------------------------------------------------------------------ --- Changelog.all ----------- Thu Jul 3 13:46:25 UTC 2025 ------ ------------------------------------------------------------------ ------------------------------------------------------------------ ------------------ 2025-7-2 - Jul 2 2025 ------------------- ------------------------------------------------------------------ ++++ libzypp: - Do not trigger download data exceeded errors on HTTP non data responses (bsc#1245220) In some cases a HTTP 401 or 407 did trigger a "filesize exceeded" error, because the response payload size was compared against the expected filesize. This patch adds some checks if the response code is in the success range and only then takes expected filesize into account. Otherwise the response content-length is used or a fallback of 2Mb if no content-length is known. - version 17.37.8 (35) - Fix SEGV in MediaDISK handler (bsc#1245452) - Explicitly selecting DownloadAsNeeded also selects the classic_rpmtrans backend. DownloadAsNeeded can not be combined with the rpm singletrans installer backend because a rpm transaction requires all package headers to be available the the beginning of the transaction. So explicitly selecting this mode also turns on the classic_rpmtrans backend. - Fix evaluation of libproxy results (bsc#1244710) - version 17.37.7 (35) ------------------------------------------------------------------ ------------------ 2025-7-1 - Jul 1 2025 ------------------- ------------------------------------------------------------------ ++++ salt: - Prevent tests failures when pygit2 is not present - Several fixes for security issues (bsc#1244561, CVE-2024-38822) (bsc#1244564, CVE-2024-38823) (bsc#1244565, CVE-2024-38824) (bsc#1244566, CVE-2024-38825) (bsc#1244567, CVE-2025-22240) (bsc#1244568, CVE-2025-22236) (bsc#1244570, CVE-2025-22241) (bsc#1244571, CVE-2025-22237) (bsc#1244572, CVE-2025-22238) (bsc#1244574, CVE-2025-22239) (bsc#1244575, CVE-2025-22242) * Request server hardening * Prevent traversal in local_cache::save_minions * Add test and fix for file_recv cve * Fix traversal in gitfs find_file * Fix traversal in salt.utils.virt * Fix traversal in pub_ret * Reasonable failures when pillars timeout * Make send_req_async wait longer * Remove token to prevent decoding errors * Fix checking of non-url style git remotes * Allow subdirs in GitFS find_file check - Add subsystem filter to udev.exportdb (bsc#1236621) - tornado.httputil: raise errors instead of logging in multipart/form-data parsing (CVE-2025-47287, bsc#1243268) - Fix Ubuntu 24.04 edge-case test failures - Fix broken tests for Ubuntu 24.04 - Fix refresh of osrelease and related grains on Python 3.10+ - Make "salt" package to obsolete "python3-salt" package on SLE15SP7+ - Fix issue requiring proper Python flavor for dependencies and recommended package - Added: * fix-tests-issues-in-salt-shaker-environments-721.patch * several-fixes-for-security-issues.patch * add-subsystem-filter-to-udev.exportdb-bsc-1236621-71.patch * fix-of-cve-2025-47287-bsc-1243268-718.patch * fix-ubuntu-24.04-specific-failures-716.patch * fix-debian-tests-715.patch * fix-refresh-of-osrelease-and-related-grains-on-pytho.patch ++++ supportutils: - Changes to version 3.2.11 + Collect rsyslog frule files (bsc#1244003, pr#257) + Remove proxy passwords (bsc#1244011, pr#257) + Missing NetworkManager information (bsc#1241284, pr#257) + Include agama logs bsc#1244937, pr#256) + Additional NFS conf files (pr#253) + New fadump sysfs files (pr#252) + Fixed change log dates ------------------------------------------------------------------ ------------------ 2025-6-30 - Jun 30 2025 ------------------- ------------------------------------------------------------------ ++++ curl: - Disable insecure NTLM authentication support [bsc#1245491, jsc#PED-12960] ++++ ignition: - ignition-suse-generator: Only use Ignition platform ID when the corresponding kernel modules are found [bsc#1234315] [boo#1230668] [gh#coreos/ignition#1984] ++++ kernel-default: - kABI: update kABI symbols kABI exceptions were allowed for a couple of branches. Update kABI symbols after the merge. Since kABI symbols are being updated, remove current kABI workaround patches before the update. - commit 0c9b3ad - NFSD: Implement FATTR4_CLONE_BLKSIZE attribute (git-fixes). - commit 4f434fe - overflow: Introduce __DEFINE_FLEX for having no initializer (git-fixes). - commit 99c412c - nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request (git-fixes). - commit d974da9 - NFSD: fix race between nfsd registration and exports_proc (git-fixes). - commit 7c3e6b5 - netlink: specs: tc: replace underscores with dashes in names (git-fixes). - netlink: specs: dpll: replace underscores with dashes in names (git-fixes). - netlink: specs: nfsd: replace underscores with dashes in names (git-fixes). - bnxt: properly flush XDP redirect lists (git-fixes). - e1000e: set fixed clock frequency indication for Nahum 11 and Nahum 13 (git-fixes). - ice: fix eswitch code memory leak in reset scenario (git-fixes). - net: ice: Perform accurate aRFS flow match (git-fixes). - net: ethtool: remove duplicate defines for family info (git-fixes). - bnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start() (git-fixes). - net/mlx5e: Fix leak of Geneve TLV option object (git-fixes). - net/mlx5: HWS, make sure the uplink is the last destination (git-fixes). - net/mlx5: HWS, fix missing ip_version handling in definer (git-fixes). - net/mlx5: Fix return value when searching for existing flow group (git-fixes). - net/mlx5: Fix ECVF vports unload on shutdown flow (git-fixes). - net/mlx5: Ensure fw pages are always allocated on same NUMA (git-fixes). - e1000: Move cancel_work_sync to avoid deadlock (git-fixes). - iavf: fix reset_task for early reset event (git-fixes). - i40e: retry VFLR handling if there is ongoing VF reset (git-fixes). - i40e: return false from i40e_reset_vf if reset is in progress (git-fixes). - iavf: iavf_suspend(): take RTNL before netdev_lock() (git-fixes). - gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO (git-fixes). - idpf: avoid mailbox timeout delays during reset (git-fixes). - idpf: fix a race in txq wakeup (git-fixes). - ice: fix rebuilding the Tx scheduler tree for large queue counts (git-fixes). - ice: create new Tx scheduler nodes for new queues only (git-fixes). - ice: fix Tx scheduler error handling in XDP callback (git-fixes). - net/mlx4_en: Prevent potential integer overflow calculating Hz (git-fixes). - gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt (git-fixes). - octeontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback (git-fixes). - octeontx2-pf: QOS: Perform cache sync on send queue teardown (git-fixes). - net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid() (git-fixes). - net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr() (git-fixes). - net/mlx5: HWS, Fix matcher action template attach (git-fixes). - overflow: Fix direct struct member initialization in _DEFINE_FLEX() (git-fixes). - idpf: fix idpf_vport_splitq_napi_poll() (git-fixes). - idpf: fix null-ptr-deref in idpf_features_check (CVE-2025-38053 bsc#1244746). - ice: Fix LACP bonds without SRIOV environment (git-fixes). - ice: fix vf->num_mac count with port representors (git-fixes). - commit af82899 - staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() (git-fixes). - serial: imx: Restore original RXTL for console to fix data loss (git-fixes). - serial: core: restore of_node information in sysfs (git-fixes). - commit 3895da7 - RDMA/hns: initialize db in update_srq_db() (git-fixes) - commit 980c53d ++++ kernel-rt: - kABI: update kABI symbols kABI exceptions were allowed for a couple of branches. Update kABI symbols after the merge. Since kABI symbols are being updated, remove current kABI workaround patches before the update. - commit 0c9b3ad - NFSD: Implement FATTR4_CLONE_BLKSIZE attribute (git-fixes). - commit 4f434fe - overflow: Introduce __DEFINE_FLEX for having no initializer (git-fixes). - commit 99c412c - nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request (git-fixes). - commit d974da9 - NFSD: fix race between nfsd registration and exports_proc (git-fixes). - commit 7c3e6b5 - netlink: specs: tc: replace underscores with dashes in names (git-fixes). - netlink: specs: dpll: replace underscores with dashes in names (git-fixes). - netlink: specs: nfsd: replace underscores with dashes in names (git-fixes). - bnxt: properly flush XDP redirect lists (git-fixes). - e1000e: set fixed clock frequency indication for Nahum 11 and Nahum 13 (git-fixes). - ice: fix eswitch code memory leak in reset scenario (git-fixes). - net: ice: Perform accurate aRFS flow match (git-fixes). - net: ethtool: remove duplicate defines for family info (git-fixes). - bnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start() (git-fixes). - net/mlx5e: Fix leak of Geneve TLV option object (git-fixes). - net/mlx5: HWS, make sure the uplink is the last destination (git-fixes). - net/mlx5: HWS, fix missing ip_version handling in definer (git-fixes). - net/mlx5: Fix return value when searching for existing flow group (git-fixes). - net/mlx5: Fix ECVF vports unload on shutdown flow (git-fixes). - net/mlx5: Ensure fw pages are always allocated on same NUMA (git-fixes). - e1000: Move cancel_work_sync to avoid deadlock (git-fixes). - iavf: fix reset_task for early reset event (git-fixes). - i40e: retry VFLR handling if there is ongoing VF reset (git-fixes). - i40e: return false from i40e_reset_vf if reset is in progress (git-fixes). - iavf: iavf_suspend(): take RTNL before netdev_lock() (git-fixes). - gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO (git-fixes). - idpf: avoid mailbox timeout delays during reset (git-fixes). - idpf: fix a race in txq wakeup (git-fixes). - ice: fix rebuilding the Tx scheduler tree for large queue counts (git-fixes). - ice: create new Tx scheduler nodes for new queues only (git-fixes). - ice: fix Tx scheduler error handling in XDP callback (git-fixes). - net/mlx4_en: Prevent potential integer overflow calculating Hz (git-fixes). - gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt (git-fixes). - octeontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback (git-fixes). - octeontx2-pf: QOS: Perform cache sync on send queue teardown (git-fixes). - net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid() (git-fixes). - net/mlx5_core: Add error handling inmlx5_query_nic_vport_qkey_viol_cntr() (git-fixes). - net/mlx5: HWS, Fix matcher action template attach (git-fixes). - overflow: Fix direct struct member initialization in _DEFINE_FLEX() (git-fixes). - idpf: fix idpf_vport_splitq_napi_poll() (git-fixes). - idpf: fix null-ptr-deref in idpf_features_check (CVE-2025-38053 bsc#1244746). - ice: Fix LACP bonds without SRIOV environment (git-fixes). - ice: fix vf->num_mac count with port representors (git-fixes). - commit af82899 - staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() (git-fixes). - serial: imx: Restore original RXTL for console to fix data loss (git-fixes). - serial: core: restore of_node information in sysfs (git-fixes). - commit 3895da7 - RDMA/hns: initialize db in update_srq_db() (git-fixes) - commit 980c53d ++++ numactl: - Update to version 2.0.19.14.g690a72c: * numastat command fails on LPAR which is not having node0 Patch is now upstream: https://github.com/numactl/numactl/pull/246 D 4abeee1aac20a7a2552870e0359b8df013ae9037.patch Patches are wrong or not needed anymore: https://github.com/numactl/numactl/pull/246 D 0001-Fixed-segfault-when-no-node-could-be-found-in-sysfs-.patch D numactl-clearcache-pie.patch ++++ sudo: - Update to 1.9.17p1 * Fix a possible local privilege escalation via the --host option [bsc#1245274, CVE-2025-32462] * Fix a possible local privilege Escalation via chroot option [bsc#1245275, CVE-2025-32463] - Update to 1.9.17 * Sudo now uses the NODEV macro consistently. Bug #1074. Fixed a bug where the ALL command in a sudoers rule would override a previous NOSETENV tag. Command tags are inherited from previous Cmnds in a Cmnd_Spec_List. There is a special case for the SETENV tag with the ALL command, where SETENV is implied if no explicit SETENV or NOSETENV tag is specified. This special case did not take into account that a NOSETENV tag that was inherited should override this behavior. * If sudo is run via ssh without a terminal and a password is required, it now suggest using ssh’s -t option. * Fixed the display of timeout values in the sudo -V output on systems without a C99-compliant snprintf() function. * Quieted a number of minor Coverity warnings. * Fixed a problem running sudo from a serial console on Linux when the command is run in a pseudo-terminal (the default). * Fixed a crash in sudo which could occur if there was a fatal error after the user was validated but before the command was actually run. * Fixed a number of man page style warnings. The “lint” make target in the docs directory will now run groff with warnings enabled if it is available. Bug #1075. * The ignore_dot sudoers setting is now on by default. There is now a - -disable-ignore-dot configure option to disable it. The - -with-ignore-dot configure option has been deprecated. * Fixed a problem with the pwfeedback option where an initial backspace would reduce the maximum length allowed for the password. GitHub issue #439. * Fixed minor grammar and spelling problems in the man pages. * Fixed a bug where a user could avoid entering a password for sudo -l command if they specified their own user or group name via the -u or - g options. * Avoid potential password guessing based on timing attacks on the strcmp() function on systems without PAM or a crypt() function where plaintext passwords are stored in the shadow password file. * Fixed a potential information leak where sudo -l command could be used to determine whether an executable exists in a directory that they do not have search access to. * Sudo uses TCSAFLUSH, not TCSADRAIN, when disabling echo once again. A long time ago sudo changed from using TCSAFLUSH to TCSADRAIN due to some systems having bugs related to TCSAFLUSH. That should no longer be a concern. Using TCSAFLUSH ensures that password input that has been received by the kernel, but not yet read by sudo, will be discarded and not echoed. * Added the SUDO_TTY environment variable if the user has a terminal. This can be used to find the user’s original tty device when sudo runs the command in its own pseudo-terminal. GitHub issue #447. * New Cantonese translation for sudo. ++++ toolbox: - Update to version 2.4+git20250630.5e08e45: * Forbid --user if running as root ------------------------------------------------------------------ ------------------ 2025-6-29 - Jun 29 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - wifi: rtw88: usb: Upload the firmware in bigger chunks (stable-fixes). - commit 1df8f6c - wifi: mt76: mt7996: drop fragments with multicast or broadcast RA (stable-fixes). - wifi: mt76: mt7921: add 160 MHz AP for mt7922 device (stable-fixes). - wifi: mt76: mt7925: introduce thermal protection (stable-fixes). - wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R (stable-fixes). - wifi: ath12k: fix macro definition HAL_RX_MSDU_PKT_LENGTH_GET (stable-fixes). - wifi: ath12k: fix a possible dead lock caused by ab->base_lock (stable-fixes). - wifi: ath11k: Fix QMI memory reuse logic (stable-fixes). - wifi: mac80211: validate SCAN_FLAG_AP in scan request during MLO (stable-fixes). - wifi: rtw89: leave idle mode when setting WEP encryption for AP mode (stable-fixes). - wifi: rtw89: 8922a: fix TX fail with wrong VCO setting (stable-fixes). - wifi: iwlwifi: mvm: fix beacon CCK flag (stable-fixes). - wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn() (stable-fixes). - wifi: mac80211: do not offer a mesh path if forwarding is disabled (stable-fixes). - wifi: iwlwifi: pcie: make sure to lock rxq->read (stable-fixes). - wifi: mac80211_hwsim: Prevent tsf from setting if beacon is disabled (stable-fixes). - wifi: ath12k: using msdu end descriptor to check for rx multicast packets (stable-fixes). - wifi: ath12k: fix failed to set mhi state error during reboot with hardware grouping (stable-fixes). - wifi: ath12k: fix link valid field initialization in the monitor Rx (stable-fixes). - wifi: ath12k: fix incorrect CE addresses (stable-fixes). - commit b75f8f8 - drivers/rapidio/rio_cm.c: prevent possible heap overwrite (stable-fixes). - PCI: Add ACS quirk for Loongson PCIe (stable-fixes). - watchdog: da9052_wdt: respect TWDMIN (stable-fixes). - watchdog: fix watchdog may detect false positive of softlockup (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() (stable-fixes). - pinctrl: mcp23s08: Reset all pins to input at probe (stable-fixes). - software node: Correct a OOB check in software_node_get_reference_args() (stable-fixes). - wifi: ath12k: Pass correct values of center freq1 and center freq2 for 160 MHz (stable-fixes). - wifi: mac80211: VLAN traffic in multicast path (stable-fixes). - wifi: iwlwifi: Add missing MODULE_FIRMWARE for Qu-c0-jf-b0 (stable-fixes). - usbnet: asix AX88772: leave the carrier control to phylink (stable-fixes). - PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() (stable-fixes). - power: supply: max17040: adjust thermal channel scaling (stable-fixes). - power: supply: bq27xxx: Retrieve again when busy (stable-fixes). - power: supply: collie: Fix wakeup source leaks on device unbind (stable-fixes). - platform-msi: Add msi_remove_device_irq_domain() in platform_device_msi_free_irqs_all() (stable-fixes). - wifi: rtw89: phy: add dummy C2H event handler for report of TAS power (stable-fixes). - commit 132d8d6 - i2c: tiny-usb: disable zero-length read messages (git-fixes). - i2c: robotfuzz-osif: disable zero-length read messages (git-fixes). - i2c: designware: Invoke runtime suspend on quick slave re-registration (stable-fixes). - i2c: npcm: Add clock toggle recovery (stable-fixes). - hid-asus: check ROG Ally MCU version and warn (stable-fixes). - mmc: Add quirk to disable DDR50 tuning (stable-fixes). - gpiolib: of: Add polarity quirk for s5m8767 (stable-fixes). - Make 'cc-option' work correctly for the -Wno-xyzzy pattern (stable-fixes). - Input: sparcspkr - avoid unannotated fall-through (stable-fixes). - commit 1379ece - drm/xe/gt: Update handling of xe_force_wake_get return (stable-fixes). - Refresh patches.suse/drm-xe-Fix-GT-for-each-engine-workarounds.patch. - commit b01435e - drm/xe: Process deferred GGTT node removals on device unwind (git-fixes). - drm/xe/display: Add check for alloc_ordered_workqueue() (git-fixes). - drm/i915: fix build error some more (git-fixes). - drm/amd: Adjust output for discovery error handling (git-fixes). - drm/xe/bmg: Update Wa_16023588340 (git-fixes). - drm/v3d: Avoid NULL pointer dereference in `v3d_job_update_stats()` (stable-fixes). - fbcon: Make sure modelist not set on unregistered console (stable-fixes). - drm/amdgpu: read back register after written for VCN v4.0.5 (stable-fixes). - drm/xe: Wire up device shutdown handler (stable-fixes). - commit 425e83a - ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X507UAR (git-fixes). - ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() (git-fixes). - ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged (stable-fixes). - ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound card (stable-fixes). - ALSA: hda/realtek: Add quirk for Asus GU605C (stable-fixes). - ALSA: hda/realtek - Add mute LED support for HP Victus 16-s1xxx and HP Victus 15-fa1xxx (stable-fixes). - ALSA: hda/intel: Add Thinkpad E15 to PM deny list (stable-fixes). - ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 (stable-fixes). - bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value (stable-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3584 for MT7922 (stable-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3630 for MT7925 (stable-fixes). - ACPI: Add missing prototype for non CONFIG_SUSPEND/CONFIG_X86 case (stable-fixes). - ACPI: battery: negate current when discharging (stable-fixes). - ACPICA: Avoid sequence overread in call to strncmp() (stable-fixes). - ACPICA: utilities: Fix overflow check in vsnprintf() (stable-fixes). - ACPICA: Apply pack(1) to union aml_resource (stable-fixes). - ACPICA: fix acpi parse and parseext cache leaks (stable-fixes). - ACPICA: fix acpi operand cache leak in dswstate.c (stable-fixes). - ACPI: bus: Bail out if acpi_kobj registration fails (stable-fixes). - ASoC: amd: yc: Add quirk for Lenovo Yoga Pro 7 14ASP9 (stable-fixes). - ASoC: intel/sdw_utils: Assign initial value in asoc_sdw_rt_amp_spk_rtd_init() (stable-fixes). - ASoC: tegra210_ahub: Add check to of_device_get_match_data() (stable-fixes). - ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change (stable-fixes). - commit 36941d3 ++++ kernel-rt: - wifi: rtw88: usb: Upload the firmware in bigger chunks (stable-fixes). - commit 1df8f6c - wifi: mt76: mt7996: drop fragments with multicast or broadcast RA (stable-fixes). - wifi: mt76: mt7921: add 160 MHz AP for mt7922 device (stable-fixes). - wifi: mt76: mt7925: introduce thermal protection (stable-fixes). - wifi: mt76: mt76x2: Add support for LiteOn WN4516R,WN4519R (stable-fixes). - wifi: ath12k: fix macro definition HAL_RX_MSDU_PKT_LENGTH_GET (stable-fixes). - wifi: ath12k: fix a possible dead lock caused by ab->base_lock (stable-fixes). - wifi: ath11k: Fix QMI memory reuse logic (stable-fixes). - wifi: mac80211: validate SCAN_FLAG_AP in scan request during MLO (stable-fixes). - wifi: rtw89: leave idle mode when setting WEP encryption for AP mode (stable-fixes). - wifi: rtw89: 8922a: fix TX fail with wrong VCO setting (stable-fixes). - wifi: iwlwifi: mvm: fix beacon CCK flag (stable-fixes). - wireless: purelifi: plfxlc: fix memory leak in plfxlc_usb_wreq_asyn() (stable-fixes). - wifi: mac80211: do not offer a mesh path if forwarding is disabled (stable-fixes). - wifi: iwlwifi: pcie: make sure to lock rxq->read (stable-fixes). - wifi: mac80211_hwsim: Prevent tsf from setting if beacon is disabled (stable-fixes). - wifi: ath12k: using msdu end descriptor to check for rx multicast packets (stable-fixes). - wifi: ath12k: fix failed to set mhi state error during reboot with hardware grouping (stable-fixes). - wifi: ath12k: fix link valid field initialization in the monitor Rx (stable-fixes). - wifi: ath12k: fix incorrect CE addresses (stable-fixes). - commit b75f8f8 - drivers/rapidio/rio_cm.c: prevent possible heap overwrite (stable-fixes). - PCI: Add ACS quirk for Loongson PCIe (stable-fixes). - watchdog: da9052_wdt: respect TWDMIN (stable-fixes). - watchdog: fix watchdog may detect false positive of softlockup (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() (stable-fixes). - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() (stable-fixes). - pinctrl: mcp23s08: Reset all pins to input at probe (stable-fixes). - software node: Correct a OOB check in software_node_get_reference_args() (stable-fixes). - wifi: ath12k: Pass correct values of center freq1 and center freq2 for 160 MHz (stable-fixes). - wifi: mac80211: VLAN traffic in multicast path (stable-fixes). - wifi: iwlwifi: Add missing MODULE_FIRMWARE for Qu-c0-jf-b0 (stable-fixes). - usbnet: asix AX88772: leave the carrier control to phylink (stable-fixes). - PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() (stable-fixes). - power: supply: max17040: adjust thermal channel scaling (stable-fixes). - power: supply: bq27xxx: Retrieve again when busy (stable-fixes). - power: supply: collie: Fix wakeup source leaks on device unbind (stable-fixes). - platform-msi: Add msi_remove_device_irq_domain() in platform_device_msi_free_irqs_all() (stable-fixes). - wifi: rtw89: phy: add dummy C2H event handler for report of TAS power (stable-fixes). - commit 132d8d6 - i2c: tiny-usb: disable zero-length read messages (git-fixes). - i2c: robotfuzz-osif: disable zero-length read messages (git-fixes). - i2c: designware: Invoke runtime suspend on quick slave re-registration (stable-fixes). - i2c: npcm: Add clock toggle recovery (stable-fixes). - hid-asus: check ROG Ally MCU version and warn (stable-fixes). - mmc: Add quirk to disable DDR50 tuning (stable-fixes). - gpiolib: of: Add polarity quirk for s5m8767 (stable-fixes). - Make 'cc-option' work correctly for the -Wno-xyzzy pattern (stable-fixes). - Input: sparcspkr - avoid unannotated fall-through (stable-fixes). - commit 1379ece - drm/xe/gt: Update handling of xe_force_wake_get return (stable-fixes). - Refresh patches.suse/drm-xe-Fix-GT-for-each-engine-workarounds.patch. - commit b01435e - drm/xe: Process deferred GGTT node removals on device unwind (git-fixes). - drm/xe/display: Add check for alloc_ordered_workqueue() (git-fixes). - drm/i915: fix build error some more (git-fixes). - drm/amd: Adjust output for discovery error handling (git-fixes). - drm/xe/bmg: Update Wa_16023588340 (git-fixes). - drm/v3d: Avoid NULL pointer dereference in `v3d_job_update_stats()` (stable-fixes). - fbcon: Make sure modelist not set on unregistered console (stable-fixes). - drm/amdgpu: read back register after written for VCN v4.0.5 (stable-fixes). - drm/xe: Wire up device shutdown handler (stable-fixes). - commit 425e83a - ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X507UAR (git-fixes). - ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() (git-fixes). - ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged (stable-fixes). - ALSA: usb-audio: Rename ALSA kcontrol PCM and PCM1 for the KTMicro sound card (stable-fixes). - ALSA: hda/realtek: Add quirk for Asus GU605C (stable-fixes). - ALSA: hda/realtek - Add mute LED support for HP Victus 16-s1xxx and HP Victus 15-fa1xxx (stable-fixes). - ALSA: hda/intel: Add Thinkpad E15 to PM deny list (stable-fixes). - ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 (stable-fixes). - bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value (stable-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3584 for MT7922 (stable-fixes). - Bluetooth: btusb: Add new VID/PID 13d3/3630 for MT7925 (stable-fixes). - ACPI: Add missing prototype for non CONFIG_SUSPEND/CONFIG_X86 case (stable-fixes). - ACPI: battery: negate current when discharging (stable-fixes). - ACPICA: Avoid sequence overread in call to strncmp() (stable-fixes). - ACPICA: utilities: Fix overflow check in vsnprintf() (stable-fixes). - ACPICA: Apply pack(1) to union aml_resource (stable-fixes). - ACPICA: fix acpi parse and parseext cache leaks (stable-fixes). - ACPICA: fix acpi operand cache leak in dswstate.c (stable-fixes). - ACPI: bus: Bail out if acpi_kobj registration fails (stable-fixes). - ASoC: amd: yc: Add quirk for Lenovo Yoga Pro 7 14ASP9 (stable-fixes). - ASoC: intel/sdw_utils: Assign initial value in asoc_sdw_rt_amp_spk_rtd_init() (stable-fixes). - ASoC: tegra210_ahub: Add check to of_device_get_match_data() (stable-fixes). - ASoC: tas2770: Power cycle amp on ISENSE/VSENSE change (stable-fixes). - commit 36941d3 ------------------------------------------------------------------ ------------------ 2025-6-28 - Jun 28 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - Revert "block/bdev: enable large folio support for large logical block" (bsc#1245444) This reverts commit 03e169f9e789f08bac7bdb238dbd9bd7cfd00142. - commit f46bdc5 ++++ kernel-rt: - Revert "block/bdev: enable large folio support for large logical block" (bsc#1245444) This reverts commit 03e169f9e789f08bac7bdb238dbd9bd7cfd00142. - commit f46bdc5 ------------------------------------------------------------------ ------------------ 2025-6-27 - Jun 27 2025 ------------------- ------------------------------------------------------------------ ++++ python-kiwi: - Bump version: 10.2.25 → 10.2.26 - Fix shim lookup for arm on SUSE Add missing search path for shim binary on arm based SUSE systems. Also update the tumbleweed/test-image-live-disk integration test for arm to build with secure boot enabled to actually test a secure boot enabled ISO build. This Fixes #2842 ++++ kernel-default: - Update patches.suse/ALSA-pcm-Fix-race-of-buffer-access-at-PCM-OSS-layer.patch (stable-fixes CVE-2025-38078 bsc#1244737). - Update patches.suse/ASoC-SOF-Intel-hda-Fix-UAF-when-reloading-module.patch (git-fixes CVE-2025-38056 bsc#1244748). - Update patches.suse/HID-bpf-abort-dispatch-if-device-destroyed.patch (git-fixes CVE-2025-38016 bsc#1244745). - Update patches.suse/HID-uclogic-Add-NULL-check-in-uclogic_input_configur.patch (git-fixes CVE-2025-38007 bsc#1244938). - Update patches.suse/KVM-arm64-Fix-uninitialized-memcache-pointer-in-user.patch (git-fixes CVE-2025-37996 bsc#1243828). - Update patches.suse/PCI-endpoint-pci-epf-test-Fix-double-free-that-cause.patch (stable-fixes CVE-2025-38069 bsc#1245246). - Update patches.suse/RDMA-core-Fix-KASAN-slab-use-after-free-Read-in-ib_r.patch (git-fixes CVE-2025-38022 bsc#1245003). - Update patches.suse/RDMA-rxe-Fix-slab-use-after-free-Read-in-rxe_queue_c.patch (git-fixes CVE-2025-38024 bsc#1245025). - Update patches.suse/block-fix-race-between-set_blocksize-and-read-paths.patch (git-fixes CVE-2025-38073 bsc#1244741). - Update patches.suse/btrfs-avoid-NULL-pointer-dereference-if-no-valid-csu.patch (bsc#1243342 CVE-2025-38059 bsc#1244759). - Update patches.suse/btrfs-avoid-NULL-pointer-dereference-if-no-valid-ext.patch (bsc#1236208 CVE-2025-21658). - Update patches.suse/btrfs-zoned-fix-extent-range-end-unlock-in-cow_file_.patch (bsc#1239514 CVE-2025-21942 bsc#1240704). - Update patches.suse/can-bcm-add-locking-for-bcm_op-runtime-updates.patch (git-fixes CVE-2025-38004 bsc#1244274). - Update patches.suse/can-bcm-add-missing-rcu-read-protection-for-procfs-c.patch (git-fixes CVE-2025-38003 bsc#1244275). - Update patches.suse/can-m_can-m_can_class_allocate_dev-initialize-spin-l.patch (git-fixes CVE-2025-37993 bsc#1243822). - Update patches.suse/crypto-algif_hash-fix-double-free-in-hash_accept.patch (git-fixes CVE-2025-38079 bsc#1245217). - Update patches.suse/crypto-lzo-Fix-compression-buffer-overrun.patch (stable-fixes CVE-2025-38068 bsc#1245210). - Update patches.suse/dm-cache-prevent-BUG_ON-by-blocking-retries-on-faile.patch (git-fixes CVE-2025-38066 bsc#1244909). - Update patches.suse/dm-fix-unconditional-IO-throttle-caused-by-REQ_PREFL.patch (git-fixes CVE-2025-38063 bsc#1245202). - Update patches.suse/dmaengine-idxd-Refactor-remove-call-with-idxd_cleanu.patch (git-fixes CVE-2025-38014 bsc#1244732). - Update patches.suse/dmaengine-idxd-fix-memory-leak-in-error-handling-pat-46a5cca.patch (git-fixes CVE-2025-38015 bsc#1244789). - Update patches.suse/dmaengine-ti-k3-udma-Add-missing-locking.patch (git-fixes CVE-2025-38005 bsc#1244727). - Update patches.suse/drm-amd-display-Fix-invalid-context-error-in-dml-hel.patch (git-fixes CVE-2025-37965 bsc#1244174). - Update patches.suse/drm-amd-display-Increase-block_sequence-array-size.patch (stable-fixes CVE-2025-38080 bsc#1244738). - Update patches.suse/drm-amdgpu-csa-unmap-use-uninterruptible-lock.patch (stable-fixes CVE-2025-38011 bsc#1244729). - Update patches.suse/espintcp-fix-skb-leaks.patch (git-fixes CVE-2025-38057 bsc#1244862). - Update patches.suse/ext4-avoid-journaling-sb-update-on-error-if-journal-is-des.patch (bsc#1241967 CVE-2025-22113 bsc#1241617). - Update patches.suse/ext4-goto-right-label-out_mmap_sem-in-ext4_setattr.patch (bsc#1242556 CVE-2025-22120 bsc#1241592). - Update patches.suse/firmware-arm_ffa-Set-dma_mask-for-ffa-devices.patch (stable-fixes CVE-2025-38043 bsc#1245081). - Update patches.suse/fs-erofs-fileio-call-erofs_onlinefolio_split-after-bio_add_folio.patch (git-fixes CVE-2025-37999 bsc#1243846). - Update patches.suse/gpio-virtuser-fix-potential-out-of-bound-write.patch (stable-fixes CVE-2025-38082 bsc#1244740). - Update patches.suse/md-fix-mddev-uaf-while-iterating-all_mddevs-list.patch (git-fixes CVE-20255-22126 bsc#1241597 CVE-2025-22126). - Update patches.suse/media-cx231xx-set-device_caps-for-417.patch (stable-fixes CVE-2025-38044 bsc#1245082). - Update patches.suse/net-mlx5e-Disable-MACsec-offload-for-uplink-represen.patch (git-fixes CVE-2025-38020 bsc#1245001). - Update patches.suse/net-pktgen-fix-access-outside-of-user-given-buffer-i.patch (git-fixes CVE-2025-38061 bsc#1245440). - Update patches.suse/net-tls-fix-kernel-panic-when-alloc_page-failed.patch (git-fixes CVE-2025-38018 bsc#1244999). - Update patches.suse/net_sched-prio-fix-a-race-in-prio_tune.patch (git-fixes CVE-2025-38083 bsc#1245183). - Update patches.suse/nfs-handle-failure-of-nfs_get_lock_context-in-unlock-path.patch (git-fixes CVE-2025-38023 bsc#1245004). - Update patches.suse/nvmet-tcp-don-t-restore-null-sk_state_change.patch (git-fixes CVE-2025-38035 bsc#1244801). - Update patches.suse/padata-do-not-leak-refcount-in-reorder_work.patch (git-fixes CVE-2025-38031 bsc#1245046). - Update patches.suse/perf-x86-intel-Fix-segfault-with-PEBS-via-PT-with-sample_f.patch (git-fixes CVE-2025-38055 bsc#1244747). - Update patches.suse/phy-tegra-xusb-Use-a-bitmask-for-UTMI-pad-power-stat.patch (git-fixes CVE-2025-38010 bsc#1244996). - Update patches.suse/platform-x86-dell-wmi-sysman-Avoid-buffer-overflow-i.patch (git-fixes CVE-2025-38077 bsc#1244736). - Update patches.suse/ptp-ocp-Limit-signal-freq-counts-in-summary-output-f.patch (git-fixes CVE-2025-38054 bsc#1244752). - Update patches.suse/regulator-max20086-fix-invalid-memory-access.patch (git-fixes CVE-2025-38027 bsc#1245042). - Update patches.suse/sched-numa-fix-memory-leak-due-to-the-overwritten-vma-numab_state.patch (git fixes (sched/numa) CVE-2024-56613 bsc#1244176). - Update patches.suse/serial-mctrl_gpio-split-disable_ms-into-sync-and-no_.patch (git-fixes CVE-2025-38040 bsc#1245078). - Update patches.suse/spi-rockchip-Fix-register-out-of-bounds-access.patch (stable-fixes CVE-2025-38081 bsc#1244739). - Update patches.suse/staging-bcm2835-camera-Initialise-dev-in-v4l2_dev.patch (git-fixes CVE-2025-37971 bsc#1244173). - Update patches.suse/tracing-Have-process_string-also-allow-arrays.patch (git-fixes CVE-2024-57930 bsc#1236194). - Update patches.suse/usb-typec-ucsi-displayport-Fix-NULL-pointer-access.patch (git-fixes CVE-2025-37994 bsc#1243823). - Update patches.suse/wifi-cfg80211-fix-out-of-bounds-access-during-multi-.patch (git-fixes CVE-2025-37973 bsc#1244172). - Update patches.suse/wifi-iwlwifi-fix-debug-actions-order.patch (stable-fixes CVE-2025-38045 bsc#1245083). - Update patches.suse/wifi-mac80211-Set-n_channels-after-allocating-struct.patch (git-fixes CVE-2025-38013 bsc#1244731). - Update patches.suse/wifi-mt76-disable-napi-on-driver-removal.patch (git-fixes CVE-2025-38009 bsc#1244995). - Update patches.suse/x86-microcode-AMD-Fix-__apply_microcode_amd-s-return-value.patch (git-fixes CVE-2025-22047 bsc#1241437). - commit db15093 - cpufreq/ondemand: Set io_is_busy to 1 by default on all platforms (bsc#1233975). - commit e5c69ac - Delete patches.suse/cpufreq-amd-pstate-Default-to-powersave-governor-whe.patch (jsc#PED-13111). - commit e2263cb - HID: wacom: fix crash in wacom_aes_battery_handler() (git-fixes). - HID: lenovo: Restrict F7/9/11 mode to compact keyboards only (git-fixes). - HID: wacom: fix kobject reference count leak (git-fixes). - HID: wacom: fix memory leak on sysfs attribute creation failure (git-fixes). - HID: wacom: fix memory leak on kobject creation failure (git-fixes). - wifi: mac80211: fix beacon interval calculation overflow (git-fixes). - commit ea1fa22 ++++ kernel-rt: - Update patches.suse/ALSA-pcm-Fix-race-of-buffer-access-at-PCM-OSS-layer.patch (stable-fixes CVE-2025-38078 bsc#1244737). - Update patches.suse/ASoC-SOF-Intel-hda-Fix-UAF-when-reloading-module.patch (git-fixes CVE-2025-38056 bsc#1244748). - Update patches.suse/HID-bpf-abort-dispatch-if-device-destroyed.patch (git-fixes CVE-2025-38016 bsc#1244745). - Update patches.suse/HID-uclogic-Add-NULL-check-in-uclogic_input_configur.patch (git-fixes CVE-2025-38007 bsc#1244938). - Update patches.suse/KVM-arm64-Fix-uninitialized-memcache-pointer-in-user.patch (git-fixes CVE-2025-37996 bsc#1243828). - Update patches.suse/PCI-endpoint-pci-epf-test-Fix-double-free-that-cause.patch (stable-fixes CVE-2025-38069 bsc#1245246). - Update patches.suse/RDMA-core-Fix-KASAN-slab-use-after-free-Read-in-ib_r.patch (git-fixes CVE-2025-38022 bsc#1245003). - Update patches.suse/RDMA-rxe-Fix-slab-use-after-free-Read-in-rxe_queue_c.patch (git-fixes CVE-2025-38024 bsc#1245025). - Update patches.suse/block-fix-race-between-set_blocksize-and-read-paths.patch (git-fixes CVE-2025-38073 bsc#1244741). - Update patches.suse/btrfs-avoid-NULL-pointer-dereference-if-no-valid-csu.patch (bsc#1243342 CVE-2025-38059 bsc#1244759). - Update patches.suse/btrfs-avoid-NULL-pointer-dereference-if-no-valid-ext.patch (bsc#1236208 CVE-2025-21658). - Update patches.suse/btrfs-zoned-fix-extent-range-end-unlock-in-cow_file_.patch (bsc#1239514 CVE-2025-21942 bsc#1240704). - Update patches.suse/can-bcm-add-locking-for-bcm_op-runtime-updates.patch (git-fixes CVE-2025-38004 bsc#1244274). - Update patches.suse/can-bcm-add-missing-rcu-read-protection-for-procfs-c.patch (git-fixes CVE-2025-38003 bsc#1244275). - Update patches.suse/can-m_can-m_can_class_allocate_dev-initialize-spin-l.patch (git-fixes CVE-2025-37993 bsc#1243822). - Update patches.suse/crypto-algif_hash-fix-double-free-in-hash_accept.patch (git-fixes CVE-2025-38079 bsc#1245217). - Update patches.suse/crypto-lzo-Fix-compression-buffer-overrun.patch (stable-fixes CVE-2025-38068 bsc#1245210). - Update patches.suse/dm-cache-prevent-BUG_ON-by-blocking-retries-on-faile.patch (git-fixes CVE-2025-38066 bsc#1244909). - Update patches.suse/dm-fix-unconditional-IO-throttle-caused-by-REQ_PREFL.patch (git-fixes CVE-2025-38063 bsc#1245202). - Update patches.suse/dmaengine-idxd-Refactor-remove-call-with-idxd_cleanu.patch (git-fixes CVE-2025-38014 bsc#1244732). - Update patches.suse/dmaengine-idxd-fix-memory-leak-in-error-handling-pat-46a5cca.patch (git-fixes CVE-2025-38015 bsc#1244789). - Update patches.suse/dmaengine-ti-k3-udma-Add-missing-locking.patch (git-fixes CVE-2025-38005 bsc#1244727). - Update patches.suse/drm-amd-display-Fix-invalid-context-error-in-dml-hel.patch (git-fixes CVE-2025-37965 bsc#1244174). - Update patches.suse/drm-amd-display-Increase-block_sequence-array-size.patch (stable-fixes CVE-2025-38080 bsc#1244738). - Update patches.suse/drm-amdgpu-csa-unmap-use-uninterruptible-lock.patch (stable-fixes CVE-2025-38011 bsc#1244729). - Update patches.suse/espintcp-fix-skb-leaks.patch (git-fixes CVE-2025-38057 bsc#1244862). - Update patches.suse/ext4-avoid-journaling-sb-update-on-error-if-journal-is-des.patch (bsc#1241967 CVE-2025-22113 bsc#1241617). - Update patches.suse/ext4-goto-right-label-out_mmap_sem-in-ext4_setattr.patch (bsc#1242556 CVE-2025-22120 bsc#1241592). - Update patches.suse/firmware-arm_ffa-Set-dma_mask-for-ffa-devices.patch (stable-fixes CVE-2025-38043 bsc#1245081). - Update patches.suse/fs-erofs-fileio-call-erofs_onlinefolio_split-after-bio_add_folio.patch (git-fixes CVE-2025-37999 bsc#1243846). - Update patches.suse/gpio-virtuser-fix-potential-out-of-bound-write.patch (stable-fixes CVE-2025-38082 bsc#1244740). - Update patches.suse/md-fix-mddev-uaf-while-iterating-all_mddevs-list.patch (git-fixes CVE-20255-22126 bsc#1241597 CVE-2025-22126). - Update patches.suse/media-cx231xx-set-device_caps-for-417.patch (stable-fixes CVE-2025-38044 bsc#1245082). - Update patches.suse/net-mlx5e-Disable-MACsec-offload-for-uplink-represen.patch (git-fixes CVE-2025-38020 bsc#1245001). - Update patches.suse/net-pktgen-fix-access-outside-of-user-given-buffer-i.patch (git-fixes CVE-2025-38061 bsc#1245440). - Update patches.suse/net-tls-fix-kernel-panic-when-alloc_page-failed.patch (git-fixes CVE-2025-38018 bsc#1244999). - Update patches.suse/net_sched-prio-fix-a-race-in-prio_tune.patch (git-fixes CVE-2025-38083 bsc#1245183). - Update patches.suse/nfs-handle-failure-of-nfs_get_lock_context-in-unlock-path.patch (git-fixes CVE-2025-38023 bsc#1245004). - Update patches.suse/nvmet-tcp-don-t-restore-null-sk_state_change.patch (git-fixes CVE-2025-38035 bsc#1244801). - Update patches.suse/padata-do-not-leak-refcount-in-reorder_work.patch (git-fixes CVE-2025-38031 bsc#1245046). - Update patches.suse/perf-x86-intel-Fix-segfault-with-PEBS-via-PT-with-sample_f.patch (git-fixes CVE-2025-38055 bsc#1244747). - Update patches.suse/phy-tegra-xusb-Use-a-bitmask-for-UTMI-pad-power-stat.patch (git-fixes CVE-2025-38010 bsc#1244996). - Update patches.suse/platform-x86-dell-wmi-sysman-Avoid-buffer-overflow-i.patch (git-fixes CVE-2025-38077 bsc#1244736). - Update patches.suse/ptp-ocp-Limit-signal-freq-counts-in-summary-output-f.patch (git-fixes CVE-2025-38054 bsc#1244752). - Update patches.suse/regulator-max20086-fix-invalid-memory-access.patch (git-fixes CVE-2025-38027 bsc#1245042). - Update patches.suse/sched-numa-fix-memory-leak-due-to-the-overwritten-vma-numab_state.patch (git fixes (sched/numa) CVE-2024-56613 bsc#1244176). - Update patches.suse/serial-mctrl_gpio-split-disable_ms-into-sync-and-no_.patch (git-fixes CVE-2025-38040 bsc#1245078). - Update patches.suse/spi-rockchip-Fix-register-out-of-bounds-access.patch (stable-fixes CVE-2025-38081 bsc#1244739). - Update patches.suse/staging-bcm2835-camera-Initialise-dev-in-v4l2_dev.patch (git-fixes CVE-2025-37971 bsc#1244173). - Update patches.suse/tracing-Have-process_string-also-allow-arrays.patch (git-fixes CVE-2024-57930 bsc#1236194). - Update patches.suse/usb-typec-ucsi-displayport-Fix-NULL-pointer-access.patch (git-fixes CVE-2025-37994 bsc#1243823). - Update patches.suse/wifi-cfg80211-fix-out-of-bounds-access-during-multi-.patch (git-fixes CVE-2025-37973 bsc#1244172). - Update patches.suse/wifi-iwlwifi-fix-debug-actions-order.patch (stable-fixes CVE-2025-38045 bsc#1245083). - Update patches.suse/wifi-mac80211-Set-n_channels-after-allocating-struct.patch (git-fixes CVE-2025-38013 bsc#1244731). - Update patches.suse/wifi-mt76-disable-napi-on-driver-removal.patch (git-fixes CVE-2025-38009 bsc#1244995). - Update patches.suse/x86-microcode-AMD-Fix-__apply_microcode_amd-s-return-value.patch (git-fixes CVE-2025-22047 bsc#1241437). - commit db15093 - cpufreq/ondemand: Set io_is_busy to 1 by default on all platforms (bsc#1233975). - commit e5c69ac - Delete patches.suse/cpufreq-amd-pstate-Default-to-powersave-governor-whe.patch (jsc#PED-13111). - commit e2263cb - HID: wacom: fix crash in wacom_aes_battery_handler() (git-fixes). - HID: lenovo: Restrict F7/9/11 mode to compact keyboards only (git-fixes). - HID: wacom: fix kobject reference count leak (git-fixes). - HID: wacom: fix memory leak on sysfs attribute creation failure (git-fixes). - HID: wacom: fix memory leak on kobject creation failure (git-fixes). - wifi: mac80211: fix beacon interval calculation overflow (git-fixes). - commit ea1fa22 ++++ ovmf: - Enables UEFI Shell support for virtual machines on X64 and AARCH64 platforms (bsc#1244266) - Build Shell.efi and install it to /usr/share/ovmf/ - Add ovmf-ShellPkg-Add-post-script-for-Shell-installation.patch - Add post-install and post-uninstall scripts in /usr/share/ovmf/ - Install Shell.efi to the EFI boot partition (/boot/efi/EFI/opensuse/ or /boot/efi/EFI/sles/) - Register Shell.efi as a UEFI boot entry ++++ selinux-policy: - Update to version 20250627+git0.1805634d: * Set /srv/www = /var/www as equivalent file context (bsc#1239177) * Add a smoke test to the gitlab-ci * Add a default PR template * allow openvpn to attach to wicked owned tun interfaces (bsc#1243291) * allow wicked to connect to networkmanager and mange pid files for it (bsc#1243291) * allow wicked to transition to openvswitch domain (bsc#1243291) * allow wicked to start systemd services (bsc#1243291) * allow wicked to controll firewalld services (bsc1243291) * allow wicked interaction with tmpfs files and creation of sysfs files (bsc#1243291) * introduce fs_dontaudit_exec_tmpfs_files interface * Trigger the gitlab-ci tests only for merge requests to factory * Move 'logging_mounton_syslog_pid_socket' to end of file * Revert "Allow init_t create syslog files (bsc#1230134)" * Allow mdadm nosuid_transition * Label plasma user service files as xdm_unit_file_t. * Revert "Allow systemd-homed to start services." * Allow virtstoraged write qemu runtime files * Allow virtqemud read/write/setattr input event devices * Allow systemd create journal pid files * Allow networkmanager send a general signal to iptables * Allow syslogd watch syslog_conf_t directories * Revert downstream fix for bsc#1199630 due to regression (bsc#1243242) * Allow systemd-machined work with its private tmp and tmpfs files * Allow geoclue read virt lib files * Fix files_dontaudit_delete_all_files() * Label /run/polkit-1 with policykit_var_run_t * Label /dev/diag as diagnostic_device_t * Allow systemd-homed to start services. * Allow named_t to read NetworkManager's runtime files * Improve README* documentation * Add missing permissions for ftpd_anon_write to manage NFS directories * Add missing permissions for ftpd_anon_write to manage CIFS directories * Allow nut-upsmon write systemd inhibit pipes * Allow systemd-user-runtime-dir connect to systemd-userdbd over a unix socket * Remove permissive domain for systemd_vsftpd_generator_t * Change generator-specific rules to apply to systemd_generator * Define file equivalency for /var/etc * Allow tuned-ppd create ppd_base_profile with a file transition * Allow lldpd connect to systemd-homed over a unix socket * Allow sysadm_sudo_t signal rpm script * Fix the "/var/cache/systemd/home(/.*)?" regex * allow selinux_autorelabel_generator_t dac_read_search (bsc#1237511) * do not set sulogin_no_pam (bsc#1237511) - Replace internal slfo-main git branch with factory ------------------------------------------------------------------ ------------------ 2025-6-26 - Jun 26 2025 ------------------- ------------------------------------------------------------------ ++++ cockpit-machines: - Patch cockpit-machines to ignore domain not found errors when domain is deleted (bsc#1236383) * added nic-domain-not-found.patch ++++ kernel-default: - mm/memory-tier: Fix abstract distance calculation overflow (bsc#1244051). - commit 3248628 - x86/xen: Fix __xen_hypercall_setfunc() (git-fixes). - commit 76c9b78 - x86: don't re-generate cpufeaturemasks.h so eagerly (git-fixes). - commit 1bde9b6 - btrfs: fix wrong start offset for delalloc space release during mmap write (git-fixes). - btrfs: prepare btrfs_page_mkwrite() for large folios (git-fixes). - commit e702032 - btrfs: fix invalid data space release when truncating block in NOCOW mode (git-fixes). - commit ecc292a - kabi/severities: ignore nf_flow_register_bpf() that depends on CONFIG_DEBUG_* (bsc#1245399) - commit f7994ea - x86/cpufeatures: Use AWK to generate {REQUIRED|DISABLED}_MASK_BIT_SET in (git-fixes). - Refresh patches.suse/kabi-reserve-cpuid-leaves.patch. - commit c797ea7 - x86/cpufeatures: Remove {disabled,required}-features.h (git-fixes). - Refresh patches.suse/kabi-reserve-cpuid-leaves.patch. - commit 7c1ff00 - x86/cpufeatures: Generate the header based on build config (git-fixes). - commit aa4d1af - x86/cpufeatures: Add {REQUIRED,DISABLED} feature configs (git-fixes). - commit 130db28 - x86/cpufeatures: Rename X86_CMPXCHG64 to X86_CX8 (git-fixes). - commit c39c8b4 - KVM: SVM: Add Idle HLT intercept support (jsc#PED-12577). - commit 9b4ced8 - x86/cpufeatures: Add CPUID feature bit for Idle HLT intercept (jsc#PED-12577). - commit c78722e - vmxnet3: correctly report gso type for UDP tunnels (bsc#1244626). - commit 1216762 - vmxnet3: update MTU after device quiesce (bsc#1244626). - commit d22f709 ++++ kernel-rt: - mm/memory-tier: Fix abstract distance calculation overflow (bsc#1244051). - commit 3248628 - x86/xen: Fix __xen_hypercall_setfunc() (git-fixes). - commit 76c9b78 - x86: don't re-generate cpufeaturemasks.h so eagerly (git-fixes). - commit 1bde9b6 - btrfs: fix wrong start offset for delalloc space release during mmap write (git-fixes). - btrfs: prepare btrfs_page_mkwrite() for large folios (git-fixes). - commit e702032 - btrfs: fix invalid data space release when truncating block in NOCOW mode (git-fixes). - commit ecc292a - kabi/severities: ignore nf_flow_register_bpf() that depends on CONFIG_DEBUG_* (bsc#1245399) - commit f7994ea - x86/cpufeatures: Use AWK to generate {REQUIRED|DISABLED}_MASK_BIT_SET in (git-fixes). - Refresh patches.suse/kabi-reserve-cpuid-leaves.patch. - commit c797ea7 - x86/cpufeatures: Remove {disabled,required}-features.h (git-fixes). - Refresh patches.suse/kabi-reserve-cpuid-leaves.patch. - commit 7c1ff00 - x86/cpufeatures: Generate the header based on build config (git-fixes). - commit aa4d1af - x86/cpufeatures: Add {REQUIRED,DISABLED} feature configs (git-fixes). - commit 130db28 - x86/cpufeatures: Rename X86_CMPXCHG64 to X86_CX8 (git-fixes). - commit c39c8b4 - KVM: SVM: Add Idle HLT intercept support (jsc#PED-12577). - commit 9b4ced8 - x86/cpufeatures: Add CPUID feature bit for Idle HLT intercept (jsc#PED-12577). - commit c78722e - vmxnet3: correctly report gso type for UDP tunnels (bsc#1244626). - commit 1216762 - vmxnet3: update MTU after device quiesce (bsc#1244626). - commit d22f709 ++++ kmod: - Fix testsuite on Leap 16.0 (bsc#1240126) * Revert-build-check-for-__xstat-declarations.patch ++++ ovmf: - Add patch to make Ovmf builds reproducible in OvmfPkg and ArmVirtPkg (bsc#1244218) - Add ovmf-OvmfPkg-ArmVirtPkg-Keep-JSON-stack-cookie-files.patch ------------------------------------------------------------------ ------------------ 2025-6-25 - Jun 25 2025 ------------------- ------------------------------------------------------------------ ++++ python-kiwi: - Add container_import template test - Bump version: 10.2.24 → 10.2.25 - Fixed get_partition_node_name The function get_partition_node_name takes the disk device and the partition index as arguments to match against the respective device node for this partition index. The partition index is the position of the partition in the partition table according to their start offset. For the code to function properly it is required that the list of partitions provided by lsblk is ordered according to the start address of the partitions in the table. The way lsblk was called did not enforce this ordering. This commit enforces the order to be done against the start offset and fixes bsc#1245190 ++++ kernel-default: - btrfs: factor out nocow ordered extent and extent map generation into a helper (git-fixes). - btrfs: fix qgroup reservation leak on failure to allocate ordered extent (git-fixes). - btrfs: move ordered extent cleanup to where they are allocated (git-fixes). - btrfs: remove the unused locked_folio parameter from btrfs_cleanup_ordered_extents() (git-fixes). - btrfs: use unsigned types for constants defined as bit shifts (git-fixes). - Refresh patches.suse/0005-btrfs-do-proper-folio-cleanup-when-run_delalloc_noco.patch. - commit a1f80d1 - tracing: Fix compilation warning on arm32 (bsc#1243551). - commit 5ab4900 - cpufreq/amd-pstate: Add support for the "Requested CPU Min frequency" BIOS option (jsc#PED-13164). - cpufreq/amd-pstate: Add offline, online and suspend callbacks for amd_pstate_driver (jsc#PED-13164). - cpufreq/amd-pstate: Move max_perf limiting in amd_pstate_update (jsc#PED-13164). - commit c625c71 - cpufreq/amd-pstate: Enable ITMT support after initializing core rankings (jsc#PED-13164). - cpufreq/amd-pstate: Fix min_limit perf and freq updation for performance governor (jsc#PED-13164). - commit f84536f - cpufreq/amd-pstate: Set different default EPP policy for Epyc and Ryzen (jsc#PED-13164). - Refresh patches.suse/cpufreq-amd-pstate-Default-to-powersave-governor-whe.patch. - commit f5fec72 - pidfs: ensure that PIDFS_INFO_EXIT is available (jsc#PED-13113). - blacklist.conf: Guard against unused prerequisite - commit 872e385 - exit: fix the usage of delay_group_leader->exit_code in do_notify_parent() and pidfs_exit() (jsc#PED-13113). - pidfs: improve multi-threaded exec and premature thread-group leader exit polling (jsc#PED-13113). - commit c5e2e6c - cpufreq/amd-pstate: Drop actions in amd_pstate_epp_cpu_offline() (jsc#PED-13164). - cpufreq/amd-pstate: Stop caching EPP (jsc#PED-13164). - cpufreq/amd-pstate: Rework CPPC enabling (jsc#PED-13164). - cpufreq/amd-pstate: Drop debug statements for policy setting (jsc#PED-13164). - cpufreq/amd-pstate: Update cppc_req_cached for shared mem EPP writes (jsc#PED-13164). - cpufreq/amd-pstate: Move all EPP tracing into *_update_perf and *_set_epp functions (jsc#PED-13164). - cpufreq/amd-pstate: Cache CPPC request in shared mem case too (jsc#PED-13164). - cpufreq/amd-pstate: Replace all AMD_CPPC_* macros with masks (jsc#PED-13164). - cpufreq/amd-pstate-ut: Adjust variable scope (jsc#PED-13164). - cpufreq/amd-pstate-ut: Run on all of the correct CPUs (jsc#PED-13164). - cpufreq/amd-pstate-ut: Drop SUCCESS and FAIL enums (jsc#PED-13164). - cpufreq/amd-pstate-ut: Allow lowest nonlinear and lowest to be the same (jsc#PED-13164). - cpufreq/amd-pstate-ut: Use _free macro to free put policy (jsc#PED-13164). - cpufreq/amd-pstate: Drop `cppc_cap1_cached` (jsc#PED-13164). - cpufreq/amd-pstate: Overhaul locking (jsc#PED-13164). - cpufreq/amd-pstate: Move perf values into a union (jsc#PED-13164). - cpufreq/amd-pstate: Drop min and max cached frequencies (jsc#PED-13164). - cpufreq/amd-pstate: Show a warning when a CPU fails to setup (jsc#PED-13164). - cpufreq/amd-pstate: Invalidate cppc_req_cached during suspend (jsc#PED-13164). - cpufreq/amd-pstate: Fix the clamping of perf values (jsc#PED-13164). - commit 0b848ba - bpf: abort verification if env->cur_state->loop_entry != NULL (CVE-2025-38060 bsc#1245155). - commit 3e1f9c9 - tracing: Fix oob write in trace_seq_to_buffer() (CVE-2025-37923 bsc#1243551). - commit 3a99a12 - cpufreq/amd-pstate: Remove the unncecessary driver_lock in amd_pstate_update_limits (jsc#PED-13164). - cpufreq/amd-pstate: Use scope based cleanup for cpufreq_policy refs (jsc#PED-13164). - cpufreq/amd-pstate: Remove the unnecessary cpufreq_update_policy call (jsc#PED-13164). - cpufreq/amd-pstate: Modularize perf<->freq conversion (jsc#PED-13164). - Refresh patches.suse/cpufreq-amd-pstate-Add-missing-NULL-ptr-check-in-amd.patch. - cpufreq/amd-pstate: Convert all perf values to u8 (jsc#PED-13164). - Refresh patches.suse/cpufreq-amd-pstate-Add-missing-NULL-ptr-check-in-amd.patch. - cpufreq/amd-pstate: Pass min/max_limit_perf as min/max_perf to amd_pstate_update (jsc#PED-13164). - cpufreq/amd-pstate: Remove the redundant des_perf clamping in adjust_perf (jsc#PED-13164). - cpufreq/amd-pstate: Modify the min_perf calculation in adjust_perf callback (jsc#PED-13164). - commit 21b14f2 - tracing: Fix use-after-free in print_graph_function_flags during tracer switching (CVE-2025-22035 bsc#1241544). - commit 49f381e - bpf: free verifier states when they are no longer referenced (CVE-2025-38060 bsc#1245155). - Refresh patches.suse/kABI-padding-for-bpf.patch. - commit 06e2482 - bpf: fix env->peak_states computation (CVE-2025-38060 bsc#1245155). - commit 53d5bd3 - bpf: use list_head to track explored states and free list (CVE-2025-38060 bsc#1245155). - bpf: do not update state->loop_entry in get_loop_entry() (CVE-2025-38060 bsc#1245155). - bpf: make state->dfs_depth < state->loop_entry->dfs_depth an invariant (CVE-2025-38060 bsc#1245155). - bpf: detect infinite loop in get_loop_entry() (CVE-2025-38060 bsc#1245155). - selftests/bpf: check states pruning for deeply nested iterator (CVE-2025-38060 bsc#1245155). - bpf: don't do clean_live_states when state->loop_entry->branches > 0 (CVE-2025-38060 bsc#1245155). - selftests/bpf: test correct loop_entry update in copy_verifier_state (CVE-2025-38060 bsc#1245155). - bpf: copy_verifier_state() should copy 'loop_entry' field (CVE-2025-38060 bsc#1245155). - commit 6388e16 - bpf: Fix deadlock between rcu_tasks_trace and event_mutex (CVE-2025-37884 bsc#1243060). - commit 1feaa51 ++++ kernel-rt: - btrfs: factor out nocow ordered extent and extent map generation into a helper (git-fixes). - btrfs: fix qgroup reservation leak on failure to allocate ordered extent (git-fixes). - btrfs: move ordered extent cleanup to where they are allocated (git-fixes). - btrfs: remove the unused locked_folio parameter from btrfs_cleanup_ordered_extents() (git-fixes). - btrfs: use unsigned types for constants defined as bit shifts (git-fixes). - Refresh patches.suse/0005-btrfs-do-proper-folio-cleanup-when-run_delalloc_noco.patch. - commit a1f80d1 - tracing: Fix compilation warning on arm32 (bsc#1243551). - commit 5ab4900 - cpufreq/amd-pstate: Add support for the "Requested CPU Min frequency" BIOS option (jsc#PED-13164). - cpufreq/amd-pstate: Add offline, online and suspend callbacks for amd_pstate_driver (jsc#PED-13164). - cpufreq/amd-pstate: Move max_perf limiting in amd_pstate_update (jsc#PED-13164). - commit c625c71 - cpufreq/amd-pstate: Enable ITMT support after initializing core rankings (jsc#PED-13164). - cpufreq/amd-pstate: Fix min_limit perf and freq updation for performance governor (jsc#PED-13164). - commit f84536f - cpufreq/amd-pstate: Set different default EPP policy for Epyc and Ryzen (jsc#PED-13164). - Refresh patches.suse/cpufreq-amd-pstate-Default-to-powersave-governor-whe.patch. - commit f5fec72 - pidfs: ensure that PIDFS_INFO_EXIT is available (jsc#PED-13113). - blacklist.conf: Guard against unused prerequisite - commit 872e385 - exit: fix the usage of delay_group_leader->exit_code in do_notify_parent() and pidfs_exit() (jsc#PED-13113). - pidfs: improve multi-threaded exec and premature thread-group leader exit polling (jsc#PED-13113). - commit c5e2e6c - cpufreq/amd-pstate: Drop actions in amd_pstate_epp_cpu_offline() (jsc#PED-13164). - cpufreq/amd-pstate: Stop caching EPP (jsc#PED-13164). - cpufreq/amd-pstate: Rework CPPC enabling (jsc#PED-13164). - cpufreq/amd-pstate: Drop debug statements for policy setting (jsc#PED-13164). - cpufreq/amd-pstate: Update cppc_req_cached for shared mem EPP writes (jsc#PED-13164). - cpufreq/amd-pstate: Move all EPP tracing into *_update_perf and *_set_epp functions (jsc#PED-13164). - cpufreq/amd-pstate: Cache CPPC request in shared mem case too (jsc#PED-13164). - cpufreq/amd-pstate: Replace all AMD_CPPC_* macros with masks (jsc#PED-13164). - cpufreq/amd-pstate-ut: Adjust variable scope (jsc#PED-13164). - cpufreq/amd-pstate-ut: Run on all of the correct CPUs (jsc#PED-13164). - cpufreq/amd-pstate-ut: Drop SUCCESS and FAIL enums (jsc#PED-13164). - cpufreq/amd-pstate-ut: Allow lowest nonlinear and lowest to be the same (jsc#PED-13164). - cpufreq/amd-pstate-ut: Use _free macro to free put policy (jsc#PED-13164). - cpufreq/amd-pstate: Drop `cppc_cap1_cached` (jsc#PED-13164). - cpufreq/amd-pstate: Overhaul locking (jsc#PED-13164). - cpufreq/amd-pstate: Move perf values into a union (jsc#PED-13164). - cpufreq/amd-pstate: Drop min and max cached frequencies (jsc#PED-13164). - cpufreq/amd-pstate: Show a warning when a CPU fails to setup (jsc#PED-13164). - cpufreq/amd-pstate: Invalidate cppc_req_cached during suspend (jsc#PED-13164). - cpufreq/amd-pstate: Fix the clamping of perf values (jsc#PED-13164). - commit 0b848ba - bpf: abort verification if env->cur_state->loop_entry != NULL (CVE-2025-38060 bsc#1245155). - commit 3e1f9c9 - tracing: Fix oob write in trace_seq_to_buffer() (CVE-2025-37923 bsc#1243551). - commit 3a99a12 - cpufreq/amd-pstate: Remove the unncecessary driver_lock in amd_pstate_update_limits (jsc#PED-13164). - cpufreq/amd-pstate: Use scope based cleanup for cpufreq_policy refs (jsc#PED-13164). - cpufreq/amd-pstate: Remove the unnecessary cpufreq_update_policy call (jsc#PED-13164). - cpufreq/amd-pstate: Modularize perf<->freq conversion (jsc#PED-13164). - Refresh patches.suse/cpufreq-amd-pstate-Add-missing-NULL-ptr-check-in-amd.patch. - cpufreq/amd-pstate: Convert all perf values to u8 (jsc#PED-13164). - Refresh patches.suse/cpufreq-amd-pstate-Add-missing-NULL-ptr-check-in-amd.patch. - cpufreq/amd-pstate: Pass min/max_limit_perf as min/max_perf to amd_pstate_update (jsc#PED-13164). - cpufreq/amd-pstate: Remove the redundant des_perf clamping in adjust_perf (jsc#PED-13164). - cpufreq/amd-pstate: Modify the min_perf calculation in adjust_perf callback (jsc#PED-13164). - commit 21b14f2 - tracing: Fix use-after-free in print_graph_function_flags during tracer switching (CVE-2025-22035 bsc#1241544). - commit 49f381e - bpf: free verifier states when they are no longer referenced (CVE-2025-38060 bsc#1245155). - Refresh patches.suse/kABI-padding-for-bpf.patch. - commit 06e2482 - bpf: fix env->peak_states computation (CVE-2025-38060 bsc#1245155). - commit 53d5bd3 - bpf: use list_head to track explored states and free list (CVE-2025-38060 bsc#1245155). - bpf: do not update state->loop_entry in get_loop_entry() (CVE-2025-38060 bsc#1245155). - bpf: make state->dfs_depth < state->loop_entry->dfs_depth an invariant (CVE-2025-38060 bsc#1245155). - bpf: detect infinite loop in get_loop_entry() (CVE-2025-38060 bsc#1245155). - selftests/bpf: check states pruning for deeply nested iterator (CVE-2025-38060 bsc#1245155). - bpf: don't do clean_live_states when state->loop_entry->branches > 0 (CVE-2025-38060 bsc#1245155). - selftests/bpf: test correct loop_entry update in copy_verifier_state (CVE-2025-38060 bsc#1245155). - bpf: copy_verifier_state() should copy 'loop_entry' field (CVE-2025-38060 bsc#1245155). - commit 6388e16 - bpf: Fix deadlock between rcu_tasks_trace and event_mutex (CVE-2025-37884 bsc#1243060). - commit 1feaa51 ++++ ldmtool: - Update to version 0.2.5 (jsc#PED-12706) * Fix crash while creating mapper for a volume which lacks of partitions * Make libldm to parse and return volume GUID * Change the way we sanitise LDM partition name * Set UUID for device mapper devices (partitions and volumes) * Fix potential memory leak * Use device mapper device UUID instead of name to find device in a tree * New API: ldm_volume_dm_get_device * New API: ldm_partition_dm_get_device * Fix bug in libldm to allow for all spanned LDM volumes to bex correctly identified/mounted - Upstream fixes post 0.2.5 001-Add-example-systemd-unit-file.patch 002-ldmtool-fix-NULL-pointer-dereference.patch 003-Add-ability-to-override-device-mapper-UUID.patch 004-src-Fix-declaration-of-ldm_new.patch 005-Update-gtkdocize.patch - Drop patch contained in new tarball Remove-deprecated-g_type_class_add_private.patch ------------------------------------------------------------------ ------------------ 2025-6-24 - Jun 24 2025 ------------------- ------------------------------------------------------------------ ++++ python-kiwi: - Add support for container-snap as a container-image engine With this commit, we can now pre-load images using container-snap directly during the kiwi image build - Update test-image-MicroOS for local build Fix bootstrap setup such that micro-os patterns can resolve - Fix logging of stderr data in command calls The stderr data was presented as one blob without line breaks. Hard to read and smells like a bug. This commit fixes the output to become readable - Update test-image-MicroOS/disk.sh Add a findmnt for / to check if there is a proper root device reference ++++ kernel-default: - netfilter: nft_exthdr: fix offset with ipv4_find_option() (git-fixes). - commit be2a228 - netfilter: conntrack: Bound nf_conntrack sysctl writes (git-fixes). - commit 0ac13d2 - netfilter: nf_tables: Only use nf_skip_indirect_calls() when MITIGATION_RETPOLINE (git-fixes). - commit 114a1de - netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only (git-fixes). - commit fd8be75 - netfilter: nft_quota: match correctly when the quota just depleted (git-fixes). - commit 563b1e8 - netfilter: nf_set_pipapo_avx2: fix initial map fill (git-fixes). - commit 5316618 - netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it (git-fixes). - commit 3a5285b - netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy (git-fixes). - commit 18d1e67 - netfilter: nf_tables: nft_fib: consistent l3mdev handling (git-fixes). - commit 2b7f119 - s390/pci: Fix s390_mmio_read/write syscall page fault handling (git-fixes bsc#1245291). - commit 2f37aef - s390: Fix linker error when -no-pie option is unavailable (git-fixes bsc#1245290). - commit 788b161 - Delete patches.suse/nvdimm-disable-namespace-on-error.patch. We think the patch is not needed and the issue bsc#1166486 has actually been resolved by upstream commit c1f45d86a522. The upstream submission never got any reply [*], so if we decide we in the end want the patch, it should be resent there first. [*] https://lore.kernel.org/nvdimm/20211201164844.125296-1-colyli@suse.de/ - commit ecc0f57 - s390/vfio-ap: Fix no AP queue sharing allowed message written to kernel log (git-fixes bsc#1245285). - commit 9d4cdf8 - scsi: elx: efct: Fix memory leak in efct_hw_parse_filter() (git-fixes). - scsi: iscsi: Fix incorrect error path labels for flashnode operations (git-fixes). - commit 1fc590c ++++ kernel-rt: - netfilter: nft_exthdr: fix offset with ipv4_find_option() (git-fixes). - commit be2a228 - netfilter: conntrack: Bound nf_conntrack sysctl writes (git-fixes). - commit 0ac13d2 - netfilter: nf_tables: Only use nf_skip_indirect_calls() when MITIGATION_RETPOLINE (git-fixes). - commit 114a1de - netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only (git-fixes). - commit fd8be75 - netfilter: nft_quota: match correctly when the quota just depleted (git-fixes). - commit 563b1e8 - netfilter: nf_set_pipapo_avx2: fix initial map fill (git-fixes). - commit 5316618 - netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it (git-fixes). - commit 3a5285b - netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy (git-fixes). - commit 18d1e67 - netfilter: nf_tables: nft_fib: consistent l3mdev handling (git-fixes). - commit 2b7f119 - s390/pci: Fix s390_mmio_read/write syscall page fault handling (git-fixes bsc#1245291). - commit 2f37aef - s390: Fix linker error when -no-pie option is unavailable (git-fixes bsc#1245290). - commit 788b161 - Delete patches.suse/nvdimm-disable-namespace-on-error.patch. We think the patch is not needed and the issue bsc#1166486 has actually been resolved by upstream commit c1f45d86a522. The upstream submission never got any reply [*], so if we decide we in the end want the patch, it should be resent there first. [*] https://lore.kernel.org/nvdimm/20211201164844.125296-1-colyli@suse.de/ - commit ecc0f57 - s390/vfio-ap: Fix no AP queue sharing allowed message written to kernel log (git-fixes bsc#1245285). - commit 9d4cdf8 - scsi: elx: efct: Fix memory leak in efct_hw_parse_filter() (git-fixes). - scsi: iscsi: Fix incorrect error path labels for flashnode operations (git-fixes). - commit 1fc590c ++++ util-linux-systemd: - Update to version 2.41.1: * cfdisk: fix memory leak and possible NULL dereference * fdisk: fix possible memory leak * findmnt: fix -k option parsing regression (boo#1242705, drop util-linux-libblkid-econf-parse.patch) * hardlink: fix performance regression * include/cctype: fix string comparison * libblkid: * Fix crash while parsing config with libeconf * befs fix underflow * avoid strcasecmp() for ASCII-only strings * libblkid/src/topology/dm: fix fscanf return value check to match expected number of parsed items * libmount: * (subdir) restrict for real mounts only * (subdir) remove unused code * avoid calling memset() unnecessarily * fix --no-canonicalize regression (boo#1244251, drop libmount-fix-no-canonicalize-regression.patch) * lsblk: * use ID_PART_ENTRY_SCHEME as fallback for PTTYPE * avoid strcasecmp() for ASCII-only strings * lscpu: * fix possible buffer overflow in cpuinfo parser * Fix loongarch op-mode output with recent kernel * lsfd: * scan the protocol field of /proc/net/packet as a hex number * fix the description for PACKET.PROTOCOL column * lsns: * enhance compilation without USE_NS_GET_API * fix undefined reference to add_namespace_for_nsfd #3483 * more: * fix broken ':!command' command key * fix implicit previous shell_line execution #3508 * tests: (test_mkfds::mapped-packet-socket) add a new parameter, protocol * treewide: * add ul_ to parse_timestamp() function name (drop util-linux-rename-common-symbols-4.patch) * add ul_ to parse_switch() function name (drop util-linux-rename-common-symbols-3.patch) * add ul_ to parse_size() function name (drop util-linux-rename-common-symbols-2.patch) * add ul_ to parse_range() function name (drop util-linux-rename-common-symbols-1.patch) * fix optional arguments usage * avoid strcasecmp() for ASCII-only strings * Wipefs: improve --all descriptions for whole-disks * Misc: Do not call exit() on code ending in shared libraries * Other fixes. For complete list see https://kernel.org/pub/linux/utils/util-linux/v2.41/v2.41.1-ReleaseNotes - Fix problem with uname26 listed twice. ++++ util-linux: - Update to version 2.41.1: * cfdisk: fix memory leak and possible NULL dereference * fdisk: fix possible memory leak * findmnt: fix -k option parsing regression (boo#1242705, drop util-linux-libblkid-econf-parse.patch) * hardlink: fix performance regression * include/cctype: fix string comparison * libblkid: * Fix crash while parsing config with libeconf * befs fix underflow * avoid strcasecmp() for ASCII-only strings * libblkid/src/topology/dm: fix fscanf return value check to match expected number of parsed items * libmount: * (subdir) restrict for real mounts only * (subdir) remove unused code * avoid calling memset() unnecessarily * fix --no-canonicalize regression (boo#1244251, drop libmount-fix-no-canonicalize-regression.patch) * lsblk: * use ID_PART_ENTRY_SCHEME as fallback for PTTYPE * avoid strcasecmp() for ASCII-only strings * lscpu: * fix possible buffer overflow in cpuinfo parser * Fix loongarch op-mode output with recent kernel * lsfd: * scan the protocol field of /proc/net/packet as a hex number * fix the description for PACKET.PROTOCOL column * lsns: * enhance compilation without USE_NS_GET_API * fix undefined reference to add_namespace_for_nsfd #3483 * more: * fix broken ':!command' command key * fix implicit previous shell_line execution #3508 * tests: (test_mkfds::mapped-packet-socket) add a new parameter, protocol * treewide: * add ul_ to parse_timestamp() function name (drop util-linux-rename-common-symbols-4.patch) * add ul_ to parse_switch() function name (drop util-linux-rename-common-symbols-3.patch) * add ul_ to parse_size() function name (drop util-linux-rename-common-symbols-2.patch) * add ul_ to parse_range() function name (drop util-linux-rename-common-symbols-1.patch) * fix optional arguments usage * avoid strcasecmp() for ASCII-only strings * Wipefs: improve --all descriptions for whole-disks * Misc: Do not call exit() on code ending in shared libraries * Other fixes. For complete list see https://kernel.org/pub/linux/utils/util-linux/v2.41/v2.41.1-ReleaseNotes - Fix problem with uname26 listed twice. ++++ libguestfs: - Update to version 1.56.1 (jsc#PED-12706) * lib: Enable ACPI for the libvirt backend for x86_64 and arm - Only build the inspect-icons RPM for Tumbleweed. Tumbleweed is the only place where icoutils package exists which it requires. ++++ numactl: - Fix Node0 does not exist (bsc#1244492) A 4abeee1aac20a7a2552870e0359b8df013ae9037.patch ++++ libssh: - Update to version 0.11.2 * Security: * CVE-2025-4877 - Write beyond bounds in binary to base64 conversion (bsc#1245309) * CVE-2025-4878 - Use of uninitialized variable in privatekey_from_file() (bsc#1245310) * CVE-2025-5318 - Likely read beyond bounds in sftp server handle management (bsc#1245311) * CVE-2025-5351 - Double free in functions exporting keys (bsc#1245312) * CVE-2025-5372 - ssh_kdf() returns a success code on certain failures (bsc#1245314) * CVE-2025-5449 - Likely read beyond bounds in sftp server message decoding (bsc#1245316) * CVE-2025-5987 - Invalid return code for chacha20 poly1305 with OpenSSL (bsc#1245317) * Compatibility * Fixed compatibility with CPM.cmake * Compatibility with OpenSSH 10.0 * Tests compatibility with new Dropbear releases * Removed p11-kit remoting from the pkcs11 testsuite * Bugfixes * Implement missing packet filter for DH GEX * Properly process the SSH2_MSG_DEBUG message * Allow escaping quotes in quoted arguments to ssh configuration * Do not fail with unknown match keywords in ssh configuration * Process packets before selecting signature algorithm during authentication * Do not fail hard when the SFTP status message is not sent by noncompliant servers - Removed libssh-CmakeLists-Fix-multiple-digit-major-version-for-OpenSSH.patch - Removed libssh-misc-Fix-OpenSSH-banner-parsing.patch ------------------------------------------------------------------ ------------------ 2025-6-23 - Jun 23 2025 ------------------- ------------------------------------------------------------------ ++++ docker: [ This update is a no-op, only needed to work around unfortunate automated packaging script behaviour on SLES. ] - The following patches were removed in openSUSE in the Docker 28.1.1-ce update, but the patch names were later renamed in a SLES-only update before Docker 28.1.1-ce was submitted to SLES. This causes the SLES build scripts to refuse the update because the patches are not referenced in the changelog. There is no obvious place to put the patch removals (the 28.1.1-ce update removing the patches chronologically predates their renaming in SLES), so they are included here a dummy changelog entry to work around the issue. - 0007-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch - 0008-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch ++++ python-kiwi: - Fix mount system for root_is_snapper_snapshot If root is a snapper snapshot we have to tell the chroot a proper root mount point which can be achieved by a bind mount pointing to itself. This Fixes bsc#1244668 ++++ kernel-default: - fs/mpage: use blocks_per_folio instead of blocks_per_page (bsc#1245219). - commit 6f61662 - fs/mpage: avoid negative shift for large blocksize (bsc#1245219). - commit f40b15c - s390/tty: Fix a potential memory leak bug (git-fixes bsc#1245230). - commit 5f783ee - pidfs: never refuse ppid == 0 in PIDFD_GET_INFO (jsc#PED-13113). - commit 4327fa2 - iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid (CVE-2025-37927 bsc#1243620). - commit 0e060e5 - Move upstreamed patch "genksyms: Fix enum consts from a reference affecting new values" into the sorted section (git-fixes). - commit 7c87e2b - s390/boot: Use -D__DISABLE_EXPORTS (bsc#1245126). - commit 79382ab - nvme: always punt polled uring_cmd end_io work to task_work (git-fixes). - nvme-tcp: remove tag set when second admin queue config fails (git-fixes). - nvme: fix implicit bool to flags conversion (git-fixes). - nvme: fix command limits status code (git-fixes). - nvme-fc: do not reference lsrsp after failure (bsc#1245193). - nvmet-fcloop: don't wait for lport cleanup (bsc#1245193). - nvmet-fcloop: add missing fcloop_callback_host_done (bsc#1245193). - nvmet-fc: take tgtport refs for portentry (bsc#1245193). - nvmet-fc: free pending reqs on tgtport unregister (bsc#1245193). - nvmet-fcloop: drop response if targetport is gone (bsc#1245193). - nvmet-fcloop: allocate/free fcloop_lsreq directly (bsc#1245193). - nvmet-fcloop: prevent double port deletion (bsc#1245193). - nvmet-fcloop: access fcpreq only when holding reqlock (bsc#1245193). - nvmet-fcloop: update refs on tfcp_req (bsc#1245193). - nvmet-fcloop: refactor fcloop_delete_local_port (bsc#1245193). - nvmet-fcloop: refactor fcloop_nport_alloc and track lport (bsc#1245193). - nvmet-fcloop: remove nport from list on last user (bsc#1245193). - nvmet-fcloop: track ref counts for nports (bsc#1245193). - nvme-pci: add NVME_QUIRK_NO_DEEPEST_PS quirk for SOLIDIGM P44 Pro (git-fixes). - commit 60761a1 - btrfs: fix fsync of files with no hard links not persisting deletion (bsc#1245068). - btrfs: remove end_no_trans label from btrfs_log_inode_parent() (bsc#1245068). - btrfs: simplify condition for logging new dentries at btrfs_log_inode_parent() (bsc#1245068). - commit 188ca65 - btrfs: always fallback to buffered write if the inode requires checksum (bsc#1245067). - commit b160824 - cpufreq: Default to performance governor on servers (jsc#PED-13111). - commit 0f4c2f8 - sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (git-fixes). - commit 753d7ae - nfsd: use threads array as-is in netlink interface (git-fixes). - commit 3a8806c - Refresh patches.suse/x86-entry-Add-__init-to-ia32_emulation_override_cmdline.patch. - commit 15f587c - x86/microcode/AMD: Do not return error when microcode update is not necessary (git-fixes). - commit 0b0ecd8 - x86/virt/tdx: Avoid indirect calls to TDX assembly functions (git-fixes). - Refresh patches.suse/x86-virt-tdx-Mark-memory-cache-state-incoherent-when-making-seamcall.patch. - commit a3e640a - Revert "mm/execmem: Unify early execmem_cache behaviour" (git-fixes). - commit 99e2ca1 - x86/its: explicitly manage permissions for ITS pages (git-fixes). - commit 4d57729 - x86/Kconfig: only enable ROX cache in execmem when STRICT_MODULE_RWX is set (git-fixes). - commit d3bec4e ++++ kernel-rt: - fs/mpage: use blocks_per_folio instead of blocks_per_page (bsc#1245219). - commit 6f61662 - fs/mpage: avoid negative shift for large blocksize (bsc#1245219). - commit f40b15c - s390/tty: Fix a potential memory leak bug (git-fixes bsc#1245230). - commit 5f783ee - pidfs: never refuse ppid == 0 in PIDFD_GET_INFO (jsc#PED-13113). - commit 4327fa2 - iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid (CVE-2025-37927 bsc#1243620). - commit 0e060e5 - Move upstreamed patch "genksyms: Fix enum consts from a reference affecting new values" into the sorted section (git-fixes). - commit 7c87e2b - s390/boot: Use -D__DISABLE_EXPORTS (bsc#1245126). - commit 79382ab - nvme: always punt polled uring_cmd end_io work to task_work (git-fixes). - nvme-tcp: remove tag set when second admin queue config fails (git-fixes). - nvme: fix implicit bool to flags conversion (git-fixes). - nvme: fix command limits status code (git-fixes). - nvme-fc: do not reference lsrsp after failure (bsc#1245193). - nvmet-fcloop: don't wait for lport cleanup (bsc#1245193). - nvmet-fcloop: add missing fcloop_callback_host_done (bsc#1245193). - nvmet-fc: take tgtport refs for portentry (bsc#1245193). - nvmet-fc: free pending reqs on tgtport unregister (bsc#1245193). - nvmet-fcloop: drop response if targetport is gone (bsc#1245193). - nvmet-fcloop: allocate/free fcloop_lsreq directly (bsc#1245193). - nvmet-fcloop: prevent double port deletion (bsc#1245193). - nvmet-fcloop: access fcpreq only when holding reqlock (bsc#1245193). - nvmet-fcloop: update refs on tfcp_req (bsc#1245193). - nvmet-fcloop: refactor fcloop_delete_local_port (bsc#1245193). - nvmet-fcloop: refactor fcloop_nport_alloc and track lport (bsc#1245193). - nvmet-fcloop: remove nport from list on last user (bsc#1245193). - nvmet-fcloop: track ref counts for nports (bsc#1245193). - nvme-pci: add NVME_QUIRK_NO_DEEPEST_PS quirk for SOLIDIGM P44 Pro (git-fixes). - commit 60761a1 - btrfs: fix fsync of files with no hard links not persisting deletion (bsc#1245068). - btrfs: remove end_no_trans label from btrfs_log_inode_parent() (bsc#1245068). - btrfs: simplify condition for logging new dentries at btrfs_log_inode_parent() (bsc#1245068). - commit 188ca65 - btrfs: always fallback to buffered write if the inode requires checksum (bsc#1245067). - commit b160824 - cpufreq: Default to performance governor on servers (jsc#PED-13111). - commit 0f4c2f8 - sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (git-fixes). - commit 753d7ae - nfsd: use threads array as-is in netlink interface (git-fixes). - commit 3a8806c - Refresh patches.suse/x86-entry-Add-__init-to-ia32_emulation_override_cmdline.patch. - commit 15f587c - x86/microcode/AMD: Do not return error when microcode update is not necessary (git-fixes). - commit 0b0ecd8 - x86/virt/tdx: Avoid indirect calls to TDX assembly functions (git-fixes). - Refresh patches.suse/x86-virt-tdx-Mark-memory-cache-state-incoherent-when-making-seamcall.patch. - commit a3e640a - Revert "mm/execmem: Unify early execmem_cache behaviour" (git-fixes). - commit 99e2ca1 - x86/its: explicitly manage permissions for ITS pages (git-fixes). - commit 4d57729 - x86/Kconfig: only enable ROX cache in execmem when STRICT_MODULE_RWX is set (git-fixes). - commit d3bec4e ++++ libblockdev: - suppress privilege escalation during xfs fs resize (CVE-2025-6019) (bsc#1243285) * add 0001-dont-allow-suid-and-dev-set-on-fs-resize.patch ++++ python-urllib3: - Update to 2.5.0: * Security issues Pool managers now properly control redirects when retries is passed (CVE-2025-50181, GHSA-pq67-6m6q-mj2v, bsc#1244925) Redirects are now controlled by urllib3 in the Node.js runtime (CVE-2025-50182, GHSA-48p4-8xcf-vxj5, bsc#1244924) * Features Added support for the compression.zstd module that is new in Python 3.14. Added support for version 0.5 of hatch-vcs * Bugfixes Raised exception for HTTPResponse.shutdown on a connection already released to the pool. Fixed incorrect CONNECT statement when using an IPv6 proxy with connection_from_host. Previously would not be wrapped in []. ------------------------------------------------------------------ ------------------ 2025-6-22 - Jun 22 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - md/raid1,raid10: don't handle IO error for REQ_RAHEAD and REQ_NOWAIT (git-fixes). - commit 0ec5b97 - PCI/PM: Set up runtime PM even for devices without PCI PM (git-fixes). - commit 58c3f30 ++++ kernel-rt: - md/raid1,raid10: don't handle IO error for REQ_RAHEAD and REQ_NOWAIT (git-fixes). - commit 0ec5b97 - PCI/PM: Set up runtime PM even for devices without PCI PM (git-fixes). - commit 58c3f30 ------------------------------------------------------------------ ------------------ 2025-6-21 - Jun 21 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X513EA (git-fixes). - commit 0071891 - ALSA: hda: Apply volume control on speaker+lineout for HP EliteStudio AIO (stable-fixes). - commit ba1a979 - ALSA: hda/realtek - Support mute led function for HP platform (stable-fixes). - commit 74fc8d1 - gpio: mlxbf3: only get IRQ for device instance 0 (git-fixes). - gpio: pca953x: fix wrong error probe return value (git-fixes). - drm/xe: Fix memset on iomem (git-fixes). - drm/etnaviv: Protect the scheduler's pending list with its lock (git-fixes). - drm/nouveau/bl: increase buffer size to avoid truncate warning (git-fixes). - drm/ssd130x: fix ssd132x_clear_screen() columns (git-fixes). - drm/amdgpu: switch job hw_fence to amdgpu_fence (git-fixes). - drm/i915/pmu: Fix build error with GCOV and AutoFDO enabled (git-fixes). - drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE (git-fixes). - drm/msm: Fix CP_RESET_CONTEXT_STATE bitfield names (git-fixes). - drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate (git-fixes). - drm/msm/disp: Correct porch timing for SDM845 (git-fixes). - ALSA: hda/realtek: Add support for Acer Helios Laptops using CS35L41 HDA (stable-fixes). - commit 26d96c5 ++++ kernel-rt: - ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X513EA (git-fixes). - commit 0071891 - ALSA: hda: Apply volume control on speaker+lineout for HP EliteStudio AIO (stable-fixes). - commit ba1a979 - ALSA: hda/realtek - Support mute led function for HP platform (stable-fixes). - commit 74fc8d1 - gpio: mlxbf3: only get IRQ for device instance 0 (git-fixes). - gpio: pca953x: fix wrong error probe return value (git-fixes). - drm/xe: Fix memset on iomem (git-fixes). - drm/etnaviv: Protect the scheduler's pending list with its lock (git-fixes). - drm/nouveau/bl: increase buffer size to avoid truncate warning (git-fixes). - drm/ssd130x: fix ssd132x_clear_screen() columns (git-fixes). - drm/amdgpu: switch job hw_fence to amdgpu_fence (git-fixes). - drm/i915/pmu: Fix build error with GCOV and AutoFDO enabled (git-fixes). - drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE (git-fixes). - drm/msm: Fix CP_RESET_CONTEXT_STATE bitfield names (git-fixes). - drm/msm/dsi/dsi_phy_10nm: Fix missing initial VCO rate (git-fixes). - drm/msm/disp: Correct porch timing for SDM845 (git-fixes). - ALSA: hda/realtek: Add support for Acer Helios Laptops using CS35L41 HDA (stable-fixes). - commit 26d96c5 ++++ python313-core: - adjusted sofilename for "nogil" build correctly. ++++ python313: - adjusted sofilename for "nogil" build correctly. ------------------------------------------------------------------ ------------------ 2025-6-20 - Jun 20 2025 ------------------- ------------------------------------------------------------------ ++++ transactional-update: - Add correct SELinux policy version dependency for SLE 16 ++++ kernel-default: - libnvdimm/labels: Fix divide error in nd_label_data_init() (bsc#1244743, CVE-2025-38072). - commit 100db61 - mm/hugetlb: fix kernel NULL pointer dereference when replacing free hugetlb folios (CVE-2025-38050 bsc#1244751). - commit 805754b - config: enable rbd and libceph (jsc#PED-13108) - commit 793f4d9 - s390/purgatory: Use -D__DISABLE_EXPORTS (bsc#1245126). - commit 490ac3b - wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 (git-fixes). - commit 6b57cd2 - wifi: carl9170: do not ping device which has failed to load firmware (git-fixes). - NFC: nci: uart: Set tty->disc_data only in success path (git-fixes). - can: tcan4x5x: fix power regulator retrieval during probe (git-fixes). - hwmon: (ltc4282) avoid repeated register write (git-fixes). - hwmon: (occ) fix unaligned accesses (git-fixes). - hwmon: (occ) Rework attribute registration for stack usage (git-fixes). - hwmon: (ftsteutates) Fix TOCTOU race in fts_read() (git-fixes). - wifi: ath11k: move some firmware stats related functions outside of debugfs (git-fixes). - wifi: ath11k: don't wait when there is no vdev started (git-fixes). - wifi: ath11k: don't use static variables in ath11k_debugfs_fw_stats_process() (git-fixes). - wifi: ath11k: avoid burning CPU in ath11k_debugfs_fw_stats_request() (git-fixes). - net: wwan: mhi_wwan_mbim: use correct mux_id for multiplexing (git-fixes). - pinctrl: samsung: add gs101 specific eint suspend/resume callbacks (git-fixes). - pinctrl: samsung: add dedicated SoC eint suspend/resume callbacks (stable-fixes). - pinctrl: samsung: refactor drvdata suspend & resume callbacks (stable-fixes). - Bluetooth: ISO: Fix not using SID from adv report (stable-fixes). - wifi: ath12k: refactor ath12k_hw_regs structure (stable-fixes). - firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES (git-fixes). - thermal/drivers/mediatek/lvts: Remove unused lvts_debugfs_exit (git-fixes). - Bluetooth: MGMT: Remove unused mgmt_pending_find_data (stable-fixes). - wifi: ath11k: convert timeouts to secs_to_jiffies() (stable-fixes). - commit 9415389 - workqueue: Initialize wq_isolated_cpumask in workqueue_init_early() (bsc#1245101). - commit 6bd2836 - Revert "rpm/config.sh: Use suse-kabi-tools (jsc#PED-12618)" This breaking build on s390x and blocking upcoming submissions: Failed to read symtypes from '.': arch/s390/lib/string.symtypes:3: Export 'strlen' is duplicate, previous occurrence found in 'arch/s390/purgatory/string.symtypes' This reverts commit a0854fc92f0d8c56e48e96980cea7efe15509265. - commit 672894a - calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (git-fixes). - commit 666ce5b - net/sched: fix use-after-free in taprio_dev_notifier (git-fixes). - commit bd3ade1 - net_sched: ets: fix a race in ets_qdisc_change() (git-fixes). - commit 035ae9a - net_sched: tbf: fix a race in tbf_change() (git-fixes). - commit 4131c83 - net_sched: red: fix a race in __red_change() (git-fixes). - commit f0af35e - net_sched: prio: fix a race in prio_tune() (git-fixes). - commit 13ce5f2 - net_sched: sch_sfq: reject invalid perturb period (git-fixes). - commit dc06830 - net: Fix TOCTOU issue in sk_is_readable() (git-fixes). - commit 9d72614 - KEYS: trusted: don't fail module __init if SHA1 is unavailable (bsc#1240423 jsc#PED-12225). - commit 93f363a - pidfs: lookup pid through rbtree (jsc#PED-13113). - commit eead84f ++++ kernel-rt: - libnvdimm/labels: Fix divide error in nd_label_data_init() (bsc#1244743, CVE-2025-38072). - commit 100db61 - mm/hugetlb: fix kernel NULL pointer dereference when replacing free hugetlb folios (CVE-2025-38050 bsc#1244751). - commit 805754b - config: enable rbd and libceph (jsc#PED-13108) - commit 793f4d9 - s390/purgatory: Use -D__DISABLE_EXPORTS (bsc#1245126). - commit 490ac3b - wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 (git-fixes). - commit 6b57cd2 - wifi: carl9170: do not ping device which has failed to load firmware (git-fixes). - NFC: nci: uart: Set tty->disc_data only in success path (git-fixes). - can: tcan4x5x: fix power regulator retrieval during probe (git-fixes). - hwmon: (ltc4282) avoid repeated register write (git-fixes). - hwmon: (occ) fix unaligned accesses (git-fixes). - hwmon: (occ) Rework attribute registration for stack usage (git-fixes). - hwmon: (ftsteutates) Fix TOCTOU race in fts_read() (git-fixes). - wifi: ath11k: move some firmware stats related functions outside of debugfs (git-fixes). - wifi: ath11k: don't wait when there is no vdev started (git-fixes). - wifi: ath11k: don't use static variables in ath11k_debugfs_fw_stats_process() (git-fixes). - wifi: ath11k: avoid burning CPU in ath11k_debugfs_fw_stats_request() (git-fixes). - net: wwan: mhi_wwan_mbim: use correct mux_id for multiplexing (git-fixes). - pinctrl: samsung: add gs101 specific eint suspend/resume callbacks (git-fixes). - pinctrl: samsung: add dedicated SoC eint suspend/resume callbacks (stable-fixes). - pinctrl: samsung: refactor drvdata suspend & resume callbacks (stable-fixes). - Bluetooth: ISO: Fix not using SID from adv report (stable-fixes). - wifi: ath12k: refactor ath12k_hw_regs structure (stable-fixes). - firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES (git-fixes). - thermal/drivers/mediatek/lvts: Remove unused lvts_debugfs_exit (git-fixes). - Bluetooth: MGMT: Remove unused mgmt_pending_find_data (stable-fixes). - wifi: ath11k: convert timeouts to secs_to_jiffies() (stable-fixes). - commit 9415389 - workqueue: Initialize wq_isolated_cpumask in workqueue_init_early() (bsc#1245101). - commit 6bd2836 - Revert "rpm/config.sh: Use suse-kabi-tools (jsc#PED-12618)" This breaking build on s390x and blocking upcoming submissions: Failed to read symtypes from '.': arch/s390/lib/string.symtypes:3: Export 'strlen' is duplicate, previous occurrence found in 'arch/s390/purgatory/string.symtypes' This reverts commit a0854fc92f0d8c56e48e96980cea7efe15509265. - commit 672894a - calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (git-fixes). - commit 666ce5b - net/sched: fix use-after-free in taprio_dev_notifier (git-fixes). - commit bd3ade1 - net_sched: ets: fix a race in ets_qdisc_change() (git-fixes). - commit 035ae9a - net_sched: tbf: fix a race in tbf_change() (git-fixes). - commit 4131c83 - net_sched: red: fix a race in __red_change() (git-fixes). - commit f0af35e - net_sched: prio: fix a race in prio_tune() (git-fixes). - commit 13ce5f2 - net_sched: sch_sfq: reject invalid perturb period (git-fixes). - commit dc06830 - net: Fix TOCTOU issue in sk_is_readable() (git-fixes). - commit 9d72614 - KEYS: trusted: don't fail module __init if SHA1 is unavailable (bsc#1240423 jsc#PED-12225). - commit 93f363a - pidfs: lookup pid through rbtree (jsc#PED-13113). - commit eead84f ++++ open-vm-tools: - Update to open-vm-tools 13.0.0 based on build 24696409. (boo#1245169): There are no new features in the open-vm-tools 13.0.0 release. This is primarily a maintenance release that addresses a few issues, including: - The vm-support script has been updated to collect the open-vm-tools log files from the Linux guest and information from the systemd journal. - Github pull requests has been integrated and issues fixed. Please see the Resolved Issues section of the Release Notes. For a more complete list of issues resolved in this release, see the Resolved Issues section of the Release Notes. For complete details, see: https://github.com/vmware/open-vm-tools/releases/tag/stable-13.0.0 Release Notes are available at: https://github.com/vmware/open-vm-tools/blob/stable-13.0.0/ReleaseNotes.md The granular changes that have gone into the 13.0.0 release are in the ChangeLog at: https://github.com/vmware/open-vm-tools/blob/stable-13.0.0/open-vm-tools/ChangeLog - Add patch: 0001-GOSC-Update-Guest-OS-Customization-to-utilize-system.patch Currently the "telinit 6" command is used to reboot a Linux VM following Guest OS Customization. As the classic Linux init system, SysVinit, is deprecated in favor of a newer init system, systemd, the telinit command may not be available on the base Linux OS. This change adds support to Guest OS Customization for the systemd init system. If the modern init system, systemd, is available, then a "systemctl reboot" command will be used to trigger reboot. Otherwise, the "telinit 6" command will be used assuming the traditional init system, SysVinit, is still available. - Drop patch now contained in 13.0.0: open-vm-tools-12.5.0-gcc15.patch - Ran /usr/lib/obs/service/source_validators/helpers/fix_changelog to fix changes file where source validator was failing. ++++ ovmf: - Enable TDVF firmware to boot TDX guest VM with Secure boot (jsc#PED-13070) - Add ovmf-x86_64-tdx-secureboot.bin - Add 60-ovmf-x86_64-tdx.json ------------------------------------------------------------------ ------------------ 2025-6-19 - Jun 19 2025 ------------------- ------------------------------------------------------------------ ++++ cockpit: - Add kdump-nfs-fixes.patch to fix bsc#1241949 ++++ kernel-default: - Update patches.suse/dlm-mask-sk_shutdown-value.patch (bsc#1241278). - Update patches.suse/dlm-use-SHUT_RDWR-for-SCTP-shutdown.patch (bsc#1241278). Original bsc number was wrong. Fix it. - commit 4a3a0a7 - selftests/ftrace: Use readelf to find entry point in uprobe test (bsc#1242836). - commit c5198f9 - selftests/ftrace: Make uprobe test more robust against binary name (bsc#1242836). - commit 97eea6a ++++ kernel-rt: - Update patches.suse/dlm-mask-sk_shutdown-value.patch (bsc#1241278). - Update patches.suse/dlm-use-SHUT_RDWR-for-SCTP-shutdown.patch (bsc#1241278). Original bsc number was wrong. Fix it. - commit 4a3a0a7 - selftests/ftrace: Use readelf to find entry point in uprobe test (bsc#1242836). - commit c5198f9 - selftests/ftrace: Make uprobe test more robust against binary name (bsc#1242836). - commit 97eea6a ++++ systemd: - Import commit 1e42ecf5a145589954df77da05937ee69619f3e5 1e42ecf5a1 firstboot: make sure labelling is enabled 3bdb2efbe0 tmpfiles: fix symlink creation when replacing 61c228d2cc firstboot: use WRITE_STRING_FILE_LABEL more f5148acf37 env-file: port write_env_file() to label_ops_pre() bbff8b5523 fs-util: replace symlink_atomic_full_label() by a flag to symlinkat_atomic_full() (bsc#1244237) 2b39393efa env-file: rework write_env_file() to make use of O_TMPFILE ------------------------------------------------------------------ ------------------ 2025-6-18 - Jun 18 2025 ------------------- ------------------------------------------------------------------ ++++ docker: - Update to docker-buildx v0.25.0. Upstream changelog: ++++ python-kiwi: - There is no shim for aarch64 on SUSE Fix integration test for standard EFI (no secure boot) setup on arm ++++ kernel-default: - rpm/config.sh: Use suse-kabi-tools (jsc#PED-12618) - commit a0854fc - net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (CVE-2025-38001 bsc#1244234). - commit 031f2d0 - block: flip iter directions in blk_rq_integrity_map_user() (git-fixes). - loop: add file_start_write() and file_end_write() (git-fixes). - brd: fix discard end sector (git-fixes). - brd: fix aligned_sector from brd_do_discard() (git-fixes). - block: only update request sector if needed (git-fixes). - block: fix race between set_blocksize and read paths (git-fixes). - badblocks: Fix a nonsense WARN_ON() which checks whether a u64 variable < 0 (git-fixes). - blk-throttle: don't take carryover for prioritized processing of metadata (git-fixes). - ublk: enforce ublks_max only for unprivileged devices (git-fixes). - block: mark bounce buffering as incompatible with integrity (git-fixes). - ublk: complete command synchronously on error (git-fixes). - loop: check in LO_FLAGS_DIRECT_IO in loop_default_blocksize (git-fixes). - commit 9c6fb7f - packaging: Add support for suse-kabi-tools The current workflow to check kABI stability during the RPM build of SUSE kernels consists of the following steps: * The downstream script rpm/modversions unpacks the consolidated kABI symtypes reference data from kabi//symtypes- and creates individual symref files. * The build performs a regular kernel make. During this operation, genksyms is invoked for each source file. The tool determines type signatures of all exports within the file, reports any differences compared to the associated symref reference, calculates symbol CRCs from the signatures and writes new type data into a symtypes file. * The script rpm/modversions is invoked again, this time it packs all new symtypes files to a consolidated kABI file. * The downstream script rpm/kabi.pl checks symbol CRCs in the new build and compares them to a reference from kabi//symvers-, taking kabi/severities into account. suse-kabi-tools is a new set of tools to improve the kABI checking process. The suite includes two tools, ksymtypes and ksymvers, which replace the existing scripts rpm/modversions and rpm/kabi.pl, as well as the comparison functionality previously provided by genksyms. The tools have their own source repository and package. The tools provide faster operation and more detailed, unified output. In addition, they allow the use of the new upstream tool gendwarfksyms, which lacks any built-in comparison functionality. The updated workflow is as follows: * The build performs a regular kernel make. During this operation, genksyms (gendwarfksyms) is invoked as usual, determinining signatures and CRCs of all exports and writing the type data to symtypes files. However, genksyms no longer performs any comparison. * 'ksymtypes consolidate' packs all new symtypes files to a consolidated kABI file. * 'ksymvers compare' checks symbol CRCs in the new build and compares them to a reference from kabi//symvers-, taking kabi/severities into account. The tool writes its result in a human-readable form on standard output and also writes a list of all changed exports (not ignored by kabi/severities) to the changed-exports file. * 'ksymtypes compare' takes the changed-exports file, the consolidated kABI symtypes reference data from kabi//symtypes- and the new consolidated data. Based on this data, it produces a detailed report explaining why the symbols changed. The patch enables the use of suse-kabi-tools via rpm/config.sh, providing explicit control to each branch. To enable the support, set USE_SUSE_KABI_TOOLS=Yes in the config file. - commit a2c6f89 - platform/x86: dell_rbu: Stop overwriting data buffer (git-fixes). - platform/x86: dell_rbu: Fix list usage (git-fixes). - platform/x86/amd: pmf: Prevent amd_pmf_tee_deinit() from running twice (git-fixes). - platform/x86/amd: pmf: Use device managed allocations (git-fixes). - platform/x86/amd: pmc: Clear metrics table at start of cycle (git-fixes). - platform/x86/intel-uncore-freq: Fail module load when plat_info is NULL (git-fixes). - platform/x86: ideapad-laptop: use usleep_range() for EC polling (git-fixes). - commit 89154c9 ++++ kernel-rt: - rpm/config.sh: Use suse-kabi-tools (jsc#PED-12618) - commit a0854fc - net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (CVE-2025-38001 bsc#1244234). - commit 031f2d0 - block: flip iter directions in blk_rq_integrity_map_user() (git-fixes). - loop: add file_start_write() and file_end_write() (git-fixes). - brd: fix discard end sector (git-fixes). - brd: fix aligned_sector from brd_do_discard() (git-fixes). - block: only update request sector if needed (git-fixes). - block: fix race between set_blocksize and read paths (git-fixes). - badblocks: Fix a nonsense WARN_ON() which checks whether a u64 variable < 0 (git-fixes). - blk-throttle: don't take carryover for prioritized processing of metadata (git-fixes). - ublk: enforce ublks_max only for unprivileged devices (git-fixes). - block: mark bounce buffering as incompatible with integrity (git-fixes). - ublk: complete command synchronously on error (git-fixes). - loop: check in LO_FLAGS_DIRECT_IO in loop_default_blocksize (git-fixes). - commit 9c6fb7f - packaging: Add support for suse-kabi-tools The current workflow to check kABI stability during the RPM build of SUSE kernels consists of the following steps: * The downstream script rpm/modversions unpacks the consolidated kABI symtypes reference data from kabi//symtypes- and creates individual symref files. * The build performs a regular kernel make. During this operation, genksyms is invoked for each source file. The tool determines type signatures of all exports within the file, reports any differences compared to the associated symref reference, calculates symbol CRCs from the signatures and writes new type data into a symtypes file. * The script rpm/modversions is invoked again, this time it packs all new symtypes files to a consolidated kABI file. * The downstream script rpm/kabi.pl checks symbol CRCs in the new build and compares them to a reference from kabi//symvers-, taking kabi/severities into account. suse-kabi-tools is a new set of tools to improve the kABI checking process. The suite includes two tools, ksymtypes and ksymvers, which replace the existing scripts rpm/modversions and rpm/kabi.pl, as well as the comparison functionality previously provided by genksyms. The tools have their own source repository and package. The tools provide faster operation and more detailed, unified output. In addition, they allow the use of the new upstream tool gendwarfksyms, which lacks any built-in comparison functionality. The updated workflow is as follows: * The build performs a regular kernel make. During this operation, genksyms (gendwarfksyms) is invoked as usual, determinining signatures and CRCs of all exports and writing the type data to symtypes files. However, genksyms no longer performs any comparison. * 'ksymtypes consolidate' packs all new symtypes files to a consolidated kABI file. * 'ksymvers compare' checks symbol CRCs in the new build and compares them to a reference from kabi//symvers-, taking kabi/severities into account. The tool writes its result in a human-readable form on standard output and also writes a list of all changed exports (not ignored by kabi/severities) to the changed-exports file. * 'ksymtypes compare' takes the changed-exports file, the consolidated kABI symtypes reference data from kabi//symtypes- and the new consolidated data. Based on this data, it produces a detailed report explaining why the symbols changed. The patch enables the use of suse-kabi-tools via rpm/config.sh, providing explicit control to each branch. To enable the support, set USE_SUSE_KABI_TOOLS=Yes in the config file. - commit a2c6f89 - platform/x86: dell_rbu: Stop overwriting data buffer (git-fixes). - platform/x86: dell_rbu: Fix list usage (git-fixes). - platform/x86/amd: pmf: Prevent amd_pmf_tee_deinit() from running twice (git-fixes). - platform/x86/amd: pmf: Use device managed allocations (git-fixes). - platform/x86/amd: pmc: Clear metrics table at start of cycle (git-fixes). - platform/x86/intel-uncore-freq: Fail module load when plat_info is NULL (git-fixes). - platform/x86: ideapad-laptop: use usleep_range() for EC polling (git-fixes). - commit 89154c9 ++++ libsoup: - Add libsoup-CVE-2025-4945.patch: add value checks for date/time parsing (boo#1243314 CVE-2025-4945). ++++ libzypp: - Enhancements regarding mirror handling during repo refresh. Added means to disable the use of mirrors when downloading security relevant files. Requires updaing zypper to 1.14.91. - Fix autotestcase writer if ZYPP_FULLLOG=1 (bsc#1244042) If ZYPP_FULLLOG=1 a solver testcase to "/var/log/YaST2/autoTestcase" should be written for each solver run. There was no testcase written for the very first solver run. This is now fixed. - Pass $1==2 to %posttrans script if it's an update (bsc#1243279) - version 17.37.6 (35) ++++ pam: - hardcode disabling elogind, meson detection is unreliable in OBS - Update to version 1.7.1 - pam_access: do not resolve ttys or display variables as hostnames. - pam_access: added "nodns" option to disallow resolving of tokens as hostnames (CVE-2024-10963). - pam_limits: added support for rttime (RLIMIT_RTTIME). - pam_namespace: fixed potential privilege escalation (CVE-2025-6020). - meson: added support of elogind as a logind provider. - Multiple minor bug fixes, build fixes, portability fixes, documentation improvements, and translation updates. - pam_access-rework-resolving-of-tokens-as-hostname.patch got obsoleted ++++ pam-config: - Update to version 2.12+git.20250516: * Don't add pam_env twice ++++ pam-full-src: - hardcode disabling elogind, meson detection is unreliable in OBS - Update to version 1.7.1 - pam_access: do not resolve ttys or display variables as hostnames. - pam_access: added "nodns" option to disallow resolving of tokens as hostnames (CVE-2024-10963). - pam_limits: added support for rttime (RLIMIT_RTTIME). - pam_namespace: fixed potential privilege escalation (CVE-2025-6020). - meson: added support of elogind as a logind provider. - Multiple minor bug fixes, build fixes, portability fixes, documentation improvements, and translation updates. - pam_access-rework-resolving-of-tokens-as-hostname.patch got obsoleted ++++ zypper: - BuildRequires: libzypp-devel >= 17.37.6. Enhancements regarding mirror handling during repo refresh. Adapt to libzypp API changes. (bsc#1230267) - version 1.14.91 ------------------------------------------------------------------ ------------------ 2025-6-17 - Jun 17 2025 ------------------- ------------------------------------------------------------------ ++++ afterburn: - Fix Requires in noarch package to not be arch specific (bsc#1244675) ++++ drbd-utils: - merge upstream patch to fix build error * add patch + DRBDmon-Add-missing-default_types.h-include-in-strin.patch - Fix SELinux equivalency rules in module (bsc#1242915) * add patch + 0001-Fix-selinux-policy-for-usr-bin-equivalency-rules.patch + 0002-Fix-selinux-module-for-run-lock-equivalency-rules.patch + 0003-Fix-selinux-module-for-run-equivalency-rules.patch ++++ glibc: - ppc64le-revert-power10-strcmp.patch: Revert optimized POWER10 strcmp, strncmp implementations (CVE-2025-5745, CVE-2025-5702, bsc#1244184, bsc#1244182, BZ #33060, BZ #33056) - ppc64le-revert-power10-memcmp.patch: Revert optimized POWER10 memcmp implementation (BZ #33059) ++++ gpg2: - Don't install expired sks certificate [bsc#1243069] * Add patch gnupg-dirmngr-Don-t-install-expired-sks-certificate.patch ++++ kernel-default: - loop: factor out a loop_assign_backing_file helper (git-fixes). - Refresh patches.suse/loop-Add-sanity-check-for-read-write_iter.patch. - commit 6b2b09e - platform/x86/amd/hsmp: mark hsmp_msg_desc_table as maybe_unused (git-fixes). - commit a5ad60f - iommu: Clear iommu-dma ops on cleanup (CVE-2025-37877 bsc#1243058). - commit 5ecb9e1 - kernel-source: Remove log.sh from sources - commit 96bd779 - powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery (bsc#1215199). - commit e772925 ++++ kernel-firmware-amdgpu: - Update to version 20250616 (git commit 1d98972a5635): * amdgpu: Update DMCUB fw for DCN401 & DCN315 ++++ kernel-rt: - loop: factor out a loop_assign_backing_file helper (git-fixes). - Refresh patches.suse/loop-Add-sanity-check-for-read-write_iter.patch. - commit 6b2b09e - platform/x86/amd/hsmp: mark hsmp_msg_desc_table as maybe_unused (git-fixes). - commit a5ad60f - iommu: Clear iommu-dma ops on cleanup (CVE-2025-37877 bsc#1243058). - commit 5ecb9e1 - kernel-source: Remove log.sh from sources - commit 96bd779 - powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery (bsc#1215199). - commit e772925 ++++ vim: - Fix bsc#1228776 / CVE-2024-41965. - Fix bsc#1239602 / CVE-2025-29768. - Refresh patch: vim-7.3-sh_is_bash.patch - Update to 9.1.1406: 9.1.1406: crash when importing invalid tuple 9.1.1405: tests: no test for mapping with special keys in session file 9.1.1404: wrong link to Chapter 2 in new-tutor 9.1.1403: expansion of 'tabpanelopt' value adds wrong values 9.1.1402: multi-byte mappings not properly stored in session file 9.1.1401: list not materialized in prop_list() 9.1.1400: [security]: use-after-free when evaluating tuple fails 9.1.1399: tests: test_codestyle fails for auto-generated files 9.1.1398: completion: trunc does not follow Pmenu highlighting attributes 9.1.1397: tabpanel not correctly updated on :tabonly 9.1.1396: 'errorformat' is a global option 9.1.1395: search_stat not reset when pattern differs in case 9.1.1394: tabpanel not correctly redrawn on tabonly 9.1.1393: missing test for switching buffers and reusing curbuf 9.1.1392: missing patch number 9.1.1391: Vim does not have a vertical tabpanel 9.1.1390: style: more wrong indentation 9.1.1389: completion: still some issue when 'isexpand' contains a space 9.1.1388: Scrolling one line too far with 'nosmoothscroll' page scrolling 9.1.1387: memory leak when buflist_new() fails to reuse curbuf 9.1.1386: MS-Windows: some minor problems building on AARCH64 9.1.1385: inefficient loop for 'nosmoothscroll' scrolling 9.1.1384: still some problem with the new tutors filetype plugin 9.1.1383: completion: 'isexpand' option does not handle space char correct 9.1.1382: if_ruby: unused compiler warnings from ruby internals 9.1.1381: completion: cannot return to original text 9.1.1380: 'eventignorewin' only checked for current buffer 9.1.1379: MS-Windows: error when running evim when space in path 9.1.1378: sign without text overwrites number option 9.1.1377: patch v9.1.1370 causes some GTK warning messages 9.1.1376: quickfix dummy buffer may remain as dummy buffer 9.1.1375: [security]: possible heap UAF with quickfix dummy buffer 9.1.1374: completion: 'smartcase' not respected when filtering matches 9.1.1373: 'completeopt' checking logic can be simplified 9.1.1372: style: braces issues in various files 9.1.1371: style: indentation and brace issues in insexpand.c 9.1.1370: CI Tests favor GTK2 over GTK3 9.1.1369: configure still using autoconf 2.71 9.1.1368: GTK3 and GTK4 will drop numeric cursor support. 9.1.1367: too many strlen() calls in gui.c 9.1.1366: v9.1.1364 unintentionally changed sign.c and sound.c 9.1.1365: MS-Windows: compile warnings and too many strlen() calls 9.1.1364: style: more indentation issues 9.1.1363: style: inconsistent indentation in various files 9.1.1362: Vim9: type ignored when adding tuple to instance list var 9.1.1361: [security]: possible use-after-free when closing a buffer 9.1.1360: filetype: GNU Radio companion files are not recognized 9.1.1359: filetype: GNU Radio config files are not recognized 9.1.1358: if_lua: compile warnings with gcc15 9.1.1357: Vim incorrectly escapes tags with "[" in a help buffer 9.1.1356: Vim9: crash when unletting variable 9.1.1355: The pum_redraw() function is too complex 9.1.1354: tests: Test_terminalwinscroll_topline() fails on Windows 9.1.1353: missing change from v9.1.1350 9.1.1352: style: inconsistent indent in insexpand.c 9.1.1351: Return value of getcmdline() inconsistent in CmdlineLeavePre 9.1.1350: tests: typo in Test_CmdlineLeavePre_cabbr() 9.1.1349: CmdlineLeavePre may trigger twice 9.1.1348: still E315 with the terminal feature 9.1.1347: small problems with gui_w32.c 9.1.1346: missing out-of-memory check in textformat.c 9.1.1345: tests: Test_xxd_color2() test failure dump diff is misleading 9.1.1344: double free in f_complete_match() (after v9.1.1341) 9.1.1343: filetype: IPython files are not recognized 9.1.1342: Shebang filetype detection can be improved 9.1.1341: cannot define completion triggers 9.1.1340: cannot complete :filetype arguments 9.1.1339: missing out-of-memory checks for enc_to_utf16()/utf16_to_enc() 9.1.1338: Calling expand() interferes with cmdcomplete_info() 9.1.1337: Undo corrupted with 'completeopt' "preinsert" when switching buffer 9.1.1336: comment plugin does not support case-insensitive 'commentstring' 9.1.1335: Coverity complains about Null pointer dereferences 9.1.1334: Coverity complains about unchecked return value 9.1.1333: Coverity: complains about unutilized variable 9.1.1332: Vim9: segfault when using super within a lambda 9.1.1331: Leaking memory with cmdcomplete() ------------------------------------------------------------------ ------------------ 2025-6-16 - Jun 16 2025 ------------------- ------------------------------------------------------------------ ++++ cifs-utils: - Update cifs-utils to 7.4 * mount.cifs: retry mount on -EINPROGRESS * cifs.upcall: correctly treat UPTARGET_UNSPECIFIED as UPTARGET_APP * cifs.upcall: fix memory leaks in check_service_ticket_exits() * cifs-utils: bump version to 7.4 * getcifsacl, setcifsacl: use for basename * cifscreds: use for basename ++++ cockpit-machines: - Update to 333 * Bug fixes * The "shareable" attribute of disks is no longer modified by Cockpit * Virtual network interfaces can now select source mode ++++ python-kiwi: - Add driver configuration support for dracut initrd Add driver configuration support for dracut initrd Add support for specifying kernel drivers to be included or omitted in the dracut initrd configuration. This extends the existing dracut configuration capabilities like in the following example ++++ kernel-default: - block/bdev: enable large folio support for large logical block sizes (git-fixes). - commit 03e169f - x86/amd_node: Add support for debugfs access to SMN registers (jsc#PED-13094). - commit 718f7f2 - x86/amd_node: Add SMN offsets to exclusive region access (jsc#PED-13094). - commit 8b0488f - x86/amd_node: Use defines for SMN register offsets (jsc#PED-13094). - commit fdceb0c - ima: Suspend PCR extends and log appends when rebooting (bsc#1210025 ltc#196650). - Refresh patches.suse/0008-ima-track-the-set-of-PCRs-ever-extended.patch. - commit 87b6eff - wifi: ath12k: Prevent sending WMI commands to firmware during firmware crash (bsc#1240998). - wifi: ath12k: Resolve multicast packet drop by populating key_cipher in ath12k_install_key() (bsc#1240998). - commit 7530032 - wifi: ath12k: ath12k_mac_op_set_key(): fix uninitialized symbol 'ret' (bsc#1240998). - commit f7be9d8 - wifi: ath12k: Fix for out-of bound access error (bsc#1240998 CVE-2024-58015 bsc#1238995). - blacklist.conf: - commit 3c5bf1f - wifi: ath12k: fix key cache handling (bsc#1240998). - commit dcb3d62 - wifi: ath12k: convert tasklet to BH workqueue for CE interrupts (bsc#1240998). - wifi: ath12k: fix A-MSDU indication in monitor mode (bsc#1240998). - wifi: ath12k: use tail MSDU to get MSDU information (bsc#1240998). - wifi: ath12k: delete NSS and TX power setting for monitor vdev (bsc#1240998). - wifi: ath12k: fix struct hal_rx_mpdu_start (bsc#1240998). - wifi: ath12k: fix struct hal_rx_phyrx_rssi_legacy_info (bsc#1240998). - wifi: ath12k: fix struct hal_rx_ppdu_start (bsc#1240998). - wifi: ath12k: fix struct hal_rx_ppdu_end_user_stats (bsc#1240998). - wifi: ath12k: remove unused variable monitor_present (bsc#1240998). - commit 8ed2a0a - wifi: ath12k: modify link arvif creation and removal for MLO (bsc#1240998). - Refresh patches.suse/wifi-ath12k-fix-read-pointer-after-free-in-ath12k_ma.patch. - commit 66e4cb1 - wifi: ath12k: update ath12k_mac_op_update_vif_offload() for MLO (bsc#1240998). - wifi: ath12k: update ath12k_mac_op_conf_tx() for MLO (bsc#1240998). - wifi: ath12k: modify ath12k_mac_op_set_key() for MLO (bsc#1240998). - wifi: ath12k: modify ath12k_mac_op_bss_info_changed() for MLO (bsc#1240998). - wifi: ath12k: modify ath12k_get_arvif_iter() for MLO (bsc#1240998). - wifi: ath12k: modify ath12k_mac_vif_chan() for MLO (bsc#1240998). - wifi: ath12k: prepare vif config caching for MLO (bsc#1240998). - wifi: ath12k: prepare sta data structure for MLO handling (bsc#1240998). - wifi: ath12k: pass ath12k_link_vif instead of vif/ahvif (bsc#1240998). - commit e2a68c7 - wifi: ath12k: prepare vif data structure for MLO handling (bsc#1240998). - Refresh patches.suse/wifi-ath12k-Handle-error-cases-during-extended-skb-a.patch. - Refresh patches.suse/wifi-ath12k-fix-tx-power-max-reg-power-update-to-fir.patch. - commit be086ca - wifi: ath12k: Add firmware coredump collection support (bsc#1240998). - Update config files. - commit 13fc60a - wifi: ath12k: Support BE OFDMA Pdev Rate Stats (bsc#1240998). - wifi: ath12k: Support Pdev Scheduled Algorithm Stats (bsc#1240998). - wifi: ath12k: Support DMAC Reset Stats (bsc#1240998). - wifi: ath12k: add missing lockdep_assert_wiphy() for ath12k_mac_op_ functions (bsc#1240998). - wifi: ath12k: ath12k_mac_op_sta_state(): clean up update_wk cancellation (bsc#1240998). - wifi: ath12k: ath12k_mac_set_key(): remove exit label (bsc#1240998). - commit 4d42f04 - wifi: ath12k: switch to using wiphy_lock() and remove ar->conf_mutex (bsc#1240998). - Refresh patches.suse/wifi-ath12k-fix-node-corruption-in-ar-arvifs-list.patch. - Refresh patches.suse/wifi-ath12k-fix-read-pointer-after-free-in-ath12k_ma.patch. - commit 728526a - wifi: ath12k: convert struct ath12k_sta::update_wk to use struct wiphy_work (bsc#1240998). - commit 91ddf3a - wifi: ath12k: Support Pdev OBSS Stats (bsc#1240998). - wifi: ath12k: Support pdev CCA Stats (bsc#1240998). - wifi: ath12k: Support pdev Transmit Multi-user stats (bsc#1240998). - wifi: ath12k: Support Ring and SFM stats (bsc#1240998). - wifi: ath12k: Support Self-Generated Transmit stats (bsc#1240998). - wifi: ath12k: Modify print_array_to_buf() to support arrays with 1-based semantics (bsc#1240998). - wifi: ath12k: move txbaddr/rxbaddr into struct ath12k_dp (bsc#1240998). - wifi: ath12k: make read-only array svc_id static const (bsc#1240998). - commit 3509024 - x86/bugs: Restructure ITS mitigation (git-fixes). - commit 085abef - x86/bugs: Fix spectre_v2 mitigation default on Intel (git-fixes). - commit f344e75 - KVM: SVM: Set/clear SRSO's BP_SPEC_REDUCE on 0 <=> 1 VM count transitions (git-fixes). - commit b648f1d - platform/x86/amd/hsmp: fix building with CONFIG_HWMON=m (jsc#PED-13094). - commit dc03ed2 - platform/x86/amd/hsmp: acpi: Add sysfs files to display HSMP telemetry (jsc#PED-13094). - commit d63496c - platform/x86/amd/hsmp: Report power via hwmon sensors (jsc#PED-13094). - commit 357c2f9 - platform/x86/amd/hsmp: Use a single DRIVER_VERSION for all usmp modules (jsc#PED-13094). - commit 60b1624 - platform/x86/amd/hsmp: Make amd_hsmp and hsmp_acpi as mutually exclusive drivers (jsc#PED-13094). - Refresh patches.suse/x86-platform-amd-Move-the-asm-amd_hsmp.h-header-to-asm-amd.patch. - commit 02efe4c - x86/platform/amd: Move the header to (jsc#PED-13094). - commit cd8f689 - x86/amd_node, platform/x86/amd/hsmp: Have HSMP use SMN through AMD_NODE (jsc#PED-13094). - commit 84c6aed - x86/amd_node: Remove dependency on AMD_NB (jsc#PED-13094). - commit 7a96278 - x86/amd_node: Update __amd_smn_rw() error paths (jsc#PED-13094). - commit 4c71e32 - x86/amd_nb: Move SMN access code to a new amd_node driver (jsc#PED-13094). - commit e227b52 - x86/amd_nb, hwmon: (k10temp): Simplify amd_pci_dev_to_node_id() (jsc#PED-13094). - commit 4ab060a - x86/amd_nb: Simplify function 3 search (jsc#PED-13094). - commit 995c30f - x86/amd_nb: Use topology info to get AMD node count (jsc#PED-13094). - commit 92a3127 - x86/amd_nb: Simplify root device search (jsc#PED-13094). - commit 99743f8 - x86/amd_nb: Simplify function 4 search (jsc#PED-13094). - commit 969836a - x86: Start moving AMD node functionality out of AMD_NB (jsc#PED-13094). - commit dedae8e - x86/amd_nb: Clean up early_is_amd_nb() (jsc#PED-13094). - commit 3e7ae58 - x86/amd_nb: Restrict init function to AMD-based systems (jsc#PED-13094). - commit 4581815 - x86/mce/amd: Remove shared threshold bank plumbing (jsc#PED-13094). - commit 5e367df - platform/x86: amd: Use *-y instead of *-objs in Makefiles (jsc#PED-13094). - commit 80da452 - platform/x86/amd/hsmp: Constify 'struct bin_attribute' (jsc#PED-13094). - commit ed01393 - Refresh patches.suse/drm-panel-simple-Update-timings-for-AUO-G101EVN010.patch. - Refresh patches.suse/drm-xe-Fix-and-re-enable-xe_print_blob_ascii85.patch. - commit 7527c99 - platform/x86/amd/hsmp: Add support for HSMP protocol version 7 messages (jsc#PED-13094). - commit 98c4882 - platform/x86/amd/hsmp: Change the error type (jsc#PED-13094). - commit a450822 - platform/x86/amd/hsmp: Add new error code and error logs (jsc#PED-13094). - commit 2c1e1e0 - platform/x86/amd/hsmp: Make hsmp_pdev static instead of global (jsc#PED-13094). - commit 25dfaea ++++ kernel-rt: - block/bdev: enable large folio support for large logical block sizes (git-fixes). - commit 03e169f - x86/amd_node: Add support for debugfs access to SMN registers (jsc#PED-13094). - commit 718f7f2 - x86/amd_node: Add SMN offsets to exclusive region access (jsc#PED-13094). - commit 8b0488f - x86/amd_node: Use defines for SMN register offsets (jsc#PED-13094). - commit fdceb0c - ima: Suspend PCR extends and log appends when rebooting (bsc#1210025 ltc#196650). - Refresh patches.suse/0008-ima-track-the-set-of-PCRs-ever-extended.patch. - commit 87b6eff - wifi: ath12k: Prevent sending WMI commands to firmware during firmware crash (bsc#1240998). - wifi: ath12k: Resolve multicast packet drop by populating key_cipher in ath12k_install_key() (bsc#1240998). - commit 7530032 - wifi: ath12k: ath12k_mac_op_set_key(): fix uninitialized symbol 'ret' (bsc#1240998). - commit f7be9d8 - wifi: ath12k: Fix for out-of bound access error (bsc#1240998 CVE-2024-58015 bsc#1238995). - blacklist.conf: - commit 3c5bf1f - wifi: ath12k: fix key cache handling (bsc#1240998). - commit dcb3d62 - wifi: ath12k: convert tasklet to BH workqueue for CE interrupts (bsc#1240998). - wifi: ath12k: fix A-MSDU indication in monitor mode (bsc#1240998). - wifi: ath12k: use tail MSDU to get MSDU information (bsc#1240998). - wifi: ath12k: delete NSS and TX power setting for monitor vdev (bsc#1240998). - wifi: ath12k: fix struct hal_rx_mpdu_start (bsc#1240998). - wifi: ath12k: fix struct hal_rx_phyrx_rssi_legacy_info (bsc#1240998). - wifi: ath12k: fix struct hal_rx_ppdu_start (bsc#1240998). - wifi: ath12k: fix struct hal_rx_ppdu_end_user_stats (bsc#1240998). - wifi: ath12k: remove unused variable monitor_present (bsc#1240998). - commit 8ed2a0a - wifi: ath12k: modify link arvif creation and removal for MLO (bsc#1240998). - Refresh patches.suse/wifi-ath12k-fix-read-pointer-after-free-in-ath12k_ma.patch. - commit 66e4cb1 - wifi: ath12k: update ath12k_mac_op_update_vif_offload() for MLO (bsc#1240998). - wifi: ath12k: update ath12k_mac_op_conf_tx() for MLO (bsc#1240998). - wifi: ath12k: modify ath12k_mac_op_set_key() for MLO (bsc#1240998). - wifi: ath12k: modify ath12k_mac_op_bss_info_changed() for MLO (bsc#1240998). - wifi: ath12k: modify ath12k_get_arvif_iter() for MLO (bsc#1240998). - wifi: ath12k: modify ath12k_mac_vif_chan() for MLO (bsc#1240998). - wifi: ath12k: prepare vif config caching for MLO (bsc#1240998). - wifi: ath12k: prepare sta data structure for MLO handling (bsc#1240998). - wifi: ath12k: pass ath12k_link_vif instead of vif/ahvif (bsc#1240998). - commit e2a68c7 - wifi: ath12k: prepare vif data structure for MLO handling (bsc#1240998). - Refresh patches.suse/wifi-ath12k-Handle-error-cases-during-extended-skb-a.patch. - Refresh patches.suse/wifi-ath12k-fix-tx-power-max-reg-power-update-to-fir.patch. - commit be086ca - wifi: ath12k: Add firmware coredump collection support (bsc#1240998). - Update config files. - commit 13fc60a - wifi: ath12k: Support BE OFDMA Pdev Rate Stats (bsc#1240998). - wifi: ath12k: Support Pdev Scheduled Algorithm Stats (bsc#1240998). - wifi: ath12k: Support DMAC Reset Stats (bsc#1240998). - wifi: ath12k: add missing lockdep_assert_wiphy() for ath12k_mac_op_ functions (bsc#1240998). - wifi: ath12k: ath12k_mac_op_sta_state(): clean up update_wk cancellation (bsc#1240998). - wifi: ath12k: ath12k_mac_set_key(): remove exit label (bsc#1240998). - commit 4d42f04 - wifi: ath12k: switch to using wiphy_lock() and remove ar->conf_mutex (bsc#1240998). - Refresh patches.suse/wifi-ath12k-fix-node-corruption-in-ar-arvifs-list.patch. - Refresh patches.suse/wifi-ath12k-fix-read-pointer-after-free-in-ath12k_ma.patch. - commit 728526a - wifi: ath12k: convert struct ath12k_sta::update_wk to use struct wiphy_work (bsc#1240998). - commit 91ddf3a - wifi: ath12k: Support Pdev OBSS Stats (bsc#1240998). - wifi: ath12k: Support pdev CCA Stats (bsc#1240998). - wifi: ath12k: Support pdev Transmit Multi-user stats (bsc#1240998). - wifi: ath12k: Support Ring and SFM stats (bsc#1240998). - wifi: ath12k: Support Self-Generated Transmit stats (bsc#1240998). - wifi: ath12k: Modify print_array_to_buf() to support arrays with 1-based semantics (bsc#1240998). - wifi: ath12k: move txbaddr/rxbaddr into struct ath12k_dp (bsc#1240998). - wifi: ath12k: make read-only array svc_id static const (bsc#1240998). - commit 3509024 - x86/bugs: Restructure ITS mitigation (git-fixes). - commit 085abef - x86/bugs: Fix spectre_v2 mitigation default on Intel (git-fixes). - commit f344e75 - KVM: SVM: Set/clear SRSO's BP_SPEC_REDUCE on 0 <=> 1 VM count transitions (git-fixes). - commit b648f1d - platform/x86/amd/hsmp: fix building with CONFIG_HWMON=m (jsc#PED-13094). - commit dc03ed2 - platform/x86/amd/hsmp: acpi: Add sysfs files to display HSMP telemetry (jsc#PED-13094). - commit d63496c - platform/x86/amd/hsmp: Report power via hwmon sensors (jsc#PED-13094). - commit 357c2f9 - platform/x86/amd/hsmp: Use a single DRIVER_VERSION for all usmp modules (jsc#PED-13094). - commit 60b1624 - platform/x86/amd/hsmp: Make amd_hsmp and hsmp_acpi as mutually exclusive drivers (jsc#PED-13094). - Refresh patches.suse/x86-platform-amd-Move-the-asm-amd_hsmp.h-header-to-asm-amd.patch. - commit 02efe4c - x86/platform/amd: Move the header to (jsc#PED-13094). - commit cd8f689 - x86/amd_node, platform/x86/amd/hsmp: Have HSMP use SMN through AMD_NODE (jsc#PED-13094). - commit 84c6aed - x86/amd_node: Remove dependency on AMD_NB (jsc#PED-13094). - commit 7a96278 - x86/amd_node: Update __amd_smn_rw() error paths (jsc#PED-13094). - commit 4c71e32 - x86/amd_nb: Move SMN access code to a new amd_node driver (jsc#PED-13094). - commit e227b52 - x86/amd_nb, hwmon: (k10temp): Simplify amd_pci_dev_to_node_id() (jsc#PED-13094). - commit 4ab060a - x86/amd_nb: Simplify function 3 search (jsc#PED-13094). - commit 995c30f - x86/amd_nb: Use topology info to get AMD node count (jsc#PED-13094). - commit 92a3127 - x86/amd_nb: Simplify root device search (jsc#PED-13094). - commit 99743f8 - x86/amd_nb: Simplify function 4 search (jsc#PED-13094). - commit 969836a - x86: Start moving AMD node functionality out of AMD_NB (jsc#PED-13094). - commit dedae8e - x86/amd_nb: Clean up early_is_amd_nb() (jsc#PED-13094). - commit 3e7ae58 - x86/amd_nb: Restrict init function to AMD-based systems (jsc#PED-13094). - commit 4581815 - x86/mce/amd: Remove shared threshold bank plumbing (jsc#PED-13094). - commit 5e367df - platform/x86: amd: Use *-y instead of *-objs in Makefiles (jsc#PED-13094). - commit 80da452 - platform/x86/amd/hsmp: Constify 'struct bin_attribute' (jsc#PED-13094). - commit ed01393 - Refresh patches.suse/drm-panel-simple-Update-timings-for-AUO-G101EVN010.patch. - Refresh patches.suse/drm-xe-Fix-and-re-enable-xe_print_blob_ascii85.patch. - commit 7527c99 - platform/x86/amd/hsmp: Add support for HSMP protocol version 7 messages (jsc#PED-13094). - commit 98c4882 - platform/x86/amd/hsmp: Change the error type (jsc#PED-13094). - commit a450822 - platform/x86/amd/hsmp: Add new error code and error logs (jsc#PED-13094). - commit 2c1e1e0 - platform/x86/amd/hsmp: Make hsmp_pdev static instead of global (jsc#PED-13094). - commit 25dfaea ++++ ovmf: - Add the patch from edk2-stable202505 (bsc#1243199) - ovmf-OvmfPkg-CcExitLib-Use-the-proper-register-when-filte.patch 856bdc8eec0f OvmfPkg/CcExitLib: Use the proper register when filtering MSRs ------------------------------------------------------------------ ------------------ 2025-6-15 - Jun 15 2025 ------------------- ------------------------------------------------------------------ ++++ nvidia-open-driver-G06-signed: - update non-CUDA variant to 570.169 (boo#1244614) ------------------------------------------------------------------ ------------------ 2025-6-14 - Jun 14 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - udmabuf: use sgtable-based scatterlist wrappers (git-fixes). - drm/meson: fix more rounding issues with 59.94Hz modes (git-fixes). - drm/meson: use vclk_freq instead of pixel_freq in debug print (git-fixes). - drm/meson: fix debug log statement when setting the HDMI clocks (git-fixes). - ACPI: CPPC: Fix NULL pointer dereference when nosmp is used (git-fixes). - spi: omap2-mcspi: Disable multi-mode when the previous message kept CS asserted (git-fixes). - spi: omap2-mcspi: Disable multi mode when CS should be kept asserted after message (git-fixes). - regulator: max20086: Fix refcount leak in max20086_parse_regulators_dt() (git-fixes). - commit 8d2d704 ++++ kernel-rt: - udmabuf: use sgtable-based scatterlist wrappers (git-fixes). - drm/meson: fix more rounding issues with 59.94Hz modes (git-fixes). - drm/meson: use vclk_freq instead of pixel_freq in debug print (git-fixes). - drm/meson: fix debug log statement when setting the HDMI clocks (git-fixes). - ACPI: CPPC: Fix NULL pointer dereference when nosmp is used (git-fixes). - spi: omap2-mcspi: Disable multi-mode when the previous message kept CS asserted (git-fixes). - spi: omap2-mcspi: Disable multi mode when CS should be kept asserted after message (git-fixes). - regulator: max20086: Fix refcount leak in max20086_parse_regulators_dt() (git-fixes). - commit 8d2d704 ------------------------------------------------------------------ ------------------ 2025-6-13 - Jun 13 2025 ------------------- ------------------------------------------------------------------ ++++ glib2: - Update to version 2.84.3: + Bug fixed: gstring: Fix overflow check when expanding the string (CVE-2025-6052, boo#1244596). ++++ kernel-default: - Revert "openvswitch: switch to per-action label counting in conntrack" (CVE-2025-21958 bsc#1240758). - commit 99845fa - fgraph: Still initialize idle shadow stacks when starting (git-fixes). - commit bbb8b6d - platform/x86/amd/hsmp: Use dev_groups in the driver structure (jsc#PED-13094). - commit 0d0227e - tracing/eprobe: Fix to release eprobe when failed to add dyn_event (git-fixes). - commit 1e81e5c - platform/x86/amd/hsmp: Use name space while exporting module symbols (jsc#PED-13094). - commit 43e9d2b - platform/x86/amd/hsmp: Create separate ACPI, plat and common drivers (jsc#PED-13094). - Update config files. - commit 1820255 - mm/damon: fix order of arguments in damos_before_apply tracepoint (git-fixes). - commit 573e8fc - platform/x86/amd/hsmp: Change generic plat_dev name to hsmp_pdev (jsc#PED-13094). - commit e81369a - platform/x86/amd/hsmp: Move ACPI code to acpi.c (jsc#PED-13094). - commit 4d8807d - platform/x86/amd/hsmp: Move platform device specific code to plat.c (jsc#PED-13094). - commit a6d1274 - platform/x86/amd/hsmp: Move structure and macros to header file (jsc#PED-13094). - commit 226e6d8 - platform/x86/amd/hsmp: Convert amd_hsmp_rdwr() to a function pointer (jsc#PED-13094). - commit cfa6b2b - platform/x86/amd/hsmp: Create wrapper function init_acpi() (jsc#PED-13094). - commit 7b2aa8b - tracing: Fix cmp_entries_dup() to respect sort() comparison rules (git-fixes). - commit b955896 - platform/x86/amd/hsmp: Create hsmp/ directory (jsc#PED-13094). - Refresh patches.suse/sysfs-treewide-constify-attribute-callback-of-bin_is.patch. - commit fb1429d - tracing: Fix function name for trampoline (git-fixes). - commit db0dd06 - tracing: Use atomic64_inc_return() in trace_clock_counter() (git-fixes). - commit 58aed75 - trace/trace_event_perf: remove duplicate samples on the first tracepoint event (git-fixes). - commit 4902f47 - x86/bugs: Restructure SRSO mitigation (git-fixes). - commit b308adf - x86/bugs: KVM: Add support for SRSO_MSR_FIX (git-fixes). - commit d3911cf - x86/bugs: Restructure L1TF mitigation (git-fixes). - Refresh patches.suse/x86-sme-Use-percpu-boolean-to-control-wbinvd-during-kexec.patch. - commit 1d465a8 - x86/bugs: Restructure SSB mitigation (git-fixes). - commit 4fad51e - x86/bugs: Restructure spectre_v2 mitigation (git-fixes). - commit 811ec5d - x86/bugs: Restructure BHI mitigation (git-fixes). - commit 185e70f - x86/bugs: Restructure spectre_v2_user mitigation (git-fixes). - commit 7ec3712 - x86/bugs: Remove X86_FEATURE_USE_IBPB (git-fixes). - commit fa88ebe - KVM: nVMX: Always use IBPB to properly virtualize IBRS (git-fixes). - blacklist.conf: Removed the patch - commit 557f9fb - x86/bugs: Use a static branch to guard IBPB on vCPU switch (git-fixes). - commit e724e81 - x86/bugs: Remove the X86_FEATURE_USE_IBPB check in ib_prctl_set() (git-fixes). - commit 42db235 - x86/mm: Remove X86_FEATURE_USE_IBPB checks in cond_mitigation() (git-fixes). - commit 4022f33 - x86/bugs: Move the X86_FEATURE_USE_IBPB check into callers (git-fixes). - Refresh patches.suse/x86-bugs-Fix-RSB-clearing-in-indirect_branch_prediction_ba.patch. - commit 68a66c6 - x86/bugs: Use the cpu_smt_possible() helper instead of open-coded code (git-fixes). - commit a3f48f2 - x86/bugs: Restructure retbleed mitigation (git-fixes). - commit 57e9149 - x86/bugs: Allow retbleed=stuff only on Intel (git-fixes). - commit be36749 - x86/bugs: Restructure spectre_v1 mitigation (git-fixes). - commit 9d9c4f9 - x86/bugs: Restructure GDS mitigation (git-fixes). - commit 07ce138 - x86/bugs: Restructure SRBDS mitigation (git-fixes). - commit 985324a - x86/bugs: Remove md_clear_*_mitigation() (git-fixes). - commit 3670fb7 - x86/bugs: Restructure RFDS mitigation (git-fixes). - commit 5f6d514 - x86/bugs: Restructure MMIO mitigation (git-fixes). - commit fbecfda - x86/bugs: Rename mmio_stale_data_clear to cpu_buf_vm_clear (git-fixes). - commit 6562e0a - x86/bugs: Restructure TAA mitigation (git-fixes). - commit 2b3c942 - x86/bugs: Restructure MDS mitigation (git-fixes). - commit d61c636 - x86/bugs: Add AUTO mitigations for mds/taa/mmio/rfds (git-fixes). - commit 8f40133 - x86/bugs: Relocate mds/taa/mmio/rfds defines (git-fixes). - commit dd6ad69 - x86/bugs: Add X86_BUG_SPECTRE_V2_USER (git-fixes). - Refresh patches.suse/x86-its-Add-vmexit-option-to-skip-mitigation-on-some-CPUs.patch. - Refresh patches.suse/x86-its-Enumerate-Indirect-Target-Selection-ITS-bug.patch. - commit 2251acf - net: ibmveth: Refactored veth_pool_store for better maintainability (jsc#PED-3944). - net: ibmveth: added KUnit tests for some buffer pool functions (jsc#PED-3944). - net: ibmveth: Reset the adapter when unexpected states are detected (jsc#PED-3944). - net: ibmveth: Indented struct ibmveth_adapter correctly (jsc#PED-3944). - commit 8a53c7b - patches.suse/block-make-sure-nr_integrity_segments-is-cloned-in-blk_rq_.patch: (git-fixes, bsc#1243874). Patch metadata - commit 3065561 - x86/mm/init: Handle the special case of device private pages in add_pages(), to not increase max_pfn and trigger dma_addressing_limited() bounce buffers (git-fixes). - commit 497daab - Bluetooth: MGMT: Fix sparse errors (git-fixes). - commit f4127bc - wifi: ath11k: validate ath11k_crypto_mode on top of ath11k_core_qmi_firmware_ready (git-fixes). - ath10k: snoc: fix unbalanced IRQ enable in crash recovery (git-fixes). - Revert "wifi: mwifiex: Fix HT40 bandwidth issue." (git-fixes). - Bluetooth: eir: Fix possible crashes on eir_create_adv_data (git-fixes). - Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance (git-fixes). - Bluetooth: Fix NULL pointer deference on eir_get_service_data (git-fixes). - net/mdiobus: Fix potential out-of-bounds clause 45 read/write access (git-fixes). - net/mdiobus: Fix potential out-of-bounds read/write access (git-fixes). - Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete (git-fixes). - Bluetooth: btintel_pcie: Reduce driver buffer posting to prevent race condition (git-fixes). - Bluetooth: btintel_pcie: Increase the tx and rx descriptor count (git-fixes). - Bluetooth: btintel_pcie: Fix driver not posting maximum rx buffers (git-fixes). - Bluetooth: hci_core: fix list_for_each_entry_rcu usage (git-fixes). - ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() (git-fixes). - pinctrl: st: Drop unused st_gpio_bank() function (git-fixes). - pinctrl: qcom: pinctrl-qcm2290: Add missing pins (git-fixes). - ptp: ocp: Limit signal/freq counts in summary output functions (git-fixes). - ptp: ocp: fix start time alignment in ptp_ocp_signal_set (git-fixes). - ptp: ocp: reject unsupported periodic output flags (git-fixes). - ptp: Properly handle compat ioctls (git-fixes). - commit ad94026 - PCI/MSI: Size device MSI domain with the maximum number of vectors (git-fixes). - PCI: apple: Set only available ports up (git-fixes). - PCI: endpoint: Retain fixed-size BAR size as well as aligned size (git-fixes). - kABI: PCI: endpoint: Retain fixed-size BAR size as well as aligned size (git-fixes). - PCI/pwrctrl: Cancel outstanding rescan work when unregistering (git-fixes). - serial: mctrl_gpio: split disable_ms into sync and no_sync APIs (git-fixes). - kABI: serial: mctrl_gpio: split disable_ms into sync and no_sync APIs (git-fixes). - PCI: apple: Use helper function for_each_child_of_node_scoped() (git-fixes). - x86/kaslr: Reduce KASLR entropy on most x86 systems (git-fixes). - commit f6125e9 ++++ kernel-rt: - Revert "openvswitch: switch to per-action label counting in conntrack" (CVE-2025-21958 bsc#1240758). - commit 99845fa - fgraph: Still initialize idle shadow stacks when starting (git-fixes). - commit bbb8b6d - platform/x86/amd/hsmp: Use dev_groups in the driver structure (jsc#PED-13094). - commit 0d0227e - tracing/eprobe: Fix to release eprobe when failed to add dyn_event (git-fixes). - commit 1e81e5c - platform/x86/amd/hsmp: Use name space while exporting module symbols (jsc#PED-13094). - commit 43e9d2b - platform/x86/amd/hsmp: Create separate ACPI, plat and common drivers (jsc#PED-13094). - Update config files. - commit 1820255 - mm/damon: fix order of arguments in damos_before_apply tracepoint (git-fixes). - commit 573e8fc - platform/x86/amd/hsmp: Change generic plat_dev name to hsmp_pdev (jsc#PED-13094). - commit e81369a - platform/x86/amd/hsmp: Move ACPI code to acpi.c (jsc#PED-13094). - commit 4d8807d - platform/x86/amd/hsmp: Move platform device specific code to plat.c (jsc#PED-13094). - commit a6d1274 - platform/x86/amd/hsmp: Move structure and macros to header file (jsc#PED-13094). - commit 226e6d8 - platform/x86/amd/hsmp: Convert amd_hsmp_rdwr() to a function pointer (jsc#PED-13094). - commit cfa6b2b - platform/x86/amd/hsmp: Create wrapper function init_acpi() (jsc#PED-13094). - commit 7b2aa8b - tracing: Fix cmp_entries_dup() to respect sort() comparison rules (git-fixes). - commit b955896 - platform/x86/amd/hsmp: Create hsmp/ directory (jsc#PED-13094). - Refresh patches.suse/sysfs-treewide-constify-attribute-callback-of-bin_is.patch. - commit fb1429d - tracing: Fix function name for trampoline (git-fixes). - commit db0dd06 - tracing: Use atomic64_inc_return() in trace_clock_counter() (git-fixes). - commit 58aed75 - trace/trace_event_perf: remove duplicate samples on the first tracepoint event (git-fixes). - commit 4902f47 - x86/bugs: Restructure SRSO mitigation (git-fixes). - commit b308adf - x86/bugs: KVM: Add support for SRSO_MSR_FIX (git-fixes). - commit d3911cf - x86/bugs: Restructure L1TF mitigation (git-fixes). - Refresh patches.suse/x86-sme-Use-percpu-boolean-to-control-wbinvd-during-kexec.patch. - commit 1d465a8 - x86/bugs: Restructure SSB mitigation (git-fixes). - commit 4fad51e - x86/bugs: Restructure spectre_v2 mitigation (git-fixes). - commit 811ec5d - x86/bugs: Restructure BHI mitigation (git-fixes). - commit 185e70f - x86/bugs: Restructure spectre_v2_user mitigation (git-fixes). - commit 7ec3712 - x86/bugs: Remove X86_FEATURE_USE_IBPB (git-fixes). - commit fa88ebe - KVM: nVMX: Always use IBPB to properly virtualize IBRS (git-fixes). - blacklist.conf: Removed the patch - commit 557f9fb - x86/bugs: Use a static branch to guard IBPB on vCPU switch (git-fixes). - commit e724e81 - x86/bugs: Remove the X86_FEATURE_USE_IBPB check in ib_prctl_set() (git-fixes). - commit 42db235 - x86/mm: Remove X86_FEATURE_USE_IBPB checks in cond_mitigation() (git-fixes). - commit 4022f33 - x86/bugs: Move the X86_FEATURE_USE_IBPB check into callers (git-fixes). - Refresh patches.suse/x86-bugs-Fix-RSB-clearing-in-indirect_branch_prediction_ba.patch. - commit 68a66c6 - x86/bugs: Use the cpu_smt_possible() helper instead of open-coded code (git-fixes). - commit a3f48f2 - x86/bugs: Restructure retbleed mitigation (git-fixes). - commit 57e9149 - x86/bugs: Allow retbleed=stuff only on Intel (git-fixes). - commit be36749 - x86/bugs: Restructure spectre_v1 mitigation (git-fixes). - commit 9d9c4f9 - x86/bugs: Restructure GDS mitigation (git-fixes). - commit 07ce138 - x86/bugs: Restructure SRBDS mitigation (git-fixes). - commit 985324a - x86/bugs: Remove md_clear_*_mitigation() (git-fixes). - commit 3670fb7 - x86/bugs: Restructure RFDS mitigation (git-fixes). - commit 5f6d514 - x86/bugs: Restructure MMIO mitigation (git-fixes). - commit fbecfda - x86/bugs: Rename mmio_stale_data_clear to cpu_buf_vm_clear (git-fixes). - commit 6562e0a - x86/bugs: Restructure TAA mitigation (git-fixes). - commit 2b3c942 - x86/bugs: Restructure MDS mitigation (git-fixes). - commit d61c636 - x86/bugs: Add AUTO mitigations for mds/taa/mmio/rfds (git-fixes). - commit 8f40133 - x86/bugs: Relocate mds/taa/mmio/rfds defines (git-fixes). - commit dd6ad69 - x86/bugs: Add X86_BUG_SPECTRE_V2_USER (git-fixes). - Refresh patches.suse/x86-its-Add-vmexit-option-to-skip-mitigation-on-some-CPUs.patch. - Refresh patches.suse/x86-its-Enumerate-Indirect-Target-Selection-ITS-bug.patch. - commit 2251acf - net: ibmveth: Refactored veth_pool_store for better maintainability (jsc#PED-3944). - net: ibmveth: added KUnit tests for some buffer pool functions (jsc#PED-3944). - net: ibmveth: Reset the adapter when unexpected states are detected (jsc#PED-3944). - net: ibmveth: Indented struct ibmveth_adapter correctly (jsc#PED-3944). - commit 8a53c7b - patches.suse/block-make-sure-nr_integrity_segments-is-cloned-in-blk_rq_.patch: (git-fixes, bsc#1243874). Patch metadata - commit 3065561 - x86/mm/init: Handle the special case of device private pages in add_pages(), to not increase max_pfn and trigger dma_addressing_limited() bounce buffers (git-fixes). - commit 497daab - Bluetooth: MGMT: Fix sparse errors (git-fixes). - commit f4127bc - wifi: ath11k: validate ath11k_crypto_mode on top of ath11k_core_qmi_firmware_ready (git-fixes). - ath10k: snoc: fix unbalanced IRQ enable in crash recovery (git-fixes). - Revert "wifi: mwifiex: Fix HT40 bandwidth issue." (git-fixes). - Bluetooth: eir: Fix possible crashes on eir_create_adv_data (git-fixes). - Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance (git-fixes). - Bluetooth: Fix NULL pointer deference on eir_get_service_data (git-fixes). - net/mdiobus: Fix potential out-of-bounds clause 45 read/write access (git-fixes). - net/mdiobus: Fix potential out-of-bounds read/write access (git-fixes). - Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete (git-fixes). - Bluetooth: btintel_pcie: Reduce driver buffer posting to prevent race condition (git-fixes). - Bluetooth: btintel_pcie: Increase the tx and rx descriptor count (git-fixes). - Bluetooth: btintel_pcie: Fix driver not posting maximum rx buffers (git-fixes). - Bluetooth: hci_core: fix list_for_each_entry_rcu usage (git-fixes). - ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() (git-fixes). - pinctrl: st: Drop unused st_gpio_bank() function (git-fixes). - pinctrl: qcom: pinctrl-qcm2290: Add missing pins (git-fixes). - ptp: ocp: Limit signal/freq counts in summary output functions (git-fixes). - ptp: ocp: fix start time alignment in ptp_ocp_signal_set (git-fixes). - ptp: ocp: reject unsupported periodic output flags (git-fixes). - ptp: Properly handle compat ioctls (git-fixes). - commit ad94026 - PCI/MSI: Size device MSI domain with the maximum number of vectors (git-fixes). - PCI: apple: Set only available ports up (git-fixes). - PCI: endpoint: Retain fixed-size BAR size as well as aligned size (git-fixes). - kABI: PCI: endpoint: Retain fixed-size BAR size as well as aligned size (git-fixes). - PCI/pwrctrl: Cancel outstanding rescan work when unregistering (git-fixes). - serial: mctrl_gpio: split disable_ms into sync and no_sync APIs (git-fixes). - kABI: serial: mctrl_gpio: split disable_ms into sync and no_sync APIs (git-fixes). - PCI: apple: Use helper function for_each_child_of_node_scoped() (git-fixes). - x86/kaslr: Reduce KASLR entropy on most x86 systems (git-fixes). - commit f6125e9 ++++ libguestfs: - Drop gzip mtime from base.tar.gz (bsc#1216986) ++++ osinfo-db: - Update to database version 20250606 (jsc#PED-12706) osinfo-db-20250606.tar.xz - Drop add-Windows-Server-2025.patch ------------------------------------------------------------------ ------------------ 2025-6-12 - Jun 12 2025 ------------------- ------------------------------------------------------------------ ++++ transactional-update: - Version 5.0.4 - Don't override soft-reboot with hard reboot - Fix stdio when returning from selfupdate [boo#1243910], [gh#openSUSE/transactional-update#151] ++++ jq: - Add patch CVE-2024-23337.patch (CVE-2024-23337, bsc#1243450) ++++ kernel-default: - scsi: dc395x: Remove leftover if statement in reselect() (git-fixes). - commit 6750876 - scsi: smartpqi: Fix smp_processor_id() call trace for preemptible kernels (git-fixes). - scsi: dc395x: Remove DEBUG conditional compilation (git-fixes). - scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk (git-fixes). - scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops (git-fixes). - scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer (git-fixes). - scsi: mpi3mr: Add level check to control event logging (git-fixes). - scsi: st: Tighten the page format heuristics with MODE SELECT (git-fixes). - scsi: st: ERASE does not change tape location (git-fixes). - scsi: logging: Fix scsi_logging_level bounds (git-fixes). - scsi: mpi3mr: Update timestamp only for supervisor IOCs (git-fixes). - scsi: scsi_debug: First fixes for tapes (git-fixes). - scsi: mpt3sas: Send a diag reset if target reset fails (git-fixes). - scsi: st: Restore some drive settings after reset (git-fixes). - commit edc8361 - sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (CVE-2025-38000 bsc#1244277). - commit 57fc275 - ring-buffer: Limit time with disabled interrupts in rb_check_pages() (git-fixes). - commit eb4c51a - bpf: Force uprobe bpf program to always return 0 (git-fixes). - commit 8c62ccf - tracing: Fix function timing profiler to initialize hashtable (git-fixes). - commit bb3c8fc - xfs: don't lose solo dquot update transactions (bsc#1244502). - commit de784a3 - xfs: don't lose solo superblock counter update transactions (bsc#1244502). - commit d46099b - xfs: avoid nested calls to __xfs_trans_commit (bsc#1244502). - commit 0e219be - netfilter: ipset: fix region locking in hash types (CVE-2025-37997 bsc#1243832). - commit 7805bf7 - Revert "sysctl: update common tuning parameters for SAP workloads" This reverts commit 86d9b0692912bbfa298dbe77683f16d0872aaf27. jsc#PED-11676 has been rejected. - commit 346a6d9 - supported.conf: mark mana drivers as external - uio_hv_generic: Set event for all channels on the device (git-fixes). - Drivers: hv: Always select CONFIG_SYSFB for Hyper-V guests (git-fixes). - Drivers: hv: vmbus: Add comments about races with "channels" sysfs dir (git-fixes). - PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes). - Drivers: hv: Use kzalloc for panic page allocation (git-fixes). - uio_hv_generic: Align ring size to system page (git-fixes). - uio_hv_generic: Use correct size for interrupt and monitor pages (git-fixes). - Drivers: hv: Allocate interrupt and monitor pages aligned to system page boundary (git-fixes). - x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() (git-fixes). - Drivers: hv: vmbus: Introduce hv_get_vmbus_root_device() (git-fixes). - Drivers: hv: vmbus: Get the IRQ number from DeviceTree (git-fixes). - arm64, x86: hyperv: Report the VTL the system boots in (git-fixes). - arm64: hyperv: Initialize the Virtual Trust Level field (git-fixes). - Drivers: hv: Provide arch-neutral implementation of get_vtl() (git-fixes). - Drivers: hv: Enable VTL mode for arm64 (git-fixes). - tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes). - net: mana: Add support for auxiliary device servicing events (git-fixes). - RDMA/mana_ib: unify mana_ib functions to support any gdma device (git-fixes). - RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes). - net: mana: Probe rdma device in mana driver (git-fixes). - RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes). - RDMA/mana_ib: support of the zero based MRs (git-fixes). - RDMA/mana_ib: Access remote atomic for MRs (git-fixes). - net: mana: Add support for Multi Vports on Bare metal (bsc#1244229). - commit e5bb2a2 ++++ kernel-firmware-nvidia: - Fix zypper conflict about directory -> symlink workaround (bsc#1244458) ++++ kernel-rt: - scsi: dc395x: Remove leftover if statement in reselect() (git-fixes). - commit 6750876 - scsi: smartpqi: Fix smp_processor_id() call trace for preemptible kernels (git-fixes). - scsi: dc395x: Remove DEBUG conditional compilation (git-fixes). - scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk (git-fixes). - scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops (git-fixes). - scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer (git-fixes). - scsi: mpi3mr: Add level check to control event logging (git-fixes). - scsi: st: Tighten the page format heuristics with MODE SELECT (git-fixes). - scsi: st: ERASE does not change tape location (git-fixes). - scsi: logging: Fix scsi_logging_level bounds (git-fixes). - scsi: mpi3mr: Update timestamp only for supervisor IOCs (git-fixes). - scsi: scsi_debug: First fixes for tapes (git-fixes). - scsi: mpt3sas: Send a diag reset if target reset fails (git-fixes). - scsi: st: Restore some drive settings after reset (git-fixes). - commit edc8361 - sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (CVE-2025-38000 bsc#1244277). - commit 57fc275 - ring-buffer: Limit time with disabled interrupts in rb_check_pages() (git-fixes). - commit eb4c51a - bpf: Force uprobe bpf program to always return 0 (git-fixes). - commit 8c62ccf - tracing: Fix function timing profiler to initialize hashtable (git-fixes). - commit bb3c8fc - xfs: don't lose solo dquot update transactions (bsc#1244502). - commit de784a3 - xfs: don't lose solo superblock counter update transactions (bsc#1244502). - commit d46099b - xfs: avoid nested calls to __xfs_trans_commit (bsc#1244502). - commit 0e219be - netfilter: ipset: fix region locking in hash types (CVE-2025-37997 bsc#1243832). - commit 7805bf7 - Revert "sysctl: update common tuning parameters for SAP workloads" This reverts commit 86d9b0692912bbfa298dbe77683f16d0872aaf27. jsc#PED-11676 has been rejected. - commit 346a6d9 - supported.conf: mark mana drivers as external - uio_hv_generic: Set event for all channels on the device (git-fixes). - Drivers: hv: Always select CONFIG_SYSFB for Hyper-V guests (git-fixes). - Drivers: hv: vmbus: Add comments about races with "channels" sysfs dir (git-fixes). - PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes). - Drivers: hv: Use kzalloc for panic page allocation (git-fixes). - uio_hv_generic: Align ring size to system page (git-fixes). - uio_hv_generic: Use correct size for interrupt and monitor pages (git-fixes). - Drivers: hv: Allocate interrupt and monitor pages aligned to system page boundary (git-fixes). - x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() (git-fixes). - Drivers: hv: vmbus: Introduce hv_get_vmbus_root_device() (git-fixes). - Drivers: hv: vmbus: Get the IRQ number from DeviceTree (git-fixes). - arm64, x86: hyperv: Report the VTL the system boots in (git-fixes). - arm64: hyperv: Initialize the Virtual Trust Level field (git-fixes). - Drivers: hv: Provide arch-neutral implementation of get_vtl() (git-fixes). - Drivers: hv: Enable VTL mode for arm64 (git-fixes). - tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes). - net: mana: Add support for auxiliary device servicing events (git-fixes). - RDMA/mana_ib: unify mana_ib functions to support any gdma device (git-fixes). - RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes). - net: mana: Probe rdma device in mana driver (git-fixes). - RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes). - RDMA/mana_ib: support of the zero based MRs (git-fixes). - RDMA/mana_ib: Access remote atomic for MRs (git-fixes). - net: mana: Add support for Multi Vports on Bare metal (bsc#1244229). - commit e5bb2a2 ++++ ndctl: - Update to version 82 * adds libcxl enumeration of FWCTL character devices - Linux 6.15 compatibility ------------------------------------------------------------------ ------------------ 2025-6-11 - Jun 11 2025 ------------------- ------------------------------------------------------------------ ++++ NetworkManager: - document static ip setup on boot (bsc#1244072) add 0001-man-document-static-ip-setup-differences-to-dracut-n.patch ++++ fde-tools: - Add fde-tools-bsc1244323-firstboot-fix-lsinitrd.patch to fix the empty LUKS header checksum from lsinitrd (bsc#1244323) ++++ kernel-default: - Revert "ipv6: save dontfrag in cork (git-fixes)." This reverts commit f07ae24f52481201baa11e1e91aab0812e1043c6. See https://lore.kernel.org/all/aElivdUXqd1OqgMY@karahi.gladserv.com/ and https://bugzilla.suse.com/show_bug.cgi?id=1244313. - commit a4337cd - Revert "kABI: ipv6: save dontfrag in cork (git-fixes)." This reverts commit c19b92367fe535ac505c72a32609b2b5aa190746. See https://lore.kernel.org/all/aElivdUXqd1OqgMY@karahi.gladserv.com/ and https://bugzilla.suse.com/show_bug.cgi?id=1244313. - commit d9787d8 - rxrpc: Fix handling of received connection abort (CVE-2024-58053 bsc#1238982). - commit 6192989 - tipc: fix memory leak in tipc_link_xmit (CVE-2025-37757 bsc#1242521) - commit c36615f - isolcpus: fix bug in returning number of allocated cpumask (bsc#1243774). Return the correct upper limit of the allocated cpumask. modified: - patches.suse/lib-group_cpus-honor-housekeeping-config-when-grouping-cpus.patch. - patches.suse/lib-group_cpus-let-group_cpu_evenly-return-number-initialized-masks.patch. - commit 55c520e - Refresh patches.suse/sd-always-retry-READ-CAPACITY-for-ALUA-state-transit.patch This patch has two identical hunks but there is only one site where the hunk can be applied. - commit da23587 - arm64: dts: marvell: uDPU: define pinctrl state for alarm LEDs (git-fixes) - commit 5fb1a6c - Revert "arm64: dts: allwinner: h6: Use RSB for AXP805 PMIC (git-fixes) - commit 0ba4e57 - xen/arm: call uaccess_ttbr0_enable for dm_op hypercall (git-fixes) - commit 1f1b63d - ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock (stable-fixes). - commit ba34170 - ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 (stable-fixes). - ALSA: usb-audio: Rename Pioneer mixer channel controls (git-fixes). - ALSA: usb-audio: Add Pioneer DJ DJM-V10 support (stable-fixes). - ALSA: usb-audio: enable support for Presonus Studio 1824c within 1810c file (stable-fixes). - commit db6d17b - ALSA: hda: Add new pci id for AMD GPU display HD audio controller (stable-fixes). - ALSA: hda: hda-intel: add Wildcat Lake support (stable-fixes). - ALSA: hda: add HDMI codec ID for Intel WCL (stable-fixes). - PCI: Add Intel Wildcat Lake audio Device ID (stable-fixes). - ALSA: hda: cs35l41: Fix swapped l/r audio channels for Acer Helios laptops (stable-fixes). - commit b41ea81 - accel/ivpu: Trigger device recovery on engine reset/resume failure (git-fixes). - accel/ivpu: Use firmware names from upstream repo (git-fixes). - commit cfcd050 - USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB (stable-fixes). - usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device (stable-fixes). - usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE (stable-fixes). - thunderbolt: Do not double dequeue a configuration request (stable-fixes). - Bluetooth: MGMT: reject malformed HCI_CMD_SYNC commands (git-fixes). - rtc: Make rtc_time64_to_tm() support dates before 1970 (stable-fixes). - net: lan743x: Fix memleak issue when GSO enabled (git-fixes). - accel/ivpu: Add handling of VPU_JSM_STATUS_MVNCI_CONTEXT_VIOLATION_HW (stable-fixes). - PCI/ASPM: Disable L1 before disabling L1 PM Substates (stable-fixes). - accel/ivpu: Update power island delays (stable-fixes). - accel/ivpu: Add initial Panther Lake support (stable-fixes). - commit 122402d ++++ kernel-rt: - Revert "ipv6: save dontfrag in cork (git-fixes)." This reverts commit f07ae24f52481201baa11e1e91aab0812e1043c6. See https://lore.kernel.org/all/aElivdUXqd1OqgMY@karahi.gladserv.com/ and https://bugzilla.suse.com/show_bug.cgi?id=1244313. - commit a4337cd - Revert "kABI: ipv6: save dontfrag in cork (git-fixes)." This reverts commit c19b92367fe535ac505c72a32609b2b5aa190746. See https://lore.kernel.org/all/aElivdUXqd1OqgMY@karahi.gladserv.com/ and https://bugzilla.suse.com/show_bug.cgi?id=1244313. - commit d9787d8 - rxrpc: Fix handling of received connection abort (CVE-2024-58053 bsc#1238982). - commit 6192989 - tipc: fix memory leak in tipc_link_xmit (CVE-2025-37757 bsc#1242521) - commit c36615f - isolcpus: fix bug in returning number of allocated cpumask (bsc#1243774). Return the correct upper limit of the allocated cpumask. modified: - patches.suse/lib-group_cpus-honor-housekeeping-config-when-grouping-cpus.patch. - patches.suse/lib-group_cpus-let-group_cpu_evenly-return-number-initialized-masks.patch. - commit 55c520e - Refresh patches.suse/sd-always-retry-READ-CAPACITY-for-ALUA-state-transit.patch This patch has two identical hunks but there is only one site where the hunk can be applied. - commit da23587 - arm64: dts: marvell: uDPU: define pinctrl state for alarm LEDs (git-fixes) - commit 5fb1a6c - Revert "arm64: dts: allwinner: h6: Use RSB for AXP805 PMIC (git-fixes) - commit 0ba4e57 - xen/arm: call uaccess_ttbr0_enable for dm_op hypercall (git-fixes) - commit 1f1b63d - ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock (stable-fixes). - commit ba34170 - ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 (stable-fixes). - ALSA: usb-audio: Rename Pioneer mixer channel controls (git-fixes). - ALSA: usb-audio: Add Pioneer DJ DJM-V10 support (stable-fixes). - ALSA: usb-audio: enable support for Presonus Studio 1824c within 1810c file (stable-fixes). - commit db6d17b - ALSA: hda: Add new pci id for AMD GPU display HD audio controller (stable-fixes). - ALSA: hda: hda-intel: add Wildcat Lake support (stable-fixes). - ALSA: hda: add HDMI codec ID for Intel WCL (stable-fixes). - PCI: Add Intel Wildcat Lake audio Device ID (stable-fixes). - ALSA: hda: cs35l41: Fix swapped l/r audio channels for Acer Helios laptops (stable-fixes). - commit b41ea81 - accel/ivpu: Trigger device recovery on engine reset/resume failure (git-fixes). - accel/ivpu: Use firmware names from upstream repo (git-fixes). - commit cfcd050 - USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB (stable-fixes). - usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device (stable-fixes). - usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE (stable-fixes). - thunderbolt: Do not double dequeue a configuration request (stable-fixes). - Bluetooth: MGMT: reject malformed HCI_CMD_SYNC commands (git-fixes). - rtc: Make rtc_time64_to_tm() support dates before 1970 (stable-fixes). - net: lan743x: Fix memleak issue when GSO enabled (git-fixes). - accel/ivpu: Add handling of VPU_JSM_STATUS_MVNCI_CONTEXT_VIOLATION_HW (stable-fixes). - PCI/ASPM: Disable L1 before disabling L1 PM Substates (stable-fixes). - accel/ivpu: Update power island delays (stable-fixes). - accel/ivpu: Add initial Panther Lake support (stable-fixes). - commit 122402d ++++ libguestfs: - Update to version 1.56.0 (jsc#PED-12706) * Add support for Windows 2025 (thanks Ming Xie). * Add support for TencentOS (Denise Cheng). * Inspection of Ubuntu 22+ guests that use a split /usr configuration now works properly (thanks Jaroslav Spanko, Daniel Berrange). * Inspecting guests that have duplicated root mountpoints now works. * Inspection of SUSE Linux guests using btrfs snapshots now ignores snapshots that mirror content in the root filesystem (thanks Ming Xie). * Inspection of SUSE Linux >= 15 now returns the correct osinfo short name (eg. "sle15") (thanks Ming Xie). * New command_out and sh_out APIs which allow you to capture output from guest commands that generate more output than the protocol limit allows. * New btrfs_scrub_full API which runs a full Btrfs scrub, synchronously. It works more like fsck for other filesystems. * The fstrim API has been modified to work around several issues in upstream and RHEL 9 kernels related to XFS support (Eric Sandeen, Dave Chinner). * The existing e2fsck API has a new FORCENO option enabling use of the command line -n flag. * json-c is now required. This replaces Jansson which was previously used for parsing JSON input files. * OCaml ≥ 4.08 is now required. * When using ./configure --disable-daemon we no longer require augeas and hivex (thanks Mohamed Akram). * zfs-fuse support has been dropped. The project is unmaintained upstream (thanks Paul Bolle, Gwyn Ciesla, Timothée Ravier). * Fix compatibility with GNU gettext 0.25. * Fix dhcpcd failing on systemd-resolved stub (Thomas Wouters). * Add support for dhcpcd and sfdisk on Debian (Daniel Gomez). * Print the kernel utsname in debug output. * We no longer emit a false warning about BLKDISCARD when creating a block device. * If qemu-img(1) commands fail during snapshot creation, make sure we capture and print stderr from the qemu command (Cole Robinson). * For a complete list of changes and bug fixes see, https://libguestfs.org/guestfs-release-notes-1.56.1.html - bsc#1216986 - libguestfs: embeds /etc/hosts reproducible-builds.patch ++++ python313-core: - Update to 3.13.5: - Tests - gh-135120: Add test.support.subTests(). - Library - gh-133967: Do not normalize locale name ‘C.UTF-8’ to ‘en_US.UTF-8’. - gh-135326: Restore support of integer-like objects with __index__() in random.getrandbits(). - gh-135321: Raise a correct exception for values greater than 0x7fffffff for the BINSTRING opcode in the C implementation of pickle. - gh-135276: Backported bugfixes in zipfile.Path from zipp 3.23. Fixed .name, .stem and other basename-based properties on Windows when working with a zipfile on disk. - gh-134151: email: Fix TypeError in email.utils.decode_params() when sorting RFC 2231 continuations that contain an unnumbered section. - gh-134152: email: Fix parsing of email message ID with invalid domain. - gh-127081: Fix libc thread safety issues with os by replacing getlogin with getlogin_r re-entrant version. - gh-131884: Fix formatting issues in json.dump() when both indent and skipkeys are used. - Core and Builtins - gh-135171: Roll back changes to generator and list comprehensions that went into 3.13.4 to fix gh-127682, but which involved semantic and bytecode changes not appropriate for a bugfix release. - C API - gh-134989: Fix Py_RETURN_NONE, Py_RETURN_TRUE and Py_RETURN_FALSE macros in the limited C API 3.11 and older: don’t treat Py_None, Py_True and Py_False as immortal. Patch by Victor Stinner. - gh-134989: Implement PyObject_DelAttr() and PyObject_DelAttrString() as macros in the limited C API 3.12 and older. Patch by Victor Stinner. - Substantially rewritten doc-py38-to-py36.patch patch to be more flexible and covering even unexpected changes. ++++ nvidia-open-driver-G06-signed: - 60-nvidia-$flavor.conf * Don't try to load the driver if config and GSP firmware files are not available. Otherwise let the default install rule 'install nvidia-drm /sbin/modprobe --ignore-install nvidia-drm' of 50-nvidia.conf win, which comes together with config and GSP firmware files (package nvidia-common-G06). ++++ python313: - Update to 3.13.5: - Tests - gh-135120: Add test.support.subTests(). - Library - gh-133967: Do not normalize locale name ‘C.UTF-8’ to ‘en_US.UTF-8’. - gh-135326: Restore support of integer-like objects with __index__() in random.getrandbits(). - gh-135321: Raise a correct exception for values greater than 0x7fffffff for the BINSTRING opcode in the C implementation of pickle. - gh-135276: Backported bugfixes in zipfile.Path from zipp 3.23. Fixed .name, .stem and other basename-based properties on Windows when working with a zipfile on disk. - gh-134151: email: Fix TypeError in email.utils.decode_params() when sorting RFC 2231 continuations that contain an unnumbered section. - gh-134152: email: Fix parsing of email message ID with invalid domain. - gh-127081: Fix libc thread safety issues with os by replacing getlogin with getlogin_r re-entrant version. - gh-131884: Fix formatting issues in json.dump() when both indent and skipkeys are used. - Core and Builtins - gh-135171: Roll back changes to generator and list comprehensions that went into 3.13.4 to fix gh-127682, but which involved semantic and bytecode changes not appropriate for a bugfix release. - C API - gh-134989: Fix Py_RETURN_NONE, Py_RETURN_TRUE and Py_RETURN_FALSE macros in the limited C API 3.11 and older: don’t treat Py_None, Py_True and Py_False as immortal. Patch by Victor Stinner. - gh-134989: Implement PyObject_DelAttr() and PyObject_DelAttrString() as macros in the limited C API 3.12 and older. Patch by Victor Stinner. - Substantially rewritten doc-py38-to-py36.patch patch to be more flexible and covering even unexpected changes. ++++ python-argcomplete: - Remove executable bit on files installed outside of the path. (bsc#1244435) ++++ xfsprogs: - update to 6.14.0 - xfs_scrub_all: localize the strings in the program - xfs_protofile: add messages to localization catalog - Makefile: inject package name/version/bugreport into pot file - xfs_scrub_all: rename source code to .py.in - xfs_protofile: rename source code to .py.in - xfs_repair: handling a block with bad crc, bad uuid, and bad magic number needs fixing - xfs_repair: fix stupid argument error in verify_inode_chunk - xfs_repair: fix infinite loop in longform_dir2_entry_check* - xfs_repair: fix crash in reset_rt_metadir_inodes - xfs_repair: don't recreate /quota metadir if there are no quota inodes - xfs_repair: fix wording of error message about leftover CoW blocks on the rt device - xfs_io: Add cachestat syscall support - xfs_io: Add RWF_DONTCACHE support to preadv2 - xfs_io: Add RWF_DONTCACHE support to pwritev2 - xfs_io: Add support for preadv2 - make: remove the .extradep file in libxfs on "make clean" - xfs_{admin,repair},man5: tell the user to mount with nouuid for snapshots - xfsprogs: Fix mismatched return type of filesize() - xfs_io: don't fail FS_IOC_FSGETXATTR on filesystems that lack support - configure: additionally get icu-uc from pkg-config - xfs_scrub: use the display mountpoint for reporting file corruptions - xfs_scrub: don't warn about zero width joiner control characters - xfs_scrub: fix buffer overflow in string_escape - xfs_db: add command to copy directory trees out of filesystems - xfs_db: make listdir more generally useful - xfs_db: use an empty transaction to try to prevent livelocks in path_navigate - xfs_db: pass const pointers when we're not modifying them - mkfs: enable reflink on the realtime device - mkfs: validate CoW extent size hint when rtinherit is set - xfs_logprint: report realtime CUIs - xfs_repair: validate CoW extent size hint on rtinherit directories - xfs_repair: allow realtime files to have the reflink flag set - xfs_repair: rebuild the realtime refcount btree - xfs_repair: reject unwritten shared extents - xfs_repair: check existing realtime refcountbt entries against observed refcounts - xfs_repair: compute refcount data for the realtime groups - xfs_repair: find and mark the rtrefcountbt inode - xfs_repair: use realtime refcount btree data to check block types - xfs_repair: allow CoW staging extents in the realtime rmap records - xfs_spaceman: report health of the realtime refcount btree - xfs_db: add rtrefcount reservations to the rgresv command - xfs_db: copy the realtime refcount btree - xfs_db: support the realtime refcountbt - xfs_db: display the realtime refcount btree contents - man: document userspace API changes due to rt reflink - mkfs: create the realtime rmap inode - xfs_logprint: report realtime RUIs - xfs_repair: reserve per-AG space while rebuilding rt metadata - xfs_repair: rebuild the bmap btree for realtime files - xfs_repair: check for global free space concerns with default btree slack levels - xfs_repair: rebuild the realtime rmap btree - xfs_repair: always check realtime file mappings against incore info - xfs_repair: check existing realtime rmapbt entries against observed rmaps - xfs_repair: find and mark the rtrmapbt inodes - xfs_repair: refactor realtime inode check - xfs_repair: create a new set of incore rmap information for rt groups - xfs_repair: use realtime rmap btree data to check block types - xfs_repair: flag suspect long-format btree blocks - xfs_repair: tidy up rmap_diffkeys - xfs_spaceman: report health status of the realtime rmap btree - xfs_db: add an rgresv command - xfs_db: make fsmap query the realtime reverse mapping tree - xfs_db: copy the realtime rmap btree - xfs_db: support the realtime rmapbt - xfs_db: display the realtime rmap btree contents - xfs_db: don't abort when bmapping on a non-extents/bmbt fork - xfs_db: compute average btree height - man: document userspace API changes due to rt rmap - xfs_scrub: try harder to fill the bulkstat array with bulkstat() - xfs_scrub: ignore freed inodes when single-stepping during phase 3 - xfs_scrub: hoist the phase3 bulkstat single stepping code - xfs_scrub: don't blow away new inodes in bulkstat_single_step - xfs_scrub: return early from bulkstat_for_inumbers if no bulkstat data - xfs_scrub: don't complain if bulkstat fails - xfs_scrub: don't - xfs_scrub: don't double-scan inodes during phase 3 - xfs_scrub: actually iterate all the bulkstat records - xfs_scrub: selectively re-run bulkstat after re-running inumbers - xfs_scrub: remove flags argument from scrub_scan_all_inodes - xfs_scrub: call bulkstat directly if we're only scanning user files - xfs_scrub: don't report data loss in unlinked inodes twice - man: document new XFS_BULK_IREQ_METADIR flag to bulkstat - xfs_db: obfuscate rt superblock label when metadumping - mkfs,xfs_repair: don't pass a daddr as the flags argument - drop mkfs-fix-filesize-function-compilation-error-on-32-b.patch - now part of the release (merged in v6.14.0) ------------------------------------------------------------------ ------------------ 2025-6-10 - Jun 10 2025 ------------------- ------------------------------------------------------------------ ++++ branding-SLE: - Merge all files from distributions-logos-SLE into distributions-logos-branding-SLE. ++++ python-kiwi: - Fixed rootfs size calculation with spare part In case a spare_part setup is combined with the root_clone feature, the size calculation for the rootfs did not take the cloning into account and lead to the wrong value. In addition when requesting the spare part to be last and no size information was given, the partition was not created at all. This commit fixes both defects and Fixes #2831 ++++ iputils: - Security fix [bsc#1243772, CVE-2025-48964] * Fix integer overflow in ping statistics via zero timestamp * Add iputils-CVE-2025-48964_01.patch * Add iputils-CVE-2025-48964_02.patch * Add iputils-CVE-2025-48964_03.patch * Add iputils-CVE-2025-48964_regression.patch ++++ kernel-default: - net: lan743x: Fix memleak issue when GSO enabled (CVE-2025-37909 bsc#1243467). - vxlan: vnifilter: Fix unlocked deletion of default FDB entry (CVE-2025-37921 bsc#1243480). - commit 1e0ef1b - ucsi_debugfs_entry: restore u32 respectively s32 for int (git-fixes). - commit 94a62e7 - tracing: Verify event formats that have "%*p.." (CVE-2025-37938 bsc#1243544). - tracing: Have process_string() also allow arrays (git-fixes). - tracing: Check "%s" dereference via the field and not the TP_printk format (git-fixes). - tracing: Add "%s" check in test_event_printk() (git-fixes). - tracing: Add missing helper functions in event pointer dereference check (git-fixes). - tracing: Fix test_event_printk() to process entire print argument (git-fixes). - tracing: Add __print_dynamic_array() helper (git-fixes). - commit 4da5a05 - usb: typec: ucsi: fix Clang -Wsign-conversion warning (git-fixes). - Refresh patches.suse/paddings-add-paddings-to-TypeC-stuff.patch. - commit f07681a - usb: acpi: Prevent null pointer dereference in usb_acpi_add_usb4_devlink() (git-fixes). - commit 31571ee - module: ensure that kobject_put() is safe for module type kobjects (CVE-2025-37995 bsc#1243827) - commit ca96390 - ptp: ocp: Fix NULL dereference in Adva board SMA sysfs operations (CVE-2025-37910 bsc#1243468) - commit c0e3266 - mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337). - commit 7c95ae0 - powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() (bsc#1244309 ltc#213790). - powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (bsc#1244309 ltc#213790). - commit 43c5814 - xen/x86: fix initial memory balloon target (git-fixes). - commit af7a319 - kABI: kabi fix after vsock/virtio: fix `rx_bytes` accounting (git-fixes). - commit d25e930 - vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes). - commit 86c965e - Delete patches.suse/Restore-kABI-for-NVidia-vGPU-driver.patch. - commit 56249f7 - gfs2: Don't start unnecessary transactions during log flush (bsc#1243993). - dlm: use SHUT_RDWR for SCTP shutdown (bsc#1228854). - dlm: mask sk_shutdown value (bsc#1228854). - commit 691de31 - bpf: Search and add kfuncs in struct_ops prologue and epilogue (git-fixes). - selftests/bpf: Fix stdout race condition in traffic monitor (git-fixes). - selftests/bpf: Fix freplace_link segfault in tailcalls prog test (git-fixes). - selftests: bpf: test batch lookup on array of maps with holes (git-fixes). - bpf: skip non exist keys in generic_map_lookup_batch (git-fixes). - commit 63fb01b - selftests/bpf: Add distilled BTF test about marking BTF_IS_EMBEDDED (git-fixes). - libbpf: Fix incorrect traversal end type ID when marking BTF_IS_EMBEDDED (git-fixes). - libbpf: Fix return zero when elf_begin failed (git-fixes). - selftests/bpf: Fix btf leak on new btf alloc failure in btf_distill test (git-fixes). - libbpf: Fix segfault due to libelf functions not setting errno (git-fixes). - libbpf: Prevent compiler warnings/errors (git-fixes). - resolve_btfids: Fix compiler warnings (git-fixes). - commit f3a284f ++++ kernel-firmware-iwlwifi: - Update to version 20250609 (git commit 0d92efb540f4): * Revert "iwlwifi: add Bz/gl FW for core96-76 release" ++++ kernel-rt: - net: lan743x: Fix memleak issue when GSO enabled (CVE-2025-37909 bsc#1243467). - vxlan: vnifilter: Fix unlocked deletion of default FDB entry (CVE-2025-37921 bsc#1243480). - commit 1e0ef1b - ucsi_debugfs_entry: restore u32 respectively s32 for int (git-fixes). - commit 94a62e7 - tracing: Verify event formats that have "%*p.." (CVE-2025-37938 bsc#1243544). - tracing: Have process_string() also allow arrays (git-fixes). - tracing: Check "%s" dereference via the field and not the TP_printk format (git-fixes). - tracing: Add "%s" check in test_event_printk() (git-fixes). - tracing: Add missing helper functions in event pointer dereference check (git-fixes). - tracing: Fix test_event_printk() to process entire print argument (git-fixes). - tracing: Add __print_dynamic_array() helper (git-fixes). - commit 4da5a05 - usb: typec: ucsi: fix Clang -Wsign-conversion warning (git-fixes). - Refresh patches.suse/paddings-add-paddings-to-TypeC-stuff.patch. - commit f07681a - usb: acpi: Prevent null pointer dereference in usb_acpi_add_usb4_devlink() (git-fixes). - commit 31571ee - module: ensure that kobject_put() is safe for module type kobjects (CVE-2025-37995 bsc#1243827) - commit ca96390 - ptp: ocp: Fix NULL dereference in Adva board SMA sysfs operations (CVE-2025-37910 bsc#1243468) - commit c0e3266 - mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337). - commit 7c95ae0 - powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() (bsc#1244309 ltc#213790). - powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (bsc#1244309 ltc#213790). - commit 43c5814 - xen/x86: fix initial memory balloon target (git-fixes). - commit af7a319 - kABI: kabi fix after vsock/virtio: fix `rx_bytes` accounting (git-fixes). - commit d25e930 - vsock/virtio: fix `rx_bytes` accounting for stream sockets (git-fixes). - commit 86c965e - Delete patches.suse/Restore-kABI-for-NVidia-vGPU-driver.patch. - commit 56249f7 - gfs2: Don't start unnecessary transactions during log flush (bsc#1243993). - dlm: use SHUT_RDWR for SCTP shutdown (bsc#1228854). - dlm: mask sk_shutdown value (bsc#1228854). - commit 691de31 - bpf: Search and add kfuncs in struct_ops prologue and epilogue (git-fixes). - selftests/bpf: Fix stdout race condition in traffic monitor (git-fixes). - selftests/bpf: Fix freplace_link segfault in tailcalls prog test (git-fixes). - selftests: bpf: test batch lookup on array of maps with holes (git-fixes). - bpf: skip non exist keys in generic_map_lookup_batch (git-fixes). - commit 63fb01b - selftests/bpf: Add distilled BTF test about marking BTF_IS_EMBEDDED (git-fixes). - libbpf: Fix incorrect traversal end type ID when marking BTF_IS_EMBEDDED (git-fixes). - libbpf: Fix return zero when elf_begin failed (git-fixes). - selftests/bpf: Fix btf leak on new btf alloc failure in btf_distill test (git-fixes). - libbpf: Fix segfault due to libelf functions not setting errno (git-fixes). - libbpf: Prevent compiler warnings/errors (git-fixes). - resolve_btfids: Fix compiler warnings (git-fixes). - commit f3a284f ++++ util-linux-systemd: - Fix libmount --no-canonicalize regression (boo#1244251, gh#util-linux/util-linux#3479, libmount-fix-no-canonicalize-regression.patch). ++++ util-linux: - Fix libmount --no-canonicalize regression (boo#1244251, gh#util-linux/util-linux#3479, libmount-fix-no-canonicalize-regression.patch). ++++ python-requests: - update to 2.32.4: * CVE-2024-47081 Fixed an issue where a maliciously crafted URL and trusted environment will retrieve credentials for the wrong hostname/machine from a netrc file * Numerous documentation improvements * Added support for pypy 3.11 for Linux and macOS. * Dropped support for pypy 3.9 following its end of support. - drop CVE-2024-47081.patch (merged upstream) ------------------------------------------------------------------ ------------------ 2025-6-9 - Jun 9 2025 ------------------- ------------------------------------------------------------------ ++++ kernel-default: - s390/pci: Fix __pcilg_mio_inuser() inline assembly (git-fixes bsc#1244280). - commit d830b32 - MyBS: Do not build kernel-obs-qa with limit_packages Fixes: 58e3f8c34b2b ("bs-upload-kernel: Pass limit_packages also on multibuild") - commit f4c6047 - MyBS: Simplify qa_expr generation Start with a 0 which makes the expression valid even if there are no QA repositories (currently does not happen). Then separator is always needed. - commit e4c2851 - KVM: s390: rename PROT_NONE to PROT_TYPE_DUMMY (git-fixes bsc#1244278). - commit fb0286b - uprobes/x86: Harden uretprobe syscall trampoline check (CVE-2025-22046 bsc#1241434). - commit 5cc86ac - MyBS: Correctly generate build flags for non-multibuild package limit (bsc# 1244241) Fixes: 0999112774fc ("MyBS: Use buildflags to set which package to build") - commit 27588c9 - bs-upload-kernel: Pass limit_packages also on multibuild Fixes: 0999112774fc ("MyBS: Use buildflags to set which package to build") Fixes: 747f601d4156 ("bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)") - commit 8ef486c - ftrace: Avoid potential division by zero in function_stat_show() (CVE-2025-21898 bsc#1240610). - commit 13235ba - x86/microcode/AMD: Fix __apply_microcode_amd()'s return value (git-fixes). - commit 2343c8f - sort series.conf - commit 7c822ea - tracing: Fix bad hist from corrupting named_triggers list (CVE-2025-21899 bsc#1240577). - commit b162509 - ring-buffer: Validate the persistent meta data subbuf array (CVE-2025-21777 bsc#1238764). - commit b030dbe - x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes). - commit 2e19a8b - x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2 (git-fixes). - commit 895937c - x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches (git-fixes). - commit a46ec06 - x86/microcode/AMD: Add some forgotten models to the SHA check (git-fixes). - commit 5ed1d64 - x86/microcode/AMD: Load only SHA256-checksummed patches (git-fixes). - commit c395380 - x86/alternative: Remove unused header #defines (git-fixes). - commit 0ced93a - x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt() (git-fixes). - commit 1051216 - x86/microcode/AMD: Add get_patch_level() (git-fixes). - commit 08a178d - x86/microcode/AMD: Get rid of the _load_microcode_amd() forward declaration (git-fixes). - commit 563faf8 - x86/microcode/AMD: Merge early_apply_microcode() into its single callsite (git-fixes). - commit 409c545 - x86/microcode/AMD: Remove unused save_microcode_in_initrd_amd() declarations (git-fixes). - commit 5d4cce2 - x86/microcode/AMD: Remove ugly linebreak in __verify_patch_section() signature (git-fixes). - commit dc8a454 - x86/microcode/AMD: Have __apply_microcode_amd() return bool (git-fixes). - commit 3dd0b23 - x86/microcode/AMD: Return bool from find_blobs_in_containers() (git-fixes). - commit 31a173d - Sort series.conf - commit 4948d54 - iommu: Skip PASID validation for devices without PASID capability (bsc#1244100) - commit 913f1ca - selftests/bpf: Add selftest for may_goto (bsc#1241460 CVE-2025-22087). - selftests/bpf: Introduce __load_if_JITed annotation for tests (bsc#1241460 CVE-2025-22087). - bpf: Fix array bounds error with may_goto (bsc#1241460 CVE-2025-22087). - commit 4c36585 - selftests/bpf: Check for timeout in perf_link test (git-fixes). - commit 73ccf26 ++++ kernel-rt: - s390/pci: Fix __pcilg_mio_inuser() inline assembly (git-fixes bsc#1244280). - commit d830b32 - MyBS: Do not build kernel-obs-qa with limit_packages Fixes: 58e3f8c34b2b ("bs-upload-kernel: Pass limit_packages also on multibuild") - commit f4c6047 - MyBS: Simplify qa_expr generation Start with a 0 which makes the expression valid even if there are no QA repositories (currently does not happen). Then separator is always needed. - commit e4c2851 - KVM: s390: rename PROT_NONE to PROT_TYPE_DUMMY (git-fixes bsc#1244278). - commit fb0286b - uprobes/x86: Harden uretprobe syscall trampoline check (CVE-2025-22046 bsc#1241434). - commit 5cc86ac - MyBS: Correctly generate build flags for non-multibuild package limit (bsc# 1244241) Fixes: 0999112774fc ("MyBS: Use buildflags to set which package to build") - commit 27588c9 - bs-upload-kernel: Pass limit_packages also on multibuild Fixes: 0999112774fc ("MyBS: Use buildflags to set which package to build") Fixes: 747f601d4156 ("bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)") - commit 8ef486c - ftrace: Avoid potential division by zero in function_stat_show() (CVE-2025-21898 bsc#1240610). - commit 13235ba - x86/microcode/AMD: Fix __apply_microcode_amd()'s return value (git-fixes). - commit 2343c8f - sort series.conf - commit 7c822ea - tracing: Fix bad hist from corrupting named_triggers list (CVE-2025-21899 bsc#1240577). - commit b162509 - ring-buffer: Validate the persistent meta data subbuf array (CVE-2025-21777 bsc#1238764). - commit b030dbe - x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes). - commit 2e19a8b - x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2 (git-fixes). - commit 895937c - x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches (git-fixes). - commit a46ec06 - x86/microcode/AMD: Add some forgotten models to the SHA check (git-fixes). - commit 5ed1d64 - x86/microcode/AMD: Load only SHA256-checksummed patches (git-fixes). - commit c395380 - x86/alternative: Remove unused header #defines (git-fixes). - commit 0ced93a - x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt() (git-fixes). - commit 1051216 - x86/microcode/AMD: Add get_patch_level() (git-fixes). - commit 08a178d - x86/microcode/AMD: Get rid of the _load_microcode_amd() forward declaration (git-fixes). - commit 563faf8 - x86/microcode/AMD: Merge early_apply_microcode() into its single callsite (git-fixes). - commit 409c545 - x86/microcode/AMD: Remove unused save_microcode_in_initrd_amd() declarations (git-fixes). - commit 5d4cce2 - x86/microcode/AMD: Remove ugly linebreak in __verify_patch_section() signature (git-fixes). - commit dc8a454 - x86/microcode/AMD: Have __apply_microcode_amd() return bool (git-fixes). - commit 3dd0b23 - x86/microcode/AMD: Return bool from find_blobs_in_containers() (git-fixes). - commit 31a173d - Sort series.conf - commit 4948d54 - iommu: Skip PASID validation for devices without PASID capability (bsc#1244100) - commit 913f1ca - selftests/bpf: Add selftest for may_goto (bsc#1241460 CVE-2025-22087). - selftests/bpf: Introduce __load_if_JITed annotation for tests (bsc#1241460 CVE-2025-22087). - bpf: Fix array bounds error with may_goto (bsc#1241460 CVE-2025-22087). - commit 4c36585 - selftests/bpf: Check for timeout in perf_link test (git-fixes). - commit 73ccf26 ++++ libgcrypt: - Security fix [bsc#1221107, CVE-2024-2236] * Add --enable-marvin-workaround to spec to enable workaround * Fix timing based side-channel in RSA implementation ( Marvin attack ) * Add libgcrypt-CVE-2024-2236.patch ++++ python313-core: - Update to 3.13.4: - Security - gh-135034: Fixes multiple issues that allowed tarfile extraction filters (filter="data" and filter="tar") to be bypassed using crafted symlinks and hard links. Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138 (bsc#1244059), CVE-2025-4330 (bsc#1244060), and CVE-2025-4517 (bsc#1244032). - gh-133767: Fix use-after-free in the “unicode-escape” decoder with a non-“strict” error handler (CVE-2025-4516, bsc#1243273). - gh-128840: Short-circuit the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor denial-of-service. - Library - gh-134718: ast.dump() now only omits None and [] values if they are default values. - gh-128840: Fix parsing long IPv6 addresses with embedded IPv4 address. - gh-134696: Built-in HACL* and OpenSSL implementations of hash function constructors now correctly accept the same documented named arguments. For instance, md5() could be previously invoked as md5(data=data) or md5(string=string) depending on the underlying implementation but these calls were not compatible. Patch by Bénédikt Tran. - gh-134210: curses.window.getch() now correctly handles signals. Patch by Bénédikt Tran. - gh-80334: multiprocessing.freeze_support() now checks for work on any “spawn” start method platform rather than only on Windows. - gh-114177: Fix asyncio to not close subprocess pipes which would otherwise error out when the event loop is already closed. - gh-134152: Fixed UnboundLocalError that could occur during email header parsing if an expected trailing delimiter is missing in some contexts. - gh-62184: Remove import of C implementation of io.FileIO from Python implementation which has its own implementation - gh-133982: Emit RuntimeWarning in the Python implementation of io when the file-like object is not closed explicitly in the presence of multiple I/O layers. - gh-133890: The tarfile module now handles UnicodeEncodeError in the same way as OSError when cannot extract a member. - gh-134097: Fix interaction of the new REPL and -X showrefcount command line option. - gh-133889: The generated directory listing page in http.server.SimpleHTTPRequestHandler now only shows the decoded path component of the requested URL, and not the query and fragment. - gh-134098: Fix handling paths that end with a percent-encoded slash (%2f or %2F) in http.server.SimpleHTTPRequestHandler. - gh-134062: ipaddress: fix collisions in __hash__() for IPv4Network and IPv6Network objects. - gh-133745: In 3.13.3 we accidentally changed the signature of the asyncio create_task() family of methods and how it calls a custom task factory in a backwards incompatible way. Since some 3rd party libraries have already made changes to work around the issue that might break if we simply reverted the changes, we’re instead changing things to be backwards compatible with 3.13.2 while still supporting those workarounds for 3.13.3. In particular, the special-casing of name and context is back (until 3.14) and consequently eager tasks may still find that their name hasn’t been set before they execute their first yielding await. - gh-71253: Raise ValueError in open() if opener returns a negative file-descriptor in the Python implementation of io to match the C implementation. - gh-77057: Fix handling of invalid markup declarations in html.parser.HTMLParser. - gh-133489: random.getrandbits() can now generate more that 231 bits. random.randbytes() can now generate more that 256 MiB. - gh-133290: Fix attribute caching issue when setting ctypes._Pointer._type_ in the undocumented and deprecated ctypes.SetPointerType() function and the undocumented set_type() method. - gh-132876: ldexp() on Windows doesn’t round subnormal results before Windows 11, but should. Python’s math.ldexp() wrapper now does round them, so results may change slightly, in rare cases of very small results, on Windows versions before 11. - gh-133089: Use original timeout value for subprocess.TimeoutExpired when the func subprocess.run() is called with a timeout instead of sometimes a confusing partial remaining time out value used internally on the final wait(). - gh-133009: xml.etree.ElementTree: Fix a crash in Element.__deepcopy__ when the element is concurrently mutated. Patch by Bénédikt Tran. - gh-132995: Bump the version of pip bundled in ensurepip to version 25.1.1 - gh-132017: Fix error when pyrepl is suspended, then resumed and terminated. - gh-132673: Fix a crash when using _align_ = 0 and _fields_ = [] in a ctypes.Structure. - gh-132527: Include the valid typecode ‘w’ in the error message when an invalid typecode is passed to array.array. - gh-132439: Fix PyREPL on Windows: characters entered via AltGr are swallowed. Patch by Chris Eibl. - gh-132429: Fix support of Bluetooth sockets on NetBSD and DragonFly BSD. - gh-132106: QueueListener.start now raises a RuntimeError if the listener is already started. - gh-132417: Fix a NULL pointer dereference when a C function called using ctypes with restype py_object returns NULL. - gh-132385: Fix instance error suggestions trigger potential exceptions in object.__getattr__() in traceback. - gh-132308: A traceback.TracebackException now correctly renders the __context__ and __cause__ attributes from falsey Exception, and the exceptions attribute from falsey ExceptionGroup. - gh-132250: Fixed the SystemError in cProfile when locating the actual C function of a method raises an exception. - gh-132063: Prevent exceptions that evaluate as falsey (namely, when their __bool__ method returns False or their __len__ method returns 0) from being ignored by concurrent.futures.ProcessPoolExecutor and concurrent.futures.ThreadPoolExecutor. - gh-119605: Respect follow_wrapped for __init__() and __new__() methods when getting the class signature for a class with inspect.signature(). Preserve class signature after wrapping with warnings.deprecated(). Patch by Xuehai Pan. - gh-91555: Ignore log messages generated during handling of log messages, to avoid deadlock or infinite recursion. - gh-131434: Improve error reporting for incorrect format in time.strptime(). - gh-131127: Systems using LibreSSL now successfully build. - gh-130999: Avoid exiting the new REPL and offer suggestions even if there are non-string candidates when errors occur. - gh-130941: Fix configparser.ConfigParser parsing empty interpolation with allow_no_value set to True. - gh-129098: Fix REPL traceback reporting when using compile() with an inexisting file. Patch by Bénédikt Tran. - gh-130631: http.cookiejar.join_header_words() is now more similar to the original Perl version. It now quotes the same set of characters and always quote values that end with "\n". - gh-129719: Fix missing socket.CAN_RAW_ERR_FILTER constant in the socket module on Linux systems. It was missing since Python 3.11. - gh-124096: Turn on virtual terminal mode and enable bracketed paste in REPL on Windows console. (If the terminal does not support bracketed paste, enabling it does nothing.) - gh-122559: Remove __reduce__() and __reduce_ex__() methods that always raise TypeError in the C implementation of io.FileIO, io.BufferedReader, io.BufferedWriter and io.BufferedRandom and replace them with default __getstate__() methods that raise TypeError. This restores fine details of behavior of Python 3.11 and older versions. - gh-122179: hashlib.file_digest() now raises BlockingIOError when no data is available during non-blocking I/O. Before, it added spurious null bytes to the digest. - gh-86155: html.parser.HTMLParser.close() no longer loses data when the