-150200.152.188.1 (noarch) 0:128.12.0-150200.152.188.1 (aarch64|ppc64le|s390x|x86_64) 0:20250416.02-150000.1.50.1 (x86_64) 0:1.4.0-150600.5.12.1 (aarch64|x86_64) 0:1.4.0-150600.5.12.1 (aarch64|ppc64le|s390x|x86_64) 0:128.11.1-150200.8.224.1 (noarch) 0:1.6.0-150200.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:2.10.30-150400.3.20.1 (noarch) 0:2.10.30-150400.3.20.1 (x86_64) 0:2.10.30-150400.3.20.1 (noarch) 0:2.78.6-150600.4.16.1 (aarch64|ppc64le|s390x|x86_64) 0:2.78.6-150600.4.16.1 (x86_64) 0:2.78.6-150600.4.16.1 (noarch) 0:41.1-150400.3.3.1 (aarch64|x86_64) 0:1.61.0-150600.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:42.2-150600.3.3.1 (noarch) 0:42.2-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.9.15p5-150600.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:7.1.1.21-150600.3.8.1 (x86_64) 0:7.1.1.21-150600.3.8.1 (noarch) 0:7.1.1.21-150600.3.8.1 (aarch64|ppc64le|s390x|x86_64) 0:7.2.4-150600.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:24.1.1-150600.5.15.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2.6-150000.73.2 (aarch64|ppc64le|s390x|x86_64) 0:1.4.3-150600.18.18.1 (noarch) 0:1.4.3-150600.18.18.1 (aarch64|x86_64) 0:1.4.2~git0.6e8512e-150600.10.6.1 (noarch) 0:2.31.0-150400.6.18.1 (aarch64|ppc64le|s390x|x86_64) 0:0.7.1-150600.3.5.1 (aarch64|ppc64le|s390x|x86_64) 0:21.1.11-150600.5.15.1 (aarch64|ppc64le|s390x|x86_64) 0:9.1.1406-150500.20.27.1 (noarch) 0:9.1.1406-150500.20.27.1 (aarch64|ppc64le|s390x|x86_64) 0:0.9.8-150600.11.3.1 (x86_64) 0:0.9.8-150600.11.3.1 (aarch64|ppc64le|s390x|x86_64) 0:8.0.2-150600.13.11.1 (noarch) 0:8.0.2-150600.13.11.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.23-150300.4.78.1 (x86_64) 0:3.9.23-150300.4.78.1 (aarch64|ppc64le|s390x|x86_64) 0:254.25-150600.4.40.1 (x86_64) 0:254.25-150600.4.40.1 (aarch64|x86_64) 0:254.25-150600.4.40.1 (noarch) 0:254.25-150600.4.40.1 (noarch) 0:4.2.11-150600.3.27.1 (aarch64|x86_64) 0:6.4.0-150600.8.43.1 (x86_64) 0:6.4.0-150600.8.43.1 (noarch) 0:6.4.0-150600.8.43.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.4-150600.3.9.1 (noarch) 0:2.4.4-150600.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:24.0.9_ce-150000.1.11.1 (noarch) 0:24.0.9_ce-150000.1.11.1 (noarch) 0:10.1.42-150200.5.45.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.7-150000.3.82.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.4-150600.3.13.1 (x86_64) 0:3.4.4-150600.3.13.1 (noarch) 0:3.4.4-150600.3.13.1 (aarch64|ppc64le|s390x|x86_64) 0:2.74.3-150600.4.12.1 (x86_64) 0:2.74.3-150600.4.12.1 (noarch) 0:2.74.3-150600.4.12.1 (noarch) 0:9.0.106-150200.86.1 (aarch64|ppc64le|s390x|x86_64) 0:0.5.0-150000.3.15.1 (aarch64|ppc64le|s390x|x86_64) 0:28.2.2_ce-150000.227.1 (noarch) 0:28.2.2_ce-150000.227.1 (aarch64|ppc64le|s390x|x86_64) 0:24.0.9_ce-150000.1.22.1 (noarch) 0:24.0.9_ce-150000.1.22.1 (aarch64|ppc64le|s390x|x86_64) 0:1.24.5-150000.1.29.1 (aarch64|ppc64le|s390x|x86_64) 0:1.23.11-150000.1.37.1 (aarch64|ppc64le|s390x|x86_64) 0:1.24.0-150600.3.11.1 (x86_64) 0:1.24.0-150600.3.11.1 (noarch) 0:1.24.0-150600.3.11.1 (aarch64|ppc64le|s390x|x86_64) 0:25.1-150600.16.13.1 (x86_64) 0:25.1-150600.16.13.1 (noarch) 0:25.1-150600.16.13.1 (aarch64|ppc64le|s390x|x86_64) 0:4.25.1-150600.16.13.1 (aarch64|ppc64le|s390x|x86_64) 0:2.10.3-150500.5.29.1 (x86_64) 0:2.10.3-150500.5.29.1 (noarch) 0:2.10.3-150500.5.29.1 (aarch64|x86_64) 0:4.18.5_04-150600.3.28.1 (x86_64) 0:4.18.5_04-150600.3.28.1 (noarch) 0:4.18.5_04-150600.3.28.1 (aarch64|ppc64le|s390x|x86_64) 0:24.03.0-150600.3.16.1 (x86_64) 0:24.03.0-150600.3.16.1 (aarch64|ppc64le|s390x|x86_64) 0:26.2.1-150300.7.14.3 (aarch64|ppc64le|s390x|x86_64) 0:23.3.4.19-150300.3.23.3 (x86_64) 0:6.4.0-150600.10.44.1 (noarch) 0:6.4.0-150600.10.44.1 (aarch64|ppc64le|s390x|x86_64) 0:1.27.16-150400.9.16.1 (noarch) 0:1.27.16-150400.9.16.1 (aarch64|ppc64le|s390x|x86_64) 0:1.25.16-150400.9.22.1 (noarch) 0:1.25.16-150400.9.22.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.2-150200.11.64.1 (x86_64) 0:3.4.2-150200.11.64.1 (aarch64|ppc64le|s390x|x86_64) 0:3.12.11-150600.3.33.1 (x86_64) 0:3.12.11-150600.3.33.1 (aarch64|ppc64le|s390x|x86_64) 0:8.32-150400.9.9.1 (noarch) 0:8.32-150400.9.9.1 (aarch64|ppc64le|s390x|x86_64) 0:2.10.30-150400.3.23.1 (noarch) 0:2.10.30-150400.3.23.1 (x86_64) 0:2.10.30-150400.3.23.1 (aarch64|ppc64le|s390x|x86_64) 0:128.12.0-150200.8.227.2 (aarch64|ppc64le|s390x|x86_64) 0:20.18.2-150600.3.9.1 (noarch) 0:20.18.2-150600.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.0-150000.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4.6-150600.13.27.1 (x86_64) 0:4.4.6-150600.13.27.1 (aarch64|ppc64le|s390x|x86_64) 0:1.26.15-150400.9.22.1 (noarch) 0:1.26.15-150400.9.22.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6-150000.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:20221126-150500.3.14.1 (aarch64|ppc64le|s390x|x86_64) 0:1.10.3-150600.3.9.1 (x86_64) 0:1.10.3-150600.3.9.1 (noarch) 0:4.1.1-150200.8.7.1 (aarch64|ppc64le|s390x|x86_64) 0:2.7.18-150000.80.1 (x86_64) 0:2.7.18-150000.80.1 (noarch) 0:2.7.18-150000.80.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4.33-150400.4.51.1 (aarch64|ppc64le|s390x|x86_64) 0:8.2.29-150600.3.19.1 (noarch) 0:8.2.29-150600.3.19.1 (aarch64|ppc64le|s390x|x86_64) 0:8.2.29-150600.3.19.2 (aarch64|ppc64le|s390x|x86_64) 0:3006.0-150500.4.55.1 (noarch) 0:3006.0-150500.4.55.1 (aarch64|ppc64le|s390x|x86_64) 0:7.1.1.21-150600.3.13.1 (x86_64) 0:7.1.1.21-150600.3.13.1 (noarch) 0:7.1.1.21-150600.3.13.1 (aarch64|x86_64) 0:202308-150600.5.19.1 (noarch) 0:202308-150600.5.19.1 (x86_64) 0:202308-150600.5.19.1 (aarch64|ppc64le|s390x|x86_64) 0:121-150500.3.6.1 (x86_64) 0:121-150500.3.6.1 (noarch) 0:121-150500.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:140.1.0-150200.152.193.1 (aarch64|ppc64le|s390x|x86_64) 0:140-150200.9.21.1 (noarch) 0:140.1.0-150200.152.193.1 (noarch) 0:1.66.0-150200.12.7.1 (aarch64|ppc64le|s390x|x86_64) 0:1.66.0-150200.12.7.1 (x86_64) 0:1.66.0-150200.12.7.1 (aarch64|ppc64le|x86_64) 0:1.66.0-150200.12.7.1 (aarch64) 0:6.4.0-150600.23.60.4 (aarch64|ppc64le|s390x|x86_64) 0:6.4.0-150600.23.60.5 (aarch64) 0:6.4.0-150600.23.60.3 (ppc64le|x86_64) 0:6.4.0-150600.23.60.4 (x86_64) 0:6.4.0-150600.23.60.4 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.60.5.150600.12.26.4 (x86_64) 0:6.4.0-150600.23.60.5 (noarch) 0:6.4.0-150600.23.60.3 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.60.4 (noarch) 0:6.4.0-150600.23.60.4 (aarch64|ppc64le|s390x|x86_64) 0:6.4.0-150600.23.60.3 (aarch64|ppc64le|s390x|x86_64) 0:6.4.0-150600.23.60.2 (aarch64|ppc64le|s390x|x86_64) 0:6.4.0-150600.23.60.4 (s390x) 0:6.4.0-150600.23.60.4 (noarch) 0:0.35.1-150600.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.462-150200.3.57.1 (noarch) 0:1.8.0.462-150200.3.57.1 (aarch64|ppc64le|s390x|x86_64) 0:140.1.0-150200.8.230.1 (x86_64) 0:1.4.1-150600.5.21.2 (aarch64|x86_64) 0:1.4.1-150600.5.21.2 (aarch64|ppc64le|s390x|x86_64) 0:2.23-150500.3.34.2 (aarch64|ppc64le|s390x|x86_64) 0:3.7.2-150600.3.17.1 (x86_64) 0:3.7.2-150600.3.17.1 (aarch64|ppc64le|s390x|x86_64) 0:0.6.6-150600.3.3.1 (x86_64) 0:0.6.6-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.5.3-150400.3.30.1 (aarch64|ppc64le|s390x|x86_64) 0:8.0.2-150600.13.14.1 (noarch) 0:8.0.2-150600.13.14.1 (aarch64|ppc64le|s390x|x86_64) 0:3.8.3-150600.4.9.1 (x86_64) 0:3.8.3-150600.4.9.1 (aarch64|ppc64le|s390x|x86_64) 0:3.10.18-150400.4.85.1 (x86_64) 0:3.10.18-150400.4.85.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.7-150000.3.85.1 (aarch64|ppc64le|s390x|x86_64) 0:21.0.8.0-150600.3.15.1 (noarch) 0:21.0.8.0-150600.3.15.1 (aarch64|ppc64le|s390x|x86_64) 0:11.0.28.0-150000.3.129.2 (noarch) 0:11.0.28.0-150000.3.129.2 (aarch64|ppc64le|s390x|x86_64) 0:17.0.16.0-150400.3.57.1 (noarch) 0:17.0.16.0-150400.3.57.1 (aarch64|ppc64le|s390x|x86_64) 0:3.50.2-150000.3.33.1 (x86_64) 0:3.50.2-150000.3.33.1 (noarch) 0:3.50.2-150000.3.33.1 (aarch64|ppc64le|s390x|x86_64) 0:7.0.8-150600.8.16.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.58-150600.5.35.1 (noarch) 0:2.4.58-150600.5.35.1 (aarch64|ppc64le|s390x|x86_64) 0:3.24.4-150600.4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.23-150300.4.81.1 (x86_64) 0:3.9.23-150300.4.81.1 (aarch64|ppc64le|s390x|x86_64) 0:2.7.18-150000.83.1 (x86_64) 0:2.7.18-150000.83.1 (noarch) 0:2.7.18-150000.83.1 (aarch64|ppc64le|s390x|x86_64) 0:3.5.27-150200.11.17.1 (noarch) 0:3.5.27-150200.11.17.1 (aarch64|ppc64le|s390x|x86_64) 0:3.11.13-150600.3.35.1 (x86_64) 0:3.11.13-150600.3.35.1 (aarch64|ppc64le|s390x|x86_64) 0:3.11.13-150600.3.35.2 (x86_64) 0:3.11.13-150600.3.35.2 (aarch64|ppc64le|s390x|x86_64) 0:1.19.0.4-150000.4.7.1 (noarch) 0:1.19.0.4-150000.4.7.1 (noarch) 0:2.0.7-150400.7.21.1 (aarch64|ppc64le|s390x|x86_64) 0:2.5.9-150000.4.46.1 (noarch) 0:2.5.9-150000.4.46.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.85-150600.10.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.19.1-150000.3.15.1 (aarch64|ppc64le|s390x|x86_64) 0:0.22.0-150600.11.6.1 (x86_64) 0:0.22.0-150600.11.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.10.3-150500.5.32.1 (x86_64) 0:2.10.3-150500.5.32.1 (noarch) 0:2.10.3-150500.5.32.1 (aarch64|ppc64le|s390x|x86_64) 0:1.23.12-150000.1.40.1 (aarch64|ppc64le|s390x|x86_64) 0:1.24.6-150000.1.32.1 (noarch) 0:5.11.0-150200.3.23.1 (noarch) 0:2.48.5-150600.12.43.1 (aarch64|ppc64le|s390x|x86_64) 0:2.48.5-150600.12.43.1 (x86_64) 0:2.48.5-150600.12.43.1 (aarch64|ppc64le|s390x|x86_64) 0:0.4.2~4-150600.10.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.13.1+git20250329.c2e3bb8-150600.3.3.1 (aarch64|x86_64) 0:3.3.1611.0-150000.5.20.1 (aarch64|ppc64le|s390x|x86_64) 0:4.7.0-150600.3.13.1 (x86_64) 0:4.7.0-150600.3.13.1 (aarch64|ppc64le|s390x|x86_64) 0:2.12-150600.8.34.1 (noarch) 0:2.12-150600.8.34.1 (s390x) 0:2.12-150600.8.34.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.15-150300.10.97.1 (x86_64) 0:3.6.15-150300.10.97.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.15-150300.10.97.2 (aarch64|ppc64le|s390x|x86_64) 0:2.6.8-150600.3.14.1 (noarch) 0:2.6-150200.14.3.1 (aarch64|ppc64le|s390x|x86_64) 0:21.0.6.0-150600.3.9.1 (noarch) 0:21.0.6.0-150600.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:24.03.0-150600.3.19.1 (x86_64) 0:24.03.0-150600.3.19.1 (aarch64|ppc64le|s390x|x86_64) 0:1.23.5-150000.1.18.1 (aarch64|ppc64le|s390x|x86_64) 0:4.9.5-150500.3.46.1 (noarch) 0:4.9.5-150500.3.46.1 (aarch64|ppc64le|s390x|x86_64) 0:1.22.11-150000.1.39.1 (aarch64|ppc64le|s390x|x86_64) 0:2.5.9-150000.4.49.1 (noarch) 0:2.5.9-150000.4.49.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.0-150600.3.5.1 (x86_64) 0:1.3.0-150600.3.5.1 (noarch) 0:3.18.0-150200.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:1.21.5-150600.10.3.1 (noarch) 0:1.21.5-150600.10.3.1 (aarch64|ppc64le|s390x|x86_64) 0:22.13.1-150600.13.6.1 (noarch) 0:22.13.1-150600.13.6.1 (aarch64|ppc64le|s390x|x86_64) 0:13.22-150600.14.11.1 (noarch) 0:13.22-150600.14.11.1 (aarch64|ppc64le|s390x|x86_64) 0:1.24rc2-150000.1.3.1 (aarch64|x86_64) 0:2.1.0~beta2-150000.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.18-150000.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:28.3.3_ce-150000.230.1 (noarch) 0:28.3.3_ce-150000.230.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6-150000.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.25.0-150000.1.5.1 (aarch64|ppc64le|s390x|x86_64) 0:3.10.18-150400.4.88.1 (x86_64) 0:3.10.18-150400.4.88.1 (aarch64|ppc64le|s390x|x86_64) 0:2.42.12-150600.3.8.1 (x86_64) 0:2.42.12-150600.3.8.1 (noarch) 0:2.42.12-150600.3.8.1 (aarch64|ppc64le|s390x|x86_64) 0:2.38-150600.14.37.1 (x86_64) 0:2.38-150600.14.37.1 (noarch) 0:2.38-150600.14.37.1 (aarch64|x86_64) 0:6.4.0-150600.8.48.1 (x86_64) 0:6.4.0-150600.8.48.1 (noarch) 0:6.4.0-150600.8.48.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.0-150000.6.86.1 (x86_64) 0:1.3.0-150000.6.86.1 (noarch) 0:1.3.0-150000.6.86.1 (aarch64|ppc64le|s390x|x86_64) 0:3.20.0-150200.6.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.18.20-150200.5.25.1 (noarch) 0:10.1.43-150200.5.48.1 (noarch) 0:11.0.9-150600.13.6.1 (aarch64|ppc64le|s390x|x86_64) 0:3.12.11-150600.3.36.1 (x86_64) 0:3.12.11-150600.3.36.1 (aarch64|ppc64le|s390x|x86_64) 0:17.6-150600.13.16.1 (x86_64) 0:17.6-150600.13.16.1 (noarch) 0:17.6-150600.13.16.1 (aarch64|ppc64le|s390x|x86_64) 0:2.14.0-150400.9.6.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.2-150200.11.67.1 (x86_64) 0:3.4.2-150200.11.67.1 (aarch64|ppc64le|s390x|x86_64) 0:3.0.4.33054-150200.3.3.1 (noarch) 0:3.0.4.33054-150200.3.3.1 (x86_64) 0:3.0.4.33054-150200.3.3.1 (noarch) 0:11.0.10-150600.13.9.1 (noarch) 0:9.4.58-150200.3.34.1 (aarch64) 0:6.4.0-150600.23.65.1 (aarch64|ppc64le|s390x|x86_64) 0:6.4.0-150600.23.65.1 (ppc64le|x86_64) 0:6.4.0-150600.23.65.1 (x86_64) 0:6.4.0-150600.23.65.1 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.65.1.150600.12.28.4 (noarch) 0:6.4.0-150600.23.65.1 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.65.1 (s390x) 0:6.4.0-150600.23.65.1 (aarch64|ppc64le|s390x|x86_64) 0:2.14.0-150400.9.12.1 (aarch64|ppc64le|s390x|x86_64) 0:16.10-150600.16.21.1 (noarch) 0:16.10-150600.16.21.1 (noarch) 0:10.1.44-150200.5.51.1 (aarch64|ppc64le|s390x|x86_64) 0:140.2.0-150200.8.236.1 (aarch64|ppc64le|s390x|x86_64) 0:140.2.0-150200.152.198.1 (noarch) 0:140.2.0-150200.152.198.1 (aarch64|ppc64le|s390x|x86_64) 0:1.35.5-150500.3.25.1 (aarch64|ppc64le|s390x|x86_64) 0:2.51.0-150600.3.12.1 (noarch) 0:2.51.0-150600.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:3.7.0-150600.13.3.1 (noarch) 0:0.7.4-150600.14.4.1 (aarch64|ppc64le|s390x|x86_64) 0:6.0.2-150600.10.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.2-150400.3.11.1 (noarch) 0:2.9.2-150400.3.11.1 (aarch64|ppc64le|s390x|x86_64) 0:15.14-150600.16.20.1 (noarch) 0:15.14-150600.16.20.1 (aarch64|ppc64le|s390x|x86_64) 0:14.19-150600.16.20.1 (noarch) 0:14.19-150600.16.20.1 (aarch64|ppc64le|s390x|x86_64) 0:20250115.01-150000.1.41.1 (x86_64) 0:6.4.0-150600.10.49.1 (noarch) 0:6.4.0-150600.10.49.1 (noarch) 0:9.0.108-150200.91.1 (noarch) 0:1.6.2-150200.3.7.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.7-150000.3.73.1 (noarch) 0:0.18.3-150400.6.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.21.5-150600.10.9.1 (noarch) 0:1.21.5-150600.10.9.1 (x86_64) 0:20250812-150200.59.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.3-150400.10.33.1 (aarch64|ppc64le|s390x|x86_64) 0:0.5.15-150600.25.3.1 (x86_64) 0:0.5.15-150600.25.3.1 (aarch64|ppc64le|s390x|x86_64) 0:7.2.4-150600.3.15.1 (noarch) 0:4.2.11-150600.3.30.1 (aarch64|ppc64le|s390x|x86_64) 0:2.10.30-150400.3.26.1 (noarch) 0:2.10.30-150400.3.26.1 (x86_64) 0:2.10.30-150400.3.26.1 (aarch64|ppc64le|s390x|x86_64) 0:0.6.6-150600.3.6.1 (x86_64) 0:0.6.6-150600.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:0.904.0-150000.3.16.1 (aarch64|ppc64le|s390x|x86_64) 0:1.4.0-150600.3.9.1 (noarch) 0:2.16-150000.1.6.1 (aarch64|ppc64le|s390x|x86_64) 0:0.540.0-150000.1.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.0.4.33054-150200.3.6.1 (noarch) 0:3.0.4.33054-150200.3.6.1 (x86_64) 0:3.0.4.33054-150200.3.6.1 (noarch) 0:3.24.43-150600.3.7.1 (noarch) 0:3.22.3-150000.4.5.1 (aarch64|ppc64le|s390x|x86_64) 0:3.22.3-150000.4.5.1 (x86_64) 0:3.22.3-150000.4.5.1 (noarch) 0:15.0-150600.21.2.1 (aarch64|ppc64le|s390x|x86_64) 0:3.24.43-150600.3.7.1 (x86_64) 0:3.24.43-150600.3.7.1 (noarch) 0:1.10.8-150400.9.10.1 (aarch64|ppc64le|s390x|x86_64) 0:4.1.126-150200.4.34.1 (noarch) 0:4.1.126-150200.4.34.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.73-150200.3.30.1 (noarch) 0:2.0.73-150200.3.30.1 (noarch) 0:3.0.0-150000.3.28.1 (noarch) 0:5.0.0-150000.3.38.1 (noarch) 0:5.0.0-150000.4.18.1 (noarch) 0:6.3.0-150600.3.3.1 (aarch64|x86_64) 0:1.3.6-150600.4.6.1 (noarch) 0:1.3.6-150600.4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.24.6-150600.13.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.23.12-150600.13.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.25.0-150600.13.3.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4.6-150600.13.30.1 (x86_64) 0:4.4.6-150600.13.30.1 (aarch64|ppc64le|s390x|x86_64) 0:7.1.1.21-150600.3.20.1 (x86_64) 0:7.1.1.21-150600.3.20.1 (noarch) 0:7.1.1.21-150600.3.20.1 (aarch64|ppc64le|s390x|x86_64) 0:8.14.1-150600.4.28.1 (x86_64) 0:8.14.1-150600.4.28.1 (noarch) 0:4.1.0-150400.8.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.25.1-150000.1.8.1 (noarch) 0:0.33.3-150400.5.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.462-150000.3.109.1 (noarch) 0:1.8.0.462-150000.3.109.1 (aarch64|ppc64le|s390x|x86_64) 0:1.25.0-150200.3.22.1 (aarch64|ppc64le|s390x|x86_64) 0:3.13.1-150600.13.11.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.15-150200.9.18.1 (x86_64) 0:2.0.15-150200.9.18.1 (aarch64|x86_64) 0:580.82.07-150600.3.63.1 (aarch64) 0:580.82.07-150600.3.63.1 (x86_64) 0:580.82.07-150600.3.63.1 (aarch64) 0:580.82.07_k6.4.0_150600.23.65-150600.3.63.1 (x86_64) 0:580.82.07_k6.4.0_150600.8.48-150600.3.63.1 (aarch64|x86_64) 0:580.82.07_k6.4.0_150600.23.65-150600.3.63.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0+git20170221.479bb4a-150000.5.13.1 (noarch) 0:2.0+git20170221.479bb4a-150000.5.13.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.7-150000.3.72.1 (x86_64) 0:2.2.7-150000.3.72.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr8.50-150000.3.104.1 (x86_64) 0:1.8.0_sr8.50-150000.3.104.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.7-150200.3.5.1 (x86_64) 0:1.0.7-150200.3.5.1 (aarch64|ppc64le|s390x|x86_64) 0:1.4.2-150600.18.6.1 (noarch) 0:1.4.2-150600.18.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.37.0-150500.10.11.1 (noarch) 0:1.37.0-150500.7.7.2 (aarch64|x86_64) 0:1.37.0-150500.10.11.1 (x86_64) 0:6.4.0-150600.10.52.1 (noarch) 0:6.4.0-150600.10.52.1 (aarch64|ppc64le|s390x|x86_64) 0:10.11.14-150600.4.14.1 (noarch) 0:10.11.14-150600.4.14.1 (x86_64) 0:1.4.1-150600.5.24.1 (aarch64|x86_64) 0:1.4.1-150600.5.24.1 (noarch) 0:3.5.19-150200.5.9.1 (noarch) 0:3.4.7-150200.5.3.1 (aarch64|ppc64le|s390x|x86_64) 0:140.3.0-150200.152.201.1 (noarch) 0:140.3.0-150200.152.201.1 (aarch64|ppc64le|s390x|x86_64) 0:4.2.13-150600.18.26.1 (aarch64|x86_64) 0:1.26.0~0-150600.10.7.1 (noarch) 0:10.1.34-150200.5.31.1 (aarch64|ppc64le|s390x|x86_64) 0:9.1.1629-150500.20.33.1 (noarch) 0:9.1.1629-150500.20.33.1 (aarch64) 0:6.4.0-150600.23.70.1 (aarch64|ppc64le|s390x|x86_64) 0:6.4.0-150600.23.70.1 (ppc64le|x86_64) 0:6.4.0-150600.23.70.1 (x86_64) 0:6.4.0-150600.23.70.1 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.70.1.150600.12.30.2 (noarch) 0:6.4.0-150600.23.70.1 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.70.1 (s390x) 0:6.4.0-150600.23.70.1 (x86_64) 0:0.4.3-150600.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:140.3.0-150200.8.239.1 (aarch64|ppc64le|s390x|x86_64) 0:0.8-150600.15.9.1 (noarch) 0:0.8-150600.15.9.1 (x86_64) 0:0.8-150600.15.9.1 (aarch64|ppc64le|s390x|x86_64) 0:4.7.0-150600.3.18.1 (x86_64) 0:4.7.0-150600.3.18.1 (aarch64|ppc64le|s390x|x86_64) 0:2.3.0-150000.3.21.1 (x86_64) 0:2.3.0-150000.3.21.1 (aarch64|ppc64le|s390x|x86_64) 0:4.10.0-150400.9.8.1 (aarch64|ppc64le|s390x|x86_64) 0:0.9.13.1-150600.15.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.9.8-150600.11.6.1 (x86_64) 0:0.9.8-150600.11.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 (x86_64) 0:2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 (aarch64|ppc64le|s390x|x86_64) 0:11.0.26.0-150000.3.122.1 (noarch) 0:11.0.26.0-150000.3.122.1 (aarch64|ppc64le|s390x|x86_64) 0:17.0.14.0-150400.3.51.1 (noarch) 0:17.0.14.0-150400.3.51.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.4-150400.3.12.1 (aarch64|x86_64) 0:13.0.0-150600.3.18.1 (x86_64) 0:13.0.0-150600.3.18.1 (aarch64|ppc64le|s390x|x86_64) 0:0.4.28-150000.3.9.1 (x86_64) 0:0.4.28-150000.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:3.1.4-150600.5.39.1 (x86_64) 0:3.1.4-150600.5.39.1 (noarch) 0:3.1.4-150600.5.39.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.1w-150600.5.18.1 (x86_64) 0:1.1.1w-150600.5.18.1 (noarch) 0:1.1.1w-150600.5.18.1 (aarch64|ppc64le|s390x|x86_64) 0:1.21.5-150600.10.12.1 (noarch) 0:1.21.5-150600.10.12.1 (x86_64) 0:0.3.2-150600.3.6.1 (noarch) 0:4.2.11-150600.3.33.1 (aarch64|x86_64) 0:4.6.4-150500.6.37.1 (noarch) 0:4.6.4-150500.6.37.1 (aarch64|ppc64le|s390x|x86_64) 0:1.18.4-150600.3.3.1 (x86_64) 0:1.18.4-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:8.5.6-150500.4.33.1 (noarch) 0:1.2.13-150200.3.13.1 (aarch64|ppc64le|s390x|x86_64) 0:9.52-150000.206.1 (aarch64|ppc64le|s390x|x86_64) 0:140.3.1-150200.152.204.1 (noarch) 0:140.3.1-150200.152.204.1 (aarch64|ppc64le|s390x|x86_64) 0:5.6.9-150600.18.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.10.3-150500.5.20.1 (x86_64) 0:2.10.3-150500.5.20.1 (noarch) 0:2.10.3-150500.5.20.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.32-150000.3.20.1 (aarch64|ppc64le|s390x|x86_64) 0:8.0.6-150600.13.17.1 (noarch) 0:8.0.6-150600.13.17.1 (aarch64|ppc64le|s390x|x86_64) 0:7.0.8-150600.8.19.1 (aarch64|ppc64le|s390x|x86_64) 0:7.2.4-150600.3.18.1 (aarch64|ppc64le|s390x|x86_64) 0:7.1.1.21-150600.3.23.1 (x86_64) 0:7.1.1.21-150600.3.23.1 (noarch) 0:7.1.1.21-150600.3.23.1 (noarch) 0:0.13.0-150600.3.5.1 (aarch64|ppc64le|s390x|x86_64) 0:1.25.1-150600.13.6.1 (aarch64|x86_64) 0:13.0.5-150600.3.21.1 (x86_64) 0:13.0.5-150600.3.21.1 (aarch64|ppc64le|s390x|x86_64) 0:24.0.9_ce-150000.1.25.1 (noarch) 0:24.0.9_ce-150000.1.25.1 (aarch64|ppc64le|s390x|x86_64) 0:1.25.2-150000.1.14.1 (aarch64|ppc64le|s390x|x86_64) 0:9.18.33-150600.3.6.1 (noarch) 0:9.18.33-150600.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:3.5.18-150000.7.9.1 (aarch64|ppc64le|s390x|x86_64) 0:2.8.11+git0.01c1056a4-150600.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.32-150000.3.25.1 (aarch64|ppc64le|s390x|x86_64) 0:6.6.3-150600.3.6.1 (noarch) 0:6.6.3-150600.3.6.1 (aarch64) 0:6.4.0-150600.23.73.1 (aarch64|ppc64le|s390x|x86_64) 0:6.4.0-150600.23.73.1 (ppc64le|x86_64) 0:6.4.0-150600.23.73.1 (x86_64) 0:6.4.0-150600.23.73.1 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.73.1.150600.12.32.1 (noarch) 0:6.4.0-150600.23.73.1 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.73.1 (s390x) 0:6.4.0-150600.23.73.1 (aarch64|ppc64le|s390x|x86_64) 0:6.10-150600.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:4.19.8+git.435.78ced6cf30d-150600.3.21.1 (x86_64) 0:4.19.8+git.435.78ced6cf30d-150600.3.21.1 (aarch64|x86_64) 0:4.19.8+git.435.78ced6cf30d-150600.3.21.1 (noarch) 0:4.19.8+git.435.78ced6cf30d-150600.3.21.1 (aarch64|ppc64le|s390x|x86_64) 0:2.7.1-150400.3.31.1 (x86_64) 0:2.7.1-150400.3.31.1 (noarch) 0:8.5-150600.3.15.1 (aarch64|s390x|x86_64) 0:0.12.11-150600.3.3.1 (aarch64|x86_64) 0:6.4.0-150600.8.52.1 (x86_64) 0:6.4.0-150600.8.52.1 (noarch) 0:6.4.0-150600.8.52.1 (aarch64|ppc64le|s390x|x86_64) 0:1.25.3-150000.1.19.1 (aarch64|ppc64le|s390x|x86_64) 0:1.24.9-150000.1.42.1 (aarch64|ppc64le|s390x|x86_64) 0:8.6.0-150600.4.21.1 (x86_64) 0:8.6.0-150600.4.21.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.1-150600.11.14.1 (x86_64) 0:1.20.1-150600.11.14.1 (noarch) 0:2.50.1-150600.12.48.3 (aarch64|ppc64le|s390x|x86_64) 0:2.50.1-150600.12.48.3 (x86_64) 0:2.50.1-150600.12.48.3 (aarch64|ppc64le|s390x|x86_64) 0:4.4.6-150600.13.33.1 (x86_64) 0:4.4.6-150600.13.33.1 (aarch64|ppc64le|s390x|x86_64) 0:5.15.12+kde151-150600.3.9.1 (x86_64) 0:5.15.12+kde151-150600.3.9.1 (noarch) 0:5.15.12+kde151-150600.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:128.7.0-150200.152.170.1 (noarch) 0:128.7.0-150200.152.170.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.32-150000.3.28.1 (noarch) 0:1.33.26-150400.34.7.1 (noarch) 0:1.34.138-150400.27.7.1 (noarch) 0:1.34.144-150400.41.7.1 (aarch64|ppc64le|s390x|x86_64) 0:7.6.10-150400.12.6.1 (noarch) 0:3.8.1-150400.14.6.1 (noarch) 0:1.5.0-150400.14.10.1 (noarch) 0:8.3.5-150400.3.9.1 (noarch) 0:6.2.1-150400.12.6.1 (noarch) 0:3.14.0-150400.13.6.1 (x86_64) 0:6.4.0-150600.10.55.1 (noarch) 0:6.4.0-150600.10.55.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.4-150600.3.18.1 (x86_64) 0:3.4.4-150600.3.18.1 (noarch) 0:3.4.4-150600.3.18.1 (noarch) 0:1.3.1-150600.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:140.4.0-150200.152.207.1 (noarch) 0:140.4.0-150200.152.207.1 (aarch64|ppc64le|s390x|x86_64) 0:2.5.9-150000.4.54.1 (noarch) 0:2.5.9-150000.4.54.1 (aarch64|ppc64le|s390x|x86_64) 0:24.03.0-150600.3.24.1 (x86_64) 0:24.03.0-150600.3.24.1 (noarch) 0:5.7.2-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:4.9.5-150500.3.49.1 (noarch) 0:4.9.5-150500.3.49.1 (aarch64|ppc64le|s390x|x86_64) 0:16.02-150200.14.15.1 (noarch) 0:16.02-150200.14.15.1 (aarch64|ppc64le|s390x|x86_64) 0:4.1-150400.21.8.1 (noarch) 0:4.1-150400.21.8.1 (aarch64|x86_64) 0:4.18.5_06-150600.3.31.2 (x86_64) 0:4.18.5_06-150600.3.31.2 (noarch) 0:4.18.5_06-150600.3.31.2 (aarch64|ppc64le|s390x|x86_64) 0:3.112.2-150400.3.60.1 (x86_64) 0:3.112.2-150400.3.60.1 (aarch64|ppc64le|s390x|x86_64) 0:23.3.4.19-150300.3.26.1 (aarch64|ppc64le|s390x|x86_64) 0:3.8.11-150300.3.22.2 (aarch64|ppc64le|s390x|x86_64) 0:4.2.14-150600.18.29.1 (aarch64|ppc64le|s390x|x86_64) 0:3.28.3-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:4.9.5-150500.3.31.1 (noarch) 0:4.9.5-150500.3.31.1 (noarch) 0:1.3.1-150600.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:7.1.1.21-150600.3.26.1 (x86_64) 0:7.1.1.21-150600.3.26.1 (noarch) 0:7.1.1.21-150600.3.26.1 (aarch64|ppc64le|s390x|x86_64) 0:6.4.22-150600.35.3.1 (aarch64|ppc64le|s390x|x86_64) 0:5.9.12-150600.3.5.2 (noarch) 0:5.9.12-150600.3.5.2 (aarch64|ppc64le|s390x|x86_64) 0:21.0.9.0-150600.3.18.2 (noarch) 0:21.0.9.0-150600.3.18.2 (aarch64|ppc64le|s390x|x86_64) 0:3.9.21-150300.4.64.1 (x86_64) 0:3.9.21-150300.4.64.1 (aarch64|ppc64le|s390x|x86_64) 0:24.1.1-150600.5.18.1 (aarch64|ppc64le|s390x|x86_64) 0:21.1.11-150600.5.20.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.34-150400.3.13.1 (x86_64) 0:1.1.34-150400.3.13.1 (aarch64|ppc64le|s390x|x86_64) 0:1.22.12-150000.1.42.1 (aarch64|ppc64le|s390x|x86_64) 0:1.23.6-150000.1.21.1 (aarch64|ppc64le|s390x|x86_64) 0:0.4.2~4-150600.10.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.5.2-150000.4.15.1 (x86_64) 0:1.5.2-150000.4.15.1 (aarch64|ppc64le|s390x|x86_64) 0:4.2.8-150600.4.5.1 (x86_64) 0:4.2.8-150600.4.5.1 (aarch64|ppc64le|s390x|x86_64) 0:1.4.6-150600.3.8.1 (noarch) 0:1.4.6-150600.3.8.1 (x86_64) 0:1.4.6-150600.3.8.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2.7-150000.80.1 (aarch64|ppc64le|s390x|x86_64) 0:2.3.3-150600.17.6.1 (aarch64|ppc64le|s390x|x86_64) 0:4.7.1-150600.3.23.1 (x86_64) 0:4.7.1-150600.3.23.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr8.55-150000.3.109.1 (x86_64) 0:1.8.0_sr8.55-150000.3.109.1 (aarch64|ppc64le|s390x|x86_64) 0:7.1.1.21-150600.3.29.1 (x86_64) 0:7.1.1.21-150600.3.29.1 (noarch) 0:7.1.1.21-150600.3.29.1 (aarch64|ppc64le|s390x|x86_64) 0:11.0.29.0-150000.3.132.2 (noarch) 0:11.0.29.0-150000.3.132.2 (aarch64|ppc64le|s390x|x86_64) 0:17.0.17.0-150400.3.60.2 (noarch) 0:17.0.17.0-150400.3.60.2 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.472-150200.3.60.3 (noarch) 0:1.8.0.472-150200.3.60.3 (aarch64|ppc64le|s390x|x86_64) 0:140.4.0-150200.8.242.1 (noarch) 0:20230920.570ea89-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.1-150600.11.8.1 (x86_64) 0:1.20.1-150600.11.8.1 (aarch64|ppc64le|s390x|x86_64) 0:6.10-150600.3.14.1 (aarch64|ppc64le|s390x|x86_64) 0:26.2.1-150300.7.19.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.472-150000.3.114.3 (noarch) 0:1.8.0.472-150000.3.114.3 (aarch64|ppc64le|s390x|x86_64) 0:3.2.7-150600.3.11.1 (aarch64|ppc64le|s390x|x86_64) 0:128.7.0-150200.8.200.1 (x86_64) 0:24.09.0-150600.3.3.1 (x86_64) 0:1.7.0-150600.3.3.1 (noarch) 0:2.1-150400.8.5.1 (aarch64|ppc64le|s390x|x86_64) 0:3.10.16-150400.4.69.1 (x86_64) 0:3.10.16-150400.4.69.1 (aarch64|ppc64le|s390x|x86_64) 0:9.6p1-150600.6.34.1 (aarch64|ppc64le|s390x|x86_64) 0:2.8.2-150600.3.5.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.3-150000.85.1 (aarch64|ppc64le|s390x|x86_64) 0:1.35.5-150500.3.45.1 (aarch64|ppc64le|s390x|x86_64) 0:4.9.5-150500.3.56.2 (noarch) 0:4.9.5-150500.3.56.2 (noarch) 0:11.0.13-150600.13.12.1 (aarch64|ppc64le|s390x|x86_64) 0:4.1.128-150200.4.37.1 (noarch) 0:4.1.128-150200.4.37.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.74-150200.3.33.1 (noarch) 0:2.0.74-150200.3.33.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.0+0-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.72.0-150600.13.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.185-150400.5.8.3 (noarch) 0:0.185-150400.5.8.3 (x86_64) 0:0.185-150400.5.8.3 (aarch64|ppc64le|s390x|x86_64) 0:2.45-150100.7.57.1 (x86_64) 0:2.45-150100.7.57.1 (ppc64le|s390x|x86_64) 0:2.45-150100.7.57.1 (aarch64|s390x|x86_64) 0:2.45-150100.7.57.1 (aarch64|ppc64le|x86_64) 0:2.45-150100.7.57.1 (aarch64|ppc64le|s390x) 0:2.45-150100.7.57.1 (aarch64|ppc64le|s390x|x86_64) 0:1.15.0-150600.3.5.2 (aarch64|ppc64le|s390x|x86_64) 0:6.4.0.git33229.a3afe13a7f-150600.3.17.1 (noarch) 0:4.2.11-150600.3.41.1 (noarch) 0:10.1.48-150200.5.54.1 (aarch64|ppc64le|s390x|x86_64) 0:9.18.33-150600.3.18.1 (noarch) 0:9.18.33-150600.3.18.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.7-150000.3.88.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.2p-150000.3.97.1 (x86_64) 0:1.0.2p-150000.3.97.1 (noarch) 0:1.0.2p-150000.3.97.1 (aarch64|x86_64) 0:6.4.0-150600.8.55.1 (x86_64) 0:6.4.0-150600.8.55.1 (noarch) 0:6.4.0-150600.8.55.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.0-150600.23.13.1 (noarch) 0:1.20.0-150600.23.13.1 (aarch64|ppc64le|s390x|x86_64) 0:2.10.30-150400.3.29.1 (noarch) 0:2.10.30-150400.3.29.1 (x86_64) 0:2.10.30-150400.3.29.1 (aarch64) 0:6.4.0-150600.23.78.1 (aarch64|ppc64le|s390x|x86_64) 0:6.4.0-150600.23.78.1 (ppc64le|x86_64) 0:6.4.0-150600.23.78.1 (x86_64) 0:6.4.0-150600.23.78.1 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.78.1.150600.12.34.2 (noarch) 0:6.4.0-150600.23.78.1 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.78.1 (s390x) 0:6.4.0-150600.23.78.1 (aarch64|ppc64le|s390x|x86_64) 0:9.52-150000.211.1 (aarch64|ppc64le|s390x|x86_64) 0:1.25.0-150200.3.25.1 (noarch) 0:9.0.111-150200.96.1 (aarch64|ppc64le|s390x|x86_64) 0:140.5.0-150200.152.210.1 (noarch) 0:140.5.0-150200.152.210.1 (aarch64|ppc64le|s390x|x86_64) 0:4.9.5-150500.3.59.1 (noarch) 0:4.9.5-150500.3.59.1 (aarch64|ppc64le|s390x|x86_64) 0:1.18.0-150200.5.17.1 (aarch64|ppc64le|s390x|x86_64) 0:3.19.1-150000.1.57.1 (noarch) 0:3.19.1-150000.1.57.1 (aarch64|x86_64) 0:3.3.1611.0-150000.5.26.1 (aarch64|ppc64le|s390x|x86_64) 0:140.5.0-150200.8.245.1 (aarch64|ppc64le|s390x|x86_64) 0:2.12-150600.8.44.2 (noarch) 0:2.12-150600.8.44.2 (s390x) 0:2.12-150600.8.44.2 (aarch64|ppc64le|s390x|x86_64) 0:1.14.4-150300.11.16.1 (noarch) 0:1.14.4-150300.11.16.1 (aarch64|x86_64) 0:202308-150600.5.9.1 (noarch) 0:202308-150600.5.9.1 (x86_64) 0:202308-150600.5.9.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.24-150300.4.84.1 (x86_64) 0:3.9.24-150300.4.84.1 (aarch64|ppc64le|s390x|x86_64) 0:8.14.1-150600.4.31.1 (x86_64) 0:8.14.1-150600.4.31.1 (aarch64|ppc64le|s390x|x86_64) 0:1.17.3-150400.31.1 (aarch64|ppc64le|s390x|x86_64) 0:1.35.5-150500.3.48.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.3-150600.3.28.1 (x86_64) 0:2.9.3-150600.3.28.1 (aarch64|ppc64le|s390x|x86_64) 0:1.20.3-150600.19.12.1 (noarch) 0:1.20.3-150600.19.12.1 (aarch64|ppc64le|x86_64) 0:22.11.10-150600.3.15.1 (noarch) 0:22.11.10-150600.3.15.1 (aarch64|ppc64le|x86_64) 0:22.11.10_k6.4.0_150600.23.78-150600.3.15.1 (aarch64) 0:22.11.10-150600.3.15.1 (aarch64) 0:22.11.10_k6.4.0_150600.23.78-150600.3.15.1 (aarch64|ppc64le|s390x|x86_64) 0:3.12.12-150600.3.37.1 (x86_64) 0:3.12.12-150600.3.37.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.20-150000.3.34.1 (aarch64|x86_64) 0:6.4.0-150600.8.26.1 (x86_64) 0:6.4.0-150600.8.26.1 (noarch) 0:6.4.0-150600.8.26.1 (aarch64|ppc64le|s390x|x86_64) 0:1.7.29-150000.128.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.7-150000.3.77.1 (x86_64) 0:2.2.7-150000.3.77.1 (aarch64|ppc64le|s390x|x86_64) 0:0.9.77-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.11.14-150600.3.38.1 (x86_64) 0:3.11.14-150600.3.38.1 (noarch) 0:2.46.5-150600.12.24.1 (aarch64|ppc64le|s390x|x86_64) 0:2.46.5-150600.12.24.1 (x86_64) 0:2.46.5-150600.12.24.1 (aarch64|ppc64le|s390x|x86_64) 0:3.1.4-150600.5.24.1 (x86_64) 0:3.1.4-150600.5.24.1 (noarch) 0:3.1.4-150600.5.24.1 (x86_64) 0:6.4.0-150600.10.58.1 (noarch) 0:6.4.0-150600.10.58.1 (noarch) 0:2.78.6-150600.4.22.1 (aarch64|ppc64le|s390x|x86_64) 0:2.78.6-150600.4.22.1 (x86_64) 0:2.78.6-150600.4.22.1 (aarch64|ppc64le|s390x|x86_64) 0:1.24rc3-150000.1.6.1 (aarch64|ppc64le|s390x|x86_64) 0:8.6.0-150400.3.12.1 (x86_64) 0:8.6.0-150400.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:2.7.18-150000.86.1 (x86_64) 0:2.7.18-150000.86.1 (noarch) 0:2.7.18-150000.86.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.7-150000.3.80.1 (x86_64) 0:2.2.7-150000.3.80.1 (aarch64|ppc64le|s390x|x86_64) 0:3.8.3-150600.4.12.1 (x86_64) 0:3.8.3-150600.4.12.1 (aarch64|ppc64le|s390x|x86_64) 0:2.10.30-150400.3.32.1 (noarch) 0:2.10.30-150400.3.32.1 (x86_64) 0:2.10.30-150400.3.32.1 (aarch64|ppc64le|s390x|x86_64) 0:13.23-150600.14.14.1 (noarch) 0:13.23-150600.14.14.1 (aarch64|ppc64le|s390x|x86_64) 0:0.4.46-150600.4.3.1 (noarch) 0:0.4.46-150600.4.3.1 (x86_64) 0:0.4.46-150600.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.25.5-150000.1.23.1 (aarch64|ppc64le|s390x|x86_64) 0:1.24.11-150000.1.50.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.442-150200.3.51.1 (noarch) 0:1.8.0.442-150200.3.51.1 (aarch64|ppc64le|s390x|x86_64) 0:3.10.19-150400.4.91.3 (x86_64) 0:3.10.19-150400.4.91.3 (aarch64|ppc64le|s390x|x86_64) 0:20200314-150200.3.12.1 (noarch) 0:20200314-150200.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:18.1-150600.13.3.1 (x86_64) 0:18.1-150600.13.3.1 (noarch) 0:18-150600.17.9.1 (aarch64|ppc64le|s390x|x86_64) 0:17.7-150600.13.19.1 (noarch) 0:17.7-150600.13.19.1 (noarch) 0:18.1-150600.13.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.15-150300.10.100.1 (x86_64) 0:3.6.15-150300.10.100.1 (aarch64|ppc64le|s390x|x86_64) 0:14.20-150600.16.23.1 (noarch) 0:14.20-150600.16.23.1 (aarch64|ppc64le|s390x|x86_64) 0:1.31.9-150600.13.15.2 (noarch) 0:1.31.9-150600.13.15.2 (aarch64|ppc64le|s390x|x86_64) 0:1.33.1-150600.13.15.2 (noarch) 0:1.33.1-150600.13.15.2 (noarch) 0:4.2.11-150600.3.44.1 (aarch64|ppc64le|s390x|x86_64) 0:16.11-150600.16.25.1 (noarch) 0:16.11-150600.16.25.1 (aarch64|ppc64le|s390x|x86_64) 0:2.7.18-150000.89.2 (x86_64) 0:2.7.18-150000.89.2 (aarch64|ppc64le|s390x|x86_64) 0:2.7.18-150000.89.1 (x86_64) 0:2.7.18-150000.89.1 (noarch) 0:2.7.18-150000.89.1 (noarch) 0:1.7.15.1-150200.12.7.1 (aarch64|ppc64le|s390x|x86_64) 0:140.6.0-150200.8.248.1 (aarch64|ppc64le|s390x|x86_64) 0:2.3.0-150000.3.18.1 (x86_64) 0:2.3.0-150000.3.18.1 (aarch64|ppc64le|s390x|x86_64) 0:1.35.5-150500.3.50.1 (aarch64) 0:6.4.0-150600.23.81.3 (aarch64|ppc64le|s390x|x86_64) 0:6.4.0-150600.23.81.3 (aarch64) 0:6.4.0-150600.23.81.1 (ppc64le|x86_64) 0:6.4.0-150600.23.81.3 (x86_64) 0:6.4.0-150600.23.81.3 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.81.3.150600.12.36.3 (noarch) 0:6.4.0-150600.23.81.1 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.81.3 (noarch) 0:6.4.0-150600.23.81.2 (aarch64|ppc64le|s390x|x86_64) 0:6.4.0-150600.23.81.1 (s390x) 0:6.4.0-150600.23.81.3 (aarch64|ppc64le|s390x|x86_64) 0:140.6.0-150200.152.213.1 (noarch) 0:140.6.0-150200.152.213.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.7-150000.3.83.1 (x86_64) 0:2.2.7-150000.3.83.1 (aarch64|ppc64le|s390x|x86_64) 0:1.4.1-150000.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2.57-150000.4.3.1 (x86_64) 0:1.2.57-150000.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.25-150300.4.87.1 (x86_64) 0:3.9.25-150300.4.87.1 (aarch64|ppc64le|s390x|x86_64) 0:24.03.0-150600.3.27.1 (x86_64) 0:24.03.0-150600.3.27.1 (aarch64|ppc64le|s390x|x86_64) 0:3.19.1-150000.1.59.1 (noarch) 0:3.19.1-150000.1.59.1 (aarch64|ppc64le|s390x|x86_64) 0:4.2.14-150600.18.32.1 (noarch) 0:1.0.0-150000.1.62.1 (noarch) 0:5.0.14-150000.3.139.1 (noarch) 0:5.0.5-150000.3.30.1 (aarch64|ppc64le|s390x|x86_64) 0:3006.0-150500.4.65.1 (noarch) 0:3006.0-150500.4.65.1 (aarch64|ppc64le|s390x|x86_64) 0:0.28.1-150100.4.28.2 (aarch64|ppc64le|s390x|x86_64) 0:11.5.10-150200.3.80.1 (aarch64|ppc64le|s390x|x86_64) 0:15.15-150600.16.23.1 (noarch) 0:15.15-150600.16.23.1 (aarch64|ppc64le|s390x|x86_64) 0:4.1.130-150200.4.40.1 (noarch) 0:4.1.130-150200.4.40.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6.40-150600.3.3.1 (x86_64) 0:1.6.40-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.13.1-150600.3.3.1 (noarch) 0:1.13.1-150600.3.3.1 (x86_64) 0:1.13.1-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:10.11.15-150600.4.17.1 (noarch) 0:10.11.15-150600.4.17.1 (aarch64|x86_64) 0:6.4.0-150600.8.58.1 (x86_64) 0:6.4.0-150600.8.58.1 (noarch) 0:6.4.0-150600.8.58.1 (aarch64|ppc64le|s390x|x86_64) 0:3.2.7-150600.3.14.1 (aarch64|ppc64le|s390x|x86_64) 0:52.6.0-150000.3.9.1 (x86_64) 0:6.4.0-150600.10.61.1 (noarch) 0:6.4.0-150600.10.61.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.25-150300.4.90.1 (x86_64) 0:3.9.25-150300.4.90.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.17.1-150600.16.14.1 (aarch64|ppc64le|x86_64) 0:22.11.10-150500.5.10.1 (noarch) 0:22.11.10-150500.5.10.1 (aarch64|ppc64le|x86_64) 0:22.11.10_k5.14.21_150500.55.127-150500.5.10.1 (aarch64) 0:22.11.10-150500.5.10.1 (aarch64) 0:22.11.10_k5.14.21_150500.55.127-150500.5.10.1 (aarch64|ppc64le|s390x|x86_64) 0:4.9.5-150500.3.34.2 (noarch) 0:4.9.5-150500.3.34.2 (aarch64|ppc64le|s390x|x86_64) 0:3.9.21-150300.4.61.1 (x86_64) 0:3.9.21-150300.4.61.1 (aarch64|ppc64le|s390x|x86_64) 0:3.12.8-150600.3.15.1 (x86_64) 0:3.12.8-150600.3.15.1 (aarch64|ppc64le|s390x|x86_64) 0:3.10.16-150400.4.66.1 (x86_64) 0:3.10.16-150400.4.66.1 (aarch64) 0:6.4.0-150600.23.38.1 (aarch64|ppc64le|s390x|x86_64) 0:6.4.0-150600.23.38.1 (ppc64le|x86_64) 0:6.4.0-150600.23.38.1 (x86_64) 0:6.4.0-150600.23.38.1 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.38.1.150600.12.16.2 (noarch) 0:6.4.0-150600.23.38.1 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.38.1 (s390x) 0:6.4.0-150600.23.38.1 (aarch64|ppc64le|s390x|x86_64) 0:0.12.0-150600.3.3.1 (x86_64) 0:0.12.0-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.7.0-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.7.18-150000.71.1 (x86_64) 0:2.7.18-150000.71.1 (noarch) 0:2.7.18-150000.71.1 (aarch64|ppc64le|s390x|x86_64) 0:3.12.9-150600.3.18.1 (x86_64) 0:3.12.9-150600.3.18.1 (noarch) 0:0.1.1728559936.c16d4fb-150000.1.56.1 (aarch64|ppc64le|s390x|x86_64) 0:0.17.0-150000.3.24.1 (noarch) 0:5.0.11-150000.3.130.1 (noarch) 0:1.2.3-150000.3.16.1 (noarch) 0:5.0.4-150000.3.27.1 (aarch64|ppc64le|s390x|x86_64) 0:10.4.13-150200.3.59.1 (aarch64|ppc64le|s390x|x86_64) 0:0.1-150100.4.23.1 (aarch64|ppc64le|s390x|x86_64) 0:2.53.3-150100.4.23.1 (aarch64|ppc64le|s390x|x86_64) 0:4.13-150000.4.11.1 (x86_64) 0:4.13-150000.4.11.1 (aarch64|ppc64le|s390x|x86_64) 0:3.11.11-150600.3.16.2 (x86_64) 0:3.11.11-150600.3.16.2 (aarch64|ppc64le|s390x|x86_64) 0:3.6.15-150300.10.81.1 (x86_64) 0:3.6.15-150300.10.81.1 (x86_64) 0:6.4.0-150600.10.26.1 (noarch) 0:6.4.0-150600.10.26.1 (noarch) 0:9.0.98-150200.74.1 (aarch64|ppc64le|s390x|x86_64) 0:1.35.5-150500.3.28.1 (aarch64|ppc64le|s390x|x86_64) 0:2.38-150600.14.23.1 (x86_64) 0:2.38-150600.14.23.1 (noarch) 0:2.38-150600.14.23.1 (aarch64|ppc64le|s390x|x86_64) 0:3.1.0-150600.33.6.1 (aarch64|ppc64le|s390x|x86_64) 0:23.03.0-150600.33.6.1 (noarch) 0:3.1.0-150600.33.6.1 (noarch) 0:23.03.0-150600.33.6.1 (aarch64|ppc64le|s390x|x86_64) 0:9.6p1-150600.6.15.2 (aarch64|ppc64le|s390x|x86_64) 0:9.6p1-150600.6.15.1 (aarch64|ppc64le|s390x|x86_64) 0:2.12-150600.8.18.2 (noarch) 0:2.12-150600.8.18.2 (s390x) 0:2.12-150600.8.18.2 (aarch64|ppc64le|s390x|x86_64) 0:128.6.0-150200.152.167.1 (noarch) 0:128.6.0-150200.152.167.1 (aarch64|ppc64le|s390x|x86_64) 0:4.1.118-150200.4.29.2 (noarch) 0:4.1.118-150200.4.29.2 (aarch64|ppc64le|s390x|x86_64) 0:2.0.70-150200.3.25.1 (noarch) 0:2.0.70-150200.3.25.1 (x86_64) 0:20250211-150200.53.1 (aarch64|ppc64le|s390x|x86_64) 0:27.2-150400.3.23.2 (noarch) 0:27.2-150400.3.23.2 (aarch64|ppc64le|s390x|x86_64) 0:3.1.2-150400.12.11.1 (noarch) 0:20230603+git.5fdd2d6-150600.3.8.1 (aarch64|ppc64le|s390x|x86_64) 0:3.17.1-150000.1.41.1 (noarch) 0:3.17.1-150000.1.41.1 (aarch64|x86_64) 0:202308-150600.5.14.1 (noarch) 0:202308-150600.5.14.1 (x86_64) 0:202308-150600.5.14.1 (aarch64|ppc64le|s390x|x86_64) 0:20250115.01-150000.1.44.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.1w-150600.5.12.2 (x86_64) 0:1.1.1w-150600.5.12.2 (noarch) 0:1.1.1w-150600.5.12.2 (aarch64|ppc64le|s390x|x86_64) 0:15.12-150600.16.14.1 (noarch) 0:15.12-150600.16.14.1 (aarch64|ppc64le|s390x|x86_64) 0:17.4-150600.13.10.1 (x86_64) 0:17.4-150600.13.10.1 (noarch) 0:17.4-150600.13.10.1 (aarch64|ppc64le|s390x|x86_64) 0:10.4.15-150200.3.64.1 (aarch64|ppc64le|s390x|x86_64) 0:14.17-150600.16.14.1 (noarch) 0:14.17-150600.16.14.1 (aarch64|ppc64le|s390x|x86_64) 0:16.8-150600.16.15.1 (noarch) 0:16.8-150600.16.15.1 (aarch64|ppc64le|s390x|x86_64) 0:1.24.0-150600.3.8.1 (x86_64) 0:1.24.0-150600.3.8.1 (noarch) 0:1.24.0-150600.3.8.1 (aarch64|x86_64) 0:1.3.6-150600.4.3.1 (noarch) 0:1.3.6-150600.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:24.11.1-150300.7.5.1 (aarch64|ppc64le|s390x|x86_64) 0:2.35-150500.46.6.3 (aarch64|ppc64le|x86_64) 0:2.35-150300.54.3 (aarch64|ppc64le|x86_64) 0:2.35-150500.46.6.2 (noarch) 0:24.11.1-150300.7.5.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr8.40-150000.3.98.1 (x86_64) 0:1.8.0_sr8.40-150000.3.98.1 (aarch64|ppc64le|s390x|x86_64) 0:0.6.10-150600.16.3.1 (x86_64) 0:0.6.10-150600.16.3.1 (noarch) 0:0.6.10-150600.16.3.1 (noarch) 0:2.46.6-150600.12.27.1 (aarch64|ppc64le|s390x|x86_64) 0:2.46.6-150600.12.27.1 (x86_64) 0:2.46.6-150600.12.27.1 (aarch64|ppc64le|s390x|x86_64) 0:2.90-150400.16.3.1 (noarch) 0:1.15.1-150200.3.10.3 (noarch) 0:3.8.1-150200.3.10.2 (noarch) 0:2.0.0-150200.4.18.11 (noarch) 0:2.0.0-150200.3.18.3 (noarch) 0:3.5.2-150200.3.9.20.2 (noarch) 0:3.5.2-150200.3.9.20.12 (noarch) 0:3.3.0-150200.3.7.5 (noarch) 0:3.8.1-150200.3.6.2 (noarch) 0:3.11.1-150200.4.21.2 (noarch) 0:43-150200.3.8.2 (noarch) 0:3.15.1-150200.3.15.12 (noarch) 0:3.15.1-150200.3.15.2 (noarch) 0:4.0.0-150200.3.10.12 (noarch) 0:4.0.0-150200.4.9.12 (noarch) 0:2.1.0-150200.3.10.3 (noarch) 0:2.4-150200.5.3.3 (noarch) 0:1.2.11-150200.3.10.1 (aarch64|ppc64le|s390x|x86_64) 0:9.1.1101-150500.20.21.1 (noarch) 0:9.1.1101-150500.20.21.1 (aarch64|ppc64le|s390x|x86_64) 0:24.1.1-150600.5.9.1 (aarch64|ppc64le|s390x|x86_64) 0:21.1.11-150600.5.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.5.9-150000.4.36.1 (noarch) 0:2.5.9-150000.4.36.1 (aarch64|ppc64le|s390x|x86_64) 0:13.20-150600.14.5.2 (noarch) 0:13.20-150600.14.5.2 (aarch64|ppc64le|s390x|x86_64) 0:1.8.7-150600.3.3.1 (x86_64) 0:1.8.7-150600.3.3.1 (noarch) 0:1.8.7-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.3.17-150000.7.42.1 (noarch) 0:3.3.17-150000.7.42.1 (aarch64|ppc64le|s390x|x86_64) 0:3.1.0-150500.3.22.1 (noarch) 0:3.1.0-150500.3.22.1 (aarch64|ppc64le|s390x|x86_64) 0:23.03.0-150500.3.22.1 (noarch) 0:23.03.0-150500.3.22.1 (aarch64|ppc64le|s390x|x86_64) 0:2.10.3-150500.5.23.1 (x86_64) 0:2.10.3-150500.5.23.1 (noarch) 0:2.10.3-150500.5.23.1 (noarch) 0:1.10.0.0-150200.6.7.1 (noarch) 0:2.58.0-150400.14.12.1 (aarch64|ppc64le|s390x|x86_64) 0:2.58.0-150400.14.12.1 (aarch64|ppc64le|s390x|x86_64) 0:4.7.0-150600.3.8.1 (x86_64) 0:4.7.0-150600.3.8.1 (aarch64|ppc64le|s390x|x86_64) 0:4.2.11-150600.18.20.1 (aarch64) 0:2020.01-150200.10.18.1 (aarch64|ppc64le|s390x|x86_64) 0:2.7.18-150000.74.1 (x86_64) 0:2.7.18-150000.74.1 (noarch) 0:2.7.18-150000.74.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.9-150000.3.3.1 (x86_64) 0:1.0.9-150000.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.8.3-150600.4.6.2 (x86_64) 0:3.8.3-150600.4.6.2 (aarch64|ppc64le|s390x|x86_64) 0:1.14.4-150300.11.19.1 (noarch) 0:1.14.4-150300.11.19.1 (aarch64|ppc64le|s390x|x86_64) 0:27.5.1_ce-150000.215.3 (noarch) 0:27.5.1_ce-150000.215.3 (aarch64|ppc64le|s390x|x86_64) 0:4.9.5-150500.3.37.1 (noarch) 0:4.9.5-150500.3.37.1 (aarch64|ppc64le|s390x|x86_64) 0:128.8.0-150200.152.173.1 (noarch) 0:128.8.0-150200.152.173.1 (noarch) 0:2.9.27-150000.1.20.1 (aarch64|ppc64le|s390x|x86_64) 0:0.44.0-150600.19.3.1 (noarch) 0:0.44.0-150600.19.3.1 (aarch64|ppc64le|s390x|x86_64) 0:27.2-150400.3.26.1 (noarch) 0:27.2-150400.3.26.1 (aarch64|ppc64le|s390x|x86_64) 0:128.6.0-150200.8.197.1 (aarch64|ppc64le|s390x|x86_64) 0:1.24.1-150000.1.12.1 (aarch64|ppc64le|s390x|x86_64) 0:1.23.7-150000.1.24.1 (aarch64|ppc64le|s390x|x86_64) 0:1.35.5-150500.3.31.1 (aarch64|ppc64le|s390x|x86_64) 0:4.1-150500.4.8.1 (x86_64) 0:4.1-150500.4.8.1 (aarch64|x86_64) 0:6.4.0-150600.8.31.1 (x86_64) 0:6.4.0-150600.8.31.1 (noarch) 0:6.4.0-150600.8.31.1 (aarch64|ppc64le|s390x|x86_64) 0:128.8.0-150200.8.203.1 (aarch64) 0:6.4.0-150600.23.42.2 (aarch64|ppc64le|s390x|x86_64) 0:6.4.0-150600.23.42.2 (aarch64) 0:6.4.0-150600.23.42.1 (ppc64le|x86_64) 0:6.4.0-150600.23.42.2 (x86_64) 0:6.4.0-150600.23.42.2 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.42.2.150600.12.18.4 (noarch) 0:6.4.0-150600.23.42.1 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.42.2 (aarch64|ppc64le|s390x|x86_64) 0:6.4.0-150600.23.42.1 (s390x) 0:6.4.0-150600.23.42.2 (noarch) 0:20250306-150200.19.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6.8-150000.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.7.18-150000.77.1 (x86_64) 0:2.7.18-150000.77.1 (noarch) 0:2.7.18-150000.77.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4.5-150600.13.16.1 (x86_64) 0:4.4.5-150600.13.16.1 (aarch64|x86_64) 0:3.3.1611.0-150000.5.23.1 (aarch64|ppc64le|s390x|x86_64) 0:2.0.8-150000.3.26.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6-150100.3.44.1 (aarch64|ppc64le|s390x|x86_64) 0:3.12.9-150600.3.21.1 (x86_64) 0:3.12.9-150600.3.21.1 (aarch64|ppc64le|s390x|x86_64) 0:23.3.4.19-150300.3.17.1 (x86_64) 0:6.4.0-150600.10.29.1 (noarch) 0:6.4.0-150600.10.29.1 (aarch64|ppc64le|s390x|x86_64) 0:3.1.2-150400.12.14.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4.5-150600.13.19.1 (x86_64) 0:4.4.5-150600.13.19.1 (noarch) 0:4.2.11-150600.3.18.1 (noarch) 0:2.46.6-150600.12.30.2 (aarch64|ppc64le|s390x|x86_64) 0:2.46.6-150600.12.30.2 (x86_64) 0:2.46.6-150600.12.30.2 (aarch64|ppc64le|s390x|x86_64) 0:2.9.7-150000.3.76.1 (aarch64|ppc64le|s390x|x86_64) 0:2.10-150600.7.6.1 (aarch64|ppc64le|s390x|x86_64) 0:0.2.35-150000.4.3.1 (x86_64) 0:0.2.35-150000.4.3.1 (noarch) 0:0.2.35-150000.4.3.1 (aarch64|x86_64) 0:1.3.6-150600.4.9.1 (noarch) 0:1.3.6-150600.4.9.1 (aarch64|ppc64le|s390x|x86_64) 0:3.11.11-150600.3.21.1 (x86_64) 0:3.11.11-150600.3.21.1 (aarch64|ppc64le|s390x|x86_64) 0:21.1.11-150600.5.9.1 (aarch64|ppc64le|s390x|x86_64) 0:3.7.2-150600.3.12.1 (x86_64) 0:3.7.2-150600.3.12.1 (aarch64) 0:2021.10-150600.11.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2021.10-150600.11.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.10.4-150000.4.18.1 (x86_64) 0:2.10.4-150000.4.18.1 (noarch) 0:2.10.4-150000.4.18.1 (aarch64|ppc64le|s390x|x86_64) 0:6.3.2-150400.9.12.1 (aarch64|ppc64le|s390x|x86_64) 0:1.94.0-150500.27.65.1 (aarch64|ppc64le|s390x|x86_64) 0:1.94.0-150300.7.6.1 (noarch) 0:1.94.0-150300.7.6.1 (aarch64|ppc64le|s390x|x86_64) 0:0.1-150100.4.29.1 (aarch64|ppc64le|s390x|x86_64) 0:0.28.1-150100.4.31.1 (aarch64|ppc64le|s390x|x86_64) 0:1.9.1-150100.3.38.1 (aarch64|ppc64le|s390x|x86_64) 0:3.5.0-150100.4.29.1 (noarch) 0:1.1.0-150000.1.65.1 (aarch64|ppc64le|s390x|x86_64) 0:0.4.0-150000.1.21.1 (aarch64|ppc64le|s390x|x86_64) 0:1.13.0-150000.1.12.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.10-150000.1.26.1 (aarch64|ppc64le|s390x|x86_64) 0:0.17.0-150000.3.30.1 (aarch64|ppc64le|s390x|x86_64) 0:0.26.0-150000.1.30.2 (noarch) 0:5.0.15-150000.3.142.1 (aarch64|ppc64le|s390x|x86_64) 0:3006.0-150500.4.68.2 (aarch64|ppc64le|s390x|x86_64) 0:3006.0-150500.4.68.1 (noarch) 0:3006.0-150500.4.68.2 (aarch64|ppc64le|s390x|x86_64) 0:11.6.11-150200.3.83.1 (aarch64|ppc64le|s390x|x86_64) 0:254.27-150600.4.62.1 (x86_64) 0:254.27-150600.4.62.1 (aarch64|x86_64) 0:254.27-150600.4.62.1 (noarch) 0:254.27-150600.4.62.1 (aarch64) 0:6.4.0-150600.23.92.1 (aarch64|ppc64le|s390x|x86_64) 0:6.4.0-150600.23.92.1 (ppc64le|x86_64) 0:6.4.0-150600.23.92.1 (x86_64) 0:6.4.0-150600.23.92.1 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.92.1.150600.12.42.2 (noarch) 0:6.4.0-150600.23.92.1 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.92.1 (s390x) 0:6.4.0-150600.23.92.1 (aarch64|ppc64le|s390x|x86_64) 0:3.10.20-150400.4.102.1 (x86_64) 0:3.10.20-150400.4.102.1 (aarch64|ppc64le|s390x|x86_64) 0:8.5.6-150500.4.36.1 (aarch64|ppc64le|s390x|x86_64) 0:6.3.2-150400.9.15.1 (aarch64|ppc64le|s390x|x86_64) 0:3.51.3-150000.3.39.1 (x86_64) 0:3.51.3-150000.3.39.1 (noarch) 0:3.51.3-150000.3.39.1 (aarch64|ppc64le|s390x|x86_64) 0:0.8.2-150600.13.9.1 (noarch) 0:0.5.0-150400.12.13.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.15-150300.10.109.1 (x86_64) 0:3.6.15-150300.10.109.1 (aarch64|ppc64le|s390x|x86_64) 0:2.6.3-150600.13.6.1 (noarch) 0:2.6.3-150600.13.6.1 (noarch) 0:6.3.0-150600.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:3.0.5-150400.3.37.1 (aarch64|ppc64le|s390x|x86_64) 0:7.1.1.21-150600.3.32.1 (x86_64) 0:7.1.1.21-150600.3.32.1 (noarch) 0:7.1.1.21-150600.3.32.1 (aarch64|ppc64le|s390x|x86_64) 0:1.7.29-150000.130.1 (aarch64|ppc64le|s390x|x86_64) 0:3.12.13-150600.3.48.1 (x86_64) 0:3.12.13-150600.3.48.1 (aarch64|ppc64le|s390x|x86_64) 0:140.9.0-150200.152.225.1 (noarch) 0:140.9.0-150200.152.225.1 (aarch64|ppc64le|s390x|x86_64) 0:2.39.3-150600.4.15.1 (x86_64) 0:2.39.3-150600.4.15.1 (noarch) 0:2.39.3-150600.4.15.1 (aarch64|ppc64le|s390x|x86_64) 0:2.44-150000.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.11.2-150600.4.18.1 (aarch64|ppc64le|s390x|x86_64) 0:140.9.0-150200.8.263.1 (aarch64|ppc64le|s390x|x86_64) 0:2.7.1-150400.3.37.1 (x86_64) 0:2.7.1-150400.3.37.1 (s390x) 0:2.37.4-150500.9.20.1 (aarch64|ppc64le|s390x|x86_64) 0:0.9.14-150600.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.34-150000.3.37.1 (noarch) 0:1.34-150000.3.37.1 (noarch) 0:23.2.0-150400.3.13.1 (aarch64|ppc64le|s390x|x86_64) 0:2.10.30-150400.3.50.1 (noarch) 0:2.10.30-150400.3.50.1 (x86_64) 0:2.10.30-150400.3.50.1 (aarch64|ppc64le|s390x|x86_64) 0:3.12-150100.3.63.1 (aarch64|x86_64) 0:4.18.5_08-150600.3.34.2 (x86_64) 0:4.18.5_08-150600.3.34.2 (noarch) 0:4.18.5_08-150600.3.34.2 (aarch64|x86_64) 0:202308-150600.5.25.1 (noarch) 0:202308-150600.5.25.1 (x86_64) 0:202308-150600.5.25.1 (aarch64|ppc64le|s390x|x86_64) 0:7.1.1.21-150600.3.50.1 (x86_64) 0:7.1.1.21-150600.3.50.1 (noarch) 0:7.1.1.21-150600.3.50.1 (aarch64|ppc64le|s390x|x86_64) 0:2.7.18-150000.111.1 (x86_64) 0:2.7.18-150000.111.1 (noarch) 0:2.7.18-150000.111.1 (aarch64|ppc64le|s390x|x86_64) 0:3.1.4-150600.5.45.1 (x86_64) 0:3.1.4-150600.5.45.1 (noarch) 0:3.1.4-150600.5.45.1 (aarch64|ppc64le|s390x|x86_64) 0:2.11.2-150600.4.21.1 (aarch64|ppc64le|s390x|x86_64) 0:4.17.2-150600.17.18.1 (noarch) 0:4.17.2-150600.17.18.1 (aarch64|ppc64le|s390x|x86_64) 0:1.13.1-150600.4.3.1 (noarch) 0:1.13.1-150600.4.3.1 (aarch64|ppc64le|x86_64) 0:1.13.1-150600.4.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.2p-150000.3.105.1 (x86_64) 0:1.0.2p-150000.3.105.1 (noarch) 0:1.0.2p-150000.3.105.1 (aarch64|ppc64le|s390x|x86_64) 0:3.12.13-150600.3.53.1 (x86_64) 0:3.12.13-150600.3.53.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.25-150300.4.99.1 (x86_64) 0:3.9.25-150300.4.99.1 (aarch64|ppc64le|s390x|x86_64) 0:3.10.19-150400.4.94.1 (x86_64) 0:3.10.19-150400.4.94.1 (aarch64|ppc64le|s390x|x86_64) 0:0.9.8-150600.11.12.1 (x86_64) 0:0.9.8-150600.11.12.1 (aarch64|ppc64le|s390x|x86_64) 0:9.18.33-150600.3.21.1 (noarch) 0:9.18.33-150600.3.21.1 (aarch64|ppc64le|s390x|x86_64) 0:2.14.0-150400.9.15.1 (aarch64|ppc64le|s390x|x86_64) 0:1.5.2-150600.18.25.1 (noarch) 0:1.5.2-150600.18.25.1 (aarch64|ppc64le|s390x|x86_64) 0:24.1.1-150600.5.23.1 (aarch64|ppc64le|s390x|x86_64) 0:21.1.11-150600.5.25.1 (aarch64|ppc64le|s390x|x86_64) 0:1.35.5-150500.3.53.1 (noarch) 0:8.5-150600.3.18.1 (aarch64|ppc64le|s390x|x86_64) 0:140.7.0-150200.8.251.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.4-150600.3.21.1 (x86_64) 0:3.4.4-150600.3.21.1 (noarch) 0:3.4.4-150600.3.21.1 (noarch) 0:2.78.6-150600.4.25.1 (aarch64|ppc64le|s390x|x86_64) 0:2.78.6-150600.4.25.1 (x86_64) 0:2.78.6-150600.4.25.1 (aarch64|ppc64le|s390x|x86_64) 0:4.4.6-150600.13.38.1 (x86_64) 0:4.4.6-150600.13.38.1 (noarch) 0:4.47.2-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.58-150600.5.41.1 (noarch) 0:2.4.58-150600.5.41.1 (noarch) 0:2.50.4-150600.12.54.1 (aarch64|ppc64le|s390x|x86_64) 0:2.50.4-150600.12.54.1 (x86_64) 0:2.50.4-150600.12.54.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.4-150600.3.12.1 (noarch) 0:2.4.4-150600.3.12.1 (noarch) 0:6.3.2-150400.4.23.1 (aarch64|ppc64le|s390x|x86_64) 0:1.25.6-150000.1.26.1 (aarch64|ppc64le|s390x|x86_64) 0:1.24.12-150000.1.53.1 (aarch64|ppc64le|s390x|x86_64) 0:8.2.10-150600.3.43.1 (noarch) 0:8.2.10-150600.3.43.1 (noarch) 0:8.2.101.16.3_3_ga95067eb-150600.3.43.1 (noarch) 0:3.12.2-150400.10.8.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.18-150000.4.11.1 (x86_64) 0:1.0.18-150000.4.11.1 (aarch64|ppc64le|s390x|x86_64) 0:4.13-150000.4.14.1 (x86_64) 0:4.13-150000.4.14.1 (noarch) 0:3.20.2-150400.9.10.1 (aarch64|ppc64le|s390x|x86_64) 0:5.9.4-150600.24.10.1 (x86_64) 0:5.9.4-150600.24.10.1 (aarch64|ppc64le|s390x|x86_64) 0:26.2.1-150300.7.22.1 (aarch64|ppc64le|s390x|x86_64) 0:0.26-150400.9.27.1 (x86_64) 0:0.26-150400.9.27.1 (noarch) 0:20.22.0-150400.9.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6.40-150600.3.6.1 (x86_64) 0:1.6.40-150600.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.37.0-150500.10.14.1 (noarch) 0:1.37.0-150500.7.9.1 (aarch64|x86_64) 0:1.37.0-150500.10.14.1 (aarch64|ppc64le|s390x|x86_64) 0:4.2.14-150600.18.35.1 (aarch64|ppc64le|s390x|x86_64) 0:2.57.4-150600.3.3.1 (x86_64) 0:2.57.4-150600.3.3.1 (noarch) 0:2.57.4-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:7.4.33-150400.4.55.1 (aarch64|ppc64le|s390x|x86_64) 0:3.12.12-150600.3.40.1 (x86_64) 0:3.12.12-150600.3.40.1 (noarch) 0:0.5.0-150400.12.10.1 (aarch64|ppc64le|s390x|x86_64) 0:2.74.3-150600.4.19.1 (x86_64) 0:2.74.3-150600.4.19.1 (noarch) 0:2.74.3-150600.4.19.1 (noarch) 0:2.20.0-150200.4.30.1 (noarch) 0:2.0.7-150400.7.24.1 (aarch64|ppc64le|s390x|x86_64) 0:2.5.20+11-150500.11.38.1 (noarch) 0:2.5.20+11-150500.11.38.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.4-150600.3.28.1 (x86_64) 0:3.4.4-150600.3.28.1 (noarch) 0:3.4.4-150600.3.28.1 (aarch64|ppc64le|s390x|x86_64) 0:0.8-150600.15.12.1 (noarch) 0:0.8-150600.15.12.1 (x86_64) 0:0.8-150600.15.12.1 (aarch64|ppc64le|s390x|x86_64) 0:140.7.0-150200.152.216.1 (noarch) 0:140.7.0-150200.152.216.1 (aarch64|ppc64le|s390x|x86_64) 0:2.7.18-150000.94.1 (x86_64) 0:2.7.18-150000.94.1 (noarch) 0:2.7.18-150000.94.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.15-150300.10.103.1 (x86_64) 0:3.6.15-150300.10.103.1 (aarch64|ppc64le|s390x|x86_64) 0:3.1.7-150600.33.9.1 (aarch64|ppc64le|s390x|x86_64) 0:23.03.3-150600.33.9.1 (noarch) 0:3.1.7-150600.33.9.1 (noarch) 0:23.03.3-150600.33.9.1 (noarch) 0:2.78.6-150600.4.28.1 (aarch64|ppc64le|s390x|x86_64) 0:2.78.6-150600.4.28.1 (x86_64) 0:2.78.6-150600.4.28.1 (aarch64|ppc64le|s390x|x86_64) 0:8.3.0-150600.3.3.1 (x86_64) 0:8.3.0-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.1.7-150500.3.25.1 (noarch) 0:3.1.7-150500.3.25.1 (aarch64|ppc64le|s390x|x86_64) 0:23.03.3-150500.3.25.1 (noarch) 0:23.03.3-150500.3.25.1 (aarch64) 0:6.4.0-150600.23.84.1 (aarch64|ppc64le|s390x|x86_64) 0:6.4.0-150600.23.84.1 (ppc64le|x86_64) 0:6.4.0-150600.23.84.1 (x86_64) 0:6.4.0-150600.23.84.1 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.84.1.150600.12.38.1 (noarch) 0:6.4.0-150600.23.84.1 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.84.1 (s390x) 0:6.4.0-150600.23.84.1 (aarch64|ppc64le|s390x|x86_64) 0:22.22.0-150600.13.12.1 (noarch) 0:22.22.0-150600.13.12.1 (aarch64|ppc64le|s390x|x86_64) 0:1.25.6-150600.13.9.1 (aarch64|x86_64) 0:4.18.5_10-150600.3.37.1 (x86_64) 0:4.18.5_10-150600.3.37.1 (noarch) 0:4.18.5_10-150600.3.37.1 (noarch) 0:0.0.9-150600.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.24.12-150600.13.15.1 (aarch64|ppc64le|s390x|x86_64) 0:3.1.4-150600.5.42.1 (x86_64) 0:3.1.4-150600.5.42.1 (noarch) 0:3.1.4-150600.5.42.1 (aarch64|ppc64le|s390x|x86_64) 0:2.10.30-150400.3.38.1 (noarch) 0:2.10.30-150400.3.38.1 (x86_64) 0:2.10.30-150400.3.38.1 (aarch64|ppc64le|s390x|x86_64) 0:3.11.14-150600.3.41.2 (x86_64) 0:3.11.14-150600.3.41.2 (aarch64|ppc64le|s390x|x86_64) 0:3.11.14-150600.3.41.1 (aarch64|ppc64le|s390x|x86_64) 0:1.35.0-150600.13.23.1 (noarch) 0:1.35.0-150600.13.23.1 (aarch64|ppc64le|s390x|x86_64) 0:3.19.1-150000.1.62.1 (noarch) 0:3.19.1-150000.1.62.1 (aarch64|ppc64le|s390x|x86_64) 0:2.3.0-150000.3.24.1 (x86_64) 0:2.3.0-150000.3.24.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.2p-150000.3.102.1 (x86_64) 0:1.0.2p-150000.3.102.1 (noarch) 0:1.0.2p-150000.3.102.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.7-150000.3.91.1 (aarch64|ppc64le|s390x|x86_64) 0:2.7.18-150000.99.1 (x86_64) 0:2.7.18-150000.99.1 (noarch) 0:2.7.18-150000.99.1 (aarch64|ppc64le|s390x|x86_64) 0:20240116.3-150600.19.6.1 (x86_64) 0:20240116.3-150600.19.6.1 (noarch) 0:3.27.7-150200.5.9.2 (aarch64|ppc64le|s390x|x86_64) 0:1.1.1w-150600.5.21.1 (x86_64) 0:1.1.1w-150600.5.21.1 (noarch) 0:1.1.1w-150600.5.21.1 (aarch64|ppc64le|s390x|x86_64) 0:3.23.0-150600.3.14.1 (aarch64|ppc64le|s390x|x86_64) 0:1.10.4-150600.3.9.1 (x86_64) 0:1.10.4-150600.3.9.1 (noarch) 0:1.2.13-150200.3.16.1 (aarch64|ppc64le|s390x|x86_64) 0:21.0.10.0-150600.3.23.1 (noarch) 0:21.0.10.0-150600.3.23.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6.40-150600.3.9.1 (x86_64) 0:1.6.40-150600.3.9.1 (noarch) 0:2.0.7-150400.7.27.1 (aarch64|ppc64le|s390x|x86_64) 0:1.0.18-150000.4.14.1 (x86_64) 0:1.0.18-150000.4.14.1 (aarch64|ppc64le|s390x|x86_64) 0:2.38-150600.14.40.1 (x86_64) 0:2.38-150600.14.40.1 (noarch) 0:2.38-150600.14.40.1 (noarch) 0:2.78.6-150600.4.35.1 (aarch64|ppc64le|s390x|x86_64) 0:2.78.6-150600.4.35.1 (x86_64) 0:2.78.6-150600.4.35.1 (aarch64|ppc64le|s390x|x86_64) 0:25.1-150600.16.16.1 (x86_64) 0:25.1-150600.16.16.1 (noarch) 0:25.1-150600.16.16.1 (aarch64|ppc64le|s390x|x86_64) 0:4.25.1-150600.16.16.1 (aarch64|ppc64le|s390x|x86_64) 0:1.12.0-150400.3.17.1 (x86_64) 0:1.12.0-150400.3.17.1 (aarch64|ppc64le|s390x|x86_64) 0:1.4.3-150400.4.28.1 (aarch64|ppc64le|s390x|x86_64) 0:140.7.1-150200.8.254.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.482-150200.3.63.1 (noarch) 0:1.8.0.482-150200.3.63.1 (ppc64le|s390x|x86_64) 0:1.8.0_sr8.60-150000.3.112.1 (x86_64) 0:1.8.0_sr8.60-150000.3.112.1 (aarch64|ppc64le|s390x|x86_64) 0:2.10.3-150500.5.35.1 (x86_64) 0:2.10.3-150500.5.35.1 (noarch) 0:2.10.3-150500.5.35.1 (aarch64|ppc64le|s390x|x86_64) 0:1.33.7-150600.13.23.1 (noarch) 0:1.33.7-150600.13.23.1 (aarch64|ppc64le|s390x|x86_64) 0:11.0.30.0-150000.3.135.1 (noarch) 0:11.0.30.0-150000.3.135.1 (aarch64|ppc64le|s390x|x86_64) 0:17.0.18.0-150400.3.63.1 (noarch) 0:17.0.18.0-150400.3.63.1 (aarch64|ppc64le|s390x|x86_64) 0:2.11.2-150600.4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.1-150400.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:0.7.0-150300.3.6.1 (noarch) 0:0.42.0-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.24.13-150000.1.56.1 (aarch64|ppc64le|s390x|x86_64) 0:1.25.7-150000.1.29.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.4-150600.3.31.1 (x86_64) 0:3.4.4-150600.3.31.1 (noarch) 0:3.4.4-150600.3.31.1 (aarch64|ppc64le|s390x|x86_64) 0:3.51.2-150000.3.36.1 (x86_64) 0:3.51.2-150000.3.36.1 (noarch) 0:3.51.2-150000.3.36.1 (aarch64|ppc64le|s390x|x86_64) 0:0.9.13.1-150600.15.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.4.4-150600.3.15.1 (noarch) 0:2.4.4-150600.3.15.1 (aarch64|ppc64le|s390x|x86_64) 0:20.20.0-150600.3.15.1 (noarch) 0:20.20.0-150600.3.15.1 (aarch64|ppc64le|s390x|x86_64) 0:7.1.1.21-150600.3.38.1 (x86_64) 0:7.1.1.21-150600.3.38.1 (noarch) 0:7.1.1.21-150600.3.38.1 (aarch64|x86_64) 0:1.4.5-150600.4.12.1 (noarch) 0:1.4.5-150600.4.12.1 (aarch64|ppc64le|s390x|x86_64) 0:0.5.0-150600.3.2.1 (aarch64|ppc64le|s390x|x86_64) 0:60.9.0-150200.6.8.1 (noarch) 0:4.2.11-150600.3.47.1 (aarch64|ppc64le|s390x|x86_64) 0:2.10.30-150400.3.41.1 (noarch) 0:2.10.30-150400.3.41.1 (noarch) 0:0.3.2-150400.3.4.1 (aarch64|ppc64le|s390x|x86_64) 0:0.3.2-150400.3.4.1 (x86_64) 0:2.10.30-150400.3.41.1 (aarch64|ppc64le|s390x|x86_64) 0:0.8.5-150000.3.11.1 (x86_64) 0:0.8.5-150000.3.11.1 (noarch) 0:0.40.0-150400.13.10.1 (aarch64) 0:6.4.0-150600.23.87.1 (aarch64|ppc64le|s390x|x86_64) 0:6.4.0-150600.23.87.1 (ppc64le|x86_64) 0:6.4.0-150600.23.87.1 (x86_64) 0:6.4.0-150600.23.87.1 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.87.1.150600.12.40.1 (noarch) 0:6.4.0-150600.23.87.1 (aarch64|ppc64le|x86_64) 0:6.4.0-150600.23.87.1 (s390x) 0:6.4.0-150600.23.87.1 (noarch) 0:1.30.0-150400.11.6.1 (aarch64|ppc64le|s390x|x86_64) 0:3.19.1-150000.1.64.1 (noarch) 0:3.19.1-150000.1.64.1 (aarch64|ppc64le|s390x|x86_64) 0:0.5.15-150600.25.6.1 (x86_64) 0:0.5.15-150600.25.6.1 (aarch64|ppc64le|s390x|x86_64) 0:8.14.1-150600.4.34.1 (x86_64) 0:8.14.1-150600.4.34.1 (aarch64|ppc64le|s390x|x86_64) 0:1.8.0.482-150000.3.117.1 (noarch) 0:1.8.0.482-150000.3.117.1 (aarch64|ppc64le|s390x|x86_64) 0:0.7.2~0-150500.12.6.1 (aarch64|ppc64le|x86_64) 0:1.18.0-150200.5.9.1 (aarch64|ppc64le|s390x|x86_64) 0:2.9.7-150000.3.94.1 (aarch64|ppc64le|s390x|x86_64) 0:2.10.3-150500.5.38.1 (x86_64) 0:2.10.3-150500.5.38.1 (noarch) 0:2.10.3-150500.5.38.1 (aarch64|ppc64le|s390x|x86_64) 0:1.35.0-150600.13.25.1 (noarch) 0:1.35.0-150600.13.25.1 (aarch64|ppc64le|s390x|x86_64) 0:1.33.7-150600.13.25.1 (noarch) 0:1.33.7-150600.13.25.1 (aarch64|ppc64le|s390x|x86_64) 0:2.74.3-150600.4.24.1 (x86_64) 0:2.74.3-150600.4.24.1 (noarch) 0:2.74.3-150600.4.24.1 (aarch64|x86_64) 0:1.4.5-150600.4.15.1 (noarch) 0:1.4.5-150600.4.15.1 (x86_64) 0:0.3.2-150600.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:2.7.18-150000.102.1 (x86_64) 0:2.7.18-150000.102.1 (noarch) 0:2.7.18-150000.102.1 (aarch64|ppc64le|s390x|x86_64) 0:0.4.1+git78.f951e3a-150000.1.11.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6.40-150600.3.12.1 (x86_64) 0:1.6.40-150600.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2.57-150000.4.6.1 (x86_64) 0:1.2.57-150000.4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:4.0.2-150500.3.3.1 (noarch) 0:4.0.2-150500.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.10.30-150400.3.44.1 (noarch) 0:2.10.30-150400.3.44.1 (x86_64) 0:2.10.30-150400.3.44.1 (aarch64|ppc64le|s390x|x86_64) 0:7.1.1.21-150600.3.35.1 (x86_64) 0:7.1.1.21-150600.3.35.1 (noarch) 0:7.1.1.21-150600.3.35.1 (aarch64|ppc64le|s390x|x86_64) 0:140.7.1-150200.152.219.1 (noarch) 0:140.7.1-150200.152.219.1 (aarch64|ppc64le|s390x|x86_64) 0:3.10.19-150400.4.97.1 (x86_64) 0:3.10.19-150400.4.97.1 (noarch) 0:1.26.18-150600.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.25-150300.4.93.1 (x86_64) 0:3.9.25-150300.4.93.1 (aarch64|ppc64le|s390x|x86_64) 0:3.12.12-150600.3.43.1 (x86_64) 0:3.12.12-150600.3.43.1 (aarch64|ppc64le|s390x|x86_64) 0:2.11.2-150600.4.9.1 (aarch64|ppc64le|s390x|x86_64) 0:7.2.4-150600.3.21.1 (aarch64|ppc64le|s390x|x86_64) 0:2.74.3-150600.4.27.1 (x86_64) 0:2.74.3-150600.4.27.1 (noarch) 0:2.74.3-150600.4.27.1 (aarch64|ppc64le|s390x|x86_64) 0:24.0.9_ce-150000.1.36.1 (noarch) 0:24.0.9_ce-150000.1.36.1 (aarch64|ppc64le|s390x|x86_64) 0:23.3.4.19-150300.3.29.1 (aarch64|ppc64le|s390x|x86_64) 0:8.2.10-150600.3.46.1 (noarch) 0:8.2.10-150600.3.46.1 (noarch) 0:8.2.101.16.3_3_ga95067eb-150600.3.46.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.15-150300.10.106.1 (x86_64) 0:3.6.15-150300.10.106.1 (aarch64|ppc64le|s390x|x86_64) 0:28.5.1_ce-150000.241.2 (noarch) 0:28.5.1_ce-150000.241.2 (aarch64|ppc64le|s390x|x86_64) 0:0.29.0-150000.241.2 (aarch64|ppc64le|s390x|x86_64) 0:7.0.8-150600.8.22.1 (x86_64) 0:20260210-150200.62.1 (aarch64|ppc64le|s390x|x86_64) 0:4.9.5-150500.3.62.2 (noarch) 0:4.9.5-150500.3.62.2 (aarch64|ppc64le|s390x|x86_64) 0:10.0.0-150600.8.12.1 (x86_64) 0:10.0.0-150600.8.12.1 (aarch64|x86_64) 0:10.0.0-150600.8.12.1 (noarch) 0:10.0.0-150600.8.12.1 (aarch64|ppc64le|s390x|x86_64) 0:2.10.30-150400.3.47.1 (noarch) 0:2.10.30-150400.3.47.1 (x86_64) 0:2.10.30-150400.3.47.1 (aarch64|ppc64le|s390x|x86_64) 0:8.0.7-150600.13.20.1 (noarch) 0:8.0.7-150600.13.20.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.4-150600.3.34.1 (x86_64) 0:3.4.4-150600.3.34.1 (noarch) 0:3.4.4-150600.3.34.1 (aarch64|ppc64le|s390x|x86_64) 0:140.7.2-150200.8.257.1 (aarch64|ppc64le|s390x|x86_64) 0:8.2.30-150600.3.25.1 (noarch) 0:8.2.30-150600.3.25.1 (aarch64|x86_64) 0:16.1-150300.4.31.3 (aarch64|ppc64le|s390x|x86_64) 0:1.37.0-150500.10.17.1 (noarch) 0:1.37.0-150500.7.11.1 (aarch64|x86_64) 0:1.37.0-150500.10.17.1 (aarch64|ppc64le|s390x|x86_64) 0:1.25.7-150600.13.12.1 (aarch64|ppc64le|s390x|x86_64) 0:2.11.2-150600.4.12.1 (aarch64|ppc64le|s390x|x86_64) 0:45.1-150600.3.6.1 (noarch) 0:45.1-150600.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:3.11.14-150600.3.44.1 (x86_64) 0:3.11.14-150600.3.44.1 (aarch64|ppc64le|s390x|x86_64) 0:8.14.1-150600.4.37.1 (x86_64) 0:8.14.1-150600.4.37.1 (aarch64|ppc64le|s390x|x86_64) 0:15.17-150600.16.28.1 (noarch) 0:15.17-150600.16.28.1 (aarch64|ppc64le|s390x|x86_64) 0:2.7.18-150000.105.1 (x86_64) 0:2.7.18-150000.105.1 (noarch) 0:2.7.18-150000.105.1 (aarch64|ppc64le|s390x|x86_64) 0:3.50.3-150600.3.9.1 (noarch) 0:3.50.3-150600.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:3.0.5-150400.3.35.1 (aarch64|ppc64le|s390x|x86_64) 0:0.9.8-150600.11.9.1 (x86_64) 0:0.9.8-150600.11.9.1 (aarch64|ppc64le|s390x|x86_64) 0:3.6.2-150600.4.6.1 (noarch) 0:3.6.2-150600.4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.7.6-150000.5.9.1 (aarch64|ppc64le|s390x|x86_64) 0:1.2.13-150500.4.6.1 (x86_64) 0:1.2.13-150500.4.6.1 (aarch64|ppc64le|s390x|x86_64) 0:14.22-150600.16.28.1 (noarch) 0:14.22-150600.16.28.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.4-150600.3.37.1 (x86_64) 0:3.4.4-150600.3.37.1 (noarch) 0:3.4.4-150600.3.37.1 (aarch64|ppc64le|s390x|x86_64) 0:1.24.13-150600.13.18.1 (aarch64|ppc64le|s390x|x86_64) 0:1.1.34-150400.3.16.1 (x86_64) 0:1.1.34-150400.3.16.1 (aarch64|ppc64le|s390x|x86_64) 0:2.39.3-150600.4.18.1 (x86_64) 0:2.39.3-150600.4.18.1 (noarch) 0:2.39.3-150600.4.18.1 (noarch) 0:22.3.1-150400.17.19.1 (aarch64|ppc64le|s390x|x86_64) 0:4.2.14-150600.18.38.1 (aarch64|ppc64le|s390x|x86_64) 0:2.74.3-150600.4.30.1 (x86_64) 0:2.74.3-150600.4.30.1 (noarch) 0:2.74.3-150600.4.30.1 (aarch64|ppc64le|s390x|x86_64) 0:3.112.3-150400.3.63.1 (x86_64) 0:3.112.3-150400.3.63.1 (aarch64|ppc64le|s390x|x86_64) 0:1.10.1-150600.4.6.1 (noarch) 0:4.2.11-150600.3.50.1 (noarch) 0:2.6.4-150600.3.6.1 (aarch64|ppc64le|s390x|x86_64) 0:2.7.1-150400.3.34.1 (x86_64) 0:2.7.1-150400.3.34.1 (noarch) 0:1.3.1-150600.3.14.1 (aarch64|ppc64le|s390x|x86_64) 0:3.8.3-150600.4.17.1 (x86_64) 0:3.8.3-150600.4.17.1 (aarch64|ppc64le|s390x|x86_64) 0:2.10.30-150400.3.35.1 (noarch) 0:2.10.30-150400.3.35.1 (x86_64) 0:2.10.30-150400.3.35.1 (aarch64|ppc64le|s390x|x86_64) 0:4.14.2-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:2.6.10-150600.3.20.1 (noarch) 0:3.5.2-150600.3.3.1 (noarch) 0:2.3.2-150400.3.9.1 (aarch64|ppc64le|s390x|x86_64) 0:7.1.1.21-150600.3.42.2 (x86_64) 0:7.1.1.21-150600.3.42.2 (noarch) 0:7.1.1.21-150600.3.42.2 (noarch) 0:0.9.5.5-150400.3.5.1 (noarch) 0:0.2.20-150400.3.3.1 (s390x) 0:2.37.4-150500.9.23.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.3-150400.10.36.1 (aarch64|ppc64le|s390x|x86_64) 0:1.4.0-150600.3.12.1 (aarch64|ppc64le|s390x|x86_64) 0:7.1.1.21-150600.3.45.1 (x86_64) 0:7.1.1.21-150600.3.45.1 (noarch) 0:7.1.1.21-150600.3.45.1 (aarch64|ppc64le|s390x|x86_64) 0:140.8.0-150200.152.222.1 (noarch) 0:140.8.0-150200.152.222.1 (aarch64|ppc64le|s390x|x86_64) 0:2.7.18-150000.108.1 (x86_64) 0:2.7.18-150000.108.1 (noarch) 0:2.7.18-150000.108.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.42-150600.3.10.1 (aarch64|ppc64le|s390x|x86_64) 0:1.25.8-150000.1.32.1 (aarch64|ppc64le|s390x|x86_64) 0:1.26.1-150000.1.6.1 (noarch) 0:11.0.18-150600.13.15.1 (aarch64|ppc64le|s390x|x86_64) 0:140.8.0-150200.8.260.1 (aarch64|ppc64le|s390x|x86_64) 0:18.3-150600.13.8.1 (x86_64) 0:18.3-150600.13.8.1 (noarch) 0:18.3-150600.13.8.1 (aarch64|ppc64le|s390x|x86_64) 0:16.13-150600.16.30.1 (noarch) 0:16.13-150600.16.30.1 (aarch64|ppc64le|s390x|x86_64) 0:17.9-150600.13.24.1 (noarch) 0:17.9-150600.13.24.1 (aarch64|ppc64le|s390x|x86_64) 0:8.14.1-150600.4.40.1 (x86_64) 0:8.14.1-150600.4.40.1 (aarch64|ppc64le|s390x|x86_64) 0:2.74.3-150600.4.33.1 (x86_64) 0:2.74.3-150600.4.33.1 (noarch) 0:2.74.3-150600.4.33.1 (noarch) 0:10.1.52-150200.5.61.1 (aarch64|ppc64le|s390x|x86_64) 0:3.4.4-150600.3.42.1 (x86_64) 0:3.4.4-150600.3.42.1 (noarch) 0:3.4.4-150600.3.42.1 (noarch) 0:24.3.0-150400.9.11.1 (aarch64|x86_64) 0:4.18.5_12-150600.3.40.1 (x86_64) 0:4.18.5_12-150600.3.40.1 (noarch) 0:4.18.5_12-150600.3.40.1 (aarch64|ppc64le|s390x|x86_64) 0:9.2.0110-150500.20.43.1 (noarch) 0:9.2.0110-150500.20.43.1 (aarch64|ppc64le|s390x|x86_64) 0:2.2.10~git200.96444f3c3-150600.8.26.1 (aarch64|ppc64le|s390x|x86_64) 0:1.35.0-150600.13.27.1 (noarch) 0:1.35.0-150600.13.27.1 (aarch64|ppc64le|s390x|x86_64) 0:1.6-150000.3.12.1 (noarch) 0:9.0.115-150200.102.1 (aarch64|ppc64le|s390x|x86_64) 0:2.11.2-150600.4.15.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.42-150600.3.15.1 (aarch64|ppc64le|s390x|x86_64) 0:3.19.1-150000.1.66.1 (noarch) 0:3.19.1-150000.1.66.1 (aarch64|ppc64le|s390x|x86_64) 0:1.3.4-150000.90.1 (aarch64|ppc64le|s390x|x86_64) 0:28.5.1_ce-150000.243.1 (noarch) 0:28.5.1_ce-150000.243.1 (aarch64|ppc64le|s390x|x86_64) 0:0.29.0-150000.243.1 (aarch64|ppc64le|s390x|x86_64) 0:1.52.2-150600.3.3.1 (x86_64) 0:1.52.2-150600.3.3.1 (noarch) 0:1.52.2-150600.3.3.1 (aarch64|ppc64le|s390x|x86_64) 0:3.9.25-150300.4.96.1 (x86_64) 0:3.9.25-150300.4.96.1 (aarch64|ppc64le|s390x|x86_64) 0:24.0.9_ce-150000.1.39.1 (noarch) 0:24.0.9_ce-150000.1.39.1 (noarch) 0:1.3.1-150600.3.17.1 (aarch64|ppc64le|s390x|x86_64) 0:1.26.1-150600.13.3.1 (aarch64|ppc64le|s390x|x86_64) 0:1.25.8-150600.13.15.1 (aarch64|ppc64le|s390x|x86_64) 0:5.9.12-150600.3.11.1 (noarch) 0:5.9.12-150600.3.11.1 (aarch64|ppc64le|s390x|x86_64) 0:1.24.0-150600.3.5.1 (x86_64) 0:1.24.0-150600.3.5.1 (noarch) 0:1.24.0-150600.3.5.1